Univention Bugzilla – Bug 53474
linux: Multiple issues (5.0)
Last modified: 2021-07-14 18:26:02 CEST
New Debian linux 4.19.194-1 fixes: This update addresses the following issues: * Fragmentation cache not cleared on reconnection (CVE-2020-24586) * Reassembling fragments encrypted under different keys (CVE-2020-24587) * wifi frame payload being parsed incorrectly as an L2 frame (CVE-2020-24588) * refcount leak in llcp_sock_bind() (CVE-2020-25670) * refcount leak in llcp_sock_connect() (CVE-2020-25671) * memory leak in llcp_sock_connect() (CVE-2020-25672) * Forwarding EAPOL from unauthenticated wifi client (CVE-2020-26139) * reassembling mixed encrypted/plaintext fragments (CVE-2020-26147) * Passkey Entry protocol of the Bluetooth Core is vulnerable to an impersonation attack (CVE-2020-26558) * the get_user_pages implementation when used for a copy-on-write page does not properly consider the semantics of read operations and therefore can grant unintended write access (CVE-2020-29374) * Improper access control in BlueZ may allow information disclosure vulnerability. (CVE-2021-0129) * use-after-free in nosy driver in nosy_ioctl() in drivers/firewire/nosy.c when a device is added twice (CVE-2021-3483) * Out of bounds memory access bug in get_next_net_page() in fs/f2fs/node.c (CVE-2021-3506) * double free in bluetooth subsystem when the HCI device initialization fails (CVE-2021-3564) * use-after-free in function hci_sock_bound_ioctl() (CVE-2021-3573) * nfc: Null pointer dereference in llcp_sock_getname (CVE-2021-3587) * Race condition in sctp_destroy_sock list_del (CVE-2021-23133) * use-after-free in nfc sockets (CVE-2021-23134) * The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable. XSA-365 was classified to affect versions back to at least 3.11. (CVE-2021-28688) * race condition in get_old_root function in fs/btrfs/ctree.c because of a lack of locking on an extent buffer before a cloning operation (CVE-2021-28964) * System crash in intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c (CVE-2021-28971) * Buffer overflow in hotplug/rpadlpar_sysfs.c (CVE-2021-28972) * Local privilege escalation due to incorrect BPF JIT branch displacement computation (CVE-2021-29154) * protection for sequences of pointer arithmetic operations against speculatively out-of-bounds loads can be bypassed to leak content of kernel memory (CVE-2021-29155) * DoS due to negative fragment size calculation in drivers/net/ethernet/freescale/gianfar.c (CVE-2021-29264) * information disclosure due to uninitialized data structure in qrtr_recvmsg function in net/qrtr/qrtr.c (CVE-2021-29647) * lack a full memory barrier upon the assignment of a new table value in net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h may lead to DoS (CVE-2021-29650) * protection of stack pointer against speculative pointer arithmetic can be bypassed to leak content of kernel memory (CVE-2021-31829) * out of bounds array access in drivers/md/dm-ioctl.c (CVE-2021-31916) * race condition for removal of the HCI controller (CVE-2021-32399) * use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan (CVE-2021-33034)
--- mirror/ftp/pool/main/l/linux-latest/linux-latest_105+deb10u11.dsc +++ apt/ucs_5.0-0-errata5.0-0/source/linux-latest_105+deb10u12.dsc @@ -1,3 +1,7 @@ +105+deb10u12 [Sat, 12 Jun 2021 07:16:00 +0200] Salvatore Bonaccorso <carnil@debian.org>: + + * Update to 4.19.0-17 + 105+deb10u11 [Fri, 19 Mar 2021 22:38:58 +0100] Salvatore Bonaccorso <carnil@debian.org>: * Update to 4.19.0-16 <http://piuparts.knut.univention.de/5.0-0/#2107927905600466190>
Reopen to trigger another piuparts run
--- mirror/ftp/pool/main/l/linux/linux_4.19.181-1.dsc +++ apt/ucs_5.0-0-errata5.0-0/source/linux_4.19.194-1.dsc @@ -1,3 +1,847 @@ +4.19.194-1 [Thu, 10 Jun 2021 20:49:34 +0200] Salvatore Bonaccorso <carnil@debian.org>: + + * New upstream stable update: + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.182 + - [arm64] KVM: nvhe: Save the SPE context early + - [armhf] net: dsa: b53: Support setting learning on port + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.183 + - ALSA: hda: generic: Fix the micmute led init state + - Revert "PM: runtime: Update device status before letting suppliers + suspend" + - vmlinux.lds.h: Create section for protection against instrumentation + - btrfs: fix race when cloning extent buffer during rewind of an old root + (CVE-2021-28964) + - btrfs: fix slab cache flags for free space tree bitmap + - [armhf] ASoC: fsl_ssi: Fix TDM slot setup for I2S mode + - nvmet: don't check iosqes,iocqes for discovery controllers + - NFSD: Repair misuse of sv_lock in 5.10.16-rt30. + - svcrdma: disable timeouts on rdma backchannel + - sunrpc: fix refcount leak for rpc auth modules + - scsi: lpfc: Fix some error codes in debugfs + - nvme-rdma: fix possible hang when failing to set io queues + - [powerpc*] Force inlining of cpu_has_feature() to avoid build failure + - usb-storage: Add quirk to defeat Kindle's automatic unload + - usbip: Fix incorrect double assignment to udc->ud.tcp_rx + - USB: replace hardcode maximum usb string length by definition + - usb: gadget: configfs: Fix KASAN use-after-free + - [arm64] iio:adc:qcom-spmi-vadc: add default scale to LR_MUX2_BAT_ID + channel + - iio: hid-sensor-prox: Fix scale not correct issue + - [powerpc*] PCI: rpadlpar: Fix potential drc_name corruption in store + functions (CVE-2021-28972) + - [x86] perf/x86/intel: Fix a crash caused by zero PEBS status + (CVE-2021-28971) + - [x86] ioapic: Ignore IRQ2 again + - kernel, fs: Introduce and use set_restart_fn() and arch_set_restart_data() + - [x86] Move TS_COMPAT back to asm/thread_info.h + - [x86] Introduce TS_COMPAT_RESTART to fix get_nr_restart_syscall() + - ext4: find old entry again if failed to rename whiteout + - ext4: do not try to set xattr into ea_inode if value is empty + - ext4: fix potential error in ext4_do_update_inode + - genirq: Disable interrupts for force threaded handlers + - [x86] apic/of: Fix CPU devicetree-node lookups + - cifs: Fix preauth hash corruption + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.184 + - [armhf] net: fec: ptp: avoid register access when ipg clock is disabled + - [powerpc*] 4xx: Fix build errors from mfdcr() + - atm: eni: dont release is never initialized + - atm: lanai: dont run lanai_dev_close if not open + - Revert "r8152: adjust the settings about MAC clock speed down for RTL8153" + - ixgbe: Fix memleak in ixgbe_configure_clsu32 + - net: tehuti: fix error return code in bdx_probe() + - sun/niu: fix wrong RXMAC_BC_FRM_CNT_COUNT count + - gianfar: fix jumbo packets+napi+rx overrun crash (CVE-2021-29264) + - gpiolib: acpi: Add missing IRQF_ONESHOT + - nfs: fix PNFS_FLEXFILE_LAYOUT Kconfig default + - NFS: Correct size calculation for create reply length + - [arm64] net: hisilicon: hns: fix error return code of + hns_nic_clear_all_rx_fetch() + - [x86] atm: uPD98402: fix incorrect allocation + - atm: idt77252: fix null-ptr-dereference + - u64_stats,lockdep: Fix u64_stats_init() vs lockdep + - nfs: we don't support removing system.nfs4_acl + - block: Suppress uevent for hidden device when removed + - [arm64] netsec: restore phy power state after controller reset + - [x86] platform/x86: intel-vbtn: Stop reporting SW_DOCK events + - squashfs: fix inode lookup sanity checks + - squashfs: fix xattr id and id lookup sanity checks + - dm ioctl: fix out of bounds array access when no devices + (CVE-2021-31916) + - [armhf] bus: omap_l3_noc: mark l3 irqs as IRQF_NO_THREAD + - veth: Store queue_mapping independently of XDP prog presence + - libbpf: Fix INSTALL flag order + - macvlan: macvlan_count_rx() needs to be aware of preemption + - [armhf] net: dsa: bcm_sf2: Qualify phydev->dev_flags based on port + - e1000e: add rtnl_lock() to e1000_reset_task + - e1000e: Fix error handling in e1000_set_d0_lplu_state_82571 + - net/qlcnic: Fix a use after free in qlcnic_83xx_get_minidump_template + - netfilter: ctnetlink: fix dump of the expect mask attribute + - can: peak_usb: add forgotten supported devices + - [armhf] can: flexcan: flexcan_chip_freeze(): fix chip freeze for missing + bitrate + - mac80211: fix rate mask reset + - net: cdc-phonet: fix data-interface release on probe failure + - [arm64,armhf] net: stmmac: dwmac-sun8i: Provide TX and RX fifo sizes + - [arm64] drm/msm: fix shutdown hook in case GPU components failed to bind + - net/mlx5e: Fix error path for ethtool set-priv-flag + - RDMA/cxgb4: Fix adapter LE hash errors while destroying ipv6 listening + server + - bpf: Don't do bpf_cgroup_storage_set() for kuprobe/tp programs + - Revert "netfilter: x_tables: Switch synchronization to RCU" + - netfilter: x_tables: Use correct memory barriers. (CVE-2021-29650) + - Revert "netfilter: x_tables: Update remaining dereference to RCU" + - ACPI: scan: Rearrange memory allocation in acpi_device_add() + - ACPI: scan: Use unique number for instance_no + - dm verity: add root hash pkcs#7 signature verification + - scsi: qedi: Fix error return code of qedi_alloc_global_queues() + - scsi: mpt3sas: Fix error return code of mpt3sas_base_attach() + - locking/mutex: Fix non debug version of mutex_lock_io_nested() + - can: dev: Move device back to init netns on owning netns delete + - net: sched: validate stab values + - net: qrtr: fix a kernel-infoleak in qrtr_recvmsg() (CVE-2021-29647) + - mac80211: fix double free in ibss_leave + - ext4: add reclaim checks to xattr code + - can: peak_usb: Revert "can: peak_usb: add forgotten supported devices" + - xen-blkback: don't leak persistent grants from xen_blkbk_map() + (CVE-2021-28688) + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.185 + - selinux: vsock: Set SID for socket returned by accept() + - tcp: relookup sock for RST+ACK packets handled by obsolete req sock + - ipv6: weaken the v4mapped source check + - ext4: fix bh ref count on error paths + - rpc: fix NULL dereference on kmalloc failure + - ASoC: rt5640: Fix dac- and adc- vol-tlv values being off by a factor of 10 + - [x86] ASoC: rt5651: Fix dac- and adc- vol-tlv values being off by a factor + of 10 + - [armhf] ASoC: sgtl5000: set DAP_AVC_CTRL register to correct default value + on probe + - [x86] ASoC: es8316: Simplify adc_pga_gain_tlv table + - vhost: Fix vhost_vq_reset() + - scsi: st: Fix a use after free in st_open() + - scsi: qla2xxx: Fix broken #endif placement + - [x86] staging: comedi: cb_pcidas: fix request_irq() warn + - [x86] staging: comedi: cb_pcidas64: fix request_irq() warn + - thermal/core: Add NULL pointer check before using cooling device stats + - locking/ww_mutex: Simplify use_ww_ctx & ww_ctx handling + - ext4: do not iput inode under running transaction in ext4_rename() + - brcmfmac: clear EAP/association status bits on linkdown events + - ath10k: hold RCU lock when calling ieee80211_find_sta_by_ifaddr() + - [amd64] net: ethernet: aquantia: Handle error cleanup of start on open + - appletalk: Fix skb allocation size in loopback case + - [x86] net: wan/lmc: unregister device when no matching device is found + - bpf: Remove MTU check in __bpf_skb_max_len + - ALSA: usb-audio: Apply sample rate quirk to Logitech Connect + - ALSA: hda/realtek: fix a determine_headset_type issue for a Dell AIO + - ALSA: hda/realtek: call alc_update_headset_mode() in hp_automute_hook + - PM: runtime: Fix race getting/putting suppliers at probe + - PM: runtime: Fix ordering in pm_runtime_get_suppliers() + - tracing: Fix stack trace event size + - mm: fix race by making init_zero_pfn() early_initcall + - drm/amdgpu: fix offset calculation in amdgpu_vm_bo_clear_mappings() + - drm/amdgpu: check alignment on CPU page for bo map + - reiserfs: update reiserfs_xattrs_initialized() condition + - [arm64,armhf] pinctrl: rockchip: fix restore error in resume + - extcon: Add stubs for extcon_register_notifier_all() functions + - extcon: Fix error handling in extcon_dev_register + - firewire: nosy: Fix a use-after-free bug in nosy_ioctl() (CVE-2021-3483) + - usbip: vhci_hcd fix shift out-of-bounds in vhci_hub_control() + - USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem + - [arm64,armhf] usb: musb: Fix suspend with devices connected for a64 + - cdc-acm: fix BREAK rx code path adding necessary calls + - USB: cdc-acm: untangle a circular dependency between callback and softint + - USB: cdc-acm: downgrade message to debug + - USB: cdc-acm: fix double free on probe failure + - USB: cdc-acm: fix use-after-free after probe failure + - [i386] usb: gadget: udc: amd5536udc_pci fix null-ptr-dereference + - [arm*] usb: dwc2: Fix HPRT0.PrtSusp bit setting for HiKey 960 board. + - [x86] staging: rtl8192e: Fix incorrect source in memcpy() + - staging: rtl8192e: Change state information from u16 to u8 + - drivers: video: fbcon: fix NULL dereference in fbcon_cursor() + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.186 + - [armhf] bus: ti-sysc: Fix warning on unbind if reset is not deasserted + - [x86] platform/x86: intel-hid: Support Lenovo ThinkPad X1 Tablet Gen 2 + - mISDN: fix crash in fritzpci + - mac80211: choose first enabled channel for monitor + - [arm64] drm/msm: Ratelimit invalid-fence message + - [x86] platform/x86: thinkpad_acpi: Allow the FnLock LED to change state + - scsi: target: pscsi: Clean up after failure in pscsi_map_sg() + - cifs: revalidate mapping when we open files for SMB1 POSIX + - cifs: Silently ignore unknown oplock break handle + - [amd64] bpf, x86: Validate computation of branch displacements for x86-64 + (CVE-2021-29154) + - [i386] bpf, x86: Validate computation of branch displacements for x86-32 + (CVE-2021-29154) + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.187 + - ALSA: aloop: Fix initialization of controls + - [x86] ASoC: intel: atom: Stop advertising non working S24LE support + - nfc: fix refcount leak in llcp_sock_bind() (CVE-2020-25670) + - nfc: fix refcount leak in llcp_sock_connect() (CVE-2020-25671) + - nfc: fix memory leak in llcp_sock_connect() (CVE-2020-25672) + - nfc: Avoid endless loops caused by repeated llcp_sock_connect() + - xen/evtchn: Change irq_info lock to raw_spinlock_t + - net: ipv6: check for validity before dereferencing cfg->fc_nlinfo.nlh + - ocfs2: fix deadlock between setattr and dio_end_io_write + - fs: direct-io: fix missing sdio->boundary + - [armhf] dts: turris-omnia: configure LED[2]/INTn pin as interrupt pin + - batman-adv: initialize "struct batadv_tvlv_tt_vlan_data"->reserved field + - ice: Increase control queue timeout + - net: hso: fix null-ptr-deref during tty device unregistration + - net: ensure mac header is set in virtio_net_hdr_to_skb() + - net: sched: sch_teql: fix null-pointer dereference + - net-ipv6: bugfix - raw & sctp - switch to ipv6_can_nonlocal_bind() + - usbip: add sysfs_lock to synchronize sysfs code paths + - usbip: stub-dev synchronize sysfs code paths + - usbip: vudc synchronize sysfs code paths + - usbip: synchronize event handler with sysfs code paths + - i2c: turn recovery error on init to debug + - virtio_net: Add XDP meta data support + - xfrm: interface: fix ipv4 pmtu check to honor ip header df + - net: xfrm: Localize sequence counter per network namespace + - i40e: Added Asym_Pause to supported link modes + - i40e: Fix kernel oops when i40e driver removes VF's + - sch_red: fix off-by-one checks in red_check_params() + - cxgb4: avoid collecting SGE_QBASE regs during traffic + - net:tipc: Fix a double free in tipc_sk_mcast_rcv + - [armhf] ASoC: sunxi: sun4i-codec: fill ASoC card owner + - clk: fix invalid usage of list cursor in register + - clk: fix invalid usage of list cursor in unregister + - workqueue: Move the position of debug_work_activate() in __queue_work() + - [s390x] cpcmd: fix inline assembly register clobbering + - net/mlx5: Fix placement of log_max_flow_counter + - net/mlx5: Fix PBMC register mapping + - RDMA/cxgb4: check for ipv6 address properly while destroying listener + - [armhf] clk: socfpga: fix iomem pointer cast on 64-bit + - net: sched: bump refcount for new action in ACT replace mode + - cfg80211: remove WARN_ON() in cfg80211_sme_connect + - net: tun: set tun->dev->addr_len during TUNSETLINK processing + - drivers: net: fix memory leak in atusb_probe + - drivers: net: fix memory leak in peak_usb_create_dev + - net: mac802154: Fix general protection fault + - net: ieee802154: nl-mac: fix check on panid + - net: ieee802154: fix nl802154 del llsec key + - net: ieee802154: fix nl802154 del llsec dev + - net: ieee802154: fix nl802154 add llsec key + - net: ieee802154: fix nl802154 del llsec devkey + - net: ieee802154: forbid monitor for set llsec params + - net: ieee802154: forbid monitor for del llsec seclevel + - net: ieee802154: stop dump llsec params for monitors + - Revert "cifs: Set CIFS_MOUNT_USE_PREFIX_PATH flag on setting + cifs_sb->prepath." (Closes: #988352) + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.188 + - [arm64] KVM: Hide system instruction access to Trace registers + - [arm64] KVM: Disable guest access to trace filter controls + - [armhf] drm/imx: imx-ldb: fix out of bounds array access warning + - gfs2: report "already frozen/thawed" errors + - [arm64,armhf] drm/tegra: dc: Don't set PLL clock to 0Hz + - block: only update parent bi_status when bio fail + - net: phy: broadcom: Only advertise EEE for supported modes + - staging: m57621-mmc: delete driver from the tree. (Closes: #986949) + - netfilter: x_tables: fix compat match/target pad out-of-bound write + - driver core: Fix locking bug in deferred_probe_timeout_work_func() + - xen/events: fix setting irq affinity + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.189 + - net/sctp: fix race condition in sctp_destroy_sock + - gpio: sysfs: Obey valid_mask + - neighbour: Disregard DEAD dst in neigh_update + - [arm64] drm/msm: Fix a5xx/a6xx timestamps + - scsi: scsi_transport_srp: Don't block target in SRP_PORT_LOST state + - net: ieee802154: stop dump llsec keys for monitors + - net: ieee802154: stop dump llsec devs for monitors + - net: ieee802154: forbid monitor for add llsec dev + - net: ieee802154: stop dump llsec devkeys for monitors + - net: ieee802154: forbid monitor for add llsec devkey + - net: ieee802154: stop dump llsec seclevels for monitors + - net: ieee802154: forbid monitor for add llsec seclevel + - pcnet32: Use pci_resource_len to validate PCI resource + - mac80211: clear sta->fast_rx when STA removed from 4-addr VLAN + - HID: wacom: set EV_KEY and EV_ABS only for non-HID_GENERIC type of devices + - readdir: make sure to verify directory entry for legacy interfaces too + - [arm64] fix inline asm in load_unaligned_zeropad() + - [arm64] alternatives: Move length validation in alternative_{insn, endif} + - scsi: libsas: Reset num_scatter if libata marks qc as NODATA + - netfilter: conntrack: do not print icmpv6 as unknown via /proc + - netfilter: nft_limit: avoid possible divide error in nft_limit_init + - net: sit: Unregister catch-all devices + - net: ip6_tunnel: Unregister catch-all devices + - i40e: fix the panic when running bpf in xdpdrv mode + - [armel,armhf] 9071/1: uprobes: Don't hook on thumb instructions + - net: phy: marvell: fix detection of PHY on Topaz switches + - gup: document and work around "COW can break either way" issue + (CVE-2020-29374) + - [x86] pinctrl: lewisburg: Update number of pins in community + - locking/qrwlock: Fix ordering in queued_write_lock_slowpath() + - [x86] perf/x86/intel/uncore: Remove uncore extra PCI dev HSWEP_PCI_PCU_3 + - HID: alps: fix error return code in alps_input_configured() + - HID: wacom: Assign boolean values to a bool variable + - net: geneve: check skb is large enough for IPv4/IPv6 header + - [s390x] entry: save the caller of psw_idle + - xen-netback: Check for hotplug-status existence before watching + - [x86] crash: Fix crash_setup_memmap_entries() out-of-bounds access + - net: hso: fix NULL-deref on disconnect regression + - USB: CDC-ACM: fix poison/unpoison imbalance + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.190 + - [x86] ACPI: tables: x86: Reserve memory occupied by ACPI tables + - [x86] ACPI: x86: Call acpi_boot_table_init() after acpi_table_upgrade() + - net: usb: ax88179_178a: initialize local variables before use + - iwlwifi: Fix softirq/hardirq disabling in iwl_pcie_enqueue_hcmd() + - [mips*] Do not include hi and lo in clobber list for R6 + - bpf: Fix masking negation logic upon negative dst register + (CVE-2021-31829) + - iwlwifi: Fix softirq/hardirq disabling in iwl_pcie_gen2_enqueue_hcmd() + - ALSA: usb-audio: Add MIDI quirk for Vox ToneLab EX + - USB: Add LPM quirk for Lenovo ThinkPad USB-C Dock Gen2 Ethernet + - USB: Add reset-resume quirk for WD19's Realtek Hub + - [x86] platform/x86: thinkpad_acpi: Correct thermal sensor allocation + - ovl: allow upperdir inside lowerdir + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.191 + - [s390x] disassembler: increase ebpf disasm buffer size + - ftrace: Handle commands when closing set_ftrace_filter file + - ecryptfs: fix kernel panic with null dev_name + - [armhf] spi: spi-ti-qspi: Free DMA resources + - scsi: qla2xxx: Fix crash in qla2xxx_mqueuecommand() + - mmc: sdhci-pci: Fix initialization of some SD cards for Intel BYT-based + controllers + - mmc: block: Update ext_csd.cache_ctrl if it was written + - mmc: block: Issue a cache flush only when it's enabled + - mmc: core: Do a power cycle when the CMD11 fails + - mmc: core: Set read only for SD cards with permanent write protect bit + - cifs: Return correct error code from smb2_get_enc_key + - btrfs: fix metadata extent leak after failure to create subvolume + - [x86] intel_th: pci: Add Rocket Lake CPU support + - fbdev: zero-fill colormap in fbcmap.c + - staging: wimax/i2400m: fix byte-order issue + - crypto: api - check for ERR pointers in crypto_destroy_tfm() + - usb: gadget: uvc: add bInterval checking for HS mode + - [x86] genirq/matrix: Prevent allocation counter corruption + - usb: gadget: f_uac1: validate input parameters + - [arm64,armhf] usb: dwc3: gadget: Ignore EP queue requests during bus reset + - usb: xhci: Fix port minor revision + - PCI: PM: Do not read power state in pci_enable_device_flags() + - [arm64] tee: optee: do not check memref size on return from Secure World + - [arm*] perf/arm_pmu_platform: Fix error handling + - xhci: check control context is valid before dereferencing it. + - xhci: fix potential array out of bounds with several interrupters + - [x86] intel_th: Consistency and off-by-one fix + - [armhf] phy: phy-twl4030-usb: Fix possible use-after-free in + twl4030_usb_remove() + - btrfs: convert logic BUG_ON()'s in replace_path to ASSERT()'s + - scsi: lpfc: Fix incorrect dbde assignment when building target abts wqe + - scsi: lpfc: Fix pt2pt connection does not recover after LOGO + - scsi: target: pscsi: Fix warning in pscsi_complete_cmd() + - [x86] media: ite-cir: check for receive overflow + - power: supply: bq27xxx: fix power_avg for newer ICs + - media: media/saa7164: fix saa7164_encoder_register() memory leak bugs + - media: gspca/sq905.c: fix uninitialized variable + - drm/amdgpu : Fix asic reset regression issue introduce by 8f211fe8ac7c4f + - scsi: qla2xxx: Always check the return value of qla24xx_get_isp_stats() + - scsi: qla2xxx: Fix use after free in bsg + - scsi: scsi_dh_alua: Remove check for ASC 24h in alua_rtpg() + - media: em28xx: fix memory leak + - media: vivid: update EDID + - [armhf] clk: socfpga: arria10: Fix memory leak of socfpga_clk on error + return + - media: dvb-usb: fix memory leak in dvb_usb_adapter_init + - media: gscpa/stv06xx: fix memory leak + - [arm64] drm/msm/mdp5: Configure PP_SYNC_HEIGHT to double the vtotal + - drm/amdgpu: fix NULL pointer dereference + - scsi: lpfc: Fix crash when a REG_RPI mailbox fails triggering a LOGO + response + - scsi: lpfc: Remove unsupported mbox PORT_CAPABILITIES logic + - scsi: libfc: Fix a format specifier + - [s390x] archrandom: add parameter check for s390_arch_random_generate + - [i386] ALSA: emu8000: Fix a use after free in snd_emu8000_create_mixer + - ALSA: hda/conexant: Re-order CX5066 quirk table entries + - [i386] ALSA: sb: Fix two use after free in snd_sb_qsound_build + - ALSA: usb-audio: Explicitly set up the clock selector + - ALSA: usb-audio: More constifications + - ALSA: usb-audio: Add dB range mapping for Sennheiser Communications + Headset PC 8 + - ALSA: hda/realtek: Add quirk for Intel Clevo PCx0Dx + - btrfs: fix race when picking most recent mod log operation for an old root + - [arm64] vdso: Discard .note.gnu.property sections in vDSO + - ubifs: Only check replay with inode type to judge if inode linked + - f2fs: fix to avoid out-of-bounds memory access (CVE-2021-3506) + - openvswitch: fix stack OOB read while fragmenting IPv4 packets + - [arm64] ACPI: GTDT: Don't corrupt interrupt mappings on watchdow probe + failure + - NFS: Don't discard pNFS layout segments that are marked for return + - NFSv4: Don't discard segments marked for return in _pnfs_return_layout() + - jffs2: Fix kasan slab-out-of-bounds problem + - [powerpc*] eeh: Fix EEH handling for hugepages in ioremap space. + - [x86] intel_th: pci: Add Alder Lake-M support + - [arm64,x86] tpm: vtpm_proxy: Avoid reading host log when using a virtual + device + - md/raid1: properly indicate failure when ending a failed write request + - dm raid: fix inconclusive reshape layout on fast raid4/5/6 table reload + sequences + - security: commoncap: fix -Wstringop-overread warning + - jffs2: check the validity of dstlen in jffs2_zlib_compress() + - Revert 337f13046ff0 ("futex: Allow FUTEX_CLOCK_REALTIME with FUTEX_WAIT + op") + - posix-timers: Preserve return value in clock_adjtime32() + - [arm64] vdso: remove commas between macro name and arguments + - ext4: fix check to prevent false positive report of incorrect used inodes + - ext4: do not set SB_ACTIVE in ext4_orphan_cleanup() + - ext4: fix error code in ext4_commit_super + - media: dvbdev: Fix memory leak in dvb_media_device_free() + - usb: gadget: Fix double free of device descriptor pointers + - usb: gadget/function/f_fs string table fix for multiple languages + - [arm64,armhf] usb: dwc3: gadget: Fix START_TRANSFER link state check + - [arm*] usb: dwc2: Fix session request interrupt handler + - tty: fix memory leak in vc_deallocate + - tracing: Map all PIDs to command lines + - tracing: Restructure trace_clock_global() to never block + - dm space map common: fix division bug in sm_ll_find_free_block() + - dm rq: fix double free of blk_mq_tag_set in dev remove after table load + fails + - modules: mark ref_module static + - modules: mark find_symbol static + - modules: mark each_symbol_section static + - modules: unexport __module_text_address + - modules: unexport __module_address + - modules: rename the licence field in struct symsearch to license + - modules: return licensing information from find_symbol + - modules: inherit TAINT_PROPRIETARY_MODULE + - Bluetooth: verify AMP hci_chan before amp_destroy (CVE-2021-33034) + - bluetooth: eliminate the potential race condition when removing the HCI + controller (CVE-2021-32399) + - net/nfc: fix use-after-free llcp_sock_bind/connect (CVE-2021-23134) + - FDDI: defxx: Bail out gracefully with unassigned PCI resource for CSR + - misc: lis3lv02d: Fix false-positive WARN on various HP models + - [x86] misc: vmw_vmci: explicitly initialize vmci_notify_bm_set_msg struct + - [x86] misc: vmw_vmci: explicitly initialize vmci_datagram payload + - md/bitmap: wait for external bitmap writes to complete during tear down + - md-cluster: fix use-after-free issue when removing rdev + - md: split mddev_find + - md: factor out a mddev_find_locked helper from mddev_find + - md: md_open returns -EBUSY when entering racing area + - md: Fix missing unused status line of /proc/mdstat + - ipw2x00: potential buffer overflow in libipw_wx_set_encodeext() + - cfg80211: scan: drop entry from hidden_list on overflow + - drm/radeon: fix copy of uninitialized variable back to userspace + - ALSA: hda/realtek: Re-order ALC882 Acer quirk table entries + - ALSA: hda/realtek: Re-order ALC882 Sony quirk table entries + - ALSA: hda/realtek: Re-order ALC882 Clevo quirk table entries + - ALSA: hda/realtek: Re-order ALC269 HP quirk table entries + - ALSA: hda/realtek: Re-order ALC269 Dell quirk table entries + - ALSA: hda/realtek: Re-order ALC269 Sony quirk table entries + - ALSA: hda/realtek: Re-order ALC269 Lenovo quirk table entries + - ALSA: hda/realtek: Remove redundant entry for ALC861 Haier/Uniwill devices + - [x86] cpu: Initialize MSR_TSC_AUX if RDTSCP *or* RDPID is supported + - [s390x] KVM: split kvm_s390_logical_to_effective + - [s390x] KVM: fix guarded storage control register handling + - [s390x] KVM: split kvm_s390_real_to_abs + - ovl: fix missing revert_creds() on error path + - [x86] usb: gadget: pch_udc: Revert d3cb25a12138 completely + - [armhf] memory: gpmc: fix out of bounds read and dereference on gpmc_cs[] + - [armhf] dts: exynos: correct PMIC interrupt trigger level on SMDK5250 + - regmap: set debugfs_name to NULL after it is freed + - mtd: Handle possible -EPROBE_DEFER from parse_mtd_partitions() + - [x86] microcode: Check for offline CPUs before requesting new microcode + - [x86] usb: gadget: pch_udc: Replace cpu_to_le32() by lower_32_bits() + - [x86] usb: gadget: pch_udc: Check if driver is present before calling + ->setup() + - [x86] usb: gadget: pch_udc: Check for DMA mapping error + - [x86] crypto: qat - don't release uninitialized resources + - [x86] crypto: qat - ADF_STATUS_PF_RUNNING should be set after adf_dev_init + - mtd: require write permissions for locking and badblock ioctls + - [arm64] bus: qcom: Put child node before return + - [x86] crypto: qat - fix error path in adf_isr_resource_alloc() + - [armhf] mtd: rawnand: gpmi: Fix a double free in gpmi_nand_init + - [arm64,armhf] irqchip/gic-v3: Fix OF_BAD_ADDR error handling + - [x86] staging: rtl8192u: Fix potential infinite loop + - spi: Fix use-after-free with devm_spi_alloc_* + - [arm64] soc: qcom: mdt_loader: Validate that p_filesz < p_memsz + - [arm64] soc: qcom: mdt_loader: Detect truncated read of segments + - [amd64,arm64] ACPI: CPPC: Replace cppc_attr with kobj_attribute + - [x86] crypto: qat - Fix a double free in adf_create_ring + - [arm64] cpufreq: armada-37xx: Fix setting TBG parent for load levels + - [arm64] clk: mvebu: armada-37xx-periph: remove .set_parent method for CPU + PM clock + - [arm64] cpufreq: armada-37xx: Fix the AVS value for load L1 + - [arm64] clk: mvebu: armada-37xx-periph: Fix switching CPU freq from 250 + Mhz to 1 GHz + - [arm64] clk: mvebu: armada-37xx-periph: Fix workaround for switching from + L1 to L0 + - [arm64] cpufreq: armada-37xx: Fix driver cleanup when registration failed + - [arm64] cpufreq: armada-37xx: Fix determining base CPU frequency + - USB: cdc-acm: fix unprivileged TIOCCSERIAL + - tty: actually undefine superseded ASYNC flags + - tty: fix return value for unsupported ioctls + - usbip: vudc: fix missing unlock on error in usbip_sockfd_store() + - [x86] platform/x86: pmc_atom: Match all Beckhoff Automation baytrail + boards with critclk_systems DMI table + - [x86] Drivers: hv: vmbus: Increase wait time for VMbus unload + - [arm*] usb: dwc2: Fix host mode hibernation exit with remote wakeup flow. + - [arm*] usb: dwc2: Fix hibernation between host and device modes. + - ttyprintk: Add TTY hangup callback. + - media: vivid: fix assignment of dev->fbuf_out_flags + - media: m88rs6000t: avoid potential out-of-bounds reads on arrays + - [x86] kprobes: Fix to check non boostable prefixes correctly + - sata_mv: add IRQ checks + - ata: libahci_platform: fix IRQ check + - nvme: retrigger ANA log update if group descriptor isn't found + - [arm64] clk: qcom: a53-pll: Add missing MODULE_DEVICE_TABLE + - [powerpc*] scsi: ibmvfc: Fix invalid state machine BUG_ON() + - [armhf] HSI: core: fix resource leaks in hsi_add_client_from_dt() + - [amd64] x86/events/amd/iommu: Fix sysfs type mismatch + - sched/debug: Fix cgroup_path[] serialization + - drivers/block/null_blk/main: Fix a double free in null_init. + - HID: plantronics: Workaround for double volume key presses + - [powerpc*] prom: Mark identical_pvr_fixup as __init + - ALSA: core: remove redundant spin_lock pair in snd_card_disconnect + - bug: Remove redundant condition check in report_bug + - nfc: pn533: prevent potential memory corruption + - [arm64] net: hns3: Limiting the scope of vector_ring_chain variable + - ALSA: usb-audio: Add error checks for usb_driver_claim_interface() calls + - [powerpc*] 64s: Fix pte update for kernel memory on radix + - [powerpc*] perf: Fix PMU constraint check for EBB events + - mac80211: bail out if cipher schemes are invalid + - mt7601u: fix always true expression + - [amd64] IB/hfi1: Fix error return code in parse_platform_config() + - [arm64] net: thunderx: Fix unintentional sign extension issue + - RDMA/srpt: Fix error return code in srpt_cm_req_recv() + - [mips*] pci-legacy: stop using of_pci_range_to_resource + - [powerpc*] pseries: extract host bridge from pci_bus prior to bus removal + - rtlwifi: 8821ae: upgrade PHY and RF parameters + - mwl8k: Fix a double Free in mwl8k_probe_hw + - [x86] vsock/vmci: log once the failed queue pair allocation + - RDMA/i40iw: Fix error unwinding when i40iw_hmc_sd_one fails + - ALSA: usb: midi: don't return -ENOMEM when usb_urb_ep_type_check fails + - [armhf] net: davinci_emac: Fix incorrect masking of tx and rx error + channel + - ath9k: Fix error check in ath9k_hw_read_revisions() for PCI devices + - ath10k: Fix ath10k_wmi_tlv_op_pull_peer_stats_info() unlock without lock + - bnxt_en: fix ternary sign extension bug in bnxt_show_temp() + - net: geneve: modify IP header check in geneve6_xmit_skb and + geneve_xmit_skb + - [arm64] net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send + - net:nfc:digital: Fix a double free in digital_tg_recv_dep_req + - mm/sparse: add the missing sparse_buffer_fini() in error branch + - mm/memory-failure: unnecessary amount of unmapping + - net: Only allow init netns to set default tcp cong to a restricted algo + - smp: Fix smp_call_function_single_async prototype + - Revert "net/sctp: fix race condition in sctp_destroy_sock" + - sctp: delay auto_asconf init until binding the first addr (CVE-2021-23133) + - Revert "of/fdt: Make sure no-map does not remove already reserved regions" + - Revert "fdt: Properly handle "no-map" field in the memory region" + - [arm64,x86] tpm: fix error return code in tpm2_get_cc_attrs_tbl() + - fs: dlm: fix debugfs dump + - tipc: convert dest node's address to network order + - [x86] ASoC: Intel: bytcr_rt5640: Enable jack-detect support on Asus + T100TAF + - [arm64] net: stmmac: Set FIFO sizes for ipq806x + - i2c: bail out early when RDWR parameters are wrong + - ALSA: hdsp: don't disable if not enabled + - ALSA: hdspm: don't disable if not enabled + - ALSA: rme9652: don't disable if not enabled + - Bluetooth: Set CONF_NOT_COMPLETE as l2cap_chan default + - Bluetooth: initialize skb_queue_head at l2cap_chan_create() + - net: bridge: when suppression is enabled exclude RARP packets + - Bluetooth: check for zapped sk before connecting + - ip6_vti: proper dev_{hold|put} in ndo_[un]init methods + - [x86] ASoC: Intel: bytcr_rt5640: Add quirk for the Chuwi Hi8 tablet + - i2c: Add I2C_AQ_NO_REP_START adapter quirk + - mac80211: clear the beacon's CRC after channel switch + - [armhf] pinctrl: samsung: use 'int' for register masks in Exynos + - cuse: prevent clone + - sctp: Fix out-of-bounds warning in sctp_process_asconf_param() + - [powerpc*] smp: Set numa node before updating mask + - [x86] ASoC: rt286: Generalize support for ALC3263 codec + - ethtool: ioctl: Fix out-of-bounds warning in + store_link_ksettings_for_user() + - [powerpc*] pseries: Stop calling printk in rtas_stop_self() + - [x86] wl3501_cs: Fix out-of-bounds warnings in wl3501_send_pkt + - [x86] wl3501_cs: Fix out-of-bounds warnings in wl3501_mgmt_join + - [powerpc*] iommu: Annotate nested lock for lockdep + - [x86] ASoC: rt286: Make RT286_SET_GPIO_* readable and writable + - f2fs: fix a redundant call to f2fs_balance_fs if an error occurs + - PCI: Release OF node in pci_scan_device()'s error path + - [armel,armhf] 9064/1: hw_breakpoint: Do not directly check the event's + overflow_handler hook + - [arm64] rpmsg: qcom_glink_native: fix error return code of + qcom_glink_rx_data() + - NFSv4.2: Always flush out writes in nfs42_proc_fallocate() + - NFS: Deal correctly with attribute generation counter overflow + - pNFS/flexfiles: fix incorrect size check in decode_nfs_fh() + - NFSv4.2 fix handling of sr_eof in SEEK's reply + - rtc: ds1307: Fix wday settings for rx8130 + - [arm64] net: hns3: disable phy loopback setting in hclge_mac_start_phy + - sctp: do asoc update earlier in sctp_sf_do_dupcook_a + - ethernet:enic: Fix a use after free bug in enic_hard_start_xmit + - sctp: fix a SCTP_MIB_CURRESTAB leak in sctp_sf_do_dupcook_b + - netfilter: xt_SECMARK: add new revision to fix structure layout + - drm/radeon: Fix off-by-one power_state index heap overwrite + - drm/radeon: Avoid power table parsing memory leaks + - khugepaged: fix wrong result value for + trace_mm_collapse_huge_page_isolate() + - mm/hugeltb: handle the error case in hugetlb_fix_reserve_counts() + - ksm: fix potential missing rmap_item for stable_node + - net: fix nla_strcmp to handle more then one trailing null character + - smc: disallow TCP_ULP in smc_setsockopt() + - netfilter: nfnetlink_osf: Fix a missing skb_header_pointer() NULL check + - sched/fair: Fix unfairness caused by missing load decay + - [amd64] kernel: kexec_file: fix error return code of + kexec_calculate_store_digests() + - netfilter: nftables: avoid overflows in nft_hash_buckets() + - i40e: Fix use-after-free in i40e_client_subtask() + - [powerpc*] 64s: Fix crashes when toggling stf barrier + - [powerpc*] 64s: Fix crashes when toggling entry flush barrier + - hfsplus: prevent corruption in shrinking truncate + - squashfs: fix divide error in calculate_skip() + - userfaultfd: release page in error path to avoid BUG_ON + - drm/radeon/dpm: Disable sclk switching on Oland when two 4K 60Hz monitors + are connected + - [arm64,x86] ACPI: scan: Fix a memory leak in an error handling path + - blk-mq: Swap two calls in blk_mq_exit_queue() + - [armhf] usb: dwc3: omap: improve extcon initialization + - [arm64] usb: dwc3: pci: Enable usb2-gadget-lpm-disable for Intel + Merrifield + - [arm*] usb: dwc2: Fix gadget DMA unmap direction + - usb: core: hub: fix race condition about TRSMRCY of resume + - [arm64,armhf] usb: dwc3: gadget: Return success always for kick transfer + in ep queue + - xhci: Do not use GFP_KERNEL in (potentially) atomic context + - xhci: Add reset resume quirk for AMD xhci controller. + - [x86] iio: tsl2583: Fix division by a zero lux_val + - cdc-wdm: untangle a circular dependency between callback and softint + - [x86] KVM: Cancel pvclock_gtod_work on module removal + - thermal/core/fair share: Lock the thermal zone while looping over + instances + - kobject_uevent: remove warning in init_uevent_argv() + - netfilter: conntrack: Make global sysctls readonly in non-init netns + - nvme: do not try to reconfigure APST when the controller is not live + - [x86] msr: Fix wr/rdmsr_safe_regs_on_cpu() prototypes + - usb: sl811-hcd: improve misleading indentation + - cxgb4: Fix the -Wmisleading-indentation warning + - isdn: capi: fix mismatched prototypes + - [arm64] PCI: thunder: Fix compile testing + - [armel,armhf] 9066/1: ftrace: pause/unpause function graph tracer in + cpu_suspend() + - [arm64,x86] ACPI / hotplug / PCI: Fix reference count leak in + enable_slot() + - [arm64] Input: elants_i2c - do not bind to i2c-hid compatible ACPI + instantiated devices + - [armel,armhf] 9075/1: kernel: Fix interrupted SMC calls + - ceph: fix fscache invalidation + - scsi: target: tcmu: Return from tcmu_handle_completions() if cmd_id not + found + - [arm64,x86] gpiolib: acpi: Add quirk to ignore EC wakeups on Dell Venue 10 + Pro 5055 + - ALSA: hda: generic: change the DAC ctl name for LO+SPK or LO+HP + - block: reexpand iov_iter after read/write + - [arm64,armhf] net: stmmac: Do not enable RX FIFO overflow interrupts + - ip6_gre: proper dev_{hold|put} in ndo_[un]init methods + - sit: proper dev_{hold|put} in ndo_[un]init methods + - ip6_tunnel: sit: proper dev_{hold|put} in ndo_[un]init methods + - ipv6: remove extra dev_hold() for fallback tunnels + - iomap: fix sub-page uptodate handling + - [arm64] KVM: Initialize VCPU mdcr_el2 before loading it + - tweewide: Fix most Shebang lines + - scripts: switch explicitly to Python 3 + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.192 + - RDMA/rxe: Clear all QP fields if creation failed + - scsi: qla2xxx: Fix error return code in qla82xx_write_flash_dword() + - RDMA/mlx5: Recover from fatal event in dual port mode + - [x86] platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios + - ptrace: make ptrace() fail if the tracee changed its pid unexpectedly + - nvmet: seset ns->file when open fails + - locking/mutex: clear MUTEX_FLAGS if wait_list is empty due to signal + - cifs: fix memory leak in smb2_copychunk_range + - ALSA: dice: fix stream format for TC Electronic Konnekt Live at high + sampling transfer frequency + - ALSA: line6: Fix racy initialization of LINE6 MIDI + - ALSA: dice: fix stream format at middle sampling rate for Alesis iO 26 + - ALSA: usb-audio: Validate MS endpoint descriptors + - ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro + - [i386] Revert "ALSA: sb8: add a check for request_region" + - ALSA: hda/realtek: reset eapd coeff to default value for alc287 + - ALSA: hda/realtek: Add some CLOVE SSIDs of ALC293 + - [arm64] Revert "serial: mvebu-uart: Fix to avoid a potential NULL pointer + dereference" + - [x86] xen-pciback: reconfigure also from backend watch handler + - dm snapshot: fix crash with transient storage and zero chunk size + - [x86] Revert "video: hgafb: fix potential NULL pointer dereference" + - [arm64,armhf] Revert "net: stmicro: fix a missing check of clk_prepare" + - [armhf] Revert "leds: lp5523: fix a missing check of return value of + lp55xx_read" + - Revert "hwmon: (lm80) fix a missing check of bus read in lm80 probe" + - Revert "ecryptfs: replace BUG_ON with error handling code" + - Revert "rtlwifi: fix a potential NULL pointer dereference" + - Revert "qlcnic: Avoid potential NULL pointer dereference" + - Revert "niu: fix missing checks of niu_pci_eeprom_read" + - ethernet: sun: niu: fix missing checks of niu_pci_eeprom_read() + - [arm64,armhf] net: stmicro: handle clk_prepare() failure during init + - net: rtlwifi: properly check for alloc_workqueue() failure + - [armhf] leds: lp5523: check return value of lp5xx_read and jump to cleanup + code + - qlcnic: Add null check after calling netdev_alloc_skb + - [x86] video: hgafb: fix potential NULL pointer dereference + - vgacon: Record video mode changes with VT_RESIZEX + - vt: Fix character height handling with VT_RESIZEX + - tty: vt: always invoke vc->vc_sw->con_resize callback + - [x86] video: hgafb: correctly handle card detect failure during probe + - Bluetooth: SMP: Fail if remote and local public keys are identical + (CVE-2020-26558, CVE-2021-0129) + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.193 + - mm, vmstat: drop zone->lock in /proc/pagetypeinfo + - [arm64,armhf] usb: dwc3: gadget: Enable suspend events + - NFC: nci: fix memory leak in nci_allocate_device + - cifs: set server->cipher_type to AES-128-CCM for SMB3.0 + - NFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return() + - [amd64] iommu/vt-d: Fix sysfs leak in alloc_iommu() + - proc: Check /proc/$pid/attr/ writes against file opener + - net: hso: fix control-request directions + - mac80211: assure all fragments are encrypted (CVE-2020-26147) + - mac80211: prevent mixed key and fragment cache attacks (CVE-2020-24586, + CVE-2020-24587) + - mac80211: properly handle A-MSDUs that start with an RFC 1042 header + - cfg80211: mitigate A-MSDU aggregation attacks (CVE-2020-24588) + - mac80211: drop A-MSDUs on old ciphers (CVE-2020-24588) + - mac80211: add fragment cache to sta_info + - mac80211: check defrag PN against current frame + - mac80211: prevent attacks on TKIP/WEP as well + - mac80211: do not accept/forward invalid EAPOL frames (CVE-2020-26139) + - mac80211: extend protection against mixed key and fragment cache attacks + (CVE-2020-24586, CVE-2020-24587) + - ath10k: Validate first subframe of A-MSDU before processing the list + - dm snapshot: properly fix a crash when an origin has no snapshots + - misc/uss720: fix memory leak in uss720_probe + - [x86] thunderbolt: dma_port: Fix NVM read buffer bounds and offset issue + - [x86] mei: request autosuspend after sending rx flow control + - USB: trancevibrator: fix control-request direction + - USB: usbfs: Don't WARN about excessively large memory allocations + - serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait' + - USB: serial: ti_usb_3410_5052: add startech.com device id + - USB: serial: option: add Telit LE910-S1 compositions 0x7010, 0x7011 + - USB: serial: ftdi_sio: add IDs for IDS GmbH Products + - USB: serial: pl2303: add device id for ADLINK ND-6530 GC + - [arm64,armhf] usb: dwc3: gadget: Properly track pending and queued SG + - net: usb: fix memory leak in smsc75xx_bind + - bpf: extend is_branch_taken to registers + - bpf: Test_verifier, bpf_get_stack return value add <0 + - bpf, test_verifier: switch bpf_get_stack's 0 s> r8 test + - bpf: Move off_reg into sanitize_ptr_alu (CVE-2021-29155) + - bpf: Ensure off_reg has no mixed signed bounds for all types + (CVE-2021-29155) + - bpf: Rework ptr_limit into alu_limit and add common error path + (CVE-2021-29155) + - bpf: Improve verifier error messages for users (CVE-2021-29155) + - bpf: Refactor and streamline bounds check into helper (CVE-2021-29155) + - bpf: Move sanitize_val_alu out of op switch (CVE-2021-29155) + - bpf: Tighten speculative pointer arithmetic mask (CVE-2021-29155) + - bpf: Update selftests to reflect new error states + - bpf: Fix leakage of uninitialized bpf stack under speculation + (CVE-2021-31829) + - bpf: Wrap aux data inside bpf_sanitize_info container + - bpf: Fix mask direction swap upon off reg sign change + - bpf: No need to simulate speculative domain for immediates + - [armhf] spi: gpio: Don't leak SPI master in probe error path + - Bluetooth: cmtp: fix file refcount when cmtp_attach_device fails + - NFS: fix an incorrect limit in filelayout_decode_layout() + - NFS: Don't corrupt the value of pg_bytes_written in nfs_do_recoalesce() + - NFSv4: Fix v4.0/v4.1 SEEK_DATA return -ENOTSUPP when set NFS_V4_2 config + - [arm64] drm/meson: fix shutdown crash when component not probed + - net/mlx4: Fix EEPROM dump support + - Revert "net:tipc: Fix a double free in tipc_sk_mcast_rcv" + - tipc: skb_linearize the head skb when reassembling msgs + - [arm64,armhf] net: dsa: fix a crash if ->get_sset_count() fails + - [armhf] i2c: s3c2410: fix possible NULL pointer deref on read message + after write + - [x86] i2c: i801: Don't generate an interrupt on bus reset + - [x86] platform/x86: hp_accel: Avoid invoking _INI to speed up resume + - [x86] net: fujitsu: fix potential null-ptr-deref + - [x86] char: hpet: add checks after calling ioremap + - isdn: mISDNinfineon: check/cleanup ioremap failure correctly in setup_io + - [arm64] dmaengine: qcom_hidma: comment platform_driver_register call + - libertas: register sysfs groups properly + - media: dvb: Add check on sp8870_readreg return + - media: gspca: properly check for errors in po1030_probe() + - [x86] scsi: BusLogic: Fix 64-bit system enumeration error for Buslogic + - btrfs: do not BUG_ON in link_to_fixup_dir + - [x86] platform/x86: hp-wireless: add AMD's hardware id to the supported + list + - SMB3: incorrect file id in requests compounded with open + - drm/amd/amdgpu: fix refcount leak + - drm/amdgpu: Fix a use-after-free + - [arm64,armhf] net: dsa: fix error code getting shifted with 4 in + dsa_slave_get_sset_count + - [armhf] net: fec: fix the potential memory leak in fec_enet_init() + - [arm64] net: mdio: thunder: Fix a double free issue in the .remove + function + - [mips*] net: mdio: octeon: Fix some double free issues + - openvswitch: meter: fix race when getting now_ms. + - net: bnx2: Fix error return code in bnx2_init_board() + - mld: fix panic in mld_newpack() + - bpf: Set mac_len in bpf_skb_change_head + - ixgbe: fix large MTU request from VF + - scsi: libsas: Use _safe() loop in sas_resume_port() + - ipv6: record frag_max_size in atomic fragments in input path + - sch_dsmark: fix a NULL deref in qdisc_reset() + - hugetlbfs: hugetlb_fault_mutex_hash() cleanup + - drivers/net/ethernet: clean up unused assignments + - [arm64] net: hns3: check the return of skb_checksum_help() + - usb: core: reduce power-on-good delay time of root hub + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.194 + - net: usb: cdc_ncm: don't spew notifications (Closes: #989451) + - ALSA: usb: update old-style static const declaration + - nl80211: validate key indexes for cfg80211_registered_device + - efi: Allow EFI_MEMORY_XP and EFI_MEMORY_RO both to be cleared + - [arm64,x86] efi: cper: fix snprintf() use in cper_dimm_err_location() + - vfio/pci: Fix error return code in vfio_ecap_init() + - ipvs: ignore IP_VS_SVC_F_HASHED flag when adding service + - HID: pidff: fix error return code in hid_pidff_init() + - [arm64,x86] HID: i2c-hid: fix format string mismatch + - netfilter: nfnetlink_cthelper: hit EBUSY on updates if size mismatches + - ieee802154: fix error return code in ieee802154_add_iface() + - ieee802154: fix error return code in ieee802154_llsec_getparams() + - ixgbevf: add correct exception tracing for XDP + - tipc: add extack messages for bearer/media failure + - tipc: fix unique bearer names sanity check + - Bluetooth: fix the erroneous flush_work() order (CVE-2021-3564) + - Bluetooth: use correct lock to prevent UAF of hdev object (CVE-2021-3573) + - HID: multitouch: require Finger field to mark Win8 reports as MT + - ALSA: timer: Fix master timer notification + - ALSA: hda: Fix for mute key LED for HP Pavilion 15-CK0xx + - ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed + - [arm*] usb: dwc2: Fix build in periphal-only mode + - pid: take a reference when initializing `cad_pid` + - ocfs2: fix data corruption by fallocate + - nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect + (CVE-2021-3587) + - [x86] apic: Mark _all_ legacy interrupts when IO/APIC is missing + - btrfs: mark ordered extent and inode with error if we fail to finish + - btrfs: fix error handling in btrfs_del_csums + - btrfs: return errors from btrfs_del_csums in cleanup_ref_head + - btrfs: fixup error handling in fixup_inode_link_counts + - mm, hugetlb: fix simple resv_huge_pages underflow on UFFDIO_COPY + - bpf: Add BPF_F_ANY_ALIGNMENT. + - bnxt_en: Remove the setting of dev_port. + - perf/cgroups: Don't rotate events for cgroups unnecessarily + - perf/core: Fix corner case in perf_rotate_context() + - btrfs: fix unmountable seed device after fstrim + - [x86] KVM: SVM: Truncate GPR value for DR and CR accesses in !64-bit mode + - [arm64] KVM: Fix debug register indexing + - [arm64,x86] ACPI: probe ECDT before loading AML tables regardless of + module-level code flag + - [arm64,x86] ACPI: EC: Look for ECDT EC after calling acpi_load_tables() + - sched/fair: Optimize select_idle_cpu + - [x86] xen-pciback: redo VF placement in the virtual topology + + [ Salvatore Bonaccorso ] + * [rt] Update to 4.19.182-rt74 + * [rt] Add new signing key for Clark Williams + * [rt] Update to 4.19.184-rt75 + * Bump ABI to 17 + * [rt] Refresh "workqueue: Use normal rcu" + * [rt] Refresh "workqueue: Use local irq lock instead of irq disable" + * [rt] Refresh "workqueue: rework" + * [rt] Update to 4.19.188-rt77 + * [rt] Update to 4.19.190-rt79 + * [rt] Refresh "ptrace: fix ptrace vs tasklist_lock race" + * [rt] Update to 4.19.193-rt81 + * [rt] Refresh "kernel: sched: Provide a pointer to the valid CPU mask" + 4.19.181-1 [Fri, 19 Mar 2021 15:29:57 +0100] Salvatore Bonaccorso <carnil@debian.org>: * New upstream stable update: <http://piuparts.knut.univention.de/5.0-0/#2107927905600466190>
25b485a6214c add linux-signed-amd64.yaml
--- mirror/ftp/pool/main/l/linux-latest/linux-latest_105+deb10u11.dsc +++ apt/ucs_5.0-0-errata5.0-0/source/linux-latest_105+deb10u12.dsc @@ -1,3 +1,7 @@ +105+deb10u12 [Sat, 12 Jun 2021 07:16:00 +0200] Salvatore Bonaccorso <carnil@debian.org>: + + * Update to 4.19.0-17 + 105+deb10u11 [Fri, 19 Mar 2021 22:38:58 +0100] Salvatore Bonaccorso <carnil@debian.org>: * Update to 4.19.0-16 <http://piuparts.knut.univention.de/5.0-0/#62648134613097949>
--- mirror/ftp/pool/main/l/linux-signed-amd64/linux-signed-amd64_4.19.181+1.dsc +++ apt/ucs_5.0-0-errata5.0-0/source/linux-signed-amd64_4.19.194+1.dsc @@ -1,6 +1,850 @@ -4.19.181+1 [Fri, 19 Mar 2021 15:29:57 +0100] Salvatore Bonaccorso <carnil@debian.org>: +4.19.194+1 [Thu, 10 Jun 2021 20:49:34 +0200] Salvatore Bonaccorso <carnil@debian.org>: - * Sign kernel from linux 4.19.181-1 + * Sign kernel from linux 4.19.194-1 + + * New upstream stable update: + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.182 + - [arm64] KVM: nvhe: Save the SPE context early + - [armhf] net: dsa: b53: Support setting learning on port + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.183 + - ALSA: hda: generic: Fix the micmute led init state + - Revert "PM: runtime: Update device status before letting suppliers + suspend" + - vmlinux.lds.h: Create section for protection against instrumentation + - btrfs: fix race when cloning extent buffer during rewind of an old root + (CVE-2021-28964) + - btrfs: fix slab cache flags for free space tree bitmap + - [armhf] ASoC: fsl_ssi: Fix TDM slot setup for I2S mode + - nvmet: don't check iosqes,iocqes for discovery controllers + - NFSD: Repair misuse of sv_lock in 5.10.16-rt30. + - svcrdma: disable timeouts on rdma backchannel + - sunrpc: fix refcount leak for rpc auth modules + - scsi: lpfc: Fix some error codes in debugfs + - nvme-rdma: fix possible hang when failing to set io queues + - [powerpc*] Force inlining of cpu_has_feature() to avoid build failure + - usb-storage: Add quirk to defeat Kindle's automatic unload + - usbip: Fix incorrect double assignment to udc->ud.tcp_rx + - USB: replace hardcode maximum usb string length by definition + - usb: gadget: configfs: Fix KASAN use-after-free + - [arm64] iio:adc:qcom-spmi-vadc: add default scale to LR_MUX2_BAT_ID + channel + - iio: hid-sensor-prox: Fix scale not correct issue + - [powerpc*] PCI: rpadlpar: Fix potential drc_name corruption in store + functions (CVE-2021-28972) + - [x86] perf/x86/intel: Fix a crash caused by zero PEBS status + (CVE-2021-28971) + - [x86] ioapic: Ignore IRQ2 again + - kernel, fs: Introduce and use set_restart_fn() and arch_set_restart_data() + - [x86] Move TS_COMPAT back to asm/thread_info.h + - [x86] Introduce TS_COMPAT_RESTART to fix get_nr_restart_syscall() + - ext4: find old entry again if failed to rename whiteout + - ext4: do not try to set xattr into ea_inode if value is empty + - ext4: fix potential error in ext4_do_update_inode + - genirq: Disable interrupts for force threaded handlers + - [x86] apic/of: Fix CPU devicetree-node lookups + - cifs: Fix preauth hash corruption + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.184 + - [armhf] net: fec: ptp: avoid register access when ipg clock is disabled + - [powerpc*] 4xx: Fix build errors from mfdcr() + - atm: eni: dont release is never initialized + - atm: lanai: dont run lanai_dev_close if not open + - Revert "r8152: adjust the settings about MAC clock speed down for RTL8153" + - ixgbe: Fix memleak in ixgbe_configure_clsu32 + - net: tehuti: fix error return code in bdx_probe() + - sun/niu: fix wrong RXMAC_BC_FRM_CNT_COUNT count + - gianfar: fix jumbo packets+napi+rx overrun crash (CVE-2021-29264) + - gpiolib: acpi: Add missing IRQF_ONESHOT + - nfs: fix PNFS_FLEXFILE_LAYOUT Kconfig default + - NFS: Correct size calculation for create reply length + - [arm64] net: hisilicon: hns: fix error return code of + hns_nic_clear_all_rx_fetch() + - [x86] atm: uPD98402: fix incorrect allocation + - atm: idt77252: fix null-ptr-dereference + - u64_stats,lockdep: Fix u64_stats_init() vs lockdep + - nfs: we don't support removing system.nfs4_acl + - block: Suppress uevent for hidden device when removed + - [arm64] netsec: restore phy power state after controller reset + - [x86] platform/x86: intel-vbtn: Stop reporting SW_DOCK events + - squashfs: fix inode lookup sanity checks + - squashfs: fix xattr id and id lookup sanity checks + - dm ioctl: fix out of bounds array access when no devices + (CVE-2021-31916) + - [armhf] bus: omap_l3_noc: mark l3 irqs as IRQF_NO_THREAD + - veth: Store queue_mapping independently of XDP prog presence + - libbpf: Fix INSTALL flag order + - macvlan: macvlan_count_rx() needs to be aware of preemption + - [armhf] net: dsa: bcm_sf2: Qualify phydev->dev_flags based on port + - e1000e: add rtnl_lock() to e1000_reset_task + - e1000e: Fix error handling in e1000_set_d0_lplu_state_82571 + - net/qlcnic: Fix a use after free in qlcnic_83xx_get_minidump_template + - netfilter: ctnetlink: fix dump of the expect mask attribute + - can: peak_usb: add forgotten supported devices + - [armhf] can: flexcan: flexcan_chip_freeze(): fix chip freeze for missing + bitrate + - mac80211: fix rate mask reset + - net: cdc-phonet: fix data-interface release on probe failure + - [arm64,armhf] net: stmmac: dwmac-sun8i: Provide TX and RX fifo sizes + - [arm64] drm/msm: fix shutdown hook in case GPU components failed to bind + - net/mlx5e: Fix error path for ethtool set-priv-flag + - RDMA/cxgb4: Fix adapter LE hash errors while destroying ipv6 listening + server + - bpf: Don't do bpf_cgroup_storage_set() for kuprobe/tp programs + - Revert "netfilter: x_tables: Switch synchronization to RCU" + - netfilter: x_tables: Use correct memory barriers. (CVE-2021-29650) + - Revert "netfilter: x_tables: Update remaining dereference to RCU" + - ACPI: scan: Rearrange memory allocation in acpi_device_add() + - ACPI: scan: Use unique number for instance_no + - dm verity: add root hash pkcs#7 signature verification + - scsi: qedi: Fix error return code of qedi_alloc_global_queues() + - scsi: mpt3sas: Fix error return code of mpt3sas_base_attach() + - locking/mutex: Fix non debug version of mutex_lock_io_nested() + - can: dev: Move device back to init netns on owning netns delete + - net: sched: validate stab values + - net: qrtr: fix a kernel-infoleak in qrtr_recvmsg() (CVE-2021-29647) + - mac80211: fix double free in ibss_leave + - ext4: add reclaim checks to xattr code + - can: peak_usb: Revert "can: peak_usb: add forgotten supported devices" + - xen-blkback: don't leak persistent grants from xen_blkbk_map() + (CVE-2021-28688) + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.185 + - selinux: vsock: Set SID for socket returned by accept() + - tcp: relookup sock for RST+ACK packets handled by obsolete req sock + - ipv6: weaken the v4mapped source check + - ext4: fix bh ref count on error paths + - rpc: fix NULL dereference on kmalloc failure + - ASoC: rt5640: Fix dac- and adc- vol-tlv values being off by a factor of 10 + - [x86] ASoC: rt5651: Fix dac- and adc- vol-tlv values being off by a factor + of 10 + - [armhf] ASoC: sgtl5000: set DAP_AVC_CTRL register to correct default value + on probe + - [x86] ASoC: es8316: Simplify adc_pga_gain_tlv table + - vhost: Fix vhost_vq_reset() + - scsi: st: Fix a use after free in st_open() + - scsi: qla2xxx: Fix broken #endif placement + - [x86] staging: comedi: cb_pcidas: fix request_irq() warn + - [x86] staging: comedi: cb_pcidas64: fix request_irq() warn + - thermal/core: Add NULL pointer check before using cooling device stats + - locking/ww_mutex: Simplify use_ww_ctx & ww_ctx handling + - ext4: do not iput inode under running transaction in ext4_rename() + - brcmfmac: clear EAP/association status bits on linkdown events + - ath10k: hold RCU lock when calling ieee80211_find_sta_by_ifaddr() + - [amd64] net: ethernet: aquantia: Handle error cleanup of start on open + - appletalk: Fix skb allocation size in loopback case + - [x86] net: wan/lmc: unregister device when no matching device is found + - bpf: Remove MTU check in __bpf_skb_max_len + - ALSA: usb-audio: Apply sample rate quirk to Logitech Connect + - ALSA: hda/realtek: fix a determine_headset_type issue for a Dell AIO + - ALSA: hda/realtek: call alc_update_headset_mode() in hp_automute_hook + - PM: runtime: Fix race getting/putting suppliers at probe + - PM: runtime: Fix ordering in pm_runtime_get_suppliers() + - tracing: Fix stack trace event size + - mm: fix race by making init_zero_pfn() early_initcall + - drm/amdgpu: fix offset calculation in amdgpu_vm_bo_clear_mappings() + - drm/amdgpu: check alignment on CPU page for bo map + - reiserfs: update reiserfs_xattrs_initialized() condition + - [arm64,armhf] pinctrl: rockchip: fix restore error in resume + - extcon: Add stubs for extcon_register_notifier_all() functions + - extcon: Fix error handling in extcon_dev_register + - firewire: nosy: Fix a use-after-free bug in nosy_ioctl() (CVE-2021-3483) + - usbip: vhci_hcd fix shift out-of-bounds in vhci_hub_control() + - USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem + - [arm64,armhf] usb: musb: Fix suspend with devices connected for a64 + - cdc-acm: fix BREAK rx code path adding necessary calls + - USB: cdc-acm: untangle a circular dependency between callback and softint + - USB: cdc-acm: downgrade message to debug + - USB: cdc-acm: fix double free on probe failure + - USB: cdc-acm: fix use-after-free after probe failure + - [i386] usb: gadget: udc: amd5536udc_pci fix null-ptr-dereference + - [arm*] usb: dwc2: Fix HPRT0.PrtSusp bit setting for HiKey 960 board. + - [x86] staging: rtl8192e: Fix incorrect source in memcpy() + - staging: rtl8192e: Change state information from u16 to u8 + - drivers: video: fbcon: fix NULL dereference in fbcon_cursor() + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.186 + - [armhf] bus: ti-sysc: Fix warning on unbind if reset is not deasserted + - [x86] platform/x86: intel-hid: Support Lenovo ThinkPad X1 Tablet Gen 2 + - mISDN: fix crash in fritzpci + - mac80211: choose first enabled channel for monitor + - [arm64] drm/msm: Ratelimit invalid-fence message + - [x86] platform/x86: thinkpad_acpi: Allow the FnLock LED to change state + - scsi: target: pscsi: Clean up after failure in pscsi_map_sg() + - cifs: revalidate mapping when we open files for SMB1 POSIX + - cifs: Silently ignore unknown oplock break handle + - [amd64] bpf, x86: Validate computation of branch displacements for x86-64 + (CVE-2021-29154) + - [i386] bpf, x86: Validate computation of branch displacements for x86-32 + (CVE-2021-29154) + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.187 + - ALSA: aloop: Fix initialization of controls + - [x86] ASoC: intel: atom: Stop advertising non working S24LE support + - nfc: fix refcount leak in llcp_sock_bind() (CVE-2020-25670) + - nfc: fix refcount leak in llcp_sock_connect() (CVE-2020-25671) + - nfc: fix memory leak in llcp_sock_connect() (CVE-2020-25672) + - nfc: Avoid endless loops caused by repeated llcp_sock_connect() + - xen/evtchn: Change irq_info lock to raw_spinlock_t + - net: ipv6: check for validity before dereferencing cfg->fc_nlinfo.nlh + - ocfs2: fix deadlock between setattr and dio_end_io_write + - fs: direct-io: fix missing sdio->boundary + - [armhf] dts: turris-omnia: configure LED[2]/INTn pin as interrupt pin + - batman-adv: initialize "struct batadv_tvlv_tt_vlan_data"->reserved field + - ice: Increase control queue timeout + - net: hso: fix null-ptr-deref during tty device unregistration + - net: ensure mac header is set in virtio_net_hdr_to_skb() + - net: sched: sch_teql: fix null-pointer dereference + - net-ipv6: bugfix - raw & sctp - switch to ipv6_can_nonlocal_bind() + - usbip: add sysfs_lock to synchronize sysfs code paths + - usbip: stub-dev synchronize sysfs code paths + - usbip: vudc synchronize sysfs code paths + - usbip: synchronize event handler with sysfs code paths + - i2c: turn recovery error on init to debug + - virtio_net: Add XDP meta data support + - xfrm: interface: fix ipv4 pmtu check to honor ip header df + - net: xfrm: Localize sequence counter per network namespace + - i40e: Added Asym_Pause to supported link modes + - i40e: Fix kernel oops when i40e driver removes VF's + - sch_red: fix off-by-one checks in red_check_params() + - cxgb4: avoid collecting SGE_QBASE regs during traffic + - net:tipc: Fix a double free in tipc_sk_mcast_rcv + - [armhf] ASoC: sunxi: sun4i-codec: fill ASoC card owner + - clk: fix invalid usage of list cursor in register + - clk: fix invalid usage of list cursor in unregister + - workqueue: Move the position of debug_work_activate() in __queue_work() + - [s390x] cpcmd: fix inline assembly register clobbering + - net/mlx5: Fix placement of log_max_flow_counter + - net/mlx5: Fix PBMC register mapping + - RDMA/cxgb4: check for ipv6 address properly while destroying listener + - [armhf] clk: socfpga: fix iomem pointer cast on 64-bit + - net: sched: bump refcount for new action in ACT replace mode + - cfg80211: remove WARN_ON() in cfg80211_sme_connect + - net: tun: set tun->dev->addr_len during TUNSETLINK processing + - drivers: net: fix memory leak in atusb_probe + - drivers: net: fix memory leak in peak_usb_create_dev + - net: mac802154: Fix general protection fault + - net: ieee802154: nl-mac: fix check on panid + - net: ieee802154: fix nl802154 del llsec key + - net: ieee802154: fix nl802154 del llsec dev + - net: ieee802154: fix nl802154 add llsec key + - net: ieee802154: fix nl802154 del llsec devkey + - net: ieee802154: forbid monitor for set llsec params + - net: ieee802154: forbid monitor for del llsec seclevel + - net: ieee802154: stop dump llsec params for monitors + - Revert "cifs: Set CIFS_MOUNT_USE_PREFIX_PATH flag on setting + cifs_sb->prepath." (Closes: #988352) + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.188 + - [arm64] KVM: Hide system instruction access to Trace registers + - [arm64] KVM: Disable guest access to trace filter controls + - [armhf] drm/imx: imx-ldb: fix out of bounds array access warning + - gfs2: report "already frozen/thawed" errors + - [arm64,armhf] drm/tegra: dc: Don't set PLL clock to 0Hz + - block: only update parent bi_status when bio fail + - net: phy: broadcom: Only advertise EEE for supported modes + - staging: m57621-mmc: delete driver from the tree. (Closes: #986949) + - netfilter: x_tables: fix compat match/target pad out-of-bound write + - driver core: Fix locking bug in deferred_probe_timeout_work_func() + - xen/events: fix setting irq affinity + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.189 + - net/sctp: fix race condition in sctp_destroy_sock + - gpio: sysfs: Obey valid_mask + - neighbour: Disregard DEAD dst in neigh_update + - [arm64] drm/msm: Fix a5xx/a6xx timestamps + - scsi: scsi_transport_srp: Don't block target in SRP_PORT_LOST state + - net: ieee802154: stop dump llsec keys for monitors + - net: ieee802154: stop dump llsec devs for monitors + - net: ieee802154: forbid monitor for add llsec dev + - net: ieee802154: stop dump llsec devkeys for monitors + - net: ieee802154: forbid monitor for add llsec devkey + - net: ieee802154: stop dump llsec seclevels for monitors + - net: ieee802154: forbid monitor for add llsec seclevel + - pcnet32: Use pci_resource_len to validate PCI resource + - mac80211: clear sta->fast_rx when STA removed from 4-addr VLAN + - HID: wacom: set EV_KEY and EV_ABS only for non-HID_GENERIC type of devices + - readdir: make sure to verify directory entry for legacy interfaces too + - [arm64] fix inline asm in load_unaligned_zeropad() + - [arm64] alternatives: Move length validation in alternative_{insn, endif} + - scsi: libsas: Reset num_scatter if libata marks qc as NODATA + - netfilter: conntrack: do not print icmpv6 as unknown via /proc + - netfilter: nft_limit: avoid possible divide error in nft_limit_init + - net: sit: Unregister catch-all devices + - net: ip6_tunnel: Unregister catch-all devices + - i40e: fix the panic when running bpf in xdpdrv mode + - [armel,armhf] 9071/1: uprobes: Don't hook on thumb instructions + - net: phy: marvell: fix detection of PHY on Topaz switches + - gup: document and work around "COW can break either way" issue + (CVE-2020-29374) + - [x86] pinctrl: lewisburg: Update number of pins in community + - locking/qrwlock: Fix ordering in queued_write_lock_slowpath() + - [x86] perf/x86/intel/uncore: Remove uncore extra PCI dev HSWEP_PCI_PCU_3 + - HID: alps: fix error return code in alps_input_configured() + - HID: wacom: Assign boolean values to a bool variable + - net: geneve: check skb is large enough for IPv4/IPv6 header + - [s390x] entry: save the caller of psw_idle + - xen-netback: Check for hotplug-status existence before watching + - [x86] crash: Fix crash_setup_memmap_entries() out-of-bounds access + - net: hso: fix NULL-deref on disconnect regression + - USB: CDC-ACM: fix poison/unpoison imbalance + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.190 + - [x86] ACPI: tables: x86: Reserve memory occupied by ACPI tables + - [x86] ACPI: x86: Call acpi_boot_table_init() after acpi_table_upgrade() + - net: usb: ax88179_178a: initialize local variables before use + - iwlwifi: Fix softirq/hardirq disabling in iwl_pcie_enqueue_hcmd() + - [mips*] Do not include hi and lo in clobber list for R6 + - bpf: Fix masking negation logic upon negative dst register + (CVE-2021-31829) + - iwlwifi: Fix softirq/hardirq disabling in iwl_pcie_gen2_enqueue_hcmd() + - ALSA: usb-audio: Add MIDI quirk for Vox ToneLab EX + - USB: Add LPM quirk for Lenovo ThinkPad USB-C Dock Gen2 Ethernet + - USB: Add reset-resume quirk for WD19's Realtek Hub + - [x86] platform/x86: thinkpad_acpi: Correct thermal sensor allocation + - ovl: allow upperdir inside lowerdir + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.191 + - [s390x] disassembler: increase ebpf disasm buffer size + - ftrace: Handle commands when closing set_ftrace_filter file + - ecryptfs: fix kernel panic with null dev_name + - [armhf] spi: spi-ti-qspi: Free DMA resources + - scsi: qla2xxx: Fix crash in qla2xxx_mqueuecommand() + - mmc: sdhci-pci: Fix initialization of some SD cards for Intel BYT-based + controllers + - mmc: block: Update ext_csd.cache_ctrl if it was written + - mmc: block: Issue a cache flush only when it's enabled + - mmc: core: Do a power cycle when the CMD11 fails + - mmc: core: Set read only for SD cards with permanent write protect bit + - cifs: Return correct error code from smb2_get_enc_key + - btrfs: fix metadata extent leak after failure to create subvolume + - [x86] intel_th: pci: Add Rocket Lake CPU support + - fbdev: zero-fill colormap in fbcmap.c + - staging: wimax/i2400m: fix byte-order issue + - crypto: api - check for ERR pointers in crypto_destroy_tfm() + - usb: gadget: uvc: add bInterval checking for HS mode + - [x86] genirq/matrix: Prevent allocation counter corruption + - usb: gadget: f_uac1: validate input parameters + - [arm64,armhf] usb: dwc3: gadget: Ignore EP queue requests during bus reset + - usb: xhci: Fix port minor revision + - PCI: PM: Do not read power state in pci_enable_device_flags() + - [arm64] tee: optee: do not check memref size on return from Secure World + - [arm*] perf/arm_pmu_platform: Fix error handling + - xhci: check control context is valid before dereferencing it. + - xhci: fix potential array out of bounds with several interrupters + - [x86] intel_th: Consistency and off-by-one fix + - [armhf] phy: phy-twl4030-usb: Fix possible use-after-free in + twl4030_usb_remove() + - btrfs: convert logic BUG_ON()'s in replace_path to ASSERT()'s + - scsi: lpfc: Fix incorrect dbde assignment when building target abts wqe + - scsi: lpfc: Fix pt2pt connection does not recover after LOGO + - scsi: target: pscsi: Fix warning in pscsi_complete_cmd() + - [x86] media: ite-cir: check for receive overflow + - power: supply: bq27xxx: fix power_avg for newer ICs + - media: media/saa7164: fix saa7164_encoder_register() memory leak bugs + - media: gspca/sq905.c: fix uninitialized variable + - drm/amdgpu : Fix asic reset regression issue introduce by 8f211fe8ac7c4f + - scsi: qla2xxx: Always check the return value of qla24xx_get_isp_stats() + - scsi: qla2xxx: Fix use after free in bsg + - scsi: scsi_dh_alua: Remove check for ASC 24h in alua_rtpg() + - media: em28xx: fix memory leak + - media: vivid: update EDID + - [armhf] clk: socfpga: arria10: Fix memory leak of socfpga_clk on error + return + - media: dvb-usb: fix memory leak in dvb_usb_adapter_init + - media: gscpa/stv06xx: fix memory leak + - [arm64] drm/msm/mdp5: Configure PP_SYNC_HEIGHT to double the vtotal + - drm/amdgpu: fix NULL pointer dereference + - scsi: lpfc: Fix crash when a REG_RPI mailbox fails triggering a LOGO + response + - scsi: lpfc: Remove unsupported mbox PORT_CAPABILITIES logic + - scsi: libfc: Fix a format specifier + - [s390x] archrandom: add parameter check for s390_arch_random_generate + - [i386] ALSA: emu8000: Fix a use after free in snd_emu8000_create_mixer + - ALSA: hda/conexant: Re-order CX5066 quirk table entries + - [i386] ALSA: sb: Fix two use after free in snd_sb_qsound_build + - ALSA: usb-audio: Explicitly set up the clock selector + - ALSA: usb-audio: More constifications + - ALSA: usb-audio: Add dB range mapping for Sennheiser Communications + Headset PC 8 + - ALSA: hda/realtek: Add quirk for Intel Clevo PCx0Dx + - btrfs: fix race when picking most recent mod log operation for an old root + - [arm64] vdso: Discard .note.gnu.property sections in vDSO + - ubifs: Only check replay with inode type to judge if inode linked + - f2fs: fix to avoid out-of-bounds memory access (CVE-2021-3506) + - openvswitch: fix stack OOB read while fragmenting IPv4 packets + - [arm64] ACPI: GTDT: Don't corrupt interrupt mappings on watchdow probe + failure + - NFS: Don't discard pNFS layout segments that are marked for return + - NFSv4: Don't discard segments marked for return in _pnfs_return_layout() + - jffs2: Fix kasan slab-out-of-bounds problem + - [powerpc*] eeh: Fix EEH handling for hugepages in ioremap space. + - [x86] intel_th: pci: Add Alder Lake-M support + - [arm64,x86] tpm: vtpm_proxy: Avoid reading host log when using a virtual + device + - md/raid1: properly indicate failure when ending a failed write request + - dm raid: fix inconclusive reshape layout on fast raid4/5/6 table reload + sequences + - security: commoncap: fix -Wstringop-overread warning + - jffs2: check the validity of dstlen in jffs2_zlib_compress() + - Revert 337f13046ff0 ("futex: Allow FUTEX_CLOCK_REALTIME with FUTEX_WAIT + op") + - posix-timers: Preserve return value in clock_adjtime32() + - [arm64] vdso: remove commas between macro name and arguments + - ext4: fix check to prevent false positive report of incorrect used inodes + - ext4: do not set SB_ACTIVE in ext4_orphan_cleanup() + - ext4: fix error code in ext4_commit_super + - media: dvbdev: Fix memory leak in dvb_media_device_free() + - usb: gadget: Fix double free of device descriptor pointers + - usb: gadget/function/f_fs string table fix for multiple languages + - [arm64,armhf] usb: dwc3: gadget: Fix START_TRANSFER link state check + - [arm*] usb: dwc2: Fix session request interrupt handler + - tty: fix memory leak in vc_deallocate + - tracing: Map all PIDs to command lines + - tracing: Restructure trace_clock_global() to never block + - dm space map common: fix division bug in sm_ll_find_free_block() + - dm rq: fix double free of blk_mq_tag_set in dev remove after table load + fails + - modules: mark ref_module static + - modules: mark find_symbol static + - modules: mark each_symbol_section static + - modules: unexport __module_text_address + - modules: unexport __module_address + - modules: rename the licence field in struct symsearch to license + - modules: return licensing information from find_symbol + - modules: inherit TAINT_PROPRIETARY_MODULE + - Bluetooth: verify AMP hci_chan before amp_destroy (CVE-2021-33034) + - bluetooth: eliminate the potential race condition when removing the HCI + controller (CVE-2021-32399) + - net/nfc: fix use-after-free llcp_sock_bind/connect (CVE-2021-23134) + - FDDI: defxx: Bail out gracefully with unassigned PCI resource for CSR + - misc: lis3lv02d: Fix false-positive WARN on various HP models + - [x86] misc: vmw_vmci: explicitly initialize vmci_notify_bm_set_msg struct + - [x86] misc: vmw_vmci: explicitly initialize vmci_datagram payload + - md/bitmap: wait for external bitmap writes to complete during tear down + - md-cluster: fix use-after-free issue when removing rdev + - md: split mddev_find + - md: factor out a mddev_find_locked helper from mddev_find + - md: md_open returns -EBUSY when entering racing area + - md: Fix missing unused status line of /proc/mdstat + - ipw2x00: potential buffer overflow in libipw_wx_set_encodeext() + - cfg80211: scan: drop entry from hidden_list on overflow + - drm/radeon: fix copy of uninitialized variable back to userspace + - ALSA: hda/realtek: Re-order ALC882 Acer quirk table entries + - ALSA: hda/realtek: Re-order ALC882 Sony quirk table entries + - ALSA: hda/realtek: Re-order ALC882 Clevo quirk table entries + - ALSA: hda/realtek: Re-order ALC269 HP quirk table entries + - ALSA: hda/realtek: Re-order ALC269 Dell quirk table entries + - ALSA: hda/realtek: Re-order ALC269 Sony quirk table entries + - ALSA: hda/realtek: Re-order ALC269 Lenovo quirk table entries + - ALSA: hda/realtek: Remove redundant entry for ALC861 Haier/Uniwill devices + - [x86] cpu: Initialize MSR_TSC_AUX if RDTSCP *or* RDPID is supported + - [s390x] KVM: split kvm_s390_logical_to_effective + - [s390x] KVM: fix guarded storage control register handling + - [s390x] KVM: split kvm_s390_real_to_abs + - ovl: fix missing revert_creds() on error path + - [x86] usb: gadget: pch_udc: Revert d3cb25a12138 completely + - [armhf] memory: gpmc: fix out of bounds read and dereference on gpmc_cs[] + - [armhf] dts: exynos: correct PMIC interrupt trigger level on SMDK5250 + - regmap: set debugfs_name to NULL after it is freed + - mtd: Handle possible -EPROBE_DEFER from parse_mtd_partitions() + - [x86] microcode: Check for offline CPUs before requesting new microcode + - [x86] usb: gadget: pch_udc: Replace cpu_to_le32() by lower_32_bits() + - [x86] usb: gadget: pch_udc: Check if driver is present before calling + ->setup() + - [x86] usb: gadget: pch_udc: Check for DMA mapping error + - [x86] crypto: qat - don't release uninitialized resources + - [x86] crypto: qat - ADF_STATUS_PF_RUNNING should be set after adf_dev_init + - mtd: require write permissions for locking and badblock ioctls + - [arm64] bus: qcom: Put child node before return + - [x86] crypto: qat - fix error path in adf_isr_resource_alloc() + - [armhf] mtd: rawnand: gpmi: Fix a double free in gpmi_nand_init + - [arm64,armhf] irqchip/gic-v3: Fix OF_BAD_ADDR error handling + - [x86] staging: rtl8192u: Fix potential infinite loop + - spi: Fix use-after-free with devm_spi_alloc_* + - [arm64] soc: qcom: mdt_loader: Validate that p_filesz < p_memsz + - [arm64] soc: qcom: mdt_loader: Detect truncated read of segments + - [amd64,arm64] ACPI: CPPC: Replace cppc_attr with kobj_attribute + - [x86] crypto: qat - Fix a double free in adf_create_ring + - [arm64] cpufreq: armada-37xx: Fix setting TBG parent for load levels + - [arm64] clk: mvebu: armada-37xx-periph: remove .set_parent method for CPU + PM clock + - [arm64] cpufreq: armada-37xx: Fix the AVS value for load L1 + - [arm64] clk: mvebu: armada-37xx-periph: Fix switching CPU freq from 250 + Mhz to 1 GHz + - [arm64] clk: mvebu: armada-37xx-periph: Fix workaround for switching from + L1 to L0 + - [arm64] cpufreq: armada-37xx: Fix driver cleanup when registration failed + - [arm64] cpufreq: armada-37xx: Fix determining base CPU frequency + - USB: cdc-acm: fix unprivileged TIOCCSERIAL + - tty: actually undefine superseded ASYNC flags + - tty: fix return value for unsupported ioctls + - usbip: vudc: fix missing unlock on error in usbip_sockfd_store() + - [x86] platform/x86: pmc_atom: Match all Beckhoff Automation baytrail + boards with critclk_systems DMI table + - [x86] Drivers: hv: vmbus: Increase wait time for VMbus unload + - [arm*] usb: dwc2: Fix host mode hibernation exit with remote wakeup flow. + - [arm*] usb: dwc2: Fix hibernation between host and device modes. + - ttyprintk: Add TTY hangup callback. + - media: vivid: fix assignment of dev->fbuf_out_flags + - media: m88rs6000t: avoid potential out-of-bounds reads on arrays + - [x86] kprobes: Fix to check non boostable prefixes correctly + - sata_mv: add IRQ checks + - ata: libahci_platform: fix IRQ check + - nvme: retrigger ANA log update if group descriptor isn't found + - [arm64] clk: qcom: a53-pll: Add missing MODULE_DEVICE_TABLE + - [powerpc*] scsi: ibmvfc: Fix invalid state machine BUG_ON() + - [armhf] HSI: core: fix resource leaks in hsi_add_client_from_dt() + - [amd64] x86/events/amd/iommu: Fix sysfs type mismatch + - sched/debug: Fix cgroup_path[] serialization + - drivers/block/null_blk/main: Fix a double free in null_init. + - HID: plantronics: Workaround for double volume key presses + - [powerpc*] prom: Mark identical_pvr_fixup as __init + - ALSA: core: remove redundant spin_lock pair in snd_card_disconnect + - bug: Remove redundant condition check in report_bug + - nfc: pn533: prevent potential memory corruption + - [arm64] net: hns3: Limiting the scope of vector_ring_chain variable + - ALSA: usb-audio: Add error checks for usb_driver_claim_interface() calls + - [powerpc*] 64s: Fix pte update for kernel memory on radix + - [powerpc*] perf: Fix PMU constraint check for EBB events + - mac80211: bail out if cipher schemes are invalid + - mt7601u: fix always true expression + - [amd64] IB/hfi1: Fix error return code in parse_platform_config() + - [arm64] net: thunderx: Fix unintentional sign extension issue + - RDMA/srpt: Fix error return code in srpt_cm_req_recv() + - [mips*] pci-legacy: stop using of_pci_range_to_resource + - [powerpc*] pseries: extract host bridge from pci_bus prior to bus removal + - rtlwifi: 8821ae: upgrade PHY and RF parameters + - mwl8k: Fix a double Free in mwl8k_probe_hw + - [x86] vsock/vmci: log once the failed queue pair allocation + - RDMA/i40iw: Fix error unwinding when i40iw_hmc_sd_one fails + - ALSA: usb: midi: don't return -ENOMEM when usb_urb_ep_type_check fails + - [armhf] net: davinci_emac: Fix incorrect masking of tx and rx error + channel + - ath9k: Fix error check in ath9k_hw_read_revisions() for PCI devices + - ath10k: Fix ath10k_wmi_tlv_op_pull_peer_stats_info() unlock without lock + - bnxt_en: fix ternary sign extension bug in bnxt_show_temp() + - net: geneve: modify IP header check in geneve6_xmit_skb and + geneve_xmit_skb + - [arm64] net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send + - net:nfc:digital: Fix a double free in digital_tg_recv_dep_req + - mm/sparse: add the missing sparse_buffer_fini() in error branch + - mm/memory-failure: unnecessary amount of unmapping + - net: Only allow init netns to set default tcp cong to a restricted algo + - smp: Fix smp_call_function_single_async prototype + - Revert "net/sctp: fix race condition in sctp_destroy_sock" + - sctp: delay auto_asconf init until binding the first addr (CVE-2021-23133) + - Revert "of/fdt: Make sure no-map does not remove already reserved regions" + - Revert "fdt: Properly handle "no-map" field in the memory region" + - [arm64,x86] tpm: fix error return code in tpm2_get_cc_attrs_tbl() + - fs: dlm: fix debugfs dump + - tipc: convert dest node's address to network order + - [x86] ASoC: Intel: bytcr_rt5640: Enable jack-detect support on Asus + T100TAF + - [arm64] net: stmmac: Set FIFO sizes for ipq806x + - i2c: bail out early when RDWR parameters are wrong + - ALSA: hdsp: don't disable if not enabled + - ALSA: hdspm: don't disable if not enabled + - ALSA: rme9652: don't disable if not enabled + - Bluetooth: Set CONF_NOT_COMPLETE as l2cap_chan default + - Bluetooth: initialize skb_queue_head at l2cap_chan_create() + - net: bridge: when suppression is enabled exclude RARP packets + - Bluetooth: check for zapped sk before connecting + - ip6_vti: proper dev_{hold|put} in ndo_[un]init methods + - [x86] ASoC: Intel: bytcr_rt5640: Add quirk for the Chuwi Hi8 tablet + - i2c: Add I2C_AQ_NO_REP_START adapter quirk + - mac80211: clear the beacon's CRC after channel switch + - [armhf] pinctrl: samsung: use 'int' for register masks in Exynos + - cuse: prevent clone + - sctp: Fix out-of-bounds warning in sctp_process_asconf_param() + - [powerpc*] smp: Set numa node before updating mask + - [x86] ASoC: rt286: Generalize support for ALC3263 codec + - ethtool: ioctl: Fix out-of-bounds warning in + store_link_ksettings_for_user() + - [powerpc*] pseries: Stop calling printk in rtas_stop_self() + - [x86] wl3501_cs: Fix out-of-bounds warnings in wl3501_send_pkt + - [x86] wl3501_cs: Fix out-of-bounds warnings in wl3501_mgmt_join + - [powerpc*] iommu: Annotate nested lock for lockdep + - [x86] ASoC: rt286: Make RT286_SET_GPIO_* readable and writable + - f2fs: fix a redundant call to f2fs_balance_fs if an error occurs + - PCI: Release OF node in pci_scan_device()'s error path + - [armel,armhf] 9064/1: hw_breakpoint: Do not directly check the event's + overflow_handler hook + - [arm64] rpmsg: qcom_glink_native: fix error return code of + qcom_glink_rx_data() + - NFSv4.2: Always flush out writes in nfs42_proc_fallocate() + - NFS: Deal correctly with attribute generation counter overflow + - pNFS/flexfiles: fix incorrect size check in decode_nfs_fh() + - NFSv4.2 fix handling of sr_eof in SEEK's reply + - rtc: ds1307: Fix wday settings for rx8130 + - [arm64] net: hns3: disable phy loopback setting in hclge_mac_start_phy + - sctp: do asoc update earlier in sctp_sf_do_dupcook_a + - ethernet:enic: Fix a use after free bug in enic_hard_start_xmit + - sctp: fix a SCTP_MIB_CURRESTAB leak in sctp_sf_do_dupcook_b + - netfilter: xt_SECMARK: add new revision to fix structure layout + - drm/radeon: Fix off-by-one power_state index heap overwrite + - drm/radeon: Avoid power table parsing memory leaks + - khugepaged: fix wrong result value for + trace_mm_collapse_huge_page_isolate() + - mm/hugeltb: handle the error case in hugetlb_fix_reserve_counts() + - ksm: fix potential missing rmap_item for stable_node + - net: fix nla_strcmp to handle more then one trailing null character + - smc: disallow TCP_ULP in smc_setsockopt() + - netfilter: nfnetlink_osf: Fix a missing skb_header_pointer() NULL check + - sched/fair: Fix unfairness caused by missing load decay + - [amd64] kernel: kexec_file: fix error return code of + kexec_calculate_store_digests() + - netfilter: nftables: avoid overflows in nft_hash_buckets() + - i40e: Fix use-after-free in i40e_client_subtask() + - [powerpc*] 64s: Fix crashes when toggling stf barrier + - [powerpc*] 64s: Fix crashes when toggling entry flush barrier + - hfsplus: prevent corruption in shrinking truncate + - squashfs: fix divide error in calculate_skip() + - userfaultfd: release page in error path to avoid BUG_ON + - drm/radeon/dpm: Disable sclk switching on Oland when two 4K 60Hz monitors + are connected + - [arm64,x86] ACPI: scan: Fix a memory leak in an error handling path + - blk-mq: Swap two calls in blk_mq_exit_queue() + - [armhf] usb: dwc3: omap: improve extcon initialization + - [arm64] usb: dwc3: pci: Enable usb2-gadget-lpm-disable for Intel + Merrifield + - [arm*] usb: dwc2: Fix gadget DMA unmap direction + - usb: core: hub: fix race condition about TRSMRCY of resume + - [arm64,armhf] usb: dwc3: gadget: Return success always for kick transfer + in ep queue + - xhci: Do not use GFP_KERNEL in (potentially) atomic context + - xhci: Add reset resume quirk for AMD xhci controller. + - [x86] iio: tsl2583: Fix division by a zero lux_val + - cdc-wdm: untangle a circular dependency between callback and softint + - [x86] KVM: Cancel pvclock_gtod_work on module removal + - thermal/core/fair share: Lock the thermal zone while looping over + instances + - kobject_uevent: remove warning in init_uevent_argv() + - netfilter: conntrack: Make global sysctls readonly in non-init netns + - nvme: do not try to reconfigure APST when the controller is not live + - [x86] msr: Fix wr/rdmsr_safe_regs_on_cpu() prototypes + - usb: sl811-hcd: improve misleading indentation + - cxgb4: Fix the -Wmisleading-indentation warning + - isdn: capi: fix mismatched prototypes + - [arm64] PCI: thunder: Fix compile testing + - [armel,armhf] 9066/1: ftrace: pause/unpause function graph tracer in + cpu_suspend() + - [arm64,x86] ACPI / hotplug / PCI: Fix reference count leak in + enable_slot() + - [arm64] Input: elants_i2c - do not bind to i2c-hid compatible ACPI + instantiated devices + - [armel,armhf] 9075/1: kernel: Fix interrupted SMC calls + - ceph: fix fscache invalidation + - scsi: target: tcmu: Return from tcmu_handle_completions() if cmd_id not + found + - [arm64,x86] gpiolib: acpi: Add quirk to ignore EC wakeups on Dell Venue 10 + Pro 5055 + - ALSA: hda: generic: change the DAC ctl name for LO+SPK or LO+HP + - block: reexpand iov_iter after read/write + - [arm64,armhf] net: stmmac: Do not enable RX FIFO overflow interrupts + - ip6_gre: proper dev_{hold|put} in ndo_[un]init methods + - sit: proper dev_{hold|put} in ndo_[un]init methods + - ip6_tunnel: sit: proper dev_{hold|put} in ndo_[un]init methods + - ipv6: remove extra dev_hold() for fallback tunnels + - iomap: fix sub-page uptodate handling + - [arm64] KVM: Initialize VCPU mdcr_el2 before loading it + - tweewide: Fix most Shebang lines + - scripts: switch explicitly to Python 3 + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.192 + - RDMA/rxe: Clear all QP fields if creation failed + - scsi: qla2xxx: Fix error return code in qla82xx_write_flash_dword() + - RDMA/mlx5: Recover from fatal event in dual port mode + - [x86] platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios + - ptrace: make ptrace() fail if the tracee changed its pid unexpectedly + - nvmet: seset ns->file when open fails + - locking/mutex: clear MUTEX_FLAGS if wait_list is empty due to signal + - cifs: fix memory leak in smb2_copychunk_range + - ALSA: dice: fix stream format for TC Electronic Konnekt Live at high + sampling transfer frequency + - ALSA: line6: Fix racy initialization of LINE6 MIDI + - ALSA: dice: fix stream format at middle sampling rate for Alesis iO 26 + - ALSA: usb-audio: Validate MS endpoint descriptors + - ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro + - [i386] Revert "ALSA: sb8: add a check for request_region" + - ALSA: hda/realtek: reset eapd coeff to default value for alc287 + - ALSA: hda/realtek: Add some CLOVE SSIDs of ALC293 + - [arm64] Revert "serial: mvebu-uart: Fix to avoid a potential NULL pointer + dereference" + - [x86] xen-pciback: reconfigure also from backend watch handler + - dm snapshot: fix crash with transient storage and zero chunk size + - [x86] Revert "video: hgafb: fix potential NULL pointer dereference" + - [arm64,armhf] Revert "net: stmicro: fix a missing check of clk_prepare" + - [armhf] Revert "leds: lp5523: fix a missing check of return value of + lp55xx_read" + - Revert "hwmon: (lm80) fix a missing check of bus read in lm80 probe" + - Revert "ecryptfs: replace BUG_ON with error handling code" + - Revert "rtlwifi: fix a potential NULL pointer dereference" + - Revert "qlcnic: Avoid potential NULL pointer dereference" + - Revert "niu: fix missing checks of niu_pci_eeprom_read" + - ethernet: sun: niu: fix missing checks of niu_pci_eeprom_read() + - [arm64,armhf] net: stmicro: handle clk_prepare() failure during init + - net: rtlwifi: properly check for alloc_workqueue() failure + - [armhf] leds: lp5523: check return value of lp5xx_read and jump to cleanup + code + - qlcnic: Add null check after calling netdev_alloc_skb + - [x86] video: hgafb: fix potential NULL pointer dereference + - vgacon: Record video mode changes with VT_RESIZEX + - vt: Fix character height handling with VT_RESIZEX + - tty: vt: always invoke vc->vc_sw->con_resize callback + - [x86] video: hgafb: correctly handle card detect failure during probe + - Bluetooth: SMP: Fail if remote and local public keys are identical + (CVE-2020-26558, CVE-2021-0129) + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.193 + - mm, vmstat: drop zone->lock in /proc/pagetypeinfo + - [arm64,armhf] usb: dwc3: gadget: Enable suspend events + - NFC: nci: fix memory leak in nci_allocate_device + - cifs: set server->cipher_type to AES-128-CCM for SMB3.0 + - NFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return() + - [amd64] iommu/vt-d: Fix sysfs leak in alloc_iommu() + - proc: Check /proc/$pid/attr/ writes against file opener + - net: hso: fix control-request directions + - mac80211: assure all fragments are encrypted (CVE-2020-26147) + - mac80211: prevent mixed key and fragment cache attacks (CVE-2020-24586, + CVE-2020-24587) + - mac80211: properly handle A-MSDUs that start with an RFC 1042 header + - cfg80211: mitigate A-MSDU aggregation attacks (CVE-2020-24588) + - mac80211: drop A-MSDUs on old ciphers (CVE-2020-24588) + - mac80211: add fragment cache to sta_info + - mac80211: check defrag PN against current frame + - mac80211: prevent attacks on TKIP/WEP as well + - mac80211: do not accept/forward invalid EAPOL frames (CVE-2020-26139) + - mac80211: extend protection against mixed key and fragment cache attacks + (CVE-2020-24586, CVE-2020-24587) + - ath10k: Validate first subframe of A-MSDU before processing the list + - dm snapshot: properly fix a crash when an origin has no snapshots + - misc/uss720: fix memory leak in uss720_probe + - [x86] thunderbolt: dma_port: Fix NVM read buffer bounds and offset issue + - [x86] mei: request autosuspend after sending rx flow control + - USB: trancevibrator: fix control-request direction + - USB: usbfs: Don't WARN about excessively large memory allocations + - serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait' + - USB: serial: ti_usb_3410_5052: add startech.com device id + - USB: serial: option: add Telit LE910-S1 compositions 0x7010, 0x7011 + - USB: serial: ftdi_sio: add IDs for IDS GmbH Products + - USB: serial: pl2303: add device id for ADLINK ND-6530 GC + - [arm64,armhf] usb: dwc3: gadget: Properly track pending and queued SG + - net: usb: fix memory leak in smsc75xx_bind + - bpf: extend is_branch_taken to registers + - bpf: Test_verifier, bpf_get_stack return value add <0 + - bpf, test_verifier: switch bpf_get_stack's 0 s> r8 test + - bpf: Move off_reg into sanitize_ptr_alu (CVE-2021-29155) + - bpf: Ensure off_reg has no mixed signed bounds for all types + (CVE-2021-29155) + - bpf: Rework ptr_limit into alu_limit and add common error path + (CVE-2021-29155) + - bpf: Improve verifier error messages for users (CVE-2021-29155) + - bpf: Refactor and streamline bounds check into helper (CVE-2021-29155) + - bpf: Move sanitize_val_alu out of op switch (CVE-2021-29155) + - bpf: Tighten speculative pointer arithmetic mask (CVE-2021-29155) + - bpf: Update selftests to reflect new error states + - bpf: Fix leakage of uninitialized bpf stack under speculation + (CVE-2021-31829) + - bpf: Wrap aux data inside bpf_sanitize_info container + - bpf: Fix mask direction swap upon off reg sign change + - bpf: No need to simulate speculative domain for immediates + - [armhf] spi: gpio: Don't leak SPI master in probe error path + - Bluetooth: cmtp: fix file refcount when cmtp_attach_device fails + - NFS: fix an incorrect limit in filelayout_decode_layout() + - NFS: Don't corrupt the value of pg_bytes_written in nfs_do_recoalesce() + - NFSv4: Fix v4.0/v4.1 SEEK_DATA return -ENOTSUPP when set NFS_V4_2 config + - [arm64] drm/meson: fix shutdown crash when component not probed + - net/mlx4: Fix EEPROM dump support + - Revert "net:tipc: Fix a double free in tipc_sk_mcast_rcv" + - tipc: skb_linearize the head skb when reassembling msgs + - [arm64,armhf] net: dsa: fix a crash if ->get_sset_count() fails + - [armhf] i2c: s3c2410: fix possible NULL pointer deref on read message + after write + - [x86] i2c: i801: Don't generate an interrupt on bus reset + - [x86] platform/x86: hp_accel: Avoid invoking _INI to speed up resume + - [x86] net: fujitsu: fix potential null-ptr-deref + - [x86] char: hpet: add checks after calling ioremap + - isdn: mISDNinfineon: check/cleanup ioremap failure correctly in setup_io + - [arm64] dmaengine: qcom_hidma: comment platform_driver_register call + - libertas: register sysfs groups properly + - media: dvb: Add check on sp8870_readreg return + - media: gspca: properly check for errors in po1030_probe() + - [x86] scsi: BusLogic: Fix 64-bit system enumeration error for Buslogic + - btrfs: do not BUG_ON in link_to_fixup_dir + - [x86] platform/x86: hp-wireless: add AMD's hardware id to the supported + list + - SMB3: incorrect file id in requests compounded with open + - drm/amd/amdgpu: fix refcount leak + - drm/amdgpu: Fix a use-after-free + - [arm64,armhf] net: dsa: fix error code getting shifted with 4 in + dsa_slave_get_sset_count + - [armhf] net: fec: fix the potential memory leak in fec_enet_init() + - [arm64] net: mdio: thunder: Fix a double free issue in the .remove + function + - [mips*] net: mdio: octeon: Fix some double free issues + - openvswitch: meter: fix race when getting now_ms. + - net: bnx2: Fix error return code in bnx2_init_board() + - mld: fix panic in mld_newpack() + - bpf: Set mac_len in bpf_skb_change_head + - ixgbe: fix large MTU request from VF + - scsi: libsas: Use _safe() loop in sas_resume_port() + - ipv6: record frag_max_size in atomic fragments in input path + - sch_dsmark: fix a NULL deref in qdisc_reset() + - hugetlbfs: hugetlb_fault_mutex_hash() cleanup + - drivers/net/ethernet: clean up unused assignments + - [arm64] net: hns3: check the return of skb_checksum_help() + - usb: core: reduce power-on-good delay time of root hub + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.194 + - net: usb: cdc_ncm: don't spew notifications (Closes: #989451) + - ALSA: usb: update old-style static const declaration + - nl80211: validate key indexes for cfg80211_registered_device + - efi: Allow EFI_MEMORY_XP and EFI_MEMORY_RO both to be cleared + - [arm64,x86] efi: cper: fix snprintf() use in cper_dimm_err_location() + - vfio/pci: Fix error return code in vfio_ecap_init() + - ipvs: ignore IP_VS_SVC_F_HASHED flag when adding service + - HID: pidff: fix error return code in hid_pidff_init() + - [arm64,x86] HID: i2c-hid: fix format string mismatch + - netfilter: nfnetlink_cthelper: hit EBUSY on updates if size mismatches + - ieee802154: fix error return code in ieee802154_add_iface() + - ieee802154: fix error return code in ieee802154_llsec_getparams() + - ixgbevf: add correct exception tracing for XDP + - tipc: add extack messages for bearer/media failure + - tipc: fix unique bearer names sanity check + - Bluetooth: fix the erroneous flush_work() order (CVE-2021-3564) + - Bluetooth: use correct lock to prevent UAF of hdev object (CVE-2021-3573) + - HID: multitouch: require Finger field to mark Win8 reports as MT + - ALSA: timer: Fix master timer notification + - ALSA: hda: Fix for mute key LED for HP Pavilion 15-CK0xx + - ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed + - [arm*] usb: dwc2: Fix build in periphal-only mode + - pid: take a reference when initializing `cad_pid` + - ocfs2: fix data corruption by fallocate + - nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect + (CVE-2021-3587) + - [x86] apic: Mark _all_ legacy interrupts when IO/APIC is missing + - btrfs: mark ordered extent and inode with error if we fail to finish + - btrfs: fix error handling in btrfs_del_csums + - btrfs: return errors from btrfs_del_csums in cleanup_ref_head + - btrfs: fixup error handling in fixup_inode_link_counts + - mm, hugetlb: fix simple resv_huge_pages underflow on UFFDIO_COPY + - bpf: Add BPF_F_ANY_ALIGNMENT. + - bnxt_en: Remove the setting of dev_port. + - perf/cgroups: Don't rotate events for cgroups unnecessarily + - perf/core: Fix corner case in perf_rotate_context() + - btrfs: fix unmountable seed device after fstrim + - [x86] KVM: SVM: Truncate GPR value for DR and CR accesses in !64-bit mode + - [arm64] KVM: Fix debug register indexing + - [arm64,x86] ACPI: probe ECDT before loading AML tables regardless of + module-level code flag + - [arm64,x86] ACPI: EC: Look for ECDT EC after calling acpi_load_tables() + - sched/fair: Optimize select_idle_cpu + - [x86] xen-pciback: redo VF placement in the virtual topology + + [ Salvatore Bonaccorso ] + * [rt] Update to 4.19.182-rt74 + * [rt] Add new signing key for Clark Williams + * [rt] Update to 4.19.184-rt75 + * Bump ABI to 17 + * [rt] Refresh "workqueue: Use normal rcu" + * [rt] Refresh "workqueue: Use local irq lock instead of irq disable" + * [rt] Refresh "workqueue: rework" + * [rt] Update to 4.19.188-rt77 + * [rt] Update to 4.19.190-rt79 + * [rt] Refresh "ptrace: fix ptrace vs tasklist_lock race" + * [rt] Update to 4.19.193-rt81 + * [rt] Refresh "kernel: sched: Provide a pointer to the valid CPU mask" + +4.19.181-1 [Fri, 19 Mar 2021 15:29:57 +0100] Salvatore Bonaccorso <carnil@debian.org>: * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.178 <http://piuparts.knut.univention.de/5.0-0/#62648134613097949>
--- mirror/ftp/pool/main/l/linux/linux_4.19.181-1.dsc +++ apt/ucs_5.0-0-errata5.0-0/source/linux_4.19.194-1.dsc @@ -1,3 +1,847 @@ +4.19.194-1 [Thu, 10 Jun 2021 20:49:34 +0200] Salvatore Bonaccorso <carnil@debian.org>: + + * New upstream stable update: + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.182 + - [arm64] KVM: nvhe: Save the SPE context early + - [armhf] net: dsa: b53: Support setting learning on port + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.183 + - ALSA: hda: generic: Fix the micmute led init state + - Revert "PM: runtime: Update device status before letting suppliers + suspend" + - vmlinux.lds.h: Create section for protection against instrumentation + - btrfs: fix race when cloning extent buffer during rewind of an old root + (CVE-2021-28964) + - btrfs: fix slab cache flags for free space tree bitmap + - [armhf] ASoC: fsl_ssi: Fix TDM slot setup for I2S mode + - nvmet: don't check iosqes,iocqes for discovery controllers + - NFSD: Repair misuse of sv_lock in 5.10.16-rt30. + - svcrdma: disable timeouts on rdma backchannel + - sunrpc: fix refcount leak for rpc auth modules + - scsi: lpfc: Fix some error codes in debugfs + - nvme-rdma: fix possible hang when failing to set io queues + - [powerpc*] Force inlining of cpu_has_feature() to avoid build failure + - usb-storage: Add quirk to defeat Kindle's automatic unload + - usbip: Fix incorrect double assignment to udc->ud.tcp_rx + - USB: replace hardcode maximum usb string length by definition + - usb: gadget: configfs: Fix KASAN use-after-free + - [arm64] iio:adc:qcom-spmi-vadc: add default scale to LR_MUX2_BAT_ID + channel + - iio: hid-sensor-prox: Fix scale not correct issue + - [powerpc*] PCI: rpadlpar: Fix potential drc_name corruption in store + functions (CVE-2021-28972) + - [x86] perf/x86/intel: Fix a crash caused by zero PEBS status + (CVE-2021-28971) + - [x86] ioapic: Ignore IRQ2 again + - kernel, fs: Introduce and use set_restart_fn() and arch_set_restart_data() + - [x86] Move TS_COMPAT back to asm/thread_info.h + - [x86] Introduce TS_COMPAT_RESTART to fix get_nr_restart_syscall() + - ext4: find old entry again if failed to rename whiteout + - ext4: do not try to set xattr into ea_inode if value is empty + - ext4: fix potential error in ext4_do_update_inode + - genirq: Disable interrupts for force threaded handlers + - [x86] apic/of: Fix CPU devicetree-node lookups + - cifs: Fix preauth hash corruption + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.184 + - [armhf] net: fec: ptp: avoid register access when ipg clock is disabled + - [powerpc*] 4xx: Fix build errors from mfdcr() + - atm: eni: dont release is never initialized + - atm: lanai: dont run lanai_dev_close if not open + - Revert "r8152: adjust the settings about MAC clock speed down for RTL8153" + - ixgbe: Fix memleak in ixgbe_configure_clsu32 + - net: tehuti: fix error return code in bdx_probe() + - sun/niu: fix wrong RXMAC_BC_FRM_CNT_COUNT count + - gianfar: fix jumbo packets+napi+rx overrun crash (CVE-2021-29264) + - gpiolib: acpi: Add missing IRQF_ONESHOT + - nfs: fix PNFS_FLEXFILE_LAYOUT Kconfig default + - NFS: Correct size calculation for create reply length + - [arm64] net: hisilicon: hns: fix error return code of + hns_nic_clear_all_rx_fetch() + - [x86] atm: uPD98402: fix incorrect allocation + - atm: idt77252: fix null-ptr-dereference + - u64_stats,lockdep: Fix u64_stats_init() vs lockdep + - nfs: we don't support removing system.nfs4_acl + - block: Suppress uevent for hidden device when removed + - [arm64] netsec: restore phy power state after controller reset + - [x86] platform/x86: intel-vbtn: Stop reporting SW_DOCK events + - squashfs: fix inode lookup sanity checks + - squashfs: fix xattr id and id lookup sanity checks + - dm ioctl: fix out of bounds array access when no devices + (CVE-2021-31916) + - [armhf] bus: omap_l3_noc: mark l3 irqs as IRQF_NO_THREAD + - veth: Store queue_mapping independently of XDP prog presence + - libbpf: Fix INSTALL flag order + - macvlan: macvlan_count_rx() needs to be aware of preemption + - [armhf] net: dsa: bcm_sf2: Qualify phydev->dev_flags based on port + - e1000e: add rtnl_lock() to e1000_reset_task + - e1000e: Fix error handling in e1000_set_d0_lplu_state_82571 + - net/qlcnic: Fix a use after free in qlcnic_83xx_get_minidump_template + - netfilter: ctnetlink: fix dump of the expect mask attribute + - can: peak_usb: add forgotten supported devices + - [armhf] can: flexcan: flexcan_chip_freeze(): fix chip freeze for missing + bitrate + - mac80211: fix rate mask reset + - net: cdc-phonet: fix data-interface release on probe failure + - [arm64,armhf] net: stmmac: dwmac-sun8i: Provide TX and RX fifo sizes + - [arm64] drm/msm: fix shutdown hook in case GPU components failed to bind + - net/mlx5e: Fix error path for ethtool set-priv-flag + - RDMA/cxgb4: Fix adapter LE hash errors while destroying ipv6 listening + server + - bpf: Don't do bpf_cgroup_storage_set() for kuprobe/tp programs + - Revert "netfilter: x_tables: Switch synchronization to RCU" + - netfilter: x_tables: Use correct memory barriers. (CVE-2021-29650) + - Revert "netfilter: x_tables: Update remaining dereference to RCU" + - ACPI: scan: Rearrange memory allocation in acpi_device_add() + - ACPI: scan: Use unique number for instance_no + - dm verity: add root hash pkcs#7 signature verification + - scsi: qedi: Fix error return code of qedi_alloc_global_queues() + - scsi: mpt3sas: Fix error return code of mpt3sas_base_attach() + - locking/mutex: Fix non debug version of mutex_lock_io_nested() + - can: dev: Move device back to init netns on owning netns delete + - net: sched: validate stab values + - net: qrtr: fix a kernel-infoleak in qrtr_recvmsg() (CVE-2021-29647) + - mac80211: fix double free in ibss_leave + - ext4: add reclaim checks to xattr code + - can: peak_usb: Revert "can: peak_usb: add forgotten supported devices" + - xen-blkback: don't leak persistent grants from xen_blkbk_map() + (CVE-2021-28688) + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.185 + - selinux: vsock: Set SID for socket returned by accept() + - tcp: relookup sock for RST+ACK packets handled by obsolete req sock + - ipv6: weaken the v4mapped source check + - ext4: fix bh ref count on error paths + - rpc: fix NULL dereference on kmalloc failure + - ASoC: rt5640: Fix dac- and adc- vol-tlv values being off by a factor of 10 + - [x86] ASoC: rt5651: Fix dac- and adc- vol-tlv values being off by a factor + of 10 + - [armhf] ASoC: sgtl5000: set DAP_AVC_CTRL register to correct default value + on probe + - [x86] ASoC: es8316: Simplify adc_pga_gain_tlv table + - vhost: Fix vhost_vq_reset() + - scsi: st: Fix a use after free in st_open() + - scsi: qla2xxx: Fix broken #endif placement + - [x86] staging: comedi: cb_pcidas: fix request_irq() warn + - [x86] staging: comedi: cb_pcidas64: fix request_irq() warn + - thermal/core: Add NULL pointer check before using cooling device stats + - locking/ww_mutex: Simplify use_ww_ctx & ww_ctx handling + - ext4: do not iput inode under running transaction in ext4_rename() + - brcmfmac: clear EAP/association status bits on linkdown events + - ath10k: hold RCU lock when calling ieee80211_find_sta_by_ifaddr() + - [amd64] net: ethernet: aquantia: Handle error cleanup of start on open + - appletalk: Fix skb allocation size in loopback case + - [x86] net: wan/lmc: unregister device when no matching device is found + - bpf: Remove MTU check in __bpf_skb_max_len + - ALSA: usb-audio: Apply sample rate quirk to Logitech Connect + - ALSA: hda/realtek: fix a determine_headset_type issue for a Dell AIO + - ALSA: hda/realtek: call alc_update_headset_mode() in hp_automute_hook + - PM: runtime: Fix race getting/putting suppliers at probe + - PM: runtime: Fix ordering in pm_runtime_get_suppliers() + - tracing: Fix stack trace event size + - mm: fix race by making init_zero_pfn() early_initcall + - drm/amdgpu: fix offset calculation in amdgpu_vm_bo_clear_mappings() + - drm/amdgpu: check alignment on CPU page for bo map + - reiserfs: update reiserfs_xattrs_initialized() condition + - [arm64,armhf] pinctrl: rockchip: fix restore error in resume + - extcon: Add stubs for extcon_register_notifier_all() functions + - extcon: Fix error handling in extcon_dev_register + - firewire: nosy: Fix a use-after-free bug in nosy_ioctl() (CVE-2021-3483) + - usbip: vhci_hcd fix shift out-of-bounds in vhci_hub_control() + - USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem + - [arm64,armhf] usb: musb: Fix suspend with devices connected for a64 + - cdc-acm: fix BREAK rx code path adding necessary calls + - USB: cdc-acm: untangle a circular dependency between callback and softint + - USB: cdc-acm: downgrade message to debug + - USB: cdc-acm: fix double free on probe failure + - USB: cdc-acm: fix use-after-free after probe failure + - [i386] usb: gadget: udc: amd5536udc_pci fix null-ptr-dereference + - [arm*] usb: dwc2: Fix HPRT0.PrtSusp bit setting for HiKey 960 board. + - [x86] staging: rtl8192e: Fix incorrect source in memcpy() + - staging: rtl8192e: Change state information from u16 to u8 + - drivers: video: fbcon: fix NULL dereference in fbcon_cursor() + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.186 + - [armhf] bus: ti-sysc: Fix warning on unbind if reset is not deasserted + - [x86] platform/x86: intel-hid: Support Lenovo ThinkPad X1 Tablet Gen 2 + - mISDN: fix crash in fritzpci + - mac80211: choose first enabled channel for monitor + - [arm64] drm/msm: Ratelimit invalid-fence message + - [x86] platform/x86: thinkpad_acpi: Allow the FnLock LED to change state + - scsi: target: pscsi: Clean up after failure in pscsi_map_sg() + - cifs: revalidate mapping when we open files for SMB1 POSIX + - cifs: Silently ignore unknown oplock break handle + - [amd64] bpf, x86: Validate computation of branch displacements for x86-64 + (CVE-2021-29154) + - [i386] bpf, x86: Validate computation of branch displacements for x86-32 + (CVE-2021-29154) + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.187 + - ALSA: aloop: Fix initialization of controls + - [x86] ASoC: intel: atom: Stop advertising non working S24LE support + - nfc: fix refcount leak in llcp_sock_bind() (CVE-2020-25670) + - nfc: fix refcount leak in llcp_sock_connect() (CVE-2020-25671) + - nfc: fix memory leak in llcp_sock_connect() (CVE-2020-25672) + - nfc: Avoid endless loops caused by repeated llcp_sock_connect() + - xen/evtchn: Change irq_info lock to raw_spinlock_t + - net: ipv6: check for validity before dereferencing cfg->fc_nlinfo.nlh + - ocfs2: fix deadlock between setattr and dio_end_io_write + - fs: direct-io: fix missing sdio->boundary + - [armhf] dts: turris-omnia: configure LED[2]/INTn pin as interrupt pin + - batman-adv: initialize "struct batadv_tvlv_tt_vlan_data"->reserved field + - ice: Increase control queue timeout + - net: hso: fix null-ptr-deref during tty device unregistration + - net: ensure mac header is set in virtio_net_hdr_to_skb() + - net: sched: sch_teql: fix null-pointer dereference + - net-ipv6: bugfix - raw & sctp - switch to ipv6_can_nonlocal_bind() + - usbip: add sysfs_lock to synchronize sysfs code paths + - usbip: stub-dev synchronize sysfs code paths + - usbip: vudc synchronize sysfs code paths + - usbip: synchronize event handler with sysfs code paths + - i2c: turn recovery error on init to debug + - virtio_net: Add XDP meta data support + - xfrm: interface: fix ipv4 pmtu check to honor ip header df + - net: xfrm: Localize sequence counter per network namespace + - i40e: Added Asym_Pause to supported link modes + - i40e: Fix kernel oops when i40e driver removes VF's + - sch_red: fix off-by-one checks in red_check_params() + - cxgb4: avoid collecting SGE_QBASE regs during traffic + - net:tipc: Fix a double free in tipc_sk_mcast_rcv + - [armhf] ASoC: sunxi: sun4i-codec: fill ASoC card owner + - clk: fix invalid usage of list cursor in register + - clk: fix invalid usage of list cursor in unregister + - workqueue: Move the position of debug_work_activate() in __queue_work() + - [s390x] cpcmd: fix inline assembly register clobbering + - net/mlx5: Fix placement of log_max_flow_counter + - net/mlx5: Fix PBMC register mapping + - RDMA/cxgb4: check for ipv6 address properly while destroying listener + - [armhf] clk: socfpga: fix iomem pointer cast on 64-bit + - net: sched: bump refcount for new action in ACT replace mode + - cfg80211: remove WARN_ON() in cfg80211_sme_connect + - net: tun: set tun->dev->addr_len during TUNSETLINK processing + - drivers: net: fix memory leak in atusb_probe + - drivers: net: fix memory leak in peak_usb_create_dev + - net: mac802154: Fix general protection fault + - net: ieee802154: nl-mac: fix check on panid + - net: ieee802154: fix nl802154 del llsec key + - net: ieee802154: fix nl802154 del llsec dev + - net: ieee802154: fix nl802154 add llsec key + - net: ieee802154: fix nl802154 del llsec devkey + - net: ieee802154: forbid monitor for set llsec params + - net: ieee802154: forbid monitor for del llsec seclevel + - net: ieee802154: stop dump llsec params for monitors + - Revert "cifs: Set CIFS_MOUNT_USE_PREFIX_PATH flag on setting + cifs_sb->prepath." (Closes: #988352) + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.188 + - [arm64] KVM: Hide system instruction access to Trace registers + - [arm64] KVM: Disable guest access to trace filter controls + - [armhf] drm/imx: imx-ldb: fix out of bounds array access warning + - gfs2: report "already frozen/thawed" errors + - [arm64,armhf] drm/tegra: dc: Don't set PLL clock to 0Hz + - block: only update parent bi_status when bio fail + - net: phy: broadcom: Only advertise EEE for supported modes + - staging: m57621-mmc: delete driver from the tree. (Closes: #986949) + - netfilter: x_tables: fix compat match/target pad out-of-bound write + - driver core: Fix locking bug in deferred_probe_timeout_work_func() + - xen/events: fix setting irq affinity + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.189 + - net/sctp: fix race condition in sctp_destroy_sock + - gpio: sysfs: Obey valid_mask + - neighbour: Disregard DEAD dst in neigh_update + - [arm64] drm/msm: Fix a5xx/a6xx timestamps + - scsi: scsi_transport_srp: Don't block target in SRP_PORT_LOST state + - net: ieee802154: stop dump llsec keys for monitors + - net: ieee802154: stop dump llsec devs for monitors + - net: ieee802154: forbid monitor for add llsec dev + - net: ieee802154: stop dump llsec devkeys for monitors + - net: ieee802154: forbid monitor for add llsec devkey + - net: ieee802154: stop dump llsec seclevels for monitors + - net: ieee802154: forbid monitor for add llsec seclevel + - pcnet32: Use pci_resource_len to validate PCI resource + - mac80211: clear sta->fast_rx when STA removed from 4-addr VLAN + - HID: wacom: set EV_KEY and EV_ABS only for non-HID_GENERIC type of devices + - readdir: make sure to verify directory entry for legacy interfaces too + - [arm64] fix inline asm in load_unaligned_zeropad() + - [arm64] alternatives: Move length validation in alternative_{insn, endif} + - scsi: libsas: Reset num_scatter if libata marks qc as NODATA + - netfilter: conntrack: do not print icmpv6 as unknown via /proc + - netfilter: nft_limit: avoid possible divide error in nft_limit_init + - net: sit: Unregister catch-all devices + - net: ip6_tunnel: Unregister catch-all devices + - i40e: fix the panic when running bpf in xdpdrv mode + - [armel,armhf] 9071/1: uprobes: Don't hook on thumb instructions + - net: phy: marvell: fix detection of PHY on Topaz switches + - gup: document and work around "COW can break either way" issue + (CVE-2020-29374) + - [x86] pinctrl: lewisburg: Update number of pins in community + - locking/qrwlock: Fix ordering in queued_write_lock_slowpath() + - [x86] perf/x86/intel/uncore: Remove uncore extra PCI dev HSWEP_PCI_PCU_3 + - HID: alps: fix error return code in alps_input_configured() + - HID: wacom: Assign boolean values to a bool variable + - net: geneve: check skb is large enough for IPv4/IPv6 header + - [s390x] entry: save the caller of psw_idle + - xen-netback: Check for hotplug-status existence before watching + - [x86] crash: Fix crash_setup_memmap_entries() out-of-bounds access + - net: hso: fix NULL-deref on disconnect regression + - USB: CDC-ACM: fix poison/unpoison imbalance + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.190 + - [x86] ACPI: tables: x86: Reserve memory occupied by ACPI tables + - [x86] ACPI: x86: Call acpi_boot_table_init() after acpi_table_upgrade() + - net: usb: ax88179_178a: initialize local variables before use + - iwlwifi: Fix softirq/hardirq disabling in iwl_pcie_enqueue_hcmd() + - [mips*] Do not include hi and lo in clobber list for R6 + - bpf: Fix masking negation logic upon negative dst register + (CVE-2021-31829) + - iwlwifi: Fix softirq/hardirq disabling in iwl_pcie_gen2_enqueue_hcmd() + - ALSA: usb-audio: Add MIDI quirk for Vox ToneLab EX + - USB: Add LPM quirk for Lenovo ThinkPad USB-C Dock Gen2 Ethernet + - USB: Add reset-resume quirk for WD19's Realtek Hub + - [x86] platform/x86: thinkpad_acpi: Correct thermal sensor allocation + - ovl: allow upperdir inside lowerdir + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.191 + - [s390x] disassembler: increase ebpf disasm buffer size + - ftrace: Handle commands when closing set_ftrace_filter file + - ecryptfs: fix kernel panic with null dev_name + - [armhf] spi: spi-ti-qspi: Free DMA resources + - scsi: qla2xxx: Fix crash in qla2xxx_mqueuecommand() + - mmc: sdhci-pci: Fix initialization of some SD cards for Intel BYT-based + controllers + - mmc: block: Update ext_csd.cache_ctrl if it was written + - mmc: block: Issue a cache flush only when it's enabled + - mmc: core: Do a power cycle when the CMD11 fails + - mmc: core: Set read only for SD cards with permanent write protect bit + - cifs: Return correct error code from smb2_get_enc_key + - btrfs: fix metadata extent leak after failure to create subvolume + - [x86] intel_th: pci: Add Rocket Lake CPU support + - fbdev: zero-fill colormap in fbcmap.c + - staging: wimax/i2400m: fix byte-order issue + - crypto: api - check for ERR pointers in crypto_destroy_tfm() + - usb: gadget: uvc: add bInterval checking for HS mode + - [x86] genirq/matrix: Prevent allocation counter corruption + - usb: gadget: f_uac1: validate input parameters + - [arm64,armhf] usb: dwc3: gadget: Ignore EP queue requests during bus reset + - usb: xhci: Fix port minor revision + - PCI: PM: Do not read power state in pci_enable_device_flags() + - [arm64] tee: optee: do not check memref size on return from Secure World + - [arm*] perf/arm_pmu_platform: Fix error handling + - xhci: check control context is valid before dereferencing it. + - xhci: fix potential array out of bounds with several interrupters + - [x86] intel_th: Consistency and off-by-one fix + - [armhf] phy: phy-twl4030-usb: Fix possible use-after-free in + twl4030_usb_remove() + - btrfs: convert logic BUG_ON()'s in replace_path to ASSERT()'s + - scsi: lpfc: Fix incorrect dbde assignment when building target abts wqe + - scsi: lpfc: Fix pt2pt connection does not recover after LOGO + - scsi: target: pscsi: Fix warning in pscsi_complete_cmd() + - [x86] media: ite-cir: check for receive overflow + - power: supply: bq27xxx: fix power_avg for newer ICs + - media: media/saa7164: fix saa7164_encoder_register() memory leak bugs + - media: gspca/sq905.c: fix uninitialized variable + - drm/amdgpu : Fix asic reset regression issue introduce by 8f211fe8ac7c4f + - scsi: qla2xxx: Always check the return value of qla24xx_get_isp_stats() + - scsi: qla2xxx: Fix use after free in bsg + - scsi: scsi_dh_alua: Remove check for ASC 24h in alua_rtpg() + - media: em28xx: fix memory leak + - media: vivid: update EDID + - [armhf] clk: socfpga: arria10: Fix memory leak of socfpga_clk on error + return + - media: dvb-usb: fix memory leak in dvb_usb_adapter_init + - media: gscpa/stv06xx: fix memory leak + - [arm64] drm/msm/mdp5: Configure PP_SYNC_HEIGHT to double the vtotal + - drm/amdgpu: fix NULL pointer dereference + - scsi: lpfc: Fix crash when a REG_RPI mailbox fails triggering a LOGO + response + - scsi: lpfc: Remove unsupported mbox PORT_CAPABILITIES logic + - scsi: libfc: Fix a format specifier + - [s390x] archrandom: add parameter check for s390_arch_random_generate + - [i386] ALSA: emu8000: Fix a use after free in snd_emu8000_create_mixer + - ALSA: hda/conexant: Re-order CX5066 quirk table entries + - [i386] ALSA: sb: Fix two use after free in snd_sb_qsound_build + - ALSA: usb-audio: Explicitly set up the clock selector + - ALSA: usb-audio: More constifications + - ALSA: usb-audio: Add dB range mapping for Sennheiser Communications + Headset PC 8 + - ALSA: hda/realtek: Add quirk for Intel Clevo PCx0Dx + - btrfs: fix race when picking most recent mod log operation for an old root + - [arm64] vdso: Discard .note.gnu.property sections in vDSO + - ubifs: Only check replay with inode type to judge if inode linked + - f2fs: fix to avoid out-of-bounds memory access (CVE-2021-3506) + - openvswitch: fix stack OOB read while fragmenting IPv4 packets + - [arm64] ACPI: GTDT: Don't corrupt interrupt mappings on watchdow probe + failure + - NFS: Don't discard pNFS layout segments that are marked for return + - NFSv4: Don't discard segments marked for return in _pnfs_return_layout() + - jffs2: Fix kasan slab-out-of-bounds problem + - [powerpc*] eeh: Fix EEH handling for hugepages in ioremap space. + - [x86] intel_th: pci: Add Alder Lake-M support + - [arm64,x86] tpm: vtpm_proxy: Avoid reading host log when using a virtual + device + - md/raid1: properly indicate failure when ending a failed write request + - dm raid: fix inconclusive reshape layout on fast raid4/5/6 table reload + sequences + - security: commoncap: fix -Wstringop-overread warning + - jffs2: check the validity of dstlen in jffs2_zlib_compress() + - Revert 337f13046ff0 ("futex: Allow FUTEX_CLOCK_REALTIME with FUTEX_WAIT + op") + - posix-timers: Preserve return value in clock_adjtime32() + - [arm64] vdso: remove commas between macro name and arguments + - ext4: fix check to prevent false positive report of incorrect used inodes + - ext4: do not set SB_ACTIVE in ext4_orphan_cleanup() + - ext4: fix error code in ext4_commit_super + - media: dvbdev: Fix memory leak in dvb_media_device_free() + - usb: gadget: Fix double free of device descriptor pointers + - usb: gadget/function/f_fs string table fix for multiple languages + - [arm64,armhf] usb: dwc3: gadget: Fix START_TRANSFER link state check + - [arm*] usb: dwc2: Fix session request interrupt handler + - tty: fix memory leak in vc_deallocate + - tracing: Map all PIDs to command lines + - tracing: Restructure trace_clock_global() to never block + - dm space map common: fix division bug in sm_ll_find_free_block() + - dm rq: fix double free of blk_mq_tag_set in dev remove after table load + fails + - modules: mark ref_module static + - modules: mark find_symbol static + - modules: mark each_symbol_section static + - modules: unexport __module_text_address + - modules: unexport __module_address + - modules: rename the licence field in struct symsearch to license + - modules: return licensing information from find_symbol + - modules: inherit TAINT_PROPRIETARY_MODULE + - Bluetooth: verify AMP hci_chan before amp_destroy (CVE-2021-33034) + - bluetooth: eliminate the potential race condition when removing the HCI + controller (CVE-2021-32399) + - net/nfc: fix use-after-free llcp_sock_bind/connect (CVE-2021-23134) + - FDDI: defxx: Bail out gracefully with unassigned PCI resource for CSR + - misc: lis3lv02d: Fix false-positive WARN on various HP models + - [x86] misc: vmw_vmci: explicitly initialize vmci_notify_bm_set_msg struct + - [x86] misc: vmw_vmci: explicitly initialize vmci_datagram payload + - md/bitmap: wait for external bitmap writes to complete during tear down + - md-cluster: fix use-after-free issue when removing rdev + - md: split mddev_find + - md: factor out a mddev_find_locked helper from mddev_find + - md: md_open returns -EBUSY when entering racing area + - md: Fix missing unused status line of /proc/mdstat + - ipw2x00: potential buffer overflow in libipw_wx_set_encodeext() + - cfg80211: scan: drop entry from hidden_list on overflow + - drm/radeon: fix copy of uninitialized variable back to userspace + - ALSA: hda/realtek: Re-order ALC882 Acer quirk table entries + - ALSA: hda/realtek: Re-order ALC882 Sony quirk table entries + - ALSA: hda/realtek: Re-order ALC882 Clevo quirk table entries + - ALSA: hda/realtek: Re-order ALC269 HP quirk table entries + - ALSA: hda/realtek: Re-order ALC269 Dell quirk table entries + - ALSA: hda/realtek: Re-order ALC269 Sony quirk table entries + - ALSA: hda/realtek: Re-order ALC269 Lenovo quirk table entries + - ALSA: hda/realtek: Remove redundant entry for ALC861 Haier/Uniwill devices + - [x86] cpu: Initialize MSR_TSC_AUX if RDTSCP *or* RDPID is supported + - [s390x] KVM: split kvm_s390_logical_to_effective + - [s390x] KVM: fix guarded storage control register handling + - [s390x] KVM: split kvm_s390_real_to_abs + - ovl: fix missing revert_creds() on error path + - [x86] usb: gadget: pch_udc: Revert d3cb25a12138 completely + - [armhf] memory: gpmc: fix out of bounds read and dereference on gpmc_cs[] + - [armhf] dts: exynos: correct PMIC interrupt trigger level on SMDK5250 + - regmap: set debugfs_name to NULL after it is freed + - mtd: Handle possible -EPROBE_DEFER from parse_mtd_partitions() + - [x86] microcode: Check for offline CPUs before requesting new microcode + - [x86] usb: gadget: pch_udc: Replace cpu_to_le32() by lower_32_bits() + - [x86] usb: gadget: pch_udc: Check if driver is present before calling + ->setup() + - [x86] usb: gadget: pch_udc: Check for DMA mapping error + - [x86] crypto: qat - don't release uninitialized resources + - [x86] crypto: qat - ADF_STATUS_PF_RUNNING should be set after adf_dev_init + - mtd: require write permissions for locking and badblock ioctls + - [arm64] bus: qcom: Put child node before return + - [x86] crypto: qat - fix error path in adf_isr_resource_alloc() + - [armhf] mtd: rawnand: gpmi: Fix a double free in gpmi_nand_init + - [arm64,armhf] irqchip/gic-v3: Fix OF_BAD_ADDR error handling + - [x86] staging: rtl8192u: Fix potential infinite loop + - spi: Fix use-after-free with devm_spi_alloc_* + - [arm64] soc: qcom: mdt_loader: Validate that p_filesz < p_memsz + - [arm64] soc: qcom: mdt_loader: Detect truncated read of segments + - [amd64,arm64] ACPI: CPPC: Replace cppc_attr with kobj_attribute + - [x86] crypto: qat - Fix a double free in adf_create_ring + - [arm64] cpufreq: armada-37xx: Fix setting TBG parent for load levels + - [arm64] clk: mvebu: armada-37xx-periph: remove .set_parent method for CPU + PM clock + - [arm64] cpufreq: armada-37xx: Fix the AVS value for load L1 + - [arm64] clk: mvebu: armada-37xx-periph: Fix switching CPU freq from 250 + Mhz to 1 GHz + - [arm64] clk: mvebu: armada-37xx-periph: Fix workaround for switching from + L1 to L0 + - [arm64] cpufreq: armada-37xx: Fix driver cleanup when registration failed + - [arm64] cpufreq: armada-37xx: Fix determining base CPU frequency + - USB: cdc-acm: fix unprivileged TIOCCSERIAL + - tty: actually undefine superseded ASYNC flags + - tty: fix return value for unsupported ioctls + - usbip: vudc: fix missing unlock on error in usbip_sockfd_store() + - [x86] platform/x86: pmc_atom: Match all Beckhoff Automation baytrail + boards with critclk_systems DMI table + - [x86] Drivers: hv: vmbus: Increase wait time for VMbus unload + - [arm*] usb: dwc2: Fix host mode hibernation exit with remote wakeup flow. + - [arm*] usb: dwc2: Fix hibernation between host and device modes. + - ttyprintk: Add TTY hangup callback. + - media: vivid: fix assignment of dev->fbuf_out_flags + - media: m88rs6000t: avoid potential out-of-bounds reads on arrays + - [x86] kprobes: Fix to check non boostable prefixes correctly + - sata_mv: add IRQ checks + - ata: libahci_platform: fix IRQ check + - nvme: retrigger ANA log update if group descriptor isn't found + - [arm64] clk: qcom: a53-pll: Add missing MODULE_DEVICE_TABLE + - [powerpc*] scsi: ibmvfc: Fix invalid state machine BUG_ON() + - [armhf] HSI: core: fix resource leaks in hsi_add_client_from_dt() + - [amd64] x86/events/amd/iommu: Fix sysfs type mismatch + - sched/debug: Fix cgroup_path[] serialization + - drivers/block/null_blk/main: Fix a double free in null_init. + - HID: plantronics: Workaround for double volume key presses + - [powerpc*] prom: Mark identical_pvr_fixup as __init + - ALSA: core: remove redundant spin_lock pair in snd_card_disconnect + - bug: Remove redundant condition check in report_bug + - nfc: pn533: prevent potential memory corruption + - [arm64] net: hns3: Limiting the scope of vector_ring_chain variable + - ALSA: usb-audio: Add error checks for usb_driver_claim_interface() calls + - [powerpc*] 64s: Fix pte update for kernel memory on radix + - [powerpc*] perf: Fix PMU constraint check for EBB events + - mac80211: bail out if cipher schemes are invalid + - mt7601u: fix always true expression + - [amd64] IB/hfi1: Fix error return code in parse_platform_config() + - [arm64] net: thunderx: Fix unintentional sign extension issue + - RDMA/srpt: Fix error return code in srpt_cm_req_recv() + - [mips*] pci-legacy: stop using of_pci_range_to_resource + - [powerpc*] pseries: extract host bridge from pci_bus prior to bus removal + - rtlwifi: 8821ae: upgrade PHY and RF parameters + - mwl8k: Fix a double Free in mwl8k_probe_hw + - [x86] vsock/vmci: log once the failed queue pair allocation + - RDMA/i40iw: Fix error unwinding when i40iw_hmc_sd_one fails + - ALSA: usb: midi: don't return -ENOMEM when usb_urb_ep_type_check fails + - [armhf] net: davinci_emac: Fix incorrect masking of tx and rx error + channel + - ath9k: Fix error check in ath9k_hw_read_revisions() for PCI devices + - ath10k: Fix ath10k_wmi_tlv_op_pull_peer_stats_info() unlock without lock + - bnxt_en: fix ternary sign extension bug in bnxt_show_temp() + - net: geneve: modify IP header check in geneve6_xmit_skb and + geneve_xmit_skb + - [arm64] net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send + - net:nfc:digital: Fix a double free in digital_tg_recv_dep_req + - mm/sparse: add the missing sparse_buffer_fini() in error branch + - mm/memory-failure: unnecessary amount of unmapping + - net: Only allow init netns to set default tcp cong to a restricted algo + - smp: Fix smp_call_function_single_async prototype + - Revert "net/sctp: fix race condition in sctp_destroy_sock" + - sctp: delay auto_asconf init until binding the first addr (CVE-2021-23133) + - Revert "of/fdt: Make sure no-map does not remove already reserved regions" + - Revert "fdt: Properly handle "no-map" field in the memory region" + - [arm64,x86] tpm: fix error return code in tpm2_get_cc_attrs_tbl() + - fs: dlm: fix debugfs dump + - tipc: convert dest node's address to network order + - [x86] ASoC: Intel: bytcr_rt5640: Enable jack-detect support on Asus + T100TAF + - [arm64] net: stmmac: Set FIFO sizes for ipq806x + - i2c: bail out early when RDWR parameters are wrong + - ALSA: hdsp: don't disable if not enabled + - ALSA: hdspm: don't disable if not enabled + - ALSA: rme9652: don't disable if not enabled + - Bluetooth: Set CONF_NOT_COMPLETE as l2cap_chan default + - Bluetooth: initialize skb_queue_head at l2cap_chan_create() + - net: bridge: when suppression is enabled exclude RARP packets + - Bluetooth: check for zapped sk before connecting + - ip6_vti: proper dev_{hold|put} in ndo_[un]init methods + - [x86] ASoC: Intel: bytcr_rt5640: Add quirk for the Chuwi Hi8 tablet + - i2c: Add I2C_AQ_NO_REP_START adapter quirk + - mac80211: clear the beacon's CRC after channel switch + - [armhf] pinctrl: samsung: use 'int' for register masks in Exynos + - cuse: prevent clone + - sctp: Fix out-of-bounds warning in sctp_process_asconf_param() + - [powerpc*] smp: Set numa node before updating mask + - [x86] ASoC: rt286: Generalize support for ALC3263 codec + - ethtool: ioctl: Fix out-of-bounds warning in + store_link_ksettings_for_user() + - [powerpc*] pseries: Stop calling printk in rtas_stop_self() + - [x86] wl3501_cs: Fix out-of-bounds warnings in wl3501_send_pkt + - [x86] wl3501_cs: Fix out-of-bounds warnings in wl3501_mgmt_join + - [powerpc*] iommu: Annotate nested lock for lockdep + - [x86] ASoC: rt286: Make RT286_SET_GPIO_* readable and writable + - f2fs: fix a redundant call to f2fs_balance_fs if an error occurs + - PCI: Release OF node in pci_scan_device()'s error path + - [armel,armhf] 9064/1: hw_breakpoint: Do not directly check the event's + overflow_handler hook + - [arm64] rpmsg: qcom_glink_native: fix error return code of + qcom_glink_rx_data() + - NFSv4.2: Always flush out writes in nfs42_proc_fallocate() + - NFS: Deal correctly with attribute generation counter overflow + - pNFS/flexfiles: fix incorrect size check in decode_nfs_fh() + - NFSv4.2 fix handling of sr_eof in SEEK's reply + - rtc: ds1307: Fix wday settings for rx8130 + - [arm64] net: hns3: disable phy loopback setting in hclge_mac_start_phy + - sctp: do asoc update earlier in sctp_sf_do_dupcook_a + - ethernet:enic: Fix a use after free bug in enic_hard_start_xmit + - sctp: fix a SCTP_MIB_CURRESTAB leak in sctp_sf_do_dupcook_b + - netfilter: xt_SECMARK: add new revision to fix structure layout + - drm/radeon: Fix off-by-one power_state index heap overwrite + - drm/radeon: Avoid power table parsing memory leaks + - khugepaged: fix wrong result value for + trace_mm_collapse_huge_page_isolate() + - mm/hugeltb: handle the error case in hugetlb_fix_reserve_counts() + - ksm: fix potential missing rmap_item for stable_node + - net: fix nla_strcmp to handle more then one trailing null character + - smc: disallow TCP_ULP in smc_setsockopt() + - netfilter: nfnetlink_osf: Fix a missing skb_header_pointer() NULL check + - sched/fair: Fix unfairness caused by missing load decay + - [amd64] kernel: kexec_file: fix error return code of + kexec_calculate_store_digests() + - netfilter: nftables: avoid overflows in nft_hash_buckets() + - i40e: Fix use-after-free in i40e_client_subtask() + - [powerpc*] 64s: Fix crashes when toggling stf barrier + - [powerpc*] 64s: Fix crashes when toggling entry flush barrier + - hfsplus: prevent corruption in shrinking truncate + - squashfs: fix divide error in calculate_skip() + - userfaultfd: release page in error path to avoid BUG_ON + - drm/radeon/dpm: Disable sclk switching on Oland when two 4K 60Hz monitors + are connected + - [arm64,x86] ACPI: scan: Fix a memory leak in an error handling path + - blk-mq: Swap two calls in blk_mq_exit_queue() + - [armhf] usb: dwc3: omap: improve extcon initialization + - [arm64] usb: dwc3: pci: Enable usb2-gadget-lpm-disable for Intel + Merrifield + - [arm*] usb: dwc2: Fix gadget DMA unmap direction + - usb: core: hub: fix race condition about TRSMRCY of resume + - [arm64,armhf] usb: dwc3: gadget: Return success always for kick transfer + in ep queue + - xhci: Do not use GFP_KERNEL in (potentially) atomic context + - xhci: Add reset resume quirk for AMD xhci controller. + - [x86] iio: tsl2583: Fix division by a zero lux_val + - cdc-wdm: untangle a circular dependency between callback and softint + - [x86] KVM: Cancel pvclock_gtod_work on module removal + - thermal/core/fair share: Lock the thermal zone while looping over + instances + - kobject_uevent: remove warning in init_uevent_argv() + - netfilter: conntrack: Make global sysctls readonly in non-init netns + - nvme: do not try to reconfigure APST when the controller is not live + - [x86] msr: Fix wr/rdmsr_safe_regs_on_cpu() prototypes + - usb: sl811-hcd: improve misleading indentation + - cxgb4: Fix the -Wmisleading-indentation warning + - isdn: capi: fix mismatched prototypes + - [arm64] PCI: thunder: Fix compile testing + - [armel,armhf] 9066/1: ftrace: pause/unpause function graph tracer in + cpu_suspend() + - [arm64,x86] ACPI / hotplug / PCI: Fix reference count leak in + enable_slot() + - [arm64] Input: elants_i2c - do not bind to i2c-hid compatible ACPI + instantiated devices + - [armel,armhf] 9075/1: kernel: Fix interrupted SMC calls + - ceph: fix fscache invalidation + - scsi: target: tcmu: Return from tcmu_handle_completions() if cmd_id not + found + - [arm64,x86] gpiolib: acpi: Add quirk to ignore EC wakeups on Dell Venue 10 + Pro 5055 + - ALSA: hda: generic: change the DAC ctl name for LO+SPK or LO+HP + - block: reexpand iov_iter after read/write + - [arm64,armhf] net: stmmac: Do not enable RX FIFO overflow interrupts + - ip6_gre: proper dev_{hold|put} in ndo_[un]init methods + - sit: proper dev_{hold|put} in ndo_[un]init methods + - ip6_tunnel: sit: proper dev_{hold|put} in ndo_[un]init methods + - ipv6: remove extra dev_hold() for fallback tunnels + - iomap: fix sub-page uptodate handling + - [arm64] KVM: Initialize VCPU mdcr_el2 before loading it + - tweewide: Fix most Shebang lines + - scripts: switch explicitly to Python 3 + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.192 + - RDMA/rxe: Clear all QP fields if creation failed + - scsi: qla2xxx: Fix error return code in qla82xx_write_flash_dword() + - RDMA/mlx5: Recover from fatal event in dual port mode + - [x86] platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios + - ptrace: make ptrace() fail if the tracee changed its pid unexpectedly + - nvmet: seset ns->file when open fails + - locking/mutex: clear MUTEX_FLAGS if wait_list is empty due to signal + - cifs: fix memory leak in smb2_copychunk_range + - ALSA: dice: fix stream format for TC Electronic Konnekt Live at high + sampling transfer frequency + - ALSA: line6: Fix racy initialization of LINE6 MIDI + - ALSA: dice: fix stream format at middle sampling rate for Alesis iO 26 + - ALSA: usb-audio: Validate MS endpoint descriptors + - ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro + - [i386] Revert "ALSA: sb8: add a check for request_region" + - ALSA: hda/realtek: reset eapd coeff to default value for alc287 + - ALSA: hda/realtek: Add some CLOVE SSIDs of ALC293 + - [arm64] Revert "serial: mvebu-uart: Fix to avoid a potential NULL pointer + dereference" + - [x86] xen-pciback: reconfigure also from backend watch handler + - dm snapshot: fix crash with transient storage and zero chunk size + - [x86] Revert "video: hgafb: fix potential NULL pointer dereference" + - [arm64,armhf] Revert "net: stmicro: fix a missing check of clk_prepare" + - [armhf] Revert "leds: lp5523: fix a missing check of return value of + lp55xx_read" + - Revert "hwmon: (lm80) fix a missing check of bus read in lm80 probe" + - Revert "ecryptfs: replace BUG_ON with error handling code" + - Revert "rtlwifi: fix a potential NULL pointer dereference" + - Revert "qlcnic: Avoid potential NULL pointer dereference" + - Revert "niu: fix missing checks of niu_pci_eeprom_read" + - ethernet: sun: niu: fix missing checks of niu_pci_eeprom_read() + - [arm64,armhf] net: stmicro: handle clk_prepare() failure during init + - net: rtlwifi: properly check for alloc_workqueue() failure + - [armhf] leds: lp5523: check return value of lp5xx_read and jump to cleanup + code + - qlcnic: Add null check after calling netdev_alloc_skb + - [x86] video: hgafb: fix potential NULL pointer dereference + - vgacon: Record video mode changes with VT_RESIZEX + - vt: Fix character height handling with VT_RESIZEX + - tty: vt: always invoke vc->vc_sw->con_resize callback + - [x86] video: hgafb: correctly handle card detect failure during probe + - Bluetooth: SMP: Fail if remote and local public keys are identical + (CVE-2020-26558, CVE-2021-0129) + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.193 + - mm, vmstat: drop zone->lock in /proc/pagetypeinfo + - [arm64,armhf] usb: dwc3: gadget: Enable suspend events + - NFC: nci: fix memory leak in nci_allocate_device + - cifs: set server->cipher_type to AES-128-CCM for SMB3.0 + - NFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return() + - [amd64] iommu/vt-d: Fix sysfs leak in alloc_iommu() + - proc: Check /proc/$pid/attr/ writes against file opener + - net: hso: fix control-request directions + - mac80211: assure all fragments are encrypted (CVE-2020-26147) + - mac80211: prevent mixed key and fragment cache attacks (CVE-2020-24586, + CVE-2020-24587) + - mac80211: properly handle A-MSDUs that start with an RFC 1042 header + - cfg80211: mitigate A-MSDU aggregation attacks (CVE-2020-24588) + - mac80211: drop A-MSDUs on old ciphers (CVE-2020-24588) + - mac80211: add fragment cache to sta_info + - mac80211: check defrag PN against current frame + - mac80211: prevent attacks on TKIP/WEP as well + - mac80211: do not accept/forward invalid EAPOL frames (CVE-2020-26139) + - mac80211: extend protection against mixed key and fragment cache attacks + (CVE-2020-24586, CVE-2020-24587) + - ath10k: Validate first subframe of A-MSDU before processing the list + - dm snapshot: properly fix a crash when an origin has no snapshots + - misc/uss720: fix memory leak in uss720_probe + - [x86] thunderbolt: dma_port: Fix NVM read buffer bounds and offset issue + - [x86] mei: request autosuspend after sending rx flow control + - USB: trancevibrator: fix control-request direction + - USB: usbfs: Don't WARN about excessively large memory allocations + - serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait' + - USB: serial: ti_usb_3410_5052: add startech.com device id + - USB: serial: option: add Telit LE910-S1 compositions 0x7010, 0x7011 + - USB: serial: ftdi_sio: add IDs for IDS GmbH Products + - USB: serial: pl2303: add device id for ADLINK ND-6530 GC + - [arm64,armhf] usb: dwc3: gadget: Properly track pending and queued SG + - net: usb: fix memory leak in smsc75xx_bind + - bpf: extend is_branch_taken to registers + - bpf: Test_verifier, bpf_get_stack return value add <0 + - bpf, test_verifier: switch bpf_get_stack's 0 s> r8 test + - bpf: Move off_reg into sanitize_ptr_alu (CVE-2021-29155) + - bpf: Ensure off_reg has no mixed signed bounds for all types + (CVE-2021-29155) + - bpf: Rework ptr_limit into alu_limit and add common error path + (CVE-2021-29155) + - bpf: Improve verifier error messages for users (CVE-2021-29155) + - bpf: Refactor and streamline bounds check into helper (CVE-2021-29155) + - bpf: Move sanitize_val_alu out of op switch (CVE-2021-29155) + - bpf: Tighten speculative pointer arithmetic mask (CVE-2021-29155) + - bpf: Update selftests to reflect new error states + - bpf: Fix leakage of uninitialized bpf stack under speculation + (CVE-2021-31829) + - bpf: Wrap aux data inside bpf_sanitize_info container + - bpf: Fix mask direction swap upon off reg sign change + - bpf: No need to simulate speculative domain for immediates + - [armhf] spi: gpio: Don't leak SPI master in probe error path + - Bluetooth: cmtp: fix file refcount when cmtp_attach_device fails + - NFS: fix an incorrect limit in filelayout_decode_layout() + - NFS: Don't corrupt the value of pg_bytes_written in nfs_do_recoalesce() + - NFSv4: Fix v4.0/v4.1 SEEK_DATA return -ENOTSUPP when set NFS_V4_2 config + - [arm64] drm/meson: fix shutdown crash when component not probed + - net/mlx4: Fix EEPROM dump support + - Revert "net:tipc: Fix a double free in tipc_sk_mcast_rcv" + - tipc: skb_linearize the head skb when reassembling msgs + - [arm64,armhf] net: dsa: fix a crash if ->get_sset_count() fails + - [armhf] i2c: s3c2410: fix possible NULL pointer deref on read message + after write + - [x86] i2c: i801: Don't generate an interrupt on bus reset + - [x86] platform/x86: hp_accel: Avoid invoking _INI to speed up resume + - [x86] net: fujitsu: fix potential null-ptr-deref + - [x86] char: hpet: add checks after calling ioremap + - isdn: mISDNinfineon: check/cleanup ioremap failure correctly in setup_io + - [arm64] dmaengine: qcom_hidma: comment platform_driver_register call + - libertas: register sysfs groups properly + - media: dvb: Add check on sp8870_readreg return + - media: gspca: properly check for errors in po1030_probe() + - [x86] scsi: BusLogic: Fix 64-bit system enumeration error for Buslogic + - btrfs: do not BUG_ON in link_to_fixup_dir + - [x86] platform/x86: hp-wireless: add AMD's hardware id to the supported + list + - SMB3: incorrect file id in requests compounded with open + - drm/amd/amdgpu: fix refcount leak + - drm/amdgpu: Fix a use-after-free + - [arm64,armhf] net: dsa: fix error code getting shifted with 4 in + dsa_slave_get_sset_count + - [armhf] net: fec: fix the potential memory leak in fec_enet_init() + - [arm64] net: mdio: thunder: Fix a double free issue in the .remove + function + - [mips*] net: mdio: octeon: Fix some double free issues + - openvswitch: meter: fix race when getting now_ms. + - net: bnx2: Fix error return code in bnx2_init_board() + - mld: fix panic in mld_newpack() + - bpf: Set mac_len in bpf_skb_change_head + - ixgbe: fix large MTU request from VF + - scsi: libsas: Use _safe() loop in sas_resume_port() + - ipv6: record frag_max_size in atomic fragments in input path + - sch_dsmark: fix a NULL deref in qdisc_reset() + - hugetlbfs: hugetlb_fault_mutex_hash() cleanup + - drivers/net/ethernet: clean up unused assignments + - [arm64] net: hns3: check the return of skb_checksum_help() + - usb: core: reduce power-on-good delay time of root hub + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.194 + - net: usb: cdc_ncm: don't spew notifications (Closes: #989451) + - ALSA: usb: update old-style static const declaration + - nl80211: validate key indexes for cfg80211_registered_device + - efi: Allow EFI_MEMORY_XP and EFI_MEMORY_RO both to be cleared + - [arm64,x86] efi: cper: fix snprintf() use in cper_dimm_err_location() + - vfio/pci: Fix error return code in vfio_ecap_init() + - ipvs: ignore IP_VS_SVC_F_HASHED flag when adding service + - HID: pidff: fix error return code in hid_pidff_init() + - [arm64,x86] HID: i2c-hid: fix format string mismatch + - netfilter: nfnetlink_cthelper: hit EBUSY on updates if size mismatches + - ieee802154: fix error return code in ieee802154_add_iface() + - ieee802154: fix error return code in ieee802154_llsec_getparams() + - ixgbevf: add correct exception tracing for XDP + - tipc: add extack messages for bearer/media failure + - tipc: fix unique bearer names sanity check + - Bluetooth: fix the erroneous flush_work() order (CVE-2021-3564) + - Bluetooth: use correct lock to prevent UAF of hdev object (CVE-2021-3573) + - HID: multitouch: require Finger field to mark Win8 reports as MT + - ALSA: timer: Fix master timer notification + - ALSA: hda: Fix for mute key LED for HP Pavilion 15-CK0xx + - ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed + - [arm*] usb: dwc2: Fix build in periphal-only mode + - pid: take a reference when initializing `cad_pid` + - ocfs2: fix data corruption by fallocate + - nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect + (CVE-2021-3587) + - [x86] apic: Mark _all_ legacy interrupts when IO/APIC is missing + - btrfs: mark ordered extent and inode with error if we fail to finish + - btrfs: fix error handling in btrfs_del_csums + - btrfs: return errors from btrfs_del_csums in cleanup_ref_head + - btrfs: fixup error handling in fixup_inode_link_counts + - mm, hugetlb: fix simple resv_huge_pages underflow on UFFDIO_COPY + - bpf: Add BPF_F_ANY_ALIGNMENT. + - bnxt_en: Remove the setting of dev_port. + - perf/cgroups: Don't rotate events for cgroups unnecessarily + - perf/core: Fix corner case in perf_rotate_context() + - btrfs: fix unmountable seed device after fstrim + - [x86] KVM: SVM: Truncate GPR value for DR and CR accesses in !64-bit mode + - [arm64] KVM: Fix debug register indexing + - [arm64,x86] ACPI: probe ECDT before loading AML tables regardless of + module-level code flag + - [arm64,x86] ACPI: EC: Look for ECDT EC after calling acpi_load_tables() + - sched/fair: Optimize select_idle_cpu + - [x86] xen-pciback: redo VF placement in the virtual topology + + [ Salvatore Bonaccorso ] + * [rt] Update to 4.19.182-rt74 + * [rt] Add new signing key for Clark Williams + * [rt] Update to 4.19.184-rt75 + * Bump ABI to 17 + * [rt] Refresh "workqueue: Use normal rcu" + * [rt] Refresh "workqueue: Use local irq lock instead of irq disable" + * [rt] Refresh "workqueue: rework" + * [rt] Update to 4.19.188-rt77 + * [rt] Update to 4.19.190-rt79 + * [rt] Refresh "ptrace: fix ptrace vs tasklist_lock race" + * [rt] Update to 4.19.193-rt81 + * [rt] Refresh "kernel: sched: Provide a pointer to the valid CPU mask" + 4.19.181-1 [Fri, 19 Mar 2021 15:29:57 +0100] Salvatore Bonaccorso <carnil@debian.org>: * New upstream stable update: <http://piuparts.knut.univention.de/5.0-0/#62648134613097949>
OK: yaml OK: announce_errata OK: patch OK~: piuparts manual import of linux-latest and linux-signed-amd64 were necessary. piuparts was run several times to ensure the dependencies are correct -> Verified [5.0-0] 25b485a621 Bug #53474: add linux-signed-amd64.yaml doc/errata/staging/linux.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) [5.0-0] 7316f243cb Bug #53474: linux-latest 105+deb10u12 doc/errata/staging/linux.yaml | 1 + 1 file changed, 1 insertion(+) [5.0-0] 395ec756f0 Bug #53474: linux 4.19.194-1 doc/errata/staging/linux.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) [5.0-0] 89be9fedd8 Bug #53474: linux 4.19.194-1 doc/errata/staging/linux.yaml | 98 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 98 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x47> <https://errata.software-univention.de/#/?erratum=5.0x48> <https://errata.software-univention.de/#/?erratum=5.0x49>