====================================== Sat, 10 Sep 2022 - Debian 10.13 released ====================================== ========================================================================= [Date: Sat, 10 Sep 2022 10:40:42 -0000] [ftpmaster: Archive Administrator] Removed the following packages from oldstable: elog | 3.1.3-1-1 | source, amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x Closed bugs: 1010197 ------------------- Reason ------------------- RoQA; unmaintained; security issues ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 10 Sep 2022 10:41:02 -0000] [ftpmaster: Archive Administrator] Removed the following packages from oldstable: libnet-amazon-perl | 0.62-2 | source, all Closed bugs: 1018247 ------------------- Reason ------------------- RoQA; depends on removed API ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 10 Sep 2022 10:44:19 -0000] [ftpmaster: Archive Administrator] Removed the following packages from oldstable: affs-modules-4.19.0-18-4kc-malta-di | 4.19.208-1 | mips, mipsel affs-modules-4.19.0-18-5kc-malta-di | 4.19.208-1 | mips64el affs-modules-4.19.0-18-loongson-3-di | 4.19.208-1 | mips64el, mipsel affs-modules-4.19.0-18-octeon-di | 4.19.208-1 | mips, mips64el, mipsel ata-modules-4.19.0-18-4kc-malta-di | 4.19.208-1 | mips, mipsel ata-modules-4.19.0-18-5kc-malta-di | 4.19.208-1 | mips64el ata-modules-4.19.0-18-armmp-di | 4.19.208-1 | armhf ata-modules-4.19.0-18-loongson-3-di | 4.19.208-1 | mips64el, mipsel ata-modules-4.19.0-18-powerpc64le-di | 4.19.208-1 | ppc64el btrfs-modules-4.19.0-18-4kc-malta-di | 4.19.208-1 | mips, mipsel btrfs-modules-4.19.0-18-5kc-malta-di | 4.19.208-1 | mips64el btrfs-modules-4.19.0-18-armmp-di | 4.19.208-1 | armhf btrfs-modules-4.19.0-18-loongson-3-di | 4.19.208-1 | mips64el, mipsel btrfs-modules-4.19.0-18-marvell-di | 4.19.208-1 | armel btrfs-modules-4.19.0-18-octeon-di | 4.19.208-1 | mips, mips64el, mipsel btrfs-modules-4.19.0-18-powerpc64le-di | 4.19.208-1 | ppc64el btrfs-modules-4.19.0-18-s390x-di | 4.19.208-1 | s390x cdrom-core-modules-4.19.0-18-4kc-malta-di | 4.19.208-1 | mips, mipsel cdrom-core-modules-4.19.0-18-5kc-malta-di | 4.19.208-1 | mips64el cdrom-core-modules-4.19.0-18-armmp-di | 4.19.208-1 | armhf cdrom-core-modules-4.19.0-18-loongson-3-di | 4.19.208-1 | mips64el, mipsel cdrom-core-modules-4.19.0-18-marvell-di | 4.19.208-1 | armel cdrom-core-modules-4.19.0-18-octeon-di | 4.19.208-1 | mips, mips64el, mipsel cdrom-core-modules-4.19.0-18-powerpc64le-di | 4.19.208-1 | ppc64el cdrom-core-modules-4.19.0-18-s390x-di | 4.19.208-1 | s390x compress-modules-4.19.0-18-4kc-malta-di | 4.19.208-1 | mips, mipsel compress-modules-4.19.0-18-5kc-malta-di | 4.19.208-1 | mips64el compress-modules-4.19.0-18-armmp-di | 4.19.208-1 | armhf compress-modules-4.19.0-18-loongson-3-di | 4.19.208-1 | mips64el, mipsel compress-modules-4.19.0-18-marvell-di | 4.19.208-1 | armel compress-modules-4.19.0-18-octeon-di | 4.19.208-1 | mips, mips64el, mipsel compress-modules-4.19.0-18-powerpc64le-di | 4.19.208-1 | ppc64el compress-modules-4.19.0-18-s390x-di | 4.19.208-1 | s390x crc-modules-4.19.0-18-4kc-malta-di | 4.19.208-1 | mips, mipsel crc-modules-4.19.0-18-5kc-malta-di | 4.19.208-1 | mips64el crc-modules-4.19.0-18-armmp-di | 4.19.208-1 | armhf crc-modules-4.19.0-18-loongson-3-di | 4.19.208-1 | mips64el, mipsel crc-modules-4.19.0-18-marvell-di | 4.19.208-1 | armel crc-modules-4.19.0-18-octeon-di | 4.19.208-1 | mips, mips64el, mipsel crc-modules-4.19.0-18-powerpc64le-di | 4.19.208-1 | ppc64el crc-modules-4.19.0-18-s390x-di | 4.19.208-1 | s390x crypto-dm-modules-4.19.0-18-4kc-malta-di | 4.19.208-1 | mips, mipsel crypto-dm-modules-4.19.0-18-5kc-malta-di | 4.19.208-1 | mips64el crypto-dm-modules-4.19.0-18-armmp-di | 4.19.208-1 | armhf crypto-dm-modules-4.19.0-18-loongson-3-di | 4.19.208-1 | mips64el, mipsel crypto-dm-modules-4.19.0-18-marvell-di | 4.19.208-1 | armel crypto-dm-modules-4.19.0-18-octeon-di | 4.19.208-1 | mips, mips64el, mipsel crypto-dm-modules-4.19.0-18-powerpc64le-di | 4.19.208-1 | ppc64el crypto-dm-modules-4.19.0-18-s390x-di | 4.19.208-1 | s390x crypto-modules-4.19.0-18-4kc-malta-di | 4.19.208-1 | mips, mipsel crypto-modules-4.19.0-18-5kc-malta-di | 4.19.208-1 | mips64el crypto-modules-4.19.0-18-armmp-di | 4.19.208-1 | armhf crypto-modules-4.19.0-18-loongson-3-di | 4.19.208-1 | mips64el, mipsel crypto-modules-4.19.0-18-marvell-di | 4.19.208-1 | armel crypto-modules-4.19.0-18-octeon-di | 4.19.208-1 | mips, mips64el, mipsel crypto-modules-4.19.0-18-powerpc64le-di | 4.19.208-1 | ppc64el crypto-modules-4.19.0-18-s390x-di | 4.19.208-1 | s390x dasd-extra-modules-4.19.0-18-s390x-di | 4.19.208-1 | s390x dasd-modules-4.19.0-18-s390x-di | 4.19.208-1 | s390x efi-modules-4.19.0-18-armmp-di | 4.19.208-1 | armhf event-modules-4.19.0-18-4kc-malta-di | 4.19.208-1 | mips, mipsel event-modules-4.19.0-18-5kc-malta-di | 4.19.208-1 | mips64el event-modules-4.19.0-18-armmp-di | 4.19.208-1 | armhf event-modules-4.19.0-18-loongson-3-di | 4.19.208-1 | mips64el, mipsel event-modules-4.19.0-18-marvell-di | 4.19.208-1 | armel event-modules-4.19.0-18-octeon-di | 4.19.208-1 | mips, mips64el, mipsel event-modules-4.19.0-18-powerpc64le-di | 4.19.208-1 | ppc64el ext4-modules-4.19.0-18-4kc-malta-di | 4.19.208-1 | mips, mipsel ext4-modules-4.19.0-18-5kc-malta-di | 4.19.208-1 | mips64el ext4-modules-4.19.0-18-armmp-di | 4.19.208-1 | armhf ext4-modules-4.19.0-18-loongson-3-di | 4.19.208-1 | mips64el, mipsel ext4-modules-4.19.0-18-marvell-di | 4.19.208-1 | armel ext4-modules-4.19.0-18-octeon-di | 4.19.208-1 | mips, mips64el, mipsel ext4-modules-4.19.0-18-powerpc64le-di | 4.19.208-1 | ppc64el ext4-modules-4.19.0-18-s390x-di | 4.19.208-1 | s390x fancontrol-modules-4.19.0-18-powerpc64le-di | 4.19.208-1 | ppc64el fat-modules-4.19.0-18-4kc-malta-di | 4.19.208-1 | mips, mipsel fat-modules-4.19.0-18-5kc-malta-di | 4.19.208-1 | mips64el fat-modules-4.19.0-18-armmp-di | 4.19.208-1 | armhf fat-modules-4.19.0-18-loongson-3-di | 4.19.208-1 | mips64el, mipsel fat-modules-4.19.0-18-marvell-di | 4.19.208-1 | armel fat-modules-4.19.0-18-octeon-di | 4.19.208-1 | mips, mips64el, mipsel fat-modules-4.19.0-18-powerpc64le-di | 4.19.208-1 | ppc64el fat-modules-4.19.0-18-s390x-di | 4.19.208-1 | s390x fb-modules-4.19.0-18-4kc-malta-di | 4.19.208-1 | mips, mipsel fb-modules-4.19.0-18-5kc-malta-di | 4.19.208-1 | mips64el fb-modules-4.19.0-18-armmp-di | 4.19.208-1 | armhf fb-modules-4.19.0-18-loongson-3-di | 4.19.208-1 | mips64el, mipsel fb-modules-4.19.0-18-marvell-di | 4.19.208-1 | armel fb-modules-4.19.0-18-powerpc64le-di | 4.19.208-1 | ppc64el firewire-core-modules-4.19.0-18-loongson-3-di | 4.19.208-1 | mips64el, mipsel firewire-core-modules-4.19.0-18-powerpc64le-di | 4.19.208-1 | ppc64el fuse-modules-4.19.0-18-4kc-malta-di | 4.19.208-1 | mips, mipsel fuse-modules-4.19.0-18-5kc-malta-di | 4.19.208-1 | mips64el fuse-modules-4.19.0-18-armmp-di | 4.19.208-1 | armhf fuse-modules-4.19.0-18-loongson-3-di | 4.19.208-1 | mips64el, mipsel fuse-modules-4.19.0-18-marvell-di | 4.19.208-1 | armel fuse-modules-4.19.0-18-octeon-di | 4.19.208-1 | mips, mips64el, mipsel fuse-modules-4.19.0-18-powerpc64le-di | 4.19.208-1 | ppc64el fuse-modules-4.19.0-18-s390x-di | 4.19.208-1 | s390x hfs-modules-4.19.0-18-4kc-malta-di | 4.19.208-1 | mips, mipsel hfs-modules-4.19.0-18-5kc-malta-di | 4.19.208-1 | mips64el hfs-modules-4.19.0-18-loongson-3-di | 4.19.208-1 | mips64el, mipsel hfs-modules-4.19.0-18-octeon-di | 4.19.208-1 | mips, mips64el, mipsel hypervisor-modules-4.19.0-18-powerpc64le-di | 4.19.208-1 | ppc64el i2c-modules-4.19.0-18-4kc-malta-di | 4.19.208-1 | mips, mipsel i2c-modules-4.19.0-18-5kc-malta-di | 4.19.208-1 | mips64el i2c-modules-4.19.0-18-armmp-di | 4.19.208-1 | armhf i2c-modules-4.19.0-18-powerpc64le-di | 4.19.208-1 | ppc64el input-modules-4.19.0-18-4kc-malta-di | 4.19.208-1 | mips, mipsel input-modules-4.19.0-18-5kc-malta-di | 4.19.208-1 | mips64el input-modules-4.19.0-18-armmp-di | 4.19.208-1 | armhf input-modules-4.19.0-18-loongson-3-di | 4.19.208-1 | mips64el, mipsel input-modules-4.19.0-18-marvell-di | 4.19.208-1 | armel input-modules-4.19.0-18-octeon-di | 4.19.208-1 | mips, mips64el, mipsel input-modules-4.19.0-18-powerpc64le-di | 4.19.208-1 | ppc64el ipv6-modules-4.19.0-18-marvell-di | 4.19.208-1 | armel isofs-modules-4.19.0-18-4kc-malta-di | 4.19.208-1 | mips, mipsel isofs-modules-4.19.0-18-5kc-malta-di | 4.19.208-1 | mips64el isofs-modules-4.19.0-18-armmp-di | 4.19.208-1 | armhf isofs-modules-4.19.0-18-loongson-3-di | 4.19.208-1 | mips64el, mipsel isofs-modules-4.19.0-18-marvell-di | 4.19.208-1 | armel isofs-modules-4.19.0-18-octeon-di | 4.19.208-1 | mips, mips64el, mipsel isofs-modules-4.19.0-18-powerpc64le-di | 4.19.208-1 | ppc64el isofs-modules-4.19.0-18-s390x-di | 4.19.208-1 | s390x jffs2-modules-4.19.0-18-marvell-di | 4.19.208-1 | armel jfs-modules-4.19.0-18-4kc-malta-di | 4.19.208-1 | mips, mipsel jfs-modules-4.19.0-18-5kc-malta-di | 4.19.208-1 | mips64el jfs-modules-4.19.0-18-armmp-di | 4.19.208-1 | armhf jfs-modules-4.19.0-18-loongson-3-di | 4.19.208-1 | mips64el, mipsel jfs-modules-4.19.0-18-marvell-di | 4.19.208-1 | armel jfs-modules-4.19.0-18-octeon-di | 4.19.208-1 | mips, mips64el, mipsel jfs-modules-4.19.0-18-powerpc64le-di | 4.19.208-1 | ppc64el kernel-image-4.19.0-18-4kc-malta-di | 4.19.208-1 | mips, mipsel kernel-image-4.19.0-18-5kc-malta-di | 4.19.208-1 | mips64el kernel-image-4.19.0-18-armmp-di | 4.19.208-1 | armhf kernel-image-4.19.0-18-loongson-3-di | 4.19.208-1 | mips64el, mipsel kernel-image-4.19.0-18-marvell-di | 4.19.208-1 | armel kernel-image-4.19.0-18-octeon-di | 4.19.208-1 | mips, mips64el, mipsel kernel-image-4.19.0-18-powerpc64le-di | 4.19.208-1 | ppc64el kernel-image-4.19.0-18-s390x-di | 4.19.208-1 | s390x leds-modules-4.19.0-18-armmp-di | 4.19.208-1 | armhf leds-modules-4.19.0-18-marvell-di | 4.19.208-1 | armel liblockdep-dev | 4.19.208-1 | amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x liblockdep4.19 | 4.19.208-1 | amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x linux-doc-4.19 | 4.19.208-1 | all linux-headers-4.19.0-18-4kc-malta | 4.19.208-1 | mips, mipsel linux-headers-4.19.0-18-5kc-malta | 4.19.208-1 | mips, mips64el, mipsel linux-headers-4.19.0-18-686 | 4.19.208-1 | i386 linux-headers-4.19.0-18-686-pae | 4.19.208-1 | i386 linux-headers-4.19.0-18-all | 4.19.208-1 | amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x linux-headers-4.19.0-18-all-amd64 | 4.19.208-1 | amd64 linux-headers-4.19.0-18-all-arm64 | 4.19.208-1 | arm64 linux-headers-4.19.0-18-all-armel | 4.19.208-1 | armel linux-headers-4.19.0-18-all-armhf | 4.19.208-1 | armhf linux-headers-4.19.0-18-all-i386 | 4.19.208-1 | i386 linux-headers-4.19.0-18-all-mips | 4.19.208-1 | mips linux-headers-4.19.0-18-all-mips64el | 4.19.208-1 | mips64el linux-headers-4.19.0-18-all-mipsel | 4.19.208-1 | mipsel linux-headers-4.19.0-18-all-ppc64el | 4.19.208-1 | ppc64el linux-headers-4.19.0-18-all-s390x | 4.19.208-1 | s390x linux-headers-4.19.0-18-amd64 | 4.19.208-1 | amd64 linux-headers-4.19.0-18-arm64 | 4.19.208-1 | arm64 linux-headers-4.19.0-18-armmp | 4.19.208-1 | armhf linux-headers-4.19.0-18-armmp-lpae | 4.19.208-1 | armhf linux-headers-4.19.0-18-cloud-amd64 | 4.19.208-1 | amd64 linux-headers-4.19.0-18-common | 4.19.208-1 | all linux-headers-4.19.0-18-common-rt | 4.19.208-1 | all linux-headers-4.19.0-18-loongson-3 | 4.19.208-1 | mips64el, mipsel linux-headers-4.19.0-18-marvell | 4.19.208-1 | armel linux-headers-4.19.0-18-octeon | 4.19.208-1 | mips, mips64el, mipsel linux-headers-4.19.0-18-powerpc64le | 4.19.208-1 | ppc64el linux-headers-4.19.0-18-rpi | 4.19.208-1 | armel linux-headers-4.19.0-18-rt-686-pae | 4.19.208-1 | i386 linux-headers-4.19.0-18-rt-amd64 | 4.19.208-1 | amd64 linux-headers-4.19.0-18-rt-arm64 | 4.19.208-1 | arm64 linux-headers-4.19.0-18-rt-armmp | 4.19.208-1 | armhf linux-headers-4.19.0-18-s390x | 4.19.208-1 | s390x linux-image-4.19.0-18-4kc-malta | 4.19.208-1 | mips, mipsel linux-image-4.19.0-18-4kc-malta-dbg | 4.19.208-1 | mips, mipsel linux-image-4.19.0-18-5kc-malta | 4.19.208-1 | mips, mips64el, mipsel linux-image-4.19.0-18-5kc-malta-dbg | 4.19.208-1 | mips, mips64el, mipsel linux-image-4.19.0-18-686-dbg | 4.19.208-1 | i386 linux-image-4.19.0-18-686-pae-dbg | 4.19.208-1 | i386 linux-image-4.19.0-18-686-pae-unsigned | 4.19.208-1 | i386 linux-image-4.19.0-18-686-unsigned | 4.19.208-1 | i386 linux-image-4.19.0-18-amd64-dbg | 4.19.208-1 | amd64 linux-image-4.19.0-18-amd64-unsigned | 4.19.208-1 | amd64 linux-image-4.19.0-18-arm64-dbg | 4.19.208-1 | arm64 linux-image-4.19.0-18-arm64-unsigned | 4.19.208-1 | arm64 linux-image-4.19.0-18-armmp | 4.19.208-1 | armhf linux-image-4.19.0-18-armmp-dbg | 4.19.208-1 | armhf linux-image-4.19.0-18-armmp-lpae | 4.19.208-1 | armhf linux-image-4.19.0-18-armmp-lpae-dbg | 4.19.208-1 | armhf linux-image-4.19.0-18-cloud-amd64-dbg | 4.19.208-1 | amd64 linux-image-4.19.0-18-cloud-amd64-unsigned | 4.19.208-1 | amd64 linux-image-4.19.0-18-loongson-3 | 4.19.208-1 | mips64el, mipsel linux-image-4.19.0-18-loongson-3-dbg | 4.19.208-1 | mips64el, mipsel linux-image-4.19.0-18-marvell | 4.19.208-1 | armel linux-image-4.19.0-18-marvell-dbg | 4.19.208-1 | armel linux-image-4.19.0-18-octeon | 4.19.208-1 | mips, mips64el, mipsel linux-image-4.19.0-18-octeon-dbg | 4.19.208-1 | mips, mips64el, mipsel linux-image-4.19.0-18-powerpc64le | 4.19.208-1 | ppc64el linux-image-4.19.0-18-powerpc64le-dbg | 4.19.208-1 | ppc64el linux-image-4.19.0-18-rpi | 4.19.208-1 | armel linux-image-4.19.0-18-rpi-dbg | 4.19.208-1 | armel linux-image-4.19.0-18-rt-686-pae-dbg | 4.19.208-1 | i386 linux-image-4.19.0-18-rt-686-pae-unsigned | 4.19.208-1 | i386 linux-image-4.19.0-18-rt-amd64-dbg | 4.19.208-1 | amd64 linux-image-4.19.0-18-rt-amd64-unsigned | 4.19.208-1 | amd64 linux-image-4.19.0-18-rt-arm64-dbg | 4.19.208-1 | arm64 linux-image-4.19.0-18-rt-arm64-unsigned | 4.19.208-1 | arm64 linux-image-4.19.0-18-rt-armmp | 4.19.208-1 | armhf linux-image-4.19.0-18-rt-armmp-dbg | 4.19.208-1 | armhf linux-image-4.19.0-18-s390x | 4.19.208-1 | s390x linux-image-4.19.0-18-s390x-dbg | 4.19.208-1 | s390x linux-source-4.19 | 4.19.208-1 | all linux-support-4.19.0-18 | 4.19.208-1 | all lockdep | 4.19.208-1 | all loop-modules-4.19.0-18-4kc-malta-di | 4.19.208-1 | mips, mipsel loop-modules-4.19.0-18-5kc-malta-di | 4.19.208-1 | mips64el loop-modules-4.19.0-18-armmp-di | 4.19.208-1 | armhf loop-modules-4.19.0-18-loongson-3-di | 4.19.208-1 | mips64el, mipsel loop-modules-4.19.0-18-marvell-di | 4.19.208-1 | armel loop-modules-4.19.0-18-octeon-di | 4.19.208-1 | mips, mips64el, mipsel loop-modules-4.19.0-18-powerpc64le-di | 4.19.208-1 | ppc64el loop-modules-4.19.0-18-s390x-di | 4.19.208-1 | s390x md-modules-4.19.0-18-4kc-malta-di | 4.19.208-1 | mips, mipsel md-modules-4.19.0-18-5kc-malta-di | 4.19.208-1 | mips64el md-modules-4.19.0-18-armmp-di | 4.19.208-1 | armhf md-modules-4.19.0-18-loongson-3-di | 4.19.208-1 | mips64el, mipsel md-modules-4.19.0-18-marvell-di | 4.19.208-1 | armel md-modules-4.19.0-18-octeon-di | 4.19.208-1 | mips, mips64el, mipsel md-modules-4.19.0-18-powerpc64le-di | 4.19.208-1 | ppc64el md-modules-4.19.0-18-s390x-di | 4.19.208-1 | s390x minix-modules-4.19.0-18-4kc-malta-di | 4.19.208-1 | mips, mipsel minix-modules-4.19.0-18-5kc-malta-di | 4.19.208-1 | mips64el minix-modules-4.19.0-18-loongson-3-di | 4.19.208-1 | mips64el, mipsel minix-modules-4.19.0-18-marvell-di | 4.19.208-1 | armel minix-modules-4.19.0-18-octeon-di | 4.19.208-1 | mips, mips64el, mipsel mmc-core-modules-4.19.0-18-4kc-malta-di | 4.19.208-1 | mips, mipsel mmc-core-modules-4.19.0-18-5kc-malta-di | 4.19.208-1 | mips64el mmc-core-modules-4.19.0-18-marvell-di | 4.19.208-1 | armel mmc-modules-4.19.0-18-4kc-malta-di | 4.19.208-1 | mips, mipsel mmc-modules-4.19.0-18-5kc-malta-di | 4.19.208-1 | mips64el mmc-modules-4.19.0-18-armmp-di | 4.19.208-1 | armhf mmc-modules-4.19.0-18-marvell-di | 4.19.208-1 | armel mouse-modules-4.19.0-18-4kc-malta-di | 4.19.208-1 | mips, mipsel mouse-modules-4.19.0-18-5kc-malta-di | 4.19.208-1 | mips64el mouse-modules-4.19.0-18-marvell-di | 4.19.208-1 | armel mouse-modules-4.19.0-18-powerpc64le-di | 4.19.208-1 | ppc64el mtd-core-modules-4.19.0-18-4kc-malta-di | 4.19.208-1 | mips, mipsel mtd-core-modules-4.19.0-18-5kc-malta-di | 4.19.208-1 | mips64el mtd-core-modules-4.19.0-18-loongson-3-di | 4.19.208-1 | mips64el, mipsel mtd-core-modules-4.19.0-18-marvell-di | 4.19.208-1 | armel mtd-core-modules-4.19.0-18-powerpc64le-di | 4.19.208-1 | ppc64el mtd-core-modules-4.19.0-18-s390x-di | 4.19.208-1 | s390x mtd-modules-4.19.0-18-armmp-di | 4.19.208-1 | armhf mtd-modules-4.19.0-18-marvell-di | 4.19.208-1 | armel multipath-modules-4.19.0-18-4kc-malta-di | 4.19.208-1 | mips, mipsel multipath-modules-4.19.0-18-5kc-malta-di | 4.19.208-1 | mips64el multipath-modules-4.19.0-18-armmp-di | 4.19.208-1 | armhf multipath-modules-4.19.0-18-loongson-3-di | 4.19.208-1 | mips64el, mipsel multipath-modules-4.19.0-18-marvell-di | 4.19.208-1 | armel multipath-modules-4.19.0-18-octeon-di | 4.19.208-1 | mips, mips64el, mipsel multipath-modules-4.19.0-18-powerpc64le-di | 4.19.208-1 | ppc64el multipath-modules-4.19.0-18-s390x-di | 4.19.208-1 | s390x nbd-modules-4.19.0-18-4kc-malta-di | 4.19.208-1 | mips, mipsel nbd-modules-4.19.0-18-5kc-malta-di | 4.19.208-1 | mips64el nbd-modules-4.19.0-18-armmp-di | 4.19.208-1 | armhf nbd-modules-4.19.0-18-loongson-3-di | 4.19.208-1 | mips64el, mipsel nbd-modules-4.19.0-18-marvell-di | 4.19.208-1 | armel nbd-modules-4.19.0-18-octeon-di | 4.19.208-1 | mips, mips64el, mipsel nbd-modules-4.19.0-18-powerpc64le-di | 4.19.208-1 | ppc64el nbd-modules-4.19.0-18-s390x-di | 4.19.208-1 | s390x nfs-modules-4.19.0-18-loongson-3-di | 4.19.208-1 | mips64el, mipsel nic-modules-4.19.0-18-4kc-malta-di | 4.19.208-1 | mips, mipsel nic-modules-4.19.0-18-5kc-malta-di | 4.19.208-1 | mips64el nic-modules-4.19.0-18-armmp-di | 4.19.208-1 | armhf nic-modules-4.19.0-18-loongson-3-di | 4.19.208-1 | mips64el, mipsel nic-modules-4.19.0-18-marvell-di | 4.19.208-1 | armel nic-modules-4.19.0-18-octeon-di | 4.19.208-1 | mips, mips64el, mipsel nic-modules-4.19.0-18-powerpc64le-di | 4.19.208-1 | ppc64el nic-modules-4.19.0-18-s390x-di | 4.19.208-1 | s390x nic-shared-modules-4.19.0-18-4kc-malta-di | 4.19.208-1 | mips, mipsel nic-shared-modules-4.19.0-18-5kc-malta-di | 4.19.208-1 | mips64el nic-shared-modules-4.19.0-18-armmp-di | 4.19.208-1 | armhf nic-shared-modules-4.19.0-18-loongson-3-di | 4.19.208-1 | mips64el, mipsel nic-shared-modules-4.19.0-18-marvell-di | 4.19.208-1 | armel nic-shared-modules-4.19.0-18-octeon-di | 4.19.208-1 | mips, mips64el, mipsel nic-shared-modules-4.19.0-18-powerpc64le-di | 4.19.208-1 | ppc64el nic-usb-modules-4.19.0-18-4kc-malta-di | 4.19.208-1 | mips, mipsel nic-usb-modules-4.19.0-18-5kc-malta-di | 4.19.208-1 | mips64el nic-usb-modules-4.19.0-18-armmp-di | 4.19.208-1 | armhf nic-usb-modules-4.19.0-18-loongson-3-di | 4.19.208-1 | mips64el, mipsel nic-usb-modules-4.19.0-18-marvell-di | 4.19.208-1 | armel nic-usb-modules-4.19.0-18-octeon-di | 4.19.208-1 | mips, mips64el, mipsel nic-usb-modules-4.19.0-18-powerpc64le-di | 4.19.208-1 | ppc64el nic-wireless-modules-4.19.0-18-4kc-malta-di | 4.19.208-1 | mips, mipsel nic-wireless-modules-4.19.0-18-5kc-malta-di | 4.19.208-1 | mips64el nic-wireless-modules-4.19.0-18-armmp-di | 4.19.208-1 | armhf nic-wireless-modules-4.19.0-18-loongson-3-di | 4.19.208-1 | mips64el, mipsel nic-wireless-modules-4.19.0-18-octeon-di | 4.19.208-1 | mips, mips64el, mipsel nic-wireless-modules-4.19.0-18-powerpc64le-di | 4.19.208-1 | ppc64el pata-modules-4.19.0-18-4kc-malta-di | 4.19.208-1 | mips, mipsel pata-modules-4.19.0-18-5kc-malta-di | 4.19.208-1 | mips64el pata-modules-4.19.0-18-armmp-di | 4.19.208-1 | armhf pata-modules-4.19.0-18-loongson-3-di | 4.19.208-1 | mips64el, mipsel pata-modules-4.19.0-18-octeon-di | 4.19.208-1 | mips, mips64el, mipsel ppp-modules-4.19.0-18-4kc-malta-di | 4.19.208-1 | mips, mipsel ppp-modules-4.19.0-18-5kc-malta-di | 4.19.208-1 | mips64el ppp-modules-4.19.0-18-armmp-di | 4.19.208-1 | armhf ppp-modules-4.19.0-18-loongson-3-di | 4.19.208-1 | mips64el, mipsel ppp-modules-4.19.0-18-marvell-di | 4.19.208-1 | armel ppp-modules-4.19.0-18-octeon-di | 4.19.208-1 | mips, mips64el, mipsel ppp-modules-4.19.0-18-powerpc64le-di | 4.19.208-1 | ppc64el rtc-modules-4.19.0-18-octeon-di | 4.19.208-1 | mips, mips64el, mipsel sata-modules-4.19.0-18-4kc-malta-di | 4.19.208-1 | mips, mipsel sata-modules-4.19.0-18-5kc-malta-di | 4.19.208-1 | mips64el sata-modules-4.19.0-18-armmp-di | 4.19.208-1 | armhf sata-modules-4.19.0-18-loongson-3-di | 4.19.208-1 | mips64el, mipsel sata-modules-4.19.0-18-marvell-di | 4.19.208-1 | armel sata-modules-4.19.0-18-octeon-di | 4.19.208-1 | mips, mips64el, mipsel sata-modules-4.19.0-18-powerpc64le-di | 4.19.208-1 | ppc64el scsi-core-modules-4.19.0-18-4kc-malta-di | 4.19.208-1 | mips, mipsel scsi-core-modules-4.19.0-18-5kc-malta-di | 4.19.208-1 | mips64el scsi-core-modules-4.19.0-18-armmp-di | 4.19.208-1 | armhf scsi-core-modules-4.19.0-18-loongson-3-di | 4.19.208-1 | mips64el, mipsel scsi-core-modules-4.19.0-18-marvell-di | 4.19.208-1 | armel scsi-core-modules-4.19.0-18-octeon-di | 4.19.208-1 | mips, mips64el, mipsel scsi-core-modules-4.19.0-18-powerpc64le-di | 4.19.208-1 | ppc64el scsi-core-modules-4.19.0-18-s390x-di | 4.19.208-1 | s390x scsi-modules-4.19.0-18-4kc-malta-di | 4.19.208-1 | mips, mipsel scsi-modules-4.19.0-18-5kc-malta-di | 4.19.208-1 | mips64el scsi-modules-4.19.0-18-armmp-di | 4.19.208-1 | armhf scsi-modules-4.19.0-18-loongson-3-di | 4.19.208-1 | mips64el, mipsel scsi-modules-4.19.0-18-octeon-di | 4.19.208-1 | mips, mips64el, mipsel scsi-modules-4.19.0-18-powerpc64le-di | 4.19.208-1 | ppc64el scsi-modules-4.19.0-18-s390x-di | 4.19.208-1 | s390x scsi-nic-modules-4.19.0-18-4kc-malta-di | 4.19.208-1 | mips, mipsel scsi-nic-modules-4.19.0-18-5kc-malta-di | 4.19.208-1 | mips64el scsi-nic-modules-4.19.0-18-armmp-di | 4.19.208-1 | armhf scsi-nic-modules-4.19.0-18-loongson-3-di | 4.19.208-1 | mips64el, mipsel scsi-nic-modules-4.19.0-18-octeon-di | 4.19.208-1 | mips, mips64el, mipsel scsi-nic-modules-4.19.0-18-powerpc64le-di | 4.19.208-1 | ppc64el serial-modules-4.19.0-18-powerpc64le-di | 4.19.208-1 | ppc64el sound-modules-4.19.0-18-4kc-malta-di | 4.19.208-1 | mips, mipsel sound-modules-4.19.0-18-5kc-malta-di | 4.19.208-1 | mips64el sound-modules-4.19.0-18-loongson-3-di | 4.19.208-1 | mips64el, mipsel sound-modules-4.19.0-18-octeon-di | 4.19.208-1 | mips, mips64el, mipsel speakup-modules-4.19.0-18-loongson-3-di | 4.19.208-1 | mips64el, mipsel squashfs-modules-4.19.0-18-4kc-malta-di | 4.19.208-1 | mips, mipsel squashfs-modules-4.19.0-18-5kc-malta-di | 4.19.208-1 | mips64el squashfs-modules-4.19.0-18-armmp-di | 4.19.208-1 | armhf squashfs-modules-4.19.0-18-loongson-3-di | 4.19.208-1 | mips64el, mipsel squashfs-modules-4.19.0-18-marvell-di | 4.19.208-1 | armel squashfs-modules-4.19.0-18-octeon-di | 4.19.208-1 | mips, mips64el, mipsel squashfs-modules-4.19.0-18-powerpc64le-di | 4.19.208-1 | ppc64el udf-modules-4.19.0-18-4kc-malta-di | 4.19.208-1 | mips, mipsel udf-modules-4.19.0-18-5kc-malta-di | 4.19.208-1 | mips64el udf-modules-4.19.0-18-armmp-di | 4.19.208-1 | armhf udf-modules-4.19.0-18-loongson-3-di | 4.19.208-1 | mips64el, mipsel udf-modules-4.19.0-18-marvell-di | 4.19.208-1 | armel udf-modules-4.19.0-18-octeon-di | 4.19.208-1 | mips, mips64el, mipsel udf-modules-4.19.0-18-powerpc64le-di | 4.19.208-1 | ppc64el udf-modules-4.19.0-18-s390x-di | 4.19.208-1 | s390x uinput-modules-4.19.0-18-armmp-di | 4.19.208-1 | armhf uinput-modules-4.19.0-18-marvell-di | 4.19.208-1 | armel uinput-modules-4.19.0-18-powerpc64le-di | 4.19.208-1 | ppc64el usb-modules-4.19.0-18-4kc-malta-di | 4.19.208-1 | mips, mipsel usb-modules-4.19.0-18-5kc-malta-di | 4.19.208-1 | mips64el usb-modules-4.19.0-18-armmp-di | 4.19.208-1 | armhf usb-modules-4.19.0-18-loongson-3-di | 4.19.208-1 | mips64el, mipsel usb-modules-4.19.0-18-marvell-di | 4.19.208-1 | armel usb-modules-4.19.0-18-octeon-di | 4.19.208-1 | mips, mips64el, mipsel usb-modules-4.19.0-18-powerpc64le-di | 4.19.208-1 | ppc64el usb-serial-modules-4.19.0-18-4kc-malta-di | 4.19.208-1 | mips, mipsel usb-serial-modules-4.19.0-18-5kc-malta-di | 4.19.208-1 | mips64el usb-serial-modules-4.19.0-18-armmp-di | 4.19.208-1 | armhf usb-serial-modules-4.19.0-18-loongson-3-di | 4.19.208-1 | mips64el, mipsel usb-serial-modules-4.19.0-18-marvell-di | 4.19.208-1 | armel usb-serial-modules-4.19.0-18-octeon-di | 4.19.208-1 | mips, mips64el, mipsel usb-serial-modules-4.19.0-18-powerpc64le-di | 4.19.208-1 | ppc64el usb-storage-modules-4.19.0-18-4kc-malta-di | 4.19.208-1 | mips, mipsel usb-storage-modules-4.19.0-18-5kc-malta-di | 4.19.208-1 | mips64el usb-storage-modules-4.19.0-18-armmp-di | 4.19.208-1 | armhf usb-storage-modules-4.19.0-18-loongson-3-di | 4.19.208-1 | mips64el, mipsel usb-storage-modules-4.19.0-18-marvell-di | 4.19.208-1 | armel usb-storage-modules-4.19.0-18-octeon-di | 4.19.208-1 | mips, mips64el, mipsel usb-storage-modules-4.19.0-18-powerpc64le-di | 4.19.208-1 | ppc64el xfs-modules-4.19.0-18-4kc-malta-di | 4.19.208-1 | mips, mipsel xfs-modules-4.19.0-18-5kc-malta-di | 4.19.208-1 | mips64el xfs-modules-4.19.0-18-loongson-3-di | 4.19.208-1 | mips64el, mipsel xfs-modules-4.19.0-18-octeon-di | 4.19.208-1 | mips, mips64el, mipsel xfs-modules-4.19.0-18-powerpc64le-di | 4.19.208-1 | ppc64el xfs-modules-4.19.0-18-s390x-di | 4.19.208-1 | s390x zlib-modules-4.19.0-18-4kc-malta-di | 4.19.208-1 | mips, mipsel zlib-modules-4.19.0-18-5kc-malta-di | 4.19.208-1 | mips64el zlib-modules-4.19.0-18-armmp-di | 4.19.208-1 | armhf zlib-modules-4.19.0-18-loongson-3-di | 4.19.208-1 | mips64el, mipsel zlib-modules-4.19.0-18-marvell-di | 4.19.208-1 | armel zlib-modules-4.19.0-18-octeon-di | 4.19.208-1 | mips, mips64el, mipsel zlib-modules-4.19.0-18-s390x-di | 4.19.208-1 | s390x ------------------- Reason ------------------- [auto-cruft] old Linux ABI ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 10 Sep 2022 10:45:25 -0000] [ftpmaster: Archive Administrator] Removed the following packages from oldstable: acpi-modules-4.19.0-18-686-di | 4.19.208-1 | i386 acpi-modules-4.19.0-18-686-pae-di | 4.19.208-1 | i386 acpi-modules-4.19.0-18-amd64-di | 4.19.208-1 | amd64 ata-modules-4.19.0-18-686-di | 4.19.208-1 | i386 ata-modules-4.19.0-18-686-pae-di | 4.19.208-1 | i386 ata-modules-4.19.0-18-amd64-di | 4.19.208-1 | amd64 ata-modules-4.19.0-18-arm64-di | 4.19.208-1 | arm64 btrfs-modules-4.19.0-18-686-di | 4.19.208-1 | i386 btrfs-modules-4.19.0-18-686-pae-di | 4.19.208-1 | i386 btrfs-modules-4.19.0-18-amd64-di | 4.19.208-1 | amd64 btrfs-modules-4.19.0-18-arm64-di | 4.19.208-1 | arm64 cdrom-core-modules-4.19.0-18-686-di | 4.19.208-1 | i386 cdrom-core-modules-4.19.0-18-686-pae-di | 4.19.208-1 | i386 cdrom-core-modules-4.19.0-18-amd64-di | 4.19.208-1 | amd64 cdrom-core-modules-4.19.0-18-arm64-di | 4.19.208-1 | arm64 compress-modules-4.19.0-18-686-di | 4.19.208-1 | i386 compress-modules-4.19.0-18-686-pae-di | 4.19.208-1 | i386 compress-modules-4.19.0-18-amd64-di | 4.19.208-1 | amd64 compress-modules-4.19.0-18-arm64-di | 4.19.208-1 | arm64 crc-modules-4.19.0-18-686-di | 4.19.208-1 | i386 crc-modules-4.19.0-18-686-pae-di | 4.19.208-1 | i386 crc-modules-4.19.0-18-amd64-di | 4.19.208-1 | amd64 crc-modules-4.19.0-18-arm64-di | 4.19.208-1 | arm64 crypto-dm-modules-4.19.0-18-686-di | 4.19.208-1 | i386 crypto-dm-modules-4.19.0-18-686-pae-di | 4.19.208-1 | i386 crypto-dm-modules-4.19.0-18-amd64-di | 4.19.208-1 | amd64 crypto-dm-modules-4.19.0-18-arm64-di | 4.19.208-1 | arm64 crypto-modules-4.19.0-18-686-di | 4.19.208-1 | i386 crypto-modules-4.19.0-18-686-pae-di | 4.19.208-1 | i386 crypto-modules-4.19.0-18-amd64-di | 4.19.208-1 | amd64 crypto-modules-4.19.0-18-arm64-di | 4.19.208-1 | arm64 efi-modules-4.19.0-18-686-di | 4.19.208-1 | i386 efi-modules-4.19.0-18-686-pae-di | 4.19.208-1 | i386 efi-modules-4.19.0-18-amd64-di | 4.19.208-1 | amd64 efi-modules-4.19.0-18-arm64-di | 4.19.208-1 | arm64 event-modules-4.19.0-18-686-di | 4.19.208-1 | i386 event-modules-4.19.0-18-686-pae-di | 4.19.208-1 | i386 event-modules-4.19.0-18-amd64-di | 4.19.208-1 | amd64 event-modules-4.19.0-18-arm64-di | 4.19.208-1 | arm64 ext4-modules-4.19.0-18-686-di | 4.19.208-1 | i386 ext4-modules-4.19.0-18-686-pae-di | 4.19.208-1 | i386 ext4-modules-4.19.0-18-amd64-di | 4.19.208-1 | amd64 ext4-modules-4.19.0-18-arm64-di | 4.19.208-1 | arm64 fat-modules-4.19.0-18-686-di | 4.19.208-1 | i386 fat-modules-4.19.0-18-686-pae-di | 4.19.208-1 | i386 fat-modules-4.19.0-18-amd64-di | 4.19.208-1 | amd64 fat-modules-4.19.0-18-arm64-di | 4.19.208-1 | arm64 fb-modules-4.19.0-18-686-di | 4.19.208-1 | i386 fb-modules-4.19.0-18-686-pae-di | 4.19.208-1 | i386 fb-modules-4.19.0-18-amd64-di | 4.19.208-1 | amd64 fb-modules-4.19.0-18-arm64-di | 4.19.208-1 | arm64 firewire-core-modules-4.19.0-18-686-di | 4.19.208-1 | i386 firewire-core-modules-4.19.0-18-686-pae-di | 4.19.208-1 | i386 firewire-core-modules-4.19.0-18-amd64-di | 4.19.208-1 | amd64 fuse-modules-4.19.0-18-686-di | 4.19.208-1 | i386 fuse-modules-4.19.0-18-686-pae-di | 4.19.208-1 | i386 fuse-modules-4.19.0-18-amd64-di | 4.19.208-1 | amd64 fuse-modules-4.19.0-18-arm64-di | 4.19.208-1 | arm64 i2c-modules-4.19.0-18-686-di | 4.19.208-1 | i386 i2c-modules-4.19.0-18-686-pae-di | 4.19.208-1 | i386 i2c-modules-4.19.0-18-amd64-di | 4.19.208-1 | amd64 i2c-modules-4.19.0-18-arm64-di | 4.19.208-1 | arm64 input-modules-4.19.0-18-686-di | 4.19.208-1 | i386 input-modules-4.19.0-18-686-pae-di | 4.19.208-1 | i386 input-modules-4.19.0-18-amd64-di | 4.19.208-1 | amd64 input-modules-4.19.0-18-arm64-di | 4.19.208-1 | arm64 isofs-modules-4.19.0-18-686-di | 4.19.208-1 | i386 isofs-modules-4.19.0-18-686-pae-di | 4.19.208-1 | i386 isofs-modules-4.19.0-18-amd64-di | 4.19.208-1 | amd64 isofs-modules-4.19.0-18-arm64-di | 4.19.208-1 | arm64 jfs-modules-4.19.0-18-686-di | 4.19.208-1 | i386 jfs-modules-4.19.0-18-686-pae-di | 4.19.208-1 | i386 jfs-modules-4.19.0-18-amd64-di | 4.19.208-1 | amd64 jfs-modules-4.19.0-18-arm64-di | 4.19.208-1 | arm64 kernel-image-4.19.0-18-686-di | 4.19.208-1 | i386 kernel-image-4.19.0-18-686-pae-di | 4.19.208-1 | i386 kernel-image-4.19.0-18-amd64-di | 4.19.208-1 | amd64 kernel-image-4.19.0-18-arm64-di | 4.19.208-1 | arm64 leds-modules-4.19.0-18-arm64-di | 4.19.208-1 | arm64 linux-image-4.19.0-18-686 | 4.19.208-1 | i386 linux-image-4.19.0-18-686-pae | 4.19.208-1 | i386 linux-image-4.19.0-18-amd64 | 4.19.208-1 | amd64 linux-image-4.19.0-18-arm64 | 4.19.208-1 | arm64 linux-image-4.19.0-18-cloud-amd64 | 4.19.208-1 | amd64 linux-image-4.19.0-18-rt-686-pae | 4.19.208-1 | i386 linux-image-4.19.0-18-rt-amd64 | 4.19.208-1 | amd64 linux-image-4.19.0-18-rt-arm64 | 4.19.208-1 | arm64 loop-modules-4.19.0-18-686-di | 4.19.208-1 | i386 loop-modules-4.19.0-18-686-pae-di | 4.19.208-1 | i386 loop-modules-4.19.0-18-amd64-di | 4.19.208-1 | amd64 loop-modules-4.19.0-18-arm64-di | 4.19.208-1 | arm64 md-modules-4.19.0-18-686-di | 4.19.208-1 | i386 md-modules-4.19.0-18-686-pae-di | 4.19.208-1 | i386 md-modules-4.19.0-18-amd64-di | 4.19.208-1 | amd64 md-modules-4.19.0-18-arm64-di | 4.19.208-1 | arm64 mmc-core-modules-4.19.0-18-686-di | 4.19.208-1 | i386 mmc-core-modules-4.19.0-18-686-pae-di | 4.19.208-1 | i386 mmc-core-modules-4.19.0-18-amd64-di | 4.19.208-1 | amd64 mmc-modules-4.19.0-18-686-di | 4.19.208-1 | i386 mmc-modules-4.19.0-18-686-pae-di | 4.19.208-1 | i386 mmc-modules-4.19.0-18-amd64-di | 4.19.208-1 | amd64 mmc-modules-4.19.0-18-arm64-di | 4.19.208-1 | arm64 mouse-modules-4.19.0-18-686-di | 4.19.208-1 | i386 mouse-modules-4.19.0-18-686-pae-di | 4.19.208-1 | i386 mouse-modules-4.19.0-18-amd64-di | 4.19.208-1 | amd64 mtd-core-modules-4.19.0-18-686-di | 4.19.208-1 | i386 mtd-core-modules-4.19.0-18-686-pae-di | 4.19.208-1 | i386 mtd-core-modules-4.19.0-18-amd64-di | 4.19.208-1 | amd64 mtd-core-modules-4.19.0-18-arm64-di | 4.19.208-1 | arm64 multipath-modules-4.19.0-18-686-di | 4.19.208-1 | i386 multipath-modules-4.19.0-18-686-pae-di | 4.19.208-1 | i386 multipath-modules-4.19.0-18-amd64-di | 4.19.208-1 | amd64 multipath-modules-4.19.0-18-arm64-di | 4.19.208-1 | arm64 nbd-modules-4.19.0-18-686-di | 4.19.208-1 | i386 nbd-modules-4.19.0-18-686-pae-di | 4.19.208-1 | i386 nbd-modules-4.19.0-18-amd64-di | 4.19.208-1 | amd64 nbd-modules-4.19.0-18-arm64-di | 4.19.208-1 | arm64 nic-modules-4.19.0-18-686-di | 4.19.208-1 | i386 nic-modules-4.19.0-18-686-pae-di | 4.19.208-1 | i386 nic-modules-4.19.0-18-amd64-di | 4.19.208-1 | amd64 nic-modules-4.19.0-18-arm64-di | 4.19.208-1 | arm64 nic-pcmcia-modules-4.19.0-18-686-di | 4.19.208-1 | i386 nic-pcmcia-modules-4.19.0-18-686-pae-di | 4.19.208-1 | i386 nic-pcmcia-modules-4.19.0-18-amd64-di | 4.19.208-1 | amd64 nic-shared-modules-4.19.0-18-686-di | 4.19.208-1 | i386 nic-shared-modules-4.19.0-18-686-pae-di | 4.19.208-1 | i386 nic-shared-modules-4.19.0-18-amd64-di | 4.19.208-1 | amd64 nic-shared-modules-4.19.0-18-arm64-di | 4.19.208-1 | arm64 nic-usb-modules-4.19.0-18-686-di | 4.19.208-1 | i386 nic-usb-modules-4.19.0-18-686-pae-di | 4.19.208-1 | i386 nic-usb-modules-4.19.0-18-amd64-di | 4.19.208-1 | amd64 nic-usb-modules-4.19.0-18-arm64-di | 4.19.208-1 | arm64 nic-wireless-modules-4.19.0-18-686-di | 4.19.208-1 | i386 nic-wireless-modules-4.19.0-18-686-pae-di | 4.19.208-1 | i386 nic-wireless-modules-4.19.0-18-amd64-di | 4.19.208-1 | amd64 nic-wireless-modules-4.19.0-18-arm64-di | 4.19.208-1 | arm64 pata-modules-4.19.0-18-686-di | 4.19.208-1 | i386 pata-modules-4.19.0-18-686-pae-di | 4.19.208-1 | i386 pata-modules-4.19.0-18-amd64-di | 4.19.208-1 | amd64 pcmcia-modules-4.19.0-18-686-di | 4.19.208-1 | i386 pcmcia-modules-4.19.0-18-686-pae-di | 4.19.208-1 | i386 pcmcia-modules-4.19.0-18-amd64-di | 4.19.208-1 | amd64 pcmcia-storage-modules-4.19.0-18-686-di | 4.19.208-1 | i386 pcmcia-storage-modules-4.19.0-18-686-pae-di | 4.19.208-1 | i386 pcmcia-storage-modules-4.19.0-18-amd64-di | 4.19.208-1 | amd64 ppp-modules-4.19.0-18-686-di | 4.19.208-1 | i386 ppp-modules-4.19.0-18-686-pae-di | 4.19.208-1 | i386 ppp-modules-4.19.0-18-amd64-di | 4.19.208-1 | amd64 ppp-modules-4.19.0-18-arm64-di | 4.19.208-1 | arm64 sata-modules-4.19.0-18-686-di | 4.19.208-1 | i386 sata-modules-4.19.0-18-686-pae-di | 4.19.208-1 | i386 sata-modules-4.19.0-18-amd64-di | 4.19.208-1 | amd64 sata-modules-4.19.0-18-arm64-di | 4.19.208-1 | arm64 scsi-core-modules-4.19.0-18-686-di | 4.19.208-1 | i386 scsi-core-modules-4.19.0-18-686-pae-di | 4.19.208-1 | i386 scsi-core-modules-4.19.0-18-amd64-di | 4.19.208-1 | amd64 scsi-core-modules-4.19.0-18-arm64-di | 4.19.208-1 | arm64 scsi-modules-4.19.0-18-686-di | 4.19.208-1 | i386 scsi-modules-4.19.0-18-686-pae-di | 4.19.208-1 | i386 scsi-modules-4.19.0-18-amd64-di | 4.19.208-1 | amd64 scsi-modules-4.19.0-18-arm64-di | 4.19.208-1 | arm64 scsi-nic-modules-4.19.0-18-686-di | 4.19.208-1 | i386 scsi-nic-modules-4.19.0-18-686-pae-di | 4.19.208-1 | i386 scsi-nic-modules-4.19.0-18-amd64-di | 4.19.208-1 | amd64 scsi-nic-modules-4.19.0-18-arm64-di | 4.19.208-1 | arm64 serial-modules-4.19.0-18-686-di | 4.19.208-1 | i386 serial-modules-4.19.0-18-686-pae-di | 4.19.208-1 | i386 serial-modules-4.19.0-18-amd64-di | 4.19.208-1 | amd64 sound-modules-4.19.0-18-686-di | 4.19.208-1 | i386 sound-modules-4.19.0-18-686-pae-di | 4.19.208-1 | i386 sound-modules-4.19.0-18-amd64-di | 4.19.208-1 | amd64 speakup-modules-4.19.0-18-686-di | 4.19.208-1 | i386 speakup-modules-4.19.0-18-686-pae-di | 4.19.208-1 | i386 speakup-modules-4.19.0-18-amd64-di | 4.19.208-1 | amd64 squashfs-modules-4.19.0-18-686-di | 4.19.208-1 | i386 squashfs-modules-4.19.0-18-686-pae-di | 4.19.208-1 | i386 squashfs-modules-4.19.0-18-amd64-di | 4.19.208-1 | amd64 squashfs-modules-4.19.0-18-arm64-di | 4.19.208-1 | arm64 udf-modules-4.19.0-18-686-di | 4.19.208-1 | i386 udf-modules-4.19.0-18-686-pae-di | 4.19.208-1 | i386 udf-modules-4.19.0-18-amd64-di | 4.19.208-1 | amd64 udf-modules-4.19.0-18-arm64-di | 4.19.208-1 | arm64 uinput-modules-4.19.0-18-686-di | 4.19.208-1 | i386 uinput-modules-4.19.0-18-686-pae-di | 4.19.208-1 | i386 uinput-modules-4.19.0-18-amd64-di | 4.19.208-1 | amd64 uinput-modules-4.19.0-18-arm64-di | 4.19.208-1 | arm64 usb-modules-4.19.0-18-686-di | 4.19.208-1 | i386 usb-modules-4.19.0-18-686-pae-di | 4.19.208-1 | i386 usb-modules-4.19.0-18-amd64-di | 4.19.208-1 | amd64 usb-modules-4.19.0-18-arm64-di | 4.19.208-1 | arm64 usb-serial-modules-4.19.0-18-686-di | 4.19.208-1 | i386 usb-serial-modules-4.19.0-18-686-pae-di | 4.19.208-1 | i386 usb-serial-modules-4.19.0-18-amd64-di | 4.19.208-1 | amd64 usb-serial-modules-4.19.0-18-arm64-di | 4.19.208-1 | arm64 usb-storage-modules-4.19.0-18-686-di | 4.19.208-1 | i386 usb-storage-modules-4.19.0-18-686-pae-di | 4.19.208-1 | i386 usb-storage-modules-4.19.0-18-amd64-di | 4.19.208-1 | amd64 usb-storage-modules-4.19.0-18-arm64-di | 4.19.208-1 | arm64 xfs-modules-4.19.0-18-686-di | 4.19.208-1 | i386 xfs-modules-4.19.0-18-686-pae-di | 4.19.208-1 | i386 xfs-modules-4.19.0-18-amd64-di | 4.19.208-1 | amd64 xfs-modules-4.19.0-18-arm64-di | 4.19.208-1 | arm64 ------------------- Reason ------------------- [auto-cruft] old Linux ABI ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 10 Sep 2022 10:46:55 -0000] [ftpmaster: Archive Administrator] Removed the following packages from oldstable: libstd-rust-mozilla-1.51 | 1.51.0+dfsg1-1~deb10u2 | amd64, arm64, armhf, i386, mips64el, mipsel, ppc64el ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by rustc-mozilla) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 10 Sep 2022 10:48:25 -0000] [ftpmaster: Archive Administrator] Removed the following packages from oldstable: libstd-rust-mozilla-dev-windows | 1.51.0+dfsg1-1~deb10u2 | amd64, i386 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by rustc-mozilla) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 10 Sep 2022 10:48:50 -0000] [ftpmaster: Archive Administrator] Removed the following packages from oldstable: librust-cbindgen-dev | 0.8.7-1 | armel ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by rust-cbindgen - based on source metadata) ---------------------------------------------- ========================================================================= adminer (4.7.1-1+deb10u1) buster; urgency=medium . * provide a compiled version and configuration files (Closes: #952755) * privacy: default to disable check for new version * Backport security patch series from upstream: - Fix open redirect if Adminer is accessible at //adminer.php%2F@ - Fix XSS if Adminer is accessible at URL /data - CVE-2020-35572: Fix XSS in browsers which don't encode URL parameters - CVE-2021-21311: Elasticsearch: Do not print response if HTTP code is not 200 - CVE-2021-29625: XSS in doc_link apache2 (2.4.38-3+deb10u8) buster; urgency=medium . * Non-maintainer upload. * CVE-2022-22719: denial of service in mod_lua via crafted request body. * CVE-2022-22720: HTTP request smuggling. * CVE-2022-22721: integer overflow leading to buffer overflow write. * CVE-2022-23943: heap memory overwrite via crafted data in mod_sed. * CVE-2022-26377: mod_proxy_ajp: Possible request smuggling. * CVE-2022-28614: read beyond bounds via ap_rwrite(). * CVE-2022-28615: Read beyond bounds in ap_strcmp_match(). * CVE-2022-29404: Denial of service in mod_lua r:parsebody. * CVE-2022-30522: mod_sed denial of service. * CVE-2022-30556: Information Disclosure in mod_lua with websockets. * CVE-2022-31813: mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism. base-files (10.3+deb10u13) buster; urgency=medium . * Change /etc/debian_version to 10.13, for Debian 10.13 point release. blender (2.79.b+dfsg0-7+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the LTS Team. * CVE-2022-0546 out-of-bounds heap access due to missing checks in the image loader could result in denial of service, memory corruption or potentially code execution * CVE-2022-0545 integer overflow while processing 2d images might result in a write-what-where vulnerability or an out-of-bounds read vulnerability which could leak sensitive information or achieve code execution * CVE-2022-0544 Crafted DDS image files could create an integer underflow in the DDS loader which leads to an out-of-bounds read and might leak sensitive information. booth (1.0-162-g27f917f-2+deb10u1) buster-security; urgency=high . * d/patches: add patch for CVE-2022-2553 cargo-mozilla (0.57.0-7~deb10u1) buster; urgency=medium . * Non-maintainer upload. * Backport to buster. * Bump rustc-mozilla build-dep. chromium (90.0.4430.212-1~deb10u1) buster-security; urgency=medium . * New upstream security release. - CVE-2021-30506: Incorrect security UI in Web App Installs. Reported by @retsew0x01 - CVE-2021-30507: Inappropriate implementation in Offline. Reported by Alison Huffman - CVE-2021-30508: Heap buffer overflow in Media Feeds. Reported by Leecraso and Guang Gong - CVE-2021-30509: Out of bounds write in Tab Strip. Reported by David Erceg - CVE-2021-30510: Race in Aura. Reported by Weipeng Jiang - CVE-2021-30511: Out of bounds read in Tab Groups. Reported by David Erceg - CVE-2021-30512: Use after free in Notifications. Reported by ZhanJia Song - CVE-2021-30513: Type Confusion in V8. Reported by Man Yue Mo - CVE-2021-30514: Use after free in Autofill. Reported by koocola and Wang - CVE-2021-30515: Use after free in File API. Reported by Rong Jian and Guang Gong - CVE-2021-30516: Heap buffer overflow in History. Reported by ZhanJia Song - CVE-2021-30517: Type Confusion in V8. Reported by laural - CVE-2021-30518: Heap buffer overflow in Reader Mode. Reported by Jun Kokatsu - CVE-2021-30519: Use after free in Payments. Reported by asnine - CVE-2021-30520: Use after free in Tab Strip. Reported by Khalil Zhani chromium (90.0.4430.93-1) unstable; urgency=medium . * New upstream security release (closes: #987715). - CVE-2021-21227: Insufficient data validation in V8. Reported by Gengming Liu of Singular Security Lab - CVE-2021-21232: Use after free in Dev Tools. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research - CVE-2021-21233: Heap buffer overflow in ANGLE. Reported by Omair - CVE-2021-21228: Insufficient policy enforcement in extensions. Reported by Rob Wu - CVE-2021-21229: Incorrect security UI in downloads. Reported by Mohit Raj (shadow2639) - CVE-2021-21230: Type Confusion in V8. Reported by Manfred Paul - CVE-2021-21231: Insufficient data validation in V8. Reported by Sergei Glazunov of Google Project Zero * Disable libaom on arm to potentially fix FTBFS on armhf chromium (90.0.4430.93-1~deb10u1) buster-security; urgency=medium . * New upstream security release. - CVE-2021-21227: Insufficient data validation in V8. Reported by Gengming Liu - CVE-2021-21228: Insufficient policy enforcement in extensions. Reported by Rob Wu - CVE-2021-21229: Incorrect security UI in downloads. Reported by Mohit Raj - CVE-2021-21230: Type Confusion in V8. Reported by Manfred Paul - CVE-2021-21231: Insufficient data validation in V8. Reported by Sergei Glazunov - CVE-2021-21232: Use after free in Dev Tools. Reported by Abdulrahman Alqabandi - CVE-2021-21233: Heap buffer overflow in ANGLE. Reported by Omair chromium (90.0.4430.85-1) unstable; urgency=medium . * New upstream security release (closes: #987358). - CVE-2021-21222: Heap buffer overflow in V8. Reported by Guang Gong of Alpha Lab, Qihoo 360 - CVE-2021-21223: Integer overflow in Mojo. Reported by Guang Gong of Alpha Lab, Qihoo 360 - CVE-2021-21224: Type Confusion in V8. Reported by Jose Martinez tr0y4 from VerSprite Inc. - CVE-2021-21225: Out of bounds memory access in V8. Reported by Brendon Tiszka @btiszka supporting the EFF - CVE-2021-21226: Use after free in navigation. Reported by Brendon Tiszka @btiszka supporting the EFF chromium (90.0.4430.85-1~deb10u1) buster-security; urgency=medium . * New upstream stable release. - CVE-2021-21201: Use after free in permissions. Reported by Gengming Liu and Jianyu Chen - CVE-2021-21202: Use after free in extensions. Reported by David Erceg - CVE-2021-21203: Use after free in Blink. Reported by asnine - CVE-2021-21204: Use after free in Blink. Reported by Chelse Tsai-Simek, Jeanette Ulloa, and Emily Voigtlander - CVE-2021-21205: Insufficient policy enforcement in navigation. Reported by Alison Huffman - CVE-2021-21221: Insufficient validation of untrusted input in Mojo. Reported by Guang Gong - CVE-2021-21207: Use after free in IndexedDB. Reported by koocola and Nan Wang - CVE-2021-21208: Insufficient data validation in QR scanner. Reported by Ahmed Elsobky - CVE-2021-21209: Inappropriate implementation in storage. Reported by Tom Van Goethem - CVE-2021-21210: Inappropriate implementation in Network. Reported by @bananabr - CVE-2021-21211: Inappropriate implementation in Navigation. Reported by Akash Labade - CVE-2021-21212: Incorrect security UI in Network Config UI. Reported by Hugo Hue and Sze Yiu Chau - CVE-2021-21213: Use after free in WebMIDI. Reported by raven - CVE-2021-21214: Use after free in Network API. Reported by Anonymous - CVE-2021-21215: Inappropriate implementation in Autofill. Reported by Abdulrahman Alqabandi - CVE-2021-21216: Inappropriate implementation in Autofill. Reported by Abdulrahman Alqabandi - CVE-2021-21217: Uninitialized Use in PDFium. Reported by Zhou Aiting - CVE-2021-21218: Uninitialized Use in PDFium. Reported by Zhou Aiting - CVE-2021-21219: Uninitialized Use in PDFium. Reported by Zhou Aiting - CVE-2021-21222: Heap buffer overflow in V8. Reported by Guang Gong - CVE-2021-21223: Integer overflow in Mojo. Reported by Guang Gong - CVE-2021-21224: Type Confusion in V8. Reported by Jose Martinez - CVE-2021-21225: Out of bounds memory access in V8. Reported by Brendon Tiszka - CVE-2021-21226: Use after free in navigation. Reported by Brendon Tiszka chromium (90.0.4430.72-1) unstable; urgency=medium . * New upstream security release (closes: #987053). - CVE-2021-21201: Use after free in permissions. Reported by Gengming Liu and Jianyu Chen when working at Tencent KeenLab - CVE-2021-21202: Use after free in extensions. Reported by David Erceg - CVE-2021-21203: Use after free in Blink. Reported by asnine - CVE-2021-21204: Use after free in Blink. Reported by Chelse Tsai-Simek, Jeanette Ulloa, and Emily Voigtlander of Seesaw - CVE-2021-21205: Insufficient policy enforcement in navigation. Reported by Alison Huffman, Microsoft Browser Vulnerability Research - CVE-2021-21221: Insufficient validation of untrusted input in Mojo. Reported by Guang Gong of Alpha Lab, Qihoo 360 - CVE-2021-21207: Use after free in IndexedDB. Reported by koocola @alo_cook and Nan Wang @eternalsakura13 of 360 Alpha Lab - CVE-2021-21208: Insufficient data validation in QR scanner. Reported by Ahmed Elsobky @0xsobky - CVE-2021-21209: Inappropriate implementation in storage. Reported by Tom Van Goethem @tomvangoethem - CVE-2021-21210: Inappropriate implementation in Network. Reported by @bananabr - CVE-2021-21211: Inappropriate implementation in Navigation. Reported by Akash Labade m0ns7er - CVE-2021-21212: Incorrect security UI in Network Config UI. Reported by Hugo Hue and Sze Yiu Chau of the Chinese University of Hong Kong - CVE-2021-21213: Use after free in WebMIDI. Reported by raven @raid_akame - CVE-2021-21214: Use after free in Network API. Reported by Anonymous - CVE-2021-21215: Inappropriate implementation in Autofill. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research - CVE-2021-21216: Inappropriate implementation in Autofill. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research - CVE-2021-21217: Uninitialized Use in PDFium. Reported by Zhou Aiting @zhouat1 of Qihoo 360 Vulcan Team - CVE-2021-21218: Uninitialized Use in PDFium. Reported by Zhou Aiting @zhouat1 of Qihoo 360 Vulcan Team - CVE-2021-21219: Uninitialized Use in PDFium. Reported by Zhou Aiting @zhouat1 of Qihoo 360 Vulcan Team chromium (89.0.4389.114-1) unstable; urgency=medium . * New upstream security release (closes: #986335). - CVE-2021-21194: Use after free in screen capture. Reported by Leecraso and Guang Gong - CVE-2021-21195: Use after free in V8. Reported by Liu and Liang - CVE-2021-21196: Heap buffer overflow in TabStrip. Reported by Khalil Zhani - CVE-2021-21197: Heap buffer overflow in TabStrip. Reported by Abdulrahman Alqabandi - CVE-2021-21198: Out of bounds read in IPC. Reported by Mark Brand - CVE-2021-21199: Use Use after free in Aura. Reported by Weipeng Jiang cifs-utils (2:6.8-2+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * mount.cifs: fix length check for ip option parsing (CVE-2022-27239) (Closes: #1010818) * mount.cifs: fix verbose messages on option parsing (CVE-2022-29869) (Closes: #1010818) clamav (0.103.6+dfsg-0+deb10u1) buster; urgency=medium . * Import 0.103.6 - CVE-2022-20770 (Possible infinite loop vulnerability in the CHM file parser). - CVE-2022-20796 (Possible NULL-pointer dereference crash in the scan verdict cache check). - CVE-2022-20771 (Possible infinite loop vulnerability in the TIFF file parser). - CVE-2022-20785 (Possible memory leak in the HTML file parser/ Javascript normalizer). - CVE-2022-20792 (Possible multi-byte heap buffer overflow write vulnerability in the signature database load module. - Update symbol file. clamav (0.103.5+dfsg-1) unstable; urgency=medium . * Import 0.103.5 - CVE-2022-20698 (Fix for invalid pointer read that may cause a crash). - Update symbol file. clamav (0.103.5+dfsg-0+deb11u1) bullseye; urgency=medium . * Import 0.103.5 - CVE-2022-20698 (Fix for invalid pointer read that may cause a crash). - Update symbol file. commons-daemon (1.0.15-8+deb10u1) buster; urgency=medium . * Non-maintainer upload. * Apply patch from unstable to fix JVM detection. (Closes: #935336) composer (1.8.4-1+deb10u2) buster; urgency=medium . * Fix code injection vulnerability [CVE-2022-24828] (Closes: #1009960) * Update GitHub token pattern (Closes: #989315) * Use Authorization header instead of deprecated access_token query param (Closes: #955485) condor (8.6.8~dfsg.1-2+deb10u1) buster-security; urgency=high . * Non-maintainer upload. * Fix CVE-2019-18823: HTCondor has Incorrect Access Control. It is possible to use a different authentication method to submit a job than the administrator has specified. If the administrator has configured the READ or WRITE methods to include CLAIMTOBE, then it is possible to impersonate another user to the condor_schedd. (For example to submit or remove jobs) * Fix CVE-2022-26110: When a user authenticates to an HTCondor daemon via the CLAIMTOBE method, the user can then impersonate any entity when issuing additional commands to that daemon. cups (2.2.10-6+deb10u6) buster-security; urgency=high . * CVE-2022-26691 Fix certificate comparison. (Thanks to Zdenek Dohnal for the patch) debian-installer (20190702+deb10u13) buster; urgency=medium . * Bump Linux ABI to 4.19.0-21. debian-installer-netboot-images (20190702+deb10u13) buster; urgency=medium . * Update to 20190702+deb10u13, from buster-proposed-updates. debian-security-support (1:10+2022.08.23) buster; urgency=medium . * Introduce release based versioning and add an epoch to achieve that. See https://lists.debian.org/20200817100153.GA944@layer-acht.org and follow-ups. Closes: #988321 * Makefile.PL: strip epoch from internal version just like ~deb10u1 etc are also dropped. * Update security-support-ended.deb10 from 1:12+2022.08.12 from unstable, thus adding these packages to it: - chromium - ckeditor3 - gpac - libspring-java - slurm-llnl - xen * Update security-support-limited from 1:12+2022.08.12 from unstable, thus adding: - golang - khtml * Drop libv8-3.14, mosjz, mosjz24, swftools and webkitgtk from security-support-limited as they were only present in stretch and earlier. * Also drop glpi, ltp and wine-gecko-2.(21|24) from security-support-limited as they were only present in jessie or earlier. debian-security-support (2020.07.12) unstable; urgency=medium . * Drop support for jessie: - drop security-support-ended.deb8. - set DEB_LOWEST_VER_ID=9 in check-support-status.in. * security-support-limited: - add mozjs68. Closes: #959804, thanks to Simon McVittie for the bug report. - drop glpi as it was only shipped in jessie and before. - drop ltp as it was only shipped in squeeze. - drop wine-gecko-2.(21|24) as they were only present in jessie. * lintian-overrides: drop unused maintainer-script-should-not-use-adduser- system-without-home. debian-security-support (2020.06.21) unstable; urgency=medium . [ Mike Gabriel ] * Add cinder (OpenStack component) to security-support-ended.deb8. debootstrap (1.0.114+deb10u1) buster; urgency=medium . * Non-maintainer upload. * setup_merged_usr: create skip flag when merged-usr is disabled on bookworm+ * Add usr-is-merged to the required set on testing/unstable distro-info-data (0.41+deb10u5) buster; urgency=medium . * Update data to 0.53, without new columns: - Add Ubuntu 22.04 LTS, Jammy Jellyfish. - Add Ubuntu 22.10, Kinetic Kudu. djangorestframework (3.9.0-1+deb10u1) buster-security; urgency=medium . * Backport 4bb9a3c48427867ef1e46f7dee945a4c25a4f9b8 to fix cross-site scripting caused by disabled autoescaping in the default DRF Browsable API view templates (no CVE yet) * Backport ae649336b110afe21b9429f2554052f31a9dfaf9 to address CVE-2020-25626 dpkg (1.19.8) buster-security; urgency=medium . [ Guillem Jover ] * Perl modules: - Dpkg::Source::Archive: Prevent directory traversal for in-place extracts. Reported by Max Justicz . Fixes CVE-2022-1664. * Build system: - Build gitlab CI images for buster instead of sid. . [ Updated man pages translations ] * German (Helge Kreutzmann). dropbear (2018.76-5+deb10u1) buster; urgency=medium . * Backport security fix for CVE-2019-12953: Inconsistent failure delay that may lead to revealing valid usernames. The fix limits password length to 100 bytes. (Closes: #1009062.) Cherry-picked from https://hg.ucc.asn.au/dropbear/rev/228b086794b7 . * d/gbp.conf: Set debian-branch = debian/buster. eboard (1.1.3-0.4~deb10u1) buster; urgency=medium . * Non-maintainer upload. * Rebuild for buster. . eboard (1.1.3-0.4) unstable; urgency=medium . * Non-maintainer upload. * Add upstream fix for segfault on engine selection, thanks to Eric Cooper and Bernhard Übelacker. (Closes: #962627) ecdsautils (0.3.2+git20151018-2+deb10u1) buster-security; urgency=medium . * debian/patches: - Add 0001-verify-fix-signature-verification-CVE-2022-24884.patch, Fix CVE-2022-24884: Improper Verification of ECDSA Signatures esorex (3.13.1-1+deb10u1) buster; urgency=medium . * Non-maintainer upload. * Fix testsuite failures on armhf and ppc64el caused by incorrect libffi usage. (Closes: #934081) * Re-enable Python tests on armhf and ppc64el. (Closes: #893206) evemu (2.7.0-1+deb10u1) buster; urgency=medium . * Non-maintainer upload. * Add upstream fix for FTBFS with recent kernel headers. (Closes: #971161) exo (0.12.4-1+deb10u1) oldstable-security; urgency=medium . * d/patches: 0001-exo-open-Only-execute-local-.desktop-files.patch added Fix CVE-2022-32278, exo allows executing .desktop files with remote URI scheme. (Closes: #1013129) faad2 (2.10.0-1~deb10u1) buster-security; urgency=medium . * Rebuild for buster, addresses multiple security issues faad2 (2.9.2-1) unstable; urgency=medium . * New upstream version 2.9.2 * Install pkg-config file. * Rules-Requires-Root: no. faad2 (2.9.1-1) unstable; urgency=medium . [ Ondřej Nový ] * Bump Standards-Version to 4.4.1 . [ Fabian Greffrath ] * New upstream version 2.9.1 faad2 (2.9.0-1) unstable; urgency=medium . [ Ondřej Nový ] * Use debhelper-compat instead of debian/compat . [ Fabian Greffrath ] * Ack NMUs, thanks Hugo! * Upstream moved to GitHub, adapt packaging accordingly. * New upstream version 2.9.0. * Remove all patches, applied upstream. * Build reproducibly. * Finish debug symbols package migration. * Bump debhelper-compat to 12. * Bump Standards-Version to 4.4.0. * Add Build-Depends-Package line to the symbols file. faad2 (2.8.8-3.2) unstable; urgency=high . * Non-maintainer upload with maintainer's permission. * debian/patches/gcc-9.patch: Fix build with GCC-9 (thanks Gianfranco Costamagna for the patch) (Closes: #930363). faad2 (2.8.8-3.1) unstable; urgency=medium . * Non-maintainer upload with maintainer's permission. * CVE-2019-6956: Buffer over read in the function ps_mix_phase() (libfaad/ps_dec.c) (Closes: #914641). * CVE-2018-20196: Stack buffer overflow in the function calculate_gain (libfaad/sbr_hfadj.c). * CVE-2018-20199, CVE-2018-20360: NULL pointer dereference in the function ifilter_bank (libfaad/filtbank.c). faad2 (2.8.8-3+deb10u1) buster-security; urgency=medium . * CVE-2018-20196 * CVE-2018-20199 * CVE-2018-20360 * CVE-2019-6956 (Closes: #914641) * CVE-2021-32272 * CVE-2021-32273 * CVE-2021-32274 * CVE-2021-32276 * CVE-2021-32277 * CVE-2021-32278 feature-check (0.2.2-3+deb10u1) buster; urgency=medium . * Add the cmp-num and cmp-rest upstream patches to fix some version string comparisons. Closes: #990276 ffmpeg (7:4.1.9-0+deb10u1) buster-security; urgency=medium . * New upstream release. - Drop 0001-fix-mxfenc-index.patch, contained in new release firefox-esr (91.12.0esr-1~deb10u1) buster-security; urgency=medium . * New upstream release. * Fixes for mfsa2022-29, also known as: CVE-2022-36319, CVE-2022-36318. firefox-esr (91.11.0esr-1) unstable; urgency=medium . * New upstream release. * Fixes for mfsa2022-25, also known as: CVE-2022-34479, CVE-2022-34470, CVE-2022-34468, CVE-2022-34481, CVE-2022-31744, CVE-2022-34472, CVE-2022-2200, CVE-2022-34484. . * build/moz.configure/bindgen.configure, gfx/webrender_bindings/webrender_ffi.h: Work around build failure with newer cbindgen. bz#1773259 firefox-esr (91.11.0esr-1~deb11u1) bullseye-security; urgency=medium . * New upstream release. * Fixes for mfsa2022-25, also known as: CVE-2022-34479, CVE-2022-34470, CVE-2022-34468, CVE-2022-34481, CVE-2022-31744, CVE-2022-34472, CVE-2022-2200, CVE-2022-34484. . * build/moz.configure/bindgen.configure, gfx/webrender_bindings/webrender_ffi.h: Work around build failure with newer cbindgen. bz#1773259 firefox-esr (91.11.0esr-1~deb10u1) buster-security; urgency=medium . * New upstream release. * Fixes for mfsa2022-25, also known as: CVE-2022-34479, CVE-2022-34470, CVE-2022-34468, CVE-2022-34481, CVE-2022-31744, CVE-2022-34472, CVE-2022-2200, CVE-2022-34484. . * build/moz.configure/bindgen.configure, gfx/webrender_bindings/webrender_ffi.h: Work around build failure with newer cbindgen. bz#1773259 firefox-esr (91.10.0esr-1) unstable; urgency=medium . * New upstream release. * Fixes for mfsa2022-21, also known as: CVE-2022-31736, CVE-2022-31737, CVE-2022-31738, CVE-2022-31740, CVE-2022-31741, CVE-2022-31742, CVE-2022-31747. firefox-esr (91.10.0esr-1~deb11u1) bullseye-security; urgency=medium . * New upstream release. * Fixes for mfsa2022-21, also known as: CVE-2022-31736, CVE-2022-31737, CVE-2022-31738, CVE-2022-31740, CVE-2022-31741, CVE-2022-31742, CVE-2022-31747. firefox-esr (91.10.0esr-1~deb10u1) buster-security; urgency=medium . * New upstream release. * Fixes for mfsa2022-21, also known as: CVE-2022-31736, CVE-2022-31737, CVE-2022-31738, CVE-2022-31740, CVE-2022-31741, CVE-2022-31742, CVE-2022-31747. firefox-esr (91.9.1esr-1) unstable; urgency=medium . * New upstream release. * Fixes for mfsa2022-19, also known as CVE-2022-1802 and CVE-2022-1529. firefox-esr (91.9.1esr-1~deb11u1) bullseye-security; urgency=medium . * New upstream release. * Fixes for mfsa2022-19, also known as CVE-2022-1802 and CVE-2022-1529. firefox-esr (91.9.1esr-1~deb10u1) buster-security; urgency=medium . * New upstream release. * Fixes for mfsa2022-19, also known as CVE-2022-1802 and CVE-2022-1529. firefox-esr (91.9.0esr-1) unstable; urgency=medium . * New upstream release. * Fixes for mfsa2022-17, also known as CVE-2022-29914, CVE-2022-29909, CVE-2022-29916, CVE-2022-29911, CVE-2022-29912, CVE-2022-29917. firefox-esr (91.9.0esr-1~deb11u1) bullseye-security; urgency=medium . * New upstream release. * Fixes for mfsa2022-17, also known as CVE-2022-29914, CVE-2022-29909, CVE-2022-29916, CVE-2022-29911, CVE-2022-29912, CVE-2022-29917. firefox-esr (91.9.0esr-1~deb10u1) buster-security; urgency=medium . * New upstream release. * Fixes for mfsa2022-17, also known as CVE-2022-29914, CVE-2022-29909, CVE-2022-29916, CVE-2022-29911, CVE-2022-29912, CVE-2022-29917. firefox-esr (91.8.0esr-1) unstable; urgency=medium . * New upstream release. * Fixes for mfsa2022-14, also known as CVE-2022-1097, CVE-2022-28281, CVE-2022-1196, CVE-2022-28282, CVE-2022-28285, CVE-2022-28286, CVE-2022-24713, CVE-2022-28289. firefox-esr (91.8.0esr-1~deb11u1) bullseye-security; urgency=medium . * New upstream release. * Fixes for mfsa2022-14, also known as CVE-2022-1097, CVE-2022-28281, CVE-2022-1196, CVE-2022-28282, CVE-2022-28285, CVE-2022-28286, CVE-2022-24713, CVE-2022-28289. firefox-esr (91.8.0esr-1~deb10u1) buster-security; urgency=medium . * New upstream release. * Fixes for mfsa2022-14, also known as CVE-2022-1097, CVE-2022-28281, CVE-2022-1196, CVE-2022-28282, CVE-2022-28285, CVE-2022-28286, CVE-2022-24713, CVE-2022-28289. firefox-esr (91.7.0esr-1) unstable; urgency=medium . * New upstream release. * Fixes for mfsa2022-11, also known as CVE-2022-26383, CVE-2022-26384, CVE-2022-26387, CVE-2022-26381, CVE-2022-26386. firefox-esr (91.7.0esr-1~deb11u1) bullseye-security; urgency=medium . * New upstream release. * Fixes for mfsa2022-11, also known as CVE-2022-26383, CVE-2022-26384, CVE-2022-26387, CVE-2022-26381, CVE-2022-26386. firefox-esr (91.7.0esr-1~deb10u1) buster-security; urgency=medium . * New upstream release. * Fixes for mfsa2022-11, also known as CVE-2022-26383, CVE-2022-26384, CVE-2022-26387, CVE-2022-26381, CVE-2022-26386. firefox-esr (91.6.1esr-1) unstable; urgency=medium . * New upstream release. * Fixes for mfsa2022-09, also known as CVE-2022-26485, CVE-2022-26486. firefox-esr (91.6.1esr-1~deb11u1) bullseye-security; urgency=medium . * New upstream release. * Fixes for mfsa2022-09, also known as CVE-2022-26485, CVE-2022-26486. firefox-esr (91.6.1esr-1~deb10u1) buster-security; urgency=medium . * New upstream release. * Fixes for mfsa2022-09, also known as CVE-2022-26485, CVE-2022-26486. firefox-esr (91.6.0esr-1) unstable; urgency=medium . * New upstream release. * Fixes for mfsa2022-05, also known as: CVE-2022-22754, CVE-2022-22756, CVE-2022-22759, CVE-2022-22760, CVE-2022-22761, CVE-2022-22763, CVE-2022-22764. firefox-esr (91.6.0esr-1~deb11u1) bullseye-security; urgency=medium . * New upstream release. * Fixes for mfsa2022-05, also known as: CVE-2022-22754, CVE-2022-22756, CVE-2022-22759, CVE-2022-22760, CVE-2022-22761, CVE-2022-22763, CVE-2022-22764. . * netwerk/base/SimpleChannel.*, netwerk/base/nsBaseChannel.*, netwerk/protocol/res/ExtensionProtocolHandler.cpp, netwerk/protocol/res/PageThumbProtocolHandler.cpp, toolkit/components/places/nsAnnoProtocolHandler.cpp, dom/file/ipc/RemoteLazyInputStream.cpp: Apply upstream patches to fix excessive CPU usage in web extensions. bz#1706594, bz#1735899. Closes: #1002868. firefox-esr (91.6.0esr-1~deb10u1) buster-security; urgency=medium . * New upstream release. * Fixes for mfsa2022-05, also known as: CVE-2022-22754, CVE-2022-22756, CVE-2022-22759, CVE-2022-22760, CVE-2022-22761, CVE-2022-22763, CVE-2022-22764. . * netwerk/base/SimpleChannel.*, netwerk/base/nsBaseChannel.*, netwerk/protocol/res/ExtensionProtocolHandler.cpp, netwerk/protocol/res/PageThumbProtocolHandler.cpp, toolkit/components/places/nsAnnoProtocolHandler.cpp, dom/file/ipc/RemoteLazyInputStream.cpp: Apply upstream patches to fix excessive CPU usage in web extensions. bz#1706594, bz#1735899. Closes: #1002868. firefox-esr (91.5.1esr-1) unstable; urgency=medium . * New upstream release. firefox-esr (91.5.0esr-1) unstable; urgency=medium . * New upstream release. * Fixes for mfsa2022-02, also known as: CVE-2022-22743, CVE-2022-22742, CVE-2022-22741, CVE-2022-22740, CVE-2022-22738, CVE-2022-22737, CVE-2021-4140, CVE-2022-22748, CVE-2022-22745, CVE-2022-22747, CVE-2022-22739, CVE-2022-22751. . * netwerk/base/SimpleChannel.*, netwerk/base/nsBaseChannel.*, netwerk/protocol/res/ExtensionProtocolHandler.cpp, netwerk/protocol/res/PageThumbProtocolHandler.cpp, toolkit/components/places/nsAnnoProtocolHandler.cpp, dom/file/ipc/RemoteLazyInputStream.cpp: Apply upstream patches to fix excessive CPU usage in web extensions. bz#1706594, bz#1735899. Closes: #1002868. firefox-esr (91.5.0esr-1~deb11u1) bullseye-security; urgency=medium . * New upstream release. * Fixes for mfsa2022-02, also known as: CVE-2022-22743, CVE-2022-22742, CVE-2022-22741, CVE-2022-22740, CVE-2022-22738, CVE-2022-22737, CVE-2021-4140, CVE-2022-22748, CVE-2022-22745, CVE-2022-22747, CVE-2022-22739, CVE-2022-22751. firefox-esr (91.5.0esr-1~deb10u1) buster-security; urgency=medium . * New upstream release. * Fixes for mfsa2022-02, also known as: CVE-2022-22743, CVE-2022-22742, CVE-2022-22741, CVE-2022-22740, CVE-2022-22738, CVE-2022-22737, CVE-2021-4140, CVE-2022-22748, CVE-2022-22745, CVE-2022-22747, CVE-2022-22739, CVE-2022-22751. . * debian/rules: Build against embedded nspr and nss on bullseye. * debian/control*: Build against rustc-mozilla/cargo-mozilla on relevant older release. * debian/upstream.mk: Add definitions for newer releases of Debian. firefox-esr (91.4.1esr-1~deb11u1) bullseye-security; urgency=medium . * New upstream release. . * debian/rules: Build against embedded nspr and nss on bullseye. * debian/control*: Build against rustc-mozilla/cargo-mozilla on relevant older release. * debian/upstream.mk: Add definitions for newer releases of Debian. firefox-esr (91.4.0esr-1) unstable; urgency=medium . * New upstream release. * Fixes cubeb deadlock. Closes: #998679. * Fixes for mfsa2021-53, also known as: CVE-2021-43536, CVE-2021-43537, CVE-2021-43538, CVE-2021-43539, CVE-2021-43541, CVE-2021-43542, CVE-2021-43543, CVE-2021-43545, CVE-2021-43546, MOZ-2021-0009. firefox-esr (91.3.0esr-2) unstable; urgency=medium . * debian/firefox.in: Use `command -v` instead of `which`. Closes: #996455. . * modules/fdlibm/src/math_private.h: Fix FTBFS on i386. bz#1729459. * .cargo/config.in, Cargo.lock, Cargo.toml, third_party/rust/cc/.cargo-checksum.json, third_party/rust/cc/Cargo.toml, third_party/rust/cc/src/lib.rs, third_party/rust/cc/src/windows_registry.rs: Update cc crate to b2f6b146b75299c444e05bbde50d03705c7c4b6e, aka 1.0.71 + GCC-11 fix for armhf. bz#1739040. firefox-esr (91.3.0esr-1) unstable; urgency=medium . * New upstream release. * Fixes for mfsa2021-49, also known as: CVE-2021-38503, CVE-2021-38504, CVE-2021-38506, CVE-2021-38507, MOZ-2021-0008, CVE-2021-38508, CVE-2021-38509, MOZ-2021-0007. (MOZ-* pending CVE assignment) firefox-esr (91.2.0esr-1) unstable; urgency=medium . * New upstream release. * Fixes for mfsa2021-45, also known as: CVE-2021-38496, CVE-2021-38497, CVE-2021-38498, CVE-2021-32810, CVE-2021-38500, CVE-2021-38501. firefox-esr (91.1.0esr-1) experimental; urgency=medium . * New upstream release. * Fixes for mfsa2021-40, also known as CVE-2021-38495. firefox-esr (91.0.1esr-1) experimental; urgency=medium . * New upstream release. * Fixes for mfsa2021-37, also known as CVE-2021-29991. . * debian/import-tar.py, debian/repack.py: Fixed for python 3.9. firefox-esr (91.0esr-1) experimental; urgency=medium . * New upstream release. firefox-esr (78.15.0esr-1~deb11u1) bullseye-security; urgency=medium . * New upstream release. * Fixes for mfsa2021-44, also known as CVE-2021-38496, CVE-2021-38500. firefox-esr (78.15.0esr-1~deb10u1) buster-security; urgency=medium . * New upstream release. * Fixes for mfsa2021-44, also known as CVE-2021-38496, CVE-2021-38500. firefox-esr (78.14.0esr-1) unstable; urgency=medium . * New upstream release. * Fixes for mfsa2021-39, also known as CVE-2021-38493. . * debian/import-tar.py, debian/repack.py: Fixed for python 3.9. firefox-esr (78.14.0esr-1~deb11u1) bullseye-security; urgency=medium . * New upstream release. * Fixes for mfsa2021-39, also known as CVE-2021-38493. . * debian/import-tar.py, debian/repack.py: Fixed for python 3.9. firejail (0.9.58.2-2+deb10u3) buster-security; urgency=medium . * Fix local root exploit reachable via --join logic. (CVE-2022-31214) (Closes: #1012510) flac (1.3.2-3+deb10u2) buster; urgency=medium . * Non-maintainer upload by the LTS Team. * CVE-2021-0561 (Closes: #1006339) Add patch to exit at EOS in verify mode. foxtrotgps (1.2.1-1+deb10u1) buster; urgency=medium . * Non-maintainer upload. * Add upstream fix for FTBFS with new imagemagick. (Closes: #991056) freeradius (3.0.17+dfsg-1.1+deb10u1) buster; urgency=medium . * Non-maintainer upload. * CVE-2019-13456: side-channel leak where 1 in 2048 handshakes fail * CVE-2019-17185: DoS due to multithreaded BN_CTX access * Add upstream fix for a crash bug. (Closes: #992036) freetype (2.9.1-3+deb10u3) buster; urgency=medium . * Add upstream patches to fix multiple vulnerabilities. Closes: #1010183. - CVE-2022-27404: heap buffer overflow via invalid integer decrement in sfnt_init_face(). - CVE-2022-27405: segmentation violation via ft_open_face_internal() when attempting to read the value of FT_LONG face_index. - CVE-2022-27406: segmentation violation via FT_Request_Size() when attempting to read the value of an unguarded face size handle. fribidi (1.0.5-3.1+deb10u2) buster; urgency=high . * Non-maintainer upload by the LTS Team. * CVE-2022-25308 stack-buffer-overflow issue in main() * CVE-2022-25309 heap-buffer-overflow issue in fribidi_cap_rtl_to_unicode() * CVE-2022-25310 SEGV issue in fribidi_remove_bidi_marks() (Closes: #1008793) ftgl (2.4.0-2.1~deb10u1) buster; urgency=medium . * Non-maintainer upload. * Rebuild for buster. . ftgl (2.4.0-2.1) unstable; urgency=medium . * Non-maintainer upload . [ William Grant ] * Don't try to convert PNG to EPS for latex, as our imagemagick has EPS disabled for security reasons and it seems to work without them. (Closes: #991053) gif2apng (1.9+srconly-2+deb10u1) buster; urgency=medium . * Non-maintainer upload. * CVE-2021-45909, Closes: #1002668: heap based buffer overflow in the DecodeLZW * CVE-2021-45910, Closes: #1002667: heap-based buffer overflow within the main function * CVE-2021-45911, Closes: #1002687: heap based buffer overflow in processing of delays in the main function gnucash (1:3.4-1+deb10u1) buster; urgency=medium . * Non-maintainer upload. * Add upstream fix for test-gnc-timezone with recent tzdata. (Closes: #978208). gnupg2 (2.2.12-1+deb10u2) buster-security; urgency=high . [ Roger Shimizu ] * d/control: Update Build-Depends: libgpg-error-dev (>= 1.35) . [ Daniel Kahn Gillmor ] * fix broken status line (Closes: #1014157) gnutls28 (3.6.7-4+deb10u8) buster; urgency=medium . * Non-maintainer upload. * Backport 48_testcompat-openssl-improve-testing-against-secured-O.patch to pass testsuite with openssl 1.1.1e. golang-github-docker-go-connections (0.3.0-3+deb10u1) buster; urgency=medium . * Non-maintainer upload. * Add patch to skip tests which use expired certificate. (Closes: #986306) golang-github-pkg-term (0.0~git20181116.27bbf2e-1+deb10u1) buster; urgency=medium . * Non-maintainer upload. * Fix building on newer 4.19 kernels. (Closes: #1002231) golang-github-russellhaering-goxmldsig (0.0~git20170911.b7efc62-1+deb10u1) buster; urgency=medium . * CVE-2020-7711 null pointer dereference caused by crafted XML signatures (Closes: #968928 * according to ratt, nothing else has to be built grub-efi-amd64-signed (1+2.06+3~deb10u1) buster; urgency=medium . * Update to grub2 2.06-3~deb10u1 grub-efi-amd64-signed (1+2.06+2) unstable; urgency=medium . * Update to grub2 2.06-2 grub-efi-amd64-signed (1+2.04+20) unstable; urgency=medium . * Update to grub2 2.04-20 grub-efi-amd64-signed (1+2.04+19) unstable; urgency=medium . * Update to grub2 2.04-19 grub-efi-amd64-signed (1+2.04+18) unstable; urgency=medium . * Update to grub2 2.04-18 grub-efi-amd64-signed (1+2.04+17) unstable; urgency=medium . * Update to grub2 2.04-17 grub-efi-amd64-signed (1+2.04+16) unstable; urgency=medium . * Update to grub2 2.04-16 grub-efi-amd64-signed (1+2.04+15) unstable; urgency=medium . * Update to grub2 2.04-15 grub-efi-amd64-signed (1+2.04+14) unstable; urgency=medium . * Update to grub2 2.04-14 grub-efi-amd64-signed (1+2.04+12) unstable; urgency=medium . * Update to grub2 2.04-12 grub-efi-amd64-signed (1+2.04+11) unstable; urgency=medium . * Update to grub2 2.04-11 grub-efi-amd64-signed (1+2.04+10) unstable; urgency=medium . * Update to grub2 2.04-10 grub-efi-amd64-signed (1+2.04+9) unstable; urgency=high . * Update to grub2 2.04-9 grub-efi-amd64-signed (1+2.04+8) unstable; urgency=medium . * Update to grub2 2.04-8 grub-efi-amd64-signed (1+2.04+7) unstable; urgency=medium . * Update to grub2 2.04-7 grub-efi-amd64-signed (1+2.04+6) unstable; urgency=medium . * Update to grub2 2.04-6 grub-efi-amd64-signed (1+2.04+5) unstable; urgency=medium . * Update to grub2 2.04-5 grub-efi-amd64-signed (1+2.04+4) unstable; urgency=medium . * Update to grub2 2.04-4 grub-efi-amd64-signed (1+2.04+3) unstable; urgency=medium . * Update to grub2 2.04-3 grub-efi-amd64-signed (1+2.04+2) unstable; urgency=medium . * Update to grub2 2.04-2 grub-efi-amd64-signed (1+2.04+1) unstable; urgency=medium . * Update to grub2 2.04-1 grub-efi-amd64-signed (1+2.04~rc1+3) experimental; urgency=medium . * Update to grub2 2.04~rc1-3 grub-efi-amd64-signed (1+2.04~rc1+2) experimental; urgency=medium . * Update to grub2 2.04~rc1-2 grub-efi-amd64-signed (1+2.04~rc1+1) experimental; urgency=medium . * Update to grub2 2.04~rc1-1 grub-efi-arm64-signed (1+2.06+3~deb10u1) buster; urgency=medium . * Update to grub2 2.06-3~deb10u1 grub-efi-arm64-signed (1+2.06+2) unstable; urgency=medium . * Update to grub2 2.06-2 grub-efi-arm64-signed (1+2.04+20) unstable; urgency=medium . * Update to grub2 2.04-20 grub-efi-arm64-signed (1+2.04+19) unstable; urgency=medium . * Update to grub2 2.04-19 grub-efi-arm64-signed (1+2.04+18) unstable; urgency=medium . * Update to grub2 2.04-18 grub-efi-arm64-signed (1+2.04+17) unstable; urgency=medium . * Update to grub2 2.04-17 grub-efi-arm64-signed (1+2.04+16) unstable; urgency=medium . * Update to grub2 2.04-16 grub-efi-arm64-signed (1+2.04+15) unstable; urgency=medium . * Update to grub2 2.04-15 grub-efi-arm64-signed (1+2.04+14) unstable; urgency=medium . * Update to grub2 2.04-14 grub-efi-arm64-signed (1+2.04+12) unstable; urgency=medium . * Update to grub2 2.04-12 grub-efi-arm64-signed (1+2.04+11) unstable; urgency=medium . * Update to grub2 2.04-11 grub-efi-arm64-signed (1+2.04+10) unstable; urgency=medium . * Update to grub2 2.04-10 grub-efi-arm64-signed (1+2.04+9) unstable; urgency=high . * Update to grub2 2.04-9 grub-efi-arm64-signed (1+2.04+8) unstable; urgency=medium . * Update to grub2 2.04-8 grub-efi-arm64-signed (1+2.04+7) unstable; urgency=medium . * Update to grub2 2.04-7 grub-efi-arm64-signed (1+2.04+6) unstable; urgency=medium . * Update to grub2 2.04-6 grub-efi-arm64-signed (1+2.04+5) unstable; urgency=medium . * Update to grub2 2.04-5 grub-efi-arm64-signed (1+2.04+4) unstable; urgency=medium . * Update to grub2 2.04-4 grub-efi-arm64-signed (1+2.04+3) unstable; urgency=medium . * Update to grub2 2.04-3 grub-efi-arm64-signed (1+2.04+2) unstable; urgency=medium . * Update to grub2 2.04-2 grub-efi-arm64-signed (1+2.04+1) unstable; urgency=medium . * Update to grub2 2.04-1 grub-efi-arm64-signed (1+2.04~rc1+3) experimental; urgency=medium . * Update to grub2 2.04~rc1-3 grub-efi-arm64-signed (1+2.04~rc1+2) experimental; urgency=medium . * Update to grub2 2.04~rc1-2 grub-efi-arm64-signed (1+2.04~rc1+1) experimental; urgency=medium . * Update to grub2 2.04~rc1-1 grub-efi-ia32-signed (1+2.06+3~deb10u1) buster; urgency=medium . * Update to grub2 2.06-3~deb10u1 grub-efi-ia32-signed (1+2.06+2) unstable; urgency=medium . * Update to grub2 2.06-2 grub-efi-ia32-signed (1+2.04+20) unstable; urgency=medium . * Update to grub2 2.04-20 grub-efi-ia32-signed (1+2.04+19) unstable; urgency=medium . * Update to grub2 2.04-19 grub-efi-ia32-signed (1+2.04+18) unstable; urgency=medium . * Update to grub2 2.04-18 grub-efi-ia32-signed (1+2.04+17) unstable; urgency=medium . * Update to grub2 2.04-17 grub-efi-ia32-signed (1+2.04+16) unstable; urgency=medium . * Update to grub2 2.04-16 grub-efi-ia32-signed (1+2.04+15) unstable; urgency=medium . * Update to grub2 2.04-15 grub-efi-ia32-signed (1+2.04+14) unstable; urgency=medium . * Update to grub2 2.04-14 grub-efi-ia32-signed (1+2.04+12) unstable; urgency=medium . * Update to grub2 2.04-12 grub-efi-ia32-signed (1+2.04+11) unstable; urgency=medium . * Update to grub2 2.04-11 grub-efi-ia32-signed (1+2.04+10) unstable; urgency=medium . * Update to grub2 2.04-10 grub-efi-ia32-signed (1+2.04+9) unstable; urgency=high . * Update to grub2 2.04-9 grub-efi-ia32-signed (1+2.04+8) unstable; urgency=medium . * Update to grub2 2.04-8 grub-efi-ia32-signed (1+2.04+7) unstable; urgency=medium . * Update to grub2 2.04-7 grub-efi-ia32-signed (1+2.04+6) unstable; urgency=medium . * Update to grub2 2.04-6 grub-efi-ia32-signed (1+2.04+5) unstable; urgency=medium . * Update to grub2 2.04-5 grub-efi-ia32-signed (1+2.04+4) unstable; urgency=medium . * Update to grub2 2.04-4 grub-efi-ia32-signed (1+2.04+3) unstable; urgency=medium . * Update to grub2 2.04-3 grub-efi-ia32-signed (1+2.04+2) unstable; urgency=medium . * Update to grub2 2.04-2 grub-efi-ia32-signed (1+2.04+1) unstable; urgency=medium . * Update to grub2 2.04-1 grub-efi-ia32-signed (1+2.04~rc1+3) experimental; urgency=medium . * Update to grub2 2.04~rc1-3 grub-efi-ia32-signed (1+2.04~rc1+2) experimental; urgency=medium . * Update to grub2 2.04~rc1-2 grub-efi-ia32-signed (1+2.04~rc1+1) experimental; urgency=medium . * Update to grub2 2.04~rc1-1 grub2 (2.06-3~deb10u1) buster; urgency=medium . [ Steve McIntyre ] * Switch to upstream 2.06 release, and rebuild for buster. - Tweak build-deps etc. for the rebuild. * Updated the 2.06-3 changelog to mention closure of CVE-2022-28736 * Re-enable os-prober by default, don't make that change in a stable update. grub2 (2.06-2) unstable; urgency=medium . * Update to minilzo-2.10, fixing build failures on armel, mips64el, mipsel, and ppc64el. grub2 (2.06-1) unstable; urgency=medium . * Use "command -v" in maintainer scripts rather than "which". * New upstream release. - Switch to the upstream shim_lock verifier, dropping several more manual checks for UEFI Secure Boot. * Cherry-pick from upstream: - fs/xfs: Fix unreadable filesystem with v4 superblock - tests/ahci: Change "ide-drive" deprecated QEMU device name to "ide-hd" (closes: #997100) * Remove dir_to_symlink maintainer script code, which was only needed for upgrades from before jessie. grub2 (2.04-20) unstable; urgency=medium . [ Mathieu Trudel-Lapierre ] * tpm: Pass unknown error as non-fatal, but debug print the error we got (closes: #940911, LP: #1848892). grub2 (2.04-19) unstable; urgency=medium . * Resync grub-install backup and restore patches from upstream, fixing problems that left the system unbootable after certain kinds of failure (closes: #983435). grub2 (2.04-18) unstable; urgency=medium . [ Steve McIntyre ] * Enable the shim_lock and tpm modules for i386-efi too. Ensure that tpm is included in our EFI images. * List the modules we include the EFI images - make it easier to debug things. * Add debug to display what's going on with verifiers . [ Colin Watson ] * util/mkimage: Some fixes to PE binaries section size calculation (closes: #987103). grub2 (2.04-17) unstable; urgency=medium . * Pass --sbat when building the d-i netboot image as well. * i386-pc: build verifiers API as module (thanks, Michael Chang; closes: #984488, #985374). grub2 (2.04-16) unstable; urgency=medium . * Fix broken advice in message when the postinst has to bail out (thanks to Daniel Leidert for pointing out the problem). * Backport security patch series from upstream: - verifiers: Move verifiers API to kernel image - kern: Add lockdown support - kern/lockdown: Set a variable if the GRUB is locked down - efi: Lockdown the GRUB when the UEFI Secure Boot is enabled - efi: Use grub_is_lockdown() instead of hardcoding a disabled modules list - CVE-2020-14372: acpi: Don't register the acpi command when locked down - CVE-2020-27779: mmap: Don't register cutmem and badram commands when lockdown is enforced - commands: Restrict commands that can load BIOS or DT blobs when locked down - commands/setpci: Restrict setpci command when locked down - commands/hdparm: Restrict hdparm command when locked down - gdb: Restrict GDB access when locked down - loader/xnu: Don't allow loading extension and packages when locked down - docs: Document the cutmem command - CVE-2020-25632: dl: Only allow unloading modules that are not dependencies - CVE-2020-25647: usb: Avoid possible out-of-bound accesses caused by malicious devices - mmap: Fix memory leak when iterating over mapped memory - net/net: Fix possible dereference to of a NULL pointer - net/tftp: Fix dangling memory pointer - kern/parser: Fix resource leak if argc == 0 - kern/efi: Fix memory leak on failure - kern/efi/mm: Fix possible NULL pointer dereference - gnulib/regexec: Resolve unused variable - gnulib/regcomp: Fix uninitialized token structure - gnulib/argp-help: Fix dereference of a possibly NULL state - gnulib/regexec: Fix possible null-dereference - gnulib/regcomp: Fix uninitialized re_token - io/lzopio: Resolve unnecessary self-assignment errors - zstd: Initialize seq_t structure fully - kern/partition: Check for NULL before dereferencing input string - disk/ldm: Make sure comp data is freed before exiting from make_vg() - disk/ldm: If failed then free vg variable too - disk/ldm: Fix memory leak on uninserted lv references - disk/cryptodisk: Fix potential integer overflow - hfsplus: Check that the volume name length is valid - zfs: Fix possible negative shift operation - zfs: Fix resource leaks while constructing path - zfs: Fix possible integer overflows - zfsinfo: Correct a check for error allocating memory - affs: Fix memory leaks - libgcrypt/mpi: Fix possible unintended sign extension - libgcrypt/mpi: Fix possible NULL dereference - syslinux: Fix memory leak while parsing - normal/completion: Fix leaking of memory when processing a completion - commands/hashsum: Fix a memory leak - video/efi_gop: Remove unnecessary return value of grub_video_gop_fill_mode_info() - video/fb/fbfill: Fix potential integer overflow - video/fb/video_fb: Fix multiple integer overflows - video/fb/video_fb: Fix possible integer overflow - video/readers/jpeg: Test for an invalid next marker reference from a jpeg file - gfxmenu/gui_list: Remove code that coverity is flagging as dead - loader/bsd: Check for NULL arg up-front - loader/xnu: Fix memory leak - loader/xnu: Free driverkey data when an error is detected in grub_xnu_writetree_toheap() - loader/xnu: Check if pointer is NULL before using it - util/grub-install: Fix NULL pointer dereferences - util/grub-editenv: Fix incorrect casting of a signed value - util/glue-efi: Fix incorrect use of a possibly negative value - script/execute: Fix NULL dereference in grub_script_execute_cmdline() - commands/ls: Require device_name is not NULL before printing - script/execute: Avoid crash when using "$#" outside a function scope - CVE-2021-20225: lib/arg: Block repeated short options that require an argument - script/execute: Don't crash on a "for" loop with no items - CVE-2021-20233: commands/menuentry: Fix quoting in setparams_prefix() - kern/misc: Always set *end in grub_strtoull() - video/readers/jpeg: Catch files with unsupported quantization or Huffman tables - video/readers/jpeg: Catch OOB reads/writes in grub_jpeg_decode_du() - video/readers/jpeg: Don't decode data before start of stream - term/gfxterm: Don't set up a font with glyphs that are too big - fs/fshelp: Catch impermissibly large block sizes in read helper - fs/hfsplus: Don't fetch a key beyond the end of the node - fs/hfsplus: Don't use uninitialized data on corrupt filesystems - fs/hfs: Disable under lockdown - fs/sfs: Fix over-read of root object name - fs/jfs: Do not move to leaf level if name length is negative - fs/jfs: Limit the extents that getblk() can consider - fs/jfs: Catch infinite recursion - fs/nilfs2: Reject too-large keys - fs/nilfs2: Don't search children if provided number is too large - fs/nilfs2: Properly bail on errors in grub_nilfs2_btree_node_lookup() - io/gzio: Bail if gzio->tl/td is NULL - io/gzio: Add init_dynamic_block() clean up if unpacking codes fails - io/gzio: Catch missing values in huft_build() and bail - io/gzio: Zero gzio->tl/td in init_dynamic_block() if huft_build() fails - disk/lvm: Don't go beyond the end of the data we read from disk - disk/lvm: Don't blast past the end of the circular metadata buffer - disk/lvm: Bail on missing PV list - disk/lvm: Do not crash if an expected string is not found - disk/lvm: Do not overread metadata - disk/lvm: Sanitize rlocn->offset to prevent wild read - disk/lvm: Do not allow a LV to be it's own segment's node's LV - fs/btrfs: Validate the number of stripes/parities in RAID5/6 - fs/btrfs: Squash some uninitialized reads - kern/parser: Fix a memory leak - kern/parser: Introduce process_char() helper - kern/parser: Introduce terminate_arg() helper - kern/parser: Refactor grub_parser_split_cmdline() cleanup - kern/buffer: Add variable sized heap buffer - CVE-2020-27749: kern/parser: Fix a stack buffer overflow - kern/efi: Add initial stack protector implementation - util/mkimage: Remove unused code to add BSS section - util/mkimage: Use grub_host_to_target32() instead of grub_cpu_to_le32() - util/mkimage: Always use grub_host_to_target32() to initialize PE stack and heap stuff - util/mkimage: Unify more of the PE32 and PE32+ header set-up - util/mkimage: Reorder PE optional header fields set-up - util/mkimage: Improve data_size value calculation - util/mkimage: Refactor section setup to use a helper - util/mkimage: Add an option to import SBAT metadata into a .sbat section - grub-install-common: Add --sbat option - kern/misc: Split parse_printf_args() into format parsing and va_list handling - kern/misc: Add STRING type for internal printf() format handling - kern/misc: Add function to check printf() format against expected format - gfxmenu/gui: Check printf() format in the gui_progress_bar and gui_label - kern/mm: Fix grub_debug_calloc() compilation error * Add SBAT section (thanks, Chris Coulson). grub2 (2.04-15) unstable; urgency=medium . * Demote grub-common → mtools dependency to Suggests, to go with xorriso; explain the situation in the package description (closes: #982313). grub2 (2.04-14) unstable; urgency=medium . [ Raphaël Hertzog ] * Extend grub-efi to also cover arm64/ia64/arm (closes: #981819). . [ Colin Watson ] * Cherry-pick from upstream: - grub-install: Fix inverted test for NLS enabled when copying locales (closes: #979754). * Fix handling of trailing commas in grub-pc/install_devices (closes: #913928). * Make grub-firmware-qemu Recommend/Enhance qemu-system-x86, not qemu (closes: #966243). * Make grub-common depend on mtools on EFI platforms, for grub-mkrescue (closes: #774910). grub2 (2.04-13) unstable; urgency=medium . [ Steve McIntyre ] * Switch to using the efivarfs interface for detecting "system setup" (Closes: #979299) grub2 (2.04-12) unstable; urgency=medium . * Cherry-pick from upstream: - mdraid1x_linux: Fix gcc10 error -Werror=array-bounds - zfs: Fix gcc10 error -Werror=zero-length-bounds * Build with GCC 10 (closes: #978515). grub2 (2.04-11) unstable; urgency=medium . * grub-install: Fix backup restoration on i386. grub2 (2.04-10) unstable; urgency=medium . [ Ian Campbell ] * Remove myself from uploaders. . [ Colin Watson ] * When upgrading grub-pc noninteractively, bail out if grub-install fails. It's better to fail the upgrade than to produce a possibly-unbootable system. * Explicitly check whether the target device exists before running grub-install, since grub-install copies modules to /boot/grub/ before installing the core image, and the new modules might be incompatible with the old core image (closes: #966575). * Cherry-pick from upstream: - tftp: Roll-over block counter to prevent data packets timeouts (LP: #1892290). . [ Dimitri John Ledkov ] * grub-install: Add backup and restore. * Don't call grub-install on fresh install of grub-pc. It's the job of installers to do that after a fresh install. grub2 (2.04-9) unstable; urgency=high . * Backport security patch series from upstream: - CVE-2020-10713: yylex: Make lexer fatal errors actually be fatal - safemath: Add some arithmetic primitives that check for overflow - calloc: Make sure we always have an overflow-checking calloc() available - CVE-2020-14308: calloc: Use calloc() at most places - CVE-2020-14309, CVE-2020-14310, CVE-2020-14311: malloc: Use overflow checking primitives where we do complex allocations - iso9660: Don't leak memory on realloc() failures - font: Do not load more than one NAME section - gfxmenu: Fix double free in load_image() - xnu: Fix double free in grub_xnu_devprop_add_property() - lzma: Make sure we don't dereference past array - term: Fix overflow on user inputs - udf: Fix memory leak - multiboot2: Fix memory leak if grub_create_loader_cmdline() fails - tftp: Do not use priority queue - relocator: Protect grub_relocator_alloc_chunk_addr() input args against integer underflow/overflow - relocator: Protect grub_relocator_alloc_chunk_align() max_addr against integer underflow - script: Remove unused fields from grub_script_function struct - CVE-2020-15706: script: Avoid a use-after-free when redefining a function during execution - relocator: Fix grub_relocator_alloc_chunk_align() top memory allocation - hfsplus: fix two more overflows - lvm: fix two more potential data-dependent alloc overflows - emu: make grub_free(NULL) safe - efi: fix some malformed device path arithmetic errors - Fix a regression caused by "efi: fix some malformed device path arithmetic errors" - update safemath with fallback code for gcc older than 5.1 - efi: Fix use-after-free in halt/reboot path - linux loader: avoid overflow on initrd size calculation * CVE-2020-15707: linux: Fix integer overflows in initrd size handling * Apply overflow checking to allocations in Debian patches: - bootp: Fix integer overflow in parse_dhcp6_option - unix/config: Fix integer overflow in grub_util_load_config - deviceiter: Fix integer overflow in grub_util_iterate_devices grub2 (2.04-8) unstable; urgency=medium . [ Vincent Lefevre ] * Fix typos in /etc/grub.d/05_debian_theme. Closes: #959484 . [ Fabian Greffrath ] * Change font dependency to fonts-dejavu-core. Closes: #912846 . [ Colin Watson ] * Cherry-pick from upstream: - templates/20_linux_xen: Ignore xenpolicy and config files too. - templates/20_linux_xen: Support Xen Security Modules (XSM/FLASK). . [ Ian Jackson ] * 20_linux_xen: Do not load XSM policy in non-XSM options (closes: #961673). grub2 (2.04-7) unstable; urgency=medium . [ Christian Göttsche ] * Create grub default configuration with default SELinux context. . [ Steve McIntyre ] * In the signed packages, change the version dependency on grub-common to be >= and not =. This will allow for installation in unstable to still work in the window while we wait for the template package to do its second trip through the archive. * Tweak the build-dep architecture listing for libefiboot-dev and libefivar-dev. The linux-* wildcards don't work in the way expected, and were missing out (at least) armhf and armel. Closes: #958461 grub2 (2.04-6) unstable; urgency=medium . [ Romain Perier ] * Add f2fs module to signed UEFI images . [ Steve McIntyre ] * Add jfs module to signed UEFI images. Closes: #950959 . [ Colin Watson ] * Drop mkconfig-mid-upgrade.patch; it was only needed for upgrades from GRUB 1.99 (now a long time ago) and can inappropriately hide problems when /etc/grub.d/00_header should have been updated but wasn't (closes: #953201). * Cherry-pick from upstream: - btrfs: Add support for new RAID1C34 profiles (closes: #958236). grub2 (2.04-5) unstable; urgency=medium . * Cherry-pick from upstream: - verifiers: Blocklist fallout cleanup (this was one cause of a build failure on hurd-i386, though may not be the only one). * Only recommend grub-efi-*-signed on the architectures where they exist. grub2 (2.04-4) unstable; urgency=medium . [ Thomas Gaugler ] * Add leading / to prefix of network boot image for d-i. . [ Martin von Wittich ] * upgrade-from-grub-legacy: Set DPKG_MAINTSCRIPT_NAME and DPKG_MAINTSCRIPT_PACKAGE when calling grub-pc.postinst manually (closes: #943387). . [ Colin Watson ] * Use policy-compliant architecture wildcards in libefiboot-dev and libefivar-dev build-dependencies. * Build with GCC 9 (closes: #944166). grub2 (2.04-3) unstable; urgency=medium . * Apply patch from James Clarke to fix BIOS Boot Partition support on sparc64 (closes: #931969). * Fix UEFI installation for Devuan (thanks, Ivan J.; closes: #932966). * Add probe module to signed UEFI images (closes: #936082). grub2 (2.04-2) unstable; urgency=medium . [ James Clarke ] * Only Build-Depend on libefiboot-dev and libefivar-dev on Linux architectures, since they're Linux-only. . [ Colin Watson ] * Use debhelper-compat instead of debian/compat. * debian/apport/source_grub2.py: - Avoid star import. - Fix flake8 errors. * Run gentpl.py with python3. grub2 (2.04-1) unstable; urgency=medium . * New upstream release. * debian/upstream/signing-key.asc: Add signing key of new upstream maintainer (Daniel Kiper). . grub2 (2.04~rc1-3) experimental; urgency=medium . [ Will Thompson ] * Fix --disable-quiet-boot. . [ Steve Langasek ] * If we don't have writable grubenv and we're on EFI, always show the menu (merged from Ubuntu). . [ Steve McIntyre ] * Make all the signed EFI arches have a Recommends: from grub-efi-ARCH-signed to shim-signed, not just amd64. Closes: #931038 * Add myself to Uploaders . [ Colin Watson ] * Squash linuxefi* patches into a single patch. . grub2 (2.04~rc1-2) experimental; urgency=medium . [ Colin Watson ] * debian/build-efi-images: Add tpm on x86_64-efi (thanks, Chris Coulson). . [ Steve McIntyre ] * Add the ntfs module to signed UEFI images. Closes: #923855 * Add the cpuid module to signed UEFI images. Closes: #928628 * Add the play module to signed UEFI images. Closes: #930290 * Add an extra di-specific version of the UEFI netboot image with a different baked-in prefix value. Helps to fix #928750. * Deal with --force-extra-removable with signed shim too. Closes: #930531 . grub2 (2.04~rc1-1) experimental; urgency=medium . * New upstream release candidate. - getroot: Save/restore CWD more reliably on Unix (closes: #918700). * Rename patches to use "-" as a separator rather than "_" (except when referring to a file, function, or command containing a "_"). * Fix format of debian/copyright. grub2 (2.04~rc1-3) experimental; urgency=medium . [ Will Thompson ] * Fix --disable-quiet-boot. . [ Steve Langasek ] * If we don't have writable grubenv and we're on EFI, always show the menu (merged from Ubuntu). . [ Steve McIntyre ] * Make all the signed EFI arches have a Recommends: from grub-efi-ARCH-signed to shim-signed, not just amd64. Closes: #931038 * Add myself to Uploaders . [ Colin Watson ] * Squash linuxefi* patches into a single patch. grub2 (2.04~rc1-2) experimental; urgency=medium . [ Colin Watson ] * debian/build-efi-images: Add tpm on x86_64-efi (thanks, Chris Coulson). . [ Steve McIntyre ] * Add the ntfs module to signed UEFI images. Closes: #923855 * Add the cpuid module to signed UEFI images. Closes: #928628 * Add the play module to signed UEFI images. Closes: #930290 * Add an extra di-specific version of the UEFI netboot image with a different baked-in prefix value. Helps to fix #928750. * Deal with --force-extra-removable with signed shim too. Closes: #930531 grub2 (2.04~rc1-1) experimental; urgency=medium . * New upstream release candidate. - getroot: Save/restore CWD more reliably on Unix (closes: #918700). * Rename patches to use "-" as a separator rather than "_" (except when referring to a file, function, or command containing a "_"). * Fix format of debian/copyright. gsasl (1.8.0-8+deb10u1) buster-security; urgency=medium . * CVE-2022-2469 gzip (1.9-3+deb10u1) buster-security; urgency=high . * zgrep: fix arbitrary-file-write vulnerability addressing CVE-2022-1271 (closes: #1009168) * debian/rules: set execute mode bit on test scripts htmldoc (1.9.3-1+deb10u4) buster; urgency=medium . * Non-maintainer upload. * CVE-2022-24191 Infinite loop in the gif_read_lzw function can lead to a pointer arbitrarily pointing to heap memory and resulting in a buffer overflow. * CVE-2022-27114 Integer Overflow bugs in image.cxx, malloc function may return a heap block smaller than the expected size, and it will cause a buffer overflow/Address boundary error in the jpeg_read_scanlines function. * CVE-2022-28085 A heap buffer overflow in the function pdf_write_names in ps-pdf.cxx may lead to arbitrary code execution and Denial of Service (DoS). intel-microcode (3.20220510.1~deb10u1) buster-security; urgency=medium . * Backport to Debian buster (no relevant changes) * Update upstream changelog with INTEL-00615 information * Mitigates INTEL-00615: CVE-2022-21151, CVE-2022-21166, CVE-2022-21127, CVE-2022-21125, CVE-2022-21123 . intel-microcode (3.20220510.1) unstable; urgency=medium . * New upstream microcode datafile 20220510 * Fixes INTEL-SA-000617, CVE-2022-21151: Processor optimization removal or modification of security-critical code may allow an authenticated user to potentially enable information disclosure via local access (closes: #1010947) * Fixes several errata (functional issues) on Xeon Scalable, Atom C3000, Atom E3900 * New Microcodes: sig 0x00090672, pf_mask 0x03, 2022-03-03, rev 0x001f, size 212992 sig 0x00090675, pf_mask 0x03, 2022-03-03, rev 0x001f, size 212992 sig 0x000906a3, pf_mask 0x80, 2022-03-24, rev 0x041c, size 212992 sig 0x000906a4, pf_mask 0x80, 2022-03-24, rev 0x041c, size 212992 sig 0x000b06f2, pf_mask 0x03, 2022-03-03, rev 0x001f, size 212992 sig 0x000b06f5, pf_mask 0x03, 2022-03-03, rev 0x001f, size 212992 * Updated Microcodes: sig 0x00030679, pf_mask 0x0f, 2019-07-10, rev 0x090d, size 52224 sig 0x000406e3, pf_mask 0xc0, 2021-11-12, rev 0x00f0, size 106496 sig 0x00050653, pf_mask 0x97, 2021-11-13, rev 0x100015d, size 34816 sig 0x00050654, pf_mask 0xb7, 2021-11-13, rev 0x2006d05, size 43008 sig 0x00050656, pf_mask 0xbf, 2021-12-10, rev 0x4003302, size 37888 sig 0x00050657, pf_mask 0xbf, 2021-12-10, rev 0x5003302, size 37888 sig 0x0005065b, pf_mask 0xbf, 2021-11-19, rev 0x7002501, size 29696 sig 0x000506c9, pf_mask 0x03, 2021-11-16, rev 0x0048, size 17408 sig 0x000506e3, pf_mask 0x36, 2021-11-12, rev 0x00f0, size 109568 sig 0x000506f1, pf_mask 0x01, 2021-12-02, rev 0x0038, size 11264 sig 0x000606a6, pf_mask 0x87, 2022-03-30, rev 0xd000363, size 294912 sig 0x000706a1, pf_mask 0x01, 2021-11-22, rev 0x003a, size 75776 sig 0x000706a8, pf_mask 0x01, 2021-11-22, rev 0x001e, size 75776 sig 0x000706e5, pf_mask 0x80, 2022-03-09, rev 0x00b0, size 112640 sig 0x000806a1, pf_mask 0x10, 2022-03-26, rev 0x0031, size 34816 sig 0x000806c1, pf_mask 0x80, 2022-02-01, rev 0x00a4, size 109568 sig 0x000806c2, pf_mask 0xc2, 2021-12-07, rev 0x0026, size 97280 sig 0x000806d1, pf_mask 0xc2, 2021-12-07, rev 0x003e, size 102400 sig 0x000806e9, pf_mask 0x10, 2021-11-12, rev 0x00f0, size 105472 sig 0x000806e9, pf_mask 0xc0, 2021-11-12, rev 0x00f0, size 105472 sig 0x000806ea, pf_mask 0xc0, 2021-11-12, rev 0x00f0, size 105472 sig 0x000806eb, pf_mask 0xd0, 2021-11-15, rev 0x00f0, size 105472 sig 0x000806ec, pf_mask 0x94, 2021-11-17, rev 0x00f0, size 105472 sig 0x00090661, pf_mask 0x01, 2022-02-03, rev 0x0016, size 20480 sig 0x000906c0, pf_mask 0x01, 2022-02-19, rev 0x24000023, size 20480 sig 0x000906e9, pf_mask 0x2a, 2021-11-12, rev 0x00f0, size 108544 sig 0x000906ea, pf_mask 0x22, 2021-11-15, rev 0x00f0, size 104448 sig 0x000906eb, pf_mask 0x02, 2021-11-12, rev 0x00f0, size 105472 sig 0x000906ec, pf_mask 0x22, 2021-11-15, rev 0x00f0, size 104448 sig 0x000906ed, pf_mask 0x22, 2021-11-16, rev 0x00f0, size 104448 sig 0x000a0652, pf_mask 0x20, 2021-11-16, rev 0x00f0, size 96256 sig 0x000a0653, pf_mask 0x22, 2021-11-15, rev 0x00f0, size 97280 sig 0x000a0655, pf_mask 0x22, 2021-11-16, rev 0x00f0, size 96256 sig 0x000a0660, pf_mask 0x80, 2021-11-15, rev 0x00f0, size 96256 sig 0x000a0661, pf_mask 0x80, 2021-11-16, rev 0x00f0, size 96256 sig 0x000a0671, pf_mask 0x02, 2022-03-09, rev 0x0053, size 103424 * source: update symlinks to reflect id of the latest release, 20220510 . intel-microcode (3.20220419.1) unstable; urgency=medium . * New upstream microcode datafile 20220419 * Fixes errata APLI-11 in Atom E3900 series processors * Updated Microcodes: sig 0x000506ca, pf_mask 0x03, 2021-11-16, rev 0x0028, size 16384 * source: update symlinks to reflect id of the latest release, 20220419 intel-microcode (3.20220207.1) unstable; urgency=medium . * upstream changelog: new upstream datafile 20220207 * Mitigates (*only* when loaded from UEFI firmware through the FIT) CVE-2021-0146, INTEL-SA-00528: VT-d privilege escalation through debug port, on Pentium, Celeron and Atom processors with signatures 0x506c9, 0x506ca, 0x506f1, 0x706a1, 0x706a8 https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/57#issuecomment-1036363145 * Mitigates CVE-2021-0127, INTEL-SA-00532: an unexpected code breakpoint may cause a system hang, on many processors. * Mitigates CVE-2021-0145, INTEL-SA-00561: information disclosure due to improper sanitization of shared resources (fast-store forward predictor), on many processors. * Mitigates CVE-2021-33120, INTEL-SA-00589: out-of-bounds read on some Atom Processors may allow information disclosure or denial of service via network access. * Fixes critical errata (functional issues) on many processors * Adds a MSR switch to enable RAPL filtering (default off, once enabled it can only be disabled by poweroff or reboot). Useful to protect SGX and other threads from side-channel info leak. Improves the mitigation for CVE-2020-8694, CVE-2020-8695, INTEL-SA-00389 on many processors. * Disables TSX in more processor models. * Fixes issue with WBINDV on multi-socket (server) systems which could cause resets and unpredictable system behavior. * Adds a MSR switch to 10th and 11th-gen (Ice Lake, Tiger Lake, Rocket Lake) processors, to control a fix for (hopefully rare) unpredictable processor behavior when HyperThreading is enabled. This MSR switch is enabled by default on *server* processors. On other processors, it needs to be explicitly enabled by an updated UEFI/BIOS (with added configuration logic). An updated operating system kernel might also be able to enable it. When enabled, this fix can impact performance. * Updated Microcodes: sig 0x000306f2, pf_mask 0x6f, 2021-08-11, rev 0x0049, size 38912 sig 0x000306f4, pf_mask 0x80, 2021-05-24, rev 0x001a, size 23552 sig 0x000406e3, pf_mask 0xc0, 2021-04-28, rev 0x00ec, size 105472 sig 0x00050653, pf_mask 0x97, 2021-05-26, rev 0x100015c, size 34816 sig 0x00050654, pf_mask 0xb7, 2021-06-16, rev 0x2006c0a, size 43008 sig 0x00050656, pf_mask 0xbf, 2021-08-13, rev 0x400320a, size 35840 sig 0x00050657, pf_mask 0xbf, 2021-08-13, rev 0x500320a, size 36864 sig 0x0005065b, pf_mask 0xbf, 2021-06-04, rev 0x7002402, size 28672 sig 0x00050663, pf_mask 0x10, 2021-06-12, rev 0x700001c, size 28672 sig 0x00050664, pf_mask 0x10, 2021-06-12, rev 0xf00001a, size 27648 sig 0x00050665, pf_mask 0x10, 2021-09-18, rev 0xe000014, size 23552 sig 0x000506c9, pf_mask 0x03, 2021-05-10, rev 0x0046, size 17408 sig 0x000506ca, pf_mask 0x03, 2021-05-10, rev 0x0024, size 16384 sig 0x000506e3, pf_mask 0x36, 2021-04-29, rev 0x00ec, size 108544 sig 0x000506f1, pf_mask 0x01, 2021-05-10, rev 0x0036, size 11264 sig 0x000606a6, pf_mask 0x87, 2021-12-03, rev 0xd000331, size 291840 sig 0x000706a1, pf_mask 0x01, 2021-05-10, rev 0x0038, size 74752 sig 0x000706a8, pf_mask 0x01, 2021-05-10, rev 0x001c, size 75776 sig 0x000706e5, pf_mask 0x80, 2021-05-26, rev 0x00a8, size 110592 sig 0x000806a1, pf_mask 0x10, 2021-09-02, rev 0x002d, size 34816 sig 0x000806c1, pf_mask 0x80, 2021-08-06, rev 0x009a, size 109568 sig 0x000806c2, pf_mask 0xc2, 2021-07-16, rev 0x0022, size 96256 sig 0x000806d1, pf_mask 0xc2, 2021-07-16, rev 0x003c, size 101376 sig 0x000806e9, pf_mask 0x10, 2021-04-28, rev 0x00ec, size 104448 sig 0x000806e9, pf_mask 0xc0, 2021-04-28, rev 0x00ec, size 104448 sig 0x000806ea, pf_mask 0xc0, 2021-04-28, rev 0x00ec, size 103424 sig 0x000806eb, pf_mask 0xd0, 2021-04-28, rev 0x00ec, size 104448 sig 0x000806ec, pf_mask 0x94, 2021-04-28, rev 0x00ec, size 104448 sig 0x00090661, pf_mask 0x01, 2021-09-21, rev 0x0015, size 20480 sig 0x000906c0, pf_mask 0x01, 2021-08-09, rev 0x2400001f, size 20480 sig 0x000906e9, pf_mask 0x2a, 2021-04-29, rev 0x00ec, size 106496 sig 0x000906ea, pf_mask 0x22, 2021-04-28, rev 0x00ec, size 102400 sig 0x000906eb, pf_mask 0x02, 2021-04-28, rev 0x00ec, size 104448 sig 0x000906ec, pf_mask 0x22, 2021-04-28, rev 0x00ec, size 103424 sig 0x000906ed, pf_mask 0x22, 2021-04-28, rev 0x00ec, size 103424 sig 0x000a0652, pf_mask 0x20, 2021-04-28, rev 0x00ec, size 93184 sig 0x000a0653, pf_mask 0x22, 2021-04-28, rev 0x00ec, size 94208 sig 0x000a0655, pf_mask 0x22, 2021-04-28, rev 0x00ee, size 94208 sig 0x000a0660, pf_mask 0x80, 2021-04-28, rev 0x00ea, size 94208 sig 0x000a0661, pf_mask 0x80, 2021-04-29, rev 0x00ec, size 93184 sig 0x000a0671, pf_mask 0x02, 2021-08-29, rev 0x0050, size 102400 * Removed Microcodes: sig 0x00080664, pf_mask 0x01, 2021-02-17, rev 0xb00000f, size 130048 sig 0x00080665, pf_mask 0x01, 2021-02-17, rev 0xb00000f, size 130048 * update .gitignore and debian/.gitignore. Add some missing items from .gitignore and debian/.gitignore. * ucode-blacklist: do not late-load 0x406e3 and 0x506e3. When the BIOS microcode is older than revision 0x7f (and perhaps in some other cases as well), the latest microcode updates for 0x406e3 and 0x506e3 must be applied using the early update method. Otherwise, the system might hang. Also: there must not be any other intermediate microcode update attempts [other than the one done by the BIOS itself], either. It must go from the BIOS microcode update directly to the latest microcode update. * source: update symlinks to reflect id of the latest release, 20220207 intel-microcode (3.20220207.1~deb11u1) bullseye; urgency=medium . * Backport for Debian stable (no changes) * Release manager: this is the same package already in bullseye-backports, testing and unstable. It fixes several security issues, adds MSRs that can be enabled by updated kernels for enhanced security mitigaton, and also fixes several critical "functional issues" (i.e. processor errata). There were no reports to date of regressions introduced by this microcode drelease. . intel-microcode (3.20220207.1) unstable; urgency=medium . * upstream changelog: new upstream datafile 20220207 * Mitigates (*only* when loaded from UEFI firmware through the FIT) CVE-2021-0146, INTEL-SA-00528: VT-d privilege escalation through debug port, on Pentium, Celeron and Atom processors with signatures 0x506c9, 0x506ca, 0x506f1, 0x706a1, 0x706a8 https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/57#issuecomment-1036363145 * Mitigates CVE-2021-0127, INTEL-SA-00532: an unexpected code breakpoint may cause a system hang, on many processors. * Mitigates CVE-2021-0145, INTEL-SA-00561: information disclosure due to improper sanitization of shared resources (fast-store forward predictor), on many processors. * Mitigates CVE-2021-33120, INTEL-SA-00589: out-of-bounds read on some Atom Processors may allow information disclosure or denial of service via network access. * Fixes critical errata (functional issues) on many processors * Adds a MSR switch to enable RAPL filtering (default off, once enabled it can only be disabled by poweroff or reboot). Useful to protect SGX and other threads from side-channel info leak. Improves the mitigation for CVE-2020-8694, CVE-2020-8695, INTEL-SA-00389 on many processors. * Disables TSX in more processor models. * Fixes issue with WBINDV on multi-socket (server) systems which could cause resets and unpredictable system behavior. * Adds a MSR switch to 10th and 11th-gen (Ice Lake, Tiger Lake, Rocket Lake) processors, to control a fix for (hopefully rare) unpredictable processor behavior when HyperThreading is enabled. This MSR switch is enabled by default on *server* processors. On other processors, it needs to be explicitly enabled by an updated UEFI/BIOS (with added configuration logic). An updated operating system kernel might also be able to enable it. When enabled, this fix can impact performance. * Updated Microcodes: sig 0x000306f2, pf_mask 0x6f, 2021-08-11, rev 0x0049, size 38912 sig 0x000306f4, pf_mask 0x80, 2021-05-24, rev 0x001a, size 23552 sig 0x000406e3, pf_mask 0xc0, 2021-04-28, rev 0x00ec, size 105472 sig 0x00050653, pf_mask 0x97, 2021-05-26, rev 0x100015c, size 34816 sig 0x00050654, pf_mask 0xb7, 2021-06-16, rev 0x2006c0a, size 43008 sig 0x00050656, pf_mask 0xbf, 2021-08-13, rev 0x400320a, size 35840 sig 0x00050657, pf_mask 0xbf, 2021-08-13, rev 0x500320a, size 36864 sig 0x0005065b, pf_mask 0xbf, 2021-06-04, rev 0x7002402, size 28672 sig 0x00050663, pf_mask 0x10, 2021-06-12, rev 0x700001c, size 28672 sig 0x00050664, pf_mask 0x10, 2021-06-12, rev 0xf00001a, size 27648 sig 0x00050665, pf_mask 0x10, 2021-09-18, rev 0xe000014, size 23552 sig 0x000506c9, pf_mask 0x03, 2021-05-10, rev 0x0046, size 17408 sig 0x000506ca, pf_mask 0x03, 2021-05-10, rev 0x0024, size 16384 sig 0x000506e3, pf_mask 0x36, 2021-04-29, rev 0x00ec, size 108544 sig 0x000506f1, pf_mask 0x01, 2021-05-10, rev 0x0036, size 11264 sig 0x000606a6, pf_mask 0x87, 2021-12-03, rev 0xd000331, size 291840 sig 0x000706a1, pf_mask 0x01, 2021-05-10, rev 0x0038, size 74752 sig 0x000706a8, pf_mask 0x01, 2021-05-10, rev 0x001c, size 75776 sig 0x000706e5, pf_mask 0x80, 2021-05-26, rev 0x00a8, size 110592 sig 0x000806a1, pf_mask 0x10, 2021-09-02, rev 0x002d, size 34816 sig 0x000806c1, pf_mask 0x80, 2021-08-06, rev 0x009a, size 109568 sig 0x000806c2, pf_mask 0xc2, 2021-07-16, rev 0x0022, size 96256 sig 0x000806d1, pf_mask 0xc2, 2021-07-16, rev 0x003c, size 101376 sig 0x000806e9, pf_mask 0x10, 2021-04-28, rev 0x00ec, size 104448 sig 0x000806e9, pf_mask 0xc0, 2021-04-28, rev 0x00ec, size 104448 sig 0x000806ea, pf_mask 0xc0, 2021-04-28, rev 0x00ec, size 103424 sig 0x000806eb, pf_mask 0xd0, 2021-04-28, rev 0x00ec, size 104448 sig 0x000806ec, pf_mask 0x94, 2021-04-28, rev 0x00ec, size 104448 sig 0x00090661, pf_mask 0x01, 2021-09-21, rev 0x0015, size 20480 sig 0x000906c0, pf_mask 0x01, 2021-08-09, rev 0x2400001f, size 20480 sig 0x000906e9, pf_mask 0x2a, 2021-04-29, rev 0x00ec, size 106496 sig 0x000906ea, pf_mask 0x22, 2021-04-28, rev 0x00ec, size 102400 sig 0x000906eb, pf_mask 0x02, 2021-04-28, rev 0x00ec, size 104448 sig 0x000906ec, pf_mask 0x22, 2021-04-28, rev 0x00ec, size 103424 sig 0x000906ed, pf_mask 0x22, 2021-04-28, rev 0x00ec, size 103424 sig 0x000a0652, pf_mask 0x20, 2021-04-28, rev 0x00ec, size 93184 sig 0x000a0653, pf_mask 0x22, 2021-04-28, rev 0x00ec, size 94208 sig 0x000a0655, pf_mask 0x22, 2021-04-28, rev 0x00ee, size 94208 sig 0x000a0660, pf_mask 0x80, 2021-04-28, rev 0x00ea, size 94208 sig 0x000a0661, pf_mask 0x80, 2021-04-29, rev 0x00ec, size 93184 sig 0x000a0671, pf_mask 0x02, 2021-08-29, rev 0x0050, size 102400 * Removed Microcodes: sig 0x00080664, pf_mask 0x01, 2021-02-17, rev 0xb00000f, size 130048 sig 0x00080665, pf_mask 0x01, 2021-02-17, rev 0xb00000f, size 130048 * update .gitignore and debian/.gitignore. Add some missing items from .gitignore and debian/.gitignore. * ucode-blacklist: do not late-load 0x406e3 and 0x506e3. When the BIOS microcode is older than revision 0x7f (and perhaps in some other cases as well), the latest microcode updates for 0x406e3 and 0x506e3 must be applied using the early update method. Otherwise, the system might hang. Also: there must not be any other intermediate microcode update attempts [other than the one done by the BIOS itself], either. It must go from the BIOS microcode update directly to the latest microcode update. * source: update symlinks to reflect id of the latest release, 20220207 iptables-netflow (2.3-5+deb10u1) buster; urgency=high . * Fix DKMS build failure regression caused by Linux upstream changes in the 4.19.191 kernel by cherry-picking ipt_NETFLOW upstream commits adfc6318 (initial fix for kernel 5.9) and 352cdb28 (removing the special casing for older kernels). (Closes: #990123) isync (1.3.0-2.2~deb10u2) buster; urgency=medium . * Non-maintainer upload. * Fix CVE-2021-3657: A flaw was found in mbsync. Due to inadequate handling of extremely large (>=2GiB) IMAP literals, malicious or compromised IMAP servers, and hypothetically even external email senders, could cause several different buffer overflows, which could conceivably be exploited for remote code execution. kannel (1.4.5-2+deb10u1) buster; urgency=medium . * Non-maintainer upload. . [ Robie Basak ] * Disable PostScript documentation generation to fix the build now that ImageMagick PostScript conversion is no longer permitted. (Closes: #991058) krb5 (1.17-3+deb10u4) buster; urgency=medium . * Use SHA256 as Pkinit CMS Digest, Closes: #1017995 libapache2-mod-auth-openidc (2.3.10.2-1+deb10u1) buster; urgency=medium . * Add patch for CVE-2019-14857 (Closes: #942165) libdatetime-timezone-perl (1:2.23-1+2022b) buster; urgency=medium . * Update to Olson database version 2022b. This update includes contemporary changes for Chile and Iran. libhttp-cookiejar-perl (0.008-1+deb10u1) buster; urgency=medium . * Non-maintainer upload. * Add patch to fix FTBFS after 09 Jun 2021. (Closes: #991649) libnet-freedb-perl (0.10-2~deb10u1) buster; urgency=medium . * Non-maintainer upload. * Rebuild for buster. . libnet-freedb-perl (0.10-2) unstable; urgency=medium . * Add a patch to change the default host from the defunct freedb.freedb.org to gnudb.gnudb.org. Thanks to Adrian Bunk for the bug report. (Closes: #991089) libnet-ssleay-perl (1.85-2+deb10u1) buster; urgency=medium . * Non-maintainer upload. * Backport upstream fix for test failures with OpenSSL 1.1.1n. (Closes: #1008055) libpgjava (42.2.5-2+deb10u1) buster-security; urgency=high . * Team upload. * Fix CVE-2022-26520: An attacker (who controls the jdbc URL or properties) can call java.util.logging.FileHandler to write to arbitrary files through the loggerFile and loggerLevel connection properties. * Fix CVE-2022-21724: The JDBC driver did not verify if certain classes implemented the expected interface before instantiating the class. This can lead to code execution loaded via arbitrary classes. * CVE-2020-13692: Fix XXE vulnerability in PgSQLXML by disabling external access and doctypes. (Closes: #962828) librecad (2.1.3-1.2+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * CVE-2021-21898: A code execution vulnerability exists in the dwgCompressor::decompress18() functionality of LibreCad libdxfrw. A specially-crafted .dwg file can lead to an out-of-bounds write. * CVE-2021-21899: A code execution vulnerability exists in the dwgCompressor::copyCompBytes21 functionality of LibreCad libdxfrw. A specially-crafted .dwg file can lead to a heap buffer overflow. * CVE-2021-21900: A code execution vulnerability exists in the dxfRW::processLType() functionality of LibreCad libdxfrw. A specially-crafted .dxf file can lead to a use-after-free vulnerability. * CVE-2021-45341: Buffer overflow vulnerabilities in CDataMoji of the jwwlib component of LibreCAD allows an attacker to achieve Remote Code Execution using a crafted JWW document. * CVE-2021-45342: Buffer overflow vulnerabilities in CDataList of the jwwlib component of LibreCAD allows an attacker to achieve Remote Code Execution using a crafted JWW document. * CVE-2021-45343: a NULL pointer dereference in the HATCH handling of libdxfrw allows an attacker to crash the application using a crafted DXF document. librose-db-object-perl (1:0.815-1+deb10u1) buster; urgency=medium . * Non-maintainer upload. * Add upstream fix for test failure after 6/6/2020. (Closes: #962482) librsvg (2.44.10-2.1+deb10u3) buster; urgency=medium . * nalgebra-borrow-mutable-immutable.patch: - Update checksum for cg.rs. * cssparser-dont-assign-to-borrowed-variable.patch: - Fix another build failure with rustc 1.41. librsvg (2.44.10-2.1+deb10u2) buster; urgency=medium . * nalgebra-borrow-mutable-immutable.patch: fix build with rustc 1.41. * Don-t-drop-nodes-recursively-to-avoid-stack-over.patch: fix stack exhaustion due to recursion when freeing nodes, which caused FTBFS on ppc64el and s390x with the newly introduced tests for CVE-2019-20446. librsvg (2.44.10-2.1+deb10u1) buster; urgency=medium . * CVE-2019-20446: DoS via billion laughs attack. libvirt-php (0.5.4-3+deb10u1) buster; urgency=medium . * Add gbp.conf for debian/buster * Add patch to fix segmentation fault in libvirt_node_get_cpu_stats (Closes: #982804) libxml2 (2.9.4+dfsg1-7+deb10u4) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * Fix integer overflow in xmlBufferResize * Fix integer overflows in xmlBuf and xmlBuffer (CVE-2022-29824) (Closes: #1010526) linux (4.19.249-2) buster-security; urgency=medium . * swiotlb: skip swiotlb_bounce when orig_addr is zero (regression in 4.19.249) linux (4.19.249-1) buster-security; urgency=high . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.236 - Revert "xfrm: state and policy should fail if XFRMA_IF_ID 0" - xfrm: Check if_id in xfrm_migrate - xfrm: Fix xfrm migrate issues when address family changes - [x86] atm: firestream: check the return value of ioremap() in fs_init() - nl80211: Update bss channel on channel switch for P2P_CLIENT - tcp: make tcp_read_sock() more robust - sfc: extend the locking on mcdi->seqno - sched/topology: Make sched_init_numa() use a set for the deduplicating sort - sched/topology: Fix sched_domain_topology_level alloc in sched_init_numa() - cpuset: Fix unsafe lock order between cpuset lock and cpuslock - mm: fix dereference a null pointer in migrate[_huge]_page_move_mapping() - fs: sysfs_emit: Remove PAGE_SIZE alignment check - [arm64] Preparation for mitigating Spectre-BHB: + Add part number for Arm Cortex-A77 + Add Neoverse-N2, Cortex-A710 CPU part definition + Add Cortex-X2 CPU part definition + entry.S: Add ventry overflow sanity checks - [arm64] Mitigate Spectre v2-type Branch History Buffer attacks (CVE-2022-23960): + entry: Make the trampoline cleanup optional + entry: Free up another register on kpti's tramp_exit path + entry: Move the trampoline data page before the text page + entry: Allow tramp_alias to access symbols after the 4K boundary + entry: Don't assume tramp_vectors is the start of the vectors + entry: Move trampoline macros out of ifdef'd section + entry: Make the kpti trampoline's kpti sequence optional + entry: Allow the trampoline text to occupy multiple pages + entry: Add non-kpti __bp_harden_el1_vectors for mitigations + entry: Add vectors that have the bhb mitigation sequences + entry: Add macro for reading symbol addresses from the trampoline + Add percpu vectors for EL1 + proton-pack: Report Spectre-BHB vulnerabilities as part of Spectre-v2 + KVM: arm64: Add templates for BHB mitigation sequences + Mitigate spectre style branch history side channels + KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered and migrated + add ID_AA64ISAR2_EL1 sys register + Use the clearbhb instruction in mitigations - [arm64] crypto: qcom-rng - ensure buffer for generate is completely filled - ocfs2: fix crash when initialize filecheck kobj fails - efi: fix return value of __setup handlers - net/packet: fix slab-out-of-bounds access in packet_recvmsg() - atm: eni: Add check for dma_map_single - [x86] hv_netvsc: Add check for kvmalloc_array - [arm64,armhf] drm/panel: simple: Fix Innolux G070Y2-L01 BPP settings - net: handle ARPHRD_PIMREG in dev_is_mac_header_xmit() - [arm64,armhf] net: dsa: Add missing of_node_put() in dsa_port_parse_of - usb: gadget: rndis: prevent integer overflow in rndis_set_response() - usb: gadget: Fix use-after-free bug by not setting udc->dev.driver - Input: aiptek - properly check endpoint type - perf symbols: Fix symbol size calculation condition https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.237 - nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION (CVE-2022-26490) - net: ipv6: fix skb_over_panic in __ip6_append_data - esp: Fix possible buffer overflow in ESP transformation (CVE-2022-27666) - [x86] thermal: int340x: fix memory leak in int3400_notify() - llc: fix netdevice reference leaks in llc_ui_bind() (CVE-2022-28356) - ALSA: oss: Fix PCM OSS buffer allocation overflow - ALSA: pcm: Add stream lock during PCM reset ioctl operations - ALSA: usb-audio: Add mute TLV for playback volumes on RODE NT-USB - ALSA: cmipci: Restore aux vol on suspend/resume - ALSA: pci: fix reading of swapped values from pcmreg in AC97 codec - [arm64] drivers: net: xgene: Fix regression in CRC stripping - netfilter: nf_tables: initialize registers in nft_do_chain() (CVE-2022-1016) - [x86] ACPI / x86: Work around broken XSDT on Advantech DAC-BJ01 board - [x86] ACPI: battery: Add device HID and quirk for Microsoft Surface Go 3 - [x86] ACPI: video: Force backlight native for Clevo NL5xRU and NL5xNU - [x86] crypto: qat - disable registration of algorithms - mac80211: fix potential double free on mesh join - llc: only change llc->dev when bind() succeeds https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.238 - USB: serial: pl2303: add IBM device IDs - USB: serial: simple: add Nokia phone driver - netdevice: add the case if dev is NULL - xfrm: fix tunnel model fragmentation behavior - virtio_console: break out of buf poll on remove - ethernet: sun: Free the coherent when failing in probing - spi: Fix invalid sgs value - spi: Fix erroneous sgs value with min_t() - af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register (CVE-2022-1353) - fuse: fix pipe buffer lifetime for direct_io (CVE-2022-1011) - tpm: fix reference counting for struct tpm_chip - block: Add a helper to validate the block size - virtio-blk: Use blk_validate_block_size() to validate block size - USB: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c - xhci: make xhci_handshake timeout for xhci_reset() adjustable - iio: inkern: apply consumer scale on IIO_VAL_INT cases - iio: inkern: apply consumer scale when no channel scale is available - iio: inkern: make a best effort on offset calculation - ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE (CVE-2022-30594) - Documentation: add link to stable release candidate tree - Documentation: update stable tree link - SUNRPC: avoid race between mod_timer() and del_timer_sync() - NFSD: prevent underflow in nfssvc_decode_writeargs() - NFSD: prevent integer overflow on 32 bit systems - f2fs: fix to unlock page correctly in error path of is_alive() - [armhf] pinctrl: samsung: drop pin banks references on error paths - can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path (CVE-2022-28390) - jffs2: fix use-after-free in jffs2_clear_xattr_subsystem - jffs2: fix memory leak in jffs2_do_mount_fs - jffs2: fix memory leak in jffs2_scan_medium - mm/pages_alloc.c: don't create ZONE_MOVABLE beyond the end of a node - mm: invalidate hwpoison page cache page in fault path - mempolicy: mbind_range() set_policy() after vma_merge() - scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands - qed: display VF trust config - qed: validate and restrict untrusted VFs vlan promisc mode - Revert "Input: clear BTN_RIGHT/MIDDLE on buttonpads" - [i386] ALSA: cs4236: fix an incorrect NULL check on list iterator - ALSA: hda/realtek: Fix audio regression on Mi Notebook Pro 2020 - mm,hwpoison: unmap poisoned page before invalidation - drbd: fix potential silent data corruption - [powerpc*] kvm: Fix kvm_use_magic_page - ACPI: properties: Consistently return -ENOENT if there are no more references - drivers: hamradio: 6pack: fix UAF bug caused by mod_timer() (CVE-2022-1198) - block: don't merge across cgroup boundaries if blkcg is enabled - drm/edid: check basic audio support on CEA extension block - [armhf] dts: exynos: add missing HDMI supplies on SMDK5250 - [armhf] dts: exynos: add missing HDMI supplies on SMDK5420 - carl9170: fix missing bit-wise or operator for tx_params - [x86] thermal: int340x: Increase bitmap size - brcmfmac: firmware: Allocate space for default boardrev in nvram - brcmfmac: pcie: Replace brcmf_pcie_copy_mem_todev with memcpy_toio - PCI: pciehp: Clear cmd_busy bit in polling mode - [arm64] regulator: qcom_smd: fix for_each_child.cocci warnings - crypto: authenc - Fix sleep in atomic context in decrypt_tail - [arm64,armhf] spi: tegra114: Add missing IRQ check in tegra_spi_probe - [arm64] spi: pxa2xx-pci: Balance reference count for PCI DMA device - hwmon: (sch56xx-common) Replace WDOG_ACTIVE with WDOG_HW_RUNNING - block: don't delete queue kobject before its children - PM: hibernate: fix __setup handler error handling - PM: suspend: fix return value of __setup handler - clocksource/drivers/timer-of: Check return value of of_iomap in timer_of_base_init() - ACPI: APEI: fix return value of __setup handlers - [x86] crypto: ccp - ccp_dmaengine_unregister release dma channels - [x86] clocksource: acpi_pm: fix return value of __setup handler - sched/debug: Remove mpol_get/put and task_lock/unlock from sched_show_numa - perf/core: Fix address filter parser for multiple filters - [x86] perf/x86/intel/pt: Fix address filter config for 32-bit kernel - video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe() - video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name() - media: em28xx: initialize refcount before kref_get - media: usb: go7007: s2250-board: fix leak in probe() - [x86] ASoC: rt5663: check the return value of devm_kzalloc() in rt5663_parse_dp() - printk: fix return value of printk.devkmsg __setup handler - [armhf] memory: emif: Add check for setup_interrupts - [armhf] memory: emif: check the pointer temp in get_device_details() - ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction - media: stk1160: If start stream fails, return buffers with VB2_BUF_STATE_QUEUED - [arm*] ASoC: dmaengine: do not use a NULL prepare_slave_config() callback - [armhf] ASoC: imx-es8328: Fix error return code in imx_es8328_probe() - ath10k: fix memory overwrite of the WoWLAN wakeup packet pattern - Bluetooth: hci_serdev: call init_rwsem() before p->open() - drm/edid: Don't clear formats if using deep color - drm/amd/display: Fix a NULL pointer dereference in amdgpu_dm_connector_add_common_modes() - ath9k_htc: fix uninit value bugs - [powerpc*] KVM: PPC: Fix vmx/vsx mixup in mmio emulation - [x86] ray_cs: Check ioremap return value - HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports - iwlwifi: Fix -EIO error code that is never returned - scsi: pm8001: Fix command initialization in pm80XX_send_read_log() - scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req() - scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config() - scsi: pm8001: Fix abort all task initialization - TOMOYO: fix __setup handlers return values - [arm64,armhf] drm/tegra: Fix reference leak in tegra_dsi_ganged_probe - [x86] power: supply: bq24190_charger: Fix bq24190_vbus_is_enabled() wrong false return - [powerpc*] Makefile: Don't pass -mcpu=powerpc64 when building 32-bit - [x86] KVM: x86: Fix emulation in writing cr8 - [x86] KVM: x86/emulator: Defer not-present segment check in __load_segment_descriptor() - [x86] hv_balloon: rate-limit "Unhandled message" warning - PCI: Reduce warnings on possible RW1C corruption - [armhf] mfd: mc13xxx: Add check for mc13xxx_irq_request - vxcan: enable local echo for sent CAN frames - USB: storage: ums-realtek: fix error code in rts51x_read_mem() - af_netlink: Fix shift out of bounds in group mask calculation - tcp: ensure PMTU updates are processed during fastopen - [x86] mxser: fix xmit_buf leak in activate when LSR == 0xff - [x86] serial: 8250_mid: Balance reference count for PCI DMA device - serial: 8250: Fix race condition in RTS-after-send handling - [arm64] clk: qcom: clk-rcg2: Update the frac table for pixel clock - [armhf] clk: tegra: tegra124-emc: Fix missing put_device() call in emc_ensure_emc_driver - NFS: remove unneeded check in decode_devicenotify_args() - [arm64,armhf] pinctrl/rockchip: Add missing of_node_put() in rockchip_pinctrl_probe - [s390x] tty: hvc: fix return value of __setup handler - jfs: fix divide error in dbNextAG - netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options - xen: fix is_xen_pmu() - net: phy: broadcom: Fix brcm_fet_config_init() - NFSv4/pNFS: Fix another issue with a list iterator pointing to the head - selinux: use correct type for context length - loop: use sysfs_emit() in the sysfs xxx show() - Fix incorrect type in assignment of ipv6 port for audit - bfq: fix use-after-free in bfq_dispatch_request - ACPICA: Avoid walking the ACPI Namespace if it is not there - Revert "Revert "block, bfq: honor already-setup queue merges"" - ACPI/APEI: Limit printable size of BERT table data - PM: core: keep irq flags in device_pm_check_callbacks() - [arm64] spi: tegra20: Use of_device_get_match_data() - ext4: don't BUG if someone dirty pages without asking ext4 first - video: fbdev: cirrusfb: check pixclock to avoid divide by zero - video: fbdev: udlfb: replace snprintf in show functions with sysfs_emit - ASoC: soc-core: skip zero num_dai component in searching dai name - media: cx88-mpeg: clear interrupt status register before streaming video - media: Revert "media: em28xx: add missing em28xx_close_extension" - media: hdpvr: initialize dev->worker at hdpvr_register_videodev - mmc: host: Return an error when ->enable_sdio_irq() ops is missing - [powerpc*] lib/sstep: Fix 'sthcx' instruction - scsi: qla2xxx: Fix stuck session in gpdb - scsi: qla2xxx: Fix warning for missing error code - scsi: qla2xxx: Check for firmware dump already collected - scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair() - scsi: qla2xxx: Fix incorrect reporting of task management failure - scsi: qla2xxx: Fix hang due to session stuck - scsi: qla2xxx: Reduce false trigger to login - scsi: qla2xxx: Use correct feature type field during RFF_ID processing - KVM: Prevent module exit until all VMs are freed - [x86] KVM: x86: fix sending PV IPI - ubifs: rename_whiteout: Fix double free for whiteout_ui->data - ubifs: Fix deadlock in concurrent rename whiteout and inode writeback - ubifs: Add missing iput if do_tmpfile() failed in rename whiteout - ubifs: setflags: Make dirtied_ino_d 8 bytes aligned - ubifs: Fix read out-of-bounds in ubifs_wbuf_write_nolock() - ubifs: rename_whiteout: correct old_dir size computing - can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path (CVE-2022-28389) - can: mcba_usb: properly check endpoint type - gfs2: Make sure FITRIM minlen is rounded up to fs block size - pinctrl: pinconf-generic: Print arguments for bias-pull-* - ubi: Fix race condition between ctrl_cdev_ioctl and ubi_cdev_ioctl - [amd64,arm64] ACPI: CPPC: Avoid out of bounds access when parsing _CPC data - mm/mmap: return 1 from stack_guard_gap __setup() handler - mm/memcontrol: return 1 from cgroup.memory __setup() handler - mm/usercopy: return 1 from hardened_usercopy __setup() handler - bpf: Fix comment for helper bpf_current_task_under_cgroup() - [x86] ASoC: topology: Allow TLV control to be either read or write - openvswitch: Fixed nd target mask field in the flow dump. - [x86] KVM: x86: Forbid VMM to set SYNIC/STIMER MSRs when SynIC wasn't activated (CVE-2022-2153) - ubifs: Rectify space amount budget for mkdir/tmpfile operations - [x86] KVM: x86/svm: Clear reserved bits written to PerfEvtSeln MSRs - drm: Add orientation quirk for GPD Win Max - ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 - drm/amd/amdgpu/amdgpu_cs: fix refcount leak of a dma_fence obj - ptp: replace snprintf with sysfs_emit - scsi: mvsas: Replace snprintf() with sysfs_emit() - scsi: bfa: Replace snprintf() with sysfs_emit() - [arm64,armhf] power: supply: axp20x_battery: properly report current when discharging - [powerpc*] Set crashkernel offset to mid of RMA region - [arm64] PCI: aardvark: Fix support for MSI interrupts - [arm64] iommu/arm-smmu-v3: fix event handling soft lockup - usb: ehci: add pci device support for Aspeed platforms - PCI: pciehp: Add Qualcomm quirk for Command Completed erratum - ipv4: Invalidate neighbour for broadcast address upon address addition - dm ioctl: prevent potential spectre v1 gadget - scsi: pm8001: Fix pm8001_mpi_task_abort_resp() - scsi: aha152x: Fix aha152x_setup() __setup handler return value - net/smc: correct settings of RMB window update limit - macvtap: advertise link netns via netlink - bnxt_en: Eliminate unintended link toggle during FW reset - [mips*] fix fortify panic when copying asm exception handlers - scsi: libfc: Fix use after free in fc_exch_abts_resp() - [armhf] usb: dwc3: omap: fix "unbalanced disables for smps10_out1" on omap5evm - Bluetooth: Fix use after free in hci_send_acl - init/main.c: return 1 from handled __setup() functions - minix: fix bug when opening a file with O_DIRECT - w1: w1_therm: fixes w1_seq for ds28ea00 sensors - NFSv4: Protect the state recovery thread against direct reclaim - xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=32 - clk: Enforce that disjoints limits are invalid - SUNRPC/call_alloc: async tasks mustn't block waiting for memory - NFS: swap IO handling is slightly different for O_DIRECT IO - NFS: swap-out must always use STABLE writes. - [armhf] serial: samsung_tty: do not unlock port->lock for uart_write_wakeup() - virtio_console: eliminate anonymous module_init & module_exit - jfs: prevent NULL deref in diFree - net: add missing SOF_TIMESTAMPING_OPT_ID support - mm: fix race between MADV_FREE reclaim and blkdev direct IO read - [arm64] KVM: arm64: Check arm64_get_bp_hardening_data() didn't return NULL - drm/amdgpu: fix off by one in amdgpu_gfx_kiq_acquire() - [x86] Drivers: hv: vmbus: Fix potential crash on module unload - [arm64,armhf] net: stmmac: Fix unset max_speed difference between DT and non-DT platforms - [armhf] drm/imx: Fix memory leak in imx_pd_connector_get_modes - net: openvswitch: don't send internal clone attribute to the userspace. - rxrpc: fix a race in rxrpc_exit_net() - qede: confirm skb is allocated before using - drbd: Fix five use after free bugs in get_initial_state - [arm64] Revert "mmc: sdhci-xenon: fix annoying 1.8V regulator warning" - mmmremap.c: avoid pointless invalidate_range_start/end on mremap(old_size=0) - mm/mempolicy: fix mpol_new leak in shared_policy_replace - [x86] pm: Save the MSR validity status at context setup - [x86] speculation: Restore speculation related MSRs during S3 resume - btrfs: fix qgroup reserve overflow the qgroup limit - [arm64] patch_text: Fixup last cpu should be master - [arm64] perf: qcom_l2_pmu: fix an incorrect NULL check on list iterator - [arm64,armhf] irqchip/gic-v3: Fix GICR_CTLR.RWP polling - mm: don't skip swap entry even if zap_details specified - [arm64] module: remove (NOLOAD) from linker script - mm/sparsemem: fix 'mem_section' will never be NULL gcc 12 warning - cgroup: Use open-time credentials for process migraton perm checks (CVE-2021-4197) - cgroup: Allocate cgroup_file_ctx for kernfs_open_file->priv (CVE-2021-4197) - cgroup: Use open-time cgroup namespace for process migration perm checks (CVE-2021-4197) - xfrm: policy: match with both mark and mask on user interfaces - drm/amdgpu: Check if fd really is an amdgpu fd. https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.239 - net/sched: flower: fix parsing of ethertype following VLAN header - veth: Ensure eth header is in skb's linear part - gpiolib: acpi: use correct format characters - [armhf] net: ethernet: stmmac: fix altr_tse_pcs function when using a fixed-link - sctp: Initialize daddr on peeled off socket - cifs: potential buffer overflow in handling symlinks - drm/amd: Add USBC connector ID - [amd64] drm/amdkfd: Check for potential null return of kmalloc_array() - [x86] Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer - scsi: target: tcmu: Fix possible page UAF - [powerpc*] scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024 - ata: libata-core: Disable READ LOG DMA EXT for Samsung 840 EVOs - [armhf] gpu: ipu-v3: Fix dev_dbg frequency output - [arm64] alternatives: mark patch_alternative() as `noinstr` - drm/amd/display: Fix allocate_mst_payload assert on resume - scsi: mvsas: Add PCI ID of RocketRaid 2640 - drivers: net: slip: fix NPD bug in sl_tx_timeout() - mm, page_alloc: fix build_zonerefs_node() - ALSA: hda/realtek: Add quirk for Clevo PD50PNT - ALSA: pcm: Test for "silence" field in struct "pcm_format_data" - ipv6: fix panic when forwarding a pkt with no in6 dev - smp: Fix offline cpu check in flush_smp_call_function_queue() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.240 - etherdevice: Adjust ether_addr* prototypes to silence -Wstringop-overead - mm: page_alloc: fix building error on -Werror=array-compare - tracing: Dump stacktrace trigger to the corresponding instance - can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path (CVE-2022-28388) - dm integrity: fix memory corruption when tag_size is less than digest size - gfs2: assign rgrp glock before compute_bitstructs - ALSA: usb-audio: Clear MIDI port active flag after draining - tcp: fix race condition when creating child sockets from syncookies - tcp: Fix potential use-after-free due to double kfree() - [armhf] dmaengine: imx-sdma: Fix error checking in sdma_event_remap - rxrpc: Restore removed timer deletion - net/packet: fix packet_sock xmit return value checking - net/sched: cls_u32: fix possible leak in u32_init_knode() - netlink: reset network and mac headers in netlink_dump() - [x86] platform/x86: samsung-laptop: Fix an unsigned comparison which can never be negative - ALSA: usb-audio: Fix undefined behavior due to shift overflowing the constant - vxlan: fix error return code in vxlan_fdb_append - cifs: Check the IOCB_DIRECT flag, not O_DIRECT - mt76: Fix undefined behavior due to shift overflowing the constant - brcmfmac: sdio: Fix undefined behavior due to shift overflowing the constant - [arm64] drm/msm/mdp5: check the return of kzalloc() - [arm64] net: macb: Restart tx only if queue pointer is lagging - stat: fix inconsistency between struct stat and struct compat_stat - ata: pata_marvell: Check the 'bmdma_addr' beforing reading - [arm64,armhf] drm/panel/raspberrypi-touchscreen: Avoid NULL deref if not initialised - [arm64,armhf] drm/panel/raspberrypi-touchscreen: Initialise the bridge in prepare - [powerpc*] perf: Fix power9 event alternatives - openvswitch: fix OOB access in reserve_sfa_size() - ASoC: soc-dapm: fix two incorrect uses of list iterator - e1000e: Fix possible overflow in LTR decoding - [arm*] arm_pmu: Validate single/group leader events - ext4: fix symlink file size not match to file content - ext4: limit length to bitmap_maxbytes - blocksize in punch_hole - ext4: fix overhead calculation to account for the reserved gdt blocks - ext4: force overhead calculation if the s_overhead_cluster makes no sense - block/compat_ioctl: fix range check in BLKGETSIZE - ax25: add refcount in ax25_dev to avoid UAF bugs (CVE-2022-1204) - ax25: fix reference count leaks of ax25_dev (CVE-2022-1204) - ax25: fix UAF bugs of net_device caused by rebinding operation (CVE-2022-1204) - ax25: Fix refcount leaks caused by ax25_cb_del() - ax25: fix UAF bug in ax25_send_control() (CVE-2022-1204) - ax25: fix NPD bug in ax25_disconnect (CVE-2022-1199) - ax25: Fix NULL pointer dereferences in ax25 timers (CVE-2022-1205) - ax25: Fix UAF bugs in ax25 timers (CVE-2022-1205) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.241 - floppy: disable FDRAWCMD by default (CVE-2022-33981) - hamradio: defer 6pack kfree after unregister_netdev (CVE-2022-1195) - hamradio: remove needs_free_netdev to avoid UAF (CVE-2022-1195) - net/sched: cls_u32: fix netns refcount changes in u32_change() (CVE-2022-29581) - [powerpc*] 64/interrupt: Temporarily save PPR on stack to fix register corruption due to SLB miss - [powerpc*] 64s: Unmerge EX_LR and EX_DAR - [armhf] Revert "net: ethernet: stmmac: fix altr_tse_pcs function when using a fixed-link" https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.242 - USB: quirks: add a Realtek card reader - USB: quirks: add STRING quirk for VCOM device - USB: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS - USB: serial: cp210x: add PIDs for Kamstrup USB Meter Reader - USB: serial: option: add support for Cinterion MV32-WA/MV32-WB - USB: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions - xhci: stop polling roothubs after shutdown - iio: dac: ad5446: Fix read_raw not returning set value - [x86] iio: magnetometer: ak8975: Fix the error handling in ak8975_power_on() - usb: misc: fix improper handling of refcount in uss720_probe() - usb: gadget: uvc: Fix crash when encoding data for usb request - usb: gadget: configfs: clear deactivation flag in configfs_composite_unbind() - [arm64,armhf] usb: dwc3: core: Fix tx/rx threshold settings - [arm64,armhf] usb: dwc3: gadget: Return proper request status - [armhf] serial: imx: fix overrun interrupts in DMA mode - serial: 8250: Also set sticky MCR bits in console restoration - serial: 8250: Correct the clock for EndRun PTP/1588 PCIe device - hex2bin: make the function hex_to_bin constant-time - hex2bin: fix access beyond string end - USB: Fix xhci event ring dequeue pointer ERDP update issue - [armhf] phy: samsung: Fix missing of_node_put() in exynos_sata_phy_probe - [armhf] phy: samsung: exynos5250-sata: fix missing device put in probe error paths - [armhf] ARM: OMAP2+: Fix refcount leak in omap_gic_of_init - [armhf] dts: logicpd-som-lv: Fix wrong pinmuxing on OMAP35 - ipvs: correctly print the memory size of ip_vs_conn_tab - tcp: md5: incorrect tcp_header_len for incoming connections - sctp: check asoc strreset_chunk in sctp_generate_reconf_event - [arm64] net: hns3: add validity check for message data length - ip_gre: Make o_seqno start from 0 in native mode - tcp: fix potential xmit stalls caused by TCP_NOTSENT_LOWAT - [arm64,armhf] bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create() - [arm64,armhf] clk: sunxi: sun9i-mmc: check return value after calling platform_get_resource() - bnx2x: fix napi API usage sequence - ip6_gre: Avoid updating tunnel->tun_hlen in __gre6_xmit() - [amd64] x86: __memcpy_flushcache: fix wrong alignment if size > 2^32 - cifs: destage any unwritten data to the server before calling copychunk_write - [x86] drivers: net: hippi: Fix deadlock in rr_close() - [x86] cpu: Load microcode during restore_processor_state() - tty: n_gsm: fix wrong signal octet encoding in convergence layer type 2 - tty: n_gsm: fix malformed counter for out of frame data - netfilter: nft_socket: only do sk lookups when indev is available - tty: n_gsm: fix insufficient txframe size - tty: n_gsm: fix missing explicit ldisc flush - tty: n_gsm: fix wrong command retry handling - tty: n_gsm: fix wrong command frame length field encoding - tty: n_gsm: fix incorrect UA handling - drm/vgem: Close use-after-free race in vgem_gem_create (CVE-2022-1419) - [mips*] Fix CP0 counter erratum detection for R4k CPUs - ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes - gpiolib: of: fix bounds check for 'gpio-reserved-ranges' - Revert "SUNRPC: attempt AF_LOCAL connect on setup" - firewire: fix potential uaf in outbound_phy_packet_callback() - firewire: remove check of list iterator against head past the loop body - firewire: core: extend card->lock in fw_core_handle_bus_reset - genirq: Synchronize interrupt thread startup - nfc: replace improper check device_is_registered() in netlink related functions (CVE-2022-1974) - NFC: netlink: fix sleep in atomic bug when firmware download timeout (CVE-2022-1975) - hwmon: (adt7470) Fix warning on module removal - [arm*] ASoC: dmaengine: Restore NULL prepare_slave_config() callback - [arm64,armhf] net: stmmac: dwmac-sun8i: add missing of_node_put() in sun8i_dwmac_register_mdio_mux() - [arm64,armhf] smsc911x: allow using IRQ0 - btrfs: always log symlinks in full mode - net: igmp: respect RCU rules in ip_mc_source() and ip_mc_msfilter() - [x86] kvm: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU - mm: fix unexpected zeroed page mapping with zram swap - tcp: make sure treq->af_specific is initialized - dm: fix mempool NULL pointer race when completing IO - dm: interlock pending dm_io and dm_wait_for_bios_completion - [arm64] PCI: aardvark: Clear all MSIs at setup - [arm64] PCI: aardvark: Fix reading MSI interrupt number - mmc: rtsx: add 74 Clocks in power on flow https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.243 - block: drbd: drbd_nl: Make conversion to 'enum drbd_ret_code' explicit - nfp: bpf: silence bitwise vs. logical OR warning - Bluetooth: Fix the creation of hdev->name - ALSA: pcm: Fix races among concurrent hw_params and hw_free calls (CVE-2022-1048) - ALSA: pcm: Fix races among concurrent read/write and buffer changes (CVE-2022-1048) - ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls (CVE-2022-1048) - ALSA: pcm: Fix races among concurrent prealloc proc writes (CVE-2022-1048) - ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock - mm: hugetlb: fix missing cache flush in copy_huge_page_from_user() - mm: userfaultfd: fix missing cache flush in mcopy_atomic_pte() and __mcopy_atomic() - VFS: Fix memory leak caused by concurrently mounting fs with subtype https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.244 - batman-adv: Don't skb_split skbuffs with frag_list - hwmon: (tmp401) Add OF device ID table - net: Fix features skip in for_each_netdev_feature() - ipv4: drop dst in multicast routing path - netlink: do not reset transport header in netlink_recvmsg() - mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection - [s390x] ctcm: fix variable dereferenced before check - [s390x] ctcm: fix potential memory leak - [s390x] lcs: fix variable dereferenced before check - net/sched: act_pedit: really ensure the skb is writable - net/smc: non blocking recvmsg() return -EAGAIN when no data and signal_pending - net: sfc: ef10: fix memory leak in efx_ef10_mtd_probe() - gfs2: Fix filesystem block deallocation for short writes - hwmon: (f71882fg) Fix negative temperature - ASoC: max98090: Reject invalid values in custom control put() - ASoC: max98090: Generate notifications on changes for custom control - ASoC: ops: Validate input values in snd_soc_put_volsw_range() - tcp: resalt the secret every 10 seconds (CVE-2022-1012) - usb: cdc-wdm: fix reading stuck on device close - USB: serial: pl2303: add device id for HP LM930 Display - USB: serial: qcserial: add support for Sierra Wireless EM7590 - USB: serial: option: add Fibocom L610 modem - USB: serial: option: add Fibocom MA510 modem - cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp() - [x86] drm/vmwgfx: Initialize drm_mode_fb_cmd2 - ping: fix address binding wrt vrf https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.245 - floppy: use a statically allocated error counter (CVE-2022-1652) - Input: add bounds checking to input_set_capability() - drbd: remove usage of list iterator variable after loop - nilfs2: fix lockdep warnings in page operations for btree nodes - nilfs2: fix lockdep warnings during disk space reclamation - [i386] ALSA: wavefront: Proper check of get_user() error - perf: Fix sys_perf_event_open() race against self (CVE-2022-1729) - Fix double fget() in vhost_net_set_backend() - PCI/PM: Avoid putting Elo i2 PCIe Ports in D3cold - [arm64] crypto: qcom-rng - fix infinite loop on requests not multiple of WORD_SZ - drm/dp/mst: fix a possible memory leak in fetch_monitor_name() - mmc: core: Cleanup BKOPS support - mmc: core: Specify timeouts for BKOPS and CACHE_FLUSH for eMMC - mmc: block: Use generic_cmd6_time when modifying INAND_CMD38_ARG_EXT_CSD - mmc: core: Default to generic_cmd6_time as timeout in __mmc_switch() - [arm64] net: macb: Increment rx bd head after allocating skb and buffer - net/sched: act_pedit: sanitize shift argument before usage - [x86] net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf() - [x86] net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup() - net/qla3xxx: Fix a test in ql_reset_work() - net/mlx5e: Properly block LRO when XDP is enabled - [armhf] 9196/1: spectre-bhb: enable for Cortex-A15 - [armel,armhf] 9197/1: spectre-bhb: fix loop8 sequence for Thumb2 - igb: skip phy status check where unavailable - net: bridge: Clear offload_fwd_mark when passing frame up bridge interface. - [arm*] gpio: mvebu/pwm: Refuse requests with inverted polarity - scsi: qla2xxx: Fix missed DMA unmap for aborted commands - mac80211: fix rx reordering with non explicit / psmp ack policy - ethernet: tulip: fix missing pci_disable_device() on error in tulip_init_one() - [amd64] net: atlantic: verify hw_head_ lies within TX buffer ring - swiotlb: fix info leak with DMA_FROM_DEVICE (CVE-2022-0854) - Reinstate some of "swiotlb: rework "fix info leak with DMA_FROM_DEVICE"" (CVE-2022-0854) - afs: Fix afs_getattr() to refetch file status if callback break occurred https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.246 - [x86] pci/xen: Disable PCI/MSI[-X] masking for XEN_HVM guests (Closes: #1006346) - staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan() - tcp: change source port randomizarion at connect() time - secure_seq: use the 64 bits of the siphash for port offset calculation (CVE-2022-1012) - ACPI: sysfs: Make sparse happy about address space in use - ACPI: sysfs: Fix BERT error region memory mapping - net: af_key: check encryption module availability consistency - [x86] i2c: ismt: Provide a DMA buffer for Interrupt Cause Logging - [arm64] drivers: i2c: thunderx: Allow driver to work with ACPI defined TWSI controllers - assoc_array: Fix BUG_ON during garbage collect - cfg80211: set custom regdomain after wiphy registration - [x86] drm/i915: Fix -Wstringop-overflow warning in call to intel_read_wm_latency() - block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern (CVE-2022-0494) - exec: Force single empty string when argv is empty - netfilter: conntrack: re-fetch conntrack after insertion - zsmalloc: fix races between asynchronous zspage free and page migration - dm integrity: fix error code in dm_integrity_ctr() - dm crypt: make printing of the key constant-time - dm stats: add cond_resched when looping over entries - dm verity: set DM_TARGET_IMMUTABLE feature flag - HID: multitouch: Add support for Google Whiskers Touchpad - tpm: Fix buffer access in tpm2_get_tpm_pt() - NFSD: Fix possible sleep during nfsd4_release_lockowner() - bpf: Enlarge offset check value to INT_MAX in bpf_skb_{load,store}_bytes https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.247 - ALSA: hda/realtek - Fix microphone noise on ASUS TUF B550M-PLUS - USB: serial: option: add Quectel BG95 modem - USB: new quirk for Dell Gen 2 devices - ptrace: Reimplement PTRACE_KILL by always sending SIGKILL - btrfs: add "0x" prefix for unsupported optional features - btrfs: repair super block num_devices automatically - drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes - mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue - b43legacy: Fix assigning negative value to unsigned variable - b43: Fix assigning negative value to unsigned variable - ipw2x00: Fix potential NULL dereference in libipw_xmit() - ipv6: fix locking issues with loops over idev->addr_list - fbcon: Consistently protect deferred_takeover with console_lock() - ACPICA: Avoid cache flush inside virtual machines - ALSA: jack: Access input_dev under mutex - drm/amd/pm: fix double free in si_parse_power_table() - ath9k: fix QCA9561 PA bias level - [arm64] media: venus: hfi: avoid null dereference in deinit - media: pci: cx23885: Fix the error handling in cx23885_initdev() - md/bitmap: don't set sb values if can't pass sanity check - scsi: megaraid: Fix error check return value of register_chrdev() - drm/plane: Move range check for format_count earlier - drm/amd/pm: fix the compile warning - ipv6: Don't send rs packets to the interface of ARPHRD_TUNNEL - ASoC: dapm: Don't fold register value changes into notifications - ipmi:ssif: Check for NULL msg when handling events and messages - rtlwifi: Use pr_warn instead of WARN_ONCE - media: cec-adap.c: fix is_configuring state - nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags - ASoC: rt5645: Fix errorenous cleanup order - net: phy: micrel: Allow probing without .driver_data - rxrpc: Return an error to sendmsg if call failed - [arm64] PM / devfreq: rk3399_dmc: Disable edev on remove() - fs: jfs: fix possible NULL pointer dereference in dbFree() - fat: add ratelimit to fat*_ent_bread() - [armhf] dts: exynos: add atmel,24c128 fallback to Samsung EEPROM - PCI: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store() - tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate - [powerpc*] xics: fix refcount leak in icp_opal_init() - [amd64] RDMA/hfi1: Prevent panic when SDMA is disabled - drm: fix EDID struct for old ARM OABI format - ath9k: fix ar9003_get_eepmisc - drm/edid: fix invalid EDID extension block filtering - [arm64] drm/bridge: adv7511: clean up CEC adapter when probe fails - [x86] delay: Fix the wrong asm constraint in delay_loop() - [arm*] drm/vc4: txp: Don't set TXP_VSTART_AT_EOF - [arm*] drm/vc4: txp: Force alpha to be 0xff if it's disabled - nl80211: show SSID for P2P_GO interfaces - [armhf] spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout - NFC: NULL out the dev->rfkill to prevent UAF - efi: Add missing prototype for efi_capsule_setup_info - HID: hid-led: fix maximum brightness for Dream Cheeky - HID: elan: Fix potential double free in elan_input_configured - ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix - inotify: show inotify mask flags in proc fdinfo - fsnotify: fix wrong lockdep annotations - scsi: ufs: core: Exclude UECxx from SFR dump list - [x86] pm: Fix false positive kmemleak report in msr_build_context() - [x86] speculation: Add missing prototype for unpriv_ebpf_notify() - [arm64] drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory free during pm runtime resume - [arm64] drm/msm/dsi: fix error checks and return values for DSI xmit functions - [arm64] drm/msm/hdmi: check return value after calling platform_get_resource_byname() - [arm64,armhf] drm/rockchip: vop: fix possible null-ptr-deref in vop_bind() - [x86] Fix return value of __setup handlers - [x86] mm: Cleanup the control_va_addr_alignment() __setup handler - [arm64] drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected - [arm64] drm/msm/mdp5: Return error code in mdp5_mixer_release when deadlock is detected - [arm64] drm/msm: return an error pointer in msm_gem_prime_get_sg_table() - media: uvcvideo: Fix missing check to determine if element is found in list - [x86] perf/amd/ibs: Use interrupt regs ip for stack unwinding - [armhf] regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt - scripts/faddr2line: Fix overlapping text section failures - media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init - Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout - sctp: read sk->sk_bound_dev_if once in sctp_rcv() - ext4: reject the 'commit' option on ext2 filesystems - [arm64] drm: msm: fix possible memory leak in mdp5_crtc_cursor_set() - rxrpc: Fix listen() setting the bar too high for the prealloc rings - rxrpc: Don't try to resend the request if we're receiving the reply - [armel,armhf] dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT - [armel,armhf] dts: bcm2835-rpi-b: Fix GPIO line names - [arm*] crypto: marvell/cesa - ECB does not IV - [arm64] pinctrl: mvebu: Fix irq_of_parse_and_map() return value - drivers/base/node.c: fix compaction sysfs file leak - dax: fix cache flush on PMD-mapped pages - [powerpc*] idle: Fix return value of __setup() handler - proc: fix dentry/inode overinstantiating under /proc/${pid}/net - tty: fix deadlock caused by calling printk() under tty_port->lock - [amd64] RDMA/hfi1: Prevent use of lock before it is initialized - f2fs: fix dereference of stale list iterator after loop body - NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout - [arm64,armhf] video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup - [amd64] iommu/amd: Increase timeout waiting for GA log enablement - f2fs: fix deadloop in foreground GC - wifi: mac80211: fix use-after-free in chanctx code - iwlwifi: mvm: fix assert 1F04 upon reconfig - fs-writeback: writeback_sb_inodes:Recalculate 'wrote' according skipped pages - netfilter: nf_tables: disallow non-stateful expression in sets earlier (CVE-2022-32250) - ext4: fix use-after-free in ext4_rename_dir_prepare - ext4: fix bug_on in ext4_writepages - ext4: verify dir block before splitting it (CVE-2022-1184) - ext4: avoid cycles in directory h-tree (CVE-2022-1184) - tracing: Fix potential double free in create_var_ref() - PCI/PM: Fix bridge_d3_blacklist[] Elo i2 overwrite of Gigabyte X299 - [arm64] PCI: qcom: Fix runtime PM imbalance on probe errors - [arm64] PCI: qcom: Fix unbalanced PHY init on probe errors - dlm: fix plock invalid read - dlm: fix missing lkb refcount handling - ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock - scsi: dc395x: Fix a missing check on list iterator - drm/amdgpu/cs: make commands with 0 chunks illegal behaviour. - drm/nouveau/clk: Fix an incorrect NULL check on list iterator - [arm64,armhf] drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX - md: fix an incorrect NULL check in does_sb_need_changing - md: fix an incorrect NULL check in md_reload_sb - [amd64] RDMA/hfi1: Fix potential integer multiplication overflow errors - [armhf] irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x - mac80211: upgrade passive scan to active scan on DFS channels after beacon rx - hugetlb: fix huge_pmd_unshare address update - rtl818x: Prevent using not initialized queues - ASoC: rt5514: Fix event generation for "DSP Voice Wake Up" control - carl9170: tx: fix an incorrect use of list iterator - [x86] gma500: fix an incorrect NULL check on list iterator - [arm64] phy: qcom-qmp: fix struct clk leak on probe errors - blk-iolatency: Fix inflight count imbalances and IO hangs on offline - [arm64] phy: qcom-qmp: fix reset-controller leak on probe errors - RDMA/rxe: Generate a completion for unsupported/invalid opcode - md: bcache: check the return value of kzalloc() in detached_dev_do_request() - usb: usbip: fix a refcount leak in stub_probe() - usb: usbip: add missing device lock on tweak configuration cmd - USB: storage: karma: fix rio_karma_init return - [armhf] usb: musb: Fix missing of_node_put() in omap2430_probe - [arm64] usb: dwc3: pci: Fix pm_runtime_get_sync() error checking - [arm64,armhf] soc: rockchip: Fix refcount leak in rockchip_grf_init - [arm64,armhf] serial: meson: acquire port->lock in startup() - [x86] serial: 8250_fintek: Check SER_RS485_RTS_* only with RS485 - firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle - [armhf] bus: ti-sysc: Fix warnings for unbind for serial - [s390x] crypto: fix scatterwalk_unmap() callers in AES-GCM - [arm64,armhf] net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register - jffs2: fix memory leak in jffs2_do_fill_super - ubi: ubi_create_volume: Fix use-after-free when volume creation failed - nfp: only report pause frame configuration for physical device - net/mlx5e: Update netdev features after changing XDP state - tcp: tcp_rtx_synack() can be called from process context - afs: Fix infinite loop found by xfstest generic/676 - tipc: check attribute length for bearer name - [mips*] cpc: Fix refcount leak in mips_cpc_default_phys_base - tracing: Fix sleeping function called from invalid context on RT kernel - tracing: Avoid adding tracer option before update_tracer_options - NFSv4: Don't hold the layoutget locks across multiple RPC calls - xprtrdma: treat all calls not a bcall when bc_serv is NULL - [mips*/octeon] ata: pata_octeon_cf: Fix refcount leak in octeon_cf_probe - af_unix: Fix a data-race in unix_dgram_peer_wake_me(). - [arm64] bpf, arm64: Clear prog->jited_len along prog->jited - net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure - SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer() - net: mdio: unexport __init-annotated mdio_bus_init() - net: xfrm: unexport __init-annotated xfrm4_protocol_init() - net: ipv6: unexport __init-annotated seg6_hmac_init() - net/mlx5: Rearm the FW tracer after each tracer event - ip_gre: test csum_start instead of transport header - [x86] tty: synclink_gt: Fix null-pointer-dereference in slgt_clean() - [x86] drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop() - [x86] drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop() - [mips*] USB: host: isp116x: check return value after calling platform_get_resource() - USB: hcd-pci: Fully suspend across freeze/thaw cycle - [arm*] usb: dwc2: gadget: don't reset gadget's driver->bus - misc: rtsx: set NULL intfdata when probe fails - extcon: Modify extcon device to be created after driver data is set - [arm*] clocksource/drivers/sp804: Avoid error on multiple instances - staging: rtl8712: fix uninit-value in r871xu_drv_init() - [arm64] serial: msm_serial: disable interrupts in __msm_console_write() - kernfs: Separate kernfs_pr_cont_buf and rename_lock. - md: protect md_unregister_thread from reentrancy - ceph: allow ceph.dir.rctime xattr to be updatable - drm/radeon: fix a possible null pointer dereference - nbd: call genl_unregister_family() first in nbd_cleanup() - nbd: fix race between nbd_alloc_config() and module removal - nbd: fix io hung while disconnecting device - nodemask: Fix return values to be unsigned - [amd64] vringh: Fix loop descriptors check in the indirect cases - ALSA: hda/conexant - Fix loopback issue with CX20632 - cifs: return errors during session setup during reconnects - ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files - mmc: block: Fix CQE recovery reset success - ixgbe: fix bcast packets Rx on VF after promisc removal - ixgbe: fix unexpected VLAN Rx in promisc mode on VF - Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag - [powerpc*] 32: Fix overread/overwrite of thread_struct via ptrace (CVE-2022-32981) - md/raid0: Ignore RAID0 layout if the second zone has only one device - mtd: cfi_cmdset_0002: Move and rename chip_check/chip_ready/chip_good_for_write - mtd: cfi_cmdset_0002: Use chip_ready() for write on S29GL064N - tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.248 - [x86] cpu: Add Elkhart Lake to Intel family - cpu/speculation: Add prototype for cpu_show_srbds() - [x86] cpu: Add Jasper Lake to Intel family - [x86] cpu: Add Lakefield, Alder Lake and Rocket Lake models to the to Intel CPU family - [x86] cpu: Add another Alder Lake CPU to the Intel family - [x86] Mitigate Processor MMIO Stale Data vulnerabilities (CVE-2022-21123, CVE-2022-21125, CVE-2022-21166): + Documentation: Add documentation for Processor MMIO Stale Data + x86/speculation/mmio: Enumerate Processor MMIO Stale Data bug + x86/speculation: Add a common function for MD_CLEAR mitigation update + x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data + x86/bugs: Group MDS, TAA & Processor MMIO Stale Data mitigations + x86/speculation/mmio: Enable CPU Fill buffer clearing on idle + x86/speculation/mmio: Add sysfs reporting for Processor MMIO Stale Data + x86/speculation/srbds: Update SRBDS mitigation selection + x86/speculation/mmio: Reuse SRBDS mitigation for SBDS + KVM: x86/speculation: Disable Fill buffer clear within guests + x86/speculation/mmio: Print SMT warning https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.249 - 9p: missing chunk of "fs/9p: Don't update file type when updating file attributes" - crypto: blake2s - generic C library implementation and selftest - lib/crypto: blake2s: move hmac construction into wireguard - lib/crypto: sha1: re-roll loops to reduce code size - random: Backport from 5.19, fixing several weaknesses and peformance issues, including: + fdt: add support for rng-seed + random: add GRND_INSECURE to return best-effort non-cryptographic bytes + random: ignore GRND_RANDOM in getentropy(2) + random: make /dev/random be almost like /dev/urandom + random: use BLAKE2s instead of SHA1 in extraction + random: avoid superfluous call to RDRAND in CRNG extraction + random: continually use hwgenerator randomness + random: use computational hash for entropy extraction + random: use RDSEED instead of RDRAND in entropy extraction + random: do not xor RDRAND when writing into /dev/random + random: absorb fast pool into input pool after fast load + random: use hash function for crng_slow_load() + random: zero buffer after reading entropy from userspace + random: defer fast pool mixing to worker + random: do crng pre-init loading in worker rather than irq + random: don't let 644 read-only sysctls be written to + random: use SipHash as interrupt entropy accumulator + random: reseed more often immediately after booting + random: check for signal and try earlier when generating entropy + random: treat bootloader trust toggle the same way as cpu trust toggle + random: do not allow user to keep crng key around on stack + random: check for signal_pending() outside of need_resched() check + random: check for signals every PAGE_SIZE chunk of /dev/[u]random + init: call time_init() before rand_initialize() + [ppc64el,s390x] define get_cycles macro for arch-override + timekeeping: Add raw clock fallback for random_get_entropy() + [armel,armhf,mips*] use fallback for random_get_entropy() instead of just c0 random + [x86] tsc: Use fallback for random_get_entropy() instead of zero + random: do not use batches when !crng_ready() + random: do not pretend to handle premature next security model + random: do not use input pool from hard IRQs + random: avoid initializing twice in credit race + random: wire up fops->splice_{read,write}_iter() + random: credit cpu and bootloader seeds by default - crypto: drbg - add FIPS 140-2 CTRNG for noise source - crypto: drbg - always seeded with SP800-90B compliant noise source - crypto: drbg - prepare for more fine-grained tracking of seeding state - crypto: drbg - track whether DRBG was seeded with !rng_is_initialized() - crypto: drbg - move dynamic ->reseed_threshold adjustments to __drbg_seed() - crypto: drbg - always try to free Jitter RNG instance - crypto: drbg - make reseeding from get_random_bytes() synchronous - ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo() - [armhf] ASoC: es8328: Fix event generation for deemphasis control - [x86] scsi: vmw_pvscsi: Expand vcpuHint to 16 bits - scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology - scsi: ipr: Fix missing/incorrect resource cleanup in error case - scsi: pmcraid: Fix missing resource cleanup in error case - virtio-mmio: fix missing put_device() when vm_cmdline_parent registration failed - ipv6: Fix signed integer overflow in l2tp_ip6_sendmsg - pNFS: Don't keep retrying if the server replied NFS4ERR_LAYOUTUNAVAILABLE - i40e: Fix adding ADQ filter to TC0 - i40e: Fix call trace in setup_tx_descriptors - [arm64] ftrace: fix branch range checks - [arm64,armhf] irqchip/gic-v3: Fix refcount leak in gic_populate_ppi_partitions - [x86] comedi: vmk80xx: fix expression for tx buffer size - USB: serial: option: add support for Cinterion MV31 with new baseline - USB: serial: io_ti: add Agilent E5805A support - [arm*] usb: dwc2: Fix memory leak in dwc2_hcd_init - serial: 8250: Store to lsr_save_flags after lsr read - ext4: fix bug_on ext4_mb_use_inode_pa - ext4: make variable "count" signed - ext4: add reserved GDT blocks check - virtio-pci: Remove wrong address verification in vp_del_vqs() - net: openvswitch: fix misuse of the cached connection on tuple changes - net: openvswitch: fix leak of nested actions - [s390x] mm: use non-quiescing sske for KVM switch to keyed guest - usb: gadget: u_ether: fix regression in setting fixed MAC address (regression in 4.19.223) - xprtrdma: fix incorrect header size calculations - tcp: Improve source port randomisation (CVE-2022-1012, CVE-2022-32296): + tcp: add some entropy in __inet_hash_connect() + tcp: use different parts of the port_offset for index and offset + tcp: add small random increments to the source port + tcp: dynamically allocate the perturb table used by source ports + tcp: increase source port perturb table to 2^16 + tcp: drop the hash_32() part from the index calculation . [ Salvatore Bonaccorso ] * Bump ABI to 21 * [rt] Update to 4.19.237-rt107 * Refresh "powerpc: Fix -mcpu= options for SPE-only compiler" * [rt] Refresh "buffer_head: Replace bh_uptodate_lock for -rt" * [rt] Update to 4.19.240-rt108 * [rt] Update to 4.19.245-rt109 * [rt] Update to 4.19.246-rt110: - genirq: Add lost hunk to irq_forced_thread_fn(). (regression in 4.19.184-rt75) . [ Ben Hutchings ] * [rt] Drop "random: Make it work on rt", since the upstream version is now RT-aware * random: Enable RANDOM_TRUST_BOOTLOADER. This can be reverted using the kernel parameter: random.trust_bootloader=off * [armhf] Enable KERNEL_MODE_NEON (Closes: #922204) * [armel,armhf] crypto: Enable optimised implementations (see #922204): - Enable ARM_CRYPTO - Enable CRYPTO_SHA1_ARM, CRYPTO_SHA256_ARM, CRYPTO_SHA512_ARM, CRYPTO_AES_ARM as modules - [armhf] Enable SHA1_ARM_NEON, CRYPTO_SHA1_ARM_CE, CRYPTO_SHA2_ARM_CE, CRYPTO_AES_ARM_BS, CRYPTO_AES_ARM_CE, CRYPTO_GHASH_ARM_CE, CRYPTO_CRCT10DIF_ARM_CE, CRYPTO_CRC32_ARM_CE, CRYPTO_CHACHA20_NEON as modules . [ Diederik de Haas ] * net_sched: let qdisc_put() accept NULL pointer (Closes: #1013299) linux-latest (105+deb10u16) buster-security; urgency=medium . * Update to 4.19.0-21 linux-signed-amd64 (4.19.249+2) buster-security; urgency=medium . * Sign kernel from linux 4.19.249-2 . * swiotlb: skip swiotlb_bounce when orig_addr is zero (regression in 4.19.249) linux-signed-arm64 (4.19.249+2) buster-security; urgency=medium . * Sign kernel from linux 4.19.249-2 . * swiotlb: skip swiotlb_bounce when orig_addr is zero (regression in 4.19.249) linux-signed-i386 (4.19.249+2) buster-security; urgency=medium . * Sign kernel from linux 4.19.249-2 . * swiotlb: skip swiotlb_bounce when orig_addr is zero (regression in 4.19.249) llvm-toolchain-13 (1:13.0.1-6~deb10u4) buster; urgency=medium . * Disable libunwind on mips. llvm-toolchain-13 (1:13.0.1-6~deb10u3) buster; urgency=medium . * Disable lldb on mips. llvm-toolchain-13 (1:13.0.1-6~deb10u2) buster; urgency=medium . * Don't build-dep on llvm-spirv, it's not available in buster and having an alternative doesn't work on the buildds. * Add support for mips in various places. llvm-toolchain-13 (1:13.0.1-6~deb10u1) buster; urgency=medium . * Non-maintainer upload. * Backport to buster. * Don't install libclang grpc proto libs, they are not built in buster. llvm-toolchain-13 (1:13.0.1-5) unstable; urgency=medium . [ John Paul Adrian Glaubitz ] * Enable GRPC build dependency only on supported targets * Exclude lib{Monitoring,RemoteIndex}*Proto.a on m68k and sparc64 . [ Gianfranco Costamagna ] * fix grpc architectures, avoiding to install them where not available * Break/Replaces the Ubuntu library that moved GRPC binaries into the wrong location * newline/tab fix in rules * fix GRPC installation in port architectures * Add patches from Upstream/Ubuntu to: - Backport upstream patches to allow building EFI images for Ubuntu Core for arm64 (LP: #1960300) llvm-toolchain-13 (1:13.0.1-4) unstable; urgency=medium . * Backport D115098 for Rust 1.59 (Closes: #1010150) llvm-toolchain-13 (1:13.0.1-3) unstable; urgency=medium . * Fix a typo in an header (closes: #1005195) . * Also install usr/lib/llvm-@LLVM_VERSION@/lib/libRemoteIndexProto.a usr/lib/llvm-@LLVM_VERSION@/lib/libRemoteIndexServiceProto.a usr/lib/llvm-@LLVM_VERSION@/lib/libMonitoringServiceProto.a in libclang-X.Y-dev (Closes: #1005666) llvm-toolchain-13 (1:13.0.1-2) unstable; urgency=medium . * mlir: use the cmake option to avoid installing object files MLIR_INSTALL_AGGREGATE_OBJECTS Closes upstream #53134 * Build clangd with GRPC support Thanks to Sam McCall for the patch llvm-toolchain-13 (1:13.0.1-1) unstable; urgency=medium . * New stable release llvm-toolchain-13 (1:13.0.1~+rc3-1~exp1) experimental; urgency=medium . [ Samuel Thibault ] * Explicitly link against -latomic on all ports, not only the Linux ones. * Stop hardcoding -DCMAKE_SYSTEM_NAME=Linux as cmake parameter, as it breaks stage2 builds on non-Linux architectures . [ Pino Toscano ] * debian/rules: Disable 64bit runtime build on hurd-i386 (Closes: #1003081). . [ Sylvestre Ledru ] * New rc * Lower the debhelper dep to 10 for debian stretch * Rename ocaml-nox => ocaml-base (Closes: #1002609) * Remove Build-Conflicts: ocaml llvm-toolchain-13 (1:13.0.1~+rc2-1~exp1) experimental; urgency=medium . [ Samuel Thibault ] * Explicitly link against -latomic on all ports, not only the Linux ones. * Stop hardcoding -DCMAKE_SYSTEM_NAME=Linux as cmake parameter, as it breaks stage2 builds on non-Linux architectures . [ Pino Toscano ] * debian/rules: Disable 64bit runtime build on hurd-i386 (Closes: #1003081). . [ Sylvestre Ledru ] * New snapshot release llvm-toolchain-13 (1:13.0.1~+rc1-1~exp4) experimental; urgency=medium . * Fix the cmake file with the mlir introducing llvm-toolchain-13 (1:13.0.1~+rc1-1~exp3) experimental; urgency=medium . * Build and ship MLIR as 3 new packages (libmlir-13-dev, libmlir-13 and mlir-13-toolso * Install bfd plugins in /usr/lib/bfd-plugins/LLVMgold-@LLVM_VERSION@.so llvm-toolchain-13 (1:13.0.1~+rc1-1~exp2) experimental; urgency=medium . * Bring back the dependency clang => llvm-13-linker-tools * Unbreak llvm-toolchain-13 on buster. -fuse-ld=gold wasn't passed to compiler-rt. it was using bfd. And binutils shipping in buster has a bug preventing this to work: https://github.com/llvm/llvm-project/issues/42339 * Remove AVR from LLVM_EXPERIMENTAL_TARGETS_TO_BUILD. stable since 11 https://releases.llvm.org/11.0.0/docs/ReleaseNotes.html#changes-to-the-avr-target * Use the version suffix when calling wasm-ld => wasm-ld-13 https://bugzilla.mozilla.org/show_bug.cgi?id=1747145 * Fix run-clang-tidy symlink. it moved from /usr/lib/llvm-13/share/clang/run-clang-tidy to /usr/lib/llvm-13/bin/run-clang-tidy (Closes: #1001748) * Install LLVMgold in usr/lib/bfd-plugins to help various tools to understand the format (Closes: #919020) llvm-toolchain-13 (1:13.0.1~+rc1-1~exp1) experimental; urgency=medium . * New testing release * Use parallel + -4 for the xz tarballs compression to make it faster * Add manpages for git-clang-format & run-clang-tidy * Add back -DLLVM_VERSION_SUFFIX=. Useless for 13 but necessary for snapshot Otherwise, it adds "git" to the libs llvm-toolchain-13 (1:13.0.0-9) unstable; urgency=medium . * Upload to unstable (all green on exp) * Fix an autopkgtest test (Closes: #997902) llvm-toolchain-13 (1:13.0.0-9~exp2) experimental; urgency=medium . * patch compiler-rt build to add option to disable scudo standalone allocator as it is not always supported by all debian baseline arch profiles * add COMPILER_RT_BUILD_SCUDO_STANDALONE=OFF to armel build in debian/rules since the baseline armv5t arch profile is not supported llvm-toolchain-13 (1:13.0.0-9~exp1) experimental; urgency=medium . * Merge migration to 2stage runtimes build 12 => 13 * Adjust openmp runtime quilt patches from branch 12 for changes in upstream (llvmorg-13.0.0) sources llvm-toolchain-13 (1:13.0.0-8) unstable; urgency=medium . * Disable lldb on mipsel and mips64el as it isn't supported See https://reviews.llvm.org/D102872 (Closes: #997011) llvm-toolchain-13 (1:13.0.0-7) unstable; urgency=medium . * Remove omp-device-info from LLVMExports.cmake (Closes: #996551) For real this time * Fix the link issue (hopefully on all archs) (Closes: #995827) customs LDFLAGS were not passed to the stage2 * Trim trailing whitespace. * Update watch file format version to 4. * Update to compat 11. oldstable has 12 bionic has 11 llvm-toolchain-13 (1:13.0.0-6) unstable; urgency=medium . * Remove omp-device-info from LLVMExports.cmake (Closes: #996551) * Fix a atomic issue. Thanks to YunQiang Su for the patch Partial fix for #995827 * Bring back the llvm manpages (Closes: #995684) Were generated at the wrong place llvm-toolchain-13 (1:13.0.0-5) unstable; urgency=medium . * Restrict the dependency on libunwind-13-dev from Package: libc++-13-dev on amd64 arm64 armhf i386 mips64el ppc64el ppc64 riscv64 (Closes: #996462) llvm-toolchain-13 (1:13.0.0-4) unstable; urgency=medium . * Instead of using llvm-* to install binaries in llvm-X.Y list all the binaries one by one. It will prevent "llvm-omp-device-info" to be installed in llvm-X.Y which caused an explicit dependency on libomp which caused llvm-X.Y to be NOT coinstallable anymore * Move llvm-omp-device-info-X.Y from llvm-X to libompX-dev Fixes upstream #52162 llvm-toolchain-13 (1:13.0.0-3) unstable; urgency=medium . * libc++-13-dev should depends on libunwind-13-dev (Closes: #995810) * Disable a tsan and two lldb tests on i386 llvm-toolchain-13 (1:13.0.0-2) unstable; urgency=medium . * Fix the libclang detection in cmake (Closes: #994827) * Adjust the testsuite after various changes (rpass, libclang, polly lib, etc) llvm-toolchain-13 (1:13.0.0-1) unstable; urgency=medium . * New upstream release llvm-toolchain-13 (1:13.0.0~+rc4-1) unstable; urgency=medium . * New testing release * Ship clang-repl See https://reviews.llvm.org/D106813 * Replace make by ninja for the build process It is now more tested than make by upstream And it is supposed to be faster Removed openmp/bootstrap-with-openmp-version-export-missing.diff as it seems that the ninja move fixed it llvm-toolchain-13 (1:13.0.0~+rc3-1) unstable; urgency=medium . * New testing release * Remove debian/patches/disable-no-omit-leaf.diff as it is fixed upstream llvm-toolchain-13 (1:13.0.0~+rc2-3) unstable; urgency=medium . * compiler-rt scudo, don't add the option -mno-omit-leaf-frame-pointer when building on armel & armhf llvm-toolchain-13 (1:13.0.0~+rc2-2) unstable; urgency=medium . * Build with -DCMAKE_POSITION_INDEPENDENT_CODE=ON to libc++ and libc++abi * The changes from 12.0.1-7 . [ John Paul Adrian Glaubitz ] * Disable libunwind-X.Y{-dev} packages on sparc and sparc64 llvm-toolchain-13 (1:13.0.0~+rc2-1) unstable; urgency=medium . [ John Paul Adrian Glaubitz ] * Disable libunwind on m68k, sparc64 and x32 . [ Gianfranco Costamagna ] * integration-test-suite-test: fix build by using 13 as default version . [ Sylvestre Ledru ] * New testing release llvm-toolchain-13 (1:13.0.0~+rc1-2) unstable; urgency=medium . * clang-soname-extract-version.diff: improve the upstream declaration * Fix the libclang links llvm-toolchain-13 (1:13.0.0~+rc1-1~exp1) unstable; urgency=medium . * New snapshot release llvm-toolchain-13 (1:13~++20210731010128+6eaf46beb462-1~exp1) experimental; urgency=medium . * Branching of snapshot into 13 * Adjust libclang: - upstream decided to make it stable starting from 13, with the soname - for now, I am not planning to rename libclang1-13 to libclang13 as it will cause too much churn for a small gain as we will keep libllvm (while losing the capability to have different versions in parallel installed) lrzip (0.631+git180528-1+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * Security updates: Two issues that allow remote attackers to cause a denial of service via a crafted lrz file: - CVE-2018-5786: Resolve a potential infinite loop and application hang in the get_fileinfo function. - CVE-2021-27345: Resolve a null pointer dereference. * CVE-2021-27347: Resolve a use after free. - CVE-2020-25467: Resolve a null pointer dereference. - CVE-2022-26291: Resolve a multiple concurrency use-after-free. A memory corruption issue: - CVE-2022-28044: Resolve a potential heap corruption. mat2 (0.8.0-3+deb10u1) buster-security; urgency=medium . * CVE-2022-35410 minidlna (1.2.1+dfsg-2+deb10u3) buster; urgency=medium . * Non-maintainer upload. * CVE-2022-26505 Validate HTTP requests to protect against DNS rebinding, thus forbid a remote web server to exfiltrate media files. (Closes: #1006798) mokutil (0.6.0-2~deb10u1) buster; urgency=medium . * Rebuild new upstream for buster, to allow for SBAT management + Move to new upstream version 0.6.0. + Drop old patches, no longer needed. + Switch to Arch: any to allow for more architectures. Closes: #987613, #991933. + Clean up old tweaks in debian/rules, no longer needed. + Add build-dep on libkeyutils-dev, new dependency. mokutil (0.6.0-1) unstable; urgency=medium . * Move to new upstream version 0.6.0. + Drop old patches, no longer needed. * Switch to Arch: any to allow for more architectures. Closes: #987613, #991933. * Clean up old tweaks in debian/rules, no longer needed. * Add build-dep on libkeyutils-dev, new dependency. * Bump Standards-Version to 4.6.1, no changes needed. mokutil (0.4.0-1) unstable; urgency=medium . * Take mokutil under the wing of efi-team. Thanks to Simon for his work previously, added him as an uploader * Import the upstream source * Move to new upstream version 0.4.0. Closes: #925223 + Includes manpage fixes. Closes: #930759 * Fix compiler warnings about potential unaligned pointers * Update packaging: + Raise debhelper-compat to 13 + Raise Standards-Version to 4.5.1 + Remove now-redundant build-dep on dh-autoreconf mutt (1.10.1-2.1+deb10u6) buster; urgency=medium . * Non-maintainer upload. * Fix uudecode buffer overflow (CVE-2022-1328) (Closes: #1009734) needrestart (3.4-5+deb10u1) buster-security; urgency=high . * Add patch 08-anchor-interp-re to fix not anchored regular expressions. This fixes CVE-2022-30688. node-ejs (2.5.7-1+deb10u1) buster; urgency=medium . * Team upload * Sanitize options and new objects (Closes: #1010359, CVE-2022-29078) node-end-of-stream (1.4.1-1+deb10u1) buster; urgency=medium . * Team upload * Workaround test bug (Closes: #987530) node-minimist (1.2.0-1+deb10u2) buster; urgency=medium . * Fix prototype pollution (Closes: CVE-2021-44906) node-node-forge (0.8.1~dfsg-1+deb10u1) buster; urgency=medium . * Team upload * Fix signature verification (Closes: CVE-2022-24771, CVE-2022-24772, CVE-2022-24773) node-require-from-string (2.0.1-1+deb10u1) buster; urgency=medium . * Non-maintainer upload. * Fix test for nodejs >= 10.16 (Closes: #988103) ntfs-3g (1:2017.3.23AR.3-3+deb10u2) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * Fix multiple issues (Closes: #1011770) - Used a default usn when the former one cannot be retrieved (CVE-2022-30788) - Made sure there is no null character in an attribute name (CVE-2022-30786) - Avoided allocating and reading an attribute beyond its full size (CVE-2022-30784) - Made sure the client log data does not overflow from restart page (CVE-2022-30789) - Made sure there is no null character in an attribute name (bis) (CVE-2022-30786) - Fixed possible out-of-buffer condition in ntfsck (CVE-2021-46790) - Fixed operation on little endian data (CVE-2022-30788) - Returned an error code when the --help or --version options are used (CVE-2022-30783) - Hardened the checking of directory offset requested by a readdir (CVE-2022-30785, CVE-2022-30787) nvidia-graphics-drivers (418.226.00-3) buster; urgency=medium . * The Tesla 418 driver series has been declared as End-of-Life by NVIDIA. No further updates fixing security issues, critical bugs, or adding support for new Xorg or Linux releases will be issued. https://docs.nvidia.com/datacenter/tesla/drivers/ . * Generate tight dependencies on libnvidia*-glcore/libnvidia*-eglcore (470.57.02-3). * bug-script: Show the nvidia and glx alternatives (470.82.00-1). * nvidia-alternative: libnvidia-cfg.so.1 on its own is not sufficient to activate a nvidia alternative (470.82.00-1). (Closes: #996595) * Fix bashisms in upstream scripts (470.82.00-1). * libegl1-mesa is a transitional package since buster (470.82.00-1). * nvidia-kernel-support: Provide /etc/modprobe.d/nvidia-options.conf as a template taking into account the module renaming. This is a slave alternative of the nvidia alternative (470.86-1). (Closes: #999670) * dkms.conf: Use a BUILD_EXCLUSIVE equivalent hack to skip building for -rt kernels, not supported upstream (510.54-1). * Declare Testsuite: autopkgtest-pkg-dkms (510.54-1). * Update lintian overrides. * Bump Standards-Version to 4.6.1. No changes needed. * Upload to buster. . nvidia-graphics-drivers (418.226.00-2) UNRELEASED; urgency=medium . * Backport stdarg.h and stddef.h changes from 495.44 to fix kernel module build for Linux 5.16. * Backport pde_data changes from 470.103.01 to fix kernel module build for Linux 5.17. . nvidia-graphics-drivers (418.226.00-1) UNRELEASED; urgency=medium . * New upstream Tesla release 418.226.00 (2021-10-26). . nvidia-graphics-drivers (418.211.00-2) UNRELEASED; urgency=medium . * Backport drm_device_has_pdev and set_current_state changes from 470.63.01 to fix kernel module build for Linux 5.14. nvidia-graphics-drivers-legacy-390xx (390.154-1~deb10u1) buster; urgency=medium . * Rebuild for buster. . nvidia-graphics-drivers-legacy-390xx (390.154-1) unstable; urgency=medium . * New upstream legacy branch release 390.154 (2022-08-02). * Fixed CVE-2022-31607, CVE-2022-31608, CVE-2022-31615. (Closes: #1016616) https://nvidia.custhelp.com/app/answers/detail/a_id/5383 * Improved compatibility with recent Linux kernels. . [ Andreas Beckmann ] * Refresh patches. * Minor packaging sync and cleanup (470.129.06-6). * Drop references to kernel-package and make-kpkg, gone since stretch (470.141.03-1). * Overhaul build-module-packages.sh (470.141.03-1). * Add module-assistant based autopkgtest for the *-source package (470.141.03-1). * Simplify changelog management for the *-source package (470.141.03-1). * Copy the Source stanza from d/control to the module control file (470.141.03-1). * Update lintian overrides. . nvidia-graphics-drivers-legacy-390xx (390.151-2) unstable; urgency=medium . * Backport pci/dma changes from 470.129.06 to fix kernel module build for Linux 5.18. (Closes: #1012700, #1012618) * Update lintian overrides. nvidia-graphics-drivers-legacy-390xx (390.151-2) unstable; urgency=medium . * Backport pci/dma changes from 470.129.06 to fix kernel module build for Linux 5.18. (Closes: #1012700, #1012618) * Switch to B-D: dh-dkms. * Update lintian overrides. nvidia-graphics-drivers-legacy-390xx (390.151-1) unstable; urgency=medium . * New upstream legacy branch release 390.151 (2022-05-16). * Fixed CVE-2022-28181, CVE-2022-28185. (Closes: #1011142, #1004849) https://nvidia.custhelp.com/app/answers/detail/a_id/5353 - Fixed a bug which prevented kernel modules linked from precompiled kernel interface object files from being loaded on recent Linux kernels. This affected custom packages which were prepared with nvidia-installer's --add-this-kernel option, for example. - Fixed a driver installation failure on Linux kernel 5.17 release candidates, where the NVIDIA kernel module failed to build with error "implicit declaration of function 'PDE'". . [ Andreas Beckmann ] * Refresh patches. * Work around architecture misdetection when building the kernel modules in an armhf environment on an arm64 host. (Closes: #1010230) * Bump Standards-Version to 4.6.1. No changes needed. nvidia-graphics-drivers-legacy-390xx (390.151-1~deb11u1) bullseye; urgency=medium . * Rebuild for bullseye. . nvidia-graphics-drivers-legacy-390xx (390.151-1) unstable; urgency=medium . * New upstream legacy branch release 390.151 (2022-05-16). * Fixed CVE-2022-28181, CVE-2022-28185. (Closes: #1011142, #1004849) https://nvidia.custhelp.com/app/answers/detail/a_id/5353 - Fixed a bug which prevented kernel modules linked from precompiled kernel interface object files from being loaded on recent Linux kernels. This affected custom packages which were prepared with nvidia-installer's --add-this-kernel option, for example. - Fixed a driver installation failure on Linux kernel 5.17 release candidates, where the NVIDIA kernel module failed to build with error "implicit declaration of function 'PDE'". . [ Andreas Beckmann ] * Refresh patches. * Work around architecture misdetection when building the kernel modules in an armhf environment on an arm64 host. (Closes: #1010230) * Bump Standards-Version to 4.6.1. No changes needed. . nvidia-graphics-drivers-legacy-390xx (390.147-4) unstable; urgency=medium . * dkms.conf: Use a BUILD_EXCLUSIVE equivalent hack to skip building for -rt kernels, not supported upstream (510.54-1). * Declare Testsuite: autopkgtest-pkg-dkms (510.54-1). . nvidia-graphics-drivers-legacy-390xx (390.147-3) unstable; urgency=medium . * Fix incomplete backport of pde_data changes from 470.103.01. (Closes: #1005909) . nvidia-graphics-drivers-legacy-390xx (390.147-2) unstable; urgency=medium . * Add xorg-video-abi-25 (Xorg Xserver 21) as alternative dependency. (Closes: #1005804) * Backport pde_data changes from 470.103.01 to fix kernel module build for Linux 5.17. . nvidia-graphics-drivers-legacy-390xx (390.147-1) unstable; urgency=medium . * New upstream legacy branch release 390.147 (2021-12-16). - Worked around a bug in Meson builds of libglvnd 1.3.0 that caused the nvidia_icd.json file to be installed in the wrong location. * Improved compatibility with recent Linux kernels. . [ Andreas Beckmann ] * Refresh patches. * bug-script: Show the nvidia and glx alternatives (470.82.00-1). * nvidia-legacy-390xx-alternative: libnvidia-cfg.so.1 on its own is not sufficient to activate a nvidia alternative (470.82.00-1). (Closes: #996595) * Fix bashisms in upstream scripts (470.82.00-1). * libegl1-mesa is a transitional package since buster (470.82.00-1). * nvidia-legacy-390xx-kernel-support: Provide /etc/modprobe.d/nvidia-options.conf as a template taking into account the module renaming. This is a slave alternative of the nvidia alternative (470.86-1). (Closes: #999670) * Update lintian overrides. . nvidia-graphics-drivers-legacy-390xx (390.144-2) unstable; urgency=medium . * Backport drm_device_has_pdev and set_current_state changes from 470.63.01 to fix kernel module build for Linux 5.14. (Closes: #994814) * Generate tight dependencies on libnvidia*-glcore/libnvidia*-eglcore (470.57.02-3). (Closes: #992057) * Bump Standards-Version to 4.6.0. No changes needed. . nvidia-graphics-drivers-legacy-390xx (390.144-1~deb10u1) buster; urgency=medium . * Rebuild for buster. nvidia-graphics-drivers-legacy-390xx (390.151-1~deb10u1) buster; urgency=medium . * Rebuild for buster. . nvidia-graphics-drivers-legacy-390xx (390.151-1~deb11u1) bullseye; urgency=medium . * Rebuild for bullseye. . nvidia-graphics-drivers-legacy-390xx (390.151-1) unstable; urgency=medium . * New upstream legacy branch release 390.151 (2022-05-16). * Fixed CVE-2022-28181, CVE-2022-28185. (Closes: #1011142, #1004849) https://nvidia.custhelp.com/app/answers/detail/a_id/5353 - Fixed a bug which prevented kernel modules linked from precompiled kernel interface object files from being loaded on recent Linux kernels. This affected custom packages which were prepared with nvidia-installer's --add-this-kernel option, for example. - Fixed a driver installation failure on Linux kernel 5.17 release candidates, where the NVIDIA kernel module failed to build with error "implicit declaration of function 'PDE'". . [ Andreas Beckmann ] * Refresh patches. * Work around architecture misdetection when building the kernel modules in an armhf environment on an arm64 host. (Closes: #1010230) * Bump Standards-Version to 4.6.1. No changes needed. . nvidia-graphics-drivers-legacy-390xx (390.147-4) unstable; urgency=medium . * dkms.conf: Use a BUILD_EXCLUSIVE equivalent hack to skip building for -rt kernels, not supported upstream (510.54-1). * Declare Testsuite: autopkgtest-pkg-dkms (510.54-1). . nvidia-graphics-drivers-legacy-390xx (390.147-3) unstable; urgency=medium . * Fix incomplete backport of pde_data changes from 470.103.01. (Closes: #1005909) . nvidia-graphics-drivers-legacy-390xx (390.147-2) unstable; urgency=medium . * Add xorg-video-abi-25 (Xorg Xserver 21) as alternative dependency. (Closes: #1005804) * Backport pde_data changes from 470.103.01 to fix kernel module build for Linux 5.17. . nvidia-graphics-drivers-legacy-390xx (390.147-1) unstable; urgency=medium . * New upstream legacy branch release 390.147 (2021-12-16). - Worked around a bug in Meson builds of libglvnd 1.3.0 that caused the nvidia_icd.json file to be installed in the wrong location. * Improved compatibility with recent Linux kernels. . [ Andreas Beckmann ] * Refresh patches. * bug-script: Show the nvidia and glx alternatives (470.82.00-1). * nvidia-legacy-390xx-alternative: libnvidia-cfg.so.1 on its own is not sufficient to activate a nvidia alternative (470.82.00-1). (Closes: #996595) * Fix bashisms in upstream scripts (470.82.00-1). * libegl1-mesa is a transitional package since buster (470.82.00-1). * nvidia-legacy-390xx-kernel-support: Provide /etc/modprobe.d/nvidia-options.conf as a template taking into account the module renaming. This is a slave alternative of the nvidia alternative (470.86-1). (Closes: #999670) * Update lintian overrides. . nvidia-graphics-drivers-legacy-390xx (390.144-2) unstable; urgency=medium . * Backport drm_device_has_pdev and set_current_state changes from 470.63.01 to fix kernel module build for Linux 5.14. (Closes: #994814) * Generate tight dependencies on libnvidia*-glcore/libnvidia*-eglcore (470.57.02-3). (Closes: #992057) * Bump Standards-Version to 4.6.0. No changes needed. nvidia-graphics-drivers-legacy-390xx (390.147-4) unstable; urgency=medium . * dkms.conf: Use a BUILD_EXCLUSIVE equivalent hack to skip building for -rt kernels, not supported upstream (510.54-1). * Declare Testsuite: autopkgtest-pkg-dkms (510.54-1). nvidia-graphics-drivers-legacy-390xx (390.147-3) unstable; urgency=medium . * Fix incomplete backport of pde_data changes from 510.39.01. nvidia-graphics-drivers-legacy-390xx (390.147-2) unstable; urgency=medium . * Add xorg-video-abi-25 (Xorg Xserver 21) as alternative dependency. (Closes: #1005804) * Backport pde_data changes from 510.39.01 to fix kernel module build for Linux 5.17. nvidia-graphics-drivers-legacy-390xx (390.147-1) unstable; urgency=medium . * New upstream legacy branch release 390.147 (2021-12-16). - Worked around a bug in Meson builds of libglvnd 1.3.0 that caused the nvidia_icd.json file to be installed in the wrong location. * Improved compatibility with recent Linux kernels. . [ Andreas Beckmann ] * Refresh patches. * bug-script: Show the nvidia and glx alternatives (470.82.00-1). * nvidia-legacy-390xx-alternative: libnvidia-cfg.so.1 on its own is not sufficient to activate a nvidia alternative (470.82.00-1). * Fix bashisms in upstream scripts (470.82.00-1). * libegl1-mesa is a transitional package since buster (470.82.00-1). * nvidia-kernel-support: Provide /etc/modprobe.d/nvidia-options.conf as a template taking into account the module renaming. This is a slave alternative of the nvidia alternative (470.86-1). (Closes: #999670) * Update lintian overrides. nvidia-graphics-drivers-legacy-390xx (390.147-1~bpo11+1) bullseye-backports; urgency=medium . * Rebuild for bullseye-backports. . nvidia-graphics-drivers-legacy-390xx (390.147-1) unstable; urgency=medium . * New upstream legacy branch release 390.147 (2021-12-16). - Worked around a bug in Meson builds of libglvnd 1.3.0 that caused the nvidia_icd.json file to be installed in the wrong location. * Improved compatibility with recent Linux kernels. . [ Andreas Beckmann ] * Refresh patches. * bug-script: Show the nvidia and glx alternatives (470.82.00-1). * nvidia-legacy-390xx-alternative: libnvidia-cfg.so.1 on its own is not sufficient to activate a nvidia alternative (470.82.00-1). (Closes: #996595) * Fix bashisms in upstream scripts (470.82.00-1). * libegl1-mesa is a transitional package since buster (470.82.00-1). * nvidia-kernel-support: Provide /etc/modprobe.d/nvidia-options.conf as a template taking into account the module renaming. This is a slave alternative of the nvidia alternative (470.86-1). (Closes: #999670) * Update lintian overrides. . nvidia-graphics-drivers-legacy-390xx (390.144-2) unstable; urgency=medium . * Backport drm_device_has_pdev and set_current_state changes from 470.63.01 to fix kernel module build for Linux 5.14. (Closes: #994814) * Generate tight dependencies on libnvidia*-glcore/libnvidia*-eglcore (470.57.02-3). (Closes: #992057) * Bump Standards-Version to 4.6.0. No changes needed. . nvidia-graphics-drivers-legacy-390xx (390.144-1~deb10u1) buster; urgency=medium . * Rebuild for buster. nvidia-graphics-drivers-legacy-390xx (390.144-2) unstable; urgency=medium . * Backport drm_device_has_pdev and set_current_state changes from 470.63.01 to fix kernel module build for Linux 5.14. * Generate tight dependencies on libnvidia*-glcore/libnvidia*-eglcore (470.57.02-3). (Closes: #992057) * Bump Standards-Version to 4.6.0. No changes needed. nvidia-graphics-drivers-legacy-390xx (390.144-1) unstable; urgency=medium . * New upstream legacy branch release 390.144 (2021-07-20). * Fixed CVE-2021-1093, CVE-2021-1094, CVE-2021-1095. (Closes: #991353) https://nvidia.custhelp.com/app/answers/detail/a_id/5211 - Worked around a bug in Meson builds of libglvnd 1.3.0 that caused the nvidia_icd.json file to be installed in the wrong location. . [ Andreas Beckmann ] * Refresh patches. * nvidia-legacy-390xx-driver-libs: Add Recommends: libnvidia-encode1 (470.42.01-1). (Closes: #989885) * debian/gen-control.pl: Support substitutions in the Vcs-Git field (470.57.02-1). * Compute and substitute the Git branch instead of hardcoding it (470.57.02-1). octavia (3.0.0-3+deb10u1) buster; urgency=medium . * Fix octavia-agent binary in init/service file, fix the startup. * Add Fix-osutils.py-to-detect-Debian.patch. * CVE-2019-17134: Client certificates aren't checked properly in the Amphora. Applied upstream patch (Closes: #941897): - Add CVE-2019-17134_Fix_urgent_amphora_two-way_auth_security_bug.patch. * Add Fix_template_that_generates_vrrp_check_script.patch. * Add in the agent, so it's not needed to configure in the image: - /var/lib/octavia/haproxy-default-user-group.conf - /etc/modules-load.d/octavia-agent.conf - /var/lib/octavia/ping-wrapper.sh - /etc/sysctl.d/octavia-agent-sysctl.conf * Add a bunch of runtime dependencies in octavia-agent, so that we don't need to add it when building the image. openjdk-11 (11.0.16+8-1~deb10u1) buster-security; urgency=medium . * Rebuild for buster openjdk-11 (11.0.15+10-1) unstable; urgency=high . * OpenJDK 11.0.15+10 build (release). * Security fixes - JDK-8269938: Enhance XML processing passes redux. - JDK-8270504, CVE-2022-21426: Better XPath expression handling. - JDK-8272255: Completely handle MIDI files. - JDK-8272261: Improve JFR recording file processing. - JDK-8272594: Better record of recordings. - JDK-8274221: More definite BER encodings. - JDK-8275082, JDK-8278008, CVE-2022-21476: Update XML Security for Java to 2.3.0. - JDK-8275151, CVE-2022-21443: Improved Object Identification. - JDK-8277227: Better identification of OIDs. - JDK-8277672, CVE-2022-21434: Better invocation handler handling. - JDK-8278356: Improve file creation. - JDK-8278449: Improve keychain support. - JDK-8278798: Improve supported intrinsic. - JDK-8278805: Enhance BMP image loading. - JDK-8278972, CVE-2022-21496: Improve URL supports. - JDK-8281388: Change wrapping of EncryptedPrivateKeyInfo. * Refresh patches. openjdk-11 (11.0.15+10-1~deb11u1) bullseye-security; urgency=medium . * Rebuild for bullseye openjdk-11 (11.0.15+10-1~deb10u1) buster-security; urgency=medium . * Rebuild for buster openjdk-11 (11.0.14.1+1-1) unstable; urgency=medium . * OpenJDK 11.0.14.1+1 build (release). - Fix JDK-8218546. LP: #1966338. openjdk-11 (11.0.14+9-1) unstable; urgency=high . * OpenJDK 11.0.14+9 build (release). openjdk-11 (11.0.14+9-1~deb11u1) bullseye-security; urgency=medium . * Rebuild for bullseye openldap (2.4.47+dfsg-3+deb10u7) buster-security; urgency=high . * Fix SQL injection in back-sql (ITS#9815) (CVE-2022-29155) openssl (1.1.1n-0+deb10u3) buster-security; urgency=medium . * CVE-2022-2068 (The c_rehash script allows command injection). * Update expired certs. openssl (1.1.1n-0+deb10u2) buster-security; urgency=medium . * CVE-2022-1292 (The c_rehash script allows command injection). openvswitch (2.10.7+ds1-0+deb10u1) buster-security; urgency=medium . * New upstream point release: - Addresses CVE-2020-35498: denial of service attacks, in which crafted network packets could cause the packet lookup to ignore network header fields from layers 3 and 4. The crafted network packet is an ordinary IPv4 or IPv6 packet with Ethernet padding length above 255 bytes. This causes the packet sanity check to abort parsing header fields after layer 2 (Closes: #982493). openvswitch (2.10.6+ds1-0+deb10u1) buster-security; urgency=high . * New upstream point release: - Addresses CVE-2020-27827: denial of service attacks using crafted LLDP packets. (Closes: #980132). - Addresses CVE-2015-8011: Buffer overflow in the lldp_decode function in daemon/protocols/lldp.c in lldpd before 0.8.0 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via vectors involving large management addresses and TLV boundaries. * Refreshed patches. openvswitch (2.10.0+2018.08.28+git.8ca7c82b7d+ds1-13) unstable; urgency=medium . * Some fixups in debian/ifupdown.sh to allow setting-up the MTU. * Document how to do Bond + Bridge + VLAN + MTU. * Correct dependency on python3-six instead of python-six (Closes: #931104). orca (3.30.1-2) buster; urgency=high . * debian/patches/git-webkitgtk1: Fix screen reading of webkitgtk 2.36 which changed its toolkit name * debian/patches/git-webkitgtk2: Fix screen reading of webkitgtk 2.36 which doesn't implement Collection any more. pacemaker (2.0.1-5+deb10u2) buster; urgency=medium . [ Andreas Beckmann ] * [b55ccb2] pacemaker-resource-agents: Bump Breaks+Replaces: pacemaker to (<< 2) A new upstream release introduced as security update 1.1.24-0+deb9u1 in stretch added the new file /usr/lib/ocf/resource.d/pacemaker/ifspeed to pacemaker, while it resides in pacemaker-resource-agents in buster. (Closes: #985173) * [ff20fc2] libpe-status28/libpengine27: Add Breaks against libpe-status10 and libpengine10 (>= 1.1.24) The version in stretch-security shipped libraries with SOVERSION 16 instead of 10. (See: #981088) pglogical (2.2.1-4+deb10u1) buster; urgency=medium . * Non-maintainer upload. * Add upstream hack to fix FTBFS with the export of AcquireDeletionLock. (Closes: #962423) php-guzzlehttp-psr7 (1.4.2-0.1+deb10u1) buster; urgency=medium . * Track Buster * Backport fixes for improper header parsing [CVE-2022-24775] (Closes: #1008236) postfix (3.4.23-0+deb10u1) buster; urgency=medium . [Scott Kitterman] . * Refresh patches * Update d/p/70_postfix-check.diff to exclude makedefs.out from synlink check. Closes: #926331 * Do not override user set default_transport in postinst. Closes: #988538 * Add information about keeping resolv.conf up to date in the chroot with the resolvconf package. Closes: #964762 . [Sergio Gelato] . * Correct if-up.d to not error out if postfix can't send mail yet. Closes: #959864 . [Paride Legovini] . * d/postfix.postinst: tolerate search domain with a leading dot. Closes: #991950 . [Wietse Venema] . * 3.4.15 - Bugfix (introduced: Postfix 3.0): minor memory leaks in the Postfix TLS library, found during tests. File: tls/tls_misc.c. . - Bugfix (introduced: Postfix 3.0): 4kbyte per session memory leak in the Postfix TLS library, found during tests. File: tls/tls_misc.c. . - Workaround for distros that override Postfix protocol settings in a system-wide OpenSSL configuration file, causing interoperability problems after an OS update. File: tls/tls_client.c, tls/tls_server.c. . * 3.4.16 - Bugfix (introduced: Postfix 3.4.15): part of a memory leak fix was backported to the wrong place. File: tls/tls_misc.c. . - The Postfix 3.4.15 workaround did not explictly override the system-wide OpenSSL configuration of allowed TLS protocol versions, for sessions where the remote SMTP client sends SNI. It's better to be safe than sorry. File: tls/tls_server.c. . * 3.4.17 - Bugfix (introduced: Postfix 3.4, already fixed in Postfix 3.6): tlsproxy(8) was using the wrong DANE macro for connections with DANE trust anchors or with non-DANE trust anchors (WTF: Thorsten Habich found this bug in the use case that has nothing to do with DANE). This resulted in a global certificate verify function pointer race, between TLS handshakes that use TLS trust achors and handshakes that use PKI. No memory was corrupted in the course of all this. Viktor Dukhovni. File: tlsproxy/tlsproxy.c. . - Cleanup: the posttls-finger '-X' option reported a false conflict with '-r'. File: posttls-finger/posttls-finger.c. . * 3.4.18 - Bugfix (introduced: Postfix 2.0): smtp_sasl_mechanism_filter ignored table lookup errors, treating them as 'not found'. Found during Postfix 3.6 development. File: smtp/smtp_sasl_proto.c. . - Bugfix (introduced: Postfix 2.3): when deleting a recipient with a milter, delete the recipient from the duplicate filter, so that the recipient can be added back. Backported from Postfix 3.6. Files: global/been_here.[hc], cleanup/cleanup_milter.c. . - Bugfix (introduced: before Postfix alpha): the code that looks for Delivered-To: headers ignored headers longer than $line_length_limit. Backported from Postfix 3.6. File: global/delivered_hdr.c. . - Bugfix (introduced: Postfix 2.8): save a copy of the postscreen_dnsbl_reply_map lookup result. This has no effect when the recommended texthash: look table is used, but it may avoid stale data with other lookup tables. File: postscreen/postscreen_dnsbl.c. . - Bugfix (introduced: Postfix 2.2): after processing an XCCLIENT command, the smtps service was waiting for a TLS handshake. Found by Aki Tuomi. File: smtpd/smtpd.c. . - Bugfix (introduced: Postfix 2.3): static maps did not free their casefolding buffer. File: util/dict_static.c. . * 3.4.19 - Feature: when a Postfix program makes a DNS query that requests DNSSEC validation (usually for Postfix DANE support) but the DNS response is not DNSSEC validated, Postfix will send a DNS query configured with the "dnssec_probe" parameter to determine if DNSSEC support is available, and logs a warning if it is not. By default, the probe has type "ns" and domain name ".". The probe is sent once per process lifetime. Files: dns/dns.h, dns/dns_lookup.c, dns/dns_sec.c, test_dns_lookup.c, global/mail_params.[hc], mantools/postlink. . - The default "smtp_tls_dane_insecure_mx_policy = dane" was causing unnecessary dnssec_probe activity. The default is now "dane" when smtp_tls_security_level is "dane", otherwise it is "may". File: global/mail_params.h. . * 3.4.20 - Missing null pointer checks (introduced: Postfix 3.4) after an internal I/O error during the smtp(8) to tlsproxy(8) handshake. Found by Coverity, reported by Jaroslav Skarvada. Based on fix by Viktor Dukhovni. File: tls/tls_proxy_client_scan.c. . - Null pointer bug (introduced: Postfix 3.0) and memory leak (introduced: Postfix 3.4) after an inline: table syntax error in main.cf or master.cf. Found by Coverity, reported by Jaroslav Skarvada. Based on fix by Viktor Dukhovni. File: util/dict_inline.c. . - Incomplete null pointer check (introduced: Postfix 2.10) after truncated HaProxy version 1 handshake message. Found by Coverity, reported by Jaroslav Skarvada. Fix by Viktor Dukhovni. File: global/haproxy_srvr.c. . - Missing null pointer check (introduced: Postfix alpha) after null argv[0] value. File: global/mail_task.c. . * 3.4.21 - Bugfix (introduced: Postfix 2.11): the command "postmap lmdb:/file/name" handled duplicate keys ungracefully, discarding entries stored up to and including the duplicate key, and causing a double free() call with lmdb versions 0.9.17 and later. Reported by Adi Prasaja; double free() root cause analysis by Howard Chu. File: util/slmdb.c. . - Typo (introduced: Postfix 3.4): silent_discard should be silent-discard. File: proto/BDAT_README.html. . - Support for Postfix 3.6 compatibility_level syntax, to avoid fatal runtime errors when rolling back from Postfix 3.6 to an earlier supported version, or when sharing Postfix 3.6 configuration files with an earlier supported Postfix version. File: global/mail_params.c. . * 3.4.22 - Bugfix (introduced: Postfix 3.4): the texthash: map implementation did not support "postmap -F" behavior. Reported by Christopher Gurnee, who also found the missing code in the postmap source. File: util/dict_thash.c. . - Bugfix (introduced: 1999, Postfix 2.11) latent false "Result too large" (ERANGE) errors because an strtol() call had no 'errno = 0' statement before the call. Back-ported from Postfix 3.6. Files: postscreen/postscreen_tests.c, util/mac_expand.c. . - Bugfix (introduced: Postfix 3.3): "null pointer read" error in the cleanup daemon when "header_from_format = standard" (the default as of Postfix 3.3) and email was submitted with /usr/sbin/sendmail without From: header, and an all-space full name was specified in 1) the password file, 2) with "sendmail -F", or 3) with the NAME environment variable. Found by Renaud Metrich. File: cleanup/cleanup_message.c. (Closes: #968057) . - Bugfix (introduced: 1999): the Postfix SMTP server was sending all session transcripts to the error_notice_recipient, instead of sending transcripts of bounced mail to the bounce_notice_recipient. File: smtpd/smtpd_chat.c. . - Bugfix (introduced: Postfix 2.4): false "too many reverse jump" warnings in the showq daemon. The loop detection code was comparing memory addresses instead of queue file names. It now properly compares strings. Reported by Mehmet Avcioglu. File: global/record.c. . * 3.4.23 - Bitrot: OpenSSL 3.x requires const. File: tls/tls_misc.c. . - Bugfix (bug introduced: Postfix 2.10): postconf -x produced incorrect output, because different functions were implicitly sharing a buffer for intermediate results. Reported by raf, root cause analysis by Viktor Dukhovni. File: postconf/postconf_builtin.c. . - Bugfix (problem introduced: Postfix 2.11): check_ccert_access worked as expected, but produced a spurious warning when Postfix was built without SASL support. Fix by Brad Barden. File: smtpd/smtpd_check.c. . - Bugfix (introduced: Postfix 2.4): queue file corruption after a Milter (for example, MIMEDefang) made a request to replace the message body with a copy of that message body plus additional text (for example, a SpamAssassin report). . The most likely impacts were a) the queue manager reporting a fatal error resulting in email delivery delays, or b) the queue manager reporting the corruption and moving the message to the corrupt queue for damaged messages. . However, a determined adversary could craft an email message that would trigger the bug, and insert a content filter destination or a redirect email address into its queue file. Postfix would then deliver the message headers there, in most cases without delivering the message body. With enough experimentation, an attacker could make Postfix deliver both the message headers and body. . The details of a successful attack depend on the Milter implementation, and on the Postfix and Milter configuration details; these can be determined remotely through experimentation. Failed experiments may be detected when the queue manager terminates with a fatal error, or when the queue manager moves damaged files to the "corrupt" queue as evidence. . Technical details: when Postfix executes a "replace body" Milter request it will reuse queue file storage that was used by the existing email message body. If the new body is larger, Postfix will append body content to the end of the queue file. The corruption happened when a Milter (for example, MIMEDefang) made a request to replace the body of a message with a new body that contained a copy of the original body plus some new text, and the original body contained a line longer than $line_length_limit bytes (for example, an image encoded in base64 without hard or soft line breaks). In queue files, Postfix stores a long text line as multiple records with up to $line_length_limit bytes each. Unfortunately, Postfix's "replace body" support did not account for the additional queue file space needed to store the second etc. record headers. And thus, the last record(s) of a long text line could overwrite one or more queue file records immediately after the space that was previously occupied by the original message body. . Problem report by Benoît Panizzon. . * Fix duplicate bounce_notice_recipient entries in postconf output. Closes: #999694 . [Andreas Hasenack] . * Fix autopkgtest so it works and uses python3 postgresql-11 (11.16-0+deb10u1) buster-security; urgency=medium . * New upstream release. . * Confine additional operations within security restricted operation sandboxes (Sergey Shinderuk, Noah Misch) . Autovacuum, CLUSTER, CREATE INDEX, REINDEX, REFRESH MATERIALIZED VIEW, and pg_amcheck activated the security restricted operation protection mechanism too late, or even not at all in some code paths. A user having permission to create non-temporary objects within a database could define an object that would execute arbitrary SQL code with superuser permissions the next time that autovacuum processed the object, or that some superuser ran one of the affected commands against it. . The PostgreSQL Project thanks Alexander Lakhin for reporting this problem. (CVE-2022-1552) postgresql-common (200+deb10u5) buster; urgency=medium . * pg_virtualenv: Write temporary password file before chowning the file. (Closes: #933569) * t/135_pg_virtualenv.t: Import test from master. postsrsd (1.5-2+deb10u2) buster; urgency=medium . * Fix CVE-2021-35525: potential DoS when Postfix sends certain long data fields such as multiple concatenated email addresses. Fix backported from upstream commit 077be98d8c8. (Closes: #990439) procmail (3.22-26+deb10u1) buster; urgency=medium . * Fix NULL pointer dereference. Closes: #769938. Reported by Jakub Wilk using American Fuzzy Lop. Patch from Stephen R. van den Berg. publicsuffix (20220811.1734-0+deb10u1) buster; urgency=medium . * new upstream publicsuffix data publicsuffix (20220614.1839-1) unstable; urgency=medium . * new upstream version publicsuffix (20211207.1025-1) unstable; urgency=medium . * new upstream version publicsuffix (20211207.1025-0+deb11u1) bullseye; urgency=medium . * new upstream publicsuffix data publicsuffix (20211109.1735-1) unstable; urgency=medium . * new upstream version publicsuffix (20211109.1735-0+deb11u1) bullseye; urgency=medium . * new upstream publicsuffix data python-bottle (0.12.15-2+deb10u2) buster-security; urgency=medium . * CVE-2022-31799 python-keystoneauth1 (3.10.0-2+deb10u1) buster; urgency=medium . * Non-maintainer upload. * Add upstream fix to make tests pass in 2020. (Closes: #950041) python-scrapy (1.5.1-1+deb10u1) buster; urgency=medium . * Team upload. * Security fix for CVE-2021-41125: Don't send authentication data with all requests. Provide a http_auth_domain spider attribute to control which domains are allowed to receive the configured HTTP authentication credentials. * Security fix CVE-2022-0577: Don't expose cookies cross-domain when redirected. (Closes: #1008234) python-udatetime (0.0.16-1+deb10u1) buster; urgency=medium . * Non-maintainer upload. * Backport upstream patch to fix failing test (Closes: #953539) * Patch udatetime to properly link against libm library. Thanks to Aurelien Jarno for the patch (Closes: #954305) qtbase-opensource-src (5.11.3+dfsg1-1+deb10u5) buster; urgency=medium . * Backport two upstream commits to fix setTabOrder for compound widgets (closes: #1001082). * Backport upstream patch to add an expansion limit for XML entities (CVE-2015-9541, closes: #951066). request-tracker4 (4.4.3-2+deb10u2) buster-security; urgency=medium . * Apply upstream patch which fixes several security vulnerabilities. - A cross-site scripting (XSS) issue when displaying attachment content with fraudulent content types. This vulnerability is assigned CVE-2022-25802. - Not performing full rights checks on access to file or image type custom fields, possibly allowing access to these custom fields by users without rights to access to the associated objects (like the ticket it is associated with). rsyslog (8.1901.0-1+deb10u2) buster-security; urgency=medium . * Fix potential heap buffer overflow in TCP syslog server (receiver) components when octet-counted framing is used (CVE-2022-24903, Closes: #1010619) ruby-activeldap (5.2.2-2+deb10u1) buster; urgency=medium . * Add missing dependency on ruby-builder (closes: #982522). ruby-hiredis (0.6.1-2+deb10u1) buster; urgency=medium . * Non-maintainer upload. * Skip more EAGAIN related tests. (Closes: #988023) ruby-http-parser.rb (0.6.0-4+deb10u1) buster; urgency=medium . * Non-maintainer upload. * Relax "post identity body world" test to fix FTBFS with the CVE-2019-15605 fix in http-parser. (Closes: #977750) ruby-riddle (2.3.1-2~deb10u1) buster; urgency=medium . * Non-maintainer upload. * Rebuild for buster. (Closes: #988028) . ruby-riddle (2.3.1-2) unstable; urgency=medium . * Team upload. . [ Utkarsh Gupta ] * Add salsa-ci.yml . [ Lucas Kanashiro ] * d/start_mysqld_and_run.sh: allow LOAD DATA LOCAL INFILE * Add patch to make mysql2 client allow local_infile * Declare compliance with Debian Policy 4.4.1 rust-cbindgen (0.23.0-1~deb10u2) buster; urgency=medium . * Use override_ target instead of execute_after_, the latter is not supported in buster's debhelper. This fixes files with too old timestamps. Closes: #1015146. rust-cbindgen (0.23.0-1~deb10u1) buster; urgency=medium . * Non-maintainer upload. * Backport to bullseye. * Bump rustc-mozilla build-deps to 1.59. rust-cbindgen (0.21.0-1) unstable; urgency=medium . * Package cbindgen 0.21.0 from crates.io using debcargo 2.5.0 rust-cbindgen (0.20.0-1) unstable; urgency=medium . * Package cbindgen 0.20.0 from crates.io using debcargo 2.4.4-alpha.0 rust-cbindgen (0.20.0-1~deb11u1) bullseye; urgency=medium . * Non-maintainer upload. * Backport to bullseye. rustc-mozilla (1.59.0+dfsg1-1~deb10u3) buster; urgency=medium . * Include mips(el) stage0 binaries. rustc-mozilla (1.59.0+dfsg1-1~deb10u2) buster; urgency=medium . * Inline atomics on arm64. * Increase allowed test failures on i386. rustc-mozilla (1.59.0+dfsg1-1~deb10u1) buster; urgency=medium . * Backport to buster. * Lower debhelper compat to 12. Stop using env variables in debhelper install files. * Disable windows target. rustc-mozilla (1.51.0+dfsg1-1~deb11u1) bullseye; urgency=medium . * Non-maintainer upload. * Backport to bullseye. * stage0 build. + Use arm-unknown-linux-gnueabi target for armel. * Reduce debugging symbols on i386 to avoid FTBFS due to OOM. sctk (2.4.10-20151007-1312Z+dfsg2-3.1~deb10u1) buster; urgency=medium . * Non-maintainer upload. * Rebuild for buster. . sctk (2.4.10-20151007-1312Z+dfsg2-3.1) unstable; urgency=medium . * Non-maintainer upload. * Apply patch by Michael Hudson-Doyle to use pdftoppm instead of convert to convert pdf to jpg as the latter fails with the changed security policy of ImageMagick. (Closes: #962439) smarty3 (3.1.33+20180830.1.3a78a21f+selfpack1-1+deb10u1) buster-security; urgency=high . * Non-maintainer upload. * Fix the following CVE: - CVE-2021-21408: template authors could run restricted static php methods - CVE-2021-29454: template authors could run arbitrary PHP code by crafting a malicious math string - CVE-2022-29221: template authors could inject php code by choosing a malicious {block} name or {include} file name - CVE-2021-26119: Sandbox Escape because $smarty.template_object can be accessed in sandbox mode - CVE-2021-26120: code injection via an unexpected function name snapd (2.37.4-1+deb10u1) buster-security; urgency=medium . * SECURITY UPDATE: local privilege escalation - d/p/cve202144730: Add validations of the location of the snap-confine binary within snapd. - d/p/cve202144730: Fix race condition in snap-confine when preparing a private mount namespace for a snap. - CVE-2021-44730 - CVE-2021-44731 spip (3.2.4-1+deb10u9) buster-security; urgency=medium . * Backport security fixes from 3.2.16 - Remote code execution - XSS alowing priviledge escalation spip (3.2.4-1+deb10u8) buster-security; urgency=high . * Backport security fix from 3.2.15 - Sanitizing and other XSS protections squid (4.6-1+deb10u7) buster-security; urgency=medium . * Add patch to fix a Denial of Service in Gopher Processing. Fixes: CVE-2021-46784. * Add patch to fix Out-Of-Bounds memory access in WCCPv2. Fixes: CVE-2021-28116. subversion (1.10.4-1+deb10u3) buster-security; urgency=high . * Security Fixes: - CVE-2021-28544: Don't show unreadable copyfrom paths in 'svn log -v' - CVE-2022-24070: Fix issue #4880 "Use-after-free of object-pools when used as httpd module" thunderbird (1:91.12.0-1~deb10u1) buster-security; urgency=medium . * Rebuild for buster-security thunderbird (1:91.11.0-1) unstable; urgency=medium . * [05a947d] New upstream version 91.11.0 Fixed CVE issues in upstream version 91.11 (MFSA 2022-26: CVE-2022-34479: A popup window could be resized in a way to overlay the address bar with web content CVE-2022-34470: Use-after-free in nsSHistory CVE-2022-34468: CSP sandbox header without `allow-scripts` can be bypassed via retargeted javascript: URI CVE-2022-2226: An email with a mismatching OpenPGP signature date was accepted as valid CVE-2022-34481: Potential integer overflow in ReplaceElementsAt CVE-2022-31744: CSP bypass enabling stylesheet injection CVE-2022-34472: Unavailable PAC file resulted in OCSP requests being blocked CVE-2022-2200: Undesired attributes could be set as part of prototype pollution CVE-2022-34484: Memory safety bugs fixed in Thunderbird 91.11 and Thunderbird 102 (Closes: #1014004) * [4c4944d] Rebuild patch queue from patch-queue branch Added patch: fixes/Bug-1773070-Rename-remove-some-eventState-s-variables.-r-.patch thunderbird (1:91.11.0-1~deb11u1) bullseye-security; urgency=medium . * Rebuild for bullseye-security * [f23e5c8] Revert "Rebuild patch queue from patch-queue branch" The {old-,}stable release doesn't have an "to new" version of cbindgen, so we don't need this added patch. thunderbird (1:91.11.0-1~deb10u1) buster-security; urgency=medium . * Rebuild for buster-security thunderbird (1:91.10.0-1) unstable; urgency=medium . * [969960a] New upstream version 91.10.0 Fixed CVE issues in upstream version 91.9.1 (MFSA 2022-19): CVE-2022-1802: Prototype pollution in Top-Level Await implementation CVE-2022-1529: Untrusted input used in JavaScript object indexing, leading to prototype pollution . Fixed CVE issues in upstream version 91.10 (MFSA 2022-22): CVE-2022-31736: Cross-Origin resource's length leaked CVE-2022-31737: Heap buffer overflow in WebGL CVE-2022-31738: Browser window spoof using fullscreen mode CVE-2022-31739: Attacker-influenced path traversal when saving downloaded files CVE-2022-31740: Register allocation problem in WASM on arm64 CVE-2022-31741: Uninitialized variable leads to invalid memory read CVE-2022-1834: Braille space character caused incorrect sender email to be shown for a digitally signed email CVE-2022-31742: Querying a WebAuthn token with a large number of allowCredential entries may have leaked cross-origin information CVE-2022-31747: Memory safety bugs fixed in Thunderbird 91.10 * [4b55e16] d/control: Increase Standards-Version to 4.6.0 No further changes needed. thunderbird (1:91.10.0-1~deb11u1) bullseye-security; urgency=medium . * Rebuild for bullseye-security thunderbird (1:91.10.0-1~deb10u1) buster-security; urgency=medium . * Rebuild for buster-security thunderbird (1:91.9.0-1) unstable; urgency=medium . * [88b99d1] New upstream version 91.9.0 Fixed CVE issues in upstream version 91.9 (MFSA 2022-18): CVE-2022-1520: Incorrect security status shown after viewing an attached email CVE-2022-29914: Fullscreen notification bypass using popups CVE-2022-29909: Bypassing permission prompt in nested browsing contexts CVE-2022-29916: Leaking browser history with CSS variables CVE-2022-29911: iframe sandbox bypass CVE-2022-29912: Reader mode bypassed SameSite cookies CVE-2022-29913: Speech Synthesis feature not properly disabled CVE-2022-29917: Memory safety bugs fixed in Thunderbird 91.9 thunderbird (1:91.9.0-1~deb11u1) bullseye-security; urgency=medium . * Rebuild for bullseye-security (Closes: #1009321) thunderbird (1:91.9.0-1~deb10u1) buster-security; urgency=medium . * Rebuild for buster-security (Closes: #1009321) thunderbird (1:91.8.1-1) unstable; urgency=medium . * [b57406c] New upstream version 91.8.1 (Closes: #1009321) thunderbird (1:91.8.0-1) unstable; urgency=medium . * [06619c5] New upstream version 91.8.0 Fixed CVE issues in upstream version 91.8 (MFSA 2022-15): CVE-2022-1097: Use-after-free in NSSToken objects CVE-2022-28281: Out of bounds write due to unexpected WebAuthN Extensions CVE-2022-1197: OpenPGP revocation information was ignored CVE-2022-1196: Use-after-free after VR Process destruction CVE-2022-28282: Use-after-free in DocumentL10n::TranslateDocument CVE-2022-28285: Incorrect AliasSet used in JIT Codegen CVE-2022-28286: iframe contents could be rendered outside the border CVE-2022-24713: Denial of Service via complex regular expressions CVE-2022-28289: Memory safety bugs fixed in Thunderbird 91.8 thunderbird (1:91.8.0-1~deb11u1) bullseye-security; urgency=medium . * Rebuild for bullseye-security thunderbird (1:91.8.0-1~deb10u1) buster-security; urgency=medium . * Rebuild for buster-security thunderbird (1:91.7.0-2) unstable; urgency=medium . * [c348b62] Rebuild patch-queue from patch queue branch Added patch: fixes/Bug-1494436-Unset-MOZ_APP_LAUNCHER-for-external-MIME-hand.patch (Closes: #948691) Thanks go out to Simon McVittie for preparing this patch! thunderbird (1:91.7.0-2~deb11u1) bullseye-security; urgency=medium . * Rebuild for bullseye-security thunderbird (1:91.7.0-2~deb10u1) buster-security; urgency=medium . * Rebuild for buster-security thunderbird (1:91.7.0-1) unstable; urgency=medium . * [952f6d0] New upstream version 91.7.0 Fixed CVE issues in upstream version 91.7 (MFSA 2022-12): CVE-2022-26383: Browser window spoof using fullscreen mode CVE-2022-26384: iframe allow-scripts sandbox bypass CVE-2022-26387: Time-of-check time-of-use bug when verifying add-on signatures CVE-2022-26381: Use-after-free in text reflows CVE-2022-26386: Temporary files downloaded to /tmp and accessible by other local users thunderbird (1:91.6.2-1) unstable; urgency=medium . * [2f95b97] New upstream version 91.6.2 Fixed CVE issues in upstream version 91.6.2 (MFSA 2022-09): CVE-2022-26485: Use-after-free in XSLT parameter processing CVE-2022-26486: Use-after-free in WebGPU IPC Framework thunderbird (1:91.6.2-1~deb11u1) bullseye-security; urgency=medium . * Rebuild for bullseye-security thunderbird (1:91.6.2-1~deb10u1) buster-security; urgency=medium . * Rebuild for buster-security thunderbird (1:91.6.1-1) unstable; urgency=medium . * [3edb855] New upstream version 91.6.1 Fixed CVE issues in upstream version 91.6.1 (MFSA 2022-07): CVE-2022-0566: Crafted email could trigger an out-of-bounds write thunderbird (1:91.6.1-1~deb11u1) bullseye-security; urgency=medium . * Rebuild for bullseye-security thunderbird (1:91.6.1-1~deb10u1) buster-security; urgency=medium . * Rebuild for buster-security thunderbird (1:91.6.0-1) unstable; urgency=medium . * [884ccb6] New upstream version 91.6.0 Fixed CVE issues in upstream version 91.6 (MFSA 2022-06): CVE-2022-22754: Extensions could have bypassed permission confirmation during update CVE-2022-22756: Drag and dropping an image could have resulted in the dropped object being an executable CVE-2022-22759: Sandboxed iframes could have executed script if the parent appended elements CVE-2022-22760: Cross-Origin responses could be distinguished between script and non-script content-types CVE-2022-22761: frame-ancestors Content Security Policy directive was not enforced for framed extension pages CVE-2022-22763: Script Execution during invalid object state CVE-2022-22764: Memory safety bugs fixed in Thunderbird 91.6 (Closes: #1004951) thunderbird (1:91.6.0-1~deb11u1) bullseye-security; urgency=medium . * Rebuild for bullseye-security thunderbird (1:91.6.0-1~deb10u1) buster-security; urgency=medium . * Rebuild for buster-security thunderbird (1:91.5.1-1) unstable; urgency=medium . * [130bab2] New upstream version 91.5.1 thunderbird (1:91.5.0-2) unstable; urgency=medium . * [fd07163] autopkgtest: Run check-global-config-path.py only on Intel thunderbird (1:91.5.0-2~deb11u1) bullseye-security; urgency=medium . * Rebuild for bullseye-security * [3fb049d] d/thunderbird.NEWS: Information about solved issue thunderbird (1:91.5.0-2~deb10u1) buster-security; urgency=medium . * Rebuild for buster-security * [5204a6c] d/thunderbird.NEWS: Adjust version to buster thunderbird (1:91.5.0-1) unstable; urgency=medium . [ Carsten Schoenert ] * [8d4e5f8] New upstream version 91.5.0 Fixed CVE issues in upstream version 91.5 (MFSA 2022-03): CVE-2022-22743: Browser window spoof using fullscreen mode CVE-2022-22742: Out-of-bounds memory access when inserting text in edit mode CVE-2022-22741: Browser window spoof using fullscreen mode CVE-2022-22740: Use-after-free of ChannelEventQueue::mOwner CVE-2022-22738: Heap-buffer-overflow in blendGaussianBlur CVE-2022-22737: Race condition when playing audio files CVE-2021-4140: Iframe sandbox bypass with XSLT CVE-2022-22748: Spoofed origin on external protocol launch dialog CVE-2022-22745: Leaking cross-origin URLs through securitypolicyviolation event CVE-2022-22744: The 'Copy as curl' feature in DevTools did not fully escape website-controlled data, potentially leading to command injection CVE-2022-22747: Crash when handling empty pkcs7 sequence CVE-2022-22739: Missing throttling on external protocol launch dialog CVE-2022-22751: Memory safety bugs fixed in Thunderbird 91.5 * [a86c0b4] Rebuild patch queue from patch-queue branch Modified patch: debian-hacks/Add-another-preferences-directory-for-applications-p.patch Reworking the patch so LoadDirIntoArray is working again that is adding an additional syspref folder for global settings to use. (Closes: #997841, #1003280) * [442988b] autopkgtest: Adding check for accessing syspref folder . [ Jochen Sprickerhof ] * [5b5d508] d/thunderbird-wrapper.sh: Use 'command -v' (Closes:#1002570 ) thunderbird (1:91.4.1-1) unstable; urgency=medium . * [c5b36d3] New upstream version 91.4.1 Fixed CVE issues in upstream version 91.4.1 (MFSA 2021-55): CVE-2021-4126: OpenPGP signature status doesn't consider additional message content CVE-2021-44538: Matrix chat library libolm bundled with Thunderbird vulnerable to a buffer overflow * [b66bebb] d/changelog: Update some MOZ-* entries with assigned CVEs thunderbird (1:91.4.1-1~deb11u1) bullseye-security; urgency=medium . * Rebuild for bullseye-security * [303eebe] d/thunderbird.NEWS: Inform about broken system locale detection thunderbird (1:91.4.1-1~deb10u1) buster-security; urgency=medium . * Rebuild for buster-security * [fa7c995] d/thunderbird.NEWS: Adjust version to buster thunderbird (1:91.4.0-1) unstable; urgency=medium . * [7752be0] d/source.filter: Small updates to filtering list * [0899850] New upstream version 91.4.0 Fixed CVE issues in upstream version 91.4 (MFSA 2021-54): CVE-2021-43536: URL leakage when navigating while executing asynchronous function CVE-2021-43537: Heap buffer overflow when using structured clone CVE-2021-43538: Missing fullscreen and pointer lock notification when requesting both CVE-2021-43539: GC rooting failure when calling wasm instance methods CVE-2021-43541: External protocol handler parameters were unescaped CVE-2021-43542: XMLHttpRequest error codes could have leaked the existence of an external protocol handler CVE-2021-43543: Bypass of CSP sandbox directive when embedding CVE-2021-43545: Denial of Service when using the Location API in a loop CVE-2021-43546: Cursor spoofing could overlay user interface when native cursor is zoomed CVE-2021-43528: JavaScript unexpectedly enabled for the composition area MOZ-2021-0009: Memory safety bugs fixed in Thunderbird 91.4.0 * [afd7750] d/t.lintian-overrides: Update entries due renamed tags Some Lintan tags were renamed, thus requires am adjustment of the existing overrides. * [30a387c] d/s/lintian-overrides: Adjust most of the existing entries Same as before but for the source package. thunderbird (1:91.3.2-1) unstable; urgency=medium . * [7fd56f0] New upstream version 91.3.2 * [4fccecb] Rebuild patch queue from patch-queue branch Added patch: debian-hacks/Fix-Floating-Point-Normalization-breakage-on-32bit-Linux.patch thunderbird (1:91.3.0-1) unstable; urgency=medium . * [1d3e0b1] Revert "Rebuild patch queue from patch-queue branch" The patch for fixing the broken build on i386 breaks other architectures, so reverting for now. * [66755b4] New upstream version 91.3.0 Fixed CVE issues in upstream version 91.3 (MFSA 2021-50): CVE-2021-38503: iframe sandbox rules did not apply to XSLT stylesheets CVE-2021-38504: Use-after-free in file picker dialog CVE-2021-38506: Thunderbird could be coaxed into going into fullscreen mode without notification or warning CVE-2021-38507: Opportunistic Encryption in HTTP2 could be used to bypass the Same-Origin-Policy on services hosted on other ports MOZ-2021-0008: Use-after-free in HTTP2 Session object (no CVE assigned yet) CVE-2021-38508: Permission Prompt could be overlaid, resulting in user confusion and potential spoofing CVE-2021-38509: Javascript alert box could have been spoofed onto an arbitrary domain MOZ-2021-0007: Memory safety bugs fixed in Thunderbird ESR 91.3 (no CVE assigned yet) thunderbird (1:91.2.1-1) unstable; urgency=medium . [ Carsten Schoenert ] * [bcb5677] d/gbp.conf: Adjust to upstream-91.x * [12a433a] New upstream version 91.2.1 * [f935b52] Rebuild patch queue from patch-queue branch Added patch: debian-hacks/Fix-Floating-Point-Normalization-breakage-on-32bit-Linux.patch * [3faba71] Disable usage of system icu package The system packages of libicu-dev are to old for Thunderbird, we need to use the internel pre-shipped ICU sources. thunderbird (1:91.2.0-1) experimental; urgency=medium . * [3c88844] New upstream version 91.2.0 Fixed CVE issues in upstream version 91.2 (MFSA 2021-47): CVE-2021-38502: Downgrade attack on SMTP STARTTLS connections CVE-2021-38496: Use-after-free in MessageTask CVE-2021-38497: Validation message could have been overlaid on another origin CVE-2021-38498: Use-after-free of nsLanguageAtomService object CVE-2021-32810: Data race in crossbeam-deque CVE-2021-38500: Memory safety bugs fixed in Thunderbird 91.2 CVE-2021-38501: Memory safety bugs fixed in Thunderbird 91.2 (Closes: #973042) thunderbird (1:91.1.1-1) experimental; urgency=medium . * [73e3b75] New upstream version 91.1.1 * [3413d35] Rebuild patch queue from patch-queue branch Removed patch: fixes/Bug-1727113-Never-require-that-addons-are-signed-for-Thun.patch thunderbird (1:91.1.0-1) experimental; urgency=medium . * [0b1d9f9] New upstream version 91.1.0 Fixed CVE issues in upstream version 91.1 (MFSA 2021-41): CVE-2021-38495: Memory safety bugs fixed in Thunderbird 91.1 * [4313e64] Rebuild patch queue from patch-queue branch Added patch: fixes/Bug-1727113-Never-require-that-addons-are-signed-for-Thun.patch (Closes: #993594) Modified patch: porting-armhf/Bug-1526653-Include-struct-definitions-for-user_vfp-and-u.patch * [234c566] d/rules: Don't run dh_autoreconf (Closes: #993494) * [bce15d7] thunderbird: Set package x11-utils as fallback Install x11-utils only if kdialog or zenity aren't present on the system. thunderbird (1:91.0.2-1) experimental; urgency=medium . * [a5efefd] New upstream version 91.0.2 Fixed CVE issues in upstream version 91.0.1 (MFSA 2021-37): CVE-2021-29991: Header Splitting possible with HTTP/3 Responses * [b21a07b] d/control: increase Standards-Version to 4.6.0 No further changes needed. thunderbird (1:91.0-1) experimental; urgency=medium . * [3be73b6] d/source.filter: some updates to filtering list * [5c87a00] New upstream version 91.0 Fixed CVE issues in upstream version 91.0 (MFSA 2021-36): CVE-2021-29986: Race condition when resolving DNS names could have led to memory corruption CVE-2021-29981: Live range splitting could have led to conflicting assignments in the JIT CVE-2021-29988: Memory corruption as a result of incorrect style treatment CVE-2021-29984: Incorrect instruction reordering during JIT optimization CVE-2021-29980: Uninitialized memory in a canvas object could have led to memory corruption CVE-2021-29987: Users could have been tricked into accepting unwanted permissions on Linux CVE-2021-29985: Use-after-free media channels CVE-2021-29982: Single bit data leak due to incorrect JIT optimization and type confusion CVE-2021-29989: Memory safety bugs fixed in Thunderbird 91 (Closes: #640927 , #944208, #958433, #952853, #971722, #982670) * [0157fe4] d/control: Add new package thunderbird-l10n-af Upstream ships localizations for Africaans. * [f23e9e0] d/control: Add new package thunderbird-l10n-en-ca Upstream ships localizations for English (Canada). * [8b3cee9] d/control: Add new package thunderbird-l10n-lv Upstream ships localizations for Latvian. * [cad58ea] d/control: Add new package thunderbird-l10n-pa-in Upstream ships localizations for Punjabi (Gurmukhi). * [aecc2da] d/control: Add new package thunderbird-l10n-th Upstream ships localizations for Thai. * [9707e8a] Moving over to debhelper-compat Switch over to recent debhelper-compat 13. * [2934049] d/rules: Customize dh_missing call Due debhelper-compat dh_missing needs some aditional tweaking as we need to ignore some files which are built and installed into the tempory install folder but not installed into the package(s). * [7df72c6] d/rules: Don't use dwz Running and using dwz is bringing no gain and produces issues to, can be ignored for now. * [1709f28] d/control: Remove non existing packages from Breaks xul-ext-firetray and xul-ext-quotecolors are gone from the supported releases. * [f160918] d/control: Adding Rules-Requires-Root: no No specific root access required so far while package build. thunderbird (1:91.0~b5-1) experimental; urgency=medium . * [8a9083f] d/control: Adjust VCS links to branch debian/experimental * [acf4b3c] d/source.filter: some updates to filtering list * [84d1b87] New upstream version 91.0~b5 thunderbird (1:91.0~b3-1) experimental; urgency=medium . * [90a153b] New upstream version 91.0~b3 * [ada2cf0] d/control: Remove transitional package lightning * [3e5087f] d/control: Remove obsolete lightning-l10-* packages * [6eac520] d/control: Remove Suggests on libgtk2.0-0 fur thunderbird (Closes: #967771) thunderbird (1:91.0~b1-1) experimental; urgency=medium . * [78f0ddb] d/source.filter: some updates to filtering list * [3d29fcf] New upstream version 91.0~b1 (Closes: #990631) * [daa7fab] d/control: Increase some Build-Depends * [f4bfd22] d/control: Remove libgtk2.0-dev from Build-Depends * [ad4e281] d/s/lintian-overrides: Adding one more file to ignore thunderbird (1:90.0~b2-1) experimental; urgency=medium . [ Carsten Schoenert ] * [3cc0d66] d/source.filter: some updates to filtering list * [3c76a94] New upstream version 90.0~b2 * [46718fe] rebuild patch queue from patch-queue branch removed patches: fixes/reduce-the-rust-debuginfo-level-on-selected-architectures.patch debian-hacks/Work-around-Debian-bug-844357.patch * [156d3c9] d/thunderbird.1: Correct debugger option * [ca7daca] /u/l/thunderbird: Correct escape sequencing for gdb calling (Closes: #976979) * [f310330] d/thunderbird-wrapper.sh: Use '${}' syntax for variables * [0ef3788] d/thunderbird.install: Remove gtk2 cruft * [17b0510] d/copyright: Update due removed content * [feca305] d/s/lintian-override: Remove two no longer existing entries . [ Kevin Locke ] * [dbe3c3e] d/thunderbird-wrapper.sh: Make gdb call more fail safe (Closes:#942799) thunderbird (1:89.0~b2-1) experimental; urgency=medium . * [74911c7] New upstream version 89.0~b2 * [b4fef2a] rebuild patch queue from patch-queue branch modified patches: debian-hacks/Don-t-register-plugins-if-the-MOZILLA_DISABLE_PLUGIN.patch porting-armhf/Don-t-use-LLVM-internal-assembler-on-armhf.patch porting-kfreebsd-hurd/FTBFS-hurd-fixing-unsupported-platform-Hurd.patch removed patches: debian-hacks/Don-t-register-plugins-if-the-MOZILLA_DISABLE_PLUGIN.patch * [ea6a29e] d/control: Increase B-D for cbindgen and libnss3-dev thunderbird (1:88.0~b2-1) experimental; urgency=medium . [ Carsten Schoenert ] * [7af1a0b] New upstream version 88.0~b2 * [30d1d48] rebuild patch queue from patch-queue branch modified patch: debian-hacks/Add-another-preferences-directory-for-applications-p.patch porting-armhf/Don-t-use-LLVM-internal-assembler-on-armhf.patch removed patches (included upstream): porting-arm/Reduce-memory-usage-while-linking-on-arm-el-hf-platforms.patch porting-s390x/Explicitly-instantiate-TIntermTraverser-traverse-TIntermN.patch renamed patch: fixes/Load-dependent-libraries-with-their-real-path-to-avo.patch -> fixes/Load-dependent-libraries-with-their-real-path.patch * [f45da92] d/control: Increase B-D for libnss3-dev . [ Colomban Wendling ] * [bbf78cb] d/thunderbird.desktop: Switch StartupWMClass (Closes: #985366) . [ Carsten Schoenert ] * [a2cc9e0] d/control: Adding nasm to Build-Depends * [41fad62] d/copyright: update due removed content thunderbird (1:86.0~b3-1) experimental; urgency=medium . [ Carsten Schoenert ] * [002f597,fe0515b] d/source.filter: updating the filtering list * [dfafc89,35d050f] d/copyright: updates due upstream changes Add Apache2 notice for third_party/python/coverage * [24c009c] lintian: adding override for false positive in SVG file * [d316a1c] New upstream version 86.0~b3 * [20dc687] rebuild patch queue from patch-queue branch modified patch: debian/patches/porting-kfreebsd-hurd/adding-missed-HURD-adoptions.patch * [21b86f0] d/copyright: update due removed content * [7fc9755] d/s/lintian-override: path for TeXZilla.js has changed * [33c5d5a] d/s/lintian-override: remove JS file * [825a440] d/control: Increase B-D for cbindgen . [ Pino Toscano ] * [35c3c3b] thunderbird: Stop shipping /u/s/p/thunderbird.png symlink thunderbird (1:85.0~b3-1) experimental; urgency=medium . * [b142ac6] New upstream version 85.0~b3 * [0d2221a] d/control: Increase various B-D versions * [e4eb52e] rebuild patch queue from patch-queue branch added patch: debian-hacks/Decrease-Cargo-minimal-version-to-1.46.0.patch updated patches: debian-hacks/Use-remoting-name-for-call-to-gdk_set_program_class.patch fixes/reduce-the-rust-debuginfo-level-on-selected-architectures.patch thunderbird (1:84.0~b3-1) experimental; urgency=medium . * [fad5103] calendar-google-provider*: removing left over cruft * [b095d8e] thunderbird.NEWS: Add hint about integration of OpenPGP support * [0f6bdf3] Revert "d/tb.lintian-overrides: ignore warning about none versioned breaks" * [f10f80c] d/copyright: update content * [9c3fb20] d/source.filter: some updates to filtering list * [c9b8274] New upstream version 84.0~b3 * [adf3835] rebuild patch queue from patch-queue branch removed patches: fixes/Add-missing-bindings-for-mips-in-the-authenticator-crate.patch fixes/fix-function-nsMsgComposeAndSend-to-respect-Replo.patch porting-armel/Bug-1463035-Remove-MOZ_SIGNAL_TRAMPOLINE.-r-darchons.patch porting-mips/Bug-1642265-MIPS64-Add-branchTestSymbol-and-fallibleUnbox.patch porting-s390x/Use-more-recent-embedded-version-of-sqlite3.patch porting-m68k/Add-m68k-support-to-Thunderbird.patch porting-sh4/Add-sh4-support-to-Thunderbird.patch * [3ff9c9d] thunderbird-l10n-all: add thunderbird-l10n-cy (Closes: #974127) * [393490c] d/control: remove l10n package for Sinhala * [1f4e966] d/control: increase Standards-Version to 4.5.1 No further changes needed. * [288afdd] d/rules: use python3 explicitly while calling mach Using the Python 3 interpreter is needed otherwise the Mozilla magic tries to use a non existing virtualenv environment. * [a509bdf] d/watch: update to version 4 No further changes needed. * [fc6b358] d/copyright: update some more content Updating the copyright information due upstream modifications. * [3bd5713] d/s/lintian-overrides: Adding more file to ignore thunderbird (1:78.14.0-1) unstable; urgency=medium . * [6dc6817] d/changelog: Correct TB version for referenced MFSA * [38f01f4] d/rules: Don't run dh_autoreconf (Closes: #993494) * [09c4cde] New upstream version 78.14.0 Fixed CVE issues in upstream version 78.14.0 (MFSA 2021-42): CVE-2021-38493: Memory safety bugs fixed in Thunderbird 78.14 and Thunderbird 91.1 thunderbird (1:78.14.0-1~deb11u1) bullseye-security; urgency=medium . * Rebuild for bullseye-security tiff (4.1.0+git191117-2~deb10u4) buster-security; urgency=high . [ Thorsten Alteholz ] * CVE-2022-22844 out-of-bounds read in _TIFFmemcpy in certain situations involving a custom tag and 0x0200 as the second word of the DE field. * CVE-2022-0562 Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory(). This could result in a Denial of Service via crafted TIFF files. * CVE-2022-0561 Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing(). This could result in a Denial of Service via crafted TIFF files. . [ Laszlo Boszormenyi (GCS) ] * Backport security fix for CVE-2022-0865, crash when reading a file with multiple IFD in memory-mapped mode and when bit reversal is needed. * Backport security fix for CVE-2022-0908, null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag(). * Backport security fix for CVE-2022-0907, unchecked return value to null pointer dereference in tiffcrop. * Backport security fix for CVE-2022-0909, divide by zero error in tiffcrop. * Backport security fix for CVE-2022-0891, heap buffer overflow in ExtractImageSection function in tiffcrop. * Backport security fix for CVE-2022-0924, heap buffer overflow in tiffcp. trafficserver (8.0.2+ds-1+deb10u6) buster-security; urgency=high . * Multiple CVE fixes for 8.0.x + CVE-2021-37147: Improper input validation vulnerability + CVE-2021-37148: Improper input validation vulnerability + CVE-2021-37149: Improper Input Validation vulnerability + CVE-2021-38161: Improper Authentication vulnerability in TLS origin verification + CVE-2021-44040: Improper Input Validation vulnerability in request line parsing + CVE-2021-44759: Improper Authentication vulnerability in TLS origin validation twisted (18.9.0-3+deb10u1) buster; urgency=medium . * Team upload. * SECURITY UPDATE: incorrect URI and HTTP method validation - debian/patches/CVE-2019-12387.patch: prevent CRLF injections in src/twisted/web/_newclient.py, src/twisted/web/client.py, src/twisted/web/test/injectionhelpers.py, src/twisted/web/test/test_agent.py, src/twisted/web/test/test_webclient.py. - CVE-2019-12387 - Thanks Marc Deslauriers at Canonical for backporting the patches. * SECURITY UPDATE: incorrect cert validation in XMPP support - debian/patches/CVE-2019-12855-*.patch: upstream patches to implement certificate checking. - CVE-2019-12855 - Thanks Marc Deslauriers at Canonical for backporting the patches. * SECURITY UPDATE: HTTP/2 denial of service issues - debian/patches/CVE-2019-951x.patch: buffer outbound control frames and timeout invalid clients in src/twisted/web/_http2.py, src/twisted/web/error.py, src/twisted/web/http.py, src/twisted/web/test/test_http.py, src/twisted/web/test/test_http2.py. - CVE-2019-9511 - CVE-2019-9514 - CVE-2019-9515 - Thanks Marc Deslauriers at Canonical for backporting the patches. * SECURITY UPDATE: request smuggling attacks - debian/patches/CVE-2020-1010x-pre1.patch: refactor to reduce duplication in src/twisted/web/test/test_http.py. - debian/patches/CVE-2020-1010x.patch: fix several request smuggling attacks in src/twisted/web/http.py, src/twisted/web/test/test_http.py. - CVE-2020-10108 - CVE-2020-10109 - Thanks Marc Deslauriers at Canonical for backporting the patches. * SECURITY UPDATE: Information disclosure results in leaking of HTTP cookie and authorization headers when following cross origin redirects - debian/patches/CVE-2022-21712-*.patch: Ensure sensitive HTTP headers are removed when forming requests, in src/twisted/web/client.py, src/twisted/web/test/test_agent.py and src/twisted/web/iweb.py. - CVE-2022-21712 - Thanks Ray Veldkamp at Canonical for backporting the patches. * SECURITY UPDATE: Parsing of SSH version identifier field during an SSH handshake can result in a denial of service when excessively large packets are received - debian/patches/CVE-2022-21716-*.patch: Ensure that length of received handshake buffer is checked, prior to processing version string in src/twisted/conch/ssh/transport.py and src/twisted/conch/test/test_transport.py - CVE-2022-21716 - Thanks Ray Veldkamp at Canonical for backporting the patches. * CVE-2022-24801: Correct several defects in HTTP request parsing that could permit HTTP request smuggling: disallow signed Content-Length headers, forbid illegal characters in chunked extensions, forbid 0x prefix to chunk lengths, and only strip space and horizontal tab from header values. - debian/patches/CVE-2022-24801-*.patch * Patch: remove spurious test for illegal whitespace in xmlns, to allow tests to pass, again. tzdata (2021a-0+deb10u6) buster; urgency=medium . * Cherry-pick patches from upstream: - Iran plans to stop observing DST permanently, after it falls back on 2022-09-21. - Chile's 2022 DST start is delayed from September 4 to September 11. tzdata (2021a-0+deb10u5) buster; urgency=medium . * Cherry-pick patches from upstream: - 07-no-leap-second-2022-06-30.patch: update leap-seconds.list, new expiration date on 28 December 2022. Closes: #1012191. tzdata (2021a-0+deb10u4) buster; urgency=medium . * Cherry-pick patches from tzdata-2022a: - 06-palestine-dst2.patch: Palestine will spring forward on 2022-03-27, not -03-26. ublock-origin (1.42.0+dfsg-1~deb10u1) buster; urgency=medium . * Backport to Buster. * Correct the mistake in debian/changelog and produce a valid changelog file. (Closes: #996249) ublock-origin (1.40.2+dfsg-1) unstable; urgency=medium . * New upstream version 1.40.2+dfsg. ublock-origin (1.39.0+dfsg-2) unstable; urgency=medium . * Fix debian/watch to detect new upstream releases. ublock-origin (1.39.0+dfsg-1) unstable; urgency=medium . * New upstream version 1.39.0+dfsg. * Skip the tests. ublock-origin (1.37.0+dfsg-1) unstable; urgency=medium . * New upstream version 1.37.0+dfsg. - Fix CVE-2021-36773: uBlock supported an arbitrary depth of parameter nesting for strict blocking, which allows crafted web sites to cause a denial of service (unbounded recursion that can trigger memory consumption and a loss of all blocking functionality). Thanks to Marcus Frings for the report. (Closes: #991386) * Declare compliance with Debian Policy 4.6.0. ublock-origin (1.37.0+dfsg-1~deb11u1) bullseye; urgency=medium . * Backport to Debian 11 "Bullseye". unrar-nonfree (1:5.6.6-1+deb10u1) buster; urgency=high . * Fix CVE-2022-30333 (Closes: #1010837) vlc (3.0.17.4-0+deb10u1) buster-security; urgency=medium . * New upstream version 3.0.17.4 - Fix remote code execution through crafted playlist (VideoLAN-SB-VLC-3013) - Fix an infinite loop in MP4 - Fix crashes with VP9 streams vlc (3.0.17.3-1) unstable; urgency=medium . * New upstream version 3.0.17.3 * debian/ - Revert "Disable srt until the package is fixed" (Closes: #983109) Thanks to Florian Ernst - Move srt output plugin to vlc-plugin-access-extra vlc (3.0.17-1) unstable; urgency=medium . * New upstream version 3.0.17 - Fix build with ffmpeg 5.0 (Closes: #1004584) * debian/control: - Switch to libidn-dev - Bump BD on libopenmpt-modplug-dev - Bump Standards-Version * debian/copyright: - Add missing text to BSD-2-clause - Update copyright for 3.0.17 * debian/patches: Refresh patches * debian/rules: Set VLC_COMPILE_BY and VLC_COMPILE_HOST (Closes: #990246) * debian/: Update lintian override vlc (3.0.16-1) unstable; urgency=medium . * Upload to unstable * New upstream release vlc (3.0.15-1) experimental; urgency=medium . [ Mateusz Łukasik ] * New upstream release * Remove patches included upstream. vlc (3.0.12-3) unstable; urgency=medium . * debian/patches: Apply upstream patches to prevent process freeze on exit (Closes: #916595) (LP: #1819543) vlc (3.0.12-2) unstable; urgency=medium . * debian/: Disable live555 plugin due to ä981439 vlc (3.0.12-1) unstable; urgency=medium . * New upstream release - mkv: Fix heap-based buffer overflow (CVE-2020-26664) (Closes: #979676) * debian/control: - Switch to libshout-dev - Bump Standards-Version * debian/patches: Refresh patches * debian/vlc-plugins-base.install: Install RIST access plugins waitress (1.2.0~b2-2+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * Security updates to fix request smuggling bugs, when combined with another http proxy that interprets requests differently. This can lead to a potential for HTTP request smuggling/splitting whereby Waitress may see two requests while the front-end server only sees a single HTTP message. This can result in cache poisoning or unexpected information disclosure. The specific issues resolved are: - CVE-2019-16785: Only recognise CRLF as a line-terminator, not a plain LF. Before this change waitress could see two requests where the front-end proxy only saw one. - CVE-2019-16786: Waitress would parse the Transfer-Encoding header and only look for a single string value, if that value was not "chunked" it would fall through and use the Content-Length header instead. This could allow for Waitress to treat a single request as multiple requests in the case of HTTP pipelining. - CVE-2019-16789: Specially crafted requests containing special whitespace characters in the Transfer-Encoding header would get parsed by Waitress as being a chunked request, but a front-end server would use the Content-Length instead as the Transfer-Encoding header is considered invalid due to containing invalid characters. If a front-end server does HTTP pipelining to a backend Waitress server this could lead to HTTP request splitting which may lead to potential cache poisoning or unexpected information disclosure. - CVE-2019-16792: If two Content-Length headers are sent in a single request, Waitress would treat the request as having no body, thereby treating the body of the request as a new request in HTTP pipelining. - CVE-2022-24761: There are two classes of vulnerability that may lead to request smuggling that are addressed by this advisory: + The use of Python's int() to parse strings into integers, leading to +10 to be parsed as 10, or 0x01 to be parsed as 1, where as the standard specifies that the string should contain only digits or hex digits. + Waitress does not support chunk extensions, however it was discarding them without validating that they did not contain illegal characters. (Closes: #1008013) webkit2gtk (2.36.4-1~deb10u1) buster-security; urgency=high . * Rebuild for buster-security. * debian/patches/force-single-process.patch: - Force the single-process mode in Evolution and Geary * debian/control: - Remove all 4.1 API packages (soup3 build). - Remove Breaks for Evolution < 3.34.1. - Remove build dependencies on ccache, libwpebackend-fdo-1.0-dev, libmanette-0.2-dev, liblcms2-dev and libsoup-3.0-dev. - Switch build dependency from libenchant-2-dev to libenchant-dev. - Switch build dependencies on libgl-dev and libgles-dev with libgl1-mesa-dev and libgles2-mesa-dev. * Downgrade xdg-desktop-portal-gtk from a recommendation to a suggestion (See #989307) * debian/rules: - Build with -DENABLE_GAMEPAD=OFF -DUSE_LCMS=OFF. * Set the debhelper compatibility level back to 10. This fixes a dh_dwz error ".debug_info section not present" - Add debian/compat file. - Update build dependency on debhelper. webkit2gtk (2.36.3-1) unstable; urgency=high . * New upstream release. * Use ccache to speed-up the compilation since the majority of the files are identical in both the soup2 and soup3 builds. - debian/control: Add build dependency on ccache. - debian/rules: Set CCACHE_NOHASHDIR and CCACHE_BASEDIR so ccache actually works with different build directories. - debian/rules: Set CCACHE_DIR inside the source directory, otherwise ccache would try to write to the home directory, which is forbidden by the Debian policy. webkit2gtk (2.36.3-1~deb11u1) bullseye-security; urgency=high . * Rebuild for bullseye-security. - This fixes CVE-2022-26700, CVE-2022-26709, CVE-2022-26716, CVE-2022-26717, CVE-2022-26719, CVE-2022-30293 and CVE-2022-30294. * gcc 10 segfaults when building webkit in some architectures (see #1008098) so use clang instead. The exceptions are i386 and mipsel, where gcc works fine but clang is the buggy one (see #1010329). - debian/rules: Tell CMake to use clang. - debian/control: Build depend on clang. * Build libsoup2 packages only. - debian/rules: Set ENABLE_SOUP3=NO. - debian/control: Remove build dependency on libsoup3 and ccache and remove the entries for all 4.1 API packages (soup3 build). webkit2gtk (2.36.3-1~deb10u1) buster-security; urgency=high . * Rebuild for buster-security. - This fixes CVE-2022-26700, CVE-2022-26709, CVE-2022-26716, CVE-2022-26717, CVE-2022-26719, CVE-2022-30293 and CVE-2022-30294. * debian/patches/force-single-process.patch: - Force the single-process mode in Evolution and Geary * debian/control: - Remove all 4.1 API packages (soup3 build). - Remove Breaks for Evolution < 3.34.1. - Remove build dependencies on ccache, libwpebackend-fdo-1.0-dev, libmanette-0.2-dev, liblcms2-dev and libsoup-3.0-dev. - Switch build dependency from libenchant-2-dev to libenchant-dev. - Switch build dependencies on libgl-dev and libgles-dev with libgl1-mesa-dev and libgles2-mesa-dev. * Downgrade xdg-desktop-portal-gtk from a recommendation to a suggestion (See #989307) * debian/rules: - Build with -DENABLE_GAMEPAD=OFF -DUSE_LCMS=OFF. * Set the debhelper compatibility level back to 10. This fixes a dh_dwz error ".debug_info section not present" - Add debian/compat file. - Update build dependency on debhelper. webkit2gtk (2.36.2-1) unstable; urgency=high . [ Alberto Garcia ] * New upstream release. . [ Adrian Bunk ] * debian/rules: lower memory requirements on sh4. webkit2gtk (2.36.1-1) unstable; urgency=medium . [ Alberto Garcia ] * New upstream release. . [ Jeremy Bicha ] * Reduce the number of parallel build jobs on Ubuntu's amd64 webkit2gtk (2.36.0-3) unstable; urgency=medium . * debian/rules: - Build with -Os, -g0 and ggc-min-expand=10 in mips / mipsel in order to lower the memory requirements and revert the changes from 2.36.0-2 (thanks, Adrian Bunk). webkit2gtk (2.36.0-3~deb11u1) bullseye-security; urgency=high . * Rebuild for bullseye-security. - This fixes CVE-2022-22624, CVE-2022-22628 and CVE-2022-22629. * gcc 10 segfaults when building webkit (see #1008098) so use clang instead. - debian/rules: Tell CMake to use clang. - debian/control: Build depend on clang. * Build libsoup2 packages only. - debian/rules: Set ENABLE_SOUP3=NO. - debian/control: Remove build dependency on libsoup3 and remove the entries for all 4.1 API packages (soup3 build). webkit2gtk (2.36.0-3~deb10u1) buster-security; urgency=high . * Rebuild for buster-security. - This fixes CVE-2022-22624, CVE-2022-22628 and CVE-2022-22629. * debian/patches/force-single-process.patch: - Force the single-process mode in Evolution and Geary * debian/patches/support-ruby2.5.patch: - Support building with Ruby 2.5. * debian/control: - Remove all 4.1 API packages (soup3 build). - Remove Breaks for Evolution < 3.34.1. - Remove build dependencies on libwpebackend-fdo-1.0-dev, libmanette-0.2-dev, liblcms2-dev and libsoup-3.0-dev. - Switch build dependency from libenchant-2-dev to libenchant-dev. - Switch build dependencies on libgl-dev and libgles-dev with libgl1-mesa-dev and libgles2-mesa-dev. * Downgrade xdg-desktop-portal-gtk from a recommendation to a suggestion (See #989307) * debian/rules: - Build with -DENABLE_GAMEPAD=OFF -DUSE_LCMS=OFF. * Set the debhelper compatibility level back to 10. This fixes a dh_dwz error ".debug_info section not present" - Add debian/compat file. - Update build dependency on debhelper. webkit2gtk (2.36.0-2) unstable; urgency=medium . * debian/rules: - Disable unified builds in Debian/mipsel and reduce the number of parallel jobs in order to prevent running out of memory. * debian/control: - Clarify in package descriptions that 4.0 and 4.1 packages use different versions of libsoup and that the documentation package is equally valid for both. webkit2gtk (2.36.0-1) unstable; urgency=medium . * New upstream release. * Refresh all patches. * debian/rules: + Build with CMAKE_BUILD_WITH_INSTALL_RPATH=ON, otherwise builds are not reproducible if they happen in different directories. * Bring all changes from the 2.35 (experimental) branch. * debian/control: + Make libjavascriptcoregtk-4.0-dev depend on libglib2.0-dev. * debian/source/lintian-overrides: + Update source-is-missing overrides. * debian/libwebkit2gtk-4.0-37.symbols: + Update symbols. * debian/copyright: + Update copyright information of all files. * debian/gbp.conf: + Update upstream branch name. * debian/rules: + USE_SYSTEMD was renamed to ENABLE_JOURNALD_LOG. * debian/control: + Remove all Conflicts: lines, they are obsolete. + Make libjavascriptcoregtk-4.0-dev depend on libglib2.0-dev. + Simplify descriptions and remove references to the WebKit2 API layer. * Build the 4.1 API version of the packages. These use libsoup 3 instead of libsoup 2 but are otherwise identical to the 4.0 API packages. + debian/control: - Add build dependency on libsoup-3.0-dev. - Add entries for the new packages. The 4.1 versions of the WebDriver, JSC command-line interpreter and documentation are currently not being generated. + debian/rules: - Add commands to build both sets of packages. + debian/libwebkit2gtk-4.0-37.install: - Update path of locale files to select only the exact API version. + debian/not-installed: - Don't install the 4.1 build of the JSC command-line interpreter. webkit2gtk (2.35.90-1) experimental; urgency=medium . * New upstream development release. * Refresh all patches. * debian/source/lintian-overrides: + Update source-is-missing overrides. * debian/rules: + USE_SYSTEMD was renamed to ENABLE_JOURNALD_LOG. * debian/control: + Remove all Conflicts: lines, they are obsolete. + Make libjavascriptcoregtk-4.0-dev depend on libglib2.0-dev. + Simplify descriptions and remove references to the WebKit2 API layer. * Build the 4.1 API version of the packages. These use libsoup 3 instead of libsoup 2 but are otherwise identical to the 4.0 API packages. + debian/control: - Add build dependency on libsoup-3.0-dev and libsysprof-4-dev (the latter should be pulled by libsoup). - Add entries for the new packages. The 4.1 versions of the WebDriver, JSC command-line interpreter and documentation are currently not being generated. + debian/rules: - Add commands to build both sets of packages. + debian/libwebkit2gtk-4.0-37.install: - Update path of locale files to select only the exact API version. + debian/not-installed: - Don't install the 4.1 build of the JSC command-line interpreter. webkit2gtk (2.35.3-1) experimental; urgency=medium . * New upstream development release. * Refresh all patches. webkit2gtk (2.35.2-1) experimental; urgency=medium . * New upstream development release. * debian/copyright: + Update copyright information of all files. * Set the debhelper compatibility level to 12: + Get rid of debian/compat. + Add build dependency on debhelper-compat. * debian/rules: + Stop using --builddirectory=build, .gir files no longer seem to contain references to the build directory (see the 2.27.90-1 entry for more details). + Explicitly disable lto since when it's on the build is failing, that doesn't impact Debian by default but is an issue on Ubuntu. (See #1000598) + Don't recommend xdg-desktop-portal-gtk on Ubuntu i386, it's a partial architecture and the binary doesn't exist (See #1000599). * Refresh all patches. * debian/source/lintian-overrides: + Update source-is-missing overrides. webkit2gtk (2.35.1-1) experimental; urgency=medium . * New upstream development release. * debian/watch, debian/gbp.conf: + Update for 2.35.x packages in experimental. * Refresh all patches. * debian/libwebkit2gtk-4.0-37.symbols: + Update symbols. webkit2gtk (2.34.6-1) unstable; urgency=high . [ Alberto Garcia ] * New upstream release. + Fixes CVE-2022-22620. . [ Jeremy Bicha ] * debian/rules: + Reduce the number of parallel build jobs on Ubuntu's arm64. webkit2gtk (2.34.6-1~deb11u1) bullseye-security; urgency=high . * Rebuild for bullseye-security. wireshark (2.6.20-0+deb10u4) buster; urgency=medium . * Non-maintainer upload. * Fix the following CVE: * CVE-2021-4181: Crash in the Sysdig Event dissector. * CVE-2021-4184: Infinite loop in the BitTorrent DHT dissector. * CVE-2021-4185: Infinite loop in the RTMPT dissector. * CVE-2021-22191: Improper URL handling in Wireshark. * CVE-2022-0581: Crash in the CMS protocol dissector. * CVE-2022-0582: Unaligned access in the CSN.1 protocol dissector. * CVE-2022-0583: Crash in the PVFS protocol dissector. * CVE-2022-0585: Large loops in multiple protocol dissectors. * CVE-2022-0586: Infinite loop in RTMPT protocol dissector. xz-utils (5.2.4-1+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * xzgrep: Fix escaping of malicious filenames (ZDI-CAN-16587) (CVE-2022-1271) (Closes: #1009167) zlib (1:1.2.11.dfsg-1+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * Fix a bug that can crash deflate on some input when using Z_FIXED (CVE-2018-25032) (Closes: #1008265) ======================================== Sat, 26 Mar 2022 - Debian 10.12 released ======================================== ========================================================================= [Date: Sat, 26 Mar 2022 10:53:33 -0000] [ftpmaster: Archive Administrator] Removed the following packages from oldstable: linux-headers-4.19.0-17-all-amd64 | 4.19.194-3 | amd64 linux-headers-4.19.0-17-amd64 | 4.19.194-3 | amd64 linux-headers-4.19.0-17-cloud-amd64 | 4.19.194-3 | amd64 linux-headers-4.19.0-17-rt-amd64 | 4.19.194-3 | amd64 linux-headers-4.19.0-19-all-amd64 | 4.19.232-1 | amd64 linux-headers-4.19.0-19-amd64 | 4.19.232-1 | amd64 linux-headers-4.19.0-19-cloud-amd64 | 4.19.232-1 | amd64 linux-headers-4.19.0-19-rt-amd64 | 4.19.232-1 | amd64 linux-image-4.19.0-17-amd64-dbg | 4.19.194-3 | amd64 linux-image-4.19.0-17-amd64-unsigned | 4.19.194-3 | amd64 linux-image-4.19.0-17-cloud-amd64-dbg | 4.19.194-3 | amd64 linux-image-4.19.0-17-cloud-amd64-unsigned | 4.19.194-3 | amd64 linux-image-4.19.0-17-rt-amd64-dbg | 4.19.194-3 | amd64 linux-image-4.19.0-17-rt-amd64-unsigned | 4.19.194-3 | amd64 linux-image-4.19.0-19-amd64-dbg | 4.19.232-1 | amd64 linux-image-4.19.0-19-amd64-unsigned | 4.19.232-1 | amd64 linux-image-4.19.0-19-cloud-amd64-dbg | 4.19.232-1 | amd64 linux-image-4.19.0-19-cloud-amd64-unsigned | 4.19.232-1 | amd64 linux-image-4.19.0-19-rt-amd64-dbg | 4.19.232-1 | amd64 linux-image-4.19.0-19-rt-amd64-unsigned | 4.19.232-1 | amd64 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 26 Mar 2022 10:53:43 -0000] [ftpmaster: Archive Administrator] Removed the following packages from oldstable: affs-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel affs-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel ata-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel ata-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel btrfs-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel btrfs-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel cdrom-core-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel cdrom-core-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel compress-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel compress-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel crc-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel crc-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel crypto-dm-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel crypto-dm-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel crypto-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel crypto-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel event-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel event-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel ext4-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel ext4-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel fat-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel fat-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel fb-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel fb-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel firewire-core-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel firewire-core-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel fuse-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel fuse-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel hfs-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel hfs-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel input-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel input-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel isofs-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel isofs-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel jfs-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel jfs-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel kernel-image-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel kernel-image-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel linux-headers-4.19.0-17-loongson-3 | 4.19.194-3 | mips64el, mipsel linux-headers-4.19.0-19-loongson-3 | 4.19.232-1 | mips64el, mipsel linux-image-4.19.0-17-loongson-3 | 4.19.194-3 | mips64el, mipsel linux-image-4.19.0-17-loongson-3-dbg | 4.19.194-3 | mips64el, mipsel linux-image-4.19.0-19-loongson-3 | 4.19.232-1 | mips64el, mipsel linux-image-4.19.0-19-loongson-3-dbg | 4.19.232-1 | mips64el, mipsel loop-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel loop-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel md-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel md-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel minix-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel minix-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel mtd-core-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel mtd-core-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel multipath-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel multipath-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel nbd-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel nbd-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel nfs-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel nfs-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel nic-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel nic-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel nic-shared-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel nic-shared-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel nic-usb-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel nic-usb-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel nic-wireless-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel nic-wireless-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel pata-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel pata-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel ppp-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel ppp-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel sata-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel sata-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel scsi-core-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel scsi-core-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel scsi-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel scsi-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel scsi-nic-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel scsi-nic-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel sound-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel sound-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel speakup-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel speakup-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel squashfs-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel squashfs-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel udf-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel udf-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel usb-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel usb-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel usb-serial-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel usb-serial-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel usb-storage-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel usb-storage-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel xfs-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel xfs-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel zlib-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel zlib-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 26 Mar 2022 10:53:51 -0000] [ftpmaster: Archive Administrator] Removed the following packages from oldstable: linux-headers-4.19.0-17-all-mipsel | 4.19.194-3 | mipsel linux-headers-4.19.0-19-all-mipsel | 4.19.232-1 | mipsel ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 26 Mar 2022 10:54:00 -0000] [ftpmaster: Archive Administrator] Removed the following packages from oldstable: ata-modules-4.19.0-17-powerpc64le-di | 4.19.194-3 | ppc64el ata-modules-4.19.0-19-powerpc64le-di | 4.19.232-1 | ppc64el btrfs-modules-4.19.0-17-powerpc64le-di | 4.19.194-3 | ppc64el btrfs-modules-4.19.0-19-powerpc64le-di | 4.19.232-1 | ppc64el cdrom-core-modules-4.19.0-17-powerpc64le-di | 4.19.194-3 | ppc64el cdrom-core-modules-4.19.0-19-powerpc64le-di | 4.19.232-1 | ppc64el compress-modules-4.19.0-17-powerpc64le-di | 4.19.194-3 | ppc64el compress-modules-4.19.0-19-powerpc64le-di | 4.19.232-1 | ppc64el crc-modules-4.19.0-17-powerpc64le-di | 4.19.194-3 | ppc64el crc-modules-4.19.0-19-powerpc64le-di | 4.19.232-1 | ppc64el crypto-dm-modules-4.19.0-17-powerpc64le-di | 4.19.194-3 | ppc64el crypto-dm-modules-4.19.0-19-powerpc64le-di | 4.19.232-1 | ppc64el crypto-modules-4.19.0-17-powerpc64le-di | 4.19.194-3 | ppc64el crypto-modules-4.19.0-19-powerpc64le-di | 4.19.232-1 | ppc64el event-modules-4.19.0-17-powerpc64le-di | 4.19.194-3 | ppc64el event-modules-4.19.0-19-powerpc64le-di | 4.19.232-1 | ppc64el ext4-modules-4.19.0-17-powerpc64le-di | 4.19.194-3 | ppc64el ext4-modules-4.19.0-19-powerpc64le-di | 4.19.232-1 | ppc64el fancontrol-modules-4.19.0-17-powerpc64le-di | 4.19.194-3 | ppc64el fancontrol-modules-4.19.0-19-powerpc64le-di | 4.19.232-1 | ppc64el fat-modules-4.19.0-17-powerpc64le-di | 4.19.194-3 | ppc64el fat-modules-4.19.0-19-powerpc64le-di | 4.19.232-1 | ppc64el fb-modules-4.19.0-17-powerpc64le-di | 4.19.194-3 | ppc64el fb-modules-4.19.0-19-powerpc64le-di | 4.19.232-1 | ppc64el firewire-core-modules-4.19.0-17-powerpc64le-di | 4.19.194-3 | ppc64el firewire-core-modules-4.19.0-19-powerpc64le-di | 4.19.232-1 | ppc64el fuse-modules-4.19.0-17-powerpc64le-di | 4.19.194-3 | ppc64el fuse-modules-4.19.0-19-powerpc64le-di | 4.19.232-1 | ppc64el hypervisor-modules-4.19.0-17-powerpc64le-di | 4.19.194-3 | ppc64el hypervisor-modules-4.19.0-19-powerpc64le-di | 4.19.232-1 | ppc64el i2c-modules-4.19.0-17-powerpc64le-di | 4.19.194-3 | ppc64el i2c-modules-4.19.0-19-powerpc64le-di | 4.19.232-1 | ppc64el input-modules-4.19.0-17-powerpc64le-di | 4.19.194-3 | ppc64el input-modules-4.19.0-19-powerpc64le-di | 4.19.232-1 | ppc64el isofs-modules-4.19.0-17-powerpc64le-di | 4.19.194-3 | ppc64el isofs-modules-4.19.0-19-powerpc64le-di | 4.19.232-1 | ppc64el jfs-modules-4.19.0-17-powerpc64le-di | 4.19.194-3 | ppc64el jfs-modules-4.19.0-19-powerpc64le-di | 4.19.232-1 | ppc64el kernel-image-4.19.0-17-powerpc64le-di | 4.19.194-3 | ppc64el kernel-image-4.19.0-19-powerpc64le-di | 4.19.232-1 | ppc64el linux-headers-4.19.0-17-all-ppc64el | 4.19.194-3 | ppc64el linux-headers-4.19.0-17-powerpc64le | 4.19.194-3 | ppc64el linux-headers-4.19.0-19-all-ppc64el | 4.19.232-1 | ppc64el linux-headers-4.19.0-19-powerpc64le | 4.19.232-1 | ppc64el linux-image-4.19.0-17-powerpc64le | 4.19.194-3 | ppc64el linux-image-4.19.0-17-powerpc64le-dbg | 4.19.194-3 | ppc64el linux-image-4.19.0-19-powerpc64le | 4.19.232-1 | ppc64el linux-image-4.19.0-19-powerpc64le-dbg | 4.19.232-1 | ppc64el loop-modules-4.19.0-17-powerpc64le-di | 4.19.194-3 | ppc64el loop-modules-4.19.0-19-powerpc64le-di | 4.19.232-1 | ppc64el md-modules-4.19.0-17-powerpc64le-di | 4.19.194-3 | ppc64el md-modules-4.19.0-19-powerpc64le-di | 4.19.232-1 | ppc64el mouse-modules-4.19.0-17-powerpc64le-di | 4.19.194-3 | ppc64el mouse-modules-4.19.0-19-powerpc64le-di | 4.19.232-1 | ppc64el mtd-core-modules-4.19.0-17-powerpc64le-di | 4.19.194-3 | ppc64el mtd-core-modules-4.19.0-19-powerpc64le-di | 4.19.232-1 | ppc64el multipath-modules-4.19.0-17-powerpc64le-di | 4.19.194-3 | ppc64el multipath-modules-4.19.0-19-powerpc64le-di | 4.19.232-1 | ppc64el nbd-modules-4.19.0-17-powerpc64le-di | 4.19.194-3 | ppc64el nbd-modules-4.19.0-19-powerpc64le-di | 4.19.232-1 | ppc64el nic-modules-4.19.0-17-powerpc64le-di | 4.19.194-3 | ppc64el nic-modules-4.19.0-19-powerpc64le-di | 4.19.232-1 | ppc64el nic-shared-modules-4.19.0-17-powerpc64le-di | 4.19.194-3 | ppc64el nic-shared-modules-4.19.0-19-powerpc64le-di | 4.19.232-1 | ppc64el nic-usb-modules-4.19.0-17-powerpc64le-di | 4.19.194-3 | ppc64el nic-usb-modules-4.19.0-19-powerpc64le-di | 4.19.232-1 | ppc64el nic-wireless-modules-4.19.0-17-powerpc64le-di | 4.19.194-3 | ppc64el nic-wireless-modules-4.19.0-19-powerpc64le-di | 4.19.232-1 | ppc64el ppp-modules-4.19.0-17-powerpc64le-di | 4.19.194-3 | ppc64el ppp-modules-4.19.0-19-powerpc64le-di | 4.19.232-1 | ppc64el sata-modules-4.19.0-17-powerpc64le-di | 4.19.194-3 | ppc64el sata-modules-4.19.0-19-powerpc64le-di | 4.19.232-1 | ppc64el scsi-core-modules-4.19.0-17-powerpc64le-di | 4.19.194-3 | ppc64el scsi-core-modules-4.19.0-19-powerpc64le-di | 4.19.232-1 | ppc64el scsi-modules-4.19.0-17-powerpc64le-di | 4.19.194-3 | ppc64el scsi-modules-4.19.0-19-powerpc64le-di | 4.19.232-1 | ppc64el scsi-nic-modules-4.19.0-17-powerpc64le-di | 4.19.194-3 | ppc64el scsi-nic-modules-4.19.0-19-powerpc64le-di | 4.19.232-1 | ppc64el serial-modules-4.19.0-17-powerpc64le-di | 4.19.194-3 | ppc64el serial-modules-4.19.0-19-powerpc64le-di | 4.19.232-1 | ppc64el squashfs-modules-4.19.0-17-powerpc64le-di | 4.19.194-3 | ppc64el squashfs-modules-4.19.0-19-powerpc64le-di | 4.19.232-1 | ppc64el udf-modules-4.19.0-17-powerpc64le-di | 4.19.194-3 | ppc64el udf-modules-4.19.0-19-powerpc64le-di | 4.19.232-1 | ppc64el uinput-modules-4.19.0-17-powerpc64le-di | 4.19.194-3 | ppc64el uinput-modules-4.19.0-19-powerpc64le-di | 4.19.232-1 | ppc64el usb-modules-4.19.0-17-powerpc64le-di | 4.19.194-3 | ppc64el usb-modules-4.19.0-19-powerpc64le-di | 4.19.232-1 | ppc64el usb-serial-modules-4.19.0-17-powerpc64le-di | 4.19.194-3 | ppc64el usb-serial-modules-4.19.0-19-powerpc64le-di | 4.19.232-1 | ppc64el usb-storage-modules-4.19.0-17-powerpc64le-di | 4.19.194-3 | ppc64el usb-storage-modules-4.19.0-19-powerpc64le-di | 4.19.232-1 | ppc64el xfs-modules-4.19.0-17-powerpc64le-di | 4.19.194-3 | ppc64el xfs-modules-4.19.0-19-powerpc64le-di | 4.19.232-1 | ppc64el ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 26 Mar 2022 10:54:08 -0000] [ftpmaster: Archive Administrator] Removed the following packages from oldstable: btrfs-modules-4.19.0-17-s390x-di | 4.19.194-3 | s390x btrfs-modules-4.19.0-19-s390x-di | 4.19.232-1 | s390x cdrom-core-modules-4.19.0-17-s390x-di | 4.19.194-3 | s390x cdrom-core-modules-4.19.0-19-s390x-di | 4.19.232-1 | s390x compress-modules-4.19.0-17-s390x-di | 4.19.194-3 | s390x compress-modules-4.19.0-19-s390x-di | 4.19.232-1 | s390x crc-modules-4.19.0-17-s390x-di | 4.19.194-3 | s390x crc-modules-4.19.0-19-s390x-di | 4.19.232-1 | s390x crypto-dm-modules-4.19.0-17-s390x-di | 4.19.194-3 | s390x crypto-dm-modules-4.19.0-19-s390x-di | 4.19.232-1 | s390x crypto-modules-4.19.0-17-s390x-di | 4.19.194-3 | s390x crypto-modules-4.19.0-19-s390x-di | 4.19.232-1 | s390x dasd-extra-modules-4.19.0-17-s390x-di | 4.19.194-3 | s390x dasd-extra-modules-4.19.0-19-s390x-di | 4.19.232-1 | s390x dasd-modules-4.19.0-17-s390x-di | 4.19.194-3 | s390x dasd-modules-4.19.0-19-s390x-di | 4.19.232-1 | s390x ext4-modules-4.19.0-17-s390x-di | 4.19.194-3 | s390x ext4-modules-4.19.0-19-s390x-di | 4.19.232-1 | s390x fat-modules-4.19.0-17-s390x-di | 4.19.194-3 | s390x fat-modules-4.19.0-19-s390x-di | 4.19.232-1 | s390x fuse-modules-4.19.0-17-s390x-di | 4.19.194-3 | s390x fuse-modules-4.19.0-19-s390x-di | 4.19.232-1 | s390x isofs-modules-4.19.0-17-s390x-di | 4.19.194-3 | s390x isofs-modules-4.19.0-19-s390x-di | 4.19.232-1 | s390x kernel-image-4.19.0-17-s390x-di | 4.19.194-3 | s390x kernel-image-4.19.0-19-s390x-di | 4.19.232-1 | s390x linux-headers-4.19.0-17-all-s390x | 4.19.194-3 | s390x linux-headers-4.19.0-17-s390x | 4.19.194-3 | s390x linux-headers-4.19.0-19-all-s390x | 4.19.232-1 | s390x linux-headers-4.19.0-19-s390x | 4.19.232-1 | s390x linux-image-4.19.0-17-s390x | 4.19.194-3 | s390x linux-image-4.19.0-17-s390x-dbg | 4.19.194-3 | s390x linux-image-4.19.0-19-s390x | 4.19.232-1 | s390x linux-image-4.19.0-19-s390x-dbg | 4.19.232-1 | s390x loop-modules-4.19.0-17-s390x-di | 4.19.194-3 | s390x loop-modules-4.19.0-19-s390x-di | 4.19.232-1 | s390x md-modules-4.19.0-17-s390x-di | 4.19.194-3 | s390x md-modules-4.19.0-19-s390x-di | 4.19.232-1 | s390x mtd-core-modules-4.19.0-17-s390x-di | 4.19.194-3 | s390x mtd-core-modules-4.19.0-19-s390x-di | 4.19.232-1 | s390x multipath-modules-4.19.0-17-s390x-di | 4.19.194-3 | s390x multipath-modules-4.19.0-19-s390x-di | 4.19.232-1 | s390x nbd-modules-4.19.0-17-s390x-di | 4.19.194-3 | s390x nbd-modules-4.19.0-19-s390x-di | 4.19.232-1 | s390x nic-modules-4.19.0-17-s390x-di | 4.19.194-3 | s390x nic-modules-4.19.0-19-s390x-di | 4.19.232-1 | s390x scsi-core-modules-4.19.0-17-s390x-di | 4.19.194-3 | s390x scsi-core-modules-4.19.0-19-s390x-di | 4.19.232-1 | s390x scsi-modules-4.19.0-17-s390x-di | 4.19.194-3 | s390x scsi-modules-4.19.0-19-s390x-di | 4.19.232-1 | s390x udf-modules-4.19.0-17-s390x-di | 4.19.194-3 | s390x udf-modules-4.19.0-19-s390x-di | 4.19.232-1 | s390x xfs-modules-4.19.0-17-s390x-di | 4.19.194-3 | s390x xfs-modules-4.19.0-19-s390x-di | 4.19.232-1 | s390x zlib-modules-4.19.0-17-s390x-di | 4.19.194-3 | s390x zlib-modules-4.19.0-19-s390x-di | 4.19.232-1 | s390x ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 26 Mar 2022 10:54:27 -0000] [ftpmaster: Archive Administrator] Removed the following packages from oldstable: linux-headers-4.19.0-17-all | 4.19.194-3 | amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x linux-headers-4.19.0-19-all | 4.19.232-1 | amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 26 Mar 2022 10:54:34 -0000] [ftpmaster: Archive Administrator] Removed the following packages from oldstable: linux-headers-4.19.0-17-all-arm64 | 4.19.194-3 | arm64 linux-headers-4.19.0-17-arm64 | 4.19.194-3 | arm64 linux-headers-4.19.0-17-rt-arm64 | 4.19.194-3 | arm64 linux-headers-4.19.0-19-all-arm64 | 4.19.232-1 | arm64 linux-headers-4.19.0-19-arm64 | 4.19.232-1 | arm64 linux-headers-4.19.0-19-rt-arm64 | 4.19.232-1 | arm64 linux-image-4.19.0-17-arm64-dbg | 4.19.194-3 | arm64 linux-image-4.19.0-17-arm64-unsigned | 4.19.194-3 | arm64 linux-image-4.19.0-17-rt-arm64-dbg | 4.19.194-3 | arm64 linux-image-4.19.0-17-rt-arm64-unsigned | 4.19.194-3 | arm64 linux-image-4.19.0-19-arm64-dbg | 4.19.232-1 | arm64 linux-image-4.19.0-19-arm64-unsigned | 4.19.232-1 | arm64 linux-image-4.19.0-19-rt-arm64-dbg | 4.19.232-1 | arm64 linux-image-4.19.0-19-rt-arm64-unsigned | 4.19.232-1 | arm64 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 26 Mar 2022 10:54:44 -0000] [ftpmaster: Archive Administrator] Removed the following packages from oldstable: btrfs-modules-4.19.0-17-marvell-di | 4.19.194-3 | armel btrfs-modules-4.19.0-19-marvell-di | 4.19.232-1 | armel cdrom-core-modules-4.19.0-17-marvell-di | 4.19.194-3 | armel cdrom-core-modules-4.19.0-19-marvell-di | 4.19.232-1 | armel compress-modules-4.19.0-17-marvell-di | 4.19.194-3 | armel compress-modules-4.19.0-19-marvell-di | 4.19.232-1 | armel crc-modules-4.19.0-17-marvell-di | 4.19.194-3 | armel crc-modules-4.19.0-19-marvell-di | 4.19.232-1 | armel crypto-dm-modules-4.19.0-17-marvell-di | 4.19.194-3 | armel crypto-dm-modules-4.19.0-19-marvell-di | 4.19.232-1 | armel crypto-modules-4.19.0-17-marvell-di | 4.19.194-3 | armel crypto-modules-4.19.0-19-marvell-di | 4.19.232-1 | armel event-modules-4.19.0-17-marvell-di | 4.19.194-3 | armel event-modules-4.19.0-19-marvell-di | 4.19.232-1 | armel ext4-modules-4.19.0-17-marvell-di | 4.19.194-3 | armel ext4-modules-4.19.0-19-marvell-di | 4.19.232-1 | armel fat-modules-4.19.0-17-marvell-di | 4.19.194-3 | armel fat-modules-4.19.0-19-marvell-di | 4.19.232-1 | armel fb-modules-4.19.0-17-marvell-di | 4.19.194-3 | armel fb-modules-4.19.0-19-marvell-di | 4.19.232-1 | armel fuse-modules-4.19.0-17-marvell-di | 4.19.194-3 | armel fuse-modules-4.19.0-19-marvell-di | 4.19.232-1 | armel input-modules-4.19.0-17-marvell-di | 4.19.194-3 | armel input-modules-4.19.0-19-marvell-di | 4.19.232-1 | armel ipv6-modules-4.19.0-17-marvell-di | 4.19.194-3 | armel ipv6-modules-4.19.0-19-marvell-di | 4.19.232-1 | armel isofs-modules-4.19.0-17-marvell-di | 4.19.194-3 | armel isofs-modules-4.19.0-19-marvell-di | 4.19.232-1 | armel jffs2-modules-4.19.0-17-marvell-di | 4.19.194-3 | armel jffs2-modules-4.19.0-19-marvell-di | 4.19.232-1 | armel jfs-modules-4.19.0-17-marvell-di | 4.19.194-3 | armel jfs-modules-4.19.0-19-marvell-di | 4.19.232-1 | armel kernel-image-4.19.0-17-marvell-di | 4.19.194-3 | armel kernel-image-4.19.0-19-marvell-di | 4.19.232-1 | armel leds-modules-4.19.0-17-marvell-di | 4.19.194-3 | armel leds-modules-4.19.0-19-marvell-di | 4.19.232-1 | armel linux-headers-4.19.0-17-all-armel | 4.19.194-3 | armel linux-headers-4.19.0-17-marvell | 4.19.194-3 | armel linux-headers-4.19.0-17-rpi | 4.19.194-3 | armel linux-headers-4.19.0-19-all-armel | 4.19.232-1 | armel linux-headers-4.19.0-19-marvell | 4.19.232-1 | armel linux-headers-4.19.0-19-rpi | 4.19.232-1 | armel linux-image-4.19.0-17-marvell | 4.19.194-3 | armel linux-image-4.19.0-17-marvell-dbg | 4.19.194-3 | armel linux-image-4.19.0-17-rpi | 4.19.194-3 | armel linux-image-4.19.0-17-rpi-dbg | 4.19.194-3 | armel linux-image-4.19.0-19-marvell | 4.19.232-1 | armel linux-image-4.19.0-19-marvell-dbg | 4.19.232-1 | armel linux-image-4.19.0-19-rpi | 4.19.232-1 | armel linux-image-4.19.0-19-rpi-dbg | 4.19.232-1 | armel loop-modules-4.19.0-17-marvell-di | 4.19.194-3 | armel loop-modules-4.19.0-19-marvell-di | 4.19.232-1 | armel md-modules-4.19.0-17-marvell-di | 4.19.194-3 | armel md-modules-4.19.0-19-marvell-di | 4.19.232-1 | armel minix-modules-4.19.0-17-marvell-di | 4.19.194-3 | armel minix-modules-4.19.0-19-marvell-di | 4.19.232-1 | armel mmc-core-modules-4.19.0-17-marvell-di | 4.19.194-3 | armel mmc-core-modules-4.19.0-19-marvell-di | 4.19.232-1 | armel mmc-modules-4.19.0-17-marvell-di | 4.19.194-3 | armel mmc-modules-4.19.0-19-marvell-di | 4.19.232-1 | armel mouse-modules-4.19.0-17-marvell-di | 4.19.194-3 | armel mouse-modules-4.19.0-19-marvell-di | 4.19.232-1 | armel mtd-core-modules-4.19.0-17-marvell-di | 4.19.194-3 | armel mtd-core-modules-4.19.0-19-marvell-di | 4.19.232-1 | armel mtd-modules-4.19.0-17-marvell-di | 4.19.194-3 | armel mtd-modules-4.19.0-19-marvell-di | 4.19.232-1 | armel multipath-modules-4.19.0-17-marvell-di | 4.19.194-3 | armel multipath-modules-4.19.0-19-marvell-di | 4.19.232-1 | armel nbd-modules-4.19.0-17-marvell-di | 4.19.194-3 | armel nbd-modules-4.19.0-19-marvell-di | 4.19.232-1 | armel nic-modules-4.19.0-17-marvell-di | 4.19.194-3 | armel nic-modules-4.19.0-19-marvell-di | 4.19.232-1 | armel nic-shared-modules-4.19.0-17-marvell-di | 4.19.194-3 | armel nic-shared-modules-4.19.0-19-marvell-di | 4.19.232-1 | armel nic-usb-modules-4.19.0-17-marvell-di | 4.19.194-3 | armel nic-usb-modules-4.19.0-19-marvell-di | 4.19.232-1 | armel ppp-modules-4.19.0-17-marvell-di | 4.19.194-3 | armel ppp-modules-4.19.0-19-marvell-di | 4.19.232-1 | armel sata-modules-4.19.0-17-marvell-di | 4.19.194-3 | armel sata-modules-4.19.0-19-marvell-di | 4.19.232-1 | armel scsi-core-modules-4.19.0-17-marvell-di | 4.19.194-3 | armel scsi-core-modules-4.19.0-19-marvell-di | 4.19.232-1 | armel squashfs-modules-4.19.0-17-marvell-di | 4.19.194-3 | armel squashfs-modules-4.19.0-19-marvell-di | 4.19.232-1 | armel udf-modules-4.19.0-17-marvell-di | 4.19.194-3 | armel udf-modules-4.19.0-19-marvell-di | 4.19.232-1 | armel uinput-modules-4.19.0-17-marvell-di | 4.19.194-3 | armel uinput-modules-4.19.0-19-marvell-di | 4.19.232-1 | armel usb-modules-4.19.0-17-marvell-di | 4.19.194-3 | armel usb-modules-4.19.0-19-marvell-di | 4.19.232-1 | armel usb-serial-modules-4.19.0-17-marvell-di | 4.19.194-3 | armel usb-serial-modules-4.19.0-19-marvell-di | 4.19.232-1 | armel usb-storage-modules-4.19.0-17-marvell-di | 4.19.194-3 | armel usb-storage-modules-4.19.0-19-marvell-di | 4.19.232-1 | armel zlib-modules-4.19.0-17-marvell-di | 4.19.194-3 | armel zlib-modules-4.19.0-19-marvell-di | 4.19.232-1 | armel ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 26 Mar 2022 10:54:55 -0000] [ftpmaster: Archive Administrator] Removed the following packages from oldstable: ata-modules-4.19.0-17-armmp-di | 4.19.194-3 | armhf ata-modules-4.19.0-19-armmp-di | 4.19.232-1 | armhf btrfs-modules-4.19.0-17-armmp-di | 4.19.194-3 | armhf btrfs-modules-4.19.0-19-armmp-di | 4.19.232-1 | armhf cdrom-core-modules-4.19.0-17-armmp-di | 4.19.194-3 | armhf cdrom-core-modules-4.19.0-19-armmp-di | 4.19.232-1 | armhf compress-modules-4.19.0-17-armmp-di | 4.19.194-3 | armhf compress-modules-4.19.0-19-armmp-di | 4.19.232-1 | armhf crc-modules-4.19.0-17-armmp-di | 4.19.194-3 | armhf crc-modules-4.19.0-19-armmp-di | 4.19.232-1 | armhf crypto-dm-modules-4.19.0-17-armmp-di | 4.19.194-3 | armhf crypto-dm-modules-4.19.0-19-armmp-di | 4.19.232-1 | armhf crypto-modules-4.19.0-17-armmp-di | 4.19.194-3 | armhf crypto-modules-4.19.0-19-armmp-di | 4.19.232-1 | armhf efi-modules-4.19.0-17-armmp-di | 4.19.194-3 | armhf efi-modules-4.19.0-19-armmp-di | 4.19.232-1 | armhf event-modules-4.19.0-17-armmp-di | 4.19.194-3 | armhf event-modules-4.19.0-19-armmp-di | 4.19.232-1 | armhf ext4-modules-4.19.0-17-armmp-di | 4.19.194-3 | armhf ext4-modules-4.19.0-19-armmp-di | 4.19.232-1 | armhf fat-modules-4.19.0-17-armmp-di | 4.19.194-3 | armhf fat-modules-4.19.0-19-armmp-di | 4.19.232-1 | armhf fb-modules-4.19.0-17-armmp-di | 4.19.194-3 | armhf fb-modules-4.19.0-19-armmp-di | 4.19.232-1 | armhf fuse-modules-4.19.0-17-armmp-di | 4.19.194-3 | armhf fuse-modules-4.19.0-19-armmp-di | 4.19.232-1 | armhf i2c-modules-4.19.0-17-armmp-di | 4.19.194-3 | armhf i2c-modules-4.19.0-19-armmp-di | 4.19.232-1 | armhf input-modules-4.19.0-17-armmp-di | 4.19.194-3 | armhf input-modules-4.19.0-19-armmp-di | 4.19.232-1 | armhf isofs-modules-4.19.0-17-armmp-di | 4.19.194-3 | armhf isofs-modules-4.19.0-19-armmp-di | 4.19.232-1 | armhf jfs-modules-4.19.0-17-armmp-di | 4.19.194-3 | armhf jfs-modules-4.19.0-19-armmp-di | 4.19.232-1 | armhf kernel-image-4.19.0-17-armmp-di | 4.19.194-3 | armhf kernel-image-4.19.0-19-armmp-di | 4.19.232-1 | armhf leds-modules-4.19.0-17-armmp-di | 4.19.194-3 | armhf leds-modules-4.19.0-19-armmp-di | 4.19.232-1 | armhf linux-headers-4.19.0-17-all-armhf | 4.19.194-3 | armhf linux-headers-4.19.0-17-armmp | 4.19.194-3 | armhf linux-headers-4.19.0-17-armmp-lpae | 4.19.194-3 | armhf linux-headers-4.19.0-17-rt-armmp | 4.19.194-3 | armhf linux-headers-4.19.0-19-all-armhf | 4.19.232-1 | armhf linux-headers-4.19.0-19-armmp | 4.19.232-1 | armhf linux-headers-4.19.0-19-armmp-lpae | 4.19.232-1 | armhf linux-headers-4.19.0-19-rt-armmp | 4.19.232-1 | armhf linux-image-4.19.0-17-armmp | 4.19.194-3 | armhf linux-image-4.19.0-17-armmp-dbg | 4.19.194-3 | armhf linux-image-4.19.0-17-armmp-lpae | 4.19.194-3 | armhf linux-image-4.19.0-17-armmp-lpae-dbg | 4.19.194-3 | armhf linux-image-4.19.0-17-rt-armmp | 4.19.194-3 | armhf linux-image-4.19.0-17-rt-armmp-dbg | 4.19.194-3 | armhf linux-image-4.19.0-19-armmp | 4.19.232-1 | armhf linux-image-4.19.0-19-armmp-dbg | 4.19.232-1 | armhf linux-image-4.19.0-19-armmp-lpae | 4.19.232-1 | armhf linux-image-4.19.0-19-armmp-lpae-dbg | 4.19.232-1 | armhf linux-image-4.19.0-19-rt-armmp | 4.19.232-1 | armhf linux-image-4.19.0-19-rt-armmp-dbg | 4.19.232-1 | armhf loop-modules-4.19.0-17-armmp-di | 4.19.194-3 | armhf loop-modules-4.19.0-19-armmp-di | 4.19.232-1 | armhf md-modules-4.19.0-17-armmp-di | 4.19.194-3 | armhf md-modules-4.19.0-19-armmp-di | 4.19.232-1 | armhf mmc-modules-4.19.0-17-armmp-di | 4.19.194-3 | armhf mmc-modules-4.19.0-19-armmp-di | 4.19.232-1 | armhf mtd-modules-4.19.0-17-armmp-di | 4.19.194-3 | armhf mtd-modules-4.19.0-19-armmp-di | 4.19.232-1 | armhf multipath-modules-4.19.0-17-armmp-di | 4.19.194-3 | armhf multipath-modules-4.19.0-19-armmp-di | 4.19.232-1 | armhf nbd-modules-4.19.0-17-armmp-di | 4.19.194-3 | armhf nbd-modules-4.19.0-19-armmp-di | 4.19.232-1 | armhf nic-modules-4.19.0-17-armmp-di | 4.19.194-3 | armhf nic-modules-4.19.0-19-armmp-di | 4.19.232-1 | armhf nic-shared-modules-4.19.0-17-armmp-di | 4.19.194-3 | armhf nic-shared-modules-4.19.0-19-armmp-di | 4.19.232-1 | armhf nic-usb-modules-4.19.0-17-armmp-di | 4.19.194-3 | armhf nic-usb-modules-4.19.0-19-armmp-di | 4.19.232-1 | armhf nic-wireless-modules-4.19.0-17-armmp-di | 4.19.194-3 | armhf nic-wireless-modules-4.19.0-19-armmp-di | 4.19.232-1 | armhf pata-modules-4.19.0-17-armmp-di | 4.19.194-3 | armhf pata-modules-4.19.0-19-armmp-di | 4.19.232-1 | armhf ppp-modules-4.19.0-17-armmp-di | 4.19.194-3 | armhf ppp-modules-4.19.0-19-armmp-di | 4.19.232-1 | armhf sata-modules-4.19.0-17-armmp-di | 4.19.194-3 | armhf sata-modules-4.19.0-19-armmp-di | 4.19.232-1 | armhf scsi-core-modules-4.19.0-17-armmp-di | 4.19.194-3 | armhf scsi-core-modules-4.19.0-19-armmp-di | 4.19.232-1 | armhf scsi-modules-4.19.0-17-armmp-di | 4.19.194-3 | armhf scsi-modules-4.19.0-19-armmp-di | 4.19.232-1 | armhf scsi-nic-modules-4.19.0-17-armmp-di | 4.19.194-3 | armhf scsi-nic-modules-4.19.0-19-armmp-di | 4.19.232-1 | armhf squashfs-modules-4.19.0-17-armmp-di | 4.19.194-3 | armhf squashfs-modules-4.19.0-19-armmp-di | 4.19.232-1 | armhf udf-modules-4.19.0-17-armmp-di | 4.19.194-3 | armhf udf-modules-4.19.0-19-armmp-di | 4.19.232-1 | armhf uinput-modules-4.19.0-17-armmp-di | 4.19.194-3 | armhf uinput-modules-4.19.0-19-armmp-di | 4.19.232-1 | armhf usb-modules-4.19.0-17-armmp-di | 4.19.194-3 | armhf usb-modules-4.19.0-19-armmp-di | 4.19.232-1 | armhf usb-serial-modules-4.19.0-17-armmp-di | 4.19.194-3 | armhf usb-serial-modules-4.19.0-19-armmp-di | 4.19.232-1 | armhf usb-storage-modules-4.19.0-17-armmp-di | 4.19.194-3 | armhf usb-storage-modules-4.19.0-19-armmp-di | 4.19.232-1 | armhf zlib-modules-4.19.0-17-armmp-di | 4.19.194-3 | armhf zlib-modules-4.19.0-19-armmp-di | 4.19.232-1 | armhf ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 26 Mar 2022 10:55:04 -0000] [ftpmaster: Archive Administrator] Removed the following packages from oldstable: linux-headers-4.19.0-17-686 | 4.19.194-3 | i386 linux-headers-4.19.0-17-686-pae | 4.19.194-3 | i386 linux-headers-4.19.0-17-all-i386 | 4.19.194-3 | i386 linux-headers-4.19.0-17-rt-686-pae | 4.19.194-3 | i386 linux-headers-4.19.0-19-686 | 4.19.232-1 | i386 linux-headers-4.19.0-19-686-pae | 4.19.232-1 | i386 linux-headers-4.19.0-19-all-i386 | 4.19.232-1 | i386 linux-headers-4.19.0-19-rt-686-pae | 4.19.232-1 | i386 linux-image-4.19.0-17-686-dbg | 4.19.194-3 | i386 linux-image-4.19.0-17-686-pae-dbg | 4.19.194-3 | i386 linux-image-4.19.0-17-686-pae-unsigned | 4.19.194-3 | i386 linux-image-4.19.0-17-686-unsigned | 4.19.194-3 | i386 linux-image-4.19.0-17-rt-686-pae-dbg | 4.19.194-3 | i386 linux-image-4.19.0-17-rt-686-pae-unsigned | 4.19.194-3 | i386 linux-image-4.19.0-19-686-dbg | 4.19.232-1 | i386 linux-image-4.19.0-19-686-pae-dbg | 4.19.232-1 | i386 linux-image-4.19.0-19-686-pae-unsigned | 4.19.232-1 | i386 linux-image-4.19.0-19-686-unsigned | 4.19.232-1 | i386 linux-image-4.19.0-19-rt-686-pae-dbg | 4.19.232-1 | i386 linux-image-4.19.0-19-rt-686-pae-unsigned | 4.19.232-1 | i386 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 26 Mar 2022 10:55:11 -0000] [ftpmaster: Archive Administrator] Removed the following packages from oldstable: linux-headers-4.19.0-17-all-mips | 4.19.194-3 | mips linux-headers-4.19.0-19-all-mips | 4.19.232-1 | mips ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 26 Mar 2022 10:55:22 -0000] [ftpmaster: Archive Administrator] Removed the following packages from oldstable: affs-modules-4.19.0-17-octeon-di | 4.19.194-3 | mips, mips64el, mipsel affs-modules-4.19.0-19-octeon-di | 4.19.232-1 | mips, mips64el, mipsel btrfs-modules-4.19.0-17-octeon-di | 4.19.194-3 | mips, mips64el, mipsel btrfs-modules-4.19.0-19-octeon-di | 4.19.232-1 | mips, mips64el, mipsel cdrom-core-modules-4.19.0-17-octeon-di | 4.19.194-3 | mips, mips64el, mipsel cdrom-core-modules-4.19.0-19-octeon-di | 4.19.232-1 | mips, mips64el, mipsel compress-modules-4.19.0-17-octeon-di | 4.19.194-3 | mips, mips64el, mipsel compress-modules-4.19.0-19-octeon-di | 4.19.232-1 | mips, mips64el, mipsel crc-modules-4.19.0-17-octeon-di | 4.19.194-3 | mips, mips64el, mipsel crc-modules-4.19.0-19-octeon-di | 4.19.232-1 | mips, mips64el, mipsel crypto-dm-modules-4.19.0-17-octeon-di | 4.19.194-3 | mips, mips64el, mipsel crypto-dm-modules-4.19.0-19-octeon-di | 4.19.232-1 | mips, mips64el, mipsel crypto-modules-4.19.0-17-octeon-di | 4.19.194-3 | mips, mips64el, mipsel crypto-modules-4.19.0-19-octeon-di | 4.19.232-1 | mips, mips64el, mipsel event-modules-4.19.0-17-octeon-di | 4.19.194-3 | mips, mips64el, mipsel event-modules-4.19.0-19-octeon-di | 4.19.232-1 | mips, mips64el, mipsel ext4-modules-4.19.0-17-octeon-di | 4.19.194-3 | mips, mips64el, mipsel ext4-modules-4.19.0-19-octeon-di | 4.19.232-1 | mips, mips64el, mipsel fat-modules-4.19.0-17-octeon-di | 4.19.194-3 | mips, mips64el, mipsel fat-modules-4.19.0-19-octeon-di | 4.19.232-1 | mips, mips64el, mipsel fuse-modules-4.19.0-17-octeon-di | 4.19.194-3 | mips, mips64el, mipsel fuse-modules-4.19.0-19-octeon-di | 4.19.232-1 | mips, mips64el, mipsel hfs-modules-4.19.0-17-octeon-di | 4.19.194-3 | mips, mips64el, mipsel hfs-modules-4.19.0-19-octeon-di | 4.19.232-1 | mips, mips64el, mipsel input-modules-4.19.0-17-octeon-di | 4.19.194-3 | mips, mips64el, mipsel input-modules-4.19.0-19-octeon-di | 4.19.232-1 | mips, mips64el, mipsel isofs-modules-4.19.0-17-octeon-di | 4.19.194-3 | mips, mips64el, mipsel isofs-modules-4.19.0-19-octeon-di | 4.19.232-1 | mips, mips64el, mipsel jfs-modules-4.19.0-17-octeon-di | 4.19.194-3 | mips, mips64el, mipsel jfs-modules-4.19.0-19-octeon-di | 4.19.232-1 | mips, mips64el, mipsel kernel-image-4.19.0-17-octeon-di | 4.19.194-3 | mips, mips64el, mipsel kernel-image-4.19.0-19-octeon-di | 4.19.232-1 | mips, mips64el, mipsel linux-headers-4.19.0-17-5kc-malta | 4.19.194-3 | mips, mips64el, mipsel linux-headers-4.19.0-17-octeon | 4.19.194-3 | mips, mips64el, mipsel linux-headers-4.19.0-19-5kc-malta | 4.19.232-1 | mips, mips64el, mipsel linux-headers-4.19.0-19-octeon | 4.19.232-1 | mips, mips64el, mipsel linux-image-4.19.0-17-5kc-malta | 4.19.194-3 | mips, mips64el, mipsel linux-image-4.19.0-17-5kc-malta-dbg | 4.19.194-3 | mips, mips64el, mipsel linux-image-4.19.0-17-octeon | 4.19.194-3 | mips, mips64el, mipsel linux-image-4.19.0-17-octeon-dbg | 4.19.194-3 | mips, mips64el, mipsel linux-image-4.19.0-19-5kc-malta | 4.19.232-1 | mips, mips64el, mipsel linux-image-4.19.0-19-5kc-malta-dbg | 4.19.232-1 | mips, mips64el, mipsel linux-image-4.19.0-19-octeon | 4.19.232-1 | mips, mips64el, mipsel linux-image-4.19.0-19-octeon-dbg | 4.19.232-1 | mips, mips64el, mipsel loop-modules-4.19.0-17-octeon-di | 4.19.194-3 | mips, mips64el, mipsel loop-modules-4.19.0-19-octeon-di | 4.19.232-1 | mips, mips64el, mipsel md-modules-4.19.0-17-octeon-di | 4.19.194-3 | mips, mips64el, mipsel md-modules-4.19.0-19-octeon-di | 4.19.232-1 | mips, mips64el, mipsel minix-modules-4.19.0-17-octeon-di | 4.19.194-3 | mips, mips64el, mipsel minix-modules-4.19.0-19-octeon-di | 4.19.232-1 | mips, mips64el, mipsel multipath-modules-4.19.0-17-octeon-di | 4.19.194-3 | mips, mips64el, mipsel multipath-modules-4.19.0-19-octeon-di | 4.19.232-1 | mips, mips64el, mipsel nbd-modules-4.19.0-17-octeon-di | 4.19.194-3 | mips, mips64el, mipsel nbd-modules-4.19.0-19-octeon-di | 4.19.232-1 | mips, mips64el, mipsel nic-modules-4.19.0-17-octeon-di | 4.19.194-3 | mips, mips64el, mipsel nic-modules-4.19.0-19-octeon-di | 4.19.232-1 | mips, mips64el, mipsel nic-shared-modules-4.19.0-17-octeon-di | 4.19.194-3 | mips, mips64el, mipsel nic-shared-modules-4.19.0-19-octeon-di | 4.19.232-1 | mips, mips64el, mipsel nic-usb-modules-4.19.0-17-octeon-di | 4.19.194-3 | mips, mips64el, mipsel nic-usb-modules-4.19.0-19-octeon-di | 4.19.232-1 | mips, mips64el, mipsel nic-wireless-modules-4.19.0-17-octeon-di | 4.19.194-3 | mips, mips64el, mipsel nic-wireless-modules-4.19.0-19-octeon-di | 4.19.232-1 | mips, mips64el, mipsel pata-modules-4.19.0-17-octeon-di | 4.19.194-3 | mips, mips64el, mipsel pata-modules-4.19.0-19-octeon-di | 4.19.232-1 | mips, mips64el, mipsel ppp-modules-4.19.0-17-octeon-di | 4.19.194-3 | mips, mips64el, mipsel ppp-modules-4.19.0-19-octeon-di | 4.19.232-1 | mips, mips64el, mipsel rtc-modules-4.19.0-17-octeon-di | 4.19.194-3 | mips, mips64el, mipsel rtc-modules-4.19.0-19-octeon-di | 4.19.232-1 | mips, mips64el, mipsel sata-modules-4.19.0-17-octeon-di | 4.19.194-3 | mips, mips64el, mipsel sata-modules-4.19.0-19-octeon-di | 4.19.232-1 | mips, mips64el, mipsel scsi-core-modules-4.19.0-17-octeon-di | 4.19.194-3 | mips, mips64el, mipsel scsi-core-modules-4.19.0-19-octeon-di | 4.19.232-1 | mips, mips64el, mipsel scsi-modules-4.19.0-17-octeon-di | 4.19.194-3 | mips, mips64el, mipsel scsi-modules-4.19.0-19-octeon-di | 4.19.232-1 | mips, mips64el, mipsel scsi-nic-modules-4.19.0-17-octeon-di | 4.19.194-3 | mips, mips64el, mipsel scsi-nic-modules-4.19.0-19-octeon-di | 4.19.232-1 | mips, mips64el, mipsel sound-modules-4.19.0-17-octeon-di | 4.19.194-3 | mips, mips64el, mipsel sound-modules-4.19.0-19-octeon-di | 4.19.232-1 | mips, mips64el, mipsel squashfs-modules-4.19.0-17-octeon-di | 4.19.194-3 | mips, mips64el, mipsel squashfs-modules-4.19.0-19-octeon-di | 4.19.232-1 | mips, mips64el, mipsel udf-modules-4.19.0-17-octeon-di | 4.19.194-3 | mips, mips64el, mipsel udf-modules-4.19.0-19-octeon-di | 4.19.232-1 | mips, mips64el, mipsel usb-modules-4.19.0-17-octeon-di | 4.19.194-3 | mips, mips64el, mipsel usb-modules-4.19.0-19-octeon-di | 4.19.232-1 | mips, mips64el, mipsel usb-serial-modules-4.19.0-17-octeon-di | 4.19.194-3 | mips, mips64el, mipsel usb-serial-modules-4.19.0-19-octeon-di | 4.19.232-1 | mips, mips64el, mipsel usb-storage-modules-4.19.0-17-octeon-di | 4.19.194-3 | mips, mips64el, mipsel usb-storage-modules-4.19.0-19-octeon-di | 4.19.232-1 | mips, mips64el, mipsel xfs-modules-4.19.0-17-octeon-di | 4.19.194-3 | mips, mips64el, mipsel xfs-modules-4.19.0-19-octeon-di | 4.19.232-1 | mips, mips64el, mipsel zlib-modules-4.19.0-17-octeon-di | 4.19.194-3 | mips, mips64el, mipsel zlib-modules-4.19.0-19-octeon-di | 4.19.232-1 | mips, mips64el, mipsel ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 26 Mar 2022 10:55:32 -0000] [ftpmaster: Archive Administrator] Removed the following packages from oldstable: affs-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel affs-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel ata-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel ata-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel btrfs-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel btrfs-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel cdrom-core-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel cdrom-core-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel compress-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel compress-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel crc-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel crc-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel crypto-dm-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel crypto-dm-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel crypto-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel crypto-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel event-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel event-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel ext4-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel ext4-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel fat-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel fat-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel fb-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel fb-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel fuse-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel fuse-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel hfs-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel hfs-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel i2c-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel i2c-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel input-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel input-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel isofs-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel isofs-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel jfs-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel jfs-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel kernel-image-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel kernel-image-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel linux-headers-4.19.0-17-4kc-malta | 4.19.194-3 | mips, mipsel linux-headers-4.19.0-19-4kc-malta | 4.19.232-1 | mips, mipsel linux-image-4.19.0-17-4kc-malta | 4.19.194-3 | mips, mipsel linux-image-4.19.0-17-4kc-malta-dbg | 4.19.194-3 | mips, mipsel linux-image-4.19.0-19-4kc-malta | 4.19.232-1 | mips, mipsel linux-image-4.19.0-19-4kc-malta-dbg | 4.19.232-1 | mips, mipsel loop-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel loop-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel md-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel md-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel minix-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel minix-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel mmc-core-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel mmc-core-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel mmc-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel mmc-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel mouse-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel mouse-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel mtd-core-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel mtd-core-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel multipath-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel multipath-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel nbd-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel nbd-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel nic-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel nic-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel nic-shared-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel nic-shared-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel nic-usb-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel nic-usb-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel nic-wireless-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel nic-wireless-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel pata-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel pata-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel ppp-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel ppp-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel sata-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel sata-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel scsi-core-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel scsi-core-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel scsi-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel scsi-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel scsi-nic-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel scsi-nic-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel sound-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel sound-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel squashfs-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel squashfs-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel udf-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel udf-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel usb-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel usb-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel usb-serial-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel usb-serial-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel usb-storage-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel usb-storage-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel xfs-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel xfs-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel zlib-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel zlib-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 26 Mar 2022 10:55:39 -0000] [ftpmaster: Archive Administrator] Removed the following packages from oldstable: affs-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el affs-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el ata-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el ata-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el btrfs-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el btrfs-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el cdrom-core-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el cdrom-core-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el compress-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el compress-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el crc-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el crc-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el crypto-dm-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el crypto-dm-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el crypto-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el crypto-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el event-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el event-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el ext4-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el ext4-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el fat-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el fat-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el fb-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el fb-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el fuse-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el fuse-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el hfs-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el hfs-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el i2c-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el i2c-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el input-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el input-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el isofs-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el isofs-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el jfs-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el jfs-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el kernel-image-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el kernel-image-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el linux-headers-4.19.0-17-all-mips64el | 4.19.194-3 | mips64el linux-headers-4.19.0-19-all-mips64el | 4.19.232-1 | mips64el loop-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el loop-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el md-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el md-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el minix-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el minix-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el mmc-core-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el mmc-core-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el mmc-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el mmc-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el mouse-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el mouse-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el mtd-core-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el mtd-core-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el multipath-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el multipath-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el nbd-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el nbd-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el nic-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el nic-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el nic-shared-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el nic-shared-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el nic-usb-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el nic-usb-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el nic-wireless-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el nic-wireless-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el pata-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el pata-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el ppp-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el ppp-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el sata-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el sata-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el scsi-core-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el scsi-core-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el scsi-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el scsi-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el scsi-nic-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el scsi-nic-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el sound-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el sound-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el squashfs-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el squashfs-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el udf-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el udf-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el usb-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el usb-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el usb-serial-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el usb-serial-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el usb-storage-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el usb-storage-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el xfs-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el xfs-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el zlib-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el zlib-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 26 Mar 2022 10:55:47 -0000] [ftpmaster: Archive Administrator] Removed the following packages from oldstable: acpi-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 acpi-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 ata-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 ata-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 btrfs-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 btrfs-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 cdrom-core-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 cdrom-core-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 compress-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 compress-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 crc-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 crc-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 crypto-dm-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 crypto-dm-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 crypto-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 crypto-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 efi-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 efi-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 event-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 event-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 ext4-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 ext4-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 fat-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 fat-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 fb-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 fb-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 firewire-core-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 firewire-core-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 fuse-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 fuse-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 i2c-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 i2c-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 input-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 input-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 isofs-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 isofs-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 jfs-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 jfs-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 kernel-image-4.19.0-17-amd64-di | 4.19.194-3 | amd64 kernel-image-4.19.0-19-amd64-di | 4.19.232-1 | amd64 linux-image-4.19.0-17-amd64 | 4.19.194-3 | amd64 linux-image-4.19.0-17-cloud-amd64 | 4.19.194-3 | amd64 linux-image-4.19.0-17-rt-amd64 | 4.19.194-3 | amd64 linux-image-4.19.0-19-amd64 | 4.19.232-1 | amd64 linux-image-4.19.0-19-cloud-amd64 | 4.19.232-1 | amd64 linux-image-4.19.0-19-rt-amd64 | 4.19.232-1 | amd64 loop-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 loop-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 md-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 md-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 mmc-core-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 mmc-core-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 mmc-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 mmc-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 mouse-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 mouse-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 mtd-core-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 mtd-core-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 multipath-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 multipath-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 nbd-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 nbd-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 nic-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 nic-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 nic-pcmcia-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 nic-pcmcia-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 nic-shared-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 nic-shared-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 nic-usb-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 nic-usb-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 nic-wireless-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 nic-wireless-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 pata-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 pata-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 pcmcia-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 pcmcia-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 pcmcia-storage-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 pcmcia-storage-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 ppp-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 ppp-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 sata-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 sata-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 scsi-core-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 scsi-core-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 scsi-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 scsi-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 scsi-nic-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 scsi-nic-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 serial-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 serial-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 sound-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 sound-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 speakup-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 speakup-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 squashfs-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 squashfs-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 udf-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 udf-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 uinput-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 uinput-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 usb-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 usb-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 usb-serial-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 usb-serial-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 usb-storage-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 usb-storage-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 xfs-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 xfs-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux-signed-amd64) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 26 Mar 2022 10:55:55 -0000] [ftpmaster: Archive Administrator] Removed the following packages from oldstable: ata-modules-4.19.0-17-arm64-di | 4.19.194-3 | arm64 ata-modules-4.19.0-19-arm64-di | 4.19.232-1 | arm64 btrfs-modules-4.19.0-17-arm64-di | 4.19.194-3 | arm64 btrfs-modules-4.19.0-19-arm64-di | 4.19.232-1 | arm64 cdrom-core-modules-4.19.0-17-arm64-di | 4.19.194-3 | arm64 cdrom-core-modules-4.19.0-19-arm64-di | 4.19.232-1 | arm64 compress-modules-4.19.0-17-arm64-di | 4.19.194-3 | arm64 compress-modules-4.19.0-19-arm64-di | 4.19.232-1 | arm64 crc-modules-4.19.0-17-arm64-di | 4.19.194-3 | arm64 crc-modules-4.19.0-19-arm64-di | 4.19.232-1 | arm64 crypto-dm-modules-4.19.0-17-arm64-di | 4.19.194-3 | arm64 crypto-dm-modules-4.19.0-19-arm64-di | 4.19.232-1 | arm64 crypto-modules-4.19.0-17-arm64-di | 4.19.194-3 | arm64 crypto-modules-4.19.0-19-arm64-di | 4.19.232-1 | arm64 efi-modules-4.19.0-17-arm64-di | 4.19.194-3 | arm64 efi-modules-4.19.0-19-arm64-di | 4.19.232-1 | arm64 event-modules-4.19.0-17-arm64-di | 4.19.194-3 | arm64 event-modules-4.19.0-19-arm64-di | 4.19.232-1 | arm64 ext4-modules-4.19.0-17-arm64-di | 4.19.194-3 | arm64 ext4-modules-4.19.0-19-arm64-di | 4.19.232-1 | arm64 fat-modules-4.19.0-17-arm64-di | 4.19.194-3 | arm64 fat-modules-4.19.0-19-arm64-di | 4.19.232-1 | arm64 fb-modules-4.19.0-17-arm64-di | 4.19.194-3 | arm64 fb-modules-4.19.0-19-arm64-di | 4.19.232-1 | arm64 fuse-modules-4.19.0-17-arm64-di | 4.19.194-3 | arm64 fuse-modules-4.19.0-19-arm64-di | 4.19.232-1 | arm64 i2c-modules-4.19.0-17-arm64-di | 4.19.194-3 | arm64 i2c-modules-4.19.0-19-arm64-di | 4.19.232-1 | arm64 input-modules-4.19.0-17-arm64-di | 4.19.194-3 | arm64 input-modules-4.19.0-19-arm64-di | 4.19.232-1 | arm64 isofs-modules-4.19.0-17-arm64-di | 4.19.194-3 | arm64 isofs-modules-4.19.0-19-arm64-di | 4.19.232-1 | arm64 jfs-modules-4.19.0-17-arm64-di | 4.19.194-3 | arm64 jfs-modules-4.19.0-19-arm64-di | 4.19.232-1 | arm64 kernel-image-4.19.0-17-arm64-di | 4.19.194-3 | arm64 kernel-image-4.19.0-19-arm64-di | 4.19.232-1 | arm64 leds-modules-4.19.0-17-arm64-di | 4.19.194-3 | arm64 leds-modules-4.19.0-19-arm64-di | 4.19.232-1 | arm64 linux-image-4.19.0-17-arm64 | 4.19.194-3 | arm64 linux-image-4.19.0-17-rt-arm64 | 4.19.194-3 | arm64 linux-image-4.19.0-19-arm64 | 4.19.232-1 | arm64 linux-image-4.19.0-19-rt-arm64 | 4.19.232-1 | arm64 loop-modules-4.19.0-17-arm64-di | 4.19.194-3 | arm64 loop-modules-4.19.0-19-arm64-di | 4.19.232-1 | arm64 md-modules-4.19.0-17-arm64-di | 4.19.194-3 | arm64 md-modules-4.19.0-19-arm64-di | 4.19.232-1 | arm64 mmc-modules-4.19.0-17-arm64-di | 4.19.194-3 | arm64 mmc-modules-4.19.0-19-arm64-di | 4.19.232-1 | arm64 mtd-core-modules-4.19.0-17-arm64-di | 4.19.194-3 | arm64 mtd-core-modules-4.19.0-19-arm64-di | 4.19.232-1 | arm64 multipath-modules-4.19.0-17-arm64-di | 4.19.194-3 | arm64 multipath-modules-4.19.0-19-arm64-di | 4.19.232-1 | arm64 nbd-modules-4.19.0-17-arm64-di | 4.19.194-3 | arm64 nbd-modules-4.19.0-19-arm64-di | 4.19.232-1 | arm64 nic-modules-4.19.0-17-arm64-di | 4.19.194-3 | arm64 nic-modules-4.19.0-19-arm64-di | 4.19.232-1 | arm64 nic-shared-modules-4.19.0-17-arm64-di | 4.19.194-3 | arm64 nic-shared-modules-4.19.0-19-arm64-di | 4.19.232-1 | arm64 nic-usb-modules-4.19.0-17-arm64-di | 4.19.194-3 | arm64 nic-usb-modules-4.19.0-19-arm64-di | 4.19.232-1 | arm64 nic-wireless-modules-4.19.0-17-arm64-di | 4.19.194-3 | arm64 nic-wireless-modules-4.19.0-19-arm64-di | 4.19.232-1 | arm64 ppp-modules-4.19.0-17-arm64-di | 4.19.194-3 | arm64 ppp-modules-4.19.0-19-arm64-di | 4.19.232-1 | arm64 sata-modules-4.19.0-17-arm64-di | 4.19.194-3 | arm64 sata-modules-4.19.0-19-arm64-di | 4.19.232-1 | arm64 scsi-core-modules-4.19.0-17-arm64-di | 4.19.194-3 | arm64 scsi-core-modules-4.19.0-19-arm64-di | 4.19.232-1 | arm64 scsi-modules-4.19.0-17-arm64-di | 4.19.194-3 | arm64 scsi-modules-4.19.0-19-arm64-di | 4.19.232-1 | arm64 scsi-nic-modules-4.19.0-17-arm64-di | 4.19.194-3 | arm64 scsi-nic-modules-4.19.0-19-arm64-di | 4.19.232-1 | arm64 squashfs-modules-4.19.0-17-arm64-di | 4.19.194-3 | arm64 squashfs-modules-4.19.0-19-arm64-di | 4.19.232-1 | arm64 udf-modules-4.19.0-17-arm64-di | 4.19.194-3 | arm64 udf-modules-4.19.0-19-arm64-di | 4.19.232-1 | arm64 uinput-modules-4.19.0-17-arm64-di | 4.19.194-3 | arm64 uinput-modules-4.19.0-19-arm64-di | 4.19.232-1 | arm64 usb-modules-4.19.0-17-arm64-di | 4.19.194-3 | arm64 usb-modules-4.19.0-19-arm64-di | 4.19.232-1 | arm64 usb-serial-modules-4.19.0-17-arm64-di | 4.19.194-3 | arm64 usb-serial-modules-4.19.0-19-arm64-di | 4.19.232-1 | arm64 usb-storage-modules-4.19.0-17-arm64-di | 4.19.194-3 | arm64 usb-storage-modules-4.19.0-19-arm64-di | 4.19.232-1 | arm64 xfs-modules-4.19.0-17-arm64-di | 4.19.194-3 | arm64 xfs-modules-4.19.0-19-arm64-di | 4.19.232-1 | arm64 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux-signed-arm64) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 26 Mar 2022 10:56:03 -0000] [ftpmaster: Archive Administrator] Removed the following packages from oldstable: acpi-modules-4.19.0-17-686-di | 4.19.194-3 | i386 acpi-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 acpi-modules-4.19.0-19-686-di | 4.19.232-1 | i386 acpi-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 ata-modules-4.19.0-17-686-di | 4.19.194-3 | i386 ata-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 ata-modules-4.19.0-19-686-di | 4.19.232-1 | i386 ata-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 btrfs-modules-4.19.0-17-686-di | 4.19.194-3 | i386 btrfs-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 btrfs-modules-4.19.0-19-686-di | 4.19.232-1 | i386 btrfs-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 cdrom-core-modules-4.19.0-17-686-di | 4.19.194-3 | i386 cdrom-core-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 cdrom-core-modules-4.19.0-19-686-di | 4.19.232-1 | i386 cdrom-core-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 compress-modules-4.19.0-17-686-di | 4.19.194-3 | i386 compress-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 compress-modules-4.19.0-19-686-di | 4.19.232-1 | i386 compress-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 crc-modules-4.19.0-17-686-di | 4.19.194-3 | i386 crc-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 crc-modules-4.19.0-19-686-di | 4.19.232-1 | i386 crc-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 crypto-dm-modules-4.19.0-17-686-di | 4.19.194-3 | i386 crypto-dm-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 crypto-dm-modules-4.19.0-19-686-di | 4.19.232-1 | i386 crypto-dm-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 crypto-modules-4.19.0-17-686-di | 4.19.194-3 | i386 crypto-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 crypto-modules-4.19.0-19-686-di | 4.19.232-1 | i386 crypto-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 efi-modules-4.19.0-17-686-di | 4.19.194-3 | i386 efi-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 efi-modules-4.19.0-19-686-di | 4.19.232-1 | i386 efi-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 event-modules-4.19.0-17-686-di | 4.19.194-3 | i386 event-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 event-modules-4.19.0-19-686-di | 4.19.232-1 | i386 event-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 ext4-modules-4.19.0-17-686-di | 4.19.194-3 | i386 ext4-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 ext4-modules-4.19.0-19-686-di | 4.19.232-1 | i386 ext4-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 fat-modules-4.19.0-17-686-di | 4.19.194-3 | i386 fat-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 fat-modules-4.19.0-19-686-di | 4.19.232-1 | i386 fat-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 fb-modules-4.19.0-17-686-di | 4.19.194-3 | i386 fb-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 fb-modules-4.19.0-19-686-di | 4.19.232-1 | i386 fb-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 firewire-core-modules-4.19.0-17-686-di | 4.19.194-3 | i386 firewire-core-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 firewire-core-modules-4.19.0-19-686-di | 4.19.232-1 | i386 firewire-core-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 fuse-modules-4.19.0-17-686-di | 4.19.194-3 | i386 fuse-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 fuse-modules-4.19.0-19-686-di | 4.19.232-1 | i386 fuse-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 i2c-modules-4.19.0-17-686-di | 4.19.194-3 | i386 i2c-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 i2c-modules-4.19.0-19-686-di | 4.19.232-1 | i386 i2c-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 input-modules-4.19.0-17-686-di | 4.19.194-3 | i386 input-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 input-modules-4.19.0-19-686-di | 4.19.232-1 | i386 input-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 isofs-modules-4.19.0-17-686-di | 4.19.194-3 | i386 isofs-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 isofs-modules-4.19.0-19-686-di | 4.19.232-1 | i386 isofs-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 jfs-modules-4.19.0-17-686-di | 4.19.194-3 | i386 jfs-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 jfs-modules-4.19.0-19-686-di | 4.19.232-1 | i386 jfs-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 kernel-image-4.19.0-17-686-di | 4.19.194-3 | i386 kernel-image-4.19.0-17-686-pae-di | 4.19.194-3 | i386 kernel-image-4.19.0-19-686-di | 4.19.232-1 | i386 kernel-image-4.19.0-19-686-pae-di | 4.19.232-1 | i386 linux-image-4.19.0-17-686 | 4.19.194-3 | i386 linux-image-4.19.0-17-686-pae | 4.19.194-3 | i386 linux-image-4.19.0-17-rt-686-pae | 4.19.194-3 | i386 linux-image-4.19.0-19-686 | 4.19.232-1 | i386 linux-image-4.19.0-19-686-pae | 4.19.232-1 | i386 linux-image-4.19.0-19-rt-686-pae | 4.19.232-1 | i386 loop-modules-4.19.0-17-686-di | 4.19.194-3 | i386 loop-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 loop-modules-4.19.0-19-686-di | 4.19.232-1 | i386 loop-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 md-modules-4.19.0-17-686-di | 4.19.194-3 | i386 md-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 md-modules-4.19.0-19-686-di | 4.19.232-1 | i386 md-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 mmc-core-modules-4.19.0-17-686-di | 4.19.194-3 | i386 mmc-core-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 mmc-core-modules-4.19.0-19-686-di | 4.19.232-1 | i386 mmc-core-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 mmc-modules-4.19.0-17-686-di | 4.19.194-3 | i386 mmc-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 mmc-modules-4.19.0-19-686-di | 4.19.232-1 | i386 mmc-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 mouse-modules-4.19.0-17-686-di | 4.19.194-3 | i386 mouse-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 mouse-modules-4.19.0-19-686-di | 4.19.232-1 | i386 mouse-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 mtd-core-modules-4.19.0-17-686-di | 4.19.194-3 | i386 mtd-core-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 mtd-core-modules-4.19.0-19-686-di | 4.19.232-1 | i386 mtd-core-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 multipath-modules-4.19.0-17-686-di | 4.19.194-3 | i386 multipath-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 multipath-modules-4.19.0-19-686-di | 4.19.232-1 | i386 multipath-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 nbd-modules-4.19.0-17-686-di | 4.19.194-3 | i386 nbd-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 nbd-modules-4.19.0-19-686-di | 4.19.232-1 | i386 nbd-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 nic-modules-4.19.0-17-686-di | 4.19.194-3 | i386 nic-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 nic-modules-4.19.0-19-686-di | 4.19.232-1 | i386 nic-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 nic-pcmcia-modules-4.19.0-17-686-di | 4.19.194-3 | i386 nic-pcmcia-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 nic-pcmcia-modules-4.19.0-19-686-di | 4.19.232-1 | i386 nic-pcmcia-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 nic-shared-modules-4.19.0-17-686-di | 4.19.194-3 | i386 nic-shared-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 nic-shared-modules-4.19.0-19-686-di | 4.19.232-1 | i386 nic-shared-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 nic-usb-modules-4.19.0-17-686-di | 4.19.194-3 | i386 nic-usb-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 nic-usb-modules-4.19.0-19-686-di | 4.19.232-1 | i386 nic-usb-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 nic-wireless-modules-4.19.0-17-686-di | 4.19.194-3 | i386 nic-wireless-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 nic-wireless-modules-4.19.0-19-686-di | 4.19.232-1 | i386 nic-wireless-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 pata-modules-4.19.0-17-686-di | 4.19.194-3 | i386 pata-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 pata-modules-4.19.0-19-686-di | 4.19.232-1 | i386 pata-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 pcmcia-modules-4.19.0-17-686-di | 4.19.194-3 | i386 pcmcia-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 pcmcia-modules-4.19.0-19-686-di | 4.19.232-1 | i386 pcmcia-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 pcmcia-storage-modules-4.19.0-17-686-di | 4.19.194-3 | i386 pcmcia-storage-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 pcmcia-storage-modules-4.19.0-19-686-di | 4.19.232-1 | i386 pcmcia-storage-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 ppp-modules-4.19.0-17-686-di | 4.19.194-3 | i386 ppp-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 ppp-modules-4.19.0-19-686-di | 4.19.232-1 | i386 ppp-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 sata-modules-4.19.0-17-686-di | 4.19.194-3 | i386 sata-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 sata-modules-4.19.0-19-686-di | 4.19.232-1 | i386 sata-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 scsi-core-modules-4.19.0-17-686-di | 4.19.194-3 | i386 scsi-core-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 scsi-core-modules-4.19.0-19-686-di | 4.19.232-1 | i386 scsi-core-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 scsi-modules-4.19.0-17-686-di | 4.19.194-3 | i386 scsi-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 scsi-modules-4.19.0-19-686-di | 4.19.232-1 | i386 scsi-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 scsi-nic-modules-4.19.0-17-686-di | 4.19.194-3 | i386 scsi-nic-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 scsi-nic-modules-4.19.0-19-686-di | 4.19.232-1 | i386 scsi-nic-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 serial-modules-4.19.0-17-686-di | 4.19.194-3 | i386 serial-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 serial-modules-4.19.0-19-686-di | 4.19.232-1 | i386 serial-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 sound-modules-4.19.0-17-686-di | 4.19.194-3 | i386 sound-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 sound-modules-4.19.0-19-686-di | 4.19.232-1 | i386 sound-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 speakup-modules-4.19.0-17-686-di | 4.19.194-3 | i386 speakup-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 speakup-modules-4.19.0-19-686-di | 4.19.232-1 | i386 speakup-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 squashfs-modules-4.19.0-17-686-di | 4.19.194-3 | i386 squashfs-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 squashfs-modules-4.19.0-19-686-di | 4.19.232-1 | i386 squashfs-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 udf-modules-4.19.0-17-686-di | 4.19.194-3 | i386 udf-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 udf-modules-4.19.0-19-686-di | 4.19.232-1 | i386 udf-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 uinput-modules-4.19.0-17-686-di | 4.19.194-3 | i386 uinput-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 uinput-modules-4.19.0-19-686-di | 4.19.232-1 | i386 uinput-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 usb-modules-4.19.0-17-686-di | 4.19.194-3 | i386 usb-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 usb-modules-4.19.0-19-686-di | 4.19.232-1 | i386 usb-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 usb-serial-modules-4.19.0-17-686-di | 4.19.194-3 | i386 usb-serial-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 usb-serial-modules-4.19.0-19-686-di | 4.19.232-1 | i386 usb-serial-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 usb-storage-modules-4.19.0-17-686-di | 4.19.194-3 | i386 usb-storage-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 usb-storage-modules-4.19.0-19-686-di | 4.19.232-1 | i386 usb-storage-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 xfs-modules-4.19.0-17-686-di | 4.19.194-3 | i386 xfs-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 xfs-modules-4.19.0-19-686-di | 4.19.232-1 | i386 xfs-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux-signed-i386) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 26 Mar 2022 10:56:21 -0000] [ftpmaster: Archive Administrator] Removed the following packages from oldstable: linux-headers-4.19.0-17-common | 4.19.194-3 | all linux-headers-4.19.0-17-common-rt | 4.19.194-3 | all linux-headers-4.19.0-19-common | 4.19.232-1 | all linux-headers-4.19.0-19-common-rt | 4.19.232-1 | all linux-support-4.19.0-17 | 4.19.194-3 | all linux-support-4.19.0-19 | 4.19.232-1 | all ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux - based on source metadata) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 26 Mar 2022 10:59:53 -0000] [ftpmaster: Archive Administrator] Removed the following packages from oldstable: libparse-pidl-perl | 2:4.9.5+dfsg-5+really0.02 | amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by samba) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 26 Mar 2022 11:00:11 -0000] [ftpmaster: Archive Administrator] Removed the following packages from oldstable: liblog4j2-java-doc | 2.11.1-2 | all ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by apache-log4j2 - based on source metadata) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 26 Mar 2022 11:00:29 -0000] [ftpmaster: Archive Administrator] Removed the following packages from oldstable: libjtharness-java-doc | 5.0-2 | all ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by jtharness - based on source metadata) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 26 Mar 2022 11:00:50 -0000] [ftpmaster: Archive Administrator] Removed the following packages from oldstable: libwebkit2gtk-4.0-37-gtk2 | 2.32.4-1~deb10u1 | all ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by webkit2gtk - based on source metadata) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 26 Mar 2022 10:46:33 -0000] [ftpmaster: Archive Administrator] Removed the following packages from oldstable: libminify-maven-plugin-java | 1.7.4-1.1 | all minify-maven-plugin | 1.7.4-1.1 | source Closed bugs: 1006461 ------------------- Reason ------------------- RoM: old and not useful ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 26 Mar 2022 10:46:57 -0000] [ftpmaster: Archive Administrator] Removed the following packages from oldstable: angular-maven-plugin | 0.3.4-3 | source libangular-maven-plugin-java | 0.3.4-3 | all Closed bugs: 1006462 ------------------- Reason ------------------- RoM; no longer useful; tied to unsupported AngularJS version ---------------------------------------------- ========================================================================= aide (0.16.1-1+deb10u1) buster-security; urgency=high . * Apply backported patch to fix heap-based buffer overflow in base64 functions (CVE-2021-45417) apache-log4j1.2 (1.2.17-8+deb10u2) buster; urgency=medium . * Team upload. * Fix CVE-2021-4104, CVE-2022-23302, CVE-2022-23305 and CVE-2022-23307. Multiple security vulnerabilities have been discovered in Apache Log4j 1.2 when it is configured to use JMSSink, JDBCAppender and JMSAppender or Apache Chainsaw. Note that a possible attacker requires write access to the Log4j configuration and the aforementioned features are not enabled by default. In order to completely mitigate against these vulnerabilities the related classes have been removed from the resulting jar file. apache-log4j2 (2.17.1-1~deb10u1) buster; urgency=medium . * Team upload. * Backport 2.17.1 to Buster and fix CVE-2021-44832: remote code execution vulnerability but requires permission to modify the logging configuration. apache-log4j2 (2.17.0-1) unstable; urgency=high . * Team upload. * New upstream version 2.17.0. - Fix CVE-2021-45105: Apache Log4j2 did not protect from uncontrolled recursion from self-referential lookups. When the logging configuration uses a non-default Pattern Layout with a Context Lookup (for example, $${ctx:loginId}), attackers with control over Thread Context Map (MDC) input data can craft malicious input data that contains a recursive lookup, resulting in a denial of service. (Closes: #1001891) Thanks to Salvatore Bonaccorso for the report. apache-log4j2 (2.17.0-1~deb11u1) bullseye-security; urgency=high . * Team upload. * Backport 2.17.0-1 to Bullseye and fix CVE-2021-45105. (Closes: #1001891) apache-log4j2 (2.17.0-1~deb10u1) buster-security; urgency=high . * Team upload. * Backport 2.17.0-1 to Buster and fix CVE-2021-45105. (Closes: #1001891) apache-log4j2 (2.16.0-1) unstable; urgency=high . * Team upload. * New upstream version 2.16.0. - Fix CVE-2021-45046: It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allow attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in a denial of service (DOS) attack. Thanks to Salvatore Bonaccorso for the report. (Closes: #1001729) apache-log4j2 (2.16.0-1~deb11u1) bullseye-security; urgency=high . * Team upload. * Backport version 2.16.0 to Bullseye and fix CVE-2021-45046. (Closes: #1001729) apache-log4j2 (2.16.0-1~deb10u1) buster-security; urgency=high . * Team upload. * Backport version 2.16.0 to Buster and fix CVE-2021-45046. (Closes: #1001729) apache-log4j2 (2.15.0-1) unstable; urgency=high . * Team upload. * New upstream version 2.15.0. - Fix CVE-2021-44228: Chen Zhaojun of Alibaba Cloud Security Team discovered that JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From version 2.15.0, this behavior has been disabled by default. (Closes: #1001478) * Update debian/watch to track the latest releases. * Declare compliance with Debian Policy 4.6.0. apache-log4j2 (2.15.0-1~deb11u1) bullseye-security; urgency=high . * Team upload. * Backport version 2.15.0 to Bullseye and fix CVE-2021-44228. (Closes: #1001478) apache-log4j2 (2.15.0-1~deb10u1) buster-security; urgency=high . * Team upload. * Backport version 2.15.0 to Buster and fix CVE-2021-44228. (Closes: #1001478) * Fix CVE-2020-9488: Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. (Closes: #959450) apache-log4j2 (2.13.3-1) unstable; urgency=medium . * New upstream release - Refreshed the patches - Ignore the new log4j-docker, log4-jpl, log4j-kubernetes and log4j-spring-cloud-config modules * Depend on libgeronimo-jpa-2.0-spec-java instead of libjpa-2.1-spec-java * Removed the -java-doc package (Closes: #835382) * Standards-Version updated to 4.5.1 * Switch to debhelper level 13 * No longer track the release candidates apache-log4j2 (2.11.2-1) unstable; urgency=medium . * Team upload. . [ tony mancill ] * Revert "Drop support for mongodb (Debian: #919095)" . [ Emmanuel Bourg ] * New upstream release - Refreshed the patches - Updated the Maven rules * Sort the entries in the plugin cache (Log4j2Plugins.dat) to make the build reproducible * Standards-Version updated to 4.4.0 apache2 (2.4.38-3+deb10u7) buster-security; urgency=medium . * Fix possible NULL dereference or SSRF in forward proxy configurations (CVE-2021-44224) * lua: improve error handling (Closes: CVE-2021-44790) * mod_proxy_uwsgi: Remove duplicate slashes at the beginning of PATH_INFO (relaxes the behaviour introduced by the CVE-2021-36160 fix) apache2 (2.4.38-3+deb10u6) buster-security; urgency=high . [ Yadd, Moritz Muehlenhoff ] * Initialize the request fields on read failure to avoid NULLs (Closes: CVE-2021-34798) * mod_proxy_uwsgi: Fix PATH_INFO setting for generic worker (Closes: CVE-2021-36160) * Fix ap_escape_quotes with pre-escaped quotes (Closes: CVE-2021-39275) * Sanity checks on the configured UDS path (Closes: CVE-2021-40438) atftp (0.7.git20120829-3.2~deb10u3) buster; urgency=medium . * Fix for CVE-2021-46671 (Closes: #1004974) base-files (10.3+deb10u12) buster; urgency=medium . * Change /etc/debian_version to 10.12, for Debian 10.12 point release. bind9 (1:9.11.5.P4+dfsg-5.1+deb10u7) buster-security; urgency=high . * CVE-2021-25220: The rules for acceptance of records into the cache have been tightened to prevent the possibility of poisoning if forwarders send records outside the configured bailiwick. bind9 (1:9.11.5.P4+dfsg-5.1+deb10u6) buster-security; urgency=high . * CVE-2021-25219: The "lame-ttl" option is now forcibly set to 0. This effectively disables the lame server cache, as it could previously be abused by an attacker to significantly degrade resolver performance. btrbk (0.27.1-1+deb10u2) buster; urgency=high . * Non-maintainer upload by the LTS Team. * regression fix for CVE-2021-38173 (Closes: #996260, #996266) cargo-mozilla (0.47.0-3~deb10u1) buster; urgency=medium . * Non-maintainer upload. * Backport to buster. * Vendor libgit2 1.0.1, the system one is too old. * Build-dep on rustc-mozilla. * Build-dep on libpcre3-dev, for libgit2. * Fix tests that now have execution time in the output. * Rename to cargo-mozilla to avoid disruption in the rustc/cargo ecosystem, and don't build the doc package. chrony (3.4-4+deb10u2) buster; urgency=medium . * debian/usr.sbin.chronyd: - Allow reading the chronyd configuration file that timemaster(8) generates. Thanks to Michael Lestinsky for the report! (Closes: #1004745) cimg (2.4.5+dfsg-1+deb10u1) buster; urgency=medium . * Non-maintainer upload. * CVE-2020-25693: Fix multiple heap buffer overflows. (Closes: #973770) clamav (0.103.5+dfsg-0+deb10u1) buster; urgency=medium . * Import 0.103.5 - CVE-2022-20698 (Fix for invalid pointer read that may cause a crash). - Update symbol file. clamav (0.103.4+dfsg-1) unstable; urgency=medium . * Import 0.103.4 - Update symbol file. * Add clamonacc.8. * Install clamonacc only on Linux. Patch by Laurent Bigonvill (Closes: #992776). * Drop unused libidn11-dev dependency, suggested by Simon Josefsson (Closes: #991976). clamav (0.103.4+dfsg-0+deb11u1) bullseye; urgency=medium . * Import 0.103.4 - Update symbol file. * Add clamonacc.8. * Install clamonacc only on Linux. Patch by Laurent Bigonvill (Closes: #992776). clamav (0.103.4+dfsg-0+deb10u1) buster; urgency=medium . * Import 0.103.4 - Update symbol file. * Add clamonacc.8. * Install clamonacc only on Linux. Patch by Laurent Bigonvill (Closes: #992776). clamav (0.103.3+dfsg-1) unstable; urgency=medium . * Import 0.103.2 - Update symbol file. - Regression: clamdscan segfaults with --fdpass --multipass and ExcludePath (Closes: #988218). * Remove clamav user on purge (Closes: #987861). * Remove freshclam.dat on purge. clamav (0.103.3+dfsg-0+deb11u1) bullseye; urgency=medium . * Import 0.103.3 - Update symbol file. - Regression: clamdscan segfaults with --fdpass --multipass and ExcludePath (Closes: #988218). * Remove clamav user on purge (Closes: #987861). * Remove freshclam.dat on purge. cups (2.2.10-6+deb10u5) buster; urgency=medium . * Non-maintainer upload by the LTS Team. * CVE-2020-10001.patch An input validation issue might allow a malicious application to read restricted memory. cyrus-sasl2 (2.1.27+dfsg-1+deb10u2) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * Fix _sasl_add_string * Escape password for SQL insert/update commands (CVE-2022-24407) debian-edu-config (2.10.65+deb10u8) buster-security; urgency=medium . * etc/apache2/mods-available/debian-edu-userdir.conf: - White-space cleanup (tabs and spaces mixed). - CVE-2021-20001: Disable built-in PHP engine. - Add warning to not re-enable PHP interpretation in user dirs (with reference to our README). * README.public_html_with_PHP-CGI+suExec.md: - Provide documentation on how to enable suExec support in https userdirs (i.e. ~/public_html). * debian/NEWS: + Add file, inform about PHP being disabled in Apache2 user directories. debian-installer (20190702+deb10u12) buster; urgency=medium . * Bump Linux ABI to 4.19.0-20. debian-installer-netboot-images (20190702+deb10u12) buster; urgency=medium . * Update to 20190702+deb10u12, from buster-proposed-updates. detox (1.3.0-4+deb10u1) buster; urgency=medium . * debian/patches/010_fix-largefiles.patch: created to fix 'Value too large for defined data type' on ARM. This issue is related to large files and was fixed by upstream in configure.ac, adding AC_SYS_LARGEFILE. (Closes: #992542) djvulibre (3.5.27.1-10+deb10u1) buster-security; urgency=medium . * Backport upstream commit 970fb11a296b5bbdc5e8425851253d2c5913c45e ("Fix bug#296") to address CVE-2019-15142. * Backport upstream commit b1f4e1b2187d9e5010cd01ceccf20b4a11ce723f ("fix for bug #297") to address CVE-2019-15143. * Backport upstream commit e15d51510048927f172f1bf1f27ede65907d940d ("bug 299 fixed") to address CVE-2019-15144. * Backport upstream commit 9658b01431cd7ff6344d7787f855179e73fe81a7 ("fix bug #298") to address CVE-2019-15145. * Backport upstream commit c8bec6549c10ffaa2f2fbad8bbc629efdf0dd125 ("Fixed bug 309") to address CVE-2019-18804. * Backport upstream commit cd8b5c97b27a5c1dc83046498b6ca49ad20aa9b6 ("Reviewed Fedora patches and adopted some of them (or variants thereof)") to address CVE-2021-3500, CVE-2021-32490, CVE-2021-32491, CVE-2021-32492, CVE-2021-32493. * Backport upstream commit 7b0ef20690e08f1fe124aebbf42f6310e2f40f81 ("Lizards!") to address CVE-2021-3630. evolution-data-server (3.30.5-1+deb10u2) buster; urgency=medium . * Non-maintainer upload. * CVE-2020-16117: Crash on malformed server response with minimal capabilities. expat (2.2.6-2+deb10u4) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * lib: Relax fix to CVE-2022-25236 with regard to RFC 3986 URI characters * tests: Cover relaxed fix to CVE-2022-25236 * lib: Document namespace separator effect right in header * lib|doc: Add a note on namespace URI validation expat (2.2.6-2+deb10u3) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * Prevent stack exhaustion in build_model (CVE-2022-25313) * Prevent integer overflow in storeRawNames (CVE-2022-25315) * Prevent integer overflow in copyString (CVE-2022-25314) * lib: Fix (harmless) use of uninitialized memory * lib: Protect against malicious namespace declarations (CVE-2022-25236) (Closes: #1005895) * tests: Cover CVE-2022-25236 * lib: Drop unused macro UTF8_GET_NAMING * lib: Add missing validation of encoding (CVE-2022-25235) (Closes: #1005894) * tests: Cover missing validation of encoding (CVE-2022-25235) * Fix build_model regression. * tests: Protect against nested element declaration model regressions expat (2.2.6-2+deb10u2) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * lib: Detect and prevent troublesome left shifts in function storeAtts (CVE-2021-45960) (Closes: #1002994) * lib: Prevent integer overflow on m_groupSize in function doProlog (CVE-2021-46143) * lib: Prevent integer overflow at multiple places (CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825, CVE-2022-22826, CVE-2022-22827) (Closes: #1003474) * lib: Detect and prevent integer overflow in XML_GetBuffer (CVE-2022-23852) * lib: Prevent integer overflow in doProlog (CVE-2022-23990) ffmpeg (7:4.1.8-0+deb10u1) buster-security; urgency=high . [ Sebastian Ramacher ] * New upstream release - Fixes various security issues: CVE-2020-21041 CVE-2020-22017 CVE-2020-22019 CVE-2020-22020 CVE-2020-22021 CVE-2020-22022 CVE-2020-22023 CVE-2020-22025 CVE-2020-22026 CVE-2020-22027 CVE-2020-22028 CVE-2020-22029 CVE-2020-22030 CVE-2020-22031 CVE-2020-22032 CVE-2020-22033 CVE-2020-22034 CVE-2020-22035 CVE-2020-22036 CVE-2020-35965 CVE-2021-38114 CVE-2021-38171 * debian/gbp.conf Switch upstream branch to upstream/buster * debian/tests: Update encoders based on changes in 4.1.6 . [ Antoni Villalonga ] * debian/patches: Backport upstream patch to fix MXF generation (Closes: #977541) flac (1.3.2-3+deb10u1) buster; urgency=medium . * Non-maintainer upload. * CVE-2020-0499: Out of bounds read due to a heap buffer overflow. (Closes: #977764) gerbv (2.7.0-1+deb10u1) buster; urgency=medium . * Build for buster * [c33610a] Rebuild patch queue from patch-queue branch Added patch: security/Fix-TALOS-2021-1402.patch Fixing CVE-2021-40391 * [09244b9] d/gbp.conf: Adjust to branch debian/buster ghostscript (9.27~dfsg-2+deb10u5) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * Check stack limits after function evaluation (CVE-2021-45944) * Fix op stack management in sampled_data_continue() (CVE-2021-45949) glibc (2.28-10+deb10u1) buster; urgency=medium . [ Aurelien Jarno ] * debian/patches/git-updates.diff: update from upstream stable branch (Closes: #930697): - Add more integrity check to malloc() function. - Fix crash in _IO_wfile_sync. - Fix bad free() in libdl if dlerror() is not used. Closes: #953257. - Fix overflow in glibc.malloc.tcache_count tunable. - Fix old x86 applications crash on exit() under valgrind. - Remove copy_file_range emulation. The kernel interface has at evolved and the glibc emulation doesn't match it anymore, so it's better for it to return -ENOSYS. This only impacts Linux kernels << 4.8. - Avoid lazy binding of symbols that may follow a variant PCS on arm64, to support binaries using AdvSIMD and SVE vector calls. - Fix large mmap64 offset for the N32 ABI on mips/mipsel/mips64el. - Improve string functions performances on arm64. * debian/patches/any/git-libio-stdout-putc.diff: refresh. * debian/debhelper.in/libc.preinst: simplify the version comparison by only comparing the two first parts, now that kernel 2.X are not supported anymore. Closes: #1004861. * debian/debhelper.in/libc.preinst: drop the check for kernel release > 255 now that glibc and preinstall script are fixed. Closes: #987266. gmp (2:6.1.2+dfsg-4+deb10u1) buster; urgency=medium . * [1f4ce6d] Add .gitlab-ci.yml * [df6d314] Avoid bit size overflows. CVE-2021-43618 graphicsmagick (1.4+really1.3.35-1~deb10u2) buster; urgency=high . [ Thorsten Alteholz ] * CVE-2020-12672 Fix for a heap-based buffer overflow in ReadMNGImage() in coders/png.c. h2database (1.4.197-4+deb10u1) buster-security; urgency=high . * Team upload. * Security researchers of JFrog Security and Ismail Aydemir discovered two remote code execution vulnerabilities in the H2 Java SQL database engine which can be exploited through various attack vectors, most notably through the H2 Console and by loading custom classes from remote servers through JNDI. The H2 console is a developer tool and not required by any reverse-dependency in Debian. It has been disabled in (old)stable releases. Database developers are advised to use at least version 2.1.210-1, currently available in Debian unstable. htmldoc (1.9.3-1+deb10u3) buster; urgency=high . * Non-maintainer upload by the LTS Team. * CVE-2022-0534 A crafted GIF file could lead to a stack out-of-bounds read, which could result in a crash (segmentation fault). * CVE-2021-43579 Converting an HTML document, which links to a crafted BMP file, could lead to a stack-based buffer overflow, which could result in remote code execution. * CVE-2021-40985 A crafted BMP image could lead to a buffer overflow, which could cause a denial of service. http-parser (2.8.1-1+deb10u2) buster; urgency=medium . * Fix ABI breakage introduced by accident in 2.8.1-1+deb10u1. Many thanks to Hilko Bengen. Closes: #996460, #996939, #996997 icu (63.1-6+deb10u3) buster; urgency=medium . * Add pkg-config dependency to icu-devtools. . [ Scott Talbert ] * Backport upstream fix for pkgdata to work without icu-config (closes: #992591). icu (63.1-6+deb10u2) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * Use LocalMemory for cmd to prevent use after free (CVE-2020-21913) intel-microcode (3.20220207.1~deb10u1) buster; urgency=medium . * Backport for Debian oldstable (no changes) * Release manager: this is the same package already in bullseye-backports, testing and unstable. It fixes several security issues, adds MSRs that can be enabled by updated kernels for enhanced security mitigaton, and also fixes several critical "functional issues" (i.e. processor errata). There were no reports to date of regressions introduced by this microcode drelease. . intel-microcode (3.20220207.1) unstable; urgency=medium . * upstream changelog: new upstream datafile 20220207 * Mitigates (*only* when loaded from UEFI firmware through the FIT) CVE-2021-0146, INTEL-SA-00528: VT-d privilege escalation through debug port, on Pentium, Celeron and Atom processors with signatures 0x506c9, 0x506ca, 0x506f1, 0x706a1, 0x706a8 https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/57#issuecomment-1036363145 * Mitigates CVE-2021-0127, INTEL-SA-00532: an unexpected code breakpoint may cause a system hang, on many processors. * Mitigates CVE-2021-0145, INTEL-SA-00561: information disclosure due to improper sanitization of shared resources (fast-store forward predictor), on many processors. * Mitigates CVE-2021-33120, INTEL-SA-00589: out-of-bounds read on some Atom Processors may allow information disclosure or denial of service via network access. * Fixes critical errata (functional issues) on many processors * Adds a MSR switch to enable RAPL filtering (default off, once enabled it can only be disabled by poweroff or reboot). Useful to protect SGX and other threads from side-channel info leak. Improves the mitigation for CVE-2020-8694, CVE-2020-8695, INTEL-SA-00389 on many processors. * Disables TSX in more processor models. * Fixes issue with WBINDV on multi-socket (server) systems which could cause resets and unpredictable system behavior. * Adds a MSR switch to 10th and 11th-gen (Ice Lake, Tiger Lake, Rocket Lake) processors, to control a fix for (hopefully rare) unpredictable processor behavior when HyperThreading is enabled. This MSR switch is enabled by default on *server* processors. On other processors, it needs to be explicitly enabled by an updated UEFI/BIOS (with added configuration logic). An updated operating system kernel might also be able to enable it. When enabled, this fix can impact performance. * Updated Microcodes: sig 0x000306f2, pf_mask 0x6f, 2021-08-11, rev 0x0049, size 38912 sig 0x000306f4, pf_mask 0x80, 2021-05-24, rev 0x001a, size 23552 sig 0x000406e3, pf_mask 0xc0, 2021-04-28, rev 0x00ec, size 105472 sig 0x00050653, pf_mask 0x97, 2021-05-26, rev 0x100015c, size 34816 sig 0x00050654, pf_mask 0xb7, 2021-06-16, rev 0x2006c0a, size 43008 sig 0x00050656, pf_mask 0xbf, 2021-08-13, rev 0x400320a, size 35840 sig 0x00050657, pf_mask 0xbf, 2021-08-13, rev 0x500320a, size 36864 sig 0x0005065b, pf_mask 0xbf, 2021-06-04, rev 0x7002402, size 28672 sig 0x00050663, pf_mask 0x10, 2021-06-12, rev 0x700001c, size 28672 sig 0x00050664, pf_mask 0x10, 2021-06-12, rev 0xf00001a, size 27648 sig 0x00050665, pf_mask 0x10, 2021-09-18, rev 0xe000014, size 23552 sig 0x000506c9, pf_mask 0x03, 2021-05-10, rev 0x0046, size 17408 sig 0x000506ca, pf_mask 0x03, 2021-05-10, rev 0x0024, size 16384 sig 0x000506e3, pf_mask 0x36, 2021-04-29, rev 0x00ec, size 108544 sig 0x000506f1, pf_mask 0x01, 2021-05-10, rev 0x0036, size 11264 sig 0x000606a6, pf_mask 0x87, 2021-12-03, rev 0xd000331, size 291840 sig 0x000706a1, pf_mask 0x01, 2021-05-10, rev 0x0038, size 74752 sig 0x000706a8, pf_mask 0x01, 2021-05-10, rev 0x001c, size 75776 sig 0x000706e5, pf_mask 0x80, 2021-05-26, rev 0x00a8, size 110592 sig 0x000806a1, pf_mask 0x10, 2021-09-02, rev 0x002d, size 34816 sig 0x000806c1, pf_mask 0x80, 2021-08-06, rev 0x009a, size 109568 sig 0x000806c2, pf_mask 0xc2, 2021-07-16, rev 0x0022, size 96256 sig 0x000806d1, pf_mask 0xc2, 2021-07-16, rev 0x003c, size 101376 sig 0x000806e9, pf_mask 0x10, 2021-04-28, rev 0x00ec, size 104448 sig 0x000806e9, pf_mask 0xc0, 2021-04-28, rev 0x00ec, size 104448 sig 0x000806ea, pf_mask 0xc0, 2021-04-28, rev 0x00ec, size 103424 sig 0x000806eb, pf_mask 0xd0, 2021-04-28, rev 0x00ec, size 104448 sig 0x000806ec, pf_mask 0x94, 2021-04-28, rev 0x00ec, size 104448 sig 0x00090661, pf_mask 0x01, 2021-09-21, rev 0x0015, size 20480 sig 0x000906c0, pf_mask 0x01, 2021-08-09, rev 0x2400001f, size 20480 sig 0x000906e9, pf_mask 0x2a, 2021-04-29, rev 0x00ec, size 106496 sig 0x000906ea, pf_mask 0x22, 2021-04-28, rev 0x00ec, size 102400 sig 0x000906eb, pf_mask 0x02, 2021-04-28, rev 0x00ec, size 104448 sig 0x000906ec, pf_mask 0x22, 2021-04-28, rev 0x00ec, size 103424 sig 0x000906ed, pf_mask 0x22, 2021-04-28, rev 0x00ec, size 103424 sig 0x000a0652, pf_mask 0x20, 2021-04-28, rev 0x00ec, size 93184 sig 0x000a0653, pf_mask 0x22, 2021-04-28, rev 0x00ec, size 94208 sig 0x000a0655, pf_mask 0x22, 2021-04-28, rev 0x00ee, size 94208 sig 0x000a0660, pf_mask 0x80, 2021-04-28, rev 0x00ea, size 94208 sig 0x000a0661, pf_mask 0x80, 2021-04-29, rev 0x00ec, size 93184 sig 0x000a0671, pf_mask 0x02, 2021-08-29, rev 0x0050, size 102400 * Removed Microcodes: sig 0x00080664, pf_mask 0x01, 2021-02-17, rev 0xb00000f, size 130048 sig 0x00080665, pf_mask 0x01, 2021-02-17, rev 0xb00000f, size 130048 * update .gitignore and debian/.gitignore. Add some missing items from .gitignore and debian/.gitignore. * ucode-blacklist: do not late-load 0x406e3 and 0x506e3. When the BIOS microcode is older than revision 0x7f (and perhaps in some other cases as well), the latest microcode updates for 0x406e3 and 0x506e3 must be applied using the early update method. Otherwise, the system might hang. Also: there must not be any other intermediate microcode update attempts [other than the one done by the BIOS itself], either. It must go from the BIOS microcode update directly to the latest microcode update. * source: update symlinks to reflect id of the latest release, 20220207 intel-microcode (3.20220207.1~bpo11+1) bullseye-backports; urgency=medium . * Rebuild for bullseye-backports (no changes required) . intel-microcode (3.20220207.1) unstable; urgency=medium . * upstream changelog: new upstream datafile 20220207 * Mitigates (*only* when loaded from UEFI firmware through the FIT) CVE-2021-0146, INTEL-SA-00528: VT-d privilege escalation through debug port, on Pentium, Celeron and Atom processors with signatures 0x506c9, 0x506ca, 0x506f1, 0x706a1, 0x706a8 https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/57#issuecomment-1036363145 * Mitigates CVE-2021-0127, INTEL-SA-00532: an unexpected code breakpoint may cause a system hang, on many processors. * Mitigates CVE-2021-0145, INTEL-SA-00561: information disclosure due to improper sanitization of shared resources (fast-store forward predictor), on many processors. * Mitigates CVE-2021-33120, INTEL-SA-00589: out-of-bounds read on some Atom Processors may allow information disclosure or denial of service via network access. * Fixes critical errata (functional issues) on many processors * Adds a MSR switch to enable RAPL filtering (default off, once enabled it can only be disabled by poweroff or reboot). Useful to protect SGX and other threads from side-channel info leak. Improves the mitigation for CVE-2020-8694, CVE-2020-8695, INTEL-SA-00389 on many processors. * Disables TSX in more processor models. * Fixes issue with WBINDV on multi-socket (server) systems which could cause resets and unpredictable system behavior. * Adds a MSR switch to 10th and 11th-gen (Ice Lake, Tiger Lake, Rocket Lake) processors, to control a fix for (hopefully rare) unpredictable processor behavior when HyperThreading is enabled. This MSR switch is enabled by default on *server* processors. On other processors, it needs to be explicitly enabled by an updated UEFI/BIOS (with added configuration logic). An updated operating system kernel might also be able to enable it. When enabled, this fix can impact performance. * Updated Microcodes: sig 0x000306f2, pf_mask 0x6f, 2021-08-11, rev 0x0049, size 38912 sig 0x000306f4, pf_mask 0x80, 2021-05-24, rev 0x001a, size 23552 sig 0x000406e3, pf_mask 0xc0, 2021-04-28, rev 0x00ec, size 105472 sig 0x00050653, pf_mask 0x97, 2021-05-26, rev 0x100015c, size 34816 sig 0x00050654, pf_mask 0xb7, 2021-06-16, rev 0x2006c0a, size 43008 sig 0x00050656, pf_mask 0xbf, 2021-08-13, rev 0x400320a, size 35840 sig 0x00050657, pf_mask 0xbf, 2021-08-13, rev 0x500320a, size 36864 sig 0x0005065b, pf_mask 0xbf, 2021-06-04, rev 0x7002402, size 28672 sig 0x00050663, pf_mask 0x10, 2021-06-12, rev 0x700001c, size 28672 sig 0x00050664, pf_mask 0x10, 2021-06-12, rev 0xf00001a, size 27648 sig 0x00050665, pf_mask 0x10, 2021-09-18, rev 0xe000014, size 23552 sig 0x000506c9, pf_mask 0x03, 2021-05-10, rev 0x0046, size 17408 sig 0x000506ca, pf_mask 0x03, 2021-05-10, rev 0x0024, size 16384 sig 0x000506e3, pf_mask 0x36, 2021-04-29, rev 0x00ec, size 108544 sig 0x000506f1, pf_mask 0x01, 2021-05-10, rev 0x0036, size 11264 sig 0x000606a6, pf_mask 0x87, 2021-12-03, rev 0xd000331, size 291840 sig 0x000706a1, pf_mask 0x01, 2021-05-10, rev 0x0038, size 74752 sig 0x000706a8, pf_mask 0x01, 2021-05-10, rev 0x001c, size 75776 sig 0x000706e5, pf_mask 0x80, 2021-05-26, rev 0x00a8, size 110592 sig 0x000806a1, pf_mask 0x10, 2021-09-02, rev 0x002d, size 34816 sig 0x000806c1, pf_mask 0x80, 2021-08-06, rev 0x009a, size 109568 sig 0x000806c2, pf_mask 0xc2, 2021-07-16, rev 0x0022, size 96256 sig 0x000806d1, pf_mask 0xc2, 2021-07-16, rev 0x003c, size 101376 sig 0x000806e9, pf_mask 0x10, 2021-04-28, rev 0x00ec, size 104448 sig 0x000806e9, pf_mask 0xc0, 2021-04-28, rev 0x00ec, size 104448 sig 0x000806ea, pf_mask 0xc0, 2021-04-28, rev 0x00ec, size 103424 sig 0x000806eb, pf_mask 0xd0, 2021-04-28, rev 0x00ec, size 104448 sig 0x000806ec, pf_mask 0x94, 2021-04-28, rev 0x00ec, size 104448 sig 0x00090661, pf_mask 0x01, 2021-09-21, rev 0x0015, size 20480 sig 0x000906c0, pf_mask 0x01, 2021-08-09, rev 0x2400001f, size 20480 sig 0x000906e9, pf_mask 0x2a, 2021-04-29, rev 0x00ec, size 106496 sig 0x000906ea, pf_mask 0x22, 2021-04-28, rev 0x00ec, size 102400 sig 0x000906eb, pf_mask 0x02, 2021-04-28, rev 0x00ec, size 104448 sig 0x000906ec, pf_mask 0x22, 2021-04-28, rev 0x00ec, size 103424 sig 0x000906ed, pf_mask 0x22, 2021-04-28, rev 0x00ec, size 103424 sig 0x000a0652, pf_mask 0x20, 2021-04-28, rev 0x00ec, size 93184 sig 0x000a0653, pf_mask 0x22, 2021-04-28, rev 0x00ec, size 94208 sig 0x000a0655, pf_mask 0x22, 2021-04-28, rev 0x00ee, size 94208 sig 0x000a0660, pf_mask 0x80, 2021-04-28, rev 0x00ea, size 94208 sig 0x000a0661, pf_mask 0x80, 2021-04-29, rev 0x00ec, size 93184 sig 0x000a0671, pf_mask 0x02, 2021-08-29, rev 0x0050, size 102400 * Removed Microcodes: sig 0x00080664, pf_mask 0x01, 2021-02-17, rev 0xb00000f, size 130048 sig 0x00080665, pf_mask 0x01, 2021-02-17, rev 0xb00000f, size 130048 * update .gitignore and debian/.gitignore. Add some missing items from .gitignore and debian/.gitignore. * ucode-blacklist: do not late-load 0x406e3 and 0x506e3. When the BIOS microcode is older than revision 0x7f (and perhaps in some other cases as well), the latest microcode updates for 0x406e3 and 0x506e3 must be applied using the early update method. Otherwise, the system might hang. Also: there must not be any other intermediate microcode update attempts [other than the one done by the BIOS itself], either. It must go from the BIOS microcode update directly to the latest microcode update. * source: update symlinks to reflect id of the latest release, 20220207 intel-microcode (3.20210608.2) unstable; urgency=high . * Correct INTEL-SA-00442 CVE id to CVE-2020-24489 in changelog and debian/changelog (3.20210608.1). ipython (5.8.0-1+deb10u1) buster-security; urgency=high . * Fixes CVE-2022-21699 (execution of config files from the current directory, which might allow cross-user attacks if ipython is run from a directory multiple users can write). Closes: #1004122 jbig2dec (0.16-1+deb10u1) buster; urgency=high . * Team upload (printing and LTS) * CVE-2020-12268 avoid overflow with extreme values of x,y,w,h in function jbig2_image_compose() jtharness (6.0-b15-1~deb10u1) buster; urgency=medium . * Rebuild for buster, needed for latest OpenJDK 11.x release - Switch to debhelper 12 jtharness (6.0-b13-1) unstable; urgency=medium . * Team upload. * New upstream release jtharness (6.0-b10-1) unstable; urgency=medium . * Team upload. * New upstream release - Refreshed the patches * Depend on libservlet-api-java instead of libservlet3.1-java * Removed the -doc package * Standards-Version updated to 4.5.0 * Switch to debhelper level 11 * Use salsa.debian.org Vcs-* URLs * Track and download the new releases from GitHub jtreg (5.1-b01-2~deb10u1) buster; urgency=medium . * Rebuild for buster, needed for latest OpenJDK 11.x release - Switch to debhelper 12 jtreg (5.1-b01-1) unstable; urgency=medium . * Team upload. * New upstream release - Refreshed the patches * Switch to debhelper level 12 jtreg (5.0-b01-2.1) unstable; urgency=medium . * Non-maintainer upload. * Provide jar symlinks in /usr/share/jtreg/share/java as well. Allows openjdk configuration --with-jtreg=/usr/share/jtreg with the same patchset for all release. * Provide additional jar symlinks for jh.jar and hamcrest-core.jar. jtreg (5.0-b01-2) unstable; urgency=medium . * Team upload. * Install jtreg under /usr/share/jtreg and use it as the default JT_HOME path jtreg (5.0-b01-1) unstable; urgency=medium . * Team upload. * New upstream release - Refreshed the patches - Depend on libjtharness-java (>= 6.0) * Standards-Version updated to 4.5.0 jtreg (4.2-b16-1) unstable; urgency=medium . * Team upload. * New upstream release - Refreshed the patches * Track the new releases from GitHub * Standards-Version updated to 4.4.1 lemonldap-ng (2.0.2+ds-7+deb10u7) buster; urgency=medium . * Add gsfonts in recommended dependencies (Closes: #982534) * Fix auth process in password-testing plugins (Closes: CVE-2021-20874) leptonlib (1.76.0-1+deb10u1) buster; urgency=medium . * Non-maintainer upload by the LTS Team. (Closes: #985089) * CVE-2020-36277 denial of service (application crash) via an incorrect left shift in pixConvert2To8 in pixconv.c * CVE-2020-36278 heap-based buffer over-read in findNextBorderPixel in ccbord.c * CVE-2020-36279 heap-based buffer over-read in rasteropGeneralLow, related to adaptmap_reg.c and adaptmap.c * CVE-2020-36280 heap-based buffer over-read in pixReadFromTiffStream, related to tiffio.c. * CVE-2020-36281 heap-based buffer over-read in pixFewColorsOctcubeQuantMixed in colorquant1.c libdatetime-timezone-perl (1:2.23-1+2022a) buster; urgency=medium . * Update to Olson database version 2022a. This update includes contemporary changes for Palestine. . libdatetime-timezone-perl (1:2.23-1+2021e) buster; urgency=medium . * Update to Olson database version 2021e. This update includes contemporary changes for Palestine. . libdatetime-timezone-perl (1:2.23-1+2021d) buster; urgency=medium . * Update to Olson database version 2021d. This update includes fixes for the zone links for Atlantic/Jan_Mayen and America/Virgin (2021c), and contemporary changes for Fiji (2021d). libdatetime-timezone-perl (1:2.23-1+2021e) buster; urgency=medium . * Update to Olson database version 2021e. This update includes contemporary changes for Palestine. . libdatetime-timezone-perl (1:2.23-1+2021d) buster; urgency=medium . * Update to Olson database version 2021d. This update includes fixes for the zone links for Atlantic/Jan_Mayen and America/Virgin (2021c), and contemporary changes for Fiji (2021d). libdatetime-timezone-perl (1:2.23-1+2021d) buster; urgency=medium . * Update to Olson database version 2021d. This update includes fixes for the zone links for Atlantic/Jan_Mayen and America/Virgin (2021c), and contemporary changes for Fiji (2021d). libencode-perl (3.00-1+deb10u1) buster; urgency=medium . * Fix memory leak. Add patch rt_139622_memory-leak.patch, taken from upstream releases 3.13, 3.14, 3.15 to fix a memory leak in Encode.xs. Cf. https://rt.cpan.org/Ticket/Display.html?id=139622 (Closes: #995804) libetpan (1.9.3-2+deb10u1) buster; urgency=medium . * Non-maintainer upload. * CVE-2020-15953: STARTTLS response injection that affects IMAP, SMTP, and POP3. (Closes: #966647) libextractor (1:1.8-2+deb10u1) buster; urgency=medium . * Non-maintainer upload. * CVE-2019-15531: Invalid read for malformed DVI files. (Closes: #935553) libjackson-json-java (1.9.13-2~deb10u1) buster; urgency=medium . * Non-maintainer upload. * Rebuild for buster. - Revert the debhelper compat bump. . libjackson-json-java (1.9.13-2) unstable; urgency=medium . * Team upload. * Add upstream fixes. - Serializing types for deeply nested Maps. - Set Secure Processing flag on DocumentBuilderFactory. - Set setExpandEntityReferences(false). (Fixes: CVE-2019-10172) - WriteRawValue surrogate pair fix. - Fix deserialization. - All known security fixes. (Fixes: CVE-2017-15095 and CVE-2017-7525) * Update Standards-Version to 4.5.0 * Use debhelper-compat. - Update compat level to 13. libmodbus (3.1.4-2+deb10u1) buster; urgency=high . * Non-maintainer upload by the LTS Team. * CVE-2019-14462 + CVE-2019-14463 out of bound reads for MODBUS_FC_WRITE_MULTIPLE_REGISTERS and MODBUS_FC_WRITE_MULTIPLE_COILS * add unit test for CVEs above libpcap (1.8.1-6+deb10u1) buster; urgency=medium . * Non-maintainer upload. * CVE-2019-15165: Improper PHB header length validation. (Closes: #941697) libphp-adodb (5.20.14-1+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * Prevent auth bypass with PostgreSQL connections (CVE-2021-3850) (Closes: #1004376) libsdl1.2 (1.2.15+dfsg2-6~deb10u1) buster; urgency=medium . * Non-maintainer upload. * Rebuild for buster. . libsdl1.2 (1.2.15+dfsg2-6) unstable; urgency=medium . * Team upload. . [ Debian Janitor ] * Trim trailing whitespace. * Re-export upstream signing key without extra signatures. . [ Maximilian Engelhardt ] * SDL_x11events.c: properly handle input focus events (Closes: #980253) . libsdl1.2 (1.2.15+dfsg2-5) unstable; urgency=medium . [ Abhijith PA ] * Fix CVE-2019-7572, CVE-2019-7573, CVE-2019-7574, CVE-2019-7575 CVE-2019-7576, CVE-2019-7577, CVE-2019-7578, CVE-2019-7635, CVE-2019-7636 CVE-2019-7637, CVE-2019-7638 (Closes: #924609) . [ Felix Geyer ] * Fix CVE-2019-13616 libsdl1.2 (1.2.15+dfsg2-5) unstable; urgency=medium . [ Abhijith PA ] * Fix CVE-2019-7572, CVE-2019-7573, CVE-2019-7574, CVE-2019-7575 CVE-2019-7576, CVE-2019-7577, CVE-2019-7578, CVE-2019-7635, CVE-2019-7636 CVE-2019-7637, CVE-2019-7638 (Closes: #924609) . [ Felix Geyer ] * Fix CVE-2019-13616 libxml-security-java (2.0.10-2+deb10u1) buster-security; urgency=high . * Team upload. * Fix CVE-2021-40690: Apache Santuario - XML Security for Java is vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element. libxml2 (2.9.4+dfsg1-7+deb10u3) buster; urgency=medium . * Non-maintainer upload. * Use-after-free of ID and IDREF attributes (CVE-2022-23308) (Closes: #1006489) libxstream-java (1.4.11.1-1+deb10u3) buster-security; urgency=high . * Team upload. * Enable the security whitelist by default to prevent RCE vulnerabilities. XStream no longer uses a blacklist because it cannot be secured for general purpose. lighttpd (1.4.53-4+deb10u2) buster-security; urgency=medium . [ Glenn Strauss ] * Fix CVE-2022-22707 32-bit lighttpd mod_extforward crash. linux (4.19.235-1) buster; urgency=medium . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.233 - mac80211_hwsim: report NOACK frames in tx_status - mac80211_hwsim: initialize ieee80211_tx_info at hw_scan_work - [arm*] i2c: bcm2835: Avoid clock stretching timeouts - [x86] ASoC: rt5682: do not block workqueue if card is unbound - Input: clear BTN_RIGHT/MIDDLE on buttonpads - cifs: fix double free race when mount fails in cifs_get_root() - net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990 - usb: gadget: don't release an existing dev->buf (CVE-2022-24958) - usb: gadget: clear related members when goto fail (CVE-2022-24958) - ata: pata_hpt37x: fix PCI clock detection - [x86] ALSA: intel_hdmi: Fix reference to PCM buffer address - ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min - xfrm: fix MTU regression - netfilter: fix use-after-free in __nf_register_net_hook() - xfrm: fix the if_id check in changelink - xfrm: enforce validity of offload input flags - netfilter: nf_queue: don't assume sk is full socket - netfilter: nf_queue: fix possible use-after-free - batman-adv: Request iflink once in batadv-on-batadv check - batman-adv: Request iflink once in batadv_get_real_netdevice - batman-adv: Don't expect inter-netns unique iflink indices - net: dcb: flush lingering app table entries for unregistered devices - net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error generated by client - net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error cause by server - block: Fix fsync always failed if once failed - PCI: pciehp: Fix infinite loop in IRQ handler upon power fault - xen/netfront: destroy queues before real_num_tx_queues is zeroed - mac80211: fix forwarded mesh frames AC & queue selection - [arm64,armhf] net: stmmac: fix return value of __setup handler - net: arcnet: com20020: Fix null-ptr-deref in com20020pci_probe() - efivars: Respect "block" flag in efivar_entry_set_safe() - can: gs_usb: change active_channels's type from atomic_t to u8 - [armel,armhf] 9182/1: mmu: fix returns from early_param() and __setup() functions - net: chelsio: cxgb3: check the return value of pci_find_capability() - nl80211: Handle nla_memdup failures in handle_nan_filter - Input: elan_i2c - move regulator_[en|dis]able() out of elan_[en|dis]able_power() - Input: elan_i2c - fix regulator enable count imbalance after suspend/resume - HID: add mapping for KEY_ALL_APPLICATIONS - memfd: fix F_SEAL_WRITE after shmem huge page allocated - tracing/histogram: Fix sorting on old "cpu" value - btrfs: add missing run of delayed items after unlink during log replay - net: dcb: disable softirqs in dcbnl_flush_dev() - hamradio: fix macro redefine warning https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.234 - [arm*] Provide a wrapper for SMCCC 1.1 calls - [arm64,armhf] smccc/psci: add arm_smccc_1_1_get_conduit() - [armhf] report Spectre v2 status through sysfs - [armel,armhf] early traps initialisation - [armel,armhf] use LOADADDR() to get load address of sections - [armel,armhf] Spectre-BHB workaround - [armel,armhf] include unprivileged BPF status in Spectre V2 reporting - [armel,armhf] fix build error when BPF_SYSCALL is disabled - [armel,armhf] fix co-processor register typo - [armel,armhf] Do not use NOCROSSREFS directive with ld.lld - [armhf] fix build warning in proc-v7-bugs.c - xen/xenbus: don't let xenbus_grant_ring() remove grants in error case (CVE-2022-23040, XSA-396) - xen/grant-table: add gnttab_try_end_foreign_access() (CVE-2022-23036, CVE-2022-23038, XSA-396) - xen/blkfront: don't use gnttab_query_foreign_access() for mapped status (CVE-2022-23036, XSA-396) - xen/netfront: don't use gnttab_query_foreign_access() for mapped status (CVE-2022-23037, XSA-396) - xen/scsifront: don't use gnttab_query_foreign_access() for mapped status (CVE-2022-23038, XSA-396) - xen/gntalloc: don't use gnttab_query_foreign_access() (CVE-2022-23039, XSA-396) - xen: remove gnttab_query_foreign_access() - xen/9p: use alloc/free_pages_exact() (CVE-2022-23041, XSA-396) - xen/pvcalls: use alloc/free_pages_exact() (CVE-2022-23041, XSA-396) - xen/gnttab: fix gnttab_end_foreign_access() without page specified (CVE-2022-23041, XSA-396) - xen/netfront: react properly to failing gnttab_end_foreign_access_ref() (CVE-2022-23042, XSA-396) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.235 - net: qlogic: check the return value of dma_alloc_coherent() in qed_vf_hw_prepare() - qed: return status of qed_iov_get_link - ax25: Fix NULL pointer dereference in ax25_kill_by_device - net/mlx5: Fix size field in bufferx_reg struct - NFC: port100: fix use-after-free in port100_send_complete - net: phy: DP83822: clear MISR2 register to disable interrupts - sctp: fix kernel-infoleak for SCTP sockets - net-sysfs: add check for netdevice being present to speed_show - Revert "xen-netback: remove 'hotplug-status' once it has served its purpose" - Revert "xen-netback: Check for hotplug-status existence before watching" - tracing: Ensure trace buffer is at least 4096 bytes large - [arm64] net: macb: Fix lost RX packet wakeup race in NAPI receive - virtio: unexport virtio_finalize_features - virtio: acknowledge all features before access - [armel,armhf] fix Thumb2 regression with Spectre BHB - ext4: add check to prevent attempting to resize an fs with sparse_super2 - btrfs: unlock newly allocated extent buffer after error (CVE-2021-4149) . [ Salvatore Bonaccorso ] * [rt] Add new signing key for Daniel Wagner * [rt] Update to 4.19.233-rt105 * Bump ABI to 20 * sctp: fix the processing for INIT chunk (CVE-2021-3772) * sctp: fix the processing for INIT_ACK chunk (CVE-2021-3772) linux (4.19.232-1) buster-security; urgency=high . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.209 - ocfs2: drop acl cache for directories too - [arm*] usb: dwc2: gadget: Fix ISOC transfer complete handling for DDMA - [armhf] usb: musb: tusb6010: uninitialized data in tusb_fifo_write_unaligned() - cifs: fix incorrect check for null pointer in header_assemble - [x86] xen/x86: fix PV trap handling on secondary processors - USB: serial: cp210x: add ID for GW Instek GDM-834x Digital Multimeter - USB: cdc-acm: fix minor-number release - Re-enable UAS for LaCie Rugged USB3-FW with fk quirk - USB: serial: mos7840: remove duplicated 0xac24 device ID - USB: serial: option: add Telit LN920 compositions - USB: serial: option: remove duplicate USB device ID - USB: serial: option: add device id for Foxconn T99W265 - [arm64] serial: mvebu-uart: fix driver's tx_empty callback - net: hso: fix muxed tty registration - bnxt_en: Fix TX timeout when TX ring size is set to the smallest - net/smc: add missing error check in smc_clc_prfx_set() - net/mlx4_en: Don't allow aRFS for encapsulated packets - scsi: iscsi: Adjust iface sysfs attr detection - [x86] tty: synclink_gt, drop unneeded forward declarations - [x86] tty: synclink_gt: rename a conflicting function name - thermal/core: Potential buffer overflow in thermal_build_list_of_policies() - [arm64,armhf] irqchip/gic-v3-its: Fix potential VPE leak on error - md: fix a lock order reversal in md_alloc - blktrace: Fix uaf in blk_trace access after removing by sysfs - [arm64,armhf] net: stmmac: allow CSR clock of 300MHz - xen/balloon: use a kernel thread instead a workqueue - nvme-multipath: fix ANA state updates when a namespace is not present - qnx4: avoid stringop-overread errors - [arm64] Mark __stack_chk_guard as __ro_after_init - net: 6pack: Fix tx timeout and slot time - [arm64] PCI: aardvark: Fix checking for PIO status - tcp: address problems caused by EDT misshaps - tcp: always set retrans_stamp on recovery - tcp: create a helper to model exponential backoff - tcp: adjust rto_base in retransmits_timed_out() - xen/balloon: fix balloon kthread freezing - tty: Fix out-of-bound vmalloc access in imageblit - cpufreq: schedutil: Use kobject release() method to free sugov_tunables - cpufreq: schedutil: Destroy mutex before kobject_put() frees the memory - mac80211: fix use-after-free in CCMP/GCMP RX - [x86] kvmclock: Move this_cpu_pvti into kvmclock.h - ipvs: check that ip_vs_conn_tab_bits is between 8 and 20 - mac80211: Fix ieee80211_amsdu_aggregate frag_tail bug - mac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap - sctp: break out if skb_header_pointer returns NULL in sctp_rcv_ootb - hwmon: (tmp421) Replace S_ with octal values - hwmon: (tmp421) report /PVLD condition as fault - hwmon: (tmp421) fix rounding for negative values - e100: fix length calculation in e100_get_regs_len - e100: fix buffer overrun in e100_get_regs - Revert "block, bfq: honor already-setup queue merges" - scsi: csiostor: Add module softdep on cxgb4 - af_unix: fix races in sk_peer_pid and sk_peer_cred accesses (CVE-2021-4203) - elf: don't use MAP_FIXED_NOREPLACE for elf interpreter mappings - ext4: fix potential infinite loop in ext4_dx_readdir() - net: udp: annotate data race around udp_sk(sk)->corkflag - [armel,armhf] 9077/1: PLT: Move struct plt_entries definition to header - [armel,armhf] 9078/1: Add warn suppress parameter to arm_gen_branch_link() - [armel,armhf] 9079/1: ftrace: Add MODULE_PLTS support - [armel,armhf] 9098/1: ftrace: MODULE_PLT: Fix build problem without DYNAMIC_FTRACE - [x86] crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd() (CVE-2021-3744, CVE-2021-3764) - HID: betop: fix slab-out-of-bounds Write in betop_probe - netfilter: ipset: Fix oversized kvmalloc() calls - HID: usbhid: free raw_report buffers in usbhid_stop - cred: allow get_cred() and put_cred() to be given NULL. https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.210 - net: mdio: introduce a shutdown method to mdio device drivers - xen-netback: correct success/error reporting for the SKB-with-fraglist case - scsi: sd: Free scsi_disk device via put_device() - [arm*] usb: dwc2: check return value after calling platform_get_resource() - scsi: ses: Retry failed Send/Receive Diagnostic commands - libata: Add ATA_HORKAGE_NO_NCQ_ON_ATI for Samsung 860 and 870 SSD. - lib/timerqueue: Rely on rbtree semantics for next timer (CVE-2021-20317) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.211 - USB: cdc-acm: fix racy tty buffer accesses - USB: cdc-acm: fix break reporting - xen/privcmd: fix error handling in mmap-resource processing - ovl: fix missing negative dentry check in ovl_rename() (CVE-2021-20321) - nfsd4: Handle the NFSv4 READDIR 'dircount' hint being zero - xen/balloon: fix cancelled balloon action - [armhf] dts: omap3430-sdp: Fix NAND device node - [mips,mipsel] bpf, mips: Validate conditional branch offsets (CVE-2021-38300) - [armel,armhf] bpf, arm: Fix register clobbering in div/mod implementation - bpf: Fix integer overflow in prealloc_elems_and_freelist() (CVE-2021-41864) - phy: mdio: fix memory leak - net_sched: fix NULL deref in fifo_set_limit() - [i386] ptp_pch: Load module automatically if ID matches - [armhf] imx6: disable the GIC CPU interface before calling stby-poweroff sequence - net: bridge: use nla_total_size_64bit() in br_get_linkxstats_size() - [arm64,armhf] net: sfp: Fix typo in state machine debug string - netlink: annotate data races around nlk->bound - drm/nouveau/debugfs: fix file release memory leak - rtnetlink: fix if_nlmsg_stats_size() under estimation - i40e: fix endless loop under rtnl - i40e: Fix freeing of uninitialized misc IRQ vector - i2c: acpi: fix resource leak in reconfiguration device addition https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.212 - [armhf] net: phy: bcm7xxx: Fixed indirect MMD operations - HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS - netfilter: ip6_tables: zero-initialize fragment offset - mac80211: Drop frames from invalid MAC address in ad-hoc mode - net: prevent user from passing illegal stab size - mac80211: check return value of rhashtable_init - scsi: ses: Fix unsigned comparison with less than zero - scsi: virtio_scsi: Fix spelling mistake "Unsupport" -> "Unsupported" - [x86] perf/x86: Reset destroy callback on event init failure - sched: Always inline is_percpu_thread() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.213 - ALSA: seq: Fix a potential UAF by wrong private_free call order - ALSA: hda/realtek: Complete partial device name to avoid ambiguity - ALSA: hda/realtek: Add quirk for Clevo X170KM-G - ALSA: hda/realtek - ALC236 headset MIC recording issue - [s390x] fix strrchr() implementation - btrfs: deal with errors when replaying dir entry during log replay - btrfs: deal with errors when adding inode reference during log replay - btrfs: check for error when looking up inode during dir entry replay - [x86] mei: me: add Ice Lake-N device id. - xhci: guard accesses to ep_state in xhci_endpoint_reset() - xhci: Fix command ring pointer corruption while aborting a command - xhci: Enable trust tx length quirk for Fresco FL11 USB controller - cb710: avoid NULL pointer subtraction - [arm64,x86] efi/cper: use stack buffer for error record decoding - efi: Change down_interruptible() in virt_efi_reset_system() to down_trylock() - [armhf] usb: musb: dsps: Fix the probe error path - Input: xpad - add support for another USB ID of Nacon GC-100 - USB: serial: qcserial: add EM9191 QDL support - USB: serial: option: add Quectel EC200S-CN module support - USB: serial: option: add Telit LE910Cx composition 0x1204 - USB: serial: option: add prod. id for Quectel EG91 - virtio: write back F_VERSION_1 before validate - nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells - sctp: account stream padding length for reconf chunk (CVE-2022-0322) - ethernet: s2io: fix setting mac address during resume - nfc: fix error handling of nfc_proto_register() - NFC: digital: fix possible memory leak in digital_tg_listen_mdaa() - NFC: digital: fix possible memory leak in digital_in_send_sdd_req() - [i386] pata_legacy: fix a couple uninitialized variable bugs - [arm64] drm/msm: Fix null pointer dereference on pointer edp - [arm64] drm/msm/dsi: Fix an error code in msm_dsi_modeset_init() - [arm64] drm/msm/dsi: fix off by one in dsi_bus_clk_enable error handling - [arm64] acpi/arm64: fix next_platform_timer() section mismatch error - mqprio: Correct stats in mqprio_dump_class_stats(). - qed: Fix missing error code in qed_slowpath_start() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.214 - NFSD: Keep existing listeners on portlist error - netfilter: ipvs: make global sysctl readonly in non-init netns - [arm64] net: hns3: add limit ets dwrr bandwidth cannot be 0 - [arm64] net: hns3: disable sriov before unload hclge layer - can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state notification - can: peak_pci: peak_pci_remove(): fix UAF - ocfs2: fix data corruption after conversion from inline format - ocfs2: mount fails with buffer overflow in strlen - vfs: check fd has read access in kernel_read_file_from_fd() (CVE-2022-0644) - ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset - ALSA: hda/realtek: Add quirk for Clevo PC50HS - ASoC: DAPM: Fix missing kctl change notifications - mm, slub: fix mismatch between reconstructed freelist depth and cnt - nfc: nci: fix the UAF of rf_conn_info object (CVE-2021-3760) - isdn: cpai: check ctr->cnr to avoid array index out of bound (CVE-2021-43389) - btrfs: deal with errors when checking if a dir entry exists during log replay - [arm64,armhf] net: stmmac: add support for dwmac 3.40a - isdn: mISDN: Fix sleeping function called from invalid context - ALSA: hda: avoid write to STATESTS if controller is in reset - scsi: core: Fix shost->cmd_per_lun calculation in scsi_add_host_with_dma() - net: mdiobus: Fix memory leak in __mdiobus_register - tracing: Have all levels of checks prevent recursion https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.215 - [armel,armhf] 9139/1: kprobes: fix arch_init_kprobes() prototype - [powerpc*] bpf: Fix BPF_MOD when imm == 1 - [arm64] Avoid premature usercopy failure - usbnet: sanity check for maxpacket - usbnet: fix error return code in usbnet_probe() - ata: sata_mv: Fix the error handling of mv_chip_id() - nfc: port100: fix using -ERRNO as command type mask - Revert "net: mdiobus: Fix memory leak in __mdiobus_register" - ipv4: use siphash instead of Jenkins in fnhe_hashfun() (CVE-2021-20322) - ipv6: use siphash in rt6_exception_hash() (CVE-2021-20322) - ipv6: make exception cache less predictible (CVE-2021-20322) - mmc: vub300: fix control-message timeouts - mmc: cqhci: clear HALT state after CQE enable - [armhf] mmc: dw_mmc: exynos: fix the finding clock sample value - mmc: sdhci: Map more voltage level to SDHCI_POWER_330 - [armhf] mmc: sdhci-esdhc-imx: clear the buffer_read_ready to reset standard tuning circuit - net: lan78xx: fix division by zero in send path - RDMA/mlx5: Set user priority for DCT - [arm64] dts: allwinner: h5: NanoPI Neo 2: Fix ethernet node - regmap: Fix possible double-free in regcache_rbtree_exit() - net: batman-adv: fix error handling - net: Prevent infinite while loop in skb_tx_hash() - net: ethernet: microchip: lan743x: Fix driver crash when lan743x_pm_resume fails - net: ethernet: microchip: lan743x: Fix dma allocation failure by using dma_set_mask_and_coherent - sctp: use init_tag from inithdr for ABORT chunk (CVE-2021-3772) - sctp: fix the processing for COOKIE_ECHO chunk (CVE-2021-3772) - sctp: add vtag check in sctp_sf_violation (CVE-2021-3772) - sctp: add vtag check in sctp_sf_do_8_5_1_E_sa (CVE-2021-3772) - sctp: add vtag check in sctp_sf_ootb (CVE-2021-3772) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.216 - scsi: core: Put LLD module refcnt after SCSI device is released - media: firewire: firedtv-avc: fix a buffer overflow in avc_ca_pmt() (CVE-2021-42739) - IB/qib: Use struct_size() helper - IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields - sfc: Fix reading non-legacy supported link modes - arch: pgtable: define MAX_POSSIBLE_PHYSMEM_BITS where needed - [armel,armhf] 9120/1: Revert "amba: make use of -1 IRQs warn" https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.217 - [x86] Revert "x86/kvm: fix vcpu-id indexed array sizes" - usb: ehci: handshake CMD_RUN instead of STS_HALT - [arm64,armhf] usb: musb: Balance list entry in musb_gadget_queue - usb-storage: Add compatibility quirk flags for iODD 2531/2541 - printk/console: Allow to disable console output by using console="" or console=null - isofs: Fix out of bound access for corrupted isofs image - [x86] comedi: dt9812: fix DMA buffers on stack - [x86] comedi: ni_usb6501: fix NULL-deref in command paths - [x86] comedi: vmk80xx: fix transfer-buffer overflows - [x86] comedi: vmk80xx: fix bulk-buffer overflow - [x86] comedi: vmk80xx: fix bulk and interrupt message timeouts - staging: r8712u: fix control-message timeout - [x86] staging: rtl8192u: fix control-message timeouts - rsi: fix control-message timeout https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.218 - xhci: Fix USB 3.1 enumeration issues by increasing roothub power-on-good delay - binder: use euid from cred instead of using task - binder: use cred instead of task for selinux checks - Input: elantench - fix misreporting trackpoint coordinates (Closes: #989285) - libata: fix read log timeout value - ocfs2: fix data corruption on truncate - [arm64,armhf] mmc: dw_mmc: Dont wait for DRTO on Write RSP error - tpm: Check for integer overflow in tpm2_map_response_body() - [x86] media: ite-cir: IR receiver stop working after receive overflow - media: ir-kbd-i2c: improve responsiveness of hauppauge zilog receivers (Closes: #994050) - ALSA: hda/realtek: Add quirk for Clevo PC70HS - ALSA: ua101: fix division by zero at probe - ALSA: 6fire: fix control and bulk message timeouts - ALSA: line6: fix control and interrupt message timeouts - ALSA: usb-audio: Add registration quirk for JBL Quantum 400 - ALSA: synth: missing check for possible NULL after the call to kstrdup - ALSA: timer: Fix use-after-free problem - ALSA: timer: Unconditionally unlink slave instances, too - [x86] irq: Ensure PI wakeup handler is unregistered before module unload - [arm64] cavium: Return negative value when pci_alloc_irq_vectors() fails - scsi: qla2xxx: Fix unmap of already freed sgl - [arm64] cavium: Fix return values of the probe function - sfc: Don't use netif_info before net_device setup - [x86] hyperv/vmbus: include linux/bitops.h - drm: panel-orientation-quirks: Add quirk for Aya Neo 2021 - bpf: Prevent increasing bpf_jit_limit above max - xen/netfront: stop tx queues during live migration - [armhf] spi: spl022: fix Microwire full duplex mode - [armhf] watchdog: Fix OMAP watchdog early handling - [x86] vmxnet3: do not stop tx queues after netif_device_detach() - btrfs: clear MISSING device status bit in btrfs_close_one_device - btrfs: fix lost error handling when replaying directory deletes - btrfs: call btrfs_check_rw_degradable only if there is a missing device - [armhf] regulator: s5m8767: do not use reset value as DVS voltage if GPIO DVS is disabled - [armhf] regulator: dt-bindings: samsung,s5m8767: correct s5m8767,pmic-buck-default-dvs-idx property - EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell - [x86] mwifiex: fix division by zero in fw download path - ath6kl: fix division by zero in send path - ath6kl: fix control-message timeout - ath10k: fix control-message timeout - ath10k: fix division by zero in send path - PCI: Mark Atheros QCA6174 to avoid bus reset - rtl8187: fix control-message timeouts - [arm64] wcn36xx: Fix HT40 capability for 2Ghz band - mwifiex: Read a PCI register after writing the TX ring write pointer - libata: fix checking of DMA state - [arm64] wcn36xx: handle connection loss indication - rsi: fix occasional initialisation failure with BT coex - rsi: fix key enabled check causing unwanted encryption for vap_id > 0 - rsi: fix rate mask set leading to P2P failure - rsi: Fix module dev_oper_mode parameter description - RDMA/qedr: Fix NULL deref for query_qp on the GSI QP - signal: Remove the bogus sigkill_pending in ptrace_stop - [mips*] signal/mips: Update (_save|_restore)_fp_context to fail with -EFAULT - [x86] power: supply: max17042_battery: Prevent int underflow in set_soc_threshold - [x86] power: supply: max17042_battery: use VFSOC for capacity when no rsns - serial: core: Fix initializing and restoring termios speed - ALSA: mixer: oss: Fix racy access to slots - ALSA: mixer: fix deadlock in snd_mixer_oss_set_volume - xen/balloon: add late_initcall_sync() for initial ballooning done - [arm64] PCI: aardvark: Do not clear status bits of masked interrupts - [arm64] PCI: aardvark: Do not unmask unused interrupts - [arm64] PCI: aardvark: Fix return value of MSI domain .alloc() method - [arm64] PCI: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG - quota: check block number when reading the block in quota file - quota: correct error number in free_dqentry() - pinctrl: core: fix possible memory leak in pinctrl_enable() - iio: dac: ad5446: Fix ad5622_write() return value - USB: serial: keyspan: fix memleak on probe errors - USB: iowarrior: fix control-message timeouts - drm: panel-orientation-quirks: Add quirk for KD Kurio Smart C15200 2-in-1 - Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg() (CVE-2021-3640) - Bluetooth: fix use-after-free error in lock_sock_nested() (CVE-2021-3752) - [x86] platform/x86: wmi: do not fail if disabling fails - locking/lockdep: Avoid RCU-induced noinstr fail - net: sched: update default qdisc visibility after Tx queue cnt changes - [x86] Increase exception stack sizes - mwifiex: Run SET_BSS_MODE when changing from P2P to STATION vif-type - mwifiex: Properly initialize private structure on interface type changes - media: netup_unidvb: handle interrupt properly according to the firmware - media: uvcvideo: Set capability in s_param - media: uvcvideo: Return -EIO for control errors - media: mceusb: return without resubmitting URB in case of -EPROTO error. - ACPICA: Avoid evaluating methods too early during system resume - media: usb: dvd-usb: fix uninit-value bug in dibusb_read_eeprom_byte() - tracefs: Have tracefs directories not set OTH permission bits by default - ath: dfs_pattern_detector: Fix possible null-pointer dereference in channel_detector_create() - [x86] ACPI: battery: Accept charges over the design capacity as full - memstick: r592: Fix a UAF bug when removing the driver - lib/xz: Avoid overlapping memcpy() with invalid input with in-place decompression - lib/xz: Validate the value before assigning it to an enum variable - workqueue: make sysfs of unbound kworker cpumask more clever - mwl8k: Fix use-after-free in mwl8k_fw_state_machine() - PM: hibernate: Get block device exclusively in swsusp_check() - iwlwifi: mvm: disable RX-diversity in powersave - gre/sit: Don't generate link-local addr if addr_gen_mode is IN6_ADDR_GEN_MODE_NONE - [x86] hyperv: Protect set_hv_tscchange_cb() against getting preempted - task_stack: Fix end_of_stack() for architectures with upwards-growing stack - Bluetooth: fix init and cleanup of sco_conn.timeout_work - cgroup: Make rebind_subsystems() disable v2 controllers all at once - drm/amdgpu: fix warning for overflow check - media: em28xx: add missing em28xx_close_extension - media: dvb-usb: fix ununit-value in az6027_rc_query - media: si470x: Avoid card name truncation - media: cx23885: Fix snd_card_free call on null card pointer - cpuidle: Fix kobject memory leaks in error paths - media: em28xx: Don't use ops->suspend if it is NULL - ath9k: Fix potential interrupt storm on queue reset - [x86] crypto: qat - detect PFVF collision after ACK - [x86] crypto: qat - disregard spurious PFVF interrupts - b43legacy: fix a lower bounds test - b43: fix a lower bounds test - [armhf] mmc: sdhci-omap: Fix NULL pointer exception if regulator is not configured - memstick: jmb38x_ms: use appropriate free function in jmb38x_ms_alloc_host() - hwmon: Fix possible memleak in __hwmon_device_register() - ath10k: fix max antenna gain unit - [arm64] drm/msm: uninitialized variable in msm_gem_import() - net: stream: don't purge sk_error_queue in sk_stream_kill_queues() - [x86] platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning - rsi: stop thread firstly in rsi_91x_init() error handling - mwifiex: Send DELBA requests according to spec - phy: micrel: ksz8041nl: do not use power down mode - nvme-rdma: fix error code in nvme_rdma_setup_ctrl - PM: hibernate: fix sparse warnings - [arm64] drm/msm: Fix potential NULL dereference in DPU SSPP - [s390x] gmap: don't unconditionally call pte_unmap_unlock() in __gmap_zap() - tcp: don't free a FIN sk_buff in tcp_remove_empty_skb() - [s390x] KVM: s390: Fix handle_sske page fault handling - libertas_tf: Fix possible memory leak in probe and disconnect - libertas: Fix possible memory leak in probe and disconnect - [arm64] wcn36xx: add proper DMA memory barriers in rx path - [amd64,arm64] net: amd-xgbe: Toggle PLL settings during rate change - [arm64,armhf] net: phylink: avoid mvneta warning when setting pause parameters - crypto: pcrypt - Delay write to padata->info - RDMA/rxe: Fix wrong port_cap_flags - scsi: dc395: Fix error case unwinding - JFS: fix memleak in jfs_mount - ALSA: hda: Reduce udelay() at SKL+ position reporting - [arm64,armhf] soc/tegra: Fix an error handling path in tegra_powergate_power_up() - serial: 8250_dw: Drop wrong use of ACPI_PTR() - scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn() - RDMA/mlx4: Return missed an error if device doesn't support steering - [arm64] phy: qcom-qusb2: Fix a memory leak on probe - [arm64] serial: xilinx_uartps: Fix race condition causing stuck TX - [mips*] cm: Convert to bitfield API to fix out-of-bounds access - apparmor: fix error check - rpmsg: Fix rpmsg_create_ept return when RPMSG config is not defined - pnfs/flexfiles: Fix misplaced barrier in nfs4_ff_layout_prepare_ds - drm/plane-helper: fix uninitialized variable reference - [arm64] PCI: aardvark: Don't spam about PIO Response Status - NFS: Fix deadlocks in nfs_scan_commit_list() - fs: orangefs: fix error return code of orangefs_revalidate_lookup() - [arm64] mtd: spi-nor: hisi-sfc: Remove excessive clk_disable_unprepare() - netfilter: nfnetlink_queue: fix OOB when mac header was cleared - dmaengine: dmaengine_desc_callback_valid(): Check for `callback_result` - [x86] watchdog: f71808e_wdt: fix inaccurate report in WDIOC_GETTIMEOUT - scsi: qla2xxx: Fix gnl list corruption - scsi: qla2xxx: Turn off target reset during issue_lip - xen-pciback: Fix return in pm_ctrl_init() - [armhf] net: davinci_emac: Fix interrupt pacing disable - bonding: Fix a use-after-free problem when bond_sysfs_slave_add() failed - mm/zsmalloc.c: close race window between zs_pool_dec_isolated() and zs_unregister_migration() - zram: off by one in read_block_state() - llc: fix out-of-bound array index in llc_sk_dev_hash() - nfc: pn533: Fix double free when pn533_fill_fragment_skbs() fails - [arm64] pgtable: make __pte_to_phys/__phys_to_pte_val inline functions - vsock: prevent unnecessary refcnt inc for nonblocking connect - cxgb4: fix eeprom len when diagnostics not implemented - [arm64,armhf] USB: chipidea: fix interrupt deadlock - [armel,armhf] 9155/1: fix early early_iounmap() - f2fs: should use GFP_NOFS for directory inodes - 9p/net: fix missing error check in p9_check_errors - [powerpc*] lib: Add helper to check if offset is within conditional branch range - [powerpc*] bpf: Validate branch ranges - [powerpc*] bpf: Fix BPF_SUB when imm == 0x80000000 - [powerpc*] security: Add a helper to query stf_barrier type - [powerpc*] bpf: Emit stf barrier instruction sequences for BPF_NOSPEC - mm, oom: pagefault_out_of_memory: don't force global OOM for dying tasks - mm, oom: do not trigger out_of_memory from the #PF - [armhf] backlight: gpio-backlight: Correct initial power state handling - video: backlight: Drop maximum brightness override for brightness zero - [s390x] cio: check the subchannel validity for dev_busid - [s390x] tape: fix timer initialization in tape_std_assign() - PCI: Add PCI_EXP_DEVCTL_PAYLOAD_* macros - fuse: truncate pagecache on atomic_o_trunc - [x86] cpu: Fix migration safety with X86_BUG_NULL_SEL - ext4: fix lazy initialization next schedule time computation in more granular unit - PCI/MSI: Destroy sysfs before freeing entries - PCI/MSI: Deal with devices lying about their MSI mask capability - PCI: Add MSI masking quirk for Nvidia ION AHCI - [arm64] zynqmp: Do not duplicate flash partition label property - [arm64] zynqmp: Fix serial compatible string - scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() - [armhf] usb: musb: tusb6010: check return value after calling platform_get_resource() - [x86] usb: typec: tipd: Remove WARN_ON in tps6598x_block_read - [x86] ASoC: nau8824: Add DMI quirk mechanism for active-high jack-detect - scsi: advansys: Fix kernel pointer leak - firmware_loader: fix pre-allocated buf built-in firmware use - tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc - scsi: target: Fix ordered tag handling - scsi: target: Fix alua_tg_pt_gps_count tracking - [i386] ALSA: gus: fix null pointer dereference on pointer block - f2fs: fix up f2fs_lookup tracepoints - sched/core: Mitigate race cpus_share_cache()/update_top_cache_domain() - drm/nouveau: hdmigv100.c: fix corrupted HDMI Vendor InfoFrame - iavf: check for null in iavf_fix_features - iavf: Fix for the false positive ASQ/ARQ errors while issuing VF reset - [x86] platform/x86: hp_accel: Fix an error handling path in 'lis3lv02d_probe()' - net: virtio_net_hdr_to_skb: count transport header in UFO - i40e: Fix correct max_pkt_size on VF RX queue - i40e: Fix NULL ptr dereference on VSI filter sync - i40e: Fix changing previously set num_queue_pairs for PFs - i40e: Fix display error code in dmesg - NFC: reorganize the functions in nci_request - [x86] perf/x86/intel/uncore: Fix filter_tid mask for CHA events on Skylake Server - [x86] perf/x86/intel/uncore: Fix IIO event constraints for Skylake Server - tun: fix bonding active backup with arp monitoring - ipc: WARN if trying to remove ipc object which is absent - [x86] hyperv: Fix NULL deref in set_hv_tscchange_cb() if Hyper-V setup fails - udf: Fix crash after seekdir - btrfs: fix memory ordering between normal and ordered work functions - cfg80211: call cfg80211_stop_ap when switch from P2P_GO type - drm/udl: fix control-message timeout - drm/amdgpu: fix set scaling mode Full/Full aspect/Center not works on vga and dvi connectors - perf/core: Avoid put_page() when GUP fails - batman-adv: mcast: fix duplicate mcast packets in BLA backbone from LAN - batman-adv: Consider fragmentation for needed_headroom - batman-adv: Reserve needed_*room for fragments - batman-adv: Don't always reallocate the fragmentation skb head - RDMA/netlink: Add __maybe_unused to static inline in C file - ASoC: DAPM: Cover regression by kctl change notification fix - [arm64,armhf] soc/tegra: pmc: Fix imbalanced clock disabling in error code path https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.219 - USB: serial: option: add Telit LE910S1 0x9200 composition - USB: serial: option: add Fibocom FM101-GL variants - [arm*] usb: dwc2: hcd_queue: Fix use of floating point literal - usb: hub: Fix usb enumeration issue due to address0 race - usb: hub: Fix locking issues with address0_mutex - [arm*] binder: fix test regression due to sender_euid change - ALSA: ctxfi: Fix out-of-range access - media: cec: copy sequence field for the reply - HID: wacom: Use "Confidence" flag to prevent reporting invalid contacts - [x86] staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() - fuse: fix page stealing - xen: don't continue xenstore initialization in case of errors - xen: detect uninitialized xenbus in xenbus_init - tracing: Fix pid filtering when triggers are attached - proc/vmcore: fix clearing user buffer by properly using clear_user() - [arm64] PCI: aardvark: Fix a leaked reference by adding missing of_node_put() - [arm64] PCI: aardvark: Wait for endpoint to be ready before training link - [arm64] PCI: aardvark: Train link immediately after enabling training - [arm64] PCI: aardvark: Improve link training - [arm64] PCI: aardvark: Issue PERST via GPIO - [arm64] PCI: aardvark: Replace custom macros by standard linux/pci_regs.h macros - [arm64] PCI: aardvark: Indicate error in 'val' when config read fails - [arm64] PCI: aardvark: Don't touch PCIe registers if no card connected - [arm64] PCI: aardvark: Fix compilation on s390 - [arm64] PCI: aardvark: Move PCIe reset card code to advk_pcie_train_link() - [arm64] PCI: aardvark: Update comment about disabling link training - [arm64] PCI: aardvark: Configure PCIe resources from 'ranges' DT property - [arm64] PCI: aardvark: Fix PCIe Max Payload Size setting - [arm64] PCI: aardvark: Fix link training - [arm64] PCI: aardvark: Fix checking for link up via LTSSM state - [arm64] pinctrl: armada-37xx: Correct mpp definitions - [arm64] pinctrl: armada-37xx: add missing pin: PCIe1 Wakeup - [arm64] pinctrl: armada-37xx: Correct PWM pins definitions - [arm64] dts: marvell: armada-37xx: Set pcie_reset_pin to gpio function - netfilter: ipvs: Fix reuse connection if RS weight is 0 - [x86] ASoC: topology: Add missing rwsem around snd_ctl_remove() calls - net: ieee802154: handle iftypes as u32 - NFSv42: Don't fail clone() unless the OP_CLONE operation failed - [armhf] socfpga: Fix crash with CONFIG_FORTIRY_SOURCE - scsi: mpt3sas: Fix kernel panic during drive powercycle test - [arm*] drm/vc4: fix error code in vc4_create_object() - ipv6: fix typos in __ip6_finish_output() - net/smc: Ensure the active closing peer first closes clcsock - PM: hibernate: use correct mode for swsusp_close() - tcp_cubic: fix spurious Hystart ACK train detections for not-cwnd-limited flows - net/smc: Don't call clcsock shutdown twice when smc shutdown - [arm64] net: hns3: fix VF RSS failed problem after PF enable multi-TCs - vhost/vsock: fix incorrect used length reported to the guest - tracing: Check pid filtering when creating events - [s390x] mm: validate VMA in PGSTE manipulation functions - hugetlbfs: flush TLBs correctly after huge_pmd_unshare (CVE-2021-4002) - NFC: add NCI_UNREG flag to eliminate the race - fuse: release pipe buf after last use - xen: sync include/xen/interface/io/ring.h with Xen's newest version - xen/blkfront: read response from backend only once - xen/blkfront: don't take local copy of a request from the ring page - xen/blkfront: don't trust the backend response data blindly - xen/netfront: read response from backend only once - xen/netfront: don't read data from request on the ring page - xen/netfront: disentangle tx_skb_freelist - xen/netfront: don't trust the backend response data blindly - tty: hvc: replace BUG_ON() with negative return value https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.220 - shm: extend forced shm destroy to support objects from several IPC nses - NFSv42: Fix pagecache invalidation after COPY/CLONE - gfs2: Fix length of holes reported at end-of-file - [amd64] atlantic: Fix OOB read and write in hw_atl_utils_fw_rpc_wait (CVE-2021-43975) - net: return correct error code - [x86] platform/x86: thinkpad_acpi: Fix WWAN device disabled issue after S3 deep - [s390x] setup: avoid using memblock_enforce_memory_limit - btrfs: check-integrity: fix a warning on write caching disabled disk - thermal: core: Reset previous low and high trip during thermal zone init - scsi: iscsi: Unblock session then wake up error handler - ata: ahci: Add Green Sardine vendor ID as board_ahci_mobile - [arm64] ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port() - vrf: Reset IPCB/IP6CB when processing outbound pkts in vrf dev xmit - kprobes: Limit max data_size of the kretprobe instances - ipmi: Move remove_work to dedicated workqueue - fs: add fget_many() and fput_many() - fget: check that the fd still exists after getting a ref to it (CVE-2021-4083) - net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings() - net: mpls: Fix notifications when deleting a device - siphash: use _unaligned version by default - net/mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources() - rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer() - net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of "0" if no IRQ is available - net: annotate data-races on txq->xmit_lock_owner - net/rds: correct socket tunable error in rds_tcp_tune() - net/smc: Keep smc_close_final rc during active close - [arm64] drm/msm: Do hw_init() before capturing GPU state - vgacon: Propagate console boot parameters before calling `vc_resize' - xhci: Fix commad ring abort, write all 64 bits to CRCR register. - USB: NO_LPM quirk Lenovo Powered USB-C Travel Hub - [x86] usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect - [amd64] mm: Map all kernel memory into trampoline_pgd - [arm64] tty: serial: msm_serial: Deactivate RX DMA for polling support - [arm64] serial: pl011: Add ACPI SBSA UART match id - serial: core: fix transmit-buffer reset and memleak - ipmi: msghandler: Make symbol 'remove_work_wq' static https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.221 - HID: add hid_is_usb() function to make it simpler for USB detection - HID: wacom: fix problems when device is not a valid USB device - HID: check for valid USB device for many HID drivers - can: kvaser_usb: get CAN clock frequency from device - [x86] can: sja1000: fix use after free in ems_pcmcia_add_card() - net: core: netlink: add helper refcount dec and lock function - net: sched: rename qdisc_destroy() to qdisc_put() - net: sched: extend Qdisc with rcu - net: sched: add helper function to take reference to Qdisc - net: sched: use Qdisc rcu API instead of relying on rtnl lock - nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done - bpf: Fix the off-by-two error in range markings - ice: ignore dropped packets during init - bonding: make tx_rebalance_counter an atomic - nfp: Fix memory leak in nfp_cpp_area_cache_add() - seg6: fix the iif in the IPv6 socket control block - udp: using datalen to cap max gso segments - [amd64] IB/hfi1: Correct guard on eager buffer deallocation - mm: bdi: initialize bdi_min_ratio when bdi is unregistered - ALSA: ctl: Fix copy of updated id with element read/write - ALSA: pcm: oss: Fix negative period/buffer sizes - ALSA: pcm: oss: Limit the period size to 16MB - ALSA: pcm: oss: Handle missing errors in snd_pcm_oss_change_params*() - tracefs: Have new files inherit the ownership of their parent - [arm64] clk: qcom: regmap-mux: fix parent clock lookup - [i386] can: pch_can: pch_can_rx_normal: fix use after free - libata: add horkage for ASMedia 1092 - wait: add wake_up_pollfree() - binder: use wake_up_pollfree() - signalfd: use wake_up_pollfree() - aio: keep poll requests on waitqueue until completed - aio: fix use-after-free due to missing POLLFREE handling - tracefs: Set all files to the same group ownership as the mount option - block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2) - qede: validate non LSO skb length - i40e: Fix pre-set max number of queues for VF - net: cdc_ncm: Allow for dwNtbOutMaxSize to be unset or zero - [armhf] net: fec: only clear interrupt of handling queue in fec_enet_rx_queue() - net, neigh: clear whole pneigh_entry at alloc time - net/qla3xxx: fix an error code in ql_adapter_up() - USB: gadget: detect too-big endpoint 0 requests (CVE-2021-39685) - USB: gadget: zero allocate endpoint 0 buffers (CVE-2021-39685) - usb: core: config: fix validation of wMaxPacketValue entries - xhci: Remove CONFIG_USB_DEFAULT_PERSIST to prevent xHCI from runtime suspending - usb: core: config: using bit mask instead of individual bits - xhci: avoid race between disable slot command and host runtime suspend - iio: trigger: Fix reference counting - [armhf] iio: mma8452: Fix trigger reference couting - [arm64,armhf] iio: adc: axp20x_adc: fix charging current reporting on AXP22x - [x86] iio: accel: kxcjk-1013: Fix possible memory leak in probe and remove - [armhf] irqchip/armada-370-xp: Fix return value of armada_370_xp_msi_alloc() - [armhf] irqchip/armada-370-xp: Fix support for Multi-MSI interrupts - [arm64,armhf] irqchip/irq-gic-v3-its.c: Force synchronisation when issuing INVALL - net_sched: fix a crash in tc_new_tfilter() - net: sched: make function qdisc_free_cb() static https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.222 - stable: clamp SUBLEVEL in 4.19 - nfc: fix segfault in nfc_genl_dump_devices_done - [arm64] drm/msm/dsi: set default num_data_lanes - net/mlx4_en: Update reported link modes for 1/10G - [arm64,armhf] i2c: rk3x: Handle a spurious start completion interrupt flag - net: netlink: af_netlink: Prevent empty skb by adding a check on len. - tracing: Fix a kmemleak false positive in tracing_map - [x86] hwmon: (dell-smm) Fix warning on /proc/i8k creation error - mac80211: send ADDBA requests using the tid/queue of the aggregation session - dm btree remove: fix use after free in rebalance_children() - audit: improve robustness of the audit queue handling - nfsd: fix use-after-free due to delegation race (Closes: #988044) - [x86] sme: Explicitly map new EFI memmap table as encrypted - mac80211: track only QoS data frames for admission control - [armhf] socfpga: dts: fix qspi node compatible - sch_cake: do not call cake_destroy() from cake_init() - rds: memory leak in __rds_conn_create() (CVE-2021-45480) - [arm64,armhf] soc/tegra: fuse: Fix bitwise vs. logical OR warning - igb: Fix removal of unicast MAC filters of VFs - igbvf: fix double free in `igbvf_probe` - ixgbe: set X550 MDIO speed before talking to PHY - netdevsim: Zero-initialize memory for new map's value in function nsim_bpf_map_alloc (CVE-2021-4135) - net/packet: rx_owner_map depends on pg_vec (CVE-2021-22600) - sit: do not call ipip6_dev_free() from sit_init_net() - USB: gadget: bRequestType is a bitfield, not a enum - USB: NO_LPM quirk Lenovo USB-C to Ethernet Adapher(RTL8153-04) - PCI/MSI: Clear PCI_MSIX_FLAGS_MASKALL on error - PCI/MSI: Mask MSI-X vectors only on success - USB: serial: cp210x: fix CP2105 GPIO registration - USB: serial: option: add Telit FN990 compositions - timekeeping: Really make sure wall_to_monotonic isn't positive - libata: if T_LENGTH is zero, dma direction should be DMA_NONE - drm/amdgpu: correct register access for RLC_JUMP_TABLE_RESTORE - mac80211: validate extended element ID is present - [armel] 8805/2: remove unneeded naked function usage - mwifiex: Remove unnecessary braces from HostCmd_SET_SEQ_NO_BSS_INFO - Input: touchscreen - avoid bitwise vs logical OR warning - media: mxl111sf: change mutex_init() location - fuse: annotate lock in fuse_reverse_inval_entry() - ovl: fix warning in ovl_create_real() - scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select() - xen/blkfront: harden blkfront against event channel storms (CVE-2021-28711) - xen/netfront: harden netfront against event channel storms (CVE-2021-28712) - xen/console: harden hvc_xen against event channel storms (CVE-2021-28713) - xen/netback: fix rx queue stall detection (CVE-2021-28714) - xen/netback: don't queue unlimited number of packages (CVE-2021-28715) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.223 - net: usb: lan78xx: add Allied Telesis AT29M2-AF - block, bfq: improve asymmetric scenarios detection - block, bfq: fix asymmetric scenarios detection - block, bfq: fix decrement of num_active_groups - block, bfq: fix queue removal from weights tree - block, bfq: fix use after free in bfq_bfqq_expire - HID: holtek: fix mouse probing - [arm64] dts: allwinner: orangepi-zero-plus: fix PHY mode - [arm64] spi: change clk_disable_unprepare to clk_unprepare - IB/qib: Fix memory leak in qib_user_sdma_queue_pkts() - netfilter: fix regression in looped (broad|multi)cast's MAC handling - qlcnic: potential dereference null pointer of rx_queue->page_ring - net: accept UFOv6 packages in virtio_net_hdr_to_skb - net: skip virtio_net_hdr_set_proto if protocol already set - ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module - bonding: fix ad_actor_system option setting to default - [amd64] fjes: Check for error irq - [armhf] drivers: net: smc911x: Check for error irq - sfc: falcon: Check null pointer of rx_queue->page_ring - hwmon: (lm90) Fix usage of CONFIG2 register in detect function - ALSA: jack: Check the return value of kstrdup() - ALSA: drivers: opl3: Fix incorrect use of vp->state - Input: atmel_mxt_ts - fix double free in mxt_read_info_block - ipmi: bail out if init_srcu_struct fails - ipmi: fix initialization when workqueue allocation fails - [x86] pkey: Fix undefined behaviour with PKRU_WD_BIT - [armel,armhf] 9169/1: entry: fix Thumb2 bug in iWMMXt exception handling - f2fs: fix to do sanity check on last xattr entry in __f2fs_setxattr() (CVE-2021-45469) - usb: gadget: u_ether: fix race in setting MAC address in setup phase - [x86] KVM: VMX: Fix stale docs for kvm-intel.emulate_invalid_guest_state - hwmon: (lm90) Do not report 'busy' status bit as alarm - ax25: NPD bug when detaching AX25 device - hamradio: defer ax25 kfree after unregister_netdev - hamradio: improve the incomplete fix to avoid NPD - phonet/pep: refuse to enable an unbound pipe https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.224 - [arm64] tee: handle lookup of shm with reference count 0 (CVE-2021-44733) - Input: i8042 - add deferred probe support - [x86] Input: i8042 - enable deferred probe quirk for ASUS UM325UA - [x86] platform/x86: apple-gmux: use resource_size() with res - selinux: initialize proto variable in selinux_ip_postroute_compat() - scsi: lpfc: Terminate string in lpfc_debugfs_nvmeio_trc_write() - udp: using datalen to cap ipv6 udp max gso segments - sctp: use call_rcu to free endpoint - net: usb: pegasus: Do not drop long Ethernet frames - net/mlx5e: Fix wrong features assignment in case of error - i2c: validate user data in compat ioctl - nfc: uapi: use kernel size_t to fix user-space builds - uapi: fix linux/nfc.h userspace compilation errors - xhci: Fresco FL1100 controller should not have BROKEN_MSI quirk set. - usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear. - [arm*] binder: fix async_free_space accounting for empty parcels - [x86] scsi: vmw_pvscsi: Set residual data length conditionally - Input: appletouch - initialize work before device registration - Input: spaceball - fix parsing of movement data packets - net: fix use-after-free in tw_timer_handler https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.225 - tracing: Fix check for trace_percpu_buffer validity in get_trace_buf() - tracing: Tag trace_percpu_buffer as a percpu pointer - ieee802154: atusb: fix uninit value in atusb_set_extended_addr - RDMA/core: Don't infoleak GRH fields - mac80211: initialize variable have_higher_than_11mbit - i40e: fix use-after-free in i40e_sync_filters_subtask() - i40e: Fix incorrect netdev's real number of RX/TX queues - ipv6: Check attribute length for RTA_GATEWAY in multipath route - ipv6: Check attribute length for RTA_GATEWAY when deleting multipath route - sch_qfq: prevent shift-out-of-bounds in qfq_init_qdisc - xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate (CVE-2021-4155) - rndis_host: support Hytera digital radios - phonet: refcount leak in pep_sock_accep (CVE-2021-45095) - ipv6: Continue processing multipath route even if gateway attribute is invalid - ipv6: Do cleanup if attribute validation fails in multipath route - scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown() - ip6_vti: initialize __ip6_tnl_parm struct in vti6_siocdevprivate - net: udp: fix alignment problem in udp4_seq_show() - mISDN: change function names to avoid conflicts https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.226 - Bluetooth: bfusb: fix division by zero in send path - USB: core: Fix bug in resuming hub's handling of wakeup requests - USB: Fix "slab-out-of-bounds Write" bug in usb_hcd_poll_rh_status - can: bcm: switch timer to HRTIMER_MODE_SOFT and remove hrtimer_tasklet - veth: Do not record rx queue hint in veth_xmit - [x86] mfd: intel-lpss: Fix too early PM enablement in the ACPI ->probe() - can: gs_usb: fix use of uninitialized variable, detach device on reception of invalid USB data - can: gs_usb: gs_can_start_xmit(): zero-initialize hf->{flags,reserved} - random: fix data race on crng_node_pool - random: fix data race on crng init time - [x86] drm/i915: Avoid bitwise vs logical OR warning in snb_wm_latency_quirk() - kbuild: Add $(KBUILD_HOSTLDFLAGS) to 'has_libelf' test - orangefs: Fix the size of a memory allocation in orangefs_bufmap_alloc() - [s390x] KVM: s390: Clarify SIGP orders versus STOP/RESTART - media: uvcvideo: fix division by zero at stream start - rtlwifi: rtl8192cu: Fix WARNING when calling local_irq_restore() with interrupts enabled - firmware: qemu_fw_cfg: fix sysfs information leak - firmware: qemu_fw_cfg: fix NULL-pointer deref on duplicate entries - firmware: qemu_fw_cfg: fix kobject leak in probe error path - ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Master after reboot from Windows - HID: uhid: Fix worker destroying device without any protection - HID: wacom: Reset expected and received contact counts at the same time - HID: wacom: Ignore the confidence flag when a touch is removed - HID: wacom: Avoid using stale array indicies to read contact count - f2fs: fix to do sanity check in is_alive() - nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind() - [armhf] mtd: rawnand: gpmi: Remove explicit default gpmi clock setting for i.MX6 - [x86] gpu: Reserve stolen memory for first integrated Intel GPU - rtc: cmos: take rtc_lock while reading from CMOS - media: flexcop-usb: fix control-message timeouts - media: mceusb: fix control-message timeouts - media: em28xx: fix control-message timeouts - media: cpia2: fix control-message timeouts - media: s2255: fix control-message timeouts - media: dib0700: fix undefined behavior in tuner shutdown - media: redrat3: fix control-message timeouts - media: pvrusb2: fix control-message timeouts - media: stk1160: fix control-message timeouts - [x86] can: softing_cs: softingcs_probe(): fix memleak on registration failure - PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller - shmem: fix a race between shmem_unused_huge_shrink and shmem_evict_inode - Bluetooth: cmtp: fix possible panic when cmtp_init_sockets() fails - [arm*] clk: bcm-2835: Pick the closest clock rate - [arm*] clk: bcm-2835: Remove rounding up the dividers - [arm64] wcn36xx: Indicate beacon not connection loss on MISSED_BEACON_IND - [arm64] wcn36xx: Release DMA channel descriptor allocations - media: videobuf2: Fix the size printk format - media: em28xx: fix memory leak in em28xx_init_dev - Bluetooth: stop proccessing malicious adv data - [arm64] tee: fix put order in teedev_close_context() - media: dmxdev: fix UAF when dvb_register_device() fails - [arm64] crypto: qce - fix uaf on qce_ahash_register_one - netfilter: bridge: add support for pppoe filtering - drm/amdgpu: Fix a NULL pointer dereference in amdgpu_connector_lcd_native_mode() - drm/radeon/radeon_kms: Fix a NULL pointer dereference in radeon_driver_open_kms() - [arm*] serial: amba-pl011: do not request memory region twice - floppy: Fix hang in watchdog when disk is ejected - media: dib8000: Fix a memleak in dib8000_init() - media: saa7146: mxb: Fix a NULL pointer dereference in mxb_attach() - media: si2157: Fix "warm" tuner state detection - sched/rt: Try to restart rt period timer when rt runtime exceeded - xfrm: fix a small bug in xfrm_sa_len() - media: dw2102: Fix use after free - media: msi001: fix possible null-ptr-deref in msi001_probe() - [arm64] drm/msm/dpu: fix safe status debugfs file - xfrm: interface with if_id 0 should return error - xfrm: state and policy should fail if XFRMA_IF_ID 0 - usb: ftdi-elan: fix memory leak on device disconnect - [armhf] mmc: meson-mx-sdio: add IRQ check - [x86] mce/inject: Avoid out-of-bounds write when setting flags - [x86] pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in __nonstatic_find_io_region() - [x86] pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in nonstatic_find_mem_region() - netfilter: ipt_CLUSTERIP: fix refcount leak in clusterip_tg_check() - ppp: ensure minimum packet size in ppp_write() - Bluetooth: hci_bcm: Check for error irq - [arm64,armhf] spi: spi-meson-spifc: Add missing pm_runtime_disable() in meson_spifc_probe - tpm: add request_locality before write TPM_INT_ENABLE - can: softing: softing_startstop(): fix set but not used variable warning - pcmcia: fix setting of kthread task states - net: mcs7830: handle usb read errors properly - ext4: avoid trim error on fs with small groups - ALSA: jack: Add missing rwsem around snd_ctl_remove() calls - ALSA: PCM: Add missing rwsem around snd_ctl_remove() calls - ALSA: hda: Add missing rwsem around snd_ctl_remove() calls - [arm64] RDMA/hns: Validate the pkey index - [powerpc*] prom_init: Fix improper check of prom_getprop() - ALSA: oss: fix compile error when OSS_DEBUG is enabled - [arm64,armhf] iommu/io-pgtable-arm: Fix table descriptor paddr formatting - scsi: ufs: Fix race conditions related to driver data - RDMA/core: Let ib_find_gid() continue search even after empty entry - [x86] ASoC: rt5663: Handle device_property_read_u32_array error codes - [arm*] iommu/iova: Fix race between FQ timeout and teardown - RDMA/cxgb4: Set queue pair state when being queried - Bluetooth: Fix debugfs entry leak in hci_register_dev() - fs: dlm: filter user dlm messages for kernel locks - ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START reply - drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR - usb: gadget: f_fs: Use stream_open() for endpoint files - HID: apple: Do not reset quirks when the Fn key is not found - media: b2c2: Add missing check in flexcop_pci_isr: - gpiolib: acpi: Do not set the IRQ type if the IRQ is already in use - [armhf] HSI: core: Fix return freed object in hsi_new_client - [x86] mwifiex: Fix skb_over_panic in mwifiex_usb_recv() (CVE-2021-43976) - rsi: Fix out-of-bounds read in rsi_read_pkt() - floppy: Add max size check for user space request - media: saa7146: hexium_orion: Fix a NULL pointer dereference in hexium_attach() - media: m920x: don't use stack on USB reads - iwlwifi: mvm: synchronize with FW after multicast commands - ath10k: Fix tx hanging - net-sysfs: update the queue counts in the unregistration path - [x86] mce: Mark mce_panic() noinstr - [x86] mce: Mark mce_end() noinstr - [x86] mce: Mark mce_read_aux() noinstr - net: bonding: debug: avoid printing debug logs when bond is not notifying peers - bpf: Do not WARN in bpf_warn_invalid_xdp_action() - HID: quirks: Allow inverting the absolute X/Y values - media: igorplugusb: receiver overflow should be reported - media: saa7146: hexium_gemini: Fix a NULL pointer dereference in hexium_attach() - mmc: core: Fixup storing of OCR for MMC_QUIRK_NONSTD_SDIO - audit: ensure userspace is penalized the same as the kernel when under pressure - usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0 - ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream - iwlwifi: fix leaks/bad data after failed firmware load - iwlwifi: remove module loading failure message - iwlwifi: mvm: Fix calculation of frame length - jffs2: GC deadlock reading a page that is used in jffs2_write_begin() - ACPICA: actypes.h: Expand the ACPI_ACCESS_ definitions - ACPICA: Utilities: Avoid deleting the same object twice in a row - ACPICA: Executer: Fix the REFCLASS_REFOF case in acpi_ex_opcode_1A_0T_1R() - ACPICA: Hardware: Do not flush CPU cache when entering S4 and S5 - drm/amdgpu: fixup bad vram size on gmc v8 - [x86] ACPI: battery: Add the ThinkPad "Not Charging" quirk - btrfs: remove BUG_ON() in find_parent_nodes() - btrfs: remove BUG_ON(!eie) in find_parent_nodes - net: mdio: Demote probed message to debug print - mac80211: allow non-standard VHT MCS-10/11 - dm btree: add a defensive bounds check to insert_at() - dm space map common: add bounds check to sm_ll_lookup_bitmap() - net: phy: marvell: configure RGMII delays for 88E1118 - [arm64] regulator: qcom_smd: Align probe function with rpmh-regulator - [arm64,armhf] serial: pl010: Drop CR register reset on set_termios - serial: core: Keep mctrl register state and cached copy in sync - [powerpc*] powernv: add missing of_node_put - [powerpc*] btext: add missing of_node_put - [powerpc*] watchdog: Fix missed watchdog reset due to memory ordering race - [x86] i2c: i801: Don't silently correct invalid transfer size - [powerpc*] smp: Move setup_profiling_timer() under CONFIG_PROFILING - [powerpc*] i2c: mpc: Correct I2C reset procedure - w1: Misuse of get_user()/put_user() reported by sparse - ALSA: seq: Set upper limit of processed events - [powerpc*] handle kdump appropriately with crash_kexec_post_notifiers option - [mips*] OCTEON: add put_device() after of_find_device_by_node() - [x86] i2c: designware-pci: Fix to change data types of hcnt and lcnt parameters - scsi: sr: Don't use GFP_DMA - [arm64] rpmsg: core: Clean up resources on announce_create failure. - ubifs: Error path in ubifs_remount_rw() seems to wrongly free write buffers - serial: Fix incorrect rs485 polarity on uart open - cputime, cpuacct: Include guest time in user time in cpuacct.stat - iwlwifi: mvm: Increase the scan timeout guard to 30 seconds - [s390x] mm: fix 2KB pgtable release race - [armhf] drm/etnaviv: limit submit sizes - ext4: make sure to reset inode lockdep class when quota enabling fails - ext4: make sure quota gets properly shutdown on error - ext4: set csum seed in tmp inode while migrating to extents - ext4: Fix BUG_ON in ext4_bread when write quota data - ext4: don't use the orphan list when migrating an inode - ASoC: dpcm: prevent snd_soc_dpcm use after free - regulator: core: Let boot-on regulators be powered off - drm/radeon: fix error handling in radeon_driver_open_kms - [arm64] RDMA/hns: Modify the mapping attribute of doorbell to device - RDMA/rxe: Fix a typo in opcode name - af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress - netns: add schedule point in ops_exit_list() - libcxgb: Don't accidentally set RTO_ONLINK in cxgb_find_route() - net_sched: restore "mpu xxx" handling - [mips*,s390x] gup: Work around the "COW can break either way" issue (CVE-2020-29374) - fuse: fix bad inode (CVE-2020-36322) - fuse: fix live lock in fuse_iget() (CVE-2021-28950) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.227 - [x86] drm/i915: Flush TLBs before releasing backing store (CVE-2022-0330) - net: bridge: clear bridge's private skb space on xmit - select: Fix indefinitely sleeping task in poll_schedule_timeout() - [x86] drm/vmwgfx: Fix stale file descriptors on failed usercopy (CVE-2022-22942) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.228 - Bluetooth: refactor malicious adv data check - [s390x] hypfs: include z/VM guests with access control group set - [s390x] scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices - udf: Restore i_lenAlloc when inode expansion fails (CVE-2022-0617) - udf: Fix NULL ptr deref when converting from inline format (CVE-2022-0617) - [armhf] drm/etnaviv: relax submit size limits - netfilter: nft_payload: do not update layer 4 checksum when mangling fragments - serial: 8250: of: Fix mapped region size when using reg-offset property - tty: n_gsm: fix SW flow control encoding/handling - tty: Add support for Brainboxes UC cards. - usb-storage: Add unusual-devs entry for VL817 USB-SATA bridge - [arm64,armhf] usb: common: ulpi: Fix crash in ulpi_match() - usb: gadget: f_sourcesink: Fix isoc transfer for USB_SPEED_SUPER_PLUS - USB: core: Fix hang in usb_kill_urb by adding memory barriers - [x86] usb: typec: tcpm: Do not disconnect while receiving VBUS off - [arm64,armhf] net: sfp: ignore disabled SFP node - i40e: Increase delay to 1 s after global EMP reset - i40e: Fix issue when maximum queues is exceeded - i40e: Fix queues reservation for XDP - i40e: fix unsigned stat widths - scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put() - ipv6_tunnel: Rate limit warning messages - net: fix information leakage in /proc/net/ptype - ping: fix the sk_bound_dev_if match in ping_lookup - ipv4: avoid using shared IP generator for connected sockets - hwmon: (lm90) Reduce maximum conversion rate for G781 - NFSv4: Handle case where the lookup of a directory fails (CVE-2022-24448) - NFSv4: nfs_atomic_open() can race when looking up a non-regular file - net-procfs: show net devices bound packet types - [arm64] drm/msm: Fix wrong size calculation - [arm64] drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable - ipv6: annotate accesses to fn->fn_sernum - NFS: Ensure the server has an up to date ctime before hardlinking - NFS: Ensure the server has an up to date ctime before renaming - phylib: fix potential use-after-free - yam: fix a memory leak in yam_siocdevprivate() (CVE-2022-24959) - ipv4: raw: lock the socket in raw_bind() - ipv4: tcp: send zero IPID in SYNACK messages - netfilter: nat: remove l4 protocol port rovers - netfilter: nat: limit port clash resolution attempts - tcp: fix possible socket leaks in internal pacing mode - ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback - [amd64,arm64] net: amd-xgbe: ensure to reset the tx_timer_active flag - [amd64,arm64] net: amd-xgbe: Fix skb data length underflow - rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink() - af_packet: fix data-race in packet_setsockopt / packet_setsockopt - audit: improve audit queue handling when "audit=1" on cmdline - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw() - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx() - ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx() - ALSA: hda/realtek: Add missing fixup-model entry for Gigabyte X570 ALC1220 quirks - ALSA: hda/realtek: Fix silent output on Gigabyte X570S Aorus Master (newer chipset) - ALSA: hda/realtek: Fix silent output on Gigabyte X570 Aorus Xtreme after reboot from Windows - drm/nouveau: fix off by one in BIOS boundary checking - block: bio-integrity: Advance seed correctly for larger interval sizes - RDMA/mlx4: Don't continue event handler after memory allocation failure - [amd64] iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping() - [amd64] iommu/amd: Fix loop timeout issue in iommu_ga_log_enable() - [armhf] spi: meson-spicc: add IRQ check in meson_spicc_probe - net: ieee802154: hwsim: Ensure proper channel selection at probe time - net: ieee802154: Return meaningful error codes from the netlink helpers - net: macsec: Verify that send_sci is on when setting Tx sci explicitly - [arm64,armhf] net: stmmac: ensure PTP time register reads are consistent - [x86] drm/i915/overlay: Prevent divide by zero bugs in scaling - scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe - nfsd: nfsd4_setclientid_confirm mistakenly expires confirmed client. - rtc: cmos: Evaluate century appropriate - [arm64] EDAC/xgene: Fix deferred probing - ext4: fix error handling in ext4_restore_inline_data() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.229 - cgroup-v1: Require capabilities to set release_agent (CVE-2022-0492) - moxart: fix potential use-after-free on remove path (CVE-2022-0487) - tipc: improve size validations for received domain records (CVE-2022-0435) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.230 - integrity: check the return value of audit_log_start() - net: phy: marvell: Fix MDI-x polarity setting in 88e1118-compatible PHYs - NFS: Fix initialisation of nfs_client cl_flags field - NFSD: Clamp WRITE offsets - NFSD: Fix offset type in I/O trace points - NFSv4 only print the label when its queried - nfs: nfs4clinet: check the return value of kstrdup() - NFSv4.1: Fix uninitialised variable in devicenotify - NFSv4 remove zero number of fs_locations entries error check - NFSv4 expose nfs_parse_server_name function - net: sched: Clarify error message when qdisc kind is unknown - scsi: target: iscsi: Make sure the np under each tpg is unique - [arm*] usb: dwc2: gadget: don't try to disable ep0 in dwc2_hsotg_suspend - [arm64,armhf] net: stmmac: dwmac-sun8i: use return val of readl_poll_timeout() - bpf: Add kconfig knob for disabling unpriv bpf by default - net: bridge: fix stale eth hdr pointer in br_dev_xmit - usb: f_fs: Fix use-after-free for epfile - ixgbevf: Require large buffers for build_skb on 82599VF - bonding: pair enable_port with slave_arr_updates - ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table() on failure path - net: do not keep the dst cache when uncloning an skb dst and its metadata - net: fix a memleak when uncloning an skb dst and its metadata - veth: fix races around rq->rx_notify_masked - tipc: rate limit warning for received illegal binding update - [amd64,arm64] net: amd-xgbe: disable interrupts during pci removal - vt_ioctl: fix array_index_nospec in vt_setactivate - vt_ioctl: add array_index_nospec to VT_ACTIVATE - n_tty: wake up poll(POLLRDNORM) on receiving data - [arm64,armhf] usb: ulpi: Move of_node_put to ulpi_dev_release - [arm64,armhf] usb: ulpi: Call of_node_put correctly - [arm64,armhf] usb: dwc3: gadget: Prevent core from processing stale TRBs - USB: gadget: validate interface OS descriptor requests (CVE-2022-25258) - usb: gadget: rndis: check size of RNDIS_MSG_SET command (CVE-2022-25375) - USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320 - USB: serial: option: add ZTE MF286D modem - USB: serial: ch341: add support for GW Instek USB2.0-Serial devices - USB: serial: cp210x: add NCR Retail IO box id - USB: serial: cp210x: add CPI Bulk Coin Recycler id - seccomp: Invalidate seccomp mode to catch death failures - [x86] hwmon: (dell-smm) Speed up setting of fan speed - perf: Fix list corruption in perf_cgroup_switch() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.231 - Makefile.extrawarn: Move -Wunaligned-access to W=1 - net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup - btrfs: send: in case of IO error log it - net: ieee802154: at86rf230: Stop leaking skb's - ax25: improve the incomplete fix to avoid UAF and NPD bugs - vfs: make freeze_super abort when sync_filesystem returns error - quota: make dquot_quota_sync return errors from ->sync_fs - nvme: fix a possible use-after-free in controller reset during load - nvme-rdma: fix possible use-after-free in transport error_recovery work - Revert "module, async: async_synchronize_full() on module init iff async is used" - iwlwifi: fix use-after-free - drm/radeon: Fix backlight control on iMac 12,1 - xfrm: Don't accidentally set RTO_ONLINK in decode_session4() - taskstats: Cleanup the use of task->exit_code - mmc: block: fix read single on recovery logic - vsock: remove vsock from connected table when connect is interrupted by a signal - iwlwifi: pcie: fix locking when "HW not ready" - iwlwifi: pcie: gen2: fix locking when "HW not ready" - ping: fix the dif and sdif check in ping_lookup - drop_monitor: fix data-race in dropmon_net_event / trace_napi_poll_hit - bonding: fix data-races around agg_select_timer - libsubcmd: Fix use-after-free for realloc(..., 0) - ALSA: hda: Fix regression on forced probe mask option - ALSA: hda: Fix missing codec probe on Shenker Dock 15 - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw() - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_range() - [powerpc*] lib/sstep: fix 'ptesync' build error - ext4: check for out-of-order index extents in ext4_valid_extent_entries() - block/wbt: fix negative inflight counter when remove scsi device - NFS: LOOKUP_DIRECTORY is also ok with symlinks - NFS: Do not report writeback errors in nfs_getattr() - EDAC: Fix calculation of returned address and next offset in edac_align_ptr() - net: sched: limit TC_ACT_REPEAT loops - lib/iov_iter: initialize "flags" in new pipe_buffer - [x86] Drivers: hv: vmbus: Expose monitor data only when monitor pages are used - [x86] Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj - [x86] KVM: x86/pmu: Use AMD64_RAW_EVENT_MASK for PERF_TYPE_RAW - [armhf] OMAP2+: hwmod: Add of_node_put() before break - netfilter: conntrack: don't refresh sctp entries in closed state - kconfig: let 'shell' return enough output for deep path names - ata: libata-core: Disable TRIM on M88V29 - tracing: Fix tp_printk option related with tp_printk_stop_on_boot - net: usb: qmi_wwan: Add support for Dell DW5829e - [arm64] net: macb: Align the dma and coherent dma masks https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.232 - cgroup/cpuset: Fix a race between cpuset_attach() and cpu hotplug - vhost/vsock: don't check owner in vhost_vsock_stop() while releasing - sr9700: sanity check for packet length - USB: zaurus: support another broken Zaurus - ping: remove pr_err from ping_lookup - net: __pskb_pull_tail() & pskb_carve_frag_list() drop_monitor friends - tipc: Fix end of loop tests for list_for_each_entry() - gso: do not skip outer ip header in case of ipip and net_failover - openvswitch: Fix setting ipv6 fields causing hw csum failure - drm/edid: Always set RGB444 - net/mlx5e: Fix wrong return value on ioctl EEPROM query failure - configfs: fix a race in configfs_{,un}register_subsystem() - RDMA/ib_srp: Fix a deadlock - tty: n_gsm: fix proper link termination after failed open - Revert "drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR" - memblock: use kfree() to release kmalloced memblock regions - fget: clarify and improve __fget_files() implementation - tracing: Have traceon and traceoff trigger honor the instance - ata: pata_hpt37x: disable primary channel on HPT371 - Revert "USB: serial: ch341: add new Product ID for CH341A" - usb: gadget: rndis: add spinlock for rndis response list - tracefs: Set the group ownership in apply_options() not parse_options() - USB: serial: option: add support for DW5829e - USB: serial: option: add Telit LE910R1 compositions - [arm64] usb: dwc3: pci: Fix Bay Trail phy GPIO mappings - [arm64,armhf] usb: dwc3: gadget: Let the interrupt handler disable bottom halves. - xhci: re-initialize the HC during resume if HCE was set - xhci: Prevent futile URB re-submissions due to incorrect return value. - tty: n_gsm: fix encoding of control signal octet bit DV . [ Salvatore Bonaccorso ] * Bump ABI to 19 * [rt] Update to 4.19.210-rt90 * [rt] Update to 4.19.211-rt91 * [rt] Update to 4.19.212-rt92 * [rt] Update to 4.19.214-rt93 * [rt] Update to 4.19.215-rt94 - fscache: fix initialisation of cookie hash table raw spinlocks * [rt] Update to 4.19.217-rt95 * Refresh "Export symbols needed by Android drivers" * liblockdep: Stop build liblockdep packages * [rt] Update to 4.19.218-rt96 * [rt] Update to 4.19.219-rt97 * [rt] Refresh "net: move xmit_recursion to per-task variable on -RT" * Refresh "Export symbols needed by Android drivers" * [rt] Update to 4.19.225-rt101 * Refresh "Revert "objtool: Fix CONFIG_STACK_VALIDATION=y warning for out-of-tree modules"" * [rt] Update to 4.19.227-rt102 * [rt] Update to 4.19.230-rt103 * init: Enable BPF_UNPRIV_DEFAULT_OFF (Closes: #990411) * Mitigate Spectre v2-type Branch History Buffer attacks (CVE-2022-0001, CVE-2022-0002) - [x86] speculation: Merge one test in spectre_v2_user_select_mitigation() - [x86] bugs: Unconditionally allow spectre_v2=retpoline,amd - [x86] speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE - [x86] speculation: Add eIBRS + Retpoline options - Documentation/hw-vuln: Update spectre doc - [x86] speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting - [x86] speculation: Use generic retpoline by default on AMD - [x86] speculation: Update link to AMD speculation whitepaper - [x86] speculation: Warn about Spectre v2 LFENCE mitigation - [x86] speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT linux-latest (105+deb10u15) buster; urgency=medium . * Update to 4.19.0-20 linux-latest (105+deb10u14) buster-security; urgency=high . * Update to 4.19.0-19 * linux-image: Add NEWS for unprivileged eBPF change linux-signed-amd64 (4.19.235+1) buster; urgency=medium . * Sign kernel from linux 4.19.235-1 . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.233 - mac80211_hwsim: report NOACK frames in tx_status - mac80211_hwsim: initialize ieee80211_tx_info at hw_scan_work - [arm*] i2c: bcm2835: Avoid clock stretching timeouts - [x86] ASoC: rt5682: do not block workqueue if card is unbound - Input: clear BTN_RIGHT/MIDDLE on buttonpads - cifs: fix double free race when mount fails in cifs_get_root() - net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990 - usb: gadget: don't release an existing dev->buf (CVE-2022-24958) - usb: gadget: clear related members when goto fail (CVE-2022-24958) - ata: pata_hpt37x: fix PCI clock detection - [x86] ALSA: intel_hdmi: Fix reference to PCM buffer address - ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min - xfrm: fix MTU regression - netfilter: fix use-after-free in __nf_register_net_hook() - xfrm: fix the if_id check in changelink - xfrm: enforce validity of offload input flags - netfilter: nf_queue: don't assume sk is full socket - netfilter: nf_queue: fix possible use-after-free - batman-adv: Request iflink once in batadv-on-batadv check - batman-adv: Request iflink once in batadv_get_real_netdevice - batman-adv: Don't expect inter-netns unique iflink indices - net: dcb: flush lingering app table entries for unregistered devices - net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error generated by client - net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error cause by server - block: Fix fsync always failed if once failed - PCI: pciehp: Fix infinite loop in IRQ handler upon power fault - xen/netfront: destroy queues before real_num_tx_queues is zeroed - mac80211: fix forwarded mesh frames AC & queue selection - [arm64,armhf] net: stmmac: fix return value of __setup handler - net: arcnet: com20020: Fix null-ptr-deref in com20020pci_probe() - efivars: Respect "block" flag in efivar_entry_set_safe() - can: gs_usb: change active_channels's type from atomic_t to u8 - [armel,armhf] 9182/1: mmu: fix returns from early_param() and __setup() functions - net: chelsio: cxgb3: check the return value of pci_find_capability() - nl80211: Handle nla_memdup failures in handle_nan_filter - Input: elan_i2c - move regulator_[en|dis]able() out of elan_[en|dis]able_power() - Input: elan_i2c - fix regulator enable count imbalance after suspend/resume - HID: add mapping for KEY_ALL_APPLICATIONS - memfd: fix F_SEAL_WRITE after shmem huge page allocated - tracing/histogram: Fix sorting on old "cpu" value - btrfs: add missing run of delayed items after unlink during log replay - net: dcb: disable softirqs in dcbnl_flush_dev() - hamradio: fix macro redefine warning https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.234 - [arm*] Provide a wrapper for SMCCC 1.1 calls - [arm64,armhf] smccc/psci: add arm_smccc_1_1_get_conduit() - [armhf] report Spectre v2 status through sysfs - [armel,armhf] early traps initialisation - [armel,armhf] use LOADADDR() to get load address of sections - [armel,armhf] Spectre-BHB workaround - [armel,armhf] include unprivileged BPF status in Spectre V2 reporting - [armel,armhf] fix build error when BPF_SYSCALL is disabled - [armel,armhf] fix co-processor register typo - [armel,armhf] Do not use NOCROSSREFS directive with ld.lld - [armhf] fix build warning in proc-v7-bugs.c - xen/xenbus: don't let xenbus_grant_ring() remove grants in error case (CVE-2022-23040, XSA-396) - xen/grant-table: add gnttab_try_end_foreign_access() (CVE-2022-23036, CVE-2022-23038, XSA-396) - xen/blkfront: don't use gnttab_query_foreign_access() for mapped status (CVE-2022-23036, XSA-396) - xen/netfront: don't use gnttab_query_foreign_access() for mapped status (CVE-2022-23037, XSA-396) - xen/scsifront: don't use gnttab_query_foreign_access() for mapped status (CVE-2022-23038, XSA-396) - xen/gntalloc: don't use gnttab_query_foreign_access() (CVE-2022-23039, XSA-396) - xen: remove gnttab_query_foreign_access() - xen/9p: use alloc/free_pages_exact() (CVE-2022-23041, XSA-396) - xen/pvcalls: use alloc/free_pages_exact() (CVE-2022-23041, XSA-396) - xen/gnttab: fix gnttab_end_foreign_access() without page specified (CVE-2022-23041, XSA-396) - xen/netfront: react properly to failing gnttab_end_foreign_access_ref() (CVE-2022-23042, XSA-396) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.235 - net: qlogic: check the return value of dma_alloc_coherent() in qed_vf_hw_prepare() - qed: return status of qed_iov_get_link - ax25: Fix NULL pointer dereference in ax25_kill_by_device - net/mlx5: Fix size field in bufferx_reg struct - NFC: port100: fix use-after-free in port100_send_complete - net: phy: DP83822: clear MISR2 register to disable interrupts - sctp: fix kernel-infoleak for SCTP sockets - net-sysfs: add check for netdevice being present to speed_show - Revert "xen-netback: remove 'hotplug-status' once it has served its purpose" - Revert "xen-netback: Check for hotplug-status existence before watching" - tracing: Ensure trace buffer is at least 4096 bytes large - [arm64] net: macb: Fix lost RX packet wakeup race in NAPI receive - virtio: unexport virtio_finalize_features - virtio: acknowledge all features before access - [armel,armhf] fix Thumb2 regression with Spectre BHB - ext4: add check to prevent attempting to resize an fs with sparse_super2 - btrfs: unlock newly allocated extent buffer after error (CVE-2021-4149) . [ Salvatore Bonaccorso ] * [rt] Add new signing key for Daniel Wagner * [rt] Update to 4.19.233-rt105 * Bump ABI to 20 * sctp: fix the processing for INIT chunk (CVE-2021-3772) * sctp: fix the processing for INIT_ACK chunk (CVE-2021-3772) linux-signed-amd64 (4.19.232+1) buster-security; urgency=high . * Sign kernel from linux 4.19.232-1 . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.209 - ocfs2: drop acl cache for directories too - [arm*] usb: dwc2: gadget: Fix ISOC transfer complete handling for DDMA - [armhf] usb: musb: tusb6010: uninitialized data in tusb_fifo_write_unaligned() - cifs: fix incorrect check for null pointer in header_assemble - [x86] xen/x86: fix PV trap handling on secondary processors - USB: serial: cp210x: add ID for GW Instek GDM-834x Digital Multimeter - USB: cdc-acm: fix minor-number release - Re-enable UAS for LaCie Rugged USB3-FW with fk quirk - USB: serial: mos7840: remove duplicated 0xac24 device ID - USB: serial: option: add Telit LN920 compositions - USB: serial: option: remove duplicate USB device ID - USB: serial: option: add device id for Foxconn T99W265 - [arm64] serial: mvebu-uart: fix driver's tx_empty callback - net: hso: fix muxed tty registration - bnxt_en: Fix TX timeout when TX ring size is set to the smallest - net/smc: add missing error check in smc_clc_prfx_set() - net/mlx4_en: Don't allow aRFS for encapsulated packets - scsi: iscsi: Adjust iface sysfs attr detection - [x86] tty: synclink_gt, drop unneeded forward declarations - [x86] tty: synclink_gt: rename a conflicting function name - thermal/core: Potential buffer overflow in thermal_build_list_of_policies() - [arm64,armhf] irqchip/gic-v3-its: Fix potential VPE leak on error - md: fix a lock order reversal in md_alloc - blktrace: Fix uaf in blk_trace access after removing by sysfs - [arm64,armhf] net: stmmac: allow CSR clock of 300MHz - xen/balloon: use a kernel thread instead a workqueue - nvme-multipath: fix ANA state updates when a namespace is not present - qnx4: avoid stringop-overread errors - [arm64] Mark __stack_chk_guard as __ro_after_init - net: 6pack: Fix tx timeout and slot time - [arm64] PCI: aardvark: Fix checking for PIO status - tcp: address problems caused by EDT misshaps - tcp: always set retrans_stamp on recovery - tcp: create a helper to model exponential backoff - tcp: adjust rto_base in retransmits_timed_out() - xen/balloon: fix balloon kthread freezing - tty: Fix out-of-bound vmalloc access in imageblit - cpufreq: schedutil: Use kobject release() method to free sugov_tunables - cpufreq: schedutil: Destroy mutex before kobject_put() frees the memory - mac80211: fix use-after-free in CCMP/GCMP RX - [x86] kvmclock: Move this_cpu_pvti into kvmclock.h - ipvs: check that ip_vs_conn_tab_bits is between 8 and 20 - mac80211: Fix ieee80211_amsdu_aggregate frag_tail bug - mac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap - sctp: break out if skb_header_pointer returns NULL in sctp_rcv_ootb - hwmon: (tmp421) Replace S_ with octal values - hwmon: (tmp421) report /PVLD condition as fault - hwmon: (tmp421) fix rounding for negative values - e100: fix length calculation in e100_get_regs_len - e100: fix buffer overrun in e100_get_regs - Revert "block, bfq: honor already-setup queue merges" - scsi: csiostor: Add module softdep on cxgb4 - af_unix: fix races in sk_peer_pid and sk_peer_cred accesses (CVE-2021-4203) - elf: don't use MAP_FIXED_NOREPLACE for elf interpreter mappings - ext4: fix potential infinite loop in ext4_dx_readdir() - net: udp: annotate data race around udp_sk(sk)->corkflag - [armel,armhf] 9077/1: PLT: Move struct plt_entries definition to header - [armel,armhf] 9078/1: Add warn suppress parameter to arm_gen_branch_link() - [armel,armhf] 9079/1: ftrace: Add MODULE_PLTS support - [armel,armhf] 9098/1: ftrace: MODULE_PLT: Fix build problem without DYNAMIC_FTRACE - [x86] crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd() (CVE-2021-3744, CVE-2021-3764) - HID: betop: fix slab-out-of-bounds Write in betop_probe - netfilter: ipset: Fix oversized kvmalloc() calls - HID: usbhid: free raw_report buffers in usbhid_stop - cred: allow get_cred() and put_cred() to be given NULL. https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.210 - net: mdio: introduce a shutdown method to mdio device drivers - xen-netback: correct success/error reporting for the SKB-with-fraglist case - scsi: sd: Free scsi_disk device via put_device() - [arm*] usb: dwc2: check return value after calling platform_get_resource() - scsi: ses: Retry failed Send/Receive Diagnostic commands - libata: Add ATA_HORKAGE_NO_NCQ_ON_ATI for Samsung 860 and 870 SSD. - lib/timerqueue: Rely on rbtree semantics for next timer (CVE-2021-20317) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.211 - USB: cdc-acm: fix racy tty buffer accesses - USB: cdc-acm: fix break reporting - xen/privcmd: fix error handling in mmap-resource processing - ovl: fix missing negative dentry check in ovl_rename() (CVE-2021-20321) - nfsd4: Handle the NFSv4 READDIR 'dircount' hint being zero - xen/balloon: fix cancelled balloon action - [armhf] dts: omap3430-sdp: Fix NAND device node - [mips,mipsel] bpf, mips: Validate conditional branch offsets (CVE-2021-38300) - [armel,armhf] bpf, arm: Fix register clobbering in div/mod implementation - bpf: Fix integer overflow in prealloc_elems_and_freelist() (CVE-2021-41864) - phy: mdio: fix memory leak - net_sched: fix NULL deref in fifo_set_limit() - [i386] ptp_pch: Load module automatically if ID matches - [armhf] imx6: disable the GIC CPU interface before calling stby-poweroff sequence - net: bridge: use nla_total_size_64bit() in br_get_linkxstats_size() - [arm64,armhf] net: sfp: Fix typo in state machine debug string - netlink: annotate data races around nlk->bound - drm/nouveau/debugfs: fix file release memory leak - rtnetlink: fix if_nlmsg_stats_size() under estimation - i40e: fix endless loop under rtnl - i40e: Fix freeing of uninitialized misc IRQ vector - i2c: acpi: fix resource leak in reconfiguration device addition https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.212 - [armhf] net: phy: bcm7xxx: Fixed indirect MMD operations - HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS - netfilter: ip6_tables: zero-initialize fragment offset - mac80211: Drop frames from invalid MAC address in ad-hoc mode - net: prevent user from passing illegal stab size - mac80211: check return value of rhashtable_init - scsi: ses: Fix unsigned comparison with less than zero - scsi: virtio_scsi: Fix spelling mistake "Unsupport" -> "Unsupported" - [x86] perf/x86: Reset destroy callback on event init failure - sched: Always inline is_percpu_thread() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.213 - ALSA: seq: Fix a potential UAF by wrong private_free call order - ALSA: hda/realtek: Complete partial device name to avoid ambiguity - ALSA: hda/realtek: Add quirk for Clevo X170KM-G - ALSA: hda/realtek - ALC236 headset MIC recording issue - [s390x] fix strrchr() implementation - btrfs: deal with errors when replaying dir entry during log replay - btrfs: deal with errors when adding inode reference during log replay - btrfs: check for error when looking up inode during dir entry replay - [x86] mei: me: add Ice Lake-N device id. - xhci: guard accesses to ep_state in xhci_endpoint_reset() - xhci: Fix command ring pointer corruption while aborting a command - xhci: Enable trust tx length quirk for Fresco FL11 USB controller - cb710: avoid NULL pointer subtraction - [arm64,x86] efi/cper: use stack buffer for error record decoding - efi: Change down_interruptible() in virt_efi_reset_system() to down_trylock() - [armhf] usb: musb: dsps: Fix the probe error path - Input: xpad - add support for another USB ID of Nacon GC-100 - USB: serial: qcserial: add EM9191 QDL support - USB: serial: option: add Quectel EC200S-CN module support - USB: serial: option: add Telit LE910Cx composition 0x1204 - USB: serial: option: add prod. id for Quectel EG91 - virtio: write back F_VERSION_1 before validate - nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells - sctp: account stream padding length for reconf chunk (CVE-2022-0322) - ethernet: s2io: fix setting mac address during resume - nfc: fix error handling of nfc_proto_register() - NFC: digital: fix possible memory leak in digital_tg_listen_mdaa() - NFC: digital: fix possible memory leak in digital_in_send_sdd_req() - [i386] pata_legacy: fix a couple uninitialized variable bugs - [arm64] drm/msm: Fix null pointer dereference on pointer edp - [arm64] drm/msm/dsi: Fix an error code in msm_dsi_modeset_init() - [arm64] drm/msm/dsi: fix off by one in dsi_bus_clk_enable error handling - [arm64] acpi/arm64: fix next_platform_timer() section mismatch error - mqprio: Correct stats in mqprio_dump_class_stats(). - qed: Fix missing error code in qed_slowpath_start() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.214 - NFSD: Keep existing listeners on portlist error - netfilter: ipvs: make global sysctl readonly in non-init netns - [arm64] net: hns3: add limit ets dwrr bandwidth cannot be 0 - [arm64] net: hns3: disable sriov before unload hclge layer - can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state notification - can: peak_pci: peak_pci_remove(): fix UAF - ocfs2: fix data corruption after conversion from inline format - ocfs2: mount fails with buffer overflow in strlen - vfs: check fd has read access in kernel_read_file_from_fd() (CVE-2022-0644) - ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset - ALSA: hda/realtek: Add quirk for Clevo PC50HS - ASoC: DAPM: Fix missing kctl change notifications - mm, slub: fix mismatch between reconstructed freelist depth and cnt - nfc: nci: fix the UAF of rf_conn_info object (CVE-2021-3760) - isdn: cpai: check ctr->cnr to avoid array index out of bound (CVE-2021-43389) - btrfs: deal with errors when checking if a dir entry exists during log replay - [arm64,armhf] net: stmmac: add support for dwmac 3.40a - isdn: mISDN: Fix sleeping function called from invalid context - ALSA: hda: avoid write to STATESTS if controller is in reset - scsi: core: Fix shost->cmd_per_lun calculation in scsi_add_host_with_dma() - net: mdiobus: Fix memory leak in __mdiobus_register - tracing: Have all levels of checks prevent recursion https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.215 - [armel,armhf] 9139/1: kprobes: fix arch_init_kprobes() prototype - [powerpc*] bpf: Fix BPF_MOD when imm == 1 - [arm64] Avoid premature usercopy failure - usbnet: sanity check for maxpacket - usbnet: fix error return code in usbnet_probe() - ata: sata_mv: Fix the error handling of mv_chip_id() - nfc: port100: fix using -ERRNO as command type mask - Revert "net: mdiobus: Fix memory leak in __mdiobus_register" - ipv4: use siphash instead of Jenkins in fnhe_hashfun() (CVE-2021-20322) - ipv6: use siphash in rt6_exception_hash() (CVE-2021-20322) - ipv6: make exception cache less predictible (CVE-2021-20322) - mmc: vub300: fix control-message timeouts - mmc: cqhci: clear HALT state after CQE enable - [armhf] mmc: dw_mmc: exynos: fix the finding clock sample value - mmc: sdhci: Map more voltage level to SDHCI_POWER_330 - [armhf] mmc: sdhci-esdhc-imx: clear the buffer_read_ready to reset standard tuning circuit - net: lan78xx: fix division by zero in send path - RDMA/mlx5: Set user priority for DCT - [arm64] dts: allwinner: h5: NanoPI Neo 2: Fix ethernet node - regmap: Fix possible double-free in regcache_rbtree_exit() - net: batman-adv: fix error handling - net: Prevent infinite while loop in skb_tx_hash() - net: ethernet: microchip: lan743x: Fix driver crash when lan743x_pm_resume fails - net: ethernet: microchip: lan743x: Fix dma allocation failure by using dma_set_mask_and_coherent - sctp: use init_tag from inithdr for ABORT chunk (CVE-2021-3772) - sctp: fix the processing for COOKIE_ECHO chunk (CVE-2021-3772) - sctp: add vtag check in sctp_sf_violation (CVE-2021-3772) - sctp: add vtag check in sctp_sf_do_8_5_1_E_sa (CVE-2021-3772) - sctp: add vtag check in sctp_sf_ootb (CVE-2021-3772) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.216 - scsi: core: Put LLD module refcnt after SCSI device is released - media: firewire: firedtv-avc: fix a buffer overflow in avc_ca_pmt() (CVE-2021-42739) - IB/qib: Use struct_size() helper - IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields - sfc: Fix reading non-legacy supported link modes - arch: pgtable: define MAX_POSSIBLE_PHYSMEM_BITS where needed - [armel,armhf] 9120/1: Revert "amba: make use of -1 IRQs warn" https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.217 - [x86] Revert "x86/kvm: fix vcpu-id indexed array sizes" - usb: ehci: handshake CMD_RUN instead of STS_HALT - [arm64,armhf] usb: musb: Balance list entry in musb_gadget_queue - usb-storage: Add compatibility quirk flags for iODD 2531/2541 - printk/console: Allow to disable console output by using console="" or console=null - isofs: Fix out of bound access for corrupted isofs image - [x86] comedi: dt9812: fix DMA buffers on stack - [x86] comedi: ni_usb6501: fix NULL-deref in command paths - [x86] comedi: vmk80xx: fix transfer-buffer overflows - [x86] comedi: vmk80xx: fix bulk-buffer overflow - [x86] comedi: vmk80xx: fix bulk and interrupt message timeouts - staging: r8712u: fix control-message timeout - [x86] staging: rtl8192u: fix control-message timeouts - rsi: fix control-message timeout https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.218 - xhci: Fix USB 3.1 enumeration issues by increasing roothub power-on-good delay - binder: use euid from cred instead of using task - binder: use cred instead of task for selinux checks - Input: elantench - fix misreporting trackpoint coordinates (Closes: #989285) - libata: fix read log timeout value - ocfs2: fix data corruption on truncate - [arm64,armhf] mmc: dw_mmc: Dont wait for DRTO on Write RSP error - tpm: Check for integer overflow in tpm2_map_response_body() - [x86] media: ite-cir: IR receiver stop working after receive overflow - media: ir-kbd-i2c: improve responsiveness of hauppauge zilog receivers (Closes: #994050) - ALSA: hda/realtek: Add quirk for Clevo PC70HS - ALSA: ua101: fix division by zero at probe - ALSA: 6fire: fix control and bulk message timeouts - ALSA: line6: fix control and interrupt message timeouts - ALSA: usb-audio: Add registration quirk for JBL Quantum 400 - ALSA: synth: missing check for possible NULL after the call to kstrdup - ALSA: timer: Fix use-after-free problem - ALSA: timer: Unconditionally unlink slave instances, too - [x86] irq: Ensure PI wakeup handler is unregistered before module unload - [arm64] cavium: Return negative value when pci_alloc_irq_vectors() fails - scsi: qla2xxx: Fix unmap of already freed sgl - [arm64] cavium: Fix return values of the probe function - sfc: Don't use netif_info before net_device setup - [x86] hyperv/vmbus: include linux/bitops.h - drm: panel-orientation-quirks: Add quirk for Aya Neo 2021 - bpf: Prevent increasing bpf_jit_limit above max - xen/netfront: stop tx queues during live migration - [armhf] spi: spl022: fix Microwire full duplex mode - [armhf] watchdog: Fix OMAP watchdog early handling - [x86] vmxnet3: do not stop tx queues after netif_device_detach() - btrfs: clear MISSING device status bit in btrfs_close_one_device - btrfs: fix lost error handling when replaying directory deletes - btrfs: call btrfs_check_rw_degradable only if there is a missing device - [armhf] regulator: s5m8767: do not use reset value as DVS voltage if GPIO DVS is disabled - [armhf] regulator: dt-bindings: samsung,s5m8767: correct s5m8767,pmic-buck-default-dvs-idx property - EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell - [x86] mwifiex: fix division by zero in fw download path - ath6kl: fix division by zero in send path - ath6kl: fix control-message timeout - ath10k: fix control-message timeout - ath10k: fix division by zero in send path - PCI: Mark Atheros QCA6174 to avoid bus reset - rtl8187: fix control-message timeouts - [arm64] wcn36xx: Fix HT40 capability for 2Ghz band - mwifiex: Read a PCI register after writing the TX ring write pointer - libata: fix checking of DMA state - [arm64] wcn36xx: handle connection loss indication - rsi: fix occasional initialisation failure with BT coex - rsi: fix key enabled check causing unwanted encryption for vap_id > 0 - rsi: fix rate mask set leading to P2P failure - rsi: Fix module dev_oper_mode parameter description - RDMA/qedr: Fix NULL deref for query_qp on the GSI QP - signal: Remove the bogus sigkill_pending in ptrace_stop - [mips*] signal/mips: Update (_save|_restore)_fp_context to fail with -EFAULT - [x86] power: supply: max17042_battery: Prevent int underflow in set_soc_threshold - [x86] power: supply: max17042_battery: use VFSOC for capacity when no rsns - serial: core: Fix initializing and restoring termios speed - ALSA: mixer: oss: Fix racy access to slots - ALSA: mixer: fix deadlock in snd_mixer_oss_set_volume - xen/balloon: add late_initcall_sync() for initial ballooning done - [arm64] PCI: aardvark: Do not clear status bits of masked interrupts - [arm64] PCI: aardvark: Do not unmask unused interrupts - [arm64] PCI: aardvark: Fix return value of MSI domain .alloc() method - [arm64] PCI: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG - quota: check block number when reading the block in quota file - quota: correct error number in free_dqentry() - pinctrl: core: fix possible memory leak in pinctrl_enable() - iio: dac: ad5446: Fix ad5622_write() return value - USB: serial: keyspan: fix memleak on probe errors - USB: iowarrior: fix control-message timeouts - drm: panel-orientation-quirks: Add quirk for KD Kurio Smart C15200 2-in-1 - Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg() (CVE-2021-3640) - Bluetooth: fix use-after-free error in lock_sock_nested() (CVE-2021-3752) - [x86] platform/x86: wmi: do not fail if disabling fails - locking/lockdep: Avoid RCU-induced noinstr fail - net: sched: update default qdisc visibility after Tx queue cnt changes - [x86] Increase exception stack sizes - mwifiex: Run SET_BSS_MODE when changing from P2P to STATION vif-type - mwifiex: Properly initialize private structure on interface type changes - media: netup_unidvb: handle interrupt properly according to the firmware - media: uvcvideo: Set capability in s_param - media: uvcvideo: Return -EIO for control errors - media: mceusb: return without resubmitting URB in case of -EPROTO error. - ACPICA: Avoid evaluating methods too early during system resume - media: usb: dvd-usb: fix uninit-value bug in dibusb_read_eeprom_byte() - tracefs: Have tracefs directories not set OTH permission bits by default - ath: dfs_pattern_detector: Fix possible null-pointer dereference in channel_detector_create() - [x86] ACPI: battery: Accept charges over the design capacity as full - memstick: r592: Fix a UAF bug when removing the driver - lib/xz: Avoid overlapping memcpy() with invalid input with in-place decompression - lib/xz: Validate the value before assigning it to an enum variable - workqueue: make sysfs of unbound kworker cpumask more clever - mwl8k: Fix use-after-free in mwl8k_fw_state_machine() - PM: hibernate: Get block device exclusively in swsusp_check() - iwlwifi: mvm: disable RX-diversity in powersave - gre/sit: Don't generate link-local addr if addr_gen_mode is IN6_ADDR_GEN_MODE_NONE - [x86] hyperv: Protect set_hv_tscchange_cb() against getting preempted - task_stack: Fix end_of_stack() for architectures with upwards-growing stack - Bluetooth: fix init and cleanup of sco_conn.timeout_work - cgroup: Make rebind_subsystems() disable v2 controllers all at once - drm/amdgpu: fix warning for overflow check - media: em28xx: add missing em28xx_close_extension - media: dvb-usb: fix ununit-value in az6027_rc_query - media: si470x: Avoid card name truncation - media: cx23885: Fix snd_card_free call on null card pointer - cpuidle: Fix kobject memory leaks in error paths - media: em28xx: Don't use ops->suspend if it is NULL - ath9k: Fix potential interrupt storm on queue reset - [x86] crypto: qat - detect PFVF collision after ACK - [x86] crypto: qat - disregard spurious PFVF interrupts - b43legacy: fix a lower bounds test - b43: fix a lower bounds test - [armhf] mmc: sdhci-omap: Fix NULL pointer exception if regulator is not configured - memstick: jmb38x_ms: use appropriate free function in jmb38x_ms_alloc_host() - hwmon: Fix possible memleak in __hwmon_device_register() - ath10k: fix max antenna gain unit - [arm64] drm/msm: uninitialized variable in msm_gem_import() - net: stream: don't purge sk_error_queue in sk_stream_kill_queues() - [x86] platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning - rsi: stop thread firstly in rsi_91x_init() error handling - mwifiex: Send DELBA requests according to spec - phy: micrel: ksz8041nl: do not use power down mode - nvme-rdma: fix error code in nvme_rdma_setup_ctrl - PM: hibernate: fix sparse warnings - [arm64] drm/msm: Fix potential NULL dereference in DPU SSPP - [s390x] gmap: don't unconditionally call pte_unmap_unlock() in __gmap_zap() - tcp: don't free a FIN sk_buff in tcp_remove_empty_skb() - [s390x] KVM: s390: Fix handle_sske page fault handling - libertas_tf: Fix possible memory leak in probe and disconnect - libertas: Fix possible memory leak in probe and disconnect - [arm64] wcn36xx: add proper DMA memory barriers in rx path - [amd64,arm64] net: amd-xgbe: Toggle PLL settings during rate change - [arm64,armhf] net: phylink: avoid mvneta warning when setting pause parameters - crypto: pcrypt - Delay write to padata->info - RDMA/rxe: Fix wrong port_cap_flags - scsi: dc395: Fix error case unwinding - JFS: fix memleak in jfs_mount - ALSA: hda: Reduce udelay() at SKL+ position reporting - [arm64,armhf] soc/tegra: Fix an error handling path in tegra_powergate_power_up() - serial: 8250_dw: Drop wrong use of ACPI_PTR() - scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn() - RDMA/mlx4: Return missed an error if device doesn't support steering - [arm64] phy: qcom-qusb2: Fix a memory leak on probe - [arm64] serial: xilinx_uartps: Fix race condition causing stuck TX - [mips*] cm: Convert to bitfield API to fix out-of-bounds access - apparmor: fix error check - rpmsg: Fix rpmsg_create_ept return when RPMSG config is not defined - pnfs/flexfiles: Fix misplaced barrier in nfs4_ff_layout_prepare_ds - drm/plane-helper: fix uninitialized variable reference - [arm64] PCI: aardvark: Don't spam about PIO Response Status - NFS: Fix deadlocks in nfs_scan_commit_list() - fs: orangefs: fix error return code of orangefs_revalidate_lookup() - [arm64] mtd: spi-nor: hisi-sfc: Remove excessive clk_disable_unprepare() - netfilter: nfnetlink_queue: fix OOB when mac header was cleared - dmaengine: dmaengine_desc_callback_valid(): Check for `callback_result` - [x86] watchdog: f71808e_wdt: fix inaccurate report in WDIOC_GETTIMEOUT - scsi: qla2xxx: Fix gnl list corruption - scsi: qla2xxx: Turn off target reset during issue_lip - xen-pciback: Fix return in pm_ctrl_init() - [armhf] net: davinci_emac: Fix interrupt pacing disable - bonding: Fix a use-after-free problem when bond_sysfs_slave_add() failed - mm/zsmalloc.c: close race window between zs_pool_dec_isolated() and zs_unregister_migration() - zram: off by one in read_block_state() - llc: fix out-of-bound array index in llc_sk_dev_hash() - nfc: pn533: Fix double free when pn533_fill_fragment_skbs() fails - [arm64] pgtable: make __pte_to_phys/__phys_to_pte_val inline functions - vsock: prevent unnecessary refcnt inc for nonblocking connect - cxgb4: fix eeprom len when diagnostics not implemented - [arm64,armhf] USB: chipidea: fix interrupt deadlock - [armel,armhf] 9155/1: fix early early_iounmap() - f2fs: should use GFP_NOFS for directory inodes - 9p/net: fix missing error check in p9_check_errors - [powerpc*] lib: Add helper to check if offset is within conditional branch range - [powerpc*] bpf: Validate branch ranges - [powerpc*] bpf: Fix BPF_SUB when imm == 0x80000000 - [powerpc*] security: Add a helper to query stf_barrier type - [powerpc*] bpf: Emit stf barrier instruction sequences for BPF_NOSPEC - mm, oom: pagefault_out_of_memory: don't force global OOM for dying tasks - mm, oom: do not trigger out_of_memory from the #PF - [armhf] backlight: gpio-backlight: Correct initial power state handling - video: backlight: Drop maximum brightness override for brightness zero - [s390x] cio: check the subchannel validity for dev_busid - [s390x] tape: fix timer initialization in tape_std_assign() - PCI: Add PCI_EXP_DEVCTL_PAYLOAD_* macros - fuse: truncate pagecache on atomic_o_trunc - [x86] cpu: Fix migration safety with X86_BUG_NULL_SEL - ext4: fix lazy initialization next schedule time computation in more granular unit - PCI/MSI: Destroy sysfs before freeing entries - PCI/MSI: Deal with devices lying about their MSI mask capability - PCI: Add MSI masking quirk for Nvidia ION AHCI - [arm64] zynqmp: Do not duplicate flash partition label property - [arm64] zynqmp: Fix serial compatible string - scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() - [armhf] usb: musb: tusb6010: check return value after calling platform_get_resource() - [x86] usb: typec: tipd: Remove WARN_ON in tps6598x_block_read - [x86] ASoC: nau8824: Add DMI quirk mechanism for active-high jack-detect - scsi: advansys: Fix kernel pointer leak - firmware_loader: fix pre-allocated buf built-in firmware use - tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc - scsi: target: Fix ordered tag handling - scsi: target: Fix alua_tg_pt_gps_count tracking - [i386] ALSA: gus: fix null pointer dereference on pointer block - f2fs: fix up f2fs_lookup tracepoints - sched/core: Mitigate race cpus_share_cache()/update_top_cache_domain() - drm/nouveau: hdmigv100.c: fix corrupted HDMI Vendor InfoFrame - iavf: check for null in iavf_fix_features - iavf: Fix for the false positive ASQ/ARQ errors while issuing VF reset - [x86] platform/x86: hp_accel: Fix an error handling path in 'lis3lv02d_probe()' - net: virtio_net_hdr_to_skb: count transport header in UFO - i40e: Fix correct max_pkt_size on VF RX queue - i40e: Fix NULL ptr dereference on VSI filter sync - i40e: Fix changing previously set num_queue_pairs for PFs - i40e: Fix display error code in dmesg - NFC: reorganize the functions in nci_request - [x86] perf/x86/intel/uncore: Fix filter_tid mask for CHA events on Skylake Server - [x86] perf/x86/intel/uncore: Fix IIO event constraints for Skylake Server - tun: fix bonding active backup with arp monitoring - ipc: WARN if trying to remove ipc object which is absent - [x86] hyperv: Fix NULL deref in set_hv_tscchange_cb() if Hyper-V setup fails - udf: Fix crash after seekdir - btrfs: fix memory ordering between normal and ordered work functions - cfg80211: call cfg80211_stop_ap when switch from P2P_GO type - drm/udl: fix control-message timeout - drm/amdgpu: fix set scaling mode Full/Full aspect/Center not works on vga and dvi connectors - perf/core: Avoid put_page() when GUP fails - batman-adv: mcast: fix duplicate mcast packets in BLA backbone from LAN - batman-adv: Consider fragmentation for needed_headroom - batman-adv: Reserve needed_*room for fragments - batman-adv: Don't always reallocate the fragmentation skb head - RDMA/netlink: Add __maybe_unused to static inline in C file - ASoC: DAPM: Cover regression by kctl change notification fix - [arm64,armhf] soc/tegra: pmc: Fix imbalanced clock disabling in error code path https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.219 - USB: serial: option: add Telit LE910S1 0x9200 composition - USB: serial: option: add Fibocom FM101-GL variants - [arm*] usb: dwc2: hcd_queue: Fix use of floating point literal - usb: hub: Fix usb enumeration issue due to address0 race - usb: hub: Fix locking issues with address0_mutex - [arm*] binder: fix test regression due to sender_euid change - ALSA: ctxfi: Fix out-of-range access - media: cec: copy sequence field for the reply - HID: wacom: Use "Confidence" flag to prevent reporting invalid contacts - [x86] staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() - fuse: fix page stealing - xen: don't continue xenstore initialization in case of errors - xen: detect uninitialized xenbus in xenbus_init - tracing: Fix pid filtering when triggers are attached - proc/vmcore: fix clearing user buffer by properly using clear_user() - [arm64] PCI: aardvark: Fix a leaked reference by adding missing of_node_put() - [arm64] PCI: aardvark: Wait for endpoint to be ready before training link - [arm64] PCI: aardvark: Train link immediately after enabling training - [arm64] PCI: aardvark: Improve link training - [arm64] PCI: aardvark: Issue PERST via GPIO - [arm64] PCI: aardvark: Replace custom macros by standard linux/pci_regs.h macros - [arm64] PCI: aardvark: Indicate error in 'val' when config read fails - [arm64] PCI: aardvark: Don't touch PCIe registers if no card connected - [arm64] PCI: aardvark: Fix compilation on s390 - [arm64] PCI: aardvark: Move PCIe reset card code to advk_pcie_train_link() - [arm64] PCI: aardvark: Update comment about disabling link training - [arm64] PCI: aardvark: Configure PCIe resources from 'ranges' DT property - [arm64] PCI: aardvark: Fix PCIe Max Payload Size setting - [arm64] PCI: aardvark: Fix link training - [arm64] PCI: aardvark: Fix checking for link up via LTSSM state - [arm64] pinctrl: armada-37xx: Correct mpp definitions - [arm64] pinctrl: armada-37xx: add missing pin: PCIe1 Wakeup - [arm64] pinctrl: armada-37xx: Correct PWM pins definitions - [arm64] dts: marvell: armada-37xx: Set pcie_reset_pin to gpio function - netfilter: ipvs: Fix reuse connection if RS weight is 0 - [x86] ASoC: topology: Add missing rwsem around snd_ctl_remove() calls - net: ieee802154: handle iftypes as u32 - NFSv42: Don't fail clone() unless the OP_CLONE operation failed - [armhf] socfpga: Fix crash with CONFIG_FORTIRY_SOURCE - scsi: mpt3sas: Fix kernel panic during drive powercycle test - [arm*] drm/vc4: fix error code in vc4_create_object() - ipv6: fix typos in __ip6_finish_output() - net/smc: Ensure the active closing peer first closes clcsock - PM: hibernate: use correct mode for swsusp_close() - tcp_cubic: fix spurious Hystart ACK train detections for not-cwnd-limited flows - net/smc: Don't call clcsock shutdown twice when smc shutdown - [arm64] net: hns3: fix VF RSS failed problem after PF enable multi-TCs - vhost/vsock: fix incorrect used length reported to the guest - tracing: Check pid filtering when creating events - [s390x] mm: validate VMA in PGSTE manipulation functions - hugetlbfs: flush TLBs correctly after huge_pmd_unshare (CVE-2021-4002) - NFC: add NCI_UNREG flag to eliminate the race - fuse: release pipe buf after last use - xen: sync include/xen/interface/io/ring.h with Xen's newest version - xen/blkfront: read response from backend only once - xen/blkfront: don't take local copy of a request from the ring page - xen/blkfront: don't trust the backend response data blindly - xen/netfront: read response from backend only once - xen/netfront: don't read data from request on the ring page - xen/netfront: disentangle tx_skb_freelist - xen/netfront: don't trust the backend response data blindly - tty: hvc: replace BUG_ON() with negative return value https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.220 - shm: extend forced shm destroy to support objects from several IPC nses - NFSv42: Fix pagecache invalidation after COPY/CLONE - gfs2: Fix length of holes reported at end-of-file - [amd64] atlantic: Fix OOB read and write in hw_atl_utils_fw_rpc_wait (CVE-2021-43975) - net: return correct error code - [x86] platform/x86: thinkpad_acpi: Fix WWAN device disabled issue after S3 deep - [s390x] setup: avoid using memblock_enforce_memory_limit - btrfs: check-integrity: fix a warning on write caching disabled disk - thermal: core: Reset previous low and high trip during thermal zone init - scsi: iscsi: Unblock session then wake up error handler - ata: ahci: Add Green Sardine vendor ID as board_ahci_mobile - [arm64] ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port() - vrf: Reset IPCB/IP6CB when processing outbound pkts in vrf dev xmit - kprobes: Limit max data_size of the kretprobe instances - ipmi: Move remove_work to dedicated workqueue - fs: add fget_many() and fput_many() - fget: check that the fd still exists after getting a ref to it (CVE-2021-4083) - net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings() - net: mpls: Fix notifications when deleting a device - siphash: use _unaligned version by default - net/mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources() - rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer() - net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of "0" if no IRQ is available - net: annotate data-races on txq->xmit_lock_owner - net/rds: correct socket tunable error in rds_tcp_tune() - net/smc: Keep smc_close_final rc during active close - [arm64] drm/msm: Do hw_init() before capturing GPU state - vgacon: Propagate console boot parameters before calling `vc_resize' - xhci: Fix commad ring abort, write all 64 bits to CRCR register. - USB: NO_LPM quirk Lenovo Powered USB-C Travel Hub - [x86] usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect - [amd64] mm: Map all kernel memory into trampoline_pgd - [arm64] tty: serial: msm_serial: Deactivate RX DMA for polling support - [arm64] serial: pl011: Add ACPI SBSA UART match id - serial: core: fix transmit-buffer reset and memleak - ipmi: msghandler: Make symbol 'remove_work_wq' static https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.221 - HID: add hid_is_usb() function to make it simpler for USB detection - HID: wacom: fix problems when device is not a valid USB device - HID: check for valid USB device for many HID drivers - can: kvaser_usb: get CAN clock frequency from device - [x86] can: sja1000: fix use after free in ems_pcmcia_add_card() - net: core: netlink: add helper refcount dec and lock function - net: sched: rename qdisc_destroy() to qdisc_put() - net: sched: extend Qdisc with rcu - net: sched: add helper function to take reference to Qdisc - net: sched: use Qdisc rcu API instead of relying on rtnl lock - nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done - bpf: Fix the off-by-two error in range markings - ice: ignore dropped packets during init - bonding: make tx_rebalance_counter an atomic - nfp: Fix memory leak in nfp_cpp_area_cache_add() - seg6: fix the iif in the IPv6 socket control block - udp: using datalen to cap max gso segments - [amd64] IB/hfi1: Correct guard on eager buffer deallocation - mm: bdi: initialize bdi_min_ratio when bdi is unregistered - ALSA: ctl: Fix copy of updated id with element read/write - ALSA: pcm: oss: Fix negative period/buffer sizes - ALSA: pcm: oss: Limit the period size to 16MB - ALSA: pcm: oss: Handle missing errors in snd_pcm_oss_change_params*() - tracefs: Have new files inherit the ownership of their parent - [arm64] clk: qcom: regmap-mux: fix parent clock lookup - [i386] can: pch_can: pch_can_rx_normal: fix use after free - libata: add horkage for ASMedia 1092 - wait: add wake_up_pollfree() - binder: use wake_up_pollfree() - signalfd: use wake_up_pollfree() - aio: keep poll requests on waitqueue until completed - aio: fix use-after-free due to missing POLLFREE handling - tracefs: Set all files to the same group ownership as the mount option - block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2) - qede: validate non LSO skb length - i40e: Fix pre-set max number of queues for VF - net: cdc_ncm: Allow for dwNtbOutMaxSize to be unset or zero - [armhf] net: fec: only clear interrupt of handling queue in fec_enet_rx_queue() - net, neigh: clear whole pneigh_entry at alloc time - net/qla3xxx: fix an error code in ql_adapter_up() - USB: gadget: detect too-big endpoint 0 requests (CVE-2021-39685) - USB: gadget: zero allocate endpoint 0 buffers (CVE-2021-39685) - usb: core: config: fix validation of wMaxPacketValue entries - xhci: Remove CONFIG_USB_DEFAULT_PERSIST to prevent xHCI from runtime suspending - usb: core: config: using bit mask instead of individual bits - xhci: avoid race between disable slot command and host runtime suspend - iio: trigger: Fix reference counting - [armhf] iio: mma8452: Fix trigger reference couting - [arm64,armhf] iio: adc: axp20x_adc: fix charging current reporting on AXP22x - [x86] iio: accel: kxcjk-1013: Fix possible memory leak in probe and remove - [armhf] irqchip/armada-370-xp: Fix return value of armada_370_xp_msi_alloc() - [armhf] irqchip/armada-370-xp: Fix support for Multi-MSI interrupts - [arm64,armhf] irqchip/irq-gic-v3-its.c: Force synchronisation when issuing INVALL - net_sched: fix a crash in tc_new_tfilter() - net: sched: make function qdisc_free_cb() static https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.222 - stable: clamp SUBLEVEL in 4.19 - nfc: fix segfault in nfc_genl_dump_devices_done - [arm64] drm/msm/dsi: set default num_data_lanes - net/mlx4_en: Update reported link modes for 1/10G - [arm64,armhf] i2c: rk3x: Handle a spurious start completion interrupt flag - net: netlink: af_netlink: Prevent empty skb by adding a check on len. - tracing: Fix a kmemleak false positive in tracing_map - [x86] hwmon: (dell-smm) Fix warning on /proc/i8k creation error - mac80211: send ADDBA requests using the tid/queue of the aggregation session - dm btree remove: fix use after free in rebalance_children() - audit: improve robustness of the audit queue handling - nfsd: fix use-after-free due to delegation race (Closes: #988044) - [x86] sme: Explicitly map new EFI memmap table as encrypted - mac80211: track only QoS data frames for admission control - [armhf] socfpga: dts: fix qspi node compatible - sch_cake: do not call cake_destroy() from cake_init() - rds: memory leak in __rds_conn_create() (CVE-2021-45480) - [arm64,armhf] soc/tegra: fuse: Fix bitwise vs. logical OR warning - igb: Fix removal of unicast MAC filters of VFs - igbvf: fix double free in `igbvf_probe` - ixgbe: set X550 MDIO speed before talking to PHY - netdevsim: Zero-initialize memory for new map's value in function nsim_bpf_map_alloc (CVE-2021-4135) - net/packet: rx_owner_map depends on pg_vec (CVE-2021-22600) - sit: do not call ipip6_dev_free() from sit_init_net() - USB: gadget: bRequestType is a bitfield, not a enum - USB: NO_LPM quirk Lenovo USB-C to Ethernet Adapher(RTL8153-04) - PCI/MSI: Clear PCI_MSIX_FLAGS_MASKALL on error - PCI/MSI: Mask MSI-X vectors only on success - USB: serial: cp210x: fix CP2105 GPIO registration - USB: serial: option: add Telit FN990 compositions - timekeeping: Really make sure wall_to_monotonic isn't positive - libata: if T_LENGTH is zero, dma direction should be DMA_NONE - drm/amdgpu: correct register access for RLC_JUMP_TABLE_RESTORE - mac80211: validate extended element ID is present - [armel] 8805/2: remove unneeded naked function usage - mwifiex: Remove unnecessary braces from HostCmd_SET_SEQ_NO_BSS_INFO - Input: touchscreen - avoid bitwise vs logical OR warning - media: mxl111sf: change mutex_init() location - fuse: annotate lock in fuse_reverse_inval_entry() - ovl: fix warning in ovl_create_real() - scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select() - xen/blkfront: harden blkfront against event channel storms (CVE-2021-28711) - xen/netfront: harden netfront against event channel storms (CVE-2021-28712) - xen/console: harden hvc_xen against event channel storms (CVE-2021-28713) - xen/netback: fix rx queue stall detection (CVE-2021-28714) - xen/netback: don't queue unlimited number of packages (CVE-2021-28715) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.223 - net: usb: lan78xx: add Allied Telesis AT29M2-AF - block, bfq: improve asymmetric scenarios detection - block, bfq: fix asymmetric scenarios detection - block, bfq: fix decrement of num_active_groups - block, bfq: fix queue removal from weights tree - block, bfq: fix use after free in bfq_bfqq_expire - HID: holtek: fix mouse probing - [arm64] dts: allwinner: orangepi-zero-plus: fix PHY mode - [arm64] spi: change clk_disable_unprepare to clk_unprepare - IB/qib: Fix memory leak in qib_user_sdma_queue_pkts() - netfilter: fix regression in looped (broad|multi)cast's MAC handling - qlcnic: potential dereference null pointer of rx_queue->page_ring - net: accept UFOv6 packages in virtio_net_hdr_to_skb - net: skip virtio_net_hdr_set_proto if protocol already set - ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module - bonding: fix ad_actor_system option setting to default - [amd64] fjes: Check for error irq - [armhf] drivers: net: smc911x: Check for error irq - sfc: falcon: Check null pointer of rx_queue->page_ring - hwmon: (lm90) Fix usage of CONFIG2 register in detect function - ALSA: jack: Check the return value of kstrdup() - ALSA: drivers: opl3: Fix incorrect use of vp->state - Input: atmel_mxt_ts - fix double free in mxt_read_info_block - ipmi: bail out if init_srcu_struct fails - ipmi: fix initialization when workqueue allocation fails - [x86] pkey: Fix undefined behaviour with PKRU_WD_BIT - [armel,armhf] 9169/1: entry: fix Thumb2 bug in iWMMXt exception handling - f2fs: fix to do sanity check on last xattr entry in __f2fs_setxattr() (CVE-2021-45469) - usb: gadget: u_ether: fix race in setting MAC address in setup phase - [x86] KVM: VMX: Fix stale docs for kvm-intel.emulate_invalid_guest_state - hwmon: (lm90) Do not report 'busy' status bit as alarm - ax25: NPD bug when detaching AX25 device - hamradio: defer ax25 kfree after unregister_netdev - hamradio: improve the incomplete fix to avoid NPD - phonet/pep: refuse to enable an unbound pipe https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.224 - [arm64] tee: handle lookup of shm with reference count 0 (CVE-2021-44733) - Input: i8042 - add deferred probe support - [x86] Input: i8042 - enable deferred probe quirk for ASUS UM325UA - [x86] platform/x86: apple-gmux: use resource_size() with res - selinux: initialize proto variable in selinux_ip_postroute_compat() - scsi: lpfc: Terminate string in lpfc_debugfs_nvmeio_trc_write() - udp: using datalen to cap ipv6 udp max gso segments - sctp: use call_rcu to free endpoint - net: usb: pegasus: Do not drop long Ethernet frames - net/mlx5e: Fix wrong features assignment in case of error - i2c: validate user data in compat ioctl - nfc: uapi: use kernel size_t to fix user-space builds - uapi: fix linux/nfc.h userspace compilation errors - xhci: Fresco FL1100 controller should not have BROKEN_MSI quirk set. - usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear. - [arm*] binder: fix async_free_space accounting for empty parcels - [x86] scsi: vmw_pvscsi: Set residual data length conditionally - Input: appletouch - initialize work before device registration - Input: spaceball - fix parsing of movement data packets - net: fix use-after-free in tw_timer_handler https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.225 - tracing: Fix check for trace_percpu_buffer validity in get_trace_buf() - tracing: Tag trace_percpu_buffer as a percpu pointer - ieee802154: atusb: fix uninit value in atusb_set_extended_addr - RDMA/core: Don't infoleak GRH fields - mac80211: initialize variable have_higher_than_11mbit - i40e: fix use-after-free in i40e_sync_filters_subtask() - i40e: Fix incorrect netdev's real number of RX/TX queues - ipv6: Check attribute length for RTA_GATEWAY in multipath route - ipv6: Check attribute length for RTA_GATEWAY when deleting multipath route - sch_qfq: prevent shift-out-of-bounds in qfq_init_qdisc - xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate (CVE-2021-4155) - rndis_host: support Hytera digital radios - phonet: refcount leak in pep_sock_accep (CVE-2021-45095) - ipv6: Continue processing multipath route even if gateway attribute is invalid - ipv6: Do cleanup if attribute validation fails in multipath route - scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown() - ip6_vti: initialize __ip6_tnl_parm struct in vti6_siocdevprivate - net: udp: fix alignment problem in udp4_seq_show() - mISDN: change function names to avoid conflicts https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.226 - Bluetooth: bfusb: fix division by zero in send path - USB: core: Fix bug in resuming hub's handling of wakeup requests - USB: Fix "slab-out-of-bounds Write" bug in usb_hcd_poll_rh_status - can: bcm: switch timer to HRTIMER_MODE_SOFT and remove hrtimer_tasklet - veth: Do not record rx queue hint in veth_xmit - [x86] mfd: intel-lpss: Fix too early PM enablement in the ACPI ->probe() - can: gs_usb: fix use of uninitialized variable, detach device on reception of invalid USB data - can: gs_usb: gs_can_start_xmit(): zero-initialize hf->{flags,reserved} - random: fix data race on crng_node_pool - random: fix data race on crng init time - [x86] drm/i915: Avoid bitwise vs logical OR warning in snb_wm_latency_quirk() - kbuild: Add $(KBUILD_HOSTLDFLAGS) to 'has_libelf' test - orangefs: Fix the size of a memory allocation in orangefs_bufmap_alloc() - [s390x] KVM: s390: Clarify SIGP orders versus STOP/RESTART - media: uvcvideo: fix division by zero at stream start - rtlwifi: rtl8192cu: Fix WARNING when calling local_irq_restore() with interrupts enabled - firmware: qemu_fw_cfg: fix sysfs information leak - firmware: qemu_fw_cfg: fix NULL-pointer deref on duplicate entries - firmware: qemu_fw_cfg: fix kobject leak in probe error path - ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Master after reboot from Windows - HID: uhid: Fix worker destroying device without any protection - HID: wacom: Reset expected and received contact counts at the same time - HID: wacom: Ignore the confidence flag when a touch is removed - HID: wacom: Avoid using stale array indicies to read contact count - f2fs: fix to do sanity check in is_alive() - nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind() - [armhf] mtd: rawnand: gpmi: Remove explicit default gpmi clock setting for i.MX6 - [x86] gpu: Reserve stolen memory for first integrated Intel GPU - rtc: cmos: take rtc_lock while reading from CMOS - media: flexcop-usb: fix control-message timeouts - media: mceusb: fix control-message timeouts - media: em28xx: fix control-message timeouts - media: cpia2: fix control-message timeouts - media: s2255: fix control-message timeouts - media: dib0700: fix undefined behavior in tuner shutdown - media: redrat3: fix control-message timeouts - media: pvrusb2: fix control-message timeouts - media: stk1160: fix control-message timeouts - [x86] can: softing_cs: softingcs_probe(): fix memleak on registration failure - PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller - shmem: fix a race between shmem_unused_huge_shrink and shmem_evict_inode - Bluetooth: cmtp: fix possible panic when cmtp_init_sockets() fails - [arm*] clk: bcm-2835: Pick the closest clock rate - [arm*] clk: bcm-2835: Remove rounding up the dividers - [arm64] wcn36xx: Indicate beacon not connection loss on MISSED_BEACON_IND - [arm64] wcn36xx: Release DMA channel descriptor allocations - media: videobuf2: Fix the size printk format - media: em28xx: fix memory leak in em28xx_init_dev - Bluetooth: stop proccessing malicious adv data - [arm64] tee: fix put order in teedev_close_context() - media: dmxdev: fix UAF when dvb_register_device() fails - [arm64] crypto: qce - fix uaf on qce_ahash_register_one - netfilter: bridge: add support for pppoe filtering - drm/amdgpu: Fix a NULL pointer dereference in amdgpu_connector_lcd_native_mode() - drm/radeon/radeon_kms: Fix a NULL pointer dereference in radeon_driver_open_kms() - [arm*] serial: amba-pl011: do not request memory region twice - floppy: Fix hang in watchdog when disk is ejected - media: dib8000: Fix a memleak in dib8000_init() - media: saa7146: mxb: Fix a NULL pointer dereference in mxb_attach() - media: si2157: Fix "warm" tuner state detection - sched/rt: Try to restart rt period timer when rt runtime exceeded - xfrm: fix a small bug in xfrm_sa_len() - media: dw2102: Fix use after free - media: msi001: fix possible null-ptr-deref in msi001_probe() - [arm64] drm/msm/dpu: fix safe status debugfs file - xfrm: interface with if_id 0 should return error - xfrm: state and policy should fail if XFRMA_IF_ID 0 - usb: ftdi-elan: fix memory leak on device disconnect - [armhf] mmc: meson-mx-sdio: add IRQ check - [x86] mce/inject: Avoid out-of-bounds write when setting flags - [x86] pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in __nonstatic_find_io_region() - [x86] pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in nonstatic_find_mem_region() - netfilter: ipt_CLUSTERIP: fix refcount leak in clusterip_tg_check() - ppp: ensure minimum packet size in ppp_write() - Bluetooth: hci_bcm: Check for error irq - [arm64,armhf] spi: spi-meson-spifc: Add missing pm_runtime_disable() in meson_spifc_probe - tpm: add request_locality before write TPM_INT_ENABLE - can: softing: softing_startstop(): fix set but not used variable warning - pcmcia: fix setting of kthread task states - net: mcs7830: handle usb read errors properly - ext4: avoid trim error on fs with small groups - ALSA: jack: Add missing rwsem around snd_ctl_remove() calls - ALSA: PCM: Add missing rwsem around snd_ctl_remove() calls - ALSA: hda: Add missing rwsem around snd_ctl_remove() calls - [arm64] RDMA/hns: Validate the pkey index - [powerpc*] prom_init: Fix improper check of prom_getprop() - ALSA: oss: fix compile error when OSS_DEBUG is enabled - [arm64,armhf] iommu/io-pgtable-arm: Fix table descriptor paddr formatting - scsi: ufs: Fix race conditions related to driver data - RDMA/core: Let ib_find_gid() continue search even after empty entry - [x86] ASoC: rt5663: Handle device_property_read_u32_array error codes - [arm*] iommu/iova: Fix race between FQ timeout and teardown - RDMA/cxgb4: Set queue pair state when being queried - Bluetooth: Fix debugfs entry leak in hci_register_dev() - fs: dlm: filter user dlm messages for kernel locks - ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START reply - drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR - usb: gadget: f_fs: Use stream_open() for endpoint files - HID: apple: Do not reset quirks when the Fn key is not found - media: b2c2: Add missing check in flexcop_pci_isr: - gpiolib: acpi: Do not set the IRQ type if the IRQ is already in use - [armhf] HSI: core: Fix return freed object in hsi_new_client - [x86] mwifiex: Fix skb_over_panic in mwifiex_usb_recv() (CVE-2021-43976) - rsi: Fix out-of-bounds read in rsi_read_pkt() - floppy: Add max size check for user space request - media: saa7146: hexium_orion: Fix a NULL pointer dereference in hexium_attach() - media: m920x: don't use stack on USB reads - iwlwifi: mvm: synchronize with FW after multicast commands - ath10k: Fix tx hanging - net-sysfs: update the queue counts in the unregistration path - [x86] mce: Mark mce_panic() noinstr - [x86] mce: Mark mce_end() noinstr - [x86] mce: Mark mce_read_aux() noinstr - net: bonding: debug: avoid printing debug logs when bond is not notifying peers - bpf: Do not WARN in bpf_warn_invalid_xdp_action() - HID: quirks: Allow inverting the absolute X/Y values - media: igorplugusb: receiver overflow should be reported - media: saa7146: hexium_gemini: Fix a NULL pointer dereference in hexium_attach() - mmc: core: Fixup storing of OCR for MMC_QUIRK_NONSTD_SDIO - audit: ensure userspace is penalized the same as the kernel when under pressure - usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0 - ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream - iwlwifi: fix leaks/bad data after failed firmware load - iwlwifi: remove module loading failure message - iwlwifi: mvm: Fix calculation of frame length - jffs2: GC deadlock reading a page that is used in jffs2_write_begin() - ACPICA: actypes.h: Expand the ACPI_ACCESS_ definitions - ACPICA: Utilities: Avoid deleting the same object twice in a row - ACPICA: Executer: Fix the REFCLASS_REFOF case in acpi_ex_opcode_1A_0T_1R() - ACPICA: Hardware: Do not flush CPU cache when entering S4 and S5 - drm/amdgpu: fixup bad vram size on gmc v8 - [x86] ACPI: battery: Add the ThinkPad "Not Charging" quirk - btrfs: remove BUG_ON() in find_parent_nodes() - btrfs: remove BUG_ON(!eie) in find_parent_nodes - net: mdio: Demote probed message to debug print - mac80211: allow non-standard VHT MCS-10/11 - dm btree: add a defensive bounds check to insert_at() - dm space map common: add bounds check to sm_ll_lookup_bitmap() - net: phy: marvell: configure RGMII delays for 88E1118 - [arm64] regulator: qcom_smd: Align probe function with rpmh-regulator - [arm64,armhf] serial: pl010: Drop CR register reset on set_termios - serial: core: Keep mctrl register state and cached copy in sync - [powerpc*] powernv: add missing of_node_put - [powerpc*] btext: add missing of_node_put - [powerpc*] watchdog: Fix missed watchdog reset due to memory ordering race - [x86] i2c: i801: Don't silently correct invalid transfer size - [powerpc*] smp: Move setup_profiling_timer() under CONFIG_PROFILING - [powerpc*] i2c: mpc: Correct I2C reset procedure - w1: Misuse of get_user()/put_user() reported by sparse - ALSA: seq: Set upper limit of processed events - [powerpc*] handle kdump appropriately with crash_kexec_post_notifiers option - [mips*] OCTEON: add put_device() after of_find_device_by_node() - [x86] i2c: designware-pci: Fix to change data types of hcnt and lcnt parameters - scsi: sr: Don't use GFP_DMA - [arm64] rpmsg: core: Clean up resources on announce_create failure. - ubifs: Error path in ubifs_remount_rw() seems to wrongly free write buffers - serial: Fix incorrect rs485 polarity on uart open - cputime, cpuacct: Include guest time in user time in cpuacct.stat - iwlwifi: mvm: Increase the scan timeout guard to 30 seconds - [s390x] mm: fix 2KB pgtable release race - [armhf] drm/etnaviv: limit submit sizes - ext4: make sure to reset inode lockdep class when quota enabling fails - ext4: make sure quota gets properly shutdown on error - ext4: set csum seed in tmp inode while migrating to extents - ext4: Fix BUG_ON in ext4_bread when write quota data - ext4: don't use the orphan list when migrating an inode - ASoC: dpcm: prevent snd_soc_dpcm use after free - regulator: core: Let boot-on regulators be powered off - drm/radeon: fix error handling in radeon_driver_open_kms - [arm64] RDMA/hns: Modify the mapping attribute of doorbell to device - RDMA/rxe: Fix a typo in opcode name - af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress - netns: add schedule point in ops_exit_list() - libcxgb: Don't accidentally set RTO_ONLINK in cxgb_find_route() - net_sched: restore "mpu xxx" handling - [mips*,s390x] gup: Work around the "COW can break either way" issue (CVE-2020-29374) - fuse: fix bad inode (CVE-2020-36322) - fuse: fix live lock in fuse_iget() (CVE-2021-28950) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.227 - [x86] drm/i915: Flush TLBs before releasing backing store (CVE-2022-0330) - net: bridge: clear bridge's private skb space on xmit - select: Fix indefinitely sleeping task in poll_schedule_timeout() - [x86] drm/vmwgfx: Fix stale file descriptors on failed usercopy (CVE-2022-22942) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.228 - Bluetooth: refactor malicious adv data check - [s390x] hypfs: include z/VM guests with access control group set - [s390x] scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices - udf: Restore i_lenAlloc when inode expansion fails (CVE-2022-0617) - udf: Fix NULL ptr deref when converting from inline format (CVE-2022-0617) - [armhf] drm/etnaviv: relax submit size limits - netfilter: nft_payload: do not update layer 4 checksum when mangling fragments - serial: 8250: of: Fix mapped region size when using reg-offset property - tty: n_gsm: fix SW flow control encoding/handling - tty: Add support for Brainboxes UC cards. - usb-storage: Add unusual-devs entry for VL817 USB-SATA bridge - [arm64,armhf] usb: common: ulpi: Fix crash in ulpi_match() - usb: gadget: f_sourcesink: Fix isoc transfer for USB_SPEED_SUPER_PLUS - USB: core: Fix hang in usb_kill_urb by adding memory barriers - [x86] usb: typec: tcpm: Do not disconnect while receiving VBUS off - [arm64,armhf] net: sfp: ignore disabled SFP node - i40e: Increase delay to 1 s after global EMP reset - i40e: Fix issue when maximum queues is exceeded - i40e: Fix queues reservation for XDP - i40e: fix unsigned stat widths - scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put() - ipv6_tunnel: Rate limit warning messages - net: fix information leakage in /proc/net/ptype - ping: fix the sk_bound_dev_if match in ping_lookup - ipv4: avoid using shared IP generator for connected sockets - hwmon: (lm90) Reduce maximum conversion rate for G781 - NFSv4: Handle case where the lookup of a directory fails (CVE-2022-24448) - NFSv4: nfs_atomic_open() can race when looking up a non-regular file - net-procfs: show net devices bound packet types - [arm64] drm/msm: Fix wrong size calculation - [arm64] drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable - ipv6: annotate accesses to fn->fn_sernum - NFS: Ensure the server has an up to date ctime before hardlinking - NFS: Ensure the server has an up to date ctime before renaming - phylib: fix potential use-after-free - yam: fix a memory leak in yam_siocdevprivate() (CVE-2022-24959) - ipv4: raw: lock the socket in raw_bind() - ipv4: tcp: send zero IPID in SYNACK messages - netfilter: nat: remove l4 protocol port rovers - netfilter: nat: limit port clash resolution attempts - tcp: fix possible socket leaks in internal pacing mode - ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback - [amd64,arm64] net: amd-xgbe: ensure to reset the tx_timer_active flag - [amd64,arm64] net: amd-xgbe: Fix skb data length underflow - rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink() - af_packet: fix data-race in packet_setsockopt / packet_setsockopt - audit: improve audit queue handling when "audit=1" on cmdline - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw() - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx() - ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx() - ALSA: hda/realtek: Add missing fixup-model entry for Gigabyte X570 ALC1220 quirks - ALSA: hda/realtek: Fix silent output on Gigabyte X570S Aorus Master (newer chipset) - ALSA: hda/realtek: Fix silent output on Gigabyte X570 Aorus Xtreme after reboot from Windows - drm/nouveau: fix off by one in BIOS boundary checking - block: bio-integrity: Advance seed correctly for larger interval sizes - RDMA/mlx4: Don't continue event handler after memory allocation failure - [amd64] iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping() - [amd64] iommu/amd: Fix loop timeout issue in iommu_ga_log_enable() - [armhf] spi: meson-spicc: add IRQ check in meson_spicc_probe - net: ieee802154: hwsim: Ensure proper channel selection at probe time - net: ieee802154: Return meaningful error codes from the netlink helpers - net: macsec: Verify that send_sci is on when setting Tx sci explicitly - [arm64,armhf] net: stmmac: ensure PTP time register reads are consistent - [x86] drm/i915/overlay: Prevent divide by zero bugs in scaling - scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe - nfsd: nfsd4_setclientid_confirm mistakenly expires confirmed client. - rtc: cmos: Evaluate century appropriate - [arm64] EDAC/xgene: Fix deferred probing - ext4: fix error handling in ext4_restore_inline_data() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.229 - cgroup-v1: Require capabilities to set release_agent (CVE-2022-0492) - moxart: fix potential use-after-free on remove path (CVE-2022-0487) - tipc: improve size validations for received domain records (CVE-2022-0435) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.230 - integrity: check the return value of audit_log_start() - net: phy: marvell: Fix MDI-x polarity setting in 88e1118-compatible PHYs - NFS: Fix initialisation of nfs_client cl_flags field - NFSD: Clamp WRITE offsets - NFSD: Fix offset type in I/O trace points - NFSv4 only print the label when its queried - nfs: nfs4clinet: check the return value of kstrdup() - NFSv4.1: Fix uninitialised variable in devicenotify - NFSv4 remove zero number of fs_locations entries error check - NFSv4 expose nfs_parse_server_name function - net: sched: Clarify error message when qdisc kind is unknown - scsi: target: iscsi: Make sure the np under each tpg is unique - [arm*] usb: dwc2: gadget: don't try to disable ep0 in dwc2_hsotg_suspend - [arm64,armhf] net: stmmac: dwmac-sun8i: use return val of readl_poll_timeout() - bpf: Add kconfig knob for disabling unpriv bpf by default - net: bridge: fix stale eth hdr pointer in br_dev_xmit - usb: f_fs: Fix use-after-free for epfile - ixgbevf: Require large buffers for build_skb on 82599VF - bonding: pair enable_port with slave_arr_updates - ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table() on failure path - net: do not keep the dst cache when uncloning an skb dst and its metadata - net: fix a memleak when uncloning an skb dst and its metadata - veth: fix races around rq->rx_notify_masked - tipc: rate limit warning for received illegal binding update - [amd64,arm64] net: amd-xgbe: disable interrupts during pci removal - vt_ioctl: fix array_index_nospec in vt_setactivate - vt_ioctl: add array_index_nospec to VT_ACTIVATE - n_tty: wake up poll(POLLRDNORM) on receiving data - [arm64,armhf] usb: ulpi: Move of_node_put to ulpi_dev_release - [arm64,armhf] usb: ulpi: Call of_node_put correctly - [arm64,armhf] usb: dwc3: gadget: Prevent core from processing stale TRBs - USB: gadget: validate interface OS descriptor requests (CVE-2022-25258) - usb: gadget: rndis: check size of RNDIS_MSG_SET command (CVE-2022-25375) - USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320 - USB: serial: option: add ZTE MF286D modem - USB: serial: ch341: add support for GW Instek USB2.0-Serial devices - USB: serial: cp210x: add NCR Retail IO box id - USB: serial: cp210x: add CPI Bulk Coin Recycler id - seccomp: Invalidate seccomp mode to catch death failures - [x86] hwmon: (dell-smm) Speed up setting of fan speed - perf: Fix list corruption in perf_cgroup_switch() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.231 - Makefile.extrawarn: Move -Wunaligned-access to W=1 - net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup - btrfs: send: in case of IO error log it - net: ieee802154: at86rf230: Stop leaking skb's - ax25: improve the incomplete fix to avoid UAF and NPD bugs - vfs: make freeze_super abort when sync_filesystem returns error - quota: make dquot_quota_sync return errors from ->sync_fs - nvme: fix a possible use-after-free in controller reset during load - nvme-rdma: fix possible use-after-free in transport error_recovery work - Revert "module, async: async_synchronize_full() on module init iff async is used" - iwlwifi: fix use-after-free - drm/radeon: Fix backlight control on iMac 12,1 - xfrm: Don't accidentally set RTO_ONLINK in decode_session4() - taskstats: Cleanup the use of task->exit_code - mmc: block: fix read single on recovery logic - vsock: remove vsock from connected table when connect is interrupted by a signal - iwlwifi: pcie: fix locking when "HW not ready" - iwlwifi: pcie: gen2: fix locking when "HW not ready" - ping: fix the dif and sdif check in ping_lookup - drop_monitor: fix data-race in dropmon_net_event / trace_napi_poll_hit - bonding: fix data-races around agg_select_timer - libsubcmd: Fix use-after-free for realloc(..., 0) - ALSA: hda: Fix regression on forced probe mask option - ALSA: hda: Fix missing codec probe on Shenker Dock 15 - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw() - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_range() - [powerpc*] lib/sstep: fix 'ptesync' build error - ext4: check for out-of-order index extents in ext4_valid_extent_entries() - block/wbt: fix negative inflight counter when remove scsi device - NFS: LOOKUP_DIRECTORY is also ok with symlinks - NFS: Do not report writeback errors in nfs_getattr() - EDAC: Fix calculation of returned address and next offset in edac_align_ptr() - net: sched: limit TC_ACT_REPEAT loops - lib/iov_iter: initialize "flags" in new pipe_buffer - [x86] Drivers: hv: vmbus: Expose monitor data only when monitor pages are used - [x86] Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj - [x86] KVM: x86/pmu: Use AMD64_RAW_EVENT_MASK for PERF_TYPE_RAW - [armhf] OMAP2+: hwmod: Add of_node_put() before break - netfilter: conntrack: don't refresh sctp entries in closed state - kconfig: let 'shell' return enough output for deep path names - ata: libata-core: Disable TRIM on M88V29 - tracing: Fix tp_printk option related with tp_printk_stop_on_boot - net: usb: qmi_wwan: Add support for Dell DW5829e - [arm64] net: macb: Align the dma and coherent dma masks https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.232 - cgroup/cpuset: Fix a race between cpuset_attach() and cpu hotplug - vhost/vsock: don't check owner in vhost_vsock_stop() while releasing - sr9700: sanity check for packet length - USB: zaurus: support another broken Zaurus - ping: remove pr_err from ping_lookup - net: __pskb_pull_tail() & pskb_carve_frag_list() drop_monitor friends - tipc: Fix end of loop tests for list_for_each_entry() - gso: do not skip outer ip header in case of ipip and net_failover - openvswitch: Fix setting ipv6 fields causing hw csum failure - drm/edid: Always set RGB444 - net/mlx5e: Fix wrong return value on ioctl EEPROM query failure - configfs: fix a race in configfs_{,un}register_subsystem() - RDMA/ib_srp: Fix a deadlock - tty: n_gsm: fix proper link termination after failed open - Revert "drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR" - memblock: use kfree() to release kmalloced memblock regions - fget: clarify and improve __fget_files() implementation - tracing: Have traceon and traceoff trigger honor the instance - ata: pata_hpt37x: disable primary channel on HPT371 - Revert "USB: serial: ch341: add new Product ID for CH341A" - usb: gadget: rndis: add spinlock for rndis response list - tracefs: Set the group ownership in apply_options() not parse_options() - USB: serial: option: add support for DW5829e - USB: serial: option: add Telit LE910R1 compositions - [arm64] usb: dwc3: pci: Fix Bay Trail phy GPIO mappings - [arm64,armhf] usb: dwc3: gadget: Let the interrupt handler disable bottom halves. - xhci: re-initialize the HC during resume if HCE was set - xhci: Prevent futile URB re-submissions due to incorrect return value. - tty: n_gsm: fix encoding of control signal octet bit DV . [ Salvatore Bonaccorso ] * Bump ABI to 19 * [rt] Update to 4.19.210-rt90 * [rt] Update to 4.19.211-rt91 * [rt] Update to 4.19.212-rt92 * [rt] Update to 4.19.214-rt93 * [rt] Update to 4.19.215-rt94 - fscache: fix initialisation of cookie hash table raw spinlocks * [rt] Update to 4.19.217-rt95 * Refresh "Export symbols needed by Android drivers" * liblockdep: Stop build liblockdep packages * [rt] Update to 4.19.218-rt96 * [rt] Update to 4.19.219-rt97 * [rt] Refresh "net: move xmit_recursion to per-task variable on -RT" * Refresh "Export symbols needed by Android drivers" * [rt] Update to 4.19.225-rt101 * Refresh "Revert "objtool: Fix CONFIG_STACK_VALIDATION=y warning for out-of-tree modules"" * [rt] Update to 4.19.227-rt102 * [rt] Update to 4.19.230-rt103 * init: Enable BPF_UNPRIV_DEFAULT_OFF (Closes: #990411) * Mitigate Spectre v2-type Branch History Buffer attacks (CVE-2022-0001, CVE-2022-0002) - [x86] speculation: Merge one test in spectre_v2_user_select_mitigation() - [x86] bugs: Unconditionally allow spectre_v2=retpoline,amd - [x86] speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE - [x86] speculation: Add eIBRS + Retpoline options - Documentation/hw-vuln: Update spectre doc - [x86] speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting - [x86] speculation: Use generic retpoline by default on AMD - [x86] speculation: Update link to AMD speculation whitepaper - [x86] speculation: Warn about Spectre v2 LFENCE mitigation - [x86] speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT linux-signed-arm64 (4.19.235+1) buster; urgency=medium . * Sign kernel from linux 4.19.235-1 . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.233 - mac80211_hwsim: report NOACK frames in tx_status - mac80211_hwsim: initialize ieee80211_tx_info at hw_scan_work - [arm*] i2c: bcm2835: Avoid clock stretching timeouts - [x86] ASoC: rt5682: do not block workqueue if card is unbound - Input: clear BTN_RIGHT/MIDDLE on buttonpads - cifs: fix double free race when mount fails in cifs_get_root() - net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990 - usb: gadget: don't release an existing dev->buf (CVE-2022-24958) - usb: gadget: clear related members when goto fail (CVE-2022-24958) - ata: pata_hpt37x: fix PCI clock detection - [x86] ALSA: intel_hdmi: Fix reference to PCM buffer address - ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min - xfrm: fix MTU regression - netfilter: fix use-after-free in __nf_register_net_hook() - xfrm: fix the if_id check in changelink - xfrm: enforce validity of offload input flags - netfilter: nf_queue: don't assume sk is full socket - netfilter: nf_queue: fix possible use-after-free - batman-adv: Request iflink once in batadv-on-batadv check - batman-adv: Request iflink once in batadv_get_real_netdevice - batman-adv: Don't expect inter-netns unique iflink indices - net: dcb: flush lingering app table entries for unregistered devices - net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error generated by client - net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error cause by server - block: Fix fsync always failed if once failed - PCI: pciehp: Fix infinite loop in IRQ handler upon power fault - xen/netfront: destroy queues before real_num_tx_queues is zeroed - mac80211: fix forwarded mesh frames AC & queue selection - [arm64,armhf] net: stmmac: fix return value of __setup handler - net: arcnet: com20020: Fix null-ptr-deref in com20020pci_probe() - efivars: Respect "block" flag in efivar_entry_set_safe() - can: gs_usb: change active_channels's type from atomic_t to u8 - [armel,armhf] 9182/1: mmu: fix returns from early_param() and __setup() functions - net: chelsio: cxgb3: check the return value of pci_find_capability() - nl80211: Handle nla_memdup failures in handle_nan_filter - Input: elan_i2c - move regulator_[en|dis]able() out of elan_[en|dis]able_power() - Input: elan_i2c - fix regulator enable count imbalance after suspend/resume - HID: add mapping for KEY_ALL_APPLICATIONS - memfd: fix F_SEAL_WRITE after shmem huge page allocated - tracing/histogram: Fix sorting on old "cpu" value - btrfs: add missing run of delayed items after unlink during log replay - net: dcb: disable softirqs in dcbnl_flush_dev() - hamradio: fix macro redefine warning https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.234 - [arm*] Provide a wrapper for SMCCC 1.1 calls - [arm64,armhf] smccc/psci: add arm_smccc_1_1_get_conduit() - [armhf] report Spectre v2 status through sysfs - [armel,armhf] early traps initialisation - [armel,armhf] use LOADADDR() to get load address of sections - [armel,armhf] Spectre-BHB workaround - [armel,armhf] include unprivileged BPF status in Spectre V2 reporting - [armel,armhf] fix build error when BPF_SYSCALL is disabled - [armel,armhf] fix co-processor register typo - [armel,armhf] Do not use NOCROSSREFS directive with ld.lld - [armhf] fix build warning in proc-v7-bugs.c - xen/xenbus: don't let xenbus_grant_ring() remove grants in error case (CVE-2022-23040, XSA-396) - xen/grant-table: add gnttab_try_end_foreign_access() (CVE-2022-23036, CVE-2022-23038, XSA-396) - xen/blkfront: don't use gnttab_query_foreign_access() for mapped status (CVE-2022-23036, XSA-396) - xen/netfront: don't use gnttab_query_foreign_access() for mapped status (CVE-2022-23037, XSA-396) - xen/scsifront: don't use gnttab_query_foreign_access() for mapped status (CVE-2022-23038, XSA-396) - xen/gntalloc: don't use gnttab_query_foreign_access() (CVE-2022-23039, XSA-396) - xen: remove gnttab_query_foreign_access() - xen/9p: use alloc/free_pages_exact() (CVE-2022-23041, XSA-396) - xen/pvcalls: use alloc/free_pages_exact() (CVE-2022-23041, XSA-396) - xen/gnttab: fix gnttab_end_foreign_access() without page specified (CVE-2022-23041, XSA-396) - xen/netfront: react properly to failing gnttab_end_foreign_access_ref() (CVE-2022-23042, XSA-396) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.235 - net: qlogic: check the return value of dma_alloc_coherent() in qed_vf_hw_prepare() - qed: return status of qed_iov_get_link - ax25: Fix NULL pointer dereference in ax25_kill_by_device - net/mlx5: Fix size field in bufferx_reg struct - NFC: port100: fix use-after-free in port100_send_complete - net: phy: DP83822: clear MISR2 register to disable interrupts - sctp: fix kernel-infoleak for SCTP sockets - net-sysfs: add check for netdevice being present to speed_show - Revert "xen-netback: remove 'hotplug-status' once it has served its purpose" - Revert "xen-netback: Check for hotplug-status existence before watching" - tracing: Ensure trace buffer is at least 4096 bytes large - [arm64] net: macb: Fix lost RX packet wakeup race in NAPI receive - virtio: unexport virtio_finalize_features - virtio: acknowledge all features before access - [armel,armhf] fix Thumb2 regression with Spectre BHB - ext4: add check to prevent attempting to resize an fs with sparse_super2 - btrfs: unlock newly allocated extent buffer after error (CVE-2021-4149) . [ Salvatore Bonaccorso ] * [rt] Add new signing key for Daniel Wagner * [rt] Update to 4.19.233-rt105 * Bump ABI to 20 * sctp: fix the processing for INIT chunk (CVE-2021-3772) * sctp: fix the processing for INIT_ACK chunk (CVE-2021-3772) linux-signed-arm64 (4.19.232+1) buster-security; urgency=high . * Sign kernel from linux 4.19.232-1 . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.209 - ocfs2: drop acl cache for directories too - [arm*] usb: dwc2: gadget: Fix ISOC transfer complete handling for DDMA - [armhf] usb: musb: tusb6010: uninitialized data in tusb_fifo_write_unaligned() - cifs: fix incorrect check for null pointer in header_assemble - [x86] xen/x86: fix PV trap handling on secondary processors - USB: serial: cp210x: add ID for GW Instek GDM-834x Digital Multimeter - USB: cdc-acm: fix minor-number release - Re-enable UAS for LaCie Rugged USB3-FW with fk quirk - USB: serial: mos7840: remove duplicated 0xac24 device ID - USB: serial: option: add Telit LN920 compositions - USB: serial: option: remove duplicate USB device ID - USB: serial: option: add device id for Foxconn T99W265 - [arm64] serial: mvebu-uart: fix driver's tx_empty callback - net: hso: fix muxed tty registration - bnxt_en: Fix TX timeout when TX ring size is set to the smallest - net/smc: add missing error check in smc_clc_prfx_set() - net/mlx4_en: Don't allow aRFS for encapsulated packets - scsi: iscsi: Adjust iface sysfs attr detection - [x86] tty: synclink_gt, drop unneeded forward declarations - [x86] tty: synclink_gt: rename a conflicting function name - thermal/core: Potential buffer overflow in thermal_build_list_of_policies() - [arm64,armhf] irqchip/gic-v3-its: Fix potential VPE leak on error - md: fix a lock order reversal in md_alloc - blktrace: Fix uaf in blk_trace access after removing by sysfs - [arm64,armhf] net: stmmac: allow CSR clock of 300MHz - xen/balloon: use a kernel thread instead a workqueue - nvme-multipath: fix ANA state updates when a namespace is not present - qnx4: avoid stringop-overread errors - [arm64] Mark __stack_chk_guard as __ro_after_init - net: 6pack: Fix tx timeout and slot time - [arm64] PCI: aardvark: Fix checking for PIO status - tcp: address problems caused by EDT misshaps - tcp: always set retrans_stamp on recovery - tcp: create a helper to model exponential backoff - tcp: adjust rto_base in retransmits_timed_out() - xen/balloon: fix balloon kthread freezing - tty: Fix out-of-bound vmalloc access in imageblit - cpufreq: schedutil: Use kobject release() method to free sugov_tunables - cpufreq: schedutil: Destroy mutex before kobject_put() frees the memory - mac80211: fix use-after-free in CCMP/GCMP RX - [x86] kvmclock: Move this_cpu_pvti into kvmclock.h - ipvs: check that ip_vs_conn_tab_bits is between 8 and 20 - mac80211: Fix ieee80211_amsdu_aggregate frag_tail bug - mac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap - sctp: break out if skb_header_pointer returns NULL in sctp_rcv_ootb - hwmon: (tmp421) Replace S_ with octal values - hwmon: (tmp421) report /PVLD condition as fault - hwmon: (tmp421) fix rounding for negative values - e100: fix length calculation in e100_get_regs_len - e100: fix buffer overrun in e100_get_regs - Revert "block, bfq: honor already-setup queue merges" - scsi: csiostor: Add module softdep on cxgb4 - af_unix: fix races in sk_peer_pid and sk_peer_cred accesses (CVE-2021-4203) - elf: don't use MAP_FIXED_NOREPLACE for elf interpreter mappings - ext4: fix potential infinite loop in ext4_dx_readdir() - net: udp: annotate data race around udp_sk(sk)->corkflag - [armel,armhf] 9077/1: PLT: Move struct plt_entries definition to header - [armel,armhf] 9078/1: Add warn suppress parameter to arm_gen_branch_link() - [armel,armhf] 9079/1: ftrace: Add MODULE_PLTS support - [armel,armhf] 9098/1: ftrace: MODULE_PLT: Fix build problem without DYNAMIC_FTRACE - [x86] crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd() (CVE-2021-3744, CVE-2021-3764) - HID: betop: fix slab-out-of-bounds Write in betop_probe - netfilter: ipset: Fix oversized kvmalloc() calls - HID: usbhid: free raw_report buffers in usbhid_stop - cred: allow get_cred() and put_cred() to be given NULL. https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.210 - net: mdio: introduce a shutdown method to mdio device drivers - xen-netback: correct success/error reporting for the SKB-with-fraglist case - scsi: sd: Free scsi_disk device via put_device() - [arm*] usb: dwc2: check return value after calling platform_get_resource() - scsi: ses: Retry failed Send/Receive Diagnostic commands - libata: Add ATA_HORKAGE_NO_NCQ_ON_ATI for Samsung 860 and 870 SSD. - lib/timerqueue: Rely on rbtree semantics for next timer (CVE-2021-20317) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.211 - USB: cdc-acm: fix racy tty buffer accesses - USB: cdc-acm: fix break reporting - xen/privcmd: fix error handling in mmap-resource processing - ovl: fix missing negative dentry check in ovl_rename() (CVE-2021-20321) - nfsd4: Handle the NFSv4 READDIR 'dircount' hint being zero - xen/balloon: fix cancelled balloon action - [armhf] dts: omap3430-sdp: Fix NAND device node - [mips,mipsel] bpf, mips: Validate conditional branch offsets (CVE-2021-38300) - [armel,armhf] bpf, arm: Fix register clobbering in div/mod implementation - bpf: Fix integer overflow in prealloc_elems_and_freelist() (CVE-2021-41864) - phy: mdio: fix memory leak - net_sched: fix NULL deref in fifo_set_limit() - [i386] ptp_pch: Load module automatically if ID matches - [armhf] imx6: disable the GIC CPU interface before calling stby-poweroff sequence - net: bridge: use nla_total_size_64bit() in br_get_linkxstats_size() - [arm64,armhf] net: sfp: Fix typo in state machine debug string - netlink: annotate data races around nlk->bound - drm/nouveau/debugfs: fix file release memory leak - rtnetlink: fix if_nlmsg_stats_size() under estimation - i40e: fix endless loop under rtnl - i40e: Fix freeing of uninitialized misc IRQ vector - i2c: acpi: fix resource leak in reconfiguration device addition https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.212 - [armhf] net: phy: bcm7xxx: Fixed indirect MMD operations - HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS - netfilter: ip6_tables: zero-initialize fragment offset - mac80211: Drop frames from invalid MAC address in ad-hoc mode - net: prevent user from passing illegal stab size - mac80211: check return value of rhashtable_init - scsi: ses: Fix unsigned comparison with less than zero - scsi: virtio_scsi: Fix spelling mistake "Unsupport" -> "Unsupported" - [x86] perf/x86: Reset destroy callback on event init failure - sched: Always inline is_percpu_thread() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.213 - ALSA: seq: Fix a potential UAF by wrong private_free call order - ALSA: hda/realtek: Complete partial device name to avoid ambiguity - ALSA: hda/realtek: Add quirk for Clevo X170KM-G - ALSA: hda/realtek - ALC236 headset MIC recording issue - [s390x] fix strrchr() implementation - btrfs: deal with errors when replaying dir entry during log replay - btrfs: deal with errors when adding inode reference during log replay - btrfs: check for error when looking up inode during dir entry replay - [x86] mei: me: add Ice Lake-N device id. - xhci: guard accesses to ep_state in xhci_endpoint_reset() - xhci: Fix command ring pointer corruption while aborting a command - xhci: Enable trust tx length quirk for Fresco FL11 USB controller - cb710: avoid NULL pointer subtraction - [arm64,x86] efi/cper: use stack buffer for error record decoding - efi: Change down_interruptible() in virt_efi_reset_system() to down_trylock() - [armhf] usb: musb: dsps: Fix the probe error path - Input: xpad - add support for another USB ID of Nacon GC-100 - USB: serial: qcserial: add EM9191 QDL support - USB: serial: option: add Quectel EC200S-CN module support - USB: serial: option: add Telit LE910Cx composition 0x1204 - USB: serial: option: add prod. id for Quectel EG91 - virtio: write back F_VERSION_1 before validate - nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells - sctp: account stream padding length for reconf chunk (CVE-2022-0322) - ethernet: s2io: fix setting mac address during resume - nfc: fix error handling of nfc_proto_register() - NFC: digital: fix possible memory leak in digital_tg_listen_mdaa() - NFC: digital: fix possible memory leak in digital_in_send_sdd_req() - [i386] pata_legacy: fix a couple uninitialized variable bugs - [arm64] drm/msm: Fix null pointer dereference on pointer edp - [arm64] drm/msm/dsi: Fix an error code in msm_dsi_modeset_init() - [arm64] drm/msm/dsi: fix off by one in dsi_bus_clk_enable error handling - [arm64] acpi/arm64: fix next_platform_timer() section mismatch error - mqprio: Correct stats in mqprio_dump_class_stats(). - qed: Fix missing error code in qed_slowpath_start() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.214 - NFSD: Keep existing listeners on portlist error - netfilter: ipvs: make global sysctl readonly in non-init netns - [arm64] net: hns3: add limit ets dwrr bandwidth cannot be 0 - [arm64] net: hns3: disable sriov before unload hclge layer - can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state notification - can: peak_pci: peak_pci_remove(): fix UAF - ocfs2: fix data corruption after conversion from inline format - ocfs2: mount fails with buffer overflow in strlen - vfs: check fd has read access in kernel_read_file_from_fd() (CVE-2022-0644) - ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset - ALSA: hda/realtek: Add quirk for Clevo PC50HS - ASoC: DAPM: Fix missing kctl change notifications - mm, slub: fix mismatch between reconstructed freelist depth and cnt - nfc: nci: fix the UAF of rf_conn_info object (CVE-2021-3760) - isdn: cpai: check ctr->cnr to avoid array index out of bound (CVE-2021-43389) - btrfs: deal with errors when checking if a dir entry exists during log replay - [arm64,armhf] net: stmmac: add support for dwmac 3.40a - isdn: mISDN: Fix sleeping function called from invalid context - ALSA: hda: avoid write to STATESTS if controller is in reset - scsi: core: Fix shost->cmd_per_lun calculation in scsi_add_host_with_dma() - net: mdiobus: Fix memory leak in __mdiobus_register - tracing: Have all levels of checks prevent recursion https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.215 - [armel,armhf] 9139/1: kprobes: fix arch_init_kprobes() prototype - [powerpc*] bpf: Fix BPF_MOD when imm == 1 - [arm64] Avoid premature usercopy failure - usbnet: sanity check for maxpacket - usbnet: fix error return code in usbnet_probe() - ata: sata_mv: Fix the error handling of mv_chip_id() - nfc: port100: fix using -ERRNO as command type mask - Revert "net: mdiobus: Fix memory leak in __mdiobus_register" - ipv4: use siphash instead of Jenkins in fnhe_hashfun() (CVE-2021-20322) - ipv6: use siphash in rt6_exception_hash() (CVE-2021-20322) - ipv6: make exception cache less predictible (CVE-2021-20322) - mmc: vub300: fix control-message timeouts - mmc: cqhci: clear HALT state after CQE enable - [armhf] mmc: dw_mmc: exynos: fix the finding clock sample value - mmc: sdhci: Map more voltage level to SDHCI_POWER_330 - [armhf] mmc: sdhci-esdhc-imx: clear the buffer_read_ready to reset standard tuning circuit - net: lan78xx: fix division by zero in send path - RDMA/mlx5: Set user priority for DCT - [arm64] dts: allwinner: h5: NanoPI Neo 2: Fix ethernet node - regmap: Fix possible double-free in regcache_rbtree_exit() - net: batman-adv: fix error handling - net: Prevent infinite while loop in skb_tx_hash() - net: ethernet: microchip: lan743x: Fix driver crash when lan743x_pm_resume fails - net: ethernet: microchip: lan743x: Fix dma allocation failure by using dma_set_mask_and_coherent - sctp: use init_tag from inithdr for ABORT chunk (CVE-2021-3772) - sctp: fix the processing for COOKIE_ECHO chunk (CVE-2021-3772) - sctp: add vtag check in sctp_sf_violation (CVE-2021-3772) - sctp: add vtag check in sctp_sf_do_8_5_1_E_sa (CVE-2021-3772) - sctp: add vtag check in sctp_sf_ootb (CVE-2021-3772) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.216 - scsi: core: Put LLD module refcnt after SCSI device is released - media: firewire: firedtv-avc: fix a buffer overflow in avc_ca_pmt() (CVE-2021-42739) - IB/qib: Use struct_size() helper - IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields - sfc: Fix reading non-legacy supported link modes - arch: pgtable: define MAX_POSSIBLE_PHYSMEM_BITS where needed - [armel,armhf] 9120/1: Revert "amba: make use of -1 IRQs warn" https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.217 - [x86] Revert "x86/kvm: fix vcpu-id indexed array sizes" - usb: ehci: handshake CMD_RUN instead of STS_HALT - [arm64,armhf] usb: musb: Balance list entry in musb_gadget_queue - usb-storage: Add compatibility quirk flags for iODD 2531/2541 - printk/console: Allow to disable console output by using console="" or console=null - isofs: Fix out of bound access for corrupted isofs image - [x86] comedi: dt9812: fix DMA buffers on stack - [x86] comedi: ni_usb6501: fix NULL-deref in command paths - [x86] comedi: vmk80xx: fix transfer-buffer overflows - [x86] comedi: vmk80xx: fix bulk-buffer overflow - [x86] comedi: vmk80xx: fix bulk and interrupt message timeouts - staging: r8712u: fix control-message timeout - [x86] staging: rtl8192u: fix control-message timeouts - rsi: fix control-message timeout https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.218 - xhci: Fix USB 3.1 enumeration issues by increasing roothub power-on-good delay - binder: use euid from cred instead of using task - binder: use cred instead of task for selinux checks - Input: elantench - fix misreporting trackpoint coordinates (Closes: #989285) - libata: fix read log timeout value - ocfs2: fix data corruption on truncate - [arm64,armhf] mmc: dw_mmc: Dont wait for DRTO on Write RSP error - tpm: Check for integer overflow in tpm2_map_response_body() - [x86] media: ite-cir: IR receiver stop working after receive overflow - media: ir-kbd-i2c: improve responsiveness of hauppauge zilog receivers (Closes: #994050) - ALSA: hda/realtek: Add quirk for Clevo PC70HS - ALSA: ua101: fix division by zero at probe - ALSA: 6fire: fix control and bulk message timeouts - ALSA: line6: fix control and interrupt message timeouts - ALSA: usb-audio: Add registration quirk for JBL Quantum 400 - ALSA: synth: missing check for possible NULL after the call to kstrdup - ALSA: timer: Fix use-after-free problem - ALSA: timer: Unconditionally unlink slave instances, too - [x86] irq: Ensure PI wakeup handler is unregistered before module unload - [arm64] cavium: Return negative value when pci_alloc_irq_vectors() fails - scsi: qla2xxx: Fix unmap of already freed sgl - [arm64] cavium: Fix return values of the probe function - sfc: Don't use netif_info before net_device setup - [x86] hyperv/vmbus: include linux/bitops.h - drm: panel-orientation-quirks: Add quirk for Aya Neo 2021 - bpf: Prevent increasing bpf_jit_limit above max - xen/netfront: stop tx queues during live migration - [armhf] spi: spl022: fix Microwire full duplex mode - [armhf] watchdog: Fix OMAP watchdog early handling - [x86] vmxnet3: do not stop tx queues after netif_device_detach() - btrfs: clear MISSING device status bit in btrfs_close_one_device - btrfs: fix lost error handling when replaying directory deletes - btrfs: call btrfs_check_rw_degradable only if there is a missing device - [armhf] regulator: s5m8767: do not use reset value as DVS voltage if GPIO DVS is disabled - [armhf] regulator: dt-bindings: samsung,s5m8767: correct s5m8767,pmic-buck-default-dvs-idx property - EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell - [x86] mwifiex: fix division by zero in fw download path - ath6kl: fix division by zero in send path - ath6kl: fix control-message timeout - ath10k: fix control-message timeout - ath10k: fix division by zero in send path - PCI: Mark Atheros QCA6174 to avoid bus reset - rtl8187: fix control-message timeouts - [arm64] wcn36xx: Fix HT40 capability for 2Ghz band - mwifiex: Read a PCI register after writing the TX ring write pointer - libata: fix checking of DMA state - [arm64] wcn36xx: handle connection loss indication - rsi: fix occasional initialisation failure with BT coex - rsi: fix key enabled check causing unwanted encryption for vap_id > 0 - rsi: fix rate mask set leading to P2P failure - rsi: Fix module dev_oper_mode parameter description - RDMA/qedr: Fix NULL deref for query_qp on the GSI QP - signal: Remove the bogus sigkill_pending in ptrace_stop - [mips*] signal/mips: Update (_save|_restore)_fp_context to fail with -EFAULT - [x86] power: supply: max17042_battery: Prevent int underflow in set_soc_threshold - [x86] power: supply: max17042_battery: use VFSOC for capacity when no rsns - serial: core: Fix initializing and restoring termios speed - ALSA: mixer: oss: Fix racy access to slots - ALSA: mixer: fix deadlock in snd_mixer_oss_set_volume - xen/balloon: add late_initcall_sync() for initial ballooning done - [arm64] PCI: aardvark: Do not clear status bits of masked interrupts - [arm64] PCI: aardvark: Do not unmask unused interrupts - [arm64] PCI: aardvark: Fix return value of MSI domain .alloc() method - [arm64] PCI: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG - quota: check block number when reading the block in quota file - quota: correct error number in free_dqentry() - pinctrl: core: fix possible memory leak in pinctrl_enable() - iio: dac: ad5446: Fix ad5622_write() return value - USB: serial: keyspan: fix memleak on probe errors - USB: iowarrior: fix control-message timeouts - drm: panel-orientation-quirks: Add quirk for KD Kurio Smart C15200 2-in-1 - Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg() (CVE-2021-3640) - Bluetooth: fix use-after-free error in lock_sock_nested() (CVE-2021-3752) - [x86] platform/x86: wmi: do not fail if disabling fails - locking/lockdep: Avoid RCU-induced noinstr fail - net: sched: update default qdisc visibility after Tx queue cnt changes - [x86] Increase exception stack sizes - mwifiex: Run SET_BSS_MODE when changing from P2P to STATION vif-type - mwifiex: Properly initialize private structure on interface type changes - media: netup_unidvb: handle interrupt properly according to the firmware - media: uvcvideo: Set capability in s_param - media: uvcvideo: Return -EIO for control errors - media: mceusb: return without resubmitting URB in case of -EPROTO error. - ACPICA: Avoid evaluating methods too early during system resume - media: usb: dvd-usb: fix uninit-value bug in dibusb_read_eeprom_byte() - tracefs: Have tracefs directories not set OTH permission bits by default - ath: dfs_pattern_detector: Fix possible null-pointer dereference in channel_detector_create() - [x86] ACPI: battery: Accept charges over the design capacity as full - memstick: r592: Fix a UAF bug when removing the driver - lib/xz: Avoid overlapping memcpy() with invalid input with in-place decompression - lib/xz: Validate the value before assigning it to an enum variable - workqueue: make sysfs of unbound kworker cpumask more clever - mwl8k: Fix use-after-free in mwl8k_fw_state_machine() - PM: hibernate: Get block device exclusively in swsusp_check() - iwlwifi: mvm: disable RX-diversity in powersave - gre/sit: Don't generate link-local addr if addr_gen_mode is IN6_ADDR_GEN_MODE_NONE - [x86] hyperv: Protect set_hv_tscchange_cb() against getting preempted - task_stack: Fix end_of_stack() for architectures with upwards-growing stack - Bluetooth: fix init and cleanup of sco_conn.timeout_work - cgroup: Make rebind_subsystems() disable v2 controllers all at once - drm/amdgpu: fix warning for overflow check - media: em28xx: add missing em28xx_close_extension - media: dvb-usb: fix ununit-value in az6027_rc_query - media: si470x: Avoid card name truncation - media: cx23885: Fix snd_card_free call on null card pointer - cpuidle: Fix kobject memory leaks in error paths - media: em28xx: Don't use ops->suspend if it is NULL - ath9k: Fix potential interrupt storm on queue reset - [x86] crypto: qat - detect PFVF collision after ACK - [x86] crypto: qat - disregard spurious PFVF interrupts - b43legacy: fix a lower bounds test - b43: fix a lower bounds test - [armhf] mmc: sdhci-omap: Fix NULL pointer exception if regulator is not configured - memstick: jmb38x_ms: use appropriate free function in jmb38x_ms_alloc_host() - hwmon: Fix possible memleak in __hwmon_device_register() - ath10k: fix max antenna gain unit - [arm64] drm/msm: uninitialized variable in msm_gem_import() - net: stream: don't purge sk_error_queue in sk_stream_kill_queues() - [x86] platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning - rsi: stop thread firstly in rsi_91x_init() error handling - mwifiex: Send DELBA requests according to spec - phy: micrel: ksz8041nl: do not use power down mode - nvme-rdma: fix error code in nvme_rdma_setup_ctrl - PM: hibernate: fix sparse warnings - [arm64] drm/msm: Fix potential NULL dereference in DPU SSPP - [s390x] gmap: don't unconditionally call pte_unmap_unlock() in __gmap_zap() - tcp: don't free a FIN sk_buff in tcp_remove_empty_skb() - [s390x] KVM: s390: Fix handle_sske page fault handling - libertas_tf: Fix possible memory leak in probe and disconnect - libertas: Fix possible memory leak in probe and disconnect - [arm64] wcn36xx: add proper DMA memory barriers in rx path - [amd64,arm64] net: amd-xgbe: Toggle PLL settings during rate change - [arm64,armhf] net: phylink: avoid mvneta warning when setting pause parameters - crypto: pcrypt - Delay write to padata->info - RDMA/rxe: Fix wrong port_cap_flags - scsi: dc395: Fix error case unwinding - JFS: fix memleak in jfs_mount - ALSA: hda: Reduce udelay() at SKL+ position reporting - [arm64,armhf] soc/tegra: Fix an error handling path in tegra_powergate_power_up() - serial: 8250_dw: Drop wrong use of ACPI_PTR() - scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn() - RDMA/mlx4: Return missed an error if device doesn't support steering - [arm64] phy: qcom-qusb2: Fix a memory leak on probe - [arm64] serial: xilinx_uartps: Fix race condition causing stuck TX - [mips*] cm: Convert to bitfield API to fix out-of-bounds access - apparmor: fix error check - rpmsg: Fix rpmsg_create_ept return when RPMSG config is not defined - pnfs/flexfiles: Fix misplaced barrier in nfs4_ff_layout_prepare_ds - drm/plane-helper: fix uninitialized variable reference - [arm64] PCI: aardvark: Don't spam about PIO Response Status - NFS: Fix deadlocks in nfs_scan_commit_list() - fs: orangefs: fix error return code of orangefs_revalidate_lookup() - [arm64] mtd: spi-nor: hisi-sfc: Remove excessive clk_disable_unprepare() - netfilter: nfnetlink_queue: fix OOB when mac header was cleared - dmaengine: dmaengine_desc_callback_valid(): Check for `callback_result` - [x86] watchdog: f71808e_wdt: fix inaccurate report in WDIOC_GETTIMEOUT - scsi: qla2xxx: Fix gnl list corruption - scsi: qla2xxx: Turn off target reset during issue_lip - xen-pciback: Fix return in pm_ctrl_init() - [armhf] net: davinci_emac: Fix interrupt pacing disable - bonding: Fix a use-after-free problem when bond_sysfs_slave_add() failed - mm/zsmalloc.c: close race window between zs_pool_dec_isolated() and zs_unregister_migration() - zram: off by one in read_block_state() - llc: fix out-of-bound array index in llc_sk_dev_hash() - nfc: pn533: Fix double free when pn533_fill_fragment_skbs() fails - [arm64] pgtable: make __pte_to_phys/__phys_to_pte_val inline functions - vsock: prevent unnecessary refcnt inc for nonblocking connect - cxgb4: fix eeprom len when diagnostics not implemented - [arm64,armhf] USB: chipidea: fix interrupt deadlock - [armel,armhf] 9155/1: fix early early_iounmap() - f2fs: should use GFP_NOFS for directory inodes - 9p/net: fix missing error check in p9_check_errors - [powerpc*] lib: Add helper to check if offset is within conditional branch range - [powerpc*] bpf: Validate branch ranges - [powerpc*] bpf: Fix BPF_SUB when imm == 0x80000000 - [powerpc*] security: Add a helper to query stf_barrier type - [powerpc*] bpf: Emit stf barrier instruction sequences for BPF_NOSPEC - mm, oom: pagefault_out_of_memory: don't force global OOM for dying tasks - mm, oom: do not trigger out_of_memory from the #PF - [armhf] backlight: gpio-backlight: Correct initial power state handling - video: backlight: Drop maximum brightness override for brightness zero - [s390x] cio: check the subchannel validity for dev_busid - [s390x] tape: fix timer initialization in tape_std_assign() - PCI: Add PCI_EXP_DEVCTL_PAYLOAD_* macros - fuse: truncate pagecache on atomic_o_trunc - [x86] cpu: Fix migration safety with X86_BUG_NULL_SEL - ext4: fix lazy initialization next schedule time computation in more granular unit - PCI/MSI: Destroy sysfs before freeing entries - PCI/MSI: Deal with devices lying about their MSI mask capability - PCI: Add MSI masking quirk for Nvidia ION AHCI - [arm64] zynqmp: Do not duplicate flash partition label property - [arm64] zynqmp: Fix serial compatible string - scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() - [armhf] usb: musb: tusb6010: check return value after calling platform_get_resource() - [x86] usb: typec: tipd: Remove WARN_ON in tps6598x_block_read - [x86] ASoC: nau8824: Add DMI quirk mechanism for active-high jack-detect - scsi: advansys: Fix kernel pointer leak - firmware_loader: fix pre-allocated buf built-in firmware use - tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc - scsi: target: Fix ordered tag handling - scsi: target: Fix alua_tg_pt_gps_count tracking - [i386] ALSA: gus: fix null pointer dereference on pointer block - f2fs: fix up f2fs_lookup tracepoints - sched/core: Mitigate race cpus_share_cache()/update_top_cache_domain() - drm/nouveau: hdmigv100.c: fix corrupted HDMI Vendor InfoFrame - iavf: check for null in iavf_fix_features - iavf: Fix for the false positive ASQ/ARQ errors while issuing VF reset - [x86] platform/x86: hp_accel: Fix an error handling path in 'lis3lv02d_probe()' - net: virtio_net_hdr_to_skb: count transport header in UFO - i40e: Fix correct max_pkt_size on VF RX queue - i40e: Fix NULL ptr dereference on VSI filter sync - i40e: Fix changing previously set num_queue_pairs for PFs - i40e: Fix display error code in dmesg - NFC: reorganize the functions in nci_request - [x86] perf/x86/intel/uncore: Fix filter_tid mask for CHA events on Skylake Server - [x86] perf/x86/intel/uncore: Fix IIO event constraints for Skylake Server - tun: fix bonding active backup with arp monitoring - ipc: WARN if trying to remove ipc object which is absent - [x86] hyperv: Fix NULL deref in set_hv_tscchange_cb() if Hyper-V setup fails - udf: Fix crash after seekdir - btrfs: fix memory ordering between normal and ordered work functions - cfg80211: call cfg80211_stop_ap when switch from P2P_GO type - drm/udl: fix control-message timeout - drm/amdgpu: fix set scaling mode Full/Full aspect/Center not works on vga and dvi connectors - perf/core: Avoid put_page() when GUP fails - batman-adv: mcast: fix duplicate mcast packets in BLA backbone from LAN - batman-adv: Consider fragmentation for needed_headroom - batman-adv: Reserve needed_*room for fragments - batman-adv: Don't always reallocate the fragmentation skb head - RDMA/netlink: Add __maybe_unused to static inline in C file - ASoC: DAPM: Cover regression by kctl change notification fix - [arm64,armhf] soc/tegra: pmc: Fix imbalanced clock disabling in error code path https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.219 - USB: serial: option: add Telit LE910S1 0x9200 composition - USB: serial: option: add Fibocom FM101-GL variants - [arm*] usb: dwc2: hcd_queue: Fix use of floating point literal - usb: hub: Fix usb enumeration issue due to address0 race - usb: hub: Fix locking issues with address0_mutex - [arm*] binder: fix test regression due to sender_euid change - ALSA: ctxfi: Fix out-of-range access - media: cec: copy sequence field for the reply - HID: wacom: Use "Confidence" flag to prevent reporting invalid contacts - [x86] staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() - fuse: fix page stealing - xen: don't continue xenstore initialization in case of errors - xen: detect uninitialized xenbus in xenbus_init - tracing: Fix pid filtering when triggers are attached - proc/vmcore: fix clearing user buffer by properly using clear_user() - [arm64] PCI: aardvark: Fix a leaked reference by adding missing of_node_put() - [arm64] PCI: aardvark: Wait for endpoint to be ready before training link - [arm64] PCI: aardvark: Train link immediately after enabling training - [arm64] PCI: aardvark: Improve link training - [arm64] PCI: aardvark: Issue PERST via GPIO - [arm64] PCI: aardvark: Replace custom macros by standard linux/pci_regs.h macros - [arm64] PCI: aardvark: Indicate error in 'val' when config read fails - [arm64] PCI: aardvark: Don't touch PCIe registers if no card connected - [arm64] PCI: aardvark: Fix compilation on s390 - [arm64] PCI: aardvark: Move PCIe reset card code to advk_pcie_train_link() - [arm64] PCI: aardvark: Update comment about disabling link training - [arm64] PCI: aardvark: Configure PCIe resources from 'ranges' DT property - [arm64] PCI: aardvark: Fix PCIe Max Payload Size setting - [arm64] PCI: aardvark: Fix link training - [arm64] PCI: aardvark: Fix checking for link up via LTSSM state - [arm64] pinctrl: armada-37xx: Correct mpp definitions - [arm64] pinctrl: armada-37xx: add missing pin: PCIe1 Wakeup - [arm64] pinctrl: armada-37xx: Correct PWM pins definitions - [arm64] dts: marvell: armada-37xx: Set pcie_reset_pin to gpio function - netfilter: ipvs: Fix reuse connection if RS weight is 0 - [x86] ASoC: topology: Add missing rwsem around snd_ctl_remove() calls - net: ieee802154: handle iftypes as u32 - NFSv42: Don't fail clone() unless the OP_CLONE operation failed - [armhf] socfpga: Fix crash with CONFIG_FORTIRY_SOURCE - scsi: mpt3sas: Fix kernel panic during drive powercycle test - [arm*] drm/vc4: fix error code in vc4_create_object() - ipv6: fix typos in __ip6_finish_output() - net/smc: Ensure the active closing peer first closes clcsock - PM: hibernate: use correct mode for swsusp_close() - tcp_cubic: fix spurious Hystart ACK train detections for not-cwnd-limited flows - net/smc: Don't call clcsock shutdown twice when smc shutdown - [arm64] net: hns3: fix VF RSS failed problem after PF enable multi-TCs - vhost/vsock: fix incorrect used length reported to the guest - tracing: Check pid filtering when creating events - [s390x] mm: validate VMA in PGSTE manipulation functions - hugetlbfs: flush TLBs correctly after huge_pmd_unshare (CVE-2021-4002) - NFC: add NCI_UNREG flag to eliminate the race - fuse: release pipe buf after last use - xen: sync include/xen/interface/io/ring.h with Xen's newest version - xen/blkfront: read response from backend only once - xen/blkfront: don't take local copy of a request from the ring page - xen/blkfront: don't trust the backend response data blindly - xen/netfront: read response from backend only once - xen/netfront: don't read data from request on the ring page - xen/netfront: disentangle tx_skb_freelist - xen/netfront: don't trust the backend response data blindly - tty: hvc: replace BUG_ON() with negative return value https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.220 - shm: extend forced shm destroy to support objects from several IPC nses - NFSv42: Fix pagecache invalidation after COPY/CLONE - gfs2: Fix length of holes reported at end-of-file - [amd64] atlantic: Fix OOB read and write in hw_atl_utils_fw_rpc_wait (CVE-2021-43975) - net: return correct error code - [x86] platform/x86: thinkpad_acpi: Fix WWAN device disabled issue after S3 deep - [s390x] setup: avoid using memblock_enforce_memory_limit - btrfs: check-integrity: fix a warning on write caching disabled disk - thermal: core: Reset previous low and high trip during thermal zone init - scsi: iscsi: Unblock session then wake up error handler - ata: ahci: Add Green Sardine vendor ID as board_ahci_mobile - [arm64] ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port() - vrf: Reset IPCB/IP6CB when processing outbound pkts in vrf dev xmit - kprobes: Limit max data_size of the kretprobe instances - ipmi: Move remove_work to dedicated workqueue - fs: add fget_many() and fput_many() - fget: check that the fd still exists after getting a ref to it (CVE-2021-4083) - net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings() - net: mpls: Fix notifications when deleting a device - siphash: use _unaligned version by default - net/mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources() - rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer() - net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of "0" if no IRQ is available - net: annotate data-races on txq->xmit_lock_owner - net/rds: correct socket tunable error in rds_tcp_tune() - net/smc: Keep smc_close_final rc during active close - [arm64] drm/msm: Do hw_init() before capturing GPU state - vgacon: Propagate console boot parameters before calling `vc_resize' - xhci: Fix commad ring abort, write all 64 bits to CRCR register. - USB: NO_LPM quirk Lenovo Powered USB-C Travel Hub - [x86] usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect - [amd64] mm: Map all kernel memory into trampoline_pgd - [arm64] tty: serial: msm_serial: Deactivate RX DMA for polling support - [arm64] serial: pl011: Add ACPI SBSA UART match id - serial: core: fix transmit-buffer reset and memleak - ipmi: msghandler: Make symbol 'remove_work_wq' static https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.221 - HID: add hid_is_usb() function to make it simpler for USB detection - HID: wacom: fix problems when device is not a valid USB device - HID: check for valid USB device for many HID drivers - can: kvaser_usb: get CAN clock frequency from device - [x86] can: sja1000: fix use after free in ems_pcmcia_add_card() - net: core: netlink: add helper refcount dec and lock function - net: sched: rename qdisc_destroy() to qdisc_put() - net: sched: extend Qdisc with rcu - net: sched: add helper function to take reference to Qdisc - net: sched: use Qdisc rcu API instead of relying on rtnl lock - nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done - bpf: Fix the off-by-two error in range markings - ice: ignore dropped packets during init - bonding: make tx_rebalance_counter an atomic - nfp: Fix memory leak in nfp_cpp_area_cache_add() - seg6: fix the iif in the IPv6 socket control block - udp: using datalen to cap max gso segments - [amd64] IB/hfi1: Correct guard on eager buffer deallocation - mm: bdi: initialize bdi_min_ratio when bdi is unregistered - ALSA: ctl: Fix copy of updated id with element read/write - ALSA: pcm: oss: Fix negative period/buffer sizes - ALSA: pcm: oss: Limit the period size to 16MB - ALSA: pcm: oss: Handle missing errors in snd_pcm_oss_change_params*() - tracefs: Have new files inherit the ownership of their parent - [arm64] clk: qcom: regmap-mux: fix parent clock lookup - [i386] can: pch_can: pch_can_rx_normal: fix use after free - libata: add horkage for ASMedia 1092 - wait: add wake_up_pollfree() - binder: use wake_up_pollfree() - signalfd: use wake_up_pollfree() - aio: keep poll requests on waitqueue until completed - aio: fix use-after-free due to missing POLLFREE handling - tracefs: Set all files to the same group ownership as the mount option - block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2) - qede: validate non LSO skb length - i40e: Fix pre-set max number of queues for VF - net: cdc_ncm: Allow for dwNtbOutMaxSize to be unset or zero - [armhf] net: fec: only clear interrupt of handling queue in fec_enet_rx_queue() - net, neigh: clear whole pneigh_entry at alloc time - net/qla3xxx: fix an error code in ql_adapter_up() - USB: gadget: detect too-big endpoint 0 requests (CVE-2021-39685) - USB: gadget: zero allocate endpoint 0 buffers (CVE-2021-39685) - usb: core: config: fix validation of wMaxPacketValue entries - xhci: Remove CONFIG_USB_DEFAULT_PERSIST to prevent xHCI from runtime suspending - usb: core: config: using bit mask instead of individual bits - xhci: avoid race between disable slot command and host runtime suspend - iio: trigger: Fix reference counting - [armhf] iio: mma8452: Fix trigger reference couting - [arm64,armhf] iio: adc: axp20x_adc: fix charging current reporting on AXP22x - [x86] iio: accel: kxcjk-1013: Fix possible memory leak in probe and remove - [armhf] irqchip/armada-370-xp: Fix return value of armada_370_xp_msi_alloc() - [armhf] irqchip/armada-370-xp: Fix support for Multi-MSI interrupts - [arm64,armhf] irqchip/irq-gic-v3-its.c: Force synchronisation when issuing INVALL - net_sched: fix a crash in tc_new_tfilter() - net: sched: make function qdisc_free_cb() static https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.222 - stable: clamp SUBLEVEL in 4.19 - nfc: fix segfault in nfc_genl_dump_devices_done - [arm64] drm/msm/dsi: set default num_data_lanes - net/mlx4_en: Update reported link modes for 1/10G - [arm64,armhf] i2c: rk3x: Handle a spurious start completion interrupt flag - net: netlink: af_netlink: Prevent empty skb by adding a check on len. - tracing: Fix a kmemleak false positive in tracing_map - [x86] hwmon: (dell-smm) Fix warning on /proc/i8k creation error - mac80211: send ADDBA requests using the tid/queue of the aggregation session - dm btree remove: fix use after free in rebalance_children() - audit: improve robustness of the audit queue handling - nfsd: fix use-after-free due to delegation race (Closes: #988044) - [x86] sme: Explicitly map new EFI memmap table as encrypted - mac80211: track only QoS data frames for admission control - [armhf] socfpga: dts: fix qspi node compatible - sch_cake: do not call cake_destroy() from cake_init() - rds: memory leak in __rds_conn_create() (CVE-2021-45480) - [arm64,armhf] soc/tegra: fuse: Fix bitwise vs. logical OR warning - igb: Fix removal of unicast MAC filters of VFs - igbvf: fix double free in `igbvf_probe` - ixgbe: set X550 MDIO speed before talking to PHY - netdevsim: Zero-initialize memory for new map's value in function nsim_bpf_map_alloc (CVE-2021-4135) - net/packet: rx_owner_map depends on pg_vec (CVE-2021-22600) - sit: do not call ipip6_dev_free() from sit_init_net() - USB: gadget: bRequestType is a bitfield, not a enum - USB: NO_LPM quirk Lenovo USB-C to Ethernet Adapher(RTL8153-04) - PCI/MSI: Clear PCI_MSIX_FLAGS_MASKALL on error - PCI/MSI: Mask MSI-X vectors only on success - USB: serial: cp210x: fix CP2105 GPIO registration - USB: serial: option: add Telit FN990 compositions - timekeeping: Really make sure wall_to_monotonic isn't positive - libata: if T_LENGTH is zero, dma direction should be DMA_NONE - drm/amdgpu: correct register access for RLC_JUMP_TABLE_RESTORE - mac80211: validate extended element ID is present - [armel] 8805/2: remove unneeded naked function usage - mwifiex: Remove unnecessary braces from HostCmd_SET_SEQ_NO_BSS_INFO - Input: touchscreen - avoid bitwise vs logical OR warning - media: mxl111sf: change mutex_init() location - fuse: annotate lock in fuse_reverse_inval_entry() - ovl: fix warning in ovl_create_real() - scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select() - xen/blkfront: harden blkfront against event channel storms (CVE-2021-28711) - xen/netfront: harden netfront against event channel storms (CVE-2021-28712) - xen/console: harden hvc_xen against event channel storms (CVE-2021-28713) - xen/netback: fix rx queue stall detection (CVE-2021-28714) - xen/netback: don't queue unlimited number of packages (CVE-2021-28715) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.223 - net: usb: lan78xx: add Allied Telesis AT29M2-AF - block, bfq: improve asymmetric scenarios detection - block, bfq: fix asymmetric scenarios detection - block, bfq: fix decrement of num_active_groups - block, bfq: fix queue removal from weights tree - block, bfq: fix use after free in bfq_bfqq_expire - HID: holtek: fix mouse probing - [arm64] dts: allwinner: orangepi-zero-plus: fix PHY mode - [arm64] spi: change clk_disable_unprepare to clk_unprepare - IB/qib: Fix memory leak in qib_user_sdma_queue_pkts() - netfilter: fix regression in looped (broad|multi)cast's MAC handling - qlcnic: potential dereference null pointer of rx_queue->page_ring - net: accept UFOv6 packages in virtio_net_hdr_to_skb - net: skip virtio_net_hdr_set_proto if protocol already set - ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module - bonding: fix ad_actor_system option setting to default - [amd64] fjes: Check for error irq - [armhf] drivers: net: smc911x: Check for error irq - sfc: falcon: Check null pointer of rx_queue->page_ring - hwmon: (lm90) Fix usage of CONFIG2 register in detect function - ALSA: jack: Check the return value of kstrdup() - ALSA: drivers: opl3: Fix incorrect use of vp->state - Input: atmel_mxt_ts - fix double free in mxt_read_info_block - ipmi: bail out if init_srcu_struct fails - ipmi: fix initialization when workqueue allocation fails - [x86] pkey: Fix undefined behaviour with PKRU_WD_BIT - [armel,armhf] 9169/1: entry: fix Thumb2 bug in iWMMXt exception handling - f2fs: fix to do sanity check on last xattr entry in __f2fs_setxattr() (CVE-2021-45469) - usb: gadget: u_ether: fix race in setting MAC address in setup phase - [x86] KVM: VMX: Fix stale docs for kvm-intel.emulate_invalid_guest_state - hwmon: (lm90) Do not report 'busy' status bit as alarm - ax25: NPD bug when detaching AX25 device - hamradio: defer ax25 kfree after unregister_netdev - hamradio: improve the incomplete fix to avoid NPD - phonet/pep: refuse to enable an unbound pipe https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.224 - [arm64] tee: handle lookup of shm with reference count 0 (CVE-2021-44733) - Input: i8042 - add deferred probe support - [x86] Input: i8042 - enable deferred probe quirk for ASUS UM325UA - [x86] platform/x86: apple-gmux: use resource_size() with res - selinux: initialize proto variable in selinux_ip_postroute_compat() - scsi: lpfc: Terminate string in lpfc_debugfs_nvmeio_trc_write() - udp: using datalen to cap ipv6 udp max gso segments - sctp: use call_rcu to free endpoint - net: usb: pegasus: Do not drop long Ethernet frames - net/mlx5e: Fix wrong features assignment in case of error - i2c: validate user data in compat ioctl - nfc: uapi: use kernel size_t to fix user-space builds - uapi: fix linux/nfc.h userspace compilation errors - xhci: Fresco FL1100 controller should not have BROKEN_MSI quirk set. - usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear. - [arm*] binder: fix async_free_space accounting for empty parcels - [x86] scsi: vmw_pvscsi: Set residual data length conditionally - Input: appletouch - initialize work before device registration - Input: spaceball - fix parsing of movement data packets - net: fix use-after-free in tw_timer_handler https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.225 - tracing: Fix check for trace_percpu_buffer validity in get_trace_buf() - tracing: Tag trace_percpu_buffer as a percpu pointer - ieee802154: atusb: fix uninit value in atusb_set_extended_addr - RDMA/core: Don't infoleak GRH fields - mac80211: initialize variable have_higher_than_11mbit - i40e: fix use-after-free in i40e_sync_filters_subtask() - i40e: Fix incorrect netdev's real number of RX/TX queues - ipv6: Check attribute length for RTA_GATEWAY in multipath route - ipv6: Check attribute length for RTA_GATEWAY when deleting multipath route - sch_qfq: prevent shift-out-of-bounds in qfq_init_qdisc - xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate (CVE-2021-4155) - rndis_host: support Hytera digital radios - phonet: refcount leak in pep_sock_accep (CVE-2021-45095) - ipv6: Continue processing multipath route even if gateway attribute is invalid - ipv6: Do cleanup if attribute validation fails in multipath route - scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown() - ip6_vti: initialize __ip6_tnl_parm struct in vti6_siocdevprivate - net: udp: fix alignment problem in udp4_seq_show() - mISDN: change function names to avoid conflicts https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.226 - Bluetooth: bfusb: fix division by zero in send path - USB: core: Fix bug in resuming hub's handling of wakeup requests - USB: Fix "slab-out-of-bounds Write" bug in usb_hcd_poll_rh_status - can: bcm: switch timer to HRTIMER_MODE_SOFT and remove hrtimer_tasklet - veth: Do not record rx queue hint in veth_xmit - [x86] mfd: intel-lpss: Fix too early PM enablement in the ACPI ->probe() - can: gs_usb: fix use of uninitialized variable, detach device on reception of invalid USB data - can: gs_usb: gs_can_start_xmit(): zero-initialize hf->{flags,reserved} - random: fix data race on crng_node_pool - random: fix data race on crng init time - [x86] drm/i915: Avoid bitwise vs logical OR warning in snb_wm_latency_quirk() - kbuild: Add $(KBUILD_HOSTLDFLAGS) to 'has_libelf' test - orangefs: Fix the size of a memory allocation in orangefs_bufmap_alloc() - [s390x] KVM: s390: Clarify SIGP orders versus STOP/RESTART - media: uvcvideo: fix division by zero at stream start - rtlwifi: rtl8192cu: Fix WARNING when calling local_irq_restore() with interrupts enabled - firmware: qemu_fw_cfg: fix sysfs information leak - firmware: qemu_fw_cfg: fix NULL-pointer deref on duplicate entries - firmware: qemu_fw_cfg: fix kobject leak in probe error path - ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Master after reboot from Windows - HID: uhid: Fix worker destroying device without any protection - HID: wacom: Reset expected and received contact counts at the same time - HID: wacom: Ignore the confidence flag when a touch is removed - HID: wacom: Avoid using stale array indicies to read contact count - f2fs: fix to do sanity check in is_alive() - nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind() - [armhf] mtd: rawnand: gpmi: Remove explicit default gpmi clock setting for i.MX6 - [x86] gpu: Reserve stolen memory for first integrated Intel GPU - rtc: cmos: take rtc_lock while reading from CMOS - media: flexcop-usb: fix control-message timeouts - media: mceusb: fix control-message timeouts - media: em28xx: fix control-message timeouts - media: cpia2: fix control-message timeouts - media: s2255: fix control-message timeouts - media: dib0700: fix undefined behavior in tuner shutdown - media: redrat3: fix control-message timeouts - media: pvrusb2: fix control-message timeouts - media: stk1160: fix control-message timeouts - [x86] can: softing_cs: softingcs_probe(): fix memleak on registration failure - PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller - shmem: fix a race between shmem_unused_huge_shrink and shmem_evict_inode - Bluetooth: cmtp: fix possible panic when cmtp_init_sockets() fails - [arm*] clk: bcm-2835: Pick the closest clock rate - [arm*] clk: bcm-2835: Remove rounding up the dividers - [arm64] wcn36xx: Indicate beacon not connection loss on MISSED_BEACON_IND - [arm64] wcn36xx: Release DMA channel descriptor allocations - media: videobuf2: Fix the size printk format - media: em28xx: fix memory leak in em28xx_init_dev - Bluetooth: stop proccessing malicious adv data - [arm64] tee: fix put order in teedev_close_context() - media: dmxdev: fix UAF when dvb_register_device() fails - [arm64] crypto: qce - fix uaf on qce_ahash_register_one - netfilter: bridge: add support for pppoe filtering - drm/amdgpu: Fix a NULL pointer dereference in amdgpu_connector_lcd_native_mode() - drm/radeon/radeon_kms: Fix a NULL pointer dereference in radeon_driver_open_kms() - [arm*] serial: amba-pl011: do not request memory region twice - floppy: Fix hang in watchdog when disk is ejected - media: dib8000: Fix a memleak in dib8000_init() - media: saa7146: mxb: Fix a NULL pointer dereference in mxb_attach() - media: si2157: Fix "warm" tuner state detection - sched/rt: Try to restart rt period timer when rt runtime exceeded - xfrm: fix a small bug in xfrm_sa_len() - media: dw2102: Fix use after free - media: msi001: fix possible null-ptr-deref in msi001_probe() - [arm64] drm/msm/dpu: fix safe status debugfs file - xfrm: interface with if_id 0 should return error - xfrm: state and policy should fail if XFRMA_IF_ID 0 - usb: ftdi-elan: fix memory leak on device disconnect - [armhf] mmc: meson-mx-sdio: add IRQ check - [x86] mce/inject: Avoid out-of-bounds write when setting flags - [x86] pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in __nonstatic_find_io_region() - [x86] pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in nonstatic_find_mem_region() - netfilter: ipt_CLUSTERIP: fix refcount leak in clusterip_tg_check() - ppp: ensure minimum packet size in ppp_write() - Bluetooth: hci_bcm: Check for error irq - [arm64,armhf] spi: spi-meson-spifc: Add missing pm_runtime_disable() in meson_spifc_probe - tpm: add request_locality before write TPM_INT_ENABLE - can: softing: softing_startstop(): fix set but not used variable warning - pcmcia: fix setting of kthread task states - net: mcs7830: handle usb read errors properly - ext4: avoid trim error on fs with small groups - ALSA: jack: Add missing rwsem around snd_ctl_remove() calls - ALSA: PCM: Add missing rwsem around snd_ctl_remove() calls - ALSA: hda: Add missing rwsem around snd_ctl_remove() calls - [arm64] RDMA/hns: Validate the pkey index - [powerpc*] prom_init: Fix improper check of prom_getprop() - ALSA: oss: fix compile error when OSS_DEBUG is enabled - [arm64,armhf] iommu/io-pgtable-arm: Fix table descriptor paddr formatting - scsi: ufs: Fix race conditions related to driver data - RDMA/core: Let ib_find_gid() continue search even after empty entry - [x86] ASoC: rt5663: Handle device_property_read_u32_array error codes - [arm*] iommu/iova: Fix race between FQ timeout and teardown - RDMA/cxgb4: Set queue pair state when being queried - Bluetooth: Fix debugfs entry leak in hci_register_dev() - fs: dlm: filter user dlm messages for kernel locks - ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START reply - drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR - usb: gadget: f_fs: Use stream_open() for endpoint files - HID: apple: Do not reset quirks when the Fn key is not found - media: b2c2: Add missing check in flexcop_pci_isr: - gpiolib: acpi: Do not set the IRQ type if the IRQ is already in use - [armhf] HSI: core: Fix return freed object in hsi_new_client - [x86] mwifiex: Fix skb_over_panic in mwifiex_usb_recv() (CVE-2021-43976) - rsi: Fix out-of-bounds read in rsi_read_pkt() - floppy: Add max size check for user space request - media: saa7146: hexium_orion: Fix a NULL pointer dereference in hexium_attach() - media: m920x: don't use stack on USB reads - iwlwifi: mvm: synchronize with FW after multicast commands - ath10k: Fix tx hanging - net-sysfs: update the queue counts in the unregistration path - [x86] mce: Mark mce_panic() noinstr - [x86] mce: Mark mce_end() noinstr - [x86] mce: Mark mce_read_aux() noinstr - net: bonding: debug: avoid printing debug logs when bond is not notifying peers - bpf: Do not WARN in bpf_warn_invalid_xdp_action() - HID: quirks: Allow inverting the absolute X/Y values - media: igorplugusb: receiver overflow should be reported - media: saa7146: hexium_gemini: Fix a NULL pointer dereference in hexium_attach() - mmc: core: Fixup storing of OCR for MMC_QUIRK_NONSTD_SDIO - audit: ensure userspace is penalized the same as the kernel when under pressure - usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0 - ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream - iwlwifi: fix leaks/bad data after failed firmware load - iwlwifi: remove module loading failure message - iwlwifi: mvm: Fix calculation of frame length - jffs2: GC deadlock reading a page that is used in jffs2_write_begin() - ACPICA: actypes.h: Expand the ACPI_ACCESS_ definitions - ACPICA: Utilities: Avoid deleting the same object twice in a row - ACPICA: Executer: Fix the REFCLASS_REFOF case in acpi_ex_opcode_1A_0T_1R() - ACPICA: Hardware: Do not flush CPU cache when entering S4 and S5 - drm/amdgpu: fixup bad vram size on gmc v8 - [x86] ACPI: battery: Add the ThinkPad "Not Charging" quirk - btrfs: remove BUG_ON() in find_parent_nodes() - btrfs: remove BUG_ON(!eie) in find_parent_nodes - net: mdio: Demote probed message to debug print - mac80211: allow non-standard VHT MCS-10/11 - dm btree: add a defensive bounds check to insert_at() - dm space map common: add bounds check to sm_ll_lookup_bitmap() - net: phy: marvell: configure RGMII delays for 88E1118 - [arm64] regulator: qcom_smd: Align probe function with rpmh-regulator - [arm64,armhf] serial: pl010: Drop CR register reset on set_termios - serial: core: Keep mctrl register state and cached copy in sync - [powerpc*] powernv: add missing of_node_put - [powerpc*] btext: add missing of_node_put - [powerpc*] watchdog: Fix missed watchdog reset due to memory ordering race - [x86] i2c: i801: Don't silently correct invalid transfer size - [powerpc*] smp: Move setup_profiling_timer() under CONFIG_PROFILING - [powerpc*] i2c: mpc: Correct I2C reset procedure - w1: Misuse of get_user()/put_user() reported by sparse - ALSA: seq: Set upper limit of processed events - [powerpc*] handle kdump appropriately with crash_kexec_post_notifiers option - [mips*] OCTEON: add put_device() after of_find_device_by_node() - [x86] i2c: designware-pci: Fix to change data types of hcnt and lcnt parameters - scsi: sr: Don't use GFP_DMA - [arm64] rpmsg: core: Clean up resources on announce_create failure. - ubifs: Error path in ubifs_remount_rw() seems to wrongly free write buffers - serial: Fix incorrect rs485 polarity on uart open - cputime, cpuacct: Include guest time in user time in cpuacct.stat - iwlwifi: mvm: Increase the scan timeout guard to 30 seconds - [s390x] mm: fix 2KB pgtable release race - [armhf] drm/etnaviv: limit submit sizes - ext4: make sure to reset inode lockdep class when quota enabling fails - ext4: make sure quota gets properly shutdown on error - ext4: set csum seed in tmp inode while migrating to extents - ext4: Fix BUG_ON in ext4_bread when write quota data - ext4: don't use the orphan list when migrating an inode - ASoC: dpcm: prevent snd_soc_dpcm use after free - regulator: core: Let boot-on regulators be powered off - drm/radeon: fix error handling in radeon_driver_open_kms - [arm64] RDMA/hns: Modify the mapping attribute of doorbell to device - RDMA/rxe: Fix a typo in opcode name - af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress - netns: add schedule point in ops_exit_list() - libcxgb: Don't accidentally set RTO_ONLINK in cxgb_find_route() - net_sched: restore "mpu xxx" handling - [mips*,s390x] gup: Work around the "COW can break either way" issue (CVE-2020-29374) - fuse: fix bad inode (CVE-2020-36322) - fuse: fix live lock in fuse_iget() (CVE-2021-28950) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.227 - [x86] drm/i915: Flush TLBs before releasing backing store (CVE-2022-0330) - net: bridge: clear bridge's private skb space on xmit - select: Fix indefinitely sleeping task in poll_schedule_timeout() - [x86] drm/vmwgfx: Fix stale file descriptors on failed usercopy (CVE-2022-22942) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.228 - Bluetooth: refactor malicious adv data check - [s390x] hypfs: include z/VM guests with access control group set - [s390x] scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices - udf: Restore i_lenAlloc when inode expansion fails (CVE-2022-0617) - udf: Fix NULL ptr deref when converting from inline format (CVE-2022-0617) - [armhf] drm/etnaviv: relax submit size limits - netfilter: nft_payload: do not update layer 4 checksum when mangling fragments - serial: 8250: of: Fix mapped region size when using reg-offset property - tty: n_gsm: fix SW flow control encoding/handling - tty: Add support for Brainboxes UC cards. - usb-storage: Add unusual-devs entry for VL817 USB-SATA bridge - [arm64,armhf] usb: common: ulpi: Fix crash in ulpi_match() - usb: gadget: f_sourcesink: Fix isoc transfer for USB_SPEED_SUPER_PLUS - USB: core: Fix hang in usb_kill_urb by adding memory barriers - [x86] usb: typec: tcpm: Do not disconnect while receiving VBUS off - [arm64,armhf] net: sfp: ignore disabled SFP node - i40e: Increase delay to 1 s after global EMP reset - i40e: Fix issue when maximum queues is exceeded - i40e: Fix queues reservation for XDP - i40e: fix unsigned stat widths - scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put() - ipv6_tunnel: Rate limit warning messages - net: fix information leakage in /proc/net/ptype - ping: fix the sk_bound_dev_if match in ping_lookup - ipv4: avoid using shared IP generator for connected sockets - hwmon: (lm90) Reduce maximum conversion rate for G781 - NFSv4: Handle case where the lookup of a directory fails (CVE-2022-24448) - NFSv4: nfs_atomic_open() can race when looking up a non-regular file - net-procfs: show net devices bound packet types - [arm64] drm/msm: Fix wrong size calculation - [arm64] drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable - ipv6: annotate accesses to fn->fn_sernum - NFS: Ensure the server has an up to date ctime before hardlinking - NFS: Ensure the server has an up to date ctime before renaming - phylib: fix potential use-after-free - yam: fix a memory leak in yam_siocdevprivate() (CVE-2022-24959) - ipv4: raw: lock the socket in raw_bind() - ipv4: tcp: send zero IPID in SYNACK messages - netfilter: nat: remove l4 protocol port rovers - netfilter: nat: limit port clash resolution attempts - tcp: fix possible socket leaks in internal pacing mode - ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback - [amd64,arm64] net: amd-xgbe: ensure to reset the tx_timer_active flag - [amd64,arm64] net: amd-xgbe: Fix skb data length underflow - rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink() - af_packet: fix data-race in packet_setsockopt / packet_setsockopt - audit: improve audit queue handling when "audit=1" on cmdline - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw() - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx() - ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx() - ALSA: hda/realtek: Add missing fixup-model entry for Gigabyte X570 ALC1220 quirks - ALSA: hda/realtek: Fix silent output on Gigabyte X570S Aorus Master (newer chipset) - ALSA: hda/realtek: Fix silent output on Gigabyte X570 Aorus Xtreme after reboot from Windows - drm/nouveau: fix off by one in BIOS boundary checking - block: bio-integrity: Advance seed correctly for larger interval sizes - RDMA/mlx4: Don't continue event handler after memory allocation failure - [amd64] iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping() - [amd64] iommu/amd: Fix loop timeout issue in iommu_ga_log_enable() - [armhf] spi: meson-spicc: add IRQ check in meson_spicc_probe - net: ieee802154: hwsim: Ensure proper channel selection at probe time - net: ieee802154: Return meaningful error codes from the netlink helpers - net: macsec: Verify that send_sci is on when setting Tx sci explicitly - [arm64,armhf] net: stmmac: ensure PTP time register reads are consistent - [x86] drm/i915/overlay: Prevent divide by zero bugs in scaling - scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe - nfsd: nfsd4_setclientid_confirm mistakenly expires confirmed client. - rtc: cmos: Evaluate century appropriate - [arm64] EDAC/xgene: Fix deferred probing - ext4: fix error handling in ext4_restore_inline_data() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.229 - cgroup-v1: Require capabilities to set release_agent (CVE-2022-0492) - moxart: fix potential use-after-free on remove path (CVE-2022-0487) - tipc: improve size validations for received domain records (CVE-2022-0435) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.230 - integrity: check the return value of audit_log_start() - net: phy: marvell: Fix MDI-x polarity setting in 88e1118-compatible PHYs - NFS: Fix initialisation of nfs_client cl_flags field - NFSD: Clamp WRITE offsets - NFSD: Fix offset type in I/O trace points - NFSv4 only print the label when its queried - nfs: nfs4clinet: check the return value of kstrdup() - NFSv4.1: Fix uninitialised variable in devicenotify - NFSv4 remove zero number of fs_locations entries error check - NFSv4 expose nfs_parse_server_name function - net: sched: Clarify error message when qdisc kind is unknown - scsi: target: iscsi: Make sure the np under each tpg is unique - [arm*] usb: dwc2: gadget: don't try to disable ep0 in dwc2_hsotg_suspend - [arm64,armhf] net: stmmac: dwmac-sun8i: use return val of readl_poll_timeout() - bpf: Add kconfig knob for disabling unpriv bpf by default - net: bridge: fix stale eth hdr pointer in br_dev_xmit - usb: f_fs: Fix use-after-free for epfile - ixgbevf: Require large buffers for build_skb on 82599VF - bonding: pair enable_port with slave_arr_updates - ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table() on failure path - net: do not keep the dst cache when uncloning an skb dst and its metadata - net: fix a memleak when uncloning an skb dst and its metadata - veth: fix races around rq->rx_notify_masked - tipc: rate limit warning for received illegal binding update - [amd64,arm64] net: amd-xgbe: disable interrupts during pci removal - vt_ioctl: fix array_index_nospec in vt_setactivate - vt_ioctl: add array_index_nospec to VT_ACTIVATE - n_tty: wake up poll(POLLRDNORM) on receiving data - [arm64,armhf] usb: ulpi: Move of_node_put to ulpi_dev_release - [arm64,armhf] usb: ulpi: Call of_node_put correctly - [arm64,armhf] usb: dwc3: gadget: Prevent core from processing stale TRBs - USB: gadget: validate interface OS descriptor requests (CVE-2022-25258) - usb: gadget: rndis: check size of RNDIS_MSG_SET command (CVE-2022-25375) - USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320 - USB: serial: option: add ZTE MF286D modem - USB: serial: ch341: add support for GW Instek USB2.0-Serial devices - USB: serial: cp210x: add NCR Retail IO box id - USB: serial: cp210x: add CPI Bulk Coin Recycler id - seccomp: Invalidate seccomp mode to catch death failures - [x86] hwmon: (dell-smm) Speed up setting of fan speed - perf: Fix list corruption in perf_cgroup_switch() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.231 - Makefile.extrawarn: Move -Wunaligned-access to W=1 - net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup - btrfs: send: in case of IO error log it - net: ieee802154: at86rf230: Stop leaking skb's - ax25: improve the incomplete fix to avoid UAF and NPD bugs - vfs: make freeze_super abort when sync_filesystem returns error - quota: make dquot_quota_sync return errors from ->sync_fs - nvme: fix a possible use-after-free in controller reset during load - nvme-rdma: fix possible use-after-free in transport error_recovery work - Revert "module, async: async_synchronize_full() on module init iff async is used" - iwlwifi: fix use-after-free - drm/radeon: Fix backlight control on iMac 12,1 - xfrm: Don't accidentally set RTO_ONLINK in decode_session4() - taskstats: Cleanup the use of task->exit_code - mmc: block: fix read single on recovery logic - vsock: remove vsock from connected table when connect is interrupted by a signal - iwlwifi: pcie: fix locking when "HW not ready" - iwlwifi: pcie: gen2: fix locking when "HW not ready" - ping: fix the dif and sdif check in ping_lookup - drop_monitor: fix data-race in dropmon_net_event / trace_napi_poll_hit - bonding: fix data-races around agg_select_timer - libsubcmd: Fix use-after-free for realloc(..., 0) - ALSA: hda: Fix regression on forced probe mask option - ALSA: hda: Fix missing codec probe on Shenker Dock 15 - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw() - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_range() - [powerpc*] lib/sstep: fix 'ptesync' build error - ext4: check for out-of-order index extents in ext4_valid_extent_entries() - block/wbt: fix negative inflight counter when remove scsi device - NFS: LOOKUP_DIRECTORY is also ok with symlinks - NFS: Do not report writeback errors in nfs_getattr() - EDAC: Fix calculation of returned address and next offset in edac_align_ptr() - net: sched: limit TC_ACT_REPEAT loops - lib/iov_iter: initialize "flags" in new pipe_buffer - [x86] Drivers: hv: vmbus: Expose monitor data only when monitor pages are used - [x86] Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj - [x86] KVM: x86/pmu: Use AMD64_RAW_EVENT_MASK for PERF_TYPE_RAW - [armhf] OMAP2+: hwmod: Add of_node_put() before break - netfilter: conntrack: don't refresh sctp entries in closed state - kconfig: let 'shell' return enough output for deep path names - ata: libata-core: Disable TRIM on M88V29 - tracing: Fix tp_printk option related with tp_printk_stop_on_boot - net: usb: qmi_wwan: Add support for Dell DW5829e - [arm64] net: macb: Align the dma and coherent dma masks https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.232 - cgroup/cpuset: Fix a race between cpuset_attach() and cpu hotplug - vhost/vsock: don't check owner in vhost_vsock_stop() while releasing - sr9700: sanity check for packet length - USB: zaurus: support another broken Zaurus - ping: remove pr_err from ping_lookup - net: __pskb_pull_tail() & pskb_carve_frag_list() drop_monitor friends - tipc: Fix end of loop tests for list_for_each_entry() - gso: do not skip outer ip header in case of ipip and net_failover - openvswitch: Fix setting ipv6 fields causing hw csum failure - drm/edid: Always set RGB444 - net/mlx5e: Fix wrong return value on ioctl EEPROM query failure - configfs: fix a race in configfs_{,un}register_subsystem() - RDMA/ib_srp: Fix a deadlock - tty: n_gsm: fix proper link termination after failed open - Revert "drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR" - memblock: use kfree() to release kmalloced memblock regions - fget: clarify and improve __fget_files() implementation - tracing: Have traceon and traceoff trigger honor the instance - ata: pata_hpt37x: disable primary channel on HPT371 - Revert "USB: serial: ch341: add new Product ID for CH341A" - usb: gadget: rndis: add spinlock for rndis response list - tracefs: Set the group ownership in apply_options() not parse_options() - USB: serial: option: add support for DW5829e - USB: serial: option: add Telit LE910R1 compositions - [arm64] usb: dwc3: pci: Fix Bay Trail phy GPIO mappings - [arm64,armhf] usb: dwc3: gadget: Let the interrupt handler disable bottom halves. - xhci: re-initialize the HC during resume if HCE was set - xhci: Prevent futile URB re-submissions due to incorrect return value. - tty: n_gsm: fix encoding of control signal octet bit DV . [ Salvatore Bonaccorso ] * Bump ABI to 19 * [rt] Update to 4.19.210-rt90 * [rt] Update to 4.19.211-rt91 * [rt] Update to 4.19.212-rt92 * [rt] Update to 4.19.214-rt93 * [rt] Update to 4.19.215-rt94 - fscache: fix initialisation of cookie hash table raw spinlocks * [rt] Update to 4.19.217-rt95 * Refresh "Export symbols needed by Android drivers" * liblockdep: Stop build liblockdep packages * [rt] Update to 4.19.218-rt96 * [rt] Update to 4.19.219-rt97 * [rt] Refresh "net: move xmit_recursion to per-task variable on -RT" * Refresh "Export symbols needed by Android drivers" * [rt] Update to 4.19.225-rt101 * Refresh "Revert "objtool: Fix CONFIG_STACK_VALIDATION=y warning for out-of-tree modules"" * [rt] Update to 4.19.227-rt102 * [rt] Update to 4.19.230-rt103 * init: Enable BPF_UNPRIV_DEFAULT_OFF (Closes: #990411) * Mitigate Spectre v2-type Branch History Buffer attacks (CVE-2022-0001, CVE-2022-0002) - [x86] speculation: Merge one test in spectre_v2_user_select_mitigation() - [x86] bugs: Unconditionally allow spectre_v2=retpoline,amd - [x86] speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE - [x86] speculation: Add eIBRS + Retpoline options - Documentation/hw-vuln: Update spectre doc - [x86] speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting - [x86] speculation: Use generic retpoline by default on AMD - [x86] speculation: Update link to AMD speculation whitepaper - [x86] speculation: Warn about Spectre v2 LFENCE mitigation - [x86] speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT linux-signed-i386 (4.19.235+1) buster; urgency=medium . * Sign kernel from linux 4.19.235-1 . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.233 - mac80211_hwsim: report NOACK frames in tx_status - mac80211_hwsim: initialize ieee80211_tx_info at hw_scan_work - [arm*] i2c: bcm2835: Avoid clock stretching timeouts - [x86] ASoC: rt5682: do not block workqueue if card is unbound - Input: clear BTN_RIGHT/MIDDLE on buttonpads - cifs: fix double free race when mount fails in cifs_get_root() - net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990 - usb: gadget: don't release an existing dev->buf (CVE-2022-24958) - usb: gadget: clear related members when goto fail (CVE-2022-24958) - ata: pata_hpt37x: fix PCI clock detection - [x86] ALSA: intel_hdmi: Fix reference to PCM buffer address - ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min - xfrm: fix MTU regression - netfilter: fix use-after-free in __nf_register_net_hook() - xfrm: fix the if_id check in changelink - xfrm: enforce validity of offload input flags - netfilter: nf_queue: don't assume sk is full socket - netfilter: nf_queue: fix possible use-after-free - batman-adv: Request iflink once in batadv-on-batadv check - batman-adv: Request iflink once in batadv_get_real_netdevice - batman-adv: Don't expect inter-netns unique iflink indices - net: dcb: flush lingering app table entries for unregistered devices - net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error generated by client - net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error cause by server - block: Fix fsync always failed if once failed - PCI: pciehp: Fix infinite loop in IRQ handler upon power fault - xen/netfront: destroy queues before real_num_tx_queues is zeroed - mac80211: fix forwarded mesh frames AC & queue selection - [arm64,armhf] net: stmmac: fix return value of __setup handler - net: arcnet: com20020: Fix null-ptr-deref in com20020pci_probe() - efivars: Respect "block" flag in efivar_entry_set_safe() - can: gs_usb: change active_channels's type from atomic_t to u8 - [armel,armhf] 9182/1: mmu: fix returns from early_param() and __setup() functions - net: chelsio: cxgb3: check the return value of pci_find_capability() - nl80211: Handle nla_memdup failures in handle_nan_filter - Input: elan_i2c - move regulator_[en|dis]able() out of elan_[en|dis]able_power() - Input: elan_i2c - fix regulator enable count imbalance after suspend/resume - HID: add mapping for KEY_ALL_APPLICATIONS - memfd: fix F_SEAL_WRITE after shmem huge page allocated - tracing/histogram: Fix sorting on old "cpu" value - btrfs: add missing run of delayed items after unlink during log replay - net: dcb: disable softirqs in dcbnl_flush_dev() - hamradio: fix macro redefine warning https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.234 - [arm*] Provide a wrapper for SMCCC 1.1 calls - [arm64,armhf] smccc/psci: add arm_smccc_1_1_get_conduit() - [armhf] report Spectre v2 status through sysfs - [armel,armhf] early traps initialisation - [armel,armhf] use LOADADDR() to get load address of sections - [armel,armhf] Spectre-BHB workaround - [armel,armhf] include unprivileged BPF status in Spectre V2 reporting - [armel,armhf] fix build error when BPF_SYSCALL is disabled - [armel,armhf] fix co-processor register typo - [armel,armhf] Do not use NOCROSSREFS directive with ld.lld - [armhf] fix build warning in proc-v7-bugs.c - xen/xenbus: don't let xenbus_grant_ring() remove grants in error case (CVE-2022-23040, XSA-396) - xen/grant-table: add gnttab_try_end_foreign_access() (CVE-2022-23036, CVE-2022-23038, XSA-396) - xen/blkfront: don't use gnttab_query_foreign_access() for mapped status (CVE-2022-23036, XSA-396) - xen/netfront: don't use gnttab_query_foreign_access() for mapped status (CVE-2022-23037, XSA-396) - xen/scsifront: don't use gnttab_query_foreign_access() for mapped status (CVE-2022-23038, XSA-396) - xen/gntalloc: don't use gnttab_query_foreign_access() (CVE-2022-23039, XSA-396) - xen: remove gnttab_query_foreign_access() - xen/9p: use alloc/free_pages_exact() (CVE-2022-23041, XSA-396) - xen/pvcalls: use alloc/free_pages_exact() (CVE-2022-23041, XSA-396) - xen/gnttab: fix gnttab_end_foreign_access() without page specified (CVE-2022-23041, XSA-396) - xen/netfront: react properly to failing gnttab_end_foreign_access_ref() (CVE-2022-23042, XSA-396) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.235 - net: qlogic: check the return value of dma_alloc_coherent() in qed_vf_hw_prepare() - qed: return status of qed_iov_get_link - ax25: Fix NULL pointer dereference in ax25_kill_by_device - net/mlx5: Fix size field in bufferx_reg struct - NFC: port100: fix use-after-free in port100_send_complete - net: phy: DP83822: clear MISR2 register to disable interrupts - sctp: fix kernel-infoleak for SCTP sockets - net-sysfs: add check for netdevice being present to speed_show - Revert "xen-netback: remove 'hotplug-status' once it has served its purpose" - Revert "xen-netback: Check for hotplug-status existence before watching" - tracing: Ensure trace buffer is at least 4096 bytes large - [arm64] net: macb: Fix lost RX packet wakeup race in NAPI receive - virtio: unexport virtio_finalize_features - virtio: acknowledge all features before access - [armel,armhf] fix Thumb2 regression with Spectre BHB - ext4: add check to prevent attempting to resize an fs with sparse_super2 - btrfs: unlock newly allocated extent buffer after error (CVE-2021-4149) . [ Salvatore Bonaccorso ] * [rt] Add new signing key for Daniel Wagner * [rt] Update to 4.19.233-rt105 * Bump ABI to 20 * sctp: fix the processing for INIT chunk (CVE-2021-3772) * sctp: fix the processing for INIT_ACK chunk (CVE-2021-3772) linux-signed-i386 (4.19.232+1) buster-security; urgency=high . * Sign kernel from linux 4.19.232-1 . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.209 - ocfs2: drop acl cache for directories too - [arm*] usb: dwc2: gadget: Fix ISOC transfer complete handling for DDMA - [armhf] usb: musb: tusb6010: uninitialized data in tusb_fifo_write_unaligned() - cifs: fix incorrect check for null pointer in header_assemble - [x86] xen/x86: fix PV trap handling on secondary processors - USB: serial: cp210x: add ID for GW Instek GDM-834x Digital Multimeter - USB: cdc-acm: fix minor-number release - Re-enable UAS for LaCie Rugged USB3-FW with fk quirk - USB: serial: mos7840: remove duplicated 0xac24 device ID - USB: serial: option: add Telit LN920 compositions - USB: serial: option: remove duplicate USB device ID - USB: serial: option: add device id for Foxconn T99W265 - [arm64] serial: mvebu-uart: fix driver's tx_empty callback - net: hso: fix muxed tty registration - bnxt_en: Fix TX timeout when TX ring size is set to the smallest - net/smc: add missing error check in smc_clc_prfx_set() - net/mlx4_en: Don't allow aRFS for encapsulated packets - scsi: iscsi: Adjust iface sysfs attr detection - [x86] tty: synclink_gt, drop unneeded forward declarations - [x86] tty: synclink_gt: rename a conflicting function name - thermal/core: Potential buffer overflow in thermal_build_list_of_policies() - [arm64,armhf] irqchip/gic-v3-its: Fix potential VPE leak on error - md: fix a lock order reversal in md_alloc - blktrace: Fix uaf in blk_trace access after removing by sysfs - [arm64,armhf] net: stmmac: allow CSR clock of 300MHz - xen/balloon: use a kernel thread instead a workqueue - nvme-multipath: fix ANA state updates when a namespace is not present - qnx4: avoid stringop-overread errors - [arm64] Mark __stack_chk_guard as __ro_after_init - net: 6pack: Fix tx timeout and slot time - [arm64] PCI: aardvark: Fix checking for PIO status - tcp: address problems caused by EDT misshaps - tcp: always set retrans_stamp on recovery - tcp: create a helper to model exponential backoff - tcp: adjust rto_base in retransmits_timed_out() - xen/balloon: fix balloon kthread freezing - tty: Fix out-of-bound vmalloc access in imageblit - cpufreq: schedutil: Use kobject release() method to free sugov_tunables - cpufreq: schedutil: Destroy mutex before kobject_put() frees the memory - mac80211: fix use-after-free in CCMP/GCMP RX - [x86] kvmclock: Move this_cpu_pvti into kvmclock.h - ipvs: check that ip_vs_conn_tab_bits is between 8 and 20 - mac80211: Fix ieee80211_amsdu_aggregate frag_tail bug - mac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap - sctp: break out if skb_header_pointer returns NULL in sctp_rcv_ootb - hwmon: (tmp421) Replace S_ with octal values - hwmon: (tmp421) report /PVLD condition as fault - hwmon: (tmp421) fix rounding for negative values - e100: fix length calculation in e100_get_regs_len - e100: fix buffer overrun in e100_get_regs - Revert "block, bfq: honor already-setup queue merges" - scsi: csiostor: Add module softdep on cxgb4 - af_unix: fix races in sk_peer_pid and sk_peer_cred accesses (CVE-2021-4203) - elf: don't use MAP_FIXED_NOREPLACE for elf interpreter mappings - ext4: fix potential infinite loop in ext4_dx_readdir() - net: udp: annotate data race around udp_sk(sk)->corkflag - [armel,armhf] 9077/1: PLT: Move struct plt_entries definition to header - [armel,armhf] 9078/1: Add warn suppress parameter to arm_gen_branch_link() - [armel,armhf] 9079/1: ftrace: Add MODULE_PLTS support - [armel,armhf] 9098/1: ftrace: MODULE_PLT: Fix build problem without DYNAMIC_FTRACE - [x86] crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd() (CVE-2021-3744, CVE-2021-3764) - HID: betop: fix slab-out-of-bounds Write in betop_probe - netfilter: ipset: Fix oversized kvmalloc() calls - HID: usbhid: free raw_report buffers in usbhid_stop - cred: allow get_cred() and put_cred() to be given NULL. https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.210 - net: mdio: introduce a shutdown method to mdio device drivers - xen-netback: correct success/error reporting for the SKB-with-fraglist case - scsi: sd: Free scsi_disk device via put_device() - [arm*] usb: dwc2: check return value after calling platform_get_resource() - scsi: ses: Retry failed Send/Receive Diagnostic commands - libata: Add ATA_HORKAGE_NO_NCQ_ON_ATI for Samsung 860 and 870 SSD. - lib/timerqueue: Rely on rbtree semantics for next timer (CVE-2021-20317) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.211 - USB: cdc-acm: fix racy tty buffer accesses - USB: cdc-acm: fix break reporting - xen/privcmd: fix error handling in mmap-resource processing - ovl: fix missing negative dentry check in ovl_rename() (CVE-2021-20321) - nfsd4: Handle the NFSv4 READDIR 'dircount' hint being zero - xen/balloon: fix cancelled balloon action - [armhf] dts: omap3430-sdp: Fix NAND device node - [mips,mipsel] bpf, mips: Validate conditional branch offsets (CVE-2021-38300) - [armel,armhf] bpf, arm: Fix register clobbering in div/mod implementation - bpf: Fix integer overflow in prealloc_elems_and_freelist() (CVE-2021-41864) - phy: mdio: fix memory leak - net_sched: fix NULL deref in fifo_set_limit() - [i386] ptp_pch: Load module automatically if ID matches - [armhf] imx6: disable the GIC CPU interface before calling stby-poweroff sequence - net: bridge: use nla_total_size_64bit() in br_get_linkxstats_size() - [arm64,armhf] net: sfp: Fix typo in state machine debug string - netlink: annotate data races around nlk->bound - drm/nouveau/debugfs: fix file release memory leak - rtnetlink: fix if_nlmsg_stats_size() under estimation - i40e: fix endless loop under rtnl - i40e: Fix freeing of uninitialized misc IRQ vector - i2c: acpi: fix resource leak in reconfiguration device addition https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.212 - [armhf] net: phy: bcm7xxx: Fixed indirect MMD operations - HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS - netfilter: ip6_tables: zero-initialize fragment offset - mac80211: Drop frames from invalid MAC address in ad-hoc mode - net: prevent user from passing illegal stab size - mac80211: check return value of rhashtable_init - scsi: ses: Fix unsigned comparison with less than zero - scsi: virtio_scsi: Fix spelling mistake "Unsupport" -> "Unsupported" - [x86] perf/x86: Reset destroy callback on event init failure - sched: Always inline is_percpu_thread() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.213 - ALSA: seq: Fix a potential UAF by wrong private_free call order - ALSA: hda/realtek: Complete partial device name to avoid ambiguity - ALSA: hda/realtek: Add quirk for Clevo X170KM-G - ALSA: hda/realtek - ALC236 headset MIC recording issue - [s390x] fix strrchr() implementation - btrfs: deal with errors when replaying dir entry during log replay - btrfs: deal with errors when adding inode reference during log replay - btrfs: check for error when looking up inode during dir entry replay - [x86] mei: me: add Ice Lake-N device id. - xhci: guard accesses to ep_state in xhci_endpoint_reset() - xhci: Fix command ring pointer corruption while aborting a command - xhci: Enable trust tx length quirk for Fresco FL11 USB controller - cb710: avoid NULL pointer subtraction - [arm64,x86] efi/cper: use stack buffer for error record decoding - efi: Change down_interruptible() in virt_efi_reset_system() to down_trylock() - [armhf] usb: musb: dsps: Fix the probe error path - Input: xpad - add support for another USB ID of Nacon GC-100 - USB: serial: qcserial: add EM9191 QDL support - USB: serial: option: add Quectel EC200S-CN module support - USB: serial: option: add Telit LE910Cx composition 0x1204 - USB: serial: option: add prod. id for Quectel EG91 - virtio: write back F_VERSION_1 before validate - nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells - sctp: account stream padding length for reconf chunk (CVE-2022-0322) - ethernet: s2io: fix setting mac address during resume - nfc: fix error handling of nfc_proto_register() - NFC: digital: fix possible memory leak in digital_tg_listen_mdaa() - NFC: digital: fix possible memory leak in digital_in_send_sdd_req() - [i386] pata_legacy: fix a couple uninitialized variable bugs - [arm64] drm/msm: Fix null pointer dereference on pointer edp - [arm64] drm/msm/dsi: Fix an error code in msm_dsi_modeset_init() - [arm64] drm/msm/dsi: fix off by one in dsi_bus_clk_enable error handling - [arm64] acpi/arm64: fix next_platform_timer() section mismatch error - mqprio: Correct stats in mqprio_dump_class_stats(). - qed: Fix missing error code in qed_slowpath_start() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.214 - NFSD: Keep existing listeners on portlist error - netfilter: ipvs: make global sysctl readonly in non-init netns - [arm64] net: hns3: add limit ets dwrr bandwidth cannot be 0 - [arm64] net: hns3: disable sriov before unload hclge layer - can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state notification - can: peak_pci: peak_pci_remove(): fix UAF - ocfs2: fix data corruption after conversion from inline format - ocfs2: mount fails with buffer overflow in strlen - vfs: check fd has read access in kernel_read_file_from_fd() (CVE-2022-0644) - ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset - ALSA: hda/realtek: Add quirk for Clevo PC50HS - ASoC: DAPM: Fix missing kctl change notifications - mm, slub: fix mismatch between reconstructed freelist depth and cnt - nfc: nci: fix the UAF of rf_conn_info object (CVE-2021-3760) - isdn: cpai: check ctr->cnr to avoid array index out of bound (CVE-2021-43389) - btrfs: deal with errors when checking if a dir entry exists during log replay - [arm64,armhf] net: stmmac: add support for dwmac 3.40a - isdn: mISDN: Fix sleeping function called from invalid context - ALSA: hda: avoid write to STATESTS if controller is in reset - scsi: core: Fix shost->cmd_per_lun calculation in scsi_add_host_with_dma() - net: mdiobus: Fix memory leak in __mdiobus_register - tracing: Have all levels of checks prevent recursion https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.215 - [armel,armhf] 9139/1: kprobes: fix arch_init_kprobes() prototype - [powerpc*] bpf: Fix BPF_MOD when imm == 1 - [arm64] Avoid premature usercopy failure - usbnet: sanity check for maxpacket - usbnet: fix error return code in usbnet_probe() - ata: sata_mv: Fix the error handling of mv_chip_id() - nfc: port100: fix using -ERRNO as command type mask - Revert "net: mdiobus: Fix memory leak in __mdiobus_register" - ipv4: use siphash instead of Jenkins in fnhe_hashfun() (CVE-2021-20322) - ipv6: use siphash in rt6_exception_hash() (CVE-2021-20322) - ipv6: make exception cache less predictible (CVE-2021-20322) - mmc: vub300: fix control-message timeouts - mmc: cqhci: clear HALT state after CQE enable - [armhf] mmc: dw_mmc: exynos: fix the finding clock sample value - mmc: sdhci: Map more voltage level to SDHCI_POWER_330 - [armhf] mmc: sdhci-esdhc-imx: clear the buffer_read_ready to reset standard tuning circuit - net: lan78xx: fix division by zero in send path - RDMA/mlx5: Set user priority for DCT - [arm64] dts: allwinner: h5: NanoPI Neo 2: Fix ethernet node - regmap: Fix possible double-free in regcache_rbtree_exit() - net: batman-adv: fix error handling - net: Prevent infinite while loop in skb_tx_hash() - net: ethernet: microchip: lan743x: Fix driver crash when lan743x_pm_resume fails - net: ethernet: microchip: lan743x: Fix dma allocation failure by using dma_set_mask_and_coherent - sctp: use init_tag from inithdr for ABORT chunk (CVE-2021-3772) - sctp: fix the processing for COOKIE_ECHO chunk (CVE-2021-3772) - sctp: add vtag check in sctp_sf_violation (CVE-2021-3772) - sctp: add vtag check in sctp_sf_do_8_5_1_E_sa (CVE-2021-3772) - sctp: add vtag check in sctp_sf_ootb (CVE-2021-3772) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.216 - scsi: core: Put LLD module refcnt after SCSI device is released - media: firewire: firedtv-avc: fix a buffer overflow in avc_ca_pmt() (CVE-2021-42739) - IB/qib: Use struct_size() helper - IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields - sfc: Fix reading non-legacy supported link modes - arch: pgtable: define MAX_POSSIBLE_PHYSMEM_BITS where needed - [armel,armhf] 9120/1: Revert "amba: make use of -1 IRQs warn" https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.217 - [x86] Revert "x86/kvm: fix vcpu-id indexed array sizes" - usb: ehci: handshake CMD_RUN instead of STS_HALT - [arm64,armhf] usb: musb: Balance list entry in musb_gadget_queue - usb-storage: Add compatibility quirk flags for iODD 2531/2541 - printk/console: Allow to disable console output by using console="" or console=null - isofs: Fix out of bound access for corrupted isofs image - [x86] comedi: dt9812: fix DMA buffers on stack - [x86] comedi: ni_usb6501: fix NULL-deref in command paths - [x86] comedi: vmk80xx: fix transfer-buffer overflows - [x86] comedi: vmk80xx: fix bulk-buffer overflow - [x86] comedi: vmk80xx: fix bulk and interrupt message timeouts - staging: r8712u: fix control-message timeout - [x86] staging: rtl8192u: fix control-message timeouts - rsi: fix control-message timeout https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.218 - xhci: Fix USB 3.1 enumeration issues by increasing roothub power-on-good delay - binder: use euid from cred instead of using task - binder: use cred instead of task for selinux checks - Input: elantench - fix misreporting trackpoint coordinates (Closes: #989285) - libata: fix read log timeout value - ocfs2: fix data corruption on truncate - [arm64,armhf] mmc: dw_mmc: Dont wait for DRTO on Write RSP error - tpm: Check for integer overflow in tpm2_map_response_body() - [x86] media: ite-cir: IR receiver stop working after receive overflow - media: ir-kbd-i2c: improve responsiveness of hauppauge zilog receivers (Closes: #994050) - ALSA: hda/realtek: Add quirk for Clevo PC70HS - ALSA: ua101: fix division by zero at probe - ALSA: 6fire: fix control and bulk message timeouts - ALSA: line6: fix control and interrupt message timeouts - ALSA: usb-audio: Add registration quirk for JBL Quantum 400 - ALSA: synth: missing check for possible NULL after the call to kstrdup - ALSA: timer: Fix use-after-free problem - ALSA: timer: Unconditionally unlink slave instances, too - [x86] irq: Ensure PI wakeup handler is unregistered before module unload - [arm64] cavium: Return negative value when pci_alloc_irq_vectors() fails - scsi: qla2xxx: Fix unmap of already freed sgl - [arm64] cavium: Fix return values of the probe function - sfc: Don't use netif_info before net_device setup - [x86] hyperv/vmbus: include linux/bitops.h - drm: panel-orientation-quirks: Add quirk for Aya Neo 2021 - bpf: Prevent increasing bpf_jit_limit above max - xen/netfront: stop tx queues during live migration - [armhf] spi: spl022: fix Microwire full duplex mode - [armhf] watchdog: Fix OMAP watchdog early handling - [x86] vmxnet3: do not stop tx queues after netif_device_detach() - btrfs: clear MISSING device status bit in btrfs_close_one_device - btrfs: fix lost error handling when replaying directory deletes - btrfs: call btrfs_check_rw_degradable only if there is a missing device - [armhf] regulator: s5m8767: do not use reset value as DVS voltage if GPIO DVS is disabled - [armhf] regulator: dt-bindings: samsung,s5m8767: correct s5m8767,pmic-buck-default-dvs-idx property - EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell - [x86] mwifiex: fix division by zero in fw download path - ath6kl: fix division by zero in send path - ath6kl: fix control-message timeout - ath10k: fix control-message timeout - ath10k: fix division by zero in send path - PCI: Mark Atheros QCA6174 to avoid bus reset - rtl8187: fix control-message timeouts - [arm64] wcn36xx: Fix HT40 capability for 2Ghz band - mwifiex: Read a PCI register after writing the TX ring write pointer - libata: fix checking of DMA state - [arm64] wcn36xx: handle connection loss indication - rsi: fix occasional initialisation failure with BT coex - rsi: fix key enabled check causing unwanted encryption for vap_id > 0 - rsi: fix rate mask set leading to P2P failure - rsi: Fix module dev_oper_mode parameter description - RDMA/qedr: Fix NULL deref for query_qp on the GSI QP - signal: Remove the bogus sigkill_pending in ptrace_stop - [mips*] signal/mips: Update (_save|_restore)_fp_context to fail with -EFAULT - [x86] power: supply: max17042_battery: Prevent int underflow in set_soc_threshold - [x86] power: supply: max17042_battery: use VFSOC for capacity when no rsns - serial: core: Fix initializing and restoring termios speed - ALSA: mixer: oss: Fix racy access to slots - ALSA: mixer: fix deadlock in snd_mixer_oss_set_volume - xen/balloon: add late_initcall_sync() for initial ballooning done - [arm64] PCI: aardvark: Do not clear status bits of masked interrupts - [arm64] PCI: aardvark: Do not unmask unused interrupts - [arm64] PCI: aardvark: Fix return value of MSI domain .alloc() method - [arm64] PCI: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG - quota: check block number when reading the block in quota file - quota: correct error number in free_dqentry() - pinctrl: core: fix possible memory leak in pinctrl_enable() - iio: dac: ad5446: Fix ad5622_write() return value - USB: serial: keyspan: fix memleak on probe errors - USB: iowarrior: fix control-message timeouts - drm: panel-orientation-quirks: Add quirk for KD Kurio Smart C15200 2-in-1 - Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg() (CVE-2021-3640) - Bluetooth: fix use-after-free error in lock_sock_nested() (CVE-2021-3752) - [x86] platform/x86: wmi: do not fail if disabling fails - locking/lockdep: Avoid RCU-induced noinstr fail - net: sched: update default qdisc visibility after Tx queue cnt changes - [x86] Increase exception stack sizes - mwifiex: Run SET_BSS_MODE when changing from P2P to STATION vif-type - mwifiex: Properly initialize private structure on interface type changes - media: netup_unidvb: handle interrupt properly according to the firmware - media: uvcvideo: Set capability in s_param - media: uvcvideo: Return -EIO for control errors - media: mceusb: return without resubmitting URB in case of -EPROTO error. - ACPICA: Avoid evaluating methods too early during system resume - media: usb: dvd-usb: fix uninit-value bug in dibusb_read_eeprom_byte() - tracefs: Have tracefs directories not set OTH permission bits by default - ath: dfs_pattern_detector: Fix possible null-pointer dereference in channel_detector_create() - [x86] ACPI: battery: Accept charges over the design capacity as full - memstick: r592: Fix a UAF bug when removing the driver - lib/xz: Avoid overlapping memcpy() with invalid input with in-place decompression - lib/xz: Validate the value before assigning it to an enum variable - workqueue: make sysfs of unbound kworker cpumask more clever - mwl8k: Fix use-after-free in mwl8k_fw_state_machine() - PM: hibernate: Get block device exclusively in swsusp_check() - iwlwifi: mvm: disable RX-diversity in powersave - gre/sit: Don't generate link-local addr if addr_gen_mode is IN6_ADDR_GEN_MODE_NONE - [x86] hyperv: Protect set_hv_tscchange_cb() against getting preempted - task_stack: Fix end_of_stack() for architectures with upwards-growing stack - Bluetooth: fix init and cleanup of sco_conn.timeout_work - cgroup: Make rebind_subsystems() disable v2 controllers all at once - drm/amdgpu: fix warning for overflow check - media: em28xx: add missing em28xx_close_extension - media: dvb-usb: fix ununit-value in az6027_rc_query - media: si470x: Avoid card name truncation - media: cx23885: Fix snd_card_free call on null card pointer - cpuidle: Fix kobject memory leaks in error paths - media: em28xx: Don't use ops->suspend if it is NULL - ath9k: Fix potential interrupt storm on queue reset - [x86] crypto: qat - detect PFVF collision after ACK - [x86] crypto: qat - disregard spurious PFVF interrupts - b43legacy: fix a lower bounds test - b43: fix a lower bounds test - [armhf] mmc: sdhci-omap: Fix NULL pointer exception if regulator is not configured - memstick: jmb38x_ms: use appropriate free function in jmb38x_ms_alloc_host() - hwmon: Fix possible memleak in __hwmon_device_register() - ath10k: fix max antenna gain unit - [arm64] drm/msm: uninitialized variable in msm_gem_import() - net: stream: don't purge sk_error_queue in sk_stream_kill_queues() - [x86] platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning - rsi: stop thread firstly in rsi_91x_init() error handling - mwifiex: Send DELBA requests according to spec - phy: micrel: ksz8041nl: do not use power down mode - nvme-rdma: fix error code in nvme_rdma_setup_ctrl - PM: hibernate: fix sparse warnings - [arm64] drm/msm: Fix potential NULL dereference in DPU SSPP - [s390x] gmap: don't unconditionally call pte_unmap_unlock() in __gmap_zap() - tcp: don't free a FIN sk_buff in tcp_remove_empty_skb() - [s390x] KVM: s390: Fix handle_sske page fault handling - libertas_tf: Fix possible memory leak in probe and disconnect - libertas: Fix possible memory leak in probe and disconnect - [arm64] wcn36xx: add proper DMA memory barriers in rx path - [amd64,arm64] net: amd-xgbe: Toggle PLL settings during rate change - [arm64,armhf] net: phylink: avoid mvneta warning when setting pause parameters - crypto: pcrypt - Delay write to padata->info - RDMA/rxe: Fix wrong port_cap_flags - scsi: dc395: Fix error case unwinding - JFS: fix memleak in jfs_mount - ALSA: hda: Reduce udelay() at SKL+ position reporting - [arm64,armhf] soc/tegra: Fix an error handling path in tegra_powergate_power_up() - serial: 8250_dw: Drop wrong use of ACPI_PTR() - scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn() - RDMA/mlx4: Return missed an error if device doesn't support steering - [arm64] phy: qcom-qusb2: Fix a memory leak on probe - [arm64] serial: xilinx_uartps: Fix race condition causing stuck TX - [mips*] cm: Convert to bitfield API to fix out-of-bounds access - apparmor: fix error check - rpmsg: Fix rpmsg_create_ept return when RPMSG config is not defined - pnfs/flexfiles: Fix misplaced barrier in nfs4_ff_layout_prepare_ds - drm/plane-helper: fix uninitialized variable reference - [arm64] PCI: aardvark: Don't spam about PIO Response Status - NFS: Fix deadlocks in nfs_scan_commit_list() - fs: orangefs: fix error return code of orangefs_revalidate_lookup() - [arm64] mtd: spi-nor: hisi-sfc: Remove excessive clk_disable_unprepare() - netfilter: nfnetlink_queue: fix OOB when mac header was cleared - dmaengine: dmaengine_desc_callback_valid(): Check for `callback_result` - [x86] watchdog: f71808e_wdt: fix inaccurate report in WDIOC_GETTIMEOUT - scsi: qla2xxx: Fix gnl list corruption - scsi: qla2xxx: Turn off target reset during issue_lip - xen-pciback: Fix return in pm_ctrl_init() - [armhf] net: davinci_emac: Fix interrupt pacing disable - bonding: Fix a use-after-free problem when bond_sysfs_slave_add() failed - mm/zsmalloc.c: close race window between zs_pool_dec_isolated() and zs_unregister_migration() - zram: off by one in read_block_state() - llc: fix out-of-bound array index in llc_sk_dev_hash() - nfc: pn533: Fix double free when pn533_fill_fragment_skbs() fails - [arm64] pgtable: make __pte_to_phys/__phys_to_pte_val inline functions - vsock: prevent unnecessary refcnt inc for nonblocking connect - cxgb4: fix eeprom len when diagnostics not implemented - [arm64,armhf] USB: chipidea: fix interrupt deadlock - [armel,armhf] 9155/1: fix early early_iounmap() - f2fs: should use GFP_NOFS for directory inodes - 9p/net: fix missing error check in p9_check_errors - [powerpc*] lib: Add helper to check if offset is within conditional branch range - [powerpc*] bpf: Validate branch ranges - [powerpc*] bpf: Fix BPF_SUB when imm == 0x80000000 - [powerpc*] security: Add a helper to query stf_barrier type - [powerpc*] bpf: Emit stf barrier instruction sequences for BPF_NOSPEC - mm, oom: pagefault_out_of_memory: don't force global OOM for dying tasks - mm, oom: do not trigger out_of_memory from the #PF - [armhf] backlight: gpio-backlight: Correct initial power state handling - video: backlight: Drop maximum brightness override for brightness zero - [s390x] cio: check the subchannel validity for dev_busid - [s390x] tape: fix timer initialization in tape_std_assign() - PCI: Add PCI_EXP_DEVCTL_PAYLOAD_* macros - fuse: truncate pagecache on atomic_o_trunc - [x86] cpu: Fix migration safety with X86_BUG_NULL_SEL - ext4: fix lazy initialization next schedule time computation in more granular unit - PCI/MSI: Destroy sysfs before freeing entries - PCI/MSI: Deal with devices lying about their MSI mask capability - PCI: Add MSI masking quirk for Nvidia ION AHCI - [arm64] zynqmp: Do not duplicate flash partition label property - [arm64] zynqmp: Fix serial compatible string - scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() - [armhf] usb: musb: tusb6010: check return value after calling platform_get_resource() - [x86] usb: typec: tipd: Remove WARN_ON in tps6598x_block_read - [x86] ASoC: nau8824: Add DMI quirk mechanism for active-high jack-detect - scsi: advansys: Fix kernel pointer leak - firmware_loader: fix pre-allocated buf built-in firmware use - tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc - scsi: target: Fix ordered tag handling - scsi: target: Fix alua_tg_pt_gps_count tracking - [i386] ALSA: gus: fix null pointer dereference on pointer block - f2fs: fix up f2fs_lookup tracepoints - sched/core: Mitigate race cpus_share_cache()/update_top_cache_domain() - drm/nouveau: hdmigv100.c: fix corrupted HDMI Vendor InfoFrame - iavf: check for null in iavf_fix_features - iavf: Fix for the false positive ASQ/ARQ errors while issuing VF reset - [x86] platform/x86: hp_accel: Fix an error handling path in 'lis3lv02d_probe()' - net: virtio_net_hdr_to_skb: count transport header in UFO - i40e: Fix correct max_pkt_size on VF RX queue - i40e: Fix NULL ptr dereference on VSI filter sync - i40e: Fix changing previously set num_queue_pairs for PFs - i40e: Fix display error code in dmesg - NFC: reorganize the functions in nci_request - [x86] perf/x86/intel/uncore: Fix filter_tid mask for CHA events on Skylake Server - [x86] perf/x86/intel/uncore: Fix IIO event constraints for Skylake Server - tun: fix bonding active backup with arp monitoring - ipc: WARN if trying to remove ipc object which is absent - [x86] hyperv: Fix NULL deref in set_hv_tscchange_cb() if Hyper-V setup fails - udf: Fix crash after seekdir - btrfs: fix memory ordering between normal and ordered work functions - cfg80211: call cfg80211_stop_ap when switch from P2P_GO type - drm/udl: fix control-message timeout - drm/amdgpu: fix set scaling mode Full/Full aspect/Center not works on vga and dvi connectors - perf/core: Avoid put_page() when GUP fails - batman-adv: mcast: fix duplicate mcast packets in BLA backbone from LAN - batman-adv: Consider fragmentation for needed_headroom - batman-adv: Reserve needed_*room for fragments - batman-adv: Don't always reallocate the fragmentation skb head - RDMA/netlink: Add __maybe_unused to static inline in C file - ASoC: DAPM: Cover regression by kctl change notification fix - [arm64,armhf] soc/tegra: pmc: Fix imbalanced clock disabling in error code path https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.219 - USB: serial: option: add Telit LE910S1 0x9200 composition - USB: serial: option: add Fibocom FM101-GL variants - [arm*] usb: dwc2: hcd_queue: Fix use of floating point literal - usb: hub: Fix usb enumeration issue due to address0 race - usb: hub: Fix locking issues with address0_mutex - [arm*] binder: fix test regression due to sender_euid change - ALSA: ctxfi: Fix out-of-range access - media: cec: copy sequence field for the reply - HID: wacom: Use "Confidence" flag to prevent reporting invalid contacts - [x86] staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() - fuse: fix page stealing - xen: don't continue xenstore initialization in case of errors - xen: detect uninitialized xenbus in xenbus_init - tracing: Fix pid filtering when triggers are attached - proc/vmcore: fix clearing user buffer by properly using clear_user() - [arm64] PCI: aardvark: Fix a leaked reference by adding missing of_node_put() - [arm64] PCI: aardvark: Wait for endpoint to be ready before training link - [arm64] PCI: aardvark: Train link immediately after enabling training - [arm64] PCI: aardvark: Improve link training - [arm64] PCI: aardvark: Issue PERST via GPIO - [arm64] PCI: aardvark: Replace custom macros by standard linux/pci_regs.h macros - [arm64] PCI: aardvark: Indicate error in 'val' when config read fails - [arm64] PCI: aardvark: Don't touch PCIe registers if no card connected - [arm64] PCI: aardvark: Fix compilation on s390 - [arm64] PCI: aardvark: Move PCIe reset card code to advk_pcie_train_link() - [arm64] PCI: aardvark: Update comment about disabling link training - [arm64] PCI: aardvark: Configure PCIe resources from 'ranges' DT property - [arm64] PCI: aardvark: Fix PCIe Max Payload Size setting - [arm64] PCI: aardvark: Fix link training - [arm64] PCI: aardvark: Fix checking for link up via LTSSM state - [arm64] pinctrl: armada-37xx: Correct mpp definitions - [arm64] pinctrl: armada-37xx: add missing pin: PCIe1 Wakeup - [arm64] pinctrl: armada-37xx: Correct PWM pins definitions - [arm64] dts: marvell: armada-37xx: Set pcie_reset_pin to gpio function - netfilter: ipvs: Fix reuse connection if RS weight is 0 - [x86] ASoC: topology: Add missing rwsem around snd_ctl_remove() calls - net: ieee802154: handle iftypes as u32 - NFSv42: Don't fail clone() unless the OP_CLONE operation failed - [armhf] socfpga: Fix crash with CONFIG_FORTIRY_SOURCE - scsi: mpt3sas: Fix kernel panic during drive powercycle test - [arm*] drm/vc4: fix error code in vc4_create_object() - ipv6: fix typos in __ip6_finish_output() - net/smc: Ensure the active closing peer first closes clcsock - PM: hibernate: use correct mode for swsusp_close() - tcp_cubic: fix spurious Hystart ACK train detections for not-cwnd-limited flows - net/smc: Don't call clcsock shutdown twice when smc shutdown - [arm64] net: hns3: fix VF RSS failed problem after PF enable multi-TCs - vhost/vsock: fix incorrect used length reported to the guest - tracing: Check pid filtering when creating events - [s390x] mm: validate VMA in PGSTE manipulation functions - hugetlbfs: flush TLBs correctly after huge_pmd_unshare (CVE-2021-4002) - NFC: add NCI_UNREG flag to eliminate the race - fuse: release pipe buf after last use - xen: sync include/xen/interface/io/ring.h with Xen's newest version - xen/blkfront: read response from backend only once - xen/blkfront: don't take local copy of a request from the ring page - xen/blkfront: don't trust the backend response data blindly - xen/netfront: read response from backend only once - xen/netfront: don't read data from request on the ring page - xen/netfront: disentangle tx_skb_freelist - xen/netfront: don't trust the backend response data blindly - tty: hvc: replace BUG_ON() with negative return value https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.220 - shm: extend forced shm destroy to support objects from several IPC nses - NFSv42: Fix pagecache invalidation after COPY/CLONE - gfs2: Fix length of holes reported at end-of-file - [amd64] atlantic: Fix OOB read and write in hw_atl_utils_fw_rpc_wait (CVE-2021-43975) - net: return correct error code - [x86] platform/x86: thinkpad_acpi: Fix WWAN device disabled issue after S3 deep - [s390x] setup: avoid using memblock_enforce_memory_limit - btrfs: check-integrity: fix a warning on write caching disabled disk - thermal: core: Reset previous low and high trip during thermal zone init - scsi: iscsi: Unblock session then wake up error handler - ata: ahci: Add Green Sardine vendor ID as board_ahci_mobile - [arm64] ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port() - vrf: Reset IPCB/IP6CB when processing outbound pkts in vrf dev xmit - kprobes: Limit max data_size of the kretprobe instances - ipmi: Move remove_work to dedicated workqueue - fs: add fget_many() and fput_many() - fget: check that the fd still exists after getting a ref to it (CVE-2021-4083) - net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings() - net: mpls: Fix notifications when deleting a device - siphash: use _unaligned version by default - net/mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources() - rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer() - net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of "0" if no IRQ is available - net: annotate data-races on txq->xmit_lock_owner - net/rds: correct socket tunable error in rds_tcp_tune() - net/smc: Keep smc_close_final rc during active close - [arm64] drm/msm: Do hw_init() before capturing GPU state - vgacon: Propagate console boot parameters before calling `vc_resize' - xhci: Fix commad ring abort, write all 64 bits to CRCR register. - USB: NO_LPM quirk Lenovo Powered USB-C Travel Hub - [x86] usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect - [amd64] mm: Map all kernel memory into trampoline_pgd - [arm64] tty: serial: msm_serial: Deactivate RX DMA for polling support - [arm64] serial: pl011: Add ACPI SBSA UART match id - serial: core: fix transmit-buffer reset and memleak - ipmi: msghandler: Make symbol 'remove_work_wq' static https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.221 - HID: add hid_is_usb() function to make it simpler for USB detection - HID: wacom: fix problems when device is not a valid USB device - HID: check for valid USB device for many HID drivers - can: kvaser_usb: get CAN clock frequency from device - [x86] can: sja1000: fix use after free in ems_pcmcia_add_card() - net: core: netlink: add helper refcount dec and lock function - net: sched: rename qdisc_destroy() to qdisc_put() - net: sched: extend Qdisc with rcu - net: sched: add helper function to take reference to Qdisc - net: sched: use Qdisc rcu API instead of relying on rtnl lock - nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done - bpf: Fix the off-by-two error in range markings - ice: ignore dropped packets during init - bonding: make tx_rebalance_counter an atomic - nfp: Fix memory leak in nfp_cpp_area_cache_add() - seg6: fix the iif in the IPv6 socket control block - udp: using datalen to cap max gso segments - [amd64] IB/hfi1: Correct guard on eager buffer deallocation - mm: bdi: initialize bdi_min_ratio when bdi is unregistered - ALSA: ctl: Fix copy of updated id with element read/write - ALSA: pcm: oss: Fix negative period/buffer sizes - ALSA: pcm: oss: Limit the period size to 16MB - ALSA: pcm: oss: Handle missing errors in snd_pcm_oss_change_params*() - tracefs: Have new files inherit the ownership of their parent - [arm64] clk: qcom: regmap-mux: fix parent clock lookup - [i386] can: pch_can: pch_can_rx_normal: fix use after free - libata: add horkage for ASMedia 1092 - wait: add wake_up_pollfree() - binder: use wake_up_pollfree() - signalfd: use wake_up_pollfree() - aio: keep poll requests on waitqueue until completed - aio: fix use-after-free due to missing POLLFREE handling - tracefs: Set all files to the same group ownership as the mount option - block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2) - qede: validate non LSO skb length - i40e: Fix pre-set max number of queues for VF - net: cdc_ncm: Allow for dwNtbOutMaxSize to be unset or zero - [armhf] net: fec: only clear interrupt of handling queue in fec_enet_rx_queue() - net, neigh: clear whole pneigh_entry at alloc time - net/qla3xxx: fix an error code in ql_adapter_up() - USB: gadget: detect too-big endpoint 0 requests (CVE-2021-39685) - USB: gadget: zero allocate endpoint 0 buffers (CVE-2021-39685) - usb: core: config: fix validation of wMaxPacketValue entries - xhci: Remove CONFIG_USB_DEFAULT_PERSIST to prevent xHCI from runtime suspending - usb: core: config: using bit mask instead of individual bits - xhci: avoid race between disable slot command and host runtime suspend - iio: trigger: Fix reference counting - [armhf] iio: mma8452: Fix trigger reference couting - [arm64,armhf] iio: adc: axp20x_adc: fix charging current reporting on AXP22x - [x86] iio: accel: kxcjk-1013: Fix possible memory leak in probe and remove - [armhf] irqchip/armada-370-xp: Fix return value of armada_370_xp_msi_alloc() - [armhf] irqchip/armada-370-xp: Fix support for Multi-MSI interrupts - [arm64,armhf] irqchip/irq-gic-v3-its.c: Force synchronisation when issuing INVALL - net_sched: fix a crash in tc_new_tfilter() - net: sched: make function qdisc_free_cb() static https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.222 - stable: clamp SUBLEVEL in 4.19 - nfc: fix segfault in nfc_genl_dump_devices_done - [arm64] drm/msm/dsi: set default num_data_lanes - net/mlx4_en: Update reported link modes for 1/10G - [arm64,armhf] i2c: rk3x: Handle a spurious start completion interrupt flag - net: netlink: af_netlink: Prevent empty skb by adding a check on len. - tracing: Fix a kmemleak false positive in tracing_map - [x86] hwmon: (dell-smm) Fix warning on /proc/i8k creation error - mac80211: send ADDBA requests using the tid/queue of the aggregation session - dm btree remove: fix use after free in rebalance_children() - audit: improve robustness of the audit queue handling - nfsd: fix use-after-free due to delegation race (Closes: #988044) - [x86] sme: Explicitly map new EFI memmap table as encrypted - mac80211: track only QoS data frames for admission control - [armhf] socfpga: dts: fix qspi node compatible - sch_cake: do not call cake_destroy() from cake_init() - rds: memory leak in __rds_conn_create() (CVE-2021-45480) - [arm64,armhf] soc/tegra: fuse: Fix bitwise vs. logical OR warning - igb: Fix removal of unicast MAC filters of VFs - igbvf: fix double free in `igbvf_probe` - ixgbe: set X550 MDIO speed before talking to PHY - netdevsim: Zero-initialize memory for new map's value in function nsim_bpf_map_alloc (CVE-2021-4135) - net/packet: rx_owner_map depends on pg_vec (CVE-2021-22600) - sit: do not call ipip6_dev_free() from sit_init_net() - USB: gadget: bRequestType is a bitfield, not a enum - USB: NO_LPM quirk Lenovo USB-C to Ethernet Adapher(RTL8153-04) - PCI/MSI: Clear PCI_MSIX_FLAGS_MASKALL on error - PCI/MSI: Mask MSI-X vectors only on success - USB: serial: cp210x: fix CP2105 GPIO registration - USB: serial: option: add Telit FN990 compositions - timekeeping: Really make sure wall_to_monotonic isn't positive - libata: if T_LENGTH is zero, dma direction should be DMA_NONE - drm/amdgpu: correct register access for RLC_JUMP_TABLE_RESTORE - mac80211: validate extended element ID is present - [armel] 8805/2: remove unneeded naked function usage - mwifiex: Remove unnecessary braces from HostCmd_SET_SEQ_NO_BSS_INFO - Input: touchscreen - avoid bitwise vs logical OR warning - media: mxl111sf: change mutex_init() location - fuse: annotate lock in fuse_reverse_inval_entry() - ovl: fix warning in ovl_create_real() - scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select() - xen/blkfront: harden blkfront against event channel storms (CVE-2021-28711) - xen/netfront: harden netfront against event channel storms (CVE-2021-28712) - xen/console: harden hvc_xen against event channel storms (CVE-2021-28713) - xen/netback: fix rx queue stall detection (CVE-2021-28714) - xen/netback: don't queue unlimited number of packages (CVE-2021-28715) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.223 - net: usb: lan78xx: add Allied Telesis AT29M2-AF - block, bfq: improve asymmetric scenarios detection - block, bfq: fix asymmetric scenarios detection - block, bfq: fix decrement of num_active_groups - block, bfq: fix queue removal from weights tree - block, bfq: fix use after free in bfq_bfqq_expire - HID: holtek: fix mouse probing - [arm64] dts: allwinner: orangepi-zero-plus: fix PHY mode - [arm64] spi: change clk_disable_unprepare to clk_unprepare - IB/qib: Fix memory leak in qib_user_sdma_queue_pkts() - netfilter: fix regression in looped (broad|multi)cast's MAC handling - qlcnic: potential dereference null pointer of rx_queue->page_ring - net: accept UFOv6 packages in virtio_net_hdr_to_skb - net: skip virtio_net_hdr_set_proto if protocol already set - ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module - bonding: fix ad_actor_system option setting to default - [amd64] fjes: Check for error irq - [armhf] drivers: net: smc911x: Check for error irq - sfc: falcon: Check null pointer of rx_queue->page_ring - hwmon: (lm90) Fix usage of CONFIG2 register in detect function - ALSA: jack: Check the return value of kstrdup() - ALSA: drivers: opl3: Fix incorrect use of vp->state - Input: atmel_mxt_ts - fix double free in mxt_read_info_block - ipmi: bail out if init_srcu_struct fails - ipmi: fix initialization when workqueue allocation fails - [x86] pkey: Fix undefined behaviour with PKRU_WD_BIT - [armel,armhf] 9169/1: entry: fix Thumb2 bug in iWMMXt exception handling - f2fs: fix to do sanity check on last xattr entry in __f2fs_setxattr() (CVE-2021-45469) - usb: gadget: u_ether: fix race in setting MAC address in setup phase - [x86] KVM: VMX: Fix stale docs for kvm-intel.emulate_invalid_guest_state - hwmon: (lm90) Do not report 'busy' status bit as alarm - ax25: NPD bug when detaching AX25 device - hamradio: defer ax25 kfree after unregister_netdev - hamradio: improve the incomplete fix to avoid NPD - phonet/pep: refuse to enable an unbound pipe https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.224 - [arm64] tee: handle lookup of shm with reference count 0 (CVE-2021-44733) - Input: i8042 - add deferred probe support - [x86] Input: i8042 - enable deferred probe quirk for ASUS UM325UA - [x86] platform/x86: apple-gmux: use resource_size() with res - selinux: initialize proto variable in selinux_ip_postroute_compat() - scsi: lpfc: Terminate string in lpfc_debugfs_nvmeio_trc_write() - udp: using datalen to cap ipv6 udp max gso segments - sctp: use call_rcu to free endpoint - net: usb: pegasus: Do not drop long Ethernet frames - net/mlx5e: Fix wrong features assignment in case of error - i2c: validate user data in compat ioctl - nfc: uapi: use kernel size_t to fix user-space builds - uapi: fix linux/nfc.h userspace compilation errors - xhci: Fresco FL1100 controller should not have BROKEN_MSI quirk set. - usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear. - [arm*] binder: fix async_free_space accounting for empty parcels - [x86] scsi: vmw_pvscsi: Set residual data length conditionally - Input: appletouch - initialize work before device registration - Input: spaceball - fix parsing of movement data packets - net: fix use-after-free in tw_timer_handler https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.225 - tracing: Fix check for trace_percpu_buffer validity in get_trace_buf() - tracing: Tag trace_percpu_buffer as a percpu pointer - ieee802154: atusb: fix uninit value in atusb_set_extended_addr - RDMA/core: Don't infoleak GRH fields - mac80211: initialize variable have_higher_than_11mbit - i40e: fix use-after-free in i40e_sync_filters_subtask() - i40e: Fix incorrect netdev's real number of RX/TX queues - ipv6: Check attribute length for RTA_GATEWAY in multipath route - ipv6: Check attribute length for RTA_GATEWAY when deleting multipath route - sch_qfq: prevent shift-out-of-bounds in qfq_init_qdisc - xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate (CVE-2021-4155) - rndis_host: support Hytera digital radios - phonet: refcount leak in pep_sock_accep (CVE-2021-45095) - ipv6: Continue processing multipath route even if gateway attribute is invalid - ipv6: Do cleanup if attribute validation fails in multipath route - scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown() - ip6_vti: initialize __ip6_tnl_parm struct in vti6_siocdevprivate - net: udp: fix alignment problem in udp4_seq_show() - mISDN: change function names to avoid conflicts https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.226 - Bluetooth: bfusb: fix division by zero in send path - USB: core: Fix bug in resuming hub's handling of wakeup requests - USB: Fix "slab-out-of-bounds Write" bug in usb_hcd_poll_rh_status - can: bcm: switch timer to HRTIMER_MODE_SOFT and remove hrtimer_tasklet - veth: Do not record rx queue hint in veth_xmit - [x86] mfd: intel-lpss: Fix too early PM enablement in the ACPI ->probe() - can: gs_usb: fix use of uninitialized variable, detach device on reception of invalid USB data - can: gs_usb: gs_can_start_xmit(): zero-initialize hf->{flags,reserved} - random: fix data race on crng_node_pool - random: fix data race on crng init time - [x86] drm/i915: Avoid bitwise vs logical OR warning in snb_wm_latency_quirk() - kbuild: Add $(KBUILD_HOSTLDFLAGS) to 'has_libelf' test - orangefs: Fix the size of a memory allocation in orangefs_bufmap_alloc() - [s390x] KVM: s390: Clarify SIGP orders versus STOP/RESTART - media: uvcvideo: fix division by zero at stream start - rtlwifi: rtl8192cu: Fix WARNING when calling local_irq_restore() with interrupts enabled - firmware: qemu_fw_cfg: fix sysfs information leak - firmware: qemu_fw_cfg: fix NULL-pointer deref on duplicate entries - firmware: qemu_fw_cfg: fix kobject leak in probe error path - ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Master after reboot from Windows - HID: uhid: Fix worker destroying device without any protection - HID: wacom: Reset expected and received contact counts at the same time - HID: wacom: Ignore the confidence flag when a touch is removed - HID: wacom: Avoid using stale array indicies to read contact count - f2fs: fix to do sanity check in is_alive() - nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind() - [armhf] mtd: rawnand: gpmi: Remove explicit default gpmi clock setting for i.MX6 - [x86] gpu: Reserve stolen memory for first integrated Intel GPU - rtc: cmos: take rtc_lock while reading from CMOS - media: flexcop-usb: fix control-message timeouts - media: mceusb: fix control-message timeouts - media: em28xx: fix control-message timeouts - media: cpia2: fix control-message timeouts - media: s2255: fix control-message timeouts - media: dib0700: fix undefined behavior in tuner shutdown - media: redrat3: fix control-message timeouts - media: pvrusb2: fix control-message timeouts - media: stk1160: fix control-message timeouts - [x86] can: softing_cs: softingcs_probe(): fix memleak on registration failure - PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller - shmem: fix a race between shmem_unused_huge_shrink and shmem_evict_inode - Bluetooth: cmtp: fix possible panic when cmtp_init_sockets() fails - [arm*] clk: bcm-2835: Pick the closest clock rate - [arm*] clk: bcm-2835: Remove rounding up the dividers - [arm64] wcn36xx: Indicate beacon not connection loss on MISSED_BEACON_IND - [arm64] wcn36xx: Release DMA channel descriptor allocations - media: videobuf2: Fix the size printk format - media: em28xx: fix memory leak in em28xx_init_dev - Bluetooth: stop proccessing malicious adv data - [arm64] tee: fix put order in teedev_close_context() - media: dmxdev: fix UAF when dvb_register_device() fails - [arm64] crypto: qce - fix uaf on qce_ahash_register_one - netfilter: bridge: add support for pppoe filtering - drm/amdgpu: Fix a NULL pointer dereference in amdgpu_connector_lcd_native_mode() - drm/radeon/radeon_kms: Fix a NULL pointer dereference in radeon_driver_open_kms() - [arm*] serial: amba-pl011: do not request memory region twice - floppy: Fix hang in watchdog when disk is ejected - media: dib8000: Fix a memleak in dib8000_init() - media: saa7146: mxb: Fix a NULL pointer dereference in mxb_attach() - media: si2157: Fix "warm" tuner state detection - sched/rt: Try to restart rt period timer when rt runtime exceeded - xfrm: fix a small bug in xfrm_sa_len() - media: dw2102: Fix use after free - media: msi001: fix possible null-ptr-deref in msi001_probe() - [arm64] drm/msm/dpu: fix safe status debugfs file - xfrm: interface with if_id 0 should return error - xfrm: state and policy should fail if XFRMA_IF_ID 0 - usb: ftdi-elan: fix memory leak on device disconnect - [armhf] mmc: meson-mx-sdio: add IRQ check - [x86] mce/inject: Avoid out-of-bounds write when setting flags - [x86] pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in __nonstatic_find_io_region() - [x86] pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in nonstatic_find_mem_region() - netfilter: ipt_CLUSTERIP: fix refcount leak in clusterip_tg_check() - ppp: ensure minimum packet size in ppp_write() - Bluetooth: hci_bcm: Check for error irq - [arm64,armhf] spi: spi-meson-spifc: Add missing pm_runtime_disable() in meson_spifc_probe - tpm: add request_locality before write TPM_INT_ENABLE - can: softing: softing_startstop(): fix set but not used variable warning - pcmcia: fix setting of kthread task states - net: mcs7830: handle usb read errors properly - ext4: avoid trim error on fs with small groups - ALSA: jack: Add missing rwsem around snd_ctl_remove() calls - ALSA: PCM: Add missing rwsem around snd_ctl_remove() calls - ALSA: hda: Add missing rwsem around snd_ctl_remove() calls - [arm64] RDMA/hns: Validate the pkey index - [powerpc*] prom_init: Fix improper check of prom_getprop() - ALSA: oss: fix compile error when OSS_DEBUG is enabled - [arm64,armhf] iommu/io-pgtable-arm: Fix table descriptor paddr formatting - scsi: ufs: Fix race conditions related to driver data - RDMA/core: Let ib_find_gid() continue search even after empty entry - [x86] ASoC: rt5663: Handle device_property_read_u32_array error codes - [arm*] iommu/iova: Fix race between FQ timeout and teardown - RDMA/cxgb4: Set queue pair state when being queried - Bluetooth: Fix debugfs entry leak in hci_register_dev() - fs: dlm: filter user dlm messages for kernel locks - ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START reply - drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR - usb: gadget: f_fs: Use stream_open() for endpoint files - HID: apple: Do not reset quirks when the Fn key is not found - media: b2c2: Add missing check in flexcop_pci_isr: - gpiolib: acpi: Do not set the IRQ type if the IRQ is already in use - [armhf] HSI: core: Fix return freed object in hsi_new_client - [x86] mwifiex: Fix skb_over_panic in mwifiex_usb_recv() (CVE-2021-43976) - rsi: Fix out-of-bounds read in rsi_read_pkt() - floppy: Add max size check for user space request - media: saa7146: hexium_orion: Fix a NULL pointer dereference in hexium_attach() - media: m920x: don't use stack on USB reads - iwlwifi: mvm: synchronize with FW after multicast commands - ath10k: Fix tx hanging - net-sysfs: update the queue counts in the unregistration path - [x86] mce: Mark mce_panic() noinstr - [x86] mce: Mark mce_end() noinstr - [x86] mce: Mark mce_read_aux() noinstr - net: bonding: debug: avoid printing debug logs when bond is not notifying peers - bpf: Do not WARN in bpf_warn_invalid_xdp_action() - HID: quirks: Allow inverting the absolute X/Y values - media: igorplugusb: receiver overflow should be reported - media: saa7146: hexium_gemini: Fix a NULL pointer dereference in hexium_attach() - mmc: core: Fixup storing of OCR for MMC_QUIRK_NONSTD_SDIO - audit: ensure userspace is penalized the same as the kernel when under pressure - usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0 - ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream - iwlwifi: fix leaks/bad data after failed firmware load - iwlwifi: remove module loading failure message - iwlwifi: mvm: Fix calculation of frame length - jffs2: GC deadlock reading a page that is used in jffs2_write_begin() - ACPICA: actypes.h: Expand the ACPI_ACCESS_ definitions - ACPICA: Utilities: Avoid deleting the same object twice in a row - ACPICA: Executer: Fix the REFCLASS_REFOF case in acpi_ex_opcode_1A_0T_1R() - ACPICA: Hardware: Do not flush CPU cache when entering S4 and S5 - drm/amdgpu: fixup bad vram size on gmc v8 - [x86] ACPI: battery: Add the ThinkPad "Not Charging" quirk - btrfs: remove BUG_ON() in find_parent_nodes() - btrfs: remove BUG_ON(!eie) in find_parent_nodes - net: mdio: Demote probed message to debug print - mac80211: allow non-standard VHT MCS-10/11 - dm btree: add a defensive bounds check to insert_at() - dm space map common: add bounds check to sm_ll_lookup_bitmap() - net: phy: marvell: configure RGMII delays for 88E1118 - [arm64] regulator: qcom_smd: Align probe function with rpmh-regulator - [arm64,armhf] serial: pl010: Drop CR register reset on set_termios - serial: core: Keep mctrl register state and cached copy in sync - [powerpc*] powernv: add missing of_node_put - [powerpc*] btext: add missing of_node_put - [powerpc*] watchdog: Fix missed watchdog reset due to memory ordering race - [x86] i2c: i801: Don't silently correct invalid transfer size - [powerpc*] smp: Move setup_profiling_timer() under CONFIG_PROFILING - [powerpc*] i2c: mpc: Correct I2C reset procedure - w1: Misuse of get_user()/put_user() reported by sparse - ALSA: seq: Set upper limit of processed events - [powerpc*] handle kdump appropriately with crash_kexec_post_notifiers option - [mips*] OCTEON: add put_device() after of_find_device_by_node() - [x86] i2c: designware-pci: Fix to change data types of hcnt and lcnt parameters - scsi: sr: Don't use GFP_DMA - [arm64] rpmsg: core: Clean up resources on announce_create failure. - ubifs: Error path in ubifs_remount_rw() seems to wrongly free write buffers - serial: Fix incorrect rs485 polarity on uart open - cputime, cpuacct: Include guest time in user time in cpuacct.stat - iwlwifi: mvm: Increase the scan timeout guard to 30 seconds - [s390x] mm: fix 2KB pgtable release race - [armhf] drm/etnaviv: limit submit sizes - ext4: make sure to reset inode lockdep class when quota enabling fails - ext4: make sure quota gets properly shutdown on error - ext4: set csum seed in tmp inode while migrating to extents - ext4: Fix BUG_ON in ext4_bread when write quota data - ext4: don't use the orphan list when migrating an inode - ASoC: dpcm: prevent snd_soc_dpcm use after free - regulator: core: Let boot-on regulators be powered off - drm/radeon: fix error handling in radeon_driver_open_kms - [arm64] RDMA/hns: Modify the mapping attribute of doorbell to device - RDMA/rxe: Fix a typo in opcode name - af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress - netns: add schedule point in ops_exit_list() - libcxgb: Don't accidentally set RTO_ONLINK in cxgb_find_route() - net_sched: restore "mpu xxx" handling - [mips*,s390x] gup: Work around the "COW can break either way" issue (CVE-2020-29374) - fuse: fix bad inode (CVE-2020-36322) - fuse: fix live lock in fuse_iget() (CVE-2021-28950) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.227 - [x86] drm/i915: Flush TLBs before releasing backing store (CVE-2022-0330) - net: bridge: clear bridge's private skb space on xmit - select: Fix indefinitely sleeping task in poll_schedule_timeout() - [x86] drm/vmwgfx: Fix stale file descriptors on failed usercopy (CVE-2022-22942) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.228 - Bluetooth: refactor malicious adv data check - [s390x] hypfs: include z/VM guests with access control group set - [s390x] scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices - udf: Restore i_lenAlloc when inode expansion fails (CVE-2022-0617) - udf: Fix NULL ptr deref when converting from inline format (CVE-2022-0617) - [armhf] drm/etnaviv: relax submit size limits - netfilter: nft_payload: do not update layer 4 checksum when mangling fragments - serial: 8250: of: Fix mapped region size when using reg-offset property - tty: n_gsm: fix SW flow control encoding/handling - tty: Add support for Brainboxes UC cards. - usb-storage: Add unusual-devs entry for VL817 USB-SATA bridge - [arm64,armhf] usb: common: ulpi: Fix crash in ulpi_match() - usb: gadget: f_sourcesink: Fix isoc transfer for USB_SPEED_SUPER_PLUS - USB: core: Fix hang in usb_kill_urb by adding memory barriers - [x86] usb: typec: tcpm: Do not disconnect while receiving VBUS off - [arm64,armhf] net: sfp: ignore disabled SFP node - i40e: Increase delay to 1 s after global EMP reset - i40e: Fix issue when maximum queues is exceeded - i40e: Fix queues reservation for XDP - i40e: fix unsigned stat widths - scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put() - ipv6_tunnel: Rate limit warning messages - net: fix information leakage in /proc/net/ptype - ping: fix the sk_bound_dev_if match in ping_lookup - ipv4: avoid using shared IP generator for connected sockets - hwmon: (lm90) Reduce maximum conversion rate for G781 - NFSv4: Handle case where the lookup of a directory fails (CVE-2022-24448) - NFSv4: nfs_atomic_open() can race when looking up a non-regular file - net-procfs: show net devices bound packet types - [arm64] drm/msm: Fix wrong size calculation - [arm64] drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable - ipv6: annotate accesses to fn->fn_sernum - NFS: Ensure the server has an up to date ctime before hardlinking - NFS: Ensure the server has an up to date ctime before renaming - phylib: fix potential use-after-free - yam: fix a memory leak in yam_siocdevprivate() (CVE-2022-24959) - ipv4: raw: lock the socket in raw_bind() - ipv4: tcp: send zero IPID in SYNACK messages - netfilter: nat: remove l4 protocol port rovers - netfilter: nat: limit port clash resolution attempts - tcp: fix possible socket leaks in internal pacing mode - ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback - [amd64,arm64] net: amd-xgbe: ensure to reset the tx_timer_active flag - [amd64,arm64] net: amd-xgbe: Fix skb data length underflow - rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink() - af_packet: fix data-race in packet_setsockopt / packet_setsockopt - audit: improve audit queue handling when "audit=1" on cmdline - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw() - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx() - ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx() - ALSA: hda/realtek: Add missing fixup-model entry for Gigabyte X570 ALC1220 quirks - ALSA: hda/realtek: Fix silent output on Gigabyte X570S Aorus Master (newer chipset) - ALSA: hda/realtek: Fix silent output on Gigabyte X570 Aorus Xtreme after reboot from Windows - drm/nouveau: fix off by one in BIOS boundary checking - block: bio-integrity: Advance seed correctly for larger interval sizes - RDMA/mlx4: Don't continue event handler after memory allocation failure - [amd64] iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping() - [amd64] iommu/amd: Fix loop timeout issue in iommu_ga_log_enable() - [armhf] spi: meson-spicc: add IRQ check in meson_spicc_probe - net: ieee802154: hwsim: Ensure proper channel selection at probe time - net: ieee802154: Return meaningful error codes from the netlink helpers - net: macsec: Verify that send_sci is on when setting Tx sci explicitly - [arm64,armhf] net: stmmac: ensure PTP time register reads are consistent - [x86] drm/i915/overlay: Prevent divide by zero bugs in scaling - scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe - nfsd: nfsd4_setclientid_confirm mistakenly expires confirmed client. - rtc: cmos: Evaluate century appropriate - [arm64] EDAC/xgene: Fix deferred probing - ext4: fix error handling in ext4_restore_inline_data() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.229 - cgroup-v1: Require capabilities to set release_agent (CVE-2022-0492) - moxart: fix potential use-after-free on remove path (CVE-2022-0487) - tipc: improve size validations for received domain records (CVE-2022-0435) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.230 - integrity: check the return value of audit_log_start() - net: phy: marvell: Fix MDI-x polarity setting in 88e1118-compatible PHYs - NFS: Fix initialisation of nfs_client cl_flags field - NFSD: Clamp WRITE offsets - NFSD: Fix offset type in I/O trace points - NFSv4 only print the label when its queried - nfs: nfs4clinet: check the return value of kstrdup() - NFSv4.1: Fix uninitialised variable in devicenotify - NFSv4 remove zero number of fs_locations entries error check - NFSv4 expose nfs_parse_server_name function - net: sched: Clarify error message when qdisc kind is unknown - scsi: target: iscsi: Make sure the np under each tpg is unique - [arm*] usb: dwc2: gadget: don't try to disable ep0 in dwc2_hsotg_suspend - [arm64,armhf] net: stmmac: dwmac-sun8i: use return val of readl_poll_timeout() - bpf: Add kconfig knob for disabling unpriv bpf by default - net: bridge: fix stale eth hdr pointer in br_dev_xmit - usb: f_fs: Fix use-after-free for epfile - ixgbevf: Require large buffers for build_skb on 82599VF - bonding: pair enable_port with slave_arr_updates - ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table() on failure path - net: do not keep the dst cache when uncloning an skb dst and its metadata - net: fix a memleak when uncloning an skb dst and its metadata - veth: fix races around rq->rx_notify_masked - tipc: rate limit warning for received illegal binding update - [amd64,arm64] net: amd-xgbe: disable interrupts during pci removal - vt_ioctl: fix array_index_nospec in vt_setactivate - vt_ioctl: add array_index_nospec to VT_ACTIVATE - n_tty: wake up poll(POLLRDNORM) on receiving data - [arm64,armhf] usb: ulpi: Move of_node_put to ulpi_dev_release - [arm64,armhf] usb: ulpi: Call of_node_put correctly - [arm64,armhf] usb: dwc3: gadget: Prevent core from processing stale TRBs - USB: gadget: validate interface OS descriptor requests (CVE-2022-25258) - usb: gadget: rndis: check size of RNDIS_MSG_SET command (CVE-2022-25375) - USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320 - USB: serial: option: add ZTE MF286D modem - USB: serial: ch341: add support for GW Instek USB2.0-Serial devices - USB: serial: cp210x: add NCR Retail IO box id - USB: serial: cp210x: add CPI Bulk Coin Recycler id - seccomp: Invalidate seccomp mode to catch death failures - [x86] hwmon: (dell-smm) Speed up setting of fan speed - perf: Fix list corruption in perf_cgroup_switch() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.231 - Makefile.extrawarn: Move -Wunaligned-access to W=1 - net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup - btrfs: send: in case of IO error log it - net: ieee802154: at86rf230: Stop leaking skb's - ax25: improve the incomplete fix to avoid UAF and NPD bugs - vfs: make freeze_super abort when sync_filesystem returns error - quota: make dquot_quota_sync return errors from ->sync_fs - nvme: fix a possible use-after-free in controller reset during load - nvme-rdma: fix possible use-after-free in transport error_recovery work - Revert "module, async: async_synchronize_full() on module init iff async is used" - iwlwifi: fix use-after-free - drm/radeon: Fix backlight control on iMac 12,1 - xfrm: Don't accidentally set RTO_ONLINK in decode_session4() - taskstats: Cleanup the use of task->exit_code - mmc: block: fix read single on recovery logic - vsock: remove vsock from connected table when connect is interrupted by a signal - iwlwifi: pcie: fix locking when "HW not ready" - iwlwifi: pcie: gen2: fix locking when "HW not ready" - ping: fix the dif and sdif check in ping_lookup - drop_monitor: fix data-race in dropmon_net_event / trace_napi_poll_hit - bonding: fix data-races around agg_select_timer - libsubcmd: Fix use-after-free for realloc(..., 0) - ALSA: hda: Fix regression on forced probe mask option - ALSA: hda: Fix missing codec probe on Shenker Dock 15 - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw() - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_range() - [powerpc*] lib/sstep: fix 'ptesync' build error - ext4: check for out-of-order index extents in ext4_valid_extent_entries() - block/wbt: fix negative inflight counter when remove scsi device - NFS: LOOKUP_DIRECTORY is also ok with symlinks - NFS: Do not report writeback errors in nfs_getattr() - EDAC: Fix calculation of returned address and next offset in edac_align_ptr() - net: sched: limit TC_ACT_REPEAT loops - lib/iov_iter: initialize "flags" in new pipe_buffer - [x86] Drivers: hv: vmbus: Expose monitor data only when monitor pages are used - [x86] Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj - [x86] KVM: x86/pmu: Use AMD64_RAW_EVENT_MASK for PERF_TYPE_RAW - [armhf] OMAP2+: hwmod: Add of_node_put() before break - netfilter: conntrack: don't refresh sctp entries in closed state - kconfig: let 'shell' return enough output for deep path names - ata: libata-core: Disable TRIM on M88V29 - tracing: Fix tp_printk option related with tp_printk_stop_on_boot - net: usb: qmi_wwan: Add support for Dell DW5829e - [arm64] net: macb: Align the dma and coherent dma masks https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.232 - cgroup/cpuset: Fix a race between cpuset_attach() and cpu hotplug - vhost/vsock: don't check owner in vhost_vsock_stop() while releasing - sr9700: sanity check for packet length - USB: zaurus: support another broken Zaurus - ping: remove pr_err from ping_lookup - net: __pskb_pull_tail() & pskb_carve_frag_list() drop_monitor friends - tipc: Fix end of loop tests for list_for_each_entry() - gso: do not skip outer ip header in case of ipip and net_failover - openvswitch: Fix setting ipv6 fields causing hw csum failure - drm/edid: Always set RGB444 - net/mlx5e: Fix wrong return value on ioctl EEPROM query failure - configfs: fix a race in configfs_{,un}register_subsystem() - RDMA/ib_srp: Fix a deadlock - tty: n_gsm: fix proper link termination after failed open - Revert "drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR" - memblock: use kfree() to release kmalloced memblock regions - fget: clarify and improve __fget_files() implementation - tracing: Have traceon and traceoff trigger honor the instance - ata: pata_hpt37x: disable primary channel on HPT371 - Revert "USB: serial: ch341: add new Product ID for CH341A" - usb: gadget: rndis: add spinlock for rndis response list - tracefs: Set the group ownership in apply_options() not parse_options() - USB: serial: option: add support for DW5829e - USB: serial: option: add Telit LE910R1 compositions - [arm64] usb: dwc3: pci: Fix Bay Trail phy GPIO mappings - [arm64,armhf] usb: dwc3: gadget: Let the interrupt handler disable bottom halves. - xhci: re-initialize the HC during resume if HCE was set - xhci: Prevent futile URB re-submissions due to incorrect return value. - tty: n_gsm: fix encoding of control signal octet bit DV . [ Salvatore Bonaccorso ] * Bump ABI to 19 * [rt] Update to 4.19.210-rt90 * [rt] Update to 4.19.211-rt91 * [rt] Update to 4.19.212-rt92 * [rt] Update to 4.19.214-rt93 * [rt] Update to 4.19.215-rt94 - fscache: fix initialisation of cookie hash table raw spinlocks * [rt] Update to 4.19.217-rt95 * Refresh "Export symbols needed by Android drivers" * liblockdep: Stop build liblockdep packages * [rt] Update to 4.19.218-rt96 * [rt] Update to 4.19.219-rt97 * [rt] Refresh "net: move xmit_recursion to per-task variable on -RT" * Refresh "Export symbols needed by Android drivers" * [rt] Update to 4.19.225-rt101 * Refresh "Revert "objtool: Fix CONFIG_STACK_VALIDATION=y warning for out-of-tree modules"" * [rt] Update to 4.19.227-rt102 * [rt] Update to 4.19.230-rt103 * init: Enable BPF_UNPRIV_DEFAULT_OFF (Closes: #990411) * Mitigate Spectre v2-type Branch History Buffer attacks (CVE-2022-0001, CVE-2022-0002) - [x86] speculation: Merge one test in spectre_v2_user_select_mitigation() - [x86] bugs: Unconditionally allow spectre_v2=retpoline,amd - [x86] speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE - [x86] speculation: Add eIBRS + Retpoline options - Documentation/hw-vuln: Update spectre doc - [x86] speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting - [x86] speculation: Use generic retpoline by default on AMD - [x86] speculation: Update link to AMD speculation whitepaper - [x86] speculation: Warn about Spectre v2 LFENCE mitigation - [x86] speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT llvm-toolchain-11 (1:11.0.1-2~deb10u1) buster; urgency=medium . * Backport to buster. - Disable tests on (big endian) mips due to timeout (i.e., test runtime exceeds 10h). - Don't install hwasan_symbolize as part of clang-tools package on mips (that particular utility isn't built on mips) llvm-toolchain-11 (1:11.0.1-2~bpo10+1) buster-backports; urgency=medium . * Rebuild for buster-backports. llvm-toolchain-11 (1:11.0.1-1) unstable; urgency=medium . [ Sylvestre Ledru ] * New stable release . [ Gianfranco Costamagna ] * Drop old patch, upstream now * Run dh_makeshlibs with -V parameter (Closes: #977814) llvm-toolchain-11 (1:11.0.1~+rc2-1) unstable; urgency=medium . * New snapshot release * Remove 'gnu-assembler-compat.diff' - merged upstream llvm-toolchain-11 (1:11.0.1~+rc1-1) unstable; urgency=medium . [ Alexander Volkov ] * Fix description of libclang-cpp11-dev package. . [ Sylvestre Ledru ] * Upload to unstable to help doko with gcc 11.0.1 will be released before the freeze llvm-toolchain-11 (1:11.0.1~+rc1-1~exp1) experimental; urgency=medium . [ Gianfranco Costamagna ] * gnu-assembler-compat.diff: Add upstream patch D92052 to fix a gcn offload compiler issue with gcc (Closes: #975692) . [ Sylvestre Ledru ] * New snapshot release * Remove fix-clang-format-bug-47589.patch (applied upstream) llvm-toolchain-11 (1:11.0.0-5) unstable; urgency=medium . [ Adrian Bunk ] * Fix the fuzzer build on i386. . [ Sylvestre Ledru ] * Ignore some tests on i386 to get autopkgtest fixed (Closes: #972334) llvm-toolchain-11 (1:11.0.0-4) unstable; urgency=medium . * Cherry-pick some fixes from https://github.com/opencollab/llvm-toolchain-integration-test-suite/ * Only install hwasan_symbolize when found * Don't use gold on ppc64el. It fails to build in that case (Closes: #972317) . [ John Paul Adrian Glaubitz ] * Limit maximum parallel link jobs to 4 on sparc and sparc64 llvm-toolchain-11 (1:11.0.0-3) unstable; urgency=medium . [ Sylvestre Ledru ] * Rebuild to fix the coinstall issues (Closes: #972323) * Replace use of deprecated $ADTTMP with $AUTOPKGTEST_TMP. llvm-toolchain-11 (1:11.0.0-2) unstable; urgency=medium . * Fix a clang-format issue. Fix bug #47589 llvm-toolchain-11 (1:11.0.0-1) unstable; urgency=medium . * New upstream release llvm-toolchain-11 (1:11.0.0~+rc6-1) unstable; urgency=medium . [ Sylvestre Ledru ] * New rc release * remove all artifacts after tests . [ Gianfranco Costamagna ] * qualify-clang.sh: exclude z3 tests when support is not available, not based on libz3-dev installation but on the error returned by clang invocation llvm-toolchain-11 (1:11.0.0~+rc5-1) unstable; urgency=medium . * New rc release llvm-toolchain-11 (1:11.0.0~+rc4-1) unstable; urgency=medium . * New rc release * Fix one more test in autopkgtest llvm-toolchain-11 (1:11.0.0~+rc3-2) unstable; urgency=medium . * Update of the symbol list of libomp5: - GOMP_loop_maybe_nonmonotonic_runtime_next - GOMP_loop_maybe_nonmonotonic_runtime_start - GOMP_loop_nonmonotonic_runtime_next - GOMP_loop_nonmonotonic_runtime_start - GOMP_loop_ull_maybe_nonmonotonic_runtime_next - GOMP_loop_ull_maybe_nonmonotonic_runtime_start - GOMP_loop_ull_nonmonotonic_runtime_next - GOMP_loop_ull_nonmonotonic_runtime_start - GOMP_parallel_loop_maybe_nonmonotonic_runtime - GOMP_parallel_loop_nonmonotonic_runtime - omp_display_env * Bring back LLVM_POLLY_LINK_INTO_TOOLS=ON to workaround the error clang (LLVM option parsing): Unknown command line argument '-polly'. Try: 'clang (LLVM option parsing) --help' Also found in autopkgtest * Bring back LLVM_POLLY_LINK_INTO_TOOLS=ON to workaround the error clang (LLVM option parsing): Unknown command line argument '-polly'. Try: 'clang (LLVM option parsing) --help' Fix autopkgtest * In the autopkgtest tests, update the opt arguments (-q removed and -basicaa renamed to -basic-aa) * Disable test executions on mipsel (timeout) llvm-toolchain-11 (1:11.0.0~+rc3-1) unstable; urgency=medium . * New rc release llvm-toolchain-11 (1:11.0.0~+rc2-5) unstable; urgency=medium . [ John Paul Adrian Glaubitz ] * Link against libatomic on powerpc to fix FTBFS in stage2 * Use dh-exec to exclude lib/libPolly*.a on powerpc and powerpcspe from libclang-common-X.Y-dev.install.in . [ Gianfranco Costamagna ] * autopkgtests: ignore binfmts enable command return value. llvm-toolchain-11 (1:11.0.0~+rc2-4) unstable; urgency=medium . * integration-test-suite-test: change the configuration for 11 llvm-toolchain-11 (1:11.0.0~+rc2-3) unstable; urgency=medium . * Fix testsuite by ignoring binfmts test (can't be enabled on autopkgtests) llvm-toolchain-11 (1:11.0.0~+rc2-2) unstable; urgency=medium . [ Gianfranco Costamagna ] * Disable ocaml support on i386, not reasonable to support it there (specially for Ubuntu) * Enable binfmt support before using it in tests, to fix them . [ Sylvestre Ledru ] * Also link against -latomic on mipsel to fix /usr/[...]/atomic_base.h:426: undefined reference to `__atomic_load_8' for lld to fix the FTBFS llvm-toolchain-11 (1:11.0.0~+rc2-1) unstable; urgency=medium . * New snapshot release llvm-toolchain-11 (1:11.0.0~+rc1-2) unstable; urgency=medium . * Don't install ompt-multiplex.h on armhf, mipsel and mips64el (Closes: #967944) llvm-toolchain-11 (1:11.0.0~+rc1-1) unstable; urgency=medium . * Testing release llvm-toolchain-11 (1:11~++20200715043845+0e377e253c1-1~exp1) experimental; urgency=medium . [ Sylvestre Ledru ] * branching of snapshot into 11 . [ Samuel Thibault ] * debian/patches/hurd/hurd-EIEIO-undef.diff: Remove, upstreamed. * debian/patches/hurd/hurd-cxx-paths.diff: Remove, upstreamed. lxcfs (3.0.3-2+deb10u1) buster; urgency=medium . [ Kellen Renshaw ] * d/p/0001 : Fix a misreport of swap being fully used due to a computation error (Closes: #955499) lxml (4.3.2-1+deb10u4) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * Cleaner: Prevent "@import" from re-occurring in the CSS after replacements, e.g. "@@importimport" (CVE-2021-43818) (Closes: #1001885) * Cleaner: Remove SVG image data URLs since they can embed script content (CVE-2021-43818) (Closes: #1001885) mailman (1:2.1.29-1+deb10u5) buster; urgency=medium . * Non-maintainer upload by the Security Team. * CSRF check for user tokens should not be case sensitive (Closes: #1001685) - The fix for CVE-2021-42097 requires that the user submitting a user options form match the user in the CSRF token submitted with the form, but the match is case sensitive and should not be. - There is also a potential NameError exception in logging a mismatch. mailman (1:2.1.29-1+deb10u4) buster; urgency=medium . * Non-maintainer upload by the Security Team. * Fix potential CSRF attack against a list admin from a list member or moderator (CVE-2021-44227) mailman (1:2.1.29-1+deb10u3) buster; urgency=medium . * Non-maintainer upload by the Security Team. * Potential XSS attack via the user options page (CVE-2021-43331) (Closes: #1000367) * A list moderator can crack the list admin password encrypted in a CSRF token (CVE-2021-43332) (Closes: #1000367) mailman (1:2.1.29-1+deb10u2) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * Fixed options login content injection vulnerability (CVE-2020-12108) * Fixed content injection vulnerability via the private login page (CVE-2020-15011) * Fix remote privilege escalation (CVE-2021-42096, CVE-2021-42097) mariadb-10.3 (1:10.3.34-0+deb10u1) buster; urgency=medium . * New upstream version 10.3.34. Includes security fixes for: - CVE-2021-46661 - CVE-2021-46663 - CVE-2021-46664 - CVE-2021-46665 - CVE-2021-46668 * Previous upstream version 10.3.33 included security fixes for: - CVE-2021-46659 - CVE-2022-24048 - CVE-2022-24050 - CVE-2022-24051 - CVE-2022-24052 * Previous upstream version 10.3.32 included security fixes for: - CVE-2021-35604 - CVE-2021-46662 - CVE-2021-46667 * Drop MIPS and libatomic patches applied now upstream * Upstream issue MDEV-25114 about Galera WSREP invalid state fixed (Closes: #989898) * Salsa-CI: Install latest archive keys to fix Jessie upgrade regression * Upstream version 10.3.33 was skipped as upstream pulled the release within a couple of days of release due to severe regression * Notable upstream functional changes in 10.3.33: - New default minimum value for innodb_buffer_pool_size is 20 MB (from 2 MB) mediawiki (1:1.31.16-1+deb10u2) buster-security; urgency=high . * Backport fix for CVE-2021-44858. This version is not vulnerable to CVE-2021-44857 nor CVE-2021-45038. minetest (0.4.17.1+repack-1+deb10u1) buster-security; urgency=high . * Fix CVE-2022-24300 and CVE-2022-24301: Several vulnerabilities have been discovered in Minetest. These issues may allow attackers to manipulate game mods and grant them an unfair advantage over other players. These flaws could also be abused for a denial of service attack or if user input is passed directly to minetest.deserialize without serializing it first, then a malicious user could run Lua code in the server environment. (Closes: #1004223) modsecurity-apache (2.9.3-1+deb10u1) buster-security; urgency=high . * Team upload * Fixed CVE-2021-42717 nbd (1:3.19-3+deb10u1) buster-security; urgency=medium . * Cherry-pick fixes for CVE-2022-26495 and CVE-2022-26496 from git master; Closes: #1006915. * Fix parsing of nbdtab in nbd-client; Closes: #1003863. neutron (2:13.0.7+git.2021.09.27.bace3d1890-0+deb10u1) buster-security; urgency=medium . * New upstream point release. - CVE-2021-40085: By supplying a specially crafted extra_dhcp_opts value, an authenticated user may add arbitrary configuration to the dnsmasq process in order to crash the service, change parameters for other tenants sharing the same interface, or otherwise alter that daemon's behavior. This vulnerability may also be used to trigger a configuration parsing buffer overflow in versions of dnsmasq prior to 2.81, which could lead to remote code execution. All Neutron deployments are affected. (Closes: #993398) * Add Add_a_healthcheck_URL.patch. * Removed patches applied upstream: - rootwrap-fix-for-neutron-fwaas.patch - CVE-2019-10876_rocky_fix_KeyError_in_OVS_firewall.patch - CVE-2019-9735_When_converting_sg_rules_to_iptables_do_not_emit_d....patch * Refreshed multiple patches. * Add the neccessary debconf stuff to stop modifying config files on upgrades. * Add patch: - revert-call-install_ingress_direct_goto_flows_when_ovs_restarts.patch node-getobject (0.1.0-2+deb10u1) buster; urgency=medium . * Team upload * Fix prototype pollution (Closes: CVE-2020-28282) nss (2:3.42.1-1+deb10u5) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * Check for missing signedData field (CVE-2022-22747) nss (2:3.42.1-1+deb10u4) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * Ensure DER encoded signatures are within size limits (CVE-2021-43527) openjdk-11 (11.0.14+9-1~deb10u1) buster-security; urgency=medium . * Rebuild for buster openjdk-11 (11.0.13+8-1) unstable; urgency=medium . * OpenJDK 11.0.13+8 build (release). * Security fixes - JDK-8163326, CVE-2021-35550: Update the default enabled cipher suites preference - JDK-8254967, CVE-2021-35565: com.sun.net.HttpsServer spins on TLS session close - JDK-8263314: Enhance XML Dsig modes - JDK-8265167, CVE-2021-35556: Richer Text Editors - JDK-8265574: Improve handling of sheets - JDK-8265580, CVE-2021-35559: Enhanced style for RTF kit - JDK-8265776: Improve Stream handling for SSL - JDK-8266097, CVE-2021-35561: Better hashing support - JDK-8266103: Better specified spec values - JDK-8266109: More Resilient Classloading - JDK-8266115: More Manifest Jar Loading - JDK-8266137, CVE-2021-35564: Improve Keystore integrity - JDK-8266689, CVE-2021-35567: More Constrained Delegation - JDK-8267086: ArrayIndexOutOfBoundsException in java.security.KeyFactory.generatePublic - JDK-8267712: Better LDAP reference processing - JDK-8267729, CVE-2021-35578: Improve TLS client handshaking - JDK-8267735, CVE-2021-35586: Better BMP support - JDK-8268193: Improve requests of certificates - JDK-8268199: Correct certificate requests - JDK-8268205: Enhance DTLS client handshake - JDK-8268506: More Manifest Digests - JDK-8269618, CVE-2021-35603: Better session identification - JDK-8269624: Enhance method selection support - JDK-8270398: Enhance canonicalization - JDK-8270404: Better canonicalization * Remove patches applied upstream. openjdk-11 (11.0.13+8-1~deb11u1) bullseye-security; urgency=medium . * Rebuild for bullseye openjdk-11 (11.0.13+8-1~deb10u1) buster-security; urgency=medium . * Rebuild for buster-security openjdk-11 (11.0.12+7-2) unstable; urgency=high . * OpenJDK 11.0.12+7 build (release). * Security fixes: - JDK-8256157: Improve bytecode assembly. - JDK-8256491: Better HTTP transport. - JDK-8258432, CVE-2021-2341: Improve file transfers. - JDK-8260453: Improve Font Bounding. - JDK-8260960: Signs of jarsigner signing. - JDK-8260967, CVE-2021-2369: Better jar file validation. - JDK-8262380: Enhance XML processing passes. - JDK-8262403: Enhanced data transfer. - JDK-8262410: Enhanced rules for zones. - JDK-8262477: Enhance String Conclusions. - JDK-8262967: Improve Zip file support. - JDK-8264066, CVE-2021-2388: Enhance compiler validation. - JDK-8264079: Improve abstractions. - JDK-8264460: Improve NTLM support. * Encode the early-access status into the package version. LP: #1934895. opensc (0.19.0-1+deb10u1) buster; urgency=medium . * Non-maintainer upload. * CVE-2019-15945: Out-of-bounds access of an ASN.1 Bitstring. (Closes: #939668) * CVE-2019-15946: Out-of-bounds access of an ASN.1 Octet string. (Closes: #939669) * CVE-2019-19479: Incorrect read operation in the Setec driver. (Closes: #947383) * CVE-2019-20792: Double free in the Coolkey driver. * CVE-2020-26570: Heap-based buffer overflow in the Oberthur driver. (Closes: #972037) * CVE-2020-26571: Stack-based buffer overflow in the GPK driver. (Closes: #972036) * CVE-2020-26572: Stack-based buffer overflow in the TCOS driver. (Closes: #972035) openscad (2019.01~RC2-2+deb10u1) buster; urgency=medium . * Fix buffer overflows in STL parser (CVE-2020-28599 and CVE-2020-28600) (Closes: #996020). openssl (1.1.1n-0+deb10u1) buster; urgency=medium . * New upstream version. - Add new symbols. openssl (1.1.1m-1) unstable; urgency=medium . * New upstream version. - Fix builds on kfreebsd (Closes: #993501). * Add arc, patch by Vineet Gupta (Closes: #989442). openssl (1.1.1m-0+deb11u1) bullseye; urgency=medium . * New upstream version. - Fix armv8 pointer authentication (Closes: #989604). openssl (1.1.1l-1) unstable; urgency=medium . * New upstream version. - CVE-2021-3711 (SM2 Decryption Buffer Overflow). - CVE-2021-3712 (Read buffer overruns processing ASN.1 strings). openssl (1.1.1k-1+deb11u2) bullseye-security; urgency=medium . * CVE-2022-0778 (Infinite loop in BN_mod_sqrt() reachable when parsing certificates). * CVE-2021-4160 (Carry propagation bug in the MIPS32 and MIPS64 squaring procedure.) openssl (1.1.1k-1+deb11u1) bullseye-security; urgency=medium . * CVE-2021-3711 (SM2 Decryption Buffer Overflow). * CVE-2021-3712 (Read buffer overruns processing ASN.1 strings). openssl (1.1.1k-1) unstable; urgency=medium . * New upstream version. - CVE-2021-3450 (CA certificate check bypass with X509_V_FLAG_X509_STRICT). - CVE-2021-3449 (NULL pointer deref in signature_algorithms processing). openssl (1.1.1j-1) unstable; urgency=medium . * New upstream version. - CVE-2021-23841 (NULL pointer deref in X509_issuer_and_serial_hash()). - CVE-2021-23840 (Possible overflow of the output length argument in EVP_CipherUpdate(), EVP_EncryptUpdate() and EVP_DecryptUpdate()). openssl (1.1.1i-3) unstable; urgency=medium . * Cherry-pick a patch from upstream to address #13931. * Enable LFS. Thanks to Dan Nicholson for debugging (Closes: #923479). openssl (1.1.1i-2) unstable; urgency=medium . * Apply two patches from upstream to address x509 related regressions. openssl (1.1.1i-1) unstable; urgency=medium . * New upstream version. - CVE-2020-1971 (EDIPARTYNAME NULL pointer de-reference). - Restore rejection of expired trusted (root) certificate (Closes: #976465). openssl (1.1.1h-1) unstable; urgency=medium . * New upstream version * Disable CAPI engine, it is designed for Windows. openssl (1.1.1g-1) unstable; urgency=medium . * New upstream version - CVE-2020-1967 (Segmentation fault in SSL_check_chain). openssl (1.1.1f-1) unstable; urgency=medium . * New upstream version - Revert the change of EOF detection to avoid regressions in applications. (Closes: #955442). openssl (1.1.1e-1) unstable; urgency=medium . * Use dh-compat level 12. * New upstream version - CVE-2019-1551 (Overflow in the x64_64 Montgomery squaring procedure), (Closes: #947949). * Update symbol list. * Update Standards-Version to 4.5.0. No changes required. * Add musl configurations (Closes: #941765). openssl (1.1.1d-2) unstable; urgency=medium . * Reenable AES-CBC-HMAC-SHA ciphers (Closes: #941987). openssl (1.1.1d-1) unstable; urgency=medium . * New upstream version - CVE-2019-1549 (Fixed a fork protection issue). - CVE-2019-1547 (Compute ECC cofactors if not provided during EC_GROUP construction). - CVE-2019-1563 (Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey). * Update symbol list openssl (1.1.1d-0+deb10u8) buster-security; urgency=medium . * Fix armv8 pointer authentication (Closes: #989604). * CVE-2022-0778 (Infinite loop in BN_mod_sqrt() reachable when parsing certificates). * CVE-2021-4160 (Carry propagation bug in the MIPS32 and MIPS64 squaring procedure.) php-illuminate-database (5.7.27-1+deb10u1) buster; urgency=medium . [ Robin Gustafsson ] * Security fix: Query Binding Exploitation (Closes: #980899) Fixes CVE-2021-21263 * Security fix: SQL injection with Microsoft SQL Server (Closes: #987848) . [ Thorsten Glaser ] * Update Maintainer, upload to oldstable as security fixpack php7.3 (7.3.31-1~deb10u1) buster-security; urgency=medium . * New upstream version 7.3.31 + CVE-2021-21706: ZipArchive::extractTo extracts outside of destination. * Backported from 7.4.25 + CVE-2021-21703: PHP-FPM oob R/W in root process leading to privilege escalation. phpliteadmin (1.9.7.1-2+deb10u1) buster; urgency=medium . * Fix CVE-2021-46709, an XSS issue with the num POST parameter pillow (5.4.1-2+deb10u3) buster-security; urgency=medium . * CVE-2022-22815 CVE-2022-22816 CVE-2022-22817 plib (1.8.5-8+deb10u1) buster; urgency=medium . * Prevent integer overflow in ssgLoadTGA() function. CVE-2021-38714 (Closes: #992973) policykit-1 (0.105-25+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * Local Privilege Escalation in polkit's pkexec (CVE-2021-4034) postgresql-11 (11.14-0+deb10u1) buster-security; urgency=medium . * New upstream security release. . + Make the server and libpq reject extraneous data after an SSL or GSS encryption handshake (Tom Lane) . A man-in-the-middle with the ability to inject data into the TCP connection could stuff some cleartext data into the start of a supposedly encryption-protected database session. . This could be abused to send faked SQL commands to the server, although that would only work if the server did not demand any authentication data. (However, a server relying on SSL certificate authentication might well not do so.) (CVE-2021-23214) . This could probably be abused to inject faked responses to the client's first few queries, although other details of libpq's behavior make that harder than it sounds. A different line of attack is to exfiltrate the client's password, or other sensitive data that might be sent early in the session. That has been shown to be possible with a server vulnerable to CVE-2021-23214. (CVE-2021-23222) . The PostgreSQL Project thanks Jacob Champion for reporting these problems. privoxy (3.0.28-2+deb10u2) buster; urgency=medium . * 53_CVE-2021-44540: get_url_spec_param(): Free memory of compiled pattern spec before bailing (CVE-2021-44540). * 56_CVE-2021-44543: cgi_error_no_template(): Encode the template name to prevent XSS (CVE-2021-44543). prosody (0.11.2-1+deb10u4) buster-security; urgency=medium . * CVE-2022-0217 fix memory leak (Closes: #1004173) * fix numbering of patches prosody (0.11.2-1+deb10u3) buster-security; urgency=medium . * fix for https://prosody.im/security/advisory_20220113/ CVE-2022-0217 publicsuffix (20211109.1735-0+deb10u1) buster; urgency=medium . * new upstream publicsuffix data publicsuffix (20210108.1309-1) unstable; urgency=medium . * new upstream version publicsuffix (20201215.0006-1) unstable; urgency=medium . * new upstream version publicsuffix (20200729.1725-1) unstable; urgency=medium . * new upstream version publicsuffix (20200627.1701-1) unstable; urgency=medium . * new upstream version publicsuffix (20200506.1625-1) unstable; urgency=medium . * new upstream version publicsuffix (20200424.0822-1) unstable; urgency=medium . * new upstream version publicsuffix (20200303.0012-1) unstable; urgency=medium . * Set upstream metadata fields: Bug-Database, Bug-Submit, Repository, Repository-Browse. * new upstream version publicsuffix (20200201.2258-1) unstable; urgency=medium . * new upstream version publicsuffix (20191120.1745-1) unstable; urgency=medium . * new upstream version publicsuffix (20190925.1705-1) unstable; urgency=medium . * new upstream version publicsuffix (20190904.1802-1) unstable; urgency=medium . * new upstream version publicsuffix (20190723.1836-1) unstable; urgency=medium . * new upstream version publicsuffix (20190716.1812-1) unstable; urgency=medium . * debhelper: move to version 12 * standards-version: bump to 4.4.0 (no changes needed) * new upstream version publicsuffix (20190529.1825-1) unstable; urgency=medium . * new upstream version python-babel (2.6.0+dfsg.1-1+deb10u1) buster-security; urgency=medium . * CVE-2021-20095 (Closes: #987824) python-virtualenv (15.1.0+ds-2+deb10u1) buster; urgency=medium . * Avoid attempting to install pkg_resources from PyPI. (Closes: #994952) raptor2 (2.0.14-1.1~deb10u2) buster; urgency=high . * Non-maintainer upload by the LTS Team. * CVE-2020-25713 Malformed input file can lead to a segfault. redis (5:5.0.14-1+deb10u2) buster-security; urgency=high . * CVE-2022-0543: Prevent a Debian-specific Lua sandbox escape vulnerability. . This vulnerability existed because the Lua library in Debian is provided as a dynamic library. A "package" variable was automatically populated that in turn permitted access to arbitrary Lua functionality. As this extended to, for example, the "execute" function from the "os" module, an attacker with the ability to execute arbitrary Lua code could potentially execute arbitrary shell commands. . Thanks to Reginaldo Silva for discovering and reporting this issue. (Closes: #1005787) redis (5:5.0.14-1+deb10u1) buster-security; urgency=high . * New upstream security release: . - CVE-2021-32762: Integer to heap buffer overflow issue in redis-cli and redis-sentinel parsing large multi-bulk replies on some older and less common platforms. . - CVE-2021-32687: Integer to heap buffer overflow with intsets, when set-max-intset-entries is manually configured to a non-default, very large value. . - CVE-2021-32675: Denial Of Service when processing RESP request payloads with a large number of elements on many connections. . - CVE-2021-32672: Random heap reading issue with Lua Debugger. . - CVE-2021-32628: Integer to heap buffer overflow handling ziplist-encoded data types, when configuring a large, non-default value for hash-max-ziplist-entries, hash-max-ziplist-value, zset-max-ziplist-entries or zset-max-ziplist-value. . - CVE-2021-32627: Integer to heap buffer overflow issue with streams, when configuring a non-default, large value for proto-max-bulk-len and client-query-buffer-limit. . - CVE-2021-32626: Specially crafted Lua scripts may result with Heap buffer overflow. . - CVE-2021-41099: Integer to heap buffer overflow handling certain string commands and network payloads, when proto-max-bulk-len is manually configured to a non-default, very large value. * Refresh patches. redis (5:5.0.7-7) unstable; urgency=medium . * Add a sleep to ensure that the redis server has started before running the autopkgtests. redis (5:5.0.7-7~bpo10+1) buster-backports; urgency=medium . * Rebuild for buster-backports. * Don't use liblzf in buster-backports as it has not been backported (yet?). . redis (5:5.0.7-7) unstable; urgency=medium . * Add a sleep to ensure that the redis server has started before running the autopkgtests. . redis (5:5.0.7-6) unstable; urgency=medium . * No change sourceful upload to permit migration to testing. . redis (5:5.0.7-5) unstable; urgency=medium . * Ensure that the redis daemon is running prior to running the autopkgtests. . redis (5:5.0.7-4) unstable; urgency=medium . * Use the newly-package liblzf-dev package over the local version. (Closes: #958321) * Don't duplicate long description of the redis-server package in the metapackage. . redis (5:5.0.7-3~bpo10+1) buster-backports; urgency=medium . * Rebuild for buster-backports. * Update debian/gbp.conf. . redis (5:5.0.7-3) unstable; urgency=medium . * Fix FTBFS with GCC 10. (Closes: #957751) * Refresh all patches. . redis (5:5.0.7-2) unstable; urgency=medium . [ Christian Göttsche ] * Update systemd service to reflect new names, etc. * Create directories in postinst with correct SELinux context. . [ Chris Lamb ] * Bump Standards-Version to 4.5.0. . [ David Prévot ] * Update long description to remove duplicate information. redis (5:5.0.7-6) unstable; urgency=medium . * No change sourceful upload to permit migration to testing. redis (5:5.0.7-5) unstable; urgency=medium . * Ensure that the redis daemon is running prior to running the autopkgtests. redis (5:5.0.7-4) unstable; urgency=medium . * Use the newly-package liblzf-dev package over the local version. (Closes: #958321) * Don't duplicate long description of the redis-server package in the metapackage. redis (5:5.0.7-3) unstable; urgency=medium . * Fix FTBFS with GCC 10. (Closes: #957751) * Refresh all patches. redis (5:5.0.7-2) unstable; urgency=medium . [ Christian Göttsche ] * Update systemd service to reflect new names, etc. * Create directories in postinst with correct SELinux context. . [ Chris Lamb ] * Bump Standards-Version to 4.5.0. . [ David Prévot ] * Update long description to remove duplicate information. redis (5:5.0.7-1) unstable; urgency=medium . * New upstream bugfix release. * Bump Standards-Version to 4.4.1. * Run wrap-and-sort -sa. redis (5:5.0.7-1~bpo10+1) buster-backports; urgency=medium . * Rebuild for buster-backports. . redis (5:5.0.7-1) unstable; urgency=medium . * New upstream bugfix release. * Bump Standards-Version to 4.4.1. * Run wrap-and-sort -sa. redis (5:5.0.6-1) unstable; urgency=medium . * New upstream release. * Specify "Rules-Requires-Root: no">. redis (5:5.0.6-1~bpo10+1) buster-backports; urgency=medium . * Rebuild for buster-backports. . redis (5:5.0.6-1) unstable; urgency=medium . * New upstream release. * Specify "Rules-Requires-Root: no">. redis (5:5.0.5-2) unstable; urgency=medium . * Sourceful upload to unstable to ensure testing migration. * Bump Standards-Version to 4.4.0. * Don't build release tags in gitlab-ci.yml. redis (5:5.0.5-2~bpo10+1) buster-backports; urgency=medium . * Rebuild for buster-backports. * Update debian/gbp.conf. . redis (5:5.0.5-2) unstable; urgency=medium . * Sourceful upload to unstable to ensure testing migration. * Bump Standards-Version to 4.4.0. * Don't build release tags in gitlab-ci.yml. . redis (5:5.0.5-1) unstable; urgency=medium . * New upstream release. . redis (5:5.0.4-1) unstable; urgency=medium . * New upstream release. redis (5:5.0.5-1) unstable; urgency=medium . * New upstream release. redis (5:5.0.4-1) unstable; urgency=medium . * New upstream release. ros-ros-comm (1.14.3+ds1-5+deb10u3) buster; urgency=medium . * Add https://github.com/ros/ros_comm/pull/2186 (Fix CVE-2021-37146) roundcube (1.3.17+dfsg.1-1~deb10u2) buster-security; urgency=high . * Backport fix for CVE-2021-46144: Fix cross-site scripting (XSS) via HTML messages with malicious CSS content. (Closes: #1003027) roundcube (1.3.17+dfsg.1-1~deb10u1) buster-security; urgency=high . * New bugfix/security upstream release (closes: #1000156), with fixes for: + CVE-2021-44025: XSS issue in handling attachment filename extension in mimetype mismatch warning; and + CVE-2021-44026: possible SQL injection via some session variables. * Refresh d/patches. * Refresh d/upstream/signing-key.asc. * d/gbp.conf: Rename upstream branch to upstream/release-1.3. rsyslog (8.1901.0-1+deb10u1) buster; urgency=medium . * Non-maintainer upload. * CVE-2019-17041: Heap overflow in the AIX message parser. (Closes: #942067) * CVE-2019-17042: Heap overflow in the Cisco log message parser. (Closes: #942065) ruby-httpclient (2.8.3-3+deb10u1) buster; urgency=medium . * Add simple autopkgtest to check a basic SSL connection * Add patch to use the system certificate store (Closes: #995448) * debian/rules: remove embedded CA certificate store * Add dependency on ca-certificates ruby-httpclient (2.8.3-3) unstable; urgency=medium . [ Debian Janitor ] * Trim trailing whitespace. * Use secure copyright file specification URI. * debian/copyright: use spaces rather than tabs to start continuation lines. * Set debhelper-compat version in Build-Depends. * Set upstream metadata fields: Bug-Database, Bug-Submit, Repository, Repository-Browse. * Update standards version to 4.5.0, no changes needed. * Remove MIA uploader Ryan Niebur . (Closes: #856376) . [ Utkarsh Gupta ] * Add salsa-ci.yml * Add patch to disable tests related to HTTP_PROXY and other related issues (proxy, et al) because LP builders don't like them! :D (Closes: #861456) ruby-kaminari (1.0.1-4+deb10u1) buster-security; urgency=high . * Non-maintainer upload. * Fix CVE-2020-11082: There is a vulnerability that would allow an attacker to inject arbitrary code into pages with pagination links. (Closes: #961847) ruby2.5 (2.5.5-3+deb10u4) buster-security; urgency=high . * Add patch to use File.open to fix the OS Command Injection vulnerability. (Fixes: CVE-2021-31799) * Add patch to fix StartTLS stripping vulnerability. (Fixes: CVE-2021-32066) * Add patch to ignore IP addresses in PASV responses by default. (Fixes: CVE-2021-31810) * Add length limit option for methods that parses date strings. (Fixes: CVE-2021-41817) * When parsing cookies, only decode the values. (Fixes: CVE-2021-41819) * Add patch to backport rexml upstream bug fixes. (Fixes: CVE-2021-28965) rust-cbindgen (0.20.0-1~deb10u2) buster; urgency=medium . * Non-maintainer upload. * Fix file timestamps from orig tarball by using a supported debhelper target in buster (execute_after_dh_* is not supported in dh 12.1). * debian/copyright: rename license paragraph to please lintian. rust-cbindgen (0.20.0-1~deb10u1) buster; urgency=medium . * Non-maintainer upload. * Backport to buster. * Vendor dependencies, they are not available in buster. * Only build the cbindgen binary. * Lower dh-cargo build-dep. rust-cbindgen (0.19.0-1) experimental; urgency=medium . * Package cbindgen 0.19.0 from crates.io using debcargo 2.4.4-alpha.0 rust-cbindgen (0.18.0-1) experimental; urgency=medium . * Package cbindgen 0.18.0 from crates.io using debcargo 2.4.4-alpha.0 rust-cbindgen (0.17.0-4) unstable; urgency=medium . * Team upload. * Package cbindgen 0.17.0 from crates.io using debcargo 2.4.4 * Add test dependencies on gcc and g++ rust-cbindgen (0.17.0-3) unstable; urgency=medium . * Team upload. * Package cbindgen 0.17.0 from crates.io using debcargo 2.4.4 * Change build and test dependencies from cython to cython3 * Use cython3 for tests * Use tmpdir for tests rather than crate dir to fix permission denied errors. rust-cbindgen (0.17.0-2) unstable; urgency=medium . * Team upload. * Package cbindgen 0.17.0 from crates.io using debcargo 2.4.4 * Fix very old timestamps (Closes: #982130) * Remove old and broken override of debian/tests/control * Add cython to the autopkgtest dependencies too. * Mark test for no-features case as broken * Mark other testcases as not broken. rust-cbindgen (0.17.0-1) unstable; urgency=medium . * Package cbindgen 0.17.0 from crates.io using debcargo 2.4.4-alpha.0 (Closes: #982022) * Add cython to the build dep for the tests rust-cbindgen (0.15.0-1) unstable; urgency=medium . * Package cbindgen 0.15.0 from crates.io using debcargo 2.4.3 rust-cbindgen (0.14.6-1) unstable; urgency=medium . * Package cbindgen 0.14.6 from crates.io using debcargo 2.4.2 rust-cbindgen (0.14.4-1) unstable; urgency=medium . * Package cbindgen 0.14.4 from crates.io using debcargo 2.4.3 rustc-mozilla (1.51.0+dfsg1-1~deb10u2) buster; urgency=medium . * Non-maintainer upload. * stage0 build. + Use arm-unknown-linux-gnueabi target for armel. (This change was missed in the previous upload and is now implemented correctly.) * Disable build for windows targets (broken on i386) rustc-mozilla (1.51.0+dfsg1-1~deb10u1) buster; urgency=medium . * Non-maintainer upload. * Backport to buster. * stage0 build. + Use arm-unknown-linux-gnueabi target for armel. * Disable wasm. * Reduce debugging symbols on i386 to avoid FTBFS due to OOM. * Use debhelper compat level 9 * Replace gcc-mingw-w64-x86-64-posix by gcc-mingw-w64-x86-64 s390-dasd (0.0.74~deb10u1) buster; urgency=medium . * Rebuild for buster. s390-dasd (0.0.73) unstable; urgency=medium . * Team upload . [ Updated translations ] * Finnish (fi.po) by Kimmo Kujansuu s390-dasd (0.0.72) unstable; urgency=medium . * Team upload . [ Updated translations ] * Lithuanian (lt.po) by Gediminas Murauskas s390-dasd (0.0.71) unstable; urgency=medium . * Team upload . [ Updated translations ] * Arabic (ar.po) by Fahim Sabah s390-dasd (0.0.70) unstable; urgency=medium . * Team upload . [ Updated translations ] * Lithuanian (lt.po) by Kornelijus Tvarijanavičius s390-dasd (0.0.69) unstable; urgency=medium . * Team upload . [ Updated translations ] * Greek (el.po) by george k * Hindi (hi.po) by KushagraKarira * Kabyle (kab.po) by Selyan Sliman Amiri * Tamil (ta.po) by Vasudevan Tirumurti s390-dasd (0.0.68) unstable; urgency=medium . * Team upload . [ Philipp Kern ] * Remove myself from uploaders. . [ Updated translations ] * Occitan (oc.po) by Quentin PAGÈS s390-dasd (0.0.67) unstable; urgency=medium . * Team upload . [ Updated translations ] * Basque (eu.po) by Iñaki Larrañaga Murgoitio * Persian (fa.po) by Seyed Hany Hosseini * Norwegian Bokmal (nb.po) by Allan Nordhøy * Serbian (sr.po) by Filipovic Dragan . [ New translations ] * Kabyle (kab.po) by Slimane Selyan Amiri * Occitan (oc.po) by Quentin PAGÈS s390-dasd (0.0.66) unstable; urgency=medium . * Team upload . [ Updated translations ] * Marathi (mr.po) by Prachi Joshi s390-dasd (0.0.65) unstable; urgency=medium . * Team upload . [ Updated translations ] * Croatian (hr.po) by gogogogi * Portuguese (pt.po) by Miguel Figueiredo salt (2018.3.4+dfsg1-6+deb10u3) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * Fix CVE-2020-28243 CVE-2020-28972 CVE-2020-35662 CVE-2021-3148 CVE-2021-3144 CVE-2021-25281 CVE-2021-25282 CVE-2021-25283 CVE-2021-25284 CVE-2021-3197, CVE-2021-31607 and CVE-2021-21996. Multiple security vulnerabilites have been discovered in Salt, a powerful remote execution manager, that allow for local privilege escalation on a minion, server side template injection attacks, insufficient checks for eauth credentials, shell and command injections or incorrect validation of SSL certificates. samba (2:4.9.5+dfsg-5+deb10u3) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * Add patches for CVE-2021-44142 (Closes: #1004693) - CVE-2021-44142: libadouble: add defines for icon lengths - CVE-2021-44142: smbd: add Netatalk xattr used by vfs_fruit to the list of private Samba xattrs - CVE-2021-44142: libadouble: harden ad_unpack_xattrs() - vfs_fruit: CVE-2021-44142 tweak buffer size check - CVE-2021-44142: libadouble: harden parsing code samba (2:4.9.5+dfsg-5+deb10u2) buster-security; urgency=high . * Non-maintainer upload by the Security Team. . [ Salvatore Bonaccorso ] * CVE-2020-25722 Ensure the structural objectclass cannot be changed * CVE-2020-25722 dsdb: Restrict the setting of privileged attributes during LDAP add/modify * s3/auth: use set_current_user_info() in auth3_generate_session_info_pac() * selftest: Fix ktest usermap file * selftest/Samba3: replace (winbindd => "yes", skip_wait => 1) with (winbindd => "offline") * CVE-2020-25719 CVE-2020-25717: selftest: remove "gensec:require_pac" settings * CVE-2020-25717: s3:winbindd: make sure we default to r->out.authoritative = true * CVE-2020-25717: s4:auth/ntlm: make sure auth_check_password() defaults to r->out.authoritative = true * CVE-2020-25717: s4:torture: start with authoritative = 1 * CVE-2020-25717: s4:smb_server: start with authoritative = 1 * CVE-2020-25717: s4:auth_simple: start with authoritative = 1 * CVE-2020-25717: s3:ntlm_auth: start with authoritative = 1 * CVE-2020-25717: s3:torture: start with authoritative = 1 * CVE-2020-25717: s3:rpcclient: start with authoritative = 1 * CVE-2020-25717: s3:auth: start with authoritative = 1 * CVE-2020-25717: auth/ntlmssp: start with authoritative = 1 * CVE-2020-25717: loadparm: Add new parameter "min domain uid" * CVE-2020-25717: s3:auth: let auth3_generate_session_info_pac() forward the low level errors * CVE-2020-25717: s3:auth: Check minimum domain uid * CVE-2020-25717: s3:auth: we should not try to autocreate the guest account * CVE-2020-25717: s3:auth: no longer let check_account() autocreate local users * CVE-2020-25717: s3:auth: remove fallbacks in smb_getpwnam() * CVE-2020-25717: s3:auth: don't let create_local_token depend on !winbind_ping() * CVE-2020-25717: auth/gensec: always require a PAC in domain mode (DC or member) * CVE-2020-25717: s4:auth: remove unused auth_generate_session_info_principal() * CVE-2020-25717: s3:ntlm_auth: fix memory leaks in ntlm_auth_generate_session_info_pac() * CVE-2020-25717: s3:ntlm_auth: let ntlm_auth_generate_session_info_pac() base the name on the PAC LOGON_INFO only * CVE-2020-25717: s3:auth: let auth3_generate_session_info_pac() delegate everything to make_server_info_wbcAuthUserInfo() * CVE-2020-25717: selftest: configure 'ktest' env with winbindd and idmap_autorid * CVE-2020-25717: s3:auth: let auth3_generate_session_info_pac() reject a PAC in standalone mode * CVE-2020-25717: s3:auth: simplify get_user_from_kerberos_info() by removing the unused logon_info argument * CVE-2020-25717: s3:auth: simplify make_session_info_krb5() by removing unused arguments * lib: Add dom_sid_str_buf * CVE-2020-25717: idmap_nss: verify that the name of the sid belongs to the configured domain * CVE-2020-25717: s3:auth: Fallback to a SID/UID based mapping if the named based lookup fails * waf: install: Remove installation of PIDL and manpages. . [ Mathieu Parent ] * Drop libparse-pidl-perl package (Closes: #939419) samba (2:4.9.5+dfsg-5+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * gbp.conf: change debian-branch to buster-security, and merge-mode to merge * CVE-2019-10197: smbd: separate out impersonation debug info into a new function. * CVE-2019-10197: smbd: make sure that change_to_user_internal() always resets current_user.done_chdir. * CVE-2019-10197: smbd: make sure we reset current_user.{need,done}_chdir in become_root() * CVE-2019-10197: selftest: make fsrvp_share its own independent subdirectory. * CVE-2019-10197: test_smbclient_s3.sh: add regression test for the no permission on share root problem. * CVE-2019-10197: smbd: split change_to_user_impersonate() out of change_to_user_internal() sogo (4.0.7-1+deb10u2) buster-security; urgency=high . * [CVE-2021-33054] fixes validation of SAML message signatures (closes: #989479) sphinxsearch (2.2.11-2+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the LTS Team. * CVE-2020-29050 Fix for arbitrary file reads by scattered file snippets spip (3.2.4-1+deb10u7) buster-security; urgency=high . * Backport security fix from 3.2.14 - arbitrary PHP code execution spip (3.2.4-1+deb10u6) buster; urgency=medium . * Document CVE fixed previously * Backport security fixes (XSS) from 3.2.13 spip (3.2.4-1+deb10u5) buster-security; urgency=high . * Backport security fixes from 3.2.12 - SQL injections, remote code execution, XSS squashfs-tools (1:4.3-12+deb10u2) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * unsquashfs: use squashfs_closedir() to delete directory * unsquashfs: dynamically allocate name * unsquashfs: use linked list to store directory names * Unsquashfs: additional write outside destination directory exploit fix (CVE-2021-41072) (Closes: #994262) * Unsquashfs: Add makefile entry for unsquash-12.o strongswan (5.7.2-1+deb10u2) buster-security; urgency=medium . * gbp.conf: revert upstream branch name change for now * eap-authenticator: Enforce failure if MSK generation fails - Fix incorrect handling of Early EAP-Success Messages (CVE-2021-45079) strongswan (5.7.2-1+deb10u1) buster-security; urgency=medium . * Reject RSASSA-PSS params with negative salt length - fix remote denial of service (CVE-2021-41990) * Prevent crash due to integer overflow / sign change - fix remote denial of service (CVE-2021-41991) * d/gbp.conf: track buster-security branches tiff (4.1.0+git191117-2~deb10u3) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * TIFFTAG_PREDICTOR is not supported for WebP (CVE-2020-19143) tomcat9 (9.0.31-1~deb10u6) buster-security; urgency=high . * Team upload. * CVE-2021-30640: Fix NullPointerException. If no userRoleAttribute is specified in the user's Realm configuration its default value will be null. This will cause a NPE in the methods doFilterEscaping and doAttributeValueEscaping. This is upstream bug https://bz.apache.org/bugzilla/show_bug.cgi?id=65308 * Fix CVE-2021-41079: Apache Tomcat did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service. tryton-proteus (5.0.1-3+deb10u1) buster-security; urgency=high . * This release contains fixes for XML parsing vulnerabilities: https://discuss.tryton.org/t/security-release-for-issue11219-and-issue11244/5059 https://bugs.tryton.org/issue11219 (CVE-2022-26661) https://bugs.tryton.org/issue11244 (CVE-2022-26662) tryton-server (5.0.4-2+deb10u1) buster-security; urgency=high . * This release contains fixes for XML parsing vulnerabilities: https://discuss.tryton.org/t/security-release-for-issue11219-and-issue11244/5059 https://bugs.tryton.org/issue11219 (CVE-2022-26661) https://bugs.tryton.org/issue11244 (CVE-2022-26662) tzdata (2021a-0+deb10u3) buster; urgency=medium . * Cherry-pick patches from tzdata-2021d and tzdata-2021e: - 04-fiji-dst.patch: Fiji suspends DST for the 2021/2022 season. - 05-palestine-dst.patch: Palestine will fall back 2021-10-29 (not 2021-10-30) at 01:00. uriparser (0.9.1-1+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * UriNormalize.c: Fix .hostText copying in uriMakeOwnerEngine (CVE-2021-46141) * UriParse.c: Adjust uriFreeUriMembers* to fixed uriMakeOwner* behavior (CVE-2021-46141) * UriNormalize.c: Fix handling of empty segments in uriPreventLeakage (CVE-2021-46142) usbview (2.0-21-g6fe2f4f-2+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * Fix authorization for inactive or arbitrary other users (CVE-2022-23220) * Pass on the command line parameters to GTK only if not invoked via pkexec varnish (6.1.1-1+deb10u3) buster-security; urgency=medium . * Apply upstream patch to fix: VSV00008 Varnish HTTP/1 Request Smuggling Vulnerability (CVE-2022-23959). (Closes: #1004433) varnish (6.1.1-1+deb10u2) buster-security; urgency=medium . * Apply upstream patch from the 6.0.x TLS branch to fix VSV00007: Varnish HTTP/2 Request Smuggling Attack (CVE-2021-36740). (Closes: #991040) vim (2:8.1.0875-5+deb10u2) buster; urgency=medium . * Revert unintentional inclusion of v8.2.3489, which is only relevant to Vim 8.2.3110 and later. vim (2:8.1.0875-5+deb10u1) buster; urgency=medium . * Change gbp.conf and salsa config to use buster * Backport 8.1.0881 and 8.1.0883 to fix CVE-2019-20807 + 8.1.0881: can execute shell commands in rvim through interfaces + 8.1.0883: missing some changes for Ex commands * Backport patches 8.1.0936, 8.2.3402, and 8.2.3403 to fix CVE-2021-3770 (Closes: #994076) + 8.1.0936: may leak memory when using 'vartabstop' + 8.2.3402: invalid memory access when using :retab with large value + 8.2.3403: memory leak for :retab with invalid argument * Backport v8.2.3409 to fix CVE-2021-3778 (Closes: #994498) + 8.2.3409: reading beyond end of line with invalid utf-8 character * Backport v8.2.3428 to fix CVE-2021-3796 (Closes: #994497) + 8.2.3428: using freed memory when replacing * Backport v8.2.3489 to fix CVE-2021-3875 (Closes: #996593) + 8.2.3489: ml_get error after search with range wavpack (5.1.0-6+deb10u1) buster; urgency=medium . * debian/patches: Cherry-pick upstream patches to fix use of uninitialized values. (CVE-2019-1010317, CVE-2019-1010319) (Closes: #932060, #932061) * debian/gbp.conf: Switch to buster branch webkit2gtk (2.34.6-1~deb10u1) buster-security; urgency=high . * Rebuild for buster-security. * debian/patches/force-single-process.patch: + Force the single-process mode in Evolution and Geary * debian/control: + Remove Breaks for Evolution < 3.34.1. + Remove build dependency on libwpebackend-fdo-1.0-dev, libmanette-0.2-dev and liblcms2-dev. + Switch build dependency from libenchant-2-dev to libenchant-dev. + Switch build dependencies on libgl-dev and libgles-dev with libgl1-mesa-dev and libgles2-mesa-dev. * Downgrade xdg-desktop-portal-gtk from a recommendation to a suggestion (See #989307) * debian/rules: + Build with -DENABLE_GAMEPAD=OFF -DUSE_LCMS=OFF. * Set the debhelper compatibility level back to 10. This fixes a dh_dwz error ".debug_info section not present" - Add debian/compat file. - Update build dependency on debhelper. webkit2gtk (2.34.5-1) unstable; urgency=high . * New upstream release. + Fixes CVE-2022-22589, CVE-2022-22590 and CVE-2022-22592. webkit2gtk (2.34.4-1) unstable; urgency=high . * New upstream release. * Set the debhelper compatibility level to 12: - Get rid of debian/compat. - Add build dependency on debhelper-compat. * debian/rules: - Stop using --builddirectory=build, .gir files no longer seem to contain references to the build directory (see the 2.27.90-1 entry for more details). * debian/copyright: + Update copyright years. webkit2gtk (2.34.4-1~deb11u1) bullseye-security; urgency=high . * Rebuild for bullseye-security. - Fixes CVE-2021-30934, CVE-2021-30936, CVE-2021-30951, CVE-2021-30952, CVE-2021-30953, CVE-2021-30954, CVE-2021-30984. webkit2gtk (2.34.4-1~deb10u1) buster-security; urgency=high . * Rebuild for buster-security. - Fixes CVE-2021-30934, CVE-2021-30936, CVE-2021-30951, CVE-2021-30952, CVE-2021-30953, CVE-2021-30954, CVE-2021-30984. * debian/patches/force-single-process.patch: + Force the single-process mode in Evolution and Geary * debian/control: + Remove Breaks for Evolution < 3.34.1. + Remove build dependency on libwpebackend-fdo-1.0-dev, libmanette-0.2-dev and liblcms2-dev. + Switch build dependency from libenchant-2-dev to libenchant-dev. + Switch build dependencies on libgl-dev and libgles-dev with libgl1-mesa-dev and libgles2-mesa-dev. * Downgrade xdg-desktop-portal-gtk from a recommendation to a suggestion (See #989307) * debian/rules: + Build with -DENABLE_GAMEPAD=OFF -DUSE_LCMS=OFF. * Set the debhelper compatibility level back to 10. This fixes a dh_dwz error ".debug_info section not present" - Add debian/compat file. - Update build dependency on debhelper. webkit2gtk (2.34.3-1) unstable; urgency=high . [ Alberto Garcia ] * New upstream release. * The WebKitGTK security advisory WSA-2021-0007 lists the following security fixes in the latest versions of WebKitGTK: + CVE-2021-30809, CVE-2021-30836 (fixed in 2.32.4). + CVE-2021-30818, CVE-2021-30823, CVE-2021-30884, CVE-2021-30888, CVE-2021-30889, CVE-2021-30897 (fixed in 2.34.0). + CVE-2021-30887, CVE-2021-30890 (fixed in 2.34.3). . [ Sebastien Bacher ] * debian/rules: + Explicitly disable lto since when it's on the build is failing, that doesn't impact Debian by default but is an issue on Ubuntu. (Closes: #1000598) + Don't recommend xdg-desktop-portal-gtk on Ubuntu i386, it's a partial architecture and the binary doesn't exist (Closes: #1000599). webkit2gtk (2.34.3-1~deb11u1) bullseye-security; urgency=high . * Rebuild for bullseye-security. + Fixes CVE-2021-30887, CVE-2021-30890. webkit2gtk (2.34.3-1~deb10u1) buster-security; urgency=high . * Rebuild for buster-security. + Fixes CVE-2021-30887, CVE-2021-30890. * debian/patches/force-single-process.patch: + Force the single-process mode in Evolution and Geary * debian/control: + Remove Breaks for Evolution < 3.34.1. + Remove build dependency on libwpebackend-fdo-1.0-dev, libmanette-0.2-dev and liblcms2-dev. + Switch build dependency from libenchant-2-dev to libenchant-dev. + Switch build dependencies on libgl-dev and libgles-dev with libgl1-mesa-dev and libgles2-mesa-dev. * Downgrade xdg-desktop-portal-gtk from a recommendation to a suggestion (See #989307) * debian/rules: + Build with -DENABLE_GAMEPAD=OFF -DUSE_LCMS=OFF. webkit2gtk (2.34.2-1) unstable; urgency=medium . * New upstream release. webkit2gtk (2.34.2-1~bpo11+1) bullseye-backports; urgency=medium . * Rebuild for bullseye-backports. webkit2gtk (2.34.1-1) unstable; urgency=high . [ Alberto Garcia ] * New upstream release. * debian/rules: + Build with -O1 in sh3 and sh4 (Closes: #995717). * debian/copyright: + Update copyright information of all files. * debian/libwebkit2gtk-4.0-37.symbols: + Update symbols. * debian/libwebkit2gtk-4.0-37.lintian-overrides: + Override library-not-linked-against-libc. * debian/source/lintian-overrides: + Update source-is-missing overrides. * debian/control: + Update Standards-Version to 4.6.0.1 (no changes). . [ Sebastien Bacher ] * debian/control, debian/rules: + handle gstreamer1.0-plugins-bad with the same Ubuntu override than libav, it's also in universe (Closes: #995166). webkit2gtk (2.34.1-1~deb11u1) bullseye-security; urgency=high . * Rebuild for bullseye-security. + Fixes CVE-2021-30846, CVE-2021-30851 and CVE-2021-42762. webkit2gtk (2.34.1-1~deb10u1) buster-security; urgency=high . * Rebuild for buster-security. + Fixes CVE-2021-30846, CVE-2021-30851 and CVE-2021-42762. * debian/patches/force-single-process.patch: + Force the single-process mode in Evolution and Geary * debian/control: + Remove Breaks for Evolution < 3.34.1. + Remove build dependency on libwpebackend-fdo-1.0-dev, libmanette-0.2-dev and liblcms2-dev. + Switch build dependency from libenchant-2-dev to libenchant-dev. + Switch build dependencies on libgl-dev and libgles-dev with libgl1-mesa-dev and libgles2-mesa-dev. * Downgrade xdg-desktop-portal-gtk from a recommendation to a suggestion (See #989307) * debian/rules: + Build with -DENABLE_GAMEPAD=OFF -DUSE_LCMS=OFF. webkit2gtk (2.34.0-1) unstable; urgency=medium . * New upstream release. * Bring all changes from the 2.33 (experimental) branch. * debian/rules: + Build with -DUSE_SOUP2=ON. * debian/control: + Add build dependency on liblcms2-dev (bug #880697). + Remove the dummy libwebkit2gtk-4.0-37-gtk2 package. * debian/copyright: + Update copyright information of all files. * debian/gbp.conf: + Update upstream branch name. * debian/libwebkit2gtk-4.0-37.symbols: + Update symbols. * debian/source/lintian-overrides: + Update source-is-missing overrides. * Refresh all patches. webkit2gtk (2.34.0-1~bpo11+1) bullseye-backports; urgency=medium . * Rebuild for bullseye-backports. . webkit2gtk (2.34.0-1) unstable; urgency=medium . * New upstream release. * Bring all changes from the 2.33 (experimental) branch. * debian/rules: + Build with -DUSE_SOUP2=ON. * debian/control: + Add build dependency on liblcms2-dev (bug #880697). + Remove the dummy libwebkit2gtk-4.0-37-gtk2 package. * debian/copyright: + Update copyright information of all files. * debian/gbp.conf: + Update upstream branch name. * debian/libwebkit2gtk-4.0-37.symbols: + Update symbols. * debian/source/lintian-overrides: + Update source-is-missing overrides. * Refresh all patches. webkit2gtk (2.33.91-1) experimental; urgency=medium . * New upstream development release. * debian/source/lintian-overrides: + Update source-is-missing override. webkit2gtk (2.33.90-1) experimental; urgency=medium . * New upstream development release. * Refresh all patches and drop debian/patches/fix-gtkdoc-build. * debian/copyright: + Update copyright information of all files. * debian/libwebkit2gtk-4.0-37.symbols: + Update symbols. * debian/source/lintian-overrides: + Update source-is-missing override. webkit2gtk (2.33.3-1) experimental; urgency=medium . * New upstream development release. * Refresh all patches. * debian/patches/fix-gtkdoc-build.patch: + Fix gtk-doc build (WebKit bug #229152). * debian/control: + Remove the dummy libwebkit2gtk-4.0-37-gtk2 package. * debian/libwebkit2gtk-4.0-37.symbols: + Update symbols. * debian/source/lintian-overrides: + Update source-is-missing override. webkit2gtk (2.33.2-1) experimental; urgency=medium . * New upstream development release. * Update fix-ftbfs-m68k.patch and drop fix-mips-page-size.patch. * debian/libwebkit2gtk-4.0-37.symbols: + Update symbols. * debian/copyright: + Update copyright information of all files. webkit2gtk (2.33.1-1) experimental; urgency=medium . * New upstream development release. * debian/patches/fix-ftbfs-m68k.patch: + Compile BytecodeGenerator.cpp without optimizations on m68k and sh4, otherwise the build fails due to gcc bugs. * debian/watch, debian/gbp.conf: + Update for 2.33.x packages in experimental. * Refresh all patches. * debian/rules: + Build with -DUSE_SOUP2=ON. * debian/libwebkit2gtk-4.0-37.symbols: + Update symbols. * debian/copyright: + Update copyright information of all files. * debian/control: + Add build dependency on liblcms2-dev (Closes: #880697). * debian/source/lintian-overrides: + Update source-is-missing override. webkit2gtk (2.32.4-1) unstable; urgency=high . * New upstream release. * debian/source/lintian-overrides: + Update source-is-missing overrides. webkit2gtk (2.32.4-1~deb11u1) bullseye-security; urgency=high . * Rebuild for bullseye-security. + Fixes CVE-2021-30858. weechat (2.3-1+deb10u1) buster; urgency=medium . * Non-maintainer upload. * CVE-2020-8955: A crafted irc message 324 (channel mode) could result in a crash. (Closes: #951289) * CVE-2020-9759: A crafted irc message 352 (who) could result in a crash. * CVE-2020-9760: A crafted irc message 005 (setting a new mode for a nick) could result in a crash. * CVE-2021-40516: A crafted WebSocket frame could result in a crash in the Relay plugin. (Closes: #993803) wireshark (2.6.20-0+deb10u3) buster; urgency=medium . * Non-maintainer upload. * CVE-2021-22207: Excessive memory consumption in the MS-WSP dissector. (Closes: #987853) * CVE-2021-22235: Crash in the DNP dissector. * CVE-2021-39921: NULL pointer exception in the Modbus dissector. * CVE-2021-39922: Buffer overflow in the C12.22 dissector. * CVE-2021-39923: Large loop in the PNRP dissector. * CVE-2021-39924: Large loop in the Bluetooth DHT dissector. * CVE-2021-39928: NULL pointer exception in the IEEE 802.11 dissector. * CVE-2021-39929: Uncontrolled Recursion in the Bluetooth DHT dissector. wireshark (2.6.20-0+deb10u2) buster-security; urgency=medium . * debian/watch: Get upstream releases from gitlab * debian/rules: Ignore failing tests on architectures where Lua tests are failing * Fix buffer overflow in the Bluetooth SDP dissector (CVE-2021-39925) * debian/gitlab-ci.yml: Test against buster wordpress (5.0.15+dfsg1-0+deb10u1) buster-security; urgency=high . * Upstream security release Closes: #1003243 - CVE-2022-21662 - Stored XSS through authenticated users - CVE-2022-21663 - Authenticated Object Injection in Multisites - CVE-2022-21661 - WordPress: SQL Injection through WP_Query - CVE-2022-21664 - SQL injection due to improper sanitization in WP_Meta_Query wordpress (5.0.14+dfsg1-0+deb10u1) buster-security; urgency=high . * Security release, fixes 1 bug: - CVE-2021-39201 - XSS in editor Closes: #994059 xorg-server (2:1.20.4-1+deb10u4) buster-security; urgency=high . * record: Fix out of bounds access in SwapCreateRegister() [CVE-2021-4011] * xfixes: Fix out of bounds access in *ProcXFixesCreatePointerBarrier() [CVE-2021-4009] * Xext: Fix out of bounds access in SProcScreenSaverSuspend() [CVE-2021-4010] * render: Fix out of bounds access in SProcRenderCompositeGlyphs() [CVE-2021-4008] xterm (344-1+deb10u2) buster; urgency=medium . * Cherry-pick sixel graphics fixes from xterm 370d and 370f. - Check for out-of-bounds condition while drawing sixels, and quit that operation (report by Nick Black (CVE-2022-24130), Closes: #1004689). zsh (5.7.1-1+deb10u1) buster-security; urgency=high . * [5931be85] Cherry-pick zsh 5.8.1 fixes for CVE-2021-45444 for Buster. * [1894b185] Update CVE-2021-45444 patches to fit NEWS, README and ChangeLog of the 5.7.1 upstream release. * [42c0fa26] Install new Etc/CVE-2021-45444-VCS_Info-workaround.patch into zsh-doc. It is not relevant for Debian's package but gives hints about CVE-2021-45444 mitigations on other platforms which aren't updated yet. * [ce21df9c] Update cherry-pick-CVE-2021-45444_2.patch to use a file name without blanks as actually used in the final 5.8.1 release. zziplib (0.13.62-3.2+deb10u1) buster; urgency=high . * Non-maintainer upload by the LTS Team. * CVE-2020-18442 Because of mishandling a return value, an attacker might cause a denial of service due to an infinite loop. ======================================== Sat, 09 Oct 2021 - Debian 10.11 released ======================================== ========================================================================= [Date: Sat, 09 Oct 2021 10:11:29 -0000] [ftpmaster: Mark Hymers] Removed the following packages from oldstable: linux-headers-4.19.0-16-all-amd64 | 4.19.181-1 | amd64 linux-headers-4.19.0-16-amd64 | 4.19.181-1 | amd64 linux-headers-4.19.0-16-cloud-amd64 | 4.19.181-1 | amd64 linux-headers-4.19.0-16-rt-amd64 | 4.19.181-1 | amd64 linux-image-4.19.0-16-amd64-dbg | 4.19.181-1 | amd64 linux-image-4.19.0-16-amd64-unsigned | 4.19.181-1 | amd64 linux-image-4.19.0-16-cloud-amd64-dbg | 4.19.181-1 | amd64 linux-image-4.19.0-16-cloud-amd64-unsigned | 4.19.181-1 | amd64 linux-image-4.19.0-16-rt-amd64-dbg | 4.19.181-1 | amd64 linux-image-4.19.0-16-rt-amd64-unsigned | 4.19.181-1 | amd64 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 09 Oct 2021 10:11:37 -0000] [ftpmaster: Mark Hymers] Removed the following packages from oldstable: linux-headers-4.19.0-16-all-mipsel | 4.19.181-1 | mipsel ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 09 Oct 2021 10:11:46 -0000] [ftpmaster: Mark Hymers] Removed the following packages from oldstable: ata-modules-4.19.0-16-powerpc64le-di | 4.19.181-1 | ppc64el btrfs-modules-4.19.0-16-powerpc64le-di | 4.19.181-1 | ppc64el cdrom-core-modules-4.19.0-16-powerpc64le-di | 4.19.181-1 | ppc64el compress-modules-4.19.0-16-powerpc64le-di | 4.19.181-1 | ppc64el crc-modules-4.19.0-16-powerpc64le-di | 4.19.181-1 | ppc64el crypto-dm-modules-4.19.0-16-powerpc64le-di | 4.19.181-1 | ppc64el crypto-modules-4.19.0-16-powerpc64le-di | 4.19.181-1 | ppc64el event-modules-4.19.0-16-powerpc64le-di | 4.19.181-1 | ppc64el ext4-modules-4.19.0-16-powerpc64le-di | 4.19.181-1 | ppc64el fancontrol-modules-4.19.0-16-powerpc64le-di | 4.19.181-1 | ppc64el fat-modules-4.19.0-16-powerpc64le-di | 4.19.181-1 | ppc64el fb-modules-4.19.0-16-powerpc64le-di | 4.19.181-1 | ppc64el firewire-core-modules-4.19.0-16-powerpc64le-di | 4.19.181-1 | ppc64el fuse-modules-4.19.0-16-powerpc64le-di | 4.19.181-1 | ppc64el hypervisor-modules-4.19.0-16-powerpc64le-di | 4.19.181-1 | ppc64el i2c-modules-4.19.0-16-powerpc64le-di | 4.19.181-1 | ppc64el input-modules-4.19.0-16-powerpc64le-di | 4.19.181-1 | ppc64el isofs-modules-4.19.0-16-powerpc64le-di | 4.19.181-1 | ppc64el jfs-modules-4.19.0-16-powerpc64le-di | 4.19.181-1 | ppc64el kernel-image-4.19.0-16-powerpc64le-di | 4.19.181-1 | ppc64el linux-headers-4.19.0-16-all-ppc64el | 4.19.181-1 | ppc64el linux-headers-4.19.0-16-powerpc64le | 4.19.181-1 | ppc64el linux-image-4.19.0-16-powerpc64le | 4.19.181-1 | ppc64el linux-image-4.19.0-16-powerpc64le-dbg | 4.19.181-1 | ppc64el loop-modules-4.19.0-16-powerpc64le-di | 4.19.181-1 | ppc64el md-modules-4.19.0-16-powerpc64le-di | 4.19.181-1 | ppc64el mouse-modules-4.19.0-16-powerpc64le-di | 4.19.181-1 | ppc64el mtd-core-modules-4.19.0-16-powerpc64le-di | 4.19.181-1 | ppc64el multipath-modules-4.19.0-16-powerpc64le-di | 4.19.181-1 | ppc64el nbd-modules-4.19.0-16-powerpc64le-di | 4.19.181-1 | ppc64el nic-modules-4.19.0-16-powerpc64le-di | 4.19.181-1 | ppc64el nic-shared-modules-4.19.0-16-powerpc64le-di | 4.19.181-1 | ppc64el nic-usb-modules-4.19.0-16-powerpc64le-di | 4.19.181-1 | ppc64el nic-wireless-modules-4.19.0-16-powerpc64le-di | 4.19.181-1 | ppc64el ppp-modules-4.19.0-16-powerpc64le-di | 4.19.181-1 | ppc64el sata-modules-4.19.0-16-powerpc64le-di | 4.19.181-1 | ppc64el scsi-core-modules-4.19.0-16-powerpc64le-di | 4.19.181-1 | ppc64el scsi-modules-4.19.0-16-powerpc64le-di | 4.19.181-1 | ppc64el scsi-nic-modules-4.19.0-16-powerpc64le-di | 4.19.181-1 | ppc64el serial-modules-4.19.0-16-powerpc64le-di | 4.19.181-1 | ppc64el squashfs-modules-4.19.0-16-powerpc64le-di | 4.19.181-1 | ppc64el udf-modules-4.19.0-16-powerpc64le-di | 4.19.181-1 | ppc64el uinput-modules-4.19.0-16-powerpc64le-di | 4.19.181-1 | ppc64el usb-modules-4.19.0-16-powerpc64le-di | 4.19.181-1 | ppc64el usb-serial-modules-4.19.0-16-powerpc64le-di | 4.19.181-1 | ppc64el usb-storage-modules-4.19.0-16-powerpc64le-di | 4.19.181-1 | ppc64el xfs-modules-4.19.0-16-powerpc64le-di | 4.19.181-1 | ppc64el ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 09 Oct 2021 10:11:54 -0000] [ftpmaster: Mark Hymers] Removed the following packages from oldstable: btrfs-modules-4.19.0-16-s390x-di | 4.19.181-1 | s390x cdrom-core-modules-4.19.0-16-s390x-di | 4.19.181-1 | s390x compress-modules-4.19.0-16-s390x-di | 4.19.181-1 | s390x crc-modules-4.19.0-16-s390x-di | 4.19.181-1 | s390x crypto-dm-modules-4.19.0-16-s390x-di | 4.19.181-1 | s390x crypto-modules-4.19.0-16-s390x-di | 4.19.181-1 | s390x dasd-extra-modules-4.19.0-16-s390x-di | 4.19.181-1 | s390x dasd-modules-4.19.0-16-s390x-di | 4.19.181-1 | s390x ext4-modules-4.19.0-16-s390x-di | 4.19.181-1 | s390x fat-modules-4.19.0-16-s390x-di | 4.19.181-1 | s390x fuse-modules-4.19.0-16-s390x-di | 4.19.181-1 | s390x isofs-modules-4.19.0-16-s390x-di | 4.19.181-1 | s390x kernel-image-4.19.0-16-s390x-di | 4.19.181-1 | s390x linux-headers-4.19.0-16-all-s390x | 4.19.181-1 | s390x linux-headers-4.19.0-16-s390x | 4.19.181-1 | s390x linux-image-4.19.0-16-s390x | 4.19.181-1 | s390x linux-image-4.19.0-16-s390x-dbg | 4.19.181-1 | s390x loop-modules-4.19.0-16-s390x-di | 4.19.181-1 | s390x md-modules-4.19.0-16-s390x-di | 4.19.181-1 | s390x mtd-core-modules-4.19.0-16-s390x-di | 4.19.181-1 | s390x multipath-modules-4.19.0-16-s390x-di | 4.19.181-1 | s390x nbd-modules-4.19.0-16-s390x-di | 4.19.181-1 | s390x nic-modules-4.19.0-16-s390x-di | 4.19.181-1 | s390x scsi-core-modules-4.19.0-16-s390x-di | 4.19.181-1 | s390x scsi-modules-4.19.0-16-s390x-di | 4.19.181-1 | s390x udf-modules-4.19.0-16-s390x-di | 4.19.181-1 | s390x xfs-modules-4.19.0-16-s390x-di | 4.19.181-1 | s390x zlib-modules-4.19.0-16-s390x-di | 4.19.181-1 | s390x ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 09 Oct 2021 10:12:11 -0000] [ftpmaster: Mark Hymers] Removed the following packages from oldstable: linux-headers-4.19.0-16-all | 4.19.181-1 | amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 09 Oct 2021 10:12:19 -0000] [ftpmaster: Mark Hymers] Removed the following packages from oldstable: linux-headers-4.19.0-16-all-arm64 | 4.19.181-1 | arm64 linux-headers-4.19.0-16-arm64 | 4.19.181-1 | arm64 linux-headers-4.19.0-16-rt-arm64 | 4.19.181-1 | arm64 linux-image-4.19.0-16-arm64-dbg | 4.19.181-1 | arm64 linux-image-4.19.0-16-arm64-unsigned | 4.19.181-1 | arm64 linux-image-4.19.0-16-rt-arm64-dbg | 4.19.181-1 | arm64 linux-image-4.19.0-16-rt-arm64-unsigned | 4.19.181-1 | arm64 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 09 Oct 2021 10:12:26 -0000] [ftpmaster: Mark Hymers] Removed the following packages from oldstable: btrfs-modules-4.19.0-16-marvell-di | 4.19.181-1 | armel cdrom-core-modules-4.19.0-16-marvell-di | 4.19.181-1 | armel compress-modules-4.19.0-16-marvell-di | 4.19.181-1 | armel crc-modules-4.19.0-16-marvell-di | 4.19.181-1 | armel crypto-dm-modules-4.19.0-16-marvell-di | 4.19.181-1 | armel crypto-modules-4.19.0-16-marvell-di | 4.19.181-1 | armel event-modules-4.19.0-16-marvell-di | 4.19.181-1 | armel ext4-modules-4.19.0-16-marvell-di | 4.19.181-1 | armel fat-modules-4.19.0-16-marvell-di | 4.19.181-1 | armel fb-modules-4.19.0-16-marvell-di | 4.19.181-1 | armel fuse-modules-4.19.0-16-marvell-di | 4.19.181-1 | armel input-modules-4.19.0-16-marvell-di | 4.19.181-1 | armel ipv6-modules-4.19.0-16-marvell-di | 4.19.181-1 | armel isofs-modules-4.19.0-16-marvell-di | 4.19.181-1 | armel jffs2-modules-4.19.0-16-marvell-di | 4.19.181-1 | armel jfs-modules-4.19.0-16-marvell-di | 4.19.181-1 | armel kernel-image-4.19.0-16-marvell-di | 4.19.181-1 | armel leds-modules-4.19.0-16-marvell-di | 4.19.181-1 | armel linux-headers-4.19.0-16-all-armel | 4.19.181-1 | armel linux-headers-4.19.0-16-marvell | 4.19.181-1 | armel linux-headers-4.19.0-16-rpi | 4.19.181-1 | armel linux-image-4.19.0-16-marvell | 4.19.181-1 | armel linux-image-4.19.0-16-marvell-dbg | 4.19.181-1 | armel linux-image-4.19.0-16-rpi | 4.19.181-1 | armel linux-image-4.19.0-16-rpi-dbg | 4.19.181-1 | armel loop-modules-4.19.0-16-marvell-di | 4.19.181-1 | armel md-modules-4.19.0-16-marvell-di | 4.19.181-1 | armel minix-modules-4.19.0-16-marvell-di | 4.19.181-1 | armel mmc-core-modules-4.19.0-16-marvell-di | 4.19.181-1 | armel mmc-modules-4.19.0-16-marvell-di | 4.19.181-1 | armel mouse-modules-4.19.0-16-marvell-di | 4.19.181-1 | armel mtd-core-modules-4.19.0-16-marvell-di | 4.19.181-1 | armel mtd-modules-4.19.0-16-marvell-di | 4.19.181-1 | armel multipath-modules-4.19.0-16-marvell-di | 4.19.181-1 | armel nbd-modules-4.19.0-16-marvell-di | 4.19.181-1 | armel nic-modules-4.19.0-16-marvell-di | 4.19.181-1 | armel nic-shared-modules-4.19.0-16-marvell-di | 4.19.181-1 | armel nic-usb-modules-4.19.0-16-marvell-di | 4.19.181-1 | armel ppp-modules-4.19.0-16-marvell-di | 4.19.181-1 | armel sata-modules-4.19.0-16-marvell-di | 4.19.181-1 | armel scsi-core-modules-4.19.0-16-marvell-di | 4.19.181-1 | armel squashfs-modules-4.19.0-16-marvell-di | 4.19.181-1 | armel udf-modules-4.19.0-16-marvell-di | 4.19.181-1 | armel uinput-modules-4.19.0-16-marvell-di | 4.19.181-1 | armel usb-modules-4.19.0-16-marvell-di | 4.19.181-1 | armel usb-serial-modules-4.19.0-16-marvell-di | 4.19.181-1 | armel usb-storage-modules-4.19.0-16-marvell-di | 4.19.181-1 | armel zlib-modules-4.19.0-16-marvell-di | 4.19.181-1 | armel ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 09 Oct 2021 10:12:33 -0000] [ftpmaster: Mark Hymers] Removed the following packages from oldstable: ata-modules-4.19.0-16-armmp-di | 4.19.181-1 | armhf btrfs-modules-4.19.0-16-armmp-di | 4.19.181-1 | armhf cdrom-core-modules-4.19.0-16-armmp-di | 4.19.181-1 | armhf compress-modules-4.19.0-16-armmp-di | 4.19.181-1 | armhf crc-modules-4.19.0-16-armmp-di | 4.19.181-1 | armhf crypto-dm-modules-4.19.0-16-armmp-di | 4.19.181-1 | armhf crypto-modules-4.19.0-16-armmp-di | 4.19.181-1 | armhf efi-modules-4.19.0-16-armmp-di | 4.19.181-1 | armhf event-modules-4.19.0-16-armmp-di | 4.19.181-1 | armhf ext4-modules-4.19.0-16-armmp-di | 4.19.181-1 | armhf fat-modules-4.19.0-16-armmp-di | 4.19.181-1 | armhf fb-modules-4.19.0-16-armmp-di | 4.19.181-1 | armhf fuse-modules-4.19.0-16-armmp-di | 4.19.181-1 | armhf i2c-modules-4.19.0-16-armmp-di | 4.19.181-1 | armhf input-modules-4.19.0-16-armmp-di | 4.19.181-1 | armhf isofs-modules-4.19.0-16-armmp-di | 4.19.181-1 | armhf jfs-modules-4.19.0-16-armmp-di | 4.19.181-1 | armhf kernel-image-4.19.0-16-armmp-di | 4.19.181-1 | armhf leds-modules-4.19.0-16-armmp-di | 4.19.181-1 | armhf linux-headers-4.19.0-16-all-armhf | 4.19.181-1 | armhf linux-headers-4.19.0-16-armmp | 4.19.181-1 | armhf linux-headers-4.19.0-16-armmp-lpae | 4.19.181-1 | armhf linux-headers-4.19.0-16-rt-armmp | 4.19.181-1 | armhf linux-image-4.19.0-16-armmp | 4.19.181-1 | armhf linux-image-4.19.0-16-armmp-dbg | 4.19.181-1 | armhf linux-image-4.19.0-16-armmp-lpae | 4.19.181-1 | armhf linux-image-4.19.0-16-armmp-lpae-dbg | 4.19.181-1 | armhf linux-image-4.19.0-16-rt-armmp | 4.19.181-1 | armhf linux-image-4.19.0-16-rt-armmp-dbg | 4.19.181-1 | armhf loop-modules-4.19.0-16-armmp-di | 4.19.181-1 | armhf md-modules-4.19.0-16-armmp-di | 4.19.181-1 | armhf mmc-modules-4.19.0-16-armmp-di | 4.19.181-1 | armhf mtd-modules-4.19.0-16-armmp-di | 4.19.181-1 | armhf multipath-modules-4.19.0-16-armmp-di | 4.19.181-1 | armhf nbd-modules-4.19.0-16-armmp-di | 4.19.181-1 | armhf nic-modules-4.19.0-16-armmp-di | 4.19.181-1 | armhf nic-shared-modules-4.19.0-16-armmp-di | 4.19.181-1 | armhf nic-usb-modules-4.19.0-16-armmp-di | 4.19.181-1 | armhf nic-wireless-modules-4.19.0-16-armmp-di | 4.19.181-1 | armhf pata-modules-4.19.0-16-armmp-di | 4.19.181-1 | armhf ppp-modules-4.19.0-16-armmp-di | 4.19.181-1 | armhf sata-modules-4.19.0-16-armmp-di | 4.19.181-1 | armhf scsi-core-modules-4.19.0-16-armmp-di | 4.19.181-1 | armhf scsi-modules-4.19.0-16-armmp-di | 4.19.181-1 | armhf scsi-nic-modules-4.19.0-16-armmp-di | 4.19.181-1 | armhf squashfs-modules-4.19.0-16-armmp-di | 4.19.181-1 | armhf udf-modules-4.19.0-16-armmp-di | 4.19.181-1 | armhf uinput-modules-4.19.0-16-armmp-di | 4.19.181-1 | armhf usb-modules-4.19.0-16-armmp-di | 4.19.181-1 | armhf usb-serial-modules-4.19.0-16-armmp-di | 4.19.181-1 | armhf usb-storage-modules-4.19.0-16-armmp-di | 4.19.181-1 | armhf zlib-modules-4.19.0-16-armmp-di | 4.19.181-1 | armhf ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 09 Oct 2021 10:12:40 -0000] [ftpmaster: Mark Hymers] Removed the following packages from oldstable: linux-headers-4.19.0-16-686 | 4.19.181-1 | i386 linux-headers-4.19.0-16-686-pae | 4.19.181-1 | i386 linux-headers-4.19.0-16-all-i386 | 4.19.181-1 | i386 linux-headers-4.19.0-16-rt-686-pae | 4.19.181-1 | i386 linux-image-4.19.0-16-686-dbg | 4.19.181-1 | i386 linux-image-4.19.0-16-686-pae-dbg | 4.19.181-1 | i386 linux-image-4.19.0-16-686-pae-unsigned | 4.19.181-1 | i386 linux-image-4.19.0-16-686-unsigned | 4.19.181-1 | i386 linux-image-4.19.0-16-rt-686-pae-dbg | 4.19.181-1 | i386 linux-image-4.19.0-16-rt-686-pae-unsigned | 4.19.181-1 | i386 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 09 Oct 2021 10:12:47 -0000] [ftpmaster: Mark Hymers] Removed the following packages from oldstable: linux-headers-4.19.0-16-all-mips | 4.19.181-1 | mips ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 09 Oct 2021 10:12:58 -0000] [ftpmaster: Mark Hymers] Removed the following packages from oldstable: affs-modules-4.19.0-16-octeon-di | 4.19.181-1 | mips, mips64el, mipsel btrfs-modules-4.19.0-16-octeon-di | 4.19.181-1 | mips, mips64el, mipsel cdrom-core-modules-4.19.0-16-octeon-di | 4.19.181-1 | mips, mips64el, mipsel compress-modules-4.19.0-16-octeon-di | 4.19.181-1 | mips, mips64el, mipsel crc-modules-4.19.0-16-octeon-di | 4.19.181-1 | mips, mips64el, mipsel crypto-dm-modules-4.19.0-16-octeon-di | 4.19.181-1 | mips, mips64el, mipsel crypto-modules-4.19.0-16-octeon-di | 4.19.181-1 | mips, mips64el, mipsel event-modules-4.19.0-16-octeon-di | 4.19.181-1 | mips, mips64el, mipsel ext4-modules-4.19.0-16-octeon-di | 4.19.181-1 | mips, mips64el, mipsel fat-modules-4.19.0-16-octeon-di | 4.19.181-1 | mips, mips64el, mipsel fuse-modules-4.19.0-16-octeon-di | 4.19.181-1 | mips, mips64el, mipsel hfs-modules-4.19.0-16-octeon-di | 4.19.181-1 | mips, mips64el, mipsel input-modules-4.19.0-16-octeon-di | 4.19.181-1 | mips, mips64el, mipsel isofs-modules-4.19.0-16-octeon-di | 4.19.181-1 | mips, mips64el, mipsel jfs-modules-4.19.0-16-octeon-di | 4.19.181-1 | mips, mips64el, mipsel kernel-image-4.19.0-16-octeon-di | 4.19.181-1 | mips, mips64el, mipsel linux-headers-4.19.0-16-5kc-malta | 4.19.181-1 | mips, mips64el, mipsel linux-headers-4.19.0-16-octeon | 4.19.181-1 | mips, mips64el, mipsel linux-image-4.19.0-16-5kc-malta | 4.19.181-1 | mips, mips64el, mipsel linux-image-4.19.0-16-5kc-malta-dbg | 4.19.181-1 | mips, mips64el, mipsel linux-image-4.19.0-16-octeon | 4.19.181-1 | mips, mips64el, mipsel linux-image-4.19.0-16-octeon-dbg | 4.19.181-1 | mips, mips64el, mipsel loop-modules-4.19.0-16-octeon-di | 4.19.181-1 | mips, mips64el, mipsel md-modules-4.19.0-16-octeon-di | 4.19.181-1 | mips, mips64el, mipsel minix-modules-4.19.0-16-octeon-di | 4.19.181-1 | mips, mips64el, mipsel multipath-modules-4.19.0-16-octeon-di | 4.19.181-1 | mips, mips64el, mipsel nbd-modules-4.19.0-16-octeon-di | 4.19.181-1 | mips, mips64el, mipsel nic-modules-4.19.0-16-octeon-di | 4.19.181-1 | mips, mips64el, mipsel nic-shared-modules-4.19.0-16-octeon-di | 4.19.181-1 | mips, mips64el, mipsel nic-usb-modules-4.19.0-16-octeon-di | 4.19.181-1 | mips, mips64el, mipsel nic-wireless-modules-4.19.0-16-octeon-di | 4.19.181-1 | mips, mips64el, mipsel pata-modules-4.19.0-16-octeon-di | 4.19.181-1 | mips, mips64el, mipsel ppp-modules-4.19.0-16-octeon-di | 4.19.181-1 | mips, mips64el, mipsel rtc-modules-4.19.0-16-octeon-di | 4.19.181-1 | mips, mips64el, mipsel sata-modules-4.19.0-16-octeon-di | 4.19.181-1 | mips, mips64el, mipsel scsi-core-modules-4.19.0-16-octeon-di | 4.19.181-1 | mips, mips64el, mipsel scsi-modules-4.19.0-16-octeon-di | 4.19.181-1 | mips, mips64el, mipsel scsi-nic-modules-4.19.0-16-octeon-di | 4.19.181-1 | mips, mips64el, mipsel sound-modules-4.19.0-16-octeon-di | 4.19.181-1 | mips, mips64el, mipsel squashfs-modules-4.19.0-16-octeon-di | 4.19.181-1 | mips, mips64el, mipsel udf-modules-4.19.0-16-octeon-di | 4.19.181-1 | mips, mips64el, mipsel usb-modules-4.19.0-16-octeon-di | 4.19.181-1 | mips, mips64el, mipsel usb-serial-modules-4.19.0-16-octeon-di | 4.19.181-1 | mips, mips64el, mipsel usb-storage-modules-4.19.0-16-octeon-di | 4.19.181-1 | mips, mips64el, mipsel xfs-modules-4.19.0-16-octeon-di | 4.19.181-1 | mips, mips64el, mipsel zlib-modules-4.19.0-16-octeon-di | 4.19.181-1 | mips, mips64el, mipsel ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 09 Oct 2021 10:13:09 -0000] [ftpmaster: Mark Hymers] Removed the following packages from oldstable: affs-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel ata-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel btrfs-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel cdrom-core-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel compress-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel crc-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel crypto-dm-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel crypto-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel event-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel ext4-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel fat-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel fb-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel fuse-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel hfs-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel i2c-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel input-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel isofs-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel jfs-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel kernel-image-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel linux-headers-4.19.0-16-4kc-malta | 4.19.181-1 | mips, mipsel linux-image-4.19.0-16-4kc-malta | 4.19.181-1 | mips, mipsel linux-image-4.19.0-16-4kc-malta-dbg | 4.19.181-1 | mips, mipsel loop-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel md-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel minix-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel mmc-core-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel mmc-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel mouse-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel mtd-core-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel multipath-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel nbd-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel nic-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel nic-shared-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel nic-usb-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel nic-wireless-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel pata-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel ppp-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel sata-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel scsi-core-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel scsi-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel scsi-nic-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel sound-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel squashfs-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel udf-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel usb-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel usb-serial-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel usb-storage-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel xfs-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel zlib-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 09 Oct 2021 10:13:17 -0000] [ftpmaster: Mark Hymers] Removed the following packages from oldstable: affs-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el ata-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el btrfs-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el cdrom-core-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el compress-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el crc-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el crypto-dm-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el crypto-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el event-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el ext4-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el fat-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el fb-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el fuse-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el hfs-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el i2c-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el input-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el isofs-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el jfs-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el kernel-image-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el linux-headers-4.19.0-16-all-mips64el | 4.19.181-1 | mips64el loop-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el md-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el minix-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el mmc-core-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el mmc-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el mouse-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el mtd-core-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el multipath-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el nbd-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el nic-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el nic-shared-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el nic-usb-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el nic-wireless-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el pata-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el ppp-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el sata-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el scsi-core-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el scsi-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el scsi-nic-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el sound-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el squashfs-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el udf-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el usb-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el usb-serial-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el usb-storage-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el xfs-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el zlib-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 09 Oct 2021 10:13:24 -0000] [ftpmaster: Mark Hymers] Removed the following packages from oldstable: affs-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel ata-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel btrfs-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel cdrom-core-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel compress-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel crc-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel crypto-dm-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel crypto-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel event-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel ext4-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel fat-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel fb-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel firewire-core-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel fuse-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel hfs-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel input-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel isofs-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel jfs-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel kernel-image-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel linux-headers-4.19.0-16-loongson-3 | 4.19.181-1 | mips64el, mipsel linux-image-4.19.0-16-loongson-3 | 4.19.181-1 | mips64el, mipsel linux-image-4.19.0-16-loongson-3-dbg | 4.19.181-1 | mips64el, mipsel loop-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel md-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel minix-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel mtd-core-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel multipath-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel nbd-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel nfs-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel nic-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel nic-shared-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel nic-usb-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel nic-wireless-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel pata-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel ppp-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel sata-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel scsi-core-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel scsi-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel scsi-nic-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel sound-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel speakup-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel squashfs-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel udf-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel usb-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel usb-serial-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel usb-storage-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel xfs-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel zlib-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 09 Oct 2021 10:13:31 -0000] [ftpmaster: Mark Hymers] Removed the following packages from oldstable: acpi-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 ata-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 btrfs-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 cdrom-core-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 compress-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 crc-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 crypto-dm-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 crypto-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 efi-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 event-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 ext4-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 fat-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 fb-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 firewire-core-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 fuse-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 i2c-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 input-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 isofs-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 jfs-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 kernel-image-4.19.0-16-amd64-di | 4.19.181-1 | amd64 linux-image-4.19.0-16-amd64 | 4.19.181-1 | amd64 linux-image-4.19.0-16-cloud-amd64 | 4.19.181-1 | amd64 linux-image-4.19.0-16-rt-amd64 | 4.19.181-1 | amd64 loop-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 md-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 mmc-core-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 mmc-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 mouse-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 mtd-core-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 multipath-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 nbd-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 nic-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 nic-pcmcia-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 nic-shared-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 nic-usb-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 nic-wireless-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 pata-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 pcmcia-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 pcmcia-storage-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 ppp-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 sata-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 scsi-core-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 scsi-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 scsi-nic-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 serial-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 sound-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 speakup-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 squashfs-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 udf-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 uinput-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 usb-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 usb-serial-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 usb-storage-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 xfs-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux-signed-amd64) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 09 Oct 2021 10:13:39 -0000] [ftpmaster: Mark Hymers] Removed the following packages from oldstable: ata-modules-4.19.0-16-arm64-di | 4.19.181-1 | arm64 btrfs-modules-4.19.0-16-arm64-di | 4.19.181-1 | arm64 cdrom-core-modules-4.19.0-16-arm64-di | 4.19.181-1 | arm64 compress-modules-4.19.0-16-arm64-di | 4.19.181-1 | arm64 crc-modules-4.19.0-16-arm64-di | 4.19.181-1 | arm64 crypto-dm-modules-4.19.0-16-arm64-di | 4.19.181-1 | arm64 crypto-modules-4.19.0-16-arm64-di | 4.19.181-1 | arm64 efi-modules-4.19.0-16-arm64-di | 4.19.181-1 | arm64 event-modules-4.19.0-16-arm64-di | 4.19.181-1 | arm64 ext4-modules-4.19.0-16-arm64-di | 4.19.181-1 | arm64 fat-modules-4.19.0-16-arm64-di | 4.19.181-1 | arm64 fb-modules-4.19.0-16-arm64-di | 4.19.181-1 | arm64 fuse-modules-4.19.0-16-arm64-di | 4.19.181-1 | arm64 i2c-modules-4.19.0-16-arm64-di | 4.19.181-1 | arm64 input-modules-4.19.0-16-arm64-di | 4.19.181-1 | arm64 isofs-modules-4.19.0-16-arm64-di | 4.19.181-1 | arm64 jfs-modules-4.19.0-16-arm64-di | 4.19.181-1 | arm64 kernel-image-4.19.0-16-arm64-di | 4.19.181-1 | arm64 leds-modules-4.19.0-16-arm64-di | 4.19.181-1 | arm64 linux-image-4.19.0-16-arm64 | 4.19.181-1 | arm64 linux-image-4.19.0-16-rt-arm64 | 4.19.181-1 | arm64 loop-modules-4.19.0-16-arm64-di | 4.19.181-1 | arm64 md-modules-4.19.0-16-arm64-di | 4.19.181-1 | arm64 mmc-modules-4.19.0-16-arm64-di | 4.19.181-1 | arm64 mtd-core-modules-4.19.0-16-arm64-di | 4.19.181-1 | arm64 multipath-modules-4.19.0-16-arm64-di | 4.19.181-1 | arm64 nbd-modules-4.19.0-16-arm64-di | 4.19.181-1 | arm64 nic-modules-4.19.0-16-arm64-di | 4.19.181-1 | arm64 nic-shared-modules-4.19.0-16-arm64-di | 4.19.181-1 | arm64 nic-usb-modules-4.19.0-16-arm64-di | 4.19.181-1 | arm64 nic-wireless-modules-4.19.0-16-arm64-di | 4.19.181-1 | arm64 ppp-modules-4.19.0-16-arm64-di | 4.19.181-1 | arm64 sata-modules-4.19.0-16-arm64-di | 4.19.181-1 | arm64 scsi-core-modules-4.19.0-16-arm64-di | 4.19.181-1 | arm64 scsi-modules-4.19.0-16-arm64-di | 4.19.181-1 | arm64 scsi-nic-modules-4.19.0-16-arm64-di | 4.19.181-1 | arm64 squashfs-modules-4.19.0-16-arm64-di | 4.19.181-1 | arm64 udf-modules-4.19.0-16-arm64-di | 4.19.181-1 | arm64 uinput-modules-4.19.0-16-arm64-di | 4.19.181-1 | arm64 usb-modules-4.19.0-16-arm64-di | 4.19.181-1 | arm64 usb-serial-modules-4.19.0-16-arm64-di | 4.19.181-1 | arm64 usb-storage-modules-4.19.0-16-arm64-di | 4.19.181-1 | arm64 xfs-modules-4.19.0-16-arm64-di | 4.19.181-1 | arm64 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux-signed-arm64) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 09 Oct 2021 10:13:47 -0000] [ftpmaster: Mark Hymers] Removed the following packages from oldstable: acpi-modules-4.19.0-16-686-di | 4.19.181-1 | i386 acpi-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 ata-modules-4.19.0-16-686-di | 4.19.181-1 | i386 ata-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 btrfs-modules-4.19.0-16-686-di | 4.19.181-1 | i386 btrfs-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 cdrom-core-modules-4.19.0-16-686-di | 4.19.181-1 | i386 cdrom-core-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 compress-modules-4.19.0-16-686-di | 4.19.181-1 | i386 compress-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 crc-modules-4.19.0-16-686-di | 4.19.181-1 | i386 crc-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 crypto-dm-modules-4.19.0-16-686-di | 4.19.181-1 | i386 crypto-dm-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 crypto-modules-4.19.0-16-686-di | 4.19.181-1 | i386 crypto-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 efi-modules-4.19.0-16-686-di | 4.19.181-1 | i386 efi-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 event-modules-4.19.0-16-686-di | 4.19.181-1 | i386 event-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 ext4-modules-4.19.0-16-686-di | 4.19.181-1 | i386 ext4-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 fat-modules-4.19.0-16-686-di | 4.19.181-1 | i386 fat-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 fb-modules-4.19.0-16-686-di | 4.19.181-1 | i386 fb-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 firewire-core-modules-4.19.0-16-686-di | 4.19.181-1 | i386 firewire-core-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 fuse-modules-4.19.0-16-686-di | 4.19.181-1 | i386 fuse-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 i2c-modules-4.19.0-16-686-di | 4.19.181-1 | i386 i2c-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 input-modules-4.19.0-16-686-di | 4.19.181-1 | i386 input-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 isofs-modules-4.19.0-16-686-di | 4.19.181-1 | i386 isofs-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 jfs-modules-4.19.0-16-686-di | 4.19.181-1 | i386 jfs-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 kernel-image-4.19.0-16-686-di | 4.19.181-1 | i386 kernel-image-4.19.0-16-686-pae-di | 4.19.181-1 | i386 linux-image-4.19.0-16-686 | 4.19.181-1 | i386 linux-image-4.19.0-16-686-pae | 4.19.181-1 | i386 linux-image-4.19.0-16-rt-686-pae | 4.19.181-1 | i386 loop-modules-4.19.0-16-686-di | 4.19.181-1 | i386 loop-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 md-modules-4.19.0-16-686-di | 4.19.181-1 | i386 md-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 mmc-core-modules-4.19.0-16-686-di | 4.19.181-1 | i386 mmc-core-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 mmc-modules-4.19.0-16-686-di | 4.19.181-1 | i386 mmc-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 mouse-modules-4.19.0-16-686-di | 4.19.181-1 | i386 mouse-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 mtd-core-modules-4.19.0-16-686-di | 4.19.181-1 | i386 mtd-core-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 multipath-modules-4.19.0-16-686-di | 4.19.181-1 | i386 multipath-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 nbd-modules-4.19.0-16-686-di | 4.19.181-1 | i386 nbd-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 nic-modules-4.19.0-16-686-di | 4.19.181-1 | i386 nic-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 nic-pcmcia-modules-4.19.0-16-686-di | 4.19.181-1 | i386 nic-pcmcia-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 nic-shared-modules-4.19.0-16-686-di | 4.19.181-1 | i386 nic-shared-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 nic-usb-modules-4.19.0-16-686-di | 4.19.181-1 | i386 nic-usb-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 nic-wireless-modules-4.19.0-16-686-di | 4.19.181-1 | i386 nic-wireless-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 pata-modules-4.19.0-16-686-di | 4.19.181-1 | i386 pata-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 pcmcia-modules-4.19.0-16-686-di | 4.19.181-1 | i386 pcmcia-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 pcmcia-storage-modules-4.19.0-16-686-di | 4.19.181-1 | i386 pcmcia-storage-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 ppp-modules-4.19.0-16-686-di | 4.19.181-1 | i386 ppp-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 sata-modules-4.19.0-16-686-di | 4.19.181-1 | i386 sata-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 scsi-core-modules-4.19.0-16-686-di | 4.19.181-1 | i386 scsi-core-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 scsi-modules-4.19.0-16-686-di | 4.19.181-1 | i386 scsi-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 scsi-nic-modules-4.19.0-16-686-di | 4.19.181-1 | i386 scsi-nic-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 serial-modules-4.19.0-16-686-di | 4.19.181-1 | i386 serial-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 sound-modules-4.19.0-16-686-di | 4.19.181-1 | i386 sound-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 speakup-modules-4.19.0-16-686-di | 4.19.181-1 | i386 speakup-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 squashfs-modules-4.19.0-16-686-di | 4.19.181-1 | i386 squashfs-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 udf-modules-4.19.0-16-686-di | 4.19.181-1 | i386 udf-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 uinput-modules-4.19.0-16-686-di | 4.19.181-1 | i386 uinput-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 usb-modules-4.19.0-16-686-di | 4.19.181-1 | i386 usb-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 usb-serial-modules-4.19.0-16-686-di | 4.19.181-1 | i386 usb-serial-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 usb-storage-modules-4.19.0-16-686-di | 4.19.181-1 | i386 usb-storage-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 xfs-modules-4.19.0-16-686-di | 4.19.181-1 | i386 xfs-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux-signed-i386) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 09 Oct 2021 10:14:03 -0000] [ftpmaster: Mark Hymers] Removed the following packages from oldstable: linux-headers-4.19.0-16-common | 4.19.181-1 | all linux-headers-4.19.0-16-common-rt | 4.19.181-1 | all linux-support-4.19.0-16 | 4.19.181-1 | all ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux - based on source metadata) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 09 Oct 2021 10:03:38 -0000] [ftpmaster: Archive Administrator] Removed the following packages from oldstable: libprotocol-acme-perl | 1.01-3 | source, all Closed bugs: 990293 ------------------- Reason ------------------- RoQA; only supports obsolete ACME version 1 ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 09 Oct 2021 10:04:06 -0000] [ftpmaster: Archive Administrator] Removed the following packages from oldstable: birdtray | 1.5-1 | source, amd64, arm64, armel, armhf, i386, mips64el, ppc64el, s390x Closed bugs: 992193 ------------------- Reason ------------------- RoM; incompatible with newer Thunderbird versions ---------------------------------------------- ========================================================================= ansible (2.7.7+dfsg-1+deb10u1) buster-security; urgency=medium . [ Markus Koschany ] * CVE-2019-10156 * CVE-2019-10206 * CVE-2019-14846 * CVE-2019-14864 * CVE-2019-14904 * CVE-2020-10684 * CVE-2020-10685 * CVE-2020-10729 * CVE-2020-14330 * CVE-2020-14332 * CVE-2020-14365 * CVE-2020-1733 * CVE-2020-1735 * CVE-2020-1739 * CVE-2020-1740 * CVE-2020-1746 * CVE-2020-1753 * CVE-2021-20228 . [ Lee Garrett ] * Add python3-distutils to Depends (Closes: #962332) apache2 (2.4.38-3+deb10u5) buster-security; urgency=medium . * Fix "NULL pointer dereference on specially crafted HTTP/2 request" (Closes: #989562, CVE-2021-31618) * Fix various low security issues (Closes: CVE-2020-35452, CVE-2021-26690, CVE-2021-26691, CVE-2021-30641) and fix related test aspell (0.60.7~20110707-6+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the LTS Team. * CVE-2019-17544 It was discovered that Aspell incorrectly handled certain inputs which leads to a stack-based buffer over-read. An attacker could potentially access sensitive information. . [ Agustin Martin Domingo ] * CVE-2019-25051 (Closes: #991307) objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow atftp (0.7.git20120829-3.2~deb10u2) buster; urgency=medium . * Fix for CVE-2021-41054 (Closes: #994895) base-files (10.3+deb10u11) buster; urgency=medium . * Change /etc/debian_version to 10.11, for Debian 10.11 point release. bluez (5.50-1.2~deb10u2) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * shared/att: Fix possible crash on disconnect (CVE-2020-27153) * shared/gatt-server: Fix not properly checking for secure flags (CVE-2020-26558, CVE-2021-0129) (Closes: #989614) btrbk (0.27.1-1+deb10u1) buster; urgency=high . * Non-maintainer upload by the LTS Team. * CVE-2021-38173 fixes a security vulnerability which would have allowed for an arbitrary code execution c-ares (1.14.0-1+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * Missing input validation on hostnames returned by DNS servers (CVE-2021-3672) - ares_expand_name() should escape more characters - ares_expand_name(): fix formatting and handling of root name response clamav (0.103.3+dfsg-0+deb10u1) buster; urgency=medium . * Import 0.103.3 - Update symbol file. - Regression: clamdscan segfaults with --fdpass --multipass and ExcludePath (Closes: #988218). * Remove clamav user on purge (Closes: #987861). * Remove freshclam.dat on purge. clamav (0.103.2+dfsg-2) unstable; urgency=medium . * Remove deprecated option SafeBrowsing from debconf templates. clamav (0.103.2+dfsg-1) unstable; urgency=medium . * Import 0.103.2 - CVE-2021-1252 (Fix for Excel XLM parser infinite loop.) - CVE-2021-1404 (Fix for PDF parser buffer over-read; possible crash.) - CVE-2021-1405 (Fix for mail parser NULL-dereference crash.) - Update symbol file. (Closes: #986622). commons-io (2.6-2+deb10u1) buster; urgency=medium . * Team upload. * Fix CVE-2021-29425: When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value. cyrus-imapd (3.0.8-6+deb10u6) buster; urgency=medium . * Replace string hashing algorithm (Closes: #993433, CVE-2021-33582) debconf (1.5.71+deb10u1) buster; urgency=medium . * Check that whiptail or dialog is actually usable (closes: #985572). debian-installer (20190702+deb10u11) buster; urgency=medium . * Bump Linux ABI to 4.19.0-18. debian-installer-netboot-images (20190702+deb10u11) buster; urgency=medium . * Update to 20190702+deb10u11, from buster-proposed-updates. distcc (3.3.2-10+deb10u1) buster; urgency=medium . * Fix (again) update-distcc-symlinks script for gcc cross compiler and add clang symlinks (Closes: #919704) distro-info-data (0.41+deb10u4) buster; urgency=medium . * Update data to 0.51, without new columns: - Add estimated date for Buster EOL. - Correct the EOL date for Debian Jessie. - Add Debian 13 "Trixie", with a rough date. - Add Ubuntu 21.10, Impish Indri. - Move Ubuntu EoLs off weekends. - Validate that Ubuntu EoLs occur during the week. - Set bullseye's release date, bookworm's creation date, and buster's EoL date based on the updated planned bullseye release date. dwarf-fortress (0.44.12+dfsg1-0+deb10u1) buster; urgency=high . * Remove unnecessary code copies with license violations from source tarball. (Closes: #986119) dwarf-fortress (0.44.12-3) unstable; urgency=medium . * Keep gamelog.txt and errlog.txt in the user run directory * Fix bug that made the help screens inaccessible * Add recommends on libopenal1 * Bump Standards-Version . dwarf-fortress (0.44.12-2) experimental; urgency=medium . * Remove the need for unionfs-fuse * Move configuration files to $XDG_CONFIG_HOME dwarf-fortress (0.44.12-2) experimental; urgency=medium . * Remove the need for unionfs-fuse * Move configuration files to $XDG_CONFIG_HOME espeak-ng (1.49.2+dfsg-8+deb10u1) buster; urgency=medium . * patches/mbrola-fr4: Fix using espeak with mbrola-fr4 when mbrola-fr1 is not installed. exiv2 (0.25-4+deb10u2) buster-security; urgency=medium . * CVE-2021-31291 (Closes: #991705) The fix for CVE-2021-31291 also required to backport a few patches that fix some (harmless) CVEs alongside: - CVE-2019-20421 (Closes: #950183) - CVE-2021-3482 (Closes: #986888) - CVE-2021-29457 (Closes: #987277) - CVE-2021-29473 (Closes: #991705) * CVE-2021-31292 (Closes: #991706) firefox-esr (78.14.0esr-1~deb10u1) buster-security; urgency=medium . * New upstream release. * Fixes for mfsa2021-39, also known as CVE-2021-38493. . * debian/import-tar.py, debian/repack.py: Fixed for python 3.9. firefox-esr (78.13.0esr-1) unstable; urgency=medium . * New upstream release. * Fixes for mfsa2021-34, also known as: CVE-2021-29986, CVE-2021-29988, CVE-2021-29984, CVE-2021-29980, CVE-2021-29985, CVE-2021-29989. firefox-esr (78.13.0esr-1~deb11u1) bullseye-security; urgency=medium . * New upstream release. * Fixes for mfsa2021-34, also known as: CVE-2021-29986, CVE-2021-29988, CVE-2021-29984, CVE-2021-29980, CVE-2021-29985, CVE-2021-29989. firefox-esr (78.13.0esr-1~deb10u1) buster-security; urgency=medium . * New upstream release. * Fixes for mfsa2021-34, also known as: CVE-2021-29986, CVE-2021-29988, CVE-2021-29984, CVE-2021-29980, CVE-2021-29985, CVE-2021-29989. firefox-esr (78.12.0esr-1) unstable; urgency=medium . * New upstream release. * Fixes for mfsa2021-29, also known as: CVE-2021-29970, CVE-2021-30547, CVE-2021-29976. firefox-esr (78.12.0esr-1~deb10u1) buster-security; urgency=medium . * New upstream release. * Fixes for mfsa2021-29, also known as: CVE-2021-29970, CVE-2021-30547, CVE-2021-29976. firefox-esr (78.11.0esr-1) unstable; urgency=medium . * New upstream release. * Fixes for mfsa2021-24, also known as CVE-2021-29967. gcc-mingw-w64 (21.3~deb10u2) buster; urgency=medium . * Fix gcov handling: we need to tell GCC that we have headers, without telling it where, and then we need to correct its default assumption about where they are. Closes: #989862. LP: #1883933, #1920988. grilo (0.3.7-1+deb10u1) buster-security; urgency=high . * fix-tls-cert-validation.patch: - Fix TLS cert validation not being done for any network call (Closes: #992971, CVE-2021-39365). gthumb (3:3.6.2-4+deb10u1) buster; urgency=medium . * Non-maintainer upload by the LTS Team. * CVE-2019-20326 (Closes: #948197) A heap-based buffer overflow in _cairo_image_surface_create_from_jpeg() in extensions/cairo_io/cairo-image-surface-jpeg.c allows attackers to cause a crash and potentially execute arbitrary code via a crafted JPEG file. * additional fix in case orientation swaps width and height hg-git (0.8.12-1+deb10u1) buster; urgency=medium . * Team upload. * Cherry-pick relaxed output check in test suite (Closes: #933100) htslib (1.9-12~deb10u1) buster; urgency=medium . * Rebuild for buster. . htslib (1.9-12) unstable; urgency=medium . * Fix for the autopkgtest on i386 means we can re-enable it! (Closes: #942580) http-parser (2.8.1-1+deb10u1) buster; urgency=medium . * Cherry-pick "Support multi-coding Transfer-Encoding". Closes: #977467 [CVE-2019-15605] intel-microcode (3.20210608.2~deb10u1) buster-security; urgency=high . * SECURITY UPDATE with known possible regressions * Refer to the changelog entry for 3.20210608.1 for the list of security fixes in this release. * Possible regression: CoffeLake processors with signature 0x906ea *and* Intel Wireless LAN on-board - The Intel WiFi firmware might stop working, refer to: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/56 * Possible regression: Skylake R0/D0 (signatures 0x406e3 and 0x506e3), - Motherboards with severely outdated firmware where the UEFI/BIOS microcode revision is less than 0x80 may hang on boot. Refer to: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31 * Reintroduces all fixes (including several security updates) to Skylake D0/R0 that were temporarily disabled in past releases. Refer to changelog entries since (and including) 3.20200609.1 for the list of security fixes. . intel-microcode (3.20210608.2) unstable; urgency=high . * Correct INTEL-SA-00442 CVE id to CVE-2020-24489 in changelog and debian/changelog (3.20210608.1). . intel-microcode (3.20210608.1) unstable; urgency=high . * New upstream microcode datafile 20210608 (closes: #989615) * Implements mitigations for CVE-2020-24511 CVE-2020-24512 (INTEL-SA-00464), information leakage through shared resources, and timing discrepancy sidechannels * Implements mitigations for CVE-2020-24513 (INTEL-SA-00465), Domain-bypass transient execution vulnerability in some Intel Atom Processors, affects Intel SGX. * Implements mitigations for CVE-2020-24489 (INTEL-SA-00442), Intel VT-d privilege escalation * Fixes critical errata on several processors * New Microcodes: sig 0x00050655, pf_mask 0xb7, 2018-11-16, rev 0x3000010, size 47104 sig 0x000606a5, pf_mask 0x87, 2021-03-08, rev 0xc0002f0, size 283648 sig 0x000606a6, pf_mask 0x87, 2021-04-25, rev 0xd0002a0, size 283648 sig 0x00080664, pf_mask 0x01, 2021-02-17, rev 0xb00000f, size 130048 sig 0x00080665, pf_mask 0x01, 2021-02-17, rev 0xb00000f, size 130048 sig 0x000806c1, pf_mask 0x80, 2021-03-31, rev 0x0088, size 109568 sig 0x000806c2, pf_mask 0xc2, 2021-04-07, rev 0x0016, size 94208 sig 0x000806d1, pf_mask 0xc2, 2021-04-23, rev 0x002c, size 99328 sig 0x00090661, pf_mask 0x01, 2021-02-04, rev 0x0011, size 19456 sig 0x000906c0, pf_mask 0x01, 2021-03-23, rev 0x001d, size 19456 sig 0x000a0671, pf_mask 0x02, 2021-04-11, rev 0x0040, size 100352 * Updated Microcodes: sig 0x000306f2, pf_mask 0x6f, 2021-01-27, rev 0x0046, size 34816 sig 0x000306f4, pf_mask 0x80, 2021-02-05, rev 0x0019, size 19456 sig 0x000406e3, pf_mask 0xc0, 2021-01-25, rev 0x00ea, size 105472 sig 0x000406f1, pf_mask 0xef, 2021-02-06, rev 0xb00003e, size 31744 sig 0x00050653, pf_mask 0x97, 2021-03-08, rev 0x100015b, size 34816 sig 0x00050654, pf_mask 0xb7, 2021-03-08, rev 0x2006b06, size 36864 sig 0x00050656, pf_mask 0xbf, 2021-03-08, rev 0x4003102, size 30720 sig 0x00050657, pf_mask 0xbf, 2021-03-08, rev 0x5003102, size 30720 sig 0x0005065b, pf_mask 0xbf, 2021-04-23, rev 0x7002302, size 27648 sig 0x00050663, pf_mask 0x10, 2021-02-04, rev 0x700001b, size 24576 sig 0x00050664, pf_mask 0x10, 2021-02-04, rev 0xf000019, size 24576 sig 0x00050665, pf_mask 0x10, 2021-02-04, rev 0xe000012, size 19456 sig 0x000506c9, pf_mask 0x03, 2020-10-23, rev 0x0044, size 17408 sig 0x000506ca, pf_mask 0x03, 2020-10-23, rev 0x0020, size 15360 sig 0x000506e3, pf_mask 0x36, 2021-01-25, rev 0x00ea, size 105472 sig 0x000506f1, pf_mask 0x01, 2020-10-23, rev 0x0034, size 11264 sig 0x000706a1, pf_mask 0x01, 2020-10-23, rev 0x0036, size 74752 sig 0x000706a8, pf_mask 0x01, 2020-10-23, rev 0x001a, size 75776 sig 0x000706e5, pf_mask 0x80, 2020-11-01, rev 0x00a6, size 110592 sig 0x000806a1, pf_mask 0x10, 2020-11-06, rev 0x002a, size 32768 sig 0x000806e9, pf_mask 0x10, 2021-01-05, rev 0x00ea, size 104448 sig 0x000806e9, pf_mask 0xc0, 2021-01-05, rev 0x00ea, size 104448 sig 0x000806ea, pf_mask 0xc0, 2021-01-06, rev 0x00ea, size 103424 sig 0x000806eb, pf_mask 0xd0, 2021-01-05, rev 0x00ea, size 104448 sig 0x000806ec, pf_mask 0x94, 2021-01-05, rev 0x00ea, size 104448 sig 0x000906e9, pf_mask 0x2a, 2021-01-05, rev 0x00ea, size 104448 sig 0x000906ea, pf_mask 0x22, 2021-01-05, rev 0x00ea, size 102400 sig 0x000906eb, pf_mask 0x02, 2021-01-05, rev 0x00ea, size 104448 sig 0x000906ec, pf_mask 0x22, 2021-01-05, rev 0x00ea, size 103424 sig 0x000906ed, pf_mask 0x22, 2021-01-05, rev 0x00ea, size 103424 sig 0x000a0652, pf_mask 0x20, 2021-02-07, rev 0x00ea, size 93184 sig 0x000a0653, pf_mask 0x22, 2021-03-08, rev 0x00ea, size 94208 sig 0x000a0655, pf_mask 0x22, 2021-03-08, rev 0x00ec, size 94208 sig 0x000a0660, pf_mask 0x80, 2020-12-08, rev 0x00e8, size 94208 sig 0x000a0661, pf_mask 0x80, 2021-02-07, rev 0x00ea, size 93184 * source: update symlinks to reflect id of the latest release, 20210608 intel-microcode (3.20210608.1) unstable; urgency=high . * New upstream microcode datafile 20210608 (closes: #989615) * Implements mitigations for CVE-2020-24511 CVE-2020-24512 (INTEL-SA-00464), information leakage through shared resources, and timing discrepancy sidechannels * Implements mitigations for CVE-2020-24513 (INTEL-SA-00465), Domain-bypass transient execution vulnerability in some Intel Atom Processors, affects Intel SGX. * Implements mitigations for CVE-2021-24489 (INTEL-SA-00442), Intel VT-d privilege escalation * Fixes critical errata on several processors * New Microcodes: sig 0x00050655, pf_mask 0xb7, 2018-11-16, rev 0x3000010, size 47104 sig 0x000606a5, pf_mask 0x87, 2021-03-08, rev 0xc0002f0, size 283648 sig 0x000606a6, pf_mask 0x87, 2021-04-25, rev 0xd0002a0, size 283648 sig 0x00080664, pf_mask 0x01, 2021-02-17, rev 0xb00000f, size 130048 sig 0x00080665, pf_mask 0x01, 2021-02-17, rev 0xb00000f, size 130048 sig 0x000806c1, pf_mask 0x80, 2021-03-31, rev 0x0088, size 109568 sig 0x000806c2, pf_mask 0xc2, 2021-04-07, rev 0x0016, size 94208 sig 0x000806d1, pf_mask 0xc2, 2021-04-23, rev 0x002c, size 99328 sig 0x00090661, pf_mask 0x01, 2021-02-04, rev 0x0011, size 19456 sig 0x000906c0, pf_mask 0x01, 2021-03-23, rev 0x001d, size 19456 sig 0x000a0671, pf_mask 0x02, 2021-04-11, rev 0x0040, size 100352 * Updated Microcodes: sig 0x000306f2, pf_mask 0x6f, 2021-01-27, rev 0x0046, size 34816 sig 0x000306f4, pf_mask 0x80, 2021-02-05, rev 0x0019, size 19456 sig 0x000406e3, pf_mask 0xc0, 2021-01-25, rev 0x00ea, size 105472 sig 0x000406f1, pf_mask 0xef, 2021-02-06, rev 0xb00003e, size 31744 sig 0x00050653, pf_mask 0x97, 2021-03-08, rev 0x100015b, size 34816 sig 0x00050654, pf_mask 0xb7, 2021-03-08, rev 0x2006b06, size 36864 sig 0x00050656, pf_mask 0xbf, 2021-03-08, rev 0x4003102, size 30720 sig 0x00050657, pf_mask 0xbf, 2021-03-08, rev 0x5003102, size 30720 sig 0x0005065b, pf_mask 0xbf, 2021-04-23, rev 0x7002302, size 27648 sig 0x00050663, pf_mask 0x10, 2021-02-04, rev 0x700001b, size 24576 sig 0x00050664, pf_mask 0x10, 2021-02-04, rev 0xf000019, size 24576 sig 0x00050665, pf_mask 0x10, 2021-02-04, rev 0xe000012, size 19456 sig 0x000506c9, pf_mask 0x03, 2020-10-23, rev 0x0044, size 17408 sig 0x000506ca, pf_mask 0x03, 2020-10-23, rev 0x0020, size 15360 sig 0x000506e3, pf_mask 0x36, 2021-01-25, rev 0x00ea, size 105472 sig 0x000506f1, pf_mask 0x01, 2020-10-23, rev 0x0034, size 11264 sig 0x000706a1, pf_mask 0x01, 2020-10-23, rev 0x0036, size 74752 sig 0x000706a8, pf_mask 0x01, 2020-10-23, rev 0x001a, size 75776 sig 0x000706e5, pf_mask 0x80, 2020-11-01, rev 0x00a6, size 110592 sig 0x000806a1, pf_mask 0x10, 2020-11-06, rev 0x002a, size 32768 sig 0x000806e9, pf_mask 0x10, 2021-01-05, rev 0x00ea, size 104448 sig 0x000806e9, pf_mask 0xc0, 2021-01-05, rev 0x00ea, size 104448 sig 0x000806ea, pf_mask 0xc0, 2021-01-06, rev 0x00ea, size 103424 sig 0x000806eb, pf_mask 0xd0, 2021-01-05, rev 0x00ea, size 104448 sig 0x000806ec, pf_mask 0x94, 2021-01-05, rev 0x00ea, size 104448 sig 0x000906e9, pf_mask 0x2a, 2021-01-05, rev 0x00ea, size 104448 sig 0x000906ea, pf_mask 0x22, 2021-01-05, rev 0x00ea, size 102400 sig 0x000906eb, pf_mask 0x02, 2021-01-05, rev 0x00ea, size 104448 sig 0x000906ec, pf_mask 0x22, 2021-01-05, rev 0x00ea, size 103424 sig 0x000906ed, pf_mask 0x22, 2021-01-05, rev 0x00ea, size 103424 sig 0x000a0652, pf_mask 0x20, 2021-02-07, rev 0x00ea, size 93184 sig 0x000a0653, pf_mask 0x22, 2021-03-08, rev 0x00ea, size 94208 sig 0x000a0655, pf_mask 0x22, 2021-03-08, rev 0x00ec, size 94208 sig 0x000a0660, pf_mask 0x80, 2020-12-08, rev 0x00e8, size 94208 sig 0x000a0661, pf_mask 0x80, 2021-02-07, rev 0x00ea, size 93184 * source: update symlinks to reflect id of the latest release, 20210608 intel-microcode (3.20210216.1) unstable; urgency=medium . * New upstream microcode datafile 20210216 * Mitigates an issue on Skylake Server (H0/M0/U0), Xeon-D 21xx, and Cascade Lake Server (B0/B1) when using an active JTAG agent like In Target Probe (ITP), Direct Connect Interface (DCI) or a Baseboard Management Controller (BMC) to take the CPU JTAG/TAP out of reset and then returning it to reset. * This issue is related to the INTEL-SA-00381 mitigation. * Updated Microcodes: sig 0x00050654, pf_mask 0xb7, 2020-12-31, rev 0x2006a0a, size 36864 sig 0x00050656, pf_mask 0xbf, 2020-12-31, rev 0x4003006, size 53248 sig 0x00050657, pf_mask 0xbf, 2020-12-31, rev 0x5003006, size 53248 * source: update symlinks to reflect id of the latest release, 20210216 irssi (1.2.0-2+deb10u1) buster; urgency=medium . * Import upstream security fix for CVE-2019-13045 (closes: #931264) java-atk-wrapper (0.33.3-22+deb10u1) buster; urgency=medium . * patches/dbus: Also detect at-spi through dbus. jetty9 (9.4.16-0+deb10u1) buster-security; urgency=high . * Team upload. * New upstream version 9.4.16. - Fix CVE-2019-10241: The server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents. - Fix CVE-2019-10247: The server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches the requested path. The default server behavior on jetty-distribution and jetty-home will include at the end of the Handler tree a DefaultHandler, which is responsible for reporting this 404 error, it presents the various configured contexts as HTML for users to click through to. This produced HTML includes output that contains the configured fully qualified directory base resource location for each context. * Fix CVE-2020-27216: On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. * Fix CVE-2020-27223: Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values. * Fix CVE-2020-28165: CPU usage can reach 100% upon receiving a large invalid TLS frame. * Fix CVE-2020-28169: It is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. * Fix CVE-2021-34428: If an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. krb5 (1.17-3+deb10u3) buster; urgency=high . * Fix KDC null dereference crash on FAST request with no server field, CVE-2021-37750, Closes: #992607 * Fix memory leak in krb5_gss_inquire_cred, Closes: #991140 krb5 (1.17-3+deb10u2) buster-security; urgency=high . * Import upstream patch for CVE-2021-36222, Closes: #991365 ledgersmb (1.6.9+ds-1+deb10u3) buster-security; urgency=medium . * Fix a regression in the display of some search results ledgersmb (1.6.9+ds-1+deb10u2) buster-security; urgency=medium . * Fix CVE-2021-3731, thanks for Erik Huelsmann ledgersmb (1.6.9+ds-1+deb10u1) buster-security; urgency=medium . * Fix CVE-2021-3693 and CVE-2021-3694, thanks to Erik Huelsmann lemonldap-ng (2.0.2+ds-7+deb10u6) buster-security; urgency=medium . * Fix session cache corruption (Closes: CVE-2021-06-25) * Fix trusted domain wildcard * Fix trusted domain regexp * Don't display TOTP secret to owner, neither in debug logs libdatetime-timezone-perl (1:2.23-1+2021b) buster; urgency=medium . * Update to Olson database version 2021b. This update includes contemporary changes for Jordan and Samoa. libpam-tacplus (1.3.8-2+deb10u1) buster; urgency=medium . * Non-maintainer upload by the LTS team. * CVE-2020-13881: Prevent shared secrets (such as private server keys) from being added in plaintext to the system log. libsndfile (1.0.28-6+deb10u1) buster-security; urgency=medium . * CVE-021-3246 (Closes: #991496) libspf2 (1.2.10-7.1~deb10u1) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * Rebuild for buster-security. . libspf2 (1.2.10-7.1) unstable; urgency=medium . * Non-maintainer upload. * spf_compile.c: Correct size of ds_avail (CVE-2021-20314) * Sanity check for sprintf * Fixed 'reverse' macro modifier libuv1 (1.24.1-1+deb10u1) buster-security; urgency=high . * add patch for CVE-2021-22918 (Closes: #990561) * For buster, this patch also tweaks tests so they can be compiled. (because of a missing macro and "static" declaration) linux (4.19.208-1) buster; urgency=medium . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.195 - perf/core: Fix endless multiplex timer - net/nfc/rawsock.c: fix a permission check bug - [x86] ASoC: Intel: bytcr_rt5640: Add quirk for the Glavey TM800A550L tablet - [x86] ASoC: Intel: bytcr_rt5640: Add quirk for the Lenovo Miix 3-830 tablet - bonding: init notify_work earlier to avoid uninitialized use - netlink: disable IRQs for netlink_lock_table() - net: mdiobus: get rid of a BUG_ON() - cgroup: disable controllers at parse time - wq: handle VM suspension in stall detection - net/qla3xxx: fix schedule while atomic in ql_sem_spinlock - RDS tcp loopback connection can hang - scsi: bnx2fc: Return failure if io_req is already in ABTS processing - [x86] scsi: vmw_pvscsi: Set correct residual data length - scsi: target: qla2xxx: Wait for stop_phase1 at WWN removal - [arm64] net: macb: ensure the device is available before accessing GEMGXL control registers - nvme-fabrics: decode host pathing error for connect - [mips*] Fix kernel hang under FUNCTION_GRAPH_TRACER and PREEMPT_TRACER - bnx2x: Fix missing error code in bnx2x_iov_init_one() - [powerpc*] i2c: mpc: Make use of i2c_recover_bus() - [powerpc*] i2c: mpc: implement erratum A-004447 workaround - drm: Fix use-after-free read in drm_getunique() - drm: Lock pointer access in drm_master_release() - kvm: avoid speculation-based attacks from out-of-range memslot accesses - [arm64,x86] staging: rtl8723bs: Fix uninitialized variables - btrfs: return value from btrfs_mark_extent_written() in case of error - cgroup1: don't allow '\n' in renaming - USB: f_ncm: ncm_bitrate (speed) is unsigned - usb: f_ncm: only first packet of aggregate needs to start timer - usb: pd: Set PD_T_SINK_WAIT_CAP to 310ms - [arm64,armhf] usb: dwc3: ep0: fix NULL pointer exception - [x86] usb: typec: ucsi: Clear PPM capability data in ucsi_init() error path - usb: gadget: f_fs: Ensure io_completion_wq is idle during unbind - USB: serial: ftdi_sio: add NovaTech OrionMX product ID - USB: serial: omninet: add device id for Zyxel Omni 56K Plus - USB: serial: quatech2: fix control-request directions - USB: serial: cp210x: fix alternate function for CP2102N QFN20 - usb: gadget: eem: fix wrong eem header operation - usb: fix various gadgets null ptr deref on 10gbps cabling. - usb: fix various gadget panics on 10gbps cabling - regulator: core: resolve supply for boot-on/always-on regulators - [arm64] regulator: max77620: Use device_set_of_node_from_dev() - RDMA/mlx4: Do not map the core_clock page to user space unless enabled - perf: Fix data race between pin_count increment/decrement - sched/fair: Make sure to update tg contrib for blocked load - IB/mlx5: Fix initializing CQ fragments buffer - NFS: Fix a potential NULL dereference in nfs_get_client() - NFSv4: Fix deadlock between nfs4_evict_inode() and nfs4_opendata_get_inode() - perf session: Correct buffer copying when peeking events - kvm: fix previous commit for 32-bit builds - NFS: Fix use-after-free in nfs4_init_client() - NFSv4: Fix second deadlock in nfs4_evict_inode() - NFSv4: nfs4_proc_set_acl needs to restore NFS_CAP_UIDGID_NOMAP on error. - scsi: core: Fix error handling of scsi_host_alloc() - scsi: core: Put .shost_dev in failure path if host state changes to RUNNING - scsi: core: Only put parent device if host state differs from SHOST_CREATED - ftrace: Do not blindly read the ip address in ftrace_bug() - tracing: Correct the length check which causes memory corruption - proc: only require mm_struct for writing https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.196 - net: ieee802154: fix null deref in parse dev addr - HID: quirks: Set INCREMENT_USAGE_ON_DUPLICATE for Saitek X65 - HID: hid-sensor-hub: Return error for hid_set_field() failure - HID: Add BUS_VIRTUAL to hid_connect logging - HID: usbhid: fix info leak in hid_submit_ctrl - gfs2: Prevent direct-I/O write fallback errors from getting lost - gfs2: Fix use-after-free in gfs2_glock_shrink_scan - scsi: target: core: Fix warning on realtime kernels - ethernet: myri10ge: Fix missing error code in myri10ge_probe() - scsi: scsi_devinfo: Add blacklist entry for HPE OPEN-V - net: ipconfig: Don't override command-line hostnames or domains - rtnetlink: Fix missing error code in rtnl_bridge_notify() - net: Return the correct errno code - fib: Return the correct errno code - afs: Fix an IS_ERR() vs NULL check - mm/memory-failure: make sure wait for page writeback in memory_failure - batman-adv: Avoid WARN_ON timing related checks - net: ipv4: fix memory leak in netlbl_cipsov4_add_std - net: rds: fix memory leak in rds_recvmsg - udp: fix race between close() and udp_abort() - rtnetlink: Fix regression in bridge VLAN configuration - net/mlx5e: Block offload of outer header csum for UDP tunnels - netfilter: synproxy: Fix out of bounds when parsing TCP options - sch_cake: Fix out of bounds when parsing TCP options and header - alx: Fix an error handling path in 'alx_probe()' - net: stmmac: dwmac1000: Fix extended MAC address registers definition - net: add documentation to socket.c - net: make get_net_ns return error if NET_NS is disabled - qlcnic: Fix an error handling path in 'qlcnic_probe()' - netxen_nic: Fix an error handling path in 'netxen_nic_probe()' - ptp: ptp_clock: Publish scaled_ppm_to_ppb - ptp: improve max_adj check against unreasonable values - net: cdc_ncm: switch to eth%d interface naming - net: usb: fix possible use-after-free in smsc75xx_bind - [armhf] net: fec_ptp: fix issue caused by refactor the fec_devtype - net: ipv4: fix memory leak in ip_mc_add1_src - net/af_unix: fix a data-race in unix_dgram_sendmsg / unix_release_sock - be2net: Fix an error handling path in 'be_probe()' - net: hamradio: fix memory leak in mkiss_close - net: cdc_eem: fix tx fixup skb leak - icmp: don't send out ICMP messages with a source address of 0.0.0.0 - radeon: use memcpy_to/fromio for UVD fw upload - hwmon: (scpi-hwmon) shows the negative temperature properly - can: mcba_usb: fix memory leak in mcba_usb - usb: core: hub: Disable autosuspend for Cypress CY7C65632 - tracing: Do not stop recording cmdlines when tracing is off - tracing: Do not stop recording comms if the trace file is being read - tracing: Do no increment trace_clock_global() by one - PCI: Mark TI C667X to avoid bus reset - PCI: Mark some NVIDIA GPUs to avoid bus reset - PCI: Add ACS quirk for Broadcom BCM57414 NIC - PCI: Work around Huawei Intelligent NIC VF FLR erratum - [arm64,armhf] dmaengine: pl330: fix wrong usage of spinlock flags in dma_cyclc - net: bridge: fix vlan tunnel dst null pointer dereference - net: bridge: fix vlan tunnel dst refcnt when egressing - mm/slub: clarify verification reporting - mm/slub.c: include swab.h - [armhf] net: fec_ptp: add clock rate zero check - [arm64,armhf] KVM: arm/arm64: Fix KVM_VGIC_V3_ADDR_TYPE_REDIST read - can: bcm/raw/isotp: use per module netdevice notifier - inet: use bigger hash table for IP ID generation - [arm64,armhf] usb: dwc3: debugfs: Add and remove endpoint dirs dynamically - [arm64,armhf] usb: dwc3: core: fix kernel panic when do reboot - [x86] fpu: Reset state for all signal restore failures - module: limit enabling module.sig_enforce (CVE-2021-35039) - drm/nouveau: wait for moving fence after pinning v2 - drm/radeon: wait for moving fence after pinning - Revert "PCI: PM: Do not read power state in pci_enable_device_flags()" - mac80211: remove warning in ieee80211_get_sband() - cfg80211: call cfg80211_leave_ocb when switching away from OCB - mac80211: drop multicast fragments - net: ethtool: clear heap allocations for ethtool function - ping: Check return value of function 'ping_queue_rcv_skb' - inet: annotate date races around sk->sk_txhash - net/packet: annotate accesses to po->bind - net/packet: annotate accesses to po->ifindex - r8152: Avoid memcpy() over-reading of ETH_SS_STATS - r8169: Avoid memcpy() over-reading of ETH_SS_STATS - net: qed: Fix memcpy() overflow of qed_dcbx_params() - [x86] PCI: Add AMD RS690 quirk to enable 64-bit DMA - nilfs2: fix memory leak in nilfs_sysfs_delete_device_group - i2c: robotfuzz-osif: fix control-request directions https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.197 - mm: add VM_WARN_ON_ONCE_PAGE() macro - mm/rmap: remove unneeded semicolon in page_not_mapped() - mm/rmap: use page_not_mapped in try_to_unmap() - mm/thp: fix __split_huge_pmd_locked() on shmem migration entry - mm/thp: make is_huge_zero_pmd() safe and quicker - mm/thp: try_to_unmap() use TTU_SYNC for safe splitting - mm/thp: fix vma_address() if virtual address below file offset - mm/thp: fix page_address_in_vma() on file THP tails - mm/thp: unmap_mapping_page() to fix THP truncate_cleanup_page() - mm: thp: replace DEBUG_VM BUG with VM_WARN when unmap fails for split - mm: page_vma_mapped_walk(): use page for pvmw->page - mm: page_vma_mapped_walk(): settle PageHuge on entry - mm: page_vma_mapped_walk(): use pmde for *pvmw->pmd - mm: page_vma_mapped_walk(): prettify PVMW_MIGRATION block - mm: page_vma_mapped_walk(): crossing page table boundary - mm: page_vma_mapped_walk(): add a level of indentation - mm: page_vma_mapped_walk(): use goto instead of while (1) - mm: page_vma_mapped_walk(): get vma_address_end() earlier - mm/thp: fix page_vma_mapped_walk() if THP mapped by ptes - mm/thp: another PVMW_SYNC fix in page_vma_mapped_walk() - mm, futex: fix shared futex pgoff on shmem huge page - scsi: sr: Return appropriate error code when disk is ejected - drm/nouveau: fix dma_address check for CPU/GPU sync - ext4: eliminate bogus error in ext4_data_block_valid_rcu() - kthread_worker: split code for canceling the delayed work timer - kthread: prevent deadlock when kthread_mod_delayed_work() races with kthread_cancel_delayed_work_sync() - xen/events: reset active flag for lateeoi events later - [x86] KVM: SVM: Call SEV Guest Decommission if ASID binding fails - [armhf] OMAP: replace setup_irq() by request_irq() - [armhf] clocksource/drivers/timer-ti-dm: Add clockevent and clocksource support - [armhf] clocksource/drivers/timer-ti-dm: Prepare to handle dra7 timer wrap issue - [armhf] clocksource/drivers/timer-ti-dm: Handle dra7 timer wrap errata i940 https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.198 - scsi: core: Retry I/O for Notify (Enable Spinup) Required error - ALSA: usb-audio: fix rate on Ozone Z90 USB headset - ALSA: usb-audio: Fix OOB access at proc output - media: dvb-usb: fix wrong definition - Input: usbtouchscreen - fix control-request directions - net: can: ems_usb: fix use-after-free in ems_usb_disconnect() - usb: gadget: eem: fix echo command packet response issue - USB: cdc-acm: blacklist Heimann USB Appset device - [arm64,armhf] usb: dwc3: Fix debugfs creation flow - [x86] usb: typec: Add the missed altmode_id_remove() in typec_register_altmode() - xhci: solve a double free problem while doing s4 - iov_iter_fault_in_readable() should do nothing in xarray case - Input: joydev - prevent use of not validated data in JSIOCSBTNMAP ioctl (CVE-2021-3612) - [armel,armhf] arm_pmu: Fix write counter incorrect in ARMv7 big-endian mode - btrfs: send: fix invalid path for unlink operations after parent orphanization - btrfs: clear defrag status of a root if starting transaction fails - ext4: cleanup in-core orphan list if ext4_truncate() failed to get a transaction handle - ext4: fix kernel infoleak via ext4_extent_header - ext4: return error code when ext4_fill_flex_info() fails - ext4: correct the cache_nr in tracepoint ext4_es_shrink_exit - ext4: remove check for zero nr_to_scan in ext4_es_scan() - ext4: fix avefreec in find_group_orlov - ext4: use ext4_grp_locked_error in mb_find_extent - can: gw: synchronize rcu operations before removing gw job entry - can: peak_pciefd: pucan_handle_status(): fix a potential starvation issue in TX path - SUNRPC: Fix the batch tasks count wraparound. - SUNRPC: Should wake up the privileged task firstly. - [s390x] cio: dont call css_wait_for_slow_path() inside a lock - [x86] serial_cs: Add Option International GSM-Ready 56K/ISDN modem - [x86] serial_cs: remove wrong GLOBETROTTER.cis entry - ath9k: Fix kernel NULL pointer dereference during ath_reset_internal() - ssb: sdio: Don't overwrite const buffer if block_write fails - rsi: Assign beacon rate settings to the correct rate_info descriptor field - rsi: fix AP mode with WPA failure due to encrypted EAPOL - tracing/histograms: Fix parsing of "sym-offset" modifier - tracepoint: Add tracepoint_probe_register_may_exist() for BPF tracing - seq_buf: Make trace_seq_putmem_hex() support data longer than 8 - [powerpc*] stacktrace: Fix spurious "stale" traces in raise_backtrace_ipi() - fuse: check connected before queueing on fpq->io - spi: Make of_register_spi_device also set the fwnode - [i386] spi: spi-topcliff-pch: Fix potential double free in pch_spi_process_messages() - media: cpia2: fix memory leak in cpia2_usb_probe - media: pvrusb2: fix warning in pvr2_i2c_core_done - [x86] crypto: qat - check return code of qat_hal_rd_rel_reg() - [x86] crypto: qat - remove unused macro in FW loader - sched/fair: Fix ascii art by relpacing tabs - media: em28xx: Fix possible memory leak of em28xx struct - media: v4l2-core: Avoid the dangling pointer in v4l2_fh_release - media: bt8xx: Fix a missing check bug in bt878_probe - media: dvd_usb: memory leak in cinergyt2_fe_attach - mmc: via-sdmmc: add a check against NULL pointer dereference - crypto: shash - avoid comparing pointers to exported functions under CFI - media: dvb_net: avoid speculation from net slot - media: siano: fix device register error path - btrfs: fix error handling in __btrfs_update_delayed_inode - btrfs: abort transaction if we fail to update the delayed inode - btrfs: disable build on platforms having page size 256K - [armhf] regulator: da9052: Ensure enough delay time for .set_voltage_time_sel - HID: do not use down_interruptible() when unbinding devices - ACPI: processor idle: Fix up C-state latency if not ordered - [x86] hv_utils: Fix passing zero to 'PTR_ERR' warning - lib: vsprintf: Fix handling of number field widths in vsscanf - ACPI: EC: Make more Asus laptops use ECDT _GPE - block_dump: remove block_dump feature in mark_inode_dirty() - fs: dlm: cancel work sync othercon - random32: Fix implicit truncation warning in prandom_seed_state() - fs: dlm: fix memory leak when fenced - ACPICA: Fix memory leak caused by _CID repair function - ACPI: bus: Call kobject_put() in acpi_init() error path - [x86] platform/x86: toshiba_acpi: Fix missing error code in toshiba_acpi_setup_keyboard() - clocksource: Retry clock read if long delays detected - HID: wacom: Correct base usage for capacitive ExpressKey status bits - [armhf] sata_highbank: fix deferred probing - [mips*] pata_octeon_cf: avoid WARN_ON() in ata_host_activate() - [x86] crypto: ccp - Fix a resource leak in an error handling path - media: rc: i2c: Fix an error message - media: gspca/gl860: fix zero-length control requests - media: siano: Fix out-of-bounds warnings in smscore_load_firmware_family2() - btrfs: clear log tree recovering status if starting transaction fails - [armhf] spi: spi-sun6i: Fix chipselect/clock bug - ACPI: sysfs: Fix a buffer overrun problem with description_show() - blk-wbt: introduce a new disable state to prevent false positive by rwb_enabled() - blk-wbt: make sure throttle is enabled properly - ocfs2: fix snprintf() checking - [arm64,armhf] net: mvpp2: Put fwnode in error case during ->probe() - [i386] net: pch_gbe: Propagate error from devm_gpio_request_one() - [arm64] drm/rockchip: cdn-dp-core: add missing clk_disable_unprepare() on error in cdn_dp_grf_write() - RDMA/rxe: Fix failure during driver load - drm: qxl: ensure surf.data is ininitialized - ieee802154: hwsim: Fix possible memory leak in hwsim_subscribe_all_others - [arm64] wcn36xx: Move hal_buf allocation to devm_kmalloc in probe - ssb: Fix error return code in ssb_bus_scan() - brcmfmac: fix setting of station info chains bitmask - brcmfmac: correctly report average RSSI in station info - brcmsmac: mac80211_if: Fix a resource leak in an error handling path - ath10k: Fix an error code in ath10k_add_interface() - RDMA/mlx5: Don't add slave port to unaffiliated list - netfilter: nft_exthdr: check for IPv6 packet before further processing - netfilter: nft_osf: check for TCP packet before further processing - netfilter: nft_tproxy: restrict support to TCP and UDP transport protocols - RDMA/rxe: Fix qp reference counting for atomic ops - pkt_sched: sch_qfq: fix qfq_change_class() error path - vxlan: add missing rcu_read_lock() in neigh_reduce() - net/ipv4: swap flow ports when validating source - ieee802154: hwsim: Fix memory leak in hwsim_add_one - ieee802154: hwsim: avoid possible crash in hwsim_del_edge_nl() - mac80211: remove iwlwifi specific workaround NDPs of null_response - ipv6: exthdrs: do not blindly use init_net - bpf: Do not change gso_size during bpf_skb_change_proto() - i40e: Fix error handling in i40e_vsi_open - i40e: Fix autoneg disabling for non-10GBaseT links - ipv6: fix out-of-bound access in ip6_parse_tlv() - Bluetooth: mgmt: Fix slab-out-of-bounds in tlv_data_is_valid - Bluetooth: Fix handling of HCI_LE_Advertising_Set_Terminated event - writeback: fix obtain a reference to a freeing memcg css - net: lwtunnel: handle MTU calculation in forwading - net: sched: fix warning in tcindex_alloc_perfect_hash - RDMA/mlx5: Don't access NULL-cleared mpi pointer - tty: nozomi: Fix a resource leak in an error handling function - mwifiex: re-fix for unaligned accesses - [arm64] ASoC: hisilicon: fix missing clk_disable_unprepare() on error in hi6210_i2s_startup() - [x86] char: pcmcia: error out if 'num_bytes_read' is greater than 4 in set_protocol() - tty: nozomi: Fix the error handling path of 'nozomi_card_init()' - scsi: FlashPoint: Rename si_flags field - serial: 8250: Actually allow UPF_MAGIC_MULTIPLIER baud rates - of: Fix truncation of memory sizes on 32-bit platforms - [armhf] mtd: rawnand: marvell: add missing clk_disable_unprepare() on error in marvell_nfc_resume() - scsi: mpt3sas: Fix error return value in _scsih_expander_add() - configfs: fix memleak in configfs_release_bin_file - [powerpc*] Offline CPU in stop_this_cpu() - [arm64] serial: mvebu-uart: correctly calculate minimal possible baudrate - vfio/pci: Handle concurrent vma faults - mm/huge_memory.c: don't discard hugepage if other processes are mapping it - mmc: block: Disable CMDQ on the ioctl path - mmc: vub3000: fix control-request direction - drm/amd/amdgpu/sriov disable all ip hw status by default - [i386] net: pch_gbe: Use proper accessors to BE data in pch_ptp_match() - hugetlb: clear huge pte during flush function on mips platform - atm: iphase: fix possible use-after-free in ia_module_exit() - mISDN: fix possible use-after-free in HFC_cleanup() - atm: nicstar: Fix possible use-after-free in nicstar_cleanup() - net: Treat __napi_schedule_irqoff() as __napi_schedule() on PREEMPT_RT - reiserfs: add check for invalid 1st journal block - drm/virtio: Fix double free on probe failure - udf: Fix NULL pointer dereference in udf_symlink function - e100: handle eeprom as little endian - [arm64,armhf] clk: tegra: Ensure that PLLU configuration is applied properly - ipv6: use prandom_u32() for ID generation - RDMA/cxgb4: Fix missing error code in create_qp() - dm space maps: don't reset space map allocation cursor when committing - [armhf] pinctrl: mcp23s08: fix race condition in irq handler - ice: set the value of global config lock timeout longer - virtio_net: Remove BUG() to avoid machine dead - [arm64,armhf] net: mvpp2: check return value after calling platform_get_resource() - [amd64] fjes: check return value after calling platform_get_resource() - selinux: use __GFP_NOWARN with GFP_NOWAIT in the AVC - xfrm: Fix error reporting in xfrm_state_construct. - [arm64,armhf] wlcore/wl12xx: Fix wl12xx get_mac error if device is in ELP - [arm64,armhf] wl1251: Fix possible buffer overflow in wl1251_cmd_scan - net: fix mistake path for netdev_features_strings - rtl8xxxu: Fix device info for RTL8192EU devices - atm: nicstar: use 'dma_free_coherent' instead of 'kfree' - atm: nicstar: register the interrupt handler in the right place - vsock: notify server to shutdown when client has pending signal - RDMA/rxe: Don't overwrite errno from ib_umem_get() - iwlwifi: mvm: don't change band on bound PHY contexts - iwlwifi: pcie: free IML DMA memory allocation - sfc: avoid double pci_remove of VFs - sfc: error code if SRIOV cannot be disabled - wireless: wext-spy: Fix out-of-bounds warning - net: ip: avoid OOM kills with large UDP sends over loopback - RDMA/cma: Fix rdma_resolve_route() memory leak - Bluetooth: Fix the HCI to MGMT status conversion table - Bluetooth: Shutdown controller after workqueues are flushed or cancelled - Bluetooth: btusb: fix bt fiwmare downloading failure issue for qca btsoc. - sctp: validate from_addr_param return (CVE-2021-3655) - sctp: add size validation when walking chunks (CVE-2021-3655) - fscrypt: don't ignore minor_hash when hash is 0 - bdi: Do not use freezable workqueue - [arm64] serial: mvebu-uart: clarify the baud rate derivation - [arm64] serial: mvebu-uart: fix calculation of clock divisor - fuse: reject internal errno - [powerpc*] barrier: Avoid collision with clang's __lwsync macro - usb: gadget: f_fs: Fix setting of device and driver data cross-references - drm/radeon: Add the missed drm_gem_object_put() in radeon_user_framebuffer_create() - pinctrl/amd: Add device HID for new AMD GPIO controller - [arm64] drm/msm/mdp4: Fix modifier support enabling - mmc: sdhci: Fix warning message when accessing RPMB in HS400 mode - mmc: core: clear flags before allowing to retune - mmc: core: Allow UHS-I voltage switch for SDSC cards if supported - [armhf] ata: ahci_sunxi: Disable DIPM - cpu/hotplug: Cure the cpusets trainwreck - [arm64,armhf] clocksource/arm_arch_timer: Improve Allwinner A64 timer workaround - [arm64,armhf] ASoC: tegra: Set driver_name=tegra for all machine drivers - qemu_fw_cfg: Make fw_cfg_rev_attr a proper kobj_attribute - ipmi/watchdog: Stop watchdog timer when the current action is 'none' - seq_buf: Fix overflow in seq_buf_putmem_hex() - tracing: Simplify & fix saved_tgids logic - tracing: Resize tgid_map to pid_max, not PID_MAX_DEFAULT - dm btree remove: assign new_root only when removal succeeds - PCI: Leave Apple Thunderbolt controllers on for s2idle or standby - [arm64] PCI: aardvark: Fix checking for PIO Non-posted Request - media: subdev: disallow ioctl for saa6588/davinci - media: dtv5100: fix control-request directions - media: zr364xx: fix memory leak in zr364xx_start_readpipe - media: gspca/sq905: fix control-request direction - media: gspca/sunplus: fix zero-length control requests - media: uvcvideo: Fix pixel format change for Elgato Cam Link 4K - [armhf] pinctrl: mcp23s08: Fix missing unlock on error in mcp23s08_irq() - jfs: fix GPF in diFree - [x86] KVM: x86: Use guest MAXPHYADDR from CPUID.0x8000_0008 iff TDP is enabled - [x86] KVM: X86: Disable hardware breakpoints unconditionally before kvm_x86->run() - scsi: core: Fix bad pointer dereference when ehandler kthread is invalid - tracing: Do not reference char * as a string in histograms - [arm64] PCI: aardvark: Don't rely on jiffies while holding spinlock - [arm64] PCI: aardvark: Fix kernel panic during PIO transfer - [x86] misc/libmasm/module: Fix two use after free in ibmasm_init_one - Revert "ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro" - w1: ds2438: fixing bug that would always get page0 - scsi: lpfc: Fix "Unexpected timeout" error in direct attach topology - scsi: lpfc: Fix crash when lpfc_sli4_hba_setup() fails to initialize the SGLs - scsi: core: Cap scsi_host cmd_per_lun at can_queue - [x86] tty: serial: 8250: serial_cs: Fix a memory leak in error handling path - scsi: scsi_dh_alua: Check for negative result value - fs/jfs: Fix missing error code in lmLogInit() - scsi: iscsi: Add iscsi_cls_conn refcount helpers - scsi: iscsi: Fix conn use after free during resets - scsi: iscsi: Fix shost->max_id use - scsi: qedi: Fix null ref during abort handling - [armhf] mfd: da9052/stmpe: Add and modify MODULE_DEVICE_TABLE - [s390x] sclp_vt220: fix console name to match device (Closes: #961056) - [i386] ALSA: sb: Fix potential double-free of CSP mixer elements - [powerpc*] ps3: Add dma_mask to ps3_dma_region - [arm64] gpio: zynq: Check return value of pm_runtime_get_sync - [arm64,armhf] gpio: pca953x: Add support for the On Semi pca9655 - ASoC: soc-core: Fix the error return code in snd_soc_of_parse_audio_routing() - ALSA: bebob: add support for ToneWeal FW66 - usb: gadget: f_hid: fix endianness issue with descriptors - [powerpc*] boot: Fixup device-tree on little endian - [arm64,armhf] ALSA: hda: Add IRQ check for platform_get_irq() - [x86] intel_th: Wait until port is in reset before programming it - i2c: core: Disable client irq on reboot/shutdown - lib/decompress_unlz4.c: correctly handle zero-padding around initrds. - [x86] power: supply: max17042: Do not enforce (incorrect) interrupt trigger type - [armel,armhf] power: reset: gpio-poweroff: add missing MODULE_DEVICE_TABLE - [x86] watchdog: Fix possible use-after-free in wdt_startup() - [x86] watchdog: Fix possible use-after-free by calling del_timer_sync() - [x86] watchdog: iTCO_wdt: Account for rebooting on second timeout - [x86] fpu: Return proper error codes from user access functions - [arm64,armhf] PCI: tegra: Add missing MODULE_DEVICE_TABLE - orangefs: fix orangefs df output. - ceph: remove bogus checks and WARN_ONs from ceph_set_page_dirty - NFS: nfs_find_open_context() may only select open files - [arm64,armhf] pwm: tegra: Don't modify HW state in .remove callback - [arm64] ACPI: AMBA: Fix resource name in /proc/iomem - [x86] ACPI: video: Add quirk for the Dell Vostro 3350 - virtio-blk: Fix memory leak among suspend/resume procedure - virtio_net: Fix error handling in virtnet_restore() - virtio_console: Assure used length from device is limited (CVE-2021-38160) - f2fs: add MODULE_SOFTDEP to ensure crc32 is included in the initramfs - PCI/sysfs: Fix dsm_label_utf16s_to_utf8s() buffer overrun - NFSv4: Initialise connection to the server in nfs4_alloc_client() (CVE-2021-38199) - nfs: fix acl memory leak of posix_acl_create() - ubifs: Set/Clear I_LINKABLE under i_lock for whiteout inode - [x86] fpu: Limit xstate copy size in xstateregs_set() - virtio_net: move tx vq operation under tx queue lock - [i386] ALSA: isa: Fix error return code in snd_cmi8330_probe() - NFSv4/pNFS: Don't call _nfs4_pnfs_v3_ds_connect multiple times - rtc: fix snprintf() checking in is_rtc_hctosys() - [arm64,armhf] reset: bail if try_module_get() fails - [armhf] dts: am335x: align ti,pindir-d0-out-d1-in property with dt-shema - scsi: be2iscsi: Fix an error handling path in beiscsi_dev_probe() - net: bridge: multicast: fix PIM hello router port marking race - scsi: scsi_dh_alua: Fix signedness bug in alua_rtpg() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.199 - [armhf] dts: rockchip: fix pinctrl sleep nodename for rk3036-kylin and rk3288 - [armhf] imx: pm-imx5: Fix references to imx5_cpu_suspend_info - [armhf] dts: rockchip: fix supply properties in io-domains nodes - [arm64,armhf] soc/tegra: fuse: Fix Tegra234-only builds - thermal/core: Correct function name thermal_zone_device_unregister() - [arm64,armhf] rtc: max77686: Do not enforce (incorrect) interrupt trigger type - scsi: aic7xxx: Fix unintentional sign extension issue on left shift of u8 - scsi: libsas: Add LUN number check in .slave_alloc callback - scsi: libfc: Fix array index out of bound exception - sched/fair: Fix CFS bandwidth hrtimer expiry type - mm: slab: fix kmem_cache_create failed when sysfs node not destroyed - dm writecache: return the exact table values that were set - dm writecache: fix writing beyond end of underlying device when shrinking - [arm64,armhf] net: dsa: mv88e6xxx: enable .rmu_disable() on Topaz - net: ipv6: fix return value of ip6_skb_dst_mtu - netfilter: ctnetlink: suspicious RCU usage in ctnetlink_dump_helpinfo - net: bridge: sync fdb to new unicast-filtering ports - [arm64] net: qcom/emac: fix UAF in emac_remove - net: ti: fix UAF in tlan_remove_one - net: send SYNACK packet with accepted fwmark - net: validate lwtstate->data before returning from skb_tunnel_info() - dma-buf/sync_file: Don't leak fences on merge failure - tcp: annotate data races around tp->mtu_info - ipv6: tcp: drop silly ICMPv6 packet too big messages - udp: annotate data races around unix_sk(sk)->gso_size - net: ip_tunnel: fix mtu calculation for ETHER tunnel devices - igb: Fix use-after-free error during reset - ixgbe: Fix an error handling path in 'ixgbe_probe()' - igb: Fix an error handling path in 'igb_probe()' - e1000e: Fix an error handling path in 'e1000_probe()' - iavf: Fix an error handling path in 'iavf_probe()' - igb: Check if num of q_vectors is smaller than max before array access - igb: Fix position of assignment to *ring - ipv6: fix 'disable_policy' for fwd packets - nvme-pci: do not call nvme_dev_remove_admin from nvme_remove - liquidio: Fix unintentional sign extension issue on left shift of u16 - net: fix uninit-value in caif_seqpkt_sendmsg - net: decnet: Fix sleeping inside in af_decnet - [powerpc*] KVM: PPC: Fix kvm_arch_vcpu_ioctl vcpu_load leak - netrom: Decrease sock refcount when sock timers expire - scsi: iscsi: Fix iface sysfs attr detection - scsi: target: Fix protect handling in WRITE SAME(32) - net/tcp_fastopen: fix data races around tfo_active_disable_stamp - net/sched: act_skbmod: Skip non-Ethernet packets - nvme-pci: don't WARN_ON in nvme_reset_work if ctrl.state is not RESETTING - Revert "USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem" - sctp: update active_key for asoc when old key is being replaced - net: sched: cls_api: Fix the the wrong parameter - [arm64,armhf] drm/panel: raspberrypi-touchscreen: Prevent double-free - proc: Avoid mixing integer types in mem_rw() - [s390x] ftrace: fix ftrace_update_ftrace_func implementation - ALSA: usb-audio: Add registration quirk for JBL Quantum headsets - [i386] ALSA: sb: Fix potential ABBA deadlock in CSP driver - xhci: Fix lost USB 2 remote wake - [powerpc*] KVM: PPC: Book3S: Fix H_RTAS rets buffer overflow (CVE-2021-37576) - usb: hub: Disable USB 3 device initiated lpm if exit latency is too high - usb: hub: Fix link power management max exit latency (MEL) calculations - USB: usb-storage: Add LaCie Rugged USB3-FW to IGNORE_UAS - USB: serial: option: add support for u-blox LARA-R6 family - USB: serial: cp210x: fix comments for GE CS1000 - USB: serial: cp210x: add ID for CEL EM3588 USB ZigBee stick - [arm*] usb: dwc2: gadget: Fix sending zero length packet in DDMA mode. - tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop. (CVE-2021-3679) - media: ngene: Fix out-of-bounds bug in ngene_command_config_free_buf() - ixgbe: Fix packet corruption due to missing DMA sync - drm: Return -ENOTTY for non-drm ioctls - KVM: do not assume PTE is writable after follow_pfn - KVM: do not allow mapping valid but non-reference-counted pages (CVE-2021-22543) - KVM: Use kvm_pfn_t for local PFN variable in hva_to_pfn_remapped() - [arm64,armhf] net: dsa: mv88e6xxx: use correct .stats_set_histogram() on Topaz - btrfs: compression: don't try to compress if we don't have enough pages - PCI: Mark AMD Navi14 GPU ATS as broken - xhci: add xhci_get_virt_ep() helper https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.200 - [x86] KVM: determine if an exception has an error code only when injecting it. - net: split out functions related to registering inflight socket files - af_unix: fix garbage collect vs MSG_PEEK - workqueue: fix UAF in pwq_unbound_release_workfn() - net/802/mrp: fix memleak in mrp_request_join() - net/802/garp: fix memleak in garp_request_join() - net: annotate data race around sk_ll_usec - sctp: move 198 addresses from unusable to private scope - hfs: add missing clean-up in hfs_fill_super - hfs: fix high memory mapping in hfs_bnode_read - hfs: add lock nesting notation to hfs_find_init - cifs: fix the out of range assignment to bit fields in parse_server_interfaces https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.201 - virtio_net: Do not pull payload in skb->head - gro: ensure frag0 meets IP header alignment - [x86] asm: Ensure asm/proto.h can be included stand-alone - btrfs: fix rw device counting in __btrfs_free_extra_devids - [x86] kvm: fix vcpu-id indexed array sizes - ocfs2: fix zero out valid data - ocfs2: issue zeroout to EOF blocks - can: raw: raw_setsockopt(): fix raw_rcv panic for sock UAF - can: mcba_usb_start(): add missing urb->transfer_dma initialization - can: usb_8dev: fix memory leak - can: ems_usb: fix memory leak - can: esd_usb2: fix memory leak - NIU: fix incorrect error return, missed in previous revert - nfc: nfcsim: fix use after free during module unload - cfg80211: Fix possible memory leak in function cfg80211_bss_update - netfilter: conntrack: adjust stop timestamp to real expiry value - netfilter: nft_nat: allow to specify layer 4 protocol NAT only - i40e: Fix logic of disabling queues - i40e: Fix log TC creation failure when max num of queues is exceeded - tipc: fix sleeping in tipc accept routine - mlx4: Fix missing error code in mlx4_load_one() - net: llc: fix skb_over_panic - net/mlx5: Fix flow table chaining - sctp: fix return value check in __sctp_rcv_asconf_lookup - tulip: windbond-840: Fix missing pci_disable_device() in probe and remove - sis900: Fix missing pci_disable_device() in probe and remove - [powerpc*] pseries: Fix regression while building external modules - i40e: Add additional info to PHY type error https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.202 - btrfs: mark compressed range uptodate only if all bio succeed - r8152: Fix potential PM refcount imbalance - qed: fix possible unpaired spin_{un}lock_bh in _qed_mcp_cmd_and_union() - net: Fix zero-copy head len calculation. - bdi: move bdi_dev_name out of line - bdi: use bdi_dev_name() to get device name - bdi: add a ->dev_name field to struct backing_dev_info - Revert "Bluetooth: Shutdown controller after workqueues are flushed or cancelled" - [x86] Revert "watchdog: iTCO_wdt: Account for rebooting on second timeout" - padata: validate cpumask without removed CPU during offline - padata: add separate cpuhp node for CPUHP_PADATA_DEAD https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.203 - Revert "ACPICA: Fix memory leak caused by _CID repair function" - ALSA: seq: Fix racy deletion of subscriber - [armhf] imx: add missing iounmap() - ALSA: usb-audio: fix incorrect clock source setting - scsi: sr: Return correct event when media event code is 3 - media: videobuf2-core: dequeue if start_streaming fails - net: natsemi: Fix missing pci_disable_device() in probe and remove - sctp: move the active_key update after sh_keys is added - nfp: update ethtool reporting of pauseframe control - net: ipv6: fix returned variable type in ip6_skb_dst_mtu - bnx2x: fix an error code in bnx2x_nic_load() - net: pegasus: fix uninit-value in get_interrupt_interval - [armhf] net: fec: fix use-after-free in fec_drv_remove - net: vxge: fix use-after-free in vxge_device_unregister - Bluetooth: defer cleanup of resources in hci_unregister_dev() - USB: usbtmc: Fix RCU stall warning - USB: serial: option: add Telit FD980 composition 0x1056 - USB: serial: ch341: fix character loss at high transfer rates - USB: serial: ftdi_sio: add device ID for Auto-M3 OP-COM v2 - firmware_loader: use -ETIMEDOUT instead of -EAGAIN in fw_load_sysfs_fallback - firmware_loader: fix use-after-free in firmware_fallback_sysfs - ALSA: usb-audio: Add registration quirk for JBL Quantum 600 - usb: gadget: f_hid: added GET_IDLE and SET_IDLE handlers - usb: gadget: f_hid: fixed NULL pointer dereference - usb: gadget: f_hid: idle uses the highest byte for duration - tracing/histogram: Rename "cpu" to "common_cpu" - [arm64] optee: Clear stale cache entries during initialization - staging: rtl8723bs: Fix a resource leak in sd_int_dpc - media: rtl28xxu: fix zero-length control request - pipe: increase minimum default pipe size to 2 pages - ext4: fix potential htree corruption when growing large_dir directories - serial: 8250: Mask out floating 16/32-bit bus bits - [mips*] Malta: Do not byte-swap accesses to the CBUS UART - [x86] pcmcia: i82092: fix a null pointer dereference bug - [x86] KVM: accept userspace interrupt only if no event is injected - [x86] KVM: x86/mmu: Fix per-cpu counter corruption on 32-bit builds - [armhf] spi: meson-spicc: fix memory leak in meson_spicc_remove - qmi_wwan: add network device usage statistics for qmimux devices - libata: fix ata_pio_sector for CONFIG_HIGHMEM - reiserfs: add check for root_inode in reiserfs_fill_super - reiserfs: check directory items on read from disk - net/qla3xxx: fix schedule while atomic in ql_wait_for_drvr_lock and ql_adapter_reset - [armhf] imx: add mmdc ipg clock operation for mmdc https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.204 - [x86] KVM: SVM: Fix off-by-one indexing when nullifying last used SEV VMCB - bpf: Inherit expanded/patched seen count from old aux data (CVE-2021-33624) - bpf: Do not mark insn as seen under speculative path verification (CVE-2021-33624) - bpf: Fix leakage under speculation on mispredicted branches (CVE-2021-33624) - [x86] KVM: MMU: Use the correct inherited permissions to get shadow page (CVE-2021-38198) - USB:ehci:fix Kunpeng920 ehci hardware problem - ppp: Fix generating ppp unit id when ifname is not specified - ovl: prevent private clone if bind mount is not allowed CVE-2021-3732) - net: xilinx_emaclite: Do not print real IOMEM pointer (CVE-2021-38205) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.205 - [x86] ASoC: intel: atom: Fix reference to PCM buffer address - i2c: dev: zero out array used for i2c reads from userspace - [amd64,arm64] ACPI: NFIT: Fix support for virtual SPA ranges - ieee802154: hwsim: fix GPF in hwsim_set_edge_lqi - ieee802154: hwsim: fix GPF in hwsim_new_edge_nl - ppp: Fix generating ifname when empty IFLA_IFNAME is specified - net: Fix memory leak in ieee802154_raw_deliver - net: igmp: fix data-race in igmp_ifc_timer_expire() - net: bridge: fix memleak in br_add_if() - tcp_bbr: fix u32 wrap bug in round logic if bbr_init() called after 2B packets - net: igmp: increase size of mr_ifc_count - xen/events: Fix race in set_evtchn_to_irq - vsock/virtio: avoid potential deadlock when vsock device remove - [powerpc*] kprobes: Fix kprobe Oops happens in booke - genirq: Provide IRQCHIP_AFFINITY_PRE_STARTUP - [x86] msi: Force affinity setup before startup - [x86] ioapic: Force affinity setup before startup - genirq/msi: Ensure deactivation on teardown - PCI/MSI: Enable and mask MSI-X early - PCI/MSI: Do not set invalid bits in MSI mask - PCI/MSI: Correct misleading comments - PCI/MSI: Use msi_mask_irq() in pci_msi_shutdown() - PCI/MSI: Protect msi_desc::masked for multi-MSI - PCI/MSI: Mask all unused MSI-X entries - PCI/MSI: Enforce that MSI-X table entry is masked for update - PCI/MSI: Enforce MSI[X] entry updates to be visible - [amd64] iommu/vt-d: Fix agaw for a supported 48 bit guest address width - mac80211: drop data frames without key on encrypted links - [x86] KVM: nSVM: always intercept VMLOAD/VMSAVE when nested (CVE-2021-3656) - [x86] KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl (CVE-2021-3653) - [x86] fpu: Make init_fpstate correct with optimized XSAVE - ath: Use safer key clearing with key cache entries (CVE-2020-3702) - ath9k: Clear key cache explicitly on disabling hardware (CVE-2020-3702) - ath: Export ath_hw_keysetmac() (CVE-2020-3702) - ath: Modify ath_key_delete() to not need full key entry (CVE-2020-3702) - ath9k: Postpone key cache entry deletion for TXQ frames reference it (CVE-2020-3702) - dmaengine: of-dma: router_xlate to return -EPROBE_DEFER if controller is not yet available - scsi: megaraid_mm: Fix end of loop tests for list_for_each_entry() - scsi: scsi_dh_rdac: Avoid crash during rdac_bus_attach() - scsi: core: Avoid printing an error if target_alloc() returns -ENXIO - net: usb: lan78xx: don't modify phy_device state concurrently - Bluetooth: hidp: use correct wait queue when removing ctrl_wait - [arm64] cpufreq: armada-37xx: forbid cpufreq for 1.2 GHz variant - vhost: Fix the calculation in vhost_overflow() - bnxt: don't lock the tx queue from napi poll - bnxt: disable napi before canceling DIM - net: 6pack: fix slab-out-of-bounds in decode_data - net: qlcnic: add missed unlock in qlcnic_83xx_flash_read32 - [arm64,armhf] net: mdio-mux: Don't ignore memory allocation errors - [arm64,armhf] net: mdio-mux: Handle -EPROBE_DEFER correctly - [arm64,armhf] mmc: dw_mmc: Fix hang on data CRC error - ALSA: hda - fix the 'Capture Switch' value change notifications - btrfs: prevent rename2 from exchanging a subvol with a directory from different parents - PCI: Increase D3 delay for AMD Renoir/Cezanne XHCI - [x86] ASoC: intel: atom: Fix breakage for PCM buffer address setup - locks: print a warning when mount fails due to lack of "mand" support - fs: warn about impending deprecation of mandatory locks - netfilter: nft_exthdr: fix endianness of tcp option cast https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.206 - net: qrtr: fix another OOB Read in qrtr_endpoint_post (CVE-2021-3743) - bpf: Do not use ax register in interpreter on div/mod - bpf: Fix 32 bit src register truncation on div/mod (CVE-2021-3600) - bpf: Fix truncation handling for mod32 dst reg wrt zero (CVE-2021-3444) - netfilter: conntrack: collect all entries in one cycle - once: Fix panic when module unload - can: usb: esd_usb2: esd_usb2_rx_event(): fix the interchange of the CAN RX and TX error counters - Revert "USB: serial: ch341: fix character loss at high transfer rates" - USB: serial: option: add new VID/PID to support Fibocom FG150 - [arm64,armhf] usb: dwc3: gadget: Fix dwc3_calc_trbs_left() - [arm64,armhf] usb: dwc3: gadget: Stop EP0 transfers during pullup disable - [amd64] IB/hfi1: Fix possible null-pointer dereference in _extend_sdma_tx_descs() - e1000e: Fix the max snoop/no-snoop latency for 10M - ip_gre: add validation for csum_start - [arm64] xgene-v2: Fix a resource leak in the error handling path of 'xge_probe()' - [arm64,armhf] net: marvell: fix MVNETA_TX_IN_PRGRS bit number - [arm64] net: hns3: fix get wrong pfc_en when query PFC configuration - usb: gadget: u_audio: fix race condition on endpoint stop - opp: remove WARN when no valid OPPs remain - virtio: Improve vq->broken access to avoid any compiler optimization - virtio_pci: Support surprise removal of virtio pci device - [amd64] vringh: Use wiov->used to check for read/write desc order - qed: qed ll2 race condition fixes - qed: Fix null-pointer dereference in qed_rdma_create_qp() - drm: Copy drm_wait_vblank to user before returning - drm/nouveau/disp: power down unused DP links during init - net/rds: dma_map_sg is entitled to merge entries - vt_kdsetmode: extend console locking (CVE-2021-3753) - fbmem: add margin check to fb_check_caps() - [x86] KVM: x86/mmu: Treat NX as used (not reserved) for all !TDP shadow MMUs - Revert "floppy: reintroduce O_NDELAY fix" - net: don't unconditionally copy_from_user a struct ifreq for socket ioctls https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.207 - ext4: fix race writing to an inline_data file while its xattrs are changing (CVE-2021-40490) - [armhf] gpu: ipu-v3: Fix i.MX IPU-v3 offset calculations for (semi)planar U/V formats - qed: Fix the VF msix vectors flow - [arm64] net: macb: Add a NULL check on desc_ptp - qede: Fix memset corruption - [x86] perf/x86/intel/pt: Fix mask of num_address_ranges - [x86] perf/x86/amd/ibs: Work around erratum #1197 - [armel,armhf] 8918/2: only build return_address() if needed - ALSA: pcm: fix divide error in snd_pcm_lib_ioctl - clk: fix build warning for orphan_list - media: stkwebcam: fix memory leak in stk_camera_probe - [armhf] imx: add missing clk_disable_unprepare() - [armhf] imx: fix missing 3rd argument in macro imx_mmdc_perf_init - igmp: Add ip_mc_list lock in ip_check_mc_rcu - ipv4/icmp: l3mdev: Perform icmp error route lookup on source device routing table (v2) - SUNRPC/nfs: Fix return value for nfs4_callback_compound() - [powerpc*] module64: Fix comment in R_PPC64_ENTRY handling - [powerpc*] boot: Delete unneeded .globl _zimage_start - mm/page_alloc: speed up the iteration of max_order - Revert "btrfs: compression: don't try to compress if we don't have enough pages" - ALSA: usb-audio: Add registration quirk for JBL Quantum 800 - [x86] reboot: Limit Dell Optiplex 990 quirk to early BIOS versions - PCI: Call Max Payload Size-related fixup quirks early - locking/mutex: Fix HANDOFF condition - regmap: fix the offset of register error log - sched/deadline: Fix reset_on_fork reporting of DL tasks - power: supply: axp288_fuel_gauge: Report register-address on readb / writeb errors - sched/deadline: Fix missing clock update in migrate_task_rq_dl() - hrtimer: Avoid double reprogramming in __hrtimer_start_range_ns() - udf: Check LVID earlier - isofs: joliet: Fix iocharset=utf8 mount option - bcache: add proper error unwinding in bcache_device_init - nvme-rdma: don't update queue count when failing to set io queues - [x86] power: supply: max17042_battery: fix typo in MAx17042_TOFF - [s390x] cio: add dev_busid sysfs entry for each subchannel - libata: fix ata_host_start() - [x86] crypto: qat - do not ignore errors from enable_vf2pf_comms() - [x86] crypto: qat - handle both source of interrupt in VF ISR - [x86] crypto: qat - fix reuse of completion variable - [x86] crypto: qat - fix naming for init/shutdown VF to PF notifications - [x86] crypto: qat - do not export adf_iov_putmsg() - fcntl: fix potential deadlock for &fasync_struct.fa_lock - udf_get_extendedattr() had no boundary checks. - lib/mpi: use kcalloc in mpi_resize - [x86] crypto: qat - use proper type for vf_mask - media: dvb-usb: fix uninit-value in dvb_usb_adapter_dvb_init - media: dvb-usb: fix uninit-value in vp702x_read_mac_addr - media: go7007: remove redundant initialization - Bluetooth: sco: prevent information leak in sco_conn_defer_accept() - tcp: seq_file: Avoid skipping sk during tcp_seek_last_pos - media: em28xx-input: fix refcount bug in em28xx_usb_disconnect - [arm64] media: venus: venc: Fix potential null pointer dereference on pointer fmt - PCI: PM: Avoid forcing PCI_D0 for wakeup reasons inconsistently - PCI: PM: Enable PME if it can be signaled from D3cold - Bluetooth: increase BTNAMSIZ to 21 chars to fix potential buffer overflow - [arm64] drm/msm/dpu: make dpu_hw_ctl_clear_all_blendstages clear necessary LMs - Bluetooth: fix repeated calls to sco_sock_kill - [arm64] drm/msm/dsi: Fix some reference counted resource leaks - [armhf] usb: phy: twl6030: add IRQ checks - Bluetooth: Move shutdown callback before flushing tx and rx queue - mac80211: Fix insufficient headroom issue for AMSDU - Bluetooth: add timeout sanity check to hci_inquiry - [armhf] i2c: s3c2410: fix IRQ check - [arm64,armhf] mmc: dw_mmc: Fix issue with uninitialized dma_slave_config - CIFS: Fix a potencially linear read overflow - [arm*] usb: ehci-orion: Handle errors of clk_prepare_enable() in probe - ath6kl: wmi: fix an error code in ath6kl_wmi_sync_point() - bcma: Fix memory leak for internally-handled cores - ipv4: make exception cache less predictible - net: sched: Fix qdisc_rate_table refcount leak when get tcf_block failed - ipv4: fix endianness issue in inet_rtm_getroute_build_skb() - netns: protect netns ID lookups with RCU - fscrypt: add fscrypt_symlink_getattr() for computing st_size - ext4: report correct st_size for encrypted symlinks - f2fs: report correct st_size for encrypted symlinks - ubifs: report correct st_size for encrypted symlinks - tty: Fix data race between tiocsti() and flush_to_ldisc() - [x86] KVM: Update vCPU's hv_clock before back to guest when tsc_offset is adjusted - fbmem: don't allow too huge resolutions - [arm64,armhf] backlight: pwm_bl: Improve bootloader/kernel device handover - [armel] clk: kirkwood: Fix a clocking boot regression - btrfs: reset replace target device to allocation state on close - blk-zoned: allow zone management send operations without CAP_SYS_ADMIN - blk-zoned: allow BLKREPORTZONE without CAP_SYS_ADMIN - PCI/MSI: Skip masking MSI-X on Xen PV - [powerpc*] perf/hv-gpci: Fix counter value parsing - xen: fix setting of max_pfn in shared_info - 9p/xen: Fix end of loop tests for list_for_each_entry - bpf/verifier: per-register parent pointers - bpf: correct slot_type marking logic to allow more stack slot sharing - bpf: Support variable offset stack access from helpers - bpf: Reject indirect var_off stack access in raw mode - bpf: Reject indirect var_off stack access in unpriv mode - bpf: Sanity check max value for var_off stack access - bpf: track spill/fill of constants - bpf: Introduce BPF nospec instruction for mitigating Spectre v4 (CVE-2021-34556, CVE-2021-35477) - bpf: Fix leakage due to insufficient speculative store bypass mitigation (CVE-2021-34556, CVE-2021-35477) - bpf: verifier: Allocate idmap scratch in verifier env - bpf: Fix pointer arithmetic mask tightening under state pruning - [arm64] head: avoid over-mapping in map_memory - block: bfq: fix bfq_set_next_ioprio_data() - [x86] power: supply: max17042: handle fails of reading status register - dm crypt: Avoid percpu_counter spinlock contention in crypt_page_alloc() - [x86] VMCI: fix NULL pointer dereference when unmapping queue pair - media: uvc: don't do DMA on stack - media: rc-loopback: return number of emitters rather than error - libata: add ATA_HORKAGE_NO_NCQ_TRIM for Samsung 860 and 870 SSDs - PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported - PCI: Return ~0 data on pciconfig_read() CAP_SYS_ADMIN failure - [arm64] PCI: xilinx-nwl: Enable the clock through CCF - [arm64] PCI: aardvark: Increase polling delay to 1.5s while waiting for PIO response - [arm64] PCI: aardvark: Fix masking and unmasking legacy INTx interrupts - HID: input: do not report stylus battery state as "full" - RDMA/iwcm: Release resources if iw_cm module initialization fails - docs: Fix infiniband uverbs minor number - [armhf] pinctrl: samsung: Fix pinctrl bank pin count - [powerpc*] stacktrace: Include linux/delay.h - [arm64,armhf] pinctrl: single: Fix error return code in pcs_parse_bits_in_pinctrl_entry() - scsi: qedi: Fix error codes in qedi_alloc_global_queues() - [x86] platform/x86: dell-smbios-wmi: Add missing kfree in error-exit from run_smbios_call - fscache: Fix cookie key hashing - f2fs: fix to account missing .skipped_gc_rwsem - f2fs: fix to unmap pages from userspace process in punch_hole() - [mips*] Malta: fix alignment of the devicetree buffer - userfaultfd: prevent concurrent API initialization - media: dib8000: rewrite the init prbs logic - PCI: Use pci_update_current_state() in pci_enable_device_flags() - tipc: keep the skb in rcv queue until the whole data is read - video: fbdev: kyro: fix a DoS bug by restricting user input - netlink: Deal with ESRCH error in nlmsg_notify() - usb: gadget: u_ether: fix a potential null pointer dereference - usb: gadget: composite: Allow bMaxPower=0 if self-powered - tty: serial: jsm: hold port lock when reporting modem line changes - video: fbdev: kyro: Error out if 'pixclock' equals zero - ipv4: ip_output.c: Fix out-of-bounds warning in ip_copy_addrs() - flow_dissector: Fix out-of-bounds warnings - [s390x] jump_label: print real address in a case of a jump label bug - serial: 8250: Define RX trigger levels for OxSemi 950 devices - serial: 8250_pci: make setup_port() parameters explicitly unsigned - Bluetooth: skip invalid hci_sync_conn_complete_evt - bonding: 3ad: fix the concurrency between __bond_release_one() and bond_3ad_state_machine_handler() - [x86] ASoC: Intel: bytcr_rt5640: Move "Platform Clock" routes to the maps for the matching in-/output - media: v4l2-dv-timings.c: fix wrong condition in two for-loops - [armhf] dts: imx53-ppd: Fix ACHC entry - [arm64] dts: qcom: sdm660: use reg value for memory node - [arm64] net: ethernet: stmmac: Do not use unreachable() in ipq806x_gmac_probe() - Bluetooth: schedule SCO timeouts with delayed_work - Bluetooth: avoid circular locks in sco_sock_connect - gpu: drm: amd: amdgpu: amdgpu_i2c: fix possible uninitialized-variable access in amdgpu_i2c_router_select_ddc_port() - Bluetooth: Fix handling of LE Enhanced Connection Complete - tcp: enable data-less, empty-cookie SYN with TFO_SERVER_COOKIE_NOT_REQD - rpc: fix gss_svc_init cleanup on failure - [x86] staging: rts5208: Fix get_ms_information() heap buffer size - gfs2: Don't call dlm after protocol is unmounted - of: Don't allow __of_attached_node_sysfs() without CONFIG_SYSFS - [arm64] mmc: sdhci-of-arasan: Check return value of non-void funtions - mmc: rtsx_pci: Fix long reads when clock is prescaled - mmc: core: Return correct emmc response in case of ioctl error - cifs: fix wrong release in sess_alloc_buffer() failed path - Revert "USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST quirk set" - [armhf] usb: musb: musb_dsps: request_irq() after initializing musb - usbip: give back URBs for unsent unlink requests during cleanup - usbip:vhci_hcd USB port can get stuck in the disabled state - [arm64,armhf] ASoC: rockchip: i2s: Fix regmap_ops hang - [arm64,armhf] ASoC: rockchip: i2s: Fixup config for DAIFMT_DSP_A/B - parport: remove non-zero check on count - ath9k: fix OOB read ar9300_eeprom_restore_internal - ath9k: fix sleeping in atomic context - ovl: fix BUG_ON() in may_delete() when called from ovl_cleanup() - [x86] scsi: BusLogic: Fix missing pr_cont() use - scsi: qla2xxx: Sync queue idx with queue_pair_map idx - [powerpc*] cpufreq: powernv: Fix init_chip_info initialization in numa=off - mm/hugetlb: initialize hugetlb_usage in mm_init - memcg: enable accounting for pids in nested pid namespaces - [arm64,armhf] platform/chrome: cros_ec_proto: Send command again when timeout occurs - drm/amdgpu: Fix BUG_ON assert - dm thin metadata: Fix use-after-free in dm_bm_set_read_only - [x86] xen: reset legacy rtc flag for PV domU - bnx2x: Fix enabling network interfaces without VFs - [arm64] sve: Use correct size when reinitialising SVE state - PM: base: power: don't try to use non-existing RTC for storing data - PCI: Add AMD GPU multi-function power dependencies - [x86] mm: Fix kern_addr_valid() to cope with existing but not present entries - tipc: fix an use-after-free issue in tipc_recvmsg - dccp: don't duplicate ccid when cloning dccp sock (CVE-2020-16119) - net/l2tp: Fix reference count leak in l2tp_udp_recv_core - r6040: Restore MDIO clock frequency after MAC reset - tipc: increase timeout in tipc_sk_enqueue() - net/mlx5: Fix potential sleeping in atomic context - events: Reuse value read using READ_ONCE instead of re-reading it - net/af_unix: fix a data-race in unix_dgram_poll - [arm64,armhf] net: dsa: destroy the phylink instance on any error in dsa_slave_phy_setup - tcp: fix tp->undo_retrans accounting in tcp_sacktag_one() - qed: Handle management FW error - [arm64] net: hns3: pad the short tunnel frame before sending to hardware - mm/memory_hotplug: use "unsigned long" for PFN in zone_for_pfn_range() - [s390x] KVM: index kvm->arch.idle_mask by vcpu_idx - dt-bindings: mtd: gpmc: Fix the ECC bytes vs. OOB bytes equation - [armhf] mfd: Don't use irq_create_mapping() to resolve a mapping - PCI: Add ACS quirks for Cavium multi-function devices - net: usb: cdc_mbim: avoid altsetting toggling for Telit LN920 - block, bfq: honor already-setup queue merges - ethtool: Fix an error code in cxgb2.c - mfd: axp20x: Update AXP288 volatile ranges - PCI: Fix pci_dev_str_match_path() alloc while atomic bug - [arm64] KVM: Handle PSCI resets before userspace touches vCPU state - mtd: rawnand: cafe: Fix a resource leak in the error handling path of 'cafe_nand_probe()' - [armhf] net: dsa: b53: Fix calculating number of switch ports - netfilter: socket: icmp6: fix use-after-scope - fq_codel: reject silly quantum parameters - qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom - ip_gre: validate csum_start only on pull https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.208 - [s390x] bpf: Fix optimizing out zero-extensions - KVM: remember position in kvm->vcpus array - rcu: Fix missed wakeup of exp_wq waiters - apparmor: remove duplicate macro list_entry_is_head() - tracing/kprobe: Fix kprobe_on_func_entry() modification - sctp: validate chunk size in __rcv_asconf_lookup (CVE-2021-3655) - sctp: add param size validation for SCTP_PARAM_SET_PRIMARY (CVE-2021-3655) - dmaengine: acpi: Avoid comparison GSI with Linux vIRQ - [armhf] thermal/drivers/exynos: Fix an error code in exynos_tmu_probe() - 9p/trans_virtio: Remove sysfs file on probe failure - prctl: allow to setup brk for et_dyn executables - nilfs2: use refcount_dec_and_lock() to fix potential UAF - profiling: fix shift-out-of-bounds bugs - drivers: base: cacheinfo: Get rid of DEFINE_SMP_CALL_CACHE_FUNCTION() - ceph: lockdep annotations for try_nonblocking_invalidate - nilfs2: fix memory leak in nilfs_sysfs_create_device_group - nilfs2: fix NULL pointer in nilfs_##name##_attr_release - nilfs2: fix memory leak in nilfs_sysfs_create_##name##_group - nilfs2: fix memory leak in nilfs_sysfs_delete_##name##_group - nilfs2: fix memory leak in nilfs_sysfs_create_snapshot_group - nilfs2: fix memory leak in nilfs_sysfs_delete_snapshot_group - [arm64,armhf] pwm: rockchip: Don't modify HW state in .remove() callback - blk-throttle: fix UAF by deleteing timer in blk_throtl_exit() - drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV . [ Salvatore Bonaccorso ] * [rt] Update to 4.19.195-rt82 * [rt] Update to 4.19.196-rt83 * Bump ABI to 18 * [rt] Update to 4.19.197-rt84 * Refresh "fs: Add MODULE_SOFTDEP declarations for hard-coded crypto drivers" * [rt] Update to 4.19.198-rt85 * Refresh "scsi: hisi_sas: Create separate host attributes per HBA" * [rt] Update to 4.19.199-rt86 * [rt] Update to 4.19.206-rt87 * [rt] Update to 4.19.207-rt88 * hso: fix bailout in error case of probe * usb: hso: fix error handling code of hso_create_net_device (CVE-2021-37159) * usb: hso: remove the bailout parameter linux (4.19.194-3) buster-security; urgency=high . * [x86] KVM: SVM: Periodically schedule when unregistering regions on destroy (CVE-2020-36311) * can: bcm: fix infoleak in struct bcm_msg_head (CVE-2021-34693) * can: bcm: delay release of struct bcm_op after synchronize_rcu() (CVE-2021-3609) * seq_file: Disallow extremely large seq buffer allocations (CVE-2021-33909) linux (4.19.194-2) buster; urgency=medium . * proc: Track /proc/$pid/attr/ opener mm_struct (Closes: #990072) linux-latest (105+deb10u13) buster; urgency=medium . * Update to 4.19.0-18 linux-signed-amd64 (4.19.208+1) buster; urgency=medium . * Sign kernel from linux 4.19.208-1 . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.195 - perf/core: Fix endless multiplex timer - net/nfc/rawsock.c: fix a permission check bug - [x86] ASoC: Intel: bytcr_rt5640: Add quirk for the Glavey TM800A550L tablet - [x86] ASoC: Intel: bytcr_rt5640: Add quirk for the Lenovo Miix 3-830 tablet - bonding: init notify_work earlier to avoid uninitialized use - netlink: disable IRQs for netlink_lock_table() - net: mdiobus: get rid of a BUG_ON() - cgroup: disable controllers at parse time - wq: handle VM suspension in stall detection - net/qla3xxx: fix schedule while atomic in ql_sem_spinlock - RDS tcp loopback connection can hang - scsi: bnx2fc: Return failure if io_req is already in ABTS processing - [x86] scsi: vmw_pvscsi: Set correct residual data length - scsi: target: qla2xxx: Wait for stop_phase1 at WWN removal - [arm64] net: macb: ensure the device is available before accessing GEMGXL control registers - nvme-fabrics: decode host pathing error for connect - [mips*] Fix kernel hang under FUNCTION_GRAPH_TRACER and PREEMPT_TRACER - bnx2x: Fix missing error code in bnx2x_iov_init_one() - [powerpc*] i2c: mpc: Make use of i2c_recover_bus() - [powerpc*] i2c: mpc: implement erratum A-004447 workaround - drm: Fix use-after-free read in drm_getunique() - drm: Lock pointer access in drm_master_release() - kvm: avoid speculation-based attacks from out-of-range memslot accesses - [arm64,x86] staging: rtl8723bs: Fix uninitialized variables - btrfs: return value from btrfs_mark_extent_written() in case of error - cgroup1: don't allow '\n' in renaming - USB: f_ncm: ncm_bitrate (speed) is unsigned - usb: f_ncm: only first packet of aggregate needs to start timer - usb: pd: Set PD_T_SINK_WAIT_CAP to 310ms - [arm64,armhf] usb: dwc3: ep0: fix NULL pointer exception - [x86] usb: typec: ucsi: Clear PPM capability data in ucsi_init() error path - usb: gadget: f_fs: Ensure io_completion_wq is idle during unbind - USB: serial: ftdi_sio: add NovaTech OrionMX product ID - USB: serial: omninet: add device id for Zyxel Omni 56K Plus - USB: serial: quatech2: fix control-request directions - USB: serial: cp210x: fix alternate function for CP2102N QFN20 - usb: gadget: eem: fix wrong eem header operation - usb: fix various gadgets null ptr deref on 10gbps cabling. - usb: fix various gadget panics on 10gbps cabling - regulator: core: resolve supply for boot-on/always-on regulators - [arm64] regulator: max77620: Use device_set_of_node_from_dev() - RDMA/mlx4: Do not map the core_clock page to user space unless enabled - perf: Fix data race between pin_count increment/decrement - sched/fair: Make sure to update tg contrib for blocked load - IB/mlx5: Fix initializing CQ fragments buffer - NFS: Fix a potential NULL dereference in nfs_get_client() - NFSv4: Fix deadlock between nfs4_evict_inode() and nfs4_opendata_get_inode() - perf session: Correct buffer copying when peeking events - kvm: fix previous commit for 32-bit builds - NFS: Fix use-after-free in nfs4_init_client() - NFSv4: Fix second deadlock in nfs4_evict_inode() - NFSv4: nfs4_proc_set_acl needs to restore NFS_CAP_UIDGID_NOMAP on error. - scsi: core: Fix error handling of scsi_host_alloc() - scsi: core: Put .shost_dev in failure path if host state changes to RUNNING - scsi: core: Only put parent device if host state differs from SHOST_CREATED - ftrace: Do not blindly read the ip address in ftrace_bug() - tracing: Correct the length check which causes memory corruption - proc: only require mm_struct for writing https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.196 - net: ieee802154: fix null deref in parse dev addr - HID: quirks: Set INCREMENT_USAGE_ON_DUPLICATE for Saitek X65 - HID: hid-sensor-hub: Return error for hid_set_field() failure - HID: Add BUS_VIRTUAL to hid_connect logging - HID: usbhid: fix info leak in hid_submit_ctrl - gfs2: Prevent direct-I/O write fallback errors from getting lost - gfs2: Fix use-after-free in gfs2_glock_shrink_scan - scsi: target: core: Fix warning on realtime kernels - ethernet: myri10ge: Fix missing error code in myri10ge_probe() - scsi: scsi_devinfo: Add blacklist entry for HPE OPEN-V - net: ipconfig: Don't override command-line hostnames or domains - rtnetlink: Fix missing error code in rtnl_bridge_notify() - net: Return the correct errno code - fib: Return the correct errno code - afs: Fix an IS_ERR() vs NULL check - mm/memory-failure: make sure wait for page writeback in memory_failure - batman-adv: Avoid WARN_ON timing related checks - net: ipv4: fix memory leak in netlbl_cipsov4_add_std - net: rds: fix memory leak in rds_recvmsg - udp: fix race between close() and udp_abort() - rtnetlink: Fix regression in bridge VLAN configuration - net/mlx5e: Block offload of outer header csum for UDP tunnels - netfilter: synproxy: Fix out of bounds when parsing TCP options - sch_cake: Fix out of bounds when parsing TCP options and header - alx: Fix an error handling path in 'alx_probe()' - net: stmmac: dwmac1000: Fix extended MAC address registers definition - net: add documentation to socket.c - net: make get_net_ns return error if NET_NS is disabled - qlcnic: Fix an error handling path in 'qlcnic_probe()' - netxen_nic: Fix an error handling path in 'netxen_nic_probe()' - ptp: ptp_clock: Publish scaled_ppm_to_ppb - ptp: improve max_adj check against unreasonable values - net: cdc_ncm: switch to eth%d interface naming - net: usb: fix possible use-after-free in smsc75xx_bind - [armhf] net: fec_ptp: fix issue caused by refactor the fec_devtype - net: ipv4: fix memory leak in ip_mc_add1_src - net/af_unix: fix a data-race in unix_dgram_sendmsg / unix_release_sock - be2net: Fix an error handling path in 'be_probe()' - net: hamradio: fix memory leak in mkiss_close - net: cdc_eem: fix tx fixup skb leak - icmp: don't send out ICMP messages with a source address of 0.0.0.0 - radeon: use memcpy_to/fromio for UVD fw upload - hwmon: (scpi-hwmon) shows the negative temperature properly - can: mcba_usb: fix memory leak in mcba_usb - usb: core: hub: Disable autosuspend for Cypress CY7C65632 - tracing: Do not stop recording cmdlines when tracing is off - tracing: Do not stop recording comms if the trace file is being read - tracing: Do no increment trace_clock_global() by one - PCI: Mark TI C667X to avoid bus reset - PCI: Mark some NVIDIA GPUs to avoid bus reset - PCI: Add ACS quirk for Broadcom BCM57414 NIC - PCI: Work around Huawei Intelligent NIC VF FLR erratum - [arm64,armhf] dmaengine: pl330: fix wrong usage of spinlock flags in dma_cyclc - net: bridge: fix vlan tunnel dst null pointer dereference - net: bridge: fix vlan tunnel dst refcnt when egressing - mm/slub: clarify verification reporting - mm/slub.c: include swab.h - [armhf] net: fec_ptp: add clock rate zero check - [arm64,armhf] KVM: arm/arm64: Fix KVM_VGIC_V3_ADDR_TYPE_REDIST read - can: bcm/raw/isotp: use per module netdevice notifier - inet: use bigger hash table for IP ID generation - [arm64,armhf] usb: dwc3: debugfs: Add and remove endpoint dirs dynamically - [arm64,armhf] usb: dwc3: core: fix kernel panic when do reboot - [x86] fpu: Reset state for all signal restore failures - module: limit enabling module.sig_enforce (CVE-2021-35039) - drm/nouveau: wait for moving fence after pinning v2 - drm/radeon: wait for moving fence after pinning - Revert "PCI: PM: Do not read power state in pci_enable_device_flags()" - mac80211: remove warning in ieee80211_get_sband() - cfg80211: call cfg80211_leave_ocb when switching away from OCB - mac80211: drop multicast fragments - net: ethtool: clear heap allocations for ethtool function - ping: Check return value of function 'ping_queue_rcv_skb' - inet: annotate date races around sk->sk_txhash - net/packet: annotate accesses to po->bind - net/packet: annotate accesses to po->ifindex - r8152: Avoid memcpy() over-reading of ETH_SS_STATS - r8169: Avoid memcpy() over-reading of ETH_SS_STATS - net: qed: Fix memcpy() overflow of qed_dcbx_params() - [x86] PCI: Add AMD RS690 quirk to enable 64-bit DMA - nilfs2: fix memory leak in nilfs_sysfs_delete_device_group - i2c: robotfuzz-osif: fix control-request directions https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.197 - mm: add VM_WARN_ON_ONCE_PAGE() macro - mm/rmap: remove unneeded semicolon in page_not_mapped() - mm/rmap: use page_not_mapped in try_to_unmap() - mm/thp: fix __split_huge_pmd_locked() on shmem migration entry - mm/thp: make is_huge_zero_pmd() safe and quicker - mm/thp: try_to_unmap() use TTU_SYNC for safe splitting - mm/thp: fix vma_address() if virtual address below file offset - mm/thp: fix page_address_in_vma() on file THP tails - mm/thp: unmap_mapping_page() to fix THP truncate_cleanup_page() - mm: thp: replace DEBUG_VM BUG with VM_WARN when unmap fails for split - mm: page_vma_mapped_walk(): use page for pvmw->page - mm: page_vma_mapped_walk(): settle PageHuge on entry - mm: page_vma_mapped_walk(): use pmde for *pvmw->pmd - mm: page_vma_mapped_walk(): prettify PVMW_MIGRATION block - mm: page_vma_mapped_walk(): crossing page table boundary - mm: page_vma_mapped_walk(): add a level of indentation - mm: page_vma_mapped_walk(): use goto instead of while (1) - mm: page_vma_mapped_walk(): get vma_address_end() earlier - mm/thp: fix page_vma_mapped_walk() if THP mapped by ptes - mm/thp: another PVMW_SYNC fix in page_vma_mapped_walk() - mm, futex: fix shared futex pgoff on shmem huge page - scsi: sr: Return appropriate error code when disk is ejected - drm/nouveau: fix dma_address check for CPU/GPU sync - ext4: eliminate bogus error in ext4_data_block_valid_rcu() - kthread_worker: split code for canceling the delayed work timer - kthread: prevent deadlock when kthread_mod_delayed_work() races with kthread_cancel_delayed_work_sync() - xen/events: reset active flag for lateeoi events later - [x86] KVM: SVM: Call SEV Guest Decommission if ASID binding fails - [armhf] OMAP: replace setup_irq() by request_irq() - [armhf] clocksource/drivers/timer-ti-dm: Add clockevent and clocksource support - [armhf] clocksource/drivers/timer-ti-dm: Prepare to handle dra7 timer wrap issue - [armhf] clocksource/drivers/timer-ti-dm: Handle dra7 timer wrap errata i940 https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.198 - scsi: core: Retry I/O for Notify (Enable Spinup) Required error - ALSA: usb-audio: fix rate on Ozone Z90 USB headset - ALSA: usb-audio: Fix OOB access at proc output - media: dvb-usb: fix wrong definition - Input: usbtouchscreen - fix control-request directions - net: can: ems_usb: fix use-after-free in ems_usb_disconnect() - usb: gadget: eem: fix echo command packet response issue - USB: cdc-acm: blacklist Heimann USB Appset device - [arm64,armhf] usb: dwc3: Fix debugfs creation flow - [x86] usb: typec: Add the missed altmode_id_remove() in typec_register_altmode() - xhci: solve a double free problem while doing s4 - iov_iter_fault_in_readable() should do nothing in xarray case - Input: joydev - prevent use of not validated data in JSIOCSBTNMAP ioctl (CVE-2021-3612) - [armel,armhf] arm_pmu: Fix write counter incorrect in ARMv7 big-endian mode - btrfs: send: fix invalid path for unlink operations after parent orphanization - btrfs: clear defrag status of a root if starting transaction fails - ext4: cleanup in-core orphan list if ext4_truncate() failed to get a transaction handle - ext4: fix kernel infoleak via ext4_extent_header - ext4: return error code when ext4_fill_flex_info() fails - ext4: correct the cache_nr in tracepoint ext4_es_shrink_exit - ext4: remove check for zero nr_to_scan in ext4_es_scan() - ext4: fix avefreec in find_group_orlov - ext4: use ext4_grp_locked_error in mb_find_extent - can: gw: synchronize rcu operations before removing gw job entry - can: peak_pciefd: pucan_handle_status(): fix a potential starvation issue in TX path - SUNRPC: Fix the batch tasks count wraparound. - SUNRPC: Should wake up the privileged task firstly. - [s390x] cio: dont call css_wait_for_slow_path() inside a lock - [x86] serial_cs: Add Option International GSM-Ready 56K/ISDN modem - [x86] serial_cs: remove wrong GLOBETROTTER.cis entry - ath9k: Fix kernel NULL pointer dereference during ath_reset_internal() - ssb: sdio: Don't overwrite const buffer if block_write fails - rsi: Assign beacon rate settings to the correct rate_info descriptor field - rsi: fix AP mode with WPA failure due to encrypted EAPOL - tracing/histograms: Fix parsing of "sym-offset" modifier - tracepoint: Add tracepoint_probe_register_may_exist() for BPF tracing - seq_buf: Make trace_seq_putmem_hex() support data longer than 8 - [powerpc*] stacktrace: Fix spurious "stale" traces in raise_backtrace_ipi() - fuse: check connected before queueing on fpq->io - spi: Make of_register_spi_device also set the fwnode - [i386] spi: spi-topcliff-pch: Fix potential double free in pch_spi_process_messages() - media: cpia2: fix memory leak in cpia2_usb_probe - media: pvrusb2: fix warning in pvr2_i2c_core_done - [x86] crypto: qat - check return code of qat_hal_rd_rel_reg() - [x86] crypto: qat - remove unused macro in FW loader - sched/fair: Fix ascii art by relpacing tabs - media: em28xx: Fix possible memory leak of em28xx struct - media: v4l2-core: Avoid the dangling pointer in v4l2_fh_release - media: bt8xx: Fix a missing check bug in bt878_probe - media: dvd_usb: memory leak in cinergyt2_fe_attach - mmc: via-sdmmc: add a check against NULL pointer dereference - crypto: shash - avoid comparing pointers to exported functions under CFI - media: dvb_net: avoid speculation from net slot - media: siano: fix device register error path - btrfs: fix error handling in __btrfs_update_delayed_inode - btrfs: abort transaction if we fail to update the delayed inode - btrfs: disable build on platforms having page size 256K - [armhf] regulator: da9052: Ensure enough delay time for .set_voltage_time_sel - HID: do not use down_interruptible() when unbinding devices - ACPI: processor idle: Fix up C-state latency if not ordered - [x86] hv_utils: Fix passing zero to 'PTR_ERR' warning - lib: vsprintf: Fix handling of number field widths in vsscanf - ACPI: EC: Make more Asus laptops use ECDT _GPE - block_dump: remove block_dump feature in mark_inode_dirty() - fs: dlm: cancel work sync othercon - random32: Fix implicit truncation warning in prandom_seed_state() - fs: dlm: fix memory leak when fenced - ACPICA: Fix memory leak caused by _CID repair function - ACPI: bus: Call kobject_put() in acpi_init() error path - [x86] platform/x86: toshiba_acpi: Fix missing error code in toshiba_acpi_setup_keyboard() - clocksource: Retry clock read if long delays detected - HID: wacom: Correct base usage for capacitive ExpressKey status bits - [armhf] sata_highbank: fix deferred probing - [mips*] pata_octeon_cf: avoid WARN_ON() in ata_host_activate() - [x86] crypto: ccp - Fix a resource leak in an error handling path - media: rc: i2c: Fix an error message - media: gspca/gl860: fix zero-length control requests - media: siano: Fix out-of-bounds warnings in smscore_load_firmware_family2() - btrfs: clear log tree recovering status if starting transaction fails - [armhf] spi: spi-sun6i: Fix chipselect/clock bug - ACPI: sysfs: Fix a buffer overrun problem with description_show() - blk-wbt: introduce a new disable state to prevent false positive by rwb_enabled() - blk-wbt: make sure throttle is enabled properly - ocfs2: fix snprintf() checking - [arm64,armhf] net: mvpp2: Put fwnode in error case during ->probe() - [i386] net: pch_gbe: Propagate error from devm_gpio_request_one() - [arm64] drm/rockchip: cdn-dp-core: add missing clk_disable_unprepare() on error in cdn_dp_grf_write() - RDMA/rxe: Fix failure during driver load - drm: qxl: ensure surf.data is ininitialized - ieee802154: hwsim: Fix possible memory leak in hwsim_subscribe_all_others - [arm64] wcn36xx: Move hal_buf allocation to devm_kmalloc in probe - ssb: Fix error return code in ssb_bus_scan() - brcmfmac: fix setting of station info chains bitmask - brcmfmac: correctly report average RSSI in station info - brcmsmac: mac80211_if: Fix a resource leak in an error handling path - ath10k: Fix an error code in ath10k_add_interface() - RDMA/mlx5: Don't add slave port to unaffiliated list - netfilter: nft_exthdr: check for IPv6 packet before further processing - netfilter: nft_osf: check for TCP packet before further processing - netfilter: nft_tproxy: restrict support to TCP and UDP transport protocols - RDMA/rxe: Fix qp reference counting for atomic ops - pkt_sched: sch_qfq: fix qfq_change_class() error path - vxlan: add missing rcu_read_lock() in neigh_reduce() - net/ipv4: swap flow ports when validating source - ieee802154: hwsim: Fix memory leak in hwsim_add_one - ieee802154: hwsim: avoid possible crash in hwsim_del_edge_nl() - mac80211: remove iwlwifi specific workaround NDPs of null_response - ipv6: exthdrs: do not blindly use init_net - bpf: Do not change gso_size during bpf_skb_change_proto() - i40e: Fix error handling in i40e_vsi_open - i40e: Fix autoneg disabling for non-10GBaseT links - ipv6: fix out-of-bound access in ip6_parse_tlv() - Bluetooth: mgmt: Fix slab-out-of-bounds in tlv_data_is_valid - Bluetooth: Fix handling of HCI_LE_Advertising_Set_Terminated event - writeback: fix obtain a reference to a freeing memcg css - net: lwtunnel: handle MTU calculation in forwading - net: sched: fix warning in tcindex_alloc_perfect_hash - RDMA/mlx5: Don't access NULL-cleared mpi pointer - tty: nozomi: Fix a resource leak in an error handling function - mwifiex: re-fix for unaligned accesses - [arm64] ASoC: hisilicon: fix missing clk_disable_unprepare() on error in hi6210_i2s_startup() - [x86] char: pcmcia: error out if 'num_bytes_read' is greater than 4 in set_protocol() - tty: nozomi: Fix the error handling path of 'nozomi_card_init()' - scsi: FlashPoint: Rename si_flags field - serial: 8250: Actually allow UPF_MAGIC_MULTIPLIER baud rates - of: Fix truncation of memory sizes on 32-bit platforms - [armhf] mtd: rawnand: marvell: add missing clk_disable_unprepare() on error in marvell_nfc_resume() - scsi: mpt3sas: Fix error return value in _scsih_expander_add() - configfs: fix memleak in configfs_release_bin_file - [powerpc*] Offline CPU in stop_this_cpu() - [arm64] serial: mvebu-uart: correctly calculate minimal possible baudrate - vfio/pci: Handle concurrent vma faults - mm/huge_memory.c: don't discard hugepage if other processes are mapping it - mmc: block: Disable CMDQ on the ioctl path - mmc: vub3000: fix control-request direction - drm/amd/amdgpu/sriov disable all ip hw status by default - [i386] net: pch_gbe: Use proper accessors to BE data in pch_ptp_match() - hugetlb: clear huge pte during flush function on mips platform - atm: iphase: fix possible use-after-free in ia_module_exit() - mISDN: fix possible use-after-free in HFC_cleanup() - atm: nicstar: Fix possible use-after-free in nicstar_cleanup() - net: Treat __napi_schedule_irqoff() as __napi_schedule() on PREEMPT_RT - reiserfs: add check for invalid 1st journal block - drm/virtio: Fix double free on probe failure - udf: Fix NULL pointer dereference in udf_symlink function - e100: handle eeprom as little endian - [arm64,armhf] clk: tegra: Ensure that PLLU configuration is applied properly - ipv6: use prandom_u32() for ID generation - RDMA/cxgb4: Fix missing error code in create_qp() - dm space maps: don't reset space map allocation cursor when committing - [armhf] pinctrl: mcp23s08: fix race condition in irq handler - ice: set the value of global config lock timeout longer - virtio_net: Remove BUG() to avoid machine dead - [arm64,armhf] net: mvpp2: check return value after calling platform_get_resource() - [amd64] fjes: check return value after calling platform_get_resource() - selinux: use __GFP_NOWARN with GFP_NOWAIT in the AVC - xfrm: Fix error reporting in xfrm_state_construct. - [arm64,armhf] wlcore/wl12xx: Fix wl12xx get_mac error if device is in ELP - [arm64,armhf] wl1251: Fix possible buffer overflow in wl1251_cmd_scan - net: fix mistake path for netdev_features_strings - rtl8xxxu: Fix device info for RTL8192EU devices - atm: nicstar: use 'dma_free_coherent' instead of 'kfree' - atm: nicstar: register the interrupt handler in the right place - vsock: notify server to shutdown when client has pending signal - RDMA/rxe: Don't overwrite errno from ib_umem_get() - iwlwifi: mvm: don't change band on bound PHY contexts - iwlwifi: pcie: free IML DMA memory allocation - sfc: avoid double pci_remove of VFs - sfc: error code if SRIOV cannot be disabled - wireless: wext-spy: Fix out-of-bounds warning - net: ip: avoid OOM kills with large UDP sends over loopback - RDMA/cma: Fix rdma_resolve_route() memory leak - Bluetooth: Fix the HCI to MGMT status conversion table - Bluetooth: Shutdown controller after workqueues are flushed or cancelled - Bluetooth: btusb: fix bt fiwmare downloading failure issue for qca btsoc. - sctp: validate from_addr_param return (CVE-2021-3655) - sctp: add size validation when walking chunks (CVE-2021-3655) - fscrypt: don't ignore minor_hash when hash is 0 - bdi: Do not use freezable workqueue - [arm64] serial: mvebu-uart: clarify the baud rate derivation - [arm64] serial: mvebu-uart: fix calculation of clock divisor - fuse: reject internal errno - [powerpc*] barrier: Avoid collision with clang's __lwsync macro - usb: gadget: f_fs: Fix setting of device and driver data cross-references - drm/radeon: Add the missed drm_gem_object_put() in radeon_user_framebuffer_create() - pinctrl/amd: Add device HID for new AMD GPIO controller - [arm64] drm/msm/mdp4: Fix modifier support enabling - mmc: sdhci: Fix warning message when accessing RPMB in HS400 mode - mmc: core: clear flags before allowing to retune - mmc: core: Allow UHS-I voltage switch for SDSC cards if supported - [armhf] ata: ahci_sunxi: Disable DIPM - cpu/hotplug: Cure the cpusets trainwreck - [arm64,armhf] clocksource/arm_arch_timer: Improve Allwinner A64 timer workaround - [arm64,armhf] ASoC: tegra: Set driver_name=tegra for all machine drivers - qemu_fw_cfg: Make fw_cfg_rev_attr a proper kobj_attribute - ipmi/watchdog: Stop watchdog timer when the current action is 'none' - seq_buf: Fix overflow in seq_buf_putmem_hex() - tracing: Simplify & fix saved_tgids logic - tracing: Resize tgid_map to pid_max, not PID_MAX_DEFAULT - dm btree remove: assign new_root only when removal succeeds - PCI: Leave Apple Thunderbolt controllers on for s2idle or standby - [arm64] PCI: aardvark: Fix checking for PIO Non-posted Request - media: subdev: disallow ioctl for saa6588/davinci - media: dtv5100: fix control-request directions - media: zr364xx: fix memory leak in zr364xx_start_readpipe - media: gspca/sq905: fix control-request direction - media: gspca/sunplus: fix zero-length control requests - media: uvcvideo: Fix pixel format change for Elgato Cam Link 4K - [armhf] pinctrl: mcp23s08: Fix missing unlock on error in mcp23s08_irq() - jfs: fix GPF in diFree - [x86] KVM: x86: Use guest MAXPHYADDR from CPUID.0x8000_0008 iff TDP is enabled - [x86] KVM: X86: Disable hardware breakpoints unconditionally before kvm_x86->run() - scsi: core: Fix bad pointer dereference when ehandler kthread is invalid - tracing: Do not reference char * as a string in histograms - [arm64] PCI: aardvark: Don't rely on jiffies while holding spinlock - [arm64] PCI: aardvark: Fix kernel panic during PIO transfer - [x86] misc/libmasm/module: Fix two use after free in ibmasm_init_one - Revert "ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro" - w1: ds2438: fixing bug that would always get page0 - scsi: lpfc: Fix "Unexpected timeout" error in direct attach topology - scsi: lpfc: Fix crash when lpfc_sli4_hba_setup() fails to initialize the SGLs - scsi: core: Cap scsi_host cmd_per_lun at can_queue - [x86] tty: serial: 8250: serial_cs: Fix a memory leak in error handling path - scsi: scsi_dh_alua: Check for negative result value - fs/jfs: Fix missing error code in lmLogInit() - scsi: iscsi: Add iscsi_cls_conn refcount helpers - scsi: iscsi: Fix conn use after free during resets - scsi: iscsi: Fix shost->max_id use - scsi: qedi: Fix null ref during abort handling - [armhf] mfd: da9052/stmpe: Add and modify MODULE_DEVICE_TABLE - [s390x] sclp_vt220: fix console name to match device (Closes: #961056) - [i386] ALSA: sb: Fix potential double-free of CSP mixer elements - [powerpc*] ps3: Add dma_mask to ps3_dma_region - [arm64] gpio: zynq: Check return value of pm_runtime_get_sync - [arm64,armhf] gpio: pca953x: Add support for the On Semi pca9655 - ASoC: soc-core: Fix the error return code in snd_soc_of_parse_audio_routing() - ALSA: bebob: add support for ToneWeal FW66 - usb: gadget: f_hid: fix endianness issue with descriptors - [powerpc*] boot: Fixup device-tree on little endian - [arm64,armhf] ALSA: hda: Add IRQ check for platform_get_irq() - [x86] intel_th: Wait until port is in reset before programming it - i2c: core: Disable client irq on reboot/shutdown - lib/decompress_unlz4.c: correctly handle zero-padding around initrds. - [x86] power: supply: max17042: Do not enforce (incorrect) interrupt trigger type - [armel,armhf] power: reset: gpio-poweroff: add missing MODULE_DEVICE_TABLE - [x86] watchdog: Fix possible use-after-free in wdt_startup() - [x86] watchdog: Fix possible use-after-free by calling del_timer_sync() - [x86] watchdog: iTCO_wdt: Account for rebooting on second timeout - [x86] fpu: Return proper error codes from user access functions - [arm64,armhf] PCI: tegra: Add missing MODULE_DEVICE_TABLE - orangefs: fix orangefs df output. - ceph: remove bogus checks and WARN_ONs from ceph_set_page_dirty - NFS: nfs_find_open_context() may only select open files - [arm64,armhf] pwm: tegra: Don't modify HW state in .remove callback - [arm64] ACPI: AMBA: Fix resource name in /proc/iomem - [x86] ACPI: video: Add quirk for the Dell Vostro 3350 - virtio-blk: Fix memory leak among suspend/resume procedure - virtio_net: Fix error handling in virtnet_restore() - virtio_console: Assure used length from device is limited (CVE-2021-38160) - f2fs: add MODULE_SOFTDEP to ensure crc32 is included in the initramfs - PCI/sysfs: Fix dsm_label_utf16s_to_utf8s() buffer overrun - NFSv4: Initialise connection to the server in nfs4_alloc_client() (CVE-2021-38199) - nfs: fix acl memory leak of posix_acl_create() - ubifs: Set/Clear I_LINKABLE under i_lock for whiteout inode - [x86] fpu: Limit xstate copy size in xstateregs_set() - virtio_net: move tx vq operation under tx queue lock - [i386] ALSA: isa: Fix error return code in snd_cmi8330_probe() - NFSv4/pNFS: Don't call _nfs4_pnfs_v3_ds_connect multiple times - rtc: fix snprintf() checking in is_rtc_hctosys() - [arm64,armhf] reset: bail if try_module_get() fails - [armhf] dts: am335x: align ti,pindir-d0-out-d1-in property with dt-shema - scsi: be2iscsi: Fix an error handling path in beiscsi_dev_probe() - net: bridge: multicast: fix PIM hello router port marking race - scsi: scsi_dh_alua: Fix signedness bug in alua_rtpg() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.199 - [armhf] dts: rockchip: fix pinctrl sleep nodename for rk3036-kylin and rk3288 - [armhf] imx: pm-imx5: Fix references to imx5_cpu_suspend_info - [armhf] dts: rockchip: fix supply properties in io-domains nodes - [arm64,armhf] soc/tegra: fuse: Fix Tegra234-only builds - thermal/core: Correct function name thermal_zone_device_unregister() - [arm64,armhf] rtc: max77686: Do not enforce (incorrect) interrupt trigger type - scsi: aic7xxx: Fix unintentional sign extension issue on left shift of u8 - scsi: libsas: Add LUN number check in .slave_alloc callback - scsi: libfc: Fix array index out of bound exception - sched/fair: Fix CFS bandwidth hrtimer expiry type - mm: slab: fix kmem_cache_create failed when sysfs node not destroyed - dm writecache: return the exact table values that were set - dm writecache: fix writing beyond end of underlying device when shrinking - [arm64,armhf] net: dsa: mv88e6xxx: enable .rmu_disable() on Topaz - net: ipv6: fix return value of ip6_skb_dst_mtu - netfilter: ctnetlink: suspicious RCU usage in ctnetlink_dump_helpinfo - net: bridge: sync fdb to new unicast-filtering ports - [arm64] net: qcom/emac: fix UAF in emac_remove - net: ti: fix UAF in tlan_remove_one - net: send SYNACK packet with accepted fwmark - net: validate lwtstate->data before returning from skb_tunnel_info() - dma-buf/sync_file: Don't leak fences on merge failure - tcp: annotate data races around tp->mtu_info - ipv6: tcp: drop silly ICMPv6 packet too big messages - udp: annotate data races around unix_sk(sk)->gso_size - net: ip_tunnel: fix mtu calculation for ETHER tunnel devices - igb: Fix use-after-free error during reset - ixgbe: Fix an error handling path in 'ixgbe_probe()' - igb: Fix an error handling path in 'igb_probe()' - e1000e: Fix an error handling path in 'e1000_probe()' - iavf: Fix an error handling path in 'iavf_probe()' - igb: Check if num of q_vectors is smaller than max before array access - igb: Fix position of assignment to *ring - ipv6: fix 'disable_policy' for fwd packets - nvme-pci: do not call nvme_dev_remove_admin from nvme_remove - liquidio: Fix unintentional sign extension issue on left shift of u16 - net: fix uninit-value in caif_seqpkt_sendmsg - net: decnet: Fix sleeping inside in af_decnet - [powerpc*] KVM: PPC: Fix kvm_arch_vcpu_ioctl vcpu_load leak - netrom: Decrease sock refcount when sock timers expire - scsi: iscsi: Fix iface sysfs attr detection - scsi: target: Fix protect handling in WRITE SAME(32) - net/tcp_fastopen: fix data races around tfo_active_disable_stamp - net/sched: act_skbmod: Skip non-Ethernet packets - nvme-pci: don't WARN_ON in nvme_reset_work if ctrl.state is not RESETTING - Revert "USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem" - sctp: update active_key for asoc when old key is being replaced - net: sched: cls_api: Fix the the wrong parameter - [arm64,armhf] drm/panel: raspberrypi-touchscreen: Prevent double-free - proc: Avoid mixing integer types in mem_rw() - [s390x] ftrace: fix ftrace_update_ftrace_func implementation - ALSA: usb-audio: Add registration quirk for JBL Quantum headsets - [i386] ALSA: sb: Fix potential ABBA deadlock in CSP driver - xhci: Fix lost USB 2 remote wake - [powerpc*] KVM: PPC: Book3S: Fix H_RTAS rets buffer overflow (CVE-2021-37576) - usb: hub: Disable USB 3 device initiated lpm if exit latency is too high - usb: hub: Fix link power management max exit latency (MEL) calculations - USB: usb-storage: Add LaCie Rugged USB3-FW to IGNORE_UAS - USB: serial: option: add support for u-blox LARA-R6 family - USB: serial: cp210x: fix comments for GE CS1000 - USB: serial: cp210x: add ID for CEL EM3588 USB ZigBee stick - [arm*] usb: dwc2: gadget: Fix sending zero length packet in DDMA mode. - tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop. (CVE-2021-3679) - media: ngene: Fix out-of-bounds bug in ngene_command_config_free_buf() - ixgbe: Fix packet corruption due to missing DMA sync - drm: Return -ENOTTY for non-drm ioctls - KVM: do not assume PTE is writable after follow_pfn - KVM: do not allow mapping valid but non-reference-counted pages (CVE-2021-22543) - KVM: Use kvm_pfn_t for local PFN variable in hva_to_pfn_remapped() - [arm64,armhf] net: dsa: mv88e6xxx: use correct .stats_set_histogram() on Topaz - btrfs: compression: don't try to compress if we don't have enough pages - PCI: Mark AMD Navi14 GPU ATS as broken - xhci: add xhci_get_virt_ep() helper https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.200 - [x86] KVM: determine if an exception has an error code only when injecting it. - net: split out functions related to registering inflight socket files - af_unix: fix garbage collect vs MSG_PEEK - workqueue: fix UAF in pwq_unbound_release_workfn() - net/802/mrp: fix memleak in mrp_request_join() - net/802/garp: fix memleak in garp_request_join() - net: annotate data race around sk_ll_usec - sctp: move 198 addresses from unusable to private scope - hfs: add missing clean-up in hfs_fill_super - hfs: fix high memory mapping in hfs_bnode_read - hfs: add lock nesting notation to hfs_find_init - cifs: fix the out of range assignment to bit fields in parse_server_interfaces https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.201 - virtio_net: Do not pull payload in skb->head - gro: ensure frag0 meets IP header alignment - [x86] asm: Ensure asm/proto.h can be included stand-alone - btrfs: fix rw device counting in __btrfs_free_extra_devids - [x86] kvm: fix vcpu-id indexed array sizes - ocfs2: fix zero out valid data - ocfs2: issue zeroout to EOF blocks - can: raw: raw_setsockopt(): fix raw_rcv panic for sock UAF - can: mcba_usb_start(): add missing urb->transfer_dma initialization - can: usb_8dev: fix memory leak - can: ems_usb: fix memory leak - can: esd_usb2: fix memory leak - NIU: fix incorrect error return, missed in previous revert - nfc: nfcsim: fix use after free during module unload - cfg80211: Fix possible memory leak in function cfg80211_bss_update - netfilter: conntrack: adjust stop timestamp to real expiry value - netfilter: nft_nat: allow to specify layer 4 protocol NAT only - i40e: Fix logic of disabling queues - i40e: Fix log TC creation failure when max num of queues is exceeded - tipc: fix sleeping in tipc accept routine - mlx4: Fix missing error code in mlx4_load_one() - net: llc: fix skb_over_panic - net/mlx5: Fix flow table chaining - sctp: fix return value check in __sctp_rcv_asconf_lookup - tulip: windbond-840: Fix missing pci_disable_device() in probe and remove - sis900: Fix missing pci_disable_device() in probe and remove - [powerpc*] pseries: Fix regression while building external modules - i40e: Add additional info to PHY type error https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.202 - btrfs: mark compressed range uptodate only if all bio succeed - r8152: Fix potential PM refcount imbalance - qed: fix possible unpaired spin_{un}lock_bh in _qed_mcp_cmd_and_union() - net: Fix zero-copy head len calculation. - bdi: move bdi_dev_name out of line - bdi: use bdi_dev_name() to get device name - bdi: add a ->dev_name field to struct backing_dev_info - Revert "Bluetooth: Shutdown controller after workqueues are flushed or cancelled" - [x86] Revert "watchdog: iTCO_wdt: Account for rebooting on second timeout" - padata: validate cpumask without removed CPU during offline - padata: add separate cpuhp node for CPUHP_PADATA_DEAD https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.203 - Revert "ACPICA: Fix memory leak caused by _CID repair function" - ALSA: seq: Fix racy deletion of subscriber - [armhf] imx: add missing iounmap() - ALSA: usb-audio: fix incorrect clock source setting - scsi: sr: Return correct event when media event code is 3 - media: videobuf2-core: dequeue if start_streaming fails - net: natsemi: Fix missing pci_disable_device() in probe and remove - sctp: move the active_key update after sh_keys is added - nfp: update ethtool reporting of pauseframe control - net: ipv6: fix returned variable type in ip6_skb_dst_mtu - bnx2x: fix an error code in bnx2x_nic_load() - net: pegasus: fix uninit-value in get_interrupt_interval - [armhf] net: fec: fix use-after-free in fec_drv_remove - net: vxge: fix use-after-free in vxge_device_unregister - Bluetooth: defer cleanup of resources in hci_unregister_dev() - USB: usbtmc: Fix RCU stall warning - USB: serial: option: add Telit FD980 composition 0x1056 - USB: serial: ch341: fix character loss at high transfer rates - USB: serial: ftdi_sio: add device ID for Auto-M3 OP-COM v2 - firmware_loader: use -ETIMEDOUT instead of -EAGAIN in fw_load_sysfs_fallback - firmware_loader: fix use-after-free in firmware_fallback_sysfs - ALSA: usb-audio: Add registration quirk for JBL Quantum 600 - usb: gadget: f_hid: added GET_IDLE and SET_IDLE handlers - usb: gadget: f_hid: fixed NULL pointer dereference - usb: gadget: f_hid: idle uses the highest byte for duration - tracing/histogram: Rename "cpu" to "common_cpu" - [arm64] optee: Clear stale cache entries during initialization - staging: rtl8723bs: Fix a resource leak in sd_int_dpc - media: rtl28xxu: fix zero-length control request - pipe: increase minimum default pipe size to 2 pages - ext4: fix potential htree corruption when growing large_dir directories - serial: 8250: Mask out floating 16/32-bit bus bits - [mips*] Malta: Do not byte-swap accesses to the CBUS UART - [x86] pcmcia: i82092: fix a null pointer dereference bug - [x86] KVM: accept userspace interrupt only if no event is injected - [x86] KVM: x86/mmu: Fix per-cpu counter corruption on 32-bit builds - [armhf] spi: meson-spicc: fix memory leak in meson_spicc_remove - qmi_wwan: add network device usage statistics for qmimux devices - libata: fix ata_pio_sector for CONFIG_HIGHMEM - reiserfs: add check for root_inode in reiserfs_fill_super - reiserfs: check directory items on read from disk - net/qla3xxx: fix schedule while atomic in ql_wait_for_drvr_lock and ql_adapter_reset - [armhf] imx: add mmdc ipg clock operation for mmdc https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.204 - [x86] KVM: SVM: Fix off-by-one indexing when nullifying last used SEV VMCB - bpf: Inherit expanded/patched seen count from old aux data (CVE-2021-33624) - bpf: Do not mark insn as seen under speculative path verification (CVE-2021-33624) - bpf: Fix leakage under speculation on mispredicted branches (CVE-2021-33624) - [x86] KVM: MMU: Use the correct inherited permissions to get shadow page (CVE-2021-38198) - USB:ehci:fix Kunpeng920 ehci hardware problem - ppp: Fix generating ppp unit id when ifname is not specified - ovl: prevent private clone if bind mount is not allowed CVE-2021-3732) - net: xilinx_emaclite: Do not print real IOMEM pointer (CVE-2021-38205) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.205 - [x86] ASoC: intel: atom: Fix reference to PCM buffer address - i2c: dev: zero out array used for i2c reads from userspace - [amd64,arm64] ACPI: NFIT: Fix support for virtual SPA ranges - ieee802154: hwsim: fix GPF in hwsim_set_edge_lqi - ieee802154: hwsim: fix GPF in hwsim_new_edge_nl - ppp: Fix generating ifname when empty IFLA_IFNAME is specified - net: Fix memory leak in ieee802154_raw_deliver - net: igmp: fix data-race in igmp_ifc_timer_expire() - net: bridge: fix memleak in br_add_if() - tcp_bbr: fix u32 wrap bug in round logic if bbr_init() called after 2B packets - net: igmp: increase size of mr_ifc_count - xen/events: Fix race in set_evtchn_to_irq - vsock/virtio: avoid potential deadlock when vsock device remove - [powerpc*] kprobes: Fix kprobe Oops happens in booke - genirq: Provide IRQCHIP_AFFINITY_PRE_STARTUP - [x86] msi: Force affinity setup before startup - [x86] ioapic: Force affinity setup before startup - genirq/msi: Ensure deactivation on teardown - PCI/MSI: Enable and mask MSI-X early - PCI/MSI: Do not set invalid bits in MSI mask - PCI/MSI: Correct misleading comments - PCI/MSI: Use msi_mask_irq() in pci_msi_shutdown() - PCI/MSI: Protect msi_desc::masked for multi-MSI - PCI/MSI: Mask all unused MSI-X entries - PCI/MSI: Enforce that MSI-X table entry is masked for update - PCI/MSI: Enforce MSI[X] entry updates to be visible - [amd64] iommu/vt-d: Fix agaw for a supported 48 bit guest address width - mac80211: drop data frames without key on encrypted links - [x86] KVM: nSVM: always intercept VMLOAD/VMSAVE when nested (CVE-2021-3656) - [x86] KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl (CVE-2021-3653) - [x86] fpu: Make init_fpstate correct with optimized XSAVE - ath: Use safer key clearing with key cache entries (CVE-2020-3702) - ath9k: Clear key cache explicitly on disabling hardware (CVE-2020-3702) - ath: Export ath_hw_keysetmac() (CVE-2020-3702) - ath: Modify ath_key_delete() to not need full key entry (CVE-2020-3702) - ath9k: Postpone key cache entry deletion for TXQ frames reference it (CVE-2020-3702) - dmaengine: of-dma: router_xlate to return -EPROBE_DEFER if controller is not yet available - scsi: megaraid_mm: Fix end of loop tests for list_for_each_entry() - scsi: scsi_dh_rdac: Avoid crash during rdac_bus_attach() - scsi: core: Avoid printing an error if target_alloc() returns -ENXIO - net: usb: lan78xx: don't modify phy_device state concurrently - Bluetooth: hidp: use correct wait queue when removing ctrl_wait - [arm64] cpufreq: armada-37xx: forbid cpufreq for 1.2 GHz variant - vhost: Fix the calculation in vhost_overflow() - bnxt: don't lock the tx queue from napi poll - bnxt: disable napi before canceling DIM - net: 6pack: fix slab-out-of-bounds in decode_data - net: qlcnic: add missed unlock in qlcnic_83xx_flash_read32 - [arm64,armhf] net: mdio-mux: Don't ignore memory allocation errors - [arm64,armhf] net: mdio-mux: Handle -EPROBE_DEFER correctly - [arm64,armhf] mmc: dw_mmc: Fix hang on data CRC error - ALSA: hda - fix the 'Capture Switch' value change notifications - btrfs: prevent rename2 from exchanging a subvol with a directory from different parents - PCI: Increase D3 delay for AMD Renoir/Cezanne XHCI - [x86] ASoC: intel: atom: Fix breakage for PCM buffer address setup - locks: print a warning when mount fails due to lack of "mand" support - fs: warn about impending deprecation of mandatory locks - netfilter: nft_exthdr: fix endianness of tcp option cast https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.206 - net: qrtr: fix another OOB Read in qrtr_endpoint_post (CVE-2021-3743) - bpf: Do not use ax register in interpreter on div/mod - bpf: Fix 32 bit src register truncation on div/mod (CVE-2021-3600) - bpf: Fix truncation handling for mod32 dst reg wrt zero (CVE-2021-3444) - netfilter: conntrack: collect all entries in one cycle - once: Fix panic when module unload - can: usb: esd_usb2: esd_usb2_rx_event(): fix the interchange of the CAN RX and TX error counters - Revert "USB: serial: ch341: fix character loss at high transfer rates" - USB: serial: option: add new VID/PID to support Fibocom FG150 - [arm64,armhf] usb: dwc3: gadget: Fix dwc3_calc_trbs_left() - [arm64,armhf] usb: dwc3: gadget: Stop EP0 transfers during pullup disable - [amd64] IB/hfi1: Fix possible null-pointer dereference in _extend_sdma_tx_descs() - e1000e: Fix the max snoop/no-snoop latency for 10M - ip_gre: add validation for csum_start - [arm64] xgene-v2: Fix a resource leak in the error handling path of 'xge_probe()' - [arm64,armhf] net: marvell: fix MVNETA_TX_IN_PRGRS bit number - [arm64] net: hns3: fix get wrong pfc_en when query PFC configuration - usb: gadget: u_audio: fix race condition on endpoint stop - opp: remove WARN when no valid OPPs remain - virtio: Improve vq->broken access to avoid any compiler optimization - virtio_pci: Support surprise removal of virtio pci device - [amd64] vringh: Use wiov->used to check for read/write desc order - qed: qed ll2 race condition fixes - qed: Fix null-pointer dereference in qed_rdma_create_qp() - drm: Copy drm_wait_vblank to user before returning - drm/nouveau/disp: power down unused DP links during init - net/rds: dma_map_sg is entitled to merge entries - vt_kdsetmode: extend console locking (CVE-2021-3753) - fbmem: add margin check to fb_check_caps() - [x86] KVM: x86/mmu: Treat NX as used (not reserved) for all !TDP shadow MMUs - Revert "floppy: reintroduce O_NDELAY fix" - net: don't unconditionally copy_from_user a struct ifreq for socket ioctls https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.207 - ext4: fix race writing to an inline_data file while its xattrs are changing (CVE-2021-40490) - [armhf] gpu: ipu-v3: Fix i.MX IPU-v3 offset calculations for (semi)planar U/V formats - qed: Fix the VF msix vectors flow - [arm64] net: macb: Add a NULL check on desc_ptp - qede: Fix memset corruption - [x86] perf/x86/intel/pt: Fix mask of num_address_ranges - [x86] perf/x86/amd/ibs: Work around erratum #1197 - [armel,armhf] 8918/2: only build return_address() if needed - ALSA: pcm: fix divide error in snd_pcm_lib_ioctl - clk: fix build warning for orphan_list - media: stkwebcam: fix memory leak in stk_camera_probe - [armhf] imx: add missing clk_disable_unprepare() - [armhf] imx: fix missing 3rd argument in macro imx_mmdc_perf_init - igmp: Add ip_mc_list lock in ip_check_mc_rcu - ipv4/icmp: l3mdev: Perform icmp error route lookup on source device routing table (v2) - SUNRPC/nfs: Fix return value for nfs4_callback_compound() - [powerpc*] module64: Fix comment in R_PPC64_ENTRY handling - [powerpc*] boot: Delete unneeded .globl _zimage_start - mm/page_alloc: speed up the iteration of max_order - Revert "btrfs: compression: don't try to compress if we don't have enough pages" - ALSA: usb-audio: Add registration quirk for JBL Quantum 800 - [x86] reboot: Limit Dell Optiplex 990 quirk to early BIOS versions - PCI: Call Max Payload Size-related fixup quirks early - locking/mutex: Fix HANDOFF condition - regmap: fix the offset of register error log - sched/deadline: Fix reset_on_fork reporting of DL tasks - power: supply: axp288_fuel_gauge: Report register-address on readb / writeb errors - sched/deadline: Fix missing clock update in migrate_task_rq_dl() - hrtimer: Avoid double reprogramming in __hrtimer_start_range_ns() - udf: Check LVID earlier - isofs: joliet: Fix iocharset=utf8 mount option - bcache: add proper error unwinding in bcache_device_init - nvme-rdma: don't update queue count when failing to set io queues - [x86] power: supply: max17042_battery: fix typo in MAx17042_TOFF - [s390x] cio: add dev_busid sysfs entry for each subchannel - libata: fix ata_host_start() - [x86] crypto: qat - do not ignore errors from enable_vf2pf_comms() - [x86] crypto: qat - handle both source of interrupt in VF ISR - [x86] crypto: qat - fix reuse of completion variable - [x86] crypto: qat - fix naming for init/shutdown VF to PF notifications - [x86] crypto: qat - do not export adf_iov_putmsg() - fcntl: fix potential deadlock for &fasync_struct.fa_lock - udf_get_extendedattr() had no boundary checks. - lib/mpi: use kcalloc in mpi_resize - [x86] crypto: qat - use proper type for vf_mask - media: dvb-usb: fix uninit-value in dvb_usb_adapter_dvb_init - media: dvb-usb: fix uninit-value in vp702x_read_mac_addr - media: go7007: remove redundant initialization - Bluetooth: sco: prevent information leak in sco_conn_defer_accept() - tcp: seq_file: Avoid skipping sk during tcp_seek_last_pos - media: em28xx-input: fix refcount bug in em28xx_usb_disconnect - [arm64] media: venus: venc: Fix potential null pointer dereference on pointer fmt - PCI: PM: Avoid forcing PCI_D0 for wakeup reasons inconsistently - PCI: PM: Enable PME if it can be signaled from D3cold - Bluetooth: increase BTNAMSIZ to 21 chars to fix potential buffer overflow - [arm64] drm/msm/dpu: make dpu_hw_ctl_clear_all_blendstages clear necessary LMs - Bluetooth: fix repeated calls to sco_sock_kill - [arm64] drm/msm/dsi: Fix some reference counted resource leaks - [armhf] usb: phy: twl6030: add IRQ checks - Bluetooth: Move shutdown callback before flushing tx and rx queue - mac80211: Fix insufficient headroom issue for AMSDU - Bluetooth: add timeout sanity check to hci_inquiry - [armhf] i2c: s3c2410: fix IRQ check - [arm64,armhf] mmc: dw_mmc: Fix issue with uninitialized dma_slave_config - CIFS: Fix a potencially linear read overflow - [arm*] usb: ehci-orion: Handle errors of clk_prepare_enable() in probe - ath6kl: wmi: fix an error code in ath6kl_wmi_sync_point() - bcma: Fix memory leak for internally-handled cores - ipv4: make exception cache less predictible - net: sched: Fix qdisc_rate_table refcount leak when get tcf_block failed - ipv4: fix endianness issue in inet_rtm_getroute_build_skb() - netns: protect netns ID lookups with RCU - fscrypt: add fscrypt_symlink_getattr() for computing st_size - ext4: report correct st_size for encrypted symlinks - f2fs: report correct st_size for encrypted symlinks - ubifs: report correct st_size for encrypted symlinks - tty: Fix data race between tiocsti() and flush_to_ldisc() - [x86] KVM: Update vCPU's hv_clock before back to guest when tsc_offset is adjusted - fbmem: don't allow too huge resolutions - [arm64,armhf] backlight: pwm_bl: Improve bootloader/kernel device handover - [armel] clk: kirkwood: Fix a clocking boot regression - btrfs: reset replace target device to allocation state on close - blk-zoned: allow zone management send operations without CAP_SYS_ADMIN - blk-zoned: allow BLKREPORTZONE without CAP_SYS_ADMIN - PCI/MSI: Skip masking MSI-X on Xen PV - [powerpc*] perf/hv-gpci: Fix counter value parsing - xen: fix setting of max_pfn in shared_info - 9p/xen: Fix end of loop tests for list_for_each_entry - bpf/verifier: per-register parent pointers - bpf: correct slot_type marking logic to allow more stack slot sharing - bpf: Support variable offset stack access from helpers - bpf: Reject indirect var_off stack access in raw mode - bpf: Reject indirect var_off stack access in unpriv mode - bpf: Sanity check max value for var_off stack access - bpf: track spill/fill of constants - bpf: Introduce BPF nospec instruction for mitigating Spectre v4 (CVE-2021-34556, CVE-2021-35477) - bpf: Fix leakage due to insufficient speculative store bypass mitigation (CVE-2021-34556, CVE-2021-35477) - bpf: verifier: Allocate idmap scratch in verifier env - bpf: Fix pointer arithmetic mask tightening under state pruning - [arm64] head: avoid over-mapping in map_memory - block: bfq: fix bfq_set_next_ioprio_data() - [x86] power: supply: max17042: handle fails of reading status register - dm crypt: Avoid percpu_counter spinlock contention in crypt_page_alloc() - [x86] VMCI: fix NULL pointer dereference when unmapping queue pair - media: uvc: don't do DMA on stack - media: rc-loopback: return number of emitters rather than error - libata: add ATA_HORKAGE_NO_NCQ_TRIM for Samsung 860 and 870 SSDs - PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported - PCI: Return ~0 data on pciconfig_read() CAP_SYS_ADMIN failure - [arm64] PCI: xilinx-nwl: Enable the clock through CCF - [arm64] PCI: aardvark: Increase polling delay to 1.5s while waiting for PIO response - [arm64] PCI: aardvark: Fix masking and unmasking legacy INTx interrupts - HID: input: do not report stylus battery state as "full" - RDMA/iwcm: Release resources if iw_cm module initialization fails - docs: Fix infiniband uverbs minor number - [armhf] pinctrl: samsung: Fix pinctrl bank pin count - [powerpc*] stacktrace: Include linux/delay.h - [arm64,armhf] pinctrl: single: Fix error return code in pcs_parse_bits_in_pinctrl_entry() - scsi: qedi: Fix error codes in qedi_alloc_global_queues() - [x86] platform/x86: dell-smbios-wmi: Add missing kfree in error-exit from run_smbios_call - fscache: Fix cookie key hashing - f2fs: fix to account missing .skipped_gc_rwsem - f2fs: fix to unmap pages from userspace process in punch_hole() - [mips*] Malta: fix alignment of the devicetree buffer - userfaultfd: prevent concurrent API initialization - media: dib8000: rewrite the init prbs logic - PCI: Use pci_update_current_state() in pci_enable_device_flags() - tipc: keep the skb in rcv queue until the whole data is read - video: fbdev: kyro: fix a DoS bug by restricting user input - netlink: Deal with ESRCH error in nlmsg_notify() - usb: gadget: u_ether: fix a potential null pointer dereference - usb: gadget: composite: Allow bMaxPower=0 if self-powered - tty: serial: jsm: hold port lock when reporting modem line changes - video: fbdev: kyro: Error out if 'pixclock' equals zero - ipv4: ip_output.c: Fix out-of-bounds warning in ip_copy_addrs() - flow_dissector: Fix out-of-bounds warnings - [s390x] jump_label: print real address in a case of a jump label bug - serial: 8250: Define RX trigger levels for OxSemi 950 devices - serial: 8250_pci: make setup_port() parameters explicitly unsigned - Bluetooth: skip invalid hci_sync_conn_complete_evt - bonding: 3ad: fix the concurrency between __bond_release_one() and bond_3ad_state_machine_handler() - [x86] ASoC: Intel: bytcr_rt5640: Move "Platform Clock" routes to the maps for the matching in-/output - media: v4l2-dv-timings.c: fix wrong condition in two for-loops - [armhf] dts: imx53-ppd: Fix ACHC entry - [arm64] dts: qcom: sdm660: use reg value for memory node - [arm64] net: ethernet: stmmac: Do not use unreachable() in ipq806x_gmac_probe() - Bluetooth: schedule SCO timeouts with delayed_work - Bluetooth: avoid circular locks in sco_sock_connect - gpu: drm: amd: amdgpu: amdgpu_i2c: fix possible uninitialized-variable access in amdgpu_i2c_router_select_ddc_port() - Bluetooth: Fix handling of LE Enhanced Connection Complete - tcp: enable data-less, empty-cookie SYN with TFO_SERVER_COOKIE_NOT_REQD - rpc: fix gss_svc_init cleanup on failure - [x86] staging: rts5208: Fix get_ms_information() heap buffer size - gfs2: Don't call dlm after protocol is unmounted - of: Don't allow __of_attached_node_sysfs() without CONFIG_SYSFS - [arm64] mmc: sdhci-of-arasan: Check return value of non-void funtions - mmc: rtsx_pci: Fix long reads when clock is prescaled - mmc: core: Return correct emmc response in case of ioctl error - cifs: fix wrong release in sess_alloc_buffer() failed path - Revert "USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST quirk set" - [armhf] usb: musb: musb_dsps: request_irq() after initializing musb - usbip: give back URBs for unsent unlink requests during cleanup - usbip:vhci_hcd USB port can get stuck in the disabled state - [arm64,armhf] ASoC: rockchip: i2s: Fix regmap_ops hang - [arm64,armhf] ASoC: rockchip: i2s: Fixup config for DAIFMT_DSP_A/B - parport: remove non-zero check on count - ath9k: fix OOB read ar9300_eeprom_restore_internal - ath9k: fix sleeping in atomic context - ovl: fix BUG_ON() in may_delete() when called from ovl_cleanup() - [x86] scsi: BusLogic: Fix missing pr_cont() use - scsi: qla2xxx: Sync queue idx with queue_pair_map idx - [powerpc*] cpufreq: powernv: Fix init_chip_info initialization in numa=off - mm/hugetlb: initialize hugetlb_usage in mm_init - memcg: enable accounting for pids in nested pid namespaces - [arm64,armhf] platform/chrome: cros_ec_proto: Send command again when timeout occurs - drm/amdgpu: Fix BUG_ON assert - dm thin metadata: Fix use-after-free in dm_bm_set_read_only - [x86] xen: reset legacy rtc flag for PV domU - bnx2x: Fix enabling network interfaces without VFs - [arm64] sve: Use correct size when reinitialising SVE state - PM: base: power: don't try to use non-existing RTC for storing data - PCI: Add AMD GPU multi-function power dependencies - [x86] mm: Fix kern_addr_valid() to cope with existing but not present entries - tipc: fix an use-after-free issue in tipc_recvmsg - dccp: don't duplicate ccid when cloning dccp sock (CVE-2020-16119) - net/l2tp: Fix reference count leak in l2tp_udp_recv_core - r6040: Restore MDIO clock frequency after MAC reset - tipc: increase timeout in tipc_sk_enqueue() - net/mlx5: Fix potential sleeping in atomic context - events: Reuse value read using READ_ONCE instead of re-reading it - net/af_unix: fix a data-race in unix_dgram_poll - [arm64,armhf] net: dsa: destroy the phylink instance on any error in dsa_slave_phy_setup - tcp: fix tp->undo_retrans accounting in tcp_sacktag_one() - qed: Handle management FW error - [arm64] net: hns3: pad the short tunnel frame before sending to hardware - mm/memory_hotplug: use "unsigned long" for PFN in zone_for_pfn_range() - [s390x] KVM: index kvm->arch.idle_mask by vcpu_idx - dt-bindings: mtd: gpmc: Fix the ECC bytes vs. OOB bytes equation - [armhf] mfd: Don't use irq_create_mapping() to resolve a mapping - PCI: Add ACS quirks for Cavium multi-function devices - net: usb: cdc_mbim: avoid altsetting toggling for Telit LN920 - block, bfq: honor already-setup queue merges - ethtool: Fix an error code in cxgb2.c - mfd: axp20x: Update AXP288 volatile ranges - PCI: Fix pci_dev_str_match_path() alloc while atomic bug - [arm64] KVM: Handle PSCI resets before userspace touches vCPU state - mtd: rawnand: cafe: Fix a resource leak in the error handling path of 'cafe_nand_probe()' - [armhf] net: dsa: b53: Fix calculating number of switch ports - netfilter: socket: icmp6: fix use-after-scope - fq_codel: reject silly quantum parameters - qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom - ip_gre: validate csum_start only on pull https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.208 - [s390x] bpf: Fix optimizing out zero-extensions - KVM: remember position in kvm->vcpus array - rcu: Fix missed wakeup of exp_wq waiters - apparmor: remove duplicate macro list_entry_is_head() - tracing/kprobe: Fix kprobe_on_func_entry() modification - sctp: validate chunk size in __rcv_asconf_lookup (CVE-2021-3655) - sctp: add param size validation for SCTP_PARAM_SET_PRIMARY (CVE-2021-3655) - dmaengine: acpi: Avoid comparison GSI with Linux vIRQ - [armhf] thermal/drivers/exynos: Fix an error code in exynos_tmu_probe() - 9p/trans_virtio: Remove sysfs file on probe failure - prctl: allow to setup brk for et_dyn executables - nilfs2: use refcount_dec_and_lock() to fix potential UAF - profiling: fix shift-out-of-bounds bugs - drivers: base: cacheinfo: Get rid of DEFINE_SMP_CALL_CACHE_FUNCTION() - ceph: lockdep annotations for try_nonblocking_invalidate - nilfs2: fix memory leak in nilfs_sysfs_create_device_group - nilfs2: fix NULL pointer in nilfs_##name##_attr_release - nilfs2: fix memory leak in nilfs_sysfs_create_##name##_group - nilfs2: fix memory leak in nilfs_sysfs_delete_##name##_group - nilfs2: fix memory leak in nilfs_sysfs_create_snapshot_group - nilfs2: fix memory leak in nilfs_sysfs_delete_snapshot_group - [arm64,armhf] pwm: rockchip: Don't modify HW state in .remove() callback - blk-throttle: fix UAF by deleteing timer in blk_throtl_exit() - drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV . [ Salvatore Bonaccorso ] * [rt] Update to 4.19.195-rt82 * [rt] Update to 4.19.196-rt83 * Bump ABI to 18 * [rt] Update to 4.19.197-rt84 * Refresh "fs: Add MODULE_SOFTDEP declarations for hard-coded crypto drivers" * [rt] Update to 4.19.198-rt85 * Refresh "scsi: hisi_sas: Create separate host attributes per HBA" * [rt] Update to 4.19.199-rt86 * [rt] Update to 4.19.206-rt87 * [rt] Update to 4.19.207-rt88 * hso: fix bailout in error case of probe * usb: hso: fix error handling code of hso_create_net_device (CVE-2021-37159) * usb: hso: remove the bailout parameter linux-signed-amd64 (4.19.194+3) buster-security; urgency=high . * Sign kernel from linux 4.19.194-3 . * [x86] KVM: SVM: Periodically schedule when unregistering regions on destroy (CVE-2020-36311) * can: bcm: fix infoleak in struct bcm_msg_head (CVE-2021-34693) * can: bcm: delay release of struct bcm_op after synchronize_rcu() (CVE-2021-3609) * seq_file: Disallow extremely large seq buffer allocations (CVE-2021-33909) linux-signed-amd64 (4.19.194+2) buster; urgency=medium . * Sign kernel from linux 4.19.194-2 . * proc: Track /proc/$pid/attr/ opener mm_struct (Closes: #990072) linux-signed-arm64 (4.19.208+1) buster; urgency=medium . * Sign kernel from linux 4.19.208-1 . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.195 - perf/core: Fix endless multiplex timer - net/nfc/rawsock.c: fix a permission check bug - [x86] ASoC: Intel: bytcr_rt5640: Add quirk for the Glavey TM800A550L tablet - [x86] ASoC: Intel: bytcr_rt5640: Add quirk for the Lenovo Miix 3-830 tablet - bonding: init notify_work earlier to avoid uninitialized use - netlink: disable IRQs for netlink_lock_table() - net: mdiobus: get rid of a BUG_ON() - cgroup: disable controllers at parse time - wq: handle VM suspension in stall detection - net/qla3xxx: fix schedule while atomic in ql_sem_spinlock - RDS tcp loopback connection can hang - scsi: bnx2fc: Return failure if io_req is already in ABTS processing - [x86] scsi: vmw_pvscsi: Set correct residual data length - scsi: target: qla2xxx: Wait for stop_phase1 at WWN removal - [arm64] net: macb: ensure the device is available before accessing GEMGXL control registers - nvme-fabrics: decode host pathing error for connect - [mips*] Fix kernel hang under FUNCTION_GRAPH_TRACER and PREEMPT_TRACER - bnx2x: Fix missing error code in bnx2x_iov_init_one() - [powerpc*] i2c: mpc: Make use of i2c_recover_bus() - [powerpc*] i2c: mpc: implement erratum A-004447 workaround - drm: Fix use-after-free read in drm_getunique() - drm: Lock pointer access in drm_master_release() - kvm: avoid speculation-based attacks from out-of-range memslot accesses - [arm64,x86] staging: rtl8723bs: Fix uninitialized variables - btrfs: return value from btrfs_mark_extent_written() in case of error - cgroup1: don't allow '\n' in renaming - USB: f_ncm: ncm_bitrate (speed) is unsigned - usb: f_ncm: only first packet of aggregate needs to start timer - usb: pd: Set PD_T_SINK_WAIT_CAP to 310ms - [arm64,armhf] usb: dwc3: ep0: fix NULL pointer exception - [x86] usb: typec: ucsi: Clear PPM capability data in ucsi_init() error path - usb: gadget: f_fs: Ensure io_completion_wq is idle during unbind - USB: serial: ftdi_sio: add NovaTech OrionMX product ID - USB: serial: omninet: add device id for Zyxel Omni 56K Plus - USB: serial: quatech2: fix control-request directions - USB: serial: cp210x: fix alternate function for CP2102N QFN20 - usb: gadget: eem: fix wrong eem header operation - usb: fix various gadgets null ptr deref on 10gbps cabling. - usb: fix various gadget panics on 10gbps cabling - regulator: core: resolve supply for boot-on/always-on regulators - [arm64] regulator: max77620: Use device_set_of_node_from_dev() - RDMA/mlx4: Do not map the core_clock page to user space unless enabled - perf: Fix data race between pin_count increment/decrement - sched/fair: Make sure to update tg contrib for blocked load - IB/mlx5: Fix initializing CQ fragments buffer - NFS: Fix a potential NULL dereference in nfs_get_client() - NFSv4: Fix deadlock between nfs4_evict_inode() and nfs4_opendata_get_inode() - perf session: Correct buffer copying when peeking events - kvm: fix previous commit for 32-bit builds - NFS: Fix use-after-free in nfs4_init_client() - NFSv4: Fix second deadlock in nfs4_evict_inode() - NFSv4: nfs4_proc_set_acl needs to restore NFS_CAP_UIDGID_NOMAP on error. - scsi: core: Fix error handling of scsi_host_alloc() - scsi: core: Put .shost_dev in failure path if host state changes to RUNNING - scsi: core: Only put parent device if host state differs from SHOST_CREATED - ftrace: Do not blindly read the ip address in ftrace_bug() - tracing: Correct the length check which causes memory corruption - proc: only require mm_struct for writing https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.196 - net: ieee802154: fix null deref in parse dev addr - HID: quirks: Set INCREMENT_USAGE_ON_DUPLICATE for Saitek X65 - HID: hid-sensor-hub: Return error for hid_set_field() failure - HID: Add BUS_VIRTUAL to hid_connect logging - HID: usbhid: fix info leak in hid_submit_ctrl - gfs2: Prevent direct-I/O write fallback errors from getting lost - gfs2: Fix use-after-free in gfs2_glock_shrink_scan - scsi: target: core: Fix warning on realtime kernels - ethernet: myri10ge: Fix missing error code in myri10ge_probe() - scsi: scsi_devinfo: Add blacklist entry for HPE OPEN-V - net: ipconfig: Don't override command-line hostnames or domains - rtnetlink: Fix missing error code in rtnl_bridge_notify() - net: Return the correct errno code - fib: Return the correct errno code - afs: Fix an IS_ERR() vs NULL check - mm/memory-failure: make sure wait for page writeback in memory_failure - batman-adv: Avoid WARN_ON timing related checks - net: ipv4: fix memory leak in netlbl_cipsov4_add_std - net: rds: fix memory leak in rds_recvmsg - udp: fix race between close() and udp_abort() - rtnetlink: Fix regression in bridge VLAN configuration - net/mlx5e: Block offload of outer header csum for UDP tunnels - netfilter: synproxy: Fix out of bounds when parsing TCP options - sch_cake: Fix out of bounds when parsing TCP options and header - alx: Fix an error handling path in 'alx_probe()' - net: stmmac: dwmac1000: Fix extended MAC address registers definition - net: add documentation to socket.c - net: make get_net_ns return error if NET_NS is disabled - qlcnic: Fix an error handling path in 'qlcnic_probe()' - netxen_nic: Fix an error handling path in 'netxen_nic_probe()' - ptp: ptp_clock: Publish scaled_ppm_to_ppb - ptp: improve max_adj check against unreasonable values - net: cdc_ncm: switch to eth%d interface naming - net: usb: fix possible use-after-free in smsc75xx_bind - [armhf] net: fec_ptp: fix issue caused by refactor the fec_devtype - net: ipv4: fix memory leak in ip_mc_add1_src - net/af_unix: fix a data-race in unix_dgram_sendmsg / unix_release_sock - be2net: Fix an error handling path in 'be_probe()' - net: hamradio: fix memory leak in mkiss_close - net: cdc_eem: fix tx fixup skb leak - icmp: don't send out ICMP messages with a source address of 0.0.0.0 - radeon: use memcpy_to/fromio for UVD fw upload - hwmon: (scpi-hwmon) shows the negative temperature properly - can: mcba_usb: fix memory leak in mcba_usb - usb: core: hub: Disable autosuspend for Cypress CY7C65632 - tracing: Do not stop recording cmdlines when tracing is off - tracing: Do not stop recording comms if the trace file is being read - tracing: Do no increment trace_clock_global() by one - PCI: Mark TI C667X to avoid bus reset - PCI: Mark some NVIDIA GPUs to avoid bus reset - PCI: Add ACS quirk for Broadcom BCM57414 NIC - PCI: Work around Huawei Intelligent NIC VF FLR erratum - [arm64,armhf] dmaengine: pl330: fix wrong usage of spinlock flags in dma_cyclc - net: bridge: fix vlan tunnel dst null pointer dereference - net: bridge: fix vlan tunnel dst refcnt when egressing - mm/slub: clarify verification reporting - mm/slub.c: include swab.h - [armhf] net: fec_ptp: add clock rate zero check - [arm64,armhf] KVM: arm/arm64: Fix KVM_VGIC_V3_ADDR_TYPE_REDIST read - can: bcm/raw/isotp: use per module netdevice notifier - inet: use bigger hash table for IP ID generation - [arm64,armhf] usb: dwc3: debugfs: Add and remove endpoint dirs dynamically - [arm64,armhf] usb: dwc3: core: fix kernel panic when do reboot - [x86] fpu: Reset state for all signal restore failures - module: limit enabling module.sig_enforce (CVE-2021-35039) - drm/nouveau: wait for moving fence after pinning v2 - drm/radeon: wait for moving fence after pinning - Revert "PCI: PM: Do not read power state in pci_enable_device_flags()" - mac80211: remove warning in ieee80211_get_sband() - cfg80211: call cfg80211_leave_ocb when switching away from OCB - mac80211: drop multicast fragments - net: ethtool: clear heap allocations for ethtool function - ping: Check return value of function 'ping_queue_rcv_skb' - inet: annotate date races around sk->sk_txhash - net/packet: annotate accesses to po->bind - net/packet: annotate accesses to po->ifindex - r8152: Avoid memcpy() over-reading of ETH_SS_STATS - r8169: Avoid memcpy() over-reading of ETH_SS_STATS - net: qed: Fix memcpy() overflow of qed_dcbx_params() - [x86] PCI: Add AMD RS690 quirk to enable 64-bit DMA - nilfs2: fix memory leak in nilfs_sysfs_delete_device_group - i2c: robotfuzz-osif: fix control-request directions https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.197 - mm: add VM_WARN_ON_ONCE_PAGE() macro - mm/rmap: remove unneeded semicolon in page_not_mapped() - mm/rmap: use page_not_mapped in try_to_unmap() - mm/thp: fix __split_huge_pmd_locked() on shmem migration entry - mm/thp: make is_huge_zero_pmd() safe and quicker - mm/thp: try_to_unmap() use TTU_SYNC for safe splitting - mm/thp: fix vma_address() if virtual address below file offset - mm/thp: fix page_address_in_vma() on file THP tails - mm/thp: unmap_mapping_page() to fix THP truncate_cleanup_page() - mm: thp: replace DEBUG_VM BUG with VM_WARN when unmap fails for split - mm: page_vma_mapped_walk(): use page for pvmw->page - mm: page_vma_mapped_walk(): settle PageHuge on entry - mm: page_vma_mapped_walk(): use pmde for *pvmw->pmd - mm: page_vma_mapped_walk(): prettify PVMW_MIGRATION block - mm: page_vma_mapped_walk(): crossing page table boundary - mm: page_vma_mapped_walk(): add a level of indentation - mm: page_vma_mapped_walk(): use goto instead of while (1) - mm: page_vma_mapped_walk(): get vma_address_end() earlier - mm/thp: fix page_vma_mapped_walk() if THP mapped by ptes - mm/thp: another PVMW_SYNC fix in page_vma_mapped_walk() - mm, futex: fix shared futex pgoff on shmem huge page - scsi: sr: Return appropriate error code when disk is ejected - drm/nouveau: fix dma_address check for CPU/GPU sync - ext4: eliminate bogus error in ext4_data_block_valid_rcu() - kthread_worker: split code for canceling the delayed work timer - kthread: prevent deadlock when kthread_mod_delayed_work() races with kthread_cancel_delayed_work_sync() - xen/events: reset active flag for lateeoi events later - [x86] KVM: SVM: Call SEV Guest Decommission if ASID binding fails - [armhf] OMAP: replace setup_irq() by request_irq() - [armhf] clocksource/drivers/timer-ti-dm: Add clockevent and clocksource support - [armhf] clocksource/drivers/timer-ti-dm: Prepare to handle dra7 timer wrap issue - [armhf] clocksource/drivers/timer-ti-dm: Handle dra7 timer wrap errata i940 https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.198 - scsi: core: Retry I/O for Notify (Enable Spinup) Required error - ALSA: usb-audio: fix rate on Ozone Z90 USB headset - ALSA: usb-audio: Fix OOB access at proc output - media: dvb-usb: fix wrong definition - Input: usbtouchscreen - fix control-request directions - net: can: ems_usb: fix use-after-free in ems_usb_disconnect() - usb: gadget: eem: fix echo command packet response issue - USB: cdc-acm: blacklist Heimann USB Appset device - [arm64,armhf] usb: dwc3: Fix debugfs creation flow - [x86] usb: typec: Add the missed altmode_id_remove() in typec_register_altmode() - xhci: solve a double free problem while doing s4 - iov_iter_fault_in_readable() should do nothing in xarray case - Input: joydev - prevent use of not validated data in JSIOCSBTNMAP ioctl (CVE-2021-3612) - [armel,armhf] arm_pmu: Fix write counter incorrect in ARMv7 big-endian mode - btrfs: send: fix invalid path for unlink operations after parent orphanization - btrfs: clear defrag status of a root if starting transaction fails - ext4: cleanup in-core orphan list if ext4_truncate() failed to get a transaction handle - ext4: fix kernel infoleak via ext4_extent_header - ext4: return error code when ext4_fill_flex_info() fails - ext4: correct the cache_nr in tracepoint ext4_es_shrink_exit - ext4: remove check for zero nr_to_scan in ext4_es_scan() - ext4: fix avefreec in find_group_orlov - ext4: use ext4_grp_locked_error in mb_find_extent - can: gw: synchronize rcu operations before removing gw job entry - can: peak_pciefd: pucan_handle_status(): fix a potential starvation issue in TX path - SUNRPC: Fix the batch tasks count wraparound. - SUNRPC: Should wake up the privileged task firstly. - [s390x] cio: dont call css_wait_for_slow_path() inside a lock - [x86] serial_cs: Add Option International GSM-Ready 56K/ISDN modem - [x86] serial_cs: remove wrong GLOBETROTTER.cis entry - ath9k: Fix kernel NULL pointer dereference during ath_reset_internal() - ssb: sdio: Don't overwrite const buffer if block_write fails - rsi: Assign beacon rate settings to the correct rate_info descriptor field - rsi: fix AP mode with WPA failure due to encrypted EAPOL - tracing/histograms: Fix parsing of "sym-offset" modifier - tracepoint: Add tracepoint_probe_register_may_exist() for BPF tracing - seq_buf: Make trace_seq_putmem_hex() support data longer than 8 - [powerpc*] stacktrace: Fix spurious "stale" traces in raise_backtrace_ipi() - fuse: check connected before queueing on fpq->io - spi: Make of_register_spi_device also set the fwnode - [i386] spi: spi-topcliff-pch: Fix potential double free in pch_spi_process_messages() - media: cpia2: fix memory leak in cpia2_usb_probe - media: pvrusb2: fix warning in pvr2_i2c_core_done - [x86] crypto: qat - check return code of qat_hal_rd_rel_reg() - [x86] crypto: qat - remove unused macro in FW loader - sched/fair: Fix ascii art by relpacing tabs - media: em28xx: Fix possible memory leak of em28xx struct - media: v4l2-core: Avoid the dangling pointer in v4l2_fh_release - media: bt8xx: Fix a missing check bug in bt878_probe - media: dvd_usb: memory leak in cinergyt2_fe_attach - mmc: via-sdmmc: add a check against NULL pointer dereference - crypto: shash - avoid comparing pointers to exported functions under CFI - media: dvb_net: avoid speculation from net slot - media: siano: fix device register error path - btrfs: fix error handling in __btrfs_update_delayed_inode - btrfs: abort transaction if we fail to update the delayed inode - btrfs: disable build on platforms having page size 256K - [armhf] regulator: da9052: Ensure enough delay time for .set_voltage_time_sel - HID: do not use down_interruptible() when unbinding devices - ACPI: processor idle: Fix up C-state latency if not ordered - [x86] hv_utils: Fix passing zero to 'PTR_ERR' warning - lib: vsprintf: Fix handling of number field widths in vsscanf - ACPI: EC: Make more Asus laptops use ECDT _GPE - block_dump: remove block_dump feature in mark_inode_dirty() - fs: dlm: cancel work sync othercon - random32: Fix implicit truncation warning in prandom_seed_state() - fs: dlm: fix memory leak when fenced - ACPICA: Fix memory leak caused by _CID repair function - ACPI: bus: Call kobject_put() in acpi_init() error path - [x86] platform/x86: toshiba_acpi: Fix missing error code in toshiba_acpi_setup_keyboard() - clocksource: Retry clock read if long delays detected - HID: wacom: Correct base usage for capacitive ExpressKey status bits - [armhf] sata_highbank: fix deferred probing - [mips*] pata_octeon_cf: avoid WARN_ON() in ata_host_activate() - [x86] crypto: ccp - Fix a resource leak in an error handling path - media: rc: i2c: Fix an error message - media: gspca/gl860: fix zero-length control requests - media: siano: Fix out-of-bounds warnings in smscore_load_firmware_family2() - btrfs: clear log tree recovering status if starting transaction fails - [armhf] spi: spi-sun6i: Fix chipselect/clock bug - ACPI: sysfs: Fix a buffer overrun problem with description_show() - blk-wbt: introduce a new disable state to prevent false positive by rwb_enabled() - blk-wbt: make sure throttle is enabled properly - ocfs2: fix snprintf() checking - [arm64,armhf] net: mvpp2: Put fwnode in error case during ->probe() - [i386] net: pch_gbe: Propagate error from devm_gpio_request_one() - [arm64] drm/rockchip: cdn-dp-core: add missing clk_disable_unprepare() on error in cdn_dp_grf_write() - RDMA/rxe: Fix failure during driver load - drm: qxl: ensure surf.data is ininitialized - ieee802154: hwsim: Fix possible memory leak in hwsim_subscribe_all_others - [arm64] wcn36xx: Move hal_buf allocation to devm_kmalloc in probe - ssb: Fix error return code in ssb_bus_scan() - brcmfmac: fix setting of station info chains bitmask - brcmfmac: correctly report average RSSI in station info - brcmsmac: mac80211_if: Fix a resource leak in an error handling path - ath10k: Fix an error code in ath10k_add_interface() - RDMA/mlx5: Don't add slave port to unaffiliated list - netfilter: nft_exthdr: check for IPv6 packet before further processing - netfilter: nft_osf: check for TCP packet before further processing - netfilter: nft_tproxy: restrict support to TCP and UDP transport protocols - RDMA/rxe: Fix qp reference counting for atomic ops - pkt_sched: sch_qfq: fix qfq_change_class() error path - vxlan: add missing rcu_read_lock() in neigh_reduce() - net/ipv4: swap flow ports when validating source - ieee802154: hwsim: Fix memory leak in hwsim_add_one - ieee802154: hwsim: avoid possible crash in hwsim_del_edge_nl() - mac80211: remove iwlwifi specific workaround NDPs of null_response - ipv6: exthdrs: do not blindly use init_net - bpf: Do not change gso_size during bpf_skb_change_proto() - i40e: Fix error handling in i40e_vsi_open - i40e: Fix autoneg disabling for non-10GBaseT links - ipv6: fix out-of-bound access in ip6_parse_tlv() - Bluetooth: mgmt: Fix slab-out-of-bounds in tlv_data_is_valid - Bluetooth: Fix handling of HCI_LE_Advertising_Set_Terminated event - writeback: fix obtain a reference to a freeing memcg css - net: lwtunnel: handle MTU calculation in forwading - net: sched: fix warning in tcindex_alloc_perfect_hash - RDMA/mlx5: Don't access NULL-cleared mpi pointer - tty: nozomi: Fix a resource leak in an error handling function - mwifiex: re-fix for unaligned accesses - [arm64] ASoC: hisilicon: fix missing clk_disable_unprepare() on error in hi6210_i2s_startup() - [x86] char: pcmcia: error out if 'num_bytes_read' is greater than 4 in set_protocol() - tty: nozomi: Fix the error handling path of 'nozomi_card_init()' - scsi: FlashPoint: Rename si_flags field - serial: 8250: Actually allow UPF_MAGIC_MULTIPLIER baud rates - of: Fix truncation of memory sizes on 32-bit platforms - [armhf] mtd: rawnand: marvell: add missing clk_disable_unprepare() on error in marvell_nfc_resume() - scsi: mpt3sas: Fix error return value in _scsih_expander_add() - configfs: fix memleak in configfs_release_bin_file - [powerpc*] Offline CPU in stop_this_cpu() - [arm64] serial: mvebu-uart: correctly calculate minimal possible baudrate - vfio/pci: Handle concurrent vma faults - mm/huge_memory.c: don't discard hugepage if other processes are mapping it - mmc: block: Disable CMDQ on the ioctl path - mmc: vub3000: fix control-request direction - drm/amd/amdgpu/sriov disable all ip hw status by default - [i386] net: pch_gbe: Use proper accessors to BE data in pch_ptp_match() - hugetlb: clear huge pte during flush function on mips platform - atm: iphase: fix possible use-after-free in ia_module_exit() - mISDN: fix possible use-after-free in HFC_cleanup() - atm: nicstar: Fix possible use-after-free in nicstar_cleanup() - net: Treat __napi_schedule_irqoff() as __napi_schedule() on PREEMPT_RT - reiserfs: add check for invalid 1st journal block - drm/virtio: Fix double free on probe failure - udf: Fix NULL pointer dereference in udf_symlink function - e100: handle eeprom as little endian - [arm64,armhf] clk: tegra: Ensure that PLLU configuration is applied properly - ipv6: use prandom_u32() for ID generation - RDMA/cxgb4: Fix missing error code in create_qp() - dm space maps: don't reset space map allocation cursor when committing - [armhf] pinctrl: mcp23s08: fix race condition in irq handler - ice: set the value of global config lock timeout longer - virtio_net: Remove BUG() to avoid machine dead - [arm64,armhf] net: mvpp2: check return value after calling platform_get_resource() - [amd64] fjes: check return value after calling platform_get_resource() - selinux: use __GFP_NOWARN with GFP_NOWAIT in the AVC - xfrm: Fix error reporting in xfrm_state_construct. - [arm64,armhf] wlcore/wl12xx: Fix wl12xx get_mac error if device is in ELP - [arm64,armhf] wl1251: Fix possible buffer overflow in wl1251_cmd_scan - net: fix mistake path for netdev_features_strings - rtl8xxxu: Fix device info for RTL8192EU devices - atm: nicstar: use 'dma_free_coherent' instead of 'kfree' - atm: nicstar: register the interrupt handler in the right place - vsock: notify server to shutdown when client has pending signal - RDMA/rxe: Don't overwrite errno from ib_umem_get() - iwlwifi: mvm: don't change band on bound PHY contexts - iwlwifi: pcie: free IML DMA memory allocation - sfc: avoid double pci_remove of VFs - sfc: error code if SRIOV cannot be disabled - wireless: wext-spy: Fix out-of-bounds warning - net: ip: avoid OOM kills with large UDP sends over loopback - RDMA/cma: Fix rdma_resolve_route() memory leak - Bluetooth: Fix the HCI to MGMT status conversion table - Bluetooth: Shutdown controller after workqueues are flushed or cancelled - Bluetooth: btusb: fix bt fiwmare downloading failure issue for qca btsoc. - sctp: validate from_addr_param return (CVE-2021-3655) - sctp: add size validation when walking chunks (CVE-2021-3655) - fscrypt: don't ignore minor_hash when hash is 0 - bdi: Do not use freezable workqueue - [arm64] serial: mvebu-uart: clarify the baud rate derivation - [arm64] serial: mvebu-uart: fix calculation of clock divisor - fuse: reject internal errno - [powerpc*] barrier: Avoid collision with clang's __lwsync macro - usb: gadget: f_fs: Fix setting of device and driver data cross-references - drm/radeon: Add the missed drm_gem_object_put() in radeon_user_framebuffer_create() - pinctrl/amd: Add device HID for new AMD GPIO controller - [arm64] drm/msm/mdp4: Fix modifier support enabling - mmc: sdhci: Fix warning message when accessing RPMB in HS400 mode - mmc: core: clear flags before allowing to retune - mmc: core: Allow UHS-I voltage switch for SDSC cards if supported - [armhf] ata: ahci_sunxi: Disable DIPM - cpu/hotplug: Cure the cpusets trainwreck - [arm64,armhf] clocksource/arm_arch_timer: Improve Allwinner A64 timer workaround - [arm64,armhf] ASoC: tegra: Set driver_name=tegra for all machine drivers - qemu_fw_cfg: Make fw_cfg_rev_attr a proper kobj_attribute - ipmi/watchdog: Stop watchdog timer when the current action is 'none' - seq_buf: Fix overflow in seq_buf_putmem_hex() - tracing: Simplify & fix saved_tgids logic - tracing: Resize tgid_map to pid_max, not PID_MAX_DEFAULT - dm btree remove: assign new_root only when removal succeeds - PCI: Leave Apple Thunderbolt controllers on for s2idle or standby - [arm64] PCI: aardvark: Fix checking for PIO Non-posted Request - media: subdev: disallow ioctl for saa6588/davinci - media: dtv5100: fix control-request directions - media: zr364xx: fix memory leak in zr364xx_start_readpipe - media: gspca/sq905: fix control-request direction - media: gspca/sunplus: fix zero-length control requests - media: uvcvideo: Fix pixel format change for Elgato Cam Link 4K - [armhf] pinctrl: mcp23s08: Fix missing unlock on error in mcp23s08_irq() - jfs: fix GPF in diFree - [x86] KVM: x86: Use guest MAXPHYADDR from CPUID.0x8000_0008 iff TDP is enabled - [x86] KVM: X86: Disable hardware breakpoints unconditionally before kvm_x86->run() - scsi: core: Fix bad pointer dereference when ehandler kthread is invalid - tracing: Do not reference char * as a string in histograms - [arm64] PCI: aardvark: Don't rely on jiffies while holding spinlock - [arm64] PCI: aardvark: Fix kernel panic during PIO transfer - [x86] misc/libmasm/module: Fix two use after free in ibmasm_init_one - Revert "ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro" - w1: ds2438: fixing bug that would always get page0 - scsi: lpfc: Fix "Unexpected timeout" error in direct attach topology - scsi: lpfc: Fix crash when lpfc_sli4_hba_setup() fails to initialize the SGLs - scsi: core: Cap scsi_host cmd_per_lun at can_queue - [x86] tty: serial: 8250: serial_cs: Fix a memory leak in error handling path - scsi: scsi_dh_alua: Check for negative result value - fs/jfs: Fix missing error code in lmLogInit() - scsi: iscsi: Add iscsi_cls_conn refcount helpers - scsi: iscsi: Fix conn use after free during resets - scsi: iscsi: Fix shost->max_id use - scsi: qedi: Fix null ref during abort handling - [armhf] mfd: da9052/stmpe: Add and modify MODULE_DEVICE_TABLE - [s390x] sclp_vt220: fix console name to match device (Closes: #961056) - [i386] ALSA: sb: Fix potential double-free of CSP mixer elements - [powerpc*] ps3: Add dma_mask to ps3_dma_region - [arm64] gpio: zynq: Check return value of pm_runtime_get_sync - [arm64,armhf] gpio: pca953x: Add support for the On Semi pca9655 - ASoC: soc-core: Fix the error return code in snd_soc_of_parse_audio_routing() - ALSA: bebob: add support for ToneWeal FW66 - usb: gadget: f_hid: fix endianness issue with descriptors - [powerpc*] boot: Fixup device-tree on little endian - [arm64,armhf] ALSA: hda: Add IRQ check for platform_get_irq() - [x86] intel_th: Wait until port is in reset before programming it - i2c: core: Disable client irq on reboot/shutdown - lib/decompress_unlz4.c: correctly handle zero-padding around initrds. - [x86] power: supply: max17042: Do not enforce (incorrect) interrupt trigger type - [armel,armhf] power: reset: gpio-poweroff: add missing MODULE_DEVICE_TABLE - [x86] watchdog: Fix possible use-after-free in wdt_startup() - [x86] watchdog: Fix possible use-after-free by calling del_timer_sync() - [x86] watchdog: iTCO_wdt: Account for rebooting on second timeout - [x86] fpu: Return proper error codes from user access functions - [arm64,armhf] PCI: tegra: Add missing MODULE_DEVICE_TABLE - orangefs: fix orangefs df output. - ceph: remove bogus checks and WARN_ONs from ceph_set_page_dirty - NFS: nfs_find_open_context() may only select open files - [arm64,armhf] pwm: tegra: Don't modify HW state in .remove callback - [arm64] ACPI: AMBA: Fix resource name in /proc/iomem - [x86] ACPI: video: Add quirk for the Dell Vostro 3350 - virtio-blk: Fix memory leak among suspend/resume procedure - virtio_net: Fix error handling in virtnet_restore() - virtio_console: Assure used length from device is limited (CVE-2021-38160) - f2fs: add MODULE_SOFTDEP to ensure crc32 is included in the initramfs - PCI/sysfs: Fix dsm_label_utf16s_to_utf8s() buffer overrun - NFSv4: Initialise connection to the server in nfs4_alloc_client() (CVE-2021-38199) - nfs: fix acl memory leak of posix_acl_create() - ubifs: Set/Clear I_LINKABLE under i_lock for whiteout inode - [x86] fpu: Limit xstate copy size in xstateregs_set() - virtio_net: move tx vq operation under tx queue lock - [i386] ALSA: isa: Fix error return code in snd_cmi8330_probe() - NFSv4/pNFS: Don't call _nfs4_pnfs_v3_ds_connect multiple times - rtc: fix snprintf() checking in is_rtc_hctosys() - [arm64,armhf] reset: bail if try_module_get() fails - [armhf] dts: am335x: align ti,pindir-d0-out-d1-in property with dt-shema - scsi: be2iscsi: Fix an error handling path in beiscsi_dev_probe() - net: bridge: multicast: fix PIM hello router port marking race - scsi: scsi_dh_alua: Fix signedness bug in alua_rtpg() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.199 - [armhf] dts: rockchip: fix pinctrl sleep nodename for rk3036-kylin and rk3288 - [armhf] imx: pm-imx5: Fix references to imx5_cpu_suspend_info - [armhf] dts: rockchip: fix supply properties in io-domains nodes - [arm64,armhf] soc/tegra: fuse: Fix Tegra234-only builds - thermal/core: Correct function name thermal_zone_device_unregister() - [arm64,armhf] rtc: max77686: Do not enforce (incorrect) interrupt trigger type - scsi: aic7xxx: Fix unintentional sign extension issue on left shift of u8 - scsi: libsas: Add LUN number check in .slave_alloc callback - scsi: libfc: Fix array index out of bound exception - sched/fair: Fix CFS bandwidth hrtimer expiry type - mm: slab: fix kmem_cache_create failed when sysfs node not destroyed - dm writecache: return the exact table values that were set - dm writecache: fix writing beyond end of underlying device when shrinking - [arm64,armhf] net: dsa: mv88e6xxx: enable .rmu_disable() on Topaz - net: ipv6: fix return value of ip6_skb_dst_mtu - netfilter: ctnetlink: suspicious RCU usage in ctnetlink_dump_helpinfo - net: bridge: sync fdb to new unicast-filtering ports - [arm64] net: qcom/emac: fix UAF in emac_remove - net: ti: fix UAF in tlan_remove_one - net: send SYNACK packet with accepted fwmark - net: validate lwtstate->data before returning from skb_tunnel_info() - dma-buf/sync_file: Don't leak fences on merge failure - tcp: annotate data races around tp->mtu_info - ipv6: tcp: drop silly ICMPv6 packet too big messages - udp: annotate data races around unix_sk(sk)->gso_size - net: ip_tunnel: fix mtu calculation for ETHER tunnel devices - igb: Fix use-after-free error during reset - ixgbe: Fix an error handling path in 'ixgbe_probe()' - igb: Fix an error handling path in 'igb_probe()' - e1000e: Fix an error handling path in 'e1000_probe()' - iavf: Fix an error handling path in 'iavf_probe()' - igb: Check if num of q_vectors is smaller than max before array access - igb: Fix position of assignment to *ring - ipv6: fix 'disable_policy' for fwd packets - nvme-pci: do not call nvme_dev_remove_admin from nvme_remove - liquidio: Fix unintentional sign extension issue on left shift of u16 - net: fix uninit-value in caif_seqpkt_sendmsg - net: decnet: Fix sleeping inside in af_decnet - [powerpc*] KVM: PPC: Fix kvm_arch_vcpu_ioctl vcpu_load leak - netrom: Decrease sock refcount when sock timers expire - scsi: iscsi: Fix iface sysfs attr detection - scsi: target: Fix protect handling in WRITE SAME(32) - net/tcp_fastopen: fix data races around tfo_active_disable_stamp - net/sched: act_skbmod: Skip non-Ethernet packets - nvme-pci: don't WARN_ON in nvme_reset_work if ctrl.state is not RESETTING - Revert "USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem" - sctp: update active_key for asoc when old key is being replaced - net: sched: cls_api: Fix the the wrong parameter - [arm64,armhf] drm/panel: raspberrypi-touchscreen: Prevent double-free - proc: Avoid mixing integer types in mem_rw() - [s390x] ftrace: fix ftrace_update_ftrace_func implementation - ALSA: usb-audio: Add registration quirk for JBL Quantum headsets - [i386] ALSA: sb: Fix potential ABBA deadlock in CSP driver - xhci: Fix lost USB 2 remote wake - [powerpc*] KVM: PPC: Book3S: Fix H_RTAS rets buffer overflow (CVE-2021-37576) - usb: hub: Disable USB 3 device initiated lpm if exit latency is too high - usb: hub: Fix link power management max exit latency (MEL) calculations - USB: usb-storage: Add LaCie Rugged USB3-FW to IGNORE_UAS - USB: serial: option: add support for u-blox LARA-R6 family - USB: serial: cp210x: fix comments for GE CS1000 - USB: serial: cp210x: add ID for CEL EM3588 USB ZigBee stick - [arm*] usb: dwc2: gadget: Fix sending zero length packet in DDMA mode. - tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop. (CVE-2021-3679) - media: ngene: Fix out-of-bounds bug in ngene_command_config_free_buf() - ixgbe: Fix packet corruption due to missing DMA sync - drm: Return -ENOTTY for non-drm ioctls - KVM: do not assume PTE is writable after follow_pfn - KVM: do not allow mapping valid but non-reference-counted pages (CVE-2021-22543) - KVM: Use kvm_pfn_t for local PFN variable in hva_to_pfn_remapped() - [arm64,armhf] net: dsa: mv88e6xxx: use correct .stats_set_histogram() on Topaz - btrfs: compression: don't try to compress if we don't have enough pages - PCI: Mark AMD Navi14 GPU ATS as broken - xhci: add xhci_get_virt_ep() helper https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.200 - [x86] KVM: determine if an exception has an error code only when injecting it. - net: split out functions related to registering inflight socket files - af_unix: fix garbage collect vs MSG_PEEK - workqueue: fix UAF in pwq_unbound_release_workfn() - net/802/mrp: fix memleak in mrp_request_join() - net/802/garp: fix memleak in garp_request_join() - net: annotate data race around sk_ll_usec - sctp: move 198 addresses from unusable to private scope - hfs: add missing clean-up in hfs_fill_super - hfs: fix high memory mapping in hfs_bnode_read - hfs: add lock nesting notation to hfs_find_init - cifs: fix the out of range assignment to bit fields in parse_server_interfaces https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.201 - virtio_net: Do not pull payload in skb->head - gro: ensure frag0 meets IP header alignment - [x86] asm: Ensure asm/proto.h can be included stand-alone - btrfs: fix rw device counting in __btrfs_free_extra_devids - [x86] kvm: fix vcpu-id indexed array sizes - ocfs2: fix zero out valid data - ocfs2: issue zeroout to EOF blocks - can: raw: raw_setsockopt(): fix raw_rcv panic for sock UAF - can: mcba_usb_start(): add missing urb->transfer_dma initialization - can: usb_8dev: fix memory leak - can: ems_usb: fix memory leak - can: esd_usb2: fix memory leak - NIU: fix incorrect error return, missed in previous revert - nfc: nfcsim: fix use after free during module unload - cfg80211: Fix possible memory leak in function cfg80211_bss_update - netfilter: conntrack: adjust stop timestamp to real expiry value - netfilter: nft_nat: allow to specify layer 4 protocol NAT only - i40e: Fix logic of disabling queues - i40e: Fix log TC creation failure when max num of queues is exceeded - tipc: fix sleeping in tipc accept routine - mlx4: Fix missing error code in mlx4_load_one() - net: llc: fix skb_over_panic - net/mlx5: Fix flow table chaining - sctp: fix return value check in __sctp_rcv_asconf_lookup - tulip: windbond-840: Fix missing pci_disable_device() in probe and remove - sis900: Fix missing pci_disable_device() in probe and remove - [powerpc*] pseries: Fix regression while building external modules - i40e: Add additional info to PHY type error https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.202 - btrfs: mark compressed range uptodate only if all bio succeed - r8152: Fix potential PM refcount imbalance - qed: fix possible unpaired spin_{un}lock_bh in _qed_mcp_cmd_and_union() - net: Fix zero-copy head len calculation. - bdi: move bdi_dev_name out of line - bdi: use bdi_dev_name() to get device name - bdi: add a ->dev_name field to struct backing_dev_info - Revert "Bluetooth: Shutdown controller after workqueues are flushed or cancelled" - [x86] Revert "watchdog: iTCO_wdt: Account for rebooting on second timeout" - padata: validate cpumask without removed CPU during offline - padata: add separate cpuhp node for CPUHP_PADATA_DEAD https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.203 - Revert "ACPICA: Fix memory leak caused by _CID repair function" - ALSA: seq: Fix racy deletion of subscriber - [armhf] imx: add missing iounmap() - ALSA: usb-audio: fix incorrect clock source setting - scsi: sr: Return correct event when media event code is 3 - media: videobuf2-core: dequeue if start_streaming fails - net: natsemi: Fix missing pci_disable_device() in probe and remove - sctp: move the active_key update after sh_keys is added - nfp: update ethtool reporting of pauseframe control - net: ipv6: fix returned variable type in ip6_skb_dst_mtu - bnx2x: fix an error code in bnx2x_nic_load() - net: pegasus: fix uninit-value in get_interrupt_interval - [armhf] net: fec: fix use-after-free in fec_drv_remove - net: vxge: fix use-after-free in vxge_device_unregister - Bluetooth: defer cleanup of resources in hci_unregister_dev() - USB: usbtmc: Fix RCU stall warning - USB: serial: option: add Telit FD980 composition 0x1056 - USB: serial: ch341: fix character loss at high transfer rates - USB: serial: ftdi_sio: add device ID for Auto-M3 OP-COM v2 - firmware_loader: use -ETIMEDOUT instead of -EAGAIN in fw_load_sysfs_fallback - firmware_loader: fix use-after-free in firmware_fallback_sysfs - ALSA: usb-audio: Add registration quirk for JBL Quantum 600 - usb: gadget: f_hid: added GET_IDLE and SET_IDLE handlers - usb: gadget: f_hid: fixed NULL pointer dereference - usb: gadget: f_hid: idle uses the highest byte for duration - tracing/histogram: Rename "cpu" to "common_cpu" - [arm64] optee: Clear stale cache entries during initialization - staging: rtl8723bs: Fix a resource leak in sd_int_dpc - media: rtl28xxu: fix zero-length control request - pipe: increase minimum default pipe size to 2 pages - ext4: fix potential htree corruption when growing large_dir directories - serial: 8250: Mask out floating 16/32-bit bus bits - [mips*] Malta: Do not byte-swap accesses to the CBUS UART - [x86] pcmcia: i82092: fix a null pointer dereference bug - [x86] KVM: accept userspace interrupt only if no event is injected - [x86] KVM: x86/mmu: Fix per-cpu counter corruption on 32-bit builds - [armhf] spi: meson-spicc: fix memory leak in meson_spicc_remove - qmi_wwan: add network device usage statistics for qmimux devices - libata: fix ata_pio_sector for CONFIG_HIGHMEM - reiserfs: add check for root_inode in reiserfs_fill_super - reiserfs: check directory items on read from disk - net/qla3xxx: fix schedule while atomic in ql_wait_for_drvr_lock and ql_adapter_reset - [armhf] imx: add mmdc ipg clock operation for mmdc https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.204 - [x86] KVM: SVM: Fix off-by-one indexing when nullifying last used SEV VMCB - bpf: Inherit expanded/patched seen count from old aux data (CVE-2021-33624) - bpf: Do not mark insn as seen under speculative path verification (CVE-2021-33624) - bpf: Fix leakage under speculation on mispredicted branches (CVE-2021-33624) - [x86] KVM: MMU: Use the correct inherited permissions to get shadow page (CVE-2021-38198) - USB:ehci:fix Kunpeng920 ehci hardware problem - ppp: Fix generating ppp unit id when ifname is not specified - ovl: prevent private clone if bind mount is not allowed CVE-2021-3732) - net: xilinx_emaclite: Do not print real IOMEM pointer (CVE-2021-38205) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.205 - [x86] ASoC: intel: atom: Fix reference to PCM buffer address - i2c: dev: zero out array used for i2c reads from userspace - [amd64,arm64] ACPI: NFIT: Fix support for virtual SPA ranges - ieee802154: hwsim: fix GPF in hwsim_set_edge_lqi - ieee802154: hwsim: fix GPF in hwsim_new_edge_nl - ppp: Fix generating ifname when empty IFLA_IFNAME is specified - net: Fix memory leak in ieee802154_raw_deliver - net: igmp: fix data-race in igmp_ifc_timer_expire() - net: bridge: fix memleak in br_add_if() - tcp_bbr: fix u32 wrap bug in round logic if bbr_init() called after 2B packets - net: igmp: increase size of mr_ifc_count - xen/events: Fix race in set_evtchn_to_irq - vsock/virtio: avoid potential deadlock when vsock device remove - [powerpc*] kprobes: Fix kprobe Oops happens in booke - genirq: Provide IRQCHIP_AFFINITY_PRE_STARTUP - [x86] msi: Force affinity setup before startup - [x86] ioapic: Force affinity setup before startup - genirq/msi: Ensure deactivation on teardown - PCI/MSI: Enable and mask MSI-X early - PCI/MSI: Do not set invalid bits in MSI mask - PCI/MSI: Correct misleading comments - PCI/MSI: Use msi_mask_irq() in pci_msi_shutdown() - PCI/MSI: Protect msi_desc::masked for multi-MSI - PCI/MSI: Mask all unused MSI-X entries - PCI/MSI: Enforce that MSI-X table entry is masked for update - PCI/MSI: Enforce MSI[X] entry updates to be visible - [amd64] iommu/vt-d: Fix agaw for a supported 48 bit guest address width - mac80211: drop data frames without key on encrypted links - [x86] KVM: nSVM: always intercept VMLOAD/VMSAVE when nested (CVE-2021-3656) - [x86] KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl (CVE-2021-3653) - [x86] fpu: Make init_fpstate correct with optimized XSAVE - ath: Use safer key clearing with key cache entries (CVE-2020-3702) - ath9k: Clear key cache explicitly on disabling hardware (CVE-2020-3702) - ath: Export ath_hw_keysetmac() (CVE-2020-3702) - ath: Modify ath_key_delete() to not need full key entry (CVE-2020-3702) - ath9k: Postpone key cache entry deletion for TXQ frames reference it (CVE-2020-3702) - dmaengine: of-dma: router_xlate to return -EPROBE_DEFER if controller is not yet available - scsi: megaraid_mm: Fix end of loop tests for list_for_each_entry() - scsi: scsi_dh_rdac: Avoid crash during rdac_bus_attach() - scsi: core: Avoid printing an error if target_alloc() returns -ENXIO - net: usb: lan78xx: don't modify phy_device state concurrently - Bluetooth: hidp: use correct wait queue when removing ctrl_wait - [arm64] cpufreq: armada-37xx: forbid cpufreq for 1.2 GHz variant - vhost: Fix the calculation in vhost_overflow() - bnxt: don't lock the tx queue from napi poll - bnxt: disable napi before canceling DIM - net: 6pack: fix slab-out-of-bounds in decode_data - net: qlcnic: add missed unlock in qlcnic_83xx_flash_read32 - [arm64,armhf] net: mdio-mux: Don't ignore memory allocation errors - [arm64,armhf] net: mdio-mux: Handle -EPROBE_DEFER correctly - [arm64,armhf] mmc: dw_mmc: Fix hang on data CRC error - ALSA: hda - fix the 'Capture Switch' value change notifications - btrfs: prevent rename2 from exchanging a subvol with a directory from different parents - PCI: Increase D3 delay for AMD Renoir/Cezanne XHCI - [x86] ASoC: intel: atom: Fix breakage for PCM buffer address setup - locks: print a warning when mount fails due to lack of "mand" support - fs: warn about impending deprecation of mandatory locks - netfilter: nft_exthdr: fix endianness of tcp option cast https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.206 - net: qrtr: fix another OOB Read in qrtr_endpoint_post (CVE-2021-3743) - bpf: Do not use ax register in interpreter on div/mod - bpf: Fix 32 bit src register truncation on div/mod (CVE-2021-3600) - bpf: Fix truncation handling for mod32 dst reg wrt zero (CVE-2021-3444) - netfilter: conntrack: collect all entries in one cycle - once: Fix panic when module unload - can: usb: esd_usb2: esd_usb2_rx_event(): fix the interchange of the CAN RX and TX error counters - Revert "USB: serial: ch341: fix character loss at high transfer rates" - USB: serial: option: add new VID/PID to support Fibocom FG150 - [arm64,armhf] usb: dwc3: gadget: Fix dwc3_calc_trbs_left() - [arm64,armhf] usb: dwc3: gadget: Stop EP0 transfers during pullup disable - [amd64] IB/hfi1: Fix possible null-pointer dereference in _extend_sdma_tx_descs() - e1000e: Fix the max snoop/no-snoop latency for 10M - ip_gre: add validation for csum_start - [arm64] xgene-v2: Fix a resource leak in the error handling path of 'xge_probe()' - [arm64,armhf] net: marvell: fix MVNETA_TX_IN_PRGRS bit number - [arm64] net: hns3: fix get wrong pfc_en when query PFC configuration - usb: gadget: u_audio: fix race condition on endpoint stop - opp: remove WARN when no valid OPPs remain - virtio: Improve vq->broken access to avoid any compiler optimization - virtio_pci: Support surprise removal of virtio pci device - [amd64] vringh: Use wiov->used to check for read/write desc order - qed: qed ll2 race condition fixes - qed: Fix null-pointer dereference in qed_rdma_create_qp() - drm: Copy drm_wait_vblank to user before returning - drm/nouveau/disp: power down unused DP links during init - net/rds: dma_map_sg is entitled to merge entries - vt_kdsetmode: extend console locking (CVE-2021-3753) - fbmem: add margin check to fb_check_caps() - [x86] KVM: x86/mmu: Treat NX as used (not reserved) for all !TDP shadow MMUs - Revert "floppy: reintroduce O_NDELAY fix" - net: don't unconditionally copy_from_user a struct ifreq for socket ioctls https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.207 - ext4: fix race writing to an inline_data file while its xattrs are changing (CVE-2021-40490) - [armhf] gpu: ipu-v3: Fix i.MX IPU-v3 offset calculations for (semi)planar U/V formats - qed: Fix the VF msix vectors flow - [arm64] net: macb: Add a NULL check on desc_ptp - qede: Fix memset corruption - [x86] perf/x86/intel/pt: Fix mask of num_address_ranges - [x86] perf/x86/amd/ibs: Work around erratum #1197 - [armel,armhf] 8918/2: only build return_address() if needed - ALSA: pcm: fix divide error in snd_pcm_lib_ioctl - clk: fix build warning for orphan_list - media: stkwebcam: fix memory leak in stk_camera_probe - [armhf] imx: add missing clk_disable_unprepare() - [armhf] imx: fix missing 3rd argument in macro imx_mmdc_perf_init - igmp: Add ip_mc_list lock in ip_check_mc_rcu - ipv4/icmp: l3mdev: Perform icmp error route lookup on source device routing table (v2) - SUNRPC/nfs: Fix return value for nfs4_callback_compound() - [powerpc*] module64: Fix comment in R_PPC64_ENTRY handling - [powerpc*] boot: Delete unneeded .globl _zimage_start - mm/page_alloc: speed up the iteration of max_order - Revert "btrfs: compression: don't try to compress if we don't have enough pages" - ALSA: usb-audio: Add registration quirk for JBL Quantum 800 - [x86] reboot: Limit Dell Optiplex 990 quirk to early BIOS versions - PCI: Call Max Payload Size-related fixup quirks early - locking/mutex: Fix HANDOFF condition - regmap: fix the offset of register error log - sched/deadline: Fix reset_on_fork reporting of DL tasks - power: supply: axp288_fuel_gauge: Report register-address on readb / writeb errors - sched/deadline: Fix missing clock update in migrate_task_rq_dl() - hrtimer: Avoid double reprogramming in __hrtimer_start_range_ns() - udf: Check LVID earlier - isofs: joliet: Fix iocharset=utf8 mount option - bcache: add proper error unwinding in bcache_device_init - nvme-rdma: don't update queue count when failing to set io queues - [x86] power: supply: max17042_battery: fix typo in MAx17042_TOFF - [s390x] cio: add dev_busid sysfs entry for each subchannel - libata: fix ata_host_start() - [x86] crypto: qat - do not ignore errors from enable_vf2pf_comms() - [x86] crypto: qat - handle both source of interrupt in VF ISR - [x86] crypto: qat - fix reuse of completion variable - [x86] crypto: qat - fix naming for init/shutdown VF to PF notifications - [x86] crypto: qat - do not export adf_iov_putmsg() - fcntl: fix potential deadlock for &fasync_struct.fa_lock - udf_get_extendedattr() had no boundary checks. - lib/mpi: use kcalloc in mpi_resize - [x86] crypto: qat - use proper type for vf_mask - media: dvb-usb: fix uninit-value in dvb_usb_adapter_dvb_init - media: dvb-usb: fix uninit-value in vp702x_read_mac_addr - media: go7007: remove redundant initialization - Bluetooth: sco: prevent information leak in sco_conn_defer_accept() - tcp: seq_file: Avoid skipping sk during tcp_seek_last_pos - media: em28xx-input: fix refcount bug in em28xx_usb_disconnect - [arm64] media: venus: venc: Fix potential null pointer dereference on pointer fmt - PCI: PM: Avoid forcing PCI_D0 for wakeup reasons inconsistently - PCI: PM: Enable PME if it can be signaled from D3cold - Bluetooth: increase BTNAMSIZ to 21 chars to fix potential buffer overflow - [arm64] drm/msm/dpu: make dpu_hw_ctl_clear_all_blendstages clear necessary LMs - Bluetooth: fix repeated calls to sco_sock_kill - [arm64] drm/msm/dsi: Fix some reference counted resource leaks - [armhf] usb: phy: twl6030: add IRQ checks - Bluetooth: Move shutdown callback before flushing tx and rx queue - mac80211: Fix insufficient headroom issue for AMSDU - Bluetooth: add timeout sanity check to hci_inquiry - [armhf] i2c: s3c2410: fix IRQ check - [arm64,armhf] mmc: dw_mmc: Fix issue with uninitialized dma_slave_config - CIFS: Fix a potencially linear read overflow - [arm*] usb: ehci-orion: Handle errors of clk_prepare_enable() in probe - ath6kl: wmi: fix an error code in ath6kl_wmi_sync_point() - bcma: Fix memory leak for internally-handled cores - ipv4: make exception cache less predictible - net: sched: Fix qdisc_rate_table refcount leak when get tcf_block failed - ipv4: fix endianness issue in inet_rtm_getroute_build_skb() - netns: protect netns ID lookups with RCU - fscrypt: add fscrypt_symlink_getattr() for computing st_size - ext4: report correct st_size for encrypted symlinks