-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 29 Jan 2021 23:03:16 +0100 Source: linux Architecture: source Version: 4.19.171-1 Distribution: buster-security Urgency: high Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org> Changed-By: Salvatore Bonaccorso <carnil@debian.org> Closes: 970736 972345 977048 977615 Changes: linux (4.19.171-1) buster-security; urgency=high . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.161 - perf event: Check ref_reloc_sym before using it - netfilter: clear skb->next in NF_HOOK_LIST() (CVE-2021-20177) - btrfs: don't access possibly stale fs_info data for printing duplicate device - btrfs: fix lockdep splat when reading qgroup config on mount - wireless: Use linux/stddef.h instead of stddef.h - [arm64] KVM: vgic-v3: Drop the reporting of GICR_TYPER.Last for userspace - [x86] KVM: handle !lapic_in_kernel case in kvm_cpu_*_extint - [x86] KVM: Fix split-irqchip vs interrupt injection window request - [arm64] pgtable: Fix pte_accessible() - [arm64] pgtable: Ensure dirty bit is preserved across pte_wrprotect() (Closes: #977615) - drm/atomic_helper: Stop modesets on unregistered connectors harder - ALSA: hda/hdmi: fix incorrect locking in hdmi_pcm_close - HID: cypress: Support Varmilo Keyboards' media hotkeys - HID: add support for Sega Saturn - Input: i8042 - allow insmod to succeed on devices without an i8042 controller - HID: hid-sensor-hub: Fix issue with devices with no report ID - HID: add HID_QUIRK_INCREMENT_USAGE_ON_DUPLICATE for Gamevice devices - [x86] xen: don't unbind uninitialized lock_kicker_irq - HID: Add Logitech Dinovo Edge battery quirk - proc: don't allow async path resolution of /proc/self components - nvme: free sq/cq dbbuf pointers when dbbuf set fails - [arm64,armhf] dmaengine: pl330: _prep_dma_memcpy: Fix wrong burst size - scsi: libiscsi: Fix NOP race condition - scsi: target: iscsi: Fix cmd abort fabric stop race - [x86] perf/x86: fix sysfs type mismatches - [arm64,armhf] phy: tegra: xusb: Fix dangling pointer on probe failure - scsi: ufs: Fix race between shutdown and runtime resume flow - bnxt_en: fix error return code in bnxt_init_one() - bnxt_en: fix error return code in bnxt_init_board() - [x86] video: hyperv_fb: Fix the cache type when mapping the VRAM - bnxt_en: Release PCI regions when DMA mask setup fails during probe. - cxgb4: fix the panic caused by non smac rewrite - [s390x] qeth: fix tear down of async TX buffers - IB/mthca: fix return value of error branch in mthca_init_cq() - net: ena: set initial DMA width to avoid intel iommu issue - [arm64] optee: add writeback to valid memory type - [arm64,armhf,x86] efivarfs: revert "fix memory leak in efivarfs_create()" (Closes: #977048) - can: gs_usb: fix endianess problem with candleLight firmware - [x86] platform/x86: thinkpad_acpi: Send tablet mode switch at wakeup time - [x86] platform/x86: toshiba_acpi: Fix the wrong variable assignment - USB: core: Change %pK for __user pointers to %px - usb: gadget: f_midi: Fix memleak in f_midi_alloc - USB: quirks: Add USB_QUIRK_DISCONNECT_SUSPEND quirk for Lenovo A630Z TIO built-in usb-audio card - usb: gadget: Fix memleak in gadgetfs_fill_super - [x86] speculation: Fix prctl() when spectre_v2_user={seccomp,prctl},ibpb - USB: core: Fix regression in Hercules audio card https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.162 - ipv6: addrlabel: fix possible memory leak in ip6addrlbl_net_init - [s390x] net/af_iucv: set correct sk_protocol for child sockets - rose: Fix Null pointer dereference in rose_send_frame() - sock: set sk_err to ee_errno on dequeue from errq - tcp: Set INET_ECN_xmit configuration in tcp_reinit_congestion_control - tun: honor IOCB_NOWAIT flag - i40e: Fix removing driver while bare-metal VFs pass traffic - bonding: wait for sysfs kobject destruction before freeing struct slave - netfilter: bridge: reset skb->pkt_type after NF_INET_POST_ROUTING traversal - ipv4: Fix tos mask in inet_rtm_getroute() - geneve: pull IP header before ECN decapsulation - net: ip6_gre: set dev->hard_header_len when using header_ops - cxgb3: fix error return code in t3_sge_alloc_qset() - [arm64,armhf] net: mvpp2: Fix error return code in mvpp2_open() - net/mlx5: Fix wrong address reclaim when command interface is down - dt-bindings: net: correct interrupt flags in examples - ALSA: usb-audio: US16x08: fix value count for level meters - Input: xpad - support Ardwiino Controllers - Input: i8042 - add ByteSpeed touchpad to noloop table - tracing: Remove WARN_ON in start_thread() - RDMA/i40iw: Address an mmap handler exploit in i40iw https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.163 - [x86] pinctrl: baytrail: Replace WARN with dev_info_once when setting direct-irq pin to output - [x86] pinctrl: baytrail: Fix pin being driven low for a while on gpiod_get(..., GPIOD_OUT_HIGH) - usb: gadget: f_fs: Use local copy of descriptors for userspace copy - USB: serial: kl5kusb105: fix memleak on open - USB: serial: ch341: add new Product ID for CH341A - USB: serial: ch341: sort device-id entries - USB: serial: option: add Fibocom NL668 variants - USB: serial: option: add support for Thales Cinterion EXS82 - USB: serial: option: fix Quectel BG96 matching - tty: Fix ->pgrp locking in tiocspgrp() (CVE-2020-29661) - tty: Fix ->session locking (CVE-2020-29660) - ALSA: hda/realtek: Add mute LED quirk to yet another HP x360 model - ALSA: hda/realtek: Enable headset of ASUS UX482EG & B9400CEA with ALC294 - ALSA: hda/realtek - Add new codec supported for ALC897 - ALSA: hda/generic: Add option to enforce preferred_dacs pairs - ftrace: Fix updating FTRACE_FL_TRAMP - cifs: fix potential use-after-free in cifs_echo_request() - [armhf] i2c: imx: Don't generate STOP condition if arbitration has been lost - scsi: mpt3sas: Fix ioctl timeout - dm writecache: fix the maximum number of arguments - dm: remove invalid sparse __acquires and __releases annotations - mm: list_lru: set shrinker map bit when child nr_items is not zero - mm/swapfile: do not sleep with a spin lock held - [x86] uprobes: Do not use prefixes.nbytes when looping over prefixes.bytes - [armhf] i2c: imx: Fix reset of I2SR_IAL flag - [armhf] i2c: imx: Check for I2SR_IAL after every byte - speakup: Reject setting the speakup line discipline outside of speakup (CVE-2020-27830) - [amd64] iommu/amd: Set DTE[IntTabLen] to represent 512 IRTEs - spi: Introduce device-managed SPI controller allocation - [arm*] spi: bcm2835: Fix use-after-free on unbind - [arm*] spi: bcm2835: Release the DMA channel if probe fails after dma_init - tracing: Fix userstacktrace option for instances - gfs2: check for empty rgrp tree in gfs2_ri_update - [arm64] i2c: qup: Fix error return code in qup_i2c_bam_schedule_desc() - dm writecache: remove BUG() and fail gracefully instead - Input: i8042 - fix error return code in i8042_setup_aux() - netfilter: nf_tables: avoid false-postive lockdep splat - [x86] insn-eval: Use new for_each_insn_prefix() macro to loop over prefixes bytes - Revert "geneve: pull IP header before ECN decapsulation" https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.164 - [x86] lib: Change .weak to SYM_FUNC_START_WEAK for arch/x86/lib/mem*_64.S - [arm*] spi: bcm2835aux: Fix use-after-free on unbind - [arm*] spi: bcm2835aux: Restore err assignment in bcm2835aux_spi_probe - iwlwifi: pcie: limit memory read spin time - iwlwifi: mvm: fix kernel panic in case of assert during CSA - scsi: ufs: Make sure clk scaling happens only when HBA is runtime ACTIVE - [arm64,armhf] irqchip/gic-v3-its: Unconditionally save/restore the ITS state on suspend - [x86] platform/x86: thinkpad_acpi: Do not report SW_TABLET_MODE on Yoga 11e - [x86] platform/x86: thinkpad_acpi: Add BAT1 is primary battery quirk for Thinkpad Yoga 11e 4th gen - [x86] platform/x86: acer-wmi: add automatic keyboard background light toggle key as KEY_LIGHTS_TOGGLE - [x86] platform/x86: intel-vbtn: Support for tablet mode on HP Pavilion 13 x360 PC - Input: cm109 - do not stomp on control URB - Input: i8042 - add Acer laptops to the i8042 reset list - pinctrl: amd: remove debounce filter setting in IRQ type setting - mmc: block: Fixup condition for CMD13 polling for RPMB requests - kbuild: avoid static_assert for genksyms - scsi: be2iscsi: Revert "Fix a theoretical leak in beiscsi_create_eqs()" - [x86] membarrier: Get rid of a dubious optimization - [x86] apic/vector: Fix ordering in vector assignment - [arm64] PCI: qcom: Add missing reset for ipq806x - mac80211: mesh: fix mesh_pathtbl_init() error path - [arm64,armhf] net: stmmac: free tx skb buffer in stmmac_resume() - tcp: select sane initial rcvq_space.space for big MSS - tcp: fix cwnd-limited bug for TSO deferral where we send nothing - net/mlx4_en: Avoid scheduling restart task if it is already running - lan743x: fix for potential NULL pointer dereference with bare card - net/mlx4_en: Handle TX error CQE - [arm64,armhf] net: stmmac: delete the eee_ctrl_timer after napi disabled - [arm64,armhf] net: stmmac: dwmac-meson8b: fix mask definition of the m250_sel mux - net: bridge: vlan: fix error return code in __vlan_add() - USB: add RESET_RESUME quirk for Snapscan 1212 - ALSA: usb-audio: Fix potential out-of-bounds shift - ALSA: usb-audio: Fix control 'access overflow' errors from chmap - xhci: Give USB2 ports time to enter U3 in bus suspend - USB: UAS: introduce a quirk to set no_write_same - ALSA: pcm: oss: Fix potential out-of-bounds shift - [x86] drm/xen-front: Fix misused IS_ERR_OR_NULL checks - drm: fix drm_dp_mst_port refcount leaks in drm_dp_mst_allocate_vcpi - [x86] pinctrl: baytrail: Avoid clearing debounce value when turning it off - [arm*] gpio: mvebu: fix potential user-after-free on probe - scsi: bnx2i: Requires MMU - xsk: Fix xsk_poll()'s return type - can: softing: softing_netdev_open(): fix error handling - block: factor out requeue handling from dispatch code - netfilter: x_tables: Switch synchronization to RCU - RDMA/cm: Fix an attempt to use non-valid pointer when cleaning timewait - ixgbe: avoid premature Rx buffer reuse - [arm64,armhf] drm/tegra: replace idr_init() by idr_init_base() - kernel/cpu: add arch override for clear_tasks_mm_cpumask() mm handling - [arm64,armhf] drm/tegra: sor: Disable clocks on error in tegra_sor_init() - [arm64] syscall: exit userspace before unmasking exceptions - vxlan: Add needed_headroom for lower device - vxlan: Copy needed_tailroom from lowerdev - scsi: mpt3sas: Increase IOCInit request timeout to 30s - dm table: Remove BUG_ON(in_interrupt()) - [arm64] soc/tegra: fuse: Fix index bug in get_process_id - USB: serial: option: add interface-number sanity check to flag handling - USB: gadget: f_acm: add support for SuperSpeed Plus - USB: gadget: f_midi: setup SuperSpeed Plus descriptors - usb: gadget: f_fs: Re-use SS descriptors for SuperSpeedPlus - USB: gadget: f_rndis: fix bitrate for SuperSpeed and above - [arm64,armhf] usb: chipidea: ci_hdrc_imx: Pass DISABLE_DEVICE_STREAMING flag to imx6ul - [armhf] dts: exynos: fix roles of USB 3.0 ports on Odroid XU - [armhf] dts: exynos: fix USB 3.0 pins supply being turned off on Odroid XU - scsi: megaraid_sas: Check user-provided offsets - HID: i2c-hid: add Vero K147 to descriptor override - serial_core: Check for port state when tty is in error state - Bluetooth: Fix slab-out-of-bounds read in hci_le_direct_adv_report_evt() - quota: Sanity-check quota file headers on load - media: msi2500: assign SPI bus number dynamically - crypto: af_alg - avoid undefined behavior accessing salg_name - md: fix a warning caused by a race between concurrent md_ioctl()s - perf cs-etm: Change tuple from traceID-CPU# to traceID-metadata - perf cs-etm: Move definition of 'traceid_list' global variable from header file - [x86] drm/gma500: fix double free of gma_connector - selinux: fix error initialization in inode_doinit_with_dentry() - RDMA/rxe: Compute PSN windows correctly - [x86] mm/ident_map: Check for errors from ident_pud_init() - [armel,armhf] p2v: fix handling of LPAE translation in BE mode - [x86] apic: Fix x2apic enablement without interrupt remapping - sched/deadline: Fix sched_dl_global_validate() - sched: Reenable interrupts in do_sched_yield() - [arm64] crypto: inside-secure - Fix sizeof() mismatch - [powerpc*] 64: Set up a kernel stack for secondaries before cpu_restore() - [arm64] drm/msm/dsi_pll_10nm: restore VCO rate during restore_state - ASoC: pcm: DRAIN support reactivation - selinux: fix inode_doinit_with_dentry() LABEL_INVALID error handling - Bluetooth: Fix null pointer dereference in hci_event_packet() - Bluetooth: hci_h5: fix memory leak in h5_close - [armhf] spi: spi-ti-qspi: fix reference leak in ti_qspi_setup - [arm64] spi: tegra20-slink: fix reference leak in slink ops of tegra20 - [arm64,armhf] spi: tegra20-sflash: fix reference leak in tegra_sflash_resume - [arm64,armhf] spi: tegra114: fix reference leak in tegra spi ops - mwifiex: fix mwifiex_shutdown_sw() causing sw reset failure - RDMa/mthca: Work around -Wenum-conversion warning - [x86] crypto: qat - fix status check in qat_hal_put_rel_rd_xfer() - [x86] media: tm6000: Fix sizeof() mismatches - scsi: core: Fix VPD LUN ID designator priorities - media: solo6x10: fix missing snd_card_free in error handling case - [armhf] drm/omap: dmm_tiler: fix return error code in omap_dmm_probe() - Input: ads7846 - fix race that causes missing releases - Input: ads7846 - fix integer overflow on Rt calculation - Input: ads7846 - fix unaligned access on 7845 - spi: fix resource leak for drivers without .remove callback - [armhf] Input: omap4-keypad - fix runtime PM error handling - RDMA/cxgb4: Validate the number of CQEs - memstick: fix a double-free bug in memstick_check - orinoco: Move context allocation after processing the skb - [arm64] dmaengine: mv_xor_v2: Fix error return code in mv_xor_v2_probe() - media: siano: fix memory leak of debugfs members in smsdvb_hotplug - [armhf] HSI: omap_ssi: Don't jump to free ID in ssi_add_controller() - [arm64] dts: rockchip: Set dr_mode to "host" for OTG on rk3328-roc-cc - [x86] power: supply: bq24190_charger: fix reference leak - genirq/irqdomain: Don't try to free an interrupt that has no mapping - PCI: Bounds-check command-line resource alignment requests - PCI: Fix overflow in command-line resource alignment requests - [arm64] dts: meson: fix spi-max-frequency on Khadas VIM2 - [x86] platform/x86: dell-smbios-base: Fix error return code in dell_smbios_init - ath10k: Fix the parsing error in service available event - ath10k: Fix an error handling path - ath10k: Release some resources in an error handling path - NFSv4.2: condition READDIR's mask for security label based on LSM state - SUNRPC: xprt_load_transport() needs to support the netid "rdma6" - lockd: don't use interval-based rebinding over TCP - NFS: switch nfsiod to be an UNBOUND workqueue. - vfio-pci: Use io_remap_pfn_range() for PCI IO memory - media: saa7146: fix array overflow in vidioc_s_audio() - memstick: r592: Fix error return in r592_probe() - net/mlx5: Properly convey driver version to firmware - dm ioctl: fix error return code in target_message - [arm64,armhf] clocksource/drivers/arm_arch_timer: Correct fault programming of CNTKCTL_EL1.EVNTI - [armhf] cpufreq: highbank: Add missing MODULE_DEVICE_TABLE - scsi: qedi: Fix missing destroy_workqueue() on error in __qedi_probe - scsi: pm80xx: Fix error return in pm8001_pci_probe() - seq_buf: Avoid type mismatch for seq_buf_init - [x86] scsi: fnic: Fix error return code in fnic_probe() - [powerpc*] pseries/hibernation: drop pseries_suspend_begin() from suspend ops - [powerpc*] pseries/hibernation: remove redundant cacheinfo update - [armhf] usb: ehci-omap: Fix PM disable depth umbalance in ehci_hcd_omap_probe - speakup: fix uninitialized flush_lock - nfsd: Fix message level for normal termination - nfs_common: need lock during iterate through the list - [x86] kprobes: Restore BTF if the single-stepping is cancelled - [arm64,armhf] clk: tegra: Fix duplicated SE clock entry - mac80211: don't set set TDLS STA bandwidth wider than possible - watchdog: Fix potential dereferencing of null pointer - [armhf] net: allwinner: Fix some resources leak in the error handling path of the probe and in the remove function - [arm64,x86] libnvdimm/label: Return -ENXIO for no slot in __blk_label_update - [arm64] watchdog: qcom: Avoid context switch in restart handler - [armhf] clk: ti: Fix memleak in ti_fapll_synth_setup - qlcnic: Fix error code in probe - [armhf] clk: s2mps11: Fix a resource leak in error handling paths in the probe function - [arm64,armhf] clk: sunxi-ng: Make sure divider tables have sentinel - [armhf] sunxi: Add machine match for the Allwinner V3 SoC - cfg80211: initialize rekey_data - lwt: Disable BH too in run_lwt_bpf() - [arm64,armhf] Input: cros_ec_keyb - send 'scancodes' in addition to key events - Input: goodix - add upside-down quirk for Teclast X98 Pro tablet - media: gspca: Fix memory leak in probe - [armhf] media: sunxi-cir: ensure IR is handled when it is continuous - media: netup_unidvb: Don't leak SPI master in probe error path - [x86] Input: cyapa_gen6 - fix out-of-bounds stack access - ALSA: hda/ca0132 - Change Input Source enum strings. - PM: ACPI: PCI: Drop acpi_pm_set_bridge_wakeup() - Revert "ACPI / resources: Use AE_CTRL_TERMINATE to terminate resources walks" - ACPI: PNP: compare the string length in the matching_id() - ALSA: hda: Fix regressions on clear and reconfig sysfs - ALSA: hda/realtek - Enable headset mic of ASUS X430UN with ALC256 - ALSA: hda/realtek - Enable headset mic of ASUS Q524UQK with ALC255 - ALSA: pcm: oss: Fix a few more UBSAN fixes - ALSA: hda/realtek: Add quirk for MSI-GP73 - ALSA: hda/realtek: Apply jack fixup for Quanta NL3 - ALSA: usb-audio: Add VID to support native DSD reproduction on FiiO devices - ALSA: usb-audio: Disable sample read check if firmware doesn't give back - [s390x] smp: perform initial CPU reset also for SMT siblings - [s390x] dasd: fix hanging device offline processing - [s390x] dasd: prevent inconsistent LCU device data - [s390x] dasd: fix list corruption of pavgroup group list - [s390x] dasd: fix list corruption of lcu list - [x86] staging: comedi: mf6x4: Fix AI end-of-conversion detection - [powerpc*] perf: Exclude kernel samples while counting events in user space. - crypto: ecdh - avoid unaligned accesses in ecdh_set_secret() - [x86] EDAC/amd64: Fix PCI component registration - USB: serial: mos7720: fix parallel-port state restore - USB: serial: digi_acceleport: fix write-wakeup deadlocks - USB: serial: keyspan_pda: fix dropped unthrottle interrupts - USB: serial: keyspan_pda: fix write deadlock - USB: serial: keyspan_pda: fix stalled writes - USB: serial: keyspan_pda: fix write-wakeup use-after-free - USB: serial: keyspan_pda: fix tx-unthrottle use-after-free - USB: serial: keyspan_pda: fix write unthrottling - ext4: fix a memory leak of ext4_free_data - ext4: fix deadlock with fs freezing and EA inodes - [arm64] KVM: Introduce handling of AArch32 TTBCR2 traps - [armhf] dts: pandaboard: fix pinmux for gpio user button of Pandaboard ES - [powerpc*] Fix incorrect stw{, ux, u, x} instructions in __set_pte_at - [powerpc*] rtas: Fix typo of ibm,open-errinjct in RTAS filter - [powerpc*] xmon: Change printk() to pr_cont() - ceph: fix race in concurrent __ceph_remove_cap invocations - SMB3: avoid confusing warning message on mount to Azure - SMB3.1.1: do not log warning message if server doesn't populate salt - ubifs: wbuf: Don't leak kernel memory to flash - jffs2: Fix GC exit abnormally - jfs: Fix array index bounds check in dbAdjTree (CVE-2020-27815) - drm/dp_aux_dev: check aux_dev before use in drm_dp_aux_dev_get_by_minor() - [armel] mtd: parser: cmdline: Fix parsing of part-names with colons - scsi: lpfc: Fix invalid sleeping context in lpfc_sli4_nvmet_alloc() - scsi: lpfc: Re-fix use after free in lpfc_rq_buf_free() - iio: buffer: Fix demux update - [arm64,armhf] iio: adc: rockchip_saradc: fix missing clk_disable_unprepare() on error in rockchip_saradc_resume - md/cluster: block reshape with remote resync job - md/cluster: fix deadlock when node is doing resync job - [arm64,armhf] pinctrl: sunxi: Always call chained_irq_{enter, exit} in sunxi_pinctrl_irq_handler - [arm64] clk: mvebu: a3700: fix the XTAL MODE pin to MPP1_9 - xen-blkback: set ring->xenblkd to NULL after kthread_stop() (CVE-2020-29569) - xen/xenbus: Allow watches discard events before queueing (CVE-2020-29568) - xen/xenbus: Add 'will_handle' callback support in xenbus_watch_path() (CVE-2020-29568) - xen/xenbus/xen_bus_type: Support will_handle watch callback (CVE-2020-29568) - xen/xenbus: Count pending messages for each watch (CVE-2020-29568) - xenbus/xenbus_backend: Disallow pending watch messages (CVE-2020-29568) - libnvdimm/namespace: Fix reaping of invalidated block-window-namespace labels - [x86] platform/x86: intel-vbtn: Allow switch events on Acer Switch Alpha 12 - PCI: Fix pci_slot_release() NULL pointer dereference https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.165 - md/raid10: initialize r10_bio->read_slot before use. - fscrypt: add fscrypt_is_nokey_name() - ext4: prevent creating duplicate encrypted filenames - f2fs: prevent creating duplicate encrypted filenames - ubifs: prevent creating duplicate encrypted filenames - vfio/pci: Move dummy_resources_list init in vfio_pci_probe() - ext4: don't remount read-only with errors=continue on reboot - uapi: move constants from <linux/kernel.h> to <linux/const.h> - [x86] KVM: SVM: relax conditions for allowing MSR_IA32_SPEC_CTRL accesses - [x86] KVM: reinstate vendor-agnostic check on SPEC_CTRL cpuid bits - [powerpc*] bitops: Fix possible undefined behaviour with fls() and fls64() - xen/gntdev.c: Mark pages as dirty - null_blk: Fix zone size initialization - of: fix linker-section match-table corruption - Bluetooth: hci_h5: close serdev device and free hu in h5_close - reiserfs: add check for an invalid ih_entry_count - [x86] misc: vmw_vmci: fix kernel info-leak by initializing dbells in vmci_ctx_get_chkpt_doorbells() - media: gp8psk: initialize stats at power control logic - ALSA: seq: Use bool for snd_seq_queue internal flags - ALSA: rawmidi: Access runtime->avail always in spinlock - fcntl: Fix potential deadlock in send_sig{io, urg}() - [arm64,armhf] rtc: sun6i: Fix memleak in sun6i_rtc_clk_init - module: set MODULE_STATE_GOING state when a module fails to load - quota: Don't overflow quota file offsets - NFSv4: Fix a pNFS layout related use-after-free race when freeing the inode - module: delay kobject uevent until after module init call - ALSA: pcm: Clear the full allocated memory at hw_params - dm verity: skip verity work if I/O error when system is shutting down https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.166 - kdev_t: always inline major/minor helper functions - mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start (CVE-2020-36158) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.167 - workqueue: Kick a worker based on the actual activation of delayed works - scsi: ufs: Fix wrong print message in dev_err() - scsi: ufs-pci: Ensure UFS device is in PowerDown mode for suspend-to-disk ->poweroff() - scsi: scsi_transport_spi: Set RQF_PM for domain validation commands - lib/genalloc: fix the overflow when size is too big - proc: change ->nlink under proc_subdir_lock - proc: fix lookup in /proc/net subdirectories after setns(2) - i40e: Fix Error I40E_AQ_RC_EINVAL when removing VFs - [arm64,armhf] net: mvpp2: Add TCAM entry to drop flow control pause frames - [arm64,armhf] net: mvpp2: prs: fix PPPoE with ipv6 packet parse - atm: idt77252: call pci_disable_device() on error path - [arm64,armhf] net: mvpp2: Fix GoP port 3 Networking Complex Control configurations - qede: fix offload for IPIP tunnel packets - virtio_net: Fix recursive call to cpus_read_lock() - net-sysfs: take the rtnl lock when storing xps_cpus - net-sysfs: take the rtnl lock when accessing xps_cpus_map and num_tc - tun: fix return value when the number of iovs exceeds MAX_SKB_FRAGS - ipv4: Ignore ECN bits for fib lookups in fib_compute_spec_dst() - [arm64] net: hns: fix return value check in __lb_other_process() - erspan: fix version 1 check in gre_parse_header() - net: hdlc_ppp: Fix issues when mod_timer is called while timer is running - CDC-NCM: remove "connected" log message - net: usb: qmi_wwan: add Quectel EM160R-GL - r8169: work around power-saving bug on some chip versions - vhost_net: fix ubuf refcount incorrectly when sendmsg fails - net: sched: prevent invalid Scell_log shift count - net-sysfs: take the rtnl lock when storing xps_rxqs - net-sysfs: take the rtnl lock when accessing xps_rxqs_map and num_tc - Bluetooth: revert: hci_h5: close serdev device and free hu in h5_close - [x86] video: hyperv_fb: Fix the mmap() regression for v5.4.y and older - crypto: ecdh - avoid buffer overflow in ecdh_set_secret() - usb: gadget: enable super speed plus - USB: cdc-acm: blacklist another IR Droid device - USB: cdc-wdm: Fix use after free in service_outstanding_interrupt(). - [arm64] usb: dwc3: ulpi: Use VStsDone to detect PHY regs access completion - [arm64,armhf] usb: chipidea: ci_hdrc_imx: add missing put_device() call in usbmisc_get_init_data() - USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST quirk set - usb: usbip: vhci_hcd: protect shift size - USB: serial: iuu_phoenix: fix DMA from stack - USB: serial: option: add LongSung M5710 module support - USB: serial: option: add Quectel EM160R-GL - USB: yurex: fix control-URB timeout handling - USB: usblp: fix DMA to stack - ALSA: usb-audio: Fix UBSAN warnings for MIDI jacks - usb: gadget: f_uac2: reset wMaxPacketSize - usb: gadget: function: printer: Fix a memory leak for interface descriptor - usb: gadget: u_ether: Fix MTU size mismatch with RX packet size - usb: gadget: Fix spinlock lockup on usb_function_deactivate - usb: gadget: configfs: Preserve function ordering after bind failure - usb: gadget: configfs: Fix use-after-free issue with udc_name - USB: serial: keyspan_pda: remove unused variable - [x86] mm: Fix leak of pmd ptlock - ALSA: hda/via: Fix runtime PM for Clevo W35xSS - ALSA: hda/conexant: add a new hda codec CX11970 - ALSA: hda/realtek - Fix speaker volume control on Lenovo C940 - btrfs: send: fix wrong file path when there is an inode with a pending rmdir - Revert "device property: Keep secondary firmware node secondary by type" - [x86] xen/pvh: correctly setup the PV EFI interface for dom0 - netfilter: x_tables: Update remaining dereference to RCU - netfilter: ipset: fix shift-out-of-bounds in htable_bits() - netfilter: xt_RATEEST: reject non-null terminated string from userspace - [x86] mtrr: Correct the range check before performing MTRR type lookups - scsi: target: Fix XCOPY NAA identifier lookup (CVE-2020-28374) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.168 - net: cdc_ncm: correct overhead in delayed_ndp_size (Closes: #970736) - [arm64] net: hns3: fix the number of queues actually used by ARQ - [arm64,armhf] net: stmmac: dwmac-sun8i: Balance internal PHY resource references - [arm64,armhf] net: stmmac: dwmac-sun8i: Balance internal PHY power - net: vlan: avoid leaks on register_vlan_dev() failures - net: ip: always refragment ip defragmented packets - net: fix pmtu check in nopmtudisc mode - net: ipv6: fib: flush exceptions when purging route - vmlinux.lds.h: Add PGO and AutoFDO input sections - [x86] drm/i915: Fix mismatch between misplaced vma check and vma insert - [amd64] spi: pxa2xx: Fix use-after-free on unbind - HID: wacom: Fix memory leakage caused by kfifo_alloc - [armhf] OMAP2+: omap_device: fix idling of devices during probe - [x86] cpufreq: powernow-k8: pass policy rather than use cpufreq_cpu_get() - [amd64] iommu/intel: Fix memleak in intel_irq_remapping_alloc - net/mlx5e: Fix memleak in mlx5e_create_l2_table_groups - net/mlx5e: Fix two double free cases - regmap: debugfs: Fix a memory leak when calling regmap_attach_dev - [arm64] KVM: Don't access PMCR_EL0 when no PMU is available - block: fix use-after-free in disk_part_iter_next - net: drop bogus skb with CHECKSUM_PARTIAL and offset beyond end of trimmed packet - regmap: debugfs: Fix a reversed if statement in regmap_debugfs_init() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.169 - ASoC: dapm: remove widget from dirty list on free - [x86] hyperv: check cpu mask after interrupt has been disabled - [mips*] boot: Fix unaligned access with CONFIG_MIPS_RAW_APPENDED_DTB - ACPI: scan: Harden acpi_device_add() against device ID overflows - mm/hugetlb: fix potential missing huge page size info - dm snapshot: flush merged data before committing metadata - dm integrity: fix the maximum number of arguments - r8152: Add Lenovo Powered USB-C Travel Hub - ext4: fix bug for rename with RENAME_WHITEOUT - btrfs: fix transaction leak and crash after RO remount caused by qgroup rescan - bfq: Fix computation of shallow depth - [arm64] drm/msm: Call msm_init_vram before binding the gpu - dump_common_audit_data(): fix racy accesses to ->d_name - [x86] ASoC: Intel: fix error code cnl_set_dsp_D0() - NFS4: Fix use-after-free in trace_event_raw_event_nfs4_set_lock - pNFS: Mark layout for return if return-on-close was not sent - NFS/pNFS: Fix a leak of the layout 'plh_outstanding' counter - NFS: nfs_igrab_and_active must first reference the superblock - ext4: fix superblock checksum failure when setting password salt - [amd64] RDMA/usnic: Fix memleak in find_free_vf_and_create_qp_grp - RDMA/mlx5: Fix wrong free of blue flame register on error - mm, slub: consider rest of partial list if acquire_slab() fails - net: sunrpc: interpret the return value of kstrtou32 correctly - dm: eliminate potential source of excessive kernel log noise - ALSA: firewire-tascam: Fix integer overflow in midi_port_work() - ALSA: fireface: Fix integer overflow in transmit_midi_msg() - netfilter: conntrack: fix reading nf_conntrack_buckets - netfilter: nf_nat: Fix memleak in nf_nat_init https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.170 - usb: ohci: Make distrust_firmware param default to false - dm integrity: fix flush with external metadata device - nfsd4: readdirplus shouldn't return parent of export (CVE-2021-3178) - udp: Prevent reuseport_select_sock from reading uninitialized socks - netxen_nic: fix MSI/MSI-x interrupts - [arm64,armhf] net: mvpp2: Remove Pause and Asym_Pause support - rndis_host: set proper input size for OID_GEN_PHYSICAL_MEDIUM request - esp: avoid unneeded kmap_atomic call - net: dcb: Validate netlink message in DCB handler - net: dcb: Accept RTM_GETDCB messages carrying set-like DCB commands - rxrpc: Call state should be read with READ_ONCE() under some circumstances - [arm64,armhf] net: stmmac: Fixed mtu channged by cache aligned - net: sit: unregister_netdevice on newlink's error path - net: avoid 32 x truesize under-estimation for tiny skbs - rxrpc: Fix handling of an unsupported token type in rxrpc_read() - tipc: fix NULL deref in tipc_link_xmit() - net: introduce skb_list_walk_safe for skb segment walking - net: skbuff: disambiguate argument and member for skb_list_walk_safe helper - net: ipv6: Validate GSO SKB before finish IPv6 processing https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.171 - ALSA: hda/via: Add minimum mute flag - ACPI: scan: Make acpi_bus_get_device() clear return pointer on error - btrfs: fix lockdep splat in btrfs_recover_relocation - mmc: core: don't initialize block size from ext_csd if not present - [arm64] mmc: sdhci-xenon: fix 1.8v regulator stabilization - dm: avoid filesystem lookup in dm_get_dev_t() - dm integrity: fix a crash if "recalculate" used without "internal_hash" - drm/atomic: put state on error path - [x86] ASoC: Intel: haswell: Add missing pm_ops - scsi: ufs: Correct the LUN used in eh_device_reset_handler() callback - scsi: qedi: Correct max length of CHAP secret - HID: Ignore battery for Elan touchscreen on ASUS UX550 - xen: Fix event channel callback via INTX/GSI - drm/nouveau/bios: fix issue shadowing expansion ROMs - drm/nouveau/privring: ack interrupts the same way as RM - drm/nouveau/i2c/gm200: increase width of aux semaphore owner fields - drm/nouveau/mmu: fix vram heap sizing - drm/nouveau/kms/nv50-: fix case where notifier buffer is at offset 0 - scsi: megaraid_sas: Fix MEGASAS_IOC_FIRMWARE regression - i2c: octeon: check correct size of maximum RECV_LEN packet - [x86] platform/x86: intel-vbtn: Drop HP Stream x360 Convertible PC 11 from allow-list - can: dev: can_restart: fix use after free bug - can: vxcan: vxcan_xmit: fix use after free bug - can: peak_usb: fix use after free bugs - [mips*] irqchip/mips-cpu: Set IPI domain parent chip - [x86] intel_th: pci: Add Alder Lake-P support - [arm64] serial: mvebu-uart: fix tx lost characters at power off - ehci: fix EHCI host controller initialization sequence - usb: udc: core: Use lock when write to soft_connect - xhci: make sure TRB is fully written before giving it to the controller - [arm64,armhf] xhci: tegra: Delay for disabling LFPS detector - driver core: Extend device_is_dependent() - netfilter: rpfilter: mask ecn bits before fib lookup - skbuff: back tiny skbs with kmalloc() in __netdev_alloc_skb() too - udp: mask TOS bits in udp_v4_early_demux() - ipv6: create multicast route with RTPROT_KERNEL - net_sched: avoid shift-out-of-bounds in tcindex_set_parms() - net_sched: reject silly cell_log in qdisc_get_rtab() - ipv6: set multicast flag on the multicast route - net: Disable NETIF_F_HW_TLS_RX when RXCSUM is disabled - [armhf] net: dsa: b53: fix an off by one in checking "vlan->vid" . [ Salvatore Bonaccorso ] * [rt] Update to 4.19.165-rt70 * Bump ABI to 14 * [rt] Refresh "net/core: protect users of napi_alloc_cache against reentrance" * futex: Move futex exit handling into futex code * futex: Replace PF_EXITPIDONE with a state * exit/exec: Seperate mm_release() * futex: Split futex_mm_release() for exit/exec * futex: Set task::futex_state to DEAD right after handling futex exit * futex: Mark the begin of futex exit explicitly * futex: Sanitize exit state handling * futex: Provide state handling for exec() as well * futex: Add mutex around futex exit * futex: Provide distinct return value when owner is exiting * futex: Prevent exit livelock * [rt] Refresh "softirq: Split softirq locks" * [arm*] gpio: mvebu: fix pwm .get_state period calculation * Revert "mm/slub: fix a memory leak in sysfs_slab_add()" * futex: Ensure the correct return value from futex_lock_pi() * futex: Replace pointless printk in fixup_owner() * futex: Provide and use pi_state_update_owner() * rtmutex: Remove unused argument from rt_mutex_proxy_unlock() * futex: Use pi_state_update_owner() in put_pi_state() * futex: Simplify fixup_pi_state_owner() * futex: Handle faults correctly for PI futexes * [rt] Refresh "rtmutex: Handle the various new futex race conditions" * [rt] Refresh "rtmutex: add sleeping lock implementation" * [rt] Refresh "Revert "rtmutex: Handle the various new futex race conditions"" * [rt] Refresh "futex: Make the futex_hash_bucket lock raw" * [rt] Refresh "futex: Delay deallocation of pi_state" * [rt] Refresh "futex: Make the futex_hash_bucket spinlock_t again and bring back its old state" * HID: wacom: Correct NULL dereference on AES pen proximity * tracing: Fix race in trace_open and buffer resize call (CVE-2020-27825) . [ Uwe Kleine-König ] * [arm64] Enable support for NXP's PCF85063 RTC (Closes: #972345) Checksums-Sha1: cec64089bf234ebd16918a122f7b86ec5ed5dee3 191615 linux_4.19.171-1.dsc 37c3c0616d91bc7d3665ae98c201e772b6b6ab88 107575880 linux_4.19.171.orig.tar.xz 006bf55ea1b29f3a4e582025189376f510f6b326 1479940 linux_4.19.171-1.debian.tar.xz 096ef9560e2bef9324ca40332511d79304fe2fb6 6275 linux_4.19.171-1_source.buildinfo Checksums-Sha256: 1da387cd31a15b60acf2c6500bd44a7cf5458a945bad1b1dee77533d8b53d2cc 191615 linux_4.19.171-1.dsc a675203341bfc2876a6361874c40b40190017c95bd51917372e13ef82652bcb0 107575880 linux_4.19.171.orig.tar.xz c7e1c1474c99227245ac73ab68dfcd36778728edfb0dba04496b3625de5d84b3 1479940 linux_4.19.171-1.debian.tar.xz 7293a0d04abd2ce8e8e3925e96f48859c107fa979388637b664e642d0890bc89 6275 linux_4.19.171-1_source.buildinfo Files: 86a9cb65e87d95c2a0f3da25a5ae0b4a 191615 kernel optional linux_4.19.171-1.dsc 0db4d008c7ce5a97f13d28e72a209dd0 107575880 kernel optional linux_4.19.171.orig.tar.xz d804066531e03f77b2fea895b7fec3eb 1479940 kernel optional linux_4.19.171-1.debian.tar.xz 4fd511ebfb9c283defa9dd72684b62ac 6275 kernel optional linux_4.19.171-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmAUhs5fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EIHwP/ikUBcU3jEDEb7qKgjGTmK1RFUiopb91 QUeKsCYLhYgJWalfizjdfWP8EKVvYk/zs6nmeFCjXzXRiVDKPCEDdxN3tzdusG5G 9PyPqUXuvvYHQKVPik1tw5NDwbtHsYEXVWabxWF9XLe1AaUmTOQyuApSz9+9rw+y Pm2Ro5LzBey3vfaMjIBA0ccS26XUVpbyF/M7GB2RL0iWM6ZjnsGKVCMaYK9/mLLx niEszr97uuz+JKUjtpykTOZWMI7yDXoW+3IAORRmB5Rsr4lCXabLvlbiJNNsOHEC CiuPiEnbXHXhCDrD7YoT3Tzkmc6MMlqvzQI2t82qB1azHV9wLKxTnIJxUF9JxWfq 8etAw7QygfizD1/KtjSgODkt4v5J1j3SkG4KWwMuKCm+MFScT7TWkhkdYmg2mH4x cvbnHYClHp+QQujtLc/b3k50y+QivxIPEX1AEb+z9y0mVFHB/cVFgvgGwLX1BTyD bFod86oQKnteknvnXDPBWc59YlPhZtwc1qB/b316wP7Nsiw8eruP8Mu2TF5JBEqz WG5vJtfwFKwUJk3N96KANJEJ3jGmYKXHvkvI066tJJDXmtqahFo3orL+PXrWp9Wt Tc5FEBYnuJ//1VLpU1nLN+I10fH8bP4brlxAQNXT5D5mwCI9agxOjlR1Jns+g2Qc 4RtYWQJLttT+ =xn6U -----END PGP SIGNATURE-----
