-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 17 Mar 2022 20:48:39 +0100
Source: linux
Architecture: source
Version: 4.19.235-1
Distribution: buster
Urgency: medium
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Changes:
linux (4.19.235-1) buster; urgency=medium
.
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.233
- mac80211_hwsim: report NOACK frames in tx_status
- mac80211_hwsim: initialize ieee80211_tx_info at hw_scan_work
- [arm*] i2c: bcm2835: Avoid clock stretching timeouts
- [x86] ASoC: rt5682: do not block workqueue if card is unbound
- Input: clear BTN_RIGHT/MIDDLE on buttonpads
- cifs: fix double free race when mount fails in cifs_get_root()
- net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990
- usb: gadget: don't release an existing dev->buf (CVE-2022-24958)
- usb: gadget: clear related members when goto fail (CVE-2022-24958)
- ata: pata_hpt37x: fix PCI clock detection
- [x86] ALSA: intel_hdmi: Fix reference to PCM buffer address
- ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min
- xfrm: fix MTU regression
- netfilter: fix use-after-free in __nf_register_net_hook()
- xfrm: fix the if_id check in changelink
- xfrm: enforce validity of offload input flags
- netfilter: nf_queue: don't assume sk is full socket
- netfilter: nf_queue: fix possible use-after-free
- batman-adv: Request iflink once in batadv-on-batadv check
- batman-adv: Request iflink once in batadv_get_real_netdevice
- batman-adv: Don't expect inter-netns unique iflink indices
- net: dcb: flush lingering app table entries for unregistered devices
- net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error generated by client
- net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error cause by server
- block: Fix fsync always failed if once failed
- PCI: pciehp: Fix infinite loop in IRQ handler upon power fault
- xen/netfront: destroy queues before real_num_tx_queues is zeroed
- mac80211: fix forwarded mesh frames AC & queue selection
- [arm64,armhf] net: stmmac: fix return value of __setup handler
- net: arcnet: com20020: Fix null-ptr-deref in com20020pci_probe()
- efivars: Respect "block" flag in efivar_entry_set_safe()
- can: gs_usb: change active_channels's type from atomic_t to u8
- [armel,armhf] 9182/1: mmu: fix returns from early_param() and __setup()
functions
- net: chelsio: cxgb3: check the return value of pci_find_capability()
- nl80211: Handle nla_memdup failures in handle_nan_filter
- Input: elan_i2c - move regulator_[en|dis]able() out of
elan_[en|dis]able_power()
- Input: elan_i2c - fix regulator enable count imbalance after
suspend/resume
- HID: add mapping for KEY_ALL_APPLICATIONS
- memfd: fix F_SEAL_WRITE after shmem huge page allocated
- tracing/histogram: Fix sorting on old "cpu" value
- btrfs: add missing run of delayed items after unlink during log replay
- net: dcb: disable softirqs in dcbnl_flush_dev()
- hamradio: fix macro redefine warning
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.234
- [arm*] Provide a wrapper for SMCCC 1.1 calls
- [arm64,armhf] smccc/psci: add arm_smccc_1_1_get_conduit()
- [armhf] report Spectre v2 status through sysfs
- [armel,armhf] early traps initialisation
- [armel,armhf] use LOADADDR() to get load address of sections
- [armel,armhf] Spectre-BHB workaround
- [armel,armhf] include unprivileged BPF status in Spectre V2 reporting
- [armel,armhf] fix build error when BPF_SYSCALL is disabled
- [armel,armhf] fix co-processor register typo
- [armel,armhf] Do not use NOCROSSREFS directive with ld.lld
- [armhf] fix build warning in proc-v7-bugs.c
- xen/xenbus: don't let xenbus_grant_ring() remove grants in error case
(CVE-2022-23040, XSA-396)
- xen/grant-table: add gnttab_try_end_foreign_access() (CVE-2022-23036,
CVE-2022-23038, XSA-396)
- xen/blkfront: don't use gnttab_query_foreign_access() for mapped status
(CVE-2022-23036, XSA-396)
- xen/netfront: don't use gnttab_query_foreign_access() for mapped status
(CVE-2022-23037, XSA-396)
- xen/scsifront: don't use gnttab_query_foreign_access() for mapped status
(CVE-2022-23038, XSA-396)
- xen/gntalloc: don't use gnttab_query_foreign_access() (CVE-2022-23039,
XSA-396)
- xen: remove gnttab_query_foreign_access()
- xen/9p: use alloc/free_pages_exact() (CVE-2022-23041, XSA-396)
- xen/pvcalls: use alloc/free_pages_exact() (CVE-2022-23041, XSA-396)
- xen/gnttab: fix gnttab_end_foreign_access() without page specified
(CVE-2022-23041, XSA-396)
- xen/netfront: react properly to failing gnttab_end_foreign_access_ref()
(CVE-2022-23042, XSA-396)
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.235
- net: qlogic: check the return value of dma_alloc_coherent() in
qed_vf_hw_prepare()
- qed: return status of qed_iov_get_link
- ax25: Fix NULL pointer dereference in ax25_kill_by_device
- net/mlx5: Fix size field in bufferx_reg struct
- NFC: port100: fix use-after-free in port100_send_complete
- net: phy: DP83822: clear MISR2 register to disable interrupts
- sctp: fix kernel-infoleak for SCTP sockets
- net-sysfs: add check for netdevice being present to speed_show
- Revert "xen-netback: remove 'hotplug-status' once it has served its
purpose"
- Revert "xen-netback: Check for hotplug-status existence before watching"
- tracing: Ensure trace buffer is at least 4096 bytes large
- [arm64] net: macb: Fix lost RX packet wakeup race in NAPI receive
- virtio: unexport virtio_finalize_features
- virtio: acknowledge all features before access
- [armel,armhf] fix Thumb2 regression with Spectre BHB
- ext4: add check to prevent attempting to resize an fs with sparse_super2
- btrfs: unlock newly allocated extent buffer after error (CVE-2021-4149)
.
[ Salvatore Bonaccorso ]
* [rt] Add new signing key for Daniel Wagner
* [rt] Update to 4.19.233-rt105
* Bump ABI to 20
* sctp: fix the processing for INIT chunk (CVE-2021-3772)
* sctp: fix the processing for INIT_ACK chunk (CVE-2021-3772)
Checksums-Sha1:
102540a17f5a64e7dc71b3faebe7e737100c662d 191330 linux_4.19.235-1.dsc
9dd1d6a10255f3fca40721e728fa7eec1990fe7e 107638296 linux_4.19.235.orig.tar.xz
900ff4f0d07f19b4ed8116dd186e9f6e52a5df7b 1534580 linux_4.19.235-1.debian.tar.xz
865aeb11801c66d971fca8c2d581fafdbd2300b1 6460 linux_4.19.235-1_source.buildinfo
Checksums-Sha256:
d7283afbc580724b441af6dd1e8814e74c3e4c7db928ccf5d61938359d03407f 191330 linux_4.19.235-1.dsc
bd6e3b9a95c8662d35e6c6c9bd0c50f77febb406a901446dbaa08bad29097301 107638296 linux_4.19.235.orig.tar.xz
fda3d65e662e85893a5267c4c1d9c765e0d2eccbea57338e904684eaadba6dee 1534580 linux_4.19.235-1.debian.tar.xz
833f660ce54e177fe74a9fcba02a88f0cba8b8b38a43dcf42d73ed14a79d4372 6460 linux_4.19.235-1_source.buildinfo
Files:
f5beffef0a6a65132fa2e8f06fc38cc9 191330 kernel optional linux_4.19.235-1.dsc
c5ea5de932ddf8d76c7d146c49963b99 107638296 kernel optional linux_4.19.235.orig.tar.xz
2e23d20d95251d57e6fceb7ff3b6461e 1534580 kernel optional linux_4.19.235-1.debian.tar.xz
34f20d08375249460bbe49fb4e3f285a 6460 kernel optional linux_4.19.235-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmIzkQ1fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89E4+0P/ArcRYDfSzw814grovA1En+8VeKmX3zT
y3Tq8mxh6WVdHg+7OmCyorldufLVVUcr/tRCLgY8S0Y3qhHvJ2xazushsyImN1ic
6HxmOLguVFMorvJzD7KQdc5wjS7F1dD/iED8kcHmzMC1I6yzK0huLBoyJ4JL7YbH
dCvDFvR46jJiFnffWq1lpE448XjXoRHBtmkr2wT3rSOSSMPFcJ+bJiJOYJ9/YLOO
kC8faVzhgQkoC3iFEmufaD9foi4gPQH+8yHA/GtbzGsfXuU55Oxo13AvNBZ+RfyY
yQhctc3mC23MRYNE53J35UTZ5RBaHRB2ymUSIR14wYSn8D+Mw87g7qCehyo5Msui
NzbI6uzb3QBbgaXIMDe0DLcJJjt9W+jOtK1BrZGZPixxL4eer4H5gJ4uenvn7icV
awVuXVLtsQAhdtlpzD3dA+nuFu1nxeS6r3bKsPGLlOt1xakpYVPCOAAbl3lVhEy8
TBYqx1aMacbGL8Mw1oIPjooLUca2tFhKesISINKKGWxGDifHnwJ7gCN5z3lehSKd
KeVdaTtbMWSu4h8GjJEJqZ70ucQ13NF2c0MKgr1nXbvOD62UdoXujyUGwdePdK8M
3KARYfhRQdzA9YMhRLsFkRovb71z1zCYQxcmHOu7Zi43L6shmmTnnsPDNVGzKfCK
tqza4/QjZjcg
=nN1P
-----END PGP SIGNATURE-----
