======================================== Sat, 26 Mar 2022 - Debian 10.12 released ======================================== ========================================================================= [Date: Sat, 26 Mar 2022 10:53:33 -0000] [ftpmaster: Archive Administrator] Removed the following packages from oldstable: linux-headers-4.19.0-17-all-amd64 | 4.19.194-3 | amd64 linux-headers-4.19.0-17-amd64 | 4.19.194-3 | amd64 linux-headers-4.19.0-17-cloud-amd64 | 4.19.194-3 | amd64 linux-headers-4.19.0-17-rt-amd64 | 4.19.194-3 | amd64 linux-headers-4.19.0-19-all-amd64 | 4.19.232-1 | amd64 linux-headers-4.19.0-19-amd64 | 4.19.232-1 | amd64 linux-headers-4.19.0-19-cloud-amd64 | 4.19.232-1 | amd64 linux-headers-4.19.0-19-rt-amd64 | 4.19.232-1 | amd64 linux-image-4.19.0-17-amd64-dbg | 4.19.194-3 | amd64 linux-image-4.19.0-17-amd64-unsigned | 4.19.194-3 | amd64 linux-image-4.19.0-17-cloud-amd64-dbg | 4.19.194-3 | amd64 linux-image-4.19.0-17-cloud-amd64-unsigned | 4.19.194-3 | amd64 linux-image-4.19.0-17-rt-amd64-dbg | 4.19.194-3 | amd64 linux-image-4.19.0-17-rt-amd64-unsigned | 4.19.194-3 | amd64 linux-image-4.19.0-19-amd64-dbg | 4.19.232-1 | amd64 linux-image-4.19.0-19-amd64-unsigned | 4.19.232-1 | amd64 linux-image-4.19.0-19-cloud-amd64-dbg | 4.19.232-1 | amd64 linux-image-4.19.0-19-cloud-amd64-unsigned | 4.19.232-1 | amd64 linux-image-4.19.0-19-rt-amd64-dbg | 4.19.232-1 | amd64 linux-image-4.19.0-19-rt-amd64-unsigned | 4.19.232-1 | amd64 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 26 Mar 2022 10:53:43 -0000] [ftpmaster: Archive Administrator] Removed the following packages from oldstable: affs-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel affs-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel ata-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel ata-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel btrfs-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel btrfs-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel cdrom-core-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel cdrom-core-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel compress-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel compress-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel crc-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel crc-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel crypto-dm-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel crypto-dm-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel crypto-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel crypto-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel event-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel event-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel ext4-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel ext4-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel fat-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel fat-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel fb-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel fb-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel firewire-core-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel firewire-core-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel fuse-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel fuse-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel hfs-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel hfs-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel input-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel input-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel isofs-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel isofs-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel jfs-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel jfs-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel kernel-image-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel kernel-image-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel linux-headers-4.19.0-17-loongson-3 | 4.19.194-3 | mips64el, mipsel linux-headers-4.19.0-19-loongson-3 | 4.19.232-1 | mips64el, mipsel linux-image-4.19.0-17-loongson-3 | 4.19.194-3 | mips64el, mipsel linux-image-4.19.0-17-loongson-3-dbg | 4.19.194-3 | mips64el, mipsel linux-image-4.19.0-19-loongson-3 | 4.19.232-1 | mips64el, mipsel linux-image-4.19.0-19-loongson-3-dbg | 4.19.232-1 | mips64el, mipsel loop-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel loop-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel md-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel md-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel minix-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel minix-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel mtd-core-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel mtd-core-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel multipath-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel multipath-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel nbd-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel nbd-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel nfs-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel nfs-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel nic-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel nic-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel nic-shared-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel nic-shared-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel nic-usb-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel nic-usb-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel nic-wireless-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel nic-wireless-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel pata-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel pata-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel ppp-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel ppp-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel sata-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel sata-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel scsi-core-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel scsi-core-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel scsi-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel scsi-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel scsi-nic-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel scsi-nic-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel sound-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel sound-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel speakup-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel speakup-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel squashfs-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel squashfs-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel udf-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel udf-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel usb-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel usb-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel usb-serial-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel usb-serial-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel usb-storage-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel usb-storage-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel xfs-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel xfs-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel zlib-modules-4.19.0-17-loongson-3-di | 4.19.194-3 | mips64el, mipsel zlib-modules-4.19.0-19-loongson-3-di | 4.19.232-1 | mips64el, mipsel ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 26 Mar 2022 10:53:51 -0000] [ftpmaster: Archive Administrator] Removed the following packages from oldstable: linux-headers-4.19.0-17-all-mipsel | 4.19.194-3 | mipsel linux-headers-4.19.0-19-all-mipsel | 4.19.232-1 | mipsel ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 26 Mar 2022 10:54:00 -0000] [ftpmaster: Archive Administrator] Removed the following packages from oldstable: ata-modules-4.19.0-17-powerpc64le-di | 4.19.194-3 | ppc64el ata-modules-4.19.0-19-powerpc64le-di | 4.19.232-1 | ppc64el btrfs-modules-4.19.0-17-powerpc64le-di | 4.19.194-3 | ppc64el btrfs-modules-4.19.0-19-powerpc64le-di | 4.19.232-1 | ppc64el cdrom-core-modules-4.19.0-17-powerpc64le-di | 4.19.194-3 | ppc64el cdrom-core-modules-4.19.0-19-powerpc64le-di | 4.19.232-1 | ppc64el compress-modules-4.19.0-17-powerpc64le-di | 4.19.194-3 | ppc64el compress-modules-4.19.0-19-powerpc64le-di | 4.19.232-1 | ppc64el crc-modules-4.19.0-17-powerpc64le-di | 4.19.194-3 | ppc64el crc-modules-4.19.0-19-powerpc64le-di | 4.19.232-1 | ppc64el crypto-dm-modules-4.19.0-17-powerpc64le-di | 4.19.194-3 | ppc64el crypto-dm-modules-4.19.0-19-powerpc64le-di | 4.19.232-1 | ppc64el crypto-modules-4.19.0-17-powerpc64le-di | 4.19.194-3 | ppc64el crypto-modules-4.19.0-19-powerpc64le-di | 4.19.232-1 | ppc64el event-modules-4.19.0-17-powerpc64le-di | 4.19.194-3 | ppc64el event-modules-4.19.0-19-powerpc64le-di | 4.19.232-1 | ppc64el ext4-modules-4.19.0-17-powerpc64le-di | 4.19.194-3 | ppc64el ext4-modules-4.19.0-19-powerpc64le-di | 4.19.232-1 | ppc64el fancontrol-modules-4.19.0-17-powerpc64le-di | 4.19.194-3 | ppc64el fancontrol-modules-4.19.0-19-powerpc64le-di | 4.19.232-1 | ppc64el fat-modules-4.19.0-17-powerpc64le-di | 4.19.194-3 | ppc64el fat-modules-4.19.0-19-powerpc64le-di | 4.19.232-1 | ppc64el fb-modules-4.19.0-17-powerpc64le-di | 4.19.194-3 | ppc64el fb-modules-4.19.0-19-powerpc64le-di | 4.19.232-1 | ppc64el firewire-core-modules-4.19.0-17-powerpc64le-di | 4.19.194-3 | ppc64el firewire-core-modules-4.19.0-19-powerpc64le-di | 4.19.232-1 | ppc64el fuse-modules-4.19.0-17-powerpc64le-di | 4.19.194-3 | ppc64el fuse-modules-4.19.0-19-powerpc64le-di | 4.19.232-1 | ppc64el hypervisor-modules-4.19.0-17-powerpc64le-di | 4.19.194-3 | ppc64el hypervisor-modules-4.19.0-19-powerpc64le-di | 4.19.232-1 | ppc64el i2c-modules-4.19.0-17-powerpc64le-di | 4.19.194-3 | ppc64el i2c-modules-4.19.0-19-powerpc64le-di | 4.19.232-1 | ppc64el input-modules-4.19.0-17-powerpc64le-di | 4.19.194-3 | ppc64el input-modules-4.19.0-19-powerpc64le-di | 4.19.232-1 | ppc64el isofs-modules-4.19.0-17-powerpc64le-di | 4.19.194-3 | ppc64el isofs-modules-4.19.0-19-powerpc64le-di | 4.19.232-1 | ppc64el jfs-modules-4.19.0-17-powerpc64le-di | 4.19.194-3 | ppc64el jfs-modules-4.19.0-19-powerpc64le-di | 4.19.232-1 | ppc64el kernel-image-4.19.0-17-powerpc64le-di | 4.19.194-3 | ppc64el kernel-image-4.19.0-19-powerpc64le-di | 4.19.232-1 | ppc64el linux-headers-4.19.0-17-all-ppc64el | 4.19.194-3 | ppc64el linux-headers-4.19.0-17-powerpc64le | 4.19.194-3 | ppc64el linux-headers-4.19.0-19-all-ppc64el | 4.19.232-1 | ppc64el linux-headers-4.19.0-19-powerpc64le | 4.19.232-1 | ppc64el linux-image-4.19.0-17-powerpc64le | 4.19.194-3 | ppc64el linux-image-4.19.0-17-powerpc64le-dbg | 4.19.194-3 | ppc64el linux-image-4.19.0-19-powerpc64le | 4.19.232-1 | ppc64el linux-image-4.19.0-19-powerpc64le-dbg | 4.19.232-1 | ppc64el loop-modules-4.19.0-17-powerpc64le-di | 4.19.194-3 | ppc64el loop-modules-4.19.0-19-powerpc64le-di | 4.19.232-1 | ppc64el md-modules-4.19.0-17-powerpc64le-di | 4.19.194-3 | ppc64el md-modules-4.19.0-19-powerpc64le-di | 4.19.232-1 | ppc64el mouse-modules-4.19.0-17-powerpc64le-di | 4.19.194-3 | ppc64el mouse-modules-4.19.0-19-powerpc64le-di | 4.19.232-1 | ppc64el mtd-core-modules-4.19.0-17-powerpc64le-di | 4.19.194-3 | ppc64el mtd-core-modules-4.19.0-19-powerpc64le-di | 4.19.232-1 | ppc64el multipath-modules-4.19.0-17-powerpc64le-di | 4.19.194-3 | ppc64el multipath-modules-4.19.0-19-powerpc64le-di | 4.19.232-1 | ppc64el nbd-modules-4.19.0-17-powerpc64le-di | 4.19.194-3 | ppc64el nbd-modules-4.19.0-19-powerpc64le-di | 4.19.232-1 | ppc64el nic-modules-4.19.0-17-powerpc64le-di | 4.19.194-3 | ppc64el nic-modules-4.19.0-19-powerpc64le-di | 4.19.232-1 | ppc64el nic-shared-modules-4.19.0-17-powerpc64le-di | 4.19.194-3 | ppc64el nic-shared-modules-4.19.0-19-powerpc64le-di | 4.19.232-1 | ppc64el nic-usb-modules-4.19.0-17-powerpc64le-di | 4.19.194-3 | ppc64el nic-usb-modules-4.19.0-19-powerpc64le-di | 4.19.232-1 | ppc64el nic-wireless-modules-4.19.0-17-powerpc64le-di | 4.19.194-3 | ppc64el nic-wireless-modules-4.19.0-19-powerpc64le-di | 4.19.232-1 | ppc64el ppp-modules-4.19.0-17-powerpc64le-di | 4.19.194-3 | ppc64el ppp-modules-4.19.0-19-powerpc64le-di | 4.19.232-1 | ppc64el sata-modules-4.19.0-17-powerpc64le-di | 4.19.194-3 | ppc64el sata-modules-4.19.0-19-powerpc64le-di | 4.19.232-1 | ppc64el scsi-core-modules-4.19.0-17-powerpc64le-di | 4.19.194-3 | ppc64el scsi-core-modules-4.19.0-19-powerpc64le-di | 4.19.232-1 | ppc64el scsi-modules-4.19.0-17-powerpc64le-di | 4.19.194-3 | ppc64el scsi-modules-4.19.0-19-powerpc64le-di | 4.19.232-1 | ppc64el scsi-nic-modules-4.19.0-17-powerpc64le-di | 4.19.194-3 | ppc64el scsi-nic-modules-4.19.0-19-powerpc64le-di | 4.19.232-1 | ppc64el serial-modules-4.19.0-17-powerpc64le-di | 4.19.194-3 | ppc64el serial-modules-4.19.0-19-powerpc64le-di | 4.19.232-1 | ppc64el squashfs-modules-4.19.0-17-powerpc64le-di | 4.19.194-3 | ppc64el squashfs-modules-4.19.0-19-powerpc64le-di | 4.19.232-1 | ppc64el udf-modules-4.19.0-17-powerpc64le-di | 4.19.194-3 | ppc64el udf-modules-4.19.0-19-powerpc64le-di | 4.19.232-1 | ppc64el uinput-modules-4.19.0-17-powerpc64le-di | 4.19.194-3 | ppc64el uinput-modules-4.19.0-19-powerpc64le-di | 4.19.232-1 | ppc64el usb-modules-4.19.0-17-powerpc64le-di | 4.19.194-3 | ppc64el usb-modules-4.19.0-19-powerpc64le-di | 4.19.232-1 | ppc64el usb-serial-modules-4.19.0-17-powerpc64le-di | 4.19.194-3 | ppc64el usb-serial-modules-4.19.0-19-powerpc64le-di | 4.19.232-1 | ppc64el usb-storage-modules-4.19.0-17-powerpc64le-di | 4.19.194-3 | ppc64el usb-storage-modules-4.19.0-19-powerpc64le-di | 4.19.232-1 | ppc64el xfs-modules-4.19.0-17-powerpc64le-di | 4.19.194-3 | ppc64el xfs-modules-4.19.0-19-powerpc64le-di | 4.19.232-1 | ppc64el ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 26 Mar 2022 10:54:08 -0000] [ftpmaster: Archive Administrator] Removed the following packages from oldstable: btrfs-modules-4.19.0-17-s390x-di | 4.19.194-3 | s390x btrfs-modules-4.19.0-19-s390x-di | 4.19.232-1 | s390x cdrom-core-modules-4.19.0-17-s390x-di | 4.19.194-3 | s390x cdrom-core-modules-4.19.0-19-s390x-di | 4.19.232-1 | s390x compress-modules-4.19.0-17-s390x-di | 4.19.194-3 | s390x compress-modules-4.19.0-19-s390x-di | 4.19.232-1 | s390x crc-modules-4.19.0-17-s390x-di | 4.19.194-3 | s390x crc-modules-4.19.0-19-s390x-di | 4.19.232-1 | s390x crypto-dm-modules-4.19.0-17-s390x-di | 4.19.194-3 | s390x crypto-dm-modules-4.19.0-19-s390x-di | 4.19.232-1 | s390x crypto-modules-4.19.0-17-s390x-di | 4.19.194-3 | s390x crypto-modules-4.19.0-19-s390x-di | 4.19.232-1 | s390x dasd-extra-modules-4.19.0-17-s390x-di | 4.19.194-3 | s390x dasd-extra-modules-4.19.0-19-s390x-di | 4.19.232-1 | s390x dasd-modules-4.19.0-17-s390x-di | 4.19.194-3 | s390x dasd-modules-4.19.0-19-s390x-di | 4.19.232-1 | s390x ext4-modules-4.19.0-17-s390x-di | 4.19.194-3 | s390x ext4-modules-4.19.0-19-s390x-di | 4.19.232-1 | s390x fat-modules-4.19.0-17-s390x-di | 4.19.194-3 | s390x fat-modules-4.19.0-19-s390x-di | 4.19.232-1 | s390x fuse-modules-4.19.0-17-s390x-di | 4.19.194-3 | s390x fuse-modules-4.19.0-19-s390x-di | 4.19.232-1 | s390x isofs-modules-4.19.0-17-s390x-di | 4.19.194-3 | s390x isofs-modules-4.19.0-19-s390x-di | 4.19.232-1 | s390x kernel-image-4.19.0-17-s390x-di | 4.19.194-3 | s390x kernel-image-4.19.0-19-s390x-di | 4.19.232-1 | s390x linux-headers-4.19.0-17-all-s390x | 4.19.194-3 | s390x linux-headers-4.19.0-17-s390x | 4.19.194-3 | s390x linux-headers-4.19.0-19-all-s390x | 4.19.232-1 | s390x linux-headers-4.19.0-19-s390x | 4.19.232-1 | s390x linux-image-4.19.0-17-s390x | 4.19.194-3 | s390x linux-image-4.19.0-17-s390x-dbg | 4.19.194-3 | s390x linux-image-4.19.0-19-s390x | 4.19.232-1 | s390x linux-image-4.19.0-19-s390x-dbg | 4.19.232-1 | s390x loop-modules-4.19.0-17-s390x-di | 4.19.194-3 | s390x loop-modules-4.19.0-19-s390x-di | 4.19.232-1 | s390x md-modules-4.19.0-17-s390x-di | 4.19.194-3 | s390x md-modules-4.19.0-19-s390x-di | 4.19.232-1 | s390x mtd-core-modules-4.19.0-17-s390x-di | 4.19.194-3 | s390x mtd-core-modules-4.19.0-19-s390x-di | 4.19.232-1 | s390x multipath-modules-4.19.0-17-s390x-di | 4.19.194-3 | s390x multipath-modules-4.19.0-19-s390x-di | 4.19.232-1 | s390x nbd-modules-4.19.0-17-s390x-di | 4.19.194-3 | s390x nbd-modules-4.19.0-19-s390x-di | 4.19.232-1 | s390x nic-modules-4.19.0-17-s390x-di | 4.19.194-3 | s390x nic-modules-4.19.0-19-s390x-di | 4.19.232-1 | s390x scsi-core-modules-4.19.0-17-s390x-di | 4.19.194-3 | s390x scsi-core-modules-4.19.0-19-s390x-di | 4.19.232-1 | s390x scsi-modules-4.19.0-17-s390x-di | 4.19.194-3 | s390x scsi-modules-4.19.0-19-s390x-di | 4.19.232-1 | s390x udf-modules-4.19.0-17-s390x-di | 4.19.194-3 | s390x udf-modules-4.19.0-19-s390x-di | 4.19.232-1 | s390x xfs-modules-4.19.0-17-s390x-di | 4.19.194-3 | s390x xfs-modules-4.19.0-19-s390x-di | 4.19.232-1 | s390x zlib-modules-4.19.0-17-s390x-di | 4.19.194-3 | s390x zlib-modules-4.19.0-19-s390x-di | 4.19.232-1 | s390x ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 26 Mar 2022 10:54:27 -0000] [ftpmaster: Archive Administrator] Removed the following packages from oldstable: linux-headers-4.19.0-17-all | 4.19.194-3 | amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x linux-headers-4.19.0-19-all | 4.19.232-1 | amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 26 Mar 2022 10:54:34 -0000] [ftpmaster: Archive Administrator] Removed the following packages from oldstable: linux-headers-4.19.0-17-all-arm64 | 4.19.194-3 | arm64 linux-headers-4.19.0-17-arm64 | 4.19.194-3 | arm64 linux-headers-4.19.0-17-rt-arm64 | 4.19.194-3 | arm64 linux-headers-4.19.0-19-all-arm64 | 4.19.232-1 | arm64 linux-headers-4.19.0-19-arm64 | 4.19.232-1 | arm64 linux-headers-4.19.0-19-rt-arm64 | 4.19.232-1 | arm64 linux-image-4.19.0-17-arm64-dbg | 4.19.194-3 | arm64 linux-image-4.19.0-17-arm64-unsigned | 4.19.194-3 | arm64 linux-image-4.19.0-17-rt-arm64-dbg | 4.19.194-3 | arm64 linux-image-4.19.0-17-rt-arm64-unsigned | 4.19.194-3 | arm64 linux-image-4.19.0-19-arm64-dbg | 4.19.232-1 | arm64 linux-image-4.19.0-19-arm64-unsigned | 4.19.232-1 | arm64 linux-image-4.19.0-19-rt-arm64-dbg | 4.19.232-1 | arm64 linux-image-4.19.0-19-rt-arm64-unsigned | 4.19.232-1 | arm64 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 26 Mar 2022 10:54:44 -0000] [ftpmaster: Archive Administrator] Removed the following packages from oldstable: btrfs-modules-4.19.0-17-marvell-di | 4.19.194-3 | armel btrfs-modules-4.19.0-19-marvell-di | 4.19.232-1 | armel cdrom-core-modules-4.19.0-17-marvell-di | 4.19.194-3 | armel cdrom-core-modules-4.19.0-19-marvell-di | 4.19.232-1 | armel compress-modules-4.19.0-17-marvell-di | 4.19.194-3 | armel compress-modules-4.19.0-19-marvell-di | 4.19.232-1 | armel crc-modules-4.19.0-17-marvell-di | 4.19.194-3 | armel crc-modules-4.19.0-19-marvell-di | 4.19.232-1 | armel crypto-dm-modules-4.19.0-17-marvell-di | 4.19.194-3 | armel crypto-dm-modules-4.19.0-19-marvell-di | 4.19.232-1 | armel crypto-modules-4.19.0-17-marvell-di | 4.19.194-3 | armel crypto-modules-4.19.0-19-marvell-di | 4.19.232-1 | armel event-modules-4.19.0-17-marvell-di | 4.19.194-3 | armel event-modules-4.19.0-19-marvell-di | 4.19.232-1 | armel ext4-modules-4.19.0-17-marvell-di | 4.19.194-3 | armel ext4-modules-4.19.0-19-marvell-di | 4.19.232-1 | armel fat-modules-4.19.0-17-marvell-di | 4.19.194-3 | armel fat-modules-4.19.0-19-marvell-di | 4.19.232-1 | armel fb-modules-4.19.0-17-marvell-di | 4.19.194-3 | armel fb-modules-4.19.0-19-marvell-di | 4.19.232-1 | armel fuse-modules-4.19.0-17-marvell-di | 4.19.194-3 | armel fuse-modules-4.19.0-19-marvell-di | 4.19.232-1 | armel input-modules-4.19.0-17-marvell-di | 4.19.194-3 | armel input-modules-4.19.0-19-marvell-di | 4.19.232-1 | armel ipv6-modules-4.19.0-17-marvell-di | 4.19.194-3 | armel ipv6-modules-4.19.0-19-marvell-di | 4.19.232-1 | armel isofs-modules-4.19.0-17-marvell-di | 4.19.194-3 | armel isofs-modules-4.19.0-19-marvell-di | 4.19.232-1 | armel jffs2-modules-4.19.0-17-marvell-di | 4.19.194-3 | armel jffs2-modules-4.19.0-19-marvell-di | 4.19.232-1 | armel jfs-modules-4.19.0-17-marvell-di | 4.19.194-3 | armel jfs-modules-4.19.0-19-marvell-di | 4.19.232-1 | armel kernel-image-4.19.0-17-marvell-di | 4.19.194-3 | armel kernel-image-4.19.0-19-marvell-di | 4.19.232-1 | armel leds-modules-4.19.0-17-marvell-di | 4.19.194-3 | armel leds-modules-4.19.0-19-marvell-di | 4.19.232-1 | armel linux-headers-4.19.0-17-all-armel | 4.19.194-3 | armel linux-headers-4.19.0-17-marvell | 4.19.194-3 | armel linux-headers-4.19.0-17-rpi | 4.19.194-3 | armel linux-headers-4.19.0-19-all-armel | 4.19.232-1 | armel linux-headers-4.19.0-19-marvell | 4.19.232-1 | armel linux-headers-4.19.0-19-rpi | 4.19.232-1 | armel linux-image-4.19.0-17-marvell | 4.19.194-3 | armel linux-image-4.19.0-17-marvell-dbg | 4.19.194-3 | armel linux-image-4.19.0-17-rpi | 4.19.194-3 | armel linux-image-4.19.0-17-rpi-dbg | 4.19.194-3 | armel linux-image-4.19.0-19-marvell | 4.19.232-1 | armel linux-image-4.19.0-19-marvell-dbg | 4.19.232-1 | armel linux-image-4.19.0-19-rpi | 4.19.232-1 | armel linux-image-4.19.0-19-rpi-dbg | 4.19.232-1 | armel loop-modules-4.19.0-17-marvell-di | 4.19.194-3 | armel loop-modules-4.19.0-19-marvell-di | 4.19.232-1 | armel md-modules-4.19.0-17-marvell-di | 4.19.194-3 | armel md-modules-4.19.0-19-marvell-di | 4.19.232-1 | armel minix-modules-4.19.0-17-marvell-di | 4.19.194-3 | armel minix-modules-4.19.0-19-marvell-di | 4.19.232-1 | armel mmc-core-modules-4.19.0-17-marvell-di | 4.19.194-3 | armel mmc-core-modules-4.19.0-19-marvell-di | 4.19.232-1 | armel mmc-modules-4.19.0-17-marvell-di | 4.19.194-3 | armel mmc-modules-4.19.0-19-marvell-di | 4.19.232-1 | armel mouse-modules-4.19.0-17-marvell-di | 4.19.194-3 | armel mouse-modules-4.19.0-19-marvell-di | 4.19.232-1 | armel mtd-core-modules-4.19.0-17-marvell-di | 4.19.194-3 | armel mtd-core-modules-4.19.0-19-marvell-di | 4.19.232-1 | armel mtd-modules-4.19.0-17-marvell-di | 4.19.194-3 | armel mtd-modules-4.19.0-19-marvell-di | 4.19.232-1 | armel multipath-modules-4.19.0-17-marvell-di | 4.19.194-3 | armel multipath-modules-4.19.0-19-marvell-di | 4.19.232-1 | armel nbd-modules-4.19.0-17-marvell-di | 4.19.194-3 | armel nbd-modules-4.19.0-19-marvell-di | 4.19.232-1 | armel nic-modules-4.19.0-17-marvell-di | 4.19.194-3 | armel nic-modules-4.19.0-19-marvell-di | 4.19.232-1 | armel nic-shared-modules-4.19.0-17-marvell-di | 4.19.194-3 | armel nic-shared-modules-4.19.0-19-marvell-di | 4.19.232-1 | armel nic-usb-modules-4.19.0-17-marvell-di | 4.19.194-3 | armel nic-usb-modules-4.19.0-19-marvell-di | 4.19.232-1 | armel ppp-modules-4.19.0-17-marvell-di | 4.19.194-3 | armel ppp-modules-4.19.0-19-marvell-di | 4.19.232-1 | armel sata-modules-4.19.0-17-marvell-di | 4.19.194-3 | armel sata-modules-4.19.0-19-marvell-di | 4.19.232-1 | armel scsi-core-modules-4.19.0-17-marvell-di | 4.19.194-3 | armel scsi-core-modules-4.19.0-19-marvell-di | 4.19.232-1 | armel squashfs-modules-4.19.0-17-marvell-di | 4.19.194-3 | armel squashfs-modules-4.19.0-19-marvell-di | 4.19.232-1 | armel udf-modules-4.19.0-17-marvell-di | 4.19.194-3 | armel udf-modules-4.19.0-19-marvell-di | 4.19.232-1 | armel uinput-modules-4.19.0-17-marvell-di | 4.19.194-3 | armel uinput-modules-4.19.0-19-marvell-di | 4.19.232-1 | armel usb-modules-4.19.0-17-marvell-di | 4.19.194-3 | armel usb-modules-4.19.0-19-marvell-di | 4.19.232-1 | armel usb-serial-modules-4.19.0-17-marvell-di | 4.19.194-3 | armel usb-serial-modules-4.19.0-19-marvell-di | 4.19.232-1 | armel usb-storage-modules-4.19.0-17-marvell-di | 4.19.194-3 | armel usb-storage-modules-4.19.0-19-marvell-di | 4.19.232-1 | armel zlib-modules-4.19.0-17-marvell-di | 4.19.194-3 | armel zlib-modules-4.19.0-19-marvell-di | 4.19.232-1 | armel ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 26 Mar 2022 10:54:55 -0000] [ftpmaster: Archive Administrator] Removed the following packages from oldstable: ata-modules-4.19.0-17-armmp-di | 4.19.194-3 | armhf ata-modules-4.19.0-19-armmp-di | 4.19.232-1 | armhf btrfs-modules-4.19.0-17-armmp-di | 4.19.194-3 | armhf btrfs-modules-4.19.0-19-armmp-di | 4.19.232-1 | armhf cdrom-core-modules-4.19.0-17-armmp-di | 4.19.194-3 | armhf cdrom-core-modules-4.19.0-19-armmp-di | 4.19.232-1 | armhf compress-modules-4.19.0-17-armmp-di | 4.19.194-3 | armhf compress-modules-4.19.0-19-armmp-di | 4.19.232-1 | armhf crc-modules-4.19.0-17-armmp-di | 4.19.194-3 | armhf crc-modules-4.19.0-19-armmp-di | 4.19.232-1 | armhf crypto-dm-modules-4.19.0-17-armmp-di | 4.19.194-3 | armhf crypto-dm-modules-4.19.0-19-armmp-di | 4.19.232-1 | armhf crypto-modules-4.19.0-17-armmp-di | 4.19.194-3 | armhf crypto-modules-4.19.0-19-armmp-di | 4.19.232-1 | armhf efi-modules-4.19.0-17-armmp-di | 4.19.194-3 | armhf efi-modules-4.19.0-19-armmp-di | 4.19.232-1 | armhf event-modules-4.19.0-17-armmp-di | 4.19.194-3 | armhf event-modules-4.19.0-19-armmp-di | 4.19.232-1 | armhf ext4-modules-4.19.0-17-armmp-di | 4.19.194-3 | armhf ext4-modules-4.19.0-19-armmp-di | 4.19.232-1 | armhf fat-modules-4.19.0-17-armmp-di | 4.19.194-3 | armhf fat-modules-4.19.0-19-armmp-di | 4.19.232-1 | armhf fb-modules-4.19.0-17-armmp-di | 4.19.194-3 | armhf fb-modules-4.19.0-19-armmp-di | 4.19.232-1 | armhf fuse-modules-4.19.0-17-armmp-di | 4.19.194-3 | armhf fuse-modules-4.19.0-19-armmp-di | 4.19.232-1 | armhf i2c-modules-4.19.0-17-armmp-di | 4.19.194-3 | armhf i2c-modules-4.19.0-19-armmp-di | 4.19.232-1 | armhf input-modules-4.19.0-17-armmp-di | 4.19.194-3 | armhf input-modules-4.19.0-19-armmp-di | 4.19.232-1 | armhf isofs-modules-4.19.0-17-armmp-di | 4.19.194-3 | armhf isofs-modules-4.19.0-19-armmp-di | 4.19.232-1 | armhf jfs-modules-4.19.0-17-armmp-di | 4.19.194-3 | armhf jfs-modules-4.19.0-19-armmp-di | 4.19.232-1 | armhf kernel-image-4.19.0-17-armmp-di | 4.19.194-3 | armhf kernel-image-4.19.0-19-armmp-di | 4.19.232-1 | armhf leds-modules-4.19.0-17-armmp-di | 4.19.194-3 | armhf leds-modules-4.19.0-19-armmp-di | 4.19.232-1 | armhf linux-headers-4.19.0-17-all-armhf | 4.19.194-3 | armhf linux-headers-4.19.0-17-armmp | 4.19.194-3 | armhf linux-headers-4.19.0-17-armmp-lpae | 4.19.194-3 | armhf linux-headers-4.19.0-17-rt-armmp | 4.19.194-3 | armhf linux-headers-4.19.0-19-all-armhf | 4.19.232-1 | armhf linux-headers-4.19.0-19-armmp | 4.19.232-1 | armhf linux-headers-4.19.0-19-armmp-lpae | 4.19.232-1 | armhf linux-headers-4.19.0-19-rt-armmp | 4.19.232-1 | armhf linux-image-4.19.0-17-armmp | 4.19.194-3 | armhf linux-image-4.19.0-17-armmp-dbg | 4.19.194-3 | armhf linux-image-4.19.0-17-armmp-lpae | 4.19.194-3 | armhf linux-image-4.19.0-17-armmp-lpae-dbg | 4.19.194-3 | armhf linux-image-4.19.0-17-rt-armmp | 4.19.194-3 | armhf linux-image-4.19.0-17-rt-armmp-dbg | 4.19.194-3 | armhf linux-image-4.19.0-19-armmp | 4.19.232-1 | armhf linux-image-4.19.0-19-armmp-dbg | 4.19.232-1 | armhf linux-image-4.19.0-19-armmp-lpae | 4.19.232-1 | armhf linux-image-4.19.0-19-armmp-lpae-dbg | 4.19.232-1 | armhf linux-image-4.19.0-19-rt-armmp | 4.19.232-1 | armhf linux-image-4.19.0-19-rt-armmp-dbg | 4.19.232-1 | armhf loop-modules-4.19.0-17-armmp-di | 4.19.194-3 | armhf loop-modules-4.19.0-19-armmp-di | 4.19.232-1 | armhf md-modules-4.19.0-17-armmp-di | 4.19.194-3 | armhf md-modules-4.19.0-19-armmp-di | 4.19.232-1 | armhf mmc-modules-4.19.0-17-armmp-di | 4.19.194-3 | armhf mmc-modules-4.19.0-19-armmp-di | 4.19.232-1 | armhf mtd-modules-4.19.0-17-armmp-di | 4.19.194-3 | armhf mtd-modules-4.19.0-19-armmp-di | 4.19.232-1 | armhf multipath-modules-4.19.0-17-armmp-di | 4.19.194-3 | armhf multipath-modules-4.19.0-19-armmp-di | 4.19.232-1 | armhf nbd-modules-4.19.0-17-armmp-di | 4.19.194-3 | armhf nbd-modules-4.19.0-19-armmp-di | 4.19.232-1 | armhf nic-modules-4.19.0-17-armmp-di | 4.19.194-3 | armhf nic-modules-4.19.0-19-armmp-di | 4.19.232-1 | armhf nic-shared-modules-4.19.0-17-armmp-di | 4.19.194-3 | armhf nic-shared-modules-4.19.0-19-armmp-di | 4.19.232-1 | armhf nic-usb-modules-4.19.0-17-armmp-di | 4.19.194-3 | armhf nic-usb-modules-4.19.0-19-armmp-di | 4.19.232-1 | armhf nic-wireless-modules-4.19.0-17-armmp-di | 4.19.194-3 | armhf nic-wireless-modules-4.19.0-19-armmp-di | 4.19.232-1 | armhf pata-modules-4.19.0-17-armmp-di | 4.19.194-3 | armhf pata-modules-4.19.0-19-armmp-di | 4.19.232-1 | armhf ppp-modules-4.19.0-17-armmp-di | 4.19.194-3 | armhf ppp-modules-4.19.0-19-armmp-di | 4.19.232-1 | armhf sata-modules-4.19.0-17-armmp-di | 4.19.194-3 | armhf sata-modules-4.19.0-19-armmp-di | 4.19.232-1 | armhf scsi-core-modules-4.19.0-17-armmp-di | 4.19.194-3 | armhf scsi-core-modules-4.19.0-19-armmp-di | 4.19.232-1 | armhf scsi-modules-4.19.0-17-armmp-di | 4.19.194-3 | armhf scsi-modules-4.19.0-19-armmp-di | 4.19.232-1 | armhf scsi-nic-modules-4.19.0-17-armmp-di | 4.19.194-3 | armhf scsi-nic-modules-4.19.0-19-armmp-di | 4.19.232-1 | armhf squashfs-modules-4.19.0-17-armmp-di | 4.19.194-3 | armhf squashfs-modules-4.19.0-19-armmp-di | 4.19.232-1 | armhf udf-modules-4.19.0-17-armmp-di | 4.19.194-3 | armhf udf-modules-4.19.0-19-armmp-di | 4.19.232-1 | armhf uinput-modules-4.19.0-17-armmp-di | 4.19.194-3 | armhf uinput-modules-4.19.0-19-armmp-di | 4.19.232-1 | armhf usb-modules-4.19.0-17-armmp-di | 4.19.194-3 | armhf usb-modules-4.19.0-19-armmp-di | 4.19.232-1 | armhf usb-serial-modules-4.19.0-17-armmp-di | 4.19.194-3 | armhf usb-serial-modules-4.19.0-19-armmp-di | 4.19.232-1 | armhf usb-storage-modules-4.19.0-17-armmp-di | 4.19.194-3 | armhf usb-storage-modules-4.19.0-19-armmp-di | 4.19.232-1 | armhf zlib-modules-4.19.0-17-armmp-di | 4.19.194-3 | armhf zlib-modules-4.19.0-19-armmp-di | 4.19.232-1 | armhf ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 26 Mar 2022 10:55:04 -0000] [ftpmaster: Archive Administrator] Removed the following packages from oldstable: linux-headers-4.19.0-17-686 | 4.19.194-3 | i386 linux-headers-4.19.0-17-686-pae | 4.19.194-3 | i386 linux-headers-4.19.0-17-all-i386 | 4.19.194-3 | i386 linux-headers-4.19.0-17-rt-686-pae | 4.19.194-3 | i386 linux-headers-4.19.0-19-686 | 4.19.232-1 | i386 linux-headers-4.19.0-19-686-pae | 4.19.232-1 | i386 linux-headers-4.19.0-19-all-i386 | 4.19.232-1 | i386 linux-headers-4.19.0-19-rt-686-pae | 4.19.232-1 | i386 linux-image-4.19.0-17-686-dbg | 4.19.194-3 | i386 linux-image-4.19.0-17-686-pae-dbg | 4.19.194-3 | i386 linux-image-4.19.0-17-686-pae-unsigned | 4.19.194-3 | i386 linux-image-4.19.0-17-686-unsigned | 4.19.194-3 | i386 linux-image-4.19.0-17-rt-686-pae-dbg | 4.19.194-3 | i386 linux-image-4.19.0-17-rt-686-pae-unsigned | 4.19.194-3 | i386 linux-image-4.19.0-19-686-dbg | 4.19.232-1 | i386 linux-image-4.19.0-19-686-pae-dbg | 4.19.232-1 | i386 linux-image-4.19.0-19-686-pae-unsigned | 4.19.232-1 | i386 linux-image-4.19.0-19-686-unsigned | 4.19.232-1 | i386 linux-image-4.19.0-19-rt-686-pae-dbg | 4.19.232-1 | i386 linux-image-4.19.0-19-rt-686-pae-unsigned | 4.19.232-1 | i386 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 26 Mar 2022 10:55:11 -0000] [ftpmaster: Archive Administrator] Removed the following packages from oldstable: linux-headers-4.19.0-17-all-mips | 4.19.194-3 | mips linux-headers-4.19.0-19-all-mips | 4.19.232-1 | mips ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 26 Mar 2022 10:55:22 -0000] [ftpmaster: Archive Administrator] Removed the following packages from oldstable: affs-modules-4.19.0-17-octeon-di | 4.19.194-3 | mips, mips64el, mipsel affs-modules-4.19.0-19-octeon-di | 4.19.232-1 | mips, mips64el, mipsel btrfs-modules-4.19.0-17-octeon-di | 4.19.194-3 | mips, mips64el, mipsel btrfs-modules-4.19.0-19-octeon-di | 4.19.232-1 | mips, mips64el, mipsel cdrom-core-modules-4.19.0-17-octeon-di | 4.19.194-3 | mips, mips64el, mipsel cdrom-core-modules-4.19.0-19-octeon-di | 4.19.232-1 | mips, mips64el, mipsel compress-modules-4.19.0-17-octeon-di | 4.19.194-3 | mips, mips64el, mipsel compress-modules-4.19.0-19-octeon-di | 4.19.232-1 | mips, mips64el, mipsel crc-modules-4.19.0-17-octeon-di | 4.19.194-3 | mips, mips64el, mipsel crc-modules-4.19.0-19-octeon-di | 4.19.232-1 | mips, mips64el, mipsel crypto-dm-modules-4.19.0-17-octeon-di | 4.19.194-3 | mips, mips64el, mipsel crypto-dm-modules-4.19.0-19-octeon-di | 4.19.232-1 | mips, mips64el, mipsel crypto-modules-4.19.0-17-octeon-di | 4.19.194-3 | mips, mips64el, mipsel crypto-modules-4.19.0-19-octeon-di | 4.19.232-1 | mips, mips64el, mipsel event-modules-4.19.0-17-octeon-di | 4.19.194-3 | mips, mips64el, mipsel event-modules-4.19.0-19-octeon-di | 4.19.232-1 | mips, mips64el, mipsel ext4-modules-4.19.0-17-octeon-di | 4.19.194-3 | mips, mips64el, mipsel ext4-modules-4.19.0-19-octeon-di | 4.19.232-1 | mips, mips64el, mipsel fat-modules-4.19.0-17-octeon-di | 4.19.194-3 | mips, mips64el, mipsel fat-modules-4.19.0-19-octeon-di | 4.19.232-1 | mips, mips64el, mipsel fuse-modules-4.19.0-17-octeon-di | 4.19.194-3 | mips, mips64el, mipsel fuse-modules-4.19.0-19-octeon-di | 4.19.232-1 | mips, mips64el, mipsel hfs-modules-4.19.0-17-octeon-di | 4.19.194-3 | mips, mips64el, mipsel hfs-modules-4.19.0-19-octeon-di | 4.19.232-1 | mips, mips64el, mipsel input-modules-4.19.0-17-octeon-di | 4.19.194-3 | mips, mips64el, mipsel input-modules-4.19.0-19-octeon-di | 4.19.232-1 | mips, mips64el, mipsel isofs-modules-4.19.0-17-octeon-di | 4.19.194-3 | mips, mips64el, mipsel isofs-modules-4.19.0-19-octeon-di | 4.19.232-1 | mips, mips64el, mipsel jfs-modules-4.19.0-17-octeon-di | 4.19.194-3 | mips, mips64el, mipsel jfs-modules-4.19.0-19-octeon-di | 4.19.232-1 | mips, mips64el, mipsel kernel-image-4.19.0-17-octeon-di | 4.19.194-3 | mips, mips64el, mipsel kernel-image-4.19.0-19-octeon-di | 4.19.232-1 | mips, mips64el, mipsel linux-headers-4.19.0-17-5kc-malta | 4.19.194-3 | mips, mips64el, mipsel linux-headers-4.19.0-17-octeon | 4.19.194-3 | mips, mips64el, mipsel linux-headers-4.19.0-19-5kc-malta | 4.19.232-1 | mips, mips64el, mipsel linux-headers-4.19.0-19-octeon | 4.19.232-1 | mips, mips64el, mipsel linux-image-4.19.0-17-5kc-malta | 4.19.194-3 | mips, mips64el, mipsel linux-image-4.19.0-17-5kc-malta-dbg | 4.19.194-3 | mips, mips64el, mipsel linux-image-4.19.0-17-octeon | 4.19.194-3 | mips, mips64el, mipsel linux-image-4.19.0-17-octeon-dbg | 4.19.194-3 | mips, mips64el, mipsel linux-image-4.19.0-19-5kc-malta | 4.19.232-1 | mips, mips64el, mipsel linux-image-4.19.0-19-5kc-malta-dbg | 4.19.232-1 | mips, mips64el, mipsel linux-image-4.19.0-19-octeon | 4.19.232-1 | mips, mips64el, mipsel linux-image-4.19.0-19-octeon-dbg | 4.19.232-1 | mips, mips64el, mipsel loop-modules-4.19.0-17-octeon-di | 4.19.194-3 | mips, mips64el, mipsel loop-modules-4.19.0-19-octeon-di | 4.19.232-1 | mips, mips64el, mipsel md-modules-4.19.0-17-octeon-di | 4.19.194-3 | mips, mips64el, mipsel md-modules-4.19.0-19-octeon-di | 4.19.232-1 | mips, mips64el, mipsel minix-modules-4.19.0-17-octeon-di | 4.19.194-3 | mips, mips64el, mipsel minix-modules-4.19.0-19-octeon-di | 4.19.232-1 | mips, mips64el, mipsel multipath-modules-4.19.0-17-octeon-di | 4.19.194-3 | mips, mips64el, mipsel multipath-modules-4.19.0-19-octeon-di | 4.19.232-1 | mips, mips64el, mipsel nbd-modules-4.19.0-17-octeon-di | 4.19.194-3 | mips, mips64el, mipsel nbd-modules-4.19.0-19-octeon-di | 4.19.232-1 | mips, mips64el, mipsel nic-modules-4.19.0-17-octeon-di | 4.19.194-3 | mips, mips64el, mipsel nic-modules-4.19.0-19-octeon-di | 4.19.232-1 | mips, mips64el, mipsel nic-shared-modules-4.19.0-17-octeon-di | 4.19.194-3 | mips, mips64el, mipsel nic-shared-modules-4.19.0-19-octeon-di | 4.19.232-1 | mips, mips64el, mipsel nic-usb-modules-4.19.0-17-octeon-di | 4.19.194-3 | mips, mips64el, mipsel nic-usb-modules-4.19.0-19-octeon-di | 4.19.232-1 | mips, mips64el, mipsel nic-wireless-modules-4.19.0-17-octeon-di | 4.19.194-3 | mips, mips64el, mipsel nic-wireless-modules-4.19.0-19-octeon-di | 4.19.232-1 | mips, mips64el, mipsel pata-modules-4.19.0-17-octeon-di | 4.19.194-3 | mips, mips64el, mipsel pata-modules-4.19.0-19-octeon-di | 4.19.232-1 | mips, mips64el, mipsel ppp-modules-4.19.0-17-octeon-di | 4.19.194-3 | mips, mips64el, mipsel ppp-modules-4.19.0-19-octeon-di | 4.19.232-1 | mips, mips64el, mipsel rtc-modules-4.19.0-17-octeon-di | 4.19.194-3 | mips, mips64el, mipsel rtc-modules-4.19.0-19-octeon-di | 4.19.232-1 | mips, mips64el, mipsel sata-modules-4.19.0-17-octeon-di | 4.19.194-3 | mips, mips64el, mipsel sata-modules-4.19.0-19-octeon-di | 4.19.232-1 | mips, mips64el, mipsel scsi-core-modules-4.19.0-17-octeon-di | 4.19.194-3 | mips, mips64el, mipsel scsi-core-modules-4.19.0-19-octeon-di | 4.19.232-1 | mips, mips64el, mipsel scsi-modules-4.19.0-17-octeon-di | 4.19.194-3 | mips, mips64el, mipsel scsi-modules-4.19.0-19-octeon-di | 4.19.232-1 | mips, mips64el, mipsel scsi-nic-modules-4.19.0-17-octeon-di | 4.19.194-3 | mips, mips64el, mipsel scsi-nic-modules-4.19.0-19-octeon-di | 4.19.232-1 | mips, mips64el, mipsel sound-modules-4.19.0-17-octeon-di | 4.19.194-3 | mips, mips64el, mipsel sound-modules-4.19.0-19-octeon-di | 4.19.232-1 | mips, mips64el, mipsel squashfs-modules-4.19.0-17-octeon-di | 4.19.194-3 | mips, mips64el, mipsel squashfs-modules-4.19.0-19-octeon-di | 4.19.232-1 | mips, mips64el, mipsel udf-modules-4.19.0-17-octeon-di | 4.19.194-3 | mips, mips64el, mipsel udf-modules-4.19.0-19-octeon-di | 4.19.232-1 | mips, mips64el, mipsel usb-modules-4.19.0-17-octeon-di | 4.19.194-3 | mips, mips64el, mipsel usb-modules-4.19.0-19-octeon-di | 4.19.232-1 | mips, mips64el, mipsel usb-serial-modules-4.19.0-17-octeon-di | 4.19.194-3 | mips, mips64el, mipsel usb-serial-modules-4.19.0-19-octeon-di | 4.19.232-1 | mips, mips64el, mipsel usb-storage-modules-4.19.0-17-octeon-di | 4.19.194-3 | mips, mips64el, mipsel usb-storage-modules-4.19.0-19-octeon-di | 4.19.232-1 | mips, mips64el, mipsel xfs-modules-4.19.0-17-octeon-di | 4.19.194-3 | mips, mips64el, mipsel xfs-modules-4.19.0-19-octeon-di | 4.19.232-1 | mips, mips64el, mipsel zlib-modules-4.19.0-17-octeon-di | 4.19.194-3 | mips, mips64el, mipsel zlib-modules-4.19.0-19-octeon-di | 4.19.232-1 | mips, mips64el, mipsel ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 26 Mar 2022 10:55:32 -0000] [ftpmaster: Archive Administrator] Removed the following packages from oldstable: affs-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel affs-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel ata-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel ata-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel btrfs-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel btrfs-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel cdrom-core-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel cdrom-core-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel compress-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel compress-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel crc-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel crc-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel crypto-dm-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel crypto-dm-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel crypto-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel crypto-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel event-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel event-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel ext4-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel ext4-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel fat-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel fat-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel fb-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel fb-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel fuse-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel fuse-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel hfs-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel hfs-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel i2c-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel i2c-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel input-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel input-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel isofs-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel isofs-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel jfs-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel jfs-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel kernel-image-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel kernel-image-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel linux-headers-4.19.0-17-4kc-malta | 4.19.194-3 | mips, mipsel linux-headers-4.19.0-19-4kc-malta | 4.19.232-1 | mips, mipsel linux-image-4.19.0-17-4kc-malta | 4.19.194-3 | mips, mipsel linux-image-4.19.0-17-4kc-malta-dbg | 4.19.194-3 | mips, mipsel linux-image-4.19.0-19-4kc-malta | 4.19.232-1 | mips, mipsel linux-image-4.19.0-19-4kc-malta-dbg | 4.19.232-1 | mips, mipsel loop-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel loop-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel md-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel md-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel minix-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel minix-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel mmc-core-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel mmc-core-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel mmc-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel mmc-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel mouse-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel mouse-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel mtd-core-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel mtd-core-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel multipath-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel multipath-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel nbd-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel nbd-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel nic-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel nic-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel nic-shared-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel nic-shared-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel nic-usb-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel nic-usb-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel nic-wireless-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel nic-wireless-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel pata-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel pata-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel ppp-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel ppp-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel sata-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel sata-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel scsi-core-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel scsi-core-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel scsi-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel scsi-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel scsi-nic-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel scsi-nic-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel sound-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel sound-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel squashfs-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel squashfs-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel udf-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel udf-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel usb-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel usb-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel usb-serial-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel usb-serial-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel usb-storage-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel usb-storage-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel xfs-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel xfs-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel zlib-modules-4.19.0-17-4kc-malta-di | 4.19.194-3 | mips, mipsel zlib-modules-4.19.0-19-4kc-malta-di | 4.19.232-1 | mips, mipsel ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 26 Mar 2022 10:55:39 -0000] [ftpmaster: Archive Administrator] Removed the following packages from oldstable: affs-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el affs-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el ata-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el ata-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el btrfs-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el btrfs-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el cdrom-core-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el cdrom-core-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el compress-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el compress-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el crc-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el crc-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el crypto-dm-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el crypto-dm-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el crypto-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el crypto-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el event-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el event-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el ext4-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el ext4-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el fat-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el fat-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el fb-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el fb-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el fuse-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el fuse-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el hfs-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el hfs-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el i2c-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el i2c-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el input-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el input-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el isofs-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el isofs-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el jfs-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el jfs-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el kernel-image-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el kernel-image-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el linux-headers-4.19.0-17-all-mips64el | 4.19.194-3 | mips64el linux-headers-4.19.0-19-all-mips64el | 4.19.232-1 | mips64el loop-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el loop-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el md-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el md-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el minix-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el minix-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el mmc-core-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el mmc-core-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el mmc-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el mmc-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el mouse-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el mouse-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el mtd-core-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el mtd-core-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el multipath-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el multipath-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el nbd-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el nbd-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el nic-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el nic-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el nic-shared-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el nic-shared-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el nic-usb-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el nic-usb-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el nic-wireless-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el nic-wireless-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el pata-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el pata-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el ppp-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el ppp-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el sata-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el sata-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el scsi-core-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el scsi-core-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el scsi-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el scsi-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el scsi-nic-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el scsi-nic-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el sound-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el sound-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el squashfs-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el squashfs-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el udf-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el udf-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el usb-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el usb-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el usb-serial-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el usb-serial-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el usb-storage-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el usb-storage-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el xfs-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el xfs-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el zlib-modules-4.19.0-17-5kc-malta-di | 4.19.194-3 | mips64el zlib-modules-4.19.0-19-5kc-malta-di | 4.19.232-1 | mips64el ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 26 Mar 2022 10:55:47 -0000] [ftpmaster: Archive Administrator] Removed the following packages from oldstable: acpi-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 acpi-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 ata-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 ata-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 btrfs-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 btrfs-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 cdrom-core-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 cdrom-core-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 compress-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 compress-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 crc-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 crc-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 crypto-dm-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 crypto-dm-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 crypto-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 crypto-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 efi-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 efi-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 event-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 event-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 ext4-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 ext4-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 fat-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 fat-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 fb-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 fb-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 firewire-core-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 firewire-core-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 fuse-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 fuse-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 i2c-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 i2c-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 input-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 input-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 isofs-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 isofs-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 jfs-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 jfs-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 kernel-image-4.19.0-17-amd64-di | 4.19.194-3 | amd64 kernel-image-4.19.0-19-amd64-di | 4.19.232-1 | amd64 linux-image-4.19.0-17-amd64 | 4.19.194-3 | amd64 linux-image-4.19.0-17-cloud-amd64 | 4.19.194-3 | amd64 linux-image-4.19.0-17-rt-amd64 | 4.19.194-3 | amd64 linux-image-4.19.0-19-amd64 | 4.19.232-1 | amd64 linux-image-4.19.0-19-cloud-amd64 | 4.19.232-1 | amd64 linux-image-4.19.0-19-rt-amd64 | 4.19.232-1 | amd64 loop-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 loop-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 md-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 md-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 mmc-core-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 mmc-core-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 mmc-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 mmc-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 mouse-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 mouse-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 mtd-core-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 mtd-core-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 multipath-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 multipath-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 nbd-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 nbd-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 nic-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 nic-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 nic-pcmcia-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 nic-pcmcia-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 nic-shared-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 nic-shared-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 nic-usb-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 nic-usb-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 nic-wireless-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 nic-wireless-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 pata-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 pata-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 pcmcia-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 pcmcia-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 pcmcia-storage-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 pcmcia-storage-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 ppp-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 ppp-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 sata-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 sata-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 scsi-core-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 scsi-core-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 scsi-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 scsi-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 scsi-nic-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 scsi-nic-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 serial-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 serial-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 sound-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 sound-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 speakup-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 speakup-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 squashfs-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 squashfs-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 udf-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 udf-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 uinput-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 uinput-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 usb-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 usb-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 usb-serial-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 usb-serial-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 usb-storage-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 usb-storage-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 xfs-modules-4.19.0-17-amd64-di | 4.19.194-3 | amd64 xfs-modules-4.19.0-19-amd64-di | 4.19.232-1 | amd64 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux-signed-amd64) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 26 Mar 2022 10:55:55 -0000] [ftpmaster: Archive Administrator] Removed the following packages from oldstable: ata-modules-4.19.0-17-arm64-di | 4.19.194-3 | arm64 ata-modules-4.19.0-19-arm64-di | 4.19.232-1 | arm64 btrfs-modules-4.19.0-17-arm64-di | 4.19.194-3 | arm64 btrfs-modules-4.19.0-19-arm64-di | 4.19.232-1 | arm64 cdrom-core-modules-4.19.0-17-arm64-di | 4.19.194-3 | arm64 cdrom-core-modules-4.19.0-19-arm64-di | 4.19.232-1 | arm64 compress-modules-4.19.0-17-arm64-di | 4.19.194-3 | arm64 compress-modules-4.19.0-19-arm64-di | 4.19.232-1 | arm64 crc-modules-4.19.0-17-arm64-di | 4.19.194-3 | arm64 crc-modules-4.19.0-19-arm64-di | 4.19.232-1 | arm64 crypto-dm-modules-4.19.0-17-arm64-di | 4.19.194-3 | arm64 crypto-dm-modules-4.19.0-19-arm64-di | 4.19.232-1 | arm64 crypto-modules-4.19.0-17-arm64-di | 4.19.194-3 | arm64 crypto-modules-4.19.0-19-arm64-di | 4.19.232-1 | arm64 efi-modules-4.19.0-17-arm64-di | 4.19.194-3 | arm64 efi-modules-4.19.0-19-arm64-di | 4.19.232-1 | arm64 event-modules-4.19.0-17-arm64-di | 4.19.194-3 | arm64 event-modules-4.19.0-19-arm64-di | 4.19.232-1 | arm64 ext4-modules-4.19.0-17-arm64-di | 4.19.194-3 | arm64 ext4-modules-4.19.0-19-arm64-di | 4.19.232-1 | arm64 fat-modules-4.19.0-17-arm64-di | 4.19.194-3 | arm64 fat-modules-4.19.0-19-arm64-di | 4.19.232-1 | arm64 fb-modules-4.19.0-17-arm64-di | 4.19.194-3 | arm64 fb-modules-4.19.0-19-arm64-di | 4.19.232-1 | arm64 fuse-modules-4.19.0-17-arm64-di | 4.19.194-3 | arm64 fuse-modules-4.19.0-19-arm64-di | 4.19.232-1 | arm64 i2c-modules-4.19.0-17-arm64-di | 4.19.194-3 | arm64 i2c-modules-4.19.0-19-arm64-di | 4.19.232-1 | arm64 input-modules-4.19.0-17-arm64-di | 4.19.194-3 | arm64 input-modules-4.19.0-19-arm64-di | 4.19.232-1 | arm64 isofs-modules-4.19.0-17-arm64-di | 4.19.194-3 | arm64 isofs-modules-4.19.0-19-arm64-di | 4.19.232-1 | arm64 jfs-modules-4.19.0-17-arm64-di | 4.19.194-3 | arm64 jfs-modules-4.19.0-19-arm64-di | 4.19.232-1 | arm64 kernel-image-4.19.0-17-arm64-di | 4.19.194-3 | arm64 kernel-image-4.19.0-19-arm64-di | 4.19.232-1 | arm64 leds-modules-4.19.0-17-arm64-di | 4.19.194-3 | arm64 leds-modules-4.19.0-19-arm64-di | 4.19.232-1 | arm64 linux-image-4.19.0-17-arm64 | 4.19.194-3 | arm64 linux-image-4.19.0-17-rt-arm64 | 4.19.194-3 | arm64 linux-image-4.19.0-19-arm64 | 4.19.232-1 | arm64 linux-image-4.19.0-19-rt-arm64 | 4.19.232-1 | arm64 loop-modules-4.19.0-17-arm64-di | 4.19.194-3 | arm64 loop-modules-4.19.0-19-arm64-di | 4.19.232-1 | arm64 md-modules-4.19.0-17-arm64-di | 4.19.194-3 | arm64 md-modules-4.19.0-19-arm64-di | 4.19.232-1 | arm64 mmc-modules-4.19.0-17-arm64-di | 4.19.194-3 | arm64 mmc-modules-4.19.0-19-arm64-di | 4.19.232-1 | arm64 mtd-core-modules-4.19.0-17-arm64-di | 4.19.194-3 | arm64 mtd-core-modules-4.19.0-19-arm64-di | 4.19.232-1 | arm64 multipath-modules-4.19.0-17-arm64-di | 4.19.194-3 | arm64 multipath-modules-4.19.0-19-arm64-di | 4.19.232-1 | arm64 nbd-modules-4.19.0-17-arm64-di | 4.19.194-3 | arm64 nbd-modules-4.19.0-19-arm64-di | 4.19.232-1 | arm64 nic-modules-4.19.0-17-arm64-di | 4.19.194-3 | arm64 nic-modules-4.19.0-19-arm64-di | 4.19.232-1 | arm64 nic-shared-modules-4.19.0-17-arm64-di | 4.19.194-3 | arm64 nic-shared-modules-4.19.0-19-arm64-di | 4.19.232-1 | arm64 nic-usb-modules-4.19.0-17-arm64-di | 4.19.194-3 | arm64 nic-usb-modules-4.19.0-19-arm64-di | 4.19.232-1 | arm64 nic-wireless-modules-4.19.0-17-arm64-di | 4.19.194-3 | arm64 nic-wireless-modules-4.19.0-19-arm64-di | 4.19.232-1 | arm64 ppp-modules-4.19.0-17-arm64-di | 4.19.194-3 | arm64 ppp-modules-4.19.0-19-arm64-di | 4.19.232-1 | arm64 sata-modules-4.19.0-17-arm64-di | 4.19.194-3 | arm64 sata-modules-4.19.0-19-arm64-di | 4.19.232-1 | arm64 scsi-core-modules-4.19.0-17-arm64-di | 4.19.194-3 | arm64 scsi-core-modules-4.19.0-19-arm64-di | 4.19.232-1 | arm64 scsi-modules-4.19.0-17-arm64-di | 4.19.194-3 | arm64 scsi-modules-4.19.0-19-arm64-di | 4.19.232-1 | arm64 scsi-nic-modules-4.19.0-17-arm64-di | 4.19.194-3 | arm64 scsi-nic-modules-4.19.0-19-arm64-di | 4.19.232-1 | arm64 squashfs-modules-4.19.0-17-arm64-di | 4.19.194-3 | arm64 squashfs-modules-4.19.0-19-arm64-di | 4.19.232-1 | arm64 udf-modules-4.19.0-17-arm64-di | 4.19.194-3 | arm64 udf-modules-4.19.0-19-arm64-di | 4.19.232-1 | arm64 uinput-modules-4.19.0-17-arm64-di | 4.19.194-3 | arm64 uinput-modules-4.19.0-19-arm64-di | 4.19.232-1 | arm64 usb-modules-4.19.0-17-arm64-di | 4.19.194-3 | arm64 usb-modules-4.19.0-19-arm64-di | 4.19.232-1 | arm64 usb-serial-modules-4.19.0-17-arm64-di | 4.19.194-3 | arm64 usb-serial-modules-4.19.0-19-arm64-di | 4.19.232-1 | arm64 usb-storage-modules-4.19.0-17-arm64-di | 4.19.194-3 | arm64 usb-storage-modules-4.19.0-19-arm64-di | 4.19.232-1 | arm64 xfs-modules-4.19.0-17-arm64-di | 4.19.194-3 | arm64 xfs-modules-4.19.0-19-arm64-di | 4.19.232-1 | arm64 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux-signed-arm64) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 26 Mar 2022 10:56:03 -0000] [ftpmaster: Archive Administrator] Removed the following packages from oldstable: acpi-modules-4.19.0-17-686-di | 4.19.194-3 | i386 acpi-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 acpi-modules-4.19.0-19-686-di | 4.19.232-1 | i386 acpi-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 ata-modules-4.19.0-17-686-di | 4.19.194-3 | i386 ata-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 ata-modules-4.19.0-19-686-di | 4.19.232-1 | i386 ata-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 btrfs-modules-4.19.0-17-686-di | 4.19.194-3 | i386 btrfs-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 btrfs-modules-4.19.0-19-686-di | 4.19.232-1 | i386 btrfs-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 cdrom-core-modules-4.19.0-17-686-di | 4.19.194-3 | i386 cdrom-core-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 cdrom-core-modules-4.19.0-19-686-di | 4.19.232-1 | i386 cdrom-core-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 compress-modules-4.19.0-17-686-di | 4.19.194-3 | i386 compress-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 compress-modules-4.19.0-19-686-di | 4.19.232-1 | i386 compress-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 crc-modules-4.19.0-17-686-di | 4.19.194-3 | i386 crc-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 crc-modules-4.19.0-19-686-di | 4.19.232-1 | i386 crc-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 crypto-dm-modules-4.19.0-17-686-di | 4.19.194-3 | i386 crypto-dm-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 crypto-dm-modules-4.19.0-19-686-di | 4.19.232-1 | i386 crypto-dm-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 crypto-modules-4.19.0-17-686-di | 4.19.194-3 | i386 crypto-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 crypto-modules-4.19.0-19-686-di | 4.19.232-1 | i386 crypto-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 efi-modules-4.19.0-17-686-di | 4.19.194-3 | i386 efi-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 efi-modules-4.19.0-19-686-di | 4.19.232-1 | i386 efi-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 event-modules-4.19.0-17-686-di | 4.19.194-3 | i386 event-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 event-modules-4.19.0-19-686-di | 4.19.232-1 | i386 event-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 ext4-modules-4.19.0-17-686-di | 4.19.194-3 | i386 ext4-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 ext4-modules-4.19.0-19-686-di | 4.19.232-1 | i386 ext4-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 fat-modules-4.19.0-17-686-di | 4.19.194-3 | i386 fat-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 fat-modules-4.19.0-19-686-di | 4.19.232-1 | i386 fat-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 fb-modules-4.19.0-17-686-di | 4.19.194-3 | i386 fb-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 fb-modules-4.19.0-19-686-di | 4.19.232-1 | i386 fb-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 firewire-core-modules-4.19.0-17-686-di | 4.19.194-3 | i386 firewire-core-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 firewire-core-modules-4.19.0-19-686-di | 4.19.232-1 | i386 firewire-core-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 fuse-modules-4.19.0-17-686-di | 4.19.194-3 | i386 fuse-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 fuse-modules-4.19.0-19-686-di | 4.19.232-1 | i386 fuse-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 i2c-modules-4.19.0-17-686-di | 4.19.194-3 | i386 i2c-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 i2c-modules-4.19.0-19-686-di | 4.19.232-1 | i386 i2c-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 input-modules-4.19.0-17-686-di | 4.19.194-3 | i386 input-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 input-modules-4.19.0-19-686-di | 4.19.232-1 | i386 input-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 isofs-modules-4.19.0-17-686-di | 4.19.194-3 | i386 isofs-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 isofs-modules-4.19.0-19-686-di | 4.19.232-1 | i386 isofs-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 jfs-modules-4.19.0-17-686-di | 4.19.194-3 | i386 jfs-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 jfs-modules-4.19.0-19-686-di | 4.19.232-1 | i386 jfs-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 kernel-image-4.19.0-17-686-di | 4.19.194-3 | i386 kernel-image-4.19.0-17-686-pae-di | 4.19.194-3 | i386 kernel-image-4.19.0-19-686-di | 4.19.232-1 | i386 kernel-image-4.19.0-19-686-pae-di | 4.19.232-1 | i386 linux-image-4.19.0-17-686 | 4.19.194-3 | i386 linux-image-4.19.0-17-686-pae | 4.19.194-3 | i386 linux-image-4.19.0-17-rt-686-pae | 4.19.194-3 | i386 linux-image-4.19.0-19-686 | 4.19.232-1 | i386 linux-image-4.19.0-19-686-pae | 4.19.232-1 | i386 linux-image-4.19.0-19-rt-686-pae | 4.19.232-1 | i386 loop-modules-4.19.0-17-686-di | 4.19.194-3 | i386 loop-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 loop-modules-4.19.0-19-686-di | 4.19.232-1 | i386 loop-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 md-modules-4.19.0-17-686-di | 4.19.194-3 | i386 md-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 md-modules-4.19.0-19-686-di | 4.19.232-1 | i386 md-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 mmc-core-modules-4.19.0-17-686-di | 4.19.194-3 | i386 mmc-core-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 mmc-core-modules-4.19.0-19-686-di | 4.19.232-1 | i386 mmc-core-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 mmc-modules-4.19.0-17-686-di | 4.19.194-3 | i386 mmc-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 mmc-modules-4.19.0-19-686-di | 4.19.232-1 | i386 mmc-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 mouse-modules-4.19.0-17-686-di | 4.19.194-3 | i386 mouse-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 mouse-modules-4.19.0-19-686-di | 4.19.232-1 | i386 mouse-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 mtd-core-modules-4.19.0-17-686-di | 4.19.194-3 | i386 mtd-core-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 mtd-core-modules-4.19.0-19-686-di | 4.19.232-1 | i386 mtd-core-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 multipath-modules-4.19.0-17-686-di | 4.19.194-3 | i386 multipath-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 multipath-modules-4.19.0-19-686-di | 4.19.232-1 | i386 multipath-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 nbd-modules-4.19.0-17-686-di | 4.19.194-3 | i386 nbd-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 nbd-modules-4.19.0-19-686-di | 4.19.232-1 | i386 nbd-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 nic-modules-4.19.0-17-686-di | 4.19.194-3 | i386 nic-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 nic-modules-4.19.0-19-686-di | 4.19.232-1 | i386 nic-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 nic-pcmcia-modules-4.19.0-17-686-di | 4.19.194-3 | i386 nic-pcmcia-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 nic-pcmcia-modules-4.19.0-19-686-di | 4.19.232-1 | i386 nic-pcmcia-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 nic-shared-modules-4.19.0-17-686-di | 4.19.194-3 | i386 nic-shared-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 nic-shared-modules-4.19.0-19-686-di | 4.19.232-1 | i386 nic-shared-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 nic-usb-modules-4.19.0-17-686-di | 4.19.194-3 | i386 nic-usb-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 nic-usb-modules-4.19.0-19-686-di | 4.19.232-1 | i386 nic-usb-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 nic-wireless-modules-4.19.0-17-686-di | 4.19.194-3 | i386 nic-wireless-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 nic-wireless-modules-4.19.0-19-686-di | 4.19.232-1 | i386 nic-wireless-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 pata-modules-4.19.0-17-686-di | 4.19.194-3 | i386 pata-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 pata-modules-4.19.0-19-686-di | 4.19.232-1 | i386 pata-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 pcmcia-modules-4.19.0-17-686-di | 4.19.194-3 | i386 pcmcia-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 pcmcia-modules-4.19.0-19-686-di | 4.19.232-1 | i386 pcmcia-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 pcmcia-storage-modules-4.19.0-17-686-di | 4.19.194-3 | i386 pcmcia-storage-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 pcmcia-storage-modules-4.19.0-19-686-di | 4.19.232-1 | i386 pcmcia-storage-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 ppp-modules-4.19.0-17-686-di | 4.19.194-3 | i386 ppp-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 ppp-modules-4.19.0-19-686-di | 4.19.232-1 | i386 ppp-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 sata-modules-4.19.0-17-686-di | 4.19.194-3 | i386 sata-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 sata-modules-4.19.0-19-686-di | 4.19.232-1 | i386 sata-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 scsi-core-modules-4.19.0-17-686-di | 4.19.194-3 | i386 scsi-core-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 scsi-core-modules-4.19.0-19-686-di | 4.19.232-1 | i386 scsi-core-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 scsi-modules-4.19.0-17-686-di | 4.19.194-3 | i386 scsi-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 scsi-modules-4.19.0-19-686-di | 4.19.232-1 | i386 scsi-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 scsi-nic-modules-4.19.0-17-686-di | 4.19.194-3 | i386 scsi-nic-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 scsi-nic-modules-4.19.0-19-686-di | 4.19.232-1 | i386 scsi-nic-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 serial-modules-4.19.0-17-686-di | 4.19.194-3 | i386 serial-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 serial-modules-4.19.0-19-686-di | 4.19.232-1 | i386 serial-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 sound-modules-4.19.0-17-686-di | 4.19.194-3 | i386 sound-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 sound-modules-4.19.0-19-686-di | 4.19.232-1 | i386 sound-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 speakup-modules-4.19.0-17-686-di | 4.19.194-3 | i386 speakup-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 speakup-modules-4.19.0-19-686-di | 4.19.232-1 | i386 speakup-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 squashfs-modules-4.19.0-17-686-di | 4.19.194-3 | i386 squashfs-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 squashfs-modules-4.19.0-19-686-di | 4.19.232-1 | i386 squashfs-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 udf-modules-4.19.0-17-686-di | 4.19.194-3 | i386 udf-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 udf-modules-4.19.0-19-686-di | 4.19.232-1 | i386 udf-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 uinput-modules-4.19.0-17-686-di | 4.19.194-3 | i386 uinput-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 uinput-modules-4.19.0-19-686-di | 4.19.232-1 | i386 uinput-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 usb-modules-4.19.0-17-686-di | 4.19.194-3 | i386 usb-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 usb-modules-4.19.0-19-686-di | 4.19.232-1 | i386 usb-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 usb-serial-modules-4.19.0-17-686-di | 4.19.194-3 | i386 usb-serial-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 usb-serial-modules-4.19.0-19-686-di | 4.19.232-1 | i386 usb-serial-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 usb-storage-modules-4.19.0-17-686-di | 4.19.194-3 | i386 usb-storage-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 usb-storage-modules-4.19.0-19-686-di | 4.19.232-1 | i386 usb-storage-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 xfs-modules-4.19.0-17-686-di | 4.19.194-3 | i386 xfs-modules-4.19.0-17-686-pae-di | 4.19.194-3 | i386 xfs-modules-4.19.0-19-686-di | 4.19.232-1 | i386 xfs-modules-4.19.0-19-686-pae-di | 4.19.232-1 | i386 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux-signed-i386) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 26 Mar 2022 10:56:21 -0000] [ftpmaster: Archive Administrator] Removed the following packages from oldstable: linux-headers-4.19.0-17-common | 4.19.194-3 | all linux-headers-4.19.0-17-common-rt | 4.19.194-3 | all linux-headers-4.19.0-19-common | 4.19.232-1 | all linux-headers-4.19.0-19-common-rt | 4.19.232-1 | all linux-support-4.19.0-17 | 4.19.194-3 | all linux-support-4.19.0-19 | 4.19.232-1 | all ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux - based on source metadata) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 26 Mar 2022 10:59:53 -0000] [ftpmaster: Archive Administrator] Removed the following packages from oldstable: libparse-pidl-perl | 2:4.9.5+dfsg-5+really0.02 | amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by samba) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 26 Mar 2022 11:00:11 -0000] [ftpmaster: Archive Administrator] Removed the following packages from oldstable: liblog4j2-java-doc | 2.11.1-2 | all ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by apache-log4j2 - based on source metadata) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 26 Mar 2022 11:00:29 -0000] [ftpmaster: Archive Administrator] Removed the following packages from oldstable: libjtharness-java-doc | 5.0-2 | all ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by jtharness - based on source metadata) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 26 Mar 2022 11:00:50 -0000] [ftpmaster: Archive Administrator] Removed the following packages from oldstable: libwebkit2gtk-4.0-37-gtk2 | 2.32.4-1~deb10u1 | all ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by webkit2gtk - based on source metadata) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 26 Mar 2022 10:46:33 -0000] [ftpmaster: Archive Administrator] Removed the following packages from oldstable: libminify-maven-plugin-java | 1.7.4-1.1 | all minify-maven-plugin | 1.7.4-1.1 | source Closed bugs: 1006461 ------------------- Reason ------------------- RoM: old and not useful ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 26 Mar 2022 10:46:57 -0000] [ftpmaster: Archive Administrator] Removed the following packages from oldstable: angular-maven-plugin | 0.3.4-3 | source libangular-maven-plugin-java | 0.3.4-3 | all Closed bugs: 1006462 ------------------- Reason ------------------- RoM; no longer useful; tied to unsupported AngularJS version ---------------------------------------------- ========================================================================= aide (0.16.1-1+deb10u1) buster-security; urgency=high . * Apply backported patch to fix heap-based buffer overflow in base64 functions (CVE-2021-45417) apache-log4j1.2 (1.2.17-8+deb10u2) buster; urgency=medium . * Team upload. * Fix CVE-2021-4104, CVE-2022-23302, CVE-2022-23305 and CVE-2022-23307. Multiple security vulnerabilities have been discovered in Apache Log4j 1.2 when it is configured to use JMSSink, JDBCAppender and JMSAppender or Apache Chainsaw. Note that a possible attacker requires write access to the Log4j configuration and the aforementioned features are not enabled by default. In order to completely mitigate against these vulnerabilities the related classes have been removed from the resulting jar file. apache-log4j2 (2.17.1-1~deb10u1) buster; urgency=medium . * Team upload. * Backport 2.17.1 to Buster and fix CVE-2021-44832: remote code execution vulnerability but requires permission to modify the logging configuration. apache-log4j2 (2.17.0-1) unstable; urgency=high . * Team upload. * New upstream version 2.17.0. - Fix CVE-2021-45105: Apache Log4j2 did not protect from uncontrolled recursion from self-referential lookups. When the logging configuration uses a non-default Pattern Layout with a Context Lookup (for example, $${ctx:loginId}), attackers with control over Thread Context Map (MDC) input data can craft malicious input data that contains a recursive lookup, resulting in a denial of service. (Closes: #1001891) Thanks to Salvatore Bonaccorso for the report. apache-log4j2 (2.17.0-1~deb11u1) bullseye-security; urgency=high . * Team upload. * Backport 2.17.0-1 to Bullseye and fix CVE-2021-45105. (Closes: #1001891) apache-log4j2 (2.17.0-1~deb10u1) buster-security; urgency=high . * Team upload. * Backport 2.17.0-1 to Buster and fix CVE-2021-45105. (Closes: #1001891) apache-log4j2 (2.16.0-1) unstable; urgency=high . * Team upload. * New upstream version 2.16.0. - Fix CVE-2021-45046: It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allow attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in a denial of service (DOS) attack. Thanks to Salvatore Bonaccorso for the report. (Closes: #1001729) apache-log4j2 (2.16.0-1~deb11u1) bullseye-security; urgency=high . * Team upload. * Backport version 2.16.0 to Bullseye and fix CVE-2021-45046. (Closes: #1001729) apache-log4j2 (2.16.0-1~deb10u1) buster-security; urgency=high . * Team upload. * Backport version 2.16.0 to Buster and fix CVE-2021-45046. (Closes: #1001729) apache-log4j2 (2.15.0-1) unstable; urgency=high . * Team upload. * New upstream version 2.15.0. - Fix CVE-2021-44228: Chen Zhaojun of Alibaba Cloud Security Team discovered that JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From version 2.15.0, this behavior has been disabled by default. (Closes: #1001478) * Update debian/watch to track the latest releases. * Declare compliance with Debian Policy 4.6.0. apache-log4j2 (2.15.0-1~deb11u1) bullseye-security; urgency=high . * Team upload. * Backport version 2.15.0 to Bullseye and fix CVE-2021-44228. (Closes: #1001478) apache-log4j2 (2.15.0-1~deb10u1) buster-security; urgency=high . * Team upload. * Backport version 2.15.0 to Buster and fix CVE-2021-44228. (Closes: #1001478) * Fix CVE-2020-9488: Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. (Closes: #959450) apache-log4j2 (2.13.3-1) unstable; urgency=medium . * New upstream release - Refreshed the patches - Ignore the new log4j-docker, log4-jpl, log4j-kubernetes and log4j-spring-cloud-config modules * Depend on libgeronimo-jpa-2.0-spec-java instead of libjpa-2.1-spec-java * Removed the -java-doc package (Closes: #835382) * Standards-Version updated to 4.5.1 * Switch to debhelper level 13 * No longer track the release candidates apache-log4j2 (2.11.2-1) unstable; urgency=medium . * Team upload. . [ tony mancill ] * Revert "Drop support for mongodb (Debian: #919095)" . [ Emmanuel Bourg ] * New upstream release - Refreshed the patches - Updated the Maven rules * Sort the entries in the plugin cache (Log4j2Plugins.dat) to make the build reproducible * Standards-Version updated to 4.4.0 apache2 (2.4.38-3+deb10u7) buster-security; urgency=medium . * Fix possible NULL dereference or SSRF in forward proxy configurations (CVE-2021-44224) * lua: improve error handling (Closes: CVE-2021-44790) * mod_proxy_uwsgi: Remove duplicate slashes at the beginning of PATH_INFO (relaxes the behaviour introduced by the CVE-2021-36160 fix) apache2 (2.4.38-3+deb10u6) buster-security; urgency=high . [ Yadd, Moritz Muehlenhoff ] * Initialize the request fields on read failure to avoid NULLs (Closes: CVE-2021-34798) * mod_proxy_uwsgi: Fix PATH_INFO setting for generic worker (Closes: CVE-2021-36160) * Fix ap_escape_quotes with pre-escaped quotes (Closes: CVE-2021-39275) * Sanity checks on the configured UDS path (Closes: CVE-2021-40438) atftp (0.7.git20120829-3.2~deb10u3) buster; urgency=medium . * Fix for CVE-2021-46671 (Closes: #1004974) base-files (10.3+deb10u12) buster; urgency=medium . * Change /etc/debian_version to 10.12, for Debian 10.12 point release. bind9 (1:9.11.5.P4+dfsg-5.1+deb10u7) buster-security; urgency=high . * CVE-2021-25220: The rules for acceptance of records into the cache have been tightened to prevent the possibility of poisoning if forwarders send records outside the configured bailiwick. bind9 (1:9.11.5.P4+dfsg-5.1+deb10u6) buster-security; urgency=high . * CVE-2021-25219: The "lame-ttl" option is now forcibly set to 0. This effectively disables the lame server cache, as it could previously be abused by an attacker to significantly degrade resolver performance. btrbk (0.27.1-1+deb10u2) buster; urgency=high . * Non-maintainer upload by the LTS Team. * regression fix for CVE-2021-38173 (Closes: #996260, #996266) cargo-mozilla (0.47.0-3~deb10u1) buster; urgency=medium . * Non-maintainer upload. * Backport to buster. * Vendor libgit2 1.0.1, the system one is too old. * Build-dep on rustc-mozilla. * Build-dep on libpcre3-dev, for libgit2. * Fix tests that now have execution time in the output. * Rename to cargo-mozilla to avoid disruption in the rustc/cargo ecosystem, and don't build the doc package. chrony (3.4-4+deb10u2) buster; urgency=medium . * debian/usr.sbin.chronyd: - Allow reading the chronyd configuration file that timemaster(8) generates. Thanks to Michael Lestinsky for the report! (Closes: #1004745) cimg (2.4.5+dfsg-1+deb10u1) buster; urgency=medium . * Non-maintainer upload. * CVE-2020-25693: Fix multiple heap buffer overflows. (Closes: #973770) clamav (0.103.5+dfsg-0+deb10u1) buster; urgency=medium . * Import 0.103.5 - CVE-2022-20698 (Fix for invalid pointer read that may cause a crash). - Update symbol file. clamav (0.103.4+dfsg-1) unstable; urgency=medium . * Import 0.103.4 - Update symbol file. * Add clamonacc.8. * Install clamonacc only on Linux. Patch by Laurent Bigonvill (Closes: #992776). * Drop unused libidn11-dev dependency, suggested by Simon Josefsson (Closes: #991976). clamav (0.103.4+dfsg-0+deb11u1) bullseye; urgency=medium . * Import 0.103.4 - Update symbol file. * Add clamonacc.8. * Install clamonacc only on Linux. Patch by Laurent Bigonvill (Closes: #992776). clamav (0.103.4+dfsg-0+deb10u1) buster; urgency=medium . * Import 0.103.4 - Update symbol file. * Add clamonacc.8. * Install clamonacc only on Linux. Patch by Laurent Bigonvill (Closes: #992776). clamav (0.103.3+dfsg-1) unstable; urgency=medium . * Import 0.103.2 - Update symbol file. - Regression: clamdscan segfaults with --fdpass --multipass and ExcludePath (Closes: #988218). * Remove clamav user on purge (Closes: #987861). * Remove freshclam.dat on purge. clamav (0.103.3+dfsg-0+deb11u1) bullseye; urgency=medium . * Import 0.103.3 - Update symbol file. - Regression: clamdscan segfaults with --fdpass --multipass and ExcludePath (Closes: #988218). * Remove clamav user on purge (Closes: #987861). * Remove freshclam.dat on purge. cups (2.2.10-6+deb10u5) buster; urgency=medium . * Non-maintainer upload by the LTS Team. * CVE-2020-10001.patch An input validation issue might allow a malicious application to read restricted memory. cyrus-sasl2 (2.1.27+dfsg-1+deb10u2) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * Fix _sasl_add_string * Escape password for SQL insert/update commands (CVE-2022-24407) debian-edu-config (2.10.65+deb10u8) buster-security; urgency=medium . * etc/apache2/mods-available/debian-edu-userdir.conf: - White-space cleanup (tabs and spaces mixed). - CVE-2021-20001: Disable built-in PHP engine. - Add warning to not re-enable PHP interpretation in user dirs (with reference to our README). * README.public_html_with_PHP-CGI+suExec.md: - Provide documentation on how to enable suExec support in https userdirs (i.e. ~/public_html). * debian/NEWS: + Add file, inform about PHP being disabled in Apache2 user directories. debian-installer (20190702+deb10u12) buster; urgency=medium . * Bump Linux ABI to 4.19.0-20. debian-installer-netboot-images (20190702+deb10u12) buster; urgency=medium . * Update to 20190702+deb10u12, from buster-proposed-updates. detox (1.3.0-4+deb10u1) buster; urgency=medium . * debian/patches/010_fix-largefiles.patch: created to fix 'Value too large for defined data type' on ARM. This issue is related to large files and was fixed by upstream in configure.ac, adding AC_SYS_LARGEFILE. (Closes: #992542) djvulibre (3.5.27.1-10+deb10u1) buster-security; urgency=medium . * Backport upstream commit 970fb11a296b5bbdc5e8425851253d2c5913c45e ("Fix bug#296") to address CVE-2019-15142. * Backport upstream commit b1f4e1b2187d9e5010cd01ceccf20b4a11ce723f ("fix for bug #297") to address CVE-2019-15143. * Backport upstream commit e15d51510048927f172f1bf1f27ede65907d940d ("bug 299 fixed") to address CVE-2019-15144. * Backport upstream commit 9658b01431cd7ff6344d7787f855179e73fe81a7 ("fix bug #298") to address CVE-2019-15145. * Backport upstream commit c8bec6549c10ffaa2f2fbad8bbc629efdf0dd125 ("Fixed bug 309") to address CVE-2019-18804. * Backport upstream commit cd8b5c97b27a5c1dc83046498b6ca49ad20aa9b6 ("Reviewed Fedora patches and adopted some of them (or variants thereof)") to address CVE-2021-3500, CVE-2021-32490, CVE-2021-32491, CVE-2021-32492, CVE-2021-32493. * Backport upstream commit 7b0ef20690e08f1fe124aebbf42f6310e2f40f81 ("Lizards!") to address CVE-2021-3630. evolution-data-server (3.30.5-1+deb10u2) buster; urgency=medium . * Non-maintainer upload. * CVE-2020-16117: Crash on malformed server response with minimal capabilities. expat (2.2.6-2+deb10u4) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * lib: Relax fix to CVE-2022-25236 with regard to RFC 3986 URI characters * tests: Cover relaxed fix to CVE-2022-25236 * lib: Document namespace separator effect right in header * lib|doc: Add a note on namespace URI validation expat (2.2.6-2+deb10u3) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * Prevent stack exhaustion in build_model (CVE-2022-25313) * Prevent integer overflow in storeRawNames (CVE-2022-25315) * Prevent integer overflow in copyString (CVE-2022-25314) * lib: Fix (harmless) use of uninitialized memory * lib: Protect against malicious namespace declarations (CVE-2022-25236) (Closes: #1005895) * tests: Cover CVE-2022-25236 * lib: Drop unused macro UTF8_GET_NAMING * lib: Add missing validation of encoding (CVE-2022-25235) (Closes: #1005894) * tests: Cover missing validation of encoding (CVE-2022-25235) * Fix build_model regression. * tests: Protect against nested element declaration model regressions expat (2.2.6-2+deb10u2) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * lib: Detect and prevent troublesome left shifts in function storeAtts (CVE-2021-45960) (Closes: #1002994) * lib: Prevent integer overflow on m_groupSize in function doProlog (CVE-2021-46143) * lib: Prevent integer overflow at multiple places (CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825, CVE-2022-22826, CVE-2022-22827) (Closes: #1003474) * lib: Detect and prevent integer overflow in XML_GetBuffer (CVE-2022-23852) * lib: Prevent integer overflow in doProlog (CVE-2022-23990) ffmpeg (7:4.1.8-0+deb10u1) buster-security; urgency=high . [ Sebastian Ramacher ] * New upstream release - Fixes various security issues: CVE-2020-21041 CVE-2020-22017 CVE-2020-22019 CVE-2020-22020 CVE-2020-22021 CVE-2020-22022 CVE-2020-22023 CVE-2020-22025 CVE-2020-22026 CVE-2020-22027 CVE-2020-22028 CVE-2020-22029 CVE-2020-22030 CVE-2020-22031 CVE-2020-22032 CVE-2020-22033 CVE-2020-22034 CVE-2020-22035 CVE-2020-22036 CVE-2020-35965 CVE-2021-38114 CVE-2021-38171 * debian/gbp.conf Switch upstream branch to upstream/buster * debian/tests: Update encoders based on changes in 4.1.6 . [ Antoni Villalonga ] * debian/patches: Backport upstream patch to fix MXF generation (Closes: #977541) flac (1.3.2-3+deb10u1) buster; urgency=medium . * Non-maintainer upload. * CVE-2020-0499: Out of bounds read due to a heap buffer overflow. (Closes: #977764) gerbv (2.7.0-1+deb10u1) buster; urgency=medium . * Build for buster * [c33610a] Rebuild patch queue from patch-queue branch Added patch: security/Fix-TALOS-2021-1402.patch Fixing CVE-2021-40391 * [09244b9] d/gbp.conf: Adjust to branch debian/buster ghostscript (9.27~dfsg-2+deb10u5) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * Check stack limits after function evaluation (CVE-2021-45944) * Fix op stack management in sampled_data_continue() (CVE-2021-45949) glibc (2.28-10+deb10u1) buster; urgency=medium . [ Aurelien Jarno ] * debian/patches/git-updates.diff: update from upstream stable branch (Closes: #930697): - Add more integrity check to malloc() function. - Fix crash in _IO_wfile_sync. - Fix bad free() in libdl if dlerror() is not used. Closes: #953257. - Fix overflow in glibc.malloc.tcache_count tunable. - Fix old x86 applications crash on exit() under valgrind. - Remove copy_file_range emulation. The kernel interface has at evolved and the glibc emulation doesn't match it anymore, so it's better for it to return -ENOSYS. This only impacts Linux kernels << 4.8. - Avoid lazy binding of symbols that may follow a variant PCS on arm64, to support binaries using AdvSIMD and SVE vector calls. - Fix large mmap64 offset for the N32 ABI on mips/mipsel/mips64el. - Improve string functions performances on arm64. * debian/patches/any/git-libio-stdout-putc.diff: refresh. * debian/debhelper.in/libc.preinst: simplify the version comparison by only comparing the two first parts, now that kernel 2.X are not supported anymore. Closes: #1004861. * debian/debhelper.in/libc.preinst: drop the check for kernel release > 255 now that glibc and preinstall script are fixed. Closes: #987266. gmp (2:6.1.2+dfsg-4+deb10u1) buster; urgency=medium . * [1f4ce6d] Add .gitlab-ci.yml * [df6d314] Avoid bit size overflows. CVE-2021-43618 graphicsmagick (1.4+really1.3.35-1~deb10u2) buster; urgency=high . [ Thorsten Alteholz ] * CVE-2020-12672 Fix for a heap-based buffer overflow in ReadMNGImage() in coders/png.c. h2database (1.4.197-4+deb10u1) buster-security; urgency=high . * Team upload. * Security researchers of JFrog Security and Ismail Aydemir discovered two remote code execution vulnerabilities in the H2 Java SQL database engine which can be exploited through various attack vectors, most notably through the H2 Console and by loading custom classes from remote servers through JNDI. The H2 console is a developer tool and not required by any reverse-dependency in Debian. It has been disabled in (old)stable releases. Database developers are advised to use at least version 2.1.210-1, currently available in Debian unstable. htmldoc (1.9.3-1+deb10u3) buster; urgency=high . * Non-maintainer upload by the LTS Team. * CVE-2022-0534 A crafted GIF file could lead to a stack out-of-bounds read, which could result in a crash (segmentation fault). * CVE-2021-43579 Converting an HTML document, which links to a crafted BMP file, could lead to a stack-based buffer overflow, which could result in remote code execution. * CVE-2021-40985 A crafted BMP image could lead to a buffer overflow, which could cause a denial of service. http-parser (2.8.1-1+deb10u2) buster; urgency=medium . * Fix ABI breakage introduced by accident in 2.8.1-1+deb10u1. Many thanks to Hilko Bengen. Closes: #996460, #996939, #996997 icu (63.1-6+deb10u3) buster; urgency=medium . * Add pkg-config dependency to icu-devtools. . [ Scott Talbert ] * Backport upstream fix for pkgdata to work without icu-config (closes: #992591). icu (63.1-6+deb10u2) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * Use LocalMemory for cmd to prevent use after free (CVE-2020-21913) intel-microcode (3.20220207.1~deb10u1) buster; urgency=medium . * Backport for Debian oldstable (no changes) * Release manager: this is the same package already in bullseye-backports, testing and unstable. It fixes several security issues, adds MSRs that can be enabled by updated kernels for enhanced security mitigaton, and also fixes several critical "functional issues" (i.e. processor errata). There were no reports to date of regressions introduced by this microcode drelease. . intel-microcode (3.20220207.1) unstable; urgency=medium . * upstream changelog: new upstream datafile 20220207 * Mitigates (*only* when loaded from UEFI firmware through the FIT) CVE-2021-0146, INTEL-SA-00528: VT-d privilege escalation through debug port, on Pentium, Celeron and Atom processors with signatures 0x506c9, 0x506ca, 0x506f1, 0x706a1, 0x706a8 https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/57#issuecomment-1036363145 * Mitigates CVE-2021-0127, INTEL-SA-00532: an unexpected code breakpoint may cause a system hang, on many processors. * Mitigates CVE-2021-0145, INTEL-SA-00561: information disclosure due to improper sanitization of shared resources (fast-store forward predictor), on many processors. * Mitigates CVE-2021-33120, INTEL-SA-00589: out-of-bounds read on some Atom Processors may allow information disclosure or denial of service via network access. * Fixes critical errata (functional issues) on many processors * Adds a MSR switch to enable RAPL filtering (default off, once enabled it can only be disabled by poweroff or reboot). Useful to protect SGX and other threads from side-channel info leak. Improves the mitigation for CVE-2020-8694, CVE-2020-8695, INTEL-SA-00389 on many processors. * Disables TSX in more processor models. * Fixes issue with WBINDV on multi-socket (server) systems which could cause resets and unpredictable system behavior. * Adds a MSR switch to 10th and 11th-gen (Ice Lake, Tiger Lake, Rocket Lake) processors, to control a fix for (hopefully rare) unpredictable processor behavior when HyperThreading is enabled. This MSR switch is enabled by default on *server* processors. On other processors, it needs to be explicitly enabled by an updated UEFI/BIOS (with added configuration logic). An updated operating system kernel might also be able to enable it. When enabled, this fix can impact performance. * Updated Microcodes: sig 0x000306f2, pf_mask 0x6f, 2021-08-11, rev 0x0049, size 38912 sig 0x000306f4, pf_mask 0x80, 2021-05-24, rev 0x001a, size 23552 sig 0x000406e3, pf_mask 0xc0, 2021-04-28, rev 0x00ec, size 105472 sig 0x00050653, pf_mask 0x97, 2021-05-26, rev 0x100015c, size 34816 sig 0x00050654, pf_mask 0xb7, 2021-06-16, rev 0x2006c0a, size 43008 sig 0x00050656, pf_mask 0xbf, 2021-08-13, rev 0x400320a, size 35840 sig 0x00050657, pf_mask 0xbf, 2021-08-13, rev 0x500320a, size 36864 sig 0x0005065b, pf_mask 0xbf, 2021-06-04, rev 0x7002402, size 28672 sig 0x00050663, pf_mask 0x10, 2021-06-12, rev 0x700001c, size 28672 sig 0x00050664, pf_mask 0x10, 2021-06-12, rev 0xf00001a, size 27648 sig 0x00050665, pf_mask 0x10, 2021-09-18, rev 0xe000014, size 23552 sig 0x000506c9, pf_mask 0x03, 2021-05-10, rev 0x0046, size 17408 sig 0x000506ca, pf_mask 0x03, 2021-05-10, rev 0x0024, size 16384 sig 0x000506e3, pf_mask 0x36, 2021-04-29, rev 0x00ec, size 108544 sig 0x000506f1, pf_mask 0x01, 2021-05-10, rev 0x0036, size 11264 sig 0x000606a6, pf_mask 0x87, 2021-12-03, rev 0xd000331, size 291840 sig 0x000706a1, pf_mask 0x01, 2021-05-10, rev 0x0038, size 74752 sig 0x000706a8, pf_mask 0x01, 2021-05-10, rev 0x001c, size 75776 sig 0x000706e5, pf_mask 0x80, 2021-05-26, rev 0x00a8, size 110592 sig 0x000806a1, pf_mask 0x10, 2021-09-02, rev 0x002d, size 34816 sig 0x000806c1, pf_mask 0x80, 2021-08-06, rev 0x009a, size 109568 sig 0x000806c2, pf_mask 0xc2, 2021-07-16, rev 0x0022, size 96256 sig 0x000806d1, pf_mask 0xc2, 2021-07-16, rev 0x003c, size 101376 sig 0x000806e9, pf_mask 0x10, 2021-04-28, rev 0x00ec, size 104448 sig 0x000806e9, pf_mask 0xc0, 2021-04-28, rev 0x00ec, size 104448 sig 0x000806ea, pf_mask 0xc0, 2021-04-28, rev 0x00ec, size 103424 sig 0x000806eb, pf_mask 0xd0, 2021-04-28, rev 0x00ec, size 104448 sig 0x000806ec, pf_mask 0x94, 2021-04-28, rev 0x00ec, size 104448 sig 0x00090661, pf_mask 0x01, 2021-09-21, rev 0x0015, size 20480 sig 0x000906c0, pf_mask 0x01, 2021-08-09, rev 0x2400001f, size 20480 sig 0x000906e9, pf_mask 0x2a, 2021-04-29, rev 0x00ec, size 106496 sig 0x000906ea, pf_mask 0x22, 2021-04-28, rev 0x00ec, size 102400 sig 0x000906eb, pf_mask 0x02, 2021-04-28, rev 0x00ec, size 104448 sig 0x000906ec, pf_mask 0x22, 2021-04-28, rev 0x00ec, size 103424 sig 0x000906ed, pf_mask 0x22, 2021-04-28, rev 0x00ec, size 103424 sig 0x000a0652, pf_mask 0x20, 2021-04-28, rev 0x00ec, size 93184 sig 0x000a0653, pf_mask 0x22, 2021-04-28, rev 0x00ec, size 94208 sig 0x000a0655, pf_mask 0x22, 2021-04-28, rev 0x00ee, size 94208 sig 0x000a0660, pf_mask 0x80, 2021-04-28, rev 0x00ea, size 94208 sig 0x000a0661, pf_mask 0x80, 2021-04-29, rev 0x00ec, size 93184 sig 0x000a0671, pf_mask 0x02, 2021-08-29, rev 0x0050, size 102400 * Removed Microcodes: sig 0x00080664, pf_mask 0x01, 2021-02-17, rev 0xb00000f, size 130048 sig 0x00080665, pf_mask 0x01, 2021-02-17, rev 0xb00000f, size 130048 * update .gitignore and debian/.gitignore. Add some missing items from .gitignore and debian/.gitignore. * ucode-blacklist: do not late-load 0x406e3 and 0x506e3. When the BIOS microcode is older than revision 0x7f (and perhaps in some other cases as well), the latest microcode updates for 0x406e3 and 0x506e3 must be applied using the early update method. Otherwise, the system might hang. Also: there must not be any other intermediate microcode update attempts [other than the one done by the BIOS itself], either. It must go from the BIOS microcode update directly to the latest microcode update. * source: update symlinks to reflect id of the latest release, 20220207 intel-microcode (3.20220207.1~bpo11+1) bullseye-backports; urgency=medium . * Rebuild for bullseye-backports (no changes required) . intel-microcode (3.20220207.1) unstable; urgency=medium . * upstream changelog: new upstream datafile 20220207 * Mitigates (*only* when loaded from UEFI firmware through the FIT) CVE-2021-0146, INTEL-SA-00528: VT-d privilege escalation through debug port, on Pentium, Celeron and Atom processors with signatures 0x506c9, 0x506ca, 0x506f1, 0x706a1, 0x706a8 https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/57#issuecomment-1036363145 * Mitigates CVE-2021-0127, INTEL-SA-00532: an unexpected code breakpoint may cause a system hang, on many processors. * Mitigates CVE-2021-0145, INTEL-SA-00561: information disclosure due to improper sanitization of shared resources (fast-store forward predictor), on many processors. * Mitigates CVE-2021-33120, INTEL-SA-00589: out-of-bounds read on some Atom Processors may allow information disclosure or denial of service via network access. * Fixes critical errata (functional issues) on many processors * Adds a MSR switch to enable RAPL filtering (default off, once enabled it can only be disabled by poweroff or reboot). Useful to protect SGX and other threads from side-channel info leak. Improves the mitigation for CVE-2020-8694, CVE-2020-8695, INTEL-SA-00389 on many processors. * Disables TSX in more processor models. * Fixes issue with WBINDV on multi-socket (server) systems which could cause resets and unpredictable system behavior. * Adds a MSR switch to 10th and 11th-gen (Ice Lake, Tiger Lake, Rocket Lake) processors, to control a fix for (hopefully rare) unpredictable processor behavior when HyperThreading is enabled. This MSR switch is enabled by default on *server* processors. On other processors, it needs to be explicitly enabled by an updated UEFI/BIOS (with added configuration logic). An updated operating system kernel might also be able to enable it. When enabled, this fix can impact performance. * Updated Microcodes: sig 0x000306f2, pf_mask 0x6f, 2021-08-11, rev 0x0049, size 38912 sig 0x000306f4, pf_mask 0x80, 2021-05-24, rev 0x001a, size 23552 sig 0x000406e3, pf_mask 0xc0, 2021-04-28, rev 0x00ec, size 105472 sig 0x00050653, pf_mask 0x97, 2021-05-26, rev 0x100015c, size 34816 sig 0x00050654, pf_mask 0xb7, 2021-06-16, rev 0x2006c0a, size 43008 sig 0x00050656, pf_mask 0xbf, 2021-08-13, rev 0x400320a, size 35840 sig 0x00050657, pf_mask 0xbf, 2021-08-13, rev 0x500320a, size 36864 sig 0x0005065b, pf_mask 0xbf, 2021-06-04, rev 0x7002402, size 28672 sig 0x00050663, pf_mask 0x10, 2021-06-12, rev 0x700001c, size 28672 sig 0x00050664, pf_mask 0x10, 2021-06-12, rev 0xf00001a, size 27648 sig 0x00050665, pf_mask 0x10, 2021-09-18, rev 0xe000014, size 23552 sig 0x000506c9, pf_mask 0x03, 2021-05-10, rev 0x0046, size 17408 sig 0x000506ca, pf_mask 0x03, 2021-05-10, rev 0x0024, size 16384 sig 0x000506e3, pf_mask 0x36, 2021-04-29, rev 0x00ec, size 108544 sig 0x000506f1, pf_mask 0x01, 2021-05-10, rev 0x0036, size 11264 sig 0x000606a6, pf_mask 0x87, 2021-12-03, rev 0xd000331, size 291840 sig 0x000706a1, pf_mask 0x01, 2021-05-10, rev 0x0038, size 74752 sig 0x000706a8, pf_mask 0x01, 2021-05-10, rev 0x001c, size 75776 sig 0x000706e5, pf_mask 0x80, 2021-05-26, rev 0x00a8, size 110592 sig 0x000806a1, pf_mask 0x10, 2021-09-02, rev 0x002d, size 34816 sig 0x000806c1, pf_mask 0x80, 2021-08-06, rev 0x009a, size 109568 sig 0x000806c2, pf_mask 0xc2, 2021-07-16, rev 0x0022, size 96256 sig 0x000806d1, pf_mask 0xc2, 2021-07-16, rev 0x003c, size 101376 sig 0x000806e9, pf_mask 0x10, 2021-04-28, rev 0x00ec, size 104448 sig 0x000806e9, pf_mask 0xc0, 2021-04-28, rev 0x00ec, size 104448 sig 0x000806ea, pf_mask 0xc0, 2021-04-28, rev 0x00ec, size 103424 sig 0x000806eb, pf_mask 0xd0, 2021-04-28, rev 0x00ec, size 104448 sig 0x000806ec, pf_mask 0x94, 2021-04-28, rev 0x00ec, size 104448 sig 0x00090661, pf_mask 0x01, 2021-09-21, rev 0x0015, size 20480 sig 0x000906c0, pf_mask 0x01, 2021-08-09, rev 0x2400001f, size 20480 sig 0x000906e9, pf_mask 0x2a, 2021-04-29, rev 0x00ec, size 106496 sig 0x000906ea, pf_mask 0x22, 2021-04-28, rev 0x00ec, size 102400 sig 0x000906eb, pf_mask 0x02, 2021-04-28, rev 0x00ec, size 104448 sig 0x000906ec, pf_mask 0x22, 2021-04-28, rev 0x00ec, size 103424 sig 0x000906ed, pf_mask 0x22, 2021-04-28, rev 0x00ec, size 103424 sig 0x000a0652, pf_mask 0x20, 2021-04-28, rev 0x00ec, size 93184 sig 0x000a0653, pf_mask 0x22, 2021-04-28, rev 0x00ec, size 94208 sig 0x000a0655, pf_mask 0x22, 2021-04-28, rev 0x00ee, size 94208 sig 0x000a0660, pf_mask 0x80, 2021-04-28, rev 0x00ea, size 94208 sig 0x000a0661, pf_mask 0x80, 2021-04-29, rev 0x00ec, size 93184 sig 0x000a0671, pf_mask 0x02, 2021-08-29, rev 0x0050, size 102400 * Removed Microcodes: sig 0x00080664, pf_mask 0x01, 2021-02-17, rev 0xb00000f, size 130048 sig 0x00080665, pf_mask 0x01, 2021-02-17, rev 0xb00000f, size 130048 * update .gitignore and debian/.gitignore. Add some missing items from .gitignore and debian/.gitignore. * ucode-blacklist: do not late-load 0x406e3 and 0x506e3. When the BIOS microcode is older than revision 0x7f (and perhaps in some other cases as well), the latest microcode updates for 0x406e3 and 0x506e3 must be applied using the early update method. Otherwise, the system might hang. Also: there must not be any other intermediate microcode update attempts [other than the one done by the BIOS itself], either. It must go from the BIOS microcode update directly to the latest microcode update. * source: update symlinks to reflect id of the latest release, 20220207 intel-microcode (3.20210608.2) unstable; urgency=high . * Correct INTEL-SA-00442 CVE id to CVE-2020-24489 in changelog and debian/changelog (3.20210608.1). ipython (5.8.0-1+deb10u1) buster-security; urgency=high . * Fixes CVE-2022-21699 (execution of config files from the current directory, which might allow cross-user attacks if ipython is run from a directory multiple users can write). Closes: #1004122 jbig2dec (0.16-1+deb10u1) buster; urgency=high . * Team upload (printing and LTS) * CVE-2020-12268 avoid overflow with extreme values of x,y,w,h in function jbig2_image_compose() jtharness (6.0-b15-1~deb10u1) buster; urgency=medium . * Rebuild for buster, needed for latest OpenJDK 11.x release - Switch to debhelper 12 jtharness (6.0-b13-1) unstable; urgency=medium . * Team upload. * New upstream release jtharness (6.0-b10-1) unstable; urgency=medium . * Team upload. * New upstream release - Refreshed the patches * Depend on libservlet-api-java instead of libservlet3.1-java * Removed the -doc package * Standards-Version updated to 4.5.0 * Switch to debhelper level 11 * Use salsa.debian.org Vcs-* URLs * Track and download the new releases from GitHub jtreg (5.1-b01-2~deb10u1) buster; urgency=medium . * Rebuild for buster, needed for latest OpenJDK 11.x release - Switch to debhelper 12 jtreg (5.1-b01-1) unstable; urgency=medium . * Team upload. * New upstream release - Refreshed the patches * Switch to debhelper level 12 jtreg (5.0-b01-2.1) unstable; urgency=medium . * Non-maintainer upload. * Provide jar symlinks in /usr/share/jtreg/share/java as well. Allows openjdk configuration --with-jtreg=/usr/share/jtreg with the same patchset for all release. * Provide additional jar symlinks for jh.jar and hamcrest-core.jar. jtreg (5.0-b01-2) unstable; urgency=medium . * Team upload. * Install jtreg under /usr/share/jtreg and use it as the default JT_HOME path jtreg (5.0-b01-1) unstable; urgency=medium . * Team upload. * New upstream release - Refreshed the patches - Depend on libjtharness-java (>= 6.0) * Standards-Version updated to 4.5.0 jtreg (4.2-b16-1) unstable; urgency=medium . * Team upload. * New upstream release - Refreshed the patches * Track the new releases from GitHub * Standards-Version updated to 4.4.1 lemonldap-ng (2.0.2+ds-7+deb10u7) buster; urgency=medium . * Add gsfonts in recommended dependencies (Closes: #982534) * Fix auth process in password-testing plugins (Closes: CVE-2021-20874) leptonlib (1.76.0-1+deb10u1) buster; urgency=medium . * Non-maintainer upload by the LTS Team. (Closes: #985089) * CVE-2020-36277 denial of service (application crash) via an incorrect left shift in pixConvert2To8 in pixconv.c * CVE-2020-36278 heap-based buffer over-read in findNextBorderPixel in ccbord.c * CVE-2020-36279 heap-based buffer over-read in rasteropGeneralLow, related to adaptmap_reg.c and adaptmap.c * CVE-2020-36280 heap-based buffer over-read in pixReadFromTiffStream, related to tiffio.c. * CVE-2020-36281 heap-based buffer over-read in pixFewColorsOctcubeQuantMixed in colorquant1.c libdatetime-timezone-perl (1:2.23-1+2022a) buster; urgency=medium . * Update to Olson database version 2022a. This update includes contemporary changes for Palestine. . libdatetime-timezone-perl (1:2.23-1+2021e) buster; urgency=medium . * Update to Olson database version 2021e. This update includes contemporary changes for Palestine. . libdatetime-timezone-perl (1:2.23-1+2021d) buster; urgency=medium . * Update to Olson database version 2021d. This update includes fixes for the zone links for Atlantic/Jan_Mayen and America/Virgin (2021c), and contemporary changes for Fiji (2021d). libdatetime-timezone-perl (1:2.23-1+2021e) buster; urgency=medium . * Update to Olson database version 2021e. This update includes contemporary changes for Palestine. . libdatetime-timezone-perl (1:2.23-1+2021d) buster; urgency=medium . * Update to Olson database version 2021d. This update includes fixes for the zone links for Atlantic/Jan_Mayen and America/Virgin (2021c), and contemporary changes for Fiji (2021d). libdatetime-timezone-perl (1:2.23-1+2021d) buster; urgency=medium . * Update to Olson database version 2021d. This update includes fixes for the zone links for Atlantic/Jan_Mayen and America/Virgin (2021c), and contemporary changes for Fiji (2021d). libencode-perl (3.00-1+deb10u1) buster; urgency=medium . * Fix memory leak. Add patch rt_139622_memory-leak.patch, taken from upstream releases 3.13, 3.14, 3.15 to fix a memory leak in Encode.xs. Cf. https://rt.cpan.org/Ticket/Display.html?id=139622 (Closes: #995804) libetpan (1.9.3-2+deb10u1) buster; urgency=medium . * Non-maintainer upload. * CVE-2020-15953: STARTTLS response injection that affects IMAP, SMTP, and POP3. (Closes: #966647) libextractor (1:1.8-2+deb10u1) buster; urgency=medium . * Non-maintainer upload. * CVE-2019-15531: Invalid read for malformed DVI files. (Closes: #935553) libjackson-json-java (1.9.13-2~deb10u1) buster; urgency=medium . * Non-maintainer upload. * Rebuild for buster. - Revert the debhelper compat bump. . libjackson-json-java (1.9.13-2) unstable; urgency=medium . * Team upload. * Add upstream fixes. - Serializing types for deeply nested Maps. - Set Secure Processing flag on DocumentBuilderFactory. - Set setExpandEntityReferences(false). (Fixes: CVE-2019-10172) - WriteRawValue surrogate pair fix. - Fix deserialization. - All known security fixes. (Fixes: CVE-2017-15095 and CVE-2017-7525) * Update Standards-Version to 4.5.0 * Use debhelper-compat. - Update compat level to 13. libmodbus (3.1.4-2+deb10u1) buster; urgency=high . * Non-maintainer upload by the LTS Team. * CVE-2019-14462 + CVE-2019-14463 out of bound reads for MODBUS_FC_WRITE_MULTIPLE_REGISTERS and MODBUS_FC_WRITE_MULTIPLE_COILS * add unit test for CVEs above libpcap (1.8.1-6+deb10u1) buster; urgency=medium . * Non-maintainer upload. * CVE-2019-15165: Improper PHB header length validation. (Closes: #941697) libphp-adodb (5.20.14-1+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * Prevent auth bypass with PostgreSQL connections (CVE-2021-3850) (Closes: #1004376) libsdl1.2 (1.2.15+dfsg2-6~deb10u1) buster; urgency=medium . * Non-maintainer upload. * Rebuild for buster. . libsdl1.2 (1.2.15+dfsg2-6) unstable; urgency=medium . * Team upload. . [ Debian Janitor ] * Trim trailing whitespace. * Re-export upstream signing key without extra signatures. . [ Maximilian Engelhardt ] * SDL_x11events.c: properly handle input focus events (Closes: #980253) . libsdl1.2 (1.2.15+dfsg2-5) unstable; urgency=medium . [ Abhijith PA ] * Fix CVE-2019-7572, CVE-2019-7573, CVE-2019-7574, CVE-2019-7575 CVE-2019-7576, CVE-2019-7577, CVE-2019-7578, CVE-2019-7635, CVE-2019-7636 CVE-2019-7637, CVE-2019-7638 (Closes: #924609) . [ Felix Geyer ] * Fix CVE-2019-13616 libsdl1.2 (1.2.15+dfsg2-5) unstable; urgency=medium . [ Abhijith PA ] * Fix CVE-2019-7572, CVE-2019-7573, CVE-2019-7574, CVE-2019-7575 CVE-2019-7576, CVE-2019-7577, CVE-2019-7578, CVE-2019-7635, CVE-2019-7636 CVE-2019-7637, CVE-2019-7638 (Closes: #924609) . [ Felix Geyer ] * Fix CVE-2019-13616 libxml-security-java (2.0.10-2+deb10u1) buster-security; urgency=high . * Team upload. * Fix CVE-2021-40690: Apache Santuario - XML Security for Java is vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element. libxml2 (2.9.4+dfsg1-7+deb10u3) buster; urgency=medium . * Non-maintainer upload. * Use-after-free of ID and IDREF attributes (CVE-2022-23308) (Closes: #1006489) libxstream-java (1.4.11.1-1+deb10u3) buster-security; urgency=high . * Team upload. * Enable the security whitelist by default to prevent RCE vulnerabilities. XStream no longer uses a blacklist because it cannot be secured for general purpose. lighttpd (1.4.53-4+deb10u2) buster-security; urgency=medium . [ Glenn Strauss ] * Fix CVE-2022-22707 32-bit lighttpd mod_extforward crash. linux (4.19.235-1) buster; urgency=medium . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.233 - mac80211_hwsim: report NOACK frames in tx_status - mac80211_hwsim: initialize ieee80211_tx_info at hw_scan_work - [arm*] i2c: bcm2835: Avoid clock stretching timeouts - [x86] ASoC: rt5682: do not block workqueue if card is unbound - Input: clear BTN_RIGHT/MIDDLE on buttonpads - cifs: fix double free race when mount fails in cifs_get_root() - net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990 - usb: gadget: don't release an existing dev->buf (CVE-2022-24958) - usb: gadget: clear related members when goto fail (CVE-2022-24958) - ata: pata_hpt37x: fix PCI clock detection - [x86] ALSA: intel_hdmi: Fix reference to PCM buffer address - ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min - xfrm: fix MTU regression - netfilter: fix use-after-free in __nf_register_net_hook() - xfrm: fix the if_id check in changelink - xfrm: enforce validity of offload input flags - netfilter: nf_queue: don't assume sk is full socket - netfilter: nf_queue: fix possible use-after-free - batman-adv: Request iflink once in batadv-on-batadv check - batman-adv: Request iflink once in batadv_get_real_netdevice - batman-adv: Don't expect inter-netns unique iflink indices - net: dcb: flush lingering app table entries for unregistered devices - net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error generated by client - net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error cause by server - block: Fix fsync always failed if once failed - PCI: pciehp: Fix infinite loop in IRQ handler upon power fault - xen/netfront: destroy queues before real_num_tx_queues is zeroed - mac80211: fix forwarded mesh frames AC & queue selection - [arm64,armhf] net: stmmac: fix return value of __setup handler - net: arcnet: com20020: Fix null-ptr-deref in com20020pci_probe() - efivars: Respect "block" flag in efivar_entry_set_safe() - can: gs_usb: change active_channels's type from atomic_t to u8 - [armel,armhf] 9182/1: mmu: fix returns from early_param() and __setup() functions - net: chelsio: cxgb3: check the return value of pci_find_capability() - nl80211: Handle nla_memdup failures in handle_nan_filter - Input: elan_i2c - move regulator_[en|dis]able() out of elan_[en|dis]able_power() - Input: elan_i2c - fix regulator enable count imbalance after suspend/resume - HID: add mapping for KEY_ALL_APPLICATIONS - memfd: fix F_SEAL_WRITE after shmem huge page allocated - tracing/histogram: Fix sorting on old "cpu" value - btrfs: add missing run of delayed items after unlink during log replay - net: dcb: disable softirqs in dcbnl_flush_dev() - hamradio: fix macro redefine warning https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.234 - [arm*] Provide a wrapper for SMCCC 1.1 calls - [arm64,armhf] smccc/psci: add arm_smccc_1_1_get_conduit() - [armhf] report Spectre v2 status through sysfs - [armel,armhf] early traps initialisation - [armel,armhf] use LOADADDR() to get load address of sections - [armel,armhf] Spectre-BHB workaround - [armel,armhf] include unprivileged BPF status in Spectre V2 reporting - [armel,armhf] fix build error when BPF_SYSCALL is disabled - [armel,armhf] fix co-processor register typo - [armel,armhf] Do not use NOCROSSREFS directive with ld.lld - [armhf] fix build warning in proc-v7-bugs.c - xen/xenbus: don't let xenbus_grant_ring() remove grants in error case (CVE-2022-23040, XSA-396) - xen/grant-table: add gnttab_try_end_foreign_access() (CVE-2022-23036, CVE-2022-23038, XSA-396) - xen/blkfront: don't use gnttab_query_foreign_access() for mapped status (CVE-2022-23036, XSA-396) - xen/netfront: don't use gnttab_query_foreign_access() for mapped status (CVE-2022-23037, XSA-396) - xen/scsifront: don't use gnttab_query_foreign_access() for mapped status (CVE-2022-23038, XSA-396) - xen/gntalloc: don't use gnttab_query_foreign_access() (CVE-2022-23039, XSA-396) - xen: remove gnttab_query_foreign_access() - xen/9p: use alloc/free_pages_exact() (CVE-2022-23041, XSA-396) - xen/pvcalls: use alloc/free_pages_exact() (CVE-2022-23041, XSA-396) - xen/gnttab: fix gnttab_end_foreign_access() without page specified (CVE-2022-23041, XSA-396) - xen/netfront: react properly to failing gnttab_end_foreign_access_ref() (CVE-2022-23042, XSA-396) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.235 - net: qlogic: check the return value of dma_alloc_coherent() in qed_vf_hw_prepare() - qed: return status of qed_iov_get_link - ax25: Fix NULL pointer dereference in ax25_kill_by_device - net/mlx5: Fix size field in bufferx_reg struct - NFC: port100: fix use-after-free in port100_send_complete - net: phy: DP83822: clear MISR2 register to disable interrupts - sctp: fix kernel-infoleak for SCTP sockets - net-sysfs: add check for netdevice being present to speed_show - Revert "xen-netback: remove 'hotplug-status' once it has served its purpose" - Revert "xen-netback: Check for hotplug-status existence before watching" - tracing: Ensure trace buffer is at least 4096 bytes large - [arm64] net: macb: Fix lost RX packet wakeup race in NAPI receive - virtio: unexport virtio_finalize_features - virtio: acknowledge all features before access - [armel,armhf] fix Thumb2 regression with Spectre BHB - ext4: add check to prevent attempting to resize an fs with sparse_super2 - btrfs: unlock newly allocated extent buffer after error (CVE-2021-4149) . [ Salvatore Bonaccorso ] * [rt] Add new signing key for Daniel Wagner * [rt] Update to 4.19.233-rt105 * Bump ABI to 20 * sctp: fix the processing for INIT chunk (CVE-2021-3772) * sctp: fix the processing for INIT_ACK chunk (CVE-2021-3772) linux (4.19.232-1) buster-security; urgency=high . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.209 - ocfs2: drop acl cache for directories too - [arm*] usb: dwc2: gadget: Fix ISOC transfer complete handling for DDMA - [armhf] usb: musb: tusb6010: uninitialized data in tusb_fifo_write_unaligned() - cifs: fix incorrect check for null pointer in header_assemble - [x86] xen/x86: fix PV trap handling on secondary processors - USB: serial: cp210x: add ID for GW Instek GDM-834x Digital Multimeter - USB: cdc-acm: fix minor-number release - Re-enable UAS for LaCie Rugged USB3-FW with fk quirk - USB: serial: mos7840: remove duplicated 0xac24 device ID - USB: serial: option: add Telit LN920 compositions - USB: serial: option: remove duplicate USB device ID - USB: serial: option: add device id for Foxconn T99W265 - [arm64] serial: mvebu-uart: fix driver's tx_empty callback - net: hso: fix muxed tty registration - bnxt_en: Fix TX timeout when TX ring size is set to the smallest - net/smc: add missing error check in smc_clc_prfx_set() - net/mlx4_en: Don't allow aRFS for encapsulated packets - scsi: iscsi: Adjust iface sysfs attr detection - [x86] tty: synclink_gt, drop unneeded forward declarations - [x86] tty: synclink_gt: rename a conflicting function name - thermal/core: Potential buffer overflow in thermal_build_list_of_policies() - [arm64,armhf] irqchip/gic-v3-its: Fix potential VPE leak on error - md: fix a lock order reversal in md_alloc - blktrace: Fix uaf in blk_trace access after removing by sysfs - [arm64,armhf] net: stmmac: allow CSR clock of 300MHz - xen/balloon: use a kernel thread instead a workqueue - nvme-multipath: fix ANA state updates when a namespace is not present - qnx4: avoid stringop-overread errors - [arm64] Mark __stack_chk_guard as __ro_after_init - net: 6pack: Fix tx timeout and slot time - [arm64] PCI: aardvark: Fix checking for PIO status - tcp: address problems caused by EDT misshaps - tcp: always set retrans_stamp on recovery - tcp: create a helper to model exponential backoff - tcp: adjust rto_base in retransmits_timed_out() - xen/balloon: fix balloon kthread freezing - tty: Fix out-of-bound vmalloc access in imageblit - cpufreq: schedutil: Use kobject release() method to free sugov_tunables - cpufreq: schedutil: Destroy mutex before kobject_put() frees the memory - mac80211: fix use-after-free in CCMP/GCMP RX - [x86] kvmclock: Move this_cpu_pvti into kvmclock.h - ipvs: check that ip_vs_conn_tab_bits is between 8 and 20 - mac80211: Fix ieee80211_amsdu_aggregate frag_tail bug - mac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap - sctp: break out if skb_header_pointer returns NULL in sctp_rcv_ootb - hwmon: (tmp421) Replace S_ with octal values - hwmon: (tmp421) report /PVLD condition as fault - hwmon: (tmp421) fix rounding for negative values - e100: fix length calculation in e100_get_regs_len - e100: fix buffer overrun in e100_get_regs - Revert "block, bfq: honor already-setup queue merges" - scsi: csiostor: Add module softdep on cxgb4 - af_unix: fix races in sk_peer_pid and sk_peer_cred accesses (CVE-2021-4203) - elf: don't use MAP_FIXED_NOREPLACE for elf interpreter mappings - ext4: fix potential infinite loop in ext4_dx_readdir() - net: udp: annotate data race around udp_sk(sk)->corkflag - [armel,armhf] 9077/1: PLT: Move struct plt_entries definition to header - [armel,armhf] 9078/1: Add warn suppress parameter to arm_gen_branch_link() - [armel,armhf] 9079/1: ftrace: Add MODULE_PLTS support - [armel,armhf] 9098/1: ftrace: MODULE_PLT: Fix build problem without DYNAMIC_FTRACE - [x86] crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd() (CVE-2021-3744, CVE-2021-3764) - HID: betop: fix slab-out-of-bounds Write in betop_probe - netfilter: ipset: Fix oversized kvmalloc() calls - HID: usbhid: free raw_report buffers in usbhid_stop - cred: allow get_cred() and put_cred() to be given NULL. https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.210 - net: mdio: introduce a shutdown method to mdio device drivers - xen-netback: correct success/error reporting for the SKB-with-fraglist case - scsi: sd: Free scsi_disk device via put_device() - [arm*] usb: dwc2: check return value after calling platform_get_resource() - scsi: ses: Retry failed Send/Receive Diagnostic commands - libata: Add ATA_HORKAGE_NO_NCQ_ON_ATI for Samsung 860 and 870 SSD. - lib/timerqueue: Rely on rbtree semantics for next timer (CVE-2021-20317) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.211 - USB: cdc-acm: fix racy tty buffer accesses - USB: cdc-acm: fix break reporting - xen/privcmd: fix error handling in mmap-resource processing - ovl: fix missing negative dentry check in ovl_rename() (CVE-2021-20321) - nfsd4: Handle the NFSv4 READDIR 'dircount' hint being zero - xen/balloon: fix cancelled balloon action - [armhf] dts: omap3430-sdp: Fix NAND device node - [mips,mipsel] bpf, mips: Validate conditional branch offsets (CVE-2021-38300) - [armel,armhf] bpf, arm: Fix register clobbering in div/mod implementation - bpf: Fix integer overflow in prealloc_elems_and_freelist() (CVE-2021-41864) - phy: mdio: fix memory leak - net_sched: fix NULL deref in fifo_set_limit() - [i386] ptp_pch: Load module automatically if ID matches - [armhf] imx6: disable the GIC CPU interface before calling stby-poweroff sequence - net: bridge: use nla_total_size_64bit() in br_get_linkxstats_size() - [arm64,armhf] net: sfp: Fix typo in state machine debug string - netlink: annotate data races around nlk->bound - drm/nouveau/debugfs: fix file release memory leak - rtnetlink: fix if_nlmsg_stats_size() under estimation - i40e: fix endless loop under rtnl - i40e: Fix freeing of uninitialized misc IRQ vector - i2c: acpi: fix resource leak in reconfiguration device addition https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.212 - [armhf] net: phy: bcm7xxx: Fixed indirect MMD operations - HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS - netfilter: ip6_tables: zero-initialize fragment offset - mac80211: Drop frames from invalid MAC address in ad-hoc mode - net: prevent user from passing illegal stab size - mac80211: check return value of rhashtable_init - scsi: ses: Fix unsigned comparison with less than zero - scsi: virtio_scsi: Fix spelling mistake "Unsupport" -> "Unsupported" - [x86] perf/x86: Reset destroy callback on event init failure - sched: Always inline is_percpu_thread() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.213 - ALSA: seq: Fix a potential UAF by wrong private_free call order - ALSA: hda/realtek: Complete partial device name to avoid ambiguity - ALSA: hda/realtek: Add quirk for Clevo X170KM-G - ALSA: hda/realtek - ALC236 headset MIC recording issue - [s390x] fix strrchr() implementation - btrfs: deal with errors when replaying dir entry during log replay - btrfs: deal with errors when adding inode reference during log replay - btrfs: check for error when looking up inode during dir entry replay - [x86] mei: me: add Ice Lake-N device id. - xhci: guard accesses to ep_state in xhci_endpoint_reset() - xhci: Fix command ring pointer corruption while aborting a command - xhci: Enable trust tx length quirk for Fresco FL11 USB controller - cb710: avoid NULL pointer subtraction - [arm64,x86] efi/cper: use stack buffer for error record decoding - efi: Change down_interruptible() in virt_efi_reset_system() to down_trylock() - [armhf] usb: musb: dsps: Fix the probe error path - Input: xpad - add support for another USB ID of Nacon GC-100 - USB: serial: qcserial: add EM9191 QDL support - USB: serial: option: add Quectel EC200S-CN module support - USB: serial: option: add Telit LE910Cx composition 0x1204 - USB: serial: option: add prod. id for Quectel EG91 - virtio: write back F_VERSION_1 before validate - nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells - sctp: account stream padding length for reconf chunk (CVE-2022-0322) - ethernet: s2io: fix setting mac address during resume - nfc: fix error handling of nfc_proto_register() - NFC: digital: fix possible memory leak in digital_tg_listen_mdaa() - NFC: digital: fix possible memory leak in digital_in_send_sdd_req() - [i386] pata_legacy: fix a couple uninitialized variable bugs - [arm64] drm/msm: Fix null pointer dereference on pointer edp - [arm64] drm/msm/dsi: Fix an error code in msm_dsi_modeset_init() - [arm64] drm/msm/dsi: fix off by one in dsi_bus_clk_enable error handling - [arm64] acpi/arm64: fix next_platform_timer() section mismatch error - mqprio: Correct stats in mqprio_dump_class_stats(). - qed: Fix missing error code in qed_slowpath_start() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.214 - NFSD: Keep existing listeners on portlist error - netfilter: ipvs: make global sysctl readonly in non-init netns - [arm64] net: hns3: add limit ets dwrr bandwidth cannot be 0 - [arm64] net: hns3: disable sriov before unload hclge layer - can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state notification - can: peak_pci: peak_pci_remove(): fix UAF - ocfs2: fix data corruption after conversion from inline format - ocfs2: mount fails with buffer overflow in strlen - vfs: check fd has read access in kernel_read_file_from_fd() (CVE-2022-0644) - ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset - ALSA: hda/realtek: Add quirk for Clevo PC50HS - ASoC: DAPM: Fix missing kctl change notifications - mm, slub: fix mismatch between reconstructed freelist depth and cnt - nfc: nci: fix the UAF of rf_conn_info object (CVE-2021-3760) - isdn: cpai: check ctr->cnr to avoid array index out of bound (CVE-2021-43389) - btrfs: deal with errors when checking if a dir entry exists during log replay - [arm64,armhf] net: stmmac: add support for dwmac 3.40a - isdn: mISDN: Fix sleeping function called from invalid context - ALSA: hda: avoid write to STATESTS if controller is in reset - scsi: core: Fix shost->cmd_per_lun calculation in scsi_add_host_with_dma() - net: mdiobus: Fix memory leak in __mdiobus_register - tracing: Have all levels of checks prevent recursion https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.215 - [armel,armhf] 9139/1: kprobes: fix arch_init_kprobes() prototype - [powerpc*] bpf: Fix BPF_MOD when imm == 1 - [arm64] Avoid premature usercopy failure - usbnet: sanity check for maxpacket - usbnet: fix error return code in usbnet_probe() - ata: sata_mv: Fix the error handling of mv_chip_id() - nfc: port100: fix using -ERRNO as command type mask - Revert "net: mdiobus: Fix memory leak in __mdiobus_register" - ipv4: use siphash instead of Jenkins in fnhe_hashfun() (CVE-2021-20322) - ipv6: use siphash in rt6_exception_hash() (CVE-2021-20322) - ipv6: make exception cache less predictible (CVE-2021-20322) - mmc: vub300: fix control-message timeouts - mmc: cqhci: clear HALT state after CQE enable - [armhf] mmc: dw_mmc: exynos: fix the finding clock sample value - mmc: sdhci: Map more voltage level to SDHCI_POWER_330 - [armhf] mmc: sdhci-esdhc-imx: clear the buffer_read_ready to reset standard tuning circuit - net: lan78xx: fix division by zero in send path - RDMA/mlx5: Set user priority for DCT - [arm64] dts: allwinner: h5: NanoPI Neo 2: Fix ethernet node - regmap: Fix possible double-free in regcache_rbtree_exit() - net: batman-adv: fix error handling - net: Prevent infinite while loop in skb_tx_hash() - net: ethernet: microchip: lan743x: Fix driver crash when lan743x_pm_resume fails - net: ethernet: microchip: lan743x: Fix dma allocation failure by using dma_set_mask_and_coherent - sctp: use init_tag from inithdr for ABORT chunk (CVE-2021-3772) - sctp: fix the processing for COOKIE_ECHO chunk (CVE-2021-3772) - sctp: add vtag check in sctp_sf_violation (CVE-2021-3772) - sctp: add vtag check in sctp_sf_do_8_5_1_E_sa (CVE-2021-3772) - sctp: add vtag check in sctp_sf_ootb (CVE-2021-3772) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.216 - scsi: core: Put LLD module refcnt after SCSI device is released - media: firewire: firedtv-avc: fix a buffer overflow in avc_ca_pmt() (CVE-2021-42739) - IB/qib: Use struct_size() helper - IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields - sfc: Fix reading non-legacy supported link modes - arch: pgtable: define MAX_POSSIBLE_PHYSMEM_BITS where needed - [armel,armhf] 9120/1: Revert "amba: make use of -1 IRQs warn" https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.217 - [x86] Revert "x86/kvm: fix vcpu-id indexed array sizes" - usb: ehci: handshake CMD_RUN instead of STS_HALT - [arm64,armhf] usb: musb: Balance list entry in musb_gadget_queue - usb-storage: Add compatibility quirk flags for iODD 2531/2541 - printk/console: Allow to disable console output by using console="" or console=null - isofs: Fix out of bound access for corrupted isofs image - [x86] comedi: dt9812: fix DMA buffers on stack - [x86] comedi: ni_usb6501: fix NULL-deref in command paths - [x86] comedi: vmk80xx: fix transfer-buffer overflows - [x86] comedi: vmk80xx: fix bulk-buffer overflow - [x86] comedi: vmk80xx: fix bulk and interrupt message timeouts - staging: r8712u: fix control-message timeout - [x86] staging: rtl8192u: fix control-message timeouts - rsi: fix control-message timeout https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.218 - xhci: Fix USB 3.1 enumeration issues by increasing roothub power-on-good delay - binder: use euid from cred instead of using task - binder: use cred instead of task for selinux checks - Input: elantench - fix misreporting trackpoint coordinates (Closes: #989285) - libata: fix read log timeout value - ocfs2: fix data corruption on truncate - [arm64,armhf] mmc: dw_mmc: Dont wait for DRTO on Write RSP error - tpm: Check for integer overflow in tpm2_map_response_body() - [x86] media: ite-cir: IR receiver stop working after receive overflow - media: ir-kbd-i2c: improve responsiveness of hauppauge zilog receivers (Closes: #994050) - ALSA: hda/realtek: Add quirk for Clevo PC70HS - ALSA: ua101: fix division by zero at probe - ALSA: 6fire: fix control and bulk message timeouts - ALSA: line6: fix control and interrupt message timeouts - ALSA: usb-audio: Add registration quirk for JBL Quantum 400 - ALSA: synth: missing check for possible NULL after the call to kstrdup - ALSA: timer: Fix use-after-free problem - ALSA: timer: Unconditionally unlink slave instances, too - [x86] irq: Ensure PI wakeup handler is unregistered before module unload - [arm64] cavium: Return negative value when pci_alloc_irq_vectors() fails - scsi: qla2xxx: Fix unmap of already freed sgl - [arm64] cavium: Fix return values of the probe function - sfc: Don't use netif_info before net_device setup - [x86] hyperv/vmbus: include linux/bitops.h - drm: panel-orientation-quirks: Add quirk for Aya Neo 2021 - bpf: Prevent increasing bpf_jit_limit above max - xen/netfront: stop tx queues during live migration - [armhf] spi: spl022: fix Microwire full duplex mode - [armhf] watchdog: Fix OMAP watchdog early handling - [x86] vmxnet3: do not stop tx queues after netif_device_detach() - btrfs: clear MISSING device status bit in btrfs_close_one_device - btrfs: fix lost error handling when replaying directory deletes - btrfs: call btrfs_check_rw_degradable only if there is a missing device - [armhf] regulator: s5m8767: do not use reset value as DVS voltage if GPIO DVS is disabled - [armhf] regulator: dt-bindings: samsung,s5m8767: correct s5m8767,pmic-buck-default-dvs-idx property - EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell - [x86] mwifiex: fix division by zero in fw download path - ath6kl: fix division by zero in send path - ath6kl: fix control-message timeout - ath10k: fix control-message timeout - ath10k: fix division by zero in send path - PCI: Mark Atheros QCA6174 to avoid bus reset - rtl8187: fix control-message timeouts - [arm64] wcn36xx: Fix HT40 capability for 2Ghz band - mwifiex: Read a PCI register after writing the TX ring write pointer - libata: fix checking of DMA state - [arm64] wcn36xx: handle connection loss indication - rsi: fix occasional initialisation failure with BT coex - rsi: fix key enabled check causing unwanted encryption for vap_id > 0 - rsi: fix rate mask set leading to P2P failure - rsi: Fix module dev_oper_mode parameter description - RDMA/qedr: Fix NULL deref for query_qp on the GSI QP - signal: Remove the bogus sigkill_pending in ptrace_stop - [mips*] signal/mips: Update (_save|_restore)_fp_context to fail with -EFAULT - [x86] power: supply: max17042_battery: Prevent int underflow in set_soc_threshold - [x86] power: supply: max17042_battery: use VFSOC for capacity when no rsns - serial: core: Fix initializing and restoring termios speed - ALSA: mixer: oss: Fix racy access to slots - ALSA: mixer: fix deadlock in snd_mixer_oss_set_volume - xen/balloon: add late_initcall_sync() for initial ballooning done - [arm64] PCI: aardvark: Do not clear status bits of masked interrupts - [arm64] PCI: aardvark: Do not unmask unused interrupts - [arm64] PCI: aardvark: Fix return value of MSI domain .alloc() method - [arm64] PCI: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG - quota: check block number when reading the block in quota file - quota: correct error number in free_dqentry() - pinctrl: core: fix possible memory leak in pinctrl_enable() - iio: dac: ad5446: Fix ad5622_write() return value - USB: serial: keyspan: fix memleak on probe errors - USB: iowarrior: fix control-message timeouts - drm: panel-orientation-quirks: Add quirk for KD Kurio Smart C15200 2-in-1 - Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg() (CVE-2021-3640) - Bluetooth: fix use-after-free error in lock_sock_nested() (CVE-2021-3752) - [x86] platform/x86: wmi: do not fail if disabling fails - locking/lockdep: Avoid RCU-induced noinstr fail - net: sched: update default qdisc visibility after Tx queue cnt changes - [x86] Increase exception stack sizes - mwifiex: Run SET_BSS_MODE when changing from P2P to STATION vif-type - mwifiex: Properly initialize private structure on interface type changes - media: netup_unidvb: handle interrupt properly according to the firmware - media: uvcvideo: Set capability in s_param - media: uvcvideo: Return -EIO for control errors - media: mceusb: return without resubmitting URB in case of -EPROTO error. - ACPICA: Avoid evaluating methods too early during system resume - media: usb: dvd-usb: fix uninit-value bug in dibusb_read_eeprom_byte() - tracefs: Have tracefs directories not set OTH permission bits by default - ath: dfs_pattern_detector: Fix possible null-pointer dereference in channel_detector_create() - [x86] ACPI: battery: Accept charges over the design capacity as full - memstick: r592: Fix a UAF bug when removing the driver - lib/xz: Avoid overlapping memcpy() with invalid input with in-place decompression - lib/xz: Validate the value before assigning it to an enum variable - workqueue: make sysfs of unbound kworker cpumask more clever - mwl8k: Fix use-after-free in mwl8k_fw_state_machine() - PM: hibernate: Get block device exclusively in swsusp_check() - iwlwifi: mvm: disable RX-diversity in powersave - gre/sit: Don't generate link-local addr if addr_gen_mode is IN6_ADDR_GEN_MODE_NONE - [x86] hyperv: Protect set_hv_tscchange_cb() against getting preempted - task_stack: Fix end_of_stack() for architectures with upwards-growing stack - Bluetooth: fix init and cleanup of sco_conn.timeout_work - cgroup: Make rebind_subsystems() disable v2 controllers all at once - drm/amdgpu: fix warning for overflow check - media: em28xx: add missing em28xx_close_extension - media: dvb-usb: fix ununit-value in az6027_rc_query - media: si470x: Avoid card name truncation - media: cx23885: Fix snd_card_free call on null card pointer - cpuidle: Fix kobject memory leaks in error paths - media: em28xx: Don't use ops->suspend if it is NULL - ath9k: Fix potential interrupt storm on queue reset - [x86] crypto: qat - detect PFVF collision after ACK - [x86] crypto: qat - disregard spurious PFVF interrupts - b43legacy: fix a lower bounds test - b43: fix a lower bounds test - [armhf] mmc: sdhci-omap: Fix NULL pointer exception if regulator is not configured - memstick: jmb38x_ms: use appropriate free function in jmb38x_ms_alloc_host() - hwmon: Fix possible memleak in __hwmon_device_register() - ath10k: fix max antenna gain unit - [arm64] drm/msm: uninitialized variable in msm_gem_import() - net: stream: don't purge sk_error_queue in sk_stream_kill_queues() - [x86] platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning - rsi: stop thread firstly in rsi_91x_init() error handling - mwifiex: Send DELBA requests according to spec - phy: micrel: ksz8041nl: do not use power down mode - nvme-rdma: fix error code in nvme_rdma_setup_ctrl - PM: hibernate: fix sparse warnings - [arm64] drm/msm: Fix potential NULL dereference in DPU SSPP - [s390x] gmap: don't unconditionally call pte_unmap_unlock() in __gmap_zap() - tcp: don't free a FIN sk_buff in tcp_remove_empty_skb() - [s390x] KVM: s390: Fix handle_sske page fault handling - libertas_tf: Fix possible memory leak in probe and disconnect - libertas: Fix possible memory leak in probe and disconnect - [arm64] wcn36xx: add proper DMA memory barriers in rx path - [amd64,arm64] net: amd-xgbe: Toggle PLL settings during rate change - [arm64,armhf] net: phylink: avoid mvneta warning when setting pause parameters - crypto: pcrypt - Delay write to padata->info - RDMA/rxe: Fix wrong port_cap_flags - scsi: dc395: Fix error case unwinding - JFS: fix memleak in jfs_mount - ALSA: hda: Reduce udelay() at SKL+ position reporting - [arm64,armhf] soc/tegra: Fix an error handling path in tegra_powergate_power_up() - serial: 8250_dw: Drop wrong use of ACPI_PTR() - scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn() - RDMA/mlx4: Return missed an error if device doesn't support steering - [arm64] phy: qcom-qusb2: Fix a memory leak on probe - [arm64] serial: xilinx_uartps: Fix race condition causing stuck TX - [mips*] cm: Convert to bitfield API to fix out-of-bounds access - apparmor: fix error check - rpmsg: Fix rpmsg_create_ept return when RPMSG config is not defined - pnfs/flexfiles: Fix misplaced barrier in nfs4_ff_layout_prepare_ds - drm/plane-helper: fix uninitialized variable reference - [arm64] PCI: aardvark: Don't spam about PIO Response Status - NFS: Fix deadlocks in nfs_scan_commit_list() - fs: orangefs: fix error return code of orangefs_revalidate_lookup() - [arm64] mtd: spi-nor: hisi-sfc: Remove excessive clk_disable_unprepare() - netfilter: nfnetlink_queue: fix OOB when mac header was cleared - dmaengine: dmaengine_desc_callback_valid(): Check for `callback_result` - [x86] watchdog: f71808e_wdt: fix inaccurate report in WDIOC_GETTIMEOUT - scsi: qla2xxx: Fix gnl list corruption - scsi: qla2xxx: Turn off target reset during issue_lip - xen-pciback: Fix return in pm_ctrl_init() - [armhf] net: davinci_emac: Fix interrupt pacing disable - bonding: Fix a use-after-free problem when bond_sysfs_slave_add() failed - mm/zsmalloc.c: close race window between zs_pool_dec_isolated() and zs_unregister_migration() - zram: off by one in read_block_state() - llc: fix out-of-bound array index in llc_sk_dev_hash() - nfc: pn533: Fix double free when pn533_fill_fragment_skbs() fails - [arm64] pgtable: make __pte_to_phys/__phys_to_pte_val inline functions - vsock: prevent unnecessary refcnt inc for nonblocking connect - cxgb4: fix eeprom len when diagnostics not implemented - [arm64,armhf] USB: chipidea: fix interrupt deadlock - [armel,armhf] 9155/1: fix early early_iounmap() - f2fs: should use GFP_NOFS for directory inodes - 9p/net: fix missing error check in p9_check_errors - [powerpc*] lib: Add helper to check if offset is within conditional branch range - [powerpc*] bpf: Validate branch ranges - [powerpc*] bpf: Fix BPF_SUB when imm == 0x80000000 - [powerpc*] security: Add a helper to query stf_barrier type - [powerpc*] bpf: Emit stf barrier instruction sequences for BPF_NOSPEC - mm, oom: pagefault_out_of_memory: don't force global OOM for dying tasks - mm, oom: do not trigger out_of_memory from the #PF - [armhf] backlight: gpio-backlight: Correct initial power state handling - video: backlight: Drop maximum brightness override for brightness zero - [s390x] cio: check the subchannel validity for dev_busid - [s390x] tape: fix timer initialization in tape_std_assign() - PCI: Add PCI_EXP_DEVCTL_PAYLOAD_* macros - fuse: truncate pagecache on atomic_o_trunc - [x86] cpu: Fix migration safety with X86_BUG_NULL_SEL - ext4: fix lazy initialization next schedule time computation in more granular unit - PCI/MSI: Destroy sysfs before freeing entries - PCI/MSI: Deal with devices lying about their MSI mask capability - PCI: Add MSI masking quirk for Nvidia ION AHCI - [arm64] zynqmp: Do not duplicate flash partition label property - [arm64] zynqmp: Fix serial compatible string - scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() - [armhf] usb: musb: tusb6010: check return value after calling platform_get_resource() - [x86] usb: typec: tipd: Remove WARN_ON in tps6598x_block_read - [x86] ASoC: nau8824: Add DMI quirk mechanism for active-high jack-detect - scsi: advansys: Fix kernel pointer leak - firmware_loader: fix pre-allocated buf built-in firmware use - tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc - scsi: target: Fix ordered tag handling - scsi: target: Fix alua_tg_pt_gps_count tracking - [i386] ALSA: gus: fix null pointer dereference on pointer block - f2fs: fix up f2fs_lookup tracepoints - sched/core: Mitigate race cpus_share_cache()/update_top_cache_domain() - drm/nouveau: hdmigv100.c: fix corrupted HDMI Vendor InfoFrame - iavf: check for null in iavf_fix_features - iavf: Fix for the false positive ASQ/ARQ errors while issuing VF reset - [x86] platform/x86: hp_accel: Fix an error handling path in 'lis3lv02d_probe()' - net: virtio_net_hdr_to_skb: count transport header in UFO - i40e: Fix correct max_pkt_size on VF RX queue - i40e: Fix NULL ptr dereference on VSI filter sync - i40e: Fix changing previously set num_queue_pairs for PFs - i40e: Fix display error code in dmesg - NFC: reorganize the functions in nci_request - [x86] perf/x86/intel/uncore: Fix filter_tid mask for CHA events on Skylake Server - [x86] perf/x86/intel/uncore: Fix IIO event constraints for Skylake Server - tun: fix bonding active backup with arp monitoring - ipc: WARN if trying to remove ipc object which is absent - [x86] hyperv: Fix NULL deref in set_hv_tscchange_cb() if Hyper-V setup fails - udf: Fix crash after seekdir - btrfs: fix memory ordering between normal and ordered work functions - cfg80211: call cfg80211_stop_ap when switch from P2P_GO type - drm/udl: fix control-message timeout - drm/amdgpu: fix set scaling mode Full/Full aspect/Center not works on vga and dvi connectors - perf/core: Avoid put_page() when GUP fails - batman-adv: mcast: fix duplicate mcast packets in BLA backbone from LAN - batman-adv: Consider fragmentation for needed_headroom - batman-adv: Reserve needed_*room for fragments - batman-adv: Don't always reallocate the fragmentation skb head - RDMA/netlink: Add __maybe_unused to static inline in C file - ASoC: DAPM: Cover regression by kctl change notification fix - [arm64,armhf] soc/tegra: pmc: Fix imbalanced clock disabling in error code path https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.219 - USB: serial: option: add Telit LE910S1 0x9200 composition - USB: serial: option: add Fibocom FM101-GL variants - [arm*] usb: dwc2: hcd_queue: Fix use of floating point literal - usb: hub: Fix usb enumeration issue due to address0 race - usb: hub: Fix locking issues with address0_mutex - [arm*] binder: fix test regression due to sender_euid change - ALSA: ctxfi: Fix out-of-range access - media: cec: copy sequence field for the reply - HID: wacom: Use "Confidence" flag to prevent reporting invalid contacts - [x86] staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() - fuse: fix page stealing - xen: don't continue xenstore initialization in case of errors - xen: detect uninitialized xenbus in xenbus_init - tracing: Fix pid filtering when triggers are attached - proc/vmcore: fix clearing user buffer by properly using clear_user() - [arm64] PCI: aardvark: Fix a leaked reference by adding missing of_node_put() - [arm64] PCI: aardvark: Wait for endpoint to be ready before training link - [arm64] PCI: aardvark: Train link immediately after enabling training - [arm64] PCI: aardvark: Improve link training - [arm64] PCI: aardvark: Issue PERST via GPIO - [arm64] PCI: aardvark: Replace custom macros by standard linux/pci_regs.h macros - [arm64] PCI: aardvark: Indicate error in 'val' when config read fails - [arm64] PCI: aardvark: Don't touch PCIe registers if no card connected - [arm64] PCI: aardvark: Fix compilation on s390 - [arm64] PCI: aardvark: Move PCIe reset card code to advk_pcie_train_link() - [arm64] PCI: aardvark: Update comment about disabling link training - [arm64] PCI: aardvark: Configure PCIe resources from 'ranges' DT property - [arm64] PCI: aardvark: Fix PCIe Max Payload Size setting - [arm64] PCI: aardvark: Fix link training - [arm64] PCI: aardvark: Fix checking for link up via LTSSM state - [arm64] pinctrl: armada-37xx: Correct mpp definitions - [arm64] pinctrl: armada-37xx: add missing pin: PCIe1 Wakeup - [arm64] pinctrl: armada-37xx: Correct PWM pins definitions - [arm64] dts: marvell: armada-37xx: Set pcie_reset_pin to gpio function - netfilter: ipvs: Fix reuse connection if RS weight is 0 - [x86] ASoC: topology: Add missing rwsem around snd_ctl_remove() calls - net: ieee802154: handle iftypes as u32 - NFSv42: Don't fail clone() unless the OP_CLONE operation failed - [armhf] socfpga: Fix crash with CONFIG_FORTIRY_SOURCE - scsi: mpt3sas: Fix kernel panic during drive powercycle test - [arm*] drm/vc4: fix error code in vc4_create_object() - ipv6: fix typos in __ip6_finish_output() - net/smc: Ensure the active closing peer first closes clcsock - PM: hibernate: use correct mode for swsusp_close() - tcp_cubic: fix spurious Hystart ACK train detections for not-cwnd-limited flows - net/smc: Don't call clcsock shutdown twice when smc shutdown - [arm64] net: hns3: fix VF RSS failed problem after PF enable multi-TCs - vhost/vsock: fix incorrect used length reported to the guest - tracing: Check pid filtering when creating events - [s390x] mm: validate VMA in PGSTE manipulation functions - hugetlbfs: flush TLBs correctly after huge_pmd_unshare (CVE-2021-4002) - NFC: add NCI_UNREG flag to eliminate the race - fuse: release pipe buf after last use - xen: sync include/xen/interface/io/ring.h with Xen's newest version - xen/blkfront: read response from backend only once - xen/blkfront: don't take local copy of a request from the ring page - xen/blkfront: don't trust the backend response data blindly - xen/netfront: read response from backend only once - xen/netfront: don't read data from request on the ring page - xen/netfront: disentangle tx_skb_freelist - xen/netfront: don't trust the backend response data blindly - tty: hvc: replace BUG_ON() with negative return value https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.220 - shm: extend forced shm destroy to support objects from several IPC nses - NFSv42: Fix pagecache invalidation after COPY/CLONE - gfs2: Fix length of holes reported at end-of-file - [amd64] atlantic: Fix OOB read and write in hw_atl_utils_fw_rpc_wait (CVE-2021-43975) - net: return correct error code - [x86] platform/x86: thinkpad_acpi: Fix WWAN device disabled issue after S3 deep - [s390x] setup: avoid using memblock_enforce_memory_limit - btrfs: check-integrity: fix a warning on write caching disabled disk - thermal: core: Reset previous low and high trip during thermal zone init - scsi: iscsi: Unblock session then wake up error handler - ata: ahci: Add Green Sardine vendor ID as board_ahci_mobile - [arm64] ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port() - vrf: Reset IPCB/IP6CB when processing outbound pkts in vrf dev xmit - kprobes: Limit max data_size of the kretprobe instances - ipmi: Move remove_work to dedicated workqueue - fs: add fget_many() and fput_many() - fget: check that the fd still exists after getting a ref to it (CVE-2021-4083) - net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings() - net: mpls: Fix notifications when deleting a device - siphash: use _unaligned version by default - net/mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources() - rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer() - net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of "0" if no IRQ is available - net: annotate data-races on txq->xmit_lock_owner - net/rds: correct socket tunable error in rds_tcp_tune() - net/smc: Keep smc_close_final rc during active close - [arm64] drm/msm: Do hw_init() before capturing GPU state - vgacon: Propagate console boot parameters before calling `vc_resize' - xhci: Fix commad ring abort, write all 64 bits to CRCR register. - USB: NO_LPM quirk Lenovo Powered USB-C Travel Hub - [x86] usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect - [amd64] mm: Map all kernel memory into trampoline_pgd - [arm64] tty: serial: msm_serial: Deactivate RX DMA for polling support - [arm64] serial: pl011: Add ACPI SBSA UART match id - serial: core: fix transmit-buffer reset and memleak - ipmi: msghandler: Make symbol 'remove_work_wq' static https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.221 - HID: add hid_is_usb() function to make it simpler for USB detection - HID: wacom: fix problems when device is not a valid USB device - HID: check for valid USB device for many HID drivers - can: kvaser_usb: get CAN clock frequency from device - [x86] can: sja1000: fix use after free in ems_pcmcia_add_card() - net: core: netlink: add helper refcount dec and lock function - net: sched: rename qdisc_destroy() to qdisc_put() - net: sched: extend Qdisc with rcu - net: sched: add helper function to take reference to Qdisc - net: sched: use Qdisc rcu API instead of relying on rtnl lock - nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done - bpf: Fix the off-by-two error in range markings - ice: ignore dropped packets during init - bonding: make tx_rebalance_counter an atomic - nfp: Fix memory leak in nfp_cpp_area_cache_add() - seg6: fix the iif in the IPv6 socket control block - udp: using datalen to cap max gso segments - [amd64] IB/hfi1: Correct guard on eager buffer deallocation - mm: bdi: initialize bdi_min_ratio when bdi is unregistered - ALSA: ctl: Fix copy of updated id with element read/write - ALSA: pcm: oss: Fix negative period/buffer sizes - ALSA: pcm: oss: Limit the period size to 16MB - ALSA: pcm: oss: Handle missing errors in snd_pcm_oss_change_params*() - tracefs: Have new files inherit the ownership of their parent - [arm64] clk: qcom: regmap-mux: fix parent clock lookup - [i386] can: pch_can: pch_can_rx_normal: fix use after free - libata: add horkage for ASMedia 1092 - wait: add wake_up_pollfree() - binder: use wake_up_pollfree() - signalfd: use wake_up_pollfree() - aio: keep poll requests on waitqueue until completed - aio: fix use-after-free due to missing POLLFREE handling - tracefs: Set all files to the same group ownership as the mount option - block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2) - qede: validate non LSO skb length - i40e: Fix pre-set max number of queues for VF - net: cdc_ncm: Allow for dwNtbOutMaxSize to be unset or zero - [armhf] net: fec: only clear interrupt of handling queue in fec_enet_rx_queue() - net, neigh: clear whole pneigh_entry at alloc time - net/qla3xxx: fix an error code in ql_adapter_up() - USB: gadget: detect too-big endpoint 0 requests (CVE-2021-39685) - USB: gadget: zero allocate endpoint 0 buffers (CVE-2021-39685) - usb: core: config: fix validation of wMaxPacketValue entries - xhci: Remove CONFIG_USB_DEFAULT_PERSIST to prevent xHCI from runtime suspending - usb: core: config: using bit mask instead of individual bits - xhci: avoid race between disable slot command and host runtime suspend - iio: trigger: Fix reference counting - [armhf] iio: mma8452: Fix trigger reference couting - [arm64,armhf] iio: adc: axp20x_adc: fix charging current reporting on AXP22x - [x86] iio: accel: kxcjk-1013: Fix possible memory leak in probe and remove - [armhf] irqchip/armada-370-xp: Fix return value of armada_370_xp_msi_alloc() - [armhf] irqchip/armada-370-xp: Fix support for Multi-MSI interrupts - [arm64,armhf] irqchip/irq-gic-v3-its.c: Force synchronisation when issuing INVALL - net_sched: fix a crash in tc_new_tfilter() - net: sched: make function qdisc_free_cb() static https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.222 - stable: clamp SUBLEVEL in 4.19 - nfc: fix segfault in nfc_genl_dump_devices_done - [arm64] drm/msm/dsi: set default num_data_lanes - net/mlx4_en: Update reported link modes for 1/10G - [arm64,armhf] i2c: rk3x: Handle a spurious start completion interrupt flag - net: netlink: af_netlink: Prevent empty skb by adding a check on len. - tracing: Fix a kmemleak false positive in tracing_map - [x86] hwmon: (dell-smm) Fix warning on /proc/i8k creation error - mac80211: send ADDBA requests using the tid/queue of the aggregation session - dm btree remove: fix use after free in rebalance_children() - audit: improve robustness of the audit queue handling - nfsd: fix use-after-free due to delegation race (Closes: #988044) - [x86] sme: Explicitly map new EFI memmap table as encrypted - mac80211: track only QoS data frames for admission control - [armhf] socfpga: dts: fix qspi node compatible - sch_cake: do not call cake_destroy() from cake_init() - rds: memory leak in __rds_conn_create() (CVE-2021-45480) - [arm64,armhf] soc/tegra: fuse: Fix bitwise vs. logical OR warning - igb: Fix removal of unicast MAC filters of VFs - igbvf: fix double free in `igbvf_probe` - ixgbe: set X550 MDIO speed before talking to PHY - netdevsim: Zero-initialize memory for new map's value in function nsim_bpf_map_alloc (CVE-2021-4135) - net/packet: rx_owner_map depends on pg_vec (CVE-2021-22600) - sit: do not call ipip6_dev_free() from sit_init_net() - USB: gadget: bRequestType is a bitfield, not a enum - USB: NO_LPM quirk Lenovo USB-C to Ethernet Adapher(RTL8153-04) - PCI/MSI: Clear PCI_MSIX_FLAGS_MASKALL on error - PCI/MSI: Mask MSI-X vectors only on success - USB: serial: cp210x: fix CP2105 GPIO registration - USB: serial: option: add Telit FN990 compositions - timekeeping: Really make sure wall_to_monotonic isn't positive - libata: if T_LENGTH is zero, dma direction should be DMA_NONE - drm/amdgpu: correct register access for RLC_JUMP_TABLE_RESTORE - mac80211: validate extended element ID is present - [armel] 8805/2: remove unneeded naked function usage - mwifiex: Remove unnecessary braces from HostCmd_SET_SEQ_NO_BSS_INFO - Input: touchscreen - avoid bitwise vs logical OR warning - media: mxl111sf: change mutex_init() location - fuse: annotate lock in fuse_reverse_inval_entry() - ovl: fix warning in ovl_create_real() - scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select() - xen/blkfront: harden blkfront against event channel storms (CVE-2021-28711) - xen/netfront: harden netfront against event channel storms (CVE-2021-28712) - xen/console: harden hvc_xen against event channel storms (CVE-2021-28713) - xen/netback: fix rx queue stall detection (CVE-2021-28714) - xen/netback: don't queue unlimited number of packages (CVE-2021-28715) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.223 - net: usb: lan78xx: add Allied Telesis AT29M2-AF - block, bfq: improve asymmetric scenarios detection - block, bfq: fix asymmetric scenarios detection - block, bfq: fix decrement of num_active_groups - block, bfq: fix queue removal from weights tree - block, bfq: fix use after free in bfq_bfqq_expire - HID: holtek: fix mouse probing - [arm64] dts: allwinner: orangepi-zero-plus: fix PHY mode - [arm64] spi: change clk_disable_unprepare to clk_unprepare - IB/qib: Fix memory leak in qib_user_sdma_queue_pkts() - netfilter: fix regression in looped (broad|multi)cast's MAC handling - qlcnic: potential dereference null pointer of rx_queue->page_ring - net: accept UFOv6 packages in virtio_net_hdr_to_skb - net: skip virtio_net_hdr_set_proto if protocol already set - ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module - bonding: fix ad_actor_system option setting to default - [amd64] fjes: Check for error irq - [armhf] drivers: net: smc911x: Check for error irq - sfc: falcon: Check null pointer of rx_queue->page_ring - hwmon: (lm90) Fix usage of CONFIG2 register in detect function - ALSA: jack: Check the return value of kstrdup() - ALSA: drivers: opl3: Fix incorrect use of vp->state - Input: atmel_mxt_ts - fix double free in mxt_read_info_block - ipmi: bail out if init_srcu_struct fails - ipmi: fix initialization when workqueue allocation fails - [x86] pkey: Fix undefined behaviour with PKRU_WD_BIT - [armel,armhf] 9169/1: entry: fix Thumb2 bug in iWMMXt exception handling - f2fs: fix to do sanity check on last xattr entry in __f2fs_setxattr() (CVE-2021-45469) - usb: gadget: u_ether: fix race in setting MAC address in setup phase - [x86] KVM: VMX: Fix stale docs for kvm-intel.emulate_invalid_guest_state - hwmon: (lm90) Do not report 'busy' status bit as alarm - ax25: NPD bug when detaching AX25 device - hamradio: defer ax25 kfree after unregister_netdev - hamradio: improve the incomplete fix to avoid NPD - phonet/pep: refuse to enable an unbound pipe https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.224 - [arm64] tee: handle lookup of shm with reference count 0 (CVE-2021-44733) - Input: i8042 - add deferred probe support - [x86] Input: i8042 - enable deferred probe quirk for ASUS UM325UA - [x86] platform/x86: apple-gmux: use resource_size() with res - selinux: initialize proto variable in selinux_ip_postroute_compat() - scsi: lpfc: Terminate string in lpfc_debugfs_nvmeio_trc_write() - udp: using datalen to cap ipv6 udp max gso segments - sctp: use call_rcu to free endpoint - net: usb: pegasus: Do not drop long Ethernet frames - net/mlx5e: Fix wrong features assignment in case of error - i2c: validate user data in compat ioctl - nfc: uapi: use kernel size_t to fix user-space builds - uapi: fix linux/nfc.h userspace compilation errors - xhci: Fresco FL1100 controller should not have BROKEN_MSI quirk set. - usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear. - [arm*] binder: fix async_free_space accounting for empty parcels - [x86] scsi: vmw_pvscsi: Set residual data length conditionally - Input: appletouch - initialize work before device registration - Input: spaceball - fix parsing of movement data packets - net: fix use-after-free in tw_timer_handler https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.225 - tracing: Fix check for trace_percpu_buffer validity in get_trace_buf() - tracing: Tag trace_percpu_buffer as a percpu pointer - ieee802154: atusb: fix uninit value in atusb_set_extended_addr - RDMA/core: Don't infoleak GRH fields - mac80211: initialize variable have_higher_than_11mbit - i40e: fix use-after-free in i40e_sync_filters_subtask() - i40e: Fix incorrect netdev's real number of RX/TX queues - ipv6: Check attribute length for RTA_GATEWAY in multipath route - ipv6: Check attribute length for RTA_GATEWAY when deleting multipath route - sch_qfq: prevent shift-out-of-bounds in qfq_init_qdisc - xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate (CVE-2021-4155) - rndis_host: support Hytera digital radios - phonet: refcount leak in pep_sock_accep (CVE-2021-45095) - ipv6: Continue processing multipath route even if gateway attribute is invalid - ipv6: Do cleanup if attribute validation fails in multipath route - scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown() - ip6_vti: initialize __ip6_tnl_parm struct in vti6_siocdevprivate - net: udp: fix alignment problem in udp4_seq_show() - mISDN: change function names to avoid conflicts https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.226 - Bluetooth: bfusb: fix division by zero in send path - USB: core: Fix bug in resuming hub's handling of wakeup requests - USB: Fix "slab-out-of-bounds Write" bug in usb_hcd_poll_rh_status - can: bcm: switch timer to HRTIMER_MODE_SOFT and remove hrtimer_tasklet - veth: Do not record rx queue hint in veth_xmit - [x86] mfd: intel-lpss: Fix too early PM enablement in the ACPI ->probe() - can: gs_usb: fix use of uninitialized variable, detach device on reception of invalid USB data - can: gs_usb: gs_can_start_xmit(): zero-initialize hf->{flags,reserved} - random: fix data race on crng_node_pool - random: fix data race on crng init time - [x86] drm/i915: Avoid bitwise vs logical OR warning in snb_wm_latency_quirk() - kbuild: Add $(KBUILD_HOSTLDFLAGS) to 'has_libelf' test - orangefs: Fix the size of a memory allocation in orangefs_bufmap_alloc() - [s390x] KVM: s390: Clarify SIGP orders versus STOP/RESTART - media: uvcvideo: fix division by zero at stream start - rtlwifi: rtl8192cu: Fix WARNING when calling local_irq_restore() with interrupts enabled - firmware: qemu_fw_cfg: fix sysfs information leak - firmware: qemu_fw_cfg: fix NULL-pointer deref on duplicate entries - firmware: qemu_fw_cfg: fix kobject leak in probe error path - ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Master after reboot from Windows - HID: uhid: Fix worker destroying device without any protection - HID: wacom: Reset expected and received contact counts at the same time - HID: wacom: Ignore the confidence flag when a touch is removed - HID: wacom: Avoid using stale array indicies to read contact count - f2fs: fix to do sanity check in is_alive() - nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind() - [armhf] mtd: rawnand: gpmi: Remove explicit default gpmi clock setting for i.MX6 - [x86] gpu: Reserve stolen memory for first integrated Intel GPU - rtc: cmos: take rtc_lock while reading from CMOS - media: flexcop-usb: fix control-message timeouts - media: mceusb: fix control-message timeouts - media: em28xx: fix control-message timeouts - media: cpia2: fix control-message timeouts - media: s2255: fix control-message timeouts - media: dib0700: fix undefined behavior in tuner shutdown - media: redrat3: fix control-message timeouts - media: pvrusb2: fix control-message timeouts - media: stk1160: fix control-message timeouts - [x86] can: softing_cs: softingcs_probe(): fix memleak on registration failure - PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller - shmem: fix a race between shmem_unused_huge_shrink and shmem_evict_inode - Bluetooth: cmtp: fix possible panic when cmtp_init_sockets() fails - [arm*] clk: bcm-2835: Pick the closest clock rate - [arm*] clk: bcm-2835: Remove rounding up the dividers - [arm64] wcn36xx: Indicate beacon not connection loss on MISSED_BEACON_IND - [arm64] wcn36xx: Release DMA channel descriptor allocations - media: videobuf2: Fix the size printk format - media: em28xx: fix memory leak in em28xx_init_dev - Bluetooth: stop proccessing malicious adv data - [arm64] tee: fix put order in teedev_close_context() - media: dmxdev: fix UAF when dvb_register_device() fails - [arm64] crypto: qce - fix uaf on qce_ahash_register_one - netfilter: bridge: add support for pppoe filtering - drm/amdgpu: Fix a NULL pointer dereference in amdgpu_connector_lcd_native_mode() - drm/radeon/radeon_kms: Fix a NULL pointer dereference in radeon_driver_open_kms() - [arm*] serial: amba-pl011: do not request memory region twice - floppy: Fix hang in watchdog when disk is ejected - media: dib8000: Fix a memleak in dib8000_init() - media: saa7146: mxb: Fix a NULL pointer dereference in mxb_attach() - media: si2157: Fix "warm" tuner state detection - sched/rt: Try to restart rt period timer when rt runtime exceeded - xfrm: fix a small bug in xfrm_sa_len() - media: dw2102: Fix use after free - media: msi001: fix possible null-ptr-deref in msi001_probe() - [arm64] drm/msm/dpu: fix safe status debugfs file - xfrm: interface with if_id 0 should return error - xfrm: state and policy should fail if XFRMA_IF_ID 0 - usb: ftdi-elan: fix memory leak on device disconnect - [armhf] mmc: meson-mx-sdio: add IRQ check - [x86] mce/inject: Avoid out-of-bounds write when setting flags - [x86] pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in __nonstatic_find_io_region() - [x86] pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in nonstatic_find_mem_region() - netfilter: ipt_CLUSTERIP: fix refcount leak in clusterip_tg_check() - ppp: ensure minimum packet size in ppp_write() - Bluetooth: hci_bcm: Check for error irq - [arm64,armhf] spi: spi-meson-spifc: Add missing pm_runtime_disable() in meson_spifc_probe - tpm: add request_locality before write TPM_INT_ENABLE - can: softing: softing_startstop(): fix set but not used variable warning - pcmcia: fix setting of kthread task states - net: mcs7830: handle usb read errors properly - ext4: avoid trim error on fs with small groups - ALSA: jack: Add missing rwsem around snd_ctl_remove() calls - ALSA: PCM: Add missing rwsem around snd_ctl_remove() calls - ALSA: hda: Add missing rwsem around snd_ctl_remove() calls - [arm64] RDMA/hns: Validate the pkey index - [powerpc*] prom_init: Fix improper check of prom_getprop() - ALSA: oss: fix compile error when OSS_DEBUG is enabled - [arm64,armhf] iommu/io-pgtable-arm: Fix table descriptor paddr formatting - scsi: ufs: Fix race conditions related to driver data - RDMA/core: Let ib_find_gid() continue search even after empty entry - [x86] ASoC: rt5663: Handle device_property_read_u32_array error codes - [arm*] iommu/iova: Fix race between FQ timeout and teardown - RDMA/cxgb4: Set queue pair state when being queried - Bluetooth: Fix debugfs entry leak in hci_register_dev() - fs: dlm: filter user dlm messages for kernel locks - ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START reply - drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR - usb: gadget: f_fs: Use stream_open() for endpoint files - HID: apple: Do not reset quirks when the Fn key is not found - media: b2c2: Add missing check in flexcop_pci_isr: - gpiolib: acpi: Do not set the IRQ type if the IRQ is already in use - [armhf] HSI: core: Fix return freed object in hsi_new_client - [x86] mwifiex: Fix skb_over_panic in mwifiex_usb_recv() (CVE-2021-43976) - rsi: Fix out-of-bounds read in rsi_read_pkt() - floppy: Add max size check for user space request - media: saa7146: hexium_orion: Fix a NULL pointer dereference in hexium_attach() - media: m920x: don't use stack on USB reads - iwlwifi: mvm: synchronize with FW after multicast commands - ath10k: Fix tx hanging - net-sysfs: update the queue counts in the unregistration path - [x86] mce: Mark mce_panic() noinstr - [x86] mce: Mark mce_end() noinstr - [x86] mce: Mark mce_read_aux() noinstr - net: bonding: debug: avoid printing debug logs when bond is not notifying peers - bpf: Do not WARN in bpf_warn_invalid_xdp_action() - HID: quirks: Allow inverting the absolute X/Y values - media: igorplugusb: receiver overflow should be reported - media: saa7146: hexium_gemini: Fix a NULL pointer dereference in hexium_attach() - mmc: core: Fixup storing of OCR for MMC_QUIRK_NONSTD_SDIO - audit: ensure userspace is penalized the same as the kernel when under pressure - usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0 - ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream - iwlwifi: fix leaks/bad data after failed firmware load - iwlwifi: remove module loading failure message - iwlwifi: mvm: Fix calculation of frame length - jffs2: GC deadlock reading a page that is used in jffs2_write_begin() - ACPICA: actypes.h: Expand the ACPI_ACCESS_ definitions - ACPICA: Utilities: Avoid deleting the same object twice in a row - ACPICA: Executer: Fix the REFCLASS_REFOF case in acpi_ex_opcode_1A_0T_1R() - ACPICA: Hardware: Do not flush CPU cache when entering S4 and S5 - drm/amdgpu: fixup bad vram size on gmc v8 - [x86] ACPI: battery: Add the ThinkPad "Not Charging" quirk - btrfs: remove BUG_ON() in find_parent_nodes() - btrfs: remove BUG_ON(!eie) in find_parent_nodes - net: mdio: Demote probed message to debug print - mac80211: allow non-standard VHT MCS-10/11 - dm btree: add a defensive bounds check to insert_at() - dm space map common: add bounds check to sm_ll_lookup_bitmap() - net: phy: marvell: configure RGMII delays for 88E1118 - [arm64] regulator: qcom_smd: Align probe function with rpmh-regulator - [arm64,armhf] serial: pl010: Drop CR register reset on set_termios - serial: core: Keep mctrl register state and cached copy in sync - [powerpc*] powernv: add missing of_node_put - [powerpc*] btext: add missing of_node_put - [powerpc*] watchdog: Fix missed watchdog reset due to memory ordering race - [x86] i2c: i801: Don't silently correct invalid transfer size - [powerpc*] smp: Move setup_profiling_timer() under CONFIG_PROFILING - [powerpc*] i2c: mpc: Correct I2C reset procedure - w1: Misuse of get_user()/put_user() reported by sparse - ALSA: seq: Set upper limit of processed events - [powerpc*] handle kdump appropriately with crash_kexec_post_notifiers option - [mips*] OCTEON: add put_device() after of_find_device_by_node() - [x86] i2c: designware-pci: Fix to change data types of hcnt and lcnt parameters - scsi: sr: Don't use GFP_DMA - [arm64] rpmsg: core: Clean up resources on announce_create failure. - ubifs: Error path in ubifs_remount_rw() seems to wrongly free write buffers - serial: Fix incorrect rs485 polarity on uart open - cputime, cpuacct: Include guest time in user time in cpuacct.stat - iwlwifi: mvm: Increase the scan timeout guard to 30 seconds - [s390x] mm: fix 2KB pgtable release race - [armhf] drm/etnaviv: limit submit sizes - ext4: make sure to reset inode lockdep class when quota enabling fails - ext4: make sure quota gets properly shutdown on error - ext4: set csum seed in tmp inode while migrating to extents - ext4: Fix BUG_ON in ext4_bread when write quota data - ext4: don't use the orphan list when migrating an inode - ASoC: dpcm: prevent snd_soc_dpcm use after free - regulator: core: Let boot-on regulators be powered off - drm/radeon: fix error handling in radeon_driver_open_kms - [arm64] RDMA/hns: Modify the mapping attribute of doorbell to device - RDMA/rxe: Fix a typo in opcode name - af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress - netns: add schedule point in ops_exit_list() - libcxgb: Don't accidentally set RTO_ONLINK in cxgb_find_route() - net_sched: restore "mpu xxx" handling - [mips*,s390x] gup: Work around the "COW can break either way" issue (CVE-2020-29374) - fuse: fix bad inode (CVE-2020-36322) - fuse: fix live lock in fuse_iget() (CVE-2021-28950) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.227 - [x86] drm/i915: Flush TLBs before releasing backing store (CVE-2022-0330) - net: bridge: clear bridge's private skb space on xmit - select: Fix indefinitely sleeping task in poll_schedule_timeout() - [x86] drm/vmwgfx: Fix stale file descriptors on failed usercopy (CVE-2022-22942) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.228 - Bluetooth: refactor malicious adv data check - [s390x] hypfs: include z/VM guests with access control group set - [s390x] scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices - udf: Restore i_lenAlloc when inode expansion fails (CVE-2022-0617) - udf: Fix NULL ptr deref when converting from inline format (CVE-2022-0617) - [armhf] drm/etnaviv: relax submit size limits - netfilter: nft_payload: do not update layer 4 checksum when mangling fragments - serial: 8250: of: Fix mapped region size when using reg-offset property - tty: n_gsm: fix SW flow control encoding/handling - tty: Add support for Brainboxes UC cards. - usb-storage: Add unusual-devs entry for VL817 USB-SATA bridge - [arm64,armhf] usb: common: ulpi: Fix crash in ulpi_match() - usb: gadget: f_sourcesink: Fix isoc transfer for USB_SPEED_SUPER_PLUS - USB: core: Fix hang in usb_kill_urb by adding memory barriers - [x86] usb: typec: tcpm: Do not disconnect while receiving VBUS off - [arm64,armhf] net: sfp: ignore disabled SFP node - i40e: Increase delay to 1 s after global EMP reset - i40e: Fix issue when maximum queues is exceeded - i40e: Fix queues reservation for XDP - i40e: fix unsigned stat widths - scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put() - ipv6_tunnel: Rate limit warning messages - net: fix information leakage in /proc/net/ptype - ping: fix the sk_bound_dev_if match in ping_lookup - ipv4: avoid using shared IP generator for connected sockets - hwmon: (lm90) Reduce maximum conversion rate for G781 - NFSv4: Handle case where the lookup of a directory fails (CVE-2022-24448) - NFSv4: nfs_atomic_open() can race when looking up a non-regular file - net-procfs: show net devices bound packet types - [arm64] drm/msm: Fix wrong size calculation - [arm64] drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable - ipv6: annotate accesses to fn->fn_sernum - NFS: Ensure the server has an up to date ctime before hardlinking - NFS: Ensure the server has an up to date ctime before renaming - phylib: fix potential use-after-free - yam: fix a memory leak in yam_siocdevprivate() (CVE-2022-24959) - ipv4: raw: lock the socket in raw_bind() - ipv4: tcp: send zero IPID in SYNACK messages - netfilter: nat: remove l4 protocol port rovers - netfilter: nat: limit port clash resolution attempts - tcp: fix possible socket leaks in internal pacing mode - ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback - [amd64,arm64] net: amd-xgbe: ensure to reset the tx_timer_active flag - [amd64,arm64] net: amd-xgbe: Fix skb data length underflow - rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink() - af_packet: fix data-race in packet_setsockopt / packet_setsockopt - audit: improve audit queue handling when "audit=1" on cmdline - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw() - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx() - ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx() - ALSA: hda/realtek: Add missing fixup-model entry for Gigabyte X570 ALC1220 quirks - ALSA: hda/realtek: Fix silent output on Gigabyte X570S Aorus Master (newer chipset) - ALSA: hda/realtek: Fix silent output on Gigabyte X570 Aorus Xtreme after reboot from Windows - drm/nouveau: fix off by one in BIOS boundary checking - block: bio-integrity: Advance seed correctly for larger interval sizes - RDMA/mlx4: Don't continue event handler after memory allocation failure - [amd64] iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping() - [amd64] iommu/amd: Fix loop timeout issue in iommu_ga_log_enable() - [armhf] spi: meson-spicc: add IRQ check in meson_spicc_probe - net: ieee802154: hwsim: Ensure proper channel selection at probe time - net: ieee802154: Return meaningful error codes from the netlink helpers - net: macsec: Verify that send_sci is on when setting Tx sci explicitly - [arm64,armhf] net: stmmac: ensure PTP time register reads are consistent - [x86] drm/i915/overlay: Prevent divide by zero bugs in scaling - scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe - nfsd: nfsd4_setclientid_confirm mistakenly expires confirmed client. - rtc: cmos: Evaluate century appropriate - [arm64] EDAC/xgene: Fix deferred probing - ext4: fix error handling in ext4_restore_inline_data() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.229 - cgroup-v1: Require capabilities to set release_agent (CVE-2022-0492) - moxart: fix potential use-after-free on remove path (CVE-2022-0487) - tipc: improve size validations for received domain records (CVE-2022-0435) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.230 - integrity: check the return value of audit_log_start() - net: phy: marvell: Fix MDI-x polarity setting in 88e1118-compatible PHYs - NFS: Fix initialisation of nfs_client cl_flags field - NFSD: Clamp WRITE offsets - NFSD: Fix offset type in I/O trace points - NFSv4 only print the label when its queried - nfs: nfs4clinet: check the return value of kstrdup() - NFSv4.1: Fix uninitialised variable in devicenotify - NFSv4 remove zero number of fs_locations entries error check - NFSv4 expose nfs_parse_server_name function - net: sched: Clarify error message when qdisc kind is unknown - scsi: target: iscsi: Make sure the np under each tpg is unique - [arm*] usb: dwc2: gadget: don't try to disable ep0 in dwc2_hsotg_suspend - [arm64,armhf] net: stmmac: dwmac-sun8i: use return val of readl_poll_timeout() - bpf: Add kconfig knob for disabling unpriv bpf by default - net: bridge: fix stale eth hdr pointer in br_dev_xmit - usb: f_fs: Fix use-after-free for epfile - ixgbevf: Require large buffers for build_skb on 82599VF - bonding: pair enable_port with slave_arr_updates - ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table() on failure path - net: do not keep the dst cache when uncloning an skb dst and its metadata - net: fix a memleak when uncloning an skb dst and its metadata - veth: fix races around rq->rx_notify_masked - tipc: rate limit warning for received illegal binding update - [amd64,arm64] net: amd-xgbe: disable interrupts during pci removal - vt_ioctl: fix array_index_nospec in vt_setactivate - vt_ioctl: add array_index_nospec to VT_ACTIVATE - n_tty: wake up poll(POLLRDNORM) on receiving data - [arm64,armhf] usb: ulpi: Move of_node_put to ulpi_dev_release - [arm64,armhf] usb: ulpi: Call of_node_put correctly - [arm64,armhf] usb: dwc3: gadget: Prevent core from processing stale TRBs - USB: gadget: validate interface OS descriptor requests (CVE-2022-25258) - usb: gadget: rndis: check size of RNDIS_MSG_SET command (CVE-2022-25375) - USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320 - USB: serial: option: add ZTE MF286D modem - USB: serial: ch341: add support for GW Instek USB2.0-Serial devices - USB: serial: cp210x: add NCR Retail IO box id - USB: serial: cp210x: add CPI Bulk Coin Recycler id - seccomp: Invalidate seccomp mode to catch death failures - [x86] hwmon: (dell-smm) Speed up setting of fan speed - perf: Fix list corruption in perf_cgroup_switch() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.231 - Makefile.extrawarn: Move -Wunaligned-access to W=1 - net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup - btrfs: send: in case of IO error log it - net: ieee802154: at86rf230: Stop leaking skb's - ax25: improve the incomplete fix to avoid UAF and NPD bugs - vfs: make freeze_super abort when sync_filesystem returns error - quota: make dquot_quota_sync return errors from ->sync_fs - nvme: fix a possible use-after-free in controller reset during load - nvme-rdma: fix possible use-after-free in transport error_recovery work - Revert "module, async: async_synchronize_full() on module init iff async is used" - iwlwifi: fix use-after-free - drm/radeon: Fix backlight control on iMac 12,1 - xfrm: Don't accidentally set RTO_ONLINK in decode_session4() - taskstats: Cleanup the use of task->exit_code - mmc: block: fix read single on recovery logic - vsock: remove vsock from connected table when connect is interrupted by a signal - iwlwifi: pcie: fix locking when "HW not ready" - iwlwifi: pcie: gen2: fix locking when "HW not ready" - ping: fix the dif and sdif check in ping_lookup - drop_monitor: fix data-race in dropmon_net_event / trace_napi_poll_hit - bonding: fix data-races around agg_select_timer - libsubcmd: Fix use-after-free for realloc(..., 0) - ALSA: hda: Fix regression on forced probe mask option - ALSA: hda: Fix missing codec probe on Shenker Dock 15 - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw() - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_range() - [powerpc*] lib/sstep: fix 'ptesync' build error - ext4: check for out-of-order index extents in ext4_valid_extent_entries() - block/wbt: fix negative inflight counter when remove scsi device - NFS: LOOKUP_DIRECTORY is also ok with symlinks - NFS: Do not report writeback errors in nfs_getattr() - EDAC: Fix calculation of returned address and next offset in edac_align_ptr() - net: sched: limit TC_ACT_REPEAT loops - lib/iov_iter: initialize "flags" in new pipe_buffer - [x86] Drivers: hv: vmbus: Expose monitor data only when monitor pages are used - [x86] Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj - [x86] KVM: x86/pmu: Use AMD64_RAW_EVENT_MASK for PERF_TYPE_RAW - [armhf] OMAP2+: hwmod: Add of_node_put() before break - netfilter: conntrack: don't refresh sctp entries in closed state - kconfig: let 'shell' return enough output for deep path names - ata: libata-core: Disable TRIM on M88V29 - tracing: Fix tp_printk option related with tp_printk_stop_on_boot - net: usb: qmi_wwan: Add support for Dell DW5829e - [arm64] net: macb: Align the dma and coherent dma masks https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.232 - cgroup/cpuset: Fix a race between cpuset_attach() and cpu hotplug - vhost/vsock: don't check owner in vhost_vsock_stop() while releasing - sr9700: sanity check for packet length - USB: zaurus: support another broken Zaurus - ping: remove pr_err from ping_lookup - net: __pskb_pull_tail() & pskb_carve_frag_list() drop_monitor friends - tipc: Fix end of loop tests for list_for_each_entry() - gso: do not skip outer ip header in case of ipip and net_failover - openvswitch: Fix setting ipv6 fields causing hw csum failure - drm/edid: Always set RGB444 - net/mlx5e: Fix wrong return value on ioctl EEPROM query failure - configfs: fix a race in configfs_{,un}register_subsystem() - RDMA/ib_srp: Fix a deadlock - tty: n_gsm: fix proper link termination after failed open - Revert "drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR" - memblock: use kfree() to release kmalloced memblock regions - fget: clarify and improve __fget_files() implementation - tracing: Have traceon and traceoff trigger honor the instance - ata: pata_hpt37x: disable primary channel on HPT371 - Revert "USB: serial: ch341: add new Product ID for CH341A" - usb: gadget: rndis: add spinlock for rndis response list - tracefs: Set the group ownership in apply_options() not parse_options() - USB: serial: option: add support for DW5829e - USB: serial: option: add Telit LE910R1 compositions - [arm64] usb: dwc3: pci: Fix Bay Trail phy GPIO mappings - [arm64,armhf] usb: dwc3: gadget: Let the interrupt handler disable bottom halves. - xhci: re-initialize the HC during resume if HCE was set - xhci: Prevent futile URB re-submissions due to incorrect return value. - tty: n_gsm: fix encoding of control signal octet bit DV . [ Salvatore Bonaccorso ] * Bump ABI to 19 * [rt] Update to 4.19.210-rt90 * [rt] Update to 4.19.211-rt91 * [rt] Update to 4.19.212-rt92 * [rt] Update to 4.19.214-rt93 * [rt] Update to 4.19.215-rt94 - fscache: fix initialisation of cookie hash table raw spinlocks * [rt] Update to 4.19.217-rt95 * Refresh "Export symbols needed by Android drivers" * liblockdep: Stop build liblockdep packages * [rt] Update to 4.19.218-rt96 * [rt] Update to 4.19.219-rt97 * [rt] Refresh "net: move xmit_recursion to per-task variable on -RT" * Refresh "Export symbols needed by Android drivers" * [rt] Update to 4.19.225-rt101 * Refresh "Revert "objtool: Fix CONFIG_STACK_VALIDATION=y warning for out-of-tree modules"" * [rt] Update to 4.19.227-rt102 * [rt] Update to 4.19.230-rt103 * init: Enable BPF_UNPRIV_DEFAULT_OFF (Closes: #990411) * Mitigate Spectre v2-type Branch History Buffer attacks (CVE-2022-0001, CVE-2022-0002) - [x86] speculation: Merge one test in spectre_v2_user_select_mitigation() - [x86] bugs: Unconditionally allow spectre_v2=retpoline,amd - [x86] speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE - [x86] speculation: Add eIBRS + Retpoline options - Documentation/hw-vuln: Update spectre doc - [x86] speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting - [x86] speculation: Use generic retpoline by default on AMD - [x86] speculation: Update link to AMD speculation whitepaper - [x86] speculation: Warn about Spectre v2 LFENCE mitigation - [x86] speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT linux-latest (105+deb10u15) buster; urgency=medium . * Update to 4.19.0-20 linux-latest (105+deb10u14) buster-security; urgency=high . * Update to 4.19.0-19 * linux-image: Add NEWS for unprivileged eBPF change linux-signed-amd64 (4.19.235+1) buster; urgency=medium . * Sign kernel from linux 4.19.235-1 . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.233 - mac80211_hwsim: report NOACK frames in tx_status - mac80211_hwsim: initialize ieee80211_tx_info at hw_scan_work - [arm*] i2c: bcm2835: Avoid clock stretching timeouts - [x86] ASoC: rt5682: do not block workqueue if card is unbound - Input: clear BTN_RIGHT/MIDDLE on buttonpads - cifs: fix double free race when mount fails in cifs_get_root() - net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990 - usb: gadget: don't release an existing dev->buf (CVE-2022-24958) - usb: gadget: clear related members when goto fail (CVE-2022-24958) - ata: pata_hpt37x: fix PCI clock detection - [x86] ALSA: intel_hdmi: Fix reference to PCM buffer address - ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min - xfrm: fix MTU regression - netfilter: fix use-after-free in __nf_register_net_hook() - xfrm: fix the if_id check in changelink - xfrm: enforce validity of offload input flags - netfilter: nf_queue: don't assume sk is full socket - netfilter: nf_queue: fix possible use-after-free - batman-adv: Request iflink once in batadv-on-batadv check - batman-adv: Request iflink once in batadv_get_real_netdevice - batman-adv: Don't expect inter-netns unique iflink indices - net: dcb: flush lingering app table entries for unregistered devices - net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error generated by client - net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error cause by server - block: Fix fsync always failed if once failed - PCI: pciehp: Fix infinite loop in IRQ handler upon power fault - xen/netfront: destroy queues before real_num_tx_queues is zeroed - mac80211: fix forwarded mesh frames AC & queue selection - [arm64,armhf] net: stmmac: fix return value of __setup handler - net: arcnet: com20020: Fix null-ptr-deref in com20020pci_probe() - efivars: Respect "block" flag in efivar_entry_set_safe() - can: gs_usb: change active_channels's type from atomic_t to u8 - [armel,armhf] 9182/1: mmu: fix returns from early_param() and __setup() functions - net: chelsio: cxgb3: check the return value of pci_find_capability() - nl80211: Handle nla_memdup failures in handle_nan_filter - Input: elan_i2c - move regulator_[en|dis]able() out of elan_[en|dis]able_power() - Input: elan_i2c - fix regulator enable count imbalance after suspend/resume - HID: add mapping for KEY_ALL_APPLICATIONS - memfd: fix F_SEAL_WRITE after shmem huge page allocated - tracing/histogram: Fix sorting on old "cpu" value - btrfs: add missing run of delayed items after unlink during log replay - net: dcb: disable softirqs in dcbnl_flush_dev() - hamradio: fix macro redefine warning https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.234 - [arm*] Provide a wrapper for SMCCC 1.1 calls - [arm64,armhf] smccc/psci: add arm_smccc_1_1_get_conduit() - [armhf] report Spectre v2 status through sysfs - [armel,armhf] early traps initialisation - [armel,armhf] use LOADADDR() to get load address of sections - [armel,armhf] Spectre-BHB workaround - [armel,armhf] include unprivileged BPF status in Spectre V2 reporting - [armel,armhf] fix build error when BPF_SYSCALL is disabled - [armel,armhf] fix co-processor register typo - [armel,armhf] Do not use NOCROSSREFS directive with ld.lld - [armhf] fix build warning in proc-v7-bugs.c - xen/xenbus: don't let xenbus_grant_ring() remove grants in error case (CVE-2022-23040, XSA-396) - xen/grant-table: add gnttab_try_end_foreign_access() (CVE-2022-23036, CVE-2022-23038, XSA-396) - xen/blkfront: don't use gnttab_query_foreign_access() for mapped status (CVE-2022-23036, XSA-396) - xen/netfront: don't use gnttab_query_foreign_access() for mapped status (CVE-2022-23037, XSA-396) - xen/scsifront: don't use gnttab_query_foreign_access() for mapped status (CVE-2022-23038, XSA-396) - xen/gntalloc: don't use gnttab_query_foreign_access() (CVE-2022-23039, XSA-396) - xen: remove gnttab_query_foreign_access() - xen/9p: use alloc/free_pages_exact() (CVE-2022-23041, XSA-396) - xen/pvcalls: use alloc/free_pages_exact() (CVE-2022-23041, XSA-396) - xen/gnttab: fix gnttab_end_foreign_access() without page specified (CVE-2022-23041, XSA-396) - xen/netfront: react properly to failing gnttab_end_foreign_access_ref() (CVE-2022-23042, XSA-396) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.235 - net: qlogic: check the return value of dma_alloc_coherent() in qed_vf_hw_prepare() - qed: return status of qed_iov_get_link - ax25: Fix NULL pointer dereference in ax25_kill_by_device - net/mlx5: Fix size field in bufferx_reg struct - NFC: port100: fix use-after-free in port100_send_complete - net: phy: DP83822: clear MISR2 register to disable interrupts - sctp: fix kernel-infoleak for SCTP sockets - net-sysfs: add check for netdevice being present to speed_show - Revert "xen-netback: remove 'hotplug-status' once it has served its purpose" - Revert "xen-netback: Check for hotplug-status existence before watching" - tracing: Ensure trace buffer is at least 4096 bytes large - [arm64] net: macb: Fix lost RX packet wakeup race in NAPI receive - virtio: unexport virtio_finalize_features - virtio: acknowledge all features before access - [armel,armhf] fix Thumb2 regression with Spectre BHB - ext4: add check to prevent attempting to resize an fs with sparse_super2 - btrfs: unlock newly allocated extent buffer after error (CVE-2021-4149) . [ Salvatore Bonaccorso ] * [rt] Add new signing key for Daniel Wagner * [rt] Update to 4.19.233-rt105 * Bump ABI to 20 * sctp: fix the processing for INIT chunk (CVE-2021-3772) * sctp: fix the processing for INIT_ACK chunk (CVE-2021-3772) linux-signed-amd64 (4.19.232+1) buster-security; urgency=high . * Sign kernel from linux 4.19.232-1 . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.209 - ocfs2: drop acl cache for directories too - [arm*] usb: dwc2: gadget: Fix ISOC transfer complete handling for DDMA - [armhf] usb: musb: tusb6010: uninitialized data in tusb_fifo_write_unaligned() - cifs: fix incorrect check for null pointer in header_assemble - [x86] xen/x86: fix PV trap handling on secondary processors - USB: serial: cp210x: add ID for GW Instek GDM-834x Digital Multimeter - USB: cdc-acm: fix minor-number release - Re-enable UAS for LaCie Rugged USB3-FW with fk quirk - USB: serial: mos7840: remove duplicated 0xac24 device ID - USB: serial: option: add Telit LN920 compositions - USB: serial: option: remove duplicate USB device ID - USB: serial: option: add device id for Foxconn T99W265 - [arm64] serial: mvebu-uart: fix driver's tx_empty callback - net: hso: fix muxed tty registration - bnxt_en: Fix TX timeout when TX ring size is set to the smallest - net/smc: add missing error check in smc_clc_prfx_set() - net/mlx4_en: Don't allow aRFS for encapsulated packets - scsi: iscsi: Adjust iface sysfs attr detection - [x86] tty: synclink_gt, drop unneeded forward declarations - [x86] tty: synclink_gt: rename a conflicting function name - thermal/core: Potential buffer overflow in thermal_build_list_of_policies() - [arm64,armhf] irqchip/gic-v3-its: Fix potential VPE leak on error - md: fix a lock order reversal in md_alloc - blktrace: Fix uaf in blk_trace access after removing by sysfs - [arm64,armhf] net: stmmac: allow CSR clock of 300MHz - xen/balloon: use a kernel thread instead a workqueue - nvme-multipath: fix ANA state updates when a namespace is not present - qnx4: avoid stringop-overread errors - [arm64] Mark __stack_chk_guard as __ro_after_init - net: 6pack: Fix tx timeout and slot time - [arm64] PCI: aardvark: Fix checking for PIO status - tcp: address problems caused by EDT misshaps - tcp: always set retrans_stamp on recovery - tcp: create a helper to model exponential backoff - tcp: adjust rto_base in retransmits_timed_out() - xen/balloon: fix balloon kthread freezing - tty: Fix out-of-bound vmalloc access in imageblit - cpufreq: schedutil: Use kobject release() method to free sugov_tunables - cpufreq: schedutil: Destroy mutex before kobject_put() frees the memory - mac80211: fix use-after-free in CCMP/GCMP RX - [x86] kvmclock: Move this_cpu_pvti into kvmclock.h - ipvs: check that ip_vs_conn_tab_bits is between 8 and 20 - mac80211: Fix ieee80211_amsdu_aggregate frag_tail bug - mac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap - sctp: break out if skb_header_pointer returns NULL in sctp_rcv_ootb - hwmon: (tmp421) Replace S_ with octal values - hwmon: (tmp421) report /PVLD condition as fault - hwmon: (tmp421) fix rounding for negative values - e100: fix length calculation in e100_get_regs_len - e100: fix buffer overrun in e100_get_regs - Revert "block, bfq: honor already-setup queue merges" - scsi: csiostor: Add module softdep on cxgb4 - af_unix: fix races in sk_peer_pid and sk_peer_cred accesses (CVE-2021-4203) - elf: don't use MAP_FIXED_NOREPLACE for elf interpreter mappings - ext4: fix potential infinite loop in ext4_dx_readdir() - net: udp: annotate data race around udp_sk(sk)->corkflag - [armel,armhf] 9077/1: PLT: Move struct plt_entries definition to header - [armel,armhf] 9078/1: Add warn suppress parameter to arm_gen_branch_link() - [armel,armhf] 9079/1: ftrace: Add MODULE_PLTS support - [armel,armhf] 9098/1: ftrace: MODULE_PLT: Fix build problem without DYNAMIC_FTRACE - [x86] crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd() (CVE-2021-3744, CVE-2021-3764) - HID: betop: fix slab-out-of-bounds Write in betop_probe - netfilter: ipset: Fix oversized kvmalloc() calls - HID: usbhid: free raw_report buffers in usbhid_stop - cred: allow get_cred() and put_cred() to be given NULL. https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.210 - net: mdio: introduce a shutdown method to mdio device drivers - xen-netback: correct success/error reporting for the SKB-with-fraglist case - scsi: sd: Free scsi_disk device via put_device() - [arm*] usb: dwc2: check return value after calling platform_get_resource() - scsi: ses: Retry failed Send/Receive Diagnostic commands - libata: Add ATA_HORKAGE_NO_NCQ_ON_ATI for Samsung 860 and 870 SSD. - lib/timerqueue: Rely on rbtree semantics for next timer (CVE-2021-20317) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.211 - USB: cdc-acm: fix racy tty buffer accesses - USB: cdc-acm: fix break reporting - xen/privcmd: fix error handling in mmap-resource processing - ovl: fix missing negative dentry check in ovl_rename() (CVE-2021-20321) - nfsd4: Handle the NFSv4 READDIR 'dircount' hint being zero - xen/balloon: fix cancelled balloon action - [armhf] dts: omap3430-sdp: Fix NAND device node - [mips,mipsel] bpf, mips: Validate conditional branch offsets (CVE-2021-38300) - [armel,armhf] bpf, arm: Fix register clobbering in div/mod implementation - bpf: Fix integer overflow in prealloc_elems_and_freelist() (CVE-2021-41864) - phy: mdio: fix memory leak - net_sched: fix NULL deref in fifo_set_limit() - [i386] ptp_pch: Load module automatically if ID matches - [armhf] imx6: disable the GIC CPU interface before calling stby-poweroff sequence - net: bridge: use nla_total_size_64bit() in br_get_linkxstats_size() - [arm64,armhf] net: sfp: Fix typo in state machine debug string - netlink: annotate data races around nlk->bound - drm/nouveau/debugfs: fix file release memory leak - rtnetlink: fix if_nlmsg_stats_size() under estimation - i40e: fix endless loop under rtnl - i40e: Fix freeing of uninitialized misc IRQ vector - i2c: acpi: fix resource leak in reconfiguration device addition https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.212 - [armhf] net: phy: bcm7xxx: Fixed indirect MMD operations - HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS - netfilter: ip6_tables: zero-initialize fragment offset - mac80211: Drop frames from invalid MAC address in ad-hoc mode - net: prevent user from passing illegal stab size - mac80211: check return value of rhashtable_init - scsi: ses: Fix unsigned comparison with less than zero - scsi: virtio_scsi: Fix spelling mistake "Unsupport" -> "Unsupported" - [x86] perf/x86: Reset destroy callback on event init failure - sched: Always inline is_percpu_thread() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.213 - ALSA: seq: Fix a potential UAF by wrong private_free call order - ALSA: hda/realtek: Complete partial device name to avoid ambiguity - ALSA: hda/realtek: Add quirk for Clevo X170KM-G - ALSA: hda/realtek - ALC236 headset MIC recording issue - [s390x] fix strrchr() implementation - btrfs: deal with errors when replaying dir entry during log replay - btrfs: deal with errors when adding inode reference during log replay - btrfs: check for error when looking up inode during dir entry replay - [x86] mei: me: add Ice Lake-N device id. - xhci: guard accesses to ep_state in xhci_endpoint_reset() - xhci: Fix command ring pointer corruption while aborting a command - xhci: Enable trust tx length quirk for Fresco FL11 USB controller - cb710: avoid NULL pointer subtraction - [arm64,x86] efi/cper: use stack buffer for error record decoding - efi: Change down_interruptible() in virt_efi_reset_system() to down_trylock() - [armhf] usb: musb: dsps: Fix the probe error path - Input: xpad - add support for another USB ID of Nacon GC-100 - USB: serial: qcserial: add EM9191 QDL support - USB: serial: option: add Quectel EC200S-CN module support - USB: serial: option: add Telit LE910Cx composition 0x1204 - USB: serial: option: add prod. id for Quectel EG91 - virtio: write back F_VERSION_1 before validate - nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells - sctp: account stream padding length for reconf chunk (CVE-2022-0322) - ethernet: s2io: fix setting mac address during resume - nfc: fix error handling of nfc_proto_register() - NFC: digital: fix possible memory leak in digital_tg_listen_mdaa() - NFC: digital: fix possible memory leak in digital_in_send_sdd_req() - [i386] pata_legacy: fix a couple uninitialized variable bugs - [arm64] drm/msm: Fix null pointer dereference on pointer edp - [arm64] drm/msm/dsi: Fix an error code in msm_dsi_modeset_init() - [arm64] drm/msm/dsi: fix off by one in dsi_bus_clk_enable error handling - [arm64] acpi/arm64: fix next_platform_timer() section mismatch error - mqprio: Correct stats in mqprio_dump_class_stats(). - qed: Fix missing error code in qed_slowpath_start() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.214 - NFSD: Keep existing listeners on portlist error - netfilter: ipvs: make global sysctl readonly in non-init netns - [arm64] net: hns3: add limit ets dwrr bandwidth cannot be 0 - [arm64] net: hns3: disable sriov before unload hclge layer - can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state notification - can: peak_pci: peak_pci_remove(): fix UAF - ocfs2: fix data corruption after conversion from inline format - ocfs2: mount fails with buffer overflow in strlen - vfs: check fd has read access in kernel_read_file_from_fd() (CVE-2022-0644) - ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset - ALSA: hda/realtek: Add quirk for Clevo PC50HS - ASoC: DAPM: Fix missing kctl change notifications - mm, slub: fix mismatch between reconstructed freelist depth and cnt - nfc: nci: fix the UAF of rf_conn_info object (CVE-2021-3760) - isdn: cpai: check ctr->cnr to avoid array index out of bound (CVE-2021-43389) - btrfs: deal with errors when checking if a dir entry exists during log replay - [arm64,armhf] net: stmmac: add support for dwmac 3.40a - isdn: mISDN: Fix sleeping function called from invalid context - ALSA: hda: avoid write to STATESTS if controller is in reset - scsi: core: Fix shost->cmd_per_lun calculation in scsi_add_host_with_dma() - net: mdiobus: Fix memory leak in __mdiobus_register - tracing: Have all levels of checks prevent recursion https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.215 - [armel,armhf] 9139/1: kprobes: fix arch_init_kprobes() prototype - [powerpc*] bpf: Fix BPF_MOD when imm == 1 - [arm64] Avoid premature usercopy failure - usbnet: sanity check for maxpacket - usbnet: fix error return code in usbnet_probe() - ata: sata_mv: Fix the error handling of mv_chip_id() - nfc: port100: fix using -ERRNO as command type mask - Revert "net: mdiobus: Fix memory leak in __mdiobus_register" - ipv4: use siphash instead of Jenkins in fnhe_hashfun() (CVE-2021-20322) - ipv6: use siphash in rt6_exception_hash() (CVE-2021-20322) - ipv6: make exception cache less predictible (CVE-2021-20322) - mmc: vub300: fix control-message timeouts - mmc: cqhci: clear HALT state after CQE enable - [armhf] mmc: dw_mmc: exynos: fix the finding clock sample value - mmc: sdhci: Map more voltage level to SDHCI_POWER_330 - [armhf] mmc: sdhci-esdhc-imx: clear the buffer_read_ready to reset standard tuning circuit - net: lan78xx: fix division by zero in send path - RDMA/mlx5: Set user priority for DCT - [arm64] dts: allwinner: h5: NanoPI Neo 2: Fix ethernet node - regmap: Fix possible double-free in regcache_rbtree_exit() - net: batman-adv: fix error handling - net: Prevent infinite while loop in skb_tx_hash() - net: ethernet: microchip: lan743x: Fix driver crash when lan743x_pm_resume fails - net: ethernet: microchip: lan743x: Fix dma allocation failure by using dma_set_mask_and_coherent - sctp: use init_tag from inithdr for ABORT chunk (CVE-2021-3772) - sctp: fix the processing for COOKIE_ECHO chunk (CVE-2021-3772) - sctp: add vtag check in sctp_sf_violation (CVE-2021-3772) - sctp: add vtag check in sctp_sf_do_8_5_1_E_sa (CVE-2021-3772) - sctp: add vtag check in sctp_sf_ootb (CVE-2021-3772) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.216 - scsi: core: Put LLD module refcnt after SCSI device is released - media: firewire: firedtv-avc: fix a buffer overflow in avc_ca_pmt() (CVE-2021-42739) - IB/qib: Use struct_size() helper - IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields - sfc: Fix reading non-legacy supported link modes - arch: pgtable: define MAX_POSSIBLE_PHYSMEM_BITS where needed - [armel,armhf] 9120/1: Revert "amba: make use of -1 IRQs warn" https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.217 - [x86] Revert "x86/kvm: fix vcpu-id indexed array sizes" - usb: ehci: handshake CMD_RUN instead of STS_HALT - [arm64,armhf] usb: musb: Balance list entry in musb_gadget_queue - usb-storage: Add compatibility quirk flags for iODD 2531/2541 - printk/console: Allow to disable console output by using console="" or console=null - isofs: Fix out of bound access for corrupted isofs image - [x86] comedi: dt9812: fix DMA buffers on stack - [x86] comedi: ni_usb6501: fix NULL-deref in command paths - [x86] comedi: vmk80xx: fix transfer-buffer overflows - [x86] comedi: vmk80xx: fix bulk-buffer overflow - [x86] comedi: vmk80xx: fix bulk and interrupt message timeouts - staging: r8712u: fix control-message timeout - [x86] staging: rtl8192u: fix control-message timeouts - rsi: fix control-message timeout https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.218 - xhci: Fix USB 3.1 enumeration issues by increasing roothub power-on-good delay - binder: use euid from cred instead of using task - binder: use cred instead of task for selinux checks - Input: elantench - fix misreporting trackpoint coordinates (Closes: #989285) - libata: fix read log timeout value - ocfs2: fix data corruption on truncate - [arm64,armhf] mmc: dw_mmc: Dont wait for DRTO on Write RSP error - tpm: Check for integer overflow in tpm2_map_response_body() - [x86] media: ite-cir: IR receiver stop working after receive overflow - media: ir-kbd-i2c: improve responsiveness of hauppauge zilog receivers (Closes: #994050) - ALSA: hda/realtek: Add quirk for Clevo PC70HS - ALSA: ua101: fix division by zero at probe - ALSA: 6fire: fix control and bulk message timeouts - ALSA: line6: fix control and interrupt message timeouts - ALSA: usb-audio: Add registration quirk for JBL Quantum 400 - ALSA: synth: missing check for possible NULL after the call to kstrdup - ALSA: timer: Fix use-after-free problem - ALSA: timer: Unconditionally unlink slave instances, too - [x86] irq: Ensure PI wakeup handler is unregistered before module unload - [arm64] cavium: Return negative value when pci_alloc_irq_vectors() fails - scsi: qla2xxx: Fix unmap of already freed sgl - [arm64] cavium: Fix return values of the probe function - sfc: Don't use netif_info before net_device setup - [x86] hyperv/vmbus: include linux/bitops.h - drm: panel-orientation-quirks: Add quirk for Aya Neo 2021 - bpf: Prevent increasing bpf_jit_limit above max - xen/netfront: stop tx queues during live migration - [armhf] spi: spl022: fix Microwire full duplex mode - [armhf] watchdog: Fix OMAP watchdog early handling - [x86] vmxnet3: do not stop tx queues after netif_device_detach() - btrfs: clear MISSING device status bit in btrfs_close_one_device - btrfs: fix lost error handling when replaying directory deletes - btrfs: call btrfs_check_rw_degradable only if there is a missing device - [armhf] regulator: s5m8767: do not use reset value as DVS voltage if GPIO DVS is disabled - [armhf] regulator: dt-bindings: samsung,s5m8767: correct s5m8767,pmic-buck-default-dvs-idx property - EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell - [x86] mwifiex: fix division by zero in fw download path - ath6kl: fix division by zero in send path - ath6kl: fix control-message timeout - ath10k: fix control-message timeout - ath10k: fix division by zero in send path - PCI: Mark Atheros QCA6174 to avoid bus reset - rtl8187: fix control-message timeouts - [arm64] wcn36xx: Fix HT40 capability for 2Ghz band - mwifiex: Read a PCI register after writing the TX ring write pointer - libata: fix checking of DMA state - [arm64] wcn36xx: handle connection loss indication - rsi: fix occasional initialisation failure with BT coex - rsi: fix key enabled check causing unwanted encryption for vap_id > 0 - rsi: fix rate mask set leading to P2P failure - rsi: Fix module dev_oper_mode parameter description - RDMA/qedr: Fix NULL deref for query_qp on the GSI QP - signal: Remove the bogus sigkill_pending in ptrace_stop - [mips*] signal/mips: Update (_save|_restore)_fp_context to fail with -EFAULT - [x86] power: supply: max17042_battery: Prevent int underflow in set_soc_threshold - [x86] power: supply: max17042_battery: use VFSOC for capacity when no rsns - serial: core: Fix initializing and restoring termios speed - ALSA: mixer: oss: Fix racy access to slots - ALSA: mixer: fix deadlock in snd_mixer_oss_set_volume - xen/balloon: add late_initcall_sync() for initial ballooning done - [arm64] PCI: aardvark: Do not clear status bits of masked interrupts - [arm64] PCI: aardvark: Do not unmask unused interrupts - [arm64] PCI: aardvark: Fix return value of MSI domain .alloc() method - [arm64] PCI: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG - quota: check block number when reading the block in quota file - quota: correct error number in free_dqentry() - pinctrl: core: fix possible memory leak in pinctrl_enable() - iio: dac: ad5446: Fix ad5622_write() return value - USB: serial: keyspan: fix memleak on probe errors - USB: iowarrior: fix control-message timeouts - drm: panel-orientation-quirks: Add quirk for KD Kurio Smart C15200 2-in-1 - Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg() (CVE-2021-3640) - Bluetooth: fix use-after-free error in lock_sock_nested() (CVE-2021-3752) - [x86] platform/x86: wmi: do not fail if disabling fails - locking/lockdep: Avoid RCU-induced noinstr fail - net: sched: update default qdisc visibility after Tx queue cnt changes - [x86] Increase exception stack sizes - mwifiex: Run SET_BSS_MODE when changing from P2P to STATION vif-type - mwifiex: Properly initialize private structure on interface type changes - media: netup_unidvb: handle interrupt properly according to the firmware - media: uvcvideo: Set capability in s_param - media: uvcvideo: Return -EIO for control errors - media: mceusb: return without resubmitting URB in case of -EPROTO error. - ACPICA: Avoid evaluating methods too early during system resume - media: usb: dvd-usb: fix uninit-value bug in dibusb_read_eeprom_byte() - tracefs: Have tracefs directories not set OTH permission bits by default - ath: dfs_pattern_detector: Fix possible null-pointer dereference in channel_detector_create() - [x86] ACPI: battery: Accept charges over the design capacity as full - memstick: r592: Fix a UAF bug when removing the driver - lib/xz: Avoid overlapping memcpy() with invalid input with in-place decompression - lib/xz: Validate the value before assigning it to an enum variable - workqueue: make sysfs of unbound kworker cpumask more clever - mwl8k: Fix use-after-free in mwl8k_fw_state_machine() - PM: hibernate: Get block device exclusively in swsusp_check() - iwlwifi: mvm: disable RX-diversity in powersave - gre/sit: Don't generate link-local addr if addr_gen_mode is IN6_ADDR_GEN_MODE_NONE - [x86] hyperv: Protect set_hv_tscchange_cb() against getting preempted - task_stack: Fix end_of_stack() for architectures with upwards-growing stack - Bluetooth: fix init and cleanup of sco_conn.timeout_work - cgroup: Make rebind_subsystems() disable v2 controllers all at once - drm/amdgpu: fix warning for overflow check - media: em28xx: add missing em28xx_close_extension - media: dvb-usb: fix ununit-value in az6027_rc_query - media: si470x: Avoid card name truncation - media: cx23885: Fix snd_card_free call on null card pointer - cpuidle: Fix kobject memory leaks in error paths - media: em28xx: Don't use ops->suspend if it is NULL - ath9k: Fix potential interrupt storm on queue reset - [x86] crypto: qat - detect PFVF collision after ACK - [x86] crypto: qat - disregard spurious PFVF interrupts - b43legacy: fix a lower bounds test - b43: fix a lower bounds test - [armhf] mmc: sdhci-omap: Fix NULL pointer exception if regulator is not configured - memstick: jmb38x_ms: use appropriate free function in jmb38x_ms_alloc_host() - hwmon: Fix possible memleak in __hwmon_device_register() - ath10k: fix max antenna gain unit - [arm64] drm/msm: uninitialized variable in msm_gem_import() - net: stream: don't purge sk_error_queue in sk_stream_kill_queues() - [x86] platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning - rsi: stop thread firstly in rsi_91x_init() error handling - mwifiex: Send DELBA requests according to spec - phy: micrel: ksz8041nl: do not use power down mode - nvme-rdma: fix error code in nvme_rdma_setup_ctrl - PM: hibernate: fix sparse warnings - [arm64] drm/msm: Fix potential NULL dereference in DPU SSPP - [s390x] gmap: don't unconditionally call pte_unmap_unlock() in __gmap_zap() - tcp: don't free a FIN sk_buff in tcp_remove_empty_skb() - [s390x] KVM: s390: Fix handle_sske page fault handling - libertas_tf: Fix possible memory leak in probe and disconnect - libertas: Fix possible memory leak in probe and disconnect - [arm64] wcn36xx: add proper DMA memory barriers in rx path - [amd64,arm64] net: amd-xgbe: Toggle PLL settings during rate change - [arm64,armhf] net: phylink: avoid mvneta warning when setting pause parameters - crypto: pcrypt - Delay write to padata->info - RDMA/rxe: Fix wrong port_cap_flags - scsi: dc395: Fix error case unwinding - JFS: fix memleak in jfs_mount - ALSA: hda: Reduce udelay() at SKL+ position reporting - [arm64,armhf] soc/tegra: Fix an error handling path in tegra_powergate_power_up() - serial: 8250_dw: Drop wrong use of ACPI_PTR() - scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn() - RDMA/mlx4: Return missed an error if device doesn't support steering - [arm64] phy: qcom-qusb2: Fix a memory leak on probe - [arm64] serial: xilinx_uartps: Fix race condition causing stuck TX - [mips*] cm: Convert to bitfield API to fix out-of-bounds access - apparmor: fix error check - rpmsg: Fix rpmsg_create_ept return when RPMSG config is not defined - pnfs/flexfiles: Fix misplaced barrier in nfs4_ff_layout_prepare_ds - drm/plane-helper: fix uninitialized variable reference - [arm64] PCI: aardvark: Don't spam about PIO Response Status - NFS: Fix deadlocks in nfs_scan_commit_list() - fs: orangefs: fix error return code of orangefs_revalidate_lookup() - [arm64] mtd: spi-nor: hisi-sfc: Remove excessive clk_disable_unprepare() - netfilter: nfnetlink_queue: fix OOB when mac header was cleared - dmaengine: dmaengine_desc_callback_valid(): Check for `callback_result` - [x86] watchdog: f71808e_wdt: fix inaccurate report in WDIOC_GETTIMEOUT - scsi: qla2xxx: Fix gnl list corruption - scsi: qla2xxx: Turn off target reset during issue_lip - xen-pciback: Fix return in pm_ctrl_init() - [armhf] net: davinci_emac: Fix interrupt pacing disable - bonding: Fix a use-after-free problem when bond_sysfs_slave_add() failed - mm/zsmalloc.c: close race window between zs_pool_dec_isolated() and zs_unregister_migration() - zram: off by one in read_block_state() - llc: fix out-of-bound array index in llc_sk_dev_hash() - nfc: pn533: Fix double free when pn533_fill_fragment_skbs() fails - [arm64] pgtable: make __pte_to_phys/__phys_to_pte_val inline functions - vsock: prevent unnecessary refcnt inc for nonblocking connect - cxgb4: fix eeprom len when diagnostics not implemented - [arm64,armhf] USB: chipidea: fix interrupt deadlock - [armel,armhf] 9155/1: fix early early_iounmap() - f2fs: should use GFP_NOFS for directory inodes - 9p/net: fix missing error check in p9_check_errors - [powerpc*] lib: Add helper to check if offset is within conditional branch range - [powerpc*] bpf: Validate branch ranges - [powerpc*] bpf: Fix BPF_SUB when imm == 0x80000000 - [powerpc*] security: Add a helper to query stf_barrier type - [powerpc*] bpf: Emit stf barrier instruction sequences for BPF_NOSPEC - mm, oom: pagefault_out_of_memory: don't force global OOM for dying tasks - mm, oom: do not trigger out_of_memory from the #PF - [armhf] backlight: gpio-backlight: Correct initial power state handling - video: backlight: Drop maximum brightness override for brightness zero - [s390x] cio: check the subchannel validity for dev_busid - [s390x] tape: fix timer initialization in tape_std_assign() - PCI: Add PCI_EXP_DEVCTL_PAYLOAD_* macros - fuse: truncate pagecache on atomic_o_trunc - [x86] cpu: Fix migration safety with X86_BUG_NULL_SEL - ext4: fix lazy initialization next schedule time computation in more granular unit - PCI/MSI: Destroy sysfs before freeing entries - PCI/MSI: Deal with devices lying about their MSI mask capability - PCI: Add MSI masking quirk for Nvidia ION AHCI - [arm64] zynqmp: Do not duplicate flash partition label property - [arm64] zynqmp: Fix serial compatible string - scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() - [armhf] usb: musb: tusb6010: check return value after calling platform_get_resource() - [x86] usb: typec: tipd: Remove WARN_ON in tps6598x_block_read - [x86] ASoC: nau8824: Add DMI quirk mechanism for active-high jack-detect - scsi: advansys: Fix kernel pointer leak - firmware_loader: fix pre-allocated buf built-in firmware use - tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc - scsi: target: Fix ordered tag handling - scsi: target: Fix alua_tg_pt_gps_count tracking - [i386] ALSA: gus: fix null pointer dereference on pointer block - f2fs: fix up f2fs_lookup tracepoints - sched/core: Mitigate race cpus_share_cache()/update_top_cache_domain() - drm/nouveau: hdmigv100.c: fix corrupted HDMI Vendor InfoFrame - iavf: check for null in iavf_fix_features - iavf: Fix for the false positive ASQ/ARQ errors while issuing VF reset - [x86] platform/x86: hp_accel: Fix an error handling path in 'lis3lv02d_probe()' - net: virtio_net_hdr_to_skb: count transport header in UFO - i40e: Fix correct max_pkt_size on VF RX queue - i40e: Fix NULL ptr dereference on VSI filter sync - i40e: Fix changing previously set num_queue_pairs for PFs - i40e: Fix display error code in dmesg - NFC: reorganize the functions in nci_request - [x86] perf/x86/intel/uncore: Fix filter_tid mask for CHA events on Skylake Server - [x86] perf/x86/intel/uncore: Fix IIO event constraints for Skylake Server - tun: fix bonding active backup with arp monitoring - ipc: WARN if trying to remove ipc object which is absent - [x86] hyperv: Fix NULL deref in set_hv_tscchange_cb() if Hyper-V setup fails - udf: Fix crash after seekdir - btrfs: fix memory ordering between normal and ordered work functions - cfg80211: call cfg80211_stop_ap when switch from P2P_GO type - drm/udl: fix control-message timeout - drm/amdgpu: fix set scaling mode Full/Full aspect/Center not works on vga and dvi connectors - perf/core: Avoid put_page() when GUP fails - batman-adv: mcast: fix duplicate mcast packets in BLA backbone from LAN - batman-adv: Consider fragmentation for needed_headroom - batman-adv: Reserve needed_*room for fragments - batman-adv: Don't always reallocate the fragmentation skb head - RDMA/netlink: Add __maybe_unused to static inline in C file - ASoC: DAPM: Cover regression by kctl change notification fix - [arm64,armhf] soc/tegra: pmc: Fix imbalanced clock disabling in error code path https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.219 - USB: serial: option: add Telit LE910S1 0x9200 composition - USB: serial: option: add Fibocom FM101-GL variants - [arm*] usb: dwc2: hcd_queue: Fix use of floating point literal - usb: hub: Fix usb enumeration issue due to address0 race - usb: hub: Fix locking issues with address0_mutex - [arm*] binder: fix test regression due to sender_euid change - ALSA: ctxfi: Fix out-of-range access - media: cec: copy sequence field for the reply - HID: wacom: Use "Confidence" flag to prevent reporting invalid contacts - [x86] staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() - fuse: fix page stealing - xen: don't continue xenstore initialization in case of errors - xen: detect uninitialized xenbus in xenbus_init - tracing: Fix pid filtering when triggers are attached - proc/vmcore: fix clearing user buffer by properly using clear_user() - [arm64] PCI: aardvark: Fix a leaked reference by adding missing of_node_put() - [arm64] PCI: aardvark: Wait for endpoint to be ready before training link - [arm64] PCI: aardvark: Train link immediately after enabling training - [arm64] PCI: aardvark: Improve link training - [arm64] PCI: aardvark: Issue PERST via GPIO - [arm64] PCI: aardvark: Replace custom macros by standard linux/pci_regs.h macros - [arm64] PCI: aardvark: Indicate error in 'val' when config read fails - [arm64] PCI: aardvark: Don't touch PCIe registers if no card connected - [arm64] PCI: aardvark: Fix compilation on s390 - [arm64] PCI: aardvark: Move PCIe reset card code to advk_pcie_train_link() - [arm64] PCI: aardvark: Update comment about disabling link training - [arm64] PCI: aardvark: Configure PCIe resources from 'ranges' DT property - [arm64] PCI: aardvark: Fix PCIe Max Payload Size setting - [arm64] PCI: aardvark: Fix link training - [arm64] PCI: aardvark: Fix checking for link up via LTSSM state - [arm64] pinctrl: armada-37xx: Correct mpp definitions - [arm64] pinctrl: armada-37xx: add missing pin: PCIe1 Wakeup - [arm64] pinctrl: armada-37xx: Correct PWM pins definitions - [arm64] dts: marvell: armada-37xx: Set pcie_reset_pin to gpio function - netfilter: ipvs: Fix reuse connection if RS weight is 0 - [x86] ASoC: topology: Add missing rwsem around snd_ctl_remove() calls - net: ieee802154: handle iftypes as u32 - NFSv42: Don't fail clone() unless the OP_CLONE operation failed - [armhf] socfpga: Fix crash with CONFIG_FORTIRY_SOURCE - scsi: mpt3sas: Fix kernel panic during drive powercycle test - [arm*] drm/vc4: fix error code in vc4_create_object() - ipv6: fix typos in __ip6_finish_output() - net/smc: Ensure the active closing peer first closes clcsock - PM: hibernate: use correct mode for swsusp_close() - tcp_cubic: fix spurious Hystart ACK train detections for not-cwnd-limited flows - net/smc: Don't call clcsock shutdown twice when smc shutdown - [arm64] net: hns3: fix VF RSS failed problem after PF enable multi-TCs - vhost/vsock: fix incorrect used length reported to the guest - tracing: Check pid filtering when creating events - [s390x] mm: validate VMA in PGSTE manipulation functions - hugetlbfs: flush TLBs correctly after huge_pmd_unshare (CVE-2021-4002) - NFC: add NCI_UNREG flag to eliminate the race - fuse: release pipe buf after last use - xen: sync include/xen/interface/io/ring.h with Xen's newest version - xen/blkfront: read response from backend only once - xen/blkfront: don't take local copy of a request from the ring page - xen/blkfront: don't trust the backend response data blindly - xen/netfront: read response from backend only once - xen/netfront: don't read data from request on the ring page - xen/netfront: disentangle tx_skb_freelist - xen/netfront: don't trust the backend response data blindly - tty: hvc: replace BUG_ON() with negative return value https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.220 - shm: extend forced shm destroy to support objects from several IPC nses - NFSv42: Fix pagecache invalidation after COPY/CLONE - gfs2: Fix length of holes reported at end-of-file - [amd64] atlantic: Fix OOB read and write in hw_atl_utils_fw_rpc_wait (CVE-2021-43975) - net: return correct error code - [x86] platform/x86: thinkpad_acpi: Fix WWAN device disabled issue after S3 deep - [s390x] setup: avoid using memblock_enforce_memory_limit - btrfs: check-integrity: fix a warning on write caching disabled disk - thermal: core: Reset previous low and high trip during thermal zone init - scsi: iscsi: Unblock session then wake up error handler - ata: ahci: Add Green Sardine vendor ID as board_ahci_mobile - [arm64] ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port() - vrf: Reset IPCB/IP6CB when processing outbound pkts in vrf dev xmit - kprobes: Limit max data_size of the kretprobe instances - ipmi: Move remove_work to dedicated workqueue - fs: add fget_many() and fput_many() - fget: check that the fd still exists after getting a ref to it (CVE-2021-4083) - net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings() - net: mpls: Fix notifications when deleting a device - siphash: use _unaligned version by default - net/mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources() - rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer() - net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of "0" if no IRQ is available - net: annotate data-races on txq->xmit_lock_owner - net/rds: correct socket tunable error in rds_tcp_tune() - net/smc: Keep smc_close_final rc during active close - [arm64] drm/msm: Do hw_init() before capturing GPU state - vgacon: Propagate console boot parameters before calling `vc_resize' - xhci: Fix commad ring abort, write all 64 bits to CRCR register. - USB: NO_LPM quirk Lenovo Powered USB-C Travel Hub - [x86] usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect - [amd64] mm: Map all kernel memory into trampoline_pgd - [arm64] tty: serial: msm_serial: Deactivate RX DMA for polling support - [arm64] serial: pl011: Add ACPI SBSA UART match id - serial: core: fix transmit-buffer reset and memleak - ipmi: msghandler: Make symbol 'remove_work_wq' static https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.221 - HID: add hid_is_usb() function to make it simpler for USB detection - HID: wacom: fix problems when device is not a valid USB device - HID: check for valid USB device for many HID drivers - can: kvaser_usb: get CAN clock frequency from device - [x86] can: sja1000: fix use after free in ems_pcmcia_add_card() - net: core: netlink: add helper refcount dec and lock function - net: sched: rename qdisc_destroy() to qdisc_put() - net: sched: extend Qdisc with rcu - net: sched: add helper function to take reference to Qdisc - net: sched: use Qdisc rcu API instead of relying on rtnl lock - nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done - bpf: Fix the off-by-two error in range markings - ice: ignore dropped packets during init - bonding: make tx_rebalance_counter an atomic - nfp: Fix memory leak in nfp_cpp_area_cache_add() - seg6: fix the iif in the IPv6 socket control block - udp: using datalen to cap max gso segments - [amd64] IB/hfi1: Correct guard on eager buffer deallocation - mm: bdi: initialize bdi_min_ratio when bdi is unregistered - ALSA: ctl: Fix copy of updated id with element read/write - ALSA: pcm: oss: Fix negative period/buffer sizes - ALSA: pcm: oss: Limit the period size to 16MB - ALSA: pcm: oss: Handle missing errors in snd_pcm_oss_change_params*() - tracefs: Have new files inherit the ownership of their parent - [arm64] clk: qcom: regmap-mux: fix parent clock lookup - [i386] can: pch_can: pch_can_rx_normal: fix use after free - libata: add horkage for ASMedia 1092 - wait: add wake_up_pollfree() - binder: use wake_up_pollfree() - signalfd: use wake_up_pollfree() - aio: keep poll requests on waitqueue until completed - aio: fix use-after-free due to missing POLLFREE handling - tracefs: Set all files to the same group ownership as the mount option - block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2) - qede: validate non LSO skb length - i40e: Fix pre-set max number of queues for VF - net: cdc_ncm: Allow for dwNtbOutMaxSize to be unset or zero - [armhf] net: fec: only clear interrupt of handling queue in fec_enet_rx_queue() - net, neigh: clear whole pneigh_entry at alloc time - net/qla3xxx: fix an error code in ql_adapter_up() - USB: gadget: detect too-big endpoint 0 requests (CVE-2021-39685) - USB: gadget: zero allocate endpoint 0 buffers (CVE-2021-39685) - usb: core: config: fix validation of wMaxPacketValue entries - xhci: Remove CONFIG_USB_DEFAULT_PERSIST to prevent xHCI from runtime suspending - usb: core: config: using bit mask instead of individual bits - xhci: avoid race between disable slot command and host runtime suspend - iio: trigger: Fix reference counting - [armhf] iio: mma8452: Fix trigger reference couting - [arm64,armhf] iio: adc: axp20x_adc: fix charging current reporting on AXP22x - [x86] iio: accel: kxcjk-1013: Fix possible memory leak in probe and remove - [armhf] irqchip/armada-370-xp: Fix return value of armada_370_xp_msi_alloc() - [armhf] irqchip/armada-370-xp: Fix support for Multi-MSI interrupts - [arm64,armhf] irqchip/irq-gic-v3-its.c: Force synchronisation when issuing INVALL - net_sched: fix a crash in tc_new_tfilter() - net: sched: make function qdisc_free_cb() static https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.222 - stable: clamp SUBLEVEL in 4.19 - nfc: fix segfault in nfc_genl_dump_devices_done - [arm64] drm/msm/dsi: set default num_data_lanes - net/mlx4_en: Update reported link modes for 1/10G - [arm64,armhf] i2c: rk3x: Handle a spurious start completion interrupt flag - net: netlink: af_netlink: Prevent empty skb by adding a check on len. - tracing: Fix a kmemleak false positive in tracing_map - [x86] hwmon: (dell-smm) Fix warning on /proc/i8k creation error - mac80211: send ADDBA requests using the tid/queue of the aggregation session - dm btree remove: fix use after free in rebalance_children() - audit: improve robustness of the audit queue handling - nfsd: fix use-after-free due to delegation race (Closes: #988044) - [x86] sme: Explicitly map new EFI memmap table as encrypted - mac80211: track only QoS data frames for admission control - [armhf] socfpga: dts: fix qspi node compatible - sch_cake: do not call cake_destroy() from cake_init() - rds: memory leak in __rds_conn_create() (CVE-2021-45480) - [arm64,armhf] soc/tegra: fuse: Fix bitwise vs. logical OR warning - igb: Fix removal of unicast MAC filters of VFs - igbvf: fix double free in `igbvf_probe` - ixgbe: set X550 MDIO speed before talking to PHY - netdevsim: Zero-initialize memory for new map's value in function nsim_bpf_map_alloc (CVE-2021-4135) - net/packet: rx_owner_map depends on pg_vec (CVE-2021-22600) - sit: do not call ipip6_dev_free() from sit_init_net() - USB: gadget: bRequestType is a bitfield, not a enum - USB: NO_LPM quirk Lenovo USB-C to Ethernet Adapher(RTL8153-04) - PCI/MSI: Clear PCI_MSIX_FLAGS_MASKALL on error - PCI/MSI: Mask MSI-X vectors only on success - USB: serial: cp210x: fix CP2105 GPIO registration - USB: serial: option: add Telit FN990 compositions - timekeeping: Really make sure wall_to_monotonic isn't positive - libata: if T_LENGTH is zero, dma direction should be DMA_NONE - drm/amdgpu: correct register access for RLC_JUMP_TABLE_RESTORE - mac80211: validate extended element ID is present - [armel] 8805/2: remove unneeded naked function usage - mwifiex: Remove unnecessary braces from HostCmd_SET_SEQ_NO_BSS_INFO - Input: touchscreen - avoid bitwise vs logical OR warning - media: mxl111sf: change mutex_init() location - fuse: annotate lock in fuse_reverse_inval_entry() - ovl: fix warning in ovl_create_real() - scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select() - xen/blkfront: harden blkfront against event channel storms (CVE-2021-28711) - xen/netfront: harden netfront against event channel storms (CVE-2021-28712) - xen/console: harden hvc_xen against event channel storms (CVE-2021-28713) - xen/netback: fix rx queue stall detection (CVE-2021-28714) - xen/netback: don't queue unlimited number of packages (CVE-2021-28715) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.223 - net: usb: lan78xx: add Allied Telesis AT29M2-AF - block, bfq: improve asymmetric scenarios detection - block, bfq: fix asymmetric scenarios detection - block, bfq: fix decrement of num_active_groups - block, bfq: fix queue removal from weights tree - block, bfq: fix use after free in bfq_bfqq_expire - HID: holtek: fix mouse probing - [arm64] dts: allwinner: orangepi-zero-plus: fix PHY mode - [arm64] spi: change clk_disable_unprepare to clk_unprepare - IB/qib: Fix memory leak in qib_user_sdma_queue_pkts() - netfilter: fix regression in looped (broad|multi)cast's MAC handling - qlcnic: potential dereference null pointer of rx_queue->page_ring - net: accept UFOv6 packages in virtio_net_hdr_to_skb - net: skip virtio_net_hdr_set_proto if protocol already set - ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module - bonding: fix ad_actor_system option setting to default - [amd64] fjes: Check for error irq - [armhf] drivers: net: smc911x: Check for error irq - sfc: falcon: Check null pointer of rx_queue->page_ring - hwmon: (lm90) Fix usage of CONFIG2 register in detect function - ALSA: jack: Check the return value of kstrdup() - ALSA: drivers: opl3: Fix incorrect use of vp->state - Input: atmel_mxt_ts - fix double free in mxt_read_info_block - ipmi: bail out if init_srcu_struct fails - ipmi: fix initialization when workqueue allocation fails - [x86] pkey: Fix undefined behaviour with PKRU_WD_BIT - [armel,armhf] 9169/1: entry: fix Thumb2 bug in iWMMXt exception handling - f2fs: fix to do sanity check on last xattr entry in __f2fs_setxattr() (CVE-2021-45469) - usb: gadget: u_ether: fix race in setting MAC address in setup phase - [x86] KVM: VMX: Fix stale docs for kvm-intel.emulate_invalid_guest_state - hwmon: (lm90) Do not report 'busy' status bit as alarm - ax25: NPD bug when detaching AX25 device - hamradio: defer ax25 kfree after unregister_netdev - hamradio: improve the incomplete fix to avoid NPD - phonet/pep: refuse to enable an unbound pipe https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.224 - [arm64] tee: handle lookup of shm with reference count 0 (CVE-2021-44733) - Input: i8042 - add deferred probe support - [x86] Input: i8042 - enable deferred probe quirk for ASUS UM325UA - [x86] platform/x86: apple-gmux: use resource_size() with res - selinux: initialize proto variable in selinux_ip_postroute_compat() - scsi: lpfc: Terminate string in lpfc_debugfs_nvmeio_trc_write() - udp: using datalen to cap ipv6 udp max gso segments - sctp: use call_rcu to free endpoint - net: usb: pegasus: Do not drop long Ethernet frames - net/mlx5e: Fix wrong features assignment in case of error - i2c: validate user data in compat ioctl - nfc: uapi: use kernel size_t to fix user-space builds - uapi: fix linux/nfc.h userspace compilation errors - xhci: Fresco FL1100 controller should not have BROKEN_MSI quirk set. - usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear. - [arm*] binder: fix async_free_space accounting for empty parcels - [x86] scsi: vmw_pvscsi: Set residual data length conditionally - Input: appletouch - initialize work before device registration - Input: spaceball - fix parsing of movement data packets - net: fix use-after-free in tw_timer_handler https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.225 - tracing: Fix check for trace_percpu_buffer validity in get_trace_buf() - tracing: Tag trace_percpu_buffer as a percpu pointer - ieee802154: atusb: fix uninit value in atusb_set_extended_addr - RDMA/core: Don't infoleak GRH fields - mac80211: initialize variable have_higher_than_11mbit - i40e: fix use-after-free in i40e_sync_filters_subtask() - i40e: Fix incorrect netdev's real number of RX/TX queues - ipv6: Check attribute length for RTA_GATEWAY in multipath route - ipv6: Check attribute length for RTA_GATEWAY when deleting multipath route - sch_qfq: prevent shift-out-of-bounds in qfq_init_qdisc - xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate (CVE-2021-4155) - rndis_host: support Hytera digital radios - phonet: refcount leak in pep_sock_accep (CVE-2021-45095) - ipv6: Continue processing multipath route even if gateway attribute is invalid - ipv6: Do cleanup if attribute validation fails in multipath route - scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown() - ip6_vti: initialize __ip6_tnl_parm struct in vti6_siocdevprivate - net: udp: fix alignment problem in udp4_seq_show() - mISDN: change function names to avoid conflicts https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.226 - Bluetooth: bfusb: fix division by zero in send path - USB: core: Fix bug in resuming hub's handling of wakeup requests - USB: Fix "slab-out-of-bounds Write" bug in usb_hcd_poll_rh_status - can: bcm: switch timer to HRTIMER_MODE_SOFT and remove hrtimer_tasklet - veth: Do not record rx queue hint in veth_xmit - [x86] mfd: intel-lpss: Fix too early PM enablement in the ACPI ->probe() - can: gs_usb: fix use of uninitialized variable, detach device on reception of invalid USB data - can: gs_usb: gs_can_start_xmit(): zero-initialize hf->{flags,reserved} - random: fix data race on crng_node_pool - random: fix data race on crng init time - [x86] drm/i915: Avoid bitwise vs logical OR warning in snb_wm_latency_quirk() - kbuild: Add $(KBUILD_HOSTLDFLAGS) to 'has_libelf' test - orangefs: Fix the size of a memory allocation in orangefs_bufmap_alloc() - [s390x] KVM: s390: Clarify SIGP orders versus STOP/RESTART - media: uvcvideo: fix division by zero at stream start - rtlwifi: rtl8192cu: Fix WARNING when calling local_irq_restore() with interrupts enabled - firmware: qemu_fw_cfg: fix sysfs information leak - firmware: qemu_fw_cfg: fix NULL-pointer deref on duplicate entries - firmware: qemu_fw_cfg: fix kobject leak in probe error path - ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Master after reboot from Windows - HID: uhid: Fix worker destroying device without any protection - HID: wacom: Reset expected and received contact counts at the same time - HID: wacom: Ignore the confidence flag when a touch is removed - HID: wacom: Avoid using stale array indicies to read contact count - f2fs: fix to do sanity check in is_alive() - nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind() - [armhf] mtd: rawnand: gpmi: Remove explicit default gpmi clock setting for i.MX6 - [x86] gpu: Reserve stolen memory for first integrated Intel GPU - rtc: cmos: take rtc_lock while reading from CMOS - media: flexcop-usb: fix control-message timeouts - media: mceusb: fix control-message timeouts - media: em28xx: fix control-message timeouts - media: cpia2: fix control-message timeouts - media: s2255: fix control-message timeouts - media: dib0700: fix undefined behavior in tuner shutdown - media: redrat3: fix control-message timeouts - media: pvrusb2: fix control-message timeouts - media: stk1160: fix control-message timeouts - [x86] can: softing_cs: softingcs_probe(): fix memleak on registration failure - PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller - shmem: fix a race between shmem_unused_huge_shrink and shmem_evict_inode - Bluetooth: cmtp: fix possible panic when cmtp_init_sockets() fails - [arm*] clk: bcm-2835: Pick the closest clock rate - [arm*] clk: bcm-2835: Remove rounding up the dividers - [arm64] wcn36xx: Indicate beacon not connection loss on MISSED_BEACON_IND - [arm64] wcn36xx: Release DMA channel descriptor allocations - media: videobuf2: Fix the size printk format - media: em28xx: fix memory leak in em28xx_init_dev - Bluetooth: stop proccessing malicious adv data - [arm64] tee: fix put order in teedev_close_context() - media: dmxdev: fix UAF when dvb_register_device() fails - [arm64] crypto: qce - fix uaf on qce_ahash_register_one - netfilter: bridge: add support for pppoe filtering - drm/amdgpu: Fix a NULL pointer dereference in amdgpu_connector_lcd_native_mode() - drm/radeon/radeon_kms: Fix a NULL pointer dereference in radeon_driver_open_kms() - [arm*] serial: amba-pl011: do not request memory region twice - floppy: Fix hang in watchdog when disk is ejected - media: dib8000: Fix a memleak in dib8000_init() - media: saa7146: mxb: Fix a NULL pointer dereference in mxb_attach() - media: si2157: Fix "warm" tuner state detection - sched/rt: Try to restart rt period timer when rt runtime exceeded - xfrm: fix a small bug in xfrm_sa_len() - media: dw2102: Fix use after free - media: msi001: fix possible null-ptr-deref in msi001_probe() - [arm64] drm/msm/dpu: fix safe status debugfs file - xfrm: interface with if_id 0 should return error - xfrm: state and policy should fail if XFRMA_IF_ID 0 - usb: ftdi-elan: fix memory leak on device disconnect - [armhf] mmc: meson-mx-sdio: add IRQ check - [x86] mce/inject: Avoid out-of-bounds write when setting flags - [x86] pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in __nonstatic_find_io_region() - [x86] pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in nonstatic_find_mem_region() - netfilter: ipt_CLUSTERIP: fix refcount leak in clusterip_tg_check() - ppp: ensure minimum packet size in ppp_write() - Bluetooth: hci_bcm: Check for error irq - [arm64,armhf] spi: spi-meson-spifc: Add missing pm_runtime_disable() in meson_spifc_probe - tpm: add request_locality before write TPM_INT_ENABLE - can: softing: softing_startstop(): fix set but not used variable warning - pcmcia: fix setting of kthread task states - net: mcs7830: handle usb read errors properly - ext4: avoid trim error on fs with small groups - ALSA: jack: Add missing rwsem around snd_ctl_remove() calls - ALSA: PCM: Add missing rwsem around snd_ctl_remove() calls - ALSA: hda: Add missing rwsem around snd_ctl_remove() calls - [arm64] RDMA/hns: Validate the pkey index - [powerpc*] prom_init: Fix improper check of prom_getprop() - ALSA: oss: fix compile error when OSS_DEBUG is enabled - [arm64,armhf] iommu/io-pgtable-arm: Fix table descriptor paddr formatting - scsi: ufs: Fix race conditions related to driver data - RDMA/core: Let ib_find_gid() continue search even after empty entry - [x86] ASoC: rt5663: Handle device_property_read_u32_array error codes - [arm*] iommu/iova: Fix race between FQ timeout and teardown - RDMA/cxgb4: Set queue pair state when being queried - Bluetooth: Fix debugfs entry leak in hci_register_dev() - fs: dlm: filter user dlm messages for kernel locks - ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START reply - drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR - usb: gadget: f_fs: Use stream_open() for endpoint files - HID: apple: Do not reset quirks when the Fn key is not found - media: b2c2: Add missing check in flexcop_pci_isr: - gpiolib: acpi: Do not set the IRQ type if the IRQ is already in use - [armhf] HSI: core: Fix return freed object in hsi_new_client - [x86] mwifiex: Fix skb_over_panic in mwifiex_usb_recv() (CVE-2021-43976) - rsi: Fix out-of-bounds read in rsi_read_pkt() - floppy: Add max size check for user space request - media: saa7146: hexium_orion: Fix a NULL pointer dereference in hexium_attach() - media: m920x: don't use stack on USB reads - iwlwifi: mvm: synchronize with FW after multicast commands - ath10k: Fix tx hanging - net-sysfs: update the queue counts in the unregistration path - [x86] mce: Mark mce_panic() noinstr - [x86] mce: Mark mce_end() noinstr - [x86] mce: Mark mce_read_aux() noinstr - net: bonding: debug: avoid printing debug logs when bond is not notifying peers - bpf: Do not WARN in bpf_warn_invalid_xdp_action() - HID: quirks: Allow inverting the absolute X/Y values - media: igorplugusb: receiver overflow should be reported - media: saa7146: hexium_gemini: Fix a NULL pointer dereference in hexium_attach() - mmc: core: Fixup storing of OCR for MMC_QUIRK_NONSTD_SDIO - audit: ensure userspace is penalized the same as the kernel when under pressure - usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0 - ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream - iwlwifi: fix leaks/bad data after failed firmware load - iwlwifi: remove module loading failure message - iwlwifi: mvm: Fix calculation of frame length - jffs2: GC deadlock reading a page that is used in jffs2_write_begin() - ACPICA: actypes.h: Expand the ACPI_ACCESS_ definitions - ACPICA: Utilities: Avoid deleting the same object twice in a row - ACPICA: Executer: Fix the REFCLASS_REFOF case in acpi_ex_opcode_1A_0T_1R() - ACPICA: Hardware: Do not flush CPU cache when entering S4 and S5 - drm/amdgpu: fixup bad vram size on gmc v8 - [x86] ACPI: battery: Add the ThinkPad "Not Charging" quirk - btrfs: remove BUG_ON() in find_parent_nodes() - btrfs: remove BUG_ON(!eie) in find_parent_nodes - net: mdio: Demote probed message to debug print - mac80211: allow non-standard VHT MCS-10/11 - dm btree: add a defensive bounds check to insert_at() - dm space map common: add bounds check to sm_ll_lookup_bitmap() - net: phy: marvell: configure RGMII delays for 88E1118 - [arm64] regulator: qcom_smd: Align probe function with rpmh-regulator - [arm64,armhf] serial: pl010: Drop CR register reset on set_termios - serial: core: Keep mctrl register state and cached copy in sync - [powerpc*] powernv: add missing of_node_put - [powerpc*] btext: add missing of_node_put - [powerpc*] watchdog: Fix missed watchdog reset due to memory ordering race - [x86] i2c: i801: Don't silently correct invalid transfer size - [powerpc*] smp: Move setup_profiling_timer() under CONFIG_PROFILING - [powerpc*] i2c: mpc: Correct I2C reset procedure - w1: Misuse of get_user()/put_user() reported by sparse - ALSA: seq: Set upper limit of processed events - [powerpc*] handle kdump appropriately with crash_kexec_post_notifiers option - [mips*] OCTEON: add put_device() after of_find_device_by_node() - [x86] i2c: designware-pci: Fix to change data types of hcnt and lcnt parameters - scsi: sr: Don't use GFP_DMA - [arm64] rpmsg: core: Clean up resources on announce_create failure. - ubifs: Error path in ubifs_remount_rw() seems to wrongly free write buffers - serial: Fix incorrect rs485 polarity on uart open - cputime, cpuacct: Include guest time in user time in cpuacct.stat - iwlwifi: mvm: Increase the scan timeout guard to 30 seconds - [s390x] mm: fix 2KB pgtable release race - [armhf] drm/etnaviv: limit submit sizes - ext4: make sure to reset inode lockdep class when quota enabling fails - ext4: make sure quota gets properly shutdown on error - ext4: set csum seed in tmp inode while migrating to extents - ext4: Fix BUG_ON in ext4_bread when write quota data - ext4: don't use the orphan list when migrating an inode - ASoC: dpcm: prevent snd_soc_dpcm use after free - regulator: core: Let boot-on regulators be powered off - drm/radeon: fix error handling in radeon_driver_open_kms - [arm64] RDMA/hns: Modify the mapping attribute of doorbell to device - RDMA/rxe: Fix a typo in opcode name - af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress - netns: add schedule point in ops_exit_list() - libcxgb: Don't accidentally set RTO_ONLINK in cxgb_find_route() - net_sched: restore "mpu xxx" handling - [mips*,s390x] gup: Work around the "COW can break either way" issue (CVE-2020-29374) - fuse: fix bad inode (CVE-2020-36322) - fuse: fix live lock in fuse_iget() (CVE-2021-28950) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.227 - [x86] drm/i915: Flush TLBs before releasing backing store (CVE-2022-0330) - net: bridge: clear bridge's private skb space on xmit - select: Fix indefinitely sleeping task in poll_schedule_timeout() - [x86] drm/vmwgfx: Fix stale file descriptors on failed usercopy (CVE-2022-22942) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.228 - Bluetooth: refactor malicious adv data check - [s390x] hypfs: include z/VM guests with access control group set - [s390x] scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices - udf: Restore i_lenAlloc when inode expansion fails (CVE-2022-0617) - udf: Fix NULL ptr deref when converting from inline format (CVE-2022-0617) - [armhf] drm/etnaviv: relax submit size limits - netfilter: nft_payload: do not update layer 4 checksum when mangling fragments - serial: 8250: of: Fix mapped region size when using reg-offset property - tty: n_gsm: fix SW flow control encoding/handling - tty: Add support for Brainboxes UC cards. - usb-storage: Add unusual-devs entry for VL817 USB-SATA bridge - [arm64,armhf] usb: common: ulpi: Fix crash in ulpi_match() - usb: gadget: f_sourcesink: Fix isoc transfer for USB_SPEED_SUPER_PLUS - USB: core: Fix hang in usb_kill_urb by adding memory barriers - [x86] usb: typec: tcpm: Do not disconnect while receiving VBUS off - [arm64,armhf] net: sfp: ignore disabled SFP node - i40e: Increase delay to 1 s after global EMP reset - i40e: Fix issue when maximum queues is exceeded - i40e: Fix queues reservation for XDP - i40e: fix unsigned stat widths - scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put() - ipv6_tunnel: Rate limit warning messages - net: fix information leakage in /proc/net/ptype - ping: fix the sk_bound_dev_if match in ping_lookup - ipv4: avoid using shared IP generator for connected sockets - hwmon: (lm90) Reduce maximum conversion rate for G781 - NFSv4: Handle case where the lookup of a directory fails (CVE-2022-24448) - NFSv4: nfs_atomic_open() can race when looking up a non-regular file - net-procfs: show net devices bound packet types - [arm64] drm/msm: Fix wrong size calculation - [arm64] drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable - ipv6: annotate accesses to fn->fn_sernum - NFS: Ensure the server has an up to date ctime before hardlinking - NFS: Ensure the server has an up to date ctime before renaming - phylib: fix potential use-after-free - yam: fix a memory leak in yam_siocdevprivate() (CVE-2022-24959) - ipv4: raw: lock the socket in raw_bind() - ipv4: tcp: send zero IPID in SYNACK messages - netfilter: nat: remove l4 protocol port rovers - netfilter: nat: limit port clash resolution attempts - tcp: fix possible socket leaks in internal pacing mode - ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback - [amd64,arm64] net: amd-xgbe: ensure to reset the tx_timer_active flag - [amd64,arm64] net: amd-xgbe: Fix skb data length underflow - rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink() - af_packet: fix data-race in packet_setsockopt / packet_setsockopt - audit: improve audit queue handling when "audit=1" on cmdline - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw() - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx() - ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx() - ALSA: hda/realtek: Add missing fixup-model entry for Gigabyte X570 ALC1220 quirks - ALSA: hda/realtek: Fix silent output on Gigabyte X570S Aorus Master (newer chipset) - ALSA: hda/realtek: Fix silent output on Gigabyte X570 Aorus Xtreme after reboot from Windows - drm/nouveau: fix off by one in BIOS boundary checking - block: bio-integrity: Advance seed correctly for larger interval sizes - RDMA/mlx4: Don't continue event handler after memory allocation failure - [amd64] iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping() - [amd64] iommu/amd: Fix loop timeout issue in iommu_ga_log_enable() - [armhf] spi: meson-spicc: add IRQ check in meson_spicc_probe - net: ieee802154: hwsim: Ensure proper channel selection at probe time - net: ieee802154: Return meaningful error codes from the netlink helpers - net: macsec: Verify that send_sci is on when setting Tx sci explicitly - [arm64,armhf] net: stmmac: ensure PTP time register reads are consistent - [x86] drm/i915/overlay: Prevent divide by zero bugs in scaling - scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe - nfsd: nfsd4_setclientid_confirm mistakenly expires confirmed client. - rtc: cmos: Evaluate century appropriate - [arm64] EDAC/xgene: Fix deferred probing - ext4: fix error handling in ext4_restore_inline_data() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.229 - cgroup-v1: Require capabilities to set release_agent (CVE-2022-0492) - moxart: fix potential use-after-free on remove path (CVE-2022-0487) - tipc: improve size validations for received domain records (CVE-2022-0435) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.230 - integrity: check the return value of audit_log_start() - net: phy: marvell: Fix MDI-x polarity setting in 88e1118-compatible PHYs - NFS: Fix initialisation of nfs_client cl_flags field - NFSD: Clamp WRITE offsets - NFSD: Fix offset type in I/O trace points - NFSv4 only print the label when its queried - nfs: nfs4clinet: check the return value of kstrdup() - NFSv4.1: Fix uninitialised variable in devicenotify - NFSv4 remove zero number of fs_locations entries error check - NFSv4 expose nfs_parse_server_name function - net: sched: Clarify error message when qdisc kind is unknown - scsi: target: iscsi: Make sure the np under each tpg is unique - [arm*] usb: dwc2: gadget: don't try to disable ep0 in dwc2_hsotg_suspend - [arm64,armhf] net: stmmac: dwmac-sun8i: use return val of readl_poll_timeout() - bpf: Add kconfig knob for disabling unpriv bpf by default - net: bridge: fix stale eth hdr pointer in br_dev_xmit - usb: f_fs: Fix use-after-free for epfile - ixgbevf: Require large buffers for build_skb on 82599VF - bonding: pair enable_port with slave_arr_updates - ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table() on failure path - net: do not keep the dst cache when uncloning an skb dst and its metadata - net: fix a memleak when uncloning an skb dst and its metadata - veth: fix races around rq->rx_notify_masked - tipc: rate limit warning for received illegal binding update - [amd64,arm64] net: amd-xgbe: disable interrupts during pci removal - vt_ioctl: fix array_index_nospec in vt_setactivate - vt_ioctl: add array_index_nospec to VT_ACTIVATE - n_tty: wake up poll(POLLRDNORM) on receiving data - [arm64,armhf] usb: ulpi: Move of_node_put to ulpi_dev_release - [arm64,armhf] usb: ulpi: Call of_node_put correctly - [arm64,armhf] usb: dwc3: gadget: Prevent core from processing stale TRBs - USB: gadget: validate interface OS descriptor requests (CVE-2022-25258) - usb: gadget: rndis: check size of RNDIS_MSG_SET command (CVE-2022-25375) - USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320 - USB: serial: option: add ZTE MF286D modem - USB: serial: ch341: add support for GW Instek USB2.0-Serial devices - USB: serial: cp210x: add NCR Retail IO box id - USB: serial: cp210x: add CPI Bulk Coin Recycler id - seccomp: Invalidate seccomp mode to catch death failures - [x86] hwmon: (dell-smm) Speed up setting of fan speed - perf: Fix list corruption in perf_cgroup_switch() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.231 - Makefile.extrawarn: Move -Wunaligned-access to W=1 - net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup - btrfs: send: in case of IO error log it - net: ieee802154: at86rf230: Stop leaking skb's - ax25: improve the incomplete fix to avoid UAF and NPD bugs - vfs: make freeze_super abort when sync_filesystem returns error - quota: make dquot_quota_sync return errors from ->sync_fs - nvme: fix a possible use-after-free in controller reset during load - nvme-rdma: fix possible use-after-free in transport error_recovery work - Revert "module, async: async_synchronize_full() on module init iff async is used" - iwlwifi: fix use-after-free - drm/radeon: Fix backlight control on iMac 12,1 - xfrm: Don't accidentally set RTO_ONLINK in decode_session4() - taskstats: Cleanup the use of task->exit_code - mmc: block: fix read single on recovery logic - vsock: remove vsock from connected table when connect is interrupted by a signal - iwlwifi: pcie: fix locking when "HW not ready" - iwlwifi: pcie: gen2: fix locking when "HW not ready" - ping: fix the dif and sdif check in ping_lookup - drop_monitor: fix data-race in dropmon_net_event / trace_napi_poll_hit - bonding: fix data-races around agg_select_timer - libsubcmd: Fix use-after-free for realloc(..., 0) - ALSA: hda: Fix regression on forced probe mask option - ALSA: hda: Fix missing codec probe on Shenker Dock 15 - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw() - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_range() - [powerpc*] lib/sstep: fix 'ptesync' build error - ext4: check for out-of-order index extents in ext4_valid_extent_entries() - block/wbt: fix negative inflight counter when remove scsi device - NFS: LOOKUP_DIRECTORY is also ok with symlinks - NFS: Do not report writeback errors in nfs_getattr() - EDAC: Fix calculation of returned address and next offset in edac_align_ptr() - net: sched: limit TC_ACT_REPEAT loops - lib/iov_iter: initialize "flags" in new pipe_buffer - [x86] Drivers: hv: vmbus: Expose monitor data only when monitor pages are used - [x86] Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj - [x86] KVM: x86/pmu: Use AMD64_RAW_EVENT_MASK for PERF_TYPE_RAW - [armhf] OMAP2+: hwmod: Add of_node_put() before break - netfilter: conntrack: don't refresh sctp entries in closed state - kconfig: let 'shell' return enough output for deep path names - ata: libata-core: Disable TRIM on M88V29 - tracing: Fix tp_printk option related with tp_printk_stop_on_boot - net: usb: qmi_wwan: Add support for Dell DW5829e - [arm64] net: macb: Align the dma and coherent dma masks https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.232 - cgroup/cpuset: Fix a race between cpuset_attach() and cpu hotplug - vhost/vsock: don't check owner in vhost_vsock_stop() while releasing - sr9700: sanity check for packet length - USB: zaurus: support another broken Zaurus - ping: remove pr_err from ping_lookup - net: __pskb_pull_tail() & pskb_carve_frag_list() drop_monitor friends - tipc: Fix end of loop tests for list_for_each_entry() - gso: do not skip outer ip header in case of ipip and net_failover - openvswitch: Fix setting ipv6 fields causing hw csum failure - drm/edid: Always set RGB444 - net/mlx5e: Fix wrong return value on ioctl EEPROM query failure - configfs: fix a race in configfs_{,un}register_subsystem() - RDMA/ib_srp: Fix a deadlock - tty: n_gsm: fix proper link termination after failed open - Revert "drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR" - memblock: use kfree() to release kmalloced memblock regions - fget: clarify and improve __fget_files() implementation - tracing: Have traceon and traceoff trigger honor the instance - ata: pata_hpt37x: disable primary channel on HPT371 - Revert "USB: serial: ch341: add new Product ID for CH341A" - usb: gadget: rndis: add spinlock for rndis response list - tracefs: Set the group ownership in apply_options() not parse_options() - USB: serial: option: add support for DW5829e - USB: serial: option: add Telit LE910R1 compositions - [arm64] usb: dwc3: pci: Fix Bay Trail phy GPIO mappings - [arm64,armhf] usb: dwc3: gadget: Let the interrupt handler disable bottom halves. - xhci: re-initialize the HC during resume if HCE was set - xhci: Prevent futile URB re-submissions due to incorrect return value. - tty: n_gsm: fix encoding of control signal octet bit DV . [ Salvatore Bonaccorso ] * Bump ABI to 19 * [rt] Update to 4.19.210-rt90 * [rt] Update to 4.19.211-rt91 * [rt] Update to 4.19.212-rt92 * [rt] Update to 4.19.214-rt93 * [rt] Update to 4.19.215-rt94 - fscache: fix initialisation of cookie hash table raw spinlocks * [rt] Update to 4.19.217-rt95 * Refresh "Export symbols needed by Android drivers" * liblockdep: Stop build liblockdep packages * [rt] Update to 4.19.218-rt96 * [rt] Update to 4.19.219-rt97 * [rt] Refresh "net: move xmit_recursion to per-task variable on -RT" * Refresh "Export symbols needed by Android drivers" * [rt] Update to 4.19.225-rt101 * Refresh "Revert "objtool: Fix CONFIG_STACK_VALIDATION=y warning for out-of-tree modules"" * [rt] Update to 4.19.227-rt102 * [rt] Update to 4.19.230-rt103 * init: Enable BPF_UNPRIV_DEFAULT_OFF (Closes: #990411) * Mitigate Spectre v2-type Branch History Buffer attacks (CVE-2022-0001, CVE-2022-0002) - [x86] speculation: Merge one test in spectre_v2_user_select_mitigation() - [x86] bugs: Unconditionally allow spectre_v2=retpoline,amd - [x86] speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE - [x86] speculation: Add eIBRS + Retpoline options - Documentation/hw-vuln: Update spectre doc - [x86] speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting - [x86] speculation: Use generic retpoline by default on AMD - [x86] speculation: Update link to AMD speculation whitepaper - [x86] speculation: Warn about Spectre v2 LFENCE mitigation - [x86] speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT linux-signed-arm64 (4.19.235+1) buster; urgency=medium . * Sign kernel from linux 4.19.235-1 . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.233 - mac80211_hwsim: report NOACK frames in tx_status - mac80211_hwsim: initialize ieee80211_tx_info at hw_scan_work - [arm*] i2c: bcm2835: Avoid clock stretching timeouts - [x86] ASoC: rt5682: do not block workqueue if card is unbound - Input: clear BTN_RIGHT/MIDDLE on buttonpads - cifs: fix double free race when mount fails in cifs_get_root() - net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990 - usb: gadget: don't release an existing dev->buf (CVE-2022-24958) - usb: gadget: clear related members when goto fail (CVE-2022-24958) - ata: pata_hpt37x: fix PCI clock detection - [x86] ALSA: intel_hdmi: Fix reference to PCM buffer address - ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min - xfrm: fix MTU regression - netfilter: fix use-after-free in __nf_register_net_hook() - xfrm: fix the if_id check in changelink - xfrm: enforce validity of offload input flags - netfilter: nf_queue: don't assume sk is full socket - netfilter: nf_queue: fix possible use-after-free - batman-adv: Request iflink once in batadv-on-batadv check - batman-adv: Request iflink once in batadv_get_real_netdevice - batman-adv: Don't expect inter-netns unique iflink indices - net: dcb: flush lingering app table entries for unregistered devices - net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error generated by client - net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error cause by server - block: Fix fsync always failed if once failed - PCI: pciehp: Fix infinite loop in IRQ handler upon power fault - xen/netfront: destroy queues before real_num_tx_queues is zeroed - mac80211: fix forwarded mesh frames AC & queue selection - [arm64,armhf] net: stmmac: fix return value of __setup handler - net: arcnet: com20020: Fix null-ptr-deref in com20020pci_probe() - efivars: Respect "block" flag in efivar_entry_set_safe() - can: gs_usb: change active_channels's type from atomic_t to u8 - [armel,armhf] 9182/1: mmu: fix returns from early_param() and __setup() functions - net: chelsio: cxgb3: check the return value of pci_find_capability() - nl80211: Handle nla_memdup failures in handle_nan_filter - Input: elan_i2c - move regulator_[en|dis]able() out of elan_[en|dis]able_power() - Input: elan_i2c - fix regulator enable count imbalance after suspend/resume - HID: add mapping for KEY_ALL_APPLICATIONS - memfd: fix F_SEAL_WRITE after shmem huge page allocated - tracing/histogram: Fix sorting on old "cpu" value - btrfs: add missing run of delayed items after unlink during log replay - net: dcb: disable softirqs in dcbnl_flush_dev() - hamradio: fix macro redefine warning https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.234 - [arm*] Provide a wrapper for SMCCC 1.1 calls - [arm64,armhf] smccc/psci: add arm_smccc_1_1_get_conduit() - [armhf] report Spectre v2 status through sysfs - [armel,armhf] early traps initialisation - [armel,armhf] use LOADADDR() to get load address of sections - [armel,armhf] Spectre-BHB workaround - [armel,armhf] include unprivileged BPF status in Spectre V2 reporting - [armel,armhf] fix build error when BPF_SYSCALL is disabled - [armel,armhf] fix co-processor register typo - [armel,armhf] Do not use NOCROSSREFS directive with ld.lld - [armhf] fix build warning in proc-v7-bugs.c - xen/xenbus: don't let xenbus_grant_ring() remove grants in error case (CVE-2022-23040, XSA-396) - xen/grant-table: add gnttab_try_end_foreign_access() (CVE-2022-23036, CVE-2022-23038, XSA-396) - xen/blkfront: don't use gnttab_query_foreign_access() for mapped status (CVE-2022-23036, XSA-396) - xen/netfront: don't use gnttab_query_foreign_access() for mapped status (CVE-2022-23037, XSA-396) - xen/scsifront: don't use gnttab_query_foreign_access() for mapped status (CVE-2022-23038, XSA-396) - xen/gntalloc: don't use gnttab_query_foreign_access() (CVE-2022-23039, XSA-396) - xen: remove gnttab_query_foreign_access() - xen/9p: use alloc/free_pages_exact() (CVE-2022-23041, XSA-396) - xen/pvcalls: use alloc/free_pages_exact() (CVE-2022-23041, XSA-396) - xen/gnttab: fix gnttab_end_foreign_access() without page specified (CVE-2022-23041, XSA-396) - xen/netfront: react properly to failing gnttab_end_foreign_access_ref() (CVE-2022-23042, XSA-396) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.235 - net: qlogic: check the return value of dma_alloc_coherent() in qed_vf_hw_prepare() - qed: return status of qed_iov_get_link - ax25: Fix NULL pointer dereference in ax25_kill_by_device - net/mlx5: Fix size field in bufferx_reg struct - NFC: port100: fix use-after-free in port100_send_complete - net: phy: DP83822: clear MISR2 register to disable interrupts - sctp: fix kernel-infoleak for SCTP sockets - net-sysfs: add check for netdevice being present to speed_show - Revert "xen-netback: remove 'hotplug-status' once it has served its purpose" - Revert "xen-netback: Check for hotplug-status existence before watching" - tracing: Ensure trace buffer is at least 4096 bytes large - [arm64] net: macb: Fix lost RX packet wakeup race in NAPI receive - virtio: unexport virtio_finalize_features - virtio: acknowledge all features before access - [armel,armhf] fix Thumb2 regression with Spectre BHB - ext4: add check to prevent attempting to resize an fs with sparse_super2 - btrfs: unlock newly allocated extent buffer after error (CVE-2021-4149) . [ Salvatore Bonaccorso ] * [rt] Add new signing key for Daniel Wagner * [rt] Update to 4.19.233-rt105 * Bump ABI to 20 * sctp: fix the processing for INIT chunk (CVE-2021-3772) * sctp: fix the processing for INIT_ACK chunk (CVE-2021-3772) linux-signed-arm64 (4.19.232+1) buster-security; urgency=high . * Sign kernel from linux 4.19.232-1 . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.209 - ocfs2: drop acl cache for directories too - [arm*] usb: dwc2: gadget: Fix ISOC transfer complete handling for DDMA - [armhf] usb: musb: tusb6010: uninitialized data in tusb_fifo_write_unaligned() - cifs: fix incorrect check for null pointer in header_assemble - [x86] xen/x86: fix PV trap handling on secondary processors - USB: serial: cp210x: add ID for GW Instek GDM-834x Digital Multimeter - USB: cdc-acm: fix minor-number release - Re-enable UAS for LaCie Rugged USB3-FW with fk quirk - USB: serial: mos7840: remove duplicated 0xac24 device ID - USB: serial: option: add Telit LN920 compositions - USB: serial: option: remove duplicate USB device ID - USB: serial: option: add device id for Foxconn T99W265 - [arm64] serial: mvebu-uart: fix driver's tx_empty callback - net: hso: fix muxed tty registration - bnxt_en: Fix TX timeout when TX ring size is set to the smallest - net/smc: add missing error check in smc_clc_prfx_set() - net/mlx4_en: Don't allow aRFS for encapsulated packets - scsi: iscsi: Adjust iface sysfs attr detection - [x86] tty: synclink_gt, drop unneeded forward declarations - [x86] tty: synclink_gt: rename a conflicting function name - thermal/core: Potential buffer overflow in thermal_build_list_of_policies() - [arm64,armhf] irqchip/gic-v3-its: Fix potential VPE leak on error - md: fix a lock order reversal in md_alloc - blktrace: Fix uaf in blk_trace access after removing by sysfs - [arm64,armhf] net: stmmac: allow CSR clock of 300MHz - xen/balloon: use a kernel thread instead a workqueue - nvme-multipath: fix ANA state updates when a namespace is not present - qnx4: avoid stringop-overread errors - [arm64] Mark __stack_chk_guard as __ro_after_init - net: 6pack: Fix tx timeout and slot time - [arm64] PCI: aardvark: Fix checking for PIO status - tcp: address problems caused by EDT misshaps - tcp: always set retrans_stamp on recovery - tcp: create a helper to model exponential backoff - tcp: adjust rto_base in retransmits_timed_out() - xen/balloon: fix balloon kthread freezing - tty: Fix out-of-bound vmalloc access in imageblit - cpufreq: schedutil: Use kobject release() method to free sugov_tunables - cpufreq: schedutil: Destroy mutex before kobject_put() frees the memory - mac80211: fix use-after-free in CCMP/GCMP RX - [x86] kvmclock: Move this_cpu_pvti into kvmclock.h - ipvs: check that ip_vs_conn_tab_bits is between 8 and 20 - mac80211: Fix ieee80211_amsdu_aggregate frag_tail bug - mac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap - sctp: break out if skb_header_pointer returns NULL in sctp_rcv_ootb - hwmon: (tmp421) Replace S_ with octal values - hwmon: (tmp421) report /PVLD condition as fault - hwmon: (tmp421) fix rounding for negative values - e100: fix length calculation in e100_get_regs_len - e100: fix buffer overrun in e100_get_regs - Revert "block, bfq: honor already-setup queue merges" - scsi: csiostor: Add module softdep on cxgb4 - af_unix: fix races in sk_peer_pid and sk_peer_cred accesses (CVE-2021-4203) - elf: don't use MAP_FIXED_NOREPLACE for elf interpreter mappings - ext4: fix potential infinite loop in ext4_dx_readdir() - net: udp: annotate data race around udp_sk(sk)->corkflag - [armel,armhf] 9077/1: PLT: Move struct plt_entries definition to header - [armel,armhf] 9078/1: Add warn suppress parameter to arm_gen_branch_link() - [armel,armhf] 9079/1: ftrace: Add MODULE_PLTS support - [armel,armhf] 9098/1: ftrace: MODULE_PLT: Fix build problem without DYNAMIC_FTRACE - [x86] crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd() (CVE-2021-3744, CVE-2021-3764) - HID: betop: fix slab-out-of-bounds Write in betop_probe - netfilter: ipset: Fix oversized kvmalloc() calls - HID: usbhid: free raw_report buffers in usbhid_stop - cred: allow get_cred() and put_cred() to be given NULL. https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.210 - net: mdio: introduce a shutdown method to mdio device drivers - xen-netback: correct success/error reporting for the SKB-with-fraglist case - scsi: sd: Free scsi_disk device via put_device() - [arm*] usb: dwc2: check return value after calling platform_get_resource() - scsi: ses: Retry failed Send/Receive Diagnostic commands - libata: Add ATA_HORKAGE_NO_NCQ_ON_ATI for Samsung 860 and 870 SSD. - lib/timerqueue: Rely on rbtree semantics for next timer (CVE-2021-20317) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.211 - USB: cdc-acm: fix racy tty buffer accesses - USB: cdc-acm: fix break reporting - xen/privcmd: fix error handling in mmap-resource processing - ovl: fix missing negative dentry check in ovl_rename() (CVE-2021-20321) - nfsd4: Handle the NFSv4 READDIR 'dircount' hint being zero - xen/balloon: fix cancelled balloon action - [armhf] dts: omap3430-sdp: Fix NAND device node - [mips,mipsel] bpf, mips: Validate conditional branch offsets (CVE-2021-38300) - [armel,armhf] bpf, arm: Fix register clobbering in div/mod implementation - bpf: Fix integer overflow in prealloc_elems_and_freelist() (CVE-2021-41864) - phy: mdio: fix memory leak - net_sched: fix NULL deref in fifo_set_limit() - [i386] ptp_pch: Load module automatically if ID matches - [armhf] imx6: disable the GIC CPU interface before calling stby-poweroff sequence - net: bridge: use nla_total_size_64bit() in br_get_linkxstats_size() - [arm64,armhf] net: sfp: Fix typo in state machine debug string - netlink: annotate data races around nlk->bound - drm/nouveau/debugfs: fix file release memory leak - rtnetlink: fix if_nlmsg_stats_size() under estimation - i40e: fix endless loop under rtnl - i40e: Fix freeing of uninitialized misc IRQ vector - i2c: acpi: fix resource leak in reconfiguration device addition https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.212 - [armhf] net: phy: bcm7xxx: Fixed indirect MMD operations - HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS - netfilter: ip6_tables: zero-initialize fragment offset - mac80211: Drop frames from invalid MAC address in ad-hoc mode - net: prevent user from passing illegal stab size - mac80211: check return value of rhashtable_init - scsi: ses: Fix unsigned comparison with less than zero - scsi: virtio_scsi: Fix spelling mistake "Unsupport" -> "Unsupported" - [x86] perf/x86: Reset destroy callback on event init failure - sched: Always inline is_percpu_thread() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.213 - ALSA: seq: Fix a potential UAF by wrong private_free call order - ALSA: hda/realtek: Complete partial device name to avoid ambiguity - ALSA: hda/realtek: Add quirk for Clevo X170KM-G - ALSA: hda/realtek - ALC236 headset MIC recording issue - [s390x] fix strrchr() implementation - btrfs: deal with errors when replaying dir entry during log replay - btrfs: deal with errors when adding inode reference during log replay - btrfs: check for error when looking up inode during dir entry replay - [x86] mei: me: add Ice Lake-N device id. - xhci: guard accesses to ep_state in xhci_endpoint_reset() - xhci: Fix command ring pointer corruption while aborting a command - xhci: Enable trust tx length quirk for Fresco FL11 USB controller - cb710: avoid NULL pointer subtraction - [arm64,x86] efi/cper: use stack buffer for error record decoding - efi: Change down_interruptible() in virt_efi_reset_system() to down_trylock() - [armhf] usb: musb: dsps: Fix the probe error path - Input: xpad - add support for another USB ID of Nacon GC-100 - USB: serial: qcserial: add EM9191 QDL support - USB: serial: option: add Quectel EC200S-CN module support - USB: serial: option: add Telit LE910Cx composition 0x1204 - USB: serial: option: add prod. id for Quectel EG91 - virtio: write back F_VERSION_1 before validate - nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells - sctp: account stream padding length for reconf chunk (CVE-2022-0322) - ethernet: s2io: fix setting mac address during resume - nfc: fix error handling of nfc_proto_register() - NFC: digital: fix possible memory leak in digital_tg_listen_mdaa() - NFC: digital: fix possible memory leak in digital_in_send_sdd_req() - [i386] pata_legacy: fix a couple uninitialized variable bugs - [arm64] drm/msm: Fix null pointer dereference on pointer edp - [arm64] drm/msm/dsi: Fix an error code in msm_dsi_modeset_init() - [arm64] drm/msm/dsi: fix off by one in dsi_bus_clk_enable error handling - [arm64] acpi/arm64: fix next_platform_timer() section mismatch error - mqprio: Correct stats in mqprio_dump_class_stats(). - qed: Fix missing error code in qed_slowpath_start() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.214 - NFSD: Keep existing listeners on portlist error - netfilter: ipvs: make global sysctl readonly in non-init netns - [arm64] net: hns3: add limit ets dwrr bandwidth cannot be 0 - [arm64] net: hns3: disable sriov before unload hclge layer - can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state notification - can: peak_pci: peak_pci_remove(): fix UAF - ocfs2: fix data corruption after conversion from inline format - ocfs2: mount fails with buffer overflow in strlen - vfs: check fd has read access in kernel_read_file_from_fd() (CVE-2022-0644) - ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset - ALSA: hda/realtek: Add quirk for Clevo PC50HS - ASoC: DAPM: Fix missing kctl change notifications - mm, slub: fix mismatch between reconstructed freelist depth and cnt - nfc: nci: fix the UAF of rf_conn_info object (CVE-2021-3760) - isdn: cpai: check ctr->cnr to avoid array index out of bound (CVE-2021-43389) - btrfs: deal with errors when checking if a dir entry exists during log replay - [arm64,armhf] net: stmmac: add support for dwmac 3.40a - isdn: mISDN: Fix sleeping function called from invalid context - ALSA: hda: avoid write to STATESTS if controller is in reset - scsi: core: Fix shost->cmd_per_lun calculation in scsi_add_host_with_dma() - net: mdiobus: Fix memory leak in __mdiobus_register - tracing: Have all levels of checks prevent recursion https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.215 - [armel,armhf] 9139/1: kprobes: fix arch_init_kprobes() prototype - [powerpc*] bpf: Fix BPF_MOD when imm == 1 - [arm64] Avoid premature usercopy failure - usbnet: sanity check for maxpacket - usbnet: fix error return code in usbnet_probe() - ata: sata_mv: Fix the error handling of mv_chip_id() - nfc: port100: fix using -ERRNO as command type mask - Revert "net: mdiobus: Fix memory leak in __mdiobus_register" - ipv4: use siphash instead of Jenkins in fnhe_hashfun() (CVE-2021-20322) - ipv6: use siphash in rt6_exception_hash() (CVE-2021-20322) - ipv6: make exception cache less predictible (CVE-2021-20322) - mmc: vub300: fix control-message timeouts - mmc: cqhci: clear HALT state after CQE enable - [armhf] mmc: dw_mmc: exynos: fix the finding clock sample value - mmc: sdhci: Map more voltage level to SDHCI_POWER_330 - [armhf] mmc: sdhci-esdhc-imx: clear the buffer_read_ready to reset standard tuning circuit - net: lan78xx: fix division by zero in send path - RDMA/mlx5: Set user priority for DCT - [arm64] dts: allwinner: h5: NanoPI Neo 2: Fix ethernet node - regmap: Fix possible double-free in regcache_rbtree_exit() - net: batman-adv: fix error handling - net: Prevent infinite while loop in skb_tx_hash() - net: ethernet: microchip: lan743x: Fix driver crash when lan743x_pm_resume fails - net: ethernet: microchip: lan743x: Fix dma allocation failure by using dma_set_mask_and_coherent - sctp: use init_tag from inithdr for ABORT chunk (CVE-2021-3772) - sctp: fix the processing for COOKIE_ECHO chunk (CVE-2021-3772) - sctp: add vtag check in sctp_sf_violation (CVE-2021-3772) - sctp: add vtag check in sctp_sf_do_8_5_1_E_sa (CVE-2021-3772) - sctp: add vtag check in sctp_sf_ootb (CVE-2021-3772) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.216 - scsi: core: Put LLD module refcnt after SCSI device is released - media: firewire: firedtv-avc: fix a buffer overflow in avc_ca_pmt() (CVE-2021-42739) - IB/qib: Use struct_size() helper - IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields - sfc: Fix reading non-legacy supported link modes - arch: pgtable: define MAX_POSSIBLE_PHYSMEM_BITS where needed - [armel,armhf] 9120/1: Revert "amba: make use of -1 IRQs warn" https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.217 - [x86] Revert "x86/kvm: fix vcpu-id indexed array sizes" - usb: ehci: handshake CMD_RUN instead of STS_HALT - [arm64,armhf] usb: musb: Balance list entry in musb_gadget_queue - usb-storage: Add compatibility quirk flags for iODD 2531/2541 - printk/console: Allow to disable console output by using console="" or console=null - isofs: Fix out of bound access for corrupted isofs image - [x86] comedi: dt9812: fix DMA buffers on stack - [x86] comedi: ni_usb6501: fix NULL-deref in command paths - [x86] comedi: vmk80xx: fix transfer-buffer overflows - [x86] comedi: vmk80xx: fix bulk-buffer overflow - [x86] comedi: vmk80xx: fix bulk and interrupt message timeouts - staging: r8712u: fix control-message timeout - [x86] staging: rtl8192u: fix control-message timeouts - rsi: fix control-message timeout https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.218 - xhci: Fix USB 3.1 enumeration issues by increasing roothub power-on-good delay - binder: use euid from cred instead of using task - binder: use cred instead of task for selinux checks - Input: elantench - fix misreporting trackpoint coordinates (Closes: #989285) - libata: fix read log timeout value - ocfs2: fix data corruption on truncate - [arm64,armhf] mmc: dw_mmc: Dont wait for DRTO on Write RSP error - tpm: Check for integer overflow in tpm2_map_response_body() - [x86] media: ite-cir: IR receiver stop working after receive overflow - media: ir-kbd-i2c: improve responsiveness of hauppauge zilog receivers (Closes: #994050) - ALSA: hda/realtek: Add quirk for Clevo PC70HS - ALSA: ua101: fix division by zero at probe - ALSA: 6fire: fix control and bulk message timeouts - ALSA: line6: fix control and interrupt message timeouts - ALSA: usb-audio: Add registration quirk for JBL Quantum 400 - ALSA: synth: missing check for possible NULL after the call to kstrdup - ALSA: timer: Fix use-after-free problem - ALSA: timer: Unconditionally unlink slave instances, too - [x86] irq: Ensure PI wakeup handler is unregistered before module unload - [arm64] cavium: Return negative value when pci_alloc_irq_vectors() fails - scsi: qla2xxx: Fix unmap of already freed sgl - [arm64] cavium: Fix return values of the probe function - sfc: Don't use netif_info before net_device setup - [x86] hyperv/vmbus: include linux/bitops.h - drm: panel-orientation-quirks: Add quirk for Aya Neo 2021 - bpf: Prevent increasing bpf_jit_limit above max - xen/netfront: stop tx queues during live migration - [armhf] spi: spl022: fix Microwire full duplex mode - [armhf] watchdog: Fix OMAP watchdog early handling - [x86] vmxnet3: do not stop tx queues after netif_device_detach() - btrfs: clear MISSING device status bit in btrfs_close_one_device - btrfs: fix lost error handling when replaying directory deletes - btrfs: call btrfs_check_rw_degradable only if there is a missing device - [armhf] regulator: s5m8767: do not use reset value as DVS voltage if GPIO DVS is disabled - [armhf] regulator: dt-bindings: samsung,s5m8767: correct s5m8767,pmic-buck-default-dvs-idx property - EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell - [x86] mwifiex: fix division by zero in fw download path - ath6kl: fix division by zero in send path - ath6kl: fix control-message timeout - ath10k: fix control-message timeout - ath10k: fix division by zero in send path - PCI: Mark Atheros QCA6174 to avoid bus reset - rtl8187: fix control-message timeouts - [arm64] wcn36xx: Fix HT40 capability for 2Ghz band - mwifiex: Read a PCI register after writing the TX ring write pointer - libata: fix checking of DMA state - [arm64] wcn36xx: handle connection loss indication - rsi: fix occasional initialisation failure with BT coex - rsi: fix key enabled check causing unwanted encryption for vap_id > 0 - rsi: fix rate mask set leading to P2P failure - rsi: Fix module dev_oper_mode parameter description - RDMA/qedr: Fix NULL deref for query_qp on the GSI QP - signal: Remove the bogus sigkill_pending in ptrace_stop - [mips*] signal/mips: Update (_save|_restore)_fp_context to fail with -EFAULT - [x86] power: supply: max17042_battery: Prevent int underflow in set_soc_threshold - [x86] power: supply: max17042_battery: use VFSOC for capacity when no rsns - serial: core: Fix initializing and restoring termios speed - ALSA: mixer: oss: Fix racy access to slots - ALSA: mixer: fix deadlock in snd_mixer_oss_set_volume - xen/balloon: add late_initcall_sync() for initial ballooning done - [arm64] PCI: aardvark: Do not clear status bits of masked interrupts - [arm64] PCI: aardvark: Do not unmask unused interrupts - [arm64] PCI: aardvark: Fix return value of MSI domain .alloc() method - [arm64] PCI: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG - quota: check block number when reading the block in quota file - quota: correct error number in free_dqentry() - pinctrl: core: fix possible memory leak in pinctrl_enable() - iio: dac: ad5446: Fix ad5622_write() return value - USB: serial: keyspan: fix memleak on probe errors - USB: iowarrior: fix control-message timeouts - drm: panel-orientation-quirks: Add quirk for KD Kurio Smart C15200 2-in-1 - Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg() (CVE-2021-3640) - Bluetooth: fix use-after-free error in lock_sock_nested() (CVE-2021-3752) - [x86] platform/x86: wmi: do not fail if disabling fails - locking/lockdep: Avoid RCU-induced noinstr fail - net: sched: update default qdisc visibility after Tx queue cnt changes - [x86] Increase exception stack sizes - mwifiex: Run SET_BSS_MODE when changing from P2P to STATION vif-type - mwifiex: Properly initialize private structure on interface type changes - media: netup_unidvb: handle interrupt properly according to the firmware - media: uvcvideo: Set capability in s_param - media: uvcvideo: Return -EIO for control errors - media: mceusb: return without resubmitting URB in case of -EPROTO error. - ACPICA: Avoid evaluating methods too early during system resume - media: usb: dvd-usb: fix uninit-value bug in dibusb_read_eeprom_byte() - tracefs: Have tracefs directories not set OTH permission bits by default - ath: dfs_pattern_detector: Fix possible null-pointer dereference in channel_detector_create() - [x86] ACPI: battery: Accept charges over the design capacity as full - memstick: r592: Fix a UAF bug when removing the driver - lib/xz: Avoid overlapping memcpy() with invalid input with in-place decompression - lib/xz: Validate the value before assigning it to an enum variable - workqueue: make sysfs of unbound kworker cpumask more clever - mwl8k: Fix use-after-free in mwl8k_fw_state_machine() - PM: hibernate: Get block device exclusively in swsusp_check() - iwlwifi: mvm: disable RX-diversity in powersave - gre/sit: Don't generate link-local addr if addr_gen_mode is IN6_ADDR_GEN_MODE_NONE - [x86] hyperv: Protect set_hv_tscchange_cb() against getting preempted - task_stack: Fix end_of_stack() for architectures with upwards-growing stack - Bluetooth: fix init and cleanup of sco_conn.timeout_work - cgroup: Make rebind_subsystems() disable v2 controllers all at once - drm/amdgpu: fix warning for overflow check - media: em28xx: add missing em28xx_close_extension - media: dvb-usb: fix ununit-value in az6027_rc_query - media: si470x: Avoid card name truncation - media: cx23885: Fix snd_card_free call on null card pointer - cpuidle: Fix kobject memory leaks in error paths - media: em28xx: Don't use ops->suspend if it is NULL - ath9k: Fix potential interrupt storm on queue reset - [x86] crypto: qat - detect PFVF collision after ACK - [x86] crypto: qat - disregard spurious PFVF interrupts - b43legacy: fix a lower bounds test - b43: fix a lower bounds test - [armhf] mmc: sdhci-omap: Fix NULL pointer exception if regulator is not configured - memstick: jmb38x_ms: use appropriate free function in jmb38x_ms_alloc_host() - hwmon: Fix possible memleak in __hwmon_device_register() - ath10k: fix max antenna gain unit - [arm64] drm/msm: uninitialized variable in msm_gem_import() - net: stream: don't purge sk_error_queue in sk_stream_kill_queues() - [x86] platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning - rsi: stop thread firstly in rsi_91x_init() error handling - mwifiex: Send DELBA requests according to spec - phy: micrel: ksz8041nl: do not use power down mode - nvme-rdma: fix error code in nvme_rdma_setup_ctrl - PM: hibernate: fix sparse warnings - [arm64] drm/msm: Fix potential NULL dereference in DPU SSPP - [s390x] gmap: don't unconditionally call pte_unmap_unlock() in __gmap_zap() - tcp: don't free a FIN sk_buff in tcp_remove_empty_skb() - [s390x] KVM: s390: Fix handle_sske page fault handling - libertas_tf: Fix possible memory leak in probe and disconnect - libertas: Fix possible memory leak in probe and disconnect - [arm64] wcn36xx: add proper DMA memory barriers in rx path - [amd64,arm64] net: amd-xgbe: Toggle PLL settings during rate change - [arm64,armhf] net: phylink: avoid mvneta warning when setting pause parameters - crypto: pcrypt - Delay write to padata->info - RDMA/rxe: Fix wrong port_cap_flags - scsi: dc395: Fix error case unwinding - JFS: fix memleak in jfs_mount - ALSA: hda: Reduce udelay() at SKL+ position reporting - [arm64,armhf] soc/tegra: Fix an error handling path in tegra_powergate_power_up() - serial: 8250_dw: Drop wrong use of ACPI_PTR() - scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn() - RDMA/mlx4: Return missed an error if device doesn't support steering - [arm64] phy: qcom-qusb2: Fix a memory leak on probe - [arm64] serial: xilinx_uartps: Fix race condition causing stuck TX - [mips*] cm: Convert to bitfield API to fix out-of-bounds access - apparmor: fix error check - rpmsg: Fix rpmsg_create_ept return when RPMSG config is not defined - pnfs/flexfiles: Fix misplaced barrier in nfs4_ff_layout_prepare_ds - drm/plane-helper: fix uninitialized variable reference - [arm64] PCI: aardvark: Don't spam about PIO Response Status - NFS: Fix deadlocks in nfs_scan_commit_list() - fs: orangefs: fix error return code of orangefs_revalidate_lookup() - [arm64] mtd: spi-nor: hisi-sfc: Remove excessive clk_disable_unprepare() - netfilter: nfnetlink_queue: fix OOB when mac header was cleared - dmaengine: dmaengine_desc_callback_valid(): Check for `callback_result` - [x86] watchdog: f71808e_wdt: fix inaccurate report in WDIOC_GETTIMEOUT - scsi: qla2xxx: Fix gnl list corruption - scsi: qla2xxx: Turn off target reset during issue_lip - xen-pciback: Fix return in pm_ctrl_init() - [armhf] net: davinci_emac: Fix interrupt pacing disable - bonding: Fix a use-after-free problem when bond_sysfs_slave_add() failed - mm/zsmalloc.c: close race window between zs_pool_dec_isolated() and zs_unregister_migration() - zram: off by one in read_block_state() - llc: fix out-of-bound array index in llc_sk_dev_hash() - nfc: pn533: Fix double free when pn533_fill_fragment_skbs() fails - [arm64] pgtable: make __pte_to_phys/__phys_to_pte_val inline functions - vsock: prevent unnecessary refcnt inc for nonblocking connect - cxgb4: fix eeprom len when diagnostics not implemented - [arm64,armhf] USB: chipidea: fix interrupt deadlock - [armel,armhf] 9155/1: fix early early_iounmap() - f2fs: should use GFP_NOFS for directory inodes - 9p/net: fix missing error check in p9_check_errors - [powerpc*] lib: Add helper to check if offset is within conditional branch range - [powerpc*] bpf: Validate branch ranges - [powerpc*] bpf: Fix BPF_SUB when imm == 0x80000000 - [powerpc*] security: Add a helper to query stf_barrier type - [powerpc*] bpf: Emit stf barrier instruction sequences for BPF_NOSPEC - mm, oom: pagefault_out_of_memory: don't force global OOM for dying tasks - mm, oom: do not trigger out_of_memory from the #PF - [armhf] backlight: gpio-backlight: Correct initial power state handling - video: backlight: Drop maximum brightness override for brightness zero - [s390x] cio: check the subchannel validity for dev_busid - [s390x] tape: fix timer initialization in tape_std_assign() - PCI: Add PCI_EXP_DEVCTL_PAYLOAD_* macros - fuse: truncate pagecache on atomic_o_trunc - [x86] cpu: Fix migration safety with X86_BUG_NULL_SEL - ext4: fix lazy initialization next schedule time computation in more granular unit - PCI/MSI: Destroy sysfs before freeing entries - PCI/MSI: Deal with devices lying about their MSI mask capability - PCI: Add MSI masking quirk for Nvidia ION AHCI - [arm64] zynqmp: Do not duplicate flash partition label property - [arm64] zynqmp: Fix serial compatible string - scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() - [armhf] usb: musb: tusb6010: check return value after calling platform_get_resource() - [x86] usb: typec: tipd: Remove WARN_ON in tps6598x_block_read - [x86] ASoC: nau8824: Add DMI quirk mechanism for active-high jack-detect - scsi: advansys: Fix kernel pointer leak - firmware_loader: fix pre-allocated buf built-in firmware use - tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc - scsi: target: Fix ordered tag handling - scsi: target: Fix alua_tg_pt_gps_count tracking - [i386] ALSA: gus: fix null pointer dereference on pointer block - f2fs: fix up f2fs_lookup tracepoints - sched/core: Mitigate race cpus_share_cache()/update_top_cache_domain() - drm/nouveau: hdmigv100.c: fix corrupted HDMI Vendor InfoFrame - iavf: check for null in iavf_fix_features - iavf: Fix for the false positive ASQ/ARQ errors while issuing VF reset - [x86] platform/x86: hp_accel: Fix an error handling path in 'lis3lv02d_probe()' - net: virtio_net_hdr_to_skb: count transport header in UFO - i40e: Fix correct max_pkt_size on VF RX queue - i40e: Fix NULL ptr dereference on VSI filter sync - i40e: Fix changing previously set num_queue_pairs for PFs - i40e: Fix display error code in dmesg - NFC: reorganize the functions in nci_request - [x86] perf/x86/intel/uncore: Fix filter_tid mask for CHA events on Skylake Server - [x86] perf/x86/intel/uncore: Fix IIO event constraints for Skylake Server - tun: fix bonding active backup with arp monitoring - ipc: WARN if trying to remove ipc object which is absent - [x86] hyperv: Fix NULL deref in set_hv_tscchange_cb() if Hyper-V setup fails - udf: Fix crash after seekdir - btrfs: fix memory ordering between normal and ordered work functions - cfg80211: call cfg80211_stop_ap when switch from P2P_GO type - drm/udl: fix control-message timeout - drm/amdgpu: fix set scaling mode Full/Full aspect/Center not works on vga and dvi connectors - perf/core: Avoid put_page() when GUP fails - batman-adv: mcast: fix duplicate mcast packets in BLA backbone from LAN - batman-adv: Consider fragmentation for needed_headroom - batman-adv: Reserve needed_*room for fragments - batman-adv: Don't always reallocate the fragmentation skb head - RDMA/netlink: Add __maybe_unused to static inline in C file - ASoC: DAPM: Cover regression by kctl change notification fix - [arm64,armhf] soc/tegra: pmc: Fix imbalanced clock disabling in error code path https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.219 - USB: serial: option: add Telit LE910S1 0x9200 composition - USB: serial: option: add Fibocom FM101-GL variants - [arm*] usb: dwc2: hcd_queue: Fix use of floating point literal - usb: hub: Fix usb enumeration issue due to address0 race - usb: hub: Fix locking issues with address0_mutex - [arm*] binder: fix test regression due to sender_euid change - ALSA: ctxfi: Fix out-of-range access - media: cec: copy sequence field for the reply - HID: wacom: Use "Confidence" flag to prevent reporting invalid contacts - [x86] staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() - fuse: fix page stealing - xen: don't continue xenstore initialization in case of errors - xen: detect uninitialized xenbus in xenbus_init - tracing: Fix pid filtering when triggers are attached - proc/vmcore: fix clearing user buffer by properly using clear_user() - [arm64] PCI: aardvark: Fix a leaked reference by adding missing of_node_put() - [arm64] PCI: aardvark: Wait for endpoint to be ready before training link - [arm64] PCI: aardvark: Train link immediately after enabling training - [arm64] PCI: aardvark: Improve link training - [arm64] PCI: aardvark: Issue PERST via GPIO - [arm64] PCI: aardvark: Replace custom macros by standard linux/pci_regs.h macros - [arm64] PCI: aardvark: Indicate error in 'val' when config read fails - [arm64] PCI: aardvark: Don't touch PCIe registers if no card connected - [arm64] PCI: aardvark: Fix compilation on s390 - [arm64] PCI: aardvark: Move PCIe reset card code to advk_pcie_train_link() - [arm64] PCI: aardvark: Update comment about disabling link training - [arm64] PCI: aardvark: Configure PCIe resources from 'ranges' DT property - [arm64] PCI: aardvark: Fix PCIe Max Payload Size setting - [arm64] PCI: aardvark: Fix link training - [arm64] PCI: aardvark: Fix checking for link up via LTSSM state - [arm64] pinctrl: armada-37xx: Correct mpp definitions - [arm64] pinctrl: armada-37xx: add missing pin: PCIe1 Wakeup - [arm64] pinctrl: armada-37xx: Correct PWM pins definitions - [arm64] dts: marvell: armada-37xx: Set pcie_reset_pin to gpio function - netfilter: ipvs: Fix reuse connection if RS weight is 0 - [x86] ASoC: topology: Add missing rwsem around snd_ctl_remove() calls - net: ieee802154: handle iftypes as u32 - NFSv42: Don't fail clone() unless the OP_CLONE operation failed - [armhf] socfpga: Fix crash with CONFIG_FORTIRY_SOURCE - scsi: mpt3sas: Fix kernel panic during drive powercycle test - [arm*] drm/vc4: fix error code in vc4_create_object() - ipv6: fix typos in __ip6_finish_output() - net/smc: Ensure the active closing peer first closes clcsock - PM: hibernate: use correct mode for swsusp_close() - tcp_cubic: fix spurious Hystart ACK train detections for not-cwnd-limited flows - net/smc: Don't call clcsock shutdown twice when smc shutdown - [arm64] net: hns3: fix VF RSS failed problem after PF enable multi-TCs - vhost/vsock: fix incorrect used length reported to the guest - tracing: Check pid filtering when creating events - [s390x] mm: validate VMA in PGSTE manipulation functions - hugetlbfs: flush TLBs correctly after huge_pmd_unshare (CVE-2021-4002) - NFC: add NCI_UNREG flag to eliminate the race - fuse: release pipe buf after last use - xen: sync include/xen/interface/io/ring.h with Xen's newest version - xen/blkfront: read response from backend only once - xen/blkfront: don't take local copy of a request from the ring page - xen/blkfront: don't trust the backend response data blindly - xen/netfront: read response from backend only once - xen/netfront: don't read data from request on the ring page - xen/netfront: disentangle tx_skb_freelist - xen/netfront: don't trust the backend response data blindly - tty: hvc: replace BUG_ON() with negative return value https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.220 - shm: extend forced shm destroy to support objects from several IPC nses - NFSv42: Fix pagecache invalidation after COPY/CLONE - gfs2: Fix length of holes reported at end-of-file - [amd64] atlantic: Fix OOB read and write in hw_atl_utils_fw_rpc_wait (CVE-2021-43975) - net: return correct error code - [x86] platform/x86: thinkpad_acpi: Fix WWAN device disabled issue after S3 deep - [s390x] setup: avoid using memblock_enforce_memory_limit - btrfs: check-integrity: fix a warning on write caching disabled disk - thermal: core: Reset previous low and high trip during thermal zone init - scsi: iscsi: Unblock session then wake up error handler - ata: ahci: Add Green Sardine vendor ID as board_ahci_mobile - [arm64] ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port() - vrf: Reset IPCB/IP6CB when processing outbound pkts in vrf dev xmit - kprobes: Limit max data_size of the kretprobe instances - ipmi: Move remove_work to dedicated workqueue - fs: add fget_many() and fput_many() - fget: check that the fd still exists after getting a ref to it (CVE-2021-4083) - net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings() - net: mpls: Fix notifications when deleting a device - siphash: use _unaligned version by default - net/mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources() - rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer() - net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of "0" if no IRQ is available - net: annotate data-races on txq->xmit_lock_owner - net/rds: correct socket tunable error in rds_tcp_tune() - net/smc: Keep smc_close_final rc during active close - [arm64] drm/msm: Do hw_init() before capturing GPU state - vgacon: Propagate console boot parameters before calling `vc_resize' - xhci: Fix commad ring abort, write all 64 bits to CRCR register. - USB: NO_LPM quirk Lenovo Powered USB-C Travel Hub - [x86] usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect - [amd64] mm: Map all kernel memory into trampoline_pgd - [arm64] tty: serial: msm_serial: Deactivate RX DMA for polling support - [arm64] serial: pl011: Add ACPI SBSA UART match id - serial: core: fix transmit-buffer reset and memleak - ipmi: msghandler: Make symbol 'remove_work_wq' static https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.221 - HID: add hid_is_usb() function to make it simpler for USB detection - HID: wacom: fix problems when device is not a valid USB device - HID: check for valid USB device for many HID drivers - can: kvaser_usb: get CAN clock frequency from device - [x86] can: sja1000: fix use after free in ems_pcmcia_add_card() - net: core: netlink: add helper refcount dec and lock function - net: sched: rename qdisc_destroy() to qdisc_put() - net: sched: extend Qdisc with rcu - net: sched: add helper function to take reference to Qdisc - net: sched: use Qdisc rcu API instead of relying on rtnl lock - nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done - bpf: Fix the off-by-two error in range markings - ice: ignore dropped packets during init - bonding: make tx_rebalance_counter an atomic - nfp: Fix memory leak in nfp_cpp_area_cache_add() - seg6: fix the iif in the IPv6 socket control block - udp: using datalen to cap max gso segments - [amd64] IB/hfi1: Correct guard on eager buffer deallocation - mm: bdi: initialize bdi_min_ratio when bdi is unregistered - ALSA: ctl: Fix copy of updated id with element read/write - ALSA: pcm: oss: Fix negative period/buffer sizes - ALSA: pcm: oss: Limit the period size to 16MB - ALSA: pcm: oss: Handle missing errors in snd_pcm_oss_change_params*() - tracefs: Have new files inherit the ownership of their parent - [arm64] clk: qcom: regmap-mux: fix parent clock lookup - [i386] can: pch_can: pch_can_rx_normal: fix use after free - libata: add horkage for ASMedia 1092 - wait: add wake_up_pollfree() - binder: use wake_up_pollfree() - signalfd: use wake_up_pollfree() - aio: keep poll requests on waitqueue until completed - aio: fix use-after-free due to missing POLLFREE handling - tracefs: Set all files to the same group ownership as the mount option - block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2) - qede: validate non LSO skb length - i40e: Fix pre-set max number of queues for VF - net: cdc_ncm: Allow for dwNtbOutMaxSize to be unset or zero - [armhf] net: fec: only clear interrupt of handling queue in fec_enet_rx_queue() - net, neigh: clear whole pneigh_entry at alloc time - net/qla3xxx: fix an error code in ql_adapter_up() - USB: gadget: detect too-big endpoint 0 requests (CVE-2021-39685) - USB: gadget: zero allocate endpoint 0 buffers (CVE-2021-39685) - usb: core: config: fix validation of wMaxPacketValue entries - xhci: Remove CONFIG_USB_DEFAULT_PERSIST to prevent xHCI from runtime suspending - usb: core: config: using bit mask instead of individual bits - xhci: avoid race between disable slot command and host runtime suspend - iio: trigger: Fix reference counting - [armhf] iio: mma8452: Fix trigger reference couting - [arm64,armhf] iio: adc: axp20x_adc: fix charging current reporting on AXP22x - [x86] iio: accel: kxcjk-1013: Fix possible memory leak in probe and remove - [armhf] irqchip/armada-370-xp: Fix return value of armada_370_xp_msi_alloc() - [armhf] irqchip/armada-370-xp: Fix support for Multi-MSI interrupts - [arm64,armhf] irqchip/irq-gic-v3-its.c: Force synchronisation when issuing INVALL - net_sched: fix a crash in tc_new_tfilter() - net: sched: make function qdisc_free_cb() static https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.222 - stable: clamp SUBLEVEL in 4.19 - nfc: fix segfault in nfc_genl_dump_devices_done - [arm64] drm/msm/dsi: set default num_data_lanes - net/mlx4_en: Update reported link modes for 1/10G - [arm64,armhf] i2c: rk3x: Handle a spurious start completion interrupt flag - net: netlink: af_netlink: Prevent empty skb by adding a check on len. - tracing: Fix a kmemleak false positive in tracing_map - [x86] hwmon: (dell-smm) Fix warning on /proc/i8k creation error - mac80211: send ADDBA requests using the tid/queue of the aggregation session - dm btree remove: fix use after free in rebalance_children() - audit: improve robustness of the audit queue handling - nfsd: fix use-after-free due to delegation race (Closes: #988044) - [x86] sme: Explicitly map new EFI memmap table as encrypted - mac80211: track only QoS data frames for admission control - [armhf] socfpga: dts: fix qspi node compatible - sch_cake: do not call cake_destroy() from cake_init() - rds: memory leak in __rds_conn_create() (CVE-2021-45480) - [arm64,armhf] soc/tegra: fuse: Fix bitwise vs. logical OR warning - igb: Fix removal of unicast MAC filters of VFs - igbvf: fix double free in `igbvf_probe` - ixgbe: set X550 MDIO speed before talking to PHY - netdevsim: Zero-initialize memory for new map's value in function nsim_bpf_map_alloc (CVE-2021-4135) - net/packet: rx_owner_map depends on pg_vec (CVE-2021-22600) - sit: do not call ipip6_dev_free() from sit_init_net() - USB: gadget: bRequestType is a bitfield, not a enum - USB: NO_LPM quirk Lenovo USB-C to Ethernet Adapher(RTL8153-04) - PCI/MSI: Clear PCI_MSIX_FLAGS_MASKALL on error - PCI/MSI: Mask MSI-X vectors only on success - USB: serial: cp210x: fix CP2105 GPIO registration - USB: serial: option: add Telit FN990 compositions - timekeeping: Really make sure wall_to_monotonic isn't positive - libata: if T_LENGTH is zero, dma direction should be DMA_NONE - drm/amdgpu: correct register access for RLC_JUMP_TABLE_RESTORE - mac80211: validate extended element ID is present - [armel] 8805/2: remove unneeded naked function usage - mwifiex: Remove unnecessary braces from HostCmd_SET_SEQ_NO_BSS_INFO - Input: touchscreen - avoid bitwise vs logical OR warning - media: mxl111sf: change mutex_init() location - fuse: annotate lock in fuse_reverse_inval_entry() - ovl: fix warning in ovl_create_real() - scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select() - xen/blkfront: harden blkfront against event channel storms (CVE-2021-28711) - xen/netfront: harden netfront against event channel storms (CVE-2021-28712) - xen/console: harden hvc_xen against event channel storms (CVE-2021-28713) - xen/netback: fix rx queue stall detection (CVE-2021-28714) - xen/netback: don't queue unlimited number of packages (CVE-2021-28715) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.223 - net: usb: lan78xx: add Allied Telesis AT29M2-AF - block, bfq: improve asymmetric scenarios detection - block, bfq: fix asymmetric scenarios detection - block, bfq: fix decrement of num_active_groups - block, bfq: fix queue removal from weights tree - block, bfq: fix use after free in bfq_bfqq_expire - HID: holtek: fix mouse probing - [arm64] dts: allwinner: orangepi-zero-plus: fix PHY mode - [arm64] spi: change clk_disable_unprepare to clk_unprepare - IB/qib: Fix memory leak in qib_user_sdma_queue_pkts() - netfilter: fix regression in looped (broad|multi)cast's MAC handling - qlcnic: potential dereference null pointer of rx_queue->page_ring - net: accept UFOv6 packages in virtio_net_hdr_to_skb - net: skip virtio_net_hdr_set_proto if protocol already set - ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module - bonding: fix ad_actor_system option setting to default - [amd64] fjes: Check for error irq - [armhf] drivers: net: smc911x: Check for error irq - sfc: falcon: Check null pointer of rx_queue->page_ring - hwmon: (lm90) Fix usage of CONFIG2 register in detect function - ALSA: jack: Check the return value of kstrdup() - ALSA: drivers: opl3: Fix incorrect use of vp->state - Input: atmel_mxt_ts - fix double free in mxt_read_info_block - ipmi: bail out if init_srcu_struct fails - ipmi: fix initialization when workqueue allocation fails - [x86] pkey: Fix undefined behaviour with PKRU_WD_BIT - [armel,armhf] 9169/1: entry: fix Thumb2 bug in iWMMXt exception handling - f2fs: fix to do sanity check on last xattr entry in __f2fs_setxattr() (CVE-2021-45469) - usb: gadget: u_ether: fix race in setting MAC address in setup phase - [x86] KVM: VMX: Fix stale docs for kvm-intel.emulate_invalid_guest_state - hwmon: (lm90) Do not report 'busy' status bit as alarm - ax25: NPD bug when detaching AX25 device - hamradio: defer ax25 kfree after unregister_netdev - hamradio: improve the incomplete fix to avoid NPD - phonet/pep: refuse to enable an unbound pipe https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.224 - [arm64] tee: handle lookup of shm with reference count 0 (CVE-2021-44733) - Input: i8042 - add deferred probe support - [x86] Input: i8042 - enable deferred probe quirk for ASUS UM325UA - [x86] platform/x86: apple-gmux: use resource_size() with res - selinux: initialize proto variable in selinux_ip_postroute_compat() - scsi: lpfc: Terminate string in lpfc_debugfs_nvmeio_trc_write() - udp: using datalen to cap ipv6 udp max gso segments - sctp: use call_rcu to free endpoint - net: usb: pegasus: Do not drop long Ethernet frames - net/mlx5e: Fix wrong features assignment in case of error - i2c: validate user data in compat ioctl - nfc: uapi: use kernel size_t to fix user-space builds - uapi: fix linux/nfc.h userspace compilation errors - xhci: Fresco FL1100 controller should not have BROKEN_MSI quirk set. - usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear. - [arm*] binder: fix async_free_space accounting for empty parcels - [x86] scsi: vmw_pvscsi: Set residual data length conditionally - Input: appletouch - initialize work before device registration - Input: spaceball - fix parsing of movement data packets - net: fix use-after-free in tw_timer_handler https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.225 - tracing: Fix check for trace_percpu_buffer validity in get_trace_buf() - tracing: Tag trace_percpu_buffer as a percpu pointer - ieee802154: atusb: fix uninit value in atusb_set_extended_addr - RDMA/core: Don't infoleak GRH fields - mac80211: initialize variable have_higher_than_11mbit - i40e: fix use-after-free in i40e_sync_filters_subtask() - i40e: Fix incorrect netdev's real number of RX/TX queues - ipv6: Check attribute length for RTA_GATEWAY in multipath route - ipv6: Check attribute length for RTA_GATEWAY when deleting multipath route - sch_qfq: prevent shift-out-of-bounds in qfq_init_qdisc - xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate (CVE-2021-4155) - rndis_host: support Hytera digital radios - phonet: refcount leak in pep_sock_accep (CVE-2021-45095) - ipv6: Continue processing multipath route even if gateway attribute is invalid - ipv6: Do cleanup if attribute validation fails in multipath route - scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown() - ip6_vti: initialize __ip6_tnl_parm struct in vti6_siocdevprivate - net: udp: fix alignment problem in udp4_seq_show() - mISDN: change function names to avoid conflicts https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.226 - Bluetooth: bfusb: fix division by zero in send path - USB: core: Fix bug in resuming hub's handling of wakeup requests - USB: Fix "slab-out-of-bounds Write" bug in usb_hcd_poll_rh_status - can: bcm: switch timer to HRTIMER_MODE_SOFT and remove hrtimer_tasklet - veth: Do not record rx queue hint in veth_xmit - [x86] mfd: intel-lpss: Fix too early PM enablement in the ACPI ->probe() - can: gs_usb: fix use of uninitialized variable, detach device on reception of invalid USB data - can: gs_usb: gs_can_start_xmit(): zero-initialize hf->{flags,reserved} - random: fix data race on crng_node_pool - random: fix data race on crng init time - [x86] drm/i915: Avoid bitwise vs logical OR warning in snb_wm_latency_quirk() - kbuild: Add $(KBUILD_HOSTLDFLAGS) to 'has_libelf' test - orangefs: Fix the size of a memory allocation in orangefs_bufmap_alloc() - [s390x] KVM: s390: Clarify SIGP orders versus STOP/RESTART - media: uvcvideo: fix division by zero at stream start - rtlwifi: rtl8192cu: Fix WARNING when calling local_irq_restore() with interrupts enabled - firmware: qemu_fw_cfg: fix sysfs information leak - firmware: qemu_fw_cfg: fix NULL-pointer deref on duplicate entries - firmware: qemu_fw_cfg: fix kobject leak in probe error path - ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Master after reboot from Windows - HID: uhid: Fix worker destroying device without any protection - HID: wacom: Reset expected and received contact counts at the same time - HID: wacom: Ignore the confidence flag when a touch is removed - HID: wacom: Avoid using stale array indicies to read contact count - f2fs: fix to do sanity check in is_alive() - nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind() - [armhf] mtd: rawnand: gpmi: Remove explicit default gpmi clock setting for i.MX6 - [x86] gpu: Reserve stolen memory for first integrated Intel GPU - rtc: cmos: take rtc_lock while reading from CMOS - media: flexcop-usb: fix control-message timeouts - media: mceusb: fix control-message timeouts - media: em28xx: fix control-message timeouts - media: cpia2: fix control-message timeouts - media: s2255: fix control-message timeouts - media: dib0700: fix undefined behavior in tuner shutdown - media: redrat3: fix control-message timeouts - media: pvrusb2: fix control-message timeouts - media: stk1160: fix control-message timeouts - [x86] can: softing_cs: softingcs_probe(): fix memleak on registration failure - PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller - shmem: fix a race between shmem_unused_huge_shrink and shmem_evict_inode - Bluetooth: cmtp: fix possible panic when cmtp_init_sockets() fails - [arm*] clk: bcm-2835: Pick the closest clock rate - [arm*] clk: bcm-2835: Remove rounding up the dividers - [arm64] wcn36xx: Indicate beacon not connection loss on MISSED_BEACON_IND - [arm64] wcn36xx: Release DMA channel descriptor allocations - media: videobuf2: Fix the size printk format - media: em28xx: fix memory leak in em28xx_init_dev - Bluetooth: stop proccessing malicious adv data - [arm64] tee: fix put order in teedev_close_context() - media: dmxdev: fix UAF when dvb_register_device() fails - [arm64] crypto: qce - fix uaf on qce_ahash_register_one - netfilter: bridge: add support for pppoe filtering - drm/amdgpu: Fix a NULL pointer dereference in amdgpu_connector_lcd_native_mode() - drm/radeon/radeon_kms: Fix a NULL pointer dereference in radeon_driver_open_kms() - [arm*] serial: amba-pl011: do not request memory region twice - floppy: Fix hang in watchdog when disk is ejected - media: dib8000: Fix a memleak in dib8000_init() - media: saa7146: mxb: Fix a NULL pointer dereference in mxb_attach() - media: si2157: Fix "warm" tuner state detection - sched/rt: Try to restart rt period timer when rt runtime exceeded - xfrm: fix a small bug in xfrm_sa_len() - media: dw2102: Fix use after free - media: msi001: fix possible null-ptr-deref in msi001_probe() - [arm64] drm/msm/dpu: fix safe status debugfs file - xfrm: interface with if_id 0 should return error - xfrm: state and policy should fail if XFRMA_IF_ID 0 - usb: ftdi-elan: fix memory leak on device disconnect - [armhf] mmc: meson-mx-sdio: add IRQ check - [x86] mce/inject: Avoid out-of-bounds write when setting flags - [x86] pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in __nonstatic_find_io_region() - [x86] pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in nonstatic_find_mem_region() - netfilter: ipt_CLUSTERIP: fix refcount leak in clusterip_tg_check() - ppp: ensure minimum packet size in ppp_write() - Bluetooth: hci_bcm: Check for error irq - [arm64,armhf] spi: spi-meson-spifc: Add missing pm_runtime_disable() in meson_spifc_probe - tpm: add request_locality before write TPM_INT_ENABLE - can: softing: softing_startstop(): fix set but not used variable warning - pcmcia: fix setting of kthread task states - net: mcs7830: handle usb read errors properly - ext4: avoid trim error on fs with small groups - ALSA: jack: Add missing rwsem around snd_ctl_remove() calls - ALSA: PCM: Add missing rwsem around snd_ctl_remove() calls - ALSA: hda: Add missing rwsem around snd_ctl_remove() calls - [arm64] RDMA/hns: Validate the pkey index - [powerpc*] prom_init: Fix improper check of prom_getprop() - ALSA: oss: fix compile error when OSS_DEBUG is enabled - [arm64,armhf] iommu/io-pgtable-arm: Fix table descriptor paddr formatting - scsi: ufs: Fix race conditions related to driver data - RDMA/core: Let ib_find_gid() continue search even after empty entry - [x86] ASoC: rt5663: Handle device_property_read_u32_array error codes - [arm*] iommu/iova: Fix race between FQ timeout and teardown - RDMA/cxgb4: Set queue pair state when being queried - Bluetooth: Fix debugfs entry leak in hci_register_dev() - fs: dlm: filter user dlm messages for kernel locks - ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START reply - drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR - usb: gadget: f_fs: Use stream_open() for endpoint files - HID: apple: Do not reset quirks when the Fn key is not found - media: b2c2: Add missing check in flexcop_pci_isr: - gpiolib: acpi: Do not set the IRQ type if the IRQ is already in use - [armhf] HSI: core: Fix return freed object in hsi_new_client - [x86] mwifiex: Fix skb_over_panic in mwifiex_usb_recv() (CVE-2021-43976) - rsi: Fix out-of-bounds read in rsi_read_pkt() - floppy: Add max size check for user space request - media: saa7146: hexium_orion: Fix a NULL pointer dereference in hexium_attach() - media: m920x: don't use stack on USB reads - iwlwifi: mvm: synchronize with FW after multicast commands - ath10k: Fix tx hanging - net-sysfs: update the queue counts in the unregistration path - [x86] mce: Mark mce_panic() noinstr - [x86] mce: Mark mce_end() noinstr - [x86] mce: Mark mce_read_aux() noinstr - net: bonding: debug: avoid printing debug logs when bond is not notifying peers - bpf: Do not WARN in bpf_warn_invalid_xdp_action() - HID: quirks: Allow inverting the absolute X/Y values - media: igorplugusb: receiver overflow should be reported - media: saa7146: hexium_gemini: Fix a NULL pointer dereference in hexium_attach() - mmc: core: Fixup storing of OCR for MMC_QUIRK_NONSTD_SDIO - audit: ensure userspace is penalized the same as the kernel when under pressure - usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0 - ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream - iwlwifi: fix leaks/bad data after failed firmware load - iwlwifi: remove module loading failure message - iwlwifi: mvm: Fix calculation of frame length - jffs2: GC deadlock reading a page that is used in jffs2_write_begin() - ACPICA: actypes.h: Expand the ACPI_ACCESS_ definitions - ACPICA: Utilities: Avoid deleting the same object twice in a row - ACPICA: Executer: Fix the REFCLASS_REFOF case in acpi_ex_opcode_1A_0T_1R() - ACPICA: Hardware: Do not flush CPU cache when entering S4 and S5 - drm/amdgpu: fixup bad vram size on gmc v8 - [x86] ACPI: battery: Add the ThinkPad "Not Charging" quirk - btrfs: remove BUG_ON() in find_parent_nodes() - btrfs: remove BUG_ON(!eie) in find_parent_nodes - net: mdio: Demote probed message to debug print - mac80211: allow non-standard VHT MCS-10/11 - dm btree: add a defensive bounds check to insert_at() - dm space map common: add bounds check to sm_ll_lookup_bitmap() - net: phy: marvell: configure RGMII delays for 88E1118 - [arm64] regulator: qcom_smd: Align probe function with rpmh-regulator - [arm64,armhf] serial: pl010: Drop CR register reset on set_termios - serial: core: Keep mctrl register state and cached copy in sync - [powerpc*] powernv: add missing of_node_put - [powerpc*] btext: add missing of_node_put - [powerpc*] watchdog: Fix missed watchdog reset due to memory ordering race - [x86] i2c: i801: Don't silently correct invalid transfer size - [powerpc*] smp: Move setup_profiling_timer() under CONFIG_PROFILING - [powerpc*] i2c: mpc: Correct I2C reset procedure - w1: Misuse of get_user()/put_user() reported by sparse - ALSA: seq: Set upper limit of processed events - [powerpc*] handle kdump appropriately with crash_kexec_post_notifiers option - [mips*] OCTEON: add put_device() after of_find_device_by_node() - [x86] i2c: designware-pci: Fix to change data types of hcnt and lcnt parameters - scsi: sr: Don't use GFP_DMA - [arm64] rpmsg: core: Clean up resources on announce_create failure. - ubifs: Error path in ubifs_remount_rw() seems to wrongly free write buffers - serial: Fix incorrect rs485 polarity on uart open - cputime, cpuacct: Include guest time in user time in cpuacct.stat - iwlwifi: mvm: Increase the scan timeout guard to 30 seconds - [s390x] mm: fix 2KB pgtable release race - [armhf] drm/etnaviv: limit submit sizes - ext4: make sure to reset inode lockdep class when quota enabling fails - ext4: make sure quota gets properly shutdown on error - ext4: set csum seed in tmp inode while migrating to extents - ext4: Fix BUG_ON in ext4_bread when write quota data - ext4: don't use the orphan list when migrating an inode - ASoC: dpcm: prevent snd_soc_dpcm use after free - regulator: core: Let boot-on regulators be powered off - drm/radeon: fix error handling in radeon_driver_open_kms - [arm64] RDMA/hns: Modify the mapping attribute of doorbell to device - RDMA/rxe: Fix a typo in opcode name - af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress - netns: add schedule point in ops_exit_list() - libcxgb: Don't accidentally set RTO_ONLINK in cxgb_find_route() - net_sched: restore "mpu xxx" handling - [mips*,s390x] gup: Work around the "COW can break either way" issue (CVE-2020-29374) - fuse: fix bad inode (CVE-2020-36322) - fuse: fix live lock in fuse_iget() (CVE-2021-28950) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.227 - [x86] drm/i915: Flush TLBs before releasing backing store (CVE-2022-0330) - net: bridge: clear bridge's private skb space on xmit - select: Fix indefinitely sleeping task in poll_schedule_timeout() - [x86] drm/vmwgfx: Fix stale file descriptors on failed usercopy (CVE-2022-22942) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.228 - Bluetooth: refactor malicious adv data check - [s390x] hypfs: include z/VM guests with access control group set - [s390x] scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices - udf: Restore i_lenAlloc when inode expansion fails (CVE-2022-0617) - udf: Fix NULL ptr deref when converting from inline format (CVE-2022-0617) - [armhf] drm/etnaviv: relax submit size limits - netfilter: nft_payload: do not update layer 4 checksum when mangling fragments - serial: 8250: of: Fix mapped region size when using reg-offset property - tty: n_gsm: fix SW flow control encoding/handling - tty: Add support for Brainboxes UC cards. - usb-storage: Add unusual-devs entry for VL817 USB-SATA bridge - [arm64,armhf] usb: common: ulpi: Fix crash in ulpi_match() - usb: gadget: f_sourcesink: Fix isoc transfer for USB_SPEED_SUPER_PLUS - USB: core: Fix hang in usb_kill_urb by adding memory barriers - [x86] usb: typec: tcpm: Do not disconnect while receiving VBUS off - [arm64,armhf] net: sfp: ignore disabled SFP node - i40e: Increase delay to 1 s after global EMP reset - i40e: Fix issue when maximum queues is exceeded - i40e: Fix queues reservation for XDP - i40e: fix unsigned stat widths - scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put() - ipv6_tunnel: Rate limit warning messages - net: fix information leakage in /proc/net/ptype - ping: fix the sk_bound_dev_if match in ping_lookup - ipv4: avoid using shared IP generator for connected sockets - hwmon: (lm90) Reduce maximum conversion rate for G781 - NFSv4: Handle case where the lookup of a directory fails (CVE-2022-24448) - NFSv4: nfs_atomic_open() can race when looking up a non-regular file - net-procfs: show net devices bound packet types - [arm64] drm/msm: Fix wrong size calculation - [arm64] drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable - ipv6: annotate accesses to fn->fn_sernum - NFS: Ensure the server has an up to date ctime before hardlinking - NFS: Ensure the server has an up to date ctime before renaming - phylib: fix potential use-after-free - yam: fix a memory leak in yam_siocdevprivate() (CVE-2022-24959) - ipv4: raw: lock the socket in raw_bind() - ipv4: tcp: send zero IPID in SYNACK messages - netfilter: nat: remove l4 protocol port rovers - netfilter: nat: limit port clash resolution attempts - tcp: fix possible socket leaks in internal pacing mode - ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback - [amd64,arm64] net: amd-xgbe: ensure to reset the tx_timer_active flag - [amd64,arm64] net: amd-xgbe: Fix skb data length underflow - rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink() - af_packet: fix data-race in packet_setsockopt / packet_setsockopt - audit: improve audit queue handling when "audit=1" on cmdline - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw() - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx() - ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx() - ALSA: hda/realtek: Add missing fixup-model entry for Gigabyte X570 ALC1220 quirks - ALSA: hda/realtek: Fix silent output on Gigabyte X570S Aorus Master (newer chipset) - ALSA: hda/realtek: Fix silent output on Gigabyte X570 Aorus Xtreme after reboot from Windows - drm/nouveau: fix off by one in BIOS boundary checking - block: bio-integrity: Advance seed correctly for larger interval sizes - RDMA/mlx4: Don't continue event handler after memory allocation failure - [amd64] iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping() - [amd64] iommu/amd: Fix loop timeout issue in iommu_ga_log_enable() - [armhf] spi: meson-spicc: add IRQ check in meson_spicc_probe - net: ieee802154: hwsim: Ensure proper channel selection at probe time - net: ieee802154: Return meaningful error codes from the netlink helpers - net: macsec: Verify that send_sci is on when setting Tx sci explicitly - [arm64,armhf] net: stmmac: ensure PTP time register reads are consistent - [x86] drm/i915/overlay: Prevent divide by zero bugs in scaling - scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe - nfsd: nfsd4_setclientid_confirm mistakenly expires confirmed client. - rtc: cmos: Evaluate century appropriate - [arm64] EDAC/xgene: Fix deferred probing - ext4: fix error handling in ext4_restore_inline_data() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.229 - cgroup-v1: Require capabilities to set release_agent (CVE-2022-0492) - moxart: fix potential use-after-free on remove path (CVE-2022-0487) - tipc: improve size validations for received domain records (CVE-2022-0435) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.230 - integrity: check the return value of audit_log_start() - net: phy: marvell: Fix MDI-x polarity setting in 88e1118-compatible PHYs - NFS: Fix initialisation of nfs_client cl_flags field - NFSD: Clamp WRITE offsets - NFSD: Fix offset type in I/O trace points - NFSv4 only print the label when its queried - nfs: nfs4clinet: check the return value of kstrdup() - NFSv4.1: Fix uninitialised variable in devicenotify - NFSv4 remove zero number of fs_locations entries error check - NFSv4 expose nfs_parse_server_name function - net: sched: Clarify error message when qdisc kind is unknown - scsi: target: iscsi: Make sure the np under each tpg is unique - [arm*] usb: dwc2: gadget: don't try to disable ep0 in dwc2_hsotg_suspend - [arm64,armhf] net: stmmac: dwmac-sun8i: use return val of readl_poll_timeout() - bpf: Add kconfig knob for disabling unpriv bpf by default - net: bridge: fix stale eth hdr pointer in br_dev_xmit - usb: f_fs: Fix use-after-free for epfile - ixgbevf: Require large buffers for build_skb on 82599VF - bonding: pair enable_port with slave_arr_updates - ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table() on failure path - net: do not keep the dst cache when uncloning an skb dst and its metadata - net: fix a memleak when uncloning an skb dst and its metadata - veth: fix races around rq->rx_notify_masked - tipc: rate limit warning for received illegal binding update - [amd64,arm64] net: amd-xgbe: disable interrupts during pci removal - vt_ioctl: fix array_index_nospec in vt_setactivate - vt_ioctl: add array_index_nospec to VT_ACTIVATE - n_tty: wake up poll(POLLRDNORM) on receiving data - [arm64,armhf] usb: ulpi: Move of_node_put to ulpi_dev_release - [arm64,armhf] usb: ulpi: Call of_node_put correctly - [arm64,armhf] usb: dwc3: gadget: Prevent core from processing stale TRBs - USB: gadget: validate interface OS descriptor requests (CVE-2022-25258) - usb: gadget: rndis: check size of RNDIS_MSG_SET command (CVE-2022-25375) - USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320 - USB: serial: option: add ZTE MF286D modem - USB: serial: ch341: add support for GW Instek USB2.0-Serial devices - USB: serial: cp210x: add NCR Retail IO box id - USB: serial: cp210x: add CPI Bulk Coin Recycler id - seccomp: Invalidate seccomp mode to catch death failures - [x86] hwmon: (dell-smm) Speed up setting of fan speed - perf: Fix list corruption in perf_cgroup_switch() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.231 - Makefile.extrawarn: Move -Wunaligned-access to W=1 - net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup - btrfs: send: in case of IO error log it - net: ieee802154: at86rf230: Stop leaking skb's - ax25: improve the incomplete fix to avoid UAF and NPD bugs - vfs: make freeze_super abort when sync_filesystem returns error - quota: make dquot_quota_sync return errors from ->sync_fs - nvme: fix a possible use-after-free in controller reset during load - nvme-rdma: fix possible use-after-free in transport error_recovery work - Revert "module, async: async_synchronize_full() on module init iff async is used" - iwlwifi: fix use-after-free - drm/radeon: Fix backlight control on iMac 12,1 - xfrm: Don't accidentally set RTO_ONLINK in decode_session4() - taskstats: Cleanup the use of task->exit_code - mmc: block: fix read single on recovery logic - vsock: remove vsock from connected table when connect is interrupted by a signal - iwlwifi: pcie: fix locking when "HW not ready" - iwlwifi: pcie: gen2: fix locking when "HW not ready" - ping: fix the dif and sdif check in ping_lookup - drop_monitor: fix data-race in dropmon_net_event / trace_napi_poll_hit - bonding: fix data-races around agg_select_timer - libsubcmd: Fix use-after-free for realloc(..., 0) - ALSA: hda: Fix regression on forced probe mask option - ALSA: hda: Fix missing codec probe on Shenker Dock 15 - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw() - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_range() - [powerpc*] lib/sstep: fix 'ptesync' build error - ext4: check for out-of-order index extents in ext4_valid_extent_entries() - block/wbt: fix negative inflight counter when remove scsi device - NFS: LOOKUP_DIRECTORY is also ok with symlinks - NFS: Do not report writeback errors in nfs_getattr() - EDAC: Fix calculation of returned address and next offset in edac_align_ptr() - net: sched: limit TC_ACT_REPEAT loops - lib/iov_iter: initialize "flags" in new pipe_buffer - [x86] Drivers: hv: vmbus: Expose monitor data only when monitor pages are used - [x86] Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj - [x86] KVM: x86/pmu: Use AMD64_RAW_EVENT_MASK for PERF_TYPE_RAW - [armhf] OMAP2+: hwmod: Add of_node_put() before break - netfilter: conntrack: don't refresh sctp entries in closed state - kconfig: let 'shell' return enough output for deep path names - ata: libata-core: Disable TRIM on M88V29 - tracing: Fix tp_printk option related with tp_printk_stop_on_boot - net: usb: qmi_wwan: Add support for Dell DW5829e - [arm64] net: macb: Align the dma and coherent dma masks https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.232 - cgroup/cpuset: Fix a race between cpuset_attach() and cpu hotplug - vhost/vsock: don't check owner in vhost_vsock_stop() while releasing - sr9700: sanity check for packet length - USB: zaurus: support another broken Zaurus - ping: remove pr_err from ping_lookup - net: __pskb_pull_tail() & pskb_carve_frag_list() drop_monitor friends - tipc: Fix end of loop tests for list_for_each_entry() - gso: do not skip outer ip header in case of ipip and net_failover - openvswitch: Fix setting ipv6 fields causing hw csum failure - drm/edid: Always set RGB444 - net/mlx5e: Fix wrong return value on ioctl EEPROM query failure - configfs: fix a race in configfs_{,un}register_subsystem() - RDMA/ib_srp: Fix a deadlock - tty: n_gsm: fix proper link termination after failed open - Revert "drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR" - memblock: use kfree() to release kmalloced memblock regions - fget: clarify and improve __fget_files() implementation - tracing: Have traceon and traceoff trigger honor the instance - ata: pata_hpt37x: disable primary channel on HPT371 - Revert "USB: serial: ch341: add new Product ID for CH341A" - usb: gadget: rndis: add spinlock for rndis response list - tracefs: Set the group ownership in apply_options() not parse_options() - USB: serial: option: add support for DW5829e - USB: serial: option: add Telit LE910R1 compositions - [arm64] usb: dwc3: pci: Fix Bay Trail phy GPIO mappings - [arm64,armhf] usb: dwc3: gadget: Let the interrupt handler disable bottom halves. - xhci: re-initialize the HC during resume if HCE was set - xhci: Prevent futile URB re-submissions due to incorrect return value. - tty: n_gsm: fix encoding of control signal octet bit DV . [ Salvatore Bonaccorso ] * Bump ABI to 19 * [rt] Update to 4.19.210-rt90 * [rt] Update to 4.19.211-rt91 * [rt] Update to 4.19.212-rt92 * [rt] Update to 4.19.214-rt93 * [rt] Update to 4.19.215-rt94 - fscache: fix initialisation of cookie hash table raw spinlocks * [rt] Update to 4.19.217-rt95 * Refresh "Export symbols needed by Android drivers" * liblockdep: Stop build liblockdep packages * [rt] Update to 4.19.218-rt96 * [rt] Update to 4.19.219-rt97 * [rt] Refresh "net: move xmit_recursion to per-task variable on -RT" * Refresh "Export symbols needed by Android drivers" * [rt] Update to 4.19.225-rt101 * Refresh "Revert "objtool: Fix CONFIG_STACK_VALIDATION=y warning for out-of-tree modules"" * [rt] Update to 4.19.227-rt102 * [rt] Update to 4.19.230-rt103 * init: Enable BPF_UNPRIV_DEFAULT_OFF (Closes: #990411) * Mitigate Spectre v2-type Branch History Buffer attacks (CVE-2022-0001, CVE-2022-0002) - [x86] speculation: Merge one test in spectre_v2_user_select_mitigation() - [x86] bugs: Unconditionally allow spectre_v2=retpoline,amd - [x86] speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE - [x86] speculation: Add eIBRS + Retpoline options - Documentation/hw-vuln: Update spectre doc - [x86] speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting - [x86] speculation: Use generic retpoline by default on AMD - [x86] speculation: Update link to AMD speculation whitepaper - [x86] speculation: Warn about Spectre v2 LFENCE mitigation - [x86] speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT linux-signed-i386 (4.19.235+1) buster; urgency=medium . * Sign kernel from linux 4.19.235-1 . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.233 - mac80211_hwsim: report NOACK frames in tx_status - mac80211_hwsim: initialize ieee80211_tx_info at hw_scan_work - [arm*] i2c: bcm2835: Avoid clock stretching timeouts - [x86] ASoC: rt5682: do not block workqueue if card is unbound - Input: clear BTN_RIGHT/MIDDLE on buttonpads - cifs: fix double free race when mount fails in cifs_get_root() - net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990 - usb: gadget: don't release an existing dev->buf (CVE-2022-24958) - usb: gadget: clear related members when goto fail (CVE-2022-24958) - ata: pata_hpt37x: fix PCI clock detection - [x86] ALSA: intel_hdmi: Fix reference to PCM buffer address - ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min - xfrm: fix MTU regression - netfilter: fix use-after-free in __nf_register_net_hook() - xfrm: fix the if_id check in changelink - xfrm: enforce validity of offload input flags - netfilter: nf_queue: don't assume sk is full socket - netfilter: nf_queue: fix possible use-after-free - batman-adv: Request iflink once in batadv-on-batadv check - batman-adv: Request iflink once in batadv_get_real_netdevice - batman-adv: Don't expect inter-netns unique iflink indices - net: dcb: flush lingering app table entries for unregistered devices - net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error generated by client - net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error cause by server - block: Fix fsync always failed if once failed - PCI: pciehp: Fix infinite loop in IRQ handler upon power fault - xen/netfront: destroy queues before real_num_tx_queues is zeroed - mac80211: fix forwarded mesh frames AC & queue selection - [arm64,armhf] net: stmmac: fix return value of __setup handler - net: arcnet: com20020: Fix null-ptr-deref in com20020pci_probe() - efivars: Respect "block" flag in efivar_entry_set_safe() - can: gs_usb: change active_channels's type from atomic_t to u8 - [armel,armhf] 9182/1: mmu: fix returns from early_param() and __setup() functions - net: chelsio: cxgb3: check the return value of pci_find_capability() - nl80211: Handle nla_memdup failures in handle_nan_filter - Input: elan_i2c - move regulator_[en|dis]able() out of elan_[en|dis]able_power() - Input: elan_i2c - fix regulator enable count imbalance after suspend/resume - HID: add mapping for KEY_ALL_APPLICATIONS - memfd: fix F_SEAL_WRITE after shmem huge page allocated - tracing/histogram: Fix sorting on old "cpu" value - btrfs: add missing run of delayed items after unlink during log replay - net: dcb: disable softirqs in dcbnl_flush_dev() - hamradio: fix macro redefine warning https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.234 - [arm*] Provide a wrapper for SMCCC 1.1 calls - [arm64,armhf] smccc/psci: add arm_smccc_1_1_get_conduit() - [armhf] report Spectre v2 status through sysfs - [armel,armhf] early traps initialisation - [armel,armhf] use LOADADDR() to get load address of sections - [armel,armhf] Spectre-BHB workaround - [armel,armhf] include unprivileged BPF status in Spectre V2 reporting - [armel,armhf] fix build error when BPF_SYSCALL is disabled - [armel,armhf] fix co-processor register typo - [armel,armhf] Do not use NOCROSSREFS directive with ld.lld - [armhf] fix build warning in proc-v7-bugs.c - xen/xenbus: don't let xenbus_grant_ring() remove grants in error case (CVE-2022-23040, XSA-396) - xen/grant-table: add gnttab_try_end_foreign_access() (CVE-2022-23036, CVE-2022-23038, XSA-396) - xen/blkfront: don't use gnttab_query_foreign_access() for mapped status (CVE-2022-23036, XSA-396) - xen/netfront: don't use gnttab_query_foreign_access() for mapped status (CVE-2022-23037, XSA-396) - xen/scsifront: don't use gnttab_query_foreign_access() for mapped status (CVE-2022-23038, XSA-396) - xen/gntalloc: don't use gnttab_query_foreign_access() (CVE-2022-23039, XSA-396) - xen: remove gnttab_query_foreign_access() - xen/9p: use alloc/free_pages_exact() (CVE-2022-23041, XSA-396) - xen/pvcalls: use alloc/free_pages_exact() (CVE-2022-23041, XSA-396) - xen/gnttab: fix gnttab_end_foreign_access() without page specified (CVE-2022-23041, XSA-396) - xen/netfront: react properly to failing gnttab_end_foreign_access_ref() (CVE-2022-23042, XSA-396) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.235 - net: qlogic: check the return value of dma_alloc_coherent() in qed_vf_hw_prepare() - qed: return status of qed_iov_get_link - ax25: Fix NULL pointer dereference in ax25_kill_by_device - net/mlx5: Fix size field in bufferx_reg struct - NFC: port100: fix use-after-free in port100_send_complete - net: phy: DP83822: clear MISR2 register to disable interrupts - sctp: fix kernel-infoleak for SCTP sockets - net-sysfs: add check for netdevice being present to speed_show - Revert "xen-netback: remove 'hotplug-status' once it has served its purpose" - Revert "xen-netback: Check for hotplug-status existence before watching" - tracing: Ensure trace buffer is at least 4096 bytes large - [arm64] net: macb: Fix lost RX packet wakeup race in NAPI receive - virtio: unexport virtio_finalize_features - virtio: acknowledge all features before access - [armel,armhf] fix Thumb2 regression with Spectre BHB - ext4: add check to prevent attempting to resize an fs with sparse_super2 - btrfs: unlock newly allocated extent buffer after error (CVE-2021-4149) . [ Salvatore Bonaccorso ] * [rt] Add new signing key for Daniel Wagner * [rt] Update to 4.19.233-rt105 * Bump ABI to 20 * sctp: fix the processing for INIT chunk (CVE-2021-3772) * sctp: fix the processing for INIT_ACK chunk (CVE-2021-3772) linux-signed-i386 (4.19.232+1) buster-security; urgency=high . * Sign kernel from linux 4.19.232-1 . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.209 - ocfs2: drop acl cache for directories too - [arm*] usb: dwc2: gadget: Fix ISOC transfer complete handling for DDMA - [armhf] usb: musb: tusb6010: uninitialized data in tusb_fifo_write_unaligned() - cifs: fix incorrect check for null pointer in header_assemble - [x86] xen/x86: fix PV trap handling on secondary processors - USB: serial: cp210x: add ID for GW Instek GDM-834x Digital Multimeter - USB: cdc-acm: fix minor-number release - Re-enable UAS for LaCie Rugged USB3-FW with fk quirk - USB: serial: mos7840: remove duplicated 0xac24 device ID - USB: serial: option: add Telit LN920 compositions - USB: serial: option: remove duplicate USB device ID - USB: serial: option: add device id for Foxconn T99W265 - [arm64] serial: mvebu-uart: fix driver's tx_empty callback - net: hso: fix muxed tty registration - bnxt_en: Fix TX timeout when TX ring size is set to the smallest - net/smc: add missing error check in smc_clc_prfx_set() - net/mlx4_en: Don't allow aRFS for encapsulated packets - scsi: iscsi: Adjust iface sysfs attr detection - [x86] tty: synclink_gt, drop unneeded forward declarations - [x86] tty: synclink_gt: rename a conflicting function name - thermal/core: Potential buffer overflow in thermal_build_list_of_policies() - [arm64,armhf] irqchip/gic-v3-its: Fix potential VPE leak on error - md: fix a lock order reversal in md_alloc - blktrace: Fix uaf in blk_trace access after removing by sysfs - [arm64,armhf] net: stmmac: allow CSR clock of 300MHz - xen/balloon: use a kernel thread instead a workqueue - nvme-multipath: fix ANA state updates when a namespace is not present - qnx4: avoid stringop-overread errors - [arm64] Mark __stack_chk_guard as __ro_after_init - net: 6pack: Fix tx timeout and slot time - [arm64] PCI: aardvark: Fix checking for PIO status - tcp: address problems caused by EDT misshaps - tcp: always set retrans_stamp on recovery - tcp: create a helper to model exponential backoff - tcp: adjust rto_base in retransmits_timed_out() - xen/balloon: fix balloon kthread freezing - tty: Fix out-of-bound vmalloc access in imageblit - cpufreq: schedutil: Use kobject release() method to free sugov_tunables - cpufreq: schedutil: Destroy mutex before kobject_put() frees the memory - mac80211: fix use-after-free in CCMP/GCMP RX - [x86] kvmclock: Move this_cpu_pvti into kvmclock.h - ipvs: check that ip_vs_conn_tab_bits is between 8 and 20 - mac80211: Fix ieee80211_amsdu_aggregate frag_tail bug - mac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap - sctp: break out if skb_header_pointer returns NULL in sctp_rcv_ootb - hwmon: (tmp421) Replace S_ with octal values - hwmon: (tmp421) report /PVLD condition as fault - hwmon: (tmp421) fix rounding for negative values - e100: fix length calculation in e100_get_regs_len - e100: fix buffer overrun in e100_get_regs - Revert "block, bfq: honor already-setup queue merges" - scsi: csiostor: Add module softdep on cxgb4 - af_unix: fix races in sk_peer_pid and sk_peer_cred accesses (CVE-2021-4203) - elf: don't use MAP_FIXED_NOREPLACE for elf interpreter mappings - ext4: fix potential infinite loop in ext4_dx_readdir() - net: udp: annotate data race around udp_sk(sk)->corkflag - [armel,armhf] 9077/1: PLT: Move struct plt_entries definition to header - [armel,armhf] 9078/1: Add warn suppress parameter to arm_gen_branch_link() - [armel,armhf] 9079/1: ftrace: Add MODULE_PLTS support - [armel,armhf] 9098/1: ftrace: MODULE_PLT: Fix build problem without DYNAMIC_FTRACE - [x86] crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd() (CVE-2021-3744, CVE-2021-3764) - HID: betop: fix slab-out-of-bounds Write in betop_probe - netfilter: ipset: Fix oversized kvmalloc() calls - HID: usbhid: free raw_report buffers in usbhid_stop - cred: allow get_cred() and put_cred() to be given NULL. https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.210 - net: mdio: introduce a shutdown method to mdio device drivers - xen-netback: correct success/error reporting for the SKB-with-fraglist case - scsi: sd: Free scsi_disk device via put_device() - [arm*] usb: dwc2: check return value after calling platform_get_resource() - scsi: ses: Retry failed Send/Receive Diagnostic commands - libata: Add ATA_HORKAGE_NO_NCQ_ON_ATI for Samsung 860 and 870 SSD. - lib/timerqueue: Rely on rbtree semantics for next timer (CVE-2021-20317) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.211 - USB: cdc-acm: fix racy tty buffer accesses - USB: cdc-acm: fix break reporting - xen/privcmd: fix error handling in mmap-resource processing - ovl: fix missing negative dentry check in ovl_rename() (CVE-2021-20321) - nfsd4: Handle the NFSv4 READDIR 'dircount' hint being zero - xen/balloon: fix cancelled balloon action - [armhf] dts: omap3430-sdp: Fix NAND device node - [mips,mipsel] bpf, mips: Validate conditional branch offsets (CVE-2021-38300) - [armel,armhf] bpf, arm: Fix register clobbering in div/mod implementation - bpf: Fix integer overflow in prealloc_elems_and_freelist() (CVE-2021-41864) - phy: mdio: fix memory leak - net_sched: fix NULL deref in fifo_set_limit() - [i386] ptp_pch: Load module automatically if ID matches - [armhf] imx6: disable the GIC CPU interface before calling stby-poweroff sequence - net: bridge: use nla_total_size_64bit() in br_get_linkxstats_size() - [arm64,armhf] net: sfp: Fix typo in state machine debug string - netlink: annotate data races around nlk->bound - drm/nouveau/debugfs: fix file release memory leak - rtnetlink: fix if_nlmsg_stats_size() under estimation - i40e: fix endless loop under rtnl - i40e: Fix freeing of uninitialized misc IRQ vector - i2c: acpi: fix resource leak in reconfiguration device addition https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.212 - [armhf] net: phy: bcm7xxx: Fixed indirect MMD operations - HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS - netfilter: ip6_tables: zero-initialize fragment offset - mac80211: Drop frames from invalid MAC address in ad-hoc mode - net: prevent user from passing illegal stab size - mac80211: check return value of rhashtable_init - scsi: ses: Fix unsigned comparison with less than zero - scsi: virtio_scsi: Fix spelling mistake "Unsupport" -> "Unsupported" - [x86] perf/x86: Reset destroy callback on event init failure - sched: Always inline is_percpu_thread() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.213 - ALSA: seq: Fix a potential UAF by wrong private_free call order - ALSA: hda/realtek: Complete partial device name to avoid ambiguity - ALSA: hda/realtek: Add quirk for Clevo X170KM-G - ALSA: hda/realtek - ALC236 headset MIC recording issue - [s390x] fix strrchr() implementation - btrfs: deal with errors when replaying dir entry during log replay - btrfs: deal with errors when adding inode reference during log replay - btrfs: check for error when looking up inode during dir entry replay - [x86] mei: me: add Ice Lake-N device id. - xhci: guard accesses to ep_state in xhci_endpoint_reset() - xhci: Fix command ring pointer corruption while aborting a command - xhci: Enable trust tx length quirk for Fresco FL11 USB controller - cb710: avoid NULL pointer subtraction - [arm64,x86] efi/cper: use stack buffer for error record decoding - efi: Change down_interruptible() in virt_efi_reset_system() to down_trylock() - [armhf] usb: musb: dsps: Fix the probe error path - Input: xpad - add support for another USB ID of Nacon GC-100 - USB: serial: qcserial: add EM9191 QDL support - USB: serial: option: add Quectel EC200S-CN module support - USB: serial: option: add Telit LE910Cx composition 0x1204 - USB: serial: option: add prod. id for Quectel EG91 - virtio: write back F_VERSION_1 before validate - nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells - sctp: account stream padding length for reconf chunk (CVE-2022-0322) - ethernet: s2io: fix setting mac address during resume - nfc: fix error handling of nfc_proto_register() - NFC: digital: fix possible memory leak in digital_tg_listen_mdaa() - NFC: digital: fix possible memory leak in digital_in_send_sdd_req() - [i386] pata_legacy: fix a couple uninitialized variable bugs - [arm64] drm/msm: Fix null pointer dereference on pointer edp - [arm64] drm/msm/dsi: Fix an error code in msm_dsi_modeset_init() - [arm64] drm/msm/dsi: fix off by one in dsi_bus_clk_enable error handling - [arm64] acpi/arm64: fix next_platform_timer() section mismatch error - mqprio: Correct stats in mqprio_dump_class_stats(). - qed: Fix missing error code in qed_slowpath_start() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.214 - NFSD: Keep existing listeners on portlist error - netfilter: ipvs: make global sysctl readonly in non-init netns - [arm64] net: hns3: add limit ets dwrr bandwidth cannot be 0 - [arm64] net: hns3: disable sriov before unload hclge layer - can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state notification - can: peak_pci: peak_pci_remove(): fix UAF - ocfs2: fix data corruption after conversion from inline format - ocfs2: mount fails with buffer overflow in strlen - vfs: check fd has read access in kernel_read_file_from_fd() (CVE-2022-0644) - ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset - ALSA: hda/realtek: Add quirk for Clevo PC50HS - ASoC: DAPM: Fix missing kctl change notifications - mm, slub: fix mismatch between reconstructed freelist depth and cnt - nfc: nci: fix the UAF of rf_conn_info object (CVE-2021-3760) - isdn: cpai: check ctr->cnr to avoid array index out of bound (CVE-2021-43389) - btrfs: deal with errors when checking if a dir entry exists during log replay - [arm64,armhf] net: stmmac: add support for dwmac 3.40a - isdn: mISDN: Fix sleeping function called from invalid context - ALSA: hda: avoid write to STATESTS if controller is in reset - scsi: core: Fix shost->cmd_per_lun calculation in scsi_add_host_with_dma() - net: mdiobus: Fix memory leak in __mdiobus_register - tracing: Have all levels of checks prevent recursion https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.215 - [armel,armhf] 9139/1: kprobes: fix arch_init_kprobes() prototype - [powerpc*] bpf: Fix BPF_MOD when imm == 1 - [arm64] Avoid premature usercopy failure - usbnet: sanity check for maxpacket - usbnet: fix error return code in usbnet_probe() - ata: sata_mv: Fix the error handling of mv_chip_id() - nfc: port100: fix using -ERRNO as command type mask - Revert "net: mdiobus: Fix memory leak in __mdiobus_register" - ipv4: use siphash instead of Jenkins in fnhe_hashfun() (CVE-2021-20322) - ipv6: use siphash in rt6_exception_hash() (CVE-2021-20322) - ipv6: make exception cache less predictible (CVE-2021-20322) - mmc: vub300: fix control-message timeouts - mmc: cqhci: clear HALT state after CQE enable - [armhf] mmc: dw_mmc: exynos: fix the finding clock sample value - mmc: sdhci: Map more voltage level to SDHCI_POWER_330 - [armhf] mmc: sdhci-esdhc-imx: clear the buffer_read_ready to reset standard tuning circuit - net: lan78xx: fix division by zero in send path - RDMA/mlx5: Set user priority for DCT - [arm64] dts: allwinner: h5: NanoPI Neo 2: Fix ethernet node - regmap: Fix possible double-free in regcache_rbtree_exit() - net: batman-adv: fix error handling - net: Prevent infinite while loop in skb_tx_hash() - net: ethernet: microchip: lan743x: Fix driver crash when lan743x_pm_resume fails - net: ethernet: microchip: lan743x: Fix dma allocation failure by using dma_set_mask_and_coherent - sctp: use init_tag from inithdr for ABORT chunk (CVE-2021-3772) - sctp: fix the processing for COOKIE_ECHO chunk (CVE-2021-3772) - sctp: add vtag check in sctp_sf_violation (CVE-2021-3772) - sctp: add vtag check in sctp_sf_do_8_5_1_E_sa (CVE-2021-3772) - sctp: add vtag check in sctp_sf_ootb (CVE-2021-3772) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.216 - scsi: core: Put LLD module refcnt after SCSI device is released - media: firewire: firedtv-avc: fix a buffer overflow in avc_ca_pmt() (CVE-2021-42739) - IB/qib: Use struct_size() helper - IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields - sfc: Fix reading non-legacy supported link modes - arch: pgtable: define MAX_POSSIBLE_PHYSMEM_BITS where needed - [armel,armhf] 9120/1: Revert "amba: make use of -1 IRQs warn" https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.217 - [x86] Revert "x86/kvm: fix vcpu-id indexed array sizes" - usb: ehci: handshake CMD_RUN instead of STS_HALT - [arm64,armhf] usb: musb: Balance list entry in musb_gadget_queue - usb-storage: Add compatibility quirk flags for iODD 2531/2541 - printk/console: Allow to disable console output by using console="" or console=null - isofs: Fix out of bound access for corrupted isofs image - [x86] comedi: dt9812: fix DMA buffers on stack - [x86] comedi: ni_usb6501: fix NULL-deref in command paths - [x86] comedi: vmk80xx: fix transfer-buffer overflows - [x86] comedi: vmk80xx: fix bulk-buffer overflow - [x86] comedi: vmk80xx: fix bulk and interrupt message timeouts - staging: r8712u: fix control-message timeout - [x86] staging: rtl8192u: fix control-message timeouts - rsi: fix control-message timeout https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.218 - xhci: Fix USB 3.1 enumeration issues by increasing roothub power-on-good delay - binder: use euid from cred instead of using task - binder: use cred instead of task for selinux checks - Input: elantench - fix misreporting trackpoint coordinates (Closes: #989285) - libata: fix read log timeout value - ocfs2: fix data corruption on truncate - [arm64,armhf] mmc: dw_mmc: Dont wait for DRTO on Write RSP error - tpm: Check for integer overflow in tpm2_map_response_body() - [x86] media: ite-cir: IR receiver stop working after receive overflow - media: ir-kbd-i2c: improve responsiveness of hauppauge zilog receivers (Closes: #994050) - ALSA: hda/realtek: Add quirk for Clevo PC70HS - ALSA: ua101: fix division by zero at probe - ALSA: 6fire: fix control and bulk message timeouts - ALSA: line6: fix control and interrupt message timeouts - ALSA: usb-audio: Add registration quirk for JBL Quantum 400 - ALSA: synth: missing check for possible NULL after the call to kstrdup - ALSA: timer: Fix use-after-free problem - ALSA: timer: Unconditionally unlink slave instances, too - [x86] irq: Ensure PI wakeup handler is unregistered before module unload - [arm64] cavium: Return negative value when pci_alloc_irq_vectors() fails - scsi: qla2xxx: Fix unmap of already freed sgl - [arm64] cavium: Fix return values of the probe function - sfc: Don't use netif_info before net_device setup - [x86] hyperv/vmbus: include linux/bitops.h - drm: panel-orientation-quirks: Add quirk for Aya Neo 2021 - bpf: Prevent increasing bpf_jit_limit above max - xen/netfront: stop tx queues during live migration - [armhf] spi: spl022: fix Microwire full duplex mode - [armhf] watchdog: Fix OMAP watchdog early handling - [x86] vmxnet3: do not stop tx queues after netif_device_detach() - btrfs: clear MISSING device status bit in btrfs_close_one_device - btrfs: fix lost error handling when replaying directory deletes - btrfs: call btrfs_check_rw_degradable only if there is a missing device - [armhf] regulator: s5m8767: do not use reset value as DVS voltage if GPIO DVS is disabled - [armhf] regulator: dt-bindings: samsung,s5m8767: correct s5m8767,pmic-buck-default-dvs-idx property - EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell - [x86] mwifiex: fix division by zero in fw download path - ath6kl: fix division by zero in send path - ath6kl: fix control-message timeout - ath10k: fix control-message timeout - ath10k: fix division by zero in send path - PCI: Mark Atheros QCA6174 to avoid bus reset - rtl8187: fix control-message timeouts - [arm64] wcn36xx: Fix HT40 capability for 2Ghz band - mwifiex: Read a PCI register after writing the TX ring write pointer - libata: fix checking of DMA state - [arm64] wcn36xx: handle connection loss indication - rsi: fix occasional initialisation failure with BT coex - rsi: fix key enabled check causing unwanted encryption for vap_id > 0 - rsi: fix rate mask set leading to P2P failure - rsi: Fix module dev_oper_mode parameter description - RDMA/qedr: Fix NULL deref for query_qp on the GSI QP - signal: Remove the bogus sigkill_pending in ptrace_stop - [mips*] signal/mips: Update (_save|_restore)_fp_context to fail with -EFAULT - [x86] power: supply: max17042_battery: Prevent int underflow in set_soc_threshold - [x86] power: supply: max17042_battery: use VFSOC for capacity when no rsns - serial: core: Fix initializing and restoring termios speed - ALSA: mixer: oss: Fix racy access to slots - ALSA: mixer: fix deadlock in snd_mixer_oss_set_volume - xen/balloon: add late_initcall_sync() for initial ballooning done - [arm64] PCI: aardvark: Do not clear status bits of masked interrupts - [arm64] PCI: aardvark: Do not unmask unused interrupts - [arm64] PCI: aardvark: Fix return value of MSI domain .alloc() method - [arm64] PCI: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG - quota: check block number when reading the block in quota file - quota: correct error number in free_dqentry() - pinctrl: core: fix possible memory leak in pinctrl_enable() - iio: dac: ad5446: Fix ad5622_write() return value - USB: serial: keyspan: fix memleak on probe errors - USB: iowarrior: fix control-message timeouts - drm: panel-orientation-quirks: Add quirk for KD Kurio Smart C15200 2-in-1 - Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg() (CVE-2021-3640) - Bluetooth: fix use-after-free error in lock_sock_nested() (CVE-2021-3752) - [x86] platform/x86: wmi: do not fail if disabling fails - locking/lockdep: Avoid RCU-induced noinstr fail - net: sched: update default qdisc visibility after Tx queue cnt changes - [x86] Increase exception stack sizes - mwifiex: Run SET_BSS_MODE when changing from P2P to STATION vif-type - mwifiex: Properly initialize private structure on interface type changes - media: netup_unidvb: handle interrupt properly according to the firmware - media: uvcvideo: Set capability in s_param - media: uvcvideo: Return -EIO for control errors - media: mceusb: return without resubmitting URB in case of -EPROTO error. - ACPICA: Avoid evaluating methods too early during system resume - media: usb: dvd-usb: fix uninit-value bug in dibusb_read_eeprom_byte() - tracefs: Have tracefs directories not set OTH permission bits by default - ath: dfs_pattern_detector: Fix possible null-pointer dereference in channel_detector_create() - [x86] ACPI: battery: Accept charges over the design capacity as full - memstick: r592: Fix a UAF bug when removing the driver - lib/xz: Avoid overlapping memcpy() with invalid input with in-place decompression - lib/xz: Validate the value before assigning it to an enum variable - workqueue: make sysfs of unbound kworker cpumask more clever - mwl8k: Fix use-after-free in mwl8k_fw_state_machine() - PM: hibernate: Get block device exclusively in swsusp_check() - iwlwifi: mvm: disable RX-diversity in powersave - gre/sit: Don't generate link-local addr if addr_gen_mode is IN6_ADDR_GEN_MODE_NONE - [x86] hyperv: Protect set_hv_tscchange_cb() against getting preempted - task_stack: Fix end_of_stack() for architectures with upwards-growing stack - Bluetooth: fix init and cleanup of sco_conn.timeout_work - cgroup: Make rebind_subsystems() disable v2 controllers all at once - drm/amdgpu: fix warning for overflow check - media: em28xx: add missing em28xx_close_extension - media: dvb-usb: fix ununit-value in az6027_rc_query - media: si470x: Avoid card name truncation - media: cx23885: Fix snd_card_free call on null card pointer - cpuidle: Fix kobject memory leaks in error paths - media: em28xx: Don't use ops->suspend if it is NULL - ath9k: Fix potential interrupt storm on queue reset - [x86] crypto: qat - detect PFVF collision after ACK - [x86] crypto: qat - disregard spurious PFVF interrupts - b43legacy: fix a lower bounds test - b43: fix a lower bounds test - [armhf] mmc: sdhci-omap: Fix NULL pointer exception if regulator is not configured - memstick: jmb38x_ms: use appropriate free function in jmb38x_ms_alloc_host() - hwmon: Fix possible memleak in __hwmon_device_register() - ath10k: fix max antenna gain unit - [arm64] drm/msm: uninitialized variable in msm_gem_import() - net: stream: don't purge sk_error_queue in sk_stream_kill_queues() - [x86] platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning - rsi: stop thread firstly in rsi_91x_init() error handling - mwifiex: Send DELBA requests according to spec - phy: micrel: ksz8041nl: do not use power down mode - nvme-rdma: fix error code in nvme_rdma_setup_ctrl - PM: hibernate: fix sparse warnings - [arm64] drm/msm: Fix potential NULL dereference in DPU SSPP - [s390x] gmap: don't unconditionally call pte_unmap_unlock() in __gmap_zap() - tcp: don't free a FIN sk_buff in tcp_remove_empty_skb() - [s390x] KVM: s390: Fix handle_sske page fault handling - libertas_tf: Fix possible memory leak in probe and disconnect - libertas: Fix possible memory leak in probe and disconnect - [arm64] wcn36xx: add proper DMA memory barriers in rx path - [amd64,arm64] net: amd-xgbe: Toggle PLL settings during rate change - [arm64,armhf] net: phylink: avoid mvneta warning when setting pause parameters - crypto: pcrypt - Delay write to padata->info - RDMA/rxe: Fix wrong port_cap_flags - scsi: dc395: Fix error case unwinding - JFS: fix memleak in jfs_mount - ALSA: hda: Reduce udelay() at SKL+ position reporting - [arm64,armhf] soc/tegra: Fix an error handling path in tegra_powergate_power_up() - serial: 8250_dw: Drop wrong use of ACPI_PTR() - scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn() - RDMA/mlx4: Return missed an error if device doesn't support steering - [arm64] phy: qcom-qusb2: Fix a memory leak on probe - [arm64] serial: xilinx_uartps: Fix race condition causing stuck TX - [mips*] cm: Convert to bitfield API to fix out-of-bounds access - apparmor: fix error check - rpmsg: Fix rpmsg_create_ept return when RPMSG config is not defined - pnfs/flexfiles: Fix misplaced barrier in nfs4_ff_layout_prepare_ds - drm/plane-helper: fix uninitialized variable reference - [arm64] PCI: aardvark: Don't spam about PIO Response Status - NFS: Fix deadlocks in nfs_scan_commit_list() - fs: orangefs: fix error return code of orangefs_revalidate_lookup() - [arm64] mtd: spi-nor: hisi-sfc: Remove excessive clk_disable_unprepare() - netfilter: nfnetlink_queue: fix OOB when mac header was cleared - dmaengine: dmaengine_desc_callback_valid(): Check for `callback_result` - [x86] watchdog: f71808e_wdt: fix inaccurate report in WDIOC_GETTIMEOUT - scsi: qla2xxx: Fix gnl list corruption - scsi: qla2xxx: Turn off target reset during issue_lip - xen-pciback: Fix return in pm_ctrl_init() - [armhf] net: davinci_emac: Fix interrupt pacing disable - bonding: Fix a use-after-free problem when bond_sysfs_slave_add() failed - mm/zsmalloc.c: close race window between zs_pool_dec_isolated() and zs_unregister_migration() - zram: off by one in read_block_state() - llc: fix out-of-bound array index in llc_sk_dev_hash() - nfc: pn533: Fix double free when pn533_fill_fragment_skbs() fails - [arm64] pgtable: make __pte_to_phys/__phys_to_pte_val inline functions - vsock: prevent unnecessary refcnt inc for nonblocking connect - cxgb4: fix eeprom len when diagnostics not implemented - [arm64,armhf] USB: chipidea: fix interrupt deadlock - [armel,armhf] 9155/1: fix early early_iounmap() - f2fs: should use GFP_NOFS for directory inodes - 9p/net: fix missing error check in p9_check_errors - [powerpc*] lib: Add helper to check if offset is within conditional branch range - [powerpc*] bpf: Validate branch ranges - [powerpc*] bpf: Fix BPF_SUB when imm == 0x80000000 - [powerpc*] security: Add a helper to query stf_barrier type - [powerpc*] bpf: Emit stf barrier instruction sequences for BPF_NOSPEC - mm, oom: pagefault_out_of_memory: don't force global OOM for dying tasks - mm, oom: do not trigger out_of_memory from the #PF - [armhf] backlight: gpio-backlight: Correct initial power state handling - video: backlight: Drop maximum brightness override for brightness zero - [s390x] cio: check the subchannel validity for dev_busid - [s390x] tape: fix timer initialization in tape_std_assign() - PCI: Add PCI_EXP_DEVCTL_PAYLOAD_* macros - fuse: truncate pagecache on atomic_o_trunc - [x86] cpu: Fix migration safety with X86_BUG_NULL_SEL - ext4: fix lazy initialization next schedule time computation in more granular unit - PCI/MSI: Destroy sysfs before freeing entries - PCI/MSI: Deal with devices lying about their MSI mask capability - PCI: Add MSI masking quirk for Nvidia ION AHCI - [arm64] zynqmp: Do not duplicate flash partition label property - [arm64] zynqmp: Fix serial compatible string - scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() - [armhf] usb: musb: tusb6010: check return value after calling platform_get_resource() - [x86] usb: typec: tipd: Remove WARN_ON in tps6598x_block_read - [x86] ASoC: nau8824: Add DMI quirk mechanism for active-high jack-detect - scsi: advansys: Fix kernel pointer leak - firmware_loader: fix pre-allocated buf built-in firmware use - tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc - scsi: target: Fix ordered tag handling - scsi: target: Fix alua_tg_pt_gps_count tracking - [i386] ALSA: gus: fix null pointer dereference on pointer block - f2fs: fix up f2fs_lookup tracepoints - sched/core: Mitigate race cpus_share_cache()/update_top_cache_domain() - drm/nouveau: hdmigv100.c: fix corrupted HDMI Vendor InfoFrame - iavf: check for null in iavf_fix_features - iavf: Fix for the false positive ASQ/ARQ errors while issuing VF reset - [x86] platform/x86: hp_accel: Fix an error handling path in 'lis3lv02d_probe()' - net: virtio_net_hdr_to_skb: count transport header in UFO - i40e: Fix correct max_pkt_size on VF RX queue - i40e: Fix NULL ptr dereference on VSI filter sync - i40e: Fix changing previously set num_queue_pairs for PFs - i40e: Fix display error code in dmesg - NFC: reorganize the functions in nci_request - [x86] perf/x86/intel/uncore: Fix filter_tid mask for CHA events on Skylake Server - [x86] perf/x86/intel/uncore: Fix IIO event constraints for Skylake Server - tun: fix bonding active backup with arp monitoring - ipc: WARN if trying to remove ipc object which is absent - [x86] hyperv: Fix NULL deref in set_hv_tscchange_cb() if Hyper-V setup fails - udf: Fix crash after seekdir - btrfs: fix memory ordering between normal and ordered work functions - cfg80211: call cfg80211_stop_ap when switch from P2P_GO type - drm/udl: fix control-message timeout - drm/amdgpu: fix set scaling mode Full/Full aspect/Center not works on vga and dvi connectors - perf/core: Avoid put_page() when GUP fails - batman-adv: mcast: fix duplicate mcast packets in BLA backbone from LAN - batman-adv: Consider fragmentation for needed_headroom - batman-adv: Reserve needed_*room for fragments - batman-adv: Don't always reallocate the fragmentation skb head - RDMA/netlink: Add __maybe_unused to static inline in C file - ASoC: DAPM: Cover regression by kctl change notification fix - [arm64,armhf] soc/tegra: pmc: Fix imbalanced clock disabling in error code path https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.219 - USB: serial: option: add Telit LE910S1 0x9200 composition - USB: serial: option: add Fibocom FM101-GL variants - [arm*] usb: dwc2: hcd_queue: Fix use of floating point literal - usb: hub: Fix usb enumeration issue due to address0 race - usb: hub: Fix locking issues with address0_mutex - [arm*] binder: fix test regression due to sender_euid change - ALSA: ctxfi: Fix out-of-range access - media: cec: copy sequence field for the reply - HID: wacom: Use "Confidence" flag to prevent reporting invalid contacts - [x86] staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() - fuse: fix page stealing - xen: don't continue xenstore initialization in case of errors - xen: detect uninitialized xenbus in xenbus_init - tracing: Fix pid filtering when triggers are attached - proc/vmcore: fix clearing user buffer by properly using clear_user() - [arm64] PCI: aardvark: Fix a leaked reference by adding missing of_node_put() - [arm64] PCI: aardvark: Wait for endpoint to be ready before training link - [arm64] PCI: aardvark: Train link immediately after enabling training - [arm64] PCI: aardvark: Improve link training - [arm64] PCI: aardvark: Issue PERST via GPIO - [arm64] PCI: aardvark: Replace custom macros by standard linux/pci_regs.h macros - [arm64] PCI: aardvark: Indicate error in 'val' when config read fails - [arm64] PCI: aardvark: Don't touch PCIe registers if no card connected - [arm64] PCI: aardvark: Fix compilation on s390 - [arm64] PCI: aardvark: Move PCIe reset card code to advk_pcie_train_link() - [arm64] PCI: aardvark: Update comment about disabling link training - [arm64] PCI: aardvark: Configure PCIe resources from 'ranges' DT property - [arm64] PCI: aardvark: Fix PCIe Max Payload Size setting - [arm64] PCI: aardvark: Fix link training - [arm64] PCI: aardvark: Fix checking for link up via LTSSM state - [arm64] pinctrl: armada-37xx: Correct mpp definitions - [arm64] pinctrl: armada-37xx: add missing pin: PCIe1 Wakeup - [arm64] pinctrl: armada-37xx: Correct PWM pins definitions - [arm64] dts: marvell: armada-37xx: Set pcie_reset_pin to gpio function - netfilter: ipvs: Fix reuse connection if RS weight is 0 - [x86] ASoC: topology: Add missing rwsem around snd_ctl_remove() calls - net: ieee802154: handle iftypes as u32 - NFSv42: Don't fail clone() unless the OP_CLONE operation failed - [armhf] socfpga: Fix crash with CONFIG_FORTIRY_SOURCE - scsi: mpt3sas: Fix kernel panic during drive powercycle test - [arm*] drm/vc4: fix error code in vc4_create_object() - ipv6: fix typos in __ip6_finish_output() - net/smc: Ensure the active closing peer first closes clcsock - PM: hibernate: use correct mode for swsusp_close() - tcp_cubic: fix spurious Hystart ACK train detections for not-cwnd-limited flows - net/smc: Don't call clcsock shutdown twice when smc shutdown - [arm64] net: hns3: fix VF RSS failed problem after PF enable multi-TCs - vhost/vsock: fix incorrect used length reported to the guest - tracing: Check pid filtering when creating events - [s390x] mm: validate VMA in PGSTE manipulation functions - hugetlbfs: flush TLBs correctly after huge_pmd_unshare (CVE-2021-4002) - NFC: add NCI_UNREG flag to eliminate the race - fuse: release pipe buf after last use - xen: sync include/xen/interface/io/ring.h with Xen's newest version - xen/blkfront: read response from backend only once - xen/blkfront: don't take local copy of a request from the ring page - xen/blkfront: don't trust the backend response data blindly - xen/netfront: read response from backend only once - xen/netfront: don't read data from request on the ring page - xen/netfront: disentangle tx_skb_freelist - xen/netfront: don't trust the backend response data blindly - tty: hvc: replace BUG_ON() with negative return value https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.220 - shm: extend forced shm destroy to support objects from several IPC nses - NFSv42: Fix pagecache invalidation after COPY/CLONE - gfs2: Fix length of holes reported at end-of-file - [amd64] atlantic: Fix OOB read and write in hw_atl_utils_fw_rpc_wait (CVE-2021-43975) - net: return correct error code - [x86] platform/x86: thinkpad_acpi: Fix WWAN device disabled issue after S3 deep - [s390x] setup: avoid using memblock_enforce_memory_limit - btrfs: check-integrity: fix a warning on write caching disabled disk - thermal: core: Reset previous low and high trip during thermal zone init - scsi: iscsi: Unblock session then wake up error handler - ata: ahci: Add Green Sardine vendor ID as board_ahci_mobile - [arm64] ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port() - vrf: Reset IPCB/IP6CB when processing outbound pkts in vrf dev xmit - kprobes: Limit max data_size of the kretprobe instances - ipmi: Move remove_work to dedicated workqueue - fs: add fget_many() and fput_many() - fget: check that the fd still exists after getting a ref to it (CVE-2021-4083) - net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings() - net: mpls: Fix notifications when deleting a device - siphash: use _unaligned version by default - net/mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources() - rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer() - net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of "0" if no IRQ is available - net: annotate data-races on txq->xmit_lock_owner - net/rds: correct socket tunable error in rds_tcp_tune() - net/smc: Keep smc_close_final rc during active close - [arm64] drm/msm: Do hw_init() before capturing GPU state - vgacon: Propagate console boot parameters before calling `vc_resize' - xhci: Fix commad ring abort, write all 64 bits to CRCR register. - USB: NO_LPM quirk Lenovo Powered USB-C Travel Hub - [x86] usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect - [amd64] mm: Map all kernel memory into trampoline_pgd - [arm64] tty: serial: msm_serial: Deactivate RX DMA for polling support - [arm64] serial: pl011: Add ACPI SBSA UART match id - serial: core: fix transmit-buffer reset and memleak - ipmi: msghandler: Make symbol 'remove_work_wq' static https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.221 - HID: add hid_is_usb() function to make it simpler for USB detection - HID: wacom: fix problems when device is not a valid USB device - HID: check for valid USB device for many HID drivers - can: kvaser_usb: get CAN clock frequency from device - [x86] can: sja1000: fix use after free in ems_pcmcia_add_card() - net: core: netlink: add helper refcount dec and lock function - net: sched: rename qdisc_destroy() to qdisc_put() - net: sched: extend Qdisc with rcu - net: sched: add helper function to take reference to Qdisc - net: sched: use Qdisc rcu API instead of relying on rtnl lock - nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done - bpf: Fix the off-by-two error in range markings - ice: ignore dropped packets during init - bonding: make tx_rebalance_counter an atomic - nfp: Fix memory leak in nfp_cpp_area_cache_add() - seg6: fix the iif in the IPv6 socket control block - udp: using datalen to cap max gso segments - [amd64] IB/hfi1: Correct guard on eager buffer deallocation - mm: bdi: initialize bdi_min_ratio when bdi is unregistered - ALSA: ctl: Fix copy of updated id with element read/write - ALSA: pcm: oss: Fix negative period/buffer sizes - ALSA: pcm: oss: Limit the period size to 16MB - ALSA: pcm: oss: Handle missing errors in snd_pcm_oss_change_params*() - tracefs: Have new files inherit the ownership of their parent - [arm64] clk: qcom: regmap-mux: fix parent clock lookup - [i386] can: pch_can: pch_can_rx_normal: fix use after free - libata: add horkage for ASMedia 1092 - wait: add wake_up_pollfree() - binder: use wake_up_pollfree() - signalfd: use wake_up_pollfree() - aio: keep poll requests on waitqueue until completed - aio: fix use-after-free due to missing POLLFREE handling - tracefs: Set all files to the same group ownership as the mount option - block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2) - qede: validate non LSO skb length - i40e: Fix pre-set max number of queues for VF - net: cdc_ncm: Allow for dwNtbOutMaxSize to be unset or zero - [armhf] net: fec: only clear interrupt of handling queue in fec_enet_rx_queue() - net, neigh: clear whole pneigh_entry at alloc time - net/qla3xxx: fix an error code in ql_adapter_up() - USB: gadget: detect too-big endpoint 0 requests (CVE-2021-39685) - USB: gadget: zero allocate endpoint 0 buffers (CVE-2021-39685) - usb: core: config: fix validation of wMaxPacketValue entries - xhci: Remove CONFIG_USB_DEFAULT_PERSIST to prevent xHCI from runtime suspending - usb: core: config: using bit mask instead of individual bits - xhci: avoid race between disable slot command and host runtime suspend - iio: trigger: Fix reference counting - [armhf] iio: mma8452: Fix trigger reference couting - [arm64,armhf] iio: adc: axp20x_adc: fix charging current reporting on AXP22x - [x86] iio: accel: kxcjk-1013: Fix possible memory leak in probe and remove - [armhf] irqchip/armada-370-xp: Fix return value of armada_370_xp_msi_alloc() - [armhf] irqchip/armada-370-xp: Fix support for Multi-MSI interrupts - [arm64,armhf] irqchip/irq-gic-v3-its.c: Force synchronisation when issuing INVALL - net_sched: fix a crash in tc_new_tfilter() - net: sched: make function qdisc_free_cb() static https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.222 - stable: clamp SUBLEVEL in 4.19 - nfc: fix segfault in nfc_genl_dump_devices_done - [arm64] drm/msm/dsi: set default num_data_lanes - net/mlx4_en: Update reported link modes for 1/10G - [arm64,armhf] i2c: rk3x: Handle a spurious start completion interrupt flag - net: netlink: af_netlink: Prevent empty skb by adding a check on len. - tracing: Fix a kmemleak false positive in tracing_map - [x86] hwmon: (dell-smm) Fix warning on /proc/i8k creation error - mac80211: send ADDBA requests using the tid/queue of the aggregation session - dm btree remove: fix use after free in rebalance_children() - audit: improve robustness of the audit queue handling - nfsd: fix use-after-free due to delegation race (Closes: #988044) - [x86] sme: Explicitly map new EFI memmap table as encrypted - mac80211: track only QoS data frames for admission control - [armhf] socfpga: dts: fix qspi node compatible - sch_cake: do not call cake_destroy() from cake_init() - rds: memory leak in __rds_conn_create() (CVE-2021-45480) - [arm64,armhf] soc/tegra: fuse: Fix bitwise vs. logical OR warning - igb: Fix removal of unicast MAC filters of VFs - igbvf: fix double free in `igbvf_probe` - ixgbe: set X550 MDIO speed before talking to PHY - netdevsim: Zero-initialize memory for new map's value in function nsim_bpf_map_alloc (CVE-2021-4135) - net/packet: rx_owner_map depends on pg_vec (CVE-2021-22600) - sit: do not call ipip6_dev_free() from sit_init_net() - USB: gadget: bRequestType is a bitfield, not a enum - USB: NO_LPM quirk Lenovo USB-C to Ethernet Adapher(RTL8153-04) - PCI/MSI: Clear PCI_MSIX_FLAGS_MASKALL on error - PCI/MSI: Mask MSI-X vectors only on success - USB: serial: cp210x: fix CP2105 GPIO registration - USB: serial: option: add Telit FN990 compositions - timekeeping: Really make sure wall_to_monotonic isn't positive - libata: if T_LENGTH is zero, dma direction should be DMA_NONE - drm/amdgpu: correct register access for RLC_JUMP_TABLE_RESTORE - mac80211: validate extended element ID is present - [armel] 8805/2: remove unneeded naked function usage - mwifiex: Remove unnecessary braces from HostCmd_SET_SEQ_NO_BSS_INFO - Input: touchscreen - avoid bitwise vs logical OR warning - media: mxl111sf: change mutex_init() location - fuse: annotate lock in fuse_reverse_inval_entry() - ovl: fix warning in ovl_create_real() - scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select() - xen/blkfront: harden blkfront against event channel storms (CVE-2021-28711) - xen/netfront: harden netfront against event channel storms (CVE-2021-28712) - xen/console: harden hvc_xen against event channel storms (CVE-2021-28713) - xen/netback: fix rx queue stall detection (CVE-2021-28714) - xen/netback: don't queue unlimited number of packages (CVE-2021-28715) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.223 - net: usb: lan78xx: add Allied Telesis AT29M2-AF - block, bfq: improve asymmetric scenarios detection - block, bfq: fix asymmetric scenarios detection - block, bfq: fix decrement of num_active_groups - block, bfq: fix queue removal from weights tree - block, bfq: fix use after free in bfq_bfqq_expire - HID: holtek: fix mouse probing - [arm64] dts: allwinner: orangepi-zero-plus: fix PHY mode - [arm64] spi: change clk_disable_unprepare to clk_unprepare - IB/qib: Fix memory leak in qib_user_sdma_queue_pkts() - netfilter: fix regression in looped (broad|multi)cast's MAC handling - qlcnic: potential dereference null pointer of rx_queue->page_ring - net: accept UFOv6 packages in virtio_net_hdr_to_skb - net: skip virtio_net_hdr_set_proto if protocol already set - ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module - bonding: fix ad_actor_system option setting to default - [amd64] fjes: Check for error irq - [armhf] drivers: net: smc911x: Check for error irq - sfc: falcon: Check null pointer of rx_queue->page_ring - hwmon: (lm90) Fix usage of CONFIG2 register in detect function - ALSA: jack: Check the return value of kstrdup() - ALSA: drivers: opl3: Fix incorrect use of vp->state - Input: atmel_mxt_ts - fix double free in mxt_read_info_block - ipmi: bail out if init_srcu_struct fails - ipmi: fix initialization when workqueue allocation fails - [x86] pkey: Fix undefined behaviour with PKRU_WD_BIT - [armel,armhf] 9169/1: entry: fix Thumb2 bug in iWMMXt exception handling - f2fs: fix to do sanity check on last xattr entry in __f2fs_setxattr() (CVE-2021-45469) - usb: gadget: u_ether: fix race in setting MAC address in setup phase - [x86] KVM: VMX: Fix stale docs for kvm-intel.emulate_invalid_guest_state - hwmon: (lm90) Do not report 'busy' status bit as alarm - ax25: NPD bug when detaching AX25 device - hamradio: defer ax25 kfree after unregister_netdev - hamradio: improve the incomplete fix to avoid NPD - phonet/pep: refuse to enable an unbound pipe https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.224 - [arm64] tee: handle lookup of shm with reference count 0 (CVE-2021-44733) - Input: i8042 - add deferred probe support - [x86] Input: i8042 - enable deferred probe quirk for ASUS UM325UA - [x86] platform/x86: apple-gmux: use resource_size() with res - selinux: initialize proto variable in selinux_ip_postroute_compat() - scsi: lpfc: Terminate string in lpfc_debugfs_nvmeio_trc_write() - udp: using datalen to cap ipv6 udp max gso segments - sctp: use call_rcu to free endpoint - net: usb: pegasus: Do not drop long Ethernet frames - net/mlx5e: Fix wrong features assignment in case of error - i2c: validate user data in compat ioctl - nfc: uapi: use kernel size_t to fix user-space builds - uapi: fix linux/nfc.h userspace compilation errors - xhci: Fresco FL1100 controller should not have BROKEN_MSI quirk set. - usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear. - [arm*] binder: fix async_free_space accounting for empty parcels - [x86] scsi: vmw_pvscsi: Set residual data length conditionally - Input: appletouch - initialize work before device registration - Input: spaceball - fix parsing of movement data packets - net: fix use-after-free in tw_timer_handler https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.225 - tracing: Fix check for trace_percpu_buffer validity in get_trace_buf() - tracing: Tag trace_percpu_buffer as a percpu pointer - ieee802154: atusb: fix uninit value in atusb_set_extended_addr - RDMA/core: Don't infoleak GRH fields - mac80211: initialize variable have_higher_than_11mbit - i40e: fix use-after-free in i40e_sync_filters_subtask() - i40e: Fix incorrect netdev's real number of RX/TX queues - ipv6: Check attribute length for RTA_GATEWAY in multipath route - ipv6: Check attribute length for RTA_GATEWAY when deleting multipath route - sch_qfq: prevent shift-out-of-bounds in qfq_init_qdisc - xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate (CVE-2021-4155) - rndis_host: support Hytera digital radios - phonet: refcount leak in pep_sock_accep (CVE-2021-45095) - ipv6: Continue processing multipath route even if gateway attribute is invalid - ipv6: Do cleanup if attribute validation fails in multipath route - scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown() - ip6_vti: initialize __ip6_tnl_parm struct in vti6_siocdevprivate - net: udp: fix alignment problem in udp4_seq_show() - mISDN: change function names to avoid conflicts https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.226 - Bluetooth: bfusb: fix division by zero in send path - USB: core: Fix bug in resuming hub's handling of wakeup requests - USB: Fix "slab-out-of-bounds Write" bug in usb_hcd_poll_rh_status - can: bcm: switch timer to HRTIMER_MODE_SOFT and remove hrtimer_tasklet - veth: Do not record rx queue hint in veth_xmit - [x86] mfd: intel-lpss: Fix too early PM enablement in the ACPI ->probe() - can: gs_usb: fix use of uninitialized variable, detach device on reception of invalid USB data - can: gs_usb: gs_can_start_xmit(): zero-initialize hf->{flags,reserved} - random: fix data race on crng_node_pool - random: fix data race on crng init time - [x86] drm/i915: Avoid bitwise vs logical OR warning in snb_wm_latency_quirk() - kbuild: Add $(KBUILD_HOSTLDFLAGS) to 'has_libelf' test - orangefs: Fix the size of a memory allocation in orangefs_bufmap_alloc() - [s390x] KVM: s390: Clarify SIGP orders versus STOP/RESTART - media: uvcvideo: fix division by zero at stream start - rtlwifi: rtl8192cu: Fix WARNING when calling local_irq_restore() with interrupts enabled - firmware: qemu_fw_cfg: fix sysfs information leak - firmware: qemu_fw_cfg: fix NULL-pointer deref on duplicate entries - firmware: qemu_fw_cfg: fix kobject leak in probe error path - ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Master after reboot from Windows - HID: uhid: Fix worker destroying device without any protection - HID: wacom: Reset expected and received contact counts at the same time - HID: wacom: Ignore the confidence flag when a touch is removed - HID: wacom: Avoid using stale array indicies to read contact count - f2fs: fix to do sanity check in is_alive() - nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind() - [armhf] mtd: rawnand: gpmi: Remove explicit default gpmi clock setting for i.MX6 - [x86] gpu: Reserve stolen memory for first integrated Intel GPU - rtc: cmos: take rtc_lock while reading from CMOS - media: flexcop-usb: fix control-message timeouts - media: mceusb: fix control-message timeouts - media: em28xx: fix control-message timeouts - media: cpia2: fix control-message timeouts - media: s2255: fix control-message timeouts - media: dib0700: fix undefined behavior in tuner shutdown - media: redrat3: fix control-message timeouts - media: pvrusb2: fix control-message timeouts - media: stk1160: fix control-message timeouts - [x86] can: softing_cs: softingcs_probe(): fix memleak on registration failure - PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller - shmem: fix a race between shmem_unused_huge_shrink and shmem_evict_inode - Bluetooth: cmtp: fix possible panic when cmtp_init_sockets() fails - [arm*] clk: bcm-2835: Pick the closest clock rate - [arm*] clk: bcm-2835: Remove rounding up the dividers - [arm64] wcn36xx: Indicate beacon not connection loss on MISSED_BEACON_IND - [arm64] wcn36xx: Release DMA channel descriptor allocations - media: videobuf2: Fix the size printk format - media: em28xx: fix memory leak in em28xx_init_dev - Bluetooth: stop proccessing malicious adv data - [arm64] tee: fix put order in teedev_close_context() - media: dmxdev: fix UAF when dvb_register_device() fails - [arm64] crypto: qce - fix uaf on qce_ahash_register_one - netfilter: bridge: add support for pppoe filtering - drm/amdgpu: Fix a NULL pointer dereference in amdgpu_connector_lcd_native_mode() - drm/radeon/radeon_kms: Fix a NULL pointer dereference in radeon_driver_open_kms() - [arm*] serial: amba-pl011: do not request memory region twice - floppy: Fix hang in watchdog when disk is ejected - media: dib8000: Fix a memleak in dib8000_init() - media: saa7146: mxb: Fix a NULL pointer dereference in mxb_attach() - media: si2157: Fix "warm" tuner state detection - sched/rt: Try to restart rt period timer when rt runtime exceeded - xfrm: fix a small bug in xfrm_sa_len() - media: dw2102: Fix use after free - media: msi001: fix possible null-ptr-deref in msi001_probe() - [arm64] drm/msm/dpu: fix safe status debugfs file - xfrm: interface with if_id 0 should return error - xfrm: state and policy should fail if XFRMA_IF_ID 0 - usb: ftdi-elan: fix memory leak on device disconnect - [armhf] mmc: meson-mx-sdio: add IRQ check - [x86] mce/inject: Avoid out-of-bounds write when setting flags - [x86] pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in __nonstatic_find_io_region() - [x86] pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in nonstatic_find_mem_region() - netfilter: ipt_CLUSTERIP: fix refcount leak in clusterip_tg_check() - ppp: ensure minimum packet size in ppp_write() - Bluetooth: hci_bcm: Check for error irq - [arm64,armhf] spi: spi-meson-spifc: Add missing pm_runtime_disable() in meson_spifc_probe - tpm: add request_locality before write TPM_INT_ENABLE - can: softing: softing_startstop(): fix set but not used variable warning - pcmcia: fix setting of kthread task states - net: mcs7830: handle usb read errors properly - ext4: avoid trim error on fs with small groups - ALSA: jack: Add missing rwsem around snd_ctl_remove() calls - ALSA: PCM: Add missing rwsem around snd_ctl_remove() calls - ALSA: hda: Add missing rwsem around snd_ctl_remove() calls - [arm64] RDMA/hns: Validate the pkey index - [powerpc*] prom_init: Fix improper check of prom_getprop() - ALSA: oss: fix compile error when OSS_DEBUG is enabled - [arm64,armhf] iommu/io-pgtable-arm: Fix table descriptor paddr formatting - scsi: ufs: Fix race conditions related to driver data - RDMA/core: Let ib_find_gid() continue search even after empty entry - [x86] ASoC: rt5663: Handle device_property_read_u32_array error codes - [arm*] iommu/iova: Fix race between FQ timeout and teardown - RDMA/cxgb4: Set queue pair state when being queried - Bluetooth: Fix debugfs entry leak in hci_register_dev() - fs: dlm: filter user dlm messages for kernel locks - ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START reply - drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR - usb: gadget: f_fs: Use stream_open() for endpoint files - HID: apple: Do not reset quirks when the Fn key is not found - media: b2c2: Add missing check in flexcop_pci_isr: - gpiolib: acpi: Do not set the IRQ type if the IRQ is already in use - [armhf] HSI: core: Fix return freed object in hsi_new_client - [x86] mwifiex: Fix skb_over_panic in mwifiex_usb_recv() (CVE-2021-43976) - rsi: Fix out-of-bounds read in rsi_read_pkt() - floppy: Add max size check for user space request - media: saa7146: hexium_orion: Fix a NULL pointer dereference in hexium_attach() - media: m920x: don't use stack on USB reads - iwlwifi: mvm: synchronize with FW after multicast commands - ath10k: Fix tx hanging - net-sysfs: update the queue counts in the unregistration path - [x86] mce: Mark mce_panic() noinstr - [x86] mce: Mark mce_end() noinstr - [x86] mce: Mark mce_read_aux() noinstr - net: bonding: debug: avoid printing debug logs when bond is not notifying peers - bpf: Do not WARN in bpf_warn_invalid_xdp_action() - HID: quirks: Allow inverting the absolute X/Y values - media: igorplugusb: receiver overflow should be reported - media: saa7146: hexium_gemini: Fix a NULL pointer dereference in hexium_attach() - mmc: core: Fixup storing of OCR for MMC_QUIRK_NONSTD_SDIO - audit: ensure userspace is penalized the same as the kernel when under pressure - usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0 - ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream - iwlwifi: fix leaks/bad data after failed firmware load - iwlwifi: remove module loading failure message - iwlwifi: mvm: Fix calculation of frame length - jffs2: GC deadlock reading a page that is used in jffs2_write_begin() - ACPICA: actypes.h: Expand the ACPI_ACCESS_ definitions - ACPICA: Utilities: Avoid deleting the same object twice in a row - ACPICA: Executer: Fix the REFCLASS_REFOF case in acpi_ex_opcode_1A_0T_1R() - ACPICA: Hardware: Do not flush CPU cache when entering S4 and S5 - drm/amdgpu: fixup bad vram size on gmc v8 - [x86] ACPI: battery: Add the ThinkPad "Not Charging" quirk - btrfs: remove BUG_ON() in find_parent_nodes() - btrfs: remove BUG_ON(!eie) in find_parent_nodes - net: mdio: Demote probed message to debug print - mac80211: allow non-standard VHT MCS-10/11 - dm btree: add a defensive bounds check to insert_at() - dm space map common: add bounds check to sm_ll_lookup_bitmap() - net: phy: marvell: configure RGMII delays for 88E1118 - [arm64] regulator: qcom_smd: Align probe function with rpmh-regulator - [arm64,armhf] serial: pl010: Drop CR register reset on set_termios - serial: core: Keep mctrl register state and cached copy in sync - [powerpc*] powernv: add missing of_node_put - [powerpc*] btext: add missing of_node_put - [powerpc*] watchdog: Fix missed watchdog reset due to memory ordering race - [x86] i2c: i801: Don't silently correct invalid transfer size - [powerpc*] smp: Move setup_profiling_timer() under CONFIG_PROFILING - [powerpc*] i2c: mpc: Correct I2C reset procedure - w1: Misuse of get_user()/put_user() reported by sparse - ALSA: seq: Set upper limit of processed events - [powerpc*] handle kdump appropriately with crash_kexec_post_notifiers option - [mips*] OCTEON: add put_device() after of_find_device_by_node() - [x86] i2c: designware-pci: Fix to change data types of hcnt and lcnt parameters - scsi: sr: Don't use GFP_DMA - [arm64] rpmsg: core: Clean up resources on announce_create failure. - ubifs: Error path in ubifs_remount_rw() seems to wrongly free write buffers - serial: Fix incorrect rs485 polarity on uart open - cputime, cpuacct: Include guest time in user time in cpuacct.stat - iwlwifi: mvm: Increase the scan timeout guard to 30 seconds - [s390x] mm: fix 2KB pgtable release race - [armhf] drm/etnaviv: limit submit sizes - ext4: make sure to reset inode lockdep class when quota enabling fails - ext4: make sure quota gets properly shutdown on error - ext4: set csum seed in tmp inode while migrating to extents - ext4: Fix BUG_ON in ext4_bread when write quota data - ext4: don't use the orphan list when migrating an inode - ASoC: dpcm: prevent snd_soc_dpcm use after free - regulator: core: Let boot-on regulators be powered off - drm/radeon: fix error handling in radeon_driver_open_kms - [arm64] RDMA/hns: Modify the mapping attribute of doorbell to device - RDMA/rxe: Fix a typo in opcode name - af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress - netns: add schedule point in ops_exit_list() - libcxgb: Don't accidentally set RTO_ONLINK in cxgb_find_route() - net_sched: restore "mpu xxx" handling - [mips*,s390x] gup: Work around the "COW can break either way" issue (CVE-2020-29374) - fuse: fix bad inode (CVE-2020-36322) - fuse: fix live lock in fuse_iget() (CVE-2021-28950) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.227 - [x86] drm/i915: Flush TLBs before releasing backing store (CVE-2022-0330) - net: bridge: clear bridge's private skb space on xmit - select: Fix indefinitely sleeping task in poll_schedule_timeout() - [x86] drm/vmwgfx: Fix stale file descriptors on failed usercopy (CVE-2022-22942) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.228 - Bluetooth: refactor malicious adv data check - [s390x] hypfs: include z/VM guests with access control group set - [s390x] scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices - udf: Restore i_lenAlloc when inode expansion fails (CVE-2022-0617) - udf: Fix NULL ptr deref when converting from inline format (CVE-2022-0617) - [armhf] drm/etnaviv: relax submit size limits - netfilter: nft_payload: do not update layer 4 checksum when mangling fragments - serial: 8250: of: Fix mapped region size when using reg-offset property - tty: n_gsm: fix SW flow control encoding/handling - tty: Add support for Brainboxes UC cards. - usb-storage: Add unusual-devs entry for VL817 USB-SATA bridge - [arm64,armhf] usb: common: ulpi: Fix crash in ulpi_match() - usb: gadget: f_sourcesink: Fix isoc transfer for USB_SPEED_SUPER_PLUS - USB: core: Fix hang in usb_kill_urb by adding memory barriers - [x86] usb: typec: tcpm: Do not disconnect while receiving VBUS off - [arm64,armhf] net: sfp: ignore disabled SFP node - i40e: Increase delay to 1 s after global EMP reset - i40e: Fix issue when maximum queues is exceeded - i40e: Fix queues reservation for XDP - i40e: fix unsigned stat widths - scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put() - ipv6_tunnel: Rate limit warning messages - net: fix information leakage in /proc/net/ptype - ping: fix the sk_bound_dev_if match in ping_lookup - ipv4: avoid using shared IP generator for connected sockets - hwmon: (lm90) Reduce maximum conversion rate for G781 - NFSv4: Handle case where the lookup of a directory fails (CVE-2022-24448) - NFSv4: nfs_atomic_open() can race when looking up a non-regular file - net-procfs: show net devices bound packet types - [arm64] drm/msm: Fix wrong size calculation - [arm64] drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable - ipv6: annotate accesses to fn->fn_sernum - NFS: Ensure the server has an up to date ctime before hardlinking - NFS: Ensure the server has an up to date ctime before renaming - phylib: fix potential use-after-free - yam: fix a memory leak in yam_siocdevprivate() (CVE-2022-24959) - ipv4: raw: lock the socket in raw_bind() - ipv4: tcp: send zero IPID in SYNACK messages - netfilter: nat: remove l4 protocol port rovers - netfilter: nat: limit port clash resolution attempts - tcp: fix possible socket leaks in internal pacing mode - ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback - [amd64,arm64] net: amd-xgbe: ensure to reset the tx_timer_active flag - [amd64,arm64] net: amd-xgbe: Fix skb data length underflow - rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink() - af_packet: fix data-race in packet_setsockopt / packet_setsockopt - audit: improve audit queue handling when "audit=1" on cmdline - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw() - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx() - ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx() - ALSA: hda/realtek: Add missing fixup-model entry for Gigabyte X570 ALC1220 quirks - ALSA: hda/realtek: Fix silent output on Gigabyte X570S Aorus Master (newer chipset) - ALSA: hda/realtek: Fix silent output on Gigabyte X570 Aorus Xtreme after reboot from Windows - drm/nouveau: fix off by one in BIOS boundary checking - block: bio-integrity: Advance seed correctly for larger interval sizes - RDMA/mlx4: Don't continue event handler after memory allocation failure - [amd64] iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping() - [amd64] iommu/amd: Fix loop timeout issue in iommu_ga_log_enable() - [armhf] spi: meson-spicc: add IRQ check in meson_spicc_probe - net: ieee802154: hwsim: Ensure proper channel selection at probe time - net: ieee802154: Return meaningful error codes from the netlink helpers - net: macsec: Verify that send_sci is on when setting Tx sci explicitly - [arm64,armhf] net: stmmac: ensure PTP time register reads are consistent - [x86] drm/i915/overlay: Prevent divide by zero bugs in scaling - scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe - nfsd: nfsd4_setclientid_confirm mistakenly expires confirmed client. - rtc: cmos: Evaluate century appropriate - [arm64] EDAC/xgene: Fix deferred probing - ext4: fix error handling in ext4_restore_inline_data() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.229 - cgroup-v1: Require capabilities to set release_agent (CVE-2022-0492) - moxart: fix potential use-after-free on remove path (CVE-2022-0487) - tipc: improve size validations for received domain records (CVE-2022-0435) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.230 - integrity: check the return value of audit_log_start() - net: phy: marvell: Fix MDI-x polarity setting in 88e1118-compatible PHYs - NFS: Fix initialisation of nfs_client cl_flags field - NFSD: Clamp WRITE offsets - NFSD: Fix offset type in I/O trace points - NFSv4 only print the label when its queried - nfs: nfs4clinet: check the return value of kstrdup() - NFSv4.1: Fix uninitialised variable in devicenotify - NFSv4 remove zero number of fs_locations entries error check - NFSv4 expose nfs_parse_server_name function - net: sched: Clarify error message when qdisc kind is unknown - scsi: target: iscsi: Make sure the np under each tpg is unique - [arm*] usb: dwc2: gadget: don't try to disable ep0 in dwc2_hsotg_suspend - [arm64,armhf] net: stmmac: dwmac-sun8i: use return val of readl_poll_timeout() - bpf: Add kconfig knob for disabling unpriv bpf by default - net: bridge: fix stale eth hdr pointer in br_dev_xmit - usb: f_fs: Fix use-after-free for epfile - ixgbevf: Require large buffers for build_skb on 82599VF - bonding: pair enable_port with slave_arr_updates - ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table() on failure path - net: do not keep the dst cache when uncloning an skb dst and its metadata - net: fix a memleak when uncloning an skb dst and its metadata - veth: fix races around rq->rx_notify_masked - tipc: rate limit warning for received illegal binding update - [amd64,arm64] net: amd-xgbe: disable interrupts during pci removal - vt_ioctl: fix array_index_nospec in vt_setactivate - vt_ioctl: add array_index_nospec to VT_ACTIVATE - n_tty: wake up poll(POLLRDNORM) on receiving data - [arm64,armhf] usb: ulpi: Move of_node_put to ulpi_dev_release - [arm64,armhf] usb: ulpi: Call of_node_put correctly - [arm64,armhf] usb: dwc3: gadget: Prevent core from processing stale TRBs - USB: gadget: validate interface OS descriptor requests (CVE-2022-25258) - usb: gadget: rndis: check size of RNDIS_MSG_SET command (CVE-2022-25375) - USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320 - USB: serial: option: add ZTE MF286D modem - USB: serial: ch341: add support for GW Instek USB2.0-Serial devices - USB: serial: cp210x: add NCR Retail IO box id - USB: serial: cp210x: add CPI Bulk Coin Recycler id - seccomp: Invalidate seccomp mode to catch death failures - [x86] hwmon: (dell-smm) Speed up setting of fan speed - perf: Fix list corruption in perf_cgroup_switch() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.231 - Makefile.extrawarn: Move -Wunaligned-access to W=1 - net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup - btrfs: send: in case of IO error log it - net: ieee802154: at86rf230: Stop leaking skb's - ax25: improve the incomplete fix to avoid UAF and NPD bugs - vfs: make freeze_super abort when sync_filesystem returns error - quota: make dquot_quota_sync return errors from ->sync_fs - nvme: fix a possible use-after-free in controller reset during load - nvme-rdma: fix possible use-after-free in transport error_recovery work - Revert "module, async: async_synchronize_full() on module init iff async is used" - iwlwifi: fix use-after-free - drm/radeon: Fix backlight control on iMac 12,1 - xfrm: Don't accidentally set RTO_ONLINK in decode_session4() - taskstats: Cleanup the use of task->exit_code - mmc: block: fix read single on recovery logic - vsock: remove vsock from connected table when connect is interrupted by a signal - iwlwifi: pcie: fix locking when "HW not ready" - iwlwifi: pcie: gen2: fix locking when "HW not ready" - ping: fix the dif and sdif check in ping_lookup - drop_monitor: fix data-race in dropmon_net_event / trace_napi_poll_hit - bonding: fix data-races around agg_select_timer - libsubcmd: Fix use-after-free for realloc(..., 0) - ALSA: hda: Fix regression on forced probe mask option - ALSA: hda: Fix missing codec probe on Shenker Dock 15 - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw() - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_range() - [powerpc*] lib/sstep: fix 'ptesync' build error - ext4: check for out-of-order index extents in ext4_valid_extent_entries() - block/wbt: fix negative inflight counter when remove scsi device - NFS: LOOKUP_DIRECTORY is also ok with symlinks - NFS: Do not report writeback errors in nfs_getattr() - EDAC: Fix calculation of returned address and next offset in edac_align_ptr() - net: sched: limit TC_ACT_REPEAT loops - lib/iov_iter: initialize "flags" in new pipe_buffer - [x86] Drivers: hv: vmbus: Expose monitor data only when monitor pages are used - [x86] Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj - [x86] KVM: x86/pmu: Use AMD64_RAW_EVENT_MASK for PERF_TYPE_RAW - [armhf] OMAP2+: hwmod: Add of_node_put() before break - netfilter: conntrack: don't refresh sctp entries in closed state - kconfig: let 'shell' return enough output for deep path names - ata: libata-core: Disable TRIM on M88V29 - tracing: Fix tp_printk option related with tp_printk_stop_on_boot - net: usb: qmi_wwan: Add support for Dell DW5829e - [arm64] net: macb: Align the dma and coherent dma masks https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.232 - cgroup/cpuset: Fix a race between cpuset_attach() and cpu hotplug - vhost/vsock: don't check owner in vhost_vsock_stop() while releasing - sr9700: sanity check for packet length - USB: zaurus: support another broken Zaurus - ping: remove pr_err from ping_lookup - net: __pskb_pull_tail() & pskb_carve_frag_list() drop_monitor friends - tipc: Fix end of loop tests for list_for_each_entry() - gso: do not skip outer ip header in case of ipip and net_failover - openvswitch: Fix setting ipv6 fields causing hw csum failure - drm/edid: Always set RGB444 - net/mlx5e: Fix wrong return value on ioctl EEPROM query failure - configfs: fix a race in configfs_{,un}register_subsystem() - RDMA/ib_srp: Fix a deadlock - tty: n_gsm: fix proper link termination after failed open - Revert "drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR" - memblock: use kfree() to release kmalloced memblock regions - fget: clarify and improve __fget_files() implementation - tracing: Have traceon and traceoff trigger honor the instance - ata: pata_hpt37x: disable primary channel on HPT371 - Revert "USB: serial: ch341: add new Product ID for CH341A" - usb: gadget: rndis: add spinlock for rndis response list - tracefs: Set the group ownership in apply_options() not parse_options() - USB: serial: option: add support for DW5829e - USB: serial: option: add Telit LE910R1 compositions - [arm64] usb: dwc3: pci: Fix Bay Trail phy GPIO mappings - [arm64,armhf] usb: dwc3: gadget: Let the interrupt handler disable bottom halves. - xhci: re-initialize the HC during resume if HCE was set - xhci: Prevent futile URB re-submissions due to incorrect return value. - tty: n_gsm: fix encoding of control signal octet bit DV . [ Salvatore Bonaccorso ] * Bump ABI to 19 * [rt] Update to 4.19.210-rt90 * [rt] Update to 4.19.211-rt91 * [rt] Update to 4.19.212-rt92 * [rt] Update to 4.19.214-rt93 * [rt] Update to 4.19.215-rt94 - fscache: fix initialisation of cookie hash table raw spinlocks * [rt] Update to 4.19.217-rt95 * Refresh "Export symbols needed by Android drivers" * liblockdep: Stop build liblockdep packages * [rt] Update to 4.19.218-rt96 * [rt] Update to 4.19.219-rt97 * [rt] Refresh "net: move xmit_recursion to per-task variable on -RT" * Refresh "Export symbols needed by Android drivers" * [rt] Update to 4.19.225-rt101 * Refresh "Revert "objtool: Fix CONFIG_STACK_VALIDATION=y warning for out-of-tree modules"" * [rt] Update to 4.19.227-rt102 * [rt] Update to 4.19.230-rt103 * init: Enable BPF_UNPRIV_DEFAULT_OFF (Closes: #990411) * Mitigate Spectre v2-type Branch History Buffer attacks (CVE-2022-0001, CVE-2022-0002) - [x86] speculation: Merge one test in spectre_v2_user_select_mitigation() - [x86] bugs: Unconditionally allow spectre_v2=retpoline,amd - [x86] speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE - [x86] speculation: Add eIBRS + Retpoline options - Documentation/hw-vuln: Update spectre doc - [x86] speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting - [x86] speculation: Use generic retpoline by default on AMD - [x86] speculation: Update link to AMD speculation whitepaper - [x86] speculation: Warn about Spectre v2 LFENCE mitigation - [x86] speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT llvm-toolchain-11 (1:11.0.1-2~deb10u1) buster; urgency=medium . * Backport to buster. - Disable tests on (big endian) mips due to timeout (i.e., test runtime exceeds 10h). - Don't install hwasan_symbolize as part of clang-tools package on mips (that particular utility isn't built on mips) llvm-toolchain-11 (1:11.0.1-2~bpo10+1) buster-backports; urgency=medium . * Rebuild for buster-backports. llvm-toolchain-11 (1:11.0.1-1) unstable; urgency=medium . [ Sylvestre Ledru ] * New stable release . [ Gianfranco Costamagna ] * Drop old patch, upstream now * Run dh_makeshlibs with -V parameter (Closes: #977814) llvm-toolchain-11 (1:11.0.1~+rc2-1) unstable; urgency=medium . * New snapshot release * Remove 'gnu-assembler-compat.diff' - merged upstream llvm-toolchain-11 (1:11.0.1~+rc1-1) unstable; urgency=medium . [ Alexander Volkov ] * Fix description of libclang-cpp11-dev package. . [ Sylvestre Ledru ] * Upload to unstable to help doko with gcc 11.0.1 will be released before the freeze llvm-toolchain-11 (1:11.0.1~+rc1-1~exp1) experimental; urgency=medium . [ Gianfranco Costamagna ] * gnu-assembler-compat.diff: Add upstream patch D92052 to fix a gcn offload compiler issue with gcc (Closes: #975692) . [ Sylvestre Ledru ] * New snapshot release * Remove fix-clang-format-bug-47589.patch (applied upstream) llvm-toolchain-11 (1:11.0.0-5) unstable; urgency=medium . [ Adrian Bunk ] * Fix the fuzzer build on i386. . [ Sylvestre Ledru ] * Ignore some tests on i386 to get autopkgtest fixed (Closes: #972334) llvm-toolchain-11 (1:11.0.0-4) unstable; urgency=medium . * Cherry-pick some fixes from https://github.com/opencollab/llvm-toolchain-integration-test-suite/ * Only install hwasan_symbolize when found * Don't use gold on ppc64el. It fails to build in that case (Closes: #972317) . [ John Paul Adrian Glaubitz ] * Limit maximum parallel link jobs to 4 on sparc and sparc64 llvm-toolchain-11 (1:11.0.0-3) unstable; urgency=medium . [ Sylvestre Ledru ] * Rebuild to fix the coinstall issues (Closes: #972323) * Replace use of deprecated $ADTTMP with $AUTOPKGTEST_TMP. llvm-toolchain-11 (1:11.0.0-2) unstable; urgency=medium . * Fix a clang-format issue. Fix bug #47589 llvm-toolchain-11 (1:11.0.0-1) unstable; urgency=medium . * New upstream release llvm-toolchain-11 (1:11.0.0~+rc6-1) unstable; urgency=medium . [ Sylvestre Ledru ] * New rc release * remove all artifacts after tests . [ Gianfranco Costamagna ] * qualify-clang.sh: exclude z3 tests when support is not available, not based on libz3-dev installation but on the error returned by clang invocation llvm-toolchain-11 (1:11.0.0~+rc5-1) unstable; urgency=medium . * New rc release llvm-toolchain-11 (1:11.0.0~+rc4-1) unstable; urgency=medium . * New rc release * Fix one more test in autopkgtest llvm-toolchain-11 (1:11.0.0~+rc3-2) unstable; urgency=medium . * Update of the symbol list of libomp5: - GOMP_loop_maybe_nonmonotonic_runtime_next - GOMP_loop_maybe_nonmonotonic_runtime_start - GOMP_loop_nonmonotonic_runtime_next - GOMP_loop_nonmonotonic_runtime_start - GOMP_loop_ull_maybe_nonmonotonic_runtime_next - GOMP_loop_ull_maybe_nonmonotonic_runtime_start - GOMP_loop_ull_nonmonotonic_runtime_next - GOMP_loop_ull_nonmonotonic_runtime_start - GOMP_parallel_loop_maybe_nonmonotonic_runtime - GOMP_parallel_loop_nonmonotonic_runtime - omp_display_env * Bring back LLVM_POLLY_LINK_INTO_TOOLS=ON to workaround the error clang (LLVM option parsing): Unknown command line argument '-polly'. Try: 'clang (LLVM option parsing) --help' Also found in autopkgtest * Bring back LLVM_POLLY_LINK_INTO_TOOLS=ON to workaround the error clang (LLVM option parsing): Unknown command line argument '-polly'. Try: 'clang (LLVM option parsing) --help' Fix autopkgtest * In the autopkgtest tests, update the opt arguments (-q removed and -basicaa renamed to -basic-aa) * Disable test executions on mipsel (timeout) llvm-toolchain-11 (1:11.0.0~+rc3-1) unstable; urgency=medium . * New rc release llvm-toolchain-11 (1:11.0.0~+rc2-5) unstable; urgency=medium . [ John Paul Adrian Glaubitz ] * Link against libatomic on powerpc to fix FTBFS in stage2 * Use dh-exec to exclude lib/libPolly*.a on powerpc and powerpcspe from libclang-common-X.Y-dev.install.in . [ Gianfranco Costamagna ] * autopkgtests: ignore binfmts enable command return value. llvm-toolchain-11 (1:11.0.0~+rc2-4) unstable; urgency=medium . * integration-test-suite-test: change the configuration for 11 llvm-toolchain-11 (1:11.0.0~+rc2-3) unstable; urgency=medium . * Fix testsuite by ignoring binfmts test (can't be enabled on autopkgtests) llvm-toolchain-11 (1:11.0.0~+rc2-2) unstable; urgency=medium . [ Gianfranco Costamagna ] * Disable ocaml support on i386, not reasonable to support it there (specially for Ubuntu) * Enable binfmt support before using it in tests, to fix them . [ Sylvestre Ledru ] * Also link against -latomic on mipsel to fix /usr/[...]/atomic_base.h:426: undefined reference to `__atomic_load_8' for lld to fix the FTBFS llvm-toolchain-11 (1:11.0.0~+rc2-1) unstable; urgency=medium . * New snapshot release llvm-toolchain-11 (1:11.0.0~+rc1-2) unstable; urgency=medium . * Don't install ompt-multiplex.h on armhf, mipsel and mips64el (Closes: #967944) llvm-toolchain-11 (1:11.0.0~+rc1-1) unstable; urgency=medium . * Testing release llvm-toolchain-11 (1:11~++20200715043845+0e377e253c1-1~exp1) experimental; urgency=medium . [ Sylvestre Ledru ] * branching of snapshot into 11 . [ Samuel Thibault ] * debian/patches/hurd/hurd-EIEIO-undef.diff: Remove, upstreamed. * debian/patches/hurd/hurd-cxx-paths.diff: Remove, upstreamed. lxcfs (3.0.3-2+deb10u1) buster; urgency=medium . [ Kellen Renshaw ] * d/p/0001 : Fix a misreport of swap being fully used due to a computation error (Closes: #955499) lxml (4.3.2-1+deb10u4) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * Cleaner: Prevent "@import" from re-occurring in the CSS after replacements, e.g. "@@importimport" (CVE-2021-43818) (Closes: #1001885) * Cleaner: Remove SVG image data URLs since they can embed script content (CVE-2021-43818) (Closes: #1001885) mailman (1:2.1.29-1+deb10u5) buster; urgency=medium . * Non-maintainer upload by the Security Team. * CSRF check for user tokens should not be case sensitive (Closes: #1001685) - The fix for CVE-2021-42097 requires that the user submitting a user options form match the user in the CSRF token submitted with the form, but the match is case sensitive and should not be. - There is also a potential NameError exception in logging a mismatch. mailman (1:2.1.29-1+deb10u4) buster; urgency=medium . * Non-maintainer upload by the Security Team. * Fix potential CSRF attack against a list admin from a list member or moderator (CVE-2021-44227) mailman (1:2.1.29-1+deb10u3) buster; urgency=medium . * Non-maintainer upload by the Security Team. * Potential XSS attack via the user options page (CVE-2021-43331) (Closes: #1000367) * A list moderator can crack the list admin password encrypted in a CSRF token (CVE-2021-43332) (Closes: #1000367) mailman (1:2.1.29-1+deb10u2) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * Fixed options login content injection vulnerability (CVE-2020-12108) * Fixed content injection vulnerability via the private login page (CVE-2020-15011) * Fix remote privilege escalation (CVE-2021-42096, CVE-2021-42097) mariadb-10.3 (1:10.3.34-0+deb10u1) buster; urgency=medium . * New upstream version 10.3.34. Includes security fixes for: - CVE-2021-46661 - CVE-2021-46663 - CVE-2021-46664 - CVE-2021-46665 - CVE-2021-46668 * Previous upstream version 10.3.33 included security fixes for: - CVE-2021-46659 - CVE-2022-24048 - CVE-2022-24050 - CVE-2022-24051 - CVE-2022-24052 * Previous upstream version 10.3.32 included security fixes for: - CVE-2021-35604 - CVE-2021-46662 - CVE-2021-46667 * Drop MIPS and libatomic patches applied now upstream * Upstream issue MDEV-25114 about Galera WSREP invalid state fixed (Closes: #989898) * Salsa-CI: Install latest archive keys to fix Jessie upgrade regression * Upstream version 10.3.33 was skipped as upstream pulled the release within a couple of days of release due to severe regression * Notable upstream functional changes in 10.3.33: - New default minimum value for innodb_buffer_pool_size is 20 MB (from 2 MB) mediawiki (1:1.31.16-1+deb10u2) buster-security; urgency=high . * Backport fix for CVE-2021-44858. This version is not vulnerable to CVE-2021-44857 nor CVE-2021-45038. minetest (0.4.17.1+repack-1+deb10u1) buster-security; urgency=high . * Fix CVE-2022-24300 and CVE-2022-24301: Several vulnerabilities have been discovered in Minetest. These issues may allow attackers to manipulate game mods and grant them an unfair advantage over other players. These flaws could also be abused for a denial of service attack or if user input is passed directly to minetest.deserialize without serializing it first, then a malicious user could run Lua code in the server environment. (Closes: #1004223) modsecurity-apache (2.9.3-1+deb10u1) buster-security; urgency=high . * Team upload * Fixed CVE-2021-42717 nbd (1:3.19-3+deb10u1) buster-security; urgency=medium . * Cherry-pick fixes for CVE-2022-26495 and CVE-2022-26496 from git master; Closes: #1006915. * Fix parsing of nbdtab in nbd-client; Closes: #1003863. neutron (2:13.0.7+git.2021.09.27.bace3d1890-0+deb10u1) buster-security; urgency=medium . * New upstream point release. - CVE-2021-40085: By supplying a specially crafted extra_dhcp_opts value, an authenticated user may add arbitrary configuration to the dnsmasq process in order to crash the service, change parameters for other tenants sharing the same interface, or otherwise alter that daemon's behavior. This vulnerability may also be used to trigger a configuration parsing buffer overflow in versions of dnsmasq prior to 2.81, which could lead to remote code execution. All Neutron deployments are affected. (Closes: #993398) * Add Add_a_healthcheck_URL.patch. * Removed patches applied upstream: - rootwrap-fix-for-neutron-fwaas.patch - CVE-2019-10876_rocky_fix_KeyError_in_OVS_firewall.patch - CVE-2019-9735_When_converting_sg_rules_to_iptables_do_not_emit_d....patch * Refreshed multiple patches. * Add the neccessary debconf stuff to stop modifying config files on upgrades. * Add patch: - revert-call-install_ingress_direct_goto_flows_when_ovs_restarts.patch node-getobject (0.1.0-2+deb10u1) buster; urgency=medium . * Team upload * Fix prototype pollution (Closes: CVE-2020-28282) nss (2:3.42.1-1+deb10u5) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * Check for missing signedData field (CVE-2022-22747) nss (2:3.42.1-1+deb10u4) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * Ensure DER encoded signatures are within size limits (CVE-2021-43527) openjdk-11 (11.0.14+9-1~deb10u1) buster-security; urgency=medium . * Rebuild for buster openjdk-11 (11.0.13+8-1) unstable; urgency=medium . * OpenJDK 11.0.13+8 build (release). * Security fixes - JDK-8163326, CVE-2021-35550: Update the default enabled cipher suites preference - JDK-8254967, CVE-2021-35565: com.sun.net.HttpsServer spins on TLS session close - JDK-8263314: Enhance XML Dsig modes - JDK-8265167, CVE-2021-35556: Richer Text Editors - JDK-8265574: Improve handling of sheets - JDK-8265580, CVE-2021-35559: Enhanced style for RTF kit - JDK-8265776: Improve Stream handling for SSL - JDK-8266097, CVE-2021-35561: Better hashing support - JDK-8266103: Better specified spec values - JDK-8266109: More Resilient Classloading - JDK-8266115: More Manifest Jar Loading - JDK-8266137, CVE-2021-35564: Improve Keystore integrity - JDK-8266689, CVE-2021-35567: More Constrained Delegation - JDK-8267086: ArrayIndexOutOfBoundsException in java.security.KeyFactory.generatePublic - JDK-8267712: Better LDAP reference processing - JDK-8267729, CVE-2021-35578: Improve TLS client handshaking - JDK-8267735, CVE-2021-35586: Better BMP support - JDK-8268193: Improve requests of certificates - JDK-8268199: Correct certificate requests - JDK-8268205: Enhance DTLS client handshake - JDK-8268506: More Manifest Digests - JDK-8269618, CVE-2021-35603: Better session identification - JDK-8269624: Enhance method selection support - JDK-8270398: Enhance canonicalization - JDK-8270404: Better canonicalization * Remove patches applied upstream. openjdk-11 (11.0.13+8-1~deb11u1) bullseye-security; urgency=medium . * Rebuild for bullseye openjdk-11 (11.0.13+8-1~deb10u1) buster-security; urgency=medium . * Rebuild for buster-security openjdk-11 (11.0.12+7-2) unstable; urgency=high . * OpenJDK 11.0.12+7 build (release). * Security fixes: - JDK-8256157: Improve bytecode assembly. - JDK-8256491: Better HTTP transport. - JDK-8258432, CVE-2021-2341: Improve file transfers. - JDK-8260453: Improve Font Bounding. - JDK-8260960: Signs of jarsigner signing. - JDK-8260967, CVE-2021-2369: Better jar file validation. - JDK-8262380: Enhance XML processing passes. - JDK-8262403: Enhanced data transfer. - JDK-8262410: Enhanced rules for zones. - JDK-8262477: Enhance String Conclusions. - JDK-8262967: Improve Zip file support. - JDK-8264066, CVE-2021-2388: Enhance compiler validation. - JDK-8264079: Improve abstractions. - JDK-8264460: Improve NTLM support. * Encode the early-access status into the package version. LP: #1934895. opensc (0.19.0-1+deb10u1) buster; urgency=medium . * Non-maintainer upload. * CVE-2019-15945: Out-of-bounds access of an ASN.1 Bitstring. (Closes: #939668) * CVE-2019-15946: Out-of-bounds access of an ASN.1 Octet string. (Closes: #939669) * CVE-2019-19479: Incorrect read operation in the Setec driver. (Closes: #947383) * CVE-2019-20792: Double free in the Coolkey driver. * CVE-2020-26570: Heap-based buffer overflow in the Oberthur driver. (Closes: #972037) * CVE-2020-26571: Stack-based buffer overflow in the GPK driver. (Closes: #972036) * CVE-2020-26572: Stack-based buffer overflow in the TCOS driver. (Closes: #972035) openscad (2019.01~RC2-2+deb10u1) buster; urgency=medium . * Fix buffer overflows in STL parser (CVE-2020-28599 and CVE-2020-28600) (Closes: #996020). openssl (1.1.1n-0+deb10u1) buster; urgency=medium . * New upstream version. - Add new symbols. openssl (1.1.1m-1) unstable; urgency=medium . * New upstream version. - Fix builds on kfreebsd (Closes: #993501). * Add arc, patch by Vineet Gupta (Closes: #989442). openssl (1.1.1m-0+deb11u1) bullseye; urgency=medium . * New upstream version. - Fix armv8 pointer authentication (Closes: #989604). openssl (1.1.1l-1) unstable; urgency=medium . * New upstream version. - CVE-2021-3711 (SM2 Decryption Buffer Overflow). - CVE-2021-3712 (Read buffer overruns processing ASN.1 strings). openssl (1.1.1k-1+deb11u2) bullseye-security; urgency=medium . * CVE-2022-0778 (Infinite loop in BN_mod_sqrt() reachable when parsing certificates). * CVE-2021-4160 (Carry propagation bug in the MIPS32 and MIPS64 squaring procedure.) openssl (1.1.1k-1+deb11u1) bullseye-security; urgency=medium . * CVE-2021-3711 (SM2 Decryption Buffer Overflow). * CVE-2021-3712 (Read buffer overruns processing ASN.1 strings). openssl (1.1.1k-1) unstable; urgency=medium . * New upstream version. - CVE-2021-3450 (CA certificate check bypass with X509_V_FLAG_X509_STRICT). - CVE-2021-3449 (NULL pointer deref in signature_algorithms processing). openssl (1.1.1j-1) unstable; urgency=medium . * New upstream version. - CVE-2021-23841 (NULL pointer deref in X509_issuer_and_serial_hash()). - CVE-2021-23840 (Possible overflow of the output length argument in EVP_CipherUpdate(), EVP_EncryptUpdate() and EVP_DecryptUpdate()). openssl (1.1.1i-3) unstable; urgency=medium . * Cherry-pick a patch from upstream to address #13931. * Enable LFS. Thanks to Dan Nicholson for debugging (Closes: #923479). openssl (1.1.1i-2) unstable; urgency=medium . * Apply two patches from upstream to address x509 related regressions. openssl (1.1.1i-1) unstable; urgency=medium . * New upstream version. - CVE-2020-1971 (EDIPARTYNAME NULL pointer de-reference). - Restore rejection of expired trusted (root) certificate (Closes: #976465). openssl (1.1.1h-1) unstable; urgency=medium . * New upstream version * Disable CAPI engine, it is designed for Windows. openssl (1.1.1g-1) unstable; urgency=medium . * New upstream version - CVE-2020-1967 (Segmentation fault in SSL_check_chain). openssl (1.1.1f-1) unstable; urgency=medium . * New upstream version - Revert the change of EOF detection to avoid regressions in applications. (Closes: #955442). openssl (1.1.1e-1) unstable; urgency=medium . * Use dh-compat level 12. * New upstream version - CVE-2019-1551 (Overflow in the x64_64 Montgomery squaring procedure), (Closes: #947949). * Update symbol list. * Update Standards-Version to 4.5.0. No changes required. * Add musl configurations (Closes: #941765). openssl (1.1.1d-2) unstable; urgency=medium . * Reenable AES-CBC-HMAC-SHA ciphers (Closes: #941987). openssl (1.1.1d-1) unstable; urgency=medium . * New upstream version - CVE-2019-1549 (Fixed a fork protection issue). - CVE-2019-1547 (Compute ECC cofactors if not provided during EC_GROUP construction). - CVE-2019-1563 (Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey). * Update symbol list openssl (1.1.1d-0+deb10u8) buster-security; urgency=medium . * Fix armv8 pointer authentication (Closes: #989604). * CVE-2022-0778 (Infinite loop in BN_mod_sqrt() reachable when parsing certificates). * CVE-2021-4160 (Carry propagation bug in the MIPS32 and MIPS64 squaring procedure.) php-illuminate-database (5.7.27-1+deb10u1) buster; urgency=medium . [ Robin Gustafsson ] * Security fix: Query Binding Exploitation (Closes: #980899) Fixes CVE-2021-21263 * Security fix: SQL injection with Microsoft SQL Server (Closes: #987848) . [ Thorsten Glaser ] * Update Maintainer, upload to oldstable as security fixpack php7.3 (7.3.31-1~deb10u1) buster-security; urgency=medium . * New upstream version 7.3.31 + CVE-2021-21706: ZipArchive::extractTo extracts outside of destination. * Backported from 7.4.25 + CVE-2021-21703: PHP-FPM oob R/W in root process leading to privilege escalation. phpliteadmin (1.9.7.1-2+deb10u1) buster; urgency=medium . * Fix CVE-2021-46709, an XSS issue with the num POST parameter pillow (5.4.1-2+deb10u3) buster-security; urgency=medium . * CVE-2022-22815 CVE-2022-22816 CVE-2022-22817 plib (1.8.5-8+deb10u1) buster; urgency=medium . * Prevent integer overflow in ssgLoadTGA() function. CVE-2021-38714 (Closes: #992973) policykit-1 (0.105-25+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * Local Privilege Escalation in polkit's pkexec (CVE-2021-4034) postgresql-11 (11.14-0+deb10u1) buster-security; urgency=medium . * New upstream security release. . + Make the server and libpq reject extraneous data after an SSL or GSS encryption handshake (Tom Lane) . A man-in-the-middle with the ability to inject data into the TCP connection could stuff some cleartext data into the start of a supposedly encryption-protected database session. . This could be abused to send faked SQL commands to the server, although that would only work if the server did not demand any authentication data. (However, a server relying on SSL certificate authentication might well not do so.) (CVE-2021-23214) . This could probably be abused to inject faked responses to the client's first few queries, although other details of libpq's behavior make that harder than it sounds. A different line of attack is to exfiltrate the client's password, or other sensitive data that might be sent early in the session. That has been shown to be possible with a server vulnerable to CVE-2021-23214. (CVE-2021-23222) . The PostgreSQL Project thanks Jacob Champion for reporting these problems. privoxy (3.0.28-2+deb10u2) buster; urgency=medium . * 53_CVE-2021-44540: get_url_spec_param(): Free memory of compiled pattern spec before bailing (CVE-2021-44540). * 56_CVE-2021-44543: cgi_error_no_template(): Encode the template name to prevent XSS (CVE-2021-44543). prosody (0.11.2-1+deb10u4) buster-security; urgency=medium . * CVE-2022-0217 fix memory leak (Closes: #1004173) * fix numbering of patches prosody (0.11.2-1+deb10u3) buster-security; urgency=medium . * fix for https://prosody.im/security/advisory_20220113/ CVE-2022-0217 publicsuffix (20211109.1735-0+deb10u1) buster; urgency=medium . * new upstream publicsuffix data publicsuffix (20210108.1309-1) unstable; urgency=medium . * new upstream version publicsuffix (20201215.0006-1) unstable; urgency=medium . * new upstream version publicsuffix (20200729.1725-1) unstable; urgency=medium . * new upstream version publicsuffix (20200627.1701-1) unstable; urgency=medium . * new upstream version publicsuffix (20200506.1625-1) unstable; urgency=medium . * new upstream version publicsuffix (20200424.0822-1) unstable; urgency=medium . * new upstream version publicsuffix (20200303.0012-1) unstable; urgency=medium . * Set upstream metadata fields: Bug-Database, Bug-Submit, Repository, Repository-Browse. * new upstream version publicsuffix (20200201.2258-1) unstable; urgency=medium . * new upstream version publicsuffix (20191120.1745-1) unstable; urgency=medium . * new upstream version publicsuffix (20190925.1705-1) unstable; urgency=medium . * new upstream version publicsuffix (20190904.1802-1) unstable; urgency=medium . * new upstream version publicsuffix (20190723.1836-1) unstable; urgency=medium . * new upstream version publicsuffix (20190716.1812-1) unstable; urgency=medium . * debhelper: move to version 12 * standards-version: bump to 4.4.0 (no changes needed) * new upstream version publicsuffix (20190529.1825-1) unstable; urgency=medium . * new upstream version python-babel (2.6.0+dfsg.1-1+deb10u1) buster-security; urgency=medium . * CVE-2021-20095 (Closes: #987824) python-virtualenv (15.1.0+ds-2+deb10u1) buster; urgency=medium . * Avoid attempting to install pkg_resources from PyPI. (Closes: #994952) raptor2 (2.0.14-1.1~deb10u2) buster; urgency=high . * Non-maintainer upload by the LTS Team. * CVE-2020-25713 Malformed input file can lead to a segfault. redis (5:5.0.14-1+deb10u2) buster-security; urgency=high . * CVE-2022-0543: Prevent a Debian-specific Lua sandbox escape vulnerability. . This vulnerability existed because the Lua library in Debian is provided as a dynamic library. A "package" variable was automatically populated that in turn permitted access to arbitrary Lua functionality. As this extended to, for example, the "execute" function from the "os" module, an attacker with the ability to execute arbitrary Lua code could potentially execute arbitrary shell commands. . Thanks to Reginaldo Silva for discovering and reporting this issue. (Closes: #1005787) redis (5:5.0.14-1+deb10u1) buster-security; urgency=high . * New upstream security release: . - CVE-2021-32762: Integer to heap buffer overflow issue in redis-cli and redis-sentinel parsing large multi-bulk replies on some older and less common platforms. . - CVE-2021-32687: Integer to heap buffer overflow with intsets, when set-max-intset-entries is manually configured to a non-default, very large value. . - CVE-2021-32675: Denial Of Service when processing RESP request payloads with a large number of elements on many connections. . - CVE-2021-32672: Random heap reading issue with Lua Debugger. . - CVE-2021-32628: Integer to heap buffer overflow handling ziplist-encoded data types, when configuring a large, non-default value for hash-max-ziplist-entries, hash-max-ziplist-value, zset-max-ziplist-entries or zset-max-ziplist-value. . - CVE-2021-32627: Integer to heap buffer overflow issue with streams, when configuring a non-default, large value for proto-max-bulk-len and client-query-buffer-limit. . - CVE-2021-32626: Specially crafted Lua scripts may result with Heap buffer overflow. . - CVE-2021-41099: Integer to heap buffer overflow handling certain string commands and network payloads, when proto-max-bulk-len is manually configured to a non-default, very large value. * Refresh patches. redis (5:5.0.7-7) unstable; urgency=medium . * Add a sleep to ensure that the redis server has started before running the autopkgtests. redis (5:5.0.7-7~bpo10+1) buster-backports; urgency=medium . * Rebuild for buster-backports. * Don't use liblzf in buster-backports as it has not been backported (yet?). . redis (5:5.0.7-7) unstable; urgency=medium . * Add a sleep to ensure that the redis server has started before running the autopkgtests. . redis (5:5.0.7-6) unstable; urgency=medium . * No change sourceful upload to permit migration to testing. . redis (5:5.0.7-5) unstable; urgency=medium . * Ensure that the redis daemon is running prior to running the autopkgtests. . redis (5:5.0.7-4) unstable; urgency=medium . * Use the newly-package liblzf-dev package over the local version. (Closes: #958321) * Don't duplicate long description of the redis-server package in the metapackage. . redis (5:5.0.7-3~bpo10+1) buster-backports; urgency=medium . * Rebuild for buster-backports. * Update debian/gbp.conf. . redis (5:5.0.7-3) unstable; urgency=medium . * Fix FTBFS with GCC 10. (Closes: #957751) * Refresh all patches. . redis (5:5.0.7-2) unstable; urgency=medium . [ Christian Göttsche ] * Update systemd service to reflect new names, etc. * Create directories in postinst with correct SELinux context. . [ Chris Lamb ] * Bump Standards-Version to 4.5.0. . [ David Prévot ] * Update long description to remove duplicate information. redis (5:5.0.7-6) unstable; urgency=medium . * No change sourceful upload to permit migration to testing. redis (5:5.0.7-5) unstable; urgency=medium . * Ensure that the redis daemon is running prior to running the autopkgtests. redis (5:5.0.7-4) unstable; urgency=medium . * Use the newly-package liblzf-dev package over the local version. (Closes: #958321) * Don't duplicate long description of the redis-server package in the metapackage. redis (5:5.0.7-3) unstable; urgency=medium . * Fix FTBFS with GCC 10. (Closes: #957751) * Refresh all patches. redis (5:5.0.7-2) unstable; urgency=medium . [ Christian Göttsche ] * Update systemd service to reflect new names, etc. * Create directories in postinst with correct SELinux context. . [ Chris Lamb ] * Bump Standards-Version to 4.5.0. . [ David Prévot ] * Update long description to remove duplicate information. redis (5:5.0.7-1) unstable; urgency=medium . * New upstream bugfix release. * Bump Standards-Version to 4.4.1. * Run wrap-and-sort -sa. redis (5:5.0.7-1~bpo10+1) buster-backports; urgency=medium . * Rebuild for buster-backports. . redis (5:5.0.7-1) unstable; urgency=medium . * New upstream bugfix release. * Bump Standards-Version to 4.4.1. * Run wrap-and-sort -sa. redis (5:5.0.6-1) unstable; urgency=medium . * New upstream release. * Specify "Rules-Requires-Root: no">. redis (5:5.0.6-1~bpo10+1) buster-backports; urgency=medium . * Rebuild for buster-backports. . redis (5:5.0.6-1) unstable; urgency=medium . * New upstream release. * Specify "Rules-Requires-Root: no">. redis (5:5.0.5-2) unstable; urgency=medium . * Sourceful upload to unstable to ensure testing migration. * Bump Standards-Version to 4.4.0. * Don't build release tags in gitlab-ci.yml. redis (5:5.0.5-2~bpo10+1) buster-backports; urgency=medium . * Rebuild for buster-backports. * Update debian/gbp.conf. . redis (5:5.0.5-2) unstable; urgency=medium . * Sourceful upload to unstable to ensure testing migration. * Bump Standards-Version to 4.4.0. * Don't build release tags in gitlab-ci.yml. . redis (5:5.0.5-1) unstable; urgency=medium . * New upstream release. . redis (5:5.0.4-1) unstable; urgency=medium . * New upstream release. redis (5:5.0.5-1) unstable; urgency=medium . * New upstream release. redis (5:5.0.4-1) unstable; urgency=medium . * New upstream release. ros-ros-comm (1.14.3+ds1-5+deb10u3) buster; urgency=medium . * Add https://github.com/ros/ros_comm/pull/2186 (Fix CVE-2021-37146) roundcube (1.3.17+dfsg.1-1~deb10u2) buster-security; urgency=high . * Backport fix for CVE-2021-46144: Fix cross-site scripting (XSS) via HTML messages with malicious CSS content. (Closes: #1003027) roundcube (1.3.17+dfsg.1-1~deb10u1) buster-security; urgency=high . * New bugfix/security upstream release (closes: #1000156), with fixes for: + CVE-2021-44025: XSS issue in handling attachment filename extension in mimetype mismatch warning; and + CVE-2021-44026: possible SQL injection via some session variables. * Refresh d/patches. * Refresh d/upstream/signing-key.asc. * d/gbp.conf: Rename upstream branch to upstream/release-1.3. rsyslog (8.1901.0-1+deb10u1) buster; urgency=medium . * Non-maintainer upload. * CVE-2019-17041: Heap overflow in the AIX message parser. (Closes: #942067) * CVE-2019-17042: Heap overflow in the Cisco log message parser. (Closes: #942065) ruby-httpclient (2.8.3-3+deb10u1) buster; urgency=medium . * Add simple autopkgtest to check a basic SSL connection * Add patch to use the system certificate store (Closes: #995448) * debian/rules: remove embedded CA certificate store * Add dependency on ca-certificates ruby-httpclient (2.8.3-3) unstable; urgency=medium . [ Debian Janitor ] * Trim trailing whitespace. * Use secure copyright file specification URI. * debian/copyright: use spaces rather than tabs to start continuation lines. * Set debhelper-compat version in Build-Depends. * Set upstream metadata fields: Bug-Database, Bug-Submit, Repository, Repository-Browse. * Update standards version to 4.5.0, no changes needed. * Remove MIA uploader Ryan Niebur . (Closes: #856376) . [ Utkarsh Gupta ] * Add salsa-ci.yml * Add patch to disable tests related to HTTP_PROXY and other related issues (proxy, et al) because LP builders don't like them! :D (Closes: #861456) ruby-kaminari (1.0.1-4+deb10u1) buster-security; urgency=high . * Non-maintainer upload. * Fix CVE-2020-11082: There is a vulnerability that would allow an attacker to inject arbitrary code into pages with pagination links. (Closes: #961847) ruby2.5 (2.5.5-3+deb10u4) buster-security; urgency=high . * Add patch to use File.open to fix the OS Command Injection vulnerability. (Fixes: CVE-2021-31799) * Add patch to fix StartTLS stripping vulnerability. (Fixes: CVE-2021-32066) * Add patch to ignore IP addresses in PASV responses by default. (Fixes: CVE-2021-31810) * Add length limit option for methods that parses date strings. (Fixes: CVE-2021-41817) * When parsing cookies, only decode the values. (Fixes: CVE-2021-41819) * Add patch to backport rexml upstream bug fixes. (Fixes: CVE-2021-28965) rust-cbindgen (0.20.0-1~deb10u2) buster; urgency=medium . * Non-maintainer upload. * Fix file timestamps from orig tarball by using a supported debhelper target in buster (execute_after_dh_* is not supported in dh 12.1). * debian/copyright: rename license paragraph to please lintian. rust-cbindgen (0.20.0-1~deb10u1) buster; urgency=medium . * Non-maintainer upload. * Backport to buster. * Vendor dependencies, they are not available in buster. * Only build the cbindgen binary. * Lower dh-cargo build-dep. rust-cbindgen (0.19.0-1) experimental; urgency=medium . * Package cbindgen 0.19.0 from crates.io using debcargo 2.4.4-alpha.0 rust-cbindgen (0.18.0-1) experimental; urgency=medium . * Package cbindgen 0.18.0 from crates.io using debcargo 2.4.4-alpha.0 rust-cbindgen (0.17.0-4) unstable; urgency=medium . * Team upload. * Package cbindgen 0.17.0 from crates.io using debcargo 2.4.4 * Add test dependencies on gcc and g++ rust-cbindgen (0.17.0-3) unstable; urgency=medium . * Team upload. * Package cbindgen 0.17.0 from crates.io using debcargo 2.4.4 * Change build and test dependencies from cython to cython3 * Use cython3 for tests * Use tmpdir for tests rather than crate dir to fix permission denied errors. rust-cbindgen (0.17.0-2) unstable; urgency=medium . * Team upload. * Package cbindgen 0.17.0 from crates.io using debcargo 2.4.4 * Fix very old timestamps (Closes: #982130) * Remove old and broken override of debian/tests/control * Add cython to the autopkgtest dependencies too. * Mark test for no-features case as broken * Mark other testcases as not broken. rust-cbindgen (0.17.0-1) unstable; urgency=medium . * Package cbindgen 0.17.0 from crates.io using debcargo 2.4.4-alpha.0 (Closes: #982022) * Add cython to the build dep for the tests rust-cbindgen (0.15.0-1) unstable; urgency=medium . * Package cbindgen 0.15.0 from crates.io using debcargo 2.4.3 rust-cbindgen (0.14.6-1) unstable; urgency=medium . * Package cbindgen 0.14.6 from crates.io using debcargo 2.4.2 rust-cbindgen (0.14.4-1) unstable; urgency=medium . * Package cbindgen 0.14.4 from crates.io using debcargo 2.4.3 rustc-mozilla (1.51.0+dfsg1-1~deb10u2) buster; urgency=medium . * Non-maintainer upload. * stage0 build. + Use arm-unknown-linux-gnueabi target for armel. (This change was missed in the previous upload and is now implemented correctly.) * Disable build for windows targets (broken on i386) rustc-mozilla (1.51.0+dfsg1-1~deb10u1) buster; urgency=medium . * Non-maintainer upload. * Backport to buster. * stage0 build. + Use arm-unknown-linux-gnueabi target for armel. * Disable wasm. * Reduce debugging symbols on i386 to avoid FTBFS due to OOM. * Use debhelper compat level 9 * Replace gcc-mingw-w64-x86-64-posix by gcc-mingw-w64-x86-64 s390-dasd (0.0.74~deb10u1) buster; urgency=medium . * Rebuild for buster. s390-dasd (0.0.73) unstable; urgency=medium . * Team upload . [ Updated translations ] * Finnish (fi.po) by Kimmo Kujansuu s390-dasd (0.0.72) unstable; urgency=medium . * Team upload . [ Updated translations ] * Lithuanian (lt.po) by Gediminas Murauskas s390-dasd (0.0.71) unstable; urgency=medium . * Team upload . [ Updated translations ] * Arabic (ar.po) by Fahim Sabah s390-dasd (0.0.70) unstable; urgency=medium . * Team upload . [ Updated translations ] * Lithuanian (lt.po) by Kornelijus Tvarijanavičius s390-dasd (0.0.69) unstable; urgency=medium . * Team upload . [ Updated translations ] * Greek (el.po) by george k * Hindi (hi.po) by KushagraKarira * Kabyle (kab.po) by Selyan Sliman Amiri * Tamil (ta.po) by Vasudevan Tirumurti s390-dasd (0.0.68) unstable; urgency=medium . * Team upload . [ Philipp Kern ] * Remove myself from uploaders. . [ Updated translations ] * Occitan (oc.po) by Quentin PAGÈS s390-dasd (0.0.67) unstable; urgency=medium . * Team upload . [ Updated translations ] * Basque (eu.po) by Iñaki Larrañaga Murgoitio * Persian (fa.po) by Seyed Hany Hosseini * Norwegian Bokmal (nb.po) by Allan Nordhøy * Serbian (sr.po) by Filipovic Dragan . [ New translations ] * Kabyle (kab.po) by Slimane Selyan Amiri * Occitan (oc.po) by Quentin PAGÈS s390-dasd (0.0.66) unstable; urgency=medium . * Team upload . [ Updated translations ] * Marathi (mr.po) by Prachi Joshi s390-dasd (0.0.65) unstable; urgency=medium . * Team upload . [ Updated translations ] * Croatian (hr.po) by gogogogi * Portuguese (pt.po) by Miguel Figueiredo salt (2018.3.4+dfsg1-6+deb10u3) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * Fix CVE-2020-28243 CVE-2020-28972 CVE-2020-35662 CVE-2021-3148 CVE-2021-3144 CVE-2021-25281 CVE-2021-25282 CVE-2021-25283 CVE-2021-25284 CVE-2021-3197, CVE-2021-31607 and CVE-2021-21996. Multiple security vulnerabilites have been discovered in Salt, a powerful remote execution manager, that allow for local privilege escalation on a minion, server side template injection attacks, insufficient checks for eauth credentials, shell and command injections or incorrect validation of SSL certificates. samba (2:4.9.5+dfsg-5+deb10u3) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * Add patches for CVE-2021-44142 (Closes: #1004693) - CVE-2021-44142: libadouble: add defines for icon lengths - CVE-2021-44142: smbd: add Netatalk xattr used by vfs_fruit to the list of private Samba xattrs - CVE-2021-44142: libadouble: harden ad_unpack_xattrs() - vfs_fruit: CVE-2021-44142 tweak buffer size check - CVE-2021-44142: libadouble: harden parsing code samba (2:4.9.5+dfsg-5+deb10u2) buster-security; urgency=high . * Non-maintainer upload by the Security Team. . [ Salvatore Bonaccorso ] * CVE-2020-25722 Ensure the structural objectclass cannot be changed * CVE-2020-25722 dsdb: Restrict the setting of privileged attributes during LDAP add/modify * s3/auth: use set_current_user_info() in auth3_generate_session_info_pac() * selftest: Fix ktest usermap file * selftest/Samba3: replace (winbindd => "yes", skip_wait => 1) with (winbindd => "offline") * CVE-2020-25719 CVE-2020-25717: selftest: remove "gensec:require_pac" settings * CVE-2020-25717: s3:winbindd: make sure we default to r->out.authoritative = true * CVE-2020-25717: s4:auth/ntlm: make sure auth_check_password() defaults to r->out.authoritative = true * CVE-2020-25717: s4:torture: start with authoritative = 1 * CVE-2020-25717: s4:smb_server: start with authoritative = 1 * CVE-2020-25717: s4:auth_simple: start with authoritative = 1 * CVE-2020-25717: s3:ntlm_auth: start with authoritative = 1 * CVE-2020-25717: s3:torture: start with authoritative = 1 * CVE-2020-25717: s3:rpcclient: start with authoritative = 1 * CVE-2020-25717: s3:auth: start with authoritative = 1 * CVE-2020-25717: auth/ntlmssp: start with authoritative = 1 * CVE-2020-25717: loadparm: Add new parameter "min domain uid" * CVE-2020-25717: s3:auth: let auth3_generate_session_info_pac() forward the low level errors * CVE-2020-25717: s3:auth: Check minimum domain uid * CVE-2020-25717: s3:auth: we should not try to autocreate the guest account * CVE-2020-25717: s3:auth: no longer let check_account() autocreate local users * CVE-2020-25717: s3:auth: remove fallbacks in smb_getpwnam() * CVE-2020-25717: s3:auth: don't let create_local_token depend on !winbind_ping() * CVE-2020-25717: auth/gensec: always require a PAC in domain mode (DC or member) * CVE-2020-25717: s4:auth: remove unused auth_generate_session_info_principal() * CVE-2020-25717: s3:ntlm_auth: fix memory leaks in ntlm_auth_generate_session_info_pac() * CVE-2020-25717: s3:ntlm_auth: let ntlm_auth_generate_session_info_pac() base the name on the PAC LOGON_INFO only * CVE-2020-25717: s3:auth: let auth3_generate_session_info_pac() delegate everything to make_server_info_wbcAuthUserInfo() * CVE-2020-25717: selftest: configure 'ktest' env with winbindd and idmap_autorid * CVE-2020-25717: s3:auth: let auth3_generate_session_info_pac() reject a PAC in standalone mode * CVE-2020-25717: s3:auth: simplify get_user_from_kerberos_info() by removing the unused logon_info argument * CVE-2020-25717: s3:auth: simplify make_session_info_krb5() by removing unused arguments * lib: Add dom_sid_str_buf * CVE-2020-25717: idmap_nss: verify that the name of the sid belongs to the configured domain * CVE-2020-25717: s3:auth: Fallback to a SID/UID based mapping if the named based lookup fails * waf: install: Remove installation of PIDL and manpages. . [ Mathieu Parent ] * Drop libparse-pidl-perl package (Closes: #939419) samba (2:4.9.5+dfsg-5+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * gbp.conf: change debian-branch to buster-security, and merge-mode to merge * CVE-2019-10197: smbd: separate out impersonation debug info into a new function. * CVE-2019-10197: smbd: make sure that change_to_user_internal() always resets current_user.done_chdir. * CVE-2019-10197: smbd: make sure we reset current_user.{need,done}_chdir in become_root() * CVE-2019-10197: selftest: make fsrvp_share its own independent subdirectory. * CVE-2019-10197: test_smbclient_s3.sh: add regression test for the no permission on share root problem. * CVE-2019-10197: smbd: split change_to_user_impersonate() out of change_to_user_internal() sogo (4.0.7-1+deb10u2) buster-security; urgency=high . * [CVE-2021-33054] fixes validation of SAML message signatures (closes: #989479) sphinxsearch (2.2.11-2+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the LTS Team. * CVE-2020-29050 Fix for arbitrary file reads by scattered file snippets spip (3.2.4-1+deb10u7) buster-security; urgency=high . * Backport security fix from 3.2.14 - arbitrary PHP code execution spip (3.2.4-1+deb10u6) buster; urgency=medium . * Document CVE fixed previously * Backport security fixes (XSS) from 3.2.13 spip (3.2.4-1+deb10u5) buster-security; urgency=high . * Backport security fixes from 3.2.12 - SQL injections, remote code execution, XSS squashfs-tools (1:4.3-12+deb10u2) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * unsquashfs: use squashfs_closedir() to delete directory * unsquashfs: dynamically allocate name * unsquashfs: use linked list to store directory names * Unsquashfs: additional write outside destination directory exploit fix (CVE-2021-41072) (Closes: #994262) * Unsquashfs: Add makefile entry for unsquash-12.o strongswan (5.7.2-1+deb10u2) buster-security; urgency=medium . * gbp.conf: revert upstream branch name change for now * eap-authenticator: Enforce failure if MSK generation fails - Fix incorrect handling of Early EAP-Success Messages (CVE-2021-45079) strongswan (5.7.2-1+deb10u1) buster-security; urgency=medium . * Reject RSASSA-PSS params with negative salt length - fix remote denial of service (CVE-2021-41990) * Prevent crash due to integer overflow / sign change - fix remote denial of service (CVE-2021-41991) * d/gbp.conf: track buster-security branches tiff (4.1.0+git191117-2~deb10u3) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * TIFFTAG_PREDICTOR is not supported for WebP (CVE-2020-19143) tomcat9 (9.0.31-1~deb10u6) buster-security; urgency=high . * Team upload. * CVE-2021-30640: Fix NullPointerException. If no userRoleAttribute is specified in the user's Realm configuration its default value will be null. This will cause a NPE in the methods doFilterEscaping and doAttributeValueEscaping. This is upstream bug https://bz.apache.org/bugzilla/show_bug.cgi?id=65308 * Fix CVE-2021-41079: Apache Tomcat did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service. tryton-proteus (5.0.1-3+deb10u1) buster-security; urgency=high . * This release contains fixes for XML parsing vulnerabilities: https://discuss.tryton.org/t/security-release-for-issue11219-and-issue11244/5059 https://bugs.tryton.org/issue11219 (CVE-2022-26661) https://bugs.tryton.org/issue11244 (CVE-2022-26662) tryton-server (5.0.4-2+deb10u1) buster-security; urgency=high . * This release contains fixes for XML parsing vulnerabilities: https://discuss.tryton.org/t/security-release-for-issue11219-and-issue11244/5059 https://bugs.tryton.org/issue11219 (CVE-2022-26661) https://bugs.tryton.org/issue11244 (CVE-2022-26662) tzdata (2021a-0+deb10u3) buster; urgency=medium . * Cherry-pick patches from tzdata-2021d and tzdata-2021e: - 04-fiji-dst.patch: Fiji suspends DST for the 2021/2022 season. - 05-palestine-dst.patch: Palestine will fall back 2021-10-29 (not 2021-10-30) at 01:00. uriparser (0.9.1-1+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * UriNormalize.c: Fix .hostText copying in uriMakeOwnerEngine (CVE-2021-46141) * UriParse.c: Adjust uriFreeUriMembers* to fixed uriMakeOwner* behavior (CVE-2021-46141) * UriNormalize.c: Fix handling of empty segments in uriPreventLeakage (CVE-2021-46142) usbview (2.0-21-g6fe2f4f-2+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * Fix authorization for inactive or arbitrary other users (CVE-2022-23220) * Pass on the command line parameters to GTK only if not invoked via pkexec varnish (6.1.1-1+deb10u3) buster-security; urgency=medium . * Apply upstream patch to fix: VSV00008 Varnish HTTP/1 Request Smuggling Vulnerability (CVE-2022-23959). (Closes: #1004433) varnish (6.1.1-1+deb10u2) buster-security; urgency=medium . * Apply upstream patch from the 6.0.x TLS branch to fix VSV00007: Varnish HTTP/2 Request Smuggling Attack (CVE-2021-36740). (Closes: #991040) vim (2:8.1.0875-5+deb10u2) buster; urgency=medium . * Revert unintentional inclusion of v8.2.3489, which is only relevant to Vim 8.2.3110 and later. vim (2:8.1.0875-5+deb10u1) buster; urgency=medium . * Change gbp.conf and salsa config to use buster * Backport 8.1.0881 and 8.1.0883 to fix CVE-2019-20807 + 8.1.0881: can execute shell commands in rvim through interfaces + 8.1.0883: missing some changes for Ex commands * Backport patches 8.1.0936, 8.2.3402, and 8.2.3403 to fix CVE-2021-3770 (Closes: #994076) + 8.1.0936: may leak memory when using 'vartabstop' + 8.2.3402: invalid memory access when using :retab with large value + 8.2.3403: memory leak for :retab with invalid argument * Backport v8.2.3409 to fix CVE-2021-3778 (Closes: #994498) + 8.2.3409: reading beyond end of line with invalid utf-8 character * Backport v8.2.3428 to fix CVE-2021-3796 (Closes: #994497) + 8.2.3428: using freed memory when replacing * Backport v8.2.3489 to fix CVE-2021-3875 (Closes: #996593) + 8.2.3489: ml_get error after search with range wavpack (5.1.0-6+deb10u1) buster; urgency=medium . * debian/patches: Cherry-pick upstream patches to fix use of uninitialized values. (CVE-2019-1010317, CVE-2019-1010319) (Closes: #932060, #932061) * debian/gbp.conf: Switch to buster branch webkit2gtk (2.34.6-1~deb10u1) buster-security; urgency=high . * Rebuild for buster-security. * debian/patches/force-single-process.patch: + Force the single-process mode in Evolution and Geary * debian/control: + Remove Breaks for Evolution < 3.34.1. + Remove build dependency on libwpebackend-fdo-1.0-dev, libmanette-0.2-dev and liblcms2-dev. + Switch build dependency from libenchant-2-dev to libenchant-dev. + Switch build dependencies on libgl-dev and libgles-dev with libgl1-mesa-dev and libgles2-mesa-dev. * Downgrade xdg-desktop-portal-gtk from a recommendation to a suggestion (See #989307) * debian/rules: + Build with -DENABLE_GAMEPAD=OFF -DUSE_LCMS=OFF. * Set the debhelper compatibility level back to 10. This fixes a dh_dwz error ".debug_info section not present" - Add debian/compat file. - Update build dependency on debhelper. webkit2gtk (2.34.5-1) unstable; urgency=high . * New upstream release. + Fixes CVE-2022-22589, CVE-2022-22590 and CVE-2022-22592. webkit2gtk (2.34.4-1) unstable; urgency=high . * New upstream release. * Set the debhelper compatibility level to 12: - Get rid of debian/compat. - Add build dependency on debhelper-compat. * debian/rules: - Stop using --builddirectory=build, .gir files no longer seem to contain references to the build directory (see the 2.27.90-1 entry for more details). * debian/copyright: + Update copyright years. webkit2gtk (2.34.4-1~deb11u1) bullseye-security; urgency=high . * Rebuild for bullseye-security. - Fixes CVE-2021-30934, CVE-2021-30936, CVE-2021-30951, CVE-2021-30952, CVE-2021-30953, CVE-2021-30954, CVE-2021-30984. webkit2gtk (2.34.4-1~deb10u1) buster-security; urgency=high . * Rebuild for buster-security. - Fixes CVE-2021-30934, CVE-2021-30936, CVE-2021-30951, CVE-2021-30952, CVE-2021-30953, CVE-2021-30954, CVE-2021-30984. * debian/patches/force-single-process.patch: + Force the single-process mode in Evolution and Geary * debian/control: + Remove Breaks for Evolution < 3.34.1. + Remove build dependency on libwpebackend-fdo-1.0-dev, libmanette-0.2-dev and liblcms2-dev. + Switch build dependency from libenchant-2-dev to libenchant-dev. + Switch build dependencies on libgl-dev and libgles-dev with libgl1-mesa-dev and libgles2-mesa-dev. * Downgrade xdg-desktop-portal-gtk from a recommendation to a suggestion (See #989307) * debian/rules: + Build with -DENABLE_GAMEPAD=OFF -DUSE_LCMS=OFF. * Set the debhelper compatibility level back to 10. This fixes a dh_dwz error ".debug_info section not present" - Add debian/compat file. - Update build dependency on debhelper. webkit2gtk (2.34.3-1) unstable; urgency=high . [ Alberto Garcia ] * New upstream release. * The WebKitGTK security advisory WSA-2021-0007 lists the following security fixes in the latest versions of WebKitGTK: + CVE-2021-30809, CVE-2021-30836 (fixed in 2.32.4). + CVE-2021-30818, CVE-2021-30823, CVE-2021-30884, CVE-2021-30888, CVE-2021-30889, CVE-2021-30897 (fixed in 2.34.0). + CVE-2021-30887, CVE-2021-30890 (fixed in 2.34.3). . [ Sebastien Bacher ] * debian/rules: + Explicitly disable lto since when it's on the build is failing, that doesn't impact Debian by default but is an issue on Ubuntu. (Closes: #1000598) + Don't recommend xdg-desktop-portal-gtk on Ubuntu i386, it's a partial architecture and the binary doesn't exist (Closes: #1000599). webkit2gtk (2.34.3-1~deb11u1) bullseye-security; urgency=high . * Rebuild for bullseye-security. + Fixes CVE-2021-30887, CVE-2021-30890. webkit2gtk (2.34.3-1~deb10u1) buster-security; urgency=high . * Rebuild for buster-security. + Fixes CVE-2021-30887, CVE-2021-30890. * debian/patches/force-single-process.patch: + Force the single-process mode in Evolution and Geary * debian/control: + Remove Breaks for Evolution < 3.34.1. + Remove build dependency on libwpebackend-fdo-1.0-dev, libmanette-0.2-dev and liblcms2-dev. + Switch build dependency from libenchant-2-dev to libenchant-dev. + Switch build dependencies on libgl-dev and libgles-dev with libgl1-mesa-dev and libgles2-mesa-dev. * Downgrade xdg-desktop-portal-gtk from a recommendation to a suggestion (See #989307) * debian/rules: + Build with -DENABLE_GAMEPAD=OFF -DUSE_LCMS=OFF. webkit2gtk (2.34.2-1) unstable; urgency=medium . * New upstream release. webkit2gtk (2.34.2-1~bpo11+1) bullseye-backports; urgency=medium . * Rebuild for bullseye-backports. webkit2gtk (2.34.1-1) unstable; urgency=high . [ Alberto Garcia ] * New upstream release. * debian/rules: + Build with -O1 in sh3 and sh4 (Closes: #995717). * debian/copyright: + Update copyright information of all files. * debian/libwebkit2gtk-4.0-37.symbols: + Update symbols. * debian/libwebkit2gtk-4.0-37.lintian-overrides: + Override library-not-linked-against-libc. * debian/source/lintian-overrides: + Update source-is-missing overrides. * debian/control: + Update Standards-Version to 4.6.0.1 (no changes). . [ Sebastien Bacher ] * debian/control, debian/rules: + handle gstreamer1.0-plugins-bad with the same Ubuntu override than libav, it's also in universe (Closes: #995166). webkit2gtk (2.34.1-1~deb11u1) bullseye-security; urgency=high . * Rebuild for bullseye-security. + Fixes CVE-2021-30846, CVE-2021-30851 and CVE-2021-42762. webkit2gtk (2.34.1-1~deb10u1) buster-security; urgency=high . * Rebuild for buster-security. + Fixes CVE-2021-30846, CVE-2021-30851 and CVE-2021-42762. * debian/patches/force-single-process.patch: + Force the single-process mode in Evolution and Geary * debian/control: + Remove Breaks for Evolution < 3.34.1. + Remove build dependency on libwpebackend-fdo-1.0-dev, libmanette-0.2-dev and liblcms2-dev. + Switch build dependency from libenchant-2-dev to libenchant-dev. + Switch build dependencies on libgl-dev and libgles-dev with libgl1-mesa-dev and libgles2-mesa-dev. * Downgrade xdg-desktop-portal-gtk from a recommendation to a suggestion (See #989307) * debian/rules: + Build with -DENABLE_GAMEPAD=OFF -DUSE_LCMS=OFF. webkit2gtk (2.34.0-1) unstable; urgency=medium . * New upstream release. * Bring all changes from the 2.33 (experimental) branch. * debian/rules: + Build with -DUSE_SOUP2=ON. * debian/control: + Add build dependency on liblcms2-dev (bug #880697). + Remove the dummy libwebkit2gtk-4.0-37-gtk2 package. * debian/copyright: + Update copyright information of all files. * debian/gbp.conf: + Update upstream branch name. * debian/libwebkit2gtk-4.0-37.symbols: + Update symbols. * debian/source/lintian-overrides: + Update source-is-missing overrides. * Refresh all patches. webkit2gtk (2.34.0-1~bpo11+1) bullseye-backports; urgency=medium . * Rebuild for bullseye-backports. . webkit2gtk (2.34.0-1) unstable; urgency=medium . * New upstream release. * Bring all changes from the 2.33 (experimental) branch. * debian/rules: + Build with -DUSE_SOUP2=ON. * debian/control: + Add build dependency on liblcms2-dev (bug #880697). + Remove the dummy libwebkit2gtk-4.0-37-gtk2 package. * debian/copyright: + Update copyright information of all files. * debian/gbp.conf: + Update upstream branch name. * debian/libwebkit2gtk-4.0-37.symbols: + Update symbols. * debian/source/lintian-overrides: + Update source-is-missing overrides. * Refresh all patches. webkit2gtk (2.33.91-1) experimental; urgency=medium . * New upstream development release. * debian/source/lintian-overrides: + Update source-is-missing override. webkit2gtk (2.33.90-1) experimental; urgency=medium . * New upstream development release. * Refresh all patches and drop debian/patches/fix-gtkdoc-build. * debian/copyright: + Update copyright information of all files. * debian/libwebkit2gtk-4.0-37.symbols: + Update symbols. * debian/source/lintian-overrides: + Update source-is-missing override. webkit2gtk (2.33.3-1) experimental; urgency=medium . * New upstream development release. * Refresh all patches. * debian/patches/fix-gtkdoc-build.patch: + Fix gtk-doc build (WebKit bug #229152). * debian/control: + Remove the dummy libwebkit2gtk-4.0-37-gtk2 package. * debian/libwebkit2gtk-4.0-37.symbols: + Update symbols. * debian/source/lintian-overrides: + Update source-is-missing override. webkit2gtk (2.33.2-1) experimental; urgency=medium . * New upstream development release. * Update fix-ftbfs-m68k.patch and drop fix-mips-page-size.patch. * debian/libwebkit2gtk-4.0-37.symbols: + Update symbols. * debian/copyright: + Update copyright information of all files. webkit2gtk (2.33.1-1) experimental; urgency=medium . * New upstream development release. * debian/patches/fix-ftbfs-m68k.patch: + Compile BytecodeGenerator.cpp without optimizations on m68k and sh4, otherwise the build fails due to gcc bugs. * debian/watch, debian/gbp.conf: + Update for 2.33.x packages in experimental. * Refresh all patches. * debian/rules: + Build with -DUSE_SOUP2=ON. * debian/libwebkit2gtk-4.0-37.symbols: + Update symbols. * debian/copyright: + Update copyright information of all files. * debian/control: + Add build dependency on liblcms2-dev (Closes: #880697). * debian/source/lintian-overrides: + Update source-is-missing override. webkit2gtk (2.32.4-1) unstable; urgency=high . * New upstream release. * debian/source/lintian-overrides: + Update source-is-missing overrides. webkit2gtk (2.32.4-1~deb11u1) bullseye-security; urgency=high . * Rebuild for bullseye-security. + Fixes CVE-2021-30858. weechat (2.3-1+deb10u1) buster; urgency=medium . * Non-maintainer upload. * CVE-2020-8955: A crafted irc message 324 (channel mode) could result in a crash. (Closes: #951289) * CVE-2020-9759: A crafted irc message 352 (who) could result in a crash. * CVE-2020-9760: A crafted irc message 005 (setting a new mode for a nick) could result in a crash. * CVE-2021-40516: A crafted WebSocket frame could result in a crash in the Relay plugin. (Closes: #993803) wireshark (2.6.20-0+deb10u3) buster; urgency=medium . * Non-maintainer upload. * CVE-2021-22207: Excessive memory consumption in the MS-WSP dissector. (Closes: #987853) * CVE-2021-22235: Crash in the DNP dissector. * CVE-2021-39921: NULL pointer exception in the Modbus dissector. * CVE-2021-39922: Buffer overflow in the C12.22 dissector. * CVE-2021-39923: Large loop in the PNRP dissector. * CVE-2021-39924: Large loop in the Bluetooth DHT dissector. * CVE-2021-39928: NULL pointer exception in the IEEE 802.11 dissector. * CVE-2021-39929: Uncontrolled Recursion in the Bluetooth DHT dissector. wireshark (2.6.20-0+deb10u2) buster-security; urgency=medium . * debian/watch: Get upstream releases from gitlab * debian/rules: Ignore failing tests on architectures where Lua tests are failing * Fix buffer overflow in the Bluetooth SDP dissector (CVE-2021-39925) * debian/gitlab-ci.yml: Test against buster wordpress (5.0.15+dfsg1-0+deb10u1) buster-security; urgency=high . * Upstream security release Closes: #1003243 - CVE-2022-21662 - Stored XSS through authenticated users - CVE-2022-21663 - Authenticated Object Injection in Multisites - CVE-2022-21661 - WordPress: SQL Injection through WP_Query - CVE-2022-21664 - SQL injection due to improper sanitization in WP_Meta_Query wordpress (5.0.14+dfsg1-0+deb10u1) buster-security; urgency=high . * Security release, fixes 1 bug: - CVE-2021-39201 - XSS in editor Closes: #994059 xorg-server (2:1.20.4-1+deb10u4) buster-security; urgency=high . * record: Fix out of bounds access in SwapCreateRegister() [CVE-2021-4011] * xfixes: Fix out of bounds access in *ProcXFixesCreatePointerBarrier() [CVE-2021-4009] * Xext: Fix out of bounds access in SProcScreenSaverSuspend() [CVE-2021-4010] * render: Fix out of bounds access in SProcRenderCompositeGlyphs() [CVE-2021-4008] xterm (344-1+deb10u2) buster; urgency=medium . * Cherry-pick sixel graphics fixes from xterm 370d and 370f. - Check for out-of-bounds condition while drawing sixels, and quit that operation (report by Nick Black (CVE-2022-24130), Closes: #1004689). zsh (5.7.1-1+deb10u1) buster-security; urgency=high . * [5931be85] Cherry-pick zsh 5.8.1 fixes for CVE-2021-45444 for Buster. * [1894b185] Update CVE-2021-45444 patches to fit NEWS, README and ChangeLog of the 5.7.1 upstream release. * [42c0fa26] Install new Etc/CVE-2021-45444-VCS_Info-workaround.patch into zsh-doc. It is not relevant for Debian's package but gives hints about CVE-2021-45444 mitigations on other platforms which aren't updated yet. * [ce21df9c] Update cherry-pick-CVE-2021-45444_2.patch to use a file name without blanks as actually used in the final 5.8.1 release. zziplib (0.13.62-3.2+deb10u1) buster; urgency=high . * Non-maintainer upload by the LTS Team. * CVE-2020-18442 Because of mishandling a return value, an attacker might cause a denial of service due to an infinite loop. ======================================== Sat, 09 Oct 2021 - Debian 10.11 released ======================================== ========================================================================= [Date: Sat, 09 Oct 2021 10:11:29 -0000] [ftpmaster: Mark Hymers] Removed the following packages from oldstable: linux-headers-4.19.0-16-all-amd64 | 4.19.181-1 | amd64 linux-headers-4.19.0-16-amd64 | 4.19.181-1 | amd64 linux-headers-4.19.0-16-cloud-amd64 | 4.19.181-1 | amd64 linux-headers-4.19.0-16-rt-amd64 | 4.19.181-1 | amd64 linux-image-4.19.0-16-amd64-dbg | 4.19.181-1 | amd64 linux-image-4.19.0-16-amd64-unsigned | 4.19.181-1 | amd64 linux-image-4.19.0-16-cloud-amd64-dbg | 4.19.181-1 | amd64 linux-image-4.19.0-16-cloud-amd64-unsigned | 4.19.181-1 | amd64 linux-image-4.19.0-16-rt-amd64-dbg | 4.19.181-1 | amd64 linux-image-4.19.0-16-rt-amd64-unsigned | 4.19.181-1 | amd64 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 09 Oct 2021 10:11:37 -0000] [ftpmaster: Mark Hymers] Removed the following packages from oldstable: linux-headers-4.19.0-16-all-mipsel | 4.19.181-1 | mipsel ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 09 Oct 2021 10:11:46 -0000] [ftpmaster: Mark Hymers] Removed the following packages from oldstable: ata-modules-4.19.0-16-powerpc64le-di | 4.19.181-1 | ppc64el btrfs-modules-4.19.0-16-powerpc64le-di | 4.19.181-1 | ppc64el cdrom-core-modules-4.19.0-16-powerpc64le-di | 4.19.181-1 | ppc64el compress-modules-4.19.0-16-powerpc64le-di | 4.19.181-1 | ppc64el crc-modules-4.19.0-16-powerpc64le-di | 4.19.181-1 | ppc64el crypto-dm-modules-4.19.0-16-powerpc64le-di | 4.19.181-1 | ppc64el crypto-modules-4.19.0-16-powerpc64le-di | 4.19.181-1 | ppc64el event-modules-4.19.0-16-powerpc64le-di | 4.19.181-1 | ppc64el ext4-modules-4.19.0-16-powerpc64le-di | 4.19.181-1 | ppc64el fancontrol-modules-4.19.0-16-powerpc64le-di | 4.19.181-1 | ppc64el fat-modules-4.19.0-16-powerpc64le-di | 4.19.181-1 | ppc64el fb-modules-4.19.0-16-powerpc64le-di | 4.19.181-1 | ppc64el firewire-core-modules-4.19.0-16-powerpc64le-di | 4.19.181-1 | ppc64el fuse-modules-4.19.0-16-powerpc64le-di | 4.19.181-1 | ppc64el hypervisor-modules-4.19.0-16-powerpc64le-di | 4.19.181-1 | ppc64el i2c-modules-4.19.0-16-powerpc64le-di | 4.19.181-1 | ppc64el input-modules-4.19.0-16-powerpc64le-di | 4.19.181-1 | ppc64el isofs-modules-4.19.0-16-powerpc64le-di | 4.19.181-1 | ppc64el jfs-modules-4.19.0-16-powerpc64le-di | 4.19.181-1 | ppc64el kernel-image-4.19.0-16-powerpc64le-di | 4.19.181-1 | ppc64el linux-headers-4.19.0-16-all-ppc64el | 4.19.181-1 | ppc64el linux-headers-4.19.0-16-powerpc64le | 4.19.181-1 | ppc64el linux-image-4.19.0-16-powerpc64le | 4.19.181-1 | ppc64el linux-image-4.19.0-16-powerpc64le-dbg | 4.19.181-1 | ppc64el loop-modules-4.19.0-16-powerpc64le-di | 4.19.181-1 | ppc64el md-modules-4.19.0-16-powerpc64le-di | 4.19.181-1 | ppc64el mouse-modules-4.19.0-16-powerpc64le-di | 4.19.181-1 | ppc64el mtd-core-modules-4.19.0-16-powerpc64le-di | 4.19.181-1 | ppc64el multipath-modules-4.19.0-16-powerpc64le-di | 4.19.181-1 | ppc64el nbd-modules-4.19.0-16-powerpc64le-di | 4.19.181-1 | ppc64el nic-modules-4.19.0-16-powerpc64le-di | 4.19.181-1 | ppc64el nic-shared-modules-4.19.0-16-powerpc64le-di | 4.19.181-1 | ppc64el nic-usb-modules-4.19.0-16-powerpc64le-di | 4.19.181-1 | ppc64el nic-wireless-modules-4.19.0-16-powerpc64le-di | 4.19.181-1 | ppc64el ppp-modules-4.19.0-16-powerpc64le-di | 4.19.181-1 | ppc64el sata-modules-4.19.0-16-powerpc64le-di | 4.19.181-1 | ppc64el scsi-core-modules-4.19.0-16-powerpc64le-di | 4.19.181-1 | ppc64el scsi-modules-4.19.0-16-powerpc64le-di | 4.19.181-1 | ppc64el scsi-nic-modules-4.19.0-16-powerpc64le-di | 4.19.181-1 | ppc64el serial-modules-4.19.0-16-powerpc64le-di | 4.19.181-1 | ppc64el squashfs-modules-4.19.0-16-powerpc64le-di | 4.19.181-1 | ppc64el udf-modules-4.19.0-16-powerpc64le-di | 4.19.181-1 | ppc64el uinput-modules-4.19.0-16-powerpc64le-di | 4.19.181-1 | ppc64el usb-modules-4.19.0-16-powerpc64le-di | 4.19.181-1 | ppc64el usb-serial-modules-4.19.0-16-powerpc64le-di | 4.19.181-1 | ppc64el usb-storage-modules-4.19.0-16-powerpc64le-di | 4.19.181-1 | ppc64el xfs-modules-4.19.0-16-powerpc64le-di | 4.19.181-1 | ppc64el ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 09 Oct 2021 10:11:54 -0000] [ftpmaster: Mark Hymers] Removed the following packages from oldstable: btrfs-modules-4.19.0-16-s390x-di | 4.19.181-1 | s390x cdrom-core-modules-4.19.0-16-s390x-di | 4.19.181-1 | s390x compress-modules-4.19.0-16-s390x-di | 4.19.181-1 | s390x crc-modules-4.19.0-16-s390x-di | 4.19.181-1 | s390x crypto-dm-modules-4.19.0-16-s390x-di | 4.19.181-1 | s390x crypto-modules-4.19.0-16-s390x-di | 4.19.181-1 | s390x dasd-extra-modules-4.19.0-16-s390x-di | 4.19.181-1 | s390x dasd-modules-4.19.0-16-s390x-di | 4.19.181-1 | s390x ext4-modules-4.19.0-16-s390x-di | 4.19.181-1 | s390x fat-modules-4.19.0-16-s390x-di | 4.19.181-1 | s390x fuse-modules-4.19.0-16-s390x-di | 4.19.181-1 | s390x isofs-modules-4.19.0-16-s390x-di | 4.19.181-1 | s390x kernel-image-4.19.0-16-s390x-di | 4.19.181-1 | s390x linux-headers-4.19.0-16-all-s390x | 4.19.181-1 | s390x linux-headers-4.19.0-16-s390x | 4.19.181-1 | s390x linux-image-4.19.0-16-s390x | 4.19.181-1 | s390x linux-image-4.19.0-16-s390x-dbg | 4.19.181-1 | s390x loop-modules-4.19.0-16-s390x-di | 4.19.181-1 | s390x md-modules-4.19.0-16-s390x-di | 4.19.181-1 | s390x mtd-core-modules-4.19.0-16-s390x-di | 4.19.181-1 | s390x multipath-modules-4.19.0-16-s390x-di | 4.19.181-1 | s390x nbd-modules-4.19.0-16-s390x-di | 4.19.181-1 | s390x nic-modules-4.19.0-16-s390x-di | 4.19.181-1 | s390x scsi-core-modules-4.19.0-16-s390x-di | 4.19.181-1 | s390x scsi-modules-4.19.0-16-s390x-di | 4.19.181-1 | s390x udf-modules-4.19.0-16-s390x-di | 4.19.181-1 | s390x xfs-modules-4.19.0-16-s390x-di | 4.19.181-1 | s390x zlib-modules-4.19.0-16-s390x-di | 4.19.181-1 | s390x ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 09 Oct 2021 10:12:11 -0000] [ftpmaster: Mark Hymers] Removed the following packages from oldstable: linux-headers-4.19.0-16-all | 4.19.181-1 | amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 09 Oct 2021 10:12:19 -0000] [ftpmaster: Mark Hymers] Removed the following packages from oldstable: linux-headers-4.19.0-16-all-arm64 | 4.19.181-1 | arm64 linux-headers-4.19.0-16-arm64 | 4.19.181-1 | arm64 linux-headers-4.19.0-16-rt-arm64 | 4.19.181-1 | arm64 linux-image-4.19.0-16-arm64-dbg | 4.19.181-1 | arm64 linux-image-4.19.0-16-arm64-unsigned | 4.19.181-1 | arm64 linux-image-4.19.0-16-rt-arm64-dbg | 4.19.181-1 | arm64 linux-image-4.19.0-16-rt-arm64-unsigned | 4.19.181-1 | arm64 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 09 Oct 2021 10:12:26 -0000] [ftpmaster: Mark Hymers] Removed the following packages from oldstable: btrfs-modules-4.19.0-16-marvell-di | 4.19.181-1 | armel cdrom-core-modules-4.19.0-16-marvell-di | 4.19.181-1 | armel compress-modules-4.19.0-16-marvell-di | 4.19.181-1 | armel crc-modules-4.19.0-16-marvell-di | 4.19.181-1 | armel crypto-dm-modules-4.19.0-16-marvell-di | 4.19.181-1 | armel crypto-modules-4.19.0-16-marvell-di | 4.19.181-1 | armel event-modules-4.19.0-16-marvell-di | 4.19.181-1 | armel ext4-modules-4.19.0-16-marvell-di | 4.19.181-1 | armel fat-modules-4.19.0-16-marvell-di | 4.19.181-1 | armel fb-modules-4.19.0-16-marvell-di | 4.19.181-1 | armel fuse-modules-4.19.0-16-marvell-di | 4.19.181-1 | armel input-modules-4.19.0-16-marvell-di | 4.19.181-1 | armel ipv6-modules-4.19.0-16-marvell-di | 4.19.181-1 | armel isofs-modules-4.19.0-16-marvell-di | 4.19.181-1 | armel jffs2-modules-4.19.0-16-marvell-di | 4.19.181-1 | armel jfs-modules-4.19.0-16-marvell-di | 4.19.181-1 | armel kernel-image-4.19.0-16-marvell-di | 4.19.181-1 | armel leds-modules-4.19.0-16-marvell-di | 4.19.181-1 | armel linux-headers-4.19.0-16-all-armel | 4.19.181-1 | armel linux-headers-4.19.0-16-marvell | 4.19.181-1 | armel linux-headers-4.19.0-16-rpi | 4.19.181-1 | armel linux-image-4.19.0-16-marvell | 4.19.181-1 | armel linux-image-4.19.0-16-marvell-dbg | 4.19.181-1 | armel linux-image-4.19.0-16-rpi | 4.19.181-1 | armel linux-image-4.19.0-16-rpi-dbg | 4.19.181-1 | armel loop-modules-4.19.0-16-marvell-di | 4.19.181-1 | armel md-modules-4.19.0-16-marvell-di | 4.19.181-1 | armel minix-modules-4.19.0-16-marvell-di | 4.19.181-1 | armel mmc-core-modules-4.19.0-16-marvell-di | 4.19.181-1 | armel mmc-modules-4.19.0-16-marvell-di | 4.19.181-1 | armel mouse-modules-4.19.0-16-marvell-di | 4.19.181-1 | armel mtd-core-modules-4.19.0-16-marvell-di | 4.19.181-1 | armel mtd-modules-4.19.0-16-marvell-di | 4.19.181-1 | armel multipath-modules-4.19.0-16-marvell-di | 4.19.181-1 | armel nbd-modules-4.19.0-16-marvell-di | 4.19.181-1 | armel nic-modules-4.19.0-16-marvell-di | 4.19.181-1 | armel nic-shared-modules-4.19.0-16-marvell-di | 4.19.181-1 | armel nic-usb-modules-4.19.0-16-marvell-di | 4.19.181-1 | armel ppp-modules-4.19.0-16-marvell-di | 4.19.181-1 | armel sata-modules-4.19.0-16-marvell-di | 4.19.181-1 | armel scsi-core-modules-4.19.0-16-marvell-di | 4.19.181-1 | armel squashfs-modules-4.19.0-16-marvell-di | 4.19.181-1 | armel udf-modules-4.19.0-16-marvell-di | 4.19.181-1 | armel uinput-modules-4.19.0-16-marvell-di | 4.19.181-1 | armel usb-modules-4.19.0-16-marvell-di | 4.19.181-1 | armel usb-serial-modules-4.19.0-16-marvell-di | 4.19.181-1 | armel usb-storage-modules-4.19.0-16-marvell-di | 4.19.181-1 | armel zlib-modules-4.19.0-16-marvell-di | 4.19.181-1 | armel ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 09 Oct 2021 10:12:33 -0000] [ftpmaster: Mark Hymers] Removed the following packages from oldstable: ata-modules-4.19.0-16-armmp-di | 4.19.181-1 | armhf btrfs-modules-4.19.0-16-armmp-di | 4.19.181-1 | armhf cdrom-core-modules-4.19.0-16-armmp-di | 4.19.181-1 | armhf compress-modules-4.19.0-16-armmp-di | 4.19.181-1 | armhf crc-modules-4.19.0-16-armmp-di | 4.19.181-1 | armhf crypto-dm-modules-4.19.0-16-armmp-di | 4.19.181-1 | armhf crypto-modules-4.19.0-16-armmp-di | 4.19.181-1 | armhf efi-modules-4.19.0-16-armmp-di | 4.19.181-1 | armhf event-modules-4.19.0-16-armmp-di | 4.19.181-1 | armhf ext4-modules-4.19.0-16-armmp-di | 4.19.181-1 | armhf fat-modules-4.19.0-16-armmp-di | 4.19.181-1 | armhf fb-modules-4.19.0-16-armmp-di | 4.19.181-1 | armhf fuse-modules-4.19.0-16-armmp-di | 4.19.181-1 | armhf i2c-modules-4.19.0-16-armmp-di | 4.19.181-1 | armhf input-modules-4.19.0-16-armmp-di | 4.19.181-1 | armhf isofs-modules-4.19.0-16-armmp-di | 4.19.181-1 | armhf jfs-modules-4.19.0-16-armmp-di | 4.19.181-1 | armhf kernel-image-4.19.0-16-armmp-di | 4.19.181-1 | armhf leds-modules-4.19.0-16-armmp-di | 4.19.181-1 | armhf linux-headers-4.19.0-16-all-armhf | 4.19.181-1 | armhf linux-headers-4.19.0-16-armmp | 4.19.181-1 | armhf linux-headers-4.19.0-16-armmp-lpae | 4.19.181-1 | armhf linux-headers-4.19.0-16-rt-armmp | 4.19.181-1 | armhf linux-image-4.19.0-16-armmp | 4.19.181-1 | armhf linux-image-4.19.0-16-armmp-dbg | 4.19.181-1 | armhf linux-image-4.19.0-16-armmp-lpae | 4.19.181-1 | armhf linux-image-4.19.0-16-armmp-lpae-dbg | 4.19.181-1 | armhf linux-image-4.19.0-16-rt-armmp | 4.19.181-1 | armhf linux-image-4.19.0-16-rt-armmp-dbg | 4.19.181-1 | armhf loop-modules-4.19.0-16-armmp-di | 4.19.181-1 | armhf md-modules-4.19.0-16-armmp-di | 4.19.181-1 | armhf mmc-modules-4.19.0-16-armmp-di | 4.19.181-1 | armhf mtd-modules-4.19.0-16-armmp-di | 4.19.181-1 | armhf multipath-modules-4.19.0-16-armmp-di | 4.19.181-1 | armhf nbd-modules-4.19.0-16-armmp-di | 4.19.181-1 | armhf nic-modules-4.19.0-16-armmp-di | 4.19.181-1 | armhf nic-shared-modules-4.19.0-16-armmp-di | 4.19.181-1 | armhf nic-usb-modules-4.19.0-16-armmp-di | 4.19.181-1 | armhf nic-wireless-modules-4.19.0-16-armmp-di | 4.19.181-1 | armhf pata-modules-4.19.0-16-armmp-di | 4.19.181-1 | armhf ppp-modules-4.19.0-16-armmp-di | 4.19.181-1 | armhf sata-modules-4.19.0-16-armmp-di | 4.19.181-1 | armhf scsi-core-modules-4.19.0-16-armmp-di | 4.19.181-1 | armhf scsi-modules-4.19.0-16-armmp-di | 4.19.181-1 | armhf scsi-nic-modules-4.19.0-16-armmp-di | 4.19.181-1 | armhf squashfs-modules-4.19.0-16-armmp-di | 4.19.181-1 | armhf udf-modules-4.19.0-16-armmp-di | 4.19.181-1 | armhf uinput-modules-4.19.0-16-armmp-di | 4.19.181-1 | armhf usb-modules-4.19.0-16-armmp-di | 4.19.181-1 | armhf usb-serial-modules-4.19.0-16-armmp-di | 4.19.181-1 | armhf usb-storage-modules-4.19.0-16-armmp-di | 4.19.181-1 | armhf zlib-modules-4.19.0-16-armmp-di | 4.19.181-1 | armhf ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 09 Oct 2021 10:12:40 -0000] [ftpmaster: Mark Hymers] Removed the following packages from oldstable: linux-headers-4.19.0-16-686 | 4.19.181-1 | i386 linux-headers-4.19.0-16-686-pae | 4.19.181-1 | i386 linux-headers-4.19.0-16-all-i386 | 4.19.181-1 | i386 linux-headers-4.19.0-16-rt-686-pae | 4.19.181-1 | i386 linux-image-4.19.0-16-686-dbg | 4.19.181-1 | i386 linux-image-4.19.0-16-686-pae-dbg | 4.19.181-1 | i386 linux-image-4.19.0-16-686-pae-unsigned | 4.19.181-1 | i386 linux-image-4.19.0-16-686-unsigned | 4.19.181-1 | i386 linux-image-4.19.0-16-rt-686-pae-dbg | 4.19.181-1 | i386 linux-image-4.19.0-16-rt-686-pae-unsigned | 4.19.181-1 | i386 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 09 Oct 2021 10:12:47 -0000] [ftpmaster: Mark Hymers] Removed the following packages from oldstable: linux-headers-4.19.0-16-all-mips | 4.19.181-1 | mips ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 09 Oct 2021 10:12:58 -0000] [ftpmaster: Mark Hymers] Removed the following packages from oldstable: affs-modules-4.19.0-16-octeon-di | 4.19.181-1 | mips, mips64el, mipsel btrfs-modules-4.19.0-16-octeon-di | 4.19.181-1 | mips, mips64el, mipsel cdrom-core-modules-4.19.0-16-octeon-di | 4.19.181-1 | mips, mips64el, mipsel compress-modules-4.19.0-16-octeon-di | 4.19.181-1 | mips, mips64el, mipsel crc-modules-4.19.0-16-octeon-di | 4.19.181-1 | mips, mips64el, mipsel crypto-dm-modules-4.19.0-16-octeon-di | 4.19.181-1 | mips, mips64el, mipsel crypto-modules-4.19.0-16-octeon-di | 4.19.181-1 | mips, mips64el, mipsel event-modules-4.19.0-16-octeon-di | 4.19.181-1 | mips, mips64el, mipsel ext4-modules-4.19.0-16-octeon-di | 4.19.181-1 | mips, mips64el, mipsel fat-modules-4.19.0-16-octeon-di | 4.19.181-1 | mips, mips64el, mipsel fuse-modules-4.19.0-16-octeon-di | 4.19.181-1 | mips, mips64el, mipsel hfs-modules-4.19.0-16-octeon-di | 4.19.181-1 | mips, mips64el, mipsel input-modules-4.19.0-16-octeon-di | 4.19.181-1 | mips, mips64el, mipsel isofs-modules-4.19.0-16-octeon-di | 4.19.181-1 | mips, mips64el, mipsel jfs-modules-4.19.0-16-octeon-di | 4.19.181-1 | mips, mips64el, mipsel kernel-image-4.19.0-16-octeon-di | 4.19.181-1 | mips, mips64el, mipsel linux-headers-4.19.0-16-5kc-malta | 4.19.181-1 | mips, mips64el, mipsel linux-headers-4.19.0-16-octeon | 4.19.181-1 | mips, mips64el, mipsel linux-image-4.19.0-16-5kc-malta | 4.19.181-1 | mips, mips64el, mipsel linux-image-4.19.0-16-5kc-malta-dbg | 4.19.181-1 | mips, mips64el, mipsel linux-image-4.19.0-16-octeon | 4.19.181-1 | mips, mips64el, mipsel linux-image-4.19.0-16-octeon-dbg | 4.19.181-1 | mips, mips64el, mipsel loop-modules-4.19.0-16-octeon-di | 4.19.181-1 | mips, mips64el, mipsel md-modules-4.19.0-16-octeon-di | 4.19.181-1 | mips, mips64el, mipsel minix-modules-4.19.0-16-octeon-di | 4.19.181-1 | mips, mips64el, mipsel multipath-modules-4.19.0-16-octeon-di | 4.19.181-1 | mips, mips64el, mipsel nbd-modules-4.19.0-16-octeon-di | 4.19.181-1 | mips, mips64el, mipsel nic-modules-4.19.0-16-octeon-di | 4.19.181-1 | mips, mips64el, mipsel nic-shared-modules-4.19.0-16-octeon-di | 4.19.181-1 | mips, mips64el, mipsel nic-usb-modules-4.19.0-16-octeon-di | 4.19.181-1 | mips, mips64el, mipsel nic-wireless-modules-4.19.0-16-octeon-di | 4.19.181-1 | mips, mips64el, mipsel pata-modules-4.19.0-16-octeon-di | 4.19.181-1 | mips, mips64el, mipsel ppp-modules-4.19.0-16-octeon-di | 4.19.181-1 | mips, mips64el, mipsel rtc-modules-4.19.0-16-octeon-di | 4.19.181-1 | mips, mips64el, mipsel sata-modules-4.19.0-16-octeon-di | 4.19.181-1 | mips, mips64el, mipsel scsi-core-modules-4.19.0-16-octeon-di | 4.19.181-1 | mips, mips64el, mipsel scsi-modules-4.19.0-16-octeon-di | 4.19.181-1 | mips, mips64el, mipsel scsi-nic-modules-4.19.0-16-octeon-di | 4.19.181-1 | mips, mips64el, mipsel sound-modules-4.19.0-16-octeon-di | 4.19.181-1 | mips, mips64el, mipsel squashfs-modules-4.19.0-16-octeon-di | 4.19.181-1 | mips, mips64el, mipsel udf-modules-4.19.0-16-octeon-di | 4.19.181-1 | mips, mips64el, mipsel usb-modules-4.19.0-16-octeon-di | 4.19.181-1 | mips, mips64el, mipsel usb-serial-modules-4.19.0-16-octeon-di | 4.19.181-1 | mips, mips64el, mipsel usb-storage-modules-4.19.0-16-octeon-di | 4.19.181-1 | mips, mips64el, mipsel xfs-modules-4.19.0-16-octeon-di | 4.19.181-1 | mips, mips64el, mipsel zlib-modules-4.19.0-16-octeon-di | 4.19.181-1 | mips, mips64el, mipsel ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 09 Oct 2021 10:13:09 -0000] [ftpmaster: Mark Hymers] Removed the following packages from oldstable: affs-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel ata-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel btrfs-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel cdrom-core-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel compress-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel crc-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel crypto-dm-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel crypto-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel event-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel ext4-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel fat-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel fb-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel fuse-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel hfs-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel i2c-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel input-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel isofs-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel jfs-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel kernel-image-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel linux-headers-4.19.0-16-4kc-malta | 4.19.181-1 | mips, mipsel linux-image-4.19.0-16-4kc-malta | 4.19.181-1 | mips, mipsel linux-image-4.19.0-16-4kc-malta-dbg | 4.19.181-1 | mips, mipsel loop-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel md-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel minix-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel mmc-core-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel mmc-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel mouse-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel mtd-core-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel multipath-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel nbd-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel nic-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel nic-shared-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel nic-usb-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel nic-wireless-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel pata-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel ppp-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel sata-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel scsi-core-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel scsi-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel scsi-nic-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel sound-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel squashfs-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel udf-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel usb-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel usb-serial-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel usb-storage-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel xfs-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel zlib-modules-4.19.0-16-4kc-malta-di | 4.19.181-1 | mips, mipsel ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 09 Oct 2021 10:13:17 -0000] [ftpmaster: Mark Hymers] Removed the following packages from oldstable: affs-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el ata-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el btrfs-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el cdrom-core-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el compress-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el crc-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el crypto-dm-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el crypto-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el event-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el ext4-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el fat-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el fb-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el fuse-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el hfs-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el i2c-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el input-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el isofs-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el jfs-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el kernel-image-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el linux-headers-4.19.0-16-all-mips64el | 4.19.181-1 | mips64el loop-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el md-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el minix-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el mmc-core-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el mmc-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el mouse-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el mtd-core-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el multipath-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el nbd-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el nic-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el nic-shared-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el nic-usb-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el nic-wireless-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el pata-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el ppp-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el sata-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el scsi-core-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el scsi-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el scsi-nic-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el sound-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el squashfs-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el udf-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el usb-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el usb-serial-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el usb-storage-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el xfs-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el zlib-modules-4.19.0-16-5kc-malta-di | 4.19.181-1 | mips64el ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 09 Oct 2021 10:13:24 -0000] [ftpmaster: Mark Hymers] Removed the following packages from oldstable: affs-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel ata-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel btrfs-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel cdrom-core-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel compress-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel crc-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel crypto-dm-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel crypto-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel event-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel ext4-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel fat-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel fb-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel firewire-core-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel fuse-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel hfs-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel input-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel isofs-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel jfs-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel kernel-image-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel linux-headers-4.19.0-16-loongson-3 | 4.19.181-1 | mips64el, mipsel linux-image-4.19.0-16-loongson-3 | 4.19.181-1 | mips64el, mipsel linux-image-4.19.0-16-loongson-3-dbg | 4.19.181-1 | mips64el, mipsel loop-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel md-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel minix-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel mtd-core-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel multipath-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel nbd-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel nfs-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel nic-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel nic-shared-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel nic-usb-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel nic-wireless-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel pata-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel ppp-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel sata-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel scsi-core-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel scsi-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel scsi-nic-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel sound-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel speakup-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel squashfs-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel udf-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel usb-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel usb-serial-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel usb-storage-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel xfs-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel zlib-modules-4.19.0-16-loongson-3-di | 4.19.181-1 | mips64el, mipsel ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 09 Oct 2021 10:13:31 -0000] [ftpmaster: Mark Hymers] Removed the following packages from oldstable: acpi-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 ata-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 btrfs-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 cdrom-core-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 compress-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 crc-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 crypto-dm-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 crypto-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 efi-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 event-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 ext4-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 fat-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 fb-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 firewire-core-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 fuse-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 i2c-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 input-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 isofs-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 jfs-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 kernel-image-4.19.0-16-amd64-di | 4.19.181-1 | amd64 linux-image-4.19.0-16-amd64 | 4.19.181-1 | amd64 linux-image-4.19.0-16-cloud-amd64 | 4.19.181-1 | amd64 linux-image-4.19.0-16-rt-amd64 | 4.19.181-1 | amd64 loop-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 md-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 mmc-core-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 mmc-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 mouse-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 mtd-core-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 multipath-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 nbd-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 nic-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 nic-pcmcia-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 nic-shared-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 nic-usb-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 nic-wireless-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 pata-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 pcmcia-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 pcmcia-storage-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 ppp-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 sata-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 scsi-core-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 scsi-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 scsi-nic-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 serial-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 sound-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 speakup-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 squashfs-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 udf-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 uinput-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 usb-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 usb-serial-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 usb-storage-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 xfs-modules-4.19.0-16-amd64-di | 4.19.181-1 | amd64 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux-signed-amd64) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 09 Oct 2021 10:13:39 -0000] [ftpmaster: Mark Hymers] Removed the following packages from oldstable: ata-modules-4.19.0-16-arm64-di | 4.19.181-1 | arm64 btrfs-modules-4.19.0-16-arm64-di | 4.19.181-1 | arm64 cdrom-core-modules-4.19.0-16-arm64-di | 4.19.181-1 | arm64 compress-modules-4.19.0-16-arm64-di | 4.19.181-1 | arm64 crc-modules-4.19.0-16-arm64-di | 4.19.181-1 | arm64 crypto-dm-modules-4.19.0-16-arm64-di | 4.19.181-1 | arm64 crypto-modules-4.19.0-16-arm64-di | 4.19.181-1 | arm64 efi-modules-4.19.0-16-arm64-di | 4.19.181-1 | arm64 event-modules-4.19.0-16-arm64-di | 4.19.181-1 | arm64 ext4-modules-4.19.0-16-arm64-di | 4.19.181-1 | arm64 fat-modules-4.19.0-16-arm64-di | 4.19.181-1 | arm64 fb-modules-4.19.0-16-arm64-di | 4.19.181-1 | arm64 fuse-modules-4.19.0-16-arm64-di | 4.19.181-1 | arm64 i2c-modules-4.19.0-16-arm64-di | 4.19.181-1 | arm64 input-modules-4.19.0-16-arm64-di | 4.19.181-1 | arm64 isofs-modules-4.19.0-16-arm64-di | 4.19.181-1 | arm64 jfs-modules-4.19.0-16-arm64-di | 4.19.181-1 | arm64 kernel-image-4.19.0-16-arm64-di | 4.19.181-1 | arm64 leds-modules-4.19.0-16-arm64-di | 4.19.181-1 | arm64 linux-image-4.19.0-16-arm64 | 4.19.181-1 | arm64 linux-image-4.19.0-16-rt-arm64 | 4.19.181-1 | arm64 loop-modules-4.19.0-16-arm64-di | 4.19.181-1 | arm64 md-modules-4.19.0-16-arm64-di | 4.19.181-1 | arm64 mmc-modules-4.19.0-16-arm64-di | 4.19.181-1 | arm64 mtd-core-modules-4.19.0-16-arm64-di | 4.19.181-1 | arm64 multipath-modules-4.19.0-16-arm64-di | 4.19.181-1 | arm64 nbd-modules-4.19.0-16-arm64-di | 4.19.181-1 | arm64 nic-modules-4.19.0-16-arm64-di | 4.19.181-1 | arm64 nic-shared-modules-4.19.0-16-arm64-di | 4.19.181-1 | arm64 nic-usb-modules-4.19.0-16-arm64-di | 4.19.181-1 | arm64 nic-wireless-modules-4.19.0-16-arm64-di | 4.19.181-1 | arm64 ppp-modules-4.19.0-16-arm64-di | 4.19.181-1 | arm64 sata-modules-4.19.0-16-arm64-di | 4.19.181-1 | arm64 scsi-core-modules-4.19.0-16-arm64-di | 4.19.181-1 | arm64 scsi-modules-4.19.0-16-arm64-di | 4.19.181-1 | arm64 scsi-nic-modules-4.19.0-16-arm64-di | 4.19.181-1 | arm64 squashfs-modules-4.19.0-16-arm64-di | 4.19.181-1 | arm64 udf-modules-4.19.0-16-arm64-di | 4.19.181-1 | arm64 uinput-modules-4.19.0-16-arm64-di | 4.19.181-1 | arm64 usb-modules-4.19.0-16-arm64-di | 4.19.181-1 | arm64 usb-serial-modules-4.19.0-16-arm64-di | 4.19.181-1 | arm64 usb-storage-modules-4.19.0-16-arm64-di | 4.19.181-1 | arm64 xfs-modules-4.19.0-16-arm64-di | 4.19.181-1 | arm64 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux-signed-arm64) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 09 Oct 2021 10:13:47 -0000] [ftpmaster: Mark Hymers] Removed the following packages from oldstable: acpi-modules-4.19.0-16-686-di | 4.19.181-1 | i386 acpi-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 ata-modules-4.19.0-16-686-di | 4.19.181-1 | i386 ata-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 btrfs-modules-4.19.0-16-686-di | 4.19.181-1 | i386 btrfs-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 cdrom-core-modules-4.19.0-16-686-di | 4.19.181-1 | i386 cdrom-core-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 compress-modules-4.19.0-16-686-di | 4.19.181-1 | i386 compress-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 crc-modules-4.19.0-16-686-di | 4.19.181-1 | i386 crc-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 crypto-dm-modules-4.19.0-16-686-di | 4.19.181-1 | i386 crypto-dm-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 crypto-modules-4.19.0-16-686-di | 4.19.181-1 | i386 crypto-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 efi-modules-4.19.0-16-686-di | 4.19.181-1 | i386 efi-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 event-modules-4.19.0-16-686-di | 4.19.181-1 | i386 event-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 ext4-modules-4.19.0-16-686-di | 4.19.181-1 | i386 ext4-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 fat-modules-4.19.0-16-686-di | 4.19.181-1 | i386 fat-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 fb-modules-4.19.0-16-686-di | 4.19.181-1 | i386 fb-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 firewire-core-modules-4.19.0-16-686-di | 4.19.181-1 | i386 firewire-core-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 fuse-modules-4.19.0-16-686-di | 4.19.181-1 | i386 fuse-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 i2c-modules-4.19.0-16-686-di | 4.19.181-1 | i386 i2c-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 input-modules-4.19.0-16-686-di | 4.19.181-1 | i386 input-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 isofs-modules-4.19.0-16-686-di | 4.19.181-1 | i386 isofs-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 jfs-modules-4.19.0-16-686-di | 4.19.181-1 | i386 jfs-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 kernel-image-4.19.0-16-686-di | 4.19.181-1 | i386 kernel-image-4.19.0-16-686-pae-di | 4.19.181-1 | i386 linux-image-4.19.0-16-686 | 4.19.181-1 | i386 linux-image-4.19.0-16-686-pae | 4.19.181-1 | i386 linux-image-4.19.0-16-rt-686-pae | 4.19.181-1 | i386 loop-modules-4.19.0-16-686-di | 4.19.181-1 | i386 loop-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 md-modules-4.19.0-16-686-di | 4.19.181-1 | i386 md-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 mmc-core-modules-4.19.0-16-686-di | 4.19.181-1 | i386 mmc-core-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 mmc-modules-4.19.0-16-686-di | 4.19.181-1 | i386 mmc-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 mouse-modules-4.19.0-16-686-di | 4.19.181-1 | i386 mouse-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 mtd-core-modules-4.19.0-16-686-di | 4.19.181-1 | i386 mtd-core-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 multipath-modules-4.19.0-16-686-di | 4.19.181-1 | i386 multipath-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 nbd-modules-4.19.0-16-686-di | 4.19.181-1 | i386 nbd-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 nic-modules-4.19.0-16-686-di | 4.19.181-1 | i386 nic-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 nic-pcmcia-modules-4.19.0-16-686-di | 4.19.181-1 | i386 nic-pcmcia-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 nic-shared-modules-4.19.0-16-686-di | 4.19.181-1 | i386 nic-shared-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 nic-usb-modules-4.19.0-16-686-di | 4.19.181-1 | i386 nic-usb-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 nic-wireless-modules-4.19.0-16-686-di | 4.19.181-1 | i386 nic-wireless-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 pata-modules-4.19.0-16-686-di | 4.19.181-1 | i386 pata-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 pcmcia-modules-4.19.0-16-686-di | 4.19.181-1 | i386 pcmcia-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 pcmcia-storage-modules-4.19.0-16-686-di | 4.19.181-1 | i386 pcmcia-storage-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 ppp-modules-4.19.0-16-686-di | 4.19.181-1 | i386 ppp-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 sata-modules-4.19.0-16-686-di | 4.19.181-1 | i386 sata-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 scsi-core-modules-4.19.0-16-686-di | 4.19.181-1 | i386 scsi-core-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 scsi-modules-4.19.0-16-686-di | 4.19.181-1 | i386 scsi-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 scsi-nic-modules-4.19.0-16-686-di | 4.19.181-1 | i386 scsi-nic-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 serial-modules-4.19.0-16-686-di | 4.19.181-1 | i386 serial-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 sound-modules-4.19.0-16-686-di | 4.19.181-1 | i386 sound-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 speakup-modules-4.19.0-16-686-di | 4.19.181-1 | i386 speakup-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 squashfs-modules-4.19.0-16-686-di | 4.19.181-1 | i386 squashfs-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 udf-modules-4.19.0-16-686-di | 4.19.181-1 | i386 udf-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 uinput-modules-4.19.0-16-686-di | 4.19.181-1 | i386 uinput-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 usb-modules-4.19.0-16-686-di | 4.19.181-1 | i386 usb-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 usb-serial-modules-4.19.0-16-686-di | 4.19.181-1 | i386 usb-serial-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 usb-storage-modules-4.19.0-16-686-di | 4.19.181-1 | i386 usb-storage-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 xfs-modules-4.19.0-16-686-di | 4.19.181-1 | i386 xfs-modules-4.19.0-16-686-pae-di | 4.19.181-1 | i386 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux-signed-i386) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 09 Oct 2021 10:14:03 -0000] [ftpmaster: Mark Hymers] Removed the following packages from oldstable: linux-headers-4.19.0-16-common | 4.19.181-1 | all linux-headers-4.19.0-16-common-rt | 4.19.181-1 | all linux-support-4.19.0-16 | 4.19.181-1 | all ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux - based on source metadata) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 09 Oct 2021 10:03:38 -0000] [ftpmaster: Archive Administrator] Removed the following packages from oldstable: libprotocol-acme-perl | 1.01-3 | source, all Closed bugs: 990293 ------------------- Reason ------------------- RoQA; only supports obsolete ACME version 1 ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 09 Oct 2021 10:04:06 -0000] [ftpmaster: Archive Administrator] Removed the following packages from oldstable: birdtray | 1.5-1 | source, amd64, arm64, armel, armhf, i386, mips64el, ppc64el, s390x Closed bugs: 992193 ------------------- Reason ------------------- RoM; incompatible with newer Thunderbird versions ---------------------------------------------- ========================================================================= ansible (2.7.7+dfsg-1+deb10u1) buster-security; urgency=medium . [ Markus Koschany ] * CVE-2019-10156 * CVE-2019-10206 * CVE-2019-14846 * CVE-2019-14864 * CVE-2019-14904 * CVE-2020-10684 * CVE-2020-10685 * CVE-2020-10729 * CVE-2020-14330 * CVE-2020-14332 * CVE-2020-14365 * CVE-2020-1733 * CVE-2020-1735 * CVE-2020-1739 * CVE-2020-1740 * CVE-2020-1746 * CVE-2020-1753 * CVE-2021-20228 . [ Lee Garrett ] * Add python3-distutils to Depends (Closes: #962332) apache2 (2.4.38-3+deb10u5) buster-security; urgency=medium . * Fix "NULL pointer dereference on specially crafted HTTP/2 request" (Closes: #989562, CVE-2021-31618) * Fix various low security issues (Closes: CVE-2020-35452, CVE-2021-26690, CVE-2021-26691, CVE-2021-30641) and fix related test aspell (0.60.7~20110707-6+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the LTS Team. * CVE-2019-17544 It was discovered that Aspell incorrectly handled certain inputs which leads to a stack-based buffer over-read. An attacker could potentially access sensitive information. . [ Agustin Martin Domingo ] * CVE-2019-25051 (Closes: #991307) objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow atftp (0.7.git20120829-3.2~deb10u2) buster; urgency=medium . * Fix for CVE-2021-41054 (Closes: #994895) base-files (10.3+deb10u11) buster; urgency=medium . * Change /etc/debian_version to 10.11, for Debian 10.11 point release. bluez (5.50-1.2~deb10u2) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * shared/att: Fix possible crash on disconnect (CVE-2020-27153) * shared/gatt-server: Fix not properly checking for secure flags (CVE-2020-26558, CVE-2021-0129) (Closes: #989614) btrbk (0.27.1-1+deb10u1) buster; urgency=high . * Non-maintainer upload by the LTS Team. * CVE-2021-38173 fixes a security vulnerability which would have allowed for an arbitrary code execution c-ares (1.14.0-1+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * Missing input validation on hostnames returned by DNS servers (CVE-2021-3672) - ares_expand_name() should escape more characters - ares_expand_name(): fix formatting and handling of root name response clamav (0.103.3+dfsg-0+deb10u1) buster; urgency=medium . * Import 0.103.3 - Update symbol file. - Regression: clamdscan segfaults with --fdpass --multipass and ExcludePath (Closes: #988218). * Remove clamav user on purge (Closes: #987861). * Remove freshclam.dat on purge. clamav (0.103.2+dfsg-2) unstable; urgency=medium . * Remove deprecated option SafeBrowsing from debconf templates. clamav (0.103.2+dfsg-1) unstable; urgency=medium . * Import 0.103.2 - CVE-2021-1252 (Fix for Excel XLM parser infinite loop.) - CVE-2021-1404 (Fix for PDF parser buffer over-read; possible crash.) - CVE-2021-1405 (Fix for mail parser NULL-dereference crash.) - Update symbol file. (Closes: #986622). commons-io (2.6-2+deb10u1) buster; urgency=medium . * Team upload. * Fix CVE-2021-29425: When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value. cyrus-imapd (3.0.8-6+deb10u6) buster; urgency=medium . * Replace string hashing algorithm (Closes: #993433, CVE-2021-33582) debconf (1.5.71+deb10u1) buster; urgency=medium . * Check that whiptail or dialog is actually usable (closes: #985572). debian-installer (20190702+deb10u11) buster; urgency=medium . * Bump Linux ABI to 4.19.0-18. debian-installer-netboot-images (20190702+deb10u11) buster; urgency=medium . * Update to 20190702+deb10u11, from buster-proposed-updates. distcc (3.3.2-10+deb10u1) buster; urgency=medium . * Fix (again) update-distcc-symlinks script for gcc cross compiler and add clang symlinks (Closes: #919704) distro-info-data (0.41+deb10u4) buster; urgency=medium . * Update data to 0.51, without new columns: - Add estimated date for Buster EOL. - Correct the EOL date for Debian Jessie. - Add Debian 13 "Trixie", with a rough date. - Add Ubuntu 21.10, Impish Indri. - Move Ubuntu EoLs off weekends. - Validate that Ubuntu EoLs occur during the week. - Set bullseye's release date, bookworm's creation date, and buster's EoL date based on the updated planned bullseye release date. dwarf-fortress (0.44.12+dfsg1-0+deb10u1) buster; urgency=high . * Remove unnecessary code copies with license violations from source tarball. (Closes: #986119) dwarf-fortress (0.44.12-3) unstable; urgency=medium . * Keep gamelog.txt and errlog.txt in the user run directory * Fix bug that made the help screens inaccessible * Add recommends on libopenal1 * Bump Standards-Version . dwarf-fortress (0.44.12-2) experimental; urgency=medium . * Remove the need for unionfs-fuse * Move configuration files to $XDG_CONFIG_HOME dwarf-fortress (0.44.12-2) experimental; urgency=medium . * Remove the need for unionfs-fuse * Move configuration files to $XDG_CONFIG_HOME espeak-ng (1.49.2+dfsg-8+deb10u1) buster; urgency=medium . * patches/mbrola-fr4: Fix using espeak with mbrola-fr4 when mbrola-fr1 is not installed. exiv2 (0.25-4+deb10u2) buster-security; urgency=medium . * CVE-2021-31291 (Closes: #991705) The fix for CVE-2021-31291 also required to backport a few patches that fix some (harmless) CVEs alongside: - CVE-2019-20421 (Closes: #950183) - CVE-2021-3482 (Closes: #986888) - CVE-2021-29457 (Closes: #987277) - CVE-2021-29473 (Closes: #991705) * CVE-2021-31292 (Closes: #991706) firefox-esr (78.14.0esr-1~deb10u1) buster-security; urgency=medium . * New upstream release. * Fixes for mfsa2021-39, also known as CVE-2021-38493. . * debian/import-tar.py, debian/repack.py: Fixed for python 3.9. firefox-esr (78.13.0esr-1) unstable; urgency=medium . * New upstream release. * Fixes for mfsa2021-34, also known as: CVE-2021-29986, CVE-2021-29988, CVE-2021-29984, CVE-2021-29980, CVE-2021-29985, CVE-2021-29989. firefox-esr (78.13.0esr-1~deb11u1) bullseye-security; urgency=medium . * New upstream release. * Fixes for mfsa2021-34, also known as: CVE-2021-29986, CVE-2021-29988, CVE-2021-29984, CVE-2021-29980, CVE-2021-29985, CVE-2021-29989. firefox-esr (78.13.0esr-1~deb10u1) buster-security; urgency=medium . * New upstream release. * Fixes for mfsa2021-34, also known as: CVE-2021-29986, CVE-2021-29988, CVE-2021-29984, CVE-2021-29980, CVE-2021-29985, CVE-2021-29989. firefox-esr (78.12.0esr-1) unstable; urgency=medium . * New upstream release. * Fixes for mfsa2021-29, also known as: CVE-2021-29970, CVE-2021-30547, CVE-2021-29976. firefox-esr (78.12.0esr-1~deb10u1) buster-security; urgency=medium . * New upstream release. * Fixes for mfsa2021-29, also known as: CVE-2021-29970, CVE-2021-30547, CVE-2021-29976. firefox-esr (78.11.0esr-1) unstable; urgency=medium . * New upstream release. * Fixes for mfsa2021-24, also known as CVE-2021-29967. gcc-mingw-w64 (21.3~deb10u2) buster; urgency=medium . * Fix gcov handling: we need to tell GCC that we have headers, without telling it where, and then we need to correct its default assumption about where they are. Closes: #989862. LP: #1883933, #1920988. grilo (0.3.7-1+deb10u1) buster-security; urgency=high . * fix-tls-cert-validation.patch: - Fix TLS cert validation not being done for any network call (Closes: #992971, CVE-2021-39365). gthumb (3:3.6.2-4+deb10u1) buster; urgency=medium . * Non-maintainer upload by the LTS Team. * CVE-2019-20326 (Closes: #948197) A heap-based buffer overflow in _cairo_image_surface_create_from_jpeg() in extensions/cairo_io/cairo-image-surface-jpeg.c allows attackers to cause a crash and potentially execute arbitrary code via a crafted JPEG file. * additional fix in case orientation swaps width and height hg-git (0.8.12-1+deb10u1) buster; urgency=medium . * Team upload. * Cherry-pick relaxed output check in test suite (Closes: #933100) htslib (1.9-12~deb10u1) buster; urgency=medium . * Rebuild for buster. . htslib (1.9-12) unstable; urgency=medium . * Fix for the autopkgtest on i386 means we can re-enable it! (Closes: #942580) http-parser (2.8.1-1+deb10u1) buster; urgency=medium . * Cherry-pick "Support multi-coding Transfer-Encoding". Closes: #977467 [CVE-2019-15605] intel-microcode (3.20210608.2~deb10u1) buster-security; urgency=high . * SECURITY UPDATE with known possible regressions * Refer to the changelog entry for 3.20210608.1 for the list of security fixes in this release. * Possible regression: CoffeLake processors with signature 0x906ea *and* Intel Wireless LAN on-board - The Intel WiFi firmware might stop working, refer to: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/56 * Possible regression: Skylake R0/D0 (signatures 0x406e3 and 0x506e3), - Motherboards with severely outdated firmware where the UEFI/BIOS microcode revision is less than 0x80 may hang on boot. Refer to: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31 * Reintroduces all fixes (including several security updates) to Skylake D0/R0 that were temporarily disabled in past releases. Refer to changelog entries since (and including) 3.20200609.1 for the list of security fixes. . intel-microcode (3.20210608.2) unstable; urgency=high . * Correct INTEL-SA-00442 CVE id to CVE-2020-24489 in changelog and debian/changelog (3.20210608.1). . intel-microcode (3.20210608.1) unstable; urgency=high . * New upstream microcode datafile 20210608 (closes: #989615) * Implements mitigations for CVE-2020-24511 CVE-2020-24512 (INTEL-SA-00464), information leakage through shared resources, and timing discrepancy sidechannels * Implements mitigations for CVE-2020-24513 (INTEL-SA-00465), Domain-bypass transient execution vulnerability in some Intel Atom Processors, affects Intel SGX. * Implements mitigations for CVE-2020-24489 (INTEL-SA-00442), Intel VT-d privilege escalation * Fixes critical errata on several processors * New Microcodes: sig 0x00050655, pf_mask 0xb7, 2018-11-16, rev 0x3000010, size 47104 sig 0x000606a5, pf_mask 0x87, 2021-03-08, rev 0xc0002f0, size 283648 sig 0x000606a6, pf_mask 0x87, 2021-04-25, rev 0xd0002a0, size 283648 sig 0x00080664, pf_mask 0x01, 2021-02-17, rev 0xb00000f, size 130048 sig 0x00080665, pf_mask 0x01, 2021-02-17, rev 0xb00000f, size 130048 sig 0x000806c1, pf_mask 0x80, 2021-03-31, rev 0x0088, size 109568 sig 0x000806c2, pf_mask 0xc2, 2021-04-07, rev 0x0016, size 94208 sig 0x000806d1, pf_mask 0xc2, 2021-04-23, rev 0x002c, size 99328 sig 0x00090661, pf_mask 0x01, 2021-02-04, rev 0x0011, size 19456 sig 0x000906c0, pf_mask 0x01, 2021-03-23, rev 0x001d, size 19456 sig 0x000a0671, pf_mask 0x02, 2021-04-11, rev 0x0040, size 100352 * Updated Microcodes: sig 0x000306f2, pf_mask 0x6f, 2021-01-27, rev 0x0046, size 34816 sig 0x000306f4, pf_mask 0x80, 2021-02-05, rev 0x0019, size 19456 sig 0x000406e3, pf_mask 0xc0, 2021-01-25, rev 0x00ea, size 105472 sig 0x000406f1, pf_mask 0xef, 2021-02-06, rev 0xb00003e, size 31744 sig 0x00050653, pf_mask 0x97, 2021-03-08, rev 0x100015b, size 34816 sig 0x00050654, pf_mask 0xb7, 2021-03-08, rev 0x2006b06, size 36864 sig 0x00050656, pf_mask 0xbf, 2021-03-08, rev 0x4003102, size 30720 sig 0x00050657, pf_mask 0xbf, 2021-03-08, rev 0x5003102, size 30720 sig 0x0005065b, pf_mask 0xbf, 2021-04-23, rev 0x7002302, size 27648 sig 0x00050663, pf_mask 0x10, 2021-02-04, rev 0x700001b, size 24576 sig 0x00050664, pf_mask 0x10, 2021-02-04, rev 0xf000019, size 24576 sig 0x00050665, pf_mask 0x10, 2021-02-04, rev 0xe000012, size 19456 sig 0x000506c9, pf_mask 0x03, 2020-10-23, rev 0x0044, size 17408 sig 0x000506ca, pf_mask 0x03, 2020-10-23, rev 0x0020, size 15360 sig 0x000506e3, pf_mask 0x36, 2021-01-25, rev 0x00ea, size 105472 sig 0x000506f1, pf_mask 0x01, 2020-10-23, rev 0x0034, size 11264 sig 0x000706a1, pf_mask 0x01, 2020-10-23, rev 0x0036, size 74752 sig 0x000706a8, pf_mask 0x01, 2020-10-23, rev 0x001a, size 75776 sig 0x000706e5, pf_mask 0x80, 2020-11-01, rev 0x00a6, size 110592 sig 0x000806a1, pf_mask 0x10, 2020-11-06, rev 0x002a, size 32768 sig 0x000806e9, pf_mask 0x10, 2021-01-05, rev 0x00ea, size 104448 sig 0x000806e9, pf_mask 0xc0, 2021-01-05, rev 0x00ea, size 104448 sig 0x000806ea, pf_mask 0xc0, 2021-01-06, rev 0x00ea, size 103424 sig 0x000806eb, pf_mask 0xd0, 2021-01-05, rev 0x00ea, size 104448 sig 0x000806ec, pf_mask 0x94, 2021-01-05, rev 0x00ea, size 104448 sig 0x000906e9, pf_mask 0x2a, 2021-01-05, rev 0x00ea, size 104448 sig 0x000906ea, pf_mask 0x22, 2021-01-05, rev 0x00ea, size 102400 sig 0x000906eb, pf_mask 0x02, 2021-01-05, rev 0x00ea, size 104448 sig 0x000906ec, pf_mask 0x22, 2021-01-05, rev 0x00ea, size 103424 sig 0x000906ed, pf_mask 0x22, 2021-01-05, rev 0x00ea, size 103424 sig 0x000a0652, pf_mask 0x20, 2021-02-07, rev 0x00ea, size 93184 sig 0x000a0653, pf_mask 0x22, 2021-03-08, rev 0x00ea, size 94208 sig 0x000a0655, pf_mask 0x22, 2021-03-08, rev 0x00ec, size 94208 sig 0x000a0660, pf_mask 0x80, 2020-12-08, rev 0x00e8, size 94208 sig 0x000a0661, pf_mask 0x80, 2021-02-07, rev 0x00ea, size 93184 * source: update symlinks to reflect id of the latest release, 20210608 intel-microcode (3.20210608.1) unstable; urgency=high . * New upstream microcode datafile 20210608 (closes: #989615) * Implements mitigations for CVE-2020-24511 CVE-2020-24512 (INTEL-SA-00464), information leakage through shared resources, and timing discrepancy sidechannels * Implements mitigations for CVE-2020-24513 (INTEL-SA-00465), Domain-bypass transient execution vulnerability in some Intel Atom Processors, affects Intel SGX. * Implements mitigations for CVE-2021-24489 (INTEL-SA-00442), Intel VT-d privilege escalation * Fixes critical errata on several processors * New Microcodes: sig 0x00050655, pf_mask 0xb7, 2018-11-16, rev 0x3000010, size 47104 sig 0x000606a5, pf_mask 0x87, 2021-03-08, rev 0xc0002f0, size 283648 sig 0x000606a6, pf_mask 0x87, 2021-04-25, rev 0xd0002a0, size 283648 sig 0x00080664, pf_mask 0x01, 2021-02-17, rev 0xb00000f, size 130048 sig 0x00080665, pf_mask 0x01, 2021-02-17, rev 0xb00000f, size 130048 sig 0x000806c1, pf_mask 0x80, 2021-03-31, rev 0x0088, size 109568 sig 0x000806c2, pf_mask 0xc2, 2021-04-07, rev 0x0016, size 94208 sig 0x000806d1, pf_mask 0xc2, 2021-04-23, rev 0x002c, size 99328 sig 0x00090661, pf_mask 0x01, 2021-02-04, rev 0x0011, size 19456 sig 0x000906c0, pf_mask 0x01, 2021-03-23, rev 0x001d, size 19456 sig 0x000a0671, pf_mask 0x02, 2021-04-11, rev 0x0040, size 100352 * Updated Microcodes: sig 0x000306f2, pf_mask 0x6f, 2021-01-27, rev 0x0046, size 34816 sig 0x000306f4, pf_mask 0x80, 2021-02-05, rev 0x0019, size 19456 sig 0x000406e3, pf_mask 0xc0, 2021-01-25, rev 0x00ea, size 105472 sig 0x000406f1, pf_mask 0xef, 2021-02-06, rev 0xb00003e, size 31744 sig 0x00050653, pf_mask 0x97, 2021-03-08, rev 0x100015b, size 34816 sig 0x00050654, pf_mask 0xb7, 2021-03-08, rev 0x2006b06, size 36864 sig 0x00050656, pf_mask 0xbf, 2021-03-08, rev 0x4003102, size 30720 sig 0x00050657, pf_mask 0xbf, 2021-03-08, rev 0x5003102, size 30720 sig 0x0005065b, pf_mask 0xbf, 2021-04-23, rev 0x7002302, size 27648 sig 0x00050663, pf_mask 0x10, 2021-02-04, rev 0x700001b, size 24576 sig 0x00050664, pf_mask 0x10, 2021-02-04, rev 0xf000019, size 24576 sig 0x00050665, pf_mask 0x10, 2021-02-04, rev 0xe000012, size 19456 sig 0x000506c9, pf_mask 0x03, 2020-10-23, rev 0x0044, size 17408 sig 0x000506ca, pf_mask 0x03, 2020-10-23, rev 0x0020, size 15360 sig 0x000506e3, pf_mask 0x36, 2021-01-25, rev 0x00ea, size 105472 sig 0x000506f1, pf_mask 0x01, 2020-10-23, rev 0x0034, size 11264 sig 0x000706a1, pf_mask 0x01, 2020-10-23, rev 0x0036, size 74752 sig 0x000706a8, pf_mask 0x01, 2020-10-23, rev 0x001a, size 75776 sig 0x000706e5, pf_mask 0x80, 2020-11-01, rev 0x00a6, size 110592 sig 0x000806a1, pf_mask 0x10, 2020-11-06, rev 0x002a, size 32768 sig 0x000806e9, pf_mask 0x10, 2021-01-05, rev 0x00ea, size 104448 sig 0x000806e9, pf_mask 0xc0, 2021-01-05, rev 0x00ea, size 104448 sig 0x000806ea, pf_mask 0xc0, 2021-01-06, rev 0x00ea, size 103424 sig 0x000806eb, pf_mask 0xd0, 2021-01-05, rev 0x00ea, size 104448 sig 0x000806ec, pf_mask 0x94, 2021-01-05, rev 0x00ea, size 104448 sig 0x000906e9, pf_mask 0x2a, 2021-01-05, rev 0x00ea, size 104448 sig 0x000906ea, pf_mask 0x22, 2021-01-05, rev 0x00ea, size 102400 sig 0x000906eb, pf_mask 0x02, 2021-01-05, rev 0x00ea, size 104448 sig 0x000906ec, pf_mask 0x22, 2021-01-05, rev 0x00ea, size 103424 sig 0x000906ed, pf_mask 0x22, 2021-01-05, rev 0x00ea, size 103424 sig 0x000a0652, pf_mask 0x20, 2021-02-07, rev 0x00ea, size 93184 sig 0x000a0653, pf_mask 0x22, 2021-03-08, rev 0x00ea, size 94208 sig 0x000a0655, pf_mask 0x22, 2021-03-08, rev 0x00ec, size 94208 sig 0x000a0660, pf_mask 0x80, 2020-12-08, rev 0x00e8, size 94208 sig 0x000a0661, pf_mask 0x80, 2021-02-07, rev 0x00ea, size 93184 * source: update symlinks to reflect id of the latest release, 20210608 intel-microcode (3.20210216.1) unstable; urgency=medium . * New upstream microcode datafile 20210216 * Mitigates an issue on Skylake Server (H0/M0/U0), Xeon-D 21xx, and Cascade Lake Server (B0/B1) when using an active JTAG agent like In Target Probe (ITP), Direct Connect Interface (DCI) or a Baseboard Management Controller (BMC) to take the CPU JTAG/TAP out of reset and then returning it to reset. * This issue is related to the INTEL-SA-00381 mitigation. * Updated Microcodes: sig 0x00050654, pf_mask 0xb7, 2020-12-31, rev 0x2006a0a, size 36864 sig 0x00050656, pf_mask 0xbf, 2020-12-31, rev 0x4003006, size 53248 sig 0x00050657, pf_mask 0xbf, 2020-12-31, rev 0x5003006, size 53248 * source: update symlinks to reflect id of the latest release, 20210216 irssi (1.2.0-2+deb10u1) buster; urgency=medium . * Import upstream security fix for CVE-2019-13045 (closes: #931264) java-atk-wrapper (0.33.3-22+deb10u1) buster; urgency=medium . * patches/dbus: Also detect at-spi through dbus. jetty9 (9.4.16-0+deb10u1) buster-security; urgency=high . * Team upload. * New upstream version 9.4.16. - Fix CVE-2019-10241: The server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents. - Fix CVE-2019-10247: The server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches the requested path. The default server behavior on jetty-distribution and jetty-home will include at the end of the Handler tree a DefaultHandler, which is responsible for reporting this 404 error, it presents the various configured contexts as HTML for users to click through to. This produced HTML includes output that contains the configured fully qualified directory base resource location for each context. * Fix CVE-2020-27216: On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. * Fix CVE-2020-27223: Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values. * Fix CVE-2020-28165: CPU usage can reach 100% upon receiving a large invalid TLS frame. * Fix CVE-2020-28169: It is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. * Fix CVE-2021-34428: If an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. krb5 (1.17-3+deb10u3) buster; urgency=high . * Fix KDC null dereference crash on FAST request with no server field, CVE-2021-37750, Closes: #992607 * Fix memory leak in krb5_gss_inquire_cred, Closes: #991140 krb5 (1.17-3+deb10u2) buster-security; urgency=high . * Import upstream patch for CVE-2021-36222, Closes: #991365 ledgersmb (1.6.9+ds-1+deb10u3) buster-security; urgency=medium . * Fix a regression in the display of some search results ledgersmb (1.6.9+ds-1+deb10u2) buster-security; urgency=medium . * Fix CVE-2021-3731, thanks for Erik Huelsmann ledgersmb (1.6.9+ds-1+deb10u1) buster-security; urgency=medium . * Fix CVE-2021-3693 and CVE-2021-3694, thanks to Erik Huelsmann lemonldap-ng (2.0.2+ds-7+deb10u6) buster-security; urgency=medium . * Fix session cache corruption (Closes: CVE-2021-06-25) * Fix trusted domain wildcard * Fix trusted domain regexp * Don't display TOTP secret to owner, neither in debug logs libdatetime-timezone-perl (1:2.23-1+2021b) buster; urgency=medium . * Update to Olson database version 2021b. This update includes contemporary changes for Jordan and Samoa. libpam-tacplus (1.3.8-2+deb10u1) buster; urgency=medium . * Non-maintainer upload by the LTS team. * CVE-2020-13881: Prevent shared secrets (such as private server keys) from being added in plaintext to the system log. libsndfile (1.0.28-6+deb10u1) buster-security; urgency=medium . * CVE-021-3246 (Closes: #991496) libspf2 (1.2.10-7.1~deb10u1) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * Rebuild for buster-security. . libspf2 (1.2.10-7.1) unstable; urgency=medium . * Non-maintainer upload. * spf_compile.c: Correct size of ds_avail (CVE-2021-20314) * Sanity check for sprintf * Fixed 'reverse' macro modifier libuv1 (1.24.1-1+deb10u1) buster-security; urgency=high . * add patch for CVE-2021-22918 (Closes: #990561) * For buster, this patch also tweaks tests so they can be compiled. (because of a missing macro and "static" declaration) linux (4.19.208-1) buster; urgency=medium . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.195 - perf/core: Fix endless multiplex timer - net/nfc/rawsock.c: fix a permission check bug - [x86] ASoC: Intel: bytcr_rt5640: Add quirk for the Glavey TM800A550L tablet - [x86] ASoC: Intel: bytcr_rt5640: Add quirk for the Lenovo Miix 3-830 tablet - bonding: init notify_work earlier to avoid uninitialized use - netlink: disable IRQs for netlink_lock_table() - net: mdiobus: get rid of a BUG_ON() - cgroup: disable controllers at parse time - wq: handle VM suspension in stall detection - net/qla3xxx: fix schedule while atomic in ql_sem_spinlock - RDS tcp loopback connection can hang - scsi: bnx2fc: Return failure if io_req is already in ABTS processing - [x86] scsi: vmw_pvscsi: Set correct residual data length - scsi: target: qla2xxx: Wait for stop_phase1 at WWN removal - [arm64] net: macb: ensure the device is available before accessing GEMGXL control registers - nvme-fabrics: decode host pathing error for connect - [mips*] Fix kernel hang under FUNCTION_GRAPH_TRACER and PREEMPT_TRACER - bnx2x: Fix missing error code in bnx2x_iov_init_one() - [powerpc*] i2c: mpc: Make use of i2c_recover_bus() - [powerpc*] i2c: mpc: implement erratum A-004447 workaround - drm: Fix use-after-free read in drm_getunique() - drm: Lock pointer access in drm_master_release() - kvm: avoid speculation-based attacks from out-of-range memslot accesses - [arm64,x86] staging: rtl8723bs: Fix uninitialized variables - btrfs: return value from btrfs_mark_extent_written() in case of error - cgroup1: don't allow '\n' in renaming - USB: f_ncm: ncm_bitrate (speed) is unsigned - usb: f_ncm: only first packet of aggregate needs to start timer - usb: pd: Set PD_T_SINK_WAIT_CAP to 310ms - [arm64,armhf] usb: dwc3: ep0: fix NULL pointer exception - [x86] usb: typec: ucsi: Clear PPM capability data in ucsi_init() error path - usb: gadget: f_fs: Ensure io_completion_wq is idle during unbind - USB: serial: ftdi_sio: add NovaTech OrionMX product ID - USB: serial: omninet: add device id for Zyxel Omni 56K Plus - USB: serial: quatech2: fix control-request directions - USB: serial: cp210x: fix alternate function for CP2102N QFN20 - usb: gadget: eem: fix wrong eem header operation - usb: fix various gadgets null ptr deref on 10gbps cabling. - usb: fix various gadget panics on 10gbps cabling - regulator: core: resolve supply for boot-on/always-on regulators - [arm64] regulator: max77620: Use device_set_of_node_from_dev() - RDMA/mlx4: Do not map the core_clock page to user space unless enabled - perf: Fix data race between pin_count increment/decrement - sched/fair: Make sure to update tg contrib for blocked load - IB/mlx5: Fix initializing CQ fragments buffer - NFS: Fix a potential NULL dereference in nfs_get_client() - NFSv4: Fix deadlock between nfs4_evict_inode() and nfs4_opendata_get_inode() - perf session: Correct buffer copying when peeking events - kvm: fix previous commit for 32-bit builds - NFS: Fix use-after-free in nfs4_init_client() - NFSv4: Fix second deadlock in nfs4_evict_inode() - NFSv4: nfs4_proc_set_acl needs to restore NFS_CAP_UIDGID_NOMAP on error. - scsi: core: Fix error handling of scsi_host_alloc() - scsi: core: Put .shost_dev in failure path if host state changes to RUNNING - scsi: core: Only put parent device if host state differs from SHOST_CREATED - ftrace: Do not blindly read the ip address in ftrace_bug() - tracing: Correct the length check which causes memory corruption - proc: only require mm_struct for writing https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.196 - net: ieee802154: fix null deref in parse dev addr - HID: quirks: Set INCREMENT_USAGE_ON_DUPLICATE for Saitek X65 - HID: hid-sensor-hub: Return error for hid_set_field() failure - HID: Add BUS_VIRTUAL to hid_connect logging - HID: usbhid: fix info leak in hid_submit_ctrl - gfs2: Prevent direct-I/O write fallback errors from getting lost - gfs2: Fix use-after-free in gfs2_glock_shrink_scan - scsi: target: core: Fix warning on realtime kernels - ethernet: myri10ge: Fix missing error code in myri10ge_probe() - scsi: scsi_devinfo: Add blacklist entry for HPE OPEN-V - net: ipconfig: Don't override command-line hostnames or domains - rtnetlink: Fix missing error code in rtnl_bridge_notify() - net: Return the correct errno code - fib: Return the correct errno code - afs: Fix an IS_ERR() vs NULL check - mm/memory-failure: make sure wait for page writeback in memory_failure - batman-adv: Avoid WARN_ON timing related checks - net: ipv4: fix memory leak in netlbl_cipsov4_add_std - net: rds: fix memory leak in rds_recvmsg - udp: fix race between close() and udp_abort() - rtnetlink: Fix regression in bridge VLAN configuration - net/mlx5e: Block offload of outer header csum for UDP tunnels - netfilter: synproxy: Fix out of bounds when parsing TCP options - sch_cake: Fix out of bounds when parsing TCP options and header - alx: Fix an error handling path in 'alx_probe()' - net: stmmac: dwmac1000: Fix extended MAC address registers definition - net: add documentation to socket.c - net: make get_net_ns return error if NET_NS is disabled - qlcnic: Fix an error handling path in 'qlcnic_probe()' - netxen_nic: Fix an error handling path in 'netxen_nic_probe()' - ptp: ptp_clock: Publish scaled_ppm_to_ppb - ptp: improve max_adj check against unreasonable values - net: cdc_ncm: switch to eth%d interface naming - net: usb: fix possible use-after-free in smsc75xx_bind - [armhf] net: fec_ptp: fix issue caused by refactor the fec_devtype - net: ipv4: fix memory leak in ip_mc_add1_src - net/af_unix: fix a data-race in unix_dgram_sendmsg / unix_release_sock - be2net: Fix an error handling path in 'be_probe()' - net: hamradio: fix memory leak in mkiss_close - net: cdc_eem: fix tx fixup skb leak - icmp: don't send out ICMP messages with a source address of 0.0.0.0 - radeon: use memcpy_to/fromio for UVD fw upload - hwmon: (scpi-hwmon) shows the negative temperature properly - can: mcba_usb: fix memory leak in mcba_usb - usb: core: hub: Disable autosuspend for Cypress CY7C65632 - tracing: Do not stop recording cmdlines when tracing is off - tracing: Do not stop recording comms if the trace file is being read - tracing: Do no increment trace_clock_global() by one - PCI: Mark TI C667X to avoid bus reset - PCI: Mark some NVIDIA GPUs to avoid bus reset - PCI: Add ACS quirk for Broadcom BCM57414 NIC - PCI: Work around Huawei Intelligent NIC VF FLR erratum - [arm64,armhf] dmaengine: pl330: fix wrong usage of spinlock flags in dma_cyclc - net: bridge: fix vlan tunnel dst null pointer dereference - net: bridge: fix vlan tunnel dst refcnt when egressing - mm/slub: clarify verification reporting - mm/slub.c: include swab.h - [armhf] net: fec_ptp: add clock rate zero check - [arm64,armhf] KVM: arm/arm64: Fix KVM_VGIC_V3_ADDR_TYPE_REDIST read - can: bcm/raw/isotp: use per module netdevice notifier - inet: use bigger hash table for IP ID generation - [arm64,armhf] usb: dwc3: debugfs: Add and remove endpoint dirs dynamically - [arm64,armhf] usb: dwc3: core: fix kernel panic when do reboot - [x86] fpu: Reset state for all signal restore failures - module: limit enabling module.sig_enforce (CVE-2021-35039) - drm/nouveau: wait for moving fence after pinning v2 - drm/radeon: wait for moving fence after pinning - Revert "PCI: PM: Do not read power state in pci_enable_device_flags()" - mac80211: remove warning in ieee80211_get_sband() - cfg80211: call cfg80211_leave_ocb when switching away from OCB - mac80211: drop multicast fragments - net: ethtool: clear heap allocations for ethtool function - ping: Check return value of function 'ping_queue_rcv_skb' - inet: annotate date races around sk->sk_txhash - net/packet: annotate accesses to po->bind - net/packet: annotate accesses to po->ifindex - r8152: Avoid memcpy() over-reading of ETH_SS_STATS - r8169: Avoid memcpy() over-reading of ETH_SS_STATS - net: qed: Fix memcpy() overflow of qed_dcbx_params() - [x86] PCI: Add AMD RS690 quirk to enable 64-bit DMA - nilfs2: fix memory leak in nilfs_sysfs_delete_device_group - i2c: robotfuzz-osif: fix control-request directions https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.197 - mm: add VM_WARN_ON_ONCE_PAGE() macro - mm/rmap: remove unneeded semicolon in page_not_mapped() - mm/rmap: use page_not_mapped in try_to_unmap() - mm/thp: fix __split_huge_pmd_locked() on shmem migration entry - mm/thp: make is_huge_zero_pmd() safe and quicker - mm/thp: try_to_unmap() use TTU_SYNC for safe splitting - mm/thp: fix vma_address() if virtual address below file offset - mm/thp: fix page_address_in_vma() on file THP tails - mm/thp: unmap_mapping_page() to fix THP truncate_cleanup_page() - mm: thp: replace DEBUG_VM BUG with VM_WARN when unmap fails for split - mm: page_vma_mapped_walk(): use page for pvmw->page - mm: page_vma_mapped_walk(): settle PageHuge on entry - mm: page_vma_mapped_walk(): use pmde for *pvmw->pmd - mm: page_vma_mapped_walk(): prettify PVMW_MIGRATION block - mm: page_vma_mapped_walk(): crossing page table boundary - mm: page_vma_mapped_walk(): add a level of indentation - mm: page_vma_mapped_walk(): use goto instead of while (1) - mm: page_vma_mapped_walk(): get vma_address_end() earlier - mm/thp: fix page_vma_mapped_walk() if THP mapped by ptes - mm/thp: another PVMW_SYNC fix in page_vma_mapped_walk() - mm, futex: fix shared futex pgoff on shmem huge page - scsi: sr: Return appropriate error code when disk is ejected - drm/nouveau: fix dma_address check for CPU/GPU sync - ext4: eliminate bogus error in ext4_data_block_valid_rcu() - kthread_worker: split code for canceling the delayed work timer - kthread: prevent deadlock when kthread_mod_delayed_work() races with kthread_cancel_delayed_work_sync() - xen/events: reset active flag for lateeoi events later - [x86] KVM: SVM: Call SEV Guest Decommission if ASID binding fails - [armhf] OMAP: replace setup_irq() by request_irq() - [armhf] clocksource/drivers/timer-ti-dm: Add clockevent and clocksource support - [armhf] clocksource/drivers/timer-ti-dm: Prepare to handle dra7 timer wrap issue - [armhf] clocksource/drivers/timer-ti-dm: Handle dra7 timer wrap errata i940 https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.198 - scsi: core: Retry I/O for Notify (Enable Spinup) Required error - ALSA: usb-audio: fix rate on Ozone Z90 USB headset - ALSA: usb-audio: Fix OOB access at proc output - media: dvb-usb: fix wrong definition - Input: usbtouchscreen - fix control-request directions - net: can: ems_usb: fix use-after-free in ems_usb_disconnect() - usb: gadget: eem: fix echo command packet response issue - USB: cdc-acm: blacklist Heimann USB Appset device - [arm64,armhf] usb: dwc3: Fix debugfs creation flow - [x86] usb: typec: Add the missed altmode_id_remove() in typec_register_altmode() - xhci: solve a double free problem while doing s4 - iov_iter_fault_in_readable() should do nothing in xarray case - Input: joydev - prevent use of not validated data in JSIOCSBTNMAP ioctl (CVE-2021-3612) - [armel,armhf] arm_pmu: Fix write counter incorrect in ARMv7 big-endian mode - btrfs: send: fix invalid path for unlink operations after parent orphanization - btrfs: clear defrag status of a root if starting transaction fails - ext4: cleanup in-core orphan list if ext4_truncate() failed to get a transaction handle - ext4: fix kernel infoleak via ext4_extent_header - ext4: return error code when ext4_fill_flex_info() fails - ext4: correct the cache_nr in tracepoint ext4_es_shrink_exit - ext4: remove check for zero nr_to_scan in ext4_es_scan() - ext4: fix avefreec in find_group_orlov - ext4: use ext4_grp_locked_error in mb_find_extent - can: gw: synchronize rcu operations before removing gw job entry - can: peak_pciefd: pucan_handle_status(): fix a potential starvation issue in TX path - SUNRPC: Fix the batch tasks count wraparound. - SUNRPC: Should wake up the privileged task firstly. - [s390x] cio: dont call css_wait_for_slow_path() inside a lock - [x86] serial_cs: Add Option International GSM-Ready 56K/ISDN modem - [x86] serial_cs: remove wrong GLOBETROTTER.cis entry - ath9k: Fix kernel NULL pointer dereference during ath_reset_internal() - ssb: sdio: Don't overwrite const buffer if block_write fails - rsi: Assign beacon rate settings to the correct rate_info descriptor field - rsi: fix AP mode with WPA failure due to encrypted EAPOL - tracing/histograms: Fix parsing of "sym-offset" modifier - tracepoint: Add tracepoint_probe_register_may_exist() for BPF tracing - seq_buf: Make trace_seq_putmem_hex() support data longer than 8 - [powerpc*] stacktrace: Fix spurious "stale" traces in raise_backtrace_ipi() - fuse: check connected before queueing on fpq->io - spi: Make of_register_spi_device also set the fwnode - [i386] spi: spi-topcliff-pch: Fix potential double free in pch_spi_process_messages() - media: cpia2: fix memory leak in cpia2_usb_probe - media: pvrusb2: fix warning in pvr2_i2c_core_done - [x86] crypto: qat - check return code of qat_hal_rd_rel_reg() - [x86] crypto: qat - remove unused macro in FW loader - sched/fair: Fix ascii art by relpacing tabs - media: em28xx: Fix possible memory leak of em28xx struct - media: v4l2-core: Avoid the dangling pointer in v4l2_fh_release - media: bt8xx: Fix a missing check bug in bt878_probe - media: dvd_usb: memory leak in cinergyt2_fe_attach - mmc: via-sdmmc: add a check against NULL pointer dereference - crypto: shash - avoid comparing pointers to exported functions under CFI - media: dvb_net: avoid speculation from net slot - media: siano: fix device register error path - btrfs: fix error handling in __btrfs_update_delayed_inode - btrfs: abort transaction if we fail to update the delayed inode - btrfs: disable build on platforms having page size 256K - [armhf] regulator: da9052: Ensure enough delay time for .set_voltage_time_sel - HID: do not use down_interruptible() when unbinding devices - ACPI: processor idle: Fix up C-state latency if not ordered - [x86] hv_utils: Fix passing zero to 'PTR_ERR' warning - lib: vsprintf: Fix handling of number field widths in vsscanf - ACPI: EC: Make more Asus laptops use ECDT _GPE - block_dump: remove block_dump feature in mark_inode_dirty() - fs: dlm: cancel work sync othercon - random32: Fix implicit truncation warning in prandom_seed_state() - fs: dlm: fix memory leak when fenced - ACPICA: Fix memory leak caused by _CID repair function - ACPI: bus: Call kobject_put() in acpi_init() error path - [x86] platform/x86: toshiba_acpi: Fix missing error code in toshiba_acpi_setup_keyboard() - clocksource: Retry clock read if long delays detected - HID: wacom: Correct base usage for capacitive ExpressKey status bits - [armhf] sata_highbank: fix deferred probing - [mips*] pata_octeon_cf: avoid WARN_ON() in ata_host_activate() - [x86] crypto: ccp - Fix a resource leak in an error handling path - media: rc: i2c: Fix an error message - media: gspca/gl860: fix zero-length control requests - media: siano: Fix out-of-bounds warnings in smscore_load_firmware_family2() - btrfs: clear log tree recovering status if starting transaction fails - [armhf] spi: spi-sun6i: Fix chipselect/clock bug - ACPI: sysfs: Fix a buffer overrun problem with description_show() - blk-wbt: introduce a new disable state to prevent false positive by rwb_enabled() - blk-wbt: make sure throttle is enabled properly - ocfs2: fix snprintf() checking - [arm64,armhf] net: mvpp2: Put fwnode in error case during ->probe() - [i386] net: pch_gbe: Propagate error from devm_gpio_request_one() - [arm64] drm/rockchip: cdn-dp-core: add missing clk_disable_unprepare() on error in cdn_dp_grf_write() - RDMA/rxe: Fix failure during driver load - drm: qxl: ensure surf.data is ininitialized - ieee802154: hwsim: Fix possible memory leak in hwsim_subscribe_all_others - [arm64] wcn36xx: Move hal_buf allocation to devm_kmalloc in probe - ssb: Fix error return code in ssb_bus_scan() - brcmfmac: fix setting of station info chains bitmask - brcmfmac: correctly report average RSSI in station info - brcmsmac: mac80211_if: Fix a resource leak in an error handling path - ath10k: Fix an error code in ath10k_add_interface() - RDMA/mlx5: Don't add slave port to unaffiliated list - netfilter: nft_exthdr: check for IPv6 packet before further processing - netfilter: nft_osf: check for TCP packet before further processing - netfilter: nft_tproxy: restrict support to TCP and UDP transport protocols - RDMA/rxe: Fix qp reference counting for atomic ops - pkt_sched: sch_qfq: fix qfq_change_class() error path - vxlan: add missing rcu_read_lock() in neigh_reduce() - net/ipv4: swap flow ports when validating source - ieee802154: hwsim: Fix memory leak in hwsim_add_one - ieee802154: hwsim: avoid possible crash in hwsim_del_edge_nl() - mac80211: remove iwlwifi specific workaround NDPs of null_response - ipv6: exthdrs: do not blindly use init_net - bpf: Do not change gso_size during bpf_skb_change_proto() - i40e: Fix error handling in i40e_vsi_open - i40e: Fix autoneg disabling for non-10GBaseT links - ipv6: fix out-of-bound access in ip6_parse_tlv() - Bluetooth: mgmt: Fix slab-out-of-bounds in tlv_data_is_valid - Bluetooth: Fix handling of HCI_LE_Advertising_Set_Terminated event - writeback: fix obtain a reference to a freeing memcg css - net: lwtunnel: handle MTU calculation in forwading - net: sched: fix warning in tcindex_alloc_perfect_hash - RDMA/mlx5: Don't access NULL-cleared mpi pointer - tty: nozomi: Fix a resource leak in an error handling function - mwifiex: re-fix for unaligned accesses - [arm64] ASoC: hisilicon: fix missing clk_disable_unprepare() on error in hi6210_i2s_startup() - [x86] char: pcmcia: error out if 'num_bytes_read' is greater than 4 in set_protocol() - tty: nozomi: Fix the error handling path of 'nozomi_card_init()' - scsi: FlashPoint: Rename si_flags field - serial: 8250: Actually allow UPF_MAGIC_MULTIPLIER baud rates - of: Fix truncation of memory sizes on 32-bit platforms - [armhf] mtd: rawnand: marvell: add missing clk_disable_unprepare() on error in marvell_nfc_resume() - scsi: mpt3sas: Fix error return value in _scsih_expander_add() - configfs: fix memleak in configfs_release_bin_file - [powerpc*] Offline CPU in stop_this_cpu() - [arm64] serial: mvebu-uart: correctly calculate minimal possible baudrate - vfio/pci: Handle concurrent vma faults - mm/huge_memory.c: don't discard hugepage if other processes are mapping it - mmc: block: Disable CMDQ on the ioctl path - mmc: vub3000: fix control-request direction - drm/amd/amdgpu/sriov disable all ip hw status by default - [i386] net: pch_gbe: Use proper accessors to BE data in pch_ptp_match() - hugetlb: clear huge pte during flush function on mips platform - atm: iphase: fix possible use-after-free in ia_module_exit() - mISDN: fix possible use-after-free in HFC_cleanup() - atm: nicstar: Fix possible use-after-free in nicstar_cleanup() - net: Treat __napi_schedule_irqoff() as __napi_schedule() on PREEMPT_RT - reiserfs: add check for invalid 1st journal block - drm/virtio: Fix double free on probe failure - udf: Fix NULL pointer dereference in udf_symlink function - e100: handle eeprom as little endian - [arm64,armhf] clk: tegra: Ensure that PLLU configuration is applied properly - ipv6: use prandom_u32() for ID generation - RDMA/cxgb4: Fix missing error code in create_qp() - dm space maps: don't reset space map allocation cursor when committing - [armhf] pinctrl: mcp23s08: fix race condition in irq handler - ice: set the value of global config lock timeout longer - virtio_net: Remove BUG() to avoid machine dead - [arm64,armhf] net: mvpp2: check return value after calling platform_get_resource() - [amd64] fjes: check return value after calling platform_get_resource() - selinux: use __GFP_NOWARN with GFP_NOWAIT in the AVC - xfrm: Fix error reporting in xfrm_state_construct. - [arm64,armhf] wlcore/wl12xx: Fix wl12xx get_mac error if device is in ELP - [arm64,armhf] wl1251: Fix possible buffer overflow in wl1251_cmd_scan - net: fix mistake path for netdev_features_strings - rtl8xxxu: Fix device info for RTL8192EU devices - atm: nicstar: use 'dma_free_coherent' instead of 'kfree' - atm: nicstar: register the interrupt handler in the right place - vsock: notify server to shutdown when client has pending signal - RDMA/rxe: Don't overwrite errno from ib_umem_get() - iwlwifi: mvm: don't change band on bound PHY contexts - iwlwifi: pcie: free IML DMA memory allocation - sfc: avoid double pci_remove of VFs - sfc: error code if SRIOV cannot be disabled - wireless: wext-spy: Fix out-of-bounds warning - net: ip: avoid OOM kills with large UDP sends over loopback - RDMA/cma: Fix rdma_resolve_route() memory leak - Bluetooth: Fix the HCI to MGMT status conversion table - Bluetooth: Shutdown controller after workqueues are flushed or cancelled - Bluetooth: btusb: fix bt fiwmare downloading failure issue for qca btsoc. - sctp: validate from_addr_param return (CVE-2021-3655) - sctp: add size validation when walking chunks (CVE-2021-3655) - fscrypt: don't ignore minor_hash when hash is 0 - bdi: Do not use freezable workqueue - [arm64] serial: mvebu-uart: clarify the baud rate derivation - [arm64] serial: mvebu-uart: fix calculation of clock divisor - fuse: reject internal errno - [powerpc*] barrier: Avoid collision with clang's __lwsync macro - usb: gadget: f_fs: Fix setting of device and driver data cross-references - drm/radeon: Add the missed drm_gem_object_put() in radeon_user_framebuffer_create() - pinctrl/amd: Add device HID for new AMD GPIO controller - [arm64] drm/msm/mdp4: Fix modifier support enabling - mmc: sdhci: Fix warning message when accessing RPMB in HS400 mode - mmc: core: clear flags before allowing to retune - mmc: core: Allow UHS-I voltage switch for SDSC cards if supported - [armhf] ata: ahci_sunxi: Disable DIPM - cpu/hotplug: Cure the cpusets trainwreck - [arm64,armhf] clocksource/arm_arch_timer: Improve Allwinner A64 timer workaround - [arm64,armhf] ASoC: tegra: Set driver_name=tegra for all machine drivers - qemu_fw_cfg: Make fw_cfg_rev_attr a proper kobj_attribute - ipmi/watchdog: Stop watchdog timer when the current action is 'none' - seq_buf: Fix overflow in seq_buf_putmem_hex() - tracing: Simplify & fix saved_tgids logic - tracing: Resize tgid_map to pid_max, not PID_MAX_DEFAULT - dm btree remove: assign new_root only when removal succeeds - PCI: Leave Apple Thunderbolt controllers on for s2idle or standby - [arm64] PCI: aardvark: Fix checking for PIO Non-posted Request - media: subdev: disallow ioctl for saa6588/davinci - media: dtv5100: fix control-request directions - media: zr364xx: fix memory leak in zr364xx_start_readpipe - media: gspca/sq905: fix control-request direction - media: gspca/sunplus: fix zero-length control requests - media: uvcvideo: Fix pixel format change for Elgato Cam Link 4K - [armhf] pinctrl: mcp23s08: Fix missing unlock on error in mcp23s08_irq() - jfs: fix GPF in diFree - [x86] KVM: x86: Use guest MAXPHYADDR from CPUID.0x8000_0008 iff TDP is enabled - [x86] KVM: X86: Disable hardware breakpoints unconditionally before kvm_x86->run() - scsi: core: Fix bad pointer dereference when ehandler kthread is invalid - tracing: Do not reference char * as a string in histograms - [arm64] PCI: aardvark: Don't rely on jiffies while holding spinlock - [arm64] PCI: aardvark: Fix kernel panic during PIO transfer - [x86] misc/libmasm/module: Fix two use after free in ibmasm_init_one - Revert "ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro" - w1: ds2438: fixing bug that would always get page0 - scsi: lpfc: Fix "Unexpected timeout" error in direct attach topology - scsi: lpfc: Fix crash when lpfc_sli4_hba_setup() fails to initialize the SGLs - scsi: core: Cap scsi_host cmd_per_lun at can_queue - [x86] tty: serial: 8250: serial_cs: Fix a memory leak in error handling path - scsi: scsi_dh_alua: Check for negative result value - fs/jfs: Fix missing error code in lmLogInit() - scsi: iscsi: Add iscsi_cls_conn refcount helpers - scsi: iscsi: Fix conn use after free during resets - scsi: iscsi: Fix shost->max_id use - scsi: qedi: Fix null ref during abort handling - [armhf] mfd: da9052/stmpe: Add and modify MODULE_DEVICE_TABLE - [s390x] sclp_vt220: fix console name to match device (Closes: #961056) - [i386] ALSA: sb: Fix potential double-free of CSP mixer elements - [powerpc*] ps3: Add dma_mask to ps3_dma_region - [arm64] gpio: zynq: Check return value of pm_runtime_get_sync - [arm64,armhf] gpio: pca953x: Add support for the On Semi pca9655 - ASoC: soc-core: Fix the error return code in snd_soc_of_parse_audio_routing() - ALSA: bebob: add support for ToneWeal FW66 - usb: gadget: f_hid: fix endianness issue with descriptors - [powerpc*] boot: Fixup device-tree on little endian - [arm64,armhf] ALSA: hda: Add IRQ check for platform_get_irq() - [x86] intel_th: Wait until port is in reset before programming it - i2c: core: Disable client irq on reboot/shutdown - lib/decompress_unlz4.c: correctly handle zero-padding around initrds. - [x86] power: supply: max17042: Do not enforce (incorrect) interrupt trigger type - [armel,armhf] power: reset: gpio-poweroff: add missing MODULE_DEVICE_TABLE - [x86] watchdog: Fix possible use-after-free in wdt_startup() - [x86] watchdog: Fix possible use-after-free by calling del_timer_sync() - [x86] watchdog: iTCO_wdt: Account for rebooting on second timeout - [x86] fpu: Return proper error codes from user access functions - [arm64,armhf] PCI: tegra: Add missing MODULE_DEVICE_TABLE - orangefs: fix orangefs df output. - ceph: remove bogus checks and WARN_ONs from ceph_set_page_dirty - NFS: nfs_find_open_context() may only select open files - [arm64,armhf] pwm: tegra: Don't modify HW state in .remove callback - [arm64] ACPI: AMBA: Fix resource name in /proc/iomem - [x86] ACPI: video: Add quirk for the Dell Vostro 3350 - virtio-blk: Fix memory leak among suspend/resume procedure - virtio_net: Fix error handling in virtnet_restore() - virtio_console: Assure used length from device is limited (CVE-2021-38160) - f2fs: add MODULE_SOFTDEP to ensure crc32 is included in the initramfs - PCI/sysfs: Fix dsm_label_utf16s_to_utf8s() buffer overrun - NFSv4: Initialise connection to the server in nfs4_alloc_client() (CVE-2021-38199) - nfs: fix acl memory leak of posix_acl_create() - ubifs: Set/Clear I_LINKABLE under i_lock for whiteout inode - [x86] fpu: Limit xstate copy size in xstateregs_set() - virtio_net: move tx vq operation under tx queue lock - [i386] ALSA: isa: Fix error return code in snd_cmi8330_probe() - NFSv4/pNFS: Don't call _nfs4_pnfs_v3_ds_connect multiple times - rtc: fix snprintf() checking in is_rtc_hctosys() - [arm64,armhf] reset: bail if try_module_get() fails - [armhf] dts: am335x: align ti,pindir-d0-out-d1-in property with dt-shema - scsi: be2iscsi: Fix an error handling path in beiscsi_dev_probe() - net: bridge: multicast: fix PIM hello router port marking race - scsi: scsi_dh_alua: Fix signedness bug in alua_rtpg() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.199 - [armhf] dts: rockchip: fix pinctrl sleep nodename for rk3036-kylin and rk3288 - [armhf] imx: pm-imx5: Fix references to imx5_cpu_suspend_info - [armhf] dts: rockchip: fix supply properties in io-domains nodes - [arm64,armhf] soc/tegra: fuse: Fix Tegra234-only builds - thermal/core: Correct function name thermal_zone_device_unregister() - [arm64,armhf] rtc: max77686: Do not enforce (incorrect) interrupt trigger type - scsi: aic7xxx: Fix unintentional sign extension issue on left shift of u8 - scsi: libsas: Add LUN number check in .slave_alloc callback - scsi: libfc: Fix array index out of bound exception - sched/fair: Fix CFS bandwidth hrtimer expiry type - mm: slab: fix kmem_cache_create failed when sysfs node not destroyed - dm writecache: return the exact table values that were set - dm writecache: fix writing beyond end of underlying device when shrinking - [arm64,armhf] net: dsa: mv88e6xxx: enable .rmu_disable() on Topaz - net: ipv6: fix return value of ip6_skb_dst_mtu - netfilter: ctnetlink: suspicious RCU usage in ctnetlink_dump_helpinfo - net: bridge: sync fdb to new unicast-filtering ports - [arm64] net: qcom/emac: fix UAF in emac_remove - net: ti: fix UAF in tlan_remove_one - net: send SYNACK packet with accepted fwmark - net: validate lwtstate->data before returning from skb_tunnel_info() - dma-buf/sync_file: Don't leak fences on merge failure - tcp: annotate data races around tp->mtu_info - ipv6: tcp: drop silly ICMPv6 packet too big messages - udp: annotate data races around unix_sk(sk)->gso_size - net: ip_tunnel: fix mtu calculation for ETHER tunnel devices - igb: Fix use-after-free error during reset - ixgbe: Fix an error handling path in 'ixgbe_probe()' - igb: Fix an error handling path in 'igb_probe()' - e1000e: Fix an error handling path in 'e1000_probe()' - iavf: Fix an error handling path in 'iavf_probe()' - igb: Check if num of q_vectors is smaller than max before array access - igb: Fix position of assignment to *ring - ipv6: fix 'disable_policy' for fwd packets - nvme-pci: do not call nvme_dev_remove_admin from nvme_remove - liquidio: Fix unintentional sign extension issue on left shift of u16 - net: fix uninit-value in caif_seqpkt_sendmsg - net: decnet: Fix sleeping inside in af_decnet - [powerpc*] KVM: PPC: Fix kvm_arch_vcpu_ioctl vcpu_load leak - netrom: Decrease sock refcount when sock timers expire - scsi: iscsi: Fix iface sysfs attr detection - scsi: target: Fix protect handling in WRITE SAME(32) - net/tcp_fastopen: fix data races around tfo_active_disable_stamp - net/sched: act_skbmod: Skip non-Ethernet packets - nvme-pci: don't WARN_ON in nvme_reset_work if ctrl.state is not RESETTING - Revert "USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem" - sctp: update active_key for asoc when old key is being replaced - net: sched: cls_api: Fix the the wrong parameter - [arm64,armhf] drm/panel: raspberrypi-touchscreen: Prevent double-free - proc: Avoid mixing integer types in mem_rw() - [s390x] ftrace: fix ftrace_update_ftrace_func implementation - ALSA: usb-audio: Add registration quirk for JBL Quantum headsets - [i386] ALSA: sb: Fix potential ABBA deadlock in CSP driver - xhci: Fix lost USB 2 remote wake - [powerpc*] KVM: PPC: Book3S: Fix H_RTAS rets buffer overflow (CVE-2021-37576) - usb: hub: Disable USB 3 device initiated lpm if exit latency is too high - usb: hub: Fix link power management max exit latency (MEL) calculations - USB: usb-storage: Add LaCie Rugged USB3-FW to IGNORE_UAS - USB: serial: option: add support for u-blox LARA-R6 family - USB: serial: cp210x: fix comments for GE CS1000 - USB: serial: cp210x: add ID for CEL EM3588 USB ZigBee stick - [arm*] usb: dwc2: gadget: Fix sending zero length packet in DDMA mode. - tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop. (CVE-2021-3679) - media: ngene: Fix out-of-bounds bug in ngene_command_config_free_buf() - ixgbe: Fix packet corruption due to missing DMA sync - drm: Return -ENOTTY for non-drm ioctls - KVM: do not assume PTE is writable after follow_pfn - KVM: do not allow mapping valid but non-reference-counted pages (CVE-2021-22543) - KVM: Use kvm_pfn_t for local PFN variable in hva_to_pfn_remapped() - [arm64,armhf] net: dsa: mv88e6xxx: use correct .stats_set_histogram() on Topaz - btrfs: compression: don't try to compress if we don't have enough pages - PCI: Mark AMD Navi14 GPU ATS as broken - xhci: add xhci_get_virt_ep() helper https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.200 - [x86] KVM: determine if an exception has an error code only when injecting it. - net: split out functions related to registering inflight socket files - af_unix: fix garbage collect vs MSG_PEEK - workqueue: fix UAF in pwq_unbound_release_workfn() - net/802/mrp: fix memleak in mrp_request_join() - net/802/garp: fix memleak in garp_request_join() - net: annotate data race around sk_ll_usec - sctp: move 198 addresses from unusable to private scope - hfs: add missing clean-up in hfs_fill_super - hfs: fix high memory mapping in hfs_bnode_read - hfs: add lock nesting notation to hfs_find_init - cifs: fix the out of range assignment to bit fields in parse_server_interfaces https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.201 - virtio_net: Do not pull payload in skb->head - gro: ensure frag0 meets IP header alignment - [x86] asm: Ensure asm/proto.h can be included stand-alone - btrfs: fix rw device counting in __btrfs_free_extra_devids - [x86] kvm: fix vcpu-id indexed array sizes - ocfs2: fix zero out valid data - ocfs2: issue zeroout to EOF blocks - can: raw: raw_setsockopt(): fix raw_rcv panic for sock UAF - can: mcba_usb_start(): add missing urb->transfer_dma initialization - can: usb_8dev: fix memory leak - can: ems_usb: fix memory leak - can: esd_usb2: fix memory leak - NIU: fix incorrect error return, missed in previous revert - nfc: nfcsim: fix use after free during module unload - cfg80211: Fix possible memory leak in function cfg80211_bss_update - netfilter: conntrack: adjust stop timestamp to real expiry value - netfilter: nft_nat: allow to specify layer 4 protocol NAT only - i40e: Fix logic of disabling queues - i40e: Fix log TC creation failure when max num of queues is exceeded - tipc: fix sleeping in tipc accept routine - mlx4: Fix missing error code in mlx4_load_one() - net: llc: fix skb_over_panic - net/mlx5: Fix flow table chaining - sctp: fix return value check in __sctp_rcv_asconf_lookup - tulip: windbond-840: Fix missing pci_disable_device() in probe and remove - sis900: Fix missing pci_disable_device() in probe and remove - [powerpc*] pseries: Fix regression while building external modules - i40e: Add additional info to PHY type error https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.202 - btrfs: mark compressed range uptodate only if all bio succeed - r8152: Fix potential PM refcount imbalance - qed: fix possible unpaired spin_{un}lock_bh in _qed_mcp_cmd_and_union() - net: Fix zero-copy head len calculation. - bdi: move bdi_dev_name out of line - bdi: use bdi_dev_name() to get device name - bdi: add a ->dev_name field to struct backing_dev_info - Revert "Bluetooth: Shutdown controller after workqueues are flushed or cancelled" - [x86] Revert "watchdog: iTCO_wdt: Account for rebooting on second timeout" - padata: validate cpumask without removed CPU during offline - padata: add separate cpuhp node for CPUHP_PADATA_DEAD https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.203 - Revert "ACPICA: Fix memory leak caused by _CID repair function" - ALSA: seq: Fix racy deletion of subscriber - [armhf] imx: add missing iounmap() - ALSA: usb-audio: fix incorrect clock source setting - scsi: sr: Return correct event when media event code is 3 - media: videobuf2-core: dequeue if start_streaming fails - net: natsemi: Fix missing pci_disable_device() in probe and remove - sctp: move the active_key update after sh_keys is added - nfp: update ethtool reporting of pauseframe control - net: ipv6: fix returned variable type in ip6_skb_dst_mtu - bnx2x: fix an error code in bnx2x_nic_load() - net: pegasus: fix uninit-value in get_interrupt_interval - [armhf] net: fec: fix use-after-free in fec_drv_remove - net: vxge: fix use-after-free in vxge_device_unregister - Bluetooth: defer cleanup of resources in hci_unregister_dev() - USB: usbtmc: Fix RCU stall warning - USB: serial: option: add Telit FD980 composition 0x1056 - USB: serial: ch341: fix character loss at high transfer rates - USB: serial: ftdi_sio: add device ID for Auto-M3 OP-COM v2 - firmware_loader: use -ETIMEDOUT instead of -EAGAIN in fw_load_sysfs_fallback - firmware_loader: fix use-after-free in firmware_fallback_sysfs - ALSA: usb-audio: Add registration quirk for JBL Quantum 600 - usb: gadget: f_hid: added GET_IDLE and SET_IDLE handlers - usb: gadget: f_hid: fixed NULL pointer dereference - usb: gadget: f_hid: idle uses the highest byte for duration - tracing/histogram: Rename "cpu" to "common_cpu" - [arm64] optee: Clear stale cache entries during initialization - staging: rtl8723bs: Fix a resource leak in sd_int_dpc - media: rtl28xxu: fix zero-length control request - pipe: increase minimum default pipe size to 2 pages - ext4: fix potential htree corruption when growing large_dir directories - serial: 8250: Mask out floating 16/32-bit bus bits - [mips*] Malta: Do not byte-swap accesses to the CBUS UART - [x86] pcmcia: i82092: fix a null pointer dereference bug - [x86] KVM: accept userspace interrupt only if no event is injected - [x86] KVM: x86/mmu: Fix per-cpu counter corruption on 32-bit builds - [armhf] spi: meson-spicc: fix memory leak in meson_spicc_remove - qmi_wwan: add network device usage statistics for qmimux devices - libata: fix ata_pio_sector for CONFIG_HIGHMEM - reiserfs: add check for root_inode in reiserfs_fill_super - reiserfs: check directory items on read from disk - net/qla3xxx: fix schedule while atomic in ql_wait_for_drvr_lock and ql_adapter_reset - [armhf] imx: add mmdc ipg clock operation for mmdc https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.204 - [x86] KVM: SVM: Fix off-by-one indexing when nullifying last used SEV VMCB - bpf: Inherit expanded/patched seen count from old aux data (CVE-2021-33624) - bpf: Do not mark insn as seen under speculative path verification (CVE-2021-33624) - bpf: Fix leakage under speculation on mispredicted branches (CVE-2021-33624) - [x86] KVM: MMU: Use the correct inherited permissions to get shadow page (CVE-2021-38198) - USB:ehci:fix Kunpeng920 ehci hardware problem - ppp: Fix generating ppp unit id when ifname is not specified - ovl: prevent private clone if bind mount is not allowed CVE-2021-3732) - net: xilinx_emaclite: Do not print real IOMEM pointer (CVE-2021-38205) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.205 - [x86] ASoC: intel: atom: Fix reference to PCM buffer address - i2c: dev: zero out array used for i2c reads from userspace - [amd64,arm64] ACPI: NFIT: Fix support for virtual SPA ranges - ieee802154: hwsim: fix GPF in hwsim_set_edge_lqi - ieee802154: hwsim: fix GPF in hwsim_new_edge_nl - ppp: Fix generating ifname when empty IFLA_IFNAME is specified - net: Fix memory leak in ieee802154_raw_deliver - net: igmp: fix data-race in igmp_ifc_timer_expire() - net: bridge: fix memleak in br_add_if() - tcp_bbr: fix u32 wrap bug in round logic if bbr_init() called after 2B packets - net: igmp: increase size of mr_ifc_count - xen/events: Fix race in set_evtchn_to_irq - vsock/virtio: avoid potential deadlock when vsock device remove - [powerpc*] kprobes: Fix kprobe Oops happens in booke - genirq: Provide IRQCHIP_AFFINITY_PRE_STARTUP - [x86] msi: Force affinity setup before startup - [x86] ioapic: Force affinity setup before startup - genirq/msi: Ensure deactivation on teardown - PCI/MSI: Enable and mask MSI-X early - PCI/MSI: Do not set invalid bits in MSI mask - PCI/MSI: Correct misleading comments - PCI/MSI: Use msi_mask_irq() in pci_msi_shutdown() - PCI/MSI: Protect msi_desc::masked for multi-MSI - PCI/MSI: Mask all unused MSI-X entries - PCI/MSI: Enforce that MSI-X table entry is masked for update - PCI/MSI: Enforce MSI[X] entry updates to be visible - [amd64] iommu/vt-d: Fix agaw for a supported 48 bit guest address width - mac80211: drop data frames without key on encrypted links - [x86] KVM: nSVM: always intercept VMLOAD/VMSAVE when nested (CVE-2021-3656) - [x86] KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl (CVE-2021-3653) - [x86] fpu: Make init_fpstate correct with optimized XSAVE - ath: Use safer key clearing with key cache entries (CVE-2020-3702) - ath9k: Clear key cache explicitly on disabling hardware (CVE-2020-3702) - ath: Export ath_hw_keysetmac() (CVE-2020-3702) - ath: Modify ath_key_delete() to not need full key entry (CVE-2020-3702) - ath9k: Postpone key cache entry deletion for TXQ frames reference it (CVE-2020-3702) - dmaengine: of-dma: router_xlate to return -EPROBE_DEFER if controller is not yet available - scsi: megaraid_mm: Fix end of loop tests for list_for_each_entry() - scsi: scsi_dh_rdac: Avoid crash during rdac_bus_attach() - scsi: core: Avoid printing an error if target_alloc() returns -ENXIO - net: usb: lan78xx: don't modify phy_device state concurrently - Bluetooth: hidp: use correct wait queue when removing ctrl_wait - [arm64] cpufreq: armada-37xx: forbid cpufreq for 1.2 GHz variant - vhost: Fix the calculation in vhost_overflow() - bnxt: don't lock the tx queue from napi poll - bnxt: disable napi before canceling DIM - net: 6pack: fix slab-out-of-bounds in decode_data - net: qlcnic: add missed unlock in qlcnic_83xx_flash_read32 - [arm64,armhf] net: mdio-mux: Don't ignore memory allocation errors - [arm64,armhf] net: mdio-mux: Handle -EPROBE_DEFER correctly - [arm64,armhf] mmc: dw_mmc: Fix hang on data CRC error - ALSA: hda - fix the 'Capture Switch' value change notifications - btrfs: prevent rename2 from exchanging a subvol with a directory from different parents - PCI: Increase D3 delay for AMD Renoir/Cezanne XHCI - [x86] ASoC: intel: atom: Fix breakage for PCM buffer address setup - locks: print a warning when mount fails due to lack of "mand" support - fs: warn about impending deprecation of mandatory locks - netfilter: nft_exthdr: fix endianness of tcp option cast https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.206 - net: qrtr: fix another OOB Read in qrtr_endpoint_post (CVE-2021-3743) - bpf: Do not use ax register in interpreter on div/mod - bpf: Fix 32 bit src register truncation on div/mod (CVE-2021-3600) - bpf: Fix truncation handling for mod32 dst reg wrt zero (CVE-2021-3444) - netfilter: conntrack: collect all entries in one cycle - once: Fix panic when module unload - can: usb: esd_usb2: esd_usb2_rx_event(): fix the interchange of the CAN RX and TX error counters - Revert "USB: serial: ch341: fix character loss at high transfer rates" - USB: serial: option: add new VID/PID to support Fibocom FG150 - [arm64,armhf] usb: dwc3: gadget: Fix dwc3_calc_trbs_left() - [arm64,armhf] usb: dwc3: gadget: Stop EP0 transfers during pullup disable - [amd64] IB/hfi1: Fix possible null-pointer dereference in _extend_sdma_tx_descs() - e1000e: Fix the max snoop/no-snoop latency for 10M - ip_gre: add validation for csum_start - [arm64] xgene-v2: Fix a resource leak in the error handling path of 'xge_probe()' - [arm64,armhf] net: marvell: fix MVNETA_TX_IN_PRGRS bit number - [arm64] net: hns3: fix get wrong pfc_en when query PFC configuration - usb: gadget: u_audio: fix race condition on endpoint stop - opp: remove WARN when no valid OPPs remain - virtio: Improve vq->broken access to avoid any compiler optimization - virtio_pci: Support surprise removal of virtio pci device - [amd64] vringh: Use wiov->used to check for read/write desc order - qed: qed ll2 race condition fixes - qed: Fix null-pointer dereference in qed_rdma_create_qp() - drm: Copy drm_wait_vblank to user before returning - drm/nouveau/disp: power down unused DP links during init - net/rds: dma_map_sg is entitled to merge entries - vt_kdsetmode: extend console locking (CVE-2021-3753) - fbmem: add margin check to fb_check_caps() - [x86] KVM: x86/mmu: Treat NX as used (not reserved) for all !TDP shadow MMUs - Revert "floppy: reintroduce O_NDELAY fix" - net: don't unconditionally copy_from_user a struct ifreq for socket ioctls https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.207 - ext4: fix race writing to an inline_data file while its xattrs are changing (CVE-2021-40490) - [armhf] gpu: ipu-v3: Fix i.MX IPU-v3 offset calculations for (semi)planar U/V formats - qed: Fix the VF msix vectors flow - [arm64] net: macb: Add a NULL check on desc_ptp - qede: Fix memset corruption - [x86] perf/x86/intel/pt: Fix mask of num_address_ranges - [x86] perf/x86/amd/ibs: Work around erratum #1197 - [armel,armhf] 8918/2: only build return_address() if needed - ALSA: pcm: fix divide error in snd_pcm_lib_ioctl - clk: fix build warning for orphan_list - media: stkwebcam: fix memory leak in stk_camera_probe - [armhf] imx: add missing clk_disable_unprepare() - [armhf] imx: fix missing 3rd argument in macro imx_mmdc_perf_init - igmp: Add ip_mc_list lock in ip_check_mc_rcu - ipv4/icmp: l3mdev: Perform icmp error route lookup on source device routing table (v2) - SUNRPC/nfs: Fix return value for nfs4_callback_compound() - [powerpc*] module64: Fix comment in R_PPC64_ENTRY handling - [powerpc*] boot: Delete unneeded .globl _zimage_start - mm/page_alloc: speed up the iteration of max_order - Revert "btrfs: compression: don't try to compress if we don't have enough pages" - ALSA: usb-audio: Add registration quirk for JBL Quantum 800 - [x86] reboot: Limit Dell Optiplex 990 quirk to early BIOS versions - PCI: Call Max Payload Size-related fixup quirks early - locking/mutex: Fix HANDOFF condition - regmap: fix the offset of register error log - sched/deadline: Fix reset_on_fork reporting of DL tasks - power: supply: axp288_fuel_gauge: Report register-address on readb / writeb errors - sched/deadline: Fix missing clock update in migrate_task_rq_dl() - hrtimer: Avoid double reprogramming in __hrtimer_start_range_ns() - udf: Check LVID earlier - isofs: joliet: Fix iocharset=utf8 mount option - bcache: add proper error unwinding in bcache_device_init - nvme-rdma: don't update queue count when failing to set io queues - [x86] power: supply: max17042_battery: fix typo in MAx17042_TOFF - [s390x] cio: add dev_busid sysfs entry for each subchannel - libata: fix ata_host_start() - [x86] crypto: qat - do not ignore errors from enable_vf2pf_comms() - [x86] crypto: qat - handle both source of interrupt in VF ISR - [x86] crypto: qat - fix reuse of completion variable - [x86] crypto: qat - fix naming for init/shutdown VF to PF notifications - [x86] crypto: qat - do not export adf_iov_putmsg() - fcntl: fix potential deadlock for &fasync_struct.fa_lock - udf_get_extendedattr() had no boundary checks. - lib/mpi: use kcalloc in mpi_resize - [x86] crypto: qat - use proper type for vf_mask - media: dvb-usb: fix uninit-value in dvb_usb_adapter_dvb_init - media: dvb-usb: fix uninit-value in vp702x_read_mac_addr - media: go7007: remove redundant initialization - Bluetooth: sco: prevent information leak in sco_conn_defer_accept() - tcp: seq_file: Avoid skipping sk during tcp_seek_last_pos - media: em28xx-input: fix refcount bug in em28xx_usb_disconnect - [arm64] media: venus: venc: Fix potential null pointer dereference on pointer fmt - PCI: PM: Avoid forcing PCI_D0 for wakeup reasons inconsistently - PCI: PM: Enable PME if it can be signaled from D3cold - Bluetooth: increase BTNAMSIZ to 21 chars to fix potential buffer overflow - [arm64] drm/msm/dpu: make dpu_hw_ctl_clear_all_blendstages clear necessary LMs - Bluetooth: fix repeated calls to sco_sock_kill - [arm64] drm/msm/dsi: Fix some reference counted resource leaks - [armhf] usb: phy: twl6030: add IRQ checks - Bluetooth: Move shutdown callback before flushing tx and rx queue - mac80211: Fix insufficient headroom issue for AMSDU - Bluetooth: add timeout sanity check to hci_inquiry - [armhf] i2c: s3c2410: fix IRQ check - [arm64,armhf] mmc: dw_mmc: Fix issue with uninitialized dma_slave_config - CIFS: Fix a potencially linear read overflow - [arm*] usb: ehci-orion: Handle errors of clk_prepare_enable() in probe - ath6kl: wmi: fix an error code in ath6kl_wmi_sync_point() - bcma: Fix memory leak for internally-handled cores - ipv4: make exception cache less predictible - net: sched: Fix qdisc_rate_table refcount leak when get tcf_block failed - ipv4: fix endianness issue in inet_rtm_getroute_build_skb() - netns: protect netns ID lookups with RCU - fscrypt: add fscrypt_symlink_getattr() for computing st_size - ext4: report correct st_size for encrypted symlinks - f2fs: report correct st_size for encrypted symlinks - ubifs: report correct st_size for encrypted symlinks - tty: Fix data race between tiocsti() and flush_to_ldisc() - [x86] KVM: Update vCPU's hv_clock before back to guest when tsc_offset is adjusted - fbmem: don't allow too huge resolutions - [arm64,armhf] backlight: pwm_bl: Improve bootloader/kernel device handover - [armel] clk: kirkwood: Fix a clocking boot regression - btrfs: reset replace target device to allocation state on close - blk-zoned: allow zone management send operations without CAP_SYS_ADMIN - blk-zoned: allow BLKREPORTZONE without CAP_SYS_ADMIN - PCI/MSI: Skip masking MSI-X on Xen PV - [powerpc*] perf/hv-gpci: Fix counter value parsing - xen: fix setting of max_pfn in shared_info - 9p/xen: Fix end of loop tests for list_for_each_entry - bpf/verifier: per-register parent pointers - bpf: correct slot_type marking logic to allow more stack slot sharing - bpf: Support variable offset stack access from helpers - bpf: Reject indirect var_off stack access in raw mode - bpf: Reject indirect var_off stack access in unpriv mode - bpf: Sanity check max value for var_off stack access - bpf: track spill/fill of constants - bpf: Introduce BPF nospec instruction for mitigating Spectre v4 (CVE-2021-34556, CVE-2021-35477) - bpf: Fix leakage due to insufficient speculative store bypass mitigation (CVE-2021-34556, CVE-2021-35477) - bpf: verifier: Allocate idmap scratch in verifier env - bpf: Fix pointer arithmetic mask tightening under state pruning - [arm64] head: avoid over-mapping in map_memory - block: bfq: fix bfq_set_next_ioprio_data() - [x86] power: supply: max17042: handle fails of reading status register - dm crypt: Avoid percpu_counter spinlock contention in crypt_page_alloc() - [x86] VMCI: fix NULL pointer dereference when unmapping queue pair - media: uvc: don't do DMA on stack - media: rc-loopback: return number of emitters rather than error - libata: add ATA_HORKAGE_NO_NCQ_TRIM for Samsung 860 and 870 SSDs - PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported - PCI: Return ~0 data on pciconfig_read() CAP_SYS_ADMIN failure - [arm64] PCI: xilinx-nwl: Enable the clock through CCF - [arm64] PCI: aardvark: Increase polling delay to 1.5s while waiting for PIO response - [arm64] PCI: aardvark: Fix masking and unmasking legacy INTx interrupts - HID: input: do not report stylus battery state as "full" - RDMA/iwcm: Release resources if iw_cm module initialization fails - docs: Fix infiniband uverbs minor number - [armhf] pinctrl: samsung: Fix pinctrl bank pin count - [powerpc*] stacktrace: Include linux/delay.h - [arm64,armhf] pinctrl: single: Fix error return code in pcs_parse_bits_in_pinctrl_entry() - scsi: qedi: Fix error codes in qedi_alloc_global_queues() - [x86] platform/x86: dell-smbios-wmi: Add missing kfree in error-exit from run_smbios_call - fscache: Fix cookie key hashing - f2fs: fix to account missing .skipped_gc_rwsem - f2fs: fix to unmap pages from userspace process in punch_hole() - [mips*] Malta: fix alignment of the devicetree buffer - userfaultfd: prevent concurrent API initialization - media: dib8000: rewrite the init prbs logic - PCI: Use pci_update_current_state() in pci_enable_device_flags() - tipc: keep the skb in rcv queue until the whole data is read - video: fbdev: kyro: fix a DoS bug by restricting user input - netlink: Deal with ESRCH error in nlmsg_notify() - usb: gadget: u_ether: fix a potential null pointer dereference - usb: gadget: composite: Allow bMaxPower=0 if self-powered - tty: serial: jsm: hold port lock when reporting modem line changes - video: fbdev: kyro: Error out if 'pixclock' equals zero - ipv4: ip_output.c: Fix out-of-bounds warning in ip_copy_addrs() - flow_dissector: Fix out-of-bounds warnings - [s390x] jump_label: print real address in a case of a jump label bug - serial: 8250: Define RX trigger levels for OxSemi 950 devices - serial: 8250_pci: make setup_port() parameters explicitly unsigned - Bluetooth: skip invalid hci_sync_conn_complete_evt - bonding: 3ad: fix the concurrency between __bond_release_one() and bond_3ad_state_machine_handler() - [x86] ASoC: Intel: bytcr_rt5640: Move "Platform Clock" routes to the maps for the matching in-/output - media: v4l2-dv-timings.c: fix wrong condition in two for-loops - [armhf] dts: imx53-ppd: Fix ACHC entry - [arm64] dts: qcom: sdm660: use reg value for memory node - [arm64] net: ethernet: stmmac: Do not use unreachable() in ipq806x_gmac_probe() - Bluetooth: schedule SCO timeouts with delayed_work - Bluetooth: avoid circular locks in sco_sock_connect - gpu: drm: amd: amdgpu: amdgpu_i2c: fix possible uninitialized-variable access in amdgpu_i2c_router_select_ddc_port() - Bluetooth: Fix handling of LE Enhanced Connection Complete - tcp: enable data-less, empty-cookie SYN with TFO_SERVER_COOKIE_NOT_REQD - rpc: fix gss_svc_init cleanup on failure - [x86] staging: rts5208: Fix get_ms_information() heap buffer size - gfs2: Don't call dlm after protocol is unmounted - of: Don't allow __of_attached_node_sysfs() without CONFIG_SYSFS - [arm64] mmc: sdhci-of-arasan: Check return value of non-void funtions - mmc: rtsx_pci: Fix long reads when clock is prescaled - mmc: core: Return correct emmc response in case of ioctl error - cifs: fix wrong release in sess_alloc_buffer() failed path - Revert "USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST quirk set" - [armhf] usb: musb: musb_dsps: request_irq() after initializing musb - usbip: give back URBs for unsent unlink requests during cleanup - usbip:vhci_hcd USB port can get stuck in the disabled state - [arm64,armhf] ASoC: rockchip: i2s: Fix regmap_ops hang - [arm64,armhf] ASoC: rockchip: i2s: Fixup config for DAIFMT_DSP_A/B - parport: remove non-zero check on count - ath9k: fix OOB read ar9300_eeprom_restore_internal - ath9k: fix sleeping in atomic context - ovl: fix BUG_ON() in may_delete() when called from ovl_cleanup() - [x86] scsi: BusLogic: Fix missing pr_cont() use - scsi: qla2xxx: Sync queue idx with queue_pair_map idx - [powerpc*] cpufreq: powernv: Fix init_chip_info initialization in numa=off - mm/hugetlb: initialize hugetlb_usage in mm_init - memcg: enable accounting for pids in nested pid namespaces - [arm64,armhf] platform/chrome: cros_ec_proto: Send command again when timeout occurs - drm/amdgpu: Fix BUG_ON assert - dm thin metadata: Fix use-after-free in dm_bm_set_read_only - [x86] xen: reset legacy rtc flag for PV domU - bnx2x: Fix enabling network interfaces without VFs - [arm64] sve: Use correct size when reinitialising SVE state - PM: base: power: don't try to use non-existing RTC for storing data - PCI: Add AMD GPU multi-function power dependencies - [x86] mm: Fix kern_addr_valid() to cope with existing but not present entries - tipc: fix an use-after-free issue in tipc_recvmsg - dccp: don't duplicate ccid when cloning dccp sock (CVE-2020-16119) - net/l2tp: Fix reference count leak in l2tp_udp_recv_core - r6040: Restore MDIO clock frequency after MAC reset - tipc: increase timeout in tipc_sk_enqueue() - net/mlx5: Fix potential sleeping in atomic context - events: Reuse value read using READ_ONCE instead of re-reading it - net/af_unix: fix a data-race in unix_dgram_poll - [arm64,armhf] net: dsa: destroy the phylink instance on any error in dsa_slave_phy_setup - tcp: fix tp->undo_retrans accounting in tcp_sacktag_one() - qed: Handle management FW error - [arm64] net: hns3: pad the short tunnel frame before sending to hardware - mm/memory_hotplug: use "unsigned long" for PFN in zone_for_pfn_range() - [s390x] KVM: index kvm->arch.idle_mask by vcpu_idx - dt-bindings: mtd: gpmc: Fix the ECC bytes vs. OOB bytes equation - [armhf] mfd: Don't use irq_create_mapping() to resolve a mapping - PCI: Add ACS quirks for Cavium multi-function devices - net: usb: cdc_mbim: avoid altsetting toggling for Telit LN920 - block, bfq: honor already-setup queue merges - ethtool: Fix an error code in cxgb2.c - mfd: axp20x: Update AXP288 volatile ranges - PCI: Fix pci_dev_str_match_path() alloc while atomic bug - [arm64] KVM: Handle PSCI resets before userspace touches vCPU state - mtd: rawnand: cafe: Fix a resource leak in the error handling path of 'cafe_nand_probe()' - [armhf] net: dsa: b53: Fix calculating number of switch ports - netfilter: socket: icmp6: fix use-after-scope - fq_codel: reject silly quantum parameters - qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom - ip_gre: validate csum_start only on pull https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.208 - [s390x] bpf: Fix optimizing out zero-extensions - KVM: remember position in kvm->vcpus array - rcu: Fix missed wakeup of exp_wq waiters - apparmor: remove duplicate macro list_entry_is_head() - tracing/kprobe: Fix kprobe_on_func_entry() modification - sctp: validate chunk size in __rcv_asconf_lookup (CVE-2021-3655) - sctp: add param size validation for SCTP_PARAM_SET_PRIMARY (CVE-2021-3655) - dmaengine: acpi: Avoid comparison GSI with Linux vIRQ - [armhf] thermal/drivers/exynos: Fix an error code in exynos_tmu_probe() - 9p/trans_virtio: Remove sysfs file on probe failure - prctl: allow to setup brk for et_dyn executables - nilfs2: use refcount_dec_and_lock() to fix potential UAF - profiling: fix shift-out-of-bounds bugs - drivers: base: cacheinfo: Get rid of DEFINE_SMP_CALL_CACHE_FUNCTION() - ceph: lockdep annotations for try_nonblocking_invalidate - nilfs2: fix memory leak in nilfs_sysfs_create_device_group - nilfs2: fix NULL pointer in nilfs_##name##_attr_release - nilfs2: fix memory leak in nilfs_sysfs_create_##name##_group - nilfs2: fix memory leak in nilfs_sysfs_delete_##name##_group - nilfs2: fix memory leak in nilfs_sysfs_create_snapshot_group - nilfs2: fix memory leak in nilfs_sysfs_delete_snapshot_group - [arm64,armhf] pwm: rockchip: Don't modify HW state in .remove() callback - blk-throttle: fix UAF by deleteing timer in blk_throtl_exit() - drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV . [ Salvatore Bonaccorso ] * [rt] Update to 4.19.195-rt82 * [rt] Update to 4.19.196-rt83 * Bump ABI to 18 * [rt] Update to 4.19.197-rt84 * Refresh "fs: Add MODULE_SOFTDEP declarations for hard-coded crypto drivers" * [rt] Update to 4.19.198-rt85 * Refresh "scsi: hisi_sas: Create separate host attributes per HBA" * [rt] Update to 4.19.199-rt86 * [rt] Update to 4.19.206-rt87 * [rt] Update to 4.19.207-rt88 * hso: fix bailout in error case of probe * usb: hso: fix error handling code of hso_create_net_device (CVE-2021-37159) * usb: hso: remove the bailout parameter linux (4.19.194-3) buster-security; urgency=high . * [x86] KVM: SVM: Periodically schedule when unregistering regions on destroy (CVE-2020-36311) * can: bcm: fix infoleak in struct bcm_msg_head (CVE-2021-34693) * can: bcm: delay release of struct bcm_op after synchronize_rcu() (CVE-2021-3609) * seq_file: Disallow extremely large seq buffer allocations (CVE-2021-33909) linux (4.19.194-2) buster; urgency=medium . * proc: Track /proc/$pid/attr/ opener mm_struct (Closes: #990072) linux-latest (105+deb10u13) buster; urgency=medium . * Update to 4.19.0-18 linux-signed-amd64 (4.19.208+1) buster; urgency=medium . * Sign kernel from linux 4.19.208-1 . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.195 - perf/core: Fix endless multiplex timer - net/nfc/rawsock.c: fix a permission check bug - [x86] ASoC: Intel: bytcr_rt5640: Add quirk for the Glavey TM800A550L tablet - [x86] ASoC: Intel: bytcr_rt5640: Add quirk for the Lenovo Miix 3-830 tablet - bonding: init notify_work earlier to avoid uninitialized use - netlink: disable IRQs for netlink_lock_table() - net: mdiobus: get rid of a BUG_ON() - cgroup: disable controllers at parse time - wq: handle VM suspension in stall detection - net/qla3xxx: fix schedule while atomic in ql_sem_spinlock - RDS tcp loopback connection can hang - scsi: bnx2fc: Return failure if io_req is already in ABTS processing - [x86] scsi: vmw_pvscsi: Set correct residual data length - scsi: target: qla2xxx: Wait for stop_phase1 at WWN removal - [arm64] net: macb: ensure the device is available before accessing GEMGXL control registers - nvme-fabrics: decode host pathing error for connect - [mips*] Fix kernel hang under FUNCTION_GRAPH_TRACER and PREEMPT_TRACER - bnx2x: Fix missing error code in bnx2x_iov_init_one() - [powerpc*] i2c: mpc: Make use of i2c_recover_bus() - [powerpc*] i2c: mpc: implement erratum A-004447 workaround - drm: Fix use-after-free read in drm_getunique() - drm: Lock pointer access in drm_master_release() - kvm: avoid speculation-based attacks from out-of-range memslot accesses - [arm64,x86] staging: rtl8723bs: Fix uninitialized variables - btrfs: return value from btrfs_mark_extent_written() in case of error - cgroup1: don't allow '\n' in renaming - USB: f_ncm: ncm_bitrate (speed) is unsigned - usb: f_ncm: only first packet of aggregate needs to start timer - usb: pd: Set PD_T_SINK_WAIT_CAP to 310ms - [arm64,armhf] usb: dwc3: ep0: fix NULL pointer exception - [x86] usb: typec: ucsi: Clear PPM capability data in ucsi_init() error path - usb: gadget: f_fs: Ensure io_completion_wq is idle during unbind - USB: serial: ftdi_sio: add NovaTech OrionMX product ID - USB: serial: omninet: add device id for Zyxel Omni 56K Plus - USB: serial: quatech2: fix control-request directions - USB: serial: cp210x: fix alternate function for CP2102N QFN20 - usb: gadget: eem: fix wrong eem header operation - usb: fix various gadgets null ptr deref on 10gbps cabling. - usb: fix various gadget panics on 10gbps cabling - regulator: core: resolve supply for boot-on/always-on regulators - [arm64] regulator: max77620: Use device_set_of_node_from_dev() - RDMA/mlx4: Do not map the core_clock page to user space unless enabled - perf: Fix data race between pin_count increment/decrement - sched/fair: Make sure to update tg contrib for blocked load - IB/mlx5: Fix initializing CQ fragments buffer - NFS: Fix a potential NULL dereference in nfs_get_client() - NFSv4: Fix deadlock between nfs4_evict_inode() and nfs4_opendata_get_inode() - perf session: Correct buffer copying when peeking events - kvm: fix previous commit for 32-bit builds - NFS: Fix use-after-free in nfs4_init_client() - NFSv4: Fix second deadlock in nfs4_evict_inode() - NFSv4: nfs4_proc_set_acl needs to restore NFS_CAP_UIDGID_NOMAP on error. - scsi: core: Fix error handling of scsi_host_alloc() - scsi: core: Put .shost_dev in failure path if host state changes to RUNNING - scsi: core: Only put parent device if host state differs from SHOST_CREATED - ftrace: Do not blindly read the ip address in ftrace_bug() - tracing: Correct the length check which causes memory corruption - proc: only require mm_struct for writing https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.196 - net: ieee802154: fix null deref in parse dev addr - HID: quirks: Set INCREMENT_USAGE_ON_DUPLICATE for Saitek X65 - HID: hid-sensor-hub: Return error for hid_set_field() failure - HID: Add BUS_VIRTUAL to hid_connect logging - HID: usbhid: fix info leak in hid_submit_ctrl - gfs2: Prevent direct-I/O write fallback errors from getting lost - gfs2: Fix use-after-free in gfs2_glock_shrink_scan - scsi: target: core: Fix warning on realtime kernels - ethernet: myri10ge: Fix missing error code in myri10ge_probe() - scsi: scsi_devinfo: Add blacklist entry for HPE OPEN-V - net: ipconfig: Don't override command-line hostnames or domains - rtnetlink: Fix missing error code in rtnl_bridge_notify() - net: Return the correct errno code - fib: Return the correct errno code - afs: Fix an IS_ERR() vs NULL check - mm/memory-failure: make sure wait for page writeback in memory_failure - batman-adv: Avoid WARN_ON timing related checks - net: ipv4: fix memory leak in netlbl_cipsov4_add_std - net: rds: fix memory leak in rds_recvmsg - udp: fix race between close() and udp_abort() - rtnetlink: Fix regression in bridge VLAN configuration - net/mlx5e: Block offload of outer header csum for UDP tunnels - netfilter: synproxy: Fix out of bounds when parsing TCP options - sch_cake: Fix out of bounds when parsing TCP options and header - alx: Fix an error handling path in 'alx_probe()' - net: stmmac: dwmac1000: Fix extended MAC address registers definition - net: add documentation to socket.c - net: make get_net_ns return error if NET_NS is disabled - qlcnic: Fix an error handling path in 'qlcnic_probe()' - netxen_nic: Fix an error handling path in 'netxen_nic_probe()' - ptp: ptp_clock: Publish scaled_ppm_to_ppb - ptp: improve max_adj check against unreasonable values - net: cdc_ncm: switch to eth%d interface naming - net: usb: fix possible use-after-free in smsc75xx_bind - [armhf] net: fec_ptp: fix issue caused by refactor the fec_devtype - net: ipv4: fix memory leak in ip_mc_add1_src - net/af_unix: fix a data-race in unix_dgram_sendmsg / unix_release_sock - be2net: Fix an error handling path in 'be_probe()' - net: hamradio: fix memory leak in mkiss_close - net: cdc_eem: fix tx fixup skb leak - icmp: don't send out ICMP messages with a source address of 0.0.0.0 - radeon: use memcpy_to/fromio for UVD fw upload - hwmon: (scpi-hwmon) shows the negative temperature properly - can: mcba_usb: fix memory leak in mcba_usb - usb: core: hub: Disable autosuspend for Cypress CY7C65632 - tracing: Do not stop recording cmdlines when tracing is off - tracing: Do not stop recording comms if the trace file is being read - tracing: Do no increment trace_clock_global() by one - PCI: Mark TI C667X to avoid bus reset - PCI: Mark some NVIDIA GPUs to avoid bus reset - PCI: Add ACS quirk for Broadcom BCM57414 NIC - PCI: Work around Huawei Intelligent NIC VF FLR erratum - [arm64,armhf] dmaengine: pl330: fix wrong usage of spinlock flags in dma_cyclc - net: bridge: fix vlan tunnel dst null pointer dereference - net: bridge: fix vlan tunnel dst refcnt when egressing - mm/slub: clarify verification reporting - mm/slub.c: include swab.h - [armhf] net: fec_ptp: add clock rate zero check - [arm64,armhf] KVM: arm/arm64: Fix KVM_VGIC_V3_ADDR_TYPE_REDIST read - can: bcm/raw/isotp: use per module netdevice notifier - inet: use bigger hash table for IP ID generation - [arm64,armhf] usb: dwc3: debugfs: Add and remove endpoint dirs dynamically - [arm64,armhf] usb: dwc3: core: fix kernel panic when do reboot - [x86] fpu: Reset state for all signal restore failures - module: limit enabling module.sig_enforce (CVE-2021-35039) - drm/nouveau: wait for moving fence after pinning v2 - drm/radeon: wait for moving fence after pinning - Revert "PCI: PM: Do not read power state in pci_enable_device_flags()" - mac80211: remove warning in ieee80211_get_sband() - cfg80211: call cfg80211_leave_ocb when switching away from OCB - mac80211: drop multicast fragments - net: ethtool: clear heap allocations for ethtool function - ping: Check return value of function 'ping_queue_rcv_skb' - inet: annotate date races around sk->sk_txhash - net/packet: annotate accesses to po->bind - net/packet: annotate accesses to po->ifindex - r8152: Avoid memcpy() over-reading of ETH_SS_STATS - r8169: Avoid memcpy() over-reading of ETH_SS_STATS - net: qed: Fix memcpy() overflow of qed_dcbx_params() - [x86] PCI: Add AMD RS690 quirk to enable 64-bit DMA - nilfs2: fix memory leak in nilfs_sysfs_delete_device_group - i2c: robotfuzz-osif: fix control-request directions https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.197 - mm: add VM_WARN_ON_ONCE_PAGE() macro - mm/rmap: remove unneeded semicolon in page_not_mapped() - mm/rmap: use page_not_mapped in try_to_unmap() - mm/thp: fix __split_huge_pmd_locked() on shmem migration entry - mm/thp: make is_huge_zero_pmd() safe and quicker - mm/thp: try_to_unmap() use TTU_SYNC for safe splitting - mm/thp: fix vma_address() if virtual address below file offset - mm/thp: fix page_address_in_vma() on file THP tails - mm/thp: unmap_mapping_page() to fix THP truncate_cleanup_page() - mm: thp: replace DEBUG_VM BUG with VM_WARN when unmap fails for split - mm: page_vma_mapped_walk(): use page for pvmw->page - mm: page_vma_mapped_walk(): settle PageHuge on entry - mm: page_vma_mapped_walk(): use pmde for *pvmw->pmd - mm: page_vma_mapped_walk(): prettify PVMW_MIGRATION block - mm: page_vma_mapped_walk(): crossing page table boundary - mm: page_vma_mapped_walk(): add a level of indentation - mm: page_vma_mapped_walk(): use goto instead of while (1) - mm: page_vma_mapped_walk(): get vma_address_end() earlier - mm/thp: fix page_vma_mapped_walk() if THP mapped by ptes - mm/thp: another PVMW_SYNC fix in page_vma_mapped_walk() - mm, futex: fix shared futex pgoff on shmem huge page - scsi: sr: Return appropriate error code when disk is ejected - drm/nouveau: fix dma_address check for CPU/GPU sync - ext4: eliminate bogus error in ext4_data_block_valid_rcu() - kthread_worker: split code for canceling the delayed work timer - kthread: prevent deadlock when kthread_mod_delayed_work() races with kthread_cancel_delayed_work_sync() - xen/events: reset active flag for lateeoi events later - [x86] KVM: SVM: Call SEV Guest Decommission if ASID binding fails - [armhf] OMAP: replace setup_irq() by request_irq() - [armhf] clocksource/drivers/timer-ti-dm: Add clockevent and clocksource support - [armhf] clocksource/drivers/timer-ti-dm: Prepare to handle dra7 timer wrap issue - [armhf] clocksource/drivers/timer-ti-dm: Handle dra7 timer wrap errata i940 https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.198 - scsi: core: Retry I/O for Notify (Enable Spinup) Required error - ALSA: usb-audio: fix rate on Ozone Z90 USB headset - ALSA: usb-audio: Fix OOB access at proc output - media: dvb-usb: fix wrong definition - Input: usbtouchscreen - fix control-request directions - net: can: ems_usb: fix use-after-free in ems_usb_disconnect() - usb: gadget: eem: fix echo command packet response issue - USB: cdc-acm: blacklist Heimann USB Appset device - [arm64,armhf] usb: dwc3: Fix debugfs creation flow - [x86] usb: typec: Add the missed altmode_id_remove() in typec_register_altmode() - xhci: solve a double free problem while doing s4 - iov_iter_fault_in_readable() should do nothing in xarray case - Input: joydev - prevent use of not validated data in JSIOCSBTNMAP ioctl (CVE-2021-3612) - [armel,armhf] arm_pmu: Fix write counter incorrect in ARMv7 big-endian mode - btrfs: send: fix invalid path for unlink operations after parent orphanization - btrfs: clear defrag status of a root if starting transaction fails - ext4: cleanup in-core orphan list if ext4_truncate() failed to get a transaction handle - ext4: fix kernel infoleak via ext4_extent_header - ext4: return error code when ext4_fill_flex_info() fails - ext4: correct the cache_nr in tracepoint ext4_es_shrink_exit - ext4: remove check for zero nr_to_scan in ext4_es_scan() - ext4: fix avefreec in find_group_orlov - ext4: use ext4_grp_locked_error in mb_find_extent - can: gw: synchronize rcu operations before removing gw job entry - can: peak_pciefd: pucan_handle_status(): fix a potential starvation issue in TX path - SUNRPC: Fix the batch tasks count wraparound. - SUNRPC: Should wake up the privileged task firstly. - [s390x] cio: dont call css_wait_for_slow_path() inside a lock - [x86] serial_cs: Add Option International GSM-Ready 56K/ISDN modem - [x86] serial_cs: remove wrong GLOBETROTTER.cis entry - ath9k: Fix kernel NULL pointer dereference during ath_reset_internal() - ssb: sdio: Don't overwrite const buffer if block_write fails - rsi: Assign beacon rate settings to the correct rate_info descriptor field - rsi: fix AP mode with WPA failure due to encrypted EAPOL - tracing/histograms: Fix parsing of "sym-offset" modifier - tracepoint: Add tracepoint_probe_register_may_exist() for BPF tracing - seq_buf: Make trace_seq_putmem_hex() support data longer than 8 - [powerpc*] stacktrace: Fix spurious "stale" traces in raise_backtrace_ipi() - fuse: check connected before queueing on fpq->io - spi: Make of_register_spi_device also set the fwnode - [i386] spi: spi-topcliff-pch: Fix potential double free in pch_spi_process_messages() - media: cpia2: fix memory leak in cpia2_usb_probe - media: pvrusb2: fix warning in pvr2_i2c_core_done - [x86] crypto: qat - check return code of qat_hal_rd_rel_reg() - [x86] crypto: qat - remove unused macro in FW loader - sched/fair: Fix ascii art by relpacing tabs - media: em28xx: Fix possible memory leak of em28xx struct - media: v4l2-core: Avoid the dangling pointer in v4l2_fh_release - media: bt8xx: Fix a missing check bug in bt878_probe - media: dvd_usb: memory leak in cinergyt2_fe_attach - mmc: via-sdmmc: add a check against NULL pointer dereference - crypto: shash - avoid comparing pointers to exported functions under CFI - media: dvb_net: avoid speculation from net slot - media: siano: fix device register error path - btrfs: fix error handling in __btrfs_update_delayed_inode - btrfs: abort transaction if we fail to update the delayed inode - btrfs: disable build on platforms having page size 256K - [armhf] regulator: da9052: Ensure enough delay time for .set_voltage_time_sel - HID: do not use down_interruptible() when unbinding devices - ACPI: processor idle: Fix up C-state latency if not ordered - [x86] hv_utils: Fix passing zero to 'PTR_ERR' warning - lib: vsprintf: Fix handling of number field widths in vsscanf - ACPI: EC: Make more Asus laptops use ECDT _GPE - block_dump: remove block_dump feature in mark_inode_dirty() - fs: dlm: cancel work sync othercon - random32: Fix implicit truncation warning in prandom_seed_state() - fs: dlm: fix memory leak when fenced - ACPICA: Fix memory leak caused by _CID repair function - ACPI: bus: Call kobject_put() in acpi_init() error path - [x86] platform/x86: toshiba_acpi: Fix missing error code in toshiba_acpi_setup_keyboard() - clocksource: Retry clock read if long delays detected - HID: wacom: Correct base usage for capacitive ExpressKey status bits - [armhf] sata_highbank: fix deferred probing - [mips*] pata_octeon_cf: avoid WARN_ON() in ata_host_activate() - [x86] crypto: ccp - Fix a resource leak in an error handling path - media: rc: i2c: Fix an error message - media: gspca/gl860: fix zero-length control requests - media: siano: Fix out-of-bounds warnings in smscore_load_firmware_family2() - btrfs: clear log tree recovering status if starting transaction fails - [armhf] spi: spi-sun6i: Fix chipselect/clock bug - ACPI: sysfs: Fix a buffer overrun problem with description_show() - blk-wbt: introduce a new disable state to prevent false positive by rwb_enabled() - blk-wbt: make sure throttle is enabled properly - ocfs2: fix snprintf() checking - [arm64,armhf] net: mvpp2: Put fwnode in error case during ->probe() - [i386] net: pch_gbe: Propagate error from devm_gpio_request_one() - [arm64] drm/rockchip: cdn-dp-core: add missing clk_disable_unprepare() on error in cdn_dp_grf_write() - RDMA/rxe: Fix failure during driver load - drm: qxl: ensure surf.data is ininitialized - ieee802154: hwsim: Fix possible memory leak in hwsim_subscribe_all_others - [arm64] wcn36xx: Move hal_buf allocation to devm_kmalloc in probe - ssb: Fix error return code in ssb_bus_scan() - brcmfmac: fix setting of station info chains bitmask - brcmfmac: correctly report average RSSI in station info - brcmsmac: mac80211_if: Fix a resource leak in an error handling path - ath10k: Fix an error code in ath10k_add_interface() - RDMA/mlx5: Don't add slave port to unaffiliated list - netfilter: nft_exthdr: check for IPv6 packet before further processing - netfilter: nft_osf: check for TCP packet before further processing - netfilter: nft_tproxy: restrict support to TCP and UDP transport protocols - RDMA/rxe: Fix qp reference counting for atomic ops - pkt_sched: sch_qfq: fix qfq_change_class() error path - vxlan: add missing rcu_read_lock() in neigh_reduce() - net/ipv4: swap flow ports when validating source - ieee802154: hwsim: Fix memory leak in hwsim_add_one - ieee802154: hwsim: avoid possible crash in hwsim_del_edge_nl() - mac80211: remove iwlwifi specific workaround NDPs of null_response - ipv6: exthdrs: do not blindly use init_net - bpf: Do not change gso_size during bpf_skb_change_proto() - i40e: Fix error handling in i40e_vsi_open - i40e: Fix autoneg disabling for non-10GBaseT links - ipv6: fix out-of-bound access in ip6_parse_tlv() - Bluetooth: mgmt: Fix slab-out-of-bounds in tlv_data_is_valid - Bluetooth: Fix handling of HCI_LE_Advertising_Set_Terminated event - writeback: fix obtain a reference to a freeing memcg css - net: lwtunnel: handle MTU calculation in forwading - net: sched: fix warning in tcindex_alloc_perfect_hash - RDMA/mlx5: Don't access NULL-cleared mpi pointer - tty: nozomi: Fix a resource leak in an error handling function - mwifiex: re-fix for unaligned accesses - [arm64] ASoC: hisilicon: fix missing clk_disable_unprepare() on error in hi6210_i2s_startup() - [x86] char: pcmcia: error out if 'num_bytes_read' is greater than 4 in set_protocol() - tty: nozomi: Fix the error handling path of 'nozomi_card_init()' - scsi: FlashPoint: Rename si_flags field - serial: 8250: Actually allow UPF_MAGIC_MULTIPLIER baud rates - of: Fix truncation of memory sizes on 32-bit platforms - [armhf] mtd: rawnand: marvell: add missing clk_disable_unprepare() on error in marvell_nfc_resume() - scsi: mpt3sas: Fix error return value in _scsih_expander_add() - configfs: fix memleak in configfs_release_bin_file - [powerpc*] Offline CPU in stop_this_cpu() - [arm64] serial: mvebu-uart: correctly calculate minimal possible baudrate - vfio/pci: Handle concurrent vma faults - mm/huge_memory.c: don't discard hugepage if other processes are mapping it - mmc: block: Disable CMDQ on the ioctl path - mmc: vub3000: fix control-request direction - drm/amd/amdgpu/sriov disable all ip hw status by default - [i386] net: pch_gbe: Use proper accessors to BE data in pch_ptp_match() - hugetlb: clear huge pte during flush function on mips platform - atm: iphase: fix possible use-after-free in ia_module_exit() - mISDN: fix possible use-after-free in HFC_cleanup() - atm: nicstar: Fix possible use-after-free in nicstar_cleanup() - net: Treat __napi_schedule_irqoff() as __napi_schedule() on PREEMPT_RT - reiserfs: add check for invalid 1st journal block - drm/virtio: Fix double free on probe failure - udf: Fix NULL pointer dereference in udf_symlink function - e100: handle eeprom as little endian - [arm64,armhf] clk: tegra: Ensure that PLLU configuration is applied properly - ipv6: use prandom_u32() for ID generation - RDMA/cxgb4: Fix missing error code in create_qp() - dm space maps: don't reset space map allocation cursor when committing - [armhf] pinctrl: mcp23s08: fix race condition in irq handler - ice: set the value of global config lock timeout longer - virtio_net: Remove BUG() to avoid machine dead - [arm64,armhf] net: mvpp2: check return value after calling platform_get_resource() - [amd64] fjes: check return value after calling platform_get_resource() - selinux: use __GFP_NOWARN with GFP_NOWAIT in the AVC - xfrm: Fix error reporting in xfrm_state_construct. - [arm64,armhf] wlcore/wl12xx: Fix wl12xx get_mac error if device is in ELP - [arm64,armhf] wl1251: Fix possible buffer overflow in wl1251_cmd_scan - net: fix mistake path for netdev_features_strings - rtl8xxxu: Fix device info for RTL8192EU devices - atm: nicstar: use 'dma_free_coherent' instead of 'kfree' - atm: nicstar: register the interrupt handler in the right place - vsock: notify server to shutdown when client has pending signal - RDMA/rxe: Don't overwrite errno from ib_umem_get() - iwlwifi: mvm: don't change band on bound PHY contexts - iwlwifi: pcie: free IML DMA memory allocation - sfc: avoid double pci_remove of VFs - sfc: error code if SRIOV cannot be disabled - wireless: wext-spy: Fix out-of-bounds warning - net: ip: avoid OOM kills with large UDP sends over loopback - RDMA/cma: Fix rdma_resolve_route() memory leak - Bluetooth: Fix the HCI to MGMT status conversion table - Bluetooth: Shutdown controller after workqueues are flushed or cancelled - Bluetooth: btusb: fix bt fiwmare downloading failure issue for qca btsoc. - sctp: validate from_addr_param return (CVE-2021-3655) - sctp: add size validation when walking chunks (CVE-2021-3655) - fscrypt: don't ignore minor_hash when hash is 0 - bdi: Do not use freezable workqueue - [arm64] serial: mvebu-uart: clarify the baud rate derivation - [arm64] serial: mvebu-uart: fix calculation of clock divisor - fuse: reject internal errno - [powerpc*] barrier: Avoid collision with clang's __lwsync macro - usb: gadget: f_fs: Fix setting of device and driver data cross-references - drm/radeon: Add the missed drm_gem_object_put() in radeon_user_framebuffer_create() - pinctrl/amd: Add device HID for new AMD GPIO controller - [arm64] drm/msm/mdp4: Fix modifier support enabling - mmc: sdhci: Fix warning message when accessing RPMB in HS400 mode - mmc: core: clear flags before allowing to retune - mmc: core: Allow UHS-I voltage switch for SDSC cards if supported - [armhf] ata: ahci_sunxi: Disable DIPM - cpu/hotplug: Cure the cpusets trainwreck - [arm64,armhf] clocksource/arm_arch_timer: Improve Allwinner A64 timer workaround - [arm64,armhf] ASoC: tegra: Set driver_name=tegra for all machine drivers - qemu_fw_cfg: Make fw_cfg_rev_attr a proper kobj_attribute - ipmi/watchdog: Stop watchdog timer when the current action is 'none' - seq_buf: Fix overflow in seq_buf_putmem_hex() - tracing: Simplify & fix saved_tgids logic - tracing: Resize tgid_map to pid_max, not PID_MAX_DEFAULT - dm btree remove: assign new_root only when removal succeeds - PCI: Leave Apple Thunderbolt controllers on for s2idle or standby - [arm64] PCI: aardvark: Fix checking for PIO Non-posted Request - media: subdev: disallow ioctl for saa6588/davinci - media: dtv5100: fix control-request directions - media: zr364xx: fix memory leak in zr364xx_start_readpipe - media: gspca/sq905: fix control-request direction - media: gspca/sunplus: fix zero-length control requests - media: uvcvideo: Fix pixel format change for Elgato Cam Link 4K - [armhf] pinctrl: mcp23s08: Fix missing unlock on error in mcp23s08_irq() - jfs: fix GPF in diFree - [x86] KVM: x86: Use guest MAXPHYADDR from CPUID.0x8000_0008 iff TDP is enabled - [x86] KVM: X86: Disable hardware breakpoints unconditionally before kvm_x86->run() - scsi: core: Fix bad pointer dereference when ehandler kthread is invalid - tracing: Do not reference char * as a string in histograms - [arm64] PCI: aardvark: Don't rely on jiffies while holding spinlock - [arm64] PCI: aardvark: Fix kernel panic during PIO transfer - [x86] misc/libmasm/module: Fix two use after free in ibmasm_init_one - Revert "ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro" - w1: ds2438: fixing bug that would always get page0 - scsi: lpfc: Fix "Unexpected timeout" error in direct attach topology - scsi: lpfc: Fix crash when lpfc_sli4_hba_setup() fails to initialize the SGLs - scsi: core: Cap scsi_host cmd_per_lun at can_queue - [x86] tty: serial: 8250: serial_cs: Fix a memory leak in error handling path - scsi: scsi_dh_alua: Check for negative result value - fs/jfs: Fix missing error code in lmLogInit() - scsi: iscsi: Add iscsi_cls_conn refcount helpers - scsi: iscsi: Fix conn use after free during resets - scsi: iscsi: Fix shost->max_id use - scsi: qedi: Fix null ref during abort handling - [armhf] mfd: da9052/stmpe: Add and modify MODULE_DEVICE_TABLE - [s390x] sclp_vt220: fix console name to match device (Closes: #961056) - [i386] ALSA: sb: Fix potential double-free of CSP mixer elements - [powerpc*] ps3: Add dma_mask to ps3_dma_region - [arm64] gpio: zynq: Check return value of pm_runtime_get_sync - [arm64,armhf] gpio: pca953x: Add support for the On Semi pca9655 - ASoC: soc-core: Fix the error return code in snd_soc_of_parse_audio_routing() - ALSA: bebob: add support for ToneWeal FW66 - usb: gadget: f_hid: fix endianness issue with descriptors - [powerpc*] boot: Fixup device-tree on little endian - [arm64,armhf] ALSA: hda: Add IRQ check for platform_get_irq() - [x86] intel_th: Wait until port is in reset before programming it - i2c: core: Disable client irq on reboot/shutdown - lib/decompress_unlz4.c: correctly handle zero-padding around initrds. - [x86] power: supply: max17042: Do not enforce (incorrect) interrupt trigger type - [armel,armhf] power: reset: gpio-poweroff: add missing MODULE_DEVICE_TABLE - [x86] watchdog: Fix possible use-after-free in wdt_startup() - [x86] watchdog: Fix possible use-after-free by calling del_timer_sync() - [x86] watchdog: iTCO_wdt: Account for rebooting on second timeout - [x86] fpu: Return proper error codes from user access functions - [arm64,armhf] PCI: tegra: Add missing MODULE_DEVICE_TABLE - orangefs: fix orangefs df output. - ceph: remove bogus checks and WARN_ONs from ceph_set_page_dirty - NFS: nfs_find_open_context() may only select open files - [arm64,armhf] pwm: tegra: Don't modify HW state in .remove callback - [arm64] ACPI: AMBA: Fix resource name in /proc/iomem - [x86] ACPI: video: Add quirk for the Dell Vostro 3350 - virtio-blk: Fix memory leak among suspend/resume procedure - virtio_net: Fix error handling in virtnet_restore() - virtio_console: Assure used length from device is limited (CVE-2021-38160) - f2fs: add MODULE_SOFTDEP to ensure crc32 is included in the initramfs - PCI/sysfs: Fix dsm_label_utf16s_to_utf8s() buffer overrun - NFSv4: Initialise connection to the server in nfs4_alloc_client() (CVE-2021-38199) - nfs: fix acl memory leak of posix_acl_create() - ubifs: Set/Clear I_LINKABLE under i_lock for whiteout inode - [x86] fpu: Limit xstate copy size in xstateregs_set() - virtio_net: move tx vq operation under tx queue lock - [i386] ALSA: isa: Fix error return code in snd_cmi8330_probe() - NFSv4/pNFS: Don't call _nfs4_pnfs_v3_ds_connect multiple times - rtc: fix snprintf() checking in is_rtc_hctosys() - [arm64,armhf] reset: bail if try_module_get() fails - [armhf] dts: am335x: align ti,pindir-d0-out-d1-in property with dt-shema - scsi: be2iscsi: Fix an error handling path in beiscsi_dev_probe() - net: bridge: multicast: fix PIM hello router port marking race - scsi: scsi_dh_alua: Fix signedness bug in alua_rtpg() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.199 - [armhf] dts: rockchip: fix pinctrl sleep nodename for rk3036-kylin and rk3288 - [armhf] imx: pm-imx5: Fix references to imx5_cpu_suspend_info - [armhf] dts: rockchip: fix supply properties in io-domains nodes - [arm64,armhf] soc/tegra: fuse: Fix Tegra234-only builds - thermal/core: Correct function name thermal_zone_device_unregister() - [arm64,armhf] rtc: max77686: Do not enforce (incorrect) interrupt trigger type - scsi: aic7xxx: Fix unintentional sign extension issue on left shift of u8 - scsi: libsas: Add LUN number check in .slave_alloc callback - scsi: libfc: Fix array index out of bound exception - sched/fair: Fix CFS bandwidth hrtimer expiry type - mm: slab: fix kmem_cache_create failed when sysfs node not destroyed - dm writecache: return the exact table values that were set - dm writecache: fix writing beyond end of underlying device when shrinking - [arm64,armhf] net: dsa: mv88e6xxx: enable .rmu_disable() on Topaz - net: ipv6: fix return value of ip6_skb_dst_mtu - netfilter: ctnetlink: suspicious RCU usage in ctnetlink_dump_helpinfo - net: bridge: sync fdb to new unicast-filtering ports - [arm64] net: qcom/emac: fix UAF in emac_remove - net: ti: fix UAF in tlan_remove_one - net: send SYNACK packet with accepted fwmark - net: validate lwtstate->data before returning from skb_tunnel_info() - dma-buf/sync_file: Don't leak fences on merge failure - tcp: annotate data races around tp->mtu_info - ipv6: tcp: drop silly ICMPv6 packet too big messages - udp: annotate data races around unix_sk(sk)->gso_size - net: ip_tunnel: fix mtu calculation for ETHER tunnel devices - igb: Fix use-after-free error during reset - ixgbe: Fix an error handling path in 'ixgbe_probe()' - igb: Fix an error handling path in 'igb_probe()' - e1000e: Fix an error handling path in 'e1000_probe()' - iavf: Fix an error handling path in 'iavf_probe()' - igb: Check if num of q_vectors is smaller than max before array access - igb: Fix position of assignment to *ring - ipv6: fix 'disable_policy' for fwd packets - nvme-pci: do not call nvme_dev_remove_admin from nvme_remove - liquidio: Fix unintentional sign extension issue on left shift of u16 - net: fix uninit-value in caif_seqpkt_sendmsg - net: decnet: Fix sleeping inside in af_decnet - [powerpc*] KVM: PPC: Fix kvm_arch_vcpu_ioctl vcpu_load leak - netrom: Decrease sock refcount when sock timers expire - scsi: iscsi: Fix iface sysfs attr detection - scsi: target: Fix protect handling in WRITE SAME(32) - net/tcp_fastopen: fix data races around tfo_active_disable_stamp - net/sched: act_skbmod: Skip non-Ethernet packets - nvme-pci: don't WARN_ON in nvme_reset_work if ctrl.state is not RESETTING - Revert "USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem" - sctp: update active_key for asoc when old key is being replaced - net: sched: cls_api: Fix the the wrong parameter - [arm64,armhf] drm/panel: raspberrypi-touchscreen: Prevent double-free - proc: Avoid mixing integer types in mem_rw() - [s390x] ftrace: fix ftrace_update_ftrace_func implementation - ALSA: usb-audio: Add registration quirk for JBL Quantum headsets - [i386] ALSA: sb: Fix potential ABBA deadlock in CSP driver - xhci: Fix lost USB 2 remote wake - [powerpc*] KVM: PPC: Book3S: Fix H_RTAS rets buffer overflow (CVE-2021-37576) - usb: hub: Disable USB 3 device initiated lpm if exit latency is too high - usb: hub: Fix link power management max exit latency (MEL) calculations - USB: usb-storage: Add LaCie Rugged USB3-FW to IGNORE_UAS - USB: serial: option: add support for u-blox LARA-R6 family - USB: serial: cp210x: fix comments for GE CS1000 - USB: serial: cp210x: add ID for CEL EM3588 USB ZigBee stick - [arm*] usb: dwc2: gadget: Fix sending zero length packet in DDMA mode. - tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop. (CVE-2021-3679) - media: ngene: Fix out-of-bounds bug in ngene_command_config_free_buf() - ixgbe: Fix packet corruption due to missing DMA sync - drm: Return -ENOTTY for non-drm ioctls - KVM: do not assume PTE is writable after follow_pfn - KVM: do not allow mapping valid but non-reference-counted pages (CVE-2021-22543) - KVM: Use kvm_pfn_t for local PFN variable in hva_to_pfn_remapped() - [arm64,armhf] net: dsa: mv88e6xxx: use correct .stats_set_histogram() on Topaz - btrfs: compression: don't try to compress if we don't have enough pages - PCI: Mark AMD Navi14 GPU ATS as broken - xhci: add xhci_get_virt_ep() helper https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.200 - [x86] KVM: determine if an exception has an error code only when injecting it. - net: split out functions related to registering inflight socket files - af_unix: fix garbage collect vs MSG_PEEK - workqueue: fix UAF in pwq_unbound_release_workfn() - net/802/mrp: fix memleak in mrp_request_join() - net/802/garp: fix memleak in garp_request_join() - net: annotate data race around sk_ll_usec - sctp: move 198 addresses from unusable to private scope - hfs: add missing clean-up in hfs_fill_super - hfs: fix high memory mapping in hfs_bnode_read - hfs: add lock nesting notation to hfs_find_init - cifs: fix the out of range assignment to bit fields in parse_server_interfaces https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.201 - virtio_net: Do not pull payload in skb->head - gro: ensure frag0 meets IP header alignment - [x86] asm: Ensure asm/proto.h can be included stand-alone - btrfs: fix rw device counting in __btrfs_free_extra_devids - [x86] kvm: fix vcpu-id indexed array sizes - ocfs2: fix zero out valid data - ocfs2: issue zeroout to EOF blocks - can: raw: raw_setsockopt(): fix raw_rcv panic for sock UAF - can: mcba_usb_start(): add missing urb->transfer_dma initialization - can: usb_8dev: fix memory leak - can: ems_usb: fix memory leak - can: esd_usb2: fix memory leak - NIU: fix incorrect error return, missed in previous revert - nfc: nfcsim: fix use after free during module unload - cfg80211: Fix possible memory leak in function cfg80211_bss_update - netfilter: conntrack: adjust stop timestamp to real expiry value - netfilter: nft_nat: allow to specify layer 4 protocol NAT only - i40e: Fix logic of disabling queues - i40e: Fix log TC creation failure when max num of queues is exceeded - tipc: fix sleeping in tipc accept routine - mlx4: Fix missing error code in mlx4_load_one() - net: llc: fix skb_over_panic - net/mlx5: Fix flow table chaining - sctp: fix return value check in __sctp_rcv_asconf_lookup - tulip: windbond-840: Fix missing pci_disable_device() in probe and remove - sis900: Fix missing pci_disable_device() in probe and remove - [powerpc*] pseries: Fix regression while building external modules - i40e: Add additional info to PHY type error https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.202 - btrfs: mark compressed range uptodate only if all bio succeed - r8152: Fix potential PM refcount imbalance - qed: fix possible unpaired spin_{un}lock_bh in _qed_mcp_cmd_and_union() - net: Fix zero-copy head len calculation. - bdi: move bdi_dev_name out of line - bdi: use bdi_dev_name() to get device name - bdi: add a ->dev_name field to struct backing_dev_info - Revert "Bluetooth: Shutdown controller after workqueues are flushed or cancelled" - [x86] Revert "watchdog: iTCO_wdt: Account for rebooting on second timeout" - padata: validate cpumask without removed CPU during offline - padata: add separate cpuhp node for CPUHP_PADATA_DEAD https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.203 - Revert "ACPICA: Fix memory leak caused by _CID repair function" - ALSA: seq: Fix racy deletion of subscriber - [armhf] imx: add missing iounmap() - ALSA: usb-audio: fix incorrect clock source setting - scsi: sr: Return correct event when media event code is 3 - media: videobuf2-core: dequeue if start_streaming fails - net: natsemi: Fix missing pci_disable_device() in probe and remove - sctp: move the active_key update after sh_keys is added - nfp: update ethtool reporting of pauseframe control - net: ipv6: fix returned variable type in ip6_skb_dst_mtu - bnx2x: fix an error code in bnx2x_nic_load() - net: pegasus: fix uninit-value in get_interrupt_interval - [armhf] net: fec: fix use-after-free in fec_drv_remove - net: vxge: fix use-after-free in vxge_device_unregister - Bluetooth: defer cleanup of resources in hci_unregister_dev() - USB: usbtmc: Fix RCU stall warning - USB: serial: option: add Telit FD980 composition 0x1056 - USB: serial: ch341: fix character loss at high transfer rates - USB: serial: ftdi_sio: add device ID for Auto-M3 OP-COM v2 - firmware_loader: use -ETIMEDOUT instead of -EAGAIN in fw_load_sysfs_fallback - firmware_loader: fix use-after-free in firmware_fallback_sysfs - ALSA: usb-audio: Add registration quirk for JBL Quantum 600 - usb: gadget: f_hid: added GET_IDLE and SET_IDLE handlers - usb: gadget: f_hid: fixed NULL pointer dereference - usb: gadget: f_hid: idle uses the highest byte for duration - tracing/histogram: Rename "cpu" to "common_cpu" - [arm64] optee: Clear stale cache entries during initialization - staging: rtl8723bs: Fix a resource leak in sd_int_dpc - media: rtl28xxu: fix zero-length control request - pipe: increase minimum default pipe size to 2 pages - ext4: fix potential htree corruption when growing large_dir directories - serial: 8250: Mask out floating 16/32-bit bus bits - [mips*] Malta: Do not byte-swap accesses to the CBUS UART - [x86] pcmcia: i82092: fix a null pointer dereference bug - [x86] KVM: accept userspace interrupt only if no event is injected - [x86] KVM: x86/mmu: Fix per-cpu counter corruption on 32-bit builds - [armhf] spi: meson-spicc: fix memory leak in meson_spicc_remove - qmi_wwan: add network device usage statistics for qmimux devices - libata: fix ata_pio_sector for CONFIG_HIGHMEM - reiserfs: add check for root_inode in reiserfs_fill_super - reiserfs: check directory items on read from disk - net/qla3xxx: fix schedule while atomic in ql_wait_for_drvr_lock and ql_adapter_reset - [armhf] imx: add mmdc ipg clock operation for mmdc https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.204 - [x86] KVM: SVM: Fix off-by-one indexing when nullifying last used SEV VMCB - bpf: Inherit expanded/patched seen count from old aux data (CVE-2021-33624) - bpf: Do not mark insn as seen under speculative path verification (CVE-2021-33624) - bpf: Fix leakage under speculation on mispredicted branches (CVE-2021-33624) - [x86] KVM: MMU: Use the correct inherited permissions to get shadow page (CVE-2021-38198) - USB:ehci:fix Kunpeng920 ehci hardware problem - ppp: Fix generating ppp unit id when ifname is not specified - ovl: prevent private clone if bind mount is not allowed CVE-2021-3732) - net: xilinx_emaclite: Do not print real IOMEM pointer (CVE-2021-38205) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.205 - [x86] ASoC: intel: atom: Fix reference to PCM buffer address - i2c: dev: zero out array used for i2c reads from userspace - [amd64,arm64] ACPI: NFIT: Fix support for virtual SPA ranges - ieee802154: hwsim: fix GPF in hwsim_set_edge_lqi - ieee802154: hwsim: fix GPF in hwsim_new_edge_nl - ppp: Fix generating ifname when empty IFLA_IFNAME is specified - net: Fix memory leak in ieee802154_raw_deliver - net: igmp: fix data-race in igmp_ifc_timer_expire() - net: bridge: fix memleak in br_add_if() - tcp_bbr: fix u32 wrap bug in round logic if bbr_init() called after 2B packets - net: igmp: increase size of mr_ifc_count - xen/events: Fix race in set_evtchn_to_irq - vsock/virtio: avoid potential deadlock when vsock device remove - [powerpc*] kprobes: Fix kprobe Oops happens in booke - genirq: Provide IRQCHIP_AFFINITY_PRE_STARTUP - [x86] msi: Force affinity setup before startup - [x86] ioapic: Force affinity setup before startup - genirq/msi: Ensure deactivation on teardown - PCI/MSI: Enable and mask MSI-X early - PCI/MSI: Do not set invalid bits in MSI mask - PCI/MSI: Correct misleading comments - PCI/MSI: Use msi_mask_irq() in pci_msi_shutdown() - PCI/MSI: Protect msi_desc::masked for multi-MSI - PCI/MSI: Mask all unused MSI-X entries - PCI/MSI: Enforce that MSI-X table entry is masked for update - PCI/MSI: Enforce MSI[X] entry updates to be visible - [amd64] iommu/vt-d: Fix agaw for a supported 48 bit guest address width - mac80211: drop data frames without key on encrypted links - [x86] KVM: nSVM: always intercept VMLOAD/VMSAVE when nested (CVE-2021-3656) - [x86] KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl (CVE-2021-3653) - [x86] fpu: Make init_fpstate correct with optimized XSAVE - ath: Use safer key clearing with key cache entries (CVE-2020-3702) - ath9k: Clear key cache explicitly on disabling hardware (CVE-2020-3702) - ath: Export ath_hw_keysetmac() (CVE-2020-3702) - ath: Modify ath_key_delete() to not need full key entry (CVE-2020-3702) - ath9k: Postpone key cache entry deletion for TXQ frames reference it (CVE-2020-3702) - dmaengine: of-dma: router_xlate to return -EPROBE_DEFER if controller is not yet available - scsi: megaraid_mm: Fix end of loop tests for list_for_each_entry() - scsi: scsi_dh_rdac: Avoid crash during rdac_bus_attach() - scsi: core: Avoid printing an error if target_alloc() returns -ENXIO - net: usb: lan78xx: don't modify phy_device state concurrently - Bluetooth: hidp: use correct wait queue when removing ctrl_wait - [arm64] cpufreq: armada-37xx: forbid cpufreq for 1.2 GHz variant - vhost: Fix the calculation in vhost_overflow() - bnxt: don't lock the tx queue from napi poll - bnxt: disable napi before canceling DIM - net: 6pack: fix slab-out-of-bounds in decode_data - net: qlcnic: add missed unlock in qlcnic_83xx_flash_read32 - [arm64,armhf] net: mdio-mux: Don't ignore memory allocation errors - [arm64,armhf] net: mdio-mux: Handle -EPROBE_DEFER correctly - [arm64,armhf] mmc: dw_mmc: Fix hang on data CRC error - ALSA: hda - fix the 'Capture Switch' value change notifications - btrfs: prevent rename2 from exchanging a subvol with a directory from different parents - PCI: Increase D3 delay for AMD Renoir/Cezanne XHCI - [x86] ASoC: intel: atom: Fix breakage for PCM buffer address setup - locks: print a warning when mount fails due to lack of "mand" support - fs: warn about impending deprecation of mandatory locks - netfilter: nft_exthdr: fix endianness of tcp option cast https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.206 - net: qrtr: fix another OOB Read in qrtr_endpoint_post (CVE-2021-3743) - bpf: Do not use ax register in interpreter on div/mod - bpf: Fix 32 bit src register truncation on div/mod (CVE-2021-3600) - bpf: Fix truncation handling for mod32 dst reg wrt zero (CVE-2021-3444) - netfilter: conntrack: collect all entries in one cycle - once: Fix panic when module unload - can: usb: esd_usb2: esd_usb2_rx_event(): fix the interchange of the CAN RX and TX error counters - Revert "USB: serial: ch341: fix character loss at high transfer rates" - USB: serial: option: add new VID/PID to support Fibocom FG150 - [arm64,armhf] usb: dwc3: gadget: Fix dwc3_calc_trbs_left() - [arm64,armhf] usb: dwc3: gadget: Stop EP0 transfers during pullup disable - [amd64] IB/hfi1: Fix possible null-pointer dereference in _extend_sdma_tx_descs() - e1000e: Fix the max snoop/no-snoop latency for 10M - ip_gre: add validation for csum_start - [arm64] xgene-v2: Fix a resource leak in the error handling path of 'xge_probe()' - [arm64,armhf] net: marvell: fix MVNETA_TX_IN_PRGRS bit number - [arm64] net: hns3: fix get wrong pfc_en when query PFC configuration - usb: gadget: u_audio: fix race condition on endpoint stop - opp: remove WARN when no valid OPPs remain - virtio: Improve vq->broken access to avoid any compiler optimization - virtio_pci: Support surprise removal of virtio pci device - [amd64] vringh: Use wiov->used to check for read/write desc order - qed: qed ll2 race condition fixes - qed: Fix null-pointer dereference in qed_rdma_create_qp() - drm: Copy drm_wait_vblank to user before returning - drm/nouveau/disp: power down unused DP links during init - net/rds: dma_map_sg is entitled to merge entries - vt_kdsetmode: extend console locking (CVE-2021-3753) - fbmem: add margin check to fb_check_caps() - [x86] KVM: x86/mmu: Treat NX as used (not reserved) for all !TDP shadow MMUs - Revert "floppy: reintroduce O_NDELAY fix" - net: don't unconditionally copy_from_user a struct ifreq for socket ioctls https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.207 - ext4: fix race writing to an inline_data file while its xattrs are changing (CVE-2021-40490) - [armhf] gpu: ipu-v3: Fix i.MX IPU-v3 offset calculations for (semi)planar U/V formats - qed: Fix the VF msix vectors flow - [arm64] net: macb: Add a NULL check on desc_ptp - qede: Fix memset corruption - [x86] perf/x86/intel/pt: Fix mask of num_address_ranges - [x86] perf/x86/amd/ibs: Work around erratum #1197 - [armel,armhf] 8918/2: only build return_address() if needed - ALSA: pcm: fix divide error in snd_pcm_lib_ioctl - clk: fix build warning for orphan_list - media: stkwebcam: fix memory leak in stk_camera_probe - [armhf] imx: add missing clk_disable_unprepare() - [armhf] imx: fix missing 3rd argument in macro imx_mmdc_perf_init - igmp: Add ip_mc_list lock in ip_check_mc_rcu - ipv4/icmp: l3mdev: Perform icmp error route lookup on source device routing table (v2) - SUNRPC/nfs: Fix return value for nfs4_callback_compound() - [powerpc*] module64: Fix comment in R_PPC64_ENTRY handling - [powerpc*] boot: Delete unneeded .globl _zimage_start - mm/page_alloc: speed up the iteration of max_order - Revert "btrfs: compression: don't try to compress if we don't have enough pages" - ALSA: usb-audio: Add registration quirk for JBL Quantum 800 - [x86] reboot: Limit Dell Optiplex 990 quirk to early BIOS versions - PCI: Call Max Payload Size-related fixup quirks early - locking/mutex: Fix HANDOFF condition - regmap: fix the offset of register error log - sched/deadline: Fix reset_on_fork reporting of DL tasks - power: supply: axp288_fuel_gauge: Report register-address on readb / writeb errors - sched/deadline: Fix missing clock update in migrate_task_rq_dl() - hrtimer: Avoid double reprogramming in __hrtimer_start_range_ns() - udf: Check LVID earlier - isofs: joliet: Fix iocharset=utf8 mount option - bcache: add proper error unwinding in bcache_device_init - nvme-rdma: don't update queue count when failing to set io queues - [x86] power: supply: max17042_battery: fix typo in MAx17042_TOFF - [s390x] cio: add dev_busid sysfs entry for each subchannel - libata: fix ata_host_start() - [x86] crypto: qat - do not ignore errors from enable_vf2pf_comms() - [x86] crypto: qat - handle both source of interrupt in VF ISR - [x86] crypto: qat - fix reuse of completion variable - [x86] crypto: qat - fix naming for init/shutdown VF to PF notifications - [x86] crypto: qat - do not export adf_iov_putmsg() - fcntl: fix potential deadlock for &fasync_struct.fa_lock - udf_get_extendedattr() had no boundary checks. - lib/mpi: use kcalloc in mpi_resize - [x86] crypto: qat - use proper type for vf_mask - media: dvb-usb: fix uninit-value in dvb_usb_adapter_dvb_init - media: dvb-usb: fix uninit-value in vp702x_read_mac_addr - media: go7007: remove redundant initialization - Bluetooth: sco: prevent information leak in sco_conn_defer_accept() - tcp: seq_file: Avoid skipping sk during tcp_seek_last_pos - media: em28xx-input: fix refcount bug in em28xx_usb_disconnect - [arm64] media: venus: venc: Fix potential null pointer dereference on pointer fmt - PCI: PM: Avoid forcing PCI_D0 for wakeup reasons inconsistently - PCI: PM: Enable PME if it can be signaled from D3cold - Bluetooth: increase BTNAMSIZ to 21 chars to fix potential buffer overflow - [arm64] drm/msm/dpu: make dpu_hw_ctl_clear_all_blendstages clear necessary LMs - Bluetooth: fix repeated calls to sco_sock_kill - [arm64] drm/msm/dsi: Fix some reference counted resource leaks - [armhf] usb: phy: twl6030: add IRQ checks - Bluetooth: Move shutdown callback before flushing tx and rx queue - mac80211: Fix insufficient headroom issue for AMSDU - Bluetooth: add timeout sanity check to hci_inquiry - [armhf] i2c: s3c2410: fix IRQ check - [arm64,armhf] mmc: dw_mmc: Fix issue with uninitialized dma_slave_config - CIFS: Fix a potencially linear read overflow - [arm*] usb: ehci-orion: Handle errors of clk_prepare_enable() in probe - ath6kl: wmi: fix an error code in ath6kl_wmi_sync_point() - bcma: Fix memory leak for internally-handled cores - ipv4: make exception cache less predictible - net: sched: Fix qdisc_rate_table refcount leak when get tcf_block failed - ipv4: fix endianness issue in inet_rtm_getroute_build_skb() - netns: protect netns ID lookups with RCU - fscrypt: add fscrypt_symlink_getattr() for computing st_size - ext4: report correct st_size for encrypted symlinks - f2fs: report correct st_size for encrypted symlinks - ubifs: report correct st_size for encrypted symlinks - tty: Fix data race between tiocsti() and flush_to_ldisc() - [x86] KVM: Update vCPU's hv_clock before back to guest when tsc_offset is adjusted - fbmem: don't allow too huge resolutions - [arm64,armhf] backlight: pwm_bl: Improve bootloader/kernel device handover - [armel] clk: kirkwood: Fix a clocking boot regression - btrfs: reset replace target device to allocation state on close - blk-zoned: allow zone management send operations without CAP_SYS_ADMIN - blk-zoned: allow BLKREPORTZONE without CAP_SYS_ADMIN - PCI/MSI: Skip masking MSI-X on Xen PV - [powerpc*] perf/hv-gpci: Fix counter value parsing - xen: fix setting of max_pfn in shared_info - 9p/xen: Fix end of loop tests for list_for_each_entry - bpf/verifier: per-register parent pointers - bpf: correct slot_type marking logic to allow more stack slot sharing - bpf: Support variable offset stack access from helpers - bpf: Reject indirect var_off stack access in raw mode - bpf: Reject indirect var_off stack access in unpriv mode - bpf: Sanity check max value for var_off stack access - bpf: track spill/fill of constants - bpf: Introduce BPF nospec instruction for mitigating Spectre v4 (CVE-2021-34556, CVE-2021-35477) - bpf: Fix leakage due to insufficient speculative store bypass mitigation (CVE-2021-34556, CVE-2021-35477) - bpf: verifier: Allocate idmap scratch in verifier env - bpf: Fix pointer arithmetic mask tightening under state pruning - [arm64] head: avoid over-mapping in map_memory - block: bfq: fix bfq_set_next_ioprio_data() - [x86] power: supply: max17042: handle fails of reading status register - dm crypt: Avoid percpu_counter spinlock contention in crypt_page_alloc() - [x86] VMCI: fix NULL pointer dereference when unmapping queue pair - media: uvc: don't do DMA on stack - media: rc-loopback: return number of emitters rather than error - libata: add ATA_HORKAGE_NO_NCQ_TRIM for Samsung 860 and 870 SSDs - PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported - PCI: Return ~0 data on pciconfig_read() CAP_SYS_ADMIN failure - [arm64] PCI: xilinx-nwl: Enable the clock through CCF - [arm64] PCI: aardvark: Increase polling delay to 1.5s while waiting for PIO response - [arm64] PCI: aardvark: Fix masking and unmasking legacy INTx interrupts - HID: input: do not report stylus battery state as "full" - RDMA/iwcm: Release resources if iw_cm module initialization fails - docs: Fix infiniband uverbs minor number - [armhf] pinctrl: samsung: Fix pinctrl bank pin count - [powerpc*] stacktrace: Include linux/delay.h - [arm64,armhf] pinctrl: single: Fix error return code in pcs_parse_bits_in_pinctrl_entry() - scsi: qedi: Fix error codes in qedi_alloc_global_queues() - [x86] platform/x86: dell-smbios-wmi: Add missing kfree in error-exit from run_smbios_call - fscache: Fix cookie key hashing - f2fs: fix to account missing .skipped_gc_rwsem - f2fs: fix to unmap pages from userspace process in punch_hole() - [mips*] Malta: fix alignment of the devicetree buffer - userfaultfd: prevent concurrent API initialization - media: dib8000: rewrite the init prbs logic - PCI: Use pci_update_current_state() in pci_enable_device_flags() - tipc: keep the skb in rcv queue until the whole data is read - video: fbdev: kyro: fix a DoS bug by restricting user input - netlink: Deal with ESRCH error in nlmsg_notify() - usb: gadget: u_ether: fix a potential null pointer dereference - usb: gadget: composite: Allow bMaxPower=0 if self-powered - tty: serial: jsm: hold port lock when reporting modem line changes - video: fbdev: kyro: Error out if 'pixclock' equals zero - ipv4: ip_output.c: Fix out-of-bounds warning in ip_copy_addrs() - flow_dissector: Fix out-of-bounds warnings - [s390x] jump_label: print real address in a case of a jump label bug - serial: 8250: Define RX trigger levels for OxSemi 950 devices - serial: 8250_pci: make setup_port() parameters explicitly unsigned - Bluetooth: skip invalid hci_sync_conn_complete_evt - bonding: 3ad: fix the concurrency between __bond_release_one() and bond_3ad_state_machine_handler() - [x86] ASoC: Intel: bytcr_rt5640: Move "Platform Clock" routes to the maps for the matching in-/output - media: v4l2-dv-timings.c: fix wrong condition in two for-loops - [armhf] dts: imx53-ppd: Fix ACHC entry - [arm64] dts: qcom: sdm660: use reg value for memory node - [arm64] net: ethernet: stmmac: Do not use unreachable() in ipq806x_gmac_probe() - Bluetooth: schedule SCO timeouts with delayed_work - Bluetooth: avoid circular locks in sco_sock_connect - gpu: drm: amd: amdgpu: amdgpu_i2c: fix possible uninitialized-variable access in amdgpu_i2c_router_select_ddc_port() - Bluetooth: Fix handling of LE Enhanced Connection Complete - tcp: enable data-less, empty-cookie SYN with TFO_SERVER_COOKIE_NOT_REQD - rpc: fix gss_svc_init cleanup on failure - [x86] staging: rts5208: Fix get_ms_information() heap buffer size - gfs2: Don't call dlm after protocol is unmounted - of: Don't allow __of_attached_node_sysfs() without CONFIG_SYSFS - [arm64] mmc: sdhci-of-arasan: Check return value of non-void funtions - mmc: rtsx_pci: Fix long reads when clock is prescaled - mmc: core: Return correct emmc response in case of ioctl error - cifs: fix wrong release in sess_alloc_buffer() failed path - Revert "USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST quirk set" - [armhf] usb: musb: musb_dsps: request_irq() after initializing musb - usbip: give back URBs for unsent unlink requests during cleanup - usbip:vhci_hcd USB port can get stuck in the disabled state - [arm64,armhf] ASoC: rockchip: i2s: Fix regmap_ops hang - [arm64,armhf] ASoC: rockchip: i2s: Fixup config for DAIFMT_DSP_A/B - parport: remove non-zero check on count - ath9k: fix OOB read ar9300_eeprom_restore_internal - ath9k: fix sleeping in atomic context - ovl: fix BUG_ON() in may_delete() when called from ovl_cleanup() - [x86] scsi: BusLogic: Fix missing pr_cont() use - scsi: qla2xxx: Sync queue idx with queue_pair_map idx - [powerpc*] cpufreq: powernv: Fix init_chip_info initialization in numa=off - mm/hugetlb: initialize hugetlb_usage in mm_init - memcg: enable accounting for pids in nested pid namespaces - [arm64,armhf] platform/chrome: cros_ec_proto: Send command again when timeout occurs - drm/amdgpu: Fix BUG_ON assert - dm thin metadata: Fix use-after-free in dm_bm_set_read_only - [x86] xen: reset legacy rtc flag for PV domU - bnx2x: Fix enabling network interfaces without VFs - [arm64] sve: Use correct size when reinitialising SVE state - PM: base: power: don't try to use non-existing RTC for storing data - PCI: Add AMD GPU multi-function power dependencies - [x86] mm: Fix kern_addr_valid() to cope with existing but not present entries - tipc: fix an use-after-free issue in tipc_recvmsg - dccp: don't duplicate ccid when cloning dccp sock (CVE-2020-16119) - net/l2tp: Fix reference count leak in l2tp_udp_recv_core - r6040: Restore MDIO clock frequency after MAC reset - tipc: increase timeout in tipc_sk_enqueue() - net/mlx5: Fix potential sleeping in atomic context - events: Reuse value read using READ_ONCE instead of re-reading it - net/af_unix: fix a data-race in unix_dgram_poll - [arm64,armhf] net: dsa: destroy the phylink instance on any error in dsa_slave_phy_setup - tcp: fix tp->undo_retrans accounting in tcp_sacktag_one() - qed: Handle management FW error - [arm64] net: hns3: pad the short tunnel frame before sending to hardware - mm/memory_hotplug: use "unsigned long" for PFN in zone_for_pfn_range() - [s390x] KVM: index kvm->arch.idle_mask by vcpu_idx - dt-bindings: mtd: gpmc: Fix the ECC bytes vs. OOB bytes equation - [armhf] mfd: Don't use irq_create_mapping() to resolve a mapping - PCI: Add ACS quirks for Cavium multi-function devices - net: usb: cdc_mbim: avoid altsetting toggling for Telit LN920 - block, bfq: honor already-setup queue merges - ethtool: Fix an error code in cxgb2.c - mfd: axp20x: Update AXP288 volatile ranges - PCI: Fix pci_dev_str_match_path() alloc while atomic bug - [arm64] KVM: Handle PSCI resets before userspace touches vCPU state - mtd: rawnand: cafe: Fix a resource leak in the error handling path of 'cafe_nand_probe()' - [armhf] net: dsa: b53: Fix calculating number of switch ports - netfilter: socket: icmp6: fix use-after-scope - fq_codel: reject silly quantum parameters - qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom - ip_gre: validate csum_start only on pull https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.208 - [s390x] bpf: Fix optimizing out zero-extensions - KVM: remember position in kvm->vcpus array - rcu: Fix missed wakeup of exp_wq waiters - apparmor: remove duplicate macro list_entry_is_head() - tracing/kprobe: Fix kprobe_on_func_entry() modification - sctp: validate chunk size in __rcv_asconf_lookup (CVE-2021-3655) - sctp: add param size validation for SCTP_PARAM_SET_PRIMARY (CVE-2021-3655) - dmaengine: acpi: Avoid comparison GSI with Linux vIRQ - [armhf] thermal/drivers/exynos: Fix an error code in exynos_tmu_probe() - 9p/trans_virtio: Remove sysfs file on probe failure - prctl: allow to setup brk for et_dyn executables - nilfs2: use refcount_dec_and_lock() to fix potential UAF - profiling: fix shift-out-of-bounds bugs - drivers: base: cacheinfo: Get rid of DEFINE_SMP_CALL_CACHE_FUNCTION() - ceph: lockdep annotations for try_nonblocking_invalidate - nilfs2: fix memory leak in nilfs_sysfs_create_device_group - nilfs2: fix NULL pointer in nilfs_##name##_attr_release - nilfs2: fix memory leak in nilfs_sysfs_create_##name##_group - nilfs2: fix memory leak in nilfs_sysfs_delete_##name##_group - nilfs2: fix memory leak in nilfs_sysfs_create_snapshot_group - nilfs2: fix memory leak in nilfs_sysfs_delete_snapshot_group - [arm64,armhf] pwm: rockchip: Don't modify HW state in .remove() callback - blk-throttle: fix UAF by deleteing timer in blk_throtl_exit() - drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV . [ Salvatore Bonaccorso ] * [rt] Update to 4.19.195-rt82 * [rt] Update to 4.19.196-rt83 * Bump ABI to 18 * [rt] Update to 4.19.197-rt84 * Refresh "fs: Add MODULE_SOFTDEP declarations for hard-coded crypto drivers" * [rt] Update to 4.19.198-rt85 * Refresh "scsi: hisi_sas: Create separate host attributes per HBA" * [rt] Update to 4.19.199-rt86 * [rt] Update to 4.19.206-rt87 * [rt] Update to 4.19.207-rt88 * hso: fix bailout in error case of probe * usb: hso: fix error handling code of hso_create_net_device (CVE-2021-37159) * usb: hso: remove the bailout parameter linux-signed-amd64 (4.19.194+3) buster-security; urgency=high . * Sign kernel from linux 4.19.194-3 . * [x86] KVM: SVM: Periodically schedule when unregistering regions on destroy (CVE-2020-36311) * can: bcm: fix infoleak in struct bcm_msg_head (CVE-2021-34693) * can: bcm: delay release of struct bcm_op after synchronize_rcu() (CVE-2021-3609) * seq_file: Disallow extremely large seq buffer allocations (CVE-2021-33909) linux-signed-amd64 (4.19.194+2) buster; urgency=medium . * Sign kernel from linux 4.19.194-2 . * proc: Track /proc/$pid/attr/ opener mm_struct (Closes: #990072) linux-signed-arm64 (4.19.208+1) buster; urgency=medium . * Sign kernel from linux 4.19.208-1 . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.195 - perf/core: Fix endless multiplex timer - net/nfc/rawsock.c: fix a permission check bug - [x86] ASoC: Intel: bytcr_rt5640: Add quirk for the Glavey TM800A550L tablet - [x86] ASoC: Intel: bytcr_rt5640: Add quirk for the Lenovo Miix 3-830 tablet - bonding: init notify_work earlier to avoid uninitialized use - netlink: disable IRQs for netlink_lock_table() - net: mdiobus: get rid of a BUG_ON() - cgroup: disable controllers at parse time - wq: handle VM suspension in stall detection - net/qla3xxx: fix schedule while atomic in ql_sem_spinlock - RDS tcp loopback connection can hang - scsi: bnx2fc: Return failure if io_req is already in ABTS processing - [x86] scsi: vmw_pvscsi: Set correct residual data length - scsi: target: qla2xxx: Wait for stop_phase1 at WWN removal - [arm64] net: macb: ensure the device is available before accessing GEMGXL control registers - nvme-fabrics: decode host pathing error for connect - [mips*] Fix kernel hang under FUNCTION_GRAPH_TRACER and PREEMPT_TRACER - bnx2x: Fix missing error code in bnx2x_iov_init_one() - [powerpc*] i2c: mpc: Make use of i2c_recover_bus() - [powerpc*] i2c: mpc: implement erratum A-004447 workaround - drm: Fix use-after-free read in drm_getunique() - drm: Lock pointer access in drm_master_release() - kvm: avoid speculation-based attacks from out-of-range memslot accesses - [arm64,x86] staging: rtl8723bs: Fix uninitialized variables - btrfs: return value from btrfs_mark_extent_written() in case of error - cgroup1: don't allow '\n' in renaming - USB: f_ncm: ncm_bitrate (speed) is unsigned - usb: f_ncm: only first packet of aggregate needs to start timer - usb: pd: Set PD_T_SINK_WAIT_CAP to 310ms - [arm64,armhf] usb: dwc3: ep0: fix NULL pointer exception - [x86] usb: typec: ucsi: Clear PPM capability data in ucsi_init() error path - usb: gadget: f_fs: Ensure io_completion_wq is idle during unbind - USB: serial: ftdi_sio: add NovaTech OrionMX product ID - USB: serial: omninet: add device id for Zyxel Omni 56K Plus - USB: serial: quatech2: fix control-request directions - USB: serial: cp210x: fix alternate function for CP2102N QFN20 - usb: gadget: eem: fix wrong eem header operation - usb: fix various gadgets null ptr deref on 10gbps cabling. - usb: fix various gadget panics on 10gbps cabling - regulator: core: resolve supply for boot-on/always-on regulators - [arm64] regulator: max77620: Use device_set_of_node_from_dev() - RDMA/mlx4: Do not map the core_clock page to user space unless enabled - perf: Fix data race between pin_count increment/decrement - sched/fair: Make sure to update tg contrib for blocked load - IB/mlx5: Fix initializing CQ fragments buffer - NFS: Fix a potential NULL dereference in nfs_get_client() - NFSv4: Fix deadlock between nfs4_evict_inode() and nfs4_opendata_get_inode() - perf session: Correct buffer copying when peeking events - kvm: fix previous commit for 32-bit builds - NFS: Fix use-after-free in nfs4_init_client() - NFSv4: Fix second deadlock in nfs4_evict_inode() - NFSv4: nfs4_proc_set_acl needs to restore NFS_CAP_UIDGID_NOMAP on error. - scsi: core: Fix error handling of scsi_host_alloc() - scsi: core: Put .shost_dev in failure path if host state changes to RUNNING - scsi: core: Only put parent device if host state differs from SHOST_CREATED - ftrace: Do not blindly read the ip address in ftrace_bug() - tracing: Correct the length check which causes memory corruption - proc: only require mm_struct for writing https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.196 - net: ieee802154: fix null deref in parse dev addr - HID: quirks: Set INCREMENT_USAGE_ON_DUPLICATE for Saitek X65 - HID: hid-sensor-hub: Return error for hid_set_field() failure - HID: Add BUS_VIRTUAL to hid_connect logging - HID: usbhid: fix info leak in hid_submit_ctrl - gfs2: Prevent direct-I/O write fallback errors from getting lost - gfs2: Fix use-after-free in gfs2_glock_shrink_scan - scsi: target: core: Fix warning on realtime kernels - ethernet: myri10ge: Fix missing error code in myri10ge_probe() - scsi: scsi_devinfo: Add blacklist entry for HPE OPEN-V - net: ipconfig: Don't override command-line hostnames or domains - rtnetlink: Fix missing error code in rtnl_bridge_notify() - net: Return the correct errno code - fib: Return the correct errno code - afs: Fix an IS_ERR() vs NULL check - mm/memory-failure: make sure wait for page writeback in memory_failure - batman-adv: Avoid WARN_ON timing related checks - net: ipv4: fix memory leak in netlbl_cipsov4_add_std - net: rds: fix memory leak in rds_recvmsg - udp: fix race between close() and udp_abort() - rtnetlink: Fix regression in bridge VLAN configuration - net/mlx5e: Block offload of outer header csum for UDP tunnels - netfilter: synproxy: Fix out of bounds when parsing TCP options - sch_cake: Fix out of bounds when parsing TCP options and header - alx: Fix an error handling path in 'alx_probe()' - net: stmmac: dwmac1000: Fix extended MAC address registers definition - net: add documentation to socket.c - net: make get_net_ns return error if NET_NS is disabled - qlcnic: Fix an error handling path in 'qlcnic_probe()' - netxen_nic: Fix an error handling path in 'netxen_nic_probe()' - ptp: ptp_clock: Publish scaled_ppm_to_ppb - ptp: improve max_adj check against unreasonable values - net: cdc_ncm: switch to eth%d interface naming - net: usb: fix possible use-after-free in smsc75xx_bind - [armhf] net: fec_ptp: fix issue caused by refactor the fec_devtype - net: ipv4: fix memory leak in ip_mc_add1_src - net/af_unix: fix a data-race in unix_dgram_sendmsg / unix_release_sock - be2net: Fix an error handling path in 'be_probe()' - net: hamradio: fix memory leak in mkiss_close - net: cdc_eem: fix tx fixup skb leak - icmp: don't send out ICMP messages with a source address of 0.0.0.0 - radeon: use memcpy_to/fromio for UVD fw upload - hwmon: (scpi-hwmon) shows the negative temperature properly - can: mcba_usb: fix memory leak in mcba_usb - usb: core: hub: Disable autosuspend for Cypress CY7C65632 - tracing: Do not stop recording cmdlines when tracing is off - tracing: Do not stop recording comms if the trace file is being read - tracing: Do no increment trace_clock_global() by one - PCI: Mark TI C667X to avoid bus reset - PCI: Mark some NVIDIA GPUs to avoid bus reset - PCI: Add ACS quirk for Broadcom BCM57414 NIC - PCI: Work around Huawei Intelligent NIC VF FLR erratum - [arm64,armhf] dmaengine: pl330: fix wrong usage of spinlock flags in dma_cyclc - net: bridge: fix vlan tunnel dst null pointer dereference - net: bridge: fix vlan tunnel dst refcnt when egressing - mm/slub: clarify verification reporting - mm/slub.c: include swab.h - [armhf] net: fec_ptp: add clock rate zero check - [arm64,armhf] KVM: arm/arm64: Fix KVM_VGIC_V3_ADDR_TYPE_REDIST read - can: bcm/raw/isotp: use per module netdevice notifier - inet: use bigger hash table for IP ID generation - [arm64,armhf] usb: dwc3: debugfs: Add and remove endpoint dirs dynamically - [arm64,armhf] usb: dwc3: core: fix kernel panic when do reboot - [x86] fpu: Reset state for all signal restore failures - module: limit enabling module.sig_enforce (CVE-2021-35039) - drm/nouveau: wait for moving fence after pinning v2 - drm/radeon: wait for moving fence after pinning - Revert "PCI: PM: Do not read power state in pci_enable_device_flags()" - mac80211: remove warning in ieee80211_get_sband() - cfg80211: call cfg80211_leave_ocb when switching away from OCB - mac80211: drop multicast fragments - net: ethtool: clear heap allocations for ethtool function - ping: Check return value of function 'ping_queue_rcv_skb' - inet: annotate date races around sk->sk_txhash - net/packet: annotate accesses to po->bind - net/packet: annotate accesses to po->ifindex - r8152: Avoid memcpy() over-reading of ETH_SS_STATS - r8169: Avoid memcpy() over-reading of ETH_SS_STATS - net: qed: Fix memcpy() overflow of qed_dcbx_params() - [x86] PCI: Add AMD RS690 quirk to enable 64-bit DMA - nilfs2: fix memory leak in nilfs_sysfs_delete_device_group - i2c: robotfuzz-osif: fix control-request directions https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.197 - mm: add VM_WARN_ON_ONCE_PAGE() macro - mm/rmap: remove unneeded semicolon in page_not_mapped() - mm/rmap: use page_not_mapped in try_to_unmap() - mm/thp: fix __split_huge_pmd_locked() on shmem migration entry - mm/thp: make is_huge_zero_pmd() safe and quicker - mm/thp: try_to_unmap() use TTU_SYNC for safe splitting - mm/thp: fix vma_address() if virtual address below file offset - mm/thp: fix page_address_in_vma() on file THP tails - mm/thp: unmap_mapping_page() to fix THP truncate_cleanup_page() - mm: thp: replace DEBUG_VM BUG with VM_WARN when unmap fails for split - mm: page_vma_mapped_walk(): use page for pvmw->page - mm: page_vma_mapped_walk(): settle PageHuge on entry - mm: page_vma_mapped_walk(): use pmde for *pvmw->pmd - mm: page_vma_mapped_walk(): prettify PVMW_MIGRATION block - mm: page_vma_mapped_walk(): crossing page table boundary - mm: page_vma_mapped_walk(): add a level of indentation - mm: page_vma_mapped_walk(): use goto instead of while (1) - mm: page_vma_mapped_walk(): get vma_address_end() earlier - mm/thp: fix page_vma_mapped_walk() if THP mapped by ptes - mm/thp: another PVMW_SYNC fix in page_vma_mapped_walk() - mm, futex: fix shared futex pgoff on shmem huge page - scsi: sr: Return appropriate error code when disk is ejected - drm/nouveau: fix dma_address check for CPU/GPU sync - ext4: eliminate bogus error in ext4_data_block_valid_rcu() - kthread_worker: split code for canceling the delayed work timer - kthread: prevent deadlock when kthread_mod_delayed_work() races with kthread_cancel_delayed_work_sync() - xen/events: reset active flag for lateeoi events later - [x86] KVM: SVM: Call SEV Guest Decommission if ASID binding fails - [armhf] OMAP: replace setup_irq() by request_irq() - [armhf] clocksource/drivers/timer-ti-dm: Add clockevent and clocksource support - [armhf] clocksource/drivers/timer-ti-dm: Prepare to handle dra7 timer wrap issue - [armhf] clocksource/drivers/timer-ti-dm: Handle dra7 timer wrap errata i940 https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.198 - scsi: core: Retry I/O for Notify (Enable Spinup) Required error - ALSA: usb-audio: fix rate on Ozone Z90 USB headset - ALSA: usb-audio: Fix OOB access at proc output - media: dvb-usb: fix wrong definition - Input: usbtouchscreen - fix control-request directions - net: can: ems_usb: fix use-after-free in ems_usb_disconnect() - usb: gadget: eem: fix echo command packet response issue - USB: cdc-acm: blacklist Heimann USB Appset device - [arm64,armhf] usb: dwc3: Fix debugfs creation flow - [x86] usb: typec: Add the missed altmode_id_remove() in typec_register_altmode() - xhci: solve a double free problem while doing s4 - iov_iter_fault_in_readable() should do nothing in xarray case - Input: joydev - prevent use of not validated data in JSIOCSBTNMAP ioctl (CVE-2021-3612) - [armel,armhf] arm_pmu: Fix write counter incorrect in ARMv7 big-endian mode - btrfs: send: fix invalid path for unlink operations after parent orphanization - btrfs: clear defrag status of a root if starting transaction fails - ext4: cleanup in-core orphan list if ext4_truncate() failed to get a transaction handle - ext4: fix kernel infoleak via ext4_extent_header - ext4: return error code when ext4_fill_flex_info() fails - ext4: correct the cache_nr in tracepoint ext4_es_shrink_exit - ext4: remove check for zero nr_to_scan in ext4_es_scan() - ext4: fix avefreec in find_group_orlov - ext4: use ext4_grp_locked_error in mb_find_extent - can: gw: synchronize rcu operations before removing gw job entry - can: peak_pciefd: pucan_handle_status(): fix a potential starvation issue in TX path - SUNRPC: Fix the batch tasks count wraparound. - SUNRPC: Should wake up the privileged task firstly. - [s390x] cio: dont call css_wait_for_slow_path() inside a lock - [x86] serial_cs: Add Option International GSM-Ready 56K/ISDN modem - [x86] serial_cs: remove wrong GLOBETROTTER.cis entry - ath9k: Fix kernel NULL pointer dereference during ath_reset_internal() - ssb: sdio: Don't overwrite const buffer if block_write fails - rsi: Assign beacon rate settings to the correct rate_info descriptor field - rsi: fix AP mode with WPA failure due to encrypted EAPOL - tracing/histograms: Fix parsing of "sym-offset" modifier - tracepoint: Add tracepoint_probe_register_may_exist() for BPF tracing - seq_buf: Make trace_seq_putmem_hex() support data longer than 8 - [powerpc*] stacktrace: Fix spurious "stale" traces in raise_backtrace_ipi() - fuse: check connected before queueing on fpq->io - spi: Make of_register_spi_device also set the fwnode - [i386] spi: spi-topcliff-pch: Fix potential double free in pch_spi_process_messages() - media: cpia2: fix memory leak in cpia2_usb_probe - media: pvrusb2: fix warning in pvr2_i2c_core_done - [x86] crypto: qat - check return code of qat_hal_rd_rel_reg() - [x86] crypto: qat - remove unused macro in FW loader - sched/fair: Fix ascii art by relpacing tabs - media: em28xx: Fix possible memory leak of em28xx struct - media: v4l2-core: Avoid the dangling pointer in v4l2_fh_release - media: bt8xx: Fix a missing check bug in bt878_probe - media: dvd_usb: memory leak in cinergyt2_fe_attach - mmc: via-sdmmc: add a check against NULL pointer dereference - crypto: shash - avoid comparing pointers to exported functions under CFI - media: dvb_net: avoid speculation from net slot - media: siano: fix device register error path - btrfs: fix error handling in __btrfs_update_delayed_inode - btrfs: abort transaction if we fail to update the delayed inode - btrfs: disable build on platforms having page size 256K - [armhf] regulator: da9052: Ensure enough delay time for .set_voltage_time_sel - HID: do not use down_interruptible() when unbinding devices - ACPI: processor idle: Fix up C-state latency if not ordered - [x86] hv_utils: Fix passing zero to 'PTR_ERR' warning - lib: vsprintf: Fix handling of number field widths in vsscanf - ACPI: EC: Make more Asus laptops use ECDT _GPE - block_dump: remove block_dump feature in mark_inode_dirty() - fs: dlm: cancel work sync othercon - random32: Fix implicit truncation warning in prandom_seed_state() - fs: dlm: fix memory leak when fenced - ACPICA: Fix memory leak caused by _CID repair function - ACPI: bus: Call kobject_put() in acpi_init() error path - [x86] platform/x86: toshiba_acpi: Fix missing error code in toshiba_acpi_setup_keyboard() - clocksource: Retry clock read if long delays detected - HID: wacom: Correct base usage for capacitive ExpressKey status bits - [armhf] sata_highbank: fix deferred probing - [mips*] pata_octeon_cf: avoid WARN_ON() in ata_host_activate() - [x86] crypto: ccp - Fix a resource leak in an error handling path - media: rc: i2c: Fix an error message - media: gspca/gl860: fix zero-length control requests - media: siano: Fix out-of-bounds warnings in smscore_load_firmware_family2() - btrfs: clear log tree recovering status if starting transaction fails - [armhf] spi: spi-sun6i: Fix chipselect/clock bug - ACPI: sysfs: Fix a buffer overrun problem with description_show() - blk-wbt: introduce a new disable state to prevent false positive by rwb_enabled() - blk-wbt: make sure throttle is enabled properly - ocfs2: fix snprintf() checking - [arm64,armhf] net: mvpp2: Put fwnode in error case during ->probe() - [i386] net: pch_gbe: Propagate error from devm_gpio_request_one() - [arm64] drm/rockchip: cdn-dp-core: add missing clk_disable_unprepare() on error in cdn_dp_grf_write() - RDMA/rxe: Fix failure during driver load - drm: qxl: ensure surf.data is ininitialized - ieee802154: hwsim: Fix possible memory leak in hwsim_subscribe_all_others - [arm64] wcn36xx: Move hal_buf allocation to devm_kmalloc in probe - ssb: Fix error return code in ssb_bus_scan() - brcmfmac: fix setting of station info chains bitmask - brcmfmac: correctly report average RSSI in station info - brcmsmac: mac80211_if: Fix a resource leak in an error handling path - ath10k: Fix an error code in ath10k_add_interface() - RDMA/mlx5: Don't add slave port to unaffiliated list - netfilter: nft_exthdr: check for IPv6 packet before further processing - netfilter: nft_osf: check for TCP packet before further processing - netfilter: nft_tproxy: restrict support to TCP and UDP transport protocols - RDMA/rxe: Fix qp reference counting for atomic ops - pkt_sched: sch_qfq: fix qfq_change_class() error path - vxlan: add missing rcu_read_lock() in neigh_reduce() - net/ipv4: swap flow ports when validating source - ieee802154: hwsim: Fix memory leak in hwsim_add_one - ieee802154: hwsim: avoid possible crash in hwsim_del_edge_nl() - mac80211: remove iwlwifi specific workaround NDPs of null_response - ipv6: exthdrs: do not blindly use init_net - bpf: Do not change gso_size during bpf_skb_change_proto() - i40e: Fix error handling in i40e_vsi_open - i40e: Fix autoneg disabling for non-10GBaseT links - ipv6: fix out-of-bound access in ip6_parse_tlv() - Bluetooth: mgmt: Fix slab-out-of-bounds in tlv_data_is_valid - Bluetooth: Fix handling of HCI_LE_Advertising_Set_Terminated event - writeback: fix obtain a reference to a freeing memcg css - net: lwtunnel: handle MTU calculation in forwading - net: sched: fix warning in tcindex_alloc_perfect_hash - RDMA/mlx5: Don't access NULL-cleared mpi pointer - tty: nozomi: Fix a resource leak in an error handling function - mwifiex: re-fix for unaligned accesses - [arm64] ASoC: hisilicon: fix missing clk_disable_unprepare() on error in hi6210_i2s_startup() - [x86] char: pcmcia: error out if 'num_bytes_read' is greater than 4 in set_protocol() - tty: nozomi: Fix the error handling path of 'nozomi_card_init()' - scsi: FlashPoint: Rename si_flags field - serial: 8250: Actually allow UPF_MAGIC_MULTIPLIER baud rates - of: Fix truncation of memory sizes on 32-bit platforms - [armhf] mtd: rawnand: marvell: add missing clk_disable_unprepare() on error in marvell_nfc_resume() - scsi: mpt3sas: Fix error return value in _scsih_expander_add() - configfs: fix memleak in configfs_release_bin_file - [powerpc*] Offline CPU in stop_this_cpu() - [arm64] serial: mvebu-uart: correctly calculate minimal possible baudrate - vfio/pci: Handle concurrent vma faults - mm/huge_memory.c: don't discard hugepage if other processes are mapping it - mmc: block: Disable CMDQ on the ioctl path - mmc: vub3000: fix control-request direction - drm/amd/amdgpu/sriov disable all ip hw status by default - [i386] net: pch_gbe: Use proper accessors to BE data in pch_ptp_match() - hugetlb: clear huge pte during flush function on mips platform - atm: iphase: fix possible use-after-free in ia_module_exit() - mISDN: fix possible use-after-free in HFC_cleanup() - atm: nicstar: Fix possible use-after-free in nicstar_cleanup() - net: Treat __napi_schedule_irqoff() as __napi_schedule() on PREEMPT_RT - reiserfs: add check for invalid 1st journal block - drm/virtio: Fix double free on probe failure - udf: Fix NULL pointer dereference in udf_symlink function - e100: handle eeprom as little endian - [arm64,armhf] clk: tegra: Ensure that PLLU configuration is applied properly - ipv6: use prandom_u32() for ID generation - RDMA/cxgb4: Fix missing error code in create_qp() - dm space maps: don't reset space map allocation cursor when committing - [armhf] pinctrl: mcp23s08: fix race condition in irq handler - ice: set the value of global config lock timeout longer - virtio_net: Remove BUG() to avoid machine dead - [arm64,armhf] net: mvpp2: check return value after calling platform_get_resource() - [amd64] fjes: check return value after calling platform_get_resource() - selinux: use __GFP_NOWARN with GFP_NOWAIT in the AVC - xfrm: Fix error reporting in xfrm_state_construct. - [arm64,armhf] wlcore/wl12xx: Fix wl12xx get_mac error if device is in ELP - [arm64,armhf] wl1251: Fix possible buffer overflow in wl1251_cmd_scan - net: fix mistake path for netdev_features_strings - rtl8xxxu: Fix device info for RTL8192EU devices - atm: nicstar: use 'dma_free_coherent' instead of 'kfree' - atm: nicstar: register the interrupt handler in the right place - vsock: notify server to shutdown when client has pending signal - RDMA/rxe: Don't overwrite errno from ib_umem_get() - iwlwifi: mvm: don't change band on bound PHY contexts - iwlwifi: pcie: free IML DMA memory allocation - sfc: avoid double pci_remove of VFs - sfc: error code if SRIOV cannot be disabled - wireless: wext-spy: Fix out-of-bounds warning - net: ip: avoid OOM kills with large UDP sends over loopback - RDMA/cma: Fix rdma_resolve_route() memory leak - Bluetooth: Fix the HCI to MGMT status conversion table - Bluetooth: Shutdown controller after workqueues are flushed or cancelled - Bluetooth: btusb: fix bt fiwmare downloading failure issue for qca btsoc. - sctp: validate from_addr_param return (CVE-2021-3655) - sctp: add size validation when walking chunks (CVE-2021-3655) - fscrypt: don't ignore minor_hash when hash is 0 - bdi: Do not use freezable workqueue - [arm64] serial: mvebu-uart: clarify the baud rate derivation - [arm64] serial: mvebu-uart: fix calculation of clock divisor - fuse: reject internal errno - [powerpc*] barrier: Avoid collision with clang's __lwsync macro - usb: gadget: f_fs: Fix setting of device and driver data cross-references - drm/radeon: Add the missed drm_gem_object_put() in radeon_user_framebuffer_create() - pinctrl/amd: Add device HID for new AMD GPIO controller - [arm64] drm/msm/mdp4: Fix modifier support enabling - mmc: sdhci: Fix warning message when accessing RPMB in HS400 mode - mmc: core: clear flags before allowing to retune - mmc: core: Allow UHS-I voltage switch for SDSC cards if supported - [armhf] ata: ahci_sunxi: Disable DIPM - cpu/hotplug: Cure the cpusets trainwreck - [arm64,armhf] clocksource/arm_arch_timer: Improve Allwinner A64 timer workaround - [arm64,armhf] ASoC: tegra: Set driver_name=tegra for all machine drivers - qemu_fw_cfg: Make fw_cfg_rev_attr a proper kobj_attribute - ipmi/watchdog: Stop watchdog timer when the current action is 'none' - seq_buf: Fix overflow in seq_buf_putmem_hex() - tracing: Simplify & fix saved_tgids logic - tracing: Resize tgid_map to pid_max, not PID_MAX_DEFAULT - dm btree remove: assign new_root only when removal succeeds - PCI: Leave Apple Thunderbolt controllers on for s2idle or standby - [arm64] PCI: aardvark: Fix checking for PIO Non-posted Request - media: subdev: disallow ioctl for saa6588/davinci - media: dtv5100: fix control-request directions - media: zr364xx: fix memory leak in zr364xx_start_readpipe - media: gspca/sq905: fix control-request direction - media: gspca/sunplus: fix zero-length control requests - media: uvcvideo: Fix pixel format change for Elgato Cam Link 4K - [armhf] pinctrl: mcp23s08: Fix missing unlock on error in mcp23s08_irq() - jfs: fix GPF in diFree - [x86] KVM: x86: Use guest MAXPHYADDR from CPUID.0x8000_0008 iff TDP is enabled - [x86] KVM: X86: Disable hardware breakpoints unconditionally before kvm_x86->run() - scsi: core: Fix bad pointer dereference when ehandler kthread is invalid - tracing: Do not reference char * as a string in histograms - [arm64] PCI: aardvark: Don't rely on jiffies while holding spinlock - [arm64] PCI: aardvark: Fix kernel panic during PIO transfer - [x86] misc/libmasm/module: Fix two use after free in ibmasm_init_one - Revert "ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro" - w1: ds2438: fixing bug that would always get page0 - scsi: lpfc: Fix "Unexpected timeout" error in direct attach topology - scsi: lpfc: Fix crash when lpfc_sli4_hba_setup() fails to initialize the SGLs - scsi: core: Cap scsi_host cmd_per_lun at can_queue - [x86] tty: serial: 8250: serial_cs: Fix a memory leak in error handling path - scsi: scsi_dh_alua: Check for negative result value - fs/jfs: Fix missing error code in lmLogInit() - scsi: iscsi: Add iscsi_cls_conn refcount helpers - scsi: iscsi: Fix conn use after free during resets - scsi: iscsi: Fix shost->max_id use - scsi: qedi: Fix null ref during abort handling - [armhf] mfd: da9052/stmpe: Add and modify MODULE_DEVICE_TABLE - [s390x] sclp_vt220: fix console name to match device (Closes: #961056) - [i386] ALSA: sb: Fix potential double-free of CSP mixer elements - [powerpc*] ps3: Add dma_mask to ps3_dma_region - [arm64] gpio: zynq: Check return value of pm_runtime_get_sync - [arm64,armhf] gpio: pca953x: Add support for the On Semi pca9655 - ASoC: soc-core: Fix the error return code in snd_soc_of_parse_audio_routing() - ALSA: bebob: add support for ToneWeal FW66 - usb: gadget: f_hid: fix endianness issue with descriptors - [powerpc*] boot: Fixup device-tree on little endian - [arm64,armhf] ALSA: hda: Add IRQ check for platform_get_irq() - [x86] intel_th: Wait until port is in reset before programming it - i2c: core: Disable client irq on reboot/shutdown - lib/decompress_unlz4.c: correctly handle zero-padding around initrds. - [x86] power: supply: max17042: Do not enforce (incorrect) interrupt trigger type - [armel,armhf] power: reset: gpio-poweroff: add missing MODULE_DEVICE_TABLE - [x86] watchdog: Fix possible use-after-free in wdt_startup() - [x86] watchdog: Fix possible use-after-free by calling del_timer_sync() - [x86] watchdog: iTCO_wdt: Account for rebooting on second timeout - [x86] fpu: Return proper error codes from user access functions - [arm64,armhf] PCI: tegra: Add missing MODULE_DEVICE_TABLE - orangefs: fix orangefs df output. - ceph: remove bogus checks and WARN_ONs from ceph_set_page_dirty - NFS: nfs_find_open_context() may only select open files - [arm64,armhf] pwm: tegra: Don't modify HW state in .remove callback - [arm64] ACPI: AMBA: Fix resource name in /proc/iomem - [x86] ACPI: video: Add quirk for the Dell Vostro 3350 - virtio-blk: Fix memory leak among suspend/resume procedure - virtio_net: Fix error handling in virtnet_restore() - virtio_console: Assure used length from device is limited (CVE-2021-38160) - f2fs: add MODULE_SOFTDEP to ensure crc32 is included in the initramfs - PCI/sysfs: Fix dsm_label_utf16s_to_utf8s() buffer overrun - NFSv4: Initialise connection to the server in nfs4_alloc_client() (CVE-2021-38199) - nfs: fix acl memory leak of posix_acl_create() - ubifs: Set/Clear I_LINKABLE under i_lock for whiteout inode - [x86] fpu: Limit xstate copy size in xstateregs_set() - virtio_net: move tx vq operation under tx queue lock - [i386] ALSA: isa: Fix error return code in snd_cmi8330_probe() - NFSv4/pNFS: Don't call _nfs4_pnfs_v3_ds_connect multiple times - rtc: fix snprintf() checking in is_rtc_hctosys() - [arm64,armhf] reset: bail if try_module_get() fails - [armhf] dts: am335x: align ti,pindir-d0-out-d1-in property with dt-shema - scsi: be2iscsi: Fix an error handling path in beiscsi_dev_probe() - net: bridge: multicast: fix PIM hello router port marking race - scsi: scsi_dh_alua: Fix signedness bug in alua_rtpg() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.199 - [armhf] dts: rockchip: fix pinctrl sleep nodename for rk3036-kylin and rk3288 - [armhf] imx: pm-imx5: Fix references to imx5_cpu_suspend_info - [armhf] dts: rockchip: fix supply properties in io-domains nodes - [arm64,armhf] soc/tegra: fuse: Fix Tegra234-only builds - thermal/core: Correct function name thermal_zone_device_unregister() - [arm64,armhf] rtc: max77686: Do not enforce (incorrect) interrupt trigger type - scsi: aic7xxx: Fix unintentional sign extension issue on left shift of u8 - scsi: libsas: Add LUN number check in .slave_alloc callback - scsi: libfc: Fix array index out of bound exception - sched/fair: Fix CFS bandwidth hrtimer expiry type - mm: slab: fix kmem_cache_create failed when sysfs node not destroyed - dm writecache: return the exact table values that were set - dm writecache: fix writing beyond end of underlying device when shrinking - [arm64,armhf] net: dsa: mv88e6xxx: enable .rmu_disable() on Topaz - net: ipv6: fix return value of ip6_skb_dst_mtu - netfilter: ctnetlink: suspicious RCU usage in ctnetlink_dump_helpinfo - net: bridge: sync fdb to new unicast-filtering ports - [arm64] net: qcom/emac: fix UAF in emac_remove - net: ti: fix UAF in tlan_remove_one - net: send SYNACK packet with accepted fwmark - net: validate lwtstate->data before returning from skb_tunnel_info() - dma-buf/sync_file: Don't leak fences on merge failure - tcp: annotate data races around tp->mtu_info - ipv6: tcp: drop silly ICMPv6 packet too big messages - udp: annotate data races around unix_sk(sk)->gso_size - net: ip_tunnel: fix mtu calculation for ETHER tunnel devices - igb: Fix use-after-free error during reset - ixgbe: Fix an error handling path in 'ixgbe_probe()' - igb: Fix an error handling path in 'igb_probe()' - e1000e: Fix an error handling path in 'e1000_probe()' - iavf: Fix an error handling path in 'iavf_probe()' - igb: Check if num of q_vectors is smaller than max before array access - igb: Fix position of assignment to *ring - ipv6: fix 'disable_policy' for fwd packets - nvme-pci: do not call nvme_dev_remove_admin from nvme_remove - liquidio: Fix unintentional sign extension issue on left shift of u16 - net: fix uninit-value in caif_seqpkt_sendmsg - net: decnet: Fix sleeping inside in af_decnet - [powerpc*] KVM: PPC: Fix kvm_arch_vcpu_ioctl vcpu_load leak - netrom: Decrease sock refcount when sock timers expire - scsi: iscsi: Fix iface sysfs attr detection - scsi: target: Fix protect handling in WRITE SAME(32) - net/tcp_fastopen: fix data races around tfo_active_disable_stamp - net/sched: act_skbmod: Skip non-Ethernet packets - nvme-pci: don't WARN_ON in nvme_reset_work if ctrl.state is not RESETTING - Revert "USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem" - sctp: update active_key for asoc when old key is being replaced - net: sched: cls_api: Fix the the wrong parameter - [arm64,armhf] drm/panel: raspberrypi-touchscreen: Prevent double-free - proc: Avoid mixing integer types in mem_rw() - [s390x] ftrace: fix ftrace_update_ftrace_func implementation - ALSA: usb-audio: Add registration quirk for JBL Quantum headsets - [i386] ALSA: sb: Fix potential ABBA deadlock in CSP driver - xhci: Fix lost USB 2 remote wake - [powerpc*] KVM: PPC: Book3S: Fix H_RTAS rets buffer overflow (CVE-2021-37576) - usb: hub: Disable USB 3 device initiated lpm if exit latency is too high - usb: hub: Fix link power management max exit latency (MEL) calculations - USB: usb-storage: Add LaCie Rugged USB3-FW to IGNORE_UAS - USB: serial: option: add support for u-blox LARA-R6 family - USB: serial: cp210x: fix comments for GE CS1000 - USB: serial: cp210x: add ID for CEL EM3588 USB ZigBee stick - [arm*] usb: dwc2: gadget: Fix sending zero length packet in DDMA mode. - tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop. (CVE-2021-3679) - media: ngene: Fix out-of-bounds bug in ngene_command_config_free_buf() - ixgbe: Fix packet corruption due to missing DMA sync - drm: Return -ENOTTY for non-drm ioctls - KVM: do not assume PTE is writable after follow_pfn - KVM: do not allow mapping valid but non-reference-counted pages (CVE-2021-22543) - KVM: Use kvm_pfn_t for local PFN variable in hva_to_pfn_remapped() - [arm64,armhf] net: dsa: mv88e6xxx: use correct .stats_set_histogram() on Topaz - btrfs: compression: don't try to compress if we don't have enough pages - PCI: Mark AMD Navi14 GPU ATS as broken - xhci: add xhci_get_virt_ep() helper https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.200 - [x86] KVM: determine if an exception has an error code only when injecting it. - net: split out functions related to registering inflight socket files - af_unix: fix garbage collect vs MSG_PEEK - workqueue: fix UAF in pwq_unbound_release_workfn() - net/802/mrp: fix memleak in mrp_request_join() - net/802/garp: fix memleak in garp_request_join() - net: annotate data race around sk_ll_usec - sctp: move 198 addresses from unusable to private scope - hfs: add missing clean-up in hfs_fill_super - hfs: fix high memory mapping in hfs_bnode_read - hfs: add lock nesting notation to hfs_find_init - cifs: fix the out of range assignment to bit fields in parse_server_interfaces https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.201 - virtio_net: Do not pull payload in skb->head - gro: ensure frag0 meets IP header alignment - [x86] asm: Ensure asm/proto.h can be included stand-alone - btrfs: fix rw device counting in __btrfs_free_extra_devids - [x86] kvm: fix vcpu-id indexed array sizes - ocfs2: fix zero out valid data - ocfs2: issue zeroout to EOF blocks - can: raw: raw_setsockopt(): fix raw_rcv panic for sock UAF - can: mcba_usb_start(): add missing urb->transfer_dma initialization - can: usb_8dev: fix memory leak - can: ems_usb: fix memory leak - can: esd_usb2: fix memory leak - NIU: fix incorrect error return, missed in previous revert - nfc: nfcsim: fix use after free during module unload - cfg80211: Fix possible memory leak in function cfg80211_bss_update - netfilter: conntrack: adjust stop timestamp to real expiry value - netfilter: nft_nat: allow to specify layer 4 protocol NAT only - i40e: Fix logic of disabling queues - i40e: Fix log TC creation failure when max num of queues is exceeded - tipc: fix sleeping in tipc accept routine - mlx4: Fix missing error code in mlx4_load_one() - net: llc: fix skb_over_panic - net/mlx5: Fix flow table chaining - sctp: fix return value check in __sctp_rcv_asconf_lookup - tulip: windbond-840: Fix missing pci_disable_device() in probe and remove - sis900: Fix missing pci_disable_device() in probe and remove - [powerpc*] pseries: Fix regression while building external modules - i40e: Add additional info to PHY type error https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.202 - btrfs: mark compressed range uptodate only if all bio succeed - r8152: Fix potential PM refcount imbalance - qed: fix possible unpaired spin_{un}lock_bh in _qed_mcp_cmd_and_union() - net: Fix zero-copy head len calculation. - bdi: move bdi_dev_name out of line - bdi: use bdi_dev_name() to get device name - bdi: add a ->dev_name field to struct backing_dev_info - Revert "Bluetooth: Shutdown controller after workqueues are flushed or cancelled" - [x86] Revert "watchdog: iTCO_wdt: Account for rebooting on second timeout" - padata: validate cpumask without removed CPU during offline - padata: add separate cpuhp node for CPUHP_PADATA_DEAD https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.203 - Revert "ACPICA: Fix memory leak caused by _CID repair function" - ALSA: seq: Fix racy deletion of subscriber - [armhf] imx: add missing iounmap() - ALSA: usb-audio: fix incorrect clock source setting - scsi: sr: Return correct event when media event code is 3 - media: videobuf2-core: dequeue if start_streaming fails - net: natsemi: Fix missing pci_disable_device() in probe and remove - sctp: move the active_key update after sh_keys is added - nfp: update ethtool reporting of pauseframe control - net: ipv6: fix returned variable type in ip6_skb_dst_mtu - bnx2x: fix an error code in bnx2x_nic_load() - net: pegasus: fix uninit-value in get_interrupt_interval - [armhf] net: fec: fix use-after-free in fec_drv_remove - net: vxge: fix use-after-free in vxge_device_unregister - Bluetooth: defer cleanup of resources in hci_unregister_dev() - USB: usbtmc: Fix RCU stall warning - USB: serial: option: add Telit FD980 composition 0x1056 - USB: serial: ch341: fix character loss at high transfer rates - USB: serial: ftdi_sio: add device ID for Auto-M3 OP-COM v2 - firmware_loader: use -ETIMEDOUT instead of -EAGAIN in fw_load_sysfs_fallback - firmware_loader: fix use-after-free in firmware_fallback_sysfs - ALSA: usb-audio: Add registration quirk for JBL Quantum 600 - usb: gadget: f_hid: added GET_IDLE and SET_IDLE handlers - usb: gadget: f_hid: fixed NULL pointer dereference - usb: gadget: f_hid: idle uses the highest byte for duration - tracing/histogram: Rename "cpu" to "common_cpu" - [arm64] optee: Clear stale cache entries during initialization - staging: rtl8723bs: Fix a resource leak in sd_int_dpc - media: rtl28xxu: fix zero-length control request - pipe: increase minimum default pipe size to 2 pages - ext4: fix potential htree corruption when growing large_dir directories - serial: 8250: Mask out floating 16/32-bit bus bits - [mips*] Malta: Do not byte-swap accesses to the CBUS UART - [x86] pcmcia: i82092: fix a null pointer dereference bug - [x86] KVM: accept userspace interrupt only if no event is injected - [x86] KVM: x86/mmu: Fix per-cpu counter corruption on 32-bit builds - [armhf] spi: meson-spicc: fix memory leak in meson_spicc_remove - qmi_wwan: add network device usage statistics for qmimux devices - libata: fix ata_pio_sector for CONFIG_HIGHMEM - reiserfs: add check for root_inode in reiserfs_fill_super - reiserfs: check directory items on read from disk - net/qla3xxx: fix schedule while atomic in ql_wait_for_drvr_lock and ql_adapter_reset - [armhf] imx: add mmdc ipg clock operation for mmdc https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.204 - [x86] KVM: SVM: Fix off-by-one indexing when nullifying last used SEV VMCB - bpf: Inherit expanded/patched seen count from old aux data (CVE-2021-33624) - bpf: Do not mark insn as seen under speculative path verification (CVE-2021-33624) - bpf: Fix leakage under speculation on mispredicted branches (CVE-2021-33624) - [x86] KVM: MMU: Use the correct inherited permissions to get shadow page (CVE-2021-38198) - USB:ehci:fix Kunpeng920 ehci hardware problem - ppp: Fix generating ppp unit id when ifname is not specified - ovl: prevent private clone if bind mount is not allowed CVE-2021-3732) - net: xilinx_emaclite: Do not print real IOMEM pointer (CVE-2021-38205) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.205 - [x86] ASoC: intel: atom: Fix reference to PCM buffer address - i2c: dev: zero out array used for i2c reads from userspace - [amd64,arm64] ACPI: NFIT: Fix support for virtual SPA ranges - ieee802154: hwsim: fix GPF in hwsim_set_edge_lqi - ieee802154: hwsim: fix GPF in hwsim_new_edge_nl - ppp: Fix generating ifname when empty IFLA_IFNAME is specified - net: Fix memory leak in ieee802154_raw_deliver - net: igmp: fix data-race in igmp_ifc_timer_expire() - net: bridge: fix memleak in br_add_if() - tcp_bbr: fix u32 wrap bug in round logic if bbr_init() called after 2B packets - net: igmp: increase size of mr_ifc_count - xen/events: Fix race in set_evtchn_to_irq - vsock/virtio: avoid potential deadlock when vsock device remove - [powerpc*] kprobes: Fix kprobe Oops happens in booke - genirq: Provide IRQCHIP_AFFINITY_PRE_STARTUP - [x86] msi: Force affinity setup before startup - [x86] ioapic: Force affinity setup before startup - genirq/msi: Ensure deactivation on teardown - PCI/MSI: Enable and mask MSI-X early - PCI/MSI: Do not set invalid bits in MSI mask - PCI/MSI: Correct misleading comments - PCI/MSI: Use msi_mask_irq() in pci_msi_shutdown() - PCI/MSI: Protect msi_desc::masked for multi-MSI - PCI/MSI: Mask all unused MSI-X entries - PCI/MSI: Enforce that MSI-X table entry is masked for update - PCI/MSI: Enforce MSI[X] entry updates to be visible - [amd64] iommu/vt-d: Fix agaw for a supported 48 bit guest address width - mac80211: drop data frames without key on encrypted links - [x86] KVM: nSVM: always intercept VMLOAD/VMSAVE when nested (CVE-2021-3656) - [x86] KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl (CVE-2021-3653) - [x86] fpu: Make init_fpstate correct with optimized XSAVE - ath: Use safer key clearing with key cache entries (CVE-2020-3702) - ath9k: Clear key cache explicitly on disabling hardware (CVE-2020-3702) - ath: Export ath_hw_keysetmac() (CVE-2020-3702) - ath: Modify ath_key_delete() to not need full key entry (CVE-2020-3702) - ath9k: Postpone key cache entry deletion for TXQ frames reference it (CVE-2020-3702) - dmaengine: of-dma: router_xlate to return -EPROBE_DEFER if controller is not yet available - scsi: megaraid_mm: Fix end of loop tests for list_for_each_entry() - scsi: scsi_dh_rdac: Avoid crash during rdac_bus_attach() - scsi: core: Avoid printing an error if target_alloc() returns -ENXIO - net: usb: lan78xx: don't modify phy_device state concurrently - Bluetooth: hidp: use correct wait queue when removing ctrl_wait - [arm64] cpufreq: armada-37xx: forbid cpufreq for 1.2 GHz variant - vhost: Fix the calculation in vhost_overflow() - bnxt: don't lock the tx queue from napi poll - bnxt: disable napi before canceling DIM - net: 6pack: fix slab-out-of-bounds in decode_data - net: qlcnic: add missed unlock in qlcnic_83xx_flash_read32 - [arm64,armhf] net: mdio-mux: Don't ignore memory allocation errors - [arm64,armhf] net: mdio-mux: Handle -EPROBE_DEFER correctly - [arm64,armhf] mmc: dw_mmc: Fix hang on data CRC error - ALSA: hda - fix the 'Capture Switch' value change notifications - btrfs: prevent rename2 from exchanging a subvol with a directory from different parents - PCI: Increase D3 delay for AMD Renoir/Cezanne XHCI - [x86] ASoC: intel: atom: Fix breakage for PCM buffer address setup - locks: print a warning when mount fails due to lack of "mand" support - fs: warn about impending deprecation of mandatory locks - netfilter: nft_exthdr: fix endianness of tcp option cast https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.206 - net: qrtr: fix another OOB Read in qrtr_endpoint_post (CVE-2021-3743) - bpf: Do not use ax register in interpreter on div/mod - bpf: Fix 32 bit src register truncation on div/mod (CVE-2021-3600) - bpf: Fix truncation handling for mod32 dst reg wrt zero (CVE-2021-3444) - netfilter: conntrack: collect all entries in one cycle - once: Fix panic when module unload - can: usb: esd_usb2: esd_usb2_rx_event(): fix the interchange of the CAN RX and TX error counters - Revert "USB: serial: ch341: fix character loss at high transfer rates" - USB: serial: option: add new VID/PID to support Fibocom FG150 - [arm64,armhf] usb: dwc3: gadget: Fix dwc3_calc_trbs_left() - [arm64,armhf] usb: dwc3: gadget: Stop EP0 transfers during pullup disable - [amd64] IB/hfi1: Fix possible null-pointer dereference in _extend_sdma_tx_descs() - e1000e: Fix the max snoop/no-snoop latency for 10M - ip_gre: add validation for csum_start - [arm64] xgene-v2: Fix a resource leak in the error handling path of 'xge_probe()' - [arm64,armhf] net: marvell: fix MVNETA_TX_IN_PRGRS bit number - [arm64] net: hns3: fix get wrong pfc_en when query PFC configuration - usb: gadget: u_audio: fix race condition on endpoint stop - opp: remove WARN when no valid OPPs remain - virtio: Improve vq->broken access to avoid any compiler optimization - virtio_pci: Support surprise removal of virtio pci device - [amd64] vringh: Use wiov->used to check for read/write desc order - qed: qed ll2 race condition fixes - qed: Fix null-pointer dereference in qed_rdma_create_qp() - drm: Copy drm_wait_vblank to user before returning - drm/nouveau/disp: power down unused DP links during init - net/rds: dma_map_sg is entitled to merge entries - vt_kdsetmode: extend console locking (CVE-2021-3753) - fbmem: add margin check to fb_check_caps() - [x86] KVM: x86/mmu: Treat NX as used (not reserved) for all !TDP shadow MMUs - Revert "floppy: reintroduce O_NDELAY fix" - net: don't unconditionally copy_from_user a struct ifreq for socket ioctls https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.207 - ext4: fix race writing to an inline_data file while its xattrs are changing (CVE-2021-40490) - [armhf] gpu: ipu-v3: Fix i.MX IPU-v3 offset calculations for (semi)planar U/V formats - qed: Fix the VF msix vectors flow - [arm64] net: macb: Add a NULL check on desc_ptp - qede: Fix memset corruption - [x86] perf/x86/intel/pt: Fix mask of num_address_ranges - [x86] perf/x86/amd/ibs: Work around erratum #1197 - [armel,armhf] 8918/2: only build return_address() if needed - ALSA: pcm: fix divide error in snd_pcm_lib_ioctl - clk: fix build warning for orphan_list - media: stkwebcam: fix memory leak in stk_camera_probe - [armhf] imx: add missing clk_disable_unprepare() - [armhf] imx: fix missing 3rd argument in macro imx_mmdc_perf_init - igmp: Add ip_mc_list lock in ip_check_mc_rcu - ipv4/icmp: l3mdev: Perform icmp error route lookup on source device routing table (v2) - SUNRPC/nfs: Fix return value for nfs4_callback_compound() - [powerpc*] module64: Fix comment in R_PPC64_ENTRY handling - [powerpc*] boot: Delete unneeded .globl _zimage_start - mm/page_alloc: speed up the iteration of max_order - Revert "btrfs: compression: don't try to compress if we don't have enough pages" - ALSA: usb-audio: Add registration quirk for JBL Quantum 800 - [x86] reboot: Limit Dell Optiplex 990 quirk to early BIOS versions - PCI: Call Max Payload Size-related fixup quirks early - locking/mutex: Fix HANDOFF condition - regmap: fix the offset of register error log - sched/deadline: Fix reset_on_fork reporting of DL tasks - power: supply: axp288_fuel_gauge: Report register-address on readb / writeb errors - sched/deadline: Fix missing clock update in migrate_task_rq_dl() - hrtimer: Avoid double reprogramming in __hrtimer_start_range_ns() - udf: Check LVID earlier - isofs: joliet: Fix iocharset=utf8 mount option - bcache: add proper error unwinding in bcache_device_init - nvme-rdma: don't update queue count when failing to set io queues - [x86] power: supply: max17042_battery: fix typo in MAx17042_TOFF - [s390x] cio: add dev_busid sysfs entry for each subchannel - libata: fix ata_host_start() - [x86] crypto: qat - do not ignore errors from enable_vf2pf_comms() - [x86] crypto: qat - handle both source of interrupt in VF ISR - [x86] crypto: qat - fix reuse of completion variable - [x86] crypto: qat - fix naming for init/shutdown VF to PF notifications - [x86] crypto: qat - do not export adf_iov_putmsg() - fcntl: fix potential deadlock for &fasync_struct.fa_lock - udf_get_extendedattr() had no boundary checks. - lib/mpi: use kcalloc in mpi_resize - [x86] crypto: qat - use proper type for vf_mask - media: dvb-usb: fix uninit-value in dvb_usb_adapter_dvb_init - media: dvb-usb: fix uninit-value in vp702x_read_mac_addr - media: go7007: remove redundant initialization - Bluetooth: sco: prevent information leak in sco_conn_defer_accept() - tcp: seq_file: Avoid skipping sk during tcp_seek_last_pos - media: em28xx-input: fix refcount bug in em28xx_usb_disconnect - [arm64] media: venus: venc: Fix potential null pointer dereference on pointer fmt - PCI: PM: Avoid forcing PCI_D0 for wakeup reasons inconsistently - PCI: PM: Enable PME if it can be signaled from D3cold - Bluetooth: increase BTNAMSIZ to 21 chars to fix potential buffer overflow - [arm64] drm/msm/dpu: make dpu_hw_ctl_clear_all_blendstages clear necessary LMs - Bluetooth: fix repeated calls to sco_sock_kill - [arm64] drm/msm/dsi: Fix some reference counted resource leaks - [armhf] usb: phy: twl6030: add IRQ checks - Bluetooth: Move shutdown callback before flushing tx and rx queue - mac80211: Fix insufficient headroom issue for AMSDU - Bluetooth: add timeout sanity check to hci_inquiry - [armhf] i2c: s3c2410: fix IRQ check - [arm64,armhf] mmc: dw_mmc: Fix issue with uninitialized dma_slave_config - CIFS: Fix a potencially linear read overflow - [arm*] usb: ehci-orion: Handle errors of clk_prepare_enable() in probe - ath6kl: wmi: fix an error code in ath6kl_wmi_sync_point() - bcma: Fix memory leak for internally-handled cores - ipv4: make exception cache less predictible - net: sched: Fix qdisc_rate_table refcount leak when get tcf_block failed - ipv4: fix endianness issue in inet_rtm_getroute_build_skb() - netns: protect netns ID lookups with RCU - fscrypt: add fscrypt_symlink_getattr() for computing st_size - ext4: report correct st_size for encrypted symlinks - f2fs: report correct st_size for encrypted symlinks - ubifs: report correct st_size for encrypted symlinks - tty: Fix data race between tiocsti() and flush_to_ldisc() - [x86] KVM: Update vCPU's hv_clock before back to guest when tsc_offset is adjusted - fbmem: don't allow too huge resolutions - [arm64,armhf] backlight: pwm_bl: Improve bootloader/kernel device handover - [armel] clk: kirkwood: Fix a clocking boot regression - btrfs: reset replace target device to allocation state on close - blk-zoned: allow zone management send operations without CAP_SYS_ADMIN - blk-zoned: allow BLKREPORTZONE without CAP_SYS_ADMIN - PCI/MSI: Skip masking MSI-X on Xen PV - [powerpc*] perf/hv-gpci: Fix counter value parsing - xen: fix setting of max_pfn in shared_info - 9p/xen: Fix end of loop tests for list_for_each_entry - bpf/verifier: per-register parent pointers - bpf: correct slot_type marking logic to allow more stack slot sharing - bpf: Support variable offset stack access from helpers - bpf: Reject indirect var_off stack access in raw mode - bpf: Reject indirect var_off stack access in unpriv mode - bpf: Sanity check max value for var_off stack access - bpf: track spill/fill of constants - bpf: Introduce BPF nospec instruction for mitigating Spectre v4 (CVE-2021-34556, CVE-2021-35477) - bpf: Fix leakage due to insufficient speculative store bypass mitigation (CVE-2021-34556, CVE-2021-35477) - bpf: verifier: Allocate idmap scratch in verifier env - bpf: Fix pointer arithmetic mask tightening under state pruning - [arm64] head: avoid over-mapping in map_memory - block: bfq: fix bfq_set_next_ioprio_data() - [x86] power: supply: max17042: handle fails of reading status register - dm crypt: Avoid percpu_counter spinlock contention in crypt_page_alloc() - [x86] VMCI: fix NULL pointer dereference when unmapping queue pair - media: uvc: don't do DMA on stack - media: rc-loopback: return number of emitters rather than error - libata: add ATA_HORKAGE_NO_NCQ_TRIM for Samsung 860 and 870 SSDs - PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported - PCI: Return ~0 data on pciconfig_read() CAP_SYS_ADMIN failure - [arm64] PCI: xilinx-nwl: Enable the clock through CCF - [arm64] PCI: aardvark: Increase polling delay to 1.5s while waiting for PIO response - [arm64] PCI: aardvark: Fix masking and unmasking legacy INTx interrupts - HID: input: do not report stylus battery state as "full" - RDMA/iwcm: Release resources if iw_cm module initialization fails - docs: Fix infiniband uverbs minor number - [armhf] pinctrl: samsung: Fix pinctrl bank pin count - [powerpc*] stacktrace: Include linux/delay.h - [arm64,armhf] pinctrl: single: Fix error return code in pcs_parse_bits_in_pinctrl_entry() - scsi: qedi: Fix error codes in qedi_alloc_global_queues() - [x86] platform/x86: dell-smbios-wmi: Add missing kfree in error-exit from run_smbios_call - fscache: Fix cookie key hashing - f2fs: fix to account missing .skipped_gc_rwsem - f2fs: fix to unmap pages from userspace process in punch_hole() - [mips*] Malta: fix alignment of the devicetree buffer - userfaultfd: prevent concurrent API initialization - media: dib8000: rewrite the init prbs logic - PCI: Use pci_update_current_state() in pci_enable_device_flags() - tipc: keep the skb in rcv queue until the whole data is read - video: fbdev: kyro: fix a DoS bug by restricting user input - netlink: Deal with ESRCH error in nlmsg_notify() - usb: gadget: u_ether: fix a potential null pointer dereference - usb: gadget: composite: Allow bMaxPower=0 if self-powered - tty: serial: jsm: hold port lock when reporting modem line changes - video: fbdev: kyro: Error out if 'pixclock' equals zero - ipv4: ip_output.c: Fix out-of-bounds warning in ip_copy_addrs() - flow_dissector: Fix out-of-bounds warnings - [s390x] jump_label: print real address in a case of a jump label bug - serial: 8250: Define RX trigger levels for OxSemi 950 devices - serial: 8250_pci: make setup_port() parameters explicitly unsigned - Bluetooth: skip invalid hci_sync_conn_complete_evt - bonding: 3ad: fix the concurrency between __bond_release_one() and bond_3ad_state_machine_handler() - [x86] ASoC: Intel: bytcr_rt5640: Move "Platform Clock" routes to the maps for the matching in-/output - media: v4l2-dv-timings.c: fix wrong condition in two for-loops - [armhf] dts: imx53-ppd: Fix ACHC entry - [arm64] dts: qcom: sdm660: use reg value for memory node - [arm64] net: ethernet: stmmac: Do not use unreachable() in ipq806x_gmac_probe() - Bluetooth: schedule SCO timeouts with delayed_work - Bluetooth: avoid circular locks in sco_sock_connect - gpu: drm: amd: amdgpu: amdgpu_i2c: fix possible uninitialized-variable access in amdgpu_i2c_router_select_ddc_port() - Bluetooth: Fix handling of LE Enhanced Connection Complete - tcp: enable data-less, empty-cookie SYN with TFO_SERVER_COOKIE_NOT_REQD - rpc: fix gss_svc_init cleanup on failure - [x86] staging: rts5208: Fix get_ms_information() heap buffer size - gfs2: Don't call dlm after protocol is unmounted - of: Don't allow __of_attached_node_sysfs() without CONFIG_SYSFS - [arm64] mmc: sdhci-of-arasan: Check return value of non-void funtions - mmc: rtsx_pci: Fix long reads when clock is prescaled - mmc: core: Return correct emmc response in case of ioctl error - cifs: fix wrong release in sess_alloc_buffer() failed path - Revert "USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST quirk set" - [armhf] usb: musb: musb_dsps: request_irq() after initializing musb - usbip: give back URBs for unsent unlink requests during cleanup - usbip:vhci_hcd USB port can get stuck in the disabled state - [arm64,armhf] ASoC: rockchip: i2s: Fix regmap_ops hang - [arm64,armhf] ASoC: rockchip: i2s: Fixup config for DAIFMT_DSP_A/B - parport: remove non-zero check on count - ath9k: fix OOB read ar9300_eeprom_restore_internal - ath9k: fix sleeping in atomic context - ovl: fix BUG_ON() in may_delete() when called from ovl_cleanup() - [x86] scsi: BusLogic: Fix missing pr_cont() use - scsi: qla2xxx: Sync queue idx with queue_pair_map idx - [powerpc*] cpufreq: powernv: Fix init_chip_info initialization in numa=off - mm/hugetlb: initialize hugetlb_usage in mm_init - memcg: enable accounting for pids in nested pid namespaces - [arm64,armhf] platform/chrome: cros_ec_proto: Send command again when timeout occurs - drm/amdgpu: Fix BUG_ON assert - dm thin metadata: Fix use-after-free in dm_bm_set_read_only - [x86] xen: reset legacy rtc flag for PV domU - bnx2x: Fix enabling network interfaces without VFs - [arm64] sve: Use correct size when reinitialising SVE state - PM: base: power: don't try to use non-existing RTC for storing data - PCI: Add AMD GPU multi-function power dependencies - [x86] mm: Fix kern_addr_valid() to cope with existing but not present entries - tipc: fix an use-after-free issue in tipc_recvmsg - dccp: don't duplicate ccid when cloning dccp sock (CVE-2020-16119) - net/l2tp: Fix reference count leak in l2tp_udp_recv_core - r6040: Restore MDIO clock frequency after MAC reset - tipc: increase timeout in tipc_sk_enqueue() - net/mlx5: Fix potential sleeping in atomic context - events: Reuse value read using READ_ONCE instead of re-reading it - net/af_unix: fix a data-race in unix_dgram_poll - [arm64,armhf] net: dsa: destroy the phylink instance on any error in dsa_slave_phy_setup - tcp: fix tp->undo_retrans accounting in tcp_sacktag_one() - qed: Handle management FW error - [arm64] net: hns3: pad the short tunnel frame before sending to hardware - mm/memory_hotplug: use "unsigned long" for PFN in zone_for_pfn_range() - [s390x] KVM: index kvm->arch.idle_mask by vcpu_idx - dt-bindings: mtd: gpmc: Fix the ECC bytes vs. OOB bytes equation - [armhf] mfd: Don't use irq_create_mapping() to resolve a mapping - PCI: Add ACS quirks for Cavium multi-function devices - net: usb: cdc_mbim: avoid altsetting toggling for Telit LN920 - block, bfq: honor already-setup queue merges - ethtool: Fix an error code in cxgb2.c - mfd: axp20x: Update AXP288 volatile ranges - PCI: Fix pci_dev_str_match_path() alloc while atomic bug - [arm64] KVM: Handle PSCI resets before userspace touches vCPU state - mtd: rawnand: cafe: Fix a resource leak in the error handling path of 'cafe_nand_probe()' - [armhf] net: dsa: b53: Fix calculating number of switch ports - netfilter: socket: icmp6: fix use-after-scope - fq_codel: reject silly quantum parameters - qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom - ip_gre: validate csum_start only on pull https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.208 - [s390x] bpf: Fix optimizing out zero-extensions - KVM: remember position in kvm->vcpus array - rcu: Fix missed wakeup of exp_wq waiters - apparmor: remove duplicate macro list_entry_is_head() - tracing/kprobe: Fix kprobe_on_func_entry() modification - sctp: validate chunk size in __rcv_asconf_lookup (CVE-2021-3655) - sctp: add param size validation for SCTP_PARAM_SET_PRIMARY (CVE-2021-3655) - dmaengine: acpi: Avoid comparison GSI with Linux vIRQ - [armhf] thermal/drivers/exynos: Fix an error code in exynos_tmu_probe() - 9p/trans_virtio: Remove sysfs file on probe failure - prctl: allow to setup brk for et_dyn executables - nilfs2: use refcount_dec_and_lock() to fix potential UAF - profiling: fix shift-out-of-bounds bugs - drivers: base: cacheinfo: Get rid of DEFINE_SMP_CALL_CACHE_FUNCTION() - ceph: lockdep annotations for try_nonblocking_invalidate - nilfs2: fix memory leak in nilfs_sysfs_create_device_group - nilfs2: fix NULL pointer in nilfs_##name##_attr_release - nilfs2: fix memory leak in nilfs_sysfs_create_##name##_group - nilfs2: fix memory leak in nilfs_sysfs_delete_##name##_group - nilfs2: fix memory leak in nilfs_sysfs_create_snapshot_group - nilfs2: fix memory leak in nilfs_sysfs_delete_snapshot_group - [arm64,armhf] pwm: rockchip: Don't modify HW state in .remove() callback - blk-throttle: fix UAF by deleteing timer in blk_throtl_exit() - drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV . [ Salvatore Bonaccorso ] * [rt] Update to 4.19.195-rt82 * [rt] Update to 4.19.196-rt83 * Bump ABI to 18 * [rt] Update to 4.19.197-rt84 * Refresh "fs: Add MODULE_SOFTDEP declarations for hard-coded crypto drivers" * [rt] Update to 4.19.198-rt85 * Refresh "scsi: hisi_sas: Create separate host attributes per HBA" * [rt] Update to 4.19.199-rt86 * [rt] Update to 4.19.206-rt87 * [rt] Update to 4.19.207-rt88 * hso: fix bailout in error case of probe * usb: hso: fix error handling code of hso_create_net_device (CVE-2021-37159) * usb: hso: remove the bailout parameter linux-signed-arm64 (4.19.194+3) buster-security; urgency=high . * Sign kernel from linux 4.19.194-3 . * [x86] KVM: SVM: Periodically schedule when unregistering regions on destroy (CVE-2020-36311) * can: bcm: fix infoleak in struct bcm_msg_head (CVE-2021-34693) * can: bcm: delay release of struct bcm_op after synchronize_rcu() (CVE-2021-3609) * seq_file: Disallow extremely large seq buffer allocations (CVE-2021-33909) linux-signed-arm64 (4.19.194+2) buster; urgency=medium . * Sign kernel from linux 4.19.194-2 . * proc: Track /proc/$pid/attr/ opener mm_struct (Closes: #990072) linux-signed-i386 (4.19.208+1) buster; urgency=medium . * Sign kernel from linux 4.19.208-1 . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.195 - perf/core: Fix endless multiplex timer - net/nfc/rawsock.c: fix a permission check bug - [x86] ASoC: Intel: bytcr_rt5640: Add quirk for the Glavey TM800A550L tablet - [x86] ASoC: Intel: bytcr_rt5640: Add quirk for the Lenovo Miix 3-830 tablet - bonding: init notify_work earlier to avoid uninitialized use - netlink: disable IRQs for netlink_lock_table() - net: mdiobus: get rid of a BUG_ON() - cgroup: disable controllers at parse time - wq: handle VM suspension in stall detection - net/qla3xxx: fix schedule while atomic in ql_sem_spinlock - RDS tcp loopback connection can hang - scsi: bnx2fc: Return failure if io_req is already in ABTS processing - [x86] scsi: vmw_pvscsi: Set correct residual data length - scsi: target: qla2xxx: Wait for stop_phase1 at WWN removal - [arm64] net: macb: ensure the device is available before accessing GEMGXL control registers - nvme-fabrics: decode host pathing error for connect - [mips*] Fix kernel hang under FUNCTION_GRAPH_TRACER and PREEMPT_TRACER - bnx2x: Fix missing error code in bnx2x_iov_init_one() - [powerpc*] i2c: mpc: Make use of i2c_recover_bus() - [powerpc*] i2c: mpc: implement erratum A-004447 workaround - drm: Fix use-after-free read in drm_getunique() - drm: Lock pointer access in drm_master_release() - kvm: avoid speculation-based attacks from out-of-range memslot accesses - [arm64,x86] staging: rtl8723bs: Fix uninitialized variables - btrfs: return value from btrfs_mark_extent_written() in case of error - cgroup1: don't allow '\n' in renaming - USB: f_ncm: ncm_bitrate (speed) is unsigned - usb: f_ncm: only first packet of aggregate needs to start timer - usb: pd: Set PD_T_SINK_WAIT_CAP to 310ms - [arm64,armhf] usb: dwc3: ep0: fix NULL pointer exception - [x86] usb: typec: ucsi: Clear PPM capability data in ucsi_init() error path - usb: gadget: f_fs: Ensure io_completion_wq is idle during unbind - USB: serial: ftdi_sio: add NovaTech OrionMX product ID - USB: serial: omninet: add device id for Zyxel Omni 56K Plus - USB: serial: quatech2: fix control-request directions - USB: serial: cp210x: fix alternate function for CP2102N QFN20 - usb: gadget: eem: fix wrong eem header operation - usb: fix various gadgets null ptr deref on 10gbps cabling. - usb: fix various gadget panics on 10gbps cabling - regulator: core: resolve supply for boot-on/always-on regulators - [arm64] regulator: max77620: Use device_set_of_node_from_dev() - RDMA/mlx4: Do not map the core_clock page to user space unless enabled - perf: Fix data race between pin_count increment/decrement - sched/fair: Make sure to update tg contrib for blocked load - IB/mlx5: Fix initializing CQ fragments buffer - NFS: Fix a potential NULL dereference in nfs_get_client() - NFSv4: Fix deadlock between nfs4_evict_inode() and nfs4_opendata_get_inode() - perf session: Correct buffer copying when peeking events - kvm: fix previous commit for 32-bit builds - NFS: Fix use-after-free in nfs4_init_client() - NFSv4: Fix second deadlock in nfs4_evict_inode() - NFSv4: nfs4_proc_set_acl needs to restore NFS_CAP_UIDGID_NOMAP on error. - scsi: core: Fix error handling of scsi_host_alloc() - scsi: core: Put .shost_dev in failure path if host state changes to RUNNING - scsi: core: Only put parent device if host state differs from SHOST_CREATED - ftrace: Do not blindly read the ip address in ftrace_bug() - tracing: Correct the length check which causes memory corruption - proc: only require mm_struct for writing https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.196 - net: ieee802154: fix null deref in parse dev addr - HID: quirks: Set INCREMENT_USAGE_ON_DUPLICATE for Saitek X65 - HID: hid-sensor-hub: Return error for hid_set_field() failure - HID: Add BUS_VIRTUAL to hid_connect logging - HID: usbhid: fix info leak in hid_submit_ctrl - gfs2: Prevent direct-I/O write fallback errors from getting lost - gfs2: Fix use-after-free in gfs2_glock_shrink_scan - scsi: target: core: Fix warning on realtime kernels - ethernet: myri10ge: Fix missing error code in myri10ge_probe() - scsi: scsi_devinfo: Add blacklist entry for HPE OPEN-V - net: ipconfig: Don't override command-line hostnames or domains - rtnetlink: Fix missing error code in rtnl_bridge_notify() - net: Return the correct errno code - fib: Return the correct errno code - afs: Fix an IS_ERR() vs NULL check - mm/memory-failure: make sure wait for page writeback in memory_failure - batman-adv: Avoid WARN_ON timing related checks - net: ipv4: fix memory leak in netlbl_cipsov4_add_std - net: rds: fix memory leak in rds_recvmsg - udp: fix race between close() and udp_abort() - rtnetlink: Fix regression in bridge VLAN configuration - net/mlx5e: Block offload of outer header csum for UDP tunnels - netfilter: synproxy: Fix out of bounds when parsing TCP options - sch_cake: Fix out of bounds when parsing TCP options and header - alx: Fix an error handling path in 'alx_probe()' - net: stmmac: dwmac1000: Fix extended MAC address registers definition - net: add documentation to socket.c - net: make get_net_ns return error if NET_NS is disabled - qlcnic: Fix an error handling path in 'qlcnic_probe()' - netxen_nic: Fix an error handling path in 'netxen_nic_probe()' - ptp: ptp_clock: Publish scaled_ppm_to_ppb - ptp: improve max_adj check against unreasonable values - net: cdc_ncm: switch to eth%d interface naming - net: usb: fix possible use-after-free in smsc75xx_bind - [armhf] net: fec_ptp: fix issue caused by refactor the fec_devtype - net: ipv4: fix memory leak in ip_mc_add1_src - net/af_unix: fix a data-race in unix_dgram_sendmsg / unix_release_sock - be2net: Fix an error handling path in 'be_probe()' - net: hamradio: fix memory leak in mkiss_close - net: cdc_eem: fix tx fixup skb leak - icmp: don't send out ICMP messages with a source address of 0.0.0.0 - radeon: use memcpy_to/fromio for UVD fw upload - hwmon: (scpi-hwmon) shows the negative temperature properly - can: mcba_usb: fix memory leak in mcba_usb - usb: core: hub: Disable autosuspend for Cypress CY7C65632 - tracing: Do not stop recording cmdlines when tracing is off - tracing: Do not stop recording comms if the trace file is being read - tracing: Do no increment trace_clock_global() by one - PCI: Mark TI C667X to avoid bus reset - PCI: Mark some NVIDIA GPUs to avoid bus reset - PCI: Add ACS quirk for Broadcom BCM57414 NIC - PCI: Work around Huawei Intelligent NIC VF FLR erratum - [arm64,armhf] dmaengine: pl330: fix wrong usage of spinlock flags in dma_cyclc - net: bridge: fix vlan tunnel dst null pointer dereference - net: bridge: fix vlan tunnel dst refcnt when egressing - mm/slub: clarify verification reporting - mm/slub.c: include swab.h - [armhf] net: fec_ptp: add clock rate zero check - [arm64,armhf] KVM: arm/arm64: Fix KVM_VGIC_V3_ADDR_TYPE_REDIST read - can: bcm/raw/isotp: use per module netdevice notifier - inet: use bigger hash table for IP ID generation - [arm64,armhf] usb: dwc3: debugfs: Add and remove endpoint dirs dynamically - [arm64,armhf] usb: dwc3: core: fix kernel panic when do reboot - [x86] fpu: Reset state for all signal restore failures - module: limit enabling module.sig_enforce (CVE-2021-35039) - drm/nouveau: wait for moving fence after pinning v2 - drm/radeon: wait for moving fence after pinning - Revert "PCI: PM: Do not read power state in pci_enable_device_flags()" - mac80211: remove warning in ieee80211_get_sband() - cfg80211: call cfg80211_leave_ocb when switching away from OCB - mac80211: drop multicast fragments - net: ethtool: clear heap allocations for ethtool function - ping: Check return value of function 'ping_queue_rcv_skb' - inet: annotate date races around sk->sk_txhash - net/packet: annotate accesses to po->bind - net/packet: annotate accesses to po->ifindex - r8152: Avoid memcpy() over-reading of ETH_SS_STATS - r8169: Avoid memcpy() over-reading of ETH_SS_STATS - net: qed: Fix memcpy() overflow of qed_dcbx_params() - [x86] PCI: Add AMD RS690 quirk to enable 64-bit DMA - nilfs2: fix memory leak in nilfs_sysfs_delete_device_group - i2c: robotfuzz-osif: fix control-request directions https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.197 - mm: add VM_WARN_ON_ONCE_PAGE() macro - mm/rmap: remove unneeded semicolon in page_not_mapped() - mm/rmap: use page_not_mapped in try_to_unmap() - mm/thp: fix __split_huge_pmd_locked() on shmem migration entry - mm/thp: make is_huge_zero_pmd() safe and quicker - mm/thp: try_to_unmap() use TTU_SYNC for safe splitting - mm/thp: fix vma_address() if virtual address below file offset - mm/thp: fix page_address_in_vma() on file THP tails - mm/thp: unmap_mapping_page() to fix THP truncate_cleanup_page() - mm: thp: replace DEBUG_VM BUG with VM_WARN when unmap fails for split - mm: page_vma_mapped_walk(): use page for pvmw->page - mm: page_vma_mapped_walk(): settle PageHuge on entry - mm: page_vma_mapped_walk(): use pmde for *pvmw->pmd - mm: page_vma_mapped_walk(): prettify PVMW_MIGRATION block - mm: page_vma_mapped_walk(): crossing page table boundary - mm: page_vma_mapped_walk(): add a level of indentation - mm: page_vma_mapped_walk(): use goto instead of while (1) - mm: page_vma_mapped_walk(): get vma_address_end() earlier - mm/thp: fix page_vma_mapped_walk() if THP mapped by ptes - mm/thp: another PVMW_SYNC fix in page_vma_mapped_walk() - mm, futex: fix shared futex pgoff on shmem huge page - scsi: sr: Return appropriate error code when disk is ejected - drm/nouveau: fix dma_address check for CPU/GPU sync - ext4: eliminate bogus error in ext4_data_block_valid_rcu() - kthread_worker: split code for canceling the delayed work timer - kthread: prevent deadlock when kthread_mod_delayed_work() races with kthread_cancel_delayed_work_sync() - xen/events: reset active flag for lateeoi events later - [x86] KVM: SVM: Call SEV Guest Decommission if ASID binding fails - [armhf] OMAP: replace setup_irq() by request_irq() - [armhf] clocksource/drivers/timer-ti-dm: Add clockevent and clocksource support - [armhf] clocksource/drivers/timer-ti-dm: Prepare to handle dra7 timer wrap issue - [armhf] clocksource/drivers/timer-ti-dm: Handle dra7 timer wrap errata i940 https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.198 - scsi: core: Retry I/O for Notify (Enable Spinup) Required error - ALSA: usb-audio: fix rate on Ozone Z90 USB headset - ALSA: usb-audio: Fix OOB access at proc output - media: dvb-usb: fix wrong definition - Input: usbtouchscreen - fix control-request directions - net: can: ems_usb: fix use-after-free in ems_usb_disconnect() - usb: gadget: eem: fix echo command packet response issue - USB: cdc-acm: blacklist Heimann USB Appset device - [arm64,armhf] usb: dwc3: Fix debugfs creation flow - [x86] usb: typec: Add the missed altmode_id_remove() in typec_register_altmode() - xhci: solve a double free problem while doing s4 - iov_iter_fault_in_readable() should do nothing in xarray case - Input: joydev - prevent use of not validated data in JSIOCSBTNMAP ioctl (CVE-2021-3612) - [armel,armhf] arm_pmu: Fix write counter incorrect in ARMv7 big-endian mode - btrfs: send: fix invalid path for unlink operations after parent orphanization - btrfs: clear defrag status of a root if starting transaction fails - ext4: cleanup in-core orphan list if ext4_truncate() failed to get a transaction handle - ext4: fix kernel infoleak via ext4_extent_header - ext4: return error code when ext4_fill_flex_info() fails - ext4: correct the cache_nr in tracepoint ext4_es_shrink_exit - ext4: remove check for zero nr_to_scan in ext4_es_scan() - ext4: fix avefreec in find_group_orlov - ext4: use ext4_grp_locked_error in mb_find_extent - can: gw: synchronize rcu operations before removing gw job entry - can: peak_pciefd: pucan_handle_status(): fix a potential starvation issue in TX path - SUNRPC: Fix the batch tasks count wraparound. - SUNRPC: Should wake up the privileged task firstly. - [s390x] cio: dont call css_wait_for_slow_path() inside a lock - [x86] serial_cs: Add Option International GSM-Ready 56K/ISDN modem - [x86] serial_cs: remove wrong GLOBETROTTER.cis entry - ath9k: Fix kernel NULL pointer dereference during ath_reset_internal() - ssb: sdio: Don't overwrite const buffer if block_write fails - rsi: Assign beacon rate settings to the correct rate_info descriptor field - rsi: fix AP mode with WPA failure due to encrypted EAPOL - tracing/histograms: Fix parsing of "sym-offset" modifier - tracepoint: Add tracepoint_probe_register_may_exist() for BPF tracing - seq_buf: Make trace_seq_putmem_hex() support data longer than 8 - [powerpc*] stacktrace: Fix spurious "stale" traces in raise_backtrace_ipi() - fuse: check connected before queueing on fpq->io - spi: Make of_register_spi_device also set the fwnode - [i386] spi: spi-topcliff-pch: Fix potential double free in pch_spi_process_messages() - media: cpia2: fix memory leak in cpia2_usb_probe - media: pvrusb2: fix warning in pvr2_i2c_core_done - [x86] crypto: qat - check return code of qat_hal_rd_rel_reg() - [x86] crypto: qat - remove unused macro in FW loader - sched/fair: Fix ascii art by relpacing tabs - media: em28xx: Fix possible memory leak of em28xx struct - media: v4l2-core: Avoid the dangling pointer in v4l2_fh_release - media: bt8xx: Fix a missing check bug in bt878_probe - media: dvd_usb: memory leak in cinergyt2_fe_attach - mmc: via-sdmmc: add a check against NULL pointer dereference - crypto: shash - avoid comparing pointers to exported functions under CFI - media: dvb_net: avoid speculation from net slot - media: siano: fix device register error path - btrfs: fix error handling in __btrfs_update_delayed_inode - btrfs: abort transaction if we fail to update the delayed inode - btrfs: disable build on platforms having page size 256K - [armhf] regulator: da9052: Ensure enough delay time for .set_voltage_time_sel - HID: do not use down_interruptible() when unbinding devices - ACPI: processor idle: Fix up C-state latency if not ordered - [x86] hv_utils: Fix passing zero to 'PTR_ERR' warning - lib: vsprintf: Fix handling of number field widths in vsscanf - ACPI: EC: Make more Asus laptops use ECDT _GPE - block_dump: remove block_dump feature in mark_inode_dirty() - fs: dlm: cancel work sync othercon - random32: Fix implicit truncation warning in prandom_seed_state() - fs: dlm: fix memory leak when fenced - ACPICA: Fix memory leak caused by _CID repair function - ACPI: bus: Call kobject_put() in acpi_init() error path - [x86] platform/x86: toshiba_acpi: Fix missing error code in toshiba_acpi_setup_keyboard() - clocksource: Retry clock read if long delays detected - HID: wacom: Correct base usage for capacitive ExpressKey status bits - [armhf] sata_highbank: fix deferred probing - [mips*] pata_octeon_cf: avoid WARN_ON() in ata_host_activate() - [x86] crypto: ccp - Fix a resource leak in an error handling path - media: rc: i2c: Fix an error message - media: gspca/gl860: fix zero-length control requests - media: siano: Fix out-of-bounds warnings in smscore_load_firmware_family2() - btrfs: clear log tree recovering status if starting transaction fails - [armhf] spi: spi-sun6i: Fix chipselect/clock bug - ACPI: sysfs: Fix a buffer overrun problem with description_show() - blk-wbt: introduce a new disable state to prevent false positive by rwb_enabled() - blk-wbt: make sure throttle is enabled properly - ocfs2: fix snprintf() checking - [arm64,armhf] net: mvpp2: Put fwnode in error case during ->probe() - [i386] net: pch_gbe: Propagate error from devm_gpio_request_one() - [arm64] drm/rockchip: cdn-dp-core: add missing clk_disable_unprepare() on error in cdn_dp_grf_write() - RDMA/rxe: Fix failure during driver load - drm: qxl: ensure surf.data is ininitialized - ieee802154: hwsim: Fix possible memory leak in hwsim_subscribe_all_others - [arm64] wcn36xx: Move hal_buf allocation to devm_kmalloc in probe - ssb: Fix error return code in ssb_bus_scan() - brcmfmac: fix setting of station info chains bitmask - brcmfmac: correctly report average RSSI in station info - brcmsmac: mac80211_if: Fix a resource leak in an error handling path - ath10k: Fix an error code in ath10k_add_interface() - RDMA/mlx5: Don't add slave port to unaffiliated list - netfilter: nft_exthdr: check for IPv6 packet before further processing - netfilter: nft_osf: check for TCP packet before further processing - netfilter: nft_tproxy: restrict support to TCP and UDP transport protocols - RDMA/rxe: Fix qp reference counting for atomic ops - pkt_sched: sch_qfq: fix qfq_change_class() error path - vxlan: add missing rcu_read_lock() in neigh_reduce() - net/ipv4: swap flow ports when validating source - ieee802154: hwsim: Fix memory leak in hwsim_add_one - ieee802154: hwsim: avoid possible crash in hwsim_del_edge_nl() - mac80211: remove iwlwifi specific workaround NDPs of null_response - ipv6: exthdrs: do not blindly use init_net - bpf: Do not change gso_size during bpf_skb_change_proto() - i40e: Fix error handling in i40e_vsi_open - i40e: Fix autoneg disabling for non-10GBaseT links - ipv6: fix out-of-bound access in ip6_parse_tlv() - Bluetooth: mgmt: Fix slab-out-of-bounds in tlv_data_is_valid - Bluetooth: Fix handling of HCI_LE_Advertising_Set_Terminated event - writeback: fix obtain a reference to a freeing memcg css - net: lwtunnel: handle MTU calculation in forwading - net: sched: fix warning in tcindex_alloc_perfect_hash - RDMA/mlx5: Don't access NULL-cleared mpi pointer - tty: nozomi: Fix a resource leak in an error handling function - mwifiex: re-fix for unaligned accesses - [arm64] ASoC: hisilicon: fix missing clk_disable_unprepare() on error in hi6210_i2s_startup() - [x86] char: pcmcia: error out if 'num_bytes_read' is greater than 4 in set_protocol() - tty: nozomi: Fix the error handling path of 'nozomi_card_init()' - scsi: FlashPoint: Rename si_flags field - serial: 8250: Actually allow UPF_MAGIC_MULTIPLIER baud rates - of: Fix truncation of memory sizes on 32-bit platforms - [armhf] mtd: rawnand: marvell: add missing clk_disable_unprepare() on error in marvell_nfc_resume() - scsi: mpt3sas: Fix error return value in _scsih_expander_add() - configfs: fix memleak in configfs_release_bin_file - [powerpc*] Offline CPU in stop_this_cpu() - [arm64] serial: mvebu-uart: correctly calculate minimal possible baudrate - vfio/pci: Handle concurrent vma faults - mm/huge_memory.c: don't discard hugepage if other processes are mapping it - mmc: block: Disable CMDQ on the ioctl path - mmc: vub3000: fix control-request direction - drm/amd/amdgpu/sriov disable all ip hw status by default - [i386] net: pch_gbe: Use proper accessors to BE data in pch_ptp_match() - hugetlb: clear huge pte during flush function on mips platform - atm: iphase: fix possible use-after-free in ia_module_exit() - mISDN: fix possible use-after-free in HFC_cleanup() - atm: nicstar: Fix possible use-after-free in nicstar_cleanup() - net: Treat __napi_schedule_irqoff() as __napi_schedule() on PREEMPT_RT - reiserfs: add check for invalid 1st journal block - drm/virtio: Fix double free on probe failure - udf: Fix NULL pointer dereference in udf_symlink function - e100: handle eeprom as little endian - [arm64,armhf] clk: tegra: Ensure that PLLU configuration is applied properly - ipv6: use prandom_u32() for ID generation - RDMA/cxgb4: Fix missing error code in create_qp() - dm space maps: don't reset space map allocation cursor when committing - [armhf] pinctrl: mcp23s08: fix race condition in irq handler - ice: set the value of global config lock timeout longer - virtio_net: Remove BUG() to avoid machine dead - [arm64,armhf] net: mvpp2: check return value after calling platform_get_resource() - [amd64] fjes: check return value after calling platform_get_resource() - selinux: use __GFP_NOWARN with GFP_NOWAIT in the AVC - xfrm: Fix error reporting in xfrm_state_construct. - [arm64,armhf] wlcore/wl12xx: Fix wl12xx get_mac error if device is in ELP - [arm64,armhf] wl1251: Fix possible buffer overflow in wl1251_cmd_scan - net: fix mistake path for netdev_features_strings - rtl8xxxu: Fix device info for RTL8192EU devices - atm: nicstar: use 'dma_free_coherent' instead of 'kfree' - atm: nicstar: register the interrupt handler in the right place - vsock: notify server to shutdown when client has pending signal - RDMA/rxe: Don't overwrite errno from ib_umem_get() - iwlwifi: mvm: don't change band on bound PHY contexts - iwlwifi: pcie: free IML DMA memory allocation - sfc: avoid double pci_remove of VFs - sfc: error code if SRIOV cannot be disabled - wireless: wext-spy: Fix out-of-bounds warning - net: ip: avoid OOM kills with large UDP sends over loopback - RDMA/cma: Fix rdma_resolve_route() memory leak - Bluetooth: Fix the HCI to MGMT status conversion table - Bluetooth: Shutdown controller after workqueues are flushed or cancelled - Bluetooth: btusb: fix bt fiwmare downloading failure issue for qca btsoc. - sctp: validate from_addr_param return (CVE-2021-3655) - sctp: add size validation when walking chunks (CVE-2021-3655) - fscrypt: don't ignore minor_hash when hash is 0 - bdi: Do not use freezable workqueue - [arm64] serial: mvebu-uart: clarify the baud rate derivation - [arm64] serial: mvebu-uart: fix calculation of clock divisor - fuse: reject internal errno - [powerpc*] barrier: Avoid collision with clang's __lwsync macro - usb: gadget: f_fs: Fix setting of device and driver data cross-references - drm/radeon: Add the missed drm_gem_object_put() in radeon_user_framebuffer_create() - pinctrl/amd: Add device HID for new AMD GPIO controller - [arm64] drm/msm/mdp4: Fix modifier support enabling - mmc: sdhci: Fix warning message when accessing RPMB in HS400 mode - mmc: core: clear flags before allowing to retune - mmc: core: Allow UHS-I voltage switch for SDSC cards if supported - [armhf] ata: ahci_sunxi: Disable DIPM - cpu/hotplug: Cure the cpusets trainwreck - [arm64,armhf] clocksource/arm_arch_timer: Improve Allwinner A64 timer workaround - [arm64,armhf] ASoC: tegra: Set driver_name=tegra for all machine drivers - qemu_fw_cfg: Make fw_cfg_rev_attr a proper kobj_attribute - ipmi/watchdog: Stop watchdog timer when the current action is 'none' - seq_buf: Fix overflow in seq_buf_putmem_hex() - tracing: Simplify & fix saved_tgids logic - tracing: Resize tgid_map to pid_max, not PID_MAX_DEFAULT - dm btree remove: assign new_root only when removal succeeds - PCI: Leave Apple Thunderbolt controllers on for s2idle or standby - [arm64] PCI: aardvark: Fix checking for PIO Non-posted Request - media: subdev: disallow ioctl for saa6588/davinci - media: dtv5100: fix control-request directions - media: zr364xx: fix memory leak in zr364xx_start_readpipe - media: gspca/sq905: fix control-request direction - media: gspca/sunplus: fix zero-length control requests - media: uvcvideo: Fix pixel format change for Elgato Cam Link 4K - [armhf] pinctrl: mcp23s08: Fix missing unlock on error in mcp23s08_irq() - jfs: fix GPF in diFree - [x86] KVM: x86: Use guest MAXPHYADDR from CPUID.0x8000_0008 iff TDP is enabled - [x86] KVM: X86: Disable hardware breakpoints unconditionally before kvm_x86->run() - scsi: core: Fix bad pointer dereference when ehandler kthread is invalid - tracing: Do not reference char * as a string in histograms - [arm64] PCI: aardvark: Don't rely on jiffies while holding spinlock - [arm64] PCI: aardvark: Fix kernel panic during PIO transfer - [x86] misc/libmasm/module: Fix two use after free in ibmasm_init_one - Revert "ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro" - w1: ds2438: fixing bug that would always get page0 - scsi: lpfc: Fix "Unexpected timeout" error in direct attach topology - scsi: lpfc: Fix crash when lpfc_sli4_hba_setup() fails to initialize the SGLs - scsi: core: Cap scsi_host cmd_per_lun at can_queue - [x86] tty: serial: 8250: serial_cs: Fix a memory leak in error handling path - scsi: scsi_dh_alua: Check for negative result value - fs/jfs: Fix missing error code in lmLogInit() - scsi: iscsi: Add iscsi_cls_conn refcount helpers - scsi: iscsi: Fix conn use after free during resets - scsi: iscsi: Fix shost->max_id use - scsi: qedi: Fix null ref during abort handling - [armhf] mfd: da9052/stmpe: Add and modify MODULE_DEVICE_TABLE - [s390x] sclp_vt220: fix console name to match device (Closes: #961056) - [i386] ALSA: sb: Fix potential double-free of CSP mixer elements - [powerpc*] ps3: Add dma_mask to ps3_dma_region - [arm64] gpio: zynq: Check return value of pm_runtime_get_sync - [arm64,armhf] gpio: pca953x: Add support for the On Semi pca9655 - ASoC: soc-core: Fix the error return code in snd_soc_of_parse_audio_routing() - ALSA: bebob: add support for ToneWeal FW66 - usb: gadget: f_hid: fix endianness issue with descriptors - [powerpc*] boot: Fixup device-tree on little endian - [arm64,armhf] ALSA: hda: Add IRQ check for platform_get_irq() - [x86] intel_th: Wait until port is in reset before programming it - i2c: core: Disable client irq on reboot/shutdown - lib/decompress_unlz4.c: correctly handle zero-padding around initrds. - [x86] power: supply: max17042: Do not enforce (incorrect) interrupt trigger type - [armel,armhf] power: reset: gpio-poweroff: add missing MODULE_DEVICE_TABLE - [x86] watchdog: Fix possible use-after-free in wdt_startup() - [x86] watchdog: Fix possible use-after-free by calling del_timer_sync() - [x86] watchdog: iTCO_wdt: Account for rebooting on second timeout - [x86] fpu: Return proper error codes from user access functions - [arm64,armhf] PCI: tegra: Add missing MODULE_DEVICE_TABLE - orangefs: fix orangefs df output. - ceph: remove bogus checks and WARN_ONs from ceph_set_page_dirty - NFS: nfs_find_open_context() may only select open files - [arm64,armhf] pwm: tegra: Don't modify HW state in .remove callback - [arm64] ACPI: AMBA: Fix resource name in /proc/iomem - [x86] ACPI: video: Add quirk for the Dell Vostro 3350 - virtio-blk: Fix memory leak among suspend/resume procedure - virtio_net: Fix error handling in virtnet_restore() - virtio_console: Assure used length from device is limited (CVE-2021-38160) - f2fs: add MODULE_SOFTDEP to ensure crc32 is included in the initramfs - PCI/sysfs: Fix dsm_label_utf16s_to_utf8s() buffer overrun - NFSv4: Initialise connection to the server in nfs4_alloc_client() (CVE-2021-38199) - nfs: fix acl memory leak of posix_acl_create() - ubifs: Set/Clear I_LINKABLE under i_lock for whiteout inode - [x86] fpu: Limit xstate copy size in xstateregs_set() - virtio_net: move tx vq operation under tx queue lock - [i386] ALSA: isa: Fix error return code in snd_cmi8330_probe() - NFSv4/pNFS: Don't call _nfs4_pnfs_v3_ds_connect multiple times - rtc: fix snprintf() checking in is_rtc_hctosys() - [arm64,armhf] reset: bail if try_module_get() fails - [armhf] dts: am335x: align ti,pindir-d0-out-d1-in property with dt-shema - scsi: be2iscsi: Fix an error handling path in beiscsi_dev_probe() - net: bridge: multicast: fix PIM hello router port marking race - scsi: scsi_dh_alua: Fix signedness bug in alua_rtpg() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.199 - [armhf] dts: rockchip: fix pinctrl sleep nodename for rk3036-kylin and rk3288 - [armhf] imx: pm-imx5: Fix references to imx5_cpu_suspend_info - [armhf] dts: rockchip: fix supply properties in io-domains nodes - [arm64,armhf] soc/tegra: fuse: Fix Tegra234-only builds - thermal/core: Correct function name thermal_zone_device_unregister() - [arm64,armhf] rtc: max77686: Do not enforce (incorrect) interrupt trigger type - scsi: aic7xxx: Fix unintentional sign extension issue on left shift of u8 - scsi: libsas: Add LUN number check in .slave_alloc callback - scsi: libfc: Fix array index out of bound exception - sched/fair: Fix CFS bandwidth hrtimer expiry type - mm: slab: fix kmem_cache_create failed when sysfs node not destroyed - dm writecache: return the exact table values that were set - dm writecache: fix writing beyond end of underlying device when shrinking - [arm64,armhf] net: dsa: mv88e6xxx: enable .rmu_disable() on Topaz - net: ipv6: fix return value of ip6_skb_dst_mtu - netfilter: ctnetlink: suspicious RCU usage in ctnetlink_dump_helpinfo - net: bridge: sync fdb to new unicast-filtering ports - [arm64] net: qcom/emac: fix UAF in emac_remove - net: ti: fix UAF in tlan_remove_one - net: send SYNACK packet with accepted fwmark - net: validate lwtstate->data before returning from skb_tunnel_info() - dma-buf/sync_file: Don't leak fences on merge failure - tcp: annotate data races around tp->mtu_info - ipv6: tcp: drop silly ICMPv6 packet too big messages - udp: annotate data races around unix_sk(sk)->gso_size - net: ip_tunnel: fix mtu calculation for ETHER tunnel devices - igb: Fix use-after-free error during reset - ixgbe: Fix an error handling path in 'ixgbe_probe()' - igb: Fix an error handling path in 'igb_probe()' - e1000e: Fix an error handling path in 'e1000_probe()' - iavf: Fix an error handling path in 'iavf_probe()' - igb: Check if num of q_vectors is smaller than max before array access - igb: Fix position of assignment to *ring - ipv6: fix 'disable_policy' for fwd packets - nvme-pci: do not call nvme_dev_remove_admin from nvme_remove - liquidio: Fix unintentional sign extension issue on left shift of u16 - net: fix uninit-value in caif_seqpkt_sendmsg - net: decnet: Fix sleeping inside in af_decnet - [powerpc*] KVM: PPC: Fix kvm_arch_vcpu_ioctl vcpu_load leak - netrom: Decrease sock refcount when sock timers expire - scsi: iscsi: Fix iface sysfs attr detection - scsi: target: Fix protect handling in WRITE SAME(32) - net/tcp_fastopen: fix data races around tfo_active_disable_stamp - net/sched: act_skbmod: Skip non-Ethernet packets - nvme-pci: don't WARN_ON in nvme_reset_work if ctrl.state is not RESETTING - Revert "USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem" - sctp: update active_key for asoc when old key is being replaced - net: sched: cls_api: Fix the the wrong parameter - [arm64,armhf] drm/panel: raspberrypi-touchscreen: Prevent double-free - proc: Avoid mixing integer types in mem_rw() - [s390x] ftrace: fix ftrace_update_ftrace_func implementation - ALSA: usb-audio: Add registration quirk for JBL Quantum headsets - [i386] ALSA: sb: Fix potential ABBA deadlock in CSP driver - xhci: Fix lost USB 2 remote wake - [powerpc*] KVM: PPC: Book3S: Fix H_RTAS rets buffer overflow (CVE-2021-37576) - usb: hub: Disable USB 3 device initiated lpm if exit latency is too high - usb: hub: Fix link power management max exit latency (MEL) calculations - USB: usb-storage: Add LaCie Rugged USB3-FW to IGNORE_UAS - USB: serial: option: add support for u-blox LARA-R6 family - USB: serial: cp210x: fix comments for GE CS1000 - USB: serial: cp210x: add ID for CEL EM3588 USB ZigBee stick - [arm*] usb: dwc2: gadget: Fix sending zero length packet in DDMA mode. - tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop. (CVE-2021-3679) - media: ngene: Fix out-of-bounds bug in ngene_command_config_free_buf() - ixgbe: Fix packet corruption due to missing DMA sync - drm: Return -ENOTTY for non-drm ioctls - KVM: do not assume PTE is writable after follow_pfn - KVM: do not allow mapping valid but non-reference-counted pages (CVE-2021-22543) - KVM: Use kvm_pfn_t for local PFN variable in hva_to_pfn_remapped() - [arm64,armhf] net: dsa: mv88e6xxx: use correct .stats_set_histogram() on Topaz - btrfs: compression: don't try to compress if we don't have enough pages - PCI: Mark AMD Navi14 GPU ATS as broken - xhci: add xhci_get_virt_ep() helper https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.200 - [x86] KVM: determine if an exception has an error code only when injecting it. - net: split out functions related to registering inflight socket files - af_unix: fix garbage collect vs MSG_PEEK - workqueue: fix UAF in pwq_unbound_release_workfn() - net/802/mrp: fix memleak in mrp_request_join() - net/802/garp: fix memleak in garp_request_join() - net: annotate data race around sk_ll_usec - sctp: move 198 addresses from unusable to private scope - hfs: add missing clean-up in hfs_fill_super - hfs: fix high memory mapping in hfs_bnode_read - hfs: add lock nesting notation to hfs_find_init - cifs: fix the out of range assignment to bit fields in parse_server_interfaces https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.201 - virtio_net: Do not pull payload in skb->head - gro: ensure frag0 meets IP header alignment - [x86] asm: Ensure asm/proto.h can be included stand-alone - btrfs: fix rw device counting in __btrfs_free_extra_devids - [x86] kvm: fix vcpu-id indexed array sizes - ocfs2: fix zero out valid data - ocfs2: issue zeroout to EOF blocks - can: raw: raw_setsockopt(): fix raw_rcv panic for sock UAF - can: mcba_usb_start(): add missing urb->transfer_dma initialization - can: usb_8dev: fix memory leak - can: ems_usb: fix memory leak - can: esd_usb2: fix memory leak - NIU: fix incorrect error return, missed in previous revert - nfc: nfcsim: fix use after free during module unload - cfg80211: Fix possible memory leak in function cfg80211_bss_update - netfilter: conntrack: adjust stop timestamp to real expiry value - netfilter: nft_nat: allow to specify layer 4 protocol NAT only - i40e: Fix logic of disabling queues - i40e: Fix log TC creation failure when max num of queues is exceeded - tipc: fix sleeping in tipc accept routine - mlx4: Fix missing error code in mlx4_load_one() - net: llc: fix skb_over_panic - net/mlx5: Fix flow table chaining - sctp: fix return value check in __sctp_rcv_asconf_lookup - tulip: windbond-840: Fix missing pci_disable_device() in probe and remove - sis900: Fix missing pci_disable_device() in probe and remove - [powerpc*] pseries: Fix regression while building external modules - i40e: Add additional info to PHY type error https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.202 - btrfs: mark compressed range uptodate only if all bio succeed - r8152: Fix potential PM refcount imbalance - qed: fix possible unpaired spin_{un}lock_bh in _qed_mcp_cmd_and_union() - net: Fix zero-copy head len calculation. - bdi: move bdi_dev_name out of line - bdi: use bdi_dev_name() to get device name - bdi: add a ->dev_name field to struct backing_dev_info - Revert "Bluetooth: Shutdown controller after workqueues are flushed or cancelled" - [x86] Revert "watchdog: iTCO_wdt: Account for rebooting on second timeout" - padata: validate cpumask without removed CPU during offline - padata: add separate cpuhp node for CPUHP_PADATA_DEAD https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.203 - Revert "ACPICA: Fix memory leak caused by _CID repair function" - ALSA: seq: Fix racy deletion of subscriber - [armhf] imx: add missing iounmap() - ALSA: usb-audio: fix incorrect clock source setting - scsi: sr: Return correct event when media event code is 3 - media: videobuf2-core: dequeue if start_streaming fails - net: natsemi: Fix missing pci_disable_device() in probe and remove - sctp: move the active_key update after sh_keys is added - nfp: update ethtool reporting of pauseframe control - net: ipv6: fix returned variable type in ip6_skb_dst_mtu - bnx2x: fix an error code in bnx2x_nic_load() - net: pegasus: fix uninit-value in get_interrupt_interval - [armhf] net: fec: fix use-after-free in fec_drv_remove - net: vxge: fix use-after-free in vxge_device_unregister - Bluetooth: defer cleanup of resources in hci_unregister_dev() - USB: usbtmc: Fix RCU stall warning - USB: serial: option: add Telit FD980 composition 0x1056 - USB: serial: ch341: fix character loss at high transfer rates - USB: serial: ftdi_sio: add device ID for Auto-M3 OP-COM v2 - firmware_loader: use -ETIMEDOUT instead of -EAGAIN in fw_load_sysfs_fallback - firmware_loader: fix use-after-free in firmware_fallback_sysfs - ALSA: usb-audio: Add registration quirk for JBL Quantum 600 - usb: gadget: f_hid: added GET_IDLE and SET_IDLE handlers - usb: gadget: f_hid: fixed NULL pointer dereference - usb: gadget: f_hid: idle uses the highest byte for duration - tracing/histogram: Rename "cpu" to "common_cpu" - [arm64] optee: Clear stale cache entries during initialization - staging: rtl8723bs: Fix a resource leak in sd_int_dpc - media: rtl28xxu: fix zero-length control request - pipe: increase minimum default pipe size to 2 pages - ext4: fix potential htree corruption when growing large_dir directories - serial: 8250: Mask out floating 16/32-bit bus bits - [mips*] Malta: Do not byte-swap accesses to the CBUS UART - [x86] pcmcia: i82092: fix a null pointer dereference bug - [x86] KVM: accept userspace interrupt only if no event is injected - [x86] KVM: x86/mmu: Fix per-cpu counter corruption on 32-bit builds - [armhf] spi: meson-spicc: fix memory leak in meson_spicc_remove - qmi_wwan: add network device usage statistics for qmimux devices - libata: fix ata_pio_sector for CONFIG_HIGHMEM - reiserfs: add check for root_inode in reiserfs_fill_super - reiserfs: check directory items on read from disk - net/qla3xxx: fix schedule while atomic in ql_wait_for_drvr_lock and ql_adapter_reset - [armhf] imx: add mmdc ipg clock operation for mmdc https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.204 - [x86] KVM: SVM: Fix off-by-one indexing when nullifying last used SEV VMCB - bpf: Inherit expanded/patched seen count from old aux data (CVE-2021-33624) - bpf: Do not mark insn as seen under speculative path verification (CVE-2021-33624) - bpf: Fix leakage under speculation on mispredicted branches (CVE-2021-33624) - [x86] KVM: MMU: Use the correct inherited permissions to get shadow page (CVE-2021-38198) - USB:ehci:fix Kunpeng920 ehci hardware problem - ppp: Fix generating ppp unit id when ifname is not specified - ovl: prevent private clone if bind mount is not allowed CVE-2021-3732) - net: xilinx_emaclite: Do not print real IOMEM pointer (CVE-2021-38205) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.205 - [x86] ASoC: intel: atom: Fix reference to PCM buffer address - i2c: dev: zero out array used for i2c reads from userspace - [amd64,arm64] ACPI: NFIT: Fix support for virtual SPA ranges - ieee802154: hwsim: fix GPF in hwsim_set_edge_lqi - ieee802154: hwsim: fix GPF in hwsim_new_edge_nl - ppp: Fix generating ifname when empty IFLA_IFNAME is specified - net: Fix memory leak in ieee802154_raw_deliver - net: igmp: fix data-race in igmp_ifc_timer_expire() - net: bridge: fix memleak in br_add_if() - tcp_bbr: fix u32 wrap bug in round logic if bbr_init() called after 2B packets - net: igmp: increase size of mr_ifc_count - xen/events: Fix race in set_evtchn_to_irq - vsock/virtio: avoid potential deadlock when vsock device remove - [powerpc*] kprobes: Fix kprobe Oops happens in booke - genirq: Provide IRQCHIP_AFFINITY_PRE_STARTUP - [x86] msi: Force affinity setup before startup - [x86] ioapic: Force affinity setup before startup - genirq/msi: Ensure deactivation on teardown - PCI/MSI: Enable and mask MSI-X early - PCI/MSI: Do not set invalid bits in MSI mask - PCI/MSI: Correct misleading comments - PCI/MSI: Use msi_mask_irq() in pci_msi_shutdown() - PCI/MSI: Protect msi_desc::masked for multi-MSI - PCI/MSI: Mask all unused MSI-X entries - PCI/MSI: Enforce that MSI-X table entry is masked for update - PCI/MSI: Enforce MSI[X] entry updates to be visible - [amd64] iommu/vt-d: Fix agaw for a supported 48 bit guest address width - mac80211: drop data frames without key on encrypted links - [x86] KVM: nSVM: always intercept VMLOAD/VMSAVE when nested (CVE-2021-3656) - [x86] KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl (CVE-2021-3653) - [x86] fpu: Make init_fpstate correct with optimized XSAVE - ath: Use safer key clearing with key cache entries (CVE-2020-3702) - ath9k: Clear key cache explicitly on disabling hardware (CVE-2020-3702) - ath: Export ath_hw_keysetmac() (CVE-2020-3702) - ath: Modify ath_key_delete() to not need full key entry (CVE-2020-3702) - ath9k: Postpone key cache entry deletion for TXQ frames reference it (CVE-2020-3702) - dmaengine: of-dma: router_xlate to return -EPROBE_DEFER if controller is not yet available - scsi: megaraid_mm: Fix end of loop tests for list_for_each_entry() - scsi: scsi_dh_rdac: Avoid crash during rdac_bus_attach() - scsi: core: Avoid printing an error if target_alloc() returns -ENXIO - net: usb: lan78xx: don't modify phy_device state concurrently - Bluetooth: hidp: use correct wait queue when removing ctrl_wait - [arm64] cpufreq: armada-37xx: forbid cpufreq for 1.2 GHz variant - vhost: Fix the calculation in vhost_overflow() - bnxt: don't lock the tx queue from napi poll - bnxt: disable napi before canceling DIM - net: 6pack: fix slab-out-of-bounds in decode_data - net: qlcnic: add missed unlock in qlcnic_83xx_flash_read32 - [arm64,armhf] net: mdio-mux: Don't ignore memory allocation errors - [arm64,armhf] net: mdio-mux: Handle -EPROBE_DEFER correctly - [arm64,armhf] mmc: dw_mmc: Fix hang on data CRC error - ALSA: hda - fix the 'Capture Switch' value change notifications - btrfs: prevent rename2 from exchanging a subvol with a directory from different parents - PCI: Increase D3 delay for AMD Renoir/Cezanne XHCI - [x86] ASoC: intel: atom: Fix breakage for PCM buffer address setup - locks: print a warning when mount fails due to lack of "mand" support - fs: warn about impending deprecation of mandatory locks - netfilter: nft_exthdr: fix endianness of tcp option cast https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.206 - net: qrtr: fix another OOB Read in qrtr_endpoint_post (CVE-2021-3743) - bpf: Do not use ax register in interpreter on div/mod - bpf: Fix 32 bit src register truncation on div/mod (CVE-2021-3600) - bpf: Fix truncation handling for mod32 dst reg wrt zero (CVE-2021-3444) - netfilter: conntrack: collect all entries in one cycle - once: Fix panic when module unload - can: usb: esd_usb2: esd_usb2_rx_event(): fix the interchange of the CAN RX and TX error counters - Revert "USB: serial: ch341: fix character loss at high transfer rates" - USB: serial: option: add new VID/PID to support Fibocom FG150 - [arm64,armhf] usb: dwc3: gadget: Fix dwc3_calc_trbs_left() - [arm64,armhf] usb: dwc3: gadget: Stop EP0 transfers during pullup disable - [amd64] IB/hfi1: Fix possible null-pointer dereference in _extend_sdma_tx_descs() - e1000e: Fix the max snoop/no-snoop latency for 10M - ip_gre: add validation for csum_start - [arm64] xgene-v2: Fix a resource leak in the error handling path of 'xge_probe()' - [arm64,armhf] net: marvell: fix MVNETA_TX_IN_PRGRS bit number - [arm64] net: hns3: fix get wrong pfc_en when query PFC configuration - usb: gadget: u_audio: fix race condition on endpoint stop - opp: remove WARN when no valid OPPs remain - virtio: Improve vq->broken access to avoid any compiler optimization - virtio_pci: Support surprise removal of virtio pci device - [amd64] vringh: Use wiov->used to check for read/write desc order - qed: qed ll2 race condition fixes - qed: Fix null-pointer dereference in qed_rdma_create_qp() - drm: Copy drm_wait_vblank to user before returning - drm/nouveau/disp: power down unused DP links during init - net/rds: dma_map_sg is entitled to merge entries - vt_kdsetmode: extend console locking (CVE-2021-3753) - fbmem: add margin check to fb_check_caps() - [x86] KVM: x86/mmu: Treat NX as used (not reserved) for all !TDP shadow MMUs - Revert "floppy: reintroduce O_NDELAY fix" - net: don't unconditionally copy_from_user a struct ifreq for socket ioctls https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.207 - ext4: fix race writing to an inline_data file while its xattrs are changing (CVE-2021-40490) - [armhf] gpu: ipu-v3: Fix i.MX IPU-v3 offset calculations for (semi)planar U/V formats - qed: Fix the VF msix vectors flow - [arm64] net: macb: Add a NULL check on desc_ptp - qede: Fix memset corruption - [x86] perf/x86/intel/pt: Fix mask of num_address_ranges - [x86] perf/x86/amd/ibs: Work around erratum #1197 - [armel,armhf] 8918/2: only build return_address() if needed - ALSA: pcm: fix divide error in snd_pcm_lib_ioctl - clk: fix build warning for orphan_list - media: stkwebcam: fix memory leak in stk_camera_probe - [armhf] imx: add missing clk_disable_unprepare() - [armhf] imx: fix missing 3rd argument in macro imx_mmdc_perf_init - igmp: Add ip_mc_list lock in ip_check_mc_rcu - ipv4/icmp: l3mdev: Perform icmp error route lookup on source device routing table (v2) - SUNRPC/nfs: Fix return value for nfs4_callback_compound() - [powerpc*] module64: Fix comment in R_PPC64_ENTRY handling - [powerpc*] boot: Delete unneeded .globl _zimage_start - mm/page_alloc: speed up the iteration of max_order - Revert "btrfs: compression: don't try to compress if we don't have enough pages" - ALSA: usb-audio: Add registration quirk for JBL Quantum 800 - [x86] reboot: Limit Dell Optiplex 990 quirk to early BIOS versions - PCI: Call Max Payload Size-related fixup quirks early - locking/mutex: Fix HANDOFF condition - regmap: fix the offset of register error log - sched/deadline: Fix reset_on_fork reporting of DL tasks - power: supply: axp288_fuel_gauge: Report register-address on readb / writeb errors - sched/deadline: Fix missing clock update in migrate_task_rq_dl() - hrtimer: Avoid double reprogramming in __hrtimer_start_range_ns() - udf: Check LVID earlier - isofs: joliet: Fix iocharset=utf8 mount option - bcache: add proper error unwinding in bcache_device_init - nvme-rdma: don't update queue count when failing to set io queues - [x86] power: supply: max17042_battery: fix typo in MAx17042_TOFF - [s390x] cio: add dev_busid sysfs entry for each subchannel - libata: fix ata_host_start() - [x86] crypto: qat - do not ignore errors from enable_vf2pf_comms() - [x86] crypto: qat - handle both source of interrupt in VF ISR - [x86] crypto: qat - fix reuse of completion variable - [x86] crypto: qat - fix naming for init/shutdown VF to PF notifications - [x86] crypto: qat - do not export adf_iov_putmsg() - fcntl: fix potential deadlock for &fasync_struct.fa_lock - udf_get_extendedattr() had no boundary checks. - lib/mpi: use kcalloc in mpi_resize - [x86] crypto: qat - use proper type for vf_mask - media: dvb-usb: fix uninit-value in dvb_usb_adapter_dvb_init - media: dvb-usb: fix uninit-value in vp702x_read_mac_addr - media: go7007: remove redundant initialization - Bluetooth: sco: prevent information leak in sco_conn_defer_accept() - tcp: seq_file: Avoid skipping sk during tcp_seek_last_pos - media: em28xx-input: fix refcount bug in em28xx_usb_disconnect - [arm64] media: venus: venc: Fix potential null pointer dereference on pointer fmt - PCI: PM: Avoid forcing PCI_D0 for wakeup reasons inconsistently - PCI: PM: Enable PME if it can be signaled from D3cold - Bluetooth: increase BTNAMSIZ to 21 chars to fix potential buffer overflow - [arm64] drm/msm/dpu: make dpu_hw_ctl_clear_all_blendstages clear necessary LMs - Bluetooth: fix repeated calls to sco_sock_kill - [arm64] drm/msm/dsi: Fix some reference counted resource leaks - [armhf] usb: phy: twl6030: add IRQ checks - Bluetooth: Move shutdown callback before flushing tx and rx queue - mac80211: Fix insufficient headroom issue for AMSDU - Bluetooth: add timeout sanity check to hci_inquiry - [armhf] i2c: s3c2410: fix IRQ check - [arm64,armhf] mmc: dw_mmc: Fix issue with uninitialized dma_slave_config - CIFS: Fix a potencially linear read overflow - [arm*] usb: ehci-orion: Handle errors of clk_prepare_enable() in probe - ath6kl: wmi: fix an error code in ath6kl_wmi_sync_point() - bcma: Fix memory leak for internally-handled cores - ipv4: make exception cache less predictible - net: sched: Fix qdisc_rate_table refcount leak when get tcf_block failed - ipv4: fix endianness issue in inet_rtm_getroute_build_skb() - netns: protect netns ID lookups with RCU - fscrypt: add fscrypt_symlink_getattr() for computing st_size - ext4: report correct st_size for encrypted symlinks - f2fs: report correct st_size for encrypted symlinks - ubifs: report correct st_size for encrypted symlinks - tty: Fix data race between tiocsti() and flush_to_ldisc() - [x86] KVM: Update vCPU's hv_clock before back to guest when tsc_offset is adjusted - fbmem: don't allow too huge resolutions - [arm64,armhf] backlight: pwm_bl: Improve bootloader/kernel device handover - [armel] clk: kirkwood: Fix a clocking boot regression - btrfs: reset replace target device to allocation state on close - blk-zoned: allow zone management send operations without CAP_SYS_ADMIN - blk-zoned: allow BLKREPORTZONE without CAP_SYS_ADMIN - PCI/MSI: Skip masking MSI-X on Xen PV - [powerpc*] perf/hv-gpci: Fix counter value parsing - xen: fix setting of max_pfn in shared_info - 9p/xen: Fix end of loop tests for list_for_each_entry - bpf/verifier: per-register parent pointers - bpf: correct slot_type marking logic to allow more stack slot sharing - bpf: Support variable offset stack access from helpers - bpf: Reject indirect var_off stack access in raw mode - bpf: Reject indirect var_off stack access in unpriv mode - bpf: Sanity check max value for var_off stack access - bpf: track spill/fill of constants - bpf: Introduce BPF nospec instruction for mitigating Spectre v4 (CVE-2021-34556, CVE-2021-35477) - bpf: Fix leakage due to insufficient speculative store bypass mitigation (CVE-2021-34556, CVE-2021-35477) - bpf: verifier: Allocate idmap scratch in verifier env - bpf: Fix pointer arithmetic mask tightening under state pruning - [arm64] head: avoid over-mapping in map_memory - block: bfq: fix bfq_set_next_ioprio_data() - [x86] power: supply: max17042: handle fails of reading status register - dm crypt: Avoid percpu_counter spinlock contention in crypt_page_alloc() - [x86] VMCI: fix NULL pointer dereference when unmapping queue pair - media: uvc: don't do DMA on stack - media: rc-loopback: return number of emitters rather than error - libata: add ATA_HORKAGE_NO_NCQ_TRIM for Samsung 860 and 870 SSDs - PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported - PCI: Return ~0 data on pciconfig_read() CAP_SYS_ADMIN failure - [arm64] PCI: xilinx-nwl: Enable the clock through CCF - [arm64] PCI: aardvark: Increase polling delay to 1.5s while waiting for PIO response - [arm64] PCI: aardvark: Fix masking and unmasking legacy INTx interrupts - HID: input: do not report stylus battery state as "full" - RDMA/iwcm: Release resources if iw_cm module initialization fails - docs: Fix infiniband uverbs minor number - [armhf] pinctrl: samsung: Fix pinctrl bank pin count - [powerpc*] stacktrace: Include linux/delay.h - [arm64,armhf] pinctrl: single: Fix error return code in pcs_parse_bits_in_pinctrl_entry() - scsi: qedi: Fix error codes in qedi_alloc_global_queues() - [x86] platform/x86: dell-smbios-wmi: Add missing kfree in error-exit from run_smbios_call - fscache: Fix cookie key hashing - f2fs: fix to account missing .skipped_gc_rwsem - f2fs: fix to unmap pages from userspace process in punch_hole() - [mips*] Malta: fix alignment of the devicetree buffer - userfaultfd: prevent concurrent API initialization - media: dib8000: rewrite the init prbs logic - PCI: Use pci_update_current_state() in pci_enable_device_flags() - tipc: keep the skb in rcv queue until the whole data is read - video: fbdev: kyro: fix a DoS bug by restricting user input - netlink: Deal with ESRCH error in nlmsg_notify() - usb: gadget: u_ether: fix a potential null pointer dereference - usb: gadget: composite: Allow bMaxPower=0 if self-powered - tty: serial: jsm: hold port lock when reporting modem line changes - video: fbdev: kyro: Error out if 'pixclock' equals zero - ipv4: ip_output.c: Fix out-of-bounds warning in ip_copy_addrs() - flow_dissector: Fix out-of-bounds warnings - [s390x] jump_label: print real address in a case of a jump label bug - serial: 8250: Define RX trigger levels for OxSemi 950 devices - serial: 8250_pci: make setup_port() parameters explicitly unsigned - Bluetooth: skip invalid hci_sync_conn_complete_evt - bonding: 3ad: fix the concurrency between __bond_release_one() and bond_3ad_state_machine_handler() - [x86] ASoC: Intel: bytcr_rt5640: Move "Platform Clock" routes to the maps for the matching in-/output - media: v4l2-dv-timings.c: fix wrong condition in two for-loops - [armhf] dts: imx53-ppd: Fix ACHC entry - [arm64] dts: qcom: sdm660: use reg value for memory node - [arm64] net: ethernet: stmmac: Do not use unreachable() in ipq806x_gmac_probe() - Bluetooth: schedule SCO timeouts with delayed_work - Bluetooth: avoid circular locks in sco_sock_connect - gpu: drm: amd: amdgpu: amdgpu_i2c: fix possible uninitialized-variable access in amdgpu_i2c_router_select_ddc_port() - Bluetooth: Fix handling of LE Enhanced Connection Complete - tcp: enable data-less, empty-cookie SYN with TFO_SERVER_COOKIE_NOT_REQD - rpc: fix gss_svc_init cleanup on failure - [x86] staging: rts5208: Fix get_ms_information() heap buffer size - gfs2: Don't call dlm after protocol is unmounted - of: Don't allow __of_attached_node_sysfs() without CONFIG_SYSFS - [arm64] mmc: sdhci-of-arasan: Check return value of non-void funtions - mmc: rtsx_pci: Fix long reads when clock is prescaled - mmc: core: Return correct emmc response in case of ioctl error - cifs: fix wrong release in sess_alloc_buffer() failed path - Revert "USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST quirk set" - [armhf] usb: musb: musb_dsps: request_irq() after initializing musb - usbip: give back URBs for unsent unlink requests during cleanup - usbip:vhci_hcd USB port can get stuck in the disabled state - [arm64,armhf] ASoC: rockchip: i2s: Fix regmap_ops hang - [arm64,armhf] ASoC: rockchip: i2s: Fixup config for DAIFMT_DSP_A/B - parport: remove non-zero check on count - ath9k: fix OOB read ar9300_eeprom_restore_internal - ath9k: fix sleeping in atomic context - ovl: fix BUG_ON() in may_delete() when called from ovl_cleanup() - [x86] scsi: BusLogic: Fix missing pr_cont() use - scsi: qla2xxx: Sync queue idx with queue_pair_map idx - [powerpc*] cpufreq: powernv: Fix init_chip_info initialization in numa=off - mm/hugetlb: initialize hugetlb_usage in mm_init - memcg: enable accounting for pids in nested pid namespaces - [arm64,armhf] platform/chrome: cros_ec_proto: Send command again when timeout occurs - drm/amdgpu: Fix BUG_ON assert - dm thin metadata: Fix use-after-free in dm_bm_set_read_only - [x86] xen: reset legacy rtc flag for PV domU - bnx2x: Fix enabling network interfaces without VFs - [arm64] sve: Use correct size when reinitialising SVE state - PM: base: power: don't try to use non-existing RTC for storing data - PCI: Add AMD GPU multi-function power dependencies - [x86] mm: Fix kern_addr_valid() to cope with existing but not present entries - tipc: fix an use-after-free issue in tipc_recvmsg - dccp: don't duplicate ccid when cloning dccp sock (CVE-2020-16119) - net/l2tp: Fix reference count leak in l2tp_udp_recv_core - r6040: Restore MDIO clock frequency after MAC reset - tipc: increase timeout in tipc_sk_enqueue() - net/mlx5: Fix potential sleeping in atomic context - events: Reuse value read using READ_ONCE instead of re-reading it - net/af_unix: fix a data-race in unix_dgram_poll - [arm64,armhf] net: dsa: destroy the phylink instance on any error in dsa_slave_phy_setup - tcp: fix tp->undo_retrans accounting in tcp_sacktag_one() - qed: Handle management FW error - [arm64] net: hns3: pad the short tunnel frame before sending to hardware - mm/memory_hotplug: use "unsigned long" for PFN in zone_for_pfn_range() - [s390x] KVM: index kvm->arch.idle_mask by vcpu_idx - dt-bindings: mtd: gpmc: Fix the ECC bytes vs. OOB bytes equation - [armhf] mfd: Don't use irq_create_mapping() to resolve a mapping - PCI: Add ACS quirks for Cavium multi-function devices - net: usb: cdc_mbim: avoid altsetting toggling for Telit LN920 - block, bfq: honor already-setup queue merges - ethtool: Fix an error code in cxgb2.c - mfd: axp20x: Update AXP288 volatile ranges - PCI: Fix pci_dev_str_match_path() alloc while atomic bug - [arm64] KVM: Handle PSCI resets before userspace touches vCPU state - mtd: rawnand: cafe: Fix a resource leak in the error handling path of 'cafe_nand_probe()' - [armhf] net: dsa: b53: Fix calculating number of switch ports - netfilter: socket: icmp6: fix use-after-scope - fq_codel: reject silly quantum parameters - qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom - ip_gre: validate csum_start only on pull https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.208 - [s390x] bpf: Fix optimizing out zero-extensions - KVM: remember position in kvm->vcpus array - rcu: Fix missed wakeup of exp_wq waiters - apparmor: remove duplicate macro list_entry_is_head() - tracing/kprobe: Fix kprobe_on_func_entry() modification - sctp: validate chunk size in __rcv_asconf_lookup (CVE-2021-3655) - sctp: add param size validation for SCTP_PARAM_SET_PRIMARY (CVE-2021-3655) - dmaengine: acpi: Avoid comparison GSI with Linux vIRQ - [armhf] thermal/drivers/exynos: Fix an error code in exynos_tmu_probe() - 9p/trans_virtio: Remove sysfs file on probe failure - prctl: allow to setup brk for et_dyn executables - nilfs2: use refcount_dec_and_lock() to fix potential UAF - profiling: fix shift-out-of-bounds bugs - drivers: base: cacheinfo: Get rid of DEFINE_SMP_CALL_CACHE_FUNCTION() - ceph: lockdep annotations for try_nonblocking_invalidate - nilfs2: fix memory leak in nilfs_sysfs_create_device_group - nilfs2: fix NULL pointer in nilfs_##name##_attr_release - nilfs2: fix memory leak in nilfs_sysfs_create_##name##_group - nilfs2: fix memory leak in nilfs_sysfs_delete_##name##_group - nilfs2: fix memory leak in nilfs_sysfs_create_snapshot_group - nilfs2: fix memory leak in nilfs_sysfs_delete_snapshot_group - [arm64,armhf] pwm: rockchip: Don't modify HW state in .remove() callback - blk-throttle: fix UAF by deleteing timer in blk_throtl_exit() - drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV . [ Salvatore Bonaccorso ] * [rt] Update to 4.19.195-rt82 * [rt] Update to 4.19.196-rt83 * Bump ABI to 18 * [rt] Update to 4.19.197-rt84 * Refresh "fs: Add MODULE_SOFTDEP declarations for hard-coded crypto drivers" * [rt] Update to 4.19.198-rt85 * Refresh "scsi: hisi_sas: Create separate host attributes per HBA" * [rt] Update to 4.19.199-rt86 * [rt] Update to 4.19.206-rt87 * [rt] Update to 4.19.207-rt88 * hso: fix bailout in error case of probe * usb: hso: fix error handling code of hso_create_net_device (CVE-2021-37159) * usb: hso: remove the bailout parameter linux-signed-i386 (4.19.194+3) buster-security; urgency=high . * Sign kernel from linux 4.19.194-3 . * [x86] KVM: SVM: Periodically schedule when unregistering regions on destroy (CVE-2020-36311) * can: bcm: fix infoleak in struct bcm_msg_head (CVE-2021-34693) * can: bcm: delay release of struct bcm_op after synchronize_rcu() (CVE-2021-3609) * seq_file: Disallow extremely large seq buffer allocations (CVE-2021-33909) linux-signed-i386 (4.19.194+2) buster; urgency=medium . * Sign kernel from linux 4.19.194-2 . * proc: Track /proc/$pid/attr/ opener mm_struct (Closes: #990072) linuxptp (1.9.2-1+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * Validate the messageLength field of incoming messages (CVE-2021-3570) (Closes: #990748) lynx (2.8.9rel.1-3+deb10u1) buster-security; urgency=high . * Apply fix from Lynx 2.9.0dev.9 for CVE-2021-38165 to fix leakage of username and password in the TLS 1.2 SNI Extension if username and password were given in the URL, i.e. as https://user:pass@example.org/ (Closes: #991971) mariadb-10.3 (1:10.3.31-0+deb10u1) buster; urgency=medium . * New upstream version 10.3.31. Includes security fixes for: - CVE-2021-2389 - CVE-2021-2372 * New upstream version 10.3.30. Includes several important bug fixes. (MDEV-25714: Join using derived with aggregation returns incorrect results) (Closes: #990306) * Fix Perl executable path in scripts (stop using 'env') (Closes: #991472) Upstream MariaDB has broken shebangs (#!/usr/bin/env perl) in several scripts, thus rendering them potentially loading the wrong Perl version and rendering the scripts unusable. Fixing the shebang recovers correct behaviour. mediawiki (1:1.31.16-1~deb10u1) buster-security; urgency=medium . * New upstream version 1.31.16, fixing CVE-2021-35197, CVE-2021-41798, CVE-2021-41799, CVE-2021-41800, CVE-2021-41801. modsecurity-crs (3.1.0-1+deb10u2) buster; urgency=medium . * Add upstream patch to fix request body bypass CVE-2021-35368 (Closes: #992000) nettle (3.4.1-1+deb10u1) buster-security; urgency=high . * Fix for CVE-2021-3580 - potential crash on invalid input to the RSA decryption functions (Closes: #989631). * Fix for CVE-2021-20305 - bug in ECDSA signature verification that could lead to a denial of service attack (via an assertion failure) or possibly incorrect results, backported from 3.7.2 by Marc Deslauriers (Closes: #985652). nextcloud-desktop (2.5.1-3+deb10u2) buster-security; urgency=high . * Add backported patch to fix CVE-2021-22895. (Closes: #989846) * Add backported patch to fix CVE-2021-32728. * Update patch for CVE-2021-32728 for v2.5.1. * Add patch to make it possible to accept invalid SSL certificates. node-ansi-regex (3.0.0-1+deb10u1) buster; urgency=medium . * Team upload * Fix ReDoS (Closes: CVE-2021-3807) node-axios (0.17.1+dfsg-2+deb10u1) buster; urgency=medium . * Team upload * Fix reDoS (Closes: CVE-2021-3749) node-jszip (3.1.4+dfsg-1+deb10u1) buster; urgency=medium . * Team upload * Use a null prototype object for this.files (Closes: CVE-2021-23413) node-tar (4.4.6+ds1-3+deb10u1) buster; urgency=medium . * Team upload * Remove paths from dirCache when no longer dirs (Closes: #992110, CVE-2021-32803) * Strip absolute paths more comprehensively (Closes: #992111, CVE-2021-32804) ntfs-3g (1:2017.3.23AR.3-3+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * Fixed an endianness error in ntfscp * Checked the locations of MFT and MFTMirr at startup * Fix multiple buffer overflows. CVE-2021-33285, CVE-2021-35269, CVE-2021-35268, CVE-2021-33289, CVE-2021-33286, CVE-2021-35266, CVE-2021-33287, CVE-2021-35267, CVE-2021-39251, CVE-2021-39252, CVE-2021-39253, CVE-2021-39254, CVE-2021-39255, CVE-2021-39256, CVE-2021-39257, CVE-2021-39258, CVE-2021-39259, CVE-2021-39260, CVE-2021-39261, CVE-2021-39262, CVE-2021-39263. (Closes: #988386) nvidia-cuda-toolkit (9.2.148-7+deb10u1) buster; urgency=medium . * [ppc64el]: Do not overwrite the customized nvcc.profile with the unmodified upstream copy from CUDA 9.2 Patch 1. (Closes: #991592) nvidia-graphics-drivers (418.211.00-1) buster; urgency=medium . * New upstream Tesla release 418.211.00 (2021-07-20). * Fixed CVE-2021-1093, CVE-2021-1094, CVE-2021-1095. (Closes: #991351) https://nvidia.custhelp.com/app/answers/detail/a_id/5211 . [ Andreas Beckmann ] * Refresh patches. * nvidia-driver-libs: Add Recommends: libnvidia-encode1 (470.42.01-1). (Closes: #989885) * debian/gen-control.pl: Support substitutions in the Vcs-Git field (470.57.02-1). * Compute and substitute the Git branch instead of hardcoding it (470.57.02-1). * Upload to buster. nvidia-graphics-drivers-legacy-390xx (390.144-1~deb10u1) buster; urgency=medium . * Rebuild for buster. . nvidia-graphics-drivers-legacy-390xx (390.144-1) unstable; urgency=medium . * New upstream legacy branch release 390.144 (2021-07-20). * Fixed CVE-2021-1093, CVE-2021-1094, CVE-2021-1095. (Closes: #991353) https://nvidia.custhelp.com/app/answers/detail/a_id/5211 - Worked around a bug in Meson builds of libglvnd 1.3.0 that caused the nvidia_icd.json file to be installed in the wrong location. . [ Andreas Beckmann ] * Refresh patches. * nvidia-legacy-390xx-driver-libs: Add Recommends: libnvidia-legacy-390xx-encode1 (460.91.03-1). (Closes: #989885) * debian/gen-control.pl: Support substitutions in the Vcs-Git field (460.91.03-1). * Compute and substitute the Git branch instead of hardcoding it (460.91.03-1). nvidia-graphics-drivers-legacy-390xx (390.144-1~bpo10+1) buster-backports; urgency=medium . * Rebuild for buster-backports. . nvidia-graphics-drivers-legacy-390xx (390.144-1) unstable; urgency=medium . * New upstream legacy branch release 390.144 (2021-07-20). * Fixed CVE-2021-1093, CVE-2021-1094, CVE-2021-1095. (Closes: #991353) https://nvidia.custhelp.com/app/answers/detail/a_id/5211 - Worked around a bug in Meson builds of libglvnd 1.3.0 that caused the nvidia_icd.json file to be installed in the wrong location. . [ Andreas Beckmann ] * Refresh patches. * nvidia-legacy-390xx-driver-libs: Add Recommends: libnvidia-legacy-390xx-encode1 (460.91.03-1). (Closes: #989885) * debian/gen-control.pl: Support substitutions in the Vcs-Git field (460.91.03-1). * Compute and substitute the Git branch instead of hardcoding it (460.91.03-1). . nvidia-graphics-drivers-legacy-390xx (390.143-1~deb10u1) buster; urgency=medium . * Rebuild for buster. nvidia-graphics-drivers-legacy-390xx (390.143-1) unstable; urgency=medium . * New upstream legacy branch release 390.143 (2021-04-19). * Fixed CVE-2021-1076. (Closes: #987218) https://nvidia.custhelp.com/app/answers/detail/a_id/5172 - Fixed a bug where vkCreateSwapchain could cause the X Server to crash when an invalid imageFormat was provided. - Fixed a driver installation failure on Linux kernel 5.11 release candidates, where the NVIDIA kernel module failed to build with error "fatal error: asm/kmap_types.h: No such file or directory". openjdk-11 (11.0.12+7-2~deb10u1) buster-security; urgency=medium . * Rebuild for buster openjdk-11 (11.0.12+7-1) unstable; urgency=high . * OpenJDK 11.0.12+7 build (release). * Security fixes: - JDK-8256157: Improve bytecode assembly. - JDK-8256491: Better HTTP transport. - JDK-8258432, CVE-2021-2341: Improve file transfers. - JDK-8260453: Improve Font Bounding. - JDK-8260960: Signs of jarsigner signing. - JDK-8260967, CVE-2021-2369: Better jar file validation. - JDK-8262380: Enhance XML processing passes. - JDK-8262403: Enhanced data transfer. - JDK-8262410: Enhanced rules for zones. - JDK-8262477: Enhance String Conclusions. - JDK-8262967: Improve Zip file support. - JDK-8264066, CVE-2021-2388: Enhance compiler validation. - JDK-8264079: Improve abstractions. - JDK-8264460: Improve NTLM support. * Encode the early-access status into the package version. LP: #1934895. openjdk-11 (11.0.12+6-1) unstable; urgency=medium . * OpenJDK 11.0.12+6 build (early access). openjdk-11 (11.0.12+4-1) unstable; urgency=medium . * OpenJDK 11.0.12+4 build (early access). * Don't apply the m68k-support patch, needs an update. openjdk-11 (11.0.11+9-1) unstable; urgency=high . * OpenJDK 11.0.11+9 build (release). * Security fixes: - JDK-8244473: Contextualize registration for JNDI. - JDK-8244543: Enhanced handling of abstract classes. - JDK-8259633: compiler/graalunit/CoreTest.java fails with NPE after JDK-8244543. - JDK-8250568: Less ambiguous processing (CVE-2021-2161). - JDK-8253799: Make lists of normal filenames. - JDK-8261183: Follow on to Make lists of normal filenames. - JDK-8249906: Enhance opening JARs (CVE-2021-2163). - JDK-8258247: Couple of issues in fix for JDK-8249906. - JDK-8259428: AlgorithmId.getEncodedParams() should return copy. - JDK-8257001: Improve HTTP client support. openjdk-11-jre-dcevm (11.0.12+7-1~deb10u1) buster-security; urgency=medium . * Rebuild for buster openjdk-11-jre-dcevm (11.0.11+9-2) unstable; urgency=medium . * Added an autopkgtest test suite to catch regressions caused by JDK updates openssl (1.1.1d-0+deb10u7) buster-security; urgency=medium . * CVE-2021-3711 (SM2 Decryption Buffer Overflow). * CVE-2021-3712 (Read buffer overruns processing ASN.1 strings). php7.3 (7.3.29-1~deb10u1) buster-security; urgency=medium . * New upstream version 7.3.29 + CVE-2021-21705: SSRF bypass in FILTER_VALIDATE_URL + CVE-2021-21704: Stack buffer overflow in firebird_info_cb + CVE-2021-21704: SIGSEGV in firebird_handle_doer + CVE-2021-21704: SIGSEGV in firebird_stmt_execute + CVE-2021-21704: Crash while parsing blob data in firebird_fetch_blob postgresql-11 (11.13-0+deb10u1) buster; urgency=medium . * New upstream version. . + Fix mis-planning of repeated application of a projection step (Tom Lane) . The planner could create an incorrect plan in cases where two ProjectionPaths were stacked on top of each other. The only known way to trigger that situation involves parallel sort operations, but there may be other instances. The result would be crashes or incorrect query results. Disclosure of server memory contents is also possible. (CVE-2021-3677) . + Disallow SSL renegotiation more completely (Michael Paquier) . SSL renegotiation has been disabled for some time, but the server would still cooperate with a client-initiated renegotiation request. A maliciously crafted renegotiation request could result in a server crash (see OpenSSL issue CVE-2021-3449). Disable the feature altogether on OpenSSL versions that permit doing so, which are 1.1.0h and newer. postorius (1.2.4-1+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * CVE-2021-40347: Check a user owns the email they are trying to unsubscribe (Fixes: #993746) proftpd-dfsg (1.3.6-4+deb10u6) buster; urgency=medium . * Add patch for Issue #1119: Cannot disable client-initiated renegotiation for FTPS https://github.com/proftpd/proftpd/issues/1119 * Bug #4332: Fix navigation into symlinked directories by removing interfering code added as part of Bug#4219. (Closes: #971742) * Add patch for issue #866: (Closes: #991394) mod_sftp crashes when using pubkey-auth with DSA keys * Add patch for upstream issue #1284 (Closes: #993173). * Add me to Uploaders. psmisc (23.2-1+deb10u1) buster; urgency=medium . * Team upload. * Fix regression in killall not matching process with names bigger than 15 characters by backporting the upstream patch that restores the check that works on kernels that have TASK_COMM_LEN set to 16. Closes: #912748 python-uflash (1.2.4+dfsg-1+deb10u1) buster; urgency=medium . [ Nick Morrott ] * d/firmware-microbit-micropython-dl.postinst: - Update firmware URL (Closes: #991280) request-tracker4 (4.4.3-2+deb10u1) buster; urgency=medium . * Apply upstream patch which fixes a security vulnerability that involves a login timing side-channel attack. This resolves CVE-2021-38562 (Closes: #995175) ring (20190215.1.f152c98~ds1-1+deb10u1) buster; urgency=high . * Non-maintainer upload by the LTS Team. * CVE-2021-21375 (Closes: #986815) The embedded copy of pjproject is affected by this CVE. Due to bad handling of two consecutive crafted answers to an INVITE, the attacker is able to crash the server resulting in a denial of service. sabnzbdplus (2.3.6+dfsg-1+deb10u2) buster; urgency=medium . * Backport upstream security fix to prevent a directory escape in the renamer function via malicious par2 files. (CVE-2021-29488) shim (15.4-7~deb10u1) buster; urgency=high . * Tweak how we call grub-install; don't abort on error. Not ideal behaviour either, but don't break upgrades. Copy the behaviour from the grub packages here. Bug #990966 shim (15.4-6) unstable; urgency=high . * Add arm64 patch to tweak section layout and stop crashing problems. Upstream issue #371. Closes: #990082, #990190 * In insecure mode, don't abort if we can't create the MokListXRT variable. Upstream issue #372. Closes: #989962, #990158 shim (15.4-6~deb10u1) buster; urgency=high . * Add arm64 patch to tweak section layout and stop crashing problems. Upstream issue #371. Closes: #990082, #990190 * In insecure mode, don't abort if we can't create the MokListXRT variable. Upstream issue #372. Closes: #989962, #990158 shim (15.4-5) unstable; urgency=medium . * Add defensive code around calls to db_get. Don't fail if they return errors. shim-helpers-amd64-signed (1+15.4+7~deb10u1) buster; urgency=high . * Update to shim 15.4-7~deb10u1 shim-helpers-amd64-signed (1+15.4+6) unstable; urgency=high . * Update to shim 15.4-6 shim-helpers-amd64-signed (1+15.4+6~deb10u1) buster; urgency=high . * Update to shim 15.4-6~deb10u1 shim-helpers-amd64-signed (1+15.4+5) unstable; urgency=medium . * Update to shim 15.4-5 shim-helpers-arm64-signed (1+15.4+7~deb10u1) buster; urgency=high . * Update to shim 15.4-7~deb10u1 shim-helpers-arm64-signed (1+15.4+6) unstable; urgency=high . * Update to shim 15.4-6 shim-helpers-arm64-signed (1+15.4+6~deb10u1) buster; urgency=high . * Update to shim 15.4-6~deb10u1 shim-helpers-arm64-signed (1+15.4+5) unstable; urgency=medium . * Update to shim 15.4-5 shim-helpers-i386-signed (1+15.4+7~deb10u1) buster; urgency=high . * Update to shim 15.4-7~deb10u1 shim-helpers-i386-signed (1+15.4+6) unstable; urgency=high . * Update to shim 15.4-6 shim-helpers-i386-signed (1+15.4+6~deb10u1) buster; urgency=high . * Update to shim 15.4-6~deb10u1 shim-helpers-i386-signed (1+15.4+5) unstable; urgency=medium . * Update to shim 15.4-5 shim-signed (1.38~1+deb10u1) buster; urgency=medium . * Tweak how we call grub-install; don't abort on error. Not ideal behaviour either, but don't break upgrades. Copy the behaviour from the grub packages here. Bug #990984 * Update build-dep on shim-unsigned to use 15.4-7~deb10u1 shim-signed (1.37) unstable; urgency=medium . * Build against new signed binaries corresponding to 15.4-6 Pulls multiple bugfixes in for the signed version: + Add arm64 patch to tweak section layout and stop crashing problems. Upstream issue #371. (#990082, #990190) + In insecure mode, don't abort if we can't create the MokListXRT variable. Upstream issue #372. (#989962, #990158) * Update build-dep on shim-unsigned to use 15.4-6 shim-signed (1.37~1+deb10u1) buster; urgency=medium . * Buster update: build against new signed binaries corresponding to 15.4-6~deb10u1. Pulls multiple bugfixes in for the signed version: + Add arm64 patch to tweak section layout and stop crashing problems. Upstream issue #371. (#990082, #990190) + In insecure mode, don't abort if we can't create the MokListXRT variable. Upstream issue #372. (#989962, #990158) * Update build-dep on shim-unsigned to use 15.4-6~deb10u1 * Switch arm64 back to using a current unsigned build (undo changes in 1.36~1+deb10u2) shim-signed (1.36) unstable; urgency=medium . * Add defensive code around calls to db_get. Don't fail if they return errors. Closes: #988114 * Update build-dep on shim-unsigned to use 15.4-5 shim-signed (1.36~1+deb10u2) buster; urgency=high . * Workaround for boot-breaking bug on arm64. Despite initial testing suggesting otherwise, even an unsigned arm64 build of 15.4 seems likely to crash at boot on some systems. Copy an old version of the unsigned arm64 shim into place for now. This will not support Secure Boot, but it will at least allow people to boot. shiro (1.3.2-4+deb10u1) buster; urgency=medium . * Update patch for Spring Framework 4.3.x build failure. * Cherry-pick upstream patch with Guice improvements. * CVE-2020-1957: Fix a path-traversal issue where a specially-crafted request could cause an authentication bypass. (Closes: #955018) * CVE-2020-11989: Fix an encoding issue introduced in the handling of the previous CVE-2020-1957 path-traversal issue which could have also caused an authentication bypass. * CVE-2020-13933: Fix an authentication bypass resulting from a specially crafted HTTP request. (Closes: #968753) * CVE-2020-17510: Fix an authentication bypass resulting from a specially crafted HTTP request. squashfs-tools (1:4.3-12+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the LTS Team. * CVE-2021-40153 unsquashfs unvalidated filepaths allow writing outside of destination. systemd (241-7~deb10u8) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * basic/unit-name: do not use strdupa() on a path (CVE-2021-33910) thunderbird (1:78.14.0-1~deb10u1) buster-security; urgency=medium . * Rebuild for buster-security thunderbird (1:78.13.0-1) unstable; urgency=medium . * [b4498b0] New upstream version 78.13.0 Fixed CVE issues in upstream version 78.12 (MFSA 2021-35): CVE-2021-29986: Race condition when resolving DNS names could have led to memory corruption CVE-2021-29988: Memory corruption as a result of incorrect style treatment CVE-2021-29984: Incorrect instruction reordering during JIT optimization CVE-2021-29980: Uninitialized memory in a canvas object could have led to memory corruption CVE-2021-29985: Use-after-free media channels CVE-2021-29989: Memory safety bugs fixed in Thunderbird 78.13 thunderbird (1:78.13.0-1~deb11u1) bullseye-security; urgency=medium . * [6dc6817] d/changelog: Correct TB version for referenced MFSA * Rebuild for bullseye-security thunderbird (1:78.13.0-1~deb10u1) buster-security; urgency=medium . * Rebuild for buster-security thunderbird (1:78.12.0-1) unstable; urgency=medium . * [74d3cdb] New upstream version 78.12.0 Fixed CVE issues in upstream version 78.12 (MFSA 2021-30): CVE-2021-29969: IMAP server responses sent by a MITM prior to STARTTLS could be processed CVE-2021-29970: Use-after-free in accessibility features of a document CVE-2021-30547: Out of bounds write in ANGLE CVE-2021-29976: Memory safety bugs fixed in Thunderbird 78.12 thunderbird (1:78.12.0-1~deb10u1) stable-security; urgency=medium . * Rebuild for buster-security thunderbird (1:78.11.0-2) unstable; urgency=medium . [ Carsten Schoenert ] * [241e539] d/thunderbird.1: Correct debugger option Remove parts that are no longer valid, especially there is no dedicated shell script any more the user has to start, calling 'thunderbird -g' is enough to start a GDB call. * [66deb37] thunderbird: Use internal NSS source while package built (Closes: #989839, #989843, #989979, #989983, #989922, #990012) * [07fb6ef] d/thunderbird-wrapper.sh: Use '${}' syntax for variables . [ Kevin Locke ] * [d003e26] d/thunderbird-wrapper.sh: Make gdb call more fail safe (Closes: #942799) thunderbird (1:78.11.0-1) unstable; urgency=medium . * [42c4a87] New upstream version 78.11.0 Fixed CVE issues in upstream version 78.11 (MFSA 2021-26): CVE-2021-29967: Memory safety bugs fixed in Thunderbird 78.11 thunderbird (1:78.11.0-1~deb10u1) stable-security; urgency=medium . * Rebuild for buster-security thunderbird (1:78.10.2-1) unstable; urgency=medium . * [69552d8] New upstream version 78.10.2 Fixed CVE issues in upstream version 78.10.2 (MFSA 2021-22): CVE-2021-29957: Partial protection of inline OpenPGP message not indicated CVE-2021-29956: Thunderbird stored OpenPGP secret keys without master password protection thunderbird (1:78.10.0-1) unstable; urgency=medium . * [f38d78f] New upstream version 78.10.0 Fixed CVE issues in upstream version 78.10 (MFSA 2021-15): CVE-2021-23994: Out of bound write due to lazy initialization CVE-2021-23995: Use-after-free in Responsive Design Mode CVE-2021-23998: Secure Lock icon could have been spoofed CVE-2021-23961: More internal network hosts could have been probed by a malicious webpage CVE-2021-23999: Blob URLs may have been granted additional privileges CVE-2021-24002: Arbitrary FTP command execution on FTP servers using an encoded URL CVE-2021-29945: Incorrect size computation in WebAssembly JIT could lead to null-reads (This issue only affected x86-32 platforms.) CVE-2021-29946: Port blocking could be bypassed CVE-2021-29948: Race condition when reading from disk while verifying signatures thunderbird (1:78.10.0-1~deb10u1) stable-security; urgency=medium . * Rebuild for buster-security thunderbird (1:78.9.0-1) unstable; urgency=medium . [ Colomban Wendling ] * [7d454de] d/thunderbird.desktop: Switch StartupWMClass (Closes: #985366) . [ Carsten Schoenert ] * [23fe9ce] d/source.filter: small update to filtering list * [828b9d7] New upstream version 78.9.0 Fixed CVE issues in upstream version 78.9 (MFSA 2021-12): CVE-2021-23981: Texture upload into an unbound backing buffer resulted in an out-of-bound read CVE-2021-23982: Internal network hosts could have been probed by a malicious webpage CVE-2021-23984: Malicious extensions could have spoofed popup information CVE-2021-23987: Memory safety bugs fixed in Thunderbird 78.9 * [cf4fbde] rebuild patch queue from patch-queue branch Removed patch (included upstream): porting-s390x/Explicitly-instantiate-TIntermTraverser-traverse-TIntermN.patch thunderbird (1:78.9.0-1~deb10u1) stable-security; urgency=medium . * Rebuild for buster-security thunderbird (1:78.8.0-1) unstable; urgency=medium . [ Pino Toscano ] * [f2f1f3f] thunderbird: Stop shipping /u/s/p/thunderbird.png symlink . [ Carsten Schoenert ] * [f5707a7] New upstream version 78.8.0 Fixed CVE issues in upstream version 78.8 (MFSA 2021-09): CVE-2021-23969: Content Security Policy violation report could have contained the destination of a redirect CVE-2021-23968: Content Security Policy violation report could have contained the destination of a redirect CVE-2021-23973: MediaError message property could have leaked information about cross-origin resources CVE-2021-23978: Memory safety bugs fixed in Thunderbird 78.8 thunderbird (1:78.8.0-1~deb10u1) stable-security; urgency=medium . * Rebuild for buster-security thunderbird (1:78.7.1-1) unstable; urgency=medium . * [406f9d7] New upstream version 78.7.1 thunderbird (1:78.7.0-1) unstable; urgency=medium . * [8751354] New upstream version 78.7.0 Fixed CVE issues in upstream version 78.7 (MFSA 2021-05): CVE-2021-23953: Cross-origin information leakage via redirected PDF requests CVE-2021-23954: Type confusion when using logical assignment operators in JavaScript switch statements CVE-2020-15685: IMAP Response Injection when using STARTTLS CVE-2020-26976: HTTPS pages could have been intercepted by a registered service worker when they should not have been CVE-2021-23960: Use-after-poison for incorrectly redeclared JavaScript variables during GC CVE-2021-23964: Memory safety bugs fixed in Thunderbird 78.7 * [4b0c0a7] rebuild patch queue from patch-queue branch removed patch (included upstream): porting-mips/Bug-1642265-MIPS64-Add-branchTestSymbol-and-fallibleUnbox.patch thunderbird (1:78.7.0-1~deb10u1) stable-security; urgency=medium . * Rebuild for buster-security thunderbird (1:78.6.1-1) unstable; urgency=medium . [ Carsten Schoenert ] * [67f6117] Add Apache2 notice for third_party/python/coverage * [38b9ff7] lintian: adding override for false positive in SVG file . [ Carles Pina i Estany ] * [529d53a] d/thunderbird-wrapper.sh: Unset DEBUG/DEBUGGER variables (Closes: #960230) * [6d48708] d/thunderbird-wrapper-helper.sh: Adjust help text . [ Carsten Schoenert ] * [5309e91] d/thunderbird-wrapper*.sh: Prefixing some local variables * [07b4733] New upstream version 78.6.1 Fixed CVE issues in upstream version 78.6.1 (MFSA 2021-02): CVE-2020-16044: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk thunderbird (1:78.6.0-1) unstable; urgency=medium . * [1410f1e] d/watch: update to version 4 * [a8303b7] d/rules: use python3 explicitly while calling mach * [f3f535e] New upstream version 78.6.0 Fixed CVE issues in upstream version 78.6 (MFSA 2020-56): CVE-2020-16042: Operations on a BigInt could have caused uninitialized memory to be exposed CVE-2020-26971: Heap buffer overflow in WebGL CVE-2020-26973: CSS Sanitizer performed incorrect sanitization CVE-2020-26974: Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free CVE-2020-26978: Internal network hosts could have been probed by a malicious webpage CVE-2020-35111: The proxy.onRequest API did not catch view-source URLs CVE-2020-35112: Opening an extension-less download may have inadvertently launched an executable instead CVE-2020-35113: Memory safety bugs fixed in Thunderbird 78.6 (Closes: #972072, #973697) * [16a7ab7] /u/l/thunderbird: Correct escape sequencing for gdb calling We need to do a better escaping of values of the '-ex' option otherwise the shell is refusing the concatenated string we want to use as call. (Closes: #976979) tomcat9 (9.0.31-1~deb10u5) buster-security; urgency=high . * Team upload. * Fix CVE-2021-30640: A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. * Fix CVE-2021-33037: Apache Tomcat did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer encoding header if the client declared it would only accept an HTTP/1.0 response; - Tomcat honoured the identify encoding; and - Tomcat did not ensure that, if present, the chunked encoding was the final encoding. (Closes: #991046) tor (0.3.5.16-1) buster-security; urgency=medium . * New upstream version. For a full list see the upstream changelog. It includes: - Resolve an assertion failure caused by a behavior mismatch between our batch-signature verification code and our single-signature verification code. This assertion failure could be triggered remotely, leading to a denial of service attack. We fix this issue by disabling batch verification. Fixes bug 40078; bugfix on 0.2.6.1-alpha. This issue is also tracked as TROVE-2021-007 and CVE-2021-38385. Found by Henry de Valence. tor (0.3.5.15-1) buster-security; urgency=medium . * New upstream version, fixing several (security) issues (closes: #990000). For a full list see the upstream changelog. It includes: - Don't allow relays to spoof RELAY_END or RELAY_RESOLVED cell on half-closed streams. Previously, clients failed to validate which hop sent these cells: this would allow a relay on a circuit to end a stream that wasn't actually built with it. Bugfix on 0.3.5.1-alpha. This issue is also tracked as TROVE-2021- 003 and CVE-2021-34548. - Detect more failure conditions from the OpenSSL RNG code. Previously, we would detect errors from a missing RNG implementation, but not failures from the RNG code itself. Fortunately, it appears those failures do not happen in practice when Tor is using OpenSSL's default RNG implementation. Bugfix on 0.2.8.1-alpha. This issue is also tracked as TROVE-2021-004. Reported by Jann Horn at Google's Project Zero. - Resist a hashtable-based CPU denial-of-service attack against relays. Previously we used a naive unkeyed hash function to look up circuits in a circuitmux object. An attacker could exploit this to construct circuits with chosen circuit IDs, to create collisions and make the hash table inefficient. Now we use a SipHash construction here instead. Bugfix on 0.2.4.4-alpha. This issue is also tracked as TROVE-2021-005 and CVE-2021-34549. Reported by Jann Horn from Google's Project Zero. - Fix an out-of-bounds memory access in v3 onion service descriptor parsing. An attacker could exploit this bug by crafting an onion service descriptor that would crash any client that tried to visit it. Bugfix on 0.3.0.1-alpha. This issue is also tracked as TROVE-2021-006 and CVE-2021-34550. Reported by Sergei Glazunov from Google's Project Zero. trafficserver (8.0.2+ds-1+deb10u5) buster-security; urgency=medium . * CVE-2021-35474 CVE-2021-32567 CVE-2021-32566 CVE_2021-32565 CVE-2021-27577 (Closes: #990303) tzdata (2021a-0+deb10u2) buster; urgency=medium . * Cherry-pick patches from tzdata-2021b until the upstream situation gets less confused: - 01-no-leap-second-2021-12-31.patch: No leap second on 2021-12-31 as per IERS Bulletin C 62. - 02-samoa-dst.patch: Samoa no longer observes DST. - 03-jordan-dst.patch: Jordan now starts DST on February's last Thursday. ublock-origin (1.37.0+dfsg-1~deb10u1) buster; urgency=medium . * Backport to Debian 10 "Buster". ublock-origin (1.33.0+dfsg-1) unstable; urgency=medium . * New upstream version 1.33.0+dfsg. ublock-origin (1.32.0+dfsg-1) unstable; urgency=medium . * New upstream version 1.32.0+dfsg. * Declare compliance with Debian Policy 4.5.1. ublock-origin (1.30.0+dfsg-1) unstable; urgency=medium . * New upstream version 1.30.0+dfsg. ulfius (2.5.2-4+deb10u1) buster; urgency=medium . * d/patches: Fix CVE-2021-40540 webkit2gtk (2.32.4-1~deb10u1) buster-security; urgency=high . * Rebuild for buster-security. + Fixes CVE-2021-30858. * debian/patches/force-single-process.patch: + Force the single-process mode in Evolution and Geary * debian/control: + Remove Breaks for Evolution < 3.34.1. + Remove build dependency on libwpebackend-fdo-1.0-dev and libmanette-0.2-dev. + Switch build dependency from libenchant-2-dev to libenchant-dev. + Switch build dependencies on libgl-dev and libgles-dev with libgl1-mesa-dev and libgles2-mesa-dev. * Downgrade xdg-desktop-portal-gtk from a recommendation to a suggestion (See #989307) * debian/rules: + Build with -DENABLE_GAMEPAD=OFF (as libmanette is missing). webkit2gtk (2.32.3-1) unstable; urgency=high . * New upstream release. * The WebKitGTK security advisory WSA-2021-0004 lists the following security fixes in the latest versions of WebKitGTK: + CVE-2021-30666, CVE-2021-30761 (fixed in 2.26.0). + CVE-2021-30762 (fixed in 2.28.0). + CVE-2021-1817, CVE-2021-1820, CVE-2021-1825, CVE-2021-1826, CVE-2021-30661 (fixed in 2.30.0). + CVE-2021-21806 (fixed in 2.30.6). + CVE-2021-30682 (fixed in 2.32.0). + CVE-2021-30758 (fixed in 2.32.2). + CVE-2021-21775, CVE-2021-21779, CVE-2021-30663, CVE-2021-30665, CVE-2021-30689, CVE-2021-30720, CVE-2021-30734, CVE-2021-30744, CVE-2021-30749, CVE-2021-30795, CVE-2021-30797, CVE-2021-30799 (fixed in 2.32.3). webkit2gtk (2.32.3-1~deb10u1) buster-security; urgency=medium . * Rebuild for buster-security. * debian/patches/force-single-process.patch: + Force the single-process mode in Evolution and Geary * debian/control: + Remove Breaks for Evolution < 3.34.1. + Remove build dependency on libwpebackend-fdo-1.0-dev and libmanette-0.2-dev. + Switch build dependency from libenchant-2-dev to libenchant-dev. + Switch build dependencies on libgl-dev and libgles-dev with libgl1-mesa-dev and libgles2-mesa-dev. * Downgrade xdg-desktop-portal-gtk from a recommendation to a suggestion (Closes: #989307) * debian/rules: + Build with -DENABLE_GAMEPAD=OFF (as libmanette is missing). webkit2gtk (2.32.2-1) unstable; urgency=medium . * New upstream release. * debian/patches/fix-ftbfs-m68k.patch: + Update patch. webkit2gtk (2.32.1-2) unstable; urgency=high . * debian/control: + Update the dependencies on GStreamer plugins (Closes: #989332): - WebKitGTK really expects at least the -base and -good sets. - For video playback (e.g YouTube) -bad is also recommended. - The pulseaudio plugin was merged into the -good package so it will be always be available now. Move -alsa to Suggests. webkit2gtk (2.32.1-1) unstable; urgency=medium . * New upstream release. * debian/patches/fix-ftbfs-m68k.patch: + Update patch. * Downgrade dependency on xdg-desktop-portal-gtk to a recommendation. This works around an autopkgtest regression in balsa (see #987686). (Closes: #987428). xen (4.11.4+107-gef32c7afa2-1) buster-security; urgency=high . * Update to new upstream version 4.11.4+107-gef32c7afa2, which also contains security fixes for the following issues: - inappropriate x86 IOMMU timeout detection / handling XSA-373 CVE-2021-28692 - Speculative Code Store Bypass XSA-375 CVE-2021-0089 CVE-2021-26313 - x86: TSX Async Abort protections not restored after S3 XSA-377 CVE-2021-28690 * Note that the following XSA are not listed, because... - XSA-370 does not contain code changes. - XSA-371 and XSA-374 have patches for the Linux kernel. - XSA-372 only applies to Xen 4.12 and newer. xmlgraphics-commons (2.3-1+deb10u1) buster; urgency=medium . * Team upload. * Fix CVE-2020-11988: Apache XmlGraphics Commons is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. (Closes: #984949) yubikey-manager (2.1.0-1+deb10u1) buster; urgency=medium . * Add a dependency on python3-pkg-resources to yubikey-manager. Closes: #986865 * Add myself as an uploader. ======================================== Sat, 19 Jun 2021 - Debian 10.10 released ======================================== ========================================================================= [Date: Sat, 19 Jun 2021 08:52:00 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: linux-headers-4.19.0-14-all-amd64 | 4.19.171-2 | amd64 linux-headers-4.19.0-14-amd64 | 4.19.171-2 | amd64 linux-headers-4.19.0-14-cloud-amd64 | 4.19.171-2 | amd64 linux-headers-4.19.0-14-rt-amd64 | 4.19.171-2 | amd64 linux-image-4.19.0-14-amd64-dbg | 4.19.171-2 | amd64 linux-image-4.19.0-14-amd64-unsigned | 4.19.171-2 | amd64 linux-image-4.19.0-14-cloud-amd64-dbg | 4.19.171-2 | amd64 linux-image-4.19.0-14-cloud-amd64-unsigned | 4.19.171-2 | amd64 linux-image-4.19.0-14-rt-amd64-dbg | 4.19.171-2 | amd64 linux-image-4.19.0-14-rt-amd64-unsigned | 4.19.171-2 | amd64 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 19 Jun 2021 08:52:10 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: linux-headers-4.19.0-14-all-mipsel | 4.19.171-2 | mipsel ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 19 Jun 2021 08:52:18 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: ata-modules-4.19.0-14-powerpc64le-di | 4.19.171-2 | ppc64el btrfs-modules-4.19.0-14-powerpc64le-di | 4.19.171-2 | ppc64el cdrom-core-modules-4.19.0-14-powerpc64le-di | 4.19.171-2 | ppc64el compress-modules-4.19.0-14-powerpc64le-di | 4.19.171-2 | ppc64el crc-modules-4.19.0-14-powerpc64le-di | 4.19.171-2 | ppc64el crypto-dm-modules-4.19.0-14-powerpc64le-di | 4.19.171-2 | ppc64el crypto-modules-4.19.0-14-powerpc64le-di | 4.19.171-2 | ppc64el event-modules-4.19.0-14-powerpc64le-di | 4.19.171-2 | ppc64el ext4-modules-4.19.0-14-powerpc64le-di | 4.19.171-2 | ppc64el fancontrol-modules-4.19.0-14-powerpc64le-di | 4.19.171-2 | ppc64el fat-modules-4.19.0-14-powerpc64le-di | 4.19.171-2 | ppc64el fb-modules-4.19.0-14-powerpc64le-di | 4.19.171-2 | ppc64el firewire-core-modules-4.19.0-14-powerpc64le-di | 4.19.171-2 | ppc64el fuse-modules-4.19.0-14-powerpc64le-di | 4.19.171-2 | ppc64el hypervisor-modules-4.19.0-14-powerpc64le-di | 4.19.171-2 | ppc64el i2c-modules-4.19.0-14-powerpc64le-di | 4.19.171-2 | ppc64el input-modules-4.19.0-14-powerpc64le-di | 4.19.171-2 | ppc64el isofs-modules-4.19.0-14-powerpc64le-di | 4.19.171-2 | ppc64el jfs-modules-4.19.0-14-powerpc64le-di | 4.19.171-2 | ppc64el kernel-image-4.19.0-14-powerpc64le-di | 4.19.171-2 | ppc64el linux-headers-4.19.0-14-all-ppc64el | 4.19.171-2 | ppc64el linux-headers-4.19.0-14-powerpc64le | 4.19.171-2 | ppc64el linux-image-4.19.0-14-powerpc64le | 4.19.171-2 | ppc64el linux-image-4.19.0-14-powerpc64le-dbg | 4.19.171-2 | ppc64el loop-modules-4.19.0-14-powerpc64le-di | 4.19.171-2 | ppc64el md-modules-4.19.0-14-powerpc64le-di | 4.19.171-2 | ppc64el mouse-modules-4.19.0-14-powerpc64le-di | 4.19.171-2 | ppc64el mtd-core-modules-4.19.0-14-powerpc64le-di | 4.19.171-2 | ppc64el multipath-modules-4.19.0-14-powerpc64le-di | 4.19.171-2 | ppc64el nbd-modules-4.19.0-14-powerpc64le-di | 4.19.171-2 | ppc64el nic-modules-4.19.0-14-powerpc64le-di | 4.19.171-2 | ppc64el nic-shared-modules-4.19.0-14-powerpc64le-di | 4.19.171-2 | ppc64el nic-usb-modules-4.19.0-14-powerpc64le-di | 4.19.171-2 | ppc64el nic-wireless-modules-4.19.0-14-powerpc64le-di | 4.19.171-2 | ppc64el ppp-modules-4.19.0-14-powerpc64le-di | 4.19.171-2 | ppc64el sata-modules-4.19.0-14-powerpc64le-di | 4.19.171-2 | ppc64el scsi-core-modules-4.19.0-14-powerpc64le-di | 4.19.171-2 | ppc64el scsi-modules-4.19.0-14-powerpc64le-di | 4.19.171-2 | ppc64el scsi-nic-modules-4.19.0-14-powerpc64le-di | 4.19.171-2 | ppc64el serial-modules-4.19.0-14-powerpc64le-di | 4.19.171-2 | ppc64el squashfs-modules-4.19.0-14-powerpc64le-di | 4.19.171-2 | ppc64el udf-modules-4.19.0-14-powerpc64le-di | 4.19.171-2 | ppc64el uinput-modules-4.19.0-14-powerpc64le-di | 4.19.171-2 | ppc64el usb-modules-4.19.0-14-powerpc64le-di | 4.19.171-2 | ppc64el usb-serial-modules-4.19.0-14-powerpc64le-di | 4.19.171-2 | ppc64el usb-storage-modules-4.19.0-14-powerpc64le-di | 4.19.171-2 | ppc64el xfs-modules-4.19.0-14-powerpc64le-di | 4.19.171-2 | ppc64el ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 19 Jun 2021 08:52:27 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: btrfs-modules-4.19.0-14-s390x-di | 4.19.171-2 | s390x cdrom-core-modules-4.19.0-14-s390x-di | 4.19.171-2 | s390x compress-modules-4.19.0-14-s390x-di | 4.19.171-2 | s390x crc-modules-4.19.0-14-s390x-di | 4.19.171-2 | s390x crypto-dm-modules-4.19.0-14-s390x-di | 4.19.171-2 | s390x crypto-modules-4.19.0-14-s390x-di | 4.19.171-2 | s390x dasd-extra-modules-4.19.0-14-s390x-di | 4.19.171-2 | s390x dasd-modules-4.19.0-14-s390x-di | 4.19.171-2 | s390x ext4-modules-4.19.0-14-s390x-di | 4.19.171-2 | s390x fat-modules-4.19.0-14-s390x-di | 4.19.171-2 | s390x fuse-modules-4.19.0-14-s390x-di | 4.19.171-2 | s390x isofs-modules-4.19.0-14-s390x-di | 4.19.171-2 | s390x kernel-image-4.19.0-14-s390x-di | 4.19.171-2 | s390x linux-headers-4.19.0-14-all-s390x | 4.19.171-2 | s390x linux-headers-4.19.0-14-s390x | 4.19.171-2 | s390x linux-image-4.19.0-14-s390x | 4.19.171-2 | s390x linux-image-4.19.0-14-s390x-dbg | 4.19.171-2 | s390x loop-modules-4.19.0-14-s390x-di | 4.19.171-2 | s390x md-modules-4.19.0-14-s390x-di | 4.19.171-2 | s390x mtd-core-modules-4.19.0-14-s390x-di | 4.19.171-2 | s390x multipath-modules-4.19.0-14-s390x-di | 4.19.171-2 | s390x nbd-modules-4.19.0-14-s390x-di | 4.19.171-2 | s390x nic-modules-4.19.0-14-s390x-di | 4.19.171-2 | s390x scsi-core-modules-4.19.0-14-s390x-di | 4.19.171-2 | s390x scsi-modules-4.19.0-14-s390x-di | 4.19.171-2 | s390x udf-modules-4.19.0-14-s390x-di | 4.19.171-2 | s390x xfs-modules-4.19.0-14-s390x-di | 4.19.171-2 | s390x zlib-modules-4.19.0-14-s390x-di | 4.19.171-2 | s390x ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 19 Jun 2021 08:52:46 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: linux-headers-4.19.0-14-all | 4.19.171-2 | amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 19 Jun 2021 08:52:57 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: linux-headers-4.19.0-14-all-arm64 | 4.19.171-2 | arm64 linux-headers-4.19.0-14-arm64 | 4.19.171-2 | arm64 linux-headers-4.19.0-14-rt-arm64 | 4.19.171-2 | arm64 linux-image-4.19.0-14-arm64-dbg | 4.19.171-2 | arm64 linux-image-4.19.0-14-arm64-unsigned | 4.19.171-2 | arm64 linux-image-4.19.0-14-rt-arm64-dbg | 4.19.171-2 | arm64 linux-image-4.19.0-14-rt-arm64-unsigned | 4.19.171-2 | arm64 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 19 Jun 2021 08:53:07 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: btrfs-modules-4.19.0-14-marvell-di | 4.19.171-2 | armel cdrom-core-modules-4.19.0-14-marvell-di | 4.19.171-2 | armel compress-modules-4.19.0-14-marvell-di | 4.19.171-2 | armel crc-modules-4.19.0-14-marvell-di | 4.19.171-2 | armel crypto-dm-modules-4.19.0-14-marvell-di | 4.19.171-2 | armel crypto-modules-4.19.0-14-marvell-di | 4.19.171-2 | armel event-modules-4.19.0-14-marvell-di | 4.19.171-2 | armel ext4-modules-4.19.0-14-marvell-di | 4.19.171-2 | armel fat-modules-4.19.0-14-marvell-di | 4.19.171-2 | armel fb-modules-4.19.0-14-marvell-di | 4.19.171-2 | armel fuse-modules-4.19.0-14-marvell-di | 4.19.171-2 | armel input-modules-4.19.0-14-marvell-di | 4.19.171-2 | armel ipv6-modules-4.19.0-14-marvell-di | 4.19.171-2 | armel isofs-modules-4.19.0-14-marvell-di | 4.19.171-2 | armel jffs2-modules-4.19.0-14-marvell-di | 4.19.171-2 | armel jfs-modules-4.19.0-14-marvell-di | 4.19.171-2 | armel kernel-image-4.19.0-14-marvell-di | 4.19.171-2 | armel leds-modules-4.19.0-14-marvell-di | 4.19.171-2 | armel linux-headers-4.19.0-14-all-armel | 4.19.171-2 | armel linux-headers-4.19.0-14-marvell | 4.19.171-2 | armel linux-headers-4.19.0-14-rpi | 4.19.171-2 | armel linux-image-4.19.0-14-marvell | 4.19.171-2 | armel linux-image-4.19.0-14-marvell-dbg | 4.19.171-2 | armel linux-image-4.19.0-14-rpi | 4.19.171-2 | armel linux-image-4.19.0-14-rpi-dbg | 4.19.171-2 | armel loop-modules-4.19.0-14-marvell-di | 4.19.171-2 | armel md-modules-4.19.0-14-marvell-di | 4.19.171-2 | armel minix-modules-4.19.0-14-marvell-di | 4.19.171-2 | armel mmc-core-modules-4.19.0-14-marvell-di | 4.19.171-2 | armel mmc-modules-4.19.0-14-marvell-di | 4.19.171-2 | armel mouse-modules-4.19.0-14-marvell-di | 4.19.171-2 | armel mtd-core-modules-4.19.0-14-marvell-di | 4.19.171-2 | armel mtd-modules-4.19.0-14-marvell-di | 4.19.171-2 | armel multipath-modules-4.19.0-14-marvell-di | 4.19.171-2 | armel nbd-modules-4.19.0-14-marvell-di | 4.19.171-2 | armel nic-modules-4.19.0-14-marvell-di | 4.19.171-2 | armel nic-shared-modules-4.19.0-14-marvell-di | 4.19.171-2 | armel nic-usb-modules-4.19.0-14-marvell-di | 4.19.171-2 | armel ppp-modules-4.19.0-14-marvell-di | 4.19.171-2 | armel sata-modules-4.19.0-14-marvell-di | 4.19.171-2 | armel scsi-core-modules-4.19.0-14-marvell-di | 4.19.171-2 | armel squashfs-modules-4.19.0-14-marvell-di | 4.19.171-2 | armel udf-modules-4.19.0-14-marvell-di | 4.19.171-2 | armel uinput-modules-4.19.0-14-marvell-di | 4.19.171-2 | armel usb-modules-4.19.0-14-marvell-di | 4.19.171-2 | armel usb-serial-modules-4.19.0-14-marvell-di | 4.19.171-2 | armel usb-storage-modules-4.19.0-14-marvell-di | 4.19.171-2 | armel zlib-modules-4.19.0-14-marvell-di | 4.19.171-2 | armel ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 19 Jun 2021 08:53:17 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: ata-modules-4.19.0-14-armmp-di | 4.19.171-2 | armhf btrfs-modules-4.19.0-14-armmp-di | 4.19.171-2 | armhf cdrom-core-modules-4.19.0-14-armmp-di | 4.19.171-2 | armhf compress-modules-4.19.0-14-armmp-di | 4.19.171-2 | armhf crc-modules-4.19.0-14-armmp-di | 4.19.171-2 | armhf crypto-dm-modules-4.19.0-14-armmp-di | 4.19.171-2 | armhf crypto-modules-4.19.0-14-armmp-di | 4.19.171-2 | armhf efi-modules-4.19.0-14-armmp-di | 4.19.171-2 | armhf event-modules-4.19.0-14-armmp-di | 4.19.171-2 | armhf ext4-modules-4.19.0-14-armmp-di | 4.19.171-2 | armhf fat-modules-4.19.0-14-armmp-di | 4.19.171-2 | armhf fb-modules-4.19.0-14-armmp-di | 4.19.171-2 | armhf fuse-modules-4.19.0-14-armmp-di | 4.19.171-2 | armhf i2c-modules-4.19.0-14-armmp-di | 4.19.171-2 | armhf input-modules-4.19.0-14-armmp-di | 4.19.171-2 | armhf isofs-modules-4.19.0-14-armmp-di | 4.19.171-2 | armhf jfs-modules-4.19.0-14-armmp-di | 4.19.171-2 | armhf kernel-image-4.19.0-14-armmp-di | 4.19.171-2 | armhf leds-modules-4.19.0-14-armmp-di | 4.19.171-2 | armhf linux-headers-4.19.0-14-all-armhf | 4.19.171-2 | armhf linux-headers-4.19.0-14-armmp | 4.19.171-2 | armhf linux-headers-4.19.0-14-armmp-lpae | 4.19.171-2 | armhf linux-headers-4.19.0-14-rt-armmp | 4.19.171-2 | armhf linux-image-4.19.0-14-armmp | 4.19.171-2 | armhf linux-image-4.19.0-14-armmp-dbg | 4.19.171-2 | armhf linux-image-4.19.0-14-armmp-lpae | 4.19.171-2 | armhf linux-image-4.19.0-14-armmp-lpae-dbg | 4.19.171-2 | armhf linux-image-4.19.0-14-rt-armmp | 4.19.171-2 | armhf linux-image-4.19.0-14-rt-armmp-dbg | 4.19.171-2 | armhf loop-modules-4.19.0-14-armmp-di | 4.19.171-2 | armhf md-modules-4.19.0-14-armmp-di | 4.19.171-2 | armhf mmc-modules-4.19.0-14-armmp-di | 4.19.171-2 | armhf mtd-modules-4.19.0-14-armmp-di | 4.19.171-2 | armhf multipath-modules-4.19.0-14-armmp-di | 4.19.171-2 | armhf nbd-modules-4.19.0-14-armmp-di | 4.19.171-2 | armhf nic-modules-4.19.0-14-armmp-di | 4.19.171-2 | armhf nic-shared-modules-4.19.0-14-armmp-di | 4.19.171-2 | armhf nic-usb-modules-4.19.0-14-armmp-di | 4.19.171-2 | armhf nic-wireless-modules-4.19.0-14-armmp-di | 4.19.171-2 | armhf pata-modules-4.19.0-14-armmp-di | 4.19.171-2 | armhf ppp-modules-4.19.0-14-armmp-di | 4.19.171-2 | armhf sata-modules-4.19.0-14-armmp-di | 4.19.171-2 | armhf scsi-core-modules-4.19.0-14-armmp-di | 4.19.171-2 | armhf scsi-modules-4.19.0-14-armmp-di | 4.19.171-2 | armhf scsi-nic-modules-4.19.0-14-armmp-di | 4.19.171-2 | armhf squashfs-modules-4.19.0-14-armmp-di | 4.19.171-2 | armhf udf-modules-4.19.0-14-armmp-di | 4.19.171-2 | armhf uinput-modules-4.19.0-14-armmp-di | 4.19.171-2 | armhf usb-modules-4.19.0-14-armmp-di | 4.19.171-2 | armhf usb-serial-modules-4.19.0-14-armmp-di | 4.19.171-2 | armhf usb-storage-modules-4.19.0-14-armmp-di | 4.19.171-2 | armhf zlib-modules-4.19.0-14-armmp-di | 4.19.171-2 | armhf ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 19 Jun 2021 08:53:25 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: linux-headers-4.19.0-14-686 | 4.19.171-2 | i386 linux-headers-4.19.0-14-686-pae | 4.19.171-2 | i386 linux-headers-4.19.0-14-all-i386 | 4.19.171-2 | i386 linux-headers-4.19.0-14-rt-686-pae | 4.19.171-2 | i386 linux-image-4.19.0-14-686-dbg | 4.19.171-2 | i386 linux-image-4.19.0-14-686-pae-dbg | 4.19.171-2 | i386 linux-image-4.19.0-14-686-pae-unsigned | 4.19.171-2 | i386 linux-image-4.19.0-14-686-unsigned | 4.19.171-2 | i386 linux-image-4.19.0-14-rt-686-pae-dbg | 4.19.171-2 | i386 linux-image-4.19.0-14-rt-686-pae-unsigned | 4.19.171-2 | i386 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 19 Jun 2021 08:53:38 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: linux-headers-4.19.0-14-all-mips | 4.19.171-2 | mips ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 19 Jun 2021 08:54:08 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: affs-modules-4.19.0-14-octeon-di | 4.19.171-2 | mips, mips64el, mipsel btrfs-modules-4.19.0-14-octeon-di | 4.19.171-2 | mips, mips64el, mipsel cdrom-core-modules-4.19.0-14-octeon-di | 4.19.171-2 | mips, mips64el, mipsel compress-modules-4.19.0-14-octeon-di | 4.19.171-2 | mips, mips64el, mipsel crc-modules-4.19.0-14-octeon-di | 4.19.171-2 | mips, mips64el, mipsel crypto-dm-modules-4.19.0-14-octeon-di | 4.19.171-2 | mips, mips64el, mipsel crypto-modules-4.19.0-14-octeon-di | 4.19.171-2 | mips, mips64el, mipsel event-modules-4.19.0-14-octeon-di | 4.19.171-2 | mips, mips64el, mipsel ext4-modules-4.19.0-14-octeon-di | 4.19.171-2 | mips, mips64el, mipsel fat-modules-4.19.0-14-octeon-di | 4.19.171-2 | mips, mips64el, mipsel fuse-modules-4.19.0-14-octeon-di | 4.19.171-2 | mips, mips64el, mipsel hfs-modules-4.19.0-14-octeon-di | 4.19.171-2 | mips, mips64el, mipsel input-modules-4.19.0-14-octeon-di | 4.19.171-2 | mips, mips64el, mipsel isofs-modules-4.19.0-14-octeon-di | 4.19.171-2 | mips, mips64el, mipsel jfs-modules-4.19.0-14-octeon-di | 4.19.171-2 | mips, mips64el, mipsel kernel-image-4.19.0-14-octeon-di | 4.19.171-2 | mips, mips64el, mipsel linux-headers-4.19.0-14-5kc-malta | 4.19.171-2 | mips, mips64el, mipsel linux-headers-4.19.0-14-octeon | 4.19.171-2 | mips, mips64el, mipsel linux-image-4.19.0-14-5kc-malta | 4.19.171-2 | mips, mips64el, mipsel linux-image-4.19.0-14-5kc-malta-dbg | 4.19.171-2 | mips, mips64el, mipsel linux-image-4.19.0-14-octeon | 4.19.171-2 | mips, mips64el, mipsel linux-image-4.19.0-14-octeon-dbg | 4.19.171-2 | mips, mips64el, mipsel loop-modules-4.19.0-14-octeon-di | 4.19.171-2 | mips, mips64el, mipsel md-modules-4.19.0-14-octeon-di | 4.19.171-2 | mips, mips64el, mipsel minix-modules-4.19.0-14-octeon-di | 4.19.171-2 | mips, mips64el, mipsel multipath-modules-4.19.0-14-octeon-di | 4.19.171-2 | mips, mips64el, mipsel nbd-modules-4.19.0-14-octeon-di | 4.19.171-2 | mips, mips64el, mipsel nic-modules-4.19.0-14-octeon-di | 4.19.171-2 | mips, mips64el, mipsel nic-shared-modules-4.19.0-14-octeon-di | 4.19.171-2 | mips, mips64el, mipsel nic-usb-modules-4.19.0-14-octeon-di | 4.19.171-2 | mips, mips64el, mipsel nic-wireless-modules-4.19.0-14-octeon-di | 4.19.171-2 | mips, mips64el, mipsel pata-modules-4.19.0-14-octeon-di | 4.19.171-2 | mips, mips64el, mipsel ppp-modules-4.19.0-14-octeon-di | 4.19.171-2 | mips, mips64el, mipsel rtc-modules-4.19.0-14-octeon-di | 4.19.171-2 | mips, mips64el, mipsel sata-modules-4.19.0-14-octeon-di | 4.19.171-2 | mips, mips64el, mipsel scsi-core-modules-4.19.0-14-octeon-di | 4.19.171-2 | mips, mips64el, mipsel scsi-modules-4.19.0-14-octeon-di | 4.19.171-2 | mips, mips64el, mipsel scsi-nic-modules-4.19.0-14-octeon-di | 4.19.171-2 | mips, mips64el, mipsel sound-modules-4.19.0-14-octeon-di | 4.19.171-2 | mips, mips64el, mipsel squashfs-modules-4.19.0-14-octeon-di | 4.19.171-2 | mips, mips64el, mipsel udf-modules-4.19.0-14-octeon-di | 4.19.171-2 | mips, mips64el, mipsel usb-modules-4.19.0-14-octeon-di | 4.19.171-2 | mips, mips64el, mipsel usb-serial-modules-4.19.0-14-octeon-di | 4.19.171-2 | mips, mips64el, mipsel usb-storage-modules-4.19.0-14-octeon-di | 4.19.171-2 | mips, mips64el, mipsel xfs-modules-4.19.0-14-octeon-di | 4.19.171-2 | mips, mips64el, mipsel zlib-modules-4.19.0-14-octeon-di | 4.19.171-2 | mips, mips64el, mipsel ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 19 Jun 2021 08:54:16 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: affs-modules-4.19.0-14-4kc-malta-di | 4.19.171-2 | mips, mipsel ata-modules-4.19.0-14-4kc-malta-di | 4.19.171-2 | mips, mipsel btrfs-modules-4.19.0-14-4kc-malta-di | 4.19.171-2 | mips, mipsel cdrom-core-modules-4.19.0-14-4kc-malta-di | 4.19.171-2 | mips, mipsel compress-modules-4.19.0-14-4kc-malta-di | 4.19.171-2 | mips, mipsel crc-modules-4.19.0-14-4kc-malta-di | 4.19.171-2 | mips, mipsel crypto-dm-modules-4.19.0-14-4kc-malta-di | 4.19.171-2 | mips, mipsel crypto-modules-4.19.0-14-4kc-malta-di | 4.19.171-2 | mips, mipsel event-modules-4.19.0-14-4kc-malta-di | 4.19.171-2 | mips, mipsel ext4-modules-4.19.0-14-4kc-malta-di | 4.19.171-2 | mips, mipsel fat-modules-4.19.0-14-4kc-malta-di | 4.19.171-2 | mips, mipsel fb-modules-4.19.0-14-4kc-malta-di | 4.19.171-2 | mips, mipsel fuse-modules-4.19.0-14-4kc-malta-di | 4.19.171-2 | mips, mipsel hfs-modules-4.19.0-14-4kc-malta-di | 4.19.171-2 | mips, mipsel i2c-modules-4.19.0-14-4kc-malta-di | 4.19.171-2 | mips, mipsel input-modules-4.19.0-14-4kc-malta-di | 4.19.171-2 | mips, mipsel isofs-modules-4.19.0-14-4kc-malta-di | 4.19.171-2 | mips, mipsel jfs-modules-4.19.0-14-4kc-malta-di | 4.19.171-2 | mips, mipsel kernel-image-4.19.0-14-4kc-malta-di | 4.19.171-2 | mips, mipsel linux-headers-4.19.0-14-4kc-malta | 4.19.171-2 | mips, mipsel linux-image-4.19.0-14-4kc-malta | 4.19.171-2 | mips, mipsel linux-image-4.19.0-14-4kc-malta-dbg | 4.19.171-2 | mips, mipsel loop-modules-4.19.0-14-4kc-malta-di | 4.19.171-2 | mips, mipsel md-modules-4.19.0-14-4kc-malta-di | 4.19.171-2 | mips, mipsel minix-modules-4.19.0-14-4kc-malta-di | 4.19.171-2 | mips, mipsel mmc-core-modules-4.19.0-14-4kc-malta-di | 4.19.171-2 | mips, mipsel mmc-modules-4.19.0-14-4kc-malta-di | 4.19.171-2 | mips, mipsel mouse-modules-4.19.0-14-4kc-malta-di | 4.19.171-2 | mips, mipsel mtd-core-modules-4.19.0-14-4kc-malta-di | 4.19.171-2 | mips, mipsel multipath-modules-4.19.0-14-4kc-malta-di | 4.19.171-2 | mips, mipsel nbd-modules-4.19.0-14-4kc-malta-di | 4.19.171-2 | mips, mipsel nic-modules-4.19.0-14-4kc-malta-di | 4.19.171-2 | mips, mipsel nic-shared-modules-4.19.0-14-4kc-malta-di | 4.19.171-2 | mips, mipsel nic-usb-modules-4.19.0-14-4kc-malta-di | 4.19.171-2 | mips, mipsel nic-wireless-modules-4.19.0-14-4kc-malta-di | 4.19.171-2 | mips, mipsel pata-modules-4.19.0-14-4kc-malta-di | 4.19.171-2 | mips, mipsel ppp-modules-4.19.0-14-4kc-malta-di | 4.19.171-2 | mips, mipsel sata-modules-4.19.0-14-4kc-malta-di | 4.19.171-2 | mips, mipsel scsi-core-modules-4.19.0-14-4kc-malta-di | 4.19.171-2 | mips, mipsel scsi-modules-4.19.0-14-4kc-malta-di | 4.19.171-2 | mips, mipsel scsi-nic-modules-4.19.0-14-4kc-malta-di | 4.19.171-2 | mips, mipsel sound-modules-4.19.0-14-4kc-malta-di | 4.19.171-2 | mips, mipsel squashfs-modules-4.19.0-14-4kc-malta-di | 4.19.171-2 | mips, mipsel udf-modules-4.19.0-14-4kc-malta-di | 4.19.171-2 | mips, mipsel usb-modules-4.19.0-14-4kc-malta-di | 4.19.171-2 | mips, mipsel usb-serial-modules-4.19.0-14-4kc-malta-di | 4.19.171-2 | mips, mipsel usb-storage-modules-4.19.0-14-4kc-malta-di | 4.19.171-2 | mips, mipsel xfs-modules-4.19.0-14-4kc-malta-di | 4.19.171-2 | mips, mipsel zlib-modules-4.19.0-14-4kc-malta-di | 4.19.171-2 | mips, mipsel ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 19 Jun 2021 08:54:25 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: affs-modules-4.19.0-14-5kc-malta-di | 4.19.171-2 | mips64el ata-modules-4.19.0-14-5kc-malta-di | 4.19.171-2 | mips64el btrfs-modules-4.19.0-14-5kc-malta-di | 4.19.171-2 | mips64el cdrom-core-modules-4.19.0-14-5kc-malta-di | 4.19.171-2 | mips64el compress-modules-4.19.0-14-5kc-malta-di | 4.19.171-2 | mips64el crc-modules-4.19.0-14-5kc-malta-di | 4.19.171-2 | mips64el crypto-dm-modules-4.19.0-14-5kc-malta-di | 4.19.171-2 | mips64el crypto-modules-4.19.0-14-5kc-malta-di | 4.19.171-2 | mips64el event-modules-4.19.0-14-5kc-malta-di | 4.19.171-2 | mips64el ext4-modules-4.19.0-14-5kc-malta-di | 4.19.171-2 | mips64el fat-modules-4.19.0-14-5kc-malta-di | 4.19.171-2 | mips64el fb-modules-4.19.0-14-5kc-malta-di | 4.19.171-2 | mips64el fuse-modules-4.19.0-14-5kc-malta-di | 4.19.171-2 | mips64el hfs-modules-4.19.0-14-5kc-malta-di | 4.19.171-2 | mips64el i2c-modules-4.19.0-14-5kc-malta-di | 4.19.171-2 | mips64el input-modules-4.19.0-14-5kc-malta-di | 4.19.171-2 | mips64el isofs-modules-4.19.0-14-5kc-malta-di | 4.19.171-2 | mips64el jfs-modules-4.19.0-14-5kc-malta-di | 4.19.171-2 | mips64el kernel-image-4.19.0-14-5kc-malta-di | 4.19.171-2 | mips64el linux-headers-4.19.0-14-all-mips64el | 4.19.171-2 | mips64el loop-modules-4.19.0-14-5kc-malta-di | 4.19.171-2 | mips64el md-modules-4.19.0-14-5kc-malta-di | 4.19.171-2 | mips64el minix-modules-4.19.0-14-5kc-malta-di | 4.19.171-2 | mips64el mmc-core-modules-4.19.0-14-5kc-malta-di | 4.19.171-2 | mips64el mmc-modules-4.19.0-14-5kc-malta-di | 4.19.171-2 | mips64el mouse-modules-4.19.0-14-5kc-malta-di | 4.19.171-2 | mips64el mtd-core-modules-4.19.0-14-5kc-malta-di | 4.19.171-2 | mips64el multipath-modules-4.19.0-14-5kc-malta-di | 4.19.171-2 | mips64el nbd-modules-4.19.0-14-5kc-malta-di | 4.19.171-2 | mips64el nic-modules-4.19.0-14-5kc-malta-di | 4.19.171-2 | mips64el nic-shared-modules-4.19.0-14-5kc-malta-di | 4.19.171-2 | mips64el nic-usb-modules-4.19.0-14-5kc-malta-di | 4.19.171-2 | mips64el nic-wireless-modules-4.19.0-14-5kc-malta-di | 4.19.171-2 | mips64el pata-modules-4.19.0-14-5kc-malta-di | 4.19.171-2 | mips64el ppp-modules-4.19.0-14-5kc-malta-di | 4.19.171-2 | mips64el sata-modules-4.19.0-14-5kc-malta-di | 4.19.171-2 | mips64el scsi-core-modules-4.19.0-14-5kc-malta-di | 4.19.171-2 | mips64el scsi-modules-4.19.0-14-5kc-malta-di | 4.19.171-2 | mips64el scsi-nic-modules-4.19.0-14-5kc-malta-di | 4.19.171-2 | mips64el sound-modules-4.19.0-14-5kc-malta-di | 4.19.171-2 | mips64el squashfs-modules-4.19.0-14-5kc-malta-di | 4.19.171-2 | mips64el udf-modules-4.19.0-14-5kc-malta-di | 4.19.171-2 | mips64el usb-modules-4.19.0-14-5kc-malta-di | 4.19.171-2 | mips64el usb-serial-modules-4.19.0-14-5kc-malta-di | 4.19.171-2 | mips64el usb-storage-modules-4.19.0-14-5kc-malta-di | 4.19.171-2 | mips64el xfs-modules-4.19.0-14-5kc-malta-di | 4.19.171-2 | mips64el zlib-modules-4.19.0-14-5kc-malta-di | 4.19.171-2 | mips64el ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 19 Jun 2021 08:54:36 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: affs-modules-4.19.0-14-loongson-3-di | 4.19.171-2 | mips64el, mipsel ata-modules-4.19.0-14-loongson-3-di | 4.19.171-2 | mips64el, mipsel btrfs-modules-4.19.0-14-loongson-3-di | 4.19.171-2 | mips64el, mipsel cdrom-core-modules-4.19.0-14-loongson-3-di | 4.19.171-2 | mips64el, mipsel compress-modules-4.19.0-14-loongson-3-di | 4.19.171-2 | mips64el, mipsel crc-modules-4.19.0-14-loongson-3-di | 4.19.171-2 | mips64el, mipsel crypto-dm-modules-4.19.0-14-loongson-3-di | 4.19.171-2 | mips64el, mipsel crypto-modules-4.19.0-14-loongson-3-di | 4.19.171-2 | mips64el, mipsel event-modules-4.19.0-14-loongson-3-di | 4.19.171-2 | mips64el, mipsel ext4-modules-4.19.0-14-loongson-3-di | 4.19.171-2 | mips64el, mipsel fat-modules-4.19.0-14-loongson-3-di | 4.19.171-2 | mips64el, mipsel fb-modules-4.19.0-14-loongson-3-di | 4.19.171-2 | mips64el, mipsel firewire-core-modules-4.19.0-14-loongson-3-di | 4.19.171-2 | mips64el, mipsel fuse-modules-4.19.0-14-loongson-3-di | 4.19.171-2 | mips64el, mipsel hfs-modules-4.19.0-14-loongson-3-di | 4.19.171-2 | mips64el, mipsel input-modules-4.19.0-14-loongson-3-di | 4.19.171-2 | mips64el, mipsel isofs-modules-4.19.0-14-loongson-3-di | 4.19.171-2 | mips64el, mipsel jfs-modules-4.19.0-14-loongson-3-di | 4.19.171-2 | mips64el, mipsel kernel-image-4.19.0-14-loongson-3-di | 4.19.171-2 | mips64el, mipsel linux-headers-4.19.0-14-loongson-3 | 4.19.171-2 | mips64el, mipsel linux-image-4.19.0-14-loongson-3 | 4.19.171-2 | mips64el, mipsel linux-image-4.19.0-14-loongson-3-dbg | 4.19.171-2 | mips64el, mipsel loop-modules-4.19.0-14-loongson-3-di | 4.19.171-2 | mips64el, mipsel md-modules-4.19.0-14-loongson-3-di | 4.19.171-2 | mips64el, mipsel minix-modules-4.19.0-14-loongson-3-di | 4.19.171-2 | mips64el, mipsel mtd-core-modules-4.19.0-14-loongson-3-di | 4.19.171-2 | mips64el, mipsel multipath-modules-4.19.0-14-loongson-3-di | 4.19.171-2 | mips64el, mipsel nbd-modules-4.19.0-14-loongson-3-di | 4.19.171-2 | mips64el, mipsel nfs-modules-4.19.0-14-loongson-3-di | 4.19.171-2 | mips64el, mipsel nic-modules-4.19.0-14-loongson-3-di | 4.19.171-2 | mips64el, mipsel nic-shared-modules-4.19.0-14-loongson-3-di | 4.19.171-2 | mips64el, mipsel nic-usb-modules-4.19.0-14-loongson-3-di | 4.19.171-2 | mips64el, mipsel nic-wireless-modules-4.19.0-14-loongson-3-di | 4.19.171-2 | mips64el, mipsel pata-modules-4.19.0-14-loongson-3-di | 4.19.171-2 | mips64el, mipsel ppp-modules-4.19.0-14-loongson-3-di | 4.19.171-2 | mips64el, mipsel sata-modules-4.19.0-14-loongson-3-di | 4.19.171-2 | mips64el, mipsel scsi-core-modules-4.19.0-14-loongson-3-di | 4.19.171-2 | mips64el, mipsel scsi-modules-4.19.0-14-loongson-3-di | 4.19.171-2 | mips64el, mipsel scsi-nic-modules-4.19.0-14-loongson-3-di | 4.19.171-2 | mips64el, mipsel sound-modules-4.19.0-14-loongson-3-di | 4.19.171-2 | mips64el, mipsel speakup-modules-4.19.0-14-loongson-3-di | 4.19.171-2 | mips64el, mipsel squashfs-modules-4.19.0-14-loongson-3-di | 4.19.171-2 | mips64el, mipsel udf-modules-4.19.0-14-loongson-3-di | 4.19.171-2 | mips64el, mipsel usb-modules-4.19.0-14-loongson-3-di | 4.19.171-2 | mips64el, mipsel usb-serial-modules-4.19.0-14-loongson-3-di | 4.19.171-2 | mips64el, mipsel usb-storage-modules-4.19.0-14-loongson-3-di | 4.19.171-2 | mips64el, mipsel xfs-modules-4.19.0-14-loongson-3-di | 4.19.171-2 | mips64el, mipsel zlib-modules-4.19.0-14-loongson-3-di | 4.19.171-2 | mips64el, mipsel ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 19 Jun 2021 08:54:45 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: acpi-modules-4.19.0-14-amd64-di | 4.19.171-2 | amd64 ata-modules-4.19.0-14-amd64-di | 4.19.171-2 | amd64 btrfs-modules-4.19.0-14-amd64-di | 4.19.171-2 | amd64 cdrom-core-modules-4.19.0-14-amd64-di | 4.19.171-2 | amd64 compress-modules-4.19.0-14-amd64-di | 4.19.171-2 | amd64 crc-modules-4.19.0-14-amd64-di | 4.19.171-2 | amd64 crypto-dm-modules-4.19.0-14-amd64-di | 4.19.171-2 | amd64 crypto-modules-4.19.0-14-amd64-di | 4.19.171-2 | amd64 efi-modules-4.19.0-14-amd64-di | 4.19.171-2 | amd64 event-modules-4.19.0-14-amd64-di | 4.19.171-2 | amd64 ext4-modules-4.19.0-14-amd64-di | 4.19.171-2 | amd64 fat-modules-4.19.0-14-amd64-di | 4.19.171-2 | amd64 fb-modules-4.19.0-14-amd64-di | 4.19.171-2 | amd64 firewire-core-modules-4.19.0-14-amd64-di | 4.19.171-2 | amd64 fuse-modules-4.19.0-14-amd64-di | 4.19.171-2 | amd64 i2c-modules-4.19.0-14-amd64-di | 4.19.171-2 | amd64 input-modules-4.19.0-14-amd64-di | 4.19.171-2 | amd64 isofs-modules-4.19.0-14-amd64-di | 4.19.171-2 | amd64 jfs-modules-4.19.0-14-amd64-di | 4.19.171-2 | amd64 kernel-image-4.19.0-14-amd64-di | 4.19.171-2 | amd64 linux-image-4.19.0-14-amd64 | 4.19.171-2 | amd64 linux-image-4.19.0-14-cloud-amd64 | 4.19.171-2 | amd64 linux-image-4.19.0-14-rt-amd64 | 4.19.171-2 | amd64 loop-modules-4.19.0-14-amd64-di | 4.19.171-2 | amd64 md-modules-4.19.0-14-amd64-di | 4.19.171-2 | amd64 mmc-core-modules-4.19.0-14-amd64-di | 4.19.171-2 | amd64 mmc-modules-4.19.0-14-amd64-di | 4.19.171-2 | amd64 mouse-modules-4.19.0-14-amd64-di | 4.19.171-2 | amd64 mtd-core-modules-4.19.0-14-amd64-di | 4.19.171-2 | amd64 multipath-modules-4.19.0-14-amd64-di | 4.19.171-2 | amd64 nbd-modules-4.19.0-14-amd64-di | 4.19.171-2 | amd64 nic-modules-4.19.0-14-amd64-di | 4.19.171-2 | amd64 nic-pcmcia-modules-4.19.0-14-amd64-di | 4.19.171-2 | amd64 nic-shared-modules-4.19.0-14-amd64-di | 4.19.171-2 | amd64 nic-usb-modules-4.19.0-14-amd64-di | 4.19.171-2 | amd64 nic-wireless-modules-4.19.0-14-amd64-di | 4.19.171-2 | amd64 pata-modules-4.19.0-14-amd64-di | 4.19.171-2 | amd64 pcmcia-modules-4.19.0-14-amd64-di | 4.19.171-2 | amd64 pcmcia-storage-modules-4.19.0-14-amd64-di | 4.19.171-2 | amd64 ppp-modules-4.19.0-14-amd64-di | 4.19.171-2 | amd64 sata-modules-4.19.0-14-amd64-di | 4.19.171-2 | amd64 scsi-core-modules-4.19.0-14-amd64-di | 4.19.171-2 | amd64 scsi-modules-4.19.0-14-amd64-di | 4.19.171-2 | amd64 scsi-nic-modules-4.19.0-14-amd64-di | 4.19.171-2 | amd64 serial-modules-4.19.0-14-amd64-di | 4.19.171-2 | amd64 sound-modules-4.19.0-14-amd64-di | 4.19.171-2 | amd64 speakup-modules-4.19.0-14-amd64-di | 4.19.171-2 | amd64 squashfs-modules-4.19.0-14-amd64-di | 4.19.171-2 | amd64 udf-modules-4.19.0-14-amd64-di | 4.19.171-2 | amd64 uinput-modules-4.19.0-14-amd64-di | 4.19.171-2 | amd64 usb-modules-4.19.0-14-amd64-di | 4.19.171-2 | amd64 usb-serial-modules-4.19.0-14-amd64-di | 4.19.171-2 | amd64 usb-storage-modules-4.19.0-14-amd64-di | 4.19.171-2 | amd64 xfs-modules-4.19.0-14-amd64-di | 4.19.171-2 | amd64 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux-signed-amd64) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 19 Jun 2021 08:54:56 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: ata-modules-4.19.0-14-arm64-di | 4.19.171-2 | arm64 btrfs-modules-4.19.0-14-arm64-di | 4.19.171-2 | arm64 cdrom-core-modules-4.19.0-14-arm64-di | 4.19.171-2 | arm64 compress-modules-4.19.0-14-arm64-di | 4.19.171-2 | arm64 crc-modules-4.19.0-14-arm64-di | 4.19.171-2 | arm64 crypto-dm-modules-4.19.0-14-arm64-di | 4.19.171-2 | arm64 crypto-modules-4.19.0-14-arm64-di | 4.19.171-2 | arm64 efi-modules-4.19.0-14-arm64-di | 4.19.171-2 | arm64 event-modules-4.19.0-14-arm64-di | 4.19.171-2 | arm64 ext4-modules-4.19.0-14-arm64-di | 4.19.171-2 | arm64 fat-modules-4.19.0-14-arm64-di | 4.19.171-2 | arm64 fb-modules-4.19.0-14-arm64-di | 4.19.171-2 | arm64 fuse-modules-4.19.0-14-arm64-di | 4.19.171-2 | arm64 i2c-modules-4.19.0-14-arm64-di | 4.19.171-2 | arm64 input-modules-4.19.0-14-arm64-di | 4.19.171-2 | arm64 isofs-modules-4.19.0-14-arm64-di | 4.19.171-2 | arm64 jfs-modules-4.19.0-14-arm64-di | 4.19.171-2 | arm64 kernel-image-4.19.0-14-arm64-di | 4.19.171-2 | arm64 leds-modules-4.19.0-14-arm64-di | 4.19.171-2 | arm64 linux-image-4.19.0-14-arm64 | 4.19.171-2 | arm64 linux-image-4.19.0-14-rt-arm64 | 4.19.171-2 | arm64 loop-modules-4.19.0-14-arm64-di | 4.19.171-2 | arm64 md-modules-4.19.0-14-arm64-di | 4.19.171-2 | arm64 mmc-modules-4.19.0-14-arm64-di | 4.19.171-2 | arm64 mtd-core-modules-4.19.0-14-arm64-di | 4.19.171-2 | arm64 multipath-modules-4.19.0-14-arm64-di | 4.19.171-2 | arm64 nbd-modules-4.19.0-14-arm64-di | 4.19.171-2 | arm64 nic-modules-4.19.0-14-arm64-di | 4.19.171-2 | arm64 nic-shared-modules-4.19.0-14-arm64-di | 4.19.171-2 | arm64 nic-usb-modules-4.19.0-14-arm64-di | 4.19.171-2 | arm64 nic-wireless-modules-4.19.0-14-arm64-di | 4.19.171-2 | arm64 ppp-modules-4.19.0-14-arm64-di | 4.19.171-2 | arm64 sata-modules-4.19.0-14-arm64-di | 4.19.171-2 | arm64 scsi-core-modules-4.19.0-14-arm64-di | 4.19.171-2 | arm64 scsi-modules-4.19.0-14-arm64-di | 4.19.171-2 | arm64 scsi-nic-modules-4.19.0-14-arm64-di | 4.19.171-2 | arm64 squashfs-modules-4.19.0-14-arm64-di | 4.19.171-2 | arm64 udf-modules-4.19.0-14-arm64-di | 4.19.171-2 | arm64 uinput-modules-4.19.0-14-arm64-di | 4.19.171-2 | arm64 usb-modules-4.19.0-14-arm64-di | 4.19.171-2 | arm64 usb-serial-modules-4.19.0-14-arm64-di | 4.19.171-2 | arm64 usb-storage-modules-4.19.0-14-arm64-di | 4.19.171-2 | arm64 xfs-modules-4.19.0-14-arm64-di | 4.19.171-2 | arm64 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux-signed-arm64) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 19 Jun 2021 08:55:06 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: acpi-modules-4.19.0-14-686-di | 4.19.171-2 | i386 acpi-modules-4.19.0-14-686-pae-di | 4.19.171-2 | i386 ata-modules-4.19.0-14-686-di | 4.19.171-2 | i386 ata-modules-4.19.0-14-686-pae-di | 4.19.171-2 | i386 btrfs-modules-4.19.0-14-686-di | 4.19.171-2 | i386 btrfs-modules-4.19.0-14-686-pae-di | 4.19.171-2 | i386 cdrom-core-modules-4.19.0-14-686-di | 4.19.171-2 | i386 cdrom-core-modules-4.19.0-14-686-pae-di | 4.19.171-2 | i386 compress-modules-4.19.0-14-686-di | 4.19.171-2 | i386 compress-modules-4.19.0-14-686-pae-di | 4.19.171-2 | i386 crc-modules-4.19.0-14-686-di | 4.19.171-2 | i386 crc-modules-4.19.0-14-686-pae-di | 4.19.171-2 | i386 crypto-dm-modules-4.19.0-14-686-di | 4.19.171-2 | i386 crypto-dm-modules-4.19.0-14-686-pae-di | 4.19.171-2 | i386 crypto-modules-4.19.0-14-686-di | 4.19.171-2 | i386 crypto-modules-4.19.0-14-686-pae-di | 4.19.171-2 | i386 efi-modules-4.19.0-14-686-di | 4.19.171-2 | i386 efi-modules-4.19.0-14-686-pae-di | 4.19.171-2 | i386 event-modules-4.19.0-14-686-di | 4.19.171-2 | i386 event-modules-4.19.0-14-686-pae-di | 4.19.171-2 | i386 ext4-modules-4.19.0-14-686-di | 4.19.171-2 | i386 ext4-modules-4.19.0-14-686-pae-di | 4.19.171-2 | i386 fat-modules-4.19.0-14-686-di | 4.19.171-2 | i386 fat-modules-4.19.0-14-686-pae-di | 4.19.171-2 | i386 fb-modules-4.19.0-14-686-di | 4.19.171-2 | i386 fb-modules-4.19.0-14-686-pae-di | 4.19.171-2 | i386 firewire-core-modules-4.19.0-14-686-di | 4.19.171-2 | i386 firewire-core-modules-4.19.0-14-686-pae-di | 4.19.171-2 | i386 fuse-modules-4.19.0-14-686-di | 4.19.171-2 | i386 fuse-modules-4.19.0-14-686-pae-di | 4.19.171-2 | i386 i2c-modules-4.19.0-14-686-di | 4.19.171-2 | i386 i2c-modules-4.19.0-14-686-pae-di | 4.19.171-2 | i386 input-modules-4.19.0-14-686-di | 4.19.171-2 | i386 input-modules-4.19.0-14-686-pae-di | 4.19.171-2 | i386 isofs-modules-4.19.0-14-686-di | 4.19.171-2 | i386 isofs-modules-4.19.0-14-686-pae-di | 4.19.171-2 | i386 jfs-modules-4.19.0-14-686-di | 4.19.171-2 | i386 jfs-modules-4.19.0-14-686-pae-di | 4.19.171-2 | i386 kernel-image-4.19.0-14-686-di | 4.19.171-2 | i386 kernel-image-4.19.0-14-686-pae-di | 4.19.171-2 | i386 linux-image-4.19.0-14-686 | 4.19.171-2 | i386 linux-image-4.19.0-14-686-pae | 4.19.171-2 | i386 linux-image-4.19.0-14-rt-686-pae | 4.19.171-2 | i386 loop-modules-4.19.0-14-686-di | 4.19.171-2 | i386 loop-modules-4.19.0-14-686-pae-di | 4.19.171-2 | i386 md-modules-4.19.0-14-686-di | 4.19.171-2 | i386 md-modules-4.19.0-14-686-pae-di | 4.19.171-2 | i386 mmc-core-modules-4.19.0-14-686-di | 4.19.171-2 | i386 mmc-core-modules-4.19.0-14-686-pae-di | 4.19.171-2 | i386 mmc-modules-4.19.0-14-686-di | 4.19.171-2 | i386 mmc-modules-4.19.0-14-686-pae-di | 4.19.171-2 | i386 mouse-modules-4.19.0-14-686-di | 4.19.171-2 | i386 mouse-modules-4.19.0-14-686-pae-di | 4.19.171-2 | i386 mtd-core-modules-4.19.0-14-686-di | 4.19.171-2 | i386 mtd-core-modules-4.19.0-14-686-pae-di | 4.19.171-2 | i386 multipath-modules-4.19.0-14-686-di | 4.19.171-2 | i386 multipath-modules-4.19.0-14-686-pae-di | 4.19.171-2 | i386 nbd-modules-4.19.0-14-686-di | 4.19.171-2 | i386 nbd-modules-4.19.0-14-686-pae-di | 4.19.171-2 | i386 nic-modules-4.19.0-14-686-di | 4.19.171-2 | i386 nic-modules-4.19.0-14-686-pae-di | 4.19.171-2 | i386 nic-pcmcia-modules-4.19.0-14-686-di | 4.19.171-2 | i386 nic-pcmcia-modules-4.19.0-14-686-pae-di | 4.19.171-2 | i386 nic-shared-modules-4.19.0-14-686-di | 4.19.171-2 | i386 nic-shared-modules-4.19.0-14-686-pae-di | 4.19.171-2 | i386 nic-usb-modules-4.19.0-14-686-di | 4.19.171-2 | i386 nic-usb-modules-4.19.0-14-686-pae-di | 4.19.171-2 | i386 nic-wireless-modules-4.19.0-14-686-di | 4.19.171-2 | i386 nic-wireless-modules-4.19.0-14-686-pae-di | 4.19.171-2 | i386 pata-modules-4.19.0-14-686-di | 4.19.171-2 | i386 pata-modules-4.19.0-14-686-pae-di | 4.19.171-2 | i386 pcmcia-modules-4.19.0-14-686-di | 4.19.171-2 | i386 pcmcia-modules-4.19.0-14-686-pae-di | 4.19.171-2 | i386 pcmcia-storage-modules-4.19.0-14-686-di | 4.19.171-2 | i386 pcmcia-storage-modules-4.19.0-14-686-pae-di | 4.19.171-2 | i386 ppp-modules-4.19.0-14-686-di | 4.19.171-2 | i386 ppp-modules-4.19.0-14-686-pae-di | 4.19.171-2 | i386 sata-modules-4.19.0-14-686-di | 4.19.171-2 | i386 sata-modules-4.19.0-14-686-pae-di | 4.19.171-2 | i386 scsi-core-modules-4.19.0-14-686-di | 4.19.171-2 | i386 scsi-core-modules-4.19.0-14-686-pae-di | 4.19.171-2 | i386 scsi-modules-4.19.0-14-686-di | 4.19.171-2 | i386 scsi-modules-4.19.0-14-686-pae-di | 4.19.171-2 | i386 scsi-nic-modules-4.19.0-14-686-di | 4.19.171-2 | i386 scsi-nic-modules-4.19.0-14-686-pae-di | 4.19.171-2 | i386 serial-modules-4.19.0-14-686-di | 4.19.171-2 | i386 serial-modules-4.19.0-14-686-pae-di | 4.19.171-2 | i386 sound-modules-4.19.0-14-686-di | 4.19.171-2 | i386 sound-modules-4.19.0-14-686-pae-di | 4.19.171-2 | i386 speakup-modules-4.19.0-14-686-di | 4.19.171-2 | i386 speakup-modules-4.19.0-14-686-pae-di | 4.19.171-2 | i386 squashfs-modules-4.19.0-14-686-di | 4.19.171-2 | i386 squashfs-modules-4.19.0-14-686-pae-di | 4.19.171-2 | i386 udf-modules-4.19.0-14-686-di | 4.19.171-2 | i386 udf-modules-4.19.0-14-686-pae-di | 4.19.171-2 | i386 uinput-modules-4.19.0-14-686-di | 4.19.171-2 | i386 uinput-modules-4.19.0-14-686-pae-di | 4.19.171-2 | i386 usb-modules-4.19.0-14-686-di | 4.19.171-2 | i386 usb-modules-4.19.0-14-686-pae-di | 4.19.171-2 | i386 usb-serial-modules-4.19.0-14-686-di | 4.19.171-2 | i386 usb-serial-modules-4.19.0-14-686-pae-di | 4.19.171-2 | i386 usb-storage-modules-4.19.0-14-686-di | 4.19.171-2 | i386 usb-storage-modules-4.19.0-14-686-pae-di | 4.19.171-2 | i386 xfs-modules-4.19.0-14-686-di | 4.19.171-2 | i386 xfs-modules-4.19.0-14-686-pae-di | 4.19.171-2 | i386 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux-signed-i386) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 19 Jun 2021 08:55:26 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: linux-headers-4.19.0-14-common | 4.19.171-2 | all linux-headers-4.19.0-14-common-rt | 4.19.171-2 | all linux-support-4.19.0-14 | 4.19.171-2 | all ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux - based on source metadata) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 19 Jun 2021 08:38:13 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: sogo-connector | 68.0.1-2~deb10u1 | source webext-sogo-connector | 68.0.1-2~deb10u1 | all xul-ext-sogo-connector | 68.0.1-2~deb10u1 | all Closed bugs: 989797 ------------------- Reason ------------------- RoM; incompatible with current Thunderbird versions ---------------------------------------------- ========================================================================= apt (1.8.2.3) buster; urgency=medium . * Default Acquire::AllowReleaseInfoChange::Suite to "true" (Closes: #931566) awstats (7.6+dfsg-2+deb10u1) buster; urgency=medium . * QA upload. * CVE-2020-29600: cgi-bin/awstats.pl?config= accepts an absolute pathname, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501. Closes: #891469 * CVE-2020-35176: in AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting the initial /etc), even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600. Closes: #977190 base-files (10.3+deb10u10) buster; urgency=medium . * Change /etc/debian_version to 10.10, for Debian 10.10 point release. berusky2 (0.10-7+deb10u1) buster; urgency=medium . [ Phil Wyett ] * Add fix segfault at startup patch. - 944431-avoid-no-return-statement-in-function-returning-non-void.patch Thanks to Bernhard Übelacker . (Closes: #944431) bind9 (1:9.11.5.P4+dfsg-5.1+deb10u5) buster-security; urgency=high . * CVE-2021-25214: A malformed incoming IXFR transfer could trigger an assertion failure in ``named``, causing it to quit abnormally. * CVE-2021-25215: ``named`` crashed when a DNAME record placed in the ANSWER section during DNAME chasing turned out to be the final answer to a client query. * CVE-2021-25216: Compile with system provided SPNEGO * Ensure all resources are properly cleaned up when a call to gss_accept_sec_context() fails. bind9 (1:9.11.5.P4+dfsg-5.1+deb10u4) buster-security; urgency=high . * CVE-2021-25214: A malformed incoming IXFR transfer could trigger an assertion failure in ``named``, causing it to quit abnormally. * CVE-2021-25215: ``named`` crashed when a DNAME record placed in the ANSWER section during DNAME chasing turned out to be the final answer to a client query. chromium (89.0.4389.114-1~deb10u1) buster-security; urgency=medium . * New upstream security release. - CVE-2021-21159: Heap buffer overflow in TabStrip. Reported by Khalil Zhani - CVE-2021-21160: Heap buffer overflow in WebAudio. Reported by Marcin 'Icewall' Noga of Cisco Talos - CVE-2021-21161: Heap buffer overflow in TabStrip. Reported by Khalil Zhani - CVE-2021-21162: Use after free in WebRTC. Reported by Anonymous - CVE-2021-21163: Insufficient data validation in Reader Mode. Reported by Alison Huffman - CVE-2021-21165: Object lifecycle issue in audio. Reported by Alison Huffman - CVE-2021-21166: Object lifecycle issue in audio. Reported by Alison Huffman - CVE-2021-21167: Use after free in bookmarks. Reported by Leecraso and Guang Gong - CVE-2021-21168: Insufficient policy enforcement in appcache. Reported by Luan Herrera - CVE-2021-21169: Out of bounds memory access in V8. Reported by Bohan Liu and Moon Liang - CVE-2021-21170: Incorrect security UI in Loader. Reported by David Erceg - CVE-2021-21171: Incorrect security UI in TabStrip and Navigation. Reported by Irvan Kurniawan - CVE-2021-21172: Insufficient policy enforcement in File System API. Reported by Maciej Pulikowski - CVE-2021-21173: Side-channel information leakage in Network Internals. Reported by Tom Van Goethem - CVE-2021-21174: Inappropriate implementation in Referrer. Reported by Ashish Gautam Kamble - CVE-2021-21175: Inappropriate implementation in Site isolation. Reported by Jun Kokatsu - CVE-2021-21176: Inappropriate implementation in full screen mode. Reported by Luan Herrera - CVE-2021-21177: Insufficient policy enforcement in Autofill. Reported by Abdulrahman Alqabandi - CVE-2021-21178: Inappropriate implementation in Compositing. Reported by Japong - CVE-2021-21179: Use after free in Network Internals. Reported by Anonymous - CVE-2021-21180: Use after free in tab search. Reported by Abdulrahman Alqabandi - CVE-2021-21181: Side-channel information leakage in autofill. Reported by Xu Lin, Panagiotis Ilias, Jason Polakis - CVE-2021-21182: Insufficient policy enforcement in navigations. Reported by Luan Herrera - CVE-2021-21183: Inappropriate implementation in performance APIs. Reported by Takashi Yoneuchi - CVE-2021-21184: Inappropriate implementation in performance APIs. Reported by James Hartig - CVE-2021-21185: Insufficient policy enforcement in extensions. Reported by David Erceg - CVE-2021-21186: Insufficient policy enforcement in QR scanning. Reported by dhirajkumarnifty - CVE-2021-21187: Insufficient data validation in URL formatting. Reported by Kirtikumar Anandrao Ramchandani - CVE-2021-21188: Use after free in Blink. Reported by Woojin Oh - CVE-2021-21189: Insufficient policy enforcement in payments. Reported by Khalil Zhani - CVE-2021-21190: Uninitialized Use in PDFium. Reported by Zhou Aiting - CVE-2021-21191: Use after free in WebRTC. Reported by raven - CVE-2021-21192: Heap buffer overflow in tab groups. Reported by Abdulrahman Alqabandi - CVE-2021-21193: Use after free in Blink. Reported by Anonymous - CVE-2021-21194: Use after free in screen capture. Reported by Leecraso and Guang Gong - CVE-2021-21195: Use after free in V8. Reported by Liu and Liang - CVE-2021-21196: Heap buffer overflow in TabStrip. Reported by Khalil Zhani - CVE-2021-21197: Heap buffer overflow in TabStrip. Reported by Abdulrahman Alqabandi - CVE-2021-21198: Out of bounds read in IPC. Reported by Mark Brand - CVE-2021-21199: Use Use after free in Aura. Reported by Weipeng Jiang chromium (89.0.4389.90-1) unstable; urgency=medium . * New upstream security release (closes: #985271). - CVE-2021-21191: Use after free in WebRTC. Reported by raven @raid_akame - CVE-2021-21192: Heap buffer overflow in tab groups. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research - CVE-2021-21193: Use after free in Blink. Reported by Anonymous (closes: #985142) * Fix build with libvpx 1.7.0 and libicu63 (closes: #984926). * Change debian/rules to not leave debian/scripts/mk-origtargz chromium (89.0.4389.82-1) unstable; urgency=medium . * New upstream stable release (closes: #984532). - CVE-2021-21159: Heap buffer overflow in TabStrip. Reported by Khalil Zhani - CVE-2021-21160: Heap buffer overflow in WebAudio. Reported by Marcin 'Icewall' Noga of Cisco Talos - CVE-2021-21161: Heap buffer overflow in TabStrip. Reported by Khalil Zhani - CVE-2021-21162: Use after free in WebRTC. Reported by Anonymous - CVE-2021-21163: Insufficient data validation in Reader Mode. Reported by Alison Huffman, Microsoft Browser Vulnerability Research - CVE-2021-21164: Insufficient data validation in Chrome for iOS. Reported by Muneaki Nishimura nishimunea - CVE-2021-21165: Object lifecycle issue in audio. Reported by Alison Huffman, Microsoft Browser Vulnerability Research - CVE-2021-21166: Object lifecycle issue in audio. Reported by Alison Huffman, Microsoft Browser Vulnerability Research - CVE-2021-21167: Use after free in bookmarks. Reported by Leecraso and Guang Gong of 360 Alpha Lab - CVE-2021-21168: Insufficient policy enforcement in appcache. Reported by Luan Herrera @lbherrera_ - CVE-2021-21169: Out of bounds memory access in V8. Reported by Bohan Liu @P4nda20371774 and Moon Liang of Tencent Security Xuanwu Lab - CVE-2021-21170: Incorrect security UI in Loader. Reported by David Erceg - CVE-2021-21171: Incorrect security UI in TabStrip and Navigation. Reported by Irvan Kurniawan sourc7 - CVE-2021-21172: Insufficient policy enforcement in File System API. Reported by Maciej Pulikowski - CVE-2021-21173: Side-channel information leakage in Network Internals. Reported by Tom Van Goethem from imec-DistriNet, KU Leuven - CVE-2021-21174: Inappropriate implementation in Referrer. Reported by Ashish Gautam Kamble - CVE-2021-21175: Inappropriate implementation in Site isolation. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research - CVE-2021-21176: Inappropriate implementation in full screen mode. Reported by Luan Herrera @lbherrera_ - CVE-2021-21177: Insufficient policy enforcement in Autofill. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research - CVE-2021-21178: Inappropriate implementation in Compositing. Reported by Japong - CVE-2021-21179: Use after free in Network Internals. Reported by Anonymous - CVE-2021-21180: Use after free in tab search. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research - CVE-2020-27844: Heap buffer overflow in OpenJPEG. Reported by Sean Campbell at Tableau - CVE-2021-21181: Side-channel information leakage in autofill. Reported by Xu Lin (University of Illinois at Chicago), Panagiotis Ilia University of Illinois at Chicago, Jason Polakis University of Illinois at Chicago - CVE-2021-21182: Insufficient policy enforcement in navigations. Reported by Luan Herrera @lbherrera_ - CVE-2021-21183: Inappropriate implementation in performance APIs. Reported by Takashi Yoneuchi @y0n3uchy - CVE-2021-21184: Inappropriate implementation in performance APIs. Reported by James Hartig - CVE-2021-21185: Insufficient policy enforcement in extensions. Reported by David Erceg - CVE-2021-21186: Insufficient policy enforcement in QR scanning. Reported by dhirajkumarnifty - CVE-2021-21187: Insufficient data validation in URL formatting. Reported by Kirtikumar Anandrao Ramchandani - CVE-2021-21188: Use after free in Blink. Reported by Woojin Oh @pwn_expoit of STEALIEN - CVE-2021-21189: Insufficient policy enforcement in payments. Reported by Khalil Zhani - CVE-2021-21190: Uninitialized Use in PDFium. Reported by Zhou Aiting @zhouat1 of Qihoo 360 Vulcan Team chromium (88.0.4324.182-1) unstable; urgency=medium . * New upstream security release. - CVE-2021-21149: Stack overflow in Data Transfer. Reported by Ryoya Tsukasaki - CVE-2021-21150: Use after free in Downloads. Reported by Woojin Oh - CVE-2021-21151: Use after free in Payments. Reported by Khalil Zhani - CVE-2021-21152: Heap buffer overflow in Media. Reported by Anonymous - CVE-2021-21153: Stack overflow in GPU Process. Reported by Jan Ruge - CVE-2021-21154: Heap buffer overflow in Tab Strip . Reported by Abdulrahman Alqabandi - CVE-2021-21155: Heap buffer overflow in Tab Strip . Reported by Khalil Zhani - CVE-2021-21156: Heap buffer overflow in V8. Reported by Sergei Glazunov - CVE-2021-21157: Use after free in Web Sockets. Reported by Anonymous clamav (0.103.2+dfsg-0+deb10u1) buster; urgency=medium . [ Sebastian Andrzej Siewior ] * Import 0.103.2 - CVE-2021-1252 (Fix for Excel XLM parser infinite loop.) - CVE-2021-1404 (Fix for PDF parser buffer over-read; possible crash.) - CVE-2021-1405 (Fix for mail parser NULL-dereference crash.) - Fix testsuite in an IPv6 only environment (Closes: #963853). - Update symbol file. - Drop CURL_CA_BUNDLE related patch, changes applied upstream. (Closes: #986622). * Rename NEWS.Debian to NEWS. * Update lintian overrides. * Update apparmor profile for freshclam. Thanks to Michael Borgelt. (Closes: #972974) * Update apparmor profile for clamd. Thanks to Stefano Callegari. (Closes: #973619). * Remove deprecated option SafeBrowsing from debconf templates. . [ Helmut Grohne ] * Honour DEB_BUILD_OPTIONS=nocheck again. (Closes: #960843) clamav (0.103.0+dfsg-3.1) unstable; urgency=medium . * Non-maintainer upload. * debian/patches: Apply upstream patch to fix call of ck_assert_msg (Closes: #980592) clamav (0.103.0+dfsg-3) unstable; urgency=medium . * Update apparmor profile for clamd. Thanks to Stefano Callegari. (Closes: #973619). clamav (0.103.0+dfsg-2) unstable; urgency=medium . * Update apparmor profile for freshclam. Thanks to Michael Borgelt. (Closes: #972974) * Fix testsuite in an IPv6 only environment (Closes: #963853). clamav (0.103.0+dfsg-1) unstable; urgency=medium . * Import 0.103.0 - Drop CURL_CA_BUNDLE related patch, changes applied upstream. - Update symbol file. * Rename NEWS.Debian to NEWS. * Update lintian overrides. clamav (0.102.4+dfsg-1) unstable; urgency=medium . [ Helmut Grohne ] * Honour DEB_BUILD_OPTIONS=nocheck again. (Closes: #960843) . [ Scott Kitterman ] * Add Suggests for unversioned libclamunrar package on clamav-daemon and clamav binaries . [ Sebastian Andrzej Siewior ] * Import 0.102.4 - CVE-2020-3350 (A malicious user trick clamav into moving a different file). - CVE-2020-3327 (A vulnerability in the ARJ archive parsing module). - CVE-2020-3481 (A vulnerability in the EGG archive module). * Update symbol file. clevis (11-2+deb10u2) buster; urgency=medium . * Cherry-pick "Bugfix: set pcr_bank from pcr_bank not pcr_hash field". Closes: #989648 composer (1.8.4-1+deb10u1) buster-security; urgency=high . * Use debian/buster branch * Security: Fixed command injection vulnerability. Fix external process calls to avoid user input being able to pass extra parameters in HgDriver/HgDownloader and hardened other VCS drivers and downloaders (GHSA-h5h8-pc6h-jvvx) [CVE-2021-29472] connman (1.36-2.1~deb10u2) buster; urgency=medium . * Non-maintainer upload. * dnsproxy: Check the length of buffers before memcpy (CVE-2021-33833) (Closes: #989662) crmsh (4.0.0~git20190108.3d56538-3+deb10u1) buster; urgency=medium . * d/patches: include fix for CVE-2020-35459 (Closes: #985376) curl (7.64.0-4+deb10u2) buster-security; urgency=high . * Fix partial password leak over DNS on HTTP redirect as per CVE-2020-8169 (Closes: #965280) https://curl.haxx.se/docs/CVE-2020-8169.html * Fix local file overwrite as per CVE-2020-8177 (Closes: #965281) https://curl.se/docs/CVE-2020-8177.html * Fix use of wrong connect-only connection as per CVE-2020-8231 (Closes: #968831) https://curl.se/docs/CVE-2020-8231.html * Don't trust FTP PASV responses by default as per CVE-2020-8284 (Closes: #977163) * Fix FTP wildcard stack overflow as per CVE-2020-8285 (Closes: #977162) https://curl.se/docs/CVE-2020-8285.html * Make the OCSP verification verify the certificate id as per CVE-2020-8286 (Closes: #977161) https://curl.se/docs/CVE-2020-8286.html * Fix credentials leak with automatic referer as per CVE-2021-22876 https://curl.se/docs/CVE-2021-22876.html * Fix TLS 1.3 session ticket proxy host mixup as per CVE-2021-22890 https://curl.se/docs/CVE-2021-22890.html debian-installer (20190702+deb10u10) buster; urgency=medium . * Bump Linux ABI to 4.19.0-17. debian-installer-netboot-images (20190702+deb10u10) buster; urgency=medium . * Update to 20190702+deb10u10, from buster-proposed-updates. dnspython (1.16.0-1+deb10u1) buster; urgency=medium . * Team upload. * d/patches: Add fix-do-not-compare-with-expiration- if-None.patch from upstream (Closes: #986645) docker.io (18.09.1+dfsg1-7.1+deb10u3) buster-security; urgency=medium . * Backport upstream patches for: - CVE-2020-15157 - CVE-2020-15257 - CVE-2021-21284 - CVE-2021-21285 dput-ng (1.25+deb10u2) buster; urgency=medium . [ Philippe Pepiot ] * Fix a TypeError in http upload exception handling. MR: !9 . [ Mattia Rizzolo ] * Fix crash in the sftp uploader in case of EACCES from the server. Closes: #953357 * Update codenames: + Drop squeeze*, wheezy* and jessie-backports*. + Add bullseye-backports, buster-backports-sloppy. + Add bookworm, bookworm-proposed-updates, bookworm-security. . [ nicoo ] * Make `dcut dm` also accept non-uploading DDs, since they are nowadays treated the same as DMs when concerning upload permissions. Closes: #985618; MR: !16 . [ Dominic Hargreaves ] * In dak-commands files, don't try and construct uploader email from system hostname, instead skip the whole Uploader field, since it's optional anyway. Closes: #984466; MR: !15 eterm (0.9.6-5+deb10u1) buster; urgency=high . * Non-maintainer upload by the LTS team. * Add patch from rxvt-unicode to fix CVE-2021-33477. (Closes: #989041) exactimage (1.0.2-1+deb10u1) buster; urgency=medium . * debian/rules: - Add -fpermissive to fix FTBFS due to missing C++11 "constexp" * debian/patches: - Add adapt-for-nicer-per-file-_C-FLAGS-per-source-input-name.patch, added-fpermissive-where-currently-necessary.patch, if-we-can-not-easily-use-the-input-module-name-for-C-FLAS.patch, Updated-per-file-C-FLAGS-to-likely-final-delimiter.patch, Fix build with C++11 and OpenEXR 2.5.x (Closes: #968829) exim4 (4.92-8+deb10u6) buster-security; urgency=high . * Fix several security vulnerabilities reported by Qualys and add related robustness improvements. (Originally fixed in upstream release 4.94.3 and in upstream GIT branch exim-4.92.3+fixes. (Special thanks to Heiko) + CVE-2020-28025: Heap out-of-bounds read in pdkim_finish_bodyhash() + CVE-2020-28018: Use-after-free in tls-openssl.c + CVE-2020-28023: Out-of-bounds read in smtp_setup_msg() + CVE-2020-28010: Heap out-of-bounds write in main() + CVE-2020-28011: Heap buffer overflow in queue_run() + CVE-2020-28013: Heap buffer overflow in parse_fix_phrase() + CVE-2020-28017: Integer overflow in receive_add_recipient() + CVE-2020-28022: Heap out-of-bounds read and write in extract_option() + CVE-2020-28026: Line truncation and injection in spool_read_header() + CVE-2020-28015 and CVE-2020-28021: New-line injection into spool header file. + CVE-2020-28009: Integer overflow in get_stdinput() + CVE-2020-28024: Heap buffer underflow in smtp_ungetc() + CVE-2020-28012: Missing close-on-exec flag for privileged pipe + CVE-2020-28019: Failure to reset function pointer after BDAT error + CVE-2020-28007: Link attack in Exim's log directory + CVE-2020-28008: Assorted attacks in Exim's spool directory + CVE-2020-28014, CVE-2021-27216: Arbitrary PID file creation, clobbering, and deletion. fig2dev (1:3.2.7a-5+deb10u4) buster; urgency=medium . * 44_CVE-2021-3561: Fix buffer overflow color definitions. This fixes CVE-2021-3561. * Rename gitlab.yml to salsa.yml to activate pipeline again. * 45_polyline2polygon: Convert polygons having too few points to polylines. * 46_arrow-poly: Remove arrows from polygon with single point. * 47_trunc-subsuper: Allow truncated sub/superscripts in text. * 48_arrow-point: Omit arrows without points in svg output. * Rebuild testsuite during build and in autopkgtest. firefox-esr (78.11.0esr-1~deb10u1) buster-security; urgency=medium . * New upstream release. * Fixes for mfsa2021-24, also known as CVE-2021-29967. firefox-esr (78.10.0esr-1) unstable; urgency=medium . * New upstream release. * Fixes for mfsa2021-15, also known as: CVE-2021-23994, CVE-2021-23995, CVE-2021-23998, CVE-2021-23961, CVE-2021-23999, CVE-2021-24002, CVE-2021-29945, CVE-2021-29946. firefox-esr (78.10.0esr-1~deb10u1) buster-security; urgency=medium . * New upstream release. * Fixes for mfsa2021-15, also known as: CVE-2021-23994, CVE-2021-23995, CVE-2021-23998, CVE-2021-23961, CVE-2021-23999, CVE-2021-24002, CVE-2021-29945, CVE-2021-29946. firefox-esr (78.9.0esr-1) unstable; urgency=medium . * New upstream release. * Fixes for mfsa2021-11, also known as: CVE-2021-23981, CVE-2021-23982, CVE-2021-23984, CVE-2021-23987. firefox-esr (78.9.0esr-1~deb10u1) buster-security; urgency=medium . * New upstream release. * Fixes for mfsa2021-11, also known as: CVE-2021-23981, CVE-2021-23982, CVE-2021-23984, CVE-2021-23987. firefox-esr (78.8.0esr-1) unstable; urgency=medium . * New upstream release. * Fixes for mfsa2021-08, also known as: CVE-2021-23969, CVE-2021-23968, CVE-2021-23973, CVE-2021-23978. fluidsynth (1.1.11-1+deb10u1) buster; urgency=medium . * Non-maintainer upload. * Backport fix for use-after-free vulnerability. (CVE-2021-28421) (Closes: #987168) freediameter (1.2.1-7+deb10u1) buster; urgency=medium . * Team upload * CVE-2020-6098 (Closes: #985088) Anybody can send a specially crafted Diameter request, which triggers a memory corruption and thus results in a denial-of-service. fwupd (1.2.14-1~deb10u1) buster; urgency=medium . * Switch to newer release from upstream's stable branch * Add extra SBAT patches fwupd (1.2.13-3+deb10u3) buster; urgency=medium . * Fix generation of the vendor SBAT string - updated sbat.patch * Stop using dpkg-dev in fwupd.preinst. Instead, work out the EFIDIR variable at build time and substitute in, Closes: #986779 fwupd-amd64-signed (1.2.14+1~deb10u1) buster; urgency=medium . * Update to fwupd version 1.2.14-1~deb10u1 fwupd-amd64-signed (1.2.13+3+deb10u3) buster; urgency=medium . * Update to fwupd version 1.2.13-3+deb10u3 fwupd-arm64-signed (1.2.14+1~deb10u1) buster; urgency=medium . * Update to fwupd version 1.2.14-1~deb10u1 fwupd-arm64-signed (1.2.13+3+deb10u3) buster; urgency=medium . * Update to fwupd version 1.2.13-3+deb10u3 fwupd-armhf-signed (1.2.14+1~deb10u1) buster; urgency=medium . * Update to fwupd version 1.2.14-1~deb10u1 fwupd-armhf-signed (1.2.13+3+deb10u3) buster; urgency=medium . * Update to fwupd version 1.2.13-3+deb10u3 fwupd-i386-signed (1.2.14+1~deb10u1) buster; urgency=medium . * Update to fwupd version 1.2.14-1~deb10u1 fwupd-i386-signed (1.2.13+3+deb10u3) buster; urgency=medium . * Update to fwupd version 1.2.13-3+deb10u3 fwupdate (12-4+deb10u4) buster; urgency=medium . * Tweak SBAT support again. * Remove the previous linker warning patch, not needed now. fwupdate-amd64-signed (12+4+deb10u4) buster; urgency=medium . * Update to fwupdate version 12-4+deb10u4 fwupdate-arm64-signed (12+4+deb10u4) buster; urgency=medium . * Update to fwupdate version 12-4+deb10u4 fwupdate-armhf-signed (12+4+deb10u4) buster; urgency=medium . * Update to fwupdate version 12-4+deb10u4 fwupdate-i386-signed (12+4+deb10u4) buster; urgency=medium . * Update to fwupdate version 12-4+deb10u4 glib2.0 (2.58.3-2+deb10u3) buster; urgency=medium . * d/patches: Resolve integer overflows, including CVE-2021-27219. These backported patches resolve an integer overflow that is known to be attacker-triggerable for denial of service in polkit (policykit-1), as well as replacing other simple uses of g_memdup() with g_memdup2(). Overflows in most of these places would not be attacker-triggerable, but replacing them is simpler than assessing whether they are attacker-triggerable. The more complicated changes from 2.66.7 have not been backported, to avoid regressions in Debian 10; overflows in those locations are not believed to be attacker-triggerable. (Closes: #982778) * d/patches: Fix integer overflow CVE-2021-27218. This is not known to be exploitable in any particular program, but might be. (Closes: #982779) * d/patches: Fix a symlink attack affecting file-roller, CVE-2021-28153 (Closes: #984969) gnutls28 (3.6.7-4+deb10u7) buster; urgency=medium . * 46_handshake-reject-no_renegotiation-alert-if-handshake.patch pulled from 3.6.15: It was found by oss-fuzz that the server sending a "no_renegotiation" alert in an unexpected timing, followed by an invalid second handshake can cause a TLS 1.3 client to crash via a null-pointer dereference. The crash happens in the application's error handling path, where the gnutls_deinit function is called after detecting a handshake failure. GNUTLS-SA-2020-09-04 CVE-2020-24659 Closes: #969547 * Pull multiple fixes designated for 3.6.15 bugfix release: + 47_rel3.6.16_01-gnutls_buffer_append_data-remove-duplicated-code.patch + 47_rel3.6.16_02-_gnutls_buffer_resize-add-option-to-use-allocation-s.patch + 47_rel3.6.16_03-key_share-avoid-use-after-free-around-realloc.patch (CVE-2021-20231) and 47_rel3.6.16_04-pre_shared_key-avoid-use-after-free-around-realloc.patch (CVE-2021-20232), both together GNUTLS-SA-2021-03-10. + 47_rel3.6.16_05-_gnutls_buffer_resize-account-for-unused-area-if-AGG.patch + 47_rel3.6.16_06-str-suppress-Wunused-function-if-AGGRESSIVE_REALLOC-.patch golang-1.11 (1.11.6-1+deb10u4) buster-security; urgency=high . * Team upload. . [ Dr. Tobias Quathamer ] * cryptobyte: fix panic due to malformed ASN.1 inputs on 32-bit archs https://github.com/golang/go/issues/36837 CVE-2020-7919 * net/http: Expect 100-continue panics in httputil.ReverseProxy https://github.com/golang/go/issues/34902 CVE-2020-15586 * encoding/binary: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs https://github.com/golang/go/issues/40618 CVE-2020-16845 . [ Shengjing Zhu ] * crypto/elliptic: incorrect operations on the P-224 curve https://github.com/golang/go/issues/43786 CVE-2021-3114 golang-github-docker-docker-credential-helpers (0.6.1-2+deb10u1) buster; urgency=medium . * Add myself to uploaders. * Adjust gbp.conf for buster. * Add upstream patch to fix CVE-2019-1020014 (Closes: #933801). graphviz (2.40.1-6+deb10u1) buster-security; urgency=high . * Fix CVE-2020-18032: out of bounds write on invalid label (closes: #988000). gst-libav1.0 (1.15.0.1+git20180723+db823502-2+deb10u1) buster-security; urgency=high . * debian/patches/0001-avcodecmap-Dont-try-converting-channel-layouts-with-more.patch: + Add upstream patch to fix stack corruption when handling files with more than 64 audio channels. gst-plugins-bad1.0 (1.14.4-1+deb10u2) buster-security; urgency=high . * debian/patches/0001-h2645parser-Catch-overflows-in-AVC-HEVC-NAL-unit-length.patch: + Catch overflows in AVC/HEVC NAL unit length calculations, which would lead to allocating infinite amounts of small memory blocks until OOM and could potentially also lead to memory corruptions. . See https://gitlab.freedesktop.org/gstreamer/gst-plugins-bad/-/merge_requests/2103 gst-plugins-base1.0 (1.14.4-2+deb10u1) buster-security; urgency=high . * debian/patches/0001-tag-id3v2-fix-frame-size-check-and-potential-invalid-reads.patch: + Add upstream patch for fixing invalid reads during ID3v2 tag parsing that can lead to application crashes. gst-plugins-good1.0 (1.14.4-1+deb10u1) buster-security; urgency=high . * debian/patches/0001-matroskademux-Initialize-track-context-out-parameter-to-NULL.patch: + Fix use-after free and stack corruption in Matroska demuxer (CVE-2021-3497) (Closes: #986910). * debian/patches/0002-matroskademux-Fix-extraction-of-multichannel-WavPack.patch: + Fix extraction of multichannel WavPack in Matroska demuxer, which caused heap corruption (CVE-2021-3498) (Closes: #986911). gst-plugins-ugly1.0 (1.14.4-1+deb10u1) buster-security; urgency=high . * debian/patches/0001-rmdemux-Make-sure-we-have-enough-data-available-when-parsing.patch: + Add upstream patch for fixing out of bounds reads in ASF demuxer that can cause application crashes. hivex (1.3.18-1+deb10u1) buster-security; urgency=medium . * Add upstream patch to fix CVE-2021-3504 (Closes: #988024) htmldoc (1.9.3-1+deb10u2) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * Add patches from unstable to fix CVEs: CVE-2021-23158, CVE-2021-23165, CVE-2021-23180, CVE-2021-23191, CVE-2021-23206, CVE-2021-26252, CVE-2021-26259, CVE-2021-26948. htmldoc (1.9.3-1+deb10u1) buster; urgency=medium . * QA upload. * Add patch to fix a stack-based buffer overflow in the hd_strlcpy() Fixes: CVE-2019-19630 * Add patch to fix buffer-overflow caused by integer-overflow Closes: #984765 Fixes: CVE-2021-20308 hyperkitty (1.2.2-1+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * d/p/0005_ensure_private_archives_during_import.patch: Ensure private archives stay private during import (CVE-2021-33038). (Closes: #989183) ipmitool (1.8.18-6+deb10u1) buster; urgency=medium . * Non-maintainer upload. * CVE-2020-5208: buffer overflows and potentially to remote code execution. Applied upstream patches: - CVE-2020-5208_1_Fix_buffer_overflow_vulnerabilities.patch - CVE-2020-5208_2-fru-Fix-buffer-overflow-in-ipmi_spd_print_fru.patch - CVE-2020-5208_3-session-Fix-buffer-overflow-in-ipmi_get_session_info.patch - CVE-2020-5208_4-channel-Fix-buffer-overflow.patch - CVE-2020-5208_5_lanp-Fix-buffer-overflows-in-get_lan_param_select.patch - CVE-2020-5208_6-fru-sdr-Fix-id_string-buffer-overflows.patch (Closes: #950761). ircii (20190117-1+deb10u1) buster; urgency=medium . * QA upload. * Fix CVE-2021-29376: allows remote attackers to cause a denial of service (segmentation fault and client crash, disconnecting the victim from an IRC server) via a crafted CTCP UTC message. Closes: #986214 isc-dhcp (4.4.1-2+deb10u1) buster; urgency=medium . * Non-maintainer upload. * A buffer overrun in lease file parsing code can be used to exploit a common vulnerability shared by dhcpd and dhclient (CVE-2021-25217) (Closes: #989157) isync (1.3.0-2.2~deb10u1) buster; urgency=medium . * Non-maintainer upload. * Rebuild for buster . isync (1.3.0-2.2) unstable; urgency=medium . * Non-maintainer upload. * fix handling of unexpected APPENDUID response code (CVE-2021-3578) (Closes: #989564) . isync (1.3.0-2.1) unstable; urgency=medium . * Non-maintainer upload. . [ Ondřej Nový ] * d/watch: Use https protocol . [ Salvatore Bonaccorso ] * reject funny mailbox names from IMAP LIST/LSUB (CVE-2021-20247) (Closes: #983351) isync (1.3.0-2.1) unstable; urgency=medium . * Non-maintainer upload. . [ Ondřej Nový ] * d/watch: Use https protocol . [ Salvatore Bonaccorso ] * reject funny mailbox names from IMAP LIST/LSUB (CVE-2021-20247) (Closes: #983351) jackson-databind (2.9.8-3+deb10u3) buster; urgency=medium . * Non-maintainer upload by the LTS team. * Add patch to fix: - CVE-2020-24616: Block one more gadget type (Anteros-DBCP) - CVE-2020-24750: Block one more gadget type (com.pastdev.httpcomponents) - CVE-2020-25649: setExpandEntityReferences(false) may not prevent external entity expansion in all cases - CVE-2020-35490 and CVE-2020-35491: Block 2 more gadget types (commons-dbcp2) - CVE-2020-35728: Block one more gadget type (org.glassfish.web/javax.servlet.jsp.jstl) - CVE-2020-36179, CVE-2020-36180, CVE-2020-36181, and CVE-2020-36182: Block some more DBCP-related potential gadget classes - CVE-2020-36183: Block one more gadget type (org.docx4j.org.apache:xalan-interpretive) - CVE-2020-36184 and CVE-2020-36185: Block 2 more gadget types (org.apache.tomcat/tomcat-dbcp) - CVE-2020-36186 and CVE-2020-36187: Block 2 more gadget types (tomcat/naming-factory-dbcp) - CVE-2020-36188 and CVE-2020-36189: Block 2 more gadget types (newrelic-agent) - CVE-2021-20190: Block one more gadget type (javax.swing) klibc (2.0.6-1+deb10u1) buster; urgency=medium . [ Ben Hutchings ] * Apply security fixes from 2.0.9 (Closes: #989505): - malloc: Set errno on failure - malloc: Fail if requested size > PTRDIFF_MAX (CVE-2021-31873) - calloc: Fail if multiplication overflows (CVE-2021-31870) - cpio: Fix possible integer overflow on 32-bit systems (CVE-2021-31872) - cpio: Fix possible crash on 64-bit systems (CVE-2021-31871) . [ Thorsten Glaser ] * {set,long}jmp [s390x]: save/restore the correct FPU registers (f8‥f15 not f1/f3/f5/f7) (Closes: #943425) lasso (2.6.0-2+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * Fix signature checking on unsigned response with multiple assertions (CVE-2021-28091) ldb (2:1.5.1+really1.4.6-3+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * lib ldb: Check if ldb_lock_backend_callback called twice (CVE-2020-10730) * ldb_dn: avoid head corruption in ldb_dn_explode (CVE-2020-27840) (Closes: #985936) * ldb/attrib_handlers casefold: stay in bounds (CVE-2021-20277) (Closes: #985935) lib3mf (1.8.1+ds-3+deb10u1) buster-security; urgency=high . * Fix use-after-free (CVE-2021-21772), backporting fix from v2.1.1 (Closes: #985092) libbusiness-us-usps-webtools-perl (1.122-1+deb10u1) buster; urgency=medium . * Update to new US-USPS API (Closes: #988330) libgcrypt20 (1.8.4-5+deb10u1) buster; urgency=medium . * 31_cipher-Fix-ElGamal-encryption-for-other-implementati.patch from upstream LIBGCRYPT-1.8-BRANCH: Fix weak ElGamal encryption with keys *not* generated by GnuPG/libgcrypt. CVE-2021-33560 libgetdata (0.10.0-5+deb10u1) buster; urgency=medium . * Team upload. * Fix CVE-2021-20204. libhibernate3-java (3.6.10.Final-9+deb10u1) buster-security; urgency=high . * Team upload. * Fix CVE-2020-25638: A flaw was found in hibernate-core. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity. libimage-exiftool-perl (11.16-1+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the Security Team. . [ gregor herrmann ] * Add patch CVE-2021-22204.patch, taken from upstream release 12.24. The patch fixes CVE-2021-22204: Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image. Thanks to William Bowling for the bug report on Launchpad. (Closes: #987505) (LP: #1925985) libmateweather (1.20.2-1+deb10u1) buster; urgency=medium . [ Pablo Barciela ] * debian/patches: + Add 1001_adapt-to-timezone-namechange-for-America-Nuuk.patch. (Closes #959545). libwebp (0.6.1-2+deb10u1) buster-security; urgency=medium . * CVE-2018-25009 CVE-2018-25010 CVE-2018-25011 CVE-2020-36328 CVE-2018-25013 CVE-2018-25014 CVE-2020-36328 CVE-2020-36329 CVE-2020-36330 CVE-2020-36331 CVE-2020-36332 libx11 (2:1.6.7-1+deb10u2) buster-security; urgency=medium . * Reject string longer than USHRT_MAX before sending them on the wire (CVE-2021-31535) libxml2 (2.9.4+dfsg1-7+deb10u2) buster; urgency=medium . * Non-maintainer upload. * Fix out-of-bounds read with 'xmllint --htmlout' (CVE-2020-24977) (Closes: #969529) * Fix use-after-free with `xmllint --html --push` (CVE-2021-3516) (Closes: #987739) * Validate UTF8 in xmlEncodeEntities (CVE-2021-3517) (Closes: #987738) * Fix user-after-free with `xmllint --xinclude --dropdtd` (CVE-2021-3518) (Closes: #987737) * Propagate error in xmlParseElementChildrenContentDeclPriv (CVE-2021-3537) (Closes: #988123) * Patch for security issue CVE-2021-3541 (Closes: #988603) liferea (1.12.6-1+deb10u1) buster; urgency=medium . * Add patch to work with webkit2gtk >= 2.32: 34d26be00328a68d2f1625c78b54dc168da0648e.patch (Closes: #987448) linux (4.19.194-1) buster; urgency=medium . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.182 - [arm64] KVM: nvhe: Save the SPE context early - [armhf] net: dsa: b53: Support setting learning on port https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.183 - ALSA: hda: generic: Fix the micmute led init state - Revert "PM: runtime: Update device status before letting suppliers suspend" - vmlinux.lds.h: Create section for protection against instrumentation - btrfs: fix race when cloning extent buffer during rewind of an old root (CVE-2021-28964) - btrfs: fix slab cache flags for free space tree bitmap - [armhf] ASoC: fsl_ssi: Fix TDM slot setup for I2S mode - nvmet: don't check iosqes,iocqes for discovery controllers - NFSD: Repair misuse of sv_lock in 5.10.16-rt30. - svcrdma: disable timeouts on rdma backchannel - sunrpc: fix refcount leak for rpc auth modules - scsi: lpfc: Fix some error codes in debugfs - nvme-rdma: fix possible hang when failing to set io queues - [powerpc*] Force inlining of cpu_has_feature() to avoid build failure - usb-storage: Add quirk to defeat Kindle's automatic unload - usbip: Fix incorrect double assignment to udc->ud.tcp_rx - USB: replace hardcode maximum usb string length by definition - usb: gadget: configfs: Fix KASAN use-after-free - [arm64] iio:adc:qcom-spmi-vadc: add default scale to LR_MUX2_BAT_ID channel - iio: hid-sensor-prox: Fix scale not correct issue - [powerpc*] PCI: rpadlpar: Fix potential drc_name corruption in store functions (CVE-2021-28972) - [x86] perf/x86/intel: Fix a crash caused by zero PEBS status (CVE-2021-28971) - [x86] ioapic: Ignore IRQ2 again - kernel, fs: Introduce and use set_restart_fn() and arch_set_restart_data() - [x86] Move TS_COMPAT back to asm/thread_info.h - [x86] Introduce TS_COMPAT_RESTART to fix get_nr_restart_syscall() - ext4: find old entry again if failed to rename whiteout - ext4: do not try to set xattr into ea_inode if value is empty - ext4: fix potential error in ext4_do_update_inode - genirq: Disable interrupts for force threaded handlers - [x86] apic/of: Fix CPU devicetree-node lookups - cifs: Fix preauth hash corruption https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.184 - [armhf] net: fec: ptp: avoid register access when ipg clock is disabled - [powerpc*] 4xx: Fix build errors from mfdcr() - atm: eni: dont release is never initialized - atm: lanai: dont run lanai_dev_close if not open - Revert "r8152: adjust the settings about MAC clock speed down for RTL8153" - ixgbe: Fix memleak in ixgbe_configure_clsu32 - net: tehuti: fix error return code in bdx_probe() - sun/niu: fix wrong RXMAC_BC_FRM_CNT_COUNT count - gianfar: fix jumbo packets+napi+rx overrun crash (CVE-2021-29264) - gpiolib: acpi: Add missing IRQF_ONESHOT - nfs: fix PNFS_FLEXFILE_LAYOUT Kconfig default - NFS: Correct size calculation for create reply length - [arm64] net: hisilicon: hns: fix error return code of hns_nic_clear_all_rx_fetch() - [x86] atm: uPD98402: fix incorrect allocation - atm: idt77252: fix null-ptr-dereference - u64_stats,lockdep: Fix u64_stats_init() vs lockdep - nfs: we don't support removing system.nfs4_acl - block: Suppress uevent for hidden device when removed - [arm64] netsec: restore phy power state after controller reset - [x86] platform/x86: intel-vbtn: Stop reporting SW_DOCK events - squashfs: fix inode lookup sanity checks - squashfs: fix xattr id and id lookup sanity checks - dm ioctl: fix out of bounds array access when no devices (CVE-2021-31916) - [armhf] bus: omap_l3_noc: mark l3 irqs as IRQF_NO_THREAD - veth: Store queue_mapping independently of XDP prog presence - libbpf: Fix INSTALL flag order - macvlan: macvlan_count_rx() needs to be aware of preemption - [armhf] net: dsa: bcm_sf2: Qualify phydev->dev_flags based on port - e1000e: add rtnl_lock() to e1000_reset_task - e1000e: Fix error handling in e1000_set_d0_lplu_state_82571 - net/qlcnic: Fix a use after free in qlcnic_83xx_get_minidump_template - netfilter: ctnetlink: fix dump of the expect mask attribute - can: peak_usb: add forgotten supported devices - [armhf] can: flexcan: flexcan_chip_freeze(): fix chip freeze for missing bitrate - mac80211: fix rate mask reset - net: cdc-phonet: fix data-interface release on probe failure - [arm64,armhf] net: stmmac: dwmac-sun8i: Provide TX and RX fifo sizes - [arm64] drm/msm: fix shutdown hook in case GPU components failed to bind - net/mlx5e: Fix error path for ethtool set-priv-flag - RDMA/cxgb4: Fix adapter LE hash errors while destroying ipv6 listening server - bpf: Don't do bpf_cgroup_storage_set() for kuprobe/tp programs - Revert "netfilter: x_tables: Switch synchronization to RCU" - netfilter: x_tables: Use correct memory barriers. (CVE-2021-29650) - Revert "netfilter: x_tables: Update remaining dereference to RCU" - ACPI: scan: Rearrange memory allocation in acpi_device_add() - ACPI: scan: Use unique number for instance_no - dm verity: add root hash pkcs#7 signature verification - scsi: qedi: Fix error return code of qedi_alloc_global_queues() - scsi: mpt3sas: Fix error return code of mpt3sas_base_attach() - locking/mutex: Fix non debug version of mutex_lock_io_nested() - can: dev: Move device back to init netns on owning netns delete - net: sched: validate stab values - net: qrtr: fix a kernel-infoleak in qrtr_recvmsg() (CVE-2021-29647) - mac80211: fix double free in ibss_leave - ext4: add reclaim checks to xattr code - can: peak_usb: Revert "can: peak_usb: add forgotten supported devices" - xen-blkback: don't leak persistent grants from xen_blkbk_map() (CVE-2021-28688) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.185 - selinux: vsock: Set SID for socket returned by accept() - tcp: relookup sock for RST+ACK packets handled by obsolete req sock - ipv6: weaken the v4mapped source check - ext4: fix bh ref count on error paths - rpc: fix NULL dereference on kmalloc failure - ASoC: rt5640: Fix dac- and adc- vol-tlv values being off by a factor of 10 - [x86] ASoC: rt5651: Fix dac- and adc- vol-tlv values being off by a factor of 10 - [armhf] ASoC: sgtl5000: set DAP_AVC_CTRL register to correct default value on probe - [x86] ASoC: es8316: Simplify adc_pga_gain_tlv table - vhost: Fix vhost_vq_reset() - scsi: st: Fix a use after free in st_open() - scsi: qla2xxx: Fix broken #endif placement - [x86] staging: comedi: cb_pcidas: fix request_irq() warn - [x86] staging: comedi: cb_pcidas64: fix request_irq() warn - thermal/core: Add NULL pointer check before using cooling device stats - locking/ww_mutex: Simplify use_ww_ctx & ww_ctx handling - ext4: do not iput inode under running transaction in ext4_rename() - brcmfmac: clear EAP/association status bits on linkdown events - ath10k: hold RCU lock when calling ieee80211_find_sta_by_ifaddr() - [amd64] net: ethernet: aquantia: Handle error cleanup of start on open - appletalk: Fix skb allocation size in loopback case - [x86] net: wan/lmc: unregister device when no matching device is found - bpf: Remove MTU check in __bpf_skb_max_len - ALSA: usb-audio: Apply sample rate quirk to Logitech Connect - ALSA: hda/realtek: fix a determine_headset_type issue for a Dell AIO - ALSA: hda/realtek: call alc_update_headset_mode() in hp_automute_hook - PM: runtime: Fix race getting/putting suppliers at probe - PM: runtime: Fix ordering in pm_runtime_get_suppliers() - tracing: Fix stack trace event size - mm: fix race by making init_zero_pfn() early_initcall - drm/amdgpu: fix offset calculation in amdgpu_vm_bo_clear_mappings() - drm/amdgpu: check alignment on CPU page for bo map - reiserfs: update reiserfs_xattrs_initialized() condition - [arm64,armhf] pinctrl: rockchip: fix restore error in resume - extcon: Add stubs for extcon_register_notifier_all() functions - extcon: Fix error handling in extcon_dev_register - firewire: nosy: Fix a use-after-free bug in nosy_ioctl() (CVE-2021-3483) - usbip: vhci_hcd fix shift out-of-bounds in vhci_hub_control() - USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem - [arm64,armhf] usb: musb: Fix suspend with devices connected for a64 - cdc-acm: fix BREAK rx code path adding necessary calls - USB: cdc-acm: untangle a circular dependency between callback and softint - USB: cdc-acm: downgrade message to debug - USB: cdc-acm: fix double free on probe failure - USB: cdc-acm: fix use-after-free after probe failure - [i386] usb: gadget: udc: amd5536udc_pci fix null-ptr-dereference - [arm*] usb: dwc2: Fix HPRT0.PrtSusp bit setting for HiKey 960 board. - [x86] staging: rtl8192e: Fix incorrect source in memcpy() - staging: rtl8192e: Change state information from u16 to u8 - drivers: video: fbcon: fix NULL dereference in fbcon_cursor() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.186 - [armhf] bus: ti-sysc: Fix warning on unbind if reset is not deasserted - [x86] platform/x86: intel-hid: Support Lenovo ThinkPad X1 Tablet Gen 2 - mISDN: fix crash in fritzpci - mac80211: choose first enabled channel for monitor - [arm64] drm/msm: Ratelimit invalid-fence message - [x86] platform/x86: thinkpad_acpi: Allow the FnLock LED to change state - scsi: target: pscsi: Clean up after failure in pscsi_map_sg() - cifs: revalidate mapping when we open files for SMB1 POSIX - cifs: Silently ignore unknown oplock break handle - [amd64] bpf, x86: Validate computation of branch displacements for x86-64 (CVE-2021-29154) - [i386] bpf, x86: Validate computation of branch displacements for x86-32 (CVE-2021-29154) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.187 - ALSA: aloop: Fix initialization of controls - [x86] ASoC: intel: atom: Stop advertising non working S24LE support - nfc: fix refcount leak in llcp_sock_bind() (CVE-2020-25670) - nfc: fix refcount leak in llcp_sock_connect() (CVE-2020-25671) - nfc: fix memory leak in llcp_sock_connect() (CVE-2020-25672) - nfc: Avoid endless loops caused by repeated llcp_sock_connect() - xen/evtchn: Change irq_info lock to raw_spinlock_t - net: ipv6: check for validity before dereferencing cfg->fc_nlinfo.nlh - ocfs2: fix deadlock between setattr and dio_end_io_write - fs: direct-io: fix missing sdio->boundary - [armhf] dts: turris-omnia: configure LED[2]/INTn pin as interrupt pin - batman-adv: initialize "struct batadv_tvlv_tt_vlan_data"->reserved field - ice: Increase control queue timeout - net: hso: fix null-ptr-deref during tty device unregistration - net: ensure mac header is set in virtio_net_hdr_to_skb() - net: sched: sch_teql: fix null-pointer dereference - net-ipv6: bugfix - raw & sctp - switch to ipv6_can_nonlocal_bind() - usbip: add sysfs_lock to synchronize sysfs code paths - usbip: stub-dev synchronize sysfs code paths - usbip: vudc synchronize sysfs code paths - usbip: synchronize event handler with sysfs code paths - i2c: turn recovery error on init to debug - virtio_net: Add XDP meta data support - xfrm: interface: fix ipv4 pmtu check to honor ip header df - net: xfrm: Localize sequence counter per network namespace - i40e: Added Asym_Pause to supported link modes - i40e: Fix kernel oops when i40e driver removes VF's - sch_red: fix off-by-one checks in red_check_params() - cxgb4: avoid collecting SGE_QBASE regs during traffic - net:tipc: Fix a double free in tipc_sk_mcast_rcv - [armhf] ASoC: sunxi: sun4i-codec: fill ASoC card owner - clk: fix invalid usage of list cursor in register - clk: fix invalid usage of list cursor in unregister - workqueue: Move the position of debug_work_activate() in __queue_work() - [s390x] cpcmd: fix inline assembly register clobbering - net/mlx5: Fix placement of log_max_flow_counter - net/mlx5: Fix PBMC register mapping - RDMA/cxgb4: check for ipv6 address properly while destroying listener - [armhf] clk: socfpga: fix iomem pointer cast on 64-bit - net: sched: bump refcount for new action in ACT replace mode - cfg80211: remove WARN_ON() in cfg80211_sme_connect - net: tun: set tun->dev->addr_len during TUNSETLINK processing - drivers: net: fix memory leak in atusb_probe - drivers: net: fix memory leak in peak_usb_create_dev - net: mac802154: Fix general protection fault - net: ieee802154: nl-mac: fix check on panid - net: ieee802154: fix nl802154 del llsec key - net: ieee802154: fix nl802154 del llsec dev - net: ieee802154: fix nl802154 add llsec key - net: ieee802154: fix nl802154 del llsec devkey - net: ieee802154: forbid monitor for set llsec params - net: ieee802154: forbid monitor for del llsec seclevel - net: ieee802154: stop dump llsec params for monitors - Revert "cifs: Set CIFS_MOUNT_USE_PREFIX_PATH flag on setting cifs_sb->prepath." (Closes: #988352) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.188 - [arm64] KVM: Hide system instruction access to Trace registers - [arm64] KVM: Disable guest access to trace filter controls - [armhf] drm/imx: imx-ldb: fix out of bounds array access warning - gfs2: report "already frozen/thawed" errors - [arm64,armhf] drm/tegra: dc: Don't set PLL clock to 0Hz - block: only update parent bi_status when bio fail - net: phy: broadcom: Only advertise EEE for supported modes - staging: m57621-mmc: delete driver from the tree. (Closes: #986949) - netfilter: x_tables: fix compat match/target pad out-of-bound write - driver core: Fix locking bug in deferred_probe_timeout_work_func() - xen/events: fix setting irq affinity https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.189 - net/sctp: fix race condition in sctp_destroy_sock - gpio: sysfs: Obey valid_mask - neighbour: Disregard DEAD dst in neigh_update - [arm64] drm/msm: Fix a5xx/a6xx timestamps - scsi: scsi_transport_srp: Don't block target in SRP_PORT_LOST state - net: ieee802154: stop dump llsec keys for monitors - net: ieee802154: stop dump llsec devs for monitors - net: ieee802154: forbid monitor for add llsec dev - net: ieee802154: stop dump llsec devkeys for monitors - net: ieee802154: forbid monitor for add llsec devkey - net: ieee802154: stop dump llsec seclevels for monitors - net: ieee802154: forbid monitor for add llsec seclevel - pcnet32: Use pci_resource_len to validate PCI resource - mac80211: clear sta->fast_rx when STA removed from 4-addr VLAN - HID: wacom: set EV_KEY and EV_ABS only for non-HID_GENERIC type of devices - readdir: make sure to verify directory entry for legacy interfaces too - [arm64] fix inline asm in load_unaligned_zeropad() - [arm64] alternatives: Move length validation in alternative_{insn, endif} - scsi: libsas: Reset num_scatter if libata marks qc as NODATA - netfilter: conntrack: do not print icmpv6 as unknown via /proc - netfilter: nft_limit: avoid possible divide error in nft_limit_init - net: sit: Unregister catch-all devices - net: ip6_tunnel: Unregister catch-all devices - i40e: fix the panic when running bpf in xdpdrv mode - [armel,armhf] 9071/1: uprobes: Don't hook on thumb instructions - net: phy: marvell: fix detection of PHY on Topaz switches - gup: document and work around "COW can break either way" issue (CVE-2020-29374) - [x86] pinctrl: lewisburg: Update number of pins in community - locking/qrwlock: Fix ordering in queued_write_lock_slowpath() - [x86] perf/x86/intel/uncore: Remove uncore extra PCI dev HSWEP_PCI_PCU_3 - HID: alps: fix error return code in alps_input_configured() - HID: wacom: Assign boolean values to a bool variable - net: geneve: check skb is large enough for IPv4/IPv6 header - [s390x] entry: save the caller of psw_idle - xen-netback: Check for hotplug-status existence before watching - [x86] crash: Fix crash_setup_memmap_entries() out-of-bounds access - net: hso: fix NULL-deref on disconnect regression - USB: CDC-ACM: fix poison/unpoison imbalance https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.190 - [x86] ACPI: tables: x86: Reserve memory occupied by ACPI tables - [x86] ACPI: x86: Call acpi_boot_table_init() after acpi_table_upgrade() - net: usb: ax88179_178a: initialize local variables before use - iwlwifi: Fix softirq/hardirq disabling in iwl_pcie_enqueue_hcmd() - [mips*] Do not include hi and lo in clobber list for R6 - bpf: Fix masking negation logic upon negative dst register (CVE-2021-31829) - iwlwifi: Fix softirq/hardirq disabling in iwl_pcie_gen2_enqueue_hcmd() - ALSA: usb-audio: Add MIDI quirk for Vox ToneLab EX - USB: Add LPM quirk for Lenovo ThinkPad USB-C Dock Gen2 Ethernet - USB: Add reset-resume quirk for WD19's Realtek Hub - [x86] platform/x86: thinkpad_acpi: Correct thermal sensor allocation - ovl: allow upperdir inside lowerdir https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.191 - [s390x] disassembler: increase ebpf disasm buffer size - ftrace: Handle commands when closing set_ftrace_filter file - ecryptfs: fix kernel panic with null dev_name - [armhf] spi: spi-ti-qspi: Free DMA resources - scsi: qla2xxx: Fix crash in qla2xxx_mqueuecommand() - mmc: sdhci-pci: Fix initialization of some SD cards for Intel BYT-based controllers - mmc: block: Update ext_csd.cache_ctrl if it was written - mmc: block: Issue a cache flush only when it's enabled - mmc: core: Do a power cycle when the CMD11 fails - mmc: core: Set read only for SD cards with permanent write protect bit - cifs: Return correct error code from smb2_get_enc_key - btrfs: fix metadata extent leak after failure to create subvolume - [x86] intel_th: pci: Add Rocket Lake CPU support - fbdev: zero-fill colormap in fbcmap.c - staging: wimax/i2400m: fix byte-order issue - crypto: api - check for ERR pointers in crypto_destroy_tfm() - usb: gadget: uvc: add bInterval checking for HS mode - [x86] genirq/matrix: Prevent allocation counter corruption - usb: gadget: f_uac1: validate input parameters - [arm64,armhf] usb: dwc3: gadget: Ignore EP queue requests during bus reset - usb: xhci: Fix port minor revision - PCI: PM: Do not read power state in pci_enable_device_flags() - [arm64] tee: optee: do not check memref size on return from Secure World - [arm*] perf/arm_pmu_platform: Fix error handling - xhci: check control context is valid before dereferencing it. - xhci: fix potential array out of bounds with several interrupters - [x86] intel_th: Consistency and off-by-one fix - [armhf] phy: phy-twl4030-usb: Fix possible use-after-free in twl4030_usb_remove() - btrfs: convert logic BUG_ON()'s in replace_path to ASSERT()'s - scsi: lpfc: Fix incorrect dbde assignment when building target abts wqe - scsi: lpfc: Fix pt2pt connection does not recover after LOGO - scsi: target: pscsi: Fix warning in pscsi_complete_cmd() - [x86] media: ite-cir: check for receive overflow - power: supply: bq27xxx: fix power_avg for newer ICs - media: media/saa7164: fix saa7164_encoder_register() memory leak bugs - media: gspca/sq905.c: fix uninitialized variable - drm/amdgpu : Fix asic reset regression issue introduce by 8f211fe8ac7c4f - scsi: qla2xxx: Always check the return value of qla24xx_get_isp_stats() - scsi: qla2xxx: Fix use after free in bsg - scsi: scsi_dh_alua: Remove check for ASC 24h in alua_rtpg() - media: em28xx: fix memory leak - media: vivid: update EDID - [armhf] clk: socfpga: arria10: Fix memory leak of socfpga_clk on error return - media: dvb-usb: fix memory leak in dvb_usb_adapter_init - media: gscpa/stv06xx: fix memory leak - [arm64] drm/msm/mdp5: Configure PP_SYNC_HEIGHT to double the vtotal - drm/amdgpu: fix NULL pointer dereference - scsi: lpfc: Fix crash when a REG_RPI mailbox fails triggering a LOGO response - scsi: lpfc: Remove unsupported mbox PORT_CAPABILITIES logic - scsi: libfc: Fix a format specifier - [s390x] archrandom: add parameter check for s390_arch_random_generate - [i386] ALSA: emu8000: Fix a use after free in snd_emu8000_create_mixer - ALSA: hda/conexant: Re-order CX5066 quirk table entries - [i386] ALSA: sb: Fix two use after free in snd_sb_qsound_build - ALSA: usb-audio: Explicitly set up the clock selector - ALSA: usb-audio: More constifications - ALSA: usb-audio: Add dB range mapping for Sennheiser Communications Headset PC 8 - ALSA: hda/realtek: Add quirk for Intel Clevo PCx0Dx - btrfs: fix race when picking most recent mod log operation for an old root - [arm64] vdso: Discard .note.gnu.property sections in vDSO - ubifs: Only check replay with inode type to judge if inode linked - f2fs: fix to avoid out-of-bounds memory access (CVE-2021-3506) - openvswitch: fix stack OOB read while fragmenting IPv4 packets - [arm64] ACPI: GTDT: Don't corrupt interrupt mappings on watchdow probe failure - NFS: Don't discard pNFS layout segments that are marked for return - NFSv4: Don't discard segments marked for return in _pnfs_return_layout() - jffs2: Fix kasan slab-out-of-bounds problem - [powerpc*] eeh: Fix EEH handling for hugepages in ioremap space. - [x86] intel_th: pci: Add Alder Lake-M support - [arm64,x86] tpm: vtpm_proxy: Avoid reading host log when using a virtual device - md/raid1: properly indicate failure when ending a failed write request - dm raid: fix inconclusive reshape layout on fast raid4/5/6 table reload sequences - security: commoncap: fix -Wstringop-overread warning - jffs2: check the validity of dstlen in jffs2_zlib_compress() - Revert 337f13046ff0 ("futex: Allow FUTEX_CLOCK_REALTIME with FUTEX_WAIT op") - posix-timers: Preserve return value in clock_adjtime32() - [arm64] vdso: remove commas between macro name and arguments - ext4: fix check to prevent false positive report of incorrect used inodes - ext4: do not set SB_ACTIVE in ext4_orphan_cleanup() - ext4: fix error code in ext4_commit_super - media: dvbdev: Fix memory leak in dvb_media_device_free() - usb: gadget: Fix double free of device descriptor pointers - usb: gadget/function/f_fs string table fix for multiple languages - [arm64,armhf] usb: dwc3: gadget: Fix START_TRANSFER link state check - [arm*] usb: dwc2: Fix session request interrupt handler - tty: fix memory leak in vc_deallocate - tracing: Map all PIDs to command lines - tracing: Restructure trace_clock_global() to never block - dm space map common: fix division bug in sm_ll_find_free_block() - dm rq: fix double free of blk_mq_tag_set in dev remove after table load fails - modules: mark ref_module static - modules: mark find_symbol static - modules: mark each_symbol_section static - modules: unexport __module_text_address - modules: unexport __module_address - modules: rename the licence field in struct symsearch to license - modules: return licensing information from find_symbol - modules: inherit TAINT_PROPRIETARY_MODULE - Bluetooth: verify AMP hci_chan before amp_destroy (CVE-2021-33034) - bluetooth: eliminate the potential race condition when removing the HCI controller (CVE-2021-32399) - net/nfc: fix use-after-free llcp_sock_bind/connect (CVE-2021-23134) - FDDI: defxx: Bail out gracefully with unassigned PCI resource for CSR - misc: lis3lv02d: Fix false-positive WARN on various HP models - [x86] misc: vmw_vmci: explicitly initialize vmci_notify_bm_set_msg struct - [x86] misc: vmw_vmci: explicitly initialize vmci_datagram payload - md/bitmap: wait for external bitmap writes to complete during tear down - md-cluster: fix use-after-free issue when removing rdev - md: split mddev_find - md: factor out a mddev_find_locked helper from mddev_find - md: md_open returns -EBUSY when entering racing area - md: Fix missing unused status line of /proc/mdstat - ipw2x00: potential buffer overflow in libipw_wx_set_encodeext() - cfg80211: scan: drop entry from hidden_list on overflow - drm/radeon: fix copy of uninitialized variable back to userspace - ALSA: hda/realtek: Re-order ALC882 Acer quirk table entries - ALSA: hda/realtek: Re-order ALC882 Sony quirk table entries - ALSA: hda/realtek: Re-order ALC882 Clevo quirk table entries - ALSA: hda/realtek: Re-order ALC269 HP quirk table entries - ALSA: hda/realtek: Re-order ALC269 Dell quirk table entries - ALSA: hda/realtek: Re-order ALC269 Sony quirk table entries - ALSA: hda/realtek: Re-order ALC269 Lenovo quirk table entries - ALSA: hda/realtek: Remove redundant entry for ALC861 Haier/Uniwill devices - [x86] cpu: Initialize MSR_TSC_AUX if RDTSCP *or* RDPID is supported - [s390x] KVM: split kvm_s390_logical_to_effective - [s390x] KVM: fix guarded storage control register handling - [s390x] KVM: split kvm_s390_real_to_abs - ovl: fix missing revert_creds() on error path - [x86] usb: gadget: pch_udc: Revert d3cb25a12138 completely - [armhf] memory: gpmc: fix out of bounds read and dereference on gpmc_cs[] - [armhf] dts: exynos: correct PMIC interrupt trigger level on SMDK5250 - regmap: set debugfs_name to NULL after it is freed - mtd: Handle possible -EPROBE_DEFER from parse_mtd_partitions() - [x86] microcode: Check for offline CPUs before requesting new microcode - [x86] usb: gadget: pch_udc: Replace cpu_to_le32() by lower_32_bits() - [x86] usb: gadget: pch_udc: Check if driver is present before calling ->setup() - [x86] usb: gadget: pch_udc: Check for DMA mapping error - [x86] crypto: qat - don't release uninitialized resources - [x86] crypto: qat - ADF_STATUS_PF_RUNNING should be set after adf_dev_init - mtd: require write permissions for locking and badblock ioctls - [arm64] bus: qcom: Put child node before return - [x86] crypto: qat - fix error path in adf_isr_resource_alloc() - [armhf] mtd: rawnand: gpmi: Fix a double free in gpmi_nand_init - [arm64,armhf] irqchip/gic-v3: Fix OF_BAD_ADDR error handling - [x86] staging: rtl8192u: Fix potential infinite loop - spi: Fix use-after-free with devm_spi_alloc_* - [arm64] soc: qcom: mdt_loader: Validate that p_filesz < p_memsz - [arm64] soc: qcom: mdt_loader: Detect truncated read of segments - [amd64,arm64] ACPI: CPPC: Replace cppc_attr with kobj_attribute - [x86] crypto: qat - Fix a double free in adf_create_ring - [arm64] cpufreq: armada-37xx: Fix setting TBG parent for load levels - [arm64] clk: mvebu: armada-37xx-periph: remove .set_parent method for CPU PM clock - [arm64] cpufreq: armada-37xx: Fix the AVS value for load L1 - [arm64] clk: mvebu: armada-37xx-periph: Fix switching CPU freq from 250 Mhz to 1 GHz - [arm64] clk: mvebu: armada-37xx-periph: Fix workaround for switching from L1 to L0 - [arm64] cpufreq: armada-37xx: Fix driver cleanup when registration failed - [arm64] cpufreq: armada-37xx: Fix determining base CPU frequency - USB: cdc-acm: fix unprivileged TIOCCSERIAL - tty: actually undefine superseded ASYNC flags - tty: fix return value for unsupported ioctls - usbip: vudc: fix missing unlock on error in usbip_sockfd_store() - [x86] platform/x86: pmc_atom: Match all Beckhoff Automation baytrail boards with critclk_systems DMI table - [x86] Drivers: hv: vmbus: Increase wait time for VMbus unload - [arm*] usb: dwc2: Fix host mode hibernation exit with remote wakeup flow. - [arm*] usb: dwc2: Fix hibernation between host and device modes. - ttyprintk: Add TTY hangup callback. - media: vivid: fix assignment of dev->fbuf_out_flags - media: m88rs6000t: avoid potential out-of-bounds reads on arrays - [x86] kprobes: Fix to check non boostable prefixes correctly - sata_mv: add IRQ checks - ata: libahci_platform: fix IRQ check - nvme: retrigger ANA log update if group descriptor isn't found - [arm64] clk: qcom: a53-pll: Add missing MODULE_DEVICE_TABLE - [powerpc*] scsi: ibmvfc: Fix invalid state machine BUG_ON() - [armhf] HSI: core: fix resource leaks in hsi_add_client_from_dt() - [amd64] x86/events/amd/iommu: Fix sysfs type mismatch - sched/debug: Fix cgroup_path[] serialization - drivers/block/null_blk/main: Fix a double free in null_init. - HID: plantronics: Workaround for double volume key presses - [powerpc*] prom: Mark identical_pvr_fixup as __init - ALSA: core: remove redundant spin_lock pair in snd_card_disconnect - bug: Remove redundant condition check in report_bug - nfc: pn533: prevent potential memory corruption - [arm64] net: hns3: Limiting the scope of vector_ring_chain variable - ALSA: usb-audio: Add error checks for usb_driver_claim_interface() calls - [powerpc*] 64s: Fix pte update for kernel memory on radix - [powerpc*] perf: Fix PMU constraint check for EBB events - mac80211: bail out if cipher schemes are invalid - mt7601u: fix always true expression - [amd64] IB/hfi1: Fix error return code in parse_platform_config() - [arm64] net: thunderx: Fix unintentional sign extension issue - RDMA/srpt: Fix error return code in srpt_cm_req_recv() - [mips*] pci-legacy: stop using of_pci_range_to_resource - [powerpc*] pseries: extract host bridge from pci_bus prior to bus removal - rtlwifi: 8821ae: upgrade PHY and RF parameters - mwl8k: Fix a double Free in mwl8k_probe_hw - [x86] vsock/vmci: log once the failed queue pair allocation - RDMA/i40iw: Fix error unwinding when i40iw_hmc_sd_one fails - ALSA: usb: midi: don't return -ENOMEM when usb_urb_ep_type_check fails - [armhf] net: davinci_emac: Fix incorrect masking of tx and rx error channel - ath9k: Fix error check in ath9k_hw_read_revisions() for PCI devices - ath10k: Fix ath10k_wmi_tlv_op_pull_peer_stats_info() unlock without lock - bnxt_en: fix ternary sign extension bug in bnxt_show_temp() - net: geneve: modify IP header check in geneve6_xmit_skb and geneve_xmit_skb - [arm64] net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send - net:nfc:digital: Fix a double free in digital_tg_recv_dep_req - mm/sparse: add the missing sparse_buffer_fini() in error branch - mm/memory-failure: unnecessary amount of unmapping - net: Only allow init netns to set default tcp cong to a restricted algo - smp: Fix smp_call_function_single_async prototype - Revert "net/sctp: fix race condition in sctp_destroy_sock" - sctp: delay auto_asconf init until binding the first addr (CVE-2021-23133) - Revert "of/fdt: Make sure no-map does not remove already reserved regions" - Revert "fdt: Properly handle "no-map" field in the memory region" - [arm64,x86] tpm: fix error return code in tpm2_get_cc_attrs_tbl() - fs: dlm: fix debugfs dump - tipc: convert dest node's address to network order - [x86] ASoC: Intel: bytcr_rt5640: Enable jack-detect support on Asus T100TAF - [arm64] net: stmmac: Set FIFO sizes for ipq806x - i2c: bail out early when RDWR parameters are wrong - ALSA: hdsp: don't disable if not enabled - ALSA: hdspm: don't disable if not enabled - ALSA: rme9652: don't disable if not enabled - Bluetooth: Set CONF_NOT_COMPLETE as l2cap_chan default - Bluetooth: initialize skb_queue_head at l2cap_chan_create() - net: bridge: when suppression is enabled exclude RARP packets - Bluetooth: check for zapped sk before connecting - ip6_vti: proper dev_{hold|put} in ndo_[un]init methods - [x86] ASoC: Intel: bytcr_rt5640: Add quirk for the Chuwi Hi8 tablet - i2c: Add I2C_AQ_NO_REP_START adapter quirk - mac80211: clear the beacon's CRC after channel switch - [armhf] pinctrl: samsung: use 'int' for register masks in Exynos - cuse: prevent clone - sctp: Fix out-of-bounds warning in sctp_process_asconf_param() - [powerpc*] smp: Set numa node before updating mask - [x86] ASoC: rt286: Generalize support for ALC3263 codec - ethtool: ioctl: Fix out-of-bounds warning in store_link_ksettings_for_user() - [powerpc*] pseries: Stop calling printk in rtas_stop_self() - [x86] wl3501_cs: Fix out-of-bounds warnings in wl3501_send_pkt - [x86] wl3501_cs: Fix out-of-bounds warnings in wl3501_mgmt_join - [powerpc*] iommu: Annotate nested lock for lockdep - [x86] ASoC: rt286: Make RT286_SET_GPIO_* readable and writable - f2fs: fix a redundant call to f2fs_balance_fs if an error occurs - PCI: Release OF node in pci_scan_device()'s error path - [armel,armhf] 9064/1: hw_breakpoint: Do not directly check the event's overflow_handler hook - [arm64] rpmsg: qcom_glink_native: fix error return code of qcom_glink_rx_data() - NFSv4.2: Always flush out writes in nfs42_proc_fallocate() - NFS: Deal correctly with attribute generation counter overflow - pNFS/flexfiles: fix incorrect size check in decode_nfs_fh() - NFSv4.2 fix handling of sr_eof in SEEK's reply - rtc: ds1307: Fix wday settings for rx8130 - [arm64] net: hns3: disable phy loopback setting in hclge_mac_start_phy - sctp: do asoc update earlier in sctp_sf_do_dupcook_a - ethernet:enic: Fix a use after free bug in enic_hard_start_xmit - sctp: fix a SCTP_MIB_CURRESTAB leak in sctp_sf_do_dupcook_b - netfilter: xt_SECMARK: add new revision to fix structure layout - drm/radeon: Fix off-by-one power_state index heap overwrite - drm/radeon: Avoid power table parsing memory leaks - khugepaged: fix wrong result value for trace_mm_collapse_huge_page_isolate() - mm/hugeltb: handle the error case in hugetlb_fix_reserve_counts() - ksm: fix potential missing rmap_item for stable_node - net: fix nla_strcmp to handle more then one trailing null character - smc: disallow TCP_ULP in smc_setsockopt() - netfilter: nfnetlink_osf: Fix a missing skb_header_pointer() NULL check - sched/fair: Fix unfairness caused by missing load decay - [amd64] kernel: kexec_file: fix error return code of kexec_calculate_store_digests() - netfilter: nftables: avoid overflows in nft_hash_buckets() - i40e: Fix use-after-free in i40e_client_subtask() - [powerpc*] 64s: Fix crashes when toggling stf barrier - [powerpc*] 64s: Fix crashes when toggling entry flush barrier - hfsplus: prevent corruption in shrinking truncate - squashfs: fix divide error in calculate_skip() - userfaultfd: release page in error path to avoid BUG_ON - drm/radeon/dpm: Disable sclk switching on Oland when two 4K 60Hz monitors are connected - [arm64,x86] ACPI: scan: Fix a memory leak in an error handling path - blk-mq: Swap two calls in blk_mq_exit_queue() - [armhf] usb: dwc3: omap: improve extcon initialization - [arm64] usb: dwc3: pci: Enable usb2-gadget-lpm-disable for Intel Merrifield - [arm*] usb: dwc2: Fix gadget DMA unmap direction - usb: core: hub: fix race condition about TRSMRCY of resume - [arm64,armhf] usb: dwc3: gadget: Return success always for kick transfer in ep queue - xhci: Do not use GFP_KERNEL in (potentially) atomic context - xhci: Add reset resume quirk for AMD xhci controller. - [x86] iio: tsl2583: Fix division by a zero lux_val - cdc-wdm: untangle a circular dependency between callback and softint - [x86] KVM: Cancel pvclock_gtod_work on module removal - thermal/core/fair share: Lock the thermal zone while looping over instances - kobject_uevent: remove warning in init_uevent_argv() - netfilter: conntrack: Make global sysctls readonly in non-init netns - nvme: do not try to reconfigure APST when the controller is not live - [x86] msr: Fix wr/rdmsr_safe_regs_on_cpu() prototypes - usb: sl811-hcd: improve misleading indentation - cxgb4: Fix the -Wmisleading-indentation warning - isdn: capi: fix mismatched prototypes - [arm64] PCI: thunder: Fix compile testing - [armel,armhf] 9066/1: ftrace: pause/unpause function graph tracer in cpu_suspend() - [arm64,x86] ACPI / hotplug / PCI: Fix reference count leak in enable_slot() - [arm64] Input: elants_i2c - do not bind to i2c-hid compatible ACPI instantiated devices - [armel,armhf] 9075/1: kernel: Fix interrupted SMC calls - ceph: fix fscache invalidation - scsi: target: tcmu: Return from tcmu_handle_completions() if cmd_id not found - [arm64,x86] gpiolib: acpi: Add quirk to ignore EC wakeups on Dell Venue 10 Pro 5055 - ALSA: hda: generic: change the DAC ctl name for LO+SPK or LO+HP - block: reexpand iov_iter after read/write - [arm64,armhf] net: stmmac: Do not enable RX FIFO overflow interrupts - ip6_gre: proper dev_{hold|put} in ndo_[un]init methods - sit: proper dev_{hold|put} in ndo_[un]init methods - ip6_tunnel: sit: proper dev_{hold|put} in ndo_[un]init methods - ipv6: remove extra dev_hold() for fallback tunnels - iomap: fix sub-page uptodate handling - [arm64] KVM: Initialize VCPU mdcr_el2 before loading it - tweewide: Fix most Shebang lines - scripts: switch explicitly to Python 3 https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.192 - RDMA/rxe: Clear all QP fields if creation failed - scsi: qla2xxx: Fix error return code in qla82xx_write_flash_dword() - RDMA/mlx5: Recover from fatal event in dual port mode - [x86] platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios - ptrace: make ptrace() fail if the tracee changed its pid unexpectedly - nvmet: seset ns->file when open fails - locking/mutex: clear MUTEX_FLAGS if wait_list is empty due to signal - cifs: fix memory leak in smb2_copychunk_range - ALSA: dice: fix stream format for TC Electronic Konnekt Live at high sampling transfer frequency - ALSA: line6: Fix racy initialization of LINE6 MIDI - ALSA: dice: fix stream format at middle sampling rate for Alesis iO 26 - ALSA: usb-audio: Validate MS endpoint descriptors - ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro - [i386] Revert "ALSA: sb8: add a check for request_region" - ALSA: hda/realtek: reset eapd coeff to default value for alc287 - ALSA: hda/realtek: Add some CLOVE SSIDs of ALC293 - [arm64] Revert "serial: mvebu-uart: Fix to avoid a potential NULL pointer dereference" - [x86] xen-pciback: reconfigure also from backend watch handler - dm snapshot: fix crash with transient storage and zero chunk size - [x86] Revert "video: hgafb: fix potential NULL pointer dereference" - [arm64,armhf] Revert "net: stmicro: fix a missing check of clk_prepare" - [armhf] Revert "leds: lp5523: fix a missing check of return value of lp55xx_read" - Revert "hwmon: (lm80) fix a missing check of bus read in lm80 probe" - Revert "ecryptfs: replace BUG_ON with error handling code" - Revert "rtlwifi: fix a potential NULL pointer dereference" - Revert "qlcnic: Avoid potential NULL pointer dereference" - Revert "niu: fix missing checks of niu_pci_eeprom_read" - ethernet: sun: niu: fix missing checks of niu_pci_eeprom_read() - [arm64,armhf] net: stmicro: handle clk_prepare() failure during init - net: rtlwifi: properly check for alloc_workqueue() failure - [armhf] leds: lp5523: check return value of lp5xx_read and jump to cleanup code - qlcnic: Add null check after calling netdev_alloc_skb - [x86] video: hgafb: fix potential NULL pointer dereference - vgacon: Record video mode changes with VT_RESIZEX - vt: Fix character height handling with VT_RESIZEX - tty: vt: always invoke vc->vc_sw->con_resize callback - [x86] video: hgafb: correctly handle card detect failure during probe - Bluetooth: SMP: Fail if remote and local public keys are identical (CVE-2020-26558, CVE-2021-0129) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.193 - mm, vmstat: drop zone->lock in /proc/pagetypeinfo - [arm64,armhf] usb: dwc3: gadget: Enable suspend events - NFC: nci: fix memory leak in nci_allocate_device - cifs: set server->cipher_type to AES-128-CCM for SMB3.0 - NFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return() - [amd64] iommu/vt-d: Fix sysfs leak in alloc_iommu() - proc: Check /proc/$pid/attr/ writes against file opener - net: hso: fix control-request directions - mac80211: assure all fragments are encrypted (CVE-2020-26147) - mac80211: prevent mixed key and fragment cache attacks (CVE-2020-24586, CVE-2020-24587) - mac80211: properly handle A-MSDUs that start with an RFC 1042 header - cfg80211: mitigate A-MSDU aggregation attacks (CVE-2020-24588) - mac80211: drop A-MSDUs on old ciphers (CVE-2020-24588) - mac80211: add fragment cache to sta_info - mac80211: check defrag PN against current frame - mac80211: prevent attacks on TKIP/WEP as well - mac80211: do not accept/forward invalid EAPOL frames (CVE-2020-26139) - mac80211: extend protection against mixed key and fragment cache attacks (CVE-2020-24586, CVE-2020-24587) - ath10k: Validate first subframe of A-MSDU before processing the list - dm snapshot: properly fix a crash when an origin has no snapshots - misc/uss720: fix memory leak in uss720_probe - [x86] thunderbolt: dma_port: Fix NVM read buffer bounds and offset issue - [x86] mei: request autosuspend after sending rx flow control - USB: trancevibrator: fix control-request direction - USB: usbfs: Don't WARN about excessively large memory allocations - serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait' - USB: serial: ti_usb_3410_5052: add startech.com device id - USB: serial: option: add Telit LE910-S1 compositions 0x7010, 0x7011 - USB: serial: ftdi_sio: add IDs for IDS GmbH Products - USB: serial: pl2303: add device id for ADLINK ND-6530 GC - [arm64,armhf] usb: dwc3: gadget: Properly track pending and queued SG - net: usb: fix memory leak in smsc75xx_bind - bpf: extend is_branch_taken to registers - bpf: Test_verifier, bpf_get_stack return value add <0 - bpf, test_verifier: switch bpf_get_stack's 0 s> r8 test - bpf: Move off_reg into sanitize_ptr_alu (CVE-2021-29155) - bpf: Ensure off_reg has no mixed signed bounds for all types (CVE-2021-29155) - bpf: Rework ptr_limit into alu_limit and add common error path (CVE-2021-29155) - bpf: Improve verifier error messages for users (CVE-2021-29155) - bpf: Refactor and streamline bounds check into helper (CVE-2021-29155) - bpf: Move sanitize_val_alu out of op switch (CVE-2021-29155) - bpf: Tighten speculative pointer arithmetic mask (CVE-2021-29155) - bpf: Update selftests to reflect new error states - bpf: Fix leakage of uninitialized bpf stack under speculation (CVE-2021-31829) - bpf: Wrap aux data inside bpf_sanitize_info container - bpf: Fix mask direction swap upon off reg sign change - bpf: No need to simulate speculative domain for immediates - [armhf] spi: gpio: Don't leak SPI master in probe error path - Bluetooth: cmtp: fix file refcount when cmtp_attach_device fails - NFS: fix an incorrect limit in filelayout_decode_layout() - NFS: Don't corrupt the value of pg_bytes_written in nfs_do_recoalesce() - NFSv4: Fix v4.0/v4.1 SEEK_DATA return -ENOTSUPP when set NFS_V4_2 config - [arm64] drm/meson: fix shutdown crash when component not probed - net/mlx4: Fix EEPROM dump support - Revert "net:tipc: Fix a double free in tipc_sk_mcast_rcv" - tipc: skb_linearize the head skb when reassembling msgs - [arm64,armhf] net: dsa: fix a crash if ->get_sset_count() fails - [armhf] i2c: s3c2410: fix possible NULL pointer deref on read message after write - [x86] i2c: i801: Don't generate an interrupt on bus reset - [x86] platform/x86: hp_accel: Avoid invoking _INI to speed up resume - [x86] net: fujitsu: fix potential null-ptr-deref - [x86] char: hpet: add checks after calling ioremap - isdn: mISDNinfineon: check/cleanup ioremap failure correctly in setup_io - [arm64] dmaengine: qcom_hidma: comment platform_driver_register call - libertas: register sysfs groups properly - media: dvb: Add check on sp8870_readreg return - media: gspca: properly check for errors in po1030_probe() - [x86] scsi: BusLogic: Fix 64-bit system enumeration error for Buslogic - btrfs: do not BUG_ON in link_to_fixup_dir - [x86] platform/x86: hp-wireless: add AMD's hardware id to the supported list - SMB3: incorrect file id in requests compounded with open - drm/amd/amdgpu: fix refcount leak - drm/amdgpu: Fix a use-after-free - [arm64,armhf] net: dsa: fix error code getting shifted with 4 in dsa_slave_get_sset_count - [armhf] net: fec: fix the potential memory leak in fec_enet_init() - [arm64] net: mdio: thunder: Fix a double free issue in the .remove function - [mips*] net: mdio: octeon: Fix some double free issues - openvswitch: meter: fix race when getting now_ms. - net: bnx2: Fix error return code in bnx2_init_board() - mld: fix panic in mld_newpack() - bpf: Set mac_len in bpf_skb_change_head - ixgbe: fix large MTU request from VF - scsi: libsas: Use _safe() loop in sas_resume_port() - ipv6: record frag_max_size in atomic fragments in input path - sch_dsmark: fix a NULL deref in qdisc_reset() - hugetlbfs: hugetlb_fault_mutex_hash() cleanup - drivers/net/ethernet: clean up unused assignments - [arm64] net: hns3: check the return of skb_checksum_help() - usb: core: reduce power-on-good delay time of root hub https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.194 - net: usb: cdc_ncm: don't spew notifications (Closes: #989451) - ALSA: usb: update old-style static const declaration - nl80211: validate key indexes for cfg80211_registered_device - efi: Allow EFI_MEMORY_XP and EFI_MEMORY_RO both to be cleared - [arm64,x86] efi: cper: fix snprintf() use in cper_dimm_err_location() - vfio/pci: Fix error return code in vfio_ecap_init() - ipvs: ignore IP_VS_SVC_F_HASHED flag when adding service - HID: pidff: fix error return code in hid_pidff_init() - [arm64,x86] HID: i2c-hid: fix format string mismatch - netfilter: nfnetlink_cthelper: hit EBUSY on updates if size mismatches - ieee802154: fix error return code in ieee802154_add_iface() - ieee802154: fix error return code in ieee802154_llsec_getparams() - ixgbevf: add correct exception tracing for XDP - tipc: add extack messages for bearer/media failure - tipc: fix unique bearer names sanity check - Bluetooth: fix the erroneous flush_work() order (CVE-2021-3564) - Bluetooth: use correct lock to prevent UAF of hdev object (CVE-2021-3573) - HID: multitouch: require Finger field to mark Win8 reports as MT - ALSA: timer: Fix master timer notification - ALSA: hda: Fix for mute key LED for HP Pavilion 15-CK0xx - ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed - [arm*] usb: dwc2: Fix build in periphal-only mode - pid: take a reference when initializing `cad_pid` - ocfs2: fix data corruption by fallocate - nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect (CVE-2021-3587) - [x86] apic: Mark _all_ legacy interrupts when IO/APIC is missing - btrfs: mark ordered extent and inode with error if we fail to finish - btrfs: fix error handling in btrfs_del_csums - btrfs: return errors from btrfs_del_csums in cleanup_ref_head - btrfs: fixup error handling in fixup_inode_link_counts - mm, hugetlb: fix simple resv_huge_pages underflow on UFFDIO_COPY - bpf: Add BPF_F_ANY_ALIGNMENT. - bnxt_en: Remove the setting of dev_port. - perf/cgroups: Don't rotate events for cgroups unnecessarily - perf/core: Fix corner case in perf_rotate_context() - btrfs: fix unmountable seed device after fstrim - [x86] KVM: SVM: Truncate GPR value for DR and CR accesses in !64-bit mode - [arm64] KVM: Fix debug register indexing - [arm64,x86] ACPI: probe ECDT before loading AML tables regardless of module-level code flag - [arm64,x86] ACPI: EC: Look for ECDT EC after calling acpi_load_tables() - sched/fair: Optimize select_idle_cpu - [x86] xen-pciback: redo VF placement in the virtual topology . [ Salvatore Bonaccorso ] * [rt] Update to 4.19.182-rt74 * [rt] Add new signing key for Clark Williams * [rt] Update to 4.19.184-rt75 * Bump ABI to 17 * [rt] Refresh "workqueue: Use normal rcu" * [rt] Refresh "workqueue: Use local irq lock instead of irq disable" * [rt] Refresh "workqueue: rework" * [rt] Update to 4.19.188-rt77 * [rt] Update to 4.19.190-rt79 * [rt] Refresh "ptrace: fix ptrace vs tasklist_lock race" * [rt] Update to 4.19.193-rt81 * [rt] Refresh "kernel: sched: Provide a pointer to the valid CPU mask" linux-latest (105+deb10u12) buster; urgency=medium . * Update to 4.19.0-17 linux-signed-amd64 (4.19.194+1) buster; urgency=medium . * Sign kernel from linux 4.19.194-1 . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.182 - [arm64] KVM: nvhe: Save the SPE context early - [armhf] net: dsa: b53: Support setting learning on port https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.183 - ALSA: hda: generic: Fix the micmute led init state - Revert "PM: runtime: Update device status before letting suppliers suspend" - vmlinux.lds.h: Create section for protection against instrumentation - btrfs: fix race when cloning extent buffer during rewind of an old root (CVE-2021-28964) - btrfs: fix slab cache flags for free space tree bitmap - [armhf] ASoC: fsl_ssi: Fix TDM slot setup for I2S mode - nvmet: don't check iosqes,iocqes for discovery controllers - NFSD: Repair misuse of sv_lock in 5.10.16-rt30. - svcrdma: disable timeouts on rdma backchannel - sunrpc: fix refcount leak for rpc auth modules - scsi: lpfc: Fix some error codes in debugfs - nvme-rdma: fix possible hang when failing to set io queues - [powerpc*] Force inlining of cpu_has_feature() to avoid build failure - usb-storage: Add quirk to defeat Kindle's automatic unload - usbip: Fix incorrect double assignment to udc->ud.tcp_rx - USB: replace hardcode maximum usb string length by definition - usb: gadget: configfs: Fix KASAN use-after-free - [arm64] iio:adc:qcom-spmi-vadc: add default scale to LR_MUX2_BAT_ID channel - iio: hid-sensor-prox: Fix scale not correct issue - [powerpc*] PCI: rpadlpar: Fix potential drc_name corruption in store functions (CVE-2021-28972) - [x86] perf/x86/intel: Fix a crash caused by zero PEBS status (CVE-2021-28971) - [x86] ioapic: Ignore IRQ2 again - kernel, fs: Introduce and use set_restart_fn() and arch_set_restart_data() - [x86] Move TS_COMPAT back to asm/thread_info.h - [x86] Introduce TS_COMPAT_RESTART to fix get_nr_restart_syscall() - ext4: find old entry again if failed to rename whiteout - ext4: do not try to set xattr into ea_inode if value is empty - ext4: fix potential error in ext4_do_update_inode - genirq: Disable interrupts for force threaded handlers - [x86] apic/of: Fix CPU devicetree-node lookups - cifs: Fix preauth hash corruption https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.184 - [armhf] net: fec: ptp: avoid register access when ipg clock is disabled - [powerpc*] 4xx: Fix build errors from mfdcr() - atm: eni: dont release is never initialized - atm: lanai: dont run lanai_dev_close if not open - Revert "r8152: adjust the settings about MAC clock speed down for RTL8153" - ixgbe: Fix memleak in ixgbe_configure_clsu32 - net: tehuti: fix error return code in bdx_probe() - sun/niu: fix wrong RXMAC_BC_FRM_CNT_COUNT count - gianfar: fix jumbo packets+napi+rx overrun crash (CVE-2021-29264) - gpiolib: acpi: Add missing IRQF_ONESHOT - nfs: fix PNFS_FLEXFILE_LAYOUT Kconfig default - NFS: Correct size calculation for create reply length - [arm64] net: hisilicon: hns: fix error return code of hns_nic_clear_all_rx_fetch() - [x86] atm: uPD98402: fix incorrect allocation - atm: idt77252: fix null-ptr-dereference - u64_stats,lockdep: Fix u64_stats_init() vs lockdep - nfs: we don't support removing system.nfs4_acl - block: Suppress uevent for hidden device when removed - [arm64] netsec: restore phy power state after controller reset - [x86] platform/x86: intel-vbtn: Stop reporting SW_DOCK events - squashfs: fix inode lookup sanity checks - squashfs: fix xattr id and id lookup sanity checks - dm ioctl: fix out of bounds array access when no devices (CVE-2021-31916) - [armhf] bus: omap_l3_noc: mark l3 irqs as IRQF_NO_THREAD - veth: Store queue_mapping independently of XDP prog presence - libbpf: Fix INSTALL flag order - macvlan: macvlan_count_rx() needs to be aware of preemption - [armhf] net: dsa: bcm_sf2: Qualify phydev->dev_flags based on port - e1000e: add rtnl_lock() to e1000_reset_task - e1000e: Fix error handling in e1000_set_d0_lplu_state_82571 - net/qlcnic: Fix a use after free in qlcnic_83xx_get_minidump_template - netfilter: ctnetlink: fix dump of the expect mask attribute - can: peak_usb: add forgotten supported devices - [armhf] can: flexcan: flexcan_chip_freeze(): fix chip freeze for missing bitrate - mac80211: fix rate mask reset - net: cdc-phonet: fix data-interface release on probe failure - [arm64,armhf] net: stmmac: dwmac-sun8i: Provide TX and RX fifo sizes - [arm64] drm/msm: fix shutdown hook in case GPU components failed to bind - net/mlx5e: Fix error path for ethtool set-priv-flag - RDMA/cxgb4: Fix adapter LE hash errors while destroying ipv6 listening server - bpf: Don't do bpf_cgroup_storage_set() for kuprobe/tp programs - Revert "netfilter: x_tables: Switch synchronization to RCU" - netfilter: x_tables: Use correct memory barriers. (CVE-2021-29650) - Revert "netfilter: x_tables: Update remaining dereference to RCU" - ACPI: scan: Rearrange memory allocation in acpi_device_add() - ACPI: scan: Use unique number for instance_no - dm verity: add root hash pkcs#7 signature verification - scsi: qedi: Fix error return code of qedi_alloc_global_queues() - scsi: mpt3sas: Fix error return code of mpt3sas_base_attach() - locking/mutex: Fix non debug version of mutex_lock_io_nested() - can: dev: Move device back to init netns on owning netns delete - net: sched: validate stab values - net: qrtr: fix a kernel-infoleak in qrtr_recvmsg() (CVE-2021-29647) - mac80211: fix double free in ibss_leave - ext4: add reclaim checks to xattr code - can: peak_usb: Revert "can: peak_usb: add forgotten supported devices" - xen-blkback: don't leak persistent grants from xen_blkbk_map() (CVE-2021-28688) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.185 - selinux: vsock: Set SID for socket returned by accept() - tcp: relookup sock for RST+ACK packets handled by obsolete req sock - ipv6: weaken the v4mapped source check - ext4: fix bh ref count on error paths - rpc: fix NULL dereference on kmalloc failure - ASoC: rt5640: Fix dac- and adc- vol-tlv values being off by a factor of 10 - [x86] ASoC: rt5651: Fix dac- and adc- vol-tlv values being off by a factor of 10 - [armhf] ASoC: sgtl5000: set DAP_AVC_CTRL register to correct default value on probe - [x86] ASoC: es8316: Simplify adc_pga_gain_tlv table - vhost: Fix vhost_vq_reset() - scsi: st: Fix a use after free in st_open() - scsi: qla2xxx: Fix broken #endif placement - [x86] staging: comedi: cb_pcidas: fix request_irq() warn - [x86] staging: comedi: cb_pcidas64: fix request_irq() warn - thermal/core: Add NULL pointer check before using cooling device stats - locking/ww_mutex: Simplify use_ww_ctx & ww_ctx handling - ext4: do not iput inode under running transaction in ext4_rename() - brcmfmac: clear EAP/association status bits on linkdown events - ath10k: hold RCU lock when calling ieee80211_find_sta_by_ifaddr() - [amd64] net: ethernet: aquantia: Handle error cleanup of start on open - appletalk: Fix skb allocation size in loopback case - [x86] net: wan/lmc: unregister device when no matching device is found - bpf: Remove MTU check in __bpf_skb_max_len - ALSA: usb-audio: Apply sample rate quirk to Logitech Connect - ALSA: hda/realtek: fix a determine_headset_type issue for a Dell AIO - ALSA: hda/realtek: call alc_update_headset_mode() in hp_automute_hook - PM: runtime: Fix race getting/putting suppliers at probe - PM: runtime: Fix ordering in pm_runtime_get_suppliers() - tracing: Fix stack trace event size - mm: fix race by making init_zero_pfn() early_initcall - drm/amdgpu: fix offset calculation in amdgpu_vm_bo_clear_mappings() - drm/amdgpu: check alignment on CPU page for bo map - reiserfs: update reiserfs_xattrs_initialized() condition - [arm64,armhf] pinctrl: rockchip: fix restore error in resume - extcon: Add stubs for extcon_register_notifier_all() functions - extcon: Fix error handling in extcon_dev_register - firewire: nosy: Fix a use-after-free bug in nosy_ioctl() (CVE-2021-3483) - usbip: vhci_hcd fix shift out-of-bounds in vhci_hub_control() - USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem - [arm64,armhf] usb: musb: Fix suspend with devices connected for a64 - cdc-acm: fix BREAK rx code path adding necessary calls - USB: cdc-acm: untangle a circular dependency between callback and softint - USB: cdc-acm: downgrade message to debug - USB: cdc-acm: fix double free on probe failure - USB: cdc-acm: fix use-after-free after probe failure - [i386] usb: gadget: udc: amd5536udc_pci fix null-ptr-dereference - [arm*] usb: dwc2: Fix HPRT0.PrtSusp bit setting for HiKey 960 board. - [x86] staging: rtl8192e: Fix incorrect source in memcpy() - staging: rtl8192e: Change state information from u16 to u8 - drivers: video: fbcon: fix NULL dereference in fbcon_cursor() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.186 - [armhf] bus: ti-sysc: Fix warning on unbind if reset is not deasserted - [x86] platform/x86: intel-hid: Support Lenovo ThinkPad X1 Tablet Gen 2 - mISDN: fix crash in fritzpci - mac80211: choose first enabled channel for monitor - [arm64] drm/msm: Ratelimit invalid-fence message - [x86] platform/x86: thinkpad_acpi: Allow the FnLock LED to change state - scsi: target: pscsi: Clean up after failure in pscsi_map_sg() - cifs: revalidate mapping when we open files for SMB1 POSIX - cifs: Silently ignore unknown oplock break handle - [amd64] bpf, x86: Validate computation of branch displacements for x86-64 (CVE-2021-29154) - [i386] bpf, x86: Validate computation of branch displacements for x86-32 (CVE-2021-29154) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.187 - ALSA: aloop: Fix initialization of controls - [x86] ASoC: intel: atom: Stop advertising non working S24LE support - nfc: fix refcount leak in llcp_sock_bind() (CVE-2020-25670) - nfc: fix refcount leak in llcp_sock_connect() (CVE-2020-25671) - nfc: fix memory leak in llcp_sock_connect() (CVE-2020-25672) - nfc: Avoid endless loops caused by repeated llcp_sock_connect() - xen/evtchn: Change irq_info lock to raw_spinlock_t - net: ipv6: check for validity before dereferencing cfg->fc_nlinfo.nlh - ocfs2: fix deadlock between setattr and dio_end_io_write - fs: direct-io: fix missing sdio->boundary - [armhf] dts: turris-omnia: configure LED[2]/INTn pin as interrupt pin - batman-adv: initialize "struct batadv_tvlv_tt_vlan_data"->reserved field - ice: Increase control queue timeout - net: hso: fix null-ptr-deref during tty device unregistration - net: ensure mac header is set in virtio_net_hdr_to_skb() - net: sched: sch_teql: fix null-pointer dereference - net-ipv6: bugfix - raw & sctp - switch to ipv6_can_nonlocal_bind() - usbip: add sysfs_lock to synchronize sysfs code paths - usbip: stub-dev synchronize sysfs code paths - usbip: vudc synchronize sysfs code paths - usbip: synchronize event handler with sysfs code paths - i2c: turn recovery error on init to debug - virtio_net: Add XDP meta data support - xfrm: interface: fix ipv4 pmtu check to honor ip header df - net: xfrm: Localize sequence counter per network namespace - i40e: Added Asym_Pause to supported link modes - i40e: Fix kernel oops when i40e driver removes VF's - sch_red: fix off-by-one checks in red_check_params() - cxgb4: avoid collecting SGE_QBASE regs during traffic - net:tipc: Fix a double free in tipc_sk_mcast_rcv - [armhf] ASoC: sunxi: sun4i-codec: fill ASoC card owner - clk: fix invalid usage of list cursor in register - clk: fix invalid usage of list cursor in unregister - workqueue: Move the position of debug_work_activate() in __queue_work() - [s390x] cpcmd: fix inline assembly register clobbering - net/mlx5: Fix placement of log_max_flow_counter - net/mlx5: Fix PBMC register mapping - RDMA/cxgb4: check for ipv6 address properly while destroying listener - [armhf] clk: socfpga: fix iomem pointer cast on 64-bit - net: sched: bump refcount for new action in ACT replace mode - cfg80211: remove WARN_ON() in cfg80211_sme_connect - net: tun: set tun->dev->addr_len during TUNSETLINK processing - drivers: net: fix memory leak in atusb_probe - drivers: net: fix memory leak in peak_usb_create_dev - net: mac802154: Fix general protection fault - net: ieee802154: nl-mac: fix check on panid - net: ieee802154: fix nl802154 del llsec key - net: ieee802154: fix nl802154 del llsec dev - net: ieee802154: fix nl802154 add llsec key - net: ieee802154: fix nl802154 del llsec devkey - net: ieee802154: forbid monitor for set llsec params - net: ieee802154: forbid monitor for del llsec seclevel - net: ieee802154: stop dump llsec params for monitors - Revert "cifs: Set CIFS_MOUNT_USE_PREFIX_PATH flag on setting cifs_sb->prepath." (Closes: #988352) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.188 - [arm64] KVM: Hide system instruction access to Trace registers - [arm64] KVM: Disable guest access to trace filter controls - [armhf] drm/imx: imx-ldb: fix out of bounds array access warning - gfs2: report "already frozen/thawed" errors - [arm64,armhf] drm/tegra: dc: Don't set PLL clock to 0Hz - block: only update parent bi_status when bio fail - net: phy: broadcom: Only advertise EEE for supported modes - staging: m57621-mmc: delete driver from the tree. (Closes: #986949) - netfilter: x_tables: fix compat match/target pad out-of-bound write - driver core: Fix locking bug in deferred_probe_timeout_work_func() - xen/events: fix setting irq affinity https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.189 - net/sctp: fix race condition in sctp_destroy_sock - gpio: sysfs: Obey valid_mask - neighbour: Disregard DEAD dst in neigh_update - [arm64] drm/msm: Fix a5xx/a6xx timestamps - scsi: scsi_transport_srp: Don't block target in SRP_PORT_LOST state - net: ieee802154: stop dump llsec keys for monitors - net: ieee802154: stop dump llsec devs for monitors - net: ieee802154: forbid monitor for add llsec dev - net: ieee802154: stop dump llsec devkeys for monitors - net: ieee802154: forbid monitor for add llsec devkey - net: ieee802154: stop dump llsec seclevels for monitors - net: ieee802154: forbid monitor for add llsec seclevel - pcnet32: Use pci_resource_len to validate PCI resource - mac80211: clear sta->fast_rx when STA removed from 4-addr VLAN - HID: wacom: set EV_KEY and EV_ABS only for non-HID_GENERIC type of devices - readdir: make sure to verify directory entry for legacy interfaces too - [arm64] fix inline asm in load_unaligned_zeropad() - [arm64] alternatives: Move length validation in alternative_{insn, endif} - scsi: libsas: Reset num_scatter if libata marks qc as NODATA - netfilter: conntrack: do not print icmpv6 as unknown via /proc - netfilter: nft_limit: avoid possible divide error in nft_limit_init - net: sit: Unregister catch-all devices - net: ip6_tunnel: Unregister catch-all devices - i40e: fix the panic when running bpf in xdpdrv mode - [armel,armhf] 9071/1: uprobes: Don't hook on thumb instructions - net: phy: marvell: fix detection of PHY on Topaz switches - gup: document and work around "COW can break either way" issue (CVE-2020-29374) - [x86] pinctrl: lewisburg: Update number of pins in community - locking/qrwlock: Fix ordering in queued_write_lock_slowpath() - [x86] perf/x86/intel/uncore: Remove uncore extra PCI dev HSWEP_PCI_PCU_3 - HID: alps: fix error return code in alps_input_configured() - HID: wacom: Assign boolean values to a bool variable - net: geneve: check skb is large enough for IPv4/IPv6 header - [s390x] entry: save the caller of psw_idle - xen-netback: Check for hotplug-status existence before watching - [x86] crash: Fix crash_setup_memmap_entries() out-of-bounds access - net: hso: fix NULL-deref on disconnect regression - USB: CDC-ACM: fix poison/unpoison imbalance https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.190 - [x86] ACPI: tables: x86: Reserve memory occupied by ACPI tables - [x86] ACPI: x86: Call acpi_boot_table_init() after acpi_table_upgrade() - net: usb: ax88179_178a: initialize local variables before use - iwlwifi: Fix softirq/hardirq disabling in iwl_pcie_enqueue_hcmd() - [mips*] Do not include hi and lo in clobber list for R6 - bpf: Fix masking negation logic upon negative dst register (CVE-2021-31829) - iwlwifi: Fix softirq/hardirq disabling in iwl_pcie_gen2_enqueue_hcmd() - ALSA: usb-audio: Add MIDI quirk for Vox ToneLab EX - USB: Add LPM quirk for Lenovo ThinkPad USB-C Dock Gen2 Ethernet - USB: Add reset-resume quirk for WD19's Realtek Hub - [x86] platform/x86: thinkpad_acpi: Correct thermal sensor allocation - ovl: allow upperdir inside lowerdir https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.191 - [s390x] disassembler: increase ebpf disasm buffer size - ftrace: Handle commands when closing set_ftrace_filter file - ecryptfs: fix kernel panic with null dev_name - [armhf] spi: spi-ti-qspi: Free DMA resources - scsi: qla2xxx: Fix crash in qla2xxx_mqueuecommand() - mmc: sdhci-pci: Fix initialization of some SD cards for Intel BYT-based controllers - mmc: block: Update ext_csd.cache_ctrl if it was written - mmc: block: Issue a cache flush only when it's enabled - mmc: core: Do a power cycle when the CMD11 fails - mmc: core: Set read only for SD cards with permanent write protect bit - cifs: Return correct error code from smb2_get_enc_key - btrfs: fix metadata extent leak after failure to create subvolume - [x86] intel_th: pci: Add Rocket Lake CPU support - fbdev: zero-fill colormap in fbcmap.c - staging: wimax/i2400m: fix byte-order issue - crypto: api - check for ERR pointers in crypto_destroy_tfm() - usb: gadget: uvc: add bInterval checking for HS mode - [x86] genirq/matrix: Prevent allocation counter corruption - usb: gadget: f_uac1: validate input parameters - [arm64,armhf] usb: dwc3: gadget: Ignore EP queue requests during bus reset - usb: xhci: Fix port minor revision - PCI: PM: Do not read power state in pci_enable_device_flags() - [arm64] tee: optee: do not check memref size on return from Secure World - [arm*] perf/arm_pmu_platform: Fix error handling - xhci: check control context is valid before dereferencing it. - xhci: fix potential array out of bounds with several interrupters - [x86] intel_th: Consistency and off-by-one fix - [armhf] phy: phy-twl4030-usb: Fix possible use-after-free in twl4030_usb_remove() - btrfs: convert logic BUG_ON()'s in replace_path to ASSERT()'s - scsi: lpfc: Fix incorrect dbde assignment when building target abts wqe - scsi: lpfc: Fix pt2pt connection does not recover after LOGO - scsi: target: pscsi: Fix warning in pscsi_complete_cmd() - [x86] media: ite-cir: check for receive overflow - power: supply: bq27xxx: fix power_avg for newer ICs - media: media/saa7164: fix saa7164_encoder_register() memory leak bugs - media: gspca/sq905.c: fix uninitialized variable - drm/amdgpu : Fix asic reset regression issue introduce by 8f211fe8ac7c4f - scsi: qla2xxx: Always check the return value of qla24xx_get_isp_stats() - scsi: qla2xxx: Fix use after free in bsg - scsi: scsi_dh_alua: Remove check for ASC 24h in alua_rtpg() - media: em28xx: fix memory leak - media: vivid: update EDID - [armhf] clk: socfpga: arria10: Fix memory leak of socfpga_clk on error return - media: dvb-usb: fix memory leak in dvb_usb_adapter_init - media: gscpa/stv06xx: fix memory leak - [arm64] drm/msm/mdp5: Configure PP_SYNC_HEIGHT to double the vtotal - drm/amdgpu: fix NULL pointer dereference - scsi: lpfc: Fix crash when a REG_RPI mailbox fails triggering a LOGO response - scsi: lpfc: Remove unsupported mbox PORT_CAPABILITIES logic - scsi: libfc: Fix a format specifier - [s390x] archrandom: add parameter check for s390_arch_random_generate - [i386] ALSA: emu8000: Fix a use after free in snd_emu8000_create_mixer - ALSA: hda/conexant: Re-order CX5066 quirk table entries - [i386] ALSA: sb: Fix two use after free in snd_sb_qsound_build - ALSA: usb-audio: Explicitly set up the clock selector - ALSA: usb-audio: More constifications - ALSA: usb-audio: Add dB range mapping for Sennheiser Communications Headset PC 8 - ALSA: hda/realtek: Add quirk for Intel Clevo PCx0Dx - btrfs: fix race when picking most recent mod log operation for an old root - [arm64] vdso: Discard .note.gnu.property sections in vDSO - ubifs: Only check replay with inode type to judge if inode linked - f2fs: fix to avoid out-of-bounds memory access (CVE-2021-3506) - openvswitch: fix stack OOB read while fragmenting IPv4 packets - [arm64] ACPI: GTDT: Don't corrupt interrupt mappings on watchdow probe failure - NFS: Don't discard pNFS layout segments that are marked for return - NFSv4: Don't discard segments marked for return in _pnfs_return_layout() - jffs2: Fix kasan slab-out-of-bounds problem - [powerpc*] eeh: Fix EEH handling for hugepages in ioremap space. - [x86] intel_th: pci: Add Alder Lake-M support - [arm64,x86] tpm: vtpm_proxy: Avoid reading host log when using a virtual device - md/raid1: properly indicate failure when ending a failed write request - dm raid: fix inconclusive reshape layout on fast raid4/5/6 table reload sequences - security: commoncap: fix -Wstringop-overread warning - jffs2: check the validity of dstlen in jffs2_zlib_compress() - Revert 337f13046ff0 ("futex: Allow FUTEX_CLOCK_REALTIME with FUTEX_WAIT op") - posix-timers: Preserve return value in clock_adjtime32() - [arm64] vdso: remove commas between macro name and arguments - ext4: fix check to prevent false positive report of incorrect used inodes - ext4: do not set SB_ACTIVE in ext4_orphan_cleanup() - ext4: fix error code in ext4_commit_super - media: dvbdev: Fix memory leak in dvb_media_device_free() - usb: gadget: Fix double free of device descriptor pointers - usb: gadget/function/f_fs string table fix for multiple languages - [arm64,armhf] usb: dwc3: gadget: Fix START_TRANSFER link state check - [arm*] usb: dwc2: Fix session request interrupt handler - tty: fix memory leak in vc_deallocate - tracing: Map all PIDs to command lines - tracing: Restructure trace_clock_global() to never block - dm space map common: fix division bug in sm_ll_find_free_block() - dm rq: fix double free of blk_mq_tag_set in dev remove after table load fails - modules: mark ref_module static - modules: mark find_symbol static - modules: mark each_symbol_section static - modules: unexport __module_text_address - modules: unexport __module_address - modules: rename the licence field in struct symsearch to license - modules: return licensing information from find_symbol - modules: inherit TAINT_PROPRIETARY_MODULE - Bluetooth: verify AMP hci_chan before amp_destroy (CVE-2021-33034) - bluetooth: eliminate the potential race condition when removing the HCI controller (CVE-2021-32399) - net/nfc: fix use-after-free llcp_sock_bind/connect (CVE-2021-23134) - FDDI: defxx: Bail out gracefully with unassigned PCI resource for CSR - misc: lis3lv02d: Fix false-positive WARN on various HP models - [x86] misc: vmw_vmci: explicitly initialize vmci_notify_bm_set_msg struct - [x86] misc: vmw_vmci: explicitly initialize vmci_datagram payload - md/bitmap: wait for external bitmap writes to complete during tear down - md-cluster: fix use-after-free issue when removing rdev - md: split mddev_find - md: factor out a mddev_find_locked helper from mddev_find - md: md_open returns -EBUSY when entering racing area - md: Fix missing unused status line of /proc/mdstat - ipw2x00: potential buffer overflow in libipw_wx_set_encodeext() - cfg80211: scan: drop entry from hidden_list on overflow - drm/radeon: fix copy of uninitialized variable back to userspace - ALSA: hda/realtek: Re-order ALC882 Acer quirk table entries - ALSA: hda/realtek: Re-order ALC882 Sony quirk table entries - ALSA: hda/realtek: Re-order ALC882 Clevo quirk table entries - ALSA: hda/realtek: Re-order ALC269 HP quirk table entries - ALSA: hda/realtek: Re-order ALC269 Dell quirk table entries - ALSA: hda/realtek: Re-order ALC269 Sony quirk table entries - ALSA: hda/realtek: Re-order ALC269 Lenovo quirk table entries - ALSA: hda/realtek: Remove redundant entry for ALC861 Haier/Uniwill devices - [x86] cpu: Initialize MSR_TSC_AUX if RDTSCP *or* RDPID is supported - [s390x] KVM: split kvm_s390_logical_to_effective - [s390x] KVM: fix guarded storage control register handling - [s390x] KVM: split kvm_s390_real_to_abs - ovl: fix missing revert_creds() on error path - [x86] usb: gadget: pch_udc: Revert d3cb25a12138 completely - [armhf] memory: gpmc: fix out of bounds read and dereference on gpmc_cs[] - [armhf] dts: exynos: correct PMIC interrupt trigger level on SMDK5250 - regmap: set debugfs_name to NULL after it is freed - mtd: Handle possible -EPROBE_DEFER from parse_mtd_partitions() - [x86] microcode: Check for offline CPUs before requesting new microcode - [x86] usb: gadget: pch_udc: Replace cpu_to_le32() by lower_32_bits() - [x86] usb: gadget: pch_udc: Check if driver is present before calling ->setup() - [x86] usb: gadget: pch_udc: Check for DMA mapping error - [x86] crypto: qat - don't release uninitialized resources - [x86] crypto: qat - ADF_STATUS_PF_RUNNING should be set after adf_dev_init - mtd: require write permissions for locking and badblock ioctls - [arm64] bus: qcom: Put child node before return - [x86] crypto: qat - fix error path in adf_isr_resource_alloc() - [armhf] mtd: rawnand: gpmi: Fix a double free in gpmi_nand_init - [arm64,armhf] irqchip/gic-v3: Fix OF_BAD_ADDR error handling - [x86] staging: rtl8192u: Fix potential infinite loop - spi: Fix use-after-free with devm_spi_alloc_* - [arm64] soc: qcom: mdt_loader: Validate that p_filesz < p_memsz - [arm64] soc: qcom: mdt_loader: Detect truncated read of segments - [amd64,arm64] ACPI: CPPC: Replace cppc_attr with kobj_attribute - [x86] crypto: qat - Fix a double free in adf_create_ring - [arm64] cpufreq: armada-37xx: Fix setting TBG parent for load levels - [arm64] clk: mvebu: armada-37xx-periph: remove .set_parent method for CPU PM clock - [arm64] cpufreq: armada-37xx: Fix the AVS value for load L1 - [arm64] clk: mvebu: armada-37xx-periph: Fix switching CPU freq from 250 Mhz to 1 GHz - [arm64] clk: mvebu: armada-37xx-periph: Fix workaround for switching from L1 to L0 - [arm64] cpufreq: armada-37xx: Fix driver cleanup when registration failed - [arm64] cpufreq: armada-37xx: Fix determining base CPU frequency - USB: cdc-acm: fix unprivileged TIOCCSERIAL - tty: actually undefine superseded ASYNC flags - tty: fix return value for unsupported ioctls - usbip: vudc: fix missing unlock on error in usbip_sockfd_store() - [x86] platform/x86: pmc_atom: Match all Beckhoff Automation baytrail boards with critclk_systems DMI table - [x86] Drivers: hv: vmbus: Increase wait time for VMbus unload - [arm*] usb: dwc2: Fix host mode hibernation exit with remote wakeup flow. - [arm*] usb: dwc2: Fix hibernation between host and device modes. - ttyprintk: Add TTY hangup callback. - media: vivid: fix assignment of dev->fbuf_out_flags - media: m88rs6000t: avoid potential out-of-bounds reads on arrays - [x86] kprobes: Fix to check non boostable prefixes correctly - sata_mv: add IRQ checks - ata: libahci_platform: fix IRQ check - nvme: retrigger ANA log update if group descriptor isn't found - [arm64] clk: qcom: a53-pll: Add missing MODULE_DEVICE_TABLE - [powerpc*] scsi: ibmvfc: Fix invalid state machine BUG_ON() - [armhf] HSI: core: fix resource leaks in hsi_add_client_from_dt() - [amd64] x86/events/amd/iommu: Fix sysfs type mismatch - sched/debug: Fix cgroup_path[] serialization - drivers/block/null_blk/main: Fix a double free in null_init. - HID: plantronics: Workaround for double volume key presses - [powerpc*] prom: Mark identical_pvr_fixup as __init - ALSA: core: remove redundant spin_lock pair in snd_card_disconnect - bug: Remove redundant condition check in report_bug - nfc: pn533: prevent potential memory corruption - [arm64] net: hns3: Limiting the scope of vector_ring_chain variable - ALSA: usb-audio: Add error checks for usb_driver_claim_interface() calls - [powerpc*] 64s: Fix pte update for kernel memory on radix - [powerpc*] perf: Fix PMU constraint check for EBB events - mac80211: bail out if cipher schemes are invalid - mt7601u: fix always true expression - [amd64] IB/hfi1: Fix error return code in parse_platform_config() - [arm64] net: thunderx: Fix unintentional sign extension issue - RDMA/srpt: Fix error return code in srpt_cm_req_recv() - [mips*] pci-legacy: stop using of_pci_range_to_resource - [powerpc*] pseries: extract host bridge from pci_bus prior to bus removal - rtlwifi: 8821ae: upgrade PHY and RF parameters - mwl8k: Fix a double Free in mwl8k_probe_hw - [x86] vsock/vmci: log once the failed queue pair allocation - RDMA/i40iw: Fix error unwinding when i40iw_hmc_sd_one fails - ALSA: usb: midi: don't return -ENOMEM when usb_urb_ep_type_check fails - [armhf] net: davinci_emac: Fix incorrect masking of tx and rx error channel - ath9k: Fix error check in ath9k_hw_read_revisions() for PCI devices - ath10k: Fix ath10k_wmi_tlv_op_pull_peer_stats_info() unlock without lock - bnxt_en: fix ternary sign extension bug in bnxt_show_temp() - net: geneve: modify IP header check in geneve6_xmit_skb and geneve_xmit_skb - [arm64] net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send - net:nfc:digital: Fix a double free in digital_tg_recv_dep_req - mm/sparse: add the missing sparse_buffer_fini() in error branch - mm/memory-failure: unnecessary amount of unmapping - net: Only allow init netns to set default tcp cong to a restricted algo - smp: Fix smp_call_function_single_async prototype - Revert "net/sctp: fix race condition in sctp_destroy_sock" - sctp: delay auto_asconf init until binding the first addr (CVE-2021-23133) - Revert "of/fdt: Make sure no-map does not remove already reserved regions" - Revert "fdt: Properly handle "no-map" field in the memory region" - [arm64,x86] tpm: fix error return code in tpm2_get_cc_attrs_tbl() - fs: dlm: fix debugfs dump - tipc: convert dest node's address to network order - [x86] ASoC: Intel: bytcr_rt5640: Enable jack-detect support on Asus T100TAF - [arm64] net: stmmac: Set FIFO sizes for ipq806x - i2c: bail out early when RDWR parameters are wrong - ALSA: hdsp: don't disable if not enabled - ALSA: hdspm: don't disable if not enabled - ALSA: rme9652: don't disable if not enabled - Bluetooth: Set CONF_NOT_COMPLETE as l2cap_chan default - Bluetooth: initialize skb_queue_head at l2cap_chan_create() - net: bridge: when suppression is enabled exclude RARP packets - Bluetooth: check for zapped sk before connecting - ip6_vti: proper dev_{hold|put} in ndo_[un]init methods - [x86] ASoC: Intel: bytcr_rt5640: Add quirk for the Chuwi Hi8 tablet - i2c: Add I2C_AQ_NO_REP_START adapter quirk - mac80211: clear the beacon's CRC after channel switch - [armhf] pinctrl: samsung: use 'int' for register masks in Exynos - cuse: prevent clone - sctp: Fix out-of-bounds warning in sctp_process_asconf_param() - [powerpc*] smp: Set numa node before updating mask - [x86] ASoC: rt286: Generalize support for ALC3263 codec - ethtool: ioctl: Fix out-of-bounds warning in store_link_ksettings_for_user() - [powerpc*] pseries: Stop calling printk in rtas_stop_self() - [x86] wl3501_cs: Fix out-of-bounds warnings in wl3501_send_pkt - [x86] wl3501_cs: Fix out-of-bounds warnings in wl3501_mgmt_join - [powerpc*] iommu: Annotate nested lock for lockdep - [x86] ASoC: rt286: Make RT286_SET_GPIO_* readable and writable - f2fs: fix a redundant call to f2fs_balance_fs if an error occurs - PCI: Release OF node in pci_scan_device()'s error path - [armel,armhf] 9064/1: hw_breakpoint: Do not directly check the event's overflow_handler hook - [arm64] rpmsg: qcom_glink_native: fix error return code of qcom_glink_rx_data() - NFSv4.2: Always flush out writes in nfs42_proc_fallocate() - NFS: Deal correctly with attribute generation counter overflow - pNFS/flexfiles: fix incorrect size check in decode_nfs_fh() - NFSv4.2 fix handling of sr_eof in SEEK's reply - rtc: ds1307: Fix wday settings for rx8130 - [arm64] net: hns3: disable phy loopback setting in hclge_mac_start_phy - sctp: do asoc update earlier in sctp_sf_do_dupcook_a - ethernet:enic: Fix a use after free bug in enic_hard_start_xmit - sctp: fix a SCTP_MIB_CURRESTAB leak in sctp_sf_do_dupcook_b - netfilter: xt_SECMARK: add new revision to fix structure layout - drm/radeon: Fix off-by-one power_state index heap overwrite - drm/radeon: Avoid power table parsing memory leaks - khugepaged: fix wrong result value for trace_mm_collapse_huge_page_isolate() - mm/hugeltb: handle the error case in hugetlb_fix_reserve_counts() - ksm: fix potential missing rmap_item for stable_node - net: fix nla_strcmp to handle more then one trailing null character - smc: disallow TCP_ULP in smc_setsockopt() - netfilter: nfnetlink_osf: Fix a missing skb_header_pointer() NULL check - sched/fair: Fix unfairness caused by missing load decay - [amd64] kernel: kexec_file: fix error return code of kexec_calculate_store_digests() - netfilter: nftables: avoid overflows in nft_hash_buckets() - i40e: Fix use-after-free in i40e_client_subtask() - [powerpc*] 64s: Fix crashes when toggling stf barrier - [powerpc*] 64s: Fix crashes when toggling entry flush barrier - hfsplus: prevent corruption in shrinking truncate - squashfs: fix divide error in calculate_skip() - userfaultfd: release page in error path to avoid BUG_ON - drm/radeon/dpm: Disable sclk switching on Oland when two 4K 60Hz monitors are connected - [arm64,x86] ACPI: scan: Fix a memory leak in an error handling path - blk-mq: Swap two calls in blk_mq_exit_queue() - [armhf] usb: dwc3: omap: improve extcon initialization - [arm64] usb: dwc3: pci: Enable usb2-gadget-lpm-disable for Intel Merrifield - [arm*] usb: dwc2: Fix gadget DMA unmap direction - usb: core: hub: fix race condition about TRSMRCY of resume - [arm64,armhf] usb: dwc3: gadget: Return success always for kick transfer in ep queue - xhci: Do not use GFP_KERNEL in (potentially) atomic context - xhci: Add reset resume quirk for AMD xhci controller. - [x86] iio: tsl2583: Fix division by a zero lux_val - cdc-wdm: untangle a circular dependency between callback and softint - [x86] KVM: Cancel pvclock_gtod_work on module removal - thermal/core/fair share: Lock the thermal zone while looping over instances - kobject_uevent: remove warning in init_uevent_argv() - netfilter: conntrack: Make global sysctls readonly in non-init netns - nvme: do not try to reconfigure APST when the controller is not live - [x86] msr: Fix wr/rdmsr_safe_regs_on_cpu() prototypes - usb: sl811-hcd: improve misleading indentation - cxgb4: Fix the -Wmisleading-indentation warning - isdn: capi: fix mismatched prototypes - [arm64] PCI: thunder: Fix compile testing - [armel,armhf] 9066/1: ftrace: pause/unpause function graph tracer in cpu_suspend() - [arm64,x86] ACPI / hotplug / PCI: Fix reference count leak in enable_slot() - [arm64] Input: elants_i2c - do not bind to i2c-hid compatible ACPI instantiated devices - [armel,armhf] 9075/1: kernel: Fix interrupted SMC calls - ceph: fix fscache invalidation - scsi: target: tcmu: Return from tcmu_handle_completions() if cmd_id not found - [arm64,x86] gpiolib: acpi: Add quirk to ignore EC wakeups on Dell Venue 10 Pro 5055 - ALSA: hda: generic: change the DAC ctl name for LO+SPK or LO+HP - block: reexpand iov_iter after read/write - [arm64,armhf] net: stmmac: Do not enable RX FIFO overflow interrupts - ip6_gre: proper dev_{hold|put} in ndo_[un]init methods - sit: proper dev_{hold|put} in ndo_[un]init methods - ip6_tunnel: sit: proper dev_{hold|put} in ndo_[un]init methods - ipv6: remove extra dev_hold() for fallback tunnels - iomap: fix sub-page uptodate handling - [arm64] KVM: Initialize VCPU mdcr_el2 before loading it - tweewide: Fix most Shebang lines - scripts: switch explicitly to Python 3 https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.192 - RDMA/rxe: Clear all QP fields if creation failed - scsi: qla2xxx: Fix error return code in qla82xx_write_flash_dword() - RDMA/mlx5: Recover from fatal event in dual port mode - [x86] platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios - ptrace: make ptrace() fail if the tracee changed its pid unexpectedly - nvmet: seset ns->file when open fails - locking/mutex: clear MUTEX_FLAGS if wait_list is empty due to signal - cifs: fix memory leak in smb2_copychunk_range - ALSA: dice: fix stream format for TC Electronic Konnekt Live at high sampling transfer frequency - ALSA: line6: Fix racy initialization of LINE6 MIDI - ALSA: dice: fix stream format at middle sampling rate for Alesis iO 26 - ALSA: usb-audio: Validate MS endpoint descriptors - ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro - [i386] Revert "ALSA: sb8: add a check for request_region" - ALSA: hda/realtek: reset eapd coeff to default value for alc287 - ALSA: hda/realtek: Add some CLOVE SSIDs of ALC293 - [arm64] Revert "serial: mvebu-uart: Fix to avoid a potential NULL pointer dereference" - [x86] xen-pciback: reconfigure also from backend watch handler - dm snapshot: fix crash with transient storage and zero chunk size - [x86] Revert "video: hgafb: fix potential NULL pointer dereference" - [arm64,armhf] Revert "net: stmicro: fix a missing check of clk_prepare" - [armhf] Revert "leds: lp5523: fix a missing check of return value of lp55xx_read" - Revert "hwmon: (lm80) fix a missing check of bus read in lm80 probe" - Revert "ecryptfs: replace BUG_ON with error handling code" - Revert "rtlwifi: fix a potential NULL pointer dereference" - Revert "qlcnic: Avoid potential NULL pointer dereference" - Revert "niu: fix missing checks of niu_pci_eeprom_read" - ethernet: sun: niu: fix missing checks of niu_pci_eeprom_read() - [arm64,armhf] net: stmicro: handle clk_prepare() failure during init - net: rtlwifi: properly check for alloc_workqueue() failure - [armhf] leds: lp5523: check return value of lp5xx_read and jump to cleanup code - qlcnic: Add null check after calling netdev_alloc_skb - [x86] video: hgafb: fix potential NULL pointer dereference - vgacon: Record video mode changes with VT_RESIZEX - vt: Fix character height handling with VT_RESIZEX - tty: vt: always invoke vc->vc_sw->con_resize callback - [x86] video: hgafb: correctly handle card detect failure during probe - Bluetooth: SMP: Fail if remote and local public keys are identical (CVE-2020-26558, CVE-2021-0129) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.193 - mm, vmstat: drop zone->lock in /proc/pagetypeinfo - [arm64,armhf] usb: dwc3: gadget: Enable suspend events - NFC: nci: fix memory leak in nci_allocate_device - cifs: set server->cipher_type to AES-128-CCM for SMB3.0 - NFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return() - [amd64] iommu/vt-d: Fix sysfs leak in alloc_iommu() - proc: Check /proc/$pid/attr/ writes against file opener - net: hso: fix control-request directions - mac80211: assure all fragments are encrypted (CVE-2020-26147) - mac80211: prevent mixed key and fragment cache attacks (CVE-2020-24586, CVE-2020-24587) - mac80211: properly handle A-MSDUs that start with an RFC 1042 header - cfg80211: mitigate A-MSDU aggregation attacks (CVE-2020-24588) - mac80211: drop A-MSDUs on old ciphers (CVE-2020-24588) - mac80211: add fragment cache to sta_info - mac80211: check defrag PN against current frame - mac80211: prevent attacks on TKIP/WEP as well - mac80211: do not accept/forward invalid EAPOL frames (CVE-2020-26139) - mac80211: extend protection against mixed key and fragment cache attacks (CVE-2020-24586, CVE-2020-24587) - ath10k: Validate first subframe of A-MSDU before processing the list - dm snapshot: properly fix a crash when an origin has no snapshots - misc/uss720: fix memory leak in uss720_probe - [x86] thunderbolt: dma_port: Fix NVM read buffer bounds and offset issue - [x86] mei: request autosuspend after sending rx flow control - USB: trancevibrator: fix control-request direction - USB: usbfs: Don't WARN about excessively large memory allocations - serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait' - USB: serial: ti_usb_3410_5052: add startech.com device id - USB: serial: option: add Telit LE910-S1 compositions 0x7010, 0x7011 - USB: serial: ftdi_sio: add IDs for IDS GmbH Products - USB: serial: pl2303: add device id for ADLINK ND-6530 GC - [arm64,armhf] usb: dwc3: gadget: Properly track pending and queued SG - net: usb: fix memory leak in smsc75xx_bind - bpf: extend is_branch_taken to registers - bpf: Test_verifier, bpf_get_stack return value add <0 - bpf, test_verifier: switch bpf_get_stack's 0 s> r8 test - bpf: Move off_reg into sanitize_ptr_alu (CVE-2021-29155) - bpf: Ensure off_reg has no mixed signed bounds for all types (CVE-2021-29155) - bpf: Rework ptr_limit into alu_limit and add common error path (CVE-2021-29155) - bpf: Improve verifier error messages for users (CVE-2021-29155) - bpf: Refactor and streamline bounds check into helper (CVE-2021-29155) - bpf: Move sanitize_val_alu out of op switch (CVE-2021-29155) - bpf: Tighten speculative pointer arithmetic mask (CVE-2021-29155) - bpf: Update selftests to reflect new error states - bpf: Fix leakage of uninitialized bpf stack under speculation (CVE-2021-31829) - bpf: Wrap aux data inside bpf_sanitize_info container - bpf: Fix mask direction swap upon off reg sign change - bpf: No need to simulate speculative domain for immediates - [armhf] spi: gpio: Don't leak SPI master in probe error path - Bluetooth: cmtp: fix file refcount when cmtp_attach_device fails - NFS: fix an incorrect limit in filelayout_decode_layout() - NFS: Don't corrupt the value of pg_bytes_written in nfs_do_recoalesce() - NFSv4: Fix v4.0/v4.1 SEEK_DATA return -ENOTSUPP when set NFS_V4_2 config - [arm64] drm/meson: fix shutdown crash when component not probed - net/mlx4: Fix EEPROM dump support - Revert "net:tipc: Fix a double free in tipc_sk_mcast_rcv" - tipc: skb_linearize the head skb when reassembling msgs - [arm64,armhf] net: dsa: fix a crash if ->get_sset_count() fails - [armhf] i2c: s3c2410: fix possible NULL pointer deref on read message after write - [x86] i2c: i801: Don't generate an interrupt on bus reset - [x86] platform/x86: hp_accel: Avoid invoking _INI to speed up resume - [x86] net: fujitsu: fix potential null-ptr-deref - [x86] char: hpet: add checks after calling ioremap - isdn: mISDNinfineon: check/cleanup ioremap failure correctly in setup_io - [arm64] dmaengine: qcom_hidma: comment platform_driver_register call - libertas: register sysfs groups properly - media: dvb: Add check on sp8870_readreg return - media: gspca: properly check for errors in po1030_probe() - [x86] scsi: BusLogic: Fix 64-bit system enumeration error for Buslogic - btrfs: do not BUG_ON in link_to_fixup_dir - [x86] platform/x86: hp-wireless: add AMD's hardware id to the supported list - SMB3: incorrect file id in requests compounded with open - drm/amd/amdgpu: fix refcount leak - drm/amdgpu: Fix a use-after-free - [arm64,armhf] net: dsa: fix error code getting shifted with 4 in dsa_slave_get_sset_count - [armhf] net: fec: fix the potential memory leak in fec_enet_init() - [arm64] net: mdio: thunder: Fix a double free issue in the .remove function - [mips*] net: mdio: octeon: Fix some double free issues - openvswitch: meter: fix race when getting now_ms. - net: bnx2: Fix error return code in bnx2_init_board() - mld: fix panic in mld_newpack() - bpf: Set mac_len in bpf_skb_change_head - ixgbe: fix large MTU request from VF - scsi: libsas: Use _safe() loop in sas_resume_port() - ipv6: record frag_max_size in atomic fragments in input path - sch_dsmark: fix a NULL deref in qdisc_reset() - hugetlbfs: hugetlb_fault_mutex_hash() cleanup - drivers/net/ethernet: clean up unused assignments - [arm64] net: hns3: check the return of skb_checksum_help() - usb: core: reduce power-on-good delay time of root hub https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.194 - net: usb: cdc_ncm: don't spew notifications (Closes: #989451) - ALSA: usb: update old-style static const declaration - nl80211: validate key indexes for cfg80211_registered_device - efi: Allow EFI_MEMORY_XP and EFI_MEMORY_RO both to be cleared - [arm64,x86] efi: cper: fix snprintf() use in cper_dimm_err_location() - vfio/pci: Fix error return code in vfio_ecap_init() - ipvs: ignore IP_VS_SVC_F_HASHED flag when adding service - HID: pidff: fix error return code in hid_pidff_init() - [arm64,x86] HID: i2c-hid: fix format string mismatch - netfilter: nfnetlink_cthelper: hit EBUSY on updates if size mismatches - ieee802154: fix error return code in ieee802154_add_iface() - ieee802154: fix error return code in ieee802154_llsec_getparams() - ixgbevf: add correct exception tracing for XDP - tipc: add extack messages for bearer/media failure - tipc: fix unique bearer names sanity check - Bluetooth: fix the erroneous flush_work() order (CVE-2021-3564) - Bluetooth: use correct lock to prevent UAF of hdev object (CVE-2021-3573) - HID: multitouch: require Finger field to mark Win8 reports as MT - ALSA: timer: Fix master timer notification - ALSA: hda: Fix for mute key LED for HP Pavilion 15-CK0xx - ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed - [arm*] usb: dwc2: Fix build in periphal-only mode - pid: take a reference when initializing `cad_pid` - ocfs2: fix data corruption by fallocate - nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect (CVE-2021-3587) - [x86] apic: Mark _all_ legacy interrupts when IO/APIC is missing - btrfs: mark ordered extent and inode with error if we fail to finish - btrfs: fix error handling in btrfs_del_csums - btrfs: return errors from btrfs_del_csums in cleanup_ref_head - btrfs: fixup error handling in fixup_inode_link_counts - mm, hugetlb: fix simple resv_huge_pages underflow on UFFDIO_COPY - bpf: Add BPF_F_ANY_ALIGNMENT. - bnxt_en: Remove the setting of dev_port. - perf/cgroups: Don't rotate events for cgroups unnecessarily - perf/core: Fix corner case in perf_rotate_context() - btrfs: fix unmountable seed device after fstrim - [x86] KVM: SVM: Truncate GPR value for DR and CR accesses in !64-bit mode - [arm64] KVM: Fix debug register indexing - [arm64,x86] ACPI: probe ECDT before loading AML tables regardless of module-level code flag - [arm64,x86] ACPI: EC: Look for ECDT EC after calling acpi_load_tables() - sched/fair: Optimize select_idle_cpu - [x86] xen-pciback: redo VF placement in the virtual topology . [ Salvatore Bonaccorso ] * [rt] Update to 4.19.182-rt74 * [rt] Add new signing key for Clark Williams * [rt] Update to 4.19.184-rt75 * Bump ABI to 17 * [rt] Refresh "workqueue: Use normal rcu" * [rt] Refresh "workqueue: Use local irq lock instead of irq disable" * [rt] Refresh "workqueue: rework" * [rt] Update to 4.19.188-rt77 * [rt] Update to 4.19.190-rt79 * [rt] Refresh "ptrace: fix ptrace vs tasklist_lock race" * [rt] Update to 4.19.193-rt81 * [rt] Refresh "kernel: sched: Provide a pointer to the valid CPU mask" linux-signed-arm64 (4.19.194+1) buster; urgency=medium . * Sign kernel from linux 4.19.194-1 . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.182 - [arm64] KVM: nvhe: Save the SPE context early - [armhf] net: dsa: b53: Support setting learning on port https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.183 - ALSA: hda: generic: Fix the micmute led init state - Revert "PM: runtime: Update device status before letting suppliers suspend" - vmlinux.lds.h: Create section for protection against instrumentation - btrfs: fix race when cloning extent buffer during rewind of an old root (CVE-2021-28964) - btrfs: fix slab cache flags for free space tree bitmap - [armhf] ASoC: fsl_ssi: Fix TDM slot setup for I2S mode - nvmet: don't check iosqes,iocqes for discovery controllers - NFSD: Repair misuse of sv_lock in 5.10.16-rt30. - svcrdma: disable timeouts on rdma backchannel - sunrpc: fix refcount leak for rpc auth modules - scsi: lpfc: Fix some error codes in debugfs - nvme-rdma: fix possible hang when failing to set io queues - [powerpc*] Force inlining of cpu_has_feature() to avoid build failure - usb-storage: Add quirk to defeat Kindle's automatic unload - usbip: Fix incorrect double assignment to udc->ud.tcp_rx - USB: replace hardcode maximum usb string length by definition - usb: gadget: configfs: Fix KASAN use-after-free - [arm64] iio:adc:qcom-spmi-vadc: add default scale to LR_MUX2_BAT_ID channel - iio: hid-sensor-prox: Fix scale not correct issue - [powerpc*] PCI: rpadlpar: Fix potential drc_name corruption in store functions (CVE-2021-28972) - [x86] perf/x86/intel: Fix a crash caused by zero PEBS status (CVE-2021-28971) - [x86] ioapic: Ignore IRQ2 again - kernel, fs: Introduce and use set_restart_fn() and arch_set_restart_data() - [x86] Move TS_COMPAT back to asm/thread_info.h - [x86] Introduce TS_COMPAT_RESTART to fix get_nr_restart_syscall() - ext4: find old entry again if failed to rename whiteout - ext4: do not try to set xattr into ea_inode if value is empty - ext4: fix potential error in ext4_do_update_inode - genirq: Disable interrupts for force threaded handlers - [x86] apic/of: Fix CPU devicetree-node lookups - cifs: Fix preauth hash corruption https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.184 - [armhf] net: fec: ptp: avoid register access when ipg clock is disabled - [powerpc*] 4xx: Fix build errors from mfdcr() - atm: eni: dont release is never initialized - atm: lanai: dont run lanai_dev_close if not open - Revert "r8152: adjust the settings about MAC clock speed down for RTL8153" - ixgbe: Fix memleak in ixgbe_configure_clsu32 - net: tehuti: fix error return code in bdx_probe() - sun/niu: fix wrong RXMAC_BC_FRM_CNT_COUNT count - gianfar: fix jumbo packets+napi+rx overrun crash (CVE-2021-29264) - gpiolib: acpi: Add missing IRQF_ONESHOT - nfs: fix PNFS_FLEXFILE_LAYOUT Kconfig default - NFS: Correct size calculation for create reply length - [arm64] net: hisilicon: hns: fix error return code of hns_nic_clear_all_rx_fetch() - [x86] atm: uPD98402: fix incorrect allocation - atm: idt77252: fix null-ptr-dereference - u64_stats,lockdep: Fix u64_stats_init() vs lockdep - nfs: we don't support removing system.nfs4_acl - block: Suppress uevent for hidden device when removed - [arm64] netsec: restore phy power state after controller reset - [x86] platform/x86: intel-vbtn: Stop reporting SW_DOCK events - squashfs: fix inode lookup sanity checks - squashfs: fix xattr id and id lookup sanity checks - dm ioctl: fix out of bounds array access when no devices (CVE-2021-31916) - [armhf] bus: omap_l3_noc: mark l3 irqs as IRQF_NO_THREAD - veth: Store queue_mapping independently of XDP prog presence - libbpf: Fix INSTALL flag order - macvlan: macvlan_count_rx() needs to be aware of preemption - [armhf] net: dsa: bcm_sf2: Qualify phydev->dev_flags based on port - e1000e: add rtnl_lock() to e1000_reset_task - e1000e: Fix error handling in e1000_set_d0_lplu_state_82571 - net/qlcnic: Fix a use after free in qlcnic_83xx_get_minidump_template - netfilter: ctnetlink: fix dump of the expect mask attribute - can: peak_usb: add forgotten supported devices - [armhf] can: flexcan: flexcan_chip_freeze(): fix chip freeze for missing bitrate - mac80211: fix rate mask reset - net: cdc-phonet: fix data-interface release on probe failure - [arm64,armhf] net: stmmac: dwmac-sun8i: Provide TX and RX fifo sizes - [arm64] drm/msm: fix shutdown hook in case GPU components failed to bind - net/mlx5e: Fix error path for ethtool set-priv-flag - RDMA/cxgb4: Fix adapter LE hash errors while destroying ipv6 listening server - bpf: Don't do bpf_cgroup_storage_set() for kuprobe/tp programs - Revert "netfilter: x_tables: Switch synchronization to RCU" - netfilter: x_tables: Use correct memory barriers. (CVE-2021-29650) - Revert "netfilter: x_tables: Update remaining dereference to RCU" - ACPI: scan: Rearrange memory allocation in acpi_device_add() - ACPI: scan: Use unique number for instance_no - dm verity: add root hash pkcs#7 signature verification - scsi: qedi: Fix error return code of qedi_alloc_global_queues() - scsi: mpt3sas: Fix error return code of mpt3sas_base_attach() - locking/mutex: Fix non debug version of mutex_lock_io_nested() - can: dev: Move device back to init netns on owning netns delete - net: sched: validate stab values - net: qrtr: fix a kernel-infoleak in qrtr_recvmsg() (CVE-2021-29647) - mac80211: fix double free in ibss_leave - ext4: add reclaim checks to xattr code - can: peak_usb: Revert "can: peak_usb: add forgotten supported devices" - xen-blkback: don't leak persistent grants from xen_blkbk_map() (CVE-2021-28688) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.185 - selinux: vsock: Set SID for socket returned by accept() - tcp: relookup sock for RST+ACK packets handled by obsolete req sock - ipv6: weaken the v4mapped source check - ext4: fix bh ref count on error paths - rpc: fix NULL dereference on kmalloc failure - ASoC: rt5640: Fix dac- and adc- vol-tlv values being off by a factor of 10 - [x86] ASoC: rt5651: Fix dac- and adc- vol-tlv values being off by a factor of 10 - [armhf] ASoC: sgtl5000: set DAP_AVC_CTRL register to correct default value on probe - [x86] ASoC: es8316: Simplify adc_pga_gain_tlv table - vhost: Fix vhost_vq_reset() - scsi: st: Fix a use after free in st_open() - scsi: qla2xxx: Fix broken #endif placement - [x86] staging: comedi: cb_pcidas: fix request_irq() warn - [x86] staging: comedi: cb_pcidas64: fix request_irq() warn - thermal/core: Add NULL pointer check before using cooling device stats - locking/ww_mutex: Simplify use_ww_ctx & ww_ctx handling - ext4: do not iput inode under running transaction in ext4_rename() - brcmfmac: clear EAP/association status bits on linkdown events - ath10k: hold RCU lock when calling ieee80211_find_sta_by_ifaddr() - [amd64] net: ethernet: aquantia: Handle error cleanup of start on open - appletalk: Fix skb allocation size in loopback case - [x86] net: wan/lmc: unregister device when no matching device is found - bpf: Remove MTU check in __bpf_skb_max_len - ALSA: usb-audio: Apply sample rate quirk to Logitech Connect - ALSA: hda/realtek: fix a determine_headset_type issue for a Dell AIO - ALSA: hda/realtek: call alc_update_headset_mode() in hp_automute_hook - PM: runtime: Fix race getting/putting suppliers at probe - PM: runtime: Fix ordering in pm_runtime_get_suppliers() - tracing: Fix stack trace event size - mm: fix race by making init_zero_pfn() early_initcall - drm/amdgpu: fix offset calculation in amdgpu_vm_bo_clear_mappings() - drm/amdgpu: check alignment on CPU page for bo map - reiserfs: update reiserfs_xattrs_initialized() condition - [arm64,armhf] pinctrl: rockchip: fix restore error in resume - extcon: Add stubs for extcon_register_notifier_all() functions - extcon: Fix error handling in extcon_dev_register - firewire: nosy: Fix a use-after-free bug in nosy_ioctl() (CVE-2021-3483) - usbip: vhci_hcd fix shift out-of-bounds in vhci_hub_control() - USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem - [arm64,armhf] usb: musb: Fix suspend with devices connected for a64 - cdc-acm: fix BREAK rx code path adding necessary calls - USB: cdc-acm: untangle a circular dependency between callback and softint - USB: cdc-acm: downgrade message to debug - USB: cdc-acm: fix double free on probe failure - USB: cdc-acm: fix use-after-free after probe failure - [i386] usb: gadget: udc: amd5536udc_pci fix null-ptr-dereference - [arm*] usb: dwc2: Fix HPRT0.PrtSusp bit setting for HiKey 960 board. - [x86] staging: rtl8192e: Fix incorrect source in memcpy() - staging: rtl8192e: Change state information from u16 to u8 - drivers: video: fbcon: fix NULL dereference in fbcon_cursor() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.186 - [armhf] bus: ti-sysc: Fix warning on unbind if reset is not deasserted - [x86] platform/x86: intel-hid: Support Lenovo ThinkPad X1 Tablet Gen 2 - mISDN: fix crash in fritzpci - mac80211: choose first enabled channel for monitor - [arm64] drm/msm: Ratelimit invalid-fence message - [x86] platform/x86: thinkpad_acpi: Allow the FnLock LED to change state - scsi: target: pscsi: Clean up after failure in pscsi_map_sg() - cifs: revalidate mapping when we open files for SMB1 POSIX - cifs: Silently ignore unknown oplock break handle - [amd64] bpf, x86: Validate computation of branch displacements for x86-64 (CVE-2021-29154) - [i386] bpf, x86: Validate computation of branch displacements for x86-32 (CVE-2021-29154) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.187 - ALSA: aloop: Fix initialization of controls - [x86] ASoC: intel: atom: Stop advertising non working S24LE support - nfc: fix refcount leak in llcp_sock_bind() (CVE-2020-25670) - nfc: fix refcount leak in llcp_sock_connect() (CVE-2020-25671) - nfc: fix memory leak in llcp_sock_connect() (CVE-2020-25672) - nfc: Avoid endless loops caused by repeated llcp_sock_connect() - xen/evtchn: Change irq_info lock to raw_spinlock_t - net: ipv6: check for validity before dereferencing cfg->fc_nlinfo.nlh - ocfs2: fix deadlock between setattr and dio_end_io_write - fs: direct-io: fix missing sdio->boundary - [armhf] dts: turris-omnia: configure LED[2]/INTn pin as interrupt pin - batman-adv: initialize "struct batadv_tvlv_tt_vlan_data"->reserved field - ice: Increase control queue timeout - net: hso: fix null-ptr-deref during tty device unregistration - net: ensure mac header is set in virtio_net_hdr_to_skb() - net: sched: sch_teql: fix null-pointer dereference - net-ipv6: bugfix - raw & sctp - switch to ipv6_can_nonlocal_bind() - usbip: add sysfs_lock to synchronize sysfs code paths - usbip: stub-dev synchronize sysfs code paths - usbip: vudc synchronize sysfs code paths - usbip: synchronize event handler with sysfs code paths - i2c: turn recovery error on init to debug - virtio_net: Add XDP meta data support - xfrm: interface: fix ipv4 pmtu check to honor ip header df - net: xfrm: Localize sequence counter per network namespace - i40e: Added Asym_Pause to supported link modes - i40e: Fix kernel oops when i40e driver removes VF's - sch_red: fix off-by-one checks in red_check_params() - cxgb4: avoid collecting SGE_QBASE regs during traffic - net:tipc: Fix a double free in tipc_sk_mcast_rcv - [armhf] ASoC: sunxi: sun4i-codec: fill ASoC card owner - clk: fix invalid usage of list cursor in register - clk: fix invalid usage of list cursor in unregister - workqueue: Move the position of debug_work_activate() in __queue_work() - [s390x] cpcmd: fix inline assembly register clobbering - net/mlx5: Fix placement of log_max_flow_counter - net/mlx5: Fix PBMC register mapping - RDMA/cxgb4: check for ipv6 address properly while destroying listener - [armhf] clk: socfpga: fix iomem pointer cast on 64-bit - net: sched: bump refcount for new action in ACT replace mode - cfg80211: remove WARN_ON() in cfg80211_sme_connect - net: tun: set tun->dev->addr_len during TUNSETLINK processing - drivers: net: fix memory leak in atusb_probe - drivers: net: fix memory leak in peak_usb_create_dev - net: mac802154: Fix general protection fault - net: ieee802154: nl-mac: fix check on panid - net: ieee802154: fix nl802154 del llsec key - net: ieee802154: fix nl802154 del llsec dev - net: ieee802154: fix nl802154 add llsec key - net: ieee802154: fix nl802154 del llsec devkey - net: ieee802154: forbid monitor for set llsec params - net: ieee802154: forbid monitor for del llsec seclevel - net: ieee802154: stop dump llsec params for monitors - Revert "cifs: Set CIFS_MOUNT_USE_PREFIX_PATH flag on setting cifs_sb->prepath." (Closes: #988352) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.188 - [arm64] KVM: Hide system instruction access to Trace registers - [arm64] KVM: Disable guest access to trace filter controls - [armhf] drm/imx: imx-ldb: fix out of bounds array access warning - gfs2: report "already frozen/thawed" errors - [arm64,armhf] drm/tegra: dc: Don't set PLL clock to 0Hz - block: only update parent bi_status when bio fail - net: phy: broadcom: Only advertise EEE for supported modes - staging: m57621-mmc: delete driver from the tree. (Closes: #986949) - netfilter: x_tables: fix compat match/target pad out-of-bound write - driver core: Fix locking bug in deferred_probe_timeout_work_func() - xen/events: fix setting irq affinity https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.189 - net/sctp: fix race condition in sctp_destroy_sock - gpio: sysfs: Obey valid_mask - neighbour: Disregard DEAD dst in neigh_update - [arm64] drm/msm: Fix a5xx/a6xx timestamps - scsi: scsi_transport_srp: Don't block target in SRP_PORT_LOST state - net: ieee802154: stop dump llsec keys for monitors - net: ieee802154: stop dump llsec devs for monitors - net: ieee802154: forbid monitor for add llsec dev - net: ieee802154: stop dump llsec devkeys for monitors - net: ieee802154: forbid monitor for add llsec devkey - net: ieee802154: stop dump llsec seclevels for monitors - net: ieee802154: forbid monitor for add llsec seclevel - pcnet32: Use pci_resource_len to validate PCI resource - mac80211: clear sta->fast_rx when STA removed from 4-addr VLAN - HID: wacom: set EV_KEY and EV_ABS only for non-HID_GENERIC type of devices - readdir: make sure to verify directory entry for legacy interfaces too - [arm64] fix inline asm in load_unaligned_zeropad() - [arm64] alternatives: Move length validation in alternative_{insn, endif} - scsi: libsas: Reset num_scatter if libata marks qc as NODATA - netfilter: conntrack: do not print icmpv6 as unknown via /proc - netfilter: nft_limit: avoid possible divide error in nft_limit_init - net: sit: Unregister catch-all devices - net: ip6_tunnel: Unregister catch-all devices - i40e: fix the panic when running bpf in xdpdrv mode - [armel,armhf] 9071/1: uprobes: Don't hook on thumb instructions - net: phy: marvell: fix detection of PHY on Topaz switches - gup: document and work around "COW can break either way" issue (CVE-2020-29374) - [x86] pinctrl: lewisburg: Update number of pins in community - locking/qrwlock: Fix ordering in queued_write_lock_slowpath() - [x86] perf/x86/intel/uncore: Remove uncore extra PCI dev HSWEP_PCI_PCU_3 - HID: alps: fix error return code in alps_input_configured() - HID: wacom: Assign boolean values to a bool variable - net: geneve: check skb is large enough for IPv4/IPv6 header - [s390x] entry: save the caller of psw_idle - xen-netback: Check for hotplug-status existence before watching - [x86] crash: Fix crash_setup_memmap_entries() out-of-bounds access - net: hso: fix NULL-deref on disconnect regression - USB: CDC-ACM: fix poison/unpoison imbalance https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.190 - [x86] ACPI: tables: x86: Reserve memory occupied by ACPI tables - [x86] ACPI: x86: Call acpi_boot_table_init() after acpi_table_upgrade() - net: usb: ax88179_178a: initialize local variables before use - iwlwifi: Fix softirq/hardirq disabling in iwl_pcie_enqueue_hcmd() - [mips*] Do not include hi and lo in clobber list for R6 - bpf: Fix masking negation logic upon negative dst register (CVE-2021-31829) - iwlwifi: Fix softirq/hardirq disabling in iwl_pcie_gen2_enqueue_hcmd() - ALSA: usb-audio: Add MIDI quirk for Vox ToneLab EX - USB: Add LPM quirk for Lenovo ThinkPad USB-C Dock Gen2 Ethernet - USB: Add reset-resume quirk for WD19's Realtek Hub - [x86] platform/x86: thinkpad_acpi: Correct thermal sensor allocation - ovl: allow upperdir inside lowerdir https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.191 - [s390x] disassembler: increase ebpf disasm buffer size - ftrace: Handle commands when closing set_ftrace_filter file - ecryptfs: fix kernel panic with null dev_name - [armhf] spi: spi-ti-qspi: Free DMA resources - scsi: qla2xxx: Fix crash in qla2xxx_mqueuecommand() - mmc: sdhci-pci: Fix initialization of some SD cards for Intel BYT-based controllers - mmc: block: Update ext_csd.cache_ctrl if it was written - mmc: block: Issue a cache flush only when it's enabled - mmc: core: Do a power cycle when the CMD11 fails - mmc: core: Set read only for SD cards with permanent write protect bit - cifs: Return correct error code from smb2_get_enc_key - btrfs: fix metadata extent leak after failure to create subvolume - [x86] intel_th: pci: Add Rocket Lake CPU support - fbdev: zero-fill colormap in fbcmap.c - staging: wimax/i2400m: fix byte-order issue - crypto: api - check for ERR pointers in crypto_destroy_tfm() - usb: gadget: uvc: add bInterval checking for HS mode - [x86] genirq/matrix: Prevent allocation counter corruption - usb: gadget: f_uac1: validate input parameters - [arm64,armhf] usb: dwc3: gadget: Ignore EP queue requests during bus reset - usb: xhci: Fix port minor revision - PCI: PM: Do not read power state in pci_enable_device_flags() - [arm64] tee: optee: do not check memref size on return from Secure World - [arm*] perf/arm_pmu_platform: Fix error handling - xhci: check control context is valid before dereferencing it. - xhci: fix potential array out of bounds with several interrupters - [x86] intel_th: Consistency and off-by-one fix - [armhf] phy: phy-twl4030-usb: Fix possible use-after-free in twl4030_usb_remove() - btrfs: convert logic BUG_ON()'s in replace_path to ASSERT()'s - scsi: lpfc: Fix incorrect dbde assignment when building target abts wqe - scsi: lpfc: Fix pt2pt connection does not recover after LOGO - scsi: target: pscsi: Fix warning in pscsi_complete_cmd() - [x86] media: ite-cir: check for receive overflow - power: supply: bq27xxx: fix power_avg for newer ICs - media: media/saa7164: fix saa7164_encoder_register() memory leak bugs - media: gspca/sq905.c: fix uninitialized variable - drm/amdgpu : Fix asic reset regression issue introduce by 8f211fe8ac7c4f - scsi: qla2xxx: Always check the return value of qla24xx_get_isp_stats() - scsi: qla2xxx: Fix use after free in bsg - scsi: scsi_dh_alua: Remove check for ASC 24h in alua_rtpg() - media: em28xx: fix memory leak - media: vivid: update EDID - [armhf] clk: socfpga: arria10: Fix memory leak of socfpga_clk on error return - media: dvb-usb: fix memory leak in dvb_usb_adapter_init - media: gscpa/stv06xx: fix memory leak - [arm64] drm/msm/mdp5: Configure PP_SYNC_HEIGHT to double the vtotal - drm/amdgpu: fix NULL pointer dereference - scsi: lpfc: Fix crash when a REG_RPI mailbox fails triggering a LOGO response - scsi: lpfc: Remove unsupported mbox PORT_CAPABILITIES logic - scsi: libfc: Fix a format specifier - [s390x] archrandom: add parameter check for s390_arch_random_generate - [i386] ALSA: emu8000: Fix a use after free in snd_emu8000_create_mixer - ALSA: hda/conexant: Re-order CX5066 quirk table entries - [i386] ALSA: sb: Fix two use after free in snd_sb_qsound_build - ALSA: usb-audio: Explicitly set up the clock selector - ALSA: usb-audio: More constifications - ALSA: usb-audio: Add dB range mapping for Sennheiser Communications Headset PC 8 - ALSA: hda/realtek: Add quirk for Intel Clevo PCx0Dx - btrfs: fix race when picking most recent mod log operation for an old root - [arm64] vdso: Discard .note.gnu.property sections in vDSO - ubifs: Only check replay with inode type to judge if inode linked - f2fs: fix to avoid out-of-bounds memory access (CVE-2021-3506) - openvswitch: fix stack OOB read while fragmenting IPv4 packets - [arm64] ACPI: GTDT: Don't corrupt interrupt mappings on watchdow probe failure - NFS: Don't discard pNFS layout segments that are marked for return - NFSv4: Don't discard segments marked for return in _pnfs_return_layout() - jffs2: Fix kasan slab-out-of-bounds problem - [powerpc*] eeh: Fix EEH handling for hugepages in ioremap space. - [x86] intel_th: pci: Add Alder Lake-M support - [arm64,x86] tpm: vtpm_proxy: Avoid reading host log when using a virtual device - md/raid1: properly indicate failure when ending a failed write request - dm raid: fix inconclusive reshape layout on fast raid4/5/6 table reload sequences - security: commoncap: fix -Wstringop-overread warning - jffs2: check the validity of dstlen in jffs2_zlib_compress() - Revert 337f13046ff0 ("futex: Allow FUTEX_CLOCK_REALTIME with FUTEX_WAIT op") - posix-timers: Preserve return value in clock_adjtime32() - [arm64] vdso: remove commas between macro name and arguments - ext4: fix check to prevent false positive report of incorrect used inodes - ext4: do not set SB_ACTIVE in ext4_orphan_cleanup() - ext4: fix error code in ext4_commit_super - media: dvbdev: Fix memory leak in dvb_media_device_free() - usb: gadget: Fix double free of device descriptor pointers - usb: gadget/function/f_fs string table fix for multiple languages - [arm64,armhf] usb: dwc3: gadget: Fix START_TRANSFER link state check - [arm*] usb: dwc2: Fix session request interrupt handler - tty: fix memory leak in vc_deallocate - tracing: Map all PIDs to command lines - tracing: Restructure trace_clock_global() to never block - dm space map common: fix division bug in sm_ll_find_free_block() - dm rq: fix double free of blk_mq_tag_set in dev remove after table load fails - modules: mark ref_module static - modules: mark find_symbol static - modules: mark each_symbol_section static - modules: unexport __module_text_address - modules: unexport __module_address - modules: rename the licence field in struct symsearch to license - modules: return licensing information from find_symbol - modules: inherit TAINT_PROPRIETARY_MODULE - Bluetooth: verify AMP hci_chan before amp_destroy (CVE-2021-33034) - bluetooth: eliminate the potential race condition when removing the HCI controller (CVE-2021-32399) - net/nfc: fix use-after-free llcp_sock_bind/connect (CVE-2021-23134) - FDDI: defxx: Bail out gracefully with unassigned PCI resource for CSR - misc: lis3lv02d: Fix false-positive WARN on various HP models - [x86] misc: vmw_vmci: explicitly initialize vmci_notify_bm_set_msg struct - [x86] misc: vmw_vmci: explicitly initialize vmci_datagram payload - md/bitmap: wait for external bitmap writes to complete during tear down - md-cluster: fix use-after-free issue when removing rdev - md: split mddev_find - md: factor out a mddev_find_locked helper from mddev_find - md: md_open returns -EBUSY when entering racing area - md: Fix missing unused status line of /proc/mdstat - ipw2x00: potential buffer overflow in libipw_wx_set_encodeext() - cfg80211: scan: drop entry from hidden_list on overflow - drm/radeon: fix copy of uninitialized variable back to userspace - ALSA: hda/realtek: Re-order ALC882 Acer quirk table entries - ALSA: hda/realtek: Re-order ALC882 Sony quirk table entries - ALSA: hda/realtek: Re-order ALC882 Clevo quirk table entries - ALSA: hda/realtek: Re-order ALC269 HP quirk table entries - ALSA: hda/realtek: Re-order ALC269 Dell quirk table entries - ALSA: hda/realtek: Re-order ALC269 Sony quirk table entries - ALSA: hda/realtek: Re-order ALC269 Lenovo quirk table entries - ALSA: hda/realtek: Remove redundant entry for ALC861 Haier/Uniwill devices - [x86] cpu: Initialize MSR_TSC_AUX if RDTSCP *or* RDPID is supported - [s390x] KVM: split kvm_s390_logical_to_effective - [s390x] KVM: fix guarded storage control register handling - [s390x] KVM: split kvm_s390_real_to_abs - ovl: fix missing revert_creds() on error path - [x86] usb: gadget: pch_udc: Revert d3cb25a12138 completely - [armhf] memory: gpmc: fix out of bounds read and dereference on gpmc_cs[] - [armhf] dts: exynos: correct PMIC interrupt trigger level on SMDK5250 - regmap: set debugfs_name to NULL after it is freed - mtd: Handle possible -EPROBE_DEFER from parse_mtd_partitions() - [x86] microcode: Check for offline CPUs before requesting new microcode - [x86] usb: gadget: pch_udc: Replace cpu_to_le32() by lower_32_bits() - [x86] usb: gadget: pch_udc: Check if driver is present before calling ->setup() - [x86] usb: gadget: pch_udc: Check for DMA mapping error - [x86] crypto: qat - don't release uninitialized resources - [x86] crypto: qat - ADF_STATUS_PF_RUNNING should be set after adf_dev_init - mtd: require write permissions for locking and badblock ioctls - [arm64] bus: qcom: Put child node before return - [x86] crypto: qat - fix error path in adf_isr_resource_alloc() - [armhf] mtd: rawnand: gpmi: Fix a double free in gpmi_nand_init - [arm64,armhf] irqchip/gic-v3: Fix OF_BAD_ADDR error handling - [x86] staging: rtl8192u: Fix potential infinite loop - spi: Fix use-after-free with devm_spi_alloc_* - [arm64] soc: qcom: mdt_loader: Validate that p_filesz < p_memsz - [arm64] soc: qcom: mdt_loader: Detect truncated read of segments - [amd64,arm64] ACPI: CPPC: Replace cppc_attr with kobj_attribute - [x86] crypto: qat - Fix a double free in adf_create_ring - [arm64] cpufreq: armada-37xx: Fix setting TBG parent for load levels - [arm64] clk: mvebu: armada-37xx-periph: remove .set_parent method for CPU PM clock - [arm64] cpufreq: armada-37xx: Fix the AVS value for load L1 - [arm64] clk: mvebu: armada-37xx-periph: Fix switching CPU freq from 250 Mhz to 1 GHz - [arm64] clk: mvebu: armada-37xx-periph: Fix workaround for switching from L1 to L0 - [arm64] cpufreq: armada-37xx: Fix driver cleanup when registration failed - [arm64] cpufreq: armada-37xx: Fix determining base CPU frequency - USB: cdc-acm: fix unprivileged TIOCCSERIAL - tty: actually undefine superseded ASYNC flags - tty: fix return value for unsupported ioctls - usbip: vudc: fix missing unlock on error in usbip_sockfd_store() - [x86] platform/x86: pmc_atom: Match all Beckhoff Automation baytrail boards with critclk_systems DMI table - [x86] Drivers: hv: vmbus: Increase wait time for VMbus unload - [arm*] usb: dwc2: Fix host mode hibernation exit with remote wakeup flow. - [arm*] usb: dwc2: Fix hibernation between host and device modes. - ttyprintk: Add TTY hangup callback. - media: vivid: fix assignment of dev->fbuf_out_flags - media: m88rs6000t: avoid potential out-of-bounds reads on arrays - [x86] kprobes: Fix to check non boostable prefixes correctly - sata_mv: add IRQ checks - ata: libahci_platform: fix IRQ check - nvme: retrigger ANA log update if group descriptor isn't found - [arm64] clk: qcom: a53-pll: Add missing MODULE_DEVICE_TABLE - [powerpc*] scsi: ibmvfc: Fix invalid state machine BUG_ON() - [armhf] HSI: core: fix resource leaks in hsi_add_client_from_dt() - [amd64] x86/events/amd/iommu: Fix sysfs type mismatch - sched/debug: Fix cgroup_path[] serialization - drivers/block/null_blk/main: Fix a double free in null_init. - HID: plantronics: Workaround for double volume key presses - [powerpc*] prom: Mark identical_pvr_fixup as __init - ALSA: core: remove redundant spin_lock pair in snd_card_disconnect - bug: Remove redundant condition check in report_bug - nfc: pn533: prevent potential memory corruption - [arm64] net: hns3: Limiting the scope of vector_ring_chain variable - ALSA: usb-audio: Add error checks for usb_driver_claim_interface() calls - [powerpc*] 64s: Fix pte update for kernel memory on radix - [powerpc*] perf: Fix PMU constraint check for EBB events - mac80211: bail out if cipher schemes are invalid - mt7601u: fix always true expression - [amd64] IB/hfi1: Fix error return code in parse_platform_config() - [arm64] net: thunderx: Fix unintentional sign extension issue - RDMA/srpt: Fix error return code in srpt_cm_req_recv() - [mips*] pci-legacy: stop using of_pci_range_to_resource - [powerpc*] pseries: extract host bridge from pci_bus prior to bus removal - rtlwifi: 8821ae: upgrade PHY and RF parameters - mwl8k: Fix a double Free in mwl8k_probe_hw - [x86] vsock/vmci: log once the failed queue pair allocation - RDMA/i40iw: Fix error unwinding when i40iw_hmc_sd_one fails - ALSA: usb: midi: don't return -ENOMEM when usb_urb_ep_type_check fails - [armhf] net: davinci_emac: Fix incorrect masking of tx and rx error channel - ath9k: Fix error check in ath9k_hw_read_revisions() for PCI devices - ath10k: Fix ath10k_wmi_tlv_op_pull_peer_stats_info() unlock without lock - bnxt_en: fix ternary sign extension bug in bnxt_show_temp() - net: geneve: modify IP header check in geneve6_xmit_skb and geneve_xmit_skb - [arm64] net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send - net:nfc:digital: Fix a double free in digital_tg_recv_dep_req - mm/sparse: add the missing sparse_buffer_fini() in error branch - mm/memory-failure: unnecessary amount of unmapping - net: Only allow init netns to set default tcp cong to a restricted algo - smp: Fix smp_call_function_single_async prototype - Revert "net/sctp: fix race condition in sctp_destroy_sock" - sctp: delay auto_asconf init until binding the first addr (CVE-2021-23133) - Revert "of/fdt: Make sure no-map does not remove already reserved regions" - Revert "fdt: Properly handle "no-map" field in the memory region" - [arm64,x86] tpm: fix error return code in tpm2_get_cc_attrs_tbl() - fs: dlm: fix debugfs dump - tipc: convert dest node's address to network order - [x86] ASoC: Intel: bytcr_rt5640: Enable jack-detect support on Asus T100TAF - [arm64] net: stmmac: Set FIFO sizes for ipq806x - i2c: bail out early when RDWR parameters are wrong - ALSA: hdsp: don't disable if not enabled - ALSA: hdspm: don't disable if not enabled - ALSA: rme9652: don't disable if not enabled - Bluetooth: Set CONF_NOT_COMPLETE as l2cap_chan default - Bluetooth: initialize skb_queue_head at l2cap_chan_create() - net: bridge: when suppression is enabled exclude RARP packets - Bluetooth: check for zapped sk before connecting - ip6_vti: proper dev_{hold|put} in ndo_[un]init methods - [x86] ASoC: Intel: bytcr_rt5640: Add quirk for the Chuwi Hi8 tablet - i2c: Add I2C_AQ_NO_REP_START adapter quirk - mac80211: clear the beacon's CRC after channel switch - [armhf] pinctrl: samsung: use 'int' for register masks in Exynos - cuse: prevent clone - sctp: Fix out-of-bounds warning in sctp_process_asconf_param() - [powerpc*] smp: Set numa node before updating mask - [x86] ASoC: rt286: Generalize support for ALC3263 codec - ethtool: ioctl: Fix out-of-bounds warning in store_link_ksettings_for_user() - [powerpc*] pseries: Stop calling printk in rtas_stop_self() - [x86] wl3501_cs: Fix out-of-bounds warnings in wl3501_send_pkt - [x86] wl3501_cs: Fix out-of-bounds warnings in wl3501_mgmt_join - [powerpc*] iommu: Annotate nested lock for lockdep - [x86] ASoC: rt286: Make RT286_SET_GPIO_* readable and writable - f2fs: fix a redundant call to f2fs_balance_fs if an error occurs - PCI: Release OF node in pci_scan_device()'s error path - [armel,armhf] 9064/1: hw_breakpoint: Do not directly check the event's overflow_handler hook - [arm64] rpmsg: qcom_glink_native: fix error return code of qcom_glink_rx_data() - NFSv4.2: Always flush out writes in nfs42_proc_fallocate() - NFS: Deal correctly with attribute generation counter overflow - pNFS/flexfiles: fix incorrect size check in decode_nfs_fh() - NFSv4.2 fix handling of sr_eof in SEEK's reply - rtc: ds1307: Fix wday settings for rx8130 - [arm64] net: hns3: disable phy loopback setting in hclge_mac_start_phy - sctp: do asoc update earlier in sctp_sf_do_dupcook_a - ethernet:enic: Fix a use after free bug in enic_hard_start_xmit - sctp: fix a SCTP_MIB_CURRESTAB leak in sctp_sf_do_dupcook_b - netfilter: xt_SECMARK: add new revision to fix structure layout - drm/radeon: Fix off-by-one power_state index heap overwrite - drm/radeon: Avoid power table parsing memory leaks - khugepaged: fix wrong result value for trace_mm_collapse_huge_page_isolate() - mm/hugeltb: handle the error case in hugetlb_fix_reserve_counts() - ksm: fix potential missing rmap_item for stable_node - net: fix nla_strcmp to handle more then one trailing null character - smc: disallow TCP_ULP in smc_setsockopt() - netfilter: nfnetlink_osf: Fix a missing skb_header_pointer() NULL check - sched/fair: Fix unfairness caused by missing load decay - [amd64] kernel: kexec_file: fix error return code of kexec_calculate_store_digests() - netfilter: nftables: avoid overflows in nft_hash_buckets() - i40e: Fix use-after-free in i40e_client_subtask() - [powerpc*] 64s: Fix crashes when toggling stf barrier - [powerpc*] 64s: Fix crashes when toggling entry flush barrier - hfsplus: prevent corruption in shrinking truncate - squashfs: fix divide error in calculate_skip() - userfaultfd: release page in error path to avoid BUG_ON - drm/radeon/dpm: Disable sclk switching on Oland when two 4K 60Hz monitors are connected - [arm64,x86] ACPI: scan: Fix a memory leak in an error handling path - blk-mq: Swap two calls in blk_mq_exit_queue() - [armhf] usb: dwc3: omap: improve extcon initialization - [arm64] usb: dwc3: pci: Enable usb2-gadget-lpm-disable for Intel Merrifield - [arm*] usb: dwc2: Fix gadget DMA unmap direction - usb: core: hub: fix race condition about TRSMRCY of resume - [arm64,armhf] usb: dwc3: gadget: Return success always for kick transfer in ep queue - xhci: Do not use GFP_KERNEL in (potentially) atomic context - xhci: Add reset resume quirk for AMD xhci controller. - [x86] iio: tsl2583: Fix division by a zero lux_val - cdc-wdm: untangle a circular dependency between callback and softint - [x86] KVM: Cancel pvclock_gtod_work on module removal - thermal/core/fair share: Lock the thermal zone while looping over instances - kobject_uevent: remove warning in init_uevent_argv() - netfilter: conntrack: Make global sysctls readonly in non-init netns - nvme: do not try to reconfigure APST when the controller is not live - [x86] msr: Fix wr/rdmsr_safe_regs_on_cpu() prototypes - usb: sl811-hcd: improve misleading indentation - cxgb4: Fix the -Wmisleading-indentation warning - isdn: capi: fix mismatched prototypes - [arm64] PCI: thunder: Fix compile testing - [armel,armhf] 9066/1: ftrace: pause/unpause function graph tracer in cpu_suspend() - [arm64,x86] ACPI / hotplug / PCI: Fix reference count leak in enable_slot() - [arm64] Input: elants_i2c - do not bind to i2c-hid compatible ACPI instantiated devices - [armel,armhf] 9075/1: kernel: Fix interrupted SMC calls - ceph: fix fscache invalidation - scsi: target: tcmu: Return from tcmu_handle_completions() if cmd_id not found - [arm64,x86] gpiolib: acpi: Add quirk to ignore EC wakeups on Dell Venue 10 Pro 5055 - ALSA: hda: generic: change the DAC ctl name for LO+SPK or LO+HP - block: reexpand iov_iter after read/write - [arm64,armhf] net: stmmac: Do not enable RX FIFO overflow interrupts - ip6_gre: proper dev_{hold|put} in ndo_[un]init methods - sit: proper dev_{hold|put} in ndo_[un]init methods - ip6_tunnel: sit: proper dev_{hold|put} in ndo_[un]init methods - ipv6: remove extra dev_hold() for fallback tunnels - iomap: fix sub-page uptodate handling - [arm64] KVM: Initialize VCPU mdcr_el2 before loading it - tweewide: Fix most Shebang lines - scripts: switch explicitly to Python 3 https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.192 - RDMA/rxe: Clear all QP fields if creation failed - scsi: qla2xxx: Fix error return code in qla82xx_write_flash_dword() - RDMA/mlx5: Recover from fatal event in dual port mode - [x86] platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios - ptrace: make ptrace() fail if the tracee changed its pid unexpectedly - nvmet: seset ns->file when open fails - locking/mutex: clear MUTEX_FLAGS if wait_list is empty due to signal - cifs: fix memory leak in smb2_copychunk_range - ALSA: dice: fix stream format for TC Electronic Konnekt Live at high sampling transfer frequency - ALSA: line6: Fix racy initialization of LINE6 MIDI - ALSA: dice: fix stream format at middle sampling rate for Alesis iO 26 - ALSA: usb-audio: Validate MS endpoint descriptors - ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro - [i386] Revert "ALSA: sb8: add a check for request_region" - ALSA: hda/realtek: reset eapd coeff to default value for alc287 - ALSA: hda/realtek: Add some CLOVE SSIDs of ALC293 - [arm64] Revert "serial: mvebu-uart: Fix to avoid a potential NULL pointer dereference" - [x86] xen-pciback: reconfigure also from backend watch handler - dm snapshot: fix crash with transient storage and zero chunk size - [x86] Revert "video: hgafb: fix potential NULL pointer dereference" - [arm64,armhf] Revert "net: stmicro: fix a missing check of clk_prepare" - [armhf] Revert "leds: lp5523: fix a missing check of return value of lp55xx_read" - Revert "hwmon: (lm80) fix a missing check of bus read in lm80 probe" - Revert "ecryptfs: replace BUG_ON with error handling code" - Revert "rtlwifi: fix a potential NULL pointer dereference" - Revert "qlcnic: Avoid potential NULL pointer dereference" - Revert "niu: fix missing checks of niu_pci_eeprom_read" - ethernet: sun: niu: fix missing checks of niu_pci_eeprom_read() - [arm64,armhf] net: stmicro: handle clk_prepare() failure during init - net: rtlwifi: properly check for alloc_workqueue() failure - [armhf] leds: lp5523: check return value of lp5xx_read and jump to cleanup code - qlcnic: Add null check after calling netdev_alloc_skb - [x86] video: hgafb: fix potential NULL pointer dereference - vgacon: Record video mode changes with VT_RESIZEX - vt: Fix character height handling with VT_RESIZEX - tty: vt: always invoke vc->vc_sw->con_resize callback - [x86] video: hgafb: correctly handle card detect failure during probe - Bluetooth: SMP: Fail if remote and local public keys are identical (CVE-2020-26558, CVE-2021-0129) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.193 - mm, vmstat: drop zone->lock in /proc/pagetypeinfo - [arm64,armhf] usb: dwc3: gadget: Enable suspend events - NFC: nci: fix memory leak in nci_allocate_device - cifs: set server->cipher_type to AES-128-CCM for SMB3.0 - NFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return() - [amd64] iommu/vt-d: Fix sysfs leak in alloc_iommu() - proc: Check /proc/$pid/attr/ writes against file opener - net: hso: fix control-request directions - mac80211: assure all fragments are encrypted (CVE-2020-26147) - mac80211: prevent mixed key and fragment cache attacks (CVE-2020-24586, CVE-2020-24587) - mac80211: properly handle A-MSDUs that start with an RFC 1042 header - cfg80211: mitigate A-MSDU aggregation attacks (CVE-2020-24588) - mac80211: drop A-MSDUs on old ciphers (CVE-2020-24588) - mac80211: add fragment cache to sta_info - mac80211: check defrag PN against current frame - mac80211: prevent attacks on TKIP/WEP as well - mac80211: do not accept/forward invalid EAPOL frames (CVE-2020-26139) - mac80211: extend protection against mixed key and fragment cache attacks (CVE-2020-24586, CVE-2020-24587) - ath10k: Validate first subframe of A-MSDU before processing the list - dm snapshot: properly fix a crash when an origin has no snapshots - misc/uss720: fix memory leak in uss720_probe - [x86] thunderbolt: dma_port: Fix NVM read buffer bounds and offset issue - [x86] mei: request autosuspend after sending rx flow control - USB: trancevibrator: fix control-request direction - USB: usbfs: Don't WARN about excessively large memory allocations - serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait' - USB: serial: ti_usb_3410_5052: add startech.com device id - USB: serial: option: add Telit LE910-S1 compositions 0x7010, 0x7011 - USB: serial: ftdi_sio: add IDs for IDS GmbH Products - USB: serial: pl2303: add device id for ADLINK ND-6530 GC - [arm64,armhf] usb: dwc3: gadget: Properly track pending and queued SG - net: usb: fix memory leak in smsc75xx_bind - bpf: extend is_branch_taken to registers - bpf: Test_verifier, bpf_get_stack return value add <0 - bpf, test_verifier: switch bpf_get_stack's 0 s> r8 test - bpf: Move off_reg into sanitize_ptr_alu (CVE-2021-29155) - bpf: Ensure off_reg has no mixed signed bounds for all types (CVE-2021-29155) - bpf: Rework ptr_limit into alu_limit and add common error path (CVE-2021-29155) - bpf: Improve verifier error messages for users (CVE-2021-29155) - bpf: Refactor and streamline bounds check into helper (CVE-2021-29155) - bpf: Move sanitize_val_alu out of op switch (CVE-2021-29155) - bpf: Tighten speculative pointer arithmetic mask (CVE-2021-29155) - bpf: Update selftests to reflect new error states - bpf: Fix leakage of uninitialized bpf stack under speculation (CVE-2021-31829) - bpf: Wrap aux data inside bpf_sanitize_info container - bpf: Fix mask direction swap upon off reg sign change - bpf: No need to simulate speculative domain for immediates - [armhf] spi: gpio: Don't leak SPI master in probe error path - Bluetooth: cmtp: fix file refcount when cmtp_attach_device fails - NFS: fix an incorrect limit in filelayout_decode_layout() - NFS: Don't corrupt the value of pg_bytes_written in nfs_do_recoalesce() - NFSv4: Fix v4.0/v4.1 SEEK_DATA return -ENOTSUPP when set NFS_V4_2 config - [arm64] drm/meson: fix shutdown crash when component not probed - net/mlx4: Fix EEPROM dump support - Revert "net:tipc: Fix a double free in tipc_sk_mcast_rcv" - tipc: skb_linearize the head skb when reassembling msgs - [arm64,armhf] net: dsa: fix a crash if ->get_sset_count() fails - [armhf] i2c: s3c2410: fix possible NULL pointer deref on read message after write - [x86] i2c: i801: Don't generate an interrupt on bus reset - [x86] platform/x86: hp_accel: Avoid invoking _INI to speed up resume - [x86] net: fujitsu: fix potential null-ptr-deref - [x86] char: hpet: add checks after calling ioremap - isdn: mISDNinfineon: check/cleanup ioremap failure correctly in setup_io - [arm64] dmaengine: qcom_hidma: comment platform_driver_register call - libertas: register sysfs groups properly - media: dvb: Add check on sp8870_readreg return - media: gspca: properly check for errors in po1030_probe() - [x86] scsi: BusLogic: Fix 64-bit system enumeration error for Buslogic - btrfs: do not BUG_ON in link_to_fixup_dir - [x86] platform/x86: hp-wireless: add AMD's hardware id to the supported list - SMB3: incorrect file id in requests compounded with open - drm/amd/amdgpu: fix refcount leak - drm/amdgpu: Fix a use-after-free - [arm64,armhf] net: dsa: fix error code getting shifted with 4 in dsa_slave_get_sset_count - [armhf] net: fec: fix the potential memory leak in fec_enet_init() - [arm64] net: mdio: thunder: Fix a double free issue in the .remove function - [mips*] net: mdio: octeon: Fix some double free issues - openvswitch: meter: fix race when getting now_ms. - net: bnx2: Fix error return code in bnx2_init_board() - mld: fix panic in mld_newpack() - bpf: Set mac_len in bpf_skb_change_head - ixgbe: fix large MTU request from VF - scsi: libsas: Use _safe() loop in sas_resume_port() - ipv6: record frag_max_size in atomic fragments in input path - sch_dsmark: fix a NULL deref in qdisc_reset() - hugetlbfs: hugetlb_fault_mutex_hash() cleanup - drivers/net/ethernet: clean up unused assignments - [arm64] net: hns3: check the return of skb_checksum_help() - usb: core: reduce power-on-good delay time of root hub https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.194 - net: usb: cdc_ncm: don't spew notifications (Closes: #989451) - ALSA: usb: update old-style static const declaration - nl80211: validate key indexes for cfg80211_registered_device - efi: Allow EFI_MEMORY_XP and EFI_MEMORY_RO both to be cleared - [arm64,x86] efi: cper: fix snprintf() use in cper_dimm_err_location() - vfio/pci: Fix error return code in vfio_ecap_init() - ipvs: ignore IP_VS_SVC_F_HASHED flag when adding service - HID: pidff: fix error return code in hid_pidff_init() - [arm64,x86] HID: i2c-hid: fix format string mismatch - netfilter: nfnetlink_cthelper: hit EBUSY on updates if size mismatches - ieee802154: fix error return code in ieee802154_add_iface() - ieee802154: fix error return code in ieee802154_llsec_getparams() - ixgbevf: add correct exception tracing for XDP - tipc: add extack messages for bearer/media failure - tipc: fix unique bearer names sanity check - Bluetooth: fix the erroneous flush_work() order (CVE-2021-3564) - Bluetooth: use correct lock to prevent UAF of hdev object (CVE-2021-3573) - HID: multitouch: require Finger field to mark Win8 reports as MT - ALSA: timer: Fix master timer notification - ALSA: hda: Fix for mute key LED for HP Pavilion 15-CK0xx - ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed - [arm*] usb: dwc2: Fix build in periphal-only mode - pid: take a reference when initializing `cad_pid` - ocfs2: fix data corruption by fallocate - nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect (CVE-2021-3587) - [x86] apic: Mark _all_ legacy interrupts when IO/APIC is missing - btrfs: mark ordered extent and inode with error if we fail to finish - btrfs: fix error handling in btrfs_del_csums - btrfs: return errors from btrfs_del_csums in cleanup_ref_head - btrfs: fixup error handling in fixup_inode_link_counts - mm, hugetlb: fix simple resv_huge_pages underflow on UFFDIO_COPY - bpf: Add BPF_F_ANY_ALIGNMENT. - bnxt_en: Remove the setting of dev_port. - perf/cgroups: Don't rotate events for cgroups unnecessarily - perf/core: Fix corner case in perf_rotate_context() - btrfs: fix unmountable seed device after fstrim - [x86] KVM: SVM: Truncate GPR value for DR and CR accesses in !64-bit mode - [arm64] KVM: Fix debug register indexing - [arm64,x86] ACPI: probe ECDT before loading AML tables regardless of module-level code flag - [arm64,x86] ACPI: EC: Look for ECDT EC after calling acpi_load_tables() - sched/fair: Optimize select_idle_cpu - [x86] xen-pciback: redo VF placement in the virtual topology . [ Salvatore Bonaccorso ] * [rt] Update to 4.19.182-rt74 * [rt] Add new signing key for Clark Williams * [rt] Update to 4.19.184-rt75 * Bump ABI to 17 * [rt] Refresh "workqueue: Use normal rcu" * [rt] Refresh "workqueue: Use local irq lock instead of irq disable" * [rt] Refresh "workqueue: rework" * [rt] Update to 4.19.188-rt77 * [rt] Update to 4.19.190-rt79 * [rt] Refresh "ptrace: fix ptrace vs tasklist_lock race" * [rt] Update to 4.19.193-rt81 * [rt] Refresh "kernel: sched: Provide a pointer to the valid CPU mask" linux-signed-i386 (4.19.194+1) buster; urgency=medium . * Sign kernel from linux 4.19.194-1 . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.182 - [arm64] KVM: nvhe: Save the SPE context early - [armhf] net: dsa: b53: Support setting learning on port https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.183 - ALSA: hda: generic: Fix the micmute led init state - Revert "PM: runtime: Update device status before letting suppliers suspend" - vmlinux.lds.h: Create section for protection against instrumentation - btrfs: fix race when cloning extent buffer during rewind of an old root (CVE-2021-28964) - btrfs: fix slab cache flags for free space tree bitmap - [armhf] ASoC: fsl_ssi: Fix TDM slot setup for I2S mode - nvmet: don't check iosqes,iocqes for discovery controllers - NFSD: Repair misuse of sv_lock in 5.10.16-rt30. - svcrdma: disable timeouts on rdma backchannel - sunrpc: fix refcount leak for rpc auth modules - scsi: lpfc: Fix some error codes in debugfs - nvme-rdma: fix possible hang when failing to set io queues - [powerpc*] Force inlining of cpu_has_feature() to avoid build failure - usb-storage: Add quirk to defeat Kindle's automatic unload - usbip: Fix incorrect double assignment to udc->ud.tcp_rx - USB: replace hardcode maximum usb string length by definition - usb: gadget: configfs: Fix KASAN use-after-free - [arm64] iio:adc:qcom-spmi-vadc: add default scale to LR_MUX2_BAT_ID channel - iio: hid-sensor-prox: Fix scale not correct issue - [powerpc*] PCI: rpadlpar: Fix potential drc_name corruption in store functions (CVE-2021-28972) - [x86] perf/x86/intel: Fix a crash caused by zero PEBS status (CVE-2021-28971) - [x86] ioapic: Ignore IRQ2 again - kernel, fs: Introduce and use set_restart_fn() and arch_set_restart_data() - [x86] Move TS_COMPAT back to asm/thread_info.h - [x86] Introduce TS_COMPAT_RESTART to fix get_nr_restart_syscall() - ext4: find old entry again if failed to rename whiteout - ext4: do not try to set xattr into ea_inode if value is empty - ext4: fix potential error in ext4_do_update_inode - genirq: Disable interrupts for force threaded handlers - [x86] apic/of: Fix CPU devicetree-node lookups - cifs: Fix preauth hash corruption https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.184 - [armhf] net: fec: ptp: avoid register access when ipg clock is disabled - [powerpc*] 4xx: Fix build errors from mfdcr() - atm: eni: dont release is never initialized - atm: lanai: dont run lanai_dev_close if not open - Revert "r8152: adjust the settings about MAC clock speed down for RTL8153" - ixgbe: Fix memleak in ixgbe_configure_clsu32 - net: tehuti: fix error return code in bdx_probe() - sun/niu: fix wrong RXMAC_BC_FRM_CNT_COUNT count - gianfar: fix jumbo packets+napi+rx overrun crash (CVE-2021-29264) - gpiolib: acpi: Add missing IRQF_ONESHOT - nfs: fix PNFS_FLEXFILE_LAYOUT Kconfig default - NFS: Correct size calculation for create reply length - [arm64] net: hisilicon: hns: fix error return code of hns_nic_clear_all_rx_fetch() - [x86] atm: uPD98402: fix incorrect allocation - atm: idt77252: fix null-ptr-dereference - u64_stats,lockdep: Fix u64_stats_init() vs lockdep - nfs: we don't support removing system.nfs4_acl - block: Suppress uevent for hidden device when removed - [arm64] netsec: restore phy power state after controller reset - [x86] platform/x86: intel-vbtn: Stop reporting SW_DOCK events - squashfs: fix inode lookup sanity checks - squashfs: fix xattr id and id lookup sanity checks - dm ioctl: fix out of bounds array access when no devices (CVE-2021-31916) - [armhf] bus: omap_l3_noc: mark l3 irqs as IRQF_NO_THREAD - veth: Store queue_mapping independently of XDP prog presence - libbpf: Fix INSTALL flag order - macvlan: macvlan_count_rx() needs to be aware of preemption - [armhf] net: dsa: bcm_sf2: Qualify phydev->dev_flags based on port - e1000e: add rtnl_lock() to e1000_reset_task - e1000e: Fix error handling in e1000_set_d0_lplu_state_82571 - net/qlcnic: Fix a use after free in qlcnic_83xx_get_minidump_template - netfilter: ctnetlink: fix dump of the expect mask attribute - can: peak_usb: add forgotten supported devices - [armhf] can: flexcan: flexcan_chip_freeze(): fix chip freeze for missing bitrate - mac80211: fix rate mask reset - net: cdc-phonet: fix data-interface release on probe failure - [arm64,armhf] net: stmmac: dwmac-sun8i: Provide TX and RX fifo sizes - [arm64] drm/msm: fix shutdown hook in case GPU components failed to bind - net/mlx5e: Fix error path for ethtool set-priv-flag - RDMA/cxgb4: Fix adapter LE hash errors while destroying ipv6 listening server - bpf: Don't do bpf_cgroup_storage_set() for kuprobe/tp programs - Revert "netfilter: x_tables: Switch synchronization to RCU" - netfilter: x_tables: Use correct memory barriers. (CVE-2021-29650) - Revert "netfilter: x_tables: Update remaining dereference to RCU" - ACPI: scan: Rearrange memory allocation in acpi_device_add() - ACPI: scan: Use unique number for instance_no - dm verity: add root hash pkcs#7 signature verification - scsi: qedi: Fix error return code of qedi_alloc_global_queues() - scsi: mpt3sas: Fix error return code of mpt3sas_base_attach() - locking/mutex: Fix non debug version of mutex_lock_io_nested() - can: dev: Move device back to init netns on owning netns delete - net: sched: validate stab values - net: qrtr: fix a kernel-infoleak in qrtr_recvmsg() (CVE-2021-29647) - mac80211: fix double free in ibss_leave - ext4: add reclaim checks to xattr code - can: peak_usb: Revert "can: peak_usb: add forgotten supported devices" - xen-blkback: don't leak persistent grants from xen_blkbk_map() (CVE-2021-28688) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.185 - selinux: vsock: Set SID for socket returned by accept() - tcp: relookup sock for RST+ACK packets handled by obsolete req sock - ipv6: weaken the v4mapped source check - ext4: fix bh ref count on error paths - rpc: fix NULL dereference on kmalloc failure - ASoC: rt5640: Fix dac- and adc- vol-tlv values being off by a factor of 10 - [x86] ASoC: rt5651: Fix dac- and adc- vol-tlv values being off by a factor of 10 - [armhf] ASoC: sgtl5000: set DAP_AVC_CTRL register to correct default value on probe - [x86] ASoC: es8316: Simplify adc_pga_gain_tlv table - vhost: Fix vhost_vq_reset() - scsi: st: Fix a use after free in st_open() - scsi: qla2xxx: Fix broken #endif placement - [x86] staging: comedi: cb_pcidas: fix request_irq() warn - [x86] staging: comedi: cb_pcidas64: fix request_irq() warn - thermal/core: Add NULL pointer check before using cooling device stats - locking/ww_mutex: Simplify use_ww_ctx & ww_ctx handling - ext4: do not iput inode under running transaction in ext4_rename() - brcmfmac: clear EAP/association status bits on linkdown events - ath10k: hold RCU lock when calling ieee80211_find_sta_by_ifaddr() - [amd64] net: ethernet: aquantia: Handle error cleanup of start on open - appletalk: Fix skb allocation size in loopback case - [x86] net: wan/lmc: unregister device when no matching device is found - bpf: Remove MTU check in __bpf_skb_max_len - ALSA: usb-audio: Apply sample rate quirk to Logitech Connect - ALSA: hda/realtek: fix a determine_headset_type issue for a Dell AIO - ALSA: hda/realtek: call alc_update_headset_mode() in hp_automute_hook - PM: runtime: Fix race getting/putting suppliers at probe - PM: runtime: Fix ordering in pm_runtime_get_suppliers() - tracing: Fix stack trace event size - mm: fix race by making init_zero_pfn() early_initcall - drm/amdgpu: fix offset calculation in amdgpu_vm_bo_clear_mappings() - drm/amdgpu: check alignment on CPU page for bo map - reiserfs: update reiserfs_xattrs_initialized() condition - [arm64,armhf] pinctrl: rockchip: fix restore error in resume - extcon: Add stubs for extcon_register_notifier_all() functions - extcon: Fix error handling in extcon_dev_register - firewire: nosy: Fix a use-after-free bug in nosy_ioctl() (CVE-2021-3483) - usbip: vhci_hcd fix shift out-of-bounds in vhci_hub_control() - USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem - [arm64,armhf] usb: musb: Fix suspend with devices connected for a64 - cdc-acm: fix BREAK rx code path adding necessary calls - USB: cdc-acm: untangle a circular dependency between callback and softint - USB: cdc-acm: downgrade message to debug - USB: cdc-acm: fix double free on probe failure - USB: cdc-acm: fix use-after-free after probe failure - [i386] usb: gadget: udc: amd5536udc_pci fix null-ptr-dereference - [arm*] usb: dwc2: Fix HPRT0.PrtSusp bit setting for HiKey 960 board. - [x86] staging: rtl8192e: Fix incorrect source in memcpy() - staging: rtl8192e: Change state information from u16 to u8 - drivers: video: fbcon: fix NULL dereference in fbcon_cursor() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.186 - [armhf] bus: ti-sysc: Fix warning on unbind if reset is not deasserted - [x86] platform/x86: intel-hid: Support Lenovo ThinkPad X1 Tablet Gen 2 - mISDN: fix crash in fritzpci - mac80211: choose first enabled channel for monitor - [arm64] drm/msm: Ratelimit invalid-fence message - [x86] platform/x86: thinkpad_acpi: Allow the FnLock LED to change state - scsi: target: pscsi: Clean up after failure in pscsi_map_sg() - cifs: revalidate mapping when we open files for SMB1 POSIX - cifs: Silently ignore unknown oplock break handle - [amd64] bpf, x86: Validate computation of branch displacements for x86-64 (CVE-2021-29154) - [i386] bpf, x86: Validate computation of branch displacements for x86-32 (CVE-2021-29154) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.187 - ALSA: aloop: Fix initialization of controls - [x86] ASoC: intel: atom: Stop advertising non working S24LE support - nfc: fix refcount leak in llcp_sock_bind() (CVE-2020-25670) - nfc: fix refcount leak in llcp_sock_connect() (CVE-2020-25671) - nfc: fix memory leak in llcp_sock_connect() (CVE-2020-25672) - nfc: Avoid endless loops caused by repeated llcp_sock_connect() - xen/evtchn: Change irq_info lock to raw_spinlock_t - net: ipv6: check for validity before dereferencing cfg->fc_nlinfo.nlh - ocfs2: fix deadlock between setattr and dio_end_io_write - fs: direct-io: fix missing sdio->boundary - [armhf] dts: turris-omnia: configure LED[2]/INTn pin as interrupt pin - batman-adv: initialize "struct batadv_tvlv_tt_vlan_data"->reserved field - ice: Increase control queue timeout - net: hso: fix null-ptr-deref during tty device unregistration - net: ensure mac header is set in virtio_net_hdr_to_skb() - net: sched: sch_teql: fix null-pointer dereference - net-ipv6: bugfix - raw & sctp - switch to ipv6_can_nonlocal_bind() - usbip: add sysfs_lock to synchronize sysfs code paths - usbip: stub-dev synchronize sysfs code paths - usbip: vudc synchronize sysfs code paths - usbip: synchronize event handler with sysfs code paths - i2c: turn recovery error on init to debug - virtio_net: Add XDP meta data support - xfrm: interface: fix ipv4 pmtu check to honor ip header df - net: xfrm: Localize sequence counter per network namespace - i40e: Added Asym_Pause to supported link modes - i40e: Fix kernel oops when i40e driver removes VF's - sch_red: fix off-by-one checks in red_check_params() - cxgb4: avoid collecting SGE_QBASE regs during traffic - net:tipc: Fix a double free in tipc_sk_mcast_rcv - [armhf] ASoC: sunxi: sun4i-codec: fill ASoC card owner - clk: fix invalid usage of list cursor in register - clk: fix invalid usage of list cursor in unregister - workqueue: Move the position of debug_work_activate() in __queue_work() - [s390x] cpcmd: fix inline assembly register clobbering - net/mlx5: Fix placement of log_max_flow_counter - net/mlx5: Fix PBMC register mapping - RDMA/cxgb4: check for ipv6 address properly while destroying listener - [armhf] clk: socfpga: fix iomem pointer cast on 64-bit - net: sched: bump refcount for new action in ACT replace mode - cfg80211: remove WARN_ON() in cfg80211_sme_connect - net: tun: set tun->dev->addr_len during TUNSETLINK processing - drivers: net: fix memory leak in atusb_probe - drivers: net: fix memory leak in peak_usb_create_dev - net: mac802154: Fix general protection fault - net: ieee802154: nl-mac: fix check on panid - net: ieee802154: fix nl802154 del llsec key - net: ieee802154: fix nl802154 del llsec dev - net: ieee802154: fix nl802154 add llsec key - net: ieee802154: fix nl802154 del llsec devkey - net: ieee802154: forbid monitor for set llsec params - net: ieee802154: forbid monitor for del llsec seclevel - net: ieee802154: stop dump llsec params for monitors - Revert "cifs: Set CIFS_MOUNT_USE_PREFIX_PATH flag on setting cifs_sb->prepath." (Closes: #988352) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.188 - [arm64] KVM: Hide system instruction access to Trace registers - [arm64] KVM: Disable guest access to trace filter controls - [armhf] drm/imx: imx-ldb: fix out of bounds array access warning - gfs2: report "already frozen/thawed" errors - [arm64,armhf] drm/tegra: dc: Don't set PLL clock to 0Hz - block: only update parent bi_status when bio fail - net: phy: broadcom: Only advertise EEE for supported modes - staging: m57621-mmc: delete driver from the tree. (Closes: #986949) - netfilter: x_tables: fix compat match/target pad out-of-bound write - driver core: Fix locking bug in deferred_probe_timeout_work_func() - xen/events: fix setting irq affinity https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.189 - net/sctp: fix race condition in sctp_destroy_sock - gpio: sysfs: Obey valid_mask - neighbour: Disregard DEAD dst in neigh_update - [arm64] drm/msm: Fix a5xx/a6xx timestamps - scsi: scsi_transport_srp: Don't block target in SRP_PORT_LOST state - net: ieee802154: stop dump llsec keys for monitors - net: ieee802154: stop dump llsec devs for monitors - net: ieee802154: forbid monitor for add llsec dev - net: ieee802154: stop dump llsec devkeys for monitors - net: ieee802154: forbid monitor for add llsec devkey - net: ieee802154: stop dump llsec seclevels for monitors - net: ieee802154: forbid monitor for add llsec seclevel - pcnet32: Use pci_resource_len to validate PCI resource - mac80211: clear sta->fast_rx when STA removed from 4-addr VLAN - HID: wacom: set EV_KEY and EV_ABS only for non-HID_GENERIC type of devices - readdir: make sure to verify directory entry for legacy interfaces too - [arm64] fix inline asm in load_unaligned_zeropad() - [arm64] alternatives: Move length validation in alternative_{insn, endif} - scsi: libsas: Reset num_scatter if libata marks qc as NODATA - netfilter: conntrack: do not print icmpv6 as unknown via /proc - netfilter: nft_limit: avoid possible divide error in nft_limit_init - net: sit: Unregister catch-all devices - net: ip6_tunnel: Unregister catch-all devices - i40e: fix the panic when running bpf in xdpdrv mode - [armel,armhf] 9071/1: uprobes: Don't hook on thumb instructions - net: phy: marvell: fix detection of PHY on Topaz switches - gup: document and work around "COW can break either way" issue (CVE-2020-29374) - [x86] pinctrl: lewisburg: Update number of pins in community - locking/qrwlock: Fix ordering in queued_write_lock_slowpath() - [x86] perf/x86/intel/uncore: Remove uncore extra PCI dev HSWEP_PCI_PCU_3 - HID: alps: fix error return code in alps_input_configured() - HID: wacom: Assign boolean values to a bool variable - net: geneve: check skb is large enough for IPv4/IPv6 header - [s390x] entry: save the caller of psw_idle - xen-netback: Check for hotplug-status existence before watching - [x86] crash: Fix crash_setup_memmap_entries() out-of-bounds access - net: hso: fix NULL-deref on disconnect regression - USB: CDC-ACM: fix poison/unpoison imbalance https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.190 - [x86] ACPI: tables: x86: Reserve memory occupied by ACPI tables - [x86] ACPI: x86: Call acpi_boot_table_init() after acpi_table_upgrade() - net: usb: ax88179_178a: initialize local variables before use - iwlwifi: Fix softirq/hardirq disabling in iwl_pcie_enqueue_hcmd() - [mips*] Do not include hi and lo in clobber list for R6 - bpf: Fix masking negation logic upon negative dst register (CVE-2021-31829) - iwlwifi: Fix softirq/hardirq disabling in iwl_pcie_gen2_enqueue_hcmd() - ALSA: usb-audio: Add MIDI quirk for Vox ToneLab EX - USB: Add LPM quirk for Lenovo ThinkPad USB-C Dock Gen2 Ethernet - USB: Add reset-resume quirk for WD19's Realtek Hub - [x86] platform/x86: thinkpad_acpi: Correct thermal sensor allocation - ovl: allow upperdir inside lowerdir https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.191 - [s390x] disassembler: increase ebpf disasm buffer size - ftrace: Handle commands when closing set_ftrace_filter file - ecryptfs: fix kernel panic with null dev_name - [armhf] spi: spi-ti-qspi: Free DMA resources - scsi: qla2xxx: Fix crash in qla2xxx_mqueuecommand() - mmc: sdhci-pci: Fix initialization of some SD cards for Intel BYT-based controllers - mmc: block: Update ext_csd.cache_ctrl if it was written - mmc: block: Issue a cache flush only when it's enabled - mmc: core: Do a power cycle when the CMD11 fails - mmc: core: Set read only for SD cards with permanent write protect bit - cifs: Return correct error code from smb2_get_enc_key - btrfs: fix metadata extent leak after failure to create subvolume - [x86] intel_th: pci: Add Rocket Lake CPU support - fbdev: zero-fill colormap in fbcmap.c - staging: wimax/i2400m: fix byte-order issue - crypto: api - check for ERR pointers in crypto_destroy_tfm() - usb: gadget: uvc: add bInterval checking for HS mode - [x86] genirq/matrix: Prevent allocation counter corruption - usb: gadget: f_uac1: validate input parameters - [arm64,armhf] usb: dwc3: gadget: Ignore EP queue requests during bus reset - usb: xhci: Fix port minor revision - PCI: PM: Do not read power state in pci_enable_device_flags() - [arm64] tee: optee: do not check memref size on return from Secure World - [arm*] perf/arm_pmu_platform: Fix error handling - xhci: check control context is valid before dereferencing it. - xhci: fix potential array out of bounds with several interrupters - [x86] intel_th: Consistency and off-by-one fix - [armhf] phy: phy-twl4030-usb: Fix possible use-after-free in twl4030_usb_remove() - btrfs: convert logic BUG_ON()'s in replace_path to ASSERT()'s - scsi: lpfc: Fix incorrect dbde assignment when building target abts wqe - scsi: lpfc: Fix pt2pt connection does not recover after LOGO - scsi: target: pscsi: Fix warning in pscsi_complete_cmd() - [x86] media: ite-cir: check for receive overflow - power: supply: bq27xxx: fix power_avg for newer ICs - media: media/saa7164: fix saa7164_encoder_register() memory leak bugs - media: gspca/sq905.c: fix uninitialized variable - drm/amdgpu : Fix asic reset regression issue introduce by 8f211fe8ac7c4f - scsi: qla2xxx: Always check the return value of qla24xx_get_isp_stats() - scsi: qla2xxx: Fix use after free in bsg - scsi: scsi_dh_alua: Remove check for ASC 24h in alua_rtpg() - media: em28xx: fix memory leak - media: vivid: update EDID - [armhf] clk: socfpga: arria10: Fix memory leak of socfpga_clk on error return - media: dvb-usb: fix memory leak in dvb_usb_adapter_init - media: gscpa/stv06xx: fix memory leak - [arm64] drm/msm/mdp5: Configure PP_SYNC_HEIGHT to double the vtotal - drm/amdgpu: fix NULL pointer dereference - scsi: lpfc: Fix crash when a REG_RPI mailbox fails triggering a LOGO response - scsi: lpfc: Remove unsupported mbox PORT_CAPABILITIES logic - scsi: libfc: Fix a format specifier - [s390x] archrandom: add parameter check for s390_arch_random_generate - [i386] ALSA: emu8000: Fix a use after free in snd_emu8000_create_mixer - ALSA: hda/conexant: Re-order CX5066 quirk table entries - [i386] ALSA: sb: Fix two use after free in snd_sb_qsound_build - ALSA: usb-audio: Explicitly set up the clock selector - ALSA: usb-audio: More constifications - ALSA: usb-audio: Add dB range mapping for Sennheiser Communications Headset PC 8 - ALSA: hda/realtek: Add quirk for Intel Clevo PCx0Dx - btrfs: fix race when picking most recent mod log operation for an old root - [arm64] vdso: Discard .note.gnu.property sections in vDSO - ubifs: Only check replay with inode type to judge if inode linked - f2fs: fix to avoid out-of-bounds memory access (CVE-2021-3506) - openvswitch: fix stack OOB read while fragmenting IPv4 packets - [arm64] ACPI: GTDT: Don't corrupt interrupt mappings on watchdow probe failure - NFS: Don't discard pNFS layout segments that are marked for return - NFSv4: Don't discard segments marked for return in _pnfs_return_layout() - jffs2: Fix kasan slab-out-of-bounds problem - [powerpc*] eeh: Fix EEH handling for hugepages in ioremap space. - [x86] intel_th: pci: Add Alder Lake-M support - [arm64,x86] tpm: vtpm_proxy: Avoid reading host log when using a virtual device - md/raid1: properly indicate failure when ending a failed write request - dm raid: fix inconclusive reshape layout on fast raid4/5/6 table reload sequences - security: commoncap: fix -Wstringop-overread warning - jffs2: check the validity of dstlen in jffs2_zlib_compress() - Revert 337f13046ff0 ("futex: Allow FUTEX_CLOCK_REALTIME with FUTEX_WAIT op") - posix-timers: Preserve return value in clock_adjtime32() - [arm64] vdso: remove commas between macro name and arguments - ext4: fix check to prevent false positive report of incorrect used inodes - ext4: do not set SB_ACTIVE in ext4_orphan_cleanup() - ext4: fix error code in ext4_commit_super - media: dvbdev: Fix memory leak in dvb_media_device_free() - usb: gadget: Fix double free of device descriptor pointers - usb: gadget/function/f_fs string table fix for multiple languages - [arm64,armhf] usb: dwc3: gadget: Fix START_TRANSFER link state check - [arm*] usb: dwc2: Fix session request interrupt handler - tty: fix memory leak in vc_deallocate - tracing: Map all PIDs to command lines - tracing: Restructure trace_clock_global() to never block - dm space map common: fix division bug in sm_ll_find_free_block() - dm rq: fix double free of blk_mq_tag_set in dev remove after table load fails - modules: mark ref_module static - modules: mark find_symbol static - modules: mark each_symbol_section static - modules: unexport __module_text_address - modules: unexport __module_address - modules: rename the licence field in struct symsearch to license - modules: return licensing information from find_symbol - modules: inherit TAINT_PROPRIETARY_MODULE - Bluetooth: verify AMP hci_chan before amp_destroy (CVE-2021-33034) - bluetooth: eliminate the potential race condition when removing the HCI controller (CVE-2021-32399) - net/nfc: fix use-after-free llcp_sock_bind/connect (CVE-2021-23134) - FDDI: defxx: Bail out gracefully with unassigned PCI resource for CSR - misc: lis3lv02d: Fix false-positive WARN on various HP models - [x86] misc: vmw_vmci: explicitly initialize vmci_notify_bm_set_msg struct - [x86] misc: vmw_vmci: explicitly initialize vmci_datagram payload - md/bitmap: wait for external bitmap writes to complete during tear down - md-cluster: fix use-after-free issue when removing rdev - md: split mddev_find - md: factor out a mddev_find_locked helper from mddev_find - md: md_open returns -EBUSY when entering racing area - md: Fix missing unused status line of /proc/mdstat - ipw2x00: potential buffer overflow in libipw_wx_set_encodeext() - cfg80211: scan: drop entry from hidden_list on overflow - drm/radeon: fix copy of uninitialized variable back to userspace - ALSA: hda/realtek: Re-order ALC882 Acer quirk table entries - ALSA: hda/realtek: Re-order ALC882 Sony quirk table entries - ALSA: hda/realtek: Re-order ALC882 Clevo quirk table entries - ALSA: hda/realtek: Re-order ALC269 HP quirk table entries - ALSA: hda/realtek: Re-order ALC269 Dell quirk table entries - ALSA: hda/realtek: Re-order ALC269 Sony quirk table entries - ALSA: hda/realtek: Re-order ALC269 Lenovo quirk table entries - ALSA: hda/realtek: Remove redundant entry for ALC861 Haier/Uniwill devices - [x86] cpu: Initialize MSR_TSC_AUX if RDTSCP *or* RDPID is supported - [s390x] KVM: split kvm_s390_logical_to_effective - [s390x] KVM: fix guarded storage control register handling - [s390x] KVM: split kvm_s390_real_to_abs - ovl: fix missing revert_creds() on error path - [x86] usb: gadget: pch_udc: Revert d3cb25a12138 completely - [armhf] memory: gpmc: fix out of bounds read and dereference on gpmc_cs[] - [armhf] dts: exynos: correct PMIC interrupt trigger level on SMDK5250 - regmap: set debugfs_name to NULL after it is freed - mtd: Handle possible -EPROBE_DEFER from parse_mtd_partitions() - [x86] microcode: Check for offline CPUs before requesting new microcode - [x86] usb: gadget: pch_udc: Replace cpu_to_le32() by lower_32_bits() - [x86] usb: gadget: pch_udc: Check if driver is present before calling ->setup() - [x86] usb: gadget: pch_udc: Check for DMA mapping error - [x86] crypto: qat - don't release uninitialized resources - [x86] crypto: qat - ADF_STATUS_PF_RUNNING should be set after adf_dev_init - mtd: require write permissions for locking and badblock ioctls - [arm64] bus: qcom: Put child node before return - [x86] crypto: qat - fix error path in adf_isr_resource_alloc() - [armhf] mtd: rawnand: gpmi: Fix a double free in gpmi_nand_init - [arm64,armhf] irqchip/gic-v3: Fix OF_BAD_ADDR error handling - [x86] staging: rtl8192u: Fix potential infinite loop - spi: Fix use-after-free with devm_spi_alloc_* - [arm64] soc: qcom: mdt_loader: Validate that p_filesz < p_memsz - [arm64] soc: qcom: mdt_loader: Detect truncated read of segments - [amd64,arm64] ACPI: CPPC: Replace cppc_attr with kobj_attribute - [x86] crypto: qat - Fix a double free in adf_create_ring - [arm64] cpufreq: armada-37xx: Fix setting TBG parent for load levels - [arm64] clk: mvebu: armada-37xx-periph: remove .set_parent method for CPU PM clock - [arm64] cpufreq: armada-37xx: Fix the AVS value for load L1 - [arm64] clk: mvebu: armada-37xx-periph: Fix switching CPU freq from 250 Mhz to 1 GHz - [arm64] clk: mvebu: armada-37xx-periph: Fix workaround for switching from L1 to L0 - [arm64] cpufreq: armada-37xx: Fix driver cleanup when registration failed - [arm64] cpufreq: armada-37xx: Fix determining base CPU frequency - USB: cdc-acm: fix unprivileged TIOCCSERIAL - tty: actually undefine superseded ASYNC flags - tty: fix return value for unsupported ioctls - usbip: vudc: fix missing unlock on error in usbip_sockfd_store() - [x86] platform/x86: pmc_atom: Match all Beckhoff Automation baytrail boards with critclk_systems DMI table - [x86] Drivers: hv: vmbus: Increase wait time for VMbus unload - [arm*] usb: dwc2: Fix host mode hibernation exit with remote wakeup flow. - [arm*] usb: dwc2: Fix hibernation between host and device modes. - ttyprintk: Add TTY hangup callback. - media: vivid: fix assignment of dev->fbuf_out_flags - media: m88rs6000t: avoid potential out-of-bounds reads on arrays - [x86] kprobes: Fix to check non boostable prefixes correctly - sata_mv: add IRQ checks - ata: libahci_platform: fix IRQ check - nvme: retrigger ANA log update if group descriptor isn't found - [arm64] clk: qcom: a53-pll: Add missing MODULE_DEVICE_TABLE - [powerpc*] scsi: ibmvfc: Fix invalid state machine BUG_ON() - [armhf] HSI: core: fix resource leaks in hsi_add_client_from_dt() - [amd64] x86/events/amd/iommu: Fix sysfs type mismatch - sched/debug: Fix cgroup_path[] serialization - drivers/block/null_blk/main: Fix a double free in null_init. - HID: plantronics: Workaround for double volume key presses - [powerpc*] prom: Mark identical_pvr_fixup as __init - ALSA: core: remove redundant spin_lock pair in snd_card_disconnect - bug: Remove redundant condition check in report_bug - nfc: pn533: prevent potential memory corruption - [arm64] net: hns3: Limiting the scope of vector_ring_chain variable - ALSA: usb-audio: Add error checks for usb_driver_claim_interface() calls - [powerpc*] 64s: Fix pte update for kernel memory on radix - [powerpc*] perf: Fix PMU constraint check for EBB events - mac80211: bail out if cipher schemes are invalid - mt7601u: fix always true expression - [amd64] IB/hfi1: Fix error return code in parse_platform_config() - [arm64] net: thunderx: Fix unintentional sign extension issue - RDMA/srpt: Fix error return code in srpt_cm_req_recv() - [mips*] pci-legacy: stop using of_pci_range_to_resource - [powerpc*] pseries: extract host bridge from pci_bus prior to bus removal - rtlwifi: 8821ae: upgrade PHY and RF parameters - mwl8k: Fix a double Free in mwl8k_probe_hw - [x86] vsock/vmci: log once the failed queue pair allocation - RDMA/i40iw: Fix error unwinding when i40iw_hmc_sd_one fails - ALSA: usb: midi: don't return -ENOMEM when usb_urb_ep_type_check fails - [armhf] net: davinci_emac: Fix incorrect masking of tx and rx error channel - ath9k: Fix error check in ath9k_hw_read_revisions() for PCI devices - ath10k: Fix ath10k_wmi_tlv_op_pull_peer_stats_info() unlock without lock - bnxt_en: fix ternary sign extension bug in bnxt_show_temp() - net: geneve: modify IP header check in geneve6_xmit_skb and geneve_xmit_skb - [arm64] net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send - net:nfc:digital: Fix a double free in digital_tg_recv_dep_req - mm/sparse: add the missing sparse_buffer_fini() in error branch - mm/memory-failure: unnecessary amount of unmapping - net: Only allow init netns to set default tcp cong to a restricted algo - smp: Fix smp_call_function_single_async prototype - Revert "net/sctp: fix race condition in sctp_destroy_sock" - sctp: delay auto_asconf init until binding the first addr (CVE-2021-23133) - Revert "of/fdt: Make sure no-map does not remove already reserved regions" - Revert "fdt: Properly handle "no-map" field in the memory region" - [arm64,x86] tpm: fix error return code in tpm2_get_cc_attrs_tbl() - fs: dlm: fix debugfs dump - tipc: convert dest node's address to network order - [x86] ASoC: Intel: bytcr_rt5640: Enable jack-detect support on Asus T100TAF - [arm64] net: stmmac: Set FIFO sizes for ipq806x - i2c: bail out early when RDWR parameters are wrong - ALSA: hdsp: don't disable if not enabled - ALSA: hdspm: don't disable if not enabled - ALSA: rme9652: don't disable if not enabled - Bluetooth: Set CONF_NOT_COMPLETE as l2cap_chan default - Bluetooth: initialize skb_queue_head at l2cap_chan_create() - net: bridge: when suppression is enabled exclude RARP packets - Bluetooth: check for zapped sk before connecting - ip6_vti: proper dev_{hold|put} in ndo_[un]init methods - [x86] ASoC: Intel: bytcr_rt5640: Add quirk for the Chuwi Hi8 tablet - i2c: Add I2C_AQ_NO_REP_START adapter quirk - mac80211: clear the beacon's CRC after channel switch - [armhf] pinctrl: samsung: use 'int' for register masks in Exynos - cuse: prevent clone - sctp: Fix out-of-bounds warning in sctp_process_asconf_param() - [powerpc*] smp: Set numa node before updating mask - [x86] ASoC: rt286: Generalize support for ALC3263 codec - ethtool: ioctl: Fix out-of-bounds warning in store_link_ksettings_for_user() - [powerpc*] pseries: Stop calling printk in rtas_stop_self() - [x86] wl3501_cs: Fix out-of-bounds warnings in wl3501_send_pkt - [x86] wl3501_cs: Fix out-of-bounds warnings in wl3501_mgmt_join - [powerpc*] iommu: Annotate nested lock for lockdep - [x86] ASoC: rt286: Make RT286_SET_GPIO_* readable and writable - f2fs: fix a redundant call to f2fs_balance_fs if an error occurs - PCI: Release OF node in pci_scan_device()'s error path - [armel,armhf] 9064/1: hw_breakpoint: Do not directly check the event's overflow_handler hook - [arm64] rpmsg: qcom_glink_native: fix error return code of qcom_glink_rx_data() - NFSv4.2: Always flush out writes in nfs42_proc_fallocate() - NFS: Deal correctly with attribute generation counter overflow - pNFS/flexfiles: fix incorrect size check in decode_nfs_fh() - NFSv4.2 fix handling of sr_eof in SEEK's reply - rtc: ds1307: Fix wday settings for rx8130 - [arm64] net: hns3: disable phy loopback setting in hclge_mac_start_phy - sctp: do asoc update earlier in sctp_sf_do_dupcook_a - ethernet:enic: Fix a use after free bug in enic_hard_start_xmit - sctp: fix a SCTP_MIB_CURRESTAB leak in sctp_sf_do_dupcook_b - netfilter: xt_SECMARK: add new revision to fix structure layout - drm/radeon: Fix off-by-one power_state index heap overwrite - drm/radeon: Avoid power table parsing memory leaks - khugepaged: fix wrong result value for trace_mm_collapse_huge_page_isolate() - mm/hugeltb: handle the error case in hugetlb_fix_reserve_counts() - ksm: fix potential missing rmap_item for stable_node - net: fix nla_strcmp to handle more then one trailing null character - smc: disallow TCP_ULP in smc_setsockopt() - netfilter: nfnetlink_osf: Fix a missing skb_header_pointer() NULL check - sched/fair: Fix unfairness caused by missing load decay - [amd64] kernel: kexec_file: fix error return code of kexec_calculate_store_digests() - netfilter: nftables: avoid overflows in nft_hash_buckets() - i40e: Fix use-after-free in i40e_client_subtask() - [powerpc*] 64s: Fix crashes when toggling stf barrier - [powerpc*] 64s: Fix crashes when toggling entry flush barrier - hfsplus: prevent corruption in shrinking truncate - squashfs: fix divide error in calculate_skip() - userfaultfd: release page in error path to avoid BUG_ON - drm/radeon/dpm: Disable sclk switching on Oland when two 4K 60Hz monitors are connected - [arm64,x86] ACPI: scan: Fix a memory leak in an error handling path - blk-mq: Swap two calls in blk_mq_exit_queue() - [armhf] usb: dwc3: omap: improve extcon initialization - [arm64] usb: dwc3: pci: Enable usb2-gadget-lpm-disable for Intel Merrifield - [arm*] usb: dwc2: Fix gadget DMA unmap direction - usb: core: hub: fix race condition about TRSMRCY of resume - [arm64,armhf] usb: dwc3: gadget: Return success always for kick transfer in ep queue - xhci: Do not use GFP_KERNEL in (potentially) atomic context - xhci: Add reset resume quirk for AMD xhci controller. - [x86] iio: tsl2583: Fix division by a zero lux_val - cdc-wdm: untangle a circular dependency between callback and softint - [x86] KVM: Cancel pvclock_gtod_work on module removal - thermal/core/fair share: Lock the thermal zone while looping over instances - kobject_uevent: remove warning in init_uevent_argv() - netfilter: conntrack: Make global sysctls readonly in non-init netns - nvme: do not try to reconfigure APST when the controller is not live - [x86] msr: Fix wr/rdmsr_safe_regs_on_cpu() prototypes - usb: sl811-hcd: improve misleading indentation - cxgb4: Fix the -Wmisleading-indentation warning - isdn: capi: fix mismatched prototypes - [arm64] PCI: thunder: Fix compile testing - [armel,armhf] 9066/1: ftrace: pause/unpause function graph tracer in cpu_suspend() - [arm64,x86] ACPI / hotplug / PCI: Fix reference count leak in enable_slot() - [arm64] Input: elants_i2c - do not bind to i2c-hid compatible ACPI instantiated devices - [armel,armhf] 9075/1: kernel: Fix interrupted SMC calls - ceph: fix fscache invalidation - scsi: target: tcmu: Return from tcmu_handle_completions() if cmd_id not found - [arm64,x86] gpiolib: acpi: Add quirk to ignore EC wakeups on Dell Venue 10 Pro 5055 - ALSA: hda: generic: change the DAC ctl name for LO+SPK or LO+HP - block: reexpand iov_iter after read/write - [arm64,armhf] net: stmmac: Do not enable RX FIFO overflow interrupts - ip6_gre: proper dev_{hold|put} in ndo_[un]init methods - sit: proper dev_{hold|put} in ndo_[un]init methods - ip6_tunnel: sit: proper dev_{hold|put} in ndo_[un]init methods - ipv6: remove extra dev_hold() for fallback tunnels - iomap: fix sub-page uptodate handling - [arm64] KVM: Initialize VCPU mdcr_el2 before loading it - tweewide: Fix most Shebang lines - scripts: switch explicitly to Python 3 https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.192 - RDMA/rxe: Clear all QP fields if creation failed - scsi: qla2xxx: Fix error return code in qla82xx_write_flash_dword() - RDMA/mlx5: Recover from fatal event in dual port mode - [x86] platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios - ptrace: make ptrace() fail if the tracee changed its pid unexpectedly - nvmet: seset ns->file when open fails - locking/mutex: clear MUTEX_FLAGS if wait_list is empty due to signal - cifs: fix memory leak in smb2_copychunk_range - ALSA: dice: fix stream format for TC Electronic Konnekt Live at high sampling transfer frequency - ALSA: line6: Fix racy initialization of LINE6 MIDI - ALSA: dice: fix stream format at middle sampling rate for Alesis iO 26 - ALSA: usb-audio: Validate MS endpoint descriptors - ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro - [i386] Revert "ALSA: sb8: add a check for request_region" - ALSA: hda/realtek: reset eapd coeff to default value for alc287 - ALSA: hda/realtek: Add some CLOVE SSIDs of ALC293 - [arm64] Revert "serial: mvebu-uart: Fix to avoid a potential NULL pointer dereference" - [x86] xen-pciback: reconfigure also from backend watch handler - dm snapshot: fix crash with transient storage and zero chunk size - [x86] Revert "video: hgafb: fix potential NULL pointer dereference" - [arm64,armhf] Revert "net: stmicro: fix a missing check of clk_prepare" - [armhf] Revert "leds: lp5523: fix a missing check of return value of lp55xx_read" - Revert "hwmon: (lm80) fix a missing check of bus read in lm80 probe" - Revert "ecryptfs: replace BUG_ON with error handling code" - Revert "rtlwifi: fix a potential NULL pointer dereference" - Revert "qlcnic: Avoid potential NULL pointer dereference" - Revert "niu: fix missing checks of niu_pci_eeprom_read" - ethernet: sun: niu: fix missing checks of niu_pci_eeprom_read() - [arm64,armhf] net: stmicro: handle clk_prepare() failure during init - net: rtlwifi: properly check for alloc_workqueue() failure - [armhf] leds: lp5523: check return value of lp5xx_read and jump to cleanup code - qlcnic: Add null check after calling netdev_alloc_skb - [x86] video: hgafb: fix potential NULL pointer dereference - vgacon: Record video mode changes with VT_RESIZEX - vt: Fix character height handling with VT_RESIZEX - tty: vt: always invoke vc->vc_sw->con_resize callback - [x86] video: hgafb: correctly handle card detect failure during probe - Bluetooth: SMP: Fail if remote and local public keys are identical (CVE-2020-26558, CVE-2021-0129) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.193 - mm, vmstat: drop zone->lock in /proc/pagetypeinfo - [arm64,armhf] usb: dwc3: gadget: Enable suspend events - NFC: nci: fix memory leak in nci_allocate_device - cifs: set server->cipher_type to AES-128-CCM for SMB3.0 - NFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return() - [amd64] iommu/vt-d: Fix sysfs leak in alloc_iommu() - proc: Check /proc/$pid/attr/ writes against file opener - net: hso: fix control-request directions - mac80211: assure all fragments are encrypted (CVE-2020-26147) - mac80211: prevent mixed key and fragment cache attacks (CVE-2020-24586, CVE-2020-24587) - mac80211: properly handle A-MSDUs that start with an RFC 1042 header - cfg80211: mitigate A-MSDU aggregation attacks (CVE-2020-24588) - mac80211: drop A-MSDUs on old ciphers (CVE-2020-24588) - mac80211: add fragment cache to sta_info - mac80211: check defrag PN against current frame - mac80211: prevent attacks on TKIP/WEP as well - mac80211: do not accept/forward invalid EAPOL frames (CVE-2020-26139) - mac80211: extend protection against mixed key and fragment cache attacks (CVE-2020-24586, CVE-2020-24587) - ath10k: Validate first subframe of A-MSDU before processing the list - dm snapshot: properly fix a crash when an origin has no snapshots - misc/uss720: fix memory leak in uss720_probe - [x86] thunderbolt: dma_port: Fix NVM read buffer bounds and offset issue - [x86] mei: request autosuspend after sending rx flow control - USB: trancevibrator: fix control-request direction - USB: usbfs: Don't WARN about excessively large memory allocations - serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait' - USB: serial: ti_usb_3410_5052: add startech.com device id - USB: serial: option: add Telit LE910-S1 compositions 0x7010, 0x7011 - USB: serial: ftdi_sio: add IDs for IDS GmbH Products - USB: serial: pl2303: add device id for ADLINK ND-6530 GC - [arm64,armhf] usb: dwc3: gadget: Properly track pending and queued SG - net: usb: fix memory leak in smsc75xx_bind - bpf: extend is_branch_taken to registers - bpf: Test_verifier, bpf_get_stack return value add <0 - bpf, test_verifier: switch bpf_get_stack's 0 s> r8 test - bpf: Move off_reg into sanitize_ptr_alu (CVE-2021-29155) - bpf: Ensure off_reg has no mixed signed bounds for all types (CVE-2021-29155) - bpf: Rework ptr_limit into alu_limit and add common error path (CVE-2021-29155) - bpf: Improve verifier error messages for users (CVE-2021-29155) - bpf: Refactor and streamline bounds check into helper (CVE-2021-29155) - bpf: Move sanitize_val_alu out of op switch (CVE-2021-29155) - bpf: Tighten speculative pointer arithmetic mask (CVE-2021-29155) - bpf: Update selftests to reflect new error states - bpf: Fix leakage of uninitialized bpf stack under speculation (CVE-2021-31829) - bpf: Wrap aux data inside bpf_sanitize_info container - bpf: Fix mask direction swap upon off reg sign change - bpf: No need to simulate speculative domain for immediates - [armhf] spi: gpio: Don't leak SPI master in probe error path - Bluetooth: cmtp: fix file refcount when cmtp_attach_device fails - NFS: fix an incorrect limit in filelayout_decode_layout() - NFS: Don't corrupt the value of pg_bytes_written in nfs_do_recoalesce() - NFSv4: Fix v4.0/v4.1 SEEK_DATA return -ENOTSUPP when set NFS_V4_2 config - [arm64] drm/meson: fix shutdown crash when component not probed - net/mlx4: Fix EEPROM dump support - Revert "net:tipc: Fix a double free in tipc_sk_mcast_rcv" - tipc: skb_linearize the head skb when reassembling msgs - [arm64,armhf] net: dsa: fix a crash if ->get_sset_count() fails - [armhf] i2c: s3c2410: fix possible NULL pointer deref on read message after write - [x86] i2c: i801: Don't generate an interrupt on bus reset - [x86] platform/x86: hp_accel: Avoid invoking _INI to speed up resume - [x86] net: fujitsu: fix potential null-ptr-deref - [x86] char: hpet: add checks after calling ioremap - isdn: mISDNinfineon: check/cleanup ioremap failure correctly in setup_io - [arm64] dmaengine: qcom_hidma: comment platform_driver_register call - libertas: register sysfs groups properly - media: dvb: Add check on sp8870_readreg return - media: gspca: properly check for errors in po1030_probe() - [x86] scsi: BusLogic: Fix 64-bit system enumeration error for Buslogic - btrfs: do not BUG_ON in link_to_fixup_dir - [x86] platform/x86: hp-wireless: add AMD's hardware id to the supported list - SMB3: incorrect file id in requests compounded with open - drm/amd/amdgpu: fix refcount leak - drm/amdgpu: Fix a use-after-free - [arm64,armhf] net: dsa: fix error code getting shifted with 4 in dsa_slave_get_sset_count - [armhf] net: fec: fix the potential memory leak in fec_enet_init() - [arm64] net: mdio: thunder: Fix a double free issue in the .remove function - [mips*] net: mdio: octeon: Fix some double free issues - openvswitch: meter: fix race when getting now_ms. - net: bnx2: Fix error return code in bnx2_init_board() - mld: fix panic in mld_newpack() - bpf: Set mac_len in bpf_skb_change_head - ixgbe: fix large MTU request from VF - scsi: libsas: Use _safe() loop in sas_resume_port() - ipv6: record frag_max_size in atomic fragments in input path - sch_dsmark: fix a NULL deref in qdisc_reset() - hugetlbfs: hugetlb_fault_mutex_hash() cleanup - drivers/net/ethernet: clean up unused assignments - [arm64] net: hns3: check the return of skb_checksum_help() - usb: core: reduce power-on-good delay time of root hub https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.194 - net: usb: cdc_ncm: don't spew notifications (Closes: #989451) - ALSA: usb: update old-style static const declaration - nl80211: validate key indexes for cfg80211_registered_device - efi: Allow EFI_MEMORY_XP and EFI_MEMORY_RO both to be cleared - [arm64,x86] efi: cper: fix snprintf() use in cper_dimm_err_location() - vfio/pci: Fix error return code in vfio_ecap_init() - ipvs: ignore IP_VS_SVC_F_HASHED flag when adding service - HID: pidff: fix error return code in hid_pidff_init() - [arm64,x86] HID: i2c-hid: fix format string mismatch - netfilter: nfnetlink_cthelper: hit EBUSY on updates if size mismatches - ieee802154: fix error return code in ieee802154_add_iface() - ieee802154: fix error return code in ieee802154_llsec_getparams() - ixgbevf: add correct exception tracing for XDP - tipc: add extack messages for bearer/media failure - tipc: fix unique bearer names sanity check - Bluetooth: fix the erroneous flush_work() order (CVE-2021-3564) - Bluetooth: use correct lock to prevent UAF of hdev object (CVE-2021-3573) - HID: multitouch: require Finger field to mark Win8 reports as MT - ALSA: timer: Fix master timer notification - ALSA: hda: Fix for mute key LED for HP Pavilion 15-CK0xx - ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed - [arm*] usb: dwc2: Fix build in periphal-only mode - pid: take a reference when initializing `cad_pid` - ocfs2: fix data corruption by fallocate - nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect (CVE-2021-3587) - [x86] apic: Mark _all_ legacy interrupts when IO/APIC is missing - btrfs: mark ordered extent and inode with error if we fail to finish - btrfs: fix error handling in btrfs_del_csums - btrfs: return errors from btrfs_del_csums in cleanup_ref_head - btrfs: fixup error handling in fixup_inode_link_counts - mm, hugetlb: fix simple resv_huge_pages underflow on UFFDIO_COPY - bpf: Add BPF_F_ANY_ALIGNMENT. - bnxt_en: Remove the setting of dev_port. - perf/cgroups: Don't rotate events for cgroups unnecessarily - perf/core: Fix corner case in perf_rotate_context() - btrfs: fix unmountable seed device after fstrim - [x86] KVM: SVM: Truncate GPR value for DR and CR accesses in !64-bit mode - [arm64] KVM: Fix debug register indexing - [arm64,x86] ACPI: probe ECDT before loading AML tables regardless of module-level code flag - [arm64,x86] ACPI: EC: Look for ECDT EC after calling acpi_load_tables() - sched/fair: Optimize select_idle_cpu - [x86] xen-pciback: redo VF placement in the virtual topology . [ Salvatore Bonaccorso ] * [rt] Update to 4.19.182-rt74 * [rt] Add new signing key for Clark Williams * [rt] Update to 4.19.184-rt75 * Bump ABI to 17 * [rt] Refresh "workqueue: Use normal rcu" * [rt] Refresh "workqueue: Use local irq lock instead of irq disable" * [rt] Refresh "workqueue: rework" * [rt] Update to 4.19.188-rt77 * [rt] Update to 4.19.190-rt79 * [rt] Refresh "ptrace: fix ptrace vs tasklist_lock race" * [rt] Update to 4.19.193-rt81 * [rt] Refresh "kernel: sched: Provide a pointer to the valid CPU mask" lxml (4.3.2-1+deb10u3) buster-security; urgency=medium . * Non-maintainer upload by the LTS Team. * CVE-2021-28957 (Closes: #985643) Due to missing input sanitization, XSS is possible for the HTML5 formatcion attribute. lz4 (1.8.3-1+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * Fix potential memory corruption with negative memmove() size (CVE-2021-3520) (Closes: #987856) mariadb-10.3 (1:10.3.29-0+deb10u1) buster; urgency=medium . [ Otto Kekäläinen ] * SECURITY UPDATE: New upstream version 10.3.29. Includes fixes for the following security vulnerabilities: - CVE-2021-2154 - CVE-2021-2166 * Previous release 10.3.28 included fixes for: - CVE-2021-27928 * Remove patch regarding a test now removed by upstream (MDEV-22653). * Remove obsolete sql file removed by upstream (MDEV-24586). * Update symbols to include new one from MariaDB Client 3.1.13 * Innotop: Add support for MariaDB 10.3 (Closes: #941986) * Upstream release includes fix for MDEV-24194: "Invalid syntax errors on syntax WHERE `field` IS NULL = 0" (Closes: #977383) . [ Daniel Black ] * Add caching_sha2_password.so (Closes: #962597) mariadb-10.3 (1:10.3.27-1~exp1) experimental; urgency=medium . [ Otto Kekäläinen ] * New upstream version 10.3.27. Includes fixes to serious regressions in MariaDB 10.3.26 that corrupted data or made server unable to start. * Includes new upstream 10.3.26 which included fixes for the following security vulnerabilities: - CVE-2020-28912 - CVE-2020-14812 - CVE-2020-14789 - CVE-2020-14776 - CVE-2020-14765 * Upstream 10.3.26 included: - Fix mytop shebang (Closes: #972780, Closes: #970681) * Includes new upstream 10.3.25 which included fixes for the following security vulnerabilities (Closes: #972746): - CVE-2020-15180 * Fix debci: Skip main.failed_auth_unixsocket on armhf and i386 * Remove transitional package libmariadbclient-dev * Stop shipping any -dev packages in mariadb-10.3 to avoid extra issues * Stop shipping mariadb-test* packages so piuparts can pass * Add Conflicts/Replaces against mariadb-10.5 so 10.3 can enter Debian Sid . [ Michael Krieger ] * Innotop: Add support for MariaDB 10.3 (Closes: #941986) mediawiki (1:1.31.14-1~deb10u1) buster-security; urgency=medium . * New upstream version 1.31.14, fixing CVE-2021-30152, CVE-2021-30154, CVE-2021-30155, CVE-2021-30157, CVE-2021-30158, CVE-2021-30159. This version is not affected by CVE-2021-30153. * The pygments lexers vulnerable to CVE-2021-20270, CVE-2021-27291 were disabled to mitigate the exploit. mqtt-client (1.14-1+deb10u1) buster; urgency=medium . * Non-maintainer upload. * Fix CVE-2019-0222: unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive. (Closes: #988109) * Update Vcs-* URL in d/control. mumble (1.3.0~git20190125.440b173+dfsg-2+deb10u1) buster; urgency=medium . * debian/patches: - Add 67-only-http-https-URLs-in-Connect.diff to fix CVE-2021-27229 "Mumble before 1.3.4 allows remote code execution if a victim navigates to a crafted URL on a server list and clicks on the Open Webpage text." This patch only allows "http"/"https" URLs in ConnectDialog (Closes: #982904) Thanks to Salvatore Bonaccorso for reporting the bug and giving links to the fix. mupdf (1.14.0+ds1-4+deb10u3) buster; urgency=high . * Non-maintainer upload. * Avoid a use-after-free in fz_drop_band_writer (CVE-2020-16600) (Closes: #989526) * Fix double free of object during linearization (CVE-2021-3407) (Closes: #983684) netty (1:4.1.33-1+deb10u2) buster-security; urgency=high . * Team upload. * Fix the following security vulnerabilites: - CVE-2019-20444: HttpObjectDecoder.java allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold." - CVE-2019-20445: HttpObjectDecoder.java allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header. - CVE-2020-7238: Netty allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. - CVE-2020-11612: The ZlibDecoders allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of its free memory to a single decoder. - CVE-2021-21290: In Netty there is a vulnerability on Unix-like systems involving an insecure temp file. When netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. - CVE-2021-21295: In Netty there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by `Http2MultiplexHandler` as it is propagated up. This is fine as long as the request is not proxied through as HTTP/1.1. If the request comes in as an HTTP/2 stream, gets converted into the HTTP/1.1 domain objects (`HttpRequest`, `HttpContent`, etc.) via `Http2StreamFrameToHttpObjectCodec `and then sent up to the child channel's pipeline and proxied through a remote peer as HTTP/1.1 this may result in request smuggling. - CVE-2021-21409: In Netty there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. nginx (1.14.2-2+deb10u4) buster-security; urgency=medium . * CVE-2021-23017 (Closes: #989095) nmap (7.70+dfsg1-6+deb10u2) buster; urgency=medium . * d/p/update-mac-prefixes: New patch to update file from upstream's 7.91 release (closes: #953986) node-glob-parent (3.1.0-1+deb10u1) buster; urgency=medium . * Team upload * Fix ReDoS (Closes: CVE-2020-28469) node-handlebars (3:4.1.0-1+deb10u3) buster; urgency=medium . * Team upload * Fix arbitrary code execution (Closes: CVE-2019-20920) * Fix remote code execution (Closes: CVE-2021-23369) node-hosted-git-info (2.7.1-1+deb10u1) buster; urgency=medium . * Team upload * Fix ReDoS risk (Closes: CVE-2021-23362) node-redis (2.8.0-1+deb10u1) buster; urgency=medium . * Fix potential ReDoS (Closes: CVE-2021-29469) node-ws (1.1.0+ds1.e6ddaae4-5+deb10u1) buster; urgency=medium . * Team upload * Fix ReDoS vulnerability (Closes: CVE-2021-32640) nvidia-graphics-drivers (418.197.02-1) buster; urgency=medium . * New upstream Tesla release 418.197.02 (2021-04-19). * Fixed CVE-2021-1076. (Closes: #987216) https://nvidia.custhelp.com/app/answers/detail/a_id/5172 . [ Andreas Beckmann ] * nvidia-alternative: Add libnvidia-ml.so slave alternative if libnvidia-ml-dev is installed (460.56-2). (Closes: #984881) * Upload to buster. nvidia-graphics-drivers-legacy-390xx (390.143-1~deb10u1) buster; urgency=medium . * Rebuild for buster. . nvidia-graphics-drivers-legacy-390xx (390.143-1) unstable; urgency=medium . * New upstream legacy branch release 390.143 (2021-04-19). * Fixed CVE-2021-1076. (Closes: #987218) https://nvidia.custhelp.com/app/answers/detail/a_id/5172 - Fixed a bug where vkCreateSwapchain could cause the X Server to crash when an invalid imageFormat was provided. - Fixed a driver installation failure on Linux kernel 5.11 release candidates, where the NVIDIA kernel module failed to build with error "fatal error: asm/kmap_types.h: No such file or directory". . nvidia-graphics-drivers-legacy-390xx (390.141-3) unstable; urgency=medium . * nvidia-legacy-390xx-alternative: Add libnvidia-ml.so slave alternative if libnvidia-ml-dev is installed (460.56-2). (Closes: #984881) nvidia-graphics-drivers-legacy-390xx (390.143-1~bpo10+1) buster-backports; urgency=medium . * Rebuild for buster-backports. . nvidia-graphics-drivers-legacy-390xx (390.143-1) unstable; urgency=medium . * New upstream legacy branch release 390.143 (2021-04-19). * Fixed CVE-2021-1076. (Closes: #987218) https://nvidia.custhelp.com/app/answers/detail/a_id/5172 - Fixed a bug where vkCreateSwapchain could cause the X Server to crash when an invalid imageFormat was provided. - Fixed a driver installation failure on Linux kernel 5.11 release candidates, where the NVIDIA kernel module failed to build with error "fatal error: asm/kmap_types.h: No such file or directory". . nvidia-graphics-drivers-legacy-390xx (390.141-3) unstable; urgency=medium . * nvidia-legacy-390xx-alternative: Add libnvidia-ml.so slave alternative if libnvidia-ml-dev is installed (460.56-2). (Closes: #984881) . nvidia-graphics-drivers-legacy-390xx (390.141-2~deb10u1) buster; urgency=medium . * Rebuild for buster. nvidia-graphics-drivers-legacy-390xx (390.141-3) unstable; urgency=medium . * nvidia-legacy-390xx-alternative: Add libnvidia-ml.so slave alternative if libnvidia-ml-dev is installed (460.56-2). (Closes: #984881) nvidia-graphics-drivers-legacy-390xx (390.141-2) unstable; urgency=medium . * Really re-enable building the nvidia-uvm module. opendmarc (1.3.2-6+deb10u2) buster; urgency=medium . * Non-maintainer upload by the LTS team. * In opendmarc_xml_parse(), ensure NULL-termination of the buffer passed. (Fixes: CVE-2020-12460) (Closes: #966464) openjdk-11 (11.0.11+9-1~deb10u1) buster-security; urgency=medium . * Rebuild for buster openjdk-11 (11.0.11+9-1~bpo9+1) stretch-backports; urgency=medium . * Rebuild for stretch-backports. openjdk-11 (11.0.11+8-1) unstable; urgency=medium . * OpenJDK 11.0.11+8 build (early access). * Set DEB_BUILD_MAINT_OPTIONS = optimize=-lto, not yet ready. Looks like 16 and 17 are buildable with lto. * Remove dangling jfr alternative on upgrades if no jdk is installed (Andreas Beckmann). Closes: #985060. * Use mktemp instead of tempfile in maintainer scripts (Andreas Beckmann). * Backport fix for JDK-8262085, hovering Metal HTML Tooltips in different windows cause IllegalArgExc on Linux. Closes: #967049. openjdk-11 (11.0.11+7-1) unstable; urgency=medium . * OpenJDK 11.0.11+7 build (early access). * Simplify compiler selection for backports. * Don't use the triplet-prefixed binutils tools for backports. openjdk-11 (11.0.11+4-1) unstable; urgency=medium . * OpenJDK 11.0.11+4 build (early access). * reproducible-build-jmod.diff: Fall back to the unpatched behavior for backports. * Only build with system harfbuzz for recent releases. * Configure --with-copyright-year. Closes: #956154. openjdk-11 (11.0.11+3-3) experimental; urgency=medium . * Fix the build logic, jaotc and jhsdb tools not available on all archs. * Ship the jfc files used by jfr. * Move libawt_xawt.so, libjawt.so into the jre package. Closes: #908058. openjdk-11 (11.0.11+3-2) experimental; urgency=medium . * OpenJDK 11.0.11+3 build (early access). * Use debugedit to generate unique build-id's and remove the openjdk-N-dbg file conflicts. Closes: #919671. * Remove KFreeBSD build support and patches, not updated since OpenJDK 8. * Backport JDK-8222825. Closes: #960153. * Build with Rules-Requires-Root: no. * Move the jfr binary from -jre-headless to -jdk-headless. Development tool. openjdk-11 (11.0.11+3-1) experimental; urgency=medium . * OpenJDK 11.0.11+3 build (early access). * Use debugedit to generate unique build-id's and remove the openjdk-N-dbg file conflicts. Closes: #919671. * Remove KFreeBSD build support and patches, not updated since OpenJDK 8. * Backport JDK-8222825. Closes: #960153. * Build with Rules-Requires-Root: no. openjdk-11 (11.0.10+9-1) unstable; urgency=high . * OpenJDK 11.0.10+9 build (release). * Security fixes: - JDK-8247619: Improve Direct Buffering of Characters. * Other changes: See https://mail.openjdk.java.net/pipermail/jdk-updates-dev/2021-January/004689.html * Update copyright years. openjdk-11 (11.0.10+8-1) unstable; urgency=medium . * OpenJDK 11.0.10+8 build (early access). * Build with system harfbuzz. * Refresh patches. * Don't run the autopkg tests. There's no value running all the internal tests as an autopkg test, when these are already run during the build. * Update VCS attributes. * Bump standards version. openjdk-11 (11.0.9.1+1-1) unstable; urgency=medium . * OpenJDK 11.0.9.1+1 build (release). * Configure --with-jvm-features=shenandoahgc for hotspot builds. LP: #1902029. openjdk-11-jre-dcevm (11.0.11+9-2~deb10u2) buster-security; urgency=medium . * Rebuild for buster openjdk-11-jre-dcevm (11.0.11+9-2~deb10u1) buster-security; urgency=medium . * Rebuild for buster openjdk-11-jre-dcevm (11.0.11+9-1) unstable; urgency=medium . * New upstream release (Closes: #984725) openjdk-11-jre-dcevm (11.0.10+1-1) unstable; urgency=medium . * New upstream release openjdk-11-jre-dcevm (11.0.9+1-2) unstable; urgency=medium . * Team upload. * Build with default g++ (Closes: #978516) * Bump Standards-Version to 4.5.1 openjdk-11-jre-dcevm (11.0.9+1-1) unstable; urgency=medium . * Team upload. * New upstream version 11.0.9+1 (Closes: #972788) * Update to debhelper compat level 13 * Set "Rules-Requires-Root: no" in debian/control openjdk-11-jre-dcevm (11.0.7+1-1) unstable; urgency=medium . * Team upload. * New upstream release (Closes: #942876) - Refreshed the patch * Switch to debhelper level 12 openjdk-11-jre-dcevm (11.0.5+5-1) unstable; urgency=medium . * Team upload. * New upstream release - Refreshed the patch - New build dependency on libxrandr-dev * Standards-Version updated to 4.5.0 * Build with g++-9 instead of g++-8 (Closes: #944182) openjpeg2 (2.3.0-2+deb10u2) buster-security; urgency=medium . * CVE-2020-27814 * CVE-2020-27823 * CVE-2020-27841 * CVE-2020-27842 * CVE-2020-27843 (Closes: #983663) * CVE-2020-27845 * CVE-2020-27824 * CVE-2020-15389 (Closes: #965220) * CVE-2020-8112 (Closes: #950184) * CVE-2020-6851 (Closes: #950000) openssl (1.1.1d-0+deb10u6) buster-security; urgency=medium . * CVE-2021-3449 (NULL pointer deref in signature_algorithms processing). openvpn (2.4.7-1+deb10u1) buster; urgency=medium . * Cherry-Pick upstream patches for CVE-2020-11810 and CVE-2020-15078 (Closes: #987380) * Cherry-Pick upstream fix to increase TCP socket backlog (Closes: #968942) php-horde-text-filter (2.3.5-3+deb10u2) buster; urgency=medium . [ Mike Gabriel ] * debian/control: + Drop Debian QA Group from Uploaders: field, add myself instead. . [ Sylvain Beucler ] * CVE-2021-26929: An XSS issue was discovered in Horde Groupware Webmail Edition (where the Horde_Text_Filter library is used). The attacker can send a plain text e-mail message, with JavaScript encoded as a link or email that is mishandled by preProcess in Text2html.php, because bespoke use of \x00\x00\x00 and \x01\x01\x01 interferes with XSS defenses. (Closes: #982769). php-pear (1:1.10.6+submodules+notgz-1.1+deb10u2) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * directory traversal due to inadequate checking of symbolic links (CVE-2020-36193) (Closes: #980428) - Disallow symlinks to out-of-path filenames - Add testcase for relative and in-path symlink - Fix out-of-path check for virtual relative symlink - PHP compat fix plinth (19.1+deb10u2) buster; urgency=medium . [ Kirill Schmidt ] * first_boot: Use session to verify first boot welcome step postgresql-11 (11.12-0+deb10u1) buster-security; urgency=medium . * New upstream version. . + Prevent integer overflows in array subscripting calculations (Tom Lane) . The array code previously did not complain about cases where an array's lower bound plus length overflows an integer. This resulted in later entries in the array becoming inaccessible (since their subscripts could not be written as integers), but more importantly it confused subsequent assignment operations. This could lead to memory overwrites, with ensuing crashes or unwanted data modifications. (CVE-2021-32027) . + Fix mishandling of junk columns in INSERT ... ON CONFLICT ... UPDATE target lists (Tom Lane) . If the UPDATE list contains any multi-column sub-selects (which give rise to junk columns in addition to the results proper), the UPDATE path would end up storing tuples that include the values of the extra junk columns. That's fairly harmless in the short run, but if new columns are added to the table then the values would become accessible, possibly leading to malfunctions if they don't match the datatypes of the added columns. . In addition, in versions supporting cross-partition updates, a cross-partition update triggered by such a case had the reverse problem: the junk columns were removed from the target list, typically causing an immediate crash due to malfunction of the multi-column sub-select mechanism. (CVE-2021-32028) . + Fix possibly-incorrect computation of UPDATE ... RETURNING outputs for joined cross-partition updates (Amit Langote, Etsuro Fujita) . If an UPDATE for a partitioned table caused a row to be moved to another partition with a physically different row type (for example, one with a different set of dropped columns), computation of RETURNING results for that row could produce errors or wrong answers. No error is observed unless the UPDATE involves other tables being joined to the target table. (CVE-2021-32029) prosody (0.11.2-1+deb10u2) buster-security; urgency=high . * fix websocket error due to missing backport for CVE-2021-32918 (Closes: #988756) prosody (0.11.2-1+deb10u1) buster-security; urgency=high . * fixes for https://prosody.im/security/advisory_20210512.txt pygments (2.3.1+dfsg-1+deb10u2) buster-security; urgency=medium . * CVE-2021-27291 (Closes: #985574) python-bleach (3.1.2-0+deb10u2) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * sanitizer: escape HTML comments (CVE-2021-23980) (Closes: #986251) * tests: add tests for more eject tags for GHSA-vv2x-vrpj-qqpq rails (2:5.2.2.1+dfsg-1+deb10u3) buster-security; urgency=high . * Add patch to prevent string polymorphic route arguments. (Fixes: CVE-2021-22885) (Closes: #988214) * Add patch to prevent slow regex when parsing host auth header. (Fixes: CVE-2021-22904) (Closes: #988214) * Add patch to fix possible DoS vector in PostgreSQL money type. (Fixes: CVE-2021-22880) ruby-kramdown (1.17.0-1+deb10u2) buster-security; urgency=high . * Team upload. * Add upstream patch to fix arbitrary code execution vulnerability [CVE-2021-28834] (Closes: #985569) ruby-rack-cors (1.0.2-1+deb10u1) buster-security; urgency=high . * Unescape and resolve paths before resource checks. (Fixes: CVE-2019-18978) (Closes: #944849) ruby-websocket-extensions (0.1.2-1+deb10u1) buster; urgency=medium . * CVE-2020-7663: Prevent a denial of service attack that is exploitable by an exponential-time regular expression backtracking vulnerability. (Closes: #964274) rust-rustyline (3.0.0-2+deb10u3) buster; urgency=medium . * Team upload. * Apply another upstream patch so that the code builds with both rustc 1.34 and rustc 1.41 rust-rustyline (3.0.0-2+deb10u2) buster; urgency=medium . * Team upload. * Reset timestamp on .cargo-vcs-info.json to avoid 1970 timestamp which triggers a ftpmaster autoreject. (Closes: 989636) rust-rustyline (3.0.0-2+deb10u1) buster; urgency=medium . * Team upload. * Apply upstream patch to fix build with newer rustc. (Closes: 988025) rxvt-unicode (9.22-6+deb10u1) buster; urgency=medium . * Disable ESC G Q escape sequence, 20_disable_escape_sequence.diff (Closes: #988763, CVE-2021-33477) * Set git branch to debian/buster sabnzbdplus (2.3.6+dfsg-1+deb10u1) buster; urgency=medium . * Backport upstream security fixes to prevent code execution from the program's web interface through crafted settings. (CVE-2020-13124) scrollz (2.2.3-1+deb10u1) buster; urgency=high . * Applied patch to ctcp.c to fix CVE-2021-29376 from https://github.com/ScrollZ/ScrollZ/pull/26 (Closes: #986215) * Applied minor patch from upstream to the above fix * Rebuild for buster shibboleth-sp (3.0.4+dfsg1-1+deb10u2) buster-security; urgency=high . * [2dd45b3] New patch: SSPCPP-927 - Check for missing DataSealer during cookie recovery. Fix a denial of service vulnerability: Session recovery feature contains a null pointer dereference The cookie-based session recovery feature added in V3.0 contains a flaw that is exploitable on systems *not* using the feature if a specially crafted cookie is supplied. This manifests as a crash in the shibd daemon. Because it is very simple to trigger this condition remotely, it results in a potential denial of service condition exploitable by a remote, unauthenticated attacker. Thanks to Scott Cantor (Closes: #987608) shim (15.4-5~deb10u1) buster; urgency=medium . * Add defensive code around calls to db_get. Don't fail if they return errors. shim (15.4-4) unstable; urgency=medium . * Fix up those maintainer scripts - if we're not running on an EFI system then exit cleanly. shim (15.4-3) unstable; urgency=medium . * Add maintainer scripts to the template packages to manage installing and removing fbXXX.efi and mmXXX.efi when we install/remove the shim-helpers-$arch-signed packages. Closes: #966845 shim (15.4-3~deb10u1) buster; urgency=medium . * Add maintainer scripts to the template packages to manage installing and removing fbXXX.efi and mmXXX.efi when we install/remove the shim-helpers-$arch-signed packages. Closes: #966845 shim (15.4-2) unstable; urgency=medium . * Add two further patches from upstream: + fix import_one_mok_state() after split + Don't call QueryVariableInfo() on EFI 1.10 machines (e.g. older Intel Mac machines) shim (15.4-2~deb10u1) buster; urgency=medium . * Add two further patches from upstream: + fix import_one_mok_state() after split + Don't call QueryVariableInfo() on EFI 1.10 machines (e.g. older Intel Mac machines) shim (15.4-1) unstable; urgency=medium . * New upstream release fixing more bugs: SBAT and arm64 support * Print sha256 checksums of the EFI binaries when the build is done * Add two patches from upstream: + fix i386 binary relocations + allocate MOK config table as BootServicesData shim (15.4-1~deb10u1) buster; urgency=medium . * New upstream release fixing more bugs: SBAT and arm64 support * Print sha256 checksums of the EFI binaries when the build is done * Add two patches from upstream: + fix i386 binary relocations + allocate MOK config table as BootServicesData shim (15.3-3) unstable; urgency=medium . * Update the timestamp for the 15.3-2 upload. * Only include the upstream version in the Debian SBAT metadata, so we don't break reproducibility on every minor packaging change. shim (15.3-2) unstable; urgency=medium . * Add missing build-dep on xxd for build-time unit tests shim (15.3-1) unstable; urgency=medium . [ Steve McIntyre ] * Switch to much-newer release with many fixes + Particularly pulling in SBAT changes for better revocation support + Remove all our old patches, no longer needed: - avoid_null_vsprint.patch - check_null_sn_ln.patch - fixup_git.patch - uname.patch - use_compare_mem_gcc9.patch + Now includes a vendor copy of gnu-efi with quite a few extra fixes needed. + Update copyright file to cover these changes * Switch to using gcc-10 rather than gcc-9. Closes: #978521 * Add dbx entries for all our existing grub binaries + They're insecure, let's break the chainloading hole. * Add Debian SBAT data + Add a Debian SBAT template, and rules to use it + Adds a build-dep on dos2unix shim (15.3-1~deb10u3) buster; urgency=medium . * Only include the upstream version in the Debian SBAT metadata, so we don't break reproducibility on every minor packaging change. shim (15.3-1~deb10u2) buster; urgency=medium . * Add missing build-dep on xxd for build-time unit tests shim (15.3-1~deb10u1) buster; urgency=medium . * Rebuild the new upstream version for buster * Switch to gcc-8 for building * Switch to much-newer release with many fixes + Particularly pulling in SBAT changes for better revocation support + Remove all our old patches, no longer needed: - avoid_null_vsprint.patch - check_null_sn_ln.patch - fixup_git.patch - uname.patch - use_compare_mem_gcc9.patch + Now includes a vendor copy of gnu-efi with quite a few extra fixes needed. + Update copyright file to cover these changes * Add dbx entries for all our existing grub binaries + They're insecure, let's break the chainloading hole. * Add Debian SBAT data + Add a Debian SBAT template, and rules to use it + Adds a build-dep on dos2unix shim (15+1533136590.3beb971-10) unstable; urgency=medium . [ Debian Janitor ] * Trim trailing whitespace. * Use secure copyright file specification URI. * debian/copyright: use spaces rather than tabs to start continuation lines. * Bump debhelper from old 11 to 12. * Set debhelper-compat version in Build-Depends. * Set upstream metadata fields: Bug-Database, Bug-Submit. * Update standards version to 4.4.1, no changes needed. . [ Steve McIntyre ] * Trivial changes to generating the inbuilt dbx if we're using it. * Upload to pick up rotated Debian signing keys shim (15+1533136590.3beb971-9) unstable; urgency=medium . [ Steve McIntyre ] . * In the -helpers-ARCH-signed packages, change the version dependency on shim-unsigned to be >= and not =. This will allow for installation to still work in the window while we wait for the template package to do its second trip through the archive. Closes: #955356 shim (15+1533136590.3beb971-8) unstable; urgency=medium . [ Steve McIntyre ] * Use --padding when calling pesign to generate hashes for the dbx list, as recommended by Peter Jones. No actual changes needed in our list of hashes at this point - they work out the same either way. * Switch to using gcc-9 for builds, tweaking a patch from upstream to fix a FTBFS. Closes: #925816 * Update debhelper compat level to 11 for shim and the signing-template shim-helpers-amd64-signed (1+15.4+5~deb10u1) buster; urgency=medium . * Update to shim 15.4-5~deb10u1 shim-helpers-amd64-signed (1+15.4+2) unstable; urgency=medium . * Update to shim 15.4-2 shim-helpers-amd64-signed (1+15.4+2~deb10u1) buster; urgency=medium . * Update to shim 15.4-2~deb10u1 shim-helpers-amd64-signed (1+15+1533136590.3beb971+10) unstable; urgency=medium . * Update to shim 15+1533136590.3beb971-10 shim-helpers-amd64-signed (1+15+1533136590.3beb971+9) unstable; urgency=medium . * Update to shim 15+1533136590.3beb971-9 shim-helpers-arm64-signed (1+15.4+5~deb10u1) buster; urgency=medium . * Update to shim 15.4-5~deb10u1 shim-helpers-arm64-signed (1+15.4+2) unstable; urgency=medium . * Update to shim 15.4-2 shim-helpers-arm64-signed (1+15.4+2~deb10u1) buster; urgency=medium . * Update to shim 15.4-2~deb10u1 shim-helpers-arm64-signed (1+15+1533136590.3beb971+10) unstable; urgency=medium . * Update to shim 15+1533136590.3beb971-10 shim-helpers-arm64-signed (1+15+1533136590.3beb971+9) unstable; urgency=medium . * Update to shim 15+1533136590.3beb971-9 shim-helpers-i386-signed (1+15.4+5~deb10u1) buster; urgency=medium . * Update to shim 15.4-5~deb10u1 shim-helpers-i386-signed (1+15.4+2) unstable; urgency=medium . * Update to shim 15.4-2 shim-helpers-i386-signed (1+15.4+2~deb10u1) buster; urgency=medium . * Update to shim 15.4-2~deb10u1 shim-helpers-i386-signed (1+15+1533136590.3beb971+10) unstable; urgency=medium . * Update to shim 15+1533136590.3beb971-10 shim-helpers-i386-signed (1+15+1533136590.3beb971+9) unstable; urgency=medium . * Update to shim 15+1533136590.3beb971-9 shim-signed (1.36~1+deb10u1) buster; urgency=medium . * Add explicit dependency from shim-signed to shim-signed-common. Also check if we have update-secureboot-policy available before we try to call it. * If we're not running on an EFI system then exit cleanly in postinst and postrm. We have nothing to do here * Fix the old doc links for shim-signed. * Add defensive code around calls to db_get. Don't fail if they return errors. * Update build-dep on shim-unsigned to use 15.4-5~deb10u1 shim-signed (1.35) unstable; urgency=medium . * Add explicit dependency from shim-signed to shim-signed-common. Also check if we have update-secureboot-policy available before we try to call it. Closes: #988047, #988056 * If we're not running on an EFI system then exit cleanly in postinst and postrm. We have nothing to do here. Closes: #988059 * Fix the old doc links for shim-signed. Closes: #988057 * Update build-dep on shim-unsigned shim-signed (1.34) unstable; urgency=medium . * Build against new signed binaries corresponding to 15.4-2 Closes: #971129, #987991 * ***WARNING***: arm64 shim is no longer signed, due to major toolchain problems. See NEWS.Debian for more information. Separated out the binary package for arm64 to allow for a different description, and tweaked the Makefile too. * Update build-deps and Standards-Version * Tweak Makefile setup - do our verification testing chained from the "all" target, not "clean". Closes: #936002 * Don't include apport stuff in the Debian build, it's not useful. * Tweak dh_install* usage for docs. * Add Spanish translation for debconf templates, thanks to Camaleón. Closes: #987339 * Multiple bugfixes in postinst and postrm handling: + Call grub-install using the correct grub target in postinst + Also call grub-install using the correct grub target in the postrm, and clean up the shim binary from the ESP + In each case, also check and use the correct configured options for grub-install + Move the postinst grub-install code from the -common package to the arch-specific packages, to make sure it's always called when needed. + Only run grub-install etc. if we're actually on an EFI-booted system. shim-signed (1.34~1+deb10u1) buster; urgency=medium . * Buster update: build against new signed binaries corresponding to 15.4-2~deb10u1 * ***WARNING***: arm64 shim is no longer signed, due to major toolchain problems. See NEWS.Debian for more information. Separated out the binary package for arm64 to allow for a different description, and tweaked the Makefile too. * Tweak Makefile setup - do our verification testing chained from the "all" target, not "clean". Closes: #936002 * Don't include apport stuff in the Debian build, it's not useful. * Tweak dh_install* usage for docs. * Add Spanish translation for debconf templates, thanks to Camaleón. Closes: #987339 * Multiple bugfixes in postinst and postrm handling: + Call grub-install using the correct grub target in postinst + Also call grub-install using the correct grub target in the postrm, and clean up the shim binary from the ESP + In each case, also check and use the correct configured options for grub-install + Move the postinst grub-install code from the -common package to the arch-specific packages, to make sure it's always called when needed. + Only run grub-install etc. if we're actually on an EFI-booted system. spamassassin (3.4.2-1+deb10u3) buster-security; urgency=high . * Import upstream fix for CVE-2020-1946: arbitrary code execution via malicious rule files. (Closes: #985962) speedtest-cli (2.0.2-1+deb10u2) buster; urgency=medium . * Handle case where ignoreids is empty or contains empty ids (Closes: #986637) squid (4.6-1+deb10u6) buster-security; urgency=medium . [ Francisco Vilmar Cardoso Ruviaro ] * Add debian/patches/0029-CVE-2021-28651.patch to fix a Denial of Service in URN processing. (Closes: #988893, CVE-2021-28651) . [ Santiago Garcia Mantinan ] * Add patch to fix a Denial of Service in HTTP Response Processing. Fixes: CVE-2021-28662. Closes: #988891. * Add patch to fix a Denial of Service issue in Cache Manager. Fixes: CVE-2021-28652. Closes: #988892. * Add patch to fix Multiple Issues in HTTP Range header. Fixes: CVE-2021-31806 CVE-2021-31807 CVE-2021-31808. Closes: #989043. * Add patch to fix a Denial of Service in HTTP Response processing. Fixes: GHSA-572g-rvwr-6c7f. squid (4.6-1+deb10u5) buster-security; urgency=medium . * SQUID-2020:11 HTTP Request Smuggling (CVE-2020-25097) (Closes: #985068) tnef (1.4.12-1.2+deb10u1) buster; urgency=high . * Non-maintainer upload by the LTS Team. * CVE-2019-18849 (Closes: #944851) Using emails with a crafted winmail.dat application/ms-tnef attachment might allow to change .ssh/authorized_keys. tomcat9 (9.0.31-1~deb10u4) buster-security; urgency=medium . * CVE-2021-25122 * CVE-2021-25329 uim (1:1.8.8-4+deb10u5) buster; urgency=medium . * Non-maintainer upload. * libuim-data: Copy Breaks from uim-data as the contents will be temporarily unavailable during the transition to uim-data. (Closes: #988275) underscore (1.9.1~dfsg-1+deb10u1) buster-security; urgency=high . * Team upload * Fix arbitrary code execution (Closes: #986171) velocity (1.7-5+deb10u1) buster; urgency=medium . * CVE-2020-13936: Prevent a potential arbitrary code execution vulnerability that can be exploited by applications that allow untrusted users to upload/modify Velocity templates. (Closes: #985220) webkit2gtk (2.32.1-1~deb10u1) buster-security; urgency=medium . * Rebuild for buster-security. * debian/patches/force-single-process.patch: + Force the single-process mode in Evolution and Geary * debian/control: + Remove Breaks for Evolution < 3.34.1. + Remove build dependency on libwpebackend-fdo-1.0-dev and libmanette-0.2-dev. + Switch build dependency from libenchant-2-dev to libenchant-dev. + Switch build dependencies on libgl-dev and libgles-dev with libgl1-mesa-dev and libgles2-mesa-dev. * debian/rules: + Build with -DENABLE_GAMEPAD=OFF (as libmanette is missing). webkit2gtk (2.32.0-2) unstable; urgency=high . * The WebKitGTK security advisory WSA-2021-0003 lists the following security fixes in the latest versions of WebKitGTK: + CVE-2021-1788, CVE-2021-1844, CVE-2021-1871 (fixed in 2.32.0). * debian/patches/fix-ftbfs-m68k.patch: + Compile BytecodeGenerator.cpp without optimizations on m68k and sh4, otherwise the build fails due to gcc bugs. * debian/gbp.conf: + Update upstream branch name. webkit2gtk (2.32.0-1) experimental; urgency=medium . * New upstream release (Closes: #984522). * debian/control: + Make the gir packages require the exact binary versions of libwebkit2gtk-4.0-37 and libjavascriptcoregtk-4.0-18 * debian/watch: + Scan stable releases only. * debian/rules: + Add dependency on xdg-desktop-portal-gtk when the bubblewrap sandbox is enabled (see webkit bug #213148) (thanks, Hannes Müller). webkit2gtk (2.31.91-1) experimental; urgency=medium . * New upstream development release. * debian/patches/fix-mips-page-size.patch: + Increase the page size from 4KB to 16KB on MIPS, this fixes a crash with Loongson CPUs that don't support 4KB pages (see #977779). * debian/patches/fix-ftbfs-i386.patch: + Drop this patch. webkit2gtk (2.31.90-1) experimental; urgency=medium . * New upstream development release. * Enable the gamepad support only on Linux (Closes: #980745): + debian/rules: + Pass -DENABLE_GAMEPAD=OFF on non-Linux build. + debian/control: + Depend on libmanette-0.2-dev only on Linux. * debian/patches/fix-ftbfs-x32.patch: + Refresh patch. * debian/control: + Depend on GStreamer >= 1.14.0. + Update Standards-Version to 4.5.1 (no changes). * debian/libwebkit2gtk-4.0-37.symbols: + Update symbols. * debian/copyright: + Update copyright information of all files. * debian/watch: + Set version to 4 (fixes older-debian-watch-file-standard). * debian/patches/fix-ftbfs-i386.patch: + Fix build on i386 (upstream bug #222480). webkit2gtk (2.31.1-1) experimental; urgency=medium . * New upstream development release. * Remove some obsolete build dependencies (see #979170): + gawk is not needed since WebKitGTK switched from autotools to CMake. + libgeoclue-2-dev and geoclue-2.0 are not required since WebKitGTK 2.25.1 (upstream bug 195994). + libupower-glib-dev is not required since WebKitGTK 2.19.92 (upstream bug 181825). + libfile-copy-recursive-perl is not required since WebKitGTK 2.19.3 (upstream bug 180479). + mesa-common-dev used to provide GL/gl.h but this header is now in libgl-dev. + libgles2-mesa-dev used to provide GLES3/gl3.h but this header is now in libgles-dev. + libgl1-mesa-dev and libgles2-mesa-dev are now dummy packages. + libpango1.0-dev is not checked for any specific version at build time so there's no need to list it. * Update the minimum required versions of some packages: + cmake from 3.3 to 3.10 + libglib2.0-dev from 2.36.0 to 2.44.0 + libgtk-3-dev from 3.10.0 to 3.22.0 + libcairo2-dev from 1.10.2 to 1.14.0 + libsoup2.4-dev from 2.42.0 to 2.54.0. * debian/copyright: + Update copyright information of all files. * debian/watch, debian/gbp.conf: + Update for 2.31.x packages in experimental. * Use -DFORCE_32BIT on 32-bit builds. + This replaces debian/patches/fix-ftbfs-x86.patch. * Refresh all patches. * debian/control: + Add build dependency on libmanette-0.2-dev. + Stop suggesting browser-plugin-freshplayer-pepperflash for libwebkit2gtk-4.0-37-gtk2. * debian/NEWS: - Add item explaining the removal of support for NPAPI plugins. * debian/libwebkit2gtk-4.0-37.symbols: + Update symbols. * Enable the build on non-Linux architectures (Closes: #978098): + debian/rules: - Build with -DUSE_SYSTEMD=OFF if the OS is not Linux. + debian/patches/fix-ftbfs-hurd.patch: - Add alternative implementation of scanDirectoryForDictionaries() that does not use PATH_MAX (for the Hurd). + debian/control: - Set the architecture of all binary packages to 'any' and require bubblewrap, systemd and libwpebackend-fdo on Linux only. webkit2gtk (2.30.6-1) unstable; urgency=high . * New upstream release. * debian/control: + Remove references to browser-plugin-freshplayer-pepperflash, this package is no longer available, see #966474. * debian/patches/include-libwpe.patch: + Fix build with wpebackend-fdo 1.8.1. webkit2gtk (2.30.6-1~deb10u1) buster-security; urgency=medium . * Rebuild for buster-security. * The WebKitGTK security advisory WSA-2021-0002 lists the following security fixes in the latest versions of WebKitGTK: + CVE-2020-9947 (fixed in 2.30.0). + CVE-2020-27918, CVE-2020-29623, CVE-2021-1765, CVE-2021-1789, CVE-2021-1799, CVE-2021-1801, CVE-2021-1870 (fixed in 2.30.6). * debian/patches/force-single-process.patch: + Force the single-process mode in Evolution and Geary * debian/control: + Remove Breaks for Evolution < 3.34.1. + Remove build dependency on libwpebackend-fdo-1.0-dev. + Switch build dependency from libenchant-2-dev to libenchant-dev. + Switch build dependencies on libgl-dev and libgles-dev with libgl1-mesa-dev and libgles2-mesa-dev. webkit2gtk (2.30.5-1) unstable; urgency=high . * New upstream release (Closes: #978042). * Remove some obsolete build dependencies (Closes: #979170): + gawk is not needed since WebKitGTK switched from autotools to CMake. + libgeoclue-2-dev and geoclue-2.0 are not required since WebKitGTK 2.25.1 (upstream bug 195994). + libupower-glib-dev is not required since WebKitGTK 2.19.92 (upstream bug 181825). + libfile-copy-recursive-perl is not required since WebKitGTK 2.19.3 (upstream bug 180479). + mesa-common-dev used to provide GL/gl.h but this header is now in libgl-dev. + libgles2-mesa-dev used to provide GLES3/gl3.h but this header is now in libgles-dev. + libgl1-mesa-dev and libgles2-mesa-dev are now dummy packages. + libpango1.0-dev is not checked for any specific version at build time so there's no need to list it. * Update the minimum required versions of some packages: + cmake from 3.3 to 3.10 + libglib2.0-dev from 2.36.0 to 2.44.0 + libgtk-3-dev from 3.10.0 to 3.22.0 + libcairo2-dev from 1.10.2 to 1.14.0 + libsoup2.4-dev from 2.42.0 to 2.54.0. * debian/patches/fix-mips-page-size.patch: + Increase the page size from 4KB to 16KB on MIPS, this fixes a crash with Loongson CPUs that don't support 4KB pages (Closes: #977779). * debian/copyright: + Update copyright years. * debian/watch: + Set version to 4 (fixes older-debian-watch-file-standard). * debian/control: + Update Standards-Version to 4.5.1 (no changes). wml (2.12.2~ds1-3~deb10u1) buster; urgency=medium . * Backport Unicode fix to buster, fixing rendering issues with e.g. non-ASCII characters in various languages, as seen when building the Debian website. Some examples include ‘υ’ in Greek and ‘à’ in French when those characters are at the end of a line. wordpress (5.0.12+dfsg1-0+deb10u1) buster-security; urgency=high . * Security release, fixes 2 bugs Closes: #987065 - CVE-2021-29450 - Authenticated disclosure of password-protected posts and pages. - CVE-2021-29447 - Authenticated XXE attack when installation is running PHP 8 wpa (2:2.7+git20190128+0c1e29f-6+deb10u3) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * WPS UPnP: Do not allow event subscriptions with URLs to other networks (CVE-2020-12695) (Closes: #976106) * WPS UPnP: Fix event message generation using a long URL path (CVE-2020-12695) (Closes: #976106) * WPS UPnP: Handle HTTP initiation failures for events more properly (CVE-2020-12695) (Closes: #976106) * P2P: Fix copying of secondary device types for P2P group client (CVE-2021-0326) (Closes: #981971) * P2P: Fix a corner case in peer addition based on PD Request (CVE-2021-27803) xen (4.11.4+99-g8bce4698f6-1) buster-security; urgency=high . * Update to new upstream version 4.11.4+99-g8bce4698f6, which also contains security fixes for the following issues: - arm: The cache may not be cleaned for newly allocated scrubbed pages XSA-364 CVE-2021-26933 - missed flush in XSA-321 backport XSA-366 CVE-2021-27379 * Note that the following XSA are not listed, because... - XSA-360 and XSA-368 only apply to Xen 4.12 and newer. - XSA-361, XSA-362, XSA-363, XSA-365, XSA-367 and XSA-369 have patches for the Linux kernel. * Drop separate patches for XSAs up to 359 that are now included in the upstream stable branch. * Fix cosmetics wrt. XSA/CVE text formatting in the previous entry. xfce4-weather-plugin (0.8.10-1+deb10u1) buster; urgency=medium . * d/patches: backport upstream port to 2.0 met.no API (Closes: #970259, #969747) xorg-server (2:1.20.4-1+deb10u3) buster-security; urgency=high . * Fix XChangeFeedbackControl() request underflow (CVE-2021-3472) ======================================= Sat, 27 Mar 2021 - Debian 10.9 released ======================================= ========================================================================= [Date: Sat, 27 Mar 2021 09:27:15 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: linux-headers-4.19.0-13-all-amd64 | 4.19.160-2 | amd64 linux-headers-4.19.0-13-amd64 | 4.19.160-2 | amd64 linux-headers-4.19.0-13-cloud-amd64 | 4.19.160-2 | amd64 linux-headers-4.19.0-13-rt-amd64 | 4.19.160-2 | amd64 linux-headers-4.19.0-15-all-amd64 | 4.19.177-1 | amd64 linux-headers-4.19.0-15-amd64 | 4.19.177-1 | amd64 linux-headers-4.19.0-15-cloud-amd64 | 4.19.177-1 | amd64 linux-headers-4.19.0-15-rt-amd64 | 4.19.177-1 | amd64 linux-image-4.19.0-13-amd64-dbg | 4.19.160-2 | amd64 linux-image-4.19.0-13-amd64-unsigned | 4.19.160-2 | amd64 linux-image-4.19.0-13-cloud-amd64-dbg | 4.19.160-2 | amd64 linux-image-4.19.0-13-cloud-amd64-unsigned | 4.19.160-2 | amd64 linux-image-4.19.0-13-rt-amd64-dbg | 4.19.160-2 | amd64 linux-image-4.19.0-13-rt-amd64-unsigned | 4.19.160-2 | amd64 linux-image-4.19.0-15-amd64-dbg | 4.19.177-1 | amd64 linux-image-4.19.0-15-amd64-unsigned | 4.19.177-1 | amd64 linux-image-4.19.0-15-cloud-amd64-dbg | 4.19.177-1 | amd64 linux-image-4.19.0-15-cloud-amd64-unsigned | 4.19.177-1 | amd64 linux-image-4.19.0-15-rt-amd64-dbg | 4.19.177-1 | amd64 linux-image-4.19.0-15-rt-amd64-unsigned | 4.19.177-1 | amd64 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 27 Mar 2021 09:27:28 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: linux-headers-4.19.0-13-all-mipsel | 4.19.160-2 | mipsel linux-headers-4.19.0-15-all-mipsel | 4.19.177-1 | mipsel ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 27 Mar 2021 09:27:44 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: ata-modules-4.19.0-13-powerpc64le-di | 4.19.160-2 | ppc64el ata-modules-4.19.0-15-powerpc64le-di | 4.19.177-1 | ppc64el btrfs-modules-4.19.0-13-powerpc64le-di | 4.19.160-2 | ppc64el btrfs-modules-4.19.0-15-powerpc64le-di | 4.19.177-1 | ppc64el cdrom-core-modules-4.19.0-13-powerpc64le-di | 4.19.160-2 | ppc64el cdrom-core-modules-4.19.0-15-powerpc64le-di | 4.19.177-1 | ppc64el compress-modules-4.19.0-13-powerpc64le-di | 4.19.160-2 | ppc64el compress-modules-4.19.0-15-powerpc64le-di | 4.19.177-1 | ppc64el crc-modules-4.19.0-13-powerpc64le-di | 4.19.160-2 | ppc64el crc-modules-4.19.0-15-powerpc64le-di | 4.19.177-1 | ppc64el crypto-dm-modules-4.19.0-13-powerpc64le-di | 4.19.160-2 | ppc64el crypto-dm-modules-4.19.0-15-powerpc64le-di | 4.19.177-1 | ppc64el crypto-modules-4.19.0-13-powerpc64le-di | 4.19.160-2 | ppc64el crypto-modules-4.19.0-15-powerpc64le-di | 4.19.177-1 | ppc64el event-modules-4.19.0-13-powerpc64le-di | 4.19.160-2 | ppc64el event-modules-4.19.0-15-powerpc64le-di | 4.19.177-1 | ppc64el ext4-modules-4.19.0-13-powerpc64le-di | 4.19.160-2 | ppc64el ext4-modules-4.19.0-15-powerpc64le-di | 4.19.177-1 | ppc64el fancontrol-modules-4.19.0-13-powerpc64le-di | 4.19.160-2 | ppc64el fancontrol-modules-4.19.0-15-powerpc64le-di | 4.19.177-1 | ppc64el fat-modules-4.19.0-13-powerpc64le-di | 4.19.160-2 | ppc64el fat-modules-4.19.0-15-powerpc64le-di | 4.19.177-1 | ppc64el fb-modules-4.19.0-13-powerpc64le-di | 4.19.160-2 | ppc64el fb-modules-4.19.0-15-powerpc64le-di | 4.19.177-1 | ppc64el firewire-core-modules-4.19.0-13-powerpc64le-di | 4.19.160-2 | ppc64el firewire-core-modules-4.19.0-15-powerpc64le-di | 4.19.177-1 | ppc64el fuse-modules-4.19.0-13-powerpc64le-di | 4.19.160-2 | ppc64el fuse-modules-4.19.0-15-powerpc64le-di | 4.19.177-1 | ppc64el hypervisor-modules-4.19.0-13-powerpc64le-di | 4.19.160-2 | ppc64el hypervisor-modules-4.19.0-15-powerpc64le-di | 4.19.177-1 | ppc64el i2c-modules-4.19.0-13-powerpc64le-di | 4.19.160-2 | ppc64el i2c-modules-4.19.0-15-powerpc64le-di | 4.19.177-1 | ppc64el input-modules-4.19.0-13-powerpc64le-di | 4.19.160-2 | ppc64el input-modules-4.19.0-15-powerpc64le-di | 4.19.177-1 | ppc64el isofs-modules-4.19.0-13-powerpc64le-di | 4.19.160-2 | ppc64el isofs-modules-4.19.0-15-powerpc64le-di | 4.19.177-1 | ppc64el jfs-modules-4.19.0-13-powerpc64le-di | 4.19.160-2 | ppc64el jfs-modules-4.19.0-15-powerpc64le-di | 4.19.177-1 | ppc64el kernel-image-4.19.0-13-powerpc64le-di | 4.19.160-2 | ppc64el kernel-image-4.19.0-15-powerpc64le-di | 4.19.177-1 | ppc64el linux-headers-4.19.0-13-all-ppc64el | 4.19.160-2 | ppc64el linux-headers-4.19.0-13-powerpc64le | 4.19.160-2 | ppc64el linux-headers-4.19.0-15-all-ppc64el | 4.19.177-1 | ppc64el linux-headers-4.19.0-15-powerpc64le | 4.19.177-1 | ppc64el linux-image-4.19.0-13-powerpc64le | 4.19.160-2 | ppc64el linux-image-4.19.0-13-powerpc64le-dbg | 4.19.160-2 | ppc64el linux-image-4.19.0-15-powerpc64le | 4.19.177-1 | ppc64el linux-image-4.19.0-15-powerpc64le-dbg | 4.19.177-1 | ppc64el loop-modules-4.19.0-13-powerpc64le-di | 4.19.160-2 | ppc64el loop-modules-4.19.0-15-powerpc64le-di | 4.19.177-1 | ppc64el md-modules-4.19.0-13-powerpc64le-di | 4.19.160-2 | ppc64el md-modules-4.19.0-15-powerpc64le-di | 4.19.177-1 | ppc64el mouse-modules-4.19.0-13-powerpc64le-di | 4.19.160-2 | ppc64el mouse-modules-4.19.0-15-powerpc64le-di | 4.19.177-1 | ppc64el mtd-core-modules-4.19.0-13-powerpc64le-di | 4.19.160-2 | ppc64el mtd-core-modules-4.19.0-15-powerpc64le-di | 4.19.177-1 | ppc64el multipath-modules-4.19.0-13-powerpc64le-di | 4.19.160-2 | ppc64el multipath-modules-4.19.0-15-powerpc64le-di | 4.19.177-1 | ppc64el nbd-modules-4.19.0-13-powerpc64le-di | 4.19.160-2 | ppc64el nbd-modules-4.19.0-15-powerpc64le-di | 4.19.177-1 | ppc64el nic-modules-4.19.0-13-powerpc64le-di | 4.19.160-2 | ppc64el nic-modules-4.19.0-15-powerpc64le-di | 4.19.177-1 | ppc64el nic-shared-modules-4.19.0-13-powerpc64le-di | 4.19.160-2 | ppc64el nic-shared-modules-4.19.0-15-powerpc64le-di | 4.19.177-1 | ppc64el nic-usb-modules-4.19.0-13-powerpc64le-di | 4.19.160-2 | ppc64el nic-usb-modules-4.19.0-15-powerpc64le-di | 4.19.177-1 | ppc64el nic-wireless-modules-4.19.0-13-powerpc64le-di | 4.19.160-2 | ppc64el nic-wireless-modules-4.19.0-15-powerpc64le-di | 4.19.177-1 | ppc64el ppp-modules-4.19.0-13-powerpc64le-di | 4.19.160-2 | ppc64el ppp-modules-4.19.0-15-powerpc64le-di | 4.19.177-1 | ppc64el sata-modules-4.19.0-13-powerpc64le-di | 4.19.160-2 | ppc64el sata-modules-4.19.0-15-powerpc64le-di | 4.19.177-1 | ppc64el scsi-core-modules-4.19.0-13-powerpc64le-di | 4.19.160-2 | ppc64el scsi-core-modules-4.19.0-15-powerpc64le-di | 4.19.177-1 | ppc64el scsi-modules-4.19.0-13-powerpc64le-di | 4.19.160-2 | ppc64el scsi-modules-4.19.0-15-powerpc64le-di | 4.19.177-1 | ppc64el scsi-nic-modules-4.19.0-13-powerpc64le-di | 4.19.160-2 | ppc64el scsi-nic-modules-4.19.0-15-powerpc64le-di | 4.19.177-1 | ppc64el serial-modules-4.19.0-13-powerpc64le-di | 4.19.160-2 | ppc64el serial-modules-4.19.0-15-powerpc64le-di | 4.19.177-1 | ppc64el squashfs-modules-4.19.0-13-powerpc64le-di | 4.19.160-2 | ppc64el squashfs-modules-4.19.0-15-powerpc64le-di | 4.19.177-1 | ppc64el udf-modules-4.19.0-13-powerpc64le-di | 4.19.160-2 | ppc64el udf-modules-4.19.0-15-powerpc64le-di | 4.19.177-1 | ppc64el uinput-modules-4.19.0-13-powerpc64le-di | 4.19.160-2 | ppc64el uinput-modules-4.19.0-15-powerpc64le-di | 4.19.177-1 | ppc64el usb-modules-4.19.0-13-powerpc64le-di | 4.19.160-2 | ppc64el usb-modules-4.19.0-15-powerpc64le-di | 4.19.177-1 | ppc64el usb-serial-modules-4.19.0-13-powerpc64le-di | 4.19.160-2 | ppc64el usb-serial-modules-4.19.0-15-powerpc64le-di | 4.19.177-1 | ppc64el usb-storage-modules-4.19.0-13-powerpc64le-di | 4.19.160-2 | ppc64el usb-storage-modules-4.19.0-15-powerpc64le-di | 4.19.177-1 | ppc64el xfs-modules-4.19.0-13-powerpc64le-di | 4.19.160-2 | ppc64el xfs-modules-4.19.0-15-powerpc64le-di | 4.19.177-1 | ppc64el ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 27 Mar 2021 09:27:52 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: btrfs-modules-4.19.0-13-s390x-di | 4.19.160-2 | s390x btrfs-modules-4.19.0-15-s390x-di | 4.19.177-1 | s390x cdrom-core-modules-4.19.0-13-s390x-di | 4.19.160-2 | s390x cdrom-core-modules-4.19.0-15-s390x-di | 4.19.177-1 | s390x compress-modules-4.19.0-13-s390x-di | 4.19.160-2 | s390x compress-modules-4.19.0-15-s390x-di | 4.19.177-1 | s390x crc-modules-4.19.0-13-s390x-di | 4.19.160-2 | s390x crc-modules-4.19.0-15-s390x-di | 4.19.177-1 | s390x crypto-dm-modules-4.19.0-13-s390x-di | 4.19.160-2 | s390x crypto-dm-modules-4.19.0-15-s390x-di | 4.19.177-1 | s390x crypto-modules-4.19.0-13-s390x-di | 4.19.160-2 | s390x crypto-modules-4.19.0-15-s390x-di | 4.19.177-1 | s390x dasd-extra-modules-4.19.0-13-s390x-di | 4.19.160-2 | s390x dasd-extra-modules-4.19.0-15-s390x-di | 4.19.177-1 | s390x dasd-modules-4.19.0-13-s390x-di | 4.19.160-2 | s390x dasd-modules-4.19.0-15-s390x-di | 4.19.177-1 | s390x ext4-modules-4.19.0-13-s390x-di | 4.19.160-2 | s390x ext4-modules-4.19.0-15-s390x-di | 4.19.177-1 | s390x fat-modules-4.19.0-13-s390x-di | 4.19.160-2 | s390x fat-modules-4.19.0-15-s390x-di | 4.19.177-1 | s390x fuse-modules-4.19.0-13-s390x-di | 4.19.160-2 | s390x fuse-modules-4.19.0-15-s390x-di | 4.19.177-1 | s390x isofs-modules-4.19.0-13-s390x-di | 4.19.160-2 | s390x isofs-modules-4.19.0-15-s390x-di | 4.19.177-1 | s390x kernel-image-4.19.0-13-s390x-di | 4.19.160-2 | s390x kernel-image-4.19.0-15-s390x-di | 4.19.177-1 | s390x linux-headers-4.19.0-13-all-s390x | 4.19.160-2 | s390x linux-headers-4.19.0-13-s390x | 4.19.160-2 | s390x linux-headers-4.19.0-15-all-s390x | 4.19.177-1 | s390x linux-headers-4.19.0-15-s390x | 4.19.177-1 | s390x linux-image-4.19.0-13-s390x | 4.19.160-2 | s390x linux-image-4.19.0-13-s390x-dbg | 4.19.160-2 | s390x linux-image-4.19.0-15-s390x | 4.19.177-1 | s390x linux-image-4.19.0-15-s390x-dbg | 4.19.177-1 | s390x loop-modules-4.19.0-13-s390x-di | 4.19.160-2 | s390x loop-modules-4.19.0-15-s390x-di | 4.19.177-1 | s390x md-modules-4.19.0-13-s390x-di | 4.19.160-2 | s390x md-modules-4.19.0-15-s390x-di | 4.19.177-1 | s390x mtd-core-modules-4.19.0-13-s390x-di | 4.19.160-2 | s390x mtd-core-modules-4.19.0-15-s390x-di | 4.19.177-1 | s390x multipath-modules-4.19.0-13-s390x-di | 4.19.160-2 | s390x multipath-modules-4.19.0-15-s390x-di | 4.19.177-1 | s390x nbd-modules-4.19.0-13-s390x-di | 4.19.160-2 | s390x nbd-modules-4.19.0-15-s390x-di | 4.19.177-1 | s390x nic-modules-4.19.0-13-s390x-di | 4.19.160-2 | s390x nic-modules-4.19.0-15-s390x-di | 4.19.177-1 | s390x scsi-core-modules-4.19.0-13-s390x-di | 4.19.160-2 | s390x scsi-core-modules-4.19.0-15-s390x-di | 4.19.177-1 | s390x scsi-modules-4.19.0-13-s390x-di | 4.19.160-2 | s390x scsi-modules-4.19.0-15-s390x-di | 4.19.177-1 | s390x udf-modules-4.19.0-13-s390x-di | 4.19.160-2 | s390x udf-modules-4.19.0-15-s390x-di | 4.19.177-1 | s390x xfs-modules-4.19.0-13-s390x-di | 4.19.160-2 | s390x xfs-modules-4.19.0-15-s390x-di | 4.19.177-1 | s390x zlib-modules-4.19.0-13-s390x-di | 4.19.160-2 | s390x zlib-modules-4.19.0-15-s390x-di | 4.19.177-1 | s390x ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 27 Mar 2021 09:28:14 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: linux-headers-4.19.0-13-all | 4.19.160-2 | amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x linux-headers-4.19.0-15-all | 4.19.177-1 | amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 27 Mar 2021 09:28:24 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: linux-headers-4.19.0-13-all-arm64 | 4.19.160-2 | arm64 linux-headers-4.19.0-13-arm64 | 4.19.160-2 | arm64 linux-headers-4.19.0-13-rt-arm64 | 4.19.160-2 | arm64 linux-headers-4.19.0-15-all-arm64 | 4.19.177-1 | arm64 linux-headers-4.19.0-15-arm64 | 4.19.177-1 | arm64 linux-headers-4.19.0-15-rt-arm64 | 4.19.177-1 | arm64 linux-image-4.19.0-13-arm64-dbg | 4.19.160-2 | arm64 linux-image-4.19.0-13-arm64-unsigned | 4.19.160-2 | arm64 linux-image-4.19.0-13-rt-arm64-dbg | 4.19.160-2 | arm64 linux-image-4.19.0-13-rt-arm64-unsigned | 4.19.160-2 | arm64 linux-image-4.19.0-15-arm64-dbg | 4.19.177-1 | arm64 linux-image-4.19.0-15-arm64-unsigned | 4.19.177-1 | arm64 linux-image-4.19.0-15-rt-arm64-dbg | 4.19.177-1 | arm64 linux-image-4.19.0-15-rt-arm64-unsigned | 4.19.177-1 | arm64 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 27 Mar 2021 09:28:34 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: btrfs-modules-4.19.0-13-marvell-di | 4.19.160-2 | armel btrfs-modules-4.19.0-15-marvell-di | 4.19.177-1 | armel cdrom-core-modules-4.19.0-13-marvell-di | 4.19.160-2 | armel cdrom-core-modules-4.19.0-15-marvell-di | 4.19.177-1 | armel compress-modules-4.19.0-13-marvell-di | 4.19.160-2 | armel compress-modules-4.19.0-15-marvell-di | 4.19.177-1 | armel crc-modules-4.19.0-13-marvell-di | 4.19.160-2 | armel crc-modules-4.19.0-15-marvell-di | 4.19.177-1 | armel crypto-dm-modules-4.19.0-13-marvell-di | 4.19.160-2 | armel crypto-dm-modules-4.19.0-15-marvell-di | 4.19.177-1 | armel crypto-modules-4.19.0-13-marvell-di | 4.19.160-2 | armel crypto-modules-4.19.0-15-marvell-di | 4.19.177-1 | armel event-modules-4.19.0-13-marvell-di | 4.19.160-2 | armel event-modules-4.19.0-15-marvell-di | 4.19.177-1 | armel ext4-modules-4.19.0-13-marvell-di | 4.19.160-2 | armel ext4-modules-4.19.0-15-marvell-di | 4.19.177-1 | armel fat-modules-4.19.0-13-marvell-di | 4.19.160-2 | armel fat-modules-4.19.0-15-marvell-di | 4.19.177-1 | armel fb-modules-4.19.0-13-marvell-di | 4.19.160-2 | armel fb-modules-4.19.0-15-marvell-di | 4.19.177-1 | armel fuse-modules-4.19.0-13-marvell-di | 4.19.160-2 | armel fuse-modules-4.19.0-15-marvell-di | 4.19.177-1 | armel input-modules-4.19.0-13-marvell-di | 4.19.160-2 | armel input-modules-4.19.0-15-marvell-di | 4.19.177-1 | armel ipv6-modules-4.19.0-13-marvell-di | 4.19.160-2 | armel ipv6-modules-4.19.0-15-marvell-di | 4.19.177-1 | armel isofs-modules-4.19.0-13-marvell-di | 4.19.160-2 | armel isofs-modules-4.19.0-15-marvell-di | 4.19.177-1 | armel jffs2-modules-4.19.0-13-marvell-di | 4.19.160-2 | armel jffs2-modules-4.19.0-15-marvell-di | 4.19.177-1 | armel jfs-modules-4.19.0-13-marvell-di | 4.19.160-2 | armel jfs-modules-4.19.0-15-marvell-di | 4.19.177-1 | armel kernel-image-4.19.0-13-marvell-di | 4.19.160-2 | armel kernel-image-4.19.0-15-marvell-di | 4.19.177-1 | armel leds-modules-4.19.0-13-marvell-di | 4.19.160-2 | armel leds-modules-4.19.0-15-marvell-di | 4.19.177-1 | armel linux-headers-4.19.0-13-all-armel | 4.19.160-2 | armel linux-headers-4.19.0-13-marvell | 4.19.160-2 | armel linux-headers-4.19.0-13-rpi | 4.19.160-2 | armel linux-headers-4.19.0-15-all-armel | 4.19.177-1 | armel linux-headers-4.19.0-15-marvell | 4.19.177-1 | armel linux-headers-4.19.0-15-rpi | 4.19.177-1 | armel linux-image-4.19.0-13-marvell | 4.19.160-2 | armel linux-image-4.19.0-13-marvell-dbg | 4.19.160-2 | armel linux-image-4.19.0-13-rpi | 4.19.160-2 | armel linux-image-4.19.0-13-rpi-dbg | 4.19.160-2 | armel linux-image-4.19.0-15-marvell | 4.19.177-1 | armel linux-image-4.19.0-15-marvell-dbg | 4.19.177-1 | armel linux-image-4.19.0-15-rpi | 4.19.177-1 | armel linux-image-4.19.0-15-rpi-dbg | 4.19.177-1 | armel loop-modules-4.19.0-13-marvell-di | 4.19.160-2 | armel loop-modules-4.19.0-15-marvell-di | 4.19.177-1 | armel md-modules-4.19.0-13-marvell-di | 4.19.160-2 | armel md-modules-4.19.0-15-marvell-di | 4.19.177-1 | armel minix-modules-4.19.0-13-marvell-di | 4.19.160-2 | armel minix-modules-4.19.0-15-marvell-di | 4.19.177-1 | armel mmc-core-modules-4.19.0-13-marvell-di | 4.19.160-2 | armel mmc-core-modules-4.19.0-15-marvell-di | 4.19.177-1 | armel mmc-modules-4.19.0-13-marvell-di | 4.19.160-2 | armel mmc-modules-4.19.0-15-marvell-di | 4.19.177-1 | armel mouse-modules-4.19.0-13-marvell-di | 4.19.160-2 | armel mouse-modules-4.19.0-15-marvell-di | 4.19.177-1 | armel mtd-core-modules-4.19.0-13-marvell-di | 4.19.160-2 | armel mtd-core-modules-4.19.0-15-marvell-di | 4.19.177-1 | armel mtd-modules-4.19.0-13-marvell-di | 4.19.160-2 | armel mtd-modules-4.19.0-15-marvell-di | 4.19.177-1 | armel multipath-modules-4.19.0-13-marvell-di | 4.19.160-2 | armel multipath-modules-4.19.0-15-marvell-di | 4.19.177-1 | armel nbd-modules-4.19.0-13-marvell-di | 4.19.160-2 | armel nbd-modules-4.19.0-15-marvell-di | 4.19.177-1 | armel nic-modules-4.19.0-13-marvell-di | 4.19.160-2 | armel nic-modules-4.19.0-15-marvell-di | 4.19.177-1 | armel nic-shared-modules-4.19.0-13-marvell-di | 4.19.160-2 | armel nic-shared-modules-4.19.0-15-marvell-di | 4.19.177-1 | armel nic-usb-modules-4.19.0-13-marvell-di | 4.19.160-2 | armel nic-usb-modules-4.19.0-15-marvell-di | 4.19.177-1 | armel ppp-modules-4.19.0-13-marvell-di | 4.19.160-2 | armel ppp-modules-4.19.0-15-marvell-di | 4.19.177-1 | armel sata-modules-4.19.0-13-marvell-di | 4.19.160-2 | armel sata-modules-4.19.0-15-marvell-di | 4.19.177-1 | armel scsi-core-modules-4.19.0-13-marvell-di | 4.19.160-2 | armel scsi-core-modules-4.19.0-15-marvell-di | 4.19.177-1 | armel squashfs-modules-4.19.0-13-marvell-di | 4.19.160-2 | armel squashfs-modules-4.19.0-15-marvell-di | 4.19.177-1 | armel udf-modules-4.19.0-13-marvell-di | 4.19.160-2 | armel udf-modules-4.19.0-15-marvell-di | 4.19.177-1 | armel uinput-modules-4.19.0-13-marvell-di | 4.19.160-2 | armel uinput-modules-4.19.0-15-marvell-di | 4.19.177-1 | armel usb-modules-4.19.0-13-marvell-di | 4.19.160-2 | armel usb-modules-4.19.0-15-marvell-di | 4.19.177-1 | armel usb-serial-modules-4.19.0-13-marvell-di | 4.19.160-2 | armel usb-serial-modules-4.19.0-15-marvell-di | 4.19.177-1 | armel usb-storage-modules-4.19.0-13-marvell-di | 4.19.160-2 | armel usb-storage-modules-4.19.0-15-marvell-di | 4.19.177-1 | armel zlib-modules-4.19.0-13-marvell-di | 4.19.160-2 | armel zlib-modules-4.19.0-15-marvell-di | 4.19.177-1 | armel ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 27 Mar 2021 09:28:44 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: ata-modules-4.19.0-13-armmp-di | 4.19.160-2 | armhf ata-modules-4.19.0-15-armmp-di | 4.19.177-1 | armhf btrfs-modules-4.19.0-13-armmp-di | 4.19.160-2 | armhf btrfs-modules-4.19.0-15-armmp-di | 4.19.177-1 | armhf cdrom-core-modules-4.19.0-13-armmp-di | 4.19.160-2 | armhf cdrom-core-modules-4.19.0-15-armmp-di | 4.19.177-1 | armhf compress-modules-4.19.0-13-armmp-di | 4.19.160-2 | armhf compress-modules-4.19.0-15-armmp-di | 4.19.177-1 | armhf crc-modules-4.19.0-13-armmp-di | 4.19.160-2 | armhf crc-modules-4.19.0-15-armmp-di | 4.19.177-1 | armhf crypto-dm-modules-4.19.0-13-armmp-di | 4.19.160-2 | armhf crypto-dm-modules-4.19.0-15-armmp-di | 4.19.177-1 | armhf crypto-modules-4.19.0-13-armmp-di | 4.19.160-2 | armhf crypto-modules-4.19.0-15-armmp-di | 4.19.177-1 | armhf efi-modules-4.19.0-13-armmp-di | 4.19.160-2 | armhf efi-modules-4.19.0-15-armmp-di | 4.19.177-1 | armhf event-modules-4.19.0-13-armmp-di | 4.19.160-2 | armhf event-modules-4.19.0-15-armmp-di | 4.19.177-1 | armhf ext4-modules-4.19.0-13-armmp-di | 4.19.160-2 | armhf ext4-modules-4.19.0-15-armmp-di | 4.19.177-1 | armhf fat-modules-4.19.0-13-armmp-di | 4.19.160-2 | armhf fat-modules-4.19.0-15-armmp-di | 4.19.177-1 | armhf fb-modules-4.19.0-13-armmp-di | 4.19.160-2 | armhf fb-modules-4.19.0-15-armmp-di | 4.19.177-1 | armhf fuse-modules-4.19.0-13-armmp-di | 4.19.160-2 | armhf fuse-modules-4.19.0-15-armmp-di | 4.19.177-1 | armhf i2c-modules-4.19.0-13-armmp-di | 4.19.160-2 | armhf i2c-modules-4.19.0-15-armmp-di | 4.19.177-1 | armhf input-modules-4.19.0-13-armmp-di | 4.19.160-2 | armhf input-modules-4.19.0-15-armmp-di | 4.19.177-1 | armhf isofs-modules-4.19.0-13-armmp-di | 4.19.160-2 | armhf isofs-modules-4.19.0-15-armmp-di | 4.19.177-1 | armhf jfs-modules-4.19.0-13-armmp-di | 4.19.160-2 | armhf jfs-modules-4.19.0-15-armmp-di | 4.19.177-1 | armhf kernel-image-4.19.0-13-armmp-di | 4.19.160-2 | armhf kernel-image-4.19.0-15-armmp-di | 4.19.177-1 | armhf leds-modules-4.19.0-13-armmp-di | 4.19.160-2 | armhf leds-modules-4.19.0-15-armmp-di | 4.19.177-1 | armhf linux-headers-4.19.0-13-all-armhf | 4.19.160-2 | armhf linux-headers-4.19.0-13-armmp | 4.19.160-2 | armhf linux-headers-4.19.0-13-armmp-lpae | 4.19.160-2 | armhf linux-headers-4.19.0-13-rt-armmp | 4.19.160-2 | armhf linux-headers-4.19.0-15-all-armhf | 4.19.177-1 | armhf linux-headers-4.19.0-15-armmp | 4.19.177-1 | armhf linux-headers-4.19.0-15-armmp-lpae | 4.19.177-1 | armhf linux-headers-4.19.0-15-rt-armmp | 4.19.177-1 | armhf linux-image-4.19.0-13-armmp | 4.19.160-2 | armhf linux-image-4.19.0-13-armmp-dbg | 4.19.160-2 | armhf linux-image-4.19.0-13-armmp-lpae | 4.19.160-2 | armhf linux-image-4.19.0-13-armmp-lpae-dbg | 4.19.160-2 | armhf linux-image-4.19.0-13-rt-armmp | 4.19.160-2 | armhf linux-image-4.19.0-13-rt-armmp-dbg | 4.19.160-2 | armhf linux-image-4.19.0-15-armmp | 4.19.177-1 | armhf linux-image-4.19.0-15-armmp-dbg | 4.19.177-1 | armhf linux-image-4.19.0-15-armmp-lpae | 4.19.177-1 | armhf linux-image-4.19.0-15-armmp-lpae-dbg | 4.19.177-1 | armhf linux-image-4.19.0-15-rt-armmp | 4.19.177-1 | armhf linux-image-4.19.0-15-rt-armmp-dbg | 4.19.177-1 | armhf loop-modules-4.19.0-13-armmp-di | 4.19.160-2 | armhf loop-modules-4.19.0-15-armmp-di | 4.19.177-1 | armhf md-modules-4.19.0-13-armmp-di | 4.19.160-2 | armhf md-modules-4.19.0-15-armmp-di | 4.19.177-1 | armhf mmc-modules-4.19.0-13-armmp-di | 4.19.160-2 | armhf mmc-modules-4.19.0-15-armmp-di | 4.19.177-1 | armhf mtd-modules-4.19.0-13-armmp-di | 4.19.160-2 | armhf mtd-modules-4.19.0-15-armmp-di | 4.19.177-1 | armhf multipath-modules-4.19.0-13-armmp-di | 4.19.160-2 | armhf multipath-modules-4.19.0-15-armmp-di | 4.19.177-1 | armhf nbd-modules-4.19.0-13-armmp-di | 4.19.160-2 | armhf nbd-modules-4.19.0-15-armmp-di | 4.19.177-1 | armhf nic-modules-4.19.0-13-armmp-di | 4.19.160-2 | armhf nic-modules-4.19.0-15-armmp-di | 4.19.177-1 | armhf nic-shared-modules-4.19.0-13-armmp-di | 4.19.160-2 | armhf nic-shared-modules-4.19.0-15-armmp-di | 4.19.177-1 | armhf nic-usb-modules-4.19.0-13-armmp-di | 4.19.160-2 | armhf nic-usb-modules-4.19.0-15-armmp-di | 4.19.177-1 | armhf nic-wireless-modules-4.19.0-13-armmp-di | 4.19.160-2 | armhf nic-wireless-modules-4.19.0-15-armmp-di | 4.19.177-1 | armhf pata-modules-4.19.0-13-armmp-di | 4.19.160-2 | armhf pata-modules-4.19.0-15-armmp-di | 4.19.177-1 | armhf ppp-modules-4.19.0-13-armmp-di | 4.19.160-2 | armhf ppp-modules-4.19.0-15-armmp-di | 4.19.177-1 | armhf sata-modules-4.19.0-13-armmp-di | 4.19.160-2 | armhf sata-modules-4.19.0-15-armmp-di | 4.19.177-1 | armhf scsi-core-modules-4.19.0-13-armmp-di | 4.19.160-2 | armhf scsi-core-modules-4.19.0-15-armmp-di | 4.19.177-1 | armhf scsi-modules-4.19.0-13-armmp-di | 4.19.160-2 | armhf scsi-modules-4.19.0-15-armmp-di | 4.19.177-1 | armhf scsi-nic-modules-4.19.0-13-armmp-di | 4.19.160-2 | armhf scsi-nic-modules-4.19.0-15-armmp-di | 4.19.177-1 | armhf squashfs-modules-4.19.0-13-armmp-di | 4.19.160-2 | armhf squashfs-modules-4.19.0-15-armmp-di | 4.19.177-1 | armhf udf-modules-4.19.0-13-armmp-di | 4.19.160-2 | armhf udf-modules-4.19.0-15-armmp-di | 4.19.177-1 | armhf uinput-modules-4.19.0-13-armmp-di | 4.19.160-2 | armhf uinput-modules-4.19.0-15-armmp-di | 4.19.177-1 | armhf usb-modules-4.19.0-13-armmp-di | 4.19.160-2 | armhf usb-modules-4.19.0-15-armmp-di | 4.19.177-1 | armhf usb-serial-modules-4.19.0-13-armmp-di | 4.19.160-2 | armhf usb-serial-modules-4.19.0-15-armmp-di | 4.19.177-1 | armhf usb-storage-modules-4.19.0-13-armmp-di | 4.19.160-2 | armhf usb-storage-modules-4.19.0-15-armmp-di | 4.19.177-1 | armhf zlib-modules-4.19.0-13-armmp-di | 4.19.160-2 | armhf zlib-modules-4.19.0-15-armmp-di | 4.19.177-1 | armhf ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 27 Mar 2021 09:28:54 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: linux-headers-4.19.0-13-686 | 4.19.160-2 | i386 linux-headers-4.19.0-13-686-pae | 4.19.160-2 | i386 linux-headers-4.19.0-13-all-i386 | 4.19.160-2 | i386 linux-headers-4.19.0-13-rt-686-pae | 4.19.160-2 | i386 linux-headers-4.19.0-15-686 | 4.19.177-1 | i386 linux-headers-4.19.0-15-686-pae | 4.19.177-1 | i386 linux-headers-4.19.0-15-all-i386 | 4.19.177-1 | i386 linux-headers-4.19.0-15-rt-686-pae | 4.19.177-1 | i386 linux-image-4.19.0-13-686-dbg | 4.19.160-2 | i386 linux-image-4.19.0-13-686-pae-dbg | 4.19.160-2 | i386 linux-image-4.19.0-13-686-pae-unsigned | 4.19.160-2 | i386 linux-image-4.19.0-13-686-unsigned | 4.19.160-2 | i386 linux-image-4.19.0-13-rt-686-pae-dbg | 4.19.160-2 | i386 linux-image-4.19.0-13-rt-686-pae-unsigned | 4.19.160-2 | i386 linux-image-4.19.0-15-686-dbg | 4.19.177-1 | i386 linux-image-4.19.0-15-686-pae-dbg | 4.19.177-1 | i386 linux-image-4.19.0-15-686-pae-unsigned | 4.19.177-1 | i386 linux-image-4.19.0-15-686-unsigned | 4.19.177-1 | i386 linux-image-4.19.0-15-rt-686-pae-dbg | 4.19.177-1 | i386 linux-image-4.19.0-15-rt-686-pae-unsigned | 4.19.177-1 | i386 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 27 Mar 2021 09:29:04 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: linux-headers-4.19.0-13-all-mips | 4.19.160-2 | mips linux-headers-4.19.0-15-all-mips | 4.19.177-1 | mips ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 27 Mar 2021 09:29:14 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: affs-modules-4.19.0-13-octeon-di | 4.19.160-2 | mips, mips64el, mipsel affs-modules-4.19.0-15-octeon-di | 4.19.177-1 | mips, mips64el, mipsel btrfs-modules-4.19.0-13-octeon-di | 4.19.160-2 | mips, mips64el, mipsel btrfs-modules-4.19.0-15-octeon-di | 4.19.177-1 | mips, mips64el, mipsel cdrom-core-modules-4.19.0-13-octeon-di | 4.19.160-2 | mips, mips64el, mipsel cdrom-core-modules-4.19.0-15-octeon-di | 4.19.177-1 | mips, mips64el, mipsel compress-modules-4.19.0-13-octeon-di | 4.19.160-2 | mips, mips64el, mipsel compress-modules-4.19.0-15-octeon-di | 4.19.177-1 | mips, mips64el, mipsel crc-modules-4.19.0-13-octeon-di | 4.19.160-2 | mips, mips64el, mipsel crc-modules-4.19.0-15-octeon-di | 4.19.177-1 | mips, mips64el, mipsel crypto-dm-modules-4.19.0-13-octeon-di | 4.19.160-2 | mips, mips64el, mipsel crypto-dm-modules-4.19.0-15-octeon-di | 4.19.177-1 | mips, mips64el, mipsel crypto-modules-4.19.0-13-octeon-di | 4.19.160-2 | mips, mips64el, mipsel crypto-modules-4.19.0-15-octeon-di | 4.19.177-1 | mips, mips64el, mipsel event-modules-4.19.0-13-octeon-di | 4.19.160-2 | mips, mips64el, mipsel event-modules-4.19.0-15-octeon-di | 4.19.177-1 | mips, mips64el, mipsel ext4-modules-4.19.0-13-octeon-di | 4.19.160-2 | mips, mips64el, mipsel ext4-modules-4.19.0-15-octeon-di | 4.19.177-1 | mips, mips64el, mipsel fat-modules-4.19.0-13-octeon-di | 4.19.160-2 | mips, mips64el, mipsel fat-modules-4.19.0-15-octeon-di | 4.19.177-1 | mips, mips64el, mipsel fuse-modules-4.19.0-13-octeon-di | 4.19.160-2 | mips, mips64el, mipsel fuse-modules-4.19.0-15-octeon-di | 4.19.177-1 | mips, mips64el, mipsel hfs-modules-4.19.0-13-octeon-di | 4.19.160-2 | mips, mips64el, mipsel hfs-modules-4.19.0-15-octeon-di | 4.19.177-1 | mips, mips64el, mipsel input-modules-4.19.0-13-octeon-di | 4.19.160-2 | mips, mips64el, mipsel input-modules-4.19.0-15-octeon-di | 4.19.177-1 | mips, mips64el, mipsel isofs-modules-4.19.0-13-octeon-di | 4.19.160-2 | mips, mips64el, mipsel isofs-modules-4.19.0-15-octeon-di | 4.19.177-1 | mips, mips64el, mipsel jfs-modules-4.19.0-13-octeon-di | 4.19.160-2 | mips, mips64el, mipsel jfs-modules-4.19.0-15-octeon-di | 4.19.177-1 | mips, mips64el, mipsel kernel-image-4.19.0-13-octeon-di | 4.19.160-2 | mips, mips64el, mipsel kernel-image-4.19.0-15-octeon-di | 4.19.177-1 | mips, mips64el, mipsel linux-headers-4.19.0-13-5kc-malta | 4.19.160-2 | mips, mips64el, mipsel linux-headers-4.19.0-13-octeon | 4.19.160-2 | mips, mips64el, mipsel linux-headers-4.19.0-15-5kc-malta | 4.19.177-1 | mips, mips64el, mipsel linux-headers-4.19.0-15-octeon | 4.19.177-1 | mips, mips64el, mipsel linux-image-4.19.0-13-5kc-malta | 4.19.160-2 | mips, mips64el, mipsel linux-image-4.19.0-13-5kc-malta-dbg | 4.19.160-2 | mips, mips64el, mipsel linux-image-4.19.0-13-octeon | 4.19.160-2 | mips, mips64el, mipsel linux-image-4.19.0-13-octeon-dbg | 4.19.160-2 | mips, mips64el, mipsel linux-image-4.19.0-15-5kc-malta | 4.19.177-1 | mips, mips64el, mipsel linux-image-4.19.0-15-5kc-malta-dbg | 4.19.177-1 | mips, mips64el, mipsel linux-image-4.19.0-15-octeon | 4.19.177-1 | mips, mips64el, mipsel linux-image-4.19.0-15-octeon-dbg | 4.19.177-1 | mips, mips64el, mipsel loop-modules-4.19.0-13-octeon-di | 4.19.160-2 | mips, mips64el, mipsel loop-modules-4.19.0-15-octeon-di | 4.19.177-1 | mips, mips64el, mipsel md-modules-4.19.0-13-octeon-di | 4.19.160-2 | mips, mips64el, mipsel md-modules-4.19.0-15-octeon-di | 4.19.177-1 | mips, mips64el, mipsel minix-modules-4.19.0-13-octeon-di | 4.19.160-2 | mips, mips64el, mipsel minix-modules-4.19.0-15-octeon-di | 4.19.177-1 | mips, mips64el, mipsel multipath-modules-4.19.0-13-octeon-di | 4.19.160-2 | mips, mips64el, mipsel multipath-modules-4.19.0-15-octeon-di | 4.19.177-1 | mips, mips64el, mipsel nbd-modules-4.19.0-13-octeon-di | 4.19.160-2 | mips, mips64el, mipsel nbd-modules-4.19.0-15-octeon-di | 4.19.177-1 | mips, mips64el, mipsel nic-modules-4.19.0-13-octeon-di | 4.19.160-2 | mips, mips64el, mipsel nic-modules-4.19.0-15-octeon-di | 4.19.177-1 | mips, mips64el, mipsel nic-shared-modules-4.19.0-13-octeon-di | 4.19.160-2 | mips, mips64el, mipsel nic-shared-modules-4.19.0-15-octeon-di | 4.19.177-1 | mips, mips64el, mipsel nic-usb-modules-4.19.0-13-octeon-di | 4.19.160-2 | mips, mips64el, mipsel nic-usb-modules-4.19.0-15-octeon-di | 4.19.177-1 | mips, mips64el, mipsel nic-wireless-modules-4.19.0-13-octeon-di | 4.19.160-2 | mips, mips64el, mipsel nic-wireless-modules-4.19.0-15-octeon-di | 4.19.177-1 | mips, mips64el, mipsel pata-modules-4.19.0-13-octeon-di | 4.19.160-2 | mips, mips64el, mipsel pata-modules-4.19.0-15-octeon-di | 4.19.177-1 | mips, mips64el, mipsel ppp-modules-4.19.0-13-octeon-di | 4.19.160-2 | mips, mips64el, mipsel ppp-modules-4.19.0-15-octeon-di | 4.19.177-1 | mips, mips64el, mipsel rtc-modules-4.19.0-13-octeon-di | 4.19.160-2 | mips, mips64el, mipsel rtc-modules-4.19.0-15-octeon-di | 4.19.177-1 | mips, mips64el, mipsel sata-modules-4.19.0-13-octeon-di | 4.19.160-2 | mips, mips64el, mipsel sata-modules-4.19.0-15-octeon-di | 4.19.177-1 | mips, mips64el, mipsel scsi-core-modules-4.19.0-13-octeon-di | 4.19.160-2 | mips, mips64el, mipsel scsi-core-modules-4.19.0-15-octeon-di | 4.19.177-1 | mips, mips64el, mipsel scsi-modules-4.19.0-13-octeon-di | 4.19.160-2 | mips, mips64el, mipsel scsi-modules-4.19.0-15-octeon-di | 4.19.177-1 | mips, mips64el, mipsel scsi-nic-modules-4.19.0-13-octeon-di | 4.19.160-2 | mips, mips64el, mipsel scsi-nic-modules-4.19.0-15-octeon-di | 4.19.177-1 | mips, mips64el, mipsel sound-modules-4.19.0-13-octeon-di | 4.19.160-2 | mips, mips64el, mipsel sound-modules-4.19.0-15-octeon-di | 4.19.177-1 | mips, mips64el, mipsel squashfs-modules-4.19.0-13-octeon-di | 4.19.160-2 | mips, mips64el, mipsel squashfs-modules-4.19.0-15-octeon-di | 4.19.177-1 | mips, mips64el, mipsel udf-modules-4.19.0-13-octeon-di | 4.19.160-2 | mips, mips64el, mipsel udf-modules-4.19.0-15-octeon-di | 4.19.177-1 | mips, mips64el, mipsel usb-modules-4.19.0-13-octeon-di | 4.19.160-2 | mips, mips64el, mipsel usb-modules-4.19.0-15-octeon-di | 4.19.177-1 | mips, mips64el, mipsel usb-serial-modules-4.19.0-13-octeon-di | 4.19.160-2 | mips, mips64el, mipsel usb-serial-modules-4.19.0-15-octeon-di | 4.19.177-1 | mips, mips64el, mipsel usb-storage-modules-4.19.0-13-octeon-di | 4.19.160-2 | mips, mips64el, mipsel usb-storage-modules-4.19.0-15-octeon-di | 4.19.177-1 | mips, mips64el, mipsel xfs-modules-4.19.0-13-octeon-di | 4.19.160-2 | mips, mips64el, mipsel xfs-modules-4.19.0-15-octeon-di | 4.19.177-1 | mips, mips64el, mipsel zlib-modules-4.19.0-13-octeon-di | 4.19.160-2 | mips, mips64el, mipsel zlib-modules-4.19.0-15-octeon-di | 4.19.177-1 | mips, mips64el, mipsel ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 27 Mar 2021 09:29:25 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: affs-modules-4.19.0-13-4kc-malta-di | 4.19.160-2 | mips, mipsel affs-modules-4.19.0-15-4kc-malta-di | 4.19.177-1 | mips, mipsel ata-modules-4.19.0-13-4kc-malta-di | 4.19.160-2 | mips, mipsel ata-modules-4.19.0-15-4kc-malta-di | 4.19.177-1 | mips, mipsel btrfs-modules-4.19.0-13-4kc-malta-di | 4.19.160-2 | mips, mipsel btrfs-modules-4.19.0-15-4kc-malta-di | 4.19.177-1 | mips, mipsel cdrom-core-modules-4.19.0-13-4kc-malta-di | 4.19.160-2 | mips, mipsel cdrom-core-modules-4.19.0-15-4kc-malta-di | 4.19.177-1 | mips, mipsel compress-modules-4.19.0-13-4kc-malta-di | 4.19.160-2 | mips, mipsel compress-modules-4.19.0-15-4kc-malta-di | 4.19.177-1 | mips, mipsel crc-modules-4.19.0-13-4kc-malta-di | 4.19.160-2 | mips, mipsel crc-modules-4.19.0-15-4kc-malta-di | 4.19.177-1 | mips, mipsel crypto-dm-modules-4.19.0-13-4kc-malta-di | 4.19.160-2 | mips, mipsel crypto-dm-modules-4.19.0-15-4kc-malta-di | 4.19.177-1 | mips, mipsel crypto-modules-4.19.0-13-4kc-malta-di | 4.19.160-2 | mips, mipsel crypto-modules-4.19.0-15-4kc-malta-di | 4.19.177-1 | mips, mipsel event-modules-4.19.0-13-4kc-malta-di | 4.19.160-2 | mips, mipsel event-modules-4.19.0-15-4kc-malta-di | 4.19.177-1 | mips, mipsel ext4-modules-4.19.0-13-4kc-malta-di | 4.19.160-2 | mips, mipsel ext4-modules-4.19.0-15-4kc-malta-di | 4.19.177-1 | mips, mipsel fat-modules-4.19.0-13-4kc-malta-di | 4.19.160-2 | mips, mipsel fat-modules-4.19.0-15-4kc-malta-di | 4.19.177-1 | mips, mipsel fb-modules-4.19.0-13-4kc-malta-di | 4.19.160-2 | mips, mipsel fb-modules-4.19.0-15-4kc-malta-di | 4.19.177-1 | mips, mipsel fuse-modules-4.19.0-13-4kc-malta-di | 4.19.160-2 | mips, mipsel fuse-modules-4.19.0-15-4kc-malta-di | 4.19.177-1 | mips, mipsel hfs-modules-4.19.0-13-4kc-malta-di | 4.19.160-2 | mips, mipsel hfs-modules-4.19.0-15-4kc-malta-di | 4.19.177-1 | mips, mipsel i2c-modules-4.19.0-13-4kc-malta-di | 4.19.160-2 | mips, mipsel i2c-modules-4.19.0-15-4kc-malta-di | 4.19.177-1 | mips, mipsel input-modules-4.19.0-13-4kc-malta-di | 4.19.160-2 | mips, mipsel input-modules-4.19.0-15-4kc-malta-di | 4.19.177-1 | mips, mipsel isofs-modules-4.19.0-13-4kc-malta-di | 4.19.160-2 | mips, mipsel isofs-modules-4.19.0-15-4kc-malta-di | 4.19.177-1 | mips, mipsel jfs-modules-4.19.0-13-4kc-malta-di | 4.19.160-2 | mips, mipsel jfs-modules-4.19.0-15-4kc-malta-di | 4.19.177-1 | mips, mipsel kernel-image-4.19.0-13-4kc-malta-di | 4.19.160-2 | mips, mipsel kernel-image-4.19.0-15-4kc-malta-di | 4.19.177-1 | mips, mipsel linux-headers-4.19.0-13-4kc-malta | 4.19.160-2 | mips, mipsel linux-headers-4.19.0-15-4kc-malta | 4.19.177-1 | mips, mipsel linux-image-4.19.0-13-4kc-malta | 4.19.160-2 | mips, mipsel linux-image-4.19.0-13-4kc-malta-dbg | 4.19.160-2 | mips, mipsel linux-image-4.19.0-15-4kc-malta | 4.19.177-1 | mips, mipsel linux-image-4.19.0-15-4kc-malta-dbg | 4.19.177-1 | mips, mipsel loop-modules-4.19.0-13-4kc-malta-di | 4.19.160-2 | mips, mipsel loop-modules-4.19.0-15-4kc-malta-di | 4.19.177-1 | mips, mipsel md-modules-4.19.0-13-4kc-malta-di | 4.19.160-2 | mips, mipsel md-modules-4.19.0-15-4kc-malta-di | 4.19.177-1 | mips, mipsel minix-modules-4.19.0-13-4kc-malta-di | 4.19.160-2 | mips, mipsel minix-modules-4.19.0-15-4kc-malta-di | 4.19.177-1 | mips, mipsel mmc-core-modules-4.19.0-13-4kc-malta-di | 4.19.160-2 | mips, mipsel mmc-core-modules-4.19.0-15-4kc-malta-di | 4.19.177-1 | mips, mipsel mmc-modules-4.19.0-13-4kc-malta-di | 4.19.160-2 | mips, mipsel mmc-modules-4.19.0-15-4kc-malta-di | 4.19.177-1 | mips, mipsel mouse-modules-4.19.0-13-4kc-malta-di | 4.19.160-2 | mips, mipsel mouse-modules-4.19.0-15-4kc-malta-di | 4.19.177-1 | mips, mipsel mtd-core-modules-4.19.0-13-4kc-malta-di | 4.19.160-2 | mips, mipsel mtd-core-modules-4.19.0-15-4kc-malta-di | 4.19.177-1 | mips, mipsel multipath-modules-4.19.0-13-4kc-malta-di | 4.19.160-2 | mips, mipsel multipath-modules-4.19.0-15-4kc-malta-di | 4.19.177-1 | mips, mipsel nbd-modules-4.19.0-13-4kc-malta-di | 4.19.160-2 | mips, mipsel nbd-modules-4.19.0-15-4kc-malta-di | 4.19.177-1 | mips, mipsel nic-modules-4.19.0-13-4kc-malta-di | 4.19.160-2 | mips, mipsel nic-modules-4.19.0-15-4kc-malta-di | 4.19.177-1 | mips, mipsel nic-shared-modules-4.19.0-13-4kc-malta-di | 4.19.160-2 | mips, mipsel nic-shared-modules-4.19.0-15-4kc-malta-di | 4.19.177-1 | mips, mipsel nic-usb-modules-4.19.0-13-4kc-malta-di | 4.19.160-2 | mips, mipsel nic-usb-modules-4.19.0-15-4kc-malta-di | 4.19.177-1 | mips, mipsel nic-wireless-modules-4.19.0-13-4kc-malta-di | 4.19.160-2 | mips, mipsel nic-wireless-modules-4.19.0-15-4kc-malta-di | 4.19.177-1 | mips, mipsel pata-modules-4.19.0-13-4kc-malta-di | 4.19.160-2 | mips, mipsel pata-modules-4.19.0-15-4kc-malta-di | 4.19.177-1 | mips, mipsel ppp-modules-4.19.0-13-4kc-malta-di | 4.19.160-2 | mips, mipsel ppp-modules-4.19.0-15-4kc-malta-di | 4.19.177-1 | mips, mipsel sata-modules-4.19.0-13-4kc-malta-di | 4.19.160-2 | mips, mipsel sata-modules-4.19.0-15-4kc-malta-di | 4.19.177-1 | mips, mipsel scsi-core-modules-4.19.0-13-4kc-malta-di | 4.19.160-2 | mips, mipsel scsi-core-modules-4.19.0-15-4kc-malta-di | 4.19.177-1 | mips, mipsel scsi-modules-4.19.0-13-4kc-malta-di | 4.19.160-2 | mips, mipsel scsi-modules-4.19.0-15-4kc-malta-di | 4.19.177-1 | mips, mipsel scsi-nic-modules-4.19.0-13-4kc-malta-di | 4.19.160-2 | mips, mipsel scsi-nic-modules-4.19.0-15-4kc-malta-di | 4.19.177-1 | mips, mipsel sound-modules-4.19.0-13-4kc-malta-di | 4.19.160-2 | mips, mipsel sound-modules-4.19.0-15-4kc-malta-di | 4.19.177-1 | mips, mipsel squashfs-modules-4.19.0-13-4kc-malta-di | 4.19.160-2 | mips, mipsel squashfs-modules-4.19.0-15-4kc-malta-di | 4.19.177-1 | mips, mipsel udf-modules-4.19.0-13-4kc-malta-di | 4.19.160-2 | mips, mipsel udf-modules-4.19.0-15-4kc-malta-di | 4.19.177-1 | mips, mipsel usb-modules-4.19.0-13-4kc-malta-di | 4.19.160-2 | mips, mipsel usb-modules-4.19.0-15-4kc-malta-di | 4.19.177-1 | mips, mipsel usb-serial-modules-4.19.0-13-4kc-malta-di | 4.19.160-2 | mips, mipsel usb-serial-modules-4.19.0-15-4kc-malta-di | 4.19.177-1 | mips, mipsel usb-storage-modules-4.19.0-13-4kc-malta-di | 4.19.160-2 | mips, mipsel usb-storage-modules-4.19.0-15-4kc-malta-di | 4.19.177-1 | mips, mipsel xfs-modules-4.19.0-13-4kc-malta-di | 4.19.160-2 | mips, mipsel xfs-modules-4.19.0-15-4kc-malta-di | 4.19.177-1 | mips, mipsel zlib-modules-4.19.0-13-4kc-malta-di | 4.19.160-2 | mips, mipsel zlib-modules-4.19.0-15-4kc-malta-di | 4.19.177-1 | mips, mipsel ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 27 Mar 2021 09:29:32 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: affs-modules-4.19.0-13-5kc-malta-di | 4.19.160-2 | mips64el affs-modules-4.19.0-15-5kc-malta-di | 4.19.177-1 | mips64el ata-modules-4.19.0-13-5kc-malta-di | 4.19.160-2 | mips64el ata-modules-4.19.0-15-5kc-malta-di | 4.19.177-1 | mips64el btrfs-modules-4.19.0-13-5kc-malta-di | 4.19.160-2 | mips64el btrfs-modules-4.19.0-15-5kc-malta-di | 4.19.177-1 | mips64el cdrom-core-modules-4.19.0-13-5kc-malta-di | 4.19.160-2 | mips64el cdrom-core-modules-4.19.0-15-5kc-malta-di | 4.19.177-1 | mips64el compress-modules-4.19.0-13-5kc-malta-di | 4.19.160-2 | mips64el compress-modules-4.19.0-15-5kc-malta-di | 4.19.177-1 | mips64el crc-modules-4.19.0-13-5kc-malta-di | 4.19.160-2 | mips64el crc-modules-4.19.0-15-5kc-malta-di | 4.19.177-1 | mips64el crypto-dm-modules-4.19.0-13-5kc-malta-di | 4.19.160-2 | mips64el crypto-dm-modules-4.19.0-15-5kc-malta-di | 4.19.177-1 | mips64el crypto-modules-4.19.0-13-5kc-malta-di | 4.19.160-2 | mips64el crypto-modules-4.19.0-15-5kc-malta-di | 4.19.177-1 | mips64el event-modules-4.19.0-13-5kc-malta-di | 4.19.160-2 | mips64el event-modules-4.19.0-15-5kc-malta-di | 4.19.177-1 | mips64el ext4-modules-4.19.0-13-5kc-malta-di | 4.19.160-2 | mips64el ext4-modules-4.19.0-15-5kc-malta-di | 4.19.177-1 | mips64el fat-modules-4.19.0-13-5kc-malta-di | 4.19.160-2 | mips64el fat-modules-4.19.0-15-5kc-malta-di | 4.19.177-1 | mips64el fb-modules-4.19.0-13-5kc-malta-di | 4.19.160-2 | mips64el fb-modules-4.19.0-15-5kc-malta-di | 4.19.177-1 | mips64el fuse-modules-4.19.0-13-5kc-malta-di | 4.19.160-2 | mips64el fuse-modules-4.19.0-15-5kc-malta-di | 4.19.177-1 | mips64el hfs-modules-4.19.0-13-5kc-malta-di | 4.19.160-2 | mips64el hfs-modules-4.19.0-15-5kc-malta-di | 4.19.177-1 | mips64el i2c-modules-4.19.0-13-5kc-malta-di | 4.19.160-2 | mips64el i2c-modules-4.19.0-15-5kc-malta-di | 4.19.177-1 | mips64el input-modules-4.19.0-13-5kc-malta-di | 4.19.160-2 | mips64el input-modules-4.19.0-15-5kc-malta-di | 4.19.177-1 | mips64el isofs-modules-4.19.0-13-5kc-malta-di | 4.19.160-2 | mips64el isofs-modules-4.19.0-15-5kc-malta-di | 4.19.177-1 | mips64el jfs-modules-4.19.0-13-5kc-malta-di | 4.19.160-2 | mips64el jfs-modules-4.19.0-15-5kc-malta-di | 4.19.177-1 | mips64el kernel-image-4.19.0-13-5kc-malta-di | 4.19.160-2 | mips64el kernel-image-4.19.0-15-5kc-malta-di | 4.19.177-1 | mips64el linux-headers-4.19.0-13-all-mips64el | 4.19.160-2 | mips64el linux-headers-4.19.0-15-all-mips64el | 4.19.177-1 | mips64el loop-modules-4.19.0-13-5kc-malta-di | 4.19.160-2 | mips64el loop-modules-4.19.0-15-5kc-malta-di | 4.19.177-1 | mips64el md-modules-4.19.0-13-5kc-malta-di | 4.19.160-2 | mips64el md-modules-4.19.0-15-5kc-malta-di | 4.19.177-1 | mips64el minix-modules-4.19.0-13-5kc-malta-di | 4.19.160-2 | mips64el minix-modules-4.19.0-15-5kc-malta-di | 4.19.177-1 | mips64el mmc-core-modules-4.19.0-13-5kc-malta-di | 4.19.160-2 | mips64el mmc-core-modules-4.19.0-15-5kc-malta-di | 4.19.177-1 | mips64el mmc-modules-4.19.0-13-5kc-malta-di | 4.19.160-2 | mips64el mmc-modules-4.19.0-15-5kc-malta-di | 4.19.177-1 | mips64el mouse-modules-4.19.0-13-5kc-malta-di | 4.19.160-2 | mips64el mouse-modules-4.19.0-15-5kc-malta-di | 4.19.177-1 | mips64el mtd-core-modules-4.19.0-13-5kc-malta-di | 4.19.160-2 | mips64el mtd-core-modules-4.19.0-15-5kc-malta-di | 4.19.177-1 | mips64el multipath-modules-4.19.0-13-5kc-malta-di | 4.19.160-2 | mips64el multipath-modules-4.19.0-15-5kc-malta-di | 4.19.177-1 | mips64el nbd-modules-4.19.0-13-5kc-malta-di | 4.19.160-2 | mips64el nbd-modules-4.19.0-15-5kc-malta-di | 4.19.177-1 | mips64el nic-modules-4.19.0-13-5kc-malta-di | 4.19.160-2 | mips64el nic-modules-4.19.0-15-5kc-malta-di | 4.19.177-1 | mips64el nic-shared-modules-4.19.0-13-5kc-malta-di | 4.19.160-2 | mips64el nic-shared-modules-4.19.0-15-5kc-malta-di | 4.19.177-1 | mips64el nic-usb-modules-4.19.0-13-5kc-malta-di | 4.19.160-2 | mips64el nic-usb-modules-4.19.0-15-5kc-malta-di | 4.19.177-1 | mips64el nic-wireless-modules-4.19.0-13-5kc-malta-di | 4.19.160-2 | mips64el nic-wireless-modules-4.19.0-15-5kc-malta-di | 4.19.177-1 | mips64el pata-modules-4.19.0-13-5kc-malta-di | 4.19.160-2 | mips64el pata-modules-4.19.0-15-5kc-malta-di | 4.19.177-1 | mips64el ppp-modules-4.19.0-13-5kc-malta-di | 4.19.160-2 | mips64el ppp-modules-4.19.0-15-5kc-malta-di | 4.19.177-1 | mips64el sata-modules-4.19.0-13-5kc-malta-di | 4.19.160-2 | mips64el sata-modules-4.19.0-15-5kc-malta-di | 4.19.177-1 | mips64el scsi-core-modules-4.19.0-13-5kc-malta-di | 4.19.160-2 | mips64el scsi-core-modules-4.19.0-15-5kc-malta-di | 4.19.177-1 | mips64el scsi-modules-4.19.0-13-5kc-malta-di | 4.19.160-2 | mips64el scsi-modules-4.19.0-15-5kc-malta-di | 4.19.177-1 | mips64el scsi-nic-modules-4.19.0-13-5kc-malta-di | 4.19.160-2 | mips64el scsi-nic-modules-4.19.0-15-5kc-malta-di | 4.19.177-1 | mips64el sound-modules-4.19.0-13-5kc-malta-di | 4.19.160-2 | mips64el sound-modules-4.19.0-15-5kc-malta-di | 4.19.177-1 | mips64el squashfs-modules-4.19.0-13-5kc-malta-di | 4.19.160-2 | mips64el squashfs-modules-4.19.0-15-5kc-malta-di | 4.19.177-1 | mips64el udf-modules-4.19.0-13-5kc-malta-di | 4.19.160-2 | mips64el udf-modules-4.19.0-15-5kc-malta-di | 4.19.177-1 | mips64el usb-modules-4.19.0-13-5kc-malta-di | 4.19.160-2 | mips64el usb-modules-4.19.0-15-5kc-malta-di | 4.19.177-1 | mips64el usb-serial-modules-4.19.0-13-5kc-malta-di | 4.19.160-2 | mips64el usb-serial-modules-4.19.0-15-5kc-malta-di | 4.19.177-1 | mips64el usb-storage-modules-4.19.0-13-5kc-malta-di | 4.19.160-2 | mips64el usb-storage-modules-4.19.0-15-5kc-malta-di | 4.19.177-1 | mips64el xfs-modules-4.19.0-13-5kc-malta-di | 4.19.160-2 | mips64el xfs-modules-4.19.0-15-5kc-malta-di | 4.19.177-1 | mips64el zlib-modules-4.19.0-13-5kc-malta-di | 4.19.160-2 | mips64el zlib-modules-4.19.0-15-5kc-malta-di | 4.19.177-1 | mips64el ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 27 Mar 2021 09:29:41 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: affs-modules-4.19.0-13-loongson-3-di | 4.19.160-2 | mips64el, mipsel affs-modules-4.19.0-15-loongson-3-di | 4.19.177-1 | mips64el, mipsel ata-modules-4.19.0-13-loongson-3-di | 4.19.160-2 | mips64el, mipsel ata-modules-4.19.0-15-loongson-3-di | 4.19.177-1 | mips64el, mipsel btrfs-modules-4.19.0-13-loongson-3-di | 4.19.160-2 | mips64el, mipsel btrfs-modules-4.19.0-15-loongson-3-di | 4.19.177-1 | mips64el, mipsel cdrom-core-modules-4.19.0-13-loongson-3-di | 4.19.160-2 | mips64el, mipsel cdrom-core-modules-4.19.0-15-loongson-3-di | 4.19.177-1 | mips64el, mipsel compress-modules-4.19.0-13-loongson-3-di | 4.19.160-2 | mips64el, mipsel compress-modules-4.19.0-15-loongson-3-di | 4.19.177-1 | mips64el, mipsel crc-modules-4.19.0-13-loongson-3-di | 4.19.160-2 | mips64el, mipsel crc-modules-4.19.0-15-loongson-3-di | 4.19.177-1 | mips64el, mipsel crypto-dm-modules-4.19.0-13-loongson-3-di | 4.19.160-2 | mips64el, mipsel crypto-dm-modules-4.19.0-15-loongson-3-di | 4.19.177-1 | mips64el, mipsel crypto-modules-4.19.0-13-loongson-3-di | 4.19.160-2 | mips64el, mipsel crypto-modules-4.19.0-15-loongson-3-di | 4.19.177-1 | mips64el, mipsel event-modules-4.19.0-13-loongson-3-di | 4.19.160-2 | mips64el, mipsel event-modules-4.19.0-15-loongson-3-di | 4.19.177-1 | mips64el, mipsel ext4-modules-4.19.0-13-loongson-3-di | 4.19.160-2 | mips64el, mipsel ext4-modules-4.19.0-15-loongson-3-di | 4.19.177-1 | mips64el, mipsel fat-modules-4.19.0-13-loongson-3-di | 4.19.160-2 | mips64el, mipsel fat-modules-4.19.0-15-loongson-3-di | 4.19.177-1 | mips64el, mipsel fb-modules-4.19.0-13-loongson-3-di | 4.19.160-2 | mips64el, mipsel fb-modules-4.19.0-15-loongson-3-di | 4.19.177-1 | mips64el, mipsel firewire-core-modules-4.19.0-13-loongson-3-di | 4.19.160-2 | mips64el, mipsel firewire-core-modules-4.19.0-15-loongson-3-di | 4.19.177-1 | mips64el, mipsel fuse-modules-4.19.0-13-loongson-3-di | 4.19.160-2 | mips64el, mipsel fuse-modules-4.19.0-15-loongson-3-di | 4.19.177-1 | mips64el, mipsel hfs-modules-4.19.0-13-loongson-3-di | 4.19.160-2 | mips64el, mipsel hfs-modules-4.19.0-15-loongson-3-di | 4.19.177-1 | mips64el, mipsel input-modules-4.19.0-13-loongson-3-di | 4.19.160-2 | mips64el, mipsel input-modules-4.19.0-15-loongson-3-di | 4.19.177-1 | mips64el, mipsel isofs-modules-4.19.0-13-loongson-3-di | 4.19.160-2 | mips64el, mipsel isofs-modules-4.19.0-15-loongson-3-di | 4.19.177-1 | mips64el, mipsel jfs-modules-4.19.0-13-loongson-3-di | 4.19.160-2 | mips64el, mipsel jfs-modules-4.19.0-15-loongson-3-di | 4.19.177-1 | mips64el, mipsel kernel-image-4.19.0-13-loongson-3-di | 4.19.160-2 | mips64el, mipsel kernel-image-4.19.0-15-loongson-3-di | 4.19.177-1 | mips64el, mipsel linux-headers-4.19.0-13-loongson-3 | 4.19.160-2 | mips64el, mipsel linux-headers-4.19.0-15-loongson-3 | 4.19.177-1 | mips64el, mipsel linux-image-4.19.0-13-loongson-3 | 4.19.160-2 | mips64el, mipsel linux-image-4.19.0-13-loongson-3-dbg | 4.19.160-2 | mips64el, mipsel linux-image-4.19.0-15-loongson-3 | 4.19.177-1 | mips64el, mipsel linux-image-4.19.0-15-loongson-3-dbg | 4.19.177-1 | mips64el, mipsel loop-modules-4.19.0-13-loongson-3-di | 4.19.160-2 | mips64el, mipsel loop-modules-4.19.0-15-loongson-3-di | 4.19.177-1 | mips64el, mipsel md-modules-4.19.0-13-loongson-3-di | 4.19.160-2 | mips64el, mipsel md-modules-4.19.0-15-loongson-3-di | 4.19.177-1 | mips64el, mipsel minix-modules-4.19.0-13-loongson-3-di | 4.19.160-2 | mips64el, mipsel minix-modules-4.19.0-15-loongson-3-di | 4.19.177-1 | mips64el, mipsel mtd-core-modules-4.19.0-13-loongson-3-di | 4.19.160-2 | mips64el, mipsel mtd-core-modules-4.19.0-15-loongson-3-di | 4.19.177-1 | mips64el, mipsel multipath-modules-4.19.0-13-loongson-3-di | 4.19.160-2 | mips64el, mipsel multipath-modules-4.19.0-15-loongson-3-di | 4.19.177-1 | mips64el, mipsel nbd-modules-4.19.0-13-loongson-3-di | 4.19.160-2 | mips64el, mipsel nbd-modules-4.19.0-15-loongson-3-di | 4.19.177-1 | mips64el, mipsel nfs-modules-4.19.0-13-loongson-3-di | 4.19.160-2 | mips64el, mipsel nfs-modules-4.19.0-15-loongson-3-di | 4.19.177-1 | mips64el, mipsel nic-modules-4.19.0-13-loongson-3-di | 4.19.160-2 | mips64el, mipsel nic-modules-4.19.0-15-loongson-3-di | 4.19.177-1 | mips64el, mipsel nic-shared-modules-4.19.0-13-loongson-3-di | 4.19.160-2 | mips64el, mipsel nic-shared-modules-4.19.0-15-loongson-3-di | 4.19.177-1 | mips64el, mipsel nic-usb-modules-4.19.0-13-loongson-3-di | 4.19.160-2 | mips64el, mipsel nic-usb-modules-4.19.0-15-loongson-3-di | 4.19.177-1 | mips64el, mipsel nic-wireless-modules-4.19.0-13-loongson-3-di | 4.19.160-2 | mips64el, mipsel nic-wireless-modules-4.19.0-15-loongson-3-di | 4.19.177-1 | mips64el, mipsel pata-modules-4.19.0-13-loongson-3-di | 4.19.160-2 | mips64el, mipsel pata-modules-4.19.0-15-loongson-3-di | 4.19.177-1 | mips64el, mipsel ppp-modules-4.19.0-13-loongson-3-di | 4.19.160-2 | mips64el, mipsel ppp-modules-4.19.0-15-loongson-3-di | 4.19.177-1 | mips64el, mipsel sata-modules-4.19.0-13-loongson-3-di | 4.19.160-2 | mips64el, mipsel sata-modules-4.19.0-15-loongson-3-di | 4.19.177-1 | mips64el, mipsel scsi-core-modules-4.19.0-13-loongson-3-di | 4.19.160-2 | mips64el, mipsel scsi-core-modules-4.19.0-15-loongson-3-di | 4.19.177-1 | mips64el, mipsel scsi-modules-4.19.0-13-loongson-3-di | 4.19.160-2 | mips64el, mipsel scsi-modules-4.19.0-15-loongson-3-di | 4.19.177-1 | mips64el, mipsel scsi-nic-modules-4.19.0-13-loongson-3-di | 4.19.160-2 | mips64el, mipsel scsi-nic-modules-4.19.0-15-loongson-3-di | 4.19.177-1 | mips64el, mipsel sound-modules-4.19.0-13-loongson-3-di | 4.19.160-2 | mips64el, mipsel sound-modules-4.19.0-15-loongson-3-di | 4.19.177-1 | mips64el, mipsel speakup-modules-4.19.0-13-loongson-3-di | 4.19.160-2 | mips64el, mipsel speakup-modules-4.19.0-15-loongson-3-di | 4.19.177-1 | mips64el, mipsel squashfs-modules-4.19.0-13-loongson-3-di | 4.19.160-2 | mips64el, mipsel squashfs-modules-4.19.0-15-loongson-3-di | 4.19.177-1 | mips64el, mipsel udf-modules-4.19.0-13-loongson-3-di | 4.19.160-2 | mips64el, mipsel udf-modules-4.19.0-15-loongson-3-di | 4.19.177-1 | mips64el, mipsel usb-modules-4.19.0-13-loongson-3-di | 4.19.160-2 | mips64el, mipsel usb-modules-4.19.0-15-loongson-3-di | 4.19.177-1 | mips64el, mipsel usb-serial-modules-4.19.0-13-loongson-3-di | 4.19.160-2 | mips64el, mipsel usb-serial-modules-4.19.0-15-loongson-3-di | 4.19.177-1 | mips64el, mipsel usb-storage-modules-4.19.0-13-loongson-3-di | 4.19.160-2 | mips64el, mipsel usb-storage-modules-4.19.0-15-loongson-3-di | 4.19.177-1 | mips64el, mipsel xfs-modules-4.19.0-13-loongson-3-di | 4.19.160-2 | mips64el, mipsel xfs-modules-4.19.0-15-loongson-3-di | 4.19.177-1 | mips64el, mipsel zlib-modules-4.19.0-13-loongson-3-di | 4.19.160-2 | mips64el, mipsel zlib-modules-4.19.0-15-loongson-3-di | 4.19.177-1 | mips64el, mipsel ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 27 Mar 2021 09:29:48 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: acpi-modules-4.19.0-13-amd64-di | 4.19.160-2 | amd64 acpi-modules-4.19.0-15-amd64-di | 4.19.177-1 | amd64 ata-modules-4.19.0-13-amd64-di | 4.19.160-2 | amd64 ata-modules-4.19.0-15-amd64-di | 4.19.177-1 | amd64 btrfs-modules-4.19.0-13-amd64-di | 4.19.160-2 | amd64 btrfs-modules-4.19.0-15-amd64-di | 4.19.177-1 | amd64 cdrom-core-modules-4.19.0-13-amd64-di | 4.19.160-2 | amd64 cdrom-core-modules-4.19.0-15-amd64-di | 4.19.177-1 | amd64 compress-modules-4.19.0-13-amd64-di | 4.19.160-2 | amd64 compress-modules-4.19.0-15-amd64-di | 4.19.177-1 | amd64 crc-modules-4.19.0-13-amd64-di | 4.19.160-2 | amd64 crc-modules-4.19.0-15-amd64-di | 4.19.177-1 | amd64 crypto-dm-modules-4.19.0-13-amd64-di | 4.19.160-2 | amd64 crypto-dm-modules-4.19.0-15-amd64-di | 4.19.177-1 | amd64 crypto-modules-4.19.0-13-amd64-di | 4.19.160-2 | amd64 crypto-modules-4.19.0-15-amd64-di | 4.19.177-1 | amd64 efi-modules-4.19.0-13-amd64-di | 4.19.160-2 | amd64 efi-modules-4.19.0-15-amd64-di | 4.19.177-1 | amd64 event-modules-4.19.0-13-amd64-di | 4.19.160-2 | amd64 event-modules-4.19.0-15-amd64-di | 4.19.177-1 | amd64 ext4-modules-4.19.0-13-amd64-di | 4.19.160-2 | amd64 ext4-modules-4.19.0-15-amd64-di | 4.19.177-1 | amd64 fat-modules-4.19.0-13-amd64-di | 4.19.160-2 | amd64 fat-modules-4.19.0-15-amd64-di | 4.19.177-1 | amd64 fb-modules-4.19.0-13-amd64-di | 4.19.160-2 | amd64 fb-modules-4.19.0-15-amd64-di | 4.19.177-1 | amd64 firewire-core-modules-4.19.0-13-amd64-di | 4.19.160-2 | amd64 firewire-core-modules-4.19.0-15-amd64-di | 4.19.177-1 | amd64 fuse-modules-4.19.0-13-amd64-di | 4.19.160-2 | amd64 fuse-modules-4.19.0-15-amd64-di | 4.19.177-1 | amd64 i2c-modules-4.19.0-13-amd64-di | 4.19.160-2 | amd64 i2c-modules-4.19.0-15-amd64-di | 4.19.177-1 | amd64 input-modules-4.19.0-13-amd64-di | 4.19.160-2 | amd64 input-modules-4.19.0-15-amd64-di | 4.19.177-1 | amd64 isofs-modules-4.19.0-13-amd64-di | 4.19.160-2 | amd64 isofs-modules-4.19.0-15-amd64-di | 4.19.177-1 | amd64 jfs-modules-4.19.0-13-amd64-di | 4.19.160-2 | amd64 jfs-modules-4.19.0-15-amd64-di | 4.19.177-1 | amd64 kernel-image-4.19.0-13-amd64-di | 4.19.160-2 | amd64 kernel-image-4.19.0-15-amd64-di | 4.19.177-1 | amd64 linux-image-4.19.0-13-amd64 | 4.19.160-2 | amd64 linux-image-4.19.0-13-cloud-amd64 | 4.19.160-2 | amd64 linux-image-4.19.0-13-rt-amd64 | 4.19.160-2 | amd64 linux-image-4.19.0-15-amd64 | 4.19.177-1 | amd64 linux-image-4.19.0-15-cloud-amd64 | 4.19.177-1 | amd64 linux-image-4.19.0-15-rt-amd64 | 4.19.177-1 | amd64 loop-modules-4.19.0-13-amd64-di | 4.19.160-2 | amd64 loop-modules-4.19.0-15-amd64-di | 4.19.177-1 | amd64 md-modules-4.19.0-13-amd64-di | 4.19.160-2 | amd64 md-modules-4.19.0-15-amd64-di | 4.19.177-1 | amd64 mmc-core-modules-4.19.0-13-amd64-di | 4.19.160-2 | amd64 mmc-core-modules-4.19.0-15-amd64-di | 4.19.177-1 | amd64 mmc-modules-4.19.0-13-amd64-di | 4.19.160-2 | amd64 mmc-modules-4.19.0-15-amd64-di | 4.19.177-1 | amd64 mouse-modules-4.19.0-13-amd64-di | 4.19.160-2 | amd64 mouse-modules-4.19.0-15-amd64-di | 4.19.177-1 | amd64 mtd-core-modules-4.19.0-13-amd64-di | 4.19.160-2 | amd64 mtd-core-modules-4.19.0-15-amd64-di | 4.19.177-1 | amd64 multipath-modules-4.19.0-13-amd64-di | 4.19.160-2 | amd64 multipath-modules-4.19.0-15-amd64-di | 4.19.177-1 | amd64 nbd-modules-4.19.0-13-amd64-di | 4.19.160-2 | amd64 nbd-modules-4.19.0-15-amd64-di | 4.19.177-1 | amd64 nic-modules-4.19.0-13-amd64-di | 4.19.160-2 | amd64 nic-modules-4.19.0-15-amd64-di | 4.19.177-1 | amd64 nic-pcmcia-modules-4.19.0-13-amd64-di | 4.19.160-2 | amd64 nic-pcmcia-modules-4.19.0-15-amd64-di | 4.19.177-1 | amd64 nic-shared-modules-4.19.0-13-amd64-di | 4.19.160-2 | amd64 nic-shared-modules-4.19.0-15-amd64-di | 4.19.177-1 | amd64 nic-usb-modules-4.19.0-13-amd64-di | 4.19.160-2 | amd64 nic-usb-modules-4.19.0-15-amd64-di | 4.19.177-1 | amd64 nic-wireless-modules-4.19.0-13-amd64-di | 4.19.160-2 | amd64 nic-wireless-modules-4.19.0-15-amd64-di | 4.19.177-1 | amd64 pata-modules-4.19.0-13-amd64-di | 4.19.160-2 | amd64 pata-modules-4.19.0-15-amd64-di | 4.19.177-1 | amd64 pcmcia-modules-4.19.0-13-amd64-di | 4.19.160-2 | amd64 pcmcia-modules-4.19.0-15-amd64-di | 4.19.177-1 | amd64 pcmcia-storage-modules-4.19.0-13-amd64-di | 4.19.160-2 | amd64 pcmcia-storage-modules-4.19.0-15-amd64-di | 4.19.177-1 | amd64 ppp-modules-4.19.0-13-amd64-di | 4.19.160-2 | amd64 ppp-modules-4.19.0-15-amd64-di | 4.19.177-1 | amd64 sata-modules-4.19.0-13-amd64-di | 4.19.160-2 | amd64 sata-modules-4.19.0-15-amd64-di | 4.19.177-1 | amd64 scsi-core-modules-4.19.0-13-amd64-di | 4.19.160-2 | amd64 scsi-core-modules-4.19.0-15-amd64-di | 4.19.177-1 | amd64 scsi-modules-4.19.0-13-amd64-di | 4.19.160-2 | amd64 scsi-modules-4.19.0-15-amd64-di | 4.19.177-1 | amd64 scsi-nic-modules-4.19.0-13-amd64-di | 4.19.160-2 | amd64 scsi-nic-modules-4.19.0-15-amd64-di | 4.19.177-1 | amd64 serial-modules-4.19.0-13-amd64-di | 4.19.160-2 | amd64 serial-modules-4.19.0-15-amd64-di | 4.19.177-1 | amd64 sound-modules-4.19.0-13-amd64-di | 4.19.160-2 | amd64 sound-modules-4.19.0-15-amd64-di | 4.19.177-1 | amd64 speakup-modules-4.19.0-13-amd64-di | 4.19.160-2 | amd64 speakup-modules-4.19.0-15-amd64-di | 4.19.177-1 | amd64 squashfs-modules-4.19.0-13-amd64-di | 4.19.160-2 | amd64 squashfs-modules-4.19.0-15-amd64-di | 4.19.177-1 | amd64 udf-modules-4.19.0-13-amd64-di | 4.19.160-2 | amd64 udf-modules-4.19.0-15-amd64-di | 4.19.177-1 | amd64 uinput-modules-4.19.0-13-amd64-di | 4.19.160-2 | amd64 uinput-modules-4.19.0-15-amd64-di | 4.19.177-1 | amd64 usb-modules-4.19.0-13-amd64-di | 4.19.160-2 | amd64 usb-modules-4.19.0-15-amd64-di | 4.19.177-1 | amd64 usb-serial-modules-4.19.0-13-amd64-di | 4.19.160-2 | amd64 usb-serial-modules-4.19.0-15-amd64-di | 4.19.177-1 | amd64 usb-storage-modules-4.19.0-13-amd64-di | 4.19.160-2 | amd64 usb-storage-modules-4.19.0-15-amd64-di | 4.19.177-1 | amd64 xfs-modules-4.19.0-13-amd64-di | 4.19.160-2 | amd64 xfs-modules-4.19.0-15-amd64-di | 4.19.177-1 | amd64 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux-signed-amd64) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 27 Mar 2021 09:29:56 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: ata-modules-4.19.0-13-arm64-di | 4.19.160-2 | arm64 ata-modules-4.19.0-15-arm64-di | 4.19.177-1 | arm64 btrfs-modules-4.19.0-13-arm64-di | 4.19.160-2 | arm64 btrfs-modules-4.19.0-15-arm64-di | 4.19.177-1 | arm64 cdrom-core-modules-4.19.0-13-arm64-di | 4.19.160-2 | arm64 cdrom-core-modules-4.19.0-15-arm64-di | 4.19.177-1 | arm64 compress-modules-4.19.0-13-arm64-di | 4.19.160-2 | arm64 compress-modules-4.19.0-15-arm64-di | 4.19.177-1 | arm64 crc-modules-4.19.0-13-arm64-di | 4.19.160-2 | arm64 crc-modules-4.19.0-15-arm64-di | 4.19.177-1 | arm64 crypto-dm-modules-4.19.0-13-arm64-di | 4.19.160-2 | arm64 crypto-dm-modules-4.19.0-15-arm64-di | 4.19.177-1 | arm64 crypto-modules-4.19.0-13-arm64-di | 4.19.160-2 | arm64 crypto-modules-4.19.0-15-arm64-di | 4.19.177-1 | arm64 efi-modules-4.19.0-13-arm64-di | 4.19.160-2 | arm64 efi-modules-4.19.0-15-arm64-di | 4.19.177-1 | arm64 event-modules-4.19.0-13-arm64-di | 4.19.160-2 | arm64 event-modules-4.19.0-15-arm64-di | 4.19.177-1 | arm64 ext4-modules-4.19.0-13-arm64-di | 4.19.160-2 | arm64 ext4-modules-4.19.0-15-arm64-di | 4.19.177-1 | arm64 fat-modules-4.19.0-13-arm64-di | 4.19.160-2 | arm64 fat-modules-4.19.0-15-arm64-di | 4.19.177-1 | arm64 fb-modules-4.19.0-13-arm64-di | 4.19.160-2 | arm64 fb-modules-4.19.0-15-arm64-di | 4.19.177-1 | arm64 fuse-modules-4.19.0-13-arm64-di | 4.19.160-2 | arm64 fuse-modules-4.19.0-15-arm64-di | 4.19.177-1 | arm64 i2c-modules-4.19.0-13-arm64-di | 4.19.160-2 | arm64 i2c-modules-4.19.0-15-arm64-di | 4.19.177-1 | arm64 input-modules-4.19.0-13-arm64-di | 4.19.160-2 | arm64 input-modules-4.19.0-15-arm64-di | 4.19.177-1 | arm64 isofs-modules-4.19.0-13-arm64-di | 4.19.160-2 | arm64 isofs-modules-4.19.0-15-arm64-di | 4.19.177-1 | arm64 jfs-modules-4.19.0-13-arm64-di | 4.19.160-2 | arm64 jfs-modules-4.19.0-15-arm64-di | 4.19.177-1 | arm64 kernel-image-4.19.0-13-arm64-di | 4.19.160-2 | arm64 kernel-image-4.19.0-15-arm64-di | 4.19.177-1 | arm64 leds-modules-4.19.0-13-arm64-di | 4.19.160-2 | arm64 leds-modules-4.19.0-15-arm64-di | 4.19.177-1 | arm64 linux-image-4.19.0-13-arm64 | 4.19.160-2 | arm64 linux-image-4.19.0-13-rt-arm64 | 4.19.160-2 | arm64 linux-image-4.19.0-15-arm64 | 4.19.177-1 | arm64 linux-image-4.19.0-15-rt-arm64 | 4.19.177-1 | arm64 loop-modules-4.19.0-13-arm64-di | 4.19.160-2 | arm64 loop-modules-4.19.0-15-arm64-di | 4.19.177-1 | arm64 md-modules-4.19.0-13-arm64-di | 4.19.160-2 | arm64 md-modules-4.19.0-15-arm64-di | 4.19.177-1 | arm64 mmc-modules-4.19.0-13-arm64-di | 4.19.160-2 | arm64 mmc-modules-4.19.0-15-arm64-di | 4.19.177-1 | arm64 mtd-core-modules-4.19.0-13-arm64-di | 4.19.160-2 | arm64 mtd-core-modules-4.19.0-15-arm64-di | 4.19.177-1 | arm64 multipath-modules-4.19.0-13-arm64-di | 4.19.160-2 | arm64 multipath-modules-4.19.0-15-arm64-di | 4.19.177-1 | arm64 nbd-modules-4.19.0-13-arm64-di | 4.19.160-2 | arm64 nbd-modules-4.19.0-15-arm64-di | 4.19.177-1 | arm64 nic-modules-4.19.0-13-arm64-di | 4.19.160-2 | arm64 nic-modules-4.19.0-15-arm64-di | 4.19.177-1 | arm64 nic-shared-modules-4.19.0-13-arm64-di | 4.19.160-2 | arm64 nic-shared-modules-4.19.0-15-arm64-di | 4.19.177-1 | arm64 nic-usb-modules-4.19.0-13-arm64-di | 4.19.160-2 | arm64 nic-usb-modules-4.19.0-15-arm64-di | 4.19.177-1 | arm64 nic-wireless-modules-4.19.0-13-arm64-di | 4.19.160-2 | arm64 nic-wireless-modules-4.19.0-15-arm64-di | 4.19.177-1 | arm64 ppp-modules-4.19.0-13-arm64-di | 4.19.160-2 | arm64 ppp-modules-4.19.0-15-arm64-di | 4.19.177-1 | arm64 sata-modules-4.19.0-13-arm64-di | 4.19.160-2 | arm64 sata-modules-4.19.0-15-arm64-di | 4.19.177-1 | arm64 scsi-core-modules-4.19.0-13-arm64-di | 4.19.160-2 | arm64 scsi-core-modules-4.19.0-15-arm64-di | 4.19.177-1 | arm64 scsi-modules-4.19.0-13-arm64-di | 4.19.160-2 | arm64 scsi-modules-4.19.0-15-arm64-di | 4.19.177-1 | arm64 scsi-nic-modules-4.19.0-13-arm64-di | 4.19.160-2 | arm64 scsi-nic-modules-4.19.0-15-arm64-di | 4.19.177-1 | arm64 squashfs-modules-4.19.0-13-arm64-di | 4.19.160-2 | arm64 squashfs-modules-4.19.0-15-arm64-di | 4.19.177-1 | arm64 udf-modules-4.19.0-13-arm64-di | 4.19.160-2 | arm64 udf-modules-4.19.0-15-arm64-di | 4.19.177-1 | arm64 uinput-modules-4.19.0-13-arm64-di | 4.19.160-2 | arm64 uinput-modules-4.19.0-15-arm64-di | 4.19.177-1 | arm64 usb-modules-4.19.0-13-arm64-di | 4.19.160-2 | arm64 usb-modules-4.19.0-15-arm64-di | 4.19.177-1 | arm64 usb-serial-modules-4.19.0-13-arm64-di | 4.19.160-2 | arm64 usb-serial-modules-4.19.0-15-arm64-di | 4.19.177-1 | arm64 usb-storage-modules-4.19.0-13-arm64-di | 4.19.160-2 | arm64 usb-storage-modules-4.19.0-15-arm64-di | 4.19.177-1 | arm64 xfs-modules-4.19.0-13-arm64-di | 4.19.160-2 | arm64 xfs-modules-4.19.0-15-arm64-di | 4.19.177-1 | arm64 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux-signed-arm64) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 27 Mar 2021 09:30:05 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: acpi-modules-4.19.0-13-686-di | 4.19.160-2 | i386 acpi-modules-4.19.0-13-686-pae-di | 4.19.160-2 | i386 acpi-modules-4.19.0-15-686-di | 4.19.177-1 | i386 acpi-modules-4.19.0-15-686-pae-di | 4.19.177-1 | i386 ata-modules-4.19.0-13-686-di | 4.19.160-2 | i386 ata-modules-4.19.0-13-686-pae-di | 4.19.160-2 | i386 ata-modules-4.19.0-15-686-di | 4.19.177-1 | i386 ata-modules-4.19.0-15-686-pae-di | 4.19.177-1 | i386 btrfs-modules-4.19.0-13-686-di | 4.19.160-2 | i386 btrfs-modules-4.19.0-13-686-pae-di | 4.19.160-2 | i386 btrfs-modules-4.19.0-15-686-di | 4.19.177-1 | i386 btrfs-modules-4.19.0-15-686-pae-di | 4.19.177-1 | i386 cdrom-core-modules-4.19.0-13-686-di | 4.19.160-2 | i386 cdrom-core-modules-4.19.0-13-686-pae-di | 4.19.160-2 | i386 cdrom-core-modules-4.19.0-15-686-di | 4.19.177-1 | i386 cdrom-core-modules-4.19.0-15-686-pae-di | 4.19.177-1 | i386 compress-modules-4.19.0-13-686-di | 4.19.160-2 | i386 compress-modules-4.19.0-13-686-pae-di | 4.19.160-2 | i386 compress-modules-4.19.0-15-686-di | 4.19.177-1 | i386 compress-modules-4.19.0-15-686-pae-di | 4.19.177-1 | i386 crc-modules-4.19.0-13-686-di | 4.19.160-2 | i386 crc-modules-4.19.0-13-686-pae-di | 4.19.160-2 | i386 crc-modules-4.19.0-15-686-di | 4.19.177-1 | i386 crc-modules-4.19.0-15-686-pae-di | 4.19.177-1 | i386 crypto-dm-modules-4.19.0-13-686-di | 4.19.160-2 | i386 crypto-dm-modules-4.19.0-13-686-pae-di | 4.19.160-2 | i386 crypto-dm-modules-4.19.0-15-686-di | 4.19.177-1 | i386 crypto-dm-modules-4.19.0-15-686-pae-di | 4.19.177-1 | i386 crypto-modules-4.19.0-13-686-di | 4.19.160-2 | i386 crypto-modules-4.19.0-13-686-pae-di | 4.19.160-2 | i386 crypto-modules-4.19.0-15-686-di | 4.19.177-1 | i386 crypto-modules-4.19.0-15-686-pae-di | 4.19.177-1 | i386 efi-modules-4.19.0-13-686-di | 4.19.160-2 | i386 efi-modules-4.19.0-13-686-pae-di | 4.19.160-2 | i386 efi-modules-4.19.0-15-686-di | 4.19.177-1 | i386 efi-modules-4.19.0-15-686-pae-di | 4.19.177-1 | i386 event-modules-4.19.0-13-686-di | 4.19.160-2 | i386 event-modules-4.19.0-13-686-pae-di | 4.19.160-2 | i386 event-modules-4.19.0-15-686-di | 4.19.177-1 | i386 event-modules-4.19.0-15-686-pae-di | 4.19.177-1 | i386 ext4-modules-4.19.0-13-686-di | 4.19.160-2 | i386 ext4-modules-4.19.0-13-686-pae-di | 4.19.160-2 | i386 ext4-modules-4.19.0-15-686-di | 4.19.177-1 | i386 ext4-modules-4.19.0-15-686-pae-di | 4.19.177-1 | i386 fat-modules-4.19.0-13-686-di | 4.19.160-2 | i386 fat-modules-4.19.0-13-686-pae-di | 4.19.160-2 | i386 fat-modules-4.19.0-15-686-di | 4.19.177-1 | i386 fat-modules-4.19.0-15-686-pae-di | 4.19.177-1 | i386 fb-modules-4.19.0-13-686-di | 4.19.160-2 | i386 fb-modules-4.19.0-13-686-pae-di | 4.19.160-2 | i386 fb-modules-4.19.0-15-686-di | 4.19.177-1 | i386 fb-modules-4.19.0-15-686-pae-di | 4.19.177-1 | i386 firewire-core-modules-4.19.0-13-686-di | 4.19.160-2 | i386 firewire-core-modules-4.19.0-13-686-pae-di | 4.19.160-2 | i386 firewire-core-modules-4.19.0-15-686-di | 4.19.177-1 | i386 firewire-core-modules-4.19.0-15-686-pae-di | 4.19.177-1 | i386 fuse-modules-4.19.0-13-686-di | 4.19.160-2 | i386 fuse-modules-4.19.0-13-686-pae-di | 4.19.160-2 | i386 fuse-modules-4.19.0-15-686-di | 4.19.177-1 | i386 fuse-modules-4.19.0-15-686-pae-di | 4.19.177-1 | i386 i2c-modules-4.19.0-13-686-di | 4.19.160-2 | i386 i2c-modules-4.19.0-13-686-pae-di | 4.19.160-2 | i386 i2c-modules-4.19.0-15-686-di | 4.19.177-1 | i386 i2c-modules-4.19.0-15-686-pae-di | 4.19.177-1 | i386 input-modules-4.19.0-13-686-di | 4.19.160-2 | i386 input-modules-4.19.0-13-686-pae-di | 4.19.160-2 | i386 input-modules-4.19.0-15-686-di | 4.19.177-1 | i386 input-modules-4.19.0-15-686-pae-di | 4.19.177-1 | i386 isofs-modules-4.19.0-13-686-di | 4.19.160-2 | i386 isofs-modules-4.19.0-13-686-pae-di | 4.19.160-2 | i386 isofs-modules-4.19.0-15-686-di | 4.19.177-1 | i386 isofs-modules-4.19.0-15-686-pae-di | 4.19.177-1 | i386 jfs-modules-4.19.0-13-686-di | 4.19.160-2 | i386 jfs-modules-4.19.0-13-686-pae-di | 4.19.160-2 | i386 jfs-modules-4.19.0-15-686-di | 4.19.177-1 | i386 jfs-modules-4.19.0-15-686-pae-di | 4.19.177-1 | i386 kernel-image-4.19.0-13-686-di | 4.19.160-2 | i386 kernel-image-4.19.0-13-686-pae-di | 4.19.160-2 | i386 kernel-image-4.19.0-15-686-di | 4.19.177-1 | i386 kernel-image-4.19.0-15-686-pae-di | 4.19.177-1 | i386 linux-image-4.19.0-13-686 | 4.19.160-2 | i386 linux-image-4.19.0-13-686-pae | 4.19.160-2 | i386 linux-image-4.19.0-13-rt-686-pae | 4.19.160-2 | i386 linux-image-4.19.0-15-686 | 4.19.177-1 | i386 linux-image-4.19.0-15-686-pae | 4.19.177-1 | i386 linux-image-4.19.0-15-rt-686-pae | 4.19.177-1 | i386 loop-modules-4.19.0-13-686-di | 4.19.160-2 | i386 loop-modules-4.19.0-13-686-pae-di | 4.19.160-2 | i386 loop-modules-4.19.0-15-686-di | 4.19.177-1 | i386 loop-modules-4.19.0-15-686-pae-di | 4.19.177-1 | i386 md-modules-4.19.0-13-686-di | 4.19.160-2 | i386 md-modules-4.19.0-13-686-pae-di | 4.19.160-2 | i386 md-modules-4.19.0-15-686-di | 4.19.177-1 | i386 md-modules-4.19.0-15-686-pae-di | 4.19.177-1 | i386 mmc-core-modules-4.19.0-13-686-di | 4.19.160-2 | i386 mmc-core-modules-4.19.0-13-686-pae-di | 4.19.160-2 | i386 mmc-core-modules-4.19.0-15-686-di | 4.19.177-1 | i386 mmc-core-modules-4.19.0-15-686-pae-di | 4.19.177-1 | i386 mmc-modules-4.19.0-13-686-di | 4.19.160-2 | i386 mmc-modules-4.19.0-13-686-pae-di | 4.19.160-2 | i386 mmc-modules-4.19.0-15-686-di | 4.19.177-1 | i386 mmc-modules-4.19.0-15-686-pae-di | 4.19.177-1 | i386 mouse-modules-4.19.0-13-686-di | 4.19.160-2 | i386 mouse-modules-4.19.0-13-686-pae-di | 4.19.160-2 | i386 mouse-modules-4.19.0-15-686-di | 4.19.177-1 | i386 mouse-modules-4.19.0-15-686-pae-di | 4.19.177-1 | i386 mtd-core-modules-4.19.0-13-686-di | 4.19.160-2 | i386 mtd-core-modules-4.19.0-13-686-pae-di | 4.19.160-2 | i386 mtd-core-modules-4.19.0-15-686-di | 4.19.177-1 | i386 mtd-core-modules-4.19.0-15-686-pae-di | 4.19.177-1 | i386 multipath-modules-4.19.0-13-686-di | 4.19.160-2 | i386 multipath-modules-4.19.0-13-686-pae-di | 4.19.160-2 | i386 multipath-modules-4.19.0-15-686-di | 4.19.177-1 | i386 multipath-modules-4.19.0-15-686-pae-di | 4.19.177-1 | i386 nbd-modules-4.19.0-13-686-di | 4.19.160-2 | i386 nbd-modules-4.19.0-13-686-pae-di | 4.19.160-2 | i386 nbd-modules-4.19.0-15-686-di | 4.19.177-1 | i386 nbd-modules-4.19.0-15-686-pae-di | 4.19.177-1 | i386 nic-modules-4.19.0-13-686-di | 4.19.160-2 | i386 nic-modules-4.19.0-13-686-pae-di | 4.19.160-2 | i386 nic-modules-4.19.0-15-686-di | 4.19.177-1 | i386 nic-modules-4.19.0-15-686-pae-di | 4.19.177-1 | i386 nic-pcmcia-modules-4.19.0-13-686-di | 4.19.160-2 | i386 nic-pcmcia-modules-4.19.0-13-686-pae-di | 4.19.160-2 | i386 nic-pcmcia-modules-4.19.0-15-686-di | 4.19.177-1 | i386 nic-pcmcia-modules-4.19.0-15-686-pae-di | 4.19.177-1 | i386 nic-shared-modules-4.19.0-13-686-di | 4.19.160-2 | i386 nic-shared-modules-4.19.0-13-686-pae-di | 4.19.160-2 | i386 nic-shared-modules-4.19.0-15-686-di | 4.19.177-1 | i386 nic-shared-modules-4.19.0-15-686-pae-di | 4.19.177-1 | i386 nic-usb-modules-4.19.0-13-686-di | 4.19.160-2 | i386 nic-usb-modules-4.19.0-13-686-pae-di | 4.19.160-2 | i386 nic-usb-modules-4.19.0-15-686-di | 4.19.177-1 | i386 nic-usb-modules-4.19.0-15-686-pae-di | 4.19.177-1 | i386 nic-wireless-modules-4.19.0-13-686-di | 4.19.160-2 | i386 nic-wireless-modules-4.19.0-13-686-pae-di | 4.19.160-2 | i386 nic-wireless-modules-4.19.0-15-686-di | 4.19.177-1 | i386 nic-wireless-modules-4.19.0-15-686-pae-di | 4.19.177-1 | i386 pata-modules-4.19.0-13-686-di | 4.19.160-2 | i386 pata-modules-4.19.0-13-686-pae-di | 4.19.160-2 | i386 pata-modules-4.19.0-15-686-di | 4.19.177-1 | i386 pata-modules-4.19.0-15-686-pae-di | 4.19.177-1 | i386 pcmcia-modules-4.19.0-13-686-di | 4.19.160-2 | i386 pcmcia-modules-4.19.0-13-686-pae-di | 4.19.160-2 | i386 pcmcia-modules-4.19.0-15-686-di | 4.19.177-1 | i386 pcmcia-modules-4.19.0-15-686-pae-di | 4.19.177-1 | i386 pcmcia-storage-modules-4.19.0-13-686-di | 4.19.160-2 | i386 pcmcia-storage-modules-4.19.0-13-686-pae-di | 4.19.160-2 | i386 pcmcia-storage-modules-4.19.0-15-686-di | 4.19.177-1 | i386 pcmcia-storage-modules-4.19.0-15-686-pae-di | 4.19.177-1 | i386 ppp-modules-4.19.0-13-686-di | 4.19.160-2 | i386 ppp-modules-4.19.0-13-686-pae-di | 4.19.160-2 | i386 ppp-modules-4.19.0-15-686-di | 4.19.177-1 | i386 ppp-modules-4.19.0-15-686-pae-di | 4.19.177-1 | i386 sata-modules-4.19.0-13-686-di | 4.19.160-2 | i386 sata-modules-4.19.0-13-686-pae-di | 4.19.160-2 | i386 sata-modules-4.19.0-15-686-di | 4.19.177-1 | i386 sata-modules-4.19.0-15-686-pae-di | 4.19.177-1 | i386 scsi-core-modules-4.19.0-13-686-di | 4.19.160-2 | i386 scsi-core-modules-4.19.0-13-686-pae-di | 4.19.160-2 | i386 scsi-core-modules-4.19.0-15-686-di | 4.19.177-1 | i386 scsi-core-modules-4.19.0-15-686-pae-di | 4.19.177-1 | i386 scsi-modules-4.19.0-13-686-di | 4.19.160-2 | i386 scsi-modules-4.19.0-13-686-pae-di | 4.19.160-2 | i386 scsi-modules-4.19.0-15-686-di | 4.19.177-1 | i386 scsi-modules-4.19.0-15-686-pae-di | 4.19.177-1 | i386 scsi-nic-modules-4.19.0-13-686-di | 4.19.160-2 | i386 scsi-nic-modules-4.19.0-13-686-pae-di | 4.19.160-2 | i386 scsi-nic-modules-4.19.0-15-686-di | 4.19.177-1 | i386 scsi-nic-modules-4.19.0-15-686-pae-di | 4.19.177-1 | i386 serial-modules-4.19.0-13-686-di | 4.19.160-2 | i386 serial-modules-4.19.0-13-686-pae-di | 4.19.160-2 | i386 serial-modules-4.19.0-15-686-di | 4.19.177-1 | i386 serial-modules-4.19.0-15-686-pae-di | 4.19.177-1 | i386 sound-modules-4.19.0-13-686-di | 4.19.160-2 | i386 sound-modules-4.19.0-13-686-pae-di | 4.19.160-2 | i386 sound-modules-4.19.0-15-686-di | 4.19.177-1 | i386 sound-modules-4.19.0-15-686-pae-di | 4.19.177-1 | i386 speakup-modules-4.19.0-13-686-di | 4.19.160-2 | i386 speakup-modules-4.19.0-13-686-pae-di | 4.19.160-2 | i386 speakup-modules-4.19.0-15-686-di | 4.19.177-1 | i386 speakup-modules-4.19.0-15-686-pae-di | 4.19.177-1 | i386 squashfs-modules-4.19.0-13-686-di | 4.19.160-2 | i386 squashfs-modules-4.19.0-13-686-pae-di | 4.19.160-2 | i386 squashfs-modules-4.19.0-15-686-di | 4.19.177-1 | i386 squashfs-modules-4.19.0-15-686-pae-di | 4.19.177-1 | i386 udf-modules-4.19.0-13-686-di | 4.19.160-2 | i386 udf-modules-4.19.0-13-686-pae-di | 4.19.160-2 | i386 udf-modules-4.19.0-15-686-di | 4.19.177-1 | i386 udf-modules-4.19.0-15-686-pae-di | 4.19.177-1 | i386 uinput-modules-4.19.0-13-686-di | 4.19.160-2 | i386 uinput-modules-4.19.0-13-686-pae-di | 4.19.160-2 | i386 uinput-modules-4.19.0-15-686-di | 4.19.177-1 | i386 uinput-modules-4.19.0-15-686-pae-di | 4.19.177-1 | i386 usb-modules-4.19.0-13-686-di | 4.19.160-2 | i386 usb-modules-4.19.0-13-686-pae-di | 4.19.160-2 | i386 usb-modules-4.19.0-15-686-di | 4.19.177-1 | i386 usb-modules-4.19.0-15-686-pae-di | 4.19.177-1 | i386 usb-serial-modules-4.19.0-13-686-di | 4.19.160-2 | i386 usb-serial-modules-4.19.0-13-686-pae-di | 4.19.160-2 | i386 usb-serial-modules-4.19.0-15-686-di | 4.19.177-1 | i386 usb-serial-modules-4.19.0-15-686-pae-di | 4.19.177-1 | i386 usb-storage-modules-4.19.0-13-686-di | 4.19.160-2 | i386 usb-storage-modules-4.19.0-13-686-pae-di | 4.19.160-2 | i386 usb-storage-modules-4.19.0-15-686-di | 4.19.177-1 | i386 usb-storage-modules-4.19.0-15-686-pae-di | 4.19.177-1 | i386 xfs-modules-4.19.0-13-686-di | 4.19.160-2 | i386 xfs-modules-4.19.0-13-686-pae-di | 4.19.160-2 | i386 xfs-modules-4.19.0-15-686-di | 4.19.177-1 | i386 xfs-modules-4.19.0-15-686-pae-di | 4.19.177-1 | i386 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux-signed-i386) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 27 Mar 2021 09:30:21 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: linux-headers-4.19.0-13-common | 4.19.160-2 | all linux-headers-4.19.0-13-common-rt | 4.19.160-2 | all linux-headers-4.19.0-15-common | 4.19.177-1 | all linux-headers-4.19.0-15-common-rt | 4.19.177-1 | all linux-support-4.19.0-13 | 4.19.160-2 | all linux-support-4.19.0-15 | 4.19.177-1 | all ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux - based on source metadata) ---------------------------------------------- ========================================================================= avahi (0.7-4+deb10u1) buster; urgency=medium . [ Simon McVittie ] * Remove avahi-daemon-check-dns mechanism, no longer needed. Thanks to Trent Lloyd, Sebastien Bacher (LP: #1870824) (Closes: #433945, #559927, #629509, #747895, #878586, #898038, #929010) . [ Sjoerd Simons ] * Don't remove avahi-daemon postdown symlink in maintscript base-files (10.3+deb10u9) buster; urgency=medium . * Change /etc/debian_version to 10.9, for Debian 10.9 point release. bind9 (1:9.11.5.P4+dfsg-5.1+deb10u3) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * Buffer overflow in GSSAPI security policy negotiation (CVE-2020-8625) chromium (88.0.4324.182-1~deb10u1) buster-security; urgency=medium . * New upstream security release. - CVE-2021-21148: Heap buffer overflow in V8. Reported by Mattias Buelens - CVE-2021-21149: Stack overflow in Data Transfer. Reported by Ryoya Tsukasaki - CVE-2021-21150: Use after free in Downloads. Reported by Woojin Oh - CVE-2021-21151: Use after free in Payments. Reported by Khalil Zhani - CVE-2021-21152: Heap buffer overflow in Media. Reported by Anonymous - CVE-2021-21153: Stack overflow in GPU Process. Reported by Jan Ruge - CVE-2021-21154: Heap buffer overflow in Tab Strip . Reported by Abdulrahman Alqabandi - CVE-2021-21155: Heap buffer overflow in Tab Strip . Reported by Khalil Zhani - CVE-2021-21156: Heap buffer overflow in V8. Reported by Sergei Glazunov - CVE-2021-21157: Use after free in Web Sockets. Reported by Anonymous chromium (88.0.4324.150-1) unstable; urgency=medium . * New upstream security release (closes: #982205). - CVE-2021-21148: Heap buffer overflow in V8. Reported by Mattias Buelens chromium (88.0.4324.146-1) unstable; urgency=medium . * New upstream stable release. - CVE-2021-21142: Use after free in Payments. Reported by Khalil Zhani - CVE-2021-21143: Heap buffer overflow in Extensions. Reported by Allen Parker & Alex Morgan of MU - CVE-2021-21144: Heap buffer overflow in Tab Groups. Reported by Leecraso and Guang Gong of 360 Alpha Lab - CVE-2021-21145: Use after free in Fonts. Reported by Anonymous - CVE-2021-21146: Use after free in Navigation. Reported by Alison Huffman and Choongwoo Han of Microsoft Browser Vulnerability Research - CVE-2021-21147: Inappropriate implementation in Skia. Reported by Roman Starkov chromium (88.0.4324.146-1~deb10u1) buster-security; urgency=medium . * New upstream stable release. - CVE-2021-21117: Insufficient policy enforcement in Cryptohome. Reported by Rory McNamara - CVE-2021-21118: Insufficient data validation in V8. Reported by Tyler Nighswander - CVE-2021-21119: Use after free in Media. Reported by Anonymous - CVE-2021-21120: Use after free in WebSQL. Reported by Nan Wang and Guang Gong - CVE-2021-21121: Use after free in Omnibox. Reported by Leecraso and Guang Gong - CVE-2021-21122: Use after free in Blink. Reported by Renata Hodovan - CVE-2021-21123: Insufficient data validation in File System API. Reported by Maciej Pulikowski - CVE-2021-21124: Potential user after free in Speech Recognizer. Reported by Chaoyang Ding - CVE-2021-21125: Insufficient policy enforcement in File System API. Reported by Ron Masas - CVE-2020-16044: Use after free in WebRTC. Reported by Ned Williamson - CVE-2021-21126: Insufficient policy enforcement in extensions. Reported by David Erceg - CVE-2021-21127: Insufficient policy enforcement in extensions. Reported by Jasminder Pal Singh - CVE-2021-21128: Heap buffer overflow in Blink. Reported by Liang Dong - CVE-2021-21129: Insufficient policy enforcement in File System API. Reported by Maciej Pulikowski - CVE-2021-21130: Insufficient policy enforcement in File System API. Reported by Maciej Pulikowski - CVE-2021-21131: Insufficient policy enforcement in File System API. Reported by Maciej Pulikowski - CVE-2021-21132: Inappropriate implementation in DevTools. Reported by David Erceg - CVE-2021-21133: Insufficient policy enforcement in Downloads. Reported by wester0x01 - CVE-2021-21134: Incorrect security UI in Page Info. Reported by wester0x01 - CVE-2021-21135: Inappropriate implementation in Performance API. Reported by ndevtk - CVE-2021-21136: Insufficient policy enforcement in WebView. Reported by Shiv Sahni, Movnavinothan V and Imdad Mohammed - CVE-2021-21137: Inappropriate implementation in DevTools. Reported by bobblybear - CVE-2021-21138: Use after free in DevTools. Reported by Weipeng Jiang - CVE-2021-21139: Inappropriate implementation in iframe sandbox. Reported by Jun Kokatsu - CVE-2021-21140: Uninitialized Use in USB. Reported by David Manouchehri - CVE-2021-21141: Insufficient policy enforcement in File System API. Reported by Maciej Pulikowski - CVE-2021-21142: Use after free in Payments. Reported by Khalil Zhani - CVE-2021-21143: Heap buffer overflow in Extensions. Reported by Allen Parker & Alex Morgan - CVE-2021-21144: Heap buffer overflow in Tab Groups. Reported by Leecraso and Guang Gong - CVE-2021-21145: Use after free in Fonts. Reported by Anonymous - CVE-2021-21146: Use after free in Navigation. Reported by Alison Huffman and Choongwoo Han - CVE-2021-21147: Inappropriate implementation in Skia. Reported by Roman Starkov chromium (88.0.4324.96-2) unstable; urgency=medium . * Add Michel Le Bihan to uploaders. * Add openjpeg include dirs to pdfium BUILD.gn (closes: #981270). chromium (88.0.4324.96-1) unstable; urgency=medium . * Organize patches. * Use system vpx again. * Support icu 6.3 and clang 7 in buster again. * Apply the non-maintainer uploads (closes: #972134). - Thanks to Michel Le Bihan, Jan Luca Naumann, and Peter Michael Green. chromium (88.0.4324.96-0.1) unstable; urgency=medium . * Non-maintainer upload. * New upstream stable release (closes: 980564). - CVE-2021-21117: Insufficient policy enforcement in Cryptohome. Reported by Rory McNamara - CVE-2021-21118: Insufficient data validation in V8. Reported by Tyler Nighswander @tylerni7 of Theori - CVE-2021-21119: Use after free in Media. Reported by Anonymous - CVE-2021-21120: Use after free in WebSQL. Reported by Nan Wang @eternalsakura13 and Guang Gong of 360 Alpha Lab - CVE-2021-21121: Use after free in Omnibox. Reported by Leecraso and Guang Gong of 360 Alpha Lab - CVE-2021-21122: Use after free in Blink. Reported by Renata Hodovan - CVE-2021-21123: Insufficient data validation in File System API. Reported by Maciej Pulikowski - CVE-2021-21124: Potential user after free in Speech Recognizer. Reported by Chaoyang Ding(@V4kst1z) from Codesafe Team of Legendsec at Qi'anxin Group - CVE-2021-21125: Insufficient policy enforcement in File System API. Reported by Ron Masas - CVE-2020-16044: Use after free in WebRTC. Reported by Ned Williamson of Project Zero - CVE-2021-21126: Insufficient policy enforcement in extensions. Reported by David Erceg - CVE-2021-21127: Insufficient policy enforcement in extensions. Reported by Jasminder Pal Singh, Web Services Point WSP, Kotkapura - CVE-2021-21128: Heap buffer overflow in Blink. Reported by Liang Dong - CVE-2021-21129: Insufficient policy enforcement in File System API. Reported by Maciej Pulikowski - CVE-2021-21130: Insufficient policy enforcement in File System API. Reported by Maciej Pulikowski - CVE-2021-21131: Insufficient policy enforcement in File System API. Reported by Maciej Pulikowski - CVE-2021-21132: Inappropriate implementation in DevTools. Reported by David Erceg - CVE-2021-21133: Insufficient policy enforcement in Downloads. Reported by wester0x01 - CVE-2021-21134: Incorrect security UI in Page Info. Reported by wester0x01 - CVE-2021-21135: Inappropriate implementation in Performance API. Reported by ndevtk - CVE-2021-21136: Insufficient policy enforcement in WebView. Reported by Shiv Sahni, Movnavinothan V and Imdad Mohammed - CVE-2021-21137: Inappropriate implementation in DevTools. Reported by bobblybear - CVE-2021-21138: Use after free in DevTools. Reported by Weipeng Jiang @Krace from Codesafe Team of Legendsec at Qi'anxin Group - CVE-2021-21139: Inappropriate implementation in iframe sandbox. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research - CVE-2021-21140: Uninitialized Use in USB. Reported by David Manouchehri - CVE-2021-21141: Insufficient policy enforcement in File System API. Reported by Maciej Pulikowski . [ Jan Luca Naumann ] * Add watch file. . [ Mattia Rizzolo ] * Change get-orig-source to produce reproducible tarballs. chromium (87.0.4280.141-0.1) unstable; urgency=medium . * Non-maintainer upload. * New upstream security release (closes: 979520). - CVE-2021-21106: Use after free in autofill. Reported by Weipeng Jiang @Krace from Codesafe Team of Legendsec at Qi'anxin Group - CVE-2021-21107: Use after free in drag and drop. Reported by Leecraso and Guang Gong of 360 Alpha Lab - CVE-2021-21108: Use after free in media. Reported by Leecraso and Guang Gong of 360 Alpha Lab - CVE-2021-21109: Use after free in payments. Reported by Rong Jian and Guang Gong of 360 Alpha Lab - CVE-2021-21110: Use after free in safe browsing. Reported by Anonymous - CVE-2021-21111: Insufficient policy enforcement in WebUI. Reported by Alesandro Ortiz - CVE-2021-21112: Use after free in Blink. Reported by YoungJoo Lee @ashuu_lee of Raon Whitehat - CVE-2021-21113: Heap buffer overflow in Skia. Reported by tsubmunu - CVE-2020-16043: Insufficient data validation in networking. Reported by Samy Kamkar, Ben Seri at Armis, Gregory Vishnepolsky at Armis - CVE-2021-21114: Use after free in audio. Reported by Man Yue Mo of GitHub Security Lab - CVE-2020-15995: Out of bounds write in V8. Reported by Bohan Liu @P4nda20371774 of Tencent Security Xuanwu Lab - CVE-2021-21115: Use after free in safe browsing. Reported by Leecraso and Guang Gong of 360 Alpha Lab - CVE-2021-21116: Heap buffer overflow in audio. Reported by Alison Huffman, Microsoft Browser Vulnerability Research . [ Jan Luca Naumann ] * Use desktop gl implementation as default. (closes: 979135) cloud-init (20.2-2~deb10u2) buster; urgency=high . * Avoid logging generated passwords to world-readable log files. CVE-2021-3429. (Closes: #985540) connman (1.36-2.1~deb10u1) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * Rebuild for buster-security . connman (1.36-2.1) unstable; urgency=high . * Non-maintainer upload. * gdhcp: Avoid reading invalid data in dhcp_get_option (CVE-2021-26676) * gdhcp: Avoid leaking stack data via unitiialized variable (CVE-2021-26676) * dnsproxy: Add length checks to prevent buffer overflow (CVE-2021-26675) debian-archive-keyring (2019.1+deb10u1) buster; urgency=medium . * Remove jessie's archive keys (Closes: #981343) * Add automatic signing keys for bullseye (Closes: #977911) * Update my own key * Add Debian Stable Release Key (11/bullseye) (ID: 600062A9605C66F00D6C9793) (Closes: #977910) * Refresh signatures over keyrings/debian-archive-keyring.gpg and keyrings/debian-archive-removed-keys.gpg * Add myself to uploaders debian-installer (20190702+deb10u9) buster; urgency=medium . * Bump Linux ABI to 4.19.0-16. debian-installer-netboot-images (20190702+deb10u9) buster; urgency=medium . * Update to 20190702+deb10u9, from buster-proposed-updates. dnsmasq (2.80-1+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * Fix DNSpooq issue: CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25684, CVE-2020-25685, CVE-2020-25686, CVE-2020-25687. exim4 (4.92-8+deb10u5) buster; urgency=medium . * Fix use of concurrent TLS connections under GnuTLS: 80_01-GnuTLS-fix-hanging-callout-connections.patch 80_02-GnuTLS-tls_write-wait-after-uncorking-the-session.patch 80_03-GnuTLS-Do-not-care-about-corked-data-when-uncorking.patch (Thanks, Heiko Schlittermann for the backport) * Pull 82_TLS-use-RFC-6125-rules-for-certifucate-name-checks-w.patch from upstream git (already included in 4.94), on TLS connections to a CNAME verify the certificate against the original CNAME instead of against the A record. Closes: #985243 * In README.Debian explicitly document the limitation/extent of server certificate checking (authenticity not enforced) in the default configuration (Thanks, Jö Fahlke). This Closes: #985244 (improved documentation and Closes: #985344 (Yes, without required cert checking MitM attacks are possible, but for a stable update documenting this is the best compromise.) fetchmail (6.4.0~beta4-3+deb10u1) buster; urgency=medium . * Backport fix to no longer reports System error during SSL_connect(): Success (closes: #928916). * Remove forced OpenSSL version check (closes: #980766). firefox-esr (78.8.0esr-1~deb10u1) buster-security; urgency=medium . * New upstream release. * Fixes for mfsa2021-08, also known as: CVE-2021-23969, CVE-2021-23968, CVE-2021-23973, CVE-2021-23978. firefox-esr (78.7.0esr-1) unstable; urgency=medium . * New upstream release. * Fixes for mfsa2021-04, also known as: CVE-2021-23953, CVE-2021-23954, CVE-2020-26976, CVE-2021-23960, CVE-2021-23964. firejail (0.9.58.2-2+deb10u2) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * Disable overlayfs support (CVE-2021-26910) flatpak (1.2.5-0+deb10u4) buster-security; urgency=high . * Add patches from upstream 1.10.2 release to fix a sandbox escape via special tokens in .desktop files (flatpak#4146, Closes: #984859) fwupd (1.2.13-3+deb10u2) buster; urgency=medium . * Turn off flashrom configuration added by mistake in the previous upload. fwupd (1.2.13-3+deb10u1) buster; urgency=medium . * Backport support for SBAT from 1_2_X fwupd-amd64-signed (1.2.13+3+deb10u2) buster; urgency=medium . * Update to fwupd version 1.2.13-3+deb10u2 fwupd-arm64-signed (1.2.13+3+deb10u2) buster; urgency=medium . * Update to fwupd version 1.2.13-3+deb10u2 fwupd-armhf-signed (1.2.13+3+deb10u2) buster; urgency=medium . * Update to fwupd version 1.2.13-3+deb10u2 fwupd-i386-signed (1.2.13+3+deb10u2) buster; urgency=medium . * Update to fwupd version 1.2.13-3+deb10u2 fwupdate (12-4+deb10u3) buster; urgency=medium . * Disable linker warning on armhf fwupdate (12-4+deb10u2) buster; urgency=medium . * Add SBAT support + Add build-depend on dos2unix + Add Debian and Ubuntu SBAT templates and scripting to use them fwupdate-amd64-signed (12+4+deb10u3) buster; urgency=medium . * Update to fwupdate version 12-4+deb10u3 fwupdate-amd64-signed (12+4+deb10u2) buster; urgency=medium . * Update to fwupdate version 12-4+deb10u2 fwupdate-arm64-signed (12+4+deb10u3) buster; urgency=medium . * Update to fwupdate version 12-4+deb10u3 fwupdate-arm64-signed (12+4+deb10u2) buster; urgency=medium . * Update to fwupdate version 12-4+deb10u2 fwupdate-armhf-signed (12+4+deb10u3) buster; urgency=medium . * Update to fwupdate version 12-4+deb10u3 fwupdate-i386-signed (12+4+deb10u3) buster; urgency=medium . * Update to fwupdate version 12-4+deb10u3 fwupdate-i386-signed (12+4+deb10u2) buster; urgency=medium . * Update to fwupdate version 12-4+deb10u2 gdnsd (2.4.3-1) buster; urgency=medium . * Fix CVE-2019-13952: IPv6 addresses in local zone file data which are longer than the maximum legitimate IPv6 address cause a stack buffer overflow and crash. (Closes: #932407) groff (1.22.4-3+deb10u1) buster; urgency=medium . * Rebuild against ghostscript 9.27 (closes: #982302). grub-efi-amd64-signed (1+2.02+dfsg1+20+deb10u4) buster-security; urgency=high . * Update to grub2 2.02+dfsg1-20+deb10u4 grub-efi-arm64-signed (1+2.02+dfsg1+20+deb10u4) buster-security; urgency=high . * Update to grub2 2.02+dfsg1-20+deb10u4 grub-efi-ia32-signed (1+2.02+dfsg1+20+deb10u4) buster-security; urgency=high . * Update to grub2 2.02+dfsg1-20+deb10u4 grub2 (2.02+dfsg1-20+deb10u4) buster-security; urgency=high . * Fix broken advice in message when the postinst has to bail out (thanks to Daniel Leidert for pointing out the problem). * Backport security patch series from upstream: - kern: Add lockdown support - kern/lockdown: Set a variable if the GRUB is locked down - efi: Lockdown the GRUB when the UEFI Secure Boot is enabled - efi: Use grub_is_lockdown() instead of hardcoding a disabled modules list - CVE-2020-14372: acpi: Don't register the acpi command when locked down - CVE-2020-27779: mmap: Don't register cutmem and badram commands when lockdown is enforced - commands: Restrict commands that can load BIOS or DT blobs when locked down - commands/setpci: Restrict setpci command when locked down - commands/hdparm: Restrict hdparm command when locked down - gdb: Restrict GDB access when locked down - loader/xnu: Don't allow loading extension and packages when locked down - docs: Document the cutmem command - CVE-2020-25632: dl: Only allow unloading modules that are not dependencies - CVE-2020-25647: usb: Avoid possible out-of-bound accesses caused by malicious devices - mmap: Fix memory leak when iterating over mapped memory - net/net: Fix possible dereference to of a NULL pointer - net/tftp: Fix dangling memory pointer - kern/parser: Fix resource leak if argc == 0 - kern/efi: Fix memory leak on failure - kern/efi/mm: Fix possible NULL pointer dereference - gnulib/regexec: Resolve unused variable - gnulib/regcomp: Fix uninitialized token structure - gnulib/argp-help: Fix dereference of a possibly NULL state - gnulib/regexec: Fix possible null-dereference - gnulib/regcomp: Fix uninitialized re_token - io/lzopio: Resolve unnecessary self-assignment errors - kern/partition: Check for NULL before dereferencing input string - disk/ldm: Make sure comp data is freed before exiting from make_vg() - disk/ldm: If failed then free vg variable too - disk/ldm: Fix memory leak on uninserted lv references - disk/cryptodisk: Fix potential integer overflow - hfsplus: Check that the volume name length is valid - zfs: Fix possible negative shift operation - zfs: Fix resource leaks while constructing path - zfs: Fix possible integer overflows - zfsinfo: Correct a check for error allocating memory - affs: Fix memory leaks - libgcrypt/mpi: Fix possible unintended sign extension - libgcrypt/mpi: Fix possible NULL dereference - syslinux: Fix memory leak while parsing - normal/completion: Fix leaking of memory when processing a completion - commands/hashsum: Fix a memory leak - video/efi_gop: Remove unnecessary return value of grub_video_gop_fill_mode_info() - video/fb/fbfill: Fix potential integer overflow - video/fb/video_fb: Fix multiple integer overflows - video/fb/video_fb: Fix possible integer overflow - video/readers/jpeg: Test for an invalid next marker reference from a jpeg file - gfxmenu/gui_list: Remove code that coverity is flagging as dead - loader/bsd: Check for NULL arg up-front - loader/xnu: Fix memory leak - loader/xnu: Free driverkey data when an error is detected in grub_xnu_writetree_toheap() - loader/xnu: Check if pointer is NULL before using it - util/grub-install: Fix NULL pointer dereferences - util/grub-editenv: Fix incorrect casting of a signed value - util/glue-efi: Fix incorrect use of a possibly negative value - script/execute: Fix NULL dereference in grub_script_execute_cmdline() - commands/ls: Require device_name is not NULL before printing - script/execute: Avoid crash when using "$#" outside a function scope - CVE-2021-20225: lib/arg: Block repeated short options that require an argument - script/execute: Don't crash on a "for" loop with no items - CVE-2021-20233: commands/menuentry: Fix quoting in setparams_prefix() - kern/misc: Always set *end in grub_strtoull() - video/readers/jpeg: Catch files with unsupported quantization or Huffman tables - video/readers/jpeg: Catch OOB reads/writes in grub_jpeg_decode_du() - video/readers/jpeg: Don't decode data before start of stream - term/gfxterm: Don't set up a font with glyphs that are too big - fs/fshelp: Catch impermissibly large block sizes in read helper - fs/hfsplus: Don't fetch a key beyond the end of the node - fs/hfsplus: Don't use uninitialized data on corrupt filesystems - fs/hfs: Disable under lockdown - fs/sfs: Fix over-read of root object name - fs/jfs: Do not move to leaf level if name length is negative - fs/jfs: Limit the extents that getblk() can consider - fs/jfs: Catch infinite recursion - fs/nilfs2: Reject too-large keys - fs/nilfs2: Don't search children if provided number is too large - fs/nilfs2: Properly bail on errors in grub_nilfs2_btree_node_lookup() - io/gzio: Bail if gzio->tl/td is NULL - io/gzio: Add init_dynamic_block() clean up if unpacking codes fails - io/gzio: Catch missing values in huft_build() and bail - io/gzio: Zero gzio->tl/td in init_dynamic_block() if huft_build() fails - disk/lvm: Don't go beyond the end of the data we read from disk - disk/lvm: Don't blast past the end of the circular metadata buffer - disk/lvm: Bail on missing PV list - disk/lvm: Do not crash if an expected string is not found - disk/lvm: Do not overread metadata - disk/lvm: Sanitize rlocn->offset to prevent wild read - disk/lvm: Do not allow a LV to be it's own segment's node's LV - kern/parser: Fix a memory leak - kern/parser: Introduce process_char() helper - kern/parser: Introduce terminate_arg() helper - kern/parser: Refactor grub_parser_split_cmdline() cleanup - kern/buffer: Add variable sized heap buffer - CVE-2020-27749: kern/parser: Fix a stack buffer overflow - kern/efi: Add initial stack protector implementation - util/mkimage: Remove unused code to add BSS section - util/mkimage: Use grub_host_to_target32() instead of grub_cpu_to_le32() - util/mkimage: Always use grub_host_to_target32() to initialize PE stack and heap stuff - util/mkimage: Unify more of the PE32 and PE32+ header set-up - util/mkimage: Reorder PE optional header fields set-up - util/mkimage: Improve data_size value calculation - util/mkimage: Refactor section setup to use a helper - util/mkimage: Add an option to import SBAT metadata into a .sbat section - grub-install-common: Add --sbat option - kern/misc: Split parse_printf_args() into format parsing and va_list handling - kern/misc: Add STRING type for internal printf() format handling - kern/misc: Add function to check printf() format against expected format - gfxmenu/gui: Check printf() format in the gui_progress_bar and gui_label - kern/mm: Fix grub_debug_calloc() compilation error * Add SBAT section (thanks, Chris Coulson). hwloc-contrib (1.11.12-3+deb10u1) buster; urgency=medium . * control: Enable build on ppc64el with libcuda1 build-dep disabled. * patches/cuda-ppc64el: Upstream fix for cudart test that does not actually need libcuda1. intel-microcode (3.20210216.1~deb10u1) buster; urgency=medium . * RELEASE MANAGER INFORMATION: this update mitigates an extra security issue on a few processors, as described in 3.20210216.1 changelog. It has zero reports of regressions when compared with 3.20201118.1~deb10u1 thus it is a safe stable update. * Rebuild for buster, keeping all changes to avoid regressions present in 3.20201118.1~deb10u1. . intel-microcode (3.20210216.1) unstable; urgency=medium . * New upstream microcode datafile 20210216 * Mitigates an issue on Skylake Server (H0/M0/U0), Xeon-D 21xx, and Cascade Lake Server (B0/B1) when using an active JTAG agent like In Target Probe (ITP), Direct Connect Interface (DCI) or a Baseboard Management Controller (BMC) to take the CPU JTAG/TAP out of reset and then returning it to reset. * This issue is related to the INTEL-SA-00381 mitigation. * Updated Microcodes: sig 0x00050654, pf_mask 0xb7, 2020-12-31, rev 0x2006a0a, size 36864 sig 0x00050656, pf_mask 0xbf, 2020-12-31, rev 0x4003006, size 53248 sig 0x00050657, pf_mask 0xbf, 2020-12-31, rev 0x5003006, size 53248 * source: update symlinks to reflect id of the latest release, 20210216 intel-microcode (3.20201118.1) unstable; urgency=medium . * New upstream microcode datafile 20201118 * Removes a faulty microcode update from release 2020-11-10 for Tiger Lake processors. Note that Debian already had removed this specific falty microcode update on the 3.20201110.1 release * Add a microcode update for the Pentium Silver N/J5xxx and Celeron N/J4xxx which didn't make it to release 20201110, fixing security issues (INTEL-SA-00381, INTEL-SA-00389) * Updated Microcodes: sig 0x000706a1, pf_mask 0x01, 2020-06-09, rev 0x0034, size 74752 * Removed Microcodes: sig 0x000806c1, pf_mask 0x80, 2020-10-02, rev 0x0068, size 107520 iputils (3:20180629-2+deb10u2) buster; urgency=medium . * Backport upstream fix for ping rounding errors (Closes: #920434) * Backport upstream fix for tracepath target corruption (Closes: #976277) jquery (3.3.1~dfsg-3+deb10u1) buster; urgency=high . * Non-maintainer upload by the LTS Team. * Prevent untrusted code execution when passing untrusted HTML to DOM manipulation methods. (CVE-2020-11022) * Prevent untrusted code execution when passing HTML containing