======================================= Sat, 06 Feb 2021 - Debian 10.8 released ======================================= ========================================================================= [Date: Sat, 06 Feb 2021 09:27:32 -0000] [ftpmaster: Mark Hymers] Removed the following packages from stable: linux-headers-4.19.0-11-all-amd64 | 4.19.146-1 | amd64 linux-headers-4.19.0-11-amd64 | 4.19.146-1 | amd64 linux-headers-4.19.0-11-cloud-amd64 | 4.19.146-1 | amd64 linux-headers-4.19.0-11-rt-amd64 | 4.19.146-1 | amd64 linux-image-4.19.0-11-amd64-dbg | 4.19.146-1 | amd64 linux-image-4.19.0-11-amd64-unsigned | 4.19.146-1 | amd64 linux-image-4.19.0-11-cloud-amd64-dbg | 4.19.146-1 | amd64 linux-image-4.19.0-11-cloud-amd64-unsigned | 4.19.146-1 | amd64 linux-image-4.19.0-11-rt-amd64-dbg | 4.19.146-1 | amd64 linux-image-4.19.0-11-rt-amd64-unsigned | 4.19.146-1 | amd64 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 06 Feb 2021 09:31:37 -0000] [ftpmaster: Mark Hymers] Removed the following packages from stable: ata-modules-4.19.0-11-powerpc64le-di | 4.19.146-1 | ppc64el btrfs-modules-4.19.0-11-powerpc64le-di | 4.19.146-1 | ppc64el cdrom-core-modules-4.19.0-11-powerpc64le-di | 4.19.146-1 | ppc64el compress-modules-4.19.0-11-powerpc64le-di | 4.19.146-1 | ppc64el crc-modules-4.19.0-11-powerpc64le-di | 4.19.146-1 | ppc64el crypto-dm-modules-4.19.0-11-powerpc64le-di | 4.19.146-1 | ppc64el crypto-modules-4.19.0-11-powerpc64le-di | 4.19.146-1 | ppc64el event-modules-4.19.0-11-powerpc64le-di | 4.19.146-1 | ppc64el ext4-modules-4.19.0-11-powerpc64le-di | 4.19.146-1 | ppc64el fancontrol-modules-4.19.0-11-powerpc64le-di | 4.19.146-1 | ppc64el fat-modules-4.19.0-11-powerpc64le-di | 4.19.146-1 | ppc64el fb-modules-4.19.0-11-powerpc64le-di | 4.19.146-1 | ppc64el firewire-core-modules-4.19.0-11-powerpc64le-di | 4.19.146-1 | ppc64el fuse-modules-4.19.0-11-powerpc64le-di | 4.19.146-1 | ppc64el hypervisor-modules-4.19.0-11-powerpc64le-di | 4.19.146-1 | ppc64el i2c-modules-4.19.0-11-powerpc64le-di | 4.19.146-1 | ppc64el input-modules-4.19.0-11-powerpc64le-di | 4.19.146-1 | ppc64el isofs-modules-4.19.0-11-powerpc64le-di | 4.19.146-1 | ppc64el jfs-modules-4.19.0-11-powerpc64le-di | 4.19.146-1 | ppc64el kernel-image-4.19.0-11-powerpc64le-di | 4.19.146-1 | ppc64el linux-headers-4.19.0-11-all-ppc64el | 4.19.146-1 | ppc64el linux-headers-4.19.0-11-powerpc64le | 4.19.146-1 | ppc64el linux-image-4.19.0-11-powerpc64le | 4.19.146-1 | ppc64el linux-image-4.19.0-11-powerpc64le-dbg | 4.19.146-1 | ppc64el loop-modules-4.19.0-11-powerpc64le-di | 4.19.146-1 | ppc64el md-modules-4.19.0-11-powerpc64le-di | 4.19.146-1 | ppc64el mouse-modules-4.19.0-11-powerpc64le-di | 4.19.146-1 | ppc64el mtd-core-modules-4.19.0-11-powerpc64le-di | 4.19.146-1 | ppc64el multipath-modules-4.19.0-11-powerpc64le-di | 4.19.146-1 | ppc64el nbd-modules-4.19.0-11-powerpc64le-di | 4.19.146-1 | ppc64el nic-modules-4.19.0-11-powerpc64le-di | 4.19.146-1 | ppc64el nic-shared-modules-4.19.0-11-powerpc64le-di | 4.19.146-1 | ppc64el nic-usb-modules-4.19.0-11-powerpc64le-di | 4.19.146-1 | ppc64el nic-wireless-modules-4.19.0-11-powerpc64le-di | 4.19.146-1 | ppc64el ppp-modules-4.19.0-11-powerpc64le-di | 4.19.146-1 | ppc64el sata-modules-4.19.0-11-powerpc64le-di | 4.19.146-1 | ppc64el scsi-core-modules-4.19.0-11-powerpc64le-di | 4.19.146-1 | ppc64el scsi-modules-4.19.0-11-powerpc64le-di | 4.19.146-1 | ppc64el scsi-nic-modules-4.19.0-11-powerpc64le-di | 4.19.146-1 | ppc64el serial-modules-4.19.0-11-powerpc64le-di | 4.19.146-1 | ppc64el squashfs-modules-4.19.0-11-powerpc64le-di | 4.19.146-1 | ppc64el udf-modules-4.19.0-11-powerpc64le-di | 4.19.146-1 | ppc64el uinput-modules-4.19.0-11-powerpc64le-di | 4.19.146-1 | ppc64el usb-modules-4.19.0-11-powerpc64le-di | 4.19.146-1 | ppc64el usb-serial-modules-4.19.0-11-powerpc64le-di | 4.19.146-1 | ppc64el usb-storage-modules-4.19.0-11-powerpc64le-di | 4.19.146-1 | ppc64el xfs-modules-4.19.0-11-powerpc64le-di | 4.19.146-1 | ppc64el ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 06 Feb 2021 09:32:07 -0000] [ftpmaster: Mark Hymers] Removed the following packages from stable: btrfs-modules-4.19.0-11-s390x-di | 4.19.146-1 | s390x cdrom-core-modules-4.19.0-11-s390x-di | 4.19.146-1 | s390x compress-modules-4.19.0-11-s390x-di | 4.19.146-1 | s390x crc-modules-4.19.0-11-s390x-di | 4.19.146-1 | s390x crypto-dm-modules-4.19.0-11-s390x-di | 4.19.146-1 | s390x crypto-modules-4.19.0-11-s390x-di | 4.19.146-1 | s390x dasd-extra-modules-4.19.0-11-s390x-di | 4.19.146-1 | s390x dasd-modules-4.19.0-11-s390x-di | 4.19.146-1 | s390x ext4-modules-4.19.0-11-s390x-di | 4.19.146-1 | s390x fat-modules-4.19.0-11-s390x-di | 4.19.146-1 | s390x fuse-modules-4.19.0-11-s390x-di | 4.19.146-1 | s390x isofs-modules-4.19.0-11-s390x-di | 4.19.146-1 | s390x kernel-image-4.19.0-11-s390x-di | 4.19.146-1 | s390x linux-headers-4.19.0-11-all-s390x | 4.19.146-1 | s390x linux-headers-4.19.0-11-s390x | 4.19.146-1 | s390x linux-image-4.19.0-11-s390x | 4.19.146-1 | s390x linux-image-4.19.0-11-s390x-dbg | 4.19.146-1 | s390x loop-modules-4.19.0-11-s390x-di | 4.19.146-1 | s390x md-modules-4.19.0-11-s390x-di | 4.19.146-1 | s390x mtd-core-modules-4.19.0-11-s390x-di | 4.19.146-1 | s390x multipath-modules-4.19.0-11-s390x-di | 4.19.146-1 | s390x nbd-modules-4.19.0-11-s390x-di | 4.19.146-1 | s390x nic-modules-4.19.0-11-s390x-di | 4.19.146-1 | s390x scsi-core-modules-4.19.0-11-s390x-di | 4.19.146-1 | s390x scsi-modules-4.19.0-11-s390x-di | 4.19.146-1 | s390x udf-modules-4.19.0-11-s390x-di | 4.19.146-1 | s390x xfs-modules-4.19.0-11-s390x-di | 4.19.146-1 | s390x zlib-modules-4.19.0-11-s390x-di | 4.19.146-1 | s390x ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 06 Feb 2021 09:32:46 -0000] [ftpmaster: Mark Hymers] Removed the following packages from stable: linux-headers-4.19.0-11-all | 4.19.146-1 | amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 06 Feb 2021 09:33:10 -0000] [ftpmaster: Mark Hymers] Removed the following packages from stable: linux-headers-4.19.0-11-all-arm64 | 4.19.146-1 | arm64 linux-headers-4.19.0-11-arm64 | 4.19.146-1 | arm64 linux-headers-4.19.0-11-rt-arm64 | 4.19.146-1 | arm64 linux-image-4.19.0-11-arm64-dbg | 4.19.146-1 | arm64 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 06 Feb 2021 09:33:31 -0000] [ftpmaster: Mark Hymers] Removed the following packages from stable: btrfs-modules-4.19.0-11-marvell-di | 4.19.146-1 | armel cdrom-core-modules-4.19.0-11-marvell-di | 4.19.146-1 | armel compress-modules-4.19.0-11-marvell-di | 4.19.146-1 | armel crc-modules-4.19.0-11-marvell-di | 4.19.146-1 | armel crypto-dm-modules-4.19.0-11-marvell-di | 4.19.146-1 | armel crypto-modules-4.19.0-11-marvell-di | 4.19.146-1 | armel event-modules-4.19.0-11-marvell-di | 4.19.146-1 | armel ext4-modules-4.19.0-11-marvell-di | 4.19.146-1 | armel fat-modules-4.19.0-11-marvell-di | 4.19.146-1 | armel fb-modules-4.19.0-11-marvell-di | 4.19.146-1 | armel fuse-modules-4.19.0-11-marvell-di | 4.19.146-1 | armel input-modules-4.19.0-11-marvell-di | 4.19.146-1 | armel ipv6-modules-4.19.0-11-marvell-di | 4.19.146-1 | armel isofs-modules-4.19.0-11-marvell-di | 4.19.146-1 | armel jffs2-modules-4.19.0-11-marvell-di | 4.19.146-1 | armel jfs-modules-4.19.0-11-marvell-di | 4.19.146-1 | armel kernel-image-4.19.0-11-marvell-di | 4.19.146-1 | armel leds-modules-4.19.0-11-marvell-di | 4.19.146-1 | armel linux-headers-4.19.0-11-all-armel | 4.19.146-1 | armel linux-headers-4.19.0-11-marvell | 4.19.146-1 | armel linux-headers-4.19.0-11-rpi | 4.19.146-1 | armel linux-image-4.19.0-11-marvell | 4.19.146-1 | armel linux-image-4.19.0-11-marvell-dbg | 4.19.146-1 | armel linux-image-4.19.0-11-rpi | 4.19.146-1 | armel linux-image-4.19.0-11-rpi-dbg | 4.19.146-1 | armel loop-modules-4.19.0-11-marvell-di | 4.19.146-1 | armel md-modules-4.19.0-11-marvell-di | 4.19.146-1 | armel minix-modules-4.19.0-11-marvell-di | 4.19.146-1 | armel mmc-core-modules-4.19.0-11-marvell-di | 4.19.146-1 | armel mmc-modules-4.19.0-11-marvell-di | 4.19.146-1 | armel mouse-modules-4.19.0-11-marvell-di | 4.19.146-1 | armel mtd-core-modules-4.19.0-11-marvell-di | 4.19.146-1 | armel mtd-modules-4.19.0-11-marvell-di | 4.19.146-1 | armel multipath-modules-4.19.0-11-marvell-di | 4.19.146-1 | armel nbd-modules-4.19.0-11-marvell-di | 4.19.146-1 | armel nic-modules-4.19.0-11-marvell-di | 4.19.146-1 | armel nic-shared-modules-4.19.0-11-marvell-di | 4.19.146-1 | armel nic-usb-modules-4.19.0-11-marvell-di | 4.19.146-1 | armel ppp-modules-4.19.0-11-marvell-di | 4.19.146-1 | armel sata-modules-4.19.0-11-marvell-di | 4.19.146-1 | armel scsi-core-modules-4.19.0-11-marvell-di | 4.19.146-1 | armel squashfs-modules-4.19.0-11-marvell-di | 4.19.146-1 | armel udf-modules-4.19.0-11-marvell-di | 4.19.146-1 | armel uinput-modules-4.19.0-11-marvell-di | 4.19.146-1 | armel usb-modules-4.19.0-11-marvell-di | 4.19.146-1 | armel usb-serial-modules-4.19.0-11-marvell-di | 4.19.146-1 | armel usb-storage-modules-4.19.0-11-marvell-di | 4.19.146-1 | armel zlib-modules-4.19.0-11-marvell-di | 4.19.146-1 | armel ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 06 Feb 2021 09:34:03 -0000] [ftpmaster: Mark Hymers] Removed the following packages from stable: ata-modules-4.19.0-11-armmp-di | 4.19.146-1 | armhf btrfs-modules-4.19.0-11-armmp-di | 4.19.146-1 | armhf cdrom-core-modules-4.19.0-11-armmp-di | 4.19.146-1 | armhf compress-modules-4.19.0-11-armmp-di | 4.19.146-1 | armhf crc-modules-4.19.0-11-armmp-di | 4.19.146-1 | armhf crypto-dm-modules-4.19.0-11-armmp-di | 4.19.146-1 | armhf crypto-modules-4.19.0-11-armmp-di | 4.19.146-1 | armhf efi-modules-4.19.0-11-armmp-di | 4.19.146-1 | armhf event-modules-4.19.0-11-armmp-di | 4.19.146-1 | armhf ext4-modules-4.19.0-11-armmp-di | 4.19.146-1 | armhf fat-modules-4.19.0-11-armmp-di | 4.19.146-1 | armhf fb-modules-4.19.0-11-armmp-di | 4.19.146-1 | armhf fuse-modules-4.19.0-11-armmp-di | 4.19.146-1 | armhf i2c-modules-4.19.0-11-armmp-di | 4.19.146-1 | armhf input-modules-4.19.0-11-armmp-di | 4.19.146-1 | armhf isofs-modules-4.19.0-11-armmp-di | 4.19.146-1 | armhf jfs-modules-4.19.0-11-armmp-di | 4.19.146-1 | armhf kernel-image-4.19.0-11-armmp-di | 4.19.146-1 | armhf leds-modules-4.19.0-11-armmp-di | 4.19.146-1 | armhf linux-headers-4.19.0-11-all-armhf | 4.19.146-1 | armhf linux-headers-4.19.0-11-armmp | 4.19.146-1 | armhf linux-headers-4.19.0-11-armmp-lpae | 4.19.146-1 | armhf linux-headers-4.19.0-11-rt-armmp | 4.19.146-1 | armhf linux-image-4.19.0-11-armmp | 4.19.146-1 | armhf linux-image-4.19.0-11-armmp-dbg | 4.19.146-1 | armhf linux-image-4.19.0-11-armmp-lpae | 4.19.146-1 | armhf linux-image-4.19.0-11-armmp-lpae-dbg | 4.19.146-1 | armhf linux-image-4.19.0-11-rt-armmp | 4.19.146-1 | armhf linux-image-4.19.0-11-rt-armmp-dbg | 4.19.146-1 | armhf loop-modules-4.19.0-11-armmp-di | 4.19.146-1 | armhf md-modules-4.19.0-11-armmp-di | 4.19.146-1 | armhf mmc-modules-4.19.0-11-armmp-di | 4.19.146-1 | armhf mtd-modules-4.19.0-11-armmp-di | 4.19.146-1 | armhf multipath-modules-4.19.0-11-armmp-di | 4.19.146-1 | armhf nbd-modules-4.19.0-11-armmp-di | 4.19.146-1 | armhf nic-modules-4.19.0-11-armmp-di | 4.19.146-1 | armhf nic-shared-modules-4.19.0-11-armmp-di | 4.19.146-1 | armhf nic-usb-modules-4.19.0-11-armmp-di | 4.19.146-1 | armhf nic-wireless-modules-4.19.0-11-armmp-di | 4.19.146-1 | armhf pata-modules-4.19.0-11-armmp-di | 4.19.146-1 | armhf ppp-modules-4.19.0-11-armmp-di | 4.19.146-1 | armhf sata-modules-4.19.0-11-armmp-di | 4.19.146-1 | armhf scsi-core-modules-4.19.0-11-armmp-di | 4.19.146-1 | armhf scsi-modules-4.19.0-11-armmp-di | 4.19.146-1 | armhf scsi-nic-modules-4.19.0-11-armmp-di | 4.19.146-1 | armhf squashfs-modules-4.19.0-11-armmp-di | 4.19.146-1 | armhf udf-modules-4.19.0-11-armmp-di | 4.19.146-1 | armhf uinput-modules-4.19.0-11-armmp-di | 4.19.146-1 | armhf usb-modules-4.19.0-11-armmp-di | 4.19.146-1 | armhf usb-serial-modules-4.19.0-11-armmp-di | 4.19.146-1 | armhf usb-storage-modules-4.19.0-11-armmp-di | 4.19.146-1 | armhf zlib-modules-4.19.0-11-armmp-di | 4.19.146-1 | armhf ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 06 Feb 2021 09:34:29 -0000] [ftpmaster: Mark Hymers] Removed the following packages from stable: linux-headers-4.19.0-11-686 | 4.19.146-1 | i386 linux-headers-4.19.0-11-686-pae | 4.19.146-1 | i386 linux-headers-4.19.0-11-all-i386 | 4.19.146-1 | i386 linux-headers-4.19.0-11-rt-686-pae | 4.19.146-1 | i386 linux-image-4.19.0-11-686-dbg | 4.19.146-1 | i386 linux-image-4.19.0-11-686-pae-dbg | 4.19.146-1 | i386 linux-image-4.19.0-11-686-pae-unsigned | 4.19.146-1 | i386 linux-image-4.19.0-11-686-unsigned | 4.19.146-1 | i386 linux-image-4.19.0-11-rt-686-pae-dbg | 4.19.146-1 | i386 linux-image-4.19.0-11-rt-686-pae-unsigned | 4.19.146-1 | i386 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 06 Feb 2021 09:34:43 -0000] [ftpmaster: Mark Hymers] Removed the following packages from stable: linux-headers-4.19.0-11-all-mips | 4.19.146-1 | mips ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 06 Feb 2021 09:35:30 -0000] [ftpmaster: Mark Hymers] Removed the following packages from stable: affs-modules-4.19.0-11-octeon-di | 4.19.146-1 | mips, mips64el, mipsel btrfs-modules-4.19.0-11-octeon-di | 4.19.146-1 | mips, mips64el, mipsel cdrom-core-modules-4.19.0-11-octeon-di | 4.19.146-1 | mips, mips64el, mipsel compress-modules-4.19.0-11-octeon-di | 4.19.146-1 | mips, mips64el, mipsel crc-modules-4.19.0-11-octeon-di | 4.19.146-1 | mips, mips64el, mipsel crypto-dm-modules-4.19.0-11-octeon-di | 4.19.146-1 | mips, mips64el, mipsel crypto-modules-4.19.0-11-octeon-di | 4.19.146-1 | mips, mips64el, mipsel event-modules-4.19.0-11-octeon-di | 4.19.146-1 | mips, mips64el, mipsel ext4-modules-4.19.0-11-octeon-di | 4.19.146-1 | mips, mips64el, mipsel fat-modules-4.19.0-11-octeon-di | 4.19.146-1 | mips, mips64el, mipsel fuse-modules-4.19.0-11-octeon-di | 4.19.146-1 | mips, mips64el, mipsel hfs-modules-4.19.0-11-octeon-di | 4.19.146-1 | mips, mips64el, mipsel input-modules-4.19.0-11-octeon-di | 4.19.146-1 | mips, mips64el, mipsel isofs-modules-4.19.0-11-octeon-di | 4.19.146-1 | mips, mips64el, mipsel jfs-modules-4.19.0-11-octeon-di | 4.19.146-1 | mips, mips64el, mipsel kernel-image-4.19.0-11-octeon-di | 4.19.146-1 | mips, mips64el, mipsel linux-headers-4.19.0-11-5kc-malta | 4.19.146-1 | mips, mips64el, mipsel linux-headers-4.19.0-11-octeon | 4.19.146-1 | mips, mips64el, mipsel linux-image-4.19.0-11-5kc-malta | 4.19.146-1 | mips, mips64el, mipsel linux-image-4.19.0-11-5kc-malta-dbg | 4.19.146-1 | mips, mips64el, mipsel linux-image-4.19.0-11-octeon | 4.19.146-1 | mips, mips64el, mipsel linux-image-4.19.0-11-octeon-dbg | 4.19.146-1 | mips, mips64el, mipsel loop-modules-4.19.0-11-octeon-di | 4.19.146-1 | mips, mips64el, mipsel md-modules-4.19.0-11-octeon-di | 4.19.146-1 | mips, mips64el, mipsel minix-modules-4.19.0-11-octeon-di | 4.19.146-1 | mips, mips64el, mipsel multipath-modules-4.19.0-11-octeon-di | 4.19.146-1 | mips, mips64el, mipsel nbd-modules-4.19.0-11-octeon-di | 4.19.146-1 | mips, mips64el, mipsel nic-modules-4.19.0-11-octeon-di | 4.19.146-1 | mips, mips64el, mipsel nic-shared-modules-4.19.0-11-octeon-di | 4.19.146-1 | mips, mips64el, mipsel nic-usb-modules-4.19.0-11-octeon-di | 4.19.146-1 | mips, mips64el, mipsel nic-wireless-modules-4.19.0-11-octeon-di | 4.19.146-1 | mips, mips64el, mipsel pata-modules-4.19.0-11-octeon-di | 4.19.146-1 | mips, mips64el, mipsel ppp-modules-4.19.0-11-octeon-di | 4.19.146-1 | mips, mips64el, mipsel rtc-modules-4.19.0-11-octeon-di | 4.19.146-1 | mips, mips64el, mipsel sata-modules-4.19.0-11-octeon-di | 4.19.146-1 | mips, mips64el, mipsel scsi-core-modules-4.19.0-11-octeon-di | 4.19.146-1 | mips, mips64el, mipsel scsi-modules-4.19.0-11-octeon-di | 4.19.146-1 | mips, mips64el, mipsel scsi-nic-modules-4.19.0-11-octeon-di | 4.19.146-1 | mips, mips64el, mipsel sound-modules-4.19.0-11-octeon-di | 4.19.146-1 | mips, mips64el, mipsel squashfs-modules-4.19.0-11-octeon-di | 4.19.146-1 | mips, mips64el, mipsel udf-modules-4.19.0-11-octeon-di | 4.19.146-1 | mips, mips64el, mipsel usb-modules-4.19.0-11-octeon-di | 4.19.146-1 | mips, mips64el, mipsel usb-serial-modules-4.19.0-11-octeon-di | 4.19.146-1 | mips, mips64el, mipsel usb-storage-modules-4.19.0-11-octeon-di | 4.19.146-1 | mips, mips64el, mipsel xfs-modules-4.19.0-11-octeon-di | 4.19.146-1 | mips, mips64el, mipsel zlib-modules-4.19.0-11-octeon-di | 4.19.146-1 | mips, mips64el, mipsel ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 06 Feb 2021 09:35:50 -0000] [ftpmaster: Mark Hymers] Removed the following packages from stable: affs-modules-4.19.0-11-4kc-malta-di | 4.19.146-1 | mips, mipsel ata-modules-4.19.0-11-4kc-malta-di | 4.19.146-1 | mips, mipsel btrfs-modules-4.19.0-11-4kc-malta-di | 4.19.146-1 | mips, mipsel cdrom-core-modules-4.19.0-11-4kc-malta-di | 4.19.146-1 | mips, mipsel compress-modules-4.19.0-11-4kc-malta-di | 4.19.146-1 | mips, mipsel crc-modules-4.19.0-11-4kc-malta-di | 4.19.146-1 | mips, mipsel crypto-dm-modules-4.19.0-11-4kc-malta-di | 4.19.146-1 | mips, mipsel crypto-modules-4.19.0-11-4kc-malta-di | 4.19.146-1 | mips, mipsel event-modules-4.19.0-11-4kc-malta-di | 4.19.146-1 | mips, mipsel ext4-modules-4.19.0-11-4kc-malta-di | 4.19.146-1 | mips, mipsel fat-modules-4.19.0-11-4kc-malta-di | 4.19.146-1 | mips, mipsel fb-modules-4.19.0-11-4kc-malta-di | 4.19.146-1 | mips, mipsel fuse-modules-4.19.0-11-4kc-malta-di | 4.19.146-1 | mips, mipsel hfs-modules-4.19.0-11-4kc-malta-di | 4.19.146-1 | mips, mipsel i2c-modules-4.19.0-11-4kc-malta-di | 4.19.146-1 | mips, mipsel input-modules-4.19.0-11-4kc-malta-di | 4.19.146-1 | mips, mipsel isofs-modules-4.19.0-11-4kc-malta-di | 4.19.146-1 | mips, mipsel jfs-modules-4.19.0-11-4kc-malta-di | 4.19.146-1 | mips, mipsel kernel-image-4.19.0-11-4kc-malta-di | 4.19.146-1 | mips, mipsel linux-headers-4.19.0-11-4kc-malta | 4.19.146-1 | mips, mipsel linux-image-4.19.0-11-4kc-malta | 4.19.146-1 | mips, mipsel linux-image-4.19.0-11-4kc-malta-dbg | 4.19.146-1 | mips, mipsel loop-modules-4.19.0-11-4kc-malta-di | 4.19.146-1 | mips, mipsel md-modules-4.19.0-11-4kc-malta-di | 4.19.146-1 | mips, mipsel minix-modules-4.19.0-11-4kc-malta-di | 4.19.146-1 | mips, mipsel mmc-core-modules-4.19.0-11-4kc-malta-di | 4.19.146-1 | mips, mipsel mmc-modules-4.19.0-11-4kc-malta-di | 4.19.146-1 | mips, mipsel mouse-modules-4.19.0-11-4kc-malta-di | 4.19.146-1 | mips, mipsel mtd-core-modules-4.19.0-11-4kc-malta-di | 4.19.146-1 | mips, mipsel multipath-modules-4.19.0-11-4kc-malta-di | 4.19.146-1 | mips, mipsel nbd-modules-4.19.0-11-4kc-malta-di | 4.19.146-1 | mips, mipsel nic-modules-4.19.0-11-4kc-malta-di | 4.19.146-1 | mips, mipsel nic-shared-modules-4.19.0-11-4kc-malta-di | 4.19.146-1 | mips, mipsel nic-usb-modules-4.19.0-11-4kc-malta-di | 4.19.146-1 | mips, mipsel nic-wireless-modules-4.19.0-11-4kc-malta-di | 4.19.146-1 | mips, mipsel pata-modules-4.19.0-11-4kc-malta-di | 4.19.146-1 | mips, mipsel ppp-modules-4.19.0-11-4kc-malta-di | 4.19.146-1 | mips, mipsel sata-modules-4.19.0-11-4kc-malta-di | 4.19.146-1 | mips, mipsel scsi-core-modules-4.19.0-11-4kc-malta-di | 4.19.146-1 | mips, mipsel scsi-modules-4.19.0-11-4kc-malta-di | 4.19.146-1 | mips, mipsel scsi-nic-modules-4.19.0-11-4kc-malta-di | 4.19.146-1 | mips, mipsel sound-modules-4.19.0-11-4kc-malta-di | 4.19.146-1 | mips, mipsel squashfs-modules-4.19.0-11-4kc-malta-di | 4.19.146-1 | mips, mipsel udf-modules-4.19.0-11-4kc-malta-di | 4.19.146-1 | mips, mipsel usb-modules-4.19.0-11-4kc-malta-di | 4.19.146-1 | mips, mipsel usb-serial-modules-4.19.0-11-4kc-malta-di | 4.19.146-1 | mips, mipsel usb-storage-modules-4.19.0-11-4kc-malta-di | 4.19.146-1 | mips, mipsel xfs-modules-4.19.0-11-4kc-malta-di | 4.19.146-1 | mips, mipsel zlib-modules-4.19.0-11-4kc-malta-di | 4.19.146-1 | mips, mipsel ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 06 Feb 2021 09:36:21 -0000] [ftpmaster: Mark Hymers] Removed the following packages from stable: affs-modules-4.19.0-11-5kc-malta-di | 4.19.146-1 | mips64el ata-modules-4.19.0-11-5kc-malta-di | 4.19.146-1 | mips64el btrfs-modules-4.19.0-11-5kc-malta-di | 4.19.146-1 | mips64el cdrom-core-modules-4.19.0-11-5kc-malta-di | 4.19.146-1 | mips64el compress-modules-4.19.0-11-5kc-malta-di | 4.19.146-1 | mips64el crc-modules-4.19.0-11-5kc-malta-di | 4.19.146-1 | mips64el crypto-dm-modules-4.19.0-11-5kc-malta-di | 4.19.146-1 | mips64el crypto-modules-4.19.0-11-5kc-malta-di | 4.19.146-1 | mips64el event-modules-4.19.0-11-5kc-malta-di | 4.19.146-1 | mips64el ext4-modules-4.19.0-11-5kc-malta-di | 4.19.146-1 | mips64el fat-modules-4.19.0-11-5kc-malta-di | 4.19.146-1 | mips64el fb-modules-4.19.0-11-5kc-malta-di | 4.19.146-1 | mips64el fuse-modules-4.19.0-11-5kc-malta-di | 4.19.146-1 | mips64el hfs-modules-4.19.0-11-5kc-malta-di | 4.19.146-1 | mips64el i2c-modules-4.19.0-11-5kc-malta-di | 4.19.146-1 | mips64el input-modules-4.19.0-11-5kc-malta-di | 4.19.146-1 | mips64el isofs-modules-4.19.0-11-5kc-malta-di | 4.19.146-1 | mips64el jfs-modules-4.19.0-11-5kc-malta-di | 4.19.146-1 | mips64el kernel-image-4.19.0-11-5kc-malta-di | 4.19.146-1 | mips64el linux-headers-4.19.0-11-all-mips64el | 4.19.146-1 | mips64el loop-modules-4.19.0-11-5kc-malta-di | 4.19.146-1 | mips64el md-modules-4.19.0-11-5kc-malta-di | 4.19.146-1 | mips64el minix-modules-4.19.0-11-5kc-malta-di | 4.19.146-1 | mips64el mmc-core-modules-4.19.0-11-5kc-malta-di | 4.19.146-1 | mips64el mmc-modules-4.19.0-11-5kc-malta-di | 4.19.146-1 | mips64el mouse-modules-4.19.0-11-5kc-malta-di | 4.19.146-1 | mips64el mtd-core-modules-4.19.0-11-5kc-malta-di | 4.19.146-1 | mips64el multipath-modules-4.19.0-11-5kc-malta-di | 4.19.146-1 | mips64el nbd-modules-4.19.0-11-5kc-malta-di | 4.19.146-1 | mips64el nic-modules-4.19.0-11-5kc-malta-di | 4.19.146-1 | mips64el nic-shared-modules-4.19.0-11-5kc-malta-di | 4.19.146-1 | mips64el nic-usb-modules-4.19.0-11-5kc-malta-di | 4.19.146-1 | mips64el nic-wireless-modules-4.19.0-11-5kc-malta-di | 4.19.146-1 | mips64el pata-modules-4.19.0-11-5kc-malta-di | 4.19.146-1 | mips64el ppp-modules-4.19.0-11-5kc-malta-di | 4.19.146-1 | mips64el sata-modules-4.19.0-11-5kc-malta-di | 4.19.146-1 | mips64el scsi-core-modules-4.19.0-11-5kc-malta-di | 4.19.146-1 | mips64el scsi-modules-4.19.0-11-5kc-malta-di | 4.19.146-1 | mips64el scsi-nic-modules-4.19.0-11-5kc-malta-di | 4.19.146-1 | mips64el sound-modules-4.19.0-11-5kc-malta-di | 4.19.146-1 | mips64el squashfs-modules-4.19.0-11-5kc-malta-di | 4.19.146-1 | mips64el udf-modules-4.19.0-11-5kc-malta-di | 4.19.146-1 | mips64el usb-modules-4.19.0-11-5kc-malta-di | 4.19.146-1 | mips64el usb-serial-modules-4.19.0-11-5kc-malta-di | 4.19.146-1 | mips64el usb-storage-modules-4.19.0-11-5kc-malta-di | 4.19.146-1 | mips64el xfs-modules-4.19.0-11-5kc-malta-di | 4.19.146-1 | mips64el zlib-modules-4.19.0-11-5kc-malta-di | 4.19.146-1 | mips64el ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 06 Feb 2021 09:36:47 -0000] [ftpmaster: Mark Hymers] Removed the following packages from stable: affs-modules-4.19.0-11-loongson-3-di | 4.19.146-1 | mips64el, mipsel ata-modules-4.19.0-11-loongson-3-di | 4.19.146-1 | mips64el, mipsel btrfs-modules-4.19.0-11-loongson-3-di | 4.19.146-1 | mips64el, mipsel cdrom-core-modules-4.19.0-11-loongson-3-di | 4.19.146-1 | mips64el, mipsel compress-modules-4.19.0-11-loongson-3-di | 4.19.146-1 | mips64el, mipsel crc-modules-4.19.0-11-loongson-3-di | 4.19.146-1 | mips64el, mipsel crypto-dm-modules-4.19.0-11-loongson-3-di | 4.19.146-1 | mips64el, mipsel crypto-modules-4.19.0-11-loongson-3-di | 4.19.146-1 | mips64el, mipsel event-modules-4.19.0-11-loongson-3-di | 4.19.146-1 | mips64el, mipsel ext4-modules-4.19.0-11-loongson-3-di | 4.19.146-1 | mips64el, mipsel fat-modules-4.19.0-11-loongson-3-di | 4.19.146-1 | mips64el, mipsel fb-modules-4.19.0-11-loongson-3-di | 4.19.146-1 | mips64el, mipsel firewire-core-modules-4.19.0-11-loongson-3-di | 4.19.146-1 | mips64el, mipsel fuse-modules-4.19.0-11-loongson-3-di | 4.19.146-1 | mips64el, mipsel hfs-modules-4.19.0-11-loongson-3-di | 4.19.146-1 | mips64el, mipsel input-modules-4.19.0-11-loongson-3-di | 4.19.146-1 | mips64el, mipsel isofs-modules-4.19.0-11-loongson-3-di | 4.19.146-1 | mips64el, mipsel jfs-modules-4.19.0-11-loongson-3-di | 4.19.146-1 | mips64el, mipsel kernel-image-4.19.0-11-loongson-3-di | 4.19.146-1 | mips64el, mipsel linux-headers-4.19.0-11-loongson-3 | 4.19.146-1 | mips64el, mipsel linux-image-4.19.0-11-loongson-3 | 4.19.146-1 | mips64el, mipsel linux-image-4.19.0-11-loongson-3-dbg | 4.19.146-1 | mips64el, mipsel loop-modules-4.19.0-11-loongson-3-di | 4.19.146-1 | mips64el, mipsel md-modules-4.19.0-11-loongson-3-di | 4.19.146-1 | mips64el, mipsel minix-modules-4.19.0-11-loongson-3-di | 4.19.146-1 | mips64el, mipsel mtd-core-modules-4.19.0-11-loongson-3-di | 4.19.146-1 | mips64el, mipsel multipath-modules-4.19.0-11-loongson-3-di | 4.19.146-1 | mips64el, mipsel nbd-modules-4.19.0-11-loongson-3-di | 4.19.146-1 | mips64el, mipsel nfs-modules-4.19.0-11-loongson-3-di | 4.19.146-1 | mips64el, mipsel nic-modules-4.19.0-11-loongson-3-di | 4.19.146-1 | mips64el, mipsel nic-shared-modules-4.19.0-11-loongson-3-di | 4.19.146-1 | mips64el, mipsel nic-usb-modules-4.19.0-11-loongson-3-di | 4.19.146-1 | mips64el, mipsel nic-wireless-modules-4.19.0-11-loongson-3-di | 4.19.146-1 | mips64el, mipsel pata-modules-4.19.0-11-loongson-3-di | 4.19.146-1 | mips64el, mipsel ppp-modules-4.19.0-11-loongson-3-di | 4.19.146-1 | mips64el, mipsel sata-modules-4.19.0-11-loongson-3-di | 4.19.146-1 | mips64el, mipsel scsi-core-modules-4.19.0-11-loongson-3-di | 4.19.146-1 | mips64el, mipsel scsi-modules-4.19.0-11-loongson-3-di | 4.19.146-1 | mips64el, mipsel scsi-nic-modules-4.19.0-11-loongson-3-di | 4.19.146-1 | mips64el, mipsel sound-modules-4.19.0-11-loongson-3-di | 4.19.146-1 | mips64el, mipsel speakup-modules-4.19.0-11-loongson-3-di | 4.19.146-1 | mips64el, mipsel squashfs-modules-4.19.0-11-loongson-3-di | 4.19.146-1 | mips64el, mipsel udf-modules-4.19.0-11-loongson-3-di | 4.19.146-1 | mips64el, mipsel usb-modules-4.19.0-11-loongson-3-di | 4.19.146-1 | mips64el, mipsel usb-serial-modules-4.19.0-11-loongson-3-di | 4.19.146-1 | mips64el, mipsel usb-storage-modules-4.19.0-11-loongson-3-di | 4.19.146-1 | mips64el, mipsel xfs-modules-4.19.0-11-loongson-3-di | 4.19.146-1 | mips64el, mipsel zlib-modules-4.19.0-11-loongson-3-di | 4.19.146-1 | mips64el, mipsel ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 06 Feb 2021 09:37:53 -0000] [ftpmaster: Mark Hymers] Removed the following packages from stable: linux-headers-4.19.0-11-all-mipsel | 4.19.146-1 | mipsel ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 06 Feb 2021 09:38:19 -0000] [ftpmaster: Mark Hymers] Removed the following packages from stable: linux-image-4.19.0-11-arm64-unsigned | 4.19.146-1 | arm64 linux-image-4.19.0-11-rt-arm64-dbg | 4.19.146-1 | arm64 linux-image-4.19.0-11-rt-arm64-unsigned | 4.19.146-1 | arm64 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 06 Feb 2021 09:38:46 -0000] [ftpmaster: Mark Hymers] Removed the following packages from stable: acpi-modules-4.19.0-11-amd64-di | 4.19.146-1 | amd64 ata-modules-4.19.0-11-amd64-di | 4.19.146-1 | amd64 btrfs-modules-4.19.0-11-amd64-di | 4.19.146-1 | amd64 cdrom-core-modules-4.19.0-11-amd64-di | 4.19.146-1 | amd64 compress-modules-4.19.0-11-amd64-di | 4.19.146-1 | amd64 crc-modules-4.19.0-11-amd64-di | 4.19.146-1 | amd64 crypto-dm-modules-4.19.0-11-amd64-di | 4.19.146-1 | amd64 crypto-modules-4.19.0-11-amd64-di | 4.19.146-1 | amd64 efi-modules-4.19.0-11-amd64-di | 4.19.146-1 | amd64 event-modules-4.19.0-11-amd64-di | 4.19.146-1 | amd64 ext4-modules-4.19.0-11-amd64-di | 4.19.146-1 | amd64 fat-modules-4.19.0-11-amd64-di | 4.19.146-1 | amd64 fb-modules-4.19.0-11-amd64-di | 4.19.146-1 | amd64 firewire-core-modules-4.19.0-11-amd64-di | 4.19.146-1 | amd64 fuse-modules-4.19.0-11-amd64-di | 4.19.146-1 | amd64 i2c-modules-4.19.0-11-amd64-di | 4.19.146-1 | amd64 input-modules-4.19.0-11-amd64-di | 4.19.146-1 | amd64 isofs-modules-4.19.0-11-amd64-di | 4.19.146-1 | amd64 jfs-modules-4.19.0-11-amd64-di | 4.19.146-1 | amd64 kernel-image-4.19.0-11-amd64-di | 4.19.146-1 | amd64 linux-image-4.19.0-11-amd64 | 4.19.146-1 | amd64 linux-image-4.19.0-11-cloud-amd64 | 4.19.146-1 | amd64 linux-image-4.19.0-11-rt-amd64 | 4.19.146-1 | amd64 loop-modules-4.19.0-11-amd64-di | 4.19.146-1 | amd64 md-modules-4.19.0-11-amd64-di | 4.19.146-1 | amd64 mmc-core-modules-4.19.0-11-amd64-di | 4.19.146-1 | amd64 mmc-modules-4.19.0-11-amd64-di | 4.19.146-1 | amd64 mouse-modules-4.19.0-11-amd64-di | 4.19.146-1 | amd64 mtd-core-modules-4.19.0-11-amd64-di | 4.19.146-1 | amd64 multipath-modules-4.19.0-11-amd64-di | 4.19.146-1 | amd64 nbd-modules-4.19.0-11-amd64-di | 4.19.146-1 | amd64 nic-modules-4.19.0-11-amd64-di | 4.19.146-1 | amd64 nic-pcmcia-modules-4.19.0-11-amd64-di | 4.19.146-1 | amd64 nic-shared-modules-4.19.0-11-amd64-di | 4.19.146-1 | amd64 nic-usb-modules-4.19.0-11-amd64-di | 4.19.146-1 | amd64 nic-wireless-modules-4.19.0-11-amd64-di | 4.19.146-1 | amd64 pata-modules-4.19.0-11-amd64-di | 4.19.146-1 | amd64 pcmcia-modules-4.19.0-11-amd64-di | 4.19.146-1 | amd64 pcmcia-storage-modules-4.19.0-11-amd64-di | 4.19.146-1 | amd64 ppp-modules-4.19.0-11-amd64-di | 4.19.146-1 | amd64 sata-modules-4.19.0-11-amd64-di | 4.19.146-1 | amd64 scsi-core-modules-4.19.0-11-amd64-di | 4.19.146-1 | amd64 scsi-modules-4.19.0-11-amd64-di | 4.19.146-1 | amd64 scsi-nic-modules-4.19.0-11-amd64-di | 4.19.146-1 | amd64 serial-modules-4.19.0-11-amd64-di | 4.19.146-1 | amd64 sound-modules-4.19.0-11-amd64-di | 4.19.146-1 | amd64 speakup-modules-4.19.0-11-amd64-di | 4.19.146-1 | amd64 squashfs-modules-4.19.0-11-amd64-di | 4.19.146-1 | amd64 udf-modules-4.19.0-11-amd64-di | 4.19.146-1 | amd64 uinput-modules-4.19.0-11-amd64-di | 4.19.146-1 | amd64 usb-modules-4.19.0-11-amd64-di | 4.19.146-1 | amd64 usb-serial-modules-4.19.0-11-amd64-di | 4.19.146-1 | amd64 usb-storage-modules-4.19.0-11-amd64-di | 4.19.146-1 | amd64 xfs-modules-4.19.0-11-amd64-di | 4.19.146-1 | amd64 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux-signed-amd64) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 06 Feb 2021 09:39:22 -0000] [ftpmaster: Mark Hymers] Removed the following packages from stable: ata-modules-4.19.0-11-arm64-di | 4.19.146-1 | arm64 btrfs-modules-4.19.0-11-arm64-di | 4.19.146-1 | arm64 cdrom-core-modules-4.19.0-11-arm64-di | 4.19.146-1 | arm64 compress-modules-4.19.0-11-arm64-di | 4.19.146-1 | arm64 crc-modules-4.19.0-11-arm64-di | 4.19.146-1 | arm64 crypto-dm-modules-4.19.0-11-arm64-di | 4.19.146-1 | arm64 crypto-modules-4.19.0-11-arm64-di | 4.19.146-1 | arm64 efi-modules-4.19.0-11-arm64-di | 4.19.146-1 | arm64 event-modules-4.19.0-11-arm64-di | 4.19.146-1 | arm64 ext4-modules-4.19.0-11-arm64-di | 4.19.146-1 | arm64 fat-modules-4.19.0-11-arm64-di | 4.19.146-1 | arm64 fb-modules-4.19.0-11-arm64-di | 4.19.146-1 | arm64 fuse-modules-4.19.0-11-arm64-di | 4.19.146-1 | arm64 i2c-modules-4.19.0-11-arm64-di | 4.19.146-1 | arm64 input-modules-4.19.0-11-arm64-di | 4.19.146-1 | arm64 isofs-modules-4.19.0-11-arm64-di | 4.19.146-1 | arm64 jfs-modules-4.19.0-11-arm64-di | 4.19.146-1 | arm64 kernel-image-4.19.0-11-arm64-di | 4.19.146-1 | arm64 leds-modules-4.19.0-11-arm64-di | 4.19.146-1 | arm64 linux-image-4.19.0-11-arm64 | 4.19.146-1 | arm64 linux-image-4.19.0-11-rt-arm64 | 4.19.146-1 | arm64 loop-modules-4.19.0-11-arm64-di | 4.19.146-1 | arm64 md-modules-4.19.0-11-arm64-di | 4.19.146-1 | arm64 mmc-modules-4.19.0-11-arm64-di | 4.19.146-1 | arm64 mtd-core-modules-4.19.0-11-arm64-di | 4.19.146-1 | arm64 multipath-modules-4.19.0-11-arm64-di | 4.19.146-1 | arm64 nbd-modules-4.19.0-11-arm64-di | 4.19.146-1 | arm64 nic-modules-4.19.0-11-arm64-di | 4.19.146-1 | arm64 nic-shared-modules-4.19.0-11-arm64-di | 4.19.146-1 | arm64 nic-usb-modules-4.19.0-11-arm64-di | 4.19.146-1 | arm64 nic-wireless-modules-4.19.0-11-arm64-di | 4.19.146-1 | arm64 ppp-modules-4.19.0-11-arm64-di | 4.19.146-1 | arm64 sata-modules-4.19.0-11-arm64-di | 4.19.146-1 | arm64 scsi-core-modules-4.19.0-11-arm64-di | 4.19.146-1 | arm64 scsi-modules-4.19.0-11-arm64-di | 4.19.146-1 | arm64 scsi-nic-modules-4.19.0-11-arm64-di | 4.19.146-1 | arm64 squashfs-modules-4.19.0-11-arm64-di | 4.19.146-1 | arm64 udf-modules-4.19.0-11-arm64-di | 4.19.146-1 | arm64 uinput-modules-4.19.0-11-arm64-di | 4.19.146-1 | arm64 usb-modules-4.19.0-11-arm64-di | 4.19.146-1 | arm64 usb-serial-modules-4.19.0-11-arm64-di | 4.19.146-1 | arm64 usb-storage-modules-4.19.0-11-arm64-di | 4.19.146-1 | arm64 xfs-modules-4.19.0-11-arm64-di | 4.19.146-1 | arm64 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux-signed-arm64) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 06 Feb 2021 09:39:45 -0000] [ftpmaster: Mark Hymers] Removed the following packages from stable: acpi-modules-4.19.0-11-686-di | 4.19.146-1 | i386 acpi-modules-4.19.0-11-686-pae-di | 4.19.146-1 | i386 ata-modules-4.19.0-11-686-di | 4.19.146-1 | i386 btrfs-modules-4.19.0-11-686-di | 4.19.146-1 | i386 btrfs-modules-4.19.0-11-686-pae-di | 4.19.146-1 | i386 cdrom-core-modules-4.19.0-11-686-di | 4.19.146-1 | i386 cdrom-core-modules-4.19.0-11-686-pae-di | 4.19.146-1 | i386 compress-modules-4.19.0-11-686-di | 4.19.146-1 | i386 compress-modules-4.19.0-11-686-pae-di | 4.19.146-1 | i386 crc-modules-4.19.0-11-686-di | 4.19.146-1 | i386 crc-modules-4.19.0-11-686-pae-di | 4.19.146-1 | i386 crypto-dm-modules-4.19.0-11-686-di | 4.19.146-1 | i386 crypto-dm-modules-4.19.0-11-686-pae-di | 4.19.146-1 | i386 crypto-modules-4.19.0-11-686-di | 4.19.146-1 | i386 crypto-modules-4.19.0-11-686-pae-di | 4.19.146-1 | i386 efi-modules-4.19.0-11-686-di | 4.19.146-1 | i386 efi-modules-4.19.0-11-686-pae-di | 4.19.146-1 | i386 event-modules-4.19.0-11-686-di | 4.19.146-1 | i386 event-modules-4.19.0-11-686-pae-di | 4.19.146-1 | i386 ext4-modules-4.19.0-11-686-di | 4.19.146-1 | i386 ext4-modules-4.19.0-11-686-pae-di | 4.19.146-1 | i386 fat-modules-4.19.0-11-686-di | 4.19.146-1 | i386 fat-modules-4.19.0-11-686-pae-di | 4.19.146-1 | i386 fb-modules-4.19.0-11-686-di | 4.19.146-1 | i386 fb-modules-4.19.0-11-686-pae-di | 4.19.146-1 | i386 firewire-core-modules-4.19.0-11-686-di | 4.19.146-1 | i386 firewire-core-modules-4.19.0-11-686-pae-di | 4.19.146-1 | i386 fuse-modules-4.19.0-11-686-di | 4.19.146-1 | i386 fuse-modules-4.19.0-11-686-pae-di | 4.19.146-1 | i386 i2c-modules-4.19.0-11-686-di | 4.19.146-1 | i386 i2c-modules-4.19.0-11-686-pae-di | 4.19.146-1 | i386 input-modules-4.19.0-11-686-di | 4.19.146-1 | i386 input-modules-4.19.0-11-686-pae-di | 4.19.146-1 | i386 isofs-modules-4.19.0-11-686-di | 4.19.146-1 | i386 isofs-modules-4.19.0-11-686-pae-di | 4.19.146-1 | i386 jfs-modules-4.19.0-11-686-di | 4.19.146-1 | i386 jfs-modules-4.19.0-11-686-pae-di | 4.19.146-1 | i386 kernel-image-4.19.0-11-686-di | 4.19.146-1 | i386 kernel-image-4.19.0-11-686-pae-di | 4.19.146-1 | i386 linux-image-4.19.0-11-686 | 4.19.146-1 | i386 linux-image-4.19.0-11-686-pae | 4.19.146-1 | i386 linux-image-4.19.0-11-rt-686-pae | 4.19.146-1 | i386 loop-modules-4.19.0-11-686-di | 4.19.146-1 | i386 loop-modules-4.19.0-11-686-pae-di | 4.19.146-1 | i386 md-modules-4.19.0-11-686-di | 4.19.146-1 | i386 md-modules-4.19.0-11-686-pae-di | 4.19.146-1 | i386 mmc-core-modules-4.19.0-11-686-di | 4.19.146-1 | i386 mmc-core-modules-4.19.0-11-686-pae-di | 4.19.146-1 | i386 mmc-modules-4.19.0-11-686-di | 4.19.146-1 | i386 mmc-modules-4.19.0-11-686-pae-di | 4.19.146-1 | i386 mouse-modules-4.19.0-11-686-di | 4.19.146-1 | i386 mouse-modules-4.19.0-11-686-pae-di | 4.19.146-1 | i386 mtd-core-modules-4.19.0-11-686-di | 4.19.146-1 | i386 mtd-core-modules-4.19.0-11-686-pae-di | 4.19.146-1 | i386 multipath-modules-4.19.0-11-686-di | 4.19.146-1 | i386 multipath-modules-4.19.0-11-686-pae-di | 4.19.146-1 | i386 nbd-modules-4.19.0-11-686-di | 4.19.146-1 | i386 nbd-modules-4.19.0-11-686-pae-di | 4.19.146-1 | i386 nic-modules-4.19.0-11-686-di | 4.19.146-1 | i386 nic-modules-4.19.0-11-686-pae-di | 4.19.146-1 | i386 nic-pcmcia-modules-4.19.0-11-686-di | 4.19.146-1 | i386 nic-pcmcia-modules-4.19.0-11-686-pae-di | 4.19.146-1 | i386 nic-shared-modules-4.19.0-11-686-di | 4.19.146-1 | i386 nic-shared-modules-4.19.0-11-686-pae-di | 4.19.146-1 | i386 nic-usb-modules-4.19.0-11-686-di | 4.19.146-1 | i386 nic-usb-modules-4.19.0-11-686-pae-di | 4.19.146-1 | i386 nic-wireless-modules-4.19.0-11-686-di | 4.19.146-1 | i386 nic-wireless-modules-4.19.0-11-686-pae-di | 4.19.146-1 | i386 pata-modules-4.19.0-11-686-di | 4.19.146-1 | i386 pata-modules-4.19.0-11-686-pae-di | 4.19.146-1 | i386 pcmcia-modules-4.19.0-11-686-di | 4.19.146-1 | i386 pcmcia-modules-4.19.0-11-686-pae-di | 4.19.146-1 | i386 pcmcia-storage-modules-4.19.0-11-686-di | 4.19.146-1 | i386 pcmcia-storage-modules-4.19.0-11-686-pae-di | 4.19.146-1 | i386 ppp-modules-4.19.0-11-686-di | 4.19.146-1 | i386 ppp-modules-4.19.0-11-686-pae-di | 4.19.146-1 | i386 sata-modules-4.19.0-11-686-di | 4.19.146-1 | i386 sata-modules-4.19.0-11-686-pae-di | 4.19.146-1 | i386 scsi-core-modules-4.19.0-11-686-di | 4.19.146-1 | i386 scsi-core-modules-4.19.0-11-686-pae-di | 4.19.146-1 | i386 scsi-modules-4.19.0-11-686-di | 4.19.146-1 | i386 scsi-modules-4.19.0-11-686-pae-di | 4.19.146-1 | i386 scsi-nic-modules-4.19.0-11-686-di | 4.19.146-1 | i386 scsi-nic-modules-4.19.0-11-686-pae-di | 4.19.146-1 | i386 serial-modules-4.19.0-11-686-di | 4.19.146-1 | i386 serial-modules-4.19.0-11-686-pae-di | 4.19.146-1 | i386 sound-modules-4.19.0-11-686-di | 4.19.146-1 | i386 sound-modules-4.19.0-11-686-pae-di | 4.19.146-1 | i386 speakup-modules-4.19.0-11-686-di | 4.19.146-1 | i386 speakup-modules-4.19.0-11-686-pae-di | 4.19.146-1 | i386 squashfs-modules-4.19.0-11-686-di | 4.19.146-1 | i386 squashfs-modules-4.19.0-11-686-pae-di | 4.19.146-1 | i386 udf-modules-4.19.0-11-686-di | 4.19.146-1 | i386 udf-modules-4.19.0-11-686-pae-di | 4.19.146-1 | i386 uinput-modules-4.19.0-11-686-di | 4.19.146-1 | i386 uinput-modules-4.19.0-11-686-pae-di | 4.19.146-1 | i386 usb-modules-4.19.0-11-686-di | 4.19.146-1 | i386 usb-modules-4.19.0-11-686-pae-di | 4.19.146-1 | i386 usb-serial-modules-4.19.0-11-686-di | 4.19.146-1 | i386 usb-serial-modules-4.19.0-11-686-pae-di | 4.19.146-1 | i386 usb-storage-modules-4.19.0-11-686-di | 4.19.146-1 | i386 usb-storage-modules-4.19.0-11-686-pae-di | 4.19.146-1 | i386 xfs-modules-4.19.0-11-686-di | 4.19.146-1 | i386 xfs-modules-4.19.0-11-686-pae-di | 4.19.146-1 | i386 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux-signed-i386) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 06 Feb 2021 09:40:14 -0000] [ftpmaster: Mark Hymers] Removed the following packages from stable: linux-headers-4.19.0-11-common | 4.19.146-1 | all linux-headers-4.19.0-11-common-rt | 4.19.146-1 | all linux-support-4.19.0-11 | 4.19.146-1 | all ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux - based on source metadata) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 06 Feb 2021 09:41:22 -0000] [ftpmaster: Mark Hymers] Removed the following packages from stable: ata-modules-4.19.0-11-686-pae-di | 4.19.146-1 | i386 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux-signed-i386) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 06 Feb 2021 09:16:47 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: compactheader | 3.0.0~beta5-2~deb10u1 | source webext-compactheader | 3.0.0~beta5-2~deb10u1 | all xul-ext-compactheader | 3.0.0~beta5-2~deb10u1 | all Closed bugs: 980402 ------------------- Reason ------------------- RoQA; abandoned upstream, no longer usable ---------------------------------------------- ========================================================================= apt (1.8.2.2) buster-security; urgency=high . * SECURITY UPDATE: Integer overflow in parsing (LP: #1899193) - apt-pkg/contrib/arfile.cc: add extra checks. - apt-pkg/contrib/tarfile.cc: limit tar item sizes to 128 GiB - apt-pkg/deb/debfile.cc: limit control file sizes to 64 MiB - test/*: add tests. - CVE-2020-27350 * Additional hardening: - apt-pkg/contrib/tarfile.cc: Limit size of long names and links to 1 MiB * Fix autopkgtest regression in 1.8.2.1 security update atftp (0.7.git20120829-3.2~deb10u1) buster; urgency=medium . * Non-maintainer upload. * Rebuild for buster. . atftp (0.7.git20120829-3.2) unstable; urgency=medium . * Non-maintainer upload. * Fix for DoS issue CVE-2020-6097 (Closes: #970066) base-files (10.3+deb10u8) buster; urgency=medium . * Change /etc/debian_version to 10.8, for Debian 10.8 point release. brotli (1.0.7-2+deb10u1) buster-security; urgency=medium . * CVE-2020-8927 ca-certificates (20200601~deb10u2) buster; urgency=medium . [ Julien Cristau ] * New maintainer (see #976406) . [ Michael Shuler ] * mozilla/blacklist: Revert Symantec CA blacklist (#911289). Closes: #962596, #968002. The following root certificates were added back (+): + "GeoTrust Global CA" + "GeoTrust Primary Certification Authority" + "GeoTrust Primary Certification Authority - G2" + "GeoTrust Primary Certification Authority - G3" + "GeoTrust Universal CA" + "thawte Primary Root CA" + "thawte Primary Root CA - G2" + "thawte Primary Root CA - G3" + "VeriSign Class 3 Public Primary Certification Authority - G4" + "VeriSign Class 3 Public Primary Certification Authority - G5" + "VeriSign Universal Root Certification Authority" . Note: due to bug #743339, CA certificates added back in this version won't automatically be trusted again on upgrade. Affected users may need to reconfigure the package to restore the desired state. ca-certificates (20200601~deb10u1) buster; urgency=medium . * Rebuild for buster. * Merge changes from 20200601 - d/control; set d/gbp.conf branch to debian-buster * This release updates the Mozilla CA bundle to 2.40, blacklists distrusted Symantec roots, and blacklists expired "AddTrust External Root". Closes: #956411, #955038, #911289, #961907 ca-certificates (20200601~deb9u1) stretch; urgency=medium . * Rebuild for stretch. * Merge changes from 20200601 - d/control * This release updates the Mozilla CA bundle to 2.40, blacklists distrusted Symantec roots, and blacklists expired "AddTrust External Root". Closes: #956411, #955038, #911289, #961907 * Fix permissions on /usr/local/share/ca-certificates when using symlinks. Closes: #916833 * Remove email-only roots from mozilla trust store. Closes: #721976 cacti (1.2.2+ds1-2+deb10u4) buster; urgency=medium . * Add 0001-Fixing-Issue-4022.patch (Closes: #979998) - CVE-2020-35701: SQL injection via data_debug.php * Add 0001-Fixing-Issue-4019.patch There are a few places in the current code where an attacker, once having gained access to the Cacti database through a SQL injection, could modify data in tables to possibly expose an stored XSS bug in Cacti. cairo (1.16.0-4+deb10u1) buster; urgency=medium . * CVE-2020-35492 (Closes: #CVE-2020-35492) choose-mirror (2.99+deb10u3) buster; urgency=medium . * Update Mirrors.masterlist. chromium (87.0.4280.141-0.1~deb10u1) buster-security; urgency=high . * Non-maintainer upload. * New upstream security release (closes: 979520). - CVE-2021-21106: Use after free in autofill. Reported by Weipeng Jiang @Krace from Codesafe Team of Legendsec at Qi'anxin Group - CVE-2021-21107: Use after free in drag and drop. Reported by Leecraso and Guang Gong of 360 Alpha Lab - CVE-2021-21108: Use after free in media. Reported by Leecraso and Guang Gong of 360 Alpha Lab - CVE-2021-21109: Use after free in payments. Reported by Rong Jian and Guang Gong of 360 Alpha Lab - CVE-2021-21110: Use after free in safe browsing. Reported by Anonymous - CVE-2021-21111: Insufficient policy enforcement in WebUI. Reported by Alesandro Ortiz - CVE-2021-21112: Use after free in Blink. Reported by YoungJoo Lee @ashuu_lee of Raon Whitehat - CVE-2021-21113: Heap buffer overflow in Skia. Reported by tsubmunu - CVE-2020-16043: Insufficient data validation in networking. Reported by Samy Kamkar, Ben Seri at Armis, Gregory Vishnepolsky at Armis - CVE-2021-21114: Use after free in audio. Reported by Man Yue Mo of GitHub Security Lab - CVE-2020-15995: Out of bounds write in V8. Reported by Bohan Liu @P4nda20371774 of Tencent Security Xuanwu Lab - CVE-2021-21115: Use after free in safe browsing. Reported by Leecraso and Guang Gong of 360 Alpha Lab - CVE-2021-21116: Heap buffer overflow in audio. Reported by Alison Huffman, Microsoft Browser Vulnerability Research * Use desktop gl implementation as default. (closes: 979135) chromium (87.0.4280.88-0.4) unstable; urgency=medium . * Non-maintainer upload. . [ Michel Le Bihan ] * Install ANGLE EGL and GLESv2 libs (closes: 977870). * Disable Widevine CDM component updater (closes: 960454). * Disable usage of google-chrome in driver (closes: 930543). . [ Jan Luca Naumann ] * Remove python3-xcbgen from Build-Deps * Changes to allow building on buster * Add patch for explicit python2 usage in scripts chromium (87.0.4280.88-0.4~deb10u1) buster-security; urgency=high . * Non-maintainer upload. * New upstream stable release. - CVE-2020-6510: Heap buffer overflow in background fetch. Reported by Leecraso and Guang Gong - CVE-2020-6511: Side-channel information leakage in content security policy. Reported by Mikhail Oblozhikhin - CVE-2020-6512: Type Confusion in V8. Reported by nocma, leogan, cheneyxu - CVE-2020-6513: Heap buffer overflow in PDFium. Reported by Aleksandar Nikolic - CVE-2020-6514: Inappropriate implementation in WebRTC. Reported by Natalie Silvanovich - CVE-2020-6515: Use after free in tab strip. Reported by DDV_UA - CVE-2020-6516: Policy bypass in CORS. Reported by Yongke Wang and Aryb1n - CVE-2020-6517: Heap buffer overflow in history. Reported by ZeKai Wu - CVE-2020-6518: Use after free in developer tools. Reported by David Erceg - CVE-2020-6519: Policy bypass in CSP. Reported by Gal Weizman - CVE-2020-6520: Heap buffer overflow in Skia. Reported by Zhen Zhou - CVE-2020-6521: Side-channel information leakage in autofill. Reported by Xu Lin, Panagiotis Ilia, Jason Polakis - CVE-2020-6522: Inappropriate implementation in external protocol handlers. Reported by Eric Lawrence - CVE-2020-6523: Out of bounds write in Skia. Reported by Liu Wei and Wu Zekai - CVE-2020-6524: Heap buffer overflow in WebAudio. Reported by Sung Ta - CVE-2020-6525: Heap buffer overflow in Skia. Reported by Zhen Zhou - CVE-2020-6526: Inappropriate implementation in iframe sandbox. Reported by Jonathan Kingston - CVE-2020-6527: Insufficient policy enforcement in CSP. Reported by Zhong Zhaochen - CVE-2020-6528: Incorrect security UI in basic auth. Reported by Rayyan Bijoora - CVE-2020-6529: Inappropriate implementation in WebRTC. Reported by kaustubhvats7 - CVE-2020-6530: Out of bounds memory access in developer tools. Reported by myvyang - CVE-2020-6531: Side-channel information leakage in scroll to text. Reported by Jun Kokatsu - CVE-2020-6533: Type Confusion in V8. Reported by Avihay Cohen - CVE-2020-6534: Heap buffer overflow in WebRTC. Reported by Anonymous - CVE-2020-6535: Insufficient data validation in WebUI. Reported by Jun Kokatsu - CVE-2020-6536: Incorrect security UI in PWAs. Reported by Zhiyang Zeng - CVE-2020-6537: Type Confusion in V8. Reported by Rong Jian and Guang Gong - CVE-2020-6532: Use after free in SCTP. Reported by Anonymous - CVE-2020-6538: Inappropriate implementation in WebView. Reported by Yongke Wang and Aryb1n - CVE-2020-6539: Use after free in CSS. Reported by Oriol Brufau - CVE-2020-6540: Heap buffer overflow in Skia. Reported by Zhen Zhou - CVE-2020-6541: Use after free in WebUSB. Reported by Sergei Glazunov - CVE-2020-16037: Use after free in clipboard. Reported by Ryoya Tsukasaki - CVE-2020-16038: Use after free in media. Reported by Khalil Zhani - CVE-2020-16039: Use after free in extensions. Reported by Anonymous - CVE-2020-16040: Insufficient data validation in V8. Reported by Lucas Pinheiro, Microsoft Browser Vulnerability Research - CVE-2020-16041: Out of bounds read in networking. Reported by Sergei Glazunov and Mark Brand of Google Project Zero - CVE-2020-16042: Uninitialized Use in V8. Reported by André Bargull - CVE-2020-16018: Use after free in payments. Reported by Man Yue Mo of GitHub Security Lab - CVE-2020-16019: Inappropriate implementation in filesystem. Reported by Rory McNamara - CVE-2020-16020: Inappropriate implementation in cryptohome. Reported by Rory McNamara - CVE-2020-16021: Race in ImageBurner. Reported by Rory McNamara - CVE-2020-16022: Insufficient policy enforcement in networking. Reported by @SamyKamkar - CVE-2020-16015: Insufficient data validation in WASM. Reported by Rong Jian and Leecraso of 360 Alpha Lab - CVE-2020-16014: Use after free in PPAPI. Reported by Rong Jian and Leecraso of 360 Alpha Lab - CVE-2020-16023: Use after free in WebCodecs. Reported by Brendon Tiszka and David Manouchehri supporting the @eff - CVE-2020-16024: Heap buffer overflow in UI. Reported by Sergei Glazunov of Google Project Zero - CVE-2020-16025: Heap buffer overflow in clipboard. Reported by Sergei Glazunov of Google Project Zero - CVE-2020-16026: Use after free in WebRTC. Reported by Jong-Gwon Kim - CVE-2020-16027: Insufficient policy enforcement in developer tools. Reported by David Erceg - CVE-2020-16028: Heap buffer overflow in WebRTC. Reported by asnine - CVE-2020-16029: Inappropriate implementation in PDFium. Reported by Anonymous - CVE-2020-16030: Insufficient data validation in Blink. Reported by Michał Bentkowski of Securitum - CVE-2019-8075: Insufficient data validation in Flash. Reported by Nethanel Gelernter, Cyberpion - CVE-2020-16031: Incorrect security UI in tab preview. Reported by wester0x01 - CVE-2020-16032: Incorrect security UI in sharing. Reported by wester0x01 - CVE-2020-16033: Incorrect security UI in WebUSB. Reported by Khalil Zhani - CVE-2020-16034: Inappropriate implementation in WebRTC. Reported by Benjamin Petermaier - CVE-2020-16035: Insufficient data validation in cros-disks. Reported by Rory McNamara - CVE-2020-16012: Side-channel information leakage in graphics. Reported by Aleksejs Popovs - CVE-2020-16036: Inappropriate implementation in cookies. Reported by Jun Kokatsu @shhnjk - CVE-2020-16013: Inappropriate implementation in V8. Reported by Anonymous - CVE-2020-16017: Use after free in site isolation. Reported by Anonymous - CVE-2020-16016: Inappropriate implementation in base. Reported by Rong Jian and Leecraso of 360 Alpha Lab - CVE-2020-16004: Use after free in user interface. Reported by Leecraso and Guang Gong of 360 Alpha Lab working with 360 BugCloud - CVE-2020-16005: Insufficient policy enforcement in ANGLE. Reported by Jaehun Jeong @n3sk of Theori - CVE-2020-16006: Inappropriate implementation in V8. Reported by Bill Parks - CVE-2020-16007: Insufficient data validation in installer. Reported by Abdelhamid Naceri - CVE-2020-16008: Stack buffer overflow in WebRTC. Reported by Tolya Korniltsev - CVE-2020-16009: Inappropriate implementation in V8. Reported by Clement Lecigne of Google's Threat Analysis Group and Samuel Groß of Google Project Zero - CVE-2020-16011: Heap buffer overflow in UI on Windows. Reported by Sergei Glazunov of Google Project Zero - CVE-2020-16000: Inappropriate implementation in Blink. Reported by amaebi_jp - CVE-2020-16001: Use after free in media. Reported by Khalil Zhani - CVE-2020-16002: Use after free in PDFium. Reported by Weipeng Jiang from Codesafe Team of Legendsec at Qi'anxin Group - CVE-2020-15999: Heap buffer overflow in Freetype. Reported by Sergei Glazunov of Google Project Zero - CVE-2020-16003: Use after free in printing. Reported by Khalil Zhani - CVE-2020-15967: Use after free in payments. Reported by Man Yue Mo of GitHub Security Lab - CVE-2020-15968: Use after free in Blink. Reported by Anonymous - CVE-2020-15969: Use after free in WebRTC. Reported by Anonymous - CVE-2020-15970: Use after free in NFC. Reported by Man Yue Mo of GitHub Security Lab - CVE-2020-15971: Use after free in printing. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research - CVE-2020-15972: Use after free in audio. Reported by Anonymous - CVE-2020-15990: Use after free in autofill. Reported by Rong Jian and Guang Gong of Alpha Lab, Qihoo 360 - CVE-2020-15991: Use after free in password manager. Reported by Rong Jian and Guang Gong of Alpha Lab, Qihoo 360 - CVE-2020-15973: Insufficient policy enforcement in extensions. Reported by David Erceg - CVE-2020-15974: Integer overflow in Blink. Reported by Juno Im of Theori - CVE-2020-15975: Integer overflow in SwiftShader. Reported by Anonymous - CVE-2020-15976: Use after free in WebXR. Reported by YoungJoo Lee @ashuu_lee of Raon Whitehat - CVE-2020-6557: Inappropriate implementation in networking. Reported by Matthias Gierlings and Marcus Brinkmann - CVE-2020-15977: Insufficient data validation in dialogs. Reported by Narendra Bhati - CVE-2020-15978: Insufficient data validation in navigation. Reported by Luan Herrera @lbherrera_ - CVE-2020-15979: Inappropriate implementation in V8. Reported by Avihay Cohen @ SeraphicAlgorithms - CVE-2020-15980: Insufficient policy enforcement in Intents. Reported by Yongke Wang @Rudykewang and Aryb1n @aryb1n of Tencent Security Xuanwu Lab - CVE-2020-15981: Out of bounds read in audio. Reported by Christoph Guttandin - CVE-2020-15982: Side-channel information leakage in cache. Reported by Luan Herrera @lbherrera_ - CVE-2020-15983: Insufficient data validation in webUI. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research - CVE-2020-15984: Insufficient policy enforcement in Omnibox. Reported by Rayyan Bijoora - CVE-2020-15985: Inappropriate implementation in Blink. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research - CVE-2020-15986: Integer overflow in media. Reported by Mark Brand of Google Project Zero - CVE-2020-15987: Use after free in WebRTC. Reported by Philipp Hancke - CVE-2020-15992: Insufficient policy enforcement in networking. Reported by Alison Huffman, Microsoft Browser Vulnerability Research - CVE-2020-15988: Insufficient policy enforcement in downloads. Reported by Samuel Attard - CVE-2020-15989: Uninitialized Use in PDFium. Reported by Gareth Evans - CVE-2020-15960: Out of bounds read in storage. Reported by Anonymous - CVE-2020-15961: Insufficient policy enforcement in extensions. Reported by David Erceg - CVE-2020-15962: Insufficient policy enforcement in serial. Reported by Leecraso and Guang Gong of 360 Alpha Lab working with 360 BugCloud - CVE-2020-15963: Insufficient policy enforcement in extensions. Reported by David Erceg - CVE-2020-15965: Out of bounds write in V8. Reported by Lucas Pinheiro, Microsoft Browser Vulnerability Research - CVE-2020-15966: Insufficient policy enforcement in extensions. Reported by David Erceg - CVE-2020-15964: Insufficient data validation in media. Reported by Woojin Oh @pwn_expoit of STEALIEN - CVE-2020-6573: Use after free in video. Reported by Leecraso and Guang Gong of 360 Alpha Lab working with 360 BugCloud - CVE-2020-6574: Insufficient policy enforcement in installer. Reported by CodeColorist of Ant-Financial LightYear Labs - CVE-2020-6575: Race in Mojo. Reported by Microsoft - CVE-2020-6576: Use after free in offscreen canvas. Reported by Looben Yang - CVE-2020-15959: Insufficient policy enforcement in networking. Reported by Eric Lawrence of Microsoft - CVE-2020-6558: Insufficient policy enforcement in iOS. Reported by Alison Huffman, Microsoft Browser Vulnerability Research - CVE-2020-6559: Use after free in presentation API. Reported by Liu Wei and Wu Zekai of Tencent Security Xuanwu Lab - CVE-2020-6560: Insufficient policy enforcement in autofill. Reported by Nadja Ungethuem from www.unnex.de - CVE-2020-6561: Inappropriate implementation in Content Security Policy. Reported by Rob Wu - CVE-2020-6562: Insufficient policy enforcement in Blink. Reported by Masato Kinugawa - CVE-2020-6563: Insufficient policy enforcement in intent handling. Reported by Pedro Oliveira - CVE-2020-6564: Incorrect security UI in permissions. Reported by Khalil Zhani - CVE-2020-6565: Incorrect security UI in Omnibox. Reported by Khalil Zhani - CVE-2020-6566: Insufficient policy enforcement in media. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research - CVE-2020-6567: Insufficient validation of untrusted input in command line handling. Reported by Joshua Graham of TSS - CVE-2020-6568: Insufficient policy enforcement in intent handling. Reported by Yongke Wang @Rudykewang and Aryb1n @aryb1n of Tencent Security Xuanwu Lab - CVE-2020-6569: Integer overflow in WebUSB. Reported by guaixiaomei - CVE-2020-6570: Side-channel information leakage in WebRTC. Reported by Signal/Tenable - CVE-2020-6571: Incorrect security UI in Omnibox. Reported by Rayyan Bijoora - CVE-2020-6556: Heap buffer overflow in SwiftShader. Reported by Alison Huffman, Microsoft Browser Vulnerability Research - CVE-2020-6542: Use after free in ANGLE. Reported by Piotr Bania of Cisco Talos - CVE-2020-6543: Use after free in task scheduling. Reported by Looben Yang - CVE-2020-6544: Use after free in media. Reported by Tim Becker of Theori - CVE-2020-6545: Use after free in audio. Reported by Anonymous - CVE-2020-6546: Inappropriate implementation in installer. Reported by Andrew Hess - CVE-2020-6547: Incorrect security UI in media. Reported by David Albert - CVE-2020-6548: Heap buffer overflow in Skia. Reported by Choongwoo Han, Microsoft Browser Vulnerability Research - CVE-2020-6549: Use after free in media. Reported by Sergei Glazunov of Google Project Zero - CVE-2020-6550: Use after free in IndexedDB. Reported by Sergei Glazunov of Google Project Zero - CVE-2020-6551: Use after free in WebXR. Reported by Sergei Glazunov of Google Project Zero - CVE-2020-6552: Use after free in Blink. Reported by Tim Becker of Theori - CVE-2020-6553: Use after free in offline mode. Reported by Alison Huffman, Microsoft Browser Vulnerability Research - CVE-2020-6554: Use after free in extensions. Reported by Anonymous - CVE-2020-6555: Out of bounds read in WebGL. Reported by Marcin Towalski of Cisco Talos * Add 64-bit time syscalls to syscall whitelist and clock selection parameter filtering code. * Switch to explicitly versioned python2. * Update information in debian/copyright. * Include more upstream metadata information. * Install ANGLE EGL and GLESv2 libs. chromium (87.0.4280.88-0.3) unstable; urgency=medium . * Non-maintainer upload. * Fix double-delete in content service worker (closes: 977901). chromium (87.0.4280.88-0.2) unstable; urgency=medium . * Non-maintainer upload. * Exclude debian dir from unversioned python conversion script chromium (87.0.4280.88-0.1) unstable; urgency=medium . * Non-maintainer upload. * New upstream stable release (closes: 973848). - CVE-2020-16037: Use after free in clipboard. Reported by Ryoya Tsukasaki - CVE-2020-16038: Use after free in media. Reported by Khalil Zhani - CVE-2020-16039: Use after free in extensions. Reported by Anonymous - CVE-2020-16040: Insufficient data validation in V8. Reported by Lucas Pinheiro, Microsoft Browser Vulnerability Research - CVE-2020-16041: Out of bounds read in networking. Reported by Sergei Glazunov and Mark Brand of Google Project Zero - CVE-2020-16042: Uninitialized Use in V8. Reported by André Bargull - CVE-2020-16018: Use after free in payments. Reported by Man Yue Mo of GitHub Security Lab - CVE-2020-16019: Inappropriate implementation in filesystem. Reported by Rory McNamara - CVE-2020-16020: Inappropriate implementation in cryptohome. Reported by Rory McNamara - CVE-2020-16021: Race in ImageBurner. Reported by Rory McNamara - CVE-2020-16022: Insufficient policy enforcement in networking. Reported by @SamyKamkar - CVE-2020-16015: Insufficient data validation in WASM. Reported by Rong Jian and Leecraso of 360 Alpha Lab - CVE-2020-16014: Use after free in PPAPI. Reported by Rong Jian and Leecraso of 360 Alpha Lab - CVE-2020-16023: Use after free in WebCodecs. Reported by Brendon Tiszka and David Manouchehri supporting the @eff - CVE-2020-16024: Heap buffer overflow in UI. Reported by Sergei Glazunov of Google Project Zero - CVE-2020-16025: Heap buffer overflow in clipboard. Reported by Sergei Glazunov of Google Project Zero - CVE-2020-16026: Use after free in WebRTC. Reported by Jong-Gwon Kim - CVE-2020-16027: Insufficient policy enforcement in developer tools. Reported by David Erceg - CVE-2020-16028: Heap buffer overflow in WebRTC. Reported by asnine - CVE-2020-16029: Inappropriate implementation in PDFium. Reported by Anonymous - CVE-2020-16030: Insufficient data validation in Blink. Reported by Michał Bentkowski of Securitum - CVE-2019-8075: Insufficient data validation in Flash. Reported by Nethanel Gelernter, Cyberpion - CVE-2020-16031: Incorrect security UI in tab preview. Reported by wester0x01 - CVE-2020-16032: Incorrect security UI in sharing. Reported by wester0x01 - CVE-2020-16033: Incorrect security UI in WebUSB. Reported by Khalil Zhani - CVE-2020-16034: Inappropriate implementation in WebRTC. Reported by Benjamin Petermaier - CVE-2020-16035: Insufficient data validation in cros-disks. Reported by Rory McNamara - CVE-2020-16012: Side-channel information leakage in graphics. Reported by Aleksejs Popovs - CVE-2020-16036: Inappropriate implementation in cookies. Reported by Jun Kokatsu @shhnjk - CVE-2020-16013: Inappropriate implementation in V8. Reported by Anonymous - CVE-2020-16017: Use after free in site isolation. Reported by Anonymous - CVE-2020-16016: Inappropriate implementation in base. Reported by Rong Jian and Leecraso of 360 Alpha Lab - CVE-2020-16004: Use after free in user interface. Reported by Leecraso and Guang Gong of 360 Alpha Lab working with 360 BugCloud - CVE-2020-16005: Insufficient policy enforcement in ANGLE. Reported by Jaehun Jeong @n3sk of Theori - CVE-2020-16006: Inappropriate implementation in V8. Reported by Bill Parks - CVE-2020-16007: Insufficient data validation in installer. Reported by Abdelhamid Naceri - CVE-2020-16008: Stack buffer overflow in WebRTC. Reported by Tolya Korniltsev - CVE-2020-16009: Inappropriate implementation in V8. Reported by Clement Lecigne of Google's Threat Analysis Group and Samuel Groß of Google Project Zero - CVE-2020-16011: Heap buffer overflow in UI on Windows. Reported by Sergei Glazunov of Google Project Zero - CVE-2020-16000: Inappropriate implementation in Blink. Reported by amaebi_jp - CVE-2020-16001: Use after free in media. Reported by Khalil Zhani - CVE-2020-16002: Use after free in PDFium. Reported by Weipeng Jiang from Codesafe Team of Legendsec at Qi'anxin Group - CVE-2020-15999: Heap buffer overflow in Freetype. Reported by Sergei Glazunov of Google Project Zero - CVE-2020-16003: Use after free in printing. Reported by Khalil Zhani - CVE-2020-15967: Use after free in payments. Reported by Man Yue Mo of GitHub Security Lab - CVE-2020-15968: Use after free in Blink. Reported by Anonymous - CVE-2020-15969: Use after free in WebRTC. Reported by Anonymous - CVE-2020-15970: Use after free in NFC. Reported by Man Yue Mo of GitHub Security Lab - CVE-2020-15971: Use after free in printing. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research - CVE-2020-15972: Use after free in audio. Reported by Anonymous - CVE-2020-15990: Use after free in autofill. Reported by Rong Jian and Guang Gong of Alpha Lab, Qihoo 360 - CVE-2020-15991: Use after free in password manager. Reported by Rong Jian and Guang Gong of Alpha Lab, Qihoo 360 - CVE-2020-15973: Insufficient policy enforcement in extensions. Reported by David Erceg - CVE-2020-15974: Integer overflow in Blink. Reported by Juno Im of Theori - CVE-2020-15975: Integer overflow in SwiftShader. Reported by Anonymous - CVE-2020-15976: Use after free in WebXR. Reported by YoungJoo Lee @ashuu_lee of Raon Whitehat - CVE-2020-6557: Inappropriate implementation in networking. Reported by Matthias Gierlings and Marcus Brinkmann - CVE-2020-15977: Insufficient data validation in dialogs. Reported by Narendra Bhati - CVE-2020-15978: Insufficient data validation in navigation. Reported by Luan Herrera @lbherrera_ - CVE-2020-15979: Inappropriate implementation in V8. Reported by Avihay Cohen @ SeraphicAlgorithms - CVE-2020-15980: Insufficient policy enforcement in Intents. Reported by Yongke Wang @Rudykewang and Aryb1n @aryb1n of Tencent Security Xuanwu Lab - CVE-2020-15981: Out of bounds read in audio. Reported by Christoph Guttandin - CVE-2020-15982: Side-channel information leakage in cache. Reported by Luan Herrera @lbherrera_ - CVE-2020-15983: Insufficient data validation in webUI. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research - CVE-2020-15984: Insufficient policy enforcement in Omnibox. Reported by Rayyan Bijoora - CVE-2020-15985: Inappropriate implementation in Blink. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research - CVE-2020-15986: Integer overflow in media. Reported by Mark Brand of Google Project Zero - CVE-2020-15987: Use after free in WebRTC. Reported by Philipp Hancke - CVE-2020-15992: Insufficient policy enforcement in networking. Reported by Alison Huffman, Microsoft Browser Vulnerability Research - CVE-2020-15988: Insufficient policy enforcement in downloads. Reported by Samuel Attard - CVE-2020-15989: Uninitialized Use in PDFium. Reported by Gareth Evans - CVE-2020-15960: Out of bounds read in storage. Reported by Anonymous - CVE-2020-15961: Insufficient policy enforcement in extensions. Reported by David Erceg - CVE-2020-15962: Insufficient policy enforcement in serial. Reported by Leecraso and Guang Gong of 360 Alpha Lab working with 360 BugCloud - CVE-2020-15963: Insufficient policy enforcement in extensions. Reported by David Erceg - CVE-2020-15965: Out of bounds write in V8. Reported by Lucas Pinheiro, Microsoft Browser Vulnerability Research - CVE-2020-15966: Insufficient policy enforcement in extensions. Reported by David Erceg - CVE-2020-15964: Insufficient data validation in media. Reported by Woojin Oh @pwn_expoit of STEALIEN - CVE-2020-6573: Use after free in video. Reported by Leecraso and Guang Gong of 360 Alpha Lab working with 360 BugCloud - CVE-2020-6574: Insufficient policy enforcement in installer. Reported by CodeColorist of Ant-Financial LightYear Labs - CVE-2020-6575: Race in Mojo. Reported by Microsoft - CVE-2020-6576: Use after free in offscreen canvas. Reported by Looben Yang - CVE-2020-15959: Insufficient policy enforcement in networking. Reported by Eric Lawrence of Microsoft - CVE-2020-6558: Insufficient policy enforcement in iOS. Reported by Alison Huffman, Microsoft Browser Vulnerability Research - CVE-2020-6559: Use after free in presentation API. Reported by Liu Wei and Wu Zekai of Tencent Security Xuanwu Lab - CVE-2020-6560: Insufficient policy enforcement in autofill. Reported by Nadja Ungethuem from www.unnex.de - CVE-2020-6561: Inappropriate implementation in Content Security Policy. Reported by Rob Wu - CVE-2020-6562: Insufficient policy enforcement in Blink. Reported by Masato Kinugawa - CVE-2020-6563: Insufficient policy enforcement in intent handling. Reported by Pedro Oliveira - CVE-2020-6564: Incorrect security UI in permissions. Reported by Khalil Zhani - CVE-2020-6565: Incorrect security UI in Omnibox. Reported by Khalil Zhani - CVE-2020-6566: Insufficient policy enforcement in media. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research - CVE-2020-6567: Insufficient validation of untrusted input in command line handling. Reported by Joshua Graham of TSS - CVE-2020-6568: Insufficient policy enforcement in intent handling. Reported by Yongke Wang @Rudykewang and Aryb1n @aryb1n of Tencent Security Xuanwu Lab - CVE-2020-6569: Integer overflow in WebUSB. Reported by guaixiaomei - CVE-2020-6570: Side-channel information leakage in WebRTC. Reported by Signal/Tenable - CVE-2020-6571: Incorrect security UI in Omnibox. Reported by Rayyan Bijoora - CVE-2020-6556: Heap buffer overflow in SwiftShader. Reported by Alison Huffman, Microsoft Browser Vulnerability Research - CVE-2020-6542: Use after free in ANGLE. Reported by Piotr Bania of Cisco Talos - CVE-2020-6543: Use after free in task scheduling. Reported by Looben Yang - CVE-2020-6544: Use after free in media. Reported by Tim Becker of Theori - CVE-2020-6545: Use after free in audio. Reported by Anonymous - CVE-2020-6546: Inappropriate implementation in installer. Reported by Andrew Hess - CVE-2020-6547: Incorrect security UI in media. Reported by David Albert - CVE-2020-6548: Heap buffer overflow in Skia. Reported by Choongwoo Han, Microsoft Browser Vulnerability Research - CVE-2020-6549: Use after free in media. Reported by Sergei Glazunov of Google Project Zero - CVE-2020-6550: Use after free in IndexedDB. Reported by Sergei Glazunov of Google Project Zero - CVE-2020-6551: Use after free in WebXR. Reported by Sergei Glazunov of Google Project Zero - CVE-2020-6552: Use after free in Blink. Reported by Tim Becker of Theori - CVE-2020-6553: Use after free in offline mode. Reported by Alison Huffman, Microsoft Browser Vulnerability Research - CVE-2020-6554: Use after free in extensions. Reported by Anonymous - CVE-2020-6555: Out of bounds read in WebGL. Reported by Marcin Towalski of Cisco Talos chromium (84.0.4147.105-1) experimental; urgency=medium . * New upstream security release. - CVE-2020-6537: Type Confusion in V8. Reported by Rong Jian and Guang Gong - CVE-2020-6532: Use after free in SCTP. Reported by Anonymous - CVE-2020-6538: Inappropriate implementation in WebView. Reported by Yongke Wang and Aryb1n - CVE-2020-6539: Use after free in CSS. Reported by Oriol Brufau - CVE-2020-6540: Heap buffer overflow in Skia. Reported by Zhen Zhou - CVE-2020-6541: Use after free in WebUSB. Reported by Sergei Glazunov chromium (84.0.4147.89-1) experimental; urgency=medium . * New upstream stable release. - CVE-2020-6510: Heap buffer overflow in background fetch. Reported by Leecraso and Guang Gong - CVE-2020-6511: Side-channel information leakage in content security policy. Reported by Mikhail Oblozhikhin - CVE-2020-6512: Type Confusion in V8. Reported by nocma, leogan, cheneyxu - CVE-2020-6513: Heap buffer overflow in PDFium. Reported by Aleksandar Nikolic - CVE-2020-6514: Inappropriate implementation in WebRTC. Reported by Natalie Silvanovich - CVE-2020-6515: Use after free in tab strip. Reported by DDV_UA - CVE-2020-6516: Policy bypass in CORS. Reported by Yongke Wang and Aryb1n - CVE-2020-6517: Heap buffer overflow in history. Reported by ZeKai Wu - CVE-2020-6518: Use after free in developer tools. Reported by David Erceg - CVE-2020-6519: Policy bypass in CSP. Reported by Gal Weizman - CVE-2020-6520: Heap buffer overflow in Skia. Reported by Zhen Zhou - CVE-2020-6521: Side-channel information leakage in autofill. Reported by Xu Lin, Panagiotis Ilia, Jason Polakis - CVE-2020-6522: Inappropriate implementation in external protocol handlers. Reported by Eric Lawrence - CVE-2020-6523: Out of bounds write in Skia. Reported by Liu Wei and Wu Zekai - CVE-2020-6524: Heap buffer overflow in WebAudio. Reported by Sung Ta - CVE-2020-6525: Heap buffer overflow in Skia. Reported by Zhen Zhou - CVE-2020-6526: Inappropriate implementation in iframe sandbox. Reported by Jonathan Kingston - CVE-2020-6527: Insufficient policy enforcement in CSP. Reported by Zhong Zhaochen - CVE-2020-6528: Incorrect security UI in basic auth. Reported by Rayyan Bijoora - CVE-2020-6529: Inappropriate implementation in WebRTC. Reported by kaustubhvats7 - CVE-2020-6530: Out of bounds memory access in developer tools. Reported by myvyang - CVE-2020-6531: Side-channel information leakage in scroll to text. Reported by Jun Kokatsu - CVE-2020-6533: Type Confusion in V8. Reported by Avihay Cohen - CVE-2020-6534: Heap buffer overflow in WebRTC. Reported by Anonymous - CVE-2020-6535: Insufficient data validation in WebUI. Reported by Jun Kokatsu - CVE-2020-6536: Incorrect security UI in PWAs. Reported by Zhiyang Zeng * Update information in debian/copyright. * Include more upstream metadata information. chromium (83.0.4103.116-3.1) unstable; urgency=medium . * Non-maintainer upload. * Add 64-bit time syscalls to syscall whitelist and clock selection parameter filtering code * Switch to explicitly versioned python2 + Update build-depends + Replace references to /usr/bin/python and to env python with /usr/bin/python2 and env python2 + make exec_script in gn use python2 + add code in debian/rules clean to set the shebang in third_party/closure_compiler/compiler.py it seems someting in the upstream build system sometimes resets it. chromium (83.0.4103.116-3) unstable; urgency=high . * Fix crashes when a connection error occurs (closes: #963548). - Thank you so much to Riku Voipio. chromium (83.0.4103.116-2) unstable; urgency=medium . * Fix crashes due to ffmpeg 4.3 (closes: #963035). chromium (83.0.4103.116-1) unstable; urgency=medium . * New upstream security release. - CVE-2020-6509: Use after free in extensions. Reported by Anonymous cjson (1.7.10-1.1+deb10u1) buster; urgency=medium . * Cherry pick upstream commit 08d2bc766a82cd75764d036f9efef444590d1cf9, which fixes an infinite loop regression introduced in the previous patch. (Closes: #973442) clevis (11-2+deb10u1) buster; urgency=medium . * Cherry-pick two comments to fix initramfs creation: Closes: #969361 - "Delete remaining references to the removed http pin" to unbreak initramfs generation in dracut. - "Install cryptsetup and tpm2_pcrlist in the initramfs" to assert cryptsetup is available in the initramfs * clevis-dracut: Trigger initramfs creation upon installation coturn (4.5.1.1-1.1+deb10u2) buster-security; urgency=high . * [c750a89] Fix-CVE-2020-26262-Enable-Security - Fix ipv6 ::1 loopback check - Not allow allocate peer address 0.0.0.0/8 and ::/128 cyrus-imapd (3.0.8-6+deb10u5) buster; urgency=medium . * Fix cron script (Closes: #980240) debian-edu-config (2.10.65+deb10u7) buster; urgency=medium . [ Mike Gabriel ] * share/debian-edu-config/tools/clean-up-host-keytabs: Add script. Move host keytabs cleanup code out of gosa-modify-host into a standalone script, but still call it from there (for now). Major script improvement: Reduce LDAP calls to a single ldapsearch query which greatly improves the execution speed of the code. (Closes: #935080). debian-installer (20190702+deb10u8) buster; urgency=medium . * Bump Linux ABI to 4.19.0-14. debian-installer-netboot-images (20190702+deb10u8) buster; urgency=medium . * Update to 20190702+deb10u8, from buster-proposed-updates. debian-installer-utils (1.132+deb10u1) buster; urgency=high . * Team upload . [ Steve McIntyre ] * Backport from unstable: list-devices-linux: Support partitions on USB UAS devices Closes: #980455 device-tree-compiler (1.4.7-4) buster; urgency=medium . * Fix segfault on “dtc -I fs /proc/device-tree” by backporting 9619c8619c, first released in 1.5.0 (Closes: #981033). With huge thanks to Uwe Kleine-König for the debugging and general guidance: - 03-Kill-bogus-TYPE_BLOB-marker-type.patch * Adjust gbp configuration for the buster branch. didjvu (0.8.2-2+deb10u1) buster; urgency=medium . * Add missing build-dependency on tzdata. Closes: #943695. * Package is orphaned, set Maintainer to "Debian QA Group". dovecot (1:2.3.4.1-5+deb10u6) buster; urgency=medium . * Backport upstream fix for crash that occurred when searching mailboxes containing malformed MIME messages. (Closes: #970386) dovecot (1:2.3.4.1-5+deb10u5) buster-security; urgency=high . * Import upstream fix for security issues: - CVE-2020-24386 - When imap hibernation is active, an attacker can cause Dovecot to discover file system directory structure and access other users' emails using specially crafted command. The attacker must have valid credentials to access the mail server. - CVE-2020-25275 - Mail delivery / parsing crashed when the 10 000th MIME part was message/rfc822 (or if parent was multipart/digest). dpdk (18.11.11-1~deb10u1) buster; urgency=medium . * New upstream version 18.11.11; for a list of changes see http://doc.dpdk.org/guides-18.11/rel_notes/release_18_11.html * Refresh 0004-build-bump-minimum-Meson-version-to-0.47.1.patch for 18.11.11 * Drop 0008-net-i40e-support-aarch32.patch, merged upstream edk2 (0~20181115.85588389-3+deb10u3) buster; urgency=medium . * CryptoPkg/BaseCryptLib: fix NULL dereference. (CVE-2019-14584) (Closes: #977300) - d/p/CryptoPkg-BaseCryptLib-fix-NULL-dereference-CVE-2019.patch emacs (1:26.1+1-3.2+deb10u2) buster; urgency=medium . * Don't crash with OpenPGP User IDs with no e-mail address. Add 0015-Avoid-elisp-crash-for-OpenPGP-User-IDs-with-no-e-mai.patch to address the issue. Thanks to Daniel Kahn Gillmor for the upstream fix, and reminders to include it. (Closes: #919642) fcitx (1:4.2.9.6-5+deb10u1) buster; urgency=medium . * debian/patches/0009-ipcportal: Add patch to fix broken input method support with software installed via flatpak. (Closes: #980834) file (1:5.35-4+deb10u2) buster; urgency=medium . * Change default for name/use to 50. Closes: #928009 firefox-esr (78.7.0esr-1~deb10u1) buster-security; urgency=medium . * New upstream release. * Fixes for mfsa2021-04, also known as: CVE-2021-23953, CVE-2021-23954, CVE-2020-26976, CVE-2021-23960, CVE-2021-23964. firefox-esr (78.6.1esr-1) unstable; urgency=medium . * New upstream release. * Fixes for mfsa2021-01, also known as CVE-2020-16044. firefox-esr (78.6.1esr-1~deb10u1) buster-security; urgency=medium . * New upstream release. * Fixes for mfsa2021-01, also known as CVE-2020-16044. firefox-esr (78.6.0esr-1) unstable; urgency=medium . * New upstream release. * Fixes for mfsa2020-55, also known as: CVE-2020-16042, CVE-2020-26971, CVE-2020-26973, CVE-2020-26974, CVE-2020-26978, CVE-2020-35111, CVE-2020-35113. firefox-esr (78.6.0esr-1~deb10u1) buster-security; urgency=medium . * New upstream release. * Fixes for mfsa2020-55, also known as: CVE-2020-16042, CVE-2020-26971, CVE-2020-26973, CVE-2020-26974, CVE-2020-26978, CVE-2020-35111, CVE-2020-35113. firefox-esr (78.5.0esr-1) unstable; urgency=medium . * New upstream release. * Fixes for mfsa2020-51, also known as: CVE-2020-26951, CVE-2020-16012, CVE-2020-26953, CVE-2020-26956, CVE-2020-26958, CVE-2020-26959, CVE-2020-26960, CVE-2020-26961, CVE-2020-26965, CVE-2020-26968. flatpak (1.2.5-0+deb10u3) buster-security; urgency=medium . * Fix regressions in DSA 4830-1 - Add patch from upstream to fix a regression in 'flatpak build'. The patches to resolve CVE-2021-21261 caused a regression in which 'flatpak build' wouldn't set the LD_LIBRARY_PATH that it should. (Closes: #980323) - Add a patch from upstream to fix possible regressions in extra-data. The extra-data mechanism, used to download large or proprietary components out-of-band, could suffer from a regression similar to #980323 if the app or runtime's apply_extra entry point relies on LD_LIBRARY_PATH. * Add CVE-2021-21261 reference to previous changelog entry flatpak (1.2.5-0+deb10u2) buster-security; urgency=medium . * Add patches for sandbox escape vulnerability GHSA-4ppf-fxf6-vxg2 geoclue-2.0 (2.5.2-1+deb10u1) buster; urgency=medium . * debian/README.Debian: Add information about MLS and a link to the service Privacy Notice page * Check the maximum allowed accuracy level even for system applications. Respect the value of the user preference concerning the usage of their geolocation. This should fix the privacy and GDPR conformity concerns as the user explicitly needs to enable the option. Note that there is no distinction between the system applications anymore, turning on the option is allowing them all to get the location. (Closes: #924516, #958497) * d/p/: Add a patch to make the Mozilla API key configurable * debian/rules: Use the key that has been allocated to debian for MLS queries * d/p: Add an upstream patch to fix the display of the usage indicator * Fix crash if submission-url is not set in the config, patch from upstream gnutls28 (3.6.7-4+deb10u6) buster; urgency=medium . * 45_4.7.0plus-01_testpkcs11-use-datefudge-to-trick-certificate-expiry.patch Fix test suite error caused by expired certificate. Closes: #977552 grub-efi-amd64-signed (1+2.02+dfsg1+20+deb10u3) buster; urgency=high . * Update to grub2 2.02+dfsg1-20+deb10u3 grub-efi-arm64-signed (1+2.02+dfsg1+20+deb10u3) buster; urgency=high . * Update to grub2 2.02+dfsg1-20+deb10u3 grub-efi-ia32-signed (1+2.02+dfsg1+20+deb10u3) buster; urgency=high . * Update to grub2 2.02+dfsg1-20+deb10u3 grub2 (2.02+dfsg1-20+deb10u3) buster; urgency=high . [ Colin Watson ] * When upgrading grub-pc noninteractively, bail out if grub-install fails. It's better to fail the upgrade than to produce a possibly-unbootable system. * Explicitly check whether the target device exists before running grub-install, since grub-install copies modules to /boot/grub/ before installing the core image, and the new modules might be incompatible with the old core image (closes: #966575). * Backport from upstream: - unix exec: avoid atexit handlers when child exits . [ Dimitri John Ledkov ] * grub-install: Add backup and restore. * Don't call grub-install on fresh install of grub-pc. It's the job of installers to do that after a fresh install. gst-plugins-bad1.0 (1.14.4-1+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * No-change re-upload with version bumped to 1.14.4-1+deb10u1 to sort after binNMUs for 1.14.4-1 in buster (1.14.4-1+b1). gst-plugins-bad1.0 (1.14.4-1deb10u1) buster-security; urgency=high . * debian/patches/02_ref_pic_markings_overflow.patch: Fix possible overflow of ref-pic-markings array with specially crafted streams. . See https://gitlab.freedesktop.org/gstreamer/gst-plugins-bad/-/commit/11353b3f6e2f047cc37483d21e6a37ae558896bc and https://bugzilla.redhat.com/show_bug.cgi?id=1917192 for details. . * debian/patches/03_openexr-std-cxx11.patch: Fix build with the buster gcc. highlight.js (9.12.0+dfsg1-4+deb10u1) buster; urgency=high . * CVE-2020-26237 (Closes: #976446) If a website or application renders user provided data it might be affected by a Prototype Pollution. This might result in strange behavior or crashes of applications that do not correctly handle unknown properties. horizon (3:14.0.2-3+deb10u2) buster-security; urgency=medium . * CVE-2020-29565: Open redirect in workflow forms (OSSA-2020-008). Applied upstream patch Fix_open_redirect.patch (Closes: #976872). influxdb (1.6.4-1+deb10u1) buster-security; urgency=medium . * Non-maintainer upload by the LTS Team. * CVE-2019-20933 By using a JWT token with an empty shared secret, one is able to bypass authentication in services/httpd/handler.go. intel-microcode (3.20201118.1~deb10u1) buster; urgency=high . * Rebuild for buster, with changes to avoid regressions * Stable Release Manager: this intel-microcode update *keeps the same revision* of Skylake D0/R0 microcode updates already in Debian 10; they're "downgraded" from the point of view of intel-microcode 3.20201118.1. For these two processor models, an attempt to update to revisions 0xd8 and higher can hang the system should the system firmware have a microcode revision older than 0x80 -- and revision 0x72/0x74/0x76 apparently are common enough in the field to ensure many users are affected. Refer to: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31 * Downgraded microcodes (to upstream release 20200616): sig 0x000406e3, pf_mask 0xc0, 2019-10-03, rev 0x00d6, size 101376 sig 0x000506e3, pf_mask 0x36, 2019-10-03, rev 0x00d6, size 101376 . intel-microcode (3.20201118.1) unstable; urgency=medium . * New upstream microcode datafile 20201118 * Removes a faulty microcode update from release 2020-11-10 for Tiger Lake processors. Note that Debian already had removed this specific falty microcode update on the 3.20201110.1 release * Add a microcode update for the Pentium Silver N/J5xxx and Celeron N/J4xxx which didn't make it to release 20201110, fixing security issues (INTEL-SA-00381, INTEL-SA-00389) * Updated Microcodes: sig 0x000706a1, pf_mask 0x01, 2020-06-09, rev 0x0034, size 74752 * Removed Microcodes: sig 0x000806c1, pf_mask 0x80, 2020-10-02, rev 0x0068, size 107520 . intel-microcode (3.20201110.1) unstable; urgency=medium . * New upstream microcode datafile 20201110 (closes: #974533) * Implements mitigation for CVE-2020-8696 and CVE-2020-8698, aka INTEL-SA-00381: AVX register information leakage; Fast-Forward store predictor information leakage * Implements mitigation for CVE-2020-8695, Intel SGX information disclosure via RAPL, aka INTEL-SA-00389 * Fixes critical errata on several processor models * Reintroduces SRBDS mitigations(CVE-2020-0543, INTEL-SA-00320) for Skylake-U/Y, Skylake Xeon E3 * New Microcodes sig 0x0005065b, pf_mask 0xbf, 2020-08-20, rev 0x700001e, size 27648 sig 0x000806a1, pf_mask 0x10, 2020-06-26, rev 0x0028, size 32768 sig 0x000806c1, pf_mask 0x80, 2020-10-02, rev 0x0068, size 107520 sig 0x000a0652, pf_mask 0x20, 2020-07-08, rev 0x00e0, size 93184 sig 0x000a0653, pf_mask 0x22, 2020-07-08, rev 0x00e0, size 94208 sig 0x000a0655, pf_mask 0x22, 2020-07-08, rev 0x00e0, size 93184 sig 0x000a0661, pf_mask 0x80, 2020-07-02, rev 0x00e0, size 93184 * Updated Microcodes sig 0x000306f2, pf_mask 0x6f, 2020-05-27, rev 0x0044, size 34816 sig 0x000406e3, pf_mask 0xc0, 2020-07-14, rev 0x00e2, size 105472 sig 0x00050653, pf_mask 0x97, 2020-06-18, rev 0x1000159, size 33792 sig 0x00050654, pf_mask 0xb7, 2020-06-16, rev 0x2006a08, size 35840 sig 0x00050656, pf_mask 0xbf, 2020-06-18, rev 0x4003003, size 52224 sig 0x00050657, pf_mask 0xbf, 2020-06-18, rev 0x5003003, size 52224 sig 0x000506c9, pf_mask 0x03, 2020-02-27, rev 0x0040, size 17408 sig 0x000506ca, pf_mask 0x03, 2020-02-27, rev 0x001e, size 15360 sig 0x000506e3, pf_mask 0x36, 2020-07-14, rev 0x00e2, size 105472 sig 0x000706a8, pf_mask 0x01, 2020-06-09, rev 0x0018, size 75776 sig 0x000706e5, pf_mask 0x80, 2020-07-30, rev 0x00a0, size 109568 sig 0x000806e9, pf_mask 0x10, 2020-05-27, rev 0x00de, size 104448 sig 0x000806e9, pf_mask 0xc0, 2020-05-27, rev 0x00de, size 104448 sig 0x000806ea, pf_mask 0xc0, 2020-06-17, rev 0x00e0, size 104448 sig 0x000806eb, pf_mask 0xd0, 2020-06-03, rev 0x00de, size 104448 sig 0x000806ec, pf_mask 0x94, 2020-05-18, rev 0x00de, size 104448 sig 0x000906e9, pf_mask 0x2a, 2020-05-26, rev 0x00de, size 104448 sig 0x000906ea, pf_mask 0x22, 2020-05-25, rev 0x00de, size 103424 sig 0x000906eb, pf_mask 0x02, 2020-05-25, rev 0x00de, size 104448 sig 0x000906ec, pf_mask 0x22, 2020-06-03, rev 0x00de, size 103424 sig 0x000906ed, pf_mask 0x22, 2020-05-24, rev 0x00de, size 103424 sig 0x000a0660, pf_mask 0x80, 2020-07-08, rev 0x00e0, size 94208 * 0x806c1: remove the new Tiger Lake update: causes hang on cold/warm boot https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/44 INTEL-SA-00381 AND INTEL-SA-00389 MITIGATIONS ARE THEREFORE NOT INSTALLED FOR 0x806c1 TIGER LAKE PROCESSORS by this package update. Contact your system vendor for a firmware update, or wait fo a possible fix in a future Intel microcode release. * source: update symlinks to reflect id of the latest release, 20201110 * source: ship new upstream documentation (security.md, releasenote.md) intel-microcode (3.20201118.1~bpo10+1) buster-backports; urgency=medium . * Rebuild for buster-backports (no changes) * WARNING: we are now shipping again the microcode updates for Skylake-U/Y, Skylake Xeon E3. It will most likely cause boot failures if your system firmware is outdated *and* had previous issues with microcode updates. The only known fix for these systems is to update their system firmware. . intel-microcode (3.20201118.1) unstable; urgency=medium . * New upstream microcode datafile 20201118 * Removes a faulty microcode update from release 2020-11-10 for Tiger Lake processors. Note that Debian already had removed this specific falty microcode update on the 3.20201110.1 release * Add a microcode update for the Pentium Silver N/J5xxx and Celeron N/J4xxx which didn't make it to release 20201110, fixing security issues (INTEL-SA-00381, INTEL-SA-00389) * Updated Microcodes: sig 0x000706a1, pf_mask 0x01, 2020-06-09, rev 0x0034, size 74752 * Removed Microcodes: sig 0x000806c1, pf_mask 0x80, 2020-10-02, rev 0x0068, size 107520 . intel-microcode (3.20201110.1) unstable; urgency=medium . * New upstream microcode datafile 20201110 (closes: #974533) * Implements mitigation for CVE-2020-8696 and CVE-2020-8698, aka INTEL-SA-00381: AVX register information leakage; Fast-Forward store predictor information leakage * Implements mitigation for CVE-2020-8695, Intel SGX information disclosure via RAPL, aka INTEL-SA-00389 * Fixes critical errata on several processor models * Reintroduces SRBDS mitigations(CVE-2020-0543, INTEL-SA-00320) for Skylake-U/Y, Skylake Xeon E3 * New Microcodes sig 0x0005065b, pf_mask 0xbf, 2020-08-20, rev 0x700001e, size 27648 sig 0x000806a1, pf_mask 0x10, 2020-06-26, rev 0x0028, size 32768 sig 0x000806c1, pf_mask 0x80, 2020-10-02, rev 0x0068, size 107520 sig 0x000a0652, pf_mask 0x20, 2020-07-08, rev 0x00e0, size 93184 sig 0x000a0653, pf_mask 0x22, 2020-07-08, rev 0x00e0, size 94208 sig 0x000a0655, pf_mask 0x22, 2020-07-08, rev 0x00e0, size 93184 sig 0x000a0661, pf_mask 0x80, 2020-07-02, rev 0x00e0, size 93184 * Updated Microcodes sig 0x000306f2, pf_mask 0x6f, 2020-05-27, rev 0x0044, size 34816 sig 0x000406e3, pf_mask 0xc0, 2020-07-14, rev 0x00e2, size 105472 sig 0x00050653, pf_mask 0x97, 2020-06-18, rev 0x1000159, size 33792 sig 0x00050654, pf_mask 0xb7, 2020-06-16, rev 0x2006a08, size 35840 sig 0x00050656, pf_mask 0xbf, 2020-06-18, rev 0x4003003, size 52224 sig 0x00050657, pf_mask 0xbf, 2020-06-18, rev 0x5003003, size 52224 sig 0x000506c9, pf_mask 0x03, 2020-02-27, rev 0x0040, size 17408 sig 0x000506ca, pf_mask 0x03, 2020-02-27, rev 0x001e, size 15360 sig 0x000506e3, pf_mask 0x36, 2020-07-14, rev 0x00e2, size 105472 sig 0x000706a8, pf_mask 0x01, 2020-06-09, rev 0x0018, size 75776 sig 0x000706e5, pf_mask 0x80, 2020-07-30, rev 0x00a0, size 109568 sig 0x000806e9, pf_mask 0x10, 2020-05-27, rev 0x00de, size 104448 sig 0x000806e9, pf_mask 0xc0, 2020-05-27, rev 0x00de, size 104448 sig 0x000806ea, pf_mask 0xc0, 2020-06-17, rev 0x00e0, size 104448 sig 0x000806eb, pf_mask 0xd0, 2020-06-03, rev 0x00de, size 104448 sig 0x000806ec, pf_mask 0x94, 2020-05-18, rev 0x00de, size 104448 sig 0x000906e9, pf_mask 0x2a, 2020-05-26, rev 0x00de, size 104448 sig 0x000906ea, pf_mask 0x22, 2020-05-25, rev 0x00de, size 103424 sig 0x000906eb, pf_mask 0x02, 2020-05-25, rev 0x00de, size 104448 sig 0x000906ec, pf_mask 0x22, 2020-06-03, rev 0x00de, size 103424 sig 0x000906ed, pf_mask 0x22, 2020-05-24, rev 0x00de, size 103424 sig 0x000a0660, pf_mask 0x80, 2020-07-08, rev 0x00e0, size 94208 * 0x806c1: remove the new Tiger Lake update: causes hang on cold/warm boot https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/44 INTEL-SA-00381 AND INTEL-SA-00389 MITIGATIONS ARE THEREFORE NOT INSTALLED FOR 0x806c1 TIGER LAKE PROCESSORS by this package update. Contact your system vendor for a firmware update, or wait fo a possible fix in a future Intel microcode release. * source: update symlinks to reflect id of the latest release, 20201110 * source: ship new upstream documentation (security.md, releasenote.md) intel-microcode (3.20201110.1) unstable; urgency=medium . * New upstream microcode datafile 20201110 (closes: #974533) * Implements mitigation for CVE-2020-8696 and CVE-2020-8698, aka INTEL-SA-00381: AVX register information leakage; Fast-Forward store predictor information leakage * Implements mitigation for CVE-2020-8695, Intel SGX information disclosure via RAPL, aka INTEL-SA-00389 * Fixes critical errata on several processor models * Reintroduces SRBDS mitigations(CVE-2020-0543, INTEL-SA-00320) for Skylake-U/Y, Skylake Xeon E3 * New Microcodes sig 0x0005065b, pf_mask 0xbf, 2020-08-20, rev 0x700001e, size 27648 sig 0x000806a1, pf_mask 0x10, 2020-06-26, rev 0x0028, size 32768 sig 0x000806c1, pf_mask 0x80, 2020-10-02, rev 0x0068, size 107520 sig 0x000a0652, pf_mask 0x20, 2020-07-08, rev 0x00e0, size 93184 sig 0x000a0653, pf_mask 0x22, 2020-07-08, rev 0x00e0, size 94208 sig 0x000a0655, pf_mask 0x22, 2020-07-08, rev 0x00e0, size 93184 sig 0x000a0661, pf_mask 0x80, 2020-07-02, rev 0x00e0, size 93184 * Updated Microcodes sig 0x000306f2, pf_mask 0x6f, 2020-05-27, rev 0x0044, size 34816 sig 0x000406e3, pf_mask 0xc0, 2020-07-14, rev 0x00e2, size 105472 sig 0x00050653, pf_mask 0x97, 2020-06-18, rev 0x1000159, size 33792 sig 0x00050654, pf_mask 0xb7, 2020-06-16, rev 0x2006a08, size 35840 sig 0x00050656, pf_mask 0xbf, 2020-06-18, rev 0x4003003, size 52224 sig 0x00050657, pf_mask 0xbf, 2020-06-18, rev 0x5003003, size 52224 sig 0x000506c9, pf_mask 0x03, 2020-02-27, rev 0x0040, size 17408 sig 0x000506ca, pf_mask 0x03, 2020-02-27, rev 0x001e, size 15360 sig 0x000506e3, pf_mask 0x36, 2020-07-14, rev 0x00e2, size 105472 sig 0x000706a8, pf_mask 0x01, 2020-06-09, rev 0x0018, size 75776 sig 0x000706e5, pf_mask 0x80, 2020-07-30, rev 0x00a0, size 109568 sig 0x000806e9, pf_mask 0x10, 2020-05-27, rev 0x00de, size 104448 sig 0x000806e9, pf_mask 0xc0, 2020-05-27, rev 0x00de, size 104448 sig 0x000806ea, pf_mask 0xc0, 2020-06-17, rev 0x00e0, size 104448 sig 0x000806eb, pf_mask 0xd0, 2020-06-03, rev 0x00de, size 104448 sig 0x000806ec, pf_mask 0x94, 2020-05-18, rev 0x00de, size 104448 sig 0x000906e9, pf_mask 0x2a, 2020-05-26, rev 0x00de, size 104448 sig 0x000906ea, pf_mask 0x22, 2020-05-25, rev 0x00de, size 103424 sig 0x000906eb, pf_mask 0x02, 2020-05-25, rev 0x00de, size 104448 sig 0x000906ec, pf_mask 0x22, 2020-06-03, rev 0x00de, size 103424 sig 0x000906ed, pf_mask 0x22, 2020-05-24, rev 0x00de, size 103424 sig 0x000a0660, pf_mask 0x80, 2020-07-08, rev 0x00e0, size 94208 * 0x806c1: remove the new Tiger Lake update: causes hang on cold/warm boot https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/44 INTEL-SA-00381 AND INTEL-SA-00389 MITIGATIONS ARE THEREFORE NOT INSTALLED FOR 0x806c1 TIGER LAKE PROCESSORS by this package update. Contact your system vendor for a firmware update, or wait fo a possible fix in a future Intel microcode release. * source: update symlinks to reflect id of the latest release, 20201110 * source: ship new upstream documentation (security.md, releasenote.md) intel-microcode (3.20200616.1) unstable; urgency=high . * New upstream microcode datafile 20200616 + Downgraded microcodes (to a previously shipped revision): sig 0x000406e3, pf_mask 0xc0, 2019-10-03, rev 0x00d6, size 101376 sig 0x000506e3, pf_mask 0x36, 2019-10-03, rev 0x00d6, size 101376 * Works around hangs on boot on Skylake-U/Y and Skylake Xeon E3, https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31 * This update *removes* the SRBDS mitigations from the above processors * Note that Debian had already downgraded 0x406e3 in release 3.20200609.2 iproute2 (4.20.0-2+deb10u1) buster; urgency=medium . * Backport ip-route-print-route-type-in-JSON-output.patch. Fixes bug in json output, backported from upstream. (Closes: #961278) * Backport tc-mqprio-json-ify-output.patch. Fixes bug in json output, backported from upstream. (Closes: #972784) * Backport ip-netns-use-flock-when-setting-up-run-netns.patch. Fixes race condition that DOSes the system when using ip netns add at boot. (Closes: #949235) irssi-plugin-xmpp (0.54-3+deb10u1) buster; urgency=medium . * Cherry-pick bug931886.patch from upstream to not trigger the irssi core connect timeout prematurely, thus fixing STARTTLS connections (closes: #931886) kitty (0.13.3-1+deb10u1) buster-security; urgency=high . * Backport security fix for CVE-2020-35605 + Fix arbitrary command execution via graphics protocol libdatetime-timezone-perl (1:2.23-1+2021a) buster; urgency=medium . * Update to Olson database version 2021a. This update includes contemporary changes for South Sudan. * Fix typos in previous changelog entries. libdatetime-timezone-perl (1:2.23-1+2020e) buster; urgency=medium . * Update to Olson database version 2020e. This update includes contemporary changes for Russia (Volograd). libdbd-csv-perl (0.5300-1+deb10u1) buster; urgency=medium . * Team upload. . [ Dominic Hargreaves ] * Fix test failure with libdbi-perl 1.642-1+deb10u2 (Closes: #974134) libdbi-perl (1.642-1+deb10u2) buster; urgency=medium . [ Salvatore Bonaccorso ] * t/51dbm_file.t: add test from RT#99508 * lib/DBD/File.pm: fix CVE-2014-10401 (Closes: #972180) libmaxminddb (1.3.2-1+deb10u1) buster; urgency=medium . * Backport upstream fix for CVE-2020-28241, heap-based buffer over-read in dump_entry_data_list in maxminddb.c. (Closes: #973878) libxstream-java (1.4.11.1-1+deb10u2) buster-security; urgency=high . * Team upload. * Fix CVE-2020-26258: XStream is vulnerable to a Server-Side Forgery Request which can be activated when unmarshalling. The vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. * Fix CVE-2020-26259: Xstream is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling. The vulnerability may allow a remote attacker to delete arbitrary known files on the host as long as the executing process has sufficient rights only by manipulating the processed input stream. libxstream-java (1.4.11.1-1+deb10u1) buster-security; urgency=high . * Team upload. * Fix CVE-2020-26217: It was found that XStream is vulnerable to Remote Code Execution. The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Users who rely on blocklists are affected (the default in Debian). We strongly recommend to use the whitelist approach of XStream's Security Framework because there are likely more class combinations the blacklist approach may not address. linux (4.19.171-2) buster-security; urgency=high . * xen: Fix XenStore initialisation for XS_LOCAL linux (4.19.171-1) buster-security; urgency=high . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.161 - perf event: Check ref_reloc_sym before using it - netfilter: clear skb->next in NF_HOOK_LIST() (CVE-2021-20177) - btrfs: don't access possibly stale fs_info data for printing duplicate device - btrfs: fix lockdep splat when reading qgroup config on mount - wireless: Use linux/stddef.h instead of stddef.h - [arm64] KVM: vgic-v3: Drop the reporting of GICR_TYPER.Last for userspace - [x86] KVM: handle !lapic_in_kernel case in kvm_cpu_*_extint - [x86] KVM: Fix split-irqchip vs interrupt injection window request - [arm64] pgtable: Fix pte_accessible() - [arm64] pgtable: Ensure dirty bit is preserved across pte_wrprotect() (Closes: #977615) - drm/atomic_helper: Stop modesets on unregistered connectors harder - ALSA: hda/hdmi: fix incorrect locking in hdmi_pcm_close - HID: cypress: Support Varmilo Keyboards' media hotkeys - HID: add support for Sega Saturn - Input: i8042 - allow insmod to succeed on devices without an i8042 controller - HID: hid-sensor-hub: Fix issue with devices with no report ID - HID: add HID_QUIRK_INCREMENT_USAGE_ON_DUPLICATE for Gamevice devices - [x86] xen: don't unbind uninitialized lock_kicker_irq - HID: Add Logitech Dinovo Edge battery quirk - proc: don't allow async path resolution of /proc/self components - nvme: free sq/cq dbbuf pointers when dbbuf set fails - [arm64,armhf] dmaengine: pl330: _prep_dma_memcpy: Fix wrong burst size - scsi: libiscsi: Fix NOP race condition - scsi: target: iscsi: Fix cmd abort fabric stop race - [x86] perf/x86: fix sysfs type mismatches - [arm64,armhf] phy: tegra: xusb: Fix dangling pointer on probe failure - scsi: ufs: Fix race between shutdown and runtime resume flow - bnxt_en: fix error return code in bnxt_init_one() - bnxt_en: fix error return code in bnxt_init_board() - [x86] video: hyperv_fb: Fix the cache type when mapping the VRAM - bnxt_en: Release PCI regions when DMA mask setup fails during probe. - cxgb4: fix the panic caused by non smac rewrite - [s390x] qeth: fix tear down of async TX buffers - IB/mthca: fix return value of error branch in mthca_init_cq() - net: ena: set initial DMA width to avoid intel iommu issue - [arm64] optee: add writeback to valid memory type - [arm64,armhf,x86] efivarfs: revert "fix memory leak in efivarfs_create()" (Closes: #977048) - can: gs_usb: fix endianess problem with candleLight firmware - [x86] platform/x86: thinkpad_acpi: Send tablet mode switch at wakeup time - [x86] platform/x86: toshiba_acpi: Fix the wrong variable assignment - USB: core: Change %pK for __user pointers to %px - usb: gadget: f_midi: Fix memleak in f_midi_alloc - USB: quirks: Add USB_QUIRK_DISCONNECT_SUSPEND quirk for Lenovo A630Z TIO built-in usb-audio card - usb: gadget: Fix memleak in gadgetfs_fill_super - [x86] speculation: Fix prctl() when spectre_v2_user={seccomp,prctl},ibpb - USB: core: Fix regression in Hercules audio card https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.162 - ipv6: addrlabel: fix possible memory leak in ip6addrlbl_net_init - [s390x] net/af_iucv: set correct sk_protocol for child sockets - rose: Fix Null pointer dereference in rose_send_frame() - sock: set sk_err to ee_errno on dequeue from errq - tcp: Set INET_ECN_xmit configuration in tcp_reinit_congestion_control - tun: honor IOCB_NOWAIT flag - i40e: Fix removing driver while bare-metal VFs pass traffic - bonding: wait for sysfs kobject destruction before freeing struct slave - netfilter: bridge: reset skb->pkt_type after NF_INET_POST_ROUTING traversal - ipv4: Fix tos mask in inet_rtm_getroute() - geneve: pull IP header before ECN decapsulation - net: ip6_gre: set dev->hard_header_len when using header_ops - cxgb3: fix error return code in t3_sge_alloc_qset() - [arm64,armhf] net: mvpp2: Fix error return code in mvpp2_open() - net/mlx5: Fix wrong address reclaim when command interface is down - dt-bindings: net: correct interrupt flags in examples - ALSA: usb-audio: US16x08: fix value count for level meters - Input: xpad - support Ardwiino Controllers - Input: i8042 - add ByteSpeed touchpad to noloop table - tracing: Remove WARN_ON in start_thread() - RDMA/i40iw: Address an mmap handler exploit in i40iw https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.163 - [x86] pinctrl: baytrail: Replace WARN with dev_info_once when setting direct-irq pin to output - [x86] pinctrl: baytrail: Fix pin being driven low for a while on gpiod_get(..., GPIOD_OUT_HIGH) - usb: gadget: f_fs: Use local copy of descriptors for userspace copy - USB: serial: kl5kusb105: fix memleak on open - USB: serial: ch341: add new Product ID for CH341A - USB: serial: ch341: sort device-id entries - USB: serial: option: add Fibocom NL668 variants - USB: serial: option: add support for Thales Cinterion EXS82 - USB: serial: option: fix Quectel BG96 matching - tty: Fix ->pgrp locking in tiocspgrp() (CVE-2020-29661) - tty: Fix ->session locking (CVE-2020-29660) - ALSA: hda/realtek: Add mute LED quirk to yet another HP x360 model - ALSA: hda/realtek: Enable headset of ASUS UX482EG & B9400CEA with ALC294 - ALSA: hda/realtek - Add new codec supported for ALC897 - ALSA: hda/generic: Add option to enforce preferred_dacs pairs - ftrace: Fix updating FTRACE_FL_TRAMP - cifs: fix potential use-after-free in cifs_echo_request() - [armhf] i2c: imx: Don't generate STOP condition if arbitration has been lost - scsi: mpt3sas: Fix ioctl timeout - dm writecache: fix the maximum number of arguments - dm: remove invalid sparse __acquires and __releases annotations - mm: list_lru: set shrinker map bit when child nr_items is not zero - mm/swapfile: do not sleep with a spin lock held - [x86] uprobes: Do not use prefixes.nbytes when looping over prefixes.bytes - [armhf] i2c: imx: Fix reset of I2SR_IAL flag - [armhf] i2c: imx: Check for I2SR_IAL after every byte - speakup: Reject setting the speakup line discipline outside of speakup (CVE-2020-27830) - [amd64] iommu/amd: Set DTE[IntTabLen] to represent 512 IRTEs - spi: Introduce device-managed SPI controller allocation - [arm*] spi: bcm2835: Fix use-after-free on unbind - [arm*] spi: bcm2835: Release the DMA channel if probe fails after dma_init - tracing: Fix userstacktrace option for instances - gfs2: check for empty rgrp tree in gfs2_ri_update - [arm64] i2c: qup: Fix error return code in qup_i2c_bam_schedule_desc() - dm writecache: remove BUG() and fail gracefully instead - Input: i8042 - fix error return code in i8042_setup_aux() - netfilter: nf_tables: avoid false-postive lockdep splat - [x86] insn-eval: Use new for_each_insn_prefix() macro to loop over prefixes bytes - Revert "geneve: pull IP header before ECN decapsulation" https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.164 - [x86] lib: Change .weak to SYM_FUNC_START_WEAK for arch/x86/lib/mem*_64.S - [arm*] spi: bcm2835aux: Fix use-after-free on unbind - [arm*] spi: bcm2835aux: Restore err assignment in bcm2835aux_spi_probe - iwlwifi: pcie: limit memory read spin time - iwlwifi: mvm: fix kernel panic in case of assert during CSA - scsi: ufs: Make sure clk scaling happens only when HBA is runtime ACTIVE - [arm64,armhf] irqchip/gic-v3-its: Unconditionally save/restore the ITS state on suspend - [x86] platform/x86: thinkpad_acpi: Do not report SW_TABLET_MODE on Yoga 11e - [x86] platform/x86: thinkpad_acpi: Add BAT1 is primary battery quirk for Thinkpad Yoga 11e 4th gen - [x86] platform/x86: acer-wmi: add automatic keyboard background light toggle key as KEY_LIGHTS_TOGGLE - [x86] platform/x86: intel-vbtn: Support for tablet mode on HP Pavilion 13 x360 PC - Input: cm109 - do not stomp on control URB - Input: i8042 - add Acer laptops to the i8042 reset list - pinctrl: amd: remove debounce filter setting in IRQ type setting - mmc: block: Fixup condition for CMD13 polling for RPMB requests - kbuild: avoid static_assert for genksyms - scsi: be2iscsi: Revert "Fix a theoretical leak in beiscsi_create_eqs()" - [x86] membarrier: Get rid of a dubious optimization - [x86] apic/vector: Fix ordering in vector assignment - [arm64] PCI: qcom: Add missing reset for ipq806x - mac80211: mesh: fix mesh_pathtbl_init() error path - [arm64,armhf] net: stmmac: free tx skb buffer in stmmac_resume() - tcp: select sane initial rcvq_space.space for big MSS - tcp: fix cwnd-limited bug for TSO deferral where we send nothing - net/mlx4_en: Avoid scheduling restart task if it is already running - lan743x: fix for potential NULL pointer dereference with bare card - net/mlx4_en: Handle TX error CQE - [arm64,armhf] net: stmmac: delete the eee_ctrl_timer after napi disabled - [arm64,armhf] net: stmmac: dwmac-meson8b: fix mask definition of the m250_sel mux - net: bridge: vlan: fix error return code in __vlan_add() - USB: add RESET_RESUME quirk for Snapscan 1212 - ALSA: usb-audio: Fix potential out-of-bounds shift - ALSA: usb-audio: Fix control 'access overflow' errors from chmap - xhci: Give USB2 ports time to enter U3 in bus suspend - USB: UAS: introduce a quirk to set no_write_same - ALSA: pcm: oss: Fix potential out-of-bounds shift - [x86] drm/xen-front: Fix misused IS_ERR_OR_NULL checks - drm: fix drm_dp_mst_port refcount leaks in drm_dp_mst_allocate_vcpi - [x86] pinctrl: baytrail: Avoid clearing debounce value when turning it off - [arm*] gpio: mvebu: fix potential user-after-free on probe - scsi: bnx2i: Requires MMU - xsk: Fix xsk_poll()'s return type - can: softing: softing_netdev_open(): fix error handling - block: factor out requeue handling from dispatch code - netfilter: x_tables: Switch synchronization to RCU - RDMA/cm: Fix an attempt to use non-valid pointer when cleaning timewait - ixgbe: avoid premature Rx buffer reuse - [arm64,armhf] drm/tegra: replace idr_init() by idr_init_base() - kernel/cpu: add arch override for clear_tasks_mm_cpumask() mm handling - [arm64,armhf] drm/tegra: sor: Disable clocks on error in tegra_sor_init() - [arm64] syscall: exit userspace before unmasking exceptions - vxlan: Add needed_headroom for lower device - vxlan: Copy needed_tailroom from lowerdev - scsi: mpt3sas: Increase IOCInit request timeout to 30s - dm table: Remove BUG_ON(in_interrupt()) - [arm64] soc/tegra: fuse: Fix index bug in get_process_id - USB: serial: option: add interface-number sanity check to flag handling - USB: gadget: f_acm: add support for SuperSpeed Plus - USB: gadget: f_midi: setup SuperSpeed Plus descriptors - usb: gadget: f_fs: Re-use SS descriptors for SuperSpeedPlus - USB: gadget: f_rndis: fix bitrate for SuperSpeed and above - [arm64,armhf] usb: chipidea: ci_hdrc_imx: Pass DISABLE_DEVICE_STREAMING flag to imx6ul - [armhf] dts: exynos: fix roles of USB 3.0 ports on Odroid XU - [armhf] dts: exynos: fix USB 3.0 pins supply being turned off on Odroid XU - scsi: megaraid_sas: Check user-provided offsets - HID: i2c-hid: add Vero K147 to descriptor override - serial_core: Check for port state when tty is in error state - Bluetooth: Fix slab-out-of-bounds read in hci_le_direct_adv_report_evt() - quota: Sanity-check quota file headers on load - media: msi2500: assign SPI bus number dynamically - crypto: af_alg - avoid undefined behavior accessing salg_name - md: fix a warning caused by a race between concurrent md_ioctl()s - perf cs-etm: Change tuple from traceID-CPU# to traceID-metadata - perf cs-etm: Move definition of 'traceid_list' global variable from header file - [x86] drm/gma500: fix double free of gma_connector - selinux: fix error initialization in inode_doinit_with_dentry() - RDMA/rxe: Compute PSN windows correctly - [x86] mm/ident_map: Check for errors from ident_pud_init() - [armel,armhf] p2v: fix handling of LPAE translation in BE mode - [x86] apic: Fix x2apic enablement without interrupt remapping - sched/deadline: Fix sched_dl_global_validate() - sched: Reenable interrupts in do_sched_yield() - [arm64] crypto: inside-secure - Fix sizeof() mismatch - [powerpc*] 64: Set up a kernel stack for secondaries before cpu_restore() - [arm64] drm/msm/dsi_pll_10nm: restore VCO rate during restore_state - ASoC: pcm: DRAIN support reactivation - selinux: fix inode_doinit_with_dentry() LABEL_INVALID error handling - Bluetooth: Fix null pointer dereference in hci_event_packet() - Bluetooth: hci_h5: fix memory leak in h5_close - [armhf] spi: spi-ti-qspi: fix reference leak in ti_qspi_setup - [arm64] spi: tegra20-slink: fix reference leak in slink ops of tegra20 - [arm64,armhf] spi: tegra20-sflash: fix reference leak in tegra_sflash_resume - [arm64,armhf] spi: tegra114: fix reference leak in tegra spi ops - mwifiex: fix mwifiex_shutdown_sw() causing sw reset failure - RDMa/mthca: Work around -Wenum-conversion warning - [x86] crypto: qat - fix status check in qat_hal_put_rel_rd_xfer() - [x86] media: tm6000: Fix sizeof() mismatches - scsi: core: Fix VPD LUN ID designator priorities - media: solo6x10: fix missing snd_card_free in error handling case - [armhf] drm/omap: dmm_tiler: fix return error code in omap_dmm_probe() - Input: ads7846 - fix race that causes missing releases - Input: ads7846 - fix integer overflow on Rt calculation - Input: ads7846 - fix unaligned access on 7845 - spi: fix resource leak for drivers without .remove callback - [armhf] Input: omap4-keypad - fix runtime PM error handling - RDMA/cxgb4: Validate the number of CQEs - memstick: fix a double-free bug in memstick_check - orinoco: Move context allocation after processing the skb - [arm64] dmaengine: mv_xor_v2: Fix error return code in mv_xor_v2_probe() - media: siano: fix memory leak of debugfs members in smsdvb_hotplug - [armhf] HSI: omap_ssi: Don't jump to free ID in ssi_add_controller() - [arm64] dts: rockchip: Set dr_mode to "host" for OTG on rk3328-roc-cc - [x86] power: supply: bq24190_charger: fix reference leak - genirq/irqdomain: Don't try to free an interrupt that has no mapping - PCI: Bounds-check command-line resource alignment requests - PCI: Fix overflow in command-line resource alignment requests - [arm64] dts: meson: fix spi-max-frequency on Khadas VIM2 - [x86] platform/x86: dell-smbios-base: Fix error return code in dell_smbios_init - ath10k: Fix the parsing error in service available event - ath10k: Fix an error handling path - ath10k: Release some resources in an error handling path - NFSv4.2: condition READDIR's mask for security label based on LSM state - SUNRPC: xprt_load_transport() needs to support the netid "rdma6" - lockd: don't use interval-based rebinding over TCP - NFS: switch nfsiod to be an UNBOUND workqueue. - vfio-pci: Use io_remap_pfn_range() for PCI IO memory - media: saa7146: fix array overflow in vidioc_s_audio() - memstick: r592: Fix error return in r592_probe() - net/mlx5: Properly convey driver version to firmware - dm ioctl: fix error return code in target_message - [arm64,armhf] clocksource/drivers/arm_arch_timer: Correct fault programming of CNTKCTL_EL1.EVNTI - [armhf] cpufreq: highbank: Add missing MODULE_DEVICE_TABLE - scsi: qedi: Fix missing destroy_workqueue() on error in __qedi_probe - scsi: pm80xx: Fix error return in pm8001_pci_probe() - seq_buf: Avoid type mismatch for seq_buf_init - [x86] scsi: fnic: Fix error return code in fnic_probe() - [powerpc*] pseries/hibernation: drop pseries_suspend_begin() from suspend ops - [powerpc*] pseries/hibernation: remove redundant cacheinfo update - [armhf] usb: ehci-omap: Fix PM disable depth umbalance in ehci_hcd_omap_probe - speakup: fix uninitialized flush_lock - nfsd: Fix message level for normal termination - nfs_common: need lock during iterate through the list - [x86] kprobes: Restore BTF if the single-stepping is cancelled - [arm64,armhf] clk: tegra: Fix duplicated SE clock entry - mac80211: don't set set TDLS STA bandwidth wider than possible - watchdog: Fix potential dereferencing of null pointer - [armhf] net: allwinner: Fix some resources leak in the error handling path of the probe and in the remove function - [arm64,x86] libnvdimm/label: Return -ENXIO for no slot in __blk_label_update - [arm64] watchdog: qcom: Avoid context switch in restart handler - [armhf] clk: ti: Fix memleak in ti_fapll_synth_setup - qlcnic: Fix error code in probe - [armhf] clk: s2mps11: Fix a resource leak in error handling paths in the probe function - [arm64,armhf] clk: sunxi-ng: Make sure divider tables have sentinel - [armhf] sunxi: Add machine match for the Allwinner V3 SoC - cfg80211: initialize rekey_data - lwt: Disable BH too in run_lwt_bpf() - [arm64,armhf] Input: cros_ec_keyb - send 'scancodes' in addition to key events - Input: goodix - add upside-down quirk for Teclast X98 Pro tablet - media: gspca: Fix memory leak in probe - [armhf] media: sunxi-cir: ensure IR is handled when it is continuous - media: netup_unidvb: Don't leak SPI master in probe error path - [x86] Input: cyapa_gen6 - fix out-of-bounds stack access - ALSA: hda/ca0132 - Change Input Source enum strings. - PM: ACPI: PCI: Drop acpi_pm_set_bridge_wakeup() - Revert "ACPI / resources: Use AE_CTRL_TERMINATE to terminate resources walks" - ACPI: PNP: compare the string length in the matching_id() - ALSA: hda: Fix regressions on clear and reconfig sysfs - ALSA: hda/realtek - Enable headset mic of ASUS X430UN with ALC256 - ALSA: hda/realtek - Enable headset mic of ASUS Q524UQK with ALC255 - ALSA: pcm: oss: Fix a few more UBSAN fixes - ALSA: hda/realtek: Add quirk for MSI-GP73 - ALSA: hda/realtek: Apply jack fixup for Quanta NL3 - ALSA: usb-audio: Add VID to support native DSD reproduction on FiiO devices - ALSA: usb-audio: Disable sample read check if firmware doesn't give back - [s390x] smp: perform initial CPU reset also for SMT siblings - [s390x] dasd: fix hanging device offline processing - [s390x] dasd: prevent inconsistent LCU device data - [s390x] dasd: fix list corruption of pavgroup group list - [s390x] dasd: fix list corruption of lcu list - [x86] staging: comedi: mf6x4: Fix AI end-of-conversion detection - [powerpc*] perf: Exclude kernel samples while counting events in user space. - crypto: ecdh - avoid unaligned accesses in ecdh_set_secret() - [x86] EDAC/amd64: Fix PCI component registration - USB: serial: mos7720: fix parallel-port state restore - USB: serial: digi_acceleport: fix write-wakeup deadlocks - USB: serial: keyspan_pda: fix dropped unthrottle interrupts - USB: serial: keyspan_pda: fix write deadlock - USB: serial: keyspan_pda: fix stalled writes - USB: serial: keyspan_pda: fix write-wakeup use-after-free - USB: serial: keyspan_pda: fix tx-unthrottle use-after-free - USB: serial: keyspan_pda: fix write unthrottling - ext4: fix a memory leak of ext4_free_data - ext4: fix deadlock with fs freezing and EA inodes - [arm64] KVM: Introduce handling of AArch32 TTBCR2 traps - [armhf] dts: pandaboard: fix pinmux for gpio user button of Pandaboard ES - [powerpc*] Fix incorrect stw{, ux, u, x} instructions in __set_pte_at - [powerpc*] rtas: Fix typo of ibm,open-errinjct in RTAS filter - [powerpc*] xmon: Change printk() to pr_cont() - ceph: fix race in concurrent __ceph_remove_cap invocations - SMB3: avoid confusing warning message on mount to Azure - SMB3.1.1: do not log warning message if server doesn't populate salt - ubifs: wbuf: Don't leak kernel memory to flash - jffs2: Fix GC exit abnormally - jfs: Fix array index bounds check in dbAdjTree (CVE-2020-27815) - drm/dp_aux_dev: check aux_dev before use in drm_dp_aux_dev_get_by_minor() - [armel] mtd: parser: cmdline: Fix parsing of part-names with colons - scsi: lpfc: Fix invalid sleeping context in lpfc_sli4_nvmet_alloc() - scsi: lpfc: Re-fix use after free in lpfc_rq_buf_free() - iio: buffer: Fix demux update - [arm64,armhf] iio: adc: rockchip_saradc: fix missing clk_disable_unprepare() on error in rockchip_saradc_resume - md/cluster: block reshape with remote resync job - md/cluster: fix deadlock when node is doing resync job - [arm64,armhf] pinctrl: sunxi: Always call chained_irq_{enter, exit} in sunxi_pinctrl_irq_handler - [arm64] clk: mvebu: a3700: fix the XTAL MODE pin to MPP1_9 - xen-blkback: set ring->xenblkd to NULL after kthread_stop() (CVE-2020-29569) - xen/xenbus: Allow watches discard events before queueing (CVE-2020-29568) - xen/xenbus: Add 'will_handle' callback support in xenbus_watch_path() (CVE-2020-29568) - xen/xenbus/xen_bus_type: Support will_handle watch callback (CVE-2020-29568) - xen/xenbus: Count pending messages for each watch (CVE-2020-29568) - xenbus/xenbus_backend: Disallow pending watch messages (CVE-2020-29568) - libnvdimm/namespace: Fix reaping of invalidated block-window-namespace labels - [x86] platform/x86: intel-vbtn: Allow switch events on Acer Switch Alpha 12 - PCI: Fix pci_slot_release() NULL pointer dereference https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.165 - md/raid10: initialize r10_bio->read_slot before use. - fscrypt: add fscrypt_is_nokey_name() - ext4: prevent creating duplicate encrypted filenames - f2fs: prevent creating duplicate encrypted filenames - ubifs: prevent creating duplicate encrypted filenames - vfio/pci: Move dummy_resources_list init in vfio_pci_probe() - ext4: don't remount read-only with errors=continue on reboot - uapi: move constants from to - [x86] KVM: SVM: relax conditions for allowing MSR_IA32_SPEC_CTRL accesses - [x86] KVM: reinstate vendor-agnostic check on SPEC_CTRL cpuid bits - [powerpc*] bitops: Fix possible undefined behaviour with fls() and fls64() - xen/gntdev.c: Mark pages as dirty - null_blk: Fix zone size initialization - of: fix linker-section match-table corruption - Bluetooth: hci_h5: close serdev device and free hu in h5_close - reiserfs: add check for an invalid ih_entry_count - [x86] misc: vmw_vmci: fix kernel info-leak by initializing dbells in vmci_ctx_get_chkpt_doorbells() - media: gp8psk: initialize stats at power control logic - ALSA: seq: Use bool for snd_seq_queue internal flags - ALSA: rawmidi: Access runtime->avail always in spinlock - fcntl: Fix potential deadlock in send_sig{io, urg}() - [arm64,armhf] rtc: sun6i: Fix memleak in sun6i_rtc_clk_init - module: set MODULE_STATE_GOING state when a module fails to load - quota: Don't overflow quota file offsets - NFSv4: Fix a pNFS layout related use-after-free race when freeing the inode - module: delay kobject uevent until after module init call - ALSA: pcm: Clear the full allocated memory at hw_params - dm verity: skip verity work if I/O error when system is shutting down https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.166 - kdev_t: always inline major/minor helper functions - mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start (CVE-2020-36158) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.167 - workqueue: Kick a worker based on the actual activation of delayed works - scsi: ufs: Fix wrong print message in dev_err() - scsi: ufs-pci: Ensure UFS device is in PowerDown mode for suspend-to-disk ->poweroff() - scsi: scsi_transport_spi: Set RQF_PM for domain validation commands - lib/genalloc: fix the overflow when size is too big - proc: change ->nlink under proc_subdir_lock - proc: fix lookup in /proc/net subdirectories after setns(2) - i40e: Fix Error I40E_AQ_RC_EINVAL when removing VFs - [arm64,armhf] net: mvpp2: Add TCAM entry to drop flow control pause frames - [arm64,armhf] net: mvpp2: prs: fix PPPoE with ipv6 packet parse - atm: idt77252: call pci_disable_device() on error path - [arm64,armhf] net: mvpp2: Fix GoP port 3 Networking Complex Control configurations - qede: fix offload for IPIP tunnel packets - virtio_net: Fix recursive call to cpus_read_lock() - net-sysfs: take the rtnl lock when storing xps_cpus - net-sysfs: take the rtnl lock when accessing xps_cpus_map and num_tc - tun: fix return value when the number of iovs exceeds MAX_SKB_FRAGS - ipv4: Ignore ECN bits for fib lookups in fib_compute_spec_dst() - [arm64] net: hns: fix return value check in __lb_other_process() - erspan: fix version 1 check in gre_parse_header() - net: hdlc_ppp: Fix issues when mod_timer is called while timer is running - CDC-NCM: remove "connected" log message - net: usb: qmi_wwan: add Quectel EM160R-GL - r8169: work around power-saving bug on some chip versions - vhost_net: fix ubuf refcount incorrectly when sendmsg fails - net: sched: prevent invalid Scell_log shift count - net-sysfs: take the rtnl lock when storing xps_rxqs - net-sysfs: take the rtnl lock when accessing xps_rxqs_map and num_tc - Bluetooth: revert: hci_h5: close serdev device and free hu in h5_close - [x86] video: hyperv_fb: Fix the mmap() regression for v5.4.y and older - crypto: ecdh - avoid buffer overflow in ecdh_set_secret() - usb: gadget: enable super speed plus - USB: cdc-acm: blacklist another IR Droid device - USB: cdc-wdm: Fix use after free in service_outstanding_interrupt(). - [arm64] usb: dwc3: ulpi: Use VStsDone to detect PHY regs access completion - [arm64,armhf] usb: chipidea: ci_hdrc_imx: add missing put_device() call in usbmisc_get_init_data() - USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST quirk set - usb: usbip: vhci_hcd: protect shift size - USB: serial: iuu_phoenix: fix DMA from stack - USB: serial: option: add LongSung M5710 module support - USB: serial: option: add Quectel EM160R-GL - USB: yurex: fix control-URB timeout handling - USB: usblp: fix DMA to stack - ALSA: usb-audio: Fix UBSAN warnings for MIDI jacks - usb: gadget: f_uac2: reset wMaxPacketSize - usb: gadget: function: printer: Fix a memory leak for interface descriptor - usb: gadget: u_ether: Fix MTU size mismatch with RX packet size - usb: gadget: Fix spinlock lockup on usb_function_deactivate - usb: gadget: configfs: Preserve function ordering after bind failure - usb: gadget: configfs: Fix use-after-free issue with udc_name - USB: serial: keyspan_pda: remove unused variable - [x86] mm: Fix leak of pmd ptlock - ALSA: hda/via: Fix runtime PM for Clevo W35xSS - ALSA: hda/conexant: add a new hda codec CX11970 - ALSA: hda/realtek - Fix speaker volume control on Lenovo C940 - btrfs: send: fix wrong file path when there is an inode with a pending rmdir - Revert "device property: Keep secondary firmware node secondary by type" - [x86] xen/pvh: correctly setup the PV EFI interface for dom0 - netfilter: x_tables: Update remaining dereference to RCU - netfilter: ipset: fix shift-out-of-bounds in htable_bits() - netfilter: xt_RATEEST: reject non-null terminated string from userspace - [x86] mtrr: Correct the range check before performing MTRR type lookups - scsi: target: Fix XCOPY NAA identifier lookup (CVE-2020-28374) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.168 - net: cdc_ncm: correct overhead in delayed_ndp_size (Closes: #970736) - [arm64] net: hns3: fix the number of queues actually used by ARQ - [arm64,armhf] net: stmmac: dwmac-sun8i: Balance internal PHY resource references - [arm64,armhf] net: stmmac: dwmac-sun8i: Balance internal PHY power - net: vlan: avoid leaks on register_vlan_dev() failures - net: ip: always refragment ip defragmented packets - net: fix pmtu check in nopmtudisc mode - net: ipv6: fib: flush exceptions when purging route - vmlinux.lds.h: Add PGO and AutoFDO input sections - [x86] drm/i915: Fix mismatch between misplaced vma check and vma insert - [amd64] spi: pxa2xx: Fix use-after-free on unbind - HID: wacom: Fix memory leakage caused by kfifo_alloc - [armhf] OMAP2+: omap_device: fix idling of devices during probe - [x86] cpufreq: powernow-k8: pass policy rather than use cpufreq_cpu_get() - [amd64] iommu/intel: Fix memleak in intel_irq_remapping_alloc - net/mlx5e: Fix memleak in mlx5e_create_l2_table_groups - net/mlx5e: Fix two double free cases - regmap: debugfs: Fix a memory leak when calling regmap_attach_dev - [arm64] KVM: Don't access PMCR_EL0 when no PMU is available - block: fix use-after-free in disk_part_iter_next - net: drop bogus skb with CHECKSUM_PARTIAL and offset beyond end of trimmed packet - regmap: debugfs: Fix a reversed if statement in regmap_debugfs_init() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.169 - ASoC: dapm: remove widget from dirty list on free - [x86] hyperv: check cpu mask after interrupt has been disabled - [mips*] boot: Fix unaligned access with CONFIG_MIPS_RAW_APPENDED_DTB - ACPI: scan: Harden acpi_device_add() against device ID overflows - mm/hugetlb: fix potential missing huge page size info - dm snapshot: flush merged data before committing metadata - dm integrity: fix the maximum number of arguments - r8152: Add Lenovo Powered USB-C Travel Hub - ext4: fix bug for rename with RENAME_WHITEOUT - btrfs: fix transaction leak and crash after RO remount caused by qgroup rescan - bfq: Fix computation of shallow depth - [arm64] drm/msm: Call msm_init_vram before binding the gpu - dump_common_audit_data(): fix racy accesses to ->d_name - [x86] ASoC: Intel: fix error code cnl_set_dsp_D0() - NFS4: Fix use-after-free in trace_event_raw_event_nfs4_set_lock - pNFS: Mark layout for return if return-on-close was not sent - NFS/pNFS: Fix a leak of the layout 'plh_outstanding' counter - NFS: nfs_igrab_and_active must first reference the superblock - ext4: fix superblock checksum failure when setting password salt - [amd64] RDMA/usnic: Fix memleak in find_free_vf_and_create_qp_grp - RDMA/mlx5: Fix wrong free of blue flame register on error - mm, slub: consider rest of partial list if acquire_slab() fails - net: sunrpc: interpret the return value of kstrtou32 correctly - dm: eliminate potential source of excessive kernel log noise - ALSA: firewire-tascam: Fix integer overflow in midi_port_work() - ALSA: fireface: Fix integer overflow in transmit_midi_msg() - netfilter: conntrack: fix reading nf_conntrack_buckets - netfilter: nf_nat: Fix memleak in nf_nat_init https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.170 - usb: ohci: Make distrust_firmware param default to false - dm integrity: fix flush with external metadata device - nfsd4: readdirplus shouldn't return parent of export (CVE-2021-3178) - udp: Prevent reuseport_select_sock from reading uninitialized socks - netxen_nic: fix MSI/MSI-x interrupts - [arm64,armhf] net: mvpp2: Remove Pause and Asym_Pause support - rndis_host: set proper input size for OID_GEN_PHYSICAL_MEDIUM request - esp: avoid unneeded kmap_atomic call - net: dcb: Validate netlink message in DCB handler - net: dcb: Accept RTM_GETDCB messages carrying set-like DCB commands - rxrpc: Call state should be read with READ_ONCE() under some circumstances - [arm64,armhf] net: stmmac: Fixed mtu channged by cache aligned - net: sit: unregister_netdevice on newlink's error path - net: avoid 32 x truesize under-estimation for tiny skbs - rxrpc: Fix handling of an unsupported token type in rxrpc_read() - tipc: fix NULL deref in tipc_link_xmit() - net: introduce skb_list_walk_safe for skb segment walking - net: skbuff: disambiguate argument and member for skb_list_walk_safe helper - net: ipv6: Validate GSO SKB before finish IPv6 processing https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.171 - ALSA: hda/via: Add minimum mute flag - ACPI: scan: Make acpi_bus_get_device() clear return pointer on error - btrfs: fix lockdep splat in btrfs_recover_relocation - mmc: core: don't initialize block size from ext_csd if not present - [arm64] mmc: sdhci-xenon: fix 1.8v regulator stabilization - dm: avoid filesystem lookup in dm_get_dev_t() - dm integrity: fix a crash if "recalculate" used without "internal_hash" - drm/atomic: put state on error path - [x86] ASoC: Intel: haswell: Add missing pm_ops - scsi: ufs: Correct the LUN used in eh_device_reset_handler() callback - scsi: qedi: Correct max length of CHAP secret - HID: Ignore battery for Elan touchscreen on ASUS UX550 - xen: Fix event channel callback via INTX/GSI - drm/nouveau/bios: fix issue shadowing expansion ROMs - drm/nouveau/privring: ack interrupts the same way as RM - drm/nouveau/i2c/gm200: increase width of aux semaphore owner fields - drm/nouveau/mmu: fix vram heap sizing - drm/nouveau/kms/nv50-: fix case where notifier buffer is at offset 0 - scsi: megaraid_sas: Fix MEGASAS_IOC_FIRMWARE regression - i2c: octeon: check correct size of maximum RECV_LEN packet - [x86] platform/x86: intel-vbtn: Drop HP Stream x360 Convertible PC 11 from allow-list - can: dev: can_restart: fix use after free bug - can: vxcan: vxcan_xmit: fix use after free bug - can: peak_usb: fix use after free bugs - [mips*] irqchip/mips-cpu: Set IPI domain parent chip - [x86] intel_th: pci: Add Alder Lake-P support - [arm64] serial: mvebu-uart: fix tx lost characters at power off - ehci: fix EHCI host controller initialization sequence - usb: udc: core: Use lock when write to soft_connect - xhci: make sure TRB is fully written before giving it to the controller - [arm64,armhf] xhci: tegra: Delay for disabling LFPS detector - driver core: Extend device_is_dependent() - netfilter: rpfilter: mask ecn bits before fib lookup - skbuff: back tiny skbs with kmalloc() in __netdev_alloc_skb() too - udp: mask TOS bits in udp_v4_early_demux() - ipv6: create multicast route with RTPROT_KERNEL - net_sched: avoid shift-out-of-bounds in tcindex_set_parms() - net_sched: reject silly cell_log in qdisc_get_rtab() - ipv6: set multicast flag on the multicast route - net: Disable NETIF_F_HW_TLS_RX when RXCSUM is disabled - [armhf] net: dsa: b53: fix an off by one in checking "vlan->vid" . [ Salvatore Bonaccorso ] * [rt] Update to 4.19.165-rt70 * Bump ABI to 14 * [rt] Refresh "net/core: protect users of napi_alloc_cache against reentrance" * futex: Move futex exit handling into futex code * futex: Replace PF_EXITPIDONE with a state * exit/exec: Seperate mm_release() * futex: Split futex_mm_release() for exit/exec * futex: Set task::futex_state to DEAD right after handling futex exit * futex: Mark the begin of futex exit explicitly * futex: Sanitize exit state handling * futex: Provide state handling for exec() as well * futex: Add mutex around futex exit * futex: Provide distinct return value when owner is exiting * futex: Prevent exit livelock * [rt] Refresh "softirq: Split softirq locks" * [arm*] gpio: mvebu: fix pwm .get_state period calculation * Revert "mm/slub: fix a memory leak in sysfs_slab_add()" * futex: Ensure the correct return value from futex_lock_pi() * futex: Replace pointless printk in fixup_owner() * futex: Provide and use pi_state_update_owner() * rtmutex: Remove unused argument from rt_mutex_proxy_unlock() * futex: Use pi_state_update_owner() in put_pi_state() * futex: Simplify fixup_pi_state_owner() * futex: Handle faults correctly for PI futexes * [rt] Refresh "rtmutex: Handle the various new futex race conditions" * [rt] Refresh "rtmutex: add sleeping lock implementation" * [rt] Refresh "Revert "rtmutex: Handle the various new futex race conditions"" * [rt] Refresh "futex: Make the futex_hash_bucket lock raw" * [rt] Refresh "futex: Delay deallocation of pi_state" * [rt] Refresh "futex: Make the futex_hash_bucket spinlock_t again and bring back its old state" * HID: wacom: Correct NULL dereference on AES pen proximity * tracing: Fix race in trace_open and buffer resize call (CVE-2020-27825) . [ Uwe Kleine-König ] * [arm64] Enable support for NXP's PCF85063 RTC (Closes: #972345) linux-latest (105+deb10u9) buster-security; urgency=high . * Update to 4.19.0-14 linux-signed-amd64 (4.19.171+2) buster-security; urgency=high . * Sign kernel from linux 4.19.171-2 . * xen: Fix XenStore initialisation for XS_LOCAL linux-signed-arm64 (4.19.171+2) buster-security; urgency=high . * Sign kernel from linux 4.19.171-2 . * xen: Fix XenStore initialisation for XS_LOCAL linux-signed-i386 (4.19.171+2) buster-security; urgency=high . * Sign kernel from linux 4.19.171-2 . * xen: Fix XenStore initialisation for XS_LOCAL linux-signed-i386 (4.19.171+1) buster-security; urgency=high . * Sign kernel from linux 4.19.171-1 . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.161 - perf event: Check ref_reloc_sym before using it - netfilter: clear skb->next in NF_HOOK_LIST() (CVE-2021-20177) - btrfs: don't access possibly stale fs_info data for printing duplicate device - btrfs: fix lockdep splat when reading qgroup config on mount - wireless: Use linux/stddef.h instead of stddef.h - [arm64] KVM: vgic-v3: Drop the reporting of GICR_TYPER.Last for userspace - [x86] KVM: handle !lapic_in_kernel case in kvm_cpu_*_extint - [x86] KVM: Fix split-irqchip vs interrupt injection window request - [arm64] pgtable: Fix pte_accessible() - [arm64] pgtable: Ensure dirty bit is preserved across pte_wrprotect() (Closes: #977615) - drm/atomic_helper: Stop modesets on unregistered connectors harder - ALSA: hda/hdmi: fix incorrect locking in hdmi_pcm_close - HID: cypress: Support Varmilo Keyboards' media hotkeys - HID: add support for Sega Saturn - Input: i8042 - allow insmod to succeed on devices without an i8042 controller - HID: hid-sensor-hub: Fix issue with devices with no report ID - HID: add HID_QUIRK_INCREMENT_USAGE_ON_DUPLICATE for Gamevice devices - [x86] xen: don't unbind uninitialized lock_kicker_irq - HID: Add Logitech Dinovo Edge battery quirk - proc: don't allow async path resolution of /proc/self components - nvme: free sq/cq dbbuf pointers when dbbuf set fails - [arm64,armhf] dmaengine: pl330: _prep_dma_memcpy: Fix wrong burst size - scsi: libiscsi: Fix NOP race condition - scsi: target: iscsi: Fix cmd abort fabric stop race - [x86] perf/x86: fix sysfs type mismatches - [arm64,armhf] phy: tegra: xusb: Fix dangling pointer on probe failure - scsi: ufs: Fix race between shutdown and runtime resume flow - bnxt_en: fix error return code in bnxt_init_one() - bnxt_en: fix error return code in bnxt_init_board() - [x86] video: hyperv_fb: Fix the cache type when mapping the VRAM - bnxt_en: Release PCI regions when DMA mask setup fails during probe. - cxgb4: fix the panic caused by non smac rewrite - [s390x] qeth: fix tear down of async TX buffers - IB/mthca: fix return value of error branch in mthca_init_cq() - net: ena: set initial DMA width to avoid intel iommu issue - [arm64] optee: add writeback to valid memory type - [arm64,armhf,x86] efivarfs: revert "fix memory leak in efivarfs_create()" (Closes: #977048) - can: gs_usb: fix endianess problem with candleLight firmware - [x86] platform/x86: thinkpad_acpi: Send tablet mode switch at wakeup time - [x86] platform/x86: toshiba_acpi: Fix the wrong variable assignment - USB: core: Change %pK for __user pointers to %px - usb: gadget: f_midi: Fix memleak in f_midi_alloc - USB: quirks: Add USB_QUIRK_DISCONNECT_SUSPEND quirk for Lenovo A630Z TIO built-in usb-audio card - usb: gadget: Fix memleak in gadgetfs_fill_super - [x86] speculation: Fix prctl() when spectre_v2_user={seccomp,prctl},ibpb - USB: core: Fix regression in Hercules audio card https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.162 - ipv6: addrlabel: fix possible memory leak in ip6addrlbl_net_init - [s390x] net/af_iucv: set correct sk_protocol for child sockets - rose: Fix Null pointer dereference in rose_send_frame() - sock: set sk_err to ee_errno on dequeue from errq - tcp: Set INET_ECN_xmit configuration in tcp_reinit_congestion_control - tun: honor IOCB_NOWAIT flag - i40e: Fix removing driver while bare-metal VFs pass traffic - bonding: wait for sysfs kobject destruction before freeing struct slave - netfilter: bridge: reset skb->pkt_type after NF_INET_POST_ROUTING traversal - ipv4: Fix tos mask in inet_rtm_getroute() - geneve: pull IP header before ECN decapsulation - net: ip6_gre: set dev->hard_header_len when using header_ops - cxgb3: fix error return code in t3_sge_alloc_qset() - [arm64,armhf] net: mvpp2: Fix error return code in mvpp2_open() - net/mlx5: Fix wrong address reclaim when command interface is down - dt-bindings: net: correct interrupt flags in examples - ALSA: usb-audio: US16x08: fix value count for level meters - Input: xpad - support Ardwiino Controllers - Input: i8042 - add ByteSpeed touchpad to noloop table - tracing: Remove WARN_ON in start_thread() - RDMA/i40iw: Address an mmap handler exploit in i40iw https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.163 - [x86] pinctrl: baytrail: Replace WARN with dev_info_once when setting direct-irq pin to output - [x86] pinctrl: baytrail: Fix pin being driven low for a while on gpiod_get(..., GPIOD_OUT_HIGH) - usb: gadget: f_fs: Use local copy of descriptors for userspace copy - USB: serial: kl5kusb105: fix memleak on open - USB: serial: ch341: add new Product ID for CH341A - USB: serial: ch341: sort device-id entries - USB: serial: option: add Fibocom NL668 variants - USB: serial: option: add support for Thales Cinterion EXS82 - USB: serial: option: fix Quectel BG96 matching - tty: Fix ->pgrp locking in tiocspgrp() (CVE-2020-29661) - tty: Fix ->session locking (CVE-2020-29660) - ALSA: hda/realtek: Add mute LED quirk to yet another HP x360 model - ALSA: hda/realtek: Enable headset of ASUS UX482EG & B9400CEA with ALC294 - ALSA: hda/realtek - Add new codec supported for ALC897 - ALSA: hda/generic: Add option to enforce preferred_dacs pairs - ftrace: Fix updating FTRACE_FL_TRAMP - cifs: fix potential use-after-free in cifs_echo_request() - [armhf] i2c: imx: Don't generate STOP condition if arbitration has been lost - scsi: mpt3sas: Fix ioctl timeout - dm writecache: fix the maximum number of arguments - dm: remove invalid sparse __acquires and __releases annotations - mm: list_lru: set shrinker map bit when child nr_items is not zero - mm/swapfile: do not sleep with a spin lock held - [x86] uprobes: Do not use prefixes.nbytes when looping over prefixes.bytes - [armhf] i2c: imx: Fix reset of I2SR_IAL flag - [armhf] i2c: imx: Check for I2SR_IAL after every byte - speakup: Reject setting the speakup line discipline outside of speakup (CVE-2020-27830) - [amd64] iommu/amd: Set DTE[IntTabLen] to represent 512 IRTEs - spi: Introduce device-managed SPI controller allocation - [arm*] spi: bcm2835: Fix use-after-free on unbind - [arm*] spi: bcm2835: Release the DMA channel if probe fails after dma_init - tracing: Fix userstacktrace option for instances - gfs2: check for empty rgrp tree in gfs2_ri_update - [arm64] i2c: qup: Fix error return code in qup_i2c_bam_schedule_desc() - dm writecache: remove BUG() and fail gracefully instead - Input: i8042 - fix error return code in i8042_setup_aux() - netfilter: nf_tables: avoid false-postive lockdep splat - [x86] insn-eval: Use new for_each_insn_prefix() macro to loop over prefixes bytes - Revert "geneve: pull IP header before ECN decapsulation" https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.164 - [x86] lib: Change .weak to SYM_FUNC_START_WEAK for arch/x86/lib/mem*_64.S - [arm*] spi: bcm2835aux: Fix use-after-free on unbind - [arm*] spi: bcm2835aux: Restore err assignment in bcm2835aux_spi_probe - iwlwifi: pcie: limit memory read spin time - iwlwifi: mvm: fix kernel panic in case of assert during CSA - scsi: ufs: Make sure clk scaling happens only when HBA is runtime ACTIVE - [arm64,armhf] irqchip/gic-v3-its: Unconditionally save/restore the ITS state on suspend - [x86] platform/x86: thinkpad_acpi: Do not report SW_TABLET_MODE on Yoga 11e - [x86] platform/x86: thinkpad_acpi: Add BAT1 is primary battery quirk for Thinkpad Yoga 11e 4th gen - [x86] platform/x86: acer-wmi: add automatic keyboard background light toggle key as KEY_LIGHTS_TOGGLE - [x86] platform/x86: intel-vbtn: Support for tablet mode on HP Pavilion 13 x360 PC - Input: cm109 - do not stomp on control URB - Input: i8042 - add Acer laptops to the i8042 reset list - pinctrl: amd: remove debounce filter setting in IRQ type setting - mmc: block: Fixup condition for CMD13 polling for RPMB requests - kbuild: avoid static_assert for genksyms - scsi: be2iscsi: Revert "Fix a theoretical leak in beiscsi_create_eqs()" - [x86] membarrier: Get rid of a dubious optimization - [x86] apic/vector: Fix ordering in vector assignment - [arm64] PCI: qcom: Add missing reset for ipq806x - mac80211: mesh: fix mesh_pathtbl_init() error path - [arm64,armhf] net: stmmac: free tx skb buffer in stmmac_resume() - tcp: select sane initial rcvq_space.space for big MSS - tcp: fix cwnd-limited bug for TSO deferral where we send nothing - net/mlx4_en: Avoid scheduling restart task if it is already running - lan743x: fix for potential NULL pointer dereference with bare card - net/mlx4_en: Handle TX error CQE - [arm64,armhf] net: stmmac: delete the eee_ctrl_timer after napi disabled - [arm64,armhf] net: stmmac: dwmac-meson8b: fix mask definition of the m250_sel mux - net: bridge: vlan: fix error return code in __vlan_add() - USB: add RESET_RESUME quirk for Snapscan 1212 - ALSA: usb-audio: Fix potential out-of-bounds shift - ALSA: usb-audio: Fix control 'access overflow' errors from chmap - xhci: Give USB2 ports time to enter U3 in bus suspend - USB: UAS: introduce a quirk to set no_write_same - ALSA: pcm: oss: Fix potential out-of-bounds shift - [x86] drm/xen-front: Fix misused IS_ERR_OR_NULL checks - drm: fix drm_dp_mst_port refcount leaks in drm_dp_mst_allocate_vcpi - [x86] pinctrl: baytrail: Avoid clearing debounce value when turning it off - [arm*] gpio: mvebu: fix potential user-after-free on probe - scsi: bnx2i: Requires MMU - xsk: Fix xsk_poll()'s return type - can: softing: softing_netdev_open(): fix error handling - block: factor out requeue handling from dispatch code - netfilter: x_tables: Switch synchronization to RCU - RDMA/cm: Fix an attempt to use non-valid pointer when cleaning timewait - ixgbe: avoid premature Rx buffer reuse - [arm64,armhf] drm/tegra: replace idr_init() by idr_init_base() - kernel/cpu: add arch override for clear_tasks_mm_cpumask() mm handling - [arm64,armhf] drm/tegra: sor: Disable clocks on error in tegra_sor_init() - [arm64] syscall: exit userspace before unmasking exceptions - vxlan: Add needed_headroom for lower device - vxlan: Copy needed_tailroom from lowerdev - scsi: mpt3sas: Increase IOCInit request timeout to 30s - dm table: Remove BUG_ON(in_interrupt()) - [arm64] soc/tegra: fuse: Fix index bug in get_process_id - USB: serial: option: add interface-number sanity check to flag handling - USB: gadget: f_acm: add support for SuperSpeed Plus - USB: gadget: f_midi: setup SuperSpeed Plus descriptors - usb: gadget: f_fs: Re-use SS descriptors for SuperSpeedPlus - USB: gadget: f_rndis: fix bitrate for SuperSpeed and above - [arm64,armhf] usb: chipidea: ci_hdrc_imx: Pass DISABLE_DEVICE_STREAMING flag to imx6ul - [armhf] dts: exynos: fix roles of USB 3.0 ports on Odroid XU - [armhf] dts: exynos: fix USB 3.0 pins supply being turned off on Odroid XU - scsi: megaraid_sas: Check user-provided offsets - HID: i2c-hid: add Vero K147 to descriptor override - serial_core: Check for port state when tty is in error state - Bluetooth: Fix slab-out-of-bounds read in hci_le_direct_adv_report_evt() - quota: Sanity-check quota file headers on load - media: msi2500: assign SPI bus number dynamically - crypto: af_alg - avoid undefined behavior accessing salg_name - md: fix a warning caused by a race between concurrent md_ioctl()s - perf cs-etm: Change tuple from traceID-CPU# to traceID-metadata - perf cs-etm: Move definition of 'traceid_list' global variable from header file - [x86] drm/gma500: fix double free of gma_connector - selinux: fix error initialization in inode_doinit_with_dentry() - RDMA/rxe: Compute PSN windows correctly - [x86] mm/ident_map: Check for errors from ident_pud_init() - [armel,armhf] p2v: fix handling of LPAE translation in BE mode - [x86] apic: Fix x2apic enablement without interrupt remapping - sched/deadline: Fix sched_dl_global_validate() - sched: Reenable interrupts in do_sched_yield() - [arm64] crypto: inside-secure - Fix sizeof() mismatch - [powerpc*] 64: Set up a kernel stack for secondaries before cpu_restore() - [arm64] drm/msm/dsi_pll_10nm: restore VCO rate during restore_state - ASoC: pcm: DRAIN support reactivation - selinux: fix inode_doinit_with_dentry() LABEL_INVALID error handling - Bluetooth: Fix null pointer dereference in hci_event_packet() - Bluetooth: hci_h5: fix memory leak in h5_close - [armhf] spi: spi-ti-qspi: fix reference leak in ti_qspi_setup - [arm64] spi: tegra20-slink: fix reference leak in slink ops of tegra20 - [arm64,armhf] spi: tegra20-sflash: fix reference leak in tegra_sflash_resume - [arm64,armhf] spi: tegra114: fix reference leak in tegra spi ops - mwifiex: fix mwifiex_shutdown_sw() causing sw reset failure - RDMa/mthca: Work around -Wenum-conversion warning - [x86] crypto: qat - fix status check in qat_hal_put_rel_rd_xfer() - [x86] media: tm6000: Fix sizeof() mismatches - scsi: core: Fix VPD LUN ID designator priorities - media: solo6x10: fix missing snd_card_free in error handling case - [armhf] drm/omap: dmm_tiler: fix return error code in omap_dmm_probe() - Input: ads7846 - fix race that causes missing releases - Input: ads7846 - fix integer overflow on Rt calculation - Input: ads7846 - fix unaligned access on 7845 - spi: fix resource leak for drivers without .remove callback - [armhf] Input: omap4-keypad - fix runtime PM error handling - RDMA/cxgb4: Validate the number of CQEs - memstick: fix a double-free bug in memstick_check - orinoco: Move context allocation after processing the skb - [arm64] dmaengine: mv_xor_v2: Fix error return code in mv_xor_v2_probe() - media: siano: fix memory leak of debugfs members in smsdvb_hotplug - [armhf] HSI: omap_ssi: Don't jump to free ID in ssi_add_controller() - [arm64] dts: rockchip: Set dr_mode to "host" for OTG on rk3328-roc-cc - [x86] power: supply: bq24190_charger: fix reference leak - genirq/irqdomain: Don't try to free an interrupt that has no mapping - PCI: Bounds-check command-line resource alignment requests - PCI: Fix overflow in command-line resource alignment requests - [arm64] dts: meson: fix spi-max-frequency on Khadas VIM2 - [x86] platform/x86: dell-smbios-base: Fix error return code in dell_smbios_init - ath10k: Fix the parsing error in service available event - ath10k: Fix an error handling path - ath10k: Release some resources in an error handling path - NFSv4.2: condition READDIR's mask for security label based on LSM state - SUNRPC: xprt_load_transport() needs to support the netid "rdma6" - lockd: don't use interval-based rebinding over TCP - NFS: switch nfsiod to be an UNBOUND workqueue. - vfio-pci: Use io_remap_pfn_range() for PCI IO memory - media: saa7146: fix array overflow in vidioc_s_audio() - memstick: r592: Fix error return in r592_probe() - net/mlx5: Properly convey driver version to firmware - dm ioctl: fix error return code in target_message - [arm64,armhf] clocksource/drivers/arm_arch_timer: Correct fault programming of CNTKCTL_EL1.EVNTI - [armhf] cpufreq: highbank: Add missing MODULE_DEVICE_TABLE - scsi: qedi: Fix missing destroy_workqueue() on error in __qedi_probe - scsi: pm80xx: Fix error return in pm8001_pci_probe() - seq_buf: Avoid type mismatch for seq_buf_init - [x86] scsi: fnic: Fix error return code in fnic_probe() - [powerpc*] pseries/hibernation: drop pseries_suspend_begin() from suspend ops - [powerpc*] pseries/hibernation: remove redundant cacheinfo update - [armhf] usb: ehci-omap: Fix PM disable depth umbalance in ehci_hcd_omap_probe - speakup: fix uninitialized flush_lock - nfsd: Fix message level for normal termination - nfs_common: need lock during iterate through the list - [x86] kprobes: Restore BTF if the single-stepping is cancelled - [arm64,armhf] clk: tegra: Fix duplicated SE clock entry - mac80211: don't set set TDLS STA bandwidth wider than possible - watchdog: Fix potential dereferencing of null pointer - [armhf] net: allwinner: Fix some resources leak in the error handling path of the probe and in the remove function - [arm64,x86] libnvdimm/label: Return -ENXIO for no slot in __blk_label_update - [arm64] watchdog: qcom: Avoid context switch in restart handler - [armhf] clk: ti: Fix memleak in ti_fapll_synth_setup - qlcnic: Fix error code in probe - [armhf] clk: s2mps11: Fix a resource leak in error handling paths in the probe function - [arm64,armhf] clk: sunxi-ng: Make sure divider tables have sentinel - [armhf] sunxi: Add machine match for the Allwinner V3 SoC - cfg80211: initialize rekey_data - lwt: Disable BH too in run_lwt_bpf() - [arm64,armhf] Input: cros_ec_keyb - send 'scancodes' in addition to key events - Input: goodix - add upside-down quirk for Teclast X98 Pro tablet - media: gspca: Fix memory leak in probe - [armhf] media: sunxi-cir: ensure IR is handled when it is continuous - media: netup_unidvb: Don't leak SPI master in probe error path - [x86] Input: cyapa_gen6 - fix out-of-bounds stack access - ALSA: hda/ca0132 - Change Input Source enum strings. - PM: ACPI: PCI: Drop acpi_pm_set_bridge_wakeup() - Revert "ACPI / resources: Use AE_CTRL_TERMINATE to terminate resources walks" - ACPI: PNP: compare the string length in the matching_id() - ALSA: hda: Fix regressions on clear and reconfig sysfs - ALSA: hda/realtek - Enable headset mic of ASUS X430UN with ALC256 - ALSA: hda/realtek - Enable headset mic of ASUS Q524UQK with ALC255 - ALSA: pcm: oss: Fix a few more UBSAN fixes - ALSA: hda/realtek: Add quirk for MSI-GP73 - ALSA: hda/realtek: Apply jack fixup for Quanta NL3 - ALSA: usb-audio: Add VID to support native DSD reproduction on FiiO devices - ALSA: usb-audio: Disable sample read check if firmware doesn't give back - [s390x] smp: perform initial CPU reset also for SMT siblings - [s390x] dasd: fix hanging device offline processing - [s390x] dasd: prevent inconsistent LCU device data - [s390x] dasd: fix list corruption of pavgroup group list - [s390x] dasd: fix list corruption of lcu list - [x86] staging: comedi: mf6x4: Fix AI end-of-conversion detection - [powerpc*] perf: Exclude kernel samples while counting events in user space. - crypto: ecdh - avoid unaligned accesses in ecdh_set_secret() - [x86] EDAC/amd64: Fix PCI component registration - USB: serial: mos7720: fix parallel-port state restore - USB: serial: digi_acceleport: fix write-wakeup deadlocks - USB: serial: keyspan_pda: fix dropped unthrottle interrupts - USB: serial: keyspan_pda: fix write deadlock - USB: serial: keyspan_pda: fix stalled writes - USB: serial: keyspan_pda: fix write-wakeup use-after-free - USB: serial: keyspan_pda: fix tx-unthrottle use-after-free - USB: serial: keyspan_pda: fix write unthrottling - ext4: fix a memory leak of ext4_free_data - ext4: fix deadlock with fs freezing and EA inodes - [arm64] KVM: Introduce handling of AArch32 TTBCR2 traps - [armhf] dts: pandaboard: fix pinmux for gpio user button of Pandaboard ES - [powerpc*] Fix incorrect stw{, ux, u, x} instructions in __set_pte_at - [powerpc*] rtas: Fix typo of ibm,open-errinjct in RTAS filter - [powerpc*] xmon: Change printk() to pr_cont() - ceph: fix race in concurrent __ceph_remove_cap invocations - SMB3: avoid confusing warning message on mount to Azure - SMB3.1.1: do not log warning message if server doesn't populate salt - ubifs: wbuf: Don't leak kernel memory to flash - jffs2: Fix GC exit abnormally - jfs: Fix array index bounds check in dbAdjTree (CVE-2020-27815) - drm/dp_aux_dev: check aux_dev before use in drm_dp_aux_dev_get_by_minor() - [armel] mtd: parser: cmdline: Fix parsing of part-names with colons - scsi: lpfc: Fix invalid sleeping context in lpfc_sli4_nvmet_alloc() - scsi: lpfc: Re-fix use after free in lpfc_rq_buf_free() - iio: buffer: Fix demux update - [arm64,armhf] iio: adc: rockchip_saradc: fix missing clk_disable_unprepare() on error in rockchip_saradc_resume - md/cluster: block reshape with remote resync job - md/cluster: fix deadlock when node is doing resync job - [arm64,armhf] pinctrl: sunxi: Always call chained_irq_{enter, exit} in sunxi_pinctrl_irq_handler - [arm64] clk: mvebu: a3700: fix the XTAL MODE pin to MPP1_9 - xen-blkback: set ring->xenblkd to NULL after kthread_stop() (CVE-2020-29569) - xen/xenbus: Allow watches discard events before queueing (CVE-2020-29568) - xen/xenbus: Add 'will_handle' callback support in xenbus_watch_path() (CVE-2020-29568) - xen/xenbus/xen_bus_type: Support will_handle watch callback (CVE-2020-29568) - xen/xenbus: Count pending messages for each watch (CVE-2020-29568) - xenbus/xenbus_backend: Disallow pending watch messages (CVE-2020-29568) - libnvdimm/namespace: Fix reaping of invalidated block-window-namespace labels - [x86] platform/x86: intel-vbtn: Allow switch events on Acer Switch Alpha 12 - PCI: Fix pci_slot_release() NULL pointer dereference https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.165 - md/raid10: initialize r10_bio->read_slot before use. - fscrypt: add fscrypt_is_nokey_name() - ext4: prevent creating duplicate encrypted filenames - f2fs: prevent creating duplicate encrypted filenames - ubifs: prevent creating duplicate encrypted filenames - vfio/pci: Move dummy_resources_list init in vfio_pci_probe() - ext4: don't remount read-only with errors=continue on reboot - uapi: move constants from to - [x86] KVM: SVM: relax conditions for allowing MSR_IA32_SPEC_CTRL accesses - [x86] KVM: reinstate vendor-agnostic check on SPEC_CTRL cpuid bits - [powerpc*] bitops: Fix possible undefined behaviour with fls() and fls64() - xen/gntdev.c: Mark pages as dirty - null_blk: Fix zone size initialization - of: fix linker-section match-table corruption - Bluetooth: hci_h5: close serdev device and free hu in h5_close - reiserfs: add check for an invalid ih_entry_count - [x86] misc: vmw_vmci: fix kernel info-leak by initializing dbells in vmci_ctx_get_chkpt_doorbells() - media: gp8psk: initialize stats at power control logic - ALSA: seq: Use bool for snd_seq_queue internal flags - ALSA: rawmidi: Access runtime->avail always in spinlock - fcntl: Fix potential deadlock in send_sig{io, urg}() - [arm64,armhf] rtc: sun6i: Fix memleak in sun6i_rtc_clk_init - module: set MODULE_STATE_GOING state when a module fails to load - quota: Don't overflow quota file offsets - NFSv4: Fix a pNFS layout related use-after-free race when freeing the inode - module: delay kobject uevent until after module init call - ALSA: pcm: Clear the full allocated memory at hw_params - dm verity: skip verity work if I/O error when system is shutting down https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.166 - kdev_t: always inline major/minor helper functions - mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start (CVE-2020-36158) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.167 - workqueue: Kick a worker based on the actual activation of delayed works - scsi: ufs: Fix wrong print message in dev_err() - scsi: ufs-pci: Ensure UFS device is in PowerDown mode for suspend-to-disk ->poweroff() - scsi: scsi_transport_spi: Set RQF_PM for domain validation commands - lib/genalloc: fix the overflow when size is too big - proc: change ->nlink under proc_subdir_lock - proc: fix lookup in /proc/net subdirectories after setns(2) - i40e: Fix Error I40E_AQ_RC_EINVAL when removing VFs - [arm64,armhf] net: mvpp2: Add TCAM entry to drop flow control pause frames - [arm64,armhf] net: mvpp2: prs: fix PPPoE with ipv6 packet parse - atm: idt77252: call pci_disable_device() on error path - [arm64,armhf] net: mvpp2: Fix GoP port 3 Networking Complex Control configurations - qede: fix offload for IPIP tunnel packets - virtio_net: Fix recursive call to cpus_read_lock() - net-sysfs: take the rtnl lock when storing xps_cpus - net-sysfs: take the rtnl lock when accessing xps_cpus_map and num_tc - tun: fix return value when the number of iovs exceeds MAX_SKB_FRAGS - ipv4: Ignore ECN bits for fib lookups in fib_compute_spec_dst() - [arm64] net: hns: fix return value check in __lb_other_process() - erspan: fix version 1 check in gre_parse_header() - net: hdlc_ppp: Fix issues when mod_timer is called while timer is running - CDC-NCM: remove "connected" log message - net: usb: qmi_wwan: add Quectel EM160R-GL - r8169: work around power-saving bug on some chip versions - vhost_net: fix ubuf refcount incorrectly when sendmsg fails - net: sched: prevent invalid Scell_log shift count - net-sysfs: take the rtnl lock when storing xps_rxqs - net-sysfs: take the rtnl lock when accessing xps_rxqs_map and num_tc - Bluetooth: revert: hci_h5: close serdev device and free hu in h5_close - [x86] video: hyperv_fb: Fix the mmap() regression for v5.4.y and older - crypto: ecdh - avoid buffer overflow in ecdh_set_secret() - usb: gadget: enable super speed plus - USB: cdc-acm: blacklist another IR Droid device - USB: cdc-wdm: Fix use after free in service_outstanding_interrupt(). - [arm64] usb: dwc3: ulpi: Use VStsDone to detect PHY regs access completion - [arm64,armhf] usb: chipidea: ci_hdrc_imx: add missing put_device() call in usbmisc_get_init_data() - USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST quirk set - usb: usbip: vhci_hcd: protect shift size - USB: serial: iuu_phoenix: fix DMA from stack - USB: serial: option: add LongSung M5710 module support - USB: serial: option: add Quectel EM160R-GL - USB: yurex: fix control-URB timeout handling - USB: usblp: fix DMA to stack - ALSA: usb-audio: Fix UBSAN warnings for MIDI jacks - usb: gadget: f_uac2: reset wMaxPacketSize - usb: gadget: function: printer: Fix a memory leak for interface descriptor - usb: gadget: u_ether: Fix MTU size mismatch with RX packet size - usb: gadget: Fix spinlock lockup on usb_function_deactivate - usb: gadget: configfs: Preserve function ordering after bind failure - usb: gadget: configfs: Fix use-after-free issue with udc_name - USB: serial: keyspan_pda: remove unused variable - [x86] mm: Fix leak of pmd ptlock - ALSA: hda/via: Fix runtime PM for Clevo W35xSS - ALSA: hda/conexant: add a new hda codec CX11970 - ALSA: hda/realtek - Fix speaker volume control on Lenovo C940 - btrfs: send: fix wrong file path when there is an inode with a pending rmdir - Revert "device property: Keep secondary firmware node secondary by type" - [x86] xen/pvh: correctly setup the PV EFI interface for dom0 - netfilter: x_tables: Update remaining dereference to RCU - netfilter: ipset: fix shift-out-of-bounds in htable_bits() - netfilter: xt_RATEEST: reject non-null terminated string from userspace - [x86] mtrr: Correct the range check before performing MTRR type lookups - scsi: target: Fix XCOPY NAA identifier lookup (CVE-2020-28374) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.168 - net: cdc_ncm: correct overhead in delayed_ndp_size (Closes: #970736) - [arm64] net: hns3: fix the number of queues actually used by ARQ - [arm64,armhf] net: stmmac: dwmac-sun8i: Balance internal PHY resource references - [arm64,armhf] net: stmmac: dwmac-sun8i: Balance internal PHY power - net: vlan: avoid leaks on register_vlan_dev() failures - net: ip: always refragment ip defragmented packets - net: fix pmtu check in nopmtudisc mode - net: ipv6: fib: flush exceptions when purging route - vmlinux.lds.h: Add PGO and AutoFDO input sections - [x86] drm/i915: Fix mismatch between misplaced vma check and vma insert - [amd64] spi: pxa2xx: Fix use-after-free on unbind - HID: wacom: Fix memory leakage caused by kfifo_alloc - [armhf] OMAP2+: omap_device: fix idling of devices during probe - [x86] cpufreq: powernow-k8: pass policy rather than use cpufreq_cpu_get() - [amd64] iommu/intel: Fix memleak in intel_irq_remapping_alloc - net/mlx5e: Fix memleak in mlx5e_create_l2_table_groups - net/mlx5e: Fix two double free cases - regmap: debugfs: Fix a memory leak when calling regmap_attach_dev - [arm64] KVM: Don't access PMCR_EL0 when no PMU is available - block: fix use-after-free in disk_part_iter_next - net: drop bogus skb with CHECKSUM_PARTIAL and offset beyond end of trimmed packet - regmap: debugfs: Fix a reversed if statement in regmap_debugfs_init() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.169 - ASoC: dapm: remove widget from dirty list on free - [x86] hyperv: check cpu mask after interrupt has been disabled - [mips*] boot: Fix unaligned access with CONFIG_MIPS_RAW_APPENDED_DTB - ACPI: scan: Harden acpi_device_add() against device ID overflows - mm/hugetlb: fix potential missing huge page size info - dm snapshot: flush merged data before committing metadata - dm integrity: fix the maximum number of arguments - r8152: Add Lenovo Powered USB-C Travel Hub - ext4: fix bug for rename with RENAME_WHITEOUT - btrfs: fix transaction leak and crash after RO remount caused by qgroup rescan - bfq: Fix computation of shallow depth - [arm64] drm/msm: Call msm_init_vram before binding the gpu - dump_common_audit_data(): fix racy accesses to ->d_name - [x86] ASoC: Intel: fix error code cnl_set_dsp_D0() - NFS4: Fix use-after-free in trace_event_raw_event_nfs4_set_lock - pNFS: Mark layout for return if return-on-close was not sent - NFS/pNFS: Fix a leak of the layout 'plh_outstanding' counter - NFS: nfs_igrab_and_active must first reference the superblock - ext4: fix superblock checksum failure when setting password salt - [amd64] RDMA/usnic: Fix memleak in find_free_vf_and_create_qp_grp - RDMA/mlx5: Fix wrong free of blue flame register on error - mm, slub: consider rest of partial list if acquire_slab() fails - net: sunrpc: interpret the return value of kstrtou32 correctly - dm: eliminate potential source of excessive kernel log noise - ALSA: firewire-tascam: Fix integer overflow in midi_port_work() - ALSA: fireface: Fix integer overflow in transmit_midi_msg() - netfilter: conntrack: fix reading nf_conntrack_buckets - netfilter: nf_nat: Fix memleak in nf_nat_init https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.170 - usb: ohci: Make distrust_firmware param default to false - dm integrity: fix flush with external metadata device - nfsd4: readdirplus shouldn't return parent of export (CVE-2021-3178) - udp: Prevent reuseport_select_sock from reading uninitialized socks - netxen_nic: fix MSI/MSI-x interrupts - [arm64,armhf] net: mvpp2: Remove Pause and Asym_Pause support - rndis_host: set proper input size for OID_GEN_PHYSICAL_MEDIUM request - esp: avoid unneeded kmap_atomic call - net: dcb: Validate netlink message in DCB handler - net: dcb: Accept RTM_GETDCB messages carrying set-like DCB commands - rxrpc: Call state should be read with READ_ONCE() under some circumstances - [arm64,armhf] net: stmmac: Fixed mtu channged by cache aligned - net: sit: unregister_netdevice on newlink's error path - net: avoid 32 x truesize under-estimation for tiny skbs - rxrpc: Fix handling of an unsupported token type in rxrpc_read() - tipc: fix NULL deref in tipc_link_xmit() - net: introduce skb_list_walk_safe for skb segment walking - net: skbuff: disambiguate argument and member for skb_list_walk_safe helper - net: ipv6: Validate GSO SKB before finish IPv6 processing https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.171 - ALSA: hda/via: Add minimum mute flag - ACPI: scan: Make acpi_bus_get_device() clear return pointer on error - btrfs: fix lockdep splat in btrfs_recover_relocation - mmc: core: don't initialize block size from ext_csd if not present - [arm64] mmc: sdhci-xenon: fix 1.8v regulator stabilization - dm: avoid filesystem lookup in dm_get_dev_t() - dm integrity: fix a crash if "recalculate" used without "internal_hash" - drm/atomic: put state on error path - [x86] ASoC: Intel: haswell: Add missing pm_ops - scsi: ufs: Correct the LUN used in eh_device_reset_handler() callback - scsi: qedi: Correct max length of CHAP secret - HID: Ignore battery for Elan touchscreen on ASUS UX550 - xen: Fix event channel callback via INTX/GSI - drm/nouveau/bios: fix issue shadowing expansion ROMs - drm/nouveau/privring: ack interrupts the same way as RM - drm/nouveau/i2c/gm200: increase width of aux semaphore owner fields - drm/nouveau/mmu: fix vram heap sizing - drm/nouveau/kms/nv50-: fix case where notifier buffer is at offset 0 - scsi: megaraid_sas: Fix MEGASAS_IOC_FIRMWARE regression - i2c: octeon: check correct size of maximum RECV_LEN packet - [x86] platform/x86: intel-vbtn: Drop HP Stream x360 Convertible PC 11 from allow-list - can: dev: can_restart: fix use after free bug - can: vxcan: vxcan_xmit: fix use after free bug - can: peak_usb: fix use after free bugs - [mips*] irqchip/mips-cpu: Set IPI domain parent chip - [x86] intel_th: pci: Add Alder Lake-P support - [arm64] serial: mvebu-uart: fix tx lost characters at power off - ehci: fix EHCI host controller initialization sequence - usb: udc: core: Use lock when write to soft_connect - xhci: make sure TRB is fully written before giving it to the controller - [arm64,armhf] xhci: tegra: Delay for disabling LFPS detector - driver core: Extend device_is_dependent() - netfilter: rpfilter: mask ecn bits before fib lookup - skbuff: back tiny skbs with kmalloc() in __netdev_alloc_skb() too - udp: mask TOS bits in udp_v4_early_demux() - ipv6: create multicast route with RTPROT_KERNEL - net_sched: avoid shift-out-of-bounds in tcindex_set_parms() - net_sched: reject silly cell_log in qdisc_get_rtab() - ipv6: set multicast flag on the multicast route - net: Disable NETIF_F_HW_TLS_RX when RXCSUM is disabled - [armhf] net: dsa: b53: fix an off by one in checking "vlan->vid" . [ Salvatore Bonaccorso ] * [rt] Update to 4.19.165-rt70 * Bump ABI to 14 * [rt] Refresh "net/core: protect users of napi_alloc_cache against reentrance" * futex: Move futex exit handling into futex code * futex: Replace PF_EXITPIDONE with a state * exit/exec: Seperate mm_release() * futex: Split futex_mm_release() for exit/exec * futex: Set task::futex_state to DEAD right after handling futex exit * futex: Mark the begin of futex exit explicitly * futex: Sanitize exit state handling * futex: Provide state handling for exec() as well * futex: Add mutex around futex exit * futex: Provide distinct return value when owner is exiting * futex: Prevent exit livelock * [rt] Refresh "softirq: Split softirq locks" * [arm*] gpio: mvebu: fix pwm .get_state period calculation * Revert "mm/slub: fix a memory leak in sysfs_slab_add()" * futex: Ensure the correct return value from futex_lock_pi() * futex: Replace pointless printk in fixup_owner() * futex: Provide and use pi_state_update_owner() * rtmutex: Remove unused argument from rt_mutex_proxy_unlock() * futex: Use pi_state_update_owner() in put_pi_state() * futex: Simplify fixup_pi_state_owner() * futex: Handle faults correctly for PI futexes * [rt] Refresh "rtmutex: Handle the various new futex race conditions" * [rt] Refresh "rtmutex: add sleeping lock implementation" * [rt] Refresh "Revert "rtmutex: Handle the various new futex race conditions"" * [rt] Refresh "futex: Make the futex_hash_bucket lock raw" * [rt] Refresh "futex: Delay deallocation of pi_state" * [rt] Refresh "futex: Make the futex_hash_bucket spinlock_t again and bring back its old state" * HID: wacom: Correct NULL dereference on AES pen proximity * tracing: Fix race in trace_open and buffer resize call (CVE-2020-27825) . [ Uwe Kleine-König ] * [arm64] Enable support for NXP's PCF85063 RTC (Closes: #972345) lttng-modules (2.10.8-1+deb10u1) buster; urgency=medium . * [5c8aed8] Update debian/gbp.conf for buster * [16882db] Fix build on >= 4.19.0-10 kernels (Closes: #972321) lxml (4.3.2-1+deb10u2) buster-security; urgency=medium . * Enable the test suite (non-fatal). * math-svg.patch: update expected results for the test suite. * Fix regression in Python 2 in the last part of CVE-2020-27783. Closes: #977387. lxml (4.3.2-1+deb10u1) buster-security; urgency=medium . * CVE-2020-27783 * Backport a105ab8dc262ec6735977c25c13f0bdfcdec72a7 for similar issue * Pass --with-cython to make sure the C parts get actually rebuilt m2crypto (0.31.0-4+deb10u1) buster; urgency=medium . * Non-maintainer upload. * debian/patches/MR261.patch - fix compatibility with openssl/1.1.1i+; Closes: #954402 mediawiki (1:1.31.12-1~deb10u1) buster-security; urgency=medium . * New upstream version 1.31.12, fixing CVE-2020-35475, CVE-2020-35477, CVE-2020-35479, CVE-2020-35480. This version is not affected by CVE-2020-35474 nor CVE-2020-35478. * Respect $wgRedirectOnLogin configuration setting (Closes: #971986). * Flatten footer links without triggering a PHP warning (Closes: #971985). mini-buildd (1.0.36+deb10u1) buster; urgency=medium . * [36d75e1] debian/gbp.conf: Update debian branch. * [85bd4e0] builder.py: sbuild call: set '--no-arch-all' explicitly (Fixes "false" reprepro errors after successful builds w/ sbuild >= 0.77) (Fixes: #951641) minidlna (1.2.1+dfsg-2+deb10u2) buster-security; urgency=medium . * d/minidlna.postrm: Do not fail on purge (Closes: #975372). This fixes the regression (from 1.2.1+dfsg-2) in stable archive after accidentially uploaded 1.2.1+dfsg-2+deb10u1. minidlna (1.2.1+dfsg-2+deb10u1) buster-security; urgency=high . * Add 0011-upnphttp-Disallow-negative-HTTP-chunk-lengths.patch CVE-2020-28926 (Closes: #976595). * Add 0012-upnphttp-Validate-SUBSCRIBE-callback-URL.patch CVE-2020-12695 (Closes: #976594). minidlna (1.2.1+dfsg-2) unstable; urgency=medium . [ Alexander Gerasiov ] * Add 14-fix-gcc10-ftbfs.patch: Fixes FTBFS with gcc10 (Closes: #957541). * Move logs to /var/log/minidlna dir. * Remove unused START_DAEMON var from default file (Closes: #879541). * Add systemd service file (Closes: #950270). * Bump debhelper's version to 12. * Bump Standards-Version. * d/control: Update Vcs headers. * d/copyright: Secure links to format and homepage. . [ Debian Janitor ] * Trim trailing whitespace. * debian/copyright: use spaces rather than tabs to start continuation lines. * Update renamed lintian tag names in lintian overrides. * Set upstream metadata fields: Archive, Repository. . [ Alexander Gerasiov ] * Add 15-use-newer-ip_multicast_if-api.patch: (Closes: #941410). * d/control: Update description (Closes: #927393). mutt (1.10.1-2.1+deb10u5) buster-security; urgency=high . * debian/patches: + fix for CVE-2021-3181 in security/CVE-2021-3181.patch (Closes: 980326). net-snmp (5.7.3+dfsg-5+deb10u2) buster; urgency=high . * snmpd: Add cacheTime and execType flags to EXTEND-MIB. Previous security release made EXTEND-MIB read-only which meant it was not possible to set the timeout of the cache. This patch allows the administrator to set the value in the snmpd.conf file. Closes: #969508 node-ini (1.3.5-1+deb10u1) buster; urgency=medium . * Team upload * Do not allow invalid hazardous string as section name (Closes: #977718, CVE-2020-7788) node-y18n (3.2.1-2+deb10u1) buster; urgency=medium . * Team upload. * Fix prototype pollution (Closes: #976390, CVE-2020-7774) nvidia-graphics-drivers (418.181.07-1) buster; urgency=medium . * New upstream Tesla release 418.181.07 (2021-01-19). * Fixed CVE-2021-1056. (Closes: #979670) https://nvidia.custhelp.com/app/answers/detail/a_id/5142 * Improved compatibility with recent Linux kernels. . [ Andreas Beckmann ] * Refresh patches. * Allow alternative libnvidia-{tesla,legacy}-*-cfg1 packages to substitute libnvidia-cfg1 in third-party packages (450.57-2). - Add Provides: libnvidia-cfg.so.1 (= ${nvidia:Version}). - Generate alternative versioned dependency on libnvidia-cfg.so.1 through the symbols file. * Test that the patches can be applied to the module source (450.66-1). * nvidia-kernel-dkms: Ship with unapplied patches and apply the patches while building kernel modules (450.66-1). * Simplify generating the -source and -dkms packages (450.66-1). * Bump watch file version to 4. * Bump Standards-Version to 4.5.1. No changes needed. * Upload to buster. . [ Vincent Cheng ] * Remove myself from Uploaders. . nvidia-graphics-drivers (418.165.02-2) UNRELEASED; urgency=medium . * Backport drm_prime_pages_to_sg_has_drm_device_arg and get_dma_ops changes from 455.45.01 to fix kernel module build for Linux 5.10. . nvidia-graphics-drivers (418.165.02-1) UNRELEASED; urgency=medium . * New upstream Tesla release 418.165.02 (2020-09-30). . [ Andreas Beckmann ] * Backport get_user_pages_remote, vga_tryget, smp_read_barrier_depends, drm_driver_has_gem_free_object, drm_display_mode_has_vrefresh, drm_driver_master_set_has_int_return_type and drm_gem_object_put_unlocked changes from 455.23.04 to fix kernel module build for Linux 5.9. * Refresh patches. * Update lintian overrides. . nvidia-graphics-drivers (418.152.00-2) UNRELEASED; urgency=medium . * Backport nv_vmalloc and nv_mmap_* (mmap_{sem=>lock}) changes from 450.57 to fix kernel module build for Linux 5.8. nvidia-graphics-drivers (418.181.07-1~bpo9+1) stretch-backports; urgency=medium . * Rebuild for stretch-backports. . nvidia-graphics-drivers (418.181.07-1) buster; urgency=medium . * New upstream Tesla release 418.181.07 (2021-01-19). * Fixed CVE-2021-1056. (Closes: #979670) https://nvidia.custhelp.com/app/answers/detail/a_id/5142 * Improved compatibility with recent Linux kernels. . [ Andreas Beckmann ] * Refresh patches. * Allow alternative libnvidia-{tesla,legacy}-*-cfg1 packages to substitute libnvidia-cfg1 in third-party packages (450.57-2). - Add Provides: libnvidia-cfg.so.1 (= ${nvidia:Version}). - Generate alternative versioned dependency on libnvidia-cfg.so.1 through the symbols file. * Test that the patches can be applied to the module source (450.66-1). * nvidia-kernel-dkms: Ship with unapplied patches and apply the patches while building kernel modules (450.66-1). * Simplify generating the -source and -dkms packages (450.66-1). * Bump watch file version to 4. * Bump Standards-Version to 4.5.1. No changes needed. * Upload to buster. . [ Vincent Cheng ] * Remove myself from Uploaders. . nvidia-graphics-drivers (418.165.02-2) UNRELEASED; urgency=medium . * Backport drm_prime_pages_to_sg_has_drm_device_arg and get_dma_ops changes from 455.45.01 to fix kernel module build for Linux 5.10. . nvidia-graphics-drivers (418.165.02-1) UNRELEASED; urgency=medium . * New upstream Tesla release 418.165.02 (2020-09-30). . [ Andreas Beckmann ] * Backport get_user_pages_remote, vga_tryget, smp_read_barrier_depends, drm_driver_has_gem_free_object, drm_display_mode_has_vrefresh, drm_driver_master_set_has_int_return_type and drm_gem_object_put_unlocked changes from 455.23.04 to fix kernel module build for Linux 5.9. * Refresh patches. * Update lintian overrides. . nvidia-graphics-drivers (418.152.00-2) UNRELEASED; urgency=medium . * Backport nv_vmalloc and nv_mmap_* (mmap_{sem=>lock}) changes from 450.57 to fix kernel module build for Linux 5.8. nvidia-graphics-drivers-legacy-390xx (390.141-2~deb10u1) buster; urgency=medium . * Rebuild for buster. . nvidia-graphics-drivers-legacy-390xx (390.141-2) unstable; urgency=medium . * Really re-enable building the nvidia-uvm module. . nvidia-graphics-drivers-legacy-390xx (390.141-1) unstable; urgency=medium . * New upstream legacy branch release 390.141 (2021-01-07). * Fixed CVE-2021-1056. (Closes: #979672) https://nvidia.custhelp.com/app/answers/detail/a_id/5142 - Fixed a driver installation failure on Linux kernel 5.8 release candidates, where the NVIDIA kernel module failed to build with error "'struct mm_struct' has no member named 'mmap_sem'". - Fixed a driver installation failure on Linux kernel 5.8 release candidates, where the NVIDIA kernel module failed to build with error "too many arguments to function '__vmalloc'". * Improved compatibility with recent Linux kernels. . [ Andreas Beckmann ] * Re-enable building the nvidia-uvm module. * Refresh patches. * Update glvnd symbols files. * Update lintian overrides. . nvidia-graphics-drivers-legacy-390xx (390.138-6) unstable; urgency=medium . * Backport drm_prime_pages_to_sg_has_drm_device_arg and get_dma_ops changes from 455.45.01 to fix kernel module build for Linux 5.10. * Bump watch file version to 4. * Bump Standards-Version to 4.5.1. No changes needed. . nvidia-graphics-drivers-legacy-390xx (390.138-5) unstable; urgency=medium . * Backport get_user_pages_remote, vga_tryget, drm_driver_has_gem_free_object, drm_display_mode_has_vrefresh, drm_driver_master_set_has_int_return_type and drm_gem_object_put_unlocked changes from 455.23.04 to fix kernel module build for Linux 5.9. (Closes: #972468, #972511) . nvidia-graphics-drivers-legacy-390xx (390.138-4) unstable; urgency=medium . * Do not break non-uvm architectures when disabling the uvm module. (Closes: #970390) . nvidia-graphics-drivers-legacy-390xx (390.138-3) unstable; urgency=medium . * Temporarily disable building the nvidia-uvm module. (Closes: #969085, #969755, #969889, #969894, #970093) * Update lintian overrides. . nvidia-graphics-drivers-legacy-390xx (390.138-2) unstable; urgency=medium . [ Andreas Beckmann ] * Allow alternative libnvidia-{tesla,legacy}-*-cfg1 packages to substitute libnvidia-cfg1 in third-party packages (450.57-2). - Add Provides: libnvidia-cfg.so.1 (= ${nvidia:Version}). - Generate alternative versioned dependency on libnvidia-cfg.so.1 through the symbols file. * Test that the patches can be applied to the module source (450.66-1). * nvidia-kernel-dkms: Ship with unapplied patches and apply the patches while building kernel modules (450.66-1). * Simplify generating the -source and -dkms packages (450.66-1). * Backport nv_vmalloc changes from 450.57 and work around mmap_{sem=>lock} rename to fix kernel module build for Linux 5.8. (Partly addresses #969085) * Update lintian overrides. . [ Vincent Cheng ] * Remove myself from Uploaders. nvidia-graphics-drivers-legacy-390xx (390.141-2~deb10u1~bpo9+1) stretch-backports; urgency=medium . * Rebuild for stretch-backports. . nvidia-graphics-drivers-legacy-390xx (390.141-2~deb10u1) buster; urgency=medium . * Rebuild for buster. . nvidia-graphics-drivers-legacy-390xx (390.141-2) unstable; urgency=medium . * Really re-enable building the nvidia-uvm module. . nvidia-graphics-drivers-legacy-390xx (390.141-1) unstable; urgency=medium . * New upstream legacy branch release 390.141 (2021-01-07). * Fixed CVE-2021-1056. (Closes: #979672) https://nvidia.custhelp.com/app/answers/detail/a_id/5142 - Fixed a driver installation failure on Linux kernel 5.8 release candidates, where the NVIDIA kernel module failed to build with error "'struct mm_struct' has no member named 'mmap_sem'". - Fixed a driver installation failure on Linux kernel 5.8 release candidates, where the NVIDIA kernel module failed to build with error "too many arguments to function '__vmalloc'". * Improved compatibility with recent Linux kernels. . [ Andreas Beckmann ] * Re-enable building the nvidia-uvm module. * Refresh patches. * Update glvnd symbols files. * Update lintian overrides. . nvidia-graphics-drivers-legacy-390xx (390.138-6) unstable; urgency=medium . * Backport drm_prime_pages_to_sg_has_drm_device_arg and get_dma_ops changes from 455.45.01 to fix kernel module build for Linux 5.10. * Bump watch file version to 4. * Bump Standards-Version to 4.5.1. No changes needed. . nvidia-graphics-drivers-legacy-390xx (390.138-5) unstable; urgency=medium . * Backport get_user_pages_remote, vga_tryget, drm_driver_has_gem_free_object, drm_display_mode_has_vrefresh, drm_driver_master_set_has_int_return_type and drm_gem_object_put_unlocked changes from 455.23.04 to fix kernel module build for Linux 5.9. (Closes: #972468, #972511) . nvidia-graphics-drivers-legacy-390xx (390.138-4) unstable; urgency=medium . * Do not break non-uvm architectures when disabling the uvm module. (Closes: #970390) . nvidia-graphics-drivers-legacy-390xx (390.138-3) unstable; urgency=medium . * Temporarily disable building the nvidia-uvm module. (Closes: #969085, #969755, #969889, #969894, #970093) * Update lintian overrides. . nvidia-graphics-drivers-legacy-390xx (390.138-2) unstable; urgency=medium . [ Andreas Beckmann ] * Allow alternative libnvidia-{tesla,legacy}-*-cfg1 packages to substitute libnvidia-cfg1 in third-party packages (450.57-2). - Add Provides: libnvidia-cfg.so.1 (= ${nvidia:Version}). - Generate alternative versioned dependency on libnvidia-cfg.so.1 through the symbols file. * Test that the patches can be applied to the module source (450.66-1). * nvidia-kernel-dkms: Ship with unapplied patches and apply the patches while building kernel modules (450.66-1). * Simplify generating the -source and -dkms packages (450.66-1). * Backport nv_vmalloc changes from 450.57 and work around mmap_{sem=>lock} rename to fix kernel module build for Linux 5.8. (Partly addresses #969085) * Update lintian overrides. . [ Vincent Cheng ] * Remove myself from Uploaders. nvidia-graphics-drivers-legacy-390xx (390.141-2~bpo10+1) buster-backports; urgency=medium . * Rebuild for buster-backports. . nvidia-graphics-drivers-legacy-390xx (390.141-2) unstable; urgency=medium . * Really re-enable building the nvidia-uvm module. . nvidia-graphics-drivers-legacy-390xx (390.141-1) unstable; urgency=medium . * New upstream legacy branch release 390.141 (2021-01-07). * Fixed CVE-2021-1056. (Closes: #979672) https://nvidia.custhelp.com/app/answers/detail/a_id/5142 - Fixed a driver installation failure on Linux kernel 5.8 release candidates, where the NVIDIA kernel module failed to build with error "'struct mm_struct' has no member named 'mmap_sem'". - Fixed a driver installation failure on Linux kernel 5.8 release candidates, where the NVIDIA kernel module failed to build with error "too many arguments to function '__vmalloc'". . [ Andreas Beckmann ] * Re-enable building the nvidia-uvm module. * Refresh patches. * Update symbols files. * Update lintian overrides. nvidia-graphics-drivers-legacy-390xx (390.141-1) unstable; urgency=medium . * New upstream legacy branch release 390.141 (2021-01-07). * Fixed CVE‑2021‑1056. (Closes: #979672) https://nvidia.custhelp.com/app/answers/detail/a_id/5142 - Fixed a driver installation failure on Linux kernel 5.8 release candidates, where the NVIDIA kernel module failed to build with error "'struct mm_struct' has no member named 'mmap_sem'". - Fixed a driver installation failure on Linux kernel 5.8 release candidates, where the NVIDIA kernel module failed to build with error "too many arguments to function '__vmalloc'". . [ Andreas Beckmann ] * Re-enable building the nvidia-uvm module. * Refresh patches. * Update symbols files. * Update lintian overrides. nvidia-graphics-drivers-legacy-390xx (390.138-6) unstable; urgency=medium . * Backport drm_prime_pages_to_sg_has_drm_device_arg and get_dma_ops changes from 455.45.01 to fix kernel module build for Linux 5.10. * Use a version=4 watch file. * Bump Standards-Version to 4.5.1. No changes needed. nvidia-graphics-drivers-legacy-390xx (390.138-6~bpo10+1) buster-backports; urgency=medium . * Rebuild for buster-backports. . nvidia-graphics-drivers-legacy-390xx (390.138-6) unstable; urgency=medium . * Backport drm_prime_pages_to_sg_has_drm_device_arg and get_dma_ops changes from 455.45.01 to fix kernel module build for Linux 5.10. * Use a version=4 watch file. * Bump Standards-Version to 4.5.1. No changes needed. . nvidia-graphics-drivers-legacy-390xx (390.138-5) unstable; urgency=medium . * Backport get_user_pages_remote, vga_tryget, drm_driver_has_gem_free_object, drm_display_mode_has_vrefresh, drm_driver_master_set_has_int_return_type and drm_gem_object_put_unlocked changes from 455.23.04 to fix kernel module build for Linux 5.9. (Closes: #972468, #972511) . nvidia-graphics-drivers-legacy-390xx (390.138-4) unstable; urgency=medium . * Do not break non-uvm architectures when disabling the uvm module. (Closes: #970390) . nvidia-graphics-drivers-legacy-390xx (390.138-3) unstable; urgency=medium . * Temporarily disable building the nvidia-uvm module. (Closes: #969085, #969755, #969889, #969894, #970093) * Update lintian overrides. . nvidia-graphics-drivers-legacy-390xx (390.138-2) unstable; urgency=medium . [ Andreas Beckmann ] * Allow alternative libnvidia-{tesla,legacy}-*-cfg1 packages to substitute libnvidia-cfg1 in third-party packages (450.57-2). - Add Provides: libnvidia-cfg.so.1 (= ${nvidia:Version}). - Generate alternative versioned dependency on libnvidia-cfg.so.1 through the symbols file. * Test that the patches can be applied to the module source (450.66-1). * nvidia-kernel-dkms: Ship with unapplied patches and apply the patches while building kernel modules (450.66-1). * Simplify generating the -source and -dkms packages (450.66-1). * Backport nv_vmalloc changes from 450.57 and work around mmap_{sem=>lock} rename to fix kernel module build for Linux 5.8. (Partly addresses #969085) * Note: The nvidia-uvm kernel module will fail to build for Linux 5.8 due to licence incompatibility unless cfa6705d89b6562f79c40c249f8d94073c4276e4 "radix-tree: Use local_lock for protection" (which effectively made radix_tree_preloads GPL-only) gets reverted in Linux 5.8 or NVIDIA switches the nvidia-uvm module license to "Dual MIT/GPL" as in 415.18. * Note: Building the nvidia-uvm module can be temporarily disabled by a) commenting the last paragraph in dkms.conf and b) building with NV_EXCLUDE_KERNEL_MODULES=nvidia-uvm set in the environment. . [ Vincent Cheng ] * Remove myself from Uploaders. nvidia-graphics-drivers-legacy-390xx (390.138-5) unstable; urgency=medium . * Backport get_user_pages_remote, vga_tryget, drm_driver_has_gem_free_object, drm_display_mode_has_vrefresh, drm_driver_master_set_has_int_return_type and drm_gem_object_put_unlocked changes from 455.23.04 to fix kernel module build for Linux 5.9. (Closes: #972468, #972511) nvidia-graphics-drivers-legacy-390xx (390.138-4) unstable; urgency=medium . * Do not break non-uvm architectures when disabling the uvm module. (Closes: #970390) nvidia-graphics-drivers-legacy-390xx (390.138-3) unstable; urgency=medium . * Temporarily disable building the nvidia-uvm module. (Closes: #969085, #969755, #969889, #969894, #970093) * Update lintian overrides. nvidia-graphics-drivers-legacy-390xx (390.138-2) unstable; urgency=medium . [ Andreas Beckmann ] * Allow alternative libnvidia-{tesla,legacy}-*-cfg1 packages to substitute libnvidia-cfg1 in third-party packages (450.57-2). - Add Provides: libnvidia-cfg.so.1 (= ${nvidia:Version}). - Generate alternative versioned dependency on libnvidia-cfg.so.1 through the symbols file. * Test that the patches can be applied to the module source (450.66-1). * nvidia-kernel-dkms: Ship with unapplied patches and apply the patches while building kernel modules (450.66-1). * Simplify generating the -source and -dkms packages (450.66-1). * Backport nv_vmalloc changes from 450.57 and work around mmap_{sem=>lock} rename to fix kernel module build for Linux 5.8. (Partly addresses #969085) * Note: The nvidia-uvm kernel module will fail to build for Linux 5.8 due to licence incompatibility unless cfa6705d89b6562f79c40c249f8d94073c4276e4 "radix-tree: Use local_lock for protection" (which effectively made radix_tree_preloads GPL-only) gets reverted in Linux 5.8 or NVIDIA switches the nvidia-uvm module license to "Dual MIT/GPL" as in 415.18. * Note: Building the nvidia-uvm module can be temporarily disabled by a) commenting the last paragraph in dkms.conf and b) building with NV_EXCLUDE_KERNEL_MODULES=nvidia-uvm set in the environment. . [ Vincent Cheng ] * Remove myself from Uploaders. nvidia-graphics-drivers-legacy-390xx (390.138-1) unstable; urgency=medium . * New upstream legacy branch release 390.138 (2020-06-24). * Fixed CVE-2020-5963, CVE-2020-5967. (Closes: #963908) https://nvidia.custhelp.com/app/answers/detail/a_id/5031 - Fixed a driver installation failure on Linux kernel 5.6 release candidates, where the NVIDIA kernel module failed to build with error "implicit declaration of function 'timespec_to_ns'". - Fixed a driver installation failure on Linux kernel 5.6 release candidates, where the NVIDIA kernel module failed to build with error "implicit declaration of function 'getrawmonotonic'". - Fixed a driver installation failure on Linux kernel 5.6 release candidates, where the NVIDIA kernel module failed to build with error "implicit declaration of function 'getnstimeofday'". - Fixed a driver installation failure on Linux kernel 5.6 release candidates, where the NVIDIA kernel module failed to build with error "dereferencing pointer to incomplete type 'struct timeval'". - Fixed a driver installation failure on Linux kernel 5.6 release candidates, where the NVIDIA kernel module failed to build with error "implicit declaration of function 'jiffies_to_timespec'". - Fixed driver installation failure on Linux kernel 5.6 release candidates, where the NVIDIA kernel module failed to build with error "passing argument 4 of 'proc_create_data' from incompatible pointer type". - Fixed driver installation failure on Linux kernel 5.6 release candidates, where the NVIDIA kernel module failed to build with error "implicit declaration of function 'ioremap_nocache'". - Fixed driver installation failure on Oracle Linux 7.7 systems, where the NVIDIA kernel module failed to build with error "unknown type name 'vm_fault_t'". - Add PRIME Synchronization support for Linux kernel 5.4 and newer. . [ Andreas Beckmann ] * Refresh patches. * Update lintian overrides. openssl (1.1.1d-0+deb10u4) buster-security; urgency=medium . * CVE-2020-1971 (EDIPARTYNAME NULL pointer de-reference). p11-kit (0.23.15-2+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * Fix bounds check in p11_rpc_buffer_get_byte_array (CVE-2020-29362) * Check attribute length against buffer size (CVE-2020-29363) * Check for arithmetic overflows before allocating (CVE-2020-29361) * Follow-up to arithmetic overflow fix (CVE-2020-29361) pdns (4.1.6-3+deb10u1) buster; urgency=medium . * Apply upstream patches to fix CVE-2019-10203. To actually fix this problem in existing installations, the newly supplied schema file 4.1.10_to_4.1.11.schema.pgsql.sql has to be manually applied to the backing PostgreSQL database. (Closes: #970729) * Apply upstream patches to fix CVE-2020-17482 (Closes: #970737) pepperflashplugin-nonfree (1.8.8~deb10u1) buster; urgency=medium . * QA upload. * Rebuild for buster. . pepperflashplugin-nonfree (1.8.8) unstable; urgency=medium . * QA upload. * Adobe Flash Player has reached End-of-Life and is no longer functional or available for download: https://www.adobe.com/products/flashplayer/end-of-life.html * Turn into a dummy package taking care of removing the previously installed plugin. (Closes: #979689) (LP: #1911463) * Remove download and install functionality. * Remove chromium integration. . pepperflashplugin-nonfree (1.8.7) unstable; urgency=medium . * QA upload. * Hard-code libgcc-s1 instead of libgcc1. . pepperflashplugin-nonfree (1.8.6) unstable; urgency=medium . * QA upload. * binutils is dropped from Depends by accident . pepperflashplugin-nonfree (1.8.5) unstable; urgency=medium . * QA upload. * Remove most outdated libraries Depends, and move wget to Pre-Depends libpepflashplayer.so is almost static linked. * Use global wgetoptions when fetching upstream version * Fix lintian: package-uses-deprecated-debhelper-compat-version * Fix lintian: ancient-standards-version * Fix lintian: homepage-field-uses-insecure-uri * Fix lintian: rules-requires-root-missing * Fix lintian: file-contains-trailing-whitespace * Fix lintian: no-dep5-copyright pepperflashplugin-nonfree (1.8.7) unstable; urgency=medium . * QA upload. * Hard-code libgcc-s1 instead of libgcc1. pepperflashplugin-nonfree (1.8.6) unstable; urgency=medium . * QA upload. * binutils is dropped from Depends by accident pepperflashplugin-nonfree (1.8.5) unstable; urgency=medium . * QA upload. * Remove most outdated libraries Depends, and move wget to Pre-Depends libpepflashplayer.so is almost static linked. * Use global wgetoptions when fetching upstream version * Fix lintian: package-uses-deprecated-debhelper-compat-version * Fix lintian: ancient-standards-version * Fix lintian: homepage-field-uses-insecure-uri * Fix lintian: rules-requires-root-missing * Fix lintian: file-contains-trailing-whitespace * Fix lintian: no-dep5-copyright php-pear (1:1.10.6+submodules+notgz-1.1+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * ensure we catch additional malicious/crafted filenames (CVE-2020-28948, CVE-2020-28949) (Closes: #976108) pngcheck (2.3.0-7+deb10u1) buster; urgency=high . * debian/patches/60-fix-buffer-overflow.patch: added to fix CVE-2020-27818. Thanks to Salvatore Bonaccorso . (Closes: #976350) postgresql-11 (11.10-0+deb10u1) buster; urgency=medium . * New upstream version. + Fixes timetz regression test failures. (Closes: #974063) . + Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers within index expressions and materialized view queries (Noah Misch) . This is essentially a leak in the security restricted operation sandbox mechanism. An attacker having permission to create non-temporary SQL objects could parlay this leak to execute arbitrary SQL code as a superuser. . The PostgreSQL Project thanks Etienne Stalmans for reporting this problem. (CVE-2020-25695) . + Fix usage of complex connection-string parameters in pg_dump, pg_restore, clusterdb, reindexdb, and vacuumdb (Tom Lane) . The -d parameter of pg_dump and pg_restore, or the --maintenance-db parameter of the other programs mentioned, can be a connection string containing multiple connection parameters rather than just a database name. In cases where these programs need to initiate additional connections, such as parallel processing or processing of multiple databases, the connection string was forgotten and just the basic connection parameters (database name, host, port, and username) were used for the additional connections. This could lead to connection failures if the connection string included any other essential information, such as non-default SSL or GSS parameters. Worse, the connection might succeed but not be encrypted as intended, or be vulnerable to man-in-the-middle attacks that the intended connection parameters would have prevented. (CVE-2020-25694) . + When psql's \connect command re-uses connection parameters, ensure that all non-overridden parameters from a previous connection string are re-used (Tom Lane) . This avoids cases where reconnection might fail due to omission of relevant parameters, such as non-default SSL or GSS options. Worse, the reconnection might succeed but not be encrypted as intended, or be vulnerable to man-in-the-middle attacks that the intended connection parameters would have prevented. This is largely the same problem as just cited for pg_dump et al, although psql's behavior is more complex since the user may intentionally override some connection parameters. (CVE-2020-25694) . + Prevent psql's \gset command from modifying specially-treated variables (Noah Misch) . \gset without a prefix would overwrite whatever variables the server told it to. Thus, a compromised server could set specially-treated variables such as PROMPT1, giving the ability to execute arbitrary shell code in the user's session. . The PostgreSQL Project thanks Nick Cleaton for reporting this problem. (CVE-2020-25696) postsrsd (1.5-2+deb10u1) buster; urgency=medium . * CVE-2020-35573: Ensure timestamp tags aren't too long before trying to decode them, to protect against a potential denial-of-service attack (backported from upstream commit 4733fb1, Closes: #977782). python-apt (1.8.4.3) buster-security; urgency=high . * REGRESSION UPDATE: Passing a file descriptor to apt_inst.ArFile or apt_inst.DebFile caused a segmentation fault (Closes: #977000): - python/arfile.cc: Fix segmentation fault when opening fd, track lifetime correctly * REGRESSION UPDATE: arfile: Collect file<->deb/ar reference cycles python-apt (1.8.4.2) buster-security; urgency=high . * SECURITY UPDATE: various memory and file descriptor leaks (LP: #1899193) - python/arfile.cc, python/generic.h, python/tag.cc, python/tarfile.cc: fix file descriptor and memory leaks - python/apt_instmodule.cc, python/apt_instmodule.h, python/arfile.h: Avoid reference cycle with control,data members in apt_inst.DebFile objects - tests/test_cve_2020_27351.py: Test cases for DebFile (others not easily testable) - CVE-2020-27351 * data/templates: Update mirror lists python-bottle (0.12.15-2+deb10u1) buster; urgency=high . * Non-maintainer upload by the Security team. * Do not split query strings on `;` anymore. (Fixes: CVE-2020-28473) python-certbot (0.31.0-1+deb10u1) buster; urgency=high . * Switch to use of ACMEv2 API to prevent renewal failures. (Closes: #971045) . Let's Encrypt's ACMEv1 API is deprecated and in the process of being shut down. Beginning with brownouts in January 2021, and ending with a total shutdown in June 2021, the Let's Encrypt APIs will become unavailable. To prevent users having disruptions to their certificate renewals, this update backports the switch over to the ACMEv2 API. qxmpp (1.0.0-4+deb10u1) buster; urgency=medium . * Add patch fix-segfault-on-connection-error: fixes potential SEGFAULT on connection error. roundcube (1.3.16+dfsg.1-1~deb10u1) buster-security; urgency=high . * New upstream bugfix release, with security fix for CVE-2020-35730: Cross-site scripting (XSS) vulnerability via HTML or Plain text messages with malicious content svg/namespace. (Closes: #978491) * Revert upstream commit 435cfa116 to avoid irrelevant jstz update. ruby-redcarpet (3.4.0-4+deb10u1) buster-security; urgency=high . * Fix a security vulnerability using `:quote` in combination with the `:escape_html` option. (Fixes: CVE-2020-26298) (Closes: #980057) salt (2018.3.4+dfsg1-6+deb10u2) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * Prevent shell injections in netapi SSH client (CVE-2020-16846) * Prevent creating world readable private keys with the TLS execution module (CVE-2020-17490) * Properly validate eauth credentials and tokens along with their ACLs (CVE-2020-25592) silx (0.9.0+dfsg-3+deb10u1) buster; urgency=medium . * Non-maintainer upload. * python{,3}-silx: Add dependency on python{,3}-scipy. (Closes: #954352) slirp (1:1.0.17-8+deb10u1) buster; urgency=high . * CVE-2020-7039 Due to mismanagement of memory, a heap-based buffer overflow or other out-of-bounds access might happen, which can lead to a DoS or potential execute arbitrary code. * CVE-2020-8608 Prevent a buffer overflow vulnerability due to incorrect usage of return values from snprintf. slurm-llnl (18.08.5.2-1+deb10u2) buster-security; urgency=medium . * Fix potential buffer overflows from use of unpackmem() CVE-2020-27745 * Avoid unsafe use of magic cookie as arg to xauth command for X11 forwarding CVE-2020-27746 * Stop job launch if --uid fails CVE-2019-19728 * Fix Authentication bypass with message aggregation CVE-2020-12693 steam (1.0.0.68-1~deb10u1) buster; urgency=medium . * Rebuild updated steam package for Debian 10 - Change libgcc-s1 dependency back to libgcc1. It was called libgcc1 in buster. - Disable dh_dwz. The version of dwz in buster gets confused by the proprietary Steam executable. . steam (1.0.0.68-1) unstable; urgency=medium . * New upstream release - No changes relevant to this Debian package . steam (1.0.0.67-4) unstable; urgency=medium . * Swap Suggests: nvidia-driver-libs-i386 to nvidia-driver-libs. The nvidia-driver-libs-i386 package is unavailable since bullseye. However, nvidia-driver-libs is Multi-Arch: same and the steam package is Architecture: i386, so the new Suggests will also pull in nvidia-driver-libs:i386, which is what we want. (Closes: #979121) . steam (1.0.0.67-3) unstable; urgency=medium . * Add Recommends on libasound2-plugins. This is required for PulseAudio output in 32-bit games. amd64 users will typically already have libasound2-plugins:amd64, but not libasound2-plugins:i386; however, the steam package is on i386, so it is in an ideal position to pull in 32-bit libraries. (Closes: #977272) * d/steam.lintian-overrides: Remove an obsolete tag * d/source/lintian-overrides: Mark source-is-missing as known. The Steam client's source code is not available, and we don't need a reminder from Lintian. * Standards-Version: 4.5.1 (no changes required) . steam (1.0.0.67-2) unstable; urgency=medium . * Release to unstable. Version 1.0.0.67 has been promoted from beta to stable status. * d/watch: Update for new upstream layout. This only watches for upstream stable releases. Replace stable with beta to get upstream betas before they are promoted to stable status. . steam (1.0.0.67-1) experimental; urgency=medium . * New upstream release (currently a beta) - Update steam binary - Update udev rules to cover DualSense (Playstation 5) controller * Add Recommends on xdg-desktop-portal and a backend. These are used by Proton 5.13, which runs in a Steam Runtime v2 container, when a game asks to open a URL in the host system's web browser. . steam (1.0.0.66-2) unstable; urgency=medium . * Release to unstable. Version 1.0.0.66 has been promoted from beta to stable status. . steam (1.0.0.66-1) experimental; urgency=medium . * New upstream release (currently a beta) - Update steam binary - Make udev rules compatible with eudev and older udev * Add Recommends: bubblewrap, required by the experimental container runtime system . steam (1.0.0.64-1) unstable; urgency=medium . * New upstream stable release - No changes since 1.0.0.63 that are relevant to this package * d/rules: Look at stable rather than precise upstream apt suite. The official sources.list.d fragment shipped with the Steam launcher now uses the 'stable' apt suite, since the Steam client doesn't actually work on Ubuntu 12.04 'precise' any more. * Release to unstable . steam (1.0.0.63-1) experimental; urgency=medium . * New upstream release (currently a beta) - Update steam binary - Update steam-devices udev rules * debian/steam.postinst: Notify udevd to reload its rules. This means the steam-devices rules should take effect immediately, instead of being deferred until after the next reboot. - Thanks to Ludovico de Nittis * Remove unused lintian override for debian-rules-contains-unnecessary-get-orig-source-target . steam (1.0.0.62-2) unstable; urgency=medium . * steam(6): Don't redirect stderr to a log file. The upstream developers of Steam recently removed its own launch script's redirection (to /tmp/dumps), which has been noted to sometimes fill /tmp, and is less useful in practice than it was hoped to be. They have asked that we remove the similar redirection from Debian's equivalent script, so that when debugging game launch issues they can instruct users to run steam from an interactive terminal, and expect it to produce both stdout and stderr, regardless of whether their launch script or ours is in use. (Closes: #957284) * Remove libtxc-dxtn0 alternative dependency. We now require libgl1-mesa-dri (>= 17.3), which is available in Debian 10 and up, as well as Debian 9 backports. * Release to unstable. Version 1.0.0.62 has been promoted from beta to stable status. . steam (1.0.0.62-1) experimental; urgency=medium . * New upstream release (currently considered to be a beta) - New directory layout - Update steam binary - Update steam-devices udev rules from : add ZeroPlus P4 (hitbox) hidraw device, 0c12:0ef6 * d/rules: Make .orig directory configurable. It's canonically "..", but users of git-buildpackage often separate the directory with git repositories from the directory with large binaries. * d/rules: Add support for downloading beta steam-launcher versions. The 1.0.0.62 launcher release is currently considered to be a beta, which will be promoted to stable status after it has had more testing. * d/rules: Cope with the upstream release having an epoch. Ubuntu's modified version of this package has an epoch as a result of an older, unrelated package "sTeam" with a higher version number, which used to be in Debian and Ubuntu many years ago. Valve's steam package now has an epoch so that their 1:1.0.0.62 will be compared correctly against Ubuntu's 1:1.0.0.61. * d/rules: Be more verbose about the extraction process * d/rules: Keep most upstream files in the orig tarball. The upstream "source" tarball has been restructured, and in particular the udev rules (which are MIT-licensed and come from a separate git repository) are now in subprojects/steam-devices. bootstrap*.tar.* contains precompiled libraries without their corresponding source code (it's available from repo.steampowered.com but not part of the "source" package), which we intentionally don't ship. The crashhandler module and the steamerrorreporter executable are also non-essential binaries. The other scripts and auxiliary files in the orig tarball are likely to be useful references, even if we don't actually ship them in binary packages. * d/copyright.in: Update * d/steam-devices.install: Update for upstream restructuring * d/steam.install: Update for new location of steam binary. I've left it in a subdirectory to reduce confusion with the top-level ./steam in upstream's "source" tarball, which is a symlink to bin_steam.sh. * Standards-Version: 4.5.0 (no changes required) * d/rules: Don't run upstream Makefile * Build-Depend on the libraries Valve put in their bootstrap tarball. This ensures that we have all the necessary metadata for dpkg-shlibdeps to generate the ${shlibs:Depends} for the proprietary steam executable. * d/scripts/steam: Distinguish between ~/.steam/steam and ~/.steam/root * Explicitly depend on the libraries that we delete from the Steam Runtime. We probably shouldn't be deleting these any more, because the Steam Runtime explicitly prefers newer versions from the host system in all cases, and if there are bugs in that mechanism that make deleting them necessary, Valve would like to know about them so they can be fixed - but for now, preserve historical behaviour. * d/steam-bug.presubj: Recommend running steam-runtime-system-info. This diagnostic tool was written for use in upstream bug reports, but is equally valuable for downstream distributors like us. * Depend on libgl1 instead of transitional libgl1-mesa-glx (Closes: #930613) * Use https for more URLs. In particular, https://repo.steampowered.com now works, and appears in upstream documentation. * d/copyright: Set Upstream-Name to steam-launcher. The upstream dpkg source package is still named steam for historical reasons, but it builds steam-launcher_*.deb, and calling it "steam-launcher" is a good way to disambiguate between the launcher/bootstrapper (which is what we're actually packaging here) and the full Steam client (which is downloaded by the launcher, and is what users normally see). * Move steam-devices Recommends into sorted order * Add Depends on file, used by the Steam Runtime setup scripts * Add Recommends on xdg-utils, which is used to launch URL handlers * Add Recommends on zenity, which Steam assumes is present * Add Depends on curl, used to download Steam updates * d/scripts/steam: Put location and version in environment variables. Recent Steam diagnostic tools use this to identify how Steam was launched. . steam (1.0.0.61-2) unstable; urgency=medium . * Upload to unstable * d/control: Make Homepage more specific * Standards-Version: 4.4.0 (no changes required) * Use debhelper-compat 12 . steam (1.0.0.61-1) experimental; urgency=medium . * New upstream release - Adds udev rules for NVIDIA Shield input hardware - d/p/udev-uinput.patch: Drop, applied upstream - d/p/udev-permissions.patch: Drop, mostly applied upstream. The only remaining differences in our package were: + Setting TAG+="uaccess" twice on SteamVR device nodes, which we can drop since it's redundant (once is enough) + Setting MODE="0660" on /dev/uinput, which is the default anyway steam (1.0.0.67-4) unstable; urgency=medium . * Swap Suggests: nvidia-driver-libs-i386 to nvidia-driver-libs. The nvidia-driver-libs-i386 package is unavailable since bullseye. However, nvidia-driver-libs is Multi-Arch: same and the steam package is Architecture: i386, so the new Suggests will also pull in nvidia-driver-libs:i386, which is what we want. (Closes: #979121) steam (1.0.0.67-3) unstable; urgency=medium . * Add Recommends on libasound2-plugins. This is required for PulseAudio output in 32-bit games. amd64 users will typically already have libasound2-plugins:amd64, but not libasound2-plugins:i386; however, the steam package is on i386, so it is in an ideal position to pull in 32-bit libraries. (Closes: #977272) * d/steam.lintian-overrides: Remove an obsolete tag * d/source/lintian-overrides: Mark source-is-missing as known. The Steam client's source code is not available, and we don't need a reminder from Lintian. * Standards-Version: 4.5.1 (no changes required) steam (1.0.0.67-2) unstable; urgency=medium . * Release to unstable. Version 1.0.0.67 has been promoted from beta to stable status. * d/watch: Update for new upstream layout. This only watches for upstream stable releases. Replace stable with beta to get upstream betas before they are promoted to stable status. . steam (1.0.0.67-1) experimental; urgency=medium . * New upstream release (currently a beta) - Update steam binary - Update udev rules to cover DualSense (Playstation 5) controller * Add Recommends on xdg-desktop-portal and a backend. These are used by Proton 5.13, which runs in a Steam Runtime v2 container, when a game asks to open a URL in the host system's web browser. steam (1.0.0.67-1) experimental; urgency=medium . * New upstream release (currently a beta) - Update steam binary - Update udev rules to cover DualSense (Playstation 5) controller * Add Recommends on xdg-desktop-portal and a backend. These are used by Proton 5.13, which runs in a Steam Runtime v2 container, when a game asks to open a URL in the host system's web browser. steam (1.0.0.66-2) unstable; urgency=medium . * Release to unstable. Version 1.0.0.66 has been promoted from beta to stable status. . steam (1.0.0.66-1) experimental; urgency=medium . * New upstream release (currently a beta) - Update steam binary - Make udev rules compatible with eudev and older udev * Add Recommends: bubblewrap, required by the experimental container runtime system steam (1.0.0.66-1) experimental; urgency=medium . * New upstream release (currently a beta) - Update steam binary - Make udev rules compatible with eudev and older udev * Add Recommends: bubblewrap, required by the experimental container runtime system steam (1.0.0.64-1) unstable; urgency=medium . * New upstream stable release - No changes since 1.0.0.63 that are relevant to this package * d/rules: Look at stable rather than precise upstream apt suite. The official sources.list.d fragment shipped with the Steam launcher now uses the 'stable' apt suite, since the Steam client doesn't actually work on Ubuntu 12.04 'precise' any more. * Release to unstable steam (1.0.0.63-1) experimental; urgency=medium . * New upstream release (currently a beta) - Update steam binary - Update steam-devices udev rules * debian/steam.postinst: Notify udevd to reload its rules. This means the steam-devices rules should take effect immediately, instead of being deferred until after the next reboot. - Thanks to Ludovico de Nittis * Remove unused lintian override for debian-rules-contains-unnecessary-get-orig-source-target steam (1.0.0.62-2) unstable; urgency=medium . * steam(6): Don't redirect stderr to a log file. The upstream developers of Steam recently removed its own launch script's redirection (to /tmp/dumps), which has been noted to sometimes fill /tmp, and is less useful in practice than it was hoped to be. They have asked that we remove the similar redirection from Debian's equivalent script, so that when debugging game launch issues they can instruct users to run steam from an interactive terminal, and expect it to produce both stdout and stderr, regardless of whether their launch script or ours is in use. (Closes: #957284) * Remove libtxc-dxtn0 alternative dependency. We now require libgl1-mesa-dri (>= 17.3), which is available in Debian 10 and up, as well as Debian 9 backports. * Release to unstable. Version 1.0.0.62 has been promoted from beta to stable status. . steam (1.0.0.62-1) experimental; urgency=medium . * New upstream release (currently considered to be a beta) - New directory layout - Update steam binary - Update steam-devices udev rules from : add ZeroPlus P4 (hitbox) hidraw device, 0c12:0ef6 * d/rules: Make .orig directory configurable. It's canonically "..", but users of git-buildpackage often separate the directory with git repositories from the directory with large binaries. * d/rules: Add support for downloading beta steam-launcher versions. The 1.0.0.62 launcher release is currently considered to be a beta, which will be promoted to stable status after it has had more testing. * d/rules: Cope with the upstream release having an epoch. Ubuntu's modified version of this package has an epoch as a result of an older, unrelated package "sTeam" with a higher version number, which used to be in Debian and Ubuntu many years ago. Valve's steam package now has an epoch so that their 1:1.0.0.62 will be compared correctly against Ubuntu's 1:1.0.0.61. * d/rules: Be more verbose about the extraction process * d/rules: Keep most upstream files in the orig tarball. The upstream "source" tarball has been restructured, and in particular the udev rules (which are MIT-licensed and come from a separate git repository) are now in subprojects/steam-devices. bootstrap*.tar.* contains precompiled libraries without their corresponding source code (it's available from repo.steampowered.com but not part of the "source" package), which we intentionally don't ship. The crashhandler module and the steamerrorreporter executable are also non-essential binaries. The other scripts and auxiliary files in the orig tarball are likely to be useful references, even if we don't actually ship them in binary packages. * d/copyright.in: Update * d/steam-devices.install: Update for upstream restructuring * d/steam.install: Update for new location of steam binary. I've left it in a subdirectory to reduce confusion with the top-level ./steam in upstream's "source" tarball, which is a symlink to bin_steam.sh. * Standards-Version: 4.5.0 (no changes required) * d/rules: Don't run upstream Makefile * Build-Depend on the libraries Valve put in their bootstrap tarball. This ensures that we have all the necessary metadata for dpkg-shlibdeps to generate the ${shlibs:Depends} for the proprietary steam executable. * d/scripts/steam: Distinguish between ~/.steam/steam and ~/.steam/root * Explicitly depend on the libraries that we delete from the Steam Runtime. We probably shouldn't be deleting these any more, because the Steam Runtime explicitly prefers newer versions from the host system in all cases, and if there are bugs in that mechanism that make deleting them necessary, Valve would like to know about them so they can be fixed - but for now, preserve historical behaviour. * d/steam-bug.presubj: Recommend running steam-runtime-system-info. This diagnostic tool was written for use in upstream bug reports, but is equally valuable for downstream distributors like us. * Depend on libgl1 instead of transitional libgl1-mesa-glx (Closes: #930613) * Use https for more URLs. In particular, https://repo.steampowered.com now works, and appears in upstream documentation. * d/copyright: Set Upstream-Name to steam-launcher. The upstream dpkg source package is still named steam for historical reasons, but it builds steam-launcher_*.deb, and calling it "steam-launcher" is a good way to disambiguate between the launcher/bootstrapper (which is what we're actually packaging here) and the full Steam client (which is downloaded by the launcher, and is what users normally see). * Move steam-devices Recommends into sorted order * Add Depends on file, used by the Steam Runtime setup scripts * Add Recommends on xdg-utils, which is used to launch URL handlers * Add Recommends on zenity, which Steam assumes is present * Add Depends on curl, used to download Steam updates * d/scripts/steam: Put location and version in environment variables. Recent Steam diagnostic tools use this to identify how Steam was launched. steam (1.0.0.62-1) experimental; urgency=medium . * New upstream release (currently considered to be a beta) - New directory layout - Update steam binary - Update steam-devices udev rules from : add ZeroPlus P4 (hitbox) hidraw device, 0c12:0ef6 * d/rules: Make .orig directory configurable. It's canonically "..", but users of git-buildpackage often separate the directory with git repositories from the directory with large binaries. * d/rules: Add support for downloading beta steam-launcher versions. The 1.0.0.62 launcher release is currently considered to be a beta, which will be promoted to stable status after it has had more testing. * d/rules: Cope with the upstream release having an epoch. Ubuntu's modified version of this package has an epoch as a result of an older, unrelated package "sTeam" with a higher version number, which used to be in Debian and Ubuntu many years ago. Valve's steam package now has an epoch so that their 1:1.0.0.62 will be compared correctly against Ubuntu's 1:1.0.0.61. * d/rules: Be more verbose about the extraction process * d/rules: Keep most upstream files in the orig tarball. The upstream "source" tarball has been restructured, and in particular the udev rules (which are MIT-licensed and come from a separate git repository) are now in subprojects/steam-devices. bootstrap*.tar.* contains precompiled libraries without their corresponding source code (it's available from repo.steampowered.com but not part of the "source" package), which we intentionally don't ship. The crashhandler module and the steamerrorreporter executable are also non-essential binaries. The other scripts and auxiliary files in the orig tarball are likely to be useful references, even if we don't actually ship them in binary packages. * d/copyright.in: Update * d/steam-devices.install: Update for upstream restructuring * d/steam.install: Update for new location of steam binary. I've left it in a subdirectory to reduce confusion with the top-level ./steam in upstream's "source" tarball, which is a symlink to bin_steam.sh. * Standards-Version: 4.5.0 (no changes required) * d/rules: Don't run upstream Makefile * Build-Depend on the libraries Valve put in their bootstrap tarball. This ensures that we have all the necessary metadata for dpkg-shlibdeps to generate the ${shlibs:Depends} for the proprietary steam executable. * d/scripts/steam: Distinguish between ~/.steam/steam and ~/.steam/root * Explicitly depend on the libraries that we delete from the Steam Runtime. We probably shouldn't be deleting these any more, because the Steam Runtime explicitly prefers newer versions from the host system in all cases, and if there are bugs in that mechanism that make deleting them necessary, Valve would like to know about them so they can be fixed - but for now, preserve historical behaviour. * d/steam-bug.presubj: Recommend running steam-runtime-system-info. This diagnostic tool was written for use in upstream bug reports, but is equally valuable for downstream distributors like us. * Depend on libgl1 instead of transitional libgl1-mesa-glx (Closes: #930613) * Use https for more URLs. In particular, https://repo.steampowered.com now works, and appears in upstream documentation. * d/copyright: Set Upstream-Name to steam-launcher. The upstream dpkg source package is still named steam for historical reasons, but it builds steam-launcher_*.deb, and calling it "steam-launcher" is a good way to disambiguate between the launcher/bootstrapper (which is what we're actually packaging here) and the full Steam client (which is downloaded by the launcher, and is what users normally see). * Move steam-devices Recommends into sorted order * Add Depends on file, used by the Steam Runtime setup scripts * Add Recommends on xdg-utils, which is used to launch URL handlers * Add Recommends on zenity, which Steam assumes is present * Add Depends on curl, used to download Steam updates * d/scripts/steam: Put location and version in environment variables. Recent Steam diagnostic tools use this to identify how Steam was launched. steam (1.0.0.61-2) unstable; urgency=medium . * Upload to unstable * d/control: Make Homepage more specific * Standards-Version: 4.4.0 (no changes required) * Use debhelper-compat 12 steam (1.0.0.61-1) experimental; urgency=medium . * New upstream release - Adds udev rules for NVIDIA Shield input hardware - d/p/udev-uinput.patch: Drop, applied upstream - d/p/udev-permissions.patch: Drop, mostly applied upstream. The only remaining differences in our package were: + Setting TAG+="uaccess" twice on SteamVR device nodes, which we can drop since it's redundant (once is enough) + Setting MODE="0660" on /dev/uinput, which is the default anyway sudo (1.8.27-1+deb10u3) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * Sanity check size when converting the first record to TS_LOCKEXCL * Heap-based buffer overflow (CVE-2021-3156) - Reset valid_flags to MODE_NONINTERACTIVE for sudoedit - Add sudoedit flag checks in plugin that are consistent with front-end - Fix potential buffer overflow when unescaping backslashes in user_args - Fix the memset offset when converting a v1 timestamp to TS_LOCKEXCL - Don't assume that argv is allocated as a single flat buffer sympa (6.2.40~dfsg-1+deb10u1) buster-security; urgency=high . * Non-maintainer upload. * CVE-2020-10936: Sympa allows privilege escalation through setuid wrappers. (Closes: #961491) * CVE-2020-26932: restrict access to sympa_newaliases-wrapper (setuid root) to group sympa. (Closes: #971904) * Ask the user whether they want/need sympa_newaliases-wrapper to be setuid root (CVE-2020-26880 mitigation). * CVE-2020-9369: prevents creation of temporary files and email notifications to listmasters when encountering malformed input parameters. (Closes: #952428) * CVE-2020-29668: Sympa allows remote attackers to obtain full SOAP API access by sending any arbitrary string (except one from an expired cookie) as the cookie value to authenticateAndRun. (Closes: #976020). systemd (241-7~deb10u6) buster; urgency=medium . * journal: do not trigger assertion when journal_file_close() get NULL (Closes: #975561) * test-bpf: skip test when run inside containers. The test reliably fails inside LXC and Docker when run on a new enough kernel. It's unclear whether this is a kernel, LXC/Docker or systemd issue and apparently there is no real interest to get this fixed, so let's skip this test. * autopkgtest: mark networkd-test.py as flaky. See https://github.com/systemd/systemd/issues/18357 and https://github.com/systemd/systemd/issues/18196 tang (7-1+deb10u1) buster; urgency=medium . * Avoid race condition between keygen and update, resulting in "Key derivation key not available!". Closees: #975343 thunderbird (1:78.6.0-1~deb10u1) stable-security; urgency=medium . * Rebuild for buster-security thunderbird (1:78.5.1-1) unstable; urgency=medium . * [08556c2] New upstream version 78.5.1 Fixed CVE issues in upstream version 78.5.1 (MFSA 2020-53): CVE-2020-26970: Stack overflow due to incorrect parsing of SMTP server response codes * [7047340] rebuild patch queue from patch-queue branch removed patch (included upstream): fixes/fix-function-nsMsgComposeAndSend-to-respect-Replo.patch * [40663bb] debian/control: increase Standards-Version to 4.5.1 No further changes needed. thunderbird (1:78.5.1-1~deb10u1) stable-security; urgency=medium . * Rebuild for buster-security thunderbird (1:78.5.0-1) unstable; urgency=medium . * [7842f02] New upstream version 78.5.0 Fixed CVE issues in upstream version 78.5 (MFSA 2020-51): CVE-2020-26951: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code CVE-2020-16012: Variable time processing of cross-origin images during drawImage calls CVE-2020-26953: Fullscreen could be enabled without displaying the security UI CVE-2020-26956: XSS through paste (manual and clipboard API) CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME type restrictions CVE-2020-26959: Use-after-free in WebRequestService CVE-2020-26960: Potential use-after-free in uses of nsTArray CVE-2020-15999: Heap buffer overflow in freetype CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses CVE-2020-26965: Software keyboards may have remembered typed passwords CVE-2020-26966: Single-word search queries were also broadcast to local network CVE-2020-26968: Memory safety bugs fixed in Thunderbird 78.5 * [e19743e] rebuild patch queue from patch-queue branch removed patch (included upstream): fixes/Bug-1663715-Update-syn-and-proc-macro2-so-that-Firefox-ca.patch tomcat9 (9.0.31-1~deb10u3) buster-security; urgency=medium . * Fixed CVE-2020-13943: HTTP/2 request mix-up. If an HTTP/2 client exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. This could lead to users seeing responses for unexpected resources. * Fixed CVE-2020-17527: HTTP/2 request header mix-up. It was discovered that Apache Tomcat could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely lead to an error and the closure of the HTTP/2 connection, it is possible that information could leak between requests. trafficserver (8.0.2+ds-1+deb10u4) buster-security; urgency=high . * Add fix from upstream for CVE-2020-17508 * Add fix from upstream for CVE-2020-17509 tzdata (2021a-0+deb10u1) buster; urgency=medium . * New upstream version, affecting the following future timestamp: - South Sudan changes from +03 to +02 on 2021-02-01 at 00:00. tzdata (2020f-1) unstable; urgency=medium . * New upstream version with no impact on the content of the debian package, except for the version number. tzdata (2020e-1) unstable; urgency=medium . * New upstream version, affecting the following future timestamp: - Volgograd switches to Moscow time on 2020-12-27 at 02:00. tzdata (2020e-0+deb10u1) buster; urgency=medium . * New upstream version, affecting the following future timestamp: - Volgograd switches to Moscow time on 2020-12-27 at 02:00. tzdata (2020d-1) unstable; urgency=high . * New upstream version, affecting the following future timestamp: - Palestine ends DST earlier than predicted, on 2020-10-24. * Set urgency to high to get the package into testing before the next change. unzip (6.0-23+deb10u2) buster; urgency=medium . * Two more patches from Mark Adler for CVE-2019-13232. Closes: #963996. - Fix bug in UZbunzip2() that incorrectly updated G.incnt. - Fix bug in UZinflate() that incorrectly updated G.incnt. vlc (3.0.12-0+deb10u1) buster-security; urgency=medium . * New upstream release - mkv: Fix heap-based buffer overflow (CVE-2020-26664) (Closes: #979676) * debian/vlc-plugin-base.install: Install RIST plugins vlc (3.0.11.1-3) unstable; urgency=medium . * debian/patches: Apply upstream patches to fix build with Qt 5.15 (Closes: #972157) vlc (3.0.11.1-2) unstable; urgency=medium . * debian/control: - Remove unsed B-D - Switch to libdc1394-dev - Add Suggests and Recommends on the remaining packages (Closes: #970596) vlc (3.0.11.1-1) unstable; urgency=medium . * New upstream release vlc (3.0.11-4) unstable; urgency=medium . * debian/libvlc-bin.postinst: Redirect vlc-cache-gen output to stderr * debian/tests: Run vlc-cache-gen with gdb if plugins.dat is missing vlc (3.0.11-3) unstable; urgency=medium . * debian/patches: Disable cache generation vlc (3.0.11-3~exp2) experimental; urgency=medium . * debian/rules: Fix logic vlc (3.0.11-3~exp1) experimental; urgency=medium . * debian/rules: Disable dav1d plugin on arm64 and ppc64el to check if it is reponsible for vlc-cache-gen SIGSEGV vlc (3.0.11-2) unstable; urgency=medium . * debian/: Use dav1d instead of aom for decoding AV1 videos * debian/rules: Remove -Wl,--as-needed vlc (3.0.11-1) unstable; urgency=high . * New upstream release - Fix a heap-based buffer overflow in haxxx_nall (CVE-2020-13428) webkit2gtk (2.30.4-1~deb10u1) buster-security; urgency=medium . * Rebuild for buster-security. * debian/patches/force-single-process.patch: + Force the single-process mode in Evolution and Geary * debian/control: + Remove Breaks for Evolution < 3.34.1. + Remove build dependency on libwpebackend-fdo-1.0-dev. + Switch build dependency from libenchant-2-dev to libenchant-dev. webkit2gtk (2.30.3-1) unstable; urgency=high . * New upstream release webkit2gtk (2.30.3-1~deb10u1) buster-security; urgency=medium . * Rebuild for buster-security. * The WebKitGTK security advisory WSA-2020-0008 lists the following security fixes in the latest versions of WebKitGTK: + CVE-2020-9952 (fixed in 2.28.3). + CVE-2020-9948, CVE-2020-9951 (fixed in 2.30.0). + CVE-2020-9983, CVE-2020-13584 (fixed in 2.30.3). * debian/patches/force-single-process.patch: + Force the single-process mode in Evolution and Geary * debian/control: + Remove Breaks for Evolution < 3.34.1. + Remove build dependency on libwpebackend-fdo-1.0-dev. + Switch build dependency from libenchant-2-dev to libenchant-dev. webkit2gtk (2.30.2-1) unstable; urgency=medium . * New upstream release. webkit2gtk (2.30.1-1) unstable; urgency=medium . * New upstream release. * debian/copyright: + Update copyright information of all files. * debian/gbp.conf: + Update upstream branch name. * debian/source/lintian-overrides: + Remove mailing-list-obsolete-in-debian-infrastructure. webkit2gtk (2.30.1-1~bpo10+1) buster-backports; urgency=medium . * Rebuild for buster-backports. * debian/patches/force-single-process.patch: + Force the single-process mode in Evolution and Geary * debian/control: + Remove Breaks for Evolution < 3.34.1. + Remove build dependency on libwpebackend-fdo-1.0-dev. + Switch build dependency from libenchant-2-dev to libenchant-dev. webkit2gtk (2.30.0-1) experimental; urgency=medium . * New upstream release. * debian/watch: + Scan stable releases only. webkit2gtk (2.29.92-1) experimental; urgency=medium . * New upstream development release. webkit2gtk (2.29.91-1) experimental; urgency=medium . * New upstream development release (Closes: #967992). * debian/copyright: + Update copyright information of all files. webkit2gtk (2.29.4-1) experimental; urgency=medium . * New upstream development release. * debian/control: + Install libgl1-mesa-dev unconditionally. The decision of which gl library to use is now taken directly by cmake. * Don't build the documentation in binary-arch builds and with the nodoc build profile. + debian/control: - Move gtk-doc-tools and *-doc to Build-Depends-Indep. - Add Build-Profiles: to libwebkit2gtk-4.0-doc + debian/rules: - Use dh_listpackages to decide whether to build the documentation. * debian/libwebkit2gtk-4.0-37.symbols: + Update symbols. webkit2gtk (2.29.3-1) experimental; urgency=medium . * New upstream development release. * debian/rules: + Remove disabling of openjpeg on Ubuntu, it's in main now (thanks, Sebastien Bacher) * debian/copyright: + Update copyright information of all files. * debian/libwebkit2gtk-4.0-37.symbols: + Update symbols. * debian/source/lintian-overrides: + Update source-is-missing overrides. webkit2gtk (2.29.2-1) experimental; urgency=medium . * New upstream development release. * debian/patches/fix-ftbfs-m68k.patch: + Refresh. * debian/libwebkit2gtk-4.0-37.symbols: + Update symbols. webkit2gtk (2.29.1-1) experimental; urgency=medium . * New upstream development release (Closes: #945237). * debian/watch, debian/gbp.conf: + Update for 2.29.x packages in experimental. * Refresh all patches. * debian/patches/dont-fallback-to-libwpe.patch, debian/patches/user-agent-branding.patch: + Drop these patches, they are now included upstream. * debian/rules: + Replace USER_AGENT_GTK_DISTRIBUTOR_NAME with the new USER_AGENT_BRANDING build option in Ubuntu. * debian/patches/detect-gstreamer-gl.patch, debian/patches/detect-woff.patch: + Drop these patches. We won't be making backports of WebKitGTK 2.29.x for stretch. * debian/libwebkit2gtk-4.0-37.symbols: + Update symbols. * debian/control: + Add build dependency on libsystemd-dev. * debian/source/lintian-overrides: + Update source-is-missing overrides. webkit2gtk (2.28.4-1) unstable; urgency=high . * New upstream release. * Enable OpenGL ES in arm: + debian/patches/use-gles-on-arm.patch: - Set ENABLE_GLES2_DEFAULT to ON on arm. + debian/control: - Always depend on libgl1-mesa-dev. wireshark (2.6.20-0+deb10u1) buster; urgency=medium . * Non-maintainer upload. * New upstream version including the following security fixes: - CVE-2019-16319: The Gryphon dissector could go into an infinite loop. - CVE-2019-19553: The CMS dissector could crash. - CVE-2020-7045: The BT ATT dissector could crash. - CVE-2020-9428: The EAP dissector could crash. - CVE-2020-9430: The WiMax DLMAP dissector could crash. - CVE-2020-9431: The LTE RRC dissector could leak memory. - CVE-2020-11647: The BACapp dissector could crash. (Closes: #958213) - CVE-2020-13164: The NFS dissector could crash. - CVE-2020-15466: The GVCP dissector could go into an infinite loop. - CVE-2020-25862: The TCP dissector could crash. - CVE-2020-25863: The MIME Multipart dissector could crash. * Adjust 17_libdir_location.patch for context changes. * Since Wireshark 2.6.14 tests are run automatically by debhelper, backport the build fix and making test failures non-fatal. * CVE-2020-26575: The Facebook Zero Protocol (aka FBZERO) dissector could enter an infinite loop. (Closes: #974688) * CVE-2020-28030: The GQUIC dissector could crash. (Closes: #974689) * CVE-2020-26418: Memory leak in the Kafka protocol dissector. * CVE-2020-26421: Crash in USB HID protocol dissector. wireshark (2.6.10-1) unstable; urgency=medium . * New upstream version 2.6.10 - security fixes: - ASN.1 BER and related dissectors crash (CVE-2019-13619) - fix QIcon crash on exit on Ubuntu 16.04 with Qt 5.5.1 (LP: #1803808) * debian/gitlab-ci.yml: User minimal reference configuration wireshark (2.6.9-1) unstable; urgency=medium . * Acknowledge NMU * New upstream version 2.6.9 * Drop obsolete CVE-2019-12295.patch * Refresh patches xen (4.11.4+57-g41a822c392-2) buster-security; urgency=high . * Apply security fixes for the following issues: - oxenstored: permissions not checked on root node XSA-353 (CVE-2020-29479) - xenstore watch notifications lacking permission checks XSA-115 (CVE-2020-29480) - Xenstore: new domains inheriting existing node permissions XSA-322 (CVE-2020-29481) - Xenstore: wrong path length check XSA-323 (CVE-2020-29482) - Xenstore: guests can crash xenstored via watchs XSA-324 (CVE-2020-29484) - Xenstore: guests can disturb domain cleanup XSA-325 (CVE-2020-29483) - oxenstored memory leak in reset_watches XSA-330 (CVE-2020-29485) - oxenstored: node ownership can be changed by unprivileged clients XSA-352 (CVE-2020-29486) - undue recursion in x86 HVM context switch code XSA-348 (CVE-2020-29566) - FIFO event channels control block related ordering XSA-358 (CVE-2020-29570) - FIFO event channels control structure ordering XSA-359 (CVE-2020-29571) * Note that the following XSA are not listed, because... - XSA-349 and XSA-350 have patches for the Linux kernel - XSA-354 has patches for the XAPI toolstack - XSA-356 only applies to Xen 4.14 xen (4.11.4+57-g41a822c392-1) buster-security; urgency=high . * Update to new upstream version 4.11.4+57-g41a822c392, which also contains security fixes for the following issues: - x86: Race condition in Xen mapping code XSA-345 (CVE-2020-27672) - undue deferral of IOMMU TLB flushes XSA-346 (CVE-2020-27671) - unsafe AMD IOMMU page table updates XSA-347 (CVE-2020-27670) - x86 PV guest INVLPG-like flushes may leave stale TLB entries XSA-286 (CVE-2020-27674) - Information leak via power sidechannel XSA-351 (CVE-2020-28368) - stack corruption from XSA-346 change XSA-355 (CVE-2020-29040) xerces-c (3.2.2+debian-1+deb10u1) buster-security; urgency=high . * Non-maintainer upload. * CVE-2018-1311 mitigation: fix use-after-free vulnerability when processing external DTD, at the expense of a memory leak. Users may mitigate both by setting the XERCES_DISABLE_DTD environment variable. xorg-server (2:1.20.4-1+deb10u2) buster-security; urgency=medium . * CVE-2020-14360 CVE-2020-25712 ====================================== Sat, 05 Dec 2020 - Debian 10.7 released ====================================== ========================================================================= [Date: Sat, 05 Dec 2020 09:41:49 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: ata-modules-4.19.0-10-powerpc64le-di | 4.19.132-1 | ppc64el ata-modules-4.19.0-12-powerpc64le-di | 4.19.152-1 | ppc64el btrfs-modules-4.19.0-10-powerpc64le-di | 4.19.132-1 | ppc64el btrfs-modules-4.19.0-12-powerpc64le-di | 4.19.152-1 | ppc64el cdrom-core-modules-4.19.0-10-powerpc64le-di | 4.19.132-1 | ppc64el cdrom-core-modules-4.19.0-12-powerpc64le-di | 4.19.152-1 | ppc64el compress-modules-4.19.0-10-powerpc64le-di | 4.19.132-1 | ppc64el compress-modules-4.19.0-12-powerpc64le-di | 4.19.152-1 | ppc64el crc-modules-4.19.0-10-powerpc64le-di | 4.19.132-1 | ppc64el crc-modules-4.19.0-12-powerpc64le-di | 4.19.152-1 | ppc64el crypto-dm-modules-4.19.0-10-powerpc64le-di | 4.19.132-1 | ppc64el crypto-dm-modules-4.19.0-12-powerpc64le-di | 4.19.152-1 | ppc64el crypto-modules-4.19.0-10-powerpc64le-di | 4.19.132-1 | ppc64el crypto-modules-4.19.0-12-powerpc64le-di | 4.19.152-1 | ppc64el event-modules-4.19.0-10-powerpc64le-di | 4.19.132-1 | ppc64el event-modules-4.19.0-12-powerpc64le-di | 4.19.152-1 | ppc64el ext4-modules-4.19.0-10-powerpc64le-di | 4.19.132-1 | ppc64el ext4-modules-4.19.0-12-powerpc64le-di | 4.19.152-1 | ppc64el fancontrol-modules-4.19.0-10-powerpc64le-di | 4.19.132-1 | ppc64el fancontrol-modules-4.19.0-12-powerpc64le-di | 4.19.152-1 | ppc64el fat-modules-4.19.0-10-powerpc64le-di | 4.19.132-1 | ppc64el fat-modules-4.19.0-12-powerpc64le-di | 4.19.152-1 | ppc64el fb-modules-4.19.0-10-powerpc64le-di | 4.19.132-1 | ppc64el fb-modules-4.19.0-12-powerpc64le-di | 4.19.152-1 | ppc64el firewire-core-modules-4.19.0-10-powerpc64le-di | 4.19.132-1 | ppc64el firewire-core-modules-4.19.0-12-powerpc64le-di | 4.19.152-1 | ppc64el fuse-modules-4.19.0-10-powerpc64le-di | 4.19.132-1 | ppc64el fuse-modules-4.19.0-12-powerpc64le-di | 4.19.152-1 | ppc64el hypervisor-modules-4.19.0-10-powerpc64le-di | 4.19.132-1 | ppc64el hypervisor-modules-4.19.0-12-powerpc64le-di | 4.19.152-1 | ppc64el i2c-modules-4.19.0-10-powerpc64le-di | 4.19.132-1 | ppc64el i2c-modules-4.19.0-12-powerpc64le-di | 4.19.152-1 | ppc64el input-modules-4.19.0-10-powerpc64le-di | 4.19.132-1 | ppc64el input-modules-4.19.0-12-powerpc64le-di | 4.19.152-1 | ppc64el isofs-modules-4.19.0-10-powerpc64le-di | 4.19.132-1 | ppc64el isofs-modules-4.19.0-12-powerpc64le-di | 4.19.152-1 | ppc64el jfs-modules-4.19.0-10-powerpc64le-di | 4.19.132-1 | ppc64el jfs-modules-4.19.0-12-powerpc64le-di | 4.19.152-1 | ppc64el kernel-image-4.19.0-10-powerpc64le-di | 4.19.132-1 | ppc64el kernel-image-4.19.0-12-powerpc64le-di | 4.19.152-1 | ppc64el linux-headers-4.19.0-10-all-ppc64el | 4.19.132-1 | ppc64el linux-headers-4.19.0-10-powerpc64le | 4.19.132-1 | ppc64el linux-headers-4.19.0-12-all-ppc64el | 4.19.152-1 | ppc64el linux-headers-4.19.0-12-powerpc64le | 4.19.152-1 | ppc64el linux-image-4.19.0-10-powerpc64le | 4.19.132-1 | ppc64el linux-image-4.19.0-10-powerpc64le-dbg | 4.19.132-1 | ppc64el linux-image-4.19.0-12-powerpc64le | 4.19.152-1 | ppc64el linux-image-4.19.0-12-powerpc64le-dbg | 4.19.152-1 | ppc64el loop-modules-4.19.0-10-powerpc64le-di | 4.19.132-1 | ppc64el loop-modules-4.19.0-12-powerpc64le-di | 4.19.152-1 | ppc64el md-modules-4.19.0-10-powerpc64le-di | 4.19.132-1 | ppc64el md-modules-4.19.0-12-powerpc64le-di | 4.19.152-1 | ppc64el mouse-modules-4.19.0-10-powerpc64le-di | 4.19.132-1 | ppc64el mouse-modules-4.19.0-12-powerpc64le-di | 4.19.152-1 | ppc64el mtd-core-modules-4.19.0-10-powerpc64le-di | 4.19.132-1 | ppc64el mtd-core-modules-4.19.0-12-powerpc64le-di | 4.19.152-1 | ppc64el multipath-modules-4.19.0-10-powerpc64le-di | 4.19.132-1 | ppc64el multipath-modules-4.19.0-12-powerpc64le-di | 4.19.152-1 | ppc64el nbd-modules-4.19.0-10-powerpc64le-di | 4.19.132-1 | ppc64el nbd-modules-4.19.0-12-powerpc64le-di | 4.19.152-1 | ppc64el nic-modules-4.19.0-10-powerpc64le-di | 4.19.132-1 | ppc64el nic-modules-4.19.0-12-powerpc64le-di | 4.19.152-1 | ppc64el nic-shared-modules-4.19.0-10-powerpc64le-di | 4.19.132-1 | ppc64el nic-shared-modules-4.19.0-12-powerpc64le-di | 4.19.152-1 | ppc64el nic-usb-modules-4.19.0-10-powerpc64le-di | 4.19.132-1 | ppc64el nic-usb-modules-4.19.0-12-powerpc64le-di | 4.19.152-1 | ppc64el nic-wireless-modules-4.19.0-10-powerpc64le-di | 4.19.132-1 | ppc64el nic-wireless-modules-4.19.0-12-powerpc64le-di | 4.19.152-1 | ppc64el ppp-modules-4.19.0-10-powerpc64le-di | 4.19.132-1 | ppc64el ppp-modules-4.19.0-12-powerpc64le-di | 4.19.152-1 | ppc64el sata-modules-4.19.0-10-powerpc64le-di | 4.19.132-1 | ppc64el sata-modules-4.19.0-12-powerpc64le-di | 4.19.152-1 | ppc64el scsi-core-modules-4.19.0-10-powerpc64le-di | 4.19.132-1 | ppc64el scsi-core-modules-4.19.0-12-powerpc64le-di | 4.19.152-1 | ppc64el scsi-modules-4.19.0-10-powerpc64le-di | 4.19.132-1 | ppc64el scsi-modules-4.19.0-12-powerpc64le-di | 4.19.152-1 | ppc64el scsi-nic-modules-4.19.0-10-powerpc64le-di | 4.19.132-1 | ppc64el scsi-nic-modules-4.19.0-12-powerpc64le-di | 4.19.152-1 | ppc64el serial-modules-4.19.0-10-powerpc64le-di | 4.19.132-1 | ppc64el serial-modules-4.19.0-12-powerpc64le-di | 4.19.152-1 | ppc64el squashfs-modules-4.19.0-10-powerpc64le-di | 4.19.132-1 | ppc64el squashfs-modules-4.19.0-12-powerpc64le-di | 4.19.152-1 | ppc64el udf-modules-4.19.0-10-powerpc64le-di | 4.19.132-1 | ppc64el udf-modules-4.19.0-12-powerpc64le-di | 4.19.152-1 | ppc64el uinput-modules-4.19.0-10-powerpc64le-di | 4.19.132-1 | ppc64el uinput-modules-4.19.0-12-powerpc64le-di | 4.19.152-1 | ppc64el usb-modules-4.19.0-10-powerpc64le-di | 4.19.132-1 | ppc64el usb-modules-4.19.0-12-powerpc64le-di | 4.19.152-1 | ppc64el usb-serial-modules-4.19.0-10-powerpc64le-di | 4.19.132-1 | ppc64el usb-serial-modules-4.19.0-12-powerpc64le-di | 4.19.152-1 | ppc64el usb-storage-modules-4.19.0-10-powerpc64le-di | 4.19.132-1 | ppc64el usb-storage-modules-4.19.0-12-powerpc64le-di | 4.19.152-1 | ppc64el xfs-modules-4.19.0-10-powerpc64le-di | 4.19.132-1 | ppc64el xfs-modules-4.19.0-12-powerpc64le-di | 4.19.152-1 | ppc64el ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 05 Dec 2020 09:42:40 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: btrfs-modules-4.19.0-10-s390x-di | 4.19.132-1 | s390x btrfs-modules-4.19.0-12-s390x-di | 4.19.152-1 | s390x cdrom-core-modules-4.19.0-10-s390x-di | 4.19.132-1 | s390x cdrom-core-modules-4.19.0-12-s390x-di | 4.19.152-1 | s390x compress-modules-4.19.0-10-s390x-di | 4.19.132-1 | s390x compress-modules-4.19.0-12-s390x-di | 4.19.152-1 | s390x crc-modules-4.19.0-10-s390x-di | 4.19.132-1 | s390x crc-modules-4.19.0-12-s390x-di | 4.19.152-1 | s390x crypto-dm-modules-4.19.0-10-s390x-di | 4.19.132-1 | s390x crypto-dm-modules-4.19.0-12-s390x-di | 4.19.152-1 | s390x crypto-modules-4.19.0-10-s390x-di | 4.19.132-1 | s390x crypto-modules-4.19.0-12-s390x-di | 4.19.152-1 | s390x dasd-extra-modules-4.19.0-10-s390x-di | 4.19.132-1 | s390x dasd-extra-modules-4.19.0-12-s390x-di | 4.19.152-1 | s390x dasd-modules-4.19.0-10-s390x-di | 4.19.132-1 | s390x dasd-modules-4.19.0-12-s390x-di | 4.19.152-1 | s390x ext4-modules-4.19.0-10-s390x-di | 4.19.132-1 | s390x ext4-modules-4.19.0-12-s390x-di | 4.19.152-1 | s390x fat-modules-4.19.0-10-s390x-di | 4.19.132-1 | s390x fat-modules-4.19.0-12-s390x-di | 4.19.152-1 | s390x fuse-modules-4.19.0-10-s390x-di | 4.19.132-1 | s390x fuse-modules-4.19.0-12-s390x-di | 4.19.152-1 | s390x isofs-modules-4.19.0-10-s390x-di | 4.19.132-1 | s390x isofs-modules-4.19.0-12-s390x-di | 4.19.152-1 | s390x kernel-image-4.19.0-10-s390x-di | 4.19.132-1 | s390x kernel-image-4.19.0-12-s390x-di | 4.19.152-1 | s390x linux-headers-4.19.0-10-all-s390x | 4.19.132-1 | s390x linux-headers-4.19.0-10-s390x | 4.19.132-1 | s390x linux-headers-4.19.0-12-all-s390x | 4.19.152-1 | s390x linux-headers-4.19.0-12-s390x | 4.19.152-1 | s390x linux-image-4.19.0-10-s390x | 4.19.132-1 | s390x linux-image-4.19.0-10-s390x-dbg | 4.19.132-1 | s390x linux-image-4.19.0-12-s390x | 4.19.152-1 | s390x linux-image-4.19.0-12-s390x-dbg | 4.19.152-1 | s390x loop-modules-4.19.0-10-s390x-di | 4.19.132-1 | s390x loop-modules-4.19.0-12-s390x-di | 4.19.152-1 | s390x md-modules-4.19.0-10-s390x-di | 4.19.132-1 | s390x md-modules-4.19.0-12-s390x-di | 4.19.152-1 | s390x mtd-core-modules-4.19.0-10-s390x-di | 4.19.132-1 | s390x mtd-core-modules-4.19.0-12-s390x-di | 4.19.152-1 | s390x multipath-modules-4.19.0-10-s390x-di | 4.19.132-1 | s390x multipath-modules-4.19.0-12-s390x-di | 4.19.152-1 | s390x nbd-modules-4.19.0-10-s390x-di | 4.19.132-1 | s390x nbd-modules-4.19.0-12-s390x-di | 4.19.152-1 | s390x nic-modules-4.19.0-10-s390x-di | 4.19.132-1 | s390x nic-modules-4.19.0-12-s390x-di | 4.19.152-1 | s390x scsi-core-modules-4.19.0-10-s390x-di | 4.19.132-1 | s390x scsi-core-modules-4.19.0-12-s390x-di | 4.19.152-1 | s390x scsi-modules-4.19.0-10-s390x-di | 4.19.132-1 | s390x scsi-modules-4.19.0-12-s390x-di | 4.19.152-1 | s390x udf-modules-4.19.0-10-s390x-di | 4.19.132-1 | s390x udf-modules-4.19.0-12-s390x-di | 4.19.152-1 | s390x xfs-modules-4.19.0-10-s390x-di | 4.19.132-1 | s390x xfs-modules-4.19.0-12-s390x-di | 4.19.152-1 | s390x zlib-modules-4.19.0-10-s390x-di | 4.19.132-1 | s390x zlib-modules-4.19.0-12-s390x-di | 4.19.152-1 | s390x ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 05 Dec 2020 09:43:11 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: linux-headers-4.19.0-10-all | 4.19.132-1 | amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x linux-headers-4.19.0-12-all | 4.19.152-1 | amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 05 Dec 2020 09:43:39 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: linux-headers-4.19.0-10-all-arm64 | 4.19.132-1 | arm64 linux-headers-4.19.0-10-arm64 | 4.19.132-1 | arm64 linux-headers-4.19.0-10-rt-arm64 | 4.19.132-1 | arm64 linux-headers-4.19.0-12-all-arm64 | 4.19.152-1 | arm64 linux-headers-4.19.0-12-arm64 | 4.19.152-1 | arm64 linux-headers-4.19.0-12-rt-arm64 | 4.19.152-1 | arm64 linux-image-4.19.0-10-arm64-dbg | 4.19.132-1 | arm64 linux-image-4.19.0-10-arm64-unsigned | 4.19.132-1 | arm64 linux-image-4.19.0-10-rt-arm64-dbg | 4.19.132-1 | arm64 linux-image-4.19.0-10-rt-arm64-unsigned | 4.19.132-1 | arm64 linux-image-4.19.0-12-arm64-dbg | 4.19.152-1 | arm64 linux-image-4.19.0-12-arm64-unsigned | 4.19.152-1 | arm64 linux-image-4.19.0-12-rt-arm64-dbg | 4.19.152-1 | arm64 linux-image-4.19.0-12-rt-arm64-unsigned | 4.19.152-1 | arm64 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 05 Dec 2020 09:45:04 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: btrfs-modules-4.19.0-10-marvell-di | 4.19.132-1 | armel btrfs-modules-4.19.0-12-marvell-di | 4.19.152-1 | armel cdrom-core-modules-4.19.0-10-marvell-di | 4.19.132-1 | armel cdrom-core-modules-4.19.0-12-marvell-di | 4.19.152-1 | armel compress-modules-4.19.0-10-marvell-di | 4.19.132-1 | armel compress-modules-4.19.0-12-marvell-di | 4.19.152-1 | armel crc-modules-4.19.0-10-marvell-di | 4.19.132-1 | armel crc-modules-4.19.0-12-marvell-di | 4.19.152-1 | armel crypto-dm-modules-4.19.0-10-marvell-di | 4.19.132-1 | armel crypto-dm-modules-4.19.0-12-marvell-di | 4.19.152-1 | armel crypto-modules-4.19.0-10-marvell-di | 4.19.132-1 | armel crypto-modules-4.19.0-12-marvell-di | 4.19.152-1 | armel event-modules-4.19.0-10-marvell-di | 4.19.132-1 | armel event-modules-4.19.0-12-marvell-di | 4.19.152-1 | armel ext4-modules-4.19.0-10-marvell-di | 4.19.132-1 | armel ext4-modules-4.19.0-12-marvell-di | 4.19.152-1 | armel fat-modules-4.19.0-10-marvell-di | 4.19.132-1 | armel fat-modules-4.19.0-12-marvell-di | 4.19.152-1 | armel fb-modules-4.19.0-10-marvell-di | 4.19.132-1 | armel fb-modules-4.19.0-12-marvell-di | 4.19.152-1 | armel fuse-modules-4.19.0-10-marvell-di | 4.19.132-1 | armel fuse-modules-4.19.0-12-marvell-di | 4.19.152-1 | armel input-modules-4.19.0-10-marvell-di | 4.19.132-1 | armel input-modules-4.19.0-12-marvell-di | 4.19.152-1 | armel ipv6-modules-4.19.0-10-marvell-di | 4.19.132-1 | armel ipv6-modules-4.19.0-12-marvell-di | 4.19.152-1 | armel isofs-modules-4.19.0-10-marvell-di | 4.19.132-1 | armel isofs-modules-4.19.0-12-marvell-di | 4.19.152-1 | armel jffs2-modules-4.19.0-10-marvell-di | 4.19.132-1 | armel jffs2-modules-4.19.0-12-marvell-di | 4.19.152-1 | armel jfs-modules-4.19.0-10-marvell-di | 4.19.132-1 | armel jfs-modules-4.19.0-12-marvell-di | 4.19.152-1 | armel kernel-image-4.19.0-10-marvell-di | 4.19.132-1 | armel kernel-image-4.19.0-12-marvell-di | 4.19.152-1 | armel leds-modules-4.19.0-10-marvell-di | 4.19.132-1 | armel leds-modules-4.19.0-12-marvell-di | 4.19.152-1 | armel linux-headers-4.19.0-10-all-armel | 4.19.132-1 | armel linux-headers-4.19.0-10-marvell | 4.19.132-1 | armel linux-headers-4.19.0-10-rpi | 4.19.132-1 | armel linux-headers-4.19.0-12-all-armel | 4.19.152-1 | armel linux-headers-4.19.0-12-marvell | 4.19.152-1 | armel linux-headers-4.19.0-12-rpi | 4.19.152-1 | armel linux-image-4.19.0-10-marvell | 4.19.132-1 | armel linux-image-4.19.0-10-marvell-dbg | 4.19.132-1 | armel linux-image-4.19.0-10-rpi | 4.19.132-1 | armel linux-image-4.19.0-10-rpi-dbg | 4.19.132-1 | armel linux-image-4.19.0-12-marvell | 4.19.152-1 | armel linux-image-4.19.0-12-marvell-dbg | 4.19.152-1 | armel linux-image-4.19.0-12-rpi | 4.19.152-1 | armel linux-image-4.19.0-12-rpi-dbg | 4.19.152-1 | armel loop-modules-4.19.0-10-marvell-di | 4.19.132-1 | armel loop-modules-4.19.0-12-marvell-di | 4.19.152-1 | armel md-modules-4.19.0-10-marvell-di | 4.19.132-1 | armel md-modules-4.19.0-12-marvell-di | 4.19.152-1 | armel minix-modules-4.19.0-10-marvell-di | 4.19.132-1 | armel minix-modules-4.19.0-12-marvell-di | 4.19.152-1 | armel mmc-core-modules-4.19.0-10-marvell-di | 4.19.132-1 | armel mmc-core-modules-4.19.0-12-marvell-di | 4.19.152-1 | armel mmc-modules-4.19.0-10-marvell-di | 4.19.132-1 | armel mmc-modules-4.19.0-12-marvell-di | 4.19.152-1 | armel mouse-modules-4.19.0-10-marvell-di | 4.19.132-1 | armel mouse-modules-4.19.0-12-marvell-di | 4.19.152-1 | armel mtd-core-modules-4.19.0-10-marvell-di | 4.19.132-1 | armel mtd-core-modules-4.19.0-12-marvell-di | 4.19.152-1 | armel mtd-modules-4.19.0-10-marvell-di | 4.19.132-1 | armel mtd-modules-4.19.0-12-marvell-di | 4.19.152-1 | armel multipath-modules-4.19.0-10-marvell-di | 4.19.132-1 | armel multipath-modules-4.19.0-12-marvell-di | 4.19.152-1 | armel nbd-modules-4.19.0-10-marvell-di | 4.19.132-1 | armel nbd-modules-4.19.0-12-marvell-di | 4.19.152-1 | armel nic-modules-4.19.0-10-marvell-di | 4.19.132-1 | armel nic-modules-4.19.0-12-marvell-di | 4.19.152-1 | armel nic-shared-modules-4.19.0-10-marvell-di | 4.19.132-1 | armel nic-shared-modules-4.19.0-12-marvell-di | 4.19.152-1 | armel nic-usb-modules-4.19.0-10-marvell-di | 4.19.132-1 | armel nic-usb-modules-4.19.0-12-marvell-di | 4.19.152-1 | armel ppp-modules-4.19.0-10-marvell-di | 4.19.132-1 | armel ppp-modules-4.19.0-12-marvell-di | 4.19.152-1 | armel sata-modules-4.19.0-10-marvell-di | 4.19.132-1 | armel sata-modules-4.19.0-12-marvell-di | 4.19.152-1 | armel scsi-core-modules-4.19.0-10-marvell-di | 4.19.132-1 | armel scsi-core-modules-4.19.0-12-marvell-di | 4.19.152-1 | armel squashfs-modules-4.19.0-10-marvell-di | 4.19.132-1 | armel squashfs-modules-4.19.0-12-marvell-di | 4.19.152-1 | armel udf-modules-4.19.0-10-marvell-di | 4.19.132-1 | armel udf-modules-4.19.0-12-marvell-di | 4.19.152-1 | armel uinput-modules-4.19.0-10-marvell-di | 4.19.132-1 | armel uinput-modules-4.19.0-12-marvell-di | 4.19.152-1 | armel usb-modules-4.19.0-10-marvell-di | 4.19.132-1 | armel usb-modules-4.19.0-12-marvell-di | 4.19.152-1 | armel usb-serial-modules-4.19.0-10-marvell-di | 4.19.132-1 | armel usb-serial-modules-4.19.0-12-marvell-di | 4.19.152-1 | armel usb-storage-modules-4.19.0-10-marvell-di | 4.19.132-1 | armel usb-storage-modules-4.19.0-12-marvell-di | 4.19.152-1 | armel zlib-modules-4.19.0-10-marvell-di | 4.19.132-1 | armel zlib-modules-4.19.0-12-marvell-di | 4.19.152-1 | armel ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 05 Dec 2020 09:45:58 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: ata-modules-4.19.0-10-armmp-di | 4.19.132-1 | armhf ata-modules-4.19.0-12-armmp-di | 4.19.152-1 | armhf btrfs-modules-4.19.0-10-armmp-di | 4.19.132-1 | armhf btrfs-modules-4.19.0-12-armmp-di | 4.19.152-1 | armhf cdrom-core-modules-4.19.0-10-armmp-di | 4.19.132-1 | armhf cdrom-core-modules-4.19.0-12-armmp-di | 4.19.152-1 | armhf compress-modules-4.19.0-10-armmp-di | 4.19.132-1 | armhf compress-modules-4.19.0-12-armmp-di | 4.19.152-1 | armhf crc-modules-4.19.0-10-armmp-di | 4.19.132-1 | armhf crc-modules-4.19.0-12-armmp-di | 4.19.152-1 | armhf crypto-dm-modules-4.19.0-10-armmp-di | 4.19.132-1 | armhf crypto-dm-modules-4.19.0-12-armmp-di | 4.19.152-1 | armhf crypto-modules-4.19.0-10-armmp-di | 4.19.132-1 | armhf crypto-modules-4.19.0-12-armmp-di | 4.19.152-1 | armhf efi-modules-4.19.0-10-armmp-di | 4.19.132-1 | armhf efi-modules-4.19.0-12-armmp-di | 4.19.152-1 | armhf event-modules-4.19.0-10-armmp-di | 4.19.132-1 | armhf event-modules-4.19.0-12-armmp-di | 4.19.152-1 | armhf ext4-modules-4.19.0-10-armmp-di | 4.19.132-1 | armhf ext4-modules-4.19.0-12-armmp-di | 4.19.152-1 | armhf fat-modules-4.19.0-10-armmp-di | 4.19.132-1 | armhf fat-modules-4.19.0-12-armmp-di | 4.19.152-1 | armhf fb-modules-4.19.0-10-armmp-di | 4.19.132-1 | armhf fb-modules-4.19.0-12-armmp-di | 4.19.152-1 | armhf fuse-modules-4.19.0-10-armmp-di | 4.19.132-1 | armhf fuse-modules-4.19.0-12-armmp-di | 4.19.152-1 | armhf i2c-modules-4.19.0-10-armmp-di | 4.19.132-1 | armhf i2c-modules-4.19.0-12-armmp-di | 4.19.152-1 | armhf input-modules-4.19.0-10-armmp-di | 4.19.132-1 | armhf input-modules-4.19.0-12-armmp-di | 4.19.152-1 | armhf isofs-modules-4.19.0-10-armmp-di | 4.19.132-1 | armhf isofs-modules-4.19.0-12-armmp-di | 4.19.152-1 | armhf jfs-modules-4.19.0-10-armmp-di | 4.19.132-1 | armhf jfs-modules-4.19.0-12-armmp-di | 4.19.152-1 | armhf kernel-image-4.19.0-10-armmp-di | 4.19.132-1 | armhf kernel-image-4.19.0-12-armmp-di | 4.19.152-1 | armhf leds-modules-4.19.0-10-armmp-di | 4.19.132-1 | armhf leds-modules-4.19.0-12-armmp-di | 4.19.152-1 | armhf linux-headers-4.19.0-10-all-armhf | 4.19.132-1 | armhf linux-headers-4.19.0-10-armmp | 4.19.132-1 | armhf linux-headers-4.19.0-10-armmp-lpae | 4.19.132-1 | armhf linux-headers-4.19.0-10-rt-armmp | 4.19.132-1 | armhf linux-headers-4.19.0-12-all-armhf | 4.19.152-1 | armhf linux-headers-4.19.0-12-armmp | 4.19.152-1 | armhf linux-headers-4.19.0-12-armmp-lpae | 4.19.152-1 | armhf linux-headers-4.19.0-12-rt-armmp | 4.19.152-1 | armhf linux-image-4.19.0-10-armmp | 4.19.132-1 | armhf linux-image-4.19.0-10-armmp-dbg | 4.19.132-1 | armhf linux-image-4.19.0-10-armmp-lpae | 4.19.132-1 | armhf linux-image-4.19.0-10-armmp-lpae-dbg | 4.19.132-1 | armhf linux-image-4.19.0-10-rt-armmp | 4.19.132-1 | armhf linux-image-4.19.0-10-rt-armmp-dbg | 4.19.132-1 | armhf linux-image-4.19.0-12-armmp | 4.19.152-1 | armhf linux-image-4.19.0-12-armmp-dbg | 4.19.152-1 | armhf linux-image-4.19.0-12-armmp-lpae | 4.19.152-1 | armhf linux-image-4.19.0-12-armmp-lpae-dbg | 4.19.152-1 | armhf linux-image-4.19.0-12-rt-armmp | 4.19.152-1 | armhf linux-image-4.19.0-12-rt-armmp-dbg | 4.19.152-1 | armhf loop-modules-4.19.0-10-armmp-di | 4.19.132-1 | armhf loop-modules-4.19.0-12-armmp-di | 4.19.152-1 | armhf md-modules-4.19.0-10-armmp-di | 4.19.132-1 | armhf md-modules-4.19.0-12-armmp-di | 4.19.152-1 | armhf mmc-modules-4.19.0-10-armmp-di | 4.19.132-1 | armhf mmc-modules-4.19.0-12-armmp-di | 4.19.152-1 | armhf mtd-modules-4.19.0-10-armmp-di | 4.19.132-1 | armhf mtd-modules-4.19.0-12-armmp-di | 4.19.152-1 | armhf multipath-modules-4.19.0-10-armmp-di | 4.19.132-1 | armhf multipath-modules-4.19.0-12-armmp-di | 4.19.152-1 | armhf nbd-modules-4.19.0-10-armmp-di | 4.19.132-1 | armhf nbd-modules-4.19.0-12-armmp-di | 4.19.152-1 | armhf nic-modules-4.19.0-10-armmp-di | 4.19.132-1 | armhf nic-modules-4.19.0-12-armmp-di | 4.19.152-1 | armhf nic-shared-modules-4.19.0-10-armmp-di | 4.19.132-1 | armhf nic-shared-modules-4.19.0-12-armmp-di | 4.19.152-1 | armhf nic-usb-modules-4.19.0-10-armmp-di | 4.19.132-1 | armhf nic-usb-modules-4.19.0-12-armmp-di | 4.19.152-1 | armhf nic-wireless-modules-4.19.0-10-armmp-di | 4.19.132-1 | armhf nic-wireless-modules-4.19.0-12-armmp-di | 4.19.152-1 | armhf pata-modules-4.19.0-10-armmp-di | 4.19.132-1 | armhf pata-modules-4.19.0-12-armmp-di | 4.19.152-1 | armhf ppp-modules-4.19.0-10-armmp-di | 4.19.132-1 | armhf ppp-modules-4.19.0-12-armmp-di | 4.19.152-1 | armhf sata-modules-4.19.0-10-armmp-di | 4.19.132-1 | armhf sata-modules-4.19.0-12-armmp-di | 4.19.152-1 | armhf scsi-core-modules-4.19.0-10-armmp-di | 4.19.132-1 | armhf scsi-core-modules-4.19.0-12-armmp-di | 4.19.152-1 | armhf scsi-modules-4.19.0-10-armmp-di | 4.19.132-1 | armhf scsi-modules-4.19.0-12-armmp-di | 4.19.152-1 | armhf scsi-nic-modules-4.19.0-10-armmp-di | 4.19.132-1 | armhf scsi-nic-modules-4.19.0-12-armmp-di | 4.19.152-1 | armhf squashfs-modules-4.19.0-10-armmp-di | 4.19.132-1 | armhf squashfs-modules-4.19.0-12-armmp-di | 4.19.152-1 | armhf udf-modules-4.19.0-10-armmp-di | 4.19.132-1 | armhf udf-modules-4.19.0-12-armmp-di | 4.19.152-1 | armhf uinput-modules-4.19.0-10-armmp-di | 4.19.132-1 | armhf uinput-modules-4.19.0-12-armmp-di | 4.19.152-1 | armhf usb-modules-4.19.0-10-armmp-di | 4.19.132-1 | armhf usb-modules-4.19.0-12-armmp-di | 4.19.152-1 | armhf usb-serial-modules-4.19.0-10-armmp-di | 4.19.132-1 | armhf usb-serial-modules-4.19.0-12-armmp-di | 4.19.152-1 | armhf usb-storage-modules-4.19.0-10-armmp-di | 4.19.132-1 | armhf usb-storage-modules-4.19.0-12-armmp-di | 4.19.152-1 | armhf zlib-modules-4.19.0-10-armmp-di | 4.19.132-1 | armhf zlib-modules-4.19.0-12-armmp-di | 4.19.152-1 | armhf ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 05 Dec 2020 09:46:22 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: linux-headers-4.19.0-10-686 | 4.19.132-1 | i386 linux-headers-4.19.0-10-686-pae | 4.19.132-1 | i386 linux-headers-4.19.0-10-all-i386 | 4.19.132-1 | i386 linux-headers-4.19.0-10-rt-686-pae | 4.19.132-1 | i386 linux-headers-4.19.0-12-686 | 4.19.152-1 | i386 linux-headers-4.19.0-12-686-pae | 4.19.152-1 | i386 linux-headers-4.19.0-12-all-i386 | 4.19.152-1 | i386 linux-headers-4.19.0-12-rt-686-pae | 4.19.152-1 | i386 linux-image-4.19.0-10-686-dbg | 4.19.132-1 | i386 linux-image-4.19.0-10-686-pae-dbg | 4.19.132-1 | i386 linux-image-4.19.0-10-686-pae-unsigned | 4.19.132-1 | i386 linux-image-4.19.0-10-686-unsigned | 4.19.132-1 | i386 linux-image-4.19.0-10-rt-686-pae-dbg | 4.19.132-1 | i386 linux-image-4.19.0-10-rt-686-pae-unsigned | 4.19.132-1 | i386 linux-image-4.19.0-12-686-dbg | 4.19.152-1 | i386 linux-image-4.19.0-12-686-pae-dbg | 4.19.152-1 | i386 linux-image-4.19.0-12-686-pae-unsigned | 4.19.152-1 | i386 linux-image-4.19.0-12-686-unsigned | 4.19.152-1 | i386 linux-image-4.19.0-12-rt-686-pae-dbg | 4.19.152-1 | i386 linux-image-4.19.0-12-rt-686-pae-unsigned | 4.19.152-1 | i386 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 05 Dec 2020 09:46:41 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: linux-headers-4.19.0-10-all-mips | 4.19.132-1 | mips linux-headers-4.19.0-12-all-mips | 4.19.152-1 | mips ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 05 Dec 2020 09:47:20 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: affs-modules-4.19.0-10-octeon-di | 4.19.132-1 | mips, mips64el, mipsel affs-modules-4.19.0-12-octeon-di | 4.19.152-1 | mips, mips64el, mipsel btrfs-modules-4.19.0-10-octeon-di | 4.19.132-1 | mips, mips64el, mipsel btrfs-modules-4.19.0-12-octeon-di | 4.19.152-1 | mips, mips64el, mipsel cdrom-core-modules-4.19.0-10-octeon-di | 4.19.132-1 | mips, mips64el, mipsel cdrom-core-modules-4.19.0-12-octeon-di | 4.19.152-1 | mips, mips64el, mipsel compress-modules-4.19.0-10-octeon-di | 4.19.132-1 | mips, mips64el, mipsel compress-modules-4.19.0-12-octeon-di | 4.19.152-1 | mips, mips64el, mipsel crc-modules-4.19.0-10-octeon-di | 4.19.132-1 | mips, mips64el, mipsel crc-modules-4.19.0-12-octeon-di | 4.19.152-1 | mips, mips64el, mipsel crypto-dm-modules-4.19.0-10-octeon-di | 4.19.132-1 | mips, mips64el, mipsel crypto-dm-modules-4.19.0-12-octeon-di | 4.19.152-1 | mips, mips64el, mipsel crypto-modules-4.19.0-10-octeon-di | 4.19.132-1 | mips, mips64el, mipsel crypto-modules-4.19.0-12-octeon-di | 4.19.152-1 | mips, mips64el, mipsel event-modules-4.19.0-10-octeon-di | 4.19.132-1 | mips, mips64el, mipsel event-modules-4.19.0-12-octeon-di | 4.19.152-1 | mips, mips64el, mipsel ext4-modules-4.19.0-10-octeon-di | 4.19.132-1 | mips, mips64el, mipsel ext4-modules-4.19.0-12-octeon-di | 4.19.152-1 | mips, mips64el, mipsel fat-modules-4.19.0-10-octeon-di | 4.19.132-1 | mips, mips64el, mipsel fat-modules-4.19.0-12-octeon-di | 4.19.152-1 | mips, mips64el, mipsel fuse-modules-4.19.0-10-octeon-di | 4.19.132-1 | mips, mips64el, mipsel fuse-modules-4.19.0-12-octeon-di | 4.19.152-1 | mips, mips64el, mipsel hfs-modules-4.19.0-10-octeon-di | 4.19.132-1 | mips, mips64el, mipsel hfs-modules-4.19.0-12-octeon-di | 4.19.152-1 | mips, mips64el, mipsel input-modules-4.19.0-10-octeon-di | 4.19.132-1 | mips, mips64el, mipsel input-modules-4.19.0-12-octeon-di | 4.19.152-1 | mips, mips64el, mipsel isofs-modules-4.19.0-10-octeon-di | 4.19.132-1 | mips, mips64el, mipsel isofs-modules-4.19.0-12-octeon-di | 4.19.152-1 | mips, mips64el, mipsel jfs-modules-4.19.0-10-octeon-di | 4.19.132-1 | mips, mips64el, mipsel jfs-modules-4.19.0-12-octeon-di | 4.19.152-1 | mips, mips64el, mipsel kernel-image-4.19.0-10-octeon-di | 4.19.132-1 | mips, mips64el, mipsel kernel-image-4.19.0-12-octeon-di | 4.19.152-1 | mips, mips64el, mipsel linux-headers-4.19.0-10-5kc-malta | 4.19.132-1 | mips, mips64el, mipsel linux-headers-4.19.0-10-octeon | 4.19.132-1 | mips, mips64el, mipsel linux-headers-4.19.0-12-5kc-malta | 4.19.152-1 | mips, mips64el, mipsel linux-headers-4.19.0-12-octeon | 4.19.152-1 | mips, mips64el, mipsel linux-image-4.19.0-10-5kc-malta | 4.19.132-1 | mips, mips64el, mipsel linux-image-4.19.0-10-5kc-malta-dbg | 4.19.132-1 | mips, mips64el, mipsel linux-image-4.19.0-10-octeon | 4.19.132-1 | mips, mips64el, mipsel linux-image-4.19.0-10-octeon-dbg | 4.19.132-1 | mips, mips64el, mipsel linux-image-4.19.0-12-5kc-malta | 4.19.152-1 | mips, mips64el, mipsel linux-image-4.19.0-12-5kc-malta-dbg | 4.19.152-1 | mips, mips64el, mipsel linux-image-4.19.0-12-octeon | 4.19.152-1 | mips, mips64el, mipsel linux-image-4.19.0-12-octeon-dbg | 4.19.152-1 | mips, mips64el, mipsel loop-modules-4.19.0-10-octeon-di | 4.19.132-1 | mips, mips64el, mipsel loop-modules-4.19.0-12-octeon-di | 4.19.152-1 | mips, mips64el, mipsel md-modules-4.19.0-10-octeon-di | 4.19.132-1 | mips, mips64el, mipsel md-modules-4.19.0-12-octeon-di | 4.19.152-1 | mips, mips64el, mipsel minix-modules-4.19.0-10-octeon-di | 4.19.132-1 | mips, mips64el, mipsel minix-modules-4.19.0-12-octeon-di | 4.19.152-1 | mips, mips64el, mipsel multipath-modules-4.19.0-10-octeon-di | 4.19.132-1 | mips, mips64el, mipsel multipath-modules-4.19.0-12-octeon-di | 4.19.152-1 | mips, mips64el, mipsel nbd-modules-4.19.0-10-octeon-di | 4.19.132-1 | mips, mips64el, mipsel nbd-modules-4.19.0-12-octeon-di | 4.19.152-1 | mips, mips64el, mipsel nic-modules-4.19.0-10-octeon-di | 4.19.132-1 | mips, mips64el, mipsel nic-modules-4.19.0-12-octeon-di | 4.19.152-1 | mips, mips64el, mipsel nic-shared-modules-4.19.0-10-octeon-di | 4.19.132-1 | mips, mips64el, mipsel nic-shared-modules-4.19.0-12-octeon-di | 4.19.152-1 | mips, mips64el, mipsel nic-usb-modules-4.19.0-10-octeon-di | 4.19.132-1 | mips, mips64el, mipsel nic-usb-modules-4.19.0-12-octeon-di | 4.19.152-1 | mips, mips64el, mipsel nic-wireless-modules-4.19.0-10-octeon-di | 4.19.132-1 | mips, mips64el, mipsel nic-wireless-modules-4.19.0-12-octeon-di | 4.19.152-1 | mips, mips64el, mipsel pata-modules-4.19.0-10-octeon-di | 4.19.132-1 | mips, mips64el, mipsel pata-modules-4.19.0-12-octeon-di | 4.19.152-1 | mips, mips64el, mipsel ppp-modules-4.19.0-10-octeon-di | 4.19.132-1 | mips, mips64el, mipsel ppp-modules-4.19.0-12-octeon-di | 4.19.152-1 | mips, mips64el, mipsel rtc-modules-4.19.0-10-octeon-di | 4.19.132-1 | mips, mips64el, mipsel rtc-modules-4.19.0-12-octeon-di | 4.19.152-1 | mips, mips64el, mipsel sata-modules-4.19.0-10-octeon-di | 4.19.132-1 | mips, mips64el, mipsel sata-modules-4.19.0-12-octeon-di | 4.19.152-1 | mips, mips64el, mipsel scsi-core-modules-4.19.0-10-octeon-di | 4.19.132-1 | mips, mips64el, mipsel scsi-core-modules-4.19.0-12-octeon-di | 4.19.152-1 | mips, mips64el, mipsel scsi-modules-4.19.0-10-octeon-di | 4.19.132-1 | mips, mips64el, mipsel scsi-modules-4.19.0-12-octeon-di | 4.19.152-1 | mips, mips64el, mipsel scsi-nic-modules-4.19.0-10-octeon-di | 4.19.132-1 | mips, mips64el, mipsel scsi-nic-modules-4.19.0-12-octeon-di | 4.19.152-1 | mips, mips64el, mipsel sound-modules-4.19.0-10-octeon-di | 4.19.132-1 | mips, mips64el, mipsel sound-modules-4.19.0-12-octeon-di | 4.19.152-1 | mips, mips64el, mipsel squashfs-modules-4.19.0-10-octeon-di | 4.19.132-1 | mips, mips64el, mipsel squashfs-modules-4.19.0-12-octeon-di | 4.19.152-1 | mips, mips64el, mipsel udf-modules-4.19.0-10-octeon-di | 4.19.132-1 | mips, mips64el, mipsel udf-modules-4.19.0-12-octeon-di | 4.19.152-1 | mips, mips64el, mipsel usb-modules-4.19.0-10-octeon-di | 4.19.132-1 | mips, mips64el, mipsel usb-modules-4.19.0-12-octeon-di | 4.19.152-1 | mips, mips64el, mipsel usb-serial-modules-4.19.0-10-octeon-di | 4.19.132-1 | mips, mips64el, mipsel usb-serial-modules-4.19.0-12-octeon-di | 4.19.152-1 | mips, mips64el, mipsel usb-storage-modules-4.19.0-10-octeon-di | 4.19.132-1 | mips, mips64el, mipsel usb-storage-modules-4.19.0-12-octeon-di | 4.19.152-1 | mips, mips64el, mipsel xfs-modules-4.19.0-10-octeon-di | 4.19.132-1 | mips, mips64el, mipsel xfs-modules-4.19.0-12-octeon-di | 4.19.152-1 | mips, mips64el, mipsel zlib-modules-4.19.0-10-octeon-di | 4.19.132-1 | mips, mips64el, mipsel zlib-modules-4.19.0-12-octeon-di | 4.19.152-1 | mips, mips64el, mipsel ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 05 Dec 2020 09:47:47 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: affs-modules-4.19.0-10-4kc-malta-di | 4.19.132-1 | mips, mipsel affs-modules-4.19.0-12-4kc-malta-di | 4.19.152-1 | mips, mipsel ata-modules-4.19.0-10-4kc-malta-di | 4.19.132-1 | mips, mipsel ata-modules-4.19.0-12-4kc-malta-di | 4.19.152-1 | mips, mipsel btrfs-modules-4.19.0-10-4kc-malta-di | 4.19.132-1 | mips, mipsel btrfs-modules-4.19.0-12-4kc-malta-di | 4.19.152-1 | mips, mipsel cdrom-core-modules-4.19.0-10-4kc-malta-di | 4.19.132-1 | mips, mipsel cdrom-core-modules-4.19.0-12-4kc-malta-di | 4.19.152-1 | mips, mipsel compress-modules-4.19.0-10-4kc-malta-di | 4.19.132-1 | mips, mipsel compress-modules-4.19.0-12-4kc-malta-di | 4.19.152-1 | mips, mipsel crc-modules-4.19.0-10-4kc-malta-di | 4.19.132-1 | mips, mipsel crc-modules-4.19.0-12-4kc-malta-di | 4.19.152-1 | mips, mipsel crypto-dm-modules-4.19.0-10-4kc-malta-di | 4.19.132-1 | mips, mipsel crypto-dm-modules-4.19.0-12-4kc-malta-di | 4.19.152-1 | mips, mipsel crypto-modules-4.19.0-10-4kc-malta-di | 4.19.132-1 | mips, mipsel crypto-modules-4.19.0-12-4kc-malta-di | 4.19.152-1 | mips, mipsel event-modules-4.19.0-10-4kc-malta-di | 4.19.132-1 | mips, mipsel event-modules-4.19.0-12-4kc-malta-di | 4.19.152-1 | mips, mipsel ext4-modules-4.19.0-10-4kc-malta-di | 4.19.132-1 | mips, mipsel ext4-modules-4.19.0-12-4kc-malta-di | 4.19.152-1 | mips, mipsel fat-modules-4.19.0-10-4kc-malta-di | 4.19.132-1 | mips, mipsel fat-modules-4.19.0-12-4kc-malta-di | 4.19.152-1 | mips, mipsel fb-modules-4.19.0-10-4kc-malta-di | 4.19.132-1 | mips, mipsel fb-modules-4.19.0-12-4kc-malta-di | 4.19.152-1 | mips, mipsel fuse-modules-4.19.0-10-4kc-malta-di | 4.19.132-1 | mips, mipsel fuse-modules-4.19.0-12-4kc-malta-di | 4.19.152-1 | mips, mipsel hfs-modules-4.19.0-10-4kc-malta-di | 4.19.132-1 | mips, mipsel hfs-modules-4.19.0-12-4kc-malta-di | 4.19.152-1 | mips, mipsel i2c-modules-4.19.0-10-4kc-malta-di | 4.19.132-1 | mips, mipsel i2c-modules-4.19.0-12-4kc-malta-di | 4.19.152-1 | mips, mipsel input-modules-4.19.0-10-4kc-malta-di | 4.19.132-1 | mips, mipsel input-modules-4.19.0-12-4kc-malta-di | 4.19.152-1 | mips, mipsel isofs-modules-4.19.0-10-4kc-malta-di | 4.19.132-1 | mips, mipsel isofs-modules-4.19.0-12-4kc-malta-di | 4.19.152-1 | mips, mipsel jfs-modules-4.19.0-10-4kc-malta-di | 4.19.132-1 | mips, mipsel jfs-modules-4.19.0-12-4kc-malta-di | 4.19.152-1 | mips, mipsel kernel-image-4.19.0-10-4kc-malta-di | 4.19.132-1 | mips, mipsel kernel-image-4.19.0-12-4kc-malta-di | 4.19.152-1 | mips, mipsel linux-headers-4.19.0-10-4kc-malta | 4.19.132-1 | mips, mipsel linux-headers-4.19.0-12-4kc-malta | 4.19.152-1 | mips, mipsel linux-image-4.19.0-10-4kc-malta | 4.19.132-1 | mips, mipsel linux-image-4.19.0-10-4kc-malta-dbg | 4.19.132-1 | mips, mipsel linux-image-4.19.0-12-4kc-malta | 4.19.152-1 | mips, mipsel linux-image-4.19.0-12-4kc-malta-dbg | 4.19.152-1 | mips, mipsel loop-modules-4.19.0-10-4kc-malta-di | 4.19.132-1 | mips, mipsel loop-modules-4.19.0-12-4kc-malta-di | 4.19.152-1 | mips, mipsel md-modules-4.19.0-10-4kc-malta-di | 4.19.132-1 | mips, mipsel md-modules-4.19.0-12-4kc-malta-di | 4.19.152-1 | mips, mipsel minix-modules-4.19.0-10-4kc-malta-di | 4.19.132-1 | mips, mipsel minix-modules-4.19.0-12-4kc-malta-di | 4.19.152-1 | mips, mipsel mmc-core-modules-4.19.0-10-4kc-malta-di | 4.19.132-1 | mips, mipsel mmc-core-modules-4.19.0-12-4kc-malta-di | 4.19.152-1 | mips, mipsel mmc-modules-4.19.0-10-4kc-malta-di | 4.19.132-1 | mips, mipsel mmc-modules-4.19.0-12-4kc-malta-di | 4.19.152-1 | mips, mipsel mouse-modules-4.19.0-10-4kc-malta-di | 4.19.132-1 | mips, mipsel mouse-modules-4.19.0-12-4kc-malta-di | 4.19.152-1 | mips, mipsel mtd-core-modules-4.19.0-10-4kc-malta-di | 4.19.132-1 | mips, mipsel mtd-core-modules-4.19.0-12-4kc-malta-di | 4.19.152-1 | mips, mipsel multipath-modules-4.19.0-10-4kc-malta-di | 4.19.132-1 | mips, mipsel multipath-modules-4.19.0-12-4kc-malta-di | 4.19.152-1 | mips, mipsel nbd-modules-4.19.0-10-4kc-malta-di | 4.19.132-1 | mips, mipsel nbd-modules-4.19.0-12-4kc-malta-di | 4.19.152-1 | mips, mipsel nic-modules-4.19.0-10-4kc-malta-di | 4.19.132-1 | mips, mipsel nic-modules-4.19.0-12-4kc-malta-di | 4.19.152-1 | mips, mipsel nic-shared-modules-4.19.0-10-4kc-malta-di | 4.19.132-1 | mips, mipsel nic-shared-modules-4.19.0-12-4kc-malta-di | 4.19.152-1 | mips, mipsel nic-usb-modules-4.19.0-10-4kc-malta-di | 4.19.132-1 | mips, mipsel nic-usb-modules-4.19.0-12-4kc-malta-di | 4.19.152-1 | mips, mipsel nic-wireless-modules-4.19.0-10-4kc-malta-di | 4.19.132-1 | mips, mipsel nic-wireless-modules-4.19.0-12-4kc-malta-di | 4.19.152-1 | mips, mipsel pata-modules-4.19.0-10-4kc-malta-di | 4.19.132-1 | mips, mipsel pata-modules-4.19.0-12-4kc-malta-di | 4.19.152-1 | mips, mipsel ppp-modules-4.19.0-10-4kc-malta-di | 4.19.132-1 | mips, mipsel ppp-modules-4.19.0-12-4kc-malta-di | 4.19.152-1 | mips, mipsel sata-modules-4.19.0-10-4kc-malta-di | 4.19.132-1 | mips, mipsel sata-modules-4.19.0-12-4kc-malta-di | 4.19.152-1 | mips, mipsel scsi-core-modules-4.19.0-10-4kc-malta-di | 4.19.132-1 | mips, mipsel scsi-core-modules-4.19.0-12-4kc-malta-di | 4.19.152-1 | mips, mipsel scsi-modules-4.19.0-10-4kc-malta-di | 4.19.132-1 | mips, mipsel scsi-modules-4.19.0-12-4kc-malta-di | 4.19.152-1 | mips, mipsel scsi-nic-modules-4.19.0-10-4kc-malta-di | 4.19.132-1 | mips, mipsel scsi-nic-modules-4.19.0-12-4kc-malta-di | 4.19.152-1 | mips, mipsel sound-modules-4.19.0-10-4kc-malta-di | 4.19.132-1 | mips, mipsel sound-modules-4.19.0-12-4kc-malta-di | 4.19.152-1 | mips, mipsel squashfs-modules-4.19.0-10-4kc-malta-di | 4.19.132-1 | mips, mipsel squashfs-modules-4.19.0-12-4kc-malta-di | 4.19.152-1 | mips, mipsel udf-modules-4.19.0-10-4kc-malta-di | 4.19.132-1 | mips, mipsel udf-modules-4.19.0-12-4kc-malta-di | 4.19.152-1 | mips, mipsel usb-modules-4.19.0-10-4kc-malta-di | 4.19.132-1 | mips, mipsel usb-modules-4.19.0-12-4kc-malta-di | 4.19.152-1 | mips, mipsel usb-serial-modules-4.19.0-10-4kc-malta-di | 4.19.132-1 | mips, mipsel usb-serial-modules-4.19.0-12-4kc-malta-di | 4.19.152-1 | mips, mipsel usb-storage-modules-4.19.0-10-4kc-malta-di | 4.19.132-1 | mips, mipsel usb-storage-modules-4.19.0-12-4kc-malta-di | 4.19.152-1 | mips, mipsel xfs-modules-4.19.0-10-4kc-malta-di | 4.19.132-1 | mips, mipsel xfs-modules-4.19.0-12-4kc-malta-di | 4.19.152-1 | mips, mipsel zlib-modules-4.19.0-10-4kc-malta-di | 4.19.132-1 | mips, mipsel zlib-modules-4.19.0-12-4kc-malta-di | 4.19.152-1 | mips, mipsel ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 05 Dec 2020 09:48:23 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: affs-modules-4.19.0-10-5kc-malta-di | 4.19.132-1 | mips64el affs-modules-4.19.0-12-5kc-malta-di | 4.19.152-1 | mips64el ata-modules-4.19.0-10-5kc-malta-di | 4.19.132-1 | mips64el ata-modules-4.19.0-12-5kc-malta-di | 4.19.152-1 | mips64el btrfs-modules-4.19.0-10-5kc-malta-di | 4.19.132-1 | mips64el btrfs-modules-4.19.0-12-5kc-malta-di | 4.19.152-1 | mips64el cdrom-core-modules-4.19.0-10-5kc-malta-di | 4.19.132-1 | mips64el cdrom-core-modules-4.19.0-12-5kc-malta-di | 4.19.152-1 | mips64el compress-modules-4.19.0-10-5kc-malta-di | 4.19.132-1 | mips64el compress-modules-4.19.0-12-5kc-malta-di | 4.19.152-1 | mips64el crc-modules-4.19.0-10-5kc-malta-di | 4.19.132-1 | mips64el crc-modules-4.19.0-12-5kc-malta-di | 4.19.152-1 | mips64el crypto-dm-modules-4.19.0-10-5kc-malta-di | 4.19.132-1 | mips64el crypto-dm-modules-4.19.0-12-5kc-malta-di | 4.19.152-1 | mips64el crypto-modules-4.19.0-10-5kc-malta-di | 4.19.132-1 | mips64el crypto-modules-4.19.0-12-5kc-malta-di | 4.19.152-1 | mips64el event-modules-4.19.0-10-5kc-malta-di | 4.19.132-1 | mips64el event-modules-4.19.0-12-5kc-malta-di | 4.19.152-1 | mips64el ext4-modules-4.19.0-10-5kc-malta-di | 4.19.132-1 | mips64el ext4-modules-4.19.0-12-5kc-malta-di | 4.19.152-1 | mips64el fat-modules-4.19.0-10-5kc-malta-di | 4.19.132-1 | mips64el fat-modules-4.19.0-12-5kc-malta-di | 4.19.152-1 | mips64el fb-modules-4.19.0-10-5kc-malta-di | 4.19.132-1 | mips64el fb-modules-4.19.0-12-5kc-malta-di | 4.19.152-1 | mips64el fuse-modules-4.19.0-10-5kc-malta-di | 4.19.132-1 | mips64el fuse-modules-4.19.0-12-5kc-malta-di | 4.19.152-1 | mips64el hfs-modules-4.19.0-10-5kc-malta-di | 4.19.132-1 | mips64el hfs-modules-4.19.0-12-5kc-malta-di | 4.19.152-1 | mips64el i2c-modules-4.19.0-10-5kc-malta-di | 4.19.132-1 | mips64el i2c-modules-4.19.0-12-5kc-malta-di | 4.19.152-1 | mips64el input-modules-4.19.0-10-5kc-malta-di | 4.19.132-1 | mips64el input-modules-4.19.0-12-5kc-malta-di | 4.19.152-1 | mips64el isofs-modules-4.19.0-10-5kc-malta-di | 4.19.132-1 | mips64el isofs-modules-4.19.0-12-5kc-malta-di | 4.19.152-1 | mips64el jfs-modules-4.19.0-10-5kc-malta-di | 4.19.132-1 | mips64el jfs-modules-4.19.0-12-5kc-malta-di | 4.19.152-1 | mips64el kernel-image-4.19.0-10-5kc-malta-di | 4.19.132-1 | mips64el kernel-image-4.19.0-12-5kc-malta-di | 4.19.152-1 | mips64el linux-headers-4.19.0-10-all-mips64el | 4.19.132-1 | mips64el linux-headers-4.19.0-12-all-mips64el | 4.19.152-1 | mips64el loop-modules-4.19.0-10-5kc-malta-di | 4.19.132-1 | mips64el loop-modules-4.19.0-12-5kc-malta-di | 4.19.152-1 | mips64el md-modules-4.19.0-10-5kc-malta-di | 4.19.132-1 | mips64el md-modules-4.19.0-12-5kc-malta-di | 4.19.152-1 | mips64el minix-modules-4.19.0-10-5kc-malta-di | 4.19.132-1 | mips64el minix-modules-4.19.0-12-5kc-malta-di | 4.19.152-1 | mips64el mmc-core-modules-4.19.0-10-5kc-malta-di | 4.19.132-1 | mips64el mmc-core-modules-4.19.0-12-5kc-malta-di | 4.19.152-1 | mips64el mmc-modules-4.19.0-10-5kc-malta-di | 4.19.132-1 | mips64el mmc-modules-4.19.0-12-5kc-malta-di | 4.19.152-1 | mips64el mouse-modules-4.19.0-10-5kc-malta-di | 4.19.132-1 | mips64el mouse-modules-4.19.0-12-5kc-malta-di | 4.19.152-1 | mips64el mtd-core-modules-4.19.0-10-5kc-malta-di | 4.19.132-1 | mips64el mtd-core-modules-4.19.0-12-5kc-malta-di | 4.19.152-1 | mips64el multipath-modules-4.19.0-10-5kc-malta-di | 4.19.132-1 | mips64el multipath-modules-4.19.0-12-5kc-malta-di | 4.19.152-1 | mips64el nbd-modules-4.19.0-10-5kc-malta-di | 4.19.132-1 | mips64el nbd-modules-4.19.0-12-5kc-malta-di | 4.19.152-1 | mips64el nic-modules-4.19.0-10-5kc-malta-di | 4.19.132-1 | mips64el nic-modules-4.19.0-12-5kc-malta-di | 4.19.152-1 | mips64el nic-shared-modules-4.19.0-10-5kc-malta-di | 4.19.132-1 | mips64el nic-shared-modules-4.19.0-12-5kc-malta-di | 4.19.152-1 | mips64el nic-usb-modules-4.19.0-10-5kc-malta-di | 4.19.132-1 | mips64el nic-usb-modules-4.19.0-12-5kc-malta-di | 4.19.152-1 | mips64el nic-wireless-modules-4.19.0-10-5kc-malta-di | 4.19.132-1 | mips64el nic-wireless-modules-4.19.0-12-5kc-malta-di | 4.19.152-1 | mips64el pata-modules-4.19.0-10-5kc-malta-di | 4.19.132-1 | mips64el pata-modules-4.19.0-12-5kc-malta-di | 4.19.152-1 | mips64el ppp-modules-4.19.0-10-5kc-malta-di | 4.19.132-1 | mips64el ppp-modules-4.19.0-12-5kc-malta-di | 4.19.152-1 | mips64el sata-modules-4.19.0-10-5kc-malta-di | 4.19.132-1 | mips64el sata-modules-4.19.0-12-5kc-malta-di | 4.19.152-1 | mips64el scsi-core-modules-4.19.0-10-5kc-malta-di | 4.19.132-1 | mips64el scsi-core-modules-4.19.0-12-5kc-malta-di | 4.19.152-1 | mips64el scsi-modules-4.19.0-10-5kc-malta-di | 4.19.132-1 | mips64el scsi-modules-4.19.0-12-5kc-malta-di | 4.19.152-1 | mips64el scsi-nic-modules-4.19.0-10-5kc-malta-di | 4.19.132-1 | mips64el scsi-nic-modules-4.19.0-12-5kc-malta-di | 4.19.152-1 | mips64el sound-modules-4.19.0-10-5kc-malta-di | 4.19.132-1 | mips64el sound-modules-4.19.0-12-5kc-malta-di | 4.19.152-1 | mips64el squashfs-modules-4.19.0-10-5kc-malta-di | 4.19.132-1 | mips64el squashfs-modules-4.19.0-12-5kc-malta-di | 4.19.152-1 | mips64el udf-modules-4.19.0-10-5kc-malta-di | 4.19.132-1 | mips64el udf-modules-4.19.0-12-5kc-malta-di | 4.19.152-1 | mips64el usb-modules-4.19.0-10-5kc-malta-di | 4.19.132-1 | mips64el usb-modules-4.19.0-12-5kc-malta-di | 4.19.152-1 | mips64el usb-serial-modules-4.19.0-10-5kc-malta-di | 4.19.132-1 | mips64el usb-serial-modules-4.19.0-12-5kc-malta-di | 4.19.152-1 | mips64el usb-storage-modules-4.19.0-10-5kc-malta-di | 4.19.132-1 | mips64el usb-storage-modules-4.19.0-12-5kc-malta-di | 4.19.152-1 | mips64el xfs-modules-4.19.0-10-5kc-malta-di | 4.19.132-1 | mips64el xfs-modules-4.19.0-12-5kc-malta-di | 4.19.152-1 | mips64el zlib-modules-4.19.0-10-5kc-malta-di | 4.19.132-1 | mips64el zlib-modules-4.19.0-12-5kc-malta-di | 4.19.152-1 | mips64el ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 05 Dec 2020 09:48:54 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: affs-modules-4.19.0-10-loongson-3-di | 4.19.132-1 | mips64el, mipsel affs-modules-4.19.0-12-loongson-3-di | 4.19.152-1 | mips64el, mipsel ata-modules-4.19.0-10-loongson-3-di | 4.19.132-1 | mips64el, mipsel ata-modules-4.19.0-12-loongson-3-di | 4.19.152-1 | mips64el, mipsel btrfs-modules-4.19.0-10-loongson-3-di | 4.19.132-1 | mips64el, mipsel btrfs-modules-4.19.0-12-loongson-3-di | 4.19.152-1 | mips64el, mipsel cdrom-core-modules-4.19.0-10-loongson-3-di | 4.19.132-1 | mips64el, mipsel cdrom-core-modules-4.19.0-12-loongson-3-di | 4.19.152-1 | mips64el, mipsel compress-modules-4.19.0-10-loongson-3-di | 4.19.132-1 | mips64el, mipsel compress-modules-4.19.0-12-loongson-3-di | 4.19.152-1 | mips64el, mipsel crc-modules-4.19.0-10-loongson-3-di | 4.19.132-1 | mips64el, mipsel crc-modules-4.19.0-12-loongson-3-di | 4.19.152-1 | mips64el, mipsel crypto-dm-modules-4.19.0-10-loongson-3-di | 4.19.132-1 | mips64el, mipsel crypto-dm-modules-4.19.0-12-loongson-3-di | 4.19.152-1 | mips64el, mipsel crypto-modules-4.19.0-10-loongson-3-di | 4.19.132-1 | mips64el, mipsel crypto-modules-4.19.0-12-loongson-3-di | 4.19.152-1 | mips64el, mipsel event-modules-4.19.0-10-loongson-3-di | 4.19.132-1 | mips64el, mipsel event-modules-4.19.0-12-loongson-3-di | 4.19.152-1 | mips64el, mipsel ext4-modules-4.19.0-10-loongson-3-di | 4.19.132-1 | mips64el, mipsel ext4-modules-4.19.0-12-loongson-3-di | 4.19.152-1 | mips64el, mipsel fat-modules-4.19.0-10-loongson-3-di | 4.19.132-1 | mips64el, mipsel fat-modules-4.19.0-12-loongson-3-di | 4.19.152-1 | mips64el, mipsel fb-modules-4.19.0-10-loongson-3-di | 4.19.132-1 | mips64el, mipsel fb-modules-4.19.0-12-loongson-3-di | 4.19.152-1 | mips64el, mipsel firewire-core-modules-4.19.0-10-loongson-3-di | 4.19.132-1 | mips64el, mipsel firewire-core-modules-4.19.0-12-loongson-3-di | 4.19.152-1 | mips64el, mipsel fuse-modules-4.19.0-10-loongson-3-di | 4.19.132-1 | mips64el, mipsel fuse-modules-4.19.0-12-loongson-3-di | 4.19.152-1 | mips64el, mipsel hfs-modules-4.19.0-10-loongson-3-di | 4.19.132-1 | mips64el, mipsel hfs-modules-4.19.0-12-loongson-3-di | 4.19.152-1 | mips64el, mipsel input-modules-4.19.0-10-loongson-3-di | 4.19.132-1 | mips64el, mipsel input-modules-4.19.0-12-loongson-3-di | 4.19.152-1 | mips64el, mipsel isofs-modules-4.19.0-10-loongson-3-di | 4.19.132-1 | mips64el, mipsel isofs-modules-4.19.0-12-loongson-3-di | 4.19.152-1 | mips64el, mipsel jfs-modules-4.19.0-10-loongson-3-di | 4.19.132-1 | mips64el, mipsel jfs-modules-4.19.0-12-loongson-3-di | 4.19.152-1 | mips64el, mipsel kernel-image-4.19.0-10-loongson-3-di | 4.19.132-1 | mips64el, mipsel kernel-image-4.19.0-12-loongson-3-di | 4.19.152-1 | mips64el, mipsel linux-headers-4.19.0-10-loongson-3 | 4.19.132-1 | mips64el, mipsel linux-headers-4.19.0-12-loongson-3 | 4.19.152-1 | mips64el, mipsel linux-image-4.19.0-10-loongson-3 | 4.19.132-1 | mips64el, mipsel linux-image-4.19.0-10-loongson-3-dbg | 4.19.132-1 | mips64el, mipsel linux-image-4.19.0-12-loongson-3 | 4.19.152-1 | mips64el, mipsel linux-image-4.19.0-12-loongson-3-dbg | 4.19.152-1 | mips64el, mipsel loop-modules-4.19.0-10-loongson-3-di | 4.19.132-1 | mips64el, mipsel loop-modules-4.19.0-12-loongson-3-di | 4.19.152-1 | mips64el, mipsel md-modules-4.19.0-10-loongson-3-di | 4.19.132-1 | mips64el, mipsel md-modules-4.19.0-12-loongson-3-di | 4.19.152-1 | mips64el, mipsel minix-modules-4.19.0-10-loongson-3-di | 4.19.132-1 | mips64el, mipsel minix-modules-4.19.0-12-loongson-3-di | 4.19.152-1 | mips64el, mipsel mtd-core-modules-4.19.0-10-loongson-3-di | 4.19.132-1 | mips64el, mipsel mtd-core-modules-4.19.0-12-loongson-3-di | 4.19.152-1 | mips64el, mipsel multipath-modules-4.19.0-10-loongson-3-di | 4.19.132-1 | mips64el, mipsel multipath-modules-4.19.0-12-loongson-3-di | 4.19.152-1 | mips64el, mipsel nbd-modules-4.19.0-10-loongson-3-di | 4.19.132-1 | mips64el, mipsel nbd-modules-4.19.0-12-loongson-3-di | 4.19.152-1 | mips64el, mipsel nfs-modules-4.19.0-10-loongson-3-di | 4.19.132-1 | mips64el, mipsel nfs-modules-4.19.0-12-loongson-3-di | 4.19.152-1 | mips64el, mipsel nic-modules-4.19.0-10-loongson-3-di | 4.19.132-1 | mips64el, mipsel nic-modules-4.19.0-12-loongson-3-di | 4.19.152-1 | mips64el, mipsel nic-shared-modules-4.19.0-10-loongson-3-di | 4.19.132-1 | mips64el, mipsel nic-shared-modules-4.19.0-12-loongson-3-di | 4.19.152-1 | mips64el, mipsel nic-usb-modules-4.19.0-10-loongson-3-di | 4.19.132-1 | mips64el, mipsel nic-usb-modules-4.19.0-12-loongson-3-di | 4.19.152-1 | mips64el, mipsel nic-wireless-modules-4.19.0-10-loongson-3-di | 4.19.132-1 | mips64el, mipsel nic-wireless-modules-4.19.0-12-loongson-3-di | 4.19.152-1 | mips64el, mipsel pata-modules-4.19.0-10-loongson-3-di | 4.19.132-1 | mips64el, mipsel pata-modules-4.19.0-12-loongson-3-di | 4.19.152-1 | mips64el, mipsel ppp-modules-4.19.0-10-loongson-3-di | 4.19.132-1 | mips64el, mipsel ppp-modules-4.19.0-12-loongson-3-di | 4.19.152-1 | mips64el, mipsel sata-modules-4.19.0-10-loongson-3-di | 4.19.132-1 | mips64el, mipsel sata-modules-4.19.0-12-loongson-3-di | 4.19.152-1 | mips64el, mipsel scsi-core-modules-4.19.0-10-loongson-3-di | 4.19.132-1 | mips64el, mipsel scsi-core-modules-4.19.0-12-loongson-3-di | 4.19.152-1 | mips64el, mipsel scsi-modules-4.19.0-10-loongson-3-di | 4.19.132-1 | mips64el, mipsel scsi-modules-4.19.0-12-loongson-3-di | 4.19.152-1 | mips64el, mipsel scsi-nic-modules-4.19.0-10-loongson-3-di | 4.19.132-1 | mips64el, mipsel scsi-nic-modules-4.19.0-12-loongson-3-di | 4.19.152-1 | mips64el, mipsel sound-modules-4.19.0-10-loongson-3-di | 4.19.132-1 | mips64el, mipsel sound-modules-4.19.0-12-loongson-3-di | 4.19.152-1 | mips64el, mipsel speakup-modules-4.19.0-10-loongson-3-di | 4.19.132-1 | mips64el, mipsel speakup-modules-4.19.0-12-loongson-3-di | 4.19.152-1 | mips64el, mipsel squashfs-modules-4.19.0-10-loongson-3-di | 4.19.132-1 | mips64el, mipsel squashfs-modules-4.19.0-12-loongson-3-di | 4.19.152-1 | mips64el, mipsel udf-modules-4.19.0-10-loongson-3-di | 4.19.132-1 | mips64el, mipsel udf-modules-4.19.0-12-loongson-3-di | 4.19.152-1 | mips64el, mipsel usb-modules-4.19.0-10-loongson-3-di | 4.19.132-1 | mips64el, mipsel usb-modules-4.19.0-12-loongson-3-di | 4.19.152-1 | mips64el, mipsel usb-serial-modules-4.19.0-10-loongson-3-di | 4.19.132-1 | mips64el, mipsel usb-serial-modules-4.19.0-12-loongson-3-di | 4.19.152-1 | mips64el, mipsel usb-storage-modules-4.19.0-10-loongson-3-di | 4.19.132-1 | mips64el, mipsel usb-storage-modules-4.19.0-12-loongson-3-di | 4.19.152-1 | mips64el, mipsel xfs-modules-4.19.0-10-loongson-3-di | 4.19.132-1 | mips64el, mipsel xfs-modules-4.19.0-12-loongson-3-di | 4.19.152-1 | mips64el, mipsel zlib-modules-4.19.0-10-loongson-3-di | 4.19.132-1 | mips64el, mipsel zlib-modules-4.19.0-12-loongson-3-di | 4.19.152-1 | mips64el, mipsel ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 05 Dec 2020 09:49:32 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: acpi-modules-4.19.0-10-amd64-di | 4.19.132-1 | amd64 acpi-modules-4.19.0-12-amd64-di | 4.19.152-1 | amd64 ata-modules-4.19.0-10-amd64-di | 4.19.132-1 | amd64 ata-modules-4.19.0-12-amd64-di | 4.19.152-1 | amd64 btrfs-modules-4.19.0-10-amd64-di | 4.19.132-1 | amd64 btrfs-modules-4.19.0-12-amd64-di | 4.19.152-1 | amd64 cdrom-core-modules-4.19.0-10-amd64-di | 4.19.132-1 | amd64 cdrom-core-modules-4.19.0-12-amd64-di | 4.19.152-1 | amd64 compress-modules-4.19.0-10-amd64-di | 4.19.132-1 | amd64 compress-modules-4.19.0-12-amd64-di | 4.19.152-1 | amd64 crc-modules-4.19.0-10-amd64-di | 4.19.132-1 | amd64 crc-modules-4.19.0-12-amd64-di | 4.19.152-1 | amd64 crypto-dm-modules-4.19.0-10-amd64-di | 4.19.132-1 | amd64 crypto-dm-modules-4.19.0-12-amd64-di | 4.19.152-1 | amd64 crypto-modules-4.19.0-10-amd64-di | 4.19.132-1 | amd64 crypto-modules-4.19.0-12-amd64-di | 4.19.152-1 | amd64 efi-modules-4.19.0-10-amd64-di | 4.19.132-1 | amd64 efi-modules-4.19.0-12-amd64-di | 4.19.152-1 | amd64 event-modules-4.19.0-10-amd64-di | 4.19.132-1 | amd64 event-modules-4.19.0-12-amd64-di | 4.19.152-1 | amd64 ext4-modules-4.19.0-10-amd64-di | 4.19.132-1 | amd64 ext4-modules-4.19.0-12-amd64-di | 4.19.152-1 | amd64 fat-modules-4.19.0-10-amd64-di | 4.19.132-1 | amd64 fat-modules-4.19.0-12-amd64-di | 4.19.152-1 | amd64 fb-modules-4.19.0-10-amd64-di | 4.19.132-1 | amd64 fb-modules-4.19.0-12-amd64-di | 4.19.152-1 | amd64 firewire-core-modules-4.19.0-10-amd64-di | 4.19.132-1 | amd64 firewire-core-modules-4.19.0-12-amd64-di | 4.19.152-1 | amd64 fuse-modules-4.19.0-10-amd64-di | 4.19.132-1 | amd64 fuse-modules-4.19.0-12-amd64-di | 4.19.152-1 | amd64 i2c-modules-4.19.0-10-amd64-di | 4.19.132-1 | amd64 i2c-modules-4.19.0-12-amd64-di | 4.19.152-1 | amd64 input-modules-4.19.0-10-amd64-di | 4.19.132-1 | amd64 input-modules-4.19.0-12-amd64-di | 4.19.152-1 | amd64 isofs-modules-4.19.0-10-amd64-di | 4.19.132-1 | amd64 isofs-modules-4.19.0-12-amd64-di | 4.19.152-1 | amd64 jfs-modules-4.19.0-10-amd64-di | 4.19.132-1 | amd64 jfs-modules-4.19.0-12-amd64-di | 4.19.152-1 | amd64 kernel-image-4.19.0-10-amd64-di | 4.19.132-1 | amd64 kernel-image-4.19.0-12-amd64-di | 4.19.152-1 | amd64 linux-image-4.19.0-10-amd64 | 4.19.132-1 | amd64 linux-image-4.19.0-10-cloud-amd64 | 4.19.132-1 | amd64 linux-image-4.19.0-10-rt-amd64 | 4.19.132-1 | amd64 linux-image-4.19.0-12-amd64 | 4.19.152-1 | amd64 linux-image-4.19.0-12-cloud-amd64 | 4.19.152-1 | amd64 linux-image-4.19.0-12-rt-amd64 | 4.19.152-1 | amd64 loop-modules-4.19.0-10-amd64-di | 4.19.132-1 | amd64 loop-modules-4.19.0-12-amd64-di | 4.19.152-1 | amd64 md-modules-4.19.0-10-amd64-di | 4.19.132-1 | amd64 md-modules-4.19.0-12-amd64-di | 4.19.152-1 | amd64 mmc-core-modules-4.19.0-10-amd64-di | 4.19.132-1 | amd64 mmc-core-modules-4.19.0-12-amd64-di | 4.19.152-1 | amd64 mmc-modules-4.19.0-10-amd64-di | 4.19.132-1 | amd64 mmc-modules-4.19.0-12-amd64-di | 4.19.152-1 | amd64 mouse-modules-4.19.0-10-amd64-di | 4.19.132-1 | amd64 mouse-modules-4.19.0-12-amd64-di | 4.19.152-1 | amd64 mtd-core-modules-4.19.0-10-amd64-di | 4.19.132-1 | amd64 mtd-core-modules-4.19.0-12-amd64-di | 4.19.152-1 | amd64 multipath-modules-4.19.0-10-amd64-di | 4.19.132-1 | amd64 multipath-modules-4.19.0-12-amd64-di | 4.19.152-1 | amd64 nbd-modules-4.19.0-10-amd64-di | 4.19.132-1 | amd64 nbd-modules-4.19.0-12-amd64-di | 4.19.152-1 | amd64 nic-modules-4.19.0-10-amd64-di | 4.19.132-1 | amd64 nic-modules-4.19.0-12-amd64-di | 4.19.152-1 | amd64 nic-pcmcia-modules-4.19.0-10-amd64-di | 4.19.132-1 | amd64 nic-pcmcia-modules-4.19.0-12-amd64-di | 4.19.152-1 | amd64 nic-shared-modules-4.19.0-10-amd64-di | 4.19.132-1 | amd64 nic-shared-modules-4.19.0-12-amd64-di | 4.19.152-1 | amd64 nic-usb-modules-4.19.0-10-amd64-di | 4.19.132-1 | amd64 nic-usb-modules-4.19.0-12-amd64-di | 4.19.152-1 | amd64 nic-wireless-modules-4.19.0-10-amd64-di | 4.19.132-1 | amd64 nic-wireless-modules-4.19.0-12-amd64-di | 4.19.152-1 | amd64 pata-modules-4.19.0-10-amd64-di | 4.19.132-1 | amd64 pata-modules-4.19.0-12-amd64-di | 4.19.152-1 | amd64 pcmcia-modules-4.19.0-10-amd64-di | 4.19.132-1 | amd64 pcmcia-modules-4.19.0-12-amd64-di | 4.19.152-1 | amd64 pcmcia-storage-modules-4.19.0-10-amd64-di | 4.19.132-1 | amd64 pcmcia-storage-modules-4.19.0-12-amd64-di | 4.19.152-1 | amd64 ppp-modules-4.19.0-10-amd64-di | 4.19.132-1 | amd64 ppp-modules-4.19.0-12-amd64-di | 4.19.152-1 | amd64 sata-modules-4.19.0-10-amd64-di | 4.19.132-1 | amd64 sata-modules-4.19.0-12-amd64-di | 4.19.152-1 | amd64 scsi-core-modules-4.19.0-10-amd64-di | 4.19.132-1 | amd64 scsi-core-modules-4.19.0-12-amd64-di | 4.19.152-1 | amd64 scsi-modules-4.19.0-10-amd64-di | 4.19.132-1 | amd64 scsi-modules-4.19.0-12-amd64-di | 4.19.152-1 | amd64 scsi-nic-modules-4.19.0-10-amd64-di | 4.19.132-1 | amd64 scsi-nic-modules-4.19.0-12-amd64-di | 4.19.152-1 | amd64 serial-modules-4.19.0-10-amd64-di | 4.19.132-1 | amd64 serial-modules-4.19.0-12-amd64-di | 4.19.152-1 | amd64 sound-modules-4.19.0-10-amd64-di | 4.19.132-1 | amd64 sound-modules-4.19.0-12-amd64-di | 4.19.152-1 | amd64 speakup-modules-4.19.0-10-amd64-di | 4.19.132-1 | amd64 speakup-modules-4.19.0-12-amd64-di | 4.19.152-1 | amd64 squashfs-modules-4.19.0-10-amd64-di | 4.19.132-1 | amd64 squashfs-modules-4.19.0-12-amd64-di | 4.19.152-1 | amd64 udf-modules-4.19.0-10-amd64-di | 4.19.132-1 | amd64 udf-modules-4.19.0-12-amd64-di | 4.19.152-1 | amd64 uinput-modules-4.19.0-10-amd64-di | 4.19.132-1 | amd64 uinput-modules-4.19.0-12-amd64-di | 4.19.152-1 | amd64 usb-modules-4.19.0-10-amd64-di | 4.19.132-1 | amd64 usb-modules-4.19.0-12-amd64-di | 4.19.152-1 | amd64 usb-serial-modules-4.19.0-10-amd64-di | 4.19.132-1 | amd64 usb-serial-modules-4.19.0-12-amd64-di | 4.19.152-1 | amd64 usb-storage-modules-4.19.0-10-amd64-di | 4.19.132-1 | amd64 usb-storage-modules-4.19.0-12-amd64-di | 4.19.152-1 | amd64 xfs-modules-4.19.0-10-amd64-di | 4.19.132-1 | amd64 xfs-modules-4.19.0-12-amd64-di | 4.19.152-1 | amd64 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux-signed-amd64) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 05 Dec 2020 09:50:19 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: ata-modules-4.19.0-10-arm64-di | 4.19.132-1 | arm64 ata-modules-4.19.0-12-arm64-di | 4.19.152-1 | arm64 btrfs-modules-4.19.0-10-arm64-di | 4.19.132-1 | arm64 btrfs-modules-4.19.0-12-arm64-di | 4.19.152-1 | arm64 cdrom-core-modules-4.19.0-10-arm64-di | 4.19.132-1 | arm64 cdrom-core-modules-4.19.0-12-arm64-di | 4.19.152-1 | arm64 compress-modules-4.19.0-10-arm64-di | 4.19.132-1 | arm64 compress-modules-4.19.0-12-arm64-di | 4.19.152-1 | arm64 crc-modules-4.19.0-10-arm64-di | 4.19.132-1 | arm64 crc-modules-4.19.0-12-arm64-di | 4.19.152-1 | arm64 crypto-dm-modules-4.19.0-10-arm64-di | 4.19.132-1 | arm64 crypto-dm-modules-4.19.0-12-arm64-di | 4.19.152-1 | arm64 crypto-modules-4.19.0-10-arm64-di | 4.19.132-1 | arm64 crypto-modules-4.19.0-12-arm64-di | 4.19.152-1 | arm64 efi-modules-4.19.0-10-arm64-di | 4.19.132-1 | arm64 efi-modules-4.19.0-12-arm64-di | 4.19.152-1 | arm64 event-modules-4.19.0-10-arm64-di | 4.19.132-1 | arm64 event-modules-4.19.0-12-arm64-di | 4.19.152-1 | arm64 ext4-modules-4.19.0-10-arm64-di | 4.19.132-1 | arm64 ext4-modules-4.19.0-12-arm64-di | 4.19.152-1 | arm64 fat-modules-4.19.0-10-arm64-di | 4.19.132-1 | arm64 fat-modules-4.19.0-12-arm64-di | 4.19.152-1 | arm64 fb-modules-4.19.0-10-arm64-di | 4.19.132-1 | arm64 fb-modules-4.19.0-12-arm64-di | 4.19.152-1 | arm64 fuse-modules-4.19.0-10-arm64-di | 4.19.132-1 | arm64 fuse-modules-4.19.0-12-arm64-di | 4.19.152-1 | arm64 i2c-modules-4.19.0-10-arm64-di | 4.19.132-1 | arm64 i2c-modules-4.19.0-12-arm64-di | 4.19.152-1 | arm64 input-modules-4.19.0-10-arm64-di | 4.19.132-1 | arm64 input-modules-4.19.0-12-arm64-di | 4.19.152-1 | arm64 isofs-modules-4.19.0-10-arm64-di | 4.19.132-1 | arm64 isofs-modules-4.19.0-12-arm64-di | 4.19.152-1 | arm64 jfs-modules-4.19.0-10-arm64-di | 4.19.132-1 | arm64 jfs-modules-4.19.0-12-arm64-di | 4.19.152-1 | arm64 kernel-image-4.19.0-10-arm64-di | 4.19.132-1 | arm64 kernel-image-4.19.0-12-arm64-di | 4.19.152-1 | arm64 leds-modules-4.19.0-10-arm64-di | 4.19.132-1 | arm64 leds-modules-4.19.0-12-arm64-di | 4.19.152-1 | arm64 linux-image-4.19.0-10-arm64 | 4.19.132-1 | arm64 linux-image-4.19.0-10-rt-arm64 | 4.19.132-1 | arm64 linux-image-4.19.0-12-arm64 | 4.19.152-1 | arm64 linux-image-4.19.0-12-rt-arm64 | 4.19.152-1 | arm64 loop-modules-4.19.0-10-arm64-di | 4.19.132-1 | arm64 loop-modules-4.19.0-12-arm64-di | 4.19.152-1 | arm64 md-modules-4.19.0-10-arm64-di | 4.19.132-1 | arm64 md-modules-4.19.0-12-arm64-di | 4.19.152-1 | arm64 mmc-modules-4.19.0-10-arm64-di | 4.19.132-1 | arm64 mmc-modules-4.19.0-12-arm64-di | 4.19.152-1 | arm64 mtd-core-modules-4.19.0-10-arm64-di | 4.19.132-1 | arm64 mtd-core-modules-4.19.0-12-arm64-di | 4.19.152-1 | arm64 multipath-modules-4.19.0-10-arm64-di | 4.19.132-1 | arm64 multipath-modules-4.19.0-12-arm64-di | 4.19.152-1 | arm64 nbd-modules-4.19.0-10-arm64-di | 4.19.132-1 | arm64 nbd-modules-4.19.0-12-arm64-di | 4.19.152-1 | arm64 nic-modules-4.19.0-10-arm64-di | 4.19.132-1 | arm64 nic-modules-4.19.0-12-arm64-di | 4.19.152-1 | arm64 nic-shared-modules-4.19.0-10-arm64-di | 4.19.132-1 | arm64 nic-shared-modules-4.19.0-12-arm64-di | 4.19.152-1 | arm64 nic-usb-modules-4.19.0-10-arm64-di | 4.19.132-1 | arm64 nic-usb-modules-4.19.0-12-arm64-di | 4.19.152-1 | arm64 nic-wireless-modules-4.19.0-10-arm64-di | 4.19.132-1 | arm64 nic-wireless-modules-4.19.0-12-arm64-di | 4.19.152-1 | arm64 ppp-modules-4.19.0-10-arm64-di | 4.19.132-1 | arm64 ppp-modules-4.19.0-12-arm64-di | 4.19.152-1 | arm64 sata-modules-4.19.0-10-arm64-di | 4.19.132-1 | arm64 sata-modules-4.19.0-12-arm64-di | 4.19.152-1 | arm64 scsi-core-modules-4.19.0-10-arm64-di | 4.19.132-1 | arm64 scsi-core-modules-4.19.0-12-arm64-di | 4.19.152-1 | arm64 scsi-modules-4.19.0-10-arm64-di | 4.19.132-1 | arm64 scsi-modules-4.19.0-12-arm64-di | 4.19.152-1 | arm64 scsi-nic-modules-4.19.0-10-arm64-di | 4.19.132-1 | arm64 scsi-nic-modules-4.19.0-12-arm64-di | 4.19.152-1 | arm64 squashfs-modules-4.19.0-10-arm64-di | 4.19.132-1 | arm64 squashfs-modules-4.19.0-12-arm64-di | 4.19.152-1 | arm64 udf-modules-4.19.0-10-arm64-di | 4.19.132-1 | arm64 udf-modules-4.19.0-12-arm64-di | 4.19.152-1 | arm64 uinput-modules-4.19.0-10-arm64-di | 4.19.132-1 | arm64 uinput-modules-4.19.0-12-arm64-di | 4.19.152-1 | arm64 usb-modules-4.19.0-10-arm64-di | 4.19.132-1 | arm64 usb-modules-4.19.0-12-arm64-di | 4.19.152-1 | arm64 usb-serial-modules-4.19.0-10-arm64-di | 4.19.132-1 | arm64 usb-serial-modules-4.19.0-12-arm64-di | 4.19.152-1 | arm64 usb-storage-modules-4.19.0-10-arm64-di | 4.19.132-1 | arm64 usb-storage-modules-4.19.0-12-arm64-di | 4.19.152-1 | arm64 xfs-modules-4.19.0-10-arm64-di | 4.19.132-1 | arm64 xfs-modules-4.19.0-12-arm64-di | 4.19.152-1 | arm64 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux-signed-arm64) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 05 Dec 2020 09:52:00 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: acpi-modules-4.19.0-10-686-di | 4.19.132-1 | i386 acpi-modules-4.19.0-10-686-pae-di | 4.19.132-1 | i386 acpi-modules-4.19.0-12-686-di | 4.19.152-1 | i386 acpi-modules-4.19.0-12-686-pae-di | 4.19.152-1 | i386 ata-modules-4.19.0-10-686-di | 4.19.132-1 | i386 ata-modules-4.19.0-10-686-pae-di | 4.19.132-1 | i386 ata-modules-4.19.0-12-686-di | 4.19.152-1 | i386 ata-modules-4.19.0-12-686-pae-di | 4.19.152-1 | i386 btrfs-modules-4.19.0-10-686-di | 4.19.132-1 | i386 btrfs-modules-4.19.0-10-686-pae-di | 4.19.132-1 | i386 btrfs-modules-4.19.0-12-686-di | 4.19.152-1 | i386 btrfs-modules-4.19.0-12-686-pae-di | 4.19.152-1 | i386 cdrom-core-modules-4.19.0-10-686-di | 4.19.132-1 | i386 cdrom-core-modules-4.19.0-10-686-pae-di | 4.19.132-1 | i386 cdrom-core-modules-4.19.0-12-686-di | 4.19.152-1 | i386 cdrom-core-modules-4.19.0-12-686-pae-di | 4.19.152-1 | i386 compress-modules-4.19.0-10-686-di | 4.19.132-1 | i386 compress-modules-4.19.0-10-686-pae-di | 4.19.132-1 | i386 compress-modules-4.19.0-12-686-di | 4.19.152-1 | i386 compress-modules-4.19.0-12-686-pae-di | 4.19.152-1 | i386 crc-modules-4.19.0-10-686-di | 4.19.132-1 | i386 crc-modules-4.19.0-10-686-pae-di | 4.19.132-1 | i386 crc-modules-4.19.0-12-686-di | 4.19.152-1 | i386 crc-modules-4.19.0-12-686-pae-di | 4.19.152-1 | i386 crypto-dm-modules-4.19.0-10-686-di | 4.19.132-1 | i386 crypto-dm-modules-4.19.0-10-686-pae-di | 4.19.132-1 | i386 crypto-dm-modules-4.19.0-12-686-di | 4.19.152-1 | i386 crypto-dm-modules-4.19.0-12-686-pae-di | 4.19.152-1 | i386 crypto-modules-4.19.0-10-686-di | 4.19.132-1 | i386 crypto-modules-4.19.0-10-686-pae-di | 4.19.132-1 | i386 crypto-modules-4.19.0-12-686-di | 4.19.152-1 | i386 crypto-modules-4.19.0-12-686-pae-di | 4.19.152-1 | i386 efi-modules-4.19.0-10-686-di | 4.19.132-1 | i386 efi-modules-4.19.0-10-686-pae-di | 4.19.132-1 | i386 efi-modules-4.19.0-12-686-di | 4.19.152-1 | i386 efi-modules-4.19.0-12-686-pae-di | 4.19.152-1 | i386 event-modules-4.19.0-10-686-di | 4.19.132-1 | i386 event-modules-4.19.0-10-686-pae-di | 4.19.132-1 | i386 event-modules-4.19.0-12-686-di | 4.19.152-1 | i386 event-modules-4.19.0-12-686-pae-di | 4.19.152-1 | i386 ext4-modules-4.19.0-10-686-di | 4.19.132-1 | i386 ext4-modules-4.19.0-10-686-pae-di | 4.19.132-1 | i386 ext4-modules-4.19.0-12-686-di | 4.19.152-1 | i386 ext4-modules-4.19.0-12-686-pae-di | 4.19.152-1 | i386 fat-modules-4.19.0-10-686-di | 4.19.132-1 | i386 fat-modules-4.19.0-10-686-pae-di | 4.19.132-1 | i386 fat-modules-4.19.0-12-686-di | 4.19.152-1 | i386 fat-modules-4.19.0-12-686-pae-di | 4.19.152-1 | i386 fb-modules-4.19.0-10-686-di | 4.19.132-1 | i386 fb-modules-4.19.0-10-686-pae-di | 4.19.132-1 | i386 fb-modules-4.19.0-12-686-di | 4.19.152-1 | i386 fb-modules-4.19.0-12-686-pae-di | 4.19.152-1 | i386 firewire-core-modules-4.19.0-10-686-di | 4.19.132-1 | i386 firewire-core-modules-4.19.0-10-686-pae-di | 4.19.132-1 | i386 firewire-core-modules-4.19.0-12-686-di | 4.19.152-1 | i386 firewire-core-modules-4.19.0-12-686-pae-di | 4.19.152-1 | i386 fuse-modules-4.19.0-10-686-di | 4.19.132-1 | i386 fuse-modules-4.19.0-10-686-pae-di | 4.19.132-1 | i386 fuse-modules-4.19.0-12-686-di | 4.19.152-1 | i386 fuse-modules-4.19.0-12-686-pae-di | 4.19.152-1 | i386 i2c-modules-4.19.0-10-686-di | 4.19.132-1 | i386 i2c-modules-4.19.0-10-686-pae-di | 4.19.132-1 | i386 i2c-modules-4.19.0-12-686-di | 4.19.152-1 | i386 i2c-modules-4.19.0-12-686-pae-di | 4.19.152-1 | i386 input-modules-4.19.0-10-686-di | 4.19.132-1 | i386 input-modules-4.19.0-10-686-pae-di | 4.19.132-1 | i386 input-modules-4.19.0-12-686-di | 4.19.152-1 | i386 input-modules-4.19.0-12-686-pae-di | 4.19.152-1 | i386 isofs-modules-4.19.0-10-686-di | 4.19.132-1 | i386 isofs-modules-4.19.0-10-686-pae-di | 4.19.132-1 | i386 isofs-modules-4.19.0-12-686-di | 4.19.152-1 | i386 isofs-modules-4.19.0-12-686-pae-di | 4.19.152-1 | i386 jfs-modules-4.19.0-10-686-di | 4.19.132-1 | i386 jfs-modules-4.19.0-10-686-pae-di | 4.19.132-1 | i386 jfs-modules-4.19.0-12-686-di | 4.19.152-1 | i386 jfs-modules-4.19.0-12-686-pae-di | 4.19.152-1 | i386 kernel-image-4.19.0-10-686-di | 4.19.132-1 | i386 kernel-image-4.19.0-10-686-pae-di | 4.19.132-1 | i386 kernel-image-4.19.0-12-686-di | 4.19.152-1 | i386 kernel-image-4.19.0-12-686-pae-di | 4.19.152-1 | i386 linux-image-4.19.0-10-686 | 4.19.132-1 | i386 linux-image-4.19.0-10-686-pae | 4.19.132-1 | i386 linux-image-4.19.0-10-rt-686-pae | 4.19.132-1 | i386 linux-image-4.19.0-12-686 | 4.19.152-1 | i386 linux-image-4.19.0-12-686-pae | 4.19.152-1 | i386 linux-image-4.19.0-12-rt-686-pae | 4.19.152-1 | i386 loop-modules-4.19.0-10-686-di | 4.19.132-1 | i386 loop-modules-4.19.0-10-686-pae-di | 4.19.132-1 | i386 loop-modules-4.19.0-12-686-di | 4.19.152-1 | i386 loop-modules-4.19.0-12-686-pae-di | 4.19.152-1 | i386 md-modules-4.19.0-10-686-di | 4.19.132-1 | i386 md-modules-4.19.0-10-686-pae-di | 4.19.132-1 | i386 md-modules-4.19.0-12-686-di | 4.19.152-1 | i386 md-modules-4.19.0-12-686-pae-di | 4.19.152-1 | i386 mmc-core-modules-4.19.0-10-686-di | 4.19.132-1 | i386 mmc-core-modules-4.19.0-10-686-pae-di | 4.19.132-1 | i386 mmc-core-modules-4.19.0-12-686-di | 4.19.152-1 | i386 mmc-core-modules-4.19.0-12-686-pae-di | 4.19.152-1 | i386 mmc-modules-4.19.0-10-686-di | 4.19.132-1 | i386 mmc-modules-4.19.0-10-686-pae-di | 4.19.132-1 | i386 mmc-modules-4.19.0-12-686-di | 4.19.152-1 | i386 mmc-modules-4.19.0-12-686-pae-di | 4.19.152-1 | i386 mouse-modules-4.19.0-10-686-di | 4.19.132-1 | i386 mouse-modules-4.19.0-10-686-pae-di | 4.19.132-1 | i386 mouse-modules-4.19.0-12-686-di | 4.19.152-1 | i386 mouse-modules-4.19.0-12-686-pae-di | 4.19.152-1 | i386 mtd-core-modules-4.19.0-10-686-di | 4.19.132-1 | i386 mtd-core-modules-4.19.0-10-686-pae-di | 4.19.132-1 | i386 mtd-core-modules-4.19.0-12-686-di | 4.19.152-1 | i386 mtd-core-modules-4.19.0-12-686-pae-di | 4.19.152-1 | i386 multipath-modules-4.19.0-10-686-di | 4.19.132-1 | i386 multipath-modules-4.19.0-10-686-pae-di | 4.19.132-1 | i386 multipath-modules-4.19.0-12-686-di | 4.19.152-1 | i386 multipath-modules-4.19.0-12-686-pae-di | 4.19.152-1 | i386 nbd-modules-4.19.0-10-686-di | 4.19.132-1 | i386 nbd-modules-4.19.0-10-686-pae-di | 4.19.132-1 | i386 nbd-modules-4.19.0-12-686-di | 4.19.152-1 | i386 nbd-modules-4.19.0-12-686-pae-di | 4.19.152-1 | i386 nic-modules-4.19.0-10-686-di | 4.19.132-1 | i386 nic-modules-4.19.0-10-686-pae-di | 4.19.132-1 | i386 nic-modules-4.19.0-12-686-di | 4.19.152-1 | i386 nic-modules-4.19.0-12-686-pae-di | 4.19.152-1 | i386 nic-pcmcia-modules-4.19.0-10-686-di | 4.19.132-1 | i386 nic-pcmcia-modules-4.19.0-10-686-pae-di | 4.19.132-1 | i386 nic-pcmcia-modules-4.19.0-12-686-di | 4.19.152-1 | i386 nic-pcmcia-modules-4.19.0-12-686-pae-di | 4.19.152-1 | i386 nic-shared-modules-4.19.0-10-686-di | 4.19.132-1 | i386 nic-shared-modules-4.19.0-10-686-pae-di | 4.19.132-1 | i386 nic-shared-modules-4.19.0-12-686-di | 4.19.152-1 | i386 nic-shared-modules-4.19.0-12-686-pae-di | 4.19.152-1 | i386 nic-usb-modules-4.19.0-10-686-di | 4.19.132-1 | i386 nic-usb-modules-4.19.0-10-686-pae-di | 4.19.132-1 | i386 nic-usb-modules-4.19.0-12-686-di | 4.19.152-1 | i386 nic-usb-modules-4.19.0-12-686-pae-di | 4.19.152-1 | i386 nic-wireless-modules-4.19.0-10-686-di | 4.19.132-1 | i386 nic-wireless-modules-4.19.0-10-686-pae-di | 4.19.132-1 | i386 nic-wireless-modules-4.19.0-12-686-di | 4.19.152-1 | i386 nic-wireless-modules-4.19.0-12-686-pae-di | 4.19.152-1 | i386 pata-modules-4.19.0-10-686-di | 4.19.132-1 | i386 pata-modules-4.19.0-10-686-pae-di | 4.19.132-1 | i386 pata-modules-4.19.0-12-686-di | 4.19.152-1 | i386 pata-modules-4.19.0-12-686-pae-di | 4.19.152-1 | i386 pcmcia-modules-4.19.0-10-686-di | 4.19.132-1 | i386 pcmcia-modules-4.19.0-10-686-pae-di | 4.19.132-1 | i386 pcmcia-modules-4.19.0-12-686-di | 4.19.152-1 | i386 pcmcia-modules-4.19.0-12-686-pae-di | 4.19.152-1 | i386 pcmcia-storage-modules-4.19.0-10-686-di | 4.19.132-1 | i386 pcmcia-storage-modules-4.19.0-10-686-pae-di | 4.19.132-1 | i386 pcmcia-storage-modules-4.19.0-12-686-di | 4.19.152-1 | i386 pcmcia-storage-modules-4.19.0-12-686-pae-di | 4.19.152-1 | i386 ppp-modules-4.19.0-10-686-di | 4.19.132-1 | i386 ppp-modules-4.19.0-10-686-pae-di | 4.19.132-1 | i386 ppp-modules-4.19.0-12-686-di | 4.19.152-1 | i386 ppp-modules-4.19.0-12-686-pae-di | 4.19.152-1 | i386 sata-modules-4.19.0-10-686-di | 4.19.132-1 | i386 sata-modules-4.19.0-10-686-pae-di | 4.19.132-1 | i386 sata-modules-4.19.0-12-686-di | 4.19.152-1 | i386 sata-modules-4.19.0-12-686-pae-di | 4.19.152-1 | i386 scsi-core-modules-4.19.0-10-686-di | 4.19.132-1 | i386 scsi-core-modules-4.19.0-10-686-pae-di | 4.19.132-1 | i386 scsi-core-modules-4.19.0-12-686-di | 4.19.152-1 | i386 scsi-core-modules-4.19.0-12-686-pae-di | 4.19.152-1 | i386 scsi-modules-4.19.0-10-686-di | 4.19.132-1 | i386 scsi-modules-4.19.0-10-686-pae-di | 4.19.132-1 | i386 scsi-modules-4.19.0-12-686-di | 4.19.152-1 | i386 scsi-modules-4.19.0-12-686-pae-di | 4.19.152-1 | i386 scsi-nic-modules-4.19.0-10-686-di | 4.19.132-1 | i386 scsi-nic-modules-4.19.0-10-686-pae-di | 4.19.132-1 | i386 scsi-nic-modules-4.19.0-12-686-di | 4.19.152-1 | i386 scsi-nic-modules-4.19.0-12-686-pae-di | 4.19.152-1 | i386 serial-modules-4.19.0-10-686-di | 4.19.132-1 | i386 serial-modules-4.19.0-10-686-pae-di | 4.19.132-1 | i386 serial-modules-4.19.0-12-686-di | 4.19.152-1 | i386 serial-modules-4.19.0-12-686-pae-di | 4.19.152-1 | i386 sound-modules-4.19.0-10-686-di | 4.19.132-1 | i386 sound-modules-4.19.0-10-686-pae-di | 4.19.132-1 | i386 sound-modules-4.19.0-12-686-di | 4.19.152-1 | i386 sound-modules-4.19.0-12-686-pae-di | 4.19.152-1 | i386 speakup-modules-4.19.0-10-686-di | 4.19.132-1 | i386 speakup-modules-4.19.0-10-686-pae-di | 4.19.132-1 | i386 speakup-modules-4.19.0-12-686-di | 4.19.152-1 | i386 speakup-modules-4.19.0-12-686-pae-di | 4.19.152-1 | i386 squashfs-modules-4.19.0-10-686-di | 4.19.132-1 | i386 squashfs-modules-4.19.0-10-686-pae-di | 4.19.132-1 | i386 squashfs-modules-4.19.0-12-686-di | 4.19.152-1 | i386 squashfs-modules-4.19.0-12-686-pae-di | 4.19.152-1 | i386 udf-modules-4.19.0-10-686-di | 4.19.132-1 | i386 udf-modules-4.19.0-10-686-pae-di | 4.19.132-1 | i386 udf-modules-4.19.0-12-686-di | 4.19.152-1 | i386 udf-modules-4.19.0-12-686-pae-di | 4.19.152-1 | i386 uinput-modules-4.19.0-10-686-di | 4.19.132-1 | i386 uinput-modules-4.19.0-10-686-pae-di | 4.19.132-1 | i386 uinput-modules-4.19.0-12-686-di | 4.19.152-1 | i386 uinput-modules-4.19.0-12-686-pae-di | 4.19.152-1 | i386 usb-modules-4.19.0-10-686-di | 4.19.132-1 | i386 usb-modules-4.19.0-10-686-pae-di | 4.19.132-1 | i386 usb-modules-4.19.0-12-686-di | 4.19.152-1 | i386 usb-modules-4.19.0-12-686-pae-di | 4.19.152-1 | i386 usb-serial-modules-4.19.0-10-686-di | 4.19.132-1 | i386 usb-serial-modules-4.19.0-10-686-pae-di | 4.19.132-1 | i386 usb-serial-modules-4.19.0-12-686-di | 4.19.152-1 | i386 usb-serial-modules-4.19.0-12-686-pae-di | 4.19.152-1 | i386 usb-storage-modules-4.19.0-10-686-di | 4.19.132-1 | i386 usb-storage-modules-4.19.0-10-686-pae-di | 4.19.132-1 | i386 usb-storage-modules-4.19.0-12-686-di | 4.19.152-1 | i386 usb-storage-modules-4.19.0-12-686-pae-di | 4.19.152-1 | i386 xfs-modules-4.19.0-10-686-di | 4.19.132-1 | i386 xfs-modules-4.19.0-10-686-pae-di | 4.19.132-1 | i386 xfs-modules-4.19.0-12-686-di | 4.19.152-1 | i386 xfs-modules-4.19.0-12-686-pae-di | 4.19.152-1 | i386 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux-signed-i386) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 05 Dec 2020 09:53:10 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: linux-headers-4.19.0-10-common | 4.19.132-1 | all linux-headers-4.19.0-10-common-rt | 4.19.132-1 | all linux-headers-4.19.0-12-common | 4.19.152-1 | all linux-headers-4.19.0-12-common-rt | 4.19.152-1 | all linux-support-4.19.0-10 | 4.19.132-1 | all linux-support-4.19.0-12 | 4.19.152-1 | all ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux - based on source metadata) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 05 Dec 2020 09:54:19 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: linux-headers-4.19.0-10-all-amd64 | 4.19.132-1 | amd64 linux-headers-4.19.0-10-amd64 | 4.19.132-1 | amd64 linux-headers-4.19.0-10-cloud-amd64 | 4.19.132-1 | amd64 linux-headers-4.19.0-10-rt-amd64 | 4.19.132-1 | amd64 linux-headers-4.19.0-12-all-amd64 | 4.19.152-1 | amd64 linux-headers-4.19.0-12-amd64 | 4.19.152-1 | amd64 linux-headers-4.19.0-12-cloud-amd64 | 4.19.152-1 | amd64 linux-headers-4.19.0-12-rt-amd64 | 4.19.152-1 | amd64 linux-image-4.19.0-10-amd64-dbg | 4.19.132-1 | amd64 linux-image-4.19.0-10-amd64-unsigned | 4.19.132-1 | amd64 linux-image-4.19.0-10-cloud-amd64-dbg | 4.19.132-1 | amd64 linux-image-4.19.0-10-cloud-amd64-unsigned | 4.19.132-1 | amd64 linux-image-4.19.0-10-rt-amd64-dbg | 4.19.132-1 | amd64 linux-image-4.19.0-10-rt-amd64-unsigned | 4.19.132-1 | amd64 linux-image-4.19.0-12-amd64-dbg | 4.19.152-1 | amd64 linux-image-4.19.0-12-amd64-unsigned | 4.19.152-1 | amd64 linux-image-4.19.0-12-cloud-amd64-dbg | 4.19.152-1 | amd64 linux-image-4.19.0-12-cloud-amd64-unsigned | 4.19.152-1 | amd64 linux-image-4.19.0-12-rt-amd64-dbg | 4.19.152-1 | amd64 linux-image-4.19.0-12-rt-amd64-unsigned | 4.19.152-1 | amd64 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 05 Dec 2020 09:54:35 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: linux-headers-4.19.0-10-all-mipsel | 4.19.132-1 | mipsel linux-headers-4.19.0-12-all-mipsel | 4.19.152-1 | mipsel ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 05 Dec 2020 10:00:37 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: chromium-ublock-origin | 1.22.2+dfsg-1~deb10u1 | all xul-ext-ublock-origin | 1.22.2+dfsg-1~deb10u1 | all ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by ublock-origin - based on source metadata) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 05 Dec 2020 09:31:10 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: nostalgy | 0.2.36-1.2 | source xul-ext-nostalgy | 0.2.36-1.2 | all Closed bugs: 972005 ------------------- Reason ------------------- RoQA; incompatible with newer Thunderbird versions ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 05 Dec 2020 09:31:39 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: sieve-extension | 0.3.0+dfsg-1 | source xul-ext-sieve | 0.3.0+dfsg-1 | all Closed bugs: 972007 ------------------- Reason ------------------- RoQA; incompatible with newer Thunderbird versions ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 05 Dec 2020 09:32:02 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: browser-plugin-freshplayer-pepperflash | 0.3.9-2 | amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x freshplayerplugin | 0.3.9-2 | source Closed bugs: 974698 ------------------- Reason ------------------- RoQA; Obsolete, Unsupported by browsers, EOL upstream ---------------------------------------------- ========================================================================= base-files (10.3+deb10u7) buster; urgency=medium . * Change /etc/debian_version to 10.7, for Debian 10.7 point release. blueman (2.0.8-1+deb10u1) buster-security; urgency=medium . * Add patch to address CVE-2020-15238 and add libpolkit-agent-1-dev to build deps choose-mirror (2.99+deb10u2) buster; urgency=medium . * Update Mirrors.masterlist. codemirror-js (5.43.0-1+deb10u1) buster-security; urgency=high . * Backport patch from 5.58.2 for CVE-2020-7760 cups (2.2.10-6+deb10u4) buster; urgency=medium . * Backport upstream fix: - backend,scheduler/ipp.c: Fix 'printer-alert' invalid free (Closes: #961345) dav4tbsync (1.23-1~deb10u1) buster; urgency=medium . * [a7dd92d] Merge branch 'debian/sid' into debian/buster to work with Thunderbird 78.x * [0de401e] Correct path of file dav4tbsync (1.21-1) unstable; urgency=medium . * [6d81e6d] New upstream version 1.21 * [4029398] bumpd tb version to 78.3 and webext-tbsync to 2.18 dav4tbsync (1.21-1~deb10u1) buster; urgency=medium . * [dc48b60] Prepared for release: debian/changelog * [6db535b] Correct versioning vor release in buster: debian/changelog * [e79b91e] Prepared for release in buster (proposed-updates) * [7f0db57] Icon changed path dav4tbsync (1.16-1) unstable; urgency=medium . * prepared for unstable (Closes: #971770) + to fit compatibility with thunderbird 78.x * [67b1277] Added missing bug tracker to d/u/metadata dav4tbsync (1.16-1~exp1) experimental; urgency=medium . [ Mechtilde Stehmann ] * [2df0c43] New upstream version 1.15.5~beta * [be68ae5] adapted d/ to new version 1.15.5-beta . [ Carsten Schoenert ] * [c6f900a] d/gbp.conf: adding helper for git-buildpackage * [0ff72ed] New upstream version 1.16 * [cc1dba4] d/control: add new B-D on zip * [c3342df] d/copyright: update and reformat MIT license * [29f7431] d/rules: adjust build process to fit recent requirements * [743bf33] d/webext-dav4tbsync.links: updating sequencer to new requirement * [8e1b122] d/webext-dav4tbsync.install: adjust the *.xpi file only * [44baf78] d/webext-dav4tbsync.docs: drop not needesd LICENSE files dav4tbsync (1.16-1~deb10u1) buster; urgency=medium . * [bc487f4] Bumped to version 1.16 to fit compatibility + to thunderbird version 78.x (Closes:#971808) dav4tbsync (1.9-2~exp1) experimental; urgency=medium . * [1d04328] Changed maintainer email in d/control to avoid lintian warning * [276c091] Adapt for using TB >=76 dav4tbsync (1.9-1) unstable; urgency=medium . * [25b4ab5] New upstream version 1.9 debian-installer (20190702+deb10u7) buster; urgency=medium . [ Julien Cristau ] * Add grub2 to built-using (closes: #968998). . [ Cyril Brulebois ] * Bump Linux ABI to 4.19.0-13. debian-installer-netboot-images (20190702+deb10u7) buster; urgency=medium . * Update to 20190702+deb10u7, from buster-proposed-updates. distro-info-data (0.41+deb10u3) buster; urgency=medium . * Update data to 0.45: - Add Ubuntu 21.04, Hirsute Hippo. dpdk (18.11.10-1~deb10u2) buster; urgency=medium . * Backport patch to fix armhf build with NEON dpdk (18.11.10-1~deb10u1) buster; urgency=medium . * New upstream version 18.11.10 - Remote Code Execution in vhost_crypto (VM Escape) (CVE-2020-14374) - Time-of-check time-of-use vulnerabilities throughout (CVE-2020-14375) - Buffer overflow copying iv_data from guest to host (CVE-2020-14376) - write_back_data buffer over read (CVE-2020-14377) - Partial Denial of Service due to Integer Underflow (CVE-2020-14378) * New upstream version 18.11.9; For a list of changes see http://doc.dpdk.org/guides-18.11/rel_notes/release_18_11.html * Refresh patch to remove fuzz from 18.11.10 * Add rte_rawdev_dump to symbols file. It is not a new function, it was simply missing from the map file by mistake. eas4tbsync (1.20-1~deb10u1) buster; urgency=medium . * [60116af] Prepared for release: debian/changelog * [c67f390] Correct versioning for release in buster: debian/changelog * [1244201] Prepared for release in buster (proposed-updates) * [890f1ec] Icon changed path * [8c3444e] Improved d/copyright eas4tbsync (1.16-1) unstable; urgency=medium . * prepared for unstable (Closes: #971771) + to fit compatibility with thunderbird 78.x * [3f2710b] Added missing bug tracker to d/u/metadata eas4tbsync (1.16-1~exp1) experimental; urgency=medium . [ Mechtilde Stehmann ] * [1c2afd6] New upstream version 1.15.5~beta * UNRELEASED * [3564f2e] adapted d/ to new version 1.15.5-beta . [ Carsten Schoenert ] * [2f00b70] d/gbp.conf: adding helper for git-buildpackage * [f512c73] New upstream version 1.16 * [00cc0d6] d/control: add new B-D on zip * [685d0b7] d/copyright: update content, remove trailing whitespace * [ac56fb2] d/rules: adjust build process to fit recent requirements * [fb1fd87] d/webext-eas4tbsync.links: updating sequencer to new requirement * [0cf7043] d/webext-eas4tbsync.install: adjust the *.xpi file only * [64ac9ca] d/webext-eas4tbsync.docs: install README files dedicated eas4tbsync (1.16-1~deb10u1) buster; urgency=medium . * [b87d1b6] Bumped to version 1.16 to fit compatibility + to thunderbird version 78.x (Closes:#971809) eas4tbsync (1.14-2~exp1) experimental; urgency=medium . * [d5e4038] Adapt using TB>=76 eas4tbsync (1.14-1) unstable; urgency=medium . * [520424f] New upstream version 1.14 * [72f7bd0] Changed maintainer email in d/control to avoid lintian warning eas4tbsync (1.12-1) unstable; urgency=medium . * [a3311d7] New upstream version 1.12 edk2 (0~20181115.85588389-3+deb10u2) buster; urgency=medium . * Fix integer overflow in DxeImageVerificationHandler. (CVE-2019-14562) (Closes: #968819) - d/p/0001-SecurityPkg-DxeImageVerificationLib-extract-SecDataD.patch - d/p/0002-SecurityPkg-DxeImageVerificationLib-assign-WinCertif.patch - d/p/0003-SecurityPkg-DxeImageVerificationLib-catch-alignment-.patch efivar (37-2+deb10u1) buster; urgency=medium . * Backport important fixes from unstable: + fix uninitialized variable in parse_acpi_root, saving possible segfault. + Add support for nvme-fabrics and nvme-subsystem devices. Closes: #975417 enigmail (2:2.2.4-0.2~deb10u1) buster; urgency=medium . * Non-maintainer upload. * Rebuild for buster. * Don't run tests, the build dependency eslint is not in buster. enigmail (2:2.2.4-0.1) unstable; urgency=medium . * Non-maintainer upload . [ Gregor Riepl ] * new upstream release (Closes: #970111) * this version contains a migration wizard for converting existing enigmail configurations to the built-in openpgp support in thunderbird * it will no longer be maintained when thunderbird 78+ enters stable enigmail (2:2.1.6+ds1-1) unstable; urgency=medium . * new upstream release * drop patches already applied upstream * include more patches from upstream enigmail (2:2.1.5+ds1-1) unstable; urgency=medium . * new upstream release * drop patches already upstreamed * drop workaround for util/Preprocessor.py, since it is not used any longer * refresh patches * import bugfixes from upstream * fix parallel build * drop unnecessary debian/source/include-binaries * drop shlibs:Depends, since enigmail is now arch: all * standards-version: bump to 4.5.0 (no changes needed) enigmail (2:2.1.3+ds1-4) unstable; urgency=medium . * convert to python3 * convert unit tests to python3 as well * wrap-and-sort -ast espeak (1.48.04+dfsg-7+deb10u1) buster; urgency=medium . * patches/mbrola-fr4: Fix using espeak with mbrola-fr4 when mbrola-fr1 is not installed. fastd (18-3+deb10u1) buster; urgency=medium . * debian/patches: - Add 0001-receive-fix-buffer-leak-when-receiving-invalid-packe.patch, CVE-2020-27638: Fix DoS'able memory leak when receiving too many invalid packets (Closes: #972521) firefox-esr (78.5.0esr-1~deb10u1) buster-security; urgency=medium . * New upstream release. * Fixes for mfsa2020-51, also known as: CVE-2020-26951, CVE-2020-16012, CVE-2020-26953, CVE-2020-26956, CVE-2020-26958, CVE-2020-26959, CVE-2020-26960, CVE-2020-26961, CVE-2020-26965, CVE-2020-26968. firefox-esr (78.4.1esr-2) unstable; urgency=medium . * Cargo.lock, third_party/rust/proc-macro2, third_party/rust/syn: Update to fix FTBFS with rustc 1.47. bz#1663715. firefox-esr (78.4.1esr-1) unstable; urgency=medium . * New upstream release. * Fixes for mfsa2020-49, also known as CVE-2020-26950. firefox-esr (78.4.1esr-1~deb10u1) buster-security; urgency=medium . * New upstream release. * Fixes for mfsa2020-49, also known as CVE-2020-26950. firefox-esr (78.4.0esr-2) unstable; urgency=medium . * debian/rules: Restore parts of debian/rules that were removed by mistake in 78.4.0esr-1, causing FTBFS on at least amd64. firefox-esr (78.4.0esr-1) unstable; urgency=medium . * New upstream release. * Fixes for mfsa2020-46, also known as: CVE-2020-15969, CVE-2020-15683. . [Emilio Pozuelo Monfort] * debian/browser.bug-presubj.in, debian/control.in, debian/rules, debian/symbols.mk, debian/upstream.mk: Remove support for jessie. * debian/control.in, debian/rules: stretch: build with LLVM 7, 4.0 doesn't support -std=gnu++17. * debian/rules: - stretch: build with GCC 7 from gcc-mozilla. - Call python with -B when regenerating the control files, so as to not generate bytecode files. - Call debian/l10n/gen with C.UTF-8 as the locale, otherwise it fails in stretch when opening the iso-codes files. - stretch: don't set NASM on !x86. firefox-esr (78.4.0esr-1~deb10u2) buster-security; urgency=medium . * debian/rules: Restore parts of debian/rules that were removed by mistake in 78.4.0esr-1~deb10u1, causing FTBFS on at least amd64. firefox-esr (78.4.0esr-1~deb10u1) buster-security; urgency=medium . * New upstream release. * Fixes for mfsa2020-46, also known as: CVE-2020-15969, CVE-2020-15683. . [Emilio Pozuelo Monfort] * debian/browser.bug-presubj.in, debian/control.in, debian/rules, debian/symbols.mk, debian/upstream.mk: Remove support for jessie. * debian/control.in, debian/rules: stretch: build with LLVM 7, 4.0 doesn't support -std=gnu++17. * debian/rules: - stretch: build with GCC 7 from gcc-mozilla. - Call python with -B when regenerating the control files, so as to not generate bytecode files. - Call debian/l10n/gen with C.UTF-8 as the locale, otherwise it fails in stretch when opening the iso-codes files. - stretch: don't set NASM on !x86. . [Mike Hommey] * third-party/rust/authenticator/src/linux/ioctl_mips*.rs: Add missing bindings for mips*. firefox-esr (78.3.0esr-2) unstable; urgency=medium . * third-party/rust/authenticator/src/linux/ioctl_mips*.rs: Add missing bindings for mips*. firefox-esr (78.3.0esr-1) unstable; urgency=medium . * New upstream release. * Fixes for mfsa2020-43, also known as: CVE-2020-15677, CVE-2020-15676, CVE-2020-15678, CVE-2020-15673. . * js/src/jit/mips-shared/CodeGenerator-mips-shared.cpp: Add CodeGenerator::visitWasmRegisterResult function. bz#1649655. * js/src/jit/none/MacroAssembler-none.h: Bump CodeAlignment to 8. bz#1666646. firefox-esr (78.3.0esr-1~deb10u1) buster-security; urgency=medium . * New upstream release. * Fixes for mfsa2020-43, also known as: CVE-2020-15677, CVE-2020-15676, CVE-2020-15678, CVE-2020-15673. . * js/src/jit/mips-shared/CodeGenerator-mips-shared.cpp: Add CodeGenerator::visitWasmRegisterResult function. bz#1649655. * js/src/jit/none/MacroAssembler-none.h: Bump CodeAlignment to 8. bz#1666646. * third-party/rust/authenticator/src/linux/ioctl_mips*.rs: Add missing bindings for mips*. . firefox-esr (78.2.0esr-1) unstable; urgency=medium . * New upstream release. * Fixes for mfsa2020-32 and mfsa2020-38, also known as: CVE-2020-15652, CVE-2020-6514, CVE-2020-15655, CVE-2020-15653, CVE-2020-6463, CVE-2020-15656, CVE-2020-15658, CVE-2020-15654, CVE-2020-15659, CVE-2020-15664, CVE-2020-15670. . firefox (78.0.2-1) unstable; urgency=medium . * New upstream release. * Fix for mfsa2020-28. . firefox (78.0.1-1) unstable; urgency=medium . * New upstream release. . * debian/rules: - Replace --disable-ion with --disable-jit. - Don't generated the ICU data file for big-endian manually. . * js/src/jit/mips-shared/MacroAssembler-mips-shared-inl.h, js/src/jit/mips64/MacroAssembler-mips64-inl.h: Add branchTestSymbol and fallibleUnboxPtr. bz#1642265. * config/external/icu/data/*icudata*, config/external/icu/data/moz.build, js/moz.configure: Unify the includion of the ICU data file. bz#1650299. * config/external/icu/common/moz.build, config/external/icu/common/sources.mozbuild, config/external/icu/data/convert_icudata.py, config/external/icu/data/moz.build, config/external/icu/defs.mozbuild, config/external/icu/i18n/moz.build, config/external/icu/i18n/sources.mozbuild, config/external/icu/icupkg/moz.build, config/external/icu/icupkg/sources.mozbuild, config/external/icu/moz.build, config/external/icu/toolutil/moz.build, config/external/icu/toolutil/sources.mozbuild, config/recurse.mk, intl/icu_sources_data.py: Automatically convert the little-endian ICU data file for big-endian builds. . firefox (78.0-1) unstable; urgency=medium . * New upstream release * Fixes for mfsa2020-24, also known as: CVE-2020-12415, CVE-2020-12416, CVE-2020-12417, CVE-2020-12418, CVE-2020-12419, CVE-2020-12420, CVE-2020-12421, CVE-2020-12422, CVE-2020-12424, CVE-2020-12425, CVE-2020-12426. . * debian/control*: Bump nss build dependency. * debian/control*, debian/rules: Remove build dependency on python2.7. * debian/browser.mozconfig.in: Remove obsolete configure options. . * build/virtualenv_packages.txt: Don't install enum and enum34 virtualenv packages in python3 virtualenvs. bz#1632429. . firefox (77.0-1) unstable; urgency=medium . * New upstream release * Fixes for mfsa2020-20, also known as: CVE-2020-12399, CVE-2020-12405, CVE-2020-12406, CVE-2020-12407, CVE-2020-12408, CVE-2020-12409, CVE-2020-12410, CVE-2020-12411. . * debian/l10n/gen, debian/l10n_revs.py, debian/latest_nightly.py, debian/rules, debian/symbols.mk: Convert to python 3. * debian/control*: Bump nss and cbindgen build dependencies. * debian/rules: - Revert PKCS11 API change from 76.0.1-1 because the new API is now explicitly used by upstream code. - Stop passing -fno-schedule-insns2 -fno-lifetime-dse and -fno-delete-null-pointer-checks to GCC. . firefox (76.0.1-2) unstable; urgency=medium . * debian/browser.mozconfig.in: Allow addon sideload. Closes: #960084. * debian/control*: Bump nasm build dependency to 2.14. . firefox (76.0.1-1) unstable; urgency=medium . * New upstream release . * debian/rules: Force using old PKCS11 API when building against newer NSS releases. Closes: #960012. . firefox (76.0-2) unstable; urgency=medium . * Cargo.lock, third_party/rust/typenum/*: Upgrade typename to 1.12.0. bz#1635671. Fixes FTBFS on i386. . firefox (76.0-1) unstable; urgency=medium . * New upstream release * Fixes for mfsa2020-16, also known as: CVE-2020-12387, CVE-2020-6831, CVE-2020-12390, CVE-2020-12391, CVE-2020-12392, CVE-2020-12394, CVE-2020-12395, CVE-2020-12396. . * debian/control*: Bump nss build dependency. * debian/browser.install.in: Don't install blocklist.xml, it's not there anymore. . * config/recurse.mk: Don't depend on in-tree NSS/NSPR when building against system NSS/NSPR. bz#1634926. . firefox (75.0-2) unstable; urgency=medium . * build/moz.configure/util.configure: In configure, pass extra compiler flags after source path. Fixes FTBFS with --with-system-libvpx with gcc-9 >= 9-20190125-2. . firefox (75.0-1) unstable; urgency=medium . * New upstream release * Fixes for mfsa2020-12, also known as: CVE-2020-6821, CVE-2020-6822, CVE-2020-6823, CVE-2020-6824, CVE-2020-6825, CVE-2020-6826. . * debian/control*: Bump nss, rustc, cargo, cbindgen and nodejs build dependencies. * debian/control*, debian/rules: Build against libvpx >= 1.8. We used to build-conflicts with that version, but that's not necessary now that upstream needs that version. * debian/browser.install.in: Don't install .chk files, they aren't produced anymore. * debian/browser.install.in, debian/browser.mozconfig.in, debian/control*, debian/rules: Don't build against system sqlite. This is not supported anymore. . * python/mozbuild/mozbuild/nodeutil.py: Allow to build with older versions of nodejs 10. . firefox (74.0.1-1) unstable; urgency=medium . * New upstream release * Fixes for mfsa2020-11, also known as: CVE-2020-6819, CVE-2020-6820. . firefox (74.0-1) unstable; urgency=medium . * New upstream release. * Fixes for mfsa2020-08, also known as: CVE-2020-6805, CVE-2020-6806, CVE-2020-6807, CVE-2020-6808, CVE-2020-6809, CVE-2020-6810, CVE-2020-6811, CVE-2019-20503, CVE-2020-6812, CVE-2020-6813, CVE-2020-6814, CVE-2020-6815. . * debian/rules: - Use the -o flag to redirect preprocessor output rather than shell redirection to work around bz#1621465. - Remove obj-*/.mozbuild on clean. * debian/control*: Bump nspr, nss, sqlite and cbindgen build dependencies. . * config/mozunit/mozunit/mozunit.py, python/mozbuild/mozbuild/action/langpack_manifest.py, python/mozbuild/mozbuild/jar.py, python/mozbuild/mozbuild/preprocessor.py, python/mozbuild/mozbuild/test/backend/test_build.py: Use io.open() rather than open() in mozbuild/preprocessor.py. bz#1613263. * dom/canvas/ClientWebGLContext.h, dom/canvas/WebGLContext.h: Fix build errors with -Werror=format-security with GCC. . firefox (73.0.1-1) unstable; urgency=medium . * New upstream release. . * gfx/2d/SwizzleNEON.cpp: Fix NEON compile error with gcc and RGB unpacking. bz#1610814. . firefox (73.0-1) unstable; urgency=medium . * New upstream release. * Fixes for mfsa2020-05, also known as: CVE-2020-6796, CVE-2020-6798, CVE-2020-6800, CVE-2020-6801. . * debian/control*: Bump nss, rustc, cargo and cbindgen build dependencies. * debian/browser.install.in: Do not install now removed chrome.manifest and libnssdbm3.* files. . firefox (72.0.2-1) unstable; urgency=medium . * New upstream release. . firefox (72.0.1-1) unstable; urgency=medium . * New upstream release. * Fix for mfsa2020-03, also known as CVE-2019-17026. . firefox (72.0-1) unstable; urgency=medium . * New upstream release. * Fixes for mfsa2020-01, also known as: CVE-2019-17016, CVE-2019-17017, CVE-2019-17020, CVE-2019-17022, CVE-2019-17023, CVE-2019-17024, CVE-2019-17025. . * debian/rules: - Don't build with --compress-debug-sections on jessie. - Use sourcestamp.txt for MOZ_BUILD_DATE. - Avoid running dh_update_autotools_config. We're dealing with this manually and we don't want config.* files being touched under third_party/rust. * debian/control*: - Bump nspr, nss and sqlite build dependencies. - Add missing dependency on libdrm-dev. * debian/browser.mozconfig.in: Explicitly build with wayland support enabled. . * intl/icu_sources_data.py: Don't build ICU in parallel. * gfx/skia/skia/third_party/skcms/src/Transform_inl.h: Work around older GCC ICE on arm. (Thanks Emilio Pozuelo Monfort) . firefox (71.0-2) unstable; urgency=medium . * dom/indexedDB/ActorsParent.cpp: Work around lack of support for http://eel.is/c++draft/class.temporary#6.7 in compilers. bz#1601707 Closes: #946249, #946547. * layout/generic/WritingModes.h, servo/ports/geckolib/cbindgen.toml: Fix build with newer cbindgen. bz#1602358. . firefox (71.0-1) unstable; urgency=medium . * New upstream release. * Fixes for mfsa2019-36, also known as: CVE-2019-11756, CVE-2019-17008, CVE-2019-11745, CVE-2019-17014, CVE-2019-17010, CVE-2019-17005, CVE-2019-17011, CVE-2019-17012, CVE-2019-17013. . * debian/l10n/gen: Add support for ca-valencia. * debian/control*: Bump nspr, nss, rustc and cargo build dependencies. * debian/rules, debian/control.in: - Build with nodejs-mozilla on jessie and stretch. - Build with nasm-mozilla on jessie and stretch. - Don't build with system libvpx on stretch. (Thanks Emilio Pozuelo Monfort) . firefox (70.0.1-1) unstable; urgency=medium . * New upstream release. . firefox (70.0-1) unstable; urgency=medium . * New upstream release. * Fixes for mfsa2019-34, also known as: CVE-2018-6156, CVE-2019-15903, CVE-2019-11757, CVE-2019-11759, CVE-2019-11760, CVE-2019-11761, CVE-2019-11762, CVE-2019-11763, CVE-2019-11765, CVE-2019-17000, CVE-2019-17001, CVE-2019-17002, CVE-2019-11764. . * debian/control*: Bump nss, sqlite, rustc, cargo, and cbindgen build dependencies. . firefox (69.0.2-1) unstable; urgency=medium . * New upstream release. . firefox (69.0.1-1) unstable; urgency=medium . * New upstream release. * Fix for mfsa2019-31, also known as CVE-2019-11754. . * debian/control*: - Bump nss, rustc, cargo and cbindgen build dependencies. Closes: #939412. - Remove build dependency versions where Debian has had the right version since Jessie. * debian/source/lintian-overrides: Adjust DotZlib.chm path. . firefox (69.0-1) unstable; urgency=medium . * New upstream release. * Fixes for mfsa2019-25, also known as: CVE-2019-11746, CVE-2019-11744, CVE-2019-11742, CVE-2019-11752, CVE-2019-9812, CVE-2019-11741, CVE-2019-11743, CVE-2019-11748, CVE-2019-11749, CVE-2019-5849, CVE-2019-11750, CVE-2019-11737, CVE-2019-11738, CVE-2019-11747, CVE-2019-11734, CVE-2019-11735, CVE-2019-11740. . * debian/upstream.mk: Read source repo and revision from json when getting upstream info. Instead of the .txt file that doesn't exist as of 69. * debian/control*: - Remove unused build dependency against python-ply. - Remove python-minimal build dependency. All supported versions of Debian have a new enough version. - Remove build dependency against libjsoncpp-dev. * debian/l10n/gen, debian/latest_nightly.py, debian/rules, debian/symbols.mk, debian/upstream.mk, debian/watch: Use explicit python2.7 instead of python. * debian/rules: Use `mach python --no-virtualenv` to invoke the preprocessor. . * config/system-headers, toolkit/crashreporter/jsoncpp/src/lib_json/moz.build, toolkit/crashreporter/minidump-analyzer/moz.build: Revert hack to build against libjsoncpp. It was fine when it was only used by the crash reporter, but that's not the case anymore, and it breaks the build. Also, the bundled version is newer than what is available in Debian. firefox-esr (78.2.0esr-1) unstable; urgency=medium . * New upstream release. * Fixes for mfsa2020-32 and mfsa2020-38, also known as: CVE-2020-15652, CVE-2020-6514, CVE-2020-15655, CVE-2020-15653, CVE-2020-6463, CVE-2020-15656, CVE-2020-15658, CVE-2020-15654, CVE-2020-15659, CVE-2020-15664, CVE-2020-15670. firefox-esr (68.12.0esr-1) unstable; urgency=medium . * New upstream release * Fixes for mfsa2020-37, also known as CVE-2020-15664 and CVE-2020-15669. fish (3.0.2-2+deb10u1) buster; urgency=medium . * Non-maintainer upload. + With permission from package maintainer and uploader. . [ Miao Wang ] * debian/patches: Add patch to ensure tty options are restored on exit. This fixes upstream issue 5663. (Closes: #970777) freecol (0.11.6+dfsg2-2+deb10u1) buster; urgency=medium . * CVE-2018-1000825 (Closes: #917023) freetype (2.9.1-3+deb10u2) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * Fix heap buffer overflow (CVE-2020-15999) (Closes: #972586) gajim-omemo (2.6.27-1+deb10u1) buster; urgency=medium . * add patch: Switch to 12 byte IV glances (3.1.0-1+deb10u1) buster; urgency=medium . * d/control: Update my lastname. * Now glances listen on 127.0.0.1. (Closes: #970812) httpcomponents-client (4.5.7-1+deb10u1) buster-security; urgency=high . * Team upload. * Fix CVE-2020-13956: Incorrect handling of malformed authority component by URIUtils#extractHost. iptables-persistent (1.0.11+deb10u1) buster; urgency=medium . * [cdc4a5] Do not load modules. Thanks to Thorsten Glaser (Closes: #963012) * [cdc4a5] Do not call log_action_cont_msg() Thanks to Synthea (Closes: #961589) * [b6e6f9] Backport the logic to flush rules from 1.0.14 krb5 (1.17-3+deb10u1) buster-security; urgency=medium . * CVE-2020-28196 (Closes: #973880) lacme (0.5-1+deb10u2) buster; urgency=medium . * Use upstream certificate chain instead of an hardcoded one. This is a breaking change. The certificate indicated by 'CAfile' is no longer used as is in 'certificate-chain' (along with the leaf cert). The chain returned by the ACME v2 endpoint is used instead. This allows for more flexbility with respect to key/CA rotation, cf. https://letsencrypt.org/2020/11/06/own-two-feet.html and https://community.letsencrypt.org/t/beginning-issuance-from-r3/139018 * Additional current/planned CA certificates can be found under /usr/local/share/lacme: - lets-encrypt-e[12].pem - lets-encrypt-r[34]-cross-signed.pem - lets-encrypt-r[34].pem - letsencryptauthorityx[34].pem See https://letsencrypt.org/certificates/ * Moreover 'CAfile' now defaults to /usr/share/lacme/ca-certificates.crt which is a concatenation of all known active CA certificates (which includes the previous default). Closes: #975862. libdatetime-timezone-perl (1:2.23-1+2020d) buster; urgency=medium . * Update to Olson database version 2020d. This update includes contemporary changes for Palestine. libdatetime-timezone-perl (1:2.23-1+2020c) buster; urgency=medium . * Update to Olson database version 2020c. This update includes contemporary changes for Fiji. libdatetime-timezone-perl (1:2.23-1+2020b) buster; urgency=medium . * Update to Olson database version 2020b. This update includes contemporary changes for Morocco, Casey Station, and the Yukon. This release also removes the very long-deprecated "US/Pacific-New" zone name. libexif (0.6.21-5.1+deb10u5) buster-security; urgency=medium . * Add upstream patch to prevent compiler optimization of a buffer overflow check (fixes CVE-2020-0452). libimobiledevice (1.2.1~git20181030.92c5462-2+deb10u1) buster; urgency=medium . * d/patches: partial support for iOS 14 libjpeg-turbo (1:1.5.2-2+deb10u1) buster; urgency=medium . * CVE-2018-1152 (Closes: #902950) * CVE-2018-14498 (Closes: #924678) * CVE-2019-2201 * CVE-2020-13790 (Closes: #962829) libproxy (0.4.15-5+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * Fix buffer overflow when PAC is enabled (CVE-2020-26154) (Closes: #968366) * Rewrite url::recvline to be nonrecursive (CVE-2020-25219) (Closes: #971394) libxml2 (2.9.4+dfsg1-7+deb10u1) buster; urgency=medium . * CVE-2017-18258 (Closes: #895245) * CVE-2018-14404 (Closes: #901817) * CVE-2018-14567 * CVE-2019-19956 * CVE-2019-20388 (Closes: #949583) * CVE-2020-7595 (Closes: #949582) linux (4.19.160-2) buster; urgency=medium . * net: Disable MLX5_ESWITCH on mips and mipsel (Fixes FTBFS) linux (4.19.160-1) buster; urgency=medium . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.153 - [ppc64el] ibmveth: Switch order of ibmveth_helper calls. - [ppc64el] ibmveth: Identify ingress large send packets. - ipv4: Restore flowi4_oif update before call to xfrm_lookup_route - mlx4: handle non-napi callers to napi_poll - [armhf] net: fec: Fix phy_device lookup for phy_reset_after_clk_enable() - [armhf] net: fec: Fix PHY init after phy_reset_after_clk_enable() - net: fix pos incrementment in ipv6_route_seq_next - net/smc: fix valid DMBE buffer sizes - net: usb: qmi_wwan: add Cellient MPL200 card - tipc: fix the skb_unshare() in tipc_buf_append() - net/ipv4: always honour route mtu during forwarding - r8169: fix data corruption issue on RTL8402 - [arm*] binder: fix UAF when releasing todo list (CVE-2020-0423) - ALSA: bebob: potential info leak in hwdep_read() - net: hdlc: In hdlc_rcv, check to make sure dev is an HDLC device - [x86,ppc64el] net: hdlc_raw_eth: Clear the IFF_TX_SKB_SHARING flag after calling ether_setup - net/sched: act_tunnel_key: fix OOB write in case of IPv6 ERSPAN tunnels - nfc: Ensure presence of NFC_ATTR_FIRMWARE_NAME attribute in nfc_genl_fw_download() - tcp: fix to update snd_wl1 in bulk receiver fast path - r8169: fix operation under forced interrupt threading - icmp: randomize the global rate limiter (CVE-2020-25705) - ALSA: hda/realtek: Enable audio jacks of ASUS D700SA with ALC887 - cifs: remove bogus debug code - cifs: Return the error from crypt_message when enc/dec key not found. - [x86] KVM: x86/mmu: Commit zap of remaining invalid pages when recovering lpages - [x86] KVM: SVM: Initialize prev_ga_tag before use - crypto: algif_aead - Do not set MAY_BACKLOG on the async path - [x86] EDAC/i5100: Fix error handling order in i5100_init_one() - [x86] fpu: Allow multiple bits in clearcpuid= parameter - [arm64] drivers/perf: xgene_pmu: Fix uninitialized resource struct - [x86] nmi: Fix nmi_handle() duration miscalculation - [amd64] x86/events/amd/iommu: Fix sizeof mismatch - crypto: algif_skcipher - EBUSY on aio should be an error - media: tuner-simple: fix regression in simple_set_radio_freq - media: uvcvideo: Set media controller entity functions - media: uvcvideo: Silence shift-out-of-bounds warning - [armhf] media: omap3isp: Fix memleak in isp_probe - [armhf] media: ti-vpe: Fix a missing check and reference count leak - regulator: resolve supply after creating regulator - ath10k: provide survey info as accumulated data - Bluetooth: hci_uart: Cancel init work before unregistering - ath6kl: prevent potential array overflow in ath6kl_add_new_sta() - ath9k: Fix potential out of bounds in ath9k_htc_txcompletion_cb() - ath10k: Fix the size used in a 'dma_free_coherent()' call in an error handling path - [arm64] wcn36xx: Fix reported 802.11n rx_highest rate wcn3660/wcn3680 - [arm64] ASoC: qcom: lpass-platform: fix memory leak - [arm64] ASoC: qcom: lpass-cpu: fix concurrency issue - brcmfmac: check ndev pointer - mwifiex: Do not use GFP_KERNEL in atomic context - [x86] staging: rtl8192u: Do not use GFP_KERNEL in atomic context - [x86] drm/gma500: fix error check - scsi: qla4xxx: Fix an error handling path in 'qla4xxx_get_host_stats()' - scsi: qla2xxx: Fix wrong return value in qla_nvme_register_hba() - scsi: csiostor: Fix wrong return value in csio_hw_prep_fw() - [x86] VMCI: check return value of get_user_pages_fast() for errors - [ppc64el] tty: hvcs: Don't NULL tty->driver_data until hvcs_cleanup() - pty: do tty_flip_buffer_push without port->lock in pty_write - [x86] pwm: lpss: Fix off by one error in base_unit math in pwm_lpss_prepare() - [x86] pwm: lpss: Add range limit check for the base_unit register value - [x86] video: fbdev: vga16fb: fix setting of pixclock because a pass-by-value error - video: fbdev: sis: fix null ptr dereference - video: fbdev: radeon: Fix memleak in radeonfb_pci_register - HID: roccat: add bounds checking in kone_sysfs_write_settings() - [armhf] pinctrl: mcp23s08: Fix mcp23x17_regmap initialiser - [armhf] pinctrl: mcp23s08: Fix mcp23x17 precious range - net/mlx5: Don't call timecounter cyc2time directly from 1PPS flow - [arm64,armhf] net: stmmac: use netif_tx_start|stop_all_queues() function - [arm64] cpufreq: armada-37xx: Add missing MODULE_DEVICE_TABLE - ath6kl: wmi: prevent a shift wrapping bug in ath6kl_wmi_delete_pstream_cmd() - [amd64] misc: mic: scif: Fix error handling path - [arm*] usb: dwc2: Fix parameter type in function pointer prototype - quota: clear padding in v2r1_mem2diskdqb() - HID: hid-input: fix stylus battery reporting - net: enic: Cure the enic api locking trainwreck - [mips*] mfd: sm501: Fix leaks in probe() - iwlwifi: mvm: split a print to avoid a WARNING in ROC - usb: gadget: f_ncm: fix ncm_bitrate for SuperSpeed and above. - usb: gadget: u_ether: enable qmult on SuperSpeed Plus as well - nl80211: fix non-split wiphy information - [arm*] usb: dwc2: Fix INTR OUT transfers in DDMA mode. - scsi: target: tcmu: Fix warning: 'page' may be used uninitialized - scsi: be2iscsi: Fix a theoretical leak in beiscsi_create_eqs() - mwifiex: fix double free - ipvs: clear skb->tstamp in forwarding path - netfilter: nf_log: missing vlan offload tag and proto - mm/memcg: fix device private memcg accounting - mm, oom_adj: don't loop through tasks in __set_oom_adj when not necessary - IB/mlx4: Fix starvation in paravirt mux/demux - IB/mlx4: Adjust delayed work when a dup is observed - [powerpc*] pseries: Fix missing of_node_put() in rng_init() - [powerpc*] icp-hv: Fix missing of_node_put() in success path - RDMA/ucma: Fix locking for ctx->events_reported - RDMA/ucma: Add missing locking around rdma_leave_multicast() - [powerpc*] pseries: explicitly reschedule during drmem_lmb list traversal - mtd: mtdoops: Don't write panic data twice - [armel,armhf] ARM: 9007/1: l2c: fix prefetch bits init in L2X0_AUX_CTRL using DT values - xfs: limit entries returned when counting fsmap records - xfs: fix high key handling in the rt allocator's query_range function - RDMA/qedr: Fix use of uninitialized field - RDMA/qedr: Fix inline size returned for iWARP https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.154 - [powerpc*] 64s/radix: Fix mm_cpumask trimming race vs kthread_use_mm - RDMA/cma: Remove dead code for kernel rdmacm multicast - RDMA/cma: Consolidate the destruction of a cma_multicast in one place - [arm64] RDMA/hns: Set the unsupported wr opcode - [arm64] RDMA/hns: Fix missing sq_sig_type when querying QP - overflow: Include header file with SIZE_MAX declaration - [powerpc*] perf: Exclude pmc5/6 from the irrelevant PMU group constraints - [poerpc*] cpufreq: powernv: Fix frame-size-overflow in powernv_cpufreq_reboot_notifier - IB/rdmavt: Fix sizeof mismatch - f2fs: wait for sysfs kobject removal before freeing f2fs_sb_info - lib/crc32.c: fix trivial typo in preprocessor condition - rapidio: fix error handling path - rapidio: fix the missed put_device() for rio_mport_add_riodev - mailbox: avoid timer start from callback - [arm64,armhf] clk: rockchip: Initialize hw to error to avoid undefined behavior - [arm*] clk: bcm2835: add missing release if devm_clk_hw_register fails - watchdog: Fix memleak in watchdog_cdev_register - watchdog: Use put_device on error - svcrdma: fix bounce buffers for unaligned offsets and multiple pages - ext4: limit entries returned when counting fsmap records - vfio/pci: Clear token on bypass registration failure - [amd64,arm64] vfio iommu type1: Fix memory leak in vfio_iommu_type1_pin_pages - SUNRPC: fix copying of multiple pages in gss_read_proxy_verf() - [armhf] Input: omap4-keypad - fix handling of platform_get_irq() error - [armhf] Input: twl4030_keypad - fix handling of platform_get_irq() error - [armhf] Input: sun4i-ps2 - fix handling of platform_get_irq() error - [x86] KVM: emulating RDPID failure shall return #UD rather than #GP - netfilter: conntrack: connection timeout after re-register - netfilter: nf_fwd_netdev: clear timestamp in forwarding path - [armhf] dts: sun8i: r40: bananapi-m2-ultra: Fix dcdc1 regulator - [armhf] memory: omap-gpmc: Fix a couple off by ones - [powerpc*] powernv/dump: Fix race while processing OPAL dump - nvmet: fix uninitialized work for zero kato - [x86,arm64] i2c: core: Restore acpi_walk_dep_device_list() getting called after registering the ACPI i2c devs - block: ratelimit handle_bad_sector() message - [x86] crypto: ccp - fix error handling - media: firewire: fix memory leak - media: ati_remote: sanity check for both endpoints - media: media/pci: prevent memory leak in bttv_probe - media: uvcvideo: Ensure all probed info is returned to v4l2 - mmc: sdio: Check for CISTPL_VERS_1 buffer size - media: saa7134: avoid a shift overflow - fs: dlm: fix configfs memory leak - [arm64] media: venus: core: Fix runtime PM imbalance in venus_probe - ip_gre: set dev->hard_header_len and dev->needed_headroom properly - mac80211: handle lack of sband->bitrates in rates - PM: hibernate: remove the bogus call to get_gendisk() in software_resume() - scsi: mvumi: Fix error return in mvumi_io_attach() - scsi: target: core: Add CONTROL field for trace events - [amd64] mic: vop: copy data to kernel space then write to io memory - [amd64] misc: vop: add round_up(x,4) for vring_size to avoid kernel panic - usb: gadget: function: printer: fix use-after-free in __lock_acquire - udf: Limit sparing table size - udf: Avoid accessing uninitialized data on failed inode read - USB: cdc-acm: handle broken union descriptors - [arm64,armhf] usb: dwc3: simple: add support for Hikey 970 - [armhf] can: flexcan: flexcan_chip_stop(): add error handling and propagate error value - ath9k: hif_usb: fix race condition between usb_get_urb() and usb_kill_anchored_urbs() - misc: rtsx: Fix memory leak in rtsx_pci_probe - reiserfs: only call unlock_new_inode() if I_NEW - xfs: make sure the rt allocator doesn't run off the end - usb: ohci: Default to per-port over-current protection - Bluetooth: Only mark socket zapped after unlocking - [ppc64el] scsi: ibmvfc: Fix error return in ibmvfc_probe() - brcmsmac: fix memory leak in wlc_phy_attach_lcnphy - rtl8xxxu: prevent potential memory leak - Fix use after free in get_capset_info callback. - scsi: qedi: Protect active command list to avoid list corruption - scsi: qedi: Fix list_del corruption while removing active I/O - [x86] tty: ipwireless: fix error handling - ipvs: Fix uninit-value in do_ip_vs_set_ctl() - reiserfs: Fix memory leak in reiserfs_parse_options() - mwifiex: don't call del_timer_sync() on uninitialized timer - brcm80211: fix possible memleak in brcmf_proto_msgbuf_attach - usb: core: Solve race condition in anchor cleanup functions - ath10k: check idx validity in __ath10k_htt_rx_ring_fill_n() - usb: cdc-acm: add quirk to blacklist ETAS ES58X devices - USB: cdc-wdm: Make wdm_flush() interruptible and add wdm_fsync(). - eeprom: at25: set minimum read/write access stride to 1 - usb: gadget: f_ncm: allow using NCM in SuperSpeed Plus gadgets. https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.155 - scripts/setlocalversion: make git describe output more reliable - [arm64] Run ARCH_WORKAROUND_1 enabling code on all CPUs - [arm64] link with -z norelro regardless of CONFIG_RELOCATABLE - [x86,arm64,armhf] efivarfs: Replace invalid slashes with exclamation marks in dentries. - gtp: fix an use-before-init in gtp_newlink() - netem: fix zero division in tabledist - tcp: Prevent low rmem stalls with SO_RCVLOWAT. - tipc: fix memory leak caused by tipc_buf_append() - r8169: fix issue with forced threading in combination with shared interrupts - cxgb4: set up filter action after rewrites - [x86] arch/x86/amd/ibs: Fix re-arming IBS Fetch - [x86] xen: disable Firmware First mode for correctable memory errors - fuse: fix page dereference after free - bpf: Fix comment for helper bpf_current_task_under_cgroup() - p54: avoid accessing the data mapped to streaming DMA - [powerpc*] cxl: Rework error message for incompatible slots - RDMA/addr: Fix race with netevent_callback()/rdma_addr_cancel() - mtd: lpddr: Fix bad logic in print_drs_error - [arm*] serial: pl011: Fix lockdep splat when handling magic-sysrq interrupt - fscrypt: return -EXDEV for incompatible rename or link into encrypted dir - fscrypt: clean up and improve dentry revalidation - fscrypt: fix race allowing rename() and link() of ciphertext dentries - fs, fscrypt: clear DCACHE_ENCRYPTED_NAME when unaliasing directory - fscrypt: only set dentry_operations on ciphertext dentries - fscrypt: fix race where ->lookup() marks plaintext dentry as ciphertext - Revert "block: ratelimit handle_bad_sector() message" - xen/events: don't use chip_data for legacy IRQs - xen/events: avoid removing an event channel while handling it (CVE-2020-27675) - xen/events: add a proper barrier to 2-level uevent unmasking (CVE-2020-27673) - xen/events: fix race in evtchn_fifo_unmask() (CVE-2020-27673) - xen/events: add a new "late EOI" evtchn framework (CVE-2020-27673) - xen/blkback: use lateeoi irq binding (CVE-2020-27673) - xen/netback: use lateeoi irq binding (CVE-2020-27673) - xen/scsiback: use lateeoi irq binding (CVE-2020-27673) - xen/pvcallsback: use lateeoi irq binding (CVE-2020-27673) - xen/pciback: use lateeoi irq binding (CVE-2020-27673) - xen/events: switch user event channels to lateeoi model (CVE-2020-27673) - xen/events: use a common cpu hotplug hook for event channels (CVE-2020-27673) - xen/events: defer eoi in case of excessive number of events (CVE-2020-27673) - xen/events: block rogue events for some time (CVE-2020-27673) - RDMA/qedr: Fix memory leak in iWARP CM - ata: sata_nv: Fix retrieving of active qcs - futex: Fix incorrect should_fail_futex() handling - [powerpc*] powernv/smp: Fix spurious DBG() warning - mm: fix exec activate_mm vs TLB shootdown and lazy tlb switching race - [powerpc*] select ARCH_WANT_IRQS_OFF_ACTIVATE_MM - f2fs: add trace exit in exception path - f2fs: fix uninit-value in f2fs_lookup - f2fs: fix to check segment boundary during SIT page readahead - [armel,armhf] 8997/2: hw_breakpoint: Handle inexact watchpoint addresses - power: supply: bq27xxx: report "not charging" on all types - xfs: fix realtime bitmap/summary file truncation when growing rt volume - ath10k: fix VHT NSS calculation when STBC is enabled - media: videodev2.h: RGB BT2020 and HSV are always full range - [x86] usb: typec: tcpm: During PR_SWAP, source caps should be sent only after tSwapSourceStart - media: tw5864: check status of tw5864_frameinterval_get - mmc: via-sdmmc: Fix data race bug - [arm64] topology: Stop using MPIDR for topology information - media: uvcvideo: Fix dereference of out-of-bound list iterator - USB: adutux: fix debugging - uio: free uio id after uio file node is freed - usb: xhci: omit duplicate actions when suspending a runtime suspended host. - [arm64] mm: return cpu_all_mask when node is NUMA_NO_NODE - xfs: don't free rt blocks when we're doing a REMAP bunmapi call - ACPI: Add out of bounds and numa_off protections to pxm_to_node() - drivers/net/wan/hdlc_fr: Correctly handle special skb->protocol values - btrfs: fix replace of seed device - md/bitmap: md_bitmap_get_counter returns wrong blocks - bnxt_en: Log unknown link speed appropriately. - [arm64] rpmsg: glink: Use complete_all for open states - [armhf] clk: ti: clockdomain: fix static checker warning - net: 9p: initialize sun_server.sun_path to have addr's value only when addr is valid - ext4: Detect already used quota file early - gfs2: add validation checks for size of superblock - cifs: handle -EINTR in cifs_setattr - [armhf] memory: emif: Remove bogus debugfs error handling - nbd: make the config put is called before the notifying the waiter - sgl_alloc_order: fix memory leak - nvme-rdma: fix crash when connect rejected - md/raid5: fix oops during stripe resizing - [x86,arm64] mmc: sdhci-acpi: AMDI0040: Set SDHCI_QUIRK2_PRESET_VALUE_BROKEN - [x86] perf/x86/amd/ibs: Don't include randomized bits in get_ibs_op_count() - [x86] perf/x86/amd/ibs: Fix raw sample data accumulation - media: uvcvideo: Fix uvc_ctrl_fixup_xu_info() not having any effect - fs: Don't invalidate page buffers in block_write_full_page() - NFS: fix nfs_path in case of a rename retry - ACPI: button: fix handling lid state changes when input device closed - [x86] ACPI / extlog: Check for RDMSR failure (Closes: #971058) - [x86] ACPI: video: use ACPI backlight for HP 635 Notebook - [x86] acpi-cpufreq: Honor _PSD table setting on new AMD CPUs - scsi: mptfusion: Fix null pointer dereferences in mptscsih_remove() - scsi: qla2xxx: Fix crash on session cleanup with unload - btrfs: qgroup: fix wrong qgroup metadata reserve for delayed inode - btrfs: improve device scanning messages - btrfs: reschedule if necessary when logging directory items - btrfs: send, recompute reference path after orphanization of a directory - btrfs: use kvzalloc() to allocate clone_roots in btrfs_ioctl_send() - btrfs: cleanup cow block on error - btrfs: fix use-after-free on readahead extent after failure to create it - usb: xhci: Workaround for S3 issue on AMD SNPS 3.0 xHC - [arm64,armhf] usb: dwc3: ep0: Fix ZLP for OUT ep0 requests - [arm64,armhf] usb: dwc3: gadget: Check MPS of the request length - [arm64,armhf] usb: dwc3: core: add phy cleanup for probe error handling - [arm64,armhf] usb: dwc3: core: don't trigger runtime pm when remove driver - usb: cdc-acm: fix cooldown mechanism - [x86] usb: typec: tcpm: reset hard_reset_count for any disconnect - [x86] drm/i915: Force VT'd workarounds when running as a guest OS - vt: keyboard, simplify vt_kdgkbsent - vt: keyboard, extend func_buf_lock to readers (CVE-2020-25656) - HID: wacom: Avoid entering wacom_wac_pen_report for pad / battery - udf: Fix memory leak when mounting - [powerpc*] drmem: Make lmb_size 64 bit - [s390x] stp: add locking to sysfs functions - [powerpc*] rtas: Restrict RTAS requests from userspace (CVE-2020-27777) - [powerpc*] Warn about use of smt_snooze_delay - [powerpc*] powernv/elog: Fix race while processing OPAL error log event. - [powerpc*] Fix undetected data corruption with P9N DD2.1 VSX CI load emulation - NFSv4.2: support EXCHGID4_FLAG_SUPP_FENCE_OPS 4.2 EXCHANGE_ID flag - NFSD: Add missing NFSv2 .pc_func methods - ubifs: dent: Fix some potential memory leaks while iterating entries - perf python scripting: Fix printable strings in python3 scripts - ubi: check kthread_should_stop() after the setting of task state - [armhf] i2c: imx: Fix external abort on interrupt in exit paths - drm/amdgpu: don't map BO in reserved region - ceph: promote to unsigned long long before shifting - libceph: clear con->out_msg on Policy::stateful_server faults - 9P: Cast to loff_t before multiplying - ring-buffer: Return 0 on success from ring_buffer_resize() - [amd64] vringh: fix __vringh_iov() when riov and wiov are different - ext4: fix leaking sysfs kobject after failed mount - ext4: fix error handling code in add_new_gdb - ext4: fix invalid inode checksum - drm/ttm: fix eviction valuable range check. - tty: make FONTX ioctl use the tty pointer they were actually passed (CVE-2020-25668) - cachefiles: Handle readpage error correctly - device property: Keep secondary firmware node secondary by type - device property: Don't clear secondary pointer for shared primary firmware node - [arm64] KVM: Fix AArch32 handling of DBGD{CCINT,SCRext} and DBGVCR - [x86] staging: comedi: cb_pcidas: Allow 2-channel commands for AO subdevice - [mips*] staging: octeon: repair "fixed-link" support - [mips*] staging: octeon: Drop on uncorrectable alignment or FCS error https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.156 - [x86] drm/i915: Break up error capture compression loops with cond_resched() - tipc: fix use-after-free in tipc_bcast_get_mode - ptrace: fix task_join_group_stop() for the case when current is traced - [arm64] cadence: force nonlinear buffers to be cloned - net: usb: qmi_wwan: add Telit LE910Cx 0x1230 composition - sctp: Fix COMM_LOST/CANT_STR_ASSOC err reporting on big-endian platforms - [arm64,armhf] sfp: Fix error handing in sfp_probe() - blktrace: fix debugfs use after free (CVE-2019-19770) - btrfs: extent_io: Kill the forward declaration of flush_write_bio - btrfs: extent_io: Move the BUG_ON() in flush_write_bio() one level up - Revert "btrfs: flush write bio if we loop in extent_write_cache_pages" - btrfs: flush write bio if we loop in extent_write_cache_pages - btrfs: extent_io: Handle errors better in extent_write_full_page() - btrfs: extent_io: Handle errors better in btree_write_cache_pages() - btrfs: extent_io: add proper error handling to lock_extent_buffer_for_io() - Btrfs: fix unwritten extent buffers and hangs on future writeback attempts - btrfs: Don't submit any btree write bio if the fs has errors (CVE-2019-19039, CVE-2019-19377) - btrfs: Move btrfs_check_chunk_valid() to tree-check.[ch] and export it - btrfs: tree-checker: Make chunk item checker messages more readable - btrfs: tree-checker: Make btrfs_check_chunk_valid() return EUCLEAN instead of EIO - btrfs: tree-checker: Check chunk item at tree block read time - btrfs: tree-checker: Verify dev item - btrfs: tree-checker: Fix wrong check on max devid - btrfs: tree-checker: Enhance chunk checker to validate chunk profile (CVE-2019-19816) - btrfs: tree-checker: Verify inode item - btrfs: tree-checker: fix the error message for transid error - Fonts: Replace discarded const qualifier - ALSA: usb-audio: Add implicit feedback quirk for Zoom UAC-2 - ALSA: usb-audio: add usb vendor id as DSD-capable for Khadas devices - ALSA: usb-audio: Add implicit feedback quirk for Qu-16 - ALSA: usb-audio: Add implicit feedback quirk for MODX - mm: mempolicy: fix potential pte_unmap_unlock pte error - kthread_worker: prevent queuing delayed work from timer_fn when it is being canceled - mm: always have io_remap_pfn_range() set pgprot_decrypted() - gfs2: Wake up when sd_glock_disposal becomes zero - ring-buffer: Fix recursion protection transitions between interrupt context - ftrace: Fix recursion check for NMI test - ftrace: Handle tracing when switching between context - tracing: Fix out of bounds write in get_trace_buf - futex: Handle transient "ownerless" rtmutex state correctly - [amd64] x86/kexec: Use up-to-dated screen_info copy to fill boot params - of: Fix reserved-memory overlap detection - blk-cgroup: Fix memleak on error path - blk-cgroup: Pre-allocate tree node on blkg_conf_prep - scsi: core: Don't start concurrent async scan on same host - vsock: use ns_capable_noaudit() on socket create - [arm*] drm/vc4: drv: Add error handding for bind - [amd64,arm64] ACPI: NFIT: Fix comparison to '-ENXIO' - vt: Disable KD_FONT_OP_COPY (CVE-2020-28974) - fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent - USB: serial: cyberjack: fix write-URB completion race - USB: serial: option: add Quectel EC200T module support - USB: serial: option: add LE910Cx compositions 0x1203, 0x1230, 0x1231 - USB: serial: option: add Telit FN980 composition 0x1055 - USB: Add NO_LPM quirk for Kingston flash drive - PM: runtime: Resume the device earlier in __device_release_driver() - perf/core: Fix a memory leak in perf_event_parse_addr_filter() (CVE-2020-25704) - tools: perf: Fix build error in v4.19.y - [arm64,armhf] net: dsa: read mac address from DT for slave device - [arm64] dts: marvell: espressobin: Add ethernet switch aliases https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.157 - [x86] powercap: restrict energy meter to root access (CVE-2020-8694) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.158 - regulator: defer probe when trying to get voltage from unresolved supply - time: Prevent undefined behaviour in timespec64_to_ns() - nbd: don't update block size after device is started - [arm64,armhf] usb: dwc3: gadget: Continue to process pending requests - [arm64,armhf] usb: dwc3: gadget: Reclaim extra TRBs after request completion - btrfs: sysfs: init devices outside of the chunk_mutex - btrfs: reschedule when cloning lots of extents - [x86] hv_balloon: disable warning when floor reached - net: xfrm: fix a race condition during allocing spi - xfs: set xefi_discard when creating a deferred agfl free log intent item - netfilter: ipset: Update byte and packet counters regardless of whether they match - perf tools: Add missing swap for ino_generation - [x86] ALSA: hda: prevent undefined shift in snd_hdac_ext_bus_get_link() - can: rx-offload: don't call kfree_skb() from IRQ context - can: dev: can_get_echo_skb(): prevent call to kfree_skb() in hard IRQ context - can: dev: __can_get_echo_skb(): fix real payload length return value for RTR frames - can: can_create_echo_skb(): fix echo skb generation: always use skb_clone() - can: peak_usb: add range checking in decode operations - can: peak_usb: peak_usb_get_ts_time(): fix timestamp wrapping - can: peak_canfd: pucan_handle_can_rx(): fix echo management when loopback is on - [armhf] can: flexcan: remove FLEXCAN_QUIRK_DISABLE_MECR quirk for LS1021A - xfs: flush new eof page on truncate to avoid post-eof corruption - [arm64,x86] tpm: efi: Don't create binary_bios_measurements file for an empty log - Btrfs: fix missing error return if writeback for extent buffer never started - ath9k_htc: Use appropriate rs_datalen type - netfilter: use actual socket sk rather than skb sk when routing harder - gfs2: Free rd_bits later in gfs2_clear_rgrpd to fix use-after-free - gfs2: Add missing truncate_inode_pages_final for sd_aspace - gfs2: check for live vs. read-only file system in gfs2_fitrim - scsi: hpsa: Fix memory leak in hpsa_init_one() - drm/amdgpu: perform srbm soft reset always on SDMA resume - mac80211: fix use of skb payload instead of header - cfg80211: regulatory: Fix inconsistent format argument - scsi: scsi_dh_alua: Avoid crash during alua_bus_detach() - [s390x] smp: move rcu_cpu_starting() earlier - [x86] tpm_tis: Disable interrupts on ThinkPad T490s - tick/common: Touch watchdog in tick_unfreeze() on all CPUs - [x86] pinctrl: intel: Set default bias in case no particular value given - [armel,armhf] 9019/1: kprobes: Avoid fortify_panic() when copying optprobe template - nbd: fix a block_device refcount leak in nbd_release - xfs: fix flags argument to rmap lookup when converting shared file rmaps - xfs: fix rmap key and record comparison functions - lan743x: fix "BUG: invalid wait context" when setting rx mode - xfs: fix a missing unlock on error in xfs_fs_map_blocks - of/address: Fix of_node memory leak in of_dma_is_coherent - [i386] cosa: Add missing kfree in error path of cosa_write - perf: Fix get_recursion_context() - ext4: correctly report "not supported" for {usr,grp}jquota when !CONFIG_QUOTA - ext4: unlock xattr_sem properly in ext4_inline_data_truncate() - btrfs: dev-replace: fail mount if we don't have replace item with target device - [x86] thunderbolt: Fix memory leak if ida_simple_get() fails in enumerate_services() - [x86] thunderbolt: Add the missed ida_simple_remove() in ring_request_msix() - uio: Fix use-after-free in uio_unregister_device() - usb: cdc-acm: Add DISABLE_ECHO for Renesas USB Download mode - futex: Don't enable IRQs unconditionally in put_pi_state() - ocfs2: initialize ip_next_orphan - btrfs: fix potential overflow in cluster_pages_for_defrag on 32bit arch - selinux: Fix error return code in sel_ib_pkey_sid_slow() - gpio: pcie-idio-24: Fix irq mask when masking - gpio: pcie-idio-24: Fix IRQ Enable Register value - gpio: pcie-idio-24: Enable PEX8311 interrupts - don't dump the threads that had been already exiting when zapped. - [x86] drm/gma500: Fix out-of-bounds access to struct drm_device.vblank[] - pinctrl: amd: use higher precision for 512 RtcClk - pinctrl: amd: fix incorrect way to disable debounce filter - swiotlb: fix "x86: Don't panic if can not alloc buffer for swiotlb" - IPv6: Set SIT tunnel hard_header_len to zero - [s390x] net/af_iucv: fix null pointer dereference on shutdown - net: Update window_clamp if SOCK_RCVBUF is set - tipc: fix memory leak in tipc_topsrv_start() - vrf: Fix fast path output packet handling with async Netfilter rules - r8169: fix potential skb double free in an error path - random32: make prandom_u32() output unpredictable - [x86] speculation: Allow IBPB to be conditionally enabled on CPUs with always-on STIBP - perf/core: Fix race in the perf_mmap_close() function (CVE-2020-14351) - Revert "kernel/reboot.c: convert simple_strtoul to kstrtoint" - reboot: fix overflow parsing reboot cpu number - net: sch_generic: fix the missing new qdisc assignment bug - Convert trailing spaces and periods in path components https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.159 - [powerpc*] 64s: move some exception handlers out of line - [powerpc*] 64s: flush L1D on kernel entry (CVE-2020-4788) - [powerpc*] Add a framework for user access tracking - [powerpc*] Implement user_access_begin and friends - [powerpc*] Fix __clear_user() with KUAP enabled - [powerpc*] uaccess: Evaluate macro arguments once, before user access is allowed - [powerpc*] 64s: flush L1D after user accesses (CVE-2020-4788) - Revert "perf cs-etm: Move definition of 'traceid_list' global variable from header file" - Input: sunkbd - avoid use-after-free in teardown paths (CVE-2020-25669) - mac80211: always wind down STA state - can: proc: can_remove_proc(): silence remove_proc_entry warning - [x86] KVM: x86: clflushopt should be treated as a no-op by emulation - [arm64] ACPI: GED: fix -Wformat https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.160 - ah6: fix error return code in ah6_input() - atm: nicstar: Unmap DMA on send error - bnxt_en: read EEPROM A2h address using page 0 - devlink: Add missing genlmsg_cancel() in devlink_nl_sb_port_pool_fill() - inet_diag: Fix error path to cancel the meseage in inet_req_diag_fill() - lan743x: fix issue causing intermittent kernel log warnings - lan743x: prevent entire kernel HANG on open, for some platforms - net: b44: fix error return code in b44_init_one() - net: bridge: add missing counters to ndo_get_stats64 callback - [arm64,armhf] net: dsa: mv88e6xxx: Avoid VTU corruption on 6097 - net: Have netpoll bring-up DSA management interface - net/mlx4_core: Fix init_hca fields offset - page_frag: Recover from memory pressure - qed: fix error return code in qed_iwarp_ll2_start() - qlcnic: fix error return code in qlcnic_83xx_restart_hw() - sctp: change to hold/put transport for proto_unreach_timer - tcp: only postpone PROBE_RTT if RTT is < current min_rtt estimate - [arm64,armhf] net/mlx5: Disable QoS when min_rates on all VFs are zero - net: usb: qmi_wwan: Set DTR quirk for MR400 - [arm64,armhf] pinctrl: rockchip: enable gpio pclk for rockchip_gpio_to_irq - scsi: ufs: Fix unbalanced scsi_block_reqs_cnt caused by ufshcd_hold() - [x86] ACPI: button: Add DMI quirk for Medion Akoya E2228T - [arm64] psci: Avoid printing in cpu_psci_cpu_die() - vfs: remove lockdep bogosity in __sb_start_write - [arm64] dts: allwinner: a64: Pine64 Plus: Fix ethernet node - [arm64] dts: allwinner: h5: OrangePi PC2: Fix ethernet node - [armhf] dts: sun8i: r40: bananapi-m2-ultra: Fix ethernet node - [armhf] Revert "arm: sun8i: orangepi-pc-plus: Set EMAC activity LEDs to active high" - [armhf] dts: sun8i: h3: orangepi-plus2e: Enable RGMII RX/TX delay on Ethernet PHY - [armhf] dts: sun8i: a83t: Enable both RGMII RX/TX delay on Ethernet PHY - [arm64] dts: allwinner: a64: bananapi-m64: Enable RGMII RX/TX delay on PHY - [mips*] export has_transparent_hugepage() for modules - [arm64] dts: allwinner: h5: OrangePi Prime: Fix ethernet node - perf lock: Don't free "lock_seq_stat" if read_count isn't zero - ip_tunnels: Set tunnel option flag when tunnel metadata is present - can: af_can: prevent potential access of uninitialized member in can_rcv() - can: af_can: prevent potential access of uninitialized member in canfd_rcv() - can: dev: can_restart(): post buffer from the right context - can: mcba_usb: mcba_usb_start_xmit(): first fill skb, then pass to can_put_echo_skb() - can: peak_usb: fix potential integer overflow on shift of a int - [arm64] ASoC: qcom: lpass-platform: Fix memory leak - [arm64,armhf] drm/sun4i: dw-hdmi: fix error return code in sun8i_dw_hdmi_bind() - can: kvaser_usb: kvaser_usb_hydra: Fix KCAN bittiming limits - [armhf] regulator: ti-abb: Fix array out of bound read access on the first transition - xfs: revert "xfs: fix rmap key and record comparison functions" - [amd64] efi/x86: Free efi_pgd with free_pages() - libfs: fix error cast of negative value in simple_attr_write() - speakup: Do not let the line discipline be used several times (CVE-2020-28941) - ALSA: firewire: Clean up a locking issue in copy_resp_to_buf() - ALSA: usb-audio: Add delay quirk for all Logitech USB devices - ALSA: ctl: fix error path at adding user-defined element set - ALSA: mixart: Fix mutex deadlock - ALSA: hda/realtek: Add some Clove SSID in the ALC293(ALC1220) - [armhf] tty: serial: imx: keep console clocks always on - [arm64,armhf,x86] efivarfs: fix memory leak in efivarfs_create() - [arm64,x86] staging: rtl8723bs: Add 024c:0627 to the list of SDIO device-ids - ext4: fix bogus warning in ext4_update_dx_flag() - [x86] iio: accel: kxcjk1013: Replace is_smo8500_device with an acpi_type enum - [x86] iio: accel: kxcjk1013: Add support for KIOX010A ACPI DSM for setting tablet-mode - [armhf] regulator: pfuze100: limit pfuze-support-disable-sw to pfuze{100,200} - regulator: fix memory leak with repeated set_machine_constraints() - regulator: avoid resolve_supply() infinite recursion - regulator: workaround self-referent regulators - mac80211: minstrel: remove deferred sampling code - mac80211: minstrel: fix tx status processing corner case - mac80211: free sta in sta_info_insert_finish() on errors - [s390x] cpum_sf.c: fix file permission for cpum_sfb_size - [s390x] dasd: fix null pointer dereference for ERP requests - ptrace: Set PF_SUPERPRIV when checking capability - seccomp: Set PF_SUPERPRIV when checking capability - [x86] microcode/intel: Check patch signature before saving microcode for early loading - mm/userfaultfd: do not access vma->vm_mm after calling handle_userfault() . [ Salvatore Bonaccorso ] * net: Enable NET_SWITCHDEV; disable on armel/marvell (Closes: #949863) * Bump ABI to 13 * [rt] Update to 4.19.152-rt65 * [rt] Refresh "mm: Protect activate_mm() by preempt_[disable&enable]_rt()" * [rt] Refresh "kthread: convert worker lock to raw spinlock" * [rt] Refresh "signals: Allow rt tasks to cache one sigqueue struct" * [rt] Refresh "tpm_tis: fix stall after iowrite*()s" * [rt] Refresh "futex: Delay deallocation of pi_state" * [rt] Refresh "futex: Make the futex_hash_bucket spinlock_t again" * [rt] Update to 4.19.152-rt66 - mm/memcontrol: Disable preemption in __mod_memcg_lruvec_state() - ptrace: fix ptrace_unfreeze_traced() race with rt-lock * [rt] Update to 4.19.160-rt69 . [ Noah Meyerhans ] * Backport upstream fix for PCI bridge firmware configuration preservation (Closes: #968623) . [ John L. Villalovos ] * Backport support for USB Host Controllers with local memory to avoid crashes. In particular the Renesas USB 3.0 controller (PD720201/PD720202) which is used on the Ampere's Mt Jade platform which is part of their Altra product line: - lib/genalloc: add gen_pool_dma_zalloc() for zeroed DMA allocations - USB: use genalloc for USB HCs with local memory - USB: drop HCD_LOCAL_MEM flag - usb: don't create dma pools for HCDs with a localmem_pool - usb: add a hcd_uses_dma helper - usb: host: ohci-sm501: init genalloc for local memory - usb/hcd: Fix a NULL vs IS_ERR() bug in usb_hcd_setup_local_mem() * [arm64] config/arm64/config: Set NODES_SHIFT to 4 . [ Yves-Alexis Perez ] * usbnet: ipheth: fix connectivity with iOS 14 linux (4.19.152-1) buster-security; urgency=high . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.147 - [arm64,armhf] dsa: Allow forwarding of redirected IGMP traffic - scsi: qla2xxx: Update rscn_rcvd field to more meaningful scan_needed - scsi: qla2xxx: Move rport registration out of internal work_list - scsi: qla2xxx: Reduce holding sess_lock to prevent CPU lock-up - net: handle the return value of pskb_carve_frag_list() correctly - [x86] hv_netvsc: Remove "unlikely" from netvsc_select_queue - NFSv4.1 handle ERR_DELAY error reclaiming locking state on delegation recall - scsi: pm8001: Fix memleak in pm8001_exec_internal_task_abort - scsi: libfc: Fix for double free() - scsi: lpfc: Fix FLOGI/PLOGI receive race condition in pt2pt discovery - [arm64] regulator: pwm: Fix machine constraints application - NFS: Zero-stateid SETATTR should first return delegation - SUNRPC: stop printk reading past end of string - nvme-fc: cancel async events before freeing event struct - nvme-rdma: cancel async events before freeing event struct - f2fs: fix indefinite loop scanning for free nid - f2fs: Return EOF on unaligned end of file DIO read - i2c: algo: pca: Reapply i2c bus settings after reset - spi: Fix memory leak on splited transfers - [arm64,armhf] clk: rockchip: Fix initialization of mux_pll_src_4plls_p - [arm64] ASoC: qcom: Set card->owner to avoid warnings - [x86] Drivers: hv: vmbus: Add timeout to vmbus_wait_for_unload - fbcon: Fix user font detection test at fbcon_resize(). - USB: quirks: Add USB_QUIRK_IGNORE_REMOTE_WAKEUP quirk for BYD zhaoxin notebook - USB: UAS: fix disconnect by unplugging a hub - usblp: fix race between disconnect() and read() - [x86] i2c: i801: Fix resume bug - Revert "ALSA: hda - Fix silent audio output and corrupted input on MSI X570-A PRO" - percpu: fix first chunk size calculation for populated bitmap - Input: trackpoint - add new trackpoint variant IDs - serial: 8250_pci: Add Realtek 816a and 816b - ehci-hcd: Move include to keep CRC stable - [powerpc*] dma: Fix dma_map_ops::get_required_mask https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.148 - af_key: pfkey_dump needs parameter validation - KVM: fix memory leak in kvm_io_bus_unregister_dev() - kprobes: fix kill kprobe which has been marked as gone - mm/thp: fix __split_huge_pmd_locked() for migration PMD - cxgb4: Fix offset when clearing filter byte counters - geneve: add transport ports in route lookup for geneve (CVE-2020-25645) - [x86,ppc64el] hdlc_ppp: add range checks in ppp_cp_parse_cr() (CVE-2020-25643) - ip: fix tos reflection in ack and reset packets - ipv6: avoid lockdep issue in fib6_del() - net: DCB: Validate DCB_ATTR_DCB_BUFFER argument - net: ipv6: fix kconfig dependency warning for IPV6_SEG6_HMAC - net: sch_generic: aviod concurrent reset and enqueue op for lockless qdisc - nfp: use correct define to return NONE fec - tipc: Fix memory leak in tipc_group_create_member() - tipc: fix shutdown() of connection oriented socket - tipc: use skb_unshare() instead in tipc_buf_append() - bnxt_en: return proper error codes in bnxt_show_temp - bnxt_en: Protect bnxt_set_eee() and bnxt_set_pauseparam() with mutex. - net: phy: Avoid NPD upon phy_detach() when driver is unbound - net: add __must_check to skb_put_padto() - ipv4: Update exception handling for multipath routes via same device - kbuild: add OBJSIZE variable for the size tool - mm: memcg: fix memcg reclaim soft lockup - tcp_bbr: refactor bbr_target_cwnd() for general inflight provisioning - tcp_bbr: adapt cwnd based on ack aggregation estimation - serial: 8250: Avoid error message on reprobe https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.149 - selinux: allow labeling before policy is loaded - media: mc-device.c: fix memleak in media_device_register_entity - dma-fence: Serialise signal enabling (dma_fence_enable_sw_signaling) - ath10k: fix array out-of-bounds access - ath10k: fix memory leak for tpc_stats_final - mm: fix double page fault on arm64 if PTE_AF is cleared - scsi: aacraid: fix illegal IO beyond last LBA - [x86] gma/gma500: fix a memory disclosure bug due to uninitialized bytes - [armel,armhf] ASoC: kirkwood: fix IRQ error handling - [amd64] arch/x86/lib/usercopy_64.c: fix __copy_user_flushcache() cache writeback - [x86] ioapic: Unbreak check_timer() - ALSA: usb-audio: Add delay quirk for H570e USB headsets - ALSA: hda/realtek - Couldn't detect Mic if booting with headset plugged - ALSA: hda/realtek: Enable front panel headset LED on Lenovo ThinkStation P520 - lib/string.c: implement stpcpy - [armhf] PM / devfreq: tegra30: Fix integer overflow on CPU's freq max out - [x86] scsi: fnic: fix use after free - scsi: lpfc: Fix kernel crash at lpfc_nvme_info_show during remote port bounce - net: silence data-races on sk_backlog.tail - [armhf] clk/ti/adpll: allocate room for terminating null - mtd: cfi_cmdset_0002: don't free cfi->cfiq in error path of cfi_amdstd_setup() - mfd: mfd-core: Protect against NULL call-back function pointer - [x86] tpm_crb: fix fTPM on AMD Zen+ CPUs - tracing: Adding NULL checks for trace_array descriptor pointer - bcache: fix a lost wake-up problem caused by mca_cannibalize_lock - RDMA/qedr: Fix potential use after free - RDMA/i40iw: Fix potential use after free - fix dget_parent() fastpath race - xfs: fix attr leaf header freemap.size underflow - RDMA/iw_cgxb4: Fix an error handling path in 'c4iw_connect()' - ubi: Fix producing anchor PEBs - mmc: core: Fix size overflow for mmc partitions - gfs2: clean up iopen glock mess in gfs2_create_inode - scsi: pm80xx: Cleanup command when a reset times out - CIFS: Properly process SMB3 lease breaks - ASoC: max98090: remove msleep in PLL unlocked workaround - kernel/sys.c: avoid copying possible padding bytes in copy_to_user - [arm64,armhf] KVM: vgic: Fix potential double free dist->spis in __kvm_vgic_destroy() - xfs: fix log reservation overflows when allocating large rt extents - neigh_stat_seq_next() should increase position index - rt_cpu_seq_next should increase position index - ipv6_route_seq_next should increase position index - seqlock: Require WRITE_ONCE surrounding raw_seqcount_barrier - sctp: move trace_sctp_probe_path into sctp_outq_sack - [arm64,x86] ACPI: EC: Reference count query handlers under lock - scsi: ufs: Make ufshcd_add_command_trace() easier to read - scsi: ufs: Fix a race condition in the tracing code - [s390x] /cpum_sf: Use kzalloc and minor changes - [powerpc*] eeh: Only dump stack once if an MMIO loop is detected - Bluetooth: btrtl: Use kvmalloc for FW allocations - [armel,armhf] ARM: 8948/1: Prevent OOB access in stacktrace - ar5523: Add USB ID of SMCWUSBT-G2 wireless adapter - ceph: ensure we have a new cap before continuing in fill_inode - Bluetooth: Fix refcount use-after-free issue - mm/swapfile.c: swap_next should increase position index - mm: pagewalk: fix termination condition in walk_pte_range() - Bluetooth: prefetch channel before killing sock - KVM: fix overflow of zero page refcount with ksm running - ALSA: hda: Clear RIRB status before reading WP - skbuff: fix a data race in skb_queue_len() - audit: CONFIG_CHANGE don't log internal bookkeeping as an event - selinux: sel_avc_get_stat_idx should increase position index - scsi: lpfc: Fix RQ buffer leakage when no IOCBs available - scsi: lpfc: Fix coverity errors in fmdi attribute handling - [armhf] drm/omap: fix possible object reference leak - crypto: chelsio - This fixes the kernel panic which occurs during a libkcapi test - mt76: clear skb pointers from rx aggregation reorder buffer during cleanup - ALSA: usb-audio: Don't create a mixer element with bogus volume range - [s390x] perf test: Fix test trace+probe_vfs_getname.sh on s390 - RDMA/rxe: Fix configuration of atomic queue pair attributes - [x86] KVM: x86: fix incorrect comparison in trace event - [x86] pkeys: Add check for pkey "overflow" - bpf: Remove recursion prevention from rcu free callback - [arm64,armhf] dmaengine: tegra-apb: Prevent race conditions on channel's freeing - random: fix data races at timer_rand_state - [arm64] bus: hisi_lpc: Fixup IO ports addresses to avoid use-after-free in host removal - media: go7007: Fix URB type for interrupt handling - Bluetooth: guard against controllers sending zero'd events - timekeeping: Prevent 32bit truncation in scale64_check_overflow() - ext4: fix a data race at inode->i_disksize - mm: avoid data corruption on CoW fault into PFN-mapped VMA - drm/amdgpu: increase atombios cmd timeout - ath10k: use kzalloc to read for ath10k_sdio_hif_diag_read - scsi: aacraid: Disabling TM path and only processing IOP reset - Bluetooth: L2CAP: handle l2cap config request during open state - media: tda10071: fix unsigned sign extension overflow - xfs: don't ever return a stale pointer from __xfs_dir3_free_read - xfs: mark dir corrupt when lookup-by-hash fails - ext4: mark block bitmap corrupted when found instead of BUGON - nfsd: Don't add locks to closed or closing open stateids - RDMA/cm: Remove a race freeing timewait_info - [powerpc*] KVM: PPC: Book3S HV: Treat TM-related invalid form instructions on P9 like the valid ones - [arm64] drm/msm: fix leaks if initialization fails - [arm64] drm/msm/a5xx: Always set an OPP supported hardware value - serial: 8250_port: Don't service RX FIFO if throttled - [powerpc*] cpufreq: powernv: Fix frame-size-overflow in powernv_cpufreq_work_fn - nvme-multipath: do not reset on unknown status - nvme: Fix controller creation races with teardown flow - RDMA/rxe: Set sys_image_guid to be aligned with HW IB devices - scsi: hpsa: correct race condition in offload enabled - SUNRPC: Fix a potential buffer overflow in 'svc_print_xprts()' - svcrdma: Fix leak of transport addresses - PCI: Use ioremap(), not phys_to_virt() for platform ROM - ubifs: Fix out-of-bounds memory access caused by abnormal value of node_len - ALSA: usb-audio: Fix case when USB MIDI interface has more than one extra endpoint descriptor - PCI: pciehp: Fix MSI interrupt race - NFS: Fix races nfs_page_group_destroy() vs nfs_destroy_unlinked_subrequests() - mm/kmemleak.c: use address-of operator on section symbols - mm/filemap.c: clear page error before actual read - mm/vmscan.c: fix data races using kswapd_classzone_idx - nvmet-rdma: fix double free of rdma queue - mm/mmap.c: initialize align_offset explicitly for vm_unmapped_area - scsi: qedi: Fix termination timeouts in session logout - [arm64] serial: uartps: Wait for tx_empty in console setup - [x86] KVM: Remove CREATE_IRQCHIP/SET_PIT2 race - bdev: Reduce time holding bd_mutex in sync in blkdev_close() - [x86] drivers: char: tlclk.c: Avoid data race between init and interrupt handler - [arm64] KVM: vgic-its: Fix memory leak on the error path of vgic_add_lpi() - net: openvswitch: use u64 for meter bucket - scsi: aacraid: Fix error handling paths in aac_probe_one() - staging:r8188eu: avoid skb_clone for amsdu to msdu conversion - [arm64] cpufeature: Relax checks for AArch32 support at EL[0-2] - dt-bindings: sound: wm8994: Correct required supplies based on actual implementaion - atm: fix a memory leak of vcc->user_back - Bluetooth: Handle Inquiry Cancel error after Inquiry Complete - tipc: fix memory leak in service subscripting - [armhf] tty: serial: samsung: Correct clock selection logic - ALSA: hda: Fix potential race in unsol event handler - [powerpc*] traps: Make unrecoverable NMIs die instead of panic - fuse: don't check refcount after stealing page - [powerpc*] scsi: cxlflash: Fix error return code in cxlflash_probe() - [arm64] cpufeature: Drop TraceFilt feature exposure from ID_DFR0 register - e1000: Do not perform reset in reset_task if we are already down - drm/nouveau/debugfs: fix runtime pm imbalance on error - drm/nouveau: fix runtime pm imbalance on error - drm/nouveau/dispnv50: fix runtime pm imbalance on error - printk: handle blank console arguments passed in. - [arm64,armhf] usb: dwc3: Increase timeout for CmdAct cleared by device controller - btrfs: don't force read-only after error in drop snapshot - vfio/pci: fix memory leaks of eventfd ctx - perf trace: Fix the selection for architectures to generate the errno name tables - [arm64,armhf] wlcore: fix runtime pm imbalance in wl1271_tx_work - [arm64,armhf] wlcore: fix runtime pm imbalance in wlcore_regdomain_config - [arm64,armhf] PCI: tegra: Fix runtime PM imbalance on error - ceph: fix potential race in ceph_check_caps - mm/swap_state: fix a data race in swapin_nr_pages - [armel] mtd: parser: cmdline: Support MTD names containing one or more colons - [x86] speculation/mds: Mark mds_user_clear_cpu_buffers() __always_inline - vfio/pci: Clear error and request eventfd ctx after releasing - cifs: Fix double add page to memcg when cifs_readpages - nvme: fix possible deadlock when I/O is blocked - scsi: libfc: Handling of extra kref - scsi: libfc: Skip additional kref updating work event - vfio/pci: fix racy on error and request eventfd ctx - btrfs: qgroup: fix data leak caused by race between writeback and truncate - net: openvswitch: use div_u64() for 64-by-32 divisions - nvme: explicitly update mpath disk capacity on revalidation - [x86] ASoC: Intel: bytcr_rt5640: Add quirk for MPMAN Converter9 2-in-1 - [s390x] init: add missing __init annotations - lockdep: fix order in trace_hardirqs_off_caller() - [amd64] drm/amdkfd: fix a memory leak issue - i2c: core: Call i2c_acpi_install_space_handler() before i2c_acpi_register_devices() - mwifiex: Increase AES key storage size to 256 bits - batman-adv: bla: fix type misuse for backbone_gw hash indexing - atm: eni: fix the missed pci_disable_device() for eni_init_one() - batman-adv: mcast/TT: fix wrongly dropped or rerouted packets - mac802154: tx: fix use-after-free - bpf: Fix clobbering of r2 in bpf_gen_ld_abs - [arm*] drm/vc4/vc4_hdmi: fill ASoC card owner - net: qed: RDMA personality shouldn't fail VF load - batman-adv: Add missing include for in_interrupt() - batman-adv: mcast: fix duplicate mcast packets in BLA backbone from mesh - batman-adv: mcast: fix duplicate mcast packets from BLA backbone to mesh - bpf: Fix a rcu warning for bpffs map pretty-print - [x86] ALSA: asihpi: fix iounmap in error handler - regmap: fix page selection for noinc reads - [x86] KVM: Reset MMU context if guest toggles CR4.SMAP or CR4.PKE - [x86] KVM: SVM: Add a dedicated INVD intercept routine - tracing: fix double free - [s390x] dasd: Fix zero write for FBA devices - kprobes: Fix to check probe enabled before disarm_kprobe_ftrace() - mm, THP, swap: fix allocating cluster for swapfile by mistake - [s390x] zcrypt: Fix ZCRYPT_PERDEV_REQCNT ioctl - ata: define AC_ERR_OK - ata: make qc_prep return ata_completion_errors - ata: sata_mv, avoid trigerrable BUG_ON - [arm64] KVM: Assume write fault on S1PTW permission fault on instruction fetch https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.150 - mmc: sdhci: Workaround broken command queuing on Intel GLK based IRBIS models - USB: gadget: f_ncm: Fix NDP16 datagram validation - vsock/virtio: use RCU to avoid use-after-free on the_virtio_vsock - vsock/virtio: stop workers during the .remove() - vsock/virtio: add transport parameter to the virtio_transport_reset_no_sock() - net: virtio_vsock: Enhance connection semantics - Input: i8042 - add nopnp quirk for Acer Aspire 5 A515 - ftrace: Move RCU is watching check after recursion check - drm/amdgpu: restore proper ref count in amdgpu_display_crtc_set_config - drivers/net/wan/hdlc_fr: Add needed_headroom for PVC devices - [armhf] drm/sun4i: mixer: Extend regmap max_register - net: dec: de2104x: Increase receive ring size for Tulip - rndis_host: increase sleep time in the query-response loop - nvme-core: get/put ctrl and transport module in nvme_dev_open/release() - [x86,ppc64el] drivers/net/wan/hdlc: Set skb->protocol before transmitting - mac80211: do not allow bigger VHT MPDUs than the hardware supports - nvme-fc: fail new connections to a deleted host or remote port - [armhf] pinctrl: mvebu: Fix i2c sda definition for 98DX3236 - nfs: Fix security label length not being reset - [armhf] clk: samsung: exynos4: mark 'chipid' clock as CLK_IGNORE_UNUSED - Input: trackpoint - enable Synaptics trackpoints - random32: Restore __latent_entropy attribute on net_rand_state - mm: replace memmap_context by meminit_context - mm: don't rely on system state to detect hot-plug operations - epoll: do not insert into poll queues until all sanity checks are done - epoll: replace ->visited/visited_list with generation count - epoll: EPOLL_CTL_ADD: close the race in decision to take fast path - ep_create_wakeup_source(): dentry name can change under you... - netfilter: ctnetlink: add a range check for l3/l4 protonum (CVE-2020-25211) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.151 - fbdev, newport_con: Move FONT_EXTRA_WORDS macros into linux/font.h - Fonts: Support FONT_EXTRA_WORDS macros for built-in fonts - fbcon: Fix global-out-of-bounds read in fbcon_get_font() - net: wireless: nl80211: fix out-of-bounds access in nl80211_del_key() - drm/nouveau/mem: guard against NULL pointer access in mem_del - usermodehelper: reset umask to default before executing user process - [x86] platform/x86: intel-vbtn: Fix SW_TABLET_MODE always reporting 1 on the HP Pavilion 11 x360 - [x86] platform/x86: thinkpad_acpi: initialize tp_nvram_state variable - [x86] platform/x86: intel-vbtn: Switch to an allow-list for SW_TABLET_MODE reporting - [x86] platform/x86: thinkpad_acpi: re-initialize ACPI buffer size when reuse - driver core: Fix probe_count imbalance in really_probe() - [x86] i2c: i801: Exclude device from suspend direct complete optimization - [armhf] mtd: rawnand: sunxi: Fix the probe error path - nvme-core: put ctrl ref when module ref get fail - macsec: avoid use-after-free in macsec_handle_frame() - mm/khugepaged: fix filemap page_to_pgoff(page) != offset - xfrmi: drop ignore_df check before updating pmtu - cifs: Fix incomplete memory allocation on setxattr path - [arm64,armhf] i2c: meson: fix clock setting overwrite - [arm64,armhf] i2c: meson: fixup rate calculation with filter delay - sctp: fix sctp_auth_init_hmacs() error path - team: set dev->needed_headroom in team_setup_by_port() - net: team: fix memory leak in __team_options_register - openvswitch: handle DNAT tuple collision - drm/amdgpu: prevent double kfree ttm->sg - xfrm: clone XFRMA_SET_MARK in xfrm_do_migrate - xfrm: clone XFRMA_REPLAY_ESN_VAL in xfrm_do_migrate - xfrm: clone XFRMA_SEC_CTX in xfrm_do_migrate - xfrm: clone whole liftime_cur structure in xfrm_do_migrate - [arm64,armhf] net: stmmac: removed enabling eee in EEE set callback - xfrm: Use correct address family in xfrm_state_find - bonding: set dev->needed_headroom in bond_setup_by_slave() - net: usb: ax88179_178a: fix missing stop entry in driver_info - net/mlx5e: Fix VLAN cleanup flow - net/mlx5e: Fix VLAN create flow - rxrpc: Fix rxkad token xdr encoding - rxrpc: Downgrade the BUG() for unsupported token type in rxrpc_read() - rxrpc: Fix some missing _bh annotations on locking conn->state_lock - rxrpc: Fix server keyring leak - perf: Fix task_function_call() error handling - mmc: core: don't set limits.discard_granularity as 0 - mm: khugepaged: recalculate min_free_kbytes after memory hotplug as expected by khugepaged - net: usb: rtl8150: set random MAC address when set_ethernet_addr() fails https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.152 - Bluetooth: A2MP: Fix not initializing all members (CVE-2020-12352) - Bluetooth: L2CAP: Fix calling sk_filter on non-socket based channel (CVE-2020-12351) - Bluetooth: MGMT: Fix not checking if BT_HS is enabled - Bluetooth: Consolidate encryption handling in hci_encrypt_cfm - Bluetooth: Fix update of connection state in `hci_encrypt_cfm` - Bluetooth: Disconnect if E0 is used for Level 4 - media: usbtv: Fix refcounting mixup - USB: serial: option: add Cellient MPL200 card - USB: serial: option: Add Telit FT980-KS composition - [x86] staging: comedi: check validity of wMaxPacketSize of usb endpoints found - USB: serial: pl2303: add device-id for HP GC device - USB: serial: ftdi_sio: add support for FreeCalypso JTAG+UART adapters - reiserfs: Initialize inode keys properly - reiserfs: Fix oops during mount - [arm*] drivers/net/ethernet/marvell/mvmdio.c: Fix non OF case (Closes: #908712) - [x86] crypto: qat - check cipher length for aead AES-CBC-HMAC-SHA . [ Salvatore Bonaccorso ] * [rt] Update to 4.19.148-rt64 * Bump ABI to 12 * Revert "perf cs-etm: Move definition of 'traceid_list' global variable from header file" linux-latest (105+deb10u8) buster; urgency=medium . * Update to 4.19.0-13 linux-latest (105+deb10u7) buster-security; urgency=high . * Update to 4.19.0-12 linux-signed-amd64 (4.19.160+2) buster; urgency=medium . * Sign kernel from linux 4.19.160-2 . * net: Disable MLX5_ESWITCH on mips and mipsel (Fixes FTBFS) linux-signed-amd64 (4.19.160+1) buster; urgency=medium . * Sign kernel from linux 4.19.160-1 . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.153 - [ppc64el] ibmveth: Switch order of ibmveth_helper calls. - [ppc64el] ibmveth: Identify ingress large send packets. - ipv4: Restore flowi4_oif update before call to xfrm_lookup_route - mlx4: handle non-napi callers to napi_poll - [armhf] net: fec: Fix phy_device lookup for phy_reset_after_clk_enable() - [armhf] net: fec: Fix PHY init after phy_reset_after_clk_enable() - net: fix pos incrementment in ipv6_route_seq_next - net/smc: fix valid DMBE buffer sizes - net: usb: qmi_wwan: add Cellient MPL200 card - tipc: fix the skb_unshare() in tipc_buf_append() - net/ipv4: always honour route mtu during forwarding - r8169: fix data corruption issue on RTL8402 - [arm*] binder: fix UAF when releasing todo list (CVE-2020-0423) - ALSA: bebob: potential info leak in hwdep_read() - net: hdlc: In hdlc_rcv, check to make sure dev is an HDLC device - [x86,ppc64el] net: hdlc_raw_eth: Clear the IFF_TX_SKB_SHARING flag after calling ether_setup - net/sched: act_tunnel_key: fix OOB write in case of IPv6 ERSPAN tunnels - nfc: Ensure presence of NFC_ATTR_FIRMWARE_NAME attribute in nfc_genl_fw_download() - tcp: fix to update snd_wl1 in bulk receiver fast path - r8169: fix operation under forced interrupt threading - icmp: randomize the global rate limiter (CVE-2020-25705) - ALSA: hda/realtek: Enable audio jacks of ASUS D700SA with ALC887 - cifs: remove bogus debug code - cifs: Return the error from crypt_message when enc/dec key not found. - [x86] KVM: x86/mmu: Commit zap of remaining invalid pages when recovering lpages - [x86] KVM: SVM: Initialize prev_ga_tag before use - crypto: algif_aead - Do not set MAY_BACKLOG on the async path - [x86] EDAC/i5100: Fix error handling order in i5100_init_one() - [x86] fpu: Allow multiple bits in clearcpuid= parameter - [arm64] drivers/perf: xgene_pmu: Fix uninitialized resource struct - [x86] nmi: Fix nmi_handle() duration miscalculation - [amd64] x86/events/amd/iommu: Fix sizeof mismatch - crypto: algif_skcipher - EBUSY on aio should be an error - media: tuner-simple: fix regression in simple_set_radio_freq - media: uvcvideo: Set media controller entity functions - media: uvcvideo: Silence shift-out-of-bounds warning - [armhf] media: omap3isp: Fix memleak in isp_probe - [armhf] media: ti-vpe: Fix a missing check and reference count leak - regulator: resolve supply after creating regulator - ath10k: provide survey info as accumulated data - Bluetooth: hci_uart: Cancel init work before unregistering - ath6kl: prevent potential array overflow in ath6kl_add_new_sta() - ath9k: Fix potential out of bounds in ath9k_htc_txcompletion_cb() - ath10k: Fix the size used in a 'dma_free_coherent()' call in an error handling path - [arm64] wcn36xx: Fix reported 802.11n rx_highest rate wcn3660/wcn3680 - [arm64] ASoC: qcom: lpass-platform: fix memory leak - [arm64] ASoC: qcom: lpass-cpu: fix concurrency issue - brcmfmac: check ndev pointer - mwifiex: Do not use GFP_KERNEL in atomic context - [x86] staging: rtl8192u: Do not use GFP_KERNEL in atomic context - [x86] drm/gma500: fix error check - scsi: qla4xxx: Fix an error handling path in 'qla4xxx_get_host_stats()' - scsi: qla2xxx: Fix wrong return value in qla_nvme_register_hba() - scsi: csiostor: Fix wrong return value in csio_hw_prep_fw() - [x86] VMCI: check return value of get_user_pages_fast() for errors - [ppc64el] tty: hvcs: Don't NULL tty->driver_data until hvcs_cleanup() - pty: do tty_flip_buffer_push without port->lock in pty_write - [x86] pwm: lpss: Fix off by one error in base_unit math in pwm_lpss_prepare() - [x86] pwm: lpss: Add range limit check for the base_unit register value - [x86] video: fbdev: vga16fb: fix setting of pixclock because a pass-by-value error - video: fbdev: sis: fix null ptr dereference - video: fbdev: radeon: Fix memleak in radeonfb_pci_register - HID: roccat: add bounds checking in kone_sysfs_write_settings() - [armhf] pinctrl: mcp23s08: Fix mcp23x17_regmap initialiser - [armhf] pinctrl: mcp23s08: Fix mcp23x17 precious range - net/mlx5: Don't call timecounter cyc2time directly from 1PPS flow - [arm64,armhf] net: stmmac: use netif_tx_start|stop_all_queues() function - [arm64] cpufreq: armada-37xx: Add missing MODULE_DEVICE_TABLE - ath6kl: wmi: prevent a shift wrapping bug in ath6kl_wmi_delete_pstream_cmd() - [amd64] misc: mic: scif: Fix error handling path - [arm*] usb: dwc2: Fix parameter type in function pointer prototype - quota: clear padding in v2r1_mem2diskdqb() - HID: hid-input: fix stylus battery reporting - net: enic: Cure the enic api locking trainwreck - [mips*] mfd: sm501: Fix leaks in probe() - iwlwifi: mvm: split a print to avoid a WARNING in ROC - usb: gadget: f_ncm: fix ncm_bitrate for SuperSpeed and above. - usb: gadget: u_ether: enable qmult on SuperSpeed Plus as well - nl80211: fix non-split wiphy information - [arm*] usb: dwc2: Fix INTR OUT transfers in DDMA mode. - scsi: target: tcmu: Fix warning: 'page' may be used uninitialized - scsi: be2iscsi: Fix a theoretical leak in beiscsi_create_eqs() - mwifiex: fix double free - ipvs: clear skb->tstamp in forwarding path - netfilter: nf_log: missing vlan offload tag and proto - mm/memcg: fix device private memcg accounting - mm, oom_adj: don't loop through tasks in __set_oom_adj when not necessary - IB/mlx4: Fix starvation in paravirt mux/demux - IB/mlx4: Adjust delayed work when a dup is observed - [powerpc*] pseries: Fix missing of_node_put() in rng_init() - [powerpc*] icp-hv: Fix missing of_node_put() in success path - RDMA/ucma: Fix locking for ctx->events_reported - RDMA/ucma: Add missing locking around rdma_leave_multicast() - [powerpc*] pseries: explicitly reschedule during drmem_lmb list traversal - mtd: mtdoops: Don't write panic data twice - [armel,armhf] ARM: 9007/1: l2c: fix prefetch bits init in L2X0_AUX_CTRL using DT values - xfs: limit entries returned when counting fsmap records - xfs: fix high key handling in the rt allocator's query_range function - RDMA/qedr: Fix use of uninitialized field - RDMA/qedr: Fix inline size returned for iWARP https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.154 - [powerpc*] 64s/radix: Fix mm_cpumask trimming race vs kthread_use_mm - RDMA/cma: Remove dead code for kernel rdmacm multicast - RDMA/cma: Consolidate the destruction of a cma_multicast in one place - [arm64] RDMA/hns: Set the unsupported wr opcode - [arm64] RDMA/hns: Fix missing sq_sig_type when querying QP - overflow: Include header file with SIZE_MAX declaration - [powerpc*] perf: Exclude pmc5/6 from the irrelevant PMU group constraints - [poerpc*] cpufreq: powernv: Fix frame-size-overflow in powernv_cpufreq_reboot_notifier - IB/rdmavt: Fix sizeof mismatch - f2fs: wait for sysfs kobject removal before freeing f2fs_sb_info - lib/crc32.c: fix trivial typo in preprocessor condition - rapidio: fix error handling path - rapidio: fix the missed put_device() for rio_mport_add_riodev - mailbox: avoid timer start from callback - [arm64,armhf] clk: rockchip: Initialize hw to error to avoid undefined behavior - [arm*] clk: bcm2835: add missing release if devm_clk_hw_register fails - watchdog: Fix memleak in watchdog_cdev_register - watchdog: Use put_device on error - svcrdma: fix bounce buffers for unaligned offsets and multiple pages - ext4: limit entries returned when counting fsmap records - vfio/pci: Clear token on bypass registration failure - [amd64,arm64] vfio iommu type1: Fix memory leak in vfio_iommu_type1_pin_pages - SUNRPC: fix copying of multiple pages in gss_read_proxy_verf() - [armhf] Input: omap4-keypad - fix handling of platform_get_irq() error - [armhf] Input: twl4030_keypad - fix handling of platform_get_irq() error - [armhf] Input: sun4i-ps2 - fix handling of platform_get_irq() error - [x86] KVM: emulating RDPID failure shall return #UD rather than #GP - netfilter: conntrack: connection timeout after re-register - netfilter: nf_fwd_netdev: clear timestamp in forwarding path - [armhf] dts: sun8i: r40: bananapi-m2-ultra: Fix dcdc1 regulator - [armhf] memory: omap-gpmc: Fix a couple off by ones - [powerpc*] powernv/dump: Fix race while processing OPAL dump - nvmet: fix uninitialized work for zero kato - [x86,arm64] i2c: core: Restore acpi_walk_dep_device_list() getting called after registering the ACPI i2c devs - block: ratelimit handle_bad_sector() message - [x86] crypto: ccp - fix error handling - media: firewire: fix memory leak - media: ati_remote: sanity check for both endpoints - media: media/pci: prevent memory leak in bttv_probe - media: uvcvideo: Ensure all probed info is returned to v4l2 - mmc: sdio: Check for CISTPL_VERS_1 buffer size - media: saa7134: avoid a shift overflow - fs: dlm: fix configfs memory leak - [arm64] media: venus: core: Fix runtime PM imbalance in venus_probe - ip_gre: set dev->hard_header_len and dev->needed_headroom properly - mac80211: handle lack of sband->bitrates in rates - PM: hibernate: remove the bogus call to get_gendisk() in software_resume() - scsi: mvumi: Fix error return in mvumi_io_attach() - scsi: target: core: Add CONTROL field for trace events - [amd64] mic: vop: copy data to kernel space then write to io memory - [amd64] misc: vop: add round_up(x,4) for vring_size to avoid kernel panic - usb: gadget: function: printer: fix use-after-free in __lock_acquire - udf: Limit sparing table size - udf: Avoid accessing uninitialized data on failed inode read - USB: cdc-acm: handle broken union descriptors - [arm64,armhf] usb: dwc3: simple: add support for Hikey 970 - [armhf] can: flexcan: flexcan_chip_stop(): add error handling and propagate error value - ath9k: hif_usb: fix race condition between usb_get_urb() and usb_kill_anchored_urbs() - misc: rtsx: Fix memory leak in rtsx_pci_probe - reiserfs: only call unlock_new_inode() if I_NEW - xfs: make sure the rt allocator doesn't run off the end - usb: ohci: Default to per-port over-current protection - Bluetooth: Only mark socket zapped after unlocking - [ppc64el] scsi: ibmvfc: Fix error return in ibmvfc_probe() - brcmsmac: fix memory leak in wlc_phy_attach_lcnphy - rtl8xxxu: prevent potential memory leak - Fix use after free in get_capset_info callback. - scsi: qedi: Protect active command list to avoid list corruption - scsi: qedi: Fix list_del corruption while removing active I/O - [x86] tty: ipwireless: fix error handling - ipvs: Fix uninit-value in do_ip_vs_set_ctl() - reiserfs: Fix memory leak in reiserfs_parse_options() - mwifiex: don't call del_timer_sync() on uninitialized timer - brcm80211: fix possible memleak in brcmf_proto_msgbuf_attach - usb: core: Solve race condition in anchor cleanup functions - ath10k: check idx validity in __ath10k_htt_rx_ring_fill_n() - usb: cdc-acm: add quirk to blacklist ETAS ES58X devices - USB: cdc-wdm: Make wdm_flush() interruptible and add wdm_fsync(). - eeprom: at25: set minimum read/write access stride to 1 - usb: gadget: f_ncm: allow using NCM in SuperSpeed Plus gadgets. https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.155 - scripts/setlocalversion: make git describe output more reliable - [arm64] Run ARCH_WORKAROUND_1 enabling code on all CPUs - [arm64] link with -z norelro regardless of CONFIG_RELOCATABLE - [x86,arm64,armhf] efivarfs: Replace invalid slashes with exclamation marks in dentries. - gtp: fix an use-before-init in gtp_newlink() - netem: fix zero division in tabledist - tcp: Prevent low rmem stalls with SO_RCVLOWAT. - tipc: fix memory leak caused by tipc_buf_append() - r8169: fix issue with forced threading in combination with shared interrupts - cxgb4: set up filter action after rewrites - [x86] arch/x86/amd/ibs: Fix re-arming IBS Fetch - [x86] xen: disable Firmware First mode for correctable memory errors - fuse: fix page dereference after free - bpf: Fix comment for helper bpf_current_task_under_cgroup() - p54: avoid accessing the data mapped to streaming DMA - [powerpc*] cxl: Rework error message for incompatible slots - RDMA/addr: Fix race with netevent_callback()/rdma_addr_cancel() - mtd: lpddr: Fix bad logic in print_drs_error - [arm*] serial: pl011: Fix lockdep splat when handling magic-sysrq interrupt - fscrypt: return -EXDEV for incompatible rename or link into encrypted dir - fscrypt: clean up and improve dentry revalidation - fscrypt: fix race allowing rename() and link() of ciphertext dentries - fs, fscrypt: clear DCACHE_ENCRYPTED_NAME when unaliasing directory - fscrypt: only set dentry_operations on ciphertext dentries - fscrypt: fix race where ->lookup() marks plaintext dentry as ciphertext - Revert "block: ratelimit handle_bad_sector() message" - xen/events: don't use chip_data for legacy IRQs - xen/events: avoid removing an event channel while handling it (CVE-2020-27675) - xen/events: add a proper barrier to 2-level uevent unmasking (CVE-2020-27673) - xen/events: fix race in evtchn_fifo_unmask() (CVE-2020-27673) - xen/events: add a new "late EOI" evtchn framework (CVE-2020-27673) - xen/blkback: use lateeoi irq binding (CVE-2020-27673) - xen/netback: use lateeoi irq binding (CVE-2020-27673) - xen/scsiback: use lateeoi irq binding (CVE-2020-27673) - xen/pvcallsback: use lateeoi irq binding (CVE-2020-27673) - xen/pciback: use lateeoi irq binding (CVE-2020-27673) - xen/events: switch user event channels to lateeoi model (CVE-2020-27673) - xen/events: use a common cpu hotplug hook for event channels (CVE-2020-27673) - xen/events: defer eoi in case of excessive number of events (CVE-2020-27673) - xen/events: block rogue events for some time (CVE-2020-27673) - RDMA/qedr: Fix memory leak in iWARP CM - ata: sata_nv: Fix retrieving of active qcs - futex: Fix incorrect should_fail_futex() handling - [powerpc*] powernv/smp: Fix spurious DBG() warning - mm: fix exec activate_mm vs TLB shootdown and lazy tlb switching race - [powerpc*] select ARCH_WANT_IRQS_OFF_ACTIVATE_MM - f2fs: add trace exit in exception path - f2fs: fix uninit-value in f2fs_lookup - f2fs: fix to check segment boundary during SIT page readahead - [armel,armhf] 8997/2: hw_breakpoint: Handle inexact watchpoint addresses - power: supply: bq27xxx: report "not charging" on all types - xfs: fix realtime bitmap/summary file truncation when growing rt volume - ath10k: fix VHT NSS calculation when STBC is enabled - media: videodev2.h: RGB BT2020 and HSV are always full range - [x86] usb: typec: tcpm: During PR_SWAP, source caps should be sent only after tSwapSourceStart - media: tw5864: check status of tw5864_frameinterval_get - mmc: via-sdmmc: Fix data race bug - [arm64] topology: Stop using MPIDR for topology information - media: uvcvideo: Fix dereference of out-of-bound list iterator - USB: adutux: fix debugging - uio: free uio id after uio file node is freed - usb: xhci: omit duplicate actions when suspending a runtime suspended host. - [arm64] mm: return cpu_all_mask when node is NUMA_NO_NODE - xfs: don't free rt blocks when we're doing a REMAP bunmapi call - ACPI: Add out of bounds and numa_off protections to pxm_to_node() - drivers/net/wan/hdlc_fr: Correctly handle special skb->protocol values - btrfs: fix replace of seed device - md/bitmap: md_bitmap_get_counter returns wrong blocks - bnxt_en: Log unknown link speed appropriately. - [arm64] rpmsg: glink: Use complete_all for open states - [armhf] clk: ti: clockdomain: fix static checker warning - net: 9p: initialize sun_server.sun_path to have addr's value only when addr is valid - ext4: Detect already used quota file early - gfs2: add validation checks for size of superblock - cifs: handle -EINTR in cifs_setattr - [armhf] memory: emif: Remove bogus debugfs error handling - nbd: make the config put is called before the notifying the waiter - sgl_alloc_order: fix memory leak - nvme-rdma: fix crash when connect rejected - md/raid5: fix oops during stripe resizing - [x86,arm64] mmc: sdhci-acpi: AMDI0040: Set SDHCI_QUIRK2_PRESET_VALUE_BROKEN - [x86] perf/x86/amd/ibs: Don't include randomized bits in get_ibs_op_count() - [x86] perf/x86/amd/ibs: Fix raw sample data accumulation - media: uvcvideo: Fix uvc_ctrl_fixup_xu_info() not having any effect - fs: Don't invalidate page buffers in block_write_full_page() - NFS: fix nfs_path in case of a rename retry - ACPI: button: fix handling lid state changes when input device closed - [x86] ACPI / extlog: Check for RDMSR failure (Closes: #971058) - [x86] ACPI: video: use ACPI backlight for HP 635 Notebook - [x86] acpi-cpufreq: Honor _PSD table setting on new AMD CPUs - scsi: mptfusion: Fix null pointer dereferences in mptscsih_remove() - scsi: qla2xxx: Fix crash on session cleanup with unload - btrfs: qgroup: fix wrong qgroup metadata reserve for delayed inode - btrfs: improve device scanning messages - btrfs: reschedule if necessary when logging directory items - btrfs: send, recompute reference path after orphanization of a directory - btrfs: use kvzalloc() to allocate clone_roots in btrfs_ioctl_send() - btrfs: cleanup cow block on error - btrfs: fix use-after-free on readahead extent after failure to create it - usb: xhci: Workaround for S3 issue on AMD SNPS 3.0 xHC - [arm64,armhf] usb: dwc3: ep0: Fix ZLP for OUT ep0 requests - [arm64,armhf] usb: dwc3: gadget: Check MPS of the request length - [arm64,armhf] usb: dwc3: core: add phy cleanup for probe error handling - [arm64,armhf] usb: dwc3: core: don't trigger runtime pm when remove driver - usb: cdc-acm: fix cooldown mechanism - [x86] usb: typec: tcpm: reset hard_reset_count for any disconnect - [x86] drm/i915: Force VT'd workarounds when running as a guest OS - vt: keyboard, simplify vt_kdgkbsent - vt: keyboard, extend func_buf_lock to readers (CVE-2020-25656) - HID: wacom: Avoid entering wacom_wac_pen_report for pad / battery - udf: Fix memory leak when mounting - [powerpc*] drmem: Make lmb_size 64 bit - [s390x] stp: add locking to sysfs functions - [powerpc*] rtas: Restrict RTAS requests from userspace (CVE-2020-27777) - [powerpc*] Warn about use of smt_snooze_delay - [powerpc*] powernv/elog: Fix race while processing OPAL error log event. - [powerpc*] Fix undetected data corruption with P9N DD2.1 VSX CI load emulation - NFSv4.2: support EXCHGID4_FLAG_SUPP_FENCE_OPS 4.2 EXCHANGE_ID flag - NFSD: Add missing NFSv2 .pc_func methods - ubifs: dent: Fix some potential memory leaks while iterating entries - perf python scripting: Fix printable strings in python3 scripts - ubi: check kthread_should_stop() after the setting of task state - [armhf] i2c: imx: Fix external abort on interrupt in exit paths - drm/amdgpu: don't map BO in reserved region - ceph: promote to unsigned long long before shifting - libceph: clear con->out_msg on Policy::stateful_server faults - 9P: Cast to loff_t before multiplying - ring-buffer: Return 0 on success from ring_buffer_resize() - [amd64] vringh: fix __vringh_iov() when riov and wiov are different - ext4: fix leaking sysfs kobject after failed mount - ext4: fix error handling code in add_new_gdb - ext4: fix invalid inode checksum - drm/ttm: fix eviction valuable range check. - tty: make FONTX ioctl use the tty pointer they were actually passed (CVE-2020-25668) - cachefiles: Handle readpage error correctly - device property: Keep secondary firmware node secondary by type - device property: Don't clear secondary pointer for shared primary firmware node - [arm64] KVM: Fix AArch32 handling of DBGD{CCINT,SCRext} and DBGVCR - [x86] staging: comedi: cb_pcidas: Allow 2-channel commands for AO subdevice - [mips*] staging: octeon: repair "fixed-link" support - [mips*] staging: octeon: Drop on uncorrectable alignment or FCS error https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.156 - [x86] drm/i915: Break up error capture compression loops with cond_resched() - tipc: fix use-after-free in tipc_bcast_get_mode - ptrace: fix task_join_group_stop() for the case when current is traced - [arm64] cadence: force nonlinear buffers to be cloned - net: usb: qmi_wwan: add Telit LE910Cx 0x1230 composition - sctp: Fix COMM_LOST/CANT_STR_ASSOC err reporting on big-endian platforms - [arm64,armhf] sfp: Fix error handing in sfp_probe() - blktrace: fix debugfs use after free (CVE-2019-19770) - btrfs: extent_io: Kill the forward declaration of flush_write_bio - btrfs: extent_io: Move the BUG_ON() in flush_write_bio() one level up - Revert "btrfs: flush write bio if we loop in extent_write_cache_pages" - btrfs: flush write bio if we loop in extent_write_cache_pages - btrfs: extent_io: Handle errors better in extent_write_full_page() - btrfs: extent_io: Handle errors better in btree_write_cache_pages() - btrfs: extent_io: add proper error handling to lock_extent_buffer_for_io() - Btrfs: fix unwritten extent buffers and hangs on future writeback attempts - btrfs: Don't submit any btree write bio if the fs has errors (CVE-2019-19039, CVE-2019-19377) - btrfs: Move btrfs_check_chunk_valid() to tree-check.[ch] and export it - btrfs: tree-checker: Make chunk item checker messages more readable - btrfs: tree-checker: Make btrfs_check_chunk_valid() return EUCLEAN instead of EIO - btrfs: tree-checker: Check chunk item at tree block read time - btrfs: tree-checker: Verify dev item - btrfs: tree-checker: Fix wrong check on max devid - btrfs: tree-checker: Enhance chunk checker to validate chunk profile (CVE-2019-19816) - btrfs: tree-checker: Verify inode item - btrfs: tree-checker: fix the error message for transid error - Fonts: Replace discarded const qualifier - ALSA: usb-audio: Add implicit feedback quirk for Zoom UAC-2 - ALSA: usb-audio: add usb vendor id as DSD-capable for Khadas devices - ALSA: usb-audio: Add implicit feedback quirk for Qu-16 - ALSA: usb-audio: Add implicit feedback quirk for MODX - mm: mempolicy: fix potential pte_unmap_unlock pte error - kthread_worker: prevent queuing delayed work from timer_fn when it is being canceled - mm: always have io_remap_pfn_range() set pgprot_decrypted() - gfs2: Wake up when sd_glock_disposal becomes zero - ring-buffer: Fix recursion protection transitions between interrupt context - ftrace: Fix recursion check for NMI test - ftrace: Handle tracing when switching between context - tracing: Fix out of bounds write in get_trace_buf - futex: Handle transient "ownerless" rtmutex state correctly - [amd64] x86/kexec: Use up-to-dated screen_info copy to fill boot params - of: Fix reserved-memory overlap detection - blk-cgroup: Fix memleak on error path - blk-cgroup: Pre-allocate tree node on blkg_conf_prep - scsi: core: Don't start concurrent async scan on same host - vsock: use ns_capable_noaudit() on socket create - [arm*] drm/vc4: drv: Add error handding for bind - [amd64,arm64] ACPI: NFIT: Fix comparison to '-ENXIO' - vt: Disable KD_FONT_OP_COPY (CVE-2020-28974) - fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent - USB: serial: cyberjack: fix write-URB completion race - USB: serial: option: add Quectel EC200T module support - USB: serial: option: add LE910Cx compositions 0x1203, 0x1230, 0x1231 - USB: serial: option: add Telit FN980 composition 0x1055 - USB: Add NO_LPM quirk for Kingston flash drive - PM: runtime: Resume the device earlier in __device_release_driver() - perf/core: Fix a memory leak in perf_event_parse_addr_filter() (CVE-2020-25704) - tools: perf: Fix build error in v4.19.y - [arm64,armhf] net: dsa: read mac address from DT for slave device - [arm64] dts: marvell: espressobin: Add ethernet switch aliases https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.157 - [x86] powercap: restrict energy meter to root access (CVE-2020-8694) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.158 - regulator: defer probe when trying to get voltage from unresolved supply - time: Prevent undefined behaviour in timespec64_to_ns() - nbd: don't update block size after device is started - [arm64,armhf] usb: dwc3: gadget: Continue to process pending requests - [arm64,armhf] usb: dwc3: gadget: Reclaim extra TRBs after request completion - btrfs: sysfs: init devices outside of the chunk_mutex - btrfs: reschedule when cloning lots of extents - [x86] hv_balloon: disable warning when floor reached - net: xfrm: fix a race condition during allocing spi - xfs: set xefi_discard when creating a deferred agfl free log intent item - netfilter: ipset: Update byte and packet counters regardless of whether they match - perf tools: Add missing swap for ino_generation - [x86] ALSA: hda: prevent undefined shift in snd_hdac_ext_bus_get_link() - can: rx-offload: don't call kfree_skb() from IRQ context - can: dev: can_get_echo_skb(): prevent call to kfree_skb() in hard IRQ context - can: dev: __can_get_echo_skb(): fix real payload length return value for RTR frames - can: can_create_echo_skb(): fix echo skb generation: always use skb_clone() - can: peak_usb: add range checking in decode operations - can: peak_usb: peak_usb_get_ts_time(): fix timestamp wrapping - can: peak_canfd: pucan_handle_can_rx(): fix echo management when loopback is on - [armhf] can: flexcan: remove FLEXCAN_QUIRK_DISABLE_MECR quirk for LS1021A - xfs: flush new eof page on truncate to avoid post-eof corruption - [arm64,x86] tpm: efi: Don't create binary_bios_measurements file for an empty log - Btrfs: fix missing error return if writeback for extent buffer never started - ath9k_htc: Use appropriate rs_datalen type - netfilter: use actual socket sk rather than skb sk when routing harder - gfs2: Free rd_bits later in gfs2_clear_rgrpd to fix use-after-free - gfs2: Add missing truncate_inode_pages_final for sd_aspace - gfs2: check for live vs. read-only file system in gfs2_fitrim - scsi: hpsa: Fix memory leak in hpsa_init_one() - drm/amdgpu: perform srbm soft reset always on SDMA resume - mac80211: fix use of skb payload instead of header - cfg80211: regulatory: Fix inconsistent format argument - scsi: scsi_dh_alua: Avoid crash during alua_bus_detach() - [s390x] smp: move rcu_cpu_starting() earlier - [x86] tpm_tis: Disable interrupts on ThinkPad T490s - tick/common: Touch watchdog in tick_unfreeze() on all CPUs - [x86] pinctrl: intel: Set default bias in case no particular value given - [armel,armhf] 9019/1: kprobes: Avoid fortify_panic() when copying optprobe template - nbd: fix a block_device refcount leak in nbd_release - xfs: fix flags argument to rmap lookup when converting shared file rmaps - xfs: fix rmap key and record comparison functions - lan743x: fix "BUG: invalid wait context" when setting rx mode - xfs: fix a missing unlock on error in xfs_fs_map_blocks - of/address: Fix of_node memory leak in of_dma_is_coherent - [i386] cosa: Add missing kfree in error path of cosa_write - perf: Fix get_recursion_context() - ext4: correctly report "not supported" for {usr,grp}jquota when !CONFIG_QUOTA - ext4: unlock xattr_sem properly in ext4_inline_data_truncate() - btrfs: dev-replace: fail mount if we don't have replace item with target device - [x86] thunderbolt: Fix memory leak if ida_simple_get() fails in enumerate_services() - [x86] thunderbolt: Add the missed ida_simple_remove() in ring_request_msix() - uio: Fix use-after-free in uio_unregister_device() - usb: cdc-acm: Add DISABLE_ECHO for Renesas USB Download mode - futex: Don't enable IRQs unconditionally in put_pi_state() - ocfs2: initialize ip_next_orphan - btrfs: fix potential overflow in cluster_pages_for_defrag on 32bit arch - selinux: Fix error return code in sel_ib_pkey_sid_slow() - gpio: pcie-idio-24: Fix irq mask when masking - gpio: pcie-idio-24: Fix IRQ Enable Register value - gpio: pcie-idio-24: Enable PEX8311 interrupts - don't dump the threads that had been already exiting when zapped. - [x86] drm/gma500: Fix out-of-bounds access to struct drm_device.vblank[] - pinctrl: amd: use higher precision for 512 RtcClk - pinctrl: amd: fix incorrect way to disable debounce filter - swiotlb: fix "x86: Don't panic if can not alloc buffer for swiotlb" - IPv6: Set SIT tunnel hard_header_len to zero - [s390x] net/af_iucv: fix null pointer dereference on shutdown - net: Update window_clamp if SOCK_RCVBUF is set - tipc: fix memory leak in tipc_topsrv_start() - vrf: Fix fast path output packet handling with async Netfilter rules - r8169: fix potential skb double free in an error path - random32: make prandom_u32() output unpredictable - [x86] speculation: Allow IBPB to be conditionally enabled on CPUs with always-on STIBP - perf/core: Fix race in the perf_mmap_close() function (CVE-2020-14351) - Revert "kernel/reboot.c: convert simple_strtoul to kstrtoint" - reboot: fix overflow parsing reboot cpu number - net: sch_generic: fix the missing new qdisc assignment bug - Convert trailing spaces and periods in path components https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.159 - [powerpc*] 64s: move some exception handlers out of line - [powerpc*] 64s: flush L1D on kernel entry (CVE-2020-4788) - [powerpc*] Add a framework for user access tracking - [powerpc*] Implement user_access_begin and friends - [powerpc*] Fix __clear_user() with KUAP enabled - [powerpc*] uaccess: Evaluate macro arguments once, before user access is allowed - [powerpc*] 64s: flush L1D after user accesses (CVE-2020-4788) - Revert "perf cs-etm: Move definition of 'traceid_list' global variable from header file" - Input: sunkbd - avoid use-after-free in teardown paths (CVE-2020-25669) - mac80211: always wind down STA state - can: proc: can_remove_proc(): silence remove_proc_entry warning - [x86] KVM: x86: clflushopt should be treated as a no-op by emulation - [arm64] ACPI: GED: fix -Wformat https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.160 - ah6: fix error return code in ah6_input() - atm: nicstar: Unmap DMA on send error - bnxt_en: read EEPROM A2h address using page 0 - devlink: Add missing genlmsg_cancel() in devlink_nl_sb_port_pool_fill() - inet_diag: Fix error path to cancel the meseage in inet_req_diag_fill() - lan743x: fix issue causing intermittent kernel log warnings - lan743x: prevent entire kernel HANG on open, for some platforms - net: b44: fix error return code in b44_init_one() - net: bridge: add missing counters to ndo_get_stats64 callback - [arm64,armhf] net: dsa: mv88e6xxx: Avoid VTU corruption on 6097 - net: Have netpoll bring-up DSA management interface - net/mlx4_core: Fix init_hca fields offset - page_frag: Recover from memory pressure - qed: fix error return code in qed_iwarp_ll2_start() - qlcnic: fix error return code in qlcnic_83xx_restart_hw() - sctp: change to hold/put transport for proto_unreach_timer - tcp: only postpone PROBE_RTT if RTT is < current min_rtt estimate - [arm64,armhf] net/mlx5: Disable QoS when min_rates on all VFs are zero - net: usb: qmi_wwan: Set DTR quirk for MR400 - [arm64,armhf] pinctrl: rockchip: enable gpio pclk for rockchip_gpio_to_irq - scsi: ufs: Fix unbalanced scsi_block_reqs_cnt caused by ufshcd_hold() - [x86] ACPI: button: Add DMI quirk for Medion Akoya E2228T - [arm64] psci: Avoid printing in cpu_psci_cpu_die() - vfs: remove lockdep bogosity in __sb_start_write - [arm64] dts: allwinner: a64: Pine64 Plus: Fix ethernet node - [arm64] dts: allwinner: h5: OrangePi PC2: Fix ethernet node - [armhf] dts: sun8i: r40: bananapi-m2-ultra: Fix ethernet node - [armhf] Revert "arm: sun8i: orangepi-pc-plus: Set EMAC activity LEDs to active high" - [armhf] dts: sun8i: h3: orangepi-plus2e: Enable RGMII RX/TX delay on Ethernet PHY - [armhf] dts: sun8i: a83t: Enable both RGMII RX/TX delay on Ethernet PHY - [arm64] dts: allwinner: a64: bananapi-m64: Enable RGMII RX/TX delay on PHY - [mips*] export has_transparent_hugepage() for modules - [arm64] dts: allwinner: h5: OrangePi Prime: Fix ethernet node - perf lock: Don't free "lock_seq_stat" if read_count isn't zero - ip_tunnels: Set tunnel option flag when tunnel metadata is present - can: af_can: prevent potential access of uninitialized member in can_rcv() - can: af_can: prevent potential access of uninitialized member in canfd_rcv() - can: dev: can_restart(): post buffer from the right context - can: mcba_usb: mcba_usb_start_xmit(): first fill skb, then pass to can_put_echo_skb() - can: peak_usb: fix potential integer overflow on shift of a int - [arm64] ASoC: qcom: lpass-platform: Fix memory leak - [arm64,armhf] drm/sun4i: dw-hdmi: fix error return code in sun8i_dw_hdmi_bind() - can: kvaser_usb: kvaser_usb_hydra: Fix KCAN bittiming limits - [armhf] regulator: ti-abb: Fix array out of bound read access on the first transition - xfs: revert "xfs: fix rmap key and record comparison functions" - [amd64] efi/x86: Free efi_pgd with free_pages() - libfs: fix error cast of negative value in simple_attr_write() - speakup: Do not let the line discipline be used several times (CVE-2020-28941) - ALSA: firewire: Clean up a locking issue in copy_resp_to_buf() - ALSA: usb-audio: Add delay quirk for all Logitech USB devices - ALSA: ctl: fix error path at adding user-defined element set - ALSA: mixart: Fix mutex deadlock - ALSA: hda/realtek: Add some Clove SSID in the ALC293(ALC1220) - [armhf] tty: serial: imx: keep console clocks always on - [arm64,armhf,x86] efivarfs: fix memory leak in efivarfs_create() - [arm64,x86] staging: rtl8723bs: Add 024c:0627 to the list of SDIO device-ids - ext4: fix bogus warning in ext4_update_dx_flag() - [x86] iio: accel: kxcjk1013: Replace is_smo8500_device with an acpi_type enum - [x86] iio: accel: kxcjk1013: Add support for KIOX010A ACPI DSM for setting tablet-mode - [armhf] regulator: pfuze100: limit pfuze-support-disable-sw to pfuze{100,200} - regulator: fix memory leak with repeated set_machine_constraints() - regulator: avoid resolve_supply() infinite recursion - regulator: workaround self-referent regulators - mac80211: minstrel: remove deferred sampling code - mac80211: minstrel: fix tx status processing corner case - mac80211: free sta in sta_info_insert_finish() on errors - [s390x] cpum_sf.c: fix file permission for cpum_sfb_size - [s390x] dasd: fix null pointer dereference for ERP requests - ptrace: Set PF_SUPERPRIV when checking capability - seccomp: Set PF_SUPERPRIV when checking capability - [x86] microcode/intel: Check patch signature before saving microcode for early loading - mm/userfaultfd: do not access vma->vm_mm after calling handle_userfault() . [ Salvatore Bonaccorso ] * net: Enable NET_SWITCHDEV; disable on armel/marvell (Closes: #949863) * Bump ABI to 13 * [rt] Update to 4.19.152-rt65 * [rt] Refresh "mm: Protect activate_mm() by preempt_[disable&enable]_rt()" * [rt] Refresh "kthread: convert worker lock to raw spinlock" * [rt] Refresh "signals: Allow rt tasks to cache one sigqueue struct" * [rt] Refresh "tpm_tis: fix stall after iowrite*()s" * [rt] Refresh "futex: Delay deallocation of pi_state" * [rt] Refresh "futex: Make the futex_hash_bucket spinlock_t again" * [rt] Update to 4.19.152-rt66 - mm/memcontrol: Disable preemption in __mod_memcg_lruvec_state() - ptrace: fix ptrace_unfreeze_traced() race with rt-lock * [rt] Update to 4.19.160-rt69 . [ Noah Meyerhans ] * Backport upstream fix for PCI bridge firmware configuration preservation (Closes: #968623) . [ John L. Villalovos ] * Backport support for USB Host Controllers with local memory to avoid crashes. In particular the Renesas USB 3.0 controller (PD720201/PD720202) which is used on the Ampere's Mt Jade platform which is part of their Altra product line: - lib/genalloc: add gen_pool_dma_zalloc() for zeroed DMA allocations - USB: use genalloc for USB HCs with local memory - USB: drop HCD_LOCAL_MEM flag - usb: don't create dma pools for HCDs with a localmem_pool - usb: add a hcd_uses_dma helper - usb: host: ohci-sm501: init genalloc for local memory - usb/hcd: Fix a NULL vs IS_ERR() bug in usb_hcd_setup_local_mem() * [arm64] config/arm64/config: Set NODES_SHIFT to 4 . [ Yves-Alexis Perez ] * usbnet: ipheth: fix connectivity with iOS 14 linux-signed-amd64 (4.19.152+1) buster-security; urgency=high . * Sign kernel from linux 4.19.152-1 . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.147 - [arm64,armhf] dsa: Allow forwarding of redirected IGMP traffic - scsi: qla2xxx: Update rscn_rcvd field to more meaningful scan_needed - scsi: qla2xxx: Move rport registration out of internal work_list - scsi: qla2xxx: Reduce holding sess_lock to prevent CPU lock-up - net: handle the return value of pskb_carve_frag_list() correctly - [x86] hv_netvsc: Remove "unlikely" from netvsc_select_queue - NFSv4.1 handle ERR_DELAY error reclaiming locking state on delegation recall - scsi: pm8001: Fix memleak in pm8001_exec_internal_task_abort - scsi: libfc: Fix for double free() - scsi: lpfc: Fix FLOGI/PLOGI receive race condition in pt2pt discovery - [arm64] regulator: pwm: Fix machine constraints application - NFS: Zero-stateid SETATTR should first return delegation - SUNRPC: stop printk reading past end of string - nvme-fc: cancel async events before freeing event struct - nvme-rdma: cancel async events before freeing event struct - f2fs: fix indefinite loop scanning for free nid - f2fs: Return EOF on unaligned end of file DIO read - i2c: algo: pca: Reapply i2c bus settings after reset - spi: Fix memory leak on splited transfers - [arm64,armhf] clk: rockchip: Fix initialization of mux_pll_src_4plls_p - [arm64] ASoC: qcom: Set card->owner to avoid warnings - [x86] Drivers: hv: vmbus: Add timeout to vmbus_wait_for_unload - fbcon: Fix user font detection test at fbcon_resize(). - USB: quirks: Add USB_QUIRK_IGNORE_REMOTE_WAKEUP quirk for BYD zhaoxin notebook - USB: UAS: fix disconnect by unplugging a hub - usblp: fix race between disconnect() and read() - [x86] i2c: i801: Fix resume bug - Revert "ALSA: hda - Fix silent audio output and corrupted input on MSI X570-A PRO" - percpu: fix first chunk size calculation for populated bitmap - Input: trackpoint - add new trackpoint variant IDs - serial: 8250_pci: Add Realtek 816a and 816b - ehci-hcd: Move include to keep CRC stable - [powerpc*] dma: Fix dma_map_ops::get_required_mask https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.148 - af_key: pfkey_dump needs parameter validation - KVM: fix memory leak in kvm_io_bus_unregister_dev() - kprobes: fix kill kprobe which has been marked as gone - mm/thp: fix __split_huge_pmd_locked() for migration PMD - cxgb4: Fix offset when clearing filter byte counters - geneve: add transport ports in route lookup for geneve (CVE-2020-25645) - [x86,ppc64el] hdlc_ppp: add range checks in ppp_cp_parse_cr() (CVE-2020-25643) - ip: fix tos reflection in ack and reset packets - ipv6: avoid lockdep issue in fib6_del() - net: DCB: Validate DCB_ATTR_DCB_BUFFER argument - net: ipv6: fix kconfig dependency warning for IPV6_SEG6_HMAC - net: sch_generic: aviod concurrent reset and enqueue op for lockless qdisc - nfp: use correct define to return NONE fec - tipc: Fix memory leak in tipc_group_create_member() - tipc: fix shutdown() of connection oriented socket - tipc: use skb_unshare() instead in tipc_buf_append() - bnxt_en: return proper error codes in bnxt_show_temp - bnxt_en: Protect bnxt_set_eee() and bnxt_set_pauseparam() with mutex. - net: phy: Avoid NPD upon phy_detach() when driver is unbound - net: add __must_check to skb_put_padto() - ipv4: Update exception handling for multipath routes via same device - kbuild: add OBJSIZE variable for the size tool - mm: memcg: fix memcg reclaim soft lockup - tcp_bbr: refactor bbr_target_cwnd() for general inflight provisioning - tcp_bbr: adapt cwnd based on ack aggregation estimation - serial: 8250: Avoid error message on reprobe https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.149 - selinux: allow labeling before policy is loaded - media: mc-device.c: fix memleak in media_device_register_entity - dma-fence: Serialise signal enabling (dma_fence_enable_sw_signaling) - ath10k: fix array out-of-bounds access - ath10k: fix memory leak for tpc_stats_final - mm: fix double page fault on arm64 if PTE_AF is cleared - scsi: aacraid: fix illegal IO beyond last LBA - [x86] gma/gma500: fix a memory disclosure bug due to uninitialized bytes - [armel,armhf] ASoC: kirkwood: fix IRQ error handling - [amd64] arch/x86/lib/usercopy_64.c: fix __copy_user_flushcache() cache writeback - [x86] ioapic: Unbreak check_timer() - ALSA: usb-audio: Add delay quirk for H570e USB headsets - ALSA: hda/realtek - Couldn't detect Mic if booting with headset plugged - ALSA: hda/realtek: Enable front panel headset LED on Lenovo ThinkStation P520 - lib/string.c: implement stpcpy - [armhf] PM / devfreq: tegra30: Fix integer overflow on CPU's freq max out - [x86] scsi: fnic: fix use after free - scsi: lpfc: Fix kernel crash at lpfc_nvme_info_show during remote port bounce - net: silence data-races on sk_backlog.tail - [armhf] clk/ti/adpll: allocate room for terminating null - mtd: cfi_cmdset_0002: don't free cfi->cfiq in error path of cfi_amdstd_setup() - mfd: mfd-core: Protect against NULL call-back function pointer - [x86] tpm_crb: fix fTPM on AMD Zen+ CPUs - tracing: Adding NULL checks for trace_array descriptor pointer - bcache: fix a lost wake-up problem caused by mca_cannibalize_lock - RDMA/qedr: Fix potential use after free - RDMA/i40iw: Fix potential use after free - fix dget_parent() fastpath race - xfs: fix attr leaf header freemap.size underflow - RDMA/iw_cgxb4: Fix an error handling path in 'c4iw_connect()' - ubi: Fix producing anchor PEBs - mmc: core: Fix size overflow for mmc partitions - gfs2: clean up iopen glock mess in gfs2_create_inode - scsi: pm80xx: Cleanup command when a reset times out - CIFS: Properly process SMB3 lease breaks - ASoC: max98090: remove msleep in PLL unlocked workaround - kernel/sys.c: avoid copying possible padding bytes in copy_to_user - [arm64,armhf] KVM: vgic: Fix potential double free dist->spis in __kvm_vgic_destroy() - xfs: fix log reservation overflows when allocating large rt extents - neigh_stat_seq_next() should increase position index - rt_cpu_seq_next should increase position index - ipv6_route_seq_next should increase position index - seqlock: Require WRITE_ONCE surrounding raw_seqcount_barrier - sctp: move trace_sctp_probe_path into sctp_outq_sack - [arm64,x86] ACPI: EC: Reference count query handlers under lock - scsi: ufs: Make ufshcd_add_command_trace() easier to read - scsi: ufs: Fix a race condition in the tracing code - [s390x] /cpum_sf: Use kzalloc and minor changes - [powerpc*] eeh: Only dump stack once if an MMIO loop is detected - Bluetooth: btrtl: Use kvmalloc for FW allocations - [armel,armhf] ARM: 8948/1: Prevent OOB access in stacktrace - ar5523: Add USB ID of SMCWUSBT-G2 wireless adapter - ceph: ensure we have a new cap before continuing in fill_inode - Bluetooth: Fix refcount use-after-free issue - mm/swapfile.c: swap_next should increase position index - mm: pagewalk: fix termination condition in walk_pte_range() - Bluetooth: prefetch channel before killing sock - KVM: fix overflow of zero page refcount with ksm running - ALSA: hda: Clear RIRB status before reading WP - skbuff: fix a data race in skb_queue_len() - audit: CONFIG_CHANGE don't log internal bookkeeping as an event - selinux: sel_avc_get_stat_idx should increase position index - scsi: lpfc: Fix RQ buffer leakage when no IOCBs available - scsi: lpfc: Fix coverity errors in fmdi attribute handling - [armhf] drm/omap: fix possible object reference leak - crypto: chelsio - This fixes the kernel panic which occurs during a libkcapi test - mt76: clear skb pointers from rx aggregation reorder buffer during cleanup - ALSA: usb-audio: Don't create a mixer element with bogus volume range - [s390x] perf test: Fix test trace+probe_vfs_getname.sh on s390 - RDMA/rxe: Fix configuration of atomic queue pair attributes - [x86] KVM: x86: fix incorrect comparison in trace event - [x86] pkeys: Add check for pkey "overflow" - bpf: Remove recursion prevention from rcu free callback - [arm64,armhf] dmaengine: tegra-apb: Prevent race conditions on channel's freeing - random: fix data races at timer_rand_state - [arm64] bus: hisi_lpc: Fixup IO ports addresses to avoid use-after-free in host removal - media: go7007: Fix URB type for interrupt handling - Bluetooth: guard against controllers sending zero'd events - timekeeping: Prevent 32bit truncation in scale64_check_overflow() - ext4: fix a data race at inode->i_disksize - mm: avoid data corruption on CoW fault into PFN-mapped VMA - drm/amdgpu: increase atombios cmd timeout - ath10k: use kzalloc to read for ath10k_sdio_hif_diag_read - scsi: aacraid: Disabling TM path and only processing IOP reset - Bluetooth: L2CAP: handle l2cap config request during open state - media: tda10071: fix unsigned sign extension overflow - xfs: don't ever return a stale pointer from __xfs_dir3_free_read - xfs: mark dir corrupt when lookup-by-hash fails - ext4: mark block bitmap corrupted when found instead of BUGON - nfsd: Don't add locks to closed or closing open stateids - RDMA/cm: Remove a race freeing timewait_info - [powerpc*] KVM: PPC: Book3S HV: Treat TM-related invalid form instructions on P9 like the valid ones - [arm64] drm/msm: fix leaks if initialization fails - [arm64] drm/msm/a5xx: Always set an OPP supported hardware value - serial: 8250_port: Don't service RX FIFO if throttled - [powerpc*] cpufreq: powernv: Fix frame-size-overflow in powernv_cpufreq_work_fn - nvme-multipath: do not reset on unknown status - nvme: Fix controller creation races with teardown flow - RDMA/rxe: Set sys_image_guid to be aligned with HW IB devices - scsi: hpsa: correct race condition in offload enabled - SUNRPC: Fix a potential buffer overflow in 'svc_print_xprts()' - svcrdma: Fix leak of transport addresses - PCI: Use ioremap(), not phys_to_virt() for platform ROM - ubifs: Fix out-of-bounds memory access caused by abnormal value of node_len - ALSA: usb-audio: Fix case when USB MIDI interface has more than one extra endpoint descriptor - PCI: pciehp: Fix MSI interrupt race - NFS: Fix races nfs_page_group_destroy() vs nfs_destroy_unlinked_subrequests() - mm/kmemleak.c: use address-of operator on section symbols - mm/filemap.c: clear page error before actual read - mm/vmscan.c: fix data races using kswapd_classzone_idx - nvmet-rdma: fix double free of rdma queue - mm/mmap.c: initialize align_offset explicitly for vm_unmapped_area - scsi: qedi: Fix termination timeouts in session logout - [arm64] serial: uartps: Wait for tx_empty in console setup - [x86] KVM: Remove CREATE_IRQCHIP/SET_PIT2 race - bdev: Reduce time holding bd_mutex in sync in blkdev_close() - [x86] drivers: char: tlclk.c: Avoid data race between init and interrupt handler - [arm64] KVM: vgic-its: Fix memory leak on the error path of vgic_add_lpi() - net: openvswitch: use u64 for meter bucket - scsi: aacraid: Fix error handling paths in aac_probe_one() - staging:r8188eu: avoid skb_clone for amsdu to msdu conversion - [arm64] cpufeature: Relax checks for AArch32 support at EL[0-2] - dt-bindings: sound: wm8994: Correct required supplies based on actual implementaion - atm: fix a memory leak of vcc->user_back - Bluetooth: Handle Inquiry Cancel error after Inquiry Complete - tipc: fix memory leak in service subscripting - [armhf] tty: serial: samsung: Correct clock selection logic - ALSA: hda: Fix potential race in unsol event handler - [powerpc*] traps: Make unrecoverable NMIs die instead of panic - fuse: don't check refcount after stealing page - [powerpc*] scsi: cxlflash: Fix error return code in cxlflash_probe() - [arm64] cpufeature: Drop TraceFilt feature exposure from ID_DFR0 register - e1000: Do not perform reset in reset_task if we are already down - drm/nouveau/debugfs: fix runtime pm imbalance on error - drm/nouveau: fix runtime pm imbalance on error - drm/nouveau/dispnv50: fix runtime pm imbalance on error - printk: handle blank console arguments passed in. - [arm64,armhf] usb: dwc3: Increase timeout for CmdAct cleared by device controller - btrfs: don't force read-only after error in drop snapshot - vfio/pci: fix memory leaks of eventfd ctx - perf trace: Fix the selection for architectures to generate the errno name tables - [arm64,armhf] wlcore: fix runtime pm imbalance in wl1271_tx_work - [arm64,armhf] wlcore: fix runtime pm imbalance in wlcore_regdomain_config - [arm64,armhf] PCI: tegra: Fix runtime PM imbalance on error - ceph: fix potential race in ceph_check_caps - mm/swap_state: fix a data race in swapin_nr_pages - [armel] mtd: parser: cmdline: Support MTD names containing one or more colons - [x86] speculation/mds: Mark mds_user_clear_cpu_buffers() __always_inline - vfio/pci: Clear error and request eventfd ctx after releasing - cifs: Fix double add page to memcg when cifs_readpages - nvme: fix possible deadlock when I/O is blocked - scsi: libfc: Handling of extra kref - scsi: libfc: Skip additional kref updating work event - vfio/pci: fix racy on error and request eventfd ctx - btrfs: qgroup: fix data leak caused by race between writeback and truncate - net: openvswitch: use div_u64() for 64-by-32 divisions - nvme: explicitly update mpath disk capacity on revalidation - [x86] ASoC: Intel: bytcr_rt5640: Add quirk for MPMAN Converter9 2-in-1 - [s390x] init: add missing __init annotations - lockdep: fix order in trace_hardirqs_off_caller() - [amd64] drm/amdkfd: fix a memory leak issue - i2c: core: Call i2c_acpi_install_space_handler() before i2c_acpi_register_devices() - mwifiex: Increase AES key storage size to 256 bits - batman-adv: bla: fix type misuse for backbone_gw hash indexing - atm: eni: fix the missed pci_disable_device() for eni_init_one() - batman-adv: mcast/TT: fix wrongly dropped or rerouted packets - mac802154: tx: fix use-after-free - bpf: Fix clobbering of r2 in bpf_gen_ld_abs - [arm*] drm/vc4/vc4_hdmi: fill ASoC card owner - net: qed: RDMA personality shouldn't fail VF load - batman-adv: Add missing include for in_interrupt() - batman-adv: mcast: fix duplicate mcast packets in BLA backbone from mesh - batman-adv: mcast: fix duplicate mcast packets from BLA backbone to mesh - bpf: Fix a rcu warning for bpffs map pretty-print - [x86] ALSA: asihpi: fix iounmap in error handler - regmap: fix page selection for noinc reads - [x86] KVM: Reset MMU context if guest toggles CR4.SMAP or CR4.PKE - [x86] KVM: SVM: Add a dedicated INVD intercept routine - tracing: fix double free - [s390x] dasd: Fix zero write for FBA devices - kprobes: Fix to check probe enabled before disarm_kprobe_ftrace() - mm, THP, swap: fix allocating cluster for swapfile by mistake - [s390x] zcrypt: Fix ZCRYPT_PERDEV_REQCNT ioctl - ata: define AC_ERR_OK - ata: make qc_prep return ata_completion_errors - ata: sata_mv, avoid trigerrable BUG_ON - [arm64] KVM: Assume write fault on S1PTW permission fault on instruction fetch https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.150 - mmc: sdhci: Workaround broken command queuing on Intel GLK based IRBIS models - USB: gadget: f_ncm: Fix NDP16 datagram validation - vsock/virtio: use RCU to avoid use-after-free on the_virtio_vsock - vsock/virtio: stop workers during the .remove() - vsock/virtio: add transport parameter to the virtio_transport_reset_no_sock() - net: virtio_vsock: Enhance connection semantics - Input: i8042 - add nopnp quirk for Acer Aspire 5 A515 - ftrace: Move RCU is watching check after recursion check - drm/amdgpu: restore proper ref count in amdgpu_display_crtc_set_config - drivers/net/wan/hdlc_fr: Add needed_headroom for PVC devices - [armhf] drm/sun4i: mixer: Extend regmap max_register - net: dec: de2104x: Increase receive ring size for Tulip - rndis_host: increase sleep time in the query-response loop - nvme-core: get/put ctrl and transport module in nvme_dev_open/release() - [x86,ppc64el] drivers/net/wan/hdlc: Set skb->protocol before transmitting - mac80211: do not allow bigger VHT MPDUs than the hardware supports - nvme-fc: fail new connections to a deleted host or remote port - [armhf] pinctrl: mvebu: Fix i2c sda definition for 98DX3236 - nfs: Fix security label length not being reset - [armhf] clk: samsung: exynos4: mark 'chipid' clock as CLK_IGNORE_UNUSED - Input: trackpoint - enable Synaptics trackpoints - random32: Restore __latent_entropy attribute on net_rand_state - mm: replace memmap_context by meminit_context - mm: don't rely on system state to detect hot-plug operations - epoll: do not insert into poll queues until all sanity checks are done - epoll: replace ->visited/visited_list with generation count - epoll: EPOLL_CTL_ADD: close the race in decision to take fast path - ep_create_wakeup_source(): dentry name can change under you... - netfilter: ctnetlink: add a range check for l3/l4 protonum (CVE-2020-25211) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.151 - fbdev, newport_con: Move FONT_EXTRA_WORDS macros into linux/font.h - Fonts: Support FONT_EXTRA_WORDS macros for built-in fonts - fbcon: Fix global-out-of-bounds read in fbcon_get_font() - net: wireless: nl80211: fix out-of-bounds access in nl80211_del_key() - drm/nouveau/mem: guard against NULL pointer access in mem_del - usermodehelper: reset umask to default before executing user process - [x86] platform/x86: intel-vbtn: Fix SW_TABLET_MODE always reporting 1 on the HP Pavilion 11 x360 - [x86] platform/x86: thinkpad_acpi: initialize tp_nvram_state variable - [x86] platform/x86: intel-vbtn: Switch to an allow-list for SW_TABLET_MODE reporting - [x86] platform/x86: thinkpad_acpi: re-initialize ACPI buffer size when reuse - driver core: Fix probe_count imbalance in really_probe() - [x86] i2c: i801: Exclude device from suspend direct complete optimization - [armhf] mtd: rawnand: sunxi: Fix the probe error path - nvme-core: put ctrl ref when module ref get fail - macsec: avoid use-after-free in macsec_handle_frame() - mm/khugepaged: fix filemap page_to_pgoff(page) != offset - xfrmi: drop ignore_df check before updating pmtu - cifs: Fix incomplete memory allocation on setxattr path - [arm64,armhf] i2c: meson: fix clock setting overwrite - [arm64,armhf] i2c: meson: fixup rate calculation with filter delay - sctp: fix sctp_auth_init_hmacs() error path - team: set dev->needed_headroom in team_setup_by_port() - net: team: fix memory leak in __team_options_register - openvswitch: handle DNAT tuple collision - drm/amdgpu: prevent double kfree ttm->sg - xfrm: clone XFRMA_SET_MARK in xfrm_do_migrate - xfrm: clone XFRMA_REPLAY_ESN_VAL in xfrm_do_migrate - xfrm: clone XFRMA_SEC_CTX in xfrm_do_migrate - xfrm: clone whole liftime_cur structure in xfrm_do_migrate - [arm64,armhf] net: stmmac: removed enabling eee in EEE set callback - xfrm: Use correct address family in xfrm_state_find - bonding: set dev->needed_headroom in bond_setup_by_slave() - net: usb: ax88179_178a: fix missing stop entry in driver_info - net/mlx5e: Fix VLAN cleanup flow - net/mlx5e: Fix VLAN create flow - rxrpc: Fix rxkad token xdr encoding - rxrpc: Downgrade the BUG() for unsupported token type in rxrpc_read() - rxrpc: Fix some missing _bh annotations on locking conn->state_lock - rxrpc: Fix server keyring leak - perf: Fix task_function_call() error handling - mmc: core: don't set limits.discard_granularity as 0 - mm: khugepaged: recalculate min_free_kbytes after memory hotplug as expected by khugepaged - net: usb: rtl8150: set random MAC address when set_ethernet_addr() fails https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.152 - Bluetooth: A2MP: Fix not initializing all members (CVE-2020-12352) - Bluetooth: L2CAP: Fix calling sk_filter on non-socket based channel (CVE-2020-12351) - Bluetooth: MGMT: Fix not checking if BT_HS is enabled - Bluetooth: Consolidate encryption handling in hci_encrypt_cfm - Bluetooth: Fix update of connection state in `hci_encrypt_cfm` - Bluetooth: Disconnect if E0 is used for Level 4 - media: usbtv: Fix refcounting mixup - USB: serial: option: add Cellient MPL200 card - USB: serial: option: Add Telit FT980-KS composition - [x86] staging: comedi: check validity of wMaxPacketSize of usb endpoints found - USB: serial: pl2303: add device-id for HP GC device - USB: serial: ftdi_sio: add support for FreeCalypso JTAG+UART adapters - reiserfs: Initialize inode keys properly - reiserfs: Fix oops during mount - [arm*] drivers/net/ethernet/marvell/mvmdio.c: Fix non OF case (Closes: #908712) - [x86] crypto: qat - check cipher length for aead AES-CBC-HMAC-SHA . [ Salvatore Bonaccorso ] * [rt] Update to 4.19.148-rt64 * Bump ABI to 12 * Revert "perf cs-etm: Move definition of 'traceid_list' global variable from header file" linux-signed-arm64 (4.19.160+2) buster; urgency=medium . * Sign kernel from linux 4.19.160-2 . * net: Disable MLX5_ESWITCH on mips and mipsel (Fixes FTBFS) linux-signed-arm64 (4.19.160+1) buster; urgency=medium . * Sign kernel from linux 4.19.160-1 . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.153 - [ppc64el] ibmveth: Switch order of ibmveth_helper calls. - [ppc64el] ibmveth: Identify ingress large send packets. - ipv4: Restore flowi4_oif update before call to xfrm_lookup_route - mlx4: handle non-napi callers to napi_poll - [armhf] net: fec: Fix phy_device lookup for phy_reset_after_clk_enable() - [armhf] net: fec: Fix PHY init after phy_reset_after_clk_enable() - net: fix pos incrementment in ipv6_route_seq_next - net/smc: fix valid DMBE buffer sizes - net: usb: qmi_wwan: add Cellient MPL200 card - tipc: fix the skb_unshare() in tipc_buf_append() - net/ipv4: always honour route mtu during forwarding - r8169: fix data corruption issue on RTL8402 - [arm*] binder: fix UAF when releasing todo list (CVE-2020-0423) - ALSA: bebob: potential info leak in hwdep_read() - net: hdlc: In hdlc_rcv, check to make sure dev is an HDLC device - [x86,ppc64el] net: hdlc_raw_eth: Clear the IFF_TX_SKB_SHARING flag after calling ether_setup - net/sched: act_tunnel_key: fix OOB write in case of IPv6 ERSPAN tunnels - nfc: Ensure presence of NFC_ATTR_FIRMWARE_NAME attribute in nfc_genl_fw_download() - tcp: fix to update snd_wl1 in bulk receiver fast path - r8169: fix operation under forced interrupt threading - icmp: randomize the global rate limiter (CVE-2020-25705) - ALSA: hda/realtek: Enable audio jacks of ASUS D700SA with ALC887 - cifs: remove bogus debug code - cifs: Return the error from crypt_message when enc/dec key not found. - [x86] KVM: x86/mmu: Commit zap of remaining invalid pages when recovering lpages - [x86] KVM: SVM: Initialize prev_ga_tag before use - crypto: algif_aead - Do not set MAY_BACKLOG on the async path - [x86] EDAC/i5100: Fix error handling order in i5100_init_one() - [x86] fpu: Allow multiple bits in clearcpuid= parameter - [arm64] drivers/perf: xgene_pmu: Fix uninitialized resource struct - [x86] nmi: Fix nmi_handle() duration miscalculation - [amd64] x86/events/amd/iommu: Fix sizeof mismatch - crypto: algif_skcipher - EBUSY on aio should be an error - media: tuner-simple: fix regression in simple_set_radio_freq - media: uvcvideo: Set media controller entity functions - media: uvcvideo: Silence shift-out-of-bounds warning - [armhf] media: omap3isp: Fix memleak in isp_probe - [armhf] media: ti-vpe: Fix a missing check and reference count leak - regulator: resolve supply after creating regulator - ath10k: provide survey info as accumulated data - Bluetooth: hci_uart: Cancel init work before unregistering - ath6kl: prevent potential array overflow in ath6kl_add_new_sta() - ath9k: Fix potential out of bounds in ath9k_htc_txcompletion_cb() - ath10k: Fix the size used in a 'dma_free_coherent()' call in an error handling path - [arm64] wcn36xx: Fix reported 802.11n rx_highest rate wcn3660/wcn3680 - [arm64] ASoC: qcom: lpass-platform: fix memory leak - [arm64] ASoC: qcom: lpass-cpu: fix concurrency issue - brcmfmac: check ndev pointer - mwifiex: Do not use GFP_KERNEL in atomic context - [x86] staging: rtl8192u: Do not use GFP_KERNEL in atomic context - [x86] drm/gma500: fix error check - scsi: qla4xxx: Fix an error handling path in 'qla4xxx_get_host_stats()' - scsi: qla2xxx: Fix wrong return value in qla_nvme_register_hba() - scsi: csiostor: Fix wrong return value in csio_hw_prep_fw() - [x86] VMCI: check return value of get_user_pages_fast() for errors - [ppc64el] tty: hvcs: Don't NULL tty->driver_data until hvcs_cleanup() - pty: do tty_flip_buffer_push without port->lock in pty_write - [x86] pwm: lpss: Fix off by one error in base_unit math in pwm_lpss_prepare() - [x86] pwm: lpss: Add range limit check for the base_unit register value - [x86] video: fbdev: vga16fb: fix setting of pixclock because a pass-by-value error - video: fbdev: sis: fix null ptr dereference - video: fbdev: radeon: Fix memleak in radeonfb_pci_register - HID: roccat: add bounds checking in kone_sysfs_write_settings() - [armhf] pinctrl: mcp23s08: Fix mcp23x17_regmap initialiser - [armhf] pinctrl: mcp23s08: Fix mcp23x17 precious range - net/mlx5: Don't call timecounter cyc2time directly from 1PPS flow - [arm64,armhf] net: stmmac: use netif_tx_start|stop_all_queues() function - [arm64] cpufreq: armada-37xx: Add missing MODULE_DEVICE_TABLE - ath6kl: wmi: prevent a shift wrapping bug in ath6kl_wmi_delete_pstream_cmd() - [amd64] misc: mic: scif: Fix error handling path - [arm*] usb: dwc2: Fix parameter type in function pointer prototype - quota: clear padding in v2r1_mem2diskdqb() - HID: hid-input: fix stylus battery reporting - net: enic: Cure the enic api locking trainwreck - [mips*] mfd: sm501: Fix leaks in probe() - iwlwifi: mvm: split a print to avoid a WARNING in ROC - usb: gadget: f_ncm: fix ncm_bitrate for SuperSpeed and above. - usb: gadget: u_ether: enable qmult on SuperSpeed Plus as well - nl80211: fix non-split wiphy information - [arm*] usb: dwc2: Fix INTR OUT transfers in DDMA mode. - scsi: target: tcmu: Fix warning: 'page' may be used uninitialized - scsi: be2iscsi: Fix a theoretical leak in beiscsi_create_eqs() - mwifiex: fix double free - ipvs: clear skb->tstamp in forwarding path - netfilter: nf_log: missing vlan offload tag and proto - mm/memcg: fix device private memcg accounting - mm, oom_adj: don't loop through tasks in __set_oom_adj when not necessary - IB/mlx4: Fix starvation in paravirt mux/demux - IB/mlx4: Adjust delayed work when a dup is observed - [powerpc*] pseries: Fix missing of_node_put() in rng_init() - [powerpc*] icp-hv: Fix missing of_node_put() in success path - RDMA/ucma: Fix locking for ctx->events_reported - RDMA/ucma: Add missing locking around rdma_leave_multicast() - [powerpc*] pseries: explicitly reschedule during drmem_lmb list traversal - mtd: mtdoops: Don't write panic data twice - [armel,armhf] ARM: 9007/1: l2c: fix prefetch bits init in L2X0_AUX_CTRL using DT values - xfs: limit entries returned when counting fsmap records - xfs: fix high key handling in the rt allocator's query_range function - RDMA/qedr: Fix use of uninitialized field - RDMA/qedr: Fix inline size returned for iWARP https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.154 - [powerpc*] 64s/radix: Fix mm_cpumask trimming race vs kthread_use_mm - RDMA/cma: Remove dead code for kernel rdmacm multicast - RDMA/cma: Consolidate the destruction of a cma_multicast in one place - [arm64] RDMA/hns: Set the unsupported wr opcode - [arm64] RDMA/hns: Fix missing sq_sig_type when querying QP - overflow: Include header file with SIZE_MAX declaration - [powerpc*] perf: Exclude pmc5/6 from the irrelevant PMU group constraints - [poerpc*] cpufreq: powernv: Fix frame-size-overflow in powernv_cpufreq_reboot_notifier - IB/rdmavt: Fix sizeof mismatch - f2fs: wait for sysfs kobject removal before freeing f2fs_sb_info - lib/crc32.c: fix trivial typo in preprocessor condition - rapidio: fix error handling path - rapidio: fix the missed put_device() for rio_mport_add_riodev - mailbox: avoid timer start from callback - [arm64,armhf] clk: rockchip: Initialize hw to error to avoid undefined behavior - [arm*] clk: bcm2835: add missing release if devm_clk_hw_register fails - watchdog: Fix memleak in watchdog_cdev_register - watchdog: Use put_device on error - svcrdma: fix bounce buffers for unaligned offsets and multiple pages - ext4: limit entries returned when counting fsmap records - vfio/pci: Clear token on bypass registration failure - [amd64,arm64] vfio iommu type1: Fix memory leak in vfio_iommu_type1_pin_pages - SUNRPC: fix copying of multiple pages in gss_read_proxy_verf() - [armhf] Input: omap4-keypad - fix handling of platform_get_irq() error - [armhf] Input: twl4030_keypad - fix handling of platform_get_irq() error - [armhf] Input: sun4i-ps2 - fix handling of platform_get_irq() error - [x86] KVM: emulating RDPID failure shall return #UD rather than #GP - netfilter: conntrack: connection timeout after re-register - netfilter: nf_fwd_netdev: clear timestamp in forwarding path - [armhf] dts: sun8i: r40: bananapi-m2-ultra: Fix dcdc1 regulator - [armhf] memory: omap-gpmc: Fix a couple off by ones - [powerpc*] powernv/dump: Fix race while processing OPAL dump - nvmet: fix uninitialized work for zero kato - [x86,arm64] i2c: core: Restore acpi_walk_dep_device_list() getting called after registering the ACPI i2c devs - block: ratelimit handle_bad_sector() message - [x86] crypto: ccp - fix error handling - media: firewire: fix memory leak - media: ati_remote: sanity check for both endpoints - media: media/pci: prevent memory leak in bttv_probe - media: uvcvideo: Ensure all probed info is returned to v4l2 - mmc: sdio: Check for CISTPL_VERS_1 buffer size - media: saa7134: avoid a shift overflow - fs: dlm: fix configfs memory leak - [arm64] media: venus: core: Fix runtime PM imbalance in venus_probe - ip_gre: set dev->hard_header_len and dev->needed_headroom properly - mac80211: handle lack of sband->bitrates in rates - PM: hibernate: remove the bogus call to get_gendisk() in software_resume() - scsi: mvumi: Fix error return in mvumi_io_attach() - scsi: target: core: Add CONTROL field for trace events - [amd64] mic: vop: copy data to kernel space then write to io memory - [amd64] misc: vop: add round_up(x,4) for vring_size to avoid kernel panic - usb: gadget: function: printer: fix use-after-free in __lock_acquire - udf: Limit sparing table size - udf: Avoid accessing uninitialized data on failed inode read - USB: cdc-acm: handle broken union descriptors - [arm64,armhf] usb: dwc3: simple: add support for Hikey 970 - [armhf] can: flexcan: flexcan_chip_stop(): add error handling and propagate error value - ath9k: hif_usb: fix race condition between usb_get_urb() and usb_kill_anchored_urbs() - misc: rtsx: Fix memory leak in rtsx_pci_probe - reiserfs: only call unlock_new_inode() if I_NEW - xfs: make sure the rt allocator doesn't run off the end - usb: ohci: Default to per-port over-current protection - Bluetooth: Only mark socket zapped after unlocking - [ppc64el] scsi: ibmvfc: Fix error return in ibmvfc_probe() - brcmsmac: fix memory leak in wlc_phy_attach_lcnphy - rtl8xxxu: prevent potential memory leak - Fix use after free in get_capset_info callback. - scsi: qedi: Protect active command list to avoid list corruption - scsi: qedi: Fix list_del corruption while removing active I/O - [x86] tty: ipwireless: fix error handling - ipvs: Fix uninit-value in do_ip_vs_set_ctl() - reiserfs: Fix memory leak in reiserfs_parse_options() - mwifiex: don't call del_timer_sync() on uninitialized timer - brcm80211: fix possible memleak in brcmf_proto_msgbuf_attach - usb: core: Solve race condition in anchor cleanup functions - ath10k: check idx validity in __ath10k_htt_rx_ring_fill_n() - usb: cdc-acm: add quirk to blacklist ETAS ES58X devices - USB: cdc-wdm: Make wdm_flush() interruptible and add wdm_fsync(). - eeprom: at25: set minimum read/write access stride to 1 - usb: gadget: f_ncm: allow using NCM in SuperSpeed Plus gadgets. https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.155 - scripts/setlocalversion: make git describe output more reliable - [arm64] Run ARCH_WORKAROUND_1 enabling code on all CPUs - [arm64] link with -z norelro regardless of CONFIG_RELOCATABLE - [x86,arm64,armhf] efivarfs: Replace invalid slashes with exclamation marks in dentries. - gtp: fix an use-before-init in gtp_newlink() - netem: fix zero division in tabledist - tcp: Prevent low rmem stalls with SO_RCVLOWAT. - tipc: fix memory leak caused by tipc_buf_append() - r8169: fix issue with forced threading in combination with shared interrupts - cxgb4: set up filter action after rewrites - [x86] arch/x86/amd/ibs: Fix re-arming IBS Fetch - [x86] xen: disable Firmware First mode for correctable memory errors - fuse: fix page dereference after free - bpf: Fix comment for helper bpf_current_task_under_cgroup() - p54: avoid accessing the data mapped to streaming DMA - [powerpc*] cxl: Rework error message for incompatible slots - RDMA/addr: Fix race with netevent_callback()/rdma_addr_cancel() - mtd: lpddr: Fix bad logic in print_drs_error - [arm*] serial: pl011: Fix lockdep splat when handling magic-sysrq interrupt - fscrypt: return -EXDEV for incompatible rename or link into encrypted dir - fscrypt: clean up and improve dentry revalidation - fscrypt: fix race allowing rename() and link() of ciphertext dentries - fs, fscrypt: clear DCACHE_ENCRYPTED_NAME when unaliasing directory - fscrypt: only set dentry_operations on ciphertext dentries - fscrypt: fix race where ->lookup() marks plaintext dentry as ciphertext - Revert "block: ratelimit handle_bad_sector() message" - xen/events: don't use chip_data for legacy IRQs - xen/events: avoid removing an event channel while handling it (CVE-2020-27675) - xen/events: add a proper barrier to 2-level uevent unmasking (CVE-2020-27673) - xen/events: fix race in evtchn_fifo_unmask() (CVE-2020-27673) - xen/events: add a new "late EOI" evtchn framework (CVE-2020-27673) - xen/blkback: use lateeoi irq binding (CVE-2020-27673) - xen/netback: use lateeoi irq binding (CVE-2020-27673) - xen/scsiback: use lateeoi irq binding (CVE-2020-27673) - xen/pvcallsback: use lateeoi irq binding (CVE-2020-27673) - xen/pciback: use lateeoi irq binding (CVE-2020-27673) - xen/events: switch user event channels to lateeoi model (CVE-2020-27673) - xen/events: use a common cpu hotplug hook for event channels (CVE-2020-27673) - xen/events: defer eoi in case of excessive number of events (CVE-2020-27673) - xen/events: block rogue events for some time (CVE-2020-27673) - RDMA/qedr: Fix memory leak in iWARP CM - ata: sata_nv: Fix retrieving of active qcs - futex: Fix incorrect should_fail_futex() handling - [powerpc*] powernv/smp: Fix spurious DBG() warning - mm: fix exec activate_mm vs TLB shootdown and lazy tlb switching race - [powerpc*] select ARCH_WANT_IRQS_OFF_ACTIVATE_MM - f2fs: add trace exit in exception path - f2fs: fix uninit-value in f2fs_lookup - f2fs: fix to check segment boundary during SIT page readahead - [armel,armhf] 8997/2: hw_breakpoint: Handle inexact watchpoint addresses - power: supply: bq27xxx: report "not charging" on all types - xfs: fix realtime bitmap/summary file truncation when growing rt volume - ath10k: fix VHT NSS calculation when STBC is enabled - media: videodev2.h: RGB BT2020 and HSV are always full range - [x86] usb: typec: tcpm: During PR_SWAP, source caps should be sent only after tSwapSourceStart - media: tw5864: check status of tw5864_frameinterval_get - mmc: via-sdmmc: Fix data race bug - [arm64] topology: Stop using MPIDR for topology information - media: uvcvideo: Fix dereference of out-of-bound list iterator - USB: adutux: fix debugging - uio: free uio id after uio file node is freed - usb: xhci: omit duplicate actions when suspending a runtime suspended host. - [arm64] mm: return cpu_all_mask when node is NUMA_NO_NODE - xfs: don't free rt blocks when we're doing a REMAP bunmapi call - ACPI: Add out of bounds and numa_off protections to pxm_to_node() - drivers/net/wan/hdlc_fr: Correctly handle special skb->protocol values - btrfs: fix replace of seed device - md/bitmap: md_bitmap_get_counter returns wrong blocks - bnxt_en: Log unknown link speed appropriately. - [arm64] rpmsg: glink: Use complete_all for open states - [armhf] clk: ti: clockdomain: fix static checker warning - net: 9p: initialize sun_server.sun_path to have addr's value only when addr is valid - ext4: Detect already used quota file early - gfs2: add validation checks for size of superblock - cifs: handle -EINTR in cifs_setattr - [armhf] memory: emif: Remove bogus debugfs error handling - nbd: make the config put is called before the notifying the waiter - sgl_alloc_order: fix memory leak - nvme-rdma: fix crash when connect rejected - md/raid5: fix oops during stripe resizing - [x86,arm64] mmc: sdhci-acpi: AMDI0040: Set SDHCI_QUIRK2_PRESET_VALUE_BROKEN - [x86] perf/x86/amd/ibs: Don't include randomized bits in get_ibs_op_count() - [x86] perf/x86/amd/ibs: Fix raw sample data accumulation - media: uvcvideo: Fix uvc_ctrl_fixup_xu_info() not having any effect - fs: Don't invalidate page buffers in block_write_full_page() - NFS: fix nfs_path in case of a rename retry - ACPI: button: fix handling lid state changes when input device closed - [x86] ACPI / extlog: Check for RDMSR failure (Closes: #971058) - [x86] ACPI: video: use ACPI backlight for HP 635 Notebook - [x86] acpi-cpufreq: Honor _PSD table setting on new AMD CPUs - scsi: mptfusion: Fix null pointer dereferences in mptscsih_remove() - scsi: qla2xxx: Fix crash on session cleanup with unload - btrfs: qgroup: fix wrong qgroup metadata reserve for delayed inode - btrfs: improve device scanning messages - btrfs: reschedule if necessary when logging directory items - btrfs: send, recompute reference path after orphanization of a directory - btrfs: use kvzalloc() to allocate clone_roots in btrfs_ioctl_send() - btrfs: cleanup cow block on error - btrfs: fix use-after-free on readahead extent after failure to create it - usb: xhci: Workaround for S3 issue on AMD SNPS 3.0 xHC - [arm64,armhf] usb: dwc3: ep0: Fix ZLP for OUT ep0 requests - [arm64,armhf] usb: dwc3: gadget: Check MPS of the request length - [arm64,armhf] usb: dwc3: core: add phy cleanup for probe error handling - [arm64,armhf] usb: dwc3: core: don't trigger runtime pm when remove driver - usb: cdc-acm: fix cooldown mechanism - [x86] usb: typec: tcpm: reset hard_reset_count for any disconnect - [x86] drm/i915: Force VT'd workarounds when running as a guest OS - vt: keyboard, simplify vt_kdgkbsent - vt: keyboard, extend func_buf_lock to readers (CVE-2020-25656) - HID: wacom: Avoid entering wacom_wac_pen_report for pad / battery - udf: Fix memory leak when mounting - [powerpc*] drmem: Make lmb_size 64 bit - [s390x] stp: add locking to sysfs functions - [powerpc*] rtas: Restrict RTAS requests from userspace (CVE-2020-27777) - [powerpc*] Warn about use of smt_snooze_delay - [powerpc*] powernv/elog: Fix race while processing OPAL error log event. - [powerpc*] Fix undetected data corruption with P9N DD2.1 VSX CI load emulation - NFSv4.2: support EXCHGID4_FLAG_SUPP_FENCE_OPS 4.2 EXCHANGE_ID flag - NFSD: Add missing NFSv2 .pc_func methods - ubifs: dent: Fix some potential memory leaks while iterating entries - perf python scripting: Fix printable strings in python3 scripts - ubi: check kthread_should_stop() after the setting of task state - [armhf] i2c: imx: Fix external abort on interrupt in exit paths - drm/amdgpu: don't map BO in reserved region - ceph: promote to unsigned long long before shifting - libceph: clear con->out_msg on Policy::stateful_server faults - 9P: Cast to loff_t before multiplying - ring-buffer: Return 0 on success from ring_buffer_resize() - [amd64] vringh: fix __vringh_iov() when riov and wiov are different - ext4: fix leaking sysfs kobject after failed mount - ext4: fix error handling code in add_new_gdb - ext4: fix invalid inode checksum - drm/ttm: fix eviction valuable range check. - tty: make FONTX ioctl use the tty pointer they were actually passed (CVE-2020-25668) - cachefiles: Handle readpage error correctly - device property: Keep secondary firmware node secondary by type - device property: Don't clear secondary pointer for shared primary firmware node - [arm64] KVM: Fix AArch32 handling of DBGD{CCINT,SCRext} and DBGVCR - [x86] staging: comedi: cb_pcidas: Allow 2-channel commands for AO subdevice - [mips*] staging: octeon: repair "fixed-link" support - [mips*] staging: octeon: Drop on uncorrectable alignment or FCS error https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.156 - [x86] drm/i915: Break up error capture compression loops with cond_resched() - tipc: fix use-after-free in tipc_bcast_get_mode - ptrace: fix task_join_group_stop() for the case when current is traced - [arm64] cadence: force nonlinear buffers to be cloned - net: usb: qmi_wwan: add Telit LE910Cx 0x1230 composition - sctp: Fix COMM_LOST/CANT_STR_ASSOC err reporting on big-endian platforms - [arm64,armhf] sfp: Fix error handing in sfp_probe() - blktrace: fix debugfs use after free (CVE-2019-19770) - btrfs: extent_io: Kill the forward declaration of flush_write_bio - btrfs: extent_io: Move the BUG_ON() in flush_write_bio() one level up - Revert "btrfs: flush write bio if we loop in extent_write_cache_pages" - btrfs: flush write bio if we loop in extent_write_cache_pages - btrfs: extent_io: Handle errors better in extent_write_full_page() - btrfs: extent_io: Handle errors better in btree_write_cache_pages() - btrfs: extent_io: add proper error handling to lock_extent_buffer_for_io() - Btrfs: fix unwritten extent buffers and hangs on future writeback attempts - btrfs: Don't submit any btree write bio if the fs has errors (CVE-2019-19039, CVE-2019-19377) - btrfs: Move btrfs_check_chunk_valid() to tree-check.[ch] and export it - btrfs: tree-checker: Make chunk item checker messages more readable - btrfs: tree-checker: Make btrfs_check_chunk_valid() return EUCLEAN instead of EIO - btrfs: tree-checker: Check chunk item at tree block read time - btrfs: tree-checker: Verify dev item - btrfs: tree-checker: Fix wrong check on max devid - btrfs: tree-checker: Enhance chunk checker to validate chunk profile (CVE-2019-19816) - btrfs: tree-checker: Verify inode item - btrfs: tree-checker: fix the error message for transid error - Fonts: Replace discarded const qualifier - ALSA: usb-audio: Add implicit feedback quirk for Zoom UAC-2 - ALSA: usb-audio: add usb vendor id as DSD-capable for Khadas devices - ALSA: usb-audio: Add implicit feedback quirk for Qu-16 - ALSA: usb-audio: Add implicit feedback quirk for MODX - mm: mempolicy: fix potential pte_unmap_unlock pte error - kthread_worker: prevent queuing delayed work from timer_fn when it is being canceled - mm: always have io_remap_pfn_range() set pgprot_decrypted() - gfs2: Wake up when sd_glock_disposal becomes zero - ring-buffer: Fix recursion protection transitions between interrupt context - ftrace: Fix recursion check for NMI test - ftrace: Handle tracing when switching between context - tracing: Fix out of bounds write in get_trace_buf - futex: Handle transient "ownerless" rtmutex state correctly - [amd64] x86/kexec: Use up-to-dated screen_info copy to fill boot params - of: Fix reserved-memory overlap detection - blk-cgroup: Fix memleak on error path - blk-cgroup: Pre-allocate tree node on blkg_conf_prep - scsi: core: Don't start concurrent async scan on same host - vsock: use ns_capable_noaudit() on socket create - [arm*] drm/vc4: drv: Add error handding for bind - [amd64,arm64] ACPI: NFIT: Fix comparison to '-ENXIO' - vt: Disable KD_FONT_OP_COPY (CVE-2020-28974) - fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent - USB: serial: cyberjack: fix write-URB completion race - USB: serial: option: add Quectel EC200T module support - USB: serial: option: add LE910Cx compositions 0x1203, 0x1230, 0x1231 - USB: serial: option: add Telit FN980 composition 0x1055 - USB: Add NO_LPM quirk for Kingston flash drive - PM: runtime: Resume the device earlier in __device_release_driver() - perf/core: Fix a memory leak in perf_event_parse_addr_filter() (CVE-2020-25704) - tools: perf: Fix build error in v4.19.y - [arm64,armhf] net: dsa: read mac address from DT for slave device - [arm64] dts: marvell: espressobin: Add ethernet switch aliases https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.157 - [x86] powercap: restrict energy meter to root access (CVE-2020-8694) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.158 - regulator: defer probe when trying to get voltage from unresolved supply - time: Prevent undefined behaviour in timespec64_to_ns() - nbd: don't update block size after device is started - [arm64,armhf] usb: dwc3: gadget: Continue to process pending requests - [arm64,armhf] usb: dwc3: gadget: Reclaim extra TRBs after request completion - btrfs: sysfs: init devices outside of the chunk_mutex - btrfs: reschedule when cloning lots of extents - [x86] hv_balloon: disable warning when floor reached - net: xfrm: fix a race condition during allocing spi - xfs: set xefi_discard when creating a deferred agfl free log intent item - netfilter: ipset: Update byte and packet counters regardless of whether they match - perf tools: Add missing swap for ino_generation - [x86] ALSA: hda: prevent undefined shift in snd_hdac_ext_bus_get_link() - can: rx-offload: don't call kfree_skb() from IRQ context - can: dev: can_get_echo_skb(): prevent call to kfree_skb() in hard IRQ context - can: dev: __can_get_echo_skb(): fix real payload length return value for RTR frames - can: can_create_echo_skb(): fix echo skb generation: always use skb_clone() - can: peak_usb: add range checking in decode operations - can: peak_usb: peak_usb_get_ts_time(): fix timestamp wrapping - can: peak_canfd: pucan_handle_can_rx(): fix echo management when loopback is on - [armhf] can: flexcan: remove FLEXCAN_QUIRK_DISABLE_MECR quirk for LS1021A - xfs: flush new eof page on truncate to avoid post-eof corruption - [arm64,x86] tpm: efi: Don't create binary_bios_measurements file for an empty log - Btrfs: fix missing error return if writeback for extent buffer never started - ath9k_htc: Use appropriate rs_datalen type - netfilter: use actual socket sk rather than skb sk when routing harder - gfs2: Free rd_bits later in gfs2_clear_rgrpd to fix use-after-free - gfs2: Add missing truncate_inode_pages_final for sd_aspace - gfs2: check for live vs. read-only file system in gfs2_fitrim - scsi: hpsa: Fix memory leak in hpsa_init_one() - drm/amdgpu: perform srbm soft reset always on SDMA resume - mac80211: fix use of skb payload instead of header - cfg80211: regulatory: Fix inconsistent format argument - scsi: scsi_dh_alua: Avoid crash during alua_bus_detach() - [s390x] smp: move rcu_cpu_starting() earlier - [x86] tpm_tis: Disable interrupts on ThinkPad T490s - tick/common: Touch watchdog in tick_unfreeze() on all CPUs - [x86] pinctrl: intel: Set default bias in case no particular value given - [armel,armhf] 9019/1: kprobes: Avoid fortify_panic() when copying optprobe template - nbd: fix a block_device refcount leak in nbd_release - xfs: fix flags argument to rmap lookup when converting shared file rmaps - xfs: fix rmap key and record comparison functions - lan743x: fix "BUG: invalid wait context" when setting rx mode - xfs: fix a missing unlock on error in xfs_fs_map_blocks - of/address: Fix of_node memory leak in of_dma_is_coherent - [i386] cosa: Add missing kfree in error path of cosa_write - perf: Fix get_recursion_context() - ext4: correctly report "not supported" for {usr,grp}jquota when !CONFIG_QUOTA - ext4: unlock xattr_sem properly in ext4_inline_data_truncate() - btrfs: dev-replace: fail mount if we don't have replace item with target device - [x86] thunderbolt: Fix memory leak if ida_simple_get() fails in enumerate_services() - [x86] thunderbolt: Add the missed ida_simple_remove() in ring_request_msix() - uio: Fix use-after-free in uio_unregister_device() - usb: cdc-acm: Add DISABLE_ECHO for Renesas USB Download mode - futex: Don't enable IRQs unconditionally in put_pi_state() - ocfs2: initialize ip_next_orphan - btrfs: fix potential overflow in cluster_pages_for_defrag on 32bit arch - selinux: Fix error return code in sel_ib_pkey_sid_slow() - gpio: pcie-idio-24: Fix irq mask when masking - gpio: pcie-idio-24: Fix IRQ Enable Register value - gpio: pcie-idio-24: Enable PEX8311 interrupts - don't dump the threads that had been already exiting when zapped. - [x86] drm/gma500: Fix out-of-bounds access to struct drm_device.vblank[] - pinctrl: amd: use higher precision for 512 RtcClk - pinctrl: amd: fix incorrect way to disable debounce filter - swiotlb: fix "x86: Don't panic if can not alloc buffer for swiotlb" - IPv6: Set SIT tunnel hard_header_len to zero - [s390x] net/af_iucv: fix null pointer dereference on shutdown - net: Update window_clamp if SOCK_RCVBUF is set - tipc: fix memory leak in tipc_topsrv_start() - vrf: Fix fast path output packet handling with async Netfilter rules - r8169: fix potential skb double free in an error path - random32: make prandom_u32() output unpredictable - [x86] speculation: Allow IBPB to be conditionally enabled on CPUs with always-on STIBP - perf/core: Fix race in the perf_mmap_close() function (CVE-2020-14351) - Revert "kernel/reboot.c: convert simple_strtoul to kstrtoint" - reboot: fix overflow parsing reboot cpu number - net: sch_generic: fix the missing new qdisc assignment bug - Convert trailing spaces and periods in path components https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.159 - [powerpc*] 64s: move some exception handlers out of line - [powerpc*] 64s: flush L1D on kernel entry (CVE-2020-4788) - [powerpc*] Add a framework for user access tracking - [powerpc*] Implement user_access_begin and friends - [powerpc*] Fix __clear_user() with KUAP enabled - [powerpc*] uaccess: Evaluate macro arguments once, before user access is allowed - [powerpc*] 64s: flush L1D after user accesses (CVE-2020-4788) - Revert "perf cs-etm: Move definition of 'traceid_list' global variable from header file" - Input: sunkbd - avoid use-after-free in teardown paths (CVE-2020-25669) - mac80211: always wind down STA state - can: proc: can_remove_proc(): silence remove_proc_entry warning - [x86] KVM: x86: clflushopt should be treated as a no-op by emulation - [arm64] ACPI: GED: fix -Wformat https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.160 - ah6: fix error return code in ah6_input() - atm: nicstar: Unmap DMA on send error - bnxt_en: read EEPROM A2h address using page 0 - devlink: Add missing genlmsg_cancel() in devlink_nl_sb_port_pool_fill() - inet_diag: Fix error path to cancel the meseage in inet_req_diag_fill() - lan743x: fix issue causing intermittent kernel log warnings - lan743x: prevent entire kernel HANG on open, for some platforms - net: b44: fix error return code in b44_init_one() - net: bridge: add missing counters to ndo_get_stats64 callback - [arm64,armhf] net: dsa: mv88e6xxx: Avoid VTU corruption on 6097 - net: Have netpoll bring-up DSA management interface - net/mlx4_core: Fix init_hca fields offset - page_frag: Recover from memory pressure - qed: fix error return code in qed_iwarp_ll2_start() - qlcnic: fix error return code in qlcnic_83xx_restart_hw() - sctp: change to hold/put transport for proto_unreach_timer - tcp: only postpone PROBE_RTT if RTT is < current min_rtt estimate - [arm64,armhf] net/mlx5: Disable QoS when min_rates on all VFs are zero - net: usb: qmi_wwan: Set DTR quirk for MR400 - [arm64,armhf] pinctrl: rockchip: enable gpio pclk for rockchip_gpio_to_irq - scsi: ufs: Fix unbalanced scsi_block_reqs_cnt caused by ufshcd_hold() - [x86] ACPI: button: Add DMI quirk for Medion Akoya E2228T - [arm64] psci: Avoid printing in cpu_psci_cpu_die() - vfs: remove lockdep bogosity in __sb_start_write - [arm64] dts: allwinner: a64: Pine64 Plus: Fix ethernet node - [arm64] dts: allwinner: h5: OrangePi PC2: Fix ethernet node - [armhf] dts: sun8i: r40: bananapi-m2-ultra: Fix ethernet node - [armhf] Revert "arm: sun8i: orangepi-pc-plus: Set EMAC activity LEDs to active high" - [armhf] dts: sun8i: h3: orangepi-plus2e: Enable RGMII RX/TX delay on Ethernet PHY - [armhf] dts: sun8i: a83t: Enable both RGMII RX/TX delay on Ethernet PHY - [arm64] dts: allwinner: a64: bananapi-m64: Enable RGMII RX/TX delay on PHY - [mips*] export has_transparent_hugepage() for modules - [arm64] dts: allwinner: h5: OrangePi Prime: Fix ethernet node - perf lock: Don't free "lock_seq_stat" if read_count isn't zero - ip_tunnels: Set tunnel option flag when tunnel metadata is present - can: af_can: prevent potential access of uninitialized member in can_rcv() - can: af_can: prevent potential access of uninitialized member in canfd_rcv() - can: dev: can_restart(): post buffer from the right context - can: mcba_usb: mcba_usb_start_xmit(): first fill skb, then pass to can_put_echo_skb() - can: peak_usb: fix potential integer overflow on shift of a int - [arm64] ASoC: qcom: lpass-platform: Fix memory leak - [arm64,armhf] drm/sun4i: dw-hdmi: fix error return code in sun8i_dw_hdmi_bind() - can: kvaser_usb: kvaser_usb_hydra: Fix KCAN bittiming limits - [armhf] regulator: ti-abb: Fix array out of bound read access on the first transition - xfs: revert "xfs: fix rmap key and record comparison functions" - [amd64] efi/x86: Free efi_pgd with free_pages() - libfs: fix error cast of negative value in simple_attr_write() - speakup: Do not let the line discipline be used several times (CVE-2020-28941) - ALSA: firewire: Clean up a locking issue in copy_resp_to_buf() - ALSA: usb-audio: Add delay quirk for all Logitech USB devices - ALSA: ctl: fix error path at adding user-defined element set - ALSA: mixart: Fix mutex deadlock - ALSA: hda/realtek: Add some Clove SSID in the ALC293(ALC1220) - [armhf] tty: serial: imx: keep console clocks always on - [arm64,armhf,x86] efivarfs: fix memory leak in efivarfs_create() - [arm64,x86] staging: rtl8723bs: Add 024c:0627 to the list of SDIO device-ids - ext4: fix bogus warning in ext4_update_dx_flag() - [x86] iio: accel: kxcjk1013: Replace is_smo8500_device with an acpi_type enum - [x86] iio: accel: kxcjk1013: Add support for KIOX010A ACPI DSM for setting tablet-mode - [armhf] regulator: pfuze100: limit pfuze-support-disable-sw to pfuze{100,200} - regulator: fix memory leak with repeated set_machine_constraints() - regulator: avoid resolve_supply() infinite recursion - regulator: workaround self-referent regulators - mac80211: minstrel: remove deferred sampling code - mac80211: minstrel: fix tx status processing corner case - mac80211: free sta in sta_info_insert_finish() on errors - [s390x] cpum_sf.c: fix file permission for cpum_sfb_size - [s390x] dasd: fix null pointer dereference for ERP requests - ptrace: Set PF_SUPERPRIV when checking capability - seccomp: Set PF_SUPERPRIV when checking capability - [x86] microcode/intel: Check patch signature before saving microcode for early loading - mm/userfaultfd: do not access vma->vm_mm after calling handle_userfault() . [ Salvatore Bonaccorso ] * net: Enable NET_SWITCHDEV; disable on armel/marvell (Closes: #949863) * Bump ABI to 13 * [rt] Update to 4.19.152-rt65 * [rt] Refresh "mm: Protect activate_mm() by preempt_[disable&enable]_rt()" * [rt] Refresh "kthread: convert worker lock to raw spinlock" * [rt] Refresh "signals: Allow rt tasks to cache one sigqueue struct" * [rt] Refresh "tpm_tis: fix stall after iowrite*()s" * [rt] Refresh "futex: Delay deallocation of pi_state" * [rt] Refresh "futex: Make the futex_hash_bucket spinlock_t again" * [rt] Update to 4.19.152-rt66 - mm/memcontrol: Disable preemption in __mod_memcg_lruvec_state() - ptrace: fix ptrace_unfreeze_traced() race with rt-lock * [rt] Update to 4.19.160-rt69 . [ Noah Meyerhans ] * Backport upstream fix for PCI bridge firmware configuration preservation (Closes: #968623) . [ John L. Villalovos ] * Backport support for USB Host Controllers with local memory to avoid crashes. In particular the Renesas USB 3.0 controller (PD720201/PD720202) which is used on the Ampere's Mt Jade platform which is part of their Altra product line: - lib/genalloc: add gen_pool_dma_zalloc() for zeroed DMA allocations - USB: use genalloc for USB HCs with local memory - USB: drop HCD_LOCAL_MEM flag - usb: don't create dma pools for HCDs with a localmem_pool - usb: add a hcd_uses_dma helper - usb: host: ohci-sm501: init genalloc for local memory - usb/hcd: Fix a NULL vs IS_ERR() bug in usb_hcd_setup_local_mem() * [arm64] config/arm64/config: Set NODES_SHIFT to 4 . [ Yves-Alexis Perez ] * usbnet: ipheth: fix connectivity with iOS 14 linux-signed-arm64 (4.19.152+1) buster-security; urgency=high . * Sign kernel from linux 4.19.152-1 . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.147 - [arm64,armhf] dsa: Allow forwarding of redirected IGMP traffic - scsi: qla2xxx: Update rscn_rcvd field to more meaningful scan_needed - scsi: qla2xxx: Move rport registration out of internal work_list - scsi: qla2xxx: Reduce holding sess_lock to prevent CPU lock-up - net: handle the return value of pskb_carve_frag_list() correctly - [x86] hv_netvsc: Remove "unlikely" from netvsc_select_queue - NFSv4.1 handle ERR_DELAY error reclaiming locking state on delegation recall - scsi: pm8001: Fix memleak in pm8001_exec_internal_task_abort - scsi: libfc: Fix for double free() - scsi: lpfc: Fix FLOGI/PLOGI receive race condition in pt2pt discovery - [arm64] regulator: pwm: Fix machine constraints application - NFS: Zero-stateid SETATTR should first return delegation - SUNRPC: stop printk reading past end of string - nvme-fc: cancel async events before freeing event struct - nvme-rdma: cancel async events before freeing event struct - f2fs: fix indefinite loop scanning for free nid - f2fs: Return EOF on unaligned end of file DIO read - i2c: algo: pca: Reapply i2c bus settings after reset - spi: Fix memory leak on splited transfers - [arm64,armhf] clk: rockchip: Fix initialization of mux_pll_src_4plls_p - [arm64] ASoC: qcom: Set card->owner to avoid warnings - [x86] Drivers: hv: vmbus: Add timeout to vmbus_wait_for_unload - fbcon: Fix user font detection test at fbcon_resize(). - USB: quirks: Add USB_QUIRK_IGNORE_REMOTE_WAKEUP quirk for BYD zhaoxin notebook - USB: UAS: fix disconnect by unplugging a hub - usblp: fix race between disconnect() and read() - [x86] i2c: i801: Fix resume bug - Revert "ALSA: hda - Fix silent audio output and corrupted input on MSI X570-A PRO" - percpu: fix first chunk size calculation for populated bitmap - Input: trackpoint - add new trackpoint variant IDs - serial: 8250_pci: Add Realtek 816a and 816b - ehci-hcd: Move include to keep CRC stable - [powerpc*] dma: Fix dma_map_ops::get_required_mask https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.148 - af_key: pfkey_dump needs parameter validation - KVM: fix memory leak in kvm_io_bus_unregister_dev() - kprobes: fix kill kprobe which has been marked as gone - mm/thp: fix __split_huge_pmd_locked() for migration PMD - cxgb4: Fix offset when clearing filter byte counters - geneve: add transport ports in route lookup for geneve (CVE-2020-25645) - [x86,ppc64el] hdlc_ppp: add range checks in ppp_cp_parse_cr() (CVE-2020-25643) - ip: fix tos reflection in ack and reset packets - ipv6: avoid lockdep issue in fib6_del() - net: DCB: Validate DCB_ATTR_DCB_BUFFER argument - net: ipv6: fix kconfig dependency warning for IPV6_SEG6_HMAC - net: sch_generic: aviod concurrent reset and enqueue op for lockless qdisc - nfp: use correct define to return NONE fec - tipc: Fix memory leak in tipc_group_create_member() - tipc: fix shutdown() of connection oriented socket - tipc: use skb_unshare() instead in tipc_buf_append() - bnxt_en: return proper error codes in bnxt_show_temp - bnxt_en: Protect bnxt_set_eee() and bnxt_set_pauseparam() with mutex. - net: phy: Avoid NPD upon phy_detach() when driver is unbound - net: add __must_check to skb_put_padto() - ipv4: Update exception handling for multipath routes via same device - kbuild: add OBJSIZE variable for the size tool - mm: memcg: fix memcg reclaim soft lockup - tcp_bbr: refactor bbr_target_cwnd() for general inflight provisioning - tcp_bbr: adapt cwnd based on ack aggregation estimation - serial: 8250: Avoid error message on reprobe https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.149 - selinux: allow labeling before policy is loaded - media: mc-device.c: fix memleak in media_device_register_entity - dma-fence: Serialise signal enabling (dma_fence_enable_sw_signaling) - ath10k: fix array out-of-bounds access - ath10k: fix memory leak for tpc_stats_final - mm: fix double page fault on arm64 if PTE_AF is cleared - scsi: aacraid: fix illegal IO beyond last LBA - [x86] gma/gma500: fix a memory disclosure bug due to uninitialized bytes - [armel,armhf] ASoC: kirkwood: fix IRQ error handling - [amd64] arch/x86/lib/usercopy_64.c: fix __copy_user_flushcache() cache writeback - [x86] ioapic: Unbreak check_timer() - ALSA: usb-audio: Add delay quirk for H570e USB headsets - ALSA: hda/realtek - Couldn't detect Mic if booting with headset plugged - ALSA: hda/realtek: Enable front panel headset LED on Lenovo ThinkStation P520 - lib/string.c: implement stpcpy - [armhf] PM / devfreq: tegra30: Fix integer overflow on CPU's freq max out - [x86] scsi: fnic: fix use after free - scsi: lpfc: Fix kernel crash at lpfc_nvme_info_show during remote port bounce - net: silence data-races on sk_backlog.tail - [armhf] clk/ti/adpll: allocate room for terminating null - mtd: cfi_cmdset_0002: don't free cfi->cfiq in error path of cfi_amdstd_setup() - mfd: mfd-core: Protect against NULL call-back function pointer - [x86] tpm_crb: fix fTPM on AMD Zen+ CPUs - tracing: Adding NULL checks for trace_array descriptor pointer - bcache: fix a lost wake-up problem caused by mca_cannibalize_lock - RDMA/qedr: Fix potential use after free - RDMA/i40iw: Fix potential use after free - fix dget_parent() fastpath race - xfs: fix attr leaf header freemap.size underflow - RDMA/iw_cgxb4: Fix an error handling path in 'c4iw_connect()' - ubi: Fix producing anchor PEBs - mmc: core: Fix size overflow for mmc partitions - gfs2: clean up iopen glock mess in gfs2_create_inode - scsi: pm80xx: Cleanup command when a reset times out - CIFS: Properly process SMB3 lease breaks - ASoC: max98090: remove msleep in PLL unlocked workaround - kernel/sys.c: avoid copying possible padding bytes in copy_to_user - [arm64,armhf] KVM: vgic: Fix potential double free dist->spis in __kvm_vgic_destroy() - xfs: fix log reservation overflows when allocating large rt extents - neigh_stat_seq_next() should increase position index - rt_cpu_seq_next should increase position index - ipv6_route_seq_next should increase position index - seqlock: Require WRITE_ONCE surrounding raw_seqcount_barrier - sctp: move trace_sctp_probe_path into sctp_outq_sack - [arm64,x86] ACPI: EC: Reference count query handlers under lock - scsi: ufs: Make ufshcd_add_command_trace() easier to read - scsi: ufs: Fix a race condition in the tracing code - [s390x] /cpum_sf: Use kzalloc and minor changes - [powerpc*] eeh: Only dump stack once if an MMIO loop is detected - Bluetooth: btrtl: Use kvmalloc for FW allocations - [armel,armhf] ARM: 8948/1: Prevent OOB access in stacktrace - ar5523: Add USB ID of SMCWUSBT-G2 wireless adapter - ceph: ensure we have a new cap before continuing in fill_inode - Bluetooth: Fix refcount use-after-free issue - mm/swapfile.c: swap_next should increase position index - mm: pagewalk: fix termination condition in walk_pte_range() - Bluetooth: prefetch channel before killing sock - KVM: fix overflow of zero page refcount with ksm running - ALSA: hda: Clear RIRB status before reading WP - skbuff: fix a data race in skb_queue_len() - audit: CONFIG_CHANGE don't log internal bookkeeping as an event - selinux: sel_avc_get_stat_idx should increase position index - scsi: lpfc: Fix RQ buffer leakage when no IOCBs available - scsi: lpfc: Fix coverity errors in fmdi attribute handling - [armhf] drm/omap: fix possible object reference leak - crypto: chelsio - This fixes the kernel panic which occurs during a libkcapi test - mt76: clear skb pointers from rx aggregation reorder buffer during cleanup - ALSA: usb-audio: Don't create a mixer element with bogus volume range - [s390x] perf test: Fix test trace+probe_vfs_getname.sh on s390 - RDMA/rxe: Fix configuration of atomic queue pair attributes - [x86] KVM: x86: fix incorrect comparison in trace event - [x86] pkeys: Add check for pkey "overflow" - bpf: Remove recursion prevention from rcu free callback - [arm64,armhf] dmaengine: tegra-apb: Prevent race conditions on channel's freeing - random: fix data races at timer_rand_state - [arm64] bus: hisi_lpc: Fixup IO ports addresses to avoid use-after-free in host removal - media: go7007: Fix URB type for interrupt handling - Bluetooth: guard against controllers sending zero'd events - timekeeping: Prevent 32bit truncation in scale64_check_overflow() - ext4: fix a data race at inode->i_disksize - mm: avoid data corruption on CoW fault into PFN-mapped VMA - drm/amdgpu: increase atombios cmd timeout - ath10k: use kzalloc to read for ath10k_sdio_hif_diag_read - scsi: aacraid: Disabling TM path and only processing IOP reset - Bluetooth: L2CAP: handle l2cap config request during open state - media: tda10071: fix unsigned sign extension overflow - xfs: don't ever return a stale pointer from __xfs_dir3_free_read - xfs: mark dir corrupt when lookup-by-hash fails - ext4: mark block bitmap corrupted when found instead of BUGON - nfsd: Don't add locks to closed or closing open stateids - RDMA/cm: Remove a race freeing timewait_info - [powerpc*] KVM: PPC: Book3S HV: Treat TM-related invalid form instructions on P9 like the valid ones - [arm64] drm/msm: fix leaks if initialization fails - [arm64] drm/msm/a5xx: Always set an OPP supported hardware value - serial: 8250_port: Don't service RX FIFO if throttled - [powerpc*] cpufreq: powernv: Fix frame-size-overflow in powernv_cpufreq_work_fn - nvme-multipath: do not reset on unknown status - nvme: Fix controller creation races with teardown flow - RDMA/rxe: Set sys_image_guid to be aligned with HW IB devices - scsi: hpsa: correct race condition in offload enabled - SUNRPC: Fix a potential buffer overflow in 'svc_print_xprts()' - svcrdma: Fix leak of transport addresses - PCI: Use ioremap(), not phys_to_virt() for platform ROM - ubifs: Fix out-of-bounds memory access caused by abnormal value of node_len - ALSA: usb-audio: Fix case when USB MIDI interface has more than one extra endpoint descriptor - PCI: pciehp: Fix MSI interrupt race - NFS: Fix races nfs_page_group_destroy() vs nfs_destroy_unlinked_subrequests() - mm/kmemleak.c: use address-of operator on section symbols - mm/filemap.c: clear page error before actual read - mm/vmscan.c: fix data races using kswapd_classzone_idx - nvmet-rdma: fix double free of rdma queue - mm/mmap.c: initialize align_offset explicitly for vm_unmapped_area - scsi: qedi: Fix termination timeouts in session logout - [arm64] serial: uartps: Wait for tx_empty in console setup - [x86] KVM: Remove CREATE_IRQCHIP/SET_PIT2 race - bdev: Reduce time holding bd_mutex in sync in blkdev_close() - [x86] drivers: char: tlclk.c: Avoid data race between init and interrupt handler - [arm64] KVM: vgic-its: Fix memory leak on the error path of vgic_add_lpi() - net: openvswitch: use u64 for meter bucket - scsi: aacraid: Fix error handling paths in aac_probe_one() - staging:r8188eu: avoid skb_clone for amsdu to msdu conversion - [arm64] cpufeature: Relax checks for AArch32 support at EL[0-2] - dt-bindings: sound: wm8994: Correct required supplies based on actual implementaion - atm: fix a memory leak of vcc->user_back - Bluetooth: Handle Inquiry Cancel error after Inquiry Complete - tipc: fix memory leak in service subscripting - [armhf] tty: serial: samsung: Correct clock selection logic - ALSA: hda: Fix potential race in unsol event handler - [powerpc*] traps: Make unrecoverable NMIs die instead of panic - fuse: don't check refcount after stealing page - [powerpc*] scsi: cxlflash: Fix error return code in cxlflash_probe() - [arm64] cpufeature: Drop TraceFilt feature exposure from ID_DFR0 register - e1000: Do not perform reset in reset_task if we are already down - drm/nouveau/debugfs: fix runtime pm imbalance on error - drm/nouveau: fix runtime pm imbalance on error - drm/nouveau/dispnv50: fix runtime pm imbalance on error - printk: handle blank console arguments passed in. - [arm64,armhf] usb: dwc3: Increase timeout for CmdAct cleared by device controller - btrfs: don't force read-only after error in drop snapshot - vfio/pci: fix memory leaks of eventfd ctx - perf trace: Fix the selection for architectures to generate the errno name tables - [arm64,armhf] wlcore: fix runtime pm imbalance in wl1271_tx_work - [arm64,armhf] wlcore: fix runtime pm imbalance in wlcore_regdomain_config - [arm64,armhf] PCI: tegra: Fix runtime PM imbalance on error - ceph: fix potential race in ceph_check_caps - mm/swap_state: fix a data race in swapin_nr_pages - [armel] mtd: parser: cmdline: Support MTD names containing one or more colons - [x86] speculation/mds: Mark mds_user_clear_cpu_buffers() __always_inline - vfio/pci: Clear error and request eventfd ctx after releasing - cifs: Fix double add page to memcg when cifs_readpages - nvme: fix possible deadlock when I/O is blocked - scsi: libfc: Handling of extra kref - scsi: libfc: Skip additional kref updating work event - vfio/pci: fix racy on error and request eventfd ctx - btrfs: qgroup: fix data leak caused by race between writeback and truncate - net: openvswitch: use div_u64() for 64-by-32 divisions - nvme: explicitly update mpath disk capacity on revalidation - [x86] ASoC: Intel: bytcr_rt5640: Add quirk for MPMAN Converter9 2-in-1 - [s390x] init: add missing __init annotations - lockdep: fix order in trace_hardirqs_off_caller() - [amd64] drm/amdkfd: fix a memory leak issue - i2c: core: Call i2c_acpi_install_space_handler() before i2c_acpi_register_devices() - mwifiex: Increase AES key storage size to 256 bits - batman-adv: bla: fix type misuse for backbone_gw hash indexing - atm: eni: fix the missed pci_disable_device() for eni_init_one() - batman-adv: mcast/TT: fix wrongly dropped or rerouted packets - mac802154: tx: fix use-after-free - bpf: Fix clobbering of r2 in bpf_gen_ld_abs - [arm*] drm/vc4/vc4_hdmi: fill ASoC card owner - net: qed: RDMA personality shouldn't fail VF load - batman-adv: Add missing include for in_interrupt() - batman-adv: mcast: fix duplicate mcast packets in BLA backbone from mesh - batman-adv: mcast: fix duplicate mcast packets from BLA backbone to mesh - bpf: Fix a rcu warning for bpffs map pretty-print - [x86] ALSA: asihpi: fix iounmap in error handler - regmap: fix page selection for noinc reads - [x86] KVM: Reset MMU context if guest toggles CR4.SMAP or CR4.PKE - [x86] KVM: SVM: Add a dedicated INVD intercept routine - tracing: fix double free - [s390x] dasd: Fix zero write for FBA devices - kprobes: Fix to check probe enabled before disarm_kprobe_ftrace() - mm, THP, swap: fix allocating cluster for swapfile by mistake - [s390x] zcrypt: Fix ZCRYPT_PERDEV_REQCNT ioctl - ata: define AC_ERR_OK - ata: make qc_prep return ata_completion_errors - ata: sata_mv, avoid trigerrable BUG_ON - [arm64] KVM: Assume write fault on S1PTW permission fault on instruction fetch https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.150 - mmc: sdhci: Workaround broken command queuing on Intel GLK based IRBIS models - USB: gadget: f_ncm: Fix NDP16 datagram validation - vsock/virtio: use RCU to avoid use-after-free on the_virtio_vsock - vsock/virtio: stop workers during the .remove() - vsock/virtio: add transport parameter to the virtio_transport_reset_no_sock() - net: virtio_vsock: Enhance connection semantics - Input: i8042 - add nopnp quirk for Acer Aspire 5 A515 - ftrace: Move RCU is watching check after recursion check - drm/amdgpu: restore proper ref count in amdgpu_display_crtc_set_config - drivers/net/wan/hdlc_fr: Add needed_headroom for PVC devices - [armhf] drm/sun4i: mixer: Extend regmap max_register - net: dec: de2104x: Increase receive ring size for Tulip - rndis_host: increase sleep time in the query-response loop - nvme-core: get/put ctrl and transport module in nvme_dev_open/release() - [x86,ppc64el] drivers/net/wan/hdlc: Set skb->protocol before transmitting - mac80211: do not allow bigger VHT MPDUs than the hardware supports - nvme-fc: fail new connections to a deleted host or remote port - [armhf] pinctrl: mvebu: Fix i2c sda definition for 98DX3236 - nfs: Fix security label length not being reset - [armhf] clk: samsung: exynos4: mark 'chipid' clock as CLK_IGNORE_UNUSED - Input: trackpoint - enable Synaptics trackpoints - random32: Restore __latent_entropy attribute on net_rand_state - mm: replace memmap_context by meminit_context - mm: don't rely on system state to detect hot-plug operations - epoll: do not insert into poll queues until all sanity checks are done - epoll: replace ->visited/visited_list with generation count - epoll: EPOLL_CTL_ADD: close the race in decision to take fast path - ep_create_wakeup_source(): dentry name can change under you... - netfilter: ctnetlink: add a range check for l3/l4 protonum (CVE-2020-25211) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.151 - fbdev, newport_con: Move FONT_EXTRA_WORDS macros into linux/font.h - Fonts: Support FONT_EXTRA_WORDS macros for built-in fonts - fbcon: Fix global-out-of-bounds read in fbcon_get_font() - net: wireless: nl80211: fix out-of-bounds access in nl80211_del_key() - drm/nouveau/mem: guard against NULL pointer access in mem_del - usermodehelper: reset umask to default before executing user process - [x86] platform/x86: intel-vbtn: Fix SW_TABLET_MODE always reporting 1 on the HP Pavilion 11 x360 - [x86] platform/x86: thinkpad_acpi: initialize tp_nvram_state variable - [x86] platform/x86: intel-vbtn: Switch to an allow-list for SW_TABLET_MODE reporting - [x86] platform/x86: thinkpad_acpi: re-initialize ACPI buffer size when reuse - driver core: Fix probe_count imbalance in really_probe() - [x86] i2c: i801: Exclude device from suspend direct complete optimization - [armhf] mtd: rawnand: sunxi: Fix the probe error path - nvme-core: put ctrl ref when module ref get fail - macsec: avoid use-after-free in macsec_handle_frame() - mm/khugepaged: fix filemap page_to_pgoff(page) != offset - xfrmi: drop ignore_df check before updating pmtu - cifs: Fix incomplete memory allocation on setxattr path - [arm64,armhf] i2c: meson: fix clock setting overwrite - [arm64,armhf] i2c: meson: fixup rate calculation with filter delay - sctp: fix sctp_auth_init_hmacs() error path - team: set dev->needed_headroom in team_setup_by_port() - net: team: fix memory leak in __team_options_register - openvswitch: handle DNAT tuple collision - drm/amdgpu: prevent double kfree ttm->sg - xfrm: clone XFRMA_SET_MARK in xfrm_do_migrate - xfrm: clone XFRMA_REPLAY_ESN_VAL in xfrm_do_migrate - xfrm: clone XFRMA_SEC_CTX in xfrm_do_migrate - xfrm: clone whole liftime_cur structure in xfrm_do_migrate - [arm64,armhf] net: stmmac: removed enabling eee in EEE set callback - xfrm: Use correct address family in xfrm_state_find - bonding: set dev->needed_headroom in bond_setup_by_slave() - net: usb: ax88179_178a: fix missing stop entry in driver_info - net/mlx5e: Fix VLAN cleanup flow - net/mlx5e: Fix VLAN create flow - rxrpc: Fix rxkad token xdr encoding - rxrpc: Downgrade the BUG() for unsupported token type in rxrpc_read() - rxrpc: Fix some missing _bh annotations on locking conn->state_lock - rxrpc: Fix server keyring leak - perf: Fix task_function_call() error handling - mmc: core: don't set limits.discard_granularity as 0 - mm: khugepaged: recalculate min_free_kbytes after memory hotplug as expected by khugepaged - net: usb: rtl8150: set random MAC address when set_ethernet_addr() fails https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.152 - Bluetooth: A2MP: Fix not initializing all members (CVE-2020-12352) - Bluetooth: L2CAP: Fix calling sk_filter on non-socket based channel (CVE-2020-12351) - Bluetooth: MGMT: Fix not checking if BT_HS is enabled - Bluetooth: Consolidate encryption handling in hci_encrypt_cfm - Bluetooth: Fix update of connection state in `hci_encrypt_cfm` - Bluetooth: Disconnect if E0 is used for Level 4 - media: usbtv: Fix refcounting mixup - USB: serial: option: add Cellient MPL200 card - USB: serial: option: Add Telit FT980-KS composition - [x86] staging: comedi: check validity of wMaxPacketSize of usb endpoints found - USB: serial: pl2303: add device-id for HP GC device - USB: serial: ftdi_sio: add support for FreeCalypso JTAG+UART adapters - reiserfs: Initialize inode keys properly - reiserfs: Fix oops during mount - [arm*] drivers/net/ethernet/marvell/mvmdio.c: Fix non OF case (Closes: #908712) - [x86] crypto: qat - check cipher length for aead AES-CBC-HMAC-SHA . [ Salvatore Bonaccorso ] * [rt] Update to 4.19.148-rt64 * Bump ABI to 12 * Revert "perf cs-etm: Move definition of 'traceid_list' global variable from header file" linux-signed-i386 (4.19.160+2) buster; urgency=medium . * Sign kernel from linux 4.19.160-2 . * net: Disable MLX5_ESWITCH on mips and mipsel (Fixes FTBFS) linux-signed-i386 (4.19.160+1) buster; urgency=medium . * Sign kernel from linux 4.19.160-1 . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.153 - [ppc64el] ibmveth: Switch order of ibmveth_helper calls. - [ppc64el] ibmveth: Identify ingress large send packets. - ipv4: Restore flowi4_oif update before call to xfrm_lookup_route - mlx4: handle non-napi callers to napi_poll - [armhf] net: fec: Fix phy_device lookup for phy_reset_after_clk_enable() - [armhf] net: fec: Fix PHY init after phy_reset_after_clk_enable() - net: fix pos incrementment in ipv6_route_seq_next - net/smc: fix valid DMBE buffer sizes - net: usb: qmi_wwan: add Cellient MPL200 card - tipc: fix the skb_unshare() in tipc_buf_append() - net/ipv4: always honour route mtu during forwarding - r8169: fix data corruption issue on RTL8402 - [arm*] binder: fix UAF when releasing todo list (CVE-2020-0423) - ALSA: bebob: potential info leak in hwdep_read() - net: hdlc: In hdlc_rcv, check to make sure dev is an HDLC device - [x86,ppc64el] net: hdlc_raw_eth: Clear the IFF_TX_SKB_SHARING flag after calling ether_setup - net/sched: act_tunnel_key: fix OOB write in case of IPv6 ERSPAN tunnels - nfc: Ensure presence of NFC_ATTR_FIRMWARE_NAME attribute in nfc_genl_fw_download() - tcp: fix to update snd_wl1 in bulk receiver fast path - r8169: fix operation under forced interrupt threading - icmp: randomize the global rate limiter (CVE-2020-25705) - ALSA: hda/realtek: Enable audio jacks of ASUS D700SA with ALC887 - cifs: remove bogus debug code - cifs: Return the error from crypt_message when enc/dec key not found. - [x86] KVM: x86/mmu: Commit zap of remaining invalid pages when recovering lpages - [x86] KVM: SVM: Initialize prev_ga_tag before use - crypto: algif_aead - Do not set MAY_BACKLOG on the async path - [x86] EDAC/i5100: Fix error handling order in i5100_init_one() - [x86] fpu: Allow multiple bits in clearcpuid= parameter - [arm64] drivers/perf: xgene_pmu: Fix uninitialized resource struct - [x86] nmi: Fix nmi_handle() duration miscalculation - [amd64] x86/events/amd/iommu: Fix sizeof mismatch - crypto: algif_skcipher - EBUSY on aio should be an error - media: tuner-simple: fix regression in simple_set_radio_freq - media: uvcvideo: Set media controller entity functions - media: uvcvideo: Silence shift-out-of-bounds warning - [armhf] media: omap3isp: Fix memleak in isp_probe - [armhf] media: ti-vpe: Fix a missing check and reference count leak - regulator: resolve supply after creating regulator - ath10k: provide survey info as accumulated data - Bluetooth: hci_uart: Cancel init work before unregistering - ath6kl: prevent potential array overflow in ath6kl_add_new_sta() - ath9k: Fix potential out of bounds in ath9k_htc_txcompletion_cb() - ath10k: Fix the size used in a 'dma_free_coherent()' call in an error handling path - [arm64] wcn36xx: Fix reported 802.11n rx_highest rate wcn3660/wcn3680 - [arm64] ASoC: qcom: lpass-platform: fix memory leak - [arm64] ASoC: qcom: lpass-cpu: fix concurrency issue - brcmfmac: check ndev pointer - mwifiex: Do not use GFP_KERNEL in atomic context - [x86] staging: rtl8192u: Do not use GFP_KERNEL in atomic context - [x86] drm/gma500: fix error check - scsi: qla4xxx: Fix an error handling path in 'qla4xxx_get_host_stats()' - scsi: qla2xxx: Fix wrong return value in qla_nvme_register_hba() - scsi: csiostor: Fix wrong return value in csio_hw_prep_fw() - [x86] VMCI: check return value of get_user_pages_fast() for errors - [ppc64el] tty: hvcs: Don't NULL tty->driver_data until hvcs_cleanup() - pty: do tty_flip_buffer_push without port->lock in pty_write - [x86] pwm: lpss: Fix off by one error in base_unit math in pwm_lpss_prepare() - [x86] pwm: lpss: Add range limit check for the base_unit register value - [x86] video: fbdev: vga16fb: fix setting of pixclock because a pass-by-value error - video: fbdev: sis: fix null ptr dereference - video: fbdev: radeon: Fix memleak in radeonfb_pci_register - HID: roccat: add bounds checking in kone_sysfs_write_settings() - [armhf] pinctrl: mcp23s08: Fix mcp23x17_regmap initialiser - [armhf] pinctrl: mcp23s08: Fix mcp23x17 precious range - net/mlx5: Don't call timecounter cyc2time directly from 1PPS flow - [arm64,armhf] net: stmmac: use netif_tx_start|stop_all_queues() function - [arm64] cpufreq: armada-37xx: Add missing MODULE_DEVICE_TABLE - ath6kl: wmi: prevent a shift wrapping bug in ath6kl_wmi_delete_pstream_cmd() - [amd64] misc: mic: scif: Fix error handling path - [arm*] usb: dwc2: Fix parameter type in function pointer prototype - quota: clear padding in v2r1_mem2diskdqb() - HID: hid-input: fix stylus battery reporting - net: enic: Cure the enic api locking trainwreck - [mips*] mfd: sm501: Fix leaks in probe() - iwlwifi: mvm: split a print to avoid a WARNING in ROC - usb: gadget: f_ncm: fix ncm_bitrate for SuperSpeed and above. - usb: gadget: u_ether: enable qmult on SuperSpeed Plus as well - nl80211: fix non-split wiphy information - [arm*] usb: dwc2: Fix INTR OUT transfers in DDMA mode. - scsi: target: tcmu: Fix warning: 'page' may be used uninitialized - scsi: be2iscsi: Fix a theoretical leak in beiscsi_create_eqs() - mwifiex: fix double free - ipvs: clear skb->tstamp in forwarding path - netfilter: nf_log: missing vlan offload tag and proto - mm/memcg: fix device private memcg accounting - mm, oom_adj: don't loop through tasks in __set_oom_adj when not necessary - IB/mlx4: Fix starvation in paravirt mux/demux - IB/mlx4: Adjust delayed work when a dup is observed - [powerpc*] pseries: Fix missing of_node_put() in rng_init() - [powerpc*] icp-hv: Fix missing of_node_put() in success path - RDMA/ucma: Fix locking for ctx->events_reported - RDMA/ucma: Add missing locking around rdma_leave_multicast() - [powerpc*] pseries: explicitly reschedule during drmem_lmb list traversal - mtd: mtdoops: Don't write panic data twice - [armel,armhf] ARM: 9007/1: l2c: fix prefetch bits init in L2X0_AUX_CTRL using DT values - xfs: limit entries returned when counting fsmap records - xfs: fix high key handling in the rt allocator's query_range function - RDMA/qedr: Fix use of uninitialized field - RDMA/qedr: Fix inline size returned for iWARP https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.154 - [powerpc*] 64s/radix: Fix mm_cpumask trimming race vs kthread_use_mm - RDMA/cma: Remove dead code for kernel rdmacm multicast - RDMA/cma: Consolidate the destruction of a cma_multicast in one place - [arm64] RDMA/hns: Set the unsupported wr opcode - [arm64] RDMA/hns: Fix missing sq_sig_type when querying QP - overflow: Include header file with SIZE_MAX declaration - [powerpc*] perf: Exclude pmc5/6 from the irrelevant PMU group constraints - [poerpc*] cpufreq: powernv: Fix frame-size-overflow in powernv_cpufreq_reboot_notifier - IB/rdmavt: Fix sizeof mismatch - f2fs: wait for sysfs kobject removal before freeing f2fs_sb_info - lib/crc32.c: fix trivial typo in preprocessor condition - rapidio: fix error handling path - rapidio: fix the missed put_device() for rio_mport_add_riodev - mailbox: avoid timer start from callback - [arm64,armhf] clk: rockchip: Initialize hw to error to avoid undefined behavior - [arm*] clk: bcm2835: add missing release if devm_clk_hw_register fails - watchdog: Fix memleak in watchdog_cdev_register - watchdog: Use put_device on error - svcrdma: fix bounce buffers for unaligned offsets and multiple pages - ext4: limit entries returned when counting fsmap records - vfio/pci: Clear token on bypass registration failure - [amd64,arm64] vfio iommu type1: Fix memory leak in vfio_iommu_type1_pin_pages - SUNRPC: fix copying of multiple pages in gss_read_proxy_verf() - [armhf] Input: omap4-keypad - fix handling of platform_get_irq() error - [armhf] Input: twl4030_keypad - fix handling of platform_get_irq() error - [armhf] Input: sun4i-ps2 - fix handling of platform_get_irq() error - [x86] KVM: emulating RDPID failure shall return #UD rather than #GP - netfilter: conntrack: connection timeout after re-register - netfilter: nf_fwd_netdev: clear timestamp in forwarding path - [armhf] dts: sun8i: r40: bananapi-m2-ultra: Fix dcdc1 regulator - [armhf] memory: omap-gpmc: Fix a couple off by ones - [powerpc*] powernv/dump: Fix race while processing OPAL dump - nvmet: fix uninitialized work for zero kato - [x86,arm64] i2c: core: Restore acpi_walk_dep_device_list() getting called after registering the ACPI i2c devs - block: ratelimit handle_bad_sector() message - [x86] crypto: ccp - fix error handling - media: firewire: fix memory leak - media: ati_remote: sanity check for both endpoints - media: media/pci: prevent memory leak in bttv_probe - media: uvcvideo: Ensure all probed info is returned to v4l2 - mmc: sdio: Check for CISTPL_VERS_1 buffer size - media: saa7134: avoid a shift overflow - fs: dlm: fix configfs memory leak - [arm64] media: venus: core: Fix runtime PM imbalance in venus_probe - ip_gre: set dev->hard_header_len and dev->needed_headroom properly - mac80211: handle lack of sband->bitrates in rates - PM: hibernate: remove the bogus call to get_gendisk() in software_resume() - scsi: mvumi: Fix error return in mvumi_io_attach() - scsi: target: core: Add CONTROL field for trace events - [amd64] mic: vop: copy data to kernel space then write to io memory - [amd64] misc: vop: add round_up(x,4) for vring_size to avoid kernel panic - usb: gadget: function: printer: fix use-after-free in __lock_acquire - udf: Limit sparing table size - udf: Avoid accessing uninitialized data on failed inode read - USB: cdc-acm: handle broken union descriptors - [arm64,armhf] usb: dwc3: simple: add support for Hikey 970 - [armhf] can: flexcan: flexcan_chip_stop(): add error handling and propagate error value - ath9k: hif_usb: fix race condition between usb_get_urb() and usb_kill_anchored_urbs() - misc: rtsx: Fix memory leak in rtsx_pci_probe - reiserfs: only call unlock_new_inode() if I_NEW - xfs: make sure the rt allocator doesn't run off the end - usb: ohci: Default to per-port over-current protection - Bluetooth: Only mark socket zapped after unlocking - [ppc64el] scsi: ibmvfc: Fix error return in ibmvfc_probe() - brcmsmac: fix memory leak in wlc_phy_attach_lcnphy - rtl8xxxu: prevent potential memory leak - Fix use after free in get_capset_info callback. - scsi: qedi: Protect active command list to avoid list corruption - scsi: qedi: Fix list_del corruption while removing active I/O - [x86] tty: ipwireless: fix error handling - ipvs: Fix uninit-value in do_ip_vs_set_ctl() - reiserfs: Fix memory leak in reiserfs_parse_options() - mwifiex: don't call del_timer_sync() on uninitialized timer - brcm80211: fix possible memleak in brcmf_proto_msgbuf_attach - usb: core: Solve race condition in anchor cleanup functions - ath10k: check idx validity in __ath10k_htt_rx_ring_fill_n() - usb: cdc-acm: add quirk to blacklist ETAS ES58X devices - USB: cdc-wdm: Make wdm_flush() interruptible and add wdm_fsync(). - eeprom: at25: set minimum read/write access stride to 1 - usb: gadget: f_ncm: allow using NCM in SuperSpeed Plus gadgets. https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.155 - scripts/setlocalversion: make git describe output more reliable - [arm64] Run ARCH_WORKAROUND_1 enabling code on all CPUs - [arm64] link with -z norelro regardless of CONFIG_RELOCATABLE - [x86,arm64,armhf] efivarfs: Replace invalid slashes with exclamation marks in dentries. - gtp: fix an use-before-init in gtp_newlink() - netem: fix zero division in tabledist - tcp: Prevent low rmem stalls with SO_RCVLOWAT. - tipc: fix memory leak caused by tipc_buf_append() - r8169: fix issue with forced threading in combination with shared interrupts - cxgb4: set up filter action after rewrites - [x86] arch/x86/amd/ibs: Fix re-arming IBS Fetch - [x86] xen: disable Firmware First mode for correctable memory errors - fuse: fix page dereference after free - bpf: Fix comment for helper bpf_current_task_under_cgroup() - p54: avoid accessing the data mapped to streaming DMA - [powerpc*] cxl: Rework error message for incompatible slots - RDMA/addr: Fix race with netevent_callback()/rdma_addr_cancel() - mtd: lpddr: Fix bad logic in print_drs_error - [arm*] serial: pl011: Fix lockdep splat when handling magic-sysrq interrupt - fscrypt: return -EXDEV for incompatible rename or link into encrypted dir - fscrypt: clean up and improve dentry revalidation - fscrypt: fix race allowing rename() and link() of ciphertext dentries - fs, fscrypt: clear DCACHE_ENCRYPTED_NAME when unaliasing directory - fscrypt: only set dentry_operations on ciphertext dentries - fscrypt: fix race where ->lookup() marks plaintext dentry as ciphertext - Revert "block: ratelimit handle_bad_sector() message" - xen/events: don't use chip_data for legacy IRQs - xen/events: avoid removing an event channel while handling it (CVE-2020-27675) - xen/events: add a proper barrier to 2-level uevent unmasking (CVE-2020-27673) - xen/events: fix race in evtchn_fifo_unmask() (CVE-2020-27673) - xen/events: add a new "late EOI" evtchn framework (CVE-2020-27673) - xen/blkback: use lateeoi irq binding (CVE-2020-27673) - xen/netback: use lateeoi irq binding (CVE-2020-27673) - xen/scsiback: use lateeoi irq binding (CVE-2020-27673) - xen/pvcallsback: use lateeoi irq binding (CVE-2020-27673) - xen/pciback: use lateeoi irq binding (CVE-2020-27673) - xen/events: switch user event channels to lateeoi model (CVE-2020-27673) - xen/events: use a common cpu hotplug hook for event channels (CVE-2020-27673) - xen/events: defer eoi in case of excessive number of events (CVE-2020-27673) - xen/events: block rogue events for some time (CVE-2020-27673) - RDMA/qedr: Fix memory leak in iWARP CM - ata: sata_nv: Fix retrieving of active qcs - futex: Fix incorrect should_fail_futex() handling - [powerpc*] powernv/smp: Fix spurious DBG() warning - mm: fix exec activate_mm vs TLB shootdown and lazy tlb switching race - [powerpc*] select ARCH_WANT_IRQS_OFF_ACTIVATE_MM - f2fs: add trace exit in exception path - f2fs: fix uninit-value in f2fs_lookup - f2fs: fix to check segment boundary during SIT page readahead - [armel,armhf] 8997/2: hw_breakpoint: Handle inexact watchpoint addresses - power: supply: bq27xxx: report "not charging" on all types - xfs: fix realtime bitmap/summary file truncation when growing rt volume - ath10k: fix VHT NSS calculation when STBC is enabled - media: videodev2.h: RGB BT2020 and HSV are always full range - [x86] usb: typec: tcpm: During PR_SWAP, source caps should be sent only after tSwapSourceStart - media: tw5864: check status of tw5864_frameinterval_get - mmc: via-sdmmc: Fix data race bug - [arm64] topology: Stop using MPIDR for topology information - media: uvcvideo: Fix dereference of out-of-bound list iterator - USB: adutux: fix debugging - uio: free uio id after uio file node is freed - usb: xhci: omit duplicate actions when suspending a runtime suspended host. - [arm64] mm: return cpu_all_mask when node is NUMA_NO_NODE - xfs: don't free rt blocks when we're doing a REMAP bunmapi call - ACPI: Add out of bounds and numa_off protections to pxm_to_node() - drivers/net/wan/hdlc_fr: Correctly handle special skb->protocol values - btrfs: fix replace of seed device - md/bitmap: md_bitmap_get_counter returns wrong blocks - bnxt_en: Log unknown link speed appropriately. - [arm64] rpmsg: glink: Use complete_all for open states - [armhf] clk: ti: clockdomain: fix static checker warning - net: 9p: initialize sun_server.sun_path to have addr's value only when addr is valid - ext4: Detect already used quota file early - gfs2: add validation checks for size of superblock - cifs: handle -EINTR in cifs_setattr - [armhf] memory: emif: Remove bogus debugfs error handling - nbd: make the config put is called before the notifying the waiter - sgl_alloc_order: fix memory leak - nvme-rdma: fix crash when connect rejected - md/raid5: fix oops during stripe resizing - [x86,arm64] mmc: sdhci-acpi: AMDI0040: Set SDHCI_QUIRK2_PRESET_VALUE_BROKEN - [x86] perf/x86/amd/ibs: Don't include randomized bits in get_ibs_op_count() - [x86] perf/x86/amd/ibs: Fix raw sample data accumulation - media: uvcvideo: Fix uvc_ctrl_fixup_xu_info() not having any effect - fs: Don't invalidate page buffers in block_write_full_page() - NFS: fix nfs_path in case of a rename retry - ACPI: button: fix handling lid state changes when input device closed - [x86] ACPI / extlog: Check for RDMSR failure (Closes: #971058) - [x86] ACPI: video: use ACPI backlight for HP 635 Notebook - [x86] acpi-cpufreq: Honor _PSD table setting on new AMD CPUs - scsi: mptfusion: Fix null pointer dereferences in mptscsih_remove() - scsi: qla2xxx: Fix crash on session cleanup with unload - btrfs: qgroup: fix wrong qgroup metadata reserve for delayed inode - btrfs: improve device scanning messages - btrfs: reschedule if necessary when logging directory items - btrfs: send, recompute reference path after orphanization of a directory - btrfs: use kvzalloc() to allocate clone_roots in btrfs_ioctl_send() - btrfs: cleanup cow block on error - btrfs: fix use-after-free on readahead extent after failure to create it - usb: xhci: Workaround for S3 issue on AMD SNPS 3.0 xHC - [arm64,armhf] usb: dwc3: ep0: Fix ZLP for OUT ep0 requests - [arm64,armhf] usb: dwc3: gadget: Check MPS of the request length - [arm64,armhf] usb: dwc3: core: add phy cleanup for probe error handling - [arm64,armhf] usb: dwc3: core: don't trigger runtime pm when remove driver - usb: cdc-acm: fix cooldown mechanism - [x86] usb: typec: tcpm: reset hard_reset_count for any disconnect - [x86] drm/i915: Force VT'd workarounds when running as a guest OS - vt: keyboard, simplify vt_kdgkbsent - vt: keyboard, extend func_buf_lock to readers (CVE-2020-25656) - HID: wacom: Avoid entering wacom_wac_pen_report for pad / battery - udf: Fix memory leak when mounting - [powerpc*] drmem: Make lmb_size 64 bit - [s390x] stp: add locking to sysfs functions - [powerpc*] rtas: Restrict RTAS requests from userspace (CVE-2020-27777) - [powerpc*] Warn about use of smt_snooze_delay - [powerpc*] powernv/elog: Fix race while processing OPAL error log event. - [powerpc*] Fix undetected data corruption with P9N DD2.1 VSX CI load emulation - NFSv4.2: support EXCHGID4_FLAG_SUPP_FENCE_OPS 4.2 EXCHANGE_ID flag - NFSD: Add missing NFSv2 .pc_func methods - ubifs: dent: Fix some potential memory leaks while iterating entries - perf python scripting: Fix printable strings in python3 scripts - ubi: check kthread_should_stop() after the setting of task state - [armhf] i2c: imx: Fix external abort on interrupt in exit paths - drm/amdgpu: don't map BO in reserved region - ceph: promote to unsigned long long before shifting - libceph: clear con->out_msg on Policy::stateful_server faults - 9P: Cast to loff_t before multiplying - ring-buffer: Return 0 on success from ring_buffer_resize() - [amd64] vringh: fix __vringh_iov() when riov and wiov are different - ext4: fix leaking sysfs kobject after failed mount - ext4: fix error handling code in add_new_gdb - ext4: fix invalid inode checksum - drm/ttm: fix eviction valuable range check. - tty: make FONTX ioctl use the tty pointer they were actually passed (CVE-2020-25668) - cachefiles: Handle readpage error correctly - device property: Keep secondary firmware node secondary by type - device property: Don't clear secondary pointer for shared primary firmware node - [arm64] KVM: Fix AArch32 handling of DBGD{CCINT,SCRext} and DBGVCR - [x86] staging: comedi: cb_pcidas: Allow 2-channel commands for AO subdevice - [mips*] staging: octeon: repair "fixed-link" support - [mips*] staging: octeon: Drop on uncorrectable alignment or FCS error https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.156 - [x86] drm/i915: Break up error capture compression loops with cond_resched() - tipc: fix use-after-free in tipc_bcast_get_mode - ptrace: fix task_join_group_stop() for the case when current is traced - [arm64] cadence: force nonlinear buffers to be cloned - net: usb: qmi_wwan: add Telit LE910Cx 0x1230 composition - sctp: Fix COMM_LOST/CANT_STR_ASSOC err reporting on big-endian platforms - [arm64,armhf] sfp: Fix error handing in sfp_probe() - blktrace: fix debugfs use after free (CVE-2019-19770) - btrfs: extent_io: Kill the forward declaration of flush_write_bio - btrfs: extent_io: Move the BUG_ON() in flush_write_bio() one level up - Revert "btrfs: flush write bio if we loop in extent_write_cache_pages" - btrfs: flush write bio if we loop in extent_write_cache_pages - btrfs: extent_io: Handle errors better in extent_write_full_page() - btrfs: extent_io: Handle errors better in btree_write_cache_pages() - btrfs: extent_io: add proper error handling to lock_extent_buffer_for_io() - Btrfs: fix unwritten extent buffers and hangs on future writeback attempts - btrfs: Don't submit any btree write bio if the fs has errors (CVE-2019-19039, CVE-2019-19377) - btrfs: Move btrfs_check_chunk_valid() to tree-check.[ch] and export it - btrfs: tree-checker: Make chunk item checker messages more readable - btrfs: tree-checker: Make btrfs_check_chunk_valid() return EUCLEAN instead of EIO - btrfs: tree-checker: Check chunk item at tree block read time - btrfs: tree-checker: Verify dev item - btrfs: tree-checker: Fix wrong check on max devid - btrfs: tree-checker: Enhance chunk checker to validate chunk profile (CVE-2019-19816) - btrfs: tree-checker: Verify inode item - btrfs: tree-checker: fix the error message for transid error - Fonts: Replace discarded const qualifier - ALSA: usb-audio: Add implicit feedback quirk for Zoom UAC-2 - ALSA: usb-audio: add usb vendor id as DSD-capable for Khadas devices - ALSA: usb-audio: Add implicit feedback quirk for Qu-16 - ALSA: usb-audio: Add implicit feedback quirk for MODX - mm: mempolicy: fix potential pte_unmap_unlock pte error - kthread_worker: prevent queuing delayed work from timer_fn when it is being canceled - mm: always have io_remap_pfn_range() set pgprot_decrypted() - gfs2: Wake up when sd_glock_disposal becomes zero - ring-buffer: Fix recursion protection transitions between interrupt context - ftrace: Fix recursion check for NMI test - ftrace: Handle tracing when switching between context - tracing: Fix out of bounds write in get_trace_buf - futex: Handle transient "ownerless" rtmutex state correctly - [amd64] x86/kexec: Use up-to-dated screen_info copy to fill boot params - of: Fix reserved-memory overlap detection - blk-cgroup: Fix memleak on error path - blk-cgroup: Pre-allocate tree node on blkg_conf_prep - scsi: core: Don't start concurrent async scan on same host - vsock: use ns_capable_noaudit() on socket create - [arm*] drm/vc4: drv: Add error handding for bind - [amd64,arm64] ACPI: NFIT: Fix comparison to '-ENXIO' - vt: Disable KD_FONT_OP_COPY (CVE-2020-28974) - fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent - USB: serial: cyberjack: fix write-URB completion race - USB: serial: option: add Quectel EC200T module support - USB: serial: option: add LE910Cx compositions 0x1203, 0x1230, 0x1231 - USB: serial: option: add Telit FN980 composition 0x1055 - USB: Add NO_LPM quirk for Kingston flash drive - PM: runtime: Resume the device earlier in __device_release_driver() - perf/core: Fix a memory leak in perf_event_parse_addr_filter() (CVE-2020-25704) - tools: perf: Fix build error in v4.19.y - [arm64,armhf] net: dsa: read mac address from DT for slave device - [arm64] dts: marvell: espressobin: Add ethernet switch aliases https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.157 - [x86] powercap: restrict energy meter to root access (CVE-2020-8694) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.158 - regulator: defer probe when trying to get voltage from unresolved supply - time: Prevent undefined behaviour in timespec64_to_ns() - nbd: don't update block size after device is started - [arm64,armhf] usb: dwc3: gadget: Continue to process pending requests - [arm64,armhf] usb: dwc3: gadget: Reclaim extra TRBs after request completion - btrfs: sysfs: init devices outside of the chunk_mutex - btrfs: reschedule when cloning lots of extents - [x86] hv_balloon: disable warning when floor reached - net: xfrm: fix a race condition during allocing spi - xfs: set xefi_discard when creating a deferred agfl free log intent item - netfilter: ipset: Update byte and packet counters regardless of whether they match - perf tools: Add missing swap for ino_generation - [x86] ALSA: hda: prevent undefined shift in snd_hdac_ext_bus_get_link() - can: rx-offload: don't call kfree_skb() from IRQ context - can: dev: can_get_echo_skb(): prevent call to kfree_skb() in hard IRQ context - can: dev: __can_get_echo_skb(): fix real payload length return value for RTR frames - can: can_create_echo_skb(): fix echo skb generation: always use skb_clone() - can: peak_usb: add range checking in decode operations - can: peak_usb: peak_usb_get_ts_time(): fix timestamp wrapping - can: peak_canfd: pucan_handle_can_rx(): fix echo management when loopback is on - [armhf] can: flexcan: remove FLEXCAN_QUIRK_DISABLE_MECR quirk for LS1021A - xfs: flush new eof page on truncate to avoid post-eof corruption - [arm64,x86] tpm: efi: Don't create binary_bios_measurements file for an empty log - Btrfs: fix missing error return if writeback for extent buffer never started - ath9k_htc: Use appropriate rs_datalen type - netfilter: use actual socket sk rather than skb sk when routing harder - gfs2: Free rd_bits later in gfs2_clear_rgrpd to fix use-after-free - gfs2: Add missing truncate_inode_pages_final for sd_aspace - gfs2: check for live vs. read-only file system in gfs2_fitrim - scsi: hpsa: Fix memory leak in hpsa_init_one() - drm/amdgpu: perform srbm soft reset always on SDMA resume - mac80211: fix use of skb payload instead of header - cfg80211: regulatory: Fix inconsistent format argument - scsi: scsi_dh_alua: Avoid crash during alua_bus_detach() - [s390x] smp: move rcu_cpu_starting() earlier - [x86] tpm_tis: Disable interrupts on ThinkPad T490s - tick/common: Touch watchdog in tick_unfreeze() on all CPUs - [x86] pinctrl: intel: Set default bias in case no particular value given - [armel,armhf] 9019/1: kprobes: Avoid fortify_panic() when copying optprobe template - nbd: fix a block_device refcount leak in nbd_release - xfs: fix flags argument to rmap lookup when converting shared file rmaps - xfs: fix rmap key and record comparison functions - lan743x: fix "BUG: invalid wait context" when setting rx mode - xfs: fix a missing unlock on error in xfs_fs_map_blocks - of/address: Fix of_node memory leak in of_dma_is_coherent - [i386] cosa: Add missing kfree in error path of cosa_write - perf: Fix get_recursion_context() - ext4: correctly report "not supported" for {usr,grp}jquota when !CONFIG_QUOTA - ext4: unlock xattr_sem properly in ext4_inline_data_truncate() - btrfs: dev-replace: fail mount if we don't have replace item with target device - [x86] thunderbolt: Fix memory leak if ida_simple_get() fails in enumerate_services() - [x86] thunderbolt: Add the missed ida_simple_remove() in ring_request_msix() - uio: Fix use-after-free in uio_unregister_device() - usb: cdc-acm: Add DISABLE_ECHO for Renesas USB Download mode - futex: Don't enable IRQs unconditionally in put_pi_state() - ocfs2: initialize ip_next_orphan - btrfs: fix potential overflow in cluster_pages_for_defrag on 32bit arch - selinux: Fix error return code in sel_ib_pkey_sid_slow() - gpio: pcie-idio-24: Fix irq mask when masking - gpio: pcie-idio-24: Fix IRQ Enable Register value - gpio: pcie-idio-24: Enable PEX8311 interrupts - don't dump the threads that had been already exiting when zapped. - [x86] drm/gma500: Fix out-of-bounds access to struct drm_device.vblank[] - pinctrl: amd: use higher precision for 512 RtcClk - pinctrl: amd: fix incorrect way to disable debounce filter - swiotlb: fix "x86: Don't panic if can not alloc buffer for swiotlb" - IPv6: Set SIT tunnel hard_header_len to zero - [s390x] net/af_iucv: fix null pointer dereference on shutdown - net: Update window_clamp if SOCK_RCVBUF is set - tipc: fix memory leak in tipc_topsrv_start() - vrf: Fix fast path output packet handling with async Netfilter rules - r8169: fix potential skb double free in an error path - random32: make prandom_u32() output unpredictable - [x86] speculation: Allow IBPB to be conditionally enabled on CPUs with always-on STIBP - perf/core: Fix race in the perf_mmap_close() function (CVE-2020-14351) - Revert "kernel/reboot.c: convert simple_strtoul to kstrtoint" - reboot: fix overflow parsing reboot cpu number - net: sch_generic: fix the missing new qdisc assignment bug - Convert trailing spaces and periods in path components https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.159 - [powerpc*] 64s: move some exception handlers out of line - [powerpc*] 64s: flush L1D on kernel entry (CVE-2020-4788) - [powerpc*] Add a framework for user access tracking - [powerpc*] Implement user_access_begin and friends - [powerpc*] Fix __clear_user() with KUAP enabled - [powerpc*] uaccess: Evaluate macro arguments once, before user access is allowed - [powerpc*] 64s: flush L1D after user accesses (CVE-2020-4788) - Revert "perf cs-etm: Move definition of 'traceid_list' global variable from header file" - Input: sunkbd - avoid use-after-free in teardown paths (CVE-2020-25669) - mac80211: always wind down STA state - can: proc: can_remove_proc(): silence remove_proc_entry warning - [x86] KVM: x86: clflushopt should be treated as a no-op by emulation - [arm64] ACPI: GED: fix -Wformat https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.160 - ah6: fix error return code in ah6_input() - atm: nicstar: Unmap DMA on send error - bnxt_en: read EEPROM A2h address using page 0 - devlink: Add missing genlmsg_cancel() in devlink_nl_sb_port_pool_fill() - inet_diag: Fix error path to cancel the meseage in inet_req_diag_fill() - lan743x: fix issue causing intermittent kernel log warnings - lan743x: prevent entire kernel HANG on open, for some platforms - net: b44: fix error return code in b44_init_one() - net: bridge: add missing counters to ndo_get_stats64 callback - [arm64,armhf] net: dsa: mv88e6xxx: Avoid VTU corruption on 6097 - net: Have netpoll bring-up DSA management interface - net/mlx4_core: Fix init_hca fields offset - page_frag: Recover from memory pressure - qed: fix error return code in qed_iwarp_ll2_start() - qlcnic: fix error return code in qlcnic_83xx_restart_hw() - sctp: change to hold/put transport for proto_unreach_timer - tcp: only postpone PROBE_RTT if RTT is < current min_rtt estimate - [arm64,armhf] net/mlx5: Disable QoS when min_rates on all VFs are zero - net: usb: qmi_wwan: Set DTR quirk for MR400 - [arm64,armhf] pinctrl: rockchip: enable gpio pclk for rockchip_gpio_to_irq - scsi: ufs: Fix unbalanced scsi_block_reqs_cnt caused by ufshcd_hold() - [x86] ACPI: button: Add DMI quirk for Medion Akoya E2228T - [arm64] psci: Avoid printing in cpu_psci_cpu_die() - vfs: remove lockdep bogosity in __sb_start_write - [arm64] dts: allwinner: a64: Pine64 Plus: Fix ethernet node - [arm64] dts: allwinner: h5: OrangePi PC2: Fix ethernet node - [armhf] dts: sun8i: r40: bananapi-m2-ultra: Fix ethernet node - [armhf] Revert "arm: sun8i: orangepi-pc-plus: Set EMAC activity LEDs to active high" - [armhf] dts: sun8i: h3: orangepi-plus2e: Enable RGMII RX/TX delay on Ethernet PHY - [armhf] dts: sun8i: a83t: Enable both RGMII RX/TX delay on Ethernet PHY - [arm64] dts: allwinner: a64: bananapi-m64: Enable RGMII RX/TX delay on PHY - [mips*] export has_transparent_hugepage() for modules - [arm64] dts: allwinner: h5: OrangePi Prime: Fix ethernet node - perf lock: Don't free "lock_seq_stat" if read_count isn't zero - ip_tunnels: Set tunnel option flag when tunnel metadata is present - can: af_can: prevent potential access of uninitialized member in can_rcv() - can: af_can: prevent potential access of uninitialized member in canfd_rcv() - can: dev: can_restart(): post buffer from the right context - can: mcba_usb: mcba_usb_start_xmit(): first fill skb, then pass to can_put_echo_skb() - can: peak_usb: fix potential integer overflow on shift of a int - [arm64] ASoC: qcom: lpass-platform: Fix memory leak - [arm64,armhf] drm/sun4i: dw-hdmi: fix error return code in sun8i_dw_hdmi_bind() - can: kvaser_usb: kvaser_usb_hydra: Fix KCAN bittiming limits - [armhf] regulator: ti-abb: Fix array out of bound read access on the first transition - xfs: revert "xfs: fix rmap key and record comparison functions" - [amd64] efi/x86: Free efi_pgd with free_pages() - libfs: fix error cast of negative value in simple_attr_write() - speakup: Do not let the line discipline be used several times (CVE-2020-28941) - ALSA: firewire: Clean up a locking issue in copy_resp_to_buf() - ALSA: usb-audio: Add delay quirk for all Logitech USB devices - ALSA: ctl: fix error path at adding user-defined element set - ALSA: mixart: Fix mutex deadlock - ALSA: hda/realtek: Add some Clove SSID in the ALC293(ALC1220) - [armhf] tty: serial: imx: keep console clocks always on - [arm64,armhf,x86] efivarfs: fix memory leak in efivarfs_create() - [arm64,x86] staging: rtl8723bs: Add 024c:0627 to the list of SDIO device-ids - ext4: fix bogus warning in ext4_update_dx_flag() - [x86] iio: accel: kxcjk1013: Replace is_smo8500_device with an acpi_type enum - [x86] iio: accel: kxcjk1013: Add support for KIOX010A ACPI DSM for setting tablet-mode - [armhf] regulator: pfuze100: limit pfuze-support-disable-sw to pfuze{100,200} - regulator: fix memory leak with repeated set_machine_constraints() - regulator: avoid resolve_supply() infinite recursion - regulator: workaround self-referent regulators - mac80211: minstrel: remove deferred sampling code - mac80211: minstrel: fix tx status processing corner case - mac80211: free sta in sta_info_insert_finish() on errors - [s390x] cpum_sf.c: fix file permission for cpum_sfb_size - [s390x] dasd: fix null pointer dereference for ERP requests - ptrace: Set PF_SUPERPRIV when checking capability - seccomp: Set PF_SUPERPRIV when checking capability - [x86] microcode/intel: Check patch signature before saving microcode for early loading - mm/userfaultfd: do not access vma->vm_mm after calling handle_userfault() . [ Salvatore Bonaccorso ] * net: Enable NET_SWITCHDEV; disable on armel/marvell (Closes: #949863) * Bump ABI to 13 * [rt] Update to 4.19.152-rt65 * [rt] Refresh "mm: Protect activate_mm() by preempt_[disable&enable]_rt()" * [rt] Refresh "kthread: convert worker lock to raw spinlock" * [rt] Refresh "signals: Allow rt tasks to cache one sigqueue struct" * [rt] Refresh "tpm_tis: fix stall after iowrite*()s" * [rt] Refresh "futex: Delay deallocation of pi_state" * [rt] Refresh "futex: Make the futex_hash_bucket spinlock_t again" * [rt] Update to 4.19.152-rt66 - mm/memcontrol: Disable preemption in __mod_memcg_lruvec_state() - ptrace: fix ptrace_unfreeze_traced() race with rt-lock * [rt] Update to 4.19.160-rt69 . [ Noah Meyerhans ] * Backport upstream fix for PCI bridge firmware configuration preservation (Closes: #968623) . [ John L. Villalovos ] * Backport support for USB Host Controllers with local memory to avoid crashes. In particular the Renesas USB 3.0 controller (PD720201/PD720202) which is used on the Ampere's Mt Jade platform which is part of their Altra product line: - lib/genalloc: add gen_pool_dma_zalloc() for zeroed DMA allocations - USB: use genalloc for USB HCs with local memory - USB: drop HCD_LOCAL_MEM flag - usb: don't create dma pools for HCDs with a localmem_pool - usb: add a hcd_uses_dma helper - usb: host: ohci-sm501: init genalloc for local memory - usb/hcd: Fix a NULL vs IS_ERR() bug in usb_hcd_setup_local_mem() * [arm64] config/arm64/config: Set NODES_SHIFT to 4 . [ Yves-Alexis Perez ] * usbnet: ipheth: fix connectivity with iOS 14 linux-signed-i386 (4.19.152+1) buster-security; urgency=high . * Sign kernel from linux 4.19.152-1 . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.147 - [arm64,armhf] dsa: Allow forwarding of redirected IGMP traffic - scsi: qla2xxx: Update rscn_rcvd field to more meaningful scan_needed - scsi: qla2xxx: Move rport registration out of internal work_list - scsi: qla2xxx: Reduce holding sess_lock to prevent CPU lock-up - net: handle the return value of pskb_carve_frag_list() correctly - [x86] hv_netvsc: Remove "unlikely" from netvsc_select_queue - NFSv4.1 handle ERR_DELAY error reclaiming locking state on delegation recall - scsi: pm8001: Fix memleak in pm8001_exec_internal_task_abort - scsi: libfc: Fix for double free() - scsi: lpfc: Fix FLOGI/PLOGI receive race condition in pt2pt discovery - [arm64] regulator: pwm: Fix machine constraints application - NFS: Zero-stateid SETATTR should first return delegation - SUNRPC: stop printk reading past end of string - nvme-fc: cancel async events before freeing event struct - nvme-rdma: cancel async events before freeing event struct - f2fs: fix indefinite loop scanning for free nid - f2fs: Return EOF on unaligned end of file DIO read - i2c: algo: pca: Reapply i2c bus settings after reset - spi: Fix memory leak on splited transfers - [arm64,armhf] clk: rockchip: Fix initialization of mux_pll_src_4plls_p - [arm64] ASoC: qcom: Set card->owner to avoid warnings - [x86] Drivers: hv: vmbus: Add timeout to vmbus_wait_for_unload - fbcon: Fix user font detection test at fbcon_resize(). - USB: quirks: Add USB_QUIRK_IGNORE_REMOTE_WAKEUP quirk for BYD zhaoxin notebook - USB: UAS: fix disconnect by unplugging a hub - usblp: fix race between disconnect() and read() - [x86] i2c: i801: Fix resume bug - Revert "ALSA: hda - Fix silent audio output and corrupted input on MSI X570-A PRO" - percpu: fix first chunk size calculation for populated bitmap - Input: trackpoint - add new trackpoint variant IDs - serial: 8250_pci: Add Realtek 816a and 816b - ehci-hcd: Move include to keep CRC stable - [powerpc*] dma: Fix dma_map_ops::get_required_mask https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.148 - af_key: pfkey_dump needs parameter validation - KVM: fix memory leak in kvm_io_bus_unregister_dev() - kprobes: fix kill kprobe which has been marked as gone - mm/thp: fix __split_huge_pmd_locked() for migration PMD - cxgb4: Fix offset when clearing filter byte counters - geneve: add transport ports in route lookup for geneve (CVE-2020-25645) - [x86,ppc64el] hdlc_ppp: add range checks in ppp_cp_parse_cr() (CVE-2020-25643) - ip: fix tos reflection in ack and reset packets - ipv6: avoid lockdep issue in fib6_del() - net: DCB: Validate DCB_ATTR_DCB_BUFFER argument - net: ipv6: fix kconfig dependency warning for IPV6_SEG6_HMAC - net: sch_generic: aviod concurrent reset and enqueue op for lockless qdisc - nfp: use correct define to return NONE fec - tipc: Fix memory leak in tipc_group_create_member() - tipc: fix shutdown() of connection oriented socket - tipc: use skb_unshare() instead in tipc_buf_append() - bnxt_en: return proper error codes in bnxt_show_temp - bnxt_en: Protect bnxt_set_eee() and bnxt_set_pauseparam() with mutex. - net: phy: Avoid NPD upon phy_detach() when driver is unbound - net: add __must_check to skb_put_padto() - ipv4: Update exception handling for multipath routes via same device - kbuild: add OBJSIZE variable for the size tool - mm: memcg: fix memcg reclaim soft lockup - tcp_bbr: refactor bbr_target_cwnd() for general inflight provisioning - tcp_bbr: adapt cwnd based on ack aggregation estimation - serial: 8250: Avoid error message on reprobe https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.149 - selinux: allow labeling before policy is loaded - media: mc-device.c: fix memleak in media_device_register_entity - dma-fence: Serialise signal enabling (dma_fence_enable_sw_signaling) - ath10k: fix array out-of-bounds access - ath10k: fix memory leak for tpc_stats_final - mm: fix double page fault on arm64 if PTE_AF is cleared - scsi: aacraid: fix illegal IO beyond last LBA - [x86] gma/gma500: fix a memory disclosure bug due to uninitialized bytes - [armel,armhf] ASoC: kirkwood: fix IRQ error handling - [amd64] arch/x86/lib/usercopy_64.c: fix __copy_user_flushcache() cache writeback - [x86] ioapic: Unbreak check_timer() - ALSA: usb-audio: Add delay quirk for H570e USB headsets - ALSA: hda/realtek - Couldn't detect Mic if booting with headset plugged - ALSA: hda/realtek: Enable front panel headset LED on Lenovo ThinkStation P520 - lib/string.c: implement stpcpy - [armhf] PM / devfreq: tegra30: Fix integer overflow on CPU's freq max out - [x86] scsi: fnic: fix use after free - scsi: lpfc: Fix kernel crash at lpfc_nvme_info_show during remote port bounce - net: silence data-races on sk_backlog.tail - [armhf] clk/ti/adpll: allocate room for terminating null - mtd: cfi_cmdset_0002: don't free cfi->cfiq in error path of cfi_amdstd_setup() - mfd: mfd-core: Protect against NULL call-back function pointer - [x86] tpm_crb: fix fTPM on AMD Zen+ CPUs - tracing: Adding NULL checks for trace_array descriptor pointer - bcache: fix a lost wake-up problem caused by mca_cannibalize_lock - RDMA/qedr: Fix potential use after free - RDMA/i40iw: Fix potential use after free - fix dget_parent() fastpath race - xfs: fix attr leaf header freemap.size underflow - RDMA/iw_cgxb4: Fix an error handling path in 'c4iw_connect()' - ubi: Fix producing anchor PEBs - mmc: core: Fix size overflow for mmc partitions - gfs2: clean up iopen glock mess in gfs2_create_inode - scsi: pm80xx: Cleanup command when a reset times out - CIFS: Properly process SMB3 lease breaks - ASoC: max98090: remove msleep in PLL unlocked workaround - kernel/sys.c: avoid copying possible padding bytes in copy_to_user - [arm64,armhf] KVM: vgic: Fix potential double free dist->spis in __kvm_vgic_destroy() - xfs: fix log reservation overflows when allocating large rt extents - neigh_stat_seq_next() should increase position index - rt_cpu_seq_next should increase position index - ipv6_route_seq_next should increase position index - seqlock: Require WRITE_ONCE surrounding raw_seqcount_barrier - sctp: move trace_sctp_probe_path into sctp_outq_sack - [arm64,x86] ACPI: EC: Reference count query handlers under lock - scsi: ufs: Make ufshcd_add_command_trace() easier to read - scsi: ufs: Fix a race condition in the tracing code - [s390x] /cpum_sf: Use kzalloc and minor changes - [powerpc*] eeh: Only dump stack once if an MMIO loop is detected - Bluetooth: btrtl: Use kvmalloc for FW allocations - [armel,armhf] ARM: 8948/1: Prevent OOB access in stacktrace - ar5523: Add USB ID of SMCWUSBT-G2 wireless adapter - ceph: ensure we have a new cap before continuing in fill_inode - Bluetooth: Fix refcount use-after-free issue - mm/swapfile.c: swap_next should increase position index - mm: pagewalk: fix termination condition in walk_pte_range() - Bluetooth: prefetch channel before killing sock - KVM: fix overflow of zero page refcount with ksm running - ALSA: hda: Clear RIRB status before reading WP - skbuff: fix a data race in skb_queue_len() - audit: CONFIG_CHANGE don't log internal bookkeeping as an event - selinux: sel_avc_get_stat_idx should increase position index - scsi: lpfc: Fix RQ buffer leakage when no IOCBs available - scsi: lpfc: Fix coverity errors in fmdi attribute handling - [armhf] drm/omap: fix possible object reference leak - crypto: chelsio - This fixes the kernel panic which occurs during a libkcapi test - mt76: clear skb pointers from rx aggregation reorder buffer during cleanup - ALSA: usb-audio: Don't create a mixer element with bogus volume range - [s390x] perf test: Fix test trace+probe_vfs_getname.sh on s390 - RDMA/rxe: Fix configuration of atomic queue pair attributes - [x86] KVM: x86: fix incorrect comparison in trace event - [x86] pkeys: Add check for pkey "overflow" - bpf: Remove recursion prevention from rcu free callback - [arm64,armhf] dmaengine: tegra-apb: Prevent race conditions on channel's freeing - random: fix data races at timer_rand_state - [arm64] bus: hisi_lpc: Fixup IO ports addresses to avoid use-after-free in host removal - media: go7007: Fix URB type for interrupt handling - Bluetooth: guard against controllers sending zero'd events - timekeeping: Prevent 32bit truncation in scale64_check_overflow() - ext4: fix a data race at inode->i_disksize - mm: avoid data corruption on CoW fault into PFN-mapped VMA - drm/amdgpu: increase atombios cmd timeout - ath10k: use kzalloc to read for ath10k_sdio_hif_diag_read - scsi: aacraid: Disabling TM path and only processing IOP reset - Bluetooth: L2CAP: handle l2cap config request during open state - media: tda10071: fix unsigned sign extension overflow - xfs: don't ever return a stale pointer from __xfs_dir3_free_read - xfs: mark dir corrupt when lookup-by-hash fails - ext4: mark block bitmap corrupted when found instead of BUGON - nfsd: Don't add locks to closed or closing open stateids - RDMA/cm: Remove a race freeing timewait_info - [powerpc*] KVM: PPC: Book3S HV: Treat TM-related invalid form instructions on P9 like the valid ones - [arm64] drm/msm: fix leaks if initialization fails - [arm64] drm/msm/a5xx: Always set an OPP supported hardware value - serial: 8250_port: Don't service RX FIFO if throttled - [powerpc*] cpufreq: powernv: Fix frame-size-overflow in powernv_cpufreq_work_fn - nvme-multipath: do not reset on unknown status - nvme: Fix controller creation races with teardown flow - RDMA/rxe: Set sys_image_guid to be aligned with HW IB devices - scsi: hpsa: correct race condition in offload enabled - SUNRPC: Fix a potential buffer overflow in 'svc_print_xprts()' - svcrdma: Fix leak of transport addresses - PCI: Use ioremap(), not phys_to_virt() for platform ROM - ubifs: Fix out-of-bounds memory access caused by abnormal value of node_len - ALSA: usb-audio: Fix case when USB MIDI interface has more than one extra endpoint descriptor - PCI: pciehp: Fix MSI interrupt race - NFS: Fix races nfs_page_group_destroy() vs nfs_destroy_unlinked_subrequests() - mm/kmemleak.c: use address-of operator on section symbols - mm/filemap.c: clear page error before actual read - mm/vmscan.c: fix data races using kswapd_classzone_idx - nvmet-rdma: fix double free of rdma queue - mm/mmap.c: initialize align_offset explicitly for vm_unmapped_area - scsi: qedi: Fix termination timeouts in session logout - [arm64] serial: uartps: Wait for tx_empty in console setup - [x86] KVM: Remove CREATE_IRQCHIP/SET_PIT2 race - bdev: Reduce time holding bd_mutex in sync in blkdev_close() - [x86] drivers: char: tlclk.c: Avoid data race between init and interrupt handler - [arm64] KVM: vgic-its: Fix memory leak on the error path of vgic_add_lpi() - net: openvswitch: use u64 for meter bucket - scsi: aacraid: Fix error handling paths in aac_probe_one() - staging:r8188eu: avoid skb_clone for amsdu to msdu conversion - [arm64] cpufeature: Relax checks for AArch32 support at EL[0-2] - dt-bindings: sound: wm8994: Correct required supplies based on actual implementaion - atm: fix a memory leak of vcc->user_back - Bluetooth: Handle Inquiry Cancel error after Inquiry Complete - tipc: fix memory leak in service subscripting - [armhf] tty: serial: samsung: Correct clock selection logic - ALSA: hda: Fix potential race in unsol event handler - [powerpc*] traps: Make unrecoverable NMIs die instead of panic - fuse: don't check refcount after stealing page - [powerpc*] scsi: cxlflash: Fix error return code in cxlflash_probe() - [arm64] cpufeature: Drop TraceFilt feature exposure from ID_DFR0 register - e1000: Do not perform reset in reset_task if we are already down - drm/nouveau/debugfs: fix runtime pm imbalance on error - drm/nouveau: fix runtime pm imbalance on error - drm/nouveau/dispnv50: fix runtime pm imbalance on error - printk: handle blank console arguments passed in. - [arm64,armhf] usb: dwc3: Increase timeout for CmdAct cleared by device controller - btrfs: don't force read-only after error in drop snapshot - vfio/pci: fix memory leaks of eventfd ctx - perf trace: Fix the selection for architectures to generate the errno name tables - [arm64,armhf] wlcore: fix runtime pm imbalance in wl1271_tx_work - [arm64,armhf] wlcore: fix runtime pm imbalance in wlcore_regdomain_config - [arm64,armhf] PCI: tegra: Fix runtime PM imbalance on error - ceph: fix potential race in ceph_check_caps - mm/swap_state: fix a data race in swapin_nr_pages - [armel] mtd: parser: cmdline: Support MTD names containing one or more colons - [x86] speculation/mds: Mark mds_user_clear_cpu_buffers() __always_inline - vfio/pci: Clear error and request eventfd ctx after releasing - cifs: Fix double add page to memcg when cifs_readpages - nvme: fix possible deadlock when I/O is blocked - scsi: libfc: Handling of extra kref - scsi: libfc: Skip additional kref updating work event - vfio/pci: fix racy on error and request eventfd ctx - btrfs: qgroup: fix data leak caused by race between writeback and truncate - net: openvswitch: use div_u64() for 64-by-32 divisions - nvme: explicitly update mpath disk capacity on revalidation - [x86] ASoC: Intel: bytcr_rt5640: Add quirk for MPMAN Converter9 2-in-1 - [s390x] init: add missing __init annotations - lockdep: fix order in trace_hardirqs_off_caller() - [amd64] drm/amdkfd: fix a memory leak issue - i2c: core: Call i2c_acpi_install_space_handler() before i2c_acpi_register_devices() - mwifiex: Increase AES key storage size to 256 bits - batman-adv: bla: fix type misuse for backbone_gw hash indexing - atm: eni: fix the missed pci_disable_device() for eni_init_one() - batman-adv: mcast/TT: fix wrongly dropped or rerouted packets - mac802154: tx: fix use-after-free - bpf: Fix clobbering of r2 in bpf_gen_ld_abs - [arm*] drm/vc4/vc4_hdmi: fill ASoC card owner - net: qed: RDMA personality shouldn't fail VF load - batman-adv: Add missing include for in_interrupt() - batman-adv: mcast: fix duplicate mcast packets in BLA backbone from mesh - batman-adv: mcast: fix duplicate mcast packets from BLA backbone to mesh - bpf: Fix a rcu warning for bpffs map pretty-print - [x86] ALSA: asihpi: fix iounmap in error handler - regmap: fix page selection for noinc reads - [x86] KVM: Reset MMU context if guest toggles CR4.SMAP or CR4.PKE - [x86] KVM: SVM: Add a dedicated INVD intercept routine - tracing: fix double free - [s390x] dasd: Fix zero write for FBA devices - kprobes: Fix to check probe enabled before disarm_kprobe_ftrace() - mm, THP, swap: fix allocating cluster for swapfile by mistake - [s390x] zcrypt: Fix ZCRYPT_PERDEV_REQCNT ioctl - ata: define AC_ERR_OK - ata: make qc_prep return ata_completion_errors - ata: sata_mv, avoid trigerrable BUG_ON - [arm64] KVM: Assume write fault on S1PTW permission fault on instruction fetch https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.150 - mmc: sdhci: Workaround broken command queuing on Intel GLK based IRBIS models - USB: gadget: f_ncm: Fix NDP16 datagram validation - vsock/virtio: use RCU to avoid use-after-free on the_virtio_vsock - vsock/virtio: stop workers during the .remove() - vsock/virtio: add transport parameter to the virtio_transport_reset_no_sock() - net: virtio_vsock: Enhance connection semantics - Input: i8042 - add nopnp quirk for Acer Aspire 5 A515 - ftrace: Move RCU is watching check after recursion check - drm/amdgpu: restore proper ref count in amdgpu_display_crtc_set_config - drivers/net/wan/hdlc_fr: Add needed_headroom for PVC devices - [armhf] drm/sun4i: mixer: Extend regmap max_register - net: dec: de2104x: Increase receive ring size for Tulip - rndis_host: increase sleep time in the query-response loop - nvme-core: get/put ctrl and transport module in nvme_dev_open/release() - [x86,ppc64el] drivers/net/wan/hdlc: Set skb->protocol before transmitting - mac80211: do not allow bigger VHT MPDUs than the hardware supports - nvme-fc: fail new connections to a deleted host or remote port - [armhf] pinctrl: mvebu: Fix i2c sda definition for 98DX3236 - nfs: Fix security label length not being reset - [armhf] clk: samsung: exynos4: mark 'chipid' clock as CLK_IGNORE_UNUSED - Input: trackpoint - enable Synaptics trackpoints - random32: Restore __latent_entropy attribute on net_rand_state - mm: replace memmap_context by meminit_context - mm: don't rely on system state to detect hot-plug operations - epoll: do not insert into poll queues until all sanity checks are done - epoll: replace ->visited/visited_list with generation count - epoll: EPOLL_CTL_ADD: close the race in decision to take fast path - ep_create_wakeup_source(): dentry name can change under you... - netfilter: ctnetlink: add a range check for l3/l4 protonum (CVE-2020-25211) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.151 - fbdev, newport_con: Move FONT_EXTRA_WORDS macros into linux/font.h - Fonts: Support FONT_EXTRA_WORDS macros for built-in fonts - fbcon: Fix global-out-of-bounds read in fbcon_get_font() - net: wireless: nl80211: fix out-of-bounds access in nl80211_del_key() - drm/nouveau/mem: guard against NULL pointer access in mem_del - usermodehelper: reset umask to default before executing user process - [x86] platform/x86: intel-vbtn: Fix SW_TABLET_MODE always reporting 1 on the HP Pavilion 11 x360 - [x86] platform/x86: thinkpad_acpi: initialize tp_nvram_state variable - [x86] platform/x86: intel-vbtn: Switch to an allow-list for SW_TABLET_MODE reporting - [x86] platform/x86: thinkpad_acpi: re-initialize ACPI buffer size when reuse - driver core: Fix probe_count imbalance in really_probe() - [x86] i2c: i801: Exclude device from suspend direct complete optimization - [armhf] mtd: rawnand: sunxi: Fix the probe error path - nvme-core: put ctrl ref when module ref get fail - macsec: avoid use-after-free in macsec_handle_frame() - mm/khugepaged: fix filemap page_to_pgoff(page) != offset - xfrmi: drop ignore_df check before updating pmtu - cifs: Fix incomplete memory allocation on setxattr path - [arm64,armhf] i2c: meson: fix clock setting overwrite - [arm64,armhf] i2c: meson: fixup rate calculation with filter delay - sctp: fix sctp_auth_init_hmacs() error path - team: set dev->needed_headroom in team_setup_by_port() - net: team: fix memory leak in __team_options_register - openvswitch: handle DNAT tuple collision - drm/amdgpu: prevent double kfree ttm->sg - xfrm: clone XFRMA_SET_MARK in xfrm_do_migrate - xfrm: clone XFRMA_REPLAY_ESN_VAL in xfrm_do_migrate - xfrm: clone XFRMA_SEC_CTX in xfrm_do_migrate - xfrm: clone whole liftime_cur structure in xfrm_do_migrate - [arm64,armhf] net: stmmac: removed enabling eee in EEE set callback - xfrm: Use correct address family in xfrm_state_find - bonding: set dev->needed_headroom in bond_setup_by_slave() - net: usb: ax88179_178a: fix missing stop entry in driver_info - net/mlx5e: Fix VLAN cleanup flow - net/mlx5e: Fix VLAN create flow - rxrpc: Fix rxkad token xdr encoding - rxrpc: Downgrade the BUG() for unsupported token type in rxrpc_read() - rxrpc: Fix some missing _bh annotations on locking conn->state_lock - rxrpc: Fix server keyring leak - perf: Fix task_function_call() error handling - mmc: core: don't set limits.discard_granularity as 0 - mm: khugepaged: recalculate min_free_kbytes after memory hotplug as expected by khugepaged - net: usb: rtl8150: set random MAC address when set_ethernet_addr() fails https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.152 - Bluetooth: A2MP: Fix not initializing all members (CVE-2020-12352) - Bluetooth: L2CAP: Fix calling sk_filter on non-socket based channel (CVE-2020-12351) - Bluetooth: MGMT: Fix not checking if BT_HS is enabled - Bluetooth: Consolidate encryption handling in hci_encrypt_cfm - Bluetooth: Fix update of connection state in `hci_encrypt_cfm` - Bluetooth: Disconnect if E0 is used for Level 4 - media: usbtv: Fix refcounting mixup - USB: serial: option: add Cellient MPL200 card - USB: serial: option: Add Telit FT980-KS composition - [x86] staging: comedi: check validity of wMaxPacketSize of usb endpoints found - USB: serial: pl2303: add device-id for HP GC device - USB: serial: ftdi_sio: add support for FreeCalypso JTAG+UART adapters - reiserfs: Initialize inode keys properly - reiserfs: Fix oops during mount - [arm*] drivers/net/ethernet/marvell/mvmdio.c: Fix non OF case (Closes: #908712) - [x86] crypto: qat - check cipher length for aead AES-CBC-HMAC-SHA . [ Salvatore Bonaccorso ] * [rt] Update to 4.19.148-rt64 * Bump ABI to 12 * Revert "perf cs-etm: Move definition of 'traceid_list' global variable from header file" lmod (6.6-0.3+deb10u1) buster; urgency=medium . * Change Architecture: to any. Closes: #951508 This is required because lmod now gets LUA_PATH and LUA_CPATH at compile time (to deal with users overriding those variables). See https://github.com/TACC/Lmod/issues/112 There was an upstream report that this breaks Raspian, which was rejected, so it is unlikely that upstream will return to the current behaviour. See https://github.com/TACC/Lmod/issues/338 Thanks to Baptiste Jonglez for finding the relevant upstream bug reports. The same change was just uploaded as an NMU to unstable (in 6.6-0.4). mariadb-10.3 (1:10.3.27-0+deb10u1) buster; urgency=medium . * New upstream version 10.3.27. Includes fixes to serious regressions in MariaDB 10.3.26 that corrupted data or made server unable to start. * SECURITY UPDATE: Includes new upstream 10.3.26 which included fixes for the following security vulnerabilities: - CVE-2020-28912 - CVE-2020-14812 - CVE-2020-14789 - CVE-2020-14776 - CVE-2020-14765 * Upstream 10.3.26 included: - Fix mytop shebang (Closes: #972780, Closes: #970681) * Remove 3 patches applied upstream. mariadb-10.3 (1:10.3.25-0+deb10u1) buster-security; urgency=high . * SECURITY UPDATE: New upstream version 10.3.25. Includes fixes for the following security vulnerabilities: - CVE-2020-15180 * Salsa-CI: Update to be compatible with latest master/salsa-ci.yml mariadb-10.3 (1:10.3.24-2) unstable; urgency=medium . * Include MariaDB client plugin caching_sha2_password * Fix Perl script segfaults by backporting patch (Closes: #966633) mariadb-10.3 (1:10.3.24-1) unstable; urgency=medium . [ Otto Kekäläinen ] * New upstream version 10.3.24 - Drop kFreeBSD, Risv64 and ZSTD patches applied upstream * Remove redundant patterns from d/copyright * Includes permanent upstream fixes to get RocksDB built on riscv64 (Closes: #933151, Closes: LP#1876814) . [ Andrius Merkys ] * Fix a pair of typos in apparmor-profile mariadb-10.3 (1:10.3.23-1) unstable; urgency=medium . [ Otto Kekäläinen ] * SECURITY UPDATE: New upstream version 10.3.23. Includes fixes for the following security vulnerabilities (Closes: #961849): - CVE-2020-2752 - CVE-2020-2760 - CVE-2020-2812 - CVE-2020-2814 - CVE-2020-13249 - Includes fix for MDEV-21586: Server does not start if lc_messages setting was not English (Closes: #951059) - Backport packaging improvements from MariaDB 10.4: - Fix RocksDB build failure on arch riscv64 - Amend changelog with #951059 reference - Properly use DH_ and DEB_ flag in d/rules - Detect MySQL 8.0 based on undo_001 file as *.flag is buggy in mysql-8.0 - Make mariadb-client-10.4 Recommends libdbd-mariadb-perl as primary option - Update package to use debhelper level 10 - Delete pam_mariadb_mtr.so test plugin from build completely - Fix minor typos in docs and in-line comments - Sync server stopping logic from MariaDB 10.4 preinst/postinst/postrm - Sync AppArmor profile handling from MariaDB 10.4 - Sync non-functional delta from upstream 10.4 - Simplify autopkgtest 'smoke' to be easier to debug . [ Christian Ehrhardt ] * Fix RocksDB build failure on arch riscv64 mediawiki (1:1.31.10-1~deb10u1) buster-security; urgency=medium . * New upstream version 1.31.10, fixing CVE-2020-15005, CVE-2020-25812, CVE-2020-25813, CVE-2020-25814, CVE-2020-25827, CVE-2020-25828. CVE-2020-25689 does not affect this package, it requires an additional extension. * Additionally, mitigations for firejail's CVE-2020-17367, CVE-2020-17368 are included as well. mediawiki (1:1.31.8-1) unstable; urgency=medium . * New upstream version 1.31.8, fixing CVE-2020-15005. * Use debhelper 12 and dh_installsystemd. mediawiki (1:1.31.7-1) unstable; urgency=medium . * New upstream version 1.31.7, fixing CVE-2020-10960. CVE-2020-10960 does not affect this version of MediaWiki. * A hardening fix was included for the OATHAuth extension to limit access of user-controlled JavaScript. * Standards-Version: 4.5.0, no changes needed moin (1.9.9-1+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * security: fix stored XSS vulnerability via SVG attachment (CVE-2020-15275) * security: fix remote code execution via cache action (CVE-2020-25074) * Tweak Debian version used to 1.9.9-1+deb10u1 to avoid possible version clash with lower suite. mupdf (1.14.0+ds1-4+deb10u2) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * Detect/avoid overflow when calculating sizes of pixmaps (CVE-2020-26519) (Closes: #971595) mutt (1.10.1-2.1+deb10u4) buster; urgency=medium . * debian/patches: + fix for CVE-2020-28896 located in security/CVE-2020-28896.patch. neomutt (20180716+dfsg.1-1+deb10u2) buster; urgency=medium . * debian/patches: + security/CVE-2020-28896.patch: handle the relevant CVE to stop sending login information over an encrypted connections in certain conditions. node-object-path (0.11.4-2+deb10u1) buster; urgency=medium . * Team upload * Fix prototype pollution in set() (Closes: CVE-2020-15256) node-pathval (1.1.0-3+deb10u1) buster; urgency=medium . * Fix prototype pollution (Closes: #972895, CVE-2020-7751) okular (4:17.12.2-2.2+deb10u1) buster; urgency=medium . * CVE-2020-9359 (Closes: #954891) openjdk-11 (11.0.9.1+1-1~deb10u2) buster; urgency=medium . * Rebuild for Buster (Closes: #975728) * Disable tests for this upload. openjdk-11 (11.0.9.1+1-1~deb10u1) buster; urgency=medium . * Rebuild for Buster (Closes: #975728) openjdk-11 (11.0.9+11-1) unstable; urgency=medium . * OpenJDK 11.0.9+11 build (release). * Security fixes: - JDK-8233624: Enhance JNI linkage - JDK-8236196: Improve string pooling - JDK-8236862, CVE-2020-14779: Enhance support of Proxy class - JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts - JDK-8237995, CVE-2020-14782: Enhance certificate processing - JDK-8240124: Better VM Interning - JDK-8241114, CVE-2020-14792: Better range handling - JDK-8242680, CVE-2020-14796: Improved URI Support - JDK-8242685, CVE-2020-14797: Better Path Validation - JDK-8242695, CVE-2020-14798: Enhanced buffer support - JDK-8243302: Advanced class supports - JDK-8244136, CVE-2020-14803: Improved Buffer supports - JDK-8244479: Further constrain certificates - JDK-8244955: Additional Fix for JDK-8240124 - JDK-8245407: Enhance zoning of times - JDK-8245412: Better class definitions - JDK-8245417: Improve certificate chain handling - JDK-8248574: Improve jpeg processing - JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit - JDK-8253019: Enhanced JPEG decoding . [ Tiago Stürmer Daitx ] * debian/rules: - copy apport hook to source_$(PKGSOURCE).py, fixes apport on Ubuntu where source name is openjdk-lts instead of openjdk-11. * Refresh patches. . [ Matthias Klose ] * Don't run the jdk tests as an autopkg test, taking too long. * Call strip-nondeterminism before computing jmod hashes (Julian Gilbey). Closes: #944738. * Build with GCC 10 in current development versions. Closes: #972288. openjdk-11 (11.0.9+11-1~deb10u1) buster-security; urgency=medium . * Rebuild for Buster openjdk-11 (11.0.8+10-1.1) unstable; urgency=medium . * Non-maintainer upload. * Apply patch to strip nondeterminism before computing jmod hash. Thank you to Julian Gilbey for the patch. (Closes: #944738) Add Build-Depends on strip-nondeterminism. openjdk-11 (11.0.8+10-1) unstable; urgency=high . * OpenJDK 11.0.8+10 build (release). * Security fixes: - JDK-8233239, CVE-2020-14562: Enhance TIFF support - JDK-8236867, CVE-2020-14573: Enhance Graal interface handling - JDK-8237117, CVE-2020-14556: Better ForkJoinPool behavior - JDK-8237592, CVE-2020-14577: Enhance certificate verification - JDK-8238002, CVE-2020-14581: Better matrix operations - JDK-8238920, CVE-2020-14583: Better Buffer support - JDK-8240119, CVE-2020-14593: Less Affine Transformations - JDK-8242136, CVE-2020-14621: Better XML namespace handling - JDK-8230613: Better ASCII conversions - JDK-8231800: Better listing of arrays - JDK-8232014: Expand DTD support - JDK-8233234: Better Zip Naming - JDK-8233255: Better Swing Buttons - JDK-8234032: Improve basic calendar services - JDK-8234042: Better factory production of certificates - JDK-8234418: Better parsing with CertificateFactory - JDK-8234836: Improve serialization handling - JDK-8236191: Enhance OID processing - JDK-8238013: Enhance String writing - JDK-8238804: Enhance key handling process - JDK-8238842: AIOOBE in GIFImageReader.initializeStringTable - JDK-8238843: Enhanced font handing - JDK-8238925: Enhance WAV file playback - JDK-8240482: Improved WAV file playback - JDK-8241379: Update JCEKS support - JDK-8241522: Manifest improved jar headers redux . [ Tiago Stürmer Daitx ] * d/p/default-jvm-cfg.diff: updated patch. * d/p/8214571.diff, d/p/8228407.diff: applied by upstream, removed patches. . [ Matthias Klose ] * Don't try to run autopkg tests on armel, mipsel, mips64el. * debian/copyright (remove licenses not found anymore in the sources): - Little CMS, libpng, GIFLIB. * Prepare to Build using GCC 10. openldap (2.4.47+dfsg-3+deb10u4) buster-security; urgency=high . * Fix slapd abort due to assertion failure in Certificate List syntax validation (ITS#9383) (CVE-2020-25709) * Fix slapd abort due to assertion failure in CSN normalization with invalid input (ITS#9384) (CVE-2020-25710) openldap (2.4.47+dfsg-3+deb10u3) buster-security; urgency=high . * Fix slapd normalization handling with modrdn (ITS#9370) pacemaker (2.0.1-5+deb10u1) buster-security; urgency=high . * [bf23450] Apply patch series fixing CVE-2020-25654: ACL bypass. A vulnerability was found in Pacemaker allowing a user who is in the haclient group but restricted by ACLs to bypass those ACLs, providing cluster-wide arbitrary code execution with root privileges. When the enable-acl cluster option isn't set to true, members of the haclient group (and root) can modify Pacemaker's CIB without restriction, which already gives them these capabilities, so there is no additional exposure in that case. More info: https://www.openwall.com/lists/oss-security/2020/10/27/1 Patches: https://lists.clusterlabs.org/pipermail/developers/2020-October/002324.html Thanks to Ken Gaillot (Closes: #973254) partman-auto (149+deb10u1) buster; urgency=medium . * Bump /boot sizes in most recipes from between 128 and 256M to between 512 and 768M. As initramfs keep growing, and kernel ABI bumps keep happening, running out of space on /boot is unpleasant. Closes: #893886, 951709. * Import from Ubuntu: Introduce partman-auto/cap-ram, to allow capping RAM size as used for swap partition calculations. This allows us to cap the minimum size of swap partitions size to 1*CAP, and their maximum size to a maximum of 2 or 3*CAP depending on architecture. Default is set to 1024, thus capping swap partitions to between 1 and 3GB. LP: #1351267, closes: #949651, #950344. Patch from Dimitri John Ledkov. pcaudiolib (1.1-3+deb10u1) buster; urgency=medium . * patches/cancel: Cap cancellation latency to 10ms. plinth (19.1+deb10u1) buster; urgency=medium . * apache: Disable mod_status (CVE-2020-25073) puma (3.12.0-2+deb10u2) buster; urgency=medium . * Team upload. * d/patches/0009-disable-tests-failing-in-single-cpu.patch: Add author and bug tracker information. * d/patches/CVE-2020-5247.patch: Add patch to fix CVE-2020-5247. - Fix header value could inject their own HTTP response (closes: #952766). * d/patches/CVE-2020-5249.patch: Add patch to fix CVE-2020-5249. - Fix splitting newlines in headers and another vector for HTTP injection (closes: #953122). * d/patches/CVE-2020-11076.patch: Add patch to fix CVE-2020-11076. - Better handle client input to fix HTTP Smuggling via Transfer-Encoding header (closes: #972102). * d/patches/CVE-2020-11077.patch: Add patch to fix CVE-2020-11077. - Reduce ambiguity of headers to fix HTTP Smuggling via Transfer-Encoding header (closes: #972102). * d/patches/series: Enable new patches. python-flask-cors (3.0.7-1+deb10u1) buster-security; urgency=high . * Team upload. * Fix CVE-2020-25032 (Closes: #969362) with upstream patch rails (2:5.2.2.1+dfsg-1+deb10u2) buster-security; urgency=medium . * CVE-2020-8162 CVE-2020-8164 CVE-2020-8165 CVE-2020-8166 CVE-2020-8167 CVE-2020-15169 raptor2 (2.0.14-1.1~deb10u1) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * Rebuild for buster-security . raptor2 (2.0.14-1.1) unstable; urgency=medium . * Non-maintainer upload. * Calcualte max nspace declarations correctly for XML writer (CVE-2017-18926) (Closes: #973889) ros-ros-comm (1.14.3+ds1-5+deb10u2) buster; urgency=high . * Add https://github.com/ros/ros_comm/pull/2065 (Fix CVE-2020-16124) ruby2.5 (2.5.5-3+deb10u3) buster; urgency=high . * Add patch to fix a potential HTTP request smuggling vulnerability in WEBrick. (Fixes: CVE-2020-25613) sddm (0.18.0-1+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * Fix X not having access control on startup (CVE-2020-28049) (Closes: #973748) sleuthkit (4.6.5-1+deb10u1) buster; urgency=high . * Team upload. * Add patch to fix stack buffer overflow in yaffsfs_istat. (Closes: #953976, CVE-2020-10232) spice (0.14.0-1.3+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * quic: Check we have some data to start decoding quic image (CVE-2020-14355) * quic: Check image size in quic_decode_begin (CVE-2020-14355) * quic: Check RLE lengths (CVE-2020-14355) * quic: Avoid possible buffer overflow in find_bucket (CVE-2020-14355) spip (3.2.4-1+deb10u3) buster-security; urgency=medium . * Backport security fixes from 3.2.8 - Critical security issue, allowing identified authors to execute arbitrary PHP code sqlite3 (3.27.2-3+deb10u1) buster; urgency=medium . * CVE-2019-19923 * CVE-2019-19925 * CVE-2019-19959 * CVE-2019-20218 * CVE-2020-13434 * CVE-2020-13435 * CVE-2020-13630 * CVE-2020-13632 * CVE-2020-15358 * CVE-2019-16168 systemd (241-7~deb10u5) buster; urgency=medium . * basic/cap-list: parse/print numerical capabilities (Closes: #964926) * missing: add new Linux capabilities. Linux kernel v5.8 adds two new capabilities. Make sure we can recognize them even when built with an older kernel. * networkd: do not generate MAC for bridge device (Closes: #963488) tbsync (2.18-1~deb10u1) buster; urgency=medium . [ Mechtilde ] * [962f929] Built for buster: debian/changelog * [2c6dea8] Prepared for release in buster (proposed-updates) tbsync (2.16.1-1) unstable; urgency=medium . [ Mechtilde ] * prepared for unstable (Closes: #968102) + to fit compatibility with thunderbird 78.x . * [501e05b] Added missing bug tracker to d/u/metadata tbsync (2.16.1-1~exp1) experimental; urgency=medium . [ Mechtilde ] * [3701379] New upstream version 2.15.5~beta * [15dcb16] Adapted d/ to the new version 2.15.5-beta . [ Carsten Schoenert ] * [94005c6] d/gbp.conf: adding helper for git-buildpackage * [256c84b] New upstream version 2.16.1 * [841ffa1] d/copyright: update and sort content alphabetically * [bb84449] d/rules: rework the build process a bit * [1afb65f] d/webext-tbsync.links: updating sequencer to new requirement * [79ff8f8] d/webext-tbsync.install: adopt installing files * [0fa330f] lintian: drop source override as not needed any more tbsync (2.16.1-1~deb10u1) buster; urgency=medium . * Rebuild for buster to fit compatibility with Tb 78.x + (Closes:#971807) tbsync (2.11-2~exp1) experimental; urgency=medium . [ Mechtilde Stehmann ] * [760cf22] Changed maintainer email in d/control to avoid lintian warning * [744a80c] Removed lightning from dependency for TB >=76 * [701c8fd] Adapt versions of dependencies tbsync (2.11-1) unstable; urgency=medium . * [c20de3a] New upstream version 2.11 tcpdump (4.9.3-1~deb10u2) buster; urgency=high . * Cherry-pick commit 32027e1993 from the upstream tcpdump-4.9 branch to fix untrusted input issue in the PPP printer (CVE-2020-8037, closes: #973877). thunderbird (1:78.5.0-1~deb10u1) stable-security; urgency=medium . * Rebuild for buster-security thunderbird (1:78.4.2-1) unstable; urgency=medium . * [c7f4ed2] New upstream version 78.4.2 Fixed CVE issues in upstream version 78.4 (MFSA 2020-49): CVE-2020-26950: Write side effects in MCallGetProperty opcode not accounted for * [c3a617d] rebuild patch queue from patch-queue branch added patch: fixes/Bug-1663715-Update-syn-and-proc-macro2-so-that-Firefox-ca.patch * [8e4e7ad] thunderbird-l10n-all: add thunderbird-l10n-cy (Closes: #974127) thunderbird (1:78.4.2-1~deb10u1) stable-security; urgency=medium . * Rebuild for buster-security (Closes: #973660) [ Emilio Pozuelo Monfort ] * [3d58cc1] d/control: reenable the armhf build on buster thunderbird (1:78.4.1-1) unstable; urgency=medium . * [cf8bf1e] New upstream version 78.4.1 * [529000c] rebuild patch queue from patch-queue branch added patches: fixes/Bug-1650299-Unify-the-inclusion-of-the-ICU-data-file.-r-f.patch fixes/Don-t-build-ICU-in-parallel.patch Patches are picked from Firefox and fixing FTBFS on s390x within buster. thunderbird (1:78.4.0-1) unstable; urgency=medium . [ Emilio Pozuelo Monfort ] * [652f8de] install the apparmor profile in thunderbird.install . [ Carsten Schoenert ] * [5240d53] Revert "thunderbird.install: adjust.desktop renamed file name" (Closes: #972601) * [861b21a] Revert "Rename .desktop file for AppStream compliance" (Closes: #972578) * [ffc5818] New upstream version 78.4.0 Fixed CVE issues in upstream version 78.4 (MFSA 2020-47): CVE-2020-15969: Use-after-free in usersctp CVE-2020-15683: Memory safety bugs fixed in Thunderbird 78.4 * [81396e3] rebuild patch queue from patch-queue branch removed patches (fixed upstream): porting-mips/Bug-1649655-MIPS-Add-CodeGenerator-visitWasmRegisterResul.patch porting/Bug-1666646-Bump-CodeAlignment-to-8-in-MacroAssembler-non.patch . modified patches: fixes/Appdata-Adding-some-German-translations.patch fixes/Appdata-Fix-up-AppStream-error-by-adding-missing-field.patch . Minor fine tuning to the AppStream specific parts but also revert some translation entries as they are not intend to be translatable. These modification also in correlation with the mentioned bug reports above which are closed by the other adjustments. thunderbird (1:78.4.0-1~deb10u1) stable-security; urgency=medium . * Rebuild for buster-security thunderbird (1:78.3.3-1) unstable; urgency=medium . [ Emilio Pozuelo Monfort ] * [6f18974] Remove duplicated --disable-debug-symbols flag * [1119d50] Print a verbose build log by not calling the mach wrapper * [fcf7c11] Exclude -g from CXXFLAGS as well . [ Carsten Schoenert ] * [9eb159f] New upstream version 78.3.3 * [47171dc] rebuild patch queue from patch-queue branch added patches: fixes/Appdata-Adding-some-German-translations.patch fixes/Appdata-Fix-up-AppStream-error-by-adding-missing-field.patch * [1474d91] Rename .desktop file for AppStream compliance * [10e49a9] thunderbird.install: adjust.desktop renamed file name * [018bbc1] thunderbird.pc: remove left over cruft thunderbird (1:78.3.2-1) unstable; urgency=medium . * [0b2f19f] d/rules: remove hand crafted icu build Cherry-picked from debian/buster branch. The possible required build of the ICU if the usage of an external ICU library is now handled by the upstream build system. * [1583517] d/rules: rewrite dpkg_buildflags to remove option '-g' Cherry-picked from debian/buster branch. We need to remove the option '-g' from the dpkg_buildflags variable for real if we want a build without debugging information (e.g. on 32bit architectures). * [fb4c9c4] New upstream version 78.3.2 * [9d5e2b9] d/rules: install the language Add-ons into /u/l/t/e Do not install the thunderbird-l10n packages into /usr/share/thunderbird any more, install them directly into /usr/libt/thunderbird/extensions. This simplifies the package structures as there is no real need to install the packages into /usr/share/thunderbird and linking them back. thunderbird (1:78.3.1-2) unstable; urgency=medium . * [649f664] rebuild patch queue from patch-queue branch added patches: fixes/reduce-the-rust-debuginfo-level-on-selected-architectures.patch porting-s390x/Explicitly-instantiate-TIntermTraverser-traverse-TIntermN.patch thunderbird (1:78.3.1-2~deb10u2) stable-security; urgency=medium . * [72d9abd] d/rules: rewrite dpkg_buildflags to remove option '-g' * [adb263e] d/rules: disable dbgsym package on i386 for stable-security thunderbird (1:78.3.1-2~deb10u1) stable-security; urgency=medium . * Rebuild for buster-security * [cc92401] d/rules: remove hand crafted icu build thunderbird (1:78.3.1-1) unstable; urgency=medium . [ Carsten Schoenert ] * [6bd965f] New upstream version 78.3.1 Fixed CVE issues in upstream version 78.3.1 (MFSA 2020-44): CVE-2020-15677: Download origin spoofing via redirect CVE-2020-15676: XSS when pasting attacker-controlled data into a contenteditable element CVE-2020-15678: When recursing through layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free scenario CVE-2020-15673: Memory safety bugs fixed in Thunderbird 78.3 * [8ba13c5] rebuild patch queue from patch-queue branch added patches(picked from firefox packaging): fixes/Add-missing-bindings-for-mips-in-the-authenticator-crate.patch porting-mips/Bug-1642265-MIPS64-Add-branchTestSymbol-and-fallibleUnbox.patch porting-mips/Bug-1649655-MIPS-Add-CodeGenerator-visitWasmRegisterResul.patch porting/Bug-1666646-Bump-CodeAlignment-to-8-in-MacroAssembler-non.patch removed patch(fixed upstream): fixes/Bug-1664607-Don-t-try-to-load-what-s-new-page-when-built-.patch * [c6d282d] calendar-google-provider*: removing left over cruft There are two left over sequencer files from the calendar-google-package, not need any more since 1:68.2.2-1 * [cf37615] d/README.Debian: Update and adding new information Some updated information regarding the now included OpenPGP support, also updating some grammar for 'Add-on'. * [faf225b] thunderbird.NEWS: Add hint about integration of OpenPGP support Giving the user a information about the OpenPGP status within Thunderbird since the version 78.0. * [d6f4f0e] Revert "d/tb.lintian-overrides: ignore warning about none versioned breaks" * [9e6cbec] d/copyright: update content thunderbird (1:78.2.2-1) experimental; urgency=medium . * [c6592e8] New upstream version 78.2.2 * [28f5fce] rebuild patch queue from patch-queue branch added patches: fixes/Bug-1664607-Don-t-try-to-load-what-s-new-page-when-built-.patch porting-s390x/Use-more-recent-embedded-version-of-sqlite3.patch * [4866c06] d/mozconfig.default: add extra config options for ppc64el thunderbird (1:78.2.1-1) experimental; urgency=medium . * [1f3f76b] d/rules: drop C{,XX}FLAGS originally intended for GCC6 * [4490e37] d/mozconfig.default: add options for mips64el * [17b4e5c] d/rules: Don't build debug symbols on 32Bit arch * [6dff7e0] d/rules: addind -Wl,--as-needed to linker flags * [a213a7f] New upstream version 78.2.1 thunderbird (1:78.2.0-1) experimental; urgency=medium . [ intrigeri ] * [f6fcafd] d/control: drop hard dependency on libgtk2.0-0 (Closes: #908654) * [85b7a2e] autopkgtests: fix typo in comment * [4bd70ae] d/mozconfig.default: fix typos in comments * [d986a6d] d/control: allow Enigmail 2.2.0 and newer (Closes: #968707) . [ Carsten Schoenert ] * [52b4006] d/control: increase B-D for libnss3 (Closes: #966805) * [7794563] New upstream version 78.2.0 Fixed CVE issues in upstream version 78.2.0 (MFSA 2020-41): CVE-2020-15663: Downgrade attack on the Mozilla Maintenance Service could have resulted in escalation of privilege CVE-2020-15664: Attacker-induced prompt for extension installation CVE-2020-15670: Memory safety bugs fixed in Thunderbird 78.2 * [623f853] rebuild patch queue from patch-queue branch No modifications made, just updating the index. thunderbird (1:78.1.1-1) experimental; urgency=medium . * [5fb842b] d/mozconfig.default: adding new option regarding Add-Ons Adding additional options --allow-addon-sideload and --with-unsigned-addon-scopes=app,system. These option are adopted and taken from the firefox package. * [8de0b35] New upstream version 78.1.1 * [4abe5ed] d/copyright: update content Some small updates to the copyright information. * [3caa541] d/control: adding new B-D for botan and json-c The upstream source now offers the possibility to use the system libraries for botan and json-c, for this we need to have both libraries installed for building Thunderbird. * [251d524] d/mozconfig.default: use botan and json-c system libraries Turn on the configuration flags for botan and also for json-c that let the build use the installed provided system libraries instead of using internal versions. * [a32a163] rebuild patch queue from patch-queue branch removed patch: debian-hacks/stop-configure-if-with-system-bz2-was-passed-but-no-.patch Upstream has now (again) a configure option for using a installed system bzip2 library that makes our added patch for this not needed anymore. * [16c91c0] lintian: remove override for embedded bzip2 in librnp.so thunderbird (1:78.1.0-1) experimental; urgency=medium . * [c4099cd] New upstream version 78.1.0 Fixed CVE issues in upstream version 78.1.0 (MFSA 2020-33): CVE-2020-15652: Potential leak of redirect targets when loading scripts in a worker CVE-2020-6514: WebRTC data channel leaks internal address to peer CVE-2020-15655: Extension APIs could be used to bypass Same-Origin Policy CVE-2020-15653: Bypassing iframe sandbox when allowing popups CVE-2020-6463: Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture CVE-2020-15656: Type confusion for special arguments in IonMonkey CVE-2020-15658: Overriding file type when saving to disk CVE-2020-15657: DLL hijacking due to incorrect loading path CVE-2020-15654: Custom cursor can overlay user interface CVE-2020-15659: Memory safety bugs fixed in Thunderbird 78.1 thunderbird (1:78.0.1-1) experimental; urgency=medium . * [5450d8d] d/control: increase B-D for libnss3 * [9749d1d] d/control: drop B-D on python2 and move over to python3 * [b31360b] d/xpi-pack.sh: adding xpi-pack shell script * [89ede80] Drop mozilla-devscripts as B-D * [f3b2ced] New upstream version 78.0.1 * [1847202] d/tb.lintian-overrides: ignore warning about none versioned breaks * [d56c922] d/lightning.links: removing left over sequencer file thunderbird (1:78.0-1) experimental; urgency=medium . * [1016cc5] New upstream version 78.0 Fixed CVE issues in upstream version 78.0 (MFSA 2020-29): CVE-2020-12415: AppCache manifest poisoning due to url encoded character processing CVE-2020-12416: Use-after-free in WebRTC VideoBroadcaster CVE-2020-12417: Memory corruption due to missing sign-extension for ValueTags on ARM64 CVE-2020-12418: Information disclosure due to manipulated URL object CVE-2020-12419: Use-after-free in nsGlobalWindowInner CVE-2020-12420: Use-After-Free when trying to connect to a STUN server CVE-2020-15648: X-Frame-Options bypass using object or embed tags CVE-2020-12402: RSA Key Generation vulnerable to side-channel attack CVE-2020-12421: Add-On updates did not respect the same certificate trust rules as software updates CVE-2020-12422: Integer overflow in nsJPEGEncoder::emptyOutputBuffer CVE-2020-12424: WebRTC permission prompt could have been bypassed by a compromised content process CVE-2020-12425: Out of bound read in Date.parse() CVE-2020-12426: Memory safety bugs fixed in Thunderbird 78 * [ad66b04] rebuild patch queue from patch-queue branch reworked patch: porting-kfreebsd-hurd/LDAP-support-building-on-GNU-kFreeBSD-and-GNU-Hurd.patch * [4a2039c] d/mozconfig.default: enable OpenPGP feature build thunderbird (1:78.0~b2-1) experimental; urgency=medium . * [c8da927] d/source.filter: fix obviously happen typo * [c513a96] New upstream version 78.0~b2 * [6e9104e] d/control: tb, adding binary version to lightning provides Make the Provides for Lightning a versioned provide. * [8adec8f] enigmail: let any version of Enigmail break We now can break on any Enigmail version, the Enigmail functions are now included in Thunderbird and don't want to have an Enigmail package get installed in parallel. * [696b1fc] xul-ext-*/webext-*: adding more extensions to break Quite all of the current packaged Thunderbird extensions will not work for now with Thunderbird 78.*, adding/renaming the current know packages with recent versions to Breaks for thunderbird. * [e488d0c] thunderbird: remove some non-existing packages from Breaks The listed packages xul-ext-foxyproxy-standard xul-ext-gnome-keyring xul-ext-nostalgy aren't in any supported release so we don't need them any more within a Breaks for thunderbird. * [039ee90] thunderbird: remove outdated myspell packages from Breaks All previously listed myspell packages in Breaks for thunderbird aren't reachable with the given version any more. We can remove them safely. * [08ea0ba] thunderbird: remove outdated hunspell packages from Breaks The same is true for the hunspell packages that were listed in the Breaks field for thunderbird. thunderbird (1:78.0~b1-1) experimental; urgency=medium . [ Carsten Schoenert ] * [625efa9] d/source.filter: some updates to filtering list Recent modification of the shipped files in the upstream tarball do require small updates of the filter list we use to repack the tarball. * [967ee19] New upstream version 78.0~b1 * [240991e] rebuild patch queue from patch-queue branch removed patch: debian-hacks/use-icudt-b-l-.dat-depending-on-architecture.patch This will require some additional adjustment later for the stable-security upkoads as this patch was required to get a recent ICU version build before the build of the thunderbird sources did start. reworked patch: debian-hacks/stop-configure-if-with-system-bz2-was-passed-but-no-.patch * [07cab53] d/mozconfig.default: remove no longer existing options By this release a lot of old configure options are kicked out, some of them we have used until now. We need to remove these from the config. * [df2e99b] d/copyright: update content As usual some required update of the copyright file, more files are not shipped anymore. . [ intrigeri ] * [82a4b03] AppArmor: update profile from upstream at commit 860d2d9 (cherry-picked from unstable) thunderbird (1:77.0~b3-1) experimental; urgency=medium . * [82de2f6] New upstream version 77.0~b3 * [8beaf6f] rebuild patch queue from patch-queue branch removed patch (included upstream): fixes/Bug-1634994-fix-disable-av1-r-tnikkel.patch * [ab2d7a2] d/copyright: Add license for appstream xml file * [1533187] d/source.filter: Remove some *.wasm files as well * [7cdfe03] d/thunderbird.lintian-overrides: Some more needed overrides We need currently the included bzip library. Also add a false positive about the misread postinst script. * [9385fd4b] d/control: Remove doubled listed package libglib2.0-dev Drop a doubled listed package libglib2.0-dev within B-D. thunderbird (1:77.0~b2-1) experimental; urgency=medium . * [185d4f7] New upstream version 77.0~b2 * [e918036] rebuild patch queue from patch-queue branch removed patch: fixes/Bug-1635671-Upgrade-typename-to-1.12.0.-r-emilio.patch * [c1979ce] d/mozconfig.default: Remove obsolete options Drop the options '--with-distribution-id' and '--with-user-appdir'. The former is basically only supporting the given default 'org.mozilla' and the latter was set to the default '.mozilla' anyway. thunderbird (1:77.0~b1-1) experimental; urgency=medium . * [ee06e6e] New upstream version 77.0~b1 * [a21b649] rebuild patch queue from patch-queue branch removed patches (not needed any more): lower-down-required-version-on-NSS3.patch . added patches: fixes/Bug-1634994-fix-disable-av1-r-tnikkel.patch fixes/Bug-1635671-Upgrade-typename-to-1.12.0.-r-emilio.patch * [295cc4d] d/control: increase B-D for libnss3 The build requires now libnss3-dev >= 2:3.52. * [f998baf] lintian-overrides: remove overrides for kinto-http-client.js No override needed for this file, it's not included any more. thunderbird (1:76.0~b2-1) experimental; urgency=medium . * [87988db] d/control: increase B-D for cargo to 0.42 * [b9b0dfd] rebuild patch queue from patch-queue branch removed patch: debian-hacks/Ignore-version-check-for-cargo.patch * [8386db0] d/control: Remove B-D on libjson-dev and libsqlite3-dev The built uses internal copies for libjson and libsqlite as there are made modifications to them. For now we can decrease the list of build dependencies by removing this two packages. * [6324222] New upstream version 76.0~b2 * [629b3bb] d/rules: Remove default compiler flag No needed for '-Wl,--as-needed' any more, it's default now. thunderbird (1:76.0~b1-1) experimental; urgency=medium . * [b52cd52] d/c-thunderbird-l10n-tarball.sh: change upstream resource Upstream has changed the folder were we can find the language providing XPI packages. They simply moved over from linux-i686 to linux-x86_64. * [22e697a] d/rules: drop set up of LIGHTNING_VERSION variable We don't need this variable any more for building the packages (like all the lightning-foo named stuff), there is no dedicated Lighting named stuff around. * [4ad871b] d/gbp.conf: Remove additional tarball for lightning-l10n git-buildpackage won't find this additional tarball as it's not needed starting by the import of the next upstream version (this is 76.0b1). * [25d8d42] d/c-l-l10n-t.sh: Remove helper script We also don't need to build the l10n specific additional tarball for Lighting related parts any more. Dropping this helper script. * [9d33d06] d/README.source: Remove part of lightning-l10n * [b063d7f] New upstream version 76.0~b1 * [e7a23ec] rebuild patch queue from patch-queue branch removed patches (not needed or included upstream): debian-hacks/Build-against-system-libjsoncpp.patch debian-hacks/Downgrade-SQlite-version-to-3.27.2.patch fixes/Bug-1531309-Don-t-use-__PRETTY_FUNCTION__-or-__FUNCTION__.patch fixes/Bug-1560340-Only-add-confvars.sh-as-a-dependency-to-confi.patch . added patches: debian-hacks/Ignore-version-check-for-cargo.patch lower-down-required-version-on-NSS3.patch * [94d8593] d/control: adding new packages thunderbird-l10n-{cak,kab,uz} After the final release of Thunderbird 68.0 new l10n support for the languages Kacqhikel, Georgian and Uzbek was added. Reflect this by adding new binary packages for those languages. * [5397182] d/mozconfig.default: remove option for system-sqlite Upstream is using their own version of an modified SQLite now and has dropping the additional configure option about this. * [abb0ded] d/control: increase various versions in B-D The current source requires some more recent versions of the helping tools for building the sources as usual. * [abfc8b2] d/rules: remove any action related to old lightning stuff As the sources doesn't have any Lightning specific parts any more we need to adjust the build process within debina/rules a bit. Thus dropping all the rules around Lighting things. * [f95b3ad] d/control: Turn lightning into transitional package For now switch the behaviour of the lightning package into a transitional one. We might can drop the whole package rather soon. * [c3062cb] d/thunderbird.install: Remove blocklist.xml Don't install the file blocklist.xml any more, it's now not shipped by upstream any more. * [856e99e] d/mozconfig.thunderbird: Remove --enable-calendar Previously the build of the Lightning extension was needed to get enabled to built this as an extension. Now it's fully integrated into the core this configure option isn't needed any longer. * [5551a8a] d/copyright: update content As usual there is some moving within the source code between the major versions, reflect this by adjusting the content of the copyright file. * [21e9b7f] lintian-overrides: adjust overrides for needed files Also the override file for the source is needing some adjustments. * [f25ddc4] d/source.filter: update the filter sequences The control for filtering non needed stuff from the upstream tarball must also get adjusted due changed versions, moved folders etc. * [e4a81ba] d/thunderbird.install: Install also appdata.xml Upstream is providing an AppStream data file which we want install mow also. * [80385c9] d/source.filter: Sorting entries alphabetically No functional modifications, just sorting entries to find stuff more easily. * [585cf0a] d/thunderbird.lintian-overrides: update after config changes We also need to modify the content for Lintian overrides for the thunderbird package a bit. Thunderbird comes now (again) with own versions of the libraries libtheora and libjsoncpp. Mostly because Mozilla has made some own modifications within these libraries. thunderbird (1:68.12.0-1) unstable; urgency=medium . * [103cab7] New upstream version 68.12.0 Fixed CVE issues in upstream version 68.11.0 (MFSA 2020-35): CVE-2020-15663: Downgrade attack on the Mozilla Maintenance Service could have resulted in escalation of privilege CVE-2020-15664: Attacker-induced prompt for extension installation CVE-2020-15669: Use-After-Free when aborting an operation tigervnc (1.9.0+dfsg-3+deb10u3) buster; urgency=high . [ Joachim Falk ] * Properly store certificate exceptions in native and java VNC viewer. The VNC viewers stored the certificate exceptions as authorities, meaning that the owner of a certificate could impersonate any server after a client had added an exception. This is issue CVE-2020-26117 (Closes: #971272). tor (0.3.5.12-1) buster; urgency=medium . * New upstream version, updating Tor in stable (cf. #975297). transmission (2.94-2+deb10u2) buster; urgency=medium . * Fix mem leak (Closes: #968097) tzdata (2020d-0+deb10u1) buster; urgency=medium . * New upstream version, affecting the following future timestamp: - Palestine ends DST earlier than predicted, on 2020-10-24. - Fiji starts DST later than usual, on 2020-12-20. tzdata (2020c-1) unstable; urgency=medium . * New upstream version, affecting the following future timestamp: - Fiji starts DST later than usual, on 2020-12-20. tzdata (2020b-1) unstable; urgency=medium . * New upstream version, affecting the following past and future timestamps: - Revised predictions for Morocco's changes starting in 2023. - Macquarie Island has stayed in sync with Tasmania since 2011. - Casey, Antarctica is at +08 in winter and +11 in summer since 2018. * Update German debconf translation, by Helge Kreutzmann. Closes: #960783. * Update Dutch debconf translation, by Frans Spiesschaert. Closes: #963007. * Update Portuguese debconf translation, by Rui Branco. Closes: #871051. * Update debian/upstream/signing-key.asc. * Get rid of old SystemV timezones, as this has been fully removed upstream. Convert existing configuration to the "new" America/* names. * Drop pacificnew support, it has been removed upstream. tzdata (2020b-0+deb10u1) buster; urgency=medium . * New upstream version, affecting the following past and future timestamps: - Revised predictions for Morocco's changes starting in 2023. - Macquarie Island has stayed in sync with Tasmania since 2011. - Casey, Antarctica is at +08 in winter and +11 in summer since 2018. * Restore the pacificnew and systemv files that have been removed upstream. The corresponding timezones have been removed from the bullseye/sid package, with the switch to the new names handle by the maintainer scripts. However we do not want to transition to the new names in a stable release. * Update debian/upstream/signing-key.asc. tzdata (2020a-1) unstable; urgency=medium . * New upstream version, affecting the following future timestamps: - Morocco springs forward on 2020-05-31, not 2020-05-24. - Canada's Yukon advanced to -07 year-round on 2020-03-08. * Bump Standards-Version to 4.5.0 (no changes). ublock-origin (1.30.0+dfsg-1~deb10u1) buster; urgency=medium . * Backport version 1.30.0+dfsg to Buster. * Revert to debhelper level 12. ublock-origin (1.29.0+dfsg-2) unstable; urgency=medium . * Update debian/copyright. Readd codemirror license which got accidentally removed and two new fonts licenses. (Closes: #969742) ublock-origin (1.29.0+dfsg-1) unstable; urgency=medium . * New upstream version 1.29.0+dfsg. - Restore compatibility with Firefox 80. (Closes: #969123) * Restore compatibility with Chromium. Add new binary package webext-ublock-origin-chromium. (Closes: #954097) ublock-origin (1.28.0+dfsg-1) unstable; urgency=medium . * New upstream version 1.28.0+dfsg. (Closes: #952645) * Remove obsolete binary packages xul-ext-ublock-origin and chromium-ublock-origin. (Closes: #908158) * Install the Firefox version into webext-ublock-origin. Temporarily only the Firefox web browser is supported. A new version of ublock-origin is currently waiting in the ftp-master's NEW queue. As soon as this version enters Debian, both web browsers, Chromium and Firefox, will be supported again. * Fix the wrong version number in both Firefox and Chromium manifest files. (Closes: #946796) ublock-origin (1.25.0+dfsg-1) experimental; urgency=medium . * New upstream version 1.25.0+dfsg. (Closes: #952645) * Remove obsolete binary packages xul-ext-ublock-origin and chromium-ublock-origin. (Closes: #908158) * Make webext-ublock-origin a transitional package. From now on users need to install the browser-specific addon versions,either webext-ublock-origin-firefox or webext-ublock-origin-chromium. Please also read /usr/share/doc/webext-ublock-origin/NEWS. Providing just a single binary package for both web browsers was not a viable solution due to sandboxing limitations. (Closes: #946808, #911098) * Fix the wrong version number in both Firefox and Chromium manifest files. (Closes: #946796) ublock-origin (1.22.2+dfsg-2) unstable; urgency=medium . * Update debian/copyright. Add some missing file paths and the MIT license. (Closes: #956268) ublock-origin (1.22.2+dfsg-1) unstable; urgency=medium . * New upstream version 1.22.2+dfsg. vips (8.7.4-1+deb10u1) buster; urgency=medium . * Fix CVE-2020-20739: variable used-before-set error in im_vips2dz() . wordpress (5.0.11+dfsg1-0+deb10u1) buster-security; urgency=high . * Security release, fixes 8 bugs Closes: #973562 - CVE-2020-28039: Protected meta that could lead to arbitrary file deletion. - CVE-2020-28035: XML-RPC privilege escalation. - CVE-2020-28036: XML-RPC privilege escalation. - CVE-2020-28032: Hardening deserialization requests. - CVE-2020-28037: DoS attack could lead to RCE. - CVE-2020-28038: Stored XSS in post slugs. - CVE-2020-28033: Disable spam embeds from disabled sites on a multisite network. - CVE-2020-28034: Cross-Site Scripting (XSS) via global variables. - CVE-2020-28040: CSRF attacks that change a theme's background image. * Remove duplicated changeset 45974 Closes: #971914 x11vnc (0.9.13-6+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * scan: limit access to shared memory segments to current user (CVE-2020-29074) (Closes: #975875) xen (4.11.4+37-g3263f257ca-1) buster-security; urgency=high . * Update to new upstream version 4.11.4+37-g3263f257ca, which also contains security fixes for the following issues: - x86 pv: Crash when handling guest access to MSR_MISC_ENABLE XSA-333 CVE-2020-25602 - race when migrating timers between x86 HVM vCPU-s XSA-336 CVE-2020-25604 - PCI passthrough code reading back hardware registers XSA-337 CVE-2020-25595 - once valid event channels may not turn invalid XSA-338 CVE-2020-25597 - x86 pv guest kernel DoS via SYSENTER XSA-339 CVE-2020-25596 - Missing memory barriers when accessing/allocating an event channel XSA-340 CVE-2020-25603 - out of bounds event channels available to 32-bit x86 domains XSA-342 CVE-2020-25600 - races with evtchn_reset() XSA-343 CVE-2020-25599 - lack of preemption in evtchn_reset() / evtchn_destroy() XSA-344 CVE-2020-25601 * Note that with this update, we will be detaching the Buster updates from the Xen version in Debian unstable, which will get a newer Xen version RSN. xen (4.11.4+24-gddaaccbbab-1) unstable; urgency=medium . * Update to new upstream version 4.11.4+24-gddaaccbbab, which also contains security fixes for the following issues: - inverted code paths in x86 dirty VRAM tracking XSA-319 CVE-2020-15563 - Special Register Buffer speculative side channel XSA-320 CVE-2020-0543 N.B: To mitigate this issue, new cpu microcode is required. The changes in Xen provide a workaround for affected hardware that is not receiving a vendor microcode update. Please refer to the upstream XSA-320 Advisory text for more details. - insufficient cache write-back under VT-d XSA-321 CVE-2020-15565 - Missing alignment check in VCPUOP_register_vcpu_info XSA-327 CVE-2020-15564 - non-atomic modification of live EPT PTE XSA-328 CVE-2020-15567 yaws (2.0.6+dfsg-1+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * Reject external entities in DAV requests (CVE-2020-24379) * Fix unused variable warning * Sanitize CGI requests (CVE-2020-24916) ======================================= Sat, 26 Sep 2020 - Debian 10.6 released ======================================= ========================================================================= [Date: Sat, 26 Sep 2020 09:07:04 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: linux-headers-4.19.0-9-all-amd64 | 4.19.118-2+deb10u1 | amd64 linux-headers-4.19.0-9-amd64 | 4.19.118-2+deb10u1 | amd64 linux-headers-4.19.0-9-cloud-amd64 | 4.19.118-2+deb10u1 | amd64 linux-headers-4.19.0-9-rt-amd64 | 4.19.118-2+deb10u1 | amd64 linux-image-4.19.0-9-amd64-dbg | 4.19.118-2+deb10u1 | amd64 linux-image-4.19.0-9-amd64-unsigned | 4.19.118-2+deb10u1 | amd64 linux-image-4.19.0-9-cloud-amd64-dbg | 4.19.118-2+deb10u1 | amd64 linux-image-4.19.0-9-cloud-amd64-unsigned | 4.19.118-2+deb10u1 | amd64 linux-image-4.19.0-9-rt-amd64-dbg | 4.19.118-2+deb10u1 | amd64 linux-image-4.19.0-9-rt-amd64-unsigned | 4.19.118-2+deb10u1 | amd64 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 26 Sep 2020 09:07:15 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: linux-headers-4.19.0-9-all-mipsel | 4.19.118-2+deb10u1 | mipsel ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 26 Sep 2020 09:07:27 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: ata-modules-4.19.0-9-powerpc64le-di | 4.19.118-2+deb10u1 | ppc64el btrfs-modules-4.19.0-9-powerpc64le-di | 4.19.118-2+deb10u1 | ppc64el cdrom-core-modules-4.19.0-9-powerpc64le-di | 4.19.118-2+deb10u1 | ppc64el compress-modules-4.19.0-9-powerpc64le-di | 4.19.118-2+deb10u1 | ppc64el crc-modules-4.19.0-9-powerpc64le-di | 4.19.118-2+deb10u1 | ppc64el crypto-dm-modules-4.19.0-9-powerpc64le-di | 4.19.118-2+deb10u1 | ppc64el crypto-modules-4.19.0-9-powerpc64le-di | 4.19.118-2+deb10u1 | ppc64el event-modules-4.19.0-9-powerpc64le-di | 4.19.118-2+deb10u1 | ppc64el ext4-modules-4.19.0-9-powerpc64le-di | 4.19.118-2+deb10u1 | ppc64el fancontrol-modules-4.19.0-9-powerpc64le-di | 4.19.118-2+deb10u1 | ppc64el fat-modules-4.19.0-9-powerpc64le-di | 4.19.118-2+deb10u1 | ppc64el fb-modules-4.19.0-9-powerpc64le-di | 4.19.118-2+deb10u1 | ppc64el firewire-core-modules-4.19.0-9-powerpc64le-di | 4.19.118-2+deb10u1 | ppc64el fuse-modules-4.19.0-9-powerpc64le-di | 4.19.118-2+deb10u1 | ppc64el hypervisor-modules-4.19.0-9-powerpc64le-di | 4.19.118-2+deb10u1 | ppc64el i2c-modules-4.19.0-9-powerpc64le-di | 4.19.118-2+deb10u1 | ppc64el input-modules-4.19.0-9-powerpc64le-di | 4.19.118-2+deb10u1 | ppc64el isofs-modules-4.19.0-9-powerpc64le-di | 4.19.118-2+deb10u1 | ppc64el jfs-modules-4.19.0-9-powerpc64le-di | 4.19.118-2+deb10u1 | ppc64el kernel-image-4.19.0-9-powerpc64le-di | 4.19.118-2+deb10u1 | ppc64el linux-headers-4.19.0-9-all-ppc64el | 4.19.118-2+deb10u1 | ppc64el linux-headers-4.19.0-9-powerpc64le | 4.19.118-2+deb10u1 | ppc64el linux-image-4.19.0-9-powerpc64le | 4.19.118-2+deb10u1 | ppc64el linux-image-4.19.0-9-powerpc64le-dbg | 4.19.118-2+deb10u1 | ppc64el loop-modules-4.19.0-9-powerpc64le-di | 4.19.118-2+deb10u1 | ppc64el md-modules-4.19.0-9-powerpc64le-di | 4.19.118-2+deb10u1 | ppc64el mouse-modules-4.19.0-9-powerpc64le-di | 4.19.118-2+deb10u1 | ppc64el mtd-core-modules-4.19.0-9-powerpc64le-di | 4.19.118-2+deb10u1 | ppc64el multipath-modules-4.19.0-9-powerpc64le-di | 4.19.118-2+deb10u1 | ppc64el nbd-modules-4.19.0-9-powerpc64le-di | 4.19.118-2+deb10u1 | ppc64el nic-modules-4.19.0-9-powerpc64le-di | 4.19.118-2+deb10u1 | ppc64el nic-shared-modules-4.19.0-9-powerpc64le-di | 4.19.118-2+deb10u1 | ppc64el nic-usb-modules-4.19.0-9-powerpc64le-di | 4.19.118-2+deb10u1 | ppc64el nic-wireless-modules-4.19.0-9-powerpc64le-di | 4.19.118-2+deb10u1 | ppc64el ppp-modules-4.19.0-9-powerpc64le-di | 4.19.118-2+deb10u1 | ppc64el sata-modules-4.19.0-9-powerpc64le-di | 4.19.118-2+deb10u1 | ppc64el scsi-core-modules-4.19.0-9-powerpc64le-di | 4.19.118-2+deb10u1 | ppc64el scsi-modules-4.19.0-9-powerpc64le-di | 4.19.118-2+deb10u1 | ppc64el scsi-nic-modules-4.19.0-9-powerpc64le-di | 4.19.118-2+deb10u1 | ppc64el serial-modules-4.19.0-9-powerpc64le-di | 4.19.118-2+deb10u1 | ppc64el squashfs-modules-4.19.0-9-powerpc64le-di | 4.19.118-2+deb10u1 | ppc64el udf-modules-4.19.0-9-powerpc64le-di | 4.19.118-2+deb10u1 | ppc64el uinput-modules-4.19.0-9-powerpc64le-di | 4.19.118-2+deb10u1 | ppc64el usb-modules-4.19.0-9-powerpc64le-di | 4.19.118-2+deb10u1 | ppc64el usb-serial-modules-4.19.0-9-powerpc64le-di | 4.19.118-2+deb10u1 | ppc64el usb-storage-modules-4.19.0-9-powerpc64le-di | 4.19.118-2+deb10u1 | ppc64el xfs-modules-4.19.0-9-powerpc64le-di | 4.19.118-2+deb10u1 | ppc64el ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 26 Sep 2020 09:07:39 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: btrfs-modules-4.19.0-9-s390x-di | 4.19.118-2+deb10u1 | s390x cdrom-core-modules-4.19.0-9-s390x-di | 4.19.118-2+deb10u1 | s390x compress-modules-4.19.0-9-s390x-di | 4.19.118-2+deb10u1 | s390x crc-modules-4.19.0-9-s390x-di | 4.19.118-2+deb10u1 | s390x crypto-dm-modules-4.19.0-9-s390x-di | 4.19.118-2+deb10u1 | s390x crypto-modules-4.19.0-9-s390x-di | 4.19.118-2+deb10u1 | s390x dasd-extra-modules-4.19.0-9-s390x-di | 4.19.118-2+deb10u1 | s390x dasd-modules-4.19.0-9-s390x-di | 4.19.118-2+deb10u1 | s390x ext4-modules-4.19.0-9-s390x-di | 4.19.118-2+deb10u1 | s390x fat-modules-4.19.0-9-s390x-di | 4.19.118-2+deb10u1 | s390x fuse-modules-4.19.0-9-s390x-di | 4.19.118-2+deb10u1 | s390x isofs-modules-4.19.0-9-s390x-di | 4.19.118-2+deb10u1 | s390x kernel-image-4.19.0-9-s390x-di | 4.19.118-2+deb10u1 | s390x linux-headers-4.19.0-9-all-s390x | 4.19.118-2+deb10u1 | s390x linux-headers-4.19.0-9-s390x | 4.19.118-2+deb10u1 | s390x linux-image-4.19.0-9-s390x | 4.19.118-2+deb10u1 | s390x linux-image-4.19.0-9-s390x-dbg | 4.19.118-2+deb10u1 | s390x loop-modules-4.19.0-9-s390x-di | 4.19.118-2+deb10u1 | s390x md-modules-4.19.0-9-s390x-di | 4.19.118-2+deb10u1 | s390x mtd-core-modules-4.19.0-9-s390x-di | 4.19.118-2+deb10u1 | s390x multipath-modules-4.19.0-9-s390x-di | 4.19.118-2+deb10u1 | s390x nbd-modules-4.19.0-9-s390x-di | 4.19.118-2+deb10u1 | s390x nic-modules-4.19.0-9-s390x-di | 4.19.118-2+deb10u1 | s390x scsi-core-modules-4.19.0-9-s390x-di | 4.19.118-2+deb10u1 | s390x scsi-modules-4.19.0-9-s390x-di | 4.19.118-2+deb10u1 | s390x udf-modules-4.19.0-9-s390x-di | 4.19.118-2+deb10u1 | s390x xfs-modules-4.19.0-9-s390x-di | 4.19.118-2+deb10u1 | s390x zlib-modules-4.19.0-9-s390x-di | 4.19.118-2+deb10u1 | s390x ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 26 Sep 2020 09:08:01 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: linux-headers-4.19.0-9-all | 4.19.118-2+deb10u1 | amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 26 Sep 2020 09:08:17 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: linux-headers-4.19.0-9-all-arm64 | 4.19.118-2+deb10u1 | arm64 linux-headers-4.19.0-9-arm64 | 4.19.118-2+deb10u1 | arm64 linux-headers-4.19.0-9-rt-arm64 | 4.19.118-2+deb10u1 | arm64 linux-image-4.19.0-9-arm64-dbg | 4.19.118-2+deb10u1 | arm64 linux-image-4.19.0-9-arm64-unsigned | 4.19.118-2+deb10u1 | arm64 linux-image-4.19.0-9-rt-arm64-dbg | 4.19.118-2+deb10u1 | arm64 linux-image-4.19.0-9-rt-arm64-unsigned | 4.19.118-2+deb10u1 | arm64 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 26 Sep 2020 09:08:35 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: btrfs-modules-4.19.0-9-marvell-di | 4.19.118-2+deb10u1 | armel cdrom-core-modules-4.19.0-9-marvell-di | 4.19.118-2+deb10u1 | armel compress-modules-4.19.0-9-marvell-di | 4.19.118-2+deb10u1 | armel crc-modules-4.19.0-9-marvell-di | 4.19.118-2+deb10u1 | armel crypto-dm-modules-4.19.0-9-marvell-di | 4.19.118-2+deb10u1 | armel crypto-modules-4.19.0-9-marvell-di | 4.19.118-2+deb10u1 | armel event-modules-4.19.0-9-marvell-di | 4.19.118-2+deb10u1 | armel ext4-modules-4.19.0-9-marvell-di | 4.19.118-2+deb10u1 | armel fat-modules-4.19.0-9-marvell-di | 4.19.118-2+deb10u1 | armel fb-modules-4.19.0-9-marvell-di | 4.19.118-2+deb10u1 | armel fuse-modules-4.19.0-9-marvell-di | 4.19.118-2+deb10u1 | armel input-modules-4.19.0-9-marvell-di | 4.19.118-2+deb10u1 | armel ipv6-modules-4.19.0-9-marvell-di | 4.19.118-2+deb10u1 | armel isofs-modules-4.19.0-9-marvell-di | 4.19.118-2+deb10u1 | armel jffs2-modules-4.19.0-9-marvell-di | 4.19.118-2+deb10u1 | armel jfs-modules-4.19.0-9-marvell-di | 4.19.118-2+deb10u1 | armel kernel-image-4.19.0-9-marvell-di | 4.19.118-2+deb10u1 | armel leds-modules-4.19.0-9-marvell-di | 4.19.118-2+deb10u1 | armel linux-headers-4.19.0-9-all-armel | 4.19.118-2+deb10u1 | armel linux-headers-4.19.0-9-marvell | 4.19.118-2+deb10u1 | armel linux-headers-4.19.0-9-rpi | 4.19.118-2+deb10u1 | armel linux-image-4.19.0-9-marvell | 4.19.118-2+deb10u1 | armel linux-image-4.19.0-9-marvell-dbg | 4.19.118-2+deb10u1 | armel linux-image-4.19.0-9-rpi | 4.19.118-2+deb10u1 | armel linux-image-4.19.0-9-rpi-dbg | 4.19.118-2+deb10u1 | armel loop-modules-4.19.0-9-marvell-di | 4.19.118-2+deb10u1 | armel md-modules-4.19.0-9-marvell-di | 4.19.118-2+deb10u1 | armel minix-modules-4.19.0-9-marvell-di | 4.19.118-2+deb10u1 | armel mmc-core-modules-4.19.0-9-marvell-di | 4.19.118-2+deb10u1 | armel mmc-modules-4.19.0-9-marvell-di | 4.19.118-2+deb10u1 | armel mouse-modules-4.19.0-9-marvell-di | 4.19.118-2+deb10u1 | armel mtd-core-modules-4.19.0-9-marvell-di | 4.19.118-2+deb10u1 | armel mtd-modules-4.19.0-9-marvell-di | 4.19.118-2+deb10u1 | armel multipath-modules-4.19.0-9-marvell-di | 4.19.118-2+deb10u1 | armel nbd-modules-4.19.0-9-marvell-di | 4.19.118-2+deb10u1 | armel nic-modules-4.19.0-9-marvell-di | 4.19.118-2+deb10u1 | armel nic-shared-modules-4.19.0-9-marvell-di | 4.19.118-2+deb10u1 | armel nic-usb-modules-4.19.0-9-marvell-di | 4.19.118-2+deb10u1 | armel ppp-modules-4.19.0-9-marvell-di | 4.19.118-2+deb10u1 | armel sata-modules-4.19.0-9-marvell-di | 4.19.118-2+deb10u1 | armel scsi-core-modules-4.19.0-9-marvell-di | 4.19.118-2+deb10u1 | armel squashfs-modules-4.19.0-9-marvell-di | 4.19.118-2+deb10u1 | armel udf-modules-4.19.0-9-marvell-di | 4.19.118-2+deb10u1 | armel uinput-modules-4.19.0-9-marvell-di | 4.19.118-2+deb10u1 | armel usb-modules-4.19.0-9-marvell-di | 4.19.118-2+deb10u1 | armel usb-serial-modules-4.19.0-9-marvell-di | 4.19.118-2+deb10u1 | armel usb-storage-modules-4.19.0-9-marvell-di | 4.19.118-2+deb10u1 | armel zlib-modules-4.19.0-9-marvell-di | 4.19.118-2+deb10u1 | armel ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 26 Sep 2020 09:08:45 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: ata-modules-4.19.0-9-armmp-di | 4.19.118-2+deb10u1 | armhf btrfs-modules-4.19.0-9-armmp-di | 4.19.118-2+deb10u1 | armhf cdrom-core-modules-4.19.0-9-armmp-di | 4.19.118-2+deb10u1 | armhf compress-modules-4.19.0-9-armmp-di | 4.19.118-2+deb10u1 | armhf crc-modules-4.19.0-9-armmp-di | 4.19.118-2+deb10u1 | armhf crypto-dm-modules-4.19.0-9-armmp-di | 4.19.118-2+deb10u1 | armhf crypto-modules-4.19.0-9-armmp-di | 4.19.118-2+deb10u1 | armhf efi-modules-4.19.0-9-armmp-di | 4.19.118-2+deb10u1 | armhf event-modules-4.19.0-9-armmp-di | 4.19.118-2+deb10u1 | armhf ext4-modules-4.19.0-9-armmp-di | 4.19.118-2+deb10u1 | armhf fat-modules-4.19.0-9-armmp-di | 4.19.118-2+deb10u1 | armhf fb-modules-4.19.0-9-armmp-di | 4.19.118-2+deb10u1 | armhf fuse-modules-4.19.0-9-armmp-di | 4.19.118-2+deb10u1 | armhf i2c-modules-4.19.0-9-armmp-di | 4.19.118-2+deb10u1 | armhf input-modules-4.19.0-9-armmp-di | 4.19.118-2+deb10u1 | armhf isofs-modules-4.19.0-9-armmp-di | 4.19.118-2+deb10u1 | armhf jfs-modules-4.19.0-9-armmp-di | 4.19.118-2+deb10u1 | armhf kernel-image-4.19.0-9-armmp-di | 4.19.118-2+deb10u1 | armhf leds-modules-4.19.0-9-armmp-di | 4.19.118-2+deb10u1 | armhf linux-headers-4.19.0-9-all-armhf | 4.19.118-2+deb10u1 | armhf linux-headers-4.19.0-9-armmp | 4.19.118-2+deb10u1 | armhf linux-headers-4.19.0-9-armmp-lpae | 4.19.118-2+deb10u1 | armhf linux-headers-4.19.0-9-rt-armmp | 4.19.118-2+deb10u1 | armhf linux-image-4.19.0-9-armmp | 4.19.118-2+deb10u1 | armhf linux-image-4.19.0-9-armmp-dbg | 4.19.118-2+deb10u1 | armhf linux-image-4.19.0-9-armmp-lpae | 4.19.118-2+deb10u1 | armhf linux-image-4.19.0-9-armmp-lpae-dbg | 4.19.118-2+deb10u1 | armhf linux-image-4.19.0-9-rt-armmp | 4.19.118-2+deb10u1 | armhf linux-image-4.19.0-9-rt-armmp-dbg | 4.19.118-2+deb10u1 | armhf loop-modules-4.19.0-9-armmp-di | 4.19.118-2+deb10u1 | armhf md-modules-4.19.0-9-armmp-di | 4.19.118-2+deb10u1 | armhf mmc-modules-4.19.0-9-armmp-di | 4.19.118-2+deb10u1 | armhf mtd-modules-4.19.0-9-armmp-di | 4.19.118-2+deb10u1 | armhf multipath-modules-4.19.0-9-armmp-di | 4.19.118-2+deb10u1 | armhf nbd-modules-4.19.0-9-armmp-di | 4.19.118-2+deb10u1 | armhf nic-modules-4.19.0-9-armmp-di | 4.19.118-2+deb10u1 | armhf nic-shared-modules-4.19.0-9-armmp-di | 4.19.118-2+deb10u1 | armhf nic-usb-modules-4.19.0-9-armmp-di | 4.19.118-2+deb10u1 | armhf nic-wireless-modules-4.19.0-9-armmp-di | 4.19.118-2+deb10u1 | armhf pata-modules-4.19.0-9-armmp-di | 4.19.118-2+deb10u1 | armhf ppp-modules-4.19.0-9-armmp-di | 4.19.118-2+deb10u1 | armhf sata-modules-4.19.0-9-armmp-di | 4.19.118-2+deb10u1 | armhf scsi-core-modules-4.19.0-9-armmp-di | 4.19.118-2+deb10u1 | armhf scsi-modules-4.19.0-9-armmp-di | 4.19.118-2+deb10u1 | armhf scsi-nic-modules-4.19.0-9-armmp-di | 4.19.118-2+deb10u1 | armhf squashfs-modules-4.19.0-9-armmp-di | 4.19.118-2+deb10u1 | armhf udf-modules-4.19.0-9-armmp-di | 4.19.118-2+deb10u1 | armhf uinput-modules-4.19.0-9-armmp-di | 4.19.118-2+deb10u1 | armhf usb-modules-4.19.0-9-armmp-di | 4.19.118-2+deb10u1 | armhf usb-serial-modules-4.19.0-9-armmp-di | 4.19.118-2+deb10u1 | armhf usb-storage-modules-4.19.0-9-armmp-di | 4.19.118-2+deb10u1 | armhf zlib-modules-4.19.0-9-armmp-di | 4.19.118-2+deb10u1 | armhf ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 26 Sep 2020 09:08:54 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: linux-headers-4.19.0-9-686 | 4.19.118-2+deb10u1 | i386 linux-headers-4.19.0-9-686-pae | 4.19.118-2+deb10u1 | i386 linux-headers-4.19.0-9-all-i386 | 4.19.118-2+deb10u1 | i386 linux-headers-4.19.0-9-rt-686-pae | 4.19.118-2+deb10u1 | i386 linux-image-4.19.0-9-686-dbg | 4.19.118-2+deb10u1 | i386 linux-image-4.19.0-9-686-pae-dbg | 4.19.118-2+deb10u1 | i386 linux-image-4.19.0-9-686-pae-unsigned | 4.19.118-2+deb10u1 | i386 linux-image-4.19.0-9-686-unsigned | 4.19.118-2+deb10u1 | i386 linux-image-4.19.0-9-rt-686-pae-dbg | 4.19.118-2+deb10u1 | i386 linux-image-4.19.0-9-rt-686-pae-unsigned | 4.19.118-2+deb10u1 | i386 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 26 Sep 2020 09:09:03 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: linux-headers-4.19.0-9-all-mips | 4.19.118-2+deb10u1 | mips ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 26 Sep 2020 09:09:16 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: affs-modules-4.19.0-9-octeon-di | 4.19.118-2+deb10u1 | mips, mips64el, mipsel btrfs-modules-4.19.0-9-octeon-di | 4.19.118-2+deb10u1 | mips, mips64el, mipsel cdrom-core-modules-4.19.0-9-octeon-di | 4.19.118-2+deb10u1 | mips, mips64el, mipsel compress-modules-4.19.0-9-octeon-di | 4.19.118-2+deb10u1 | mips, mips64el, mipsel crc-modules-4.19.0-9-octeon-di | 4.19.118-2+deb10u1 | mips, mips64el, mipsel crypto-dm-modules-4.19.0-9-octeon-di | 4.19.118-2+deb10u1 | mips, mips64el, mipsel crypto-modules-4.19.0-9-octeon-di | 4.19.118-2+deb10u1 | mips, mips64el, mipsel event-modules-4.19.0-9-octeon-di | 4.19.118-2+deb10u1 | mips, mips64el, mipsel ext4-modules-4.19.0-9-octeon-di | 4.19.118-2+deb10u1 | mips, mips64el, mipsel fat-modules-4.19.0-9-octeon-di | 4.19.118-2+deb10u1 | mips, mips64el, mipsel fuse-modules-4.19.0-9-octeon-di | 4.19.118-2+deb10u1 | mips, mips64el, mipsel hfs-modules-4.19.0-9-octeon-di | 4.19.118-2+deb10u1 | mips, mips64el, mipsel input-modules-4.19.0-9-octeon-di | 4.19.118-2+deb10u1 | mips, mips64el, mipsel isofs-modules-4.19.0-9-octeon-di | 4.19.118-2+deb10u1 | mips, mips64el, mipsel jfs-modules-4.19.0-9-octeon-di | 4.19.118-2+deb10u1 | mips, mips64el, mipsel kernel-image-4.19.0-9-octeon-di | 4.19.118-2+deb10u1 | mips, mips64el, mipsel linux-headers-4.19.0-9-5kc-malta | 4.19.118-2+deb10u1 | mips, mips64el, mipsel linux-headers-4.19.0-9-octeon | 4.19.118-2+deb10u1 | mips, mips64el, mipsel linux-image-4.19.0-9-5kc-malta | 4.19.118-2+deb10u1 | mips, mips64el, mipsel linux-image-4.19.0-9-5kc-malta-dbg | 4.19.118-2+deb10u1 | mips, mips64el, mipsel linux-image-4.19.0-9-octeon | 4.19.118-2+deb10u1 | mips, mips64el, mipsel linux-image-4.19.0-9-octeon-dbg | 4.19.118-2+deb10u1 | mips, mips64el, mipsel loop-modules-4.19.0-9-octeon-di | 4.19.118-2+deb10u1 | mips, mips64el, mipsel md-modules-4.19.0-9-octeon-di | 4.19.118-2+deb10u1 | mips, mips64el, mipsel minix-modules-4.19.0-9-octeon-di | 4.19.118-2+deb10u1 | mips, mips64el, mipsel multipath-modules-4.19.0-9-octeon-di | 4.19.118-2+deb10u1 | mips, mips64el, mipsel nbd-modules-4.19.0-9-octeon-di | 4.19.118-2+deb10u1 | mips, mips64el, mipsel nic-modules-4.19.0-9-octeon-di | 4.19.118-2+deb10u1 | mips, mips64el, mipsel nic-shared-modules-4.19.0-9-octeon-di | 4.19.118-2+deb10u1 | mips, mips64el, mipsel nic-usb-modules-4.19.0-9-octeon-di | 4.19.118-2+deb10u1 | mips, mips64el, mipsel nic-wireless-modules-4.19.0-9-octeon-di | 4.19.118-2+deb10u1 | mips, mips64el, mipsel pata-modules-4.19.0-9-octeon-di | 4.19.118-2+deb10u1 | mips, mips64el, mipsel ppp-modules-4.19.0-9-octeon-di | 4.19.118-2+deb10u1 | mips, mips64el, mipsel rtc-modules-4.19.0-9-octeon-di | 4.19.118-2+deb10u1 | mips, mips64el, mipsel sata-modules-4.19.0-9-octeon-di | 4.19.118-2+deb10u1 | mips, mips64el, mipsel scsi-core-modules-4.19.0-9-octeon-di | 4.19.118-2+deb10u1 | mips, mips64el, mipsel scsi-modules-4.19.0-9-octeon-di | 4.19.118-2+deb10u1 | mips, mips64el, mipsel scsi-nic-modules-4.19.0-9-octeon-di | 4.19.118-2+deb10u1 | mips, mips64el, mipsel sound-modules-4.19.0-9-octeon-di | 4.19.118-2+deb10u1 | mips, mips64el, mipsel squashfs-modules-4.19.0-9-octeon-di | 4.19.118-2+deb10u1 | mips, mips64el, mipsel udf-modules-4.19.0-9-octeon-di | 4.19.118-2+deb10u1 | mips, mips64el, mipsel usb-modules-4.19.0-9-octeon-di | 4.19.118-2+deb10u1 | mips, mips64el, mipsel usb-serial-modules-4.19.0-9-octeon-di | 4.19.118-2+deb10u1 | mips, mips64el, mipsel usb-storage-modules-4.19.0-9-octeon-di | 4.19.118-2+deb10u1 | mips, mips64el, mipsel xfs-modules-4.19.0-9-octeon-di | 4.19.118-2+deb10u1 | mips, mips64el, mipsel zlib-modules-4.19.0-9-octeon-di | 4.19.118-2+deb10u1 | mips, mips64el, mipsel ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 26 Sep 2020 09:09:32 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: affs-modules-4.19.0-9-4kc-malta-di | 4.19.118-2+deb10u1 | mips, mipsel ata-modules-4.19.0-9-4kc-malta-di | 4.19.118-2+deb10u1 | mips, mipsel btrfs-modules-4.19.0-9-4kc-malta-di | 4.19.118-2+deb10u1 | mips, mipsel cdrom-core-modules-4.19.0-9-4kc-malta-di | 4.19.118-2+deb10u1 | mips, mipsel compress-modules-4.19.0-9-4kc-malta-di | 4.19.118-2+deb10u1 | mips, mipsel crc-modules-4.19.0-9-4kc-malta-di | 4.19.118-2+deb10u1 | mips, mipsel crypto-dm-modules-4.19.0-9-4kc-malta-di | 4.19.118-2+deb10u1 | mips, mipsel crypto-modules-4.19.0-9-4kc-malta-di | 4.19.118-2+deb10u1 | mips, mipsel event-modules-4.19.0-9-4kc-malta-di | 4.19.118-2+deb10u1 | mips, mipsel ext4-modules-4.19.0-9-4kc-malta-di | 4.19.118-2+deb10u1 | mips, mipsel fat-modules-4.19.0-9-4kc-malta-di | 4.19.118-2+deb10u1 | mips, mipsel fb-modules-4.19.0-9-4kc-malta-di | 4.19.118-2+deb10u1 | mips, mipsel fuse-modules-4.19.0-9-4kc-malta-di | 4.19.118-2+deb10u1 | mips, mipsel hfs-modules-4.19.0-9-4kc-malta-di | 4.19.118-2+deb10u1 | mips, mipsel i2c-modules-4.19.0-9-4kc-malta-di | 4.19.118-2+deb10u1 | mips, mipsel input-modules-4.19.0-9-4kc-malta-di | 4.19.118-2+deb10u1 | mips, mipsel isofs-modules-4.19.0-9-4kc-malta-di | 4.19.118-2+deb10u1 | mips, mipsel jfs-modules-4.19.0-9-4kc-malta-di | 4.19.118-2+deb10u1 | mips, mipsel kernel-image-4.19.0-9-4kc-malta-di | 4.19.118-2+deb10u1 | mips, mipsel linux-headers-4.19.0-9-4kc-malta | 4.19.118-2+deb10u1 | mips, mipsel linux-image-4.19.0-9-4kc-malta | 4.19.118-2+deb10u1 | mips, mipsel linux-image-4.19.0-9-4kc-malta-dbg | 4.19.118-2+deb10u1 | mips, mipsel loop-modules-4.19.0-9-4kc-malta-di | 4.19.118-2+deb10u1 | mips, mipsel md-modules-4.19.0-9-4kc-malta-di | 4.19.118-2+deb10u1 | mips, mipsel minix-modules-4.19.0-9-4kc-malta-di | 4.19.118-2+deb10u1 | mips, mipsel mmc-core-modules-4.19.0-9-4kc-malta-di | 4.19.118-2+deb10u1 | mips, mipsel mmc-modules-4.19.0-9-4kc-malta-di | 4.19.118-2+deb10u1 | mips, mipsel mouse-modules-4.19.0-9-4kc-malta-di | 4.19.118-2+deb10u1 | mips, mipsel mtd-core-modules-4.19.0-9-4kc-malta-di | 4.19.118-2+deb10u1 | mips, mipsel multipath-modules-4.19.0-9-4kc-malta-di | 4.19.118-2+deb10u1 | mips, mipsel nbd-modules-4.19.0-9-4kc-malta-di | 4.19.118-2+deb10u1 | mips, mipsel nic-modules-4.19.0-9-4kc-malta-di | 4.19.118-2+deb10u1 | mips, mipsel nic-shared-modules-4.19.0-9-4kc-malta-di | 4.19.118-2+deb10u1 | mips, mipsel nic-usb-modules-4.19.0-9-4kc-malta-di | 4.19.118-2+deb10u1 | mips, mipsel nic-wireless-modules-4.19.0-9-4kc-malta-di | 4.19.118-2+deb10u1 | mips, mipsel pata-modules-4.19.0-9-4kc-malta-di | 4.19.118-2+deb10u1 | mips, mipsel ppp-modules-4.19.0-9-4kc-malta-di | 4.19.118-2+deb10u1 | mips, mipsel sata-modules-4.19.0-9-4kc-malta-di | 4.19.118-2+deb10u1 | mips, mipsel scsi-core-modules-4.19.0-9-4kc-malta-di | 4.19.118-2+deb10u1 | mips, mipsel scsi-modules-4.19.0-9-4kc-malta-di | 4.19.118-2+deb10u1 | mips, mipsel scsi-nic-modules-4.19.0-9-4kc-malta-di | 4.19.118-2+deb10u1 | mips, mipsel sound-modules-4.19.0-9-4kc-malta-di | 4.19.118-2+deb10u1 | mips, mipsel squashfs-modules-4.19.0-9-4kc-malta-di | 4.19.118-2+deb10u1 | mips, mipsel udf-modules-4.19.0-9-4kc-malta-di | 4.19.118-2+deb10u1 | mips, mipsel usb-modules-4.19.0-9-4kc-malta-di | 4.19.118-2+deb10u1 | mips, mipsel usb-serial-modules-4.19.0-9-4kc-malta-di | 4.19.118-2+deb10u1 | mips, mipsel usb-storage-modules-4.19.0-9-4kc-malta-di | 4.19.118-2+deb10u1 | mips, mipsel xfs-modules-4.19.0-9-4kc-malta-di | 4.19.118-2+deb10u1 | mips, mipsel zlib-modules-4.19.0-9-4kc-malta-di | 4.19.118-2+deb10u1 | mips, mipsel ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 26 Sep 2020 09:09:46 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: affs-modules-4.19.0-9-5kc-malta-di | 4.19.118-2+deb10u1 | mips64el ata-modules-4.19.0-9-5kc-malta-di | 4.19.118-2+deb10u1 | mips64el btrfs-modules-4.19.0-9-5kc-malta-di | 4.19.118-2+deb10u1 | mips64el cdrom-core-modules-4.19.0-9-5kc-malta-di | 4.19.118-2+deb10u1 | mips64el compress-modules-4.19.0-9-5kc-malta-di | 4.19.118-2+deb10u1 | mips64el crc-modules-4.19.0-9-5kc-malta-di | 4.19.118-2+deb10u1 | mips64el crypto-dm-modules-4.19.0-9-5kc-malta-di | 4.19.118-2+deb10u1 | mips64el crypto-modules-4.19.0-9-5kc-malta-di | 4.19.118-2+deb10u1 | mips64el event-modules-4.19.0-9-5kc-malta-di | 4.19.118-2+deb10u1 | mips64el ext4-modules-4.19.0-9-5kc-malta-di | 4.19.118-2+deb10u1 | mips64el fat-modules-4.19.0-9-5kc-malta-di | 4.19.118-2+deb10u1 | mips64el fb-modules-4.19.0-9-5kc-malta-di | 4.19.118-2+deb10u1 | mips64el fuse-modules-4.19.0-9-5kc-malta-di | 4.19.118-2+deb10u1 | mips64el hfs-modules-4.19.0-9-5kc-malta-di | 4.19.118-2+deb10u1 | mips64el i2c-modules-4.19.0-9-5kc-malta-di | 4.19.118-2+deb10u1 | mips64el input-modules-4.19.0-9-5kc-malta-di | 4.19.118-2+deb10u1 | mips64el isofs-modules-4.19.0-9-5kc-malta-di | 4.19.118-2+deb10u1 | mips64el jfs-modules-4.19.0-9-5kc-malta-di | 4.19.118-2+deb10u1 | mips64el kernel-image-4.19.0-9-5kc-malta-di | 4.19.118-2+deb10u1 | mips64el linux-headers-4.19.0-9-all-mips64el | 4.19.118-2+deb10u1 | mips64el loop-modules-4.19.0-9-5kc-malta-di | 4.19.118-2+deb10u1 | mips64el md-modules-4.19.0-9-5kc-malta-di | 4.19.118-2+deb10u1 | mips64el minix-modules-4.19.0-9-5kc-malta-di | 4.19.118-2+deb10u1 | mips64el mmc-core-modules-4.19.0-9-5kc-malta-di | 4.19.118-2+deb10u1 | mips64el mmc-modules-4.19.0-9-5kc-malta-di | 4.19.118-2+deb10u1 | mips64el mouse-modules-4.19.0-9-5kc-malta-di | 4.19.118-2+deb10u1 | mips64el mtd-core-modules-4.19.0-9-5kc-malta-di | 4.19.118-2+deb10u1 | mips64el multipath-modules-4.19.0-9-5kc-malta-di | 4.19.118-2+deb10u1 | mips64el nbd-modules-4.19.0-9-5kc-malta-di | 4.19.118-2+deb10u1 | mips64el nic-modules-4.19.0-9-5kc-malta-di | 4.19.118-2+deb10u1 | mips64el nic-shared-modules-4.19.0-9-5kc-malta-di | 4.19.118-2+deb10u1 | mips64el nic-usb-modules-4.19.0-9-5kc-malta-di | 4.19.118-2+deb10u1 | mips64el nic-wireless-modules-4.19.0-9-5kc-malta-di | 4.19.118-2+deb10u1 | mips64el pata-modules-4.19.0-9-5kc-malta-di | 4.19.118-2+deb10u1 | mips64el ppp-modules-4.19.0-9-5kc-malta-di | 4.19.118-2+deb10u1 | mips64el sata-modules-4.19.0-9-5kc-malta-di | 4.19.118-2+deb10u1 | mips64el scsi-core-modules-4.19.0-9-5kc-malta-di | 4.19.118-2+deb10u1 | mips64el scsi-modules-4.19.0-9-5kc-malta-di | 4.19.118-2+deb10u1 | mips64el scsi-nic-modules-4.19.0-9-5kc-malta-di | 4.19.118-2+deb10u1 | mips64el sound-modules-4.19.0-9-5kc-malta-di | 4.19.118-2+deb10u1 | mips64el squashfs-modules-4.19.0-9-5kc-malta-di | 4.19.118-2+deb10u1 | mips64el udf-modules-4.19.0-9-5kc-malta-di | 4.19.118-2+deb10u1 | mips64el usb-modules-4.19.0-9-5kc-malta-di | 4.19.118-2+deb10u1 | mips64el usb-serial-modules-4.19.0-9-5kc-malta-di | 4.19.118-2+deb10u1 | mips64el usb-storage-modules-4.19.0-9-5kc-malta-di | 4.19.118-2+deb10u1 | mips64el xfs-modules-4.19.0-9-5kc-malta-di | 4.19.118-2+deb10u1 | mips64el zlib-modules-4.19.0-9-5kc-malta-di | 4.19.118-2+deb10u1 | mips64el ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 26 Sep 2020 09:10:10 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: affs-modules-4.19.0-9-loongson-3-di | 4.19.118-2+deb10u1 | mips64el, mipsel ata-modules-4.19.0-9-loongson-3-di | 4.19.118-2+deb10u1 | mips64el, mipsel btrfs-modules-4.19.0-9-loongson-3-di | 4.19.118-2+deb10u1 | mips64el, mipsel cdrom-core-modules-4.19.0-9-loongson-3-di | 4.19.118-2+deb10u1 | mips64el, mipsel compress-modules-4.19.0-9-loongson-3-di | 4.19.118-2+deb10u1 | mips64el, mipsel crc-modules-4.19.0-9-loongson-3-di | 4.19.118-2+deb10u1 | mips64el, mipsel crypto-dm-modules-4.19.0-9-loongson-3-di | 4.19.118-2+deb10u1 | mips64el, mipsel crypto-modules-4.19.0-9-loongson-3-di | 4.19.118-2+deb10u1 | mips64el, mipsel event-modules-4.19.0-9-loongson-3-di | 4.19.118-2+deb10u1 | mips64el, mipsel ext4-modules-4.19.0-9-loongson-3-di | 4.19.118-2+deb10u1 | mips64el, mipsel fat-modules-4.19.0-9-loongson-3-di | 4.19.118-2+deb10u1 | mips64el, mipsel fb-modules-4.19.0-9-loongson-3-di | 4.19.118-2+deb10u1 | mips64el, mipsel firewire-core-modules-4.19.0-9-loongson-3-di | 4.19.118-2+deb10u1 | mips64el, mipsel fuse-modules-4.19.0-9-loongson-3-di | 4.19.118-2+deb10u1 | mips64el, mipsel hfs-modules-4.19.0-9-loongson-3-di | 4.19.118-2+deb10u1 | mips64el, mipsel input-modules-4.19.0-9-loongson-3-di | 4.19.118-2+deb10u1 | mips64el, mipsel isofs-modules-4.19.0-9-loongson-3-di | 4.19.118-2+deb10u1 | mips64el, mipsel jfs-modules-4.19.0-9-loongson-3-di | 4.19.118-2+deb10u1 | mips64el, mipsel kernel-image-4.19.0-9-loongson-3-di | 4.19.118-2+deb10u1 | mips64el, mipsel linux-headers-4.19.0-9-loongson-3 | 4.19.118-2+deb10u1 | mips64el, mipsel linux-image-4.19.0-9-loongson-3 | 4.19.118-2+deb10u1 | mips64el, mipsel linux-image-4.19.0-9-loongson-3-dbg | 4.19.118-2+deb10u1 | mips64el, mipsel loop-modules-4.19.0-9-loongson-3-di | 4.19.118-2+deb10u1 | mips64el, mipsel md-modules-4.19.0-9-loongson-3-di | 4.19.118-2+deb10u1 | mips64el, mipsel minix-modules-4.19.0-9-loongson-3-di | 4.19.118-2+deb10u1 | mips64el, mipsel mtd-core-modules-4.19.0-9-loongson-3-di | 4.19.118-2+deb10u1 | mips64el, mipsel multipath-modules-4.19.0-9-loongson-3-di | 4.19.118-2+deb10u1 | mips64el, mipsel nbd-modules-4.19.0-9-loongson-3-di | 4.19.118-2+deb10u1 | mips64el, mipsel nfs-modules-4.19.0-9-loongson-3-di | 4.19.118-2+deb10u1 | mips64el, mipsel nic-modules-4.19.0-9-loongson-3-di | 4.19.118-2+deb10u1 | mips64el, mipsel nic-shared-modules-4.19.0-9-loongson-3-di | 4.19.118-2+deb10u1 | mips64el, mipsel nic-usb-modules-4.19.0-9-loongson-3-di | 4.19.118-2+deb10u1 | mips64el, mipsel nic-wireless-modules-4.19.0-9-loongson-3-di | 4.19.118-2+deb10u1 | mips64el, mipsel pata-modules-4.19.0-9-loongson-3-di | 4.19.118-2+deb10u1 | mips64el, mipsel ppp-modules-4.19.0-9-loongson-3-di | 4.19.118-2+deb10u1 | mips64el, mipsel sata-modules-4.19.0-9-loongson-3-di | 4.19.118-2+deb10u1 | mips64el, mipsel scsi-core-modules-4.19.0-9-loongson-3-di | 4.19.118-2+deb10u1 | mips64el, mipsel scsi-modules-4.19.0-9-loongson-3-di | 4.19.118-2+deb10u1 | mips64el, mipsel scsi-nic-modules-4.19.0-9-loongson-3-di | 4.19.118-2+deb10u1 | mips64el, mipsel sound-modules-4.19.0-9-loongson-3-di | 4.19.118-2+deb10u1 | mips64el, mipsel speakup-modules-4.19.0-9-loongson-3-di | 4.19.118-2+deb10u1 | mips64el, mipsel squashfs-modules-4.19.0-9-loongson-3-di | 4.19.118-2+deb10u1 | mips64el, mipsel udf-modules-4.19.0-9-loongson-3-di | 4.19.118-2+deb10u1 | mips64el, mipsel usb-modules-4.19.0-9-loongson-3-di | 4.19.118-2+deb10u1 | mips64el, mipsel usb-serial-modules-4.19.0-9-loongson-3-di | 4.19.118-2+deb10u1 | mips64el, mipsel usb-storage-modules-4.19.0-9-loongson-3-di | 4.19.118-2+deb10u1 | mips64el, mipsel xfs-modules-4.19.0-9-loongson-3-di | 4.19.118-2+deb10u1 | mips64el, mipsel zlib-modules-4.19.0-9-loongson-3-di | 4.19.118-2+deb10u1 | mips64el, mipsel ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 26 Sep 2020 09:10:21 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: acpi-modules-4.19.0-9-amd64-di | 4.19.118-2+deb10u1 | amd64 ata-modules-4.19.0-9-amd64-di | 4.19.118-2+deb10u1 | amd64 btrfs-modules-4.19.0-9-amd64-di | 4.19.118-2+deb10u1 | amd64 cdrom-core-modules-4.19.0-9-amd64-di | 4.19.118-2+deb10u1 | amd64 compress-modules-4.19.0-9-amd64-di | 4.19.118-2+deb10u1 | amd64 crc-modules-4.19.0-9-amd64-di | 4.19.118-2+deb10u1 | amd64 crypto-dm-modules-4.19.0-9-amd64-di | 4.19.118-2+deb10u1 | amd64 crypto-modules-4.19.0-9-amd64-di | 4.19.118-2+deb10u1 | amd64 efi-modules-4.19.0-9-amd64-di | 4.19.118-2+deb10u1 | amd64 event-modules-4.19.0-9-amd64-di | 4.19.118-2+deb10u1 | amd64 ext4-modules-4.19.0-9-amd64-di | 4.19.118-2+deb10u1 | amd64 fat-modules-4.19.0-9-amd64-di | 4.19.118-2+deb10u1 | amd64 fb-modules-4.19.0-9-amd64-di | 4.19.118-2+deb10u1 | amd64 firewire-core-modules-4.19.0-9-amd64-di | 4.19.118-2+deb10u1 | amd64 fuse-modules-4.19.0-9-amd64-di | 4.19.118-2+deb10u1 | amd64 i2c-modules-4.19.0-9-amd64-di | 4.19.118-2+deb10u1 | amd64 input-modules-4.19.0-9-amd64-di | 4.19.118-2+deb10u1 | amd64 isofs-modules-4.19.0-9-amd64-di | 4.19.118-2+deb10u1 | amd64 jfs-modules-4.19.0-9-amd64-di | 4.19.118-2+deb10u1 | amd64 kernel-image-4.19.0-9-amd64-di | 4.19.118-2+deb10u1 | amd64 linux-image-4.19.0-9-amd64 | 4.19.118-2+deb10u1 | amd64 linux-image-4.19.0-9-cloud-amd64 | 4.19.118-2+deb10u1 | amd64 linux-image-4.19.0-9-rt-amd64 | 4.19.118-2+deb10u1 | amd64 loop-modules-4.19.0-9-amd64-di | 4.19.118-2+deb10u1 | amd64 md-modules-4.19.0-9-amd64-di | 4.19.118-2+deb10u1 | amd64 mmc-core-modules-4.19.0-9-amd64-di | 4.19.118-2+deb10u1 | amd64 mmc-modules-4.19.0-9-amd64-di | 4.19.118-2+deb10u1 | amd64 mouse-modules-4.19.0-9-amd64-di | 4.19.118-2+deb10u1 | amd64 mtd-core-modules-4.19.0-9-amd64-di | 4.19.118-2+deb10u1 | amd64 multipath-modules-4.19.0-9-amd64-di | 4.19.118-2+deb10u1 | amd64 nbd-modules-4.19.0-9-amd64-di | 4.19.118-2+deb10u1 | amd64 nic-modules-4.19.0-9-amd64-di | 4.19.118-2+deb10u1 | amd64 nic-pcmcia-modules-4.19.0-9-amd64-di | 4.19.118-2+deb10u1 | amd64 nic-shared-modules-4.19.0-9-amd64-di | 4.19.118-2+deb10u1 | amd64 nic-usb-modules-4.19.0-9-amd64-di | 4.19.118-2+deb10u1 | amd64 nic-wireless-modules-4.19.0-9-amd64-di | 4.19.118-2+deb10u1 | amd64 pata-modules-4.19.0-9-amd64-di | 4.19.118-2+deb10u1 | amd64 pcmcia-modules-4.19.0-9-amd64-di | 4.19.118-2+deb10u1 | amd64 pcmcia-storage-modules-4.19.0-9-amd64-di | 4.19.118-2+deb10u1 | amd64 ppp-modules-4.19.0-9-amd64-di | 4.19.118-2+deb10u1 | amd64 sata-modules-4.19.0-9-amd64-di | 4.19.118-2+deb10u1 | amd64 scsi-core-modules-4.19.0-9-amd64-di | 4.19.118-2+deb10u1 | amd64 scsi-modules-4.19.0-9-amd64-di | 4.19.118-2+deb10u1 | amd64 scsi-nic-modules-4.19.0-9-amd64-di | 4.19.118-2+deb10u1 | amd64 serial-modules-4.19.0-9-amd64-di | 4.19.118-2+deb10u1 | amd64 sound-modules-4.19.0-9-amd64-di | 4.19.118-2+deb10u1 | amd64 speakup-modules-4.19.0-9-amd64-di | 4.19.118-2+deb10u1 | amd64 squashfs-modules-4.19.0-9-amd64-di | 4.19.118-2+deb10u1 | amd64 udf-modules-4.19.0-9-amd64-di | 4.19.118-2+deb10u1 | amd64 uinput-modules-4.19.0-9-amd64-di | 4.19.118-2+deb10u1 | amd64 usb-modules-4.19.0-9-amd64-di | 4.19.118-2+deb10u1 | amd64 usb-serial-modules-4.19.0-9-amd64-di | 4.19.118-2+deb10u1 | amd64 usb-storage-modules-4.19.0-9-amd64-di | 4.19.118-2+deb10u1 | amd64 xfs-modules-4.19.0-9-amd64-di | 4.19.118-2+deb10u1 | amd64 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux-signed-amd64) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 26 Sep 2020 09:10:33 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: ata-modules-4.19.0-9-arm64-di | 4.19.118-2+deb10u1 | arm64 btrfs-modules-4.19.0-9-arm64-di | 4.19.118-2+deb10u1 | arm64 cdrom-core-modules-4.19.0-9-arm64-di | 4.19.118-2+deb10u1 | arm64 compress-modules-4.19.0-9-arm64-di | 4.19.118-2+deb10u1 | arm64 crc-modules-4.19.0-9-arm64-di | 4.19.118-2+deb10u1 | arm64 crypto-dm-modules-4.19.0-9-arm64-di | 4.19.118-2+deb10u1 | arm64 crypto-modules-4.19.0-9-arm64-di | 4.19.118-2+deb10u1 | arm64 efi-modules-4.19.0-9-arm64-di | 4.19.118-2+deb10u1 | arm64 event-modules-4.19.0-9-arm64-di | 4.19.118-2+deb10u1 | arm64 ext4-modules-4.19.0-9-arm64-di | 4.19.118-2+deb10u1 | arm64 fat-modules-4.19.0-9-arm64-di | 4.19.118-2+deb10u1 | arm64 fb-modules-4.19.0-9-arm64-di | 4.19.118-2+deb10u1 | arm64 fuse-modules-4.19.0-9-arm64-di | 4.19.118-2+deb10u1 | arm64 i2c-modules-4.19.0-9-arm64-di | 4.19.118-2+deb10u1 | arm64 input-modules-4.19.0-9-arm64-di | 4.19.118-2+deb10u1 | arm64 isofs-modules-4.19.0-9-arm64-di | 4.19.118-2+deb10u1 | arm64 jfs-modules-4.19.0-9-arm64-di | 4.19.118-2+deb10u1 | arm64 kernel-image-4.19.0-9-arm64-di | 4.19.118-2+deb10u1 | arm64 leds-modules-4.19.0-9-arm64-di | 4.19.118-2+deb10u1 | arm64 linux-image-4.19.0-9-arm64 | 4.19.118-2+deb10u1 | arm64 linux-image-4.19.0-9-rt-arm64 | 4.19.118-2+deb10u1 | arm64 loop-modules-4.19.0-9-arm64-di | 4.19.118-2+deb10u1 | arm64 md-modules-4.19.0-9-arm64-di | 4.19.118-2+deb10u1 | arm64 mmc-modules-4.19.0-9-arm64-di | 4.19.118-2+deb10u1 | arm64 mtd-core-modules-4.19.0-9-arm64-di | 4.19.118-2+deb10u1 | arm64 multipath-modules-4.19.0-9-arm64-di | 4.19.118-2+deb10u1 | arm64 nbd-modules-4.19.0-9-arm64-di | 4.19.118-2+deb10u1 | arm64 nic-modules-4.19.0-9-arm64-di | 4.19.118-2+deb10u1 | arm64 nic-shared-modules-4.19.0-9-arm64-di | 4.19.118-2+deb10u1 | arm64 nic-usb-modules-4.19.0-9-arm64-di | 4.19.118-2+deb10u1 | arm64 nic-wireless-modules-4.19.0-9-arm64-di | 4.19.118-2+deb10u1 | arm64 ppp-modules-4.19.0-9-arm64-di | 4.19.118-2+deb10u1 | arm64 sata-modules-4.19.0-9-arm64-di | 4.19.118-2+deb10u1 | arm64 scsi-core-modules-4.19.0-9-arm64-di | 4.19.118-2+deb10u1 | arm64 scsi-modules-4.19.0-9-arm64-di | 4.19.118-2+deb10u1 | arm64 scsi-nic-modules-4.19.0-9-arm64-di | 4.19.118-2+deb10u1 | arm64 squashfs-modules-4.19.0-9-arm64-di | 4.19.118-2+deb10u1 | arm64 udf-modules-4.19.0-9-arm64-di | 4.19.118-2+deb10u1 | arm64 uinput-modules-4.19.0-9-arm64-di | 4.19.118-2+deb10u1 | arm64 usb-modules-4.19.0-9-arm64-di | 4.19.118-2+deb10u1 | arm64 usb-serial-modules-4.19.0-9-arm64-di | 4.19.118-2+deb10u1 | arm64 usb-storage-modules-4.19.0-9-arm64-di | 4.19.118-2+deb10u1 | arm64 xfs-modules-4.19.0-9-arm64-di | 4.19.118-2+deb10u1 | arm64 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux-signed-arm64) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 26 Sep 2020 09:10:47 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: acpi-modules-4.19.0-9-686-di | 4.19.118-2+deb10u1 | i386 acpi-modules-4.19.0-9-686-pae-di | 4.19.118-2+deb10u1 | i386 ata-modules-4.19.0-9-686-di | 4.19.118-2+deb10u1 | i386 ata-modules-4.19.0-9-686-pae-di | 4.19.118-2+deb10u1 | i386 btrfs-modules-4.19.0-9-686-di | 4.19.118-2+deb10u1 | i386 btrfs-modules-4.19.0-9-686-pae-di | 4.19.118-2+deb10u1 | i386 cdrom-core-modules-4.19.0-9-686-di | 4.19.118-2+deb10u1 | i386 cdrom-core-modules-4.19.0-9-686-pae-di | 4.19.118-2+deb10u1 | i386 compress-modules-4.19.0-9-686-di | 4.19.118-2+deb10u1 | i386 compress-modules-4.19.0-9-686-pae-di | 4.19.118-2+deb10u1 | i386 crc-modules-4.19.0-9-686-di | 4.19.118-2+deb10u1 | i386 crc-modules-4.19.0-9-686-pae-di | 4.19.118-2+deb10u1 | i386 crypto-dm-modules-4.19.0-9-686-di | 4.19.118-2+deb10u1 | i386 crypto-dm-modules-4.19.0-9-686-pae-di | 4.19.118-2+deb10u1 | i386 crypto-modules-4.19.0-9-686-di | 4.19.118-2+deb10u1 | i386 crypto-modules-4.19.0-9-686-pae-di | 4.19.118-2+deb10u1 | i386 efi-modules-4.19.0-9-686-di | 4.19.118-2+deb10u1 | i386 efi-modules-4.19.0-9-686-pae-di | 4.19.118-2+deb10u1 | i386 event-modules-4.19.0-9-686-di | 4.19.118-2+deb10u1 | i386 event-modules-4.19.0-9-686-pae-di | 4.19.118-2+deb10u1 | i386 ext4-modules-4.19.0-9-686-di | 4.19.118-2+deb10u1 | i386 ext4-modules-4.19.0-9-686-pae-di | 4.19.118-2+deb10u1 | i386 fat-modules-4.19.0-9-686-di | 4.19.118-2+deb10u1 | i386 fat-modules-4.19.0-9-686-pae-di | 4.19.118-2+deb10u1 | i386 fb-modules-4.19.0-9-686-di | 4.19.118-2+deb10u1 | i386 fb-modules-4.19.0-9-686-pae-di | 4.19.118-2+deb10u1 | i386 firewire-core-modules-4.19.0-9-686-di | 4.19.118-2+deb10u1 | i386 firewire-core-modules-4.19.0-9-686-pae-di | 4.19.118-2+deb10u1 | i386 fuse-modules-4.19.0-9-686-di | 4.19.118-2+deb10u1 | i386 fuse-modules-4.19.0-9-686-pae-di | 4.19.118-2+deb10u1 | i386 i2c-modules-4.19.0-9-686-di | 4.19.118-2+deb10u1 | i386 i2c-modules-4.19.0-9-686-pae-di | 4.19.118-2+deb10u1 | i386 input-modules-4.19.0-9-686-di | 4.19.118-2+deb10u1 | i386 input-modules-4.19.0-9-686-pae-di | 4.19.118-2+deb10u1 | i386 isofs-modules-4.19.0-9-686-di | 4.19.118-2+deb10u1 | i386 isofs-modules-4.19.0-9-686-pae-di | 4.19.118-2+deb10u1 | i386 jfs-modules-4.19.0-9-686-di | 4.19.118-2+deb10u1 | i386 jfs-modules-4.19.0-9-686-pae-di | 4.19.118-2+deb10u1 | i386 kernel-image-4.19.0-9-686-di | 4.19.118-2+deb10u1 | i386 kernel-image-4.19.0-9-686-pae-di | 4.19.118-2+deb10u1 | i386 linux-image-4.19.0-9-686 | 4.19.118-2+deb10u1 | i386 linux-image-4.19.0-9-686-pae | 4.19.118-2+deb10u1 | i386 linux-image-4.19.0-9-rt-686-pae | 4.19.118-2+deb10u1 | i386 loop-modules-4.19.0-9-686-di | 4.19.118-2+deb10u1 | i386 loop-modules-4.19.0-9-686-pae-di | 4.19.118-2+deb10u1 | i386 md-modules-4.19.0-9-686-di | 4.19.118-2+deb10u1 | i386 md-modules-4.19.0-9-686-pae-di | 4.19.118-2+deb10u1 | i386 mmc-core-modules-4.19.0-9-686-di | 4.19.118-2+deb10u1 | i386 mmc-core-modules-4.19.0-9-686-pae-di | 4.19.118-2+deb10u1 | i386 mmc-modules-4.19.0-9-686-di | 4.19.118-2+deb10u1 | i386 mmc-modules-4.19.0-9-686-pae-di | 4.19.118-2+deb10u1 | i386 mouse-modules-4.19.0-9-686-di | 4.19.118-2+deb10u1 | i386 mouse-modules-4.19.0-9-686-pae-di | 4.19.118-2+deb10u1 | i386 mtd-core-modules-4.19.0-9-686-di | 4.19.118-2+deb10u1 | i386 mtd-core-modules-4.19.0-9-686-pae-di | 4.19.118-2+deb10u1 | i386 multipath-modules-4.19.0-9-686-di | 4.19.118-2+deb10u1 | i386 multipath-modules-4.19.0-9-686-pae-di | 4.19.118-2+deb10u1 | i386 nbd-modules-4.19.0-9-686-di | 4.19.118-2+deb10u1 | i386 nbd-modules-4.19.0-9-686-pae-di | 4.19.118-2+deb10u1 | i386 nic-modules-4.19.0-9-686-di | 4.19.118-2+deb10u1 | i386 nic-modules-4.19.0-9-686-pae-di | 4.19.118-2+deb10u1 | i386 nic-pcmcia-modules-4.19.0-9-686-di | 4.19.118-2+deb10u1 | i386 nic-pcmcia-modules-4.19.0-9-686-pae-di | 4.19.118-2+deb10u1 | i386 nic-shared-modules-4.19.0-9-686-di | 4.19.118-2+deb10u1 | i386 nic-shared-modules-4.19.0-9-686-pae-di | 4.19.118-2+deb10u1 | i386 nic-usb-modules-4.19.0-9-686-di | 4.19.118-2+deb10u1 | i386 nic-usb-modules-4.19.0-9-686-pae-di | 4.19.118-2+deb10u1 | i386 nic-wireless-modules-4.19.0-9-686-di | 4.19.118-2+deb10u1 | i386 nic-wireless-modules-4.19.0-9-686-pae-di | 4.19.118-2+deb10u1 | i386 pata-modules-4.19.0-9-686-di | 4.19.118-2+deb10u1 | i386 pata-modules-4.19.0-9-686-pae-di | 4.19.118-2+deb10u1 | i386 pcmcia-modules-4.19.0-9-686-di | 4.19.118-2+deb10u1 | i386 pcmcia-modules-4.19.0-9-686-pae-di | 4.19.118-2+deb10u1 | i386 pcmcia-storage-modules-4.19.0-9-686-di | 4.19.118-2+deb10u1 | i386 pcmcia-storage-modules-4.19.0-9-686-pae-di | 4.19.118-2+deb10u1 | i386 ppp-modules-4.19.0-9-686-di | 4.19.118-2+deb10u1 | i386 ppp-modules-4.19.0-9-686-pae-di | 4.19.118-2+deb10u1 | i386 sata-modules-4.19.0-9-686-di | 4.19.118-2+deb10u1 | i386 sata-modules-4.19.0-9-686-pae-di | 4.19.118-2+deb10u1 | i386 scsi-core-modules-4.19.0-9-686-di | 4.19.118-2+deb10u1 | i386 scsi-core-modules-4.19.0-9-686-pae-di | 4.19.118-2+deb10u1 | i386 scsi-modules-4.19.0-9-686-di | 4.19.118-2+deb10u1 | i386 scsi-modules-4.19.0-9-686-pae-di | 4.19.118-2+deb10u1 | i386 scsi-nic-modules-4.19.0-9-686-di | 4.19.118-2+deb10u1 | i386 scsi-nic-modules-4.19.0-9-686-pae-di | 4.19.118-2+deb10u1 | i386 serial-modules-4.19.0-9-686-di | 4.19.118-2+deb10u1 | i386 serial-modules-4.19.0-9-686-pae-di | 4.19.118-2+deb10u1 | i386 sound-modules-4.19.0-9-686-di | 4.19.118-2+deb10u1 | i386 sound-modules-4.19.0-9-686-pae-di | 4.19.118-2+deb10u1 | i386 speakup-modules-4.19.0-9-686-di | 4.19.118-2+deb10u1 | i386 speakup-modules-4.19.0-9-686-pae-di | 4.19.118-2+deb10u1 | i386 squashfs-modules-4.19.0-9-686-di | 4.19.118-2+deb10u1 | i386 squashfs-modules-4.19.0-9-686-pae-di | 4.19.118-2+deb10u1 | i386 udf-modules-4.19.0-9-686-di | 4.19.118-2+deb10u1 | i386 udf-modules-4.19.0-9-686-pae-di | 4.19.118-2+deb10u1 | i386 uinput-modules-4.19.0-9-686-di | 4.19.118-2+deb10u1 | i386 uinput-modules-4.19.0-9-686-pae-di | 4.19.118-2+deb10u1 | i386 usb-modules-4.19.0-9-686-di | 4.19.118-2+deb10u1 | i386 usb-modules-4.19.0-9-686-pae-di | 4.19.118-2+deb10u1 | i386 usb-serial-modules-4.19.0-9-686-di | 4.19.118-2+deb10u1 | i386 usb-serial-modules-4.19.0-9-686-pae-di | 4.19.118-2+deb10u1 | i386 usb-storage-modules-4.19.0-9-686-di | 4.19.118-2+deb10u1 | i386 usb-storage-modules-4.19.0-9-686-pae-di | 4.19.118-2+deb10u1 | i386 xfs-modules-4.19.0-9-686-di | 4.19.118-2+deb10u1 | i386 xfs-modules-4.19.0-9-686-pae-di | 4.19.118-2+deb10u1 | i386 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux-signed-i386) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 26 Sep 2020 09:11:23 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: linux-headers-4.19.0-9-common | 4.19.118-2+deb10u1 | all linux-headers-4.19.0-9-common-rt | 4.19.118-2+deb10u1 | all linux-support-4.19.0-9 | 4.19.118-2+deb10u1 | all ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux - based on source metadata) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 26 Sep 2020 08:52:40 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: libstd-rust-1.34 | 1.34.2+dfsg1-1 | amd64, arm64, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by rustc - based on source metadata) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 26 Sep 2020 08:54:18 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: librust-cbindgen-dev | 0.8.7-1 | amd64, arm64, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by rustc - based on source metadata) ---------------------------------------------- ========================================================================= apache2 (2.4.38-3+deb10u4) buster-security; urgency=high . * Import http2 modules from 2.4.46 (Closes: CVE-2020-9490, CVE-2020-11993) * Fix error out on HTTP header larger than 16K (Closes: CVE-2020-11984) * Fix bad regexp in mod_rewrite (Closes: CVE-2020-1927) * Fix uninitialized memory when proxying to a malicious FTP server (Closes: CVE-2020-1934) arch-test (0.15-2+deb10u1) buster; urgency=medium . * Fix s390x detection sometimes failing (Alexander Efremkin). ark (4:18.08.3-1+deb10u2) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * Pass the ARCHIVE_EXTRACT_SECURE_SYMLINKS flag to libarchive (CVE-2020-24654) (Closes: #969437) ark (4:18.08.3-1+deb10u1) buster-security; urgency=medium . * CVE-2020-16116 asterisk (1:16.2.1~dfsg-1+deb10u2) buster; urgency=medium . * CVE-2019-15297: AST-2019-004 Crash when negotiating for T.38 with a declined stream (Closes: #940060) * CVE-2019-18790: AST-2019-006 SIP request can change address of a SIP peer (Closes: #947381) * CVE-2019-18610: AST-2019-007 AMI user could execute system commands (Closes: #947377) * Fix use-after-free with TEST_FRAMEWORK enabled (Closes: #966334) * Fix segfault in pjsip show history with IPv6 peers (Closes: #882145) bacula (9.4.2-2+deb10u1) buster; urgency=medium . * Backport fix from upstream for CVE-2020-11061: oversized digest strings allow a malicious client to cause a heap overflow in the director's memory base-files (10.3+deb10u6) buster; urgency=medium . * Change /etc/debian_version to 10.6, for Debian 10.6 point release. bind9 (1:9.11.5.P4+dfsg-5.1+deb10u2) buster-security; urgency=high . [ Salvatore Bonaccorso ] * [CVE-2020-8622] Properly handle malformed truncated responses to TSIG queries * [CVE-2020-8623] Fix crash in pk11_numbits() with crafted packet when native-pkcs11 is used * Wait more than 1 second for NSEC3 chain changes * [CVE-2020-8624] Fix processing of "update-policy" rules of type "subdomain" (Closes: #966497) . [ Ondřej Surý ] * [CVE-2020-8619]: It was possible to trigger a INSIST when a zone with interior (non-leaf) wildcard label calamares-settings-debian (10.0.20-1+deb10u4) buster; urgency=medium . * Disable displaymanager module, reverting the change from deb10u2 (Closes: #968267) cargo (0.43.1-3~deb10u1) buster; urgency=medium . * Non-maintainer upload. * Backport to buster. * Vendor libgit2, the system one is too old. * Revert changes to the cargo wrapper: use debian/DEB_CARGO_PACKAGE rather than DESTDIR as the latter is not automatically set by buster's debhelper. * Bump build-dependency on rustc to 1.41. cargo (0.43.1-2) unstable; urgency=medium . * cargo-debian-wrapper: don't install /usr/.crates2.json. (Closes: #958301) cargo (0.43.1-1) unstable; urgency=medium . [ Fabian Grünbichler ] * New upstream release. cargo (0.40.0-3) unstable; urgency=medium . * debian cargo wrapper: drop DEB_CARGO_PACKAGE in favour of the more standardised DESTDIR. * Experimental riscv64 support. cargo (0.40.0-2) unstable; urgency=medium . * Restore patch for pkg-config crate to auto-detect Debian cross-compiling. * Add patch for backtrace-sys to auto-detect Debian cross-compiling. cargo (0.40.0-1) unstable; urgency=medium . [ Sylvestre Ledru ] * Ship the zsh completion (Closes: #941437) . [ Ximin Luo ] * New upstream release. cargo (0.37.0-3) unstable; urgency=medium . * Update 2001_more_portable_rustflags.patch, fixes mips FTBFS cargo (0.37.0-2) unstable; urgency=medium . * Bump serde vendored crate version up to 1.0.96 to avoid issue when compiling with atomics (the default). cargo (0.37.0-1) unstable; urgency=medium . * New upstream release. chocolate-doom (3.0.0-4+deb10u1) buster; urgency=medium . * CVE-2020-14983 chrony (3.4-4+deb10u1) buster; urgency=medium . * debian/patches/: - Add create-new-file-when-writing-pidfile.patch to prevent symlink race when writing to PID file (CVE-2020-14367). . * debian/tests/: - Fix a regression when running upstream-simulation-test-suite autopkgtest on Buster. . [ Matt Corallo ] * debian/usr.sbin.chronyd: - Fix temperature reading. (Closes: #970421) debian-installer (20190702+deb10u6) buster; urgency=medium . * Bump Linux ABI to 4.19.0-11. debian-installer-netboot-images (20190702+deb10u6) buster; urgency=medium . * Update to 20190702+deb10u6, from buster-proposed-updates. diaspora-installer (0.7.6.1+debian1+deb10u1) buster; urgency=medium . * Use --frozen option to bundle install to use upstream Gemfile.lock * Don't exclude Gemfile.lock during upgrades * Don't overiwrite config/oidc_key.pem during upgrades * Make config/schedule.yml writeable (Closes: #926968) dojo (1.14.2+dfsg1-1+deb10u2) buster; urgency=medium . * Team upload * Fix prototype pollution in deepCopy method (Closes: #953585, CVE-2020-5258) * Fix Prototype Pollution in jqMix method (Closes: #953587, CVE-2020-5259) dovecot (1:2.3.4.1-5+deb10u4) buster; urgency=medium . * Import upstream fix for dsync sieve filter sync regression (Closes: #930919) * userdb-passwd: Fix getpwent errno handling (Closes: #928492) dovecot (1:2.3.4.1-5+deb10u3) buster-security; urgency=high . * Fix CVE-2020-12100 - Receiving mail with deeply nested MIME parts leads to resource exhaustion as Dovecot attempts to parse it. * CVE-2020-12673 - Dovecot's NTLM implementation does not correctly check message buffer size, which leads to reading past allocation which can lead to crash. * CVE-2020-12674 - Dovecot's RPA mechanism implementation accepts zero-length message, which leads to assert-crash later on. facter (3.11.0-2+deb10u2) buster; urgency=medium . * Change Google GCE Metadata endpoint from "v1beta1" to "v1". Adds patch debian/patches/FACT-2018-update-gce-metadata-endpoint.patch (Closes: #966374) firefox-esr (68.12.0esr-1~deb10u1) buster-security; urgency=medium . * New upstream release * Fixes for mfsa2020-37, also known as CVE-2020-15664 and CVE-2020-15669. firefox-esr (68.11.0esr-1) unstable; urgency=medium . * New upstream release * Fixes for mfsa2020-31, also known as: CVE-2020-15652, CVE-2020-6514, CVE-2020-6463, CVE-2020-15659. firefox-esr (68.11.0esr-1~deb10u1) buster-security; urgency=medium . * New upstream release * Fixes for mfsa2020-31, also known as: CVE-2020-15652, CVE-2020-6514, CVE-2020-6463, CVE-2020-15659. firefox-esr (68.10.0esr-1) unstable; urgency=medium . * New upstream release * Fixes for mfsa2020-25, also known as: CVE-2020-12417, CVE-2020-12418, CVE-2020-12419, CVE-2020-12420, CVE-2020-12421. firejail (0.9.58.2-2+deb10u1) buster-security; urgency=high . * Import security fixes for CVE-2020-17367 and CVE-2020-17368: - don't interpret output arguments after end-of-options tag - don't pass command line through shell when redirecting output ghostscript (9.27~dfsg-2+deb10u4) buster-security; urgency=medium . * CVE-2020-16287 CVE-2020-16288 CVE-2020-16289 CVE-2020-16290 * CVE-2020-16291 CVE-2020-16292 CVE-2020-16293 CVE-2020-16294 * CVE-2020-16295 CVE-2020-16296 CVE-2020-17538 CVE-2020-16297 * CVE-2020-16298 CVE-2020-16299 CVE-2020-16300 CVE-2020-16301 * CVE-2020-16302 CVE-2020-16303 CVE-2020-16304 CVE-2020-16305 * CVE-2020-16306 CVE-2020-16307 CVE-2020-16308 CVE-2020-16309 * CVE-2020-16310 gnome-maps (3.30.3.1-0+deb10u1) buster; urgency=medium . * Non-maintainer upload * New upstream release - Make the shape layer renderer use the tile size specified in the dynamic service file, fixing an issue with misaligned shape layer (GeoJSON, GPX, KML) rendering with the new 512 pixel tile - Update Icelandic translation gnome-shell (3.30.2-11~deb10u2) buster; urgency=medium . * Team upload . [ Mike Gabriel ] * debian/patches: + Add loginDialog-*_CVE-2020-17498.patch. loginDialog: Reset auth prompt on vt switch before fade in. (Closes: #968311. CVE-2020-17489). gnome-weather (3.26.0-6~deb10u1) buster; urgency=medium . * Team upload * Upload to stable to fix #935090 * d/gbp.conf: Set packaging and upstream branches for Debian 10 stable updates . gnome-weather (3.26.0-6) unstable; urgency=medium . * Team upload * d/p/app-Use-find_nearest_city-instead-of-new_detached.patch, d/p/shared-world.js-don-t-use-detached-location-from-settings.patch: Add patches from version 3.32.1 to prevent a crash when the locations configured are invalid. In particular, this is a prerequisite for correcting the airport code for Lima in #935075, because otherwise, gnome-weather would read the old airport code from dconf on startup, and crash. Thanks to Diego Escalante Urrelo. (Closes: #935090) * d/gbp.conf: Set packaging branch to debian/unstable. debian/master is now tracking newer GNOME releases. grunt (1.0.1-8+deb10u1) buster; urgency=medium . * Team upload * Use `safeLoad` for loading YML files via `file.readYAML` (Closes: #969668, CVE-2020-7729) gssdp (1.0.5-0+deb10u1) buster; urgency=medium . * New upstream stable release. * Add get_address_mask needed by gupnp for the CVE-2020-12695 fix. gupnp (1.0.5-0+deb10u1) buster; urgency=medium . * New upstream stable release. * CVE-2020-12695: CallStranger prevention. + Needs GSSDP 1.0.5. * Fix a UAF in the CVE-2020-12695 changes. haproxy (1.8.19-1+deb10u3) buster; urgency=medium . * d/logrotate.conf: use rsyslog helper instead of SysV init script. Closes: #946973. * d/patches: reject messages where "chunked" is missing from transfer-encoding. CVE-2019-18277. icinga2 (2.10.3-2+deb10u1) buster; urgency=medium . * Team upload. * Update branch in gbp.conf & Vcs-Git URL. * Add upstream patch to fix CVE-2020-14004. (closes: #970252) icingaweb2 (2.6.2-3+deb10u1) buster-security; urgency=high . * Team upload. * Update branch in gbp.conf & Vcs-Git URL. * Add upstream patch to fix CVE-2020-24368. (closes: #968833) incron (0.5.12-1+deb10u1) buster; urgency=medium . * Add a patch to fix cleanup of zombie processes (Closes: #930526) inetutils (2:1.9.4-7+deb10u1) buster; urgency=medium . * CVE-2020-10188 (Closes: #956084) inspircd (2.0.27-1+deb10u1) buster-security; urgency=high . * Patch denial-of-service security vulnerabilities (Closes: #960650) + in m_mysql (CVE-2019-20917 / InspIRCd Security Advisory 2019-02) + in m_pgsql (CVE-2020-25269 / InspIRCd Security Advisory 2020-01) json-c (0.12.1+ds-2+deb10u1) buster-security; urgency=high . * d/patches/611.patch: Add upstream patch to fix CVE-2020-12762 lemonldap-ng (2.0.2+ds-7+deb10u5) buster-security; urgency=high . * Fix Nginx configuration files in documentation (Closes: CVE-2020-24660) * Add debian/NEWS entry libcommons-compress-java (1.18-2+deb10u1) buster; urgency=medium . * Team upload. * Add patch for CVE-2019-12402 (Closes: #939610) libdbi-perl (1.642-1+deb10u1) buster; urgency=medium . * Fix memory corruption in XS functions when Perl stack is reallocated (Closes: CVE-2020-14392) * Fix a buffer overflow on an overlong DBD class name (Closes: CVE-2020-14393) * Fix a NULL profile dereference in dbi_profile() (Closes: CVE-2019-20919) libvncserver (0.9.11+dfsg-1.3+deb10u4) buster; urgency=medium . * CVE-2019-20839: libvncclient: bail out if unix socket name would overflow. * CVE-2020-14397: libvncserver: add missing NULL pointer checks. * CVE-2020-14399: libvncclient: fix pointer aliasing/alignment issue. * CVE-2020-14400: libvncserver: fix pointer aliasing/alignment issue. * CVE-2020-14401: libvncserver: scale: cast to 64 bit before shifting. * CVE-2020-14402, CVE-2020-14403, CVE-2020-14404: libvncserver: encodings: prevent OOB accesses. * CVE-2020-14405: libvncclient/rfbproto: limit max textchat size. libx11 (2:1.6.7-1+deb10u1) buster; urgency=medium . * CVE-2020-14344 * CVE-2020-14363 (Closes: #969008) lighttpd (1.4.53-4+deb10u1) buster; urgency=high . [ Glenn Strauss ] * QA upload. * backport security, bug, portability fixes from lighttpd 1.4.54, 1.4.55 + mod_evhost, mod_flv_streaming: [regression] %0 pattern does not match hostnames without the domain part https://redmine.lighttpd.net/issues/2932 + mod_magnet: Lighttpd crashes on wrong return type in lua script https://redmine.lighttpd.net/issues/2938 + failed assertion on incoming bad request with server.error-handler https://redmine.lighttpd.net/issues/2941 + mod_wstunnel: fix wstunnel.ping-interval for big-endian architectures https://redmine.lighttpd.net/issues/2944 + fix abort in server.http-parseopts with url-path-2f-decode enabled https://redmine.lighttpd.net/issues/2945 + remove repeated slashes in server.http-parseopts with url-path-dotseg-remove, including leading "//" + [regression][Bisected] lighttpd uses way more memory with POST since 1.4.52 https://redmine.lighttpd.net/issues/2948 (closes: #954759) + OPTIONS should return 2xx status for non-existent resources if Allow is set https://redmine.lighttpd.net/issues/2939 + use high precision stat timestamp (on systems where available) in etag + mod_authn_ldap/mod_cgi race condition, "Can't contact LDAP server" https://redmine.lighttpd.net/issues/2940 + SUN_LEN in sock_addr.c (1.4.53, 1.4.54) https://redmine.lighttpd.net/issues/2962 + Embedded vim command line in conf file with no comment (#) hangs server https://redmine.lighttpd.net/issues/2980 + mod_authn_gssapi: 500 if fail to delegate creds https://redmine.lighttpd.net/issues/2967 + mod_authn_gssapi: option to store delegated creds https://redmine.lighttpd.net/issues/2967 + mod_auth: require digest uri= match original URI HTTP digest authentication not compatible with some clients https://redmine.lighttpd.net/issues/2974 + mod_auth: send Authentication-Info nextnonce when nonce is approaching expiration + mod_auth: http_auth_const_time_memeq improvement + mod_auth: http_auth_const_time_memeq_pad() + mod_auth: use constant time comparison when comparing digests + stricter request header parsing: reject WS following header field-name https://redmine.lighttpd.net/issues/2985 + stricter request header parsing: reject Transfer-Encoding + Content-Length https://redmine.lighttpd.net/issues/2985 + mod_openssl: reject invalid ALPN + mod_accesslog: parse multiple cookies https://redmine.lighttpd.net/issues/2986 + preserve %2b and %2B in query string https://redmine.lighttpd.net/issues/2999 + mod_auth: close connection after bad password mitigation slows down brute force password attacks https://redmine.lighttpd.net/boards/3/topics/8885 + do not accept() > server.max-connections + update /var/run -> /run for systemd (closes: #929203) lilypond (2.19.81+really-2.18.2-13+deb10u1) buster-security; urgency=medium . * Disable embedded-postscript and embedded-svg in safe mode linux (4.19.146-1) buster; urgency=medium . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.133 - [s390x] KVM: s390: reduce number of IO pins to 1 - regmap: fix alignment issue - [arm64,armhf] drm/tegra: hub: Do not enable orphaned window group - [arm64,armhf] gpu: host1x: Detach driver on unregister - spi: spidev: fix a race between spidev_release and spidev_remove - spi: spidev: fix a potential use-after-free in spidev_release() - ixgbe: protect ring accesses with READ- and WRITE_ONCE - i40e: protect ring accesses with READ- and WRITE_ONCE - [x86] drm: panel-orientation-quirks: Add quirk for Asus T101HA panel - [x86] drm: panel-orientation-quirks: Use generic orientation-data for Acer S1003 - cifs: update ctime and mtime during truncate - [armhf] imx6: add missing put_device() call in imx6q_suspend_init() - scsi: mptscsih: Fix read sense data size - [arm64] usb: dwc3: pci: Fix reference count leak in dwc3_pci_resume_work - block: release bip in a right way in error path - nvme-rdma: assign completion vector correctly - [x86] entry: Increase entry_stack size to a full page - net: cxgb4: fix return error value in t4_prep_fw - smsc95xx: check return value of smsc95xx_reset - smsc95xx: avoid memory leak in smsc95xx_bind - [arm64] net: hns3: fix use-after-free when doing self test - [x86] ALSA: compress: fix partial_drain completion state - nbd: Fix memory leak in nbd_add_socket - cxgb4: fix all-mask IP address comparison - bnxt_en: fix NULL dereference in case SR-IOV configuration fails - [arm64] net: macb: mark device wake capable when "magic-packet" property present - ALSA: opl3: fix infoleak in opl3 - ALSA: hda - let hs_mic be picked ahead of hp_mic - ALSA: usb-audio: add quirk for MacroSilicon MS2109 - [arm64] KVM: Fix definition of PAGE_HYP_DEVICE - [arm64] KVM: Stop clobbering x0 for HVC_SOFT_RESTART - [x86] KVM: bit 8 of non-leaf PDPEs is not reserved - [x86] KVM: Inject #GP if guest attempts to toggle CR4.LA57 in 64-bit mode - [x86] KVM: Mark CR4.TSD as being possibly owned by the guest - kallsyms: Refactor kallsyms_show_value() to take cred - kernel: module: Use struct_size() helper - module: Refactor section attr into bin attribute - module: Do not expose section addresses to non-CAP_SYSLOG - kprobes: Do not expose probe addresses to non-CAP_SYSLOG - bpf: Check correct cred for CAP_SYSLOG in bpf_dump_raw_ok() - btrfs: fix fatal extent_buffer readahead vs releasepage race - drm/radeon: fix double free - dm: use noio when sending kobject event - [s390x] mm: fix huge pte soft dirty copying https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.134 - perf: Make perf able to build with latest libbfd - genetlink: remove genl_bind - ipv4: fill fl4_icmp_{type,code} in ping_v4_sendmsg - l2tp: remove skb_dst_set() from l2tp_xmit_skb() - llc: make sure applications use ARPHRD_ETHER - net: Added pointer check for dst->ops->neigh_lookup in dst_neigh_lookup_skb - net_sched: fix a memory leak in atm_tc_init() - net: usb: qmi_wwan: add support for Quectel EG95 LTE modem - tcp: fix SO_RCVLOWAT possible hangs under high mem pressure - tcp: make sure listeners don't initialize congestion-control state - tcp: md5: add missing memory barriers in tcp_md5_do_add()/tcp_md5_hash_key() - tcp: md5: do not send silly options in SYNCOOKIES - tcp: md5: refine tcp_md5_do_add()/tcp_md5_hash_key() barriers - tcp: md5: allow changing MD5 keys in all socket states - cgroup: fix cgroup_sk_alloc() for sk_clone_lock() (CVE-2020-14356) (Closes: #966846) - cgroup: Fix sock_cgroup_data on big-endian. - sched: consistently handle layer3 header accesses in the presence of VLANs - vlan: consolidate VLAN parsing code and limit max parsing depth - [arm64] drm/msm: fix potential memleak in error branch - [arm64] alternatives: use subsections for replacement sequences - [arm64,x86] tpm_tis: extra chip->ops check on error path in tpm_tis_core_init - gfs2: read-only mounts should grab the sd_freeze_gl glock - [i386] i2c: eg20t: Load module automatically if ID matches - [arm64] alternatives: don't patch up internal branches - [armhf] iio: mma8452: Add missed iio_device_unregister() call in mma8452_probe() - [armhf] net: dsa: bcm_sf2: Fix node reference count - of: of_mdio: Correct loop scanning logic - Revert "usb/ohci-platform: Fix a warning when hibernating" - [arm64,armhf] Revert "usb/xhci-plat: Set PM runtime as active on resume" - Revert "usb/ehci-platform: Set PM runtime as active on resume" - [arm64,armhf] net: sfp: add support for module quirks - [arm64,armhf] net: sfp: add some quirks for GPON modules - HID: quirks: Remove ITE 8595 entry from hid_have_special_driver - ALSA: usb-audio: Create a registration quirk for Kingston HyperX Amp (0951:16d8) - mmc: sdhci: do not enable card detect interrupt for gpio cd type - ALSA: usb-audio: Rewrite registration quirk handling - [x86] ACPI: video: Use native backlight on Acer Aspire 5783z - ALSA: usb-audio: Add registration quirk for Kingston HyperX Cloud Alpha S - [x86] ACPI: video: Use native backlight on Acer TravelMate 5735Z - ALSA: usb-audio: Add registration quirk for Kingston HyperX Cloud Flight S - [arm64,armhf] phy: sun4i-usb: fix dereference of pointer phy0 before it is null checked - [armhf] spi: spi-sun6i: sun6i_spi_transfer_one(): fix setting of clock rate - [x86] staging: comedi: verify array index is correct before using it - regmap: debugfs: Don't sleep while atomic for fast_io regmaps - [x86] copy_xstate_to_kernel: Fix typo which caused GDB regression - apparmor: ensure that dfa state tables have entries - perf stat: Zero all the 'ena' and 'run' array slot stats for interval mode - [armhf] mtd: rawnand: marvell: Use nand_cleanup() when the device is not yet registered - [armhf] mtd: rawnand: marvell: Fix probe error path - mtd: rawnand: timings: Fix default tR_max and tCCS_min timings - HID: magicmouse: do not set up autorepeat - HID: quirks: Always poll Obins Anne Pro 2 keyboard - HID: quirks: Ignore Simply Automated UPB PIM - ALSA: line6: Perform sanity check for each URB creation - ALSA: line6: Sync the pending work cancel at disconnection - ALSA: usb-audio: Fix race against the error recovery URB submission - [x86] ALSA: hda/realtek - change to suitable link model for ASUS platform - [x86] ALSA: hda/realtek - Enable Speaker for ASUS UX533 and UX534 - [arm*] usb: dwc2: Fix shutdown callback in platform - [arm64,armhf] usb: chipidea: core: add wakeup support for extcon - USB: serial: iuu_phoenix: fix memory corruption - USB: serial: cypress_m8: enable Simply Automated UPB PIM - USB: serial: ch341: add new Product ID for CH340 - USB: serial: option: add GosunCn GM500 series - USB: serial: option: add Quectel EG95 LTE modem - [x86] virt: vbox: Fix VBGL_IOCTL_VMMDEV_REQUEST_BIG and _LOG req numbers to match upstream - [x86] virt: vbox: Fix guest capabilities mask check - [arm64] virtio: virtio_console: add missing MODULE_DEVICE_TABLE() for rproc serial - ovl: inode reference leak in ovl_is_inuse true case. - ovl: relax WARN_ON() when decoding lower directory file handle - ovl: fix unneeded call to ovl_change_flags() - fuse: Fix parameter for FS_IOC_{GET,SET}FLAGS - Revert "zram: convert remaining CLASS_ATTR() to CLASS_ATTR_RO()" (CVE-2020-10781) - [x86] mei: bus: don't clean driver pointer - timer: Prevent base->clk from moving backward - timer: Fix wheel index calculation on last level - [mips*] Fix build for LTS kernel caused by backporting lpj adjustment - hwmon: (emc2103) fix unable to change fan pwm1_enable attribute - [powerpc*] book3s64/pkeys: Fix pkey_access_permitted() for execute disable pkey - [x86] intel_th: pci: Add Jasper Lake CPU support - [x86] intel_th: pci: Add Tiger Lake PCH-H support - [x86] intel_th: pci: Add Emmitsburg PCH support - [x86] intel_th: Fix a NULL dereference when hub driver is not loaded - [arm*] thermal/drivers/cpufreq_cooling: Fix wrong frequency converted from power - [arm64] ptrace: Override SPSR.SS when single-stepping is enabled - [arm64] ptrace: Consistently use pseudo-singlestep exceptions - [arm64] compat: Ensure upper 32 bits of x0 are zero on syscall return - sched: Fix unreliable rseq cpu_id for new tasks - sched/fair: handle case of task_h_load() returning 0 - genirq/affinity: Handle affinity setting on inactive interrupts correctly - printk: queue wake_up_klogd irq_work only if per-CPU areas are ready - libceph: don't omit recovery_deletes in target_copy() - rxrpc: Fix trace string https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.135 - mac80211: allow rx of mesh eapol frames with default rx key - scsi: scsi_transport_spi: Fix function pointer check - net: sky2: initialize return of gm_phy_read - drm/nouveau/i2c/g94-: increase NV_PMGR_DP_AUXCTL_TRANSACTREQ timeout - fuse: fix weird page warning - [x86] irqdomain/treewide: Keep firmware node unconditionally allocated - SUNRPC reverting d03727b248d0 ("NFSv4 fix CLOSE not waiting for direct IO compeletion") - tipc: clean up skb list lock handling on send path - IB/umem: fix reference count leak in ib_umem_odp_get() - uprobes: Change handle_swbp() to send SIGTRAP with si_code=SI_KERNEL, to fix GDB regression - ALSA: info: Drop WARN_ON() from buffer NULL sanity check - btrfs: fix double free on ulist after backref resolution failure - btrfs: fix mount failure caused by race with umount - btrfs: fix page leaks after failure to lock page for delalloc - bnxt_en: Fix race when modifying pause settings. - [x86] hippi: Fix a size used in a 'pci_free_consistent()' in an error handling path - ax88172a: fix ax88172a_unbind() failures - ieee802154: fix one possible memleak in adf7242_probe - [arm64,armhf] drm: sun4i: hdmi: Fix inverted HPD result - [arm64,armhf] net: smc91x: Fix possible memory leak in smc_drv_probe() - bonding: check error value of register_netdevice() immediately - qed: suppress "don't support RoCE & iWARP" flooding on HW init - ipvs: fix the connection sync failed in some cases - bonding: check return value of register_netdevice() in bond_newlink() - serial: exar: Fix GPIO configuration for Sealevel cards based on XR17V35X - [arm64,x86] HID: i2c-hid: add Mediacom FlexBook edge13 to descriptor override - HID: alps: support devices with report id 2 - HID: steam: fixes race in handling device list. - HID: apple: Disable Fn-key key-re-mapping on clone keyboards - [arm64] dmaengine: tegra210-adma: Fix runtime PM imbalance on error - Input: add `SW_MACHINE_COVER` - regmap: dev_get_regmap_match(): fix string comparison - hwmon: (aspeed-pwm-tacho) Avoid possible buffer overflow - [amd64] dmaengine: ioat setting ioat timeout as module parameter - [x86] Input: synaptics - enable InterTouch for ThinkPad X1E 1st gen - [arm64] Use test_tsk_thread_flag() for checking TIF_SINGLESTEP - [arm*] binder: Don't use mmput() from shrinker function. - usb: xhci: Fix ASM2142/ASM3142 DMA addressing - Revert "cifs: Fix the target file was deleted when rename failed." (Closes: #966917) - [x86] staging: wlan-ng: properly check endpoint types - [x86] staging: comedi: addi_apci_1032: check INSN_CONFIG_DIGITAL_TRIG shift - [x86] staging: comedi: ni_6527: fix INSN_CONFIG_DIGITAL_TRIG support - [x86] staging: comedi: addi_apci_1500: check INSN_CONFIG_DIGITAL_TRIG shift - [x86] staging: comedi: addi_apci_1564: check INSN_CONFIG_DIGITAL_TRIG shift - serial: 8250: fix null-ptr-deref in serial8250_start_tx() - fbdev: Detect integer underflow at "struct fbcon_ops"->clear_margins. - vt: Reject zero-sized screen buffer size. - mm/memcg: fix refcount error while moving and swapping - mm: memcg/slab: synchronize access to kmem_cache dying flag using a spinlock - mm: memcg/slab: fix memory leak at non-root kmem_cache destroy - io-mapping: indicate mapping failure - drm/amdgpu: Fix NULL dereference in dpm sysfs handlers - [x86] vmlinux.lds: Page-align end of ..page_aligned sections - [x86] ASoC: rt5670: Add new gpio1_is_ext_spk_en quirk and enable it on the Lenovo Miix 2 10 - dm integrity: fix integrity recalculation that is improperly skipped - ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb - ath9k: Fix regression with Atheros 9271 https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.136 - AX.25: Fix out-of-bounds read in ax25_connect() - AX.25: Prevent out-of-bounds read in ax25_sendmsg() - dev: Defer free of skbs in flush_backlog - ip6_gre: fix null-ptr-deref in ip6gre_init_net() - net-sysfs: add a newline when printing 'tx_timeout' by sysfs - net: udp: Fix wrong clean up for IS_UDPLITE macro - rxrpc: Fix sendmsg() returning EPIPE due to recvmsg() returning ENODATA - tcp: allow at most one TLP probe per flight - AX.25: Prevent integer overflows in connect and sendmsg - sctp: shrink stream outq only when new outcnt < old outcnt - sctp: shrink stream outq when fails to do addstream reconf - udp: Copy has_conns in reuseport_grow(). - udp: Improve load balancing for SO_REUSEPORT. - rtnetlink: Fix memory(net_device) leak when ->newlink fails - regmap: debugfs: check count when read regmap file https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.137 - [x86] crypto: ccp - Release all allocated memory if sha type is invalid (CVE-2019-18808) - media: rc: prevent memory leak in cx23888_ir_probe (CVE-2019-19054) - iio: imu: adis16400: fix memory leak (CVE-2019-19061) - [x86] drm/amdgpu: fix multiple memory leaks in acp_hw_init (CVE-2019-19067) - tracing: Have error path in predicate_parse() free its allocated memory (CVE-2019-19072) - ath9k_htc: release allocated buffer if timed out (CVE-2019-19073) - ath9k: release allocated buffer if timed out (CVE-2019-19074) - drm/amd/display: prevent memory leak (CVE-2019-19082) - btrfs: inode: Verify inode mode to avoid NULL pointer dereference (CVE-2019-19813, CVE-2019-19816) - sctp: implement memory accounting on tx path (CVE-2019-3874) - Btrfs: fix selftests failure due to uninitialized i_mode in test inodes - PCI/ASPM: Disable ASPM on ASMedia ASM1083/1085 PCIe-to-PCI bridge - 9p/trans_fd: Fix concurrency del of req_list in p9_fd_cancelled/p9_read_work - wireless: Use offsetof instead of custom macro. - [armel,armhf] 8986/1: hw_breakpoint: Don't invoke overflow handler on uaccess watchpoints - Revert "drm/amdgpu: Fix NULL dereference in dpm sysfs handlers" - drm/amdgpu: Prevent kernel-infoleak in amdgpu_info_ioctl() - drm: hold gem reference until object is no longer accessed - rds: Prevent kernel-infoleak in rds_notify_queue_get() - xfs: fix missed wakeup on l_flush_wait - xfrm: Fix crash when the hold queue is used. - net/mlx5: Verify Hardware supports requested ptp function on a given pin - net: lan78xx: add missing endpoint sanity check - net: lan78xx: fix transfer-buffer memory leak - mlx4: disable device on shutdown - bpf: Fix map leak in HASH_OF_MAPS map - mac80211: mesh: Free ie data when leaving mesh - mac80211: mesh: Free pending skb when destroying a mpath - [arm64] alternatives: move length validation inside the subsection - [arm64] csum: Fix handling of bad packets - Bluetooth: fix kernel oops in store_pending_adv_report - net/mlx5e: fix bpf_prog reference count leaks in mlx5e_alloc_rq - qed: Disable "MFW indication via attention" SPAM every 5 minutes - [amd64] x86/unwind/orc: Fix ORC for newly forked tasks - cxgb4: add missing release on skb in uld_send() - xen-netfront: fix potential deadlock in xennet_remove() - [x86] KVM: LAPIC: Prevent setting the tscdeadline timer if the lapic is hw disabled - [x86] i8259: Use printk_deferred() to prevent deadlock https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.138 - random32: update the net random state on interrupt and activity (CVE-2020-16166) - [armel] ARM: percpu.h: fix build error - random: fix circular include dependency on arm64 after addition of percpu.h - random32: remove net_rand_state from the latent entropy gcc plugin - random32: move the pseudo-random 32-bit definitions to prandom.h - ext4: fix direct I/O read error https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.139 - USB: serial: qcserial: add EM7305 QDL product ID - USB: iowarrior: fix up report size handling for some devices - usb: xhci: define IDs for various ASMedia host controllers - usb: xhci: Fix ASMedia ASM1142 DMA addressing - Revert "ALSA: hda: call runtime_allow() for all hda controllers" - [arm*] staging: android: ashmem: Fix lockdep warning for write operation - Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt() - Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_evt() - Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_with_rssi_evt() - [arm*] binder: Prevent context manager from incrementing ref 0 - vgacon: Fix for missing check in scrollback handling (CVE-2020-14331) - mtd: properly check all write ioctls for permissions - net/9p: validate fds in p9_fd_open - drm/nouveau/fbcon: fix module unload when fbcon init has failed for some reason - drm/nouveau/fbcon: zero-initialise the mode_cmd2 structure - usb: hso: check for return value in hso_serial_common_create() - firmware: Fix a reference count leak. - cfg80211: check vendor command doit pointer before use - igb: reinit_locked() should be called with rtnl_lock - atm: fix atm_dev refcnt leaks in atmtcp_remove_persistent - tools lib traceevent: Fix memory leak in process_dynamic_array_len - [x86] Drivers: hv: vmbus: Ignore CHANNELMSG_TL_CONNECT_RESULT(23) - xattr: break delegations in {set,remove}xattr - ipv4: Silence suspicious RCU usage warning - ipv6: fix memory leaks on IPV6_ADDRFORM path - vxlan: Ensure FDB dump is performed under RCU - net: lan78xx: replace bogus endpoint lookup - [x86] hv_netvsc: do not use VF device if link is down - net: gre: recompute gre csum for sctp over gre tunnels - [arm64] net: thunderx: use spin_lock_bh in nicvf_set_rx_mode_task() - openvswitch: Prevent kernel-infoleak in ovs_ct_put_key() - Revert "vxlan: fix tos value before xmit" - rxrpc: Fix race between recvmsg and sendmsg on immediate call failure - i40e: add num_vectors checker in iwarp handler - i40e: Wrong truncation from u16 to u8 - i40e: Fix of memory leak and integer truncation in i40e_virtchnl.c - i40e: Memory leak in i40e_config_iwarp_qvlist https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.140 - tracepoint: Mark __tracepoint_string's __used - HID: input: Fix devices that return multiple bytes in battery report - cgroup: add missing skcd->no_refcnt check in cgroup_sk_clone() - [x86] mce/inject: Fix a wrong assignment of i_mce.status - sched/fair: Fix NOHZ next idle balance - sched: correct SD_flags returned by tl->sd_flags() - EDAC: Fix reference count leaks - [x86] platform/x86: intel-hid: Fix return value check in check_acpi_dev() - [x86] platform/x86: intel-vbtn: Fix return value check in check_acpi_dev() - [armhf] drm/tilcdc: fix leak & null ref in panel_connector_get_modes - Bluetooth: add a mutex lock to avoid UAF in do_enale_set - loop: be paranoid on exit and prevent new additions / removals - fs/btrfs: Add cond_resched() for try_release_extent_mapping() stalls - drm/amdgpu: avoid dereferencing a NULL pointer - drm/radeon: Fix reference count leaks caused by pm_runtime_get_sync - [x86] crypto: aesni - Fix build with LLVM_IAS=1 - video: fbdev: neofb: fix memory leak in neo_scan_monitor() - md-cluster: fix wild pointer of unlock_all_bitmaps() - [arm64] dts: hisilicon: hikey: fixes to comply with adi, adv7533 DT binding - [armhf] drm/etnaviv: fix ref count leak via pm_runtime_get_sync - drm/nouveau: fix multiple instances of reference count leaks - drm/debugfs: fix plain echo to connector "force" attribute - drm/radeon: disable AGP by default - mm/mmap.c: Add cond_resched() for exit_mmap() CPU stalls - brcmfmac: keep SDIO watchdog running when console_interval is non-zero - brcmfmac: To fix Bss Info flag definition Bug - brcmfmac: set state of hanger slot to FREE when flushing PSQ - iwlegacy: Check the return value of pcie_capability_read_*() - [arm64,armhf] gpu: host1x: debug: Fix multiple channels emitting messages simultaneously - usb: gadget: net2280: fix memory leak on probe error handling paths - dyndbg: fix a BUG_ON in ddebug_describe_flags - bcache: fix super block seq numbers comparision in register_cache_set() - [arm64,x86] ACPICA: Do not increment operation_region reference counts for field units - [arm64] drm/msm: ratelimit crtc event overflow error - [x86] agp/intel: Fix a memory leak on module initialisation failure - ath10k: Acquire tx_lock in tx error paths - [armhf] drm/etnaviv: Fix error path on failure to enable bus clk - [arm64] drm/arm: fix unintentional integer overflow on left shift - drm/mipi: use dcs write for mipi_dsi_dcs_set_tear_scanline - [powerpc*] cxl: Fix kobject memleak - drm/radeon: fix array out-of-bounds read and write issues - ipvs: allow connection reuse for unconfirmed conntrack - xfs: don't eat an EIO/ENOSPC writeback error when scrubbing data fork - xfs: fix reflink quota reservation accounting error - RDMA/rxe: Skip dgid check in loopback mode - PCI: Fix pci_cfg_wait queue locking problem - leds: core: Flush scheduled work for system suspend - [arm64,armhf] drm: panel: simple: Fix bpc for LG LB070WV8 panel - [armhf] phy: exynos5-usbdrd: Calibrating makes sense only for USB2.0 PHY - scsi: scsi_debug: Add check for sdebug_max_queue during module init - mwifiex: Prevent memory corruption handling keys - [powerpc*] vdso: Fix vdso cpu truncation - RDMA/qedr: SRQ's bug fixes - RDMA/rxe: Prevent access to wr->next ptr afrer wr is posted to send queue - [x86] staging: rtl8192u: fix a dubious looking mask before a shift - PCI/ASPM: Add missing newline in sysfs 'policy' - [powerpc*] book3s64/pkeys: Use PVR check instead of cpu feature - USB: serial: iuu_phoenix: fix led-activity helpers - usb: core: fix quirks_param_set() writing to a const pointer - [armhf] thermal: ti-soc-thermal: Fix reversed condition in ti_thermal_expose_sensor() - [mips*] OCTEON: add missing put_device() call in dwc3_octeon_device_init() - [arm*] usb: dwc2: Fix error path in gadget registration - [arm64,armhf] net: dsa: mv88e6xxx: MV88E6097 does not support jumbo configuration - RDMA/core: Fix return error value in _ib_modify_qp() to negative - Bluetooth: hci_h5: Set HCI_UART_RESET_ON_INIT to correct flags - Bluetooth: hci_serdev: Only unregister device if it was registered - [x86] PCI: Release IVRS table in AMD ACS quirk - [s390x] qeth: don't process empty bridge port events - [arm64,armhf] wl1251: fix always return 0 error - [amd64] net: ethernet: aquantia: Fix wrong return value - liquidio: Fix wrong return value in cn23xx_get_pf_num() - dlm: Fix kobject memleak - ocfs2: fix unbalanced locking - [arm64,armhf] pinctrl-single: fix pcs_parse_pinconf() return value - svcrdma: Fix page leak in svc_rdma_recv_read_chunk() - [x86] fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task - [amd64] crypto: aesni - add compatibility with IAS - af_packet: TPACKET_V3: fix fill status rwlock imbalance - net/nfc/rawsock.c: add CAP_NET_RAW check. - net: Set fput_needed iff FDPUT_FPUT is set - net: refactor bind_bucket fastreuse into helper - net: initialize fastreuse on inet_inherit_port - USB: serial: cp210x: re-enable auto-RTS on open - USB: serial: cp210x: enable usb generic throttle/unthrottle - [x86] ALSA: hda - fix the micmute led status for Lenovo ThinkCentre AIO - ALSA: usb-audio: Creative USB X-Fi Pro SB1095 volume knob support - ALSA: usb-audio: fix overeager device match for MacroSilicon MS2109 - ALSA: usb-audio: work around streaming quirk for MacroSilicon MS2109 - [x86] crypto: qat - fix double free in qat_uclo_create_batch_init_list - [x86] crypto: ccp - Fix use of merged scatterlists - [arm64] crypto: cpt - don't sleep of CRYPTO_TFM_REQ_MAY_SLEEP was not specified - bitfield.h: don't compile-time validate _val in FIELD_FIT - fs/minix: check return value of sb_getblk() - fs/minix: don't allow getting deleted inodes - fs/minix: reject too-large maximum file size - ALSA: usb-audio: add quirk for Pioneer DDJ-RB - 9p: Fix memory leak in v9fs_mount - drm/ttm/nouveau: don't call tt destroy callback on alloc failure. - NFS: Don't move layouts to plh_return_segs list while in use - NFS: Don't return layout segments that are in use - [arm64] cpufreq: dt: fix oops on armada37xx - include/asm-generic/vmlinux.lds.h: align ro_after_init - spi: spidev: Align buffers for DMA - [x86] irqdomain/treewide: Free firmware node after domain removal - xen/balloon: fix accounting in alloc_xenballooned_pages error path - xen/balloon: make the balloon wait interruptible https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.141 - smb3: warn on confusing error scenario with sec=krb5 - genirq/affinity: Make affinity setting if activated opt-in - [arm64,x86] PCI: hotplug: ACPI: Fix context refcounting in acpiphp_grab_context() - PCI: Mark AMD Navi10 GPU rev 0x00 ATS as broken - PCI: Add device even if driver attach failed - [arm64] PCI: qcom: Define some PARF params needed for ipq8064 SoC - [arm64] PCI: qcom: Add support for tx term offset for rev 2.1.0 - PCI: Probe bridge window attributes once at enumeration-time - btrfs: free anon block device right after subvolume deletion - btrfs: don't allocate anonymous block device for user invisible roots - btrfs: ref-verify: fix memory leak in add_block_entry - btrfs: don't traverse into the seed devices in show_devname - btrfs: open device without device_list_mutex - btrfs: fix messages after changing compression level by remount - btrfs: only search for left_info if there is no right_info in try_merge_free_space (CVE-2019-19448) - btrfs: fix memory leaks after failure to lookup checksums during inode logging - btrfs: fix return value mixup in btrfs_get_extent - cifs: Fix leak when handling lease break for cached root fid - [powerpc*] Allow 4224 bytes of stack expansion for the signal frame - [powerpc*] Fix circular dependency between percpu.h and mmu.h - [arm64] net: ethernet: stmmac: Disable hardware multicast filter - [arm64,armhf] net: stmmac: dwmac1000: provide multicast filter fallback - net/compat: Add missing sock updates for SCM_RIGHTS - md/raid5: Fix Force reconstruct-write io stuck in degraded raid5 - bcache: allocate meta data pages as compound pages - bcache: fix overflow in offset_to_stripe() - mac80211: fix misplaced while instead of if - driver core: Avoid binding drivers to dead devices - [mips*] CPU#0 is not hotpluggable - ocfs2: change slot number type s16 to u16 - mm/page_counter.c: fix protection usage propagation - ftrace: Setup correct FTRACE_FL_REGS flags for module - kprobes: Fix NULL pointer dereference at kprobe_ftrace_handler - tracing/hwlat: Honor the tracing_cpumask - tracing: Use trace_sched_process_free() instead of exit() for pid tracing - [x86] watchdog: f71808e_wdt: indicate WDIOF_CARDRESET support in watchdog_info.options - [x86] watchdog: f71808e_wdt: remove use of wrong watchdog_info option - [x86] watchdog: f71808e_wdt: clear watchdog timeout occurred flag - [powerpc*] pseries: Fix 64 bit logical memory block panic - module: Correctly truncate sysfs sections output - [armhf] drm/imx: imx-ldb: Disable both channels for split mode in enc->disable() - RDMA/ipoib: Return void from ipoib_ib_dev_stop() - RDMA/ipoib: Fix ABBA deadlock with ipoib_reap_ah() - USB: serial: ftdi_sio: make process-packet buffer unsigned - USB: serial: ftdi_sio: clean up receive processing - [armhf] gpu: ipu-v3: image-convert: Combine rotate/no-rotate irq handlers - dm rq: don't call blk_mq_queue_stopped() in dm_stop_queue() - [amd64] iommu/vt-d: Enforce PASID devTLB field mask - scsi: lpfc: nvmet: Avoid hang / use-after-free again when destroying targetport - watchdog: initialize device before misc_register - Input: sentelic - fix error return when fsp_reg_write fails - [x86] drm/vmwgfx: Use correct vmw_legacy_display_unit pointer - [x86] drm/vmwgfx: Fix two list_for_each loop exit tests - [arm64] net: qcom/emac: add missed clk_disable_unprepare in error path of emac_clks_phase1_init - nfs: Fix getxattr kernel panic and memory overflow (CVE-2020-25212) - fs/minix: set s_maxbytes correctly - fs/minix: fix block limit check for V1 filesystems - fs/minix: remove expected error message in block_to_path() - fs/ufs: avoid potential u32 multiplication overflow - khugepaged: retract_page_tables() remember to test exit - [arm64] dts: marvell: espressobin: add ethernet alias - [x86] drm: Added orientation quirk for ASUS tablet model T103HAF https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.142 - drm/vgem: Replace opencoded version of drm_gem_dumb_map_offset() - perf probe: Fix memory leakage when the probe point is not found - khugepaged: khugepaged_test_exit() check mmget_still_valid() - khugepaged: adjust VM_BUG_ON_MM() in __khugepaged_enter() - btrfs: export helpers for subvolume name/id resolution - btrfs: don't show full path of bind mounts in subvol= - btrfs: Move free_pages_out label in inline extent handling branch in compress_file_range - btrfs: inode: fix NULL pointer dereference if inode doesn't need compression - btrfs: sysfs: use NOFS for device creation - romfs: fix uninitialized memory leak in romfs_dev_read() - kernel/relay.c: fix memleak on destroy relay channel - mm: include CMA pages in lowmem_reserve at boot - mm, page_alloc: fix core hung in free_pcppages_bulk() - ext4: fix checking of directory entry validity for inline directories - jbd2: add the missing unlock_buffer() in the error path of jbd2_write_superblock() - [s390x] scsi: zfcp: Fix use-after-free in request timeout handlers - kthread: Do not preempt current task if it is going to call schedule() - spi: Prevent adding devices below an unregistering controller - scsi: ufs: Add DELAY_BEFORE_LPM quirk for Micron devices - [arm*] scsi: target: tcmu: Fix crash in tcmu_flush_dcache_range on ARM - media: budget-core: Improve exception handling in budget_register() - Input: psmouse - add a newline when printing 'proto' by sysfs - svcrdma: Fix another Receive buffer leak - xfs: fix inode quota reservation checks - jffs2: fix UAF problem - ceph: fix use-after-free for fsc->mdsc - [x86] cpufreq: intel_pstate: Fix cpuinfo_max_freq when MSR_TURBO_RATIO_LIMIT is 0 - scsi: libfc: Free skb in fc_disc_gpn_id_resp() for valid cases - virtio_ring: Avoid loop when vq is broken in virtqueue_poll - xfs: Fix UBSAN null-ptr-deref in xfs_sysfs_init - fs/signalfd.c: fix inconsistent return codes for signalfd4 - ext4: fix potential negative array index in do_split() (CVE-2020-14314) - ext4: don't allow overlapping system zones - i40e: Set RX_ONLY mode for unicast promiscuous on VLAN - i40e: Fix crash during removing i40e driver - [armhf] net: fec: correct the error path for regulator disable in probe - bonding: show saner speed for broadcast mode - bonding: fix a potential double-unregister - [s390x] runtime_instrumentation: fix storage key handling - [s390x] ptrace: fix storage key handling - [x86] ASoC: intel: Fix memleak in sst_media_open - [amd64,arm64] vfio/type1: Add proper error unwind for vfio_iommu_replay() - [x86] kvm: Toggling CR4.SMAP does not load PDPTEs in PAE mode - [x86] kvm: Toggling CR4.PKE does not load PDPTEs in PAE mode - efi: avoid error message when booting under Xen - afs: Fix NULL deref in afs_dynroot_depopulate() - bonding: fix active-backup failover for current ARP slave - net: ena: Prevent reset after device destruction - [x86] hv_netvsc: Fix the queue_mapping in netvsc_vf_xmit() - [armhf] net: dsa: b53: check for timeout - [powerpc*] pseries: Do not initiate shutdown when system is running on UPS - efi: add missed destroy_workqueue when efisubsys_init fails - epoll: Keep a reference on files added to the check list - do_epoll_ctl(): clean the failure exits up a bit - mm/hugetlb: fix calculation of adjust_range_if_pmd_sharing_possible - xen: don't reschedule in preemption off sections - clk: Evict unregistered clks from parent caches - KVM: Pass MMU notifier range flags to kvm_unmap_hva_range() - [arm64] KVM: Only reschedule if MMU_NOTIFIER_RANGE_BLOCKABLE is not set https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.143 - [powerpc*] 64s: Don't init FSCR_DSCR in __init_FSCR() - gre6: Fix reception with IP6_TNL_F_RCV_DSCP_COPY - net: Fix potential wrong skb->protocol in skb_vlan_untag() - net/smc: Prevent kernel-infoleak in __smc_diag_dump() - tipc: fix uninit skb->data in tipc_nl_compat_dumpit() - net: ena: Make missed_tx stat incremental - ipvlan: fix device features - [x86] mfd: intel-lpss: Add Intel Emmitsburg PCH PCI IDs - [powerpc*] xive: Ignore kmemleak false positives - media: pci: ttpci: av7110: fix possible buffer overflow caused by bad DMA value in debiirq() - blktrace: ensure our debugfs dir exists - scsi: target: tcmu: Fix crash on ARM during cmd completion - [arm*] iommu/iova: Don't BUG on invalid PFNs - [amd64] drm/amdkfd: Fix reference count leaks. - drm/radeon: fix multiple reference count leak - drm/amdgpu: fix ref count leak in amdgpu_driver_open_kms - drm/amd/display: fix ref count leak in amdgpu_drm_ioctl - drm/amdgpu: fix ref count leak in amdgpu_display_crtc_set_config - drm/amdgpu/display: fix ref count leak when pm_runtime_get_sync fails - scsi: lpfc: Fix shost refcount mismatch when deleting vport - xfs: Don't allow logging of XFS_ISTALE inodes - f2fs: fix error path in do_recover_data() - PCI: Fix pci_create_slot() reference count leak - rtlwifi: rtl8192cu: Prevent leaking urb - [mips*] vdso: Fix resource leaks in genvdso.c - cec-api: prevent leaking memory through hole in structure - HID: quirks: add NOGET quirk for Logitech GROUP - f2fs: fix use-after-free issue - drm/nouveau/drm/noveau: fix reference count leak in nouveau_fbcon_open - drm/nouveau: fix reference count leak in nv50_disp_atomic_commit - drm/nouveau: Fix reference count leak in nouveau_connector_detect - btrfs: file: reserve qgroup space after the hole punch range is locked - scsi: iscsi: Do not put host in iscsi_set_flashnode_param() - ceph: fix potential mdsc use-after-free crash - scsi: fcoe: Memory leak fix in fcoe_sysfs_fcf_del() - [x86] EDAC/ie31200: Fallback if host bridge device is already initialized - [arm64] KVM: Fix symbol dependency in __hyp_call_panic_nvhe - USB: sisusbvga: Fix a potential UB casued by left shifting a negative value - [arm64] drm/msm/adreno: fix updating ring fence - nvme-fc: Fix wrong return value in __nvme_fc_init_request() - null_blk: fix passing of REQ_FUA flag in null_handle_rq - jbd2: make sure jh have b_transaction set in refile/unfile_buffer - ext4: don't BUG on inconsistent journal feature - ext4: handle read only external journal device - jbd2: abort journal if free a async write error metadata buffer - ext4: handle option set by mount flags correctly - ext4: handle error of ext4_setup_system_zone() on remount - ext4: correctly restore system zone info when remount fails - fs: prevent BUG_ON in submit_bh_wbc() - [s390x] cio: add cond_resched() in the slow_eval_known_fn() loop - scsi: fcoe: Fix I/O path allocation - scsi: ufs: Fix possible infinite loop in ufshcd_hold - scsi: ufs: Improve interrupt handling for shared interrupts - scsi: ufs: Clean up completed request without interrupt notification - scsi: qla2xxx: Check if FW supports MQ before enabling - scsi: qla2xxx: Fix null pointer access during disconnect from subsystem - Revert "scsi: qla2xxx: Fix crash on qla2x00_mailbox_command" - macvlan: validate setting of multiple remote source MAC addresses - [powerpc*] perf: Fix soft lockups due to missed interrupt accounting - block: loop: set discard granularity and alignment for block device backed loop - [arm64,x86] HID: i2c-hid: Always sleep 60ms after I2C_HID_PWR_ON commands - blk-mq: order adding requests to hctx->dispatch and checking SCHED_RESTART - btrfs: reset compression level for lzo on remount - btrfs: fix space cache memory leak after transaction abort - fbcon: prevent user font height or width change from causing potential out-of-bounds access - vt: defer kfree() of vc_screenbuf in vc_do_resize() - vt_ioctl: change VT_RESIZEX ioctl to check for error return from vc_resize() - [armhf] serial: samsung: Removes the IRQ not found warning - [arm*] serial: pl011: Fix oops on -EPROBE_DEFER - [arm*] serial: pl011: Don't leak amba_ports entry on driver register error - serial: 8250_exar: Fix number of ports for Commtech PCIe cards - serial: 8250: change lock order in serial8250_do_startup() - writeback: Protect inode->i_io_list with inode->i_lock - writeback: Avoid skipping inode writeback - writeback: Fix sync livelock due to b_dirty_time processing - XEN uses irqdesc::irq_data_common::handler_data to store a per interrupt XEN data pointer which contains XEN specific information. - usb: host: xhci: fix ep context print mismatch in debugfs - xhci: Do warm-reset when both CAS and XDEV_RESUME are set - xhci: Always restore EP_SOFT_CLEAR_TOGGLE even if ep reset failed - PM: sleep: core: Fix the handling of pending runtime resume requests - device property: Fix the secondary firmware node handling in set_primary_fwnode() - [x86] genirq/matrix: Deal with the sillyness of for_each_cpu() on UP - drm/amdgpu: Fix buffer overflow in INFO ioctl - USB: yurex: Fix bad gfp argument - USB: quirks: Add no-lpm quirk for another Raydium touchscreen - USB: quirks: Ignore duplicate endpoint on Sound Devices MixPre-D - [armhf] usb: host: ohci-exynos: Fix error handling in exynos_ohci_probe() - USB: gadget: f_ncm: add bounds checks to ncm_unwrap_ntb() - USB: cdc-acm: rework notification_buffer resizing - btrfs: check the right error variable in btrfs_del_dir_entries_in_log - [arm64,armhf] usb: dwc3: gadget: Don't setup more than requested - [arm64,armhf] usb: dwc3: gadget: Fix handling ZLP - [arm64,armhf] usb: dwc3: gadget: Handle ZLP for sg requests - [arm64,x86] tpm: Unify the mismatching TPM space buffer sizes - HID: hiddev: Fix slab-out-of-bounds write in hiddev_ioctl_usage() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.144 - HID: core: Correctly handle ReportSize being zero - HID: core: Sanitize event code and type when mapping input - scsi: target: tcmu: Fix size in calls to tcmu_flush_dcache_range - scsi: target: tcmu: Optimize use of flush_dcache_page - [arm64] drm/msm: add shutdown support for display platform_driver - [x86] hwmon: (applesmc) check status earlier. - nvmet: Disable keep-alive timer when kato is cleared to 0h - [arm64] drm/msm/a6xx: fix gmu start on newer firmware - ceph: don't allow setlease on cephfs - cpuidle: Fixup IRQ state - [s390x] don't trace preemption in percpu macros - xen/xenbus: Fix granting of vmalloc'd memory - dmaengine: of-dma: Fix of_dma_router_xlate's of_dma_xlate handling - batman-adv: Avoid uninitialized chaddr when handling DHCP - batman-adv: bla: use netif_rx_ni when not in interrupt context - [mips*] mm: BMIPS5000 has inclusive physical caches - netfilter: nf_tables: add NFTA_SET_USERDATA if not null - netfilter: nf_tables: incorrect enum nft_list_attributes definition - netfilter: nf_tables: fix destination register zeroing - [arm64] net: hns: Fix memleak in hns_nic_dev_probe - [arm64,armhf] dmaengine: pl330: Fix burst length if burst size is smaller than bus width - gtp: add GTPA_LINK info to msg sent to userspace - bnxt_en: Don't query FW when netif_running() is false. - bnxt_en: Check for zero dir entries in NVRAM. - bnxt_en: Fix PCI AER error recovery flow - bnxt_en: fix HWRM error when querying VF temperature - xfs: fix boundary test in xfs_attr_shortform_verify (CVE-2020-14385) - bnxt: don't enable NAPI until rings are ready - netfilter: nfnetlink: nfnetlink_unicast() reports EAGAIN instead of ENOBUFS - nvmet-fc: Fix a missed _irqsave version of spin_lock in 'nvmet_fc_fod_op_done()' - net: ethernet: mlx4: Fix memory allocation in mlx4_buddy_init() - fix regression in "epoll: Keep a reference on files added to the check list" - xfs: fix xfs_bmap_validate_extent_raw when checking attr fork of rt files - tg3: Fix soft lockup when tg3_reset_task() fails. - [amd64] x86, fakenuma: Fix invalid starting node ID - [amd64] iommu/vt-d: Serialize IOMMU GCMD register modifications - [armhf] thermal: ti-soc-thermal: Fix bogus thermal shutdowns for omap4430 - xfs: don't update mtime on COW faults - btrfs: drop path before adding new uuid tree entry - vfio/type1: Support faulting PFNMAP vmas - vfio-pci: Fault mmaps to enable vma tracking - vfio-pci: Invalidate mmaps and block MMIO access on disabled memory (CVE-2020-12888) - btrfs: Remove redundant extent_buffer_get in get_old_root - btrfs: Remove extraneous extent_buffer_get from tree_mod_log_rewind - btrfs: set the lockdep class for log tree extent buffers - uaccess: Add non-pagefault user-space read functions - uaccess: Add non-pagefault user-space write function - btrfs: fix potential deadlock in the search ioctl - net: usb: qmi_wwan: add Telit 0x1050 composition - usb: qmi_wwan: add D-Link DWM-222 A2 device ID - ALSA: ca0106: fix error code handling - ALSA: pcm: oss: Remove superfluous WARN_ON() for mulaw sanity check - [x86] ALSA: hda/hdmi: always check pin power status in i915 pin fixup - ALSA: firewire-digi00x: exclude Avid Adrenaline from detection - [x86] ALSA: hda - Fix silent audio output and corrupted input on MSI X570-A PRO - media: rc: do not access device via sysfs after rc_unregister_device() - media: rc: uevent sysfs file races with rc_unregister_device() - affs: fix basic permission bits to actually work - block: allow for_each_bvec to support zero len bvec - libata: implement ATA_HORKAGE_MAX_TRIM_128M and apply to Sandisks - dm writecache: handle DAX to partitions on persistent memory correctly - dm cache metadata: Avoid returning cmd->bm wild pointer on error - dm thin metadata: Avoid returning cmd->bm wild pointer on error - mm: slub: fix conversion of freelist_corrupted() - [arm64] KVM: Add kvm_extable for vaxorcism code - [arm64] KVM: Defer guest entry when an asynchronous exception is pending - [arm64] KVM: Survive synchronous exceptions caused by AT instructions - [arm64] KVM: Set HCR_EL2.PTW to prevent AT taking synchronous exception - vfio/pci: Fix SR-IOV VF handling with MMIO blocking - checkpatch: fix the usage of capture group ( ... ) - mm/hugetlb: fix a race between hugetlb sysctl handlers (CVE-2020-25285) - cfg80211: regulatory: reject invalid hints - net: usb: Fix uninit-was-stored issue in asix_read_phy_addr() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.145 - ALSA; firewire-tascam: exclude Tascam FE-8 from detection - block: ensure bdi->io_pages is always initialized - net: usb: dm9601: Add USB ID of Keenetic Plus DSL - sctp: not disable bh in the whole sctp_get_port_local() - tipc: fix shutdown() of connectionless socket - net: disable netpoll on fresh napis - [arm64,armhf] net/mlx5e: Don't support phys switch id if not in switchdev mode https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.146 - RDMA/rxe: Fix memleak in rxe_mem_init_user - RDMA/rxe: Drop pointless checks in rxe_init_ports - [armhf] drm/sun4i: Fix dsi dcs long write function - scsi: libsas: Set data_dir as DMA_NONE if libata marks qc as NODATA - RDMA/core: Fix reported speed and width - [arm64] mmc: sdhci-msm: Add retries when all tuning phases are found valid - [arm64,x86] dmaengine: acpi: Put the CSRT table after using it - netfilter: conntrack: allow sctp hearbeat after connection re-use - [x86] firestream: Fix memleak in fs_open - [arm64,armhf] ALSA: hda: Fix 2 channel swapping for Tegra - xfs: initialize the shortform attr header padding entry - nvme-fabrics: don't check state NVME_CTRL_NEW for request acceptance - nvme-rdma: serialize controller teardown sequences - HID: quirks: Set INCREMENT_USAGE_ON_DUPLICATE for all Saitek X52 devices - [ppc64el,x86] drivers/net/wan/hdlc_cisco: Add hard_header_len - HID: elan: Fix memleak in elan_input_configured - [x86] cpufreq: intel_pstate: Refuse to turn off with HWP enabled - [x86] cpufreq: intel_pstate: Fix intel_pstate_get_hwp_max() for turbo disabled - ALSA: hda: fix a runtime pm issue in SOF when integrated GPU is disabled - [amd64] iommu/amd: Do not use IOMMUv2 functionality when SME is active - [x86] iio:accel:bmc150-accel: Fix timestamp alignment and prevent data leak. - [x86] iio:magnetometer:ak8975 Fix alignment and data leak issues. - [armhf] iio:accel:mma8452: Fix timestamp alignment and prevent data leak. - [x86] staging: wlan-ng: fix out of bounds read in prism2sta_probe_usb() - btrfs: require only sector size alignment for parent eb bytenr - btrfs: fix lockdep splat in add_missing_dev - btrfs: fix wrong address when faulting in pages in the search ioctl - regulator: push allocation in set_consumer_device_supply() out of lock - scsi: target: iscsi: Fix data digest calculation - scsi: target: iscsi: Fix hang in iscsit_access_np() when getting tpg->np_login_sem - [arm64] drm/msm: Disable preemption on all 5xx targets - rbd: require global CAP_SYS_ADMIN for mapping and unmapping (CVE-2020-25284) - RDMA/rxe: Fix the parent sysfs read when the interface has 15 chars - vgacon: remove software scrollback support - fbcon: remove soft scrollback code (CVE-2020-14390) - fbcon: remove now unusued 'softback_lines' cursor() argument - [x86] KVM: VMX: Don't freeze guest when event delivery causes an APIC-access exit - [x86] video: fbdev: fix OOB read in vga_8planes_imageblit() - [arm64] phy: qcom-qmp: Use correct values for ipq8074 PCIe Gen2 PHY init - usb: core: fix slab-out-of-bounds Read in read_descriptors - USB: serial: ftdi_sio: add IDs for Xsens Mti USB converter - USB: serial: option: support dynamic Quectel USB compositions - USB: serial: option: add support for SIM7070/SIM7080/SIM7090 modules - usb: Fix out of sync data toggle if a configured device is reconfigured - [x86] usb: typec: ucsi: acpi: Check the _DEP dependencies . [ Salvatore Bonaccorso ] * Bump ABI to 11 * Drop 'Revert "mips: Add udelay lpj numbers adjustment"' * [rt] Update to 4.19.135-rt60 * [rt] Refresh "net: Use skbufhead with raw lock" for context changes in 4.19.136 * [rt] Refresh "timers: Prepare for full preemption" for context changes in 4.19.138 * [rt] Refresh "timers: Redo the notification of canceling timers on -RT" for context changes in 4.19.138 * [rt] Refresh "watchdog: prevent deferral of watchdogd wakeup on RT" for context changes in 4.19.141 * Refresh "net: ena: fix crash during ena_remove()" for context changes in 4.19.142 * [rt] Refresh "Split IRQ-off and zone->lock while freeing pages from PCP list #1" for context changes in 4.19.142 * ACPI: configfs: Disallow loading ACPI tables when locked down (CVE-2020-15780) * [rt] Update to 4.19.142-rt63 * net/packet: fix overflow in tpacket_rcv (CVE-2020-14386) * debian/tests/python: pycodestyle: Increase max-line-length to 100. * gfs2: initialize transaction tr_ailX_lists earlier (Closes: #968567) linux-latest (105+deb10u6) buster; urgency=medium . * Update to 4.19.0-11 linux-signed-amd64 (4.19.146+1) buster; urgency=medium . * Sign kernel from linux 4.19.146-1 . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.133 - [s390x] KVM: s390: reduce number of IO pins to 1 - regmap: fix alignment issue - [arm64,armhf] drm/tegra: hub: Do not enable orphaned window group - [arm64,armhf] gpu: host1x: Detach driver on unregister - spi: spidev: fix a race between spidev_release and spidev_remove - spi: spidev: fix a potential use-after-free in spidev_release() - ixgbe: protect ring accesses with READ- and WRITE_ONCE - i40e: protect ring accesses with READ- and WRITE_ONCE - [x86] drm: panel-orientation-quirks: Add quirk for Asus T101HA panel - [x86] drm: panel-orientation-quirks: Use generic orientation-data for Acer S1003 - cifs: update ctime and mtime during truncate - [armhf] imx6: add missing put_device() call in imx6q_suspend_init() - scsi: mptscsih: Fix read sense data size - [arm64] usb: dwc3: pci: Fix reference count leak in dwc3_pci_resume_work - block: release bip in a right way in error path - nvme-rdma: assign completion vector correctly - [x86] entry: Increase entry_stack size to a full page - net: cxgb4: fix return error value in t4_prep_fw - smsc95xx: check return value of smsc95xx_reset - smsc95xx: avoid memory leak in smsc95xx_bind - [arm64] net: hns3: fix use-after-free when doing self test - [x86] ALSA: compress: fix partial_drain completion state - nbd: Fix memory leak in nbd_add_socket - cxgb4: fix all-mask IP address comparison - bnxt_en: fix NULL dereference in case SR-IOV configuration fails - [arm64] net: macb: mark device wake capable when "magic-packet" property present - ALSA: opl3: fix infoleak in opl3 - ALSA: hda - let hs_mic be picked ahead of hp_mic - ALSA: usb-audio: add quirk for MacroSilicon MS2109 - [arm64] KVM: Fix definition of PAGE_HYP_DEVICE - [arm64] KVM: Stop clobbering x0 for HVC_SOFT_RESTART - [x86] KVM: bit 8 of non-leaf PDPEs is not reserved - [x86] KVM: Inject #GP if guest attempts to toggle CR4.LA57 in 64-bit mode - [x86] KVM: Mark CR4.TSD as being possibly owned by the guest - kallsyms: Refactor kallsyms_show_value() to take cred - kernel: module: Use struct_size() helper - module: Refactor section attr into bin attribute - module: Do not expose section addresses to non-CAP_SYSLOG - kprobes: Do not expose probe addresses to non-CAP_SYSLOG - bpf: Check correct cred for CAP_SYSLOG in bpf_dump_raw_ok() - btrfs: fix fatal extent_buffer readahead vs releasepage race - drm/radeon: fix double free - dm: use noio when sending kobject event - [s390x] mm: fix huge pte soft dirty copying https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.134 - perf: Make perf able to build with latest libbfd - genetlink: remove genl_bind - ipv4: fill fl4_icmp_{type,code} in ping_v4_sendmsg - l2tp: remove skb_dst_set() from l2tp_xmit_skb() - llc: make sure applications use ARPHRD_ETHER - net: Added pointer check for dst->ops->neigh_lookup in dst_neigh_lookup_skb - net_sched: fix a memory leak in atm_tc_init() - net: usb: qmi_wwan: add support for Quectel EG95 LTE modem - tcp: fix SO_RCVLOWAT possible hangs under high mem pressure - tcp: make sure listeners don't initialize congestion-control state - tcp: md5: add missing memory barriers in tcp_md5_do_add()/tcp_md5_hash_key() - tcp: md5: do not send silly options in SYNCOOKIES - tcp: md5: refine tcp_md5_do_add()/tcp_md5_hash_key() barriers - tcp: md5: allow changing MD5 keys in all socket states - cgroup: fix cgroup_sk_alloc() for sk_clone_lock() (CVE-2020-14356) (Closes: #966846) - cgroup: Fix sock_cgroup_data on big-endian. - sched: consistently handle layer3 header accesses in the presence of VLANs - vlan: consolidate VLAN parsing code and limit max parsing depth - [arm64] drm/msm: fix potential memleak in error branch - [arm64] alternatives: use subsections for replacement sequences - [arm64,x86] tpm_tis: extra chip->ops check on error path in tpm_tis_core_init - gfs2: read-only mounts should grab the sd_freeze_gl glock - [i386] i2c: eg20t: Load module automatically if ID matches - [arm64] alternatives: don't patch up internal branches - [armhf] iio: mma8452: Add missed iio_device_unregister() call in mma8452_probe() - [armhf] net: dsa: bcm_sf2: Fix node reference count - of: of_mdio: Correct loop scanning logic - Revert "usb/ohci-platform: Fix a warning when hibernating" - [arm64,armhf] Revert "usb/xhci-plat: Set PM runtime as active on resume" - Revert "usb/ehci-platform: Set PM runtime as active on resume" - [arm64,armhf] net: sfp: add support for module quirks - [arm64,armhf] net: sfp: add some quirks for GPON modules - HID: quirks: Remove ITE 8595 entry from hid_have_special_driver - ALSA: usb-audio: Create a registration quirk for Kingston HyperX Amp (0951:16d8) - mmc: sdhci: do not enable card detect interrupt for gpio cd type - ALSA: usb-audio: Rewrite registration quirk handling - [x86] ACPI: video: Use native backlight on Acer Aspire 5783z - ALSA: usb-audio: Add registration quirk for Kingston HyperX Cloud Alpha S - [x86] ACPI: video: Use native backlight on Acer TravelMate 5735Z - ALSA: usb-audio: Add registration quirk for Kingston HyperX Cloud Flight S - [arm64,armhf] phy: sun4i-usb: fix dereference of pointer phy0 before it is null checked - [armhf] spi: spi-sun6i: sun6i_spi_transfer_one(): fix setting of clock rate - [x86] staging: comedi: verify array index is correct before using it - regmap: debugfs: Don't sleep while atomic for fast_io regmaps - [x86] copy_xstate_to_kernel: Fix typo which caused GDB regression - apparmor: ensure that dfa state tables have entries - perf stat: Zero all the 'ena' and 'run' array slot stats for interval mode - [armhf] mtd: rawnand: marvell: Use nand_cleanup() when the device is not yet registered - [armhf] mtd: rawnand: marvell: Fix probe error path - mtd: rawnand: timings: Fix default tR_max and tCCS_min timings - HID: magicmouse: do not set up autorepeat - HID: quirks: Always poll Obins Anne Pro 2 keyboard - HID: quirks: Ignore Simply Automated UPB PIM - ALSA: line6: Perform sanity check for each URB creation - ALSA: line6: Sync the pending work cancel at disconnection - ALSA: usb-audio: Fix race against the error recovery URB submission - [x86] ALSA: hda/realtek - change to suitable link model for ASUS platform - [x86] ALSA: hda/realtek - Enable Speaker for ASUS UX533 and UX534 - [arm*] usb: dwc2: Fix shutdown callback in platform - [arm64,armhf] usb: chipidea: core: add wakeup support for extcon - USB: serial: iuu_phoenix: fix memory corruption - USB: serial: cypress_m8: enable Simply Automated UPB PIM - USB: serial: ch341: add new Product ID for CH340 - USB: serial: option: add GosunCn GM500 series - USB: serial: option: add Quectel EG95 LTE modem - [x86] virt: vbox: Fix VBGL_IOCTL_VMMDEV_REQUEST_BIG and _LOG req numbers to match upstream - [x86] virt: vbox: Fix guest capabilities mask check - [arm64] virtio: virtio_console: add missing MODULE_DEVICE_TABLE() for rproc serial - ovl: inode reference leak in ovl_is_inuse true case. - ovl: relax WARN_ON() when decoding lower directory file handle - ovl: fix unneeded call to ovl_change_flags() - fuse: Fix parameter for FS_IOC_{GET,SET}FLAGS - Revert "zram: convert remaining CLASS_ATTR() to CLASS_ATTR_RO()" (CVE-2020-10781) - [x86] mei: bus: don't clean driver pointer - timer: Prevent base->clk from moving backward - timer: Fix wheel index calculation on last level - [mips*] Fix build for LTS kernel caused by backporting lpj adjustment - hwmon: (emc2103) fix unable to change fan pwm1_enable attribute - [powerpc*] book3s64/pkeys: Fix pkey_access_permitted() for execute disable pkey - [x86] intel_th: pci: Add Jasper Lake CPU support - [x86] intel_th: pci: Add Tiger Lake PCH-H support - [x86] intel_th: pci: Add Emmitsburg PCH support - [x86] intel_th: Fix a NULL dereference when hub driver is not loaded - [arm*] thermal/drivers/cpufreq_cooling: Fix wrong frequency converted from power - [arm64] ptrace: Override SPSR.SS when single-stepping is enabled - [arm64] ptrace: Consistently use pseudo-singlestep exceptions - [arm64] compat: Ensure upper 32 bits of x0 are zero on syscall return - sched: Fix unreliable rseq cpu_id for new tasks - sched/fair: handle case of task_h_load() returning 0 - genirq/affinity: Handle affinity setting on inactive interrupts correctly - printk: queue wake_up_klogd irq_work only if per-CPU areas are ready - libceph: don't omit recovery_deletes in target_copy() - rxrpc: Fix trace string https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.135 - mac80211: allow rx of mesh eapol frames with default rx key - scsi: scsi_transport_spi: Fix function pointer check - net: sky2: initialize return of gm_phy_read - drm/nouveau/i2c/g94-: increase NV_PMGR_DP_AUXCTL_TRANSACTREQ timeout - fuse: fix weird page warning - [x86] irqdomain/treewide: Keep firmware node unconditionally allocated - SUNRPC reverting d03727b248d0 ("NFSv4 fix CLOSE not waiting for direct IO compeletion") - tipc: clean up skb list lock handling on send path - IB/umem: fix reference count leak in ib_umem_odp_get() - uprobes: Change handle_swbp() to send SIGTRAP with si_code=SI_KERNEL, to fix GDB regression - ALSA: info: Drop WARN_ON() from buffer NULL sanity check - btrfs: fix double free on ulist after backref resolution failure - btrfs: fix mount failure caused by race with umount - btrfs: fix page leaks after failure to lock page for delalloc - bnxt_en: Fix race when modifying pause settings. - [x86] hippi: Fix a size used in a 'pci_free_consistent()' in an error handling path - ax88172a: fix ax88172a_unbind() failures - ieee802154: fix one possible memleak in adf7242_probe - [arm64,armhf] drm: sun4i: hdmi: Fix inverted HPD result - [arm64,armhf] net: smc91x: Fix possible memory leak in smc_drv_probe() - bonding: check error value of register_netdevice() immediately - qed: suppress "don't support RoCE & iWARP" flooding on HW init - ipvs: fix the connection sync failed in some cases - bonding: check return value of register_netdevice() in bond_newlink() - serial: exar: Fix GPIO configuration for Sealevel cards based on XR17V35X - [arm64,x86] HID: i2c-hid: add Mediacom FlexBook edge13 to descriptor override - HID: alps: support devices with report id 2 - HID: steam: fixes race in handling device list. - HID: apple: Disable Fn-key key-re-mapping on clone keyboards - [arm64] dmaengine: tegra210-adma: Fix runtime PM imbalance on error - Input: add `SW_MACHINE_COVER` - regmap: dev_get_regmap_match(): fix string comparison - hwmon: (aspeed-pwm-tacho) Avoid possible buffer overflow - [amd64] dmaengine: ioat setting ioat timeout as module parameter - [x86] Input: synaptics - enable InterTouch for ThinkPad X1E 1st gen - [arm64] Use test_tsk_thread_flag() for checking TIF_SINGLESTEP - [arm*] binder: Don't use mmput() from shrinker function. - usb: xhci: Fix ASM2142/ASM3142 DMA addressing - Revert "cifs: Fix the target file was deleted when rename failed." (Closes: #966917) - [x86] staging: wlan-ng: properly check endpoint types - [x86] staging: comedi: addi_apci_1032: check INSN_CONFIG_DIGITAL_TRIG shift - [x86] staging: comedi: ni_6527: fix INSN_CONFIG_DIGITAL_TRIG support - [x86] staging: comedi: addi_apci_1500: check INSN_CONFIG_DIGITAL_TRIG shift - [x86] staging: comedi: addi_apci_1564: check INSN_CONFIG_DIGITAL_TRIG shift - serial: 8250: fix null-ptr-deref in serial8250_start_tx() - fbdev: Detect integer underflow at "struct fbcon_ops"->clear_margins. - vt: Reject zero-sized screen buffer size. - mm/memcg: fix refcount error while moving and swapping - mm: memcg/slab: synchronize access to kmem_cache dying flag using a spinlock - mm: memcg/slab: fix memory leak at non-root kmem_cache destroy - io-mapping: indicate mapping failure - drm/amdgpu: Fix NULL dereference in dpm sysfs handlers - [x86] vmlinux.lds: Page-align end of ..page_aligned sections - [x86] ASoC: rt5670: Add new gpio1_is_ext_spk_en quirk and enable it on the Lenovo Miix 2 10 - dm integrity: fix integrity recalculation that is improperly skipped - ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb - ath9k: Fix regression with Atheros 9271 https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.136 - AX.25: Fix out-of-bounds read in ax25_connect() - AX.25: Prevent out-of-bounds read in ax25_sendmsg() - dev: Defer free of skbs in flush_backlog - ip6_gre: fix null-ptr-deref in ip6gre_init_net() - net-sysfs: add a newline when printing 'tx_timeout' by sysfs - net: udp: Fix wrong clean up for IS_UDPLITE macro - rxrpc: Fix sendmsg() returning EPIPE due to recvmsg() returning ENODATA - tcp: allow at most one TLP probe per flight - AX.25: Prevent integer overflows in connect and sendmsg - sctp: shrink stream outq only when new outcnt < old outcnt - sctp: shrink stream outq when fails to do addstream reconf - udp: Copy has_conns in reuseport_grow(). - udp: Improve load balancing for SO_REUSEPORT. - rtnetlink: Fix memory(net_device) leak when ->newlink fails - regmap: debugfs: check count when read regmap file https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.137 - [x86] crypto: ccp - Release all allocated memory if sha type is invalid (CVE-2019-18808) - media: rc: prevent memory leak in cx23888_ir_probe (CVE-2019-19054) - iio: imu: adis16400: fix memory leak (CVE-2019-19061) - [x86] drm/amdgpu: fix multiple memory leaks in acp_hw_init (CVE-2019-19067) - tracing: Have error path in predicate_parse() free its allocated memory (CVE-2019-19072) - ath9k_htc: release allocated buffer if timed out (CVE-2019-19073) - ath9k: release allocated buffer if timed out (CVE-2019-19074) - drm/amd/display: prevent memory leak (CVE-2019-19082) - btrfs: inode: Verify inode mode to avoid NULL pointer dereference (CVE-2019-19813, CVE-2019-19816) - sctp: implement memory accounting on tx path (CVE-2019-3874) - Btrfs: fix selftests failure due to uninitialized i_mode in test inodes - PCI/ASPM: Disable ASPM on ASMedia ASM1083/1085 PCIe-to-PCI bridge - 9p/trans_fd: Fix concurrency del of req_list in p9_fd_cancelled/p9_read_work - wireless: Use offsetof instead of custom macro. - [armel,armhf] 8986/1: hw_breakpoint: Don't invoke overflow handler on uaccess watchpoints - Revert "drm/amdgpu: Fix NULL dereference in dpm sysfs handlers" - drm/amdgpu: Prevent kernel-infoleak in amdgpu_info_ioctl() - drm: hold gem reference until object is no longer accessed - rds: Prevent kernel-infoleak in rds_notify_queue_get() - xfs: fix missed wakeup on l_flush_wait - xfrm: Fix crash when the hold queue is used. - net/mlx5: Verify Hardware supports requested ptp function on a given pin - net: lan78xx: add missing endpoint sanity check - net: lan78xx: fix transfer-buffer memory leak - mlx4: disable device on shutdown - bpf: Fix map leak in HASH_OF_MAPS map - mac80211: mesh: Free ie data when leaving mesh - mac80211: mesh: Free pending skb when destroying a mpath - [arm64] alternatives: move length validation inside the subsection - [arm64] csum: Fix handling of bad packets - Bluetooth: fix kernel oops in store_pending_adv_report - net/mlx5e: fix bpf_prog reference count leaks in mlx5e_alloc_rq - qed: Disable "MFW indication via attention" SPAM every 5 minutes - [amd64] x86/unwind/orc: Fix ORC for newly forked tasks - cxgb4: add missing release on skb in uld_send() - xen-netfront: fix potential deadlock in xennet_remove() - [x86] KVM: LAPIC: Prevent setting the tscdeadline timer if the lapic is hw disabled - [x86] i8259: Use printk_deferred() to prevent deadlock https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.138 - random32: update the net random state on interrupt and activity (CVE-2020-16166) - [armel] ARM: percpu.h: fix build error - random: fix circular include dependency on arm64 after addition of percpu.h - random32: remove net_rand_state from the latent entropy gcc plugin - random32: move the pseudo-random 32-bit definitions to prandom.h - ext4: fix direct I/O read error https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.139 - USB: serial: qcserial: add EM7305 QDL product ID - USB: iowarrior: fix up report size handling for some devices - usb: xhci: define IDs for various ASMedia host controllers - usb: xhci: Fix ASMedia ASM1142 DMA addressing - Revert "ALSA: hda: call runtime_allow() for all hda controllers" - [arm*] staging: android: ashmem: Fix lockdep warning for write operation - Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt() - Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_evt() - Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_with_rssi_evt() - [arm*] binder: Prevent context manager from incrementing ref 0 - vgacon: Fix for missing check in scrollback handling (CVE-2020-14331) - mtd: properly check all write ioctls for permissions - net/9p: validate fds in p9_fd_open - drm/nouveau/fbcon: fix module unload when fbcon init has failed for some reason - drm/nouveau/fbcon: zero-initialise the mode_cmd2 structure - usb: hso: check for return value in hso_serial_common_create() - firmware: Fix a reference count leak. - cfg80211: check vendor command doit pointer before use - igb: reinit_locked() should be called with rtnl_lock - atm: fix atm_dev refcnt leaks in atmtcp_remove_persistent - tools lib traceevent: Fix memory leak in process_dynamic_array_len - [x86] Drivers: hv: vmbus: Ignore CHANNELMSG_TL_CONNECT_RESULT(23) - xattr: break delegations in {set,remove}xattr - ipv4: Silence suspicious RCU usage warning - ipv6: fix memory leaks on IPV6_ADDRFORM path - vxlan: Ensure FDB dump is performed under RCU - net: lan78xx: replace bogus endpoint lookup - [x86] hv_netvsc: do not use VF device if link is down - net: gre: recompute gre csum for sctp over gre tunnels - [arm64] net: thunderx: use spin_lock_bh in nicvf_set_rx_mode_task() - openvswitch: Prevent kernel-infoleak in ovs_ct_put_key() - Revert "vxlan: fix tos value before xmit" - rxrpc: Fix race between recvmsg and sendmsg on immediate call failure - i40e: add num_vectors checker in iwarp handler - i40e: Wrong truncation from u16 to u8 - i40e: Fix of memory leak and integer truncation in i40e_virtchnl.c - i40e: Memory leak in i40e_config_iwarp_qvlist https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.140 - tracepoint: Mark __tracepoint_string's __used - HID: input: Fix devices that return multiple bytes in battery report - cgroup: add missing skcd->no_refcnt check in cgroup_sk_clone() - [x86] mce/inject: Fix a wrong assignment of i_mce.status - sched/fair: Fix NOHZ next idle balance - sched: correct SD_flags returned by tl->sd_flags() - EDAC: Fix reference count leaks - [x86] platform/x86: intel-hid: Fix return value check in check_acpi_dev() - [x86] platform/x86: intel-vbtn: Fix return value check in check_acpi_dev() - [armhf] drm/tilcdc: fix leak & null ref in panel_connector_get_modes - Bluetooth: add a mutex lock to avoid UAF in do_enale_set - loop: be paranoid on exit and prevent new additions / removals - fs/btrfs: Add cond_resched() for try_release_extent_mapping() stalls - drm/amdgpu: avoid dereferencing a NULL pointer - drm/radeon: Fix reference count leaks caused by pm_runtime_get_sync - [x86] crypto: aesni - Fix build with LLVM_IAS=1 - video: fbdev: neofb: fix memory leak in neo_scan_monitor() - md-cluster: fix wild pointer of unlock_all_bitmaps() - [arm64] dts: hisilicon: hikey: fixes to comply with adi, adv7533 DT binding - [armhf] drm/etnaviv: fix ref count leak via pm_runtime_get_sync - drm/nouveau: fix multiple instances of reference count leaks - drm/debugfs: fix plain echo to connector "force" attribute - drm/radeon: disable AGP by default - mm/mmap.c: Add cond_resched() for exit_mmap() CPU stalls - brcmfmac: keep SDIO watchdog running when console_interval is non-zero - brcmfmac: To fix Bss Info flag definition Bug - brcmfmac: set state of hanger slot to FREE when flushing PSQ - iwlegacy: Check the return value of pcie_capability_read_*() - [arm64,armhf] gpu: host1x: debug: Fix multiple channels emitting messages simultaneously - usb: gadget: net2280: fix memory leak on probe error handling paths - dyndbg: fix a BUG_ON in ddebug_describe_flags - bcache: fix super block seq numbers comparision in register_cache_set() - [arm64,x86] ACPICA: Do not increment operation_region reference counts for field units - [arm64] drm/msm: ratelimit crtc event overflow error - [x86] agp/intel: Fix a memory leak on module initialisation failure - ath10k: Acquire tx_lock in tx error paths - [armhf] drm/etnaviv: Fix error path on failure to enable bus clk - [arm64] drm/arm: fix unintentional integer overflow on left shift - drm/mipi: use dcs write for mipi_dsi_dcs_set_tear_scanline - [powerpc*] cxl: Fix kobject memleak - drm/radeon: fix array out-of-bounds read and write issues - ipvs: allow connection reuse for unconfirmed conntrack - xfs: don't eat an EIO/ENOSPC writeback error when scrubbing data fork - xfs: fix reflink quota reservation accounting error - RDMA/rxe: Skip dgid check in loopback mode - PCI: Fix pci_cfg_wait queue locking problem - leds: core: Flush scheduled work for system suspend - [arm64,armhf] drm: panel: simple: Fix bpc for LG LB070WV8 panel - [armhf] phy: exynos5-usbdrd: Calibrating makes sense only for USB2.0 PHY - scsi: scsi_debug: Add check for sdebug_max_queue during module init - mwifiex: Prevent memory corruption handling keys - [powerpc*] vdso: Fix vdso cpu truncation - RDMA/qedr: SRQ's bug fixes - RDMA/rxe: Prevent access to wr->next ptr afrer wr is posted to send queue - [x86] staging: rtl8192u: fix a dubious looking mask before a shift - PCI/ASPM: Add missing newline in sysfs 'policy' - [powerpc*] book3s64/pkeys: Use PVR check instead of cpu feature - USB: serial: iuu_phoenix: fix led-activity helpers - usb: core: fix quirks_param_set() writing to a const pointer - [armhf] thermal: ti-soc-thermal: Fix reversed condition in ti_thermal_expose_sensor() - [mips*] OCTEON: add missing put_device() call in dwc3_octeon_device_init() - [arm*] usb: dwc2: Fix error path in gadget registration - [arm64,armhf] net: dsa: mv88e6xxx: MV88E6097 does not support jumbo configuration - RDMA/core: Fix return error value in _ib_modify_qp() to negative - Bluetooth: hci_h5: Set HCI_UART_RESET_ON_INIT to correct flags - Bluetooth: hci_serdev: Only unregister device if it was registered - [x86] PCI: Release IVRS table in AMD ACS quirk - [s390x] qeth: don't process empty bridge port events - [arm64,armhf] wl1251: fix always return 0 error - [amd64] net: ethernet: aquantia: Fix wrong return value - liquidio: Fix wrong return value in cn23xx_get_pf_num() - dlm: Fix kobject memleak - ocfs2: fix unbalanced locking - [arm64,armhf] pinctrl-single: fix pcs_parse_pinconf() return value - svcrdma: Fix page leak in svc_rdma_recv_read_chunk() - [x86] fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task - [amd64] crypto: aesni - add compatibility with IAS - af_packet: TPACKET_V3: fix fill status rwlock imbalance - net/nfc/rawsock.c: add CAP_NET_RAW check. - net: Set fput_needed iff FDPUT_FPUT is set - net: refactor bind_bucket fastreuse into helper - net: initialize fastreuse on inet_inherit_port - USB: serial: cp210x: re-enable auto-RTS on open - USB: serial: cp210x: enable usb generic throttle/unthrottle - [x86] ALSA: hda - fix the micmute led status for Lenovo ThinkCentre AIO - ALSA: usb-audio: Creative USB X-Fi Pro SB1095 volume knob support - ALSA: usb-audio: fix overeager device match for MacroSilicon MS2109 - ALSA: usb-audio: work around streaming quirk for MacroSilicon MS2109 - [x86] crypto: qat - fix double free in qat_uclo_create_batch_init_list - [x86] crypto: ccp - Fix use of merged scatterlists - [arm64] crypto: cpt - don't sleep of CRYPTO_TFM_REQ_MAY_SLEEP was not specified - bitfield.h: don't compile-time validate _val in FIELD_FIT - fs/minix: check return value of sb_getblk() - fs/minix: don't allow getting deleted inodes - fs/minix: reject too-large maximum file size - ALSA: usb-audio: add quirk for Pioneer DDJ-RB - 9p: Fix memory leak in v9fs_mount - drm/ttm/nouveau: don't call tt destroy callback on alloc failure. - NFS: Don't move layouts to plh_return_segs list while in use - NFS: Don't return layout segments that are in use - [arm64] cpufreq: dt: fix oops on armada37xx - include/asm-generic/vmlinux.lds.h: align ro_after_init - spi: spidev: Align buffers for DMA - [x86] irqdomain/treewide: Free firmware node after domain removal - xen/balloon: fix accounting in alloc_xenballooned_pages error path - xen/balloon: make the balloon wait interruptible https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.141 - smb3: warn on confusing error scenario with sec=krb5 - genirq/affinity: Make affinity setting if activated opt-in - [arm64,x86] PCI: hotplug: ACPI: Fix context refcounting in acpiphp_grab_context() - PCI: Mark AMD Navi10 GPU rev 0x00 ATS as broken - PCI: Add device even if driver attach failed - [arm64] PCI: qcom: Define some PARF params needed for ipq8064 SoC - [arm64] PCI: qcom: Add support for tx term offset for rev 2.1.0 - PCI: Probe bridge window attributes once at enumeration-time - btrfs: free anon block device right after subvolume deletion - btrfs: don't allocate anonymous block device for user invisible roots - btrfs: ref-verify: fix memory leak in add_block_entry - btrfs: don't traverse into the seed devices in show_devname - btrfs: open device without device_list_mutex - btrfs: fix messages after changing compression level by remount - btrfs: only search for left_info if there is no right_info in try_merge_free_space (CVE-2019-19448) - btrfs: fix memory leaks after failure to lookup checksums during inode logging - btrfs: fix return value mixup in btrfs_get_extent - cifs: Fix leak when handling lease break for cached root fid - [powerpc*] Allow 4224 bytes of stack expansion for the signal frame - [powerpc*] Fix circular dependency between percpu.h and mmu.h - [arm64] net: ethernet: stmmac: Disable hardware multicast filter - [arm64,armhf] net: stmmac: dwmac1000: provide multicast filter fallback - net/compat: Add missing sock updates for SCM_RIGHTS - md/raid5: Fix Force reconstruct-write io stuck in degraded raid5 - bcache: allocate meta data pages as compound pages - bcache: fix overflow in offset_to_stripe() - mac80211: fix misplaced while instead of if - driver core: Avoid binding drivers to dead devices - [mips*] CPU#0 is not hotpluggable - ocfs2: change slot number type s16 to u16 - mm/page_counter.c: fix protection usage propagation - ftrace: Setup correct FTRACE_FL_REGS flags for module - kprobes: Fix NULL pointer dereference at kprobe_ftrace_handler - tracing/hwlat: Honor the tracing_cpumask - tracing: Use trace_sched_process_free() instead of exit() for pid tracing - [x86] watchdog: f71808e_wdt: indicate WDIOF_CARDRESET support in watchdog_info.options - [x86] watchdog: f71808e_wdt: remove use of wrong watchdog_info option - [x86] watchdog: f71808e_wdt: clear watchdog timeout occurred flag - [powerpc*] pseries: Fix 64 bit logical memory block panic - module: Correctly truncate sysfs sections output - [armhf] drm/imx: imx-ldb: Disable both channels for split mode in enc->disable() - RDMA/ipoib: Return void from ipoib_ib_dev_stop() - RDMA/ipoib: Fix ABBA deadlock with ipoib_reap_ah() - USB: serial: ftdi_sio: make process-packet buffer unsigned - USB: serial: ftdi_sio: clean up receive processing - [armhf] gpu: ipu-v3: image-convert: Combine rotate/no-rotate irq handlers - dm rq: don't call blk_mq_queue_stopped() in dm_stop_queue() - [amd64] iommu/vt-d: Enforce PASID devTLB field mask - scsi: lpfc: nvmet: Avoid hang / use-after-free again when destroying targetport - watchdog: initialize device before misc_register - Input: sentelic - fix error return when fsp_reg_write fails - [x86] drm/vmwgfx: Use correct vmw_legacy_display_unit pointer - [x86] drm/vmwgfx: Fix two list_for_each loop exit tests - [arm64] net: qcom/emac: add missed clk_disable_unprepare in error path of emac_clks_phase1_init - nfs: Fix getxattr kernel panic and memory overflow (CVE-2020-25212) - fs/minix: set s_maxbytes correctly - fs/minix: fix block limit check for V1 filesystems - fs/minix: remove expected error message in block_to_path() - fs/ufs: avoid potential u32 multiplication overflow - khugepaged: retract_page_tables() remember to test exit - [arm64] dts: marvell: espressobin: add ethernet alias - [x86] drm: Added orientation quirk for ASUS tablet model T103HAF https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.142 - drm/vgem: Replace opencoded version of drm_gem_dumb_map_offset() - perf probe: Fix memory leakage when the probe point is not found - khugepaged: khugepaged_test_exit() check mmget_still_valid() - khugepaged: adjust VM_BUG_ON_MM() in __khugepaged_enter() - btrfs: export helpers for subvolume name/id resolution - btrfs: don't show full path of bind mounts in subvol= - btrfs: Move free_pages_out label in inline extent handling branch in compress_file_range - btrfs: inode: fix NULL pointer dereference if inode doesn't need compression - btrfs: sysfs: use NOFS for device creation - romfs: fix uninitialized memory leak in romfs_dev_read() - kernel/relay.c: fix memleak on destroy relay channel - mm: include CMA pages in lowmem_reserve at boot - mm, page_alloc: fix core hung in free_pcppages_bulk() - ext4: fix checking of directory entry validity for inline directories - jbd2: add the missing unlock_buffer() in the error path of jbd2_write_superblock() - [s390x] scsi: zfcp: Fix use-after-free in request timeout handlers - kthread: Do not preempt current task if it is going to call schedule() - spi: Prevent adding devices below an unregistering controller - scsi: ufs: Add DELAY_BEFORE_LPM quirk for Micron devices - [arm*] scsi: target: tcmu: Fix crash in tcmu_flush_dcache_range on ARM - media: budget-core: Improve exception handling in budget_register() - Input: psmouse - add a newline when printing 'proto' by sysfs - svcrdma: Fix another Receive buffer leak - xfs: fix inode quota reservation checks - jffs2: fix UAF problem - ceph: fix use-after-free for fsc->mdsc - [x86] cpufreq: intel_pstate: Fix cpuinfo_max_freq when MSR_TURBO_RATIO_LIMIT is 0 - scsi: libfc: Free skb in fc_disc_gpn_id_resp() for valid cases - virtio_ring: Avoid loop when vq is broken in virtqueue_poll - xfs: Fix UBSAN null-ptr-deref in xfs_sysfs_init - fs/signalfd.c: fix inconsistent return codes for signalfd4 - ext4: fix potential negative array index in do_split() (CVE-2020-14314) - ext4: don't allow overlapping system zones - i40e: Set RX_ONLY mode for unicast promiscuous on VLAN - i40e: Fix crash during removing i40e driver - [armhf] net: fec: correct the error path for regulator disable in probe - bonding: show saner speed for broadcast mode - bonding: fix a potential double-unregister - [s390x] runtime_instrumentation: fix storage key handling - [s390x] ptrace: fix storage key handling - [x86] ASoC: intel: Fix memleak in sst_media_open - [amd64,arm64] vfio/type1: Add proper error unwind for vfio_iommu_replay() - [x86] kvm: Toggling CR4.SMAP does not load PDPTEs in PAE mode - [x86] kvm: Toggling CR4.PKE does not load PDPTEs in PAE mode - efi: avoid error message when booting under Xen - afs: Fix NULL deref in afs_dynroot_depopulate() - bonding: fix active-backup failover for current ARP slave - net: ena: Prevent reset after device destruction - [x86] hv_netvsc: Fix the queue_mapping in netvsc_vf_xmit() - [armhf] net: dsa: b53: check for timeout - [powerpc*] pseries: Do not initiate shutdown when system is running on UPS - efi: add missed destroy_workqueue when efisubsys_init fails - epoll: Keep a reference on files added to the check list - do_epoll_ctl(): clean the failure exits up a bit - mm/hugetlb: fix calculation of adjust_range_if_pmd_sharing_possible - xen: don't reschedule in preemption off sections - clk: Evict unregistered clks from parent caches - KVM: Pass MMU notifier range flags to kvm_unmap_hva_range() - [arm64] KVM: Only reschedule if MMU_NOTIFIER_RANGE_BLOCKABLE is not set https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.143 - [powerpc*] 64s: Don't init FSCR_DSCR in __init_FSCR() - gre6: Fix reception with IP6_TNL_F_RCV_DSCP_COPY - net: Fix potential wrong skb->protocol in skb_vlan_untag() - net/smc: Prevent kernel-infoleak in __smc_diag_dump() - tipc: fix uninit skb->data in tipc_nl_compat_dumpit() - net: ena: Make missed_tx stat incremental - ipvlan: fix device features - [x86] mfd: intel-lpss: Add Intel Emmitsburg PCH PCI IDs - [powerpc*] xive: Ignore kmemleak false positives - media: pci: ttpci: av7110: fix possible buffer overflow caused by bad DMA value in debiirq() - blktrace: ensure our debugfs dir exists - scsi: target: tcmu: Fix crash on ARM during cmd completion - [arm*] iommu/iova: Don't BUG on invalid PFNs - [amd64] drm/amdkfd: Fix reference count leaks. - drm/radeon: fix multiple reference count leak - drm/amdgpu: fix ref count leak in amdgpu_driver_open_kms - drm/amd/display: fix ref count leak in amdgpu_drm_ioctl - drm/amdgpu: fix ref count leak in amdgpu_display_crtc_set_config - drm/amdgpu/display: fix ref count leak when pm_runtime_get_sync fails - scsi: lpfc: Fix shost refcount mismatch when deleting vport - xfs: Don't allow logging of XFS_ISTALE inodes - f2fs: fix error path in do_recover_data() - PCI: Fix pci_create_slot() reference count leak - rtlwifi: rtl8192cu: Prevent leaking urb - [mips*] vdso: Fix resource leaks in genvdso.c - cec-api: prevent leaking memory through hole in structure - HID: quirks: add NOGET quirk for Logitech GROUP - f2fs: fix use-after-free issue - drm/nouveau/drm/noveau: fix reference count leak in nouveau_fbcon_open - drm/nouveau: fix reference count leak in nv50_disp_atomic_commit - drm/nouveau: Fix reference count leak in nouveau_connector_detect - btrfs: file: reserve qgroup space after the hole punch range is locked - scsi: iscsi: Do not put host in iscsi_set_flashnode_param() - ceph: fix potential mdsc use-after-free crash - scsi: fcoe: Memory leak fix in fcoe_sysfs_fcf_del() - [x86] EDAC/ie31200: Fallback if host bridge device is already initialized - [arm64] KVM: Fix symbol dependency in __hyp_call_panic_nvhe - USB: sisusbvga: Fix a potential UB casued by left shifting a negative value - [arm64] drm/msm/adreno: fix updating ring fence - nvme-fc: Fix wrong return value in __nvme_fc_init_request() - null_blk: fix passing of REQ_FUA flag in null_handle_rq - jbd2: make sure jh have b_transaction set in refile/unfile_buffer - ext4: don't BUG on inconsistent journal feature - ext4: handle read only external journal device - jbd2: abort journal if free a async write error metadata buffer - ext4: handle option set by mount flags correctly - ext4: handle error of ext4_setup_system_zone() on remount - ext4: correctly restore system zone info when remount fails - fs: prevent BUG_ON in submit_bh_wbc() - [s390x] cio: add cond_resched() in the slow_eval_known_fn() loop - scsi: fcoe: Fix I/O path allocation - scsi: ufs: Fix possible infinite loop in ufshcd_hold - scsi: ufs: Improve interrupt handling for shared interrupts - scsi: ufs: Clean up completed request without interrupt notification - scsi: qla2xxx: Check if FW supports MQ before enabling - scsi: qla2xxx: Fix null pointer access during disconnect from subsystem - Revert "scsi: qla2xxx: Fix crash on qla2x00_mailbox_command" - macvlan: validate setting of multiple remote source MAC addresses - [powerpc*] perf: Fix soft lockups due to missed interrupt accounting - block: loop: set discard granularity and alignment for block device backed loop - [arm64,x86] HID: i2c-hid: Always sleep 60ms after I2C_HID_PWR_ON commands - blk-mq: order adding requests to hctx->dispatch and checking SCHED_RESTART - btrfs: reset compression level for lzo on remount - btrfs: fix space cache memory leak after transaction abort - fbcon: prevent user font height or width change from causing potential out-of-bounds access - vt: defer kfree() of vc_screenbuf in vc_do_resize() - vt_ioctl: change VT_RESIZEX ioctl to check for error return from vc_resize() - [armhf] serial: samsung: Removes the IRQ not found warning - [arm*] serial: pl011: Fix oops on -EPROBE_DEFER - [arm*] serial: pl011: Don't leak amba_ports entry on driver register error - serial: 8250_exar: Fix number of ports for Commtech PCIe cards - serial: 8250: change lock order in serial8250_do_startup() - writeback: Protect inode->i_io_list with inode->i_lock - writeback: Avoid skipping inode writeback - writeback: Fix sync livelock due to b_dirty_time processing - XEN uses irqdesc::irq_data_common::handler_data to store a per interrupt XEN data pointer which contains XEN specific information. - usb: host: xhci: fix ep context print mismatch in debugfs - xhci: Do warm-reset when both CAS and XDEV_RESUME are set - xhci: Always restore EP_SOFT_CLEAR_TOGGLE even if ep reset failed - PM: sleep: core: Fix the handling of pending runtime resume requests - device property: Fix the secondary firmware node handling in set_primary_fwnode() - [x86] genirq/matrix: Deal with the sillyness of for_each_cpu() on UP - drm/amdgpu: Fix buffer overflow in INFO ioctl - USB: yurex: Fix bad gfp argument - USB: quirks: Add no-lpm quirk for another Raydium touchscreen - USB: quirks: Ignore duplicate endpoint on Sound Devices MixPre-D - [armhf] usb: host: ohci-exynos: Fix error handling in exynos_ohci_probe() - USB: gadget: f_ncm: add bounds checks to ncm_unwrap_ntb() - USB: cdc-acm: rework notification_buffer resizing - btrfs: check the right error variable in btrfs_del_dir_entries_in_log - [arm64,armhf] usb: dwc3: gadget: Don't setup more than requested - [arm64,armhf] usb: dwc3: gadget: Fix handling ZLP - [arm64,armhf] usb: dwc3: gadget: Handle ZLP for sg requests - [arm64,x86] tpm: Unify the mismatching TPM space buffer sizes - HID: hiddev: Fix slab-out-of-bounds write in hiddev_ioctl_usage() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.144 - HID: core: Correctly handle ReportSize being zero - HID: core: Sanitize event code and type when mapping input - scsi: target: tcmu: Fix size in calls to tcmu_flush_dcache_range - scsi: target: tcmu: Optimize use of flush_dcache_page - [arm64] drm/msm: add shutdown support for display platform_driver - [x86] hwmon: (applesmc) check status earlier. - nvmet: Disable keep-alive timer when kato is cleared to 0h - [arm64] drm/msm/a6xx: fix gmu start on newer firmware - ceph: don't allow setlease on cephfs - cpuidle: Fixup IRQ state - [s390x] don't trace preemption in percpu macros - xen/xenbus: Fix granting of vmalloc'd memory - dmaengine: of-dma: Fix of_dma_router_xlate's of_dma_xlate handling - batman-adv: Avoid uninitialized chaddr when handling DHCP - batman-adv: bla: use netif_rx_ni when not in interrupt context - [mips*] mm: BMIPS5000 has inclusive physical caches - netfilter: nf_tables: add NFTA_SET_USERDATA if not null - netfilter: nf_tables: incorrect enum nft_list_attributes definition - netfilter: nf_tables: fix destination register zeroing - [arm64] net: hns: Fix memleak in hns_nic_dev_probe - [arm64,armhf] dmaengine: pl330: Fix burst length if burst size is smaller than bus width - gtp: add GTPA_LINK info to msg sent to userspace - bnxt_en: Don't query FW when netif_running() is false. - bnxt_en: Check for zero dir entries in NVRAM. - bnxt_en: Fix PCI AER error recovery flow - bnxt_en: fix HWRM error when querying VF temperature - xfs: fix boundary test in xfs_attr_shortform_verify (CVE-2020-14385) - bnxt: don't enable NAPI until rings are ready - netfilter: nfnetlink: nfnetlink_unicast() reports EAGAIN instead of ENOBUFS - nvmet-fc: Fix a missed _irqsave version of spin_lock in 'nvmet_fc_fod_op_done()' - net: ethernet: mlx4: Fix memory allocation in mlx4_buddy_init() - fix regression in "epoll: Keep a reference on files added to the check list" - xfs: fix xfs_bmap_validate_extent_raw when checking attr fork of rt files - tg3: Fix soft lockup when tg3_reset_task() fails. - [amd64] x86, fakenuma: Fix invalid starting node ID - [amd64] iommu/vt-d: Serialize IOMMU GCMD register modifications - [armhf] thermal: ti-soc-thermal: Fix bogus thermal shutdowns for omap4430 - xfs: don't update mtime on COW faults - btrfs: drop path before adding new uuid tree entry - vfio/type1: Support faulting PFNMAP vmas - vfio-pci: Fault mmaps to enable vma tracking - vfio-pci: Invalidate mmaps and block MMIO access on disabled memory (CVE-2020-12888) - btrfs: Remove redundant extent_buffer_get in get_old_root - btrfs: Remove extraneous extent_buffer_get from tree_mod_log_rewind - btrfs: set the lockdep class for log tree extent buffers - uaccess: Add non-pagefault user-space read functions - uaccess: Add non-pagefault user-space write function - btrfs: fix potential deadlock in the search ioctl - net: usb: qmi_wwan: add Telit 0x1050 composition - usb: qmi_wwan: add D-Link DWM-222 A2 device ID - ALSA: ca0106: fix error code handling - ALSA: pcm: oss: Remove superfluous WARN_ON() for mulaw sanity check - [x86] ALSA: hda/hdmi: always check pin power status in i915 pin fixup - ALSA: firewire-digi00x: exclude Avid Adrenaline from detection - [x86] ALSA: hda - Fix silent audio output and corrupted input on MSI X570-A PRO - media: rc: do not access device via sysfs after rc_unregister_device() - media: rc: uevent sysfs file races with rc_unregister_device() - affs: fix basic permission bits to actually work - block: allow for_each_bvec to support zero len bvec - libata: implement ATA_HORKAGE_MAX_TRIM_128M and apply to Sandisks - dm writecache: handle DAX to partitions on persistent memory correctly - dm cache metadata: Avoid returning cmd->bm wild pointer on error - dm thin metadata: Avoid returning cmd->bm wild pointer on error - mm: slub: fix conversion of freelist_corrupted() - [arm64] KVM: Add kvm_extable for vaxorcism code - [arm64] KVM: Defer guest entry when an asynchronous exception is pending - [arm64] KVM: Survive synchronous exceptions caused by AT instructions - [arm64] KVM: Set HCR_EL2.PTW to prevent AT taking synchronous exception - vfio/pci: Fix SR-IOV VF handling with MMIO blocking - checkpatch: fix the usage of capture group ( ... ) - mm/hugetlb: fix a race between hugetlb sysctl handlers (CVE-2020-25285) - cfg80211: regulatory: reject invalid hints - net: usb: Fix uninit-was-stored issue in asix_read_phy_addr() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.145 - ALSA; firewire-tascam: exclude Tascam FE-8 from detection - block: ensure bdi->io_pages is always initialized - net: usb: dm9601: Add USB ID of Keenetic Plus DSL - sctp: not disable bh in the whole sctp_get_port_local() - tipc: fix shutdown() of connectionless socket - net: disable netpoll on fresh napis - [arm64,armhf] net/mlx5e: Don't support phys switch id if not in switchdev mode https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.146 - RDMA/rxe: Fix memleak in rxe_mem_init_user - RDMA/rxe: Drop pointless checks in rxe_init_ports - [armhf] drm/sun4i: Fix dsi dcs long write function - scsi: libsas: Set data_dir as DMA_NONE if libata marks qc as NODATA - RDMA/core: Fix reported speed and width - [arm64] mmc: sdhci-msm: Add retries when all tuning phases are found valid - [arm64,x86] dmaengine: acpi: Put the CSRT table after using it - netfilter: conntrack: allow sctp hearbeat after connection re-use - [x86] firestream: Fix memleak in fs_open - [arm64,armhf] ALSA: hda: Fix 2 channel swapping for Tegra - xfs: initialize the shortform attr header padding entry - nvme-fabrics: don't check state NVME_CTRL_NEW for request acceptance - nvme-rdma: serialize controller teardown sequences - HID: quirks: Set INCREMENT_USAGE_ON_DUPLICATE for all Saitek X52 devices - [ppc64el,x86] drivers/net/wan/hdlc_cisco: Add hard_header_len - HID: elan: Fix memleak in elan_input_configured - [x86] cpufreq: intel_pstate: Refuse to turn off with HWP enabled - [x86] cpufreq: intel_pstate: Fix intel_pstate_get_hwp_max() for turbo disabled - ALSA: hda: fix a runtime pm issue in SOF when integrated GPU is disabled - [amd64] iommu/amd: Do not use IOMMUv2 functionality when SME is active - [x86] iio:accel:bmc150-accel: Fix timestamp alignment and prevent data leak. - [x86] iio:magnetometer:ak8975 Fix alignment and data leak issues. - [armhf] iio:accel:mma8452: Fix timestamp alignment and prevent data leak. - [x86] staging: wlan-ng: fix out of bounds read in prism2sta_probe_usb() - btrfs: require only sector size alignment for parent eb bytenr - btrfs: fix lockdep splat in add_missing_dev - btrfs: fix wrong address when faulting in pages in the search ioctl - regulator: push allocation in set_consumer_device_supply() out of lock - scsi: target: iscsi: Fix data digest calculation - scsi: target: iscsi: Fix hang in iscsit_access_np() when getting tpg->np_login_sem - [arm64] drm/msm: Disable preemption on all 5xx targets - rbd: require global CAP_SYS_ADMIN for mapping and unmapping (CVE-2020-25284) - RDMA/rxe: Fix the parent sysfs read when the interface has 15 chars - vgacon: remove software scrollback support - fbcon: remove soft scrollback code (CVE-2020-14390) - fbcon: remove now unusued 'softback_lines' cursor() argument - [x86] KVM: VMX: Don't freeze guest when event delivery causes an APIC-access exit - [x86] video: fbdev: fix OOB read in vga_8planes_imageblit() - [arm64] phy: qcom-qmp: Use correct values for ipq8074 PCIe Gen2 PHY init - usb: core: fix slab-out-of-bounds Read in read_descriptors - USB: serial: ftdi_sio: add IDs for Xsens Mti USB converter - USB: serial: option: support dynamic Quectel USB compositions - USB: serial: option: add support for SIM7070/SIM7080/SIM7090 modules - usb: Fix out of sync data toggle if a configured device is reconfigured - [x86] usb: typec: ucsi: acpi: Check the _DEP dependencies . [ Salvatore Bonaccorso ] * Bump ABI to 11 * Drop 'Revert "mips: Add udelay lpj numbers adjustment"' * [rt] Update to 4.19.135-rt60 * [rt] Refresh "net: Use skbufhead with raw lock" for context changes in 4.19.136 * [rt] Refresh "timers: Prepare for full preemption" for context changes in 4.19.138 * [rt] Refresh "timers: Redo the notification of canceling timers on -RT" for context changes in 4.19.138 * [rt] Refresh "watchdog: prevent deferral of watchdogd wakeup on RT" for context changes in 4.19.141 * Refresh "net: ena: fix crash during ena_remove()" for context changes in 4.19.142 * [rt] Refresh "Split IRQ-off and zone->lock while freeing pages from PCP list #1" for context changes in 4.19.142 * ACPI: configfs: Disallow loading ACPI tables when locked down (CVE-2020-15780) * [rt] Update to 4.19.142-rt63 * net/packet: fix overflow in tpacket_rcv (CVE-2020-14386) * debian/tests/python: pycodestyle: Increase max-line-length to 100. * gfs2: initialize transaction tr_ailX_lists earlier (Closes: #968567) linux-signed-arm64 (4.19.146+1) buster; urgency=medium . * Sign kernel from linux 4.19.146-1 . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.133 - [s390x] KVM: s390: reduce number of IO pins to 1 - regmap: fix alignment issue - [arm64,armhf] drm/tegra: hub: Do not enable orphaned window group - [arm64,armhf] gpu: host1x: Detach driver on unregister - spi: spidev: fix a race between spidev_release and spidev_remove - spi: spidev: fix a potential use-after-free in spidev_release() - ixgbe: protect ring accesses with READ- and WRITE_ONCE - i40e: protect ring accesses with READ- and WRITE_ONCE - [x86] drm: panel-orientation-quirks: Add quirk for Asus T101HA panel - [x86] drm: panel-orientation-quirks: Use generic orientation-data for Acer S1003 - cifs: update ctime and mtime during truncate - [armhf] imx6: add missing put_device() call in imx6q_suspend_init() - scsi: mptscsih: Fix read sense data size - [arm64] usb: dwc3: pci: Fix reference count leak in dwc3_pci_resume_work - block: release bip in a right way in error path - nvme-rdma: assign completion vector correctly - [x86] entry: Increase entry_stack size to a full page - net: cxgb4: fix return error value in t4_prep_fw - smsc95xx: check return value of smsc95xx_reset - smsc95xx: avoid memory leak in smsc95xx_bind - [arm64] net: hns3: fix use-after-free when doing self test - [x86] ALSA: compress: fix partial_drain completion state - nbd: Fix memory leak in nbd_add_socket - cxgb4: fix all-mask IP address comparison - bnxt_en: fix NULL dereference in case SR-IOV configuration fails - [arm64] net: macb: mark device wake capable when "magic-packet" property present - ALSA: opl3: fix infoleak in opl3 - ALSA: hda - let hs_mic be picked ahead of hp_mic - ALSA: usb-audio: add quirk for MacroSilicon MS2109 - [arm64] KVM: Fix definition of PAGE_HYP_DEVICE - [arm64] KVM: Stop clobbering x0 for HVC_SOFT_RESTART - [x86] KVM: bit 8 of non-leaf PDPEs is not reserved - [x86] KVM: Inject #GP if guest attempts to toggle CR4.LA57 in 64-bit mode - [x86] KVM: Mark CR4.TSD as being possibly owned by the guest - kallsyms: Refactor kallsyms_show_value() to take cred - kernel: module: Use struct_size() helper - module: Refactor section attr into bin attribute - module: Do not expose section addresses to non-CAP_SYSLOG - kprobes: Do not expose probe addresses to non-CAP_SYSLOG - bpf: Check correct cred for CAP_SYSLOG in bpf_dump_raw_ok() - btrfs: fix fatal extent_buffer readahead vs releasepage race - drm/radeon: fix double free - dm: use noio when sending kobject event - [s390x] mm: fix huge pte soft dirty copying https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.134 - perf: Make perf able to build with latest libbfd - genetlink: remove genl_bind - ipv4: fill fl4_icmp_{type,code} in ping_v4_sendmsg - l2tp: remove skb_dst_set() from l2tp_xmit_skb() - llc: make sure applications use ARPHRD_ETHER - net: Added pointer check for dst->ops->neigh_lookup in dst_neigh_lookup_skb - net_sched: fix a memory leak in atm_tc_init() - net: usb: qmi_wwan: add support for Quectel EG95 LTE modem - tcp: fix SO_RCVLOWAT possible hangs under high mem pressure - tcp: make sure listeners don't initialize congestion-control state - tcp: md5: add missing memory barriers in tcp_md5_do_add()/tcp_md5_hash_key() - tcp: md5: do not send silly options in SYNCOOKIES - tcp: md5: refine tcp_md5_do_add()/tcp_md5_hash_key() barriers - tcp: md5: allow changing MD5 keys in all socket states - cgroup: fix cgroup_sk_alloc() for sk_clone_lock() (CVE-2020-14356) (Closes: #966846) - cgroup: Fix sock_cgroup_data on big-endian. - sched: consistently handle layer3 header accesses in the presence of VLANs - vlan: consolidate VLAN parsing code and limit max parsing depth - [arm64] drm/msm: fix potential memleak in error branch - [arm64] alternatives: use subsections for replacement sequences - [arm64,x86] tpm_tis: extra chip->ops check on error path in tpm_tis_core_init - gfs2: read-only mounts should grab the sd_freeze_gl glock - [i386] i2c: eg20t: Load module automatically if ID matches - [arm64] alternatives: don't patch up internal branches - [armhf] iio: mma8452: Add missed iio_device_unregister() call in mma8452_probe() - [armhf] net: dsa: bcm_sf2: Fix node reference count - of: of_mdio: Correct loop scanning logic - Revert "usb/ohci-platform: Fix a warning when hibernating" - [arm64,armhf] Revert "usb/xhci-plat: Set PM runtime as active on resume" - Revert "usb/ehci-platform: Set PM runtime as active on resume" - [arm64,armhf] net: sfp: add support for module quirks - [arm64,armhf] net: sfp: add some quirks for GPON modules - HID: quirks: Remove ITE 8595 entry from hid_have_special_driver - ALSA: usb-audio: Create a registration quirk for Kingston HyperX Amp (0951:16d8) - mmc: sdhci: do not enable card detect interrupt for gpio cd type - ALSA: usb-audio: Rewrite registration quirk handling - [x86] ACPI: video: Use native backlight on Acer Aspire 5783z - ALSA: usb-audio: Add registration quirk for Kingston HyperX Cloud Alpha S - [x86] ACPI: video: Use native backlight on Acer TravelMate 5735Z - ALSA: usb-audio: Add registration quirk for Kingston HyperX Cloud Flight S - [arm64,armhf] phy: sun4i-usb: fix dereference of pointer phy0 before it is null checked - [armhf] spi: spi-sun6i: sun6i_spi_transfer_one(): fix setting of clock rate - [x86] staging: comedi: verify array index is correct before using it - regmap: debugfs: Don't sleep while atomic for fast_io regmaps - [x86] copy_xstate_to_kernel: Fix typo which caused GDB regression - apparmor: ensure that dfa state tables have entries - perf stat: Zero all the 'ena' and 'run' array slot stats for interval mode - [armhf] mtd: rawnand: marvell: Use nand_cleanup() when the device is not yet registered - [armhf] mtd: rawnand: marvell: Fix probe error path - mtd: rawnand: timings: Fix default tR_max and tCCS_min timings - HID: magicmouse: do not set up autorepeat - HID: quirks: Always poll Obins Anne Pro 2 keyboard - HID: quirks: Ignore Simply Automated UPB PIM - ALSA: line6: Perform sanity check for each URB creation - ALSA: line6: Sync the pending work cancel at disconnection - ALSA: usb-audio: Fix race against the error recovery URB submission - [x86] ALSA: hda/realtek - change to suitable link model for ASUS platform - [x86] ALSA: hda/realtek - Enable Speaker for ASUS UX533 and UX534 - [arm*] usb: dwc2: Fix shutdown callback in platform - [arm64,armhf] usb: chipidea: core: add wakeup support for extcon - USB: serial: iuu_phoenix: fix memory corruption - USB: serial: cypress_m8: enable Simply Automated UPB PIM - USB: serial: ch341: add new Product ID for CH340 - USB: serial: option: add GosunCn GM500 series - USB: serial: option: add Quectel EG95 LTE modem - [x86] virt: vbox: Fix VBGL_IOCTL_VMMDEV_REQUEST_BIG and _LOG req numbers to match upstream - [x86] virt: vbox: Fix guest capabilities mask check - [arm64] virtio: virtio_console: add missing MODULE_DEVICE_TABLE() for rproc serial - ovl: inode reference leak in ovl_is_inuse true case. - ovl: relax WARN_ON() when decoding lower directory file handle - ovl: fix unneeded call to ovl_change_flags() - fuse: Fix parameter for FS_IOC_{GET,SET}FLAGS - Revert "zram: convert remaining CLASS_ATTR() to CLASS_ATTR_RO()" (CVE-2020-10781) - [x86] mei: bus: don't clean driver pointer - timer: Prevent base->clk from moving backward - timer: Fix wheel index calculation on last level - [mips*] Fix build for LTS kernel caused by backporting lpj adjustment - hwmon: (emc2103) fix unable to change fan pwm1_enable attribute - [powerpc*] book3s64/pkeys: Fix pkey_access_permitted() for execute disable pkey - [x86] intel_th: pci: Add Jasper Lake CPU support - [x86] intel_th: pci: Add Tiger Lake PCH-H support - [x86] intel_th: pci: Add Emmitsburg PCH support - [x86] intel_th: Fix a NULL dereference when hub driver is not loaded - [arm*] thermal/drivers/cpufreq_cooling: Fix wrong frequency converted from power - [arm64] ptrace: Override SPSR.SS when single-stepping is enabled - [arm64] ptrace: Consistently use pseudo-singlestep exceptions - [arm64] compat: Ensure upper 32 bits of x0 are zero on syscall return - sched: Fix unreliable rseq cpu_id for new tasks - sched/fair: handle case of task_h_load() returning 0 - genirq/affinity: Handle affinity setting on inactive interrupts correctly - printk: queue wake_up_klogd irq_work only if per-CPU areas are ready - libceph: don't omit recovery_deletes in target_copy() - rxrpc: Fix trace string https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.135 - mac80211: allow rx of mesh eapol frames with default rx key - scsi: scsi_transport_spi: Fix function pointer check - net: sky2: initialize return of gm_phy_read - drm/nouveau/i2c/g94-: increase NV_PMGR_DP_AUXCTL_TRANSACTREQ timeout - fuse: fix weird page warning - [x86] irqdomain/treewide: Keep firmware node unconditionally allocated - SUNRPC reverting d03727b248d0 ("NFSv4 fix CLOSE not waiting for direct IO compeletion") - tipc: clean up skb list lock handling on send path - IB/umem: fix reference count leak in ib_umem_odp_get() - uprobes: Change handle_swbp() to send SIGTRAP with si_code=SI_KERNEL, to fix GDB regression - ALSA: info: Drop WARN_ON() from buffer NULL sanity check - btrfs: fix double free on ulist after backref resolution failure - btrfs: fix mount failure caused by race with umount - btrfs: fix page leaks after failure to lock page for delalloc - bnxt_en: Fix race when modifying pause settings. - [x86] hippi: Fix a size used in a 'pci_free_consistent()' in an error handling path - ax88172a: fix ax88172a_unbind() failures - ieee802154: fix one possible memleak in adf7242_probe - [arm64,armhf] drm: sun4i: hdmi: Fix inverted HPD result - [arm64,armhf] net: smc91x: Fix possible memory leak in smc_drv_probe() - bonding: check error value of register_netdevice() immediately - qed: suppress "don't support RoCE & iWARP" flooding on HW init - ipvs: fix the connection sync failed in some cases - bonding: check return value of register_netdevice() in bond_newlink() - serial: exar: Fix GPIO configuration for Sealevel cards based on XR17V35X - [arm64,x86] HID: i2c-hid: add Mediacom FlexBook edge13 to descriptor override - HID: alps: support devices with report id 2 - HID: steam: fixes race in handling device list. - HID: apple: Disable Fn-key key-re-mapping on clone keyboards - [arm64] dmaengine: tegra210-adma: Fix runtime PM imbalance on error - Input: add `SW_MACHINE_COVER` - regmap: dev_get_regmap_match(): fix string comparison - hwmon: (aspeed-pwm-tacho) Avoid possible buffer overflow - [amd64] dmaengine: ioat setting ioat timeout as module parameter - [x86] Input: synaptics - enable InterTouch for ThinkPad X1E 1st gen - [arm64] Use test_tsk_thread_flag() for checking TIF_SINGLESTEP - [arm*] binder: Don't use mmput() from shrinker function. - usb: xhci: Fix ASM2142/ASM3142 DMA addressing - Revert "cifs: Fix the target file was deleted when rename failed." (Closes: #966917) - [x86] staging: wlan-ng: properly check endpoint types - [x86] staging: comedi: addi_apci_1032: check INSN_CONFIG_DIGITAL_TRIG shift - [x86] staging: comedi: ni_6527: fix INSN_CONFIG_DIGITAL_TRIG support - [x86] staging: comedi: addi_apci_1500: check INSN_CONFIG_DIGITAL_TRIG shift - [x86] staging: comedi: addi_apci_1564: check INSN_CONFIG_DIGITAL_TRIG shift - serial: 8250: fix null-ptr-deref in serial8250_start_tx() - fbdev: Detect integer underflow at "struct fbcon_ops"->clear_margins. - vt: Reject zero-sized screen buffer size. - mm/memcg: fix refcount error while moving and swapping - mm: memcg/slab: synchronize access to kmem_cache dying flag using a spinlock - mm: memcg/slab: fix memory leak at non-root kmem_cache destroy - io-mapping: indicate mapping failure - drm/amdgpu: Fix NULL dereference in dpm sysfs handlers - [x86] vmlinux.lds: Page-align end of ..page_aligned sections - [x86] ASoC: rt5670: Add new gpio1_is_ext_spk_en quirk and enable it on the Lenovo Miix 2 10 - dm integrity: fix integrity recalculation that is improperly skipped - ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb - ath9k: Fix regression with Atheros 9271 https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.136 - AX.25: Fix out-of-bounds read in ax25_connect() - AX.25: Prevent out-of-bounds read in ax25_sendmsg() - dev: Defer free of skbs in flush_backlog - ip6_gre: fix null-ptr-deref in ip6gre_init_net() - net-sysfs: add a newline when printing 'tx_timeout' by sysfs - net: udp: Fix wrong clean up for IS_UDPLITE macro - rxrpc: Fix sendmsg() returning EPIPE due to recvmsg() returning ENODATA - tcp: allow at most one TLP probe per flight - AX.25: Prevent integer overflows in connect and sendmsg - sctp: shrink stream outq only when new outcnt < old outcnt - sctp: shrink stream outq when fails to do addstream reconf - udp: Copy has_conns in reuseport_grow(). - udp: Improve load balancing for SO_REUSEPORT. - rtnetlink: Fix memory(net_device) leak when ->newlink fails - regmap: debugfs: check count when read regmap file https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.137 - [x86] crypto: ccp - Release all allocated memory if sha type is invalid (CVE-2019-18808) - media: rc: prevent memory leak in cx23888_ir_probe (CVE-2019-19054) - iio: imu: adis16400: fix memory leak (CVE-2019-19061) - [x86] drm/amdgpu: fix multiple memory leaks in acp_hw_init (CVE-2019-19067) - tracing: Have error path in predicate_parse() free its allocated memory (CVE-2019-19072) - ath9k_htc: release allocated buffer if timed out (CVE-2019-19073) - ath9k: release allocated buffer if timed out (CVE-2019-19074) - drm/amd/display: prevent memory leak (CVE-2019-19082) - btrfs: inode: Verify inode mode to avoid NULL pointer dereference (CVE-2019-19813, CVE-2019-19816) - sctp: implement memory accounting on tx path (CVE-2019-3874) - Btrfs: fix selftests failure due to uninitialized i_mode in test inodes - PCI/ASPM: Disable ASPM on ASMedia ASM1083/1085 PCIe-to-PCI bridge - 9p/trans_fd: Fix concurrency del of req_list in p9_fd_cancelled/p9_read_work - wireless: Use offsetof instead of custom macro. - [armel,armhf] 8986/1: hw_breakpoint: Don't invoke overflow handler on uaccess watchpoints - Revert "drm/amdgpu: Fix NULL dereference in dpm sysfs handlers" - drm/amdgpu: Prevent kernel-infoleak in amdgpu_info_ioctl() - drm: hold gem reference until object is no longer accessed - rds: Prevent kernel-infoleak in rds_notify_queue_get() - xfs: fix missed wakeup on l_flush_wait - xfrm: Fix crash when the hold queue is used. - net/mlx5: Verify Hardware supports requested ptp function on a given pin - net: lan78xx: add missing endpoint sanity check - net: lan78xx: fix transfer-buffer memory leak - mlx4: disable device on shutdown - bpf: Fix map leak in HASH_OF_MAPS map - mac80211: mesh: Free ie data when leaving mesh - mac80211: mesh: Free pending skb when destroying a mpath - [arm64] alternatives: move length validation inside the subsection - [arm64] csum: Fix handling of bad packets - Bluetooth: fix kernel oops in store_pending_adv_report - net/mlx5e: fix bpf_prog reference count leaks in mlx5e_alloc_rq - qed: Disable "MFW indication via attention" SPAM every 5 minutes - [amd64] x86/unwind/orc: Fix ORC for newly forked tasks - cxgb4: add missing release on skb in uld_send() - xen-netfront: fix potential deadlock in xennet_remove() - [x86] KVM: LAPIC: Prevent setting the tscdeadline timer if the lapic is hw disabled - [x86] i8259: Use printk_deferred() to prevent deadlock https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.138 - random32: update the net random state on interrupt and activity (CVE-2020-16166) - [armel] ARM: percpu.h: fix build error - random: fix circular include dependency on arm64 after addition of percpu.h - random32: remove net_rand_state from the latent entropy gcc plugin - random32: move the pseudo-random 32-bit definitions to prandom.h - ext4: fix direct I/O read error https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.139 - USB: serial: qcserial: add EM7305 QDL product ID - USB: iowarrior: fix up report size handling for some devices - usb: xhci: define IDs for various ASMedia host controllers - usb: xhci: Fix ASMedia ASM1142 DMA addressing - Revert "ALSA: hda: call runtime_allow() for all hda controllers" - [arm*] staging: android: ashmem: Fix lockdep warning for write operation - Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt() - Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_evt() - Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_with_rssi_evt() - [arm*] binder: Prevent context manager from incrementing ref 0 - vgacon: Fix for missing check in scrollback handling (CVE-2020-14331) - mtd: properly check all write ioctls for permissions - net/9p: validate fds in p9_fd_open - drm/nouveau/fbcon: fix module unload when fbcon init has failed for some reason - drm/nouveau/fbcon: zero-initialise the mode_cmd2 structure - usb: hso: check for return value in hso_serial_common_create() - firmware: Fix a reference count leak. - cfg80211: check vendor command doit pointer before use - igb: reinit_locked() should be called with rtnl_lock - atm: fix atm_dev refcnt leaks in atmtcp_remove_persistent - tools lib traceevent: Fix memory leak in process_dynamic_array_len - [x86] Drivers: hv: vmbus: Ignore CHANNELMSG_TL_CONNECT_RESULT(23) - xattr: break delegations in {set,remove}xattr - ipv4: Silence suspicious RCU usage warning - ipv6: fix memory leaks on IPV6_ADDRFORM path - vxlan: Ensure FDB dump is performed under RCU - net: lan78xx: replace bogus endpoint lookup - [x86] hv_netvsc: do not use VF device if link is down - net: gre: recompute gre csum for sctp over gre tunnels - [arm64] net: thunderx: use spin_lock_bh in nicvf_set_rx_mode_task() - openvswitch: Prevent kernel-infoleak in ovs_ct_put_key() - Revert "vxlan: fix tos value before xmit" - rxrpc: Fix race between recvmsg and sendmsg on immediate call failure - i40e: add num_vectors checker in iwarp handler - i40e: Wrong truncation from u16 to u8 - i40e: Fix of memory leak and integer truncation in i40e_virtchnl.c - i40e: Memory leak in i40e_config_iwarp_qvlist https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.140 - tracepoint: Mark __tracepoint_string's __used - HID: input: Fix devices that return multiple bytes in battery report - cgroup: add missing skcd->no_refcnt check in cgroup_sk_clone() - [x86] mce/inject: Fix a wrong assignment of i_mce.status - sched/fair: Fix NOHZ next idle balance - sched: correct SD_flags returned by tl->sd_flags() - EDAC: Fix reference count leaks - [x86] platform/x86: intel-hid: Fix return value check in check_acpi_dev() - [x86] platform/x86: intel-vbtn: Fix return value check in check_acpi_dev() - [armhf] drm/tilcdc: fix leak & null ref in panel_connector_get_modes - Bluetooth: add a mutex lock to avoid UAF in do_enale_set - loop: be paranoid on exit and prevent new additions / removals - fs/btrfs: Add cond_resched() for try_release_extent_mapping() stalls - drm/amdgpu: avoid dereferencing a NULL pointer - drm/radeon: Fix reference count leaks caused by pm_runtime_get_sync - [x86] crypto: aesni - Fix build with LLVM_IAS=1 - video: fbdev: neofb: fix memory leak in neo_scan_monitor() - md-cluster: fix wild pointer of unlock_all_bitmaps() - [arm64] dts: hisilicon: hikey: fixes to comply with adi, adv7533 DT binding - [armhf] drm/etnaviv: fix ref count leak via pm_runtime_get_sync - drm/nouveau: fix multiple instances of reference count leaks - drm/debugfs: fix plain echo to connector "force" attribute - drm/radeon: disable AGP by default - mm/mmap.c: Add cond_resched() for exit_mmap() CPU stalls - brcmfmac: keep SDIO watchdog running when console_interval is non-zero - brcmfmac: To fix Bss Info flag definition Bug - brcmfmac: set state of hanger slot to FREE when flushing PSQ - iwlegacy: Check the return value of pcie_capability_read_*() - [arm64,armhf] gpu: host1x: debug: Fix multiple channels emitting messages simultaneously - usb: gadget: net2280: fix memory leak on probe error handling paths - dyndbg: fix a BUG_ON in ddebug_describe_flags - bcache: fix super block seq numbers comparision in register_cache_set() - [arm64,x86] ACPICA: Do not increment operation_region reference counts for field units - [arm64] drm/msm: ratelimit crtc event overflow error - [x86] agp/intel: Fix a memory leak on module initialisation failure - ath10k: Acquire tx_lock in tx error paths - [armhf] drm/etnaviv: Fix error path on failure to enable bus clk - [arm64] drm/arm: fix unintentional integer overflow on left shift - drm/mipi: use dcs write for mipi_dsi_dcs_set_tear_scanline - [powerpc*] cxl: Fix kobject memleak - drm/radeon: fix array out-of-bounds read and write issues - ipvs: allow connection reuse for unconfirmed conntrack - xfs: don't eat an EIO/ENOSPC writeback error when scrubbing data fork - xfs: fix reflink quota reservation accounting error - RDMA/rxe: Skip dgid check in loopback mode - PCI: Fix pci_cfg_wait queue locking problem - leds: core: Flush scheduled work for system suspend - [arm64,armhf] drm: panel: simple: Fix bpc for LG LB070WV8 panel - [armhf] phy: exynos5-usbdrd: Calibrating makes sense only for USB2.0 PHY - scsi: scsi_debug: Add check for sdebug_max_queue during module init - mwifiex: Prevent memory corruption handling keys - [powerpc*] vdso: Fix vdso cpu truncation - RDMA/qedr: SRQ's bug fixes - RDMA/rxe: Prevent access to wr->next ptr afrer wr is posted to send queue - [x86] staging: rtl8192u: fix a dubious looking mask before a shift - PCI/ASPM: Add missing newline in sysfs 'policy' - [powerpc*] book3s64/pkeys: Use PVR check instead of cpu feature - USB: serial: iuu_phoenix: fix led-activity helpers - usb: core: fix quirks_param_set() writing to a const pointer - [armhf] thermal: ti-soc-thermal: Fix reversed condition in ti_thermal_expose_sensor() - [mips*] OCTEON: add missing put_device() call in dwc3_octeon_device_init() - [arm*] usb: dwc2: Fix error path in gadget registration - [arm64,armhf] net: dsa: mv88e6xxx: MV88E6097 does not support jumbo configuration - RDMA/core: Fix return error value in _ib_modify_qp() to negative - Bluetooth: hci_h5: Set HCI_UART_RESET_ON_INIT to correct flags - Bluetooth: hci_serdev: Only unregister device if it was registered - [x86] PCI: Release IVRS table in AMD ACS quirk - [s390x] qeth: don't process empty bridge port events - [arm64,armhf] wl1251: fix always return 0 error - [amd64] net: ethernet: aquantia: Fix wrong return value - liquidio: Fix wrong return value in cn23xx_get_pf_num() - dlm: Fix kobject memleak - ocfs2: fix unbalanced locking - [arm64,armhf] pinctrl-single: fix pcs_parse_pinconf() return value - svcrdma: Fix page leak in svc_rdma_recv_read_chunk() - [x86] fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task - [amd64] crypto: aesni - add compatibility with IAS - af_packet: TPACKET_V3: fix fill status rwlock imbalance - net/nfc/rawsock.c: add CAP_NET_RAW check. - net: Set fput_needed iff FDPUT_FPUT is set - net: refactor bind_bucket fastreuse into helper - net: initialize fastreuse on inet_inherit_port - USB: serial: cp210x: re-enable auto-RTS on open - USB: serial: cp210x: enable usb generic throttle/unthrottle - [x86] ALSA: hda - fix the micmute led status for Lenovo ThinkCentre AIO - ALSA: usb-audio: Creative USB X-Fi Pro SB1095 volume knob support - ALSA: usb-audio: fix overeager device match for MacroSilicon MS2109 - ALSA: usb-audio: work around streaming quirk for MacroSilicon MS2109 - [x86] crypto: qat - fix double free in qat_uclo_create_batch_init_list - [x86] crypto: ccp - Fix use of merged scatterlists - [arm64] crypto: cpt - don't sleep of CRYPTO_TFM_REQ_MAY_SLEEP was not specified - bitfield.h: don't compile-time validate _val in FIELD_FIT - fs/minix: check return value of sb_getblk() - fs/minix: don't allow getting deleted inodes - fs/minix: reject too-large maximum file size - ALSA: usb-audio: add quirk for Pioneer DDJ-RB - 9p: Fix memory leak in v9fs_mount - drm/ttm/nouveau: don't call tt destroy callback on alloc failure. - NFS: Don't move layouts to plh_return_segs list while in use - NFS: Don't return layout segments that are in use - [arm64] cpufreq: dt: fix oops on armada37xx - include/asm-generic/vmlinux.lds.h: align ro_after_init - spi: spidev: Align buffers for DMA - [x86] irqdomain/treewide: Free firmware node after domain removal - xen/balloon: fix accounting in alloc_xenballooned_pages error path - xen/balloon: make the balloon wait interruptible https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.141 - smb3: warn on confusing error scenario with sec=krb5 - genirq/affinity: Make affinity setting if activated opt-in - [arm64,x86] PCI: hotplug: ACPI: Fix context refcounting in acpiphp_grab_context() - PCI: Mark AMD Navi10 GPU rev 0x00 ATS as broken - PCI: Add device even if driver attach failed - [arm64] PCI: qcom: Define some PARF params needed for ipq8064 SoC - [arm64] PCI: qcom: Add support for tx term offset for rev 2.1.0 - PCI: Probe bridge window attributes once at enumeration-time - btrfs: free anon block device right after subvolume deletion - btrfs: don't allocate anonymous block device for user invisible roots - btrfs: ref-verify: fix memory leak in add_block_entry - btrfs: don't traverse into the seed devices in show_devname - btrfs: open device without device_list_mutex - btrfs: fix messages after changing compression level by remount - btrfs: only search for left_info if there is no right_info in try_merge_free_space (CVE-2019-19448) - btrfs: fix memory leaks after failure to lookup checksums during inode logging - btrfs: fix return value mixup in btrfs_get_extent - cifs: Fix leak when handling lease break for cached root fid - [powerpc*] Allow 4224 bytes of stack expansion for the signal frame - [powerpc*] Fix circular dependency between percpu.h and mmu.h - [arm64] net: ethernet: stmmac: Disable hardware multicast filter - [arm64,armhf] net: stmmac: dwmac1000: provide multicast filter fallback - net/compat: Add missing sock updates for SCM_RIGHTS - md/raid5: Fix Force reconstruct-write io stuck in degraded raid5 - bcache: allocate meta data pages as compound pages - bcache: fix overflow in offset_to_stripe() - mac80211: fix misplaced while instead of if - driver core: Avoid binding drivers to dead devices - [mips*] CPU#0 is not hotpluggable - ocfs2: change slot number type s16 to u16 - mm/page_counter.c: fix protection usage propagation - ftrace: Setup correct FTRACE_FL_REGS flags for module - kprobes: Fix NULL pointer dereference at kprobe_ftrace_handler - tracing/hwlat: Honor the tracing_cpumask - tracing: Use trace_sched_process_free() instead of exit() for pid tracing - [x86] watchdog: f71808e_wdt: indicate WDIOF_CARDRESET support in watchdog_info.options - [x86] watchdog: f71808e_wdt: remove use of wrong watchdog_info option - [x86] watchdog: f71808e_wdt: clear watchdog timeout occurred flag - [powerpc*] pseries: Fix 64 bit logical memory block panic - module: Correctly truncate sysfs sections output - [armhf] drm/imx: imx-ldb: Disable both channels for split mode in enc->disable() - RDMA/ipoib: Return void from ipoib_ib_dev_stop() - RDMA/ipoib: Fix ABBA deadlock with ipoib_reap_ah() - USB: serial: ftdi_sio: make process-packet buffer unsigned - USB: serial: ftdi_sio: clean up receive processing - [armhf] gpu: ipu-v3: image-convert: Combine rotate/no-rotate irq handlers - dm rq: don't call blk_mq_queue_stopped() in dm_stop_queue() - [amd64] iommu/vt-d: Enforce PASID devTLB field mask - scsi: lpfc: nvmet: Avoid hang / use-after-free again when destroying targetport - watchdog: initialize device before misc_register - Input: sentelic - fix error return when fsp_reg_write fails - [x86] drm/vmwgfx: Use correct vmw_legacy_display_unit pointer - [x86] drm/vmwgfx: Fix two list_for_each loop exit tests - [arm64] net: qcom/emac: add missed clk_disable_unprepare in error path of emac_clks_phase1_init - nfs: Fix getxattr kernel panic and memory overflow (CVE-2020-25212) - fs/minix: set s_maxbytes correctly - fs/minix: fix block limit check for V1 filesystems - fs/minix: remove expected error message in block_to_path() - fs/ufs: avoid potential u32 multiplication overflow - khugepaged: retract_page_tables() remember to test exit - [arm64] dts: marvell: espressobin: add ethernet alias - [x86] drm: Added orientation quirk for ASUS tablet model T103HAF https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.142 - drm/vgem: Replace opencoded version of drm_gem_dumb_map_offset() - perf probe: Fix memory leakage when the probe point is not found - khugepaged: khugepaged_test_exit() check mmget_still_valid() - khugepaged: adjust VM_BUG_ON_MM() in __khugepaged_enter() - btrfs: export helpers for subvolume name/id resolution - btrfs: don't show full path of bind mounts in subvol= - btrfs: Move free_pages_out label in inline extent handling branch in compress_file_range - btrfs: inode: fix NULL pointer dereference if inode doesn't need compression - btrfs: sysfs: use NOFS for device creation - romfs: fix uninitialized memory leak in romfs_dev_read() - kernel/relay.c: fix memleak on destroy relay channel - mm: include CMA pages in lowmem_reserve at boot - mm, page_alloc: fix core hung in free_pcppages_bulk() - ext4: fix checking of directory entry validity for inline directories - jbd2: add the missing unlock_buffer() in the error path of jbd2_write_superblock() - [s390x] scsi: zfcp: Fix use-after-free in request timeout handlers - kthread: Do not preempt current task if it is going to call schedule() - spi: Prevent adding devices below an unregistering controller - scsi: ufs: Add DELAY_BEFORE_LPM quirk for Micron devices - [arm*] scsi: target: tcmu: Fix crash in tcmu_flush_dcache_range on ARM - media: budget-core: Improve exception handling in budget_register() - Input: psmouse - add a newline when printing 'proto' by sysfs - svcrdma: Fix another Receive buffer leak - xfs: fix inode quota reservation checks - jffs2: fix UAF problem - ceph: fix use-after-free for fsc->mdsc - [x86] cpufreq: intel_pstate: Fix cpuinfo_max_freq when MSR_TURBO_RATIO_LIMIT is 0 - scsi: libfc: Free skb in fc_disc_gpn_id_resp() for valid cases - virtio_ring: Avoid loop when vq is broken in virtqueue_poll - xfs: Fix UBSAN null-ptr-deref in xfs_sysfs_init - fs/signalfd.c: fix inconsistent return codes for signalfd4 - ext4: fix potential negative array index in do_split() (CVE-2020-14314) - ext4: don't allow overlapping system zones - i40e: Set RX_ONLY mode for unicast promiscuous on VLAN - i40e: Fix crash during removing i40e driver - [armhf] net: fec: correct the error path for regulator disable in probe - bonding: show saner speed for broadcast mode - bonding: fix a potential double-unregister - [s390x] runtime_instrumentation: fix storage key handling - [s390x] ptrace: fix storage key handling - [x86] ASoC: intel: Fix memleak in sst_media_open - [amd64,arm64] vfio/type1: Add proper error unwind for vfio_iommu_replay() - [x86] kvm: Toggling CR4.SMAP does not load PDPTEs in PAE mode - [x86] kvm: Toggling CR4.PKE does not load PDPTEs in PAE mode - efi: avoid error message when booting under Xen - afs: Fix NULL deref in afs_dynroot_depopulate() - bonding: fix active-backup failover for current ARP slave - net: ena: Prevent reset after device destruction - [x86] hv_netvsc: Fix the queue_mapping in netvsc_vf_xmit() - [armhf] net: dsa: b53: check for timeout - [powerpc*] pseries: Do not initiate shutdown when system is running on UPS - efi: add missed destroy_workqueue when efisubsys_init fails - epoll: Keep a reference on files added to the check list - do_epoll_ctl(): clean the failure exits up a bit - mm/hugetlb: fix calculation of adjust_range_if_pmd_sharing_possible - xen: don't reschedule in preemption off sections - clk: Evict unregistered clks from parent caches - KVM: Pass MMU notifier range flags to kvm_unmap_hva_range() - [arm64] KVM: Only reschedule if MMU_NOTIFIER_RANGE_BLOCKABLE is not set https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.143 - [powerpc*] 64s: Don't init FSCR_DSCR in __init_FSCR() - gre6: Fix reception with IP6_TNL_F_RCV_DSCP_COPY - net: Fix potential wrong skb->protocol in skb_vlan_untag() - net/smc: Prevent kernel-infoleak in __smc_diag_dump() - tipc: fix uninit skb->data in tipc_nl_compat_dumpit() - net: ena: Make missed_tx stat incremental - ipvlan: fix device features - [x86] mfd: intel-lpss: Add Intel Emmitsburg PCH PCI IDs - [powerpc*] xive: Ignore kmemleak false positives - media: pci: ttpci: av7110: fix possible buffer overflow caused by bad DMA value in debiirq() - blktrace: ensure our debugfs dir exists - scsi: target: tcmu: Fix crash on ARM during cmd completion - [arm*] iommu/iova: Don't BUG on invalid PFNs - [amd64] drm/amdkfd: Fix reference count leaks. - drm/radeon: fix multiple reference count leak - drm/amdgpu: fix ref count leak in amdgpu_driver_open_kms - drm/amd/display: fix ref count leak in amdgpu_drm_ioctl - drm/amdgpu: fix ref count leak in amdgpu_display_crtc_set_config - drm/amdgpu/display: fix ref count leak when pm_runtime_get_sync fails - scsi: lpfc: Fix shost refcount mismatch when deleting vport - xfs: Don't allow logging of XFS_ISTALE inodes - f2fs: fix error path in do_recover_data() - PCI: Fix pci_create_slot() reference count leak - rtlwifi: rtl8192cu: Prevent leaking urb - [mips*] vdso: Fix resource leaks in genvdso.c - cec-api: prevent leaking memory through hole in structure - HID: quirks: add NOGET quirk for Logitech GROUP - f2fs: fix use-after-free issue - drm/nouveau/drm/noveau: fix reference count leak in nouveau_fbcon_open - drm/nouveau: fix reference count leak in nv50_disp_atomic_commit - drm/nouveau: Fix reference count leak in nouveau_connector_detect - btrfs: file: reserve qgroup space after the hole punch range is locked - scsi: iscsi: Do not put host in iscsi_set_flashnode_param() - ceph: fix potential mdsc use-after-free crash - scsi: fcoe: Memory leak fix in fcoe_sysfs_fcf_del() - [x86] EDAC/ie31200: Fallback if host bridge device is already initialized - [arm64] KVM: Fix symbol dependency in __hyp_call_panic_nvhe - USB: sisusbvga: Fix a potential UB casued by left shifting a negative value - [arm64] drm/msm/adreno: fix updating ring fence - nvme-fc: Fix wrong return value in __nvme_fc_init_request() - null_blk: fix passing of REQ_FUA flag in null_handle_rq - jbd2: make sure jh have b_transaction set in refile/unfile_buffer - ext4: don't BUG on inconsistent journal feature - ext4: handle read only external journal device - jbd2: abort journal if free a async write error metadata buffer - ext4: handle option set by mount flags correctly - ext4: handle error of ext4_setup_system_zone() on remount - ext4: correctly restore system zone info when remount fails - fs: prevent BUG_ON in submit_bh_wbc() - [s390x] cio: add cond_resched() in the slow_eval_known_fn() loop - scsi: fcoe: Fix I/O path allocation - scsi: ufs: Fix possible infinite loop in ufshcd_hold - scsi: ufs: Improve interrupt handling for shared interrupts - scsi: ufs: Clean up completed request without interrupt notification - scsi: qla2xxx: Check if FW supports MQ before enabling - scsi: qla2xxx: Fix null pointer access during disconnect from subsystem - Revert "scsi: qla2xxx: Fix crash on qla2x00_mailbox_command" - macvlan: validate setting of multiple remote source MAC addresses - [powerpc*] perf: Fix soft lockups due to missed interrupt accounting - block: loop: set discard granularity and alignment for block device backed loop - [arm64,x86] HID: i2c-hid: Always sleep 60ms after I2C_HID_PWR_ON commands - blk-mq: order adding requests to hctx->dispatch and checking SCHED_RESTART - btrfs: reset compression level for lzo on remount - btrfs: fix space cache memory leak after transaction abort - fbcon: prevent user font height or width change from causing potential out-of-bounds access - vt: defer kfree() of vc_screenbuf in vc_do_resize() - vt_ioctl: change VT_RESIZEX ioctl to check for error return from vc_resize() - [armhf] serial: samsung: Removes the IRQ not found warning - [arm*] serial: pl011: Fix oops on -EPROBE_DEFER - [arm*] serial: pl011: Don't leak amba_ports entry on driver register error - serial: 8250_exar: Fix number of ports for Commtech PCIe cards - serial: 8250: change lock order in serial8250_do_startup() - writeback: Protect inode->i_io_list with inode->i_lock - writeback: Avoid skipping inode writeback - writeback: Fix sync livelock due to b_dirty_time processing - XEN uses irqdesc::irq_data_common::handler_data to store a per interrupt XEN data pointer which contains XEN specific information. - usb: host: xhci: fix ep context print mismatch in debugfs - xhci: Do warm-reset when both CAS and XDEV_RESUME are set - xhci: Always restore EP_SOFT_CLEAR_TOGGLE even if ep reset failed - PM: sleep: core: Fix the handling of pending runtime resume requests - device property: Fix the secondary firmware node handling in set_primary_fwnode() - [x86] genirq/matrix: Deal with the sillyness of for_each_cpu() on UP - drm/amdgpu: Fix buffer overflow in INFO ioctl - USB: yurex: Fix bad gfp argument - USB: quirks: Add no-lpm quirk for another Raydium touchscreen - USB: quirks: Ignore duplicate endpoint on Sound Devices MixPre-D - [armhf] usb: host: ohci-exynos: Fix error handling in exynos_ohci_probe() - USB: gadget: f_ncm: add bounds checks to ncm_unwrap_ntb() - USB: cdc-acm: rework notification_buffer resizing - btrfs: check the right error variable in btrfs_del_dir_entries_in_log - [arm64,armhf] usb: dwc3: gadget: Don't setup more than requested - [arm64,armhf] usb: dwc3: gadget: Fix handling ZLP - [arm64,armhf] usb: dwc3: gadget: Handle ZLP for sg requests - [arm64,x86] tpm: Unify the mismatching TPM space buffer sizes - HID: hiddev: Fix slab-out-of-bounds write in hiddev_ioctl_usage() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.144 - HID: core: Correctly handle ReportSize being zero - HID: core: Sanitize event code and type when mapping input - scsi: target: tcmu: Fix size in calls to tcmu_flush_dcache_range - scsi: target: tcmu: Optimize use of flush_dcache_page - [arm64] drm/msm: add shutdown support for display platform_driver - [x86] hwmon: (applesmc) check status earlier. - nvmet: Disable keep-alive timer when kato is cleared to 0h - [arm64] drm/msm/a6xx: fix gmu start on newer firmware - ceph: don't allow setlease on cephfs - cpuidle: Fixup IRQ state - [s390x] don't trace preemption in percpu macros - xen/xenbus: Fix granting of vmalloc'd memory - dmaengine: of-dma: Fix of_dma_router_xlate's of_dma_xlate handling - batman-adv: Avoid uninitialized chaddr when handling DHCP - batman-adv: bla: use netif_rx_ni when not in interrupt context - [mips*] mm: BMIPS5000 has inclusive physical caches - netfilter: nf_tables: add NFTA_SET_USERDATA if not null - netfilter: nf_tables: incorrect enum nft_list_attributes definition - netfilter: nf_tables: fix destination register zeroing - [arm64] net: hns: Fix memleak in hns_nic_dev_probe - [arm64,armhf] dmaengine: pl330: Fix burst length if burst size is smaller than bus width - gtp: add GTPA_LINK info to msg sent to userspace - bnxt_en: Don't query FW when netif_running() is false. - bnxt_en: Check for zero dir entries in NVRAM. - bnxt_en: Fix PCI AER error recovery flow - bnxt_en: fix HWRM error when querying VF temperature - xfs: fix boundary test in xfs_attr_shortform_verify (CVE-2020-14385) - bnxt: don't enable NAPI until rings are ready - netfilter: nfnetlink: nfnetlink_unicast() reports EAGAIN instead of ENOBUFS - nvmet-fc: Fix a missed _irqsave version of spin_lock in 'nvmet_fc_fod_op_done()' - net: ethernet: mlx4: Fix memory allocation in mlx4_buddy_init() - fix regression in "epoll: Keep a reference on files added to the check list" - xfs: fix xfs_bmap_validate_extent_raw when checking attr fork of rt files - tg3: Fix soft lockup when tg3_reset_task() fails. - [amd64] x86, fakenuma: Fix invalid starting node ID - [amd64] iommu/vt-d: Serialize IOMMU GCMD register modifications - [armhf] thermal: ti-soc-thermal: Fix bogus thermal shutdowns for omap4430 - xfs: don't update mtime on COW faults - btrfs: drop path before adding new uuid tree entry - vfio/type1: Support faulting PFNMAP vmas - vfio-pci: Fault mmaps to enable vma tracking - vfio-pci: Invalidate mmaps and block MMIO access on disabled memory (CVE-2020-12888) - btrfs: Remove redundant extent_buffer_get in get_old_root - btrfs: Remove extraneous extent_buffer_get from tree_mod_log_rewind - btrfs: set the lockdep class for log tree extent buffers - uaccess: Add non-pagefault user-space read functions - uaccess: Add non-pagefault user-space write function - btrfs: fix potential deadlock in the search ioctl - net: usb: qmi_wwan: add Telit 0x1050 composition - usb: qmi_wwan: add D-Link DWM-222 A2 device ID - ALSA: ca0106: fix error code handling - ALSA: pcm: oss: Remove superfluous WARN_ON() for mulaw sanity check - [x86] ALSA: hda/hdmi: always check pin power status in i915 pin fixup - ALSA: firewire-digi00x: exclude Avid Adrenaline from detection - [x86] ALSA: hda - Fix silent audio output and corrupted input on MSI X570-A PRO - media: rc: do not access device via sysfs after rc_unregister_device() - media: rc: uevent sysfs file races with rc_unregister_device() - affs: fix basic permission bits to actually work - block: allow for_each_bvec to support zero len bvec - libata: implement ATA_HORKAGE_MAX_TRIM_128M and apply to Sandisks - dm writecache: handle DAX to partitions on persistent memory correctly - dm cache metadata: Avoid returning cmd->bm wild pointer on error - dm thin metadata: Avoid returning cmd->bm wild pointer on error - mm: slub: fix conversion of freelist_corrupted() - [arm64] KVM: Add kvm_extable for vaxorcism code - [arm64] KVM: Defer guest entry when an asynchronous exception is pending - [arm64] KVM: Survive synchronous exceptions caused by AT instructions - [arm64] KVM: Set HCR_EL2.PTW to prevent AT taking synchronous exception - vfio/pci: Fix SR-IOV VF handling with MMIO blocking - checkpatch: fix the usage of capture group ( ... ) - mm/hugetlb: fix a race between hugetlb sysctl handlers (CVE-2020-25285) - cfg80211: regulatory: reject invalid hints - net: usb: Fix uninit-was-stored issue in asix_read_phy_addr() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.145 - ALSA; firewire-tascam: exclude Tascam FE-8 from detection - block: ensure bdi->io_pages is always initialized - net: usb: dm9601: Add USB ID of Keenetic Plus DSL - sctp: not disable bh in the whole sctp_get_port_local() - tipc: fix shutdown() of connectionless socket - net: disable netpoll on fresh napis - [arm64,armhf] net/mlx5e: Don't support phys switch id if not in switchdev mode https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.146 - RDMA/rxe: Fix memleak in rxe_mem_init_user - RDMA/rxe: Drop pointless checks in rxe_init_ports - [armhf] drm/sun4i: Fix dsi dcs long write function - scsi: libsas: Set data_dir as DMA_NONE if libata marks qc as NODATA - RDMA/core: Fix reported speed and width - [arm64] mmc: sdhci-msm: Add retries when all tuning phases are found valid - [arm64,x86] dmaengine: acpi: Put the CSRT table after using it - netfilter: conntrack: allow sctp hearbeat after connection re-use - [x86] firestream: Fix memleak in fs_open - [arm64,armhf] ALSA: hda: Fix 2 channel swapping for Tegra - xfs: initialize the shortform attr header padding entry - nvme-fabrics: don't check state NVME_CTRL_NEW for request acceptance - nvme-rdma: serialize controller teardown sequences - HID: quirks: Set INCREMENT_USAGE_ON_DUPLICATE for all Saitek X52 devices - [ppc64el,x86] drivers/net/wan/hdlc_cisco: Add hard_header_len - HID: elan: Fix memleak in elan_input_configured - [x86] cpufreq: intel_pstate: Refuse to turn off with HWP enabled - [x86] cpufreq: intel_pstate: Fix intel_pstate_get_hwp_max() for turbo disabled - ALSA: hda: fix a runtime pm issue in SOF when integrated GPU is disabled - [amd64] iommu/amd: Do not use IOMMUv2 functionality when SME is active - [x86] iio:accel:bmc150-accel: Fix timestamp alignment and prevent data leak. - [x86] iio:magnetometer:ak8975 Fix alignment and data leak issues. - [armhf] iio:accel:mma8452: Fix timestamp alignment and prevent data leak. - [x86] staging: wlan-ng: fix out of bounds read in prism2sta_probe_usb() - btrfs: require only sector size alignment for parent eb bytenr - btrfs: fix lockdep splat in add_missing_dev - btrfs: fix wrong address when faulting in pages in the search ioctl - regulator: push allocation in set_consumer_device_supply() out of lock - scsi: target: iscsi: Fix data digest calculation - scsi: target: iscsi: Fix hang in iscsit_access_np() when getting tpg->np_login_sem - [arm64] drm/msm: Disable preemption on all 5xx targets - rbd: require global CAP_SYS_ADMIN for mapping and unmapping (CVE-2020-25284) - RDMA/rxe: Fix the parent sysfs read when the interface has 15 chars - vgacon: remove software scrollback support - fbcon: remove soft scrollback code (CVE-2020-14390) - fbcon: remove now unusued 'softback_lines' cursor() argument - [x86] KVM: VMX: Don't freeze guest when event delivery causes an APIC-access exit - [x86] video: fbdev: fix OOB read in vga_8planes_imageblit() - [arm64] phy: qcom-qmp: Use correct values for ipq8074 PCIe Gen2 PHY init - usb: core: fix slab-out-of-bounds Read in read_descriptors - USB: serial: ftdi_sio: add IDs for Xsens Mti USB converter - USB: serial: option: support dynamic Quectel USB compositions - USB: serial: option: add support for SIM7070/SIM7080/SIM7090 modules - usb: Fix out of sync data toggle if a configured device is reconfigured - [x86] usb: typec: ucsi: acpi: Check the _DEP dependencies . [ Salvatore Bonaccorso ] * Bump ABI to 11 * Drop 'Revert "mips: Add udelay lpj numbers adjustment"' * [rt] Update to 4.19.135-rt60 * [rt] Refresh "net: Use skbufhead with raw lock" for context changes in 4.19.136 * [rt] Refresh "timers: Prepare for full preemption" for context changes in 4.19.138 * [rt] Refresh "timers: Redo the notification of canceling timers on -RT" for context changes in 4.19.138 * [rt] Refresh "watchdog: prevent deferral of watchdogd wakeup on RT" for context changes in 4.19.141 * Refresh "net: ena: fix crash during ena_remove()" for context changes in 4.19.142 * [rt] Refresh "Split IRQ-off and zone->lock while freeing pages from PCP list #1" for context changes in 4.19.142 * ACPI: configfs: Disallow loading ACPI tables when locked down (CVE-2020-15780) * [rt] Update to 4.19.142-rt63 * net/packet: fix overflow in tpacket_rcv (CVE-2020-14386) * debian/tests/python: pycodestyle: Increase max-line-length to 100. * gfs2: initialize transaction tr_ailX_lists earlier (Closes: #968567) linux-signed-i386 (4.19.146+1) buster; urgency=medium . * Sign kernel from linux 4.19.146-1 . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.133 - [s390x] KVM: s390: reduce number of IO pins to 1 - regmap: fix alignment issue - [arm64,armhf] drm/tegra: hub: Do not enable orphaned window group - [arm64,armhf] gpu: host1x: Detach driver on unregister - spi: spidev: fix a race between spidev_release and spidev_remove - spi: spidev: fix a potential use-after-free in spidev_release() - ixgbe: protect ring accesses with READ- and WRITE_ONCE - i40e: protect ring accesses with READ- and WRITE_ONCE - [x86] drm: panel-orientation-quirks: Add quirk for Asus T101HA panel - [x86] drm: panel-orientation-quirks: Use generic orientation-data for Acer S1003 - cifs: update ctime and mtime during truncate - [armhf] imx6: add missing put_device() call in imx6q_suspend_init() - scsi: mptscsih: Fix read sense data size - [arm64] usb: dwc3: pci: Fix reference count leak in dwc3_pci_resume_work - block: release bip in a right way in error path - nvme-rdma: assign completion vector correctly - [x86] entry: Increase entry_stack size to a full page - net: cxgb4: fix return error value in t4_prep_fw - smsc95xx: check return value of smsc95xx_reset - smsc95xx: avoid memory leak in smsc95xx_bind - [arm64] net: hns3: fix use-after-free when doing self test - [x86] ALSA: compress: fix partial_drain completion state - nbd: Fix memory leak in nbd_add_socket - cxgb4: fix all-mask IP address comparison - bnxt_en: fix NULL dereference in case SR-IOV configuration fails - [arm64] net: macb: mark device wake capable when "magic-packet" property present - ALSA: opl3: fix infoleak in opl3 - ALSA: hda - let hs_mic be picked ahead of hp_mic - ALSA: usb-audio: add quirk for MacroSilicon MS2109 - [arm64] KVM: Fix definition of PAGE_HYP_DEVICE - [arm64] KVM: Stop clobbering x0 for HVC_SOFT_RESTART - [x86] KVM: bit 8 of non-leaf PDPEs is not reserved - [x86] KVM: Inject #GP if guest attempts to toggle CR4.LA57 in 64-bit mode - [x86] KVM: Mark CR4.TSD as being possibly owned by the guest - kallsyms: Refactor kallsyms_show_value() to take cred - kernel: module: Use struct_size() helper - module: Refactor section attr into bin attribute - module: Do not expose section addresses to non-CAP_SYSLOG - kprobes: Do not expose probe addresses to non-CAP_SYSLOG - bpf: Check correct cred for CAP_SYSLOG in bpf_dump_raw_ok() - btrfs: fix fatal extent_buffer readahead vs releasepage race - drm/radeon: fix double free - dm: use noio when sending kobject event - [s390x] mm: fix huge pte soft dirty copying https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.134 - perf: Make perf able to build with latest libbfd - genetlink: remove genl_bind - ipv4: fill fl4_icmp_{type,code} in ping_v4_sendmsg - l2tp: remove skb_dst_set() from l2tp_xmit_skb() - llc: make sure applications use ARPHRD_ETHER - net: Added pointer check for dst->ops->neigh_lookup in dst_neigh_lookup_skb - net_sched: fix a memory leak in atm_tc_init() - net: usb: qmi_wwan: add support for Quectel EG95 LTE modem - tcp: fix SO_RCVLOWAT possible hangs under high mem pressure - tcp: make sure listeners don't initialize congestion-control state - tcp: md5: add missing memory barriers in tcp_md5_do_add()/tcp_md5_hash_key() - tcp: md5: do not send silly options in SYNCOOKIES - tcp: md5: refine tcp_md5_do_add()/tcp_md5_hash_key() barriers - tcp: md5: allow changing MD5 keys in all socket states - cgroup: fix cgroup_sk_alloc() for sk_clone_lock() (CVE-2020-14356) (Closes: #966846) - cgroup: Fix sock_cgroup_data on big-endian. - sched: consistently handle layer3 header accesses in the presence of VLANs - vlan: consolidate VLAN parsing code and limit max parsing depth - [arm64] drm/msm: fix potential memleak in error branch - [arm64] alternatives: use subsections for replacement sequences - [arm64,x86] tpm_tis: extra chip->ops check on error path in tpm_tis_core_init - gfs2: read-only mounts should grab the sd_freeze_gl glock - [i386] i2c: eg20t: Load module automatically if ID matches - [arm64] alternatives: don't patch up internal branches - [armhf] iio: mma8452: Add missed iio_device_unregister() call in mma8452_probe() - [armhf] net: dsa: bcm_sf2: Fix node reference count - of: of_mdio: Correct loop scanning logic - Revert "usb/ohci-platform: Fix a warning when hibernating" - [arm64,armhf] Revert "usb/xhci-plat: Set PM runtime as active on resume" - Revert "usb/ehci-platform: Set PM runtime as active on resume" - [arm64,armhf] net: sfp: add support for module quirks - [arm64,armhf] net: sfp: add some quirks for GPON modules - HID: quirks: Remove ITE 8595 entry from hid_have_special_driver - ALSA: usb-audio: Create a registration quirk for Kingston HyperX Amp (0951:16d8) - mmc: sdhci: do not enable card detect interrupt for gpio cd type - ALSA: usb-audio: Rewrite registration quirk handling - [x86] ACPI: video: Use native backlight on Acer Aspire 5783z - ALSA: usb-audio: Add registration quirk for Kingston HyperX Cloud Alpha S - [x86] ACPI: video: Use native backlight on Acer TravelMate 5735Z - ALSA: usb-audio: Add registration quirk for Kingston HyperX Cloud Flight S - [arm64,armhf] phy: sun4i-usb: fix dereference of pointer phy0 before it is null checked - [armhf] spi: spi-sun6i: sun6i_spi_transfer_one(): fix setting of clock rate - [x86] staging: comedi: verify array index is correct before using it - regmap: debugfs: Don't sleep while atomic for fast_io regmaps - [x86] copy_xstate_to_kernel: Fix typo which caused GDB regression - apparmor: ensure that dfa state tables have entries - perf stat: Zero all the 'ena' and 'run' array slot stats for interval mode - [armhf] mtd: rawnand: marvell: Use nand_cleanup() when the device is not yet registered - [armhf] mtd: rawnand: marvell: Fix probe error path - mtd: rawnand: timings: Fix default tR_max and tCCS_min timings - HID: magicmouse: do not set up autorepeat - HID: quirks: Always poll Obins Anne Pro 2 keyboard - HID: quirks: Ignore Simply Automated UPB PIM - ALSA: line6: Perform sanity check for each URB creation - ALSA: line6: Sync the pending work cancel at disconnection - ALSA: usb-audio: Fix race against the error recovery URB submission - [x86] ALSA: hda/realtek - change to suitable link model for ASUS platform - [x86] ALSA: hda/realtek - Enable Speaker for ASUS UX533 and UX534 - [arm*] usb: dwc2: Fix shutdown callback in platform - [arm64,armhf] usb: chipidea: core: add wakeup support for extcon - USB: serial: iuu_phoenix: fix memory corruption - USB: serial: cypress_m8: enable Simply Automated UPB PIM - USB: serial: ch341: add new Product ID for CH340 - USB: serial: option: add GosunCn GM500 series - USB: serial: option: add Quectel EG95 LTE modem - [x86] virt: vbox: Fix VBGL_IOCTL_VMMDEV_REQUEST_BIG and _LOG req numbers to match upstream - [x86] virt: vbox: Fix guest capabilities mask check - [arm64] virtio: virtio_console: add missing MODULE_DEVICE_TABLE() for rproc serial - ovl: inode reference leak in ovl_is_inuse true case. - ovl: relax WARN_ON() when decoding lower directory file handle - ovl: fix unneeded call to ovl_change_flags() - fuse: Fix parameter for FS_IOC_{GET,SET}FLAGS - Revert "zram: convert remaining CLASS_ATTR() to CLASS_ATTR_RO()" (CVE-2020-10781) - [x86] mei: bus: don't clean driver pointer - timer: Prevent base->clk from moving backward - timer: Fix wheel index calculation on last level - [mips*] Fix build for LTS kernel caused by backporting lpj adjustment - hwmon: (emc2103) fix unable to change fan pwm1_enable attribute - [powerpc*] book3s64/pkeys: Fix pkey_access_permitted() for execute disable pkey - [x86] intel_th: pci: Add Jasper Lake CPU support - [x86] intel_th: pci: Add Tiger Lake PCH-H support - [x86] intel_th: pci: Add Emmitsburg PCH support - [x86] intel_th: Fix a NULL dereference when hub driver is not loaded - [arm*] thermal/drivers/cpufreq_cooling: Fix wrong frequency converted from power - [arm64] ptrace: Override SPSR.SS when single-stepping is enabled - [arm64] ptrace: Consistently use pseudo-singlestep exceptions - [arm64] compat: Ensure upper 32 bits of x0 are zero on syscall return - sched: Fix unreliable rseq cpu_id for new tasks - sched/fair: handle case of task_h_load() returning 0 - genirq/affinity: Handle affinity setting on inactive interrupts correctly - printk: queue wake_up_klogd irq_work only if per-CPU areas are ready - libceph: don't omit recovery_deletes in target_copy() - rxrpc: Fix trace string https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.135 - mac80211: allow rx of mesh eapol frames with default rx key - scsi: scsi_transport_spi: Fix function pointer check - net: sky2: initialize return of gm_phy_read - drm/nouveau/i2c/g94-: increase NV_PMGR_DP_AUXCTL_TRANSACTREQ timeout - fuse: fix weird page warning - [x86] irqdomain/treewide: Keep firmware node unconditionally allocated - SUNRPC reverting d03727b248d0 ("NFSv4 fix CLOSE not waiting for direct IO compeletion") - tipc: clean up skb list lock handling on send path - IB/umem: fix reference count leak in ib_umem_odp_get() - uprobes: Change handle_swbp() to send SIGTRAP with si_code=SI_KERNEL, to fix GDB regression - ALSA: info: Drop WARN_ON() from buffer NULL sanity check - btrfs: fix double free on ulist after backref resolution failure - btrfs: fix mount failure caused by race with umount - btrfs: fix page leaks after failure to lock page for delalloc - bnxt_en: Fix race when modifying pause settings. - [x86] hippi: Fix a size used in a 'pci_free_consistent()' in an error handling path - ax88172a: fix ax88172a_unbind() failures - ieee802154: fix one possible memleak in adf7242_probe - [arm64,armhf] drm: sun4i: hdmi: Fix inverted HPD result - [arm64,armhf] net: smc91x: Fix possible memory leak in smc_drv_probe() - bonding: check error value of register_netdevice() immediately - qed: suppress "don't support RoCE & iWARP" flooding on HW init - ipvs: fix the connection sync failed in some cases - bonding: check return value of register_netdevice() in bond_newlink() - serial: exar: Fix GPIO configuration for Sealevel cards based on XR17V35X - [arm64,x86] HID: i2c-hid: add Mediacom FlexBook edge13 to descriptor override - HID: alps: support devices with report id 2 - HID: steam: fixes race in handling device list. - HID: apple: Disable Fn-key key-re-mapping on clone keyboards - [arm64] dmaengine: tegra210-adma: Fix runtime PM imbalance on error - Input: add `SW_MACHINE_COVER` - regmap: dev_get_regmap_match(): fix string comparison - hwmon: (aspeed-pwm-tacho) Avoid possible buffer overflow - [amd64] dmaengine: ioat setting ioat timeout as module parameter - [x86] Input: synaptics - enable InterTouch for ThinkPad X1E 1st gen - [arm64] Use test_tsk_thread_flag() for checking TIF_SINGLESTEP - [arm*] binder: Don't use mmput() from shrinker function. - usb: xhci: Fix ASM2142/ASM3142 DMA addressing - Revert "cifs: Fix the target file was deleted when rename failed." (Closes: #966917) - [x86] staging: wlan-ng: properly check endpoint types - [x86] staging: comedi: addi_apci_1032: check INSN_CONFIG_DIGITAL_TRIG shift - [x86] staging: comedi: ni_6527: fix INSN_CONFIG_DIGITAL_TRIG support - [x86] staging: comedi: addi_apci_1500: check INSN_CONFIG_DIGITAL_TRIG shift - [x86] staging: comedi: addi_apci_1564: check INSN_CONFIG_DIGITAL_TRIG shift - serial: 8250: fix null-ptr-deref in serial8250_start_tx() - fbdev: Detect integer underflow at "struct fbcon_ops"->clear_margins. - vt: Reject zero-sized screen buffer size. - mm/memcg: fix refcount error while moving and swapping - mm: memcg/slab: synchronize access to kmem_cache dying flag using a spinlock - mm: memcg/slab: fix memory leak at non-root kmem_cache destroy - io-mapping: indicate mapping failure - drm/amdgpu: Fix NULL dereference in dpm sysfs handlers - [x86] vmlinux.lds: Page-align end of ..page_aligned sections - [x86] ASoC: rt5670: Add new gpio1_is_ext_spk_en quirk and enable it on the Lenovo Miix 2 10 - dm integrity: fix integrity recalculation that is improperly skipped - ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb - ath9k: Fix regression with Atheros 9271 https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.136 - AX.25: Fix out-of-bounds read in ax25_connect() - AX.25: Prevent out-of-bounds read in ax25_sendmsg() - dev: Defer free of skbs in flush_backlog - ip6_gre: fix null-ptr-deref in ip6gre_init_net() - net-sysfs: add a newline when printing 'tx_timeout' by sysfs - net: udp: Fix wrong clean up for IS_UDPLITE macro - rxrpc: Fix sendmsg() returning EPIPE due to recvmsg() returning ENODATA - tcp: allow at most one TLP probe per flight - AX.25: Prevent integer overflows in connect and sendmsg - sctp: shrink stream outq only when new outcnt < old outcnt - sctp: shrink stream outq when fails to do addstream reconf - udp: Copy has_conns in reuseport_grow(). - udp: Improve load balancing for SO_REUSEPORT. - rtnetlink: Fix memory(net_device) leak when ->newlink fails - regmap: debugfs: check count when read regmap file https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.137 - [x86] crypto: ccp - Release all allocated memory if sha type is invalid (CVE-2019-18808) - media: rc: prevent memory leak in cx23888_ir_probe (CVE-2019-19054) - iio: imu: adis16400: fix memory leak (CVE-2019-19061) - [x86] drm/amdgpu: fix multiple memory leaks in acp_hw_init (CVE-2019-19067) - tracing: Have error path in predicate_parse() free its allocated memory (CVE-2019-19072) - ath9k_htc: release allocated buffer if timed out (CVE-2019-19073) - ath9k: release allocated buffer if timed out (CVE-2019-19074) - drm/amd/display: prevent memory leak (CVE-2019-19082) - btrfs: inode: Verify inode mode to avoid NULL pointer dereference (CVE-2019-19813, CVE-2019-19816) - sctp: implement memory accounting on tx path (CVE-2019-3874) - Btrfs: fix selftests failure due to uninitialized i_mode in test inodes - PCI/ASPM: Disable ASPM on ASMedia ASM1083/1085 PCIe-to-PCI bridge - 9p/trans_fd: Fix concurrency del of req_list in p9_fd_cancelled/p9_read_work - wireless: Use offsetof instead of custom macro. - [armel,armhf] 8986/1: hw_breakpoint: Don't invoke overflow handler on uaccess watchpoints - Revert "drm/amdgpu: Fix NULL dereference in dpm sysfs handlers" - drm/amdgpu: Prevent kernel-infoleak in amdgpu_info_ioctl() - drm: hold gem reference until object is no longer accessed - rds: Prevent kernel-infoleak in rds_notify_queue_get() - xfs: fix missed wakeup on l_flush_wait - xfrm: Fix crash when the hold queue is used. - net/mlx5: Verify Hardware supports requested ptp function on a given pin - net: lan78xx: add missing endpoint sanity check - net: lan78xx: fix transfer-buffer memory leak - mlx4: disable device on shutdown - bpf: Fix map leak in HASH_OF_MAPS map - mac80211: mesh: Free ie data when leaving mesh - mac80211: mesh: Free pending skb when destroying a mpath - [arm64] alternatives: move length validation inside the subsection - [arm64] csum: Fix handling of bad packets - Bluetooth: fix kernel oops in store_pending_adv_report - net/mlx5e: fix bpf_prog reference count leaks in mlx5e_alloc_rq - qed: Disable "MFW indication via attention" SPAM every 5 minutes - [amd64] x86/unwind/orc: Fix ORC for newly forked tasks - cxgb4: add missing release on skb in uld_send() - xen-netfront: fix potential deadlock in xennet_remove() - [x86] KVM: LAPIC: Prevent setting the tscdeadline timer if the lapic is hw disabled - [x86] i8259: Use printk_deferred() to prevent deadlock https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.138 - random32: update the net random state on interrupt and activity (CVE-2020-16166) - [armel] ARM: percpu.h: fix build error - random: fix circular include dependency on arm64 after addition of percpu.h - random32: remove net_rand_state from the latent entropy gcc plugin - random32: move the pseudo-random 32-bit definitions to prandom.h - ext4: fix direct I/O read error https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.139 - USB: serial: qcserial: add EM7305 QDL product ID - USB: iowarrior: fix up report size handling for some devices - usb: xhci: define IDs for various ASMedia host controllers - usb: xhci: Fix ASMedia ASM1142 DMA addressing - Revert "ALSA: hda: call runtime_allow() for all hda controllers" - [arm*] staging: android: ashmem: Fix lockdep warning for write operation - Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt() - Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_evt() - Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_with_rssi_evt() - [arm*] binder: Prevent context manager from incrementing ref 0 - vgacon: Fix for missing check in scrollback handling (CVE-2020-14331) - mtd: properly check all write ioctls for permissions - net/9p: validate fds in p9_fd_open - drm/nouveau/fbcon: fix module unload when fbcon init has failed for some reason - drm/nouveau/fbcon: zero-initialise the mode_cmd2 structure - usb: hso: check for return value in hso_serial_common_create() - firmware: Fix a reference count leak. - cfg80211: check vendor command doit pointer before use - igb: reinit_locked() should be called with rtnl_lock - atm: fix atm_dev refcnt leaks in atmtcp_remove_persistent - tools lib traceevent: Fix memory leak in process_dynamic_array_len - [x86] Drivers: hv: vmbus: Ignore CHANNELMSG_TL_CONNECT_RESULT(23) - xattr: break delegations in {set,remove}xattr - ipv4: Silence suspicious RCU usage warning - ipv6: fix memory leaks on IPV6_ADDRFORM path - vxlan: Ensure FDB dump is performed under RCU - net: lan78xx: replace bogus endpoint lookup - [x86] hv_netvsc: do not use VF device if link is down - net: gre: recompute gre csum for sctp over gre tunnels - [arm64] net: thunderx: use spin_lock_bh in nicvf_set_rx_mode_task() - openvswitch: Prevent kernel-infoleak in ovs_ct_put_key() - Revert "vxlan: fix tos value before xmit" - rxrpc: Fix race between recvmsg and sendmsg on immediate call failure - i40e: add num_vectors checker in iwarp handler - i40e: Wrong truncation from u16 to u8 - i40e: Fix of memory leak and integer truncation in i40e_virtchnl.c - i40e: Memory leak in i40e_config_iwarp_qvlist https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.140 - tracepoint: Mark __tracepoint_string's __used - HID: input: Fix devices that return multiple bytes in battery report - cgroup: add missing skcd->no_refcnt check in cgroup_sk_clone() - [x86] mce/inject: Fix a wrong assignment of i_mce.status - sched/fair: Fix NOHZ next idle balance - sched: correct SD_flags returned by tl->sd_flags() - EDAC: Fix reference count leaks - [x86] platform/x86: intel-hid: Fix return value check in check_acpi_dev() - [x86] platform/x86: intel-vbtn: Fix return value check in check_acpi_dev() - [armhf] drm/tilcdc: fix leak & null ref in panel_connector_get_modes - Bluetooth: add a mutex lock to avoid UAF in do_enale_set - loop: be paranoid on exit and prevent new additions / removals - fs/btrfs: Add cond_resched() for try_release_extent_mapping() stalls - drm/amdgpu: avoid dereferencing a NULL pointer - drm/radeon: Fix reference count leaks caused by pm_runtime_get_sync - [x86] crypto: aesni - Fix build with LLVM_IAS=1 - video: fbdev: neofb: fix memory leak in neo_scan_monitor() - md-cluster: fix wild pointer of unlock_all_bitmaps() - [arm64] dts: hisilicon: hikey: fixes to comply with adi, adv7533 DT binding - [armhf] drm/etnaviv: fix ref count leak via pm_runtime_get_sync - drm/nouveau: fix multiple instances of reference count leaks - drm/debugfs: fix plain echo to connector "force" attribute - drm/radeon: disable AGP by default - mm/mmap.c: Add cond_resched() for exit_mmap() CPU stalls - brcmfmac: keep SDIO watchdog running when console_interval is non-zero - brcmfmac: To fix Bss Info flag definition Bug - brcmfmac: set state of hanger slot to FREE when flushing PSQ - iwlegacy: Check the return value of pcie_capability_read_*() - [arm64,armhf] gpu: host1x: debug: Fix multiple channels emitting messages simultaneously - usb: gadget: net2280: fix memory leak on probe error handling paths - dyndbg: fix a BUG_ON in ddebug_describe_flags - bcache: fix super block seq numbers comparision in register_cache_set() - [arm64,x86] ACPICA: Do not increment operation_region reference counts for field units - [arm64] drm/msm: ratelimit crtc event overflow error - [x86] agp/intel: Fix a memory leak on module initialisation failure - ath10k: Acquire tx_lock in tx error paths - [armhf] drm/etnaviv: Fix error path on failure to enable bus clk - [arm64] drm/arm: fix unintentional integer overflow on left shift - drm/mipi: use dcs write for mipi_dsi_dcs_set_tear_scanline - [powerpc*] cxl: Fix kobject memleak - drm/radeon: fix array out-of-bounds read and write issues - ipvs: allow connection reuse for unconfirmed conntrack - xfs: don't eat an EIO/ENOSPC writeback error when scrubbing data fork - xfs: fix reflink quota reservation accounting error - RDMA/rxe: Skip dgid check in loopback mode - PCI: Fix pci_cfg_wait queue locking problem - leds: core: Flush scheduled work for system suspend - [arm64,armhf] drm: panel: simple: Fix bpc for LG LB070WV8 panel - [armhf] phy: exynos5-usbdrd: Calibrating makes sense only for USB2.0 PHY - scsi: scsi_debug: Add check for sdebug_max_queue during module init - mwifiex: Prevent memory corruption handling keys - [powerpc*] vdso: Fix vdso cpu truncation - RDMA/qedr: SRQ's bug fixes - RDMA/rxe: Prevent access to wr->next ptr afrer wr is posted to send queue - [x86] staging: rtl8192u: fix a dubious looking mask before a shift - PCI/ASPM: Add missing newline in sysfs 'policy' - [powerpc*] book3s64/pkeys: Use PVR check instead of cpu feature - USB: serial: iuu_phoenix: fix led-activity helpers - usb: core: fix quirks_param_set() writing to a const pointer - [armhf] thermal: ti-soc-thermal: Fix reversed condition in ti_thermal_expose_sensor() - [mips*] OCTEON: add missing put_device() call in dwc3_octeon_device_init() - [arm*] usb: dwc2: Fix error path in gadget registration - [arm64,armhf] net: dsa: mv88e6xxx: MV88E6097 does not support jumbo configuration - RDMA/core: Fix return error value in _ib_modify_qp() to negative - Bluetooth: hci_h5: Set HCI_UART_RESET_ON_INIT to correct flags - Bluetooth: hci_serdev: Only unregister device if it was registered - [x86] PCI: Release IVRS table in AMD ACS quirk - [s390x] qeth: don't process empty bridge port events - [arm64,armhf] wl1251: fix always return 0 error - [amd64] net: ethernet: aquantia: Fix wrong return value - liquidio: Fix wrong return value in cn23xx_get_pf_num() - dlm: Fix kobject memleak - ocfs2: fix unbalanced locking - [arm64,armhf] pinctrl-single: fix pcs_parse_pinconf() return value - svcrdma: Fix page leak in svc_rdma_recv_read_chunk() - [x86] fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task - [amd64] crypto: aesni - add compatibility with IAS - af_packet: TPACKET_V3: fix fill status rwlock imbalance - net/nfc/rawsock.c: add CAP_NET_RAW check. - net: Set fput_needed iff FDPUT_FPUT is set - net: refactor bind_bucket fastreuse into helper - net: initialize fastreuse on inet_inherit_port - USB: serial: cp210x: re-enable auto-RTS on open - USB: serial: cp210x: enable usb generic throttle/unthrottle - [x86] ALSA: hda - fix the micmute led status for Lenovo ThinkCentre AIO - ALSA: usb-audio: Creative USB X-Fi Pro SB1095 volume knob support - ALSA: usb-audio: fix overeager device match for MacroSilicon MS2109 - ALSA: usb-audio: work around streaming quirk for MacroSilicon MS2109 - [x86] crypto: qat - fix double free in qat_uclo_create_batch_init_list - [x86] crypto: ccp - Fix use of merged scatterlists - [arm64] crypto: cpt - don't sleep of CRYPTO_TFM_REQ_MAY_SLEEP was not specified - bitfield.h: don't compile-time validate _val in FIELD_FIT - fs/minix: check return value of sb_getblk() - fs/minix: don't allow getting deleted inodes - fs/minix: reject too-large maximum file size - ALSA: usb-audio: add quirk for Pioneer DDJ-RB - 9p: Fix memory leak in v9fs_mount - drm/ttm/nouveau: don't call tt destroy callback on alloc failure. - NFS: Don't move layouts to plh_return_segs list while in use - NFS: Don't return layout segments that are in use - [arm64] cpufreq: dt: fix oops on armada37xx - include/asm-generic/vmlinux.lds.h: align ro_after_init - spi: spidev: Align buffers for DMA - [x86] irqdomain/treewide: Free firmware node after domain removal - xen/balloon: fix accounting in alloc_xenballooned_pages error path - xen/balloon: make the balloon wait interruptible https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.141 - smb3: warn on confusing error scenario with sec=krb5 - genirq/affinity: Make affinity setting if activated opt-in - [arm64,x86] PCI: hotplug: ACPI: Fix context refcounting in acpiphp_grab_context() - PCI: Mark AMD Navi10 GPU rev 0x00 ATS as broken - PCI: Add device even if driver attach failed - [arm64] PCI: qcom: Define some PARF params needed for ipq8064 SoC - [arm64] PCI: qcom: Add support for tx term offset for rev 2.1.0 - PCI: Probe bridge window attributes once at enumeration-time - btrfs: free anon block device right after subvolume deletion - btrfs: don't allocate anonymous block device for user invisible roots - btrfs: ref-verify: fix memory leak in add_block_entry - btrfs: don't traverse into the seed devices in show_devname - btrfs: open device without device_list_mutex - btrfs: fix messages after changing compression level by remount - btrfs: only search for left_info if there is no right_info in try_merge_free_space (CVE-2019-19448) - btrfs: fix memory leaks after failure to lookup checksums during inode logging - btrfs: fix return value mixup in btrfs_get_extent - cifs: Fix leak when handling lease break for cached root fid - [powerpc*] Allow 4224 bytes of stack expansion for the signal frame - [powerpc*] Fix circular dependency between percpu.h and mmu.h - [arm64] net: ethernet: stmmac: Disable hardware multicast filter - [arm64,armhf] net: stmmac: dwmac1000: provide multicast filter fallback - net/compat: Add missing sock updates for SCM_RIGHTS - md/raid5: Fix Force reconstruct-write io stuck in degraded raid5 - bcache: allocate meta data pages as compound pages - bcache: fix overflow in offset_to_stripe() - mac80211: fix misplaced while instead of if - driver core: Avoid binding drivers to dead devices - [mips*] CPU#0 is not hotpluggable - ocfs2: change slot number type s16 to u16 - mm/page_counter.c: fix protection usage propagation - ftrace: Setup correct FTRACE_FL_REGS flags for module - kprobes: Fix NULL pointer dereference at kprobe_ftrace_handler - tracing/hwlat: Honor the tracing_cpumask - tracing: Use trace_sched_process_free() instead of exit() for pid tracing - [x86] watchdog: f71808e_wdt: indicate WDIOF_CARDRESET support in watchdog_info.options - [x86] watchdog: f71808e_wdt: remove use of wrong watchdog_info option - [x86] watchdog: f71808e_wdt: clear watchdog timeout occurred flag - [powerpc*] pseries: Fix 64 bit logical memory block panic - module: Correctly truncate sysfs sections output - [armhf] drm/imx: imx-ldb: Disable both channels for split mode in enc->disable() - RDMA/ipoib: Return void from ipoib_ib_dev_stop() - RDMA/ipoib: Fix ABBA deadlock with ipoib_reap_ah() - USB: serial: ftdi_sio: make process-packet buffer unsigned - USB: serial: ftdi_sio: clean up receive processing - [armhf] gpu: ipu-v3: image-convert: Combine rotate/no-rotate irq handlers - dm rq: don't call blk_mq_queue_stopped() in dm_stop_queue() - [amd64] iommu/vt-d: Enforce PASID devTLB field mask - scsi: lpfc: nvmet: Avoid hang / use-after-free again when destroying targetport - watchdog: initialize device before misc_register - Input: sentelic - fix error return when fsp_reg_write fails - [x86] drm/vmwgfx: Use correct vmw_legacy_display_unit pointer - [x86] drm/vmwgfx: Fix two list_for_each loop exit tests - [arm64] net: qcom/emac: add missed clk_disable_unprepare in error path of emac_clks_phase1_init - nfs: Fix getxattr kernel panic and memory overflow (CVE-2020-25212) - fs/minix: set s_maxbytes correctly - fs/minix: fix block limit check for V1 filesystems - fs/minix: remove expected error message in block_to_path() - fs/ufs: avoid potential u32 multiplication overflow - khugepaged: retract_page_tables() remember to test exit - [arm64] dts: marvell: espressobin: add ethernet alias - [x86] drm: Added orientation quirk for ASUS tablet model T103HAF https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.142 - drm/vgem: Replace opencoded version of drm_gem_dumb_map_offset() - perf probe: Fix memory leakage when the probe point is not found - khugepaged: khugepaged_test_exit() check mmget_still_valid() - khugepaged: adjust VM_BUG_ON_MM() in __khugepaged_enter() - btrfs: export helpers for subvolume name/id resolution - btrfs: don't show full path of bind mounts in subvol= - btrfs: Move free_pages_out label in inline extent handling branch in compress_file_range - btrfs: inode: fix NULL pointer dereference if inode doesn't need compression - btrfs: sysfs: use NOFS for device creation - romfs: fix uninitialized memory leak in romfs_dev_read() - kernel/relay.c: fix memleak on destroy relay channel - mm: include CMA pages in lowmem_reserve at boot - mm, page_alloc: fix core hung in free_pcppages_bulk() - ext4: fix checking of directory entry validity for inline directories - jbd2: add the missing unlock_buffer() in the error path of jbd2_write_superblock() - [s390x] scsi: zfcp: Fix use-after-free in request timeout handlers - kthread: Do not preempt current task if it is going to call schedule() - spi: Prevent adding devices below an unregistering controller - scsi: ufs: Add DELAY_BEFORE_LPM quirk for Micron devices - [arm*] scsi: target: tcmu: Fix crash in tcmu_flush_dcache_range on ARM - media: budget-core: Improve exception handling in budget_register() - Input: psmouse - add a newline when printing 'proto' by sysfs - svcrdma: Fix another Receive buffer leak - xfs: fix inode quota reservation checks - jffs2: fix UAF problem - ceph: fix use-after-free for fsc->mdsc - [x86] cpufreq: intel_pstate: Fix cpuinfo_max_freq when MSR_TURBO_RATIO_LIMIT is 0 - scsi: libfc: Free skb in fc_disc_gpn_id_resp() for valid cases - virtio_ring: Avoid loop when vq is broken in virtqueue_poll - xfs: Fix UBSAN null-ptr-deref in xfs_sysfs_init - fs/signalfd.c: fix inconsistent return codes for signalfd4 - ext4: fix potential negative array index in do_split() (CVE-2020-14314) - ext4: don't allow overlapping system zones - i40e: Set RX_ONLY mode for unicast promiscuous on VLAN - i40e: Fix crash during removing i40e driver - [armhf] net: fec: correct the error path for regulator disable in probe - bonding: show saner speed for broadcast mode - bonding: fix a potential double-unregister - [s390x] runtime_instrumentation: fix storage key handling - [s390x] ptrace: fix storage key handling - [x86] ASoC: intel: Fix memleak in sst_media_open - [amd64,arm64] vfio/type1: Add proper error unwind for vfio_iommu_replay() - [x86] kvm: Toggling CR4.SMAP does not load PDPTEs in PAE mode - [x86] kvm: Toggling CR4.PKE does not load PDPTEs in PAE mode - efi: avoid error message when booting under Xen - afs: Fix NULL deref in afs_dynroot_depopulate() - bonding: fix active-backup failover for current ARP slave - net: ena: Prevent reset after device destruction - [x86] hv_netvsc: Fix the queue_mapping in netvsc_vf_xmit() - [armhf] net: dsa: b53: check for timeout - [powerpc*] pseries: Do not initiate shutdown when system is running on UPS - efi: add missed destroy_workqueue when efisubsys_init fails - epoll: Keep a reference on files added to the check list - do_epoll_ctl(): clean the failure exits up a bit - mm/hugetlb: fix calculation of adjust_range_if_pmd_sharing_possible - xen: don't reschedule in preemption off sections - clk: Evict unregistered clks from parent caches - KVM: Pass MMU notifier range flags to kvm_unmap_hva_range() - [arm64] KVM: Only reschedule if MMU_NOTIFIER_RANGE_BLOCKABLE is not set https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.143 - [powerpc*] 64s: Don't init FSCR_DSCR in __init_FSCR() - gre6: Fix reception with IP6_TNL_F_RCV_DSCP_COPY - net: Fix potential wrong skb->protocol in skb_vlan_untag() - net/smc: Prevent kernel-infoleak in __smc_diag_dump() - tipc: fix uninit skb->data in tipc_nl_compat_dumpit() - net: ena: Make missed_tx stat incremental - ipvlan: fix device features - [x86] mfd: intel-lpss: Add Intel Emmitsburg PCH PCI IDs - [powerpc*] xive: Ignore kmemleak false positives - media: pci: ttpci: av7110: fix possible buffer overflow caused by bad DMA value in debiirq() - blktrace: ensure our debugfs dir exists - scsi: target: tcmu: Fix crash on ARM during cmd completion - [arm*] iommu/iova: Don't BUG on invalid PFNs - [amd64] drm/amdkfd: Fix reference count leaks. - drm/radeon: fix multiple reference count leak - drm/amdgpu: fix ref count leak in amdgpu_driver_open_kms - drm/amd/display: fix ref count leak in amdgpu_drm_ioctl - drm/amdgpu: fix ref count leak in amdgpu_display_crtc_set_config - drm/amdgpu/display: fix ref count leak when pm_runtime_get_sync fails - scsi: lpfc: Fix shost refcount mismatch when deleting vport - xfs: Don't allow logging of XFS_ISTALE inodes - f2fs: fix error path in do_recover_data() - PCI: Fix pci_create_slot() reference count leak - rtlwifi: rtl8192cu: Prevent leaking urb - [mips*] vdso: Fix resource leaks in genvdso.c - cec-api: prevent leaking memory through hole in structure - HID: quirks: add NOGET quirk for Logitech GROUP - f2fs: fix use-after-free issue - drm/nouveau/drm/noveau: fix reference count leak in nouveau_fbcon_open - drm/nouveau: fix reference count leak in nv50_disp_atomic_commit - drm/nouveau: Fix reference count leak in nouveau_connector_detect - btrfs: file: reserve qgroup space after the hole punch range is locked - scsi: iscsi: Do not put host in iscsi_set_flashnode_param() - ceph: fix potential mdsc use-after-free crash - scsi: fcoe: Memory leak fix in fcoe_sysfs_fcf_del() - [x86] EDAC/ie31200: Fallback if host bridge device is already initialized - [arm64] KVM: Fix symbol dependency in __hyp_call_panic_nvhe - USB: sisusbvga: Fix a potential UB casued by left shifting a negative value - [arm64] drm/msm/adreno: fix updating ring fence - nvme-fc: Fix wrong return value in __nvme_fc_init_request() - null_blk: fix passing of REQ_FUA flag in null_handle_rq - jbd2: make sure jh have b_transaction set in refile/unfile_buffer - ext4: don't BUG on inconsistent journal feature - ext4: handle read only external journal device - jbd2: abort journal if free a async write error metadata buffer - ext4: handle option set by mount flags correctly - ext4: handle error of ext4_setup_system_zone() on remount - ext4: correctly restore system zone info when remount fails - fs: prevent BUG_ON in submit_bh_wbc() - [s390x] cio: add cond_resched() in the slow_eval_known_fn() loop - scsi: fcoe: Fix I/O path allocation - scsi: ufs: Fix possible infinite loop in ufshcd_hold - scsi: ufs: Improve interrupt handling for shared interrupts - scsi: ufs: Clean up completed request without interrupt notification - scsi: qla2xxx: Check if FW supports MQ before enabling - scsi: qla2xxx: Fix null pointer access during disconnect from subsystem - Revert "scsi: qla2xxx: Fix crash on qla2x00_mailbox_command" - macvlan: validate setting of multiple remote source MAC addresses - [powerpc*] perf: Fix soft lockups due to missed interrupt accounting - block: loop: set discard granularity and alignment for block device backed loop - [arm64,x86] HID: i2c-hid: Always sleep 60ms after I2C_HID_PWR_ON commands - blk-mq: order adding requests to hctx->dispatch and checking SCHED_RESTART - btrfs: reset compression level for lzo on remount - btrfs: fix space cache memory leak after transaction abort - fbcon: prevent user font height or width change from causing potential out-of-bounds access - vt: defer kfree() of vc_screenbuf in vc_do_resize() - vt_ioctl: change VT_RESIZEX ioctl to check for error return from vc_resize() - [armhf] serial: samsung: Removes the IRQ not found warning - [arm*] serial: pl011: Fix oops on -EPROBE_DEFER - [arm*] serial: pl011: Don't leak amba_ports entry on driver register error - serial: 8250_exar: Fix number of ports for Commtech PCIe cards - serial: 8250: change lock order in serial8250_do_startup() - writeback: Protect inode->i_io_list with inode->i_lock - writeback: Avoid skipping inode writeback - writeback: Fix sync livelock due to b_dirty_time processing - XEN uses irqdesc::irq_data_common::handler_data to store a per interrupt XEN data pointer which contains XEN specific information. - usb: host: xhci: fix ep context print mismatch in debugfs - xhci: Do warm-reset when both CAS and XDEV_RESUME are set - xhci: Always restore EP_SOFT_CLEAR_TOGGLE even if ep reset failed - PM: sleep: core: Fix the handling of pending runtime resume requests - device property: Fix the secondary firmware node handling in set_primary_fwnode() - [x86] genirq/matrix: Deal with the sillyness of for_each_cpu() on UP - drm/amdgpu: Fix buffer overflow in INFO ioctl - USB: yurex: Fix bad gfp argument - USB: quirks: Add no-lpm quirk for another Raydium touchscreen - USB: quirks: Ignore duplicate endpoint on Sound Devices MixPre-D - [armhf] usb: host: ohci-exynos: Fix error handling in exynos_ohci_probe() - USB: gadget: f_ncm: add bounds checks to ncm_unwrap_ntb() - USB: cdc-acm: rework notification_buffer resizing - btrfs: check the right error variable in btrfs_del_dir_entries_in_log - [arm64,armhf] usb: dwc3: gadget: Don't setup more than requested - [arm64,armhf] usb: dwc3: gadget: Fix handling ZLP - [arm64,armhf] usb: dwc3: gadget: Handle ZLP for sg requests - [arm64,x86] tpm: Unify the mismatching TPM space buffer sizes - HID: hiddev: Fix slab-out-of-bounds write in hiddev_ioctl_usage() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.144 - HID: core: Correctly handle ReportSize being zero - HID: core: Sanitize event code and type when mapping input - scsi: target: tcmu: Fix size in calls to tcmu_flush_dcache_range - scsi: target: tcmu: Optimize use of flush_dcache_page - [arm64] drm/msm: add shutdown support for display platform_driver - [x86] hwmon: (applesmc) check status earlier. - nvmet: Disable keep-alive timer when kato is cleared to 0h - [arm64] drm/msm/a6xx: fix gmu start on newer firmware - ceph: don't allow setlease on cephfs - cpuidle: Fixup IRQ state - [s390x] don't trace preemption in percpu macros - xen/xenbus: Fix granting of vmalloc'd memory - dmaengine: of-dma: Fix of_dma_router_xlate's of_dma_xlate handling - batman-adv: Avoid uninitialized chaddr when handling DHCP - batman-adv: bla: use netif_rx_ni when not in interrupt context - [mips*] mm: BMIPS5000 has inclusive physical caches - netfilter: nf_tables: add NFTA_SET_USERDATA if not null - netfilter: nf_tables: incorrect enum nft_list_attributes definition - netfilter: nf_tables: fix destination register zeroing - [arm64] net: hns: Fix memleak in hns_nic_dev_probe - [arm64,armhf] dmaengine: pl330: Fix burst length if burst size is smaller than bus width - gtp: add GTPA_LINK info to msg sent to userspace - bnxt_en: Don't query FW when netif_running() is false. - bnxt_en: Check for zero dir entries in NVRAM. - bnxt_en: Fix PCI AER error recovery flow - bnxt_en: fix HWRM error when querying VF temperature - xfs: fix boundary test in xfs_attr_shortform_verify (CVE-2020-14385) - bnxt: don't enable NAPI until rings are ready - netfilter: nfnetlink: nfnetlink_unicast() reports EAGAIN instead of ENOBUFS - nvmet-fc: Fix a missed _irqsave version of spin_lock in 'nvmet_fc_fod_op_done()' - net: ethernet: mlx4: Fix memory allocation in mlx4_buddy_init() - fix regression in "epoll: Keep a reference on files added to the check list" - xfs: fix xfs_bmap_validate_extent_raw when checking attr fork of rt files - tg3: Fix soft lockup when tg3_reset_task() fails. - [amd64] x86, fakenuma: Fix invalid starting node ID - [amd64] iommu/vt-d: Serialize IOMMU GCMD register modifications - [armhf] thermal: ti-soc-thermal: Fix bogus thermal shutdowns for omap4430 - xfs: don't update mtime on COW faults - btrfs: drop path before adding new uuid tree entry - vfio/type1: Support faulting PFNMAP vmas - vfio-pci: Fault mmaps to enable vma tracking - vfio-pci: Invalidate mmaps and block MMIO access on disabled memory (CVE-2020-12888) - btrfs: Remove redundant extent_buffer_get in get_old_root - btrfs: Remove extraneous extent_buffer_get from tree_mod_log_rewind - btrfs: set the lockdep class for log tree extent buffers - uaccess: Add non-pagefault user-space read functions - uaccess: Add non-pagefault user-space write function - btrfs: fix potential deadlock in the search ioctl - net: usb: qmi_wwan: add Telit 0x1050 composition - usb: qmi_wwan: add D-Link DWM-222 A2 device ID - ALSA: ca0106: fix error code handling - ALSA: pcm: oss: Remove superfluous WARN_ON() for mulaw sanity check - [x86] ALSA: hda/hdmi: always check pin power status in i915 pin fixup - ALSA: firewire-digi00x: exclude Avid Adrenaline from detection - [x86] ALSA: hda - Fix silent audio output and corrupted input on MSI X570-A PRO - media: rc: do not access device via sysfs after rc_unregister_device() - media: rc: uevent sysfs file races with rc_unregister_device() - affs: fix basic permission bits to actually work - block: allow for_each_bvec to support zero len bvec - libata: implement ATA_HORKAGE_MAX_TRIM_128M and apply to Sandisks - dm writecache: handle DAX to partitions on persistent memory correctly - dm cache metadata: Avoid returning cmd->bm wild pointer on error - dm thin metadata: Avoid returning cmd->bm wild pointer on error - mm: slub: fix conversion of freelist_corrupted() - [arm64] KVM: Add kvm_extable for vaxorcism code - [arm64] KVM: Defer guest entry when an asynchronous exception is pending - [arm64] KVM: Survive synchronous exceptions caused by AT instructions - [arm64] KVM: Set HCR_EL2.PTW to prevent AT taking synchronous exception - vfio/pci: Fix SR-IOV VF handling with MMIO blocking - checkpatch: fix the usage of capture group ( ... ) - mm/hugetlb: fix a race between hugetlb sysctl handlers (CVE-2020-25285) - cfg80211: regulatory: reject invalid hints - net: usb: Fix uninit-was-stored issue in asix_read_phy_addr() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.145 - ALSA; firewire-tascam: exclude Tascam FE-8 from detection - block: ensure bdi->io_pages is always initialized - net: usb: dm9601: Add USB ID of Keenetic Plus DSL - sctp: not disable bh in the whole sctp_get_port_local() - tipc: fix shutdown() of connectionless socket - net: disable netpoll on fresh napis - [arm64,armhf] net/mlx5e: Don't support phys switch id if not in switchdev mode https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.146 - RDMA/rxe: Fix memleak in rxe_mem_init_user - RDMA/rxe: Drop pointless checks in rxe_init_ports - [armhf] drm/sun4i: Fix dsi dcs long write function - scsi: libsas: Set data_dir as DMA_NONE if libata marks qc as NODATA - RDMA/core: Fix reported speed and width - [arm64] mmc: sdhci-msm: Add retries when all tuning phases are found valid - [arm64,x86] dmaengine: acpi: Put the CSRT table after using it - netfilter: conntrack: allow sctp hearbeat after connection re-use - [x86] firestream: Fix memleak in fs_open - [arm64,armhf] ALSA: hda: Fix 2 channel swapping for Tegra - xfs: initialize the shortform attr header padding entry - nvme-fabrics: don't check state NVME_CTRL_NEW for request acceptance - nvme-rdma: serialize controller teardown sequences - HID: quirks: Set INCREMENT_USAGE_ON_DUPLICATE for all Saitek X52 devices - [ppc64el,x86] drivers/net/wan/hdlc_cisco: Add hard_header_len - HID: elan: Fix memleak in elan_input_configured - [x86] cpufreq: intel_pstate: Refuse to turn off with HWP enabled - [x86] cpufreq: intel_pstate: Fix intel_pstate_get_hwp_max() for turbo disabled - ALSA: hda: fix a runtime pm issue in SOF when integrated GPU is disabled - [amd64] iommu/amd: Do not use IOMMUv2 functionality when SME is active - [x86] iio:accel:bmc150-accel: Fix timestamp alignment and prevent data leak. - [x86] iio:magnetometer:ak8975 Fix alignment and data leak issues. - [armhf] iio:accel:mma8452: Fix timestamp alignment and prevent data leak. - [x86] staging: wlan-ng: fix out of bounds read in prism2sta_probe_usb() - btrfs: require only sector size alignment for parent eb bytenr - btrfs: fix lockdep splat in add_missing_dev - btrfs: fix wrong address when faulting in pages in the search ioctl - regulator: push allocation in set_consumer_device_supply() out of lock - scsi: target: iscsi: Fix data digest calculation - scsi: target: iscsi: Fix hang in iscsit_access_np() when getting tpg->np_login_sem - [arm64] drm/msm: Disable preemption on all 5xx targets - rbd: require global CAP_SYS_ADMIN for mapping and unmapping (CVE-2020-25284) - RDMA/rxe: Fix the parent sysfs read when the interface has 15 chars - vgacon: remove software scrollback support - fbcon: remove soft scrollback code (CVE-2020-14390) - fbcon: remove now unusued 'softback_lines' cursor() argument - [x86] KVM: VMX: Don't freeze guest when event delivery causes an APIC-access exit - [x86] video: fbdev: fix OOB read in vga_8planes_imageblit() - [arm64] phy: qcom-qmp: Use correct values for ipq8074 PCIe Gen2 PHY init - usb: core: fix slab-out-of-bounds Read in read_descriptors - USB: serial: ftdi_sio: add IDs for Xsens Mti USB converter - USB: serial: option: support dynamic Quectel USB compositions - USB: serial: option: add support for SIM7070/SIM7080/SIM7090 modules - usb: Fix out of sync data toggle if a configured device is reconfigured - [x86] usb: typec: ucsi: acpi: Check the _DEP dependencies . [ Salvatore Bonaccorso ] * Bump ABI to 11 * Drop 'Revert "mips: Add udelay lpj numbers adjustment"' * [rt] Update to 4.19.135-rt60 * [rt] Refresh "net: Use skbufhead with raw lock" for context changes in 4.19.136 * [rt] Refresh "timers: Prepare for full preemption" for context changes in 4.19.138 * [rt] Refresh "timers: Redo the notification of canceling timers on -RT" for context changes in 4.19.138 * [rt] Refresh "watchdog: prevent deferral of watchdogd wakeup on RT" for context changes in 4.19.141 * Refresh "net: ena: fix crash during ena_remove()" for context changes in 4.19.142 * [rt] Refresh "Split IRQ-off and zone->lock while freeing pages from PCP list #1" for context changes in 4.19.142 * ACPI: configfs: Disallow loading ACPI tables when locked down (CVE-2020-15780) * [rt] Update to 4.19.142-rt63 * net/packet: fix overflow in tpacket_rcv (CVE-2020-14386) * debian/tests/python: pycodestyle: Increase max-line-length to 100. * gfs2: initialize transaction tr_ailX_lists earlier (Closes: #968567) llvm-toolchain-7 (1:7.0.1-8+deb10u2) buster; urgency=medium . * Non-maintainer upload. . [ Aurelien Jarno ] * Include upstream patch D71028 to add support for min/max/umin/umax atomics, fixing rust mips tests (Closes: #946874). llvm-toolchain-7 (1:7.0.1-8+deb10u1) buster; urgency=medium . * Non-maintainer upload. * Fix for unordered cmpxchg instructions when building rustc. * Disable nomadd4 instructions on mips*. lucene-solr (3.6.2+dfsg-20+deb10u2) buster; urgency=medium . * Team upload. * Fix CVE-2019-0193: The DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug mode of the DIH admin screen uses this to allow convenient debugging / development of a DIH config. Since a DIH config can contain scripts, this parameter is a security risk. Starting from now on, use of this parameter requires setting the Java System property "enable.dih.dataConfigParam" to true. For example this can be achieved with solr-tomcat by adding -Denable.dih.dataConfigParam=true to JAVA_OPTS in /etc/default/tomcat9. milkytracker (1.02.00+dfsg-1+deb10u1) buster; urgency=medium . * CVE-2020-15569 (Closes: #964797) * CVE-2019-14464, CVE-2019-14496, CVE-2019-14497 (Closes: #933964) modsecurity (3.0.3-1+deb10u2) buster-security; urgency=medium . * Add patch by Ervin Hegedüs to fix CVE-2020-15598. mupdf (1.14.0+ds1-4+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * Heap-based buffer overflow in fz_append_display_node (CVE-2019-13290) (Closes: #931475) net-snmp (5.7.3+dfsg-5+deb10u1) buster-security; urgency=high . * snmpd: Make EXTEND-MIB readonly access Fixes CVE-2020-15862 Closes: #965166 * snmpd: Do not cache MIB directory Fixes CVE-2020-15861 Closes: #966599 nginx (1.14.2-2+deb10u3) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * bugfix: prevented request smuggling in the ngx.location.capture API (CVE-2020-11724) (Closes: #964950) node-bl (1.1.2-1+deb10u1) buster; urgency=medium . * Team upload * Add patch to fix over-read vulnerability (Closes: #969309, CVE-2020-8244) node-elliptic (6.4.1~dfsg-1+deb10u1) buster; urgency=medium . * Prevent malleability and overflows (Closes: CVE-2020-13822) node-mysql (2.16.0-1+deb10u1) buster; urgency=medium . * Team upload * Add localInfile option to control LOAD DATA LOCAL INFILE (Closes: #934712, CVE-2019-14939) node-url-parse (1.2.0-2+deb10u1) buster; urgency=medium . * Add missing test dependency: mocha * Fix insufficient validation and sanitization of user input (Closes: CVE-2020-8124) npm (5.8.0+ds6-4+deb10u2) buster; urgency=medium . * Team upload * Don't show password in logs (Closes: CVE-2020-15095) openexr (2.2.1-4.1+deb10u1) buster-security; urgency=medium . * CVE-2017-9115 CVE-2017-9114 CVE-2017-9113 CVE-2017-9111 CVE-2020-11765 CVE-2020-11764 CVE-2020-11763 CVE-2020-11762 CVE-2020-11761 CVE-2020-11760 CVE-2020-11759 CVE-2020-11758 CVE-2020-15306 CVE-2020-15305 openjdk-11 (11.0.8+10-1~deb10u1) buster-security; urgency=medium . * Rebuild for Buster openjdk-11 (11.0.7+10-3) unstable; urgency=high . * Backport the fix for JDK-8214571, -Xdoclint of array serialField gives "error: array type not allowed here". Introduced with 11.0.7. * Enable running the testsuite on release architectures. openjdk-11 (11.0.7+10-3~deb10u1) buster-security; urgency=medium . * Rebuild for buster-security openjdk-11 (11.0.7+10-2) unstable; urgency=high . * Backport the fix for 8228407, JVM crashes with shared archive file mismatch. * Enable again bootcycle build for all hotspot architectures. * Build again with -march=zEC12 on Ubuntu/s390x. . openjdk-11 (11.0.7+10-1) unstable; urgency=high . * OpenJDK 11.0.7+10 build (release). * Security fixes - JDK-8223898, CVE-2020-2754: Forward references to Nashorn - JDK-8223904, CVE-2020-2755: Improve Nashorn matching - JDK-8224541, CVE-2020-2756: Better mapping of serial ENUMs - JDK-8224549, CVE-2020-2757: Less Blocking Array Queues - JDK-8225603: Enhancement for big integers - JDK-8226346: Build better binary builders - JDK-8227467: Better class method invocations - JDK-8227542: Manifest improved jar headers - JDK-8229733: TLS message handling improvements - JDK-8231415, CVE-2020-2773: Better signatures in XML - JDK-8231785: Improved socket permissions - JDK-8232424, CVE-2020-2778: More constrained algorithms - JDK-8232581, CVE-2020-2767: Improve TLS verification - JDK-8233250: Better X11 rendering - JDK-8233410: Better Build Scripting - JDK-8234027: Better JCEKS key support - JDK-8234408, CVE-2020-2781: Improve TLS session handling - JDK-8234825, CVE-2020-2800: Better Headings for HTTP Servers - JDK-8234841, CVE-2020-2803: Enhance buffering of byte buffers - JDK-8235274, CVE-2020-2805: Enhance typing of methods - JDK-8235691, CVE-2020-2816: Enhance TLS connectivity - JDK-8236201, CVE-2020-2830: Better Scanner conversions - JDK-8238960: linux-i586 builds are inconsistent as the newly build jdk is not able to reserve enough space for object heap . [ Matthias Klose ] * Refresh patches. * Configure --with-jtreg=/usr/share/jtreg. * Enable the buildwatch script on sh4 (Adrian Glaubitz). Closes: #956728. * Build with -march=z13 -mtune=z15 on Ubuntu/s390x. openjdk-11 (11.0.7+10-1) unstable; urgency=medium . * OpenJDK 11.0.7+10 build (release). - S8160926: FLAGS_COMPILER_CHECK_ARGUMENTS doesn't handle cross-compilation - S8189861: Refactor CacheFind - S8204551: Event descriptions are truncated in logs - S8210459: Add support for generating compile_commands.json - S8214534: Setting of THIS_FILE in the build is broken - S8217728: Speed up incremental rerun of "make hotspot" - S8219597: (bf) Heap buffer state changes could provoke unexpected exceptions - S8220613: java/util/Arrays/TimSortStackSize2.java times out with fastdebug build - S8221851: Use of THIS_FILE in hotspot invalidates precompiled header on Linux/GCC - S8222264: Windows incremental build is broken with JDK-8217728 - S8223678: Add Visual Studio Code workspace generation support (for native code) - S8223898: Forward references to Nashorn - S8223904: Improve Nashorn matching - S8224541: Better mapping of serial ENUMs - S8224549: Less Blocking Array Queues - S8225603: Enhancement for big integers - S8226346: Build better binary builders - S8227467: Better class method invocations - S8227542: Manifest improved jar headers - S8229733: TLS message handling improvements - S8231415: Better signatures in XML - S8231785: Improved socket permissions - S8232424: More constrained algorithms - S8232581: Improve TLS verification - S8233250: Better X11 rendering - S8233383: Various minor fixes - S8233410: Better Build Scripting - S8234027: Better JCEKS key support - S8234408: Improve TLS session handling - S8234825: Better Headings for HTTP Servers - S8234841: Enhance buffering of byte buffers - S8235274: Enhance typing of methods - S8235691: Enhance TLS connectivity - S8236201: Better Scanner conversions - S8237879: make 4.3 breaks build - S8238960: linux-i586 builds are inconsistent as the newly build jdk is not able to reserve enough space for object heap . [ Matthias Klose ] * Refresh patches. * Configure --with-jtreg=/usr/share/jtreg. * Enable the buildwatch script on sh4 (Adrian Glaubitz). Closes: #956728. * Build with -march=z13 -mtune=z15 on Ubuntu/s390x. openjdk-11 (11.0.7+9-1) unstable; urgency=medium . * OpenJDK 11.0.7+9 build (early access). * Make autopkgtests cross-test-friendly (Steve Langasek). LP: #1861467. * d/tests/jtreg-autopkgtest.in: keep generated hs_err log files with test artifacts to improve later debug (Tiago Stürmer Daitx). * d/tests/jtdiff-autopkgtest.in: set default vm to correctly locate (Tiago Stürmer Daitx) * jhsdb isn't built on sh4 (Adrian Glaubitz). Closes: #951774. openjdk-11 (11.0.6+10-2) unstable; urgency=medium . * Fix FTCBFS (Helmut Grohne). Addresses: #949460. - Missing Build-Depends: zlib1g-dev:native. - Use triplet-prefixed objcopy and strip. * Bump standards version. openjdk-11 (11.0.6+10-1) unstable; urgency=high . * OpenJDK 11.0.5+10 build (release). - S8220598: Malformed copyright year range in a few files in java.base. - S8224909, CVE-2020-2583: Unlink Set of LinkedHashSets. - S8225261: Better method resolutions. - S8225279: Better XRender interpolation. - S8226352, CVE-2020-2590: Improve Kerberos interop capabilities. - S8227758: More valid PKIX processing. - S8227816: More Colorful ICC profiles. - S8228548, CVE-2020-2593: Normalize normalization for all. - S8229728: Implement negotiation parameters. - S8229951, CVE-2020-2601: Better Ticket Granting Services. - S8230279: Improve Pack200 file reading. - S8230318: Better trust store usage. - S8230967: Improve Registry support of clients. - S8231139: Improved keystore support. - S8231422, CVE-2020-2604: Better serial filter handling. - S8231780, CVE-2020-2655: Better TLS messaging support. - S8231790: Provide better FileSystemProviders. - S8232419: Improve Registry registration. - S8234037, CVE-2020-2654: Improve Object Identifier Processing. * Disable zero on sparc64 (Adrian Glaubitz). Closes: #942030. * Make the generated character data source files reproducible (Emmanuel Bourg). Closes: #933339. * Make the generated module-info.java files reproducible (Emmanuel Bourg). Closes: #933342. * Make the generated copyright headers reproducible (Emmanuel Bourg). Closes: #933349. * Make the build user reproducible (Emmanuel Bourg). Closes: #933373. orocos-kdl (1.4.0-7+deb10u2) buster; urgency=medium . * Add patch for include path KDLConfig.cmake exports ${CMAKE_CURRENT_LIST_DIR}/../../../include as an include path, which resolves to /usr/include. This breaks with gcc > 5 and cmake < 3.16 as discussed in https://github.com/ros/rosdistro/issues/26526. As /usr/include is a default include path, the patch simply removes the extra path. postgresql-11 (11.9-0+deb10u1) buster; urgency=medium . * New upstream version. + Set a secure search_path in logical replication walsenders and apply workers (Noah Misch) . A malicious user of either the publisher or subscriber database could potentially cause execution of arbitrary SQL code by the role running replication, which is often a superuser. Some of the risks here are equivalent to those described in CVE-2018-1058, and are mitigated in this patch by ensuring that the replication sender and receiver execute with empty search_path settings. (As with CVE-2018-1058, that change might cause problems for under-qualified names used in replicated tables' DDL.) Other risks are inherent in replicating objects that belong to untrusted roles; the most we can do is document that there is a hazard to consider. (CVE-2020-14349) . + Make contrib modules' installation scripts more secure (Tom Lane) . Attacks similar to those described in CVE-2018-1058 could be carried out against an extension installation script, if the attacker can create objects in either the extension's target schema or the schema of some prerequisite extension. Since extensions often require superuser privilege to install, this can open a path to obtaining superuser privilege. To mitigate this risk, be more careful about the search_path used to run an installation script; disable check_function_bodies within the script; and fix catalog-adjustment queries used in some contrib modules to ensure they are secure. Also provide documentation to help third-party extension authors make their installation scripts secure. This is not a complete solution; extensions that depend on other extensions can still be at risk if installed carelessly. (CVE-2020-14350) postgresql-common (200+deb10u4) buster; urgency=medium . * t/170_extensions.t: Don't drop plpgsql before testing extensions. A recent security fix in the PostgreSQL server (CVE-2020-14350) makes use of plpgsql DO blocks in various extension creation scripts without declaring a formal dependency on it, so change tests not to drop plpgsql. pyzmq (17.1.2-2+deb10u1) buster; urgency=medium . * Non-maintainer upload. * asyncio: wait for POLLOUT on sender in can_connect (Closes: #970567) qemu (1:3.1+dfsg-8+deb10u8) buster-security; urgency=medium . * mention fixing of CVE-2020-13765 in 3.1+dfsg-8+deb10u6 * xgmac-fix-buffer-overflow-in-xgmac_enet_send-CVE-2020-15863.patch ARM-only XGMAC NIC, possible buffer overflow during packet transmission Closes: CVE-2020-15863 * sm501 OOB read/write due to integer overflow in sm501_2d_operation() List of patches: sm501-convert-printf-abort-to-qemu_log_mask.patch sm501-shorten-long-variable-names-in-sm501_2d_operation.patch sm501-use-BIT-macro-to-shorten-constant.patch sm501-clean-up-local-variables-in-sm501_2d_operation.patch sm501-replace-hand-written-implementation-with-pixman-CVE-2020-12829.patch Closes: #961451, CVE-2020-12829 * usb-fix-setup_len-init-CVE-2020-14364.patch Fix OOB r/w access in USB emulation Closes: #968947, CVE-2020-14364 * net-assertion-in-net_tx_pkt_add_raw_fragment-CVE-2020-16092.patch Fix net_tx_pkt_add_raw_fragment assertion in e1000e & vmxnet3 Closes: CVE-2020-16092 qt4-x11 (4:4.8.7+dfsg-18+deb10u1) buster; urgency=medium . * Backport upstream patch to fix buffer overflow in XBM parser, CVE-2020-17507 (Closes: #970308). qtbase-opensource-src (5.11.3+dfsg1-1+deb10u4) buster; urgency=medium . [ Dmitry Shachnev ] * Backport upstream patch to fix buffer overflow in XBM parser (CVE-2020-17507, closes: #968444). . [ Lisandro Damián Nicanor Pérez Meyer ] * Backport XCB_Fix_clipboard_breaking_when_timer_wraps_after_50_days.patch (Closes: #961293). Thanks Nicolás for pointing us to the bug fix. ros-actionlib (1.11.15-1+deb10u1) buster; urgency=high . * Add https://github.com/ros/actionlib/pull/171 (Fix CVE-2020-10289) roundcube (1.3.15+dfsg.1-1~deb10u1) buster-security; urgency=high . * New upstream release, with security fix for CVE-2020-16145: Cross-site scripting (XSS) vulnerability via HTML messages with malicious svg or math content. (Closes: #968216) ruby-kramdown (1.17.0-1+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * Add option forbidden_inline_options (CVE-2020-14001) (Closes: #965305) ruby-ronn (0.8.0-2+deb10u1) buster; urgency=medium . * Team upload. * Fix handling of UTF-8 content in manpages (Closes: #965294) rust-cbindgen (0.14.4-1~deb10u1) buster; urgency=medium . * Non-maintainer upload. * Backport to buster. * Vendor dependencies, they are not available in buster. * Only build the cbindgen binary. * Lower dh-cargo build-dep. * Bump rustc and cargo build-deps. rust-cbindgen (0.14.3-1) unstable; urgency=medium . * Package cbindgen 0.14.3 from crates.io using debcargo 2.4.3 rust-cbindgen (0.14.2-1) unstable; urgency=medium . * Package cbindgen 0.14.2 from crates.io using debcargo 2.4.2 rust-cbindgen (0.14.1-1) unstable; urgency=medium . * Package cbindgen 0.14.1 from crates.io using debcargo 2.4.2 rust-cbindgen (0.14.0-3) unstable; urgency=medium . * Package cbindgen 0.14.0 from crates.io using debcargo 2.4.0 * Only run the testssuite on the binary rust-cbindgen (0.14.0-2) unstable; urgency=medium . * Don't run autopkgtest for now. It needs g++ and I cannot add it as dep as debcargo doesn't manage that yet. WIP https://salsa.debian.org/rust-team/debcargo/-/merge_requests/24 rust-cbindgen (0.14.0-1) unstable; urgency=medium . * Package cbindgen 0.14.0 from crates.io using debcargo 2.4.0 * Cherry-pick upstream page to fix autopkgtest rust-cbindgen (0.13.1-2) unstable; urgency=medium . * Package cbindgen 0.13.1 from crates.io using debcargo 2.4.0 * Upload to unstable. Still blocked by NEW. rust-cbindgen (0.13.1-1) experimental; urgency=medium . * Team upload. * Package cbindgen 0.13.1 from crates.io using debcargo 2.4.2 rust-cbindgen (0.12.1-1) unstable; urgency=medium . * Package cbindgen 0.12.1 from crates.io using debcargo 2.4.0 rust-cbindgen (0.12.0-1) unstable; urgency=medium . * Package cbindgen 0.12.0 from crates.io using debcargo 2.4.0 rust-cbindgen (0.11.1-1) unstable; urgency=medium . * Package cbindgen 0.11.1 from crates.io using debcargo 2.4.0 rust-cbindgen (0.11.0-1) unstable; urgency=medium . * Package cbindgen 0.11.0 from crates.io using debcargo 2.4.0 rust-cbindgen (0.10.0-1) unstable; urgency=medium . * Package cbindgen 0.10.0 from crates.io using debcargo 2.4.0 rust-cbindgen (0.9.1-1) unstable; urgency=medium . * Package cbindgen 0.9.1 from crates.io using debcargo 2.4.0 rust-cbindgen (0.9.0-1) unstable; urgency=medium . * Package cbindgen 0.9.0 from crates.io using debcargo 2.3.1-alpha.0 * Remove testsuite-fix.patch (merged upstream) rustc (1.41.1+dfsg1-1~deb10u1) buster; urgency=medium . * Non-maintainer upload. * Backport to buster. * stage0 build. - Use arm-unknown-linux-gnueabi target for armel. * Use LLVM 7. * Disable wasm. * Reduce debugging symbols on i386 to avoid FTBFS due to OOM. rustc (1.40.0+dfsg1-5) unstable; urgency=medium . * More python 2 -> 3 fixes. * Allow 24 failing tests on riscv64. * Reenable debuginfo for rustc, not just libstd. * Reenable backtraces during tests. rustc (1.40.0+dfsg1-4) unstable; urgency=medium . * Experimental riscv64 support. rustc (1.40.0+dfsg1-3) unstable; urgency=medium . * Work around upstream #59264 again. :/ rustc (1.40.0+dfsg1-2) unstable; urgency=medium . * Fix more internal build scripts so they use python3. * Don't add -L/usr/lib/llvm when cross-compiling. (Closes: #941783) rustc (1.40.0+dfsg1-1) unstable; urgency=medium . * Upload to unstable. * Ignore new test failing on arm that also fails in previous versions. rustc (1.40.0+dfsg1-1~exp1) experimental; urgency=medium . * New upstream release. rustc (1.39.0+dfsg1-4) unstable; urgency=medium . * Update to LLVM 9. (Closes: #946886) rustc (1.39.0+dfsg1-3) unstable; urgency=medium . * Fix mips patch involving mxgot for new RUSTFLAGS behaviour. rustc (1.39.0+dfsg1-2) unstable; urgency=medium . * Include reproducibility patch for compiler-builtins. * Use python3 instead of python to run rustbuild. (Closes: #938422) * Expand d-ignore-error-detail-diff.patch for unfixed upstream #53081. rustc (1.39.0+dfsg1-1) unstable; urgency=medium . * New upstream release. rustc (1.38.0+dfsg1-2) unstable; urgency=medium . * Fix building with rustc 1.38.0 * Fix building with cargo 0.40.0 rustc (1.38.0+dfsg1-1) unstable; urgency=medium . * New upstream release. rustc (1.37.0+dfsg1-1) unstable; urgency=medium . * Upload to unstable. * Fix a typo in debian/rules regex causing FTBFS on some arches. rustc (1.37.0+dfsg1-1~exp2) experimental; urgency=medium . * Support cross-compiling to wasm32. (Closes: #903110) To do that, install the libstd-rust-dev-wasm32-cross package and give --target wasm32-unknown-unknown. * Drop dependency on system compiler-rt, these new versions of rustc actually don't need it at all. rustc (1.37.0+dfsg1-1~exp1) experimental; urgency=medium . * New upstream release. * Use system compiler-rt. rustc (1.36.0+dfsg1-2) unstable; urgency=medium . * Set CARGO_HOME to debian/cargo_home (instead of $HOME/.cargo) as newer versions of cargo must take a file lock that has to exist. rustc (1.36.0+dfsg1-1) unstable; urgency=medium . * Upload to unstable. rustc (1.36.0+dfsg1-1~exp1) experimental; urgency=medium . * New upstream release. rustc (1.35.0+dfsg1-1) unstable; urgency=medium . * Add entry in 1.34.2+dfsg1-1 to note that it uses LLVM 7. * Add entry in 1.35.0+dfsg1-1~exp2 to note that it uses LLVM 8. * Fix ICE on sparc64 by including upstream PR #61881. rustc (1.35.0+dfsg1-1~exp1) experimental; urgency=medium . * Don't use system compiler-rt, it's not ready yet. * New upstream release. s390-tools (2.3.0-2~deb10u1) buster; urgency=medium . * Upload debootstrap fix to Debian stable. (Closes: #960265) squid (4.6-1+deb10u4) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * SQUID-2020:8 HTTP(S) Request Splitting (CVE-2020-15811) (Closes: #968932) * SQUID-2020:9 Denial of Service processing Cache Digest Response (CVE-2020-24606) (Closes: #968933) * SQUID-2020:10 HTTP(S) Request Smuggling (CVE-2020-15810) (Closes: #968934) teeworlds (0.7.2-5+deb10u1) buster-security; urgency=high . * Team upload. * Fix CVE-2020-12066: A remote attacker was able to shut down the teeworlds server and cause a denial-of-service by crafting a specific server packet. thunderbird (1:68.12.0-1~deb10u1) stable-security; urgency=medium . * Rebuild for buster-security * [32b3711] Revert "d/xpi-pack.sh: adding xpi-pack shell script" * [b50609a] Revert "Drop mozilla-devscripts as B-D" * [fd054fc] Revert "Drop python-{minimal,ply} from B-D" * [5a2a88c] Revert "d/control: tb manually set dep on libnss3 to 2:3.55" thunderbird (1:68.11.0-3) unstable; urgency=medium . * [28707fd] d/xpi-pack.sh: adding xpi-pack shell script As we can't depend on mozilla-devscripts anymore we pick up the shell script from that package as this builds XPI files we need. * [037212e] Drop mozilla-devscripts as B-D mozilla-devscripts isn't ported to Python3 yet and depends on Python2 so. We don't need that package as B-D as we picked the main shell script from that and we can drop that package from the build dependencies. * [31eda41] Drop python-{minimal,ply} from B-D These packages are removed from teh archive and we don't need them for building Thunderbird as long we have python2 as package available. (Closes: #967223) thunderbird (1:68.11.0-2) unstable; urgency=medium . * [110a375] d/control: increase B-D for libnss3 * [73fa23e] d/control: tb manually set dep on libnss3 to 2:3.55 (Closes: #966806) thunderbird (1:68.11.0-1) unstable; urgency=medium . * [093b080] New upstream version 68.11.0 Fixed CVE issues in upstream version 68.11.0 (MFSA 2020-35): CVE-2020-15652: Potential leak of redirect targets when loading scripts in a worker CVE-2020-6514: WebRTC data channel leaks internal address to peer CVE-2020-6463: Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture CVE-2020-15659: Memory safety bugs fixed in Thunderbird 68.11 thunderbird (1:68.11.0-1~deb10u1) stable-security; urgency=medium . * Rebuild for buster-security thunderbird (1:68.10.0-1) unstable; urgency=medium . * [7537684] New upstream version 68.10.0 Fixed CVE issues in upstream version 68.10.0 (MFSA 2020-26): CVE-2020-12417: Memory corruption due to missing sign-extension for ValueTags on ARM64 CVE-2020-12418: Information disclosure due to manipulated URL object CVE-2020-12419: Use-after-free in nsGlobalWindowInner CVE-2020-12420: Use-After-Free when trying to connect to a STUN server MFSA-2020-0001: Automatic account setup leaks Microsoft Exchange login credentials CVE-2020-12421: Add-On updates did not respect the same certificate trust rules as software updates webkit2gtk (2.28.4-1~deb10u1) buster-security; urgency=medium . * Rebuild for buster-security. * debian/patches/force-single-process.patch: + Force the single-process mode in Evolution and Geary * debian/control: + Remove Breaks for Evolution < 3.34.1. + Remove build dependency on libwpebackend-fdo-1.0-dev. + Switch build dependency from libenchant-2-dev to libenchant-dev. webkit2gtk (2.28.3-2) unstable; urgency=high . * The WebKitGTK security advisory WSA-2020-0006 lists the following security fixes in the latest versions of WebKitGTK: + CVE-2020-9802, CVE-2020-9803, CVE-2020-9805, CVE-2020-9806, CVE-2020-9807, CVE-2020-9843, CVE-2020-9850, CVE-2020-13753 (fixed in 2.28.3). * Don't build the documentation in binary-arch builds and with the nodoc build profile (Closes: #962616). + debian/control: - Move gtk-doc-tools and *-doc to Build-Depends-Indep. - Add Build-Profiles: to libwebkit2gtk-4.0-doc + debian/rules: - Use dh_listpackages to decide whether to build the documentation. xorg-server (2:1.20.4-1+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * Fix for ZDI-11426 (CVE-2020-14347) (Closes: #968986) * Correct bounds checking in XkbSetNames() (CVE-2020-14345) * Fix XIChangeHierarchy() integer underflow (CVE-2020-14346) * Fix XkbSelectEvents() integer underflow (CVE-2020-14361) * Fix XRecordRegisterClients() Integer underflow (CVE-2020-14362) xrdp (0.9.9-1+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * libscp v1 server set height twice, and not set width * xrdp-sesman can be crashed remotely over port 3350 (CVE-2020-4044) (Closes: #964573) * Fixed CVE-2020-4044 CI errors zeromq3 (4.3.1-4+deb10u2) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * zeromq connects peer before handshake is completed (CVE-2020-15166) ====================================== Sat, 01 Aug 2020 - Debian 10.5 released ====================================== ========================================================================= [Date: Sat, 01 Aug 2020 08:54:01 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: matrix-synapse | 0.99.2-6 | source, all Closed bugs: 959723 ------------------- Reason ------------------- RoM; security issues; unsupportable ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 01 Aug 2020 08:54:20 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: firefoxdriver | 3.14.1-1 | amd64, i386 selenium-firefoxdriver | 3.14.1-1 | source Closed bugs: 960585 ------------------- Reason ------------------- RoQA; does not support firefox beyond 52.0 ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 01 Aug 2020 08:54:51 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: janus | 0.6.1-1 | source, amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x janus-demos | 0.6.1-1 | all janus-dev | 0.6.1-1 | amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x janus-doc | 0.6.1-1 | all janus-tools | 0.6.1-1 | amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x libjs-janus | 0.6.1-1 | all Closed bugs: 962694 ------------------- Reason ------------------- RoM; not supportable for the lifetime of a stable release ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 01 Aug 2020 08:55:10 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: fonts-mathematica | 21 | all mathematica-fonts | 21 | source, all Closed bugs: 964343 ------------------- Reason ------------------- RoQA; relies on unavailable download location ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 01 Aug 2020 08:55:28 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: golang-github-unknwon-cae | 0.0~git20160715.0.c6aac99-4 | source golang-github-unknwon-cae-dev | 0.0~git20160715.0.c6aac99-4 | all Closed bugs: 966454 ------------------- Reason ------------------- RoQA; security issues; unmaintained ---------------------------------------------- ========================================================================= apache-log4j1.2 (1.2.17-8+deb10u1) buster-security; urgency=high . * Team upload. * Fix CVE-2019-17571. (Closes: #947124) Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. appstream-glib (0.7.14-1+deb10u1) buster; urgency=medium . * Non-maintainer upload. * Backport upstream fix for FTBFS in the year 2020. (Closes: #949169) apt (1.8.2.1) buster-security; urgency=high . * SECURITY UPDATE: Out of bounds read in ar, tar implementations (LP: #1878177) - apt-pkg/contrib/arfile.cc: Fix out-of-bounds read in member name - apt-pkg/contrib/arfile.cc: Fix out-of-bounds read on unterminated member names in error path - apt-pkg/contrib/extracttar.cc: Fix out-of-bounds read on unterminated member names in error path - CVE-2020-3810 * .gitlab.ci.yml: Point to debian:buster asunder (2.9.3-3+deb10u1) buster; urgency=medium . * Add patch to use gnudb instead of freedb by default * Add a NEWS item for freedb closing b43-fwcutter (1:019-4+deb10u1) buster; urgency=medium . [ Andreas Beckmann ] * QA upload. * Run firmware removal commands under LC_ALL=C. (Closes: #960791) * Do not fail while removing no longer existing files. (Closes: #956858) * Add dependency on pciutils for lspci. . [ Raphaël Hertzog ] * Add ca-certificates to Depends so that we can download over https. balsa (2.5.6-2+deb10u1) buster; urgency=medium . * Provide server identity when validating certificates (allows to verify certs with a glib-networking patch for CVE-2020-13645). Patch taken from Ubuntu. Closes: #961792. base-files (10.3+deb10u5) buster; urgency=medium . * Change /etc/debian_version to 10.5, for Debian 10.5 point release. batik (1.10-2+deb10u1) buster; urgency=medium . * Non-maintainer upload. * CVE-2019-17566: Server-side request forgery via xlink:href attributes. (Closes: #964510) bind9 (1:9.11.5.P4+dfsg-5.1+deb10u1) buster-security; urgency=high . * [CVE-2019-6477]: TCP-pipelined queries can bypass tcp-clients limit. (Closes: #945171) * [CVE-2020-8616]: Fix NXNSATTACK amplification attack on BIND 9 * [CVE-2020-8617]: Fix assertion failure in TSIG processing code borgbackup (1.1.9-2+deb10u1) buster; urgency=medium . * Fix index corruption bug leading to data loss (Closes: #953615). bundler (1.17.3-3+deb10u1) buster; urgency=medium . * Non-maintainer upload. . [ Utkarsh Gupta ] * Bump minimum version of ruby-molinillo in ruby-bundler (Closes: #945481) c-icap-modules (1:0.5.3-1+deb10u1) buster; urgency=medium . * Non-maintainer upload. * Backport support for ClamAV 0.102. (Closes: #952009) cacti (1.2.2+ds1-2+deb10u3) buster; urgency=medium . * Unix timestamps after Sep 13 2020 are rejected as graph start/end arguments (Upstream bug #3245) * CVE-2020-7237: Remote Code Execution (by privileged users) via shell metacharacters in the Performance Boost Debug Log field of poller_automation.php. OS commands are executed when a new poller cycle begins. The attacker must be authenticated, and must have access to modify the Performance Settings of the product. (Closes: #949997) * CVE-2020-7106: XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the description parameter in data_sources.php (a raw string from the database that is displayed by $header to trigger the XSS). (Closes: #949996) * CVE-2020-13230: Disabling an user account does not immediately invalidate any permissions granted to that account (e.g., permission to view logs) * CVE-2020-13231: auth_profile.php?action=edit allows CSRF for an admin email change calamares-settings-debian (10.0.20-1+deb10u3) buster; urgency=medium . * Use xdg-user-dir to specify Desktop directory (Closes: #959541) calamares-settings-debian (10.0.20-1+deb10u2) buster; urgency=medium . * Fix type in previous entry (s/desk/disk) * Enable displaymanager module, fixing autologin options (Closes: #934503, #934504) chromium (83.0.4103.116-1~deb10u3) buster-security; urgency=medium . * Fix crashes when a connection error occurs (closes: #963548). chromium (83.0.4103.116-1~deb10u2) buster-security; urgency=medium . * Rebuild with optimization (closes: #964145). chromium (83.0.4103.116-1~deb10u1) buster-security; urgency=medium . * New upstream stable release. - CVE-2020-6423: Use after free in audio. Reported by Anonymous - CVE-2020-6430: Type Confusion in V8. Reported by Avihay Cohen - CVE-2020-6431: Insufficient policy enforcement in full screen. Reported by Luan Herrera - CVE-2020-6432: Insufficient policy enforcement in navigations. Reported by David Erceg - CVE-2020-6433: Insufficient policy enforcement in extensions. Reported by David Erceg - CVE-2020-6434: Use after free in devtools. Reported by HyungSeok Han - CVE-2020-6435: Insufficient policy enforcement in extensions. Reported by Sergei Glazunov - CVE-2020-6436: Use after free in window management. Reported by Igor Bukanov - CVE-2020-6437: Inappropriate implementation in WebView. Reported by Jann Horn - CVE-2020-6438: Insufficient policy enforcement in extensions. Reported by Ng Yik Phang - CVE-2020-6439: Insufficient policy enforcement in navigations. Reported by remkoboonstra - CVE-2020-6440: Inappropriate implementation in extensions. Reported by David Erceg - CVE-2020-6441: Insufficient policy enforcement in omnibox. Reported by David Erceg - CVE-2020-6442: Inappropriate implementation in cache. Reported by B@rMey - CVE-2020-6443: Insufficient data validation in developer tools. Reported by @lovasoa - CVE-2020-6444: Uninitialized use in WebRTC. Reported by mlfbrown - CVE-2020-6445: Insufficient policy enforcement in trusted types. Reported by Jun Kokatsu - CVE-2020-6446: Insufficient policy enforcement in trusted types. Reported by Jun Kokatsu - CVE-2020-6447: Inappropriate implementation in developer tools. Reported by David Erceg - CVE-2020-6448: Use after free in V8. Reported by Guang Gong - CVE-2020-6454: Use after free in extensions. Reported by leecraso and Guang Gong - CVE-2020-6455: Out of bounds read in WebSQL. Reported by Nan Wang and Guang Gong - CVE-2020-6456: Insufficient validation of untrusted input in clipboard. Reported by Michał Bentkowski - CVE-2020-6457: Use after free in speech recognizer. Reported by Leecraso and Guang Gong - CVE-2020-6458: Out of bounds read and write in PDFium. Reported by Aleksandar Nikolic - CVE-2020-6459: Use after free in payments. Reported by Zhe Jin - CVE-2020-6460: Insufficient data validation in URL formatting. Reported by Anonymous - CVE-2020-6461: Use after free in storage. Reported by Zhe Jin - CVE-2020-6462: Use after free in task scheduling. Reported by Zhe Jin - CVE-2020-6463: Use after free in ANGLE. Reported by Pawel Wylecial - CVE-2020-6464: Type Confusion in Blink. Reported by Looben Yang - CVE-2020-6465: Use after free in reader mode. Reported by Woojin Oh - CVE-2020-6466: Use after free in media. Reported by Zhe Jin - CVE-2020-6467: Use after free in WebRTC. Reported by ZhanJia Song - CVE-2020-6468: Type Confusion in V8. Reported by Chris Salls and Jake Corina - CVE-2020-6469: Insufficient policy enforcement in developer tools. Reported by David Erceg - CVE-2020-6470: Insufficient validation of untrusted input in clipboard. Reported by Michał Bentkowski - CVE-2020-6471: Insufficient policy enforcement in developer tools. Reported by David Erceg - CVE-2020-6472: Insufficient policy enforcement in developer tools. Reported by David Erceg - CVE-2020-6473: Insufficient policy enforcement in Blink. Reported by Soroush Karami and Panagiotis Ilia - CVE-2020-6474: Use after free in Blink. Reported by Zhe Jin - CVE-2020-6475: Incorrect security UI in full screen. Reported by Khalil Zhani - CVE-2020-6476: Insufficient policy enforcement in tab strip. Reported by Alexandre Le Borgne - CVE-2020-6478: Inappropriate implementation in full screen. Reported by Khalil Zhani - CVE-2020-6479: Inappropriate implementation in sharing. Reported by Zhong Zhaochen - CVE-2020-6480: Insufficient policy enforcement in enterprise. Reported by Marvin Witt - CVE-2020-6481: Insufficient policy enforcement in URL formatting. Reported by Rayyan Bijoora - CVE-2020-6482: Insufficient policy enforcement in developer tools. Reported by Abdulrahman Alqabandi - CVE-2020-6483: Insufficient policy enforcement in payments. Reported by Jun Kokatsu - CVE-2020-6484: Insufficient data validation in ChromeDriver. Reported by Artem Zinenko - CVE-2020-6485: Insufficient data validation in media router. Reported by Sergei Glazunov - CVE-2020-6486: Insufficient policy enforcement in navigations. Reported by David Erceg - CVE-2020-6487: Insufficient policy enforcement in downloads. Reported by Jun Kokatsu - CVE-2020-6488: Insufficient policy enforcement in downloads. Reported by David Erceg - CVE-2020-6489: Inappropriate implementation in developer tools. Reported by @lovasoa - CVE-2020-6490: Insufficient data validation in loader. Reported by Twitter - CVE-2020-6491: Incorrect security UI in site information. Reported by Sultan Haikal - CVE-2020-6493: Use after free in WebAuthentication. Reported by Anonymous - CVE-2020-6494: Incorrect security UI in payments. Reported by Juho Nurminen - CVE-2020-6495: Insufficient policy enforcement in developer tools. Reported by David Erceg - CVE-2020-6496: Use after free in payments. Reported by Khalil Zhani - CVE-2020-6497: Insufficient policy enforcement in Omnibox. Reported by Rayyan Bijoora - CVE-2020-6498: Incorrect security UI in progress display. Reported by Rayyan Bijoora - CVE-2020-6505: Use after free in speech. Reported by Khalil Zhani - CVE-2020-6506: Insufficient policy enforcement in WebView. Reported by Alesandro Ortiz - CVE-2020-6507: Out of bounds write in V8. Reported by Sergei Glazunov - CVE-2020-6509: Use after free in extensions. Reported by Anonymous - CVE-2020-6831: Stack buffer overflow in SCTP. Reported by Natalie Silvanovich chromium (83.0.4103.106-1) unstable; urgency=medium . * New upstream security release. - CVE-2020-6493: Use after free in WebAuthentication. Reported by Anonymous - CVE-2020-6494: Incorrect security UI in payments. Reported by Juho Nurminen - CVE-2020-6495: Insufficient policy enforcement in developer tools. Reported by David Erceg - CVE-2020-6496: Use after free in payments. Reported by Khalil Zhani - CVE-2020-6497: Insufficient policy enforcement in Omnibox. Reported by Rayyan Bijoora - CVE-2020-6498: Incorrect security UI in progress display. Reported by Rayyan Bijoora - CVE-2020-6505: Use after free in speech. Reported by Khalil Zhani - CVE-2020-6506: Insufficient policy enforcement in WebView. Reported by Alesandro Ortiz - CVE-2020-6507: Out of bounds write in V8. Reported by Sergei Glazunov * Conflict with ffmpeg 4.3 (closes: #963080). * Support building with icu 67 (closes: #960236). * Support building with re2 20200501 (closes: #960361). chromium (83.0.4103.83-1) unstable; urgency=medium . * New upstream stable release. - CVE-2020-6457: Use after free in speech recognizer. Reported by Leecraso and Guang Gong - CVE-2020-6458: Out of bounds read and write in PDFium. Reported by Aleksandar Nikolic - CVE-2020-6459: Use after free in payments. Reported by Zhe Jin - CVE-2020-6460: Insufficient data validation in URL formatting. Reported by Anonymous - CVE-2020-6461: Use after free in storage. Reported by Zhe Jin - CVE-2020-6462: Use after free in task scheduling. Reported by Zhe Jin - CVE-2020-6463: Use after free in ANGLE. Reported by Pawel Wylecial - CVE-2020-6464: Type Confusion in Blink. Reported by Looben Yang - CVE-2020-6465: Use after free in reader mode. Reported by Woojin Oh - CVE-2020-6466: Use after free in media. Reported by Zhe Jin - CVE-2020-6467: Use after free in WebRTC. Reported by ZhanJia Song - CVE-2020-6468: Type Confusion in V8. Reported by Chris Salls and Jake Corina - CVE-2020-6469: Insufficient policy enforcement in developer tools. Reported by David Erceg - CVE-2020-6470: Insufficient validation of untrusted input in clipboard. Reported by Michał Bentkowski - CVE-2020-6471: Insufficient policy enforcement in developer tools. Reported by David Erceg - CVE-2020-6472: Insufficient policy enforcement in developer tools. Reported by David Erceg - CVE-2020-6473: Insufficient policy enforcement in Blink. Reported by Soroush Karami and Panagiotis Ilia - CVE-2020-6474: Use after free in Blink. Reported by Zhe Jin - CVE-2020-6475: Incorrect security UI in full screen. Reported by Khalil Zhani - CVE-2020-6476: Insufficient policy enforcement in tab strip. Reported by Alexandre Le Borgne - CVE-2020-6478: Inappropriate implementation in full screen. Reported by Khalil Zhani - CVE-2020-6479: Inappropriate implementation in sharing. Reported by Zhong Zhaochen - CVE-2020-6480: Insufficient policy enforcement in enterprise. Reported by Marvin Witt - CVE-2020-6481: Insufficient policy enforcement in URL formatting. Reported by Rayyan Bijoora - CVE-2020-6482: Insufficient policy enforcement in developer tools. Reported by Abdulrahman Alqabandi - CVE-2020-6483: Insufficient policy enforcement in payments. Reported by Jun Kokatsu - CVE-2020-6484: Insufficient data validation in ChromeDriver. Reported by Artem Zinenko - CVE-2020-6485: Insufficient data validation in media router. Reported by Sergei Glazunov - CVE-2020-6486: Insufficient policy enforcement in navigations. Reported by David Erceg - CVE-2020-6487: Insufficient policy enforcement in downloads. Reported by Jun Kokatsu - CVE-2020-6488: Insufficient policy enforcement in downloads. Reported by David Erceg - CVE-2020-6489: Inappropriate implementation in developer tools. Reported by @lovasoa - CVE-2020-6490: Insufficient data validation in loader. Reported by Twitter - CVE-2020-6491: Incorrect security UI in site information. Reported by Sultan Haikal - CVE-2020-6831: Stack buffer overflow in SCTP. Reported by Natalie Silvanovich chromium (81.0.4044.92-1) unstable; urgency=medium . * New upstream stable release. - CVE-2020-6423: Use after free in audio. Reported by Anonymous - CVE-2020-6430: Type Confusion in V8. Reported by Avihay Cohen - CVE-2020-6431: Insufficient policy enforcement in full screen. Reported by Luan Herrera - CVE-2020-6432: Insufficient policy enforcement in navigations. Reported by David Erceg - CVE-2020-6433: Insufficient policy enforcement in extensions. Reported by David Erceg - CVE-2020-6434: Use after free in devtools. Reported by HyungSeok Han - CVE-2020-6435: Insufficient policy enforcement in extensions. Reported by Sergei Glazunov - CVE-2020-6436: Use after free in window management. Reported by Igor Bukanov - CVE-2020-6437: Inappropriate implementation in WebView. Reported by Jann Horn - CVE-2020-6438: Insufficient policy enforcement in extensions. Reported by Ng Yik Phang - CVE-2020-6439: Insufficient policy enforcement in navigations. Reported by remkoboonstra - CVE-2020-6440: Inappropriate implementation in extensions. Reported by David Erceg - CVE-2020-6441: Insufficient policy enforcement in omnibox. Reported by David Erceg - CVE-2020-6442: Inappropriate implementation in cache. Reported by B@rMey - CVE-2020-6443: Insufficient data validation in developer tools. Reported by @lovasoa - CVE-2020-6444: Uninitialized use in WebRTC. Reported by mlfbrown - CVE-2020-6445: Insufficient policy enforcement in trusted types. Reported by Jun Kokatsu - CVE-2020-6446: Insufficient policy enforcement in trusted types. Reported by Jun Kokatsu - CVE-2020-6447: Inappropriate implementation in developer tools. Reported by David Erceg - CVE-2020-6448: Use after free in V8. Reported by Guang Gong - CVE-2020-6454: Use after free in extensions. Reported by leecraso and Guang Gong - CVE-2020-6455: Out of bounds read in WebSQL. Reported by Nan Wang and Guang Gong - CVE-2020-6456: Insufficient validation of untrusted input in clipboard. Reported by Michał Bentkowski chromium (81.0.4044.62-1) experimental; urgency=medium . * New upstream beta release. chromium (80.0.3987.162-1) unstable; urgency=medium . * New upstream security release. - CVE-2020-6450: Use after free in WebAudio. Reported by Man Yue Mo - CVE-2020-6451: Use after free in WebAudio. Reported by Man Yue Mo - CVE-2020-6452: Heap buffer overflow in media. Reported by asnine clamav (0.102.4+dfsg-0+deb10u1) buster; urgency=medium . * Import 0.102.4 - CVE-2020-3350 (A malicious user trick clamav into moving a different file). - CVE-2020-3327 (A vulnerability in the ARJ archive parsing module). - CVE-2020-3481 (A vulnerability in the EGG archive module). * Update symbol file. clamav (0.102.3+dfsg-1) unstable; urgency=medium . * Import 0.102.3 - CVE-2020-3327 (A vulnerability in the ARJ archive parsing module) - CVE-2020-3341 (A vulnerability in the PDF parsing module) * Update symbol file. clamav (0.102.3+dfsg-0+deb10u1) buster; urgency=medium . [ Sebastian Andrzej Siewior ] * Import 0.102.3 - CVE-2020-3327 (A vulnerability in the ARJ archive parsing module) - CVE-2020-3341 (A vulnerability in the PDF parsing module) * Update symbol file. . [ Scott Kitterman ] * Add Suggests for unversioned libclamunrar package on clamav-daemon and clamav binaries clamav (0.102.3+dfsg-0~deb9u1) stretch; urgency=medium . [ Sebastian Andrzej Siewior ] * Import 0.102.3 - CVE-2020-3327 (A vulnerability in the ARJ archive parsing module) - CVE-2020-3341 (A vulnerability in the PDF parsing module) * Update symbol file. . [ Scott Kitterman ] * Add Suggests for unversioned libclamunrar package on clamav-daemon and clamav binaries clamav (0.102.2+dfsg-2) unstable; urgency=medium . * Add a patch to let freshclam consider CURL_CA_BUNDLE environment variable to set the CA bundle (like curl does) (Closes: #951057). * Recommend ca-certificates, new freshclash uses https by default. * Bump standards-version to 4.5.0 without further change * Use dh-compat level 12. clamav (0.102.2+dfsg-1) unstable; urgency=medium . * Import 0.102.2 - CVE-2020-3123 (DoS may occur in the optional DLP feature) (Closes: 950944). * Update symbol file. * Set ReceiveTimeout to 0 which is upstream default. cloud-init (20.2-2~deb10u1) buster; urgency=medium . * Release for buster. No further changes. . cloud-init (20.2-2) unstable; urgency=medium . * Add missing Build-Dep on python3-pytest . cloud-init (20.2-1) unstable; urgency=medium . * New upstream version * Drop patches that have been merged upstream * Switch to pytest for running tests, per upstream change . cloud-init (20.1-2) unstable; urgency=medium . * Fix python 3.8 incompatibility (Closes: #954276) * Cherry-pick fa1abfec2705 (ec2: only redact token request headers in logs, avoid altering request) from upstream. (Closes: #954363) * Cherry-pick 1f860e5ac7eb (ec2: Do not fallback to IMDSv1 on EC2) from upstream. . cloud-init (20.1-1) unstable; urgency=medium . * New upstream release * Remove patches applied upstream: - CVE-2020-8631.patch - CVE-2020-8632.patch * Refresh patches: - 0009-Drop-all-unused-extended-version-handling.patch * Reduce cloud-guest-utils from Depends to Recommends * Bump standards version to 4.5.0 (no changes needed) * Remove Charles Plessy from uploaders, as he is no longer active in the cloud team. . cloud-init (19.4-2) unstable; urgency=medium . * Import upstream fix for CVE-2020-8632. rand_user_password generates passwords of insufficient length. (Closes: #951363) * Import upstream fix for CVE-2020-8631. Cloud-init uses an insufficient source of randomness when generating passwords. (Closes: #951362) . cloud-init (19.4-1) unstable; urgency=medium . * New upstream release. * Update debian/copyright to note dual-dual license status (Closes: #866613) . cloud-init (19.3-2) unstable; urgency=medium . * Build-depends on python3-pep8 instead of just pep8 (Closes: #949940). . cloud-init (19.3-1) unstable; urgency=medium . * New upstream release. . cloud-init (19.2-4) unstable; urgency=medium . * Removed the last bit of Python2 build-depends (Closes: #942968). . cloud-init (19.2-3) unstable; urgency=medium . * Remove the patch for sources.list, and activate the option to preserve the sources.list by default (ie: apt_preserve_sources_list: true). . cloud-init (19.2-2) unstable; urgency=medium . * Comment out backports by default in apt/sources.list. * Standards-Version bump to 4.4.1. . cloud-init (19.2-1) unstable; urgency=medium . * New upstream release. (Closes: #931173, #936030) * Drop 0008-opennebula-also-exclude-epochseconds-from-changed-en.patch applied upstream. * Drop CVE-2019-0816_Filter_list_of_ssh_keys_pulled_from_fabric.patch also applied upstream. * Rebased patches: - 0009-Drop-all-unused-extended-version-handling.patch - 0012-Fix-message-when-a-local-is-missing.patch cloud-init (20.2-2~bpo10+1) buster-backports; urgency=medium . * Rebuild for buster-backports. cloud-init (20.2-1) unstable; urgency=medium . * New upstream version * Drop patches that have been merged upstream * Switch to pytest for running tests, per upstream change cloud-init (20.1-2) unstable; urgency=medium . * Fix python 3.8 incompatibility (Closes: #954276) * Cherry-pick fa1abfec2705 (ec2: only redact token request headers in logs, avoid altering request) from upstream. (Closes: #954363) * Cherry-pick 1f860e5ac7eb (ec2: Do not fallback to IMDSv1 on EC2) from upstream. cloud-init (20.1-1) unstable; urgency=medium . * New upstream release * Remove patches applied upstream: - CVE-2020-8631.patch - CVE-2020-8632.patch * Refresh patches: - 0009-Drop-all-unused-extended-version-handling.patch * Reduce cloud-guest-utils from Depends to Recommends * Bump standards version to 4.5.0 (no changes needed) * Remove Charles Plessy from uploaders, as he is no longer active in the cloud team. cloud-init (19.4-2) unstable; urgency=medium . * Import upstream fix for CVE-2020-8632. rand_user_password generates passwords of insufficient length. (Closes: #951363) * Import upstream fix for CVE-2020-8631. Cloud-init uses an insufficient source of randomness when generating passwords. (Closes: #951362) cloud-init (19.4-1) unstable; urgency=medium . * New upstream release. * Update debian/copyright to note dual-dual license status (Closes: #866613) cloud-init (19.3-2) unstable; urgency=medium . * Build-depends on python3-pep8 instead of just pep8 (Closes: #949940). cloud-init (19.3-1) unstable; urgency=medium . * New upstream release. cloud-init (19.2-4) unstable; urgency=medium . * Removed the last bit of Python2 build-depends (Closes: #942968). cloud-init (19.2-3) unstable; urgency=medium . * Remove the patch for sources.list, and activate the option to preserve the sources.list by default (ie: apt_preserve_sources_list: true). cloud-init (19.2-2) unstable; urgency=medium . * Comment out backports by default in apt/sources.list. * Standards-Version bump to 4.4.1. cloud-init (19.2-1) unstable; urgency=medium . * New upstream release. * Drop 0008-opennebula-also-exclude-epochseconds-from-changed-en.patch applied upstream. * Drop CVE-2019-0816_Filter_list_of_ssh_keys_pulled_from_fabric.patch also applied upstream. * Rebased patches: - 0009-Drop-all-unused-extended-version-handling.patch - 0012-Fix-message-when-a-local-is-missing.patch commons-configuration2 (2.2-1+deb10u1) buster; urgency=medium . * CVE-2020-1953 (Closes: #954713) confget (2.2.0-4+deb10u1) buster; urgency=medium . * Fix the Python module's handling of values containing "=": - add the test-ini-eq patch to add a test for such values - add the python-value-eq patch to fix the problem - Closes: #959887 coturn (4.5.1.1-1.1+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * specially crafted HTTP POST request can lead to heap overflow which can result in information leak (CVE-2020-6061) (Closes: #951876) * specially crafted HTTP POST request can lead to server crash and denial of service (CVE-2020-6062) (Closes: #951876) * init with zero any new or reused stun buffers (CVE-2020-4067) dbus (1.12.20-0+deb10u1) buster; urgency=medium . * New upstream stable release - CVE-2020-12049: Prevent a denial of service attack in which a local user can make the system dbus-daemon run out of file descriptors - Prevent use-after-free if two usernames share a uid - d/p/dbus-daemon-test-Don-t-test-fd-limits-if-in-an-unprivileg.patch: Drop patch, applied upstream. * d/gbp.conf: Configure for debian/buster dbus (1.12.18-1) unstable; urgency=medium . [ Simon McVittie ] * New upstream stable release - CVE-2020-12049: Prevent a denial of service attack in which a local user can make the system dbus-daemon run out of file descriptors - d/p/dbus-daemon-test-Don-t-test-fd-limits-if-in-an-unprivileg.patch: Drop patch, applied upstream. * Switch to debhelper-compat 12 - Don't restart systemd units on upgrade. Previously, this was handled by the dh_installinit override. - Add ${misc:Pre-Depends} to all binary packages. This is required for dbus for dh_installsystemd under dh compat level 12, and is harmless for the others. * dbus: Remove an unused Lintian override. Lintian used to warn twice for the statically-enabled dbus.service unit, but now only warns once. * dbus-tests: Silence package-contains-documentation-outside-usr-share-doc Lintian tag. The tests contain some READMEs that describe what is in their directory. * d/tests: Remove compatibility with deprecated ADTTMP. autopkgtest has supported AUTOPKGTEST_TMP long enough to use it unconditionally. * Introduce noinsttest build profile. This disables dbus-tests, and when combined with nocheck it disables the circular GLib dependency. * Remove non-standard pkg.dbus.minimal build profile. It was not a "safe" build profile (it altered the contents of binary packages, notably dropping LSM and systemd support, which could result in dependent packages being broken), and the combination of nocheck, nodoc and noinsttest achieves most of the same build-dependency reductions. * Explicitly build-depend on pkg-config. Previously, this was pulled in by libglib2.0-dev. (Closes: #945201) * d/upstream/metadata: Distinguish between Bug-Submit and Bug-Database * Change system bus socket to /run/dbus/system_bus_socket. The interoperable cross-distro path is /var/run/dbus/system_bus_socket, so this remains the upstream default for the benefit of distributions where /var/run and /run are (problematically) not guaranteed to be equivalent. However, Debian Policy since at least v4.1.5 guarantees that /var/run is a symlink to /run, and this has been implemented for several stable releases (since at least initscripts 2.88dsf-29 in 2012, in the sysvinit case), so it is harmless to prefer the path in /run, which has advantages in a few corner cases (ability to unmount /var is the main one) and avoids warnings from systemd. (Closes: #783321, #857678, #932105, #958289) * Standards-Version: 4.5.0 - Note that the user for `dbus-daemon --system` is still named 'messagebus' for historical reasons. If it was added today, we'd call it _dbus as per Policy §9.2.1, but this is not the right package to be experimenting with renaming system users. * d/dbus-udeb.postinst: Remove #DEBHELPER# token. debhelper doesn't actually substitute this in udebs, making it just an ordinary comment. . [ Debian Janitor ] * Remove trailing whitespace in d/changelog. * Use secure URI in Homepage field. * Re-export upstream signing key without extra signatures. * Set upstream metadata fields: Bug-Submit (from ./configure), Repository, Repository-Browse. dbus (1.12.16-2) unstable; urgency=medium . * Add bug number to previous changelog entry * Standards-Version: 4.4.1 (no changes required) - Note that dbus-user-session still has its previous dependencies, and has deliberately not been switched to the new default-logind virtual package. dbus-user-session relies on systemd --user: it is not enough to have systemd-logind or a compatible replacement like elogind. * d/dbus.init: Work around #940971 in libnss-systemd. If we are booting with a non-systemd init but libnss-systemd is still installed, tell libnss-systemd not to try to connect to dbus-daemon, which is never going to work well from inside dbus-daemon. * dbus.postinst: Append dbus to /run/reboot-required.pkgs on upgrade (Closes: #867263) debian-edu-config (2.10.65+deb10u6) buster; urgency=medium . [ Wolfgang Schweer ] * Fix loss of dynamically allocated v4 IP address. (Closes: #966129) - Drop etc/network/if-up.d/wpad-proxy-update. This script fails to work due to changed behaviour of the ifupdown/dhclient/systemd combination and now also causes the loss of a dynamically allocated ipv4 IP address about 30 minutes after booting. - Add code to d/debian-edu-config.postinstall to implement the intended proxy setting update after a WPAD change just after rebooting the system. (It would otherwise happen at first DHCP lease renewal ~15 minutes later.) - Adjust Makefile and debian/dirs. debian-installer (20190702+deb10u5) buster; urgency=medium . * Bump Linux ABI to 4.19.0-10. debian-installer-netboot-images (20190702+deb10u5) buster; urgency=medium . * Update to 20190702+deb10u5, from buster-proposed-updates. debian-ports-archive-keyring (2019.11.05~deb10u1) buster; urgency=medium . * Upload to buster. Closes: #952655. debian-security-support (2020.06.21~deb10u1) buster; urgency=medium . * Rebuild for buster. . debian-security-support (2020.06.21) unstable; urgency=medium . [ Mike Gabriel ] * Add cinder (OpenStack component) to security-support-ended.deb8. . debian-security-support (2020.06.11) unstable; urgency=medium . * Also add unbound to security-support-ended.deb8 - see DSA 4694-1 and https://lists.debian.org/debian-lts/2020/06/msg00024.html and follow-ups. . debian-security-support (2020.06.09) unstable; urgency=medium . [ Salvatore Bonaccorso ] * Add unbound to security-support-ended.deb9 (see DSA 4694-1). . debian-security-support (2020.05.22) unstable; urgency=medium . * Add pdns-recursor to security-support-ended.deb9 as explained in DSA-4691-1. . debian-security-support (2020.05.08) unstable; urgency=medium . [ Chris Lamb ] * Mark OpenStack packages as being unsupported in LTS; "jessie lost support from upstream just a few weeks after the release." debian-security-support (2020.06.21~deb9u1) stretch; urgency=medium . * This update for stretch only contains changes to the files security-support-limited and security-support-ended.deb(8|9|10) from version 2020.06.21 from unstable, the changes in detail are: - from 2020.06.21: * Add cinder (OpenStack component) to security-support-ended.deb8. - from 2020.06.11: * Also add unbound to security-support-ended.deb8 - see DSA 4694-1 and https://lists.debian.org/debian-lts/2020/06/msg00024.html and follow-ups. - from 2020.06.09: * Add unbound to security-support-ended.deb9 (see DSA 4694-1). - from 2020.05.22: * Add pdns-recursor to security-support-ended.deb9 as explained in DSA-4691-1. - from 2020.05.08: * Mark OpenStack packages as being unsupported in LTS; "jessie lost support from upstream just a few weeks after the release." - from 2020.04.16: * Add tor to security-support-ended.deb8 as well, see DSA 4644-1. * Add libperlspeak-perl to security-support-ended.deb(8|9|10), because of CVE-2020-10674 (#954238), also see #954297, #954298 and #954299. - from 2020.03.22: * Add tor to security-support-ended.deb9, see DSA 4644-1. - from 2020.03.15: * security-support-limited/zoneminder: declare limited support behind an authenticated HTTP zone (see #922724). - from 2020.03.05: * Add xen to security-support-ended.deb8. - from 2020.02.21: * Add nodejs to security-support-ended.deb8 and .deb9. - from 2020.01.21: * Add nethack to security-support-ended.deb8. * Mark xen as end-of-life for Stretch (DSA 4602-1). debian-security-support (2020.06.11) unstable; urgency=medium . * Also add unbound to security-support-ended.deb8 - see DSA 4694-1 and https://lists.debian.org/debian-lts/2020/06/msg00024.html and follow-ups. debian-security-support (2020.06.09) unstable; urgency=medium . [ Salvatore Bonaccorso ] * Add unbound to security-support-ended.deb9 (see DSA 4694-1). debian-security-support (2020.05.22) unstable; urgency=medium . * Add pdns-recursor to security-support-ended.deb9 as explained in DSA-4691-1. debian-security-support (2020.05.08) unstable; urgency=medium . [ Chris Lamb ] * Mark OpenStack packages as being unsupported in LTS; "jessie lost support from upstream just a few weeks after the release." debian-security-support (2020.04.16) unstable; urgency=medium . * Add tor to security-support-ended.deb8 as well, see DSA 4644-1. * Add libperlspeak-perl to security-support-ended.deb(8|9|10), because of CVE-2020-10674 (#954238), also see #954297, #954298 and #954299. docker.io (18.09.1+dfsg1-7.1+deb10u2) buster-security; urgency=medium . * Add upstream patch for CVE-2020-13401 (Closes: #962141) dovecot (1:2.3.4.1-5+deb10u2) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * Apply upstream fixes for CVE-2020-10957, CVE-2020-10958 and CVE-2020-10967 (Closes: #960963) - lib-smtp: smtp-server-cmd-vrfy - Restructure parameter parsing. - lib-smtp: smtp-syntax - Do not allow NULL return parameters for smtp_string_parse(). - lib-smtp: smtp-syntax - Do not allow NULL return parameters for smtp_xtext_parse(). - lib-smtp: syntax: Fix smtp_ehlo_line_parse() to also record the last parameter. - lib-smtp: smtp-syntax - Do not allow NULL return parameters for smtp_ehlo_line_parse(). - lib-smtp: smtp-syntax - Return 0 for smtp_string_parse() with empty input. - lib-smtp: Add tests for smtp_string_parse() and smtp_string_write(). - lib-smtp: test-smtp-server-errors - Add tests for VRFY and NOOP commands with invalid parameters. - lib-smtp: server: command: Move core of smtp_server_command_submit_reply() into a separate function. - lib-smtp: smtp-server-command - Assign cmd->reg immediately. - lib-smtp: smtp-server-command - Guarantee that non-destroy hooks aren't called for an ended command. - lib-smtp: smtp-server-command - Perform initial command execution in separate function. - lib-smtp: smtp-server-connection - Hold a command reference while executing a command. - lib-smtp: test-smtp-server-errors - Add tests for large series of empty and bad commands. - lib-smtp: smtp-address - Don't return NULL from smtp_address_clone*() unless the input is NULL. - lib-smtp: smtp-address - Don't recognize an address with empty localpart as <>. - lmtp: lmtp-commands - Explicity prohibit empty RCPT path. dpdk (18.11.8-1~deb10u1) buster; urgency=medium . * New upstream version 18.11.8; For a list of changes see http://doc.dpdk.org/guides-18.11/rel_notes/release_18_11.html * Drop CVE patches, merged upstream * Drop 0008-Revert-common-octeontx-add-missing-public-symbol.patch, merged upstream * Refresh 0004-build-bump-minimum-Meson-version-to-0.47.1.patch for 18.11.8 * Add missing symbol from mapfile in librte-cfgfile . dpdk (18.11.6-1~deb10u2) buster-security; urgency=high . * Backport patches to fix CVE-2020-10722, CVE-2020-10723, CVE-2020-10724 which affect the vhost driver. dpdk (18.11.6-1) unstable; urgency=medium . [ Luca Boccassi ] * New upstream version 18.11.6; For a list of changes see http://doc.dpdk.org/guides-18.11/rel_notes/release_18_11.html * Drop avoid-as-needed-as-it-causes-overlinking.patch, merged upstream. * Refresh remaining patches to remove fuzz from 18.11.6. * Add patch to avoid changing stable symbol version, breaking ABI. * Update librte-eal18.11.symbols with new experimental symbol from 18.11.6 . [ Christian Ehrhardt ] * d/*.lintian-overrides: add overrides for a few known but accepted deficiencies . [ Luca Boccassi ] * Use chrpath to strip RPATH from dpdk-test binary * Add missing librte-gro symbols file dpdk (18.11.6-1~deb10u2) buster-security; urgency=high . * Backport patches to fix CVE-2020-10722, CVE-2020-10723, CVE-2020-10724 which affect the vhost driver. evolution-data-server (3.30.5-1+deb10u1) buster-security; urgency=medium . * CVE-2020-14928: Response Injection via STARTTLS in SMTP and POP3. exim4 (4.92-8+deb10u4) buster-security; urgency=high . * Fix authentication bypass in SPA authenticator due to out-of-bound buffer read. https://bugs.exim.org/show_bug.cgi?id=2571 CVE-2020-12783 exiv2 (0.25-4+deb10u1) buster; urgency=medium . * Non-maintainer upload by the Security Team. * Minor adjustment to the patch for CVE-2018-10958 and CVE-2018-10999. The initial patch was overly restrictive in counting PNG image chunks. * CVE-2018-16336: remote denial of service (heap-based buffer over-read) via a crafted image file. fdroidserver (1.1.7-1~deb10u1) buster; urgency=medium . * New upstream release targeted for Debian/buster (Closes: #954070) * Remove "Recommends" test, ci.debian.net do not support binfmt_misc: https://salsa.debian.org/ci-team/debian-ci-config/-/issues/1 fdroidserver (1.1.7-1~deb10u1~bpo9+1) stretch-backports; urgency=medium . * Rebuild for stretch-backports. fdroidserver (1.1.6-4) unstable; urgency=medium . * fix running Recommends: test in containers fdroidserver (1.1.6-2) unstable; urgency=medium . * fix autopkgtest: run in VM so binfmt can be properly setup (Closes: #954395) fdroidserver (1.1.6-1) unstable; urgency=medium . * New upstream release targeted for Debian/buster fdroidserver (1.1.6-1~bpo9+1) stretch-backports; urgency=medium . * Rebuild for stretch-backports. . fdroidserver (1.1.6-1) unstable; urgency=medium . * New upstream release targeted for Debian/buster . fdroidserver (1.1.4-1) unstable; urgency=medium . * New upstream release targeted for Debian/buster * remove upstreamed patches . fdroidserver (1.1.3-3) unstable; urgency=medium . * conditionally disable tests that can't work with apksigner . fdroidserver (1.1.3-2) unstable; urgency=medium . * fix Recommends test, MD5 test fails with apksigner present . fdroidserver (1.1.3-1) unstable; urgency=medium . * New upstream version 1.1.3 to fix test suite . fdroidserver (1.1.2-1) unstable; urgency=medium . * New upstream version 1.1.2 (Closes: #929905) . fdroidserver (1.1.1-1) unstable; urgency=medium . * New upstream release * Recommends: apksigner to support APK Signature v2 and v3 . fdroidserver (1.1-1) unstable; urgency=medium . * New upstream release . fdroidserver (1.0.10-1) unstable; urgency=medium . * New upstream version . fdroidserver (1.0.9-1) unstable; urgency=medium . * New upstream version . fdroidserver (1.0.8-3) unstable; urgency=medium . * hack to get autopkgtest to skip failing gpg test . fdroidserver (1.0.8-2) unstable; urgency=medium . * autopkgtest: explicitly purge gnupg so tests pass . fdroidserver (1.0.8-1) unstable; urgency=medium . * New upstream version * remove python3-distutils, it is no longer needed . fdroidserver (1.0.7-2) unstable; urgency=medium . * Depends: python3-distutils so its always there . fdroidserver (1.0.7-1) unstable; urgency=medium . * New upstream release * fix autopkgtest . fdroidserver (1.0.6-1) unstable; urgency=medium . * New upstream release . fdroidserver (1.0.4-3) unstable; urgency=medium . * fix autopkgtest run: working dir, and UTF-8 environment . fdroidserver (1.0.4-2) unstable; urgency=medium . * run upstream testsuite using autopkgtest . fdroidserver (1.0.4-1) unstable; urgency=medium . * New upstream version 1.0.4 * Standards-Version: 4.1.4 no changes * support all the Java 10 and 11 packages * works with only androguard, removed optional deps * add debian/upstream/metadata file * Depends: androguard only on arches where it works . fdroidserver (1.0.3-2) unstable; urgency=medium . * only depend on aapt/androguard/zipalign on arches where available . fdroidserver (1.0.3-1) unstable; urgency=medium . * New upstream version * tighten up Depends to install fewer packages . fdroidserver (1.0.2-1) unstable; urgency=medium . * New upstream version . fdroidserver (1.0.0-1) unstable; urgency=medium . * New upstream version 1.0.0 . fdroidserver (0.9.1-1) unstable; urgency=medium . * New upstream release . fdroidserver (0.8-1) unstable; urgency=medium . * New upstream release fdroidserver (1.1.4-1) unstable; urgency=medium . * New upstream release targeted for Debian/buster * remove upstreamed patches ffmpeg (7:4.1.6-1~deb10u1) buster-security; urgency=medium . * New upstream release ffmpeg (7:4.1.4-1) unstable; urgency=medium . [ James Cowgill ] * New upstream release. (LP: #1837480) - avformat/aadec: Check for scanf() failure (CVE-2019-12730) (Closes: #932469) . * d/copyright: Remove paragraph containing license files. * d/control: Bump standards version to 4.4.0. * d/ffmpeg-doc.doc-base*: - Move API docs to Programming/C section. - Index the main manual pages as well. Thanks to 積丹尼 Dan Jacobson for the suggestion. (Closes: #924528) * d/rules: - Disable crystalhd. (Closes: #917292) - Generate index.html file for the HTML manual pages. . [ Ondřej Nový ] * d/control: - Use debhelper-compat instead of debian/compat. file-roller (3.30.1-2+deb10u1) buster; urgency=medium . * CVE-2020-11736 (Closes: #956638) firefox-esr (68.10.0esr-1~deb10u1) buster-security; urgency=medium . * New upstream release * Fixes for mfsa2020-25, also known as: CVE-2020-12417, CVE-2020-12418, CVE-2020-12419, CVE-2020-12420, CVE-2020-12421. firefox-esr (68.10.0esr-1~deb9u1) stretch-security; urgency=medium . * New upstream release * Fixes for mfsa2020-25, also known as: CVE-2020-12417, CVE-2020-12418, CVE-2020-12419, CVE-2020-12420, CVE-2020-12421. firefox-esr (68.9.0esr-1) unstable; urgency=medium . * New upstream release * Fixes for mfsa2020-21, also known as: CVE-2020-12399, CVE-2020-12405, CVE-2020-12406, CVE-2020-12410. . * debian/rules: Force using old PKCS11 API when building against newer NSS releases. Closes: #961762. * debian/control*: Bump nss build dependencies. firefox-esr (68.9.0esr-1~deb10u1) buster-security; urgency=medium . * New upstream release * Fixes for mfsa2020-21, also known as: CVE-2020-12399, CVE-2020-12405, CVE-2020-12406, CVE-2020-12410. . * debian/rules: Force using old PKCS11 API when building against newer NSS releases. Closes: #961762. * debian/control*: Bump nss build dependencies. firefox-esr (68.9.0esr-1~deb9u1) stretch-security; urgency=medium . * New upstream release * Fixes for mfsa2020-21, also known as: CVE-2020-12399, CVE-2020-12405, CVE-2020-12406, CVE-2020-12410. . * debian/rules: Force using old PKCS11 API when building against newer NSS releases. Closes: #961762. * debian/control*: Bump nss build dependencies. firefox-esr (68.8.0esr-1) unstable; urgency=medium . * New upstream release * Fixes for mfsa2020-17, also known as: CVE-2020-12387, CVE-2020-6831, CVE-2020-12392, CVE-2020-12395. firefox-esr (68.8.0esr-1~deb10u1) buster-security; urgency=medium . * New upstream release * Fixes for mfsa2020-17, also known as: CVE-2020-12387, CVE-2020-6831, CVE-2020-12392, CVE-2020-12395. firefox-esr (68.8.0esr-1~deb9u1) stretch-security; urgency=medium . * New upstream release * Fixes for mfsa2020-17, also known as: CVE-2020-12387, CVE-2020-6831, CVE-2020-12392, CVE-2020-12395. firefox-esr (68.7.0esr-1) unstable; urgency=medium . * New upstream release * Fixes for mfsa2020-13, also known as: CVE-2020-6821, CVE-2020-6822, CVE-2020-6825. freerdp2 (2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2) buster; urgency=medium . [ Bernhard Miklautz ] * debian/patches - security releated backports from upstream * Add 0003-Fixed-6007-Boundary-checks-in-rdp_read_flow_control.patch * Add 0004-Fixed-6009-Bounds-checks-in-autodetect_recv_bandwidt.patch * Add 0005-Fixed-6006-bounds-checks-in-update_read_synchronize.patch * Add 0006-Fixed-6005-Bounds-checks-in-update_read_bitmap_data.patch * Add 0007-Fixed-6011-Bounds-check-in-rdp_read_font_capability.patch * Add 0008-Fixed-6013-Check-new-length-is-0.patch * Add 0009-Fix-6010-Check-length-in-read_icon_info.patch * Add 0010-Use-substreams-to-parse-gcc_read_server_data_blocks.patch * Add 0011-Fixed-Stream_-macros-bracing-arguments.patch * Add 0012-Use-safe-seek-for-capability-parsing.patch * Add 0013-Fixed-CVE-2020-11525-Out-of-bounds-read-in-bitmap_ca.patch (CVE-2020-11525). * Add 0014-Fixed-6012-CVE-2020-11526-Out-of-bounds-read-in-upda.patch (CVE-2020-11526). * Add 0015-Fix-CVE-2020-11523-clamp-invalid-rectangles-to-size-.patch (CVE-2020-11523). * Add 0016-Fix-CVE-2020-11524-out-of-bounds-access-in-interleav.patch (CVE-2020-11524). * Add 0017-Fixed-CVE-2020-11522-Limit-number-of-DELTA_RECT-to-4.patch (CVE-2020-11522). * Add 0018-Fixed-CVE-2020-11521-Out-of-bounds-write-in-planar-c.patch (CVE-2020-11521). * Add 0019-Fixed-possible-NULL-access.patch * Add 0020-Check-for-int-overflow-in-gdi_InvalidateRegion.patch . [ Mike Gabriel ] * debian/patches: + Add 0002_fix-channels-smartcard-fix-statusw-call.patch. Fix smartcard login failures. (Closes: #919281). fwupd (1.2.13-2) buster; urgency=medium . * No-change upload to pick up rotated Debian signing keys fwupd (1.2.13-1) stable; urgency=medium . * Update to 1.2.13 stable release. - Fixes issues on stable release (Closes: #961490) - Fixes vendor id hard requirement (Closes: #946623) - Fixes CVE-2020-10759 (Closes: #962517) * Add patch to revert new libxmlb requirement to allow working with libxmlb available in Buster. * debian/* changes backported from testing: - Refresh symbols - Install fwupdoffline binary - Install fwupd shutdown systemd unit - Refresh dependencies for modem manager plugin - Update copyright for new new contributors - Update watch file for correct upstream URL. fwupd (1.2.10-2) unstable; urgency=medium . [ Steve McIntyre ] * Add Built-Using for the fwupd-*-signed packages. Closes: #932757 fwupd (1.2.10-1) unstable; urgency=medium . * New upstream version (1.2.10) fwupd (1.2.9-1) unstable; urgency=medium . * New upstream version (1.2.9) fwupd (1.2.6-1) unstable; urgency=medium . * New upstream version (1.2.6) * debian/control: - Add new build depends related to Modem Manager fwupd-amd64-signed (1.2.13+2) buster; urgency=medium . * Update to fwupd version 1.2.13-2 fwupd-amd64-signed (1.2.13+1) stable; urgency=medium . * Update to fwupd version 1.2.13-1 fwupd-amd64-signed (1.2.10+2) unstable; urgency=medium . * Update to fwupd version 1.2.10-2 fwupd-amd64-signed (1.2.10+1) unstable; urgency=medium . * Update to fwupd version 1.2.10-1 fwupd-amd64-signed (1.2.9+1) unstable; urgency=medium . * Update to fwupd version 1.2.9-1 fwupd-amd64-signed (1.2.6+1) unstable; urgency=medium . * Update to fwupd version 1.2.6-1 fwupd-arm64-signed (1.2.13+2) buster; urgency=medium . * Update to fwupd version 1.2.13-2 fwupd-arm64-signed (1.2.13+1) stable; urgency=medium . * Update to fwupd version 1.2.13-1 fwupd-arm64-signed (1.2.10+2) unstable; urgency=medium . * Update to fwupd version 1.2.10-2 fwupd-arm64-signed (1.2.10+1) unstable; urgency=medium . * Update to fwupd version 1.2.10-1 fwupd-arm64-signed (1.2.9+1) unstable; urgency=medium . * Update to fwupd version 1.2.9-1 fwupd-arm64-signed (1.2.6+1) unstable; urgency=medium . * Update to fwupd version 1.2.6-1 fwupd-armhf-signed (1.2.13+2) buster; urgency=medium . * Update to fwupd version 1.2.13-2 fwupd-armhf-signed (1.2.13+1) stable; urgency=medium . * Update to fwupd version 1.2.13-1 fwupd-armhf-signed (1.2.10+2) unstable; urgency=medium . * Update to fwupd version 1.2.10-2 fwupd-armhf-signed (1.2.10+1) unstable; urgency=medium . * Update to fwupd version 1.2.10-1 fwupd-armhf-signed (1.2.9+1) unstable; urgency=medium . * Update to fwupd version 1.2.9-1 fwupd-armhf-signed (1.2.6+1) unstable; urgency=medium . * Update to fwupd version 1.2.6-1 fwupd-i386-signed (1.2.13+2) buster; urgency=medium . * Update to fwupd version 1.2.13-2 fwupd-i386-signed (1.2.13+1) stable; urgency=medium . * Update to fwupd version 1.2.13-1 fwupd-i386-signed (1.2.10+2) unstable; urgency=medium . * Update to fwupd version 1.2.10-2 fwupd-i386-signed (1.2.10+1) unstable; urgency=medium . * Update to fwupd version 1.2.10-1 fwupd-i386-signed (1.2.9+1) unstable; urgency=medium . * Update to fwupd version 1.2.9-1 fwupd-i386-signed (1.2.6+1) unstable; urgency=medium . * Update to fwupd version 1.2.6-1 fwupdate (12-4+deb10u1) buster; urgency=medium fwupdate-amd64-signed (12+4+deb10u1) buster; urgency=medium . * Update to fwupdate version 12-4+deb10u1 fwupdate-arm64-signed (12+4+deb10u1) buster; urgency=medium . * Update to fwupdate version 12-4+deb10u1 fwupdate-armhf-signed (12+4+deb10u1) buster; urgency=medium . * Update to fwupdate version 12-4+deb10u1 fwupdate-i386-signed (12+4+deb10u1) buster; urgency=medium . * Update to fwupdate version 12-4+deb10u1 gist (5.0.0-2+deb10u1) buster; urgency=medium . * Avoid deprecated authorization API (Closes: #964544) glib-networking (2.58.0-2+deb10u2) buster; urgency=medium . * Break balsa older than 2.5.6-2+deb10u1 as the fix for CVE-2020-13645 breaks balsa's certificate verification (see #961792). glib-networking (2.58.0-2+deb10u1) buster; urgency=medium . * Team upload * d/p/Return-bad-identity-error-if-identity-is-unset.patch: Backport fix for CVE-2020-13645 from upstream (Closes: #961756) gnutls28 (3.6.7-4+deb10u5) buster; urgency=medium . * 42_rel3.6.11_10-session-tickets-parse-extension-during-session-resum.patch from GNUTLS 3.6.11: Fix TL1.2 resumption errors. Closes: #956649 * 47_rel3.6.13_10-session_pack-fix-leak-in-error-path.patch from GNUTLS 3.6.14: One line fix for memory leak. Closes: #958704 * Rename 44_rel3.6.14_01-stek-differentiate-initial-state-from-valid-time-win.patch (security upload) to 44_rel3.6.14_90_... to be able to pull earlier fixes from 3.6.14 and have correct patch filename order. * 44_rel3.6.14_10-Update-session_ticket.c-to-add-support-for-zero-leng.patch from GnuTLS 3.6.14: Handle zero length session tickets, fixing connection errors on TLS1.2 sessions to some big hosting providers. (See LP 1876286) * 44_rel3.6.14_15-_gnutls_pkcs11_verify_crt_status-check-validity-agai.patch 44_rel3.6.14_16-x509-trigger-fallback-verification-path-when-cert-is.patch 44_rel3.6.14_17-tests-add-test-case-for-certificate-chain-supersedin.patch backported from GnuTLS 3.6.14: Fix verification error with alternate chains. Closes: #961889 gnutls28 (3.6.7-4+deb10u4) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * GNUTLS-SA-2020-06-03: Flaw in TLS session ticket key construction (CVE-2020-13777) (Closes: #962289) graphicsmagick (1.4+really1.3.35-1~deb10u1) buster-security; urgency=high . * Security backport for Buster. * Relax Standards-Version to 4.3.0 . . graphicsmagick (1.4+really1.3.35-1) unstable; urgency=high . * New upstream release, fixing the following security issues among others: - ReadSVGImage(): Fix dereference of NULL pointer when stopping image timer, - DrawImage(): Fix integer-overflow in DrawPolygonPrimitive() . * Update library symbols for this release. . [ Nicolas Boulenguez ] * mime: improve formatting. * mime: adjust priority for all images (closes: #951758). . graphicsmagick (1.4+really1.3.34+hg16230-1) unstable; urgency=medium . * Mercurial snapshot, fixing the following security issues: - WritePICTImage(): Eliminating small buffer overrun when run-length encoding pixels, - WriteOneJNGImage(): Detect when JPEG encoder has failed, and throw exception, - DecodeImage(): Fix heap buffer over-reads, - DecodeImage(): Allocate extra scanline memory to allow small RLE overrun. * Update library symbols for this release. * Update Standards-Version to 4.5.0 . . graphicsmagick (1.4+really1.3.34+hg16181-1) unstable; urgency=medium . * Mercurial snapshot, fixing the following security issue: - WritePCXImage(): Fix heap overflow in PCX writer when bytes per line value overflows its 16-bit storage unit. * Fix definition of ResourceInfinity. . [ Nicolas Boulenguez ] * Lower MIME priority for PS/PDF (closes: #935099). . graphicsmagick (1.4+really1.3.34-2) unstable; urgency=medium . * Still use glibc malloc allocator. . graphicsmagick (1.4+really1.3.34-1) unstable; urgency=high . * New upstream release, fixing the following security issues among others: - PNMInteger(): Place a generous arbitrary limit on the amount of PNM comment text to avoid DoS opportunity, - MagickClearException(): Destroy any existing exception info before re-initializing the exception info or else there will be a memory leak, - HuffmanDecodeImage(): Fix signed overflow on range check which leads to heap overflow, - ReadMNGImage(): Only magnify the image if the requested magnification methods are supported, - GenerateEXIFAttribute(): Add validations to prevent heap buffer overflow, - DrawPatternPath(): Don't leak memory if fill_pattern or stroke_pattern of cloned draw_info are not null, - CVE-2019-19953: PICT: Throw a writer exception if the PICT width limit is exceeded (closes: #947311). * Build with Google Thread-Caching Malloc library. * Update Standards-Version to 4.4.1 . . graphicsmagick (1.4+really1.3.33+hg16117-1) unstable; urgency=high . * Mercurial snapshot, fixing the following security issue: - CVE-2019-16709: ReadDPSImage(): Fix memory leak when OpenBlob() reports failure. . graphicsmagick (1.4+really1.3.33+hg16115-1) unstable; urgency=high . * Mercurial snapshot, fixing the following security issues: - ReadMNGImage(): skip coalescing layers if there is only one layer, - DrawStrokePolygon(): handle case where TraceStrokePolygon() returns NULL, - DrawDashPolygon(): handle case where DrawStrokePolygon() returns MagickFail, - TraceBezier(): detect arithmetic overflow and return errors via normal error path rather than exiting, - ExtractTokensBetweenPushPop(): fix non-terminal parsing loop, - GenerateEXIFAttribute(): check that we are not being directed to read an IFD that we are already parsing and quit in order to avoid a loop, - ReallocColormap(): avoid dereferencing a NULL pointer if image->colormap is NULL, - png_read_raw_profile(): fix validation of raw profile length, - TraceArcPath(): substitute a lineto command when tracing arc is impossible, - GenerateEXIFAttribute(): skip unsupported/invalid format 0. . graphicsmagick (1.4+really1.3.33-1) unstable; urgency=medium . * New upstream release, including many security fixes. . graphicsmagick (1.4+really1.3.32-1) unstable; urgency=high . * New upstream release, fixing the following security issues among others: - DrawImage(): Terminate drawing if DrawCompositeMask() reports failure, - DrawImage(): Detect an error in TracePath() and quit rather than forging on. * Backport security fixes: - ReadTIFFImage(): Fix typo in initialization of 'tile' pointer variable, - WriteDIBImage(): Detect arithmetic overflow of image_size, - WriteBMPImage(): Detect arithmetic overflow of image_size, - WriteBMPImage(): Assure that chromaticity uses double-precision for multiply before casting to unsigned integer. . graphicsmagick (1.4~hg16039-1) unstable; urgency=high . * Mercurial snapshot, fixing the following security issues: - ImportRLEPixels(): Fix heap overflow caused by a typo in the code. Also fix undefined behavior caused by large left shifts of an unsigned char, - ThrowException(), ThrowLoggedException(): Handle the case where some passed character strings refer to existing exception character strings, - PICT: Allocate output buffer used by ExpandBuffer() on DecodeImage() stack, - WritePDFImage(): Allocate working buffer on stack and pass as argument to EscapeParenthesis() to eliminate a thread safety problem, - TranslateTextEx(): Remove support for reading from a file using '@filename' syntax, - DrawImage(): Only support '@filename' syntax to read drawing primitive from a file if we are not already drawing. * Update library symbols for this release. graphicsmagick (1.4+really1.3.34+hg16230-1) unstable; urgency=medium . * Mercurial snapshot, fixing the following security issues: - WritePICTImage(): Eliminating small buffer overrun when run-length encoding pixels, - WriteOneJNGImage(): Detect when JPEG encoder has failed, and throw exception, - DecodeImage(): Fix heap buffer over-reads, - DecodeImage(): Allocate extra scanline memory to allow small RLE overrun. * Update library symbols for this release. * Update Standards-Version to 4.5.0 . graphicsmagick (1.4+really1.3.34+hg16181-1) unstable; urgency=medium . * Mercurial snapshot, fixing the following security issue: - WritePCXImage(): Fix heap overflow in PCX writer when bytes per line value overflows its 16-bit storage unit. * Fix definition of ResourceInfinity. . [ Nicolas Boulenguez ] * Lower MIME priority for PS/PDF (closes: #935099). graphicsmagick (1.4+really1.3.34-2) unstable; urgency=medium . * Still use glibc malloc allocator. graphicsmagick (1.4+really1.3.34-1) unstable; urgency=high . * New upstream release, fixing the following security issues among others: - PNMInteger(): Place a generous arbitrary limit on the amount of PNM comment text to avoid DoS opportunity, - MagickClearException(): Destroy any existing exception info before re-initializing the exception info or else there will be a memory leak, - HuffmanDecodeImage(): Fix signed overflow on range check which leads to heap overflow, - ReadMNGImage(): Only magnify the image if the requested magnification methods are supported, - GenerateEXIFAttribute(): Add validations to prevent heap buffer overflow, - DrawPatternPath(): Don't leak memory if fill_pattern or stroke_pattern of cloned draw_info are not null, - CVE-2019-19953: PICT: Throw a writer exception if the PICT width limit is exceeded (closes: #947311). * Build with Google Thread-Caching Malloc library. * Update Standards-Version to 4.4.1 . graphicsmagick (1.4+really1.3.33+hg16117-1) unstable; urgency=high . * Mercurial snapshot, fixing the following security issue: - CVE-2019-16709: ReadDPSImage(): Fix memory leak when OpenBlob() reports failure. graphicsmagick (1.4+really1.3.33+hg16115-1) unstable; urgency=high . * Mercurial snapshot, fixing the following security issues: - ReadMNGImage(): skip coalescing layers if there is only one layer, - DrawStrokePolygon(): handle case where TraceStrokePolygon() returns NULL, - DrawDashPolygon(): handle case where DrawStrokePolygon() returns MagickFail, - TraceBezier(): detect arithmetic overflow and return errors via normal error path rather than exiting, - ExtractTokensBetweenPushPop(): fix non-terminal parsing loop, - GenerateEXIFAttribute(): check that we are not being directed to read an IFD that we are already parsing and quit in order to avoid a loop, - ReallocColormap(): avoid dereferencing a NULL pointer if image->colormap is NULL, - png_read_raw_profile(): fix validation of raw profile length, - TraceArcPath(): substitute a lineto command when tracing arc is impossible, - GenerateEXIFAttribute(): skip unsupported/invalid format 0. graphicsmagick (1.4+really1.3.33-1) unstable; urgency=medium . * New upstream release, including many security fixes. graphicsmagick (1.4+really1.3.32-1) unstable; urgency=high . * New upstream release, fixing the following security issues among others: - DrawImage(): Terminate drawing if DrawCompositeMask() reports failure, - DrawImage(): Detect an error in TracePath() and quit rather than forging on. * Backport security fixes: - ReadTIFFImage(): Fix typo in initialization of 'tile' pointer variable, - WriteDIBImage(): Detect arithmetic overflow of image_size, - WriteBMPImage(): Detect arithmetic overflow of image_size, - WriteBMPImage(): Assure that chromaticity uses double-precision for multiply before casting to unsigned integer. graphicsmagick (1.4~hg16039-1) unstable; urgency=high . * Mercurial snapshot, fixing the following security issues: - ImportRLEPixels(): Fix heap overflow caused by a typo in the code. Also fix undefined behavior caused by large left shifts of an unsigned char, - ThrowException(), ThrowLoggedException(): Handle the case where some passed character strings refer to existing exception character strings, - PICT: Allocate output buffer used by ExpandBuffer() on DecodeImage() stack, - WritePDFImage(): Allocate working buffer on stack and pass as argument to EscapeParenthesis() to eliminate a thread safety problem, - TranslateTextEx(): Remove support for reading from a file using '@filename' syntax, - DrawImage(): Only support '@filename' syntax to read drawing primitive from a file if we are not already drawing. * Update library symbols for this release. grub-efi-amd64-signed (1+2.02+dfsg1+20+deb10u2) buster-security; urgency=high . * Update to grub2 2.02+dfsg1-20+deb10u2 grub-efi-amd64-signed (1+2.02+dfsg1+20+deb10u1) buster-security; urgency=high . * Update to grub2 2.02+dfsg1-20+deb10u1 grub-efi-arm64-signed (1+2.02+dfsg1+20+deb10u2) buster-security; urgency=high . * Update to grub2 2.02+dfsg1-20+deb10u2 grub-efi-arm64-signed (1+2.02+dfsg1+20+deb10u1) buster-security; urgency=high . * Update to grub2 2.02+dfsg1-20+deb10u1 grub-efi-ia32-signed (1+2.02+dfsg1+20+deb10u2) buster-security; urgency=high . * Update to grub2 2.02+dfsg1-20+deb10u2 grub-efi-ia32-signed (1+2.02+dfsg1+20+deb10u1) buster-security; urgency=high . * Update to grub2 2.02+dfsg1-20+deb10u1 grub2 (2.02+dfsg1-20+deb10u2) buster-security; urgency=high . * Fix a regression caused by "efi: fix some malformed device path arithmetic errors" (thanks, Chris Coulson and Steve McIntyre; closes: #966554). grub2 (2.02+dfsg1-20+deb10u1) buster-security; urgency=high . * Backport security patch series from upstream: - CVE-2020-10713: yylex: Make lexer fatal errors actually be fatal - safemath: Add some arithmetic primitives that check for overflow - calloc: Make sure we always have an overflow-checking calloc() available - CVE-2020-14308: calloc: Use calloc() at most places - CVE-2020-14309, CVE-2020-14310, CVE-2020-14311: malloc: Use overflow checking primitives where we do complex allocations - iso9660: Don't leak memory on realloc() failures - font: Do not load more than one NAME section - gfxmenu: Fix double free in load_image() - xnu: Fix double free in grub_xnu_devprop_add_property() - lzma: Make sure we don't dereference past array - term: Fix overflow on user inputs - udf: Fix memory leak - tftp: Do not use priority queue - relocator: Protect grub_relocator_alloc_chunk_addr() input args against integer underflow/overflow - relocator: Protect grub_relocator_alloc_chunk_align() max_addr against integer underflow - script: Remove unused fields from grub_script_function struct - CVE-2020-15706: script: Avoid a use-after-free when redefining a function during execution - relocator: Fix grub_relocator_alloc_chunk_align() top memory allocation - hfsplus: fix two more overflows - lvm: fix two more potential data-dependent alloc overflows - emu: make grub_free(NULL) safe - efi: fix some malformed device path arithmetic errors - update safemath with fallback code for gcc older than 5.1 - efi: Fix use-after-free in halt/reboot path - linux loader: avoid overflow on initrd size calculation - CVE-2020-15707: linux: Fix integer overflows in initrd size handling * Apply overflow checking to allocations in Debian patches: - CVE-2020-15707: efilinux: Fix integer overflows in grub_cmd_initrd - bootp: Fix integer overflow in parse_dhcp6_option - unix/config: Fix integer overflow in grub_util_load_config - deviceiter: Fix integer overflow in grub_util_iterate_devices imagemagick (8:6.9.10.23+dfsg-2.1+deb10u1) buster-security; urgency=medium . * CVE-2019-10649 * CVE-2019-11470 (Closes: #927830) * CVE-2019-11472 (Closes: #927828) * CVE-2019-11597 (Closes: #928207) * CVE-2019-11598 (Closes: #928206) * CVE-2019-12974 (Closes: #931196) * CVE-2019-12975 (Closes: #931193) * CVE-2019-12976 (Closes: #931192) * CVE-2019-12977 (Closes: #931191) * CVE-2019-12978 (Closes: #931190) * CVE-2019-12979 (Closes: #931189) * CVE-2019-13135 (Closes: #932079) * CVE-2019-13137 (Closes: #931342) * CVE-2019-13295 (Closes: #931457) * CVE-2019-13297 (Closes: #931455) * CVE-2019-13300 (Closes: #931454) * CVE-2019-13301 * CVE-2019-13304 (Closes: #931453) * CVE-2019-13305 (Closes: #931452) * CVE-2019-13307 (Closes: #931448) * CVE-2019-13308 (Closes: #931447) * CVE-2019-13309 * CVE-2019-13311 * CVE-2019-13454 (Closes: #931740) * CVE-2019-14981 (Closes: #955025) * CVE-2019-15139 (Closes: #941670) * CVE-2019-15140 (Closes: #941671) * CVE-2019-16708 * CVE-2019-16710 * CVE-2019-16711 * CVE-2019-16713 * CVE-2019-7175 * CVE-2019-7395 * CVE-2019-7396 * CVE-2019-7397 * CVE-2019-7398 * CVE-2019-19948 (Closes: #947308) * CVE-2019-19949 (Closes: #947309) Thanks for Marc Deslauriers for patches from the 19.10 USN update (same base version) intel-microcode (3.20200616.1~deb10u1) buster; urgency=high . * Rebuild for Debian stable (buster), no changes . intel-microcode (3.20200616.1) unstable; urgency=high . * New upstream microcode datafile 20200616 + Downgraded microcodes (to a previously shipped revision): sig 0x000406e3, pf_mask 0xc0, 2019-10-03, rev 0x00d6, size 101376 sig 0x000506e3, pf_mask 0x36, 2019-10-03, rev 0x00d6, size 101376 * Works around hangs on boot on Skylake-U/Y and Skylake Xeon E3, https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31 * This update *removes* the SRBDS mitigations from the above processors * Note that Debian had already downgraded 0x406e3 in release 3.20200609.2 intel-microcode (3.20200616.1~deb9u1) stretch; urgency=high . * Rebuild for Debian oldstable (stretch), no changes . intel-microcode (3.20200616.1) unstable; urgency=high . * New upstream microcode datafile 20200616 + Downgraded microcodes (to a previously shipped revision): sig 0x000406e3, pf_mask 0xc0, 2019-10-03, rev 0x00d6, size 101376 sig 0x000506e3, pf_mask 0x36, 2019-10-03, rev 0x00d6, size 101376 * Works around hangs on boot on Skylake-U/Y and Skylake Xeon E3, https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31 * This update *removes* the SRBDS mitigations from the above processors * Note that Debian had already downgraded 0x406e3 in release 3.20200609.2 intel-microcode (3.20200609.2) unstable; urgency=medium . * REGRESSION FIX: 0x406e3: rollback to rev 0xd6 and document regression * Microcode rollbacks (closes: LP#1883002) sig 0x000406e3, pf_mask 0xc0, 2019-10-03, rev 0x00d6, size 101376 * THIS REMOVES THE SECURITY FIXES FOR SKYLAKE-U/Y PROCESSORS * Avoid hangs on boot on (some?) Skylake-U/Y processors, https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31 * ucode-blacklist: blacklist models 0x8e and 0x9e from late-loading, just in case. Note that Debian does not do late loading by itself. Refer to LP#1883002 for the report, 0x806ec hangs upon late load. intel-microcode (3.20200609.2~deb10u1) buster-security; urgency=high . * Rebuild for buster-security, no changes Refer to changelog entries for 3.20200609.2 and 3.20200609.1 for details . intel-microcode (3.20200609.2) unstable; urgency=medium . * REGRESSION FIX: 0x406e3: rollback to rev 0xd6 and document regression * Microcode rollbacks (closes: LP#1883002) sig 0x000406e3, pf_mask 0xc0, 2019-10-03, rev 0x00d6, size 101376 * THIS REMOVES THE SECURITY FIXES FOR SKYLAKE-U/Y PROCESSORS * Avoid hangs on boot on (some?) Skylake-U/Y processors, https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31 * ucode-blacklist: blacklist models 0x8e and 0x9e from late-loading, just in case. Note that Debian does not do late loading by itself. Refer to LP#1883002 for the report, 0x806ec hangs upon late load. . intel-microcode (3.20200609.1) unstable; urgency=high . * SECURITY UPDATE * For most processors: SRBDS and/or VRDS, L1DCES mitigations depending on the processor model * For Skylake HEDT and Skylake Xeons with signature 0x50654: VRDS and L1DCES mitigations, plus mitigations described in the changelog entry for package release 3.20191112.1. * Expect some performance impact, the mitigations are enabled by default. A Linux kernel update will be issued that allows one to selectively disable the mitigations. * New upstream microcode datafile 20200609 * Implements mitigation for CVE-2020-0543 Special Register Buffer Data Sampling (SRBDS), INTEL-SA-00320, CROSSTalk * Implements mitigation for CVE-2020-0548 Vector Register Data Sampling (VRDS), INTEL-SA-00329 * Implements mitigation for CVE-2020-0549 L1D Cache Eviction Sampling (L1DCES), INTEL-SA-00329 * Known to fix the regression introduced in release 2019-11-12 (sig 0x50564, rev. 0x2000065), which would cause several systems with Skylake Xeon, Skylake HEDT processors to hang while rebooting * Updated Microcodes: sig 0x000306c3, pf_mask 0x32, 2019-11-12, rev 0x0028, size 23552 sig 0x000306d4, pf_mask 0xc0, 2019-11-12, rev 0x002f, size 19456 sig 0x00040651, pf_mask 0x72, 2019-11-12, rev 0x0026, size 22528 sig 0x00040661, pf_mask 0x32, 2019-11-12, rev 0x001c, size 25600 sig 0x00040671, pf_mask 0x22, 2019-11-12, rev 0x0022, size 14336 sig 0x000406e3, pf_mask 0xc0, 2020-04-27, rev 0x00dc, size 104448 sig 0x00050653, pf_mask 0x97, 2020-04-24, rev 0x1000157, size 32768 sig 0x00050654, pf_mask 0xb7, 2020-04-24, rev 0x2006906, size 34816 sig 0x00050656, pf_mask 0xbf, 2020-04-23, rev 0x4002f01, size 52224 sig 0x00050657, pf_mask 0xbf, 2020-04-23, rev 0x5002f01, size 52224 sig 0x000506e3, pf_mask 0x36, 2020-04-27, rev 0x00dc, size 104448 sig 0x000806e9, pf_mask 0x10, 2020-04-27, rev 0x00d6, size 103424 sig 0x000806e9, pf_mask 0xc0, 2020-04-27, rev 0x00d6, size 103424 sig 0x000806ea, pf_mask 0xc0, 2020-04-27, rev 0x00d6, size 103424 sig 0x000806eb, pf_mask 0xd0, 2020-04-27, rev 0x00d6, size 103424 sig 0x000806ec, pf_mask 0x94, 2020-04-23, rev 0x00d6, size 103424 sig 0x000906e9, pf_mask 0x2a, 2020-04-23, rev 0x00d6, size 103424 sig 0x000906ea, pf_mask 0x22, 2020-04-27, rev 0x00d6, size 102400 sig 0x000906eb, pf_mask 0x02, 2020-04-23, rev 0x00d6, size 103424 sig 0x000906ec, pf_mask 0x22, 2020-04-27, rev 0x00d6, size 102400 sig 0x000906ed, pf_mask 0x22, 2020-04-23, rev 0x00d6, size 103424 * Restores the microcode-level fixes that were reverted by release 3.20191115.2 for sig 0x50654 (Skylake Xeon, Skylake HEDT) . intel-microcode (3.20200520.1) unstable; urgency=medium . * New upstream microcode datafile 20200520 + Updated Microcodes: sig 0x000206d6, pf_mask 0x6d, 2020-03-04, rev 0x0621, size 18432 sig 0x000206d7, pf_mask 0x6d, 2020-03-24, rev 0x071a, size 19456 . intel-microcode (3.20200508.1) unstable; urgency=medium . * New upstream microcode datafile 20200508 + Updated Microcodes: sig 0x000706e5, pf_mask 0x80, 2020-03-12, rev 0x0078, size 107520 * Likely fixes several critical errata on IceLake-U/Y causing system hangs intel-microcode (3.20200609.2~deb9u1) stretch-security; urgency=high . * Rebuild for stretch-security, no changes Refer to changelog entries for 3.20200609.2 and 3.20200609.1 for details . intel-microcode (3.20200609.2) unstable; urgency=medium . * REGRESSION FIX: 0x406e3: rollback to rev 0xd6 and document regression * Microcode rollbacks (closes: LP#1883002) sig 0x000406e3, pf_mask 0xc0, 2019-10-03, rev 0x00d6, size 101376 * THIS REMOVES THE SECURITY FIXES FOR SKYLAKE-U/Y PROCESSORS * Avoid hangs on boot on (some?) Skylake-U/Y processors, https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31 * ucode-blacklist: blacklist models 0x8e and 0x9e from late-loading, just in case. Note that Debian does not do late loading by itself. Refer to LP#1883002 for the report, 0x806ec hangs upon late load. . intel-microcode (3.20200609.1) unstable; urgency=high . * SECURITY UPDATE * For most processors: SRBDS and/or VRDS, L1DCES mitigations depending on the processor model * For Skylake HEDT and Skylake Xeons with signature 0x50654: VRDS and L1DCES mitigations, plus mitigations described in the changelog entry for package release 3.20191112.1. * Expect some performance impact, the mitigations are enabled by default. A Linux kernel update will be issued that allows one to selectively disable the mitigations. * New upstream microcode datafile 20200609 * Implements mitigation for CVE-2020-0543 Special Register Buffer Data Sampling (SRBDS), INTEL-SA-00320, CROSSTalk * Implements mitigation for CVE-2020-0548 Vector Register Data Sampling (VRDS), INTEL-SA-00329 * Implements mitigation for CVE-2020-0549 L1D Cache Eviction Sampling (L1DCES), INTEL-SA-00329 * Known to fix the regression introduced in release 2019-11-12 (sig 0x50564, rev. 0x2000065), which would cause several systems with Skylake Xeon, Skylake HEDT processors to hang while rebooting * Updated Microcodes: sig 0x000306c3, pf_mask 0x32, 2019-11-12, rev 0x0028, size 23552 sig 0x000306d4, pf_mask 0xc0, 2019-11-12, rev 0x002f, size 19456 sig 0x00040651, pf_mask 0x72, 2019-11-12, rev 0x0026, size 22528 sig 0x00040661, pf_mask 0x32, 2019-11-12, rev 0x001c, size 25600 sig 0x00040671, pf_mask 0x22, 2019-11-12, rev 0x0022, size 14336 sig 0x000406e3, pf_mask 0xc0, 2020-04-27, rev 0x00dc, size 104448 sig 0x00050653, pf_mask 0x97, 2020-04-24, rev 0x1000157, size 32768 sig 0x00050654, pf_mask 0xb7, 2020-04-24, rev 0x2006906, size 34816 sig 0x00050656, pf_mask 0xbf, 2020-04-23, rev 0x4002f01, size 52224 sig 0x00050657, pf_mask 0xbf, 2020-04-23, rev 0x5002f01, size 52224 sig 0x000506e3, pf_mask 0x36, 2020-04-27, rev 0x00dc, size 104448 sig 0x000806e9, pf_mask 0x10, 2020-04-27, rev 0x00d6, size 103424 sig 0x000806e9, pf_mask 0xc0, 2020-04-27, rev 0x00d6, size 103424 sig 0x000806ea, pf_mask 0xc0, 2020-04-27, rev 0x00d6, size 103424 sig 0x000806eb, pf_mask 0xd0, 2020-04-27, rev 0x00d6, size 103424 sig 0x000806ec, pf_mask 0x94, 2020-04-23, rev 0x00d6, size 103424 sig 0x000906e9, pf_mask 0x2a, 2020-04-23, rev 0x00d6, size 103424 sig 0x000906ea, pf_mask 0x22, 2020-04-27, rev 0x00d6, size 102400 sig 0x000906eb, pf_mask 0x02, 2020-04-23, rev 0x00d6, size 103424 sig 0x000906ec, pf_mask 0x22, 2020-04-27, rev 0x00d6, size 102400 sig 0x000906ed, pf_mask 0x22, 2020-04-23, rev 0x00d6, size 103424 * Restores the microcode-level fixes that were reverted by release 3.20191115.2 for sig 0x50654 (Skylake Xeon, Skylake HEDT) . intel-microcode (3.20200520.1) unstable; urgency=medium . * New upstream microcode datafile 20200520 + Updated Microcodes: sig 0x000206d6, pf_mask 0x6d, 2020-03-04, rev 0x0621, size 18432 sig 0x000206d7, pf_mask 0x6d, 2020-03-24, rev 0x071a, size 19456 . intel-microcode (3.20200508.1) unstable; urgency=medium . * New upstream microcode datafile 20200508 + Updated Microcodes: sig 0x000706e5, pf_mask 0x80, 2020-03-12, rev 0x0078, size 107520 * Likely fixes several critical errata on IceLake-U/Y causing system hangs intel-microcode (3.20200609.1) unstable; urgency=high . * SECURITY UPDATE * For most processors: SRBDS and/or VRDS, L1DCES mitigations depending on the processor model * For Skylake HEDT and Skylake Xeons with signature 0x50654: VRDS and L1DCES mitigations, plus mitigations described in the changelog entry for package release 3.20191112.1. * Expect some performance impact, the mitigations are enabled by default. A Linux kernel update will be issued that allows one to selectively disable the mitigations. * New upstream microcode datafile 20200609 * Implements mitigation for CVE-2020-0543 Special Register Buffer Data Sampling (SRBDS), INTEL-SA-00320, CROSSTalk * Implements mitigation for CVE-2020-0548 Vector Register Data Sampling (VRDS), INTEL-SA-00329 * Implements mitigation for CVE-2020-0549 L1D Cache Eviction Sampling (L1DCES), INTEL-SA-00329 * Known to fix the regression introduced in release 2019-11-12 (sig 0x50564, rev. 0x2000065), which would cause several systems with Skylake Xeon, Skylake HEDT processors to hang while rebooting * Updated Microcodes: sig 0x000306c3, pf_mask 0x32, 2019-11-12, rev 0x0028, size 23552 sig 0x000306d4, pf_mask 0xc0, 2019-11-12, rev 0x002f, size 19456 sig 0x00040651, pf_mask 0x72, 2019-11-12, rev 0x0026, size 22528 sig 0x00040661, pf_mask 0x32, 2019-11-12, rev 0x001c, size 25600 sig 0x00040671, pf_mask 0x22, 2019-11-12, rev 0x0022, size 14336 sig 0x000406e3, pf_mask 0xc0, 2020-04-27, rev 0x00dc, size 104448 sig 0x00050653, pf_mask 0x97, 2020-04-24, rev 0x1000157, size 32768 sig 0x00050654, pf_mask 0xb7, 2020-04-24, rev 0x2006906, size 34816 sig 0x00050656, pf_mask 0xbf, 2020-04-23, rev 0x4002f01, size 52224 sig 0x00050657, pf_mask 0xbf, 2020-04-23, rev 0x5002f01, size 52224 sig 0x000506e3, pf_mask 0x36, 2020-04-27, rev 0x00dc, size 104448 sig 0x000806e9, pf_mask 0x10, 2020-04-27, rev 0x00d6, size 103424 sig 0x000806e9, pf_mask 0xc0, 2020-04-27, rev 0x00d6, size 103424 sig 0x000806ea, pf_mask 0xc0, 2020-04-27, rev 0x00d6, size 103424 sig 0x000806eb, pf_mask 0xd0, 2020-04-27, rev 0x00d6, size 103424 sig 0x000806ec, pf_mask 0x94, 2020-04-23, rev 0x00d6, size 103424 sig 0x000906e9, pf_mask 0x2a, 2020-04-23, rev 0x00d6, size 103424 sig 0x000906ea, pf_mask 0x22, 2020-04-27, rev 0x00d6, size 102400 sig 0x000906eb, pf_mask 0x02, 2020-04-23, rev 0x00d6, size 103424 sig 0x000906ec, pf_mask 0x22, 2020-04-27, rev 0x00d6, size 102400 sig 0x000906ed, pf_mask 0x22, 2020-04-23, rev 0x00d6, size 103424 * Restores the microcode-level fixes that were reverted by release 3.20191115.2 for sig 0x50654 (Skylake Xeon, Skylake HEDT) intel-microcode (3.20200609.1~deb10u1) buster-security; urgency=high . * Rebuild for buster-security, no changes . intel-microcode (3.20200609.1) unstable; urgency=high . * SECURITY UPDATE * For most processors: SRBDS and/or VRDS, L1DCES mitigations depending on the processor model * For Skylake HEDT and Skylake Xeons with signature 0x50654: VRDS and