Changelog
linux (5.4.2-1~exp1) experimental; urgency=medium
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.1
- Bluetooth: Fix invalid-free in bcsp_close()
- ath9k_hw: fix uninitialized variable data
- ath10k: Fix a NULL-ptr-deref bug in ath10k_usb_alloc_urb_from_pipe
(CVE-2019-15099)
- ath10k: Fix HOST capability QMI incompatibility
- ath10k: restore QCA9880-AR1A (v1) detection
- Revert "Bluetooth: hci_ll: set operational frequency earlier"
- Revert "dm crypt: use WQ_HIGHPRI for the IO and crypt workqueues"
- md/raid10: prevent access of uninitialized resync_pages offset
- [x86] insn: Fix awk regexp warnings
- [x86] speculation: Fix incorrect MDS/TAA mitigation status
- [x86] speculation: Fix redundant MDS mitigation message
- nbd: prevent memory leak
- [i386] x86/stackframe/32: Repair 32-bit Xen PV
- [i386] x86/xen/32: Make xen_iret_crit_fixup() independent of frame
layout
- [i386] x86/xen/32: Simplify ring check in xen_iret_crit_fixup()
- [i386] x86/doublefault/32: Fix stack canaries in the double fault
handler
- [i386] x86/pti/32: Size initial_page_table correctly
- [i386] x86/cpu_entry_area: Add guard page for entry stack on 32bit
- [i386] x86/entry/32: Fix IRET exception
- [i386] x86/entry/32: Use %ss segment where required
- [i386] x86/entry/32: Move FIXUP_FRAME after pushing %fs in SAVE_ALL
- [i386] x86/entry/32: Unwind the ESPFIX stack earlier on exception entry
- [i386] x86/entry/32: Fix NMI vs ESPFIX
- [i386] x86/pti/32: Calculate the various PTI cpu_entry_area sizes
correctly, make the CPU_ENTRY_AREA_PAGES assert precise
- [i386] x86/entry/32: Fix FIXUP_ESPFIX_STACK with user CR3
- futex: Prevent robust futex exit race
- ALSA: usb-audio: Fix NULL dereference at parsing BADD
- ALSA: usb-audio: Fix Scarlett 6i6 Gen 2 port data
- media: vivid: Set vid_cap_streaming and vid_out_streaming to true
- media: vivid: Fix wrong locking that causes race conditions on streaming
stop (CVE-2019-18683)
- media: usbvision: Fix invalid accesses after device disconnect
- media: usbvision: Fix races among open, close, and disconnect
- cpufreq: Add NULL checks to show() and store() methods of cpufreq
- futex: Move futex exit handling into futex code
- futex: Replace PF_EXITPIDONE with a state
- exit/exec: Seperate mm_release()
- futex: Split futex_mm_release() for exit/exec
- futex: Set task::futex_state to DEAD right after handling futex exit
- futex: Mark the begin of futex exit explicitly
- futex: Sanitize exit state handling
- futex: Provide state handling for exec() as well
- futex: Add mutex around futex exit
- futex: Provide distinct return value when owner is exiting
- futex: Prevent exit livelock
- media: uvcvideo: Fix error path in control parsing failure
- media: b2c2-flexcop-usb: add sanity checking (CVE-2019-15291)
- media: cxusb: detect cxusb_ctrl_msg error in query
- media: imon: invalid dereference in imon_touch_event
- media: mceusb: fix out of bounds read in MCE receiver buffer
- ALSA: hda - Disable audio component for legacy Nvidia HDMI codecs
- usbip: tools: fix fd leakage in the function of read_attr_usbip_status
- usbip: Fix uninitialized symbol 'nents' in stub_recv_cmd_submit()
- usb-serial: cp201x: support Mark-10 digital force gauge
- USB: chaoskey: fix error case of a timeout
- appledisplay: fix error handling in the scheduled work
- USB: serial: mos7840: add USB ID to support Moxa UPort 2210
- USB: serial: mos7720: fix remote wakeup
- USB: serial: mos7840: fix remote wakeup
- USB: serial: option: add support for DW5821e with eSIM support
- USB: serial: option: add support for Foxconn T77W968 LTE modules
- [x86] staging: comedi: usbduxfast: usbduxfast_ai_cmdtest rounding error
- [powerpc*] powerpc/book3s64: Fix link stack flush on context switch
(CVE-2019-18660)
- [powerpc*] KVM: PPC: Book3S HV: Flush link stack on guest exit to host
kernel
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.2
- io_uring: async workers should inherit the user creds
- net: separate out the msghdr copy from ___sys_{send,recv}msg()
- net: disallow ancillary data for __sys_{send,recv}msg_file()
- [arm64] crypto: inside-secure - Fix stability issue with Macchiatobin
- driver core: platform: use the correct callback type for bus_find_device
- [arm64,armel,armhf] usb: dwc2: use a longer core rest timeout in
dwc2_core_reset()
- [x86] staging: rtl8192e: fix potential use after free
- staging: rtl8723bs: Drop ACPI device ids
- staging: rtl8723bs: Add 024c:0525 to the list of SDIO device-ids
- USB: serial: ftdi_sio: add device IDs for U-Blox C099-F9P
- [x86] mei: bus: prefix device names on bus with the bus name
- [x86] mei: me: add comet point V device id
- [x86] thunderbolt: Power cycle the router if NVM authentication fails
- [x86] fpu: Don't cache access to fpu_fpregs_owner_ctx
- macvlan: schedule bc_work even if error
- mdio_bus: don't use managed reset-controller
- net: macb: add missed tasklet_kill
- net: psample: fix skb_over_panic
- net: sched: fix `tc -s class show` no bstats on class with nolock
subqueues
- openvswitch: fix flow command message size
- sctp: Fix memory leak in sctp_sf_do_5_2_4_dupcook
- slip: Fix use-after-free Read in slip_open
- sctp: cache netns in sctp_ep_common
- openvswitch: drop unneeded BUG_ON() in ovs_flow_cmd_build_info()
- openvswitch: remove another BUG_ON()
- net: skmsg: fix TLS 1.3 crash with full sk_msg
- tipc: fix link name length check
- r8169: fix jumbo configuration for RTL8168evl
- r8169: fix resume on cable plug-in
- ext4: add more paranoia checking in ext4_expand_extra_isize handling
- Revert "jffs2: Fix possible null-pointer dereferences in
jffs2_add_frag_to_fragtree()"
- HID: core: check whether Usage Page item is after Usage ID items
- [x86] platform/x86: hp-wmi: Fix ACPI errors caused by too small buffer
- [x86] platform/x86: hp-wmi: Fix ACPI errors caused by passing 0 as input
size
[ Ben Hutchings ]
* [armel] udeb: Replace m25p80 with spi-nor in mtd-modules (fixes FTBFS)
* [ia64] udeb: Remove SGI SN2 modules (fixes FTBFS)
* iio: Enable TI_ADS1015 as module, replacing SENSORS_ADS1015
* [armhf] regulator: Really enable REGULATOR_STM32_PWR
* [armhf] drm/panel: Enable DRM_PANEL_{SONY_ACX565AKM,TPO_TD028TTEC1,
TPO_TD043MTEA1} as modules, replacing the corresponding omapdrm options
* [armhf,arm64] platform/chrome: Change chromeos drivers back to modules
* Build-Depend on kernel-wedge 2.102; remove workaround in debian/rules.real
* debian/bin: Add script to update taint list for bug reporting script
* linux-image: bug: Update taint list and use upstream descriptions
* btrfs,fanotify: Use TAINT_AUX instead of TAINT_USER for unsupported
features
[ Romain Perier ]
* Enable VIRTIO_FS and VIRTIO_PMEM (Closes: #945853)
[ Aurelien Jarno]
* [ppc64el] Fix building libbpf with recent binutils versions (fixes FTBFS).
[ Luca Boccassi ]
* verity: enable DM_VERITY_VERIFY_ROOTHASH_SIG
-- Salvatore Bonaccorso <email address hidden> Thu, 05 Dec 2019 08:37:56 +0100