Back to linux PTS page

Accepted linux 4.19.171-1 (source) into proposed-updates->stable-new, proposed-updates



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 29 Jan 2021 23:03:16 +0100
Source: linux
Architecture: source
Version: 4.19.171-1
Distribution: buster-security
Urgency: high
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 970736 972345 977048 977615
Changes:
 linux (4.19.171-1) buster-security; urgency=high
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.161
     - perf event: Check ref_reloc_sym before using it
     - netfilter: clear skb->next in NF_HOOK_LIST() (CVE-2021-20177)
     - btrfs: don't access possibly stale fs_info data for printing duplicate
       device
     - btrfs: fix lockdep splat when reading qgroup config on mount
     - wireless: Use linux/stddef.h instead of stddef.h
     - [arm64] KVM: vgic-v3: Drop the reporting of GICR_TYPER.Last for
       userspace
     - [x86] KVM: handle !lapic_in_kernel case in kvm_cpu_*_extint
     - [x86] KVM: Fix split-irqchip vs interrupt injection window request
     - [arm64] pgtable: Fix pte_accessible()
     - [arm64] pgtable: Ensure dirty bit is preserved across pte_wrprotect()
       (Closes: #977615)
     - drm/atomic_helper: Stop modesets on unregistered connectors harder
     - ALSA: hda/hdmi: fix incorrect locking in hdmi_pcm_close
     - HID: cypress: Support Varmilo Keyboards' media hotkeys
     - HID: add support for Sega Saturn
     - Input: i8042 - allow insmod to succeed on devices without an i8042
       controller
     - HID: hid-sensor-hub: Fix issue with devices with no report ID
     - HID: add HID_QUIRK_INCREMENT_USAGE_ON_DUPLICATE for Gamevice devices
     - [x86] xen: don't unbind uninitialized lock_kicker_irq
     - HID: Add Logitech Dinovo Edge battery quirk
     - proc: don't allow async path resolution of /proc/self components
     - nvme: free sq/cq dbbuf pointers when dbbuf set fails
     - [arm64,armhf] dmaengine: pl330: _prep_dma_memcpy: Fix wrong burst size
     - scsi: libiscsi: Fix NOP race condition
     - scsi: target: iscsi: Fix cmd abort fabric stop race
     - [x86] perf/x86: fix sysfs type mismatches
     - [arm64,armhf] phy: tegra: xusb: Fix dangling pointer on probe failure
     - scsi: ufs: Fix race between shutdown and runtime resume flow
     - bnxt_en: fix error return code in bnxt_init_one()
     - bnxt_en: fix error return code in bnxt_init_board()
     - [x86] video: hyperv_fb: Fix the cache type when mapping the VRAM
     - bnxt_en: Release PCI regions when DMA mask setup fails during probe.
     - cxgb4: fix the panic caused by non smac rewrite
     - [s390x] qeth: fix tear down of async TX buffers
     - IB/mthca: fix return value of error branch in mthca_init_cq()
     - net: ena: set initial DMA width to avoid intel iommu issue
     - [arm64] optee: add writeback to valid memory type
     - [arm64,armhf,x86] efivarfs: revert "fix memory leak in
       efivarfs_create()" (Closes: #977048)
     - can: gs_usb: fix endianess problem with candleLight firmware
     - [x86] platform/x86: thinkpad_acpi: Send tablet mode switch at wakeup
       time
     - [x86] platform/x86: toshiba_acpi: Fix the wrong variable assignment
     - USB: core: Change %pK for __user pointers to %px
     - usb: gadget: f_midi: Fix memleak in f_midi_alloc
     - USB: quirks: Add USB_QUIRK_DISCONNECT_SUSPEND quirk for Lenovo A630Z TIO
       built-in usb-audio card
     - usb: gadget: Fix memleak in gadgetfs_fill_super
     - [x86] speculation: Fix prctl() when spectre_v2_user={seccomp,prctl},ibpb
     - USB: core: Fix regression in Hercules audio card
     https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.162
     - ipv6: addrlabel: fix possible memory leak in ip6addrlbl_net_init
     - [s390x] net/af_iucv: set correct sk_protocol for child sockets
     - rose: Fix Null pointer dereference in rose_send_frame()
     - sock: set sk_err to ee_errno on dequeue from errq
     - tcp: Set INET_ECN_xmit configuration in tcp_reinit_congestion_control
     - tun: honor IOCB_NOWAIT flag
     - i40e: Fix removing driver while bare-metal VFs pass traffic
     - bonding: wait for sysfs kobject destruction before freeing struct slave
     - netfilter: bridge: reset skb->pkt_type after NF_INET_POST_ROUTING
       traversal
     - ipv4: Fix tos mask in inet_rtm_getroute()
     - geneve: pull IP header before ECN decapsulation
     - net: ip6_gre: set dev->hard_header_len when using header_ops
     - cxgb3: fix error return code in t3_sge_alloc_qset()
     - [arm64,armhf] net: mvpp2: Fix error return code in mvpp2_open()
     - net/mlx5: Fix wrong address reclaim when command interface is down
     - dt-bindings: net: correct interrupt flags in examples
     - ALSA: usb-audio: US16x08: fix value count for level meters
     - Input: xpad - support Ardwiino Controllers
     - Input: i8042 - add ByteSpeed touchpad to noloop table
     - tracing: Remove WARN_ON in start_thread()
     - RDMA/i40iw: Address an mmap handler exploit in i40iw
     https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.163
     - [x86] pinctrl: baytrail: Replace WARN with dev_info_once when setting
       direct-irq pin to output
     - [x86] pinctrl: baytrail: Fix pin being driven low for a while on
       gpiod_get(..., GPIOD_OUT_HIGH)
     - usb: gadget: f_fs: Use local copy of descriptors for userspace copy
     - USB: serial: kl5kusb105: fix memleak on open
     - USB: serial: ch341: add new Product ID for CH341A
     - USB: serial: ch341: sort device-id entries
     - USB: serial: option: add Fibocom NL668 variants
     - USB: serial: option: add support for Thales Cinterion EXS82
     - USB: serial: option: fix Quectel BG96 matching
     - tty: Fix ->pgrp locking in tiocspgrp() (CVE-2020-29661)
     - tty: Fix ->session locking (CVE-2020-29660)
     - ALSA: hda/realtek: Add mute LED quirk to yet another HP x360 model
     - ALSA: hda/realtek: Enable headset of ASUS UX482EG & B9400CEA with ALC294
     - ALSA: hda/realtek - Add new codec supported for ALC897
     - ALSA: hda/generic: Add option to enforce preferred_dacs pairs
     - ftrace: Fix updating FTRACE_FL_TRAMP
     - cifs: fix potential use-after-free in cifs_echo_request()
     - [armhf] i2c: imx: Don't generate STOP condition if arbitration has been
       lost
     - scsi: mpt3sas: Fix ioctl timeout
     - dm writecache: fix the maximum number of arguments
     - dm: remove invalid sparse __acquires and __releases annotations
     - mm: list_lru: set shrinker map bit when child nr_items is not zero
     - mm/swapfile: do not sleep with a spin lock held
     - [x86] uprobes: Do not use prefixes.nbytes when looping over
       prefixes.bytes
     - [armhf] i2c: imx: Fix reset of I2SR_IAL flag
     - [armhf] i2c: imx: Check for I2SR_IAL after every byte
     - speakup: Reject setting the speakup line discipline outside of speakup
       (CVE-2020-27830)
     - [amd64] iommu/amd: Set DTE[IntTabLen] to represent 512 IRTEs
     - spi: Introduce device-managed SPI controller allocation
     - [arm*] spi: bcm2835: Fix use-after-free on unbind
     - [arm*] spi: bcm2835: Release the DMA channel if probe fails after
       dma_init
     - tracing: Fix userstacktrace option for instances
     - gfs2: check for empty rgrp tree in gfs2_ri_update
     - [arm64] i2c: qup: Fix error return code in qup_i2c_bam_schedule_desc()
     - dm writecache: remove BUG() and fail gracefully instead
     - Input: i8042 - fix error return code in i8042_setup_aux()
     - netfilter: nf_tables: avoid false-postive lockdep splat
     - [x86] insn-eval: Use new for_each_insn_prefix() macro to loop over
       prefixes bytes
     - Revert "geneve: pull IP header before ECN decapsulation"
     https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.164
     - [x86] lib: Change .weak to SYM_FUNC_START_WEAK for
       arch/x86/lib/mem*_64.S
     - [arm*] spi: bcm2835aux: Fix use-after-free on unbind
     - [arm*] spi: bcm2835aux: Restore err assignment in bcm2835aux_spi_probe
     - iwlwifi: pcie: limit memory read spin time
     - iwlwifi: mvm: fix kernel panic in case of assert during CSA
     - scsi: ufs: Make sure clk scaling happens only when HBA is runtime ACTIVE
     - [arm64,armhf] irqchip/gic-v3-its: Unconditionally save/restore the ITS
       state on suspend
     - [x86] platform/x86: thinkpad_acpi: Do not report SW_TABLET_MODE on Yoga
       11e
     - [x86] platform/x86: thinkpad_acpi: Add BAT1 is primary battery quirk for
       Thinkpad Yoga 11e 4th gen
     - [x86] platform/x86: acer-wmi: add automatic keyboard background light
       toggle key as KEY_LIGHTS_TOGGLE
     - [x86] platform/x86: intel-vbtn: Support for tablet mode on HP Pavilion
       13 x360 PC
     - Input: cm109 - do not stomp on control URB
     - Input: i8042 - add Acer laptops to the i8042 reset list
     - pinctrl: amd: remove debounce filter setting in IRQ type setting
     - mmc: block: Fixup condition for CMD13 polling for RPMB requests
     - kbuild: avoid static_assert for genksyms
     - scsi: be2iscsi: Revert "Fix a theoretical leak in beiscsi_create_eqs()"
     - [x86] membarrier: Get rid of a dubious optimization
     - [x86] apic/vector: Fix ordering in vector assignment
     - [arm64] PCI: qcom: Add missing reset for ipq806x
     - mac80211: mesh: fix mesh_pathtbl_init() error path
     - [arm64,armhf] net: stmmac: free tx skb buffer in stmmac_resume()
     - tcp: select sane initial rcvq_space.space for big MSS
     - tcp: fix cwnd-limited bug for TSO deferral where we send nothing
     - net/mlx4_en: Avoid scheduling restart task if it is already running
     - lan743x: fix for potential NULL pointer dereference with bare card
     - net/mlx4_en: Handle TX error CQE
     - [arm64,armhf] net: stmmac: delete the eee_ctrl_timer after napi disabled
     - [arm64,armhf] net: stmmac: dwmac-meson8b: fix mask definition of the
       m250_sel mux
     - net: bridge: vlan: fix error return code in __vlan_add()
     - USB: add RESET_RESUME quirk for Snapscan 1212
     - ALSA: usb-audio: Fix potential out-of-bounds shift
     - ALSA: usb-audio: Fix control 'access overflow' errors from chmap
     - xhci: Give USB2 ports time to enter U3 in bus suspend
     - USB: UAS: introduce a quirk to set no_write_same
     - ALSA: pcm: oss: Fix potential out-of-bounds shift
     - [x86] drm/xen-front: Fix misused IS_ERR_OR_NULL checks
     - drm: fix drm_dp_mst_port refcount leaks in drm_dp_mst_allocate_vcpi
     - [x86] pinctrl: baytrail: Avoid clearing debounce value when turning it
       off
     - [arm*] gpio: mvebu: fix potential user-after-free on probe
     - scsi: bnx2i: Requires MMU
     - xsk: Fix xsk_poll()'s return type
     - can: softing: softing_netdev_open(): fix error handling
     - block: factor out requeue handling from dispatch code
     - netfilter: x_tables: Switch synchronization to RCU
     - RDMA/cm: Fix an attempt to use non-valid pointer when cleaning timewait
     - ixgbe: avoid premature Rx buffer reuse
     - [arm64,armhf] drm/tegra: replace idr_init() by idr_init_base()
     - kernel/cpu: add arch override for clear_tasks_mm_cpumask() mm handling
     - [arm64,armhf] drm/tegra: sor: Disable clocks on error in
       tegra_sor_init()
     - [arm64] syscall: exit userspace before unmasking exceptions
     - vxlan: Add needed_headroom for lower device
     - vxlan: Copy needed_tailroom from lowerdev
     - scsi: mpt3sas: Increase IOCInit request timeout to 30s
     - dm table: Remove BUG_ON(in_interrupt())
     - [arm64] soc/tegra: fuse: Fix index bug in get_process_id
     - USB: serial: option: add interface-number sanity check to flag handling
     - USB: gadget: f_acm: add support for SuperSpeed Plus
     - USB: gadget: f_midi: setup SuperSpeed Plus descriptors
     - usb: gadget: f_fs: Re-use SS descriptors for SuperSpeedPlus
     - USB: gadget: f_rndis: fix bitrate for SuperSpeed and above
     - [arm64,armhf] usb: chipidea: ci_hdrc_imx: Pass DISABLE_DEVICE_STREAMING
       flag to imx6ul
     - [armhf] dts: exynos: fix roles of USB 3.0 ports on Odroid XU
     - [armhf] dts: exynos: fix USB 3.0 pins supply being turned off on Odroid
       XU
     - scsi: megaraid_sas: Check user-provided offsets
     - HID: i2c-hid: add Vero K147 to descriptor override
     - serial_core: Check for port state when tty is in error state
     - Bluetooth: Fix slab-out-of-bounds read in hci_le_direct_adv_report_evt()
     - quota: Sanity-check quota file headers on load
     - media: msi2500: assign SPI bus number dynamically
     - crypto: af_alg - avoid undefined behavior accessing salg_name
     - md: fix a warning caused by a race between concurrent md_ioctl()s
     - perf cs-etm: Change tuple from traceID-CPU# to traceID-metadata
     - perf cs-etm: Move definition of 'traceid_list' global variable from
       header file
     - [x86] drm/gma500: fix double free of gma_connector
     - selinux: fix error initialization in inode_doinit_with_dentry()
     - RDMA/rxe: Compute PSN windows correctly
     - [x86] mm/ident_map: Check for errors from ident_pud_init()
     - [armel,armhf] p2v: fix handling of LPAE translation in BE mode
     - [x86] apic: Fix x2apic enablement without interrupt remapping
     - sched/deadline: Fix sched_dl_global_validate()
     - sched: Reenable interrupts in do_sched_yield()
     - [arm64] crypto: inside-secure - Fix sizeof() mismatch
     - [powerpc*] 64: Set up a kernel stack for secondaries before
       cpu_restore()
     - [arm64] drm/msm/dsi_pll_10nm: restore VCO rate during restore_state
     - ASoC: pcm: DRAIN support reactivation
     - selinux: fix inode_doinit_with_dentry() LABEL_INVALID error handling
     - Bluetooth: Fix null pointer dereference in hci_event_packet()
     - Bluetooth: hci_h5: fix memory leak in h5_close
     - [armhf] spi: spi-ti-qspi: fix reference leak in ti_qspi_setup
     - [arm64] spi: tegra20-slink: fix reference leak in slink ops of tegra20
     - [arm64,armhf] spi: tegra20-sflash: fix reference leak in
       tegra_sflash_resume
     - [arm64,armhf] spi: tegra114: fix reference leak in tegra spi ops
     - mwifiex: fix mwifiex_shutdown_sw() causing sw reset failure
     - RDMa/mthca: Work around -Wenum-conversion warning
     - [x86] crypto: qat - fix status check in qat_hal_put_rel_rd_xfer()
     - [x86] media: tm6000: Fix sizeof() mismatches
     - scsi: core: Fix VPD LUN ID designator priorities
     - media: solo6x10: fix missing snd_card_free in error handling case
     - [armhf] drm/omap: dmm_tiler: fix return error code in omap_dmm_probe()
     - Input: ads7846 - fix race that causes missing releases
     - Input: ads7846 - fix integer overflow on Rt calculation
     - Input: ads7846 - fix unaligned access on 7845
     - spi: fix resource leak for drivers without .remove callback
     - [armhf] Input: omap4-keypad - fix runtime PM error handling
     - RDMA/cxgb4: Validate the number of CQEs
     - memstick: fix a double-free bug in memstick_check
     - orinoco: Move context allocation after processing the skb
     - [arm64] dmaengine: mv_xor_v2: Fix error return code in mv_xor_v2_probe()
     - media: siano: fix memory leak of debugfs members in smsdvb_hotplug
     - [armhf] HSI: omap_ssi: Don't jump to free ID in ssi_add_controller()
     - [arm64] dts: rockchip: Set dr_mode to "host" for OTG on rk3328-roc-cc
     - [x86] power: supply: bq24190_charger: fix reference leak
     - genirq/irqdomain: Don't try to free an interrupt that has no mapping
     - PCI: Bounds-check command-line resource alignment requests
     - PCI: Fix overflow in command-line resource alignment requests
     - [arm64] dts: meson: fix spi-max-frequency on Khadas VIM2
     - [x86] platform/x86: dell-smbios-base: Fix error return code in
       dell_smbios_init
     - ath10k: Fix the parsing error in service available event
     - ath10k: Fix an error handling path
     - ath10k: Release some resources in an error handling path
     - NFSv4.2: condition READDIR's mask for security label based on LSM state
     - SUNRPC: xprt_load_transport() needs to support the netid "rdma6"
     - lockd: don't use interval-based rebinding over TCP
     - NFS: switch nfsiod to be an UNBOUND workqueue.
     - vfio-pci: Use io_remap_pfn_range() for PCI IO memory
     - media: saa7146: fix array overflow in vidioc_s_audio()
     - memstick: r592: Fix error return in r592_probe()
     - net/mlx5: Properly convey driver version to firmware
     - dm ioctl: fix error return code in target_message
     - [arm64,armhf] clocksource/drivers/arm_arch_timer: Correct fault
       programming of CNTKCTL_EL1.EVNTI
     - [armhf] cpufreq: highbank: Add missing MODULE_DEVICE_TABLE
     - scsi: qedi: Fix missing destroy_workqueue() on error in __qedi_probe
     - scsi: pm80xx: Fix error return in pm8001_pci_probe()
     - seq_buf: Avoid type mismatch for seq_buf_init
     - [x86] scsi: fnic: Fix error return code in fnic_probe()
     - [powerpc*] pseries/hibernation: drop pseries_suspend_begin() from
       suspend ops
     - [powerpc*] pseries/hibernation: remove redundant cacheinfo update
     - [armhf] usb: ehci-omap: Fix PM disable depth umbalance in
       ehci_hcd_omap_probe
     - speakup: fix uninitialized flush_lock
     - nfsd: Fix message level for normal termination
     - nfs_common: need lock during iterate through the list
     - [x86] kprobes: Restore BTF if the single-stepping is cancelled
     - [arm64,armhf] clk: tegra: Fix duplicated SE clock entry
     - mac80211: don't set set TDLS STA bandwidth wider than possible
     - watchdog: Fix potential dereferencing of null pointer
     - [armhf] net: allwinner: Fix some resources leak in the error handling
       path of the probe and in the remove function
     - [arm64,x86] libnvdimm/label: Return -ENXIO for no slot in
       __blk_label_update
     - [arm64] watchdog: qcom: Avoid context switch in restart handler
     - [armhf] clk: ti: Fix memleak in ti_fapll_synth_setup
     - qlcnic: Fix error code in probe
     - [armhf] clk: s2mps11: Fix a resource leak in error handling paths in the
       probe function
     - [arm64,armhf] clk: sunxi-ng: Make sure divider tables have sentinel
     - [armhf] sunxi: Add machine match for the Allwinner V3 SoC
     - cfg80211: initialize rekey_data
     - lwt: Disable BH too in run_lwt_bpf()
     - [arm64,armhf] Input: cros_ec_keyb - send 'scancodes' in addition to key
       events
     - Input: goodix - add upside-down quirk for Teclast X98 Pro tablet
     - media: gspca: Fix memory leak in probe
     - [armhf] media: sunxi-cir: ensure IR is handled when it is continuous
     - media: netup_unidvb: Don't leak SPI master in probe error path
     - [x86] Input: cyapa_gen6 - fix out-of-bounds stack access
     - ALSA: hda/ca0132 - Change Input Source enum strings.
     - PM: ACPI: PCI: Drop acpi_pm_set_bridge_wakeup()
     - Revert "ACPI / resources: Use AE_CTRL_TERMINATE to terminate resources
       walks"
     - ACPI: PNP: compare the string length in the matching_id()
     - ALSA: hda: Fix regressions on clear and reconfig sysfs
     - ALSA: hda/realtek - Enable headset mic of ASUS X430UN with ALC256
     - ALSA: hda/realtek - Enable headset mic of ASUS Q524UQK with ALC255
     - ALSA: pcm: oss: Fix a few more UBSAN fixes
     - ALSA: hda/realtek: Add quirk for MSI-GP73
     - ALSA: hda/realtek: Apply jack fixup for Quanta NL3
     - ALSA: usb-audio: Add VID to support native DSD reproduction on FiiO
       devices
     - ALSA: usb-audio: Disable sample read check if firmware doesn't give back
     - [s390x] smp: perform initial CPU reset also for SMT siblings
     - [s390x] dasd: fix hanging device offline processing
     - [s390x] dasd: prevent inconsistent LCU device data
     - [s390x] dasd: fix list corruption of pavgroup group list
     - [s390x] dasd: fix list corruption of lcu list
     - [x86] staging: comedi: mf6x4: Fix AI end-of-conversion detection
     - [powerpc*] perf: Exclude kernel samples while counting events in user
       space.
     - crypto: ecdh - avoid unaligned accesses in ecdh_set_secret()
     - [x86] EDAC/amd64: Fix PCI component registration
     - USB: serial: mos7720: fix parallel-port state restore
     - USB: serial: digi_acceleport: fix write-wakeup deadlocks
     - USB: serial: keyspan_pda: fix dropped unthrottle interrupts
     - USB: serial: keyspan_pda: fix write deadlock
     - USB: serial: keyspan_pda: fix stalled writes
     - USB: serial: keyspan_pda: fix write-wakeup use-after-free
     - USB: serial: keyspan_pda: fix tx-unthrottle use-after-free
     - USB: serial: keyspan_pda: fix write unthrottling
     - ext4: fix a memory leak of ext4_free_data
     - ext4: fix deadlock with fs freezing and EA inodes
     - [arm64] KVM: Introduce handling of AArch32 TTBCR2 traps
     - [armhf] dts: pandaboard: fix pinmux for gpio user button of Pandaboard
       ES
     - [powerpc*] Fix incorrect stw{, ux, u, x} instructions in __set_pte_at
     - [powerpc*] rtas: Fix typo of ibm,open-errinjct in RTAS filter
     - [powerpc*] xmon: Change printk() to pr_cont()
     - ceph: fix race in concurrent __ceph_remove_cap invocations
     - SMB3: avoid confusing warning message on mount to Azure
     - SMB3.1.1: do not log warning message if server doesn't populate salt
     - ubifs: wbuf: Don't leak kernel memory to flash
     - jffs2: Fix GC exit abnormally
     - jfs: Fix array index bounds check in dbAdjTree (CVE-2020-27815)
     - drm/dp_aux_dev: check aux_dev before use in
       drm_dp_aux_dev_get_by_minor()
     - [armel] mtd: parser: cmdline: Fix parsing of part-names with colons
     - scsi: lpfc: Fix invalid sleeping context in lpfc_sli4_nvmet_alloc()
     - scsi: lpfc: Re-fix use after free in lpfc_rq_buf_free()
     - iio: buffer: Fix demux update
     - [arm64,armhf] iio: adc: rockchip_saradc: fix missing
       clk_disable_unprepare() on error in rockchip_saradc_resume
     - md/cluster: block reshape with remote resync job
     - md/cluster: fix deadlock when node is doing resync job
     - [arm64,armhf] pinctrl: sunxi: Always call chained_irq_{enter, exit} in
       sunxi_pinctrl_irq_handler
     - [arm64] clk: mvebu: a3700: fix the XTAL MODE pin to MPP1_9
     - xen-blkback: set ring->xenblkd to NULL after kthread_stop()
       (CVE-2020-29569)
     - xen/xenbus: Allow watches discard events before queueing
       (CVE-2020-29568)
     - xen/xenbus: Add 'will_handle' callback support in xenbus_watch_path()
       (CVE-2020-29568)
     - xen/xenbus/xen_bus_type: Support will_handle watch callback
       (CVE-2020-29568)
     - xen/xenbus: Count pending messages for each watch (CVE-2020-29568)
     - xenbus/xenbus_backend: Disallow pending watch messages (CVE-2020-29568)
     - libnvdimm/namespace: Fix reaping of invalidated block-window-namespace
       labels
     - [x86] platform/x86: intel-vbtn: Allow switch events on Acer Switch Alpha
       12
     - PCI: Fix pci_slot_release() NULL pointer dereference
     https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.165
     - md/raid10: initialize r10_bio->read_slot before use.
     - fscrypt: add fscrypt_is_nokey_name()
     - ext4: prevent creating duplicate encrypted filenames
     - f2fs: prevent creating duplicate encrypted filenames
     - ubifs: prevent creating duplicate encrypted filenames
     - vfio/pci: Move dummy_resources_list init in vfio_pci_probe()
     - ext4: don't remount read-only with errors=continue on reboot
     - uapi: move constants from <linux/kernel.h> to <linux/const.h>
     - [x86] KVM: SVM: relax conditions for allowing MSR_IA32_SPEC_CTRL
       accesses
     - [x86] KVM: reinstate vendor-agnostic check on SPEC_CTRL cpuid bits
     - [powerpc*] bitops: Fix possible undefined behaviour with fls() and
       fls64()
     - xen/gntdev.c: Mark pages as dirty
     - null_blk: Fix zone size initialization
     - of: fix linker-section match-table corruption
     - Bluetooth: hci_h5: close serdev device and free hu in h5_close
     - reiserfs: add check for an invalid ih_entry_count
     - [x86] misc: vmw_vmci: fix kernel info-leak by initializing dbells in
       vmci_ctx_get_chkpt_doorbells()
     - media: gp8psk: initialize stats at power control logic
     - ALSA: seq: Use bool for snd_seq_queue internal flags
     - ALSA: rawmidi: Access runtime->avail always in spinlock
     - fcntl: Fix potential deadlock in send_sig{io, urg}()
     - [arm64,armhf] rtc: sun6i: Fix memleak in sun6i_rtc_clk_init
     - module: set MODULE_STATE_GOING state when a module fails to load
     - quota: Don't overflow quota file offsets
     - NFSv4: Fix a pNFS layout related use-after-free race when freeing the
       inode
     - module: delay kobject uevent until after module init call
     - ALSA: pcm: Clear the full allocated memory at hw_params
     - dm verity: skip verity work if I/O error when system is shutting down
     https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.166
     - kdev_t: always inline major/minor helper functions
     - mwifiex: Fix possible buffer overflows in
       mwifiex_cmd_802_11_ad_hoc_start (CVE-2020-36158)
     https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.167
     - workqueue: Kick a worker based on the actual activation of delayed works
     - scsi: ufs: Fix wrong print message in dev_err()
     - scsi: ufs-pci: Ensure UFS device is in PowerDown mode for
       suspend-to-disk ->poweroff()
     - scsi: scsi_transport_spi: Set RQF_PM for domain validation commands
     - lib/genalloc: fix the overflow when size is too big
     - proc: change ->nlink under proc_subdir_lock
     - proc: fix lookup in /proc/net subdirectories after setns(2)
     - i40e: Fix Error I40E_AQ_RC_EINVAL when removing VFs
     - [arm64,armhf] net: mvpp2: Add TCAM entry to drop flow control pause
       frames
     - [arm64,armhf] net: mvpp2: prs: fix PPPoE with ipv6 packet parse
     - atm: idt77252: call pci_disable_device() on error path
     - [arm64,armhf] net: mvpp2: Fix GoP port 3 Networking Complex Control
       configurations
     - qede: fix offload for IPIP tunnel packets
     - virtio_net: Fix recursive call to cpus_read_lock()
     - net-sysfs: take the rtnl lock when storing xps_cpus
     - net-sysfs: take the rtnl lock when accessing xps_cpus_map and num_tc
     - tun: fix return value when the number of iovs exceeds MAX_SKB_FRAGS
     - ipv4: Ignore ECN bits for fib lookups in fib_compute_spec_dst()
     - [arm64] net: hns: fix return value check in __lb_other_process()
     - erspan: fix version 1 check in gre_parse_header()
     - net: hdlc_ppp: Fix issues when mod_timer is called while timer is
       running
     - CDC-NCM: remove "connected" log message
     - net: usb: qmi_wwan: add Quectel EM160R-GL
     - r8169: work around power-saving bug on some chip versions
     - vhost_net: fix ubuf refcount incorrectly when sendmsg fails
     - net: sched: prevent invalid Scell_log shift count
     - net-sysfs: take the rtnl lock when storing xps_rxqs
     - net-sysfs: take the rtnl lock when accessing xps_rxqs_map and num_tc
     - Bluetooth: revert: hci_h5: close serdev device and free hu in h5_close
     - [x86] video: hyperv_fb: Fix the mmap() regression for v5.4.y and older
     - crypto: ecdh - avoid buffer overflow in ecdh_set_secret()
     - usb: gadget: enable super speed plus
     - USB: cdc-acm: blacklist another IR Droid device
     - USB: cdc-wdm: Fix use after free in service_outstanding_interrupt().
     - [arm64] usb: dwc3: ulpi: Use VStsDone to detect PHY regs access
       completion
     - [arm64,armhf] usb: chipidea: ci_hdrc_imx: add missing put_device() call
       in usbmisc_get_init_data()
     - USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST quirk
       set
     - usb: usbip: vhci_hcd: protect shift size
     - USB: serial: iuu_phoenix: fix DMA from stack
     - USB: serial: option: add LongSung M5710 module support
     - USB: serial: option: add Quectel EM160R-GL
     - USB: yurex: fix control-URB timeout handling
     - USB: usblp: fix DMA to stack
     - ALSA: usb-audio: Fix UBSAN warnings for MIDI jacks
     - usb: gadget: f_uac2: reset wMaxPacketSize
     - usb: gadget: function: printer: Fix a memory leak for interface
       descriptor
     - usb: gadget: u_ether: Fix MTU size mismatch with RX packet size
     - usb: gadget: Fix spinlock lockup on usb_function_deactivate
     - usb: gadget: configfs: Preserve function ordering after bind failure
     - usb: gadget: configfs: Fix use-after-free issue with udc_name
     - USB: serial: keyspan_pda: remove unused variable
     - [x86] mm: Fix leak of pmd ptlock
     - ALSA: hda/via: Fix runtime PM for Clevo W35xSS
     - ALSA: hda/conexant: add a new hda codec CX11970
     - ALSA: hda/realtek - Fix speaker volume control on Lenovo C940
     - btrfs: send: fix wrong file path when there is an inode with a pending
       rmdir
     - Revert "device property: Keep secondary firmware node secondary by type"
     - [x86] xen/pvh: correctly setup the PV EFI interface for dom0
     - netfilter: x_tables: Update remaining dereference to RCU
     - netfilter: ipset: fix shift-out-of-bounds in htable_bits()
     - netfilter: xt_RATEEST: reject non-null terminated string from userspace
     - [x86] mtrr: Correct the range check before performing MTRR type lookups
     - scsi: target: Fix XCOPY NAA identifier lookup (CVE-2020-28374)
     https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.168
     - net: cdc_ncm: correct overhead in delayed_ndp_size (Closes: #970736)
     - [arm64] net: hns3: fix the number of queues actually used by ARQ
     - [arm64,armhf] net: stmmac: dwmac-sun8i: Balance internal PHY resource
       references
     - [arm64,armhf] net: stmmac: dwmac-sun8i: Balance internal PHY power
     - net: vlan: avoid leaks on register_vlan_dev() failures
     - net: ip: always refragment ip defragmented packets
     - net: fix pmtu check in nopmtudisc mode
     - net: ipv6: fib: flush exceptions when purging route
     - vmlinux.lds.h: Add PGO and AutoFDO input sections
     - [x86] drm/i915: Fix mismatch between misplaced vma check and vma insert
     - [amd64] spi: pxa2xx: Fix use-after-free on unbind
     - HID: wacom: Fix memory leakage caused by kfifo_alloc
     - [armhf] OMAP2+: omap_device: fix idling of devices during probe
     - [x86] cpufreq: powernow-k8: pass policy rather than use
       cpufreq_cpu_get()
     - [amd64] iommu/intel: Fix memleak in intel_irq_remapping_alloc
     - net/mlx5e: Fix memleak in mlx5e_create_l2_table_groups
     - net/mlx5e: Fix two double free cases
     - regmap: debugfs: Fix a memory leak when calling regmap_attach_dev
     - [arm64] KVM: Don't access PMCR_EL0 when no PMU is available
     - block: fix use-after-free in disk_part_iter_next
     - net: drop bogus skb with CHECKSUM_PARTIAL and offset beyond end of
       trimmed packet
     - regmap: debugfs: Fix a reversed if statement in regmap_debugfs_init()
     https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.169
     - ASoC: dapm: remove widget from dirty list on free
     - [x86] hyperv: check cpu mask after interrupt has been disabled
     - [mips*] boot: Fix unaligned access with CONFIG_MIPS_RAW_APPENDED_DTB
     - ACPI: scan: Harden acpi_device_add() against device ID overflows
     - mm/hugetlb: fix potential missing huge page size info
     - dm snapshot: flush merged data before committing metadata
     - dm integrity: fix the maximum number of arguments
     - r8152: Add Lenovo Powered USB-C Travel Hub
     - ext4: fix bug for rename with RENAME_WHITEOUT
     - btrfs: fix transaction leak and crash after RO remount caused by qgroup
       rescan
     - bfq: Fix computation of shallow depth
     - [arm64] drm/msm: Call msm_init_vram before binding the gpu
     - dump_common_audit_data(): fix racy accesses to ->d_name
     - [x86] ASoC: Intel: fix error code cnl_set_dsp_D0()
     - NFS4: Fix use-after-free in trace_event_raw_event_nfs4_set_lock
     - pNFS: Mark layout for return if return-on-close was not sent
     - NFS/pNFS: Fix a leak of the layout 'plh_outstanding' counter
     - NFS: nfs_igrab_and_active must first reference the superblock
     - ext4: fix superblock checksum failure when setting password salt
     - [amd64] RDMA/usnic: Fix memleak in find_free_vf_and_create_qp_grp
     - RDMA/mlx5: Fix wrong free of blue flame register on error
     - mm, slub: consider rest of partial list if acquire_slab() fails
     - net: sunrpc: interpret the return value of kstrtou32 correctly
     - dm: eliminate potential source of excessive kernel log noise
     - ALSA: firewire-tascam: Fix integer overflow in midi_port_work()
     - ALSA: fireface: Fix integer overflow in transmit_midi_msg()
     - netfilter: conntrack: fix reading nf_conntrack_buckets
     - netfilter: nf_nat: Fix memleak in nf_nat_init
     https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.170
     - usb: ohci: Make distrust_firmware param default to false
     - dm integrity: fix flush with external metadata device
     - nfsd4: readdirplus shouldn't return parent of export (CVE-2021-3178)
     - udp: Prevent reuseport_select_sock from reading uninitialized socks
     - netxen_nic: fix MSI/MSI-x interrupts
     - [arm64,armhf] net: mvpp2: Remove Pause and Asym_Pause support
     - rndis_host: set proper input size for OID_GEN_PHYSICAL_MEDIUM request
     - esp: avoid unneeded kmap_atomic call
     - net: dcb: Validate netlink message in DCB handler
     - net: dcb: Accept RTM_GETDCB messages carrying set-like DCB commands
     - rxrpc: Call state should be read with READ_ONCE() under some
       circumstances
     - [arm64,armhf] net: stmmac: Fixed mtu channged by cache aligned
     - net: sit: unregister_netdevice on newlink's error path
     - net: avoid 32 x truesize under-estimation for tiny skbs
     - rxrpc: Fix handling of an unsupported token type in rxrpc_read()
     - tipc: fix NULL deref in tipc_link_xmit()
     - net: introduce skb_list_walk_safe for skb segment walking
     - net: skbuff: disambiguate argument and member for skb_list_walk_safe
       helper
     - net: ipv6: Validate GSO SKB before finish IPv6 processing
     https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.171
     - ALSA: hda/via: Add minimum mute flag
     - ACPI: scan: Make acpi_bus_get_device() clear return pointer on error
     - btrfs: fix lockdep splat in btrfs_recover_relocation
     - mmc: core: don't initialize block size from ext_csd if not present
     - [arm64] mmc: sdhci-xenon: fix 1.8v regulator stabilization
     - dm: avoid filesystem lookup in dm_get_dev_t()
     - dm integrity: fix a crash if "recalculate" used without "internal_hash"
     - drm/atomic: put state on error path
     - [x86] ASoC: Intel: haswell: Add missing pm_ops
     - scsi: ufs: Correct the LUN used in eh_device_reset_handler() callback
     - scsi: qedi: Correct max length of CHAP secret
     - HID: Ignore battery for Elan touchscreen on ASUS UX550
     - xen: Fix event channel callback via INTX/GSI
     - drm/nouveau/bios: fix issue shadowing expansion ROMs
     - drm/nouveau/privring: ack interrupts the same way as RM
     - drm/nouveau/i2c/gm200: increase width of aux semaphore owner fields
     - drm/nouveau/mmu: fix vram heap sizing
     - drm/nouveau/kms/nv50-: fix case where notifier buffer is at offset 0
     - scsi: megaraid_sas: Fix MEGASAS_IOC_FIRMWARE regression
     - i2c: octeon: check correct size of maximum RECV_LEN packet
     - [x86] platform/x86: intel-vbtn: Drop HP Stream x360 Convertible PC 11
       from allow-list
     - can: dev: can_restart: fix use after free bug
     - can: vxcan: vxcan_xmit: fix use after free bug
     - can: peak_usb: fix use after free bugs
     - [mips*] irqchip/mips-cpu: Set IPI domain parent chip
     - [x86] intel_th: pci: Add Alder Lake-P support
     - [arm64] serial: mvebu-uart: fix tx lost characters at power off
     - ehci: fix EHCI host controller initialization sequence
     - usb: udc: core: Use lock when write to soft_connect
     - xhci: make sure TRB is fully written before giving it to the controller
     - [arm64,armhf] xhci: tegra: Delay for disabling LFPS detector
     - driver core: Extend device_is_dependent()
     - netfilter: rpfilter: mask ecn bits before fib lookup
     - skbuff: back tiny skbs with kmalloc() in __netdev_alloc_skb() too
     - udp: mask TOS bits in udp_v4_early_demux()
     - ipv6: create multicast route with RTPROT_KERNEL
     - net_sched: avoid shift-out-of-bounds in tcindex_set_parms()
     - net_sched: reject silly cell_log in qdisc_get_rtab()
     - ipv6: set multicast flag on the multicast route
     - net: Disable NETIF_F_HW_TLS_RX when RXCSUM is disabled
     - [armhf] net: dsa: b53: fix an off by one in checking "vlan->vid"
 .
   [ Salvatore Bonaccorso ]
   * [rt] Update to 4.19.165-rt70
   * Bump ABI to 14
   * [rt] Refresh "net/core: protect users of napi_alloc_cache against
     reentrance"
   * futex: Move futex exit handling into futex code
   * futex: Replace PF_EXITPIDONE with a state
   * exit/exec: Seperate mm_release()
   * futex: Split futex_mm_release() for exit/exec
   * futex: Set task::futex_state to DEAD right after handling futex exit
   * futex: Mark the begin of futex exit explicitly
   * futex: Sanitize exit state handling
   * futex: Provide state handling for exec() as well
   * futex: Add mutex around futex exit
   * futex: Provide distinct return value when owner is exiting
   * futex: Prevent exit livelock
   * [rt] Refresh "softirq: Split softirq locks"
   * [arm*] gpio: mvebu: fix pwm .get_state period calculation
   * Revert "mm/slub: fix a memory leak in sysfs_slab_add()"
   * futex: Ensure the correct return value from futex_lock_pi()
   * futex: Replace pointless printk in fixup_owner()
   * futex: Provide and use pi_state_update_owner()
   * rtmutex: Remove unused argument from rt_mutex_proxy_unlock()
   * futex: Use pi_state_update_owner() in put_pi_state()
   * futex: Simplify fixup_pi_state_owner()
   * futex: Handle faults correctly for PI futexes
   * [rt] Refresh "rtmutex: Handle the various new futex race conditions"
   * [rt] Refresh "rtmutex: add sleeping lock implementation"
   * [rt] Refresh "Revert "rtmutex: Handle the various new futex race
     conditions""
   * [rt] Refresh "futex: Make the futex_hash_bucket lock raw"
   * [rt] Refresh "futex: Delay deallocation of pi_state"
   * [rt] Refresh "futex: Make the futex_hash_bucket spinlock_t again and bring
     back its old state"
   * HID: wacom: Correct NULL dereference on AES pen proximity
   * tracing: Fix race in trace_open and buffer resize call (CVE-2020-27825)
 .
   [ Uwe Kleine-König ]
   * [arm64] Enable support for NXP's PCF85063 RTC (Closes: #972345)
Checksums-Sha1:
 cec64089bf234ebd16918a122f7b86ec5ed5dee3 191615 linux_4.19.171-1.dsc
 37c3c0616d91bc7d3665ae98c201e772b6b6ab88 107575880 linux_4.19.171.orig.tar.xz
 006bf55ea1b29f3a4e582025189376f510f6b326 1479940 linux_4.19.171-1.debian.tar.xz
 096ef9560e2bef9324ca40332511d79304fe2fb6 6275 linux_4.19.171-1_source.buildinfo
Checksums-Sha256:
 1da387cd31a15b60acf2c6500bd44a7cf5458a945bad1b1dee77533d8b53d2cc 191615 linux_4.19.171-1.dsc
 a675203341bfc2876a6361874c40b40190017c95bd51917372e13ef82652bcb0 107575880 linux_4.19.171.orig.tar.xz
 c7e1c1474c99227245ac73ab68dfcd36778728edfb0dba04496b3625de5d84b3 1479940 linux_4.19.171-1.debian.tar.xz
 7293a0d04abd2ce8e8e3925e96f48859c107fa979388637b664e642d0890bc89 6275 linux_4.19.171-1_source.buildinfo
Files:
 86a9cb65e87d95c2a0f3da25a5ae0b4a 191615 kernel optional linux_4.19.171-1.dsc
 0db4d008c7ce5a97f13d28e72a209dd0 107575880 kernel optional linux_4.19.171.orig.tar.xz
 d804066531e03f77b2fea895b7fec3eb 1479940 kernel optional linux_4.19.171-1.debian.tar.xz
 4fd511ebfb9c283defa9dd72684b62ac 6275 kernel optional linux_4.19.171-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmAUhs5fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EIHwP/ikUBcU3jEDEb7qKgjGTmK1RFUiopb91
QUeKsCYLhYgJWalfizjdfWP8EKVvYk/zs6nmeFCjXzXRiVDKPCEDdxN3tzdusG5G
9PyPqUXuvvYHQKVPik1tw5NDwbtHsYEXVWabxWF9XLe1AaUmTOQyuApSz9+9rw+y
Pm2Ro5LzBey3vfaMjIBA0ccS26XUVpbyF/M7GB2RL0iWM6ZjnsGKVCMaYK9/mLLx
niEszr97uuz+JKUjtpykTOZWMI7yDXoW+3IAORRmB5Rsr4lCXabLvlbiJNNsOHEC
CiuPiEnbXHXhCDrD7YoT3Tzkmc6MMlqvzQI2t82qB1azHV9wLKxTnIJxUF9JxWfq
8etAw7QygfizD1/KtjSgODkt4v5J1j3SkG4KWwMuKCm+MFScT7TWkhkdYmg2mH4x
cvbnHYClHp+QQujtLc/b3k50y+QivxIPEX1AEb+z9y0mVFHB/cVFgvgGwLX1BTyD
bFod86oQKnteknvnXDPBWc59YlPhZtwc1qB/b316wP7Nsiw8eruP8Mu2TF5JBEqz
WG5vJtfwFKwUJk3N96KANJEJ3jGmYKXHvkvI066tJJDXmtqahFo3orL+PXrWp9Wt
Tc5FEBYnuJ//1VLpU1nLN+I10fH8bP4brlxAQNXT5D5mwCI9agxOjlR1Jns+g2Qc
4RtYWQJLttT+
=xn6U
-----END PGP SIGNATURE-----