Accepted linux 5.10.120-1~bpo10+1 (source) into buster-backports->backports-policy, buster-backports
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 13 Jun 2022 22:46:49 +0200
Source: linux
Architecture: source
Version: 5.10.120-1~bpo10+1
Distribution: buster-backports
Urgency: high
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
Changed-By: Ben Hutchings <benh@debian.org>
Closes: 1006346 1007799 1008299
Changes:
linux (5.10.120-1~bpo10+1) buster-backports; urgency=high
.
* Rebuild for buster-backports:
- Change ABI number to 0.bpo.15
.
linux (5.10.120-1) bullseye-security; urgency=high
.
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.114
- USB: quirks: add a Realtek card reader
- USB: quirks: add STRING quirk for VCOM device
- USB: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS
- USB: serial: cp210x: add PIDs for Kamstrup USB Meter Reader
- USB: serial: option: add support for Cinterion MV32-WA/MV32-WB
- USB: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions
- xhci: Enable runtime PM on second Alderlake controller
- xhci: stop polling roothubs after shutdown
- xhci: increase usb U3 -> U0 link resume timeout from 100ms to 500ms
- iio: dac: ad5592r: Fix the missing return value.
- iio: dac: ad5446: Fix read_raw not returning set value
- iio: magnetometer: ak8975: Fix the error handling in ak8975_power_on()
- iio: imu: inv_icm42600: Fix I2C init possible nack
- usb: misc: fix improper handling of refcount in uss720_probe()
- [arm64,x86] usb: typec: ucsi: Fix reuse of completion structure
- [arm64,x86] usb: typec: ucsi: Fix role swapping
- usb: gadget: uvc: Fix crash when encoding data for usb request
- usb: gadget: configfs: clear deactivation flag in
configfs_composite_unbind()
- [arm64,armhf] usb: dwc3: Try usb-role-switch first in dwc3_drd_init
- [arm64,armhf] usb: dwc3: core: Fix tx/rx threshold settings
- [arm64,armhf] usb: dwc3: core: Only handle soft-reset in DCTL
- [arm64,armhf] usb: dwc3: gadget: Return proper request status
- [arm*] usb: phy: generic: Get the vbus supply
- [arm64,armhf] serial: imx: fix overrun interrupts in DMA mode
- serial: 8250: Also set sticky MCR bits in console restoration
- serial: 8250: Correct the clock for EndRun PTP/1588 PCIe device
- [arm64,armhf] arch_topology: Do not set llc_sibling if llc_id is invalid
- hex2bin: make the function hex_to_bin constant-time
- hex2bin: fix access beyond string end
- iocost: don't reset the inuse weight of under-weighted debtors
- video: fbdev: udlfb: properly check endpoint type
- iio:imu:bmi160: disable regulator in error path
- USB: Fix xhci event ring dequeue pointer ERDP update issue
- [armhf] phy: samsung: Fix missing of_node_put() in exynos_sata_phy_probe
- [armhf] phy: samsung: exynos5250-sata: fix missing device put in probe
error paths
- [armhf] OMAP2+: Fix refcount leak in omap_gic_of_init
- [armhf] bus: ti-sysc: Make omap3 gpt12 quirk handling SoC specific
- [armhf] phy: ti: omap-usb2: Fix error handling in omap_usb2_enable_clocks
- [armhf] dts: am3517-evm: Fix misc pinmuxing
- [armhf] dts: logicpd-som-lv: Fix wrong pinmuxing on OMAP35
- ipvs: correctly print the memory size of ip_vs_conn_tab
- [armhf] pinctrl: stm32: Do not call stm32_gpio_get() for edge triggered
IRQs in EOI
- [arm64,armhf] net: dsa: Add missing of_node_put() in
dsa_port_link_register_of
- netfilter: nft_set_rbtree: overlap detection with element re-addition
after deletion
- bpf, lwt: Fix crash when using bpf_skb_set_tunnel_key() from bpf_xmit lwt
hook
- [arm64,armhf] pinctrl: rockchip: fix RK3308 pinmux bits
- tcp: md5: incorrect tcp_header_len for incoming connections
- [armhf] pinctrl: stm32: Keep pinctrl block clock enabled when LEVEL IRQ
requested
- tcp: ensure to use the most recently sent skb when filling the rate sample
- wireguard: device: check for metadata_dst with skb_valid_dst()
- sctp: check asoc strreset_chunk in sctp_generate_reconf_event
- [arm64] dts: imx8mn-ddr4-evk: Describe the 32.768 kHz PMIC clock
- [arm64] net: hns3: modify the return code of hclge_get_ring_chain_from_mbx
- [arm64] net: hns3: add validity check for message data length
- [arm64] net: hns3: add return value for mailbox handling in PF
- net/smc: sync err code when tcp connection was refused
- ip_gre: Make o_seqno start from 0 in native mode
- ip6_gre: Make o_seqno start from 0 in native mode
- ip_gre, ip6_gre: Fix race condition on o_seqno in collect_md mode
- tcp: fix potential xmit stalls caused by TCP_NOTSENT_LOWAT
- tcp: make sure treq->af_specific is initialized
- [arm64,armhf] bus: sunxi-rsb: Fix the return value of
sunxi_rsb_device_create()
- [arm64,armhf] clk: sunxi: sun9i-mmc: check return value after calling
platform_get_resource()
- [arm64] net: bcmgenet: hide status block before TX timestamping
- net: phy: marvell10g: fix return value on error
- bnx2x: fix napi API usage sequence
- [arm64,armhf] net: fec: add missing of_node_put() in
fec_enet_init_stop_mode()
- ixgbe: ensure IPsec VF<->PF compatibility
- tcp: fix F-RTO may not work correctly when receiving DSACK
- [x86] ASoC: Intel: soc-acpi: correct device endpoints for max98373
- ext4: fix bug_on in start_this_handle during umount filesystem
- [amd64] x86: __memcpy_flushcache: fix wrong alignment if size > 2^32
- cifs: destage any unwritten data to the server before calling
copychunk_write
- [x86] drivers: net: hippi: Fix deadlock in rr_close()
- zonefs: Fix management of open zones
- zonefs: Clear inode information flags on inode creation
- [x86] drm/i915: Fix SEL_FETCH_PLANE_*(PIPE_B+) register addresses
- [armhf] net: ethernet: stmmac: fix write to sgmii_adapter_base
- [x86] thermal: int340x: Fix attr.show callback prototype
- [x86] cpu: Load microcode during restore_processor_state()
- tty: n_gsm: fix restart handling via CLD command
- tty: n_gsm: fix decoupled mux resource
- tty: n_gsm: fix mux cleanup after unregister tty device
- tty: n_gsm: fix wrong signal octet encoding in convergence layer type 2
- tty: n_gsm: fix malformed counter for out of frame data
- netfilter: nft_socket: only do sk lookups when indev is available
- tty: n_gsm: fix insufficient txframe size
- tty: n_gsm: fix wrong DLCI release order
- tty: n_gsm: fix missing explicit ldisc flush
- tty: n_gsm: fix wrong command retry handling
- tty: n_gsm: fix wrong command frame length field encoding
- tty: n_gsm: fix reset fifo race condition
- tty: n_gsm: fix incorrect UA handling
- tty: n_gsm: fix software flow control handling
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.115
- [mips*] Fix CP0 counter erratum detection for R4k CPUs
- ALSA: hda/realtek: Add quirk for Yoga Duet 7 13ITL6 speakers
- ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes
- [arm64] mmc: sdhci-msm: Reset GCC_SDCC_BCR register for SDHC
- mmc: core: Set HS clock speed before sending HS CMD13
- gpiolib: of: fix bounds check for 'gpio-reserved-ranges'
- [x86] KVM: x86/svm: Account for family 17h event renumberings in
amd_pmc_perf_hw_id
- [amd64] iommu/vt-d: Calculate mask for non-aligned flushes
- Revert "SUNRPC: attempt AF_LOCAL connect on setup"
- firewire: fix potential uaf in outbound_phy_packet_callback()
- firewire: remove check of list iterator against head past the loop body
- firewire: core: extend card->lock in fw_core_handle_bus_reset
- net: stmmac: disable Split Header (SPH) for Intel platforms
- genirq: Synchronize interrupt thread startup
- ASoC: da7219: Fix change notifications for tone generator frequency
- [s390x] dasd: fix data corruption for ESE devices
- [s390x] dasd: prevent double format of tracks for ESE devices
- [s390x] dasd: Fix read for ESE with blksize < 4k
- [s390x] dasd: Fix read inconsistency for ESE DASD devices
- can: isotp: remove re-binding of bound socket
- nfc: replace improper check device_is_registered() in netlink related
functions (CVE-2022-1974)
- NFC: netlink: fix sleep in atomic bug when firmware download timeout
(CVE-2022-1975)
- [arm64,armhf] gpio: pca953x: fix irq_stat not updated when irq is disabled
(irq_mask not set)
- hwmon: (adt7470) Fix warning on module removal
- [arm*] ASoC: dmaengine: Restore NULL prepare_slave_config() callback
- net/mlx5e: Fix trust state reset in reload
- net/mlx5e: Don't match double-vlan packets if cvlan is not set
- net/mlx5e: CT: Fix queued up restore put() executing after relevant ft
release
- net/mlx5e: Fix the calling of update_buffer_lossy() API
- net/mlx5: Avoid double clear or set of sync reset requested
- NFSv4: Don't invalidate inode attributes on delegation return
- [arm64,armhf] net: stmmac: dwmac-sun8i: add missing of_node_put() in
sun8i_dwmac_register_mdio_mux()
- [armhf] net: cpsw: add missing of_node_put() in cpsw_probe_dt()
- hinic: fix bug of wq out of bound access
- bnxt_en: Fix possible bnxt_open() failure caused by wrong RFS flag
- bnxt_en: Fix unnecessary dropping of RX packets
- [arm64,armhf] smsc911x: allow using IRQ0
- btrfs: always log symlinks in full mode
- net: igmp: respect RCU rules in ip_mc_source() and ip_mc_msfilter()
- [x86] kvm: x86/cpuid: Only provide CPUID leaf 0xA if host has
architectural PMU
- net/mlx5: Fix slab-out-of-bounds while reading resource dump menu
- [x86] kvm: Preserve BSP MSR_KVM_POLL_CONTROL across suspend/resume
- [x86] KVM: x86: Do not change ICR on write to APIC_SELF_IPI
- [x86] KVM: x86/mmu: avoid NULL-pointer dereference on page freeing bugs
- [x86] KVM: LAPIC: Enable timer posted-interrupt only when mwait/hlt is
advertised
- rcu: Fix callbacks processing time limit retaining cond_resched()
- rcu: Apply callbacks processing time limit only on softirq
- block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern
(CVE-2022-0494)
- dm: interlock pending dm_io and dm_wait_for_bios_completion
- [arm64] PCI: aardvark: Clear all MSIs at setup
- [arm64] PCI: aardvark: Fix reading MSI interrupt number
- mmc: rtsx: add 74 Clocks in power on flow
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.116
- regulator: consumer: Add missing stubs to regulator/consumer.h
- block: drbd: drbd_nl: Make conversion to 'enum drbd_ret_code' explicit
- nfp: bpf: silence bitwise vs. logical OR warning
- Bluetooth: Fix the creation of hdev->name
- mm: fix missing cache flush for all tail pages of compound page
- mm: hugetlb: fix missing cache flush in copy_huge_page_from_user()
- mm: userfaultfd: fix missing cache flush in mcopy_atomic_pte() and
__mcopy_atomic()
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.117
- batman-adv: Don't skb_split skbuffs with frag_list
- iwlwifi: iwl-dbg: Use del_timer_sync() before freeing
- hwmon: (tmp401) Add OF device ID table
- mac80211: Reset MBSSID parameters upon connection
- net: Fix features skip in for_each_netdev_feature()
- [arm64] net: mscc: ocelot: fix last VCAP IS1/IS2 filter persisting in
hardware when deleted
- [arm64] net: mscc: ocelot: fix VCAP IS2 filters matching on both lookups
- [arm64] net: mscc: ocelot: restrict tc-trap actions to VCAP IS2 lookup 0
- [arm64] net: mscc: ocelot: avoid corrupting hardware counters when moving
VCAP filters
- ipv4: drop dst in multicast routing path
- drm/nouveau: Fix a potential theorical leak in
nouveau_get_backlight_name()
- netlink: do not reset transport header in netlink_recvmsg()
- sfc: Use swap() instead of open coding it
- net: sfc: fix memory leak due to ptp channel
- mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection
- nfs: fix broken handling of the softreval mount option
- dim: initialize all struct fields
- [s390x] ctcm: fix variable dereferenced before check
- [s390x] ctcm: fix potential memory leak
- [s390x] lcs: fix variable dereferenced before check
- net/sched: act_pedit: really ensure the skb is writable
- [arm64] net: bcmgenet: Check for Wake-on-LAN interrupt probe deferral
- [armhf] net: dsa: bcm_sf2: Fix Wake-on-LAN with mac_link_down()
- net/smc: non blocking recvmsg() return -EAGAIN when no data and
signal_pending
- net: sfc: ef10: fix memory leak in efx_ef10_mtd_probe()
- gfs2: Fix filesystem block deallocation for short writes
- hwmon: (f71882fg) Fix negative temperature
- ASoC: max98090: Reject invalid values in custom control put()
- ASoC: max98090: Generate notifications on changes for custom control
- ASoC: ops: Validate input values in snd_soc_put_volsw_range()
- net: sfp: Add tx-fault workaround for Huawei MA5671A SFP ONT
- tcp: resalt the secret every 10 seconds (CVE-2022-1012)
- firmware_loader: use kernel credentials when reading firmware
- tty: n_gsm: fix mux activation issues in gsm_config()
- usb: cdc-wdm: fix reading stuck on device close
- USB: serial: pl2303: add device id for HP LM930 Display
- USB: serial: qcserial: add support for Sierra Wireless EM7590
- USB: serial: option: add Fibocom L610 modem
- USB: serial: option: add Fibocom MA510 modem
- ceph: fix setting of xattrs on async created inodes
- drm/nouveau/tegra: Stop using iommu_present()
- i40e: i40e_main: fix a missing check on list iterator
- [amd64,arm64] net: atlantic: always deep reset on pm op, fixing up my null
deref regression
- cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp()
- [x86] drm/vmwgfx: Initialize drm_mode_fb_cmd2
- SUNRPC: Clean up scheduling of autoclose
- SUNRPC: Prevent immediate close+reconnect
- SUNRPC: Don't call connect() more than once on a TCP socket
- SUNRPC: Ensure we flush any closed sockets before xs_xprt_free()
(CVE-2022-28893)
- net: phy: Fix race condition on link status change
- [arm*] arm[64]/memremap: don't abuse pfn_valid() to ensure presence of
linear map
- ping: fix address binding wrt vrf
- usb: gadget: uvc: rename function to be more consistent
- usb: gadget: uvc: allow for application to cleanly shutdown
- io_uring: always use original task when preparing req identity
(CVE-2022-1786)
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.118
- io_uring: always grab file table for deferred statx
- floppy: use a statically allocated error counter
- [x86] Revert "drm/i915/opregion: check port number bounds for SWSCI
display power state"
- igc: Remove _I_PHY_ID checking
- igc: Remove phy->type checking
- igc: Update I226_K device ID
- rtc: fix use-after-free on device removal
- [arm64] rtc: pcf2127: fix bug when reading alarm registers
- Input: add bounds checking to input_set_capability()
- nvme-pci: add quirks for Samsung X5 SSDs
- gfs2: Disable page faults during lockless buffered reads
- [arm64,armhf] rtc: sun6i: Fix time overflow handling
- [armhf] crypto: stm32 - fix reference leak in stm32_crc_remove
- [amd64] crypto: x86/chacha20 - Avoid spurious jumps to other functions
- ALSA: hda/realtek: Enable headset mic on Lenovo P360
- [s390x] pci: improve zpci_dev reference counting
- nvme-multipath: fix hang when disk goes live over reconnect
- rtc: mc146818-lib: Fix the AltCentury for AMD platforms
- fs: fix an infinite loop in iomap_fiemap
- drbd: remove usage of list iterator variable after loop
- [arm64] platform/chrome: cros_ec_debugfs: detach log reader wq from devm
- [armel,armhf] 9191/1: arm/stacktrace, kasan: Silence KASAN warnings in
unwind_frame()
- nilfs2: fix lockdep warnings in page operations for btree nodes
- nilfs2: fix lockdep warnings during disk space reclamation
- Revert "swiotlb: fix info leak with DMA_FROM_DEVICE"
- Reinstate some of "swiotlb: rework "fix info leak with DMA_FROM_DEVICE""
(CVE-2022-0854)
- ALSA: usb-audio: Restore Rane SL-1 quirk
- [i386] ALSA: wavefront: Proper check of get_user() error
- ALSA: hda/realtek: Add quirk for TongFang devices with pop noise
- perf: Fix sys_perf_event_open() race against self (CVE-2022-1729)
- selinux: fix bad cleanup on error in hashtab_duplicate()
- Fix double fget() in vhost_net_set_backend()
- PCI/PM: Avoid putting Elo i2 PCIe Ports in D3cold
- [x86] KVM: x86/mmu: Update number of zapped pages even if page list is
stable
- [arm64] paravirt: Use RCU read locks to guard stolen_time
- [arm64] mte: Ensure the cleared tags are visible before setting the PTE
- [arm64] crypto: qcom-rng - fix infinite loop on requests not multiple of
WORD_SZ
- libceph: fix potential use-after-free on linger ping and resends
- drm/dp/mst: fix a possible memory leak in fetch_monitor_name()
- dma-buf: fix use of DMA_BUF_SET_NAME_{A,B} in userspace
- [armhf] pinctrl: pinctrl-aspeed-g6: remove FWQSPID group in pinctrl
- [arm64] net: macb: Increment rx bd head after allocating skb and buffer
- net: evaluate net.ipvX.conf.all.disable_policy and disable_xfrm
- xfrm: Add possibility to set the default to block if we have no policy
- net: xfrm: fix shift-out-of-bounce
- xfrm: make user policy API complete
- xfrm: notify default policy on update
- xfrm: fix dflt policy check when there is no policy configured
- xfrm: rework default policy structure
- xfrm: fix "disable_policy" flag use when arriving from different devices
- net/sched: act_pedit: sanitize shift argument before usage
- [x86] net: vmxnet3: fix possible use-after-free bugs in
vmxnet3_rq_alloc_rx_buf()
- [x86] net: vmxnet3: fix possible NULL pointer dereference in
vmxnet3_rq_cleanup()
- ice: fix possible under reporting of ethtool Tx and Rx statistics
- net/qla3xxx: Fix a test in ql_reset_work()
- net/mlx5e: Properly block LRO when XDP is enabled
- net: af_key: add check for pfkey_broadcast in function pfkey_process
- [armhf] 9196/1: spectre-bhb: enable for Cortex-A15
- [armel,armhf] 9197/1: spectre-bhb: fix loop8 sequence for Thumb2
- igb: skip phy status check where unavailable
- net: bridge: Clear offload_fwd_mark when passing frame up bridge
interface.
- [arm*] gpio: mvebu/pwm: Refuse requests with inverted polarity
- scsi: qla2xxx: Fix missed DMA unmap for aborted commands
- mac80211: fix rx reordering with non explicit / psmp ack policy
- nl80211: validate S1G channel width
- nl80211: fix locking in nl80211_set_tx_bitrate_mask()
- ethernet: tulip: fix missing pci_disable_device() on error in
tulip_init_one()
- [amd64,arm64] net: atlantic: fix "frag[0] not initialized"
- [amd64,arm64] net: atlantic: reduce scope of is_rsc_complete
- [amd64,arm64] net: atlantic: add check for MAX_SKB_FRAGS
- [amd64,arm64] net: atlantic: verify hw_head_ lies within TX buffer ring
- [arm64] Enable repeat tlbi workaround on KRYO4XX gold CPUs
- dt-bindings: pinctrl: aspeed-g6: remove FWQSPID group
- afs: Fix afs_getattr() to refetch file status if callback break occurred
- include/uapi/linux/xfrm.h: Fix XFRM_MSG_MAPPING ABI breakage
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.119
- lockdown: also lock down previous kgdb use (CVE-2022-21499)
- staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan()
- [x86] KVM: x86: Properly handle APF vs disabled LAPIC situation
- [x86] KVM: x86/mmu: fix NULL pointer dereference on guest INVPCID
(CVE-2022-1789)
- tcp: change source port randomizarion at connect() time
- secure_seq: use the 64 bits of the siphash for port offset calculation
(CVE-2022-1012)
- ACPI: sysfs: Make sparse happy about address space in use
- ACPI: sysfs: Fix BERT error region memory mapping
- random: avoid arch_get_random_seed_long() when collecting IRQ randomness
- random: remove dead code left over from blocking pool
- MAINTAINERS: co-maintain random.c
- MAINTAINERS: add git tree for random.c
- crypto: lib/blake2s - Move selftest prototype into header file
- crypto: blake2s - define shash_alg structs using macros
- [amd64] crypto: x86/blake2s - define shash_alg structs using macros
- crypto: blake2s - remove unneeded includes
- crypto: blake2s - move update and final logic to internal/blake2s.h
- crypto: blake2s - share the "shash" API boilerplate code
- crypto: blake2s - optimize blake2s initialization
- crypto: blake2s - add comment for blake2s_state fields
- crypto: blake2s - adjust include guard naming
- crypto: blake2s - include <linux/bug.h> instead of <asm/bug.h>
- lib/crypto: blake2s: include as built-in
- lib/crypto: blake2s: move hmac construction into wireguard
- lib/crypto: sha1: re-roll loops to reduce code size
- lib/crypto: blake2s: avoid indirect calls to compression function for
Clang CFI
- random: document add_hwgenerator_randomness() with other input functions
- random: remove unused irq_flags argument from add_interrupt_randomness()
- random: use BLAKE2s instead of SHA1 in extraction
- random: do not sign extend bytes for rotation when mixing
- random: do not re-init if crng_reseed completes before primary init
- random: mix bootloader randomness into pool
- random: harmonize "crng init done" messages
- random: use IS_ENABLED(CONFIG_NUMA) instead of ifdefs
- random: early initialization of ChaCha constants
- random: avoid superfluous call to RDRAND in CRNG extraction
- random: don't reset crng_init_cnt on urandom_read()
- random: fix typo in comments
- random: cleanup poolinfo abstraction
- random: cleanup integer types
- random: remove incomplete last_data logic
- random: remove unused extract_entropy() reserved argument
- random: rather than entropy_store abstraction, use global
- random: remove unused OUTPUT_POOL constants
- random: de-duplicate INPUT_POOL constants
- random: prepend remaining pool constants with POOL_
- random: cleanup fractional entropy shift constants
- random: access input_pool_data directly rather than through pointer
- random: selectively clang-format where it makes sense
- random: simplify arithmetic function flow in account()
- random: continually use hwgenerator randomness
- random: access primary_pool directly rather than through pointer
- random: only call crng_finalize_init() for primary_crng
- random: use computational hash for entropy extraction
- random: simplify entropy debiting
- random: use linear min-entropy accumulation crediting
- random: always wake up entropy writers after extraction
- random: make credit_entropy_bits() always safe
- random: remove use_input_pool parameter from crng_reseed()
- random: remove batched entropy locking
- random: fix locking in crng_fast_load()
- random: use RDSEED instead of RDRAND in entropy extraction
- random: get rid of secondary crngs
- random: inline leaves of rand_initialize()
- random: ensure early RDSEED goes through mixer on init
- random: do not xor RDRAND when writing into /dev/random
- random: absorb fast pool into input pool after fast load
- random: use simpler fast key erasure flow on per-cpu keys
- random: use hash function for crng_slow_load()
- random: make more consistent use of integer types
- random: remove outdated INT_MAX >> 6 check in urandom_read()
- random: zero buffer after reading entropy from userspace
- random: fix locking for crng_init in crng_reseed()
- random: tie batched entropy generation to base_crng generation
- random: remove ifdef'd out interrupt bench
- random: remove unused tracepoints
- random: add proper SPDX header
- random: deobfuscate irq u32/u64 contributions
- random: introduce drain_entropy() helper to declutter crng_reseed()
- random: remove useless header comment
- random: remove whitespace and reorder includes
- random: group initialization wait functions
- random: group crng functions
- random: group entropy extraction functions
- random: group entropy collection functions
- random: group userspace read/write functions
- random: group sysctl functions
- random: rewrite header introductory comment
- random: defer fast pool mixing to worker
- random: do not take pool spinlock at boot
- random: unify early init crng load accounting
- random: check for crng_init == 0 in add_device_randomness()
- random: pull add_hwgenerator_randomness() declaration into random.h
- random: clear fast pool, crng, and batches in cpuhp bring up
- random: round-robin registers as ulong, not u32
- random: only wake up writers after zap if threshold was passed
- random: cleanup UUID handling
- random: unify cycles_t and jiffies usage and types
- random: do crng pre-init loading in worker rather than irq
- random: give sysctl_random_min_urandom_seed a more sensible value
- random: don't let 644 read-only sysctls be written to
- random: replace custom notifier chain with standard one
- random: use SipHash as interrupt entropy accumulator
- random: make consistent usage of crng_ready()
- random: reseed more often immediately after booting
- random: check for signal and try earlier when generating entropy
- random: skip fast_init if hwrng provides large chunk of entropy
- random: treat bootloader trust toggle the same way as cpu trust toggle
- random: re-add removed comment about get_random_{u32,u64} reseeding
- random: mix build-time latent entropy into pool at init
- random: do not split fast init input in add_hwgenerator_randomness()
- random: do not allow user to keep crng key around on stack
- random: check for signal_pending() outside of need_resched() check
- random: check for signals every PAGE_SIZE chunk of /dev/[u]random
- random: allow partial reads if later user copies fail
- random: make random_get_entropy() return an unsigned long
- random: document crng_fast_key_erasure() destination possibility
- random: fix sysctl documentation nits
- init: call time_init() before rand_initialize()
- [s390x] define get_cycles macro for arch-override
- [powerpc*] define get_cycles macro for arch-override
- timekeeping: Add raw clock fallback for random_get_entropy()
- [mips*] use fallback for random_get_entropy() instead of just c0 random
- [arm*] use fallback for random_get_entropy() instead of zero
- [x86] tsc: Use fallback for random_get_entropy() instead of zero
- random: insist on random_get_entropy() existing in order to simplify
- random: do not use batches when !crng_ready()
- random: use first 128 bits of input as fast init
- random: do not pretend to handle premature next security model
- random: order timer entropy functions below interrupt functions
- random: do not use input pool from hard IRQs
- random: help compiler out with fast_mix() by using simpler arguments
- siphash: use one source of truth for siphash permutations
- random: use symbolic constants for crng_init states
- random: avoid initializing twice in credit race
- random: move initialization out of reseeding hot path
- random: remove ratelimiting for in-kernel unseeded randomness
- random: use proper jiffies comparison macro
- random: handle latent entropy and command line from random_init()
- random: credit architectural init the exact amount
- random: use static branch for crng_ready()
- random: remove extern from functions in header
- random: use proper return types on get_random_{int,long}_wait()
- random: make consistent use of buf and len
- random: move initialization functions out of hot pages
- random: move randomize_page() into mm where it belongs
- random: unify batched entropy implementations
- random: convert to using fops->read_iter()
- random: convert to using fops->write_iter()
- random: wire up fops->splice_{read,write}_iter()
- random: check for signals after page of pool writes
- ALSA: ctxfi: Add SB046x PCI ID
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.120
- percpu_ref_init(): clean ->percpu_count_ref on failure
- net: af_key: check encryption module availability consistency
- nfc: pn533: Fix buggy cleanup order
- [armhf] net: ftgmac100: Disable hardware checksum on AST2600
- [x86] i2c: ismt: Provide a DMA buffer for Interrupt Cause Logging
- [arm64] drivers: i2c: thunderx: Allow driver to work with ACPI defined
TWSI controllers
- netfilter: nf_tables: disallow non-stateful expression in sets earlier
(CVE-2022-1966)
- pipe: make poll_usage boolean and annotate its access
- pipe: Fix missing lock in pipe_resize_ring() (ZDI-CAN-17291)
- cfg80211: set custom regdomain after wiphy registration
- assoc_array: Fix BUG_ON during garbage collect
- io_uring: don't re-import iovecs from callbacks
- io_uring: fix using under-expanded iters
- xfs: detect overflows in bmbt records
- xfs: show the proper user quota options
- xfs: fix the forward progress assertion in xfs_iwalk_run_callbacks
- xfs: fix an ABBA deadlock in xfs_rename
- xfs: Fix CIL throttle hang when CIL space used going backwards
- exfat: check if cluster num is valid
- crypto: drbg - prepare for more fine-grained tracking of seeding state
- crypto: drbg - track whether DRBG was seeded with !rng_is_initialized()
- crypto: drbg - move dynamic ->reseed_threshold adjustments to
__drbg_seed()
- crypto: drbg - make reseeding from get_random_bytes() synchronous
- netfilter: nf_tables: sanitize nft_set_desc_concat_parse() (CVE-2022-1972)
- netfilter: conntrack: re-fetch conntrack after insertion
- [x86] kvm: Alloc dummy async #PF token outside of raw spinlock
- [x86] kvm: use correct GFP flags for preemption disabled
- [x86] KVM: x86: avoid calling x86 emulator without a decoded instruction
(CVE-2022-1852)
- [arm64] crypto: caam - fix i.MX6SX entropy delay value
- crypto: ecrdsa - Fix incorrect use of vli_cmp
- zsmalloc: fix races between asynchronous zspage free and page migration
- Bluetooth: hci_qca: Use del_timer_sync() before freeing
- dm integrity: fix error code in dm_integrity_ctr()
- dm crypt: make printing of the key constant-time
- dm stats: add cond_resched when looping over entries
- dm verity: set DM_TARGET_IMMUTABLE feature flag
- raid5: introduce MD_BROKEN
- HID: multitouch: Add support for Google Whiskers Touchpad
- HID: multitouch: add quirks to enable Lenovo X12 trackpoint
- tpm: Fix buffer access in tpm2_get_tpm_pt()
- docs: submitting-patches: Fix crossref to 'The canonical patch format'
- NFS: Memory allocation failures are not server fatal errors
- NFSD: Fix possible sleep during nfsd4_release_lockowner()
- bpf: Fix potential array overflow in bpf_trampoline_get_progs()
- bpf: Enlarge offset check value to INT_MAX in bpf_skb_{load,store}_bytes
.
[ Salvatore Bonaccorso ]
* [rt] Update to 5.10.115-rt67
* Bump ABI to 15
* [rt] Drop "random: Make it work on rt"
.
[ Mateusz Łukasik ]
* [armhf] drivers/thermal: Enable SUN8I_THERMAL as module (Closes: #1007799)
.
linux (5.10.113-1) bullseye-security; urgency=high
.
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.107
- Revert "xfrm: state and policy should fail if XFRMA_IF_ID 0"
(Closes: #1008299)
- xfrm: Check if_id in xfrm_migrate
- xfrm: Fix xfrm migrate issues when address family changes
- mac80211: refuse aggregations sessions before authorized
- [mips64el,mipsel] smp: fill in sibling and core maps earlier
- [x86] atm: firestream: check the return value of ioremap() in fs_init()
- iwlwifi: don't advertise TWT support
- drm/vrr: Set VRR capable prop only if it is attached to connector
- nl80211: Update bss channel on channel switch for P2P_CLIENT
- sfc: extend the locking on mcdi->seqno
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.108
- [arm64] crypto: qcom-rng - ensure buffer for generate is completely filled
- ocfs2: fix crash when initialize filecheck kobj fails
- mm: swap: get rid of livelock in swapin readahead
- efi: fix return value of __setup handlers
- vsock: each transport cycles only on its own sockets
- esp6: fix check on ipv6_skip_exthdr's return value
- net: phy: marvell: Fix invalid comparison in the resume and suspend
functions
- net/packet: fix slab-out-of-bounds access in packet_recvmsg()
- atm: eni: Add check for dma_map_single
- [x86] hv_netvsc: Add check for kvmalloc_array
- [armhf] drm/imx: parallel-display: Remove bus flags check in
imx_pd_bridge_atomic_check()
- [arm64,armhf] drm/panel: simple: Fix Innolux G070Y2-L01 BPP settings
- net: handle ARPHRD_PIMREG in dev_is_mac_header_xmit()
- [arm64,armhf] net: dsa: Add missing of_node_put() in dsa_port_parse_of
- net: phy: mscc: Add MODULE_FIRMWARE macros
- bnx2x: fix built-in kernel driver load failure
- [arm64] net: bcmgenet: skip invalid partial checksums
- [arm64] net: mscc: ocelot: fix backwards compatibility with single-chain
tc-flower offload
- usb: gadget: rndis: prevent integer overflow in rndis_set_response()
- usb: gadget: Fix use-after-free bug by not setting udc->dev.driver
- usb: usbtmc: Fix bug in pipe direction for control transfers
- scsi: mpt3sas: Page fault in reply q processing
- Input: aiptek - properly check endpoint type
- perf symbols: Fix symbol size calculation condition
- net: usb: Correct PHY handling of smsc95xx
- net: usb: Correct reset handling of smsc95xx
- smsc95xx: Ignore -ENODEV errors when device is unplugged
- esp: Fix possible buffer overflow in ESP transformation (CVE-2022-27666)
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.109
- nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION
(CVE-2022-26490)
- net: ipv6: fix skb_over_panic in __ip6_append_data
- exfat: avoid incorrectly releasing for root inode
- cgroup: Allocate cgroup_file_ctx for kernfs_open_file->priv
(CVE-2021-4197)
- cgroup: Use open-time cgroup namespace for process migration perm checks
(CVE-2021-4197)
- cgroup-v1: Correct privileges check in release_agent writes
- tpm: Fix error handling in async work
- llc: fix netdevice reference leaks in llc_ui_bind() (CVE-2022-28356)
- ALSA: oss: Fix PCM OSS buffer allocation overflow
- ALSA: hda/realtek: Add quirk for Clevo NP70PNJ
- ALSA: hda/realtek: Add quirk for Clevo NP50PNJ
- ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671
- ALSA: hda/realtek: Add quirk for ASUS GA402
- ALSA: pcm: Fix races among concurrent hw_params and hw_free calls
(CVE-2022-1048)
- ALSA: pcm: Fix races among concurrent read/write and buffer changes
(CVE-2022-1048)
- ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls
(CVE-2022-1048)
- ALSA: pcm: Fix races among concurrent prealloc proc writes (CVE-2022-1048)
- ALSA: pcm: Add stream lock during PCM reset ioctl operations
- ALSA: usb-audio: Add mute TLV for playback volumes on RODE NT-USB
- ALSA: cmipci: Restore aux vol on suspend/resume
- ALSA: pci: fix reading of swapped values from pcmreg in AC97 codec
- [arm64] drivers: net: xgene: Fix regression in CRC stripping
- netfilter: nf_tables: initialize registers in nft_do_chain()
(CVE-2022-1016)
- [x86] ACPI / x86: Work around broken XSDT on Advantech DAC-BJ01 board
- ACPI: battery: Add device HID and quirk for Microsoft Surface Go 3
- [x86] ACPI: video: Force backlight native for Clevo NL5xRU and NL5xNU
- [x86] crypto: qat - disable registration of algorithms
- Revert "ath: add support for special 0x0 regulatory domain"
- rcu: Don't deboost before reporting expedited quiescent state
- mac80211: fix potential double free on mesh join
- tpm: use try_get_ops() in tpm-space.c
- [arm64] wcn36xx: Differentiate wcn3660 from wcn3620
- llc: only change llc->dev when bind() succeeds
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.110
- swiotlb: fix info leak with DMA_FROM_DEVICE (CVE-2022-0854)
- USB: serial: pl2303: add IBM device IDs
- USB: serial: simple: add Nokia phone driver
- netdevice: add the case if dev is NULL
- HID: logitech-dj: add new lightspeed receiver id
- xfrm: fix tunnel model fragmentation behavior
- virtio_console: break out of buf poll on remove
- ethernet: sun: Free the coherent when failing in probing
- gpio: Revert regression in sysfs-gpio (gpiolib.c)
- spi: Fix invalid sgs value
- Revert "gpio: Revert regression in sysfs-gpio (gpiolib.c)"
- spi: Fix erroneous sgs value with min_t()
- af_key: add __GFP_ZERO flag for compose_sadb_supported in function
pfkey_register (CVE-2022-1353)
- [arm*] iommu/iova: Improve 32-bit free space estimate
- tpm: fix reference counting for struct tpm_chip
- virtio-blk: Use blk_validate_block_size() to validate block size
- USB: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c
- xhci: fix garbage USBSTS being logged in some cases
- xhci: fix runtime PM imbalance in USB2 resume
- xhci: make xhci_handshake timeout for xhci_reset() adjustable
- xhci: fix uninitialized string returned by xhci_decode_ctrl_ctx()
- [x86] mei: me: add Alder Lake N device id.
- [x86] mei: avoid iterator usage outside of list_for_each_entry
- iio: inkern: apply consumer scale on IIO_VAL_INT cases
- iio: inkern: apply consumer scale when no channel scale is available
- iio: inkern: make a best effort on offset calculation
- ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE
- KEYS: fix length validation in keyctl_pkey_params_get_2()
- Documentation: add link to stable release candidate tree
- Documentation: update stable tree link
- firmware: stratix10-svc: add missing callback parameter on RSU
- SUNRPC: avoid race between mod_timer() and del_timer_sync()
- NFSD: prevent underflow in nfssvc_decode_writeargs()
- NFSD: prevent integer overflow on 32 bit systems
- f2fs: fix to unlock page correctly in error path of is_alive()
- f2fs: quota: fix loop condition at f2fs_quota_sync()
- f2fs: fix to do sanity check on .cp_pack_total_block_count
- [armhf] remoteproc: Fix count check in rproc_coredump_write()
- [armhf] pinctrl: samsung: drop pin banks references on error paths
- mtd: rawnand: protect access to rawnand devices while in suspend
- can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error
path (CVE-2022-28390)
- jffs2: fix use-after-free in jffs2_clear_xattr_subsystem
- jffs2: fix memory leak in jffs2_do_mount_fs
- jffs2: fix memory leak in jffs2_scan_medium
- mm/pages_alloc.c: don't create ZONE_MOVABLE beyond the end of a node
- mm: invalidate hwpoison page cache page in fault path
- mempolicy: mbind_range() set_policy() after vma_merge()
- scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands
- qed: display VF trust config
- qed: validate and restrict untrusted VFs vlan promisc mode
- Revert "Input: clear BTN_RIGHT/MIDDLE on buttonpads"
- cifs: prevent bad output lengths in smb2_ioctl_query_info()
- cifs: fix NULL ptr dereference in smb2_ioctl_query_info()
(CVE-2022-0168)
- [i386] ALSA: cs4236: fix an incorrect NULL check on list iterator
- ALSA: hda: Avoid unsol event during RPM suspending
- ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock
- ALSA: hda/realtek: Fix audio regression on Mi Notebook Pro 2020
- mm: madvise: skip unmapped vma holes passed to process_madvise
- mm: madvise: return correct bytes advised with process_madvise
- Revert "mm: madvise: skip unmapped vma holes passed to process_madvise"
- mm,hwpoison: unmap poisoned page before invalidation
- dm integrity: set journal entry unused when shrinking device
- drbd: fix potential silent data corruption
- can: isotp: sanitize CAN ID checks in isotp_bind()
- [powerpc*] kvm: Fix kvm_use_magic_page
- udp: call udp_encap_enable for v6 sockets when enabling encap
- [arm64] signal: nofpsimd: Do not allocate fp/simd context when not
available
- ACPI: properties: Consistently return -ENOENT if there are no more
references
- coredump: Also dump first pages of non-executable ELF libraries
- ext4: fix ext4_fc_stats trace point
- ext4: fix fs corruption when tring to remove a non-empty directory with IO
error
- drivers: hamradio: 6pack: fix UAF bug caused by mod_timer()
(CVE-2022-1198)
- block: limit request dispatch loop duration
- block: don't merge across cgroup boundaries if blkcg is enabled
- drm/edid: check basic audio support on CEA extension block
- [armhf] dts: exynos: add missing HDMI supplies on SMDK5250
- [armhf] dts: exynos: add missing HDMI supplies on SMDK5420
- [x86] mgag200 fix memmapsl configuration in GCTL6 register
- carl9170: fix missing bit-wise or operator for tx_params
- pstore: Don't use semaphores in always-atomic-context code
- [x86] thermal: int340x: Increase bitmap size
- exec: Force single empty string when argv is empty
- crypto: rsa-pkcs1pad - only allow with rsa
- crypto: rsa-pkcs1pad - correctly get hash from source scatterlist
- crypto: rsa-pkcs1pad - restore signature length check
- crypto: rsa-pkcs1pad - fix buffer overread in pkcs1pad_verify_complete()
- bcache: fixup multiple threads crash
- DEC: Limit PMAX memory probing to R3k systems
- brcmfmac: firmware: Allocate space for default boardrev in nvram
- brcmfmac: pcie: Release firmwares in the brcmf_pcie_setup error path
- brcmfmac: pcie: Replace brcmf_pcie_copy_mem_todev with memcpy_toio
- brcmfmac: pcie: Fix crashes due to early IRQs
- [x86] drm/i915/opregion: check port number bounds for SWSCI display power
state
- [x86] drm/i915/gem: add missing boundary check in vm_access
- PCI: pciehp: Clear cmd_busy bit in polling mode
- [arm64] PCI: xgene: Revert "PCI: xgene: Fix IB window setup"
- [arm64] regulator: qcom_smd: fix for_each_child.cocci warnings
- selinux: check return value of sel_make_avc_files
- [arm64] hwrng: cavium - Check health status while reading random data
- [arm64] hwrng: cavium - HW_RANDOM_CAVIUM should depend on ARCH_THUNDER
- crypto: authenc - Fix sleep in atomic context in decrypt_tail
- [x86] thermal: int340x: Check for NULL after calling kmemdup()
- [arm64,armhf] spi: tegra114: Add missing IRQ check in tegra_spi_probe
- [arm64] mm: avoid fixmap race condition when create pud mapping
- audit: log AUDIT_TIME_* records only from rules
- spi: pxa2xx-pci: Balance reference count for PCI DMA device
- [armhf] hwmon: (pmbus) Add mutex to regulator ops
- hwmon: (sch56xx-common) Replace WDOG_ACTIVE with WDOG_HW_RUNNING
- nvme: cleanup __nvme_check_ids
- block: don't delete queue kobject before its children
- PM: hibernate: fix __setup handler error handling
- PM: suspend: fix return value of __setup handler
- [arm64] crypto: sun8i-ce - call finalize with bh disabled
- [arm64,armhf] crypto: amlogic - call finalize with bh disabled
- [armhf] clocksource/drivers/timer-ti-dm: Fix regression from errata i940
fix
- [armhf] clocksource/drivers/exynos_mct: Refactor resources allocation
- [armhf] clocksource/drivers/exynos_mct: Handle DTS with higher number of
interrupts
- clocksource/drivers/timer-of: Check return value of of_iomap in
timer_of_base_init()
- ACPI: APEI: fix return value of __setup handlers
- [x86] crypto: ccp - ccp_dmaengine_unregister release dma channels
- [arm*] amba: Make the remove callback return void
- [armhf] hwmon: (pmbus) Add Vin unit off handling
- [x86] clocksource: acpi_pm: fix return value of __setup handler
- io_uring: terminate manual loop iterator loop correctly for non-vecs
- watch_queue: Fix NULL dereference in error cleanup
- watch_queue: Actually free the watch
- f2fs: fix to enable ATGC correctly via gc_idle sysfs interface
- sched/debug: Remove mpol_get/put and task_lock/unlock from sched_show_numa
- sched/core: Export pelt_thermal_tp
- rseq: Optimise rseq_get_rseq_cs() and clear_rseq_cs()
- rseq: Remove broken uapi field layout on 32-bit little endian
- perf/core: Fix address filter parser for multiple filters
- [x86] perf/x86/intel/pt: Fix address filter config for 32-bit kernel
- f2fs: fix missing free nid in f2fs_handle_failed_inode
- nfsd: more robust allocation failure handling in nfsd_file_cache_init
- f2fs: fix to avoid potential deadlock
- btrfs: fix unexpected error path when reflinking an inline extent
- f2fs: compress: remove unneeded read when rewrite whole cluster
- f2fs: fix compressed file start atomic write may cause data corruption
- [arm64,armhf] media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP
buffers across ioctls
- media: bttv: fix WARNING regression on tunerless devices
- [arm*] ASoC: generic: simple-card-utils: remove useless assignment
- [armhf] media: coda: Fix missing put_device() call in coda_get_vdoa_data
- [armhf] media: aspeed: Correct value for h-total-pixels
- video: fbdev: matroxfb: set maxvram of vbG200eW to the same as vbG200 to
avoid black screen
- video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe()
- video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name()
- [arm64] firmware: qcom: scm: Remove reassignment to desc following
initializer
- firmware: ti_sci: Fix compilation failure when CONFIG_TI_SCI_PROTOCOL is
not defined
- [armhf] dts: imx: Add missing LVDS decoder on M53Menlo
- media: em28xx: initialize refcount before kref_get
- media: usb: go7007: s2250-board: fix leak in probe()
- [arm64,armhf] media: cedrus: H265: Fix neighbour info buffer size
- [arm64,armhf] media: cedrus: h264: Fix neighbour info buffer size
- [x86] ASoC: rt5663: check the return value of devm_kzalloc() in
rt5663_parse_dp()
- printk: fix return value of printk.devkmsg __setup handler
- [x86] ASoC: soc-compress: prevent the potentially use of null pointer
- [armhf] memory: emif: Add check for setup_interrupts
- [armhf] memory: emif: check the pointer temp in get_device_details()
- ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction
- [arm64] dts: rockchip: Fix SDIO regulator supply properties on
rk3399-firefly
- media: stk1160: If start stream fails, return buffers with
VB2_BUF_STATE_QUEUED
- media: saa7134: convert list_for_each to entry variant
- media: saa7134: fix incorrect use to determine if list is empty
- ivtv: fix incorrect device_caps for ivtvfb
- [arm64,armhf] ASoC: rockchip: i2s: Use
devm_platform_get_and_ioremap_resource()
- [arm64,armhf] ASoC: rockchip: i2s: Fix missing clk_disable_unprepare() in
rockchip_i2s_probe
- ASoC: dmaengine: do not use a NULL prepare_slave_config() callback
- [armhf] ASoC: fsl_spdif: Disable TX clock when stop
- [armhf] ASoC: imx-es8328: Fix error return code in imx_es8328_probe()
- [arm64] drm/meson: osd_afbcd: Add an exit callback to struct
meson_afbcd_ops
- [arm64,armhf] drm/bridge: Add missing pm_runtime_disable() in
__dw_mipi_dsi_probe
- [arm64] drm: bridge: adv7511: Fix ADV7535 HPD enablement
- ath10k: fix memory overwrite of the WoWLAN wakeup packet pattern
- [arm64,armhf] drm/panfrost: Check for error num after setting mask
- Bluetooth: hci_serdev: call init_rwsem() before p->open()
- [armhf] mtd: rawnand: gpmi: fix controller timings setting
- drm/edid: Don't clear formats if using deep color
- drm/nouveau/acr: Fix undefined behavior in nvkm_acr_hsfw_load_bl()
- drm/amd/display: Fix a NULL pointer dereference in
amdgpu_dm_connector_add_common_modes()
- drm/amd/pm: return -ENOTSUPP if there is no get_dpm_ultimate_freq function
- ath9k_htc: fix uninit value bugs
- RDMA/core: Set MR type in ib_reg_user_mr
- [powerpc*] KVM: PPC: Fix vmx/vsx mixup in mmio emulation
- i40e: don't reserve excessive XDP_PACKET_HEADROOM on XSK Rx to skb
- i40e: respect metadata on XSK Rx to skb
- [x86] ray_cs: Check ioremap return value
- [powerpc*] KVM: PPC: Book3S HV: Check return value of kvmppc_radix_init
- [powerpc*] perf: Don't use perf_hw_context for trace IMC PMU
- [arm64,armhf] net: dsa: mv88e6xxx: Enable port policy support on 6097
- [arm64] PCI: aardvark: Fix reading PCI_EXP_RTSTA_PME bit on emulated
bridge
- [arm64,armhf] drm/bridge: dw-hdmi: use safe format when first in bridge
chain
- HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports
- drm/amd/pm: enable pm sysfs write for one VF mode
- drm/amd/display: Add affected crtcs to atomic state for dsc mst unplug
- IB/cma: Allow XRC INI QPs to set their local ACK timeout
- dax: make sure inodes are flushed before destroy cache
- iwlwifi: Fix -EIO error code that is never returned
- iwlwifi: mvm: Fix an error code in iwl_mvm_up()
- [arm64] drm/msm/dp: populate connector of struct dp_panel
- [arm64] drm/msm/dpu: add DSPP blocks teardown
- [arm64] drm/msm/dpu: fix dp audio condition
- scsi: pm8001: Fix command initialization in pm80XX_send_read_log()
- scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req()
- scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config()
- scsi: pm8001: Fix le32 values handling in
pm80xx_set_sas_protocol_timer_config()
- scsi: pm8001: Fix payload initialization in pm80xx_encrypt_update()
- scsi: pm8001: Fix le32 values handling in pm80xx_chip_ssp_io_req()
- scsi: pm8001: Fix le32 values handling in pm80xx_chip_sata_req()
- scsi: pm8001: Fix NCQ NON DATA command task initialization
- scsi: pm8001: Fix NCQ NON DATA command completion handling
- scsi: pm8001: Fix abort all task initialization
- RDMA/mlx5: Fix the flow of a miss in the allocation of a cache ODP MR
- drm/amd/display: Remove vupdate_int_entry definition
- TOMOYO: fix __setup handlers return values
- [arm64,armhf] drm/tegra: Fix reference leak in tegra_dsi_ganged_probe
- [x86] power: supply: bq24190_charger: Fix bq24190_vbus_is_enabled() wrong
false return
- [arm64] scsi: hisi_sas: Change permission of parameter prot_mask
- [arm64] bpf, arm64: Call build_prologue() first in first JIT pass
- [arm64] bpf, arm64: Feed byte-offset into bpf line info
- [arm64,armhf] gpu: host1x: Fix a memory leak in 'host1x_remove()'
- [powerpc*] mm/numa: skip NUMA_NO_NODE onlining in parse_numa_properties()
- [x86] KVM: x86: Fix emulation in writing cr8
- [x86] KVM: x86/emulator: Defer not-present segment check in
__load_segment_descriptor()
- [x86] hv_balloon: rate-limit "Unhandled message" warning
- [amd64] IB/hfi1: Allow larger MTU without AIP
- PCI: Reduce warnings on possible RW1C corruption
- [armhf] mfd: mc13xxx: Add check for mc13xxx_irq_request
- [x86] platform/x86: huawei-wmi: check the return value of
device_create_file()
- vxcan: enable local echo for sent CAN frames
- ath10k: Fix error handling in ath10k_setup_msa_resources
- [mips*] pgalloc: fix memory leak caused by pgd_free()
- RDMA/mlx5: Fix memory leak in error flow for subscribe event routine
- bpf, sockmap: Fix memleak in tcp_bpf_sendmsg while sk msg is full
- bpf, sockmap: Fix more uncharged while msg has more_data
- bpf, sockmap: Fix double uncharge the mem of sk_msg
- USB: storage: ums-realtek: fix error code in rts51x_read_mem()
- can: isotp: return -EADDRNOTAVAIL when reading from unbound socket
- can: isotp: support MSG_TRUNC flag when reading from socket
- Bluetooth: call hci_le_conn_failed with hdev lock in hci_le_conn_failed
- ipv4: Fix route lookups when handling ICMP redirects and PMTU updates
- af_netlink: Fix shift out of bounds in group mask calculation
- [arm64,armhf] i2c: meson: Fix wrong speed use from probe
- PCI: Avoid broken MSI on SB600 USB devices
- [arm64] net: bcmgenet: Use stronger register read/writes to assure
ordering
- tcp: ensure PMTU updates are processed during fastopen
- openvswitch: always update flow key after nat
- tipc: fix the timer expires after interval 100ms
- [x86] mxser: fix xmit_buf leak in activate when LSR == 0xff
- [armhf] fsi: aspeed: convert to devm_platform_ioremap_resource
- [armhf] fsi: Aspeed: Fix a potential double free
- soundwire: intel: fix wrong register name in intel_shim_wake
- iio: mma8452: Fix probe failing when an i2c_device_id is used
- [arm64,armhf] phy: dphy: Correct lpx parameter and its
derivatives(ta_{get,go,sure})
- [x86] serial: 8250_mid: Balance reference count for PCI DMA device
- [x86] serial: 8250_lpss: Balance reference count for PCI DMA device
- NFS: Use of mapping_set_error() results in spurious errors
- serial: 8250: Fix race condition in RTS-after-send handling
- NFS: Return valid errors from nfs2/3_decode_dirent()
- [arm64] clk: qcom: clk-rcg2: Update logic to calculate D value for RCG
- [arm64] clk: qcom: clk-rcg2: Update the frac table for pixel clock
- nvdimm/region: Fix default alignment for small regions
- [armhf] clk: tegra: tegra124-emc: Fix missing put_device() call in
emc_ensure_emc_driver
- NFS: remove unneeded check in decode_devicenotify_args()
- [arm64,armhf] pinctrl/rockchip: Add missing of_node_put() in
rockchip_pinctrl_probe
- [s390x] tty: hvc: fix return value of __setup handler
- serial: 8250: fix XOFF/XON sending when DMA is used
- driver core: dd: fix return value of __setup handler
- jfs: fix divide error in dbNextAG
- netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options
- NFSv4.1: don't retry BIND_CONN_TO_SESSION on session error
- kdb: Fix the putarea helper function
- clk: Initialize orphan req_rate
- [amd64] xen: fix is_xen_pmu()
- [arm64] net: enetc: report software timestamping via SO_TIMESTAMPING
- [arm64] net: hns3: fix bug when PF set the duplicate MAC address for VFs
- net: phy: broadcom: Fix brcm_fet_config_init()
- NFSv4/pNFS: Fix another issue with a list iterator pointing to the head
- [armhf] net: dsa: bcm_sf2_cfp: fix an incorrect NULL check on list
iterator
- fs: fd tables have to be multiples of BITS_PER_LONG
- fs: fix fd table size alignment properly
- LSM: general protection fault in legacy_parse_param
- block, bfq: don't move oom_bfqq
- selinux: use correct type for context length
- selinux: allow FIOCLEX and FIONCLEX with policy capability
- loop: use sysfs_emit() in the sysfs xxx show()
- Fix incorrect type in assignment of ipv6 port for audit
- fs/binfmt_elf: Fix AT_PHDR for unusual ELF files
- bfq: fix use-after-free in bfq_dispatch_request
- ACPICA: Avoid walking the ACPI Namespace if it is not there
- Revert "Revert "block, bfq: honor already-setup queue merges""
- ACPI/APEI: Limit printable size of BERT table data
- PM: core: keep irq flags in device_pm_check_callbacks()
- nvme-tcp: lockdep: annotate in-kernel sockets
- [arm64] spi: tegra20: Use of_device_get_match_data()
- ext4: correct cluster len and clusters changed accounting in
ext4_mb_mark_bb
- ext4: fix ext4_mb_mark_bb() with flex_bg with fast_commit
- ext4: don't BUG if someone dirty pages without asking ext4 first
- f2fs: fix to do sanity check on curseg->alloc_type
- NFSD: Fix nfsd_breaker_owns_lease() return values
- f2fs: compress: fix to print raw data size in error path of lz4
decompression
- video: fbdev: cirrusfb: check pixclock to avoid divide by zero
- [armel,armhf] ftrace: avoid redundant loads or clobbering IP
- video: fbdev: udlfb: replace snprintf in show functions with sysfs_emit
- ASoC: soc-core: skip zero num_dai component in searching dai name
- media: cx88-mpeg: clear interrupt status register before streaming video
- uaccess: fix type mismatch warnings from access_ok()
- media: Revert "media: em28xx: add missing em28xx_close_extension"
- media: hdpvr: initialize dev->worker at hdpvr_register_videodev
- mmc: host: Return an error when ->enable_sdio_irq() ops is missing
- ALSA: hda/realtek: Add alc256-samsung-headphone fixup
- [x86] KVM: x86/mmu: Check for present SPTE when clearing dirty bit in TDP
MMU
- [powerpc*] lib/sstep: Fix 'sthcx' instruction
- [powerpc*] lib/sstep: Fix build errors with newer binutils
- scsi: qla2xxx: Fix stuck session in gpdb
- scsi: qla2xxx: Fix scheduling while atomic
- scsi: qla2xxx: Fix wrong FDMI data for 64G adapter
- scsi: qla2xxx: Fix warning for missing error code
- scsi: qla2xxx: Fix device reconnect in loop topology
- scsi: qla2xxx: Add devids and conditionals for 28xx
- scsi: qla2xxx: Check for firmware dump already collected
- scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair()
- scsi: qla2xxx: Fix disk failure to rediscover
- scsi: qla2xxx: Fix incorrect reporting of task management failure
- scsi: qla2xxx: Fix hang due to session stuck
- scsi: qla2xxx: Fix missed DMA unmap for NVMe ls requests
- scsi: qla2xxx: Fix N2N inconsistent PLOGI
- scsi: qla2xxx: Reduce false trigger to login
- scsi: qla2xxx: Use correct feature type field during RFF_ID processing
- [arm64] platform: chrome: Split trace include file
- [x86] KVM: x86: Forbid VMM to set SYNIC/STIMER MSRs when SynIC wasn't
activated
- KVM: Prevent module exit until all VMs are freed
- [x86] KVM: x86: fix sending PV IPI
- [x86] KVM: SVM: fix panic on out-of-bounds guest IRQ
- [x86] ASoC: SOF: Intel: Fix NULL ptr dereference when ENOMEM
- ubifs: rename_whiteout: Fix double free for whiteout_ui->data
- ubifs: Fix deadlock in concurrent rename whiteout and inode writeback
- ubifs: Add missing iput if do_tmpfile() failed in rename whiteout
- ubifs: setflags: Make dirtied_ino_d 8 bytes aligned
- ubifs: Fix read out-of-bounds in ubifs_wbuf_write_nolock()
- ubifs: Fix to add refcount once page is set private
- ubifs: rename_whiteout: correct old_dir size computing
- wireguard: queueing: use CFI-safe ptr_ring cleanup function
- wireguard: socket: free skb in send6 when ipv6 is disabled
- wireguard: socket: ignore v6 endpoints when ipv6 is disabled
- XArray: Fix xas_create_range() when multi-order entry present
- can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error
path (CVE-2022-28389)
- can: mcba_usb: properly check endpoint type
- XArray: Update the LRU list in xas_split()
- rtc: check if __rtc_read_time was successful
- gfs2: Make sure FITRIM minlen is rounded up to fs block size
- [arm64] net: hns3: fix software vlan talbe of vlan 0 inconsistent with
hardware
- rxrpc: Fix call timer start racing with call destruction
- [arm64] mailbox: imx: fix wakeup failure from freeze mode
- watch_queue: Free the page array when watch_queue is dismantled
- pinctrl: pinconf-generic: Print arguments for bias-pull-*
- ubi: Fix race condition between ctrl_cdev_ioctl and ubi_cdev_ioctl
- [arm*] iop32x: offset IRQ numbers by 1
- io_uring: fix memory leak of uid in files registration
- [amd64,arm64] ACPI: CPPC: Avoid out of bounds access when parsing _CPC
data
- [arm64] platform/chrome: cros_ec_typec: Check for EC device
- can: isotp: restore accidentally removed MSG_PEEK feature
- proc: bootconfig: Add null pointer check
- [x86] ASoC: soc-compress: Change the check for codec_dai
- batman-adv: Check ptr for NULL before reducing its refcnt
- mm/mmap: return 1 from stack_guard_gap __setup() handler
- mm/memcontrol: return 1 from cgroup.memory __setup() handler
- mm/usercopy: return 1 from hardened_usercopy __setup() handler
- bpf: Adjust BPF stack helper functions to accommodate skip > 0
- bpf: Fix comment for helper bpf_current_task_under_cgroup()
- dt-bindings: mtd: nand-controller: Fix the reg property description
- dt-bindings: mtd: nand-controller: Fix a comment in the examples
- dt-bindings: spi: mxic: The interrupt property is not mandatory
- [x86] ASoC: topology: Allow TLV control to be either read or write
- docs: sysctl/kernel: add missing bit to panic_print
- openvswitch: Fixed nd target mask field in the flow dump.
- [x86] KVM: x86/mmu: do compare-and-exchange of gPTE via the user address
(CVE-2022-1158)
- can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error
path (CVE-2022-28388)
- coredump: Snapshot the vmas in do_coredump
- coredump: Remove the WARN_ON in dump_vma_snapshot
- coredump/elf: Pass coredump_params into fill_note_info
- coredump: Use the vma snapshot in fill_files_note
- [arm64] Do not defer reserve_crashkernel() for platforms with no DMA
memory zones
- [arm64] PCI: xgene: Revert "PCI: xgene: Use inbound resources for setup"
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.111
- ubifs: Rectify space amount budget for mkdir/tmpfile operations
- gfs2: Check for active reservation in gfs2_release
- gfs2: Fix gfs2_release for non-writers regression
- gfs2: gfs2_setattr_size error path fix
- [x86] KVM: x86/svm: Clear reserved bits written to PerfEvtSeln MSRs
- [x86] KVM: x86/emulator: Emulate RDPID only if it is enabled in guest
- drm: Add orientation quirk for GPD Win Max
- ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111
- drm/amd/display: Add signal type check when verify stream backends same
- drm/amd/amdgpu/amdgpu_cs: fix refcount leak of a dma_fence obj
- ptp: replace snprintf with sysfs_emit
- [armhf] ath11k: fix kernel panic during unload/load ath11k modules
- ath11k: mhi: use mhi_sync_power_up()
- bpf: Make dst_port field in struct bpf_sock 16-bit wide
- scsi: mvsas: Replace snprintf() with sysfs_emit()
- scsi: bfa: Replace snprintf() with sysfs_emit()
- [arm64,armhf] power: supply: axp20x_battery: properly report current when
discharging
- mt76: dma: initialize skip_unmap in mt76_dma_rx_fill
- cfg80211: don't add non transmitted BSS to 6GHz scanned channels
- ipv6: make mc_forwarding atomic
- [powerpc*] Set crashkernel offset to mid of RMA region
- drm/amdgpu: Fix recursive locking warning
- [arm64] PCI: aardvark: Fix support for MSI interrupts
- [arm64] iommu/arm-smmu-v3: fix event handling soft lockup
- usb: ehci: add pci device support for Aspeed platforms
- tcp: Don't acquire inet_listen_hashbucket::lock with disabled BH.
- PCI: pciehp: Add Qualcomm quirk for Command Completed erratum
- iwlwifi: mvm: Correctly set fragmented EBS
- ipv4: Invalidate neighbour for broadcast address upon address addition
- dm ioctl: prevent potential spectre v1 gadget
- dm: requeue IO if mapping table not yet available
- scsi: pm8001: Fix pm80xx_pci_mem_copy() interface
- scsi: pm8001: Fix pm8001_mpi_task_abort_resp()
- scsi: pm8001: Fix task leak in pm8001_send_abort_all()
- scsi: pm8001: Fix tag leaks on error
- scsi: pm8001: Fix memory leak in pm8001_chip_fw_flash_update_req()
- scsi: aha152x: Fix aha152x_setup() __setup handler return value
- [arm64] scsi: hisi_sas: Free irq vectors in order for v3 HW
- net/smc: correct settings of RMB window update limit
- macvtap: advertise link netns via netlink
- tuntap: add sanity checks about msg_controllen in sendmsg
- Bluetooth: Fix not checking for valid hdev on bt_dev_{info,warn,err,dbg}
- Bluetooth: use memset avoid memory leaks
- bnxt_en: Eliminate unintended link toggle during FW reset
- [mps64el,mipsel] fix fortify panic when copying asm exception handlers
- scsi: libfc: Fix use after free in fc_exch_abts_resp()
- can: isotp: set default value for N_As to 50 micro seconds
- net: account alternate interface name memory
- net: limit altnames to 64k total
- net: sfp: add 2500base-X quirk for Lantech SFP module
- [armhf] usb: dwc3: omap: fix "unbalanced disables for smps10_out1" on
omap5evm
- Bluetooth: Fix use after free in hci_send_acl
- netlabel: fix out-of-bounds memory accesses
- ceph: fix memory leak in ceph_readdir when note_last_dentry returns error
- init/main.c: return 1 from handled __setup() functions
- minix: fix bug when opening a file with O_DIRECT
- [arm*] staging: vchiq_core: handle NULL result of find_service_by_handle
- [arm64,armhf] phy: amlogic: meson8b-usb2: Use dev_err_probe()
- w1: w1_therm: fixes w1_seq for ds28ea00 sensors
- NFSv4.2: fix reference count leaks in _nfs42_proc_copy_notify()
- NFSv4: Protect the state recovery thread against direct reclaim
- xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=32
- [armhf] clk: ti: Preserve node in ti_dt_clocks_register()
- clk: Enforce that disjoints limits are invalid
- SUNRPC/call_alloc: async tasks mustn't block waiting for memory
- SUNRPC/xprt: async tasks mustn't block waiting for memory
- SUNRPC: remove scheduling boost for "SWAPPER" tasks.
- NFS: swap IO handling is slightly different for O_DIRECT IO
- NFS: swap-out must always use STABLE writes.
- [armhf] serial: samsung_tty: do not unlock port->lock for
uart_write_wakeup()
- virtio_console: eliminate anonymous module_init & module_exit
- jfs: prevent NULL deref in diFree
- SUNRPC: Fix socket waits for write buffer space
- NFS: nfsiod should not block forever in mempool_alloc()
- NFS: Avoid writeback threads getting stuck in mempool_alloc()
- mm: fix race between MADV_FREE reclaim and blkdev direct IO read
- drm/amdgpu: fix off by one in amdgpu_gfx_kiq_acquire()
- [x86] Drivers: hv: vmbus: Fix potential crash on module unload
- Revert "NFSv4: Handle the special Linux file open access mode"
- NFSv4: fix open failure with O_ACCMODE flag
- ice: Clear default forwarding VSI during VSI release
- net: ipv4: fix route with nexthop object delete warning
- net: stmmac: Fix unset max_speed difference between DT and non-DT
platforms
- [armhf] drm/imx: imx-ldb: Check for null pointer after calling kmemdup
- [armhf] drm/imx: Fix memory leak in imx_pd_connector_get_modes
- sfc: Do not free an empty page_ring
- RDMA/mlx5: Don't remove cache MRs when a delay is needed
- [amd64] IB/rdmavt: add lock to call to rvt_error_qp to prevent a race
condition
- [arm64] dpaa2-ptp: Fix refcount leak in dpaa2_ptp_probe
- ice: Set txq_teid to ICE_INVAL_TEID on ring creation
- ice: Do not skip not enabled queues in ice_vc_dis_qs_msg
- ipv6: Fix stats accounting in ip6_pkt_drop
- ice: synchronize_rcu() when terminating rings
- net: openvswitch: don't send internal clone attribute to the userspace.
- net: openvswitch: fix leak of nested actions
- rxrpc: fix a race in rxrpc_exit_net()
- qede: confirm skb is allocated before using
- bpf: Support dual-stack sockets in bpf_tcp_check_syncookie
- drbd: Fix five use after free bugs in get_initial_state
- io_uring: don't touch scm_fp_list after queueing skb
- SUNRPC: Handle ENOMEM in call_transmit_status()
- SUNRPC: Handle low memory situations in call_status()
- SUNRPC: svc_tcp_sendmsg() should handle errors from xdr_alloc_bvec()
- [armhf] iommu/omap: Fix regression in probe for NULL pointer dereference
- [arm64] Add part number for Arm Cortex-A78AE
- [arm64] Revert "mmc: sdhci-xenon: fix annoying 1.8V regulator warning"
- [arm64,armhf] mmc: mmci: stm32: correctly check all elements of sg list
- lz4: fix LZ4_decompress_safe_partial read out of bound
- mmmremap.c: avoid pointless invalidate_range_start/end on
mremap(old_size=0)
- mm/mempolicy: fix mpol_new leak in shared_policy_replace
- io_uring: fix race between timeout flush and removal (CVE-2022-29582)
- [x86] pm: Save the MSR validity status at context setup
- [x86] speculation: Restore speculation related MSRs during S3 resume
- btrfs: fix qgroup reserve overflow the qgroup limit
- btrfs: prevent subvol with swapfile from being deleted
- [arm64] patch_text: Fixup last cpu should be master
- [amd64] RDMA/hfi1: Fix use-after-free bug for mm struct
- gpio: Restrict usage of GPIO chip irq members before initialization
- [arm64] perf: qcom_l2_pmu: fix an incorrect NULL check on list iterator
- [arm64,armhf] irqchip/gic-v3: Fix GICR_CTLR.RWP polling
- drm/nouveau/pmu: Add missing callbacks for Tegra devices
- mm: don't skip swap entry even if zap_details specified
- cgroup: Use open-time credentials for process migraton perm checks
(CVE-2021-4197)
- [x86] Drivers: hv: vmbus: Replace smp_store_mb() with virt_store_mb()
- [arm64,armhf] irqchip/gic, gic-v3: Prevent GSI to SGI translations
- [powerpc*] Fix virt_addr_valid() for 64-bit Book3E & 32-bit
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.112
- [amd64] drm/amdkfd: Use drm_priv to pass VM from KFD to amdgpu
- hamradio: defer 6pack kfree after unregister_netdev (CVE-2022-1195)
- hamradio: remove needs_free_netdev to avoid UAF (CVE-2022-1195)
- [arm64] cpuidle: PSCI: Move the `has_lpi` check to the beginning of the
function
- ACPI: processor idle: Check for architectural support for LPI
- btrfs: remove unused variable in btrfs_{start,write}_dirty_block_groups()
- [arm64] drm/msm: Add missing put_task_struct() in debugfs path
- SUNRPC: Fix the svc_deferred_event trace class
- net/sched: flower: fix parsing of ethertype following VLAN header
- veth: Ensure eth header is in skb's linear part
- gpiolib: acpi: use correct format characters
- net: mdio: Alphabetically sort header inclusion
- net/sched: fix initialization order when updating chain 0 head
- [arm64] net: dsa: felix: suppress -EPROBE_DEFER errors
- [armhf] net: ethernet: stmmac: fix altr_tse_pcs function when using a
fixed-link
- net/sched: taprio: Check if socket flags are valid
- cfg80211: hold bss_lock while updating nontrans_list
- [arm64] drm/msm: Fix range size vs end confusion
- [arm64] drm/msm/dsi: Use connector directly in
msm_dsi_manager_connector_init()
- net/smc: Fix NULL pointer dereference in smc_pnet_find_ib()
- scsi: pm80xx: Mask and unmask upper interrupt vectors 32-63
- scsi: pm80xx: Enable upper inbound, outbound queues
- scsi: iscsi: Stop queueing during ep_disconnect
- scsi: iscsi: Force immediate failure during shutdown
- scsi: iscsi: Use system_unbound_wq for destroy_work
- scsi: iscsi: Rel ref after iscsi_lookup_endpoint()
- scsi: iscsi: Fix in-kernel conn failure handling
- scsi: iscsi: Move iscsi_ep_disconnect()
- scsi: iscsi: Fix offload conn cleanup when iscsid restarts
- scsi: iscsi: Fix conn cleanup and stop race during iscsid restart
- sctp: Initialize daddr on peeled off socket
- cifs: potential buffer overflow in handling symlinks
- [arm64] net: bcmgenet: Revert "Use stronger register read/writes to assure
ordering"
- drm/amd: Add USBC connector ID
- btrfs: fix fallocate to use file_modified to update permissions
consistently
- btrfs: do not warn for free space inode in cow_file_range
- drm/amd/display: fix audio format not updated after edid updated
- drm/amd/display: FEC check in timing validation
- drm/amd/display: Update VTEM Infopacket definition
- drm/amdkfd: Fix Incorrect VMIDs passed to HWS
- drm/amdgpu/vcn: improve vcn dpg stop procedure
- [x86] Drivers: hv: vmbus: Prevent load re-ordering when reading ring
buffer
- scsi: target: tcmu: Fix possible page UAF
- scsi: lpfc: Fix queue failures when recovering from PCI parity error
- [powerpc*] scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024
- ata: libata-core: Disable READ LOG DMA EXT for Samsung 840 EVOs
- [armhf] gpu: ipu-v3: Fix dev_dbg frequency output
- [arm64] alternatives: mark patch_alternative() as `noinstr`
- tlb: hugetlb: Add more sizes to tlb_remove_huge_tlb_entry
- net: usb: aqc111: Fix out-of-bounds accesses in RX fixup
- myri10ge: fix an incorrect free for skb in myri10ge_sw_tso
- drm/amd/display: Revert FEC check in validation
- drm/amd/display: Fix allocate_mst_payload assert on resume
- scsi: mvsas: Add PCI ID of RocketRaid 2640
- scsi: megaraid_sas: Target with invalid LUN ID is deleted during scan
- drivers: net: slip: fix NPD bug in sl_tx_timeout()
- mm, page_alloc: fix build_zonerefs_node()
- mm: fix unexpected zeroed page mapping with zram swap
- [x86] KVM: x86/mmu: Resolve nx_huge_pages when kvm.ko is loaded
- ath9k: Properly clear TX status area before reporting to mac80211
- ath9k: Fix usage of driver-private space in tx_info
- btrfs: fix root ref counts in error handling in btrfs_get_root_ref
- btrfs: mark resumed async balance as writing
- ALSA: hda/realtek: Add quirk for Clevo PD50PNT
- ALSA: hda/realtek: add quirk for Lenovo Thinkpad X12 speakers
- ALSA: pcm: Test for "silence" field in struct "pcm_format_data"
- nl80211: correctly check NL80211_ATTR_REG_ALPHA2 size
- ipv6: fix panic when forwarding a pkt with no in6 dev
- drm/amd/display: don't ignore alpha property on pre-multiplied mode
- drm/amdgpu: Enable gfxoff quirk on MacBook Pro
- genirq/affinity: Consider that CPUs on nodes can be unbalanced
- tick/nohz: Use WARN_ON_ONCE() to prevent console saturation
- dm integrity: fix memory corruption when tag_size is less than digest size
- smp: Fix offline cpu check in flush_smp_call_function_queue()
- timers: Fix warning condition in __run_timers()
- dma-direct: avoid redundant memory sync for swiotlb
- scsi: iscsi: Fix endpoint reuse regression
- scsi: iscsi: Fix unbound endpoint error handling
- ax25: add refcount in ax25_dev to avoid UAF bugs (CVE-2022-1204)
- ax25: fix reference count leaks of ax25_dev (CVE-2022-1204)
- ax25: fix UAF bugs of net_device caused by rebinding operation
(CVE-2022-1204)
- ax25: Fix refcount leaks caused by ax25_cb_del() (CVE-2022-1204)
- ax25: fix UAF bug in ax25_send_control()
- ax25: fix NPD bug in ax25_disconnect (CVE-2022-1199)
- ax25: Fix NULL pointer dereferences in ax25 timers (CVE-2022-1205)
- ax25: Fix UAF bugs in ax25 timers (CVE-2022-1205)
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.113
- tracing: Dump stacktrace trigger to the corresponding instance
- gfs2: assign rgrp glock before compute_bitstructs
- net/sched: cls_u32: fix netns refcount changes in u32_change()
- ALSA: usb-audio: Clear MIDI port active flag after draining
- ALSA: hda/realtek: Add quirk for Clevo NP70PNP
- dm: fix mempool NULL pointer race when completing IO
- [armhf] dmaengine: imx-sdma: Fix error checking in sdma_event_remap
- esp: limit skb_page_frag_refill use to a single page
- igc: Fix infinite loop in release_swfw_sync
- igc: Fix BUG: scheduling while atomic
- rxrpc: Restore removed timer deletion
- net/smc: Fix sock leak when release after smc_shutdown()
- net/packet: fix packet_sock xmit return value checking
- ip6_gre: Avoid updating tunnel->tun_hlen in __gre6_xmit()
- ip6_gre: Fix skb_under_panic in __gre6_xmit()
- net/sched: cls_u32: fix possible leak in u32_init_knode()
- l3mdev: l3mdev_master_upper_ifindex_by_index_rcu should be using
netdev_master_upper_dev_get_rcu
- ipv6: make ip6_rt_gc_expire an atomic_t
- netlink: reset network and mac headers in netlink_dump()
- net: stmmac: Use readl_poll_timeout_atomic() in atomic state
- [arm64] mm: Remove [PUD|PMD]_TABLE_BIT from [pud|pmd]_bad()
- [arm64] mm: fix p?d_leaf()
- [x86] platform/x86: samsung-laptop: Fix an unsigned comparison which can
never be negative
- ALSA: usb-audio: Fix undefined behavior due to shift overflowing the
constant
- vxlan: fix error return code in vxlan_fdb_append
- cifs: Check the IOCB_DIRECT flag, not O_DIRECT
- [amd64,arm64] net: atlantic: Avoid out-of-bounds indexing
- mt76: Fix undefined behavior due to shift overflowing the constant
- brcmfmac: sdio: Fix undefined behavior due to shift overflowing the
constant
- [arm64] drm/msm/mdp5: check the return of kzalloc()
- [arm64] net: macb: Restart tx only if queue pointer is lagging
- scsi: qedi: Fix failed disconnect handling
- stat: fix inconsistency between struct stat and struct compat_stat
- nvme: add a quirk to disable namespace identifiers
- nvme-pci: disable namespace identifiers for Qemu controllers
- mm, hugetlb: allow for "high" userspace addresses
- oom_kill.c: futex: delay the OOM reaper to allow time for proper futex
cleanup
- mm/mmu_notifier.c: fix race in mmu_interval_notifier_remove()
- ata: pata_marvell: Check the 'bmdma_addr' beforing reading
- [amd64,arm64] net: atlantic: invert deep par in pm functions, preventing
null derefs
- openvswitch: fix OOB access in reserve_sfa_size()
- gpio: Request interrupts after IRQ is initialized
- ASoC: soc-dapm: fix two incorrect uses of list iterator
- e1000e: Fix possible overflow in LTR decoding
- [arm*] arm_pmu: Validate single/group leader events
- sched/pelt: Fix attach_entity_load_avg() corner case
- [arm64,armhf] drm/panel/raspberrypi-touchscreen: Avoid NULL deref if not
initialised
- [arm64,armhf] drm/panel/raspberrypi-touchscreen: Initialise the bridge in
prepare
- [powerpc*] KVM: PPC: Fix TCE handling for VFIO
- [arm*] drm/vc4: Use pm_runtime_resume_and_get to fix pm_runtime_get_sync()
usage
- [powerpc*] perf: Fix power9 event alternatives
- ext4: fix fallocate to use file_modified to update permissions
consistently
- ext4: fix symlink file size not match to file content
- ext4: fix use-after-free in ext4_search_dir
- ext4: limit length to bitmap_maxbytes - blocksize in punch_hole
- ext4, doc: fix incorrect h_reserved size
- ext4: fix overhead calculation to account for the reserved gdt blocks
- ext4: force overhead calculation if the s_overhead_cluster makes no sense
- can: isotp: stop timeout monitoring when no first frame was sent
- jbd2: fix a potential race while discarding reserved buffers after an
abort
- block/compat_ioctl: fix range check in BLKGETSIZE
.
[ Salvatore Bonaccorso ]
* Bump ABI to 14
* [rt] Drop "tcp: Remove superfluous BH-disable around"
* [rt] Update "tracing: Merge irqflags + preempt counter." for upstream
changes in 5.10.113
* [x86] pci/xen: Disable PCI/MSI[-X] masking for XEN_HVM guests
(Closes: #1006346)
* floppy: disable FDRAWCMD by default
.
linux (5.10.106-1) bullseye; urgency=medium
.
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.104
- mac80211_hwsim: report NOACK frames in tx_status
- mac80211_hwsim: initialize ieee80211_tx_info at hw_scan_work
- [arm*] i2c: bcm2835: Avoid clock stretching timeouts
- ASoC: rt5682: do not block workqueue if card is unbound
- regulator: core: fix false positive in regulator_late_cleanup()
- Input: clear BTN_RIGHT/MIDDLE on buttonpads
- [arm64] KVM: arm64: vgic: Read HW interrupt pending state from the HW
- tipc: fix a bit overflow in tipc_crypto_key_rcv()
- cifs: fix double free race when mount fails in cifs_get_root()
- net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990
- usb: gadget: don't release an existing dev->buf (CVE-2022-24958)
- usb: gadget: clear related members when goto fail (CVE-2022-24958)
- exfat: reuse exfat_inode_info variable instead of calling EXFAT_I()
- exfat: fix i_blocks for files truncated over 4 GiB
- tracing: Add test for user space strings when filtering on string pointers
- [armhf] serial: stm32: prevent TDR register overwrite when sending x_char
- ata: pata_hpt37x: fix PCI clock detection
- drm/amdgpu: check vm ready by amdgpu_vm->evicting flag
- tracing: Add ustring operation to filtering string pointers
- [x86] ALSA: intel_hdmi: Fix reference to PCM buffer address
- ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min
- [amd64] iommu/amd: Recover from event log overflow
- [x86] drm/i915: s/JSP2/ICP2/ PCH
- xen/netfront: destroy queues before real_num_tx_queues is zeroed
- mm: Consider __GFP_NOWARN flag for oversized kvmalloc() calls
- xfrm: fix MTU regression
- netfilter: fix use-after-free in __nf_register_net_hook()
- bpf, sockmap: Do not ignore orig_len parameter
- xfrm: fix the if_id check in changelink
- xfrm: enforce validity of offload input flags
- e1000e: Correct NVM checksum verification flow
- net: fix up skbs delta_truesize in UDP GRO frag_list
- netfilter: nf_queue: don't assume sk is full socket
- netfilter: nf_queue: fix possible use-after-free
- netfilter: nf_queue: handle socket prefetch
- batman-adv: Request iflink once in batadv-on-batadv check
- batman-adv: Request iflink once in batadv_get_real_netdevice
- batman-adv: Don't expect inter-netns unique iflink indices
- net: ipv6: ensure we call ipv6_mc_down() at most once
- net: dcb: flush lingering app table entries for unregistered devices
- net/smc: fix connection leak
- net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error generated by client
- net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error cause by server
- rcu/nocb: Fix missed nocb_timer requeue
- ice: Fix race conditions between virtchnl handling and VF ndo ops
- ice: fix concurrent reset and removal of VFs
- sched/topology: Make sched_init_numa() use a set for the deduplicating
sort
- sched/topology: Fix sched_domain_topology_level alloc in sched_init_numa()
- mac80211: fix forwarded mesh frames AC & queue selection
- net: stmmac: fix return value of __setup handler
- mac80211: treat some SAE auth steps as final
- iavf: Fix missing check for running netdev
- net: arcnet: com20020: Fix null-ptr-deref in com20020pci_probe()
- ixgbe: xsk: change !netif_carrier_ok() handling in ixgbe_xmit_zc()
- efivars: Respect "block" flag in efivar_entry_set_safe()
- can: gs_usb: change active_channels's type from atomic_t to u8
- igc: igc_read_phy_reg_gpy: drop premature return
- [armel,armhf] 9182/1: mmu: fix returns from early_param() and __setup()
functions
- [arm64,armhf] pinctrl: sunxi: Use unique lockdep classes for IRQs
- igc: igc_write_phy_reg_gpy: drop premature return
- memfd: fix F_SEAL_WRITE after shmem huge page allocated
- [armhf] dts: switch timer config to common devkit8000 devicetree
- [armhf] dts: Use 32KiHz oscillator on devkit8000
- [arm64] soc: fsl: guts: Revert commit 3c0d64e867ed
- [arm64] soc: fsl: guts: Add a missing memory allocation failure check
- [armhf] tegra: Move panels to AUX bus
- net: chelsio: cxgb3: check the return value of pci_find_capability()
- iavf: Refactor iavf state machine tracking
- nl80211: Handle nla_memdup failures in handle_nan_filter
- drm/amdgpu: fix suspend/resume hang regression
- net: dcb: disable softirqs in dcbnl_flush_dev()
- Input: elan_i2c - move regulator_[en|dis]able() out of
elan_[en|dis]able_power()
- Input: elan_i2c - fix regulator enable count imbalance after
suspend/resume
- HID: add mapping for KEY_DICTATE
- HID: add mapping for KEY_ALL_APPLICATIONS
- tracing/histogram: Fix sorting on old "cpu" value
- tracing: Fix return value of __setup handlers
- btrfs: fix lost prealloc extents beyond eof after full fsync
- btrfs: qgroup: fix deadlock between rescan worker and remove qgroup
- btrfs: add missing run of delayed items after unlink during log replay
- Revert "xfrm: xfrm_state_mtu should return at least 1280 for ipv6"
- hamradio: fix macro redefine warning
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.105
- [x86] bugs: Unconditionally allow spectre_v2=retpoline,amd
- [armhf] report Spectre v2 status through sysfs
- [armel,armhf] early traps initialisation
- [armel,armhf] use LOADADDR() to get load address of sections
- [armel,armhf] Spectre-BHB workaround
- [armel,armhf] include unprivileged BPF status in Spectre V2 reporting
- [arm64] cputype: Add CPU implementor & types for the Apple M1 cores
- [arm64] Add Neoverse-N2, Cortex-A710 CPU part definition
- [arm64] Add Cortex-X2 CPU part definition
- [arm64] Add Cortex-A510 CPU part definition
- [arm64] Add HWCAP for self-synchronising virtual counter
- [arm64] add ID_AA64ISAR2_EL1 sys register
- [arm64] cpufeature: add HWCAP for FEAT_AFP
- [arm64] cpufeature: add HWCAP for FEAT_RPRES
- [arm64] entry.S: Add ventry overflow sanity checks
- [arm64] spectre: Rename spectre_v4_patch_fw_mitigation_conduit
- [arm64] entry: Make the trampoline cleanup optional
- [arm64] entry: Free up another register on kpti's tramp_exit path
- [arm64] entry: Move the trampoline data page before the text page
- [arm64] entry: Allow tramp_alias to access symbols after the 4K boundary
- [arm64] entry: Don't assume tramp_vectors is the start of the vectors
- [arm64] entry: Move trampoline macros out of ifdef'd section
- [arm64] entry: Make the kpti trampoline's kpti sequence optional
- [arm64] entry: Allow the trampoline text to occupy multiple pages
- [arm64] entry: Add non-kpti __bp_harden_el1_vectors for mitigations
- [arm64] entry: Add vectors that have the bhb mitigation sequences
- [arm64] entry: Add macro for reading symbol addresses from the trampoline
- [arm64] Add percpu vectors for EL1
- [arm64] proton-pack: Report Spectre-BHB vulnerabilities as part of
Spectre-v2
- [arm64] KVM: arm64: Allow indirect vectors to be used without SPECTRE_V3A
- [arm64] Mitigate spectre style branch history side channels
- [arm64] KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered and
migrated
- [arm64] Use the clearbhb instruction in mitigations
- [arm64] proton-pack: Include unprivileged eBPF status in Spectre v2
mitigation reporting
- [armel,armhf] fix co-processor register typo
- [armel,armhf] Do not use NOCROSSREFS directive with ld.lld
- [armhf] fix build warning in proc-v7-bugs.c
- xen/xenbus: don't let xenbus_grant_ring() remove grants in error case
(CVE-2022-23040, XSA-396)
- xen/grant-table: add gnttab_try_end_foreign_access() (CVE-2022-23036,
CVE-2022-23038, XSA-396)
- xen/blkfront: don't use gnttab_query_foreign_access() for mapped status
(CVE-2022-23036, XSA-396)
- xen/netfront: don't use gnttab_query_foreign_access() for mapped status
(CVE-2022-23037, XSA-396)
- xen/scsifront: don't use gnttab_query_foreign_access() for mapped status
(CVE-2022-23038, XSA-396)
- xen/gntalloc: don't use gnttab_query_foreign_access() (CVE-2022-23039,
XSA-396)
- xen: remove gnttab_query_foreign_access()
- xen/9p: use alloc/free_pages_exact() (CVE-2022-23041, XSA-396)
- xen/pvcalls: use alloc/free_pages_exact() (CVE-2022-23041, XSA-396)
- xen/gnttab: fix gnttab_end_foreign_access() without page specified
(CVE-2022-23041, XSA-396)
- xen/netfront: react properly to failing gnttab_end_foreign_access_ref()
(CVE-2022-23042, XSA-396)
- Revert "ACPI: PM: s2idle: Cancel wakeup before dispatching EC GPE"
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.106
- [arm64] clk: qcom: gdsc: Add support to update GDSC transition delay
- [arm64] dts: armada-3720-turris-mox: Add missing ethernet0 alias
- tipc: fix kernel panic when enabling bearer
- mISDN: Remove obsolete PIPELINE_DEBUG debugging information
- mISDN: Fix memory leak in dsp_pipeline_build()
- virtio-blk: Don't use MAX_DISCARD_SEGMENTS if max_discard_seg is zero
- isdn: hfcpci: check the return value of dma_set_mask() in setup_hw()
- net: qlogic: check the return value of dma_alloc_coherent() in
qed_vf_hw_prepare()
- esp: Fix BEET mode inter address family tunneling on GSO
- qed: return status of qed_iov_get_link
- i40e: stop disabling VFs due to PF error responses
- ice: stop disabling VFs due to PF error responses
- ice: Align macro names to the specification
- ice: Remove unnecessary checker loop
- ice: Rename a couple of variables
- ice: Fix curr_link_speed advertised speed
- tipc: fix incorrect order of state message data sanity check
- [armhf] net: ethernet: ti: cpts: Handle error for clk_enable
- ax25: Fix NULL pointer dereference in ax25_kill_by_device
- net/mlx5: Fix size field in bufferx_reg struct
- net/mlx5: Fix a race on command flush flow
- net/mlx5e: Lag, Only handle events from highest priority multipath entry
- NFC: port100: fix use-after-free in port100_send_complete
- net: phy: DP83822: clear MISR2 register to disable interrupts
- sctp: fix kernel-infoleak for SCTP sockets
- [arm64] net: bcmgenet: Don't claim WOL when its not available
- [arm64,armhf] spi: rockchip: Fix error in getting num-cs property
- [arm64,armhf] spi: rockchip: terminate dma transmission when slave abort
- net-sysfs: add check for netdevice being present to speed_show
- [armhf] hwmon: (pmbus) Clear pmbus fault/warning bits after read
- gpio: Return EPROBE_DEFER if gc->to_irq is NULL
- Revert "xen-netback: remove 'hotplug-status' once it has served its
purpose"
- Revert "xen-netback: Check for hotplug-status existence before watching"
- ipv6: prevent a possible race condition with lifetimes
- tracing: Ensure trace buffer is at least 4096 bytes large
- fuse: fix pipe buffer lifetime for direct_io
- staging: rtl8723bs: Fix access-point mode deadlock
- [arm64] net: macb: Fix lost RX packet wakeup race in NAPI receive
- [arm64] mmc: meson: Fix usage of meson_mmc_post_req()
- [arm64] dts: marvell: armada-37xx: Remap IO space to bus address 0x0
- virtio: unexport virtio_finalize_features
- virtio: acknowledge all features before access
- watch_queue, pipe: Free watchqueue state after clearing pipe ring
(CVE-2022-0995)
- watch_queue: Fix to release page in ->release() (CVE-2022-0995)
- watch_queue: Fix to always request a pow-of-2 pipe ring size
(CVE-2022-0995)
- watch_queue: Fix the alloc bitmap size to reflect notes allocated
(CVE-2022-0995)
- watch_queue: Free the alloc bitmap when the watch_queue is torn down
(CVE-2022-0995)
- watch_queue: Fix lack of barrier/sync/lock between post and read
(CVE-2022-0995)
- watch_queue: Make comment about setting ->defunct more accurate
(CVE-2022-0995)
- [x86] boot: Fix memremap of setup_indirect structures
- [x86] boot: Add setup_indirect support in early_memremap_is_setup_data()
- [x86] traps: Mark do_int3() NOKPROBE_SYMBOL
- ext4: add check to prevent attempting to resize an fs with sparse_super2
- [armel,armhf] fix Thumb2 regression with Spectre BHB
- watch_queue: Fix filter limit check ((CVE-2022-0995)
.
[ Salvatore Bonaccorso ]
* Bump ABI to 13
* [rt] Update to 5.10.104-rt63
* [rt] Update to 5.10.106-rt64
* sctp: fix the processing for INIT chunk (CVE-2021-3772)
* tcp: make tcp_read_sock() more robust
* io_uring: return back safer resurrect
* [arm64] kvm: Fix copy-and-paste error in bhb templates for v5.10 stable
Checksums-Sha1:
d230e489d2a5e0e64648faacdf8bd25c02f13398 210309 linux_5.10.120-1~bpo10+1.dsc
6343dc2477db5e1f24851259b8b5abdd68366753 1508012 linux_5.10.120-1~bpo10+1.debian.tar.xz
8f6571ef2bc1e1fade31393ede05824a6483a09f 54771 linux_5.10.120-1~bpo10+1_source.buildinfo
Checksums-Sha256:
4d2fb2bb0dbf7225e9efda1a1ef11fa86e1a1cc11dc8ba7ba3a31e80a96c63f2 210309 linux_5.10.120-1~bpo10+1.dsc
47b7750c64c215a8dd7c4f3ba430a6d1c532a9131f65bc7bbce63d5acafceb62 1508012 linux_5.10.120-1~bpo10+1.debian.tar.xz
805e93cc023e94faacfbf2a098dcdfb7a632d1b68dc9fb7d1c95178ba1b64e7b 54771 linux_5.10.120-1~bpo10+1_source.buildinfo
Files:
6b9a0705430e2cd450be51af485468f1 210309 kernel optional linux_5.10.120-1~bpo10+1.dsc
87dd4d0064c1ab5b7433b9fda7a260c0 1508012 kernel optional linux_5.10.120-1~bpo10+1.debian.tar.xz
26ce5000121028a550280ed5e95bdaf0 54771 kernel optional linux_5.10.120-1~bpo10+1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAmKocwAACgkQ57/I7JWG
EQk/Kw/+Pmdj1oeLN+TzKMf9OxF+nnQ095g5xXdagzxAOyXT/UaFWwFfabq6U9kF
cTCbp5/jHhsz8ezRI9KLV69shRt/VEnSdcltdvkSR6n3v3m8hZ6WcYBuvLxsc64J
neihFI1mJpInkxETlJqQ4Iwq2p1fWnc7Ti6hf4bmDKyra4lMQZsShffbpdnBksjE
SkWtvr8o8vtEU/OCQNuUtyzFrUM/zo0c5eBpKz8rp2XoYTv6S2FGfnbBHXjfRo+G
JJA5b0FrK62jd44k9iNC4uWMB/o4wHeBen1k6iNps6mRAsz5EIAUcvpeC9iazTMI
m7nToZR8UsQ0bCZj9U79Sj0xKnC6h4Ri+1SRSS3xnlKimBuM4qg73KNu9+5P9JMu
VROfK8W5PX7xjs9PaduApq7Z8ETfmFBi0vj6QP3O+iE5GUjhuNOBjcNI2Y9AUj2k
CPK7l+EQKIsJ/FosZHvTuvpO4505cCzSr1VKL2zUM2sukaArlBOzwCIdC8D/WQU5
Nz/2thIMU0jF+F0hIjmICba9z8sZqopdVgdE9sTzrzVIU+HZX9CUAV5LkwxrkrUp
USArtovkNcZpcseFNE8PwjsQAmnMxchJN527zriNOMrRbdP73CPuy4/wBKaLMgPW
Nb2BEbla8Jh4PQ3CO4xeZcICuBCltULDxODWN4BQNmvO8a/fzvY=
=tVev
-----END PGP SIGNATURE-----
Reply to: