Changelog
linux (5.10.46-4) unstable; urgency=medium
* bpf: Introduce BPF nospec instruction for mitigating Spectre v4
(CVE-2021-34556, CVE-2021-35477)
* bpf: Fix leakage due to insufficient speculative store bypass mitigation
(CVE-2021-34556, CVE-2021-35477)
* bpf: Remove superfluous aux sanitation on subprog rejection
* Ignore ABI changes for bpf_offload_dev_create and bpf_verifier_log_write
* bpf: Add kconfig knob for disabling unpriv bpf by default
* init: Enable BPF_UNPRIV_DEFAULT_OFF (Closes: #990411)
* linux-image: Add NEWS entry documenting that unprivileged calls to bpf() are
disabled by default in Debian.
* bpf: verifier: Allocate idmap scratch in verifier env
* bpf: Fix pointer arithmetic mask tightening under state pruning
-- Salvatore Bonaccorso <email address hidden> Tue, 03 Aug 2021 07:50:50 +0200