Change logs for linux source package in Xenial

  • linux (4.4.0-210.242) xenial; urgency=medium
    
      * xenial/linux: 4.4.0-210.242 -proposed tracker (LP: #1924644)
    
      * setting extended attribute may cause memory leak (LP: #1924611)
        - SAUCE: vfs_setxattr: free converted value if xattr_permission returns error
    
     -- Stefan Bader <email address hidden>  Fri, 16 Apr 2021 11:33:09 +0200
  • linux (4.4.0-209.241) xenial; urgency=medium
    
      * overlayfs calls vfs_setxattr without cap_convert_nscap
        - vfs: move cap_convert_nscap() call into vfs_setxattr()
    
      * CVE-2021-29154
        - SAUCE: bpf, x86: Validate computation of branch displacements for x86-64
    
     -- Thadeu Lima de Souza Cascardo <email address hidden>  Mon, 12 Apr 2021 19:27:28 -0300
  • linux (4.4.0-208.240) xenial; urgency=medium
    
      * xenial/linux: 4.4.0-208.240 -proposed tracker (LP: #1922069)
    
      * linux ADT test failure with linux/4.4.0-207.239 -
        ubuntu_qrt_kernel_security.test-kernel-security.py (LP: #1922200) //
        CVE-2018-5953 // CVE-2018-5995 // CVE-2018-7754
        - SAUCE: Revert "printk: hash addresses printed with %p"
    
      * lxd 2.0.11-0ubuntu1~16.04.4 ADT test failure with linux 4.4.0-207.239
        (LP: #1921969)
        - SAUCE: Fix fuse regression in 4.4.0-207.239
    
    linux (4.4.0-207.239) xenial; urgency=medium
    
      * xenial/linux: 4.4.0-207.239 -proposed tracker (LP: #1919558)
    
      * Xenial update: v4.4.262 upstream stable release (LP: #1920221)
        - uapi: nfnetlink_cthelper.h: fix userspace compilation error
        - ath9k: fix transmitting to stations in dynamic SMPS mode
        - net: Fix gro aggregation for udp encaps with zero csum
        - can: skb: can_skb_set_owner(): fix ref counting if socket was closed before
          setting skb ownership
        - can: flexcan: assert FRZ bit in flexcan_chip_freeze()
        - can: flexcan: enable RX FIFO after FRZ/HALT valid
        - netfilter: x_tables: gpf inside xt_find_revision()
        - cifs: return proper error code in statfs(2)
        - floppy: fix lock_fdc() signal handling
        - Revert "mm, slub: consider rest of partial list if acquire_slab() fails"
        - futex: Change locking rules
        - futex: Cure exit race
        - futex: fix dead code in attach_to_pi_owner()
        - net/mlx4_en: update moderation when config reset
        - net: lapbether: Remove netif_start_queue / netif_stop_queue
        - net: davicom: Fix regulator not turned off on failed probe
        - net: davicom: Fix regulator not turned off on driver removal
        - media: usbtv: Fix deadlock on suspend
        - mmc: mxs-mmc: Fix a resource leak in an error handling path in
          'mxs_mmc_probe()'
        - mmc: mediatek: fix race condition between msdc_request_timeout and irq
        - powerpc/perf: Record counter overflow always if SAMPLE_IP is unset
        - PCI: xgene-msi: Fix race in installing chained irq handler
        - s390/smp: __smp_rescan_cpus() - move cpumask away from stack
        - scsi: libiscsi: Fix iscsi_prep_scsi_cmd_pdu() error handling
        - ALSA: hda/hdmi: Cancel pending works before suspend
        - ALSA: hda: Avoid spurious unsol event handling during S3/S4
        - ALSA: usb-audio: Fix "cannot get freq eq" errors on Dell AE515 sound bar
        - s390/dasd: fix hanging DASD driver unbind
        - mmc: core: Fix partition switch time for eMMC
        - scripts/recordmcount.{c,pl}: support -ffunction-sections .text.* section
          names
        - Goodix Fingerprint device is not a modem
        - usb: gadget: f_uac2: always increase endpoint max_packet_size by one audio
          slot
        - usb: renesas_usbhs: Clear PIPECFG for re-enabling pipe with other EPNUM
        - xhci: Improve detection of device initiated wake signal.
        - USB: serial: io_edgeport: fix memory leak in edge_startup
        - USB: serial: ch341: add new Product ID
        - USB: serial: cp210x: add ID for Acuity Brands nLight Air Adapter
        - USB: serial: cp210x: add some more GE USB IDs
        - usbip: fix stub_dev to check for stream socket
        - usbip: fix vhci_hcd to check for stream socket
        - usbip: fix stub_dev usbip_sockfd_store() races leading to gpf
        - staging: rtl8192u: fix ->ssid overflow in r8192_wx_set_scan()
        - staging: rtl8188eu: prevent ->ssid overflow in rtw_wx_set_scan()
        - staging: rtl8712: unterminated string leads to read overflow
        - staging: rtl8188eu: fix potential memory corruption in
          rtw_check_beacon_data()
        - staging: rtl8712: Fix possible buffer overflow in r8712_sitesurvey_cmd
        - staging: rtl8192e: Fix possible buffer overflow in _rtl92e_wx_set_scan
        - staging: comedi: addi_apci_1032: Fix endian problem for COS sample
        - staging: comedi: addi_apci_1500: Fix endian problem for command sample
        - staging: comedi: adv_pci1710: Fix endian problem for AI command data
        - staging: comedi: das6402: Fix endian problem for AI command data
        - staging: comedi: das800: Fix endian problem for AI command data
        - staging: comedi: dmm32at: Fix endian problem for AI command data
        - staging: comedi: me4000: Fix endian problem for AI command data
        - staging: comedi: pcl711: Fix endian problem for AI command data
        - staging: comedi: pcl818: Fix endian problem for AI command data
        - NFSv4.2: fix return value of _nfs4_get_security_label()
        - block: rsxx: fix error return code of rsxx_pci_probe()
        - alpha: add $(src)/ rather than $(obj)/ to make source file path
        - alpha: merge build rules of division routines
        - alpha: make short build log available for division routines
        - alpha: Package string routines together
        - alpha: move exports to actual definitions
        - alpha: get rid of tail-zeroing in __copy_user()
        - alpha: switch __copy_user() and __do_clean_user() to normal calling
          conventions
        - powerpc/64s: Fix instruction encoding for lis in ppc_function_entry()
        - media: hdpvr: Fix an error handling path in hdpvr_probe()
        - KVM: arm64: Fix exclusive limit for IPA size
        - xen/events: reset affinity of 2-level event when tearing it down
        - xen/events: don't unmask an event channel when an eoi is pending
        - xen/events: avoid handling the same event on two cpus at the same time
        - Linux 4.4.262
    
      * Xenial update: v4.4.261 upstream stable release (LP: #1920218)
        - futex: fix irq self-deadlock and satisfy assertion
        - futex: fix spin_lock() / spin_unlock_irq() imbalance
        - ALSA: ctxfi: cthw20k2: fix mask on conf to allow 4 bits
        - rsxx: Return -EFAULT if copy_to_user() fails
        - dm table: fix iterate_devices based device capability checks
        - platform/x86: acer-wmi: Add new force_caps module parameter
        - PCI: Add function 1 DMA alias quirk for Marvell 9215 SATA controller
        - Linux 4.4.261
    
      * CVE-2019-19061
        - iio: imu: adis16400: fix memory leak
    
      * CVE-2018-5953 // CVE-2018-5995 // CVE-2018-7754
        - printk: hash addresses printed with %p
    
      * CVE-2017-5967
        - time: Remove CONFIG_TIMER_STATS
        - [Config] Dropped CONFIG_TIMER_STATS
    
      * CVE-2019-16232
        - libertas: fix a potential NULL pointer dereference
    
      * CVE-2015-1350
        - xfs: Propagate dentry down to inode_change_ok()
        - fuse: Propagate dentry down to inode_change_ok()
        - fs: Give dentry to inode_change_ok() instead of inode
        - fs: Avoid premature clearing of capabilities
    
      * CVE-2018-13095
        - xfs: More robust inode extent count validation
    
      * i40e PF reset due to incorrect MDD event (LP: #1772675)
        - i40e: change behavior on PF in response to MDD event
    
      * Xenial update: v4.4.260 upstream stable release (LP: #1918184)
        - futex: Ensure the correct return value from futex_lock_pi()
        - net: usb: qmi_wwan: support ZTE P685M modem
        - iwlwifi: pcie: fix to correct null check
        - mmc: sdhci-esdhc-imx: fix kernel panic when remove module
        - scripts: use pkg-config to locate libcrypto
        - scripts: set proper OpenSSL include dir also for sign-file
        - hugetlb: fix update_and_free_page contig page struct assumption
        - JFS: more checks for invalid superblock
        - xfs: Fix assert failure in xfs_setattr_size()
        - net: fix up truesize of cloned skb in skb_prepare_for_shift()
        - mm/hugetlb.c: fix unnecessary address expansion of pmd sharing
        - staging: fwserial: Fix error handling in fwserial_create
        - x86/reboot: Add Zotac ZBOX CI327 nano PCI reboot quirk
        - vt/consolemap: do font sum unsigned
        - wlcore: Fix command execute failure 19 for wl12xx
        - pktgen: fix misuse of BUG_ON() in pktgen_thread_worker()
        - ath10k: fix wmi mgmt tx queue full due to race condition
        - x86/build: Treat R_386_PLT32 relocation as R_386_PC32
        - Bluetooth: Fix null pointer dereference in amp_read_loc_assoc_final_data
        - staging: most: sound: add sanity check for function argument
        - media: uvcvideo: Allow entities with no pads
        - Xen/gnttab: handle p2m update errors on a per-slot basis
        - xen-netback: respect gnttab_map_refs()'s return value
        - zsmalloc: account the number of compacted pages correctly
        - swap: fix swapfile read/write offset
        - media: v4l: ioctl: Fix memory leak in video_usercopy
        - Linux 4.4.260
    
      * Xenial update: v4.4.259 upstream stable release (LP: #1918182)
        - HID: make arrays usage and value to be the same
        - usb: quirks: add quirk to start video capture on ELMO L-12F document camera
          reliable
        - xen-netback: delete NAPI instance when queue fails to initialize
        - ntfs: check for valid standard information attribute
        - igb: Remove incorrect "unexpected SYS WRAP" log message
        - scripts/recordmcount.pl: support big endian for ARCH sh
        - kdb: Make memory allocations more robust
        - MIPS: vmlinux.lds.S: add missing PAGE_ALIGNED_DATA() section
        - Bluetooth: Fix initializing response id after clearing struct
        - ARM: dts: exynos: correct PMIC interrupt trigger level on Spring
        - ARM: dts: exynos: correct PMIC interrupt trigger level on Arndale Octa
        - Bluetooth: drop HCI device reference before return
        - Bluetooth: Put HCI device if inquiry procedure interrupts
        - usb: dwc2: Abort transaction after errors with unknown reason
        - usb: dwc2: Make "trimming xfer length" a debug message
        - ARM: s3c: fix fiq for clang IAS
        - bnxt_en: reverse order of TX disable and carrier off
        - xen/netback: fix spurious event detection for common event case
        - b43: N-PHY: Fix the update of coef for the PHY revision >= 3case
        - fbdev: aty: SPARC64 requires FB_ATY_CT
        - drm/gma500: Fix error return code in psb_driver_load()
        - gma500: clean up error handling in init
        - MIPS: c-r4k: Fix section mismatch for loongson2_sc_init
        - MIPS: lantiq: Explicitly compare LTQ_EBU_PCC_ISTAT against 0
        - media: media/pci: Fix memleak in empress_init
        - media: tm6000: Fix memleak in tm6000_start_stream
        - ASoC: cs42l56: fix up error handling in probe
        - media: lmedm04: Fix misuse of comma
        - media: cx25821: Fix a bug when reallocating some dma memory
        - media: uvcvideo: Accept invalid bFormatIndex and bFrameIndex values
        - btrfs: clarify error returns values in __load_free_space_cache
        - fs/jfs: fix potential integer overflow on shift of a int
        - jffs2: fix use after free in jffs2_sum_write_data()
        - clk: meson: clk-pll: fix initializing the old rate (fallback) for a PLL
        - HID: core: detect and skip invalid inputs to snto32()
        - dmaengine: fsldma: Fix a resource leak in the remove function
        - dmaengine: fsldma: Fix a resource leak in an error handling path of the
          probe function
        - clocksource/drivers/mxs_timer: Add missing semicolon when DEBUG is defined
        - regulator: axp20x: Fix reference cout leak
        - isofs: release buffer head before return
        - IB/umad: Return EIO in case of when device disassociated
        - powerpc/47x: Disable 256k page size
        - mmc: usdhi6rol0: Fix a resource leak in the error handling path of the probe
        - ARM: 9046/1: decompressor: Do not clear SCTLR.nTLSMD for ARMv7+ cores
        - amba: Fix resource leak for drivers without .remove
        - tracepoint: Do not fail unregistering a probe due to memory failure
        - mfd: wm831x-auxadc: Prevent use after free in wm831x_auxadc_read_irq()
        - powerpc/pseries/dlpar: handle ibm, configure-connector delay status
        - perf intel-pt: Fix missing CYC processing in PSB
        - perf test: Fix unaligned access in sample parsing test
        - Input: elo - fix an error code in elo_connect()
        - sparc64: only select COMPAT_BINFMT_ELF if BINFMT_ELF is set
        - misc: eeprom_93xx46: Fix module alias to enable module autoprobe
        - misc: eeprom_93xx46: Add module alias to avoid breaking support for non
          device tree users
        - VMCI: Use set_page_dirty_lock() when unregistering guest memory
        - PCI: Align checking of syscall user config accessors
        - mm/memory.c: fix potential pte_unmap_unlock pte error
        - mm/hugetlb: fix potential double free in hugetlb_register_node() error path
        - i2c: brcmstb: Fix brcmstd_send_i2c_cmd condition
        - scsi: bnx2fc: Fix Kconfig warning & CNIC build errors
        - block: Move SECTOR_SIZE and SECTOR_SHIFT definitions into <linux/blkdev.h>
        - blk-settings: align max_sectors on "logical_block_size" boundary
        - Input: xpad - add support for PowerA Enhanced Wired Controller for Xbox
          Series X|S
        - Input: joydev - prevent potential read overflow in ioctl
        - Input: i8042 - add ASUS Zenbook Flip to noselftest list
        - USB: serial: option: update interface mapping for ZTE P685M
        - USB: serial: mos7840: fix error code in mos7840_write()
        - USB: serial: mos7720: fix error code in mos7720_write()
        - usb: dwc3: gadget: Fix setting of DEPCFG.bInterval_m1
        - usb: dwc3: gadget: Fix dep->interval for fullspeed interrupt
        - KEYS: trusted: Fix migratable=1 failing
        - btrfs: fix reloc root leak with 0 ref reloc roots on recovery
        - drivers/misc/vmw_vmci: restrict too big queue size in qp_host_alloc_queue
        - staging: rtl8188eu: Add Edimax EW-7811UN V2 to device table
        - x86/reboot: Force all cpus to exit VMX root if VMX is supported
        - floppy: reintroduce O_NDELAY fix
        - mm: hugetlb: fix a race between freeing and dissolving the page
        - usb: renesas_usbhs: Clear pipe running flag in usbhs_pkt_pop()
        - libnvdimm/dimm: Avoid race between probe and available_slots_show()
        - module: Ignore _GLOBAL_OFFSET_TABLE_ when warning for undefined symbols
        - gpio: pcf857x: Fix missing first interrupt
        - f2fs: fix out-of-repair __setattr_copy()
        - sparc32: fix a user-triggerable oops in clear_user()
        - gfs2: Don't skip dlm unlock if glock has an lvb
        - dm era: Recover committed writeset after crash
        - dm era: Verify the data block size hasn't changed
        - dm era: Fix bitset memory leaks
        - dm era: Use correct value size in equality function of writeset tree
        - dm era: Reinitialize bitset cache before digesting a new writeset
        - dm era: only resize metadata in preresume
        - futex: Fix OWNER_DEAD fixup
        - dm era: Update in-core bitset after committing the metadata
        - Linux 4.4.259
    
      * CVE-2019-16231
        - fjes: Handle workqueue allocation failure
    
      * Xenial update: v4.4.258 upstream stable release (LP: #1916661)
        - tracing: Do not count ftrace events in top level enable output
        - fgraph: Initialize tracing_graph_pause at task creation
        - af_key: relax availability checks for skb size calculation
        - iwlwifi: pcie: add a NULL check in iwl_pcie_txq_unmap
        - iwlwifi: mvm: guard against device removal in reprobe
        - SUNRPC: Move simple_get_bytes and simple_get_netobj into private header
        - SUNRPC: Handle 0 length opaque XDR object data properly
        - lib/string: Add strscpy_pad() function
        - include/trace/events/writeback.h: fix -Wstringop-truncation warnings
        - memcg: fix a crash in wb_workfn when a device disappears
        - squashfs: add more sanity checks in id lookup
        - squashfs: add more sanity checks in inode lookup
        - squashfs: add more sanity checks in xattr id lookup
        - memblock: do not start bottom-up allocations with kernel_end
        - netfilter: xt_recent: Fix attempt to update deleted entry
        - h8300: fix PREEMPTION build, TI_PRE_COUNT undefined
        - usb: dwc3: ulpi: fix checkpatch warning
        - usb: dwc3: ulpi: Replace CPU-based busyloop with Protocol-based one
        - net: watchdog: hold device global xmit lock during tx disable
        - vsock: fix locking in vsock_shutdown()
        - x86/build: Disable CET instrumentation in the kernel for 32-bit too
        - trace: Use -mcount-record for dynamic ftrace
        - tracing: Fix SKIP_STACK_VALIDATION=1 build due to bad merge with -mrecord-
          mcount
        - tracing: Avoid calling cc-option -mrecord-mcount for every Makefile
        - Xen/x86: don't bail early from clear_foreign_p2m_mapping()
        - Xen/x86: also check kernel mapping in set_foreign_p2m_mapping()
        - Xen/gntdev: correct dev_bus_addr handling in gntdev_map_grant_pages()
        - Xen/gntdev: correct error checking in gntdev_map_grant_pages()
        - xen/arm: don't ignore return errors from set_phys_to_machine
        - xen-blkback: don't "handle" error by BUG()
        - xen-netback: don't "handle" error by BUG()
        - xen-scsiback: don't "handle" error by BUG()
        - xen-blkback: fix error handling in xen_blkbk_map()
        - scsi: qla2xxx: Fix crash during driver load on big endian machines
        - kvm: check tlbs_dirty directly
        - Linux 4.4.258
    
      * Xenial update: v4.4.257 upstream stable release (LP: #1916660)
        - net_sched: reject silly cell_log in qdisc_get_rtab()
        - futex,rt_mutex: Provide futex specific rt_mutex API
        - futex: Remove rt_mutex_deadlock_account_*()
        - futex: Rework inconsistent rt_mutex/futex_q state
        - futex: Avoid violating the 10th rule of futex
        - futex: Replace pointless printk in fixup_owner()
        - futex: Provide and use pi_state_update_owner()
        - rtmutex: Remove unused argument from rt_mutex_proxy_unlock()
        - futex: Use pi_state_update_owner() in put_pi_state()
        - futex: Simplify fixup_pi_state_owner()
        - futex: Handle faults correctly for PI futexes
        - usb: udc: core: Use lock when write to soft_connect
        - scsi: libfc: Avoid invoking response handler twice if ep is already
          completed
        - scsi: ibmvfc: Set default timeout to avoid crash during migration
        - stable: clamp SUBLEVEL in 4.4 and 4.9
        - USB: serial: cp210x: add pid/vid for WSDA-200-USB
        - USB: serial: cp210x: add new VID/PID for supporting Teraoka AD2000
        - USB: serial: option: Adding support for Cinterion MV31
        - net: lapb: Copy the skb before sending a packet
        - [Config] updateconfigs for ELFCORE
        - ELF/MIPS build fix
        - elfcore: fix building with clang
        - USB: gadget: legacy: fix an error code in eth_bind()
        - USB: usblp: don't call usb_set_interface if there's a single alt
        - usb: dwc2: Fix endpoint direction check in ep_from_windex
        - mac80211: fix station rate table updates on assoc
        - kretprobe: Avoid re-registration of the same kretprobe earlier
        - cifs: report error instead of invalid when revalidating a dentry fails
        - mmc: core: Limit retries when analyse of SDIO tuples fails
        - ARM: footbridge: fix dc21285 PCI configuration accessors
        - mm: hugetlbfs: fix cannot migrate the fallocated HugeTLB page
        - mm: hugetlb: fix a race between isolating and freeing page
        - mm: hugetlb: remove VM_BUG_ON_PAGE from page_huge_active
        - x86/build: Disable CET instrumentation in the kernel
        - x86/apic: Add extra serialization for non-serializing MSRs
        - Input: xpad - sync supported devices with fork on GitHub
        - ACPI: thermal: Do not call acpi_thermal_check() directly
        - ALSA: hda/realtek - Fix typo of pincfg for Dell quirk
        - Linux 4.4.257
    
      * Xenial update: v4.4.256 upstream stable release (LP: #1916657)
        - Linux 4.4.256
    
      * Xenial update: v4.4.255 upstream stable release (LP: #1916656)
        - ACPI: sysfs: Prefer "compatible" modalias
        - wext: fix NULL-ptr-dereference with cfg80211's lack of commit()
        - net: usb: qmi_wwan: added support for Thales Cinterion PLSx3 modem family
        - KVM: x86/pmu: Fix HW_REF_CPU_CYCLES event pseudo-encoding in
          intel_arch_events[]
        - mt7601u: fix kernel crash unplugging the device
        - mt7601u: fix rx buffer refcounting
        - y2038: futex: Move compat implementation into futex.c
        - futex: Move futex exit handling into futex code
        - futex: Replace PF_EXITPIDONE with a state
        - exit/exec: Seperate mm_release()
        - futex: Split futex_mm_release() for exit/exec
        - futex: Set task::futex_state to DEAD right after handling futex exit
        - futex: Mark the begin of futex exit explicitly
        - futex: Sanitize exit state handling
        - futex: Provide state handling for exec() as well
        - futex: Add mutex around futex exit
        - futex: Provide distinct return value when owner is exiting
        - futex: Prevent exit livelock
        - ARM: imx: build suspend-imx6.S with arm instruction set
        - netfilter: nft_dynset: add timeout extension to template
        - xfrm: Fix oops in xfrm_replay_advance_bmp
        - RDMA/cxgb4: Fix the reported max_recv_sge value
        - mac80211: pause TX while changing interface type
        - can: dev: prevent potential information leak in can_fill_info()
        - iommu/vt-d: Gracefully handle DMAR units with no supported address widths
        - iommu/vt-d: Don't dereference iommu_device if IOMMU_API is not built
        - NFC: fix resource leak when target index is invalid
        - NFC: fix possible resource leak
        - Linux 4.4.255
    
     -- Kleber Sacilotto de Souza <email address hidden>  Thu, 01 Apr 2021 12:57:17 +0200
  • linux (4.4.0-207.239) xenial; urgency=medium
    
      * xenial/linux: 4.4.0-207.239 -proposed tracker (LP: #1919558)
    
      * Xenial update: v4.4.262 upstream stable release (LP: #1920221)
        - uapi: nfnetlink_cthelper.h: fix userspace compilation error
        - ath9k: fix transmitting to stations in dynamic SMPS mode
        - net: Fix gro aggregation for udp encaps with zero csum
        - can: skb: can_skb_set_owner(): fix ref counting if socket was closed before
          setting skb ownership
        - can: flexcan: assert FRZ bit in flexcan_chip_freeze()
        - can: flexcan: enable RX FIFO after FRZ/HALT valid
        - netfilter: x_tables: gpf inside xt_find_revision()
        - cifs: return proper error code in statfs(2)
        - floppy: fix lock_fdc() signal handling
        - Revert "mm, slub: consider rest of partial list if acquire_slab() fails"
        - futex: Change locking rules
        - futex: Cure exit race
        - futex: fix dead code in attach_to_pi_owner()
        - net/mlx4_en: update moderation when config reset
        - net: lapbether: Remove netif_start_queue / netif_stop_queue
        - net: davicom: Fix regulator not turned off on failed probe
        - net: davicom: Fix regulator not turned off on driver removal
        - media: usbtv: Fix deadlock on suspend
        - mmc: mxs-mmc: Fix a resource leak in an error handling path in
          'mxs_mmc_probe()'
        - mmc: mediatek: fix race condition between msdc_request_timeout and irq
        - powerpc/perf: Record counter overflow always if SAMPLE_IP is unset
        - PCI: xgene-msi: Fix race in installing chained irq handler
        - s390/smp: __smp_rescan_cpus() - move cpumask away from stack
        - scsi: libiscsi: Fix iscsi_prep_scsi_cmd_pdu() error handling
        - ALSA: hda/hdmi: Cancel pending works before suspend
        - ALSA: hda: Avoid spurious unsol event handling during S3/S4
        - ALSA: usb-audio: Fix "cannot get freq eq" errors on Dell AE515 sound bar
        - s390/dasd: fix hanging DASD driver unbind
        - mmc: core: Fix partition switch time for eMMC
        - scripts/recordmcount.{c,pl}: support -ffunction-sections .text.* section
          names
        - Goodix Fingerprint device is not a modem
        - usb: gadget: f_uac2: always increase endpoint max_packet_size by one audio
          slot
        - usb: renesas_usbhs: Clear PIPECFG for re-enabling pipe with other EPNUM
        - xhci: Improve detection of device initiated wake signal.
        - USB: serial: io_edgeport: fix memory leak in edge_startup
        - USB: serial: ch341: add new Product ID
        - USB: serial: cp210x: add ID for Acuity Brands nLight Air Adapter
        - USB: serial: cp210x: add some more GE USB IDs
        - usbip: fix stub_dev to check for stream socket
        - usbip: fix vhci_hcd to check for stream socket
        - usbip: fix stub_dev usbip_sockfd_store() races leading to gpf
        - staging: rtl8192u: fix ->ssid overflow in r8192_wx_set_scan()
        - staging: rtl8188eu: prevent ->ssid overflow in rtw_wx_set_scan()
        - staging: rtl8712: unterminated string leads to read overflow
        - staging: rtl8188eu: fix potential memory corruption in
          rtw_check_beacon_data()
        - staging: rtl8712: Fix possible buffer overflow in r8712_sitesurvey_cmd
        - staging: rtl8192e: Fix possible buffer overflow in _rtl92e_wx_set_scan
        - staging: comedi: addi_apci_1032: Fix endian problem for COS sample
        - staging: comedi: addi_apci_1500: Fix endian problem for command sample
        - staging: comedi: adv_pci1710: Fix endian problem for AI command data
        - staging: comedi: das6402: Fix endian problem for AI command data
        - staging: comedi: das800: Fix endian problem for AI command data
        - staging: comedi: dmm32at: Fix endian problem for AI command data
        - staging: comedi: me4000: Fix endian problem for AI command data
        - staging: comedi: pcl711: Fix endian problem for AI command data
        - staging: comedi: pcl818: Fix endian problem for AI command data
        - NFSv4.2: fix return value of _nfs4_get_security_label()
        - block: rsxx: fix error return code of rsxx_pci_probe()
        - alpha: add $(src)/ rather than $(obj)/ to make source file path
        - alpha: merge build rules of division routines
        - alpha: make short build log available for division routines
        - alpha: Package string routines together
        - alpha: move exports to actual definitions
        - alpha: get rid of tail-zeroing in __copy_user()
        - alpha: switch __copy_user() and __do_clean_user() to normal calling
          conventions
        - powerpc/64s: Fix instruction encoding for lis in ppc_function_entry()
        - media: hdpvr: Fix an error handling path in hdpvr_probe()
        - KVM: arm64: Fix exclusive limit for IPA size
        - xen/events: reset affinity of 2-level event when tearing it down
        - xen/events: don't unmask an event channel when an eoi is pending
        - xen/events: avoid handling the same event on two cpus at the same time
        - Linux 4.4.262
    
      * Xenial update: v4.4.261 upstream stable release (LP: #1920218)
        - futex: fix irq self-deadlock and satisfy assertion
        - futex: fix spin_lock() / spin_unlock_irq() imbalance
        - ALSA: ctxfi: cthw20k2: fix mask on conf to allow 4 bits
        - rsxx: Return -EFAULT if copy_to_user() fails
        - dm table: fix iterate_devices based device capability checks
        - platform/x86: acer-wmi: Add new force_caps module parameter
        - PCI: Add function 1 DMA alias quirk for Marvell 9215 SATA controller
        - Linux 4.4.261
    
      * CVE-2019-19061
        - iio: imu: adis16400: fix memory leak
    
      * CVE-2018-5953 // CVE-2018-5995 // CVE-2018-7754
        - printk: hash addresses printed with %p
    
      * CVE-2017-5967
        - time: Remove CONFIG_TIMER_STATS
        - [Config] Dropped CONFIG_TIMER_STATS
    
      * CVE-2019-16232
        - libertas: fix a potential NULL pointer dereference
    
      * CVE-2015-1350
        - xfs: Propagate dentry down to inode_change_ok()
        - fuse: Propagate dentry down to inode_change_ok()
        - fs: Give dentry to inode_change_ok() instead of inode
        - fs: Avoid premature clearing of capabilities
    
      * CVE-2018-13095
        - xfs: More robust inode extent count validation
    
      * i40e PF reset due to incorrect MDD event (LP: #1772675)
        - i40e: change behavior on PF in response to MDD event
    
      * Xenial update: v4.4.260 upstream stable release (LP: #1918184)
        - futex: Ensure the correct return value from futex_lock_pi()
        - net: usb: qmi_wwan: support ZTE P685M modem
        - iwlwifi: pcie: fix to correct null check
        - mmc: sdhci-esdhc-imx: fix kernel panic when remove module
        - scripts: use pkg-config to locate libcrypto
        - scripts: set proper OpenSSL include dir also for sign-file
        - hugetlb: fix update_and_free_page contig page struct assumption
        - JFS: more checks for invalid superblock
        - xfs: Fix assert failure in xfs_setattr_size()
        - net: fix up truesize of cloned skb in skb_prepare_for_shift()
        - mm/hugetlb.c: fix unnecessary address expansion of pmd sharing
        - staging: fwserial: Fix error handling in fwserial_create
        - x86/reboot: Add Zotac ZBOX CI327 nano PCI reboot quirk
        - vt/consolemap: do font sum unsigned
        - wlcore: Fix command execute failure 19 for wl12xx
        - pktgen: fix misuse of BUG_ON() in pktgen_thread_worker()
        - ath10k: fix wmi mgmt tx queue full due to race condition
        - x86/build: Treat R_386_PLT32 relocation as R_386_PC32
        - Bluetooth: Fix null pointer dereference in amp_read_loc_assoc_final_data
        - staging: most: sound: add sanity check for function argument
        - media: uvcvideo: Allow entities with no pads
        - Xen/gnttab: handle p2m update errors on a per-slot basis
        - xen-netback: respect gnttab_map_refs()'s return value
        - zsmalloc: account the number of compacted pages correctly
        - swap: fix swapfile read/write offset
        - media: v4l: ioctl: Fix memory leak in video_usercopy
        - Linux 4.4.260
    
      * Xenial update: v4.4.259 upstream stable release (LP: #1918182)
        - HID: make arrays usage and value to be the same
        - usb: quirks: add quirk to start video capture on ELMO L-12F document camera
          reliable
        - xen-netback: delete NAPI instance when queue fails to initialize
        - ntfs: check for valid standard information attribute
        - igb: Remove incorrect "unexpected SYS WRAP" log message
        - scripts/recordmcount.pl: support big endian for ARCH sh
        - kdb: Make memory allocations more robust
        - MIPS: vmlinux.lds.S: add missing PAGE_ALIGNED_DATA() section
        - Bluetooth: Fix initializing response id after clearing struct
        - ARM: dts: exynos: correct PMIC interrupt trigger level on Spring
        - ARM: dts: exynos: correct PMIC interrupt trigger level on Arndale Octa
        - Bluetooth: drop HCI device reference before return
        - Bluetooth: Put HCI device if inquiry procedure interrupts
        - usb: dwc2: Abort transaction after errors with unknown reason
        - usb: dwc2: Make "trimming xfer length" a debug message
        - ARM: s3c: fix fiq for clang IAS
        - bnxt_en: reverse order of TX disable and carrier off
        - xen/netback: fix spurious event detection for common event case
        - b43: N-PHY: Fix the update of coef for the PHY revision >= 3case
        - fbdev: aty: SPARC64 requires FB_ATY_CT
        - drm/gma500: Fix error return code in psb_driver_load()
        - gma500: clean up error handling in init
        - MIPS: c-r4k: Fix section mismatch for loongson2_sc_init
        - MIPS: lantiq: Explicitly compare LTQ_EBU_PCC_ISTAT against 0
        - media: media/pci: Fix memleak in empress_init
        - media: tm6000: Fix memleak in tm6000_start_stream
        - ASoC: cs42l56: fix up error handling in probe
        - media: lmedm04: Fix misuse of comma
        - media: cx25821: Fix a bug when reallocating some dma memory
        - media: uvcvideo: Accept invalid bFormatIndex and bFrameIndex values
        - btrfs: clarify error returns values in __load_free_space_cache
        - fs/jfs: fix potential integer overflow on shift of a int
        - jffs2: fix use after free in jffs2_sum_write_data()
        - clk: meson: clk-pll: fix initializing the old rate (fallback) for a PLL
        - HID: core: detect and skip invalid inputs to snto32()
        - dmaengine: fsldma: Fix a resource leak in the remove function
        - dmaengine: fsldma: Fix a resource leak in an error handling path of the
          probe function
        - clocksource/drivers/mxs_timer: Add missing semicolon when DEBUG is defined
        - regulator: axp20x: Fix reference cout leak
        - isofs: release buffer head before return
        - IB/umad: Return EIO in case of when device disassociated
        - powerpc/47x: Disable 256k page size
        - mmc: usdhi6rol0: Fix a resource leak in the error handling path of the probe
        - ARM: 9046/1: decompressor: Do not clear SCTLR.nTLSMD for ARMv7+ cores
        - amba: Fix resource leak for drivers without .remove
        - tracepoint: Do not fail unregistering a probe due to memory failure
        - mfd: wm831x-auxadc: Prevent use after free in wm831x_auxadc_read_irq()
        - powerpc/pseries/dlpar: handle ibm, configure-connector delay status
        - perf intel-pt: Fix missing CYC processing in PSB
        - perf test: Fix unaligned access in sample parsing test
        - Input: elo - fix an error code in elo_connect()
        - sparc64: only select COMPAT_BINFMT_ELF if BINFMT_ELF is set
        - misc: eeprom_93xx46: Fix module alias to enable module autoprobe
        - misc: eeprom_93xx46: Add module alias to avoid breaking support for non
          device tree users
        - VMCI: Use set_page_dirty_lock() when unregistering guest memory
        - PCI: Align checking of syscall user config accessors
        - mm/memory.c: fix potential pte_unmap_unlock pte error
        - mm/hugetlb: fix potential double free in hugetlb_register_node() error path
        - i2c: brcmstb: Fix brcmstd_send_i2c_cmd condition
        - scsi: bnx2fc: Fix Kconfig warning & CNIC build errors
        - block: Move SECTOR_SIZE and SECTOR_SHIFT definitions into <linux/blkdev.h>
        - blk-settings: align max_sectors on "logical_block_size" boundary
        - Input: xpad - add support for PowerA Enhanced Wired Controller for Xbox
          Series X|S
        - Input: joydev - prevent potential read overflow in ioctl
        - Input: i8042 - add ASUS Zenbook Flip to noselftest list
        - USB: serial: option: update interface mapping for ZTE P685M
        - USB: serial: mos7840: fix error code in mos7840_write()
        - USB: serial: mos7720: fix error code in mos7720_write()
        - usb: dwc3: gadget: Fix setting of DEPCFG.bInterval_m1
        - usb: dwc3: gadget: Fix dep->interval for fullspeed interrupt
        - KEYS: trusted: Fix migratable=1 failing
        - btrfs: fix reloc root leak with 0 ref reloc roots on recovery
        - drivers/misc/vmw_vmci: restrict too big queue size in qp_host_alloc_queue
        - staging: rtl8188eu: Add Edimax EW-7811UN V2 to device table
        - x86/reboot: Force all cpus to exit VMX root if VMX is supported
        - floppy: reintroduce O_NDELAY fix
        - mm: hugetlb: fix a race between freeing and dissolving the page
        - usb: renesas_usbhs: Clear pipe running flag in usbhs_pkt_pop()
        - libnvdimm/dimm: Avoid race between probe and available_slots_show()
        - module: Ignore _GLOBAL_OFFSET_TABLE_ when warning for undefined symbols
        - gpio: pcf857x: Fix missing first interrupt
        - f2fs: fix out-of-repair __setattr_copy()
        - sparc32: fix a user-triggerable oops in clear_user()
        - gfs2: Don't skip dlm unlock if glock has an lvb
        - dm era: Recover committed writeset after crash
        - dm era: Verify the data block size hasn't changed
        - dm era: Fix bitset memory leaks
        - dm era: Use correct value size in equality function of writeset tree
        - dm era: Reinitialize bitset cache before digesting a new writeset
        - dm era: only resize metadata in preresume
        - futex: Fix OWNER_DEAD fixup
        - dm era: Update in-core bitset after committing the metadata
        - Linux 4.4.259
    
      * CVE-2019-16231
        - fjes: Handle workqueue allocation failure
    
      * Xenial update: v4.4.258 upstream stable release (LP: #1916661)
        - tracing: Do not count ftrace events in top level enable output
        - fgraph: Initialize tracing_graph_pause at task creation
        - af_key: relax availability checks for skb size calculation
        - iwlwifi: pcie: add a NULL check in iwl_pcie_txq_unmap
        - iwlwifi: mvm: guard against device removal in reprobe
        - SUNRPC: Move simple_get_bytes and simple_get_netobj into private header
        - SUNRPC: Handle 0 length opaque XDR object data properly
        - lib/string: Add strscpy_pad() function
        - include/trace/events/writeback.h: fix -Wstringop-truncation warnings
        - memcg: fix a crash in wb_workfn when a device disappears
        - squashfs: add more sanity checks in id lookup
        - squashfs: add more sanity checks in inode lookup
        - squashfs: add more sanity checks in xattr id lookup
        - memblock: do not start bottom-up allocations with kernel_end
        - netfilter: xt_recent: Fix attempt to update deleted entry
        - h8300: fix PREEMPTION build, TI_PRE_COUNT undefined
        - usb: dwc3: ulpi: fix checkpatch warning
        - usb: dwc3: ulpi: Replace CPU-based busyloop with Protocol-based one
        - net: watchdog: hold device global xmit lock during tx disable
        - vsock: fix locking in vsock_shutdown()
        - x86/build: Disable CET instrumentation in the kernel for 32-bit too
        - trace: Use -mcount-record for dynamic ftrace
        - tracing: Fix SKIP_STACK_VALIDATION=1 build due to bad merge with -mrecord-
          mcount
        - tracing: Avoid calling cc-option -mrecord-mcount for every Makefile
        - Xen/x86: don't bail early from clear_foreign_p2m_mapping()
        - Xen/x86: also check kernel mapping in set_foreign_p2m_mapping()
        - Xen/gntdev: correct dev_bus_addr handling in gntdev_map_grant_pages()
        - Xen/gntdev: correct error checking in gntdev_map_grant_pages()
        - xen/arm: don't ignore return errors from set_phys_to_machine
        - xen-blkback: don't "handle" error by BUG()
        - xen-netback: don't "handle" error by BUG()
        - xen-scsiback: don't "handle" error by BUG()
        - xen-blkback: fix error handling in xen_blkbk_map()
        - scsi: qla2xxx: Fix crash during driver load on big endian machines
        - kvm: check tlbs_dirty directly
        - Linux 4.4.258
    
      * Xenial update: v4.4.257 upstream stable release (LP: #1916660)
        - net_sched: reject silly cell_log in qdisc_get_rtab()
        - futex,rt_mutex: Provide futex specific rt_mutex API
        - futex: Remove rt_mutex_deadlock_account_*()
        - futex: Rework inconsistent rt_mutex/futex_q state
        - futex: Avoid violating the 10th rule of futex
        - futex: Replace pointless printk in fixup_owner()
        - futex: Provide and use pi_state_update_owner()
        - rtmutex: Remove unused argument from rt_mutex_proxy_unlock()
        - futex: Use pi_state_update_owner() in put_pi_state()
        - futex: Simplify fixup_pi_state_owner()
        - futex: Handle faults correctly for PI futexes
        - usb: udc: core: Use lock when write to soft_connect
        - scsi: libfc: Avoid invoking response handler twice if ep is already
          completed
        - scsi: ibmvfc: Set default timeout to avoid crash during migration
        - stable: clamp SUBLEVEL in 4.4 and 4.9
        - USB: serial: cp210x: add pid/vid for WSDA-200-USB
        - USB: serial: cp210x: add new VID/PID for supporting Teraoka AD2000
        - USB: serial: option: Adding support for Cinterion MV31
        - net: lapb: Copy the skb before sending a packet
        - [Config] updateconfigs for ELFCORE
        - ELF/MIPS build fix
        - elfcore: fix building with clang
        - USB: gadget: legacy: fix an error code in eth_bind()
        - USB: usblp: don't call usb_set_interface if there's a single alt
        - usb: dwc2: Fix endpoint direction check in ep_from_windex
        - mac80211: fix station rate table updates on assoc
        - kretprobe: Avoid re-registration of the same kretprobe earlier
        - cifs: report error instead of invalid when revalidating a dentry fails
        - mmc: core: Limit retries when analyse of SDIO tuples fails
        - ARM: footbridge: fix dc21285 PCI configuration accessors
        - mm: hugetlbfs: fix cannot migrate the fallocated HugeTLB page
        - mm: hugetlb: fix a race between isolating and freeing page
        - mm: hugetlb: remove VM_BUG_ON_PAGE from page_huge_active
        - x86/build: Disable CET instrumentation in the kernel
        - x86/apic: Add extra serialization for non-serializing MSRs
        - Input: xpad - sync supported devices with fork on GitHub
        - ACPI: thermal: Do not call acpi_thermal_check() directly
        - ALSA: hda/realtek - Fix typo of pincfg for Dell quirk
        - Linux 4.4.257
    
      * Xenial update: v4.4.256 upstream stable release (LP: #1916657)
        - Linux 4.4.256
    
      * Xenial update: v4.4.255 upstream stable release (LP: #1916656)
        - ACPI: sysfs: Prefer "compatible" modalias
        - wext: fix NULL-ptr-dereference with cfg80211's lack of commit()
        - net: usb: qmi_wwan: added support for Thales Cinterion PLSx3 modem family
        - KVM: x86/pmu: Fix HW_REF_CPU_CYCLES event pseudo-encoding in
          intel_arch_events[]
        - mt7601u: fix kernel crash unplugging the device
        - mt7601u: fix rx buffer refcounting
        - y2038: futex: Move compat implementation into futex.c
        - futex: Move futex exit handling into futex code
        - futex: Replace PF_EXITPIDONE with a state
        - exit/exec: Seperate mm_release()
        - futex: Split futex_mm_release() for exit/exec
        - futex: Set task::futex_state to DEAD right after handling futex exit
        - futex: Mark the begin of futex exit explicitly
        - futex: Sanitize exit state handling
        - futex: Provide state handling for exec() as well
        - futex: Add mutex around futex exit
        - futex: Provide distinct return value when owner is exiting
        - futex: Prevent exit livelock
        - ARM: imx: build suspend-imx6.S with arm instruction set
        - netfilter: nft_dynset: add timeout extension to template
        - xfrm: Fix oops in xfrm_replay_advance_bmp
        - RDMA/cxgb4: Fix the reported max_recv_sge value
        - mac80211: pause TX while changing interface type
        - can: dev: prevent potential information leak in can_fill_info()
        - iommu/vt-d: Gracefully handle DMAR units with no supported address widths
        - iommu/vt-d: Don't dereference iommu_device if IOMMU_API is not built
        - NFC: fix resource leak when target index is invalid
        - NFC: fix possible resource leak
        - Linux 4.4.255
    
     -- Kelsey Skunberg <email address hidden>  Wed, 24 Mar 2021 18:17:36 -0600
  • linux (4.4.0-206.238) xenial; urgency=medium
    
      * xenial/linux: 4.4.0-206.238 -proposed tracker (LP: #1919242)
    
      * CVE-2021-27365
        - sysfs: Add sysfs_emit and sysfs_emit_at to format sysfs output
        - scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE
        - scsi: iscsi: Verify lengths on passthrough PDUs
    
      * CVE-2021-27363 // CVE-2021-27364
        - scsi: iscsi: Restrict sessions and handles to admin capabilities
    
     -- Stefan Bader <email address hidden>  Tue, 16 Mar 2021 08:21:57 +0100
  • linux (4.4.0-204.236) xenial; urgency=medium
    
      * xenial/linux: 4.4.0-204.236 -proposed tracker (LP: #1916222)
    
      * Xenial update: v4.4.254 upstream stable release (LP: #1914648)
        - ALSA: seq: oss: Fix missing error check in snd_seq_oss_synth_make_info()
        - ALSA: hda/via: Add minimum mute flag
        - ACPI: scan: Make acpi_bus_get_device() clear return pointer on error
        - dm: avoid filesystem lookup in dm_get_dev_t()
        - ASoC: Intel: haswell: Add missing pm_ops
        - scsi: ufs: Correct the LUN used in eh_device_reset_handler() callback
        - drm/nouveau/bios: fix issue shadowing expansion ROMs
        - drm/nouveau/i2c/gm200: increase width of aux semaphore owner fields
        - can: dev: can_restart: fix use after free bug
        - iio: ad5504: Fix setting power-down state
        - ehci: fix EHCI host controller initialization sequence
        - usb: bdc: Make bdc pci driver depend on BROKEN
        - [Config] updateconfigs for USB_BDC_PCI
        - xhci: make sure TRB is fully written before giving it to the controller
        - compiler.h: Raise minimum version of GCC to 5.1 for arm64
        - netfilter: rpfilter: mask ecn bits before fib lookup
        - sh: dma: fix kconfig dependency for G2_DMA
        - sh_eth: Fix power down vs. is_opened flag ordering
        - skbuff: back tiny skbs with kmalloc() in __netdev_alloc_skb() too
        - ipv6: create multicast route with RTPROT_KERNEL
        - net_sched: avoid shift-out-of-bounds in tcindex_set_parms()
        - Revert "mm/slub: fix a memory leak in sysfs_slab_add()"
        - tracing: Fix race in trace_open and buffer resize call
        - xen-blkback: set ring->xenblkd to NULL after kthread_stop()
        - x86/boot/compressed: Disable relocation relaxation
        - Linux 4.4.254
    
      * Xenial update: v4.4.253 upstream stable release (LP: #1914647)
        - ASoC: dapm: remove widget from dirty list on free
        - mm/hugetlb: fix potential missing huge page size info
        - ext4: fix bug for rename with RENAME_WHITEOUT
        - ARC: build: add boot_targets to PHONY
        - ethernet: ucc_geth: fix definition and size of ucc_geth_tx_global_pram
        - arch/arc: add copy_user_page() to <asm/page.h> to fix build error on ARC
        - misdn: dsp: select CONFIG_BITREVERSE
        - net: ethernet: fs_enet: Add missing MODULE_LICENSE
        - ACPI: scan: add stub acpi_create_platform_device() for !CONFIG_ACPI
        - ARM: picoxcell: fix missing interrupt-parent properties
        - Input: uinput - avoid FF flush when destroying device
        - dump_common_audit_data(): fix racy accesses to ->d_name
        - NFS: nfs_igrab_and_active must first reference the superblock
        - ext4: fix superblock checksum failure when setting password salt
        - RDMA/usnic: Fix memleak in find_free_vf_and_create_qp_grp
        - mm, slub: consider rest of partial list if acquire_slab() fails
        - net: sunrpc: interpret the return value of kstrtou32 correctly
        - usb: ohci: Make distrust_firmware param default to false
        - iio: buffer: Fix demux update
        - nfsd4: readdirplus shouldn't return parent of export
        - net: cdc_ncm: correct overhead in delayed_ndp_size
        - netxen_nic: fix MSI/MSI-x interrupts
        - rndis_host: set proper input size for OID_GEN_PHYSICAL_MEDIUM request
        - net: dcb: Validate netlink message in DCB handler
        - net: dcb: Accept RTM_GETDCB messages carrying set-like DCB commands
        - net: sit: unregister_netdevice on newlink's error path
        - rxrpc: Fix handling of an unsupported token type in rxrpc_read()
        - net: avoid 32 x truesize under-estimation for tiny skbs
        - spi: cadence: cache reference clock rate during probe
        - Linux 4.4.253
    
      * Xenial update: v4.4.252 upstream stable release (LP: #1913479)
        - Revert "UBUNTU: SAUCE: target: fix XCOPY NAA identifier lookup"
        - target: add XCOPY target/segment desc sense codes
        - target: bounds check XCOPY segment descriptor list
        - target: use XCOPY segment descriptor CSCD IDs
        - xcopy: loop over devices using idr helper
        - scsi: target: Fix XCOPY NAA identifier lookup
        - powerpc: Fix incorrect stw{, ux, u, x} instructions in __set_pte_at
        - net: ip: always refragment ip defragmented packets
        - net: fix pmtu check in nopmtudisc mode
        - vmlinux.lds.h: Add PGO and AutoFDO input sections
        - ubifs: wbuf: Don't leak kernel memory to flash
        - spi: pxa2xx: Fix use-after-free on unbind
        - cpufreq: powernow-k8: pass policy rather than use cpufreq_cpu_get()
        - wil6210: select CONFIG_CRC32
        - block: rsxx: select CONFIG_CRC32
        - iommu/intel: Fix memleak in intel_irq_remapping_alloc
        - block: fix use-after-free in disk_part_iter_next
        - net: drop bogus skb with CHECKSUM_PARTIAL and offset beyond end of trimmed
          packet
        - Linux 4.4.252
    
      * Xenial update: v4.4.251 upstream stable release (LP: #1913478)
        - kbuild: don't hardcode depmod path
        - workqueue: Kick a worker based on the actual activation of delayed works
        - lib/genalloc: fix the overflow when size is too big
        - depmod: handle the case of /sbin/depmod without /sbin in PATH
        - atm: idt77252: call pci_disable_device() on error path
        - ipv4: Ignore ECN bits for fib lookups in fib_compute_spec_dst()
        - net: hns: fix return value check in __lb_other_process()
        - net: hdlc_ppp: Fix issues when mod_timer is called while timer is running
        - CDC-NCM: remove "connected" log message
        - vhost_net: fix ubuf refcount incorrectly when sendmsg fails
        - net: sched: prevent invalid Scell_log shift count
        - virtio_net: Fix recursive call to cpus_read_lock()
        - ethernet: ucc_geth: fix use-after-free in ucc_geth_remove()
        - video: hyperv_fb: Fix the mmap() regression for v5.4.y and older
        - usb: gadget: enable super speed plus
        - USB: cdc-acm: blacklist another IR Droid device
        - usb: chipidea: ci_hdrc_imx: add missing put_device() call in
          usbmisc_get_init_data()
        - USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST quirk set
        - usb: uas: Add PNY USB Portable SSD to unusual_uas
        - USB: serial: iuu_phoenix: fix DMA from stack
        - USB: serial: option: add LongSung M5710 module support
        - USB: yurex: fix control-URB timeout handling
        - USB: usblp: fix DMA to stack
        - ALSA: usb-audio: Fix UBSAN warnings for MIDI jacks
        - usb: gadget: select CONFIG_CRC32
        - usb: gadget: f_uac2: reset wMaxPacketSize
        - usb: gadget: function: printer: Fix a memory leak for interface descriptor
        - USB: gadget: legacy: fix return error code in acm_ms_bind()
        - usb: gadget: Fix spinlock lockup on usb_function_deactivate
        - usb: gadget: configfs: Preserve function ordering after bind failure
        - USB: serial: keyspan_pda: remove unused variable
        - x86/mm: Fix leak of pmd ptlock
        - ALSA: hda/conexant: add a new hda codec CX11970
        - Revert "device property: Keep secondary firmware node secondary by type"
        - netfilter: ipset: fix shift-out-of-bounds in htable_bits()
        - netfilter: xt_RATEEST: reject non-null terminated string from userspace
        - x86/mtrr: Correct the range check before performing MTRR type lookups
        - Linux 4.4.251
    
      * Xenial update: v4.4.250 upstream stable release (LP: #1912679)
        - ALSA: hda/ca0132 - Fix work handling in delayed HP detection
        - ALSA: usb-audio: simplify set_sync_ep_implicit_fb_quirk
        - ALSA: usb-audio: fix sync-ep altsetting sanity check
        - ALSA: hda/realtek - Support Dell headset mode for ALC3271
        - ALSA: hda - Fix a wrong FIXUP for alc289 on Dell machines
        - ALSA: hda/realtek - Dell headphone has noise on unmute for ALC236
        - s390/dasd: fix hanging device offline processing
        - USB: serial: digi_acceleport: fix write-wakeup deadlocks
        - uapi: move constants from <linux/kernel.h> to <linux/const.h>
        - of: fix linker-section match-table corruption
        - reiserfs: add check for an invalid ih_entry_count
        - misc: vmw_vmci: fix kernel info-leak by initializing dbells in
          vmci_ctx_get_chkpt_doorbells()
        - media: gp8psk: initialize stats at power control logic
        - ALSA: seq: Use bool for snd_seq_queue internal flags
        - module: set MODULE_STATE_GOING state when a module fails to load
        - quota: Don't overflow quota file offsets
        - powerpc: sysdev: add missing iounmap() on error in mpic_msgr_probe()
        - module: delay kobject uevent until after module init call
        - iio:magnetometer:mag3110: Fix alignment and data leak issues.
        - mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start
        - Linux 4.4.250
    
     -- Stefan Bader <email address hidden>  Fri, 19 Feb 2021 11:48:11 +0100
  • linux (4.4.0-203.235) xenial; urgency=medium
    
      * xenial/linux: 4.4.0-203.235 -proposed tracker (LP: #1914140)
    
      * Ubuntu 16.04 kernel 4.4.0-202 basic commands hanging (LP: #1913853)
        - SAUCE: Revert "mm: check that mm is still valid in madvise()"
    
    linux (4.4.0-202.234) xenial; urgency=medium
    
      * xenial/linux: 4.4.0-202.234 -proposed tracker (LP: #1913086)
    
      * DMI entry syntax fix for Pegatron / ByteSpeed C15B (LP: #1910639)
        - Input: i8042 - unbreak Pegatron C15B
    
      * CVE-2020-29372
        - mm: check that mm is still valid in madvise()
    
      * errinjct open fails on IBM POWER LPAR (LP: #1908710)
        - powerpc/rtas: Fix typo of ibm, open-errinjct in RTAS filter
    
      * 4.4 kernel panics in kvm wake_up() handler (LP: #1908428)
        - kvm: vmx: rename vmx_pre/post_block to pi_pre/post_block
        - KVM: VMX: extract __pi_post_block
        - KVM: VMX: avoid double list add with VT-d posted interrupts
    
      * restore reverted commit "crypto: arm64/sha - avoid non-standard inline asm
        tricks" (LP: #1907489)
        - crypto: arm64/sha - avoid non-standard inline asm tricks
    
      * CVE-2020-29374
        - gup: document and work around "COW can break either way" issue
    
      * Xenial update: v4.4.249 upstream stable release (LP: #1910139)
        - spi: bcm2835aux: Fix use-after-free on unbind
        - spi: bcm2835aux: Restore err assignment in bcm2835aux_spi_probe
        - ARC: stack unwinding: don't assume non-current task is sleeping
        - platform/x86: acer-wmi: add automatic keyboard background light toggle key
          as KEY_LIGHTS_TOGGLE
        - Input: cm109 - do not stomp on control URB
        - Input: i8042 - add Acer laptops to the i8042 reset list
        - [Config] updateconfigs for SPI_DYNAMIC
        - spi: Prevent adding devices below an unregistering controller
        - net/mlx4_en: Avoid scheduling restart task if it is already running
        - tcp: fix cwnd-limited bug for TSO deferral where we send nothing
        - net: stmmac: delete the eee_ctrl_timer after napi disabled
        - net: bridge: vlan: fix error return code in __vlan_add()
        - USB: dummy-hcd: Fix uninitialized array use in init()
        - USB: add RESET_RESUME quirk for Snapscan 1212
        - ALSA: usb-audio: Fix potential out-of-bounds shift
        - ALSA: usb-audio: Fix control 'access overflow' errors from chmap
        - xhci: Give USB2 ports time to enter U3 in bus suspend
        - USB: sisusbvga: Make console support depend on BROKEN
        - [Config] updateconfigs for USB_SISUSBVGA_CON
        - ALSA: pcm: oss: Fix potential out-of-bounds shift
        - serial: 8250_omap: Avoid FIFO corruption caused by MDR1 access
        - USB: serial: cp210x: enable usb generic throttle/unthrottle
        - scsi: bnx2i: Requires MMU
        - can: softing: softing_netdev_open(): fix error handling
        - RDMA/cm: Fix an attempt to use non-valid pointer when cleaning timewait
        - dm table: Remove BUG_ON(in_interrupt())
        - soc/tegra: fuse: Fix index bug in get_process_id
        - USB: serial: option: add interface-number sanity check to flag handling
        - USB: gadget: f_rndis: fix bitrate for SuperSpeed and above
        - usb: chipidea: ci_hdrc_imx: Pass DISABLE_DEVICE_STREAMING flag to imx6ul
        - media: msi2500: assign SPI bus number dynamically
        - Bluetooth: Fix slab-out-of-bounds read in hci_le_direct_adv_report_evt()
        - drm/gma500: fix double free of gma_connector
        - ARM: p2v: fix handling of LPAE translation in BE mode
        - crypto: talitos - Fix return type of current_desc_hdr()
        - spi: img-spfi: fix reference leak in img_spfi_resume
        - ASoC: pcm: DRAIN support reactivation
        - Bluetooth: Fix null pointer dereference in hci_event_packet()
        - spi: spi-ti-qspi: fix reference leak in ti_qspi_setup
        - spi: tegra20-slink: fix reference leak in slink ops of tegra20
        - spi: tegra20-sflash: fix reference leak in tegra_sflash_resume
        - spi: tegra114: fix reference leak in tegra spi ops
        - RDMa/mthca: Work around -Wenum-conversion warning
        - MIPS: BCM47XX: fix kconfig dependency bug for BCM47XX_BCMA
        - media: solo6x10: fix missing snd_card_free in error handling case
        - drm/omap: dmm_tiler: fix return error code in omap_dmm_probe()
        - Input: ads7846 - fix integer overflow on Rt calculation
        - Input: ads7846 - fix unaligned access on 7845
        - powerpc/feature: Fix CPU_FTRS_ALWAYS by removing CPU_FTRS_GENERIC_32
        - soc: ti: knav_qmss: fix reference leak in knav_queue_probe
        - soc: ti: Fix reference imbalance in knav_dma_probe
        - drivers: soc: ti: knav_qmss_queue: Fix error return code in knav_queue_probe
        - memstick: fix a double-free bug in memstick_check
        - ARM: dts: at91: sama5d4_xplained: add pincontrol for USB Host
        - ARM: dts: at91: sama5d3_xplained: add pincontrol for USB Host
        - orinoco: Move context allocation after processing the skb
        - cw1200: fix missing destroy_workqueue() on error in cw1200_init_common
        - mips: cdmm: fix use-after-free in mips_cdmm_bus_discover
        - NFSv4.2: condition READDIR's mask for security label based on LSM state
        - lockd: don't use interval-based rebinding over TCP
        - NFS: switch nfsiod to be an UNBOUND workqueue.
        - media: saa7146: fix array overflow in vidioc_s_audio()
        - pinctrl: falcon: add missing put_device() call in pinctrl_falcon_probe()
        - memstick: r592: Fix error return in r592_probe()
        - ASoC: jz4740-i2s: add missed checks for clk_get()
        - dm ioctl: fix error return code in target_message
        - clocksource/drivers/arm_arch_timer: Correct fault programming of
          CNTKCTL_EL1.EVNTI
        - cpufreq: highbank: Add missing MODULE_DEVICE_TABLE
        - cpufreq: loongson1: Add missing MODULE_ALIAS
        - cpufreq: scpi: Add missing MODULE_ALIAS
        - scsi: pm80xx: Fix error return in pm8001_pci_probe()
        - seq_buf: Avoid type mismatch for seq_buf_init
        - scsi: fnic: Fix error return code in fnic_probe()
        - powerpc/pseries/hibernation: drop pseries_suspend_begin() from suspend ops
        - usb: ehci-omap: Fix PM disable depth umbalance in ehci_hcd_omap_probe
        - usb: oxu210hp-hcd: Fix memory leak in oxu_create
        - speakup: fix uninitialized flush_lock
        - nfs_common: need lock during iterate through the list
        - x86/kprobes: Restore BTF if the single-stepping is cancelled
        - extcon: max77693: Fix modalias string
        - ASoC: wm_adsp: remove "ctl" from list on error in wm_adsp_create_control()
        - um: chan_xterm: Fix fd leak
        - nfc: s3fwrn5: Release the nfc firmware
        - powerpc/ps3: use dma_mapping_error()
        - checkpatch: fix unescaped left brace
        - net: bcmgenet: Fix a resource leak in an error handling path in the probe
          functin
        - net: allwinner: Fix some resources leak in the error handling path of the
          probe and in the remove function
        - net: korina: fix return value
        - clk: ti: Fix memleak in ti_fapll_synth_setup
        - perf record: Fix memory leak when using '--user-regs=?' to list registers
        - qlcnic: Fix error code in probe
        - clk: s2mps11: Fix a resource leak in error handling paths in the probe
          function
        - cfg80211: initialize rekey_data
        - Input: cros_ec_keyb - send 'scancodes' in addition to key events
        - Input: goodix - add upside-down quirk for Teclast X98 Pro tablet
        - media: gspca: Fix memory leak in probe
        - media: sunxi-cir: ensure IR is handled when it is continuous
        - media: netup_unidvb: Don't leak SPI master in probe error path
        - Input: cyapa_gen6 - fix out-of-bounds stack access
        - Revert "ACPI / resources: Use AE_CTRL_TERMINATE to terminate resources
          walks"
        - ACPI: PNP: compare the string length in the matching_id()
        - ALSA: pcm: oss: Fix a few more UBSAN fixes
        - s390/dasd: fix list corruption of pavgroup group list
        - s390/dasd: fix list corruption of lcu list
        - staging: comedi: mf6x4: Fix AI end-of-conversion detection
        - powerpc/perf: Exclude kernel samples while counting events in user space.
        - USB: serial: mos7720: fix parallel-port state restore
        - USB: serial: keyspan_pda: fix dropped unthrottle interrupts
        - USB: serial: keyspan_pda: fix write deadlock
        - USB: serial: keyspan_pda: fix stalled writes
        - USB: serial: keyspan_pda: fix write-wakeup use-after-free
        - USB: serial: keyspan_pda: fix tx-unthrottle use-after-free
        - USB: serial: keyspan_pda: fix write unthrottling
        - btrfs: quota: Set rescan progress to (u64)-1 if we hit last leaf
        - btrfs: scrub: Don't use inode page cache in scrub_handle_errored_block()
        - Btrfs: fix selftests failure due to uninitialized i_mode in test inodes
        - btrfs: fix return value mixup in btrfs_get_extent
        - ext4: fix a memory leak of ext4_free_data
        - ceph: fix race in concurrent __ceph_remove_cap invocations
        - jffs2: Fix GC exit abnormally
        - jfs: Fix array index bounds check in dbAdjTree
        - spi: rb4xx: Don't leak SPI master in probe error path
        - mtd: parser: cmdline: Fix parsing of part-names with colons
        - iio: adc: rockchip_saradc: fix missing clk_disable_unprepare() on error in
          rockchip_saradc_resume
        - iio:pressure:mpl3115: Force alignment of buffer
        - xen/xenbus: Allow watches discard events before queueing
        - xen/xenbus: Add 'will_handle' callback support in xenbus_watch_path()
        - xen/xenbus/xen_bus_type: Support will_handle watch callback
        - xen/xenbus: Count pending messages for each watch
        - xenbus/xenbus_backend: Disallow pending watch messages
        - PCI: Fix pci_slot_release() NULL pointer dereference
        - Linux 4.4.249
    
      * MSFT Touchpad not working on Lenovo Legion-5 15ARH05 (LP: #1887190) //
        Xenial update: v4.4.249 upstream stable release (LP: #1910139)
        - pinctrl: amd: remove debounce filter setting in IRQ type setting
    
      * Xenial update: v4.4.248 upstream stable release (LP: #1910137)
        - net/af_iucv: set correct sk_protocol for child sockets
        - rose: Fix Null pointer dereference in rose_send_frame()
        - usbnet: ipheth: fix connectivity with iOS 14
        - bonding: wait for sysfs kobject destruction before freeing struct slave
        - netfilter: bridge: reset skb->pkt_type after NF_INET_POST_ROUTING traversal
        - net/x25: prevent a couple of overflows
        - cxgb3: fix error return code in t3_sge_alloc_qset()
        - net: pasemi: fix error return code in pasemi_mac_open()
        - dt-bindings: net: correct interrupt flags in examples
        - Input: xpad - support Ardwiino Controllers
        - powerpc: Stop exporting __clear_user which is now inlined.
        - btrfs: sysfs: init devices outside of the chunk_mutex
        - vlan: consolidate VLAN parsing code and limit max parsing depth
        - usb: gadget: f_fs: Use local copy of descriptors for userspace copy
        - USB: serial: kl5kusb105: fix memleak on open
        - USB: serial: ch341: add new Product ID for CH341A
        - USB: serial: ch341: sort device-id entries
        - USB: serial: option: add Fibocom NL668 variants
        - USB: serial: option: add support for Thales Cinterion EXS82
        - tty: Fix ->pgrp locking in tiocspgrp()
        - ALSA: hda/realtek - Add new codec supported for ALC897
        - ALSA: hda/generic: Add option to enforce preferred_dacs pairs
        - tty: Fix ->session locking
        - cifs: fix potential use-after-free in cifs_echo_request()
        - i2c: imx: Fix reset of I2SR_IAL flag
        - i2c: imx: Check for I2SR_IAL after every byte
        - arm64: assembler: make adr_l work in modules under KASLR
        - iommu/amd: Set DTE[IntTabLen] to represent 512 IRTEs
        - spi: Introduce device-managed SPI controller allocation
        - spi: bcm2835: Fix use-after-free on unbind
        - spi: bcm2835: Release the DMA channel if probe fails after dma_init
        - tracing: Fix userstacktrace option for instances
        - btrfs: cleanup cow block on error
        - mm/userfaultfd: do not access vma->vm_mm after calling handle_userfault()
        - gfs2: check for empty rgrp tree in gfs2_ri_update
        - Input: i8042 - fix error return code in i8042_setup_aux()
        - x86/uprobes: Do not use prefixes.nbytes when looping over prefixes.bytes
        - Linux 4.4.248
    
     -- Kelsey Skunberg <email address hidden>  Mon, 01 Feb 2021 17:38:49 -0700
  • linux (4.4.0-202.234) xenial; urgency=medium
    
      * xenial/linux: 4.4.0-202.234 -proposed tracker (LP: #1913086)
    
      * DMI entry syntax fix for Pegatron / ByteSpeed C15B (LP: #1910639)
        - Input: i8042 - unbreak Pegatron C15B
    
      * CVE-2020-29372
        - mm: check that mm is still valid in madvise()
    
      * errinjct open fails on IBM POWER LPAR (LP: #1908710)
        - powerpc/rtas: Fix typo of ibm, open-errinjct in RTAS filter
    
      * 4.4 kernel panics in kvm wake_up() handler (LP: #1908428)
        - kvm: vmx: rename vmx_pre/post_block to pi_pre/post_block
        - KVM: VMX: extract __pi_post_block
        - KVM: VMX: avoid double list add with VT-d posted interrupts
    
      * restore reverted commit "crypto: arm64/sha - avoid non-standard inline asm
        tricks" (LP: #1907489)
        - crypto: arm64/sha - avoid non-standard inline asm tricks
    
      * CVE-2020-29374
        - gup: document and work around "COW can break either way" issue
    
      * Xenial update: v4.4.249 upstream stable release (LP: #1910139)
        - spi: bcm2835aux: Fix use-after-free on unbind
        - spi: bcm2835aux: Restore err assignment in bcm2835aux_spi_probe
        - ARC: stack unwinding: don't assume non-current task is sleeping
        - platform/x86: acer-wmi: add automatic keyboard background light toggle key
          as KEY_LIGHTS_TOGGLE
        - Input: cm109 - do not stomp on control URB
        - Input: i8042 - add Acer laptops to the i8042 reset list
        - [Config] updateconfigs for SPI_DYNAMIC
        - spi: Prevent adding devices below an unregistering controller
        - net/mlx4_en: Avoid scheduling restart task if it is already running
        - tcp: fix cwnd-limited bug for TSO deferral where we send nothing
        - net: stmmac: delete the eee_ctrl_timer after napi disabled
        - net: bridge: vlan: fix error return code in __vlan_add()
        - USB: dummy-hcd: Fix uninitialized array use in init()
        - USB: add RESET_RESUME quirk for Snapscan 1212
        - ALSA: usb-audio: Fix potential out-of-bounds shift
        - ALSA: usb-audio: Fix control 'access overflow' errors from chmap
        - xhci: Give USB2 ports time to enter U3 in bus suspend
        - USB: sisusbvga: Make console support depend on BROKEN
        - [Config] updateconfigs for USB_SISUSBVGA_CON
        - ALSA: pcm: oss: Fix potential out-of-bounds shift
        - serial: 8250_omap: Avoid FIFO corruption caused by MDR1 access
        - USB: serial: cp210x: enable usb generic throttle/unthrottle
        - scsi: bnx2i: Requires MMU
        - can: softing: softing_netdev_open(): fix error handling
        - RDMA/cm: Fix an attempt to use non-valid pointer when cleaning timewait
        - dm table: Remove BUG_ON(in_interrupt())
        - soc/tegra: fuse: Fix index bug in get_process_id
        - USB: serial: option: add interface-number sanity check to flag handling
        - USB: gadget: f_rndis: fix bitrate for SuperSpeed and above
        - usb: chipidea: ci_hdrc_imx: Pass DISABLE_DEVICE_STREAMING flag to imx6ul
        - media: msi2500: assign SPI bus number dynamically
        - Bluetooth: Fix slab-out-of-bounds read in hci_le_direct_adv_report_evt()
        - drm/gma500: fix double free of gma_connector
        - ARM: p2v: fix handling of LPAE translation in BE mode
        - crypto: talitos - Fix return type of current_desc_hdr()
        - spi: img-spfi: fix reference leak in img_spfi_resume
        - ASoC: pcm: DRAIN support reactivation
        - Bluetooth: Fix null pointer dereference in hci_event_packet()
        - spi: spi-ti-qspi: fix reference leak in ti_qspi_setup
        - spi: tegra20-slink: fix reference leak in slink ops of tegra20
        - spi: tegra20-sflash: fix reference leak in tegra_sflash_resume
        - spi: tegra114: fix reference leak in tegra spi ops
        - RDMa/mthca: Work around -Wenum-conversion warning
        - MIPS: BCM47XX: fix kconfig dependency bug for BCM47XX_BCMA
        - media: solo6x10: fix missing snd_card_free in error handling case
        - drm/omap: dmm_tiler: fix return error code in omap_dmm_probe()
        - Input: ads7846 - fix integer overflow on Rt calculation
        - Input: ads7846 - fix unaligned access on 7845
        - powerpc/feature: Fix CPU_FTRS_ALWAYS by removing CPU_FTRS_GENERIC_32
        - soc: ti: knav_qmss: fix reference leak in knav_queue_probe
        - soc: ti: Fix reference imbalance in knav_dma_probe
        - drivers: soc: ti: knav_qmss_queue: Fix error return code in knav_queue_probe
        - memstick: fix a double-free bug in memstick_check
        - ARM: dts: at91: sama5d4_xplained: add pincontrol for USB Host
        - ARM: dts: at91: sama5d3_xplained: add pincontrol for USB Host
        - orinoco: Move context allocation after processing the skb
        - cw1200: fix missing destroy_workqueue() on error in cw1200_init_common
        - mips: cdmm: fix use-after-free in mips_cdmm_bus_discover
        - NFSv4.2: condition READDIR's mask for security label based on LSM state
        - lockd: don't use interval-based rebinding over TCP
        - NFS: switch nfsiod to be an UNBOUND workqueue.
        - media: saa7146: fix array overflow in vidioc_s_audio()
        - pinctrl: falcon: add missing put_device() call in pinctrl_falcon_probe()
        - memstick: r592: Fix error return in r592_probe()
        - ASoC: jz4740-i2s: add missed checks for clk_get()
        - dm ioctl: fix error return code in target_message
        - clocksource/drivers/arm_arch_timer: Correct fault programming of
          CNTKCTL_EL1.EVNTI
        - cpufreq: highbank: Add missing MODULE_DEVICE_TABLE
        - cpufreq: loongson1: Add missing MODULE_ALIAS
        - cpufreq: scpi: Add missing MODULE_ALIAS
        - scsi: pm80xx: Fix error return in pm8001_pci_probe()
        - seq_buf: Avoid type mismatch for seq_buf_init
        - scsi: fnic: Fix error return code in fnic_probe()
        - powerpc/pseries/hibernation: drop pseries_suspend_begin() from suspend ops
        - usb: ehci-omap: Fix PM disable depth umbalance in ehci_hcd_omap_probe
        - usb: oxu210hp-hcd: Fix memory leak in oxu_create
        - speakup: fix uninitialized flush_lock
        - nfs_common: need lock during iterate through the list
        - x86/kprobes: Restore BTF if the single-stepping is cancelled
        - extcon: max77693: Fix modalias string
        - ASoC: wm_adsp: remove "ctl" from list on error in wm_adsp_create_control()
        - um: chan_xterm: Fix fd leak
        - nfc: s3fwrn5: Release the nfc firmware
        - powerpc/ps3: use dma_mapping_error()
        - checkpatch: fix unescaped left brace
        - net: bcmgenet: Fix a resource leak in an error handling path in the probe
          functin
        - net: allwinner: Fix some resources leak in the error handling path of the
          probe and in the remove function
        - net: korina: fix return value
        - clk: ti: Fix memleak in ti_fapll_synth_setup
        - perf record: Fix memory leak when using '--user-regs=?' to list registers
        - qlcnic: Fix error code in probe
        - clk: s2mps11: Fix a resource leak in error handling paths in the probe
          function
        - cfg80211: initialize rekey_data
        - Input: cros_ec_keyb - send 'scancodes' in addition to key events
        - Input: goodix - add upside-down quirk for Teclast X98 Pro tablet
        - media: gspca: Fix memory leak in probe
        - media: sunxi-cir: ensure IR is handled when it is continuous
        - media: netup_unidvb: Don't leak SPI master in probe error path
        - Input: cyapa_gen6 - fix out-of-bounds stack access
        - Revert "ACPI / resources: Use AE_CTRL_TERMINATE to terminate resources
          walks"
        - ACPI: PNP: compare the string length in the matching_id()
        - ALSA: pcm: oss: Fix a few more UBSAN fixes
        - s390/dasd: fix list corruption of pavgroup group list
        - s390/dasd: fix list corruption of lcu list
        - staging: comedi: mf6x4: Fix AI end-of-conversion detection
        - powerpc/perf: Exclude kernel samples while counting events in user space.
        - USB: serial: mos7720: fix parallel-port state restore
        - USB: serial: keyspan_pda: fix dropped unthrottle interrupts
        - USB: serial: keyspan_pda: fix write deadlock
        - USB: serial: keyspan_pda: fix stalled writes
        - USB: serial: keyspan_pda: fix write-wakeup use-after-free
        - USB: serial: keyspan_pda: fix tx-unthrottle use-after-free
        - USB: serial: keyspan_pda: fix write unthrottling
        - btrfs: quota: Set rescan progress to (u64)-1 if we hit last leaf
        - btrfs: scrub: Don't use inode page cache in scrub_handle_errored_block()
        - Btrfs: fix selftests failure due to uninitialized i_mode in test inodes
        - btrfs: fix return value mixup in btrfs_get_extent
        - ext4: fix a memory leak of ext4_free_data
        - ceph: fix race in concurrent __ceph_remove_cap invocations
        - jffs2: Fix GC exit abnormally
        - jfs: Fix array index bounds check in dbAdjTree
        - spi: rb4xx: Don't leak SPI master in probe error path
        - mtd: parser: cmdline: Fix parsing of part-names with colons
        - iio: adc: rockchip_saradc: fix missing clk_disable_unprepare() on error in
          rockchip_saradc_resume
        - iio:pressure:mpl3115: Force alignment of buffer
        - xen/xenbus: Allow watches discard events before queueing
        - xen/xenbus: Add 'will_handle' callback support in xenbus_watch_path()
        - xen/xenbus/xen_bus_type: Support will_handle watch callback
        - xen/xenbus: Count pending messages for each watch
        - xenbus/xenbus_backend: Disallow pending watch messages
        - PCI: Fix pci_slot_release() NULL pointer dereference
        - Linux 4.4.249
    
      * MSFT Touchpad not working on Lenovo Legion-5 15ARH05 (LP: #1887190) //
        Xenial update: v4.4.249 upstream stable release (LP: #1910139)
        - pinctrl: amd: remove debounce filter setting in IRQ type setting
    
      * Xenial update: v4.4.248 upstream stable release (LP: #1910137)
        - net/af_iucv: set correct sk_protocol for child sockets
        - rose: Fix Null pointer dereference in rose_send_frame()
        - usbnet: ipheth: fix connectivity with iOS 14
        - bonding: wait for sysfs kobject destruction before freeing struct slave
        - netfilter: bridge: reset skb->pkt_type after NF_INET_POST_ROUTING traversal
        - net/x25: prevent a couple of overflows
        - cxgb3: fix error return code in t3_sge_alloc_qset()
        - net: pasemi: fix error return code in pasemi_mac_open()
        - dt-bindings: net: correct interrupt flags in examples
        - Input: xpad - support Ardwiino Controllers
        - powerpc: Stop exporting __clear_user which is now inlined.
        - btrfs: sysfs: init devices outside of the chunk_mutex
        - vlan: consolidate VLAN parsing code and limit max parsing depth
        - usb: gadget: f_fs: Use local copy of descriptors for userspace copy
        - USB: serial: kl5kusb105: fix memleak on open
        - USB: serial: ch341: add new Product ID for CH341A
        - USB: serial: ch341: sort device-id entries
        - USB: serial: option: add Fibocom NL668 variants
        - USB: serial: option: add support for Thales Cinterion EXS82
        - tty: Fix ->pgrp locking in tiocspgrp()
        - ALSA: hda/realtek - Add new codec supported for ALC897
        - ALSA: hda/generic: Add option to enforce preferred_dacs pairs
        - tty: Fix ->session locking
        - cifs: fix potential use-after-free in cifs_echo_request()
        - i2c: imx: Fix reset of I2SR_IAL flag
        - i2c: imx: Check for I2SR_IAL after every byte
        - arm64: assembler: make adr_l work in modules under KASLR
        - iommu/amd: Set DTE[IntTabLen] to represent 512 IRTEs
        - spi: Introduce device-managed SPI controller allocation
        - spi: bcm2835: Fix use-after-free on unbind
        - spi: bcm2835: Release the DMA channel if probe fails after dma_init
        - tracing: Fix userstacktrace option for instances
        - btrfs: cleanup cow block on error
        - mm/userfaultfd: do not access vma->vm_mm after calling handle_userfault()
        - gfs2: check for empty rgrp tree in gfs2_ri_update
        - Input: i8042 - fix error return code in i8042_setup_aux()
        - x86/uprobes: Do not use prefixes.nbytes when looping over prefixes.bytes
        - Linux 4.4.248
    
     -- Kelsey Skunberg <email address hidden>  Wed, 27 Jan 2021 16:23:17 -0700
  • linux (4.4.0-201.233) xenial; urgency=medium
    
      * xenial/linux: 4.4.0-201.233 -proposed tracker (LP: #1911265)
    
      * Touchpad not detected on ByteSpeed C15B laptop (LP: #1906128)
        - Input: i8042 - add ByteSpeed touchpad to noloop table
    
      * stack trace in kernel (LP: #1903596)
        - net: napi: remove useless stack trace
    
      * CVE-2020-27777
        - powerpc/rtas: Restrict RTAS requests from userspace
        - [Config]: Set CONFIG_PPC_RTAS_FILTER
    
      * Xenial update: v4.4.247 upstream stable release (LP: #1906703)
        - btrfs: tree-checker: Enhance chunk checker to validate chunk profile
        - btrfs: inode: Verify inode mode to avoid NULL pointer dereference
        - HID: cypress: Support Varmilo Keyboards' media hotkeys
        - Input: i8042 - allow insmod to succeed on devices without an i8042
          controller
        - HID: hid-sensor-hub: Fix issue with devices with no report ID
        - x86/xen: don't unbind uninitialized lock_kicker_irq
        - proc: don't allow async path resolution of /proc/self components
        - dmaengine: pl330: _prep_dma_memcpy: Fix wrong burst size
        - scsi: libiscsi: Fix NOP race condition
        - scsi: target: iscsi: Fix cmd abort fabric stop race
        - scsi: ufs: Fix race between shutdown and runtime resume flow
        - bnxt_en: fix error return code in bnxt_init_board()
        - video: hyperv_fb: Fix the cache type when mapping the VRAM
        - bnxt_en: Release PCI regions when DMA mask setup fails during probe.
        - IB/mthca: fix return value of error branch in mthca_init_cq()
        - nfc: s3fwrn5: use signed integer for parsing GPIO numbers
        - efivarfs: revert "fix memory leak in efivarfs_create()"
        - perf probe: Fix to die_entrypc() returns error correctly
        - USB: core: Change %pK for __user pointers to %px
        - x86/speculation: Fix prctl() when spectre_v2_user={seccomp,prctl},ibpb
        - USB: core: add endpoint-blacklist quirk
        - USB: core: Fix regression in Hercules audio card
        - btrfs: fix lockdep splat when reading qgroup config on mount
        - Linux 4.4.247
    
      * Xenial update: v4.4.246 upstream stable release (LP: #1906700)
        - ah6: fix error return code in ah6_input()
        - atm: nicstar: Unmap DMA on send error
        - net: b44: fix error return code in b44_init_one()
        - net: bridge: add missing counters to ndo_get_stats64 callback
        - netlabel: fix our progress tracking in netlbl_unlabel_staticlist()
        - netlabel: fix an uninitialized warning in netlbl_unlabel_staticlist()
        - net/mlx4_core: Fix init_hca fields offset
        - net: x25: Increase refcnt of "struct x25_neigh" in x25_rx_call_request
        - qlcnic: fix error return code in qlcnic_83xx_restart_hw()
        - sctp: change to hold/put transport for proto_unreach_timer
        - net: usb: qmi_wwan: Set DTR quirk for MR400
        - net: Have netpoll bring-up DSA management interface
        - pinctrl: rockchip: enable gpio pclk for rockchip_gpio_to_irq
        - arm64: psci: Avoid printing in cpu_psci_cpu_die()
        - MIPS: Fix BUILD_ROLLBACK_PROLOGUE for microMIPS
        - Input: adxl34x - clean up a data type in adxl34x_probe()
        - arm: dts: imx6qdl-udoo: fix rgmii phy-mode for ksz9031 phy
        - ARM: dts: imx50-evk: Fix the chip select 1 IOMUX
        - perf lock: Don't free "lock_seq_stat" if read_count isn't zero
        - can: dev: can_restart(): post buffer from the right context
        - can: peak_usb: fix potential integer overflow on shift of a int
        - can: m_can: m_can_handle_state_change(): fix state change
        - MIPS: Alchemy: Fix memleak in alchemy_clk_setup_cpu
        - regulator: ti-abb: Fix array out of bound read access on the first
          transition
        - libfs: fix error cast of negative value in simple_attr_write()
        - ALSA: ctl: fix error path at adding user-defined element set
        - ALSA: mixart: Fix mutex deadlock
        - tty: serial: imx: keep console clocks always on
        - efivarfs: fix memory leak in efivarfs_create()
        - ext4: fix bogus warning in ext4_update_dx_flag()
        - xtensa: disable preemption around cache alias management calls
        - mac80211: minstrel: remove deferred sampling code
        - mac80211: minstrel: fix tx status processing corner case
        - mac80211: allow driver to prevent two stations w/ same address
        - mac80211: free sta in sta_info_insert_finish() on errors
        - s390/cpum_sf.c: fix file permission for cpum_sfb_size
        - x86/microcode/intel: Check patch signature before saving microcode for early
          loading
        - Linux 4.4.246
    
      * Xenial update: v4.4.245 upstream stable release (LP: #1906698)
        - i2c: imx: Fix external abort on interrupt in exit paths
        - xfs: catch inode allocation state mismatch corruption
        - xfs: validate cached inodes are free when allocated
        - powerpc/8xx: Always fault when _PAGE_ACCESSED is not set
        - Input: sunkbd - avoid use-after-free in teardown paths
        - mac80211: always wind down STA state
        - KVM: x86: clflushopt should be treated as a no-op by emulation
        - Linux 4.4.245
    
     -- Kelsey Skunberg <email address hidden>  Wed, 13 Jan 2021 17:48:34 -0700
  • linux (4.4.0-200.232) xenial; urgency=medium
    
      * xenial/linux: 4.4.0-200.232 -proposed tracker (LP: #1911151)
    
      * CVE-2020-28374
        - target: simplify XCOPY wwn->se_dev lookup helper
        - SAUCE: target: fix XCOPY NAA identifier lookup
    
     -- Kleber Sacilotto de Souza <email address hidden>  Wed, 13 Jan 2021 10:30:27 +0100
  • linux (4.4.0-199.231) xenial; urgency=medium
    
      * xenial/linux: 4.4.0-199.231 -proposed tracker (LP: #1910093)
    
      * Touchpad not detected on ByteSpeed C15B laptop (LP: #1906128)
        - Input: i8042 - add ByteSpeed touchpad to noloop table
    
      * stack trace in kernel (LP: #1903596)
        - net: napi: remove useless stack trace
    
      * CVE-2020-27777
        - powerpc/rtas: Restrict RTAS requests from userspace
        - [Config]: Set CONFIG_PPC_RTAS_FILTER
    
      * Xenial update: v4.4.247 upstream stable release (LP: #1906703)
        - btrfs: tree-checker: Enhance chunk checker to validate chunk profile
        - btrfs: inode: Verify inode mode to avoid NULL pointer dereference
        - HID: cypress: Support Varmilo Keyboards' media hotkeys
        - Input: i8042 - allow insmod to succeed on devices without an i8042
          controller
        - HID: hid-sensor-hub: Fix issue with devices with no report ID
        - x86/xen: don't unbind uninitialized lock_kicker_irq
        - proc: don't allow async path resolution of /proc/self components
        - dmaengine: pl330: _prep_dma_memcpy: Fix wrong burst size
        - scsi: libiscsi: Fix NOP race condition
        - scsi: target: iscsi: Fix cmd abort fabric stop race
        - scsi: ufs: Fix race between shutdown and runtime resume flow
        - bnxt_en: fix error return code in bnxt_init_board()
        - video: hyperv_fb: Fix the cache type when mapping the VRAM
        - bnxt_en: Release PCI regions when DMA mask setup fails during probe.
        - IB/mthca: fix return value of error branch in mthca_init_cq()
        - nfc: s3fwrn5: use signed integer for parsing GPIO numbers
        - efivarfs: revert "fix memory leak in efivarfs_create()"
        - perf probe: Fix to die_entrypc() returns error correctly
        - USB: core: Change %pK for __user pointers to %px
        - x86/speculation: Fix prctl() when spectre_v2_user={seccomp,prctl},ibpb
        - USB: core: add endpoint-blacklist quirk
        - USB: core: Fix regression in Hercules audio card
        - btrfs: fix lockdep splat when reading qgroup config on mount
        - Linux 4.4.247
    
      * Xenial update: v4.4.246 upstream stable release (LP: #1906700)
        - ah6: fix error return code in ah6_input()
        - atm: nicstar: Unmap DMA on send error
        - net: b44: fix error return code in b44_init_one()
        - net: bridge: add missing counters to ndo_get_stats64 callback
        - netlabel: fix our progress tracking in netlbl_unlabel_staticlist()
        - netlabel: fix an uninitialized warning in netlbl_unlabel_staticlist()
        - net/mlx4_core: Fix init_hca fields offset
        - net: x25: Increase refcnt of "struct x25_neigh" in x25_rx_call_request
        - qlcnic: fix error return code in qlcnic_83xx_restart_hw()
        - sctp: change to hold/put transport for proto_unreach_timer
        - net: usb: qmi_wwan: Set DTR quirk for MR400
        - net: Have netpoll bring-up DSA management interface
        - pinctrl: rockchip: enable gpio pclk for rockchip_gpio_to_irq
        - arm64: psci: Avoid printing in cpu_psci_cpu_die()
        - MIPS: Fix BUILD_ROLLBACK_PROLOGUE for microMIPS
        - Input: adxl34x - clean up a data type in adxl34x_probe()
        - arm: dts: imx6qdl-udoo: fix rgmii phy-mode for ksz9031 phy
        - ARM: dts: imx50-evk: Fix the chip select 1 IOMUX
        - perf lock: Don't free "lock_seq_stat" if read_count isn't zero
        - can: dev: can_restart(): post buffer from the right context
        - can: peak_usb: fix potential integer overflow on shift of a int
        - can: m_can: m_can_handle_state_change(): fix state change
        - MIPS: Alchemy: Fix memleak in alchemy_clk_setup_cpu
        - regulator: ti-abb: Fix array out of bound read access on the first
          transition
        - libfs: fix error cast of negative value in simple_attr_write()
        - ALSA: ctl: fix error path at adding user-defined element set
        - ALSA: mixart: Fix mutex deadlock
        - tty: serial: imx: keep console clocks always on
        - efivarfs: fix memory leak in efivarfs_create()
        - ext4: fix bogus warning in ext4_update_dx_flag()
        - xtensa: disable preemption around cache alias management calls
        - mac80211: minstrel: remove deferred sampling code
        - mac80211: minstrel: fix tx status processing corner case
        - mac80211: allow driver to prevent two stations w/ same address
        - mac80211: free sta in sta_info_insert_finish() on errors
        - s390/cpum_sf.c: fix file permission for cpum_sfb_size
        - x86/microcode/intel: Check patch signature before saving microcode for early
          loading
        - Linux 4.4.246
    
      * Xenial update: v4.4.245 upstream stable release (LP: #1906698)
        - i2c: imx: Fix external abort on interrupt in exit paths
        - xfs: catch inode allocation state mismatch corruption
        - xfs: validate cached inodes are free when allocated
        - powerpc/8xx: Always fault when _PAGE_ACCESSED is not set
        - Input: sunkbd - avoid use-after-free in teardown paths
        - mac80211: always wind down STA state
        - KVM: x86: clflushopt should be treated as a no-op by emulation
        - Linux 4.4.245
    
     -- Kelsey Skunberg <email address hidden>  Tue, 05 Jan 2021 14:56:29 -0700
  • linux (4.4.0-198.230) xenial; urgency=medium
    
      * xenial/linux: 4.4.0-198.230 -proposed tracker (LP: #1906052)
    
      * Xenial update: v4.4.244 upstream stable release (LP: #1904914)
        - ring-buffer: Fix recursion protection transitions between interrupt context
        - gfs2: Wake up when sd_glock_disposal becomes zero
        - mm: mempolicy: fix potential pte_unmap_unlock pte error
        - time: Prevent undefined behaviour in timespec64_to_ns()
        - btrfs: reschedule when cloning lots of extents
        - net: xfrm: fix a race condition during allocing spi
        - perf tools: Add missing swap for ino_generation
        - ALSA: hda: prevent undefined shift in snd_hdac_ext_bus_get_link()
        - can: dev: can_get_echo_skb(): prevent call to kfree_skb() in hard IRQ
          context
        - can: dev: __can_get_echo_skb(): fix real payload length return value for RTR
          frames
        - can: can_create_echo_skb(): fix echo skb generation: always use skb_clone()
        - can: peak_usb: add range checking in decode operations
        - can: peak_usb: peak_usb_get_ts_time(): fix timestamp wrapping
        - Btrfs: fix missing error return if writeback for extent buffer never started
        - i40e: Wrong truncation from u16 to u8
        - i40e: Fix of memory leak and integer truncation in i40e_virtchnl.c
        - ath9k_htc: Use appropriate rs_datalen type
        - usb: gadget: goku_udc: fix potential crashes in probe
        - gfs2: Free rd_bits later in gfs2_clear_rgrpd to fix use-after-free
        - gfs2: check for live vs. read-only file system in gfs2_fitrim
        - drm/amdgpu: perform srbm soft reset always on SDMA resume
        - mac80211: fix use of skb payload instead of header
        - cfg80211: regulatory: Fix inconsistent format argument
        - iommu/amd: Increase interrupt remapping table limit to 512 entries
        - xfs: fix a missing unlock on error in xfs_fs_map_blocks
        - of/address: Fix of_node memory leak in of_dma_is_coherent
        - cosa: Add missing kfree in error path of cosa_write
        - perf: Fix get_recursion_context()
        - ext4: correctly report "not supported" for {usr,grp}jquota when
          !CONFIG_QUOTA
        - ext4: unlock xattr_sem properly in ext4_inline_data_truncate()
        - usb: cdc-acm: Add DISABLE_ECHO for Renesas USB Download mode
        - mei: protect mei_cl_mtu from null dereference
        - ocfs2: initialize ip_next_orphan
        - don't dump the threads that had been already exiting when zapped.
        - drm/gma500: Fix out-of-bounds access to struct drm_device.vblank[]
        - pinctrl: amd: use higher precision for 512 RtcClk
        - pinctrl: amd: fix incorrect way to disable debounce filter
        - swiotlb: fix "x86: Don't panic if can not alloc buffer for swiotlb"
        - IPv6: Set SIT tunnel hard_header_len to zero
        - net/af_iucv: fix null pointer dereference on shutdown
        - net/x25: Fix null-ptr-deref in x25_connect
        - net: Update window_clamp if SOCK_RCVBUF is set
        - random32: make prandom_u32() output unpredictable
        - x86/speculation: Allow IBPB to be conditionally enabled on CPUs with always-
          on STIBP
        - xen/events: avoid removing an event channel while handling it
        - xen/events: add a proper barrier to 2-level uevent unmasking
        - xen/events: fix race in evtchn_fifo_unmask()
        - xen/events: add a new "late EOI" evtchn framework
        - xen/blkback: use lateeoi irq binding
        - xen/netback: use lateeoi irq binding
        - xen/scsiback: use lateeoi irq binding
        - xen/pciback: use lateeoi irq binding
        - xen/events: switch user event channels to lateeoi model
        - xen/events: use a common cpu hotplug hook for event channels
        - xen/events: defer eoi in case of excessive number of events
        - xen/events: block rogue events for some time
        - Revert "kernel/reboot.c: convert simple_strtoul to kstrtoint"
        - reboot: fix overflow parsing reboot cpu number
        - ext4: fix leaking sysfs kobject after failed mount
        - Convert trailing spaces and periods in path components
        - Linux 4.4.244
    
      * Xenial update: v4.4.243 upstream stable release (LP: #1904904)
        - Linux 4.4.243
    
      * Xenial update: v4.4.242 upstream stable release (LP: #1903750)
        - SUNRPC: ECONNREFUSED should cause a rebind.
        - scripts/setlocalversion: make git describe output more reliable
        - ravb: Fix bit fields checking in ravb_hwtstamp_get()
        - tipc: fix memory leak caused by tipc_buf_append()
        - mtd: lpddr: Fix bad logic in print_drs_error
        - ata: sata_rcar: Fix DMA boundary mask
        - fscrypt: return -EXDEV for incompatible rename or link into encrypted dir
        - f2fs crypto: avoid unneeded memory allocation in ->readdir
        - powerpc/powernv/smp: Fix spurious DBG() warning
        - sparc64: remove mm_cpumask clearing to fix kthread_use_mm race
        - f2fs: fix to check segment boundary during SIT page readahead
        - um: change sigio_spinlock to a mutex
        - xfs: fix realtime bitmap/summary file truncation when growing rt volume
        - video: fbdev: pvr2fb: initialize variables
        - ath10k: fix VHT NSS calculation when STBC is enabled
        - mmc: via-sdmmc: Fix data race bug
        - printk: reduce LOG_BUF_SHIFT range for H8300
        - kgdb: Make "kgdbcon" work properly with "kgdb_earlycon"
        - USB: adutux: fix debugging
        - drivers/net/wan/hdlc_fr: Correctly handle special skb->protocol values
        - power: supply: test_power: add missing newlines when printing parameters by
          sysfs
        - md/bitmap: md_bitmap_get_counter returns wrong blocks
        - clk: ti: clockdomain: fix static checker warning
        - net: 9p: initialize sun_server.sun_path to have addr's value only when addr
          is valid
        - drivers: watchdog: rdc321x_wdt: Fix race condition bugs
        - ext4: Detect already used quota file early
        - gfs2: add validation checks for size of superblock
        - memory: emif: Remove bogus debugfs error handling
        - ARM: dts: s5pv210: move PMU node out of clock controller
        - ARM: dts: s5pv210: remove dedicated 'audio-subsystem' node
        - md/raid5: fix oops during stripe resizing
        - leds: bcm6328, bcm6358: use devres LED registering function
        - NFS: fix nfs_path in case of a rename retry
        - ACPI / extlog: Check for RDMSR failure
        - acpi-cpufreq: Honor _PSD table setting on new AMD CPUs
        - w1: mxc_w1: Fix timeout resolution problem leading to bus error
        - scsi: mptfusion: Fix null pointer dereferences in mptscsih_remove()
        - btrfs: reschedule if necessary when logging directory items
        - vt: keyboard, simplify vt_kdgkbsent
        - vt: keyboard, extend func_buf_lock to readers
        - dmaengine: dma-jz4780: Fix race in jz4780_dma_tx_status
        - iio:gyro:itg3200: Fix timestamp alignment and prevent data leak.
        - powerpc/powernv/elog: Fix race while processing OPAL error log event.
        - ubifs: dent: Fix some potential memory leaks while iterating entries
        - ubi: check kthread_should_stop() after the setting of task state
        - ia64: fix build error with !COREDUMP
        - ceph: promote to unsigned long long before shifting
        - libceph: clear con->out_msg on Policy::stateful_server faults
        - 9P: Cast to loff_t before multiplying
        - ring-buffer: Return 0 on success from ring_buffer_resize()
        - vringh: fix __vringh_iov() when riov and wiov are different
        - tty: make FONTX ioctl use the tty pointer they were actually passed
        - arm64: berlin: Select DW_APB_TIMER_OF
        - cachefiles: Handle readpage error correctly
        - hil/parisc: Disable HIL driver when it gets stuck
        - ARM: samsung: fix PM debug build with DEBUG_LL but !MMU
        - ARM: s3c24xx: fix missing system reset
        - device property: Keep secondary firmware node secondary by type
        - device property: Don't clear secondary pointer for shared primary firmware
          node
        - staging: comedi: cb_pcidas: Allow 2-channel commands for AO subdevice
        - Revert "Revert "XEN uses irqdesc::irq_data_common::handler_data to store a
          per interrupt XEN data pointer which contains XEN specific information.""
        - xen/events: don't use chip_data for legacy IRQs
        - tipc: fix use-after-free in tipc_bcast_get_mode
        - gianfar: Replace skb_realloc_headroom with skb_cow_head for PTP
        - gianfar: Account for Tx PTP timestamp in the skb headroom
        - Fonts: Replace discarded const qualifier
        - ALSA: usb-audio: Add implicit feedback quirk for Qu-16
        - ftrace: Fix recursion check for NMI test
        - ftrace: Handle tracing when switching between context
        - ARM: dts: sun4i-a10: fix cpu_alert temperature
        - x86/kexec: Use up-to-dated screen_info copy to fill boot params
        - of: Fix reserved-memory overlap detection
        - scsi: core: Don't start concurrent async scan on same host
        - vsock: use ns_capable_noaudit() on socket create
        - vt: Disable KD_FONT_OP_COPY
        - fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent
        - serial: 8250_mtk: Fix uart_get_baud_rate warning
        - serial: txx9: add missing platform_driver_unregister() on error in
          serial_txx9_init
        - USB: serial: cyberjack: fix write-URB completion race
        - USB: serial: option: add LE910Cx compositions 0x1203, 0x1230, 0x1231
        - USB: serial: option: add Telit FN980 composition 0x1055
        - USB: Add NO_LPM quirk for Kingston flash drive
        - ARC: stack unwinding: avoid indefinite looping
        - Revert "ARC: entry: fix potential EFA clobber when TIF_SYSCALL_TRACE"
        - Linux 4.4.242
    
      * [HP 635] Radeon 6310 brightness control does not work (LP: #1894667) //
        Xenial update: v4.4.242 upstream stable release (LP: #1903750)
        - ACPI: video: use ACPI backlight for HP 635 Notebook
    
     -- Kelsey Skunberg <email address hidden>  Fri, 27 Nov 2020 16:22:59 -0700
  • linux (4.4.0-197.229) xenial; urgency=medium
    
      * xenial/linux: 4.4.0-197.229 -proposed tracker (LP: #1905489)
    
      * sha1_ce and sha2_ce modules no longer load on arm64 (LP: #1905336)
        - SAUCE: Revert "crypto: arm64/sha - avoid non-standard inline asm tricks"
    
      * Fails to build on powerpc (LP: #1905475)
        - powerpc/uaccess-flush: fix corenet64_smp_defconfig build
        - SAUCE: powerpc/uaccess: only include kup-radix.h on PPC_BOOK3S_64
    
    linux (4.4.0-196.228) xenial; urgency=medium
    
      * xenial/linux: 4.4.0-196.228 -proposed tracker (LP: #1905309)
    
      * CVE-2020-4788
        - SAUCE: powerpc/64s: Define MASKABLE_RELON_EXCEPTION_PSERIES_OOL
        - SAUCE: powerpc/64s: move some exception handlers out of line
        - powerpc/64s: flush L1D on kernel entry
        - SAUCE: powerpc: Add a framework for user access tracking
        - powerpc: Implement user_access_begin and friends
        - powerpc: Fix __clear_user() with KUAP enabled
        - powerpc/uaccess: Evaluate macro arguments once, before user access is
          allowed
        - powerpc/64s: flush L1D after user accesses
    
    linux (4.4.0-195.227) xenial; urgency=medium
    
      * xenial/linux: 4.4.0-195.227 -proposed tracker (LP: #1903107)
    
      * Update kernel packaging to support forward porting kernels (LP: #1902957)
        - [Debian] Update for leader included in BACKPORT_SUFFIX
    
      * Avoid double newline when running insertchanges (LP: #1903293)
        - [Packaging] insertchanges: avoid double newline
    
      * EFI: Fails when BootCurrent entry does not exist (LP: #1899993)
        - efivarfs: Replace invalid slashes with exclamation marks in dentries.
    
      * CVE-2020-14351
        - perf/core: Fix race in the perf_mmap_close() function
    
      * CVE-2020-25645
        - geneve: add transport ports in route lookup for geneve
    
      * Xenial update: v4.4.241 upstream stable release (LP: #1902097)
        - ibmveth: Identify ingress large send packets.
        - tipc: fix the skb_unshare() in tipc_buf_append()
        - net/ipv4: always honour route mtu during forwarding
        - r8169: fix data corruption issue on RTL8402
        - ALSA: bebob: potential info leak in hwdep_read()
        - mm/kasan: print name of mem[set,cpy,move]() caller in report
        - mm/kasan: add API to check memory regions
        - compiler.h, kasan: Avoid duplicating __read_once_size_nocheck()
        - compiler.h: Add read_word_at_a_time() function.
        - lib/strscpy: Shut up KASAN false-positives in strscpy()
        - x86/mm/ptdump: Fix soft lockup in page table walker
        - net: hdlc: In hdlc_rcv, check to make sure dev is an HDLC device
        - net: hdlc_raw_eth: Clear the IFF_TX_SKB_SHARING flag after calling
          ether_setup
        - nfc: Ensure presence of NFC_ATTR_FIRMWARE_NAME attribute in
          nfc_genl_fw_download()
        - tcp: fix to update snd_wl1 in bulk receiver fast path
        - icmp: randomize the global rate limiter
        - cifs: remove bogus debug code
        - ima: Don't ignore errors from crypto_shash_update()
        - EDAC/i5100: Fix error handling order in i5100_init_one()
        - crypto: ixp4xx - Fix the size used in a 'dma_free_coherent()' call
        - media: Revert "media: exynos4-is: Add missed check for
          pinctrl_lookup_state()"
        - media: m5mols: Check function pointer in m5mols_sensor_power
        - media: omap3isp: Fix memleak in isp_probe
        - crypto: omap-sham - fix digcnt register handling with export/import
        - media: tc358743: initialize variable
        - media: ti-vpe: Fix a missing check and reference count leak
        - ath6kl: prevent potential array overflow in ath6kl_add_new_sta()
        - ath9k: Fix potential out of bounds in ath9k_htc_txcompletion_cb()
        - wcn36xx: Fix reported 802.11n rx_highest rate wcn3660/wcn3680
        - mwifiex: Do not use GFP_KERNEL in atomic context
        - drm/gma500: fix error check
        - scsi: qla4xxx: Fix an error handling path in 'qla4xxx_get_host_stats()'
        - scsi: csiostor: Fix wrong return value in csio_hw_prep_fw()
        - backlight: sky81452-backlight: Fix refcount imbalance on error
        - VMCI: check return value of get_user_pages_fast() for errors
        - tty: serial: earlycon dependency
        - pty: do tty_flip_buffer_push without port->lock in pty_write
        - drivers/virt/fsl_hypervisor: Fix error handling path
        - video: fbdev: vga16fb: fix setting of pixclock because a pass-by-value error
        - video: fbdev: sis: fix null ptr dereference
        - HID: roccat: add bounds checking in kone_sysfs_write_settings()
        - ath6kl: wmi: prevent a shift wrapping bug in ath6kl_wmi_delete_pstream_cmd()
        - misc: mic: scif: Fix error handling path
        - ALSA: seq: oss: Avoid mutex lock for a long-time ioctl
        - quota: clear padding in v2r1_mem2diskdqb()
        - net: enic: Cure the enic api locking trainwreck
        - mfd: sm501: Fix leaks in probe()
        - usb: gadget: u_ether: enable qmult on SuperSpeed Plus as well
        - nl80211: fix non-split wiphy information
        - mwifiex: fix double free
        - net: korina: fix kfree of rx/tx descriptor array
        - IB/mlx4: Adjust delayed work when a dup is observed
        - powerpc/pseries: Fix missing of_node_put() in rng_init()
        - powerpc/icp-hv: Fix missing of_node_put() in success path
        - mtd: lpddr: fix excessive stack usage with clang
        - mtd: mtdoops: Don't write panic data twice
        - ARM: 9007/1: l2c: fix prefetch bits init in L2X0_AUX_CTRL using DT values
        - powerpc/tau: Use appropriate temperature sample interval
        - powerpc/tau: Remove duplicated set_thresholds() call
        - powerpc/tau: Disable TAU between measurements
        - perf intel-pt: Fix "context_switch event has no tid" error
        - kdb: Fix pager search for multi-line strings
        - powerpc/perf/hv-gpci: Fix starting index value
        - cpufreq: powernv: Fix frame-size-overflow in powernv_cpufreq_reboot_notifier
        - lib/crc32.c: fix trivial typo in preprocessor condition
        - vfio/pci: Clear token on bypass registration failure
        - Input: imx6ul_tsc - clean up some errors in imx6ul_tsc_resume()
        - Input: ep93xx_keypad - fix handling of platform_get_irq() error
        - Input: omap4-keypad - fix handling of platform_get_irq() error
        - Input: sun4i-ps2 - fix handling of platform_get_irq() error
        - KVM: x86: emulating RDPID failure shall return #UD rather than #GP
        - memory: omap-gpmc: Fix a couple off by ones
        - memory: fsl-corenet-cf: Fix handling of platform_get_irq() error
        - arm64: dts: zynqmp: Remove additional compatible string for i2c IPs
        - powerpc/powernv/opal-dump : Use IRQ_HANDLED instead of numbers in interrupt
          handler
        - powerpc/powernv/dump: Fix race while processing OPAL dump
        - media: firewire: fix memory leak
        - media: ati_remote: sanity check for both endpoints
        - media: exynos4-is: Fix several reference count leaks due to
          pm_runtime_get_sync
        - media: exynos4-is: Fix a reference count leak due to pm_runtime_get_sync
        - media: exynos4-is: Fix a reference count leak
        - media: bdisp: Fix runtime PM imbalance on error
        - media: media/pci: prevent memory leak in bttv_probe
        - media: uvcvideo: Ensure all probed info is returned to v4l2
        - mmc: sdio: Check for CISTPL_VERS_1 buffer size
        - media: saa7134: avoid a shift overflow
        - ntfs: add check for mft record size in superblock
        - PM: hibernate: remove the bogus call to get_gendisk() in software_resume()
        - scsi: mvumi: Fix error return in mvumi_io_attach()
        - scsi: target: core: Add CONTROL field for trace events
        - usb: gadget: function: printer: fix use-after-free in __lock_acquire
        - udf: Limit sparing table size
        - udf: Avoid accessing uninitialized data on failed inode read
        - ath9k: hif_usb: fix race condition between usb_get_urb() and
          usb_kill_anchored_urbs()
        - misc: rtsx: Fix memory leak in rtsx_pci_probe
        - reiserfs: only call unlock_new_inode() if I_NEW
        - xfs: make sure the rt allocator doesn't run off the end
        - usb: ohci: Default to per-port over-current protection
        - Bluetooth: Only mark socket zapped after unlocking
        - scsi: ibmvfc: Fix error return in ibmvfc_probe()
        - brcmsmac: fix memory leak in wlc_phy_attach_lcnphy
        - rtl8xxxu: prevent potential memory leak
        - Fix use after free in get_capset_info callback.
        - tty: ipwireless: fix error handling
        - ipvs: Fix uninit-value in do_ip_vs_set_ctl()
        - reiserfs: Fix memory leak in reiserfs_parse_options()
        - brcm80211: fix possible memleak in brcmf_proto_msgbuf_attach
        - usb: core: Solve race condition in anchor cleanup functions
        - ath10k: check idx validity in __ath10k_htt_rx_ring_fill_n()
        - net: korina: cast KSEG0 address to pointer in kfree
        - usb: cdc-acm: add quirk to blacklist ETAS ES58X devices
        - USB: cdc-wdm: Make wdm_flush() interruptible and add wdm_fsync().
        - Linux 4.4.241
    
      * Xenial update: v4.4.240 upstream stable release (LP: #1902096)
        - Bluetooth: MGMT: Fix not checking if BT_HS is enabled
        - Bluetooth: fix kernel oops in store_pending_adv_report
        - Bluetooth: Consolidate encryption handling in hci_encrypt_cfm
        - Bluetooth: Fix update of connection state in `hci_encrypt_cfm`
        - Bluetooth: Disconnect if E0 is used for Level 4
        - media: usbtv: Fix refcounting mixup
        - USB: serial: option: add Cellient MPL200 card
        - USB: serial: option: Add Telit FT980-KS composition
        - staging: comedi: check validity of wMaxPacketSize of usb endpoints found
        - USB: serial: pl2303: add device-id for HP GC device
        - USB: serial: ftdi_sio: add support for FreeCalypso JTAG+UART adapters
        - reiserfs: Initialize inode keys properly
        - reiserfs: Fix oops during mount
        - spi: unbinding slave before calling spi_destroy_queue
        - crypto: qat - check cipher length for aead AES-CBC-HMAC-SHA
        - Linux 4.4.240
    
      * Xenial update: v4.4.239 upstream stable release (LP: #1902095)
        - gpio: tc35894: fix up tc35894 interrupt configuration
        - Input: i8042 - add nopnp quirk for Acer Aspire 5 A515
        - drm/amdgpu: restore proper ref count in amdgpu_display_crtc_set_config
        - net: dec: de2104x: Increase receive ring size for Tulip
        - rndis_host: increase sleep time in the query-response loop
        - drivers/net/wan/lapbether: Make skb->protocol consistent with the header
        - drivers/net/wan/hdlc: Set skb->protocol before transmitting
        - nfs: Fix security label length not being reset
        - clk: samsung: exynos4: mark 'chipid' clock as CLK_IGNORE_UNUSED
        - iommu/exynos: add missing put_device() call in exynos_iommu_of_xlate()
        - i2c: cpm: Fix i2c_ram structure
        - epoll: do not insert into poll queues until all sanity checks are done
        - epoll: replace ->visited/visited_list with generation count
        - epoll: EPOLL_CTL_ADD: close the race in decision to take fast path
        - ep_create_wakeup_source(): dentry name can change under you...
        - netfilter: ctnetlink: add a range check for l3/l4 protonum
        - fbdev, newport_con: Move FONT_EXTRA_WORDS macros into linux/font.h
        - Fonts: Support FONT_EXTRA_WORDS macros for built-in fonts
        - Revert "ravb: Fixed to be able to unload modules"
        - fbcon: Fix global-out-of-bounds read in fbcon_get_font()
        - net: wireless: nl80211: fix out-of-bounds access in nl80211_del_key()
        - usermodehelper: reset umask to default before executing user process
        - platform/x86: thinkpad_acpi: initialize tp_nvram_state variable
        - platform/x86: thinkpad_acpi: re-initialize ACPI buffer size when reuse
        - driver core: Fix probe_count imbalance in really_probe()
        - perf top: Fix stdio interface input handling with glibc 2.28+
        - sctp: fix sctp_auth_init_hmacs() error path
        - team: set dev->needed_headroom in team_setup_by_port()
        - net: team: fix memory leak in __team_options_register
        - mtd: nand: Provide nand_cleanup() function to free NAND related resources
        - xfrm: clone XFRMA_REPLAY_ESN_VAL in xfrm_do_migrate
        - xfrm: clone whole liftime_cur structure in xfrm_do_migrate
        - net: stmmac: removed enabling eee in EEE set callback
        - xfrm: Use correct address family in xfrm_state_find
        - bonding: set dev->needed_headroom in bond_setup_by_slave()
        - rxrpc: Fix rxkad token xdr encoding
        - rxrpc: Downgrade the BUG() for unsupported token type in rxrpc_read()
        - rxrpc: Fix server keyring leak
        - net: usb: rtl8150: set random MAC address when set_ethernet_addr() fails
        - Linux 4.4.239
    
      * CVE-2020-12352
        - Bluetooth: A2MP: Fix not initializing all members
    
      * CVE-2020-0427
        - pinctrl: devicetree: Avoid taking direct reference to device name string
    
      * Xenial update: v4.4.238 upstream stable release (LP: #1899506)
        - af_key: pfkey_dump needs parameter validation
        - KVM: fix memory leak in kvm_io_bus_unregister_dev()
        - kprobes: fix kill kprobe which has been marked as gone
        - ftrace: Setup correct FTRACE_FL_REGS flags for module
        - RDMA/ucma: ucma_context reference leak in error path
        - mtd: Fix comparison in map_word_andequal()
        - hdlc_ppp: add range checks in ppp_cp_parse_cr()
        - tipc: use skb_unshare() instead in tipc_buf_append()
        - net: add __must_check to skb_put_padto()
        - ip: fix tos reflection in ack and reset packets
        - serial: 8250: Avoid error message on reprobe
        - scsi: aacraid: fix illegal IO beyond last LBA
        - m68k: q40: Fix info-leak in rtc_ioctl
        - gma/gma500: fix a memory disclosure bug due to uninitialized bytes
        - ASoC: kirkwood: fix IRQ error handling
        - PM / devfreq: tegra30: Fix integer overflow on CPU's freq max out
        - mtd: cfi_cmdset_0002: don't free cfi->cfiq in error path of
          cfi_amdstd_setup()
        - mfd: mfd-core: Protect against NULL call-back function pointer
        - tracing: Adding NULL checks for trace_array descriptor pointer
        - bcache: fix a lost wake-up problem caused by mca_cannibalize_lock
        - xfs: fix attr leaf header freemap.size underflow
        - kernel/sys.c: avoid copying possible padding bytes in copy_to_user
        - neigh_stat_seq_next() should increase position index
        - rt_cpu_seq_next should increase position index
        - seqlock: Require WRITE_ONCE surrounding raw_seqcount_barrier
        - ACPI: EC: Reference count query handlers under lock
        - tracing: Set kernel_stack's caller size properly
        - ar5523: Add USB ID of SMCWUSBT-G2 wireless adapter
        - Bluetooth: Fix refcount use-after-free issue
        - mm: pagewalk: fix termination condition in walk_pte_range()
        - Bluetooth: prefetch channel before killing sock
        - skbuff: fix a data race in skb_queue_len()
        - audit: CONFIG_CHANGE don't log internal bookkeeping as an event
        - selinux: sel_avc_get_stat_idx should increase position index
        - scsi: lpfc: Fix RQ buffer leakage when no IOCBs available
        - drm/omap: fix possible object reference leak
        - dmaengine: tegra-apb: Prevent race conditions on channel's freeing
        - media: go7007: Fix URB type for interrupt handling
        - Bluetooth: guard against controllers sending zero'd events
        - drm/amdgpu: increase atombios cmd timeout
        - Bluetooth: L2CAP: handle l2cap config request during open state
        - media: tda10071: fix unsigned sign extension overflow
        - tpm: ibmvtpm: Wait for buffer to be set before proceeding
        - tracing: Use address-of operator on section symbols
        - serial: 8250_omap: Fix sleeping function called from invalid context during
          probe
        - SUNRPC: Fix a potential buffer overflow in 'svc_print_xprts()'
        - ubifs: Fix out-of-bounds memory access caused by abnormal value of node_len
        - ALSA: usb-audio: Fix case when USB MIDI interface has more than one extra
          endpoint descriptor
        - mm/filemap.c: clear page error before actual read
        - mm/mmap.c: initialize align_offset explicitly for vm_unmapped_area
        - KVM: Remove CREATE_IRQCHIP/SET_PIT2 race
        - bdev: Reduce time holding bd_mutex in sync in blkdev_close()
        - drivers: char: tlclk.c: Avoid data race between init and interrupt handler
        - dt-bindings: sound: wm8994: Correct required supplies based on actual
          implementaion
        - atm: fix a memory leak of vcc->user_back
        - phy: samsung: s5pv210-usb2: Add delay after reset
        - Bluetooth: Handle Inquiry Cancel error after Inquiry Complete
        - USB: EHCI: ehci-mv: fix error handling in mv_ehci_probe()
        - tty: serial: samsung: Correct clock selection logic
        - ALSA: hda: Fix potential race in unsol event handler
        - fuse: don't check refcount after stealing page
        - USB: EHCI: ehci-mv: fix less than zero comparison of an unsigned int
        - e1000: Do not perform reset in reset_task if we are already down
        - printk: handle blank console arguments passed in.
        - vfio/pci: fix memory leaks of eventfd ctx
        - perf kcore_copy: Fix module map when there are no modules loaded
        - mtd: rawnand: omap_elm: Fix runtime PM imbalance on error
        - ceph: fix potential race in ceph_check_caps
        - mtd: parser: cmdline: Support MTD names containing one or more colons
        - x86/speculation/mds: Mark mds_user_clear_cpu_buffers() __always_inline
        - vfio/pci: Clear error and request eventfd ctx after releasing
        - vfio/pci: fix racy on error and request eventfd ctx
        - s390/init: add missing __init annotations
        - batman-adv: bla: fix type misuse for backbone_gw hash indexing
        - atm: eni: fix the missed pci_disable_device() for eni_init_one()
        - batman-adv: mcast/TT: fix wrongly dropped or rerouted packets
        - ALSA: asihpi: fix iounmap in error handler
        - MIPS: Add the missing 'CPU_1074K' into __get_cpu_type()
        - tty: vt, consw->con_scrolldelta cleanup
        - kprobes: Fix to check probe enabled before disarm_kprobe_ftrace()
        - lib/string.c: implement stpcpy
        - ata: define AC_ERR_OK
        - ata: make qc_prep return ata_completion_errors
        - ata: sata_mv, avoid trigerrable BUG_ON
        - Linux 4.4.238
    
      * *-tools-common packages descriptions have typo "PGKVER" (LP: #1898903)
        - [Packaging] Fix typo in -tools template s/PGKVER/PKGVER/
    
      * Xenial update: v4.4.237 upstream stable release (LP: #1897602)
        - ARM: dts: socfpga: fix register entry for timer3 on Arria10
        - scsi: libsas: Set data_dir as DMA_NONE if libata marks qc as NODATA
        - drivers/net/wan/lapbether: Added needed_tailroom
        - firestream: Fix memleak in fs_open
        - drivers/net/wan/lapbether: Set network_header before transmitting
        - xfs: initialize the shortform attr header padding entry
        - drivers/net/wan/hdlc_cisco: Add hard_header_len
        - ALSA: hda: fix a runtime pm issue in SOF when integrated GPU is disabled
        - gcov: Disable gcov build with GCC 10
        - iio: adc: mcp3422: fix locking scope
        - iio: adc: mcp3422: fix locking on error path
        - iio:light:ltr501 Fix timestamp alignment issue.
        - iio:accel:bmc150-accel: Fix timestamp alignment and prevent data leak.
        - iio:accel:mma8452: Fix timestamp alignment and prevent data leak.
        - USB: core: add helpers to retrieve endpoints
        - staging: wlan-ng: fix out of bounds read in prism2sta_probe_usb()
        - btrfs: fix wrong address when faulting in pages in the search ioctl
        - scsi: target: iscsi: Fix hang in iscsit_access_np() when getting
          tpg->np_login_sem
        - rbd: require global CAP_SYS_ADMIN for mapping and unmapping
        - fbcon: remove soft scrollback code
        - fbcon: remove now unusued 'softback_lines' cursor() argument
        - vgacon: remove software scrollback support
        - [Config] updateconfigs for VGACON_SOFT_SCROLLBACK
        - KVM: VMX: Don't freeze guest when event delivery causes an APIC-access exit
        - video: fbdev: fix OOB read in vga_8planes_imageblit()
        - USB: serial: ftdi_sio: add IDs for Xsens Mti USB converter
        - USB: serial: option: add support for SIM7070/SIM7080/SIM7090 modules
        - usb: Fix out of sync data toggle if a configured device is reconfigured
        - gcov: add support for GCC 10.1
        - NFSv4.1 handle ERR_DELAY error reclaiming locking state on delegation recall
        - scsi: pm8001: Fix memleak in pm8001_exec_internal_task_abort
        - scsi: lpfc: Fix FLOGI/PLOGI receive race condition in pt2pt discovery
        - SUNRPC: stop printk reading past end of string
        - rapidio: Replace 'select' DMAENGINES 'with depends on'
        - i2c: algo: pca: Reapply i2c bus settings after reset
        - MIPS: SNI: Fix MIPS_L1_CACHE_SHIFT
        - perf test: Free formats for perf pmu parse test
        - fbcon: Fix user font detection test at fbcon_resize().
        - MIPS: SNI: Fix spurious interrupts
        - USB: quirks: Add USB_QUIRK_IGNORE_REMOTE_WAKEUP quirk for BYD zhaoxin
          notebook
        - USB: UAS: fix disconnect by unplugging a hub
        - usblp: fix race between disconnect() and read()
        - Input: i8042 - add Entroware Proteus EL07R4 to nomux and reset lists
        - serial: 8250_pci: Add Realtek 816a and 816b
        - ehci-hcd: Move include to keep CRC stable
        - powerpc/dma: Fix dma_map_ops::get_required_mask
        - x86/defconfig: Enable CONFIG_USB_XHCI_HCD=y
        - Linux 4.4.237
    
     -- Thadeu Lima de Souza Cascardo <email address hidden>  Wed, 25 Nov 2020 06:36:47 -0300
  • linux (4.4.0-195.227) xenial; urgency=medium
    
      * xenial/linux: 4.4.0-195.227 -proposed tracker (LP: #1903107)
    
      * Update kernel packaging to support forward porting kernels (LP: #1902957)
        - [Debian] Update for leader included in BACKPORT_SUFFIX
    
      * Avoid double newline when running insertchanges (LP: #1903293)
        - [Packaging] insertchanges: avoid double newline
    
      * EFI: Fails when BootCurrent entry does not exist (LP: #1899993)
        - efivarfs: Replace invalid slashes with exclamation marks in dentries.
    
      * CVE-2020-14351
        - perf/core: Fix race in the perf_mmap_close() function
    
      * CVE-2020-25645
        - geneve: add transport ports in route lookup for geneve
    
      * Xenial update: v4.4.241 upstream stable release (LP: #1902097)
        - ibmveth: Identify ingress large send packets.
        - tipc: fix the skb_unshare() in tipc_buf_append()
        - net/ipv4: always honour route mtu during forwarding
        - r8169: fix data corruption issue on RTL8402
        - ALSA: bebob: potential info leak in hwdep_read()
        - mm/kasan: print name of mem[set,cpy,move]() caller in report
        - mm/kasan: add API to check memory regions
        - compiler.h, kasan: Avoid duplicating __read_once_size_nocheck()
        - compiler.h: Add read_word_at_a_time() function.
        - lib/strscpy: Shut up KASAN false-positives in strscpy()
        - x86/mm/ptdump: Fix soft lockup in page table walker
        - net: hdlc: In hdlc_rcv, check to make sure dev is an HDLC device
        - net: hdlc_raw_eth: Clear the IFF_TX_SKB_SHARING flag after calling
          ether_setup
        - nfc: Ensure presence of NFC_ATTR_FIRMWARE_NAME attribute in
          nfc_genl_fw_download()
        - tcp: fix to update snd_wl1 in bulk receiver fast path
        - icmp: randomize the global rate limiter
        - cifs: remove bogus debug code
        - ima: Don't ignore errors from crypto_shash_update()
        - EDAC/i5100: Fix error handling order in i5100_init_one()
        - crypto: ixp4xx - Fix the size used in a 'dma_free_coherent()' call
        - media: Revert "media: exynos4-is: Add missed check for
          pinctrl_lookup_state()"
        - media: m5mols: Check function pointer in m5mols_sensor_power
        - media: omap3isp: Fix memleak in isp_probe
        - crypto: omap-sham - fix digcnt register handling with export/import
        - media: tc358743: initialize variable
        - media: ti-vpe: Fix a missing check and reference count leak
        - ath6kl: prevent potential array overflow in ath6kl_add_new_sta()
        - ath9k: Fix potential out of bounds in ath9k_htc_txcompletion_cb()
        - wcn36xx: Fix reported 802.11n rx_highest rate wcn3660/wcn3680
        - mwifiex: Do not use GFP_KERNEL in atomic context
        - drm/gma500: fix error check
        - scsi: qla4xxx: Fix an error handling path in 'qla4xxx_get_host_stats()'
        - scsi: csiostor: Fix wrong return value in csio_hw_prep_fw()
        - backlight: sky81452-backlight: Fix refcount imbalance on error
        - VMCI: check return value of get_user_pages_fast() for errors
        - tty: serial: earlycon dependency
        - pty: do tty_flip_buffer_push without port->lock in pty_write
        - drivers/virt/fsl_hypervisor: Fix error handling path
        - video: fbdev: vga16fb: fix setting of pixclock because a pass-by-value error
        - video: fbdev: sis: fix null ptr dereference
        - HID: roccat: add bounds checking in kone_sysfs_write_settings()
        - ath6kl: wmi: prevent a shift wrapping bug in ath6kl_wmi_delete_pstream_cmd()
        - misc: mic: scif: Fix error handling path
        - ALSA: seq: oss: Avoid mutex lock for a long-time ioctl
        - quota: clear padding in v2r1_mem2diskdqb()
        - net: enic: Cure the enic api locking trainwreck
        - mfd: sm501: Fix leaks in probe()
        - usb: gadget: u_ether: enable qmult on SuperSpeed Plus as well
        - nl80211: fix non-split wiphy information
        - mwifiex: fix double free
        - net: korina: fix kfree of rx/tx descriptor array
        - IB/mlx4: Adjust delayed work when a dup is observed
        - powerpc/pseries: Fix missing of_node_put() in rng_init()
        - powerpc/icp-hv: Fix missing of_node_put() in success path
        - mtd: lpddr: fix excessive stack usage with clang
        - mtd: mtdoops: Don't write panic data twice
        - ARM: 9007/1: l2c: fix prefetch bits init in L2X0_AUX_CTRL using DT values
        - powerpc/tau: Use appropriate temperature sample interval
        - powerpc/tau: Remove duplicated set_thresholds() call
        - powerpc/tau: Disable TAU between measurements
        - perf intel-pt: Fix "context_switch event has no tid" error
        - kdb: Fix pager search for multi-line strings
        - powerpc/perf/hv-gpci: Fix starting index value
        - cpufreq: powernv: Fix frame-size-overflow in powernv_cpufreq_reboot_notifier
        - lib/crc32.c: fix trivial typo in preprocessor condition
        - vfio/pci: Clear token on bypass registration failure
        - Input: imx6ul_tsc - clean up some errors in imx6ul_tsc_resume()
        - Input: ep93xx_keypad - fix handling of platform_get_irq() error
        - Input: omap4-keypad - fix handling of platform_get_irq() error
        - Input: sun4i-ps2 - fix handling of platform_get_irq() error
        - KVM: x86: emulating RDPID failure shall return #UD rather than #GP
        - memory: omap-gpmc: Fix a couple off by ones
        - memory: fsl-corenet-cf: Fix handling of platform_get_irq() error
        - arm64: dts: zynqmp: Remove additional compatible string for i2c IPs
        - powerpc/powernv/opal-dump : Use IRQ_HANDLED instead of numbers in interrupt
          handler
        - powerpc/powernv/dump: Fix race while processing OPAL dump
        - media: firewire: fix memory leak
        - media: ati_remote: sanity check for both endpoints
        - media: exynos4-is: Fix several reference count leaks due to
          pm_runtime_get_sync
        - media: exynos4-is: Fix a reference count leak due to pm_runtime_get_sync
        - media: exynos4-is: Fix a reference count leak
        - media: bdisp: Fix runtime PM imbalance on error
        - media: media/pci: prevent memory leak in bttv_probe
        - media: uvcvideo: Ensure all probed info is returned to v4l2
        - mmc: sdio: Check for CISTPL_VERS_1 buffer size
        - media: saa7134: avoid a shift overflow
        - ntfs: add check for mft record size in superblock
        - PM: hibernate: remove the bogus call to get_gendisk() in software_resume()
        - scsi: mvumi: Fix error return in mvumi_io_attach()
        - scsi: target: core: Add CONTROL field for trace events
        - usb: gadget: function: printer: fix use-after-free in __lock_acquire
        - udf: Limit sparing table size
        - udf: Avoid accessing uninitialized data on failed inode read
        - ath9k: hif_usb: fix race condition between usb_get_urb() and
          usb_kill_anchored_urbs()
        - misc: rtsx: Fix memory leak in rtsx_pci_probe
        - reiserfs: only call unlock_new_inode() if I_NEW
        - xfs: make sure the rt allocator doesn't run off the end
        - usb: ohci: Default to per-port over-current protection
        - Bluetooth: Only mark socket zapped after unlocking
        - scsi: ibmvfc: Fix error return in ibmvfc_probe()
        - brcmsmac: fix memory leak in wlc_phy_attach_lcnphy
        - rtl8xxxu: prevent potential memory leak
        - Fix use after free in get_capset_info callback.
        - tty: ipwireless: fix error handling
        - ipvs: Fix uninit-value in do_ip_vs_set_ctl()
        - reiserfs: Fix memory leak in reiserfs_parse_options()
        - brcm80211: fix possible memleak in brcmf_proto_msgbuf_attach
        - usb: core: Solve race condition in anchor cleanup functions
        - ath10k: check idx validity in __ath10k_htt_rx_ring_fill_n()
        - net: korina: cast KSEG0 address to pointer in kfree
        - usb: cdc-acm: add quirk to blacklist ETAS ES58X devices
        - USB: cdc-wdm: Make wdm_flush() interruptible and add wdm_fsync().
        - Linux 4.4.241
    
      * Xenial update: v4.4.240 upstream stable release (LP: #1902096)
        - Bluetooth: MGMT: Fix not checking if BT_HS is enabled
        - Bluetooth: fix kernel oops in store_pending_adv_report
        - Bluetooth: Consolidate encryption handling in hci_encrypt_cfm
        - Bluetooth: Fix update of connection state in `hci_encrypt_cfm`
        - Bluetooth: Disconnect if E0 is used for Level 4
        - media: usbtv: Fix refcounting mixup
        - USB: serial: option: add Cellient MPL200 card
        - USB: serial: option: Add Telit FT980-KS composition
        - staging: comedi: check validity of wMaxPacketSize of usb endpoints found
        - USB: serial: pl2303: add device-id for HP GC device
        - USB: serial: ftdi_sio: add support for FreeCalypso JTAG+UART adapters
        - reiserfs: Initialize inode keys properly
        - reiserfs: Fix oops during mount
        - spi: unbinding slave before calling spi_destroy_queue
        - crypto: qat - check cipher length for aead AES-CBC-HMAC-SHA
        - Linux 4.4.240
    
      * Xenial update: v4.4.239 upstream stable release (LP: #1902095)
        - gpio: tc35894: fix up tc35894 interrupt configuration
        - Input: i8042 - add nopnp quirk for Acer Aspire 5 A515
        - drm/amdgpu: restore proper ref count in amdgpu_display_crtc_set_config
        - net: dec: de2104x: Increase receive ring size for Tulip
        - rndis_host: increase sleep time in the query-response loop
        - drivers/net/wan/lapbether: Make skb->protocol consistent with the header
        - drivers/net/wan/hdlc: Set skb->protocol before transmitting
        - nfs: Fix security label length not being reset
        - clk: samsung: exynos4: mark 'chipid' clock as CLK_IGNORE_UNUSED
        - iommu/exynos: add missing put_device() call in exynos_iommu_of_xlate()
        - i2c: cpm: Fix i2c_ram structure
        - epoll: do not insert into poll queues until all sanity checks are done
        - epoll: replace ->visited/visited_list with generation count
        - epoll: EPOLL_CTL_ADD: close the race in decision to take fast path
        - ep_create_wakeup_source(): dentry name can change under you...
        - netfilter: ctnetlink: add a range check for l3/l4 protonum
        - fbdev, newport_con: Move FONT_EXTRA_WORDS macros into linux/font.h
        - Fonts: Support FONT_EXTRA_WORDS macros for built-in fonts
        - Revert "ravb: Fixed to be able to unload modules"
        - fbcon: Fix global-out-of-bounds read in fbcon_get_font()
        - net: wireless: nl80211: fix out-of-bounds access in nl80211_del_key()
        - usermodehelper: reset umask to default before executing user process
        - platform/x86: thinkpad_acpi: initialize tp_nvram_state variable
        - platform/x86: thinkpad_acpi: re-initialize ACPI buffer size when reuse
        - driver core: Fix probe_count imbalance in really_probe()
        - perf top: Fix stdio interface input handling with glibc 2.28+
        - sctp: fix sctp_auth_init_hmacs() error path
        - team: set dev->needed_headroom in team_setup_by_port()
        - net: team: fix memory leak in __team_options_register
        - mtd: nand: Provide nand_cleanup() function to free NAND related resources
        - xfrm: clone XFRMA_REPLAY_ESN_VAL in xfrm_do_migrate
        - xfrm: clone whole liftime_cur structure in xfrm_do_migrate
        - net: stmmac: removed enabling eee in EEE set callback
        - xfrm: Use correct address family in xfrm_state_find
        - bonding: set dev->needed_headroom in bond_setup_by_slave()
        - rxrpc: Fix rxkad token xdr encoding
        - rxrpc: Downgrade the BUG() for unsupported token type in rxrpc_read()
        - rxrpc: Fix server keyring leak
        - net: usb: rtl8150: set random MAC address when set_ethernet_addr() fails
        - Linux 4.4.239
    
      * CVE-2020-12352
        - Bluetooth: A2MP: Fix not initializing all members
    
      * CVE-2020-0427
        - pinctrl: devicetree: Avoid taking direct reference to device name string
    
      * Xenial update: v4.4.238 upstream stable release (LP: #1899506)
        - af_key: pfkey_dump needs parameter validation
        - KVM: fix memory leak in kvm_io_bus_unregister_dev()
        - kprobes: fix kill kprobe which has been marked as gone
        - ftrace: Setup correct FTRACE_FL_REGS flags for module
        - RDMA/ucma: ucma_context reference leak in error path
        - mtd: Fix comparison in map_word_andequal()
        - hdlc_ppp: add range checks in ppp_cp_parse_cr()
        - tipc: use skb_unshare() instead in tipc_buf_append()
        - net: add __must_check to skb_put_padto()
        - ip: fix tos reflection in ack and reset packets
        - serial: 8250: Avoid error message on reprobe
        - scsi: aacraid: fix illegal IO beyond last LBA
        - m68k: q40: Fix info-leak in rtc_ioctl
        - gma/gma500: fix a memory disclosure bug due to uninitialized bytes
        - ASoC: kirkwood: fix IRQ error handling
        - PM / devfreq: tegra30: Fix integer overflow on CPU's freq max out
        - mtd: cfi_cmdset_0002: don't free cfi->cfiq in error path of
          cfi_amdstd_setup()
        - mfd: mfd-core: Protect against NULL call-back function pointer
        - tracing: Adding NULL checks for trace_array descriptor pointer
        - bcache: fix a lost wake-up problem caused by mca_cannibalize_lock
        - xfs: fix attr leaf header freemap.size underflow
        - kernel/sys.c: avoid copying possible padding bytes in copy_to_user
        - neigh_stat_seq_next() should increase position index
        - rt_cpu_seq_next should increase position index
        - seqlock: Require WRITE_ONCE surrounding raw_seqcount_barrier
        - ACPI: EC: Reference count query handlers under lock
        - tracing: Set kernel_stack's caller size properly
        - ar5523: Add USB ID of SMCWUSBT-G2 wireless adapter
        - Bluetooth: Fix refcount use-after-free issue
        - mm: pagewalk: fix termination condition in walk_pte_range()
        - Bluetooth: prefetch channel before killing sock
        - skbuff: fix a data race in skb_queue_len()
        - audit: CONFIG_CHANGE don't log internal bookkeeping as an event
        - selinux: sel_avc_get_stat_idx should increase position index
        - scsi: lpfc: Fix RQ buffer leakage when no IOCBs available
        - drm/omap: fix possible object reference leak
        - dmaengine: tegra-apb: Prevent race conditions on channel's freeing
        - media: go7007: Fix URB type for interrupt handling
        - Bluetooth: guard against controllers sending zero'd events
        - drm/amdgpu: increase atombios cmd timeout
        - Bluetooth: L2CAP: handle l2cap config request during open state
        - media: tda10071: fix unsigned sign extension overflow
        - tpm: ibmvtpm: Wait for buffer to be set before proceeding
        - tracing: Use address-of operator on section symbols
        - serial: 8250_omap: Fix sleeping function called from invalid context during
          probe
        - SUNRPC: Fix a potential buffer overflow in 'svc_print_xprts()'
        - ubifs: Fix out-of-bounds memory access caused by abnormal value of node_len
        - ALSA: usb-audio: Fix case when USB MIDI interface has more than one extra
          endpoint descriptor
        - mm/filemap.c: clear page error before actual read
        - mm/mmap.c: initialize align_offset explicitly for vm_unmapped_area
        - KVM: Remove CREATE_IRQCHIP/SET_PIT2 race
        - bdev: Reduce time holding bd_mutex in sync in blkdev_close()
        - drivers: char: tlclk.c: Avoid data race between init and interrupt handler
        - dt-bindings: sound: wm8994: Correct required supplies based on actual
          implementaion
        - atm: fix a memory leak of vcc->user_back
        - phy: samsung: s5pv210-usb2: Add delay after reset
        - Bluetooth: Handle Inquiry Cancel error after Inquiry Complete
        - USB: EHCI: ehci-mv: fix error handling in mv_ehci_probe()
        - tty: serial: samsung: Correct clock selection logic
        - ALSA: hda: Fix potential race in unsol event handler
        - fuse: don't check refcount after stealing page
        - USB: EHCI: ehci-mv: fix less than zero comparison of an unsigned int
        - e1000: Do not perform reset in reset_task if we are already down
        - printk: handle blank console arguments passed in.
        - vfio/pci: fix memory leaks of eventfd ctx
        - perf kcore_copy: Fix module map when there are no modules loaded
        - mtd: rawnand: omap_elm: Fix runtime PM imbalance on error
        - ceph: fix potential race in ceph_check_caps
        - mtd: parser: cmdline: Support MTD names containing one or more colons
        - x86/speculation/mds: Mark mds_user_clear_cpu_buffers() __always_inline
        - vfio/pci: Clear error and request eventfd ctx after releasing
        - vfio/pci: fix racy on error and request eventfd ctx
        - s390/init: add missing __init annotations
        - batman-adv: bla: fix type misuse for backbone_gw hash indexing
        - atm: eni: fix the missed pci_disable_device() for eni_init_one()
        - batman-adv: mcast/TT: fix wrongly dropped or rerouted packets
        - ALSA: asihpi: fix iounmap in error handler
        - MIPS: Add the missing 'CPU_1074K' into __get_cpu_type()
        - tty: vt, consw->con_scrolldelta cleanup
        - kprobes: Fix to check probe enabled before disarm_kprobe_ftrace()
        - lib/string.c: implement stpcpy
        - ata: define AC_ERR_OK
        - ata: make qc_prep return ata_completion_errors
        - ata: sata_mv, avoid trigerrable BUG_ON
        - Linux 4.4.238
    
      * *-tools-common packages descriptions have typo "PGKVER" (LP: #1898903)
        - [Packaging] Fix typo in -tools template s/PGKVER/PKGVER/
    
      * Xenial update: v4.4.237 upstream stable release (LP: #1897602)
        - ARM: dts: socfpga: fix register entry for timer3 on Arria10
        - scsi: libsas: Set data_dir as DMA_NONE if libata marks qc as NODATA
        - drivers/net/wan/lapbether: Added needed_tailroom
        - firestream: Fix memleak in fs_open
        - drivers/net/wan/lapbether: Set network_header before transmitting
        - xfs: initialize the shortform attr header padding entry
        - drivers/net/wan/hdlc_cisco: Add hard_header_len
        - ALSA: hda: fix a runtime pm issue in SOF when integrated GPU is disabled
        - gcov: Disable gcov build with GCC 10
        - iio: adc: mcp3422: fix locking scope
        - iio: adc: mcp3422: fix locking on error path
        - iio:light:ltr501 Fix timestamp alignment issue.
        - iio:accel:bmc150-accel: Fix timestamp alignment and prevent data leak.
        - iio:accel:mma8452: Fix timestamp alignment and prevent data leak.
        - USB: core: add helpers to retrieve endpoints
        - staging: wlan-ng: fix out of bounds read in prism2sta_probe_usb()
        - btrfs: fix wrong address when faulting in pages in the search ioctl
        - scsi: target: iscsi: Fix hang in iscsit_access_np() when getting
          tpg->np_login_sem
        - rbd: require global CAP_SYS_ADMIN for mapping and unmapping
        - fbcon: remove soft scrollback code
        - fbcon: remove now unusued 'softback_lines' cursor() argument
        - vgacon: remove software scrollback support
        - [Config] updateconfigs for VGACON_SOFT_SCROLLBACK
        - KVM: VMX: Don't freeze guest when event delivery causes an APIC-access exit
        - video: fbdev: fix OOB read in vga_8planes_imageblit()
        - USB: serial: ftdi_sio: add IDs for Xsens Mti USB converter
        - USB: serial: option: add support for SIM7070/SIM7080/SIM7090 modules
        - usb: Fix out of sync data toggle if a configured device is reconfigured
        - gcov: add support for GCC 10.1
        - NFSv4.1 handle ERR_DELAY error reclaiming locking state on delegation recall
        - scsi: pm8001: Fix memleak in pm8001_exec_internal_task_abort
        - scsi: lpfc: Fix FLOGI/PLOGI receive race condition in pt2pt discovery
        - SUNRPC: stop printk reading past end of string
        - rapidio: Replace 'select' DMAENGINES 'with depends on'
        - i2c: algo: pca: Reapply i2c bus settings after reset
        - MIPS: SNI: Fix MIPS_L1_CACHE_SHIFT
        - perf test: Free formats for perf pmu parse test
        - fbcon: Fix user font detection test at fbcon_resize().
        - MIPS: SNI: Fix spurious interrupts
        - USB: quirks: Add USB_QUIRK_IGNORE_REMOTE_WAKEUP quirk for BYD zhaoxin
          notebook
        - USB: UAS: fix disconnect by unplugging a hub
        - usblp: fix race between disconnect() and read()
        - Input: i8042 - add Entroware Proteus EL07R4 to nomux and reset lists
        - serial: 8250_pci: Add Realtek 816a and 816b
        - ehci-hcd: Move include to keep CRC stable
        - powerpc/dma: Fix dma_map_ops::get_required_mask
        - x86/defconfig: Enable CONFIG_USB_XHCI_HCD=y
        - Linux 4.4.237
    
     -- Stefan Bader <email address hidden>  Mon, 09 Nov 2020 11:42:59 +0100
  • linux (4.4.0-194.226) xenial; urgency=medium
    
      * CVE-2020-8694
        - powercap: make attributes only readable by root
    
     -- Kleber Sacilotto de Souza <email address hidden>  Wed, 21 Oct 2020 11:31:44 +0200
  • linux (4.4.0-193.224) xenial; urgency=medium
    
      * CVE-2020-16119
        - SAUCE: dccp: avoid double free of ccid on child socket
    
    linux (4.4.0-192.222) xenial; urgency=medium
    
      * xenial/linux: 4.4.0-192.222 -proposed tracker (LP: #1897734)
    
      * mwifiex stops working after kernel upgrade (LP: #1897299)
        - mwifiex: Increase AES key storage size to 256 bits
    
      * xenial 4.4.0-191-generic in -proposed has a regression (LP: #1896725)
        - Revert "XEN uses irqdesc::irq_data_common::handler_data to store a per
          interrupt XEN data pointer which contains XEN specific information."
    
    linux (4.4.0-191.221) xenial; urgency=medium
    
      * xenial/linux: 4.4.0-191.221 -proposed tracker (LP: #1896067)
    
      * Novalink (mkvterm command failure) (LP: #1892546)
        - tty: hvcs: Don't NULL tty->driver_data until hvcs_cleanup()
    
      * Xenial update: v4.4.236 upstream stable release (LP: #1895891)
        - HID: core: Correctly handle ReportSize being zero
        - HID: core: Sanitize event code and type when mapping input
        - perf record/stat: Explicitly call out event modifiers in the documentation
        - mm, page_alloc: remove unnecessary variable from free_pcppages_bulk
        - hwmon: (applesmc) check status earlier.
        - ceph: don't allow setlease on cephfs
        - s390: don't trace preemption in percpu macros
        - xen/xenbus: Fix granting of vmalloc'd memory
        - dmaengine: of-dma: Fix of_dma_router_xlate's of_dma_xlate handling
        - batman-adv: Avoid uninitialized chaddr when handling DHCP
        - batman-adv: bla: use netif_rx_ni when not in interrupt context
        - dmaengine: at_hdmac: check return value of of_find_device_by_node() in
          at_dma_xlate()
        - netfilter: nf_tables: incorrect enum nft_list_attributes definition
        - netfilter: nf_tables: fix destination register zeroing
        - dmaengine: pl330: Fix burst length if burst size is smaller than bus width
        - bnxt_en: Check for zero dir entries in NVRAM.
        - fix regression in "epoll: Keep a reference on files added to the check list"
        - tg3: Fix soft lockup when tg3_reset_task() fails.
        - iommu/vt-d: Serialize IOMMU GCMD register modifications
        - thermal: ti-soc-thermal: Fix bogus thermal shutdowns for omap4430
        - include/linux/log2.h: add missing () around n in roundup_pow_of_two()
        - btrfs: drop path before adding new uuid tree entry
        - btrfs: Remove redundant extent_buffer_get in get_old_root
        - btrfs: Remove extraneous extent_buffer_get from tree_mod_log_rewind
        - btrfs: set the lockdep class for log tree extent buffers
        - uaccess: Add non-pagefault user-space read functions
        - uaccess: Add non-pagefault user-space write function
        - btrfs: fix potential deadlock in the search ioctl
        - net: qmi_wwan: MDM9x30 specific power management
        - net: qmi_wwan: support "raw IP" mode
        - net: qmi_wwan: should hold RTNL while changing netdev type
        - net: qmi_wwan: ignore bogus CDC Union descriptors
        - Add Dell Wireless 5809e Gobi 4G HSPA+ Mobile Broadband Card (rev3) to
          qmi_wwan
        - qmi_wwan: Added support for Gemalto's Cinterion PHxx WWAN interface
        - qmi_wwan: add support for Quectel EC21 and EC25
        - NET: usb: qmi_wwan: add support for Telit LE922A PID 0x1040
        - drivers: net: usb: qmi_wwan: add QMI_QUIRK_SET_DTR for Telit PID 0x1201
        - usb: qmi_wwan: add D-Link DWM-222 A2 device ID
        - net: usb: qmi_wwan: add Telit ME910 support
        - net: usb: qmi_wwan: add Telit 0x1050 composition
        - ALSA: ca0106: fix error code handling
        - ALSA: pcm: oss: Remove superfluous WARN_ON() for mulaw sanity check
        - dm cache metadata: Avoid returning cmd->bm wild pointer on error
        - dm thin metadata: Avoid returning cmd->bm wild pointer on error
        - net: refactor bind_bucket fastreuse into helper
        - net: initialize fastreuse on inet_inherit_port
        - checkpatch: fix the usage of capture group ( ... )
        - mm/hugetlb: fix a race between hugetlb sysctl handlers
        - cfg80211: regulatory: reject invalid hints
        - net: usb: Fix uninit-was-stored issue in asix_read_phy_addr()
        - ALSA: firewire-digi00x: add support for console models of Digi00x series
        - ALSA: firewire-digi00x: exclude Avid Adrenaline from detection
        - ALSA; firewire-tascam: exclude Tascam FE-8 from detection
        - fs/affs: use octal for permissions
        - affs: fix basic permission bits to actually work
        - ravb: Fixed to be able to unload modules
        - net: ethernet: mlx4: Fix memory allocation in mlx4_buddy_init()
        - bnxt_en: Failure to update PHY is not fatal condition.
        - bnxt: don't enable NAPI until rings are ready
        - net: usb: dm9601: Add USB ID of Keenetic Plus DSL
        - sctp: not disable bh in the whole sctp_get_port_local()
        - net: disable netpoll on fresh napis
        - Linux 4.4.236
    
      * clock: overriding the clocksource should select the requested clocksource
        (LP: #1894591)
        - clocksource: Defer override invalidation unless clock is unstable
    
      * alsa/hdmi: the hdmi audio stops working from Ubuntu-4.4.0-155.182
        (LP: #1895603)
        - ALSA: hda/hdmi - Read the pin sense from register when repolling
        - SAUCE: ALSA: hda/hdmi - Check pin_eld->monitor_present
    
      * Xenial update: v4.4.235 upstream stable release (LP: #1895031)
        - net: Fix potential wrong skb->protocol in skb_vlan_untag()
        - tipc: fix uninit skb->data in tipc_nl_compat_dumpit()
        - ipvlan: fix device features
        - bonding: show saner speed for broadcast mode
        - bonding: fix a potential double-unregister
        - powerpc/pseries: Do not initiate shutdown when system is running on UPS
        - ALSA: pci: delete repeated words in comments
        - ASoC: tegra: Fix reference count leaks.
        - media: pci: ttpci: av7110: fix possible buffer overflow caused by bad DMA
          value in debiirq()
        - scsi: target: tcmu: Fix crash on ARM during cmd completion
        - drm/amdkfd: Fix reference count leaks.
        - drm/radeon: fix multiple reference count leak
        - drm/amdgpu: fix ref count leak in amdgpu_driver_open_kms
        - drm/amd/display: fix ref count leak in amdgpu_drm_ioctl
        - drm/amdgpu: fix ref count leak in amdgpu_display_crtc_set_config
        - drm/amdgpu/display: fix ref count leak when pm_runtime_get_sync fails
        - scsi: lpfc: Fix shost refcount mismatch when deleting vport
        - selftests/powerpc: Purge extra count_pmc() calls of ebb selftests
        - PCI: Fix pci_create_slot() reference count leak
        - rtlwifi: rtl8192cu: Prevent leaking urb
        - mips/vdso: Fix resource leaks in genvdso.c
        - drm/nouveau/drm/noveau: fix reference count leak in nouveau_fbcon_open
        - drm/nouveau: Fix reference count leak in nouveau_connector_detect
        - locking/lockdep: Fix overflow in presentation of average lock-time
        - scsi: iscsi: Do not put host in iscsi_set_flashnode_param()
        - ceph: fix potential mdsc use-after-free crash
        - scsi: fcoe: Memory leak fix in fcoe_sysfs_fcf_del()
        - EDAC/ie31200: Fallback if host bridge device is already initialized
        - media: davinci: vpif_capture: fix potential double free
        - powerpc/spufs: add CONFIG_COREDUMP dependency
        - USB: sisusbvga: Fix a potential UB casued by left shifting a negative value
        - Revert "ath10k: fix DMA related firmware crashes on multiple devices"
        - i2c: rcar: in slave mode, clear NACK earlier
        - jbd2: make sure jh have b_transaction set in refile/unfile_buffer
        - jbd2: abort journal if free a async write error metadata buffer
        - s390/cio: add cond_resched() in the slow_eval_known_fn() loop
        - scsi: ufs: Fix possible infinite loop in ufshcd_hold
        - net: gianfar: Add of_node_put() before goto statement
        - fbcon: prevent user font height or width change from causing potential out-
          of-bounds access
        - USB: lvtest: return proper error code in probe
        - vt: defer kfree() of vc_screenbuf in vc_do_resize()
        - vt_ioctl: change VT_RESIZEX ioctl to check for error return from vc_resize()
        - serial: samsung: Removes the IRQ not found warning
        - serial: pl011: Don't leak amba_ports entry on driver register error
        - serial: 8250: change lock order in serial8250_do_startup()
        - writeback: Protect inode->i_io_list with inode->i_lock
        - writeback: Avoid skipping inode writeback
        - writeback: Fix sync livelock due to b_dirty_time processing
        - XEN uses irqdesc::irq_data_common::handler_data to store a per interrupt XEN
          data pointer which contains XEN specific information.
        - xhci: Do warm-reset when both CAS and XDEV_RESUME are set
        - PM: sleep: core: Fix the handling of pending runtime resume requests
        - device property: Fix the secondary firmware node handling in
          set_primary_fwnode()
        - USB: yurex: Fix bad gfp argument
        - usb: uas: Add quirk for PNY Pro Elite
        - USB: Ignore UAS for JMicron JMS567 ATA/ATAPI Bridge
        - usb: host: ohci-exynos: Fix error handling in exynos_ohci_probe()
        - usb: storage: Add unusual_uas entry for Sony PSZ drives
        - btrfs: check the right error variable in btrfs_del_dir_entries_in_log
        - HID: hiddev: Fix slab-out-of-bounds write in hiddev_ioctl_usage()
        - ALSA: usb-audio: Update documentation comment for MS2109 quirk
        - Linux 4.4.235
    
      * DELL LATITUDE 5491 touchscreen doesn't work (LP: #1889446) // Xenial update:
        v4.4.235 upstream stable release (LP: #1895031)
        - USB: quirks: Add no-lpm quirk for another Raydium touchscreen
    
      * Xenial update: v4.4.234 upstream stable release (LP: #1893248)
        - cxl: Fix kobject memleak
        - drm/imx: imx-ldb: Disable both channels for split mode in enc->disable()
        - perf probe: Fix memory leakage when the probe point is not found
        - net/compat: Add missing sock updates for SCM_RIGHTS
        - watchdog: f71808e_wdt: indicate WDIOF_CARDRESET support in
          watchdog_info.options
        - watchdog: f71808e_wdt: remove use of wrong watchdog_info option
        - coredump: fix race condition between collapse_huge_page() and core dumping
        - khugepaged: khugepaged_test_exit() check mmget_still_valid()
        - khugepaged: adjust VM_BUG_ON_MM() in __khugepaged_enter()
        - btrfs: export helpers for subvolume name/id resolution
        - btrfs: don't show full path of bind mounts in subvol=
        - romfs: fix uninitialized memory leak in romfs_dev_read()
        - mm: include CMA pages in lowmem_reserve at boot
        - mm, page_alloc: fix core hung in free_pcppages_bulk()
        - ext4: clean up ext4_match() and callers
        - ext4: fix checking of directory entry validity for inline directories
        - media: budget-core: Improve exception handling in budget_register()
        - media: vpss: clean up resources in init
        - Input: psmouse - add a newline when printing 'proto' by sysfs
        - m68knommu: fix overwriting of bits in ColdFire V3 cache control
        - xfs: fix inode quota reservation checks
        - jffs2: fix UAF problem
        - scsi: libfc: Free skb in fc_disc_gpn_id_resp() for valid cases
        - virtio_ring: Avoid loop when vq is broken in virtqueue_poll
        - xfs: Fix UBSAN null-ptr-deref in xfs_sysfs_init
        - alpha: fix annotation of io{read,write}{16,32}be()
        - ext4: fix potential negative array index in do_split()
        - ASoC: intel: Fix memleak in sst_media_open
        - powerpc: Allow 4224 bytes of stack expansion for the signal frame
        - epoll: Keep a reference on files added to the check list
        - do_epoll_ctl(): clean the failure exits up a bit
        - mm/hugetlb: fix calculation of adjust_range_if_pmd_sharing_possible
        - xen: don't reschedule in preemption off sections
        - omapfb: dss: Fix max fclk divider for omap36xx
        - KVM: arm/arm64: Don't reschedule in unmap_stage2_range()
        - Linux 4.4.234
    
      * CVE-2018-10322
        - libxfs: synchronize dinode_verify with userspace
        - xfs: sanity check directory inode di_size
        - xfs: move inode fork verifiers to xfs_dinode_verify
        - xfs: enhance dinode verifier
    
     -- Thadeu Lima de Souza Cascardo <email address hidden>  Tue, 06 Oct 2020 12:24:31 -0300
  • linux (4.4.0-192.222) xenial; urgency=medium
    
      * xenial/linux: 4.4.0-192.222 -proposed tracker (LP: #1897734)
    
      * mwifiex stops working after kernel upgrade (LP: #1897299)
        - mwifiex: Increase AES key storage size to 256 bits
    
      * xenial 4.4.0-191-generic in -proposed has a regression (LP: #1896725)
        - Revert "XEN uses irqdesc::irq_data_common::handler_data to store a per
          interrupt XEN data pointer which contains XEN specific information."
    
    linux (4.4.0-191.221) xenial; urgency=medium
    
      * xenial/linux: 4.4.0-191.221 -proposed tracker (LP: #1896067)
    
      * Novalink (mkvterm command failure) (LP: #1892546)
        - tty: hvcs: Don't NULL tty->driver_data until hvcs_cleanup()
    
      * Xenial update: v4.4.236 upstream stable release (LP: #1895891)
        - HID: core: Correctly handle ReportSize being zero
        - HID: core: Sanitize event code and type when mapping input
        - perf record/stat: Explicitly call out event modifiers in the documentation
        - mm, page_alloc: remove unnecessary variable from free_pcppages_bulk
        - hwmon: (applesmc) check status earlier.
        - ceph: don't allow setlease on cephfs
        - s390: don't trace preemption in percpu macros
        - xen/xenbus: Fix granting of vmalloc'd memory
        - dmaengine: of-dma: Fix of_dma_router_xlate's of_dma_xlate handling
        - batman-adv: Avoid uninitialized chaddr when handling DHCP
        - batman-adv: bla: use netif_rx_ni when not in interrupt context
        - dmaengine: at_hdmac: check return value of of_find_device_by_node() in
          at_dma_xlate()
        - netfilter: nf_tables: incorrect enum nft_list_attributes definition
        - netfilter: nf_tables: fix destination register zeroing
        - dmaengine: pl330: Fix burst length if burst size is smaller than bus width
        - bnxt_en: Check for zero dir entries in NVRAM.
        - fix regression in "epoll: Keep a reference on files added to the check list"
        - tg3: Fix soft lockup when tg3_reset_task() fails.
        - iommu/vt-d: Serialize IOMMU GCMD register modifications
        - thermal: ti-soc-thermal: Fix bogus thermal shutdowns for omap4430
        - include/linux/log2.h: add missing () around n in roundup_pow_of_two()
        - btrfs: drop path before adding new uuid tree entry
        - btrfs: Remove redundant extent_buffer_get in get_old_root
        - btrfs: Remove extraneous extent_buffer_get from tree_mod_log_rewind
        - btrfs: set the lockdep class for log tree extent buffers
        - uaccess: Add non-pagefault user-space read functions
        - uaccess: Add non-pagefault user-space write function
        - btrfs: fix potential deadlock in the search ioctl
        - net: qmi_wwan: MDM9x30 specific power management
        - net: qmi_wwan: support "raw IP" mode
        - net: qmi_wwan: should hold RTNL while changing netdev type
        - net: qmi_wwan: ignore bogus CDC Union descriptors
        - Add Dell Wireless 5809e Gobi 4G HSPA+ Mobile Broadband Card (rev3) to
          qmi_wwan
        - qmi_wwan: Added support for Gemalto's Cinterion PHxx WWAN interface
        - qmi_wwan: add support for Quectel EC21 and EC25
        - NET: usb: qmi_wwan: add support for Telit LE922A PID 0x1040
        - drivers: net: usb: qmi_wwan: add QMI_QUIRK_SET_DTR for Telit PID 0x1201
        - usb: qmi_wwan: add D-Link DWM-222 A2 device ID
        - net: usb: qmi_wwan: add Telit ME910 support
        - net: usb: qmi_wwan: add Telit 0x1050 composition
        - ALSA: ca0106: fix error code handling
        - ALSA: pcm: oss: Remove superfluous WARN_ON() for mulaw sanity check
        - dm cache metadata: Avoid returning cmd->bm wild pointer on error
        - dm thin metadata: Avoid returning cmd->bm wild pointer on error
        - net: refactor bind_bucket fastreuse into helper
        - net: initialize fastreuse on inet_inherit_port
        - checkpatch: fix the usage of capture group ( ... )
        - mm/hugetlb: fix a race between hugetlb sysctl handlers
        - cfg80211: regulatory: reject invalid hints
        - net: usb: Fix uninit-was-stored issue in asix_read_phy_addr()
        - ALSA: firewire-digi00x: add support for console models of Digi00x series
        - ALSA: firewire-digi00x: exclude Avid Adrenaline from detection
        - ALSA; firewire-tascam: exclude Tascam FE-8 from detection
        - fs/affs: use octal for permissions
        - affs: fix basic permission bits to actually work
        - ravb: Fixed to be able to unload modules
        - net: ethernet: mlx4: Fix memory allocation in mlx4_buddy_init()
        - bnxt_en: Failure to update PHY is not fatal condition.
        - bnxt: don't enable NAPI until rings are ready
        - net: usb: dm9601: Add USB ID of Keenetic Plus DSL
        - sctp: not disable bh in the whole sctp_get_port_local()
        - net: disable netpoll on fresh napis
        - Linux 4.4.236
    
      * clock: overriding the clocksource should select the requested clocksource
        (LP: #1894591)
        - clocksource: Defer override invalidation unless clock is unstable
    
      * alsa/hdmi: the hdmi audio stops working from Ubuntu-4.4.0-155.182
        (LP: #1895603)
        - ALSA: hda/hdmi - Read the pin sense from register when repolling
        - SAUCE: ALSA: hda/hdmi - Check pin_eld->monitor_present
    
      * Xenial update: v4.4.235 upstream stable release (LP: #1895031)
        - net: Fix potential wrong skb->protocol in skb_vlan_untag()
        - tipc: fix uninit skb->data in tipc_nl_compat_dumpit()
        - ipvlan: fix device features
        - bonding: show saner speed for broadcast mode
        - bonding: fix a potential double-unregister
        - powerpc/pseries: Do not initiate shutdown when system is running on UPS
        - ALSA: pci: delete repeated words in comments
        - ASoC: tegra: Fix reference count leaks.
        - media: pci: ttpci: av7110: fix possible buffer overflow caused by bad DMA
          value in debiirq()
        - scsi: target: tcmu: Fix crash on ARM during cmd completion
        - drm/amdkfd: Fix reference count leaks.
        - drm/radeon: fix multiple reference count leak
        - drm/amdgpu: fix ref count leak in amdgpu_driver_open_kms
        - drm/amd/display: fix ref count leak in amdgpu_drm_ioctl
        - drm/amdgpu: fix ref count leak in amdgpu_display_crtc_set_config
        - drm/amdgpu/display: fix ref count leak when pm_runtime_get_sync fails
        - scsi: lpfc: Fix shost refcount mismatch when deleting vport
        - selftests/powerpc: Purge extra count_pmc() calls of ebb selftests
        - PCI: Fix pci_create_slot() reference count leak
        - rtlwifi: rtl8192cu: Prevent leaking urb
        - mips/vdso: Fix resource leaks in genvdso.c
        - drm/nouveau/drm/noveau: fix reference count leak in nouveau_fbcon_open
        - drm/nouveau: Fix reference count leak in nouveau_connector_detect
        - locking/lockdep: Fix overflow in presentation of average lock-time
        - scsi: iscsi: Do not put host in iscsi_set_flashnode_param()
        - ceph: fix potential mdsc use-after-free crash
        - scsi: fcoe: Memory leak fix in fcoe_sysfs_fcf_del()
        - EDAC/ie31200: Fallback if host bridge device is already initialized
        - media: davinci: vpif_capture: fix potential double free
        - powerpc/spufs: add CONFIG_COREDUMP dependency
        - USB: sisusbvga: Fix a potential UB casued by left shifting a negative value
        - Revert "ath10k: fix DMA related firmware crashes on multiple devices"
        - i2c: rcar: in slave mode, clear NACK earlier
        - jbd2: make sure jh have b_transaction set in refile/unfile_buffer
        - jbd2: abort journal if free a async write error metadata buffer
        - s390/cio: add cond_resched() in the slow_eval_known_fn() loop
        - scsi: ufs: Fix possible infinite loop in ufshcd_hold
        - net: gianfar: Add of_node_put() before goto statement
        - fbcon: prevent user font height or width change from causing potential out-
          of-bounds access
        - USB: lvtest: return proper error code in probe
        - vt: defer kfree() of vc_screenbuf in vc_do_resize()
        - vt_ioctl: change VT_RESIZEX ioctl to check for error return from vc_resize()
        - serial: samsung: Removes the IRQ not found warning
        - serial: pl011: Don't leak amba_ports entry on driver register error
        - serial: 8250: change lock order in serial8250_do_startup()
        - writeback: Protect inode->i_io_list with inode->i_lock
        - writeback: Avoid skipping inode writeback
        - writeback: Fix sync livelock due to b_dirty_time processing
        - XEN uses irqdesc::irq_data_common::handler_data to store a per interrupt XEN
          data pointer which contains XEN specific information.
        - xhci: Do warm-reset when both CAS and XDEV_RESUME are set
        - PM: sleep: core: Fix the handling of pending runtime resume requests
        - device property: Fix the secondary firmware node handling in
          set_primary_fwnode()
        - USB: yurex: Fix bad gfp argument
        - usb: uas: Add quirk for PNY Pro Elite
        - USB: Ignore UAS for JMicron JMS567 ATA/ATAPI Bridge
        - usb: host: ohci-exynos: Fix error handling in exynos_ohci_probe()
        - usb: storage: Add unusual_uas entry for Sony PSZ drives
        - btrfs: check the right error variable in btrfs_del_dir_entries_in_log
        - HID: hiddev: Fix slab-out-of-bounds write in hiddev_ioctl_usage()
        - ALSA: usb-audio: Update documentation comment for MS2109 quirk
        - Linux 4.4.235
    
      * DELL LATITUDE 5491 touchscreen doesn't work (LP: #1889446) // Xenial update:
        v4.4.235 upstream stable release (LP: #1895031)
        - USB: quirks: Add no-lpm quirk for another Raydium touchscreen
    
      * Xenial update: v4.4.234 upstream stable release (LP: #1893248)
        - cxl: Fix kobject memleak
        - drm/imx: imx-ldb: Disable both channels for split mode in enc->disable()
        - perf probe: Fix memory leakage when the probe point is not found
        - net/compat: Add missing sock updates for SCM_RIGHTS
        - watchdog: f71808e_wdt: indicate WDIOF_CARDRESET support in
          watchdog_info.options
        - watchdog: f71808e_wdt: remove use of wrong watchdog_info option
        - coredump: fix race condition between collapse_huge_page() and core dumping
        - khugepaged: khugepaged_test_exit() check mmget_still_valid()
        - khugepaged: adjust VM_BUG_ON_MM() in __khugepaged_enter()
        - btrfs: export helpers for subvolume name/id resolution
        - btrfs: don't show full path of bind mounts in subvol=
        - romfs: fix uninitialized memory leak in romfs_dev_read()
        - mm: include CMA pages in lowmem_reserve at boot
        - mm, page_alloc: fix core hung in free_pcppages_bulk()
        - ext4: clean up ext4_match() and callers
        - ext4: fix checking of directory entry validity for inline directories
        - media: budget-core: Improve exception handling in budget_register()
        - media: vpss: clean up resources in init
        - Input: psmouse - add a newline when printing 'proto' by sysfs
        - m68knommu: fix overwriting of bits in ColdFire V3 cache control
        - xfs: fix inode quota reservation checks
        - jffs2: fix UAF problem
        - scsi: libfc: Free skb in fc_disc_gpn_id_resp() for valid cases
        - virtio_ring: Avoid loop when vq is broken in virtqueue_poll
        - xfs: Fix UBSAN null-ptr-deref in xfs_sysfs_init
        - alpha: fix annotation of io{read,write}{16,32}be()
        - ext4: fix potential negative array index in do_split()
        - ASoC: intel: Fix memleak in sst_media_open
        - powerpc: Allow 4224 bytes of stack expansion for the signal frame
        - epoll: Keep a reference on files added to the check list
        - do_epoll_ctl(): clean the failure exits up a bit
        - mm/hugetlb: fix calculation of adjust_range_if_pmd_sharing_possible
        - xen: don't reschedule in preemption off sections
        - omapfb: dss: Fix max fclk divider for omap36xx
        - KVM: arm/arm64: Don't reschedule in unmap_stage2_range()
        - Linux 4.4.234
    
      * CVE-2018-10322
        - libxfs: synchronize dinode_verify with userspace
        - xfs: sanity check directory inode di_size
        - xfs: move inode fork verifiers to xfs_dinode_verify
        - xfs: enhance dinode verifier
    
     -- Stefan Bader <email address hidden>  Tue, 29 Sep 2020 16:43:40 +0200
  • linux (4.4.0-191.221) xenial; urgency=medium
    
      * xenial/linux: 4.4.0-191.221 -proposed tracker (LP: #1896067)
    
      * Novalink (mkvterm command failure) (LP: #1892546)
        - tty: hvcs: Don't NULL tty->driver_data until hvcs_cleanup()
    
      * Xenial update: v4.4.236 upstream stable release (LP: #1895891)
        - HID: core: Correctly handle ReportSize being zero
        - HID: core: Sanitize event code and type when mapping input
        - perf record/stat: Explicitly call out event modifiers in the documentation
        - mm, page_alloc: remove unnecessary variable from free_pcppages_bulk
        - hwmon: (applesmc) check status earlier.
        - ceph: don't allow setlease on cephfs
        - s390: don't trace preemption in percpu macros
        - xen/xenbus: Fix granting of vmalloc'd memory
        - dmaengine: of-dma: Fix of_dma_router_xlate's of_dma_xlate handling
        - batman-adv: Avoid uninitialized chaddr when handling DHCP
        - batman-adv: bla: use netif_rx_ni when not in interrupt context
        - dmaengine: at_hdmac: check return value of of_find_device_by_node() in
          at_dma_xlate()
        - netfilter: nf_tables: incorrect enum nft_list_attributes definition
        - netfilter: nf_tables: fix destination register zeroing
        - dmaengine: pl330: Fix burst length if burst size is smaller than bus width
        - bnxt_en: Check for zero dir entries in NVRAM.
        - fix regression in "epoll: Keep a reference on files added to the check list"
        - tg3: Fix soft lockup when tg3_reset_task() fails.
        - iommu/vt-d: Serialize IOMMU GCMD register modifications
        - thermal: ti-soc-thermal: Fix bogus thermal shutdowns for omap4430
        - include/linux/log2.h: add missing () around n in roundup_pow_of_two()
        - btrfs: drop path before adding new uuid tree entry
        - btrfs: Remove redundant extent_buffer_get in get_old_root
        - btrfs: Remove extraneous extent_buffer_get from tree_mod_log_rewind
        - btrfs: set the lockdep class for log tree extent buffers
        - uaccess: Add non-pagefault user-space read functions
        - uaccess: Add non-pagefault user-space write function
        - btrfs: fix potential deadlock in the search ioctl
        - net: qmi_wwan: MDM9x30 specific power management
        - net: qmi_wwan: support "raw IP" mode
        - net: qmi_wwan: should hold RTNL while changing netdev type
        - net: qmi_wwan: ignore bogus CDC Union descriptors
        - Add Dell Wireless 5809e Gobi 4G HSPA+ Mobile Broadband Card (rev3) to
          qmi_wwan
        - qmi_wwan: Added support for Gemalto's Cinterion PHxx WWAN interface
        - qmi_wwan: add support for Quectel EC21 and EC25
        - NET: usb: qmi_wwan: add support for Telit LE922A PID 0x1040
        - drivers: net: usb: qmi_wwan: add QMI_QUIRK_SET_DTR for Telit PID 0x1201
        - usb: qmi_wwan: add D-Link DWM-222 A2 device ID
        - net: usb: qmi_wwan: add Telit ME910 support
        - net: usb: qmi_wwan: add Telit 0x1050 composition
        - ALSA: ca0106: fix error code handling
        - ALSA: pcm: oss: Remove superfluous WARN_ON() for mulaw sanity check
        - dm cache metadata: Avoid returning cmd->bm wild pointer on error
        - dm thin metadata: Avoid returning cmd->bm wild pointer on error
        - net: refactor bind_bucket fastreuse into helper
        - net: initialize fastreuse on inet_inherit_port
        - checkpatch: fix the usage of capture group ( ... )
        - mm/hugetlb: fix a race between hugetlb sysctl handlers
        - cfg80211: regulatory: reject invalid hints
        - net: usb: Fix uninit-was-stored issue in asix_read_phy_addr()
        - ALSA: firewire-digi00x: add support for console models of Digi00x series
        - ALSA: firewire-digi00x: exclude Avid Adrenaline from detection
        - ALSA; firewire-tascam: exclude Tascam FE-8 from detection
        - fs/affs: use octal for permissions
        - affs: fix basic permission bits to actually work
        - ravb: Fixed to be able to unload modules
        - net: ethernet: mlx4: Fix memory allocation in mlx4_buddy_init()
        - bnxt_en: Failure to update PHY is not fatal condition.
        - bnxt: don't enable NAPI until rings are ready
        - net: usb: dm9601: Add USB ID of Keenetic Plus DSL
        - sctp: not disable bh in the whole sctp_get_port_local()
        - net: disable netpoll on fresh napis
        - Linux 4.4.236
    
      * clock: overriding the clocksource should select the requested clocksource
        (LP: #1894591)
        - clocksource: Defer override invalidation unless clock is unstable
    
      * alsa/hdmi: the hdmi audio stops working from Ubuntu-4.4.0-155.182
        (LP: #1895603)
        - ALSA: hda/hdmi - Read the pin sense from register when repolling
        - SAUCE: ALSA: hda/hdmi - Check pin_eld->monitor_present
    
      * Xenial update: v4.4.235 upstream stable release (LP: #1895031)
        - net: Fix potential wrong skb->protocol in skb_vlan_untag()
        - tipc: fix uninit skb->data in tipc_nl_compat_dumpit()
        - ipvlan: fix device features
        - bonding: show saner speed for broadcast mode
        - bonding: fix a potential double-unregister
        - powerpc/pseries: Do not initiate shutdown when system is running on UPS
        - ALSA: pci: delete repeated words in comments
        - ASoC: tegra: Fix reference count leaks.
        - media: pci: ttpci: av7110: fix possible buffer overflow caused by bad DMA
          value in debiirq()
        - scsi: target: tcmu: Fix crash on ARM during cmd completion
        - drm/amdkfd: Fix reference count leaks.
        - drm/radeon: fix multiple reference count leak
        - drm/amdgpu: fix ref count leak in amdgpu_driver_open_kms
        - drm/amd/display: fix ref count leak in amdgpu_drm_ioctl
        - drm/amdgpu: fix ref count leak in amdgpu_display_crtc_set_config
        - drm/amdgpu/display: fix ref count leak when pm_runtime_get_sync fails
        - scsi: lpfc: Fix shost refcount mismatch when deleting vport
        - selftests/powerpc: Purge extra count_pmc() calls of ebb selftests
        - PCI: Fix pci_create_slot() reference count leak
        - rtlwifi: rtl8192cu: Prevent leaking urb
        - mips/vdso: Fix resource leaks in genvdso.c
        - drm/nouveau/drm/noveau: fix reference count leak in nouveau_fbcon_open
        - drm/nouveau: Fix reference count leak in nouveau_connector_detect
        - locking/lockdep: Fix overflow in presentation of average lock-time
        - scsi: iscsi: Do not put host in iscsi_set_flashnode_param()
        - ceph: fix potential mdsc use-after-free crash
        - scsi: fcoe: Memory leak fix in fcoe_sysfs_fcf_del()
        - EDAC/ie31200: Fallback if host bridge device is already initialized
        - media: davinci: vpif_capture: fix potential double free
        - powerpc/spufs: add CONFIG_COREDUMP dependency
        - USB: sisusbvga: Fix a potential UB casued by left shifting a negative value
        - Revert "ath10k: fix DMA related firmware crashes on multiple devices"
        - i2c: rcar: in slave mode, clear NACK earlier
        - jbd2: make sure jh have b_transaction set in refile/unfile_buffer
        - jbd2: abort journal if free a async write error metadata buffer
        - s390/cio: add cond_resched() in the slow_eval_known_fn() loop
        - scsi: ufs: Fix possible infinite loop in ufshcd_hold
        - net: gianfar: Add of_node_put() before goto statement
        - fbcon: prevent user font height or width change from causing potential out-
          of-bounds access
        - USB: lvtest: return proper error code in probe
        - vt: defer kfree() of vc_screenbuf in vc_do_resize()
        - vt_ioctl: change VT_RESIZEX ioctl to check for error return from vc_resize()
        - serial: samsung: Removes the IRQ not found warning
        - serial: pl011: Don't leak amba_ports entry on driver register error
        - serial: 8250: change lock order in serial8250_do_startup()
        - writeback: Protect inode->i_io_list with inode->i_lock
        - writeback: Avoid skipping inode writeback
        - writeback: Fix sync livelock due to b_dirty_time processing
        - XEN uses irqdesc::irq_data_common::handler_data to store a per interrupt XEN
          data pointer which contains XEN specific information.
        - xhci: Do warm-reset when both CAS and XDEV_RESUME are set
        - PM: sleep: core: Fix the handling of pending runtime resume requests
        - device property: Fix the secondary firmware node handling in
          set_primary_fwnode()
        - USB: yurex: Fix bad gfp argument
        - usb: uas: Add quirk for PNY Pro Elite
        - USB: Ignore UAS for JMicron JMS567 ATA/ATAPI Bridge
        - usb: host: ohci-exynos: Fix error handling in exynos_ohci_probe()
        - usb: storage: Add unusual_uas entry for Sony PSZ drives
        - btrfs: check the right error variable in btrfs_del_dir_entries_in_log
        - HID: hiddev: Fix slab-out-of-bounds write in hiddev_ioctl_usage()
        - ALSA: usb-audio: Update documentation comment for MS2109 quirk
        - Linux 4.4.235
    
      * DELL LATITUDE 5491 touchscreen doesn't work (LP: #1889446) // Xenial update:
        v4.4.235 upstream stable release (LP: #1895031)
        - USB: quirks: Add no-lpm quirk for another Raydium touchscreen
    
      * Xenial update: v4.4.234 upstream stable release (LP: #1893248)
        - cxl: Fix kobject memleak
        - drm/imx: imx-ldb: Disable both channels for split mode in enc->disable()
        - perf probe: Fix memory leakage when the probe point is not found
        - net/compat: Add missing sock updates for SCM_RIGHTS
        - watchdog: f71808e_wdt: indicate WDIOF_CARDRESET support in
          watchdog_info.options
        - watchdog: f71808e_wdt: remove use of wrong watchdog_info option
        - coredump: fix race condition between collapse_huge_page() and core dumping
        - khugepaged: khugepaged_test_exit() check mmget_still_valid()
        - khugepaged: adjust VM_BUG_ON_MM() in __khugepaged_enter()
        - btrfs: export helpers for subvolume name/id resolution
        - btrfs: don't show full path of bind mounts in subvol=
        - romfs: fix uninitialized memory leak in romfs_dev_read()
        - mm: include CMA pages in lowmem_reserve at boot
        - mm, page_alloc: fix core hung in free_pcppages_bulk()
        - ext4: clean up ext4_match() and callers
        - ext4: fix checking of directory entry validity for inline directories
        - media: budget-core: Improve exception handling in budget_register()
        - media: vpss: clean up resources in init
        - Input: psmouse - add a newline when printing 'proto' by sysfs
        - m68knommu: fix overwriting of bits in ColdFire V3 cache control
        - xfs: fix inode quota reservation checks
        - jffs2: fix UAF problem
        - scsi: libfc: Free skb in fc_disc_gpn_id_resp() for valid cases
        - virtio_ring: Avoid loop when vq is broken in virtqueue_poll
        - xfs: Fix UBSAN null-ptr-deref in xfs_sysfs_init
        - alpha: fix annotation of io{read,write}{16,32}be()
        - ext4: fix potential negative array index in do_split()
        - ASoC: intel: Fix memleak in sst_media_open
        - powerpc: Allow 4224 bytes of stack expansion for the signal frame
        - epoll: Keep a reference on files added to the check list
        - do_epoll_ctl(): clean the failure exits up a bit
        - mm/hugetlb: fix calculation of adjust_range_if_pmd_sharing_possible
        - xen: don't reschedule in preemption off sections
        - omapfb: dss: Fix max fclk divider for omap36xx
        - KVM: arm/arm64: Don't reschedule in unmap_stage2_range()
        - Linux 4.4.234
    
      * CVE-2018-10322
        - libxfs: synchronize dinode_verify with userspace
        - xfs: sanity check directory inode di_size
        - xfs: move inode fork verifiers to xfs_dinode_verify
        - xfs: enhance dinode verifier
    
     -- Stefan Bader <email address hidden>  Fri, 18 Sep 2020 11:37:51 +0200
  • linux (4.4.0-190.220) xenial; urgency=medium
    
      * xenial/linux: 4.4.0-190.220 -proposed tracker (LP: #1893431)
    
      * Packaging resync (LP: #1786013)
        - [Packaging] update helper scripts
    
      *  [Hyper-V] VSS and File Copy daemons intermittently fails to start
        (LP: #1891224)
        - [Packaging] Bind hv_vss_daemon startup to hv_vss device
        - [Packaging] bind hv_fcopy_daemon startup to hv_fcopy device
    
      * CVE-2019-20811
        - net-sysfs: call dev_hold if kobject_init_and_add success
    
      * CVE-2020-0067
        - f2fs: fix to avoid memory leakage in f2fs_listxattr
    
      * CVE-2019-9453
        - f2fs: fix to avoid accessing xattr across the boundary
    
      * Xenial update: 4.4.233 upstream stable release (LP: #1892822)
        - media: rc: prevent memory leak in cx23888_ir_probe
        - ath9k_htc: release allocated buffer if timed out
        - ath9k: release allocated buffer if timed out
        - nfs: Move call to security_inode_listsecurity into nfs_listxattr
        - PCI/ASPM: Disable ASPM on ASMedia ASM1083/1085 PCIe-to-PCI bridge
        - drm/amdgpu: Prevent kernel-infoleak in amdgpu_info_ioctl()
        - drm: hold gem reference until object is no longer accessed
        - f2fs: check memory boundary by insane namelen
        - f2fs: check if file namelen exceeds max value
        - ARM: 8986/1: hw_breakpoint: Don't invoke overflow handler on uaccess
          watchpoints
        - fbdev: Detect integer underflow at "struct fbcon_ops"->clear_margins.
        - rds: Prevent kernel-infoleak in rds_notify_queue_get()
        - net/x25: Fix x25_neigh refcnt leak when x25 disconnect
        - net/x25: Fix null-ptr-deref in x25_disconnect
        - sh: Fix validation of system call number
        - net: lan78xx: add missing endpoint sanity check
        - net: lan78xx: fix transfer-buffer memory leak
        - mlxsw: core: Increase scope of RCU read-side critical section
        - mac80211: mesh: Free ie data when leaving mesh
        - nfc: s3fwrn5: add missing release on skb in s3fwrn5_recv_frame
        - net: ethernet: ravb: exit if re-initialization fails in tx timeout
        - Revert "i2c: cadence: Fix the hold bit setting"
        - xen-netfront: fix potential deadlock in xennet_remove()
        - x86/i8259: Use printk_deferred() to prevent deadlock
        - random32: update the net random state on interrupt and activity
        - ARM: percpu.h: fix build error
        - random: fix circular include dependency on arm64 after addition of percpu.h
        - random32: remove net_rand_state from the latent entropy gcc plugin
        - random32: move the pseudo-random 32-bit definitions to prandom.h
        - ext4: fix direct I/O read error
        - USB: serial: qcserial: add EM7305 QDL product ID
        - ALSA: seq: oss: Serialize ioctls
        - Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt()
        - Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_evt()
        - Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_with_rssi_evt()
        - vgacon: Fix for missing check in scrollback handling
        - mtd: properly check all write ioctls for permissions
        - net/9p: validate fds in p9_fd_open
        - drm/nouveau/fbcon: fix module unload when fbcon init has failed for some
          reason
        - cfg80211: check vendor command doit pointer before use
        - igb: reinit_locked() should be called with rtnl_lock
        - atm: fix atm_dev refcnt leaks in atmtcp_remove_persistent
        - tools lib traceevent: Fix memory leak in process_dynamic_array_len
        - binder: Prevent context manager from incrementing ref 0
        - ipv4: Silence suspicious RCU usage warning
        - ipv6: fix memory leaks on IPV6_ADDRFORM path
        - Revert "vxlan: fix tos value before xmit"
        - net: lan78xx: replace bogus endpoint lookup
        - usb: hso: check for return value in hso_serial_common_create()
        - vxlan: Ensure FDB dump is performed under RCU
        - Smack: fix use-after-free in smk_write_relabel_self()
        - tracepoint: Mark __tracepoint_string's __used
        - udp: drop corrupt packets earlier to avoid data corruption
        - gpio: fix oops resulting from calling of_get_named_gpio(NULL, ...)
        - EDAC: Fix reference count leaks
        - m68k: mac: Don't send IOP message until channel is idle
        - m68k: mac: Fix IOP status/control register writes
        - ARM: at91: pm: add missing put_device() call in at91_pm_sram_init()
        - ARM: socfpga: PM: add missing put_device() call in
          socfpga_setup_ocram_self_refresh()
        - drm/tilcdc: fix leak & null ref in panel_connector_get_modes
        - Bluetooth: add a mutex lock to avoid UAF in do_enale_set
        - fs/btrfs: Add cond_resched() for try_release_extent_mapping() stalls
        - drm/radeon: Fix reference count leaks caused by pm_runtime_get_sync
        - video: fbdev: neofb: fix memory leak in neo_scan_monitor()
        - drm/nouveau: fix multiple instances of reference count leaks
        - drm/debugfs: fix plain echo to connector "force" attribute
        - mm/mmap.c: Add cond_resched() for exit_mmap() CPU stalls
        - brcmfmac: To fix Bss Info flag definition Bug
        - iwlegacy: Check the return value of pcie_capability_read_*()
        - usb: gadget: net2280: fix memory leak on probe error handling paths
        - bdc: Fix bug causing crash after multiple disconnects
        - dyndbg: fix a BUG_ON in ddebug_describe_flags
        - bcache: fix super block seq numbers comparision in register_cache_set()
        - ACPICA: Do not increment operation_region reference counts for field units
        - agp/intel: Fix a memory leak on module initialisation failure
        - video: fbdev: sm712fb: fix an issue about iounmap for a wrong address
        - console: newport_con: fix an issue about leak related system resources
        - iio: improve IIO_CONCENTRATION channel type description
        - leds: lm355x: avoid enum conversion warning
        - media: omap3isp: Add missed v4l2_ctrl_handler_free() for
          preview_init_entities()
        - scsi: cumana_2: Fix different dev_id between request_irq() and free_irq()
        - drm/radeon: fix array out-of-bounds read and write issues
        - scsi: powertec: Fix different dev_id between request_irq() and free_irq()
        - scsi: eesox: Fix different dev_id between request_irq() and free_irq()
        - media: firewire: Using uninitialized values in node_probe()
        - media: exynos4-is: Add missed check for pinctrl_lookup_state()
        - drm: panel: simple: Fix bpc for LG LB070WV8 panel
        - mwifiex: Prevent memory corruption handling keys
        - powerpc/vdso: Fix vdso cpu truncation
        - PCI/ASPM: Add missing newline in sysfs 'policy'
        - usb: dwc2: Fix error path in gadget registration
        - scsi: mesh: Fix panic after host or bus reset
        - Smack: fix another vsscanf out of bounds
        - Smack: prevent underflow in smk_set_cipso()
        - power: supply: check if calc_soc succeeded in pm860x_init_battery
        - s390/qeth: don't process empty bridge port events
        - wl1251: fix always return 0 error
        - net: spider_net: Fix the size used in a 'dma_free_coherent()' call
        - dlm: Fix kobject memleak
        - pinctrl-single: fix pcs_parse_pinconf() return value
        - drivers/net/wan/lapbether: Added needed_headroom and a skb->len check
        - net/nfc/rawsock.c: add CAP_NET_RAW check.
        - net: Set fput_needed iff FDPUT_FPUT is set
        - ALSA: usb-audio: Creative USB X-Fi Pro SB1095 volume knob support
        - ALSA: usb-audio: fix overeager device match for MacroSilicon MS2109
        - ALSA: usb-audio: add quirk for Pioneer DDJ-RB
        - crypto: qat - fix double free in qat_uclo_create_batch_init_list
        - fs/minix: check return value of sb_getblk()
        - fs/minix: don't allow getting deleted inodes
        - fs/minix: reject too-large maximum file size
        - ALSA: usb-audio: work around streaming quirk for MacroSilicon MS2109
        - 9p: Fix memory leak in v9fs_mount
        - parisc: mask out enable and reserved bits from sba imask
        - ARM: 8992/1: Fix unwind_frame for clang-built kernels
        - xen/balloon: fix accounting in alloc_xenballooned_pages error path
        - xen/balloon: make the balloon wait interruptible
        - PCI: hotplug: ACPI: Fix context refcounting in acpiphp_grab_context()
        - btrfs: only search for left_info if there is no right_info in
          try_merge_free_space
        - btrfs: fix memory leaks after failure to lookup checksums during inode
          logging
        - powerpc: Fix circular dependency between percpu.h and mmu.h
        - net: ethernet: stmmac: Disable hardware multicast filter
        - net: stmmac: dwmac1000: provide multicast filter fallback
        - md/raid5: Fix Force reconstruct-write io stuck in degraded raid5
        - bcache: allocate meta data pages as compound pages
        - mac80211: fix misplaced while instead of if
        - MIPS: CPU#0 is not hotpluggable
        - ext2: fix missing percpu_counter_inc
        - ocfs2: change slot number type s16 to u16
        - kprobes: Fix NULL pointer dereference at kprobe_ftrace_handler
        - pseries: Fix 64 bit logical memory block panic
        - USB: serial: ftdi_sio: make process-packet buffer unsigned
        - USB: serial: ftdi_sio: clean up receive processing
        - iommu/omap: Check for failure of a call to omap_iommu_dump_ctx
        - iommu/vt-d: Enforce PASID devTLB field mask
        - i2c: rcar: slave: only send STOP event when we have been addressed
        - clk: clk-atlas6: fix return value check in atlas6_clk_init()
        - Input: sentelic - fix error return when fsp_reg_write fails
        - drm/vmwgfx: Fix two list_for_each loop exit tests
        - nfs: Fix getxattr kernel panic and memory overflow
        - fs/ufs: avoid potential u32 multiplication overflow
        - mfd: dln2: Run event handler loop under spinlock
        - ALSA: echoaudio: Fix potential Oops in snd_echo_resume()
        - sh: landisk: Add missing initialization of sh_io_port_base
        - ipv6: check skb->protocol before lookup for nexthop
        - Linux 4.4.233
    
     -- Stefan Bader <email address hidden>  Sat, 29 Aug 2020 00:39:55 +0200
  • linux (4.4.0-189.219) xenial; urgency=medium
    
      * xenial/linux: 4.4.0-189.219 -proposed tracker (LP: #1891057)
    
      * Build and ship a signed wireguard.ko (LP: #1861284)
        - [Packaging] autoreconstruct -- manage executable debian files
        - [Packaging] dkms -- dkms package build packaging support
        - [Packaging] wireguard -- add support for building signed .ko
        - [Packaging] ignore wireguard modules when wireguard is disabled
        - [Config] update dkms package versions
        - [Config] wireguard -- enable for all architectures
    
      * ipsec: policy priority management is broken (LP: #1890796)
        - xfrm: policy: match with both mark and mask on user interfaces
    
    linux (4.4.0-188.218) xenial; urgency=medium
    
      * xenial/linux: 4.4.0-188.218 -proposed tracker (LP: #1890670)
    
      * Xenial update: v4.4.232 upstream stable release (LP: #1889928)
        - pinctrl: amd: fix npins for uart0 in kerncz_groups
        - mac80211: allow rx of mesh eapol frames with default rx key
        - scsi: scsi_transport_spi: Fix function pointer check
        - xtensa: fix __sync_fetch_and_{and,or}_4 declarations
        - xtensa: update *pos in cpuinfo_op.next
        - drivers/net/wan/lapbether: Fixed the value of hard_header_len
        - net: sky2: initialize return of gm_phy_read
        - drm/nouveau/i2c/g94-: increase NV_PMGR_DP_AUXCTL_TRANSACTREQ timeout
        - SUNRPC reverting d03727b248d0 ("NFSv4 fix CLOSE not waiting for direct IO
          compeletion")
        - perf/core: Fix locking for children siblings group read
        - uprobes: Change handle_swbp() to send SIGTRAP with si_code=SI_KERNEL, to fix
          GDB regression
        - ALSA: info: Drop WARN_ON() from buffer NULL sanity check
        - ASoC: rt5670: Correct RT5670_LDO_SEL_MASK
        - btrfs: fix double free on ulist after backref resolution failure
        - x86/fpu: Disable bottom halves while loading FPU registers
        - btrfs: fix mount failure caused by race with umount
        - hippi: Fix a size used in a 'pci_free_consistent()' in an error handling
          path
        - ax88172a: fix ax88172a_unbind() failures
        - net: dp83640: fix SIOCSHWTSTAMP to update the struct with actual
          configuration
        - net: smc91x: Fix possible memory leak in smc_drv_probe()
        - scripts/decode_stacktrace: strip basepath from all paths
        - regmap: dev_get_regmap_match(): fix string comparison
        - usb: gadget: udc: gr_udc: fix memleak on error handling path in gr_ep_init()
        - arm64: Use test_tsk_thread_flag() for checking TIF_SINGLESTEP
        - x86: math-emu: Fix up 'cmp' insn for clang ias
        - Revert "cifs: Fix the target file was deleted when rename failed."
        - staging: wlan-ng: properly check endpoint types
        - staging: comedi: addi_apci_1032: check INSN_CONFIG_DIGITAL_TRIG shift
        - staging: comedi: ni_6527: fix INSN_CONFIG_DIGITAL_TRIG support
        - staging: comedi: addi_apci_1500: check INSN_CONFIG_DIGITAL_TRIG shift
        - staging: comedi: addi_apci_1564: check INSN_CONFIG_DIGITAL_TRIG shift
        - serial: 8250: fix null-ptr-deref in serial8250_start_tx()
        - serial: 8250_mtk: Fix high-speed baud rates clamping
        - mm/memcg: fix refcount error while moving and swapping
        - parisc: Add atomic64_set_release() define to avoid CPU soft lockups
        - ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb
        - ath9k: Fix regression with Atheros 9271
        - AX.25: Fix out-of-bounds read in ax25_connect()
        - AX.25: Prevent out-of-bounds read in ax25_sendmsg()
        - net-sysfs: add a newline when printing 'tx_timeout' by sysfs
        - net: udp: Fix wrong clean up for IS_UDPLITE macro
        - AX.25: Prevent integer overflows in connect and sendmsg
        - tcp: allow at most one TLP probe per flight
        - rxrpc: Fix sendmsg() returning EPIPE due to recvmsg() returning ENODATA
        - ip6_gre: fix null-ptr-deref in ip6gre_init_net()
        - drivers/net/wan/x25_asy: Fix to make it work
        - Makefile: Fix GCC_TOOLCHAIN_DIR prefix for Clang cross compilation
        - regmap: debugfs: check count when read regmap file
        - xfs: set format back to extents if xfs_bmap_extents_to_btree
        - tools/lib/subcmd/pager.c: do not alias select() params
        - perf: Make perf able to build with latest libbfd
        - perf tools: Fix snprint warnings for gcc 8
        - perf annotate: Use asprintf when formatting objdump command line
        - perf probe: Fix to check blacklist address correctly
        - Linux 4.4.232
    
      * Xenial update: v4.4.231 upstream stable release (LP: #1888690)
        - KVM: s390: reduce number of IO pins to 1
        - spi: spidev: fix a race between spidev_release and spidev_remove
        - spi: spidev: fix a potential use-after-free in spidev_release()
        - scsi: mptscsih: Fix read sense data size
        - net: cxgb4: fix return error value in t4_prep_fw
        - smsc95xx: check return value of smsc95xx_reset
        - smsc95xx: avoid memory leak in smsc95xx_bind
        - ALSA: compress: fix partial_drain completion state
        - arm64: kgdb: Fix single-step exception handling oops
        - ALSA: opl3: fix infoleak in opl3
        - ALSA: hda - let hs_mic be picked ahead of hp_mic
        - ALSA: usb-audio: add quirk for MacroSilicon MS2109
        - KVM: x86: bit 8 of non-leaf PDPEs is not reserved
        - Revert "ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb"
        - btrfs: fix fatal extent_buffer readahead vs releasepage race
        - drm/radeon: fix double free
        - ARC: entry: fix potential EFA clobber when TIF_SYSCALL_TRACE
        - ARC: elf: use right ELF_ARCH
        - bnxt_en: fix NULL dereference in case SR-IOV configuration fails
        - ipv4: fill fl4_icmp_{type,code} in ping_v4_sendmsg
        - l2tp: remove skb_dst_set() from l2tp_xmit_skb()
        - llc: make sure applications use ARPHRD_ETHER
        - net: Added pointer check for dst->ops->neigh_lookup in dst_neigh_lookup_skb
        - genetlink: remove genl_bind
        - tcp: make sure listeners don't initialize congestion-control state
        - tcp: md5: add missing memory barriers in tcp_md5_do_add()/tcp_md5_hash_key()
        - tcp: md5: refine tcp_md5_do_add()/tcp_md5_hash_key() barriers
        - tcp: md5: allow changing MD5 keys in all socket states
        - i2c: eg20t: Load module automatically if ID matches
        - Revert "usb/ehci-platform: Set PM runtime as active on resume"
        - Revert "usb/xhci-plat: Set PM runtime as active on resume"
        - Revert "usb/ohci-platform: Fix a warning when hibernating"
        - usb: gadget: udc: atmel: fix uninitialized read in debug printk
        - staging: comedi: verify array index is correct before using it
        - perf stat: Zero all the 'ena' and 'run' array slot stats for interval mode
        - mtd: rawnand: brcmnand: fix CS0 layout
        - HID: magicmouse: do not set up autorepeat
        - usb: core: Add a helper function to check the validity of EP type in URB
        - ALSA: line6: Perform sanity check for each URB creation
        - ALSA: usb-audio: Fix race against the error recovery URB submission
        - USB: c67x00: fix use after free in c67x00_giveback_urb
        - usb: chipidea: core: add wakeup support for extcon
        - usb: gadget: function: fix missing spinlock in f_uac1_legacy
        - USB: serial: iuu_phoenix: fix memory corruption
        - USB: serial: cypress_m8: enable Simply Automated UPB PIM
        - USB: serial: ch341: add new Product ID for CH340
        - USB: serial: option: add GosunCn GM500 series
        - USB: serial: option: add Quectel EG95 LTE modem
        - virtio: virtio_console: add missing MODULE_DEVICE_TABLE() for rproc serial
        - fuse: Fix parameter for FS_IOC_{GET,SET}FLAGS
        - mei: bus: don't clean driver pointer
        - Input: i8042 - add Lenovo XiaoXin Air 12 to i8042 nomux list
        - uio_pdrv_genirq: fix use without device tree and no interrupt
        - MIPS: Fix build for LTS kernel caused by backporting lpj adjustment
        - hwmon: (emc2103) fix unable to change fan pwm1_enable attribute
        - dmaengine: fsl-edma: Fix NULL pointer exception in fsl_edma_tx_handler
        - misc: atmel-ssc: lock with mutex instead of spinlock
        - sched/fair: handle case of task_h_load() returning 0
        - Linux 4.4.231
    
    linux (4.4.0-187.217) xenial; urgency=medium
    
      * xenial/linux: 4.4.0-187.217 -proposed tracker (LP: #1888274)
    
      * Regression in kernel 4.15.0-91 causes kernel panic with Bcache
        (LP: #1867916)
        - bcache: check and adjust logical block size for backing devices
    
      * Xenial update: v4.4.230 upstream stable release (LP: #1887011)
        - btrfs: cow_file_range() num_bytes and disk_num_bytes are same
        - btrfs: fix data block group relocation failure due to concurrent scrub
        - mm: fix swap cache node allocation mask
        - EDAC/amd64: Read back the scrub rate PCI register on F15h
        - mm/slub: fix stack overruns with SLUB_STATS
        - usb: usbtest: fix missing kfree(dev->buf) in usbtest_disconnect
        - kgdb: Avoid suspicious RCU usage warning
        - crypto: af_alg - fix use-after-free in af_alg_accept() due to bh_lock_sock()
        - sched/rt: Show the 'sched_rr_timeslice' SCHED_RR timeslice tuning knob in
          milliseconds
        - hwmon: (max6697) Make sure the OVERT mask is set correctly
        - hwmon: (acpi_power_meter) Fix potential memory leak in
          acpi_power_meter_add()
        - virtio-blk: free vblk-vqs in error path of virtblk_probe()
        - i2c: algo-pca: Add 0x78 as SCL stuck low status for PCA9665
        - Revert "ALSA: usb-audio: Improve frames size computation"
        - SMB3: Honor 'seal' flag for multiuser mounts
        - SMB3: Honor persistent/resilient handle flags for multiuser mounts
        - cifs: Fix the target file was deleted when rename failed.
        - MIPS: Add missing EHB in mtc0 -> mfc0 sequence for DSPen
        - netfilter: nf_conntrack_h323: lost .data_len definition for Q.931/ipv6
        - Linux 4.4.230
    
      * Xenial update: v4.4.229 upstream stable release (LP: #1885932)
        - s390: fix syscall_get_error for compat processes
        - clk: sunxi: Fix incorrect usage of round_down()
        - i2c: piix4: Detect secondary SMBus controller on AMD AM4 chipsets
        - clk: qcom: msm8916: Fix the address location of pll->config_reg
        - ALSA: isa/wavefront: prevent out of bounds write in ioctl
        - scsi: qla2xxx: Fix issue with adapter's stopping state
        - i2c: pxa: clear all master action bits in i2c_pxa_stop_message()
        - usblp: poison URBs upon disconnect
        - ps3disk: use the default segment boundary
        - vfio/pci: fix memory leaks in alloc_perm_bits()
        - mfd: wm8994: Fix driver operation if loaded as modules
        - scsi: lpfc: Fix lpfc_nodelist leak when processing unsolicited event
        - nfsd: Fix svc_xprt refcnt leak when setup callback client failed
        - powerpc/crashkernel: Take "mem=" option into account
        - yam: fix possible memory leak in yam_init_driver
        - mksysmap: Fix the mismatch of '.L' symbols in System.map
        - scsi: sr: Fix sr_probe() missing deallocate of device minor
        - scsi: ibmvscsi: Don't send host info in adapter info MAD after LPM
        - ALSA: usb-audio: Improve frames size computation
        - s390/qdio: put thinint indicator after early error
        - tty: hvc: Fix data abort due to race in hvc_open
        - staging: sm750fb: add missing case while setting FB_VISUAL
        - i2c: pxa: fix i2c_pxa_scream_blue_murder() debug output
        - serial: amba-pl011: Make sure we initialize the port.lock spinlock
        - drivers: base: Fix NULL pointer exception in __platform_driver_probe() if a
          driver developer is foolish
        - PCI/ASPM: Allow ASPM on links to PCIe-to-PCI/PCI-X Bridges
        - power: supply: smb347-charger: IRQSTAT_D is volatile
        - scsi: mpt3sas: Fix double free warnings
        - dlm: remove BUG() before panic()
        - clk: ti: composite: fix memory leak
        - tty: n_gsm: Fix SOF skipping
        - tty: n_gsm: Fix waking up upper tty layer when room available
        - powerpc/pseries/ras: Fix FWNMI_VALID off by one
        - powerpc/ps3: Fix kexec shutdown hang
        - vfio-pci: Mask cap zero
        - usb/ohci-platform: Fix a warning when hibernating
        - USB: host: ehci-mxc: Add error handling in ehci_mxc_drv_probe()
        - tty: n_gsm: Fix bogus i++ in gsm_data_kick
        - clk: samsung: exynos5433: Add IGNORE_UNUSED flag to sclk_i2s1
        - watchdog: da9062: No need to ping manually before setting timeout
        - usb: dwc2: gadget: move gadget resume after the core is in L0 state
        - USB: gadget: udc: s3c2410_udc: Remove pointless NULL check in
          s3c2410_udc_nuke
        - usb: gadget: lpc32xx_udc: don't dereference ep pointer before null check
        - usb: gadget: fix potential double-free in m66592_probe.
        - net: sunrpc: Fix off-by-one issues in 'rpc_ntop6'
        - ASoC: fsl_asrc_dma: Fix dma_chan leak when config DMA channel failed
        - openrisc: Fix issue with argument clobbering for clone/fork
        - gfs2: Allow lock_nolock mount to specify jid=X
        - scsi: iscsi: Fix reference count leak in iscsi_boot_create_kobj
        - lib/zlib: remove outdated and incorrect pre-increment optimization
        - include/linux/bitops.h: avoid clang shift-count-overflow warnings
        - elfnote: mark all .note sections SHF_ALLOC
        - selftests/net: in timestamping, strncpy needs to preserve null byte
        - scsi: acornscsi: Fix an error handling path in acornscsi_probe()
        - usb/xhci-plat: Set PM runtime as active on resume
        - usb/ehci-platform: Set PM runtime as active on resume
        - perf report: Fix NULL pointer dereference in
          hists__fprintf_nr_sample_events()
        - bcache: fix potential deadlock problem in btree_gc_coalesce
        - block: Fix use-after-free in blkdev_get()
        - drm: encoder_slave: fix refcouting error for modules
        - drm/dp_mst: Reformat drm_dp_check_act_status() a bit
        - drm/qxl: Use correct notify port address when creating cursor ring
        - selinux: fix double free
        - ext4: fix partial cluster initialization when splitting extent
        - drm/dp_mst: Increase ACT retry timeout to 3s
        - sparc64: fix misuses of access_process_vm() in genregs32_[sg]et()
        - block: nr_sects_write(): Disable preemption on seqcount write
        - crypto: algboss - don't wait during notifier callback
        - kprobes: Fix to protect kick_kprobe_optimizer() by kprobe_mutex
        - powerpc/kprobes: Fixes for kprobe_lookup_name() on BE
        - x86/kprobes: Avoid kretprobe recursion bug
        - kretprobe: Prevent triggering kretprobe from within kprobe_flush_task
        - e1000e: Do not wake up the system via WOL if device wakeup is disabled
        - sched/rt, net: Use CONFIG_PREEMPTION.patch
        - net: core: device_rename: Use rwsem instead of a seqcount
        - net: Revert "pkt_sched: fq: use proper locking in fq_dump_stats()"
        - scsi: scsi_devinfo: handle non-terminated strings
        - l2tp: Allow duplicate session creation with UDP
        - net: sched: export __netdev_watchdog_up()
        - fix a braino in "sparc32: fix register window handling in
          genregs32_[gs]et()"
        - net: fix memleak in register_netdevice()
        - net: usb: ax88179_178a: fix packet alignment padding
        - tg3: driver sleeps indefinitely when EEH errors exceed eeh_max_freezes
        - ip_tunnel: fix use-after-free in ip_tunnel_lookup()
        - tcp_cubic: fix spurious HYSTART_DELAY exit upon drop in min RTT
        - ip6_gre: fix use-after-free in ip6gre_tunnel_lookup()
        - tcp: grow window for OOO packets only for SACK flows
        - sctp: Don't advertise IPv4 addresses if ipv6only is set on the socket
        - net: Fix the arp error in some cases
        - net: Do not clear the sock TX queue in sk_set_socket()
        - net: core: reduce recursion limit value
        - mld: fix memory leak in ipv6_mc_destroy_dev()
        - USB: ohci-sm501: Add missed iounmap() in remove
        - usb: dwc2: Postponed gadget registration to the udc class driver
        - usb: add USB_QUIRK_DELAY_INIT for Logitech C922
        - PCI: Disable MSI for HiSilicon Hip06/Hip07 Root Ports
        - USB: ehci: reopen solution for Synopsys HC bug
        - usb: host: ehci-exynos: Fix error check in exynos_ehci_probe()
        - ALSA: usb-audio: add quirk for Denon DCD-1500RE
        - xhci: Fix incorrect EP_STATE_MASK
        - xhci: Fix enumeration issue when setting max packet size for FS devices.
        - cdc-acm: Add DISABLE_ECHO quirk for Microchip/SMSC chip
        - ALSA: usb-audio: uac1: Invalidate ctl on interrupt
        - ALSA: usb-audio: allow clock source validity interrupts
        - ALSA: usb-audio: Clean up mixer element list traverse
        - ALSA: usb-audio: Fix OOB access of mixer element list
        - xhci: Poll for U0 after disabling USB2 LPM
        - cifs/smb3: Fix data inconsistent when punch hole
        - cifs/smb3: Fix data inconsistent when zero file range
        - efi/esrt: Fix reference count leak in esre_create_sysfs_entry.
        - RDMA/mad: Fix possible memory leak in ib_mad_post_receive_mads()
        - ARM: imx5: add missing put_device() call in imx_suspend_alloc_ocram()
        - usb: gadget: udc: Potential Oops in error handling code
        - netfilter: ipset: fix unaligned atomic access
        - sched/core: Fix PI boosting between RT and DEADLINE tasks
        - net: alx: fix race condition in alx_remove
        - kbuild: improve cc-option to clean up all temporary files
        - blktrace: break out of blktrace setup on concurrent calls
        - ACPI: sysfs: Fix pm_profile_attr type
        - KVM: X86: Fix MSR range of APIC registers in X2APIC mode
        - mm/slab: use memzero_explicit() in kzfree()
        - ocfs2: load global_inode_alloc
        - ocfs2: fix value of OCFS2_INVALID_SLOT
        - ocfs2: fix panic on nfs server over ocfs2
        - arm64: perf: Report the PC value in REGS_ABI_32 mode
        - tracing: Fix event trigger to accept redundant spaces
        - drm/radeon: fix fb_div check in ni_init_smc_spll_table()
        - sunrpc: fixed rollback in rpc_gssd_dummy_populate()
        - SUNRPC: Properly set the @subbuf parameter of xdr_buf_subsegment()
        - pNFS/flexfiles: Fix list corruption if the mirror count changes
        - NFSv4 fix CLOSE not waiting for direct IO compeletion
        - PCI: Disable MSI for HiSilicon Hip06/Hip07 only in Root Port mode
        - ALSA: usb-audio: Fix invalid NULL check in snd_emuusb_set_samplerate()
        - Linux 4.4.229
    
      * Computer is frozen after suspend (LP: #1867983) // Xenial update: v4.4.229
        upstream stable release (LP: #1885932)
        - libata: Use per port sync for detach
    
     -- Stefan Bader <email address hidden>  Tue, 11 Aug 2020 12:02:46 +0200
  • linux (4.4.0-187.217) xenial; urgency=medium
    
      * xenial/linux: 4.4.0-187.217 -proposed tracker (LP: #1888274)
    
      * Regression in kernel 4.15.0-91 causes kernel panic with Bcache
        (LP: #1867916)
        - bcache: check and adjust logical block size for backing devices
    
      * Xenial update: v4.4.230 upstream stable release (LP: #1887011)
        - btrfs: cow_file_range() num_bytes and disk_num_bytes are same
        - btrfs: fix data block group relocation failure due to concurrent scrub
        - mm: fix swap cache node allocation mask
        - EDAC/amd64: Read back the scrub rate PCI register on F15h
        - mm/slub: fix stack overruns with SLUB_STATS
        - usb: usbtest: fix missing kfree(dev->buf) in usbtest_disconnect
        - kgdb: Avoid suspicious RCU usage warning
        - crypto: af_alg - fix use-after-free in af_alg_accept() due to bh_lock_sock()
        - sched/rt: Show the 'sched_rr_timeslice' SCHED_RR timeslice tuning knob in
          milliseconds
        - hwmon: (max6697) Make sure the OVERT mask is set correctly
        - hwmon: (acpi_power_meter) Fix potential memory leak in
          acpi_power_meter_add()
        - virtio-blk: free vblk-vqs in error path of virtblk_probe()
        - i2c: algo-pca: Add 0x78 as SCL stuck low status for PCA9665
        - Revert "ALSA: usb-audio: Improve frames size computation"
        - SMB3: Honor 'seal' flag for multiuser mounts
        - SMB3: Honor persistent/resilient handle flags for multiuser mounts
        - cifs: Fix the target file was deleted when rename failed.
        - MIPS: Add missing EHB in mtc0 -> mfc0 sequence for DSPen
        - netfilter: nf_conntrack_h323: lost .data_len definition for Q.931/ipv6
        - Linux 4.4.230
    
      * Xenial update: v4.4.229 upstream stable release (LP: #1885932)
        - s390: fix syscall_get_error for compat processes
        - clk: sunxi: Fix incorrect usage of round_down()
        - i2c: piix4: Detect secondary SMBus controller on AMD AM4 chipsets
        - clk: qcom: msm8916: Fix the address location of pll->config_reg
        - ALSA: isa/wavefront: prevent out of bounds write in ioctl
        - scsi: qla2xxx: Fix issue with adapter's stopping state
        - i2c: pxa: clear all master action bits in i2c_pxa_stop_message()
        - usblp: poison URBs upon disconnect
        - ps3disk: use the default segment boundary
        - vfio/pci: fix memory leaks in alloc_perm_bits()
        - mfd: wm8994: Fix driver operation if loaded as modules
        - scsi: lpfc: Fix lpfc_nodelist leak when processing unsolicited event
        - nfsd: Fix svc_xprt refcnt leak when setup callback client failed
        - powerpc/crashkernel: Take "mem=" option into account
        - yam: fix possible memory leak in yam_init_driver
        - mksysmap: Fix the mismatch of '.L' symbols in System.map
        - scsi: sr: Fix sr_probe() missing deallocate of device minor
        - scsi: ibmvscsi: Don't send host info in adapter info MAD after LPM
        - ALSA: usb-audio: Improve frames size computation
        - s390/qdio: put thinint indicator after early error
        - tty: hvc: Fix data abort due to race in hvc_open
        - staging: sm750fb: add missing case while setting FB_VISUAL
        - i2c: pxa: fix i2c_pxa_scream_blue_murder() debug output
        - serial: amba-pl011: Make sure we initialize the port.lock spinlock
        - drivers: base: Fix NULL pointer exception in __platform_driver_probe() if a
          driver developer is foolish
        - PCI/ASPM: Allow ASPM on links to PCIe-to-PCI/PCI-X Bridges
        - power: supply: smb347-charger: IRQSTAT_D is volatile
        - scsi: mpt3sas: Fix double free warnings
        - dlm: remove BUG() before panic()
        - clk: ti: composite: fix memory leak
        - tty: n_gsm: Fix SOF skipping
        - tty: n_gsm: Fix waking up upper tty layer when room available
        - powerpc/pseries/ras: Fix FWNMI_VALID off by one
        - powerpc/ps3: Fix kexec shutdown hang
        - vfio-pci: Mask cap zero
        - usb/ohci-platform: Fix a warning when hibernating
        - USB: host: ehci-mxc: Add error handling in ehci_mxc_drv_probe()
        - tty: n_gsm: Fix bogus i++ in gsm_data_kick
        - clk: samsung: exynos5433: Add IGNORE_UNUSED flag to sclk_i2s1
        - watchdog: da9062: No need to ping manually before setting timeout
        - usb: dwc2: gadget: move gadget resume after the core is in L0 state
        - USB: gadget: udc: s3c2410_udc: Remove pointless NULL check in
          s3c2410_udc_nuke
        - usb: gadget: lpc32xx_udc: don't dereference ep pointer before null check
        - usb: gadget: fix potential double-free in m66592_probe.
        - net: sunrpc: Fix off-by-one issues in 'rpc_ntop6'
        - ASoC: fsl_asrc_dma: Fix dma_chan leak when config DMA channel failed
        - openrisc: Fix issue with argument clobbering for clone/fork
        - gfs2: Allow lock_nolock mount to specify jid=X
        - scsi: iscsi: Fix reference count leak in iscsi_boot_create_kobj
        - lib/zlib: remove outdated and incorrect pre-increment optimization
        - include/linux/bitops.h: avoid clang shift-count-overflow warnings
        - elfnote: mark all .note sections SHF_ALLOC
        - selftests/net: in timestamping, strncpy needs to preserve null byte
        - scsi: acornscsi: Fix an error handling path in acornscsi_probe()
        - usb/xhci-plat: Set PM runtime as active on resume
        - usb/ehci-platform: Set PM runtime as active on resume
        - perf report: Fix NULL pointer dereference in
          hists__fprintf_nr_sample_events()
        - bcache: fix potential deadlock problem in btree_gc_coalesce
        - block: Fix use-after-free in blkdev_get()
        - drm: encoder_slave: fix refcouting error for modules
        - drm/dp_mst: Reformat drm_dp_check_act_status() a bit
        - drm/qxl: Use correct notify port address when creating cursor ring
        - selinux: fix double free
        - ext4: fix partial cluster initialization when splitting extent
        - drm/dp_mst: Increase ACT retry timeout to 3s
        - sparc64: fix misuses of access_process_vm() in genregs32_[sg]et()
        - block: nr_sects_write(): Disable preemption on seqcount write
        - crypto: algboss - don't wait during notifier callback
        - kprobes: Fix to protect kick_kprobe_optimizer() by kprobe_mutex
        - powerpc/kprobes: Fixes for kprobe_lookup_name() on BE
        - x86/kprobes: Avoid kretprobe recursion bug
        - kretprobe: Prevent triggering kretprobe from within kprobe_flush_task
        - e1000e: Do not wake up the system via WOL if device wakeup is disabled
        - sched/rt, net: Use CONFIG_PREEMPTION.patch
        - net: core: device_rename: Use rwsem instead of a seqcount
        - net: Revert "pkt_sched: fq: use proper locking in fq_dump_stats()"
        - scsi: scsi_devinfo: handle non-terminated strings
        - l2tp: Allow duplicate session creation with UDP
        - net: sched: export __netdev_watchdog_up()
        - fix a braino in "sparc32: fix register window handling in
          genregs32_[gs]et()"
        - net: fix memleak in register_netdevice()
        - net: usb: ax88179_178a: fix packet alignment padding
        - tg3: driver sleeps indefinitely when EEH errors exceed eeh_max_freezes
        - ip_tunnel: fix use-after-free in ip_tunnel_lookup()
        - tcp_cubic: fix spurious HYSTART_DELAY exit upon drop in min RTT
        - ip6_gre: fix use-after-free in ip6gre_tunnel_lookup()
        - tcp: grow window for OOO packets only for SACK flows
        - sctp: Don't advertise IPv4 addresses if ipv6only is set on the socket
        - net: Fix the arp error in some cases
        - net: Do not clear the sock TX queue in sk_set_socket()
        - net: core: reduce recursion limit value
        - mld: fix memory leak in ipv6_mc_destroy_dev()
        - USB: ohci-sm501: Add missed iounmap() in remove
        - usb: dwc2: Postponed gadget registration to the udc class driver
        - usb: add USB_QUIRK_DELAY_INIT for Logitech C922
        - PCI: Disable MSI for HiSilicon Hip06/Hip07 Root Ports
        - USB: ehci: reopen solution for Synopsys HC bug
        - usb: host: ehci-exynos: Fix error check in exynos_ehci_probe()
        - ALSA: usb-audio: add quirk for Denon DCD-1500RE
        - xhci: Fix incorrect EP_STATE_MASK
        - xhci: Fix enumeration issue when setting max packet size for FS devices.
        - cdc-acm: Add DISABLE_ECHO quirk for Microchip/SMSC chip
        - ALSA: usb-audio: uac1: Invalidate ctl on interrupt
        - ALSA: usb-audio: allow clock source validity interrupts
        - ALSA: usb-audio: Clean up mixer element list traverse
        - ALSA: usb-audio: Fix OOB access of mixer element list
        - xhci: Poll for U0 after disabling USB2 LPM
        - cifs/smb3: Fix data inconsistent when punch hole
        - cifs/smb3: Fix data inconsistent when zero file range
        - efi/esrt: Fix reference count leak in esre_create_sysfs_entry.
        - RDMA/mad: Fix possible memory leak in ib_mad_post_receive_mads()
        - ARM: imx5: add missing put_device() call in imx_suspend_alloc_ocram()
        - usb: gadget: udc: Potential Oops in error handling code
        - netfilter: ipset: fix unaligned atomic access
        - sched/core: Fix PI boosting between RT and DEADLINE tasks
        - net: alx: fix race condition in alx_remove
        - kbuild: improve cc-option to clean up all temporary files
        - blktrace: break out of blktrace setup on concurrent calls
        - ACPI: sysfs: Fix pm_profile_attr type
        - KVM: X86: Fix MSR range of APIC registers in X2APIC mode
        - mm/slab: use memzero_explicit() in kzfree()
        - ocfs2: load global_inode_alloc
        - ocfs2: fix value of OCFS2_INVALID_SLOT
        - ocfs2: fix panic on nfs server over ocfs2
        - arm64: perf: Report the PC value in REGS_ABI_32 mode
        - tracing: Fix event trigger to accept redundant spaces
        - drm/radeon: fix fb_div check in ni_init_smc_spll_table()
        - sunrpc: fixed rollback in rpc_gssd_dummy_populate()
        - SUNRPC: Properly set the @subbuf parameter of xdr_buf_subsegment()
        - pNFS/flexfiles: Fix list corruption if the mirror count changes
        - NFSv4 fix CLOSE not waiting for direct IO compeletion
        - PCI: Disable MSI for HiSilicon Hip06/Hip07 only in Root Port mode
        - ALSA: usb-audio: Fix invalid NULL check in snd_emuusb_set_samplerate()
        - Linux 4.4.229
    
      * Computer is frozen after suspend (LP: #1867983) // Xenial update: v4.4.229
        upstream stable release (LP: #1885932)
        - libata: Use per port sync for detach
    
     -- Ian May <email address hidden>  Mon, 20 Jul 2020 14:24:05 -0500
  • linux (4.4.0-186.216) xenial; urgency=medium
    
      * xenial/linux: 4.4.0-186.216 -proposed tracker (LP: #1885514)
    
      * Xenial update: v4.4.228 upstream stable release (LP: #1884564)
        - ipv6: fix IPV6_ADDRFORM operation logic
        - vxlan: Avoid infinite loop when suppressing NS messages with invalid options
        - scsi: return correct blkprep status code in case scsi_init_io() fails.
        - net: phy: marvell: Limit 88m1101 autoneg errata to 88E1145 as well.
        - pwm: fsl-ftm: Use flat regmap cache
        - ARM: 8977/1: ptrace: Fix mask for thumb breakpoint hook
        - sched/fair: Don't NUMA balance for kthreads
        - ath9k_htc: Silence undersized packet warnings
        - x86_64: Fix jiffies ODR violation
        - x86/speculation: Prevent rogue cross-process SSBD shutdown
        - x86/reboot/quirks: Add MacBook6,1 reboot quirk
        - efi/efivars: Add missing kobject_put() in sysfs entry creation error path
        - ALSA: es1688: Add the missed snd_card_free()
        - ALSA: usb-audio: Fix inconsistent card PM state after resume
        - ACPI: sysfs: Fix reference count leak in acpi_sysfs_add_hotplug_profile()
        - ACPI: PM: Avoid using power resources if there are none for D0
        - cgroup, blkcg: Prepare some symbols for module and !CONFIG_CGROUP usages
        - nilfs2: fix null pointer dereference at nilfs_segctor_do_construct()
        - spi: bcm2835aux: Fix controller unregister order
        - ALSA: pcm: disallow linking stream to itself
        - x86/speculation: Change misspelled STIPB to STIBP
        - x86/speculation: Add support for STIBP always-on preferred mode
        - x86/speculation: Avoid force-disabling IBPB based on STIBP and enhanced
          IBRS.
        - x86/speculation: PR_SPEC_FORCE_DISABLE enforcement for indirect branches.
        - spi: dw: fix possible race condition
        - spi: dw: Fix controller unregister order
        - spi: No need to assign dummy value in spi_unregister_controller()
        - spi: Fix controller unregister order
        - spi: pxa2xx: Fix controller unregister order
        - spi: bcm2835: Fix controller unregister order
        - ovl: initialize error in ovl_copy_xattr
        - proc: Use new_inode not new_inode_pseudo
        - video: fbdev: w100fb: Fix a potential double free.
        - KVM: nSVM: leave ASID aside in copy_vmcb_control_area
        - KVM: nVMX: Consult only the "basic" exit reason when routing nested exit
        - KVM: arm64: Make vcpu_cp1x() work on Big Endian hosts
        - ath9k: Fix use-after-free Read in ath9k_wmi_ctrl_rx
        - ath9k: Fix use-after-free Write in ath9k_htc_rx_msg
        - ath9x: Fix stack-out-of-bounds Write in ath9k_hif_usb_rx_cb
        - ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb
        - Smack: slab-out-of-bounds in vsscanf
        - mm/slub: fix a memory leak in sysfs_slab_add()
        - fat: don't allow to mount if the FAT length == 0
        - can: kvaser_usb: kvaser_usb_leaf: Fix some info-leaks to USB devices
        - spi: dw: Zero DMA Tx and Rx configurations on stack
        - Bluetooth: Add SCO fallback for invalid LMP parameters error
        - kgdb: Prevent infinite recursive entries to the debugger
        - spi: dw: Enable interrupts in accordance with DMA xfer mode
        - clocksource: dw_apb_timer_of: Fix missing clockevent timers
        - btrfs: do not ignore error from btrfs_next_leaf() when inserting checksums
        - ARM: 8978/1: mm: make act_mm() respect THREAD_SIZE
        - net: vmxnet3: fix possible buffer overflow caused by bad DMA value in
          vmxnet3_get_rss()
        - staging: android: ion: use vmap instead of vm_map_ram
        - e1000: Distribute switch variables for initialization
        - media: dvb: return -EREMOTEIO on i2c transfer failure.
        - MIPS: Make sparse_init() using top-down allocation
        - netfilter: nft_nat: return EOPNOTSUPP if type or flags are not supported
        - lib/mpi: Fix 64-bit MIPS build with Clang
        - net: lpc-enet: fix error return code in lpc_mii_init()
        - net: allwinner: Fix use correct return type for ndo_start_xmit()
        - powerpc/spufs: fix copy_to_user while atomic
        - mips: cm: Fix an invalid error code of INTVN_*_ERR
        - kgdb: Fix spurious true from in_dbg_master()
        - md: don't flush workqueue unconditionally in md_open
        - mwifiex: Fix memory corruption in dump_station
        - mips: Add udelay lpj numbers adjustment
        - x86/mm: Stop printing BRK addresses
        - m68k: mac: Don't call via_flush_cache() on Mac IIfx
        - macvlan: Skip loopback packets in RX handler
        - PCI: Don't disable decoding when mmio_always_on is set
        - MIPS: Fix IRQ tracing when call handle_fpe() and handle_msa_fpe()
        - ixgbe: fix signed-integer-overflow warning
        - spi: dw: Return any value retrieved from the dma_transfer callback
        - cpuidle: Fix three reference count leaks
        - ima: Fix ima digest hash table key calculation
        - ext4: fix EXT_MAX_EXTENT/INDEX to check for zeroed eh_max
        - Btrfs: fix unreplayable log after snapshot delete + parent dir fsync
        - btrfs: send: emit file capabilities after chown
        - btrfs: fix error handling when submitting direct I/O bio
        - ima: Directly assign the ima_default_policy pointer to ima_rules
        - PCI: Program MPS for RCiEP devices
        - e1000e: Relax condition to trigger reset for ME workaround
        - carl9170: remove P2P_GO support
        - media: go7007: fix a miss of snd_card_free
        - b43legacy: Fix case where channel status is corrupted
        - b43: Fix connection problem with WPA3
        - b43_legacy: Fix connection problem with WPA3
        - igb: Report speed and duplex as unknown when device is runtime suspended
        - power: vexpress: add suppress_bind_attrs to true
        - pinctrl: samsung: Save/restore eint_mask over suspend for EINT_TYPE GPIOs
        - sparc32: fix register window handling in genregs32_[gs]et()
        - kernel/cpu_pm: Fix uninitted local in cpu_pm
        - ARM: tegra: Correct PL310 Auxiliary Control Register initialization
        - drivers/macintosh: Fix memleak in windfarm_pm112 driver
        - kbuild: force to build vmlinux if CONFIG_MODVERSION=y
        - sunrpc: svcauth_gss_register_pseudoflavor must reject duplicate
          registrations.
        - sunrpc: clean up properly in gss_mech_unregister()
        - w1: omap-hdq: cleanup to add missing newline for some dev_dbg
        - perf probe: Do not show the skipped events
        - perf symbols: Fix debuginfo search for Ubuntu
        - Linux 4.4.228
    
      * Update lockdown patches (LP: #1884159)
        - acpi: Disable ACPI table override if the kernel is locked down
        - SAUCE: (efi-lockdown) x86/mmiotrace: Lock down the testmmiotrace module
        - Revert "Restrict /dev/mem and /dev/kmem when module loading is restricted"
        - Revert "x86: Lock down IO port access when module security is enabled"
        - SAUCE: (efi-lockdown) Restrict /dev/{mem, kmem, port} when the kernel is
          locked down
        - Annotate module params that specify hardware parameters (eg. ioport)
        - Annotate hardware config module parameters in arch/x86/mm/
        - Annotate hardware config module parameters in drivers/char/ipmi/
        - Annotate hardware config module parameters in drivers/char/mwave/
        - Annotate hardware config module parameters in drivers/char/
        - Annotate hardware config module parameters in drivers/clocksource/
        - Annotate hardware config module parameters in drivers/cpufreq/
        - Annotate hardware config module parameters in drivers/gpio/
        - Annotate hardware config module parameters in drivers/i2c/
        - Annotate hardware config module parameters in drivers/input/
        - Annotate hardware config module parameters in drivers/isdn/
        - Annotate hardware config module parameters in drivers/media/
        - Annotate hardware config module parameters in drivers/misc/
        - Annotate hardware config module parameters in drivers/mmc/host/
        - Annotate hardware config module parameters in drivers/net/appletalk/
        - Annotate hardware config module parameters in drivers/net/arcnet/
        - Annotate hardware config module parameters in drivers/net/can/
        - Annotate hardware config module parameters in drivers/net/ethernet/
        - Annotate hardware config module parameters in drivers/net/hamradio/
        - Annotate hardware config module parameters in drivers/net/irda/
        - Annotate hardware config module parameters in drivers/net/wan/
        - Annotate hardware config module parameters in drivers/net/wireless/
        - Annotate hardware config module parameters in drivers/parport/
        - Annotate hardware config module parameters in drivers/pci/hotplug/
        - Annotate hardware config module parameters in drivers/pcmcia/
        - Annotate hardware config module parameters in drivers/scsi/
        - Annotate hardware config module parameters in drivers/staging/media/
        - Annotate hardware config module parameters in drivers/staging/speakup/
        - Annotate hardware config module parameters in drivers/staging/vme/
        - Annotate hardware config module parameters in drivers/tty/
        - Annotate hardware config module parameters in drivers/video/
        - Annotate hardware config module parameters in drivers/watchdog/
        - Annotate hardware config module parameters in fs/pstore/
        - Annotate hardware config module parameters in sound/drivers/
        - Annotate hardware config module parameters in sound/isa/
        - Annotate hardware config module parameters in sound/oss/
        - Annotate hardware config module parameters in sound/pci/
        - SAUCE: (efi-lockdown) Lock down module params that specify hardware
          parameters (eg. ioport)
        - SAUCE: (efi-lockdown) Prohibit PCMCIA CIS storage when the kernel is locked
          down
        - SAUCE: (efi-lockdown) kexec_file: Disable at runtime if the kernel is locked
          down
        - SAUCE: (efi-lockdown) Lock down TIOCSSERIAL
        - efi/efi_test: Lock down /dev/efi_test and require CAP_SYS_ADMIN
        - debugfs: prevent access to possibly dead file_operations at file open
        - debugfs: prevent access to removed files' private data
        - debugfs: add support for self-protecting attribute file fops
        - debugfs: unproxify integer attribute files
        - debugfs: unproxify files created through debugfs_create_bool()
        - debugfs: unproxify files created through debugfs_create_blob()
        - debugfs: unproxify files created through debugfs_create_u32_array()
        - debugfs: full_proxy_open(): free proxy on ->open() failure
        - debugfs: open_proxy_open(): avoid double fops release
        - SAUCE: (efi-lockdown) debugfs: Disallow use of debugfs files when the kernel
          is locked down
    
      * Xenial update: v4.4.227 upstream stable release (LP: #1883918)
        - scsi: scsi_devinfo: fixup string compare
        - usb: gadget: f_uac2: fix error handling in afunc_bind (again)
        - platform/x86: acer-wmi: setup accelerometer when ACPI device was found
        - esp6: fix memleak on error path in esp6_input
        - IB/mlx4: Fix an error handling path in 'mlx4_ib_rereg_user_mr()'
        - ALSA: hda - No loopback on ALC299 codec
        - spi: dw: use "smp_mb()" to avoid sending spi data error
        - s390/ftrace: save traced function caller
        - ARC: Fix ICCM & DCCM runtime size checks
        - x86/mmiotrace: Use cpumask_available() for cpumask_var_t variables
        - net: bmac: Fix read of MAC address from ROM
        - net/ethernet/freescale: rework quiesce/activate for ucc_geth
        - net: ethernet: stmmac: Enable interface clocks on probe for IPQ806x
        - pppoe: only process PADT targeted at local interfaces
        - mmc: fix compilation of user API
        - slcan: Fix double-free on slcan_open() error path
        - slip: not call free_netdev before rtnl_unlock in slip_open
        - scsi: ufs: Release clock if DMA map fails
        - devinet: fix memleak in inetdev_init()
        - NFC: st21nfca: add missed kfree_skb() in an error path
        - vsock: fix timeout in vsock_accept()
        - l2tp: add sk_family checks to l2tp_validate_socket
        - l2tp: do not use inet_hash()/inet_unhash()
        - USB: serial: qcserial: add DW5816e QDL support
        - USB: serial: usb_wwan: do not resubmit rx urb on fatal errors
        - USB: serial: option: add Telit LE910C1-EUX compositions
        - vt: keyboard: avoid signed integer overflow in k_ascii
        - staging: rtl8712: Fix IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK
        - x86/cpu: Rename cpu_data.x86_mask to cpu_data.x86_stepping
        - x86/speculation: Add SRBDS vulnerability and mitigation documentation
        - x86/speculation: Add Ivy Bridge to affected list
        - iio: vcnl4000: Fix i2c swapped word reading.
        - uprobes: ensure that uprobe->offset and ->ref_ctr_offset are properly
          aligned
        - Linux 4.4.227
    
      * Xenial update: v4.4.226 upstream stable release (LP: #1883917)
        - ax25: fix setsockopt(SO_BINDTODEVICE)
        - net: revert "net: get rid of an signed integer overflow in
          ip_idents_reserve()"
        - sctp: Start shutdown on association restart if in SHUTDOWN-SENT state and
          socket is closed
        - net/mlx5: Add command entry handling completion
        - net: sun: fix missing release regions in cas_init_one().
        - net/mlx4_core: fix a memory leak bug.
        - uapi: fix linux/if_pppol2tp.h userspace compilation errors
        - IB/cma: Fix reference count leak when no ipv4 addresses are set
        - cachefiles: Fix race between read_waiter and read_copier involving op->to_do
        - usb: gadget: legacy: fix redundant initialization warnings
        - cifs: Fix null pointer check in cifs_read
        - Input: usbtouchscreen - add support for BonXeon TP
        - Input: evdev - call input_flush_device() on release(), not flush()
        - Input: xpad - add custom init packet for Xbox One S controllers
        - Input: i8042 - add ThinkPad S230u to i8042 reset list
        - IB/qib: Call kobject_put() when kobject_init_and_add() fails
        - ALSA: hwdep: fix a left shifting 1 by 31 UB bug
        - ALSA: usb-audio: mixer: volume quirk for ESS Technology Asus USB DAC
        - exec: Always set cap_ambient in cap_bprm_set_creds
        - fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()
        - include/asm-generic/topology.h: guard cpumask_of_node() macro argument
        - iommu: Fix reference count leak in iommu_group_alloc.
        - parisc: Fix kernel panic in mem_init()
        - x86/dma: Fix max PFN arithmetic overflow on 32 bit systems
        - xfrm: allow to accept packets with ipv6 NEXTHDR_HOP in xfrm_input
        - xfrm: fix a warning in xfrm_policy_insert_list
        - xfrm: fix a NULL-ptr deref in xfrm_local_error
        - vti4: eliminated some duplicate code.
        - ip_vti: receive ipip packet by calling ip_tunnel_rcv
        - netfilter: nft_reject_bridge: enable reject with bridge vlan
        - netfilter: ipset: Fix subcounter update skip
        - netfilter: nf_conntrack_pptp: prevent buffer overflows in debug code
        - qlcnic: fix missing release in qlcnic_83xx_interrupt_test.
        - bonding: Fix reference count leak in bond_sysfs_slave_add.
        - netfilter: nf_conntrack_pptp: fix compilation warning with W=1 build
        - mm: remove VM_BUG_ON(PageSlab()) from page_mapcount()
        - genirq/generic_pending: Do not lose pending affinity update
        - usb: renesas_usbhs: gadget: fix spin_lock_init() for &uep->lock
        - mac80211: fix memory leak
        - net: rtnl_configure_link: fix dev flags changes arg to __dev_notify_flags
        - mm/vmalloc.c: don't dereference possible NULL pointer in __vunmap()
        - asm-prototypes: Clear any CPP defines before declaring the functions
        - sc16is7xx: move label 'err_spi' to correct section
        - drm/msm: Fix possible null dereference on failure of get_pages()
        - printk: help pr_debug and pr_devel to optimize out arguments
        - scsi: zfcp: fix request object use-after-free in send path causing wrong
          traces
        - Linux 4.4.226
    
      * Xenial update: v4.4.225 upstream stable release (LP: #1883916)
        - igb: use igb_adapter->io_addr instead of e1000_hw->hw_addr
        - padata: Remove unused but set variables
        - padata: get_next is never NULL
        - padata: ensure the reorder timer callback runs on the correct CPU
        - padata: ensure padata_do_serial() runs on the correct CPU
        - evm: Check also if *tfm is an error pointer in init_desc()
        - fix multiplication overflow in copy_fdtable()
        - HID: multitouch: add eGalaxTouch P80H84 support
        - ceph: fix double unlock in handle_cap_export()
        - USB: core: Fix misleading driver bug report
        - platform/x86: asus-nb-wmi: Do not load on Asus T100TA and T200TA
        - ARM: futex: Address build warning
        - media: Fix media_open() to clear filp->private_data in error leg
        - drivers/media/media-devnode: clear private_data before put_device()
        - media-devnode: add missing mutex lock in error handler
        - media-devnode: fix namespace mess
        - media-device: dynamically allocate struct media_devnode
        - media: fix use-after-free in cdev_put() when app exits after driver unbind
        - media: fix media devnode ioctl/syscall and unregister race
        - i2c: dev: switch from register_chrdev to cdev API
        - i2c: dev: don't start function name with 'return'
        - i2c: dev: use after free in detach
        - i2c-dev: don't get i2c adapter via i2c_dev
        - i2c: dev: Fix the race between the release of i2c_dev and cdev
        - padata: set cpu_index of unused CPUs to -1
        - sched/fair, cpumask: Export for_each_cpu_wrap()
        - padata: Replace delayed timer with immediate workqueue in padata_reorder
        - padata: initialize pd->cpu with effective cpumask
        - padata: purge get_cpu and reorder_via_wq from padata_do_serial
        - ALSA: pcm: fix incorrect hw_base increase
        - platform/x86: alienware-wmi: fix kfree on potentially uninitialized pointer
        - libnvdimm/btt: Remove unnecessary code in btt_freelist_init
        - l2tp: lock socket before checking flags in connect()
        - l2tp: fix racy socket lookup in l2tp_ip and l2tp_ip6 bind()
        - l2tp: hold session while sending creation notifications
        - l2tp: take a reference on sessions used in genetlink handlers
        - l2tp: don't use l2tp_tunnel_find() in l2tp_ip and l2tp_ip6
        - net: l2tp: export debug flags to UAPI
        - net: l2tp: deprecate PPPOL2TP_MSG_* in favour of L2TP_MSG_*
        - net: l2tp: ppp: change PPPOL2TP_MSG_* => L2TP_MSG_*
        - New kernel function to get IP overhead on a socket.
        - L2TP:Adjust intf MTU, add underlay L3, L2 hdrs.
        - l2tp: remove useless duplicate session detection in l2tp_netlink
        - l2tp: remove l2tp_session_find()
        - l2tp: define parameters of l2tp_session_get*() as "const"
        - l2tp: define parameters of l2tp_tunnel_find*() as "const"
        - l2tp: initialise session's refcount before making it reachable
        - l2tp: hold tunnel while looking up sessions in l2tp_netlink
        - l2tp: hold tunnel while processing genl delete command
        - l2tp: hold tunnel while handling genl tunnel updates
        - l2tp: hold tunnel while handling genl TUNNEL_GET commands
        - l2tp: hold tunnel used while creating sessions with netlink
        - l2tp: prevent creation of sessions on terminated tunnels
        - l2tp: fix l2tp_eth module loading
        - l2tp: don't register sessions in l2tp_session_create()
        - l2tp: initialise l2tp_eth sessions before registering them
        - l2tp: protect sock pointer of struct pppol2tp_session with RCU
        - l2tp: initialise PPP sessions before registering them
        - Revert "gfs2: Don't demote a glock until its revokes are written"
        - staging: iio: ad2s1210: Fix SPI reading
        - mei: release me_cl object reference
        - iio: sca3000: Remove an erroneous 'get_device()'
        - l2tp: device MTU setup, tunnel socket needs a lock
        - cpumask: Make for_each_cpu_wrap() available on UP as well
        - Linux 4.4.225
    
      * smpboot: don't call topology_sane() when Sub-NUMA-Clustering is enabled
        (LP: #1882478)
        - x86, sched: Allow topologies where NUMA nodes share an LLC
    
      * CVE-2020-11935
        - SAUCE: aufs: do not call i_readcount_inc()
        - SAUCE: aufs: bugfix, IMA i_readcount
    
      * CVE-2019-12380
        - efi/x86/Add missing error handling to old_memmap 1:1 mapping code
    
     -- Khalid Elmously <email address hidden>  Wed, 01 Jul 2020 00:39:42 -0400
  • linux (4.4.0-185.215) xenial; urgency=medium
    
      * Packaging resync (LP: #1786013)
        - [Packaging] update helper scripts
    
      * CVE-2020-0543
        - UBUNTU/SAUCE: x86/speculation/srbds: do not try to turn mitigation off when
          not supported
    
      * Xenial update: 4.4.224 upstream stable release (LP: #1881356)
        - USB: serial: qcserial: Add DW5816e support
        - Revert "net: phy: Avoid polling PHY with PHY_IGNORE_INTERRUPTS"
        - dp83640: reverse arguments to list_add_tail
        - net/mlx4_core: Fix use of ENOSPC around mlx4_counter_alloc()
        - sch_sfq: validate silly quantum values
        - sch_choke: avoid potential panic in choke_reset()
        - enic: do not overwrite error code
        - ipv6: fix cleanup ordering for ip6_mr failure
        - binfmt_elf: move brk out of mmap when doing direct loader exec
        - x86/apm: Don't access __preempt_count with zeroed fs
        - Revert "IB/ipoib: Update broadcast object if PKey value was changed in index
          0"
        - USB: uas: add quirk for LaCie 2Big Quadra
        - USB: serial: garmin_gps: add sanity checking for data length
        - batman-adv: fix batadv_nc_random_weight_tq
        - scripts/decodecode: fix trapping instruction formatting
        - phy: micrel: Ensure interrupts are reenabled on resume
        - binfmt_elf: Do not move brk for INTERP-less ET_EXEC
        - ext4: add cond_resched() to ext4_protect_reserved_inode
        - blktrace: Fix potential deadlock between delete & sysfs ops
        - blktrace: fix unlocked access to init/start-stop/teardown
        - blktrace: fix trace mutex deadlock
        - ptp: do not explicitly set drvdata in ptp_clock_register()
        - ptp: use is_visible method to hide unused attributes
        - ptp: create "pins" together with the rest of attributes
        - chardev: add helper function to register char devs with a struct device
        - ptp: Fix pass zero to ERR_PTR() in ptp_clock_register
        - ptp: fix the race between the release of ptp_clock and cdev
        - ptp: free ptp device pin descriptors properly
        - net: handle no dst on skb in icmp6_send
        - net/sonic: Fix a resource leak in an error handling path in
          'jazz_sonic_probe()'
        - net: moxa: Fix a potential double 'free_irq()'
        - drop_monitor: work around gcc-10 stringop-overflow warning
        - scsi: sg: add sg_remove_request in sg_write
        - cifs: Check for timeout on Negotiate stage
        - cifs: Fix a race condition with cifs_echo_request
        - dmaengine: pch_dma.c: Avoid data race between probe and irq handler
        - dmaengine: mmp_tdma: Reset channel error on release
        - drm/qxl: lost qxl_bo_kunmap_atomic_page in qxl_image_init_helper()
        - ipc/util.c: sysvipc_find_ipc() incorrectly updates position index
        - net: openvswitch: fix csum updates for MPLS actions
        - gre: do not keep the GRE header around in collect medata mode
        - mm/memory_hotplug.c: fix overflow in test_pages_in_a_zone()
        - scsi: qla2xxx: Avoid double completion of abort command
        - i40e: avoid NVM acquire deadlock during NVM update
        - net/mlx5: Fix driver load error flow when firmware is stuck
        - netfilter: conntrack: avoid gcc-10 zero-length-bounds warning
        - IB/mlx4: Test return value of calls to ib_get_cached_pkey
        - pnp: Use list_for_each_entry() instead of open coding
        - gcc-10 warnings: fix low-hanging fruit
        - kbuild: compute false-positive -Wmaybe-uninitialized cases in Kconfig
        - Stop the ad-hoc games with -Wno-maybe-initialized
        - gcc-10: disable 'zero-length-bounds' warning for now
        - gcc-10: disable 'array-bounds' warning for now
        - gcc-10: disable 'stringop-overflow' warning for now
        - gcc-10: disable 'restrict' warning for now
        - blk-mq: sync the update nr_hw_queues with blk_mq_queue_tag_busy_iter
        - blk-mq: Allow blocking queue tag iter callbacks
        - x86/paravirt: Remove the unused irq_enable_sysexit pv op
        - gcc-10: avoid shadowing standard library 'free()' in crypto
        - net: fix a potential recursive NETDEV_FEAT_CHANGE
        - net: ipv4: really enforce backoff for redirects
        - ALSA: hda/realtek - Limit int mic boost for Thinkpad T530
        - ALSA: rawmidi: Fix racy buffer resize under concurrent accesses
        - ALSA: rawmidi: Initialize allocated buffers
        - ARM: dts: imx27-phytec-phycard-s-rdk: Fix the I2C1 pinctrl entries
        - x86: Fix early boot crash on gcc-10, third try
        - exec: Move would_dump into flush_old_exec
        - usb: gadget: net2272: Fix a memory leak in an error handling path in
          'net2272_plat_probe()'
        - usb: gadget: audio: Fix a missing error return value in audio_bind()
        - usb: gadget: legacy: fix error return code in gncm_bind()
        - usb: gadget: legacy: fix error return code in cdc_bind()
        - ARM: dts: r8a7740: Add missing extal2 to CPG node
        - KVM: x86: Fix off-by-one error in kvm_vcpu_ioctl_x86_setup_mce
        - Makefile: disallow data races on gcc-10 as well
        - scsi: iscsi: Fix a potential deadlock in the timeout handler
        - Linux 4.4.224
    
      * upgrading to 4.15.0-99-generic breaks the sound and the trackpad
        (LP: #1875916) // Xenial update: 4.4.224 upstream stable release
        (LP: #1881356)
        - Revert "ALSA: hda/realtek: Fix pop noise on ALC225"
    
      * CVE-2020-10711
        - netlabel: cope with NULL catmap
    
      * CVE-2020-13143
        - USB: gadget: fix illegal array access in binding with UDC
    
      * ext2 build failure on 4.4.0-180.210 (LP: #1880213)
        - ext2: fix debug reference to ext2_xattr_cache
    
      * test_bpf of ubuntu_kernel_selftests.net ADT test failure with linux
        4.4.0-180.210 (LP: #1879752)
        - bpf, test: fix ld_abs + vlan push/pop stress test
    
     -- Marcelo Henrique Cerri <email address hidden>  Mon, 08 Jun 2020 14:45:12 -0300
  • linux (4.4.0-184.214) xenial; urgency=medium
    
      * CVE-2020-0543
        - SAUCE: x86/cpu: Add a steppings field to struct x86_cpu_id
        - SAUCE: x86/cpu: Add 'table' argument to cpu_matches()
        - SAUCE: x86/speculation: Add Special Register Buffer Data Sampling (SRBDS)
          mitigation
        - SAUCE: x86/speculation: Add SRBDS vulnerability and mitigation documentation
        - SAUCE: x86/speculation: Add Ivy Bridge to affected list
    
    linux (4.4.0-181.211) xenial; urgency=medium
    
      * xenial/linux: 4.4.0-181.211 -proposed tracker (LP: #1881170)
    
      * CVE-2020-12769
        - spi: spi-dw: Add lock protect dw_spi rx/tx to prevent concurrent calls
    
      * I2C bus on Dell Edge Gateway stops working after upgrading to
        Ubuntu-4.4.0-180.210 (LP: #1881124)
        - SAUCE: Revert: Revert "ACPI / LPSS: allow to use specific PM domain during
          ->probe()"
    
    linux (4.4.0-180.210) xenial; urgency=medium
    
      * xenial/linux: 4.4.0-180.210 -proposed tracker (LP: #1878873)
    
      * Xenial update: 4.4.223 upstream stable release (LP: #1878232)
        - mwifiex: fix PCIe register information for 8997 chipset
        - drm/qxl: qxl_release use after free
        - drm/qxl: qxl_release leak in qxl_draw_dirty_fb()
        - staging: rtl8192u: Fix crash due to pointers being "confusing"
        - usb: gadget: f_acm: Fix configfs attr name
        - usb: gadged: pch_udc: get rid of redundant assignments
        - usb: gadget: pch_udc: reorder spin_[un]lock to avoid deadlock
        - usb: gadget: udc: core: don't starve DMA resources
        - MIPS: Fix macro typo
        - MIPS: ptrace: Drop cp0_tcstatus from regoffset_table[]
        - MIPS: BMIPS: Fix PRID_IMP_BMIPS5000 masking for BMIPS5200
        - MIPS: smp-cps: Stop printing EJTAG exceptions to UART
        - MIPS: scall: Handle seccomp filters which redirect syscalls
        - MIPS: BMIPS: BMIPS5000 has I cache filing from D cache
        - MIPS: BMIPS: Clear MIPS_CACHE_ALIASES earlier
        - MIPS: BMIPS: local_r4k___flush_cache_all needs to blast S-cache
        - MIPS: BMIPS: Pretty print BMIPS5200 processor name
        - MIPS: Fix HTW config on XPA kernel without LPA enabled
        - MIPS: BMIPS: Adjust mips-hpt-frequency for BCM7435
        - MIPS: math-emu: Fix BC1{EQ,NE}Z emulation
        - MIPS: Fix BC1{EQ,NE}Z return offset calculation
        - MIPS: perf: Fix I6400 event numbers
        - MIPS: KVM: Fix translation of MFC0 ErrCtl
        - MIPS: SMP: Update cpu_foreign_map on CPU disable
        - MIPS: c-r4k: Fix protected_writeback_scache_line for EVA
        - MIPS: Octeon: Off by one in octeon_irq_gpio_map()
        - bpf, mips: fix off-by-one in ctx offset allocation
        - MIPS: RM7000: Double locking bug in rm7k_tc_disable()
        - MIPS: Define AT_VECTOR_SIZE_ARCH for ARCH_DLINFO
        - mips/panic: replace smp_send_stop() with kdump friendly version in panic
          path
        - ARM: dts: armadillo800eva Correct extal1 frequency to 24 MHz
        - ARM: imx: select SRC for i.MX7
        - ARM: dts: kirkwood: gpio pin fixes for linkstation ls-wxl/wsxl
        - ARM: dts: kirkwood: gpio pin fixes for linkstation ls-wvl/vl
        - ARM: dts: kirkwood: gpio-leds fixes for linkstation ls-wxl/wsxl
        - ARM: dts: kirkwood: gpio-leds fixes for linkstation ls-wvl/vl
        - ARM: dts: orion5x: gpio pin fixes for linkstation lswtgl
        - ARM: dts: orion5x: fix the missing mtd flash on linkstation lswtgl
        - ARM: dts: kirkwood: use unique machine name for ds112
        - ARM: dts: kirkwood: add kirkwood-ds112.dtb to Makefile
        - ARM: OMAP2+: hwmod: fix _idle() hwmod state sanity check sequence
        - perf/x86: Fix filter_events() bug with event mappings
        - x86/LDT: Print the real LDT base address
        - x86/apic/uv: Silence a shift wrapping warning
        - ALSA: fm801: explicitly free IRQ line
        - ALSA: fm801: propagate TUNER_ONLY bit when autodetected
        - ALSA: fm801: detect FM-only card earlier
        - netfilter: nfnetlink: use original skbuff when acking batches
        - xfrm: fix crash in XFRM_MSG_GETSA netlink handler
        - mwifiex: fix IBSS data path issue.
        - mwifiex: add missing check for PCIe8997 chipset
        - iwlwifi: set max firmware version of 7265 to 17
        - Bluetooth: btmrvl: fix hung task warning dump
        - dccp: limit sk_filter trim to payload
        - net/mlx4_core: Do not BUG_ON during reset when PCI is offline
        - mlxsw: pci: Correctly determine if descriptor queue is full
        - PCI: Supply CPU physical address (not bus address) to iomem_is_exclusive()
        - alpha/PCI: Call iomem_is_exclusive() for IORESOURCE_MEM, but not
          IORESOURCE_IO
        - vfio/pci: Allow VPD short read
        - mlxsw: Treat local port 64 as valid
        - IB/mlx4: Initialize hop_limit when creating address handle
        - GRE: Disable segmentation offloads w/ CSUM and we are encapsulated via FOU
        - powerpc/pci/of: Parse unassigned resources
        - firmware: actually return NULL on failed request_firmware_nowait()
        - c8sectpfe: Rework firmware loading mechanism
        - net/mlx5: Avoid passing dma address 0 to firmware
        - IB/mlx5: Fix RC transport send queue overhead computation
        - net/mlx5: Make command timeout way shorter
        - IB/mlx5: Fix FW version diaplay in sysfs
        - net/mlx5e: Fix MLX5E_100BASE_T define
        - net/mlx5: Fix the size of modify QP mailbox
        - net/mlx5: Fix masking of reserved bits in XRCD number
        - net/mlx5e: Fix blue flame quota logic
        - net/mlx5: use mlx5_buf_alloc_node instead of mlx5_buf_alloc in
          mlx5_wq_ll_create
        - net/mlx5: Avoid calling sleeping function by the health poll thread
        - net/mlx5: Fix wait_vital for VFs and remove fixed sleep
        - net/mlx5: Fix potential deadlock in command mode change
        - net/mlx5: Add timeout handle to commands with callback
        - net/mlx5: Fix pci error recovery flow
        - net/mlx5e: Copy all L2 headers into inline segment
        - net_sched: keep backlog updated with qlen
        - sch_drr: update backlog as well
        - sch_hfsc: always keep backlog updated
        - sch_prio: update backlog as well
        - sch_qfq: keep backlog updated with qlen
        - sch_sfb: keep backlog updated with qlen
        - sch_tbf: update backlog as well
        - btrfs: cleaner_kthread() doesn't need explicit freeze
        - irda: Free skb on irda_accept error path.
        - phy: fix device reference leaks
        - bonding: prevent out of bound accesses
        - mtd: nand: fix ONFI parameter page layout
        - ath10k: free cached fw bin contents when get board id fails
        - xprtrdma: checking for NULL instead of IS_ERR()
        - xprtrdma: Fix additional uses of spin_lock_irqsave(rb_lock)
        - xprtrdma: xprt_rdma_free() must not release backchannel reqs
        - xprtrdma: rpcrdma_bc_receive_call() should init rq_private_buf.len
        - RDMA/cxgb3: device driver frees DMA memory with different size
        - mlxsw: spectrum: Don't forward packets when STP state is DISABLED
        - mlxsw: spectrum: Disable learning according to STP state
        - mlxsw: spectrum: Don't count internal TX header bytes to stats
        - mlxsw: spectrum: Indicate support for autonegotiation
        - mlxsw: spectrum: Fix misuse of hard_header_len
        - net: tcp_memcontrol: properly detect ancestor socket pressure
        - tcp: do not set rtt_min to 1
        - RDS:TCP: Synchronize rds_tcp_accept_one with rds_send_xmit when resetting
          t_sock
        - net: ipv6: tcp reset, icmp need to consider L3 domain
        - batman-adv: Fix lockdep annotation of batadv_tlv_container_remove
        - batman-adv: replace WARN with rate limited output on non-existing VLAN
        - tty: serial: msm: Support more bauds
        - serial: samsung: Fix possible out of bounds access on non-DT platform
        - isa: Call isa_bus_init before dependent ISA bus drivers register
        - Btrfs: clean up an error code in btrfs_init_space_info()
        - Input: gpio-keys - fix check for disabling unsupported keys
        - Input: edt-ft5x06 - fix setting gain, offset, and threshold via device tree
        - net/xfrm_input: fix possible NULL deref of tunnel.ip6->parms.i_key
        - xfrm_user: propagate sec ctx allocation errors
        - xfrm: Fix memory leak of aead algorithm name
        - mac80211: fix mgmt-tx abort cookie and leak
        - mac80211: TDLS: always downgrade invalid chandefs
        - mac80211: TDLS: change BW calculation for WIDER_BW peers
        - mac80211: Fix BW upgrade for TDLS peers
        - NFS: Fix an LOCK/OPEN race when unlinking an open file
        - net: get rid of an signed integer overflow in ip_idents_reserve()
        - mtd: nand: denali: add missing nand_release() call in denali_remove()
        - ASoC: Intel: pass correct parameter in sst_alloc_stream_mrfld()
        - ASoC: tegra_alc5632: check return value
        - ASoC: fsl_ssi: mark SACNT register volatile
        - Revert "ACPI / LPSS: allow to use specific PM domain during ->probe()"
        - mmc: sdhci: restore behavior when setting VDD via external regulator
        - mmc: sd: limit SD card power limit according to cards capabilities
        - mmc: debugfs: correct wrong voltage value
        - mmc: block: return error on failed mmc_blk_get()
        - clk: rockchip: Revert "clk: rockchip: reset init state before mmc card
          initialization"
        - mmc: dw_mmc: rockchip: Set the drive phase properly
        - mmc: moxart: fix wait_for_completion_interruptible_timeout return variable
          type
        - mmc: sdhci: Fix regression setting power on Trats2 board
        - perf tools: Fix perf regs mask generation
        - powerpc/book3s: Fix MCE console messages for unrecoverable MCE.
        - sctp: fix the transports round robin issue when init is retransmitted
        - sunrpc: Update RPCBIND_MAXNETIDLEN
        - NFC: nci: memory leak in nci_core_conn_create()
        - net: phy: Avoid polling PHY with PHY_IGNORE_INTERRUPTS
        - net: phy: Fix phy_mac_interrupt()
        - net: phy: bcm7xxx: Fix shadow mode 2 disabling
        - of_mdio: fix node leak in of_phy_register_fixed_link error path
        - phy: micrel: Fix finding PHY properties in MAC node for KSZ9031.
        - net: dsa: slave: fix of-node leak and phy priority
        - drivers: net: cpsw: don't ignore phy-mode if phy-handle is used
        - iommu/dma: Respect IOMMU aperture when allocating
        - mdio-sun4i: oops in error handling in probe
        - iio:ad7797: Use correct attribute_group
        - selftests/ipc: Fix test failure seen after initial test run
        - wimax/i2400m: Fix potential urb refcnt leak
        - cifs: protect updating server->dstaddr with a spinlock
        - scripts/config: allow colons in option strings for sed
        - lib/mpi: Fix building for powerpc with clang
        - net: bcmgenet: suppress warnings on failed Rx SKB allocations
        - net: systemport: suppress warnings on failed Rx SKB allocations
        - rc: allow rc modules to be loaded if rc-main is not a module
        - lirc_imon: do not leave imon_probe() with mutex held
        - am437x-vpfe: fix an uninitialized variable bug
        - cx23885: uninitialized variable in cx23885_av_work_handler()
        - ath9k_htc: check for underflow in ath9k_htc_rx_msg()
        - VFIO: platform: reset: fix a warning message condition
        - net: moxa: fix an error code
        - mfd: lp8788-irq: Uninitialized variable in irq handler
        - ethernet: micrel: fix some error codes
        - power: ipaq-micro-battery: freeing the wrong variable
        - i40e: fix an uninitialized variable bug
        - qede: uninitialized variable in qede_start_xmit()
        - qlcnic: potential NULL dereference in qlcnic_83xx_get_minidump_template()
        - qlcnic: use the correct ring in qlcnic_83xx_process_rcv_ring_diag()
        - target: Fix a memory leak in target_dev_lba_map_store()
        - memory/tegra: Add number of TLB lines for Tegra124
        - pinctrl: bcm2835: Fix memory leak in error path
        - be2net: Don't leak iomapped memory on removal.
        - ipv4: Fix memory leak in exception case for splitting tries
        - flow_dissector: Check for IP fragmentation even if not using IPv4 address
        - ipv4: fix checksum annotation in udp4_csum_init
        - ipv4: do not abuse GFP_ATOMIC in inet_netconf_notify_devconf()
        - ipv4: accept u8 in IP_TOS ancillary data
        - net: vrf: Fix dev refcnt leak due to IPv6 prefix route
        - ipv6: fix checksum annotation in udp6_csum_init
        - ipv6: do not abuse GFP_ATOMIC in inet6_netconf_notify_devconf()
        - ipv6: add missing netconf notif when 'all' is updated
        - net: ipv6: Fix processing of RAs in presence of VRF
        - netfilter: nf_tables: fix a wrong check to skip the inactive rules
        - netfilter: nft_dynset: fix panic if NFT_SET_HASH is not enabled
        - netfilter: nf_tables: destroy the set if fail to add transaction
        - netfilter: nft_dup: do not use sreg_dev if the user doesn't specify it
        - udp: restore UDPlite many-cast delivery
        - clk: st: avoid uninitialized variable use
        - clk: gpio: handle error codes for of_clk_get_parent_count()
        - clk: ti: omap3+: dpll: use non-locking version of clk_get_rate
        - clk: multiplier: Prevent the multiplier from under / over flowing
        - clk: imx: clk-pllv3: fix incorrect handle of enet powerdown bit
        - clk: xgene: Don't call __pa on ioremaped address
        - cls_bpf: reset class and reuse major in da
        - arm64: bpf: jit JMP_JSET_{X,K}
        - bpf, trace: check event type in bpf_perf_event_read
        - bpf: fix map not being uncharged during map creation failure
        - net/mlx4_core: Fix potential corruption in counters database
        - net/mlx4_core: Fix access to uninitialized index
        - net/mlx4_en: Fix the return value of a failure in VLAN VID add/kill
        - net/mlx4_core: Check device state before unregistering it
        - net/mlx4_core: Fix the resource-type enum in res tracker to conform to FW
          spec
        - net/mlx4_en: Process all completions in RX rings after port goes up
        - net/mlx4_core: Do not access comm channel if it has not yet been initialized
        - net/mlx4_en: Fix potential deadlock in port statistics flow
        - net/mlx4: Fix uninitialized fields in rule when adding promiscuous mode to
          device managed flow steering
        - net/mlx4_core: Fix QUERY FUNC CAP flags
        - mlxsw: switchx2: Fix misuse of hard_header_len
        - mlxsw: switchx2: Fix ethernet port initialization
        - sched/fair: Fix calc_cfs_shares() fixed point arithmetics width confusion
        - net_sched: flower: Avoid dissection of unmasked keys
        - pkt_sched: fq: use proper locking in fq_dump_stats()
        - sched/preempt: Fix preempt_count manipulations
        - power: bq27xxx: fix reading for bq27000 and bq27010
        - power: bq27xxx: fix register numbers of bq27500
        - power: test_power: correctly handle empty writes
        - power: bq27xxx_battery: Fix bq27541 AveragePower register address
        - power_supply: tps65217-charger: Fix NULL deref during property export
        - net: vrf: Fix dst reference counting
        - net: Don't delete routes in different VRFs
        - vti6: fix input path
        - ipv4: Fix table id reference in fib_sync_down_addr
        - mlx4: do not call napi_schedule() without care
        - xprtrdma: Fix backchannel allocation of extra rpcrdma_reps
        - ALSA: fm801: Initialize chip after IRQ handler is registered
        - bonding: fix length of actor system
        - MIPS: perf: Remove incorrect odd/even counter handling for I6400
        - Revert "cpufreq: Drop rwsem lock around CPUFREQ_GOV_POLICY_EXIT"
        - net: dsa: mv88e6xxx: unlock DSA and CPU ports
        - gfs2: fix flock panic issue
        - blk-mq: fix undefined behaviour in order_to_size()
        - dm: fix second blk_delay_queue() parameter to be in msec units not jiffies
        - dmaengine: edma: Add probe callback to edma_tptc_driver
        - openvswitch: update checksum in {push,pop}_mpls
        - cxgb4/cxgb4vf: Fixes regression in perf when tx vlan offload is disabled
        - net: bcmgenet: fix skb_len in bcmgenet_xmit_single()
        - net: bcmgenet: device stats are unsigned long
        - gre: do not assign header_ops in collect metadata mode
        - gre: build header correctly for collect metadata tunnels
        - gre: reject GUE and FOU in collect metadata mode
        - sfc: fix potential stack corruption from running past stat bitmask
        - sfc: clear napi_hash state when copying channels
        - net: bcmsysport: Device stats are unsigned long
        - cxgbi: fix uninitialized flowi6
        - net: macb: add missing free_netdev() on error in macb_probe()
        - macvtap: segmented packet is consumed
        - tipc: fix the error handling in tipc_udp_enable()
        - net: icmp6_send should use dst dev to determine L3 domain
        - et131x: Fix logical vs bitwise check in et131x_tx_timeout()
        - net: ethernet: stmmac: dwmac-sti: fix probe error path
        - rtnl: reset calcit fptr in rtnl_unregister()
        - net: ethernet: stmmac: dwmac-rk: fix probe error path
        - fq_codel: return non zero qlen in class dumps
        - net: ethernet: stmmac: dwmac-generic: fix probe error path
        - bnxt: add a missing rcu synchronization
        - qdisc: fix a module refcount leak in qdisc_create_dflt()
        - net: axienet: Fix return value check in axienet_probe()
        - bnxt_en: Remove locking around txr->dev_state
        - net: ethernet: davinci_emac: Fix devioctl while in fixed link
        - net: ethernet: mvneta: Remove IFF_UNICAST_FLT which is not implemented
        - net: ethernet: ti: cpsw: fix device and of_node leaks
        - net: ethernet: ti: cpsw: fix secondary-emac probe error path
        - net: hns: fix device reference leaks
        - net: bridge: don't increment tx_dropped in br_do_proxy_arp
        - net: dsa: mv88e6xxx: enable SA learning on DSA ports
        - net: ehea: avoid null pointer dereference
        - l2tp: fix use-after-free during module unload
        - hwrng: exynos - Disable runtime PM on driver unbind
        - net: icmp_route_lookup should use rt dev to determine L3 domain
        - net: mvneta: fix trivial cut-off issue in mvneta_ethtool_update_stats
        - net: macb: replace macb_writel() call by queue_writel() to update queue ISR
        - ravb: Add missing free_irq() call to ravb_close()
        - mvpp2: use correct size for memset
        - net: vxlan: lwt: Fix vxlan local traffic.
        - net: ethoc: Fix early error paths
        - net: mv643xx_eth: fix packet corruption with TSO and tiny unaligned packets.
        - regulator: core: Rely on regulator_dev_release to free constraints
        - net: dsa: mv88e6xxx: fix port VLAN maps
        - at803x: fix reset handling
        - cxl: Fix DAR check & use REGION_ID instead of opencoding
        - net: ethernet: davinci_emac: Fix platform_data overwrite
        - ata: sata_dwc_460ex: remove incorrect locking
        - pinctrl: tegra: Correctly check the supported configuration
        - brcmfmac: add fallback for devices that do not report per-chain values
        - brcmfmac: restore stopping netdev queue when bus clogs up
        - bridge: Fix problems around fdb entries pointing to the bridge device
        - bna: add missing per queue ethtool stat
        - net: skbuff: Remove errornous length validation in skb_vlan_pop()
        - net: ep93xx_eth: Do not crash unloading module
        - macvlan: Fix potential use-after free for broadcasts
        - sctp: Fix SHUTDOWN CTSN Ack in the peer restart case
        - ALSA: hda: Match both PCI ID and SSID for driver blacklist
        - mac80211: add ieee80211_is_any_nullfunc()
        - Linux 4.4.223
    
      * Xenial update: 4.4.222 upstream stable release (LP: #1878246)
        - ext4: fix special inode number checks in __ext4_iget()
        - drm/qxl: qxl_release leak in qxl_hw_surface_alloc()
        - ALSA: pcm: oss: Place the plugin buffer overflow checks correctly
        - PM: ACPI: Output correct message on target power state
        - RDMA/mlx4: Initialize ib_spec on the stack
        - vfio/type1: Fix VA->PA translation for PFNMAP VMAs in vaddr_get_pfn()
        - ALSA: opti9xx: shut up gcc-10 range warning
        - nfs: Fix potential posix_acl refcnt leak in nfs3_set_acl
        - dmaengine: dmatest: Fix iteration non-stop logic
        - i2c: designware-pci: use IRQF_COND_SUSPEND flag
        - perf hists: Fix HISTC_MEM_DCACHELINE width setting
        - powerpc/perf: Remove PPMU_HAS_SSLOT flag for Power8
        - perf/x86: Fix uninitialized value usage
        - exynos4-is: fix a format string bug
        - ASoC: wm8960: Fix WM8960_SYSCLK_PLL mode
        - ASoC: imx-spdif: Fix crash on suspend
        - ipv6: use READ_ONCE() for inet->hdrincl as in ipv4
        - selinux: properly handle multiple messages in selinux_netlink_send()
        - Linux 4.4.222
    
      * Xenial update: 4.4.221 upstream stable release (LP: #1878098)
        - ext4: fix extent_status fragmentation for plain files
        - ALSA: hda - Fix incorrect usage of IS_REACHABLE()
        - net: ipv4: emulate READ_ONCE() on ->hdrincl bit-field in raw_sendmsg()
        - net: ipv4: avoid unused variable warning for sysctl
        - crypto: mxs-dcp - make symbols 'sha1_null_hash' and 'sha256_null_hash'
          static
        - vti4: removed duplicate log message.
        - scsi: lpfc: Fix kasan slab-out-of-bounds error in lpfc_unreg_login
        - ceph: return ceph_mdsc_do_request() errors from __get_parent()
        - ceph: don't skip updating wanted caps when cap is stale
        - pwm: rcar: Fix late Runtime PM enablement
        - scsi: iscsi: Report unbind session event when the target has been removed
        - ASoC: Intel: atom: Take the drv->lock mutex before calling
          sst_send_slot_map()
        - kernel/gcov/fs.c: gcov_seq_next() should increase position index
        - ipc/util.c: sysvipc_find_ipc() should increase position index
        - s390/cio: avoid duplicated 'ADD' uevents
        - pwm: renesas-tpu: Fix late Runtime PM enablement
        - pwm: bcm2835: Dynamically allocate base
        - ipv6: fix restrict IPV6_ADDRFORM operation
        - macvlan: fix null dereference in macvlan_device_event()
        - net: netrom: Fix potential nr_neigh refcnt leak in nr_add_node
        - net/x25: Fix x25_neigh refcnt leak when receiving frame
        - tcp: cache line align MAX_TCP_HEADER
        - team: fix hang in team_mode_get()
        - xfrm: Always set XFRM_TRANSFORMED in xfrm{4,6}_output_finish
        - ALSA: hda: Remove ASUS ROG Zenith from the blacklist
        - iio: xilinx-xadc: Fix ADC-B powerdown
        - iio: xilinx-xadc: Fix clearing interrupt when enabling trigger
        - iio: xilinx-xadc: Fix sequencer configuration for aux channels in
          simultaneous mode
        - fs/namespace.c: fix mountpoint reference counter race
        - USB: sisusbvga: Change port variable from signed to unsigned
        - USB: Add USB_QUIRK_DELAY_CTRL_MSG and USB_QUIRK_DELAY_INIT for Corsair K70
          RGB RAPIDFIRE
        - drivers: usb: core: Don't disable irqs in usb_sg_wait() during URB submit.
        - drivers: usb: core: Minimize irq disabling in usb_sg_cancel()
        - USB: core: Fix free-while-in-use bug in the USB S-Glibrary
        - USB: hub: Fix handling of connect changes during sleep
        - ALSA: usx2y: Fix potential NULL dereference
        - ALSA: usb-audio: Fix usb audio refcnt leak when getting spdif
        - ALSA: usb-audio: Filter out unsupported sample rates on Focusrite devices
        - KVM: Check validity of resolved slot when searching memslots
        - KVM: VMX: Enable machine check support for 32bit targets
        - tty: hvc: fix buffer overflow during hvc_alloc().
        - tty: rocket, avoid OOB access
        - usb-storage: Add unusual_devs entry for JMicron JMS566
        - audit: check the length of userspace generated audit records
        - ASoC: dapm: fixup dapm kcontrol widget
        - ARM: imx: provide v7_cpu_resume() only on ARM_CPU_SUSPEND=y
        - staging: comedi: dt2815: fix writing hi byte of analog output
        - staging: comedi: Fix comedi_device refcnt leak in comedi_open
        - staging: vt6656: Fix drivers TBTT timing counter.
        - staging: vt6656: Power save stop wake_up_count wrap around.
        - UAS: no use logging any details in case of ENODEV
        - UAS: fix deadlock in error handling and PM flushing work
        - usb: f_fs: Clear OS Extended descriptor counts to zero in ffs_data_reset()
        - remoteproc: Fix wrong rvring index computation
        - sctp: use right member as the param of list_for_each_entry
        - fuse: fix possibly missed wake-up after abort
        - mtd: cfi: fix deadloop in cfi_cmdset_0002.c do_write_buffer
        - usb: gadget: udc: bdc: Remove unnecessary NULL checks in bdc_req_complete
        - net/cxgb4: Check the return from t4_query_params properly
        - perf/core: fix parent pid/tid in task exit events
        - bpf, x86: Fix encoding for lower 8-bit registers in BPF_STX BPF_B
        - scsi: target: fix PR IN / READ FULL STATUS for FC
        - xen/xenbus: ensure xenbus_map_ring_valloc() returns proper grant status
        - ext4: convert BUG_ON's to WARN_ON's in mballoc.c
        - ext4: avoid declaring fs inconsistent due to invalid file handles
        - ext4: protect journal inode's blocks using block_validity
        - ext4: don't perform block validity checks on the journal inode
        - ext4: fix block validity checks for journal inodes using indirect blocks
        - ext4: unsigned int compared against zero
        - propagate_one(): mnt_set_mountpoint() needs mount_lock
        - Linux 4.4.221
    
      * Xenial update: 4.4.220 upstream stable release (LP: #1875905)
        - bus: sunxi-rsb: Return correct data when mixing 16-bit and 8-bit reads
        - net: vxge: fix wrong __VA_ARGS__ usage
        - qlcnic: Fix bad kzalloc null test
        - i2c: st: fix missing struct parameter description
        - irqchip/versatile-fpga: Handle chained IRQs properly
        - selftests/x86/ptrace_syscall_32: Fix no-vDSO segfault
        - libata: Remove extra scsi_host_put() in ata_scsi_add_hosts()
        - gfs2: Don't demote a glock until its revokes are written
        - x86/boot: Use unsigned comparison for addresses
        - locking/lockdep: Avoid recursion in lockdep_count_{for,back}ward_deps()
        - btrfs: remove a BUG_ON() from merge_reloc_roots()
        - btrfs: track reloc roots based on their commit root bytenr
        - misc: rtsx: set correct pcr_ops for rts522A
        - ASoC: fix regwmask
        - ASoC: dapm: connect virtual mux with default value
        - ASoC: dpcm: allow start or stop during pause for backend
        - ASoC: topology: use name_prefix for new kcontrol
        - usb: gadget: f_fs: Fix use after free issue as part of queue failure
        - usb: gadget: composite: Inform controller driver of self-powered
        - ALSA: usb-audio: Add mixer workaround for TRX40 and co
        - ALSA: hda: Add driver blacklist
        - ALSA: hda: Fix potential access overflow in beep helper
        - ALSA: ice1724: Fix invalid access for enumerated ctl items
        - ALSA: pcm: oss: Fix regression by buffer overflow fix
        - acpi/x86: ignore unspecified bit positions in the ACPI global lock field
        - thermal: devfreq_cooling: inline all stubs for CONFIG_DEVFREQ_THERMAL=n
        - irqchip/versatile-fpga: Apply clear-mask earlier
        - MIPS: OCTEON: irq: Fix potential NULL pointer dereference
        - ath9k: Handle txpower changes even when TPC is disabled
        - signal: Extend exec_id to 64bits
        - x86/entry/32: Add missing ASM_CLAC to general_protection entry
        - KVM: x86: Allocate new rmap and large page tracking when moving memslot
        - crypto: mxs-dcp - fix scatterlist linearization for hash
        - futex: futex_wake_op, do not fail on invalid op
        - xen-netfront: Rework the fix for Rx stall during OOM and network stress
        - ALSA: hda: Initialize power_state field properly
        - Btrfs: incremental send, fix invalid memory access
        - IB/ipoib: Fix lockdep issue found on ipoib_ib_dev_heavy_flush
        - scsi: zfcp: fix missing erp_lock in port recovery trigger for point-to-point
        - arm64: armv8_deprecated: Fix undef_hook mask for thumb setend
        - ext4: fix a data race at inode->i_blocks
        - ocfs2: no need try to truncate file beyond i_size
        - s390/diag: fix display of diagnose call statistics
        - Input: i8042 - add Acer Aspire 5738z to nomux list
        - kmod: make request_module() return an error when autoloading is disabled
        - hfsplus: fix crash and filesystem corruption when deleting files
        - powerpc/64/tm: Don't let userspace set regs->trap via sigreturn
        - Btrfs: fix crash during unmount due to race with delayed inode workers
        - drm/dp_mst: Fix clearing payload state on topology disable
        - ipmi: fix hung processes in __get_guid()
        - powerpc/fsl_booke: Avoid creating duplicate tlb1 entry
        - misc: echo: Remove unnecessary parentheses and simplify check for zero
        - mfd: dln2: Fix sanity checking for endpoints
        - net: ipv4: devinet: Fix crash when add/del multicast IP with autojoin
        - net: ipv6: do not consider routes via gateways for anycast address check
        - scsi: ufs: Fix ufshcd_hold() caused scheduling while atomic
        - jbd2: improve comments about freeing data buffers whose page mapping is NULL
        - ext4: fix incorrect group count in ext4_fill_super error message
        - ext4: fix incorrect inodes per group in error message
        - ASoC: Intel: mrfld: fix incorrect check on p->sink
        - ASoC: Intel: mrfld: return error codes when an error occurs
        - ALSA: usb-audio: Don't override ignore_ctl_error value from the map
        - mac80211_hwsim: Use kstrndup() in place of kasprintf()
        - ext4: do not zeroout extents beyond i_disksize
        - dm flakey: check for null arg_name in parse_features()
        - kvm: x86: Host feature SSBD doesn't imply guest feature SPEC_CTRL_SSBD
        - x86/mitigations: Clear CPU buffers on the SYSCALL fast path
        - tracing: Fix the race between registering 'snapshot' event trigger and
          triggering 'snapshot' operation
        - scsi: sg: add sg_remove_request in sg_common_write
        - ALSA: hda: Don't release card at firmware loading error
        - video: fbdev: sis: Remove unnecessary parentheses and commented code
        - drm: NULL pointer dereference [null-pointer-deref] (CWE 476) problem
        - wil6210: increase firmware ready timeout
        - wil6210: fix temperature debugfs
        - scsi: ufs: ufs-qcom: remove broken hci version quirk
        - wil6210: rate limit wil_rx_refill error
        - rtc: pm8xxx: Fix issue in RTC write path
        - soc: qcom: smem: Use le32_to_cpu for comparison
        - of: fix missing kobject init for !SYSFS && OF_DYNAMIC config
        - of: unittest: kmemleak in of_unittest_platform_populate()
        - clk: at91: usb: continue if clk_hw_round_rate() return zero
        - clk: tegra: Fix Tegra PMC clock out parents
        - NFS: direct.c: Fix memory leak of dreq when nfs_get_lock_context fails
        - ext4: do not commit super on read-only bdev
        - percpu_counter: fix a data race at vm_committed_as
        - compiler.h: fix error in BUILD_BUG_ON() reporting
        - NFS: Fix memory leaks in nfs_pageio_stop_mirroring()
        - ext2: fix empty body warnings when -Wextra is used
        - iommu/amd: Fix the configuration of GCR3 table root pointer
        - fbdev: potential information leak in do_fb_ioctl()
        - tty: evh_bytechan: Fix out of bounds accesses
        - locktorture: Print ratio of acquisitions, not failures
        - mtd: lpddr: Fix a double free in probe()
        - mtd: phram: fix a double free issue in error path
        - x86/CPU: Add native CPUID variants returning a single datum
        - x86/microcode/intel: replace sync_core() with native_cpuid_reg(eax)
        - x86/vdso: Fix lsl operand order
        - Linux 4.4.220
    
      * Panic on suspend/resume Kernel panic - not syncing: stack-protector: Kernel
        stack is corrupted in: sata_pmp_eh_recover+0xa2b/0xa40 (LP: #1821434) //
        Xenial update: 4.4.220 upstream stable release (LP: #1875905)
        - libata: Return correct status in sata_pmp_eh_recover_pm() when
          ATA_DFLAG_DETACH is set
    
      * psock_tpacket from the net test in ubuntu_kernel_selftests failed on KVM
        kernels (LP: #1812176)
        - selftests/net: skip psock_tpacket test if KALLSYMS was not enabled
    
      * tunnels over IPv6 are unencrypted when using IPsec (LP: #1876982) //
        CVE-2020-1749
        - net: ipv6: add net argument to ip6_dst_lookup_flow
        - net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup
    
      * Bionic ubuntu ethtool doesn't check ring parameters boundaries
        (LP: #1874444)
        - ethtool: Ensure new ring parameters are within bounds during SRINGPARAM
    
      * Improve TSC refinement (and calibration) reliability (LP: #1877858)
        - x86/tsc: Make calibration refinement more robust
    
      * Do not treat unresolved test case in ftrace from ubuntu_kernel_selftests as
        failure (LP: #1877958)
        - ftrace/selftest: make unresolved cases cause failure if --fail-unresolved
          set
    
     -- Kleber Sacilotto de Souza <email address hidden>  Wed, 03 Jun 2020 12:51:31 +0200
  • linux (4.4.0-181.211) xenial; urgency=medium
    
      * xenial/linux: 4.4.0-181.211 -proposed tracker (LP: #1881170)
    
      * CVE-2020-12769
        - spi: spi-dw: Add lock protect dw_spi rx/tx to prevent concurrent calls
    
      * I2C bus on Dell Edge Gateway stops working after upgrading to
        Ubuntu-4.4.0-180.210 (LP: #1881124)
        - SAUCE: Revert: Revert "ACPI / LPSS: allow to use specific PM domain during
          ->probe()"
    
    linux (4.4.0-180.210) xenial; urgency=medium
    
      * xenial/linux: 4.4.0-180.210 -proposed tracker (LP: #1878873)
    
      * Xenial update: 4.4.223 upstream stable release (LP: #1878232)
        - mwifiex: fix PCIe register information for 8997 chipset
        - drm/qxl: qxl_release use after free
        - drm/qxl: qxl_release leak in qxl_draw_dirty_fb()
        - staging: rtl8192u: Fix crash due to pointers being "confusing"
        - usb: gadget: f_acm: Fix configfs attr name
        - usb: gadged: pch_udc: get rid of redundant assignments
        - usb: gadget: pch_udc: reorder spin_[un]lock to avoid deadlock
        - usb: gadget: udc: core: don't starve DMA resources
        - MIPS: Fix macro typo
        - MIPS: ptrace: Drop cp0_tcstatus from regoffset_table[]
        - MIPS: BMIPS: Fix PRID_IMP_BMIPS5000 masking for BMIPS5200
        - MIPS: smp-cps: Stop printing EJTAG exceptions to UART
        - MIPS: scall: Handle seccomp filters which redirect syscalls
        - MIPS: BMIPS: BMIPS5000 has I cache filing from D cache
        - MIPS: BMIPS: Clear MIPS_CACHE_ALIASES earlier
        - MIPS: BMIPS: local_r4k___flush_cache_all needs to blast S-cache
        - MIPS: BMIPS: Pretty print BMIPS5200 processor name
        - MIPS: Fix HTW config on XPA kernel without LPA enabled
        - MIPS: BMIPS: Adjust mips-hpt-frequency for BCM7435
        - MIPS: math-emu: Fix BC1{EQ,NE}Z emulation
        - MIPS: Fix BC1{EQ,NE}Z return offset calculation
        - MIPS: perf: Fix I6400 event numbers
        - MIPS: KVM: Fix translation of MFC0 ErrCtl
        - MIPS: SMP: Update cpu_foreign_map on CPU disable
        - MIPS: c-r4k: Fix protected_writeback_scache_line for EVA
        - MIPS: Octeon: Off by one in octeon_irq_gpio_map()
        - bpf, mips: fix off-by-one in ctx offset allocation
        - MIPS: RM7000: Double locking bug in rm7k_tc_disable()
        - MIPS: Define AT_VECTOR_SIZE_ARCH for ARCH_DLINFO
        - mips/panic: replace smp_send_stop() with kdump friendly version in panic
          path
        - ARM: dts: armadillo800eva Correct extal1 frequency to 24 MHz
        - ARM: imx: select SRC for i.MX7
        - ARM: dts: kirkwood: gpio pin fixes for linkstation ls-wxl/wsxl
        - ARM: dts: kirkwood: gpio pin fixes for linkstation ls-wvl/vl
        - ARM: dts: kirkwood: gpio-leds fixes for linkstation ls-wxl/wsxl
        - ARM: dts: kirkwood: gpio-leds fixes for linkstation ls-wvl/vl
        - ARM: dts: orion5x: gpio pin fixes for linkstation lswtgl
        - ARM: dts: orion5x: fix the missing mtd flash on linkstation lswtgl
        - ARM: dts: kirkwood: use unique machine name for ds112
        - ARM: dts: kirkwood: add kirkwood-ds112.dtb to Makefile
        - ARM: OMAP2+: hwmod: fix _idle() hwmod state sanity check sequence
        - perf/x86: Fix filter_events() bug with event mappings
        - x86/LDT: Print the real LDT base address
        - x86/apic/uv: Silence a shift wrapping warning
        - ALSA: fm801: explicitly free IRQ line
        - ALSA: fm801: propagate TUNER_ONLY bit when autodetected
        - ALSA: fm801: detect FM-only card earlier
        - netfilter: nfnetlink: use original skbuff when acking batches
        - xfrm: fix crash in XFRM_MSG_GETSA netlink handler
        - mwifiex: fix IBSS data path issue.
        - mwifiex: add missing check for PCIe8997 chipset
        - iwlwifi: set max firmware version of 7265 to 17
        - Bluetooth: btmrvl: fix hung task warning dump
        - dccp: limit sk_filter trim to payload
        - net/mlx4_core: Do not BUG_ON during reset when PCI is offline
        - mlxsw: pci: Correctly determine if descriptor queue is full
        - PCI: Supply CPU physical address (not bus address) to iomem_is_exclusive()
        - alpha/PCI: Call iomem_is_exclusive() for IORESOURCE_MEM, but not
          IORESOURCE_IO
        - vfio/pci: Allow VPD short read
        - mlxsw: Treat local port 64 as valid
        - IB/mlx4: Initialize hop_limit when creating address handle
        - GRE: Disable segmentation offloads w/ CSUM and we are encapsulated via FOU
        - powerpc/pci/of: Parse unassigned resources
        - firmware: actually return NULL on failed request_firmware_nowait()
        - c8sectpfe: Rework firmware loading mechanism
        - net/mlx5: Avoid passing dma address 0 to firmware
        - IB/mlx5: Fix RC transport send queue overhead computation
        - net/mlx5: Make command timeout way shorter
        - IB/mlx5: Fix FW version diaplay in sysfs
        - net/mlx5e: Fix MLX5E_100BASE_T define
        - net/mlx5: Fix the size of modify QP mailbox
        - net/mlx5: Fix masking of reserved bits in XRCD number
        - net/mlx5e: Fix blue flame quota logic
        - net/mlx5: use mlx5_buf_alloc_node instead of mlx5_buf_alloc in
          mlx5_wq_ll_create
        - net/mlx5: Avoid calling sleeping function by the health poll thread
        - net/mlx5: Fix wait_vital for VFs and remove fixed sleep
        - net/mlx5: Fix potential deadlock in command mode change
        - net/mlx5: Add timeout handle to commands with callback
        - net/mlx5: Fix pci error recovery flow
        - net/mlx5e: Copy all L2 headers into inline segment
        - net_sched: keep backlog updated with qlen
        - sch_drr: update backlog as well
        - sch_hfsc: always keep backlog updated
        - sch_prio: update backlog as well
        - sch_qfq: keep backlog updated with qlen
        - sch_sfb: keep backlog updated with qlen
        - sch_tbf: update backlog as well
        - btrfs: cleaner_kthread() doesn't need explicit freeze
        - irda: Free skb on irda_accept error path.
        - phy: fix device reference leaks
        - bonding: prevent out of bound accesses
        - mtd: nand: fix ONFI parameter page layout
        - ath10k: free cached fw bin contents when get board id fails
        - xprtrdma: checking for NULL instead of IS_ERR()
        - xprtrdma: Fix additional uses of spin_lock_irqsave(rb_lock)
        - xprtrdma: xprt_rdma_free() must not release backchannel reqs
        - xprtrdma: rpcrdma_bc_receive_call() should init rq_private_buf.len
        - RDMA/cxgb3: device driver frees DMA memory with different size
        - mlxsw: spectrum: Don't forward packets when STP state is DISABLED
        - mlxsw: spectrum: Disable learning according to STP state
        - mlxsw: spectrum: Don't count internal TX header bytes to stats
        - mlxsw: spectrum: Indicate support for autonegotiation
        - mlxsw: spectrum: Fix misuse of hard_header_len
        - net: tcp_memcontrol: properly detect ancestor socket pressure
        - tcp: do not set rtt_min to 1
        - RDS:TCP: Synchronize rds_tcp_accept_one with rds_send_xmit when resetting
          t_sock
        - net: ipv6: tcp reset, icmp need to consider L3 domain
        - batman-adv: Fix lockdep annotation of batadv_tlv_container_remove
        - batman-adv: replace WARN with rate limited output on non-existing VLAN
        - tty: serial: msm: Support more bauds
        - serial: samsung: Fix possible out of bounds access on non-DT platform
        - isa: Call isa_bus_init before dependent ISA bus drivers register
        - Btrfs: clean up an error code in btrfs_init_space_info()
        - Input: gpio-keys - fix check for disabling unsupported keys
        - Input: edt-ft5x06 - fix setting gain, offset, and threshold via device tree
        - net/xfrm_input: fix possible NULL deref of tunnel.ip6->parms.i_key
        - xfrm_user: propagate sec ctx allocation errors
        - xfrm: Fix memory leak of aead algorithm name
        - mac80211: fix mgmt-tx abort cookie and leak
        - mac80211: TDLS: always downgrade invalid chandefs
        - mac80211: TDLS: change BW calculation for WIDER_BW peers
        - mac80211: Fix BW upgrade for TDLS peers
        - NFS: Fix an LOCK/OPEN race when unlinking an open file
        - net: get rid of an signed integer overflow in ip_idents_reserve()
        - mtd: nand: denali: add missing nand_release() call in denali_remove()
        - ASoC: Intel: pass correct parameter in sst_alloc_stream_mrfld()
        - ASoC: tegra_alc5632: check return value
        - ASoC: fsl_ssi: mark SACNT register volatile
        - Revert "ACPI / LPSS: allow to use specific PM domain during ->probe()"
        - mmc: sdhci: restore behavior when setting VDD via external regulator
        - mmc: sd: limit SD card power limit according to cards capabilities
        - mmc: debugfs: correct wrong voltage value
        - mmc: block: return error on failed mmc_blk_get()
        - clk: rockchip: Revert "clk: rockchip: reset init state before mmc card
          initialization"
        - mmc: dw_mmc: rockchip: Set the drive phase properly
        - mmc: moxart: fix wait_for_completion_interruptible_timeout return variable
          type
        - mmc: sdhci: Fix regression setting power on Trats2 board
        - perf tools: Fix perf regs mask generation
        - powerpc/book3s: Fix MCE console messages for unrecoverable MCE.
        - sctp: fix the transports round robin issue when init is retransmitted
        - sunrpc: Update RPCBIND_MAXNETIDLEN
        - NFC: nci: memory leak in nci_core_conn_create()
        - net: phy: Avoid polling PHY with PHY_IGNORE_INTERRUPTS
        - net: phy: Fix phy_mac_interrupt()
        - net: phy: bcm7xxx: Fix shadow mode 2 disabling
        - of_mdio: fix node leak in of_phy_register_fixed_link error path
        - phy: micrel: Fix finding PHY properties in MAC node for KSZ9031.
        - net: dsa: slave: fix of-node leak and phy priority
        - drivers: net: cpsw: don't ignore phy-mode if phy-handle is used
        - iommu/dma: Respect IOMMU aperture when allocating
        - mdio-sun4i: oops in error handling in probe
        - iio:ad7797: Use correct attribute_group
        - selftests/ipc: Fix test failure seen after initial test run
        - wimax/i2400m: Fix potential urb refcnt leak
        - cifs: protect updating server->dstaddr with a spinlock
        - scripts/config: allow colons in option strings for sed
        - lib/mpi: Fix building for powerpc with clang
        - net: bcmgenet: suppress warnings on failed Rx SKB allocations
        - net: systemport: suppress warnings on failed Rx SKB allocations
        - rc: allow rc modules to be loaded if rc-main is not a module
        - lirc_imon: do not leave imon_probe() with mutex held
        - am437x-vpfe: fix an uninitialized variable bug
        - cx23885: uninitialized variable in cx23885_av_work_handler()
        - ath9k_htc: check for underflow in ath9k_htc_rx_msg()
        - VFIO: platform: reset: fix a warning message condition
        - net: moxa: fix an error code
        - mfd: lp8788-irq: Uninitialized variable in irq handler
        - ethernet: micrel: fix some error codes
        - power: ipaq-micro-battery: freeing the wrong variable
        - i40e: fix an uninitialized variable bug
        - qede: uninitialized variable in qede_start_xmit()
        - qlcnic: potential NULL dereference in qlcnic_83xx_get_minidump_template()
        - qlcnic: use the correct ring in qlcnic_83xx_process_rcv_ring_diag()
        - target: Fix a memory leak in target_dev_lba_map_store()
        - memory/tegra: Add number of TLB lines for Tegra124
        - pinctrl: bcm2835: Fix memory leak in error path
        - be2net: Don't leak iomapped memory on removal.
        - ipv4: Fix memory leak in exception case for splitting tries
        - flow_dissector: Check for IP fragmentation even if not using IPv4 address
        - ipv4: fix checksum annotation in udp4_csum_init
        - ipv4: do not abuse GFP_ATOMIC in inet_netconf_notify_devconf()
        - ipv4: accept u8 in IP_TOS ancillary data
        - net: vrf: Fix dev refcnt leak due to IPv6 prefix route
        - ipv6: fix checksum annotation in udp6_csum_init
        - ipv6: do not abuse GFP_ATOMIC in inet6_netconf_notify_devconf()
        - ipv6: add missing netconf notif when 'all' is updated
        - net: ipv6: Fix processing of RAs in presence of VRF
        - netfilter: nf_tables: fix a wrong check to skip the inactive rules
        - netfilter: nft_dynset: fix panic if NFT_SET_HASH is not enabled
        - netfilter: nf_tables: destroy the set if fail to add transaction
        - netfilter: nft_dup: do not use sreg_dev if the user doesn't specify it
        - udp: restore UDPlite many-cast delivery
        - clk: st: avoid uninitialized variable use
        - clk: gpio: handle error codes for of_clk_get_parent_count()
        - clk: ti: omap3+: dpll: use non-locking version of clk_get_rate
        - clk: multiplier: Prevent the multiplier from under / over flowing
        - clk: imx: clk-pllv3: fix incorrect handle of enet powerdown bit
        - clk: xgene: Don't call __pa on ioremaped address
        - cls_bpf: reset class and reuse major in da
        - arm64: bpf: jit JMP_JSET_{X,K}
        - bpf, trace: check event type in bpf_perf_event_read
        - bpf: fix map not being uncharged during map creation failure
        - net/mlx4_core: Fix potential corruption in counters database
        - net/mlx4_core: Fix access to uninitialized index
        - net/mlx4_en: Fix the return value of a failure in VLAN VID add/kill
        - net/mlx4_core: Check device state before unregistering it
        - net/mlx4_core: Fix the resource-type enum in res tracker to conform to FW
          spec
        - net/mlx4_en: Process all completions in RX rings after port goes up
        - net/mlx4_core: Do not access comm channel if it has not yet been initialized
        - net/mlx4_en: Fix potential deadlock in port statistics flow
        - net/mlx4: Fix uninitialized fields in rule when adding promiscuous mode to
          device managed flow steering
        - net/mlx4_core: Fix QUERY FUNC CAP flags
        - mlxsw: switchx2: Fix misuse of hard_header_len
        - mlxsw: switchx2: Fix ethernet port initialization
        - sched/fair: Fix calc_cfs_shares() fixed point arithmetics width confusion
        - net_sched: flower: Avoid dissection of unmasked keys
        - pkt_sched: fq: use proper locking in fq_dump_stats()
        - sched/preempt: Fix preempt_count manipulations
        - power: bq27xxx: fix reading for bq27000 and bq27010
        - power: bq27xxx: fix register numbers of bq27500
        - power: test_power: correctly handle empty writes
        - power: bq27xxx_battery: Fix bq27541 AveragePower register address
        - power_supply: tps65217-charger: Fix NULL deref during property export
        - net: vrf: Fix dst reference counting
        - net: Don't delete routes in different VRFs
        - vti6: fix input path
        - ipv4: Fix table id reference in fib_sync_down_addr
        - mlx4: do not call napi_schedule() without care
        - xprtrdma: Fix backchannel allocation of extra rpcrdma_reps
        - ALSA: fm801: Initialize chip after IRQ handler is registered
        - bonding: fix length of actor system
        - MIPS: perf: Remove incorrect odd/even counter handling for I6400
        - Revert "cpufreq: Drop rwsem lock around CPUFREQ_GOV_POLICY_EXIT"
        - net: dsa: mv88e6xxx: unlock DSA and CPU ports
        - gfs2: fix flock panic issue
        - blk-mq: fix undefined behaviour in order_to_size()
        - dm: fix second blk_delay_queue() parameter to be in msec units not jiffies
        - dmaengine: edma: Add probe callback to edma_tptc_driver
        - openvswitch: update checksum in {push,pop}_mpls
        - cxgb4/cxgb4vf: Fixes regression in perf when tx vlan offload is disabled
        - net: bcmgenet: fix skb_len in bcmgenet_xmit_single()
        - net: bcmgenet: device stats are unsigned long
        - gre: do not assign header_ops in collect metadata mode
        - gre: build header correctly for collect metadata tunnels
        - gre: reject GUE and FOU in collect metadata mode
        - sfc: fix potential stack corruption from running past stat bitmask
        - sfc: clear napi_hash state when copying channels
        - net: bcmsysport: Device stats are unsigned long
        - cxgbi: fix uninitialized flowi6
        - net: macb: add missing free_netdev() on error in macb_probe()
        - macvtap: segmented packet is consumed
        - tipc: fix the error handling in tipc_udp_enable()
        - net: icmp6_send should use dst dev to determine L3 domain
        - et131x: Fix logical vs bitwise check in et131x_tx_timeout()
        - net: ethernet: stmmac: dwmac-sti: fix probe error path
        - rtnl: reset calcit fptr in rtnl_unregister()
        - net: ethernet: stmmac: dwmac-rk: fix probe error path
        - fq_codel: return non zero qlen in class dumps
        - net: ethernet: stmmac: dwmac-generic: fix probe error path
        - bnxt: add a missing rcu synchronization
        - qdisc: fix a module refcount leak in qdisc_create_dflt()
        - net: axienet: Fix return value check in axienet_probe()
        - bnxt_en: Remove locking around txr->dev_state
        - net: ethernet: davinci_emac: Fix devioctl while in fixed link
        - net: ethernet: mvneta: Remove IFF_UNICAST_FLT which is not implemented
        - net: ethernet: ti: cpsw: fix device and of_node leaks
        - net: ethernet: ti: cpsw: fix secondary-emac probe error path
        - net: hns: fix device reference leaks
        - net: bridge: don't increment tx_dropped in br_do_proxy_arp
        - net: dsa: mv88e6xxx: enable SA learning on DSA ports
        - net: ehea: avoid null pointer dereference
        - l2tp: fix use-after-free during module unload
        - hwrng: exynos - Disable runtime PM on driver unbind
        - net: icmp_route_lookup should use rt dev to determine L3 domain
        - net: mvneta: fix trivial cut-off issue in mvneta_ethtool_update_stats
        - net: macb: replace macb_writel() call by queue_writel() to update queue ISR
        - ravb: Add missing free_irq() call to ravb_close()
        - mvpp2: use correct size for memset
        - net: vxlan: lwt: Fix vxlan local traffic.
        - net: ethoc: Fix early error paths
        - net: mv643xx_eth: fix packet corruption with TSO and tiny unaligned packets.
        - regulator: core: Rely on regulator_dev_release to free constraints
        - net: dsa: mv88e6xxx: fix port VLAN maps
        - at803x: fix reset handling
        - cxl: Fix DAR check & use REGION_ID instead of opencoding
        - net: ethernet: davinci_emac: Fix platform_data overwrite
        - ata: sata_dwc_460ex: remove incorrect locking
        - pinctrl: tegra: Correctly check the supported configuration
        - brcmfmac: add fallback for devices that do not report per-chain values
        - brcmfmac: restore stopping netdev queue when bus clogs up
        - bridge: Fix problems around fdb entries pointing to the bridge device
        - bna: add missing per queue ethtool stat
        - net: skbuff: Remove errornous length validation in skb_vlan_pop()
        - net: ep93xx_eth: Do not crash unloading module
        - macvlan: Fix potential use-after free for broadcasts
        - sctp: Fix SHUTDOWN CTSN Ack in the peer restart case
        - ALSA: hda: Match both PCI ID and SSID for driver blacklist
        - mac80211: add ieee80211_is_any_nullfunc()
        - Linux 4.4.223
    
      * Xenial update: 4.4.222 upstream stable release (LP: #1878246)
        - ext4: fix special inode number checks in __ext4_iget()
        - drm/qxl: qxl_release leak in qxl_hw_surface_alloc()
        - ALSA: pcm: oss: Place the plugin buffer overflow checks correctly
        - PM: ACPI: Output correct message on target power state
        - RDMA/mlx4: Initialize ib_spec on the stack
        - vfio/type1: Fix VA->PA translation for PFNMAP VMAs in vaddr_get_pfn()
        - ALSA: opti9xx: shut up gcc-10 range warning
        - nfs: Fix potential posix_acl refcnt leak in nfs3_set_acl
        - dmaengine: dmatest: Fix iteration non-stop logic
        - i2c: designware-pci: use IRQF_COND_SUSPEND flag
        - perf hists: Fix HISTC_MEM_DCACHELINE width setting
        - powerpc/perf: Remove PPMU_HAS_SSLOT flag for Power8
        - perf/x86: Fix uninitialized value usage
        - exynos4-is: fix a format string bug
        - ASoC: wm8960: Fix WM8960_SYSCLK_PLL mode
        - ASoC: imx-spdif: Fix crash on suspend
        - ipv6: use READ_ONCE() for inet->hdrincl as in ipv4
        - selinux: properly handle multiple messages in selinux_netlink_send()
        - Linux 4.4.222
    
      * Xenial update: 4.4.221 upstream stable release (LP: #1878098)
        - ext4: fix extent_status fragmentation for plain files
        - ALSA: hda - Fix incorrect usage of IS_REACHABLE()
        - net: ipv4: emulate READ_ONCE() on ->hdrincl bit-field in raw_sendmsg()
        - net: ipv4: avoid unused variable warning for sysctl
        - crypto: mxs-dcp - make symbols 'sha1_null_hash' and 'sha256_null_hash'
          static
        - vti4: removed duplicate log message.
        - scsi: lpfc: Fix kasan slab-out-of-bounds error in lpfc_unreg_login
        - ceph: return ceph_mdsc_do_request() errors from __get_parent()
        - ceph: don't skip updating wanted caps when cap is stale
        - pwm: rcar: Fix late Runtime PM enablement
        - scsi: iscsi: Report unbind session event when the target has been removed
        - ASoC: Intel: atom: Take the drv->lock mutex before calling
          sst_send_slot_map()
        - kernel/gcov/fs.c: gcov_seq_next() should increase position index
        - ipc/util.c: sysvipc_find_ipc() should increase position index
        - s390/cio: avoid duplicated 'ADD' uevents
        - pwm: renesas-tpu: Fix late Runtime PM enablement
        - pwm: bcm2835: Dynamically allocate base
        - ipv6: fix restrict IPV6_ADDRFORM operation
        - macvlan: fix null dereference in macvlan_device_event()
        - net: netrom: Fix potential nr_neigh refcnt leak in nr_add_node
        - net/x25: Fix x25_neigh refcnt leak when receiving frame
        - tcp: cache line align MAX_TCP_HEADER
        - team: fix hang in team_mode_get()
        - xfrm: Always set XFRM_TRANSFORMED in xfrm{4,6}_output_finish
        - ALSA: hda: Remove ASUS ROG Zenith from the blacklist
        - iio: xilinx-xadc: Fix ADC-B powerdown
        - iio: xilinx-xadc: Fix clearing interrupt when enabling trigger
        - iio: xilinx-xadc: Fix sequencer configuration for aux channels in
          simultaneous mode
        - fs/namespace.c: fix mountpoint reference counter race
        - USB: sisusbvga: Change port variable from signed to unsigned
        - USB: Add USB_QUIRK_DELAY_CTRL_MSG and USB_QUIRK_DELAY_INIT for Corsair K70
          RGB RAPIDFIRE
        - drivers: usb: core: Don't disable irqs in usb_sg_wait() during URB submit.
        - drivers: usb: core: Minimize irq disabling in usb_sg_cancel()
        - USB: core: Fix free-while-in-use bug in the USB S-Glibrary
        - USB: hub: Fix handling of connect changes during sleep
        - ALSA: usx2y: Fix potential NULL dereference
        - ALSA: usb-audio: Fix usb audio refcnt leak when getting spdif
        - ALSA: usb-audio: Filter out unsupported sample rates on Focusrite devices
        - KVM: Check validity of resolved slot when searching memslots
        - KVM: VMX: Enable machine check support for 32bit targets
        - tty: hvc: fix buffer overflow during hvc_alloc().
        - tty: rocket, avoid OOB access
        - usb-storage: Add unusual_devs entry for JMicron JMS566
        - audit: check the length of userspace generated audit records
        - ASoC: dapm: fixup dapm kcontrol widget
        - ARM: imx: provide v7_cpu_resume() only on ARM_CPU_SUSPEND=y
        - staging: comedi: dt2815: fix writing hi byte of analog output
        - staging: comedi: Fix comedi_device refcnt leak in comedi_open
        - staging: vt6656: Fix drivers TBTT timing counter.
        - staging: vt6656: Power save stop wake_up_count wrap around.
        - UAS: no use logging any details in case of ENODEV
        - UAS: fix deadlock in error handling and PM flushing work
        - usb: f_fs: Clear OS Extended descriptor counts to zero in ffs_data_reset()
        - remoteproc: Fix wrong rvring index computation
        - sctp: use right member as the param of list_for_each_entry
        - fuse: fix possibly missed wake-up after abort
        - mtd: cfi: fix deadloop in cfi_cmdset_0002.c do_write_buffer
        - usb: gadget: udc: bdc: Remove unnecessary NULL checks in bdc_req_complete
        - net/cxgb4: Check the return from t4_query_params properly
        - perf/core: fix parent pid/tid in task exit events
        - bpf, x86: Fix encoding for lower 8-bit registers in BPF_STX BPF_B
        - scsi: target: fix PR IN / READ FULL STATUS for FC
        - xen/xenbus: ensure xenbus_map_ring_valloc() returns proper grant status
        - ext4: convert BUG_ON's to WARN_ON's in mballoc.c
        - ext4: avoid declaring fs inconsistent due to invalid file handles
        - ext4: protect journal inode's blocks using block_validity
        - ext4: don't perform block validity checks on the journal inode
        - ext4: fix block validity checks for journal inodes using indirect blocks
        - ext4: unsigned int compared against zero
        - propagate_one(): mnt_set_mountpoint() needs mount_lock
        - Linux 4.4.221
    
      * Xenial update: 4.4.220 upstream stable release (LP: #1875905)
        - bus: sunxi-rsb: Return correct data when mixing 16-bit and 8-bit reads
        - net: vxge: fix wrong __VA_ARGS__ usage
        - qlcnic: Fix bad kzalloc null test
        - i2c: st: fix missing struct parameter description
        - irqchip/versatile-fpga: Handle chained IRQs properly
        - selftests/x86/ptrace_syscall_32: Fix no-vDSO segfault
        - libata: Remove extra scsi_host_put() in ata_scsi_add_hosts()
        - gfs2: Don't demote a glock until its revokes are written
        - x86/boot: Use unsigned comparison for addresses
        - locking/lockdep: Avoid recursion in lockdep_count_{for,back}ward_deps()
        - btrfs: remove a BUG_ON() from merge_reloc_roots()
        - btrfs: track reloc roots based on their commit root bytenr
        - misc: rtsx: set correct pcr_ops for rts522A
        - ASoC: fix regwmask
        - ASoC: dapm: connect virtual mux with default value
        - ASoC: dpcm: allow start or stop during pause for backend
        - ASoC: topology: use name_prefix for new kcontrol
        - usb: gadget: f_fs: Fix use after free issue as part of queue failure
        - usb: gadget: composite: Inform controller driver of self-powered
        - ALSA: usb-audio: Add mixer workaround for TRX40 and co
        - ALSA: hda: Add driver blacklist
        - ALSA: hda: Fix potential access overflow in beep helper
        - ALSA: ice1724: Fix invalid access for enumerated ctl items
        - ALSA: pcm: oss: Fix regression by buffer overflow fix
        - acpi/x86: ignore unspecified bit positions in the ACPI global lock field
        - thermal: devfreq_cooling: inline all stubs for CONFIG_DEVFREQ_THERMAL=n
        - irqchip/versatile-fpga: Apply clear-mask earlier
        - MIPS: OCTEON: irq: Fix potential NULL pointer dereference
        - ath9k: Handle txpower changes even when TPC is disabled
        - signal: Extend exec_id to 64bits
        - x86/entry/32: Add missing ASM_CLAC to general_protection entry
        - KVM: x86: Allocate new rmap and large page tracking when moving memslot
        - crypto: mxs-dcp - fix scatterlist linearization for hash
        - futex: futex_wake_op, do not fail on invalid op
        - xen-netfront: Rework the fix for Rx stall during OOM and network stress
        - ALSA: hda: Initialize power_state field properly
        - Btrfs: incremental send, fix invalid memory access
        - IB/ipoib: Fix lockdep issue found on ipoib_ib_dev_heavy_flush
        - scsi: zfcp: fix missing erp_lock in port recovery trigger for point-to-point
        - arm64: armv8_deprecated: Fix undef_hook mask for thumb setend
        - ext4: fix a data race at inode->i_blocks
        - ocfs2: no need try to truncate file beyond i_size
        - s390/diag: fix display of diagnose call statistics
        - Input: i8042 - add Acer Aspire 5738z to nomux list
        - kmod: make request_module() return an error when autoloading is disabled
        - hfsplus: fix crash and filesystem corruption when deleting files
        - powerpc/64/tm: Don't let userspace set regs->trap via sigreturn
        - Btrfs: fix crash during unmount due to race with delayed inode workers
        - drm/dp_mst: Fix clearing payload state on topology disable
        - ipmi: fix hung processes in __get_guid()
        - powerpc/fsl_booke: Avoid creating duplicate tlb1 entry
        - misc: echo: Remove unnecessary parentheses and simplify check for zero
        - mfd: dln2: Fix sanity checking for endpoints
        - net: ipv4: devinet: Fix crash when add/del multicast IP with autojoin
        - net: ipv6: do not consider routes via gateways for anycast address check
        - scsi: ufs: Fix ufshcd_hold() caused scheduling while atomic
        - jbd2: improve comments about freeing data buffers whose page mapping is NULL
        - ext4: fix incorrect group count in ext4_fill_super error message
        - ext4: fix incorrect inodes per group in error message
        - ASoC: Intel: mrfld: fix incorrect check on p->sink
        - ASoC: Intel: mrfld: return error codes when an error occurs
        - ALSA: usb-audio: Don't override ignore_ctl_error value from the map
        - mac80211_hwsim: Use kstrndup() in place of kasprintf()
        - ext4: do not zeroout extents beyond i_disksize
        - dm flakey: check for null arg_name in parse_features()
        - kvm: x86: Host feature SSBD doesn't imply guest feature SPEC_CTRL_SSBD
        - x86/mitigations: Clear CPU buffers on the SYSCALL fast path
        - tracing: Fix the race between registering 'snapshot' event trigger and
          triggering 'snapshot' operation
        - scsi: sg: add sg_remove_request in sg_common_write
        - ALSA: hda: Don't release card at firmware loading error
        - video: fbdev: sis: Remove unnecessary parentheses and commented code
        - drm: NULL pointer dereference [null-pointer-deref] (CWE 476) problem
        - wil6210: increase firmware ready timeout
        - wil6210: fix temperature debugfs
        - scsi: ufs: ufs-qcom: remove broken hci version quirk
        - wil6210: rate limit wil_rx_refill error
        - rtc: pm8xxx: Fix issue in RTC write path
        - soc: qcom: smem: Use le32_to_cpu for comparison
        - of: fix missing kobject init for !SYSFS && OF_DYNAMIC config
        - of: unittest: kmemleak in of_unittest_platform_populate()
        - clk: at91: usb: continue if clk_hw_round_rate() return zero
        - clk: tegra: Fix Tegra PMC clock out parents
        - NFS: direct.c: Fix memory leak of dreq when nfs_get_lock_context fails
        - ext4: do not commit super on read-only bdev
        - percpu_counter: fix a data race at vm_committed_as
        - compiler.h: fix error in BUILD_BUG_ON() reporting
        - NFS: Fix memory leaks in nfs_pageio_stop_mirroring()
        - ext2: fix empty body warnings when -Wextra is used
        - iommu/amd: Fix the configuration of GCR3 table root pointer
        - fbdev: potential information leak in do_fb_ioctl()
        - tty: evh_bytechan: Fix out of bounds accesses
        - locktorture: Print ratio of acquisitions, not failures
        - mtd: lpddr: Fix a double free in probe()
        - mtd: phram: fix a double free issue in error path
        - x86/CPU: Add native CPUID variants returning a single datum
        - x86/microcode/intel: replace sync_core() with native_cpuid_reg(eax)
        - x86/vdso: Fix lsl operand order
        - Linux 4.4.220
    
      * Panic on suspend/resume Kernel panic - not syncing: stack-protector: Kernel
        stack is corrupted in: sata_pmp_eh_recover+0xa2b/0xa40 (LP: #1821434) //
        Xenial update: 4.4.220 upstream stable release (LP: #1875905)
        - libata: Return correct status in sata_pmp_eh_recover_pm() when
          ATA_DFLAG_DETACH is set
    
      * psock_tpacket from the net test in ubuntu_kernel_selftests failed on KVM
        kernels (LP: #1812176)
        - selftests/net: skip psock_tpacket test if KALLSYMS was not enabled
    
      * tunnels over IPv6 are unencrypted when using IPsec (LP: #1876982) //
        CVE-2020-1749
        - net: ipv6: add net argument to ip6_dst_lookup_flow
        - net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup
    
      * Bionic ubuntu ethtool doesn't check ring parameters boundaries
        (LP: #1874444)
        - ethtool: Ensure new ring parameters are within bounds during SRINGPARAM
    
      * Improve TSC refinement (and calibration) reliability (LP: #1877858)
        - x86/tsc: Make calibration refinement more robust
    
      * Do not treat unresolved test case in ftrace from ubuntu_kernel_selftests as
        failure (LP: #1877958)
        - ftrace/selftest: make unresolved cases cause failure if --fail-unresolved
          set
    
     -- Khalid Elmously <email address hidden>  Fri, 29 May 2020 02:56:23 -0400
  • linux (4.4.0-180.210) xenial; urgency=medium
    
      * xenial/linux: 4.4.0-180.210 -proposed tracker (LP: #1878873)
    
      * Xenial update: 4.4.223 upstream stable release (LP: #1878232)
        - mwifiex: fix PCIe register information for 8997 chipset
        - drm/qxl: qxl_release use after free
        - drm/qxl: qxl_release leak in qxl_draw_dirty_fb()
        - staging: rtl8192u: Fix crash due to pointers being "confusing"
        - usb: gadget: f_acm: Fix configfs attr name
        - usb: gadged: pch_udc: get rid of redundant assignments
        - usb: gadget: pch_udc: reorder spin_[un]lock to avoid deadlock
        - usb: gadget: udc: core: don't starve DMA resources
        - MIPS: Fix macro typo
        - MIPS: ptrace: Drop cp0_tcstatus from regoffset_table[]
        - MIPS: BMIPS: Fix PRID_IMP_BMIPS5000 masking for BMIPS5200
        - MIPS: smp-cps: Stop printing EJTAG exceptions to UART
        - MIPS: scall: Handle seccomp filters which redirect syscalls
        - MIPS: BMIPS: BMIPS5000 has I cache filing from D cache
        - MIPS: BMIPS: Clear MIPS_CACHE_ALIASES earlier
        - MIPS: BMIPS: local_r4k___flush_cache_all needs to blast S-cache
        - MIPS: BMIPS: Pretty print BMIPS5200 processor name
        - MIPS: Fix HTW config on XPA kernel without LPA enabled
        - MIPS: BMIPS: Adjust mips-hpt-frequency for BCM7435
        - MIPS: math-emu: Fix BC1{EQ,NE}Z emulation
        - MIPS: Fix BC1{EQ,NE}Z return offset calculation
        - MIPS: perf: Fix I6400 event numbers
        - MIPS: KVM: Fix translation of MFC0 ErrCtl
        - MIPS: SMP: Update cpu_foreign_map on CPU disable
        - MIPS: c-r4k: Fix protected_writeback_scache_line for EVA
        - MIPS: Octeon: Off by one in octeon_irq_gpio_map()
        - bpf, mips: fix off-by-one in ctx offset allocation
        - MIPS: RM7000: Double locking bug in rm7k_tc_disable()
        - MIPS: Define AT_VECTOR_SIZE_ARCH for ARCH_DLINFO
        - mips/panic: replace smp_send_stop() with kdump friendly version in panic
          path
        - ARM: dts: armadillo800eva Correct extal1 frequency to 24 MHz
        - ARM: imx: select SRC for i.MX7
        - ARM: dts: kirkwood: gpio pin fixes for linkstation ls-wxl/wsxl
        - ARM: dts: kirkwood: gpio pin fixes for linkstation ls-wvl/vl
        - ARM: dts: kirkwood: gpio-leds fixes for linkstation ls-wxl/wsxl
        - ARM: dts: kirkwood: gpio-leds fixes for linkstation ls-wvl/vl
        - ARM: dts: orion5x: gpio pin fixes for linkstation lswtgl
        - ARM: dts: orion5x: fix the missing mtd flash on linkstation lswtgl
        - ARM: dts: kirkwood: use unique machine name for ds112
        - ARM: dts: kirkwood: add kirkwood-ds112.dtb to Makefile
        - ARM: OMAP2+: hwmod: fix _idle() hwmod state sanity check sequence
        - perf/x86: Fix filter_events() bug with event mappings
        - x86/LDT: Print the real LDT base address
        - x86/apic/uv: Silence a shift wrapping warning
        - ALSA: fm801: explicitly free IRQ line
        - ALSA: fm801: propagate TUNER_ONLY bit when autodetected
        - ALSA: fm801: detect FM-only card earlier
        - netfilter: nfnetlink: use original skbuff when acking batches
        - xfrm: fix crash in XFRM_MSG_GETSA netlink handler
        - mwifiex: fix IBSS data path issue.
        - mwifiex: add missing check for PCIe8997 chipset
        - iwlwifi: set max firmware version of 7265 to 17
        - Bluetooth: btmrvl: fix hung task warning dump
        - dccp: limit sk_filter trim to payload
        - net/mlx4_core: Do not BUG_ON during reset when PCI is offline
        - mlxsw: pci: Correctly determine if descriptor queue is full
        - PCI: Supply CPU physical address (not bus address) to iomem_is_exclusive()
        - alpha/PCI: Call iomem_is_exclusive() for IORESOURCE_MEM, but not
          IORESOURCE_IO
        - vfio/pci: Allow VPD short read
        - mlxsw: Treat local port 64 as valid
        - IB/mlx4: Initialize hop_limit when creating address handle
        - GRE: Disable segmentation offloads w/ CSUM and we are encapsulated via FOU
        - powerpc/pci/of: Parse unassigned resources
        - firmware: actually return NULL on failed request_firmware_nowait()
        - c8sectpfe: Rework firmware loading mechanism
        - net/mlx5: Avoid passing dma address 0 to firmware
        - IB/mlx5: Fix RC transport send queue overhead computation
        - net/mlx5: Make command timeout way shorter
        - IB/mlx5: Fix FW version diaplay in sysfs
        - net/mlx5e: Fix MLX5E_100BASE_T define
        - net/mlx5: Fix the size of modify QP mailbox
        - net/mlx5: Fix masking of reserved bits in XRCD number
        - net/mlx5e: Fix blue flame quota logic
        - net/mlx5: use mlx5_buf_alloc_node instead of mlx5_buf_alloc in
          mlx5_wq_ll_create
        - net/mlx5: Avoid calling sleeping function by the health poll thread
        - net/mlx5: Fix wait_vital for VFs and remove fixed sleep
        - net/mlx5: Fix potential deadlock in command mode change
        - net/mlx5: Add timeout handle to commands with callback
        - net/mlx5: Fix pci error recovery flow
        - net/mlx5e: Copy all L2 headers into inline segment
        - net_sched: keep backlog updated with qlen
        - sch_drr: update backlog as well
        - sch_hfsc: always keep backlog updated
        - sch_prio: update backlog as well
        - sch_qfq: keep backlog updated with qlen
        - sch_sfb: keep backlog updated with qlen
        - sch_tbf: update backlog as well
        - btrfs: cleaner_kthread() doesn't need explicit freeze
        - irda: Free skb on irda_accept error path.
        - phy: fix device reference leaks
        - bonding: prevent out of bound accesses
        - mtd: nand: fix ONFI parameter page layout
        - ath10k: free cached fw bin contents when get board id fails
        - xprtrdma: checking for NULL instead of IS_ERR()
        - xprtrdma: Fix additional uses of spin_lock_irqsave(rb_lock)
        - xprtrdma: xprt_rdma_free() must not release backchannel reqs
        - xprtrdma: rpcrdma_bc_receive_call() should init rq_private_buf.len
        - RDMA/cxgb3: device driver frees DMA memory with different size
        - mlxsw: spectrum: Don't forward packets when STP state is DISABLED
        - mlxsw: spectrum: Disable learning according to STP state
        - mlxsw: spectrum: Don't count internal TX header bytes to stats
        - mlxsw: spectrum: Indicate support for autonegotiation
        - mlxsw: spectrum: Fix misuse of hard_header_len
        - net: tcp_memcontrol: properly detect ancestor socket pressure
        - tcp: do not set rtt_min to 1
        - RDS:TCP: Synchronize rds_tcp_accept_one with rds_send_xmit when resetting
          t_sock
        - net: ipv6: tcp reset, icmp need to consider L3 domain
        - batman-adv: Fix lockdep annotation of batadv_tlv_container_remove
        - batman-adv: replace WARN with rate limited output on non-existing VLAN
        - tty: serial: msm: Support more bauds
        - serial: samsung: Fix possible out of bounds access on non-DT platform
        - isa: Call isa_bus_init before dependent ISA bus drivers register
        - Btrfs: clean up an error code in btrfs_init_space_info()
        - Input: gpio-keys - fix check for disabling unsupported keys
        - Input: edt-ft5x06 - fix setting gain, offset, and threshold via device tree
        - net/xfrm_input: fix possible NULL deref of tunnel.ip6->parms.i_key
        - xfrm_user: propagate sec ctx allocation errors
        - xfrm: Fix memory leak of aead algorithm name
        - mac80211: fix mgmt-tx abort cookie and leak
        - mac80211: TDLS: always downgrade invalid chandefs
        - mac80211: TDLS: change BW calculation for WIDER_BW peers
        - mac80211: Fix BW upgrade for TDLS peers
        - NFS: Fix an LOCK/OPEN race when unlinking an open file
        - net: get rid of an signed integer overflow in ip_idents_reserve()
        - mtd: nand: denali: add missing nand_release() call in denali_remove()
        - ASoC: Intel: pass correct parameter in sst_alloc_stream_mrfld()
        - ASoC: tegra_alc5632: check return value
        - ASoC: fsl_ssi: mark SACNT register volatile
        - Revert "ACPI / LPSS: allow to use specific PM domain during ->probe()"
        - mmc: sdhci: restore behavior when setting VDD via external regulator
        - mmc: sd: limit SD card power limit according to cards capabilities
        - mmc: debugfs: correct wrong voltage value
        - mmc: block: return error on failed mmc_blk_get()
        - clk: rockchip: Revert "clk: rockchip: reset init state before mmc card
          initialization"
        - mmc: dw_mmc: rockchip: Set the drive phase properly
        - mmc: moxart: fix wait_for_completion_interruptible_timeout return variable
          type
        - mmc: sdhci: Fix regression setting power on Trats2 board
        - perf tools: Fix perf regs mask generation
        - powerpc/book3s: Fix MCE console messages for unrecoverable MCE.
        - sctp: fix the transports round robin issue when init is retransmitted
        - sunrpc: Update RPCBIND_MAXNETIDLEN
        - NFC: nci: memory leak in nci_core_conn_create()
        - net: phy: Avoid polling PHY with PHY_IGNORE_INTERRUPTS
        - net: phy: Fix phy_mac_interrupt()
        - net: phy: bcm7xxx: Fix shadow mode 2 disabling
        - of_mdio: fix node leak in of_phy_register_fixed_link error path
        - phy: micrel: Fix finding PHY properties in MAC node for KSZ9031.
        - net: dsa: slave: fix of-node leak and phy priority
        - drivers: net: cpsw: don't ignore phy-mode if phy-handle is used
        - iommu/dma: Respect IOMMU aperture when allocating
        - mdio-sun4i: oops in error handling in probe
        - iio:ad7797: Use correct attribute_group
        - selftests/ipc: Fix test failure seen after initial test run
        - wimax/i2400m: Fix potential urb refcnt leak
        - cifs: protect updating server->dstaddr with a spinlock
        - scripts/config: allow colons in option strings for sed
        - lib/mpi: Fix building for powerpc with clang
        - net: bcmgenet: suppress warnings on failed Rx SKB allocations
        - net: systemport: suppress warnings on failed Rx SKB allocations
        - rc: allow rc modules to be loaded if rc-main is not a module
        - lirc_imon: do not leave imon_probe() with mutex held
        - am437x-vpfe: fix an uninitialized variable bug
        - cx23885: uninitialized variable in cx23885_av_work_handler()
        - ath9k_htc: check for underflow in ath9k_htc_rx_msg()
        - VFIO: platform: reset: fix a warning message condition
        - net: moxa: fix an error code
        - mfd: lp8788-irq: Uninitialized variable in irq handler
        - ethernet: micrel: fix some error codes
        - power: ipaq-micro-battery: freeing the wrong variable
        - i40e: fix an uninitialized variable bug
        - qede: uninitialized variable in qede_start_xmit()
        - qlcnic: potential NULL dereference in qlcnic_83xx_get_minidump_template()
        - qlcnic: use the correct ring in qlcnic_83xx_process_rcv_ring_diag()
        - target: Fix a memory leak in target_dev_lba_map_store()
        - memory/tegra: Add number of TLB lines for Tegra124
        - pinctrl: bcm2835: Fix memory leak in error path
        - be2net: Don't leak iomapped memory on removal.
        - ipv4: Fix memory leak in exception case for splitting tries
        - flow_dissector: Check for IP fragmentation even if not using IPv4 address
        - ipv4: fix checksum annotation in udp4_csum_init
        - ipv4: do not abuse GFP_ATOMIC in inet_netconf_notify_devconf()
        - ipv4: accept u8 in IP_TOS ancillary data
        - net: vrf: Fix dev refcnt leak due to IPv6 prefix route
        - ipv6: fix checksum annotation in udp6_csum_init
        - ipv6: do not abuse GFP_ATOMIC in inet6_netconf_notify_devconf()
        - ipv6: add missing netconf notif when 'all' is updated
        - net: ipv6: Fix processing of RAs in presence of VRF
        - netfilter: nf_tables: fix a wrong check to skip the inactive rules
        - netfilter: nft_dynset: fix panic if NFT_SET_HASH is not enabled
        - netfilter: nf_tables: destroy the set if fail to add transaction
        - netfilter: nft_dup: do not use sreg_dev if the user doesn't specify it
        - udp: restore UDPlite many-cast delivery
        - clk: st: avoid uninitialized variable use
        - clk: gpio: handle error codes for of_clk_get_parent_count()
        - clk: ti: omap3+: dpll: use non-locking version of clk_get_rate
        - clk: multiplier: Prevent the multiplier from under / over flowing
        - clk: imx: clk-pllv3: fix incorrect handle of enet powerdown bit
        - clk: xgene: Don't call __pa on ioremaped address
        - cls_bpf: reset class and reuse major in da
        - arm64: bpf: jit JMP_JSET_{X,K}
        - bpf, trace: check event type in bpf_perf_event_read
        - bpf: fix map not being uncharged during map creation failure
        - net/mlx4_core: Fix potential corruption in counters database
        - net/mlx4_core: Fix access to uninitialized index
        - net/mlx4_en: Fix the return value of a failure in VLAN VID add/kill
        - net/mlx4_core: Check device state before unregistering it
        - net/mlx4_core: Fix the resource-type enum in res tracker to conform to FW
          spec
        - net/mlx4_en: Process all completions in RX rings after port goes up
        - net/mlx4_core: Do not access comm channel if it has not yet been initialized
        - net/mlx4_en: Fix potential deadlock in port statistics flow
        - net/mlx4: Fix uninitialized fields in rule when adding promiscuous mode to
          device managed flow steering
        - net/mlx4_core: Fix QUERY FUNC CAP flags
        - mlxsw: switchx2: Fix misuse of hard_header_len
        - mlxsw: switchx2: Fix ethernet port initialization
        - sched/fair: Fix calc_cfs_shares() fixed point arithmetics width confusion
        - net_sched: flower: Avoid dissection of unmasked keys
        - pkt_sched: fq: use proper locking in fq_dump_stats()
        - sched/preempt: Fix preempt_count manipulations
        - power: bq27xxx: fix reading for bq27000 and bq27010
        - power: bq27xxx: fix register numbers of bq27500
        - power: test_power: correctly handle empty writes
        - power: bq27xxx_battery: Fix bq27541 AveragePower register address
        - power_supply: tps65217-charger: Fix NULL deref during property export
        - net: vrf: Fix dst reference counting
        - net: Don't delete routes in different VRFs
        - vti6: fix input path
        - ipv4: Fix table id reference in fib_sync_down_addr
        - mlx4: do not call napi_schedule() without care
        - xprtrdma: Fix backchannel allocation of extra rpcrdma_reps
        - ALSA: fm801: Initialize chip after IRQ handler is registered
        - bonding: fix length of actor system
        - MIPS: perf: Remove incorrect odd/even counter handling for I6400
        - Revert "cpufreq: Drop rwsem lock around CPUFREQ_GOV_POLICY_EXIT"
        - net: dsa: mv88e6xxx: unlock DSA and CPU ports
        - gfs2: fix flock panic issue
        - blk-mq: fix undefined behaviour in order_to_size()
        - dm: fix second blk_delay_queue() parameter to be in msec units not jiffies
        - dmaengine: edma: Add probe callback to edma_tptc_driver
        - openvswitch: update checksum in {push,pop}_mpls
        - cxgb4/cxgb4vf: Fixes regression in perf when tx vlan offload is disabled
        - net: bcmgenet: fix skb_len in bcmgenet_xmit_single()
        - net: bcmgenet: device stats are unsigned long
        - gre: do not assign header_ops in collect metadata mode
        - gre: build header correctly for collect metadata tunnels
        - gre: reject GUE and FOU in collect metadata mode
        - sfc: fix potential stack corruption from running past stat bitmask
        - sfc: clear napi_hash state when copying channels
        - net: bcmsysport: Device stats are unsigned long
        - cxgbi: fix uninitialized flowi6
        - net: macb: add missing free_netdev() on error in macb_probe()
        - macvtap: segmented packet is consumed
        - tipc: fix the error handling in tipc_udp_enable()
        - net: icmp6_send should use dst dev to determine L3 domain
        - et131x: Fix logical vs bitwise check in et131x_tx_timeout()
        - net: ethernet: stmmac: dwmac-sti: fix probe error path
        - rtnl: reset calcit fptr in rtnl_unregister()
        - net: ethernet: stmmac: dwmac-rk: fix probe error path
        - fq_codel: return non zero qlen in class dumps
        - net: ethernet: stmmac: dwmac-generic: fix probe error path
        - bnxt: add a missing rcu synchronization
        - qdisc: fix a module refcount leak in qdisc_create_dflt()
        - net: axienet: Fix return value check in axienet_probe()
        - bnxt_en: Remove locking around txr->dev_state
        - net: ethernet: davinci_emac: Fix devioctl while in fixed link
        - net: ethernet: mvneta: Remove IFF_UNICAST_FLT which is not implemented
        - net: ethernet: ti: cpsw: fix device and of_node leaks
        - net: ethernet: ti: cpsw: fix secondary-emac probe error path
        - net: hns: fix device reference leaks
        - net: bridge: don't increment tx_dropped in br_do_proxy_arp
        - net: dsa: mv88e6xxx: enable SA learning on DSA ports
        - net: ehea: avoid null pointer dereference
        - l2tp: fix use-after-free during module unload
        - hwrng: exynos - Disable runtime PM on driver unbind
        - net: icmp_route_lookup should use rt dev to determine L3 domain
        - net: mvneta: fix trivial cut-off issue in mvneta_ethtool_update_stats
        - net: macb: replace macb_writel() call by queue_writel() to update queue ISR
        - ravb: Add missing free_irq() call to ravb_close()
        - mvpp2: use correct size for memset
        - net: vxlan: lwt: Fix vxlan local traffic.
        - net: ethoc: Fix early error paths
        - net: mv643xx_eth: fix packet corruption with TSO and tiny unaligned packets.
        - regulator: core: Rely on regulator_dev_release to free constraints
        - net: dsa: mv88e6xxx: fix port VLAN maps
        - at803x: fix reset handling
        - cxl: Fix DAR check & use REGION_ID instead of opencoding
        - net: ethernet: davinci_emac: Fix platform_data overwrite
        - ata: sata_dwc_460ex: remove incorrect locking
        - pinctrl: tegra: Correctly check the supported configuration
        - brcmfmac: add fallback for devices that do not report per-chain values
        - brcmfmac: restore stopping netdev queue when bus clogs up
        - bridge: Fix problems around fdb entries pointing to the bridge device
        - bna: add missing per queue ethtool stat
        - net: skbuff: Remove errornous length validation in skb_vlan_pop()
        - net: ep93xx_eth: Do not crash unloading module
        - macvlan: Fix potential use-after free for broadcasts
        - sctp: Fix SHUTDOWN CTSN Ack in the peer restart case
        - ALSA: hda: Match both PCI ID and SSID for driver blacklist
        - mac80211: add ieee80211_is_any_nullfunc()
        - Linux 4.4.223
    
      * Xenial update: 4.4.222 upstream stable release (LP: #1878246)
        - ext4: fix special inode number checks in __ext4_iget()
        - drm/qxl: qxl_release leak in qxl_hw_surface_alloc()
        - ALSA: pcm: oss: Place the plugin buffer overflow checks correctly
        - PM: ACPI: Output correct message on target power state
        - RDMA/mlx4: Initialize ib_spec on the stack
        - vfio/type1: Fix VA->PA translation for PFNMAP VMAs in vaddr_get_pfn()
        - ALSA: opti9xx: shut up gcc-10 range warning
        - nfs: Fix potential posix_acl refcnt leak in nfs3_set_acl
        - dmaengine: dmatest: Fix iteration non-stop logic
        - i2c: designware-pci: use IRQF_COND_SUSPEND flag
        - perf hists: Fix HISTC_MEM_DCACHELINE width setting
        - powerpc/perf: Remove PPMU_HAS_SSLOT flag for Power8
        - perf/x86: Fix uninitialized value usage
        - exynos4-is: fix a format string bug
        - ASoC: wm8960: Fix WM8960_SYSCLK_PLL mode
        - ASoC: imx-spdif: Fix crash on suspend
        - ipv6: use READ_ONCE() for inet->hdrincl as in ipv4
        - selinux: properly handle multiple messages in selinux_netlink_send()
        - Linux 4.4.222
    
      * Xenial update: 4.4.221 upstream stable release (LP: #1878098)
        - ext4: fix extent_status fragmentation for plain files
        - ALSA: hda - Fix incorrect usage of IS_REACHABLE()
        - net: ipv4: emulate READ_ONCE() on ->hdrincl bit-field in raw_sendmsg()
        - net: ipv4: avoid unused variable warning for sysctl
        - crypto: mxs-dcp - make symbols 'sha1_null_hash' and 'sha256_null_hash'
          static
        - vti4: removed duplicate log message.
        - scsi: lpfc: Fix kasan slab-out-of-bounds error in lpfc_unreg_login
        - ceph: return ceph_mdsc_do_request() errors from __get_parent()
        - ceph: don't skip updating wanted caps when cap is stale
        - pwm: rcar: Fix late Runtime PM enablement
        - scsi: iscsi: Report unbind session event when the target has been removed
        - ASoC: Intel: atom: Take the drv->lock mutex before calling
          sst_send_slot_map()
        - kernel/gcov/fs.c: gcov_seq_next() should increase position index
        - ipc/util.c: sysvipc_find_ipc() should increase position index
        - s390/cio: avoid duplicated 'ADD' uevents
        - pwm: renesas-tpu: Fix late Runtime PM enablement
        - pwm: bcm2835: Dynamically allocate base
        - ipv6: fix restrict IPV6_ADDRFORM operation
        - macvlan: fix null dereference in macvlan_device_event()
        - net: netrom: Fix potential nr_neigh refcnt leak in nr_add_node
        - net/x25: Fix x25_neigh refcnt leak when receiving frame
        - tcp: cache line align MAX_TCP_HEADER
        - team: fix hang in team_mode_get()
        - xfrm: Always set XFRM_TRANSFORMED in xfrm{4,6}_output_finish
        - ALSA: hda: Remove ASUS ROG Zenith from the blacklist
        - iio: xilinx-xadc: Fix ADC-B powerdown
        - iio: xilinx-xadc: Fix clearing interrupt when enabling trigger
        - iio: xilinx-xadc: Fix sequencer configuration for aux channels in
          simultaneous mode
        - fs/namespace.c: fix mountpoint reference counter race
        - USB: sisusbvga: Change port variable from signed to unsigned
        - USB: Add USB_QUIRK_DELAY_CTRL_MSG and USB_QUIRK_DELAY_INIT for Corsair K70
          RGB RAPIDFIRE
        - drivers: usb: core: Don't disable irqs in usb_sg_wait() during URB submit.
        - drivers: usb: core: Minimize irq disabling in usb_sg_cancel()
        - USB: core: Fix free-while-in-use bug in the USB S-Glibrary
        - USB: hub: Fix handling of connect changes during sleep
        - ALSA: usx2y: Fix potential NULL dereference
        - ALSA: usb-audio: Fix usb audio refcnt leak when getting spdif
        - ALSA: usb-audio: Filter out unsupported sample rates on Focusrite devices
        - KVM: Check validity of resolved slot when searching memslots
        - KVM: VMX: Enable machine check support for 32bit targets
        - tty: hvc: fix buffer overflow during hvc_alloc().
        - tty: rocket, avoid OOB access
        - usb-storage: Add unusual_devs entry for JMicron JMS566
        - audit: check the length of userspace generated audit records
        - ASoC: dapm: fixup dapm kcontrol widget
        - ARM: imx: provide v7_cpu_resume() only on ARM_CPU_SUSPEND=y
        - staging: comedi: dt2815: fix writing hi byte of analog output
        - staging: comedi: Fix comedi_device refcnt leak in comedi_open
        - staging: vt6656: Fix drivers TBTT timing counter.
        - staging: vt6656: Power save stop wake_up_count wrap around.
        - UAS: no use logging any details in case of ENODEV
        - UAS: fix deadlock in error handling and PM flushing work
        - usb: f_fs: Clear OS Extended descriptor counts to zero in ffs_data_reset()
        - remoteproc: Fix wrong rvring index computation
        - sctp: use right member as the param of list_for_each_entry
        - fuse: fix possibly missed wake-up after abort
        - mtd: cfi: fix deadloop in cfi_cmdset_0002.c do_write_buffer
        - usb: gadget: udc: bdc: Remove unnecessary NULL checks in bdc_req_complete
        - net/cxgb4: Check the return from t4_query_params properly
        - perf/core: fix parent pid/tid in task exit events
        - bpf, x86: Fix encoding for lower 8-bit registers in BPF_STX BPF_B
        - scsi: target: fix PR IN / READ FULL STATUS for FC
        - xen/xenbus: ensure xenbus_map_ring_valloc() returns proper grant status
        - ext4: convert BUG_ON's to WARN_ON's in mballoc.c
        - ext4: avoid declaring fs inconsistent due to invalid file handles
        - ext4: protect journal inode's blocks using block_validity
        - ext4: don't perform block validity checks on the journal inode
        - ext4: fix block validity checks for journal inodes using indirect blocks
        - ext4: unsigned int compared against zero
        - propagate_one(): mnt_set_mountpoint() needs mount_lock
        - Linux 4.4.221
    
      * Xenial update: 4.4.220 upstream stable release (LP: #1875905)
        - bus: sunxi-rsb: Return correct data when mixing 16-bit and 8-bit reads
        - net: vxge: fix wrong __VA_ARGS__ usage
        - qlcnic: Fix bad kzalloc null test
        - i2c: st: fix missing struct parameter description
        - irqchip/versatile-fpga: Handle chained IRQs properly
        - selftests/x86/ptrace_syscall_32: Fix no-vDSO segfault
        - libata: Remove extra scsi_host_put() in ata_scsi_add_hosts()
        - gfs2: Don't demote a glock until its revokes are written
        - x86/boot: Use unsigned comparison for addresses
        - locking/lockdep: Avoid recursion in lockdep_count_{for,back}ward_deps()
        - btrfs: remove a BUG_ON() from merge_reloc_roots()
        - btrfs: track reloc roots based on their commit root bytenr
        - misc: rtsx: set correct pcr_ops for rts522A
        - ASoC: fix regwmask
        - ASoC: dapm: connect virtual mux with default value
        - ASoC: dpcm: allow start or stop during pause for backend
        - ASoC: topology: use name_prefix for new kcontrol
        - usb: gadget: f_fs: Fix use after free issue as part of queue failure
        - usb: gadget: composite: Inform controller driver of self-powered
        - ALSA: usb-audio: Add mixer workaround for TRX40 and co
        - ALSA: hda: Add driver blacklist
        - ALSA: hda: Fix potential access overflow in beep helper
        - ALSA: ice1724: Fix invalid access for enumerated ctl items
        - ALSA: pcm: oss: Fix regression by buffer overflow fix
        - acpi/x86: ignore unspecified bit positions in the ACPI global lock field
        - thermal: devfreq_cooling: inline all stubs for CONFIG_DEVFREQ_THERMAL=n
        - irqchip/versatile-fpga: Apply clear-mask earlier
        - MIPS: OCTEON: irq: Fix potential NULL pointer dereference
        - ath9k: Handle txpower changes even when TPC is disabled
        - signal: Extend exec_id to 64bits
        - x86/entry/32: Add missing ASM_CLAC to general_protection entry
        - KVM: x86: Allocate new rmap and large page tracking when moving memslot
        - crypto: mxs-dcp - fix scatterlist linearization for hash
        - futex: futex_wake_op, do not fail on invalid op
        - xen-netfront: Rework the fix for Rx stall during OOM and network stress
        - ALSA: hda: Initialize power_state field properly
        - Btrfs: incremental send, fix invalid memory access
        - IB/ipoib: Fix lockdep issue found on ipoib_ib_dev_heavy_flush
        - scsi: zfcp: fix missing erp_lock in port recovery trigger for point-to-point
        - arm64: armv8_deprecated: Fix undef_hook mask for thumb setend
        - ext4: fix a data race at inode->i_blocks
        - ocfs2: no need try to truncate file beyond i_size
        - s390/diag: fix display of diagnose call statistics
        - Input: i8042 - add Acer Aspire 5738z to nomux list
        - kmod: make request_module() return an error when autoloading is disabled
        - hfsplus: fix crash and filesystem corruption when deleting files
        - powerpc/64/tm: Don't let userspace set regs->trap via sigreturn
        - Btrfs: fix crash during unmount due to race with delayed inode workers
        - drm/dp_mst: Fix clearing payload state on topology disable
        - ipmi: fix hung processes in __get_guid()
        - powerpc/fsl_booke: Avoid creating duplicate tlb1 entry
        - misc: echo: Remove unnecessary parentheses and simplify check for zero
        - mfd: dln2: Fix sanity checking for endpoints
        - net: ipv4: devinet: Fix crash when add/del multicast IP with autojoin
        - net: ipv6: do not consider routes via gateways for anycast address check
        - scsi: ufs: Fix ufshcd_hold() caused scheduling while atomic
        - jbd2: improve comments about freeing data buffers whose page mapping is NULL
        - ext4: fix incorrect group count in ext4_fill_super error message
        - ext4: fix incorrect inodes per group in error message
        - ASoC: Intel: mrfld: fix incorrect check on p->sink
        - ASoC: Intel: mrfld: return error codes when an error occurs
        - ALSA: usb-audio: Don't override ignore_ctl_error value from the map
        - mac80211_hwsim: Use kstrndup() in place of kasprintf()
        - ext4: do not zeroout extents beyond i_disksize
        - dm flakey: check for null arg_name in parse_features()
        - kvm: x86: Host feature SSBD doesn't imply guest feature SPEC_CTRL_SSBD
        - x86/mitigations: Clear CPU buffers on the SYSCALL fast path
        - tracing: Fix the race between registering 'snapshot' event trigger and
          triggering 'snapshot' operation
        - scsi: sg: add sg_remove_request in sg_common_write
        - ALSA: hda: Don't release card at firmware loading error
        - video: fbdev: sis: Remove unnecessary parentheses and commented code
        - drm: NULL pointer dereference [null-pointer-deref] (CWE 476) problem
        - wil6210: increase firmware ready timeout
        - wil6210: fix temperature debugfs
        - scsi: ufs: ufs-qcom: remove broken hci version quirk
        - wil6210: rate limit wil_rx_refill error
        - rtc: pm8xxx: Fix issue in RTC write path
        - soc: qcom: smem: Use le32_to_cpu for comparison
        - of: fix missing kobject init for !SYSFS && OF_DYNAMIC config
        - of: unittest: kmemleak in of_unittest_platform_populate()
        - clk: at91: usb: continue if clk_hw_round_rate() return zero
        - clk: tegra: Fix Tegra PMC clock out parents
        - NFS: direct.c: Fix memory leak of dreq when nfs_get_lock_context fails
        - ext4: do not commit super on read-only bdev
        - percpu_counter: fix a data race at vm_committed_as
        - compiler.h: fix error in BUILD_BUG_ON() reporting
        - NFS: Fix memory leaks in nfs_pageio_stop_mirroring()
        - ext2: fix empty body warnings when -Wextra is used
        - iommu/amd: Fix the configuration of GCR3 table root pointer
        - fbdev: potential information leak in do_fb_ioctl()
        - tty: evh_bytechan: Fix out of bounds accesses
        - locktorture: Print ratio of acquisitions, not failures
        - mtd: lpddr: Fix a double free in probe()
        - mtd: phram: fix a double free issue in error path
        - x86/CPU: Add native CPUID variants returning a single datum
        - x86/microcode/intel: replace sync_core() with native_cpuid_reg(eax)
        - x86/vdso: Fix lsl operand order
        - Linux 4.4.220
    
      * Panic on suspend/resume Kernel panic - not syncing: stack-protector: Kernel
        stack is corrupted in: sata_pmp_eh_recover+0xa2b/0xa40 (LP: #1821434) //
        Xenial update: 4.4.220 upstream stable release (LP: #1875905)
        - libata: Return correct status in sata_pmp_eh_recover_pm() when
          ATA_DFLAG_DETACH is set
    
      * psock_tpacket from the net test in ubuntu_kernel_selftests failed on KVM
        kernels (LP: #1812176)
        - selftests/net: skip psock_tpacket test if KALLSYMS was not enabled
    
      * tunnels over IPv6 are unencrypted when using IPsec (LP: #1876982) //
        CVE-2020-1749
        - net: ipv6: add net argument to ip6_dst_lookup_flow
        - net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup
    
      * Bionic ubuntu ethtool doesn't check ring parameters boundaries
        (LP: #1874444)
        - ethtool: Ensure new ring parameters are within bounds during SRINGPARAM
    
      * Improve TSC refinement (and calibration) reliability (LP: #1877858)
        - x86/tsc: Make calibration refinement more robust
    
      * Do not treat unresolved test case in ftrace from ubuntu_kernel_selftests as
        failure (LP: #1877958)
        - ftrace/selftest: make unresolved cases cause failure if --fail-unresolved
          set
    
     -- Kleber Sacilotto de Souza <email address hidden>  Fri, 15 May 2020 18:03:36 +0200
  • linux (4.4.0-179.209) xenial; urgency=medium
    
      * xenial/linux: 4.4.0-179.209 -proposed tracker (LP: #1874804)
    
      * Add debian/rules targets to compile/run kernel selftests (LP: #1874286)
        - [Packaging] add support to compile/run selftests
    
      * getitimer returns it_value=0 erroneously (LP: #1349028)
        - [Config] CONTEXT_TRACKING_FORCE policy should be unset
    
      * CVE-2020-11608
        - media: ov519: add missing endpoint sanity checks
    
      * CVE-2019-19060
        - iio: imu: adis16400: release allocated memory on failure
    
      * Xenial update: 4.4.219 upstream stable release (LP: #1874045)
        - drm/bochs: downgrade pci_request_region failure from error to warning
        - ipv4: fix a RCU-list lock in fib_triestat_seq_show
        - net, ip_tunnel: fix interface lookup with no key
        - sctp: fix possibly using a bad saddr with a given dst
        - l2tp: Correctly return -EBADF from pppol2tp_getname.
        - net: l2tp: Make l2tp_ip6 namespace aware
        - l2tp: fix race in l2tp_recv_common()
        - l2tp: ensure session can't get removed during pppol2tp_session_ioctl()
        - l2tp: fix duplicate session creation
        - l2tp: Refactor the codes with existing macros instead of literal number
        - l2tp: ensure sessions are freed after their PPPOL2TP socket
        - l2tp: fix race between l2tp_session_delete() and l2tp_tunnel_closeall()
        - usb: gadget: uac2: Drop unused device qualifier descriptor
        - usb: gadget: printer: Drop unused device qualifier descriptor
        - padata: always acquire cpu_hotplug_lock before pinst->lock
        - mm: mempolicy: require at least one nodeid for MPOL_PREFERRED
        - net: stmmac: dwmac1000: fix out-of-bounds mac address reg setting
        - random: always use batched entropy for get_random_u{32,64}
        - tools/accounting/getdelays.c: fix netlink attribute length
        - power: supply: axp288_charger: Fix unchecked return value
        - ASoC: jz4740-i2s: Fix divider written at incorrect offset in register
        - IB/hfi1: Call kobject_put() when kobject_init_and_add() fails
        - Bluetooth: RFCOMM: fix ODEBUG bug in rfcomm_dev_ioctl
        - RDMA/cm: Update num_paths in cma_resolve_iboe_route error flow
        - clk: qcom: rcg: Return failure for RCG update
        - drm_dp_mst_topology: fix broken drm_dp_sideband_parse_remote_dpcd_read()
        - Linux 4.4.219
    
      * Xenial update: 4.4.218 upstream stable release (LP: #1873852)
        - spi: qup: call spi_qup_pm_resume_runtime before suspending
        - powerpc: Include .BTF section
        - ARM: dts: dra7: Add "dma-ranges" property to PCIe RC DT nodes
        - spi/zynqmp: remove entry that causes a cs glitch
        - drm/exynos: dsi: propagate error value and silence meaningless warning
        - drm/exynos: dsi: fix workaround for the legacy clock name
        - altera-stapl: altera_get_note: prevent write beyond end of 'key'
        - USB: Disable LPM on WD19's Realtek Hub
        - usb: quirks: add NO_LPM quirk for RTL8153 based ethernet adapters
        - USB: serial: option: add ME910G1 ECM composition 0x110b
        - usb: host: xhci-plat: add a shutdown
        - USB: serial: pl2303: add device-id for HP LD381
        - ALSA: line6: Fix endless MIDI read loop
        - ALSA: seq: virmidi: Fix running status after receiving sysex
        - ALSA: seq: oss: Fix running status after receiving sysex
        - ALSA: pcm: oss: Avoid plugin buffer overflow
        - ALSA: pcm: oss: Remove WARNING from snd_pcm_plug_alloc() checks
        - staging: rtl8188eu: Add device id for MERCUSYS MW150US v2
        - staging/speakup: fix get_word non-space look-ahead
        - intel_th: Fix user-visible error codes
        - rtc: max8907: add missing select REGMAP_IRQ
        - memcg: fix NULL pointer dereference in __mem_cgroup_usage_unregister_event
        - mm: slub: be more careful about the double cmpxchg of freelist
        - mm, slub: prevent kmalloc_node crashes and memory leaks
        - x86/mm: split vmalloc_sync_all()
        - USB: cdc-acm: fix close_delay and closing_wait units in TIOCSSERIAL
        - USB: cdc-acm: fix rounding error in TIOCSSERIAL
        - kbuild: Disable -Wpointer-to-enum-cast
        - futex: Fix inode life-time issue
        - futex: Unbreak futex hashing
        - arm64: smp: fix smp_send_stop() behaviour
        - Revert "drm/dp_mst: Skip validating ports during destruction, just ref"
        - hsr: fix general protection fault in hsr_addr_is_self()
        - net: dsa: Fix duplicate frames flooded by learning
        - net_sched: cls_route: remove the right filter from hashtable
        - net_sched: keep alloc_hash updated after hash allocation
        - NFC: fdp: Fix a signedness bug in fdp_nci_send_patch()
        - slcan: not call free_netdev before rtnl_unlock in slcan_open
        - vxlan: check return value of gro_cells_init()
        - hsr: use rcu_read_lock() in hsr_get_node_{list/status}()
        - hsr: add restart routine into hsr_get_node_list()
        - hsr: set .netnsok flag
        - vhost: Check docket sk_family instead of call getname
        - IB/ipoib: Do not warn if IPoIB debugfs doesn't exist
        - uapi glibc compat: fix outer guard of net device flags enum
        - KVM: VMX: Do not allow reexecute_instruction() when skipping MMIO instr
        - drivers/hwspinlock: use correct radix tree API
        - net: ipv4: don't let PMTU updates increase route MTU
        - cpupower: avoid multiple definition with gcc -fno-common
        - dt-bindings: net: FMan erratum A050385
        - scsi: ipr: Fix softlockup when rescanning devices in petitboot
        - mac80211: Do not send mesh HWMP PREQ if HWMP is disabled
        - sxgbe: Fix off by one in samsung driver strncpy size arg
        - i2c: hix5hd2: add missed clk_disable_unprepare in remove
        - perf probe: Do not depend on dwfl_module_addrsym()
        - scripts/dtc: Remove redundant YYLOC global declaration
        - scsi: sd: Fix optimal I/O size for devices that change reported values
        - mac80211: mark station unauthorized before key removal
        - genirq: Fix reference leaks on irq affinity notifiers
        - vti[6]: fix packet tx through bpf_redirect() in XinY cases
        - xfrm: fix uctx len check in verify_sec_ctx_len
        - xfrm: add the missing verify_sec_ctx_len check in xfrm_add_acquire
        - xfrm: policy: Fix doulbe free in xfrm_policy_timer
        - vti6: Fix memory leak of skb if input policy check fails
        - tools: Let O= makes handle a relative path with -C option
        - USB: serial: option: add support for ASKEY WWHC050
        - USB: serial: option: add BroadMobi BM806U
        - USB: serial: option: add Wistron Neweb D19Q1
        - USB: cdc-acm: restore capability check order
        - USB: serial: io_edgeport: fix slab-out-of-bounds read in
          edge_interrupt_callback
        - usb: musb: fix crash with highmen PIO and usbmon
        - media: flexcop-usb: fix endpoint sanity check
        - media: usbtv: fix control-message timeouts
        - staging: rtl8188eu: Add ASUS USB-N10 Nano B1 to device table
        - staging: wlan-ng: fix use-after-free Read in hfa384x_usbin_callback
        - libfs: fix infoleak in simple_attr_read()
        - media: ov519: add missing endpoint sanity checks
        - media: dib0700: fix rc endpoint lookup
        - media: stv06xx: add missing descriptor sanity checks
        - media: xirlink_cit: add missing descriptor sanity checks
        - vt: selection, introduce vc_is_sel
        - vt: ioctl, switch VT_IS_IN_USE and VT_BUSY to inlines
        - vt: switch vt_dont_switch to bool
        - vt: vt_ioctl: remove unnecessary console allocation checks
        - vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console
        - locking/atomic, kref: Add kref_read()
        - vt: vt_ioctl: fix use-after-free in vt_in_use()
        - bpf: Explicitly memset the bpf_attr structure
        - net: ks8851-ml: Fix IO operations, again
        - perf map: Fix off by one in strncpy() size argument
        - Linux 4.4.218
    
      * Pop sound from build-in speaker during cold boot and resume from S3
        (LP: #1866357) // Xenial update: 4.4.218 upstream stable release
        (LP: #1873852)
        - ALSA: hda/realtek: Fix pop noise on ALC225
    
      * CVE-2020-11494
        - slcan: Don't transmit uninitialized stack data in padding
    
      * add_key05 from ubuntu_ltp_syscalls failed (LP: #1869644)
        - KEYS: reaching the keys quotas correctly
    
     -- Kleber Sacilotto de Souza <email address hidden>  Fri, 24 Apr 2020 19:06:47 +0200
  • linux (4.4.0-178.208) xenial; urgency=medium
    
      * xenial/linux: 4.4.0-178.208 -proposed tracker (LP: #1870660)
    
      * CVE-2019-19768
        - blktrace: Protect q->blk_trace with RCU
        - blktrace: fix dereference after null check
    
      * Multiple Kexec in AWS Nitro instances fail (LP: #1869948)
        - net: ena: Add PCI shutdown handler to allow safe kexec
    
      * Insert test_bpf module will report 4 failures for ubuntu_bpf_jit on X s390x
        (LP: #1768452)
        - test_bpf: flag tests that cannot be jited on s390
    
      * Mounting LVM snapshots with xfs can hit kernel BUG in nvme driver
        (LP: #1869229)
        - block: fix bio_will_gap() for first bvec with offset
    
      * Xenial update: 4.4.217 upstream stable release (LP: #1868629)
        - NFS: Remove superfluous kmap in nfs_readdir_xdr_to_array
        - r8152: check disconnect status after long sleep
        - net: nfc: fix bounds checking bugs on "pipe"
        - bnxt_en: reinitialize IRQs when MTU is modified
        - fib: add missing attribute validation for tun_id
        - nl802154: add missing attribute validation
        - nl802154: add missing attribute validation for dev_type
        - team: add missing attribute validation for port ifindex
        - team: add missing attribute validation for array index
        - nfc: add missing attribute validation for SE API
        - nfc: add missing attribute validation for vendor subcommand
        - ipvlan: add cond_resched_rcu() while processing muticast backlog
        - ipvlan: do not add hardware address of master to its unicast filter list
        - ipvlan: egress mcast packets are not exceptional
        - ipvlan: do not use cond_resched_rcu() in ipvlan_process_multicast()
        - ipvlan: don't deref eth hdr before checking it's set
        - macvlan: add cond_resched() during multicast processing
        - net: fec: validate the new settings in fec_enet_set_coalesce()
        - slip: make slhc_compress() more robust against malicious packets
        - bonding/alb: make sure arp header is pulled before accessing it
        - net: fq: add missing attribute validation for orphan mask
        - iommu/vt-d: quirk_ioat_snb_local_iommu: replace WARN_TAINT with pr_warn +
          add_taint
        - drm/amd/display: remove duplicated assignment to grph_obj_type
        - gfs2_atomic_open(): fix O_EXCL|O_CREAT handling on cold dcache
        - KVM: x86: clear stale x86_emulate_ctxt->intercept value
        - ARC: define __ALIGN_STR and __ALIGN symbols for ARC
        - efi: Fix a race and a buffer overflow while reading efivars via sysfs
        - iommu/vt-d: dmar: replace WARN_TAINT with pr_warn + add_taint
        - iommu/vt-d: Fix a bug in intel_iommu_iova_to_phys() for huge page
        - nl80211: add missing attribute validation for critical protocol indication
        - nl80211: add missing attribute validation for channel switch
        - netfilter: cthelper: add missing attribute validation for cthelper
        - iommu/vt-d: Fix the wrong printing in RHSA parsing
        - iommu/vt-d: Ignore devices with out-of-spec domain number
        - ipv6: restrict IPV6_ADDRFORM operation
        - efi: Add a sanity check to efivar_store_raw()
        - batman-adv: Fix invalid read while copying bat_iv.bcast_own
        - batman-adv: Only put gw_node list reference when removed
        - batman-adv: Only put orig_node_vlan list reference when removed
        - batman-adv: Avoid endless loop in bat-on-bat netdevice check
        - batman-adv: Fix unexpected free of bcast_own on add_if error
        - batman-adv: Fix integer overflow in batadv_iv_ogm_calc_tq
        - batman-adv: init neigh node last seen field
        - batman-adv: Deactivate TO_BE_ACTIVATED hardif on shutdown
        - batman-adv: Drop reference to netdevice on last reference
        - batman-adv: Fix reference counting of vlan object for tt_local_entry
        - batman-adv: Avoid duplicate neigh_node additions
        - batman-adv: fix skb deref after free
        - batman-adv: Fix use-after-free/double-free of tt_req_node
        - batman-adv: Fix ICMP RR ethernet access after skb_linearize
        - batman-adv: Clean up untagged vlan when destroying via rtnl-link
        - batman-adv: Avoid nullptr dereference in bla after vlan_insert_tag
        - batman-adv: Avoid nullptr dereference in dat after vlan_insert_tag
        - batman-adv: Fix orig_node_vlan leak on orig_node_release
        - batman-adv: lock crc access in bridge loop avoidance
        - batman-adv: Fix non-atomic bla_claim::backbone_gw access
        - batman-adv: Fix reference leak in batadv_find_router
        - batman-adv: Free last_bonding_candidate on release of orig_node
        - batman-adv: Fix speedy join in gateway client mode
        - batman-adv: Add missing refcnt for last_candidate
        - batman-adv: Fix double free during fragment merge error
        - batman-adv: Fix transmission of final, 16th fragment
        - batman-adv: Fix rx packet/bytes stats on local ARP reply
        - batman-adv: fix TT sync flag inconsistencies
        - batman-adv: Fix lock for ogm cnt access in batadv_iv_ogm_calc_tq
        - batman-adv: Fix internal interface indices types
        - batman-adv: update data pointers after skb_cow()
        - batman-adv: Fix skbuff rcsum on packet reroute
        - batman-adv: Avoid race in TT TVLV allocator helper
        - batman-adv: Fix TT sync flags for intermediate TT responses
        - batman-adv: prevent TT request storms by not sending inconsistent TT TLVLs
        - batman-adv: Fix debugfs path for renamed hardif
        - batman-adv: Fix debugfs path for renamed softif
        - batman-adv: Avoid storing non-TT-sync flags on singular entries too
        - batman-adv: Prevent duplicated gateway_node entry
        - batman-adv: Prevent duplicated nc_node entry
        - batman-adv: Prevent duplicated global TT entry
        - batman-adv: Prevent duplicated tvlv handler
        - batman-adv: Reduce claim hash refcnt only for removed entry
        - batman-adv: Reduce tt_local hash refcnt only for removed entry
        - batman-adv: Reduce tt_global hash refcnt only for removed entry
        - batman-adv: Only read OGM tvlv_len after buffer len check
        - batman-adv: Avoid free/alloc race when handling OGM buffer
        - batman-adv: Don't schedule OGM for disabled interface
        - perf/amd/uncore: Replace manual sampling check with CAP_NO_INTERRUPT flag
        - net: ks8851-ml: Fix IRQ handling and locking
        - signal: avoid double atomic counter increments for user accounting
        - jbd2: fix data races at struct journal_head
        - ARM: 8957/1: VDSO: Match ARMv8 timer in cntvct_functional()
        - ARM: 8958/1: rename missed uaccess .fixup section
        - mm: slub: add missing TID bump in kmem_cache_alloc_bulk()
        - ipv4: ensure rcu_read_lock() in cipso_v4_error()
        - Linux 4.4.217
    
      * Xenial update: 4.4.216 upstream stable release (LP: #1868628)
        - iwlwifi: pcie: fix rb_allocator workqueue allocation
        - ext4: fix potential race between online resizing and write operations
        - ext4: fix potential race between s_flex_groups online resizing and access
        - ext4: fix potential race between s_group_info online resizing and access
        - ipmi:ssif: Handle a possible NULL pointer reference
        - mac80211: consider more elements in parsing CRC
        - cfg80211: check wiphy driver existence for drvinfo report
        - cifs: Fix mode output in debugging statements
        - cfg80211: add missing policy for NL80211_ATTR_STATUS_CODE
        - sysrq: Restore original console_loglevel when sysrq disabled
        - sysrq: Remove duplicated sysrq message
        - net: fib_rules: Correctly set table field when table number exceeds 8 bits
        - net: phy: restore mdio regs in the iproc mdio driver
        - ipv6: Fix nlmsg_flags when splitting a multipath route
        - ipv6: Fix route replacement with dev-only route
        - sctp: move the format error check out of __sctp_sf_do_9_1_abort
        - nfc: pn544: Fix occasional HW initialization failure
        - net: sched: correct flower port blocking
        - ext4: potential crash on allocation error in ext4_alloc_flex_bg_array()
        - audit: fix error handling in audit_data_to_entry()
        - HID: core: fix off-by-one memset in hid_report_raw_event()
        - HID: core: increase HID report buffer size to 8KiB
        - HID: hiddev: Fix race in in hiddev_disconnect()
        - MIPS: VPE: Fix a double free and a memory leak in 'release_vpe()'
        - i2c: jz4780: silence log flood on txabrt
        - ecryptfs: Fix up bad backport of fe2e082f5da5b4a0a92ae32978f81507ef37ec66
        - net: netlink: cap max groups which will be considered in netlink_bind()
        - namei: only return -ECHILD from follow_dotdot_rcu()
        - KVM: Check for a bad hva before dropping into the ghc slow path
        - slip: stop double free sl->dev in slip_open
        - mm: make page ref count overflow check tighter and more explicit
        - mm, gup: remove broken VM_BUG_ON_PAGE compound check for hugepages
        - audit: always check the netlink payload length in audit_receive_msg()
        - serial: ar933x_uart: set UART_CS_{RX,TX}_READY_ORIDE
        - usb: gadget: ffs: ffs_aio_cancel(): Save/restore IRQ flags
        - usb: gadget: serial: fix Tx stall after buffer overflow
        - drm: msm: Fix return type of dsi_mgr_connector_mode_valid for kCFI
        - drm/msm/dsi: save pll state before dsi host is powered off
        - net: ks8851-ml: Remove 8-bit bus accessors
        - net: ks8851-ml: Fix 16-bit data access
        - net: ks8851-ml: Fix 16-bit IO operation
        - watchdog: da9062: do not ping the hw during stop()
        - s390/cio: cio_ignore_proc_seq_next should increase position index
        - cifs: don't leak -EAGAIN for stat() during reconnect
        - usb: storage: Add quirk for Samsung Fit flash
        - usb: quirks: add NO_LPM quirk for Logitech Screen Share
        - usb: core: hub: do error out if usb_autopm_get_interface() fails
        - usb: core: port: do error out if usb_autopm_get_interface() fails
        - vgacon: Fix a UAF in vgacon_invert_region
        - fat: fix uninit-memory access for partial initialized inode
        - vt: selection, close sel_buffer race
        - vt: selection, push console lock down
        - vt: selection, push sel_lock up
        - dmaengine: tegra-apb: Fix use-after-free
        - dmaengine: tegra-apb: Prevent race conditions of tasklet vs free list
        - ASoC: pcm: Fix possible buffer overflow in dpcm state sysfs output
        - ASoC: pcm512x: Fix unbalanced regulator enable call in probe error path
        - ASoC: dapm: Correct DAPM handling of active widgets during shutdown
        - RDMA/iwcm: Fix iwcm work deallocation
        - RMDA/cm: Fix missing ib_cm_destroy_id() in ib_cm_insert_listen()
        - ARM: imx: build v7_cpu_resume() unconditionally
        - hwmon: (adt7462) Fix an error return in ADT7462_REG_VOLT()
        - dmaengine: coh901318: Fix a double lock bug in dma_tc_handle()
        - powerpc: fix hardware PMU exception bug on PowerVM compatibility mode
          systems
        - dm cache: fix a crash due to incorrect work item cancelling
        - crypto: algif_skcipher - use ZERO_OR_NULL_PTR in skcipher_recvmsg_async
        - Linux 4.4.216
    
      * Xenial update: 4.4.215 upstream stable release (LP: #1868627)
        - ALSA: hda: Use scnprintf() for printing texts for sysfs/procfs
        - ecryptfs: fix a memory leak bug in parse_tag_1_packet()
        - ecryptfs: fix a memory leak bug in ecryptfs_init_messaging()
        - ALSA: usb-audio: Apply sample rate quirk for Audioengine D1
        - ubifs: Fix deadlock in concurrent bulk-read and writepage
        - ext4: fix checksum errors with indexed dirs
        - Btrfs: fix race between using extent maps and merging them
        - btrfs: log message when rw remount is attempted with unclean tree-log
        - padata: Remove broken queue flushing
        - s390/time: Fix clk type in get_tod_clock
        - hwmon: (pmbus/ltc2978) Fix PMBus polling of MFR_COMMON definitions.
        - jbd2: move the clearing of b_modified flag to the journal_unmap_buffer()
        - jbd2: do not clear the BH_Mapped flag when forgetting a metadata buffer
        - btrfs: print message when tree-log replay starts
        - scsi: qla2xxx: fix a potential NULL pointer dereference
        - Revert "KVM: VMX: Add non-canonical check on writes to RTIT address MSRs"
        - drm/gma500: Fixup fbdev stolen size usage evaluation
        - brcmfmac: Fix use after free in brcmf_sdio_readframes()
        - gianfar: Fix TX timestamping with a stacked DSA driver
        - pinctrl: sh-pfc: sh7264: Fix CAN function GPIOs
        - media: i2c: mt9v032: fix enum mbus codes and frame sizes
        - media: sti: bdisp: fix a possible sleep-in-atomic-context bug in
          bdisp_device_run()
        - efi/x86: Map the entire EFI vendor string before copying it
        - MIPS: Loongson: Fix potential NULL dereference in loongson3_platform_init()
        - uio: fix a sleep-in-atomic-context bug in uio_dmem_genirq_irqcontrol()
        - usb: gadget: udc: fix possible sleep-in-atomic-context bugs in gr_probe()
        - nfs: NFS_SWAP should depend on SWAP
        - jbd2: clear JBD2_ABORT flag before journal_reset to update log tail info
          when load journal
        - tracing: Fix very unlikely race of registering two stat tracers
        - ext4, jbd2: ensure panic when aborting with zero errno
        - kconfig: fix broken dependency in randconfig-generated .config
        - clk: qcom: rcg2: Don't crash if our parent can't be found; return an error
        - drm/amdgpu: remove 4 set but not used variable in
          amdgpu_atombios_get_connector_info_from_object_table
        - regulator: rk808: Lower log level on optional GPIOs being not available
        - NFC: port100: Convert cpu_to_le16(le16_to_cpu(E1) + E2) to use
          le16_add_cpu().
        - reiserfs: Fix spurious unlock in reiserfs_fill_super() error handling
        - ALSA: usx2y: Adjust indentation in snd_usX2Y_hwdep_dsp_status
        - b43legacy: Fix -Wcast-function-type
        - ipw2x00: Fix -Wcast-function-type
        - iwlegacy: Fix -Wcast-function-type
        - rtlwifi: rtl_pci: Fix -Wcast-function-type
        - orinoco: avoid assertion in case of NULL pointer
        - ACPICA: Disassembler: create buffer fields in ACPI_PARSE_LOAD_PASS1
        - scsi: aic7xxx: Adjust indentation in ahc_find_syncrate
        - ARM: dts: r8a7779: Add device node for ARM global timer
        - x86/vdso: Provide missing include file
        - pinctrl: sh-pfc: sh7269: Fix CAN function GPIOs
        - ALSA: sh: Fix compile warning wrt const
        - tools lib api fs: Fix gcc9 stringop-truncation compilation error
        - usbip: Fix unsafe unaligned pointer usage
        - soc/tegra: fuse: Correct straps' address for older Tegra124 device trees
        - rcu: Use WRITE_ONCE() for assignments to ->pprev for hlist_nulls
        - Input: edt-ft5x06 - work around first register access error
        - wan: ixp4xx_hss: fix compile-testing on 64-bit
        - ASoC: atmel: fix build error with CONFIG_SND_ATMEL_SOC_DMA=m
        - PCI: Don't disable bridge BARs when assigning bus resources
        - driver core: Print device when resources present in really_probe()
        - drm/nouveau: Fix copy-paste error in nouveau_fence_wait_uevent_handler
        - drm/vmwgfx: prevent memory leak in vmw_cmdbuf_res_add
        - iommu/arm-smmu-v3: Use WRITE_ONCE() when changing validity of an STE
        - scsi: iscsi: Don't destroy session if there are outstanding connections
        - cmd64x: potential buffer overflow in cmd64x_program_timings()
        - ide: serverworks: potential overflow in svwks_set_pio_mode()
        - remoteproc: Initialize rproc_class before use
        - s390/ftrace: generate traced function stack frame
        - ALSA: hda - Add docking station support for Lenovo Thinkpad T420s
        - jbd2: switch to use jbd2_journal_abort() when failed to submit the commit
          record
        - ARM: 8951/1: Fix Kexec compilation issue.
        - hostap: Adjust indentation in prism2_hostapd_add_sta
        - iwlegacy: ensure loop counter addr does not wrap and cause an infinite loop
        - drm/nouveau/disp/nv50-: prevent oops when no channel method map provided
        - trigger_next should increase position index
        - radeon: insert 10ms sleep in dce5_crtc_load_lut
        - ocfs2: fix a NULL pointer dereference when call
          ocfs2_update_inode_fsync_trans()
        - lib/scatterlist.c: adjust indentation in __sg_alloc_table
        - reiserfs: prevent NULL pointer dereference in reiserfs_insert_item()
        - bcache: explicity type cast in bset_bkey_last()
        - irqchip/gic-v3-its: Reference to its_invall_cmd descriptor when building
          INVALL
        - microblaze: Prevent the overflow of the start
        - brd: check and limit max_part par
        - selinux: ensure we cleanup the internal AVC counters on error in
          avc_update()
        - enic: prevent waking up stopped tx queues over watchdog reset
        - floppy: check FDC index for errors before assigning it
        - staging: android: ashmem: Disallow ashmem memory from being remapped
        - staging: vt6656: fix sign of rx_dbm to bb_pre_ed_rssi.
        - usb: uas: fix a plug & unplug racing
        - USB: Fix novation SourceControl XL after suspend
        - USB: hub: Don't record a connect-change event during reset-resume
        - staging: rtl8188eu: Fix potential security hole
        - staging: rtl8188eu: Fix potential overuse of kernel memory
        - x86/mce/amd: Fix kobject lifetime
        - tty: serial: imx: setup the correct sg entry for tx dma
        - xhci: apply XHCI_PME_STUCK_QUIRK to Intel Comet Lake platforms
        - VT_RESIZEX: get rid of field-by-field copyin
        - vt: vt_ioctl: fix race in VT_RESIZEX
        - netfilter: xt_bpf: add overflow checks
        - ext4: fix a data race in EXT4_I(inode)->i_disksize
        - ext4: add cond_resched() to __ext4_find_entry()
        - KVM: apic: avoid calculating pending eoi from an uninitialized val
        - Btrfs: fix btrfs_wait_ordered_range() so that it waits for all ordered
          extents
        - scsi: Revert "RDMA/isert: Fix a recently introduced regression related to
          logout"
        - scsi: Revert "target: iscsi: Wait for all commands to finish before freeing
          a session"
        - ecryptfs: replace BUG_ON with error handling code
        - ALSA: rawmidi: Avoid bit fields for state flags
        - ALSA: seq: Avoid concurrent access to queue flags
        - ALSA: seq: Fix concurrent access to queue current tick/time
        - xen: Enable interrupts when calling _cond_resched()
        - Linux 4.4.215
    
     -- Khalid Elmously <email address hidden>  Sun, 05 Apr 2020 18:51:07 -0400
  • linux (4.4.0-177.207) xenial; urgency=medium
    
      * xenial/linux: 4.4.0-177.207 -proposed tracker (LP: #1867243)
    
      * Packaging resync (LP: #1786013)
        - [Packaging] resync getabis
        - [Packaging] update helper scripts
    
      * Xenial update: 4.4.214 upstream stable release (LP: #1864775)
        - media: iguanair: fix endpoint sanity check
        - x86/cpu: Update cached HLE state on write to TSX_CTRL_CPUID_CLEAR
        - sparc32: fix struct ipc64_perm type definition
        - ASoC: qcom: Fix of-node refcount unbalance to link->codec_of_node
        - cls_rsvp: fix rsvp_policy
        - net: hsr: fix possible NULL deref in hsr_handle_frame()
        - net_sched: fix an OOB access in cls_tcindex
        - tcp: clear tp->total_retrans in tcp_disconnect()
        - tcp: clear tp->segs_{in|out} in tcp_disconnect()
        - media: uvcvideo: Avoid cyclic entity chains due to malformed USB descriptors
        - mfd: dln2: More sanity checking for endpoints
        - brcmfmac: Fix memory leak in brcmf_usbdev_qinit
        - usb: gadget: legacy: set max_speed to super-speed
        - usb: gadget: f_ncm: Use atomic_t to track in-flight request
        - usb: gadget: f_ecm: Use atomic_t to track in-flight request
        - ALSA: dummy: Fix PCM format loop in proc output
        - lib/test_kasan.c: fix memory leak in kmalloc_oob_krealloc_more()
        - powerpc/pseries: Advance pfn if section is not present in lmb_is_removable()
        - mmc: spi: Toggle SPI polarity, do not hardcode it
        - PCI: keystone: Fix link training retries initiation
        - crypto: api - Check spawn->alg under lock in crypto_drop_spawn
        - scsi: qla2xxx: Fix mtcp dump collection failure
        - power: supply: ltc2941-battery-gauge: fix use-after-free
        - of: Add OF_DMA_DEFAULT_COHERENT & select it on powerpc
        - dm space map common: fix to ensure new block isn't already in use
        - crypto: pcrypt - Do not clear MAY_SLEEP flag in original request
        - crypto: api - Fix race condition in crypto_spawn_alg
        - crypto: picoxcell - adjust the position of tasklet_init and fix missed
          tasklet_kill
        - btrfs: set trans->drity in btrfs_commit_transaction
        - ARM: tegra: Enable PLLP bypass during Tegra124 LP1
        - mwifiex: fix unbalanced locking in mwifiex_process_country_ie()
        - sunrpc: expiry_time should be seconds not timeval
        - KVM: x86: Refactor prefix decoding to prevent Spectre-v1/L1TF attacks
        - KVM: x86: Protect DR-based index computations from Spectre-v1/L1TF attacks
        - KVM: x86: Protect kvm_hv_msr_[get|set]_crash_data() from Spectre-v1/L1TF
          attacks
        - KVM: x86: Protect ioapic_write_indirect() from Spectre-v1/L1TF attacks
        - KVM: x86: Protect MSR-based index computations in pmu.h from Spectre-v1/L1TF
          attacks
        - KVM: x86: Protect ioapic_read_indirect() from Spectre-v1/L1TF attacks
        - KVM: x86: Protect MSR-based index computations from Spectre-v1/L1TF attacks
          in x86.c
        - KVM: x86: Protect x86_decode_insn from Spectre-v1/L1TF attacks
        - KVM: x86: Protect MSR-based index computations in fixed_msr_to_seg_unit()
          from Spectre-v1/L1TF attacks
        - KVM: PPC: Book3S HV: Uninit vCPU if vcore creation fails
        - KVM: PPC: Book3S PR: Free shared page if mmu initialization fails
        - KVM: x86: Free wbinvd_dirty_mask if vCPU creation fails
        - scsi: qla2xxx: Fix the endianness of the qla82xx_get_fw_size() return type
        - scsi: csiostor: Adjust indentation in csio_device_reset
        - scsi: qla4xxx: Adjust indentation in qla4xxx_mem_free
        - ext2: Adjust indentation in ext2_fill_super
        - powerpc/44x: Adjust indentation in ibm4xx_denali_fixup_memsize
        - NFC: pn544: Adjust indentation in pn544_hci_check_presence
        - ppp: Adjust indentation into ppp_async_input
        - net: smc911x: Adjust indentation in smc911x_phy_configure
        - net: tulip: Adjust indentation in {dmfe, uli526x}_init_module
        - mfd: da9062: Fix watchdog compatible string
        - mfd: rn5t618: Mark ADC control register volatile
        - net: systemport: Avoid RBUF stuck in Wake-on-LAN mode
        - bonding/alb: properly access headers in bond_alb_xmit()
        - NFS: Fix memory leaks and corruption in readdir
        - NFS: Fix bool initialization/comparison
        - NFS: Directory page cache pages need to be locked when read
        - Btrfs: fix assertion failure on fsync with NO_HOLES enabled
        - btrfs: remove trivial locking wrappers of tree mod log
        - Btrfs: fix race between adding and putting tree mod seq elements and nodes
        - drm: atmel-hlcdc: enable clock before configuring timing engine
        - KVM: x86: drop picdev_in_range()
        - KVM: x86: Refactor picdev_write() to prevent Spectre-v1/L1TF attacks
        - KVM: x86: Protect pmu_intel.c from Spectre-v1/L1TF attacks
        - KVM: x86: Protect kvm_lapic_reg_write() from Spectre-v1/L1TF attacks
        - btrfs: flush write bio if we loop in extent_write_cache_pages
        - KVM: x86/mmu: Apply max PA check for MMIO sptes to 32-bit KVM
        - KVM: VMX: Add non-canonical check on writes to RTIT address MSRs
        - KVM: nVMX: vmread should not set rflags to specify success in case of #PF
        - cifs: fail i/o on soft mounts if sessionsetup errors out
        - clocksource: Prevent double add_timer_on() for watchdog_timer
        - perf/core: Fix mlock accounting in perf_mmap()
        - ASoC: pcm: update FE/BE trigger order based on the command
        - scsi: ufs: Fix ufshcd_probe_hba() reture value in case
          ufshcd_scsi_add_wlus() fails
        - rtc: hym8563: Return -EINVAL if the time is known to be invalid
        - ARC: [plat-axs10x]: Add missing multicast filter number to GMAC node
        - ARM: dts: at91: sama5d3: fix maximum peripheral clock rates
        - ARM: dts: at91: sama5d3: define clock rate range for tcb1
        - powerpc/pseries: Allow not having ibm, hypertas-functions::hcall-multi-tce
          for DDW
        - pinctrl: sh-pfc: r8a7778: Fix duplicate SDSELF_B and SD1_CLK_B
        - mwifiex: Fix possible buffer overflows in mwifiex_ret_wmm_get_status()
        - mwifiex: Fix possible buffer overflows in mwifiex_cmd_append_vsie_tlv()
        - libertas: don't exit from lbs_ibss_join_existing() with RCU read lock held
        - libertas: make lbs_ibss_join_existing() return error code on rates overflow
        - Linux 4.4.214
    
      * 5.4.0-11 crash on cryptsetup open (LP: #1860231) // Xenial update: 4.4.214
        upstream stable release (LP: #1864775)
        - dm: fix potential for q->make_request_fn NULL pointer
    
      * Xenial update: 4.4.213 upstream stable release (LP: #1864774)
        - ALSA: pcm: Add missing copy ops check before clearing buffer
        - orinoco_usb: fix interface sanity check
        - rsi_91x_usb: fix interface sanity check
        - USB: serial: ir-usb: add missing endpoint sanity check
        - USB: serial: ir-usb: fix link-speed handling
        - USB: serial: ir-usb: fix IrLAP framing
        - staging: most: net: fix buffer overflow
        - staging: wlan-ng: ensure error return is actually returned
        - staging: vt6656: correct packet types for CTS protect, mode.
        - staging: vt6656: use NULLFUCTION stack on mac80211
        - staging: vt6656: Fix false Tx excessive retries reporting.
        - ath9k: fix storage endpoint lookup
        - brcmfmac: fix interface sanity check
        - rtl8xxxu: fix interface sanity check
        - zd1211rw: fix storage endpoint lookup
        - watchdog: rn5t618_wdt: fix module aliases
        - drivers/net/b44: Change to non-atomic bit operations on pwol_mask
        - net: wan: sdla: Fix cast from pointer to integer of different size
        - atm: eni: fix uninitialized variable warning
        - usb-storage: Disable UAS on JMicron SATA enclosure
        - net_sched: ematch: reject invalid TCF_EM_SIMPLE
        - crypto: af_alg - Use bh_lock_sock in sk_destruct
        - crypto: pcrypt - Fix user-after-free on module unload
        - arm64: kbuild: remove compressed images on 'make ARCH=arm64 (dist)clean'
        - mm/mempolicy.c: fix out of bounds write in mpol_parse_str()
        - reiserfs: Fix memory leak of journal device string
        - media: digitv: don't continue if remote control state can't be read
        - media: gspca: zero usb_buf
        - media: dvb-usb/dvb-usb-urb.c: initialize actlen to 0
        - ttyprintk: fix a potential deadlock in interrupt context issue
        - usb: dwc3: turn off VBUS when leaving host mode
        - media: si470x-i2c: Move free() past last use of 'radio'
        - clk: mmp2: Fix the order of timer mux parents
        - ixgbevf: Remove limit of 10 entries for unicast filter list
        - ixgbe: Fix calculation of queue with VFs and flow director on interface flap
        - wireless: wext: avoid gcc -O3 warning
        - vti[6]: fix packet tx through bpf_redirect()
        - scsi: fnic: do not queue commands during fwreset
        - airo: Fix possible info leak in AIROOLDIOCTL/SIOCDEVPRIVATE
        - airo: Add missing CAP_NET_ADMIN check in AIROOLDIOCTL/SIOCDEVPRIVATE
        - r8152: get default setting of WOL before initializing
        - qlcnic: Fix CPU soft lockup while collecting firmware dump
        - net/fsl: treat fsl,erratum-a011043
        - net/sonic: Add mutual exclusion for accessing shared state
        - net/sonic: Use MMIO accessors
        - net/sonic: Fix receive buffer handling
        - net/sonic: Quiesce SONIC before re-initializing descriptor memory
        - seq_tab_next() should increase position index
        - l2t_seq_next should increase position index
        - net: Fix skb->csum update in inet_proto_csum_replace16().
        - btrfs: fix mixed block count of available space
        - btrfs: do not zero f_bavail if we have available space
        - Linux 4.4.213
    
      * Xenial update: 4.4.212 upstream stable release (LP: #1864773)
        - powerpc/archrandom: fix arch_get_random_seed_int()
        - mt7601u: fix bbp version check in mt7601u_wait_bbp_ready
        - drm/virtio: fix bounds check in virtio_gpu_cmd_get_capset()
        - ALSA: hda: fix unused variable warning
        - ALSA: usb-audio: update quirk for B&W PX to remove microphone
        - staging: comedi: ni_mio_common: protect register write overflow
        - pcrypt: use format specifier in kobject_add
        - exportfs: fix 'passing zero to ERR_PTR()' warning
        - drm/dp_mst: Skip validating ports during destruction, just ref
        - pinctrl: sh-pfc: r8a7740: Add missing REF125CK pin to gether_gmii group
        - pinctrl: sh-pfc: r8a7740: Add missing LCD0 marks to lcd0_data24_1 group
        - pinctrl: sh-pfc: r8a7791: Remove bogus ctrl marks from qspi_data4_b group
        - pinctrl: sh-pfc: r8a7791: Remove bogus marks from vin1_b_data18 group
        - pinctrl: sh-pfc: sh73a0: Add missing TO pin to tpu4_to3 group
        - pinctrl: sh-pfc: r8a7794: Remove bogus IPSR9 field
        - pinctrl: sh-pfc: sh7734: Add missing IPSR11 field
        - pinctrl: sh-pfc: sh7269: Add missing PCIOR0 field
        - pinctrl: sh-pfc: sh7734: Remove bogus IPSR10 value
        - Input: nomadik-ske-keypad - fix a loop timeout test
        - clk: highbank: fix refcount leak in hb_clk_init()
        - clk: qoriq: fix refcount leak in clockgen_init()
        - clk: socfpga: fix refcount leak
        - clk: samsung: exynos4: fix refcount leak in exynos4_get_xom()
        - clk: imx6q: fix refcount leak in imx6q_clocks_init()
        - clk: imx6sx: fix refcount leak in imx6sx_clocks_init()
        - clk: imx7d: fix refcount leak in imx7d_clocks_init()
        - clk: vf610: fix refcount leak in vf610_clocks_init()
        - clk: armada-370: fix refcount leak in a370_clk_init()
        - clk: kirkwood: fix refcount leak in kirkwood_clk_init()
        - clk: armada-xp: fix refcount leak in axp_clk_init()
        - IB/usnic: Fix out of bounds index check in query pkey
        - RDMA/ocrdma: Fix out of bounds index check in query pkey
        - media: s5p-jpeg: Correct step and max values for
          V4L2_CID_JPEG_RESTART_INTERVAL
        - crypto: tgr192 - fix unaligned memory access
        - ASoC: imx-sgtl5000: put of nodes if finding codec fails
        - rtc: cmos: ignore bogus century byte
        - tty: ipwireless: Fix potential NULL pointer dereference
        - rtc: ds1672: fix unintended sign extension
        - rtc: 88pm860x: fix unintended sign extension
        - rtc: 88pm80x: fix unintended sign extension
        - rtc: pm8xxx: fix unintended sign extension
        - fbdev: chipsfb: remove set but not used variable 'size'
        - pinctrl: sh-pfc: emev2: Add missing pinmux functions
        - pinctrl: sh-pfc: r8a7791: Fix scifb2_data_c pin group
        - pinctrl: sh-pfc: sh73a0: Fix fsic_spdif pin groups
        - block: don't use bio->bi_vcnt to figure out segment number
        - vfio_pci: Enable memory accesses before calling pci_map_rom
        - cdc-wdm: pass return value of recover_from_urb_loss
        - drm/nouveau/bios/ramcfg: fix missing parentheses when calculating RON
        - drm/nouveau/pmu: don't print reply values if exec is false
        - ASoC: qcom: Fix of-node refcount unbalance in apq8016_sbc_parse_of()
        - fs/nfs: Fix nfs_parse_devname to not modify it's argument
        - clocksource/drivers/sun5i: Fail gracefully when clock rate is unavailable
        - ARM: 8847/1: pm: fix HYP/SVC mode mismatch when MCPM is used
        - regulator: wm831x-dcdc: Fix list of wm831x_dcdc_ilim from mA to uA
        - nios2: ksyms: Add missing symbol exports
        - scsi: megaraid_sas: reduce module load time
        - xen, cpu_hotplug: Prevent an out of bounds access
        - net: sh_eth: fix a missing check of of_get_phy_mode
        - media: ivtv: update *pos correctly in ivtv_read_pos()
        - media: cx18: update *pos correctly in cx18_read_pos()
        - media: wl128x: Fix an error code in fm_download_firmware()
        - media: cx23885: check allocation return
        - jfs: fix bogus variable self-initialization
        - m68k: mac: Fix VIA timer counter accesses
        - ARM: OMAP2+: Fix potentially uninitialized return value for _setup_reset()
        - media: davinci-isif: avoid uninitialized variable use
        - spi: tegra114: clear packed bit for unpacked mode
        - spi: tegra114: fix for unpacked mode transfers
        - soc/fsl/qe: Fix an error code in qe_pin_request()
        - spi: bcm2835aux: fix driver to not allow 65535 (=-1) cs-gpios
        - ehea: Fix a copy-paste err in ehea_init_port_res
        - scsi: qla2xxx: Unregister chrdev if module initialization fails
        - ARM: pxa: ssp: Fix "WARNING: invalid free of devm_ allocated data"
        - hwmon: (w83627hf) Use request_muxed_region for Super-IO accesses
        - tipc: set sysctl_tipc_rmem and named_timeout right range
        - powerpc: vdso: Make vdso32 installation conditional in vdso_install
        - media: ov2659: fix unbalanced mutex_lock/unlock
        - 6lowpan: Off by one handling ->nexthdr
        - dmaengine: axi-dmac: Don't check the number of frames for alignment
        - ALSA: usb-audio: Handle the error from snd_usb_mixer_apply_create_quirk()
        - packet: in recvmsg msg_name return at least sizeof sockaddr_ll
        - ASoC: fix valid stream condition
        - IB/mlx5: Add missing XRC options to QP optional params mask
        - iommu/vt-d: Make kernel parameter igfx_off work with vIOMMU
        - media: omap_vout: potential buffer overflow in vidioc_dqbuf()
        - media: davinci/vpbe: array underflow in vpbe_enum_outputs()
        - platform/x86: alienware-wmi: printing the wrong error code
        - netfilter: ebtables: CONFIG_COMPAT: reject trailing data after last rule
        - ARM: riscpc: fix lack of keyboard interrupts after irq conversion
        - kdb: do a sanity check on the cpu in kdb_per_cpu()
        - backlight: lm3630a: Return 0 on success in update_status functions
        - thermal: cpu_cooling: Actually trace CPU load in thermal_power_cpu_get_power
        - spi: spi-fsl-spi: call spi_finalize_current_message() at the end
        - misc: sgi-xp: Properly initialize buf in xpc_get_rsvd_page_pa
        - iommu: Use right function to get group for device
        - signal/cifs: Fix cifs_put_tcp_session to call send_sig instead of force_sig
        - inet: frags: call inet_frags_fini() after unregister_pernet_subsys()
        - media: vivid: fix incorrect assignment operation when setting video mode
        - powerpc/cacheinfo: add cacheinfo_teardown, cacheinfo_rebuild
        - drm/msm/mdp5: Fix mdp5_cfg_init error return
        - net/af_iucv: always register net_device notifier
        - ASoC: ti: davinci-mcasp: Fix slot mask settings when using multiple AXRs
        - rtc: pcf8563: Clear event flags and disable interrupts before requesting irq
        - drm/msm/a3xx: remove TPL1 regs from snapshot
        - iommu/amd: Make iommu_disable safer
        - mfd: intel-lpss: Release IDA resources
        - devres: allow const resource arguments
        - net: pasemi: fix an use-after-free in pasemi_mac_phy_init()
        - scsi: libfc: fix null pointer dereference on a null lport
        - libertas_tf: Use correct channel range in lbtf_geo_init
        - usb: host: xhci-hub: fix extra endianness conversion
        - mic: avoid statically declaring a 'struct device'.
        - x86/kgbd: Use NMI_VECTOR not APIC_DM_NMI
        - ALSA: aoa: onyx: always initialize register read value
        - cifs: fix rmmod regression in cifs.ko caused by force_sig changes
        - crypto: caam - free resources in case caam_rng registration failed
        - ext4: set error return correctly when ext4_htree_store_dirent fails
        - ASoC: es8328: Fix copy-paste error in es8328_right_line_controls
        - ASoC: cs4349: Use PM ops 'cs4349_runtime_pm'
        - ASoC: wm8737: Fix copy-paste error in wm8737_snd_controls
        - signal: Allow cifs and drbd to receive their terminating signals
        - dmaengine: dw: platform: Switch to acpi_dma_controller_register()
        - mac80211: minstrel_ht: fix per-group max throughput rate initialization
        - mips: avoid explicit UB in assignment of mips_io_port_base
        - ahci: Do not export local variable ahci_em_messages
        - Partially revert "kfifo: fix kfifo_alloc() and kfifo_init()"
        - power: supply: Init device wakeup after device_add()
        - x86, perf: Fix the dependency of the x86 insn decoder selftest
        - bcma: fix incorrect update of BCMA_CORE_PCI_MDIO_DATA
        - iio: dac: ad5380: fix incorrect assignment to val
        - ath9k: dynack: fix possible deadlock in ath_dynack_node_{de}init
        - net: sonic: return NETDEV_TX_OK if failed to map buffer
        - Btrfs: fix hang when loading existing inode cache off disk
        - hwmon: (shtc1) fix shtc1 and shtw1 id mask
        - net: sonic: replace dev_kfree_skb in sonic_send_packet
        - net/rds: Fix 'ib_evt_handler_call' element in 'rds_ib_stat_names'
        - iommu/amd: Wait for completion of IOTLB flush in attach_device
        - net: hisilicon: Fix signedness bug in hix5hd2_dev_probe()
        - net: broadcom/bcmsysport: Fix signedness in bcm_sysport_probe()
        - net: ethernet: stmmac: Fix signedness bug in ipq806x_gmac_of_parse()
        - mac80211: accept deauth frames in IBSS mode
        - llc: fix another potential sk_buff leak in llc_ui_sendmsg()
        - llc: fix sk_buff refcounting in llc_conn_state_process()
        - net: stmmac: fix length of PTP clock's name string
        - drm/msm/dsi: Implement reset correctly
        - dmaengine: imx-sdma: fix size check for sdma script_number
        - net: qca_spi: Move reset_count to struct qcaspi
        - media: ov6650: Fix incorrect use of JPEG colorspace
        - media: ov6650: Fix some format attributes not under control
        - media: ov6650: Fix .get_fmt() V4L2_SUBDEV_FORMAT_TRY support
        - MIPS: Loongson: Fix return value of loongson_hwmon_init
        - net: neigh: use long type to store jiffies delta
        - packet: fix data-race in fanout_flow_is_huge()
        - dmaengine: ti: edma: fix missed failure handling
        - drm/radeon: fix bad DMA from INTERRUPT_CNTL2
        - arm64: dts: juno: Fix UART frequency
        - m68k: Call timer_interrupt() with interrupts disabled
        - firestream: fix memory leaks
        - net: cxgb3_main: Add CAP_NET_ADMIN check to CHELSIO_GET_MEM
        - net, ip_tunnel: fix namespaces move
        - net_sched: fix datalen for ematch
        - net: usb: lan78xx: Add .ndo_features_check
        - hwmon: (adt7475) Make volt2reg return same reg as reg2volt input
        - Input: keyspan-remote - fix control-message timeouts
        - ARM: 8950/1: ftrace/recordmcount: filter relocation types
        - mmc: sdhci: fix minimum clock rate for v3 controller
        - Input: sur40 - fix interface sanity checks
        - Input: gtco - fix endpoint sanity check
        - Input: aiptek - fix endpoint sanity check
        - hwmon: (nct7802) Fix voltage limits to wrong registers
        - scsi: RDMA/isert: Fix a recently introduced regression related to logout
        - tracing: xen: Ordered comparison of function pointers
        - iio: buffer: align the size of scan bytes to size of the largest element
        - scsi: iscsi: Avoid potential deadlock in iscsi_if_rx func
        - md: Avoid namespace collision with bitmap API
        - bitmap: Add bitmap_alloc(), bitmap_zalloc() and bitmap_free()
        - netfilter: ipset: use bitmap infrastructure completely
        - net/x25: fix nonblocking connect
        - Revert "UBUNTU: SAUCE: libertas: Fix two buffer overflows at parsing bss
          descriptor"
        - libertas: Fix two buffer overflows at parsing bss descriptor
        - Linux 4.4.212
    
      * CVE-2020-8428
        - do_last(): fetch directory ->i_mode and ->i_uid before it's too late
        - vfs: fix do_last() regression
    
      * xfs fill_fs test in fallocate06 from ubuntu_ltp_syscalls failed
        (LP: #1865967)
        - xfs: Fix tail rounding in xfs_alloc_file_space()
    
      * ipc/sem.c : process loops infinitely in exit_sem() (LP: #1858834)
        - Revert "ipc, sem: remove uneeded sem_undo_list lock usage in exit_sem()"
    
      * quotactl07 from ubuntu_ltp_syscalls failed (LP: #1864092)
        - xfs: Sanity check flags of Q_XQUOTARM call
    
     -- Khalid Elmously <email address hidden>  Sun, 15 Mar 2020 19:16:50 -0400
  • linux (4.4.0-176.206) xenial; urgency=medium
    
      * xenial/linux: 4.4.0-176.206 -proposed tracker (LP: #1865106)
    
      * CVE-2020-2732
        - x86/vdso: Use RDPID in preference to LSL when available
        - KVM: x86: emulate RDPID
        - KVM: nVMX: Don't emulate instructions in guest mode
        - KVM: nVMX: Refactor IO bitmap checks into helper function
        - KVM: nVMX: Check IO instruction VM-exit conditions
    
    linux (4.4.0-175.205) xenial; urgency=medium
    
      * xenial/linux: 4.4.0-175.205 -proposed tracker (LP: #1863338)
    
      * run_afpackettests in ubuntu_kernel_selftests failed with "./in_netns.sh:
        Permission denied" (LP: #1861973)
        - [Debian] autoreconstruct - add resoration of execute permissions
    
      * pty03 from pty in ubuntu_ltp failed on Eoan (LP: #1862114)
        - can, slip: Protect tty->disc_data in write_wakeup and close with RCU
    
     -- Khalid Elmously <email address hidden>  Thu, 27 Feb 2020 23:41:44 -0500
  • linux (4.4.0-175.205) xenial; urgency=medium
    
      * xenial/linux: 4.4.0-175.205 -proposed tracker (LP: #1863338)
    
      * run_afpackettests in ubuntu_kernel_selftests failed with "./in_netns.sh:
        Permission denied" (LP: #1861973)
        - [Debian] autoreconstruct - add resoration of execute permissions
    
      * pty03 from pty in ubuntu_ltp failed on Eoan (LP: #1862114)
        - can, slip: Protect tty->disc_data in write_wakeup and close with RCU
    
     -- Marcelo Henrique Cerri <email address hidden>  Fri, 14 Feb 2020 16:27:12 -0300
  • linux (4.4.0-174.204) xenial; urgency=medium
    
      * xenial/linux: 4.4.0-174.204 -proposed tracker (LP: #1861122)
    
      * Xenial update: 4.4.211 upstream stable release (LP: #1860681)
        - hidraw: Return EPOLLOUT from hidraw_poll
        - HID: hidraw: Fix returning EPOLLOUT from hidraw_poll
        - HID: hidraw, uhid: Always report EPOLLOUT
        - cfg80211/mac80211: make ieee80211_send_layer2_update a public function
        - mac80211: Do not send Layer 2 Update frame before authorization
        - media: usb:zr364xx:Fix KASAN:null-ptr-deref Read in zr364xx_vidioc_querycap
        - p54usb: Fix race between disconnect and firmware loading
        - ALSA: line6: Fix write on zero-sized buffer
        - ALSA: line6: Fix memory leak at line6_init_pcm() error path
        - xen: let alloc_xenballooned_pages() fail if not enough memory free
        - wimax: i2400: fix memory leak
        - wimax: i2400: Fix memory leak in i2400m_op_rfkill_sw_toggle
        - ext4: fix use-after-free race with debug_want_extra_isize
        - ext4: add more paranoia checking in ext4_expand_extra_isize handling
        - rtc: mt6397: fix alarm register overwrite
        - iommu: Remove device link to group on failure
        - gpio: Fix error message on out-of-range GPIO in lookup table
        - hsr: reset network header when supervision frame is created
        - cifs: Adjust indentation in smb2_open_file
        - RDMA/srpt: Report the SCSI residual to the initiator
        - scsi: enclosure: Fix stale device oops with hot replug
        - scsi: sd: Clear sdkp->protection_type if disk is reformatted without PI
        - platform/x86: asus-wmi: Fix keyboard brightness cannot be set to 0
        - iio: imu: adis16480: assign bias value only if operation succeeded
        - mei: fix modalias documentation
        - clk: samsung: exynos5420: Preserve CPU clocks configuration during
          suspend/resume
        - compat_ioctl: handle SIOCOUTQNSD
        - tty: serial: imx: use the sg count from dma_map_sg
        - tty: serial: pch_uart: correct usage of dma_unmap_sg
        - media: exynos4-is: Fix recursive locking in isp_video_release()
        - spi: atmel: fix handling of cs_change set on non-last xfer
        - rtlwifi: Remove unnecessary NULL check in rtl_regd_init
        - rtc: msm6242: Fix reading of 10-hour digit
        - rseq/selftests: Turn off timeout setting
        - hexagon: work around compiler crash
        - ocfs2: call journal flush to mark journal as empty after journal recovery
          when mount
        - ALSA: seq: Fix racy access for queue timer in proc read
        - Fix built-in early-load Intel microcode alignment
        - block: fix an integer overflow in logical block size
        - USB: serial: simple: Add Motorola Solutions TETRA MTP3xxx and MTP85xx
        - USB: serial: opticon: fix control-message timeouts
        - USB: serial: suppress driver bind attributes
        - USB: serial: ch341: handle unbound port at reset_resume
        - USB: serial: io_edgeport: add missing active-port sanity check
        - USB: serial: quatech2: handle unbound ports
        - scsi: mptfusion: Fix double fetch bug in ioctl
        - usb: core: hub: Improved device recognition on remote wakeup
        - x86/efistub: Disable paging at mixed mode entry
        - mm/page-writeback.c: avoid potential division by zero in wb_min_max_ratio()
        - net: stmmac: 16KB buffer must be 16 byte aligned
        - net: stmmac: Enable 16KB buffer size
        - USB: serial: io_edgeport: use irqsave() in USB's complete callback
        - USB: serial: io_edgeport: handle unbound ports on URB completion
        - USB: serial: keyspan: handle unbound ports
        - scsi: fnic: use kernel's '%pM' format option to print MAC
        - scsi: fnic: fix invalid stack access
        - arm64: dts: agilex/stratix10: fix pmu interrupt numbers
        - netfilter: fix a use-after-free in mtype_destroy()
        - batman-adv: Fix DAT candidate selection on little endian systems
        - macvlan: use skb_reset_mac_header() in macvlan_queue_xmit()
        - r8152: add missing endpoint sanity check
        - tcp: fix marked lost packets not being retransmitted
        - net: usb: lan78xx: limit size of local TSO packets
        - xen/blkfront: Adjust indentation in xlvbd_alloc_gendisk
        - cw1200: Fix a signedness bug in cw1200_load_firmware()
        - cfg80211: check for set_wiphy_params
        - scsi: esas2r: unlock on error in esas2r_nvram_read_direct()
        - scsi: qla4xxx: fix double free bug
        - scsi: bnx2i: fix potential use after free
        - scsi: target: core: Fix a pr_debug() argument
        - scsi: core: scsi_trace: Use get_unaligned_be*()
        - perf probe: Fix wrong address verification
        - regulator: ab8500: Remove SYSCLKREQ from enum ab8505_regulator_id
        - Linux 4.4.211
    
      * Xenial update: 4.4.210 upstream stable release (LP: #1859865)
        - chardev: Avoid potential use-after-free in 'chrdev_open()'
        - usb: chipidea: host: Disable port power only if previously enabled
        - ALSA: usb-audio: Apply the sample rate quirk for Bose Companion 5
        - kernel/trace: Fix do not unregister tracepoints when register
          sched_migrate_task fail
        - tracing: Have stack tracer compile when MCOUNT_INSN_SIZE is not defined
        - HID: Fix slab-out-of-bounds read in hid_field_extract
        - HID: uhid: Fix returning EPOLLOUT from uhid_char_poll
        - HID: hid-input: clear unmapped usages
        - Input: add safety guards to input_set_keycode()
        - drm/dp_mst: correct the shifting in DP_REMOTE_I2C_READ
        - can: gs_usb: gs_usb_probe(): use descriptors of current altsetting
        - can: mscan: mscan_rx_poll(): fix rx path lockup when returning from polling
          to irq mode
        - can: can_dropped_invalid_skb(): ensure an initialized headroom in outgoing
          CAN sk_buffs
        - staging: vt6656: set usb_set_intfdata on driver fail.
        - USB: serial: option: add ZLP support for 0x1bc7/0x9010
        - usb: musb: Disable pullup at init
        - usb: musb: dma: Correct parameter passed to IRQ handler
        - staging: rtl8188eu: Add device code for TP-Link TL-WN727N v5.21
        - tty: link tty and port before configuring it as console
        - tty: always relink the port
        - mwifiex: pcie: Fix memory leak in mwifiex_pcie_alloc_cmdrsp_buf
        - scsi: bfa: release allocated memory in case of error
        - rtl8xxxu: prevent leaking urb
        - USB: Fix: Don't skip endpoint descriptors with maxpacket=0
        - netfilter: arp_tables: init netns pointer in xt_tgchk_param struct
        - netfilter: ipset: avoid null deref when IPSET_ATTR_LINENO is present
        - Linux 4.4.210
    
      * Xenial update: 4.4.209 upstream stable release (LP: #1859640)
        - PM / devfreq: Don't fail devfreq_dev_release if not in list
        - RDMA/cma: add missed unregister_pernet_subsys in init failure
        - scsi: lpfc: Fix memory leak on lpfc_bsg_write_ebuf_set func
        - scsi: qla2xxx: Don't call qlt_async_event twice
        - scsi: iscsi: qla4xxx: fix double free in probe
        - scsi: libsas: stop discovering if oob mode is disconnected
        - usb: gadget: fix wrong endpoint desc
        - md: raid1: check rdev before reference in raid1_sync_request func
        - s390/cpum_sf: Adjust sampling interval to avoid hitting sample limits
        - s390/cpum_sf: Avoid SBD overflow condition in irq handler
        - xen/balloon: fix ballooned page accounting without hotplug enabled
        - xfs: fix mount failure crash on invalid iclog memory access
        - taskstats: fix data-race
        - ALSA: ice1724: Fix sleep-in-atomic in Infrasonic Quartet support code
        - MIPS: Avoid VDSO ABI breakage due to global register variable
        - locks: print unsigned ino in /proc/locks
        - dmaengine: Fix access to uninitialized dma_slave_caps
        - compat_ioctl: block: handle Persistent Reservations
        - gpiolib: fix up emulated open drain outputs
        - ALSA: cs4236: fix error return comparison of an unsigned integer
        - ftrace: Avoid potential division by zero in function profiler
        - Bluetooth: btusb: fix PM leak in error case of setup
        - Bluetooth: delete a stray unlock
        - tty: serial: msm_serial: Fix lockup for sysrq and oops
        - drm/mst: Fix MST sideband up-reply failure handling
        - powerpc/pseries/hvconsole: Fix stack overread via udbg
        - ath9k_htc: Modify byte order for an error message
        - ath9k_htc: Discard undersized packets
        - net: add annotations on hh->hh_len lockless accesses
        - s390/smp: fix physical to logical CPU map for SMT
        - locking/x86: Remove the unused atomic_inc_short() methd
        - pstore/ram: Write new dumps to start of recycled zones
        - locking/spinlock/debug: Fix various data races
        - netfilter: ctnetlink: netns exit must wait for callbacks
        - ARM: vexpress: Set-up shared OPP table instead of individual for each CPU
        - netfilter: uapi: Avoid undefined left-shift in xt_sctp.h
        - ARM: dts: am437x-gp/epos-evm: fix panel compatible
        - powerpc: Ensure that swiotlb buffer is allocated from low memory
        - bnx2x: Do not handle requests from VFs after parity
        - bnx2x: Fix logic to get total no. of PFs per engine
        - net: usb: lan78xx: Fix error message format specifier
        - rfkill: Fix incorrect check to avoid NULL pointer dereference
        - ASoC: wm8962: fix lambda value
        - regulator: rn5t618: fix module aliases
        - kconfig: don't crash on NULL expressions in expr_eq()
        - parisc: Fix compiler warnings in debug_core.c
        - llc2: Fix return statement of llc_stat_ev_rx_null_dsap_xid_c (and _test_c)
        - net: stmmac: dwmac-sunxi: Allow all RGMII modes
        - net: usb: lan78xx: fix possible skb leak
        - pkt_sched: fq: do not accept silly TCA_FQ_QUANTUM
        - sctp: free cmd->obj.chunk for the unprocessed SCTP_CMD_REPLY
        - tcp: fix "old stuff" D-SACK causing SACK to be treated as D-SACK
        - vlan: vlan_changelink() should propagate errors
        - vlan: fix memory leak in vlan_dev_set_egress_priority
        - vxlan: fix tos value before xmit
        - macvlan: do not assume mac_header is set in macvlan_broadcast()
        - USB: core: fix check for duplicate endpoints
        - USB: serial: option: add Telit ME910G1 0x110a composition
        - Linux 4.4.209
    
      * overlayfs : broken access to r/w files (LP: #1851243)
        - SAUCE: Revert "ovl: modify ovl_permission() to do checks on two inodes"
    
      * net selftest psock_fanout fails on xenial s390x due to incorrect queue
        lengths (LP: #1853375)
        - selftests/net: cleanup unused parameter in psock_fanout
        - selftests/net: ignore background traffic in psock_fanout
    
      * multi-zone raid0 corruption (LP: #1850540)
        - md/raid0: avoid RAID0 data corruption due to layout confusion.
        - md: add feature flag MD_FEATURE_RAID0_LAYOUT
        - md/raid0: fix warning message for parameter default_layout
        - md/raid0: Fix an error message in raid0_make_request()
        - SAUCE: md/raid0: Link to wiki with guidance on multi-zone RAID0 layout
          migration
        - SAUCE: md/raid0: Use kernel specific layout
    
      * CVE-2019-20096
        - dccp: Fix memleak in __feat_register_sp
    
     -- Khalid Elmously <email address hidden>  Wed, 29 Jan 2020 00:47:22 -0500
  • linux (4.4.0-173.203) xenial; urgency=medium
    
      * xenial/linux: 4.4.0-173.203 -proposed tracker (LP: #1859718)
    
      * CVE-2019-14615
        - drm/i915/gen9: Clear residual context state on context switch
    
    linux (4.4.0-172.202) xenial; urgency=medium
    
      * xenial/linux: 4.4.0-172.202 -proposed tracker (LP: #1858594)
    
      * tools/perf fails to build after Xenial update to 4.4.208 upstream stable
        release (LP: #1858798)
        - Revert "perf report: Add warning when libunwind not compiled in"
    
      * CVE-2019-18885
        - btrfs: refactor btrfs_find_device() take fs_devices as argument
        - btrfs: merge btrfs_find_device and find_device
    
      *  Integrate Intel SGX driver into linux-azure (LP: #1844245)
        - [Packaging] Add systemd service to load intel_sgx
    
      * Xenial update: 4.4.208 upstream stable release (LP: #1858462)
        - btrfs: do not leak reloc root if we fail to read the fs root
        - btrfs: handle ENOENT in btrfs_uuid_tree_iterate
        - ALSA: hda/ca0132 - Keep power on during processing DSP response
        - ALSA: hda/ca0132 - Avoid endless loop
        - drm: mst: Fix query_payload ack reply struct
        - iio: light: bh1750: Resolve compiler warning and make code more readable
        - spi: Add call to spi_slave_abort() function when spidev driver is released
        - staging: rtl8188eu: fix possible null dereference
        - rtlwifi: prevent memory leak in rtl_usb_probe
        - IB/iser: bound protection_sg size by data_sg size
        - media: am437x-vpfe: Setting STD to current value is not an error
        - media: i2c: ov2659: fix s_stream return value
        - media: i2c: ov2659: Fix missing 720p register config
        - media: ov6650: Fix stored frame format not in sync with hardware
        - tools/power/cpupower: Fix initializer override in hsw_ext_cstates
        - usb: renesas_usbhs: add suspend event support in gadget mode
        - hwrng: omap3-rom - Call clk_disable_unprepare() on exit only if not idled
        - regulator: max8907: Fix the usage of uninitialized variable in
          max8907_regulator_probe()
        - media: flexcop-usb: fix NULL-ptr deref in flexcop_usb_transfer_init()
        - samples: pktgen: fix proc_cmd command result check logic
        - mwifiex: pcie: Fix memory leak in mwifiex_pcie_init_evt_ring
        - media: ti-vpe: vpe: fix a v4l2-compliance warning about invalid pixel format
        - media: ti-vpe: vpe: fix a v4l2-compliance failure about frame sequence
          number
        - media: ti-vpe: vpe: Make sure YUYV is set as default format
        - extcon: sm5502: Reset registers during initialization
        - x86/mm: Use the correct function type for native_set_fixmap()
        - perf report: Add warning when libunwind not compiled in
        - iio: adc: max1027: Reset the device at probe time
        - Bluetooth: hci_core: fix init for HCI_USER_CHANNEL
        - drm/gma500: fix memory disclosures due to uninitialized bytes
        - x86/ioapic: Prevent inconsistent state when moving an interrupt
        - arm64: psci: Reduce the waiting time for cpu_psci_cpu_kill()
        - libata: Ensure ata_port probe has completed before detach
        - pinctrl: sh-pfc: sh7734: Fix duplicate TCLK1_B
        - bnx2x: Fix PF-VF communication over multi-cos queues.
        - spi: img-spfi: fix potential double release
        - rtlwifi: fix memory leak in rtl92c_set_fw_rsvdpagepkt()
        - perf probe: Fix to find range-only function instance
        - perf probe: Fix to list probe event with correct line number
        - perf probe: Walk function lines in lexical blocks
        - perf probe: Fix to probe an inline function which has no entry pc
        - perf probe: Fix to show ranges of variables in functions without entry_pc
        - perf probe: Fix to show inlined function callsite without entry_pc
        - perf probe: Skip overlapped location on searching variables
        - perf probe: Return a better scope DIE if there is no best scope
        - perf probe: Fix to show calling lines of inlined functions
        - perf probe: Skip end-of-sequence and non statement lines
        - perf probe: Filter out instances except for inlined subroutine and
          subprogram
        - ath10k: fix get invalid tx rate for Mesh metric
        - media: pvrusb2: Fix oops on tear-down when radio support is not present
        - media: si470x-i2c: add missed operations in remove
        - EDAC/ghes: Fix grain calculation
        - spi: pxa2xx: Add missed security checks
        - ASoC: rt5677: Mark reg RT5677_PWR_ANLG2 as volatile
        - parport: load lowlevel driver if ports not found
        - cpufreq: Register drivers only after CPU devices have been registered
        - x86/crash: Add a forward declaration of struct kimage
        - spi: tegra20-slink: add missed clk_unprepare
        - btrfs: don't prematurely free work in end_workqueue_fn()
        - iwlwifi: check kasprintf() return value
        - fbtft: Make sure string is NULL terminated
        - crypto: sun4i-ss - Fix 64-bit size_t warnings on sun4i-ss-hash.c
        - crypto: vmx - Avoid weird build failures
        - libtraceevent: Fix memory leakage in copy_filter_type
        - net: phy: initialise phydev speed and duplex sanely
        - Revert "mmc: sdhci: Fix incorrect switch to HS mode"
        - usb: xhci: Fix build warning seen with CONFIG_PM=n
        - btrfs: do not call synchronize_srcu() in inode_tree_del
        - btrfs: return error pointer from alloc_test_extent_buffer
        - btrfs: abort transaction after failed inode updates in create_subvol
        - Btrfs: fix removal logic of the tree mod log that leads to use-after-free
          issues
        - ALSA: pcm: Avoid possible info leaks from PCM stream buffers
        - af_packet: set defaule value for tmo
        - fjes: fix missed check in fjes_acpi_add
        - mod_devicetable: fix PHY module format
        - net: hisilicon: Fix a BUG trigered by wrong bytes_compl
        - net: nfc: nci: fix a possible sleep-in-atomic-context bug in
          nci_uart_tty_receive()
        - net: qlogic: Fix error paths in ql_alloc_large_buffers()
        - net: usb: lan78xx: Fix suspend/resume PHY register access error
        - sctp: fully initialize v4 addr in some functions
        - net: dst: Force 4-byte alignment of dst_metrics
        - usbip: Fix error path of vhci_recv_ret_submit()
        - USB: EHCI: Do not return -EPIPE when hub is disconnected
        - platform/x86: hp-wmi: Make buffer for HPWMI_FEATURE2_QUERY 128 bytes
        - staging: comedi: gsc_hpdi: check dma_alloc_coherent() return value
        - ext4: check for directory entries too close to block end
        - powerpc/irq: fix stack overflow verification
        - mmc: sdhci-of-esdhc: fix P2020 errata handling
        - perf probe: Fix to show function entry line as probe-able
        - scsi: mpt3sas: Fix clear pending bit in ioctl status
        - scsi: lpfc: Fix locking on mailbox command completion
        - Input: atmel_mxt_ts - disable IRQ across suspend
        - iommu/tegra-smmu: Fix page tables in > 4 GiB memory
        - scsi: target: compare full CHAP_A Algorithm strings
        - scsi: lpfc: Fix SLI3 hba in loop mode not discovering devices
        - scsi: csiostor: Don't enable IRQs too early
        - powerpc/pseries: Mark accumulate_stolen_time() as notrace
        - dma-debug: add a schedule point in debug_dma_dump_mappings()
        - clocksource/drivers/asm9260: Add a check for of_clk_get
        - powerpc/security/book3s64: Report L1TF status in sysfs
        - jbd2: Fix statistics for the number of logged blocks
        - scsi: tracing: Fix handling of TRANSFER LENGTH == 0 for READ(6) and WRITE(6)
        - scsi: lpfc: Fix duplicate unreg_rpi error in port offline flow
        - clk: qcom: Allow constant ratio freq tables for rcg
        - irqchip/irq-bcm7038-l1: Enable parent IRQ if necessary
        - irqchip: ingenic: Error out if IRQ domain creation failed
        - fs/quota: handle overflows of sysctl fs.quota.* and report as unsigned long
        - scsi: lpfc: fix: Coverity: lpfc_cmpl_els_rsp(): Null pointer dereferences
        - scsi: ufs: fix potential bug which ends in system hang
        - powerpc/pseries/cmm: Implement release() function for sysfs device
        - powerpc/security: Fix wrong message when RFI Flush is disable
        - clk: pxa: fix one of the pxa RTC clocks
        - bcache: at least try to shrink 1 node in bch_mca_scan()
        - HID: Improve Windows Precision Touchpad detection.
        - ext4: work around deleting a file with i_nlink == 0 safely
        - scsi: pm80xx: Fix for SATA device discovery
        - scsi: target: iscsi: Wait for all commands to finish before freeing a
          session
        - gpio: mpc8xxx: Don't overwrite default irq_set_type callback
        - scripts/kallsyms: fix definitely-lost memory leak
        - cdrom: respect device capabilities during opening action
        - perf regs: Make perf_reg_name() return "unknown" instead of NULL
        - libfdt: define INT32_MAX and UINT32_MAX in libfdt_env.h
        - s390/cpum_sf: Check for SDBT and SDB consistency
        - ocfs2: fix passing zero to 'PTR_ERR' warning
        - kernel: sysctl: make drop_caches write-only
        - ALSA: hda - Downgrade error message for single-cmd fallback
        - Make filldir[64]() verify the directory entry filename is valid
        - filldir[64]: remove WARN_ON_ONCE() for bad directory entries
        - net: davinci_cpdma: use dma_addr_t for DMA address
        - netfilter: ebtables: compat: reject all padding in matches/watchers
        - 6pack,mkiss: fix possible deadlock
        - netfilter: bridge: make sure to pull arp header in br_nf_forward_arp()
        - net: icmp: fix data-race in cmp_global_allow()
        - hrtimer: Annotate lockless access to timer->state
        - mmc: sdhci: Update the tuning failed messages to pr_debug level
        - tcp: do not send empty skb from tcp_write_xmit()
        - Linux 4.4.208
    
      * Xenial update: 4.4.207 upstream stable release (LP: #1858489)
        - x86/apic/32: Avoid bogus LDR warnings
        - usb: gadget: u_serial: add missing port entry locking
        - tty: serial: msm_serial: Fix flow control
        - x86/PCI: Avoid AMD FCH XHCI USB PME# from D0 defect
        - serial: serial_core: Perform NULL checks for break_ctl ops
        - serial: ifx6x60: add missed pm_runtime_disable
        - autofs: fix a leak in autofs_expire_indirect()
        - NFC: nxp-nci: Fix NULL pointer dereference after I2C communication error
        - Input: cyttsp4_core - fix use after free bug
        - ALSA: pcm: Fix stream lock usage in snd_pcm_period_elapsed()
        - rsxx: add missed destroy_workqueue calls in remove
        - net: ep93xx_eth: fix mismatch of request_mem_region in remove
        - serial: core: Allow processing sysrq at port unlock time
        - iwlwifi: mvm: Send non offchannel traffic via AP sta
        - ARM: 8813/1: Make aligned 2-byte getuser()/putuser() atomic on ARMv6+
        - extcon: max8997: Fix lack of path setting in USB device mode
        - clk: rockchip: fix rk3188 sclk_smc gate data
        - clk: rockchip: fix rk3188 sclk_mac_lbtest parameter ordering
        - dlm: fix missing idr_destroy for recover_idr
        - MIPS: SiByte: Enable ZONE_DMA32 for LittleSur
        - scsi: zfcp: drop default switch case which might paper over missing case
        - pinctrl: qcom: ssbi-gpio: fix gpio-hog related boot issues
        - Staging: iio: adt7316: Fix i2c data reading, set the data field
        - regulator: Fix return value of _set_load() stub
        - MIPS: OCTEON: octeon-platform: fix typing
        - math-emu/soft-fp.h: (_FP_ROUND_ZERO) cast 0 to void to fix warning
        - rtc: max8997: Fix the returned value in case of error in
          'max8997_rtc_read_alarm()'
        - rtc: dt-binding: abx80x: fix resistance scale
        - ARM: dts: exynos: Use Samsung SoC specific compatible for DWC2 module
        - dmaengine: coh901318: Fix a double-lock bug
        - dmaengine: coh901318: Remove unused variable
        - ACPI: fix acpi_find_child_device() invocation in acpi_preset_companion()
        - dma-mapping: fix return type of dma_set_max_seg_size()
        - altera-stapl: check for a null key before strcasecmp'ing it
        - serial: imx: fix error handling in console_setup
        - i2c: imx: don't print error message on probe defer
        - dlm: NULL check before kmem_cache_destroy is not needed
        - nfsd: fix a warning in __cld_pipe_upcall()
        - ARM: OMAP1/2: fix SoC name printing
        - net/x25: fix called/calling length calculation in x25_parse_address_block
        - net/x25: fix null_x25_address handling
        - ARM: dts: mmp2: fix the gpio interrupt cell number
        - tcp: fix off-by-one bug on aborting window-probing socket
        - modpost: skip ELF local symbols during section mismatch check
        - kbuild: fix single target build for external module
        - ARM: dts: pxa: clean up USB controller nodes
        - dlm: fix invalid cluster name warning
        - powerpc/math-emu: Update macros from GCC
        - MIPS: OCTEON: cvmx_pko_mem_debug8: use oldest forward compatible definition
        - nfsd: Return EPERM, not EACCES, in some SETATTR cases
        - mlx4: Use snprintf instead of complicated strcpy
        - ARM: dts: sunxi: Fix PMU compatible strings
        - sched/fair: Scale bandwidth quota and period without losing quota/period
          ratio precision
        - fuse: verify nlink
        - fuse: verify attributes
        - ALSA: pcm: oss: Avoid potential buffer overflows
        - Input: goodix - add upside-down quirk for Teclast X89 tablet
        - CIFS: Fix SMB2 oplock break processing
        - tty: vt: keyboard: reject invalid keycodes
        - can: slcan: Fix use-after-free Read in slcan_open
        - jbd2: Fix possible overflow in jbd2_log_space_left()
        - drm/i810: Prevent underflow in ioctl
        - KVM: x86: do not modify masked bits of shared MSRs
        - KVM: x86: fix presentation of TSX feature in ARCH_CAPABILITIES
        - crypto: crypto4xx - fix double-free in crypto4xx_destroy_sdr
        - spi: atmel: Fix CS high support
        - RDMA/qib: Validate ->show()/store() callbacks before calling them
        - thermal: Fix deadlock in thermal thermal_zone_device_check
        - Revert "KVM: x86: fix out-of-bounds write in KVM_GET_EMULATED_CPUID
          (CVE-2019-19332)"
        - KVM: x86: fix out-of-bounds write in KVM_GET_EMULATED_CPUID (CVE-2019-19332)
        - appletalk: Fix potential NULL pointer dereference in unregister_snap_client
        - appletalk: Set error code if register_snap_client failed
        - ALSA: hda - Fix pending unsol events at shutdown
        - sched/core: Allow putting thread_info into task_struct
        - sched/core: Add try_get_task_stack() and put_task_stack()
        - sched/core, x86: Make struct thread_info arch specific again
        - fs/proc: Stop reporting eip and esp in /proc/PID/stat
        - fs/proc: Report eip/esp in /prod/PID/stat for coredumping
        - proc: fix coredump vs read /proc/*/stat race
        - fs/proc/array.c: allow reporting eip/esp for all coredumping threads
        - usb: gadget: configfs: Fix missing spin_lock_init()
        - usb: Allow USB device to be warm reset in suspended state
        - staging: rtl8188eu: fix interface sanity check
        - staging: rtl8712: fix interface sanity check
        - staging: gigaset: fix general protection fault on probe
        - staging: gigaset: fix illegal free on probe errors
        - staging: gigaset: add endpoint-type sanity check
        - xhci: Increase STS_HALT timeout in xhci_suspend()
        - iio: humidity: hdc100x: fix IIO_HUMIDITYRELATIVE channel reporting
        - USB: atm: ueagle-atm: add missing endpoint check
        - USB: idmouse: fix interface sanity checks
        - USB: serial: io_edgeport: fix epic endpoint lookup
        - USB: adutux: fix interface sanity check
        - usb: core: urb: fix URB structure initialization function
        - usb: mon: Fix a deadlock in usbmon between mmap and read
        - mtd: spear_smi: Fix Write Burst mode
        - virtio-balloon: fix managed page counts when migrating pages between zones
        - btrfs: check page->mapping when loading free space cache
        - btrfs: Remove btrfs_bio::flags member
        - rtlwifi: rtl8192de: Fix missing code to retrieve RX buffer address
        - rtlwifi: rtl8192de: Fix missing callback that tests for hw release of buffer
        - rtlwifi: rtl8192de: Fix missing enable interrupt flag
        - lib: raid6: fix awk build warnings
        - workqueue: Fix spurious sanity check failures in destroy_workqueue()
        - workqueue: Fix pwq ref leak in rescuer_thread()
        - ASoC: Jack: Fix NULL pointer dereference in snd_soc_jack_report
        - blk-mq: avoid sysfs buffer overflow with too many CPU cores
        - cgroup: pids: use atomic64_t for pids->limit
        - ar5523: check NULL before memcpy() in ar5523_cmd()
        - media: bdisp: fix memleak on release
        - media: radio: wl1273: fix interrupt masking on release
        - cpuidle: Do not unset the driver if it is there already
        - ACPI: OSL: only free map once in osl.c
        - ACPI: bus: Fix NULL pointer check in acpi_bus_get_private_data()
        - ACPI: PM: Avoid attaching ACPI PM domain to certain devices
        - pinctrl: samsung: Fix device node refcount leaks in S3C24xx wakeup
          controller init
        - pinctrl: samsung: Fix device node refcount leaks in init code
        - powerpc: Allow 64bit VDSO __kernel_sync_dicache to work across ranges >4GB
        - video/hdmi: Fix AVI bar unpack
        - quota: Check that quota is not dirty before release
        - quota: fix livelock in dquot_writeback_dquots
        - scsi: zfcp: trace channel log even for FCP command responses
        - usb: xhci: only set D3hot for pci device
        - xhci: Fix memory leak in xhci_add_in_port()
        - xhci: make sure interrupts are restored to correct state
        - iio: adis16480: Add debugfs_reg_access entry
        - Btrfs: fix negative subv_writers counter and data space leak after buffered
          write
        - scsi: lpfc: Cap NPIV vports to 256
        - e100: Fix passing zero to 'PTR_ERR' warning in e100_load_ucode_wait
        - x86/MCE/AMD: Turn off MC4_MISC thresholding on all family 0x15 models
        - ARM: dts: omap3-tao3530: Fix incorrect MMC card detection GPIO polarity
        - pinctrl: samsung: Fix device node refcount leaks in S3C64xx wakeup
          controller init
        - scsi: qla2xxx: Fix DMA unmap leak
        - scsi: qla2xxx: Fix qla24xx_process_bidir_cmd()
        - scsi: qla2xxx: Always check the qla2x00_wait_for_hba_online() return value
        - powerpc: Fix vDSO clock_getres()
        - mm/shmem.c: cast the type of unmap_start to u64
        - blk-mq: make sure that line break can be printed
        - workqueue: Fix missing kfree(rescuer) in destroy_workqueue()
        - sunrpc: fix crash when cache_head become valid before update
        - kernel/module.c: wakeup processes in module_wq on module unload
        - net: bridge: deny dev_set_mac_address() when unregistering
        - tcp: md5: fix potential overestimation of TCP option space
        - tipc: fix ordering of tipc module init and exit routine
        - inet: protect against too small mtu values.
        - tcp: fix rejected syncookies due to stale timestamps
        - tcp: tighten acceptance of ACKs not matching a child socket
        - tcp: Protect accesses to .ts_recent_stamp with {READ,WRITE}_ONCE()
        - net: ethernet: ti: cpsw: fix extra rx interrupt
        - PCI: Fix Intel ACS quirk UPDCR register address
        - PCI/MSI: Fix incorrect MSI-X masking on resume
        - xtensa: fix TLB sanity checker
        - CIFS: Respect O_SYNC and O_DIRECT flags during reconnect
        - ARM: dts: s3c64xx: Fix init order of clock providers
        - ARM: tegra: Fix FLOW_CTLR_HALT register clobbering by tegra_resume()
        - vfio/pci: call irq_bypass_unregister_producer() before freeing irq
        - dm btree: increase rebalance threshold in __rebalance2()
        - drm/radeon: fix r1xx/r2xx register checker for POT textures
        - xhci: fix USB3 device initiated resume race with roothub autosuspend
        - net: stmmac: use correct DMA buffer size in the RX descriptor
        - net: stmmac: don't stop NAPI processing when dropping a packet
        - Linux 4.4.207
    
      * efivarfs test in ubuntu_kernel_selftest failed on the second run
        (LP: #1809704)
        - selftests: efivarfs: return Kselftest Skip code for skipped tests
        - selftests/efivarfs: clean up test files from test_create*()
    
      * cifs: kernel NULL pointer dereference, address: 0000000000000038
        (LP: #1856949)
        - CIFS: Fix NULL-pointer dereference in smb2_push_mandatory_locks
    
      * CVE-2019-19332
        - KVM: x86: fix out-of-bounds write in KVM_GET_EMULATED_CPUID (CVE-2019-19332)
    
      * CVE-2019-19062
        - crypto: user - fix memory leak in crypto_report
    
      * [Hyper-V] KVP daemon fails to start on first boot of disco VM (LP: #1820063)
        - [Packaging] bind hv_kvp_daemon startup to hv_kvp device
    
      * False positive test result in run_afpackettests from net in
        ubuntu_kernel_selftest  (LP: #1825778)
        - selftests/net: correct the return value for run_afpackettests
    
      * Xenial update: 4.4.206 upstream stable release (LP: #1855313)
        - ASoC: compress: fix unsigned integer overflow check
        - ASoC: kirkwood: fix external clock probe defer
        - clk: samsung: exynos5420: Preserve PLL configuration during suspend/resume
        - reset: fix reset_control_ops kerneldoc comment
        - can: peak_usb: report bus recovery as well
        - can: c_can: D_CAN: c_can_chip_config(): perform a sofware reset on open
        - scripts/gdb: fix debugging modules compiled with hot/cold partitioning
        - block: drbd: remove a stray unlock in __drbd_send_protocol()
        - scsi: lpfc: Fix dif and first burst use in write commands
        - ARM: debug-imx: only define DEBUG_IMX_UART_PORT if needed
        - ARM: dts: imx53-voipac-dmm-668: Fix memory node duplication
        - parisc: Fix serio address output
        - parisc: Fix HP SDC hpa address output
        - arm64: smp: Handle errors reported by the firmware
        - PM / AVS: SmartReflex: NULL check before some freeing functions is not
          needed
        - ARM: ks8695: fix section mismatch warning
        - ACPI / LPSS: Ignore acpi_device_fix_up_power() return value
        - crypto: user - support incremental algorithm dumps
        - mwifiex: fix potential NULL dereference and use after free
        - mwifiex: debugfs: correct histogram spacing, formatting
        - rtl818x: fix potential use after free
        - xfs: require both realtime inodes to mount
        - ubi: Put MTD device after it is not used
        - ubi: Do not drop UBI device reference before using
        - microblaze: adjust the help to the real behavior
        - microblaze: move "... is ready" messages to arch/microblaze/Makefile
        - gpiolib: Fix return value of gpio_to_desc() stub if !GPIOLIB
        - VSOCK: bind to random port for VMADDR_PORT_ANY
        - btrfs: only track ref_heads in delayed_ref_updates
        - xen/pciback: Check dev_data before using it
        - KVM: s390: unregister debug feature on failing arch init
        - pinctrl: sh-pfc: sh7264: Fix PFCR3 and PFCR0 register configuration
        - pinctrl: sh-pfc: sh7734: Fix shifted values in IPSR10
        - HID: doc: fix wrong data structure reference for UHID_OUTPUT
        - gfs2: take jdata unstuff into account in do_grow
        - xfs: Align compat attrlist_by_handle with native implementation.
        - IB/qib: Fix an error code in qib_sdma_verbs_send()
        - powerpc/book3s/32: fix number of bats in p/v_block_mapped()
        - powerpc/xmon: fix dump_segments()
        - drivers/regulator: fix a missing check of return value
        - serial: max310x: Fix tx_empty() callback
        - openrisc: Fix broken paths to arch/or32
        - RDMA/srp: Propagate ib_post_send() failures to the SCSI mid-layer
        - scsi: qla2xxx: deadlock by configfs_depend_item
        - scsi: csiostor: fix incorrect dma device in case of vport
        - ath6kl: Only use match sets when firmware supports it
        - ath6kl: Fix off by one error in scan completion
        - powerpc/prom: fix early DEBUG messages
        - powerpc/mm: Make NULL pointer deferences explicit on bad page faults.
        - powerpc/44x/bamboo: Fix PCI range
        - drbd: reject attach of unsuitable uuids even if connected
        - drbd: fix print_st_err()'s prototype to match the definition
        - regulator: tps65910: fix a missing check of return value
        - net/net_namespace: Check the return value of register_pernet_subsys()
        - um: Make GCOV depend on !KCOV
        - net: stmicro: fix a missing check of clk_prepare
        - atl1e: checking the status of atl1e_write_phy_reg
        - tipc: fix a missing check of genlmsg_put
        - ocfs2: clear journal dirty flag after shutdown journal
        - lib/genalloc.c: use vzalloc_node() to allocate the bitmap
        - lib/genalloc.c: include vmalloc.h
        - mtd: Check add_mtd_device() ret code
        - tipc: fix memory leak in tipc_nl_compat_publ_dump
        - net/core/neighbour: tell kmemleak about hash tables
        - net/core/neighbour: fix kmemleak minimal reference count for hash tables
        - sfc: suppress duplicate nvmem partition types in efx_ef10_mtd_probe
        - decnet: fix DN_IFREQ_SIZE
        - tipc: fix skb may be leaky in tipc_link_input
        - sfc: initialise found bitmap in efx_ef10_mtd_probe
        - net: fix possible overflow in __sk_mem_raise_allocated()
        - net: dev: Use unsigned integer as an argument to left-shift
        - scsi: libsas: Support SATA PHY connection rate unmatch fixing during
          discovery
        - ACPI / APEI: Switch estatus pool to use vmalloc memory
        - scsi: libsas: Check SMP PHY control function result
        - mtd: Remove a debug trace in mtdpart.c
        - staging: rtl8192e: fix potential use after free
        - USB: serial: ftdi_sio: add device IDs for U-Blox C099-F9P
        - mei: bus: prefix device names on bus with the bus name
        - media: v4l2-ctrl: fix flags for DO_WHITE_BALANCE
        - net: macb: fix error format in dev_err()
        - pwm: Clear chip_data in pwm_put()
        - macvlan: schedule bc_work even if error
        - openvswitch: fix flow command message size
        - slip: Fix use-after-free Read in slip_open
        - openvswitch: drop unneeded BUG_ON() in ovs_flow_cmd_build_info()
        - openvswitch: remove another BUG_ON()
        - tipc: fix link name length check
        - net: sched: fix `tc -s class show` no bstats on class with nolock subqueues
        - HID: core: check whether Usage Page item is after Usage ID items
        - hwrng: stm32 - fix unbalanced pm_runtime_enable
        - platform/x86: hp-wmi: Fix ACPI errors caused by too small buffer
        - Linux 4.4.206
        - [Config] updateconfigs for 4.4.206
    
      * Xenial update: 4.4.205 upstream stable release (LP: #1854857)
        - Revert "sock: Reset dst when changing sk_mark via setsockopt"
        - Linux 4.4.205
    
      * Xenial update: 4.4.204 upstream stable release (LP: #1854855)
        - net/mlx4_en: fix mlx4 ethtool -N insertion
        - sfc: Only cancel the PPS workqueue if it exists
        - net/sched: act_pedit: fix WARN() in the traffic path
        - net: rtnetlink: prevent underflows in do_setvfinfo()
        - Revert "fs: ocfs2: fix possible null-pointer dereferences in
          ocfs2_xa_prepare_entry()"
        - mm/ksm.c: don't WARN if page is still mapped in remove_stable_node()
        - asus-wmi: Create quirk for airplane_mode LED
        - asus-wmi: Add quirk_no_rfkill_wapf4 for the Asus X456UF
        - asus-wmi: Add quirk_no_rfkill for the Asus N552VW
        - asus-wmi: Add quirk_no_rfkill for the Asus U303LB
        - asus-wmi: Add quirk_no_rfkill for the Asus Z550MA
        - platform/x86: asus-wmi: Filter buggy scan codes on ASUS Q500A
        - platform/x86: asus-wmi: fix asus ux303ub brightness issue
        - platform/x86: asus-wmi: Set specified XUSB2PR value for X550LB
        - asus-wmi: provide access to ALS control
        - platform/x86: asus-wmi: try to set als by default
        - platform/x86: asus-nb-wmi: Support ALS on the Zenbook UX430UQ
        - platform/x86: asus-wmi: add SERIO_I8042 dependency
        - mwifiex: Fix NL80211_TX_POWER_LIMITED
        - ALSA: isight: fix leak of reference to firewire unit in error path of .probe
          callback
        - printk: fix integer overflow in setup_log_buf()
        - gfs2: Fix marking bitmaps non-full
        - synclink_gt(): fix compat_ioctl()
        - powerpc: Fix signedness bug in update_flash_db()
        - powerpc/eeh: Fix use of EEH_PE_KEEP on wrong field
        - brcmsmac: AP mode: update beacon when TIM changes
        - spi: sh-msiof: fix deferred probing
        - mmc: mediatek: fix cannot receive new request when msdc_cmd_is_ready fail
        - btrfs: handle error of get_old_root
        - gsmi: Fix bug in append_to_eventlog sysfs handler
        - misc: mic: fix a DMA pool free failure
        - amiflop: clean up on errors during setup
        - scsi: ips: fix missing break in switch
        - KVM/x86: Fix invvpid and invept register operand size in 64-bit mode
        - scsi: isci: Use proper enumerated type in atapi_d2h_reg_frame_handler
        - scsi: isci: Change sci_controller_start_task's return type to sci_status
        - scsi: iscsi_tcp: Explicitly cast param in iscsi_sw_tcp_host_get_param
        - clk: mmp2: fix the clock id for sdh2_clk and sdh3_clk
        - scsi: dc395x: fix dma API usage in srb_done
        - scsi: dc395x: fix DMA API usage in sg_update_list
        - net: fix warning in af_unix
        - kprobes, x86/ptrace.h: Make regs_get_kernel_stack_nth() not fault on bad
          stack
        - ALSA: i2c/cs8427: Fix int to char conversion
        - macintosh/windfarm_smu_sat: Fix debug output
        - USB: misc: appledisplay: fix backlight update_status return code
        - SUNRPC: Fix a compile warning for cmpxchg64()
        - atm: zatm: Fix empty body Clang warnings
        - s390/perf: Return error when debug_register fails
        - spi: omap2-mcspi: Set FIFO DMA trigger level to word length
        - sparc: Fix parport build warnings.
        - ceph: fix dentry leak in ceph_readdir_prepopulate
        - rtc: s35390a: Change buf's type to u8 in s35390a_init
        - mISDN: Fix type of switch control variable in ctrl_teimanager
        - qlcnic: fix a return in qlcnic_dcb_get_capability()
        - mfd: mc13xxx-core: Fix PMIC shutdown when reading ADC values
        - mfd: max8997: Enale irq-wakeup unconditionally
        - selftests/ftrace: Fix to test kprobe $comm arg only if available
        - thermal: rcar_thermal: Prevent hardware access during system suspend
        - sparc64: Rework xchg() definition to avoid warnings.
        - fs/ocfs2/dlm/dlmdebug.c: fix a sleep-in-atomic-context bug in
          dlm_print_one_mle()
        - mm/page-writeback.c: fix range_cyclic writeback vs writepages deadlock
        - um: Make line/tty semantics use true write IRQ
        - linux/bitmap.h: handle constant zero-size bitmaps correctly
        - linux/bitmap.h: fix type of nbits in bitmap_shift_right()
        - hfsplus: fix BUG on bnode parent update
        - hfs: fix BUG on bnode parent update
        - hfsplus: prevent btree data loss on ENOSPC
        - hfs: prevent btree data loss on ENOSPC
        - hfsplus: fix return value of hfsplus_get_block()
        - hfs: fix return value of hfs_get_block()
        - fs/hfs/extent.c: fix array out of bounds read of array extent
        - igb: shorten maximum PHC timecounter update interval
        - ntb_netdev: fix sleep time mismatch
        - ntb: intel: fix return value for ndev_vec_mask()
        - ocfs2: don't put and assigning null to bh allocated outside
        - ocfs2: fix clusters leak in ocfs2_defrag_extent()
        - net: do not abort bulk send on BQL status
        - sched/fair: Don't increase sd->balance_interval on newidle balance
        - audit: print empty EXECVE args
        - wlcore: Fix the return value in case of error in
          'wlcore_vendor_cmd_smart_config_start()'
        - rtl8xxxu: Fix missing break in switch
        - brcmsmac: never log "tid x is not agg'able" by default
        - wireless: airo: potential buffer overflow in sprintf()
        - rtlwifi: rtl8192de: Fix misleading REG_MCUFWDL information
        - scsi: mpt3sas: Fix Sync cache command failure during driver unload
        - scsi: mpt3sas: Fix driver modifying persistent data in Manufacturing page11
        - scsi: megaraid_sas: Fix msleep granularity
        - scsi: lpfc: fcoe: Fix link down issue after 1000+ link bounces
        - dlm: fix invalid free
        - dlm: don't leak kernel pointer to userspace
        - net: bcmgenet: return correct value 'ret' from bcmgenet_power_down
        - sock: Reset dst when changing sk_mark via setsockopt
        - pinctrl: qcom: spmi-gpio: fix gpio-hog related boot issues
        - pinctrl: zynq: Use define directive for PIN_CONFIG_IO_STANDARD
        - PCI: keystone: Use quirk to limit MRRS for K2G
        - spi: omap2-mcspi: Fix DMA and FIFO event trigger size mismatch
        - IB/hfi1: Ensure full Gen3 speed in a Gen4 system
        - Bluetooth: Fix invalid-free in bcsp_close()
        - ath9k_hw: fix uninitialized variable data
        - dm: use blk_set_queue_dying() in __dm_destroy()
        - arm64: fix for bad_mode() handler to always result in panic
        - cpufreq: Skip cpufreq resume if it's not suspended
        - ocfs2: remove ocfs2_is_o2cb_active()
        - mmc: block: Fix tag condition with packed writes
        - ARC: perf: Accommodate big-endian CPU
        - x86/insn: Fix awk regexp warnings
        - x86/speculation: Fix incorrect MDS/TAA mitigation status
        - x86/speculation: Fix redundant MDS mitigation message
        - media: vivid: Set vid_cap_streaming and vid_out_streaming to true
        - media: vivid: Fix wrong locking that causes race conditions on streaming
          stop
        - cpufreq: Add NULL checks to show() and store() methods of cpufreq
        - media: b2c2-flexcop-usb: add sanity checking
        - media: cxusb: detect cxusb_ctrl_msg error in query
        - media: imon: invalid dereference in imon_touch_event
        - virtio_console: reset on out of memory
        - virtio_console: don't tie bufs to a vq
        - virtio_console: allocate inbufs in add_port() only if it is needed
        - virtio_console: fix uninitialized variable use
        - virtio_console: drop custom control queue cleanup
        - virtio_console: move removal code
        - usb-serial: cp201x: support Mark-10 digital force gauge
        - appledisplay: fix error handling in the scheduled work
        - USB: serial: mos7840: add USB ID to support Moxa UPort 2210
        - USB: serial: mos7720: fix remote wakeup
        - USB: serial: mos7840: fix remote wakeup
        - USB: serial: option: add support for DW5821e with eSIM support
        - USB: serial: option: add support for Foxconn T77W968 LTE modules
        - staging: comedi: usbduxfast: usbduxfast_ai_cmdtest rounding error
        - Linux 4.4.204
    
     -- Marcelo Henrique Cerri <email address hidden>  Tue, 14 Jan 2020 22:02:26 -0300
  • linux (4.4.0-172.202) xenial; urgency=medium
    
      * xenial/linux: 4.4.0-172.202 -proposed tracker (LP: #1858594)
    
      * tools/perf fails to build after Xenial update to 4.4.208 upstream stable
        release (LP: #1858798)
        - Revert "perf report: Add warning when libunwind not compiled in"
    
      * CVE-2019-18885
        - btrfs: refactor btrfs_find_device() take fs_devices as argument
        - btrfs: merge btrfs_find_device and find_device
    
      *  Integrate Intel SGX driver into linux-azure (LP: #1844245)
        - [Packaging] Add systemd service to load intel_sgx
    
      * Xenial update: 4.4.208 upstream stable release (LP: #1858462)
        - btrfs: do not leak reloc root if we fail to read the fs root
        - btrfs: handle ENOENT in btrfs_uuid_tree_iterate
        - ALSA: hda/ca0132 - Keep power on during processing DSP response
        - ALSA: hda/ca0132 - Avoid endless loop
        - drm: mst: Fix query_payload ack reply struct
        - iio: light: bh1750: Resolve compiler warning and make code more readable
        - spi: Add call to spi_slave_abort() function when spidev driver is released
        - staging: rtl8188eu: fix possible null dereference
        - rtlwifi: prevent memory leak in rtl_usb_probe
        - IB/iser: bound protection_sg size by data_sg size
        - media: am437x-vpfe: Setting STD to current value is not an error
        - media: i2c: ov2659: fix s_stream return value
        - media: i2c: ov2659: Fix missing 720p register config
        - media: ov6650: Fix stored frame format not in sync with hardware
        - tools/power/cpupower: Fix initializer override in hsw_ext_cstates
        - usb: renesas_usbhs: add suspend event support in gadget mode
        - hwrng: omap3-rom - Call clk_disable_unprepare() on exit only if not idled
        - regulator: max8907: Fix the usage of uninitialized variable in
          max8907_regulator_probe()
        - media: flexcop-usb: fix NULL-ptr deref in flexcop_usb_transfer_init()
        - samples: pktgen: fix proc_cmd command result check logic
        - mwifiex: pcie: Fix memory leak in mwifiex_pcie_init_evt_ring
        - media: ti-vpe: vpe: fix a v4l2-compliance warning about invalid pixel format
        - media: ti-vpe: vpe: fix a v4l2-compliance failure about frame sequence
          number
        - media: ti-vpe: vpe: Make sure YUYV is set as default format
        - extcon: sm5502: Reset registers during initialization
        - x86/mm: Use the correct function type for native_set_fixmap()
        - perf report: Add warning when libunwind not compiled in
        - iio: adc: max1027: Reset the device at probe time
        - Bluetooth: hci_core: fix init for HCI_USER_CHANNEL
        - drm/gma500: fix memory disclosures due to uninitialized bytes
        - x86/ioapic: Prevent inconsistent state when moving an interrupt
        - arm64: psci: Reduce the waiting time for cpu_psci_cpu_kill()
        - libata: Ensure ata_port probe has completed before detach
        - pinctrl: sh-pfc: sh7734: Fix duplicate TCLK1_B
        - bnx2x: Fix PF-VF communication over multi-cos queues.
        - spi: img-spfi: fix potential double release
        - rtlwifi: fix memory leak in rtl92c_set_fw_rsvdpagepkt()
        - perf probe: Fix to find range-only function instance
        - perf probe: Fix to list probe event with correct line number
        - perf probe: Walk function lines in lexical blocks
        - perf probe: Fix to probe an inline function which has no entry pc
        - perf probe: Fix to show ranges of variables in functions without entry_pc
        - perf probe: Fix to show inlined function callsite without entry_pc
        - perf probe: Skip overlapped location on searching variables
        - perf probe: Return a better scope DIE if there is no best scope
        - perf probe: Fix to show calling lines of inlined functions
        - perf probe: Skip end-of-sequence and non statement lines
        - perf probe: Filter out instances except for inlined subroutine and
          subprogram
        - ath10k: fix get invalid tx rate for Mesh metric
        - media: pvrusb2: Fix oops on tear-down when radio support is not present
        - media: si470x-i2c: add missed operations in remove
        - EDAC/ghes: Fix grain calculation
        - spi: pxa2xx: Add missed security checks
        - ASoC: rt5677: Mark reg RT5677_PWR_ANLG2 as volatile
        - parport: load lowlevel driver if ports not found
        - cpufreq: Register drivers only after CPU devices have been registered
        - x86/crash: Add a forward declaration of struct kimage
        - spi: tegra20-slink: add missed clk_unprepare
        - btrfs: don't prematurely free work in end_workqueue_fn()
        - iwlwifi: check kasprintf() return value
        - fbtft: Make sure string is NULL terminated
        - crypto: sun4i-ss - Fix 64-bit size_t warnings on sun4i-ss-hash.c
        - crypto: vmx - Avoid weird build failures
        - libtraceevent: Fix memory leakage in copy_filter_type
        - net: phy: initialise phydev speed and duplex sanely
        - Revert "mmc: sdhci: Fix incorrect switch to HS mode"
        - usb: xhci: Fix build warning seen with CONFIG_PM=n
        - btrfs: do not call synchronize_srcu() in inode_tree_del
        - btrfs: return error pointer from alloc_test_extent_buffer
        - btrfs: abort transaction after failed inode updates in create_subvol
        - Btrfs: fix removal logic of the tree mod log that leads to use-after-free
          issues
        - ALSA: pcm: Avoid possible info leaks from PCM stream buffers
        - af_packet: set defaule value for tmo
        - fjes: fix missed check in fjes_acpi_add
        - mod_devicetable: fix PHY module format
        - net: hisilicon: Fix a BUG trigered by wrong bytes_compl
        - net: nfc: nci: fix a possible sleep-in-atomic-context bug in
          nci_uart_tty_receive()
        - net: qlogic: Fix error paths in ql_alloc_large_buffers()
        - net: usb: lan78xx: Fix suspend/resume PHY register access error
        - sctp: fully initialize v4 addr in some functions
        - net: dst: Force 4-byte alignment of dst_metrics
        - usbip: Fix error path of vhci_recv_ret_submit()
        - USB: EHCI: Do not return -EPIPE when hub is disconnected
        - platform/x86: hp-wmi: Make buffer for HPWMI_FEATURE2_QUERY 128 bytes
        - staging: comedi: gsc_hpdi: check dma_alloc_coherent() return value
        - ext4: check for directory entries too close to block end
        - powerpc/irq: fix stack overflow verification
        - mmc: sdhci-of-esdhc: fix P2020 errata handling
        - perf probe: Fix to show function entry line as probe-able
        - scsi: mpt3sas: Fix clear pending bit in ioctl status
        - scsi: lpfc: Fix locking on mailbox command completion
        - Input: atmel_mxt_ts - disable IRQ across suspend
        - iommu/tegra-smmu: Fix page tables in > 4 GiB memory
        - scsi: target: compare full CHAP_A Algorithm strings
        - scsi: lpfc: Fix SLI3 hba in loop mode not discovering devices
        - scsi: csiostor: Don't enable IRQs too early
        - powerpc/pseries: Mark accumulate_stolen_time() as notrace
        - dma-debug: add a schedule point in debug_dma_dump_mappings()
        - clocksource/drivers/asm9260: Add a check for of_clk_get
        - powerpc/security/book3s64: Report L1TF status in sysfs
        - jbd2: Fix statistics for the number of logged blocks
        - scsi: tracing: Fix handling of TRANSFER LENGTH == 0 for READ(6) and WRITE(6)
        - scsi: lpfc: Fix duplicate unreg_rpi error in port offline flow
        - clk: qcom: Allow constant ratio freq tables for rcg
        - irqchip/irq-bcm7038-l1: Enable parent IRQ if necessary
        - irqchip: ingenic: Error out if IRQ domain creation failed
        - fs/quota: handle overflows of sysctl fs.quota.* and report as unsigned long
        - scsi: lpfc: fix: Coverity: lpfc_cmpl_els_rsp(): Null pointer dereferences
        - scsi: ufs: fix potential bug which ends in system hang
        - powerpc/pseries/cmm: Implement release() function for sysfs device
        - powerpc/security: Fix wrong message when RFI Flush is disable
        - clk: pxa: fix one of the pxa RTC clocks
        - bcache: at least try to shrink 1 node in bch_mca_scan()
        - HID: Improve Windows Precision Touchpad detection.
        - ext4: work around deleting a file with i_nlink == 0 safely
        - scsi: pm80xx: Fix for SATA device discovery
        - scsi: target: iscsi: Wait for all commands to finish before freeing a
          session
        - gpio: mpc8xxx: Don't overwrite default irq_set_type callback
        - scripts/kallsyms: fix definitely-lost memory leak
        - cdrom: respect device capabilities during opening action
        - perf regs: Make perf_reg_name() return "unknown" instead of NULL
        - libfdt: define INT32_MAX and UINT32_MAX in libfdt_env.h
        - s390/cpum_sf: Check for SDBT and SDB consistency
        - ocfs2: fix passing zero to 'PTR_ERR' warning
        - kernel: sysctl: make drop_caches write-only
        - ALSA: hda - Downgrade error message for single-cmd fallback
        - Make filldir[64]() verify the directory entry filename is valid
        - filldir[64]: remove WARN_ON_ONCE() for bad directory entries
        - net: davinci_cpdma: use dma_addr_t for DMA address
        - netfilter: ebtables: compat: reject all padding in matches/watchers
        - 6pack,mkiss: fix possible deadlock
        - netfilter: bridge: make sure to pull arp header in br_nf_forward_arp()
        - net: icmp: fix data-race in cmp_global_allow()
        - hrtimer: Annotate lockless access to timer->state
        - mmc: sdhci: Update the tuning failed messages to pr_debug level
        - tcp: do not send empty skb from tcp_write_xmit()
        - Linux 4.4.208
    
      * Xenial update: 4.4.207 upstream stable release (LP: #1858489)
        - x86/apic/32: Avoid bogus LDR warnings
        - usb: gadget: u_serial: add missing port entry locking
        - tty: serial: msm_serial: Fix flow control
        - x86/PCI: Avoid AMD FCH XHCI USB PME# from D0 defect
        - serial: serial_core: Perform NULL checks for break_ctl ops
        - serial: ifx6x60: add missed pm_runtime_disable
        - autofs: fix a leak in autofs_expire_indirect()
        - NFC: nxp-nci: Fix NULL pointer dereference after I2C communication error
        - Input: cyttsp4_core - fix use after free bug
        - ALSA: pcm: Fix stream lock usage in snd_pcm_period_elapsed()
        - rsxx: add missed destroy_workqueue calls in remove
        - net: ep93xx_eth: fix mismatch of request_mem_region in remove
        - serial: core: Allow processing sysrq at port unlock time
        - iwlwifi: mvm: Send non offchannel traffic via AP sta
        - ARM: 8813/1: Make aligned 2-byte getuser()/putuser() atomic on ARMv6+
        - extcon: max8997: Fix lack of path setting in USB device mode
        - clk: rockchip: fix rk3188 sclk_smc gate data
        - clk: rockchip: fix rk3188 sclk_mac_lbtest parameter ordering
        - dlm: fix missing idr_destroy for recover_idr
        - MIPS: SiByte: Enable ZONE_DMA32 for LittleSur
        - scsi: zfcp: drop default switch case which might paper over missing case
        - pinctrl: qcom: ssbi-gpio: fix gpio-hog related boot issues
        - Staging: iio: adt7316: Fix i2c data reading, set the data field
        - regulator: Fix return value of _set_load() stub
        - MIPS: OCTEON: octeon-platform: fix typing
        - math-emu/soft-fp.h: (_FP_ROUND_ZERO) cast 0 to void to fix warning
        - rtc: max8997: Fix the returned value in case of error in
          'max8997_rtc_read_alarm()'
        - rtc: dt-binding: abx80x: fix resistance scale
        - ARM: dts: exynos: Use Samsung SoC specific compatible for DWC2 module
        - dmaengine: coh901318: Fix a double-lock bug
        - dmaengine: coh901318: Remove unused variable
        - ACPI: fix acpi_find_child_device() invocation in acpi_preset_companion()
        - dma-mapping: fix return type of dma_set_max_seg_size()
        - altera-stapl: check for a null key before strcasecmp'ing it
        - serial: imx: fix error handling in console_setup
        - i2c: imx: don't print error message on probe defer
        - dlm: NULL check before kmem_cache_destroy is not needed
        - nfsd: fix a warning in __cld_pipe_upcall()
        - ARM: OMAP1/2: fix SoC name printing
        - net/x25: fix called/calling length calculation in x25_parse_address_block
        - net/x25: fix null_x25_address handling
        - ARM: dts: mmp2: fix the gpio interrupt cell number
        - tcp: fix off-by-one bug on aborting window-probing socket
        - modpost: skip ELF local symbols during section mismatch check
        - kbuild: fix single target build for external module
        - ARM: dts: pxa: clean up USB controller nodes
        - dlm: fix invalid cluster name warning
        - powerpc/math-emu: Update macros from GCC
        - MIPS: OCTEON: cvmx_pko_mem_debug8: use oldest forward compatible definition
        - nfsd: Return EPERM, not EACCES, in some SETATTR cases
        - mlx4: Use snprintf instead of complicated strcpy
        - ARM: dts: sunxi: Fix PMU compatible strings
        - sched/fair: Scale bandwidth quota and period without losing quota/period
          ratio precision
        - fuse: verify nlink
        - fuse: verify attributes
        - ALSA: pcm: oss: Avoid potential buffer overflows
        - Input: goodix - add upside-down quirk for Teclast X89 tablet
        - CIFS: Fix SMB2 oplock break processing
        - tty: vt: keyboard: reject invalid keycodes
        - can: slcan: Fix use-after-free Read in slcan_open
        - jbd2: Fix possible overflow in jbd2_log_space_left()
        - drm/i810: Prevent underflow in ioctl
        - KVM: x86: do not modify masked bits of shared MSRs
        - KVM: x86: fix presentation of TSX feature in ARCH_CAPABILITIES
        - crypto: crypto4xx - fix double-free in crypto4xx_destroy_sdr
        - spi: atmel: Fix CS high support
        - RDMA/qib: Validate ->show()/store() callbacks before calling them
        - thermal: Fix deadlock in thermal thermal_zone_device_check
        - Revert "KVM: x86: fix out-of-bounds write in KVM_GET_EMULATED_CPUID
          (CVE-2019-19332)"
        - KVM: x86: fix out-of-bounds write in KVM_GET_EMULATED_CPUID (CVE-2019-19332)
        - appletalk: Fix potential NULL pointer dereference in unregister_snap_client
        - appletalk: Set error code if register_snap_client failed
        - ALSA: hda - Fix pending unsol events at shutdown
        - sched/core: Allow putting thread_info into task_struct
        - sched/core: Add try_get_task_stack() and put_task_stack()
        - sched/core, x86: Make struct thread_info arch specific again
        - fs/proc: Stop reporting eip and esp in /proc/PID/stat
        - fs/proc: Report eip/esp in /prod/PID/stat for coredumping
        - proc: fix coredump vs read /proc/*/stat race
        - fs/proc/array.c: allow reporting eip/esp for all coredumping threads
        - usb: gadget: configfs: Fix missing spin_lock_init()
        - usb: Allow USB device to be warm reset in suspended state
        - staging: rtl8188eu: fix interface sanity check
        - staging: rtl8712: fix interface sanity check
        - staging: gigaset: fix general protection fault on probe
        - staging: gigaset: fix illegal free on probe errors
        - staging: gigaset: add endpoint-type sanity check
        - xhci: Increase STS_HALT timeout in xhci_suspend()
        - iio: humidity: hdc100x: fix IIO_HUMIDITYRELATIVE channel reporting
        - USB: atm: ueagle-atm: add missing endpoint check
        - USB: idmouse: fix interface sanity checks
        - USB: serial: io_edgeport: fix epic endpoint lookup
        - USB: adutux: fix interface sanity check
        - usb: core: urb: fix URB structure initialization function
        - usb: mon: Fix a deadlock in usbmon between mmap and read
        - mtd: spear_smi: Fix Write Burst mode
        - virtio-balloon: fix managed page counts when migrating pages between zones
        - btrfs: check page->mapping when loading free space cache
        - btrfs: Remove btrfs_bio::flags member
        - rtlwifi: rtl8192de: Fix missing code to retrieve RX buffer address
        - rtlwifi: rtl8192de: Fix missing callback that tests for hw release of buffer
        - rtlwifi: rtl8192de: Fix missing enable interrupt flag
        - lib: raid6: fix awk build warnings
        - workqueue: Fix spurious sanity check failures in destroy_workqueue()
        - workqueue: Fix pwq ref leak in rescuer_thread()
        - ASoC: Jack: Fix NULL pointer dereference in snd_soc_jack_report
        - blk-mq: avoid sysfs buffer overflow with too many CPU cores
        - cgroup: pids: use atomic64_t for pids->limit
        - ar5523: check NULL before memcpy() in ar5523_cmd()
        - media: bdisp: fix memleak on release
        - media: radio: wl1273: fix interrupt masking on release
        - cpuidle: Do not unset the driver if it is there already
        - ACPI: OSL: only free map once in osl.c
        - ACPI: bus: Fix NULL pointer check in acpi_bus_get_private_data()
        - ACPI: PM: Avoid attaching ACPI PM domain to certain devices
        - pinctrl: samsung: Fix device node refcount leaks in S3C24xx wakeup
          controller init
        - pinctrl: samsung: Fix device node refcount leaks in init code
        - powerpc: Allow 64bit VDSO __kernel_sync_dicache to work across ranges >4GB
        - video/hdmi: Fix AVI bar unpack
        - quota: Check that quota is not dirty before release
        - quota: fix livelock in dquot_writeback_dquots
        - scsi: zfcp: trace channel log even for FCP command responses
        - usb: xhci: only set D3hot for pci device
        - xhci: Fix memory leak in xhci_add_in_port()
        - xhci: make sure interrupts are restored to correct state
        - iio: adis16480: Add debugfs_reg_access entry
        - Btrfs: fix negative subv_writers counter and data space leak after buffered
          write
        - scsi: lpfc: Cap NPIV vports to 256
        - e100: Fix passing zero to 'PTR_ERR' warning in e100_load_ucode_wait
        - x86/MCE/AMD: Turn off MC4_MISC thresholding on all family 0x15 models
        - ARM: dts: omap3-tao3530: Fix incorrect MMC card detection GPIO polarity
        - pinctrl: samsung: Fix device node refcount leaks in S3C64xx wakeup
          controller init
        - scsi: qla2xxx: Fix DMA unmap leak
        - scsi: qla2xxx: Fix qla24xx_process_bidir_cmd()
        - scsi: qla2xxx: Always check the qla2x00_wait_for_hba_online() return value
        - powerpc: Fix vDSO clock_getres()
        - mm/shmem.c: cast the type of unmap_start to u64
        - blk-mq: make sure that line break can be printed
        - workqueue: Fix missing kfree(rescuer) in destroy_workqueue()
        - sunrpc: fix crash when cache_head become valid before update
        - kernel/module.c: wakeup processes in module_wq on module unload
        - net: bridge: deny dev_set_mac_address() when unregistering
        - tcp: md5: fix potential overestimation of TCP option space
        - tipc: fix ordering of tipc module init and exit routine
        - inet: protect against too small mtu values.
        - tcp: fix rejected syncookies due to stale timestamps
        - tcp: tighten acceptance of ACKs not matching a child socket
        - tcp: Protect accesses to .ts_recent_stamp with {READ,WRITE}_ONCE()
        - net: ethernet: ti: cpsw: fix extra rx interrupt
        - PCI: Fix Intel ACS quirk UPDCR register address
        - PCI/MSI: Fix incorrect MSI-X masking on resume
        - xtensa: fix TLB sanity checker
        - CIFS: Respect O_SYNC and O_DIRECT flags during reconnect
        - ARM: dts: s3c64xx: Fix init order of clock providers
        - ARM: tegra: Fix FLOW_CTLR_HALT register clobbering by tegra_resume()
        - vfio/pci: call irq_bypass_unregister_producer() before freeing irq
        - dm btree: increase rebalance threshold in __rebalance2()
        - drm/radeon: fix r1xx/r2xx register checker for POT textures
        - xhci: fix USB3 device initiated resume race with roothub autosuspend
        - net: stmmac: use correct DMA buffer size in the RX descriptor
        - net: stmmac: don't stop NAPI processing when dropping a packet
        - Linux 4.4.207
    
      * efivarfs test in ubuntu_kernel_selftest failed on the second run
        (LP: #1809704)
        - selftests: efivarfs: return Kselftest Skip code for skipped tests
        - selftests/efivarfs: clean up test files from test_create*()
    
      * cifs: kernel NULL pointer dereference, address: 0000000000000038
        (LP: #1856949)
        - CIFS: Fix NULL-pointer dereference in smb2_push_mandatory_locks
    
      * CVE-2019-19332
        - KVM: x86: fix out-of-bounds write in KVM_GET_EMULATED_CPUID (CVE-2019-19332)
    
      * CVE-2019-19062
        - crypto: user - fix memory leak in crypto_report
    
      * [Hyper-V] KVP daemon fails to start on first boot of disco VM (LP: #1820063)
        - [Packaging] bind hv_kvp_daemon startup to hv_kvp device
    
      * False positive test result in run_afpackettests from net in
        ubuntu_kernel_selftest  (LP: #1825778)
        - selftests/net: correct the return value for run_afpackettests
    
      * Xenial update: 4.4.206 upstream stable release (LP: #1855313)
        - ASoC: compress: fix unsigned integer overflow check
        - ASoC: kirkwood: fix external clock probe defer
        - clk: samsung: exynos5420: Preserve PLL configuration during suspend/resume
        - reset: fix reset_control_ops kerneldoc comment
        - can: peak_usb: report bus recovery as well
        - can: c_can: D_CAN: c_can_chip_config(): perform a sofware reset on open
        - scripts/gdb: fix debugging modules compiled with hot/cold partitioning
        - block: drbd: remove a stray unlock in __drbd_send_protocol()
        - scsi: lpfc: Fix dif and first burst use in write commands
        - ARM: debug-imx: only define DEBUG_IMX_UART_PORT if needed
        - ARM: dts: imx53-voipac-dmm-668: Fix memory node duplication
        - parisc: Fix serio address output
        - parisc: Fix HP SDC hpa address output
        - arm64: smp: Handle errors reported by the firmware
        - PM / AVS: SmartReflex: NULL check before some freeing functions is not
          needed
        - ARM: ks8695: fix section mismatch warning
        - ACPI / LPSS: Ignore acpi_device_fix_up_power() return value
        - crypto: user - support incremental algorithm dumps
        - mwifiex: fix potential NULL dereference and use after free
        - mwifiex: debugfs: correct histogram spacing, formatting
        - rtl818x: fix potential use after free
        - xfs: require both realtime inodes to mount
        - ubi: Put MTD device after it is not used
        - ubi: Do not drop UBI device reference before using
        - microblaze: adjust the help to the real behavior
        - microblaze: move "... is ready" messages to arch/microblaze/Makefile
        - gpiolib: Fix return value of gpio_to_desc() stub if !GPIOLIB
        - VSOCK: bind to random port for VMADDR_PORT_ANY
        - btrfs: only track ref_heads in delayed_ref_updates
        - xen/pciback: Check dev_data before using it
        - KVM: s390: unregister debug feature on failing arch init
        - pinctrl: sh-pfc: sh7264: Fix PFCR3 and PFCR0 register configuration
        - pinctrl: sh-pfc: sh7734: Fix shifted values in IPSR10
        - HID: doc: fix wrong data structure reference for UHID_OUTPUT
        - gfs2: take jdata unstuff into account in do_grow
        - xfs: Align compat attrlist_by_handle with native implementation.
        - IB/qib: Fix an error code in qib_sdma_verbs_send()
        - powerpc/book3s/32: fix number of bats in p/v_block_mapped()
        - powerpc/xmon: fix dump_segments()
        - drivers/regulator: fix a missing check of return value
        - serial: max310x: Fix tx_empty() callback
        - openrisc: Fix broken paths to arch/or32
        - RDMA/srp: Propagate ib_post_send() failures to the SCSI mid-layer
        - scsi: qla2xxx: deadlock by configfs_depend_item
        - scsi: csiostor: fix incorrect dma device in case of vport
        - ath6kl: Only use match sets when firmware supports it
        - ath6kl: Fix off by one error in scan completion
        - powerpc/prom: fix early DEBUG messages
        - powerpc/mm: Make NULL pointer deferences explicit on bad page faults.
        - powerpc/44x/bamboo: Fix PCI range
        - drbd: reject attach of unsuitable uuids even if connected
        - drbd: fix print_st_err()'s prototype to match the definition
        - regulator: tps65910: fix a missing check of return value
        - net/net_namespace: Check the return value of register_pernet_subsys()
        - um: Make GCOV depend on !KCOV
        - net: stmicro: fix a missing check of clk_prepare
        - atl1e: checking the status of atl1e_write_phy_reg
        - tipc: fix a missing check of genlmsg_put
        - ocfs2: clear journal dirty flag after shutdown journal
        - lib/genalloc.c: use vzalloc_node() to allocate the bitmap
        - lib/genalloc.c: include vmalloc.h
        - mtd: Check add_mtd_device() ret code
        - tipc: fix memory leak in tipc_nl_compat_publ_dump
        - net/core/neighbour: tell kmemleak about hash tables
        - net/core/neighbour: fix kmemleak minimal reference count for hash tables
        - sfc: suppress duplicate nvmem partition types in efx_ef10_mtd_probe
        - decnet: fix DN_IFREQ_SIZE
        - tipc: fix skb may be leaky in tipc_link_input
        - sfc: initialise found bitmap in efx_ef10_mtd_probe
        - net: fix possible overflow in __sk_mem_raise_allocated()
        - net: dev: Use unsigned integer as an argument to left-shift
        - scsi: libsas: Support SATA PHY connection rate unmatch fixing during
          discovery
        - ACPI / APEI: Switch estatus pool to use vmalloc memory
        - scsi: libsas: Check SMP PHY control function result
        - mtd: Remove a debug trace in mtdpart.c
        - staging: rtl8192e: fix potential use after free
        - USB: serial: ftdi_sio: add device IDs for U-Blox C099-F9P
        - mei: bus: prefix device names on bus with the bus name
        - media: v4l2-ctrl: fix flags for DO_WHITE_BALANCE
        - net: macb: fix error format in dev_err()
        - pwm: Clear chip_data in pwm_put()
        - macvlan: schedule bc_work even if error
        - openvswitch: fix flow command message size
        - slip: Fix use-after-free Read in slip_open
        - openvswitch: drop unneeded BUG_ON() in ovs_flow_cmd_build_info()
        - openvswitch: remove another BUG_ON()
        - tipc: fix link name length check
        - net: sched: fix `tc -s class show` no bstats on class with nolock subqueues
        - HID: core: check whether Usage Page item is after Usage ID items
        - hwrng: stm32 - fix unbalanced pm_runtime_enable
        - platform/x86: hp-wmi: Fix ACPI errors caused by too small buffer
        - Linux 4.4.206
        - [Config] updateconfigs for 4.4.206
    
      * Xenial update: 4.4.205 upstream stable release (LP: #1854857)
        - Revert "sock: Reset dst when changing sk_mark via setsockopt"
        - Linux 4.4.205
    
      * Xenial update: 4.4.204 upstream stable release (LP: #1854855)
        - net/mlx4_en: fix mlx4 ethtool -N insertion
        - sfc: Only cancel the PPS workqueue if it exists
        - net/sched: act_pedit: fix WARN() in the traffic path
        - net: rtnetlink: prevent underflows in do_setvfinfo()
        - Revert "fs: ocfs2: fix possible null-pointer dereferences in
          ocfs2_xa_prepare_entry()"
        - mm/ksm.c: don't WARN if page is still mapped in remove_stable_node()
        - asus-wmi: Create quirk for airplane_mode LED
        - asus-wmi: Add quirk_no_rfkill_wapf4 for the Asus X456UF
        - asus-wmi: Add quirk_no_rfkill for the Asus N552VW
        - asus-wmi: Add quirk_no_rfkill for the Asus U303LB
        - asus-wmi: Add quirk_no_rfkill for the Asus Z550MA
        - platform/x86: asus-wmi: Filter buggy scan codes on ASUS Q500A
        - platform/x86: asus-wmi: fix asus ux303ub brightness issue
        - platform/x86: asus-wmi: Set specified XUSB2PR value for X550LB
        - asus-wmi: provide access to ALS control
        - platform/x86: asus-wmi: try to set als by default
        - platform/x86: asus-nb-wmi: Support ALS on the Zenbook UX430UQ
        - platform/x86: asus-wmi: add SERIO_I8042 dependency
        - mwifiex: Fix NL80211_TX_POWER_LIMITED
        - ALSA: isight: fix leak of reference to firewire unit in error path of .probe
          callback
        - printk: fix integer overflow in setup_log_buf()
        - gfs2: Fix marking bitmaps non-full
        - synclink_gt(): fix compat_ioctl()
        - powerpc: Fix signedness bug in update_flash_db()
        - powerpc/eeh: Fix use of EEH_PE_KEEP on wrong field
        - brcmsmac: AP mode: update beacon when TIM changes
        - spi: sh-msiof: fix deferred probing
        - mmc: mediatek: fix cannot receive new request when msdc_cmd_is_ready fail
        - btrfs: handle error of get_old_root
        - gsmi: Fix bug in append_to_eventlog sysfs handler
        - misc: mic: fix a DMA pool free failure
        - amiflop: clean up on errors during setup
        - scsi: ips: fix missing break in switch
        - KVM/x86: Fix invvpid and invept register operand size in 64-bit mode
        - scsi: isci: Use proper enumerated type in atapi_d2h_reg_frame_handler
        - scsi: isci: Change sci_controller_start_task's return type to sci_status
        - scsi: iscsi_tcp: Explicitly cast param in iscsi_sw_tcp_host_get_param
        - clk: mmp2: fix the clock id for sdh2_clk and sdh3_clk
        - scsi: dc395x: fix dma API usage in srb_done
        - scsi: dc395x: fix DMA API usage in sg_update_list
        - net: fix warning in af_unix
        - kprobes, x86/ptrace.h: Make regs_get_kernel_stack_nth() not fault on bad
          stack
        - ALSA: i2c/cs8427: Fix int to char conversion
        - macintosh/windfarm_smu_sat: Fix debug output
        - USB: misc: appledisplay: fix backlight update_status return code
        - SUNRPC: Fix a compile warning for cmpxchg64()
        - atm: zatm: Fix empty body Clang warnings
        - s390/perf: Return error when debug_register fails
        - spi: omap2-mcspi: Set FIFO DMA trigger level to word length
        - sparc: Fix parport build warnings.
        - ceph: fix dentry leak in ceph_readdir_prepopulate
        - rtc: s35390a: Change buf's type to u8 in s35390a_init
        - mISDN: Fix type of switch control variable in ctrl_teimanager
        - qlcnic: fix a return in qlcnic_dcb_get_capability()
        - mfd: mc13xxx-core: Fix PMIC shutdown when reading ADC values
        - mfd: max8997: Enale irq-wakeup unconditionally
        - selftests/ftrace: Fix to test kprobe $comm arg only if available
        - thermal: rcar_thermal: Prevent hardware access during system suspend
        - sparc64: Rework xchg() definition to avoid warnings.
        - fs/ocfs2/dlm/dlmdebug.c: fix a sleep-in-atomic-context bug in
          dlm_print_one_mle()
        - mm/page-writeback.c: fix range_cyclic writeback vs writepages deadlock
        - um: Make line/tty semantics use true write IRQ
        - linux/bitmap.h: handle constant zero-size bitmaps correctly
        - linux/bitmap.h: fix type of nbits in bitmap_shift_right()
        - hfsplus: fix BUG on bnode parent update
        - hfs: fix BUG on bnode parent update
        - hfsplus: prevent btree data loss on ENOSPC
        - hfs: prevent btree data loss on ENOSPC
        - hfsplus: fix return value of hfsplus_get_block()
        - hfs: fix return value of hfs_get_block()
        - fs/hfs/extent.c: fix array out of bounds read of array extent
        - igb: shorten maximum PHC timecounter update interval
        - ntb_netdev: fix sleep time mismatch
        - ntb: intel: fix return value for ndev_vec_mask()
        - ocfs2: don't put and assigning null to bh allocated outside
        - ocfs2: fix clusters leak in ocfs2_defrag_extent()
        - net: do not abort bulk send on BQL status
        - sched/fair: Don't increase sd->balance_interval on newidle balance
        - audit: print empty EXECVE args
        - wlcore: Fix the return value in case of error in
          'wlcore_vendor_cmd_smart_config_start()'
        - rtl8xxxu: Fix missing break in switch
        - brcmsmac: never log "tid x is not agg'able" by default
        - wireless: airo: potential buffer overflow in sprintf()
        - rtlwifi: rtl8192de: Fix misleading REG_MCUFWDL information
        - scsi: mpt3sas: Fix Sync cache command failure during driver unload
        - scsi: mpt3sas: Fix driver modifying persistent data in Manufacturing page11
        - scsi: megaraid_sas: Fix msleep granularity
        - scsi: lpfc: fcoe: Fix link down issue after 1000+ link bounces
        - dlm: fix invalid free
        - dlm: don't leak kernel pointer to userspace
        - net: bcmgenet: return correct value 'ret' from bcmgenet_power_down
        - sock: Reset dst when changing sk_mark via setsockopt
        - pinctrl: qcom: spmi-gpio: fix gpio-hog related boot issues
        - pinctrl: zynq: Use define directive for PIN_CONFIG_IO_STANDARD
        - PCI: keystone: Use quirk to limit MRRS for K2G
        - spi: omap2-mcspi: Fix DMA and FIFO event trigger size mismatch
        - IB/hfi1: Ensure full Gen3 speed in a Gen4 system
        - Bluetooth: Fix invalid-free in bcsp_close()
        - ath9k_hw: fix uninitialized variable data
        - dm: use blk_set_queue_dying() in __dm_destroy()
        - arm64: fix for bad_mode() handler to always result in panic
        - cpufreq: Skip cpufreq resume if it's not suspended
        - ocfs2: remove ocfs2_is_o2cb_active()
        - mmc: block: Fix tag condition with packed writes
        - ARC: perf: Accommodate big-endian CPU
        - x86/insn: Fix awk regexp warnings
        - x86/speculation: Fix incorrect MDS/TAA mitigation status
        - x86/speculation: Fix redundant MDS mitigation message
        - media: vivid: Set vid_cap_streaming and vid_out_streaming to true
        - media: vivid: Fix wrong locking that causes race conditions on streaming
          stop
        - cpufreq: Add NULL checks to show() and store() methods of cpufreq
        - media: b2c2-flexcop-usb: add sanity checking
        - media: cxusb: detect cxusb_ctrl_msg error in query
        - media: imon: invalid dereference in imon_touch_event
        - virtio_console: reset on out of memory
        - virtio_console: don't tie bufs to a vq
        - virtio_console: allocate inbufs in add_port() only if it is needed
        - virtio_console: fix uninitialized variable use
        - virtio_console: drop custom control queue cleanup
        - virtio_console: move removal code
        - usb-serial: cp201x: support Mark-10 digital force gauge
        - appledisplay: fix error handling in the scheduled work
        - USB: serial: mos7840: add USB ID to support Moxa UPort 2210
        - USB: serial: mos7720: fix remote wakeup
        - USB: serial: mos7840: fix remote wakeup
        - USB: serial: option: add support for DW5821e with eSIM support
        - USB: serial: option: add support for Foxconn T77W968 LTE modules
        - staging: comedi: usbduxfast: usbduxfast_ai_cmdtest rounding error
        - Linux 4.4.204
    
     -- Connor Kuehl <email address hidden>  Wed, 08 Jan 2020 09:26:38 -0800
  • linux (4.4.0-171.200) xenial; urgency=medium
    
      * xenial/linux: 4.4.0-171.200 -proposed tracker (LP: #1854835)
    
      * CVE-2019-14901
        - SAUCE: mwifiex: Fix heap overflow in mmwifiex_process_tdls_action_frame()
    
      * CVE-2019-14896 // CVE-2019-14897
        - SAUCE: libertas: Fix two buffer overflows at parsing bss descriptor
    
      * CVE-2019-14895
        - SAUCE: mwifiex: fix possible heap overflow in mwifiex_process_country_ie()
    
      * CVE-2019-18660: patches for Ubuntu (LP: #1853142) // CVE-2019-18660
        - powerpc/64s: support nospectre_v2 cmdline option
        - powerpc/book3s64: Fix link stack flush on context switch
        - KVM: PPC: Book3S HV: Flush link stack on guest exit to host kernel
    
      * cloudimg: no iavf/i40evf module so no network available with SR-IOV enabled
        cloud (LP: #1848481)
        - [Packaging]: include i40evf in generic
    
      * update ENA driver for DIMLIB dynamic interrupt moderation (LP: #1853180)
        - net: ena: fix bug that might cause hang after consecutive open/close
          interface.
        - net: ena: add intr_moder_rx_interval to struct ena_com_dev and use it
        - net: ena: switch to dim algorithm for rx adaptive interrupt moderation
        - net: ena: reimplement set/get_coalesce()
        - net: ena: enable the interrupt_moderation in driver_supported_features
        - net: ena: remove code duplication in
          ena_com_update_nonadaptive_moderation_interval _*()
        - net: ena: remove old adaptive interrupt moderation code from ena_netdev
        - net: ena: remove ena_restore_ethtool_params() and relevant fields
        - net: ena: remove all old adaptive rx interrupt moderation code from ena_com
        - net: ena: fix update of interrupt moderation register
        - net: ena: fix retrieval of nonadaptive interrupt moderation intervals
        - net: ena: fix incorrect update of intr_delay_resolution
        - net: ena: Select DIMLIB for ENA_ETHERNET
        - SAUCE: net: ena: fix issues in setting interrupt moderation params in
          ethtool
        - SAUCE: net: ena: fix too long default tx interrupt moderation interval
    
      * backport DIMLIB (lib/dim/) to pre-5.2 kernels (LP: #1852637)
        - include/linux/bitops.h: introduce BITS_PER_TYPE
        - linux/kernel.h: move DIV_ROUND_DOWN_ULL() macro
        - [Config] enable DIMLIB
        - linux/dim: import DIMLIB (lib/dim/)
        - SAUCE: linux/dim: avoid library object filename clash
    
      * Enable framebuffer fonts auto selection for HighDPI screen (LP: #1851623)
        - fonts: Fix coding style
        - fonts: Prefer a bigger font for high resolution screens
    
      * Xenial update: 4.4.203 upstream stable release (LP: #1853881)
        - slip: Fix memory leak in slip_open error path
        - ax88172a: fix information leak on short answers
        - ALSA: usb-audio: Fix missing error check at mixer resolution test
        - ALSA: usb-audio: not submit urb for stopped endpoint
        - Input: ff-memless - kill timer in destroy()
        - ecryptfs_lookup_interpose(): lower_dentry->d_inode is not stable
        - ecryptfs_lookup_interpose(): lower_dentry->d_parent is not stable either
        - iommu/vt-d: Fix QI_DEV_IOTLB_PFSID and QI_DEV_EIOTLB_PFSID macros
        - mm: memcg: switch to css_tryget() in get_mem_cgroup_from_mm()
        - mm: hugetlb: switch to css_tryget() in hugetlb_cgroup_charge_cgroup()
        - mmc: sdhci-of-at91: fix quirk2 overwrite
        - iio: dac: mcp4922: fix error handling in mcp4922_write_raw
        - ALSA: pcm: signedness bug in snd_pcm_plug_alloc()
        - ARM: dts: at91/trivial: Fix USART1 definition for at91sam9g45
        - ALSA: seq: Do error checks at creating system ports
        - gfs2: Don't set GFS2_RDF_UPTODATE when the lvb is updated
        - ASoC: dpcm: Properly initialise hw->rate_max
        - MIPS: BCM47XX: Enable USB power on Netgear WNDR3400v3
        - ARM: dts: exynos: Fix sound in Snow-rev5 Chromebook
        - i40e: use correct length for strncpy
        - i40e: hold the rtnl lock on clearing interrupt scheme
        - i40e: Prevent deleting MAC address from VF when set by PF
        - ARM: dts: pxa: fix power i2c base address
        - rtl8187: Fix warning generated when strncpy() destination length matches the
          sixe argument
        - net: lan78xx: Bail out if lan78xx_get_endpoints fails
        - ASoC: sgtl5000: avoid division by zero if lo_vag is zero
        - ath10k: wmi: disable softirq's while calling ieee80211_rx
        - mips: txx9: fix iounmap related issue
        - of: make PowerMac cache node search conditional on CONFIG_PPC_PMAC
        - ARM: dts: omap3-gta04: give spi_lcd node a label so that we can overwrite in
          other DTS files
        - ARM: dts: omap3-gta04: tvout: enable as display1 alias
        - ARM: dts: omap3-gta04: make NAND partitions compatible with recent U-Boot
        - ARM: dts: omap3-gta04: keep vpll2 always on
        - dmaengine: dma-jz4780: Further residue status fix
        - signal: Always ignore SIGKILL and SIGSTOP sent to the global init
        - signal: Properly deliver SIGILL from uprobes
        - signal: Properly deliver SIGSEGV from x86 uprobes
        - scsi: sym53c8xx: fix NULL pointer dereference panic in sym_int_sir()
        - ARM: imx6: register pm_power_off handler if "fsl,pmic-stby-poweroff" is set
        - scsi: pm80xx: Corrected dma_unmap_sg() parameter
        - scsi: pm80xx: Fixed system hang issue during kexec boot
        - kprobes: Don't call BUG_ON() if there is a kprobe in use on free list
        - nvmem: core: return error code instead of NULL from nvmem_device_get
        - media: fix: media: pci: meye: validate offset to avoid arbitrary access
        - ALSA: intel8x0m: Register irq handler after register initializations
        - pinctrl: at91-pio4: fix has_config check in atmel_pctl_dt_subnode_to_map()
        - llc: avoid blocking in llc_sap_close()
        - powerpc/vdso: Correct call frame information
        - ARM: dts: socfpga: Fix I2C bus unit-address error
        - pinctrl: at91: don't use the same irqchip with multiple gpiochips
        - cxgb4: Fix endianness issue in t4_fwcache()
        - power: supply: ab8500_fg: silence uninitialized variable warnings
        - power: supply: max8998-charger: Fix platform data retrieval
        - kernfs: Fix range checks in kernfs_get_target_path
        - s390/qeth: invoke softirqs after napi_schedule()
        - PCI/ACPI: Correct error message for ASPM disabling
        - serial: mxs-auart: Fix potential infinite loop
        - powerpc/iommu: Avoid derefence before pointer check
        - powerpc/64s/hash: Fix stab_rr off by one initialization
        - powerpc/pseries: Disable CPU hotplug across migrations
        - libfdt: Ensure INT_MAX is defined in libfdt_env.h
        - power: supply: twl4030_charger: fix charging current out-of-bounds
        - power: supply: twl4030_charger: disable eoc interrupt on linear charge
        - net: toshiba: fix return type of ndo_start_xmit function
        - net: xilinx: fix return type of ndo_start_xmit function
        - net: broadcom: fix return type of ndo_start_xmit function
        - net: amd: fix return type of ndo_start_xmit function
        - usb: chipidea: Fix otg event handler
        - ARM: dts: am335x-evm: fix number of cpsw
        - ARM: dts: ux500: Correct SCU unit address
        - ARM: dts: ux500: Fix LCDA clock line muxing
        - ARM: dts: ste: Fix SPI controller node names
        - cpufeature: avoid warning when compiling with clang
        - bnx2x: Ignore bandwidth attention in single function mode
        - net: micrel: fix return type of ndo_start_xmit function
        - x86/CPU: Use correct macros for Cyrix calls
        - MIPS: kexec: Relax memory restriction
        - media: pci: ivtv: Fix a sleep-in-atomic-context bug in ivtv_yuv_init()
        - media: davinci: Fix implicit enum conversion warning
        - usb: gadget: uvc: configfs: Drop leaked references to config items
        - usb: gadget: uvc: configfs: Prevent format changes after linking header
        - usb: gadget: uvc: Factor out video USB request queueing
        - usb: gadget: uvc: Only halt video streaming endpoint in bulk mode
        - misc: kgdbts: Fix restrict error
        - misc: genwqe: should return proper error value.
        - vfio/pci: Fix potential memory leak in vfio_msi_cap_len
        - scsi: libsas: always unregister the old device if going to discover new
        - ARM: dts: tegra30: fix xcvr-setup-use-fuses
        - ARM: tegra: apalis_t30: fix mmc1 cmd pull-up
        - net: smsc: fix return type of ndo_start_xmit function
        - EDAC: Raise the maximum number of memory controllers
        - Bluetooth: L2CAP: Detect if remote is not able to use the whole MPS
        - arm64: dts: amd: Fix SPI bus warnings
        - fuse: use READ_ONCE on congestion_threshold and max_background
        - Bluetooth: hci_ldisc: Fix null pointer derefence in case of early data
        - Bluetooth: hci_ldisc: Postpone HCI_UART_PROTO_READY bit set in
          hci_uart_set_proto()
        - memfd: Use radix_tree_deref_slot_protected to avoid the warning.
        - slcan: Fix memory leak in error path
        - net: cdc_ncm: Signedness bug in cdc_ncm_set_dgram_size()
        - x86/atomic: Fix smp_mb__{before,after}_atomic()
        - kprobes/x86: Prohibit probing on exception masking instructions
        - uprobes/x86: Prohibit probing on MOV SS instruction
        - [Config] Remove unused SH-Mobile HDMI driver
        - fbdev: Remove unused SH-Mobile HDMI driver
        - fbdev: Ditch fb_edid_add_monspecs
        - block: introduce blk_rq_is_passthrough
        - libata: have ata_scsi_rw_xlat() fail invalid passthrough requests
        - net: ovs: fix return type of ndo_start_xmit function
        - f2fs: return correct errno in f2fs_gc
        - SUNRPC: Fix priority queue fairness
        - ath10k: fix vdev-start timeout on error
        - ath9k: fix reporting calculated new FFT upper max
        - usb: gadget: udc: fotg210-udc: Fix a sleep-in-atomic-context bug in
          fotg210_get_status()
        - nl80211: Fix a GET_KEY reply attribute
        - dmaengine: ep93xx: Return proper enum in ep93xx_dma_chan_direction
        - dmaengine: timb_dma: Use proper enum in td_prep_slave_sg
        - mei: samples: fix a signedness bug in amt_host_if_call()
        - cxgb4: Use proper enum in cxgb4_dcb_handle_fw_update
        - cxgb4: Use proper enum in IEEE_FAUX_SYNC
        - powerpc/pseries: Fix DTL buffer registration
        - powerpc/pseries: Fix how we iterate over the DTL entries
        - mtd: rawnand: sh_flctl: Use proper enum for flctl_dma_fifo0_transfer
        - ixgbe: Fix crash with VFs and flow director on interface flap
        - IB/mthca: Fix error return code in __mthca_init_one()
        - ata: ep93xx: Use proper enums for directions
        - ALSA: hda/sigmatel - Disable automute for Elo VuPoint
        - KVM: PPC: Book3S PR: Exiting split hack mode needs to fixup both PC and LR
        - USB: serial: cypress_m8: fix interrupt-out transfer length
        - mtd: physmap_of: Release resources on error
        - brcmfmac: fix full timeout waiting for action frame on-channel tx
        - NFSv4.x: fix lock recovery during delegation recall
        - dmaengine: ioat: fix prototype of ioat_enumerate_channels
        - Input: st1232 - set INPUT_PROP_DIRECT property
        - x86/olpc: Fix build error with CONFIG_MFD_CS5535=m
        - crypto: mxs-dcp - Fix SHA null hashes and output length
        - crypto: mxs-dcp - Fix AES issues
        - ACPI / SBS: Fix rare oops when removing modules
        - fbdev: sbuslib: use checked version of put_user()
        - fbdev: sbuslib: integer overflow in sbusfb_ioctl_helper()
        - bcache: recal cached_dev_sectors on detach
        - proc/vmcore: Fix i386 build error of missing copy_oldmem_page_encrypted()
        - backlight: lm3639: Unconditionally call led_classdev_unregister
        - printk: Give error on attempt to set log buffer length to over 2G
        - media: isif: fix a NULL pointer dereference bug
        - GFS2: Flush the GFS2 delete workqueue before stopping the kernel threads
        - media: cx231xx: fix potential sign-extension overflow on large shift
        - x86/kexec: Correct KEXEC_BACKUP_SRC_END off-by-one error
        - gpio: syscon: Fix possible NULL ptr usage
        - spi: spidev: Fix OF tree warning logic
        - ARM: 8802/1: Call syscall_trace_exit even when system call skipped
        - hwmon: (pwm-fan) Silence error on probe deferral
        - mac80211: minstrel: fix CCK rate group streams value
        - spi: rockchip: initialize dma_slave_config properly
        - arm64: uaccess: Ensure PAN is re-enabled after unhandled uaccess fault
        - Linux 4.4.203
    
      * Xenial update: 4.4.202 upstream stable release (LP: #1853177)
        - kvm: mmu: Don't read PDPTEs when paging is not enabled
        - MIPS: BCM63XX: fix switch core reset on BCM6368
        - powerpc/Makefile: Use cflags-y/aflags-y for setting endian options
        - powerpc: Fix compiling a BE kernel with a powerpc64le toolchain
        - powerpc/boot: Request no dynamic linker for boot wrapper
        - x86/speculation/taa: Fix printing of TAA_MSG_SMT on IBRS_ALL CPUs
        - Linux 4.4.202
    
      * Xenial update: 4.4.201 upstream stable release (LP: #1852335)
        - CDC-NCM: handle incomplete transfer of MTU
        - net: fix data-race in neigh_event_send()
        - NFC: fdp: fix incorrect free object
        - NFC: st21nfca: fix double free
        - qede: fix NULL pointer deref in __qede_remove()
        - nfc: netlink: fix double device reference drop
        - ALSA: bebob: fix to detect configured source of sampling clock for Focusrite
          Saffire Pro i/o series
        - ALSA: hda/ca0132 - Fix possible workqueue stall
        - mm, vmstat: hide /proc/pagetypeinfo from normal users
        - dump_stack: avoid the livelock of the dump_lock
        - perf tools: Fix time sorting
        - drm/radeon: fix si_enable_smc_cac() failed issue
        - ceph: fix use-after-free in __ceph_remove_cap()
        - iio: imu: adis16480: make sure provided frequency is positive
        - netfilter: nf_tables: Align nft_expr private data to 64-bit
        - netfilter: ipset: Fix an error code in ip_set_sockfn_get()
        - can: usb_8dev: fix use-after-free on disconnect
        - can: c_can: c_can_poll(): only read status register after status IRQ
        - can: peak_usb: fix a potential out-of-sync while decoding packets
        - can: gs_usb: gs_can_open(): prevent memory leak
        - can: peak_usb: fix slab info leak
        - drivers: usb: usbip: Add missing break statement to switch
        - configfs: fix a deadlock in configfs_symlink()
        - PCI: tegra: Enable Relaxed Ordering only for Tegra20 & Tegra30
        - scsi: qla2xxx: fixup incorrect usage of host_byte
        - scsi: lpfc: Honor module parameter lpfc_use_adisc
        - ipvs: move old_secure_tcp into struct netns_ipvs
        - bonding: fix unexpected IFF_BONDING bit unset
        - usb: fsl: Check memory resource before releasing it
        - usb: gadget: udc: atmel: Fix interrupt storm in FIFO mode.
        - usb: gadget: composite: Fix possible double free memory bug
        - usb: gadget: configfs: fix concurrent issue between composite APIs
        - perf/x86/amd/ibs: Fix reading of the IBS OpData register and thus precise
          RIP validity
        - USB: Skip endpoints with 0 maxpacket length
        - scsi: qla2xxx: stop timer in shutdown path
        - net: hisilicon: Fix "Trying to free already-free IRQ"
        - NFSv4: Don't allow a cached open with a revoked delegation
        - igb: Fix constant media auto sense switching when no cable is connected
        - e1000: fix memory leaks
        - can: flexcan: disable completely the ECC mechanism
        - mm/filemap.c: don't initiate writeback if mapping has no dirty pages
        - cgroup,writeback: don't switch wbs immediately on dead wbs if the memcg is
          dead
        - net: prevent load/store tearing on sk->sk_stamp
        - Linux 4.4.201
    
     -- Kleber Sacilotto de Souza <email address hidden>  Tue, 03 Dec 2019 11:20:54 +0100
  • linux (4.4.0-170.199) xenial; urgency=medium
    
      * xenial/linux: 4.4.0-170.199 -proposed tracker (LP: #1852306)
    
      * update ENA driver to version 2.1.0 (LP: #1850175)
        - net: ena: fix: set freed objects to NULL to avoid failing future allocations
        - net: ena: fix swapped parameters when calling
          ena_com_indirect_table_fill_entry
        - net: ena: fix: Free napi resources when ena_up() fails
        - net: ena: fix incorrect test of supported hash function
        - net: ena: fix return value of ena_com_config_llq_info()
        - net: ena: improve latency by disabling adaptive interrupt moderation by
          default
        - net: ena: fix ena_com_fill_hash_function() implementation
        - net: ena: add handling of llq max tx burst size
        - net: ena: ethtool: add extra properties retrieval via get_priv_flags
        - net: ena: replace free_tx/rx_ids union with single free_ids field in
          ena_ring
        - net: ena: arrange ena_probe() function variables in reverse christmas tree
        - net: ena: add newline at the end of pr_err prints
        - net: ena: allow automatic fallback to polling mode
        - net: ena: add support for changing max_header_size in LLQ mode
        - net: ena: optimise calculations for CQ doorbell
        - net: ena: add good checksum counter
        - net: ena: use dev_info_once instead of static variable
        - net: ena: add MAX_QUEUES_EXT get feature admin command
        - net: ena: enable negotiating larger Rx ring size
        - net: ena: make ethtool show correct current and max queue sizes
        - net: ena: allow queue allocation backoff when low on memory
        - net: ena: add ethtool function for changing io queue sizes
        - net: ena: remove inline keyword from functions in *.c
        - net: ena: update driver version from 2.0.3 to 2.1.0
        - net: ena: Fix bug where ring allocation backoff stopped too late
        - Revert "net: ena: ethtool: add extra properties retrieval via
          get_priv_flags"
        - net: ena: don't wake up tx queue when down
        - net: ena: clean up indentation issue
    
      * Bionic update: upstream stable patchset 2019-08-01 (LP: #1838700) // update
        ENA driver to version 2.1.0 (LP: #1850175)
        - net: ena: gcc 8: fix compilation warning
    
      * Skip frame when buffer overflow on UVC camera (LP: #1849871)
        - media: uvcvideo: Mark buffer error where overflow
    
      * CVE-2018-20784
        - sched/fair: Fix infinite loop in update_blocked_averages() by reverting
          a9e7f6544b9c
        - sched/fair: Fix hierarchical order in rq->leaf_cfs_rq_list
        - sched/fair: Add tmp_alone_branch assertion
        - sched/fair: Fix insertion in rq->leaf_cfs_rq_list
        - sched/fair: Optimize update_blocked_averages()
        - sched/fair: Fix O(nr_cgroups) in the load balancing path
    
      * Xenial update: 4.4.200 upstream stable release (LP: #1852110)
        - kbuild: add -fcf-protection=none when using retpoline flags
        - regulator: ti-abb: Fix timeout in ti_abb_wait_txdone/ti_abb_clear_all_txdone
        - regulator: pfuze100-regulator: Variable "val" in pfuze100_regulator_probe()
          could be uninitialized
        - ASoc: rockchip: i2s: Fix RPM imbalance
        - ARM: dts: logicpd-torpedo-som: Remove twl_keypad
        - ARM: mm: fix alignment handler faults under memory pressure
        - scsi: sni_53c710: fix compilation error
        - scsi: fix kconfig dependency warning related to 53C700_LE_ON_BE
        - perf kmem: Fix memory leak in compact_gfp_flags()
        - scsi: target: core: Do not overwrite CDB byte 1
        - of: unittest: fix memory leak in unittest_data_add
        - MIPS: bmips: mark exception vectors as char arrays
        - cifs: Fix cifsInodeInfo lock_sem deadlock when reconnect occurs
        - dccp: do not leak jiffies on the wire
        - net: fix sk_page_frag() recursion from memory reclaim
        - net: hisilicon: Fix ping latency when deal with high throughput
        - SAUCE: Revert "net: Zeroing the structure ethtool_wolinfo in
          ethtool_get_wol()"
        - net: Zeroing the structure ethtool_wolinfo in ethtool_get_wol()
        - net: add READ_ONCE() annotation in __skb_wait_for_more_packets()
        - vxlan: check tun_info options_len properly
        - net/mlx4_core: Dynamically set guaranteed amount of counters per VF
        - inet: stop leaking jiffies on the wire
        - net/flow_dissector: switch to siphash
        - dmaengine: qcom: bam_dma: Fix resource leak
        - ARM: 8051/1: put_user: fix possible data corruption in put_user
        - ARM: 8478/2: arm/arm64: add arm-smccc
        - ARM: 8479/2: add implementation for arm-smccc
        - ARM: 8480/2: arm64: add implementation for arm-smccc
        - ARM: 8481/2: drivers: psci: replace psci firmware calls
        - ARM: uaccess: remove put_user() code duplication
        - ARM: Move system register accessors to asm/cp15.h
        - arm/arm64: KVM: Advertise SMCCC v1.1
        - arm64: KVM: Report SMCCC_ARCH_WORKAROUND_1 BP hardening support
        - firmware/psci: Expose PSCI conduit
        - firmware/psci: Expose SMCCC version through psci_ops
        - arm/arm64: smccc: Make function identifiers an unsigned quantity
        - arm/arm64: smccc: Implement SMCCC v1.1 inline primitive
        - arm/arm64: smccc: Add SMCCC-specific return codes
        - arm/arm64: smccc-1.1: Make return values unsigned long
        - arm/arm64: smccc-1.1: Handle function result as parameters
        - ARM: add more CPU part numbers for Cortex and Brahma B15 CPUs
        - ARM: bugs: prepare processor bug infrastructure
        - ARM: bugs: hook processor bug checking into SMP and suspend paths
        - ARM: bugs: add support for per-processor bug checking
        - ARM: spectre: add Kconfig symbol for CPUs vulnerable to Spectre
        - ARM: spectre-v2: harden branch predictor on context switches
        - ARM: spectre-v2: add Cortex A8 and A15 validation of the IBE bit
        - ARM: spectre-v2: harden user aborts in kernel space
        - ARM: spectre-v2: add firmware based hardening
        - ARM: spectre-v2: warn about incorrect context switching functions
        - ARM: spectre-v1: add speculation barrier (csdb) macros
        - ARM: spectre-v1: add array_index_mask_nospec() implementation
        - ARM: spectre-v1: fix syscall entry
        - ARM: signal: copy registers using __copy_from_user()
        - ARM: vfp: use __copy_from_user() when restoring VFP state
        - ARM: oabi-compat: copy semops using __copy_from_user()
        - ARM: use __inttype() in get_user()
        - ARM: spectre-v1: use get_user() for __get_user()
        - ARM: spectre-v1: mitigate user accesses
        - ARM: 8789/1: signal: copy registers using __copy_to_user()
        - ARM: 8791/1: vfp: use __copy_to_user() when saving VFP state
        - ARM: 8792/1: oabi-compat: copy oabi events using __copy_to_user()
        - ARM: 8793/1: signal: replace __put_user_error with __put_user
        - ARM: 8794/1: uaccess: Prevent speculative use of the current addr_limit
        - ARM: 8795/1: spectre-v1.1: use put_user() for __put_user()
        - ARM: 8796/1: spectre-v1,v1.1: provide helpers for address sanitization
        - ARM: 8810/1: vfp: Fix wrong assignement to ufp_exc
        - ARM: make lookup_processor_type() non-__init
        - ARM: split out processor lookup
        - ARM: clean up per-processor check_bugs method call
        - ARM: add PROC_VTABLE and PROC_TABLE macros
        - ARM: spectre-v2: per-CPU vtables to work around big.Little systems
        - ARM: ensure that processor vtables is not lost after boot
        - ARM: fix the cockup in the previous patch
        - alarmtimer: Change remaining ENOTSUPP to EOPNOTSUPP
        - fs/dcache: move security_d_instantiate() behind attaching dentry to inode
        - Linux 4.4.200
        - updateconfigs for Linux v4.4.200
    
      * Xenial update: 4.4.199 upstream stable release (LP: #1851549)
        - dm snapshot: use mutex instead of rw_semaphore
        - dm snapshot: introduce account_start_copy() and account_end_copy()
        - dm snapshot: rework COW throttling to fix deadlock
        - dm: Use kzalloc for all structs with embedded biosets/mempools
        - sc16is7xx: Fix for "Unexpected interrupt: 8"
        - x86/cpu: Add Atom Tremont (Jacobsville)
        - scripts/setlocalversion: Improve -dirty check with git-status --no-optional-
          locks
        - usb: handle warm-reset port requests on hub resume
        - exec: load_script: Do not exec truncated interpreter path
        - iio: fix center temperature of bmc150-accel-core
        - perf map: Fix overlapped map handling
        - RDMA/iwcm: Fix a lock inversion issue
        - fs: cifs: mute -Wunused-const-variable message
        - serial: mctrl_gpio: Check for NULL pointer
        - efi/cper: Fix endianness of PCIe class code
        - efi/x86: Do not clean dummy variable in kexec path
        - fs: ocfs2: fix possible null-pointer dereferences in
          ocfs2_xa_prepare_entry()
        - fs: ocfs2: fix a possible null-pointer dereference in
          ocfs2_info_scan_inode_alloc()
        - MIPS: fw: sni: Fix out of bounds init of o32 stack
        - NFSv4: Fix leak of clp->cl_acceptor string
        - tracing: Initialize iter->seq after zeroing in tracing_read_pipe()
        - USB: legousbtower: fix a signedness bug in tower_probe()
        - thunderbolt: Use 32-bit writes when writing ring producer/consumer
        - fuse: flush dirty data/metadata before non-truncate setattr
        - fuse: truncate pending writes on O_TRUNC
        - ALSA: bebob: Fix prototype of helper function to return negative value
        - UAS: Revert commit 3ae62a42090f ("UAS: fix alignment of scatter/gather
          segments")
        - USB: gadget: Reject endpoints with 0 maxpacket value
        - USB: ldusb: fix ring-buffer locking
        - USB: ldusb: fix control-message timeout
        - USB: serial: whiteheat: fix potential slab corruption
        - USB: serial: whiteheat: fix line-speed endianness
        - HID: Fix assumption that devices have inputs
        - HID: fix error message in hid_open_report()
        - nl80211: fix validation of mesh path nexthop
        - s390/cmm: fix information leak in cmm_timeout_handler()
        - llc: fix sk_buff leak in llc_sap_state_process()
        - llc: fix sk_buff leak in llc_conn_service()
        - bonding: fix potential NULL deref in bond_update_slave_arr
        - net: usb: sr9800: fix uninitialized local variable
        - sch_netem: fix rcu splat in netem_enqueue()
        - sctp: fix the issue that flags are ignored when using kernel_connect
        - sctp: not bind the socket in sctp_connect
        - xfs: Correctly invert xfs_buftarg LRU isolation logic
        - Revert "ALSA: hda: Flush interrupts on disabling"
        - Linux 4.4.199
    
      * libmbim-proxy using 100% CPU on a Dell Edge Gateway 3002 (LP: #1851347)
        - USB: cdc-wdm: ignore -EPIPE from GetEncapsulatedResponse
    
      * Xenial update: v4.4.198 upstream stable release (LP: #1850454)
        - scsi: ufs: skip shutdown if hba is not powered
        - scsi: megaraid: disable device when probe failed after enabled device
        - scsi: qla2xxx: Fix unbound sleep in fcport delete path.
        - ARM: OMAP2+: Fix missing reset done flag for am3 and am43
        - ARM: dts: am4372: Set memory bandwidth limit for DISPC
        - nl80211: fix null pointer dereference
        - mips: Loongson: Fix the link time qualifier of 'serial_exit()'
        - net: hisilicon: Fix usage of uninitialized variable in function
          mdio_sc_cfg_reg_write()
        - namespace: fix namespace.pl script to support relative paths
        - loop: Add LOOP_SET_DIRECT_IO to compat ioctl
        - net: bcmgenet: Fix RGMII_MODE_EN value for GENET v1/2/3
        - net: bcmgenet: Set phydev->dev_flags only for internal PHYs
        - sctp: change sctp_prot .no_autobind with true
        - net: avoid potential infinite loop in tc_ctl_action()
        - ipv4: Return -ENETUNREACH if we can't create route but saddr is valid
        - memfd: Fix locking when tagging pins
        - USB: legousbtower: fix memleak on disconnect
        - usb: udc: lpc32xx: fix bad bit shift operation
        - USB: serial: ti_usb_3410_5052: fix port-close races
        - USB: ldusb: fix memleak on disconnect
        - USB: usblp: fix use-after-free on disconnect
        - USB: ldusb: fix read info leaks
        - scsi: core: try to get module before removing device
        - ASoC: rsnd: Reinitialize bit clock inversion flag for every format setting
        - cfg80211: wext: avoid copying malformed SSIDs
        - mac80211: Reject malformed SSID elements
        - scsi: zfcp: fix reaction on bit error threshold notification
        - mm/slub: fix a deadlock in show_slab_objects()
        - xtensa: drop EXPORT_SYMBOL for outs*/ins*
        - parisc: Fix vmap memory leak in ioremap()/iounmap()
        - CIFS: avoid using MID 0xFFFF
        - btrfs: block-group: Fix a memory leak due to missing btrfs_put_block_group()
        - memstick: jmb38x_ms: Fix an error handling path in 'jmb38x_ms_probe()'
        - cpufreq: Avoid cpufreq_suspend() deadlock on system shutdown
        - xen/netback: fix error path of xenvif_connect_data()
        - PCI: PM: Fix pci_power_up()
        - net: sched: Fix memory exposure from short TCA_U32_SEL
        - RDMA/cxgb4: Do not dma memory off of the stack
        - Linux 4.4.198
    
      * Colour banding in Lenovo G50-80 laptop display (i915) (LP: #1819968) //
        Xenial update: v4.4.198 upstream stable release (LP: #1850454)
        - drm/edid: Add 6 bpc quirk for SDC panel in Lenovo G50
    
     -- Connor Kuehl <email address hidden>  Wed, 13 Nov 2019 11:18:48 -0800
  • linux (4.4.0-169.198) xenial; urgency=medium
    
      * Incomplete i915 fix for 64-bit x86 kernels (LP: #1852141) // CVE-2019-0155
        - SAUCE: drm/i915/cmdparser: Fix jump whitelist clearing
    
     -- Stefan Bader <email address hidden>  Tue, 12 Nov 2019 11:19:22 +0100
  • linux (4.4.0-168.197) xenial; urgency=medium
    
      * CVE-2018-12207
        - KVM: x86: MMU: Encapsulate the type of rmap-chain head in a new struct
        - KVM: x86: MMU: Consolidate quickly_check_mmio_pf() and is_mmio_page_fault()
        - KVM: x86: MMU: Move handle_mmio_page_fault() call to kvm_mmu_page_fault()
        - KVM: MMU: rename has_wrprotected_page to mmu_gfn_lpage_is_disallowed
        - KVM: MMU: introduce kvm_mmu_gfn_{allow,disallow}_lpage
        - KVM: x86: MMU: Make mmu_set_spte() return emulate value
        - KVM: x86: MMU: Move initialization of parent_ptes out from
          kvm_mmu_alloc_page()
        - KVM: x86: MMU: always set accessed bit in shadow PTEs
        - KVM: x86: MMU: Move parent_pte handling from kvm_mmu_get_page() to
          link_shadow_page()
        - KVM: x86: MMU: Remove unused parameter parent_pte from kvm_mmu_get_page()
        - KVM: x86: simplify ept_misconfig
        - KVM: x86: extend usage of RET_MMIO_PF_* constants
        - KVM: MMU: drop vcpu param in gpte_access
        - kvm: Convert kvm_lock to a mutex
        - kvm: x86: Do not release the page inside mmu_set_spte()
        - KVM: x86: make FNAME(fetch) and __direct_map more similar
        - KVM: x86: remove now unneeded hugepage gfn adjustment
        - KVM: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON
        - KVM: x86: add tracepoints around __direct_map and FNAME(fetch)
        - SAUCE: KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging is
          active
        - SAUCE: x86: Add ITLB_MULTIHIT bug infrastructure
        - SAUCE: kvm: mmu: ITLB_MULTIHIT mitigation
        - SAUCE: kvm: Add helper function for creating VM worker threads
        - SAUCE: kvm: x86: mmu: Recovery of shattered NX large pages
        - SAUCE: cpu/speculation: Uninline and export CPU mitigations helpers
        - SAUCE: kvm: x86: mmu: Apply global mitigations knob to ITLB_MULTIHIT
    
      * CVE-2019-11135
        - KVM: x86: Emulate MSR_IA32_ARCH_CAPABILITIES on AMD hosts
        - KVM: x86: use Intel speculation bugs and features as derived in generic x86
          code
        - x86/msr: Add the IA32_TSX_CTRL MSR
        - x86/cpu: Add a helper function x86_read_arch_cap_msr()
        - x86/cpu: Add a "tsx=" cmdline option with TSX disabled by default
        - x86/speculation/taa: Add mitigation for TSX Async Abort
        - x86/speculation/taa: Add sysfs reporting for TSX Async Abort
        - kvm/x86: Export MDS_NO=0 to guests when TSX is enabled
        - x86/tsx: Add "auto" option to the tsx= cmdline parameter
        - x86/speculation/taa: Add documentation for TSX Async Abort
        - x86/tsx: Add config options to set tsx=on|off|auto
        - SAUCE: x86/speculation/taa: Call tsx_init()
        - SAUCE: x86/cpu: Include cpu header from bugs.c
        - [Config] Disable TSX by default when possible
    
      * CVE-2019-0154
        - SAUCE: i915_bpo: drm/i915: Lower RM timeout to avoid DSI hard hangs
        - SAUCE: i915_bpo: drm/i915/gen8+: Add RC6 CTX corruption WA
        - SAUCE: drm/i915/gen8+: Add RC6 CTX corruption WA
    
      * CVE-2019-0155
        - SAUCE: i915_bpo: drm/i915/gtt: Add read only pages to gen8_pte_encode
        - SAUCE: i915_bpo: drm/i915/gtt: Read-only pages for insert_entries on bdw+
        - SAUCE: i915_bpo: drm/i915/gtt: Disable read-only support under GVT
        - SAUCE: i915_bpo: drm/i915: Rename gen7 cmdparser tables
        - SAUCE: i915_bpo: drm/i915: Disable Secure Batches for gen6+
        - SAUCE: i915_bpo: drm/i915/cmdparser: Use binary search for faster register
          lookup
        - SAUCE: i915_bpo: drm/i915/cmdparser: Check reg_table_count before
          derefencing.
        - SAUCE: i915_bpo: drm/i915: Remove Master tables from cmdparser
        - SAUCE: i915_bpo: drm/i915: Add support for mandatory cmdparsing
        - SAUCE: i915_bpo: drm/i915: Support ro ppgtt mapped cmdparser shadow buffers
        - SAUCE: i915_bpo: drm/i915: Allow parsing of unsized batches
        - SAUCE: i915_bpo: drm/i915: Add gen9 BCS cmdparsing
        - SAUCE: i915_bpo: drm/i915/cmdparser: Add support for backward jumps
        - SAUCE: i915_bpo: drm/i915/cmdparser: Ignore Length operands during command
          matching
    
    linux (4.4.0-167.196) xenial; urgency=medium
    
      * xenial/linux: 4.4.0-167.196 -proposed tracker (LP: #1849051)
    
      * Xenial update: 4.4.197 upstream stable release (LP: #1848780)
        - KVM: s390: Test for bad access register and size at the start of S390_MEM_OP
        - s390/topology: avoid firing events before kobjs are created
        - s390/cio: avoid calling strlen on null pointer
        - s390/cio: exclude subchannels with no parent from pseudo check
        - KVM: nVMX: handle page fault in vmread fix
        - ASoC: Define a set of DAPM pre/post-up events
        - powerpc/powernv: Restrict OPAL symbol map to only be readable by root
        - can: mcp251x: mcp251x_hw_reset(): allow more time after a reset
        - crypto: qat - Silence smp_processor_id() warning
        - ieee802154: atusb: fix use-after-free at disconnect
        - cfg80211: initialize on-stack chandefs
        - ima: always return negative code for error
        - fs: nfs: Fix possible null-pointer dereferences in encode_attrs()
        - 9p: avoid attaching writeback_fid on mmap with type PRIVATE
        - xen/pci: reserve MCFG areas earlier
        - ceph: fix directories inode i_blkbits initialization
        - drm/amdgpu: Check for valid number of registers to read
        - thermal: Fix use-after-free when unregistering thermal zone device
        - fuse: fix memleak in cuse_channel_open
        - kernel/elfcore.c: include proper prototypes
        - tools lib traceevent: Do not free tep->cmdlines in add_new_comm() on failure
        - perf stat: Fix a segmentation fault when using repeat forever
        - crypto: caam - fix concurrency issue in givencrypt descriptor
        - cfg80211: add and use strongly typed element iteration macros
        - cfg80211: Use const more consistently in for_each_element macros
        - nl80211: validate beacon head
        - ASoC: sgtl5000: Improve VAG power and mute control
        - panic: ensure preemption is disabled during panic()
        - [Config] updateconfigs for USB_RIO500
        - USB: rio500: Remove Rio 500 kernel driver
        - USB: yurex: Don't retry on unexpected errors
        - USB: yurex: fix NULL-derefs on disconnect
        - USB: usb-skeleton: fix runtime PM after driver unbind
        - USB: usb-skeleton: fix NULL-deref on disconnect
        - xhci: Prevent device initiated U1/U2 link pm if exit latency is too long
        - xhci: Check all endpoints for LPM timeout
        - usb: xhci: wait for CNR controller not ready bit in xhci resume
        - USB: adutux: remove redundant variable minor
        - USB: adutux: fix use-after-free on disconnect
        - USB: adutux: fix NULL-derefs on disconnect
        - USB: adutux: fix use-after-free on release
        - USB: iowarrior: fix use-after-free on disconnect
        - USB: iowarrior: fix use-after-free on release
        - USB: iowarrior: fix use-after-free after driver unbind
        - USB: usblp: fix runtime PM after driver unbind
        - USB: chaoskey: fix use-after-free on release
        - USB: ldusb: fix NULL-derefs on driver unbind
        - serial: uartlite: fix exit path null pointer
        - USB: serial: keyspan: fix NULL-derefs on open() and write()
        - USB: serial: ftdi_sio: add device IDs for Sienna and Echelon PL-20
        - USB: serial: option: add Telit FN980 compositions
        - USB: serial: option: add support for Cinterion CLS8 devices
        - USB: serial: fix runtime PM after driver unbind
        - USB: usblcd: fix I/O after disconnect
        - USB: microtek: fix info-leak at probe
        - USB: dummy-hcd: fix power budget for SuperSpeed mode
        - usb: renesas_usbhs: gadget: Do not discard queues in
          usb_ep_set_{halt,wedge}()
        - usb: renesas_usbhs: gadget: Fix usb_ep_set_{halt,wedge}() behavior
        - USB: legousbtower: fix slab info leak at probe
        - USB: legousbtower: fix deadlock on disconnect
        - USB: legousbtower: fix potential NULL-deref on disconnect
        - USB: legousbtower: fix open after failed reset request
        - USB: legousbtower: fix use-after-free on release
        - staging: vt6655: Fix memory leak in vt6655_probe
        - iio: adc: ad799x: fix probe error handling
        - iio: light: opt3001: fix mutex unlock race
        - perf llvm: Don't access out-of-scope array
        - CIFS: Gracefully handle QueryInfo errors during open
        - CIFS: Force reval dentry if LOOKUP_REVAL flag is set
        - kernel/sysctl.c: do not override max_threads provided by userspace
        - arm64: capabilities: Handle sign of the feature bit
        - arm64: Rename cpuid_feature field extract routines
        - Staging: fbtft: fix memory leak in fbtft_framebuffer_alloc
        - cifs: Check uniqueid for SMB2+ and return -ESTALE if necessary
        - CIFS: Force revalidate inode when dentry is stale
        - media: stkwebcam: fix runtime PM after driver unbind
        - tracing: Get trace_array reference for available_tracers files
        - x86/asm: Fix MWAITX C-state hint value
        - Linux 4.4.197
        - [Config] updateconfigs for USB_RIO500
    
      * CVE-2019-17666
        - SAUCE: rtlwifi: Fix potential overflow on P2P code
    
      * Suspend stopped working from 4.4.0-157 onwards (LP: #1844021) // Xenial
        update: 4.4.197 upstream stable release (LP: #1848780)
        - xhci: Increase STS_SAVE timeout in xhci_suspend()
    
      * Ubuntu 16.04.6 - Shared CEX7C cards defined in z/VM guest not established by
        zcrypt device driver (LP: #1848173)
        - SAUCE: s390/zcrypt: CEX7 toleration support
    
      * Xenial update: 4.4.196 upstream stable release (LP: #1848598)
        - video: ssd1307fb: Start page range at page_offset
        - gpu: drm: radeon: Fix a possible null-pointer dereference in
          radeon_connector_set_property()
        - ipmi_si: Only schedule continuously in the thread in maintenance mode
        - clk: qoriq: Fix -Wunused-const-variable
        - clk: sirf: Don't reference clk_init_data after registration
        - powerpc/rtas: use device model APIs and serialization during LPM
        - powerpc/futex: Fix warning: 'oldval' may be used uninitialized in this
          function
        - powerpc/pseries/mobility: use cond_resched when updating device tree
        - pinctrl: tegra: Fix write barrier placement in pmx_writel
        - vfio_pci: Restore original state on release
        - powerpc/64s/exception: machine check use correct cfar for late handler
        - powerpc/pseries: correctly track irq state in default idle
        - scsi: core: Reduce memory required for SCSI logging
        - mfd: intel-lpss: Remove D3cold delay
        - ARM: 8898/1: mm: Don't treat faults reported from cache maintenance as
          writes
        - HID: apple: Fix stuck function keys when using FN
        - security: smack: Fix possible null-pointer dereferences in
          smack_socket_sock_rcv_skb()
        - fat: work around race with userspace's read via blockdev while mounting
        - hypfs: Fix error number left in struct pointer member
        - ocfs2: wait for recovering done after direct unlock request
        - kmemleak: increase DEBUG_KMEMLEAK_EARLY_LOG_SIZE default to 16K
        - ANDROID: binder: remove waitqueue when thread exits.
        - ANDROID: binder: synchronize_rcu() when using POLLFREE.
        - hso: fix NULL-deref on tty open
        - ipv6: drop incoming packets having a v4mapped source address
        - net: ipv4: avoid mixed n_redirects and rate_tokens usage
        - net: qlogic: Fix memory leak in ql_alloc_large_buffers
        - nfc: fix memory leak in llcp_sock_bind()
        - sch_dsmark: fix potential NULL deref in dsmark_init()
        - xen-netfront: do not use ~0U as error return value for xennet_fill_frags()
        - net/rds: Fix error handling in rds_ib_add_one()
        - sch_cbq: validate TCA_CBQ_WRROPT to avoid crash
        - Smack: Don't ignore other bprm->unsafe flags if LSM_UNSAFE_PTRACE is set
        - smack: use GFP_NOFS while holding inode_smack::smk_lock
        - NFC: fix attrs checks in netlink interface
        - Linux 4.4.196
    
      * Xenial update: 4.4.195 upstream stable release (LP: #1848589)
        - Revert "Bluetooth: validate BLE connection interval updates"
        - HID: prodikeys: Fix general protection fault during probe
        - HID: lg: make transfer buffers DMA capable
        - HID: logitech: Fix general protection fault caused by Logitech driver
        - HID: hidraw: Fix invalid read in hidraw_ioctl
        - mtd: cfi_cmdset_0002: Use chip_good() to retry in do_write_oneword()
        - crypto: talitos - fix missing break in switch statement
        - net: rds: Fix NULL ptr use in rds_tcp_kill_sock
        - ASoC: fsl: Fix of-node refcount unbalance in fsl_ssi_probe_from_dt()
        - ALSA: hda - Add laptop imic fixup for ASUS M9V laptop
        - SAUCE: Revert "mac80211: handle deauthentication/disassociation from TDLS
          peer"
        - mac80211: Print text for disassociation reason
        - mac80211: handle deauthentication/disassociation from TDLS peer
        - locking/lockdep: Add debug_locks check in __lock_downgrade()
        - irqchip/gic-v3-its: Fix LPI release for Multi-MSI devices
        - f2fs: check all the data segments against all node ones
        - Revert "f2fs: avoid out-of-range memory access"
        - f2fs: fix to do sanity check on segment bitmap of LFS curseg
        - drm: Flush output polling on shutdown
        - Bluetooth: btrtl: Additional Realtek 8822CE Bluetooth devices
        - arcnet: provide a buffer big enough to actually receive packets
        - cdc_ncm: fix divide-by-zero caused by invalid wMaxPacketSize
        - net/phy: fix DP83865 10 Mbps HDX loopback disable function
        - openvswitch: change type of UPCALL_PID attribute to NLA_UNSPEC
        - sch_netem: fix a divide by zero in tabledist()
        - skge: fix checksum byte order
        - usbnet: ignore endpoints with invalid wMaxPacketSize
        - usbnet: sanity checking of packet sizes and device mtu
        - ALSA: hda: Flush interrupts on disabling
        - ASoC: sgtl5000: Fix charge pump source assignment
        - dmaengine: bcm2835: Print error in case setting DMA mask fails
        - leds: leds-lp5562 allow firmware files up to the maximum length
        - media: dib0700: fix link error for dibx000_i2c_set_speed
        - media: hdpvr: Add device num check and handling
        - sched/fair: Fix imbalance due to CPU affinity
        - sched/core: Fix CPU controller for !RT_GROUP_SCHED
        - x86/reboot: Always use NMI fallback when shutdown via reboot vector IPI
          fails
        - x86/apic: Soft disable APIC before initializing it
        - ALSA: hda - Show the fatal CORB/RIRB error more clearly
        - ALSA: i2c: ak4xxx-adda: Fix a possible null pointer dereference in
          build_adc_controls()
        - media: iguanair: add sanity checks
        - base: soc: Export soc_device_register/unregister APIs
        - ALSA: usb-audio: Skip bSynchAddress endpoint check if it is invalid
        - ia64:unwind: fix double free for mod->arch.init_unw_table
        - md: don't call spare_active in md_reap_sync_thread if all member devices
          can't work
        - md: don't set In_sync if array is frozen
        - efi: cper: print AER info of PCIe fatal error
        - media: gspca: zero usb_buf on error
        - dmaengine: iop-adma: use correct printk format strings
        - media: omap3isp: Don't set streaming state on random subdevs
        - net: lpc-enet: fix printk format strings
        - media: radio/si470x: kill urb on error
        - media: hdpvr: add terminating 0 at end of string
        - media: saa7146: add cleanup in hexium_attach()
        - media: cpia2_usb: fix memory leaks
        - media: saa7134: fix terminology around saa7134_i2c_eeprom_md7134_gate()
        - media: ov9650: add a sanity check
        - ACPI / CPPC: do not require the _PSD method
        - libtraceevent: Change users plugin directory
        - ACPI: custom_method: fix memory leaks
        - hwmon: (acpi_power_meter) Change log level for 'unsafe software power cap'
        - md/raid1: fail run raid1 array when active disk less than one
        - dmaengine: ti: edma: Do not reset reserved paRAM slots
        - kprobes: Prohibit probing on BUG() and WARN() address
        - ASoC: dmaengine: Make the pcm->name equal to pcm->id if the name is not set
        - mmc: sdhci: Fix incorrect switch to HS mode
        - libertas: Add missing sentinel at end of if_usb.c fw_table
        - media: ttusb-dec: Fix info-leak in ttusb_dec_send_command()
        - ALSA: hda/realtek - Blacklist PC beep for Lenovo ThinkCentre M73/93
        - btrfs: extent-tree: Make sure we only allocate extents from block groups
          with the same type
        - media: omap3isp: Set device on omap3isp subdevs
        - ALSA: firewire-tascam: handle error code when getting current source of
          clock
        - ALSA: firewire-tascam: check intermediate state of clock status and retry
        - printk: Do not lose last line in kmsg buffer dump
        - fuse: fix missing unlock_page in fuse_writepage()
        - parisc: Disable HP HSC-PCI Cards to prevent kernel crash
        - KVM: x86: always stop emulation on page fault
        - KVM: x86: set ctxt->have_exception in x86_decode_insn()
        - KVM: x86: Manually calculate reserved bits when loading PDPTRS
        - media: sn9c20x: Add MSI MS-1039 laptop to flip_dmi_table
        - ASoC: Intel: Fix use of potentially uninitialized variable
        - ARM: zynq: Use memcpy_toio instead of memcpy on smp bring-up
        - alarmtimer: Use EOPNOTSUPP instead of ENOTSUPP
        - md/raid6: Set R5_ReadError when there is read failure on parity disk
        - cfg80211: Purge frame registrations on iftype change
        - /dev/mem: Bail out upon SIGKILL.
        - ext4: fix punch hole for inline_data file systems
        - quota: fix wrong condition in is_quota_modification()
        - hwrng: core - don't wait on add_early_randomness()
        - i2c: riic: Clear NACK in tend isr
        - CIFS: Fix oplock handling for SMB 2.1+ protocols
        - ovl: filter of trusted xattr results in audit
        - Btrfs: fix use-after-free when using the tree modification log
        - btrfs: Relinquish CPUs in btrfs_compare_trees
        - Btrfs: fix race setting up and completing qgroup rescan workers
        - Linux 4.4.195
    
      * [Packaging] Support building Flattened Image Tree (FIT) kernels
        (LP: #1847969)
        - [Packaging] add rules to build FIT image
        - [Packaging] force creation of headers directory
    
      * bcache: Performance degradation when querying priority_stats (LP: #1840043)
        - bcache: add cond_resched() in __bch_cache_cmp()
    
      * Add installer support for iwlmvm adapters (LP: #1848236)
        - d-i: Add iwlmvm to nic-modules
    
      * Bad posix clock speculation mitigation backport (LP: #1847189)
        - SAUCE: Fix posix clock speculation mitigation backport
    
      * PM / hibernate: fix potential memory corruption (LP: #1847118)
        - PM / hibernate: memory_bm_find_bit -- tighten node optimisation
    
      * CVE-2019-17056
        - nfc: enforce CAP_NET_RAW for raw sockets
    
      * CVE-2019-17055
        - mISDN: enforce CAP_NET_RAW for raw sockets
    
      * CVE-2019-17054
        - appletalk: enforce CAP_NET_RAW for raw sockets
    
      * CVE-2019-17053
        - ieee802154: enforce CAP_NET_RAW for raw sockets
    
      * CVE-2019-17052
        - ax25: enforce CAP_NET_RAW for raw sockets
    
      * CVE-2019-15098
        - ath6kl: fix a NULL-ptr-deref bug in ath6kl_usb_alloc_urb_from_pipe()
    
      * arm64: sigaltstack fails with MINSIGSTKSZ for 32-bit processes
        (LP: #1844155)
        - signal: Introduce COMPAT_SIGMINSTKSZ for use in compat_sys_sigaltstack
        - arm64: compat: Provide definition for COMPAT_SIGMINSTKSZ
    
     -- Stefan Bader <email address hidden>  Wed, 06 Nov 2019 09:50:06 +0100
  • linux (4.4.0-167.196) xenial; urgency=medium
    
      * xenial/linux: 4.4.0-167.196 -proposed tracker (LP: #1849051)
    
      * Xenial update: 4.4.197 upstream stable release (LP: #1848780)
        - KVM: s390: Test for bad access register and size at the start of S390_MEM_OP
        - s390/topology: avoid firing events before kobjs are created
        - s390/cio: avoid calling strlen on null pointer
        - s390/cio: exclude subchannels with no parent from pseudo check
        - KVM: nVMX: handle page fault in vmread fix
        - ASoC: Define a set of DAPM pre/post-up events
        - powerpc/powernv: Restrict OPAL symbol map to only be readable by root
        - can: mcp251x: mcp251x_hw_reset(): allow more time after a reset
        - crypto: qat - Silence smp_processor_id() warning
        - ieee802154: atusb: fix use-after-free at disconnect
        - cfg80211: initialize on-stack chandefs
        - ima: always return negative code for error
        - fs: nfs: Fix possible null-pointer dereferences in encode_attrs()
        - 9p: avoid attaching writeback_fid on mmap with type PRIVATE
        - xen/pci: reserve MCFG areas earlier
        - ceph: fix directories inode i_blkbits initialization
        - drm/amdgpu: Check for valid number of registers to read
        - thermal: Fix use-after-free when unregistering thermal zone device
        - fuse: fix memleak in cuse_channel_open
        - kernel/elfcore.c: include proper prototypes
        - tools lib traceevent: Do not free tep->cmdlines in add_new_comm() on failure
        - perf stat: Fix a segmentation fault when using repeat forever
        - crypto: caam - fix concurrency issue in givencrypt descriptor
        - cfg80211: add and use strongly typed element iteration macros
        - cfg80211: Use const more consistently in for_each_element macros
        - nl80211: validate beacon head
        - ASoC: sgtl5000: Improve VAG power and mute control
        - panic: ensure preemption is disabled during panic()
        - [Config] updateconfigs for USB_RIO500
        - USB: rio500: Remove Rio 500 kernel driver
        - USB: yurex: Don't retry on unexpected errors
        - USB: yurex: fix NULL-derefs on disconnect
        - USB: usb-skeleton: fix runtime PM after driver unbind
        - USB: usb-skeleton: fix NULL-deref on disconnect
        - xhci: Prevent device initiated U1/U2 link pm if exit latency is too long
        - xhci: Check all endpoints for LPM timeout
        - usb: xhci: wait for CNR controller not ready bit in xhci resume
        - USB: adutux: remove redundant variable minor
        - USB: adutux: fix use-after-free on disconnect
        - USB: adutux: fix NULL-derefs on disconnect
        - USB: adutux: fix use-after-free on release
        - USB: iowarrior: fix use-after-free on disconnect
        - USB: iowarrior: fix use-after-free on release
        - USB: iowarrior: fix use-after-free after driver unbind
        - USB: usblp: fix runtime PM after driver unbind
        - USB: chaoskey: fix use-after-free on release
        - USB: ldusb: fix NULL-derefs on driver unbind
        - serial: uartlite: fix exit path null pointer
        - USB: serial: keyspan: fix NULL-derefs on open() and write()
        - USB: serial: ftdi_sio: add device IDs for Sienna and Echelon PL-20
        - USB: serial: option: add Telit FN980 compositions
        - USB: serial: option: add support for Cinterion CLS8 devices
        - USB: serial: fix runtime PM after driver unbind
        - USB: usblcd: fix I/O after disconnect
        - USB: microtek: fix info-leak at probe
        - USB: dummy-hcd: fix power budget for SuperSpeed mode
        - usb: renesas_usbhs: gadget: Do not discard queues in
          usb_ep_set_{halt,wedge}()
        - usb: renesas_usbhs: gadget: Fix usb_ep_set_{halt,wedge}() behavior
        - USB: legousbtower: fix slab info leak at probe
        - USB: legousbtower: fix deadlock on disconnect
        - USB: legousbtower: fix potential NULL-deref on disconnect
        - USB: legousbtower: fix open after failed reset request
        - USB: legousbtower: fix use-after-free on release
        - staging: vt6655: Fix memory leak in vt6655_probe
        - iio: adc: ad799x: fix probe error handling
        - iio: light: opt3001: fix mutex unlock race
        - perf llvm: Don't access out-of-scope array
        - CIFS: Gracefully handle QueryInfo errors during open
        - CIFS: Force reval dentry if LOOKUP_REVAL flag is set
        - kernel/sysctl.c: do not override max_threads provided by userspace
        - arm64: capabilities: Handle sign of the feature bit
        - arm64: Rename cpuid_feature field extract routines
        - Staging: fbtft: fix memory leak in fbtft_framebuffer_alloc
        - cifs: Check uniqueid for SMB2+ and return -ESTALE if necessary
        - CIFS: Force revalidate inode when dentry is stale
        - media: stkwebcam: fix runtime PM after driver unbind
        - tracing: Get trace_array reference for available_tracers files
        - x86/asm: Fix MWAITX C-state hint value
        - Linux 4.4.197
        - [Config] updateconfigs for USB_RIO500
    
      * CVE-2019-17666
        - SAUCE: rtlwifi: Fix potential overflow on P2P code
    
      * Suspend stopped working from 4.4.0-157 onwards (LP: #1844021) // Xenial
        update: 4.4.197 upstream stable release (LP: #1848780)
        - xhci: Increase STS_SAVE timeout in xhci_suspend()
    
      * Ubuntu 16.04.6 - Shared CEX7C cards defined in z/VM guest not established by
        zcrypt device driver (LP: #1848173)
        - SAUCE: s390/zcrypt: CEX7 toleration support
    
      * Xenial update: 4.4.196 upstream stable release (LP: #1848598)
        - video: ssd1307fb: Start page range at page_offset
        - gpu: drm: radeon: Fix a possible null-pointer dereference in
          radeon_connector_set_property()
        - ipmi_si: Only schedule continuously in the thread in maintenance mode
        - clk: qoriq: Fix -Wunused-const-variable
        - clk: sirf: Don't reference clk_init_data after registration
        - powerpc/rtas: use device model APIs and serialization during LPM
        - powerpc/futex: Fix warning: 'oldval' may be used uninitialized in this
          function
        - powerpc/pseries/mobility: use cond_resched when updating device tree
        - pinctrl: tegra: Fix write barrier placement in pmx_writel
        - vfio_pci: Restore original state on release
        - powerpc/64s/exception: machine check use correct cfar for late handler
        - powerpc/pseries: correctly track irq state in default idle
        - scsi: core: Reduce memory required for SCSI logging
        - mfd: intel-lpss: Remove D3cold delay
        - ARM: 8898/1: mm: Don't treat faults reported from cache maintenance as
          writes
        - HID: apple: Fix stuck function keys when using FN
        - security: smack: Fix possible null-pointer dereferences in
          smack_socket_sock_rcv_skb()
        - fat: work around race with userspace's read via blockdev while mounting
        - hypfs: Fix error number left in struct pointer member
        - ocfs2: wait for recovering done after direct unlock request
        - kmemleak: increase DEBUG_KMEMLEAK_EARLY_LOG_SIZE default to 16K
        - ANDROID: binder: remove waitqueue when thread exits.
        - ANDROID: binder: synchronize_rcu() when using POLLFREE.
        - hso: fix NULL-deref on tty open
        - ipv6: drop incoming packets having a v4mapped source address
        - net: ipv4: avoid mixed n_redirects and rate_tokens usage
        - net: qlogic: Fix memory leak in ql_alloc_large_buffers
        - nfc: fix memory leak in llcp_sock_bind()
        - sch_dsmark: fix potential NULL deref in dsmark_init()
        - xen-netfront: do not use ~0U as error return value for xennet_fill_frags()
        - net/rds: Fix error handling in rds_ib_add_one()
        - sch_cbq: validate TCA_CBQ_WRROPT to avoid crash
        - Smack: Don't ignore other bprm->unsafe flags if LSM_UNSAFE_PTRACE is set
        - smack: use GFP_NOFS while holding inode_smack::smk_lock
        - NFC: fix attrs checks in netlink interface
        - Linux 4.4.196
    
      * Xenial update: 4.4.195 upstream stable release (LP: #1848589)
        - Revert "Bluetooth: validate BLE connection interval updates"
        - HID: prodikeys: Fix general protection fault during probe
        - HID: lg: make transfer buffers DMA capable
        - HID: logitech: Fix general protection fault caused by Logitech driver
        - HID: hidraw: Fix invalid read in hidraw_ioctl
        - mtd: cfi_cmdset_0002: Use chip_good() to retry in do_write_oneword()
        - crypto: talitos - fix missing break in switch statement
        - net: rds: Fix NULL ptr use in rds_tcp_kill_sock
        - ASoC: fsl: Fix of-node refcount unbalance in fsl_ssi_probe_from_dt()
        - ALSA: hda - Add laptop imic fixup for ASUS M9V laptop
        - SAUCE: Revert "mac80211: handle deauthentication/disassociation from TDLS
          peer"
        - mac80211: Print text for disassociation reason
        - mac80211: handle deauthentication/disassociation from TDLS peer
        - locking/lockdep: Add debug_locks check in __lock_downgrade()
        - irqchip/gic-v3-its: Fix LPI release for Multi-MSI devices
        - f2fs: check all the data segments against all node ones
        - Revert "f2fs: avoid out-of-range memory access"
        - f2fs: fix to do sanity check on segment bitmap of LFS curseg
        - drm: Flush output polling on shutdown
        - Bluetooth: btrtl: Additional Realtek 8822CE Bluetooth devices
        - arcnet: provide a buffer big enough to actually receive packets
        - cdc_ncm: fix divide-by-zero caused by invalid wMaxPacketSize
        - net/phy: fix DP83865 10 Mbps HDX loopback disable function
        - openvswitch: change type of UPCALL_PID attribute to NLA_UNSPEC
        - sch_netem: fix a divide by zero in tabledist()
        - skge: fix checksum byte order
        - usbnet: ignore endpoints with invalid wMaxPacketSize
        - usbnet: sanity checking of packet sizes and device mtu
        - ALSA: hda: Flush interrupts on disabling
        - ASoC: sgtl5000: Fix charge pump source assignment
        - dmaengine: bcm2835: Print error in case setting DMA mask fails
        - leds: leds-lp5562 allow firmware files up to the maximum length
        - media: dib0700: fix link error for dibx000_i2c_set_speed
        - media: hdpvr: Add device num check and handling
        - sched/fair: Fix imbalance due to CPU affinity
        - sched/core: Fix CPU controller for !RT_GROUP_SCHED
        - x86/reboot: Always use NMI fallback when shutdown via reboot vector IPI
          fails
        - x86/apic: Soft disable APIC before initializing it
        - ALSA: hda - Show the fatal CORB/RIRB error more clearly
        - ALSA: i2c: ak4xxx-adda: Fix a possible null pointer dereference in
          build_adc_controls()
        - media: iguanair: add sanity checks
        - base: soc: Export soc_device_register/unregister APIs
        - ALSA: usb-audio: Skip bSynchAddress endpoint check if it is invalid
        - ia64:unwind: fix double free for mod->arch.init_unw_table
        - md: don't call spare_active in md_reap_sync_thread if all member devices
          can't work
        - md: don't set In_sync if array is frozen
        - efi: cper: print AER info of PCIe fatal error
        - media: gspca: zero usb_buf on error
        - dmaengine: iop-adma: use correct printk format strings
        - media: omap3isp: Don't set streaming state on random subdevs
        - net: lpc-enet: fix printk format strings
        - media: radio/si470x: kill urb on error
        - media: hdpvr: add terminating 0 at end of string
        - media: saa7146: add cleanup in hexium_attach()
        - media: cpia2_usb: fix memory leaks
        - media: saa7134: fix terminology around saa7134_i2c_eeprom_md7134_gate()
        - media: ov9650: add a sanity check
        - ACPI / CPPC: do not require the _PSD method
        - libtraceevent: Change users plugin directory
        - ACPI: custom_method: fix memory leaks
        - hwmon: (acpi_power_meter) Change log level for 'unsafe software power cap'
        - md/raid1: fail run raid1 array when active disk less than one
        - dmaengine: ti: edma: Do not reset reserved paRAM slots
        - kprobes: Prohibit probing on BUG() and WARN() address
        - ASoC: dmaengine: Make the pcm->name equal to pcm->id if the name is not set
        - mmc: sdhci: Fix incorrect switch to HS mode
        - libertas: Add missing sentinel at end of if_usb.c fw_table
        - media: ttusb-dec: Fix info-leak in ttusb_dec_send_command()
        - ALSA: hda/realtek - Blacklist PC beep for Lenovo ThinkCentre M73/93
        - btrfs: extent-tree: Make sure we only allocate extents from block groups
          with the same type
        - media: omap3isp: Set device on omap3isp subdevs
        - ALSA: firewire-tascam: handle error code when getting current source of
          clock
        - ALSA: firewire-tascam: check intermediate state of clock status and retry
        - printk: Do not lose last line in kmsg buffer dump
        - fuse: fix missing unlock_page in fuse_writepage()
        - parisc: Disable HP HSC-PCI Cards to prevent kernel crash
        - KVM: x86: always stop emulation on page fault
        - KVM: x86: set ctxt->have_exception in x86_decode_insn()
        - KVM: x86: Manually calculate reserved bits when loading PDPTRS
        - media: sn9c20x: Add MSI MS-1039 laptop to flip_dmi_table
        - ASoC: Intel: Fix use of potentially uninitialized variable
        - ARM: zynq: Use memcpy_toio instead of memcpy on smp bring-up
        - alarmtimer: Use EOPNOTSUPP instead of ENOTSUPP
        - md/raid6: Set R5_ReadError when there is read failure on parity disk
        - cfg80211: Purge frame registrations on iftype change
        - /dev/mem: Bail out upon SIGKILL.
        - ext4: fix punch hole for inline_data file systems
        - quota: fix wrong condition in is_quota_modification()
        - hwrng: core - don't wait on add_early_randomness()
        - i2c: riic: Clear NACK in tend isr
        - CIFS: Fix oplock handling for SMB 2.1+ protocols
        - ovl: filter of trusted xattr results in audit
        - Btrfs: fix use-after-free when using the tree modification log
        - btrfs: Relinquish CPUs in btrfs_compare_trees
        - Btrfs: fix race setting up and completing qgroup rescan workers
        - Linux 4.4.195
    
      * [Packaging] Support building Flattened Image Tree (FIT) kernels
        (LP: #1847969)
        - [Packaging] add rules to build FIT image
        - [Packaging] force creation of headers directory
    
      * bcache: Performance degradation when querying priority_stats (LP: #1840043)
        - bcache: add cond_resched() in __bch_cache_cmp()
    
      * Add installer support for iwlmvm adapters (LP: #1848236)
        - d-i: Add iwlmvm to nic-modules
    
      * Bad posix clock speculation mitigation backport (LP: #1847189)
        - SAUCE: Fix posix clock speculation mitigation backport
    
      * PM / hibernate: fix potential memory corruption (LP: #1847118)
        - PM / hibernate: memory_bm_find_bit -- tighten node optimisation
    
      * CVE-2019-17056
        - nfc: enforce CAP_NET_RAW for raw sockets
    
      * CVE-2019-17055
        - mISDN: enforce CAP_NET_RAW for raw sockets
    
      * CVE-2019-17054
        - appletalk: enforce CAP_NET_RAW for raw sockets
    
      * CVE-2019-17053
        - ieee802154: enforce CAP_NET_RAW for raw sockets
    
      * CVE-2019-17052
        - ax25: enforce CAP_NET_RAW for raw sockets
    
      * CVE-2019-15098
        - ath6kl: fix a NULL-ptr-deref bug in ath6kl_usb_alloc_urb_from_pipe()
    
      * arm64: sigaltstack fails with MINSIGSTKSZ for 32-bit processes
        (LP: #1844155)
        - signal: Introduce COMPAT_SIGMINSTKSZ for use in compat_sys_sigaltstack
        - arm64: compat: Provide definition for COMPAT_SIGMINSTKSZ
    
     -- Khalid Elmously <email address hidden>  Mon, 21 Oct 2019 14:56:55 -0400
  • linux (4.4.0-166.195) xenial; urgency=medium
    
      * xenial/linux: 4.4.0-166.195 -proposed tracker (LP: #1846069)
    
      * Packaging resync (LP: #1786013)
        - [Packaging] update helper scripts
    
      * CVE-2017-18232
        - scsi: libsas: direct call probe and destruct
    
      * CVE-2018-21008
        - rsi: add fix for crash during assertions
    
      * Xenial update: 4.4.194 upstream stable release (LP: #1845405)
        - bridge/mdb: remove wrong use of NLM_F_MULTI
        - cdc_ether: fix rndis support for Mediatek based smartphones
        - ipv6: Fix the link time qualifier of 'ping_v6_proc_exit_net()'
        - isdn/capi: check message length in capi_write()
        - net: Fix null de-reference of device refcount
        - sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
        - sctp: Fix the link time qualifier of 'sctp_ctrlsock_exit()'
        - sctp: use transport pf_retrans in sctp_do_8_2_transport_strike
        - tcp: fix tcp_ecn_withdraw_cwr() to clear TCP_ECN_QUEUE_CWR
        - tipc: add NULL pointer check before calling kfree_rcu
        - tun: fix use-after-free when register netdev failed
        - Revert "MIPS: SiByte: Enable swiotlb for SWARM, LittleSur and BigSur"
        - Btrfs: fix assertion failure during fsync and use of stale transaction
        - genirq: Prevent NULL pointer dereference in resend_irqs()
        - KVM: s390: Do not leak kernel stack data in the KVM_S390_INTERRUPT ioctl
        - KVM: x86: work around leak of uninitialized stack contents
        - KVM: nVMX: handle page fault in vmread
        - MIPS: VDSO: Prevent use of smp_processor_id()
        - MIPS: VDSO: Use same -m%-float cflag as the kernel proper
        - clk: rockchip: Don't yell about bad mmc phases when getting
        - driver core: Fix use-after-free and double free on glue directory
        - crypto: talitos - check AES key size
        - crypto: talitos - check data blocksize in ablkcipher.
        - x86/build: Add -Wnoaddress-of-packed-member to REALMODE_CFLAGS, to silence
          GCC9 build warning
        - MIPS: netlogic: xlr: Remove erroneous check in nlm_fmn_send()
        - ARC: configs: Remove CONFIG_INITRAMFS_SOURCE from defconfigs
        - USB: usbcore: Fix slab-out-of-bounds bug during device reset
        - media: tm6000: double free if usb disconnect while streaming
        - x86/boot: Add missing bootparam that breaks boot on some platforms
        - xen-netfront: do not assume sk_buff_head list is empty in error handling
        - serial: sprd: correct the wrong sequence of arguments
        - tty/serial: atmel: reschedule TX after RX was started
        - mwifiex: Fix three heap overflow at parsing element in cfg80211_ap_settings
        - s390/bpf: fix lcgr instruction encoding
        - ARM: OMAP2+: Fix omap4 errata warning on other SoCs
        - s390/bpf: use 32-bit index for tail calls
        - NFSv4: Fix return values for nfs4_file_open()
        - NFS: Fix initialisation of I/O result struct in nfs_pgio_rpcsetup
        - Kconfig: Fix the reference to the IDT77105 Phy driver in the description of
          ATM_NICSTAR_USE_IDT77105
        - ARM: 8874/1: mm: only adjust sections of valid mm structures
        - r8152: Set memory to all 0xFFs on failed reg reads
        - x86/apic: Fix arch_dynirq_lower_bound() bug for DT enabled machines
        - netfilter: nf_conntrack_ftp: Fix debug output
        - NFSv2: Fix eof handling
        - NFSv2: Fix write regression
        - cifs: set domainName when a domain-key is used in multiuser
        - cifs: Use kzfree() to zero out the password
        - sky2: Disable MSI on yet another ASUS boards (P6Xxxx)
        - tools/power turbostat: fix buffer overrun
        - net: seeq: Fix the function used to release some memory in an error handling
          path
        - dmaengine: ti: omap-dma: Add cleanup in omap_dma_probe()
        - keys: Fix missing null pointer check in request_key_auth_describe()
        - floppy: fix usercopy direction
        - media: technisat-usb2: break out of loop at end of buffer
        - ARC: export "abort" for modules
        - net_sched: let qdisc_put() accept NULL pointer
        - Linux 4.4.194
    
      * CVE-2019-14821
        - KVM: coalesced_mmio: add bounds checking
    
      * Xenial update: 4.4.193 upstream stable release (LP: #1845395)
        - ALSA: hda - Fix potential endless loop at applying quirks
        - ALSA: hda/realtek - Fix overridden device-specific initialization
        - xfrm: clean up xfrm protocol checks
        - vhost/test: fix build for vhost test
        - scripts/decode_stacktrace: match basepath using shell prefix operator, not
          regex
        - clk: s2mps11: Add used attribute to s2mps11_dt_match
        - x86, boot: Remove multiple copy of static function sanitize_boot_params()
        - af_packet: tone down the Tx-ring unsupported spew.
        - Linux 4.4.193
    
      * Xenial update: 4.4.192 upstream stable release (LP: #1845374)
        - net: tundra: tsi108: use spin_lock_irqsave instead of spin_lock_irq in IRQ
          context
        - net: tc35815: Explicitly check NET_IP_ALIGN is not zero in tc35815_rx
        - Bluetooth: btqca: Add a short delay before downloading the NVM
        - ibmveth: Convert multicast list size for little-endian system
        - gpio: Fix build error of function redefinition
        - cxgb4: fix a memory leak bug
        - net: myri10ge: fix memory leaks
        - cx82310_eth: fix a memory leak bug
        - net: kalmia: fix memory leaks
        - wimax/i2400m: fix a memory leak bug
        - ravb: Fix use-after-free ravb_tstamp_skb
        - Tools: hv: kvp: eliminate 'may be used uninitialized' warning
        - IB/mlx4: Fix memory leaks
        - ceph: fix buffer free while holding i_ceph_lock in __ceph_setxattr()
        - KVM: arm/arm64: Only skip MMIO insn once
        - libceph: allow ceph_buffer_put() to receive a NULL ceph_buffer
        - spi: bcm2835aux: ensure interrupts are enabled for shared handler
        - spi: bcm2835aux: unifying code between polling and interrupt driven code
        - spi: bcm2835aux: remove dangerous uncontrolled read of fifo
        - spi: bcm2835aux: fix corruptions for longer spi transfers
        - Revert "x86/apic: Include the LDR when clearing out APIC registers"
        - net: fix skb use after free in netpoll
        - net: stmmac: dwmac-rk: Don't fail if phy regulator is absent
        - Linux 4.4.192
    
      * Xenial update: 4.4.191 upstream stable release (LP: #1845036)
        - HID: Add 044f:b320 ThrustMaster, Inc. 2 in 1 DT
        - MIPS: kernel: only use i8253 clocksource with periodic clockevent
        - netfilter: ebtables: fix a memory leak bug in compat
        - bonding: Force slave speed check after link state recovery for 802.3ad
        - can: dev: call netif_carrier_off() in register_candev()
        - st21nfca_connectivity_event_received: null check the allocation
        - st_nci_hci_connectivity_event_received: null check the allocation
        - ASoC: ti: davinci-mcasp: Correct slot_width posed constraint
        - net: usb: qmi_wwan: Add the BroadMobi BM818 card
        - isdn: mISDN: hfcsusb: Fix possible null-pointer dereferences in
          start_isoc_chain()
        - isdn: hfcsusb: Fix mISDN driver crash caused by transfer buffer on the stack
        - perf bench numa: Fix cpu0 binding
        - can: sja1000: force the string buffer NULL-terminated
        - can: peak_usb: force the string buffer NULL-terminated
        - NFSv4: Fix a potential sleep while atomic in nfs4_do_reclaim()
        - net: cxgb3_main: Fix a resource leak in a error path in 'init_one()'
        - net: hisilicon: make hip04_tx_reclaim non-reentrant
        - net: hisilicon: fix hip04-xmit never return TX_BUSY
        - net: hisilicon: Fix dma_map_single failed on arm64
        - libata: add SG safety checks in SFF pio transfers
        - selftests: kvm: Adding config fragments
        - HID: wacom: correct misreported EKR ring values
        - Revert "dm bufio: fix deadlock with loop device"
        - userfaultfd_release: always remove uffd flags and clear vm_userfaultfd_ctx
        - x86/retpoline: Don't clobber RFLAGS during CALL_NOSPEC on i386
        - x86/apic: Handle missing global clockevent gracefully
        - x86/boot: Save fields explicitly, zero out everything else
        - x86/boot: Fix boot regression caused by bootparam sanitizing
        - dm btree: fix order of block initialization in btree_split_beneath
        - dm space map metadata: fix missing store of apply_bops() return value
        - dm table: fix invalid memory accesses with too high sector number
        - cgroup: Disable IRQs while holding css_set_lock
        - net: arc_emac: fix koops caused by sk_buff free
        - siphash: implement HalfSipHash1-3 for hash tables
        - netfilter: ctnetlink: don't use conntrack/expect object addresses as id
        - netfilter: conntrack: Use consistent ct id hash calculation
        - x86/pm: Introduce quirk framework to save/restore extra MSR registers around
          suspend/resume
        - x86/CPU/AMD: Clear RDRAND CPUID bit on AMD family 15h/16h
        - scsi: ufs: Fix NULL pointer dereference in ufshcd_config_vreg_hpm()
        - dmaengine: ste_dma40: fix unneeded variable warning
        - usb: gadget: composite: Clear "suspended" on reset/disconnect
        - usb: host: fotg2: restart hcd after port reset
        - tools: hv: fix KVP and VSS daemons exit code
        - watchdog: bcm2835_wdt: Fix module autoload
        - tcp: fix tcp_rtx_queue_tail in case of empty retransmit queue
        - ALSA: usb-audio: Fix a stack buffer overflow bug in check_input_term
        - ALSA: usb-audio: Fix an OOB bug in parse_audio_mixer_unit
        - tcp: make sure EPOLLOUT wont be missed
        - ALSA: seq: Fix potential concurrent access to the deleted pool
        - KVM: x86: Don't update RIP or do single-step on faulting emulation
        - x86/apic: Do not initialize LDR and DFR for bigsmp
        - x86/apic: Include the LDR when clearing out APIC registers
        - usb-storage: Add new JMS567 revision to unusual_devs
        - USB: cdc-wdm: fix race between write and disconnect due to flag abuse
        - usb: host: ohci: fix a race condition between shutdown and irq
        - USB: storage: ums-realtek: Update module parameter description for
          auto_delink_en
        - ptrace,x86: Make user_64bit_mode() available to 32-bit builds
        - uprobes/x86: Fix detection of 32-bit user mode
        - mmc: sdhci-of-at91: add quirk for broken HS200
        - mmc: core: Fix init of SD cards reporting an invalid VDD range
        - stm class: Fix a double free of stm_source_device
        - VMCI: Release resource if the work is already queued
        - Revert "cfg80211: fix processing world regdomain when non modular"
        - mac80211: fix possible sta leak
        - x86/ptrace: fix up botched merge of spectrev1 fix
        - Linux 4.4.191
    
      * New ID in ums-realtek module breaks cardreader (LP: #1838886) // Xenial
        update: 4.4.191 upstream stable release (LP: #1845036)
        - USB: storage: ums-realtek: Whitelist auto-delink support
    
      * Xenial update: 4.4.190 upstream stable release (LP: #1845038)
        - usb: iowarrior: fix deadlock on disconnect
        - sound: fix a memory leak bug
        - x86/mm: Check for pfn instead of page in vmalloc_sync_one()
        - x86/mm: Sync also unmappings in vmalloc_sync_all()
        - mm/vmalloc: Sync unmappings in __purge_vmap_area_lazy()
        - perf db-export: Fix thread__exec_comm()
        - usb: yurex: Fix use-after-free in yurex_delete
        - can: peak_usb: fix potential double kfree_skb()
        - netfilter: nfnetlink: avoid deadlock due to synchronous request_module
        - iscsi_ibft: make ISCSI_IBFT dependson ACPI instead of ISCSI_IBFT_FIND
        - mac80211: don't warn about CW params when not using them
        - hwmon: (nct6775) Fix register address and added missed tolerance for nct6106
        - cpufreq/pasemi: fix use-after-free in pas_cpufreq_cpu_init()
        - s390/qdio: add sanity checks to the fast-requeue path
        - ALSA: compress: Fix regression on compressed capture streams
        - ALSA: compress: Prevent bypasses of set_params
        - ALSA: compress: Be more restrictive about when a drain is allowed
        - perf probe: Avoid calling freeing routine multiple times for same pointer
        - ARM: davinci: fix sleep.S build error on ARMv4
        - scsi: megaraid_sas: fix panic on loading firmware crashdump
        - scsi: ibmvfc: fix WARN_ON during event pool release
        - tty/ldsem, locking/rwsem: Add missing ACQUIRE to read_failed sleep loop
        - perf/core: Fix creating kernel counters for PMUs that override event->cpu
        - can: peak_usb: pcan_usb_pro: Fix info-leaks to USB devices
        - can: peak_usb: pcan_usb_fd: Fix info-leaks to USB devices
        - hwmon: (nct7802) Fix wrong detection of in4 presence
        - ALSA: firewire: fix a memory leak bug
        - mac80211: don't WARN on short WMM parameters from AP
        - SMB3: Fix deadlock in validate negotiate hits reconnect
        - smb3: send CAP_DFS capability during session setup
        - mwifiex: fix 802.11n/WPA detection
        - scsi: mpt3sas: Use 63-bit DMA addressing on SAS35 HBA
        - sh: kernel: hw_breakpoint: Fix missing break in switch statement
        - mm/memcontrol.c: fix use after free in mem_cgroup_iter()
        - ALSA: hda - Fix a memory leak bug
        - HID: holtek: test for sanity of intfdata
        - HID: hiddev: avoid opening a disconnected device
        - HID: hiddev: do cleanup in failure of opening a device
        - Input: kbtab - sanity check for endpoint type
        - Input: iforce - add sanity checks
        - net: usb: pegasus: fix improper read if get_registers() fail
        - xen/pciback: remove set but not used variable 'old_state'
        - irqchip/irq-imx-gpcv2: Forward irq type to parent
        - perf header: Fix divide by zero error if f_header.attr_size==0
        - perf header: Fix use of unitialized value warning
        - libata: zpodd: Fix small read overflow in zpodd_get_mech_type()
        - scsi: hpsa: correct scsi command status issue after reset
        - ata: libahci: do not complain in case of deferred probe
        - kbuild: modpost: handle KBUILD_EXTRA_SYMBOLS only for external modules
        - IB/core: Add mitigation for Spectre V1
        - ocfs2: remove set but not used variable 'last_hash'
        - asm-generic: fix -Wtype-limits compiler warnings
        - staging: comedi: dt3000: Fix signed integer overflow 'divider * base'
        - staging: comedi: dt3000: Fix rounding up of timer divisor
        - USB: core: Fix races in character device registration and deregistraion
        - usb: cdc-acm: make sure a refcount is taken early enough
        - USB: serial: option: add D-Link DWM-222 device ID
        - USB: serial: option: Add support for ZTE MF871A
        - USB: serial: option: add the BroadMobi BM818 card
        - USB: serial: option: Add Motorola modem UARTs
        - Backport minimal compiler_attributes.h to support GCC 9
        - include/linux/module.h: copy __init/__exit attrs to init/cleanup_module
        - arm64: compat: Allow single-byte watchpoints on all addresses
        - Input: psmouse - fix build error of multiple definition
        - asm-generic: default BUG_ON(x) to if(x)BUG()
        - scsi: fcoe: Embed fc_rport_priv in fcoe_rport structure
        - RDMA: Directly cast the sockaddr union to sockaddr
        - IB/mlx5: Make coding style more consistent
        - x86/vdso: Remove direct HPET access through the vDSO
        - iommu/amd: Move iommu_init_pci() to .init section
        - x86/boot: Disable the address-of-packed-member compiler warning
        - net/packet: fix race in tpacket_snd()
        - xen/netback: Reset nr_frags before freeing skb
        - net/mlx5e: Only support tx/rx pause setting for port owner
        - sctp: fix the transport error_count check
        - bonding: Add vlan tx offload to hw_enc_features
        - Linux 4.4.190
    
     -- Kleber Sacilotto de Souza <email address hidden>  Tue, 01 Oct 2019 10:23:59 +0200
  • linux (4.4.0-165.193) xenial; urgency=medium
    
      * xenial/linux: 4.4.0-165.193 -proposed tracker (LP: #1844416)
    
      * Xenial update: 4.4.187 upstream stable release (LP: #1840081)
        - MIPS: ath79: fix ar933x uart parity mode
        - MIPS: fix build on non-linux hosts
        - dmaengine: imx-sdma: fix use-after-free on probe error path
        - ath10k: Do not send probe response template for mesh
        - ath9k: Check for errors when reading SREV register
        - ath6kl: add some bounds checking
        - ath: DFS JP domain W56 fixed pulse type 3 RADAR detection
        - batman-adv: fix for leaked TVLV handler.
        - media: dvb: usb: fix use after free in dvb_usb_device_exit
        - crypto: talitos - fix skcipher failure due to wrong output IV
        - media: marvell-ccic: fix DMA s/g desc number calculation
        - media: vpss: fix a potential NULL pointer dereference
        - net: stmmac: dwmac1000: Clear unused address entries
        - signal/pid_namespace: Fix reboot_pid_ns to use send_sig not force_sig
        - af_key: fix leaks in key_pol_get_resp and dump_sp.
        - xfrm: Fix xfrm sel prefix length validation
        - media: staging: media: davinci_vpfe: - Fix for memory leak if decoder
          initialization fails.
        - net: phy: Check against net_device being NULL
        - tua6100: Avoid build warnings.
        - locking/lockdep: Fix merging of hlocks with non-zero references
        - media: wl128x: Fix some error handling in fm_v4l2_init_video_device()
        - cpupower : frequency-set -r option misses the last cpu in related cpu list
        - net: fec: Do not use netdev messages too early
        - net: axienet: Fix race condition causing TX hang
        - s390/qdio: handle PENDING state for QEBSM devices
        - perf test 6: Fix missing kvm module load for s390
        - gpio: omap: fix lack of irqstatus_raw0 for OMAP4
        - gpio: omap: ensure irq is enabled before wakeup
        - regmap: fix bulk writes on paged registers
        - bpf: silence warning messages in core
        - rcu: Force inlining of rcu_read_lock()
        - xfrm: fix sa selector validation
        - perf evsel: Make perf_evsel__name() accept a NULL argument
        - vhost_net: disable zerocopy by default
        - EDAC/sysfs: Fix memory leak when creating a csrow object
        - media: i2c: fix warning same module names
        - ntp: Limit TAI-UTC offset
        - timer_list: Guard procfs specific code
        - acpi/arm64: ignore 5.1 FADTs that are reported as 5.0
        - media: coda: fix mpeg2 sequence number handling
        - media: coda: increment sequence offset for the last returned frame
        - mt7601u: do not schedule rx_tasklet when the device has been disconnected
        - x86/build: Add 'set -e' to mkcapflags.sh to delete broken capflags.c
        - mt7601u: fix possible memory leak when the device is disconnected
        - ath10k: fix PCIE device wake up failed
        - rslib: Fix decoding of shortened codes
        - rslib: Fix handling of of caller provided syndrome
        - ixgbe: Check DDM existence in transceiver before access
        - EDAC: Fix global-out-of-bounds write when setting edac_mc_poll_msec
        - bcache: check c->gc_thread by IS_ERR_OR_NULL in cache_set_flush()
        - Bluetooth: hci_bcsp: Fix memory leak in rx_skb
        - Bluetooth: 6lowpan: search for destination address in all peers
        - Bluetooth: Check state in l2cap_disconnect_rsp
        - Bluetooth: validate BLE connection interval updates
        - crypto: ghash - fix unaligned memory access in ghash_setkey()
        - crypto: arm64/sha1-ce - correct digest for empty data in finup
        - crypto: arm64/sha2-ce - correct digest for empty data in finup
        - Input: gtco - bounds check collection indent level
        - regulator: s2mps11: Fix buck7 and buck8 wrong voltages
        - tracing/snapshot: Resize spare buffer if size changed
        - NFSv4: Handle the special Linux file open access mode
        - lib/scatterlist: Fix mapping iterator when sg->offset is greater than
          PAGE_SIZE
        - ALSA: seq: Break too long mutex context in the write loop
        - media: v4l2: Test type instead of cfg->type in v4l2_ctrl_new_custom()
        - media: coda: Remove unbalanced and unneeded mutex unlock
        - KVM: x86/vPMU: refine kvm_pmu err msg when event creation failed
        - drm/nouveau/i2c: Enable i2c pads & busses during preinit
        - padata: use smp_mb in padata_reorder to avoid orphaned padata jobs
        - 9p/virtio: Add cleanup path in p9_virtio_init
        - PCI: Do not poll for PME if the device is in D3cold
        - take floppy compat ioctls to sodding floppy.c
        - floppy: fix out-of-bounds read in next_valid_format
        - floppy: fix invalid pointer dereference in drive_name
        - coda: pass the host file in vma->vm_file on mmap
        - gpu: ipu-v3: ipu-ic: Fix saturation bit offset in TPMEM
        - parisc: Fix kernel panic due invalid values in IAOQ0 or IAOQ1
        - powerpc/32s: fix suspend/resume when IBATs 4-7 are used
        - powerpc/watchpoint: Restore NV GPRs while returning from exception
        - eCryptfs: fix a couple type promotion bugs
        - intel_th: msu: Fix single mode with disabled IOMMU
        - Bluetooth: Add SMP workaround Microsoft Surface Precision Mouse bug
        - usb: Handle USB3 remote wakeup for LPM enabled devices correctly
        - dm bufio: fix deadlock with loop device
        - bnx2x: Prevent load reordering in tx completion processing
        - caif-hsi: fix possible deadlock in cfhsi_exit_module()
        - ipv4: don't set IPv6 only flags to IPv4 addresses
        - net: bcmgenet: use promisc for unsupported filters
        - net: neigh: fix multiple neigh timer scheduling
        - nfc: fix potential illegal memory access
        - sky2: Disable MSI on ASUS P6T
        - netrom: fix a memory leak in nr_rx_frame()
        - netrom: hold sock when setting skb->destructor
        - tcp: Reset bytes_acked and bytes_received when disconnecting
        - bonding: validate ip header before check IPPROTO_IGMP
        - net: bridge: mcast: fix stale nsrcs pointer in igmp3/mld2 report handling
        - net: bridge: mcast: fix stale ipv6 hdr pointer when handling v6 query
        - net: bridge: stp: don't cache eth dest pointer before skb pull
        - elevator: fix truncation of icq_cache_name
        - NFSv4: Fix open create exclusive when the server reboots
        - nfsd: increase DRC cache limit
        - nfsd: give out fewer session slots as limit approaches
        - nfsd: fix performance-limiting session calculation
        - nfsd: Fix overflow causing non-working mounts on 1 TB machines
        - drm/panel: simple: Fix panel_simple_dsi_probe
        - usb: core: hub: Disable hub-initiated U1/U2
        - tty: max310x: Fix invalid baudrate divisors calculator
        - pinctrl: rockchip: fix leaked of_node references
        - tty: serial: cpm_uart - fix init when SMC is relocated
        - memstick: Fix error cleanup path of memstick_init
        - tty/serial: digicolor: Fix digicolor-usart already registered warning
        - tty: serial: msm_serial: avoid system lockup condition
        - drm/virtio: Add memory barriers for capset cache.
        - phy: renesas: rcar-gen2: Fix memory leak at error paths
        - usb: gadget: Zero ffs_io_data
        - powerpc/pci/of: Fix OF flags parsing for 64bit BARs
        - PCI: sysfs: Ignore lockdep for remove attribute
        - iio: iio-utils: Fix possible incorrect mask calculation
        - recordmcount: Fix spurious mcount entries on powerpc
        - mfd: core: Set fwnode for created devices
        - mfd: arizona: Fix undefined behavior
        - um: Silence lockdep complaint about mmap_sem
        - powerpc/4xx/uic: clear pending interrupt after irq type/pol change
        - serial: sh-sci: Fix TX DMA buffer flushing and workqueue races
        - kallsyms: exclude kasan local symbols on s390
        - perf test mmap-thread-lookup: Initialize variable to suppress memory
          sanitizer warning
        - f2fs: avoid out-of-range memory access
        - mailbox: handle failed named mailbox channel request
        - powerpc/eeh: Handle hugepages in ioremap space
        - sh: prevent warnings when using iounmap
        - mm/kmemleak.c: fix check for softirq context
        - 9p: pass the correct prototype to read_cache_page
        - mm/mmu_notifier: use hlist_add_head_rcu()
        - locking/lockdep: Fix lock used or unused stats error
        - locking/lockdep: Hide unused 'class' variable
        - usb: wusbcore: fix unbalanced get/put cluster_id
        - usb: pci-quirks: Correct AMD PLL quirk detection
        - x86/sysfb_efi: Add quirks for some devices with swapped width and height
        - x86/speculation/mds: Apply more accurate check on hypervisor platform
        - hpet: Fix division by zero in hpet_time_div()
        - ALSA: hda - Add a conexant codec entry to let mute led work
        - access: avoid the RCU grace period for the temporary subjective credentials
        - vmstat: Remove BUG_ON from vmstat_update
        - mm, vmstat: make quiet_vmstat lighter
        - ipv6: check sk sk_type and protocol early in ip_mroute_set/getsockopt
        - tcp: reset sk_send_head in tcp_write_queue_purge
        - ISDN: hfcsusb: checking idx of ep configuration
        - media: cpia2_usb: first wake up, then free in disconnect
        - media: radio-raremono: change devm_k*alloc to k*alloc
        - Bluetooth: hci_uart: check for missing tty operations
        - sched/fair: Don't free p->numa_faults with concurrent readers
        - drivers/pps/pps.c: clear offset flags in PPS_SETPARAMS ioctl
        - ceph: hold i_ceph_lock when removing caps for freeing inode
        - Linux 4.4.187
        - perf tests: Add valid callback for parse-events test
        - SAUCE: Fix perf test 6: Fix missing kvm module load for s390
    
      * CVE-2018-20976
        - xfs: clear sb->s_fs_info on mount failure
    
      * Xenial update: 4.4.189 upstream stable release (LP: #1840335)
        - arm64: cpufeature: Fix CTR_EL0 field definitions
        - arm64: cpufeature: Fix feature comparison for CTR_EL0.{CWG,ERG}
        - netfilter: nfnetlink_acct: validate NFACCT_QUOTA parameter
        - HID: Add quirk for HP X1200 PIXART OEM mouse
        - tcp: be more careful in tcp_fragment()
        - atm: iphase: Fix Spectre v1 vulnerability
        - net: bridge: delete local fdb on device init failure
        - net: fix ifindex collision during namespace removal
        - tipc: compat: allow tipc commands without arguments
        - net: sched: Fix a possible null-pointer dereference in dequeue_func()
        - net/mlx5: Use reversed order when unregister devices
        - bnx2x: Disable multi-cos feature.
        - compat_ioctl: pppoe: fix PPPOEIOCSFWD handling
        - spi: bcm2835: Fix 3-wire mode if DMA is enabled
        - x86: cpufeatures: Sort feature word 7
        - x86/entry/64: Fix context tracking state warning when load_gs_index fails
        - Linux 4.4.189
    
      * CVE-2019-0136
        - mac80211: handle deauthentication/disassociation from TDLS peer
    
      * skb_warn_bad_offload kernel splat due to CHECKSUM target not compatible with
        GSO skbs (LP: #1840619)
        - netfilter: xt_checksum: ignore gso skbs
    
      * CVE-2018-20961
        - usb: gadget: f_midi: fail if set_alt fails to allocate requests
        - USB: gadget: f_midi: fixing a possible double-free in f_midi
    
      * CVE-2019-11487
        - pipe: add pipe_buf_get() helper
        - mm: add 'try_get_page()' helper function
        - fs: prevent page refcount overflow in pipe_buf_get
        - mm: make page ref count overflow check tighter and more explicit
        - mm, gup: ensure real head page is ref-counted when using hugepages
        - mm: prevent get_user_pages() from overflowing page refcount
    
      * Xenial update: 4.4.188 upstream stable release (LP: #1840289)
        - ARM: riscpc: fix DMA
        - ARM: dts: rockchip: Mark that the rk3288 timer might stop in suspend
        - kernel/module.c: Only return -EEXIST for modules that have finished loading
        - MIPS: lantiq: Fix bitfield masking
        - dmaengine: rcar-dmac: Reject zero-length slave DMA requests
        - fs/adfs: super: fix use-after-free bug
        - btrfs: fix minimum number of chunk errors for DUP
        - ceph: fix improper use of smp_mb__before_atomic()
        - scsi: zfcp: fix GCC compiler warning emitted with -Wmaybe-uninitialized
        - ACPI: fix false-positive -Wuninitialized warning
        - be2net: Signal that the device cannot transmit during reconfiguration
        - x86/apic: Silence -Wtype-limits compiler warnings
        - x86: math-emu: Hide clang warnings for 16-bit overflow
        - mm/cma.c: fail if fixed declaration can't be honored
        - coda: add error handling for fget
        - coda: fix build using bare-metal toolchain
        - uapi linux/coda_psdev.h: move upc_req definition from uapi to kernel side
          headers
        - ipc/mqueue.c: only perform resource calculation if user valid
        - x86/kvm: Don't call kvm_spurious_fault() from .fixup
        - selinux: fix memory leak in policydb_init()
        - s390/dasd: fix endless loop after read unit address configuration
        - xen/swiotlb: fix condition for calling xen_destroy_contiguous_region()
        - Linux 4.4.188
    
      * Line 6 POD HD500 driver fault (LP: #1790595) // Xenial update: 4.4.187
        upstream stable release (LP: #1840081)
        - ALSA: line6: Fix wrong altsetting for LINE6_PODHD500_1
    
      * CVE-2016-10905
        - GFS2: don't set rgrp gl_object until it's inserted into rgrp tree
    
     -- Stefan Bader <email address hidden>  Tue, 17 Sep 2019 18:24:13 +0200
  • linux (4.4.0-164.192) xenial; urgency=medium
    
      * CVE-2019-14835
        - SAUCE: vhost: make sure log_num < in_num
    
     -- Juerg Haefliger <email address hidden>  Fri, 13 Sep 2019 12:55:05 +0200
  • linux (4.4.0-163.191) xenial; urgency=medium
    
      * xenial/linux: 4.4.0-162.191 -proposed tracker (LP: #1843583)
    
      * Xenial update: 4.4.187 upstream stable release (LP: #1840081)
        - perf tests: Add valid callback for parse-events test
        - SAUCE: Fix perf test 6: Fix missing kvm module load for s390
    
    linux (4.4.0-162.190) xenial; urgency=medium
    
      * xenial/linux: 4.4.0-162.190 -proposed tracker (LP: #1842608)
    
      * CVE-2018-20976
        - xfs: clear sb->s_fs_info on mount failure
    
      * Xenial update: 4.4.189 upstream stable release (LP: #1840335)
        - arm64: cpufeature: Fix CTR_EL0 field definitions
        - arm64: cpufeature: Fix feature comparison for CTR_EL0.{CWG,ERG}
        - netfilter: nfnetlink_acct: validate NFACCT_QUOTA parameter
        - HID: Add quirk for HP X1200 PIXART OEM mouse
        - tcp: be more careful in tcp_fragment()
        - atm: iphase: Fix Spectre v1 vulnerability
        - net: bridge: delete local fdb on device init failure
        - net: fix ifindex collision during namespace removal
        - tipc: compat: allow tipc commands without arguments
        - net: sched: Fix a possible null-pointer dereference in dequeue_func()
        - net/mlx5: Use reversed order when unregister devices
        - bnx2x: Disable multi-cos feature.
        - compat_ioctl: pppoe: fix PPPOEIOCSFWD handling
        - spi: bcm2835: Fix 3-wire mode if DMA is enabled
        - x86: cpufeatures: Sort feature word 7
        - x86/entry/64: Fix context tracking state warning when load_gs_index fails
        - Linux 4.4.189
    
      * CVE-2019-0136
        - mac80211: handle deauthentication/disassociation from TDLS peer
    
      * skb_warn_bad_offload kernel splat due to CHECKSUM target not compatible with
        GSO skbs (LP: #1840619)
        - netfilter: xt_checksum: ignore gso skbs
    
      * CVE-2018-20961
        - usb: gadget: f_midi: fail if set_alt fails to allocate requests
        - USB: gadget: f_midi: fixing a possible double-free in f_midi
    
      * CVE-2019-11487
        - pipe: add pipe_buf_get() helper
        - mm: add 'try_get_page()' helper function
        - fs: prevent page refcount overflow in pipe_buf_get
        - mm: make page ref count overflow check tighter and more explicit
        - mm, gup: ensure real head page is ref-counted when using hugepages
        - mm: prevent get_user_pages() from overflowing page refcount
    
      * Xenial update: 4.4.188 upstream stable release (LP: #1840289)
        - ARM: riscpc: fix DMA
        - ARM: dts: rockchip: Mark that the rk3288 timer might stop in suspend
        - kernel/module.c: Only return -EEXIST for modules that have finished loading
        - MIPS: lantiq: Fix bitfield masking
        - dmaengine: rcar-dmac: Reject zero-length slave DMA requests
        - fs/adfs: super: fix use-after-free bug
        - btrfs: fix minimum number of chunk errors for DUP
        - ceph: fix improper use of smp_mb__before_atomic()
        - scsi: zfcp: fix GCC compiler warning emitted with -Wmaybe-uninitialized
        - ACPI: fix false-positive -Wuninitialized warning
        - be2net: Signal that the device cannot transmit during reconfiguration
        - x86/apic: Silence -Wtype-limits compiler warnings
        - x86: math-emu: Hide clang warnings for 16-bit overflow
        - mm/cma.c: fail if fixed declaration can't be honored
        - coda: add error handling for fget
        - coda: fix build using bare-metal toolchain
        - uapi linux/coda_psdev.h: move upc_req definition from uapi to kernel side
          headers
        - ipc/mqueue.c: only perform resource calculation if user valid
        - x86/kvm: Don't call kvm_spurious_fault() from .fixup
        - selinux: fix memory leak in policydb_init()
        - s390/dasd: fix endless loop after read unit address configuration
        - xen/swiotlb: fix condition for calling xen_destroy_contiguous_region()
        - Linux 4.4.188
    
      * Xenial update: 4.4.187 upstream stable release (LP: #1840081)
        - MIPS: ath79: fix ar933x uart parity mode
        - MIPS: fix build on non-linux hosts
        - dmaengine: imx-sdma: fix use-after-free on probe error path
        - ath10k: Do not send probe response template for mesh
        - ath9k: Check for errors when reading SREV register
        - ath6kl: add some bounds checking
        - ath: DFS JP domain W56 fixed pulse type 3 RADAR detection
        - batman-adv: fix for leaked TVLV handler.
        - media: dvb: usb: fix use after free in dvb_usb_device_exit
        - crypto: talitos - fix skcipher failure due to wrong output IV
        - media: marvell-ccic: fix DMA s/g desc number calculation
        - media: vpss: fix a potential NULL pointer dereference
        - net: stmmac: dwmac1000: Clear unused address entries
        - signal/pid_namespace: Fix reboot_pid_ns to use send_sig not force_sig
        - af_key: fix leaks in key_pol_get_resp and dump_sp.
        - xfrm: Fix xfrm sel prefix length validation
        - media: staging: media: davinci_vpfe: - Fix for memory leak if decoder
          initialization fails.
        - net: phy: Check against net_device being NULL
        - tua6100: Avoid build warnings.
        - locking/lockdep: Fix merging of hlocks with non-zero references
        - media: wl128x: Fix some error handling in fm_v4l2_init_video_device()
        - cpupower : frequency-set -r option misses the last cpu in related cpu list
        - net: fec: Do not use netdev messages too early
        - net: axienet: Fix race condition causing TX hang
        - s390/qdio: handle PENDING state for QEBSM devices
        - perf test 6: Fix missing kvm module load for s390
        - gpio: omap: fix lack of irqstatus_raw0 for OMAP4
        - gpio: omap: ensure irq is enabled before wakeup
        - regmap: fix bulk writes on paged registers
        - bpf: silence warning messages in core
        - rcu: Force inlining of rcu_read_lock()
        - xfrm: fix sa selector validation
        - perf evsel: Make perf_evsel__name() accept a NULL argument
        - vhost_net: disable zerocopy by default
        - EDAC/sysfs: Fix memory leak when creating a csrow object
        - media: i2c: fix warning same module names
        - ntp: Limit TAI-UTC offset
        - timer_list: Guard procfs specific code
        - acpi/arm64: ignore 5.1 FADTs that are reported as 5.0
        - media: coda: fix mpeg2 sequence number handling
        - media: coda: increment sequence offset for the last returned frame
        - mt7601u: do not schedule rx_tasklet when the device has been disconnected
        - x86/build: Add 'set -e' to mkcapflags.sh to delete broken capflags.c
        - mt7601u: fix possible memory leak when the device is disconnected
        - ath10k: fix PCIE device wake up failed
        - rslib: Fix decoding of shortened codes
        - rslib: Fix handling of of caller provided syndrome
        - ixgbe: Check DDM existence in transceiver before access
        - EDAC: Fix global-out-of-bounds write when setting edac_mc_poll_msec
        - bcache: check c->gc_thread by IS_ERR_OR_NULL in cache_set_flush()
        - Bluetooth: hci_bcsp: Fix memory leak in rx_skb
        - Bluetooth: 6lowpan: search for destination address in all peers
        - Bluetooth: Check state in l2cap_disconnect_rsp
        - Bluetooth: validate BLE connection interval updates
        - crypto: ghash - fix unaligned memory access in ghash_setkey()
        - crypto: arm64/sha1-ce - correct digest for empty data in finup
        - crypto: arm64/sha2-ce - correct digest for empty data in finup
        - Input: gtco - bounds check collection indent level
        - regulator: s2mps11: Fix buck7 and buck8 wrong voltages
        - tracing/snapshot: Resize spare buffer if size changed
        - NFSv4: Handle the special Linux file open access mode
        - lib/scatterlist: Fix mapping iterator when sg->offset is greater than
          PAGE_SIZE
        - ALSA: seq: Break too long mutex context in the write loop
        - media: v4l2: Test type instead of cfg->type in v4l2_ctrl_new_custom()
        - media: coda: Remove unbalanced and unneeded mutex unlock
        - KVM: x86/vPMU: refine kvm_pmu err msg when event creation failed
        - drm/nouveau/i2c: Enable i2c pads & busses during preinit
        - padata: use smp_mb in padata_reorder to avoid orphaned padata jobs
        - 9p/virtio: Add cleanup path in p9_virtio_init
        - PCI: Do not poll for PME if the device is in D3cold
        - take floppy compat ioctls to sodding floppy.c
        - floppy: fix out-of-bounds read in next_valid_format
        - floppy: fix invalid pointer dereference in drive_name
        - coda: pass the host file in vma->vm_file on mmap
        - gpu: ipu-v3: ipu-ic: Fix saturation bit offset in TPMEM
        - parisc: Fix kernel panic due invalid values in IAOQ0 or IAOQ1
        - powerpc/32s: fix suspend/resume when IBATs 4-7 are used
        - powerpc/watchpoint: Restore NV GPRs while returning from exception
        - eCryptfs: fix a couple type promotion bugs
        - intel_th: msu: Fix single mode with disabled IOMMU
        - Bluetooth: Add SMP workaround Microsoft Surface Precision Mouse bug
        - usb: Handle USB3 remote wakeup for LPM enabled devices correctly
        - dm bufio: fix deadlock with loop device
        - bnx2x: Prevent load reordering in tx completion processing
        - caif-hsi: fix possible deadlock in cfhsi_exit_module()
        - ipv4: don't set IPv6 only flags to IPv4 addresses
        - net: bcmgenet: use promisc for unsupported filters
        - net: neigh: fix multiple neigh timer scheduling
        - nfc: fix potential illegal memory access
        - sky2: Disable MSI on ASUS P6T
        - netrom: fix a memory leak in nr_rx_frame()
        - netrom: hold sock when setting skb->destructor
        - tcp: Reset bytes_acked and bytes_received when disconnecting
        - bonding: validate ip header before check IPPROTO_IGMP
        - net: bridge: mcast: fix stale nsrcs pointer in igmp3/mld2 report handling
        - net: bridge: mcast: fix stale ipv6 hdr pointer when handling v6 query
        - net: bridge: stp: don't cache eth dest pointer before skb pull
        - elevator: fix truncation of icq_cache_name
        - NFSv4: Fix open create exclusive when the server reboots
        - nfsd: increase DRC cache limit
        - nfsd: give out fewer session slots as limit approaches
        - nfsd: fix performance-limiting session calculation
        - nfsd: Fix overflow causing non-working mounts on 1 TB machines
        - drm/panel: simple: Fix panel_simple_dsi_probe
        - usb: core: hub: Disable hub-initiated U1/U2
        - tty: max310x: Fix invalid baudrate divisors calculator
        - pinctrl: rockchip: fix leaked of_node references
        - tty: serial: cpm_uart - fix init when SMC is relocated
        - memstick: Fix error cleanup path of memstick_init
        - tty/serial: digicolor: Fix digicolor-usart already registered warning
        - tty: serial: msm_serial: avoid system lockup condition
        - drm/virtio: Add memory barriers for capset cache.
        - phy: renesas: rcar-gen2: Fix memory leak at error paths
        - usb: gadget: Zero ffs_io_data
        - powerpc/pci/of: Fix OF flags parsing for 64bit BARs
        - PCI: sysfs: Ignore lockdep for remove attribute
        - iio: iio-utils: Fix possible incorrect mask calculation
        - recordmcount: Fix spurious mcount entries on powerpc
        - mfd: core: Set fwnode for created devices
        - mfd: arizona: Fix undefined behavior
        - um: Silence lockdep complaint about mmap_sem
        - powerpc/4xx/uic: clear pending interrupt after irq type/pol change
        - serial: sh-sci: Fix TX DMA buffer flushing and workqueue races
        - kallsyms: exclude kasan local symbols on s390
        - perf test mmap-thread-lookup: Initialize variable to suppress memory
          sanitizer warning
        - f2fs: avoid out-of-range memory access
        - mailbox: handle failed named mailbox channel request
        - powerpc/eeh: Handle hugepages in ioremap space
        - sh: prevent warnings when using iounmap
        - mm/kmemleak.c: fix check for softirq context
        - 9p: pass the correct prototype to read_cache_page
        - mm/mmu_notifier: use hlist_add_head_rcu()
        - locking/lockdep: Fix lock used or unused stats error
        - locking/lockdep: Hide unused 'class' variable
        - usb: wusbcore: fix unbalanced get/put cluster_id
        - usb: pci-quirks: Correct AMD PLL quirk detection
        - x86/sysfb_efi: Add quirks for some devices with swapped width and height
        - x86/speculation/mds: Apply more accurate check on hypervisor platform
        - hpet: Fix division by zero in hpet_time_div()
        - ALSA: hda - Add a conexant codec entry to let mute led work
        - access: avoid the RCU grace period for the temporary subjective credentials
        - vmstat: Remove BUG_ON from vmstat_update
        - mm, vmstat: make quiet_vmstat lighter
        - ipv6: check sk sk_type and protocol early in ip_mroute_set/getsockopt
        - tcp: reset sk_send_head in tcp_write_queue_purge
        - ISDN: hfcsusb: checking idx of ep configuration
        - media: cpia2_usb: first wake up, then free in disconnect
        - media: radio-raremono: change devm_k*alloc to k*alloc
        - Bluetooth: hci_uart: check for missing tty operations
        - sched/fair: Don't free p->numa_faults with concurrent readers
        - drivers/pps/pps.c: clear offset flags in PPS_SETPARAMS ioctl
        - ceph: hold i_ceph_lock when removing caps for freeing inode
        - Linux 4.4.187
    
      * Line 6 POD HD500 driver fault (LP: #1790595) // Xenial update: 4.4.187
        upstream stable release (LP: #1840081)
        - ALSA: line6: Fix wrong altsetting for LINE6_PODHD500_1
    
      * CVE-2016-10905
        - GFS2: don't set rgrp gl_object until it's inserted into rgrp tree
    
     -- Stefan Bader <email address hidden>  Wed, 11 Sep 2019 16:59:33 +0200
  • linux (4.4.0-161.189) xenial; urgency=medium
    
      * xenial/linux: 4.4.0-161.189 -proposed tracker (LP: #1841544)
    
      * flock not mediated by 'k' (LP: 1658219)
        - Revert "UBUNTU: SAUCE: apparmor: flock mediation is not being, enforced on
          cache check"
    
      * Packaging resync (LP: #1786013)
        - [Packaging] resync getabis
    
    linux (4.4.0-160.188) xenial; urgency=medium
    
      * xenial/linux: 4.4.0-160.188 -proposed tracker (LP: #1840021)
    
      * Packaging resync (LP: #1786013)
        - [Packaging] update helper scripts
    
      * EeePC 1005px laptop backlight is off after system boot up (LP: #1837117)
        - platform/x86: asus-wmi: Only Tell EC the OS will handle display hotkeys from
          asus_nb_wmi
    
      * CVE-2019-10638
        - [Config] CONFIG_TEST_HASH=n
        - siphash: add cryptographically secure PRF
        - inet: switch IP ID generator to siphash
    
      * Stacked onexec transitions fail when under NO NEW PRIVS restrictions
        (LP: #1839037)
        - SAUCE: apparmor: fix nnp subset check failure, when stacking
    
      * AppArmor onexec transition causes WARN kernel stack trace (LP: #1838627)
        - SAUCE: apparmor: fix audit failures when performing profile transitions
    
      * flock not mediated by 'k' (LP: 1658219) // Ubuntu 16.04: read access
        incorrectly implies 'm' rule (LP: 1838090)
        - SAUCE: apparmor: flock mediation is not being, enforced on cache check
    
      * bcache: bch_allocator_thread(): hung task timeout (LP: #1784665) // Tight
        timeout for bcache removal causes spurious failures (LP: #1796292)
        - SAUCE: bcache: fix deadlock in bcache_allocator
    
      * bcache: bch_allocator_thread(): hung task timeout (LP: #1784665)
        - bcache: improve bcache_reboot()
        - bcache: add journal statistic
        - bcache: fix high CPU occupancy during journal
        - bcache: fix incorrect sysfs output value of strip size
        - bcache: fix error return value in memory shrink
        - bcache: fix using of loop variable in memory shrink
        - bcache: Fix indentation
        - bcache: Add __printf annotation to __bch_check_keys()
        - bcache: Annotate switch fall-through
        - bcache: Fix kernel-doc warnings
        - bcache: Remove an unused variable
        - bcache: Suppress more warnings about set-but-not-used variables
        - bcache: Reduce the number of sparse complaints about lock imbalances
        - bcache: Move couple of functions to sysfs.c
    
      * CVE-2019-3900
        - vhost: introduce vhost_vq_avail_empty()
        - vhost_net: tx batching
        - vhost_net: do not stall on zerocopy depletion
        - vhost-net: set packet weight of tx polling to 2 * vq size
        - vhost_net: use packet weight for rx handler, too
        - vhost_net: introduce vhost_exceeds_weight()
        - vhost: introduce vhost_exceeds_weight()
        - vhost_net: fix possible infinite loop
        - vhost: scsi: add weight support
    
      * Xenial: ZFS deadlock in shrinker path with xattrs (LP: #1839521)
        - SAUCE: (noup) Update zfs to 0.6.5.6-0ubuntu28
    
      * CVE-2019-13648
        - powerpc/tm: Fix oops on sigreturn on systems without TM
    
      * CVE-2018-20856
        - block: blk_init_allocated_queue() set q->fq as NULL in the fail case
    
      * CVE-2019-14283
        - floppy: fix out-of-bounds read in copy_buffer
    
      * CVE-2019-14284
        - floppy: fix div-by-zero in setup_format_params
    
      * Xenial update: 4.4.186 upstream stable release (LP: #1838467)
        - Input: elantech - enable middle button support on 2 ThinkPads
        - samples, bpf: fix to change the buffer size for read()
        - mac80211: mesh: fix RCU warning
        - dt-bindings: can: mcp251x: add mcp25625 support
        - can: mcp251x: add support for mcp25625
        - Input: imx_keypad - make sure keyboard can always wake up system
        - ARM: davinci: da850-evm: call regulator_has_full_constraints()
        - ARM: davinci: da8xx: specify dma_coherent_mask for lcdc
        - md: fix for divide error in status_resync
        - bnx2x: Check if transceiver implements DDM before access
        - udf: Fix incorrect final NOT_ALLOCATED (hole) extent length
        - x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()
        - x86/tls: Fix possible spectre-v1 in do_get_thread_area()
        - mwifiex: Abort at too short BSS descriptor element
        - fscrypt: don't set policy for a dead directory
        - mwifiex: Don't abort on small, spec-compliant vendor IEs
        - USB: serial: ftdi_sio: add ID for isodebug v1
        - USB: serial: option: add support for GosunCn ME3630 RNDIS mode
        - usb: gadget: ether: Fix race between gether_disconnect and rx_submit
        - usb: renesas_usbhs: add a workaround for a race condition of workqueue
        - staging: comedi: dt282x: fix a null pointer deref on interrupt
        - staging: comedi: amplc_pci230: fix null pointer deref on interrupt
        - carl9170: fix misuse of device driver API
        - VMCI: Fix integer overflow in VMCI handle arrays
        - MIPS: Remove superfluous check for __linux__
        - e1000e: start network tx queue only when link is up
        - perf/core: Fix perf_sample_regs_user() mm check
        - ARM: omap2: remove incorrect __init annotation
        - be2net: fix link failure after ethtool offline test
        - ppp: mppe: Add softdep to arc4
        - sis900: fix TX completion
        - dm verity: use message limit for data block corruption message
        - kvm: x86: avoid warning on repeated KVM_SET_TSS_ADDR
        - ARC: hide unused function unw_hdr_alloc
        - s390: fix stfle zero padding
        - s390/qdio: (re-)initialize tiqdio list entries
        - s390/qdio: don't touch the dsci in tiqdio_add_input_queues()
        - KVM: x86: protect KVM_CREATE_PIT/KVM_CREATE_PIT2 with kvm->lock
        - Linux 4.4.186
    
     -- Stefan Bader <email address hidden>  Tue, 27 Aug 2019 09:49:19 +0200
  • linux (4.4.0-160.188) xenial; urgency=medium
    
      * xenial/linux: 4.4.0-160.188 -proposed tracker (LP: #1840021)
    
      * Packaging resync (LP: #1786013)
        - [Packaging] update helper scripts
    
      * EeePC 1005px laptop backlight is off after system boot up (LP: #1837117)
        - platform/x86: asus-wmi: Only Tell EC the OS will handle display hotkeys from
          asus_nb_wmi
    
      * CVE-2019-10638
        - [Config] CONFIG_TEST_HASH=n
        - siphash: add cryptographically secure PRF
        - inet: switch IP ID generator to siphash
    
      * Stacked onexec transitions fail when under NO NEW PRIVS restrictions
        (LP: #1839037)
        - SAUCE: apparmor: fix nnp subset check failure, when stacking
    
      * AppArmor onexec transition causes WARN kernel stack trace (LP: #1838627)
        - SAUCE: apparmor: fix audit failures when performing profile transitions
    
      * flock not mediated by 'k' (LP: #1658219) // Ubuntu 16.04: read access
        incorrectly implies 'm' rule (LP: #1838090)
        - SAUCE: apparmor: flock mediation is not being, enforced on cache check
    
      * bcache: bch_allocator_thread(): hung task timeout (LP: #1784665) // Tight
        timeout for bcache removal causes spurious failures (LP: #1796292)
        - SAUCE: bcache: fix deadlock in bcache_allocator
    
      * bcache: bch_allocator_thread(): hung task timeout (LP: #1784665)
        - bcache: improve bcache_reboot()
        - bcache: add journal statistic
        - bcache: fix high CPU occupancy during journal
        - bcache: fix incorrect sysfs output value of strip size
        - bcache: fix error return value in memory shrink
        - bcache: fix using of loop variable in memory shrink
        - bcache: Fix indentation
        - bcache: Add __printf annotation to __bch_check_keys()
        - bcache: Annotate switch fall-through
        - bcache: Fix kernel-doc warnings
        - bcache: Remove an unused variable
        - bcache: Suppress more warnings about set-but-not-used variables
        - bcache: Reduce the number of sparse complaints about lock imbalances
        - bcache: Move couple of functions to sysfs.c
    
      * CVE-2019-3900
        - vhost: introduce vhost_vq_avail_empty()
        - vhost_net: tx batching
        - vhost_net: do not stall on zerocopy depletion
        - vhost-net: set packet weight of tx polling to 2 * vq size
        - vhost_net: use packet weight for rx handler, too
        - vhost_net: introduce vhost_exceeds_weight()
        - vhost: introduce vhost_exceeds_weight()
        - vhost_net: fix possible infinite loop
        - vhost: scsi: add weight support
    
      * Xenial: ZFS deadlock in shrinker path with xattrs (LP: #1839521)
        - SAUCE: (noup) Update zfs to 0.6.5.6-0ubuntu28
    
      * CVE-2019-13648
        - powerpc/tm: Fix oops on sigreturn on systems without TM
    
      * CVE-2018-20856
        - block: blk_init_allocated_queue() set q->fq as NULL in the fail case
    
      * CVE-2019-14283
        - floppy: fix out-of-bounds read in copy_buffer
    
      * CVE-2019-14284
        - floppy: fix div-by-zero in setup_format_params
    
      * Xenial update: 4.4.186 upstream stable release (LP: #1838467)
        - Input: elantech - enable middle button support on 2 ThinkPads
        - samples, bpf: fix to change the buffer size for read()
        - mac80211: mesh: fix RCU warning
        - dt-bindings: can: mcp251x: add mcp25625 support
        - can: mcp251x: add support for mcp25625
        - Input: imx_keypad - make sure keyboard can always wake up system
        - ARM: davinci: da850-evm: call regulator_has_full_constraints()
        - ARM: davinci: da8xx: specify dma_coherent_mask for lcdc
        - md: fix for divide error in status_resync
        - bnx2x: Check if transceiver implements DDM before access
        - udf: Fix incorrect final NOT_ALLOCATED (hole) extent length
        - x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()
        - x86/tls: Fix possible spectre-v1 in do_get_thread_area()
        - mwifiex: Abort at too short BSS descriptor element
        - fscrypt: don't set policy for a dead directory
        - mwifiex: Don't abort on small, spec-compliant vendor IEs
        - USB: serial: ftdi_sio: add ID for isodebug v1
        - USB: serial: option: add support for GosunCn ME3630 RNDIS mode
        - usb: gadget: ether: Fix race between gether_disconnect and rx_submit
        - usb: renesas_usbhs: add a workaround for a race condition of workqueue
        - staging: comedi: dt282x: fix a null pointer deref on interrupt
        - staging: comedi: amplc_pci230: fix null pointer deref on interrupt
        - carl9170: fix misuse of device driver API
        - VMCI: Fix integer overflow in VMCI handle arrays
        - MIPS: Remove superfluous check for __linux__
        - e1000e: start network tx queue only when link is up
        - perf/core: Fix perf_sample_regs_user() mm check
        - ARM: omap2: remove incorrect __init annotation
        - be2net: fix link failure after ethtool offline test
        - ppp: mppe: Add softdep to arc4
        - sis900: fix TX completion
        - dm verity: use message limit for data block corruption message
        - kvm: x86: avoid warning on repeated KVM_SET_TSS_ADDR
        - ARC: hide unused function unw_hdr_alloc
        - s390: fix stfle zero padding
        - s390/qdio: (re-)initialize tiqdio list entries
        - s390/qdio: don't touch the dsci in tiqdio_add_input_queues()
        - KVM: x86: protect KVM_CREATE_PIT/KVM_CREATE_PIT2 with kvm->lock
        - Linux 4.4.186
    
     -- Connor Kuehl <email address hidden>  Tue, 13 Aug 2019 14:54:45 -0700
  • linux (4.4.0-159.187) xenial; urgency=medium
    
      * CVE-2019-1125
        - x86/cpufeatures: Carve out CQM features retrieval
        - x86/cpufeatures: Combine word 11 and 12 into a new scattered features word
        - x86/speculation: Prepare entry code for Spectre v1 swapgs mitigations
        - x86/speculation: Enable Spectre v1 swapgs mitigations
        - x86/entry/64: Use JMP instead of JMPQ
        - x86/speculation/swapgs: Exclude ATOMs from speculation through SWAPGS
    
    linux (4.4.0-158.186) xenial; urgency=medium
    
      * xenial/linux: 4.4.0-158.186 -proposed tracker (LP: #1837609)
    
      * Packaging resync (LP: #1786013)
        - [Packaging] resync git-ubuntu-log
        - [Packaging] update helper scripts
    
      * ixgbe{vf} - Physical Function gets IRQ when VF checks link state
        (LP: #1836760)
        - ixgbevf: Use cached link state instead of re-reading the value for ethtool
    
      * CVE-2018-5383
        - crypto: kpp - Key-agreement Protocol Primitives API (KPP)
        - crypto: dh - Add DH software implementation
        - crypto: ecdh - Add ECDH software support
        - crypto: ecdh - make ecdh_shared_secret unique
        - crypto: doc - add KPP documentation
        - crypto: kpp, (ec)dh - fix typos
        - crypto: ecc - remove unused function arguments
        - crypto: ecc - remove unnecessary casts
        - crypto: ecc - rename ecdh_make_pub_key()
        - crypto: ecdh - add privkey generation support
        - crypto: ecc - Fix NULL pointer deref. on no default_rng
        - [Config] CRYPTO_ECDH=m
        - Bluetooth: convert smp and selftest to crypto kpp API
        - crypto: ecdh - add public key verification test
    
      * Xenial update: 4.4.185 upstream stable release (LP: #1836668)
        - fs/binfmt_flat.c: make load_flat_shared_library() work
        - scsi: vmw_pscsi: Fix use-after-free in pvscsi_queue_lck()
        - tracing: Silence GCC 9 array bounds warning
        - gcc-9: silence 'address-of-packed-member' warning
        - usb: chipidea: udc: workaround for endpoint conflict issue
        - Input: uinput - add compat ioctl number translation for UI_*_FF_UPLOAD
        - apparmor: enforce nullbyte at end of tag string
        - parport: Fix mem leak in parport_register_dev_model
        - parisc: Fix compiler warnings in float emulation code
        - IB/hfi1: Insure freeze_work work_struct is canceled on shutdown
        - MIPS: uprobes: remove set but not used variable 'epc'
        - net: hns: Fix loopback test failed at copper ports
        - sparc: perf: fix updated event period in response to PERF_EVENT_IOC_PERIOD
        - scripts/checkstack.pl: Fix arm64 wrong or unknown architecture
        - scsi: ufs: Check that space was properly alloced in copy_query_response
        - s390/qeth: fix VLAN attribute in bridge_hostnotify udev event
        - hwmon: (pmbus/core) Treat parameters as paged if on multiple pages
        - Btrfs: fix race between readahead and device replace/removal
        - btrfs: start readahead also in seed devices
        - can: flexcan: fix timeout when set small bitrate
        - can: purge socket error queue on sock destruct
        - ARM: imx: cpuidle-imx6sx: Restrict the SW2ISO increase to i.MX6SX
        - Bluetooth: Align minimum encryption key size for LE and BR/EDR connections
        - Bluetooth: Fix regression with minimum encryption key size alignment
        - SMB3: retry on STATUS_INSUFFICIENT_RESOURCES instead of failing write
        - cfg80211: fix memory leak of wiphy device name
        - mac80211: drop robust management frames from unknown TA
        - perf ui helpline: Use strlcpy() as a shorter form of strncpy() + explicit
          set nul
        - perf help: Remove needless use of strncpy()
        - 9p/rdma: do not disconnect on down_interruptible EAGAIN
        - 9p: acl: fix uninitialized iattr access
        - 9p/rdma: remove useless check in cm_event_handler
        - 9p: p9dirent_read: check network-provided name length
        - net/9p: include trans_common.h to fix missing prototype warning.
        - ovl: modify ovl_permission() to do checks on two inodes
        - x86/speculation: Allow guests to use SSBD even if host does not
        - cpu/speculation: Warn on unsupported mitigations= parameter
        - sctp: change to hold sk after auth shkey is created successfully
        - tipc: change to use register_pernet_device
        - tipc: check msg->req data len in tipc_nl_compat_bearer_disable
        - team: Always enable vlan tx offload
        - ipv4: Use return value of inet_iif() for __raw_v4_lookup in the while loop
        - bonding: Always enable vlan tx offload
        - net: check before dereferencing netdev_ops during busy poll
        - Bluetooth: Fix faulty expression for minimum encryption key size check
        - um: Compile with modern headers
        - ASoC : cs4265 : readable register too low
        - spi: bitbang: Fix NULL pointer dereference in spi_unregister_master
        - ASoC: max98090: remove 24-bit format support if RJ is 0
        - usb: gadget: fusb300_udc: Fix memory leak of fusb300->ep[i]
        - usb: gadget: udc: lpc32xx: allocate descriptor with GFP_ATOMIC
        - scsi: hpsa: correct ioaccel2 chaining
        - ARC: Assume multiplier is always present
        - ARC: fix build warning in elf.h
        - MIPS: math-emu: do not use bools for arithmetic
        - mfd: omap-usb-tll: Fix register offsets
        - swiotlb: Make linux/swiotlb.h standalone includible
        - bug.h: work around GCC PR82365 in BUG()
        - MIPS: Workaround GCC __builtin_unreachable reordering bug
        - ptrace: Fix ->ptracer_cred handling for PTRACE_TRACEME
        - crypto: user - prevent operating on larval algorithms
        - ALSA: seq: fix incorrect order of dest_client/dest_ports arguments
        - ALSA: firewire-lib/fireworks: fix miss detection of received MIDI messages
        - ALSA: usb-audio: fix sign unintended sign extension on left shifts
        - lib/mpi: Fix karactx leak in mpi_powm
        - btrfs: Ensure replaced device doesn't have pending chunk allocation
        - tty: rocket: fix incorrect forward declaration of 'rp_init()'
        - ARC: handle gcc generated __builtin_trap for older compiler
        - arm64, vdso: Define vdso_{start,end} as array
        - KVM: x86: degrade WARN to pr_warn_ratelimited
        - dmaengine: imx-sdma: remove BD_INTR for channel0
        - Linux 4.4.185
    
      * Xenial update: 4.4.184 upstream stable release (LP: #1836667)
        - Linux 4.4.184
    
      * Xenial update: 4.4.183 upstream stable release (LP: #1836666)
        - fs/fat/file.c: issue flush after the writeback of FAT
        - sysctl: return -EINVAL if val violates minmax
        - ipc: prevent lockup on alloc_msg and free_msg
        - hugetlbfs: on restore reserve error path retain subpool reservation
        - mm/cma.c: fix crash on CMA allocation if bitmap allocation fails
        - mm/cma_debug.c: fix the break condition in cma_maxchunk_get()
        - kernel/sys.c: prctl: fix false positive in validate_prctl_map()
        - mfd: intel-lpss: Set the device in reset state when init
        - mfd: twl6040: Fix device init errors for ACCCTL register
        - perf/x86/intel: Allow PEBS multi-entry in watermark mode
        - drm/bridge: adv7511: Fix low refresh rate selection
        - ntp: Allow TAI-UTC offset to be set to zero
        - f2fs: fix to avoid panic in do_recover_data()
        - f2fs: fix to do sanity check on valid block count of segment
        - iommu/vt-d: Set intel_iommu_gfx_mapped correctly
        - ALSA: hda - Register irq handler after the chip initialization
        - nvmem: core: fix read buffer in place
        - fuse: retrieve: cap requested size to negotiated max_write
        - nfsd: allow fh_want_write to be called twice
        - x86/PCI: Fix PCI IRQ routing table memory leak
        - platform/chrome: cros_ec_proto: check for NULL transfer function
        - soc: mediatek: pwrap: Zero initialize rdata in pwrap_init_cipher
        - clk: rockchip: Turn on "aclk_dmac1" for suspend on rk3288
        - ARM: dts: imx6sx: Specify IMX6SX_CLK_IPG as "ahb" clock to SDMA
        - ARM: dts: imx6sx: Specify IMX6SX_CLK_IPG as "ipg" clock to SDMA
        - ARM: dts: imx6qdl: Specify IMX6QDL_CLK_IPG as "ipg" clock to SDMA
        - PCI: rpadlpar: Fix leaked device_node references in add/remove paths
        - PCI: rcar: Fix a potential NULL pointer dereference
        - video: hgafb: fix potential NULL pointer dereference
        - video: imsttfb: fix potential NULL pointer dereferences
        - PCI: xilinx: Check for __get_free_pages() failure
        - gpio: gpio-omap: add check for off wake capable gpios
        - dmaengine: idma64: Use actual device for DMA transfers
        - pwm: tiehrpwm: Update shadow register for disabling PWMs
        - ARM: dts: exynos: Always enable necessary APIO_1V8 and ABB_1V8 regulators on
          Arndale Octa
        - pwm: Fix deadlock warning when removing PWM device
        - ARM: exynos: Fix undefined instruction during Exynos5422 resume
        - futex: Fix futex lock the wrong page
        - ALSA: seq: Cover unsubscribe_port() in list_mutex
        - libata: Extend quirks for the ST1000LM024 drives with NOLPM quirk
        - mm/list_lru.c: fix memory leak in __memcg_init_list_lru_node
        - fs/ocfs2: fix race in ocfs2_dentry_attach_lock()
        - signal/ptrace: Don't leak unitialized kernel memory with PTRACE_PEEK_SIGINFO
        - ptrace: restore smp_rmb() in __ptrace_may_access()
        - i2c: acorn: fix i2c warning
        - bcache: fix stack corruption by PRECEDING_KEY()
        - cgroup: Use css_tryget() instead of css_tryget_online() in task_get_css()
        - ASoC: cs42xx8: Add regcache mask dirty
        - Drivers: misc: fix out-of-bounds access in function param_set_kgdbts_var
        - scsi: lpfc: add check for loss of ndlp when sending RRQ
        - scsi: bnx2fc: fix incorrect cast to u64 on shift operation
        - usbnet: ipheth: fix racing condition
        - KVM: x86/pmu: do not mask the value that is written to fixed PMUs
        - KVM: s390: fix memory slot handling for KVM_SET_USER_MEMORY_REGION
        - drm/vmwgfx: integer underflow in vmw_cmd_dx_set_shader() leading to an
          invalid read
        - drm/vmwgfx: NULL pointer dereference from vmw_cmd_dx_view_define()
        - USB: Fix chipmunk-like voice when using Logitech C270 for recording audio.
        - USB: usb-storage: Add new ID to ums-realtek
        - USB: serial: pl2303: add Allied Telesis VT-Kit3
        - USB: serial: option: add support for Simcom SIM7500/SIM7600 RNDIS mode
        - USB: serial: option: add Telit 0x1260 and 0x1261 compositions
        - ax25: fix inconsistent lock state in ax25_destroy_timer
        - be2net: Fix number of Rx queues used for flow hashing
        - ipv6: flowlabel: fl6_sock_lookup() must use atomic_inc_not_zero
        - lapb: fixed leak of control-blocks.
        - neigh: fix use-after-free read in pneigh_get_next
        - sunhv: Fix device naming inconsistency between sunhv_console and sunhv_reg
        - mISDN: make sure device name is NUL terminated
        - x86/CPU/AMD: Don't force the CPB cap when running under a hypervisor
        - perf/ring_buffer: Fix exposing a temporarily decreased data_head
        - perf/ring_buffer: Add ordering to rb->nest increment
        - gpio: fix gpio-adp5588 build errors
        - net: tulip: de4x5: Drop redundant MODULE_DEVICE_TABLE()
        - i2c: dev: fix potential memory leak in i2cdev_ioctl_rdwr
        - configfs: Fix use-after-free when accessing sd->s_dentry
        - ia64: fix build errors by exporting paddr_to_nid()
        - KVM: PPC: Book3S: Use new mutex to synchronize access to rtas token list
        - net: sh_eth: fix mdio access in sh_eth_close() for R-Car Gen2 and RZ/A1 SoCs
        - scsi: libcxgbi: add a check for NULL pointer in cxgbi_check_route()
        - scsi: libsas: delete sas port if expander discover failed
        - Revert "crypto: crypto4xx - properly set IV after de- and encrypt"
        - coredump: fix race condition between mmget_not_zero()/get_task_mm() and core
          dumping
        - Abort file_remove_privs() for non-reg. files
        - Linux 4.4.183
    
      * CVE-2019-12614
        - powerpc/pseries/dlpar: Fix a missing check in dlpar_parse_cc_property()
    
      * bnx2x driver causes 100% CPU load (LP: #1832082)
        - bnx2x: Prevent ptp_task to be rescheduled indefinitely
    
      * Xenial update: 4.4.182 upstream stable release (LP: #1836665)
        - Linux 4.4.182
    
      * Xenial kernel 4.4.0-155.182 fails to build perf with libnuma (LP: #1836585)
        - Revert "UBUNTU: SAUCE: perf/bench: Drop definition of BIT in numa.c"
    
      * CVE-2019-10126
        - mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies()
    
      * CVE-2019-3846
        - mwifiex: Fix possible buffer overflows at parsing bss descriptor
    
     -- Kleber Sacilotto de Souza <email address hidden>  Thu, 01 Aug 2019 17:22:24 +0200
  • linux (4.4.0-158.186) xenial; urgency=medium
    
      * xenial/linux: 4.4.0-158.186 -proposed tracker (LP: #1837609)
    
      * Packaging resync (LP: #1786013)
        - [Packaging] resync git-ubuntu-log
        - [Packaging] update helper scripts
    
      * ixgbe{vf} - Physical Function gets IRQ when VF checks link state
        (LP: #1836760)
        - ixgbevf: Use cached link state instead of re-reading the value for ethtool
    
      * CVE-2018-5383
        - crypto: kpp - Key-agreement Protocol Primitives API (KPP)
        - crypto: dh - Add DH software implementation
        - crypto: ecdh - Add ECDH software support
        - crypto: ecdh - make ecdh_shared_secret unique
        - crypto: doc - add KPP documentation
        - crypto: kpp, (ec)dh - fix typos
        - crypto: ecc - remove unused function arguments
        - crypto: ecc - remove unnecessary casts
        - crypto: ecc - rename ecdh_make_pub_key()
        - crypto: ecdh - add privkey generation support
        - crypto: ecc - Fix NULL pointer deref. on no default_rng
        - [Config] CRYPTO_ECDH=m
        - Bluetooth: convert smp and selftest to crypto kpp API
        - crypto: ecdh - add public key verification test
    
      * Xenial update: 4.4.185 upstream stable release (LP: #1836668)
        - fs/binfmt_flat.c: make load_flat_shared_library() work
        - scsi: vmw_pscsi: Fix use-after-free in pvscsi_queue_lck()
        - tracing: Silence GCC 9 array bounds warning
        - gcc-9: silence 'address-of-packed-member' warning
        - usb: chipidea: udc: workaround for endpoint conflict issue
        - Input: uinput - add compat ioctl number translation for UI_*_FF_UPLOAD
        - apparmor: enforce nullbyte at end of tag string
        - parport: Fix mem leak in parport_register_dev_model
        - parisc: Fix compiler warnings in float emulation code
        - IB/hfi1: Insure freeze_work work_struct is canceled on shutdown
        - MIPS: uprobes: remove set but not used variable 'epc'
        - net: hns: Fix loopback test failed at copper ports
        - sparc: perf: fix updated event period in response to PERF_EVENT_IOC_PERIOD
        - scripts/checkstack.pl: Fix arm64 wrong or unknown architecture
        - scsi: ufs: Check that space was properly alloced in copy_query_response
        - s390/qeth: fix VLAN attribute in bridge_hostnotify udev event
        - hwmon: (pmbus/core) Treat parameters as paged if on multiple pages
        - Btrfs: fix race between readahead and device replace/removal
        - btrfs: start readahead also in seed devices
        - can: flexcan: fix timeout when set small bitrate
        - can: purge socket error queue on sock destruct
        - ARM: imx: cpuidle-imx6sx: Restrict the SW2ISO increase to i.MX6SX
        - Bluetooth: Align minimum encryption key size for LE and BR/EDR connections
        - Bluetooth: Fix regression with minimum encryption key size alignment
        - SMB3: retry on STATUS_INSUFFICIENT_RESOURCES instead of failing write
        - cfg80211: fix memory leak of wiphy device name
        - mac80211: drop robust management frames from unknown TA
        - perf ui helpline: Use strlcpy() as a shorter form of strncpy() + explicit
          set nul
        - perf help: Remove needless use of strncpy()
        - 9p/rdma: do not disconnect on down_interruptible EAGAIN
        - 9p: acl: fix uninitialized iattr access
        - 9p/rdma: remove useless check in cm_event_handler
        - 9p: p9dirent_read: check network-provided name length
        - net/9p: include trans_common.h to fix missing prototype warning.
        - ovl: modify ovl_permission() to do checks on two inodes
        - x86/speculation: Allow guests to use SSBD even if host does not
        - cpu/speculation: Warn on unsupported mitigations= parameter
        - sctp: change to hold sk after auth shkey is created successfully
        - tipc: change to use register_pernet_device
        - tipc: check msg->req data len in tipc_nl_compat_bearer_disable
        - team: Always enable vlan tx offload
        - ipv4: Use return value of inet_iif() for __raw_v4_lookup in the while loop
        - bonding: Always enable vlan tx offload
        - net: check before dereferencing netdev_ops during busy poll
        - Bluetooth: Fix faulty expression for minimum encryption key size check
        - um: Compile with modern headers
        - ASoC : cs4265 : readable register too low
        - spi: bitbang: Fix NULL pointer dereference in spi_unregister_master
        - ASoC: max98090: remove 24-bit format support if RJ is 0
        - usb: gadget: fusb300_udc: Fix memory leak of fusb300->ep[i]
        - usb: gadget: udc: lpc32xx: allocate descriptor with GFP_ATOMIC
        - scsi: hpsa: correct ioaccel2 chaining
        - ARC: Assume multiplier is always present
        - ARC: fix build warning in elf.h
        - MIPS: math-emu: do not use bools for arithmetic
        - mfd: omap-usb-tll: Fix register offsets
        - swiotlb: Make linux/swiotlb.h standalone includible
        - bug.h: work around GCC PR82365 in BUG()
        - MIPS: Workaround GCC __builtin_unreachable reordering bug
        - ptrace: Fix ->ptracer_cred handling for PTRACE_TRACEME
        - crypto: user - prevent operating on larval algorithms
        - ALSA: seq: fix incorrect order of dest_client/dest_ports arguments
        - ALSA: firewire-lib/fireworks: fix miss detection of received MIDI messages
        - ALSA: usb-audio: fix sign unintended sign extension on left shifts
        - lib/mpi: Fix karactx leak in mpi_powm
        - btrfs: Ensure replaced device doesn't have pending chunk allocation
        - tty: rocket: fix incorrect forward declaration of 'rp_init()'
        - ARC: handle gcc generated __builtin_trap for older compiler
        - arm64, vdso: Define vdso_{start,end} as array
        - KVM: x86: degrade WARN to pr_warn_ratelimited
        - dmaengine: imx-sdma: remove BD_INTR for channel0
        - Linux 4.4.185
    
      * Xenial update: 4.4.184 upstream stable release (LP: #1836667)
        - Linux 4.4.184
    
      * Xenial update: 4.4.183 upstream stable release (LP: #1836666)
        - fs/fat/file.c: issue flush after the writeback of FAT
        - sysctl: return -EINVAL if val violates minmax
        - ipc: prevent lockup on alloc_msg and free_msg
        - hugetlbfs: on restore reserve error path retain subpool reservation
        - mm/cma.c: fix crash on CMA allocation if bitmap allocation fails
        - mm/cma_debug.c: fix the break condition in cma_maxchunk_get()
        - kernel/sys.c: prctl: fix false positive in validate_prctl_map()
        - mfd: intel-lpss: Set the device in reset state when init
        - mfd: twl6040: Fix device init errors for ACCCTL register
        - perf/x86/intel: Allow PEBS multi-entry in watermark mode
        - drm/bridge: adv7511: Fix low refresh rate selection
        - ntp: Allow TAI-UTC offset to be set to zero
        - f2fs: fix to avoid panic in do_recover_data()
        - f2fs: fix to do sanity check on valid block count of segment
        - iommu/vt-d: Set intel_iommu_gfx_mapped correctly
        - ALSA: hda - Register irq handler after the chip initialization
        - nvmem: core: fix read buffer in place
        - fuse: retrieve: cap requested size to negotiated max_write
        - nfsd: allow fh_want_write to be called twice
        - x86/PCI: Fix PCI IRQ routing table memory leak
        - platform/chrome: cros_ec_proto: check for NULL transfer function
        - soc: mediatek: pwrap: Zero initialize rdata in pwrap_init_cipher
        - clk: rockchip: Turn on "aclk_dmac1" for suspend on rk3288
        - ARM: dts: imx6sx: Specify IMX6SX_CLK_IPG as "ahb" clock to SDMA
        - ARM: dts: imx6sx: Specify IMX6SX_CLK_IPG as "ipg" clock to SDMA
        - ARM: dts: imx6qdl: Specify IMX6QDL_CLK_IPG as "ipg" clock to SDMA
        - PCI: rpadlpar: Fix leaked device_node references in add/remove paths
        - PCI: rcar: Fix a potential NULL pointer dereference
        - video: hgafb: fix potential NULL pointer dereference
        - video: imsttfb: fix potential NULL pointer dereferences
        - PCI: xilinx: Check for __get_free_pages() failure
        - gpio: gpio-omap: add check for off wake capable gpios
        - dmaengine: idma64: Use actual device for DMA transfers
        - pwm: tiehrpwm: Update shadow register for disabling PWMs
        - ARM: dts: exynos: Always enable necessary APIO_1V8 and ABB_1V8 regulators on
          Arndale Octa
        - pwm: Fix deadlock warning when removing PWM device
        - ARM: exynos: Fix undefined instruction during Exynos5422 resume
        - futex: Fix futex lock the wrong page
        - ALSA: seq: Cover unsubscribe_port() in list_mutex
        - libata: Extend quirks for the ST1000LM024 drives with NOLPM quirk
        - mm/list_lru.c: fix memory leak in __memcg_init_list_lru_node
        - fs/ocfs2: fix race in ocfs2_dentry_attach_lock()
        - signal/ptrace: Don't leak unitialized kernel memory with PTRACE_PEEK_SIGINFO
        - ptrace: restore smp_rmb() in __ptrace_may_access()
        - i2c: acorn: fix i2c warning
        - bcache: fix stack corruption by PRECEDING_KEY()
        - cgroup: Use css_tryget() instead of css_tryget_online() in task_get_css()
        - ASoC: cs42xx8: Add regcache mask dirty
        - Drivers: misc: fix out-of-bounds access in function param_set_kgdbts_var
        - scsi: lpfc: add check for loss of ndlp when sending RRQ
        - scsi: bnx2fc: fix incorrect cast to u64 on shift operation
        - usbnet: ipheth: fix racing condition
        - KVM: x86/pmu: do not mask the value that is written to fixed PMUs
        - KVM: s390: fix memory slot handling for KVM_SET_USER_MEMORY_REGION
        - drm/vmwgfx: integer underflow in vmw_cmd_dx_set_shader() leading to an
          invalid read
        - drm/vmwgfx: NULL pointer dereference from vmw_cmd_dx_view_define()
        - USB: Fix chipmunk-like voice when using Logitech C270 for recording audio.
        - USB: usb-storage: Add new ID to ums-realtek
        - USB: serial: pl2303: add Allied Telesis VT-Kit3
        - USB: serial: option: add support for Simcom SIM7500/SIM7600 RNDIS mode
        - USB: serial: option: add Telit 0x1260 and 0x1261 compositions
        - ax25: fix inconsistent lock state in ax25_destroy_timer
        - be2net: Fix number of Rx queues used for flow hashing
        - ipv6: flowlabel: fl6_sock_lookup() must use atomic_inc_not_zero
        - lapb: fixed leak of control-blocks.
        - neigh: fix use-after-free read in pneigh_get_next
        - sunhv: Fix device naming inconsistency between sunhv_console and sunhv_reg
        - mISDN: make sure device name is NUL terminated
        - x86/CPU/AMD: Don't force the CPB cap when running under a hypervisor
        - perf/ring_buffer: Fix exposing a temporarily decreased data_head
        - perf/ring_buffer: Add ordering to rb->nest increment
        - gpio: fix gpio-adp5588 build errors
        - net: tulip: de4x5: Drop redundant MODULE_DEVICE_TABLE()
        - i2c: dev: fix potential memory leak in i2cdev_ioctl_rdwr
        - configfs: Fix use-after-free when accessing sd->s_dentry
        - ia64: fix build errors by exporting paddr_to_nid()
        - KVM: PPC: Book3S: Use new mutex to synchronize access to rtas token list
        - net: sh_eth: fix mdio access in sh_eth_close() for R-Car Gen2 and RZ/A1 SoCs
        - scsi: libcxgbi: add a check for NULL pointer in cxgbi_check_route()
        - scsi: libsas: delete sas port if expander discover failed
        - Revert "crypto: crypto4xx - properly set IV after de- and encrypt"
        - coredump: fix race condition between mmget_not_zero()/get_task_mm() and core
          dumping
        - Abort file_remove_privs() for non-reg. files
        - Linux 4.4.183
    
      * CVE-2019-12614
        - powerpc/pseries/dlpar: Fix a missing check in dlpar_parse_cc_property()
    
      * bnx2x driver causes 100% CPU load (LP: #1832082)
        - bnx2x: Prevent ptp_task to be rescheduled indefinitely
    
      * Xenial update: 4.4.182 upstream stable release (LP: #1836665)
        - Linux 4.4.182
    
      * Xenial kernel 4.4.0-155.182 fails to build perf with libnuma (LP: #1836585)
        - Revert "UBUNTU: SAUCE: perf/bench: Drop definition of BIT in numa.c"
    
      * CVE-2019-10126
        - mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies()
    
      * CVE-2019-3846
        - mwifiex: Fix possible buffer overflows at parsing bss descriptor
    
     -- Sultan Alsawaf <email address hidden>  Mon, 29 Jul 2019 09:53:03 -0600
  • linux (4.4.0-157.185) xenial; urgency=medium
    
      * linux: 4.4.0-157.185 -proposed tracker (LP: #1837476)
    
      * systemd 229-4ubuntu21.22 ADT test failure with linux 4.4.0-156.183 (storage)
        (LP: #1837235)
        - Revert "block/bio: Do not zero user pages"
        - Revert "block: Clear kernel memory before copying to user"
        - Revert "bio_copy_from_iter(): get rid of copying iov_iter"
    
    linux (4.4.0-156.183) xenial; urgency=medium
    
      * linux: 4.4.0-156.183 -proposed tracker (LP: #1836880)
    
      * BCM43602 802.11ac Wireless regression - PCI ID 14e4:43ba (LP: #1836801)
        - brcmfmac: add eth_type_trans back for PCIe full dongle
    
    linux (4.4.0-155.182) xenial; urgency=medium
    
      * linux: 4.4.0-155.182 -proposed tracker (LP: #1834918)
    
      * Geneve tunnels don't work when ipv6 is disabled (LP: #1794232)
        - geneve: correctly handle ipv6.disable module parameter
    
      * Kernel modules generated incorrectly when system is localized to a non-
        English language (LP: #1828084)
        - scripts: override locale from environment when running recordmcount.pl
    
      * Handle overflow in proc_get_long of sysctl (LP: #1833935)
        - sysctl: handle overflow in proc_get_long
    
      * Xenial update: 4.4.181 upstream stable release (LP: #1832661)
        - x86/speculation/mds: Revert CPU buffer clear on double fault exit
        - x86/speculation/mds: Improve CPU buffer clear documentation
        - ARM: exynos: Fix a leaked reference by adding missing of_node_put
        - crypto: vmx - fix copy-paste error in CTR mode
        - crypto: crct10dif-generic - fix use via crypto_shash_digest()
        - crypto: x86/crct10dif-pcl - fix use via crypto_shash_digest()
        - ALSA: usb-audio: Fix a memory leak bug
        - ALSA: hda/hdmi - Consider eld_valid when reporting jack event
        - ALSA: hda/realtek - EAPD turn on later
        - ASoC: max98090: Fix restore of DAPM Muxes
        - ASoC: RT5677-SPI: Disable 16Bit SPI Transfers
        - mm/mincore.c: make mincore() more conservative
        - ocfs2: fix ocfs2 read inode data panic in ocfs2_iget
        - mfd: da9063: Fix OTP control register names to match datasheets for
          DA9063/63L
        - tty/vt: fix write/write race in ioctl(KDSKBSENT) handler
        - ext4: actually request zeroing of inode table after grow
        - ext4: fix ext4_show_options for file systems w/o journal
        - Btrfs: do not start a transaction at iterate_extent_inodes()
        - bcache: fix a race between cache register and cacheset unregister
        - bcache: never set KEY_PTRS of journal key to 0 in journal_reclaim()
        - ipmi:ssif: compare block number correctly for multi-part return messages
        - crypto: gcm - Fix error return code in crypto_gcm_create_common()
        - crypto: gcm - fix incompatibility between "gcm" and "gcm_base"
        - crypto: chacha20poly1305 - set cra_name correctly
        - crypto: salsa20 - don't access already-freed walk.iv
        - crypto: arm/aes-neonbs - don't access already-freed walk.iv
        - writeback: synchronize sync(2) against cgroup writeback membership switches
        - fs/writeback.c: use rcu_barrier() to wait for inflight wb switches going
          into workqueue when umount
        - ALSA: hda/realtek - Fix for Lenovo B50-70 inverted internal microphone bug
        - KVM: x86: Skip EFER vs. guest CPUID checks for host-initiated writes
        - net: avoid weird emergency message
        - net/mlx4_core: Change the error print to info print
        - ppp: deflate: Fix possible crash in deflate_init
        - tipc: switch order of device registration to fix a crash
        - tipc: fix modprobe tipc failed after switch order of device registration
        - stm class: Fix channel free in stm output free path
        - md: add mddev->pers to avoid potential NULL pointer dereference
        - intel_th: msu: Fix single mode with IOMMU
        - of: fix clang -Wunsequenced for be32_to_cpu()
        - cifs: fix strcat buffer overflow and reduce raciness in
          smb21_set_oplock_level()
        - media: ov6650: Fix sensor possibly not detected on probe
        - NFS4: Fix v4.0 client state corruption when mount
        - clk: tegra: Fix PLLM programming on Tegra124+ when PMC overrides divider
        - fuse: fix writepages on 32bit
        - fuse: honor RLIMIT_FSIZE in fuse_file_fallocate
        - iommu/tegra-smmu: Fix invalid ASID bits on Tegra30/114
        - ceph: flush dirty inodes before proceeding with remount
        - tracing: Fix partial reading of trace event's id file
        - memory: tegra: Fix integer overflow on tick value calculation
        - perf intel-pt: Fix instructions sampling rate
        - perf intel-pt: Fix improved sample timestamp
        - perf intel-pt: Fix sample timestamp wrt non-taken branches
        - fbdev: sm712fb: fix brightness control on reboot, don't set SR30
        - fbdev: sm712fb: fix VRAM detection, don't set SR70/71/74/75
        - fbdev: sm712fb: fix white screen of death on reboot, don't set CR3B-CR3F
        - fbdev: sm712fb: fix boot screen glitch when sm712fb replaces VGA
        - fbdev: sm712fb: fix crashes during framebuffer writes by correctly mapping
          VRAM
        - fbdev: sm712fb: fix support for 1024x768-16 mode
        - fbdev: sm712fb: use 1024x768 by default on non-MIPS, fix garbled display
        - fbdev: sm712fb: fix crashes and garbled display during DPMS modesetting
        - PCI: Mark Atheros AR9462 to avoid bus reset
        - dm delay: fix a crash when invalid device is specified
        - xfrm: policy: Fix out-of-bound array accesses in __xfrm_policy_unlink
        - xfrm6_tunnel: Fix potential panic when unloading xfrm6_tunnel module
        - vti4: ipip tunnel deregistration fixes.
        - xfrm4: Fix uninitialized memory read in _decode_session4
        - KVM: arm/arm64: Ensure vcpu target is unset on reset failure
        - power: supply: sysfs: prevent endless uevent loop with
          CONFIG_POWER_SUPPLY_DEBUG
        - ufs: fix braino in ufs_get_inode_gid() for solaris UFS flavour
        - perf bench numa: Add define for RUSAGE_THREAD if not present
        - Revert "Don't jump to compute_result state from check_result state"
        - md/raid: raid5 preserve the writeback action after the parity check
        - btrfs: Honour FITRIM range constraints during free space trim
        - fbdev: sm712fb: fix memory frequency by avoiding a switch/case fallthrough
        - ext4: do not delete unlinked inode from orphan list on failed truncate
        - KVM: x86: fix return value for reserved EFER
        - bio: fix improper use of smp_mb__before_atomic()
        - Revert "scsi: sd: Keep disk read-only when re-reading partition"
        - crypto: vmx - CTR: always increment IV as quadword
        - gfs2: Fix sign extension bug in gfs2_update_stats
        - Btrfs: fix race between ranged fsync and writeback of adjacent ranges
        - btrfs: sysfs: don't leak memory when failing add fsid
        - fbdev: fix divide error in fb_var_to_videomode
        - hugetlb: use same fault hash key for shared and private mappings
        - fbdev: fix WARNING in __alloc_pages_nodemask bug
        - media: cpia2: Fix use-after-free in cpia2_exit
        - media: vivid: use vfree() instead of kfree() for dev->bitmap_cap
        - ssb: Fix possible NULL pointer dereference in ssb_host_pcmcia_exit
        - at76c50x-usb: Don't register led_trigger if usb_register_driver failed
        - perf tools: No need to include bitops.h in util.h
        - gfs2: Fix lru_count going negative
        - cxgb4: Fix error path in cxgb4_init_module
        - mmc: core: Verify SD bus width
        - powerpc/boot: Fix missing check of lseek() return value
        - ASoC: imx: fix fiq dependencies
        - spi: pxa2xx: fix SCR (divisor) calculation
        - brcm80211: potential NULL dereference in
          brcmf_cfg80211_vndr_cmds_dcmd_handler()
        - rtc: 88pm860x: prevent use-after-free on device remove
        - w1: fix the resume command API
        - dmaengine: pl330: _stop: clear interrupt status
        - mac80211/cfg80211: update bss channel on channel switch
        - ASoC: fsl_sai: Update is_slave_mode with correct value
        - mwifiex: prevent an array overflow
        - net: cw1200: fix a NULL pointer dereference
        - bcache: return error immediately in bch_journal_replay()
        - bcache: fix failure in journal relplay
        - bcache: add failure check to run_cache_set() for journal replay
        - bcache: avoid clang -Wunintialized warning
        - x86/build: Move _etext to actual end of .text
        - smpboot: Place the __percpu annotation correctly
        - x86/mm: Remove in_nmi() warning from 64-bit implementation of
          vmalloc_fault()
        - mm/uaccess: Use 'unsigned long' to placate UBSAN warnings on older GCC
          versions
        - HID: logitech-hidpp: use RAP instead of FAP to get the protocol version
        - pinctrl: pistachio: fix leaked of_node references
        - dmaengine: at_xdmac: remove BUG_ON macro in tasklet
        - media: coda: clear error return value before picture run
        - media: ov6650: Move v4l2_clk_get() to ov6650_video_probe() helper
        - media: au0828: stop video streaming only when last user stops
        - media: ov2659: make S_FMT succeed even if requested format doesn't match
        - audit: fix a memory leak bug
        - media: au0828: Fix NULL pointer dereference in au0828_analog_stream_enable()
        - media: pvrusb2: Prevent a buffer overflow
        - powerpc/numa: improve control of topology updates
        - sched/core: Check quota and period overflow at usec to nsec conversion
        - sched/core: Handle overflow in cpu_shares_write_u64
        - USB: core: Don't unbind interfaces following device reset failure
        - x86/irq/64: Limit IST stack overflow check to #DB stack
        - i40e: don't allow changes to HW VLAN stripping on active port VLANs
        - RDMA/cxgb4: Fix null pointer dereference on alloc_skb failure
        - hwmon: (vt1211) Use request_muxed_region for Super-IO accesses
        - hwmon: (smsc47m1) Use request_muxed_region for Super-IO accesses
        - hwmon: (smsc47b397) Use request_muxed_region for Super-IO accesses
        - hwmon: (pc87427) Use request_muxed_region for Super-IO accesses
        - hwmon: (f71805f) Use request_muxed_region for Super-IO accesses
        - scsi: libsas: Do discovery on empty PHY to update PHY info
        - mmc_spi: add a status check for spi_sync_locked
        - mmc: sdhci-of-esdhc: add erratum eSDHC5 support
        - mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358 support
        - PM / core: Propagate dev->power.wakeup_path when no callbacks
        - extcon: arizona: Disable mic detect if running when driver is removed
        - s390: cio: fix cio_irb declaration
        - cpufreq: ppc_cbe: fix possible object reference leak
        - cpufreq/pasemi: fix possible object reference leak
        - cpufreq: pmac32: fix possible object reference leak
        - x86/build: Keep local relocations with ld.lld
        - iio: ad_sigma_delta: Properly handle SPI bus locking vs CS assertion
        - iio: hmc5843: fix potential NULL pointer dereferences
        - iio: common: ssp_sensors: Initialize calculated_time in
          ssp_common_process_data
        - rtlwifi: fix a potential NULL pointer dereference
        - brcmfmac: fix missing checks for kmemdup
        - b43: shut up clang -Wuninitialized variable warning
        - brcmfmac: convert dev_init_lock mutex to completion
        - brcmfmac: fix race during disconnect when USB completion is in progress
        - scsi: ufs: Fix regulator load and icc-level configuration
        - scsi: ufs: Avoid configuring regulator with undefined voltage range
        - arm64: cpu_ops: fix a leaked reference by adding missing of_node_put
        - x86/ia32: Fix ia32_restore_sigcontext() AC leak
        - chardev: add additional check for minor range overlap
        - HID: core: move Usage Page concatenation to Main item
        - ASoC: eukrea-tlv320: fix a leaked reference by adding missing of_node_put
        - ASoC: fsl_utils: fix a leaked reference by adding missing of_node_put
        - cxgb3/l2t: Fix undefined behaviour
        - spi: tegra114: reset controller on probe
        - media: wl128x: prevent two potential buffer overflows
        - virtio_console: initialize vtermno value for ports
        - tty: ipwireless: fix missing checks for ioremap
        - rcutorture: Fix cleanup path for invalid torture_type strings
        - usb: core: Add PM runtime calls to usb_hcd_platform_shutdown
        - scsi: qla4xxx: avoid freeing unallocated dma memory
        - media: m88ds3103: serialize reset messages in m88ds3103_set_frontend
        - media: go7007: avoid clang frame overflow warning with KASAN
        - media: saa7146: avoid high stack usage with clang
        - scsi: lpfc: Fix SLI3 commands being issued on SLI4 devices
        - spi : spi-topcliff-pch: Fix to handle empty DMA buffers
        - spi: rspi: Fix sequencer reset during initialization
        - spi: Fix zero length xfer bug
        - ASoC: davinci-mcasp: Fix clang warning without CONFIG_PM
        - ipv6: Consider sk_bound_dev_if when binding a raw socket to an address
        - llc: fix skb leak in llc_build_and_send_ui_pkt()
        - net-gro: fix use-after-free read in napi_gro_frags()
        - net: stmmac: fix reset gpio free missing
        - usbnet: fix kernel crash after disconnect
        - tipc: Avoid copying bytes beyond the supplied data
        - bnxt_en: Fix aggregation buffer leak under OOM condition.
        - net: mvpp2: fix bad MVPP2_TXQ_SCHED_TOKEN_CNTR_REG queue value
        - crypto: vmx - ghash: do nosimd fallback manually
        - xen/pciback: Don't disable PCI_COMMAND on PCI device reset.
        - Revert "tipc: fix modprobe tipc failed after switch order of device
          registration"
        - tipc: fix modprobe tipc failed after switch order of device registration -v2
        - sparc64: Fix regression in non-hypervisor TLB flush xcall
        - include/linux/bitops.h: sanitize rotate primitives
        - xhci: Convert xhci_handshake() to use readl_poll_timeout_atomic()
        - usb: xhci: avoid null pointer deref when bos field is NULL
        - USB: Fix slab-out-of-bounds write in usb_get_bos_descriptor
        - USB: sisusbvga: fix oops in error path of sisusb_probe
        - USB: Add LPM quirk for Surface Dock GigE adapter
        - USB: rio500: refuse more than one device at a time
        - USB: rio500: fix memory leak in close after disconnect
        - media: usb: siano: Fix general protection fault in smsusb
        - media: usb: siano: Fix false-positive "uninitialized variable" warning
        - media: smsusb: better handle optional alignment
        - scsi: zfcp: fix missing zfcp_port reference put on -EBUSY from port_remove
        - scsi: zfcp: fix to prevent port_remove with pure auto scan LUNs (only sdevs)
        - Btrfs: fix race updating log root item during fsync
        - ALSA: hda/realtek - Set default power save node to 0
        - drm/nouveau/i2c: Disable i2c bus access after ->fini()
        - tty: serial: msm_serial: Fix XON/XOFF
        - tty: max310x: Fix external crystal register setup
        - memcg: make it work on sparse non-0-node systems
        - kernel/signal.c: trace_signal_deliver when signal_group_exit
        - CIFS: cifs_read_allocate_pages: don't iterate through whole page array on
          ENOMEM
        - binder: Replace "%p" with "%pK" for stable
        - binder: replace "%p" with "%pK"
        - brcmfmac: Add length checks on firmware events
        - brcmfmac: screening firmware event packet
        - brcmfmac: revise handling events in receive path
        - brcmfmac: fix incorrect event channel deduction
        - brcmfmac: add length checks in scheduled scan result handler
        - brcmfmac: add subtype check for event handling in data path
        - userfaultfd: don't pin the user memory in userfaultfd_file_create()
        - Revert "x86/build: Move _etext to actual end of .text"
        - net: cdc_ncm: GetNtbFormat endian fix
        - usb: gadget: fix request length error for isoc transfer
        - media: uvcvideo: Fix uvc_alloc_entity() allocation alignment
        - ethtool: fix potential userspace buffer overflow
        - neighbor: Call __ipv4_neigh_lookup_noref in neigh_xmit
        - net/mlx4_en: ethtool, Remove unsupported SFP EEPROM high pages query
        - net: rds: fix memory leak in rds_ib_flush_mr_pool
        - pktgen: do not sleep with the thread lock held.
        - rcu: locking and unlocking need to always be at least barriers
        - parisc: Use implicit space register selection for loading the coherence
          index of I/O pdirs
        - fuse: fallocate: fix return with locked inode
        - MIPS: pistachio: Build uImage.gz by default
        - genwqe: Prevent an integer overflow in the ioctl
        - drm/gma500/cdv: Check vbt config bits when detecting lvds panels
        - fs: stream_open - opener for stream-like files so that read and write can
          run simultaneously without deadlock
        - fuse: Add FOPEN_STREAM to use stream_open()
        - ipv4: Define __ipv4_neigh_lookup_noref when CONFIG_INET is disabled
        - ethtool: check the return value of get_regs_len
        - Linux 4.4.181
    
      * CVE-2019-2054
        - arm/ptrace: run seccomp after ptrace
    
      * CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130
        - x86/speculation: Remove redundant arch_smt_update() invocation
    
      * Revert x86/vdso linker changes from #1830890 as this causes glibc
        2.29-0ubuntu3 FTBFS on eoan (LP: #1834315)
        - Revert "x86/vdso: Pass --eh-frame-hdr to the linker"
        - Revert "x86: vdso: Use $LD instead of $CC to link"
    
      * CONFIG_LOG_BUF_SHIFT set to 14 is too low on arm64 (LP: #1824864)
        - [Config] CONFIG_LOG_BUF_SHIFT=18 on all 64bit arches
    
      * CVE-2019-11833
        - ext4: zero out the unused memory region in the extent tree block
    
      * idle-page oopses when accessing page frames that are out of range
        (LP: #1833410)
        - mm/page_idle.c: fix oops because end_pfn is larger than max_pfn
    
      * Performance degradation when copying from LVM snapshot backed by NVMe disk
        (LP: #1833319)
        - NVMe: Allow request merges
    
      * Bluetooth regressions with Xenial kernel 4.4.0-152.179 (LP: #1833698)
        - Revert "Bluetooth: Align minimum encryption key size for LE and BR/EDR
          connections"
    
      * 4.4.0-145-generic Kernel Panic  ip6_expire_frag_queue (LP: #1824687)
        - SAUCE: ipv6: frags: fix skb extraction in ip6_expire_frag_queue()
    
      * [Xenial] Customer can not SSH to Linux VM due to "VSC State Unhealthy"
        (LP: #1826416)
        - vmbus: fix missing signaling in hv_signal_on_read()
    
      * Xenial update: 4.4.180 upstream stable release (LP: #1830176)
        - kbuild: simplify ld-option implementation
        - KVM: fail KVM_SET_VCPU_EVENTS with invalid exception number
        - cifs: do not attempt cifs operation on smb2+ rename error
        - MIPS: scall64-o32: Fix indirect syscall number load
        - trace: Fix preempt_enable_no_resched() abuse
        - sched/numa: Fix a possible divide-by-zero
        - ceph: ensure d_name stability in ceph_dentry_hash()
        - ceph: fix ci->i_head_snapc leak
        - nfsd: Don't release the callback slot unless it was actually held
        - sunrpc: don't mark uninitialised items as VALID.
        - USB: Add new USB LPM helpers
        - USB: Consolidate LPM checks to avoid enabling LPM twice
        - powerpc/xmon: Add RFI flush related fields to paca dump
        - powerpc/64s: Improve RFI L1-D cache flush fallback
        - powerpc/64s: Fix section mismatch warnings from setup_rfi_flush()
        - Revert "UBUNTU: SAUCE: powerpc/64s: Add support for a store forwarding
          barrier at kernel entry/exit"
        - powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit
        - powerpc/64s: Add barrier_nospec
        - powerpc/64s: Add support for ori barrier_nospec patching
        - powerpc/64s: Patch barrier_nospec in modules
        - powerpc/64s: Enable barrier_nospec based on firmware settings
        - powerpc/64: Use barrier_nospec in syscall entry
        - powerpc: Use barrier_nospec in copy_from_user()
        - powerpc/64s: Enhance the information in cpu_show_spectre_v1()
        - powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2
        - powerpc/64: Disable the speculation barrier from the command line
        - powerpc/64: Make stf barrier PPC_BOOK3S_64 specific.
        - powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC
        - powerpc/64: Call setup_barrier_nospec() from setup_arch()
        - powerpc/64: Make meltdown reporting Book3S 64 specific
        - powerpc/fsl: Add barrier_nospec implementation for NXP PowerPC Book3E
        - powerpc/asm: Add a patch_site macro & helpers for patching instructions
        - powerpc/64s: Add new security feature flags for count cache flush
        - powerpc/64s: Add support for software count cache flush
        - powerpc/pseries: Query hypervisor for count cache flush settings
        - powerpc/powernv: Query firmware for count cache flush settings
        - powerpc: Avoid code patching freed init sections
        - powerpc/fsl: Add infrastructure to fixup branch predictor flush
        - powerpc/fsl: Add macro to flush the branch predictor
        - powerpc/fsl: Fix spectre_v2 mitigations reporting
        - powerpc/fsl: Add nospectre_v2 command line argument
        - powerpc/fsl: Flush the branch predictor at each kernel entry (64bit)
        - powerpc/fsl: Update Spectre v2 reporting
        - powerpc/security: Fix spectre_v2 reporting
        - powerpc/fsl: Fix the flush of branch predictor.
        - tipc: handle the err returned from cmd header function
        - slip: make slhc_free() silently accept an error pointer
        - intel_th: gth: Fix an off-by-one in output unassigning
        - fs/proc/proc_sysctl.c: Fix a NULL pointer dereference
        - NFS: Forbid setting AF_INET6 to "struct sockaddr_in"->sin_family.
        - netfilter: ebtables: CONFIG_COMPAT: drop a bogus WARN_ON
        - tipc: check bearer name with right length in tipc_nl_compat_bearer_enable
        - tipc: check link name with right length in tipc_nl_compat_link_set
        - bpf: reject wrong sized filters earlier
        - Revert "block/loop: Use global lock for ioctl() operation."
        - ipv4: add sanity checks in ipv4_link_failure()
        - team: fix possible recursive locking when add slaves
        - net: stmmac: move stmmac_check_ether_addr() to driver probe
        - ipv4: set the tcp_min_rtt_wlen range from 0 to one day
        - powerpc/fsl: Enable runtime patching if nospectre_v2 boot arg is used
        - powerpc/fsl: Flush branch predictor when entering KVM
        - powerpc/fsl: Emulate SPRN_BUCSR register
        - powerpc/fsl: Flush the branch predictor at each kernel entry (32 bit)
        - powerpc/fsl: Sanitize the syscall table for NXP PowerPC 32 bit platforms
        - powerpc/fsl: Fixed warning: orphan section `__btb_flush_fixup'
        - powerpc/fsl: Add FSL_PPC_BOOK3E as supported arch for nospectre_v2 boot arg
        - Documentation: Add nospectre_v1 parameter
        - usbnet: ipheth: prevent TX queue timeouts when device not ready
        - usbnet: ipheth: fix potential null pointer dereference in ipheth_carrier_set
        - qlcnic: Avoid potential NULL pointer dereference
        - netfilter: bridge: set skb transport_header before entering
          NF_INET_PRE_ROUTING
        - sc16is7xx: missing unregister/delete driver on error in sc16is7xx_init()
        - usb: gadget: net2280: Fix overrun of OUT messages
        - usb: gadget: net2280: Fix net2280_dequeue()
        - usb: gadget: net2272: Fix net2272_dequeue()
        - ARM: dts: pfla02: increase phy reset duration
        - net: ks8851: Dequeue RX packets explicitly
        - net: ks8851: Reassert reset pin if chip ID check fails
        - net: ks8851: Delay requesting IRQ until opened
        - net: ks8851: Set initial carrier state to down
        - net: xilinx: fix possible object reference leak
        - net: ibm: fix possible object reference leak
        - net: ethernet: ti: fix possible object reference leak
        - scsi: qla4xxx: fix a potential NULL pointer dereference
        - usb: u132-hcd: fix resource leak
        - ceph: fix use-after-free on symlink traversal
        - scsi: zfcp: reduce flood of fcrscn1 trace records on multi-element RSCN
        - libata: fix using DMA buffers on stack
        - kconfig/[mn]conf: handle backspace (^H) key
        - ALSA: line6: use dynamic buffers
        - ipv4: ip_do_fragment: Preserve skb_iif during fragmentation
        - ipv6/flowlabel: wait rcu grace period before put_pid()
        - ipv6: invert flowlabel sharing check in process and user mode
        - bnxt_en: Improve multicast address setup logic.
        - packet: validate msg_namelen in send directly
        - USB: yurex: Fix protection fault after device removal
        - USB: w1 ds2490: Fix bug caused by improper use of altsetting array
        - USB: core: Fix unterminated string returned by usb_string()
        - USB: core: Fix bug caused by duplicate interface PM usage counter
        - HID: debug: fix race condition with between rdesc_show() and device removal
        - rtc: sh: Fix invalid alarm warning for non-enabled alarm
        - bonding: show full hw address in sysfs for slave entries
        - jffs2: fix use-after-free on symlink traversal
        - debugfs: fix use-after-free on symlink traversal
        - rtc: da9063: set uie_unsupported when relevant
        - vfio/pci: use correct format characters
        - scsi: storvsc: Fix calculation of sub-channel count
        - net: hns: Use NAPI_POLL_WEIGHT for hns driver
        - net: hns: Fix WARNING when remove HNS driver with SMMU enabled
        - hugetlbfs: fix memory leak for resv_map
        - xsysace: Fix error handling in ace_setup
        - ARM: orion: don't use using 64-bit DMA masks
        - ARM: iop: don't use using 64-bit DMA masks
        - usb: usbip: fix isoc packet num validation in get_pipe
        - staging: iio: adt7316: allow adt751x to use internal vref for all dacs
        - staging: iio: adt7316: fix the dac read calculation
        - staging: iio: adt7316: fix the dac write calculation
        - Input: snvs_pwrkey - initialize necessary driver data before enabling IRQ
        - selinux: never allow relabeling on context mounts
        - x86/mce: Improve error message when kernel cannot recover, p2
        - media: v4l2: i2c: ov7670: Fix PLL bypass register values
        - scsi: libsas: fix a race condition when smp task timeout
        - ASoC:soc-pcm:fix a codec fixup issue in TDM case
        - ASoC: cs4270: Set auto-increment bit for register writes
        - ASoC: tlv320aic32x4: Fix Common Pins
        - perf/x86/intel: Fix handling of wakeup_events for multi-entry PEBS
        - scsi: csiostor: fix missing data copy in csio_scsi_err_handler()
        - iommu/amd: Set exclusion range correctly
        - genirq: Prevent use-after-free and work list corruption
        - usb: dwc3: Fix default lpm_nyet_threshold value
        - scsi: qla2xxx: Fix incorrect region-size setting in optrom SYSFS routines
        - Bluetooth: hidp: fix buffer overflow
        - Bluetooth: Align minimum encryption key size for LE and BR/EDR connections
        - UAS: fix alignment of scatter/gather segments
        - ipv6: fix a potential deadlock in do_ipv6_setsockopt()
        - ASoC: Intel: avoid Oops if DMA setup fails
        - timer/debug: Change /proc/timer_stats from 0644 to 0600
        - netfilter: compat: initialize all fields in xt_init
        - platform/x86: sony-laptop: Fix unintentional fall-through
        - iio: adc: xilinx: fix potential use-after-free on remove
        - HID: input: add mapping for Expose/Overview key
        - HID: input: add mapping for keyboard Brightness Up/Down/Toggle keys
        - libnvdimm/btt: Fix a kmemdup failure check
        - s390/dasd: Fix capacity calculation for large volumes
        - s390/3270: fix lockdep false positive on view->lock
        - KVM: x86: avoid misreporting level-triggered irqs as edge-triggered in
          tracing
        - tools lib traceevent: Fix missing equality check for strcmp
        - init: initialize jump labels before command line option parsing
        - ipvs: do not schedule icmp errors from tunnels
        - s390: ctcm: fix ctcm_new_device error return code
        - gpu: ipu-v3: dp: fix CSC handling
        - cw1200: fix missing unlock on error in cw1200_hw_scan()
        - Don't jump to compute_result state from check_result state
        - x86/microcode/intel: Add a helper which gives the microcode revision
        - x86: stop exporting msr-index.h to userland
        - x86/microcode/intel: Check microcode revision before updating sibling
          threads
        - x86/MCE: Save microcode revision in machine check records
        - x86/bugs: Add AMD's variant of SSB_NO
        - x86/bugs: Add AMD's SPEC_CTRL MSR usage
        - x86/bugs: Switch the selection of mitigation from CPU vendor to CPU features
        - x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR
        - x86/microcode: Make sure boot_cpu_data.microcode is up-to-date
        - x86/microcode: Update the new microcode revision unconditionally
        - x86/mm: Use WRITE_ONCE() when setting PTEs
        - x86/speculation: Apply IBPB more strictly to avoid cross-process data leak
        - x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation
        - x86/speculation: Propagate information about RSB filling mitigation to sysfs
        - x86/speculation: Update the TIF_SSBD comment
        - x86/speculation: Clean up spectre_v2_parse_cmdline()
        - x86/speculation: Move STIPB/IBPB string conditionals out of
          cpu_show_common()
        - x86/speculation: Disable STIBP when enhanced IBRS is in use
        - x86/speculation: Rename SSBD update functions
        - x86/speculation: Reorganize speculation control MSRs update
        - x86/Kconfig: Select SCHED_SMT if SMP enabled
        - x86/speculation: Mark string arrays const correctly
        - x86/speculataion: Mark command line parser data __initdata
        - x86/speculation: Add command line control for indirect branch speculation
        - x86/speculation: Prepare for per task indirect branch speculation control
        - x86/process: Consolidate and simplify switch_to_xtra() code
        - x86/speculation: Avoid __switch_to_xtra() calls
        - x86/speculation: Prepare for conditional IBPB in switch_mm()
        - x86/speculation: Split out TIF update
        - x86/speculation: Prepare arch_smt_update() for PRCTL mode
        - x86/speculation: Prevent stale SPEC_CTRL msr content
        - x86/speculation: Add prctl() control for indirect branch speculation
        - x86/speculation: Enable prctl mode for spectre_v2_user
        - x86/speculation: Add seccomp Spectre v2 user space protection mode
        - x86/speculation: Provide IBPB always command line options
        - x86/cpu/bugs: Use __initconst for 'const' init data
        - USB: serial: use variable for status
        - USB: serial: fix unthrottle races
        - bridge: Fix error path for kobject_init_and_add()
        - net: ucc_geth - fix Oops when changing number of buffers in the ring
        - packet: Fix error path in packet_init
        - vlan: disable SIOCSHWTSTAMP in container
        - vrf: sit mtu should not be updated when vrf netdev is the link
        - ipv4: Fix raw socket lookup for local traffic
        - bonding: fix arp_validate toggling in active-backup mode
        - drivers/virt/fsl_hypervisor.c: dereferencing error pointers in ioctl
        - drivers/virt/fsl_hypervisor.c: prevent integer overflow in ioctl
        - powerpc/booke64: set RI in default MSR
        - powerpc/lib: fix book3s/32 boot failure due to code patching
        - Linux 4.4.180
        - SAUCE: Clarify IBRS/IBPB runtime state change messages
        - SAUCE: x86/speculation: Move STIBP hunks
        - SAUCE: powerpc/speculation: Support 'mitigations=' cmdline option
        - SAUCE: x86/speculation: Update 'mitigations=' documentation
        - SAUCE: Show 'pti' instead of 'kaiser' in /proc/cpuinfo
        - SAUCE: perf/bench: Drop definition of BIT in numa.c
        - SAUCE: x86/speculation: Fix SSB command line documentation
    
      * CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130 // CVE-2019-11091
        - SAUCE: Synchronize MDS mitigations with upstream
        - Documentation: Correct the possible MDS sysfs values
        - x86/speculation/mds: Fix documentation typo
    
      * CVE-2019-11091
        - x86/mds: Add MDSUM variant to the MDS documentation
    
     -- Stefan Bader <email address hidden>  Tue, 23 Jul 2019 10:55:25 +0200
  • linux (4.4.0-156.183) xenial; urgency=medium
    
      * linux: 4.4.0-156.183 -proposed tracker (LP: #1836880)
    
      * BCM43602 802.11ac Wireless regression - PCI ID 14e4:43ba (LP: #1836801)
        - brcmfmac: add eth_type_trans back for PCIe full dongle
    
    linux (4.4.0-155.182) xenial; urgency=medium
    
      * linux: 4.4.0-155.182 -proposed tracker (LP: #1834918)
    
      * Geneve tunnels don't work when ipv6 is disabled (LP: #1794232)
        - geneve: correctly handle ipv6.disable module parameter
    
      * Kernel modules generated incorrectly when system is localized to a non-
        English language (LP: #1828084)
        - scripts: override locale from environment when running recordmcount.pl
    
      * Handle overflow in proc_get_long of sysctl (LP: #1833935)
        - sysctl: handle overflow in proc_get_long
    
      * Xenial update: 4.4.181 upstream stable release (LP: #1832661)
        - x86/speculation/mds: Revert CPU buffer clear on double fault exit
        - x86/speculation/mds: Improve CPU buffer clear documentation
        - ARM: exynos: Fix a leaked reference by adding missing of_node_put
        - crypto: vmx - fix copy-paste error in CTR mode
        - crypto: crct10dif-generic - fix use via crypto_shash_digest()
        - crypto: x86/crct10dif-pcl - fix use via crypto_shash_digest()
        - ALSA: usb-audio: Fix a memory leak bug
        - ALSA: hda/hdmi - Consider eld_valid when reporting jack event
        - ALSA: hda/realtek - EAPD turn on later
        - ASoC: max98090: Fix restore of DAPM Muxes
        - ASoC: RT5677-SPI: Disable 16Bit SPI Transfers
        - mm/mincore.c: make mincore() more conservative
        - ocfs2: fix ocfs2 read inode data panic in ocfs2_iget
        - mfd: da9063: Fix OTP control register names to match datasheets for
          DA9063/63L
        - tty/vt: fix write/write race in ioctl(KDSKBSENT) handler
        - ext4: actually request zeroing of inode table after grow
        - ext4: fix ext4_show_options for file systems w/o journal
        - Btrfs: do not start a transaction at iterate_extent_inodes()
        - bcache: fix a race between cache register and cacheset unregister
        - bcache: never set KEY_PTRS of journal key to 0 in journal_reclaim()
        - ipmi:ssif: compare block number correctly for multi-part return messages
        - crypto: gcm - Fix error return code in crypto_gcm_create_common()
        - crypto: gcm - fix incompatibility between "gcm" and "gcm_base"
        - crypto: chacha20poly1305 - set cra_name correctly
        - crypto: salsa20 - don't access already-freed walk.iv
        - crypto: arm/aes-neonbs - don't access already-freed walk.iv
        - writeback: synchronize sync(2) against cgroup writeback membership switches
        - fs/writeback.c: use rcu_barrier() to wait for inflight wb switches going
          into workqueue when umount
        - ALSA: hda/realtek - Fix for Lenovo B50-70 inverted internal microphone bug
        - KVM: x86: Skip EFER vs. guest CPUID checks for host-initiated writes
        - net: avoid weird emergency message
        - net/mlx4_core: Change the error print to info print
        - ppp: deflate: Fix possible crash in deflate_init
        - tipc: switch order of device registration to fix a crash
        - tipc: fix modprobe tipc failed after switch order of device registration
        - stm class: Fix channel free in stm output free path
        - md: add mddev->pers to avoid potential NULL pointer dereference
        - intel_th: msu: Fix single mode with IOMMU
        - of: fix clang -Wunsequenced for be32_to_cpu()
        - cifs: fix strcat buffer overflow and reduce raciness in
          smb21_set_oplock_level()
        - media: ov6650: Fix sensor possibly not detected on probe
        - NFS4: Fix v4.0 client state corruption when mount
        - clk: tegra: Fix PLLM programming on Tegra124+ when PMC overrides divider
        - fuse: fix writepages on 32bit
        - fuse: honor RLIMIT_FSIZE in fuse_file_fallocate
        - iommu/tegra-smmu: Fix invalid ASID bits on Tegra30/114
        - ceph: flush dirty inodes before proceeding with remount
        - tracing: Fix partial reading of trace event's id file
        - memory: tegra: Fix integer overflow on tick value calculation
        - perf intel-pt: Fix instructions sampling rate
        - perf intel-pt: Fix improved sample timestamp
        - perf intel-pt: Fix sample timestamp wrt non-taken branches
        - fbdev: sm712fb: fix brightness control on reboot, don't set SR30
        - fbdev: sm712fb: fix VRAM detection, don't set SR70/71/74/75
        - fbdev: sm712fb: fix white screen of death on reboot, don't set CR3B-CR3F
        - fbdev: sm712fb: fix boot screen glitch when sm712fb replaces VGA
        - fbdev: sm712fb: fix crashes during framebuffer writes by correctly mapping
          VRAM
        - fbdev: sm712fb: fix support for 1024x768-16 mode
        - fbdev: sm712fb: use 1024x768 by default on non-MIPS, fix garbled display
        - fbdev: sm712fb: fix crashes and garbled display during DPMS modesetting
        - PCI: Mark Atheros AR9462 to avoid bus reset
        - dm delay: fix a crash when invalid device is specified
        - xfrm: policy: Fix out-of-bound array accesses in __xfrm_policy_unlink
        - xfrm6_tunnel: Fix potential panic when unloading xfrm6_tunnel module
        - vti4: ipip tunnel deregistration fixes.
        - xfrm4: Fix uninitialized memory read in _decode_session4
        - KVM: arm/arm64: Ensure vcpu target is unset on reset failure
        - power: supply: sysfs: prevent endless uevent loop with
          CONFIG_POWER_SUPPLY_DEBUG
        - ufs: fix braino in ufs_get_inode_gid() for solaris UFS flavour
        - perf bench numa: Add define for RUSAGE_THREAD if not present
        - Revert "Don't jump to compute_result state from check_result state"
        - md/raid: raid5 preserve the writeback action after the parity check
        - btrfs: Honour FITRIM range constraints during free space trim
        - fbdev: sm712fb: fix memory frequency by avoiding a switch/case fallthrough
        - ext4: do not delete unlinked inode from orphan list on failed truncate
        - KVM: x86: fix return value for reserved EFER
        - bio: fix improper use of smp_mb__before_atomic()
        - Revert "scsi: sd: Keep disk read-only when re-reading partition"
        - crypto: vmx - CTR: always increment IV as quadword
        - gfs2: Fix sign extension bug in gfs2_update_stats
        - Btrfs: fix race between ranged fsync and writeback of adjacent ranges
        - btrfs: sysfs: don't leak memory when failing add fsid
        - fbdev: fix divide error in fb_var_to_videomode
        - hugetlb: use same fault hash key for shared and private mappings
        - fbdev: fix WARNING in __alloc_pages_nodemask bug
        - media: cpia2: Fix use-after-free in cpia2_exit
        - media: vivid: use vfree() instead of kfree() for dev->bitmap_cap
        - ssb: Fix possible NULL pointer dereference in ssb_host_pcmcia_exit
        - at76c50x-usb: Don't register led_trigger if usb_register_driver failed
        - perf tools: No need to include bitops.h in util.h
        - gfs2: Fix lru_count going negative
        - cxgb4: Fix error path in cxgb4_init_module
        - mmc: core: Verify SD bus width
        - powerpc/boot: Fix missing check of lseek() return value
        - ASoC: imx: fix fiq dependencies
        - spi: pxa2xx: fix SCR (divisor) calculation
        - brcm80211: potential NULL dereference in
          brcmf_cfg80211_vndr_cmds_dcmd_handler()
        - rtc: 88pm860x: prevent use-after-free on device remove
        - w1: fix the resume command API
        - dmaengine: pl330: _stop: clear interrupt status
        - mac80211/cfg80211: update bss channel on channel switch
        - ASoC: fsl_sai: Update is_slave_mode with correct value
        - mwifiex: prevent an array overflow
        - net: cw1200: fix a NULL pointer dereference
        - bcache: return error immediately in bch_journal_replay()
        - bcache: fix failure in journal relplay
        - bcache: add failure check to run_cache_set() for journal replay
        - bcache: avoid clang -Wunintialized warning
        - x86/build: Move _etext to actual end of .text
        - smpboot: Place the __percpu annotation correctly
        - x86/mm: Remove in_nmi() warning from 64-bit implementation of
          vmalloc_fault()
        - mm/uaccess: Use 'unsigned long' to placate UBSAN warnings on older GCC
          versions
        - HID: logitech-hidpp: use RAP instead of FAP to get the protocol version
        - pinctrl: pistachio: fix leaked of_node references
        - dmaengine: at_xdmac: remove BUG_ON macro in tasklet
        - media: coda: clear error return value before picture run
        - media: ov6650: Move v4l2_clk_get() to ov6650_video_probe() helper
        - media: au0828: stop video streaming only when last user stops
        - media: ov2659: make S_FMT succeed even if requested format doesn't match
        - audit: fix a memory leak bug
        - media: au0828: Fix NULL pointer dereference in au0828_analog_stream_enable()
        - media: pvrusb2: Prevent a buffer overflow
        - powerpc/numa: improve control of topology updates
        - sched/core: Check quota and period overflow at usec to nsec conversion
        - sched/core: Handle overflow in cpu_shares_write_u64
        - USB: core: Don't unbind interfaces following device reset failure
        - x86/irq/64: Limit IST stack overflow check to #DB stack
        - i40e: don't allow changes to HW VLAN stripping on active port VLANs
        - RDMA/cxgb4: Fix null pointer dereference on alloc_skb failure
        - hwmon: (vt1211) Use request_muxed_region for Super-IO accesses
        - hwmon: (smsc47m1) Use request_muxed_region for Super-IO accesses
        - hwmon: (smsc47b397) Use request_muxed_region for Super-IO accesses
        - hwmon: (pc87427) Use request_muxed_region for Super-IO accesses
        - hwmon: (f71805f) Use request_muxed_region for Super-IO accesses
        - scsi: libsas: Do discovery on empty PHY to update PHY info
        - mmc_spi: add a status check for spi_sync_locked
        - mmc: sdhci-of-esdhc: add erratum eSDHC5 support
        - mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358 support
        - PM / core: Propagate dev->power.wakeup_path when no callbacks
        - extcon: arizona: Disable mic detect if running when driver is removed
        - s390: cio: fix cio_irb declaration
        - cpufreq: ppc_cbe: fix possible object reference leak
        - cpufreq/pasemi: fix possible object reference leak
        - cpufreq: pmac32: fix possible object reference leak
        - x86/build: Keep local relocations with ld.lld
        - iio: ad_sigma_delta: Properly handle SPI bus locking vs CS assertion
        - iio: hmc5843: fix potential NULL pointer dereferences
        - iio: common: ssp_sensors: Initialize calculated_time in
          ssp_common_process_data
        - rtlwifi: fix a potential NULL pointer dereference
        - brcmfmac: fix missing checks for kmemdup
        - b43: shut up clang -Wuninitialized variable warning
        - brcmfmac: convert dev_init_lock mutex to completion
        - brcmfmac: fix race during disconnect when USB completion is in progress
        - scsi: ufs: Fix regulator load and icc-level configuration
        - scsi: ufs: Avoid configuring regulator with undefined voltage range
        - arm64: cpu_ops: fix a leaked reference by adding missing of_node_put
        - x86/ia32: Fix ia32_restore_sigcontext() AC leak
        - chardev: add additional check for minor range overlap
        - HID: core: move Usage Page concatenation to Main item
        - ASoC: eukrea-tlv320: fix a leaked reference by adding missing of_node_put
        - ASoC: fsl_utils: fix a leaked reference by adding missing of_node_put
        - cxgb3/l2t: Fix undefined behaviour
        - spi: tegra114: reset controller on probe
        - media: wl128x: prevent two potential buffer overflows
        - virtio_console: initialize vtermno value for ports
        - tty: ipwireless: fix missing checks for ioremap
        - rcutorture: Fix cleanup path for invalid torture_type strings
        - usb: core: Add PM runtime calls to usb_hcd_platform_shutdown
        - scsi: qla4xxx: avoid freeing unallocated dma memory
        - media: m88ds3103: serialize reset messages in m88ds3103_set_frontend
        - media: go7007: avoid clang frame overflow warning with KASAN
        - media: saa7146: avoid high stack usage with clang
        - scsi: lpfc: Fix SLI3 commands being issued on SLI4 devices
        - spi : spi-topcliff-pch: Fix to handle empty DMA buffers
        - spi: rspi: Fix sequencer reset during initialization
        - spi: Fix zero length xfer bug
        - ASoC: davinci-mcasp: Fix clang warning without CONFIG_PM
        - ipv6: Consider sk_bound_dev_if when binding a raw socket to an address
        - llc: fix skb leak in llc_build_and_send_ui_pkt()
        - net-gro: fix use-after-free read in napi_gro_frags()
        - net: stmmac: fix reset gpio free missing
        - usbnet: fix kernel crash after disconnect
        - tipc: Avoid copying bytes beyond the supplied data
        - bnxt_en: Fix aggregation buffer leak under OOM condition.
        - net: mvpp2: fix bad MVPP2_TXQ_SCHED_TOKEN_CNTR_REG queue value
        - crypto: vmx - ghash: do nosimd fallback manually
        - xen/pciback: Don't disable PCI_COMMAND on PCI device reset.
        - Revert "tipc: fix modprobe tipc failed after switch order of device
          registration"
        - tipc: fix modprobe tipc failed after switch order of device registration -v2
        - sparc64: Fix regression in non-hypervisor TLB flush xcall
        - include/linux/bitops.h: sanitize rotate primitives
        - xhci: Convert xhci_handshake() to use readl_poll_timeout_atomic()
        - usb: xhci: avoid null pointer deref when bos field is NULL
        - USB: Fix slab-out-of-bounds write in usb_get_bos_descriptor
        - USB: sisusbvga: fix oops in error path of sisusb_probe
        - USB: Add LPM quirk for Surface Dock GigE adapter
        - USB: rio500: refuse more than one device at a time
        - USB: rio500: fix memory leak in close after disconnect
        - media: usb: siano: Fix general protection fault in smsusb
        - media: usb: siano: Fix false-positive "uninitialized variable" warning
        - media: smsusb: better handle optional alignment
        - scsi: zfcp: fix missing zfcp_port reference put on -EBUSY from port_remove
        - scsi: zfcp: fix to prevent port_remove with pure auto scan LUNs (only sdevs)
        - Btrfs: fix race updating log root item during fsync
        - ALSA: hda/realtek - Set default power save node to 0
        - drm/nouveau/i2c: Disable i2c bus access after ->fini()
        - tty: serial: msm_serial: Fix XON/XOFF
        - tty: max310x: Fix external crystal register setup
        - memcg: make it work on sparse non-0-node systems
        - kernel/signal.c: trace_signal_deliver when signal_group_exit
        - CIFS: cifs_read_allocate_pages: don't iterate through whole page array on
          ENOMEM
        - binder: Replace "%p" with "%pK" for stable
        - binder: replace "%p" with "%pK"
        - brcmfmac: Add length checks on firmware events
        - brcmfmac: screening firmware event packet
        - brcmfmac: revise handling events in receive path
        - brcmfmac: fix incorrect event channel deduction
        - brcmfmac: add length checks in scheduled scan result handler
        - brcmfmac: add subtype check for event handling in data path
        - userfaultfd: don't pin the user memory in userfaultfd_file_create()
        - Revert "x86/build: Move _etext to actual end of .text"
        - net: cdc_ncm: GetNtbFormat endian fix
        - usb: gadget: fix request length error for isoc transfer
        - media: uvcvideo: Fix uvc_alloc_entity() allocation alignment
        - ethtool: fix potential userspace buffer overflow
        - neighbor: Call __ipv4_neigh_lookup_noref in neigh_xmit
        - net/mlx4_en: ethtool, Remove unsupported SFP EEPROM high pages query
        - net: rds: fix memory leak in rds_ib_flush_mr_pool
        - pktgen: do not sleep with the thread lock held.
        - rcu: locking and unlocking need to always be at least barriers
        - parisc: Use implicit space register selection for loading the coherence
          index of I/O pdirs
        - fuse: fallocate: fix return with locked inode
        - MIPS: pistachio: Build uImage.gz by default
        - genwqe: Prevent an integer overflow in the ioctl
        - drm/gma500/cdv: Check vbt config bits when detecting lvds panels
        - fs: stream_open - opener for stream-like files so that read and write can
          run simultaneously without deadlock
        - fuse: Add FOPEN_STREAM to use stream_open()
        - ipv4: Define __ipv4_neigh_lookup_noref when CONFIG_INET is disabled
        - ethtool: check the return value of get_regs_len
        - Linux 4.4.181
    
      * CVE-2019-2054
        - arm/ptrace: run seccomp after ptrace
    
      * CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130
        - x86/speculation: Remove redundant arch_smt_update() invocation
    
      * Revert x86/vdso linker changes from #1830890 as this causes glibc
        2.29-0ubuntu3 FTBFS on eoan (LP: #1834315)
        - Revert "x86/vdso: Pass --eh-frame-hdr to the linker"
        - Revert "x86: vdso: Use $LD instead of $CC to link"
    
      * [linux-azure] Block Layer Commits Requested in Azure Kernels (LP: #1834499)
        - bio_copy_from_iter(): get rid of copying iov_iter
        - block: Clear kernel memory before copying to user
        - block/bio: Do not zero user pages
    
      * CONFIG_LOG_BUF_SHIFT set to 14 is too low on arm64 (LP: #1824864)
        - [Config] CONFIG_LOG_BUF_SHIFT=18 on all 64bit arches
    
      * CVE-2019-11833
        - ext4: zero out the unused memory region in the extent tree block
    
      * idle-page oopses when accessing page frames that are out of range
        (LP: #1833410)
        - mm/page_idle.c: fix oops because end_pfn is larger than max_pfn
    
      * Performance degradation when copying from LVM snapshot backed by NVMe disk
        (LP: #1833319)
        - NVMe: Allow request merges
    
      * Bluetooth regressions with Xenial kernel 4.4.0-152.179 (LP: #1833698)
        - Revert "Bluetooth: Align minimum encryption key size for LE and BR/EDR
          connections"
    
      * 4.4.0-145-generic Kernel Panic  ip6_expire_frag_queue (LP: #1824687)
        - SAUCE: ipv6: frags: fix skb extraction in ip6_expire_frag_queue()
    
      * [Xenial] Customer can not SSH to Linux VM due to "VSC State Unhealthy"
        (LP: #1826416)
        - vmbus: fix missing signaling in hv_signal_on_read()
    
      * Xenial update: 4.4.180 upstream stable release (LP: #1830176)
        - kbuild: simplify ld-option implementation
        - KVM: fail KVM_SET_VCPU_EVENTS with invalid exception number
        - cifs: do not attempt cifs operation on smb2+ rename error
        - MIPS: scall64-o32: Fix indirect syscall number load
        - trace: Fix preempt_enable_no_resched() abuse
        - sched/numa: Fix a possible divide-by-zero
        - ceph: ensure d_name stability in ceph_dentry_hash()
        - ceph: fix ci->i_head_snapc leak
        - nfsd: Don't release the callback slot unless it was actually held
        - sunrpc: don't mark uninitialised items as VALID.
        - USB: Add new USB LPM helpers
        - USB: Consolidate LPM checks to avoid enabling LPM twice
        - powerpc/xmon: Add RFI flush related fields to paca dump
        - powerpc/64s: Improve RFI L1-D cache flush fallback
        - powerpc/64s: Fix section mismatch warnings from setup_rfi_flush()
        - Revert "UBUNTU: SAUCE: powerpc/64s: Add support for a store forwarding
          barrier at kernel entry/exit"
        - powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit
        - powerpc/64s: Add barrier_nospec
        - powerpc/64s: Add support for ori barrier_nospec patching
        - powerpc/64s: Patch barrier_nospec in modules
        - powerpc/64s: Enable barrier_nospec based on firmware settings
        - powerpc/64: Use barrier_nospec in syscall entry
        - powerpc: Use barrier_nospec in copy_from_user()
        - powerpc/64s: Enhance the information in cpu_show_spectre_v1()
        - powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2
        - powerpc/64: Disable the speculation barrier from the command line
        - powerpc/64: Make stf barrier PPC_BOOK3S_64 specific.
        - powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC
        - powerpc/64: Call setup_barrier_nospec() from setup_arch()
        - powerpc/64: Make meltdown reporting Book3S 64 specific
        - powerpc/fsl: Add barrier_nospec implementation for NXP PowerPC Book3E
        - powerpc/asm: Add a patch_site macro & helpers for patching instructions
        - powerpc/64s: Add new security feature flags for count cache flush
        - powerpc/64s: Add support for software count cache flush
        - powerpc/pseries: Query hypervisor for count cache flush settings
        - powerpc/powernv: Query firmware for count cache flush settings
        - powerpc: Avoid code patching freed init sections
        - powerpc/fsl: Add infrastructure to fixup branch predictor flush
        - powerpc/fsl: Add macro to flush the branch predictor
        - powerpc/fsl: Fix spectre_v2 mitigations reporting
        - powerpc/fsl: Add nospectre_v2 command line argument
        - powerpc/fsl: Flush the branch predictor at each kernel entry (64bit)
        - powerpc/fsl: Update Spectre v2 reporting
        - powerpc/security: Fix spectre_v2 reporting
        - powerpc/fsl: Fix the flush of branch predictor.
        - tipc: handle the err returned from cmd header function
        - slip: make slhc_free() silently accept an error pointer
        - intel_th: gth: Fix an off-by-one in output unassigning
        - fs/proc/proc_sysctl.c: Fix a NULL pointer dereference
        - NFS: Forbid setting AF_INET6 to "struct sockaddr_in"->sin_family.
        - netfilter: ebtables: CONFIG_COMPAT: drop a bogus WARN_ON
        - tipc: check bearer name with right length in tipc_nl_compat_bearer_enable
        - tipc: check link name with right length in tipc_nl_compat_link_set
        - bpf: reject wrong sized filters earlier
        - Revert "block/loop: Use global lock for ioctl() operation."
        - ipv4: add sanity checks in ipv4_link_failure()
        - team: fix possible recursive locking when add slaves
        - net: stmmac: move stmmac_check_ether_addr() to driver probe
        - ipv4: set the tcp_min_rtt_wlen range from 0 to one day
        - powerpc/fsl: Enable runtime patching if nospectre_v2 boot arg is used
        - powerpc/fsl: Flush branch predictor when entering KVM
        - powerpc/fsl: Emulate SPRN_BUCSR register
        - powerpc/fsl: Flush the branch predictor at each kernel entry (32 bit)
        - powerpc/fsl: Sanitize the syscall table for NXP PowerPC 32 bit platforms
        - powerpc/fsl: Fixed warning: orphan section `__btb_flush_fixup'
        - powerpc/fsl: Add FSL_PPC_BOOK3E as supported arch for nospectre_v2 boot arg
        - Documentation: Add nospectre_v1 parameter
        - usbnet: ipheth: prevent TX queue timeouts when device not ready
        - usbnet: ipheth: fix potential null pointer dereference in ipheth_carrier_set
        - qlcnic: Avoid potential NULL pointer dereference
        - netfilter: bridge: set skb transport_header before entering
          NF_INET_PRE_ROUTING
        - sc16is7xx: missing unregister/delete driver on error in sc16is7xx_init()
        - usb: gadget: net2280: Fix overrun of OUT messages
        - usb: gadget: net2280: Fix net2280_dequeue()
        - usb: gadget: net2272: Fix net2272_dequeue()
        - ARM: dts: pfla02: increase phy reset duration
        - net: ks8851: Dequeue RX packets explicitly
        - net: ks8851: Reassert reset pin if chip ID check fails
        - net: ks8851: Delay requesting IRQ until opened
        - net: ks8851: Set initial carrier state to down
        - net: xilinx: fix possible object reference leak
        - net: ibm: fix possible object reference leak
        - net: ethernet: ti: fix possible object reference leak
        - scsi: qla4xxx: fix a potential NULL pointer dereference
        - usb: u132-hcd: fix resource leak
        - ceph: fix use-after-free on symlink traversal
        - scsi: zfcp: reduce flood of fcrscn1 trace records on multi-element RSCN
        - libata: fix using DMA buffers on stack
        - kconfig/[mn]conf: handle backspace (^H) key
        - ALSA: line6: use dynamic buffers
        - ipv4: ip_do_fragment: Preserve skb_iif during fragmentation
        - ipv6/flowlabel: wait rcu grace period before put_pid()
        - ipv6: invert flowlabel sharing check in process and user mode
        - bnxt_en: Improve multicast address setup logic.
        - packet: validate msg_namelen in send directly
        - USB: yurex: Fix protection fault after device removal
        - USB: w1 ds2490: Fix bug caused by improper use of altsetting array
        - USB: core: Fix unterminated string returned by usb_string()
        - USB: core: Fix bug caused by duplicate interface PM usage counter
        - HID: debug: fix race condition with between rdesc_show() and device removal
        - rtc: sh: Fix invalid alarm warning for non-enabled alarm
        - bonding: show full hw address in sysfs for slave entries
        - jffs2: fix use-after-free on symlink traversal
        - debugfs: fix use-after-free on symlink traversal
        - rtc: da9063: set uie_unsupported when relevant
        - vfio/pci: use correct format characters
        - scsi: storvsc: Fix calculation of sub-channel count
        - net: hns: Use NAPI_POLL_WEIGHT for hns driver
        - net: hns: Fix WARNING when remove HNS driver with SMMU enabled
        - hugetlbfs: fix memory leak for resv_map
        - xsysace: Fix error handling in ace_setup
        - ARM: orion: don't use using 64-bit DMA masks
        - ARM: iop: don't use using 64-bit DMA masks
        - usb: usbip: fix isoc packet num validation in get_pipe
        - staging: iio: adt7316: allow adt751x to use internal vref for all dacs
        - staging: iio: adt7316: fix the dac read calculation
        - staging: iio: adt7316: fix the dac write calculation
        - Input: snvs_pwrkey - initialize necessary driver data before enabling IRQ
        - selinux: never allow relabeling on context mounts
        - x86/mce: Improve error message when kernel cannot recover, p2
        - media: v4l2: i2c: ov7670: Fix PLL bypass register values
        - scsi: libsas: fix a race condition when smp task timeout
        - ASoC:soc-pcm:fix a codec fixup issue in TDM case
        - ASoC: cs4270: Set auto-increment bit for register writes
        - ASoC: tlv320aic32x4: Fix Common Pins
        - perf/x86/intel: Fix handling of wakeup_events for multi-entry PEBS
        - scsi: csiostor: fix missing data copy in csio_scsi_err_handler()
        - iommu/amd: Set exclusion range correctly
        - genirq: Prevent use-after-free and work list corruption
        - usb: dwc3: Fix default lpm_nyet_threshold value
        - scsi: qla2xxx: Fix incorrect region-size setting in optrom SYSFS routines
        - Bluetooth: hidp: fix buffer overflow
        - Bluetooth: Align minimum encryption key size for LE and BR/EDR connections
        - UAS: fix alignment of scatter/gather segments
        - ipv6: fix a potential deadlock in do_ipv6_setsockopt()
        - ASoC: Intel: avoid Oops if DMA setup fails
        - timer/debug: Change /proc/timer_stats from 0644 to 0600
        - netfilter: compat: initialize all fields in xt_init
        - platform/x86: sony-laptop: Fix unintentional fall-through
        - iio: adc: xilinx: fix potential use-after-free on remove
        - HID: input: add mapping for Expose/Overview key
        - HID: input: add mapping for keyboard Brightness Up/Down/Toggle keys
        - libnvdimm/btt: Fix a kmemdup failure check
        - s390/dasd: Fix capacity calculation for large volumes
        - s390/3270: fix lockdep false positive on view->lock
        - KVM: x86: avoid misreporting level-triggered irqs as edge-triggered in
          tracing
        - tools lib traceevent: Fix missing equality check for strcmp
        - init: initialize jump labels before command line option parsing
        - ipvs: do not schedule icmp errors from tunnels
        - s390: ctcm: fix ctcm_new_device error return code
        - gpu: ipu-v3: dp: fix CSC handling
        - cw1200: fix missing unlock on error in cw1200_hw_scan()
        - Don't jump to compute_result state from check_result state
        - x86/microcode/intel: Add a helper which gives the microcode revision
        - x86: stop exporting msr-index.h to userland
        - x86/microcode/intel: Check microcode revision before updating sibling
          threads
        - x86/MCE: Save microcode revision in machine check records
        - x86/bugs: Add AMD's variant of SSB_NO
        - x86/bugs: Add AMD's SPEC_CTRL MSR usage
        - x86/bugs: Switch the selection of mitigation from CPU vendor to CPU features
        - x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR
        - x86/microcode: Make sure boot_cpu_data.microcode is up-to-date
        - x86/microcode: Update the new microcode revision unconditionally
        - x86/mm: Use WRITE_ONCE() when setting PTEs
        - x86/speculation: Apply IBPB more strictly to avoid cross-process data leak
        - x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation
        - x86/speculation: Propagate information about RSB filling mitigation to sysfs
        - x86/speculation: Update the TIF_SSBD comment
        - x86/speculation: Clean up spectre_v2_parse_cmdline()
        - x86/speculation: Move STIPB/IBPB string conditionals out of
          cpu_show_common()
        - x86/speculation: Disable STIBP when enhanced IBRS is in use
        - x86/speculation: Rename SSBD update functions
        - x86/speculation: Reorganize speculation control MSRs update
        - x86/Kconfig: Select SCHED_SMT if SMP enabled
        - x86/speculation: Mark string arrays const correctly
        - x86/speculataion: Mark command line parser data __initdata
        - x86/speculation: Add command line control for indirect branch speculation
        - x86/speculation: Prepare for per task indirect branch speculation control
        - x86/process: Consolidate and simplify switch_to_xtra() code
        - x86/speculation: Avoid __switch_to_xtra() calls
        - x86/speculation: Prepare for conditional IBPB in switch_mm()
        - x86/speculation: Split out TIF update
        - x86/speculation: Prepare arch_smt_update() for PRCTL mode
        - x86/speculation: Prevent stale SPEC_CTRL msr content
        - x86/speculation: Add prctl() control for indirect branch speculation
        - x86/speculation: Enable prctl mode for spectre_v2_user
        - x86/speculation: Add seccomp Spectre v2 user space protection mode
        - x86/speculation: Provide IBPB always command line options
        - x86/cpu/bugs: Use __initconst for 'const' init data
        - USB: serial: use variable for status
        - USB: serial: fix unthrottle races
        - bridge: Fix error path for kobject_init_and_add()
        - net: ucc_geth - fix Oops when changing number of buffers in the ring
        - packet: Fix error path in packet_init
        - vlan: disable SIOCSHWTSTAMP in container
        - vrf: sit mtu should not be updated when vrf netdev is the link
        - ipv4: Fix raw socket lookup for local traffic
        - bonding: fix arp_validate toggling in active-backup mode
        - drivers/virt/fsl_hypervisor.c: dereferencing error pointers in ioctl
        - drivers/virt/fsl_hypervisor.c: prevent integer overflow in ioctl
        - powerpc/booke64: set RI in default MSR
        - powerpc/lib: fix book3s/32 boot failure due to code patching
        - Linux 4.4.180
        - SAUCE: Clarify IBRS/IBPB runtime state change messages
        - SAUCE: x86/speculation: Move STIBP hunks
        - SAUCE: powerpc/speculation: Support 'mitigations=' cmdline option
        - SAUCE: x86/speculation: Update 'mitigations=' documentation
        - SAUCE: Show 'pti' instead of 'kaiser' in /proc/cpuinfo
        - SAUCE: perf/bench: Drop definition of BIT in numa.c
        - SAUCE: x86/speculation: Fix SSB command line documentation
    
      * CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130 // CVE-2019-11091
        - SAUCE: Synchronize MDS mitigations with upstream
        - Documentation: Correct the possible MDS sysfs values
        - x86/speculation/mds: Fix documentation typo
    
      * CVE-2019-11091
        - x86/mds: Add MDSUM variant to the MDS documentation
    
     -- Stefan Bader <email address hidden>  Wed, 17 Jul 2019 13:06:26 +0200
  • linux (4.4.0-155.182) xenial; urgency=medium
    
      * linux: 4.4.0-155.182 -proposed tracker (LP: #1834918)
    
      * Geneve tunnels don't work when ipv6 is disabled (LP: #1794232)
        - geneve: correctly handle ipv6.disable module parameter
    
      * Kernel modules generated incorrectly when system is localized to a non-
        English language (LP: #1828084)
        - scripts: override locale from environment when running recordmcount.pl
    
      * Handle overflow in proc_get_long of sysctl (LP: #1833935)
        - sysctl: handle overflow in proc_get_long
    
      * Xenial update: 4.4.181 upstream stable release (LP: #1832661)
        - x86/speculation/mds: Revert CPU buffer clear on double fault exit
        - x86/speculation/mds: Improve CPU buffer clear documentation
        - ARM: exynos: Fix a leaked reference by adding missing of_node_put
        - crypto: vmx - fix copy-paste error in CTR mode
        - crypto: crct10dif-generic - fix use via crypto_shash_digest()
        - crypto: x86/crct10dif-pcl - fix use via crypto_shash_digest()
        - ALSA: usb-audio: Fix a memory leak bug
        - ALSA: hda/hdmi - Consider eld_valid when reporting jack event
        - ALSA: hda/realtek - EAPD turn on later
        - ASoC: max98090: Fix restore of DAPM Muxes
        - ASoC: RT5677-SPI: Disable 16Bit SPI Transfers
        - mm/mincore.c: make mincore() more conservative
        - ocfs2: fix ocfs2 read inode data panic in ocfs2_iget
        - mfd: da9063: Fix OTP control register names to match datasheets for
          DA9063/63L
        - tty/vt: fix write/write race in ioctl(KDSKBSENT) handler
        - ext4: actually request zeroing of inode table after grow
        - ext4: fix ext4_show_options for file systems w/o journal
        - Btrfs: do not start a transaction at iterate_extent_inodes()
        - bcache: fix a race between cache register and cacheset unregister
        - bcache: never set KEY_PTRS of journal key to 0 in journal_reclaim()
        - ipmi:ssif: compare block number correctly for multi-part return messages
        - crypto: gcm - Fix error return code in crypto_gcm_create_common()
        - crypto: gcm - fix incompatibility between "gcm" and "gcm_base"
        - crypto: chacha20poly1305 - set cra_name correctly
        - crypto: salsa20 - don't access already-freed walk.iv
        - crypto: arm/aes-neonbs - don't access already-freed walk.iv
        - writeback: synchronize sync(2) against cgroup writeback membership switches
        - fs/writeback.c: use rcu_barrier() to wait for inflight wb switches going
          into workqueue when umount
        - ALSA: hda/realtek - Fix for Lenovo B50-70 inverted internal microphone bug
        - KVM: x86: Skip EFER vs. guest CPUID checks for host-initiated writes
        - net: avoid weird emergency message
        - net/mlx4_core: Change the error print to info print
        - ppp: deflate: Fix possible crash in deflate_init
        - tipc: switch order of device registration to fix a crash
        - tipc: fix modprobe tipc failed after switch order of device registration
        - stm class: Fix channel free in stm output free path
        - md: add mddev->pers to avoid potential NULL pointer dereference
        - intel_th: msu: Fix single mode with IOMMU
        - of: fix clang -Wunsequenced for be32_to_cpu()
        - cifs: fix strcat buffer overflow and reduce raciness in
          smb21_set_oplock_level()
        - media: ov6650: Fix sensor possibly not detected on probe
        - NFS4: Fix v4.0 client state corruption when mount
        - clk: tegra: Fix PLLM programming on Tegra124+ when PMC overrides divider
        - fuse: fix writepages on 32bit
        - fuse: honor RLIMIT_FSIZE in fuse_file_fallocate
        - iommu/tegra-smmu: Fix invalid ASID bits on Tegra30/114
        - ceph: flush dirty inodes before proceeding with remount
        - tracing: Fix partial reading of trace event's id file
        - memory: tegra: Fix integer overflow on tick value calculation
        - perf intel-pt: Fix instructions sampling rate
        - perf intel-pt: Fix improved sample timestamp
        - perf intel-pt: Fix sample timestamp wrt non-taken branches
        - fbdev: sm712fb: fix brightness control on reboot, don't set SR30
        - fbdev: sm712fb: fix VRAM detection, don't set SR70/71/74/75
        - fbdev: sm712fb: fix white screen of death on reboot, don't set CR3B-CR3F
        - fbdev: sm712fb: fix boot screen glitch when sm712fb replaces VGA
        - fbdev: sm712fb: fix crashes during framebuffer writes by correctly mapping
          VRAM
        - fbdev: sm712fb: fix support for 1024x768-16 mode
        - fbdev: sm712fb: use 1024x768 by default on non-MIPS, fix garbled display
        - fbdev: sm712fb: fix crashes and garbled display during DPMS modesetting
        - PCI: Mark Atheros AR9462 to avoid bus reset
        - dm delay: fix a crash when invalid device is specified
        - xfrm: policy: Fix out-of-bound array accesses in __xfrm_policy_unlink
        - xfrm6_tunnel: Fix potential panic when unloading xfrm6_tunnel module
        - vti4: ipip tunnel deregistration fixes.
        - xfrm4: Fix uninitialized memory read in _decode_session4
        - KVM: arm/arm64: Ensure vcpu target is unset on reset failure
        - power: supply: sysfs: prevent endless uevent loop with
          CONFIG_POWER_SUPPLY_DEBUG
        - ufs: fix braino in ufs_get_inode_gid() for solaris UFS flavour
        - perf bench numa: Add define for RUSAGE_THREAD if not present
        - Revert "Don't jump to compute_result state from check_result state"
        - md/raid: raid5 preserve the writeback action after the parity check
        - btrfs: Honour FITRIM range constraints during free space trim
        - fbdev: sm712fb: fix memory frequency by avoiding a switch/case fallthrough
        - ext4: do not delete unlinked inode from orphan list on failed truncate
        - KVM: x86: fix return value for reserved EFER
        - bio: fix improper use of smp_mb__before_atomic()
        - Revert "scsi: sd: Keep disk read-only when re-reading partition"
        - crypto: vmx - CTR: always increment IV as quadword
        - gfs2: Fix sign extension bug in gfs2_update_stats
        - Btrfs: fix race between ranged fsync and writeback of adjacent ranges
        - btrfs: sysfs: don't leak memory when failing add fsid
        - fbdev: fix divide error in fb_var_to_videomode
        - hugetlb: use same fault hash key for shared and private mappings
        - fbdev: fix WARNING in __alloc_pages_nodemask bug
        - media: cpia2: Fix use-after-free in cpia2_exit
        - media: vivid: use vfree() instead of kfree() for dev->bitmap_cap
        - ssb: Fix possible NULL pointer dereference in ssb_host_pcmcia_exit
        - at76c50x-usb: Don't register led_trigger if usb_register_driver failed
        - perf tools: No need to include bitops.h in util.h
        - gfs2: Fix lru_count going negative
        - cxgb4: Fix error path in cxgb4_init_module
        - mmc: core: Verify SD bus width
        - powerpc/boot: Fix missing check of lseek() return value
        - ASoC: imx: fix fiq dependencies
        - spi: pxa2xx: fix SCR (divisor) calculation
        - brcm80211: potential NULL dereference in
          brcmf_cfg80211_vndr_cmds_dcmd_handler()
        - rtc: 88pm860x: prevent use-after-free on device remove
        - w1: fix the resume command API
        - dmaengine: pl330: _stop: clear interrupt status
        - mac80211/cfg80211: update bss channel on channel switch
        - ASoC: fsl_sai: Update is_slave_mode with correct value
        - mwifiex: prevent an array overflow
        - net: cw1200: fix a NULL pointer dereference
        - bcache: return error immediately in bch_journal_replay()
        - bcache: fix failure in journal relplay
        - bcache: add failure check to run_cache_set() for journal replay
        - bcache: avoid clang -Wunintialized warning
        - x86/build: Move _etext to actual end of .text
        - smpboot: Place the __percpu annotation correctly
        - x86/mm: Remove in_nmi() warning from 64-bit implementation of
          vmalloc_fault()
        - mm/uaccess: Use 'unsigned long' to placate UBSAN warnings on older GCC
          versions
        - HID: logitech-hidpp: use RAP instead of FAP to get the protocol version
        - pinctrl: pistachio: fix leaked of_node references
        - dmaengine: at_xdmac: remove BUG_ON macro in tasklet
        - media: coda: clear error return value before picture run
        - media: ov6650: Move v4l2_clk_get() to ov6650_video_probe() helper
        - media: au0828: stop video streaming only when last user stops
        - media: ov2659: make S_FMT succeed even if requested format doesn't match
        - audit: fix a memory leak bug
        - media: au0828: Fix NULL pointer dereference in au0828_analog_stream_enable()
        - media: pvrusb2: Prevent a buffer overflow
        - powerpc/numa: improve control of topology updates
        - sched/core: Check quota and period overflow at usec to nsec conversion
        - sched/core: Handle overflow in cpu_shares_write_u64
        - USB: core: Don't unbind interfaces following device reset failure
        - x86/irq/64: Limit IST stack overflow check to #DB stack
        - i40e: don't allow changes to HW VLAN stripping on active port VLANs
        - RDMA/cxgb4: Fix null pointer dereference on alloc_skb failure
        - hwmon: (vt1211) Use request_muxed_region for Super-IO accesses
        - hwmon: (smsc47m1) Use request_muxed_region for Super-IO accesses
        - hwmon: (smsc47b397) Use request_muxed_region for Super-IO accesses
        - hwmon: (pc87427) Use request_muxed_region for Super-IO accesses
        - hwmon: (f71805f) Use request_muxed_region for Super-IO accesses
        - scsi: libsas: Do discovery on empty PHY to update PHY info
        - mmc_spi: add a status check for spi_sync_locked
        - mmc: sdhci-of-esdhc: add erratum eSDHC5 support
        - mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358 support
        - PM / core: Propagate dev->power.wakeup_path when no callbacks
        - extcon: arizona: Disable mic detect if running when driver is removed
        - s390: cio: fix cio_irb declaration
        - cpufreq: ppc_cbe: fix possible object reference leak
        - cpufreq/pasemi: fix possible object reference leak
        - cpufreq: pmac32: fix possible object reference leak
        - x86/build: Keep local relocations with ld.lld
        - iio: ad_sigma_delta: Properly handle SPI bus locking vs CS assertion
        - iio: hmc5843: fix potential NULL pointer dereferences
        - iio: common: ssp_sensors: Initialize calculated_time in
          ssp_common_process_data
        - rtlwifi: fix a potential NULL pointer dereference
        - brcmfmac: fix missing checks for kmemdup
        - b43: shut up clang -Wuninitialized variable warning
        - brcmfmac: convert dev_init_lock mutex to completion
        - brcmfmac: fix race during disconnect when USB completion is in progress
        - scsi: ufs: Fix regulator load and icc-level configuration
        - scsi: ufs: Avoid configuring regulator with undefined voltage range
        - arm64: cpu_ops: fix a leaked reference by adding missing of_node_put
        - x86/ia32: Fix ia32_restore_sigcontext() AC leak
        - chardev: add additional check for minor range overlap
        - HID: core: move Usage Page concatenation to Main item
        - ASoC: eukrea-tlv320: fix a leaked reference by adding missing of_node_put
        - ASoC: fsl_utils: fix a leaked reference by adding missing of_node_put
        - cxgb3/l2t: Fix undefined behaviour
        - spi: tegra114: reset controller on probe
        - media: wl128x: prevent two potential buffer overflows
        - virtio_console: initialize vtermno value for ports
        - tty: ipwireless: fix missing checks for ioremap
        - rcutorture: Fix cleanup path for invalid torture_type strings
        - usb: core: Add PM runtime calls to usb_hcd_platform_shutdown
        - scsi: qla4xxx: avoid freeing unallocated dma memory
        - media: m88ds3103: serialize reset messages in m88ds3103_set_frontend
        - media: go7007: avoid clang frame overflow warning with KASAN
        - media: saa7146: avoid high stack usage with clang
        - scsi: lpfc: Fix SLI3 commands being issued on SLI4 devices
        - spi : spi-topcliff-pch: Fix to handle empty DMA buffers
        - spi: rspi: Fix sequencer reset during initialization
        - spi: Fix zero length xfer bug
        - ASoC: davinci-mcasp: Fix clang warning without CONFIG_PM
        - ipv6: Consider sk_bound_dev_if when binding a raw socket to an address
        - llc: fix skb leak in llc_build_and_send_ui_pkt()
        - net-gro: fix use-after-free read in napi_gro_frags()
        - net: stmmac: fix reset gpio free missing
        - usbnet: fix kernel crash after disconnect
        - tipc: Avoid copying bytes beyond the supplied data
        - bnxt_en: Fix aggregation buffer leak under OOM condition.
        - net: mvpp2: fix bad MVPP2_TXQ_SCHED_TOKEN_CNTR_REG queue value
        - crypto: vmx - ghash: do nosimd fallback manually
        - xen/pciback: Don't disable PCI_COMMAND on PCI device reset.
        - Revert "tipc: fix modprobe tipc failed after switch order of device
          registration"
        - tipc: fix modprobe tipc failed after switch order of device registration -v2
        - sparc64: Fix regression in non-hypervisor TLB flush xcall
        - include/linux/bitops.h: sanitize rotate primitives
        - xhci: Convert xhci_handshake() to use readl_poll_timeout_atomic()
        - usb: xhci: avoid null pointer deref when bos field is NULL
        - USB: Fix slab-out-of-bounds write in usb_get_bos_descriptor
        - USB: sisusbvga: fix oops in error path of sisusb_probe
        - USB: Add LPM quirk for Surface Dock GigE adapter
        - USB: rio500: refuse more than one device at a time
        - USB: rio500: fix memory leak in close after disconnect
        - media: usb: siano: Fix general protection fault in smsusb
        - media: usb: siano: Fix false-positive "uninitialized variable" warning
        - media: smsusb: better handle optional alignment
        - scsi: zfcp: fix missing zfcp_port reference put on -EBUSY from port_remove
        - scsi: zfcp: fix to prevent port_remove with pure auto scan LUNs (only sdevs)
        - Btrfs: fix race updating log root item during fsync
        - ALSA: hda/realtek - Set default power save node to 0
        - drm/nouveau/i2c: Disable i2c bus access after ->fini()
        - tty: serial: msm_serial: Fix XON/XOFF
        - tty: max310x: Fix external crystal register setup
        - memcg: make it work on sparse non-0-node systems
        - kernel/signal.c: trace_signal_deliver when signal_group_exit
        - CIFS: cifs_read_allocate_pages: don't iterate through whole page array on
          ENOMEM
        - binder: Replace "%p" with "%pK" for stable
        - binder: replace "%p" with "%pK"
        - brcmfmac: Add length checks on firmware events
        - brcmfmac: screening firmware event packet
        - brcmfmac: revise handling events in receive path
        - brcmfmac: fix incorrect event channel deduction
        - brcmfmac: add length checks in scheduled scan result handler
        - brcmfmac: add subtype check for event handling in data path
        - userfaultfd: don't pin the user memory in userfaultfd_file_create()
        - Revert "x86/build: Move _etext to actual end of .text"
        - net: cdc_ncm: GetNtbFormat endian fix
        - usb: gadget: fix request length error for isoc transfer
        - media: uvcvideo: Fix uvc_alloc_entity() allocation alignment
        - ethtool: fix potential userspace buffer overflow
        - neighbor: Call __ipv4_neigh_lookup_noref in neigh_xmit
        - net/mlx4_en: ethtool, Remove unsupported SFP EEPROM high pages query
        - net: rds: fix memory leak in rds_ib_flush_mr_pool
        - pktgen: do not sleep with the thread lock held.
        - rcu: locking and unlocking need to always be at least barriers
        - parisc: Use implicit space register selection for loading the coherence
          index of I/O pdirs
        - fuse: fallocate: fix return with locked inode
        - MIPS: pistachio: Build uImage.gz by default
        - genwqe: Prevent an integer overflow in the ioctl
        - drm/gma500/cdv: Check vbt config bits when detecting lvds panels
        - fs: stream_open - opener for stream-like files so that read and write can
          run simultaneously without deadlock
        - fuse: Add FOPEN_STREAM to use stream_open()
        - ipv4: Define __ipv4_neigh_lookup_noref when CONFIG_INET is disabled
        - ethtool: check the return value of get_regs_len
        - Linux 4.4.181
    
      * CVE-2019-2054
        - arm/ptrace: run seccomp after ptrace
    
      * CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130
        - x86/speculation: Remove redundant arch_smt_update() invocation
    
      * Revert x86/vdso linker changes from #1830890 as this causes glibc
        2.29-0ubuntu3 FTBFS on eoan (LP: #1834315)
        - Revert "x86/vdso: Pass --eh-frame-hdr to the linker"
        - Revert "x86: vdso: Use $LD instead of $CC to link"
    
      * [linux-azure] Block Layer Commits Requested in Azure Kernels (LP: #1834499)
        - bio_copy_from_iter(): get rid of copying iov_iter
        - block: Clear kernel memory before copying to user
        - block/bio: Do not zero user pages
    
      * CONFIG_LOG_BUF_SHIFT set to 14 is too low on arm64 (LP: #1824864)
        - [Config] CONFIG_LOG_BUF_SHIFT=18 on all 64bit arches
    
      * CVE-2019-11833
        - ext4: zero out the unused memory region in the extent tree block
    
      * idle-page oopses when accessing page frames that are out of range
        (LP: #1833410)
        - mm/page_idle.c: fix oops because end_pfn is larger than max_pfn
    
      * Performance degradation when copying from LVM snapshot backed by NVMe disk
        (LP: #1833319)
        - NVMe: Allow request merges
    
      * Bluetooth regressions with Xenial kernel 4.4.0-152.179 (LP: #1833698)
        - Revert "Bluetooth: Align minimum encryption key size for LE and BR/EDR
          connections"
    
      * 4.4.0-145-generic Kernel Panic  ip6_expire_frag_queue (LP: #1824687)
        - SAUCE: ipv6: frags: fix skb extraction in ip6_expire_frag_queue()
    
      * [Xenial] Customer can not SSH to Linux VM due to "VSC State Unhealthy"
        (LP: #1826416)
        - vmbus: fix missing signaling in hv_signal_on_read()
    
      * Xenial update: 4.4.180 upstream stable release (LP: #1830176)
        - kbuild: simplify ld-option implementation
        - KVM: fail KVM_SET_VCPU_EVENTS with invalid exception number
        - cifs: do not attempt cifs operation on smb2+ rename error
        - MIPS: scall64-o32: Fix indirect syscall number load
        - trace: Fix preempt_enable_no_resched() abuse
        - sched/numa: Fix a possible divide-by-zero
        - ceph: ensure d_name stability in ceph_dentry_hash()
        - ceph: fix ci->i_head_snapc leak
        - nfsd: Don't release the callback slot unless it was actually held
        - sunrpc: don't mark uninitialised items as VALID.
        - USB: Add new USB LPM helpers
        - USB: Consolidate LPM checks to avoid enabling LPM twice
        - powerpc/xmon: Add RFI flush related fields to paca dump
        - powerpc/64s: Improve RFI L1-D cache flush fallback
        - powerpc/64s: Fix section mismatch warnings from setup_rfi_flush()
        - Revert "UBUNTU: SAUCE: powerpc/64s: Add support for a store forwarding
          barrier at kernel entry/exit"
        - powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit
        - powerpc/64s: Add barrier_nospec
        - powerpc/64s: Add support for ori barrier_nospec patching
        - powerpc/64s: Patch barrier_nospec in modules
        - powerpc/64s: Enable barrier_nospec based on firmware settings
        - powerpc/64: Use barrier_nospec in syscall entry
        - powerpc: Use barrier_nospec in copy_from_user()
        - powerpc/64s: Enhance the information in cpu_show_spectre_v1()
        - powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2
        - powerpc/64: Disable the speculation barrier from the command line
        - powerpc/64: Make stf barrier PPC_BOOK3S_64 specific.
        - powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC
        - powerpc/64: Call setup_barrier_nospec() from setup_arch()
        - powerpc/64: Make meltdown reporting Book3S 64 specific
        - powerpc/fsl: Add barrier_nospec implementation for NXP PowerPC Book3E
        - powerpc/asm: Add a patch_site macro & helpers for patching instructions
        - powerpc/64s: Add new security feature flags for count cache flush
        - powerpc/64s: Add support for software count cache flush
        - powerpc/pseries: Query hypervisor for count cache flush settings
        - powerpc/powernv: Query firmware for count cache flush settings
        - powerpc: Avoid code patching freed init sections
        - powerpc/fsl: Add infrastructure to fixup branch predictor flush
        - powerpc/fsl: Add macro to flush the branch predictor
        - powerpc/fsl: Fix spectre_v2 mitigations reporting
        - powerpc/fsl: Add nospectre_v2 command line argument
        - powerpc/fsl: Flush the branch predictor at each kernel entry (64bit)
        - powerpc/fsl: Update Spectre v2 reporting
        - powerpc/security: Fix spectre_v2 reporting
        - powerpc/fsl: Fix the flush of branch predictor.
        - tipc: handle the err returned from cmd header function
        - slip: make slhc_free() silently accept an error pointer
        - intel_th: gth: Fix an off-by-one in output unassigning
        - fs/proc/proc_sysctl.c: Fix a NULL pointer dereference
        - NFS: Forbid setting AF_INET6 to "struct sockaddr_in"->sin_family.
        - netfilter: ebtables: CONFIG_COMPAT: drop a bogus WARN_ON
        - tipc: check bearer name with right length in tipc_nl_compat_bearer_enable
        - tipc: check link name with right length in tipc_nl_compat_link_set
        - bpf: reject wrong sized filters earlier
        - Revert "block/loop: Use global lock for ioctl() operation."
        - ipv4: add sanity checks in ipv4_link_failure()
        - team: fix possible recursive locking when add slaves
        - net: stmmac: move stmmac_check_ether_addr() to driver probe
        - ipv4: set the tcp_min_rtt_wlen range from 0 to one day
        - powerpc/fsl: Enable runtime patching if nospectre_v2 boot arg is used
        - powerpc/fsl: Flush branch predictor when entering KVM
        - powerpc/fsl: Emulate SPRN_BUCSR register
        - powerpc/fsl: Flush the branch predictor at each kernel entry (32 bit)
        - powerpc/fsl: Sanitize the syscall table for NXP PowerPC 32 bit platforms
        - powerpc/fsl: Fixed warning: orphan section `__btb_flush_fixup'
        - powerpc/fsl: Add FSL_PPC_BOOK3E as supported arch for nospectre_v2 boot arg
        - Documentation: Add nospectre_v1 parameter
        - usbnet: ipheth: prevent TX queue timeouts when device not ready
        - usbnet: ipheth: fix potential null pointer dereference in ipheth_carrier_set
        - qlcnic: Avoid potential NULL pointer dereference
        - netfilter: bridge: set skb transport_header before entering
          NF_INET_PRE_ROUTING
        - sc16is7xx: missing unregister/delete driver on error in sc16is7xx_init()
        - usb: gadget: net2280: Fix overrun of OUT messages
        - usb: gadget: net2280: Fix net2280_dequeue()
        - usb: gadget: net2272: Fix net2272_dequeue()
        - ARM: dts: pfla02: increase phy reset duration
        - net: ks8851: Dequeue RX packets explicitly
        - net: ks8851: Reassert reset pin if chip ID check fails
        - net: ks8851: Delay requesting IRQ until opened
        - net: ks8851: Set initial carrier state to down
        - net: xilinx: fix possible object reference leak
        - net: ibm: fix possible object reference leak
        - net: ethernet: ti: fix possible object reference leak
        - scsi: qla4xxx: fix a potential NULL pointer dereference
        - usb: u132-hcd: fix resource leak
        - ceph: fix use-after-free on symlink traversal
        - scsi: zfcp: reduce flood of fcrscn1 trace records on multi-element RSCN
        - libata: fix using DMA buffers on stack
        - kconfig/[mn]conf: handle backspace (^H) key
        - ALSA: line6: use dynamic buffers
        - ipv4: ip_do_fragment: Preserve skb_iif during fragmentation
        - ipv6/flowlabel: wait rcu grace period before put_pid()
        - ipv6: invert flowlabel sharing check in process and user mode
        - bnxt_en: Improve multicast address setup logic.
        - packet: validate msg_namelen in send directly
        - USB: yurex: Fix protection fault after device removal
        - USB: w1 ds2490: Fix bug caused by improper use of altsetting array
        - USB: core: Fix unterminated string returned by usb_string()
        - USB: core: Fix bug caused by duplicate interface PM usage counter
        - HID: debug: fix race condition with between rdesc_show() and device removal
        - rtc: sh: Fix invalid alarm warning for non-enabled alarm
        - bonding: show full hw address in sysfs for slave entries
        - jffs2: fix use-after-free on symlink traversal
        - debugfs: fix use-after-free on symlink traversal
        - rtc: da9063: set uie_unsupported when relevant
        - vfio/pci: use correct format characters
        - scsi: storvsc: Fix calculation of sub-channel count
        - net: hns: Use NAPI_POLL_WEIGHT for hns driver
        - net: hns: Fix WARNING when remove HNS driver with SMMU enabled
        - hugetlbfs: fix memory leak for resv_map
        - xsysace: Fix error handling in ace_setup
        - ARM: orion: don't use using 64-bit DMA masks
        - ARM: iop: don't use using 64-bit DMA masks
        - usb: usbip: fix isoc packet num validation in get_pipe
        - staging: iio: adt7316: allow adt751x to use internal vref for all dacs
        - staging: iio: adt7316: fix the dac read calculation
        - staging: iio: adt7316: fix the dac write calculation
        - Input: snvs_pwrkey - initialize necessary driver data before enabling IRQ
        - selinux: never allow relabeling on context mounts
        - x86/mce: Improve error message when kernel cannot recover, p2
        - media: v4l2: i2c: ov7670: Fix PLL bypass register values
        - scsi: libsas: fix a race condition when smp task timeout
        - ASoC:soc-pcm:fix a codec fixup issue in TDM case
        - ASoC: cs4270: Set auto-increment bit for register writes
        - ASoC: tlv320aic32x4: Fix Common Pins
        - perf/x86/intel: Fix handling of wakeup_events for multi-entry PEBS
        - scsi: csiostor: fix missing data copy in csio_scsi_err_handler()
        - iommu/amd: Set exclusion range correctly
        - genirq: Prevent use-after-free and work list corruption
        - usb: dwc3: Fix default lpm_nyet_threshold value
        - scsi: qla2xxx: Fix incorrect region-size setting in optrom SYSFS routines
        - Bluetooth: hidp: fix buffer overflow
        - Bluetooth: Align minimum encryption key size for LE and BR/EDR connections
        - UAS: fix alignment of scatter/gather segments
        - ipv6: fix a potential deadlock in do_ipv6_setsockopt()
        - ASoC: Intel: avoid Oops if DMA setup fails
        - timer/debug: Change /proc/timer_stats from 0644 to 0600
        - netfilter: compat: initialize all fields in xt_init
        - platform/x86: sony-laptop: Fix unintentional fall-through
        - iio: adc: xilinx: fix potential use-after-free on remove
        - HID: input: add mapping for Expose/Overview key
        - HID: input: add mapping for keyboard Brightness Up/Down/Toggle keys
        - libnvdimm/btt: Fix a kmemdup failure check
        - s390/dasd: Fix capacity calculation for large volumes
        - s390/3270: fix lockdep false positive on view->lock
        - KVM: x86: avoid misreporting level-triggered irqs as edge-triggered in
          tracing
        - tools lib traceevent: Fix missing equality check for strcmp
        - init: initialize jump labels before command line option parsing
        - ipvs: do not schedule icmp errors from tunnels
        - s390: ctcm: fix ctcm_new_device error return code
        - gpu: ipu-v3: dp: fix CSC handling
        - cw1200: fix missing unlock on error in cw1200_hw_scan()
        - Don't jump to compute_result state from check_result state
        - x86/microcode/intel: Add a helper which gives the microcode revision
        - x86: stop exporting msr-index.h to userland
        - x86/microcode/intel: Check microcode revision before updating sibling
          threads
        - x86/MCE: Save microcode revision in machine check records
        - x86/bugs: Add AMD's variant of SSB_NO
        - x86/bugs: Add AMD's SPEC_CTRL MSR usage
        - x86/bugs: Switch the selection of mitigation from CPU vendor to CPU features
        - x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR
        - x86/microcode: Make sure boot_cpu_data.microcode is up-to-date
        - x86/microcode: Update the new microcode revision unconditionally
        - x86/mm: Use WRITE_ONCE() when setting PTEs
        - x86/speculation: Apply IBPB more strictly to avoid cross-process data leak
        - x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation
        - x86/speculation: Propagate information about RSB filling mitigation to sysfs
        - x86/speculation: Update the TIF_SSBD comment
        - x86/speculation: Clean up spectre_v2_parse_cmdline()
        - x86/speculation: Move STIPB/IBPB string conditionals out of
          cpu_show_common()
        - x86/speculation: Disable STIBP when enhanced IBRS is in use
        - x86/speculation: Rename SSBD update functions
        - x86/speculation: Reorganize speculation control MSRs update
        - x86/Kconfig: Select SCHED_SMT if SMP enabled
        - x86/speculation: Mark string arrays const correctly
        - x86/speculataion: Mark command line parser data __initdata
        - x86/speculation: Add command line control for indirect branch speculation
        - x86/speculation: Prepare for per task indirect branch speculation control
        - x86/process: Consolidate and simplify switch_to_xtra() code
        - x86/speculation: Avoid __switch_to_xtra() calls
        - x86/speculation: Prepare for conditional IBPB in switch_mm()
        - x86/speculation: Split out TIF update
        - x86/speculation: Prepare arch_smt_update() for PRCTL mode
        - x86/speculation: Prevent stale SPEC_CTRL msr content
        - x86/speculation: Add prctl() control for indirect branch speculation
        - x86/speculation: Enable prctl mode for spectre_v2_user
        - x86/speculation: Add seccomp Spectre v2 user space protection mode
        - x86/speculation: Provide IBPB always command line options
        - x86/cpu/bugs: Use __initconst for 'const' init data
        - USB: serial: use variable for status
        - USB: serial: fix unthrottle races
        - bridge: Fix error path for kobject_init_and_add()
        - net: ucc_geth - fix Oops when changing number of buffers in the ring
        - packet: Fix error path in packet_init
        - vlan: disable SIOCSHWTSTAMP in container
        - vrf: sit mtu should not be updated when vrf netdev is the link
        - ipv4: Fix raw socket lookup for local traffic
        - bonding: fix arp_validate toggling in active-backup mode
        - drivers/virt/fsl_hypervisor.c: dereferencing error pointers in ioctl
        - drivers/virt/fsl_hypervisor.c: prevent integer overflow in ioctl
        - powerpc/booke64: set RI in default MSR
        - powerpc/lib: fix book3s/32 boot failure due to code patching
        - Linux 4.4.180
        - SAUCE: Clarify IBRS/IBPB runtime state change messages
        - SAUCE: x86/speculation: Move STIBP hunks
        - SAUCE: powerpc/speculation: Support 'mitigations=' cmdline option
        - SAUCE: x86/speculation: Update 'mitigations=' documentation
        - SAUCE: Show 'pti' instead of 'kaiser' in /proc/cpuinfo
        - SAUCE: perf/bench: Drop definition of BIT in numa.c
        - SAUCE: x86/speculation: Fix SSB command line documentation
    
      * CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130 // CVE-2019-11091
        - SAUCE: Synchronize MDS mitigations with upstream
        - Documentation: Correct the possible MDS sysfs values
        - x86/speculation/mds: Fix documentation typo
    
      * CVE-2019-11091
        - x86/mds: Add MDSUM variant to the MDS documentation
    
     -- Kleber Sacilotto de Souza <email address hidden>  Tue, 02 Jul 2019 13:53:41 +0200
  • linux (4.4.0-154.181) xenial; urgency=medium
    
      * linux: 4.4.0-154.181 -proposed tracker (LP: #1834030)
    
      * CVE-2019-11478
        - tcp: refine memory limit test in tcp_fragment()
    
      * CVE-2019-11479
        - SAUCE: tcp: add tcp_min_snd_mss sysctl
        - SAUCE: tcp: enforce tcp_min_snd_mss in tcp_mtu_probing()
    
     -- Khalid Elmously <email address hidden>  Tue, 25 Jun 2019 00:36:38 -0400
  • linux (4.4.0-153.180) xenial; urgency=medium
    
      * linux: 4.4.0-153.180 -proposed tracker (LP: #1833794)
    
      * Bluetooth regressions with Xenial kernel 4.4.0-152.179 (LP: #1833698)
        - Revert "Bluetooth: Align minimum encryption key size for LE and BR/EDR
          connections"
    
    linux (4.4.0-152.179) xenial; urgency=medium
    
      * linux: 4.4.0-152.179 -proposed tracker (LP: #1832593)
    
      * CVE-2019-11479
        - SAUCE: tcp: add tcp_min_snd_mss sysctl
        - SAUCE: tcp: enforce tcp_min_snd_mss in tcp_mtu_probing()
    
      * 4.4.0-145-generic Kernel Panic  ip6_expire_frag_queue (LP: #1824687)
        - SAUCE: ipv6: frags: fix skb extraction in ip6_expire_frag_queue()
    
      * [Xenial] Customer can not SSH to Linux VM due to "VSC State Unhealthy"
        (LP: #1826416)
        - vmbus: fix missing signaling in hv_signal_on_read()
    
      * Xenial update: 4.4.180 upstream stable release (LP: #1830176)
        - kbuild: simplify ld-option implementation
        - KVM: fail KVM_SET_VCPU_EVENTS with invalid exception number
        - cifs: do not attempt cifs operation on smb2+ rename error
        - MIPS: scall64-o32: Fix indirect syscall number load
        - trace: Fix preempt_enable_no_resched() abuse
        - sched/numa: Fix a possible divide-by-zero
        - ceph: ensure d_name stability in ceph_dentry_hash()
        - ceph: fix ci->i_head_snapc leak
        - nfsd: Don't release the callback slot unless it was actually held
        - sunrpc: don't mark uninitialised items as VALID.
        - USB: Add new USB LPM helpers
        - USB: Consolidate LPM checks to avoid enabling LPM twice
        - powerpc/xmon: Add RFI flush related fields to paca dump
        - powerpc/64s: Improve RFI L1-D cache flush fallback
        - powerpc/64s: Fix section mismatch warnings from setup_rfi_flush()
        - Revert "UBUNTU: SAUCE: powerpc/64s: Add support for a store forwarding
          barrier at kernel entry/exit"
        - powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit
        - powerpc/64s: Add barrier_nospec
        - powerpc/64s: Add support for ori barrier_nospec patching
        - powerpc/64s: Patch barrier_nospec in modules
        - powerpc/64s: Enable barrier_nospec based on firmware settings
        - powerpc/64: Use barrier_nospec in syscall entry
        - powerpc: Use barrier_nospec in copy_from_user()
        - powerpc/64s: Enhance the information in cpu_show_spectre_v1()
        - powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2
        - powerpc/64: Disable the speculation barrier from the command line
        - powerpc/64: Make stf barrier PPC_BOOK3S_64 specific.
        - powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC
        - powerpc/64: Call setup_barrier_nospec() from setup_arch()
        - powerpc/64: Make meltdown reporting Book3S 64 specific
        - powerpc/fsl: Add barrier_nospec implementation for NXP PowerPC Book3E
        - powerpc/asm: Add a patch_site macro & helpers for patching instructions
        - powerpc/64s: Add new security feature flags for count cache flush
        - powerpc/64s: Add support for software count cache flush
        - powerpc/pseries: Query hypervisor for count cache flush settings
        - powerpc/powernv: Query firmware for count cache flush settings
        - powerpc: Avoid code patching freed init sections
        - powerpc/fsl: Add infrastructure to fixup branch predictor flush
        - powerpc/fsl: Add macro to flush the branch predictor
        - powerpc/fsl: Fix spectre_v2 mitigations reporting
        - powerpc/fsl: Add nospectre_v2 command line argument
        - powerpc/fsl: Flush the branch predictor at each kernel entry (64bit)
        - powerpc/fsl: Update Spectre v2 reporting
        - powerpc/security: Fix spectre_v2 reporting
        - powerpc/fsl: Fix the flush of branch predictor.
        - tipc: handle the err returned from cmd header function
        - slip: make slhc_free() silently accept an error pointer
        - intel_th: gth: Fix an off-by-one in output unassigning
        - fs/proc/proc_sysctl.c: Fix a NULL pointer dereference
        - NFS: Forbid setting AF_INET6 to "struct sockaddr_in"->sin_family.
        - netfilter: ebtables: CONFIG_COMPAT: drop a bogus WARN_ON
        - tipc: check bearer name with right length in tipc_nl_compat_bearer_enable
        - tipc: check link name with right length in tipc_nl_compat_link_set
        - bpf: reject wrong sized filters earlier
        - Revert "block/loop: Use global lock for ioctl() operation."
        - ipv4: add sanity checks in ipv4_link_failure()
        - team: fix possible recursive locking when add slaves
        - net: stmmac: move stmmac_check_ether_addr() to driver probe
        - ipv4: set the tcp_min_rtt_wlen range from 0 to one day
        - powerpc/fsl: Enable runtime patching if nospectre_v2 boot arg is used
        - powerpc/fsl: Flush branch predictor when entering KVM
        - powerpc/fsl: Emulate SPRN_BUCSR register
        - powerpc/fsl: Flush the branch predictor at each kernel entry (32 bit)
        - powerpc/fsl: Sanitize the syscall table for NXP PowerPC 32 bit platforms
        - powerpc/fsl: Fixed warning: orphan section `__btb_flush_fixup'
        - powerpc/fsl: Add FSL_PPC_BOOK3E as supported arch for nospectre_v2 boot arg
        - Documentation: Add nospectre_v1 parameter
        - usbnet: ipheth: prevent TX queue timeouts when device not ready
        - usbnet: ipheth: fix potential null pointer dereference in ipheth_carrier_set
        - qlcnic: Avoid potential NULL pointer dereference
        - netfilter: bridge: set skb transport_header before entering
          NF_INET_PRE_ROUTING
        - sc16is7xx: missing unregister/delete driver on error in sc16is7xx_init()
        - usb: gadget: net2280: Fix overrun of OUT messages
        - usb: gadget: net2280: Fix net2280_dequeue()
        - usb: gadget: net2272: Fix net2272_dequeue()
        - ARM: dts: pfla02: increase phy reset duration
        - net: ks8851: Dequeue RX packets explicitly
        - net: ks8851: Reassert reset pin if chip ID check fails
        - net: ks8851: Delay requesting IRQ until opened
        - net: ks8851: Set initial carrier state to down
        - net: xilinx: fix possible object reference leak
        - net: ibm: fix possible object reference leak
        - net: ethernet: ti: fix possible object reference leak
        - scsi: qla4xxx: fix a potential NULL pointer dereference
        - usb: u132-hcd: fix resource leak
        - ceph: fix use-after-free on symlink traversal
        - scsi: zfcp: reduce flood of fcrscn1 trace records on multi-element RSCN
        - libata: fix using DMA buffers on stack
        - kconfig/[mn]conf: handle backspace (^H) key
        - ALSA: line6: use dynamic buffers
        - ipv4: ip_do_fragment: Preserve skb_iif during fragmentation
        - ipv6/flowlabel: wait rcu grace period before put_pid()
        - ipv6: invert flowlabel sharing check in process and user mode
        - bnxt_en: Improve multicast address setup logic.
        - packet: validate msg_namelen in send directly
        - USB: yurex: Fix protection fault after device removal
        - USB: w1 ds2490: Fix bug caused by improper use of altsetting array
        - USB: core: Fix unterminated string returned by usb_string()
        - USB: core: Fix bug caused by duplicate interface PM usage counter
        - HID: debug: fix race condition with between rdesc_show() and device removal
        - rtc: sh: Fix invalid alarm warning for non-enabled alarm
        - bonding: show full hw address in sysfs for slave entries
        - jffs2: fix use-after-free on symlink traversal
        - debugfs: fix use-after-free on symlink traversal
        - rtc: da9063: set uie_unsupported when relevant
        - vfio/pci: use correct format characters
        - scsi: storvsc: Fix calculation of sub-channel count
        - net: hns: Use NAPI_POLL_WEIGHT for hns driver
        - net: hns: Fix WARNING when remove HNS driver with SMMU enabled
        - hugetlbfs: fix memory leak for resv_map
        - xsysace: Fix error handling in ace_setup
        - ARM: orion: don't use using 64-bit DMA masks
        - ARM: iop: don't use using 64-bit DMA masks
        - usb: usbip: fix isoc packet num validation in get_pipe
        - staging: iio: adt7316: allow adt751x to use internal vref for all dacs
        - staging: iio: adt7316: fix the dac read calculation
        - staging: iio: adt7316: fix the dac write calculation
        - Input: snvs_pwrkey - initialize necessary driver data before enabling IRQ
        - selinux: never allow relabeling on context mounts
        - x86/mce: Improve error message when kernel cannot recover, p2
        - media: v4l2: i2c: ov7670: Fix PLL bypass register values
        - scsi: libsas: fix a race condition when smp task timeout
        - ASoC:soc-pcm:fix a codec fixup issue in TDM case
        - ASoC: cs4270: Set auto-increment bit for register writes
        - ASoC: tlv320aic32x4: Fix Common Pins
        - perf/x86/intel: Fix handling of wakeup_events for multi-entry PEBS
        - scsi: csiostor: fix missing data copy in csio_scsi_err_handler()
        - iommu/amd: Set exclusion range correctly
        - genirq: Prevent use-after-free and work list corruption
        - usb: dwc3: Fix default lpm_nyet_threshold value
        - scsi: qla2xxx: Fix incorrect region-size setting in optrom SYSFS routines
        - Bluetooth: hidp: fix buffer overflow
        - Bluetooth: Align minimum encryption key size for LE and BR/EDR connections
        - UAS: fix alignment of scatter/gather segments
        - ipv6: fix a potential deadlock in do_ipv6_setsockopt()
        - ASoC: Intel: avoid Oops if DMA setup fails
        - timer/debug: Change /proc/timer_stats from 0644 to 0600
        - netfilter: compat: initialize all fields in xt_init
        - platform/x86: sony-laptop: Fix unintentional fall-through
        - iio: adc: xilinx: fix potential use-after-free on remove
        - HID: input: add mapping for Expose/Overview key
        - HID: input: add mapping for keyboard Brightness Up/Down/Toggle keys
        - libnvdimm/btt: Fix a kmemdup failure check
        - s390/dasd: Fix capacity calculation for large volumes
        - s390/3270: fix lockdep false positive on view->lock
        - KVM: x86: avoid misreporting level-triggered irqs as edge-triggered in
          tracing
        - tools lib traceevent: Fix missing equality check for strcmp
        - init: initialize jump labels before command line option parsing
        - ipvs: do not schedule icmp errors from tunnels
        - s390: ctcm: fix ctcm_new_device error return code
        - gpu: ipu-v3: dp: fix CSC handling
        - cw1200: fix missing unlock on error in cw1200_hw_scan()
        - Don't jump to compute_result state from check_result state
        - x86/microcode/intel: Add a helper which gives the microcode revision
        - x86: stop exporting msr-index.h to userland
        - x86/microcode/intel: Check microcode revision before updating sibling
          threads
        - x86/MCE: Save microcode revision in machine check records
        - x86/bugs: Add AMD's variant of SSB_NO
        - x86/bugs: Add AMD's SPEC_CTRL MSR usage
        - x86/bugs: Switch the selection of mitigation from CPU vendor to CPU features
        - x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR
        - x86/microcode: Make sure boot_cpu_data.microcode is up-to-date
        - x86/microcode: Update the new microcode revision unconditionally
        - x86/mm: Use WRITE_ONCE() when setting PTEs
        - x86/speculation: Apply IBPB more strictly to avoid cross-process data leak
        - x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation
        - x86/speculation: Propagate information about RSB filling mitigation to sysfs
        - x86/speculation: Update the TIF_SSBD comment
        - x86/speculation: Clean up spectre_v2_parse_cmdline()
        - x86/speculation: Move STIPB/IBPB string conditionals out of
          cpu_show_common()
        - x86/speculation: Disable STIBP when enhanced IBRS is in use
        - x86/speculation: Rename SSBD update functions
        - x86/speculation: Reorganize speculation control MSRs update
        - x86/Kconfig: Select SCHED_SMT if SMP enabled
        - x86/speculation: Mark string arrays const correctly
        - x86/speculataion: Mark command line parser data __initdata
        - x86/speculation: Add command line control for indirect branch speculation
        - x86/speculation: Prepare for per task indirect branch speculation control
        - x86/process: Consolidate and simplify switch_to_xtra() code
        - x86/speculation: Avoid __switch_to_xtra() calls
        - x86/speculation: Prepare for conditional IBPB in switch_mm()
        - x86/speculation: Split out TIF update
        - x86/speculation: Prepare arch_smt_update() for PRCTL mode
        - x86/speculation: Prevent stale SPEC_CTRL msr content
        - x86/speculation: Add prctl() control for indirect branch speculation
        - x86/speculation: Enable prctl mode for spectre_v2_user
        - x86/speculation: Add seccomp Spectre v2 user space protection mode
        - x86/speculation: Provide IBPB always command line options
        - x86/cpu/bugs: Use __initconst for 'const' init data
        - USB: serial: use variable for status
        - USB: serial: fix unthrottle races
        - bridge: Fix error path for kobject_init_and_add()
        - net: ucc_geth - fix Oops when changing number of buffers in the ring
        - packet: Fix error path in packet_init
        - vlan: disable SIOCSHWTSTAMP in container
        - vrf: sit mtu should not be updated when vrf netdev is the link
        - ipv4: Fix raw socket lookup for local traffic
        - bonding: fix arp_validate toggling in active-backup mode
        - drivers/virt/fsl_hypervisor.c: dereferencing error pointers in ioctl
        - drivers/virt/fsl_hypervisor.c: prevent integer overflow in ioctl
        - powerpc/booke64: set RI in default MSR
        - powerpc/lib: fix book3s/32 boot failure due to code patching
        - Linux 4.4.180
        - SAUCE: Clarify IBRS/IBPB runtime state change messages
        - SAUCE: x86/speculation: Move STIBP hunks
        - SAUCE: powerpc/speculation: Support 'mitigations=' cmdline option
        - SAUCE: x86/speculation: Update 'mitigations=' documentation
        - SAUCE: Show 'pti' instead of 'kaiser' in /proc/cpuinfo
        - SAUCE: perf/bench: Drop definition of BIT in numa.c
        - SAUCE: x86/speculation: Fix SSB command line documentation
    
      * CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130 // CVE-2019-11091
        - SAUCE: Synchronize MDS mitigations with upstream
        - Documentation: Correct the possible MDS sysfs values
        - x86/speculation/mds: Fix documentation typo
    
      * CVE-2019-11091
        - x86/mds: Add MDSUM variant to the MDS documentation
    
     -- Khalid Elmously <email address hidden>  Fri, 21 Jun 2019 19:31:52 -0400
  • linux (4.4.0-152.179) xenial; urgency=medium
    
      * linux: 4.4.0-152.179 -proposed tracker (LP: #1832593)
    
      * CVE-2019-11479
        - SAUCE: tcp: add tcp_min_snd_mss sysctl
        - SAUCE: tcp: enforce tcp_min_snd_mss in tcp_mtu_probing()
    
      * 4.4.0-145-generic Kernel Panic  ip6_expire_frag_queue (LP: #1824687)
        - SAUCE: ipv6: frags: fix skb extraction in ip6_expire_frag_queue()
    
      * [Xenial] Customer can not SSH to Linux VM due to "VSC State Unhealthy"
        (LP: #1826416)
        - vmbus: fix missing signaling in hv_signal_on_read()
    
      * Xenial update: 4.4.180 upstream stable release (LP: #1830176)
        - kbuild: simplify ld-option implementation
        - KVM: fail KVM_SET_VCPU_EVENTS with invalid exception number
        - cifs: do not attempt cifs operation on smb2+ rename error
        - MIPS: scall64-o32: Fix indirect syscall number load
        - trace: Fix preempt_enable_no_resched() abuse
        - sched/numa: Fix a possible divide-by-zero
        - ceph: ensure d_name stability in ceph_dentry_hash()
        - ceph: fix ci->i_head_snapc leak
        - nfsd: Don't release the callback slot unless it was actually held
        - sunrpc: don't mark uninitialised items as VALID.
        - USB: Add new USB LPM helpers
        - USB: Consolidate LPM checks to avoid enabling LPM twice
        - powerpc/xmon: Add RFI flush related fields to paca dump
        - powerpc/64s: Improve RFI L1-D cache flush fallback
        - powerpc/64s: Fix section mismatch warnings from setup_rfi_flush()
        - Revert "UBUNTU: SAUCE: powerpc/64s: Add support for a store forwarding
          barrier at kernel entry/exit"
        - powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit
        - powerpc/64s: Add barrier_nospec
        - powerpc/64s: Add support for ori barrier_nospec patching
        - powerpc/64s: Patch barrier_nospec in modules
        - powerpc/64s: Enable barrier_nospec based on firmware settings
        - powerpc/64: Use barrier_nospec in syscall entry
        - powerpc: Use barrier_nospec in copy_from_user()
        - powerpc/64s: Enhance the information in cpu_show_spectre_v1()
        - powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2
        - powerpc/64: Disable the speculation barrier from the command line
        - powerpc/64: Make stf barrier PPC_BOOK3S_64 specific.
        - powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC
        - powerpc/64: Call setup_barrier_nospec() from setup_arch()
        - powerpc/64: Make meltdown reporting Book3S 64 specific
        - powerpc/fsl: Add barrier_nospec implementation for NXP PowerPC Book3E
        - powerpc/asm: Add a patch_site macro & helpers for patching instructions
        - powerpc/64s: Add new security feature flags for count cache flush
        - powerpc/64s: Add support for software count cache flush
        - powerpc/pseries: Query hypervisor for count cache flush settings
        - powerpc/powernv: Query firmware for count cache flush settings
        - powerpc: Avoid code patching freed init sections
        - powerpc/fsl: Add infrastructure to fixup branch predictor flush
        - powerpc/fsl: Add macro to flush the branch predictor
        - powerpc/fsl: Fix spectre_v2 mitigations reporting
        - powerpc/fsl: Add nospectre_v2 command line argument
        - powerpc/fsl: Flush the branch predictor at each kernel entry (64bit)
        - powerpc/fsl: Update Spectre v2 reporting
        - powerpc/security: Fix spectre_v2 reporting
        - powerpc/fsl: Fix the flush of branch predictor.
        - tipc: handle the err returned from cmd header function
        - slip: make slhc_free() silently accept an error pointer
        - intel_th: gth: Fix an off-by-one in output unassigning
        - fs/proc/proc_sysctl.c: Fix a NULL pointer dereference
        - NFS: Forbid setting AF_INET6 to "struct sockaddr_in"->sin_family.
        - netfilter: ebtables: CONFIG_COMPAT: drop a bogus WARN_ON
        - tipc: check bearer name with right length in tipc_nl_compat_bearer_enable
        - tipc: check link name with right length in tipc_nl_compat_link_set
        - bpf: reject wrong sized filters earlier
        - Revert "block/loop: Use global lock for ioctl() operation."
        - ipv4: add sanity checks in ipv4_link_failure()
        - team: fix possible recursive locking when add slaves
        - net: stmmac: move stmmac_check_ether_addr() to driver probe
        - ipv4: set the tcp_min_rtt_wlen range from 0 to one day
        - powerpc/fsl: Enable runtime patching if nospectre_v2 boot arg is used
        - powerpc/fsl: Flush branch predictor when entering KVM
        - powerpc/fsl: Emulate SPRN_BUCSR register
        - powerpc/fsl: Flush the branch predictor at each kernel entry (32 bit)
        - powerpc/fsl: Sanitize the syscall table for NXP PowerPC 32 bit platforms
        - powerpc/fsl: Fixed warning: orphan section `__btb_flush_fixup'
        - powerpc/fsl: Add FSL_PPC_BOOK3E as supported arch for nospectre_v2 boot arg
        - Documentation: Add nospectre_v1 parameter
        - usbnet: ipheth: prevent TX queue timeouts when device not ready
        - usbnet: ipheth: fix potential null pointer dereference in ipheth_carrier_set
        - qlcnic: Avoid potential NULL pointer dereference
        - netfilter: bridge: set skb transport_header before entering
          NF_INET_PRE_ROUTING
        - sc16is7xx: missing unregister/delete driver on error in sc16is7xx_init()
        - usb: gadget: net2280: Fix overrun of OUT messages
        - usb: gadget: net2280: Fix net2280_dequeue()
        - usb: gadget: net2272: Fix net2272_dequeue()
        - ARM: dts: pfla02: increase phy reset duration
        - net: ks8851: Dequeue RX packets explicitly
        - net: ks8851: Reassert reset pin if chip ID check fails
        - net: ks8851: Delay requesting IRQ until opened
        - net: ks8851: Set initial carrier state to down
        - net: xilinx: fix possible object reference leak
        - net: ibm: fix possible object reference leak
        - net: ethernet: ti: fix possible object reference leak
        - scsi: qla4xxx: fix a potential NULL pointer dereference
        - usb: u132-hcd: fix resource leak
        - ceph: fix use-after-free on symlink traversal
        - scsi: zfcp: reduce flood of fcrscn1 trace records on multi-element RSCN
        - libata: fix using DMA buffers on stack
        - kconfig/[mn]conf: handle backspace (^H) key
        - ALSA: line6: use dynamic buffers
        - ipv4: ip_do_fragment: Preserve skb_iif during fragmentation
        - ipv6/flowlabel: wait rcu grace period before put_pid()
        - ipv6: invert flowlabel sharing check in process and user mode
        - bnxt_en: Improve multicast address setup logic.
        - packet: validate msg_namelen in send directly
        - USB: yurex: Fix protection fault after device removal
        - USB: w1 ds2490: Fix bug caused by improper use of altsetting array
        - USB: core: Fix unterminated string returned by usb_string()
        - USB: core: Fix bug caused by duplicate interface PM usage counter
        - HID: debug: fix race condition with between rdesc_show() and device removal
        - rtc: sh: Fix invalid alarm warning for non-enabled alarm
        - bonding: show full hw address in sysfs for slave entries
        - jffs2: fix use-after-free on symlink traversal
        - debugfs: fix use-after-free on symlink traversal
        - rtc: da9063: set uie_unsupported when relevant
        - vfio/pci: use correct format characters
        - scsi: storvsc: Fix calculation of sub-channel count
        - net: hns: Use NAPI_POLL_WEIGHT for hns driver
        - net: hns: Fix WARNING when remove HNS driver with SMMU enabled
        - hugetlbfs: fix memory leak for resv_map
        - xsysace: Fix error handling in ace_setup
        - ARM: orion: don't use using 64-bit DMA masks
        - ARM: iop: don't use using 64-bit DMA masks
        - usb: usbip: fix isoc packet num validation in get_pipe
        - staging: iio: adt7316: allow adt751x to use internal vref for all dacs
        - staging: iio: adt7316: fix the dac read calculation
        - staging: iio: adt7316: fix the dac write calculation
        - Input: snvs_pwrkey - initialize necessary driver data before enabling IRQ
        - selinux: never allow relabeling on context mounts
        - x86/mce: Improve error message when kernel cannot recover, p2
        - media: v4l2: i2c: ov7670: Fix PLL bypass register values
        - scsi: libsas: fix a race condition when smp task timeout
        - ASoC:soc-pcm:fix a codec fixup issue in TDM case
        - ASoC: cs4270: Set auto-increment bit for register writes
        - ASoC: tlv320aic32x4: Fix Common Pins
        - perf/x86/intel: Fix handling of wakeup_events for multi-entry PEBS
        - scsi: csiostor: fix missing data copy in csio_scsi_err_handler()
        - iommu/amd: Set exclusion range correctly
        - genirq: Prevent use-after-free and work list corruption
        - usb: dwc3: Fix default lpm_nyet_threshold value
        - scsi: qla2xxx: Fix incorrect region-size setting in optrom SYSFS routines
        - Bluetooth: hidp: fix buffer overflow
        - Bluetooth: Align minimum encryption key size for LE and BR/EDR connections
        - UAS: fix alignment of scatter/gather segments
        - ipv6: fix a potential deadlock in do_ipv6_setsockopt()
        - ASoC: Intel: avoid Oops if DMA setup fails
        - timer/debug: Change /proc/timer_stats from 0644 to 0600
        - netfilter: compat: initialize all fields in xt_init
        - platform/x86: sony-laptop: Fix unintentional fall-through
        - iio: adc: xilinx: fix potential use-after-free on remove
        - HID: input: add mapping for Expose/Overview key
        - HID: input: add mapping for keyboard Brightness Up/Down/Toggle keys
        - libnvdimm/btt: Fix a kmemdup failure check
        - s390/dasd: Fix capacity calculation for large volumes
        - s390/3270: fix lockdep false positive on view->lock
        - KVM: x86: avoid misreporting level-triggered irqs as edge-triggered in
          tracing
        - tools lib traceevent: Fix missing equality check for strcmp
        - init: initialize jump labels before command line option parsing
        - ipvs: do not schedule icmp errors from tunnels
        - s390: ctcm: fix ctcm_new_device error return code
        - gpu: ipu-v3: dp: fix CSC handling
        - cw1200: fix missing unlock on error in cw1200_hw_scan()
        - Don't jump to compute_result state from check_result state
        - x86/microcode/intel: Add a helper which gives the microcode revision
        - x86: stop exporting msr-index.h to userland
        - x86/microcode/intel: Check microcode revision before updating sibling
          threads
        - x86/MCE: Save microcode revision in machine check records
        - x86/bugs: Add AMD's variant of SSB_NO
        - x86/bugs: Add AMD's SPEC_CTRL MSR usage
        - x86/bugs: Switch the selection of mitigation from CPU vendor to CPU features
        - x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR
        - x86/microcode: Make sure boot_cpu_data.microcode is up-to-date
        - x86/microcode: Update the new microcode revision unconditionally
        - x86/mm: Use WRITE_ONCE() when setting PTEs
        - x86/speculation: Apply IBPB more strictly to avoid cross-process data leak
        - x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation
        - x86/speculation: Propagate information about RSB filling mitigation to sysfs
        - x86/speculation: Update the TIF_SSBD comment
        - x86/speculation: Clean up spectre_v2_parse_cmdline()
        - x86/speculation: Move STIPB/IBPB string conditionals out of
          cpu_show_common()
        - x86/speculation: Disable STIBP when enhanced IBRS is in use
        - x86/speculation: Rename SSBD update functions
        - x86/speculation: Reorganize speculation control MSRs update
        - x86/Kconfig: Select SCHED_SMT if SMP enabled
        - x86/speculation: Mark string arrays const correctly
        - x86/speculataion: Mark command line parser data __initdata
        - x86/speculation: Add command line control for indirect branch speculation
        - x86/speculation: Prepare for per task indirect branch speculation control
        - x86/process: Consolidate and simplify switch_to_xtra() code
        - x86/speculation: Avoid __switch_to_xtra() calls
        - x86/speculation: Prepare for conditional IBPB in switch_mm()
        - x86/speculation: Split out TIF update
        - x86/speculation: Prepare arch_smt_update() for PRCTL mode
        - x86/speculation: Prevent stale SPEC_CTRL msr content
        - x86/speculation: Add prctl() control for indirect branch speculation
        - x86/speculation: Enable prctl mode for spectre_v2_user
        - x86/speculation: Add seccomp Spectre v2 user space protection mode
        - x86/speculation: Provide IBPB always command line options
        - x86/cpu/bugs: Use __initconst for 'const' init data
        - USB: serial: use variable for status
        - USB: serial: fix unthrottle races
        - bridge: Fix error path for kobject_init_and_add()
        - net: ucc_geth - fix Oops when changing number of buffers in the ring
        - packet: Fix error path in packet_init
        - vlan: disable SIOCSHWTSTAMP in container
        - vrf: sit mtu should not be updated when vrf netdev is the link
        - ipv4: Fix raw socket lookup for local traffic
        - bonding: fix arp_validate toggling in active-backup mode
        - drivers/virt/fsl_hypervisor.c: dereferencing error pointers in ioctl
        - drivers/virt/fsl_hypervisor.c: prevent integer overflow in ioctl
        - powerpc/booke64: set RI in default MSR
        - powerpc/lib: fix book3s/32 boot failure due to code patching
        - Linux 4.4.180
        - SAUCE: Clarify IBRS/IBPB runtime state change messages
        - SAUCE: x86/speculation: Move STIBP hunks
        - SAUCE: powerpc/speculation: Support 'mitigations=' cmdline option
        - SAUCE: x86/speculation: Update 'mitigations=' documentation
        - SAUCE: Show 'pti' instead of 'kaiser' in /proc/cpuinfo
        - SAUCE: perf/bench: Drop definition of BIT in numa.c
        - SAUCE: x86/speculation: Fix SSB command line documentation
    
      * CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130 // CVE-2019-11091
        - SAUCE: Synchronize MDS mitigations with upstream
        - Documentation: Correct the possible MDS sysfs values
        - x86/speculation/mds: Fix documentation typo
    
      * CVE-2019-11091
        - x86/mds: Add MDSUM variant to the MDS documentation
    
     -- Stefan Bader <email address hidden>  Thu, 13 Jun 2019 11:37:04 +0200
  • linux (4.4.0-151.178) xenial; urgency=medium
    
      * Remote denial of service (system crash) caused by integer overflow in TCP
        SACK handling (LP: #1831637)
        - SAUCE: tcp: limit payload size of sacked skbs
        - SAUCE: tcp: fix fack_count accounting on tcp_shift_skb_data()
    
      * Remote denial of service (resource exhaustion) caused by TCP SACK scoreboard
        manipulation (LP: #1831638)
        - SAUCE: tcp: tcp_fragment() should apply sane memory limits
    
     -- Stefan Bader <email address hidden>  Tue, 11 Jun 2019 09:36:19 +0200
  • linux (4.4.0-150.176) xenial; urgency=medium
    
      * linux: 4.4.0-150.176 -proposed tracker (LP: #1830941)
    
      * glibc 2.23-0ubuntu11 ADT test failure with linux 4.4.0-149.175
        (LP: #1830890)
        - x86/vdso: Pass --eh-frame-hdr to the linker
    
    linux (4.4.0-149.175) xenial; urgency=medium
    
      * linux: 4.4.0-149.175 -proposed tracker (LP: #1829209)
    
      * disable a.out support (LP: #1818552)
        - [Config] Disable a.out support
    
      * autopkgtests run too often, too much and don't skip enough (LP: #1823056)
        - [Debian] Set +x on rebuild testcase.
        - [Debian] Skip rebuild test, for regression-suite deps.
        - [Debian] Make ubuntu-regression-suite skippable on unbootable kernels.
        - [Debian] make rebuild use skippable error codes when skipping.
        - [Debian] Only run regression-suite, if requested to.
    
      * Xenial update: 4.4.179 upstream stable release (LP: #1828420)
        - arm64: debug: Don't propagate UNKNOWN FAR into si_code for debug signals
        - arm64: debug: Ensure debug handlers check triggering exception level
        - ext4: cleanup bh release code in ext4_ind_remove_space()
        - lib/int_sqrt: optimize initial value compute
        - tty/serial: atmel: Add is_half_duplex helper
        - mm: mempolicy: make mbind() return -EIO when MPOL_MF_STRICT is specified
        - i2c: core-smbus: prevent stack corruption on read I2C_BLOCK_DATA
        - Bluetooth: Fix decrementing reference count twice in releasing socket
        - tty/serial: atmel: RS485 HD w/DMA: enable RX after TX is stopped
        - CIFS: fix POSIX lock leak and invalid ptr deref
        - h8300: use cc-cross-prefix instead of hardcoding h8300-unknown-linux-
        - tracing: kdb: Fix ftdump to not sleep
        - gpio: gpio-omap: fix level interrupt idling
        - sysctl: handle overflow for file-max
        - enic: fix build warning without CONFIG_CPUMASK_OFFSTACK
        - mm/cma.c: cma_declare_contiguous: correct err handling
        - mm/page_ext.c: fix an imbalance with kmemleak
        - mm/vmalloc.c: fix kernel BUG at mm/vmalloc.c:512!
        - mm/slab.c: kmemleak no scan alien caches
        - ocfs2: fix a panic problem caused by o2cb_ctl
        - f2fs: do not use mutex lock in atomic context
        - fs/file.c: initialize init_files.resize_wait
        - cifs: use correct format characters
        - dm thin: add sanity checks to thin-pool and external snapshot creation
        - cifs: Fix NULL pointer dereference of devname
        - fs: fix guard_bio_eod to check for real EOD errors
        - tools lib traceevent: Fix buffer overflow in arg_eval
        - usb: chipidea: Grab the (legacy) USB PHY by phandle first
        - scsi: core: replace GFP_ATOMIC with GFP_KERNEL in scsi_scan.c
        - coresight: etm4x: Add support to enable ETMv4.2
        - ARM: 8840/1: use a raw_spinlock_t in unwind
        - mmc: omap: fix the maximum timeout setting
        - e1000e: Fix -Wformat-truncation warnings
        - IB/mlx4: Increase the timeout for CM cache
        - scsi: megaraid_sas: return error when create DMA pool failed
        - perf test: Fix failure of 'evsel-tp-sched' test on s390
        - SoC: imx-sgtl5000: add missing put_device()
        - media: sh_veu: Correct return type for mem2mem buffer helpers
        - media: s5p-jpeg: Correct return type for mem2mem buffer helpers
        - media: s5p-g2d: Correct return type for mem2mem buffer helpers
        - media: mx2_emmaprp: Correct return type for mem2mem buffer helpers
        - leds: lp55xx: fix null deref on firmware load failure
        - kprobes: Prohibit probing on bsearch()
        - ARM: 8833/1: Ensure that NEON code always compiles with Clang
        - ALSA: PCM: check if ops are defined before suspending PCM
        - bcache: fix input overflow to cache set sysfs file io_error_halflife
        - bcache: fix input overflow to sequential_cutoff
        - bcache: improve sysfs_strtoul_clamp()
        - fbdev: fbmem: fix memory access if logo is bigger than the screen
        - cdrom: Fix race condition in cdrom_sysctl_register
        - ASoC: fsl-asoc-card: fix object reference leaks in fsl_asoc_card_probe
        - soc: qcom: gsbi: Fix error handling in gsbi_probe()
        - mt7601u: bump supported EEPROM version
        - ARM: avoid Cortex-A9 livelock on tight dmb loops
        - tty: increase the default flip buffer limit to 2*640K
        - media: mt9m111: set initial frame size other than 0x0
        - hwrng: virtio - Avoid repeated init of completion
        - soc/tegra: fuse: Fix illegal free of IO base address
        - hpet: Fix missing '=' character in the __setup() code of hpet_mmap_enable
        - dmaengine: imx-dma: fix warning comparison of distinct pointer types
        - netfilter: physdev: relax br_netfilter dependency
        - media: s5p-jpeg: Check for fmt_ver_flag when doing fmt enumeration
        - regulator: act8865: Fix act8600_sudcdc_voltage_ranges setting
        - wlcore: Fix memory leak in case wl12xx_fetch_firmware failure
        - x86/build: Mark per-CPU symbols as absolute explicitly for LLD
        - dmaengine: tegra: avoid overflow of byte tracking
        - drm/dp/mst: Configure no_stop_bit correctly for remote i2c xfers
        - binfmt_elf: switch to new creds when switching to new mm
        - kbuild: clang: choose GCC_TOOLCHAIN_DIR not on LD
        - x86/build: Specify elf_i386 linker emulation explicitly for i386 objects
        - x86: vdso: Use $LD instead of $CC to link
        - x86/vdso: Drop implicit common-page-size linker flag
        - lib/string.c: implement a basic bcmp
        - tty: mark Siemens R3964 line discipline as BROKEN
        - [Config]: remove CONFIG_R3964
        - [Config]: add CONFIG_LDISC_AUTOLOAD=y
        - tty: ldisc: add sysctl to prevent autoloading of ldiscs
        - ipv6: Fix dangling pointer when ipv6 fragment
        - ipv6: sit: reset ip header pointer in ipip6_rcv
        - net: rds: force to destroy connection if t_sock is NULL in
          rds_tcp_kill_sock().
        - qmi_wwan: add Olicard 600
        - sctp: initialize _pad of sockaddr_in before copying to user memory
        - tcp: Ensure DCTCP reacts to losses
        - netns: provide pure entropy for net_hash_mix()
        - net: ethtool: not call vzalloc for zero sized memory request
        - ip6_tunnel: Match to ARPHRD_TUNNEL6 for dev type
        - ALSA: seq: Fix OOB-reads from strlcpy
        - include/linux/bitrev.h: fix constant bitrev
        - ASoC: fsl_esai: fix channel swap issue when stream starts
        - block: do not leak memory in bio_copy_user_iov()
        - genirq: Respect IRQCHIP_SKIP_SET_WAKE in irq_chip_set_wake_parent()
        - ARM: dts: at91: Fix typo in ISC_D0 on PC9
        - arm64: futex: Fix FUTEX_WAKE_OP atomic ops with non-zero result value
        - xen: Prevent buffer overflow in privcmd ioctl
        - sched/fair: Do not re-read ->h_load_next during hierarchical load
          calculation
        - xtensa: fix return_address
        - PCI: Add function 1 DMA alias quirk for Marvell 9170 SATA controller
        - perf/core: Restore mmap record type correctly
        - ext4: add missing brelse() in add_new_gdb_meta_bg()
        - ext4: report real fs size after failed resize
        - ALSA: echoaudio: add a check for ioremap_nocache
        - ALSA: sb8: add a check for request_region
        - IB/mlx4: Fix race condition between catas error reset and aliasguid flows
        - mmc: davinci: remove extraneous __init annotation
        - ALSA: opl3: fix mismatch between snd_opl3_drum_switch definition and
          declaration
        - thermal/int340x_thermal: Add additional UUIDs
        - thermal/int340x_thermal: fix mode setting
        - tools/power turbostat: return the exit status of a command
        - perf top: Fix error handling in cmd_top()
        - perf evsel: Free evsel->counts in perf_evsel__exit()
        - perf tests: Fix a memory leak of cpu_map object in the
          openat_syscall_event_on_all_cpus test
        - perf tests: Fix a memory leak in test__perf_evsel__tp_sched_test()
        - x86/hpet: Prevent potential NULL pointer dereference
        - x86/cpu/cyrix: Use correct macros for Cyrix calls on Geode processors
        - iommu/vt-d: Check capability before disabling protected memory
        - x86/hw_breakpoints: Make default case in hw_breakpoint_arch_parse() return
          an error
        - fix incorrect error code mapping for OBJECTID_NOT_FOUND
        - ext4: prohibit fstrim in norecovery mode
        - rsi: improve kernel thread handling to fix kernel panic
        - 9p: do not trust pdu content for stat item size
        - 9p locks: add mount option for lock retry interval
        - f2fs: fix to do sanity check with current segment number
        - serial: uartps: console_setup() can't be placed to init section
        - ARM: samsung: Limit SAMSUNG_PM_CHECK config option to non-Exynos platforms
        - ACPI / SBS: Fix GPE storm on recent MacBookPro's
        - cifs: fallback to older infolevels on findfirst queryinfo retry
        - crypto: sha256/arm - fix crash bug in Thumb2 build
        - crypto: sha512/arm - fix crash bug in Thumb2 build
        - iommu/dmar: Fix buffer overflow during PCI bus notification
        - ARM: 8839/1: kprobe: make patch_lock a raw_spinlock_t
        - appletalk: Fix use-after-free in atalk_proc_exit
        - lib/div64.c: off by one in shift
        - include/linux/swap.h: use offsetof() instead of custom __swapoffset macro
        - tpm/tpm_crb: Avoid unaligned reads in crb_recv()
        - ovl: fix uid/gid when creating over whiteout
        - appletalk: Fix compile regression
        - bonding: fix event handling for stacked bonds
        - net: atm: Fix potential Spectre v1 vulnerabilities
        - net: bridge: multicast: use rcu to access port list from
          br_multicast_start_querier
        - net: fou: do not use guehdr after iptunnel_pull_offloads in gue_udp_recv
        - tcp: tcp_grow_window() needs to respect tcp_space()
        - ipv4: recompile ip options in ipv4_link_failure
        - ipv4: ensure rcu_read_lock() in ipv4_link_failure()
        - crypto: crypto4xx - properly set IV after de- and encrypt
        - modpost: file2alias: go back to simple devtable lookup
        - modpost: file2alias: check prototype of handler
        - tpm/tpm_i2c_atmel: Return -E2BIG when the transfer is incomplete
        - KVM: x86: Don't clear EFER during SMM transitions for 32-bit vCPU
        - iio/gyro/bmg160: Use millidegrees for temperature scale
        - iio: ad_sigma_delta: select channel when reading register
        - iio: adc: at91: disable adc channel interrupt in timeout case
        - io: accel: kxcjk1013: restore the range after resume.
        - staging: comedi: vmk80xx: Fix use of uninitialized semaphore
        - staging: comedi: vmk80xx: Fix possible double-free of ->usb_rx_buf
        - staging: comedi: ni_usb6501: Fix use of uninitialized mutex
        - staging: comedi: ni_usb6501: Fix possible double-free of ->usb_rx_buf
        - ALSA: core: Fix card races between register and disconnect
        - crypto: x86/poly1305 - fix overflow during partial reduction
        - arm64: futex: Restore oldval initialization to work around buggy compilers
        - x86/kprobes: Verify stack frame on kretprobe
        - kprobes: Mark ftrace mcount handler functions nokprobe
        - kprobes: Fix error check when reusing optimized probes
        - mac80211: do not call driver wake_tx_queue op during reconfig
        - Revert "kbuild: use -Oz instead of -Os when using clang"
        - sched/fair: Limit sched_cfs_period_timer() loop to avoid hard lockup
        - device_cgroup: fix RCU imbalance in error case
        - mm/vmstat.c: fix /proc/vmstat format for CONFIG_DEBUG_TLBFLUSH=y
          CONFIG_SMP=n
        - ALSA: info: Fix racy addition/deletion of nodes
        - Revert "locking/lockdep: Add debug_locks check in __lock_downgrade()"
        - kernel/sysctl.c: fix out-of-bounds access when setting file-max
        - Linux 4.4.179
    
      * Xenial update: 4.4.178 upstream stable release (LP: #1826212)
        - mmc: pxamci: fix enum type confusion
        - drm/vmwgfx: Don't double-free the mode stored in par->set_mode
        - udf: Fix crash on IO error during truncate
        - mips: loongson64: lemote-2f: Add IRQF_NO_SUSPEND to "cascade" irqaction.
        - MIPS: Fix kernel crash for R6 in jump label branch function
        - futex: Ensure that futex address is aligned in handle_futex_death()
        - ext4: fix NULL pointer dereference while journal is aborted
        - ext4: fix data corruption caused by unaligned direct AIO
        - ext4: brelse all indirect buffer in ext4_ind_remove_space()
        - mmc: tmio_mmc_core: don't claim spurious interrupts
        - media: v4l2-ctrls.c/uvc: zero v4l2_event
        - locking/lockdep: Add debug_locks check in __lock_downgrade()
        - ALSA: hda - Record the current power state before suspend/resume calls
        - ALSA: hda - Enforces runtime_resume after S3 and S4 for each codec
        - mmc: pwrseq_simple: Make reset-gpios optional to match doc
        - mmc: debugfs: Add a restriction to mmc debugfs clock setting
        - mmc: make MAN_BKOPS_EN message a debug
        - mmc: sanitize 'bus width' in debug output
        - mmc: core: shut up "voltage-ranges unspecified" pr_info()
        - usb: dwc3: gadget: Fix suspend/resume during device mode
        - arm64: mm: Add trace_irqflags annotations to do_debug_exception()
        - mmc: core: fix using wrong io voltage if mmc_select_hs200 fails
        - mm/rmap: replace BUG_ON(anon_vma->degree) with VM_WARN_ON
        - extcon: usb-gpio: Don't miss event during suspend/resume
        - kbuild: setlocalversion: print error to STDERR
        - usb: gadget: composite: fix dereference after null check coverify warning
        - usb: gadget: Add the gserial port checking in gs_start_tx()
        - tcp/dccp: drop SYN packets if accept queue is full
        - serial: sprd: adjust TIMEOUT to a big value
        - Hang/soft lockup in d_invalidate with simultaneous calls
        - arm64: traps: disable irq in die()
        - usb: renesas_usbhs: gadget: fix unused-but-set-variable warning
        - serial: sprd: clear timeout interrupt only rather than all interrupts
        - lib/int_sqrt: optimize small argument
        - USB: core: only clean up what we allocated
        - rtc: Fix overflow when converting time64_t to rtc_time
        - ath10k: avoid possible string overflow
        - mmc: block: Allow more than 8 partitions per card
        - arm64: fix COMPAT_SHMLBA definition for large pages
        - efi: stub: define DISABLE_BRANCH_PROFILING for all architectures
        - ARM: 8458/1: bL_switcher: add GIC dependency
        - ARM: 8494/1: mm: Enable PXN when running non-LPAE kernel on LPAE processor
        - android: unconditionally remove callbacks in sync_fence_free()
        - vmstat: make vmstat_updater deferrable again and shut down on idle
        - hid-sensor-hub.c: fix wrong do_div() usage
        - arm64: hide __efistub_ aliases from kallsyms
        - perf: Synchronously free aux pages in case of allocation failure
        - net: diag: support v4mapped sockets in inet_diag_find_one_icsk()
        - Revert "mmc: block: don't use parameter prefix if built as module"
        - writeback: initialize inode members that track writeback history
        - coresight: fixing lockdep error
        - coresight: coresight_unregister() function cleanup
        - coresight: release reference taken by 'bus_find_device()'
        - coresight: remove csdev's link from topology
        - stm class: Fix locking in unbinding policy path
        - stm class: Fix link list locking
        - stm class: Prevent user-controllable allocations
        - stm class: Support devices with multiple instances
        - stm class: Fix unlocking braino in the error path
        - stm class: Guard output assignment against concurrency
        - stm class: Fix unbalanced module/device refcounting
        - stm class: Fix a race in unlinking
        - coresight: "DEVICE_ATTR_RO" should defined as static.
        - coresight: etm4x: Check every parameter used by dma_xx_coherent.
        - asm-generic: Fix local variable shadow in __set_fixmap_offset
        - staging: ashmem: Avoid deadlock with mmap/shrink
        - staging: ashmem: Add missing include
        - staging: ion: Set minimum carveout heap allocation order to PAGE_SHIFT
        - staging: goldfish: audio: fix compiliation on arm
        - ARM: 8510/1: rework ARM_CPU_SUSPEND dependencies
        - arm64/kernel: fix incorrect EL0 check in inv_entry macro
        - mac80211: fix "warning: ‘target_metric’ may be used uninitialized"
        - perf/ring_buffer: Refuse to begin AUX transaction after rb->aux_mmap_count
          drops
        - arm64: kernel: Include _AC definition in page.h
        - PM / Hibernate: Call flush_icache_range() on pages restored in-place
        - stm class: Do not leak the chrdev in error path
        - stm class: Fix stm device initialization order
        - ipv6: fix endianness error in icmpv6_err
        - usb: gadget: configfs: add mutex lock before unregister gadget
        - usb: gadget: rndis: free response queue during REMOTE_NDIS_RESET_MSG
        - cpu/hotplug: Handle unbalanced hotplug enable/disable
        - video: fbdev: Set pixclock = 0 in goldfishfb
        - arm64: kconfig: drop CONFIG_RTC_LIB dependency
        - mmc: mmc: fix switch timeout issue caused by jiffies precision
        - cfg80211: size various nl80211 messages correctly
        - stmmac: copy unicast mac address to MAC registers
        - dccp: do not use ipv6 header for ipv4 flow
        - mISDN: hfcpci: Test both vendor & device ID for Digium HFC4S
        - net/packet: Set __GFP_NOWARN upon allocation in alloc_pg_vec
        - net: rose: fix a possible stack overflow
        - Add hlist_add_tail_rcu() (Merge
          git://git.kernel.org/pub/scm/linux/kernel/git/davem/net)
        - packets: Always register packet sk in the same order
        - tcp: do not use ipv6 header for ipv4 flow
        - vxlan: Don't call gro_cells_destroy() before device is unregistered
        - sctp: get sctphdr by offset in sctp_compute_cksum
        - mac8390: Fix mmio access size probe
        - btrfs: remove WARN_ON in log_dir_items
        - ARM: imx6q: cpuidle: fix bug that CPU might not wake up at expected time
        - ALSA: compress: add support for 32bit calls in a 64bit kernel
        - ALSA: pcm: Fix possible OOB access in PCM oss plugins
        - ALSA: pcm: Don't suspend stream in unrecoverable PCM state
        - scsi: sd: Fix a race between closing an sd device and sd I/O
        - scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host
        - scsi: zfcp: fix scsi_eh host reset with port_forced ERP for non-NPIV FCP
          devices
        - tty: atmel_serial: fix a potential NULL pointer dereference
        - staging: vt6655: Remove vif check from vnt_interrupt
        - staging: vt6655: Fix interrupt race condition on device start up.
        - serial: max310x: Fix to avoid potential NULL pointer dereference
        - serial: sh-sci: Fix setting SCSCR_TIE while transferring data
        - USB: serial: cp210x: add new device id
        - USB: serial: ftdi_sio: add additional NovaTech products
        - USB: serial: mos7720: fix mos_parport refcount imbalance on error path
        - USB: serial: option: set driver_info for SIM5218 and compatibles
        - USB: serial: option: add Olicard 600
        - Disable kgdboc failed by echo space to /sys/module/kgdboc/parameters/kgdboc
        - fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links
        - gpio: adnp: Fix testing wrong value in adnp_gpio_direction_input
        - perf intel-pt: Fix TSC slip
        - x86/smp: Enforce CONFIG_HOTPLUG_CPU when SMP=y
        - KVM: Reject device ioctls from processes other than the VM's creator
        - xhci: Fix port resume done detection for SS ports with LPM enabled
        - Revert "USB: core: only clean up what we allocated"
        - arm64: support keyctl() system call in 32-bit mode
        - coresight: removing bind/unbind options from sysfs
        - stm class: Hide STM-specific options if STM is disabled
        - Linux 4.4.178
    
      * Kprobe event string type argument failed in ftrace from
        ubuntu_kernel_selftests on B/C i386 (LP: #1825780)
        - selftests/ftrace: Fix kprobe string testcase to not probe notrace function
    
      * False positive test result in run_netsocktests from net in
        ubuntu_kernel_selftest (LP: #1825777)
        - selftests/net: correct the return value for run_netsocktests
    
     -- Khalid Elmously <email address hidden>  Wed, 29 May 2019 14:23:25 -0400
  • linux (4.4.0-149.175) xenial; urgency=medium
    
      * linux: 4.4.0-149.175 -proposed tracker (LP: #1829209)
    
      * disable a.out support (LP: #1818552)
        - [Config] Disable a.out support
    
      * autopkgtests run too often, too much and don't skip enough (LP: #1823056)
        - [Debian] Set +x on rebuild testcase.
        - [Debian] Skip rebuild test, for regression-suite deps.
        - [Debian] Make ubuntu-regression-suite skippable on unbootable kernels.
        - [Debian] make rebuild use skippable error codes when skipping.
        - [Debian] Only run regression-suite, if requested to.
    
      * Xenial update: 4.4.179 upstream stable release (LP: #1828420)
        - arm64: debug: Don't propagate UNKNOWN FAR into si_code for debug signals
        - arm64: debug: Ensure debug handlers check triggering exception level
        - ext4: cleanup bh release code in ext4_ind_remove_space()
        - lib/int_sqrt: optimize initial value compute
        - tty/serial: atmel: Add is_half_duplex helper
        - mm: mempolicy: make mbind() return -EIO when MPOL_MF_STRICT is specified
        - i2c: core-smbus: prevent stack corruption on read I2C_BLOCK_DATA
        - Bluetooth: Fix decrementing reference count twice in releasing socket
        - tty/serial: atmel: RS485 HD w/DMA: enable RX after TX is stopped
        - CIFS: fix POSIX lock leak and invalid ptr deref
        - h8300: use cc-cross-prefix instead of hardcoding h8300-unknown-linux-
        - tracing: kdb: Fix ftdump to not sleep
        - gpio: gpio-omap: fix level interrupt idling
        - sysctl: handle overflow for file-max
        - enic: fix build warning without CONFIG_CPUMASK_OFFSTACK
        - mm/cma.c: cma_declare_contiguous: correct err handling
        - mm/page_ext.c: fix an imbalance with kmemleak
        - mm/vmalloc.c: fix kernel BUG at mm/vmalloc.c:512!
        - mm/slab.c: kmemleak no scan alien caches
        - ocfs2: fix a panic problem caused by o2cb_ctl
        - f2fs: do not use mutex lock in atomic context
        - fs/file.c: initialize init_files.resize_wait
        - cifs: use correct format characters
        - dm thin: add sanity checks to thin-pool and external snapshot creation
        - cifs: Fix NULL pointer dereference of devname
        - fs: fix guard_bio_eod to check for real EOD errors
        - tools lib traceevent: Fix buffer overflow in arg_eval
        - usb: chipidea: Grab the (legacy) USB PHY by phandle first
        - scsi: core: replace GFP_ATOMIC with GFP_KERNEL in scsi_scan.c
        - coresight: etm4x: Add support to enable ETMv4.2
        - ARM: 8840/1: use a raw_spinlock_t in unwind
        - mmc: omap: fix the maximum timeout setting
        - e1000e: Fix -Wformat-truncation warnings
        - IB/mlx4: Increase the timeout for CM cache
        - scsi: megaraid_sas: return error when create DMA pool failed
        - perf test: Fix failure of 'evsel-tp-sched' test on s390
        - SoC: imx-sgtl5000: add missing put_device()
        - media: sh_veu: Correct return type for mem2mem buffer helpers
        - media: s5p-jpeg: Correct return type for mem2mem buffer helpers
        - media: s5p-g2d: Correct return type for mem2mem buffer helpers
        - media: mx2_emmaprp: Correct return type for mem2mem buffer helpers
        - leds: lp55xx: fix null deref on firmware load failure
        - kprobes: Prohibit probing on bsearch()
        - ARM: 8833/1: Ensure that NEON code always compiles with Clang
        - ALSA: PCM: check if ops are defined before suspending PCM
        - bcache: fix input overflow to cache set sysfs file io_error_halflife
        - bcache: fix input overflow to sequential_cutoff
        - bcache: improve sysfs_strtoul_clamp()
        - fbdev: fbmem: fix memory access if logo is bigger than the screen
        - cdrom: Fix race condition in cdrom_sysctl_register
        - ASoC: fsl-asoc-card: fix object reference leaks in fsl_asoc_card_probe
        - soc: qcom: gsbi: Fix error handling in gsbi_probe()
        - mt7601u: bump supported EEPROM version
        - ARM: avoid Cortex-A9 livelock on tight dmb loops
        - tty: increase the default flip buffer limit to 2*640K
        - media: mt9m111: set initial frame size other than 0x0
        - hwrng: virtio - Avoid repeated init of completion
        - soc/tegra: fuse: Fix illegal free of IO base address
        - hpet: Fix missing '=' character in the __setup() code of hpet_mmap_enable
        - dmaengine: imx-dma: fix warning comparison of distinct pointer types
        - netfilter: physdev: relax br_netfilter dependency
        - media: s5p-jpeg: Check for fmt_ver_flag when doing fmt enumeration
        - regulator: act8865: Fix act8600_sudcdc_voltage_ranges setting
        - wlcore: Fix memory leak in case wl12xx_fetch_firmware failure
        - x86/build: Mark per-CPU symbols as absolute explicitly for LLD
        - dmaengine: tegra: avoid overflow of byte tracking
        - drm/dp/mst: Configure no_stop_bit correctly for remote i2c xfers
        - binfmt_elf: switch to new creds when switching to new mm
        - kbuild: clang: choose GCC_TOOLCHAIN_DIR not on LD
        - x86/build: Specify elf_i386 linker emulation explicitly for i386 objects
        - x86: vdso: Use $LD instead of $CC to link
        - x86/vdso: Drop implicit common-page-size linker flag
        - lib/string.c: implement a basic bcmp
        - tty: mark Siemens R3964 line discipline as BROKEN
        - [Config]: remove CONFIG_R3964
        - [Config]: add CONFIG_LDISC_AUTOLOAD=y
        - tty: ldisc: add sysctl to prevent autoloading of ldiscs
        - ipv6: Fix dangling pointer when ipv6 fragment
        - ipv6: sit: reset ip header pointer in ipip6_rcv
        - net: rds: force to destroy connection if t_sock is NULL in
          rds_tcp_kill_sock().
        - qmi_wwan: add Olicard 600
        - sctp: initialize _pad of sockaddr_in before copying to user memory
        - tcp: Ensure DCTCP reacts to losses
        - netns: provide pure entropy for net_hash_mix()
        - net: ethtool: not call vzalloc for zero sized memory request
        - ip6_tunnel: Match to ARPHRD_TUNNEL6 for dev type
        - ALSA: seq: Fix OOB-reads from strlcpy
        - include/linux/bitrev.h: fix constant bitrev
        - ASoC: fsl_esai: fix channel swap issue when stream starts
        - block: do not leak memory in bio_copy_user_iov()
        - genirq: Respect IRQCHIP_SKIP_SET_WAKE in irq_chip_set_wake_parent()
        - ARM: dts: at91: Fix typo in ISC_D0 on PC9
        - arm64: futex: Fix FUTEX_WAKE_OP atomic ops with non-zero result value
        - xen: Prevent buffer overflow in privcmd ioctl
        - sched/fair: Do not re-read ->h_load_next during hierarchical load
          calculation
        - xtensa: fix return_address
        - PCI: Add function 1 DMA alias quirk for Marvell 9170 SATA controller
        - perf/core: Restore mmap record type correctly
        - ext4: add missing brelse() in add_new_gdb_meta_bg()
        - ext4: report real fs size after failed resize
        - ALSA: echoaudio: add a check for ioremap_nocache
        - ALSA: sb8: add a check for request_region
        - IB/mlx4: Fix race condition between catas error reset and aliasguid flows
        - mmc: davinci: remove extraneous __init annotation
        - ALSA: opl3: fix mismatch between snd_opl3_drum_switch definition and
          declaration
        - thermal/int340x_thermal: Add additional UUIDs
        - thermal/int340x_thermal: fix mode setting
        - tools/power turbostat: return the exit status of a command
        - perf top: Fix error handling in cmd_top()
        - perf evsel: Free evsel->counts in perf_evsel__exit()
        - perf tests: Fix a memory leak of cpu_map object in the
          openat_syscall_event_on_all_cpus test
        - perf tests: Fix a memory leak in test__perf_evsel__tp_sched_test()
        - x86/hpet: Prevent potential NULL pointer dereference
        - x86/cpu/cyrix: Use correct macros for Cyrix calls on Geode processors
        - iommu/vt-d: Check capability before disabling protected memory
        - x86/hw_breakpoints: Make default case in hw_breakpoint_arch_parse() return
          an error
        - fix incorrect error code mapping for OBJECTID_NOT_FOUND
        - ext4: prohibit fstrim in norecovery mode
        - rsi: improve kernel thread handling to fix kernel panic
        - 9p: do not trust pdu content for stat item size
        - 9p locks: add mount option for lock retry interval
        - f2fs: fix to do sanity check with current segment number
        - serial: uartps: console_setup() can't be placed to init section
        - ARM: samsung: Limit SAMSUNG_PM_CHECK config option to non-Exynos platforms
        - ACPI / SBS: Fix GPE storm on recent MacBookPro's
        - cifs: fallback to older infolevels on findfirst queryinfo retry
        - crypto: sha256/arm - fix crash bug in Thumb2 build
        - crypto: sha512/arm - fix crash bug in Thumb2 build
        - iommu/dmar: Fix buffer overflow during PCI bus notification
        - ARM: 8839/1: kprobe: make patch_lock a raw_spinlock_t
        - appletalk: Fix use-after-free in atalk_proc_exit
        - lib/div64.c: off by one in shift
        - include/linux/swap.h: use offsetof() instead of custom __swapoffset macro
        - tpm/tpm_crb: Avoid unaligned reads in crb_recv()
        - ovl: fix uid/gid when creating over whiteout
        - appletalk: Fix compile regression
        - bonding: fix event handling for stacked bonds
        - net: atm: Fix potential Spectre v1 vulnerabilities
        - net: bridge: multicast: use rcu to access port list from
          br_multicast_start_querier
        - net: fou: do not use guehdr after iptunnel_pull_offloads in gue_udp_recv
        - tcp: tcp_grow_window() needs to respect tcp_space()
        - ipv4: recompile ip options in ipv4_link_failure
        - ipv4: ensure rcu_read_lock() in ipv4_link_failure()
        - crypto: crypto4xx - properly set IV after de- and encrypt
        - modpost: file2alias: go back to simple devtable lookup
        - modpost: file2alias: check prototype of handler
        - tpm/tpm_i2c_atmel: Return -E2BIG when the transfer is incomplete
        - KVM: x86: Don't clear EFER during SMM transitions for 32-bit vCPU
        - iio/gyro/bmg160: Use millidegrees for temperature scale
        - iio: ad_sigma_delta: select channel when reading register
        - iio: adc: at91: disable adc channel interrupt in timeout case
        - io: accel: kxcjk1013: restore the range after resume.
        - staging: comedi: vmk80xx: Fix use of uninitialized semaphore
        - staging: comedi: vmk80xx: Fix possible double-free of ->usb_rx_buf
        - staging: comedi: ni_usb6501: Fix use of uninitialized mutex
        - staging: comedi: ni_usb6501: Fix possible double-free of ->usb_rx_buf
        - ALSA: core: Fix card races between register and disconnect
        - crypto: x86/poly1305 - fix overflow during partial reduction
        - arm64: futex: Restore oldval initialization to work around buggy compilers
        - x86/kprobes: Verify stack frame on kretprobe
        - kprobes: Mark ftrace mcount handler functions nokprobe
        - kprobes: Fix error check when reusing optimized probes
        - mac80211: do not call driver wake_tx_queue op during reconfig
        - Revert "kbuild: use -Oz instead of -Os when using clang"
        - sched/fair: Limit sched_cfs_period_timer() loop to avoid hard lockup
        - device_cgroup: fix RCU imbalance in error case
        - mm/vmstat.c: fix /proc/vmstat format for CONFIG_DEBUG_TLBFLUSH=y
          CONFIG_SMP=n
        - ALSA: info: Fix racy addition/deletion of nodes
        - Revert "locking/lockdep: Add debug_locks check in __lock_downgrade()"
        - kernel/sysctl.c: fix out-of-bounds access when setting file-max
        - Linux 4.4.179
    
      * Xenial update: 4.4.178 upstream stable release (LP: #1826212)
        - mmc: pxamci: fix enum type confusion
        - drm/vmwgfx: Don't double-free the mode stored in par->set_mode
        - udf: Fix crash on IO error during truncate
        - mips: loongson64: lemote-2f: Add IRQF_NO_SUSPEND to "cascade" irqaction.
        - MIPS: Fix kernel crash for R6 in jump label branch function
        - futex: Ensure that futex address is aligned in handle_futex_death()
        - ext4: fix NULL pointer dereference while journal is aborted
        - ext4: fix data corruption caused by unaligned direct AIO
        - ext4: brelse all indirect buffer in ext4_ind_remove_space()
        - mmc: tmio_mmc_core: don't claim spurious interrupts
        - media: v4l2-ctrls.c/uvc: zero v4l2_event
        - locking/lockdep: Add debug_locks check in __lock_downgrade()
        - ALSA: hda - Record the current power state before suspend/resume calls
        - ALSA: hda - Enforces runtime_resume after S3 and S4 for each codec
        - mmc: pwrseq_simple: Make reset-gpios optional to match doc
        - mmc: debugfs: Add a restriction to mmc debugfs clock setting
        - mmc: make MAN_BKOPS_EN message a debug
        - mmc: sanitize 'bus width' in debug output
        - mmc: core: shut up "voltage-ranges unspecified" pr_info()
        - usb: dwc3: gadget: Fix suspend/resume during device mode
        - arm64: mm: Add trace_irqflags annotations to do_debug_exception()
        - mmc: core: fix using wrong io voltage if mmc_select_hs200 fails
        - mm/rmap: replace BUG_ON(anon_vma->degree) with VM_WARN_ON
        - extcon: usb-gpio: Don't miss event during suspend/resume
        - kbuild: setlocalversion: print error to STDERR
        - usb: gadget: composite: fix dereference after null check coverify warning
        - usb: gadget: Add the gserial port checking in gs_start_tx()
        - tcp/dccp: drop SYN packets if accept queue is full
        - serial: sprd: adjust TIMEOUT to a big value
        - Hang/soft lockup in d_invalidate with simultaneous calls
        - arm64: traps: disable irq in die()
        - usb: renesas_usbhs: gadget: fix unused-but-set-variable warning
        - serial: sprd: clear timeout interrupt only rather than all interrupts
        - lib/int_sqrt: optimize small argument
        - USB: core: only clean up what we allocated
        - rtc: Fix overflow when converting time64_t to rtc_time
        - ath10k: avoid possible string overflow
        - mmc: block: Allow more than 8 partitions per card
        - arm64: fix COMPAT_SHMLBA definition for large pages
        - efi: stub: define DISABLE_BRANCH_PROFILING for all architectures
        - ARM: 8458/1: bL_switcher: add GIC dependency
        - ARM: 8494/1: mm: Enable PXN when running non-LPAE kernel on LPAE processor
        - android: unconditionally remove callbacks in sync_fence_free()
        - vmstat: make vmstat_updater deferrable again and shut down on idle
        - hid-sensor-hub.c: fix wrong do_div() usage
        - arm64: hide __efistub_ aliases from kallsyms
        - perf: Synchronously free aux pages in case of allocation failure
        - net: diag: support v4mapped sockets in inet_diag_find_one_icsk()
        - Revert "mmc: block: don't use parameter prefix if built as module"
        - writeback: initialize inode members that track writeback history
        - coresight: fixing lockdep error
        - coresight: coresight_unregister() function cleanup
        - coresight: release reference taken by 'bus_find_device()'
        - coresight: remove csdev's link from topology
        - stm class: Fix locking in unbinding policy path
        - stm class: Fix link list locking
        - stm class: Prevent user-controllable allocations
        - stm class: Support devices with multiple instances
        - stm class: Fix unlocking braino in the error path
        - stm class: Guard output assignment against concurrency
        - stm class: Fix unbalanced module/device refcounting
        - stm class: Fix a race in unlinking
        - coresight: "DEVICE_ATTR_RO" should defined as static.
        - coresight: etm4x: Check every parameter used by dma_xx_coherent.
        - asm-generic: Fix local variable shadow in __set_fixmap_offset
        - staging: ashmem: Avoid deadlock with mmap/shrink
        - staging: ashmem: Add missing include
        - staging: ion: Set minimum carveout heap allocation order to PAGE_SHIFT
        - staging: goldfish: audio: fix compiliation on arm
        - ARM: 8510/1: rework ARM_CPU_SUSPEND dependencies
        - arm64/kernel: fix incorrect EL0 check in inv_entry macro
        - mac80211: fix "warning: ‘target_metric’ may be used uninitialized"
        - perf/ring_buffer: Refuse to begin AUX transaction after rb->aux_mmap_count
          drops
        - arm64: kernel: Include _AC definition in page.h
        - PM / Hibernate: Call flush_icache_range() on pages restored in-place
        - stm class: Do not leak the chrdev in error path
        - stm class: Fix stm device initialization order
        - ipv6: fix endianness error in icmpv6_err
        - usb: gadget: configfs: add mutex lock before unregister gadget
        - usb: gadget: rndis: free response queue during REMOTE_NDIS_RESET_MSG
        - cpu/hotplug: Handle unbalanced hotplug enable/disable
        - video: fbdev: Set pixclock = 0 in goldfishfb
        - arm64: kconfig: drop CONFIG_RTC_LIB dependency
        - mmc: mmc: fix switch timeout issue caused by jiffies precision
        - cfg80211: size various nl80211 messages correctly
        - stmmac: copy unicast mac address to MAC registers
        - dccp: do not use ipv6 header for ipv4 flow
        - mISDN: hfcpci: Test both vendor & device ID for Digium HFC4S
        - net/packet: Set __GFP_NOWARN upon allocation in alloc_pg_vec
        - net: rose: fix a possible stack overflow
        - Add hlist_add_tail_rcu() (Merge
          git://git.kernel.org/pub/scm/linux/kernel/git/davem/net)
        - packets: Always register packet sk in the same order
        - tcp: do not use ipv6 header for ipv4 flow
        - vxlan: Don't call gro_cells_destroy() before device is unregistered
        - sctp: get sctphdr by offset in sctp_compute_cksum
        - mac8390: Fix mmio access size probe
        - btrfs: remove WARN_ON in log_dir_items
        - ARM: imx6q: cpuidle: fix bug that CPU might not wake up at expected time
        - ALSA: compress: add support for 32bit calls in a 64bit kernel
        - ALSA: pcm: Fix possible OOB access in PCM oss plugins
        - ALSA: pcm: Don't suspend stream in unrecoverable PCM state
        - scsi: sd: Fix a race between closing an sd device and sd I/O
        - scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host
        - scsi: zfcp: fix scsi_eh host reset with port_forced ERP for non-NPIV FCP
          devices
        - tty: atmel_serial: fix a potential NULL pointer dereference
        - staging: vt6655: Remove vif check from vnt_interrupt
        - staging: vt6655: Fix interrupt race condition on device start up.
        - serial: max310x: Fix to avoid potential NULL pointer dereference
        - serial: sh-sci: Fix setting SCSCR_TIE while transferring data
        - USB: serial: cp210x: add new device id
        - USB: serial: ftdi_sio: add additional NovaTech products
        - USB: serial: mos7720: fix mos_parport refcount imbalance on error path
        - USB: serial: option: set driver_info for SIM5218 and compatibles
        - USB: serial: option: add Olicard 600
        - Disable kgdboc failed by echo space to /sys/module/kgdboc/parameters/kgdboc
        - fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links
        - gpio: adnp: Fix testing wrong value in adnp_gpio_direction_input
        - perf intel-pt: Fix TSC slip
        - x86/smp: Enforce CONFIG_HOTPLUG_CPU when SMP=y
        - KVM: Reject device ioctls from processes other than the VM's creator
        - xhci: Fix port resume done detection for SS ports with LPM enabled
        - Revert "USB: core: only clean up what we allocated"
        - arm64: support keyctl() system call in 32-bit mode
        - coresight: removing bind/unbind options from sysfs
        - stm class: Hide STM-specific options if STM is disabled
        - Linux 4.4.178
    
      * Kprobe event string type argument failed in ftrace from
        ubuntu_kernel_selftests on B/C i386 (LP: #1825780)
        - selftests/ftrace: Fix kprobe string testcase to not probe notrace function
    
      * False positive test result in run_netsocktests from net in
        ubuntu_kernel_selftest (LP: #1825777)
        - selftests/net: correct the return value for run_netsocktests
    
     -- Kleber Sacilotto de Souza <email address hidden>  Wed, 15 May 2019 14:39:49 +0200
  • linux (4.4.0-148.174) xenial; urgency=medium
    
      * CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130
        - Documentation/l1tf: Fix small spelling typo
        - perf/x86/intel: Add model number for Skylake Server to perf
        - perf/x86: Add model numbers for Kabylake CPUs
        - perf/x86/intel: Use Intel family macros for core perf events
        - perf/x86/msr: Use Intel family macros for MSR events code
        - perf/x86/msr: Add missing Intel models
        - SAUCE: perf/x86/{cstate,rapl,uncore}: Use Intel Model name macros
        - perf/x86/msr: Add missing CPU IDs
        - x86/speculation: Simplify the CPU bug detection logic
        - x86/cpu: Sanitize FAM6_ATOM naming
        - kvm: x86: Report STIBP on GET_SUPPORTED_CPUID
        - bitops: avoid integer overflow in GENMASK(_ULL)
        - locking/atomics, asm-generic: Move some macros from <linux/bitops.h> to a
          new <linux/bits.h> file
        - tools include: Adopt linux/bits.h
        - x86/msr-index: Cleanup bit defines
        - x86/speculation: Consolidate CPU whitelists
        - x86/speculation/mds: Add basic bug infrastructure for MDS
        - x86/speculation/mds: Add BUG_MSBDS_ONLY
        - x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests
        - x86/speculation/mds: Add mds_clear_cpu_buffers()
        - locking/static_keys: Provide DECLARE and well as DEFINE macros
        - x86/speculation/mds: Clear CPU buffers on exit to user
        - x86/kvm/vmx: Add MDS protection when L1D Flush is not active
        - x86/speculation/mds: Conditionally clear CPU buffers on idle entry
        - SAUCE: sched/smt: Introduce sched_smt_{active,present}
        - SAUCE: Rename the Ubuntu-only spec_ctrl_mutex mutex
        - SAUCE: x86/speculation: Introduce arch_smt_update()
        - x86/speculation: Rework SMT state change
        - x86/speculation: Reorder the spec_v2 code
        - x86/speculation: Unify conditional spectre v2 print functions
        - x86/speculation/mds: Add mitigation control for MDS
        - x86/speculation/mds: Add sysfs reporting for MDS
        - x86/speculation/mds: Add mitigation mode VMWERV
        - Documentation: Move L1TF to separate directory
        - Documentation: Add MDS vulnerability documentation
        - x86/speculation/mds: Add mds=full,nosmt cmdline option
        - x86/speculation: Move arch_smt_update() call to after mitigation decisions
        - x86/speculation/mds: Add SMT warning message
        - x86/speculation/mds: Fix comment
        - x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off
        - x86/speculation/mds: Add 'mitigations=' support for MDS
    
      * CVE-2017-5715 // CVE-2017-5753
        - s390/speculation: Support 'mitigations=' cmdline option
    
      * CVE-2017-5715 // CVE-2017-5753 // CVE-2017-5754 // CVE-2018-3639
        - powerpc/speculation: Support 'mitigations=' cmdline option
    
      * CVE-2017-5715 // CVE-2017-5754 // CVE-2018-3620 // CVE-2018-3639 //
        CVE-2018-3646
        - cpu/speculation: Add 'mitigations=' cmdline option
        - x86/speculation: Support 'mitigations=' cmdline option
    
      * Packaging resync (LP: #1786013)
        - [Packaging] resync git-ubuntu-log
    
    linux (4.4.0-147.173) xenial; urgency=medium
    
      * linux: 4.4.0-147.173 -proposed tracker (LP: #1826036)
    
      * Packaging resync (LP: #1786013)
        - [Packaging] resync git-ubuntu-log
    
      * Xenial: Sync to upstream v4.9 (Spectre) (LP: #1820872)
        - SAUCE: cpu/hotplug: Fix Documentation/kernel-parameters.txt
        - SAUCE: Fix typo in Documentation/kernel-parameters.txt
        - SAUCE: x86: Move hunks and sync to upstream stable 4.9
        - Revert "module: Add retpoline tag to VERMAGIC"
    
      * CVE-2017-5753
        - posix-timers: Protect posix clock array access against speculation
        - arm64: fix possible spectre-v1 in ptrace_hbp_get_event()
        - sched/autogroup: Fix possible Spectre-v1 indexing for sched_prio_to_weight[]
        - media: dvb_ca_en50221: prevent using slot_info for Spectre attacs
        - s390/keyboard: sanitize array index in do_kdsk_ioctl
        - arm64: fix possible spectre-v1 write in ptrace_hbp_set_event()
        - pktcdvd: Fix possible Spectre-v1 for pkt_devs
        - net: socket: Fix potential spectre v1 gadget in sock_is_registered
        - net: sock_diag: Fix spectre v1 gadget in __sock_diag_cmd()
        - hwmon: (nct6775) Fix potential Spectre v1
        - mac80211_hwsim: Fix possible Spectre-v1 for hwsim_world_regdom_custom
        - nl80211: Fix possible Spectre-v1 for NL80211_TXRATE_HT
        - ipmi: msghandler: Fix potential Spectre v1 vulnerabilities
        - powerpc/ptrace: Mitigate potential Spectre v1
        - cfg80211: prevent speculation on cfg80211_classify8021d() return
        - ALSA: rawmidi: Fix potential Spectre v1 vulnerability
        - ALSA: seq: oss: Fix Spectre v1 vulnerability
    
      * CVE-2019-3874
        - sctp: fix the issue that a __u16 variable may overflow in sctp_ulpq_renege
        - sctp: use sk_wmem_queued to check for writable space
        - sctp: implement memory accounting on tx path
        - sctp: implement memory accounting on rx path
    
      * Kprobe event argument syntax in ftrace from ubuntu_kernel_selftests failed
        on B PowerPC (LP: #1812809)
        - selftests/ftrace: Add ppc support for kprobe args tests
    
      * CVE-2019-3882
        - vfio/type1: Limit DMA mappings per container
    
      * Intel I210 Ethernet card not working after hotplug [8086:1533]
        (LP: #1818490)
        - igb: Fix WARN_ONCE on runtime suspend
    
      * TSC clocksource not available in nested guests (LP: #1822821)
        - x86/tsc: Add X86_FEATURE_TSC_KNOWN_FREQ flag
        - kvmclock: fix TSC calibration for nested guests
    
      * Remove btrfs module after a failed fallocate attempt will cause error on 4.4
        i386 (LP: #1822579)
        - Btrfs: fix extent map leak during fallocate error path
    
      * systemd cause kernel trace "BUG: unable to handle kernel paging request at
        6db23a14" on Cosmic i386 (LP: #1813244) // systemd cause kernel trace "BUG:
        unable to handle kernel paging request at 6db23a14" on Cosmic i386
        (LP: #1813244)
        - openvswitch: fix flow actions reallocation
    
     -- Stefan Bader <email address hidden>  Tue, 07 May 2019 11:35:48 +0200
  • linux (4.4.0-147.173) xenial; urgency=medium
    
      * linux: 4.4.0-147.173 -proposed tracker (LP: #1826036)
    
      * Packaging resync (LP: #1786013)
        - [Packaging] resync git-ubuntu-log
    
      * Xenial: Sync to upstream v4.9 (Spectre) (LP: #1820872)
        - SAUCE: cpu/hotplug: Fix Documentation/kernel-parameters.txt
        - SAUCE: Fix typo in Documentation/kernel-parameters.txt
        - SAUCE: x86: Move hunks and sync to upstream stable 4.9
        - Revert "module: Add retpoline tag to VERMAGIC"
    
      * CVE-2017-5753
        - posix-timers: Protect posix clock array access against speculation
        - arm64: fix possible spectre-v1 in ptrace_hbp_get_event()
        - sched/autogroup: Fix possible Spectre-v1 indexing for sched_prio_to_weight[]
        - media: dvb_ca_en50221: prevent using slot_info for Spectre attacs
        - s390/keyboard: sanitize array index in do_kdsk_ioctl
        - arm64: fix possible spectre-v1 write in ptrace_hbp_set_event()
        - pktcdvd: Fix possible Spectre-v1 for pkt_devs
        - net: socket: Fix potential spectre v1 gadget in sock_is_registered
        - net: sock_diag: Fix spectre v1 gadget in __sock_diag_cmd()
        - hwmon: (nct6775) Fix potential Spectre v1
        - mac80211_hwsim: Fix possible Spectre-v1 for hwsim_world_regdom_custom
        - nl80211: Fix possible Spectre-v1 for NL80211_TXRATE_HT
        - ipmi: msghandler: Fix potential Spectre v1 vulnerabilities
        - powerpc/ptrace: Mitigate potential Spectre v1
        - cfg80211: prevent speculation on cfg80211_classify8021d() return
        - ALSA: rawmidi: Fix potential Spectre v1 vulnerability
        - ALSA: seq: oss: Fix Spectre v1 vulnerability
    
      * CVE-2019-3874
        - sctp: fix the issue that a __u16 variable may overflow in sctp_ulpq_renege
        - sctp: use sk_wmem_queued to check for writable space
        - sctp: implement memory accounting on tx path
        - sctp: implement memory accounting on rx path
    
      * Kprobe event argument syntax in ftrace from ubuntu_kernel_selftests failed
        on B PowerPC (LP: #1812809)
        - selftests/ftrace: Add ppc support for kprobe args tests
    
      * CVE-2019-3882
        - vfio/type1: Limit DMA mappings per container
    
      * Intel I210 Ethernet card not working after hotplug [8086:1533]
        (LP: #1818490)
        - igb: Fix WARN_ONCE on runtime suspend
    
      * TSC clocksource not available in nested guests (LP: #1822821)
        - x86/tsc: Add X86_FEATURE_TSC_KNOWN_FREQ flag
        - kvmclock: fix TSC calibration for nested guests
    
      * Remove btrfs module after a failed fallocate attempt will cause error on 4.4
        i386 (LP: #1822579)
        - Btrfs: fix extent map leak during fallocate error path
    
      * systemd cause kernel trace "BUG: unable to handle kernel paging request at
        6db23a14" on Cosmic i386 (LP: #1813244) // systemd cause kernel trace "BUG:
        unable to handle kernel paging request at 6db23a14" on Cosmic i386
        (LP: #1813244)
        - openvswitch: fix flow actions reallocation
    
     -- Connor Kuehl <email address hidden>  Tue, 23 Apr 2019 11:51:25 -0700
  • linux (4.4.0-146.172) xenial; urgency=medium
    
      * linux: 4.4.0-146.172 -proposed tracker (LP: #1822834)
    
      * Packaging resync (LP: #1786013)
        - [Packaging] update helper scripts
        - [Packaging] resync retpoline extraction
    
      * 3b080b2564287be91605bfd1d5ee985696e61d3c in ubuntu_btrfs_kernel_fixes
        triggers system hang on i386 (LP: #1812845)
        - btrfs: raid56: properly unmap parity page in finish_parity_scrub()
    
      * Xenial update: 4.4.177 upstream stable release (LP: #1822271)
        - ceph: avoid repeatedly adding inode to mdsc->snap_flush_list
        - numa: change get_mempolicy() to use nr_node_ids instead of MAX_NUMNODES
        - KEYS: allow reaching the keys quotas exactly
        - mfd: ti_am335x_tscadc: Use PLATFORM_DEVID_AUTO while registering mfd cells
        - mfd: twl-core: Fix section annotations on {,un}protect_pm_master
        - mfd: db8500-prcmu: Fix some section annotations
        - mfd: ab8500-core: Return zero in get_register_interruptible()
        - mfd: qcom_rpm: write fw_version to CTRL_REG
        - mfd: wm5110: Add missing ASRC rate register
        - mfd: mc13xxx: Fix a missing check of a register-read failure
        - net: hns: Fix use after free identified by SLUB debug
        - MIPS: ath79: Enable OF serial ports in the default config
        - scsi: qla4xxx: check return code of qla4xxx_copy_from_fwddb_param
        - scsi: isci: initialize shost fully before calling scsi_add_host()
        - MIPS: jazz: fix 64bit build
        - isdn: i4l: isdn_tty: Fix some concurrency double-free bugs
        - atm: he: fix sign-extension overflow on large shift
        - leds: lp5523: fix a missing check of return value of lp55xx_read
        - isdn: avm: Fix string plus integer warning from Clang
        - RDMA/srp: Rework SCSI device reset handling
        - KEYS: user: Align the payload buffer
        - KEYS: always initialize keyring_index_key::desc_len
        - batman-adv: fix uninit-value in batadv_interface_tx()
        - net/packet: fix 4gb buffer limit due to overflow check
        - team: avoid complex list operations in team_nl_cmd_options_set()
        - sit: check if IPv6 enabled before calling ip6_err_gen_icmpv6_unreach()
        - net/mlx4_en: Force CHECKSUM_NONE for short ethernet frames
        - ARCv2: Enable unaligned access in early ASM code
        - Revert "bridge: do not add port to router list when receives query with
          source 0.0.0.0"
        - libceph: handle an empty authorize reply
        - drm/msm: Unblock writer if reader closes file
        - ASoC: Intel: Haswell/Broadwell: fix setting for .dynamic field
        - ALSA: compress: prevent potential divide by zero bugs
        - thermal: int340x_thermal: Fix a NULL vs IS_ERR() check
        - usb: dwc3: gadget: Fix the uninitialized link_state when udc starts
        - usb: gadget: Potential NULL dereference on allocation error
        - ASoC: dapm: change snprintf to scnprintf for possible overflow
        - ASoC: imx-audmux: change snprintf to scnprintf for possible overflow
        - ARC: fix __ffs return value to avoid build warnings
        - mac80211: fix miscounting of ttl-dropped frames
        - serial: fsl_lpuart: fix maximum acceptable baud rate with over-sampling
        - scsi: csiostor: fix NULL pointer dereference in csio_vport_set_state()
        - net: altera_tse: fix connect_local_phy error path
        - ibmveth: Do not process frames after calling napi_reschedule
        - mac80211: don't initiate TDLS connection if station is not associated to AP
        - cfg80211: extend range deviation for DMG
        - KVM: nSVM: clear events pending from svm_complete_interrupts() when exiting
          to L1
        - arm/arm64: KVM: Feed initialized memory to MMIO accesses
        - KVM: arm/arm64: Fix MMIO emulation data handling
        - powerpc: Always initialize input array when calling epapr_hypercall()
        - mmc: spi: Fix card detection during probe
        - x86/uaccess: Don't leak the AC flag into __put_user() value evaluation
        - USB: serial: option: add Telit ME910 ECM composition
        - USB: serial: cp210x: add ID for Ingenico 3070
        - USB: serial: ftdi_sio: add ID for Hjelmslund Electronics USB485
        - cpufreq: Use struct kobj_attribute instead of struct global_attr
        - sockfs: getxattr: Fail with -EOPNOTSUPP for invalid attribute names
        - ncpfs: fix build warning of strncpy
        - isdn: isdn_tty: fix build warning of strncpy
        - staging: lustre: fix buffer overflow of string buffer
        - net-sysfs: Fix mem leak in netdev_register_kobject
        - team: Free BPF filter when unregistering netdev
        - bnxt_en: Drop oversize TX packets to prevent errors.
        - net: nfc: Fix NULL dereference on nfc_llcp_build_tlv fails
        - xen-netback: fix occasional leak of grant ref mappings under memory pressure
        - net: Add __icmp_send helper.
        - net: avoid use IPCB in cipso_v4_error
        - net: phy: Micrel KSZ8061: link failure after cable connect
        - x86/CPU/AMD: Set the CPB bit unconditionally on F17h
        - applicom: Fix potential Spectre v1 vulnerabilities
        - MIPS: irq: Allocate accurate order pages for irq stack
        - hugetlbfs: fix races and page leaks during migration
        - netlabel: fix out-of-bounds memory accesses
        - net: dsa: mv88e6xxx: Fix u64 statistics
        - ip6mr: Do not call __IP6_INC_STATS() from preemptible context
        - media: uvcvideo: Fix 'type' check leading to overflow
        - vti4: Fix a ipip packet processing bug in 'IPCOMP' virtual tunnel
        - perf tools: Handle TOPOLOGY headers with no CPU
        - IB/{hfi1, qib}: Fix WC.byte_len calculation for UD_SEND_WITH_IMM
        - ipvs: Fix signed integer overflow when setsockopt timeout
        - iommu/amd: Fix IOMMU page flush when detach device from a domain
        - xtensa: SMP: fix ccount_timer_shutdown
        - xtensa: SMP: fix secondary CPU initialization
        - xtensa: smp_lx200_defconfig: fix vectors clash
        - xtensa: SMP: mark each possible CPU as present
        - xtensa: SMP: limit number of possible CPUs by NR_CPUS
        - net: altera_tse: fix msgdma_tx_completion on non-zero fill_level case
        - net: hns: Fix wrong read accesses via Clause 45 MDIO protocol
        - net: stmmac: dwmac-rk: fix error handling in rk_gmac_powerup()
        - gpio: vf610: Mask all GPIO interrupts
        - nfs: Fix NULL pointer dereference of dev_name
        - scsi: libfc: free skb when receiving invalid flogi resp
        - platform/x86: Fix unmet dependency warning for SAMSUNG_Q10
        - cifs: fix computation for MAX_SMB2_HDR_SIZE
        - x86/kexec: Don't setup EFI info if EFI runtime is not enabled
        - x86_64: increase stack size for KASAN_EXTRA
        - mm, memory_hotplug: is_mem_section_removable do not pass the end of a zone
        - mm, memory_hotplug: test_pages_in_a_zone do not pass the end of zone
        - fs/drop_caches.c: avoid softlockups in drop_pagecache_sb()
        - autofs: drop dentry reference only when it is never used
        - autofs: fix error return in autofs_fill_super()
        - ARM: pxa: ssp: unneeded to free devm_ allocated data
        - irqchip/mmp: Only touch the PJ4 IRQ & FIQ bits on enable/disable
        - dmaengine: at_xdmac: Fix wrongfull report of a channel as in use
        - dmaengine: dmatest: Abort test in case of mapping error
        - s390/qeth: fix use-after-free in error path
        - perf symbols: Filter out hidden symbols from labels
        - MIPS: Remove function size check in get_frame_info()
        - Input: wacom_serial4 - add support for Wacom ArtPad II tablet
        - Input: elan_i2c - add id for touchpad found in Lenovo s21e-20
        - iscsi_ibft: Fix missing break in switch statement
        - futex,rt_mutex: Restructure rt_mutex_finish_proxy_lock()
        - ARM: dts: exynos: Add minimal clkout parameters to Exynos3250 PMU
        - Revert "x86/platform/UV: Use efi_runtime_lock to serialise BIOS calls"
        - ARM: dts: exynos: Do not ignore real-world fuse values for thermal zone 0 on
          Exynos5420
        - udplite: call proper backlog handlers
        - netfilter: x_tables: enforce nul-terminated table name from getsockopt
          GET_ENTRIES
        - netfilter: nfnetlink_log: just returns error for unknown command
        - netfilter: nfnetlink_acct: validate NFACCT_FILTER parameters
        - netfilter: nf_conntrack_tcp: Fix stack out of bounds when parsing TCP
          options
        - KEYS: restrict /proc/keys by credentials at open time
        - l2tp: fix infoleak in l2tp_ip6_recvmsg()
        - net: hsr: fix memory leak in hsr_dev_finalize()
        - net: sit: fix UBSAN Undefined behaviour in check_6rd
        - net/x25: fix use-after-free in x25_device_event()
        - net/x25: reset state in x25_connect()
        - pptp: dst_release sk_dst_cache in pptp_sock_destruct
        - ravb: Decrease TxFIFO depth of Q3 and Q2 to one
        - route: set the deleted fnhe fnhe_daddr to 0 in ip_del_fnhe to fix a race
        - tcp: handle inet_csk_reqsk_queue_add() failures
        - net/mlx4_core: Fix reset flow when in command polling mode
        - net/mlx4_core: Fix qp mtt size calculation
        - net/x25: fix a race in x25_bind()
        - mdio_bus: Fix use-after-free on device_register fails
        - net: Set rtm_table to RT_TABLE_COMPAT for ipv6 for tables > 255
        - missing barriers in some of unix_sock ->addr and ->path accesses
        - ipvlan: disallow userns cap_net_admin to change global mode/flags
        - vxlan: test dev->flags & IFF_UP before calling gro_cells_receive()
        - vxlan: Fix GRO cells race condition between receive and link delete
        - net/hsr: fix possible crash in add_timer()
        - gro_cells: make sure device is up in gro_cells_receive()
        - tcp/dccp: remove reqsk_put() from inet_child_forget()
        - ALSA: bebob: use more identical mod_alias for Saffire Pro 10 I/O against
          Liquid Saffire 56
        - fs/9p: use fscache mutex rather than spinlock
        - It's wrong to add len to sector_nr in raid10 reshape twice
        - media: videobuf2-v4l2: drop WARN_ON in vb2_warn_zero_bytesused()
        - 9p: use inode->i_lock to protect i_size_write() under 32-bit
        - 9p/net: fix memory leak in p9_client_create
        - ASoC: fsl_esai: fix register setting issue in RIGHT_J mode
        - stm class: Fix an endless loop in channel allocation
        - crypto: caam - fixed handling of sg list
        - crypto: ahash - fix another early termination in hash walk
        - gpu: ipu-v3: Fix i.MX51 CSI control registers offset
        - gpu: ipu-v3: Fix CSI offsets for imx53
        - s390/dasd: fix using offset into zero size array error
        - ARM: OMAP2+: Variable "reg" in function omap4_dsi_mux_pads() could be
          uninitialized
        - Input: matrix_keypad - use flush_delayed_work()
        - i2c: cadence: Fix the hold bit setting
        - Input: st-keyscan - fix potential zalloc NULL dereference
        - ARM: 8824/1: fix a migrating irq bug when hotplug cpu
        - assoc_array: Fix shortcut creation
        - net: systemport: Fix reception of BPDUs
        - pinctrl: meson: meson8b: fix the sdxc_a data 1..3 pins
        - net: mv643xx_eth: disable clk on error path in mv643xx_eth_shared_probe()
        - ASoC: topology: free created components in tplg load error
        - arm64: Relax GIC version check during early boot
        - tmpfs: fix link accounting when a tmpfile is linked in
        - ARC: uacces: remove lp_start, lp_end from clobber list
        - phonet: fix building with clang
        - mac80211_hwsim: propagate genlmsg_reply return code
        - net: set static variable an initial value in atl2_probe()
        - tmpfs: fix uninitialized return value in shmem_link
        - stm class: Prevent division by zero
        - crypto: arm64/aes-ccm - fix logical bug in AAD MAC handling
        - CIFS: Fix read after write for files with read caching
        - tracing: Do not free iter->trace in fail path of tracing_open_pipe()
        - ACPI / device_sysfs: Avoid OF modalias creation for removed device
        - regulator: s2mps11: Fix steps for buck7, buck8 and LDO35
        - regulator: s2mpa01: Fix step values for some LDOs
        - clocksource/drivers/exynos_mct: Move one-shot check from tick clear to ISR
        - clocksource/drivers/exynos_mct: Clear timer interrupt when shutdown
        - s390/virtio: handle find on invalid queue gracefully
        - scsi: virtio_scsi: don't send sc payload with tmfs
        - scsi: target/iscsi: Avoid iscsit_release_commands_from_conn() deadlock
        - m68k: Add -ffreestanding to CFLAGS
        - btrfs: ensure that a DUP or RAID1 block group has exactly two stripes
        - Btrfs: fix corruption reading shared and compressed extents after hole
          punching
        - crypto: pcbc - remove bogus memcpy()s with src == dest
        - cpufreq: tegra124: add missing of_node_put()
        - cpufreq: pxa2xx: remove incorrect __init annotation
        - ext4: fix crash during online resizing
        - ext2: Fix underflow in ext2_max_size()
        - clk: ingenic: Fix round_rate misbehaving with non-integer dividers
        - dmaengine: usb-dmac: Make DMAC system sleep callbacks explicit
        - mm/vmalloc: fix size check for remap_vmalloc_range_partial()
        - kernel/sysctl.c: add missing range check in do_proc_dointvec_minmax_conv
        - intel_th: Don't reference unassigned outputs
        - parport_pc: fix find_superio io compare code, should use equal test.
        - i2c: tegra: fix maximum transfer size
        - perf bench: Copy kernel files needed to build mem{cpy,set} x86_64 benchmarks
        - serial: 8250_pci: Fix number of ports for ACCES serial cards
        - serial: 8250_pci: Have ACCES cards that use the four port Pericom PI7C9X7954
          chip use the pci_pericom_setup()
        - jbd2: clear dirty flag when revoking a buffer from an older transaction
        - jbd2: fix compile warning when using JBUFFER_TRACE
        - powerpc/32: Clear on-stack exception marker upon exception return
        - powerpc/wii: properly disable use of BATs when requested.
        - powerpc/powernv: Make opal log only readable by root
        - powerpc/83xx: Also save/restore SPRG4-7 during suspend
        - ARM: s3c24xx: Fix boolean expressions in osiris_dvs_notify
        - dm: fix to_sector() for 32bit
        - NFS41: pop some layoutget errors to application
        - perf intel-pt: Fix CYC timestamp calculation after OVF
        - perf auxtrace: Define auxtrace record alignment
        - perf intel-pt: Fix overlap calculation for padding
        - md: Fix failed allocation of md_register_thread
        - NFS: Fix an I/O request leakage in nfs_do_recoalesce
        - NFS: Don't recoalesce on error in nfs_pageio_complete_mirror()
        - nfsd: fix memory corruption caused by readdir
        - nfsd: fix wrong check in write_v4_end_grace()
        - PM / wakeup: Rework wakeup source timer cancellation
        - rcu: Do RCU GP kthread self-wakeup from softirq and interrupt
        - media: uvcvideo: Avoid NULL pointer dereference at the end of streaming
        - drm/radeon/evergreen_cs: fix missing break in switch statement
        - KVM: nVMX: Sign extend displacements of VMX instr's mem operands
        - KVM: nVMX: Ignore limit checks on VMX instructions using flat segments
        - KVM: X86: Fix residual mmio emulation request to userspace
        - Linux 4.4.177
    
      * sky2 ethernet card doesn't work after returning from suspend
        (LP: #1807259) // sky2 ethernet card link not up after suspend
        (LP: #1809843) // Xenial update: 4.4.177 upstream stable release
        (LP: #1822271)
        - sky2: Disable MSI on Dell Inspiron 1545 and Gateway P-79
    
      * [CONFIG] please enable highdpi font FONT_TER16x32 (LP: #1819881)
        - lib/fonts/Kconfig: keep non-Sparc fonts listed together
        - Fonts: New Terminus large console font
        - [Config]: enable highdpi Terminus 16x32 font support
    
      * Hard lockup in 2 CPUs due to deadlock in cpu_stoppers (LP: #1821259)
        - stop_machine, sched: Fix migrate_swap() vs. active_balance() deadlock
        - stop_machine: Disable preemption when waking two stopper threads
        - stop_machine: Disable preemption after queueing stopper threads
        - stop_machine: Atomically queue and wake stopper threads
    
     -- Khalid Elmously <email address hidden>  Tue, 02 Apr 2019 23:03:42 -0400
  • linux (4.4.0-145.171) xenial; urgency=medium
    
      * linux: 4.4.0-145.171 -proposed tracker (LP: #1821724)
    
      * linux-generic should depend on linux-base >=4.1 (LP: #1820419)
        - [Packaging] Fix linux-base dependency
    
    linux (4.4.0-144.170) xenial; urgency=medium
    
      * linux: 4.4.0-144.170 -proposed tracker (LP: #1819660)
    
      * Packaging resync (LP: #1786013)
        - [Packaging] resync getabis
        - [Packaging] update helper scripts
        - [Packaging] resync retpoline extraction
    
      * C++ demangling support missing from perf (LP: #1396654)
        - [Packaging] fix a mistype
    
      * CVE-2019-9213
        - mm: enforce min addr even if capable() in expand_downwards()
    
      * CVE-2019-3460
        - Bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt
    
      * Xenial update: 4.4.176 upstream stable release (LP: #1818815)
        - net: fix IPv6 prefix route residue
        - vsock: cope with memory allocation failure at socket creation time
        - hwmon: (lm80) Fix missing unlock on error in set_fan_div()
        - net: Fix for_each_netdev_feature on Big endian
        - net: Add header for usage of fls64()
        - tcp: tcp_v4_err() should be more careful
        - net: Do not allocate page fragments that are not skb aligned
        - tcp: clear icsk_backoff in tcp_write_queue_purge()
        - vxlan: test dev->flags & IFF_UP before calling netif_rx()
        - net: stmmac: Fix a race in EEE enable callback
        - net: ipv4: use a dedicated counter for icmp_v4 redirect packets
        - x86: livepatch: Treat R_X86_64_PLT32 as R_X86_64_PC32
        - mfd: as3722: Handle interrupts on suspend
        - mfd: as3722: Mark PM functions as __maybe_unused
        - net/x25: do not hold the cpu too long in x25_new_lci()
        - mISDN: fix a race in dev_expire_timer()
        - ax25: fix possible use-after-free
        - Linux 4.4.176
    
      * sky2 ethernet card don't work after returning from suspension
        (LP: #1798921) // Xenial update: 4.4.176 upstream stable release
        (LP: #1818815)
        - sky2: Increase D3 delay again
    
      * Xenial update: 4.4.175 upstream stable release (LP: #1818813)
        - drm/bufs: Fix Spectre v1 vulnerability
        - staging: iio: adc: ad7280a: handle error from __ad7280_read32()
        - ASoC: Intel: mrfld: fix uninitialized variable access
        - scsi: lpfc: Correct LCB RJT handling
        - ARM: 8808/1: kexec:offline panic_smp_self_stop CPU
        - dlm: Don't swamp the CPU with callbacks queued during recovery
        - x86/PCI: Fix Broadcom CNB20LE unintended sign extension (redux)
        - powerpc/pseries: add of_node_put() in dlpar_detach_node()
        - serial: fsl_lpuart: clear parity enable bit when disable parity
        - ptp: check gettime64 return code in PTP_SYS_OFFSET ioctl
        - staging:iio:ad2s90: Make probe handle spi_setup failure
        - staging: iio: ad7780: update voltage on read
        - ARM: OMAP2+: hwmod: Fix some section annotations
        - modpost: validate symbol names also in find_elf_symbol
        - perf tools: Add Hygon Dhyana support
        - soc/tegra: Don't leak device tree node reference
        - f2fs: move dir data flush to write checkpoint process
        - f2fs: fix wrong return value of f2fs_acl_create
        - sunvdc: Do not spin in an infinite loop when vio_ldc_send() returns EAGAIN
        - nfsd4: fix crash on writing v4_end_grace before nfsd startup
        - arm64: ftrace: don't adjust the LR value
        - ARM: dts: mmp2: fix TWSI2
        - x86/fpu: Add might_fault() to user_insn()
        - media: DaVinci-VPBE: fix error handling in vpbe_initialize()
        - smack: fix access permissions for keyring
        - usb: hub: delay hub autosuspend if USB3 port is still link training
        - timekeeping: Use proper seqcount initializer
        - ARM: dts: Fix OMAP4430 SDP Ethernet startup
        - mips: bpf: fix encoding bug for mm_srlv32_op
        - iommu/arm-smmu-v3: Use explicit mb() when moving cons pointer
        - sata_rcar: fix deferred probing
        - clk: imx6sl: ensure MMDC CH0 handshake is bypassed
        - cpuidle: big.LITTLE: fix refcount leak
        - i2c-axxia: check for error conditions first
        - udf: Fix BUG on corrupted inode
        - ARM: pxa: avoid section mismatch warning
        - ASoC: fsl: Fix SND_SOC_EUKREA_TLV320 build error on i.MX8M
        - memstick: Prevent memstick host from getting runtime suspended during card
          detection
        - tty: serial: samsung: Properly set flags in autoCTS mode
        - arm64: KVM: Skip MMIO insn after emulation
        - powerpc/uaccess: fix warning/error with access_ok()
        - mac80211: fix radiotap vendor presence bitmap handling
        - xfrm6_tunnel: Fix spi check in __xfrm6_tunnel_alloc_spi
        - Bluetooth: Fix unnecessary error message for HCI request completion
        - cw1200: Fix concurrency use-after-free bugs in cw1200_hw_scan()
        - drbd: narrow rcu_read_lock in drbd_sync_handshake
        - drbd: disconnect, if the wrong UUIDs are attached on a connected peer
        - drbd: skip spurious timeout (ping-timeo) when failing promote
        - drbd: Avoid Clang warning about pointless switch statment
        - video: clps711x-fb: release disp device node in probe()
        - fbdev: fbmem: behave better with small rotated displays and many CPUs
        - fbdev: fbcon: Fix unregister crash when more than one framebuffer
        - KVM: x86: svm: report MSR_IA32_MCG_EXT_CTL as unsupported
        - NFS: nfs_compare_mount_options always compare auth flavors.
        - hwmon: (lm80) fix a missing check of the status of SMBus read
        - hwmon: (lm80) fix a missing check of bus read in lm80 probe
        - seq_buf: Make seq_buf_puts() null-terminate the buffer
        - crypto: ux500 - Use proper enum in cryp_set_dma_transfer
        - crypto: ux500 - Use proper enum in hash_set_dma_transfer
        - cifs: check ntwrk_buf_start for NULL before dereferencing it
        - um: Avoid marking pages with "changed protection"
        - niu: fix missing checks of niu_pci_eeprom_read
        - scripts/decode_stacktrace: only strip base path when a prefix of the path
        - ocfs2: don't clear bh uptodate for block read
        - isdn: hisax: hfc_pci: Fix a possible concurrency use-after-free bug in
          HFCPCI_l1hw()
        - gdrom: fix a memory leak bug
        - block/swim3: Fix -EBUSY error when re-opening device after unmount
        - HID: lenovo: Add checks to fix of_led_classdev_register
        - kernel/hung_task.c: break RCU locks based on jiffies
        - fs/epoll: drop ovflist branch prediction
        - exec: load_script: don't blindly truncate shebang string
        - thermal: hwmon: inline helpers when CONFIG_THERMAL_HWMON is not set
        - test_hexdump: use memcpy instead of strncpy
        - tipc: use destination length for copy string
        - string: drop __must_check from strscpy() and restore strscpy() usages in
          cgroup
        - dccp: fool proof ccid_hc_[rt]x_parse_options()
        - enic: fix checksum validation for IPv6
        - net: dp83640: expire old TX-skb
        - skge: potential memory corruption in skge_get_regs()
        - net: systemport: Fix WoL with password after deep sleep
        - net: dsa: slave: Don't propagate flag changes on down slave interfaces
        - ALSA: compress: Fix stop handling on compressed capture streams
        - ALSA: hda - Serialize codec registrations
        - fuse: call pipe_buf_release() under pipe lock
        - fuse: decrement NR_WRITEBACK_TEMP on the right page
        - fuse: handle zero sized retrieve correctly
        - dmaengine: imx-dma: fix wrong callback invoke
        - usb: phy: am335x: fix race condition in _probe
        - usb: gadget: udc: net2272: Fix bitwise and boolean operations
        - perf/x86/intel/uncore: Add Node ID mask
        - x86/MCE: Initialize mce.bank in the case of a fatal error in
          mce_no_way_out()
        - perf/core: Don't WARN() for impossible ring-buffer sizes
        - perf tests evsel-tp-sched: Fix bitwise operator
        - mtd: rawnand: gpmi: fix MX28 bus master lockup problem
        - signal: Always notice exiting tasks
        - signal: Better detection of synchronous signals
        - misc: vexpress: Off by one in vexpress_syscfg_exec()
        - debugfs: fix debugfs_rename parameter checking
        - mips: cm: reprime error cause
        - MIPS: OCTEON: don't set octeon_dma_bar_type if PCI is disabled
        - MIPS: VDSO: Include $(ccflags-vdso) in o32,n32 .lds builds
        - ARM: iop32x/n2100: fix PCI IRQ mapping
        - mac80211: ensure that mgmt tx skbs have tailroom for encryption
        - drm/modes: Prevent division by zero htotal
        - drm/vmwgfx: Fix setting of dma masks
        - drm/vmwgfx: Return error code from vmw_execbuf_copy_fence_user
        - HID: debug: fix the ring buffer implementation
        - NFC: nxp-nci: Include unaligned.h instead of access_ok.h
        - Revert "cifs: In Kconfig CONFIG_CIFS_POSIX needs depends on legacy (insecure
          cifs)"
        - Revert "UBUNTU: [Config] Remove CONFIG_CIFS_POSIX=y"
        - libceph: avoid KEEPALIVE_PENDING races in ceph_con_keepalive()
        - xfrm: refine validation of template and selector families
        - batman-adv: Avoid WARN on net_device without parent in netns
        - batman-adv: Force mac header to start of data on xmit
        - Revert "exec: load_script: don't blindly truncate shebang string"
        - uapi/if_ether.h: prevent redefinition of struct ethhdr
        - ARM: dts: da850-evm: Correct the sound card name
        - ARM: dts: kirkwood: Fix polarity of GPIO fan lines
        - gpio: pl061: handle failed allocations
        - cifs: Limit memory used by lock request calls to a page
        - Documentation/network: reword kernel version reference
        - Revert "Input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G"
        - Input: elan_i2c - add ACPI ID for touchpad in Lenovo V330-15ISK
        - perf/core: Fix impossible ring-buffer sizes warning
        - ALSA: hda - Add quirk for HP EliteBook 840 G5
        - ALSA: usb-audio: Fix implicit fb endpoint setup by quirk
        - Input: bma150 - register input device after setting private data
        - Input: elantech - enable 3rd button support on Fujitsu CELSIUS H780
        - alpha: fix page fault handling for r16-r18 targets
        - alpha: Fix Eiger NR_IRQS to 128
        - tracing/uprobes: Fix output for multiple string arguments
        - x86/platform/UV: Use efi_runtime_lock to serialise BIOS calls
        - signal: Restore the stop PTRACE_EVENT_EXIT
        - x86/a.out: Clear the dump structure initially
        - dm thin: fix bug where bio that overwrites thin block ignores FUA
        - smsc95xx: Use skb_cow_head to deal with cloned skbs
        - ch9200: use skb_cow_head() to deal with cloned skbs
        - kaweth: use skb_cow_head() to deal with cloned skbs
        - usb: dwc2: Remove unnecessary kfree
        - pinctrl: msm: fix gpio-hog related boot issues
        - uapi/if_ether.h: move __UAPI_DEF_ETHHDR libc define
        - Linux 4.4.175
    
      * Xenial update: 4.4.174 upstream stable release (LP: #1818806)
        - inet: frags: change inet_frags_init_net() return value
        - inet: frags: add a pointer to struct netns_frags
        - inet: frags: refactor ipfrag_init()
        - inet: frags: refactor ipv6_frag_init()
        - inet: frags: refactor lowpan_net_frag_init()
        - rhashtable: add rhashtable_lookup_get_insert_key()
        - rhashtable: Add rhashtable_lookup()
        - rhashtable: add schedule points
        - inet: frags: use rhashtables for reassembly units
        - net: ieee802154: 6lowpan: fix frag reassembly
        - ipfrag: really prevent allocation on netns exit
        - inet: frags: remove some helpers
        - inet: frags: get rif of inet_frag_evicting()
        - inet: frags: remove inet_frag_maybe_warn_overflow()
        - inet: frags: break the 2GB limit for frags storage
        - inet: frags: do not clone skb in ip_expire()
        - ipv6: frags: rewrite ip6_expire_frag_queue()
        - rhashtable: reorganize struct rhashtable layout
        - inet: frags: reorganize struct netns_frags
        - inet: frags: get rid of ipfrag_skb_cb/FRAG_CB
        - inet: frags: fix ip6frag_low_thresh boundary
        - ip: discard IPv4 datagrams with overlapping segments.
        - net: modify skb_rbtree_purge to return the truesize of all purged skbs.
        - ipv6: defrag: drop non-last frags smaller than min mtu
        - net: pskb_trim_rcsum() and CHECKSUM_COMPLETE are friends
        - ip: use rb trees for IP frag queue.
        - ip: add helpers to process in-order fragments faster.
        - ip: process in-order fragments efficiently
        - ip: frags: fix crash in ip_do_fragment()
        - ipv4: frags: precedence bug in ip_expire()
        - inet: frags: better deal with smp races
        - net: fix pskb_trim_rcsum_slow() with odd trim offset
        - net: ipv4: do not handle duplicate fragments as overlapping
        - rcu: Force boolean subscript for expedited stall warnings
        - Linux 4.4.174
    
      * Xenial update: 4.4.173 upstream stable release (LP: #1818803)
        - net: Fix usage of pskb_trim_rcsum
        - openvswitch: Avoid OOB read when parsing flow nlattrs
        - net: ipv4: Fix memory leak in network namespace dismantle
        - net_sched: refetch skb protocol for each filter
        - net: bridge: Fix ethernet header pointer before check skb forwardable
        - USB: serial: simple: add Motorola Tetra TPG2200 device id
        - USB: serial: pl2303: add new PID to support PL2303TB
        - ASoC: atom: fix a missing check of snd_pcm_lib_malloc_pages
        - ARC: perf: map generic branches to correct hardware condition
        - s390/early: improve machine detection
        - s390/smp: fix CPU hotplug deadlock with CPU rescan
        - char/mwave: fix potential Spectre v1 vulnerability
        - staging: rtl8188eu: Add device code for D-Link DWA-121 rev B1
        - tty: Handle problem if line discipline does not have receive_buf
        - tty/n_hdlc: fix __might_sleep warning
        - CIFS: Fix possible hang during async MTU reads and writes
        - Input: xpad - add support for SteelSeries Stratus Duo
        - KVM: x86: Fix single-step debugging
        - x86/kaslr: Fix incorrect i8254 outb() parameters
        - can: dev: __can_get_echo_skb(): fix bogous check for non-existing skb by
          removing it
        - can: bcm: check timer values before ktime conversion
        - vt: invoke notifier on screen size change
        - perf unwind: Unwind with libdw doesn't take symfs into account
        - perf unwind: Take pgoff into account when reporting elf to libdwfl
        - irqchip/gic-v3-its: Align PCI Multi-MSI allocation on their size
        - arm64: mm: remove page_mapping check in __sync_icache_dcache
        - f2fs: read page index before freeing
        - Revert "loop: Fix double mutex_unlock(&loop_ctl_mutex) in
          loop_control_ioctl()"
        - Revert "loop: Get rid of loop_index_mutex"
        - Revert "loop: Fold __loop_release into loop_release"
        - s390/smp: Fix calling smp_call_ipl_cpu() from ipl CPU
        - fs: add the fsnotify call to vfs_iter_write
        - ipv6: Consider sk_bound_dev_if when binding a socket to an address
        - l2tp: copy 4 more bytes to linear part if necessary
        - net/mlx4_core: Add masking for a few queries on HCA caps
        - netrom: switch to sock timer API
        - net/rose: fix NULL ax25_cb kernel panic
        - ucc_geth: Reset BQL queue when stopping device
        - l2tp: remove l2specific_len dependency in l2tp_core
        - l2tp: fix reading optional fields of L2TPv3
        - CIFS: Do not count -ENODATA as failure for query directory
        - fs/dcache: Fix incorrect nr_dentry_unused accounting in shrink_dcache_sb()
        - ARM: cns3xxx: Fix writing to wrong PCI config registers after alignment
        - arm64: hyp-stub: Forbid kprobing of the hyp-stub
        - gfs2: Revert "Fix loop in gfs2_rbm_find"
        - platform/x86: asus-nb-wmi: Map 0x35 to KEY_SCREENLOCK
        - platform/x86: asus-nb-wmi: Drop mapping of 0x33 and 0x34 scan codes
        - mmc: sdhci-iproc: handle mmc_of_parse() errors during probe
        - kernel/exit.c: release ptraced tasks before zap_pid_ns_processes
        - mm, oom: fix use-after-free in oom_kill_process
        - cifs: Always resolve hostname before reconnecting
        - drivers: core: Remove glue dirs from sysfs earlier
        - mm: migrate: don't rely on __PageMovable() of newpage after unlocking it
        - fs: don't scan the inode cache before SB_BORN is set
        - Linux 4.4.173
    
      * Xenial update: 4.4.172 upstream stable release (LP: #1818797)
        - tty/ldsem: Wake up readers after timed out down_write()
        - can: gw: ensure DLC boundaries after CAN frame modification
        - f2fs: clean up argument of recover_data
        - f2fs: cover more area with nat_tree_lock
        - f2fs: move sanity checking of cp into get_valid_checkpoint
        - f2fs: fix to convert inline directory correctly
        - f2fs: give -EINVAL for norecovery and rw mount
        - f2fs: remove an obsolete variable
        - f2fs: factor out fsync inode entry operations
        - f2fs: fix inode cache leak
        - f2fs: fix to avoid reading out encrypted data in page cache
        - f2fs: not allow to write illegal blkaddr
        - f2fs: avoid unneeded loop in build_sit_entries
        - f2fs: use crc and cp version to determine roll-forward recovery
        - f2fs: introduce get_checkpoint_version for cleanup
        - f2fs: put directory inodes before checkpoint in roll-forward recovery
        - f2fs: fix to determine start_cp_addr by sbi->cur_cp_pack
        - f2fs: detect wrong layout
        - f2fs: free meta pages if sanity check for ckpt is failed
        - f2fs: fix race condition in between free nid allocator/initializer
        - f2fs: return error during fill_super
        - f2fs: check blkaddr more accuratly before issue a bio
        - f2fs: sanity check on sit entry
        - f2fs: enhance sanity_check_raw_super() to avoid potential overflow
        - f2fs: clean up with is_valid_blkaddr()
        - f2fs: introduce and spread verify_blkaddr
        - f2fs: fix to do sanity check with secs_per_zone
        - f2fs: fix to do sanity check with user_block_count
        - f2fs: Add sanity_check_inode() function
        - f2fs: fix to do sanity check with node footer and iblocks
        - f2fs: fix to do sanity check with reserved blkaddr of inline inode
        - f2fs: fix to do sanity check with block address in main area
        - f2fs: fix to do sanity check with block address in main area v2
        - f2fs: fix to do sanity check with cp_pack_start_sum
        - f2fs: fix invalid memory access
        - f2fs: fix missing up_read
        - f2fs: fix validation of the block count in sanity_check_raw_super
        - media: em28xx: Fix misplaced reset of dev->v4l::field_count
        - arm64/kvm: consistently handle host HCR_EL2 flags
        - arm64: Don't trap host pointer auth use to EL2
        - ipv6: fix kernel-infoleak in ipv6_local_error()
        - net: bridge: fix a bug on using a neighbour cache entry without checking its
          state
        - packet: Do not leak dev refcounts on error exit
        - ip: on queued skb use skb_header_pointer instead of pskb_may_pull
        - crypto: authencesn - Avoid twice completion call in decrypt path
        - crypto: authenc - fix parsing key with misaligned rta_len
        - btrfs: wait on ordered extents on abort cleanup
        - Yama: Check for pid death before checking ancestry
        - scsi: sd: Fix cache_type_store()
        - mips: fix n32 compat_ipc_parse_version
        - mfd: tps6586x: Handle interrupts on suspend
        - Disable MSI also when pcie-octeon.pcie_disable on
        - omap2fb: Fix stack memory disclosure
        - media: vivid: fix error handling of kthread_run
        - media: vivid: set min width/height to a value > 0
        - LSM: Check for NULL cred-security on free
        - media: vb2: vb2_mmap: move lock up
        - sunrpc: handle ENOMEM in rpcb_getport_async
        - selinux: fix GPF on invalid policy
        - sctp: allocate sctp_sockaddr_entry with kzalloc
        - tipc: fix uninit-value in tipc_nl_compat_link_reset_stats
        - tipc: fix uninit-value in tipc_nl_compat_bearer_enable
        - tipc: fix uninit-value in tipc_nl_compat_link_set
        - tipc: fix uninit-value in tipc_nl_compat_name_table_dump
        - tipc: fix uninit-value in tipc_nl_compat_doit
        - block/loop: Use global lock for ioctl() operation.
        - loop: Fold __loop_release into loop_release
        - loop: Get rid of loop_index_mutex
        - loop: Fix double mutex_unlock(&loop_ctl_mutex) in loop_control_ioctl()
        - drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock
        - media: vb2: be sure to unlock mutex on errors
        - r8169: Add support for new Realtek Ethernet
        - ipv6: Consider sk_bound_dev_if when binding a socket to a v4 mapped address
        - ipv6: Take rcu_read_lock in __inet6_bind for mapped addresses
        - platform/x86: asus-wmi: Tell the EC the OS will handle the display off
          hotkey
        - e1000e: allow non-monotonic SYSTIM readings
        - writeback: don't decrement wb->refcnt if !wb->bdi
        - MIPS: SiByte: Enable swiotlb for SWARM, LittleSur and BigSur
        - arm64: perf: set suppress_bind_attrs flag to true
        - jffs2: Fix use of uninitialized delayed_work, lockdep breakage
        - pstore/ram: Do not treat empty buffers as valid
        - powerpc/pseries/cpuidle: Fix preempt warning
        - media: firewire: Fix app_info parameter type in avc_ca{,_app}_info
        - net: call sk_dst_reset when set SO_DONTROUTE
        - scsi: target: use consistent left-aligned ASCII INQUIRY data
        - clk: imx6q: reset exclusive gates on init
        - kconfig: fix file name and line number of warn_ignored_character()
        - kconfig: fix memory leak when EOF is encountered in quotation
        - mmc: atmel-mci: do not assume idle after atmci_request_end
        - perf intel-pt: Fix error with config term "pt=0"
        - perf svghelper: Fix unchecked usage of strncpy()
        - perf parse-events: Fix unchecked usage of strncpy()
        - dm kcopyd: Fix bug causing workqueue stalls
        - dm snapshot: Fix excessive memory usage and workqueue stalls
        - ALSA: bebob: fix model-id of unit for Apogee Ensemble
        - sysfs: Disable lockdep for driver bind/unbind files
        - scsi: megaraid: fix out-of-bound array accesses
        - ocfs2: fix panic due to unrecovered local alloc
        - mm/page-writeback.c: don't break integrity writeback on ->writepage() error
        - mm, proc: be more verbose about unstable VMA flags in /proc/<pid>/smaps
        - net: speed up skb_rbtree_purge()
        - ipmi:ssif: Fix handling of multi-part return messages
        - Linux 4.4.172
    
      * Xenial update: 4.4.171 upstream stable release (LP: #1818237)
        - ALSA: hda/realtek - Disable headset Mic VREF for headset mode of ALC225
        - btrfs: cleanup, stop casting for extent_map->lookup everywhere
        - btrfs: Enhance chunk validation check
        - Btrfs: add validadtion checks for chunk loading
        - Btrfs: check inconsistence between chunk and block group
        - Btrfs: fix em leak in find_first_block_group
        - Btrfs: detect corruption when non-root leaf has zero item
        - Btrfs: check btree node's nritems
        - Btrfs: fix BUG_ON in btrfs_mark_buffer_dirty
        - Btrfs: memset to avoid stale content in btree node block
        - Btrfs: improve check_node to avoid reading corrupted nodes
        - Btrfs: kill BUG_ON in run_delayed_tree_ref
        - Btrfs: memset to avoid stale content in btree leaf
        - Btrfs: fix emptiness check for dirtied extent buffers at check_leaf()
        - btrfs: struct-funcs, constify readers
        - btrfs: Refactor check_leaf function for later expansion
        - btrfs: Check if item pointer overlaps with the item itself
        - btrfs: Add sanity check for EXTENT_DATA when reading out leaf
        - btrfs: Add checker for EXTENT_CSUM
        - btrfs: Move leaf and node validation checker to tree-checker.c
        - btrfs: tree-checker: Enhance btrfs_check_node output
        - btrfs: tree-checker: Fix false panic for sanity test
        - btrfs: tree-checker: Add checker for dir item
        - btrfs: tree-checker: use %zu format string for size_t
        - btrfs: tree-check: reduce stack consumption in check_dir_item
        - btrfs: tree-checker: Verify block_group_item
        - btrfs: tree-checker: Detect invalid and empty essential trees
        - btrfs: validate type when reading a chunk
        - btrfs: Check that each block group has corresponding chunk at mount time
        - btrfs: Verify that every chunk has corresponding block group at mount time
        - btrfs: tree-checker: Check level for leaves and nodes
        - btrfs: tree-checker: Fix misleading group system information
        - CIFS: Do not hide EINTR after sending network packets
        - cifs: Fix potential OOB access of lock element array
        - usb: cdc-acm: send ZLP for Telit 3G Intel based modems
        - USB: storage: don't insert sane sense for SPC3+ when bad sense specified
        - USB: storage: add quirk for SMI SM3350
        - USB: Add USB_QUIRK_DELAY_CTRL_MSG quirk for Corsair K70 RGB
        - slab: alien caches must not be initialized if the allocation of the alien
          cache failed
        - PCI: altera: Fix altera_pcie_link_is_up()
        - PCI: altera: Reorder read/write functions
        - PCI: altera: Check link status before retrain link
        - PCI: altera: Poll for link up status after retraining the link
        - PCI: altera: Poll for link training status after retraining the link
        - PCI: altera: Rework config accessors for use without a struct pci_bus
        - PCI: altera: Move retrain from fixup to altera_pcie_host_init()
        - ACPI: power: Skip duplicate power resource references in _PRx
        - i2c: dev: prevent adapter retries and timeout being set as minus value
        - crypto: cts - fix crash on short inputs
        - ext4: fix a potential fiemap/page fault deadlock w/ inline_data
        - sunrpc: use-after-free in svc_process_common()
        - Linux 4.4.171
    
      * [Packaging] Allow overlay of config annotations (LP: #1752072)
        - [Packaging] config-check: Add an include directive
    
      * CVE-2018-9517
        - l2tp: pass tunnel pointer to ->session_create()
    
      * squashfs hardening (LP: #1816756)
        - squashfs metadata 2: electric boogaloo
        - Squashfs: Compute expected length from inode size rather than block length
    
      * Update ENA driver to version 2.0.3K (LP: #1816806)
        - net: ena: update driver version from 2.0.2 to 2.0.3
        - net: ena: fix race between link up and device initalization
        - net: ena: fix crash during failed resume from hibernation
    
      * bnxt_en_po: TX timed out triggering Netdev Watchdog Timer (LP: #1814095)
        - SAUCE: bnxt_en_bpo: Fix TX timeout during netpoll
    
      * CVE-2019-3459
        - Bluetooth: Verify that l2cap_get_conf_opt provides large enough buffer
    
      * CVE-2019-7222
        - KVM: x86: work around leak of uninitialized stack contents (CVE-2019-7222)
    
      * CVE-2019-7221
        - KVM: nVMX: unconditionally cancel preemption timer in free_nested
          (CVE-2019-7221)
    
      * CVE-2019-6974
        - kvm: fix kvm_ioctl_create_device() reference counting (CVE-2019-6974)
    
      * Regular D-state processes impacting LXD containers (LP: #1817628)
        - mm: do not stall register_shrinker()
    
      * libsas disks can have non-unique by-path names (LP: #1817784)
        - scsi: libsas: Fix rphy phy_identifier for PHYs with end devices attached
    
      * Hard lockups due to unrestricted lapic timer delay (LP: #1817918)
        - KVM: x86: move nsec_to_cycles from x86.c to x86.h
        - KVM: LAPIC: cap __delay at lapic_timer_advance_ns
    
     -- Stefan Bader <email address hidden>  Tue, 26 Mar 2019 13:27:29 +0100
  • linux (4.4.0-144.170) xenial; urgency=medium
    
      * linux: 4.4.0-144.170 -proposed tracker (LP: #1819660)
    
      * Packaging resync (LP: #1786013)
        - [Packaging] resync getabis
        - [Packaging] update helper scripts
        - [Packaging] resync retpoline extraction
    
      * C++ demangling support missing from perf (LP: #1396654)
        - [Packaging] fix a mistype
    
      * CVE-2019-9213
        - mm: enforce min addr even if capable() in expand_downwards()
    
      * CVE-2019-3460
        - Bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt
    
      * Xenial update: 4.4.176 upstream stable release (LP: #1818815)
        - net: fix IPv6 prefix route residue
        - vsock: cope with memory allocation failure at socket creation time
        - hwmon: (lm80) Fix missing unlock on error in set_fan_div()
        - net: Fix for_each_netdev_feature on Big endian
        - net: Add header for usage of fls64()
        - tcp: tcp_v4_err() should be more careful
        - net: Do not allocate page fragments that are not skb aligned
        - tcp: clear icsk_backoff in tcp_write_queue_purge()
        - vxlan: test dev->flags & IFF_UP before calling netif_rx()
        - net: stmmac: Fix a race in EEE enable callback
        - net: ipv4: use a dedicated counter for icmp_v4 redirect packets
        - x86: livepatch: Treat R_X86_64_PLT32 as R_X86_64_PC32
        - mfd: as3722: Handle interrupts on suspend
        - mfd: as3722: Mark PM functions as __maybe_unused
        - net/x25: do not hold the cpu too long in x25_new_lci()
        - mISDN: fix a race in dev_expire_timer()
        - ax25: fix possible use-after-free
        - Linux 4.4.176
    
      * sky2 ethernet card don't work after returning from suspension
        (LP: #1798921) // Xenial update: 4.4.176 upstream stable release
        (LP: #1818815)
        - sky2: Increase D3 delay again
    
      * Xenial update: 4.4.175 upstream stable release (LP: #1818813)
        - drm/bufs: Fix Spectre v1 vulnerability
        - staging: iio: adc: ad7280a: handle error from __ad7280_read32()
        - ASoC: Intel: mrfld: fix uninitialized variable access
        - scsi: lpfc: Correct LCB RJT handling
        - ARM: 8808/1: kexec:offline panic_smp_self_stop CPU
        - dlm: Don't swamp the CPU with callbacks queued during recovery
        - x86/PCI: Fix Broadcom CNB20LE unintended sign extension (redux)
        - powerpc/pseries: add of_node_put() in dlpar_detach_node()
        - serial: fsl_lpuart: clear parity enable bit when disable parity
        - ptp: check gettime64 return code in PTP_SYS_OFFSET ioctl
        - staging:iio:ad2s90: Make probe handle spi_setup failure
        - staging: iio: ad7780: update voltage on read
        - ARM: OMAP2+: hwmod: Fix some section annotations
        - modpost: validate symbol names also in find_elf_symbol
        - perf tools: Add Hygon Dhyana support
        - soc/tegra: Don't leak device tree node reference
        - f2fs: move dir data flush to write checkpoint process
        - f2fs: fix wrong return value of f2fs_acl_create
        - sunvdc: Do not spin in an infinite loop when vio_ldc_send() returns EAGAIN
        - nfsd4: fix crash on writing v4_end_grace before nfsd startup
        - arm64: ftrace: don't adjust the LR value
        - ARM: dts: mmp2: fix TWSI2
        - x86/fpu: Add might_fault() to user_insn()
        - media: DaVinci-VPBE: fix error handling in vpbe_initialize()
        - smack: fix access permissions for keyring
        - usb: hub: delay hub autosuspend if USB3 port is still link training
        - timekeeping: Use proper seqcount initializer
        - ARM: dts: Fix OMAP4430 SDP Ethernet startup
        - mips: bpf: fix encoding bug for mm_srlv32_op
        - iommu/arm-smmu-v3: Use explicit mb() when moving cons pointer
        - sata_rcar: fix deferred probing
        - clk: imx6sl: ensure MMDC CH0 handshake is bypassed
        - cpuidle: big.LITTLE: fix refcount leak
        - i2c-axxia: check for error conditions first
        - udf: Fix BUG on corrupted inode
        - ARM: pxa: avoid section mismatch warning
        - ASoC: fsl: Fix SND_SOC_EUKREA_TLV320 build error on i.MX8M
        - memstick: Prevent memstick host from getting runtime suspended during card
          detection
        - tty: serial: samsung: Properly set flags in autoCTS mode
        - arm64: KVM: Skip MMIO insn after emulation
        - powerpc/uaccess: fix warning/error with access_ok()
        - mac80211: fix radiotap vendor presence bitmap handling
        - xfrm6_tunnel: Fix spi check in __xfrm6_tunnel_alloc_spi
        - Bluetooth: Fix unnecessary error message for HCI request completion
        - cw1200: Fix concurrency use-after-free bugs in cw1200_hw_scan()
        - drbd: narrow rcu_read_lock in drbd_sync_handshake
        - drbd: disconnect, if the wrong UUIDs are attached on a connected peer
        - drbd: skip spurious timeout (ping-timeo) when failing promote
        - drbd: Avoid Clang warning about pointless switch statment
        - video: clps711x-fb: release disp device node in probe()
        - fbdev: fbmem: behave better with small rotated displays and many CPUs
        - fbdev: fbcon: Fix unregister crash when more than one framebuffer
        - KVM: x86: svm: report MSR_IA32_MCG_EXT_CTL as unsupported
        - NFS: nfs_compare_mount_options always compare auth flavors.
        - hwmon: (lm80) fix a missing check of the status of SMBus read
        - hwmon: (lm80) fix a missing check of bus read in lm80 probe
        - seq_buf: Make seq_buf_puts() null-terminate the buffer
        - crypto: ux500 - Use proper enum in cryp_set_dma_transfer
        - crypto: ux500 - Use proper enum in hash_set_dma_transfer
        - cifs: check ntwrk_buf_start for NULL before dereferencing it
        - um: Avoid marking pages with "changed protection"
        - niu: fix missing checks of niu_pci_eeprom_read
        - scripts/decode_stacktrace: only strip base path when a prefix of the path
        - ocfs2: don't clear bh uptodate for block read
        - isdn: hisax: hfc_pci: Fix a possible concurrency use-after-free bug in
          HFCPCI_l1hw()
        - gdrom: fix a memory leak bug
        - block/swim3: Fix -EBUSY error when re-opening device after unmount
        - HID: lenovo: Add checks to fix of_led_classdev_register
        - kernel/hung_task.c: break RCU locks based on jiffies
        - fs/epoll: drop ovflist branch prediction
        - exec: load_script: don't blindly truncate shebang string
        - thermal: hwmon: inline helpers when CONFIG_THERMAL_HWMON is not set
        - test_hexdump: use memcpy instead of strncpy
        - tipc: use destination length for copy string
        - string: drop __must_check from strscpy() and restore strscpy() usages in
          cgroup
        - dccp: fool proof ccid_hc_[rt]x_parse_options()
        - enic: fix checksum validation for IPv6
        - net: dp83640: expire old TX-skb
        - skge: potential memory corruption in skge_get_regs()
        - net: systemport: Fix WoL with password after deep sleep
        - net: dsa: slave: Don't propagate flag changes on down slave interfaces
        - ALSA: compress: Fix stop handling on compressed capture streams
        - ALSA: hda - Serialize codec registrations
        - fuse: call pipe_buf_release() under pipe lock
        - fuse: decrement NR_WRITEBACK_TEMP on the right page
        - fuse: handle zero sized retrieve correctly
        - dmaengine: imx-dma: fix wrong callback invoke
        - usb: phy: am335x: fix race condition in _probe
        - usb: gadget: udc: net2272: Fix bitwise and boolean operations
        - perf/x86/intel/uncore: Add Node ID mask
        - x86/MCE: Initialize mce.bank in the case of a fatal error in
          mce_no_way_out()
        - perf/core: Don't WARN() for impossible ring-buffer sizes
        - perf tests evsel-tp-sched: Fix bitwise operator
        - mtd: rawnand: gpmi: fix MX28 bus master lockup problem
        - signal: Always notice exiting tasks
        - signal: Better detection of synchronous signals
        - misc: vexpress: Off by one in vexpress_syscfg_exec()
        - debugfs: fix debugfs_rename parameter checking
        - mips: cm: reprime error cause
        - MIPS: OCTEON: don't set octeon_dma_bar_type if PCI is disabled
        - MIPS: VDSO: Include $(ccflags-vdso) in o32,n32 .lds builds
        - ARM: iop32x/n2100: fix PCI IRQ mapping
        - mac80211: ensure that mgmt tx skbs have tailroom for encryption
        - drm/modes: Prevent division by zero htotal
        - drm/vmwgfx: Fix setting of dma masks
        - drm/vmwgfx: Return error code from vmw_execbuf_copy_fence_user
        - HID: debug: fix the ring buffer implementation
        - NFC: nxp-nci: Include unaligned.h instead of access_ok.h
        - Revert "cifs: In Kconfig CONFIG_CIFS_POSIX needs depends on legacy (insecure
          cifs)"
        - Revert "UBUNTU: [Config] Remove CONFIG_CIFS_POSIX=y"
        - libceph: avoid KEEPALIVE_PENDING races in ceph_con_keepalive()
        - xfrm: refine validation of template and selector families
        - batman-adv: Avoid WARN on net_device without parent in netns
        - batman-adv: Force mac header to start of data on xmit
        - Revert "exec: load_script: don't blindly truncate shebang string"
        - uapi/if_ether.h: prevent redefinition of struct ethhdr
        - ARM: dts: da850-evm: Correct the sound card name
        - ARM: dts: kirkwood: Fix polarity of GPIO fan lines
        - gpio: pl061: handle failed allocations
        - cifs: Limit memory used by lock request calls to a page
        - Documentation/network: reword kernel version reference
        - Revert "Input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G"
        - Input: elan_i2c - add ACPI ID for touchpad in Lenovo V330-15ISK
        - perf/core: Fix impossible ring-buffer sizes warning
        - ALSA: hda - Add quirk for HP EliteBook 840 G5
        - ALSA: usb-audio: Fix implicit fb endpoint setup by quirk
        - Input: bma150 - register input device after setting private data
        - Input: elantech - enable 3rd button support on Fujitsu CELSIUS H780
        - alpha: fix page fault handling for r16-r18 targets
        - alpha: Fix Eiger NR_IRQS to 128
        - tracing/uprobes: Fix output for multiple string arguments
        - x86/platform/UV: Use efi_runtime_lock to serialise BIOS calls
        - signal: Restore the stop PTRACE_EVENT_EXIT
        - x86/a.out: Clear the dump structure initially
        - dm thin: fix bug where bio that overwrites thin block ignores FUA
        - smsc95xx: Use skb_cow_head to deal with cloned skbs
        - ch9200: use skb_cow_head() to deal with cloned skbs
        - kaweth: use skb_cow_head() to deal with cloned skbs
        - usb: dwc2: Remove unnecessary kfree
        - pinctrl: msm: fix gpio-hog related boot issues
        - uapi/if_ether.h: move __UAPI_DEF_ETHHDR libc define
        - Linux 4.4.175
    
      * Xenial update: 4.4.174 upstream stable release (LP: #1818806)
        - inet: frags: change inet_frags_init_net() return value
        - inet: frags: add a pointer to struct netns_frags
        - inet: frags: refactor ipfrag_init()
        - inet: frags: refactor ipv6_frag_init()
        - inet: frags: refactor lowpan_net_frag_init()
        - rhashtable: add rhashtable_lookup_get_insert_key()
        - rhashtable: Add rhashtable_lookup()
        - rhashtable: add schedule points
        - inet: frags: use rhashtables for reassembly units
        - net: ieee802154: 6lowpan: fix frag reassembly
        - ipfrag: really prevent allocation on netns exit
        - inet: frags: remove some helpers
        - inet: frags: get rif of inet_frag_evicting()
        - inet: frags: remove inet_frag_maybe_warn_overflow()
        - inet: frags: break the 2GB limit for frags storage
        - inet: frags: do not clone skb in ip_expire()
        - ipv6: frags: rewrite ip6_expire_frag_queue()
        - rhashtable: reorganize struct rhashtable layout
        - inet: frags: reorganize struct netns_frags
        - inet: frags: get rid of ipfrag_skb_cb/FRAG_CB
        - inet: frags: fix ip6frag_low_thresh boundary
        - ip: discard IPv4 datagrams with overlapping segments.
        - net: modify skb_rbtree_purge to return the truesize of all purged skbs.
        - ipv6: defrag: drop non-last frags smaller than min mtu
        - net: pskb_trim_rcsum() and CHECKSUM_COMPLETE are friends
        - ip: use rb trees for IP frag queue.
        - ip: add helpers to process in-order fragments faster.
        - ip: process in-order fragments efficiently
        - ip: frags: fix crash in ip_do_fragment()
        - ipv4: frags: precedence bug in ip_expire()
        - inet: frags: better deal with smp races
        - net: fix pskb_trim_rcsum_slow() with odd trim offset
        - net: ipv4: do not handle duplicate fragments as overlapping
        - rcu: Force boolean subscript for expedited stall warnings
        - Linux 4.4.174
    
      * Xenial update: 4.4.173 upstream stable release (LP: #1818803)
        - net: Fix usage of pskb_trim_rcsum
        - openvswitch: Avoid OOB read when parsing flow nlattrs
        - net: ipv4: Fix memory leak in network namespace dismantle
        - net_sched: refetch skb protocol for each filter
        - net: bridge: Fix ethernet header pointer before check skb forwardable
        - USB: serial: simple: add Motorola Tetra TPG2200 device id
        - USB: serial: pl2303: add new PID to support PL2303TB
        - ASoC: atom: fix a missing check of snd_pcm_lib_malloc_pages
        - ARC: perf: map generic branches to correct hardware condition
        - s390/early: improve machine detection
        - s390/smp: fix CPU hotplug deadlock with CPU rescan
        - char/mwave: fix potential Spectre v1 vulnerability
        - staging: rtl8188eu: Add device code for D-Link DWA-121 rev B1
        - tty: Handle problem if line discipline does not have receive_buf
        - tty/n_hdlc: fix __might_sleep warning
        - CIFS: Fix possible hang during async MTU reads and writes
        - Input: xpad - add support for SteelSeries Stratus Duo
        - KVM: x86: Fix single-step debugging
        - x86/kaslr: Fix incorrect i8254 outb() parameters
        - can: dev: __can_get_echo_skb(): fix bogous check for non-existing skb by
          removing it
        - can: bcm: check timer values before ktime conversion
        - vt: invoke notifier on screen size change
        - perf unwind: Unwind with libdw doesn't take symfs into account
        - perf unwind: Take pgoff into account when reporting elf to libdwfl
        - irqchip/gic-v3-its: Align PCI Multi-MSI allocation on their size
        - arm64: mm: remove page_mapping check in __sync_icache_dcache
        - f2fs: read page index before freeing
        - Revert "loop: Fix double mutex_unlock(&loop_ctl_mutex) in
          loop_control_ioctl()"
        - Revert "loop: Get rid of loop_index_mutex"
        - Revert "loop: Fold __loop_release into loop_release"
        - s390/smp: Fix calling smp_call_ipl_cpu() from ipl CPU
        - fs: add the fsnotify call to vfs_iter_write
        - ipv6: Consider sk_bound_dev_if when binding a socket to an address
        - l2tp: copy 4 more bytes to linear part if necessary
        - net/mlx4_core: Add masking for a few queries on HCA caps
        - netrom: switch to sock timer API
        - net/rose: fix NULL ax25_cb kernel panic
        - ucc_geth: Reset BQL queue when stopping device
        - l2tp: remove l2specific_len dependency in l2tp_core
        - l2tp: fix reading optional fields of L2TPv3
        - CIFS: Do not count -ENODATA as failure for query directory
        - fs/dcache: Fix incorrect nr_dentry_unused accounting in shrink_dcache_sb()
        - ARM: cns3xxx: Fix writing to wrong PCI config registers after alignment
        - arm64: hyp-stub: Forbid kprobing of the hyp-stub
        - gfs2: Revert "Fix loop in gfs2_rbm_find"
        - platform/x86: asus-nb-wmi: Map 0x35 to KEY_SCREENLOCK
        - platform/x86: asus-nb-wmi: Drop mapping of 0x33 and 0x34 scan codes
        - mmc: sdhci-iproc: handle mmc_of_parse() errors during probe
        - kernel/exit.c: release ptraced tasks before zap_pid_ns_processes
        - mm, oom: fix use-after-free in oom_kill_process
        - cifs: Always resolve hostname before reconnecting
        - drivers: core: Remove glue dirs from sysfs earlier
        - mm: migrate: don't rely on __PageMovable() of newpage after unlocking it
        - fs: don't scan the inode cache before SB_BORN is set
        - Linux 4.4.173
    
      * Xenial update: 4.4.172 upstream stable release (LP: #1818797)
        - tty/ldsem: Wake up readers after timed out down_write()
        - can: gw: ensure DLC boundaries after CAN frame modification
        - f2fs: clean up argument of recover_data
        - f2fs: cover more area with nat_tree_lock
        - f2fs: move sanity checking of cp into get_valid_checkpoint
        - f2fs: fix to convert inline directory correctly
        - f2fs: give -EINVAL for norecovery and rw mount
        - f2fs: remove an obsolete variable
        - f2fs: factor out fsync inode entry operations
        - f2fs: fix inode cache leak
        - f2fs: fix to avoid reading out encrypted data in page cache
        - f2fs: not allow to write illegal blkaddr
        - f2fs: avoid unneeded loop in build_sit_entries
        - f2fs: use crc and cp version to determine roll-forward recovery
        - f2fs: introduce get_checkpoint_version for cleanup
        - f2fs: put directory inodes before checkpoint in roll-forward recovery
        - f2fs: fix to determine start_cp_addr by sbi->cur_cp_pack
        - f2fs: detect wrong layout
        - f2fs: free meta pages if sanity check for ckpt is failed
        - f2fs: fix race condition in between free nid allocator/initializer
        - f2fs: return error during fill_super
        - f2fs: check blkaddr more accuratly before issue a bio
        - f2fs: sanity check on sit entry
        - f2fs: enhance sanity_check_raw_super() to avoid potential overflow
        - f2fs: clean up with is_valid_blkaddr()
        - f2fs: introduce and spread verify_blkaddr
        - f2fs: fix to do sanity check with secs_per_zone
        - f2fs: fix to do sanity check with user_block_count
        - f2fs: Add sanity_check_inode() function
        - f2fs: fix to do sanity check with node footer and iblocks
        - f2fs: fix to do sanity check with reserved blkaddr of inline inode
        - f2fs: fix to do sanity check with block address in main area
        - f2fs: fix to do sanity check with block address in main area v2
        - f2fs: fix to do sanity check with cp_pack_start_sum
        - f2fs: fix invalid memory access
        - f2fs: fix missing up_read
        - f2fs: fix validation of the block count in sanity_check_raw_super
        - media: em28xx: Fix misplaced reset of dev->v4l::field_count
        - arm64/kvm: consistently handle host HCR_EL2 flags
        - arm64: Don't trap host pointer auth use to EL2
        - ipv6: fix kernel-infoleak in ipv6_local_error()
        - net: bridge: fix a bug on using a neighbour cache entry without checking its
          state
        - packet: Do not leak dev refcounts on error exit
        - ip: on queued skb use skb_header_pointer instead of pskb_may_pull
        - crypto: authencesn - Avoid twice completion call in decrypt path
        - crypto: authenc - fix parsing key with misaligned rta_len
        - btrfs: wait on ordered extents on abort cleanup
        - Yama: Check for pid death before checking ancestry
        - scsi: sd: Fix cache_type_store()
        - mips: fix n32 compat_ipc_parse_version
        - mfd: tps6586x: Handle interrupts on suspend
        - Disable MSI also when pcie-octeon.pcie_disable on
        - omap2fb: Fix stack memory disclosure
        - media: vivid: fix error handling of kthread_run
        - media: vivid: set min width/height to a value > 0
        - LSM: Check for NULL cred-security on free
        - media: vb2: vb2_mmap: move lock up
        - sunrpc: handle ENOMEM in rpcb_getport_async
        - selinux: fix GPF on invalid policy
        - sctp: allocate sctp_sockaddr_entry with kzalloc
        - tipc: fix uninit-value in tipc_nl_compat_link_reset_stats
        - tipc: fix uninit-value in tipc_nl_compat_bearer_enable
        - tipc: fix uninit-value in tipc_nl_compat_link_set
        - tipc: fix uninit-value in tipc_nl_compat_name_table_dump
        - tipc: fix uninit-value in tipc_nl_compat_doit
        - block/loop: Use global lock for ioctl() operation.
        - loop: Fold __loop_release into loop_release
        - loop: Get rid of loop_index_mutex
        - loop: Fix double mutex_unlock(&loop_ctl_mutex) in loop_control_ioctl()
        - drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock
        - media: vb2: be sure to unlock mutex on errors
        - r8169: Add support for new Realtek Ethernet
        - ipv6: Consider sk_bound_dev_if when binding a socket to a v4 mapped address
        - ipv6: Take rcu_read_lock in __inet6_bind for mapped addresses
        - platform/x86: asus-wmi: Tell the EC the OS will handle the display off
          hotkey
        - e1000e: allow non-monotonic SYSTIM readings
        - writeback: don't decrement wb->refcnt if !wb->bdi
        - MIPS: SiByte: Enable swiotlb for SWARM, LittleSur and BigSur
        - arm64: perf: set suppress_bind_attrs flag to true
        - jffs2: Fix use of uninitialized delayed_work, lockdep breakage
        - pstore/ram: Do not treat empty buffers as valid
        - powerpc/pseries/cpuidle: Fix preempt warning
        - media: firewire: Fix app_info parameter type in avc_ca{,_app}_info
        - net: call sk_dst_reset when set SO_DONTROUTE
        - scsi: target: use consistent left-aligned ASCII INQUIRY data
        - clk: imx6q: reset exclusive gates on init
        - kconfig: fix file name and line number of warn_ignored_character()
        - kconfig: fix memory leak when EOF is encountered in quotation
        - mmc: atmel-mci: do not assume idle after atmci_request_end
        - perf intel-pt: Fix error with config term "pt=0"
        - perf svghelper: Fix unchecked usage of strncpy()
        - perf parse-events: Fix unchecked usage of strncpy()
        - dm kcopyd: Fix bug causing workqueue stalls
        - dm snapshot: Fix excessive memory usage and workqueue stalls
        - ALSA: bebob: fix model-id of unit for Apogee Ensemble
        - sysfs: Disable lockdep for driver bind/unbind files
        - scsi: megaraid: fix out-of-bound array accesses
        - ocfs2: fix panic due to unrecovered local alloc
        - mm/page-writeback.c: don't break integrity writeback on ->writepage() error
        - mm, proc: be more verbose about unstable VMA flags in /proc/<pid>/smaps
        - net: speed up skb_rbtree_purge()
        - ipmi:ssif: Fix handling of multi-part return messages
        - Linux 4.4.172
    
      * Xenial update: 4.4.171 upstream stable release (LP: #1818237)
        - ALSA: hda/realtek - Disable headset Mic VREF for headset mode of ALC225
        - btrfs: cleanup, stop casting for extent_map->lookup everywhere
        - btrfs: Enhance chunk validation check
        - Btrfs: add validadtion checks for chunk loading
        - Btrfs: check inconsistence between chunk and block group
        - Btrfs: fix em leak in find_first_block_group
        - Btrfs: detect corruption when non-root leaf has zero item
        - Btrfs: check btree node's nritems
        - Btrfs: fix BUG_ON in btrfs_mark_buffer_dirty
        - Btrfs: memset to avoid stale content in btree node block
        - Btrfs: improve check_node to avoid reading corrupted nodes
        - Btrfs: kill BUG_ON in run_delayed_tree_ref
        - Btrfs: memset to avoid stale content in btree leaf
        - Btrfs: fix emptiness check for dirtied extent buffers at check_leaf()
        - btrfs: struct-funcs, constify readers
        - btrfs: Refactor check_leaf function for later expansion
        - btrfs: Check if item pointer overlaps with the item itself
        - btrfs: Add sanity check for EXTENT_DATA when reading out leaf
        - btrfs: Add checker for EXTENT_CSUM
        - btrfs: Move leaf and node validation checker to tree-checker.c
        - btrfs: tree-checker: Enhance btrfs_check_node output
        - btrfs: tree-checker: Fix false panic for sanity test
        - btrfs: tree-checker: Add checker for dir item
        - btrfs: tree-checker: use %zu format string for size_t
        - btrfs: tree-check: reduce stack consumption in check_dir_item
        - btrfs: tree-checker: Verify block_group_item
        - btrfs: tree-checker: Detect invalid and empty essential trees
        - btrfs: validate type when reading a chunk
        - btrfs: Check that each block group has corresponding chunk at mount time
        - btrfs: Verify that every chunk has corresponding block group at mount time
        - btrfs: tree-checker: Check level for leaves and nodes
        - btrfs: tree-checker: Fix misleading group system information
        - CIFS: Do not hide EINTR after sending network packets
        - cifs: Fix potential OOB access of lock element array
        - usb: cdc-acm: send ZLP for Telit 3G Intel based modems
        - USB: storage: don't insert sane sense for SPC3+ when bad sense specified
        - USB: storage: add quirk for SMI SM3350
        - USB: Add USB_QUIRK_DELAY_CTRL_MSG quirk for Corsair K70 RGB
        - slab: alien caches must not be initialized if the allocation of the alien
          cache failed
        - PCI: altera: Fix altera_pcie_link_is_up()
        - PCI: altera: Reorder read/write functions
        - PCI: altera: Check link status before retrain link
        - PCI: altera: Poll for link up status after retraining the link
        - PCI: altera: Poll for link training status after retraining the link
        - PCI: altera: Rework config accessors for use without a struct pci_bus
        - PCI: altera: Move retrain from fixup to altera_pcie_host_init()
        - ACPI: power: Skip duplicate power resource references in _PRx
        - i2c: dev: prevent adapter retries and timeout being set as minus value
        - crypto: cts - fix crash on short inputs
        - ext4: fix a potential fiemap/page fault deadlock w/ inline_data
        - sunrpc: use-after-free in svc_process_common()
        - Linux 4.4.171
    
      * [Packaging] Allow overlay of config annotations (LP: #1752072)
        - [Packaging] config-check: Add an include directive
    
      * CVE-2018-9517
        - l2tp: pass tunnel pointer to ->session_create()
    
      * squashfs hardening (LP: #1816756)
        - squashfs metadata 2: electric boogaloo
        - Squashfs: Compute expected length from inode size rather than block length
    
      * Update ENA driver to version 2.0.3K (LP: #1816806)
        - net: ena: update driver version from 2.0.2 to 2.0.3
        - net: ena: fix race between link up and device initalization
        - net: ena: fix crash during failed resume from hibernation
    
      * bnxt_en_po: TX timed out triggering Netdev Watchdog Timer (LP: #1814095)
        - SAUCE: bnxt_en_bpo: Fix TX timeout during netpoll
    
      * CVE-2019-3459
        - Bluetooth: Verify that l2cap_get_conf_opt provides large enough buffer
    
      * CVE-2019-7222
        - KVM: x86: work around leak of uninitialized stack contents (CVE-2019-7222)
    
      * CVE-2019-7221
        - KVM: nVMX: unconditionally cancel preemption timer in free_nested
          (CVE-2019-7221)
    
      * CVE-2019-6974
        - kvm: fix kvm_ioctl_create_device() reference counting (CVE-2019-6974)
    
      * Regular D-state processes impacting LXD containers (LP: #1817628)
        - mm: do not stall register_shrinker()
    
      * libsas disks can have non-unique by-path names (LP: #1817784)
        - scsi: libsas: Fix rphy phy_identifier for PHYs with end devices attached
    
      * Hard lockups due to unrestricted lapic timer delay (LP: #1817918)
        - KVM: x86: move nsec_to_cycles from x86.c to x86.h
        - KVM: LAPIC: cap __delay at lapic_timer_advance_ns
    
     -- Stefan Bader <email address hidden>  Thu, 14 Mar 2019 10:01:49 +0100
  • linux (4.4.0-143.169) xenial; urgency=medium
    
      * linux: 4.4.0-143.169 -proposed tracker (LP: #1814647)
    
      * x86/kvm: Backport fixup and missing commits (LP: #1811646)
        - KVM: x86: avoid vmalloc(0) in the KVM_SET_CPUID
        - kvm: nVMX: VMCLEAR an active shadow VMCS after last use
        - X86/nVMX: Properly set spec_ctrl and pred_cmd before merging MSRs
        - KVM/VMX: Optimize vmx_vcpu_run() and svm_vcpu_run() by marking the RDMSR
          path as unlikely()
        - kvm: x86: IA32_ARCH_CAPABILITIES is always supported
        - KVM: SVM: Add MSR-based feature support for serializing LFENCE
        - KVM: X86: Allow userspace to define the microcode version
        - KVM: x86: SVM: Call x86_spec_ctrl_set_guest/host() with interrupts disabled
        - KVM: VMX: fixes for vmentry_l1d_flush module parameter
        - kvm: svm: Ensure an IBPB on all affected CPUs when freeing a vmcb
        - kvm: vmx: Scrub hardware GPRs at VM-exit
        - SAUCE: [Fix] x86/KVM/VMX: Add L1D flush logic
        - SAUCE: KVM: Move code fragments, cleanup and re-indent
    
      * linux-buildinfo: pull out ABI information into its own package
        (LP: #1806380)
        - [Packaging] limit preparation to linux-libc-dev in headers
        - [Packaging] commonise debhelper invocation
        - [Packaging] ABI -- accumulate abi information at the end of the build
        - [Packaging] buildinfo -- add basic build information
        - [Packaging] buildinfo -- add firmware information to the flavour ABI
        - [Packaging] buildinfo -- add compiler information to the flavour ABI
        - [Packaging] buildinfo -- add buildinfo support to getabis
        - [Config] buildinfo -- add retpoline version markers
        - [Packaging] getabis -- handle all known package combinations
        - [Packaging] getabis -- support parsing a simple version
    
      * signing: only install a signed kernel (LP: #1764794)
        - [Packaging] update to Debian like control scripts
        - [Packaging] switch to triggers for postinst.d postrm.d handling
        - [Packaging] signing -- switch to raw-signing tarballs
        - [Packaging] signing -- switch to linux-image as signed when available
        - [Packaging] printenv -- add signing options
        - [Packaging] fix invocation of header postinst hooks
        - [Packaging] signing -- add support for signing Opal kernel binaries
        - [Debian] Use src_pkg_name when constructing udeb control files
        - [Debian] Dynamically determine linux udebs package name
        - [Packaging] handle both linux-lts* and linux-hwe* as backports
        - [Config] linux-source-* is in the primary linux namespace
        - [Packaging] lookup the upstream tag
        - [Packaging] zfs/spl -- enhance provides information
        - [Packaging] switch up to debhelper 9
        - [Packaging] autopkgtest -- disable d-i when dropping flavours
        - [debian] support for ship_extras_package=false
        - [Debian] do_common_tools should always be on
        - [debian] do not force do_tools_common
        - [Packaging] Add linux-tools-host package for VM host tools
        - [Packaging] signing should be conditional
        - [Packaging] skip cloud tools packaging when not building package
        - [Packaging] add acpidbg
        - [debian] prep linux-libc-dev only if do_libc_dev_package=true
        - [Packaging] Only install cloud init files when do_tools_common=true
    
      * Redpine: Driver crash with network-manager 1.10 and above (LP: #1813869)
        - SAUCE: Redpine: enhancement for MAC spoofing to avoid kernel crash
    
      * Guests using IBRS incur a large performance penalty (LP: #1764956)
        - SAUCE: Restore the IBRS host state on VMEXIT
    
      * Xenial update: 4.4.170 upstream stable release (LP: #1811647)
        - USB: hso: Fix OOB memory access in hso_probe/hso_get_config_data
        - xhci: Don't prevent USB2 bus suspend in state check intended for USB3 only
        - USB: serial: option: add GosunCn ZTE WeLink ME3630
        - USB: serial: option: add HP lt4132
        - USB: serial: option: add Simcom SIM7500/SIM7600 (MBIM mode)
        - USB: serial: option: add Fibocom NL668 series
        - USB: serial: option: add Telit LN940 series
        - mmc: core: Reset HPI enabled state during re-init and in case of errors
        - mmc: omap_hsmmc: fix DMA API warning
        - gpio: max7301: fix driver for use with CONFIG_VMAP_STACK
        - Drivers: hv: vmbus: Return -EINVAL for the sys files for unopened channels
        - x86/mtrr: Don't copy uninitialized gentry fields back to userspace
        - drm/ioctl: Fix Spectre v1 vulnerabilities
        - ip6mr: Fix potential Spectre v1 vulnerability
        - ipv4: Fix potential Spectre v1 vulnerability
        - ax25: fix a use-after-free in ax25_fillin_cb()
        - ibmveth: fix DMA unmap error in ibmveth_xmit_start error path
        - ieee802154: lowpan_header_create check must check daddr
        - ipv6: explicitly initialize udp6_addr in udp_sock_create6()
        - isdn: fix kernel-infoleak in capi_unlocked_ioctl
        - netrom: fix locking in nr_find_socket()
        - packet: validate address length
        - packet: validate address length if non-zero
        - sctp: initialize sin6_flowinfo for ipv6 addrs in sctp_inet6addr_event
        - vhost: make sure used idx is seen before log in vhost_add_used_n()
        - VSOCK: Send reset control packet when socket is partially bound
        - xen/netfront: tolerate frags with no data
        - gro_cell: add napi_disable in gro_cells_destroy
        - sock: Make sock->sk_stamp thread-safe
        - ALSA: rme9652: Fix potential Spectre v1 vulnerability
        - ALSA: emu10k1: Fix potential Spectre v1 vulnerabilities
        - ALSA: pcm: Fix potential Spectre v1 vulnerability
        - ALSA: emux: Fix potential Spectre v1 vulnerabilities
        - ALSA: hda: add mute LED support for HP EliteBook 840 G4
        - ALSA: hda/tegra: clear pending irq handlers
        - USB: serial: pl2303: add ids for Hewlett-Packard HP POS pole displays
        - USB: serial: option: add Fibocom NL678 series
        - usb: r8a66597: Fix a possible concurrency use-after-free bug in
          r8a66597_endpoint_disable()
        - Input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G
        - KVM: x86: Use jmp to invoke kvm_spurious_fault() from .fixup
        - perf pmu: Suppress potential format-truncation warning
        - ext4: fix possible use after free in ext4_quota_enable
        - ext4: missing unlock/put_page() in ext4_try_to_write_inline_data()
        - ext4: fix EXT4_IOC_GROUP_ADD ioctl
        - ext4: force inode writes when nfsd calls commit_metadata()
        - spi: bcm2835: Fix race on DMA termination
        - spi: bcm2835: Fix book-keeping of DMA termination
        - spi: bcm2835: Avoid finishing transfer prematurely in IRQ mode
        - cdc-acm: fix abnormal DATA RX issue for Mediatek Preloader.
        - media: vivid: free bitmap_cap when updating std/timings/etc.
        - MIPS: Ensure pmd_present() returns false after pmd_mknotpresent()
        - MIPS: Align kernel load address to 64KB
        - CIFS: Fix error mapping for SMB2_LOCK command which caused OFD lock problem
        - x86/kvm/vmx: do not use vm-exit instruction length for fast MMIO when
          running nested
        - spi: bcm2835: Unbreak the build of esoteric configs
        - powerpc: Fix COFF zImage booting on old powermacs
        - ARM: imx: update the cpu power up timing setting on i.mx6sx
        - Input: restore EV_ABS ABS_RESERVED
        - checkstack.pl: fix for aarch64
        - xfrm: Fix bucket count reported to userspace
        - scsi: bnx2fc: Fix NULL dereference in error handling
        - Input: omap-keypad - fix idle configuration to not block SoC idle states
        - scsi: zfcp: fix posting too many status read buffers leading to adapter
          shutdown
        - hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined
        - mm, devm_memremap_pages: mark devm_memremap_pages() EXPORT_SYMBOL_GPL
        - mm, devm_memremap_pages: kill mapping "System RAM" support
        - sunrpc: fix cache_head leak due to queued request
        - sunrpc: use SVC_NET() in svcauth_gss_* functions
        - crypto: x86/chacha20 - avoid sleeping with preemption disabled
        - ALSA: cs46xx: Potential NULL dereference in probe
        - ALSA: usb-audio: Avoid access before bLength check in build_audio_procunit()
        - ALSA: usb-audio: Fix an out-of-bound read in create_composite_quirks
        - dlm: fixed memory leaks after failed ls_remove_names allocation
        - dlm: possible memory leak on error path in create_lkb()
        - dlm: lost put_lkb on error path in receive_convert() and receive_unlock()
        - dlm: memory leaks on error path in dlm_user_request()
        - gfs2: Fix loop in gfs2_rbm_find
        - b43: Fix error in cordic routine
        - 9p/net: put a lower bound on msize
        - iommu/vt-d: Handle domain agaw being less than iommu agaw
        - ceph: don't update importing cap's mseq when handing cap export
        - genwqe: Fix size check
        - intel_th: msu: Fix an off-by-one in attribute store
        - power: supply: olpc_battery: correct the temperature units
        - Linux 4.4.170
    
      * Xenial update: 4.4.169 upstream stable release (LP: #1811252)
        - lib/interval_tree_test.c: make test options module parameters
        - lib/interval_tree_test.c: allow full tree search
        - lib/rbtree_test.c: make input module parameters
        - lib/rbtree-test: lower default params
        - lib/interval_tree_test.c: allow users to limit scope of endpoint
        - timer/debug: Change /proc/timer_list from 0444 to 0400
        - powerpc/boot: Fix random libfdt related build errors
        - pinctrl: sunxi: a83t: Fix IRQ offset typo for PH11
        - aio: fix spectre gadget in lookup_ioctx
        - MMC: OMAP: fix broken MMC on OMAP15XX/OMAP5910/OMAP310
        - tracing: Fix memory leak in set_trigger_filter()
        - tracing: Fix memory leak of instance function hash filters
        - powerpc/msi: Fix NULL pointer access in teardown code
        - Revert "drm/rockchip: Allow driver to be shutdown on reboot/kexec"
        - f2fs: fix a panic caused by NULL flush_cmd_control
        - mac80211: don't WARN on bad WMM parameters from buggy APs
        - mac80211: Fix condition validating WMM IE
        - mac80211_hwsim: fix module init error paths for netlink
        - scsi: libiscsi: Fix NULL pointer dereference in iscsi_eh_session_reset
        - scsi: vmw_pscsi: Rearrange code to avoid multiple calls to free_irq during
          unload
        - x86/earlyprintk/efi: Fix infinite loop on some screen widths
        - drm/msm: Grab a vblank reference when waiting for commit_done
        - ARC: io.h: Implement reads{x}()/writes{x}()
        - bonding: fix 802.3ad state sent to partner when unbinding slave
        - SUNRPC: Fix a potential race in xprt_connect()
        - sbus: char: add of_node_put()
        - drivers/sbus/char: add of_node_put()
        - drivers/tty: add missing of_node_put()
        - ide: pmac: add of_node_put()
        - clk: mmp: Off by one in mmp_clk_add()
        - Input: omap-keypad - fix keyboard debounce configuration
        - libata: whitelist all SAMSUNG MZ7KM* solid-state disks
        - mv88e6060: disable hardware level MAC learning
        - ARM: 8814/1: mm: improve/fix ARM v7_dma_inv_range() unaligned address
          handling
        - cifs: In Kconfig CONFIG_CIFS_POSIX needs depends on legacy (insecure cifs)
        - [Config] Remove CONFIG_CIFS_POSIX=y
        - i2c: axxia: properly handle master timeout
        - i2c: scmi: Fix probe error on devices with an empty SMB0001 ACPI device node
        - rtc: snvs: add a missing write sync
        - rtc: snvs: Add timeouts to avoid kernel lockups
        - ALSA: isa/wavefront: prevent some out of bound writes
        - Linux 4.4.169
    
      * Xenial update: 4.4.168 upstream stable release (LP: #1811080)
        - ipv6: Check available headroom in ip6_xmit() even without options
        - net: 8139cp: fix a BUG triggered by changing mtu with network traffic
        - net: phy: don't allow __set_phy_supported to add unsupported modes
        - net: Prevent invalid access to skb->prev in __qdisc_drop_all
        - rtnetlink: ndo_dflt_fdb_dump() only work for ARPHRD_ETHER devices
        - tcp: fix NULL ref in tail loss probe
        - tun: forbid iface creation with rtnl ops
        - neighbour: Avoid writing before skb->head in neigh_hh_output()
        - ARM: OMAP2+: prm44xx: Fix section annotation on
          omap44xx_prm_enable_io_wakeup
        - ARM: OMAP1: ams-delta: Fix possible use of uninitialized field
        - sysv: return 'err' instead of 0 in __sysv_write_inode
        - s390/cpum_cf: Reject request for sampling in event initialization
        - hwmon: (ina2xx) Fix current value calculation
        - ASoC: dapm: Recalculate audio map forcely when card instantiated
        - hwmon: (w83795) temp4_type has writable permission
        - Btrfs: send, fix infinite loop due to directory rename dependencies
        - ASoC: omap-mcpdm: Add pm_qos handling to avoid under/overruns with CPU_IDLE
        - ASoC: omap-dmic: Add pm_qos handling to avoid overruns with CPU_IDLE
        - exportfs: do not read dentry after free
        - bpf: fix check of allowed specifiers in bpf_trace_printk
        - USB: omap_udc: use devm_request_irq()
        - USB: omap_udc: fix crashes on probe error and module removal
        - USB: omap_udc: fix omap_udc_start() on 15xx machines
        - USB: omap_udc: fix USB gadget functionality on Palm Tungsten E
        - KVM: x86: fix empty-body warnings
        - net: thunderx: fix NULL pointer dereference in nic_remove
        - ixgbe: recognize 1000BaseLX SFP modules as 1Gbps
        - net: hisilicon: remove unexpected free_netdev
        - drm/ast: fixed reading monitor EDID not stable issue
        - xen: xlate_mmu: add missing header to fix 'W=1' warning
        - fscache: fix race between enablement and dropping of object
        - fscache, cachefiles: remove redundant variable 'cache'
        - ocfs2: fix deadlock caused by ocfs2_defrag_extent()
        - hfs: do not free node before using
        - hfsplus: do not free node before using
        - debugobjects: avoid recursive calls with kmemleak
        - ocfs2: fix potential use after free
        - pstore: Convert console write to use ->write_buf
        - ALSA: pcm: remove SNDRV_PCM_IOCTL1_INFO internal command
        - KVM: nVMX: fix msr bitmaps to prevent L2 from accessing L0 x2APIC
        - KVM: nVMX: mark vmcs12 pages dirty on L2 exit
        - KVM: nVMX: Eliminate vmcs02 pool
        - KVM: VMX: introduce alloc_loaded_vmcs
        - KVM: VMX: make MSR bitmaps per-VCPU
        - KVM/x86: Add IBPB support
        - KVM/VMX: Allow direct access to MSR_IA32_SPEC_CTRL
        - KVM/SVM: Allow direct access to MSR_IA32_SPEC_CTRL
        - KVM/x86: Remove indirect MSR op calls from SPEC_CTRL
        - x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec
        - KVM: SVM: Implement VIRT_SPEC_CTRL support for SSBD
        - bpf: support 8-byte metafield access
        - bpf/verifier: Add spi variable to check_stack_write()
        - bpf/verifier: Pass instruction index to check_mem_access() and check_xadd()
        - bpf: Prevent memory disambiguation attack
        - wil6210: missing length check in wmi_set_ie
        - mm/hugetlb.c: don't call region_abort if region_chg fails
        - hugetlbfs: fix offset overflow in hugetlbfs mmap
        - hugetlbfs: check for pgoff value overflow
        - hugetlbfs: fix bug in pgoff overflow checking
        - swiotlb: clean up reporting
        - sr: pass down correctly sized SCSI sense buffer
        - mm: remove write/force parameters from __get_user_pages_locked()
        - mm: remove write/force parameters from __get_user_pages_unlocked()
        - mm/nommu.c: Switch __get_user_pages_unlocked() to use __get_user_pages()
        - mm: replace get_user_pages_unlocked() write/force parameters with gup_flags
        - mm: replace get_user_pages_locked() write/force parameters with gup_flags
        - mm: replace get_vaddr_frames() write/force parameters with gup_flags
        - mm: replace get_user_pages() write/force parameters with gup_flags
        - mm: replace __access_remote_vm() write parameter with gup_flags
        - mm: replace access_remote_vm() write parameter with gup_flags
        - proc: don't use FOLL_FORCE for reading cmdline and environment
        - proc: do not access cmdline nor environ from file-backed areas
        - media: dvb-frontends: fix i2c access helpers for KASAN
        - matroxfb: fix size of memcpy
        - staging: speakup: Replace strncpy with memcpy
        - rocker: fix rocker_tlv_put_* functions for KASAN
        - selftests: Move networking/timestamping from Documentation
        - Linux 4.4.168
    
      * kernel oops in bcache module (LP: #1793901)
        - SAUCE: bcache: never writeback a discard operation
    
      * Userspace break as a result of missing patch backport (LP: #1813873)
        - tty: Don't hold ldisc lock in tty_reopen() if ldisc present
    
      * CVE-2019-6133
        - fork: record start_time late
    
      * Crash on "ip link add foo type ipip" (LP: #1811803)
        - SAUCE: fan: Fix NULL pointer dereference
    
     -- Juerg Haefliger <email address hidden>  Wed, 06 Feb 2019 10:39:59 +0000
  • linux (4.4.0-142.168) xenial; urgency=medium
    
      * linux: 4.4.0-142.168 -proposed tracker (LP: #1811846)
    
      * Packaging resync (LP: #1786013)
        - [Packaging] update helper scripts
    
      * iptables connlimit allows more connections than the limit when using
        multiple CPUs (LP: #1811094)
        - netfilter: xt_connlimit: don't store address in the conn nodes
        - SAUCE: netfilter: xt_connlimit: remove the 'addr' parameter in add_hlist()
        - netfilter: nf_conncount: expose connection list interface
        - netfilter: nf_conncount: Fix garbage collection with zones
        - netfilter: nf_conncount: fix garbage collection confirm race
        - netfilter: nf_conncount: don't skip eviction when age is negative
    
      * CVE-2017-5715
        - SAUCE: x86/speculation: Cleanup IBPB runtime control handling
        - SAUCE: x86/speculation: Cleanup IBRS runtime control handling
        - SAUCE: x86/speculation: Use x86_spec_ctrl_base in entry/exit code
        - SAUCE: x86/speculation: Move RSB_CTXSW hunk
    
      * Xenial update: 4.4.167 upstream stable release (LP: #1811077)
        - media: em28xx: Fix use-after-free when disconnecting
        - Revert "wlcore: Add missing PM call for
          wlcore_cmd_wait_for_event_or_timeout()"
        - rapidio/rionet: do not free skb before reading its length
        - s390/qeth: fix length check in SNMP processing
        - usbnet: ipheth: fix potential recvmsg bug and recvmsg bug 2
        - kvm: mmu: Fix race in emulated page table writes
        - xtensa: enable coprocessors that are being flushed
        - xtensa: fix coprocessor context offset definitions
        - Btrfs: ensure path name is null terminated at btrfs_control_ioctl
        - ALSA: wss: Fix invalid snd_free_pages() at error path
        - ALSA: ac97: Fix incorrect bit shift at AC97-SPSA control write
        - ALSA: control: Fix race between adding and removing a user element
        - ALSA: sparc: Fix invalid snd_free_pages() at error path
        - ext2: fix potential use after free
        - dmaengine: at_hdmac: fix memory leak in at_dma_xlate()
        - dmaengine: at_hdmac: fix module unloading
        - btrfs: release metadata before running delayed refs
        - USB: usb-storage: Add new IDs to ums-realtek
        - usb: core: quirks: add RESET_RESUME quirk for Cherry G230 Stream series
        - misc: mic/scif: fix copy-paste error in scif_create_remote_lookup
        - Kbuild: suppress packed-not-aligned warning for default setting only
        - exec: avoid gcc-8 warning for get_task_comm
        - disable stringop truncation warnings for now
        - kobject: Replace strncpy with memcpy
        - unifdef: use memcpy instead of strncpy
        - kernfs: Replace strncpy with memcpy
        - ip_tunnel: Fix name string concatenate in __ip_tunnel_create()
        - drm: gma500: fix logic error
        - scsi: bfa: convert to strlcpy/strlcat
        - staging: rts5208: fix gcc-8 logic error warning
        - kdb: use memmove instead of overlapping memcpy
        - iser: set sector for ambiguous mr status errors
        - uprobes: Fix handle_swbp() vs. unregister() + register() race once more
        - MIPS: ralink: Fix mt7620 nd_sd pinmux
        - mips: fix mips_get_syscall_arg o32 check
        - drm/ast: Fix incorrect free on ioregs
        - scsi: scsi_devinfo: cleanly zero-pad devinfo strings
        - ALSA: trident: Suppress gcc string warning
        - scsi: csiostor: Avoid content leaks and casts
        - kgdboc: Fix restrict error
        - kgdboc: Fix warning with module build
        - leds: call led_pwm_set() in leds-pwm to enforce default LED_OFF
        - leds: turn off the LED and wait for completion on unregistering LED class
          device
        - leds: leds-gpio: Fix return value check in create_gpio_led()
        - Input: xpad - quirk all PDP Xbox One gamepads
        - Input: matrix_keypad - check for errors from of_get_named_gpio()
        - Input: elan_i2c - add ELAN0620 to the ACPI table
        - Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15ARR
        - Input: elan_i2c - add support for ELAN0621 touchpad
        - btrfs: Always try all copies when reading extent buffers
        - Btrfs: fix use-after-free when dumping free space
        - ARC: change defconfig defaults to ARCv2
        - arc: [devboards] Add support of NFSv3 ACL
        - mm: cleancache: fix corruption on missed inode invalidation
        - usb: gadget: dummy: fix nonsensical comparisons
        - iommu/vt-d: Fix NULL pointer dereference in prq_event_thread()
        - iommu/ipmmu-vmsa: Fix crash on early domain free
        - can: rcar_can: Fix erroneous registration
        - batman-adv: Expand merged fragment buffer for full packet
        - bnx2x: Assign unique DMAE channel number for FW DMAE transactions.
        - qed: Fix PTT leak in qed_drain()
        - qed: Fix reading wrong value in loop condition
        - net/mlx4_core: Zero out lkey field in SW2HW_MPT fw command
        - net/mlx4_core: Fix uninitialized variable compilation warning
        - net/mlx4: Fix UBSAN warning of signed integer overflow
        - net: faraday: ftmac100: remove netif_running(netdev) check before disabling
          interrupts
        - iommu/vt-d: Use memunmap to free memremap
        - net: amd: add missing of_node_put()
        - usb: quirk: add no-LPM quirk on SanDisk Ultra Flair device
        - usb: appledisplay: Add 27" Apple Cinema Display
        - USB: check usb_get_extra_descriptor for proper size
        - ALSA: usb-audio: Fix UAF decrement if card has no live interfaces in card.c
        - ALSA: hda: Add support for AMD Stoney Ridge
        - ALSA: pcm: Fix starvation on down_write_nonblock()
        - ALSA: pcm: Call snd_pcm_unlink() conditionally at closing
        - ALSA: pcm: Fix interval evaluation with openmin/max
        - virtio/s390: avoid race on vcdev->config
        - virtio/s390: fix race in ccw_io_helper()
        - SUNRPC: Fix leak of krb5p encode pages
        - xhci: Prevent U1/U2 link pm states if exit latency is too long
        - Staging: lustre: remove two build warnings
        - cifs: Fix separator when building path from dentry
        - tty: serial: 8250_mtk: always resume the device in probe.
        - kgdboc: fix KASAN global-out-of-bounds bug in param_set_kgdboc_var()
        - mac80211_hwsim: Timer should be initialized before device registered
        - mac80211: Clear beacon_int in ieee80211_do_stop
        - mac80211: ignore tx status for PS stations in ieee80211_tx_status_ext
        - mac80211: fix reordering of buffered broadcast packets
        - mac80211: ignore NullFunc frames in the duplicate detection
        - Linux 4.4.167
    
      * CVE-2018-19407
        - KVM: X86: Fix scan ioapic use-before-initialization
    
      * cpu-hotplug test in ubuntu_kernel_selftest always return 0 on Xenial
        (LP: #1809699)
        - selftests/cpu-hotplug: exit with failure when test occured unexpected
          behaviors
    
      * iommu - need to effectively disable iommu if "intel_iommu=off" is passed as
        a kernel parameter (LP: #1810328)
        - iommu/vt-d: Make sure IOMMUs are off when intel_iommu=off
    
      * ldisc crash on reopened tty (LP: #1791758)
        - tty: fix data race between tty_init_dev and flush of buf
        - tty: Drop tty->count on tty_reopen() failure
        - tty: Hold tty_ldisc_lock() during tty_reopen()
        - tty: Don't block on IO when ldisc change is pending
        - tty: Simplify tty->count math in tty_reopen()
    
      * Xenial update: 4.4.166 upstream stable release (LP: #1810967)
        - usb: core: Fix hub port connection events lost
        - usb: xhci: fix timeout for transition from RExit to U0
        - MAINTAINERS: Add Sasha as a stable branch maintainer
        - iwlwifi: mvm: support sta_statistics() even on older firmware
        - v9fs_dir_readdir: fix double-free on p9stat_read error
        - bfs: add sanity check at bfs_fill_super()
        - sctp: clear the transport of some out_chunk_list chunks in
          sctp_assoc_rm_peer
        - gfs2: Don't leave s_fs_info pointing to freed memory in init_sbd
        - llc: do not use sk_eat_skb()
        - drm/ast: change resolution may cause screen blurred
        - drm/ast: fixed cursor may disappear sometimes
        - can: dev: can_get_echo_skb(): factor out non sending code to
          __can_get_echo_skb()
        - can: dev: __can_get_echo_skb(): replace struct can_frame by canfd_frame to
          access frame length
        - can: dev: __can_get_echo_skb(): Don't crash the kernel if can_priv::echo_skb
          is accessed out of bounds
        - can: dev: __can_get_echo_skb(): print error message, if trying to echo non
          existing skb
        - usb: xhci: Prevent bus suspend if a port connect change or polling state is
          detected
        - KVM: PPC: Move and undef TRACE_INCLUDE_PATH/FILE
        - cpufreq: imx6q: add return value check for voltage scale
        - SUNRPC: Fix a bogus get/put in generic_key_to_expire()
        - kdb: Use strscpy with destination buffer size
        - powerpc/numa: Suppress "VPHN is not supported" messages
        - tmpfs: make lseek(SEEK_DATA/SEK_HOLE) return ENXIO with a negative offset
        - of: add helper to lookup compatible child node
        - NFC: nfcmrvl_uart: fix OF child-node lookup
        - net: bcmgenet: fix OF child-node lookup
        - x86/entry: spell EBX register correctly in documentation
        - x86/entry/64: Remove %ebx handling from error_entry/exit
        - arm64: remove no-op -p linker flag
        - ath10k: fix kernel panic due to race in accessing arvif list
        - Input: xpad - remove spurious events of wireless xpad 360 controller
        - Input: xpad - handle "present" and "gone" correctly
        - Input: xpad - update Xbox One Force Feedback Support
        - Input: xpad - workaround dead irq_out after suspend/ resume
        - Input: xpad - use LED API when identifying wireless controllers
        - Input: xpad - correct xbox one pad device name
        - Input: xpad - remove unused function
        - Input: xpad - add Mad Catz FightStick TE 2 VID/PID
        - Input: xpad - prevent spurious input from wired Xbox 360 controllers
        - Input: xpad - add more third-party controllers
        - Input: xpad - xbox one elite controller support
        - Input: xpad - fix rumble on Xbox One controllers with 2015 firmware
        - Input: xpad - power off wireless 360 controllers on suspend
        - Input: xpad - add product ID for Xbox One S pad
        - Input: xpad - fix Xbox One rumble stopping after 2.5 secs
        - Input: xpad - correctly sort vendor id's
        - Input: xpad - move reporting xbox one home button to common function
        - Input: xpad - simplify error condition in init_output
        - Input: xpad - don't depend on endpoint order
        - Input: xpad - fix stuck mode button on Xbox One S pad
        - Input: xpad - restore LED state after device resume
        - Input: xpad - support some quirky Xbox One pads
        - Input: xpad - sort supported devices by USB ID
        - Input: xpad - sync supported devices with xboxdrv
        - Input: xpad - add USB IDs for Mad Catz Brawlstick and Razer Sabertooth
        - Input: xpad - sync supported devices with 360Controller
        - Input: xpad - sync supported devices with XBCD
        - Input: xpad - constify usb_device_id
        - Input: xpad - fix PowerA init quirk for some gamepad models
        - Input: xpad - validate USB endpoint type during probe
        - Input: xpad - add support for PDP Xbox One controllers
        - Input: xpad - add PDP device id 0x02a4
        - Input: xpad - fix some coding style issues
        - Input: xpad - avoid using __set_bit() for capabilities
        - Input: xpad - add GPD Win 2 Controller USB IDs
        - Input: xpad - fix GPD Win 2 controller name
        - Input: xpad - add support for Xbox1 PDP Camo series gamepad
        - cw1200: Don't leak memory if krealloc failes
        - mwifiex: Fix NULL pointer dereference in skb_dequeue()
        - mwifiex: fix p2p device doesn't find in scan problem
        - netfilter: nf_tables: fix oops when inserting an element into a verdict map
        - scsi: ufs: fix bugs related to null pointer access and array size
        - scsi: ufshcd: Fix race between clk scaling and ungate work
        - scsi: ufs: fix race between clock gating and devfreq scaling work
        - scsi: ufshcd: release resources if probe fails
        - scsi: qla2xxx: do not queue commands when unloading
        - iwlwifi: mvm: fix regulatory domain update when the firmware starts
        - tty: wipe buffer.
        - tty: wipe buffer if not echoing data
        - usb: xhci: fix uninitialized completion when USB3 port got wrong status
        - btrfs: Ensure btrfs_trim_fs can trim the whole filesystem
        - sched/core: Allow __sched_setscheduler() in interrupts when PI is not used
        - s390/mm: Check for valid vma before zapping in gmap_discard
        - drm/ast: Remove existing framebuffers before loading driver
        - Linux 4.4.166
    
      * Xenial update: 4.4.166 upstream stable release (LP: #1810967) //
        CVE-2000-1134 // CVE-2007-3852 // CVE-2008-0525 // CVE-2009-0416 //
        CVE-2011-4834 // CVE-2015-1838 // CVE-2015-7442 // CVE-2016-7489
        - namei: allow restricted O_CREAT of FIFOs and regular files
    
      * Xenial update: 4.4.165 upstream stable release (LP: #1810958)
        - flow_dissector: do not dissect l4 ports for fragments
        - ip_tunnel: don't force DF when MTU is locked
        - net-gro: reset skb->pkt_type in napi_reuse_skb()
        - tg3: Add PHY reset for 5717/5719/5720 in change ring and flow control paths
        - ipv6: Fix PMTU updates for UDP/raw sockets in presence of VRF
        - kbuild: Add better clang cross build support
        - kbuild: clang: add -no-integrated-as to KBUILD_[AC]FLAGS
        - kbuild: Consolidate header generation from ASM offset information
        - kbuild: consolidate redundant sed script ASM offset generation
        - kbuild: fix asm-offset generation to work with clang
        - kbuild: drop -Wno-unknown-warning-option from clang options
        - kbuild, LLVMLinux: Add -Werror to cc-option to support clang
        - kbuild: use -Oz instead of -Os when using clang
        - kbuild: Add support to generate LLVM assembly files
        - modules: mark __inittest/__exittest as __maybe_unused
        - kbuild: clang: Disable 'address-of-packed-member' warning
        - crypto: arm64/sha - avoid non-standard inline asm tricks
        - efi/libstub/arm64: Force 'hidden' visibility for section markers
        - efi/libstub/arm64: Set -fpie when building the EFI stub
        - kbuild: fix linker feature test macros when cross compiling with Clang
        - kbuild: Set KBUILD_CFLAGS before incl. arch Makefile
        - kbuild: move cc-option and cc-disable-warning after incl. arch Makefile
        - kbuild: clang: fix build failures with sparse check
        - kbuild: clang: remove crufty HOSTCFLAGS
        - kbuild: clang: disable unused variable warnings only when constant
        - kbuild: set no-integrated-as before incl. arch Makefile
        - kbuild: allow to use GCC toolchain not in Clang search path
        - arm64: Disable asm-operand-width warning for clang
        - x86/kbuild: Use cc-option to enable -falign-{jumps/loops}
        - crypto, x86: aesni - fix token pasting for clang
        - x86/mm/kaslr: Use the _ASM_MUL macro for multiplication to work around Clang
          incompatibility
        - kbuild: Add __cc-option macro
        - x86/build: Use __cc-option for boot code compiler options
        - x86/build: Specify stack alignment for clang
        - x86/boot: #undef memcpy() et al in string.c
        - x86/build: Fix stack alignment for CLang
        - x86/build: Use cc-option to validate stack alignment parameter
        - reiserfs: propagate errors from fill_with_dentries() properly
        - hfs: prevent btree data loss on root split
        - hfsplus: prevent btree data loss on root split
        - um: Give start_idle_thread() a return code
        - fs/exofs: fix potential memory leak in mount option parsing
        - clk: samsung: exynos5420: Enable PERIS clocks for suspend
        - platform/x86: acerhdf: Add BIOS entry for Gateway LT31 v1.3307
        - arm64: percpu: Initialize ret in the default case
        - s390/vdso: add missing FORCE to build targets
        - netfilter: ipset: actually allow allowable CIDR 0 in hash:net,port,net
        - s390/mm: Fix ERROR: "__node_distance" undefined!
        - netfilter: ipset: Correct rcu_dereference() call in ip_set_put_comment()
        - netfilter: xt_IDLETIMER: add sysfs filename checking routine
        - hwmon: (ibmpowernv) Remove bogus __init annotations
        - lib/raid6: Fix arm64 test build
        - zram: close udev startup race condition as default groups
        - SUNRPC: drop pointless static qualifier in xdr_get_next_encode_buffer()
        - gfs2: Put bitmap buffers in put_super
        - btrfs: fix pinned underflow after transaction aborted
        - Revert "media: videobuf2-core: don't call memop 'finish' when queueing"
        - media: v4l: event: Add subscription to list before calling "add" operation
        - uio: Fix an Oops on load
        - usb: cdc-acm: add entry for Hiro (Conexant) modem
        - USB: quirks: Add no-lpm quirk for Raydium touchscreens
        - usb: quirks: Add delay-init quirk for Corsair K70 LUX RGB
        - misc: atmel-ssc: Fix section annotation on atmel_ssc_get_driver_data
        - USB: misc: appledisplay: add 20" Apple Cinema Display
        - drivers/misc/sgi-gru: fix Spectre v1 vulnerability
        - ACPI / platform: Add SMB0001 HID to forbidden_id_list
        - new helper: uaccess_kernel()
        - HID: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges
        - xhci: Fix USB3 NULL pointer dereference at logical disconnect.
        - Linux 4.4.165
    
      * Xenial update: 4.4.164 upstream stable release (LP: #1810947)
        - bcache: fix miss key refill->end in writeback
        - hwmon: (pmbus) Fix page count auto-detection.
        - jffs2: free jffs2_sb_info through jffs2_kill_sb()
        - pcmcia: Implement CLKRUN protocol disabling for Ricoh bridges
        - ipmi: Fix timer race with module unload
        - parisc: Fix address in HPMC IVA
        - parisc: Fix map_pages() to not overwrite existing pte entries
        - ALSA: hda - Add mic quirk for the Lenovo G50-30 (17aa:3905)
        - ALSA: ca0106: Disable IZD on SB0570 DAC to fix audio pops
        - x86/corruption-check: Fix panic in memory_corruption_check() when boot
          option without value is provided
        - x86/kconfig: Fall back to ticket spinlocks
        - [Config] Remove CONFIG{,_ARCH_USE}_QUEUED_SPINLOCKS
        - sparc: Fix single-pcr perf event counter management.
        - x86/fpu: Remove second definition of fpu in __fpu__restore_sig()
        - net: qla3xxx: Remove overflowing shift statement
        - selftests: ftrace: Add synthetic event syntax testcase
        - locking/lockdep: Fix debug_locks off performance problem
        - ataflop: fix error handling during setup
        - swim: fix cleanup on setup error
        - tun: Consistently configure generic netdev params via rtnetlink
        - perf tools: Free temporary 'sys' string in read_event_files()
        - perf tools: Cleanup trace-event-info 'tdata' leak
        - mmc: sdhci-pci-o2micro: Add quirk for O2 Micro dev 0x8620 rev 0x01
        - Bluetooth: btbcm: Add entry for BCM4335C0 UART bluetooth
        - x86: boot: Fix EFI stub alignment
        - pinctrl: qcom: spmi-mpp: Fix err handling of pmic_mpp_set_mux
        - kprobes: Return error if we fail to reuse kprobe instead of BUG_ON()
        - ACPI / LPSS: Add alternative ACPI HIDs for Cherry Trail DMA controllers
        - pinctrl: qcom: spmi-mpp: Fix drive strength setting
        - pinctrl: spmi-mpp: Fix pmic_mpp_config_get() to be compliant
        - pinctrl: ssbi-gpio: Fix pm8xxx_pin_config_get() to be compliant
        - ath10k: schedule hardware restart if WMI command times out
        - scsi: esp_scsi: Track residual for PIO transfers
        - scsi: megaraid_sas: fix a missing-check bug
        - tpm: suppress transmit cmd error logs when TPM 1.2 is disabled/deactivated
        - ext4: fix argument checking in EXT4_IOC_MOVE_EXT
        - MD: fix invalid stored role for a disk
        - usb: chipidea: Prevent unbalanced IRQ disable
        - driver/dma/ioat: Call del_timer_sync() without holding prep_lock
        - uio: ensure class is registered before devices
        - scsi: lpfc: Correct soft lockup when running mds diagnostics
        - signal: Always deliver the kernel's SIGKILL and SIGSTOP to a pid namespace
          init
        - dmaengine: dma-jz4780: Return error if not probed from DT
        - ALSA: hda: Check the non-cached stream buffers more explicitly
        - xen-swiotlb: use actually allocated size on check physical continuous
        - tpm: Restore functionality to xen vtpm driver.
        - xen: fix race in xen_qlock_wait()
        - xen: make xen_qlock_wait() nestable
        - net/ipv4: defensive cipso option parsing
        - libnvdimm: Hold reference on parent while scheduling async init
        - jbd2: fix use after free in jbd2_log_do_checkpoint()
        - gfs2_meta: ->mount() can get NULL dev_name
        - ext4: initialize retries variable in ext4_da_write_inline_data_begin()
        - HID: hiddev: fix potential Spectre v1
        - PCI: Add Device IDs for Intel GPU "spurious interrupt" quirk
        - signal/GenWQE: Fix sending of SIGKILL
        - crypto: lrw - Fix out-of bounds access on counter overflow
        - ima: fix showing large 'violations' or 'runtime_measurements_count'
        - hugetlbfs: dirty pages as they are added to pagecache
        - kbuild: fix kernel/bounds.c 'W=1' warning
        - iio: adc: at91: fix acking DRDY irq on simple conversions
        - iio: adc: at91: fix wrong channel number in triggered buffer mode
        - w1: omap-hdq: fix missing bus unregister at removal
        - smb3: allow stats which track session and share reconnects to be reset
        - smb3: do not attempt cifs operation in smb3 query info error path
        - smb3: on kerberos mount if server doesn't specify auth type use krb5
        - printk: Fix panic caused by passing log_buf_len to command line
        - genirq: Fix race on spurious interrupt detection
        - NFSv4.1: Fix the r/wsize checking
        - nfsd: Fix an Oops in free_session()
        - lockd: fix access beyond unterminated strings in prints
        - dm ioctl: harden copy_params()'s copy_from_user() from malicious users
        - powerpc/msi: Fix compile error on mpc83xx
        - MIPS: OCTEON: fix out of bounds array access on CN68XX
        - TC: Set DMA masks for devices
        - kgdboc: Passing ekgdboc to command line causes panic
        - xen: fix xen_qlock_wait()
        - media: em28xx: use a default format if TRY_FMT fails
        - media: em28xx: fix input name for Terratec AV 350
        - media: em28xx: make v4l2-compliance happier by starting sequence on zero
        - ext4: avoid running out of journal credits when appending to an inline file
        - Cramfs: fix abad comparison when wrap-arounds occur
        - arm64: dts: stratix10: Correct System Manager register size
        - soc/tegra: pmc: Fix child-node lookup
        - btrfs: Handle owner mismatch gracefully when walking up tree
        - btrfs: locking: Add extra check in btrfs_init_new_buffer() to avoid deadlock
        - btrfs: iterate all devices during trim, instead of fs_devices::alloc_list
        - btrfs: don't attempt to trim devices that don't support it
        - btrfs: wait on caching when putting the bg cache
        - btrfs: reset max_extent_size on clear in a bitmap
        - btrfs: make sure we create all new block groups
        - Btrfs: fix wrong dentries after fsync of file that got its parent replaced
        - btrfs: qgroup: Dirty all qgroups before rescan
        - Btrfs: fix null pointer dereference on compressed write path error
        - btrfs: set max_extent_size properly
        - MD: fix invalid stored role for a disk - try2
        - tty: check name length in tty_find_polling_driver()
        - powerpc/nohash: fix undefined behaviour when testing page size support
        - drm/omap: fix memory barrier bug in DMM driver
        - media: pci: cx23885: handle adding to list failure
        - MIPS: kexec: Mark CPU offline before disabling local IRQ
        - powerpc/boot: Ensure _zimage_start is a weak symbol
        - sc16is7xx: Fix for multi-channel stall
        - media: tvp5150: fix width alignment during set_selection()
        - 9p locks: fix glock.client_id leak in do_lock
        - 9p: clear dangling pointers in p9stat_free
        - scsi: qla2xxx: Fix incorrect port speed being set for FC adapters
        - fuse: Fix use-after-free in fuse_dev_do_read()
        - fuse: Fix use-after-free in fuse_dev_do_write()
        - fuse: fix blocked_waitq wakeup
        - fuse: set FR_SENT while locked
        - mm, elf: handle vm_brk error
        - binfmt_elf: fix calculations for bss padding
        - mm: refuse wrapped vm_brk requests
        - fs, elf: make sure to page align bss in load_elf_library
        - mm: do not bug_on on incorrect length in __mm_populate()
        - e1000: avoid null pointer dereference on invalid stat type
        - e1000: fix race condition between e1000_down() and e1000_watchdog
        - bna: ethtool: Avoid reading past end of buffer
        - MIPS: Loongson-3: Fix CPU UART irq delivery problem
        - MIPS: Loongson-3: Fix BRIDGE irq delivery problem
        - xtensa: add NOTES section to the linker script
        - xtensa: make sure bFLT stack is 16 byte aligned
        - xtensa: fix boot parameters address translation
        - clk: s2mps11: Fix matching when built as module and DT node contains
          compatible
        - libceph: bump CEPH_MSG_MAX_DATA_LEN
        - mach64: fix display corruption on big endian machines
        - mach64: fix image corruption due to reading accelerator registers
        - vhost/scsi: truncate T10 PI iov_iter to prot_bytes
        - ocfs2: fix a misuse a of brelse after failing ocfs2_check_dir_entry
        - mm: thp: relax __GFP_THISNODE for MADV_HUGEPAGE mappings
        - mtd: docg3: don't set conflicting BCH_CONST_PARAMS option
        - termios, tty/tty_baudrate.c: fix buffer overrun
        - arch/alpha, termios: implement BOTHER, IBSHIFT and termios2
        - Btrfs: fix data corruption due to cloning of eof block
        - clockevents/drivers/i8253: Add support for PIT shutdown quirk
        - ext4: add missing brelse() update_backups()'s error path
        - ext4: add missing brelse() in set_flexbg_block_bitmap()'s error path
        - ext4: add missing brelse() add_new_gdb_meta_bg()'s error path
        - ext4: avoid potential extra brelse in setup_new_flex_group_blocks()
        - ext4: fix possible inode leak in the retry loop of ext4_resize_fs()
        - ext4: avoid buffer leak in ext4_orphan_add() after prior errors
        - ext4: fix missing cleanup if ext4_alloc_flex_bg_array() fails while resizing
        - ext4: avoid possible double brelse() in add_new_gdb() on error path
        - ext4: fix possible leak of sbi->s_group_desc_leak in error path
        - ext4: release bs.bh before re-using in ext4_xattr_block_find()
        - ext4: fix buffer leak in ext4_xattr_move_to_block() on error path
        - ext4: fix buffer leak in __ext4_read_dirblock() on error path
        - mount: Prevent MNT_DETACH from disconnecting locked mounts
        - sunrpc: correct the computation for page_ptr when truncating
        - rtc: hctosys: Add missing range error reporting
        - fuse: fix leaked notify reply
        - configfs: replace strncpy with memcpy
        - hugetlbfs: fix kernel BUG at fs/hugetlbfs/inode.c:444!
        - mm: migration: fix migration of huge PMD shared pages
        - drm/rockchip: Allow driver to be shutdown on reboot/kexec
        - drm/dp_mst: Check if primary mstb is null
        - drm/i915/hdmi: Add HDMI 2.0 audio clock recovery N values
        - Linux 4.4.164
    
      * Xenial update: 4.4.163 upstream stable release (LP: #1810807)
        - xfrm: Validate address prefix lengths in the xfrm selector.
        - xfrm6: call kfree_skb when skb is toobig
        - mac80211: Always report TX status
        - cfg80211: reg: Init wiphy_idx in regulatory_hint_core()
        - ARM: 8799/1: mm: fix pci_ioremap_io() offset check
        - xfrm: validate template mode
        - mac80211_hwsim: do not omit multicast announce of first added radio
        - Bluetooth: SMP: fix crash in unpairing
        - pxa168fb: prepare the clock
        - asix: Check for supported Wake-on-LAN modes
        - ax88179_178a: Check for supported Wake-on-LAN modes
        - lan78xx: Check for supported Wake-on-LAN modes
        - sr9800: Check for supported Wake-on-LAN modes
        - r8152: Check for supported Wake-on-LAN Modes
        - smsc75xx: Check for Wake-on-LAN modes
        - smsc95xx: Check for Wake-on-LAN modes
        - perf/ring_buffer: Prevent concurent ring buffer access
        - net: cxgb3_main: fix a missing-check bug
        - KEYS: put keyring if install_session_keyring_to_cred() fails
        - ipv6: suppress sparse warnings in IP6_ECN_set_ce()
        - net: drop write-only stack variable
        - ser_gigaset: use container_of() instead of detour
        - tracing: Skip more functions when doing stack tracing of events
        - ARM: dts: apq8064: add ahci ports-implemented mask
        - x86/mm/pat: Prevent hang during boot when mapping pages
        - radix-tree: fix radix_tree_iter_retry() for tagged iterators.
        - af_iucv: Move sockaddr length checks to before accessing sa_family in bind
          and connect handlers
        - net/mlx4_en: Resolve dividing by zero in 32-bit system
        - ipv6: orphan skbs in reassembly unit
        - um: Avoid longjmp/setjmp symbol clashes with libpthread.a
        - sched/cgroup: Fix cgroup entity load tracking tear-down
        - btrfs: don't create or leak aliased root while cleaning up orphans
        - thermal: allow spear-thermal driver to be a module
        - thermal: allow u8500-thermal driver to be a module
        - x86/PCI: Mark Broadwell-EP Home Agent 1 as having non-compliant BARs
        - aacraid: Start adapter after updating number of MSIX vectors
        - perf/core: Don't leak event in the syscall error path
        - usbvision: revert commit 588afcc1
        - MIPS: Fix FCSR Cause bit handling for correct SIGFPE issue
        - ASoC: ak4613: Enable cache usage to fix crashes on resume
        - ASoC: wm8940: Enable cache usage to fix crashes on resume
        - CIFS: handle guest access errors to Windows shares
        - arm64: Fix potential race with hardware DBM in ptep_set_access_flags()
        - xfrm: Clear sk_dst_cache when applying per-socket policy.
        - scsi: Add STARGET_CREATED_REMOVE state to scsi_target_state
        - sparc/pci: Refactor dev_archdata initialization into pci_init_dev_archdata
        - sch_red: update backlog as well
        - usb-storage: fix bogus hardware error messages for ATA pass-thru devices
        - bpf: generally move prog destruction to RCU deferral
        - drm/nouveau/fbcon: fix oops without fbdev emulation
        - fuse: Dont call set_page_dirty_lock() for ITER_BVEC pages for async_dio
        - net/mlx5e: Fix LRO modify
        - net/mlx5e: Correctly handle RSS indirection table when changing number of
          channels
        - ALSA: timer: Fix zero-division by continue of uninitialized instance
        - vti6: flush x-netns xfrm cache when vti interface is removed
        - brcmfmac: Fix glom_skb leak in brcmf_sdiod_recv_chain
        - l2tp: hold socket before dropping lock in l2tp_ip{, 6}_recv()
        - tty: serial: sprd: fix error return code in sprd_probe()
        - video: fbdev: pxa3xx_gcu: fix error return code in pxa3xx_gcu_probe()
        - sparc64 mm: Fix more TSB sizing issues
        - gpu: host1x: fix error return code in host1x_probe()
        - sparc64: Fix exception handling in UltraSPARC-III memcpy.
        - gpio: msic: fix error return code in platform_msic_gpio_probe()
        - usb: imx21-hcd: fix error return code in imx21_probe()
        - usb: ehci-omap: fix error return code in ehci_hcd_omap_probe()
        - usb: dwc3: omap: fix error return code in dwc3_omap_probe()
        - spi/bcm63xx-hspi: fix error return code in bcm63xx_hsspi_probe()
        - MIPS: Handle non word sized instructions when examining frame
        - spi/bcm63xx: fix error return code in bcm63xx_spi_probe()
        - spi: xlp: fix error return code in xlp_spi_probe()
        - ASoC: spear: fix error return code in spdif_in_probe()
        - PM / devfreq: tegra: fix error return code in tegra_devfreq_probe()
        - bonding: avoid defaulting hard_header_len to ETH_HLEN on slave removal
        - scsi: aacraid: Fix typo in blink status
        - MIPS: microMIPS: Fix decoding of swsp16 instruction
        - igb: Remove superfluous reset to PHY and page 0 selection
        - MIPS: DEC: Fix an int-handler.S CPU_DADDI_WORKAROUNDS regression
        - ARM: dts: imx53-qsb: disable 1.2GHz OPP
        - fs/fat/fatent.c: add cond_resched() to fat_count_free_clusters()
        - mtd: spi-nor: Add support for is25wp series chips
        - perf tools: Disable parallelism for 'make clean'
        - bridge: do not add port to router list when receives query with source
          0.0.0.0
        - net: bridge: remove ipv6 zero address check in mcast queries
        - ipv6: mcast: fix a use-after-free in inet6_mc_check
        - ipv6/ndisc: Preserve IPv6 control buffer if protocol error handlers are
          called
        - net/ipv6: Fix index counter for unicast addresses in in6_dump_addrs
        - net: sched: gred: pass the right attribute to gred_change_table_def()
        - net: socket: fix a missing-check bug
        - net: stmmac: Fix stmmac_mdio_reset() when building stmmac as modules
        - r8169: fix NAPI handling under high load
        - sctp: fix race on sctp_id2asoc
        - net: drop skb on failure in ip_check_defrag()
        - vhost: Fix Spectre V1 vulnerability
        - rtnetlink: Disallow FDB configuration for non-Ethernet device
        - mremap: properly flush TLB before releasing the page
        - crypto: shash - Fix a sleep-in-atomic bug in shash_setkey_unaligned
        - ahci: don't ignore result code of ahci_reset_controller()
        - cachefiles: fix the race between cachefiles_bury_object() and rmdir(2)
        - ptp: fix Spectre v1 vulnerability
        - RDMA/ucma: Fix Spectre v1 vulnerability
        - IB/ucm: Fix Spectre v1 vulnerability
        - cdc-acm: correct counting of UART states in serial state notification
        - usb: gadget: storage: Fix Spectre v1 vulnerability
        - USB: fix the usbfs flag sanitization for control transfers
        - Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15IGM
        - sched/fair: Fix throttle_list starvation with low CFS quota
        - x86/percpu: Fix this_cpu_read()
        - cpuidle: Do not access cpuidle_devices when !CONFIG_CPU_IDLE
        - l2tp: hold tunnel socket when handling control frames in l2tp_ip and
          l2tp_ip6
        - x86/time: Correct the attribute on jiffies' definition
        - Linux 4.4.163
    
      * nvme - Polling on timeout (LP: #1807393)
        - nvme/pci: Poll CQ on timeout
    
      * Xenial: data corruption when using i40e with iommu (LP: #1802421)
        - i40e: Drop packet split receive routine
    
      * Fix Intel I210 doesn't work when ethernet cable gets plugged (LP: #1806818)
        - igb: Fix an issue that PME is not enabled during runtime suspend
    
     -- Kleber Sacilotto de Souza <email address hidden>  Wed, 16 Jan 2019 17:35:06 +0100
  • linux (4.4.0-141.167) xenial; urgency=medium
    
      * linux: 4.4.0-141.167 -proposed tracker (LP: #1806569)
    
      *  Redpine: firmware assert upon assoc   timeout (LP: #1804360)
        - SAUCE: Redpine: fix for firmware assert upon assoc timeout
    
      * CVE-2018-12896
        - posix-timers: Sanitize overrun handling
    
      * CVE-2017-5753
        - ALSA: opl3: Hardening for potential Spectre v1
        - ALSA: asihpi: Hardening for potential Spectre v1
        - ALSA: hdspm: Hardening for potential Spectre v1
        - ALSA: rme9652: Hardening for potential Spectre v1
        - ALSA: control: Hardening for potential Spectre v1
        - usbip: vhci_sysfs: fix potential Spectre v1
        - libahci: Fix possible Spectre-v1 pmp indexing in ahci_led_store()
    
      * CVE-2018-18710
        - cdrom: fix improper type cast, which can leat to information leak.
    
      * CVE-2018-18690
        - xfs: don't fail when converting shortform attr to long form during
          ATTR_REPLACE
    
      * CVE-2017-18174
        - pinctrl: Add devm_ apis for pinctrl_{register, unregister}
        - pinctrl: amd: Use devm_pinctrl_register() for pinctrl registration
    
     -- Khalid Elmously <email address hidden>  Wed, 05 Dec 2018 06:11:33 +0000
  • linux (4.4.0-140.166) xenial; urgency=medium
    
      * linux: 4.4.0-140.166 -proposed tracker (LP: #1802776)
    
      * Bypass of mount visibility through userns + mount propagation (LP: #1789161)
        - mount: Retest MNT_LOCKED in do_umount
        - mount: Don't allow copying MNT_UNBINDABLE|MNT_LOCKED mounts
    
      * kdump fail due to an IRQ storm (LP: #1797990)
        - SAUCE: x86/PCI: Export find_cap() to be used in early PCI code
        - SAUCE: x86/quirks: Add parameter to clear MSIs early on boot
        - SAUCE: x86/quirks: Scan all busses for early PCI quirks
    
      * crash in ENA driver on removing an interface (LP: #1802341)
        - SAUCE: net: ena: fix crash during ena_remove()
    
      * xenial guest on arm64 drops to busybox under openstack bionic-rocky
        (LP: #1797092)
        - [Config] CONFIG_PCI_ECAM=y
        - PCI: Provide common functions for ECAM mapping
        - PCI: generic, thunder: Use generic ECAM API
        - PCI, of: Move PCI I/O space management to PCI core code
        - PCI: Move ecam.h to linux/include/pci-ecam.h
        - PCI: Add parent device field to ECAM struct pci_config_window
        - PCI: Add pci_unmap_iospace() to unmap I/O resources
        - PCI/ACPI: Support I/O resources when parsing host bridge resources
        - [Config] CONFIG_ACPI_MCFG=y
        - PCI/ACPI: Add generic MCFG table handling
        - PCI: Refactor pci_bus_assign_domain_nr() for CONFIG_PCI_DOMAINS_GENERIC
        - PCI: Factor DT-specific pci_bus_find_domain_nr() code out
        - ARM64: PCI: Add acpi_pci_bus_find_domain_nr()
        - ARM64: PCI: ACPI support for legacy IRQs parsing and consolidation with DT
          code
        - ARM64: PCI: Support ACPI-based PCI host controller
    
      * [GLK/CLX] Enhanced IBRS (LP: #1786139)
        - x86/speculation: Remove SPECTRE_V2_IBRS in enum spectre_v2_mitigation
        - x86/speculation: Support Enhanced IBRS on future CPUs
    
      * Update ENA driver to version 2.0.1K (LP: #1798182)
        - net: ena: remove ndo_poll_controller
        - net: ena: fix warning in rmmod caused by double iounmap
        - net: ena: fix rare bug when failed restart/resume is followed by driver
          removal
        - net: ena: fix NULL dereference due to untimely napi initialization
        - net: ena: fix auto casting to boolean
        - net: ena: minor performance improvement
        - net: ena: complete host info to match latest ENA spec
        - net: ena: introduce Low Latency Queues data structures according to ENA spec
        - net: ena: add functions for handling Low Latency Queues in ena_com
        - net: ena: add functions for handling Low Latency Queues in ena_netdev
        - net: ena: use CSUM_CHECKED device indication to report skb's checksum status
        - net: ena: explicit casting and initialization, and clearer error handling
        - net: ena: limit refill Rx threshold to 256 to avoid latency issues
        - net: ena: change rx copybreak default to reduce kernel memory pressure
        - net: ena: remove redundant parameter in ena_com_admin_init()
        - net: ena: update driver version to 2.0.1
        - net: ena: fix indentations in ena_defs for better readability
        - net: ena: Fix Kconfig dependency on X86
        - net: ena: enable Low Latency Queues
        - net: ena: fix compilation error in xtensa architecture
    
      * Xenial update: 4.4.162 upstream stable release (LP: #1801900)
        - ASoC: wm8804: Add ACPI support
        - ASoC: sigmadsp: safeload should not have lower byte limit
        - selftests/efivarfs: add required kernel configs
        - mfd: omap-usb-host: Fix dts probe of children
        - sound: enable interrupt after dma buffer initialization
        - stmmac: fix valid numbers of unicast filter entries
        - net: macb: disable scatter-gather for macb on sama5d3
        - ARM: dts: at91: add new compatibility string for macb on sama5d3
        - drm/amdgpu: Fix SDMA HQD destroy error on gfx_v7
        - ext4: add corruption check in ext4_xattr_set_entry()
        - mm/vmstat.c: fix outdated vmstat_text
        - mach64: detect the dot clock divider correctly on sparc
        - perf script python: Fix export-to-postgresql.py occasional failure
        - i2c: i2c-scmi: fix for i2c_smbus_write_block_data
        - xhci: Don't print a warning when setting link state for disabled ports
        - jffs2: return -ERANGE when xattr buffer is too small
        - bnxt_en: Fix TX timeout during netpoll.
        - bonding: avoid possible dead-lock
        - ip6_tunnel: be careful when accessing the inner header
        - ip_tunnel: be careful when accessing the inner header
        - ipv4: fix use-after-free in ip_cmsg_recv_dstaddr()
        - net: ipv4: update fnhe_pmtu when first hop's MTU changes
        - net/ipv6: Display all addresses in output of /proc/net/if_inet6
        - netlabel: check for IPV4MASK in addrinfo_get
        - net/usb: cancel pending work when unbinding smsc75xx
        - qlcnic: fix Tx descriptor corruption on 82xx devices
        - team: Forbid enslaving team device to itself
        - net: mvpp2: Extract the correct ethtype from the skb for tx csum offload
        - net: systemport: Fix wake-up interrupt race during resume
        - rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to 4096
        - KVM: x86: remove eager_fpu field of struct kvm_vcpu_arch
        - x86/fpu: Remove use_eager_fpu()
        - x86/fpu: Remove struct fpu::counter
        - x86/fpu: Finish excising 'eagerfpu'
        - media: af9035: prevent buffer overflow on write
        - clocksource/drivers/ti-32k: Add CLOCK_SOURCE_SUSPEND_NONSTOP flag for non-
          am43 SoCs
        - Input: atakbd - fix Atari keymap
        - Input: atakbd - fix Atari CapsLock behaviour
        - net/mlx4: Use cpumask_available for eq->affinity_mask
        - powerpc/tm: Fix userspace r13 corruption
        - powerpc/tm: Avoid possible userspace r1 corruption on reclaim
        - ARC: build: Get rid of toolchain check
        - usb: gadget: serial: fix oops when data rx'd after close
        - HV: properly delay KVP packets when negotiation is in progress
        - Linux 4.4.162
    
      * Xenial update: 4.4.161 upstream stable release (LP: #1801893)
        - mm/vmstat.c: skip NR_TLB_REMOTE_FLUSH* properly
        - fbdev/omapfb: fix omapfb_memory_read infoleak
        - x86/vdso: Fix asm constraints on vDSO syscall fallbacks
        - x86/vdso: Fix vDSO syscall fallback asm constraint regression
        - PCI: Reprogram bridge prefetch registers on resume
        - mac80211: fix setting IEEE80211_KEY_FLAG_RX_MGMT for AP mode keys
        - PM / core: Clear the direct_complete flag on errors
        - dm cache: fix resize crash if user doesn't reload cache table
        - xhci: Add missing CAS workaround for Intel Sunrise Point xHCI
        - USB: serial: simple: add Motorola Tetra MTP6550 id
        - of: unittest: Disable interrupt node tests for old world MAC systems
        - ext4: always verify the magic number in xattr blocks
        - cgroup: Fix deadlock in cpu hotplug path
        - ath10k: fix use-after-free in ath10k_wmi_cmd_send_nowait
        - ARC: clone syscall to setp r25 as thread pointer
        - ucma: fix a use-after-free in ucma_resolve_ip()
        - ubifs: Check for name being NULL while mounting
        - tcp: increment sk_drops for dropped rx packets
        - tcp: use an RB tree for ooo receive queue
        - tcp: fix a stale ooo_last_skb after a replace
        - tcp: free batches of packets in tcp_prune_ofo_queue()
        - tcp: call tcp_drop() from tcp_data_queue_ofo()
        - tcp: add tcp_ooo_try_coalesce() helper
        - ath10k: fix scan crash due to incorrect length calculation
        - ebtables: arpreply: Add the standard target sanity check
        - Linux 4.4.161
    
      * mlock203 test in ubuntu_ltp_syscalls failed with Xenial kernel
        (LP: #1793451)
        - mm: mlock: avoid increase mm->locked_vm on mlock() when already mlock2(,
          MLOCK_ONFAULT)
    
      * execveat03 in ubuntu_ltp_syscalls failed on X/B (LP: #1786729)
        - cap_inode_getsecurity: use d_find_any_alias() instead of d_find_alias()
    
      * [Ubuntu] net/af_iucv: fix skb leaks for HiperTransport (LP: #1800639)
        - net/af_iucv: drop inbound packets with invalid flags
        - net/af_iucv: fix skb handling on HiperTransport xmit error
    
      * NULL pointer dereference at 0000000000000020 when access
        dst_orig->ops->family in function  xfrm_lookup_with_ifid() (LP: #1801878)
        - xfrm: Fix NULL pointer dereference when skb_dst_force clears the dst_entry.
    
      * [Ubuntu] qeth: Fix potential array overrun in cmd/rc lookup (LP: #1800641)
        - s390: qeth_core_mpc: Use ARRAY_SIZE instead of reimplementing its function
        - s390: qeth: Fix potential array overrun in cmd/rc lookup
    
      * Packaging resync (LP: #1786013)
        - [Package] add support for specifying the primary makefile
    
     -- Khalid Elmously <email address hidden>  Tue, 13 Nov 2018 16:55:46 -0500
  • linux (4.4.0-139.165) xenial; urgency=medium
    
      * linux: 4.4.0-139.165 -proposed tracker (LP: #1799401)
    
      * Kernel panic after the ubuntu_nbd_smoke_test on Xenial kernel (LP: #1793464)
        - nbd: Remove signal usage
        - nbd: Timeouts are not user requested disconnects
        - nbd: Cleanup reset of nbd and bdev after a disconnect
        - nbd: don't shutdown sock with irq's disabled
        - nbd: fix race in ioctl
    
      * fscache: bad refcounting in fscache_op_complete leads to OOPS (LP: #1797314)
        - SAUCE: fscache: Fix race in decrementing refcount of op->npages
    
      * xenial: virtio-scsi: CPU soft lockup due to loop in
        virtscsi_target_destroy() (LP: #1798110)
        - SAUCE: (no-up) virtio-scsi: Decrement reqs counter before SCSI command
          requeue
    
      * Error reported when creating ZFS pool with "-t" option, despite successful
        pool creation (LP: #1769937)
        - SAUCE: (noup) Update zfs to 0.6.5.6-0ubuntu26
    
      * Xenial update: 4.4.160 upstream stable release (LP: #1798770)
        - crypto: skcipher - Fix -Wstringop-truncation warnings
        - tsl2550: fix lux1_input error in low light
        - vmci: type promotion bug in qp_host_get_user_memory()
        - x86/numa_emulation: Fix emulated-to-physical node mapping
        - staging: rts5208: fix missing error check on call to rtsx_write_register
        - uwb: hwa-rc: fix memory leak at probe
        - power: vexpress: fix corruption in notifier registration
        - Bluetooth: Add a new Realtek 8723DE ID 0bda:b009
        - USB: serial: kobil_sct: fix modem-status error handling
        - 6lowpan: iphc: reset mac_header after decompress to fix panic
        - md-cluster: clear another node's suspend_area after the copy is finished
        - media: exynos4-is: Prevent NULL pointer dereference in __isp_video_try_fmt()
        - powerpc/kdump: Handle crashkernel memory reservation failure
        - media: fsl-viu: fix error handling in viu_of_probe()
        - x86/tsc: Add missing header to tsc_msr.c
        - x86/entry/64: Add two more instruction suffixes
        - scsi: target/iscsi: Make iscsit_ta_authentication() respect the output
          buffer size
        - scsi: klist: Make it safe to use klists in atomic context
        - scsi: ibmvscsi: Improve strings handling
        - usb: wusbcore: security: cast sizeof to int for comparison
        - powerpc/powernv/ioda2: Reduce upper limit for DMA window size
        - alarmtimer: Prevent overflow for relative nanosleep
        - s390/extmem: fix gcc 8 stringop-overflow warning
        - ALSA: snd-aoa: add of_node_put() in error path
        - media: s3c-camif: ignore -ENOIOCTLCMD from v4l2_subdev_call for s_power
        - media: soc_camera: ov772x: correct setting of banding filter
        - media: omap3isp: zero-initialize the isp cam_xclk{a,b} initial data
        - staging: android: ashmem: Fix mmap size validation
        - drivers/tty: add error handling for pcmcia_loop_config
        - media: tm6000: add error handling for dvb_register_adapter
        - ALSA: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge
        - ath10k: protect ath10k_htt_rx_ring_free with rx_ring.lock
        - rndis_wlan: potential buffer overflow in rndis_wlan_auth_indication()
        - wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout()
        - ARM: mvebu: declare asm symbols as character arrays in pmsu.c
        - HID: hid-ntrig: add error handling for sysfs_create_group
        - scsi: bnx2i: add error handling for ioremap_nocache
        - EDAC, i7core: Fix memleaks and use-after-free on probe and remove
        - ASoC: dapm: Fix potential DAI widget pointer deref when linking DAIs
        - module: exclude SHN_UNDEF symbols from kallsyms api
        - nfsd: fix corrupted reply to badly ordered compound
        - ARM: dts: dra7: fix DCAN node addresses
        - serial: cpm_uart: return immediately from console poll
        - spi: tegra20-slink: explicitly enable/disable clock
        - spi: sh-msiof: Fix invalid SPI use during system suspend
        - spi: sh-msiof: Fix handling of write value for SISTR register
        - spi: rspi: Fix invalid SPI use during system suspend
        - spi: rspi: Fix interrupted DMA transfers
        - USB: fix error handling in usb_driver_claim_interface()
        - USB: handle NULL config in usb_find_alt_setting()
        - slub: make ->cpu_partial unsigned int
        - Revert "UBUNTU: SAUCE: media: uvcvideo: Support realtek's UVC 1.5 device"
        - media: uvcvideo: Support realtek's UVC 1.5 device
        - USB: usbdevfs: sanitize flags more
        - USB: usbdevfs: restore warning for nonsensical flags
        - Revert "usb: cdc-wdm: Fix a sleep-in-atomic-context bug in
          service_outstanding_interrupt()"
        - USB: remove LPM management from usb_driver_claim_interface()
        - Input: elantech - enable middle button of touchpad on ThinkPad P72
        - IB/srp: Avoid that sg_reset -d ${srp_device} triggers an infinite loop
        - scsi: target: iscsi: Use bin2hex instead of a re-implementation
        - serial: imx: restore handshaking irq for imx1
        - arm64: KVM: Tighten guest core register access from userspace
        - ext4: never move the system.data xattr out of the inode body
        - thermal: of-thermal: disable passive polling when thermal zone is disabled
        - net: hns: fix length and page_offset overflow when CONFIG_ARM64_64K_PAGES
        - e1000: check on netif_running() before calling e1000_up()
        - e1000: ensure to free old tx/rx rings in set_ringparam()
        - hwmon: (ina2xx) fix sysfs shunt resistor read access
        - hwmon: (adt7475) Make adt7475_read_word() return errors
        - i2c: i801: Allow ACPI AML access I/O ports not reserved for SMBus
        - arm64: cpufeature: Track 32bit EL0 support
        - arm64: KVM: Sanitize PSTATE.M when being set from userspace
        - media: v4l: event: Prevent freeing event subscriptions while accessed
        - KVM: PPC: Book3S HV: Don't truncate HPTE index in xlate function
        - mac80211: correct use of IEEE80211_VHT_CAP_RXSTBC_X
        - mac80211_hwsim: correct use of IEEE80211_VHT_CAP_RXSTBC_X
        - gpio: adp5588: Fix sleep-in-atomic-context bug
        - mac80211: mesh: fix HWMP sequence numbering to follow standard
        - cfg80211: nl80211_update_ft_ies() to validate NL80211_ATTR_IE
        - RAID10 BUG_ON in raise_barrier when force is true and conf->barrier is 0
        - i2c: uniphier: issue STOP only for last message or I2C_M_STOP
        - i2c: uniphier-f: issue STOP only for last message or I2C_M_STOP
        - net: cadence: Fix a sleep-in-atomic-context bug in macb_halt_tx()
        - fs/cifs: don't translate SFM_SLASH (U+F026) to backslash
        - cfg80211: fix a type issue in ieee80211_chandef_to_operating_class()
        - mac80211: fix a race between restart and CSA flows
        - mac80211: Fix station bandwidth setting after channel switch
        - mac80211: shorten the IBSS debug messages
        - tools/vm/slabinfo.c: fix sign-compare warning
        - tools/vm/page-types.c: fix "defined but not used" warning
        - mm: madvise(MADV_DODUMP): allow hugetlbfs pages
        - usb: gadget: fotg210-udc: Fix memory leak of fotg210->ep[i]
        - perf probe powerpc: Ignore SyS symbols irrespective of endianness
        - RDMA/ucma: check fd type in ucma_migrate_id()
        - USB: yurex: Check for truncation in yurex_read()
        - drm/nouveau/TBDdevinit: don't fail when PMU/PRE_OS is missing from VBIOS
        - fs/cifs: suppress a string overflow warning
        - dm thin metadata: try to avoid ever aborting transactions
        - arch/hexagon: fix kernel/dma.c build warning
        - hexagon: modify ffs() and fls() to return int
        - arm64: jump_label.h: use asm_volatile_goto macro instead of "asm goto"
        - r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED
        - s390/qeth: don't dump past end of unknown HW header
        - cifs: read overflow in is_valid_oplock_break()
        - xen/manage: don't complain about an empty value in control/sysrq node
        - xen: avoid crash in disable_hotplug_cpu
        - xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage
        - smb2: fix missing files in root share directory listing
        - crypto: mxs-dcp - Fix wait logic on chan threads
        - proc: restrict kernel stack dumps to root
        - ocfs2: fix locking for res->tracking and dlm->tracking_list
        - dm thin metadata: fix __udivdi3 undefined on 32-bit
        - Linux 4.4.160
    
      * Volume control not working Dell XPS 27 (7760) (LP: #1775068) // Xenial
        update: 4.4.160 upstream stable release (LP: #1798770)
        - ALSA: hda/realtek - Cannot adjust speaker's volume on Dell XPS 27 7760
    
      * Xenial update: 4.4.160 upstream stable release (LP: #1798770) //
        CVE-2018-7755
        - floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl
    
      * Xenial update: 4.4.159 upstream stable release (LP: #1798617)
        - NFC: Fix possible memory corruption when handling SHDLC I-Frame commands
        - NFC: Fix the number of pipes
        - ASoC: cs4265: fix MMTLR Data switch control
        - ALSA: bebob: use address returned by kmalloc() instead of kernel stack for
          streaming DMA mapping
        - ALSA: emu10k1: fix possible info leak to userspace on
          SNDRV_EMU10K1_IOCTL_INFO
        - platform/x86: alienware-wmi: Correct a memory leak
        - xen/netfront: don't bug in case of too many frags
        - xen/x86/vpmu: Zero struct pt_regs before calling into sample handling code
        - ring-buffer: Allow for rescheduling when removing pages
        - mm: shmem.c: Correctly annotate new inodes for lockdep
        - gso_segment: Reset skb->mac_len after modifying network header
        - ipv6: fix possible use-after-free in ip6_xmit()
        - net/appletalk: fix minor pointer leak to userspace in SIOCFINDIPDDPRT
        - net: hp100: fix always-true check for link up state
        - neighbour: confirm neigh entries when ARP packet is received
        - ocfs2: fix ocfs2 read block panic
        - drm/nouveau/drm/nouveau: Use pm_runtime_get_noresume() in connector_detect()
        - tty: vt_ioctl: fix potential Spectre v1
        - ext4: avoid divide by zero fault when deleting corrupted inline directories
        - ext4: recalucate superblock checksum after updating free blocks/inodes
        - ext4: fix online resize's handling of a too-small final block group
        - ext4: fix online resizing for bigalloc file systems with a 1k block size
        - ext4: don't mark mmp buffer head dirty
        - arm64: Add trace_hardirqs_off annotation in ret_to_user
        - HID: sony: Update device ids
        - HID: sony: Support DS4 dongle
        - iw_cxgb4: only allow 1 flush on user qps
        - Linux 4.4.159
    
      * Xenial update: 4.4.158 upstream stable release (LP: #1798587)
        - iommu/arm-smmu-v3: sync the OVACKFLG to PRIQ consumer register
        - ALSA: msnd: Fix the default sample sizes
        - ALSA: usb-audio: Fix multiple definitions in AU0828_DEVICE() macro
        - xfrm: fix 'passing zero to ERR_PTR()' warning
        - gfs2: Special-case rindex for gfs2_grow
        - clk: imx6ul: fix missing of_node_put()
        - kbuild: add .DELETE_ON_ERROR special target
        - dmaengine: pl330: fix irq race with terminate_all
        - MIPS: ath79: fix system restart
        - media: videobuf2-core: check for q->error in vb2_core_qbuf()
        - mtd/maps: fix solutionengine.c printk format warnings
        - fbdev: omapfb: off by one in omapfb_register_client()
        - video: goldfishfb: fix memory leak on driver remove
        - fbdev/via: fix defined but not used warning
        - perf powerpc: Fix callchain ip filtering when return address is in a
          register
        - fbdev: Distinguish between interlaced and progressive modes
        - ARM: exynos: Clear global variable on init error path
        - perf powerpc: Fix callchain ip filtering
        - powerpc/powernv: opal_put_chars partial write fix
        - MIPS: jz4740: Bump zload address
        - mac80211: restrict delayed tailroom needed decrement
        - xen-netfront: fix queue name setting
        - arm64: dts: qcom: db410c: Fix Bluetooth LED trigger
        - s390/qeth: fix race in used-buffer accounting
        - s390/qeth: reset layer2 attribute on layer switch
        - platform/x86: toshiba_acpi: Fix defined but not used build warnings
        - crypto: sharah - Unregister correct algorithms for SAHARA 3
        - xen-netfront: fix warn message as irq device name has '/'
        - RDMA/cma: Protect cma dev list with lock
        - pstore: Fix incorrect persistent ram buffer mapping
        - xen/netfront: fix waiting for xenbus state change
        - IB/ipoib: Avoid a race condition between start_xmit and cm_rep_handler
        - Tools: hv: Fix a bug in the key delete code
        - misc: hmc6352: fix potential Spectre v1
        - usb: Don't die twice if PCI xhci host is not responding in resume
        - USB: Add quirk to support DJI CineSSD
        - usb: Avoid use-after-free by flushing endpoints early in usb_set_interface()
        - usb: host: u132-hcd: Fix a sleep-in-atomic-context bug in u132_get_frame()
        - USB: add quirk for WORLDE Controller KS49 or Prodipe MIDI 49C USB controller
        - USB: net2280: Fix erroneous synchronization change
        - USB: serial: io_ti: fix array underflow in completion handler
        - usb: misc: uss720: Fix two sleep-in-atomic-context bugs
        - USB: yurex: Fix buffer over-read in yurex_write()
        - usb: cdc-wdm: Fix a sleep-in-atomic-context bug in
          service_outstanding_interrupt()
        - cifs: prevent integer overflow in nxt_dir_entry()
        - CIFS: fix wrapping bugs in num_entries()
        - binfmt_elf: Respect error return from `regset->active'
        - audit: fix use-after-free in audit_add_watch
        - mtdchar: fix overflows in adjustment of `count`
        - MIPS: loongson64: cs5536: Fix PCI_OHCI_INT_REG reads
        - ARM: hisi: handle of_iomap and fix missing of_node_put
        - ARM: hisi: fix error handling and missing of_node_put
        - ARM: hisi: check of_iomap and fix missing of_node_put
        - drm/nouveau: tegra: Detach from ARM DMA/IOMMU mapping
        - parport: sunbpp: fix error return code
        - coresight: Handle errors in finding input/output ports
        - coresight: tpiu: Fix disabling timeouts
        - gpiolib: Mark gpio_suffixes array with __maybe_unused
        - drm/amdkfd: Fix error codes in kfd_get_process
        - rtc: bq4802: add error handling for devm_ioremap
        - ALSA: pcm: Fix snd_interval_refine first/last with open min/max
        - selftest: timers: Tweak raw_skew to SKIP when ADJ_OFFSET/other clock
          adjustments are in progress
        - drm/panel: type promotion bug in s6e8aa0_read_mtp_id()
        - pinctrl: qcom: spmi-gpio: Fix pmic_gpio_config_get() to be compliant
        - USB: serial: ti_usb_3410_5052: fix array underflow in completion handler
        - mei: bus: type promotion bug in mei_nfc_if_version()
        - drivers: net: cpsw: fix segfault in case of bad phy-handle
        - MIPS: VDSO: Match data page cache colouring when D$ aliases
        - Linux 4.4.158
    
      * Xenial update: 4.4.157 upstream stable release (LP: #1798539)
        - i2c: xiic: Make the start and the byte count write atomic
        - i2c: i801: fix DNV's SMBCTRL register offset
        - ALSA: hda - Fix cancel_work_sync() stall from jackpoll work
        - cfq: Give a chance for arming slice idle timer in case of group_idle
        - kthread: Fix use-after-free if kthread fork fails
        - kthread: fix boot hang (regression) on MIPS/OpenRISC
        - staging: rt5208: Fix a sleep-in-atomic bug in xd_copy_page
        - staging/rts5208: Fix read overflow in memcpy
        - block,blkcg: use __GFP_NOWARN for best-effort allocations in blkcg
        - locking/rwsem-xadd: Fix missed wakeup due to reordering of load
        - selinux: use GFP_NOWAIT in the AVC kmem_caches
        - locking/osq_lock: Fix osq_lock queue corruption
        - ARC: [plat-axs*]: Enable SWAP
        - misc: mic: SCIF Fix scif_get_new_port() error handling
        - ethtool: Remove trailing semicolon for static inline
        - gpio: tegra: Move driver registration to subsys_init level
        - scsi: target: fix __transport_register_session locking
        - md/raid5: fix data corruption of replacements after originals dropped
        - misc: ti-st: Fix memory leak in the error path of probe()
        - uio: potential double frees if __uio_register_device() fails
        - tty: rocket: Fix possible buffer overwrite on register_PCI
        - f2fs: do not set free of current section
        - perf tools: Allow overriding MAX_NR_CPUS at compile time
        - NFSv4.0 fix client reference leak in callback
        - macintosh/via-pmu: Add missing mmio accessors
        - ath10k: prevent active scans on potential unusable channels
        - MIPS: Fix ISA virt/bus conversion for non-zero PHYS_OFFSET
        - ata: libahci: Correct setting of DEVSLP register
        - scsi: 3ware: fix return 0 on the error path of probe
        - ath10k: disable bundle mgmt tx completion event support
        - Bluetooth: hidp: Fix handling of strncpy for hid->name information
        - x86/mm: Remove in_nmi() warning from vmalloc_fault()
        - gpio: ml-ioh: Fix buffer underwrite on probe error path
        - net: mvneta: fix mtu change on port without link
        - MIPS: Octeon: add missing of_node_put()
        - net: dcb: For wild-card lookups, use priority -1, not 0
        - Input: atmel_mxt_ts - only use first T9 instance
        - iommu/ipmmu-vmsa: Fix allocation in atomic context
        - mfd: ti_am335x_tscadc: Fix struct clk memory leak
        - f2fs: fix to do sanity check with {sit,nat}_ver_bitmap_bytesize
        - MIPS: WARN_ON invalid DMA cache maintenance, not BUG_ON
        - RDMA/cma: Do not ignore net namespace for unbound cm_id
        - xhci: Fix use-after-free in xhci_free_virt_device
        - vmw_balloon: include asm/io.h
        - netfilter: x_tables: avoid stack-out-of-bounds read in
          xt_copy_counters_from_user
        - drivers: net: cpsw: fix parsing of phy-handle DT property in dual_emac
          config
        - net: ethernet: ti: cpsw: fix mdio device reference leak
        - ethernet: ti: davinci_emac: add missing of_node_put after calling
          of_parse_phandle
        - crypto: vmx - Fix sleep-in-atomic bugs
        - mtd: ubi: wl: Fix error return code in ubi_wl_init()
        - autofs: fix autofs_sbi() does not check super block type
        - Linux 4.4.157
    
      * Xenial update: 4.4.156 upstream stable release (LP: #1797563)
        - staging: android: ion: fix ION_IOC_{MAP,SHARE} use-after-free
        - net: bcmgenet: use MAC link status for fixed phy
        - qlge: Fix netdev features configuration.
        - tcp: do not restart timewait timer on rst reception
        - vti6: remove !skb->ignore_df check from vti6_xmit()
        - cifs: check if SMB2 PDU size has been padded and suppress the warning
        - hfsplus: don't return 0 when fill_super() failed
        - hfs: prevent crash on exit from failed search
        - fork: don't copy inconsistent signal handler state to child
        - reiserfs: change j_timestamp type to time64_t
        - hfsplus: fix NULL dereference in hfsplus_lookup()
        - fat: validate ->i_start before using
        - scripts: modpost: check memory allocation results
        - mm/fadvise.c: fix signed overflow UBSAN complaint
        - fs/dcache.c: fix kmemcheck splat at take_dentry_name_snapshot()
        - ipvs: fix race between ip_vs_conn_new() and ip_vs_del_dest()
        - mfd: sm501: Set coherent_dma_mask when creating subdevices
        - platform/x86: asus-nb-wmi: Add keymap entry for lid flip action on UX360
        - irqchip/bcm7038-l1: Hide cpu offline callback when building for !SMP
        - net/9p: fix error path of p9_virtio_probe
        - powerpc: Fix size calculation using resource_size()
        - s390/dasd: fix hanging offline processing due to canceled worker
        - scsi: aic94xx: fix an error code in aic94xx_init()
        - PCI: mvebu: Fix I/O space end address calculation
        - dm kcopyd: avoid softlockup in run_complete_job
        - staging: comedi: ni_mio_common: fix subdevice flags for PFI subdevice
        - selftests/powerpc: Kill child processes on SIGINT
        - smb3: fix reset of bytes read and written stats
        - SMB3: Number of requests sent should be displayed for SMB3 not just CIFS
        - powerpc/pseries: Avoid using the size greater than RTAS_ERROR_LOG_MAX.
        - btrfs: replace: Reset on-disk dev stats value after replace
        - btrfs: relocation: Only remove reloc rb_trees if reloc control has been
          initialized
        - btrfs: Don't remove block group that still has pinned down bytes
        - debugobjects: Make stack check warning more informative
        - x86/pae: use 64 bit atomic xchg function in native_ptep_get_and_clear
        - kbuild: make missing $DEPMOD a Warning instead of an Error
        - Revert "ARM: imx_v6_v7_defconfig: Select ULPI support"
        - enic: do not call enic_change_mtu in enic_probe
        - Fixes: Commit cdbf92675fad ("mm: numa: avoid waiting on freed migrated
          pages")
        - genirq: Delay incrementing interrupt count if it's disabled/pending
        - irqchip/gic-v3-its: Recompute the number of pages on page size change
        - irqchip/gicv3-its: Fix memory leak in its_free_tables()
        - irqchip/gicv3-its: Avoid cache flush beyond ITS_BASERn memory size
        - irqchip/gic-v3: Add missing barrier to 32bit version of gic_read_iar()
        - irqchip/gic: Make interrupt ID 1020 invalid
        - ovl: rename is_merge to is_lowest
        - ovl: override creds with the ones from the superblock mounter
        - ovl: proper cleanup of workdir
        - sch_htb: fix crash on init failure
        - sch_multiq: fix double free on init failure
        - sch_hhf: fix null pointer dereference on init failure
        - sch_netem: avoid null pointer deref on init failure
        - sch_tbf: fix two null pointer dereferences on init failure
        - mei: me: allow runtime pm for platform with D0i3
        - ASoC: wm8994: Fix missing break in switch
        - btrfs: use correct compare function of dirty_metadata_bytes
        - Linux 4.4.156
    
     -- Kleber Sacilotto de Souza <email address hidden>  Wed, 24 Oct 2018 09:57:17 +0000
  • linux (4.4.0-138.164) xenial; urgency=medium
    
      * linux: 4.4.0-138.164 -proposed tracker (LP: #1795582)
    
      * Linux 4.4.155 stable release build is broken on ppc64 (LP: #1795662)
        - powerpc/fadump: Return error when fadump registration fails
    
      * Kernel hang on drive pull caused by regression introduced by commit
        287922eb0b18 (LP: #1791790)
        - block: Fix a race between blk_cleanup_queue() and timeout handling
    
      * qeth: use vzalloc for QUERY OAT buffer (LP: #1793086)
        - s390/qeth: use vzalloc for QUERY OAT buffer
    
      * Page leaking in cachefiles_read_backing_file while vmscan is active
        (LP: #1793430)
        - SAUCE: cachefiles: Page leaking in cachefiles_read_backing_file while vmscan
          is active
    
      * Bugfix for handling of shadow doorbell buffer (LP: #1788222)
        - nvme-pci: add a memory barrier to nvme_dbbuf_update_and_check_event
    
      * Xenial update to 4.4.155 stable release (LP: #1792419)
        - net: 6lowpan: fix reserved space for single frames
        - net: mac802154: tx: expand tailroom if necessary
        - 9p/net: Fix zero-copy path in the 9p virtio transport
        - net: lan78xx: Fix misplaced tasklet_schedule() call
        - spi: davinci: fix a NULL pointer dereference
        - drm/i915/userptr: reject zero user_size
        - powerpc/fadump: handle crash memory ranges array index overflow
        - powerpc/pseries: Fix endianness while restoring of r3 in MCE handler.
        - fs/9p/xattr.c: catch the error of p9_client_clunk when setting xattr failed
        - 9p/virtio: fix off-by-one error in sg list bounds check
        - net/9p/client.c: version pointer uninitialized
        - net/9p/trans_fd.c: fix race-condition by flushing workqueue before the
          kfree()
        - dm cache metadata: save in-core policy_hint_size to on-disk superblock
        - iio: ad9523: Fix displayed phase
        - iio: ad9523: Fix return value for ad952x_store()
        - vmw_balloon: fix inflation of 64-bit GFNs
        - vmw_balloon: do not use 2MB without batching
        - vmw_balloon: VMCI_DOORBELL_SET does not check status
        - vmw_balloon: fix VMCI use when balloon built into kernel
        - tracing: Do not call start/stop() functions when tracing_on does not change
        - tracing/blktrace: Fix to allow setting same value
        - kthread, tracing: Don't expose half-written comm when creating kthreads
        - uprobes: Use synchronize_rcu() not synchronize_sched()
        - 9p: fix multiple NULL-pointer-dereferences
        - PM / sleep: wakeup: Fix build error caused by missing SRCU support
        - pnfs/blocklayout: off by one in bl_map_stripe()
        - ARM: tegra: Fix Tegra30 Cardhu PCA954x reset
        - mm/tlb: Remove tlb_remove_table() non-concurrent condition
        - iommu/vt-d: Add definitions for PFSID
        - iommu/vt-d: Fix dev iotlb pfsid use
        - osf_getdomainname(): use copy_to_user()
        - sys: don't hold uts_sem while accessing userspace memory
        - userns: move user access out of the mutex
        - ubifs: Fix memory leak in lprobs self-check
        - Revert "UBIFS: Fix potential integer overflow in allocation"
        - ubifs: Check data node size before truncate
        - ubifs: Fix synced_i_size calculation for xattr inodes
        - pwm: tiehrpwm: Fix disabling of output of PWMs
        - fb: fix lost console when the user unplugs a USB adapter
        - udlfb: set optimal write delay
        - getxattr: use correct xattr length
        - bcache: release dc->writeback_lock properly in bch_writeback_thread()
        - perf auxtrace: Fix queue resize
        - fs/quota: Fix spectre gadget in do_quotactl
        - x86/io: add interface to reserve io memtype for a resource range. (v1.1)
        - drm/drivers: add support for using the arch wc mapping API.
        - Linux 4.4.155
    
      * Xenial update to 4.4.154 stable release (LP: #1792392)
        - sched/sysctl: Check user input value of sysctl_sched_time_avg
        - Cipso: cipso_v4_optptr enter infinite loop
        - vti6: fix PMTU caching and reporting on xmit
        - xfrm: fix missing dst_release() after policy blocking lbcast and multicast
        - xfrm: free skb if nlsk pointer is NULL
        - mac80211: add stations tied to AP_VLANs during hw reconfig
        - nl80211: Add a missing break in parse_station_flags
        - drm/bridge: adv7511: Reset registers on hotplug
        - scsi: libiscsi: fix possible NULL pointer dereference in case of TMF
        - drm/imx: imx-ldb: disable LDB on driver bind
        - drm/imx: imx-ldb: check if channel is enabled before printing warning
        - usb: gadget: r8a66597: Fix two possible sleep-in-atomic-context bugs in
          init_controller()
        - usb: gadget: r8a66597: Fix a possible sleep-in-atomic-context bugs in
          r8a66597_queue()
        - usb/phy: fix PPC64 build errors in phy-fsl-usb.c
        - tools: usb: ffs-test: Fix build on big endian systems
        - usb: gadget: f_uac2: fix endianness of 'struct cntrl_*_lay3'
        - tools/power turbostat: fix -S on UP systems
        - net: caif: Add a missing rcu_read_unlock() in caif_flow_cb
        - qed: Fix possible race for the link state value.
        - atl1c: reserve min skb headroom
        - net: prevent ISA drivers from building on PPC32
        - can: mpc5xxx_can: check of_iomap return before use
        - i2c: davinci: Avoid zero value of CLKH
        - media: staging: omap4iss: Include asm/cacheflush.h after generic includes
        - bnx2x: Fix invalid memory access in rss hash config path.
        - net: axienet: Fix double deregister of mdio
        - selftests/ftrace: Add snapshot and tracing_on test case
        - zswap: re-check zswap_is_full() after do zswap_shrink()
        - tools/power turbostat: Read extended processor family from CPUID
        - Revert "MIPS: BCM47XX: Enable 74K Core ExternalSync for PCIe erratum"
        - enic: handle mtu change for vf properly
        - arc: fix build errors in arc/include/asm/delay.h
        - arc: fix type warnings in arc/mm/cache.c
        - drivers: net: lmc: fix case value for target abort error
        - scsi: fcoe: drop frames in ELS LOGO error path
        - scsi: vmw_pvscsi: Return DID_RESET for status SAM_STAT_COMMAND_TERMINATED
        - mm/memory.c: check return value of ioremap_prot
        - cifs: add missing debug entries for kconfig options
        - cifs: check kmalloc before use
        - smb3: Do not send SMB3 SET_INFO if nothing changed
        - smb3: don't request leases in symlink creation and query
        - btrfs: don't leak ret from do_chunk_alloc
        - s390/kvm: fix deadlock when killed by oom
        - ext4: check for NUL characters in extended attribute's name
        - ext4: sysfs: print ext4_super_block fields as little-endian
        - ext4: reset error code in ext4_find_entry in fallback
        - arm64: mm: check for upper PAGE_SHIFT bits in pfn_valid()
        - KVM: arm/arm64: Skip updating PTE entry if no change
        - KVM: arm/arm64: Skip updating PMD entry if no change
        - x86/speculation/l1tf: Suggest what to do on systems with too much RAM
        - x86/process: Re-export start_thread()
        - fuse: Don't access pipe->buffers without pipe_lock()
        - fuse: fix double request_end()
        - fuse: fix unlocked access to processing queue
        - fuse: umount should wait for all requests
        - fuse: Fix oops at process_init_reply()
        - fuse: Add missed unlock_page() to fuse_readpages_fill()
        - udl-kms: change down_interruptible to down
        - udl-kms: handle allocation failure
        - udl-kms: fix crash due to uninitialized memory
        - ASoC: dpcm: don't merge format from invalid codec dai
        - ASoC: sirf: Fix potential NULL pointer dereference
        - pinctrl: freescale: off by one in imx1_pinconf_group_dbg_show()
        - x86/irqflags: Mark native_restore_fl extern inline
        - s390: fix br_r1_trampoline for machines without exrl
        - s390/qdio: reset old sbal_state flags
        - kprobes: Make list and blacklist root user read only
        - MIPS: Correct the 64-bit DSP accumulator register size
        - MIPS: lib: Provide MIPS64r6 __multi3() for GCC < 7
        - scsi: sysfs: Introduce sysfs_{un,}break_active_protection()
        - scsi: core: Avoid that SCSI device removal through sysfs triggers a deadlock
        - iscsi target: fix session creation failure handling
        - cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status
        - Linux 4.4.154
    
      * Xenial update to 4.4.153 stable release (LP: #1792383)
        - x86/mm: Fix use-after-free of ldt_struct
        - ovl: Ensure upper filesystem supports d_type
        - ovl: Do d_type check only if work dir creation was successful
        - ovl: warn instead of error if d_type is not supported
        - Linux 4.4.153
    
      * Xenial update to 4.4.152 stable release (LP: #1792377)
        - ARC: Explicitly add -mmedium-calls to CFLAGS
        - netfilter: ipv6: nf_defrag: reduce struct net memory waste
        - selftests: pstore: return Kselftest Skip code for skipped tests
        - selftests: static_keys: return Kselftest Skip code for skipped tests
        - selftests: user: return Kselftest Skip code for skipped tests
        - selftests: zram: return Kselftest Skip code for skipped tests
        - selftests: sync: add config fragment for testing sync framework
        - ARM: dts: Cygnus: Fix I2C controller interrupt type
        - usb: dwc2: fix isoc split in transfer with no data
        - usb: gadget: composite: fix delayed_status race condition when set_interface
        - usb: gadget: dwc2: fix memory leak in gadget_init()
        - scsi: xen-scsifront: add error handling for xenbus_printf
        - arm64: make secondary_start_kernel() notrace
        - qed: Add sanity check for SIMD fastpath handler.
        - enic: initialize enic->rfs_h.lock in enic_probe
        - net: hamradio: use eth_broadcast_addr
        - net: propagate dev_get_valid_name return code
        - ARC: Enable machine_desc->init_per_cpu for !CONFIG_SMP
        - net: davinci_emac: match the mdio device against its compatible if possible
        - locking/lockdep: Do not record IRQ state within lockdep code
        - ipv6: mcast: fix unsolicited report interval after receiving querys
        - Smack: Mark inode instant in smack_task_to_inode
        - cxgb4: when disabling dcb set txq dcb priority to 0
        - brcmfmac: stop watchdog before detach and free everything
        - ARM: dts: am437x: make edt-ft5x06 a wakeup source
        - usb: xhci: increase CRS timeout value
        - perf test session topology: Fix test on s390
        - perf report powerpc: Fix crash if callchain is empty
        - selftests/x86/sigreturn/64: Fix spurious failures on AMD CPUs
        - ARM: dts: da850: Fix interrups property for gpio
        - dmaengine: k3dma: Off by one in k3_of_dma_simple_xlate()
        - md/raid10: fix that replacement cannot complete recovery after reassemble
        - drm/exynos: gsc: Fix support for NV16/61, YUV420/YVU420 and YUV422 modes
        - drm/exynos: decon5433: Fix per-plane global alpha for XRGB modes
        - drm/exynos: decon5433: Fix WINCONx reset value
        - bnx2x: Fix receiving tx-timeout in error or recovery state.
        - m68k: fix "bad page state" oops on ColdFire boot
        - HID: wacom: Correct touch maximum XY of 2nd-gen Intuos
        - ARM: imx_v6_v7_defconfig: Select ULPI support
        - ARM: imx_v4_v5_defconfig: Select ULPI support
        - tracing: Use __printf markup to silence compiler
        - kasan: fix shadow_size calculation error in kasan_module_alloc
        - smsc75xx: Add workaround for gigabit link up hardware errata.
        - netfilter: x_tables: set module owner for icmp(6) matches
        - ARM: pxa: irq: fix handling of ICMR registers in suspend/resume
        - ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem
        - ieee802154: at86rf230: use __func__ macro for debug messages
        - ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem
        - drm/armada: fix colorkey mode property
        - bnxt_en: Fix for system hang if request_irq fails
        - perf llvm-utils: Remove bashism from kernel include fetch script
        - ARM: 8780/1: ftrace: Only set kernel memory back to read-only after boot
        - ARM: dts: am3517.dtsi: Disable reference to OMAP3 OTG controller
        - ixgbe: Be more careful when modifying MAC filters
        - packet: reset network header if packet shorter than ll reserved space
        - qlogic: check kstrtoul() for errors
        - tcp: remove DELAYED ACK events in DCTCP
        - drm/nouveau/gem: off by one bugs in nouveau_gem_pushbuf_reloc_apply()
        - net/ethernet/freescale/fman: fix cross-build error
        - net: usb: rtl8150: demote allmulti message to dev_dbg()
        - net: qca_spi: Avoid packet drop during initial sync
        - net: qca_spi: Make sure the QCA7000 reset is triggered
        - net: qca_spi: Fix log level if probe fails
        - tcp: identify cryptic messages as TCP seq # bugs
        - staging: android: ion: check for kref overflow
        - KVM: irqfd: fix race between EPOLLHUP and irq_bypass_register_consumer
        - ext4: fix spectre gadget in ext4_mb_regular_allocator()
        - parisc: Remove ordered stores from syscall.S
        - xfrm_user: prevent leaking 2 bytes of kernel memory
        - netfilter: conntrack: dccp: treat SYNC/SYNCACK as invalid if no prior state
        - packet: refine ring v3 block size test to hold one frame
        - bridge: Propagate vlan add failure to user
        - parisc: Remove unnecessary barriers from spinlock.h
        - PCI: hotplug: Don't leak pci_slot on registration failure
        - PCI: Skip MPS logic for Virtual Functions (VFs)
        - PCI: pciehp: Fix use-after-free on unplug
        - i2c: imx: Fix race condition in dma read
        - reiserfs: fix broken xattr handling (heap corruption, bad retval)
        - Linux 4.4.152
    
      * Xenial update to 4.4.151 stable release (LP: #1792340)
        - dccp: fix undefined behavior with 'cwnd' shift in ccid2_cwnd_restart()
        - l2tp: use sk_dst_check() to avoid race on sk->sk_dst_cache
        - llc: use refcount_inc_not_zero() for llc_sap_find()
        - net_sched: Fix missing res info when create new tc_index filter
        - vsock: split dwork to avoid reinitializations
        - net_sched: fix NULL pointer dereference when delete tcindex filter
        - ALSA: hda - Sleep for 10ms after entering D3 on Conexant codecs
        - ALSA: hda - Turn CX8200 into D3 as well upon reboot
        - ALSA: vx222: Fix invalid endian conversions
        - ALSA: virmidi: Fix too long output trigger loop
        - ALSA: cs5535audio: Fix invalid endian conversion
        - ALSA: hda: Correct Asrock B85M-ITX power_save blacklist entry
        - ALSA: memalloc: Don't exceed over the requested size
        - ALSA: vxpocket: Fix invalid endian conversions
        - USB: serial: sierra: fix potential deadlock at close
        - USB: option: add support for DW5821e
        - ACPI: save NVS memory for Lenovo G50-45
        - ACPI / PM: save NVS memory for ASUS 1025C laptop
        - serial: 8250_dw: always set baud rate in dw8250_set_termios
        - Bluetooth: avoid killing an already killed socket
        - isdn: Disable IIOCDBGVAR
        - Linux 4.4.151
    
      * Xenial update to 4.4.150 stable release (LP: #1792336)
        - x86/speculation/l1tf: Exempt zeroed PTEs from inversion
        - Linux 4.4.150
    
      * Xenial update to 4.4.149 stable release (LP: #1792310)
        - x86/mm: Disable ioremap free page handling on x86-PAE
        - tcp: Fix missing range_truesize enlargement in the backport
        - kasan: don't emit builtin calls when sanitization is off
        - i2c: ismt: fix wrong device address when unmap the data buffer
        - kbuild: verify that $DEPMOD is installed
        - crypto: vmac - require a block cipher with 128-bit block size
        - crypto: vmac - separate tfm and request context
        - crypto: blkcipher - fix crash flushing dcache in error path
        - crypto: ablkcipher - fix crash flushing dcache in error path
        - ASoC: Intel: cht_bsw_max98090_ti: Fix jack initialization
        - ioremap: Update pgtable free interfaces with addr
        - x86/mm: Add TLB purge to free pmd/pte page interfaces
        - Linux 4.4.149
    
      * Xenial update to 4.4.149 stable release (LP: #1792310) // CVE-2018-9363
        - Bluetooth: hidp: buffer overflow in hidp_process_report
    
      * Xenial update to 4.4.148 stable release (LP: #1792174)
        - ext4: fix check to prevent initializing reserved inodes
        - tpm: fix race condition in tpm_common_write()
        - ipv4+ipv6: Make INET*_ESP select CRYPTO_ECHAINIV
        - fork: unconditionally clear stack on fork
        - parisc: Enable CONFIG_MLONGCALLS by default
        - parisc: Define mb() and add memory barriers to assembler unlock sequences
        - xen/netfront: don't cache skb_shinfo()
        - ACPI / LPSS: Add missing prv_offset setting for byt/cht PWM devices
        - scsi: sr: Avoid that opening a CD-ROM hangs with runtime power management
          enabled
        - root dentries need RCU-delayed freeing
        - fix mntput/mntput race
        - fix __legitimize_mnt()/mntput() race
        - IB/core: Make testing MR flags for writability a static inline function
        - IB/mlx4: Mark user MR as writable if actual virtual memory is writable
        - IB/ocrdma: fix out of bounds access to local buffer
        - ARM: dts: imx6sx: fix irq for pcie bridge
        - kprobes/x86: Fix %p uses in error messages
        - x86/irqflags: Provide a declaration for native_save_fl
        - SAUCE: Sync pgtable_64.h with upstream stable
        - mm: x86: move _PAGE_SWP_SOFT_DIRTY from bit 7 to bit 1
        - SAUCE: Sync pgtable-3level.h with upstream stable
        - SAUCE: Sync pgtable.h with upstream stable
        - mm: Add vm_insert_pfn_prot()
        - mm: fix cache mode tracking in vm_insert_mixed()
        - x86/mm/kmmio: Make the tracer robust against L1TF
        - x86/init: fix build with CONFIG_SWAP=n
        - Linux 4.4.148
    
      * Xenial update to 4.4.147 stable release (LP: #1792109)
        - scsi: qla2xxx: Fix ISP recovery on unload
        - scsi: qla2xxx: Return error when TMF returns
        - genirq: Make force irq threading setup more robust
        - nohz: Fix local_timer_softirq_pending()
        - netlink: Do not subscribe to non-existent groups
        - netlink: Don't shift with UB on nlk->ngroups
        - netlink: Don't shift on 64 for ngroups
        - ACPI / PCI: Bail early in acpi_pci_add_bus() if there is no ACPI handle
        - ring_buffer: tracing: Inherit the tracing setting to next ring buffer
        - i2c: imx: Fix reinit_completion() use
        - Linux 4.4.147
    
      * Xenial update to 4.4.146 stable release (LP: #1791953)
        - MIPS: Fix off-by-one in pci_resource_to_user()
        - Input: elan_i2c - add ACPI ID for lenovo ideapad 330
        - Input: i8042 - add Lenovo LaVie Z to the i8042 reset list
        - Input: elan_i2c - add another ACPI ID for Lenovo Ideapad 330-15AST
        - tracing: Fix double free of event_trigger_data
        - tracing: Fix possible double free in event_enable_trigger_func()
        - tracing/kprobes: Fix trace_probe flags on enable_trace_kprobe() failure
        - tracing: Quiet gcc warning about maybe unused link variable
        - xen/netfront: raise max number of slots in xennet_get_responses()
        - ALSA: emu10k1: add error handling for snd_ctl_add
        - ALSA: fm801: add error handling for snd_ctl_add
        - nfsd: fix potential use-after-free in nfsd4_decode_getdeviceinfo
        - mm: vmalloc: avoid racy handling of debugobjects in vunmap
        - mm/slub.c: add __printf verification to slab_err()
        - rtc: ensure rtc_set_alarm fails when alarms are not supported
        - netfilter: ipset: List timing out entries with "timeout 1" instead of zero
        - infiniband: fix a possible use-after-free bug
        - hvc_opal: don't set tb_ticks_per_usec in udbg_init_opal_common()
        - powerpc/64s: Fix compiler store ordering to SLB shadow area
        - RDMA/mad: Convert BUG_ONs to error flows
        - disable loading f2fs module on PAGE_SIZE > 4KB
        - f2fs: fix to don't trigger writeback during recovery
        - usbip: usbip_detach: Fix memory, udev context and udev leak
        - perf/x86/intel/uncore: Correct fixed counter index check in generic code
        - perf/x86/intel/uncore: Correct fixed counter index check for NHM
        - iwlwifi: pcie: fix race in Rx buffer allocator
        - Bluetooth: hci_qca: Fix "Sleep inside atomic section" warning
        - Bluetooth: btusb: Add a new Realtek 8723DE ID 2ff8:b011
        - ASoC: dpcm: fix BE dai not hw_free and shutdown
        - mfd: cros_ec: Fail early if we cannot identify the EC
        - mwifiex: handle race during mwifiex_usb_disconnect
        - wlcore: sdio: check for valid platform device data before suspend
        - media: videobuf2-core: don't call memop 'finish' when queueing
        - btrfs: add barriers to btrfs_sync_log before log_commit_wait wakeups
        - btrfs: qgroup: Finish rescan when hit the last leaf of extent tree
        - PCI: Prevent sysfs disable of device while driver is attached
        - ath: Add regulatory mapping for FCC3_ETSIC
        - ath: Add regulatory mapping for ETSI8_WORLD
        - ath: Add regulatory mapping for APL13_WORLD
        - ath: Add regulatory mapping for APL2_FCCA
        - ath: Add regulatory mapping for Uganda
        - ath: Add regulatory mapping for Tanzania
        - ath: Add regulatory mapping for Serbia
        - ath: Add regulatory mapping for Bermuda
        - ath: Add regulatory mapping for Bahamas
        - powerpc/32: Add a missing include header
        - powerpc/chrp/time: Make some functions static, add missing header include
        - powerpc/powermac: Add missing prototype for note_bootable_part()
        - powerpc/powermac: Mark variable x as unused
        - powerpc/8xx: fix invalid register expression in head_8xx.S
        - pinctrl: at91-pio4: add missing of_node_put
        - PCI: pciehp: Request control of native hotplug only if supported
        - mwifiex: correct histogram data with appropriate index
        - scsi: ufs: fix exception event handling
        - ALSA: emu10k1: Rate-limit error messages about page errors
        - regulator: pfuze100: add .is_enable() for pfuze100_swb_regulator_ops
        - md: fix NULL dereference of mddev->pers in remove_and_add_spares()
        - media: smiapp: fix timeout checking in smiapp_read_nvm
        - ALSA: usb-audio: Apply rate limit to warning messages in URB complete
          callback
        - HID: hid-plantronics: Re-resend Update to map button for PTT products
        - drm/radeon: fix mode_valid's return type
        - powerpc/embedded6xx/hlwd-pic: Prevent interrupts from being handled by
          Starlet
        - HID: i2c-hid: check if device is there before really probing
        - tty: Fix data race in tty_insert_flip_string_fixed_flag
        - dma-iommu: Fix compilation when !CONFIG_IOMMU_DMA
        - media: rcar_jpu: Add missing clk_disable_unprepare() on error in jpu_open()
        - libata: Fix command retry decision
        - media: saa7164: Fix driver name in debug output
        - mtd: rawnand: fsl_ifc: fix FSL NAND driver to read all ONFI parameter pages
        - brcmfmac: Add support for bcm43364 wireless chipset
        - s390/cpum_sf: Add data entry sizes to sampling trailer entry
        - perf: fix invalid bit in diagnostic entry
        - scsi: 3w-9xxx: fix a missing-check bug
        - scsi: 3w-xxxx: fix a missing-check bug
        - scsi: megaraid: silence a static checker bug
        - thermal: exynos: fix setting rising_threshold for Exynos5433
        - bpf: fix references to free_bpf_prog_info() in comments
        - media: siano: get rid of __le32/__le16 cast warnings
        - drm/atomic: Handling the case when setting old crtc for plane
        - ALSA: hda/ca0132: fix build failure when a local macro is defined
        - memory: tegra: Do not handle spurious interrupts
        - memory: tegra: Apply interrupts mask per SoC
        - drm/gma500: fix psb_intel_lvds_mode_valid()'s return type
        - ipconfig: Correctly initialise ic_nameservers
        - rsi: Fix 'invalid vdd' warning in mmc
        - audit: allow not equal op for audit by executable
        - microblaze: Fix simpleImage format generation
        - usb: hub: Don't wait for connect state at resume for powered-off ports
        - crypto: authencesn - don't leak pointers to authenc keys
        - crypto: authenc - don't leak pointers to authenc keys
        - media: omap3isp: fix unbalanced dma_iommu_mapping
        - scsi: scsi_dh: replace too broad "TP9" string with the exact models
        - scsi: megaraid_sas: Increase timeout by 1 sec for non-RAID fastpath IOs
        - media: si470x: fix __be16 annotations
        - drm: Add DP PSR2 sink enable bit
        - random: mix rdrand with entropy sent in from userspace
        - squashfs: be more careful about metadata corruption
        - ext4: fix inline data updates with checksums enabled
        - ext4: check for allocation block validity with block group locked
        - dmaengine: pxa_dma: remove duplicate const qualifier
        - ASoC: pxa: Fix module autoload for platform drivers
        - ipv4: remove BUG_ON() from fib_compute_spec_dst
        - net: fix amd-xgbe flow-control issue
        - net: lan78xx: fix rx handling before first packet is send
        - xen-netfront: wait xenbus state change when load module manually
        - NET: stmmac: align DMA stuff to largest cache line length
        - tcp: do not force quickack when receiving out-of-order packets
        - tcp: add max_quickacks param to tcp_incr_quickack and
          tcp_enter_quickack_mode
        - tcp: do not aggressively quick ack after ECN events
        - tcp: refactor tcp_ecn_check_ce to remove sk type cast
        - tcp: add one more quick ack after after ECN events
        - inet: frag: enforce memory limits earlier
        - net: dsa: Do not suspend/resume closed slave_dev
        - netlink: Fix spectre v1 gadget in netlink_create()
        - squashfs: more metadata hardening
        - squashfs: more metadata hardenings
        - can: ems_usb: Fix memory leak on ems_usb_disconnect()
        - net: socket: fix potential spectre v1 gadget in socketcall
        - virtio_balloon: fix another race between migration and ballooning
        - kvm: x86: vmx: fix vpid leak
        - crypto: padlock-aes - Fix Nano workaround data corruption
        - scsi: sg: fix minor memory leak in error path
        - Linux 4.4.146
    
      * Xenial update to 4.4.145 stable release (LP: #1791942)
        - MIPS: ath79: fix register address in ath79_ddr_wb_flush()
        - ip: hash fragments consistently
        - net/mlx4_core: Save the qpn from the input modifier in RST2INIT wrapper
        - rtnetlink: add rtnl_link_state check in rtnl_configure_link
        - tcp: fix dctcp delayed ACK schedule
        - tcp: helpers to send special DCTCP ack
        - tcp: do not cancel delay-AcK on DCTCP special ACK
        - tcp: do not delay ACK in DCTCP upon CE status change
        - ip: in cmsg IP(V6)_ORIGDSTADDR call pskb_may_pull
        - usb: cdc_acm: Add quirk for Castles VEGA3000
        - usb: core: handle hub C_PORT_OVER_CURRENT condition
        - usb: gadget: f_fs: Only return delayed status when len is 0
        - driver core: Partially revert "driver core: correct device's shutdown order"
        - can: xilinx_can: fix RX loop if RXNEMP is asserted without RXOK
        - can: xilinx_can: fix recovery from error states not being propagated
        - can: xilinx_can: fix device dropping off bus on RX overrun
        - can: xilinx_can: keep only 1-2 frames in TX FIFO to fix TX accounting
        - can: xilinx_can: fix incorrect clear of non-processed interrupts
        - can: xilinx_can: fix RX overflow interrupt not being enabled
        - turn off -Wattribute-alias
        - ARM: fix put_user() for gcc-8
        - Linux 4.4.145
    
      * kernel panic - null pointer dereference on ipset operations (LP: #1793753)
        - netfilter: ipset: fix race condition in ipset save, swap and delete
        - netfilter: ipset: Fix race between dump and swap
    
      * Improvements to the kernel source package preparation (LP: #1793461)
        - [Packaging] startnewrelease: add support for backport kernels
    
      * update ENA driver to latest mainline version (LP: #1792044)
        - net: ena: Remove redundant unlikely()
        - net: ena: reduce the severity of some printouts
        - net: ena: fix rare kernel crash when bar memory remap fails
        - net: ena: fix wrong max Tx/Rx queues on ethtool
        - net: ena: improve ENA driver boot time.
        - net: ena: remove legacy suspend suspend/resume support
        - net: ena: add power management ops to the ENA driver
        - net: ena: add statistics for missed tx packets
        - net: ena: add new admin define for future support of IPv6 RSS
        - net: ena: increase ena driver version to 1.3.0
        - net: ena: fix race condition between device reset and link up setup
        - net: ena: add detection and recovery mechanism for handling missed/misrouted
          MSI-X
        - net: ena: increase ena driver version to 1.5.0
        - net: ena: fix error handling in ena_down() sequence
        - net: ena: Eliminate duplicate barriers on weakly-ordered archs
        - SAUCE: ena: devm_kzalloc() -> devm_kcalloc()
        - net: ena: Fix use of uninitialized DMA address bits field
        - net: ena: fix surprise unplug NULL dereference kernel crash
        - net: ena: fix driver when PAGE_SIZE == 64kB
        - net: ena: fix device destruction to gracefully free resources
        - net: ena: fix potential double ena_destroy_device()
        - net: ena: fix missing lock during device destruction
        - net: ena: fix missing calls to READ_ONCE
        - net: ena: fix incorrect usage of memory barriers
    
     -- Kleber Sacilotto de Souza <email address hidden>  Tue, 02 Oct 2018 14:39:36 +0000
  • linux (4.4.0-137.163) xenial; urgency=medium
    
      * CVE-2018-14633
        - iscsi target: Use hex2bin instead of a re-implementation
    
      * CVE-2018-17182
        - mm: get rid of vmacache_flush_all() entirely
    
    linux (4.4.0-136.162) xenial; urgency=medium
    
      * linux: 4.4.0-136.162 -proposed tracker (LP: #1791745)
    
      * CVE-2017-5753
        - bpf: properly enforce index mask to prevent out-of-bounds speculation
        - Revert "UBUNTU: SAUCE: bpf: Use barrier_nospec() instead of osb()"
        - Revert "bpf: prevent speculative execution in eBPF interpreter"
    
      * L1TF mitigation not effective in some CPU and RAM combinations
        (LP: #1788563) // CVE-2018-3620 // CVE-2018-3646
        - x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit
        - x86/speculation/l1tf: Fix off-by-one error when warning that system has too
          much RAM
        - x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+
    
      * CVE-2018-15594
        - x86/paravirt: Fix spectre-v2 mitigations for paravirt guests
    
      * Xenial update to 4.4.144 stable release (LP: #1791080)
        - KVM/Eventfd: Avoid crash when assign and deassign specific eventfd in
          parallel.
        - x86/MCE: Remove min interval polling limitation
        - fat: fix memory allocation failure handling of match_strdup()
        - ALSA: rawmidi: Change resized buffers atomically
        - ARC: Fix CONFIG_SWAP
        - ARC: mm: allow mprotect to make stack mappings executable
        - mm: memcg: fix use after free in mem_cgroup_iter()
        - ipv4: Return EINVAL when ping_group_range sysctl doesn't map to user ns
        - ipv6: fix useless rol32 call on hash
        - lib/rhashtable: consider param->min_size when setting initial table size
        - net/ipv4: Set oif in fib_compute_spec_dst
        - net: phy: fix flag masking in __set_phy_supported
        - ptp: fix missing break in switch
        - tg3: Add higher cpu clock for 5762.
        - net: Don't copy pfmemalloc flag in __copy_skb_header()
        - skbuff: Unconditionally copy pfmemalloc in __skb_clone()
        - xhci: Fix perceived dead host due to runtime suspend race with event handler
        - x86/paravirt: Make native_save_fl() extern inline
        - SAUCE: Add missing CPUID_7_EDX defines
        - SAUCE: x86/speculation: Expose indirect_branch_prediction_barrier()
        - x86/pti: Mark constant arrays as __initconst
        - x86/asm/entry/32: Simplify pushes of zeroed pt_regs->REGs
        - x86/entry/64/compat: Clear registers for compat syscalls, to reduce
          speculation attack surface
        - x86/speculation: Clean up various Spectre related details
        - x86/speculation: Fix up array_index_nospec_mask() asm constraint
        - x86/xen: Zero MSR_IA32_SPEC_CTRL before suspend
        - x86/mm: Factor out LDT init from context init
        - x86/mm: Give each mm TLB flush generation a unique ID
        - SAUCE: x86/speculation: Use Indirect Branch Prediction Barrier in context
          switch
        - x86/speculation: Use IBRS if available before calling into firmware
        - x86/speculation: Move firmware_restrict_branch_speculation_*() from C to CPP
        - selftest/seccomp: Fix the seccomp(2) signature
        - xen: set cpu capabilities from xen_start_kernel()
        - x86/amd: don't set X86_BUG_SYSRET_SS_ATTRS when running under Xen
        - SAUCE: Preserve SPEC_CTRL MSR in new inlines
        - SAUCE: Add Knights Mill to NO SSB list
        - x86/process: Correct and optimize TIF_BLOCKSTEP switch
        - x86/process: Optimize TIF_NOTSC switch
        - Revert "x86/cpufeatures: Add FEATURE_ZEN"
        - Revert "x86/cpu/AMD: Fix erratum 1076 (CPB bit)"
        - x86/cpu/AMD: Fix erratum 1076 (CPB bit)
        - x86/cpufeatures: Add FEATURE_ZEN
        - x86/xen: Add call of speculative_store_bypass_ht_init() to PV paths
        - x86/cpu: Re-apply forced caps every time CPU caps are re-read
        - block: do not use interruptible wait anywhere
        - clk: tegra: Fix PLL_U post divider and initial rate on Tegra30
        - ubi: Introduce vol_ignored()
        - ubi: Rework Fastmap attach base code
        - ubi: Be more paranoid while seaching for the most recent Fastmap
        - ubi: Fix races around ubi_refill_pools()
        - ubi: Fix Fastmap's update_vol()
        - ubi: fastmap: Erase outdated anchor PEBs during attach
        - Linux 4.4.144
    
      * CVE-2017-5715 (Spectre v2 s390x)
        - s390: detect etoken facility
        - s390/lib: use expoline for all bcr instructions
        - SAUCE: s390: use expoline thunks for all branches generated by the BPF JIT
    
      * Xenial update to 4.4.143 stable release (LP: #1790884)
        - compiler, clang: suppress warning for unused static inline functions
        - compiler, clang: properly override 'inline' for clang
        - compiler, clang: always inline when CONFIG_OPTIMIZE_INLINING is disabled
        - compiler-gcc.h: Add __attribute__((gnu_inline)) to all inline declarations
        - x86/asm: Add _ASM_ARG* constants for argument registers to <asm/asm.h>
        - ocfs2: subsystem.su_mutex is required while accessing the item->ci_parent
        - bcm63xx_enet: correct clock usage
        - bcm63xx_enet: do not write to random DMA channel on BCM6345
        - crypto: crypto4xx - remove bad list_del
        - crypto: crypto4xx - fix crypto4xx_build_pdr, crypto4xx_build_sdr leak
        - atm: zatm: Fix potential Spectre v1
        - net: dccp: avoid crash in ccid3_hc_rx_send_feedback()
        - net: dccp: switch rx_tstamp_last_feedback to monotonic clock
        - net/mlx5: Fix incorrect raw command length parsing
        - net: sungem: fix rx checksum support
        - qed: Limit msix vectors in kdump kernel to the minimum required count.
        - r8152: napi hangup fix after disconnect
        - tcp: fix Fast Open key endianness
        - tcp: prevent bogus FRTO undos with non-SACK flows
        - vhost_net: validate sock before trying to put its fd
        - net_sched: blackhole: tell upper qdisc about dropped packets
        - net/mlx5: Fix command interface race in polling mode
        - net: cxgb3_main: fix potential Spectre v1
        - rtlwifi: rtl8821ae: fix firmware is not ready to run
        - MIPS: Call dump_stack() from show_regs()
        - MIPS: Use async IPIs for arch_trigger_cpumask_backtrace()
        - netfilter: ebtables: reject non-bridge targets
        - KEYS: DNS: fix parsing multiple options
        - rds: avoid unenecessary cong_update in loop transport
        - net/nfc: Avoid stalls when nfc_alloc_send_skb() returned NULL.
        - Linux 4.4.143
    
      * Xenial update to 4.4.142 stable release (LP: #1790883)
        - Kbuild: fix # escaping in .cmd files for future Make
        - perf tools: Move syscall number fallbacks from perf-sys.h to
          tools/arch/x86/include/asm/
        - Linux 4.4.142
    
      * Xenial update to 4.4.141 stable release (LP: #1790620)
        - MIPS: Fix ioremap() RAM check
        - ibmasm: don't write out of bounds in read handler
        - vmw_balloon: fix inflation with batching
        - ahci: Disable LPM on Lenovo 50 series laptops with a too old BIOS
        - USB: serial: ch341: fix type promotion bug in ch341_control_in()
        - USB: serial: cp210x: add another USB ID for Qivicon ZigBee stick
        - USB: serial: keyspan_pda: fix modem-status error handling
        - USB: yurex: fix out-of-bounds uaccess in read handler
        - USB: serial: mos7840: fix status-register error handling
        - usb: quirks: add delay quirks for Corsair Strafe
        - xhci: xhci-mem: off by one in xhci_stream_id_to_ring()
        - HID: usbhid: add quirk for innomedia INNEX GENESIS/ATARI adapter
        - tools build: fix # escaping in .cmd files for future Make
        - iw_cxgb4: correctly enforce the max reg_mr depth
        - x86/cpufeature: Move some of the scattered feature bits to x86_capability
        - x86/cpu: Provide a config option to disable static_cpu_has
        - x86/fpu: Add an XSTATE_OP() macro
        - x86/fpu: Get rid of xstate_fault()
        - x86/headers: Don't include asm/processor.h in asm/atomic.h
        - x86/cpufeature: Replace the old static_cpu_has() with safe variant
        - x86/cpufeature: Get rid of the non-asm goto variant
        - x86/alternatives: Add an auxilary section
        - x86/alternatives: Discard dynamic check after init
        - x86/vdso: Use static_cpu_has()
        - x86/boot: Simplify kernel load address alignment check
        - x86/cpufeature: Speed up cpu_feature_enabled()
        - x86/cpufeature, x86/mm/pkeys: Add protection keys related CPUID definitions
        - x86/mm/pkeys: Fix mismerge of protection keys CPUID bits
        - x86/cpu: Add detection of AMD RAS Capabilities
        - x86/cpufeature, x86/mm/pkeys: Fix broken compile-time disabling of pkeys
        - x86/cpufeature: Make sure DISABLED/REQUIRED macros are updated
        - x86/cpufeature: Add helper macro for mask check macros
        - uprobes/x86: Remove incorrect WARN_ON() in uprobe_init_insn()
        - netfilter: nf_queue: augment nfqa_cfg_policy
        - netfilter: x_tables: initialise match/target check parameter struct
        - loop: add recursion validation to LOOP_CHANGE_FD
        - PM / hibernate: Fix oops at snapshot_write()
        - SAUCE: RDMA/ucm: Blacklist UCM module
        - loop: remember whether sysfs_create_group() was done
        - Linux 4.4.141
        - [Config] Refresh configs for 4.4.141
    
      * regression with EXT4 file systems and meta_bg flag (LP: #1789653)
        - ext4: fix false negatives *and* false positives in ext4_check_descriptors()
    
      * CVE-2018-15572
        - x86/speculation: Protect against userspace-userspace spectreRSB
    
      * random oopses on s390 systems using NVMe devices (LP: #1790480)
        - s390/pci: fix out of bounds access during irq setup
    
      * CVE-2018-6555
        - SAUCE: irda: Only insert new objects into the global database via setsockopt
    
      * CVE-2018-6554
        - SAUCE: irda: Fix memory leak caused by repeated binds of irda socket
    
      * errors when scanning partition table of corrupted AIX disk (LP: #1787281)
        - partitions/aix: fix usage of uninitialized lv_info and lvname structures
        - partitions/aix: append null character to print data from disk
    
     -- Stefan Bader <email address hidden>  Mon, 24 Sep 2018 13:39:05 +0200
  • linux (4.4.0-136.162) xenial; urgency=medium
    
      * linux: 4.4.0-136.162 -proposed tracker (LP: #1791745)
    
      * CVE-2017-5753
        - bpf: properly enforce index mask to prevent out-of-bounds speculation
        - Revert "UBUNTU: SAUCE: bpf: Use barrier_nospec() instead of osb()"
        - Revert "bpf: prevent speculative execution in eBPF interpreter"
    
      * L1TF mitigation not effective in some CPU and RAM combinations
        (LP: #1788563) // CVE-2018-3620 // CVE-2018-3646
        - x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit
        - x86/speculation/l1tf: Fix off-by-one error when warning that system has too
          much RAM
        - x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+
    
      * CVE-2018-15594
        - x86/paravirt: Fix spectre-v2 mitigations for paravirt guests
    
      * Xenial update to 4.4.144 stable release (LP: #1791080)
        - KVM/Eventfd: Avoid crash when assign and deassign specific eventfd in
          parallel.
        - x86/MCE: Remove min interval polling limitation
        - fat: fix memory allocation failure handling of match_strdup()
        - ALSA: rawmidi: Change resized buffers atomically
        - ARC: Fix CONFIG_SWAP
        - ARC: mm: allow mprotect to make stack mappings executable
        - mm: memcg: fix use after free in mem_cgroup_iter()
        - ipv4: Return EINVAL when ping_group_range sysctl doesn't map to user ns
        - ipv6: fix useless rol32 call on hash
        - lib/rhashtable: consider param->min_size when setting initial table size
        - net/ipv4: Set oif in fib_compute_spec_dst
        - net: phy: fix flag masking in __set_phy_supported
        - ptp: fix missing break in switch
        - tg3: Add higher cpu clock for 5762.
        - net: Don't copy pfmemalloc flag in __copy_skb_header()
        - skbuff: Unconditionally copy pfmemalloc in __skb_clone()
        - xhci: Fix perceived dead host due to runtime suspend race with event handler
        - x86/paravirt: Make native_save_fl() extern inline
        - SAUCE: Add missing CPUID_7_EDX defines
        - SAUCE: x86/speculation: Expose indirect_branch_prediction_barrier()
        - x86/pti: Mark constant arrays as __initconst
        - x86/asm/entry/32: Simplify pushes of zeroed pt_regs->REGs
        - x86/entry/64/compat: Clear registers for compat syscalls, to reduce
          speculation attack surface
        - x86/speculation: Clean up various Spectre related details
        - x86/speculation: Fix up array_index_nospec_mask() asm constraint
        - x86/xen: Zero MSR_IA32_SPEC_CTRL before suspend
        - x86/mm: Factor out LDT init from context init
        - x86/mm: Give each mm TLB flush generation a unique ID
        - SAUCE: x86/speculation: Use Indirect Branch Prediction Barrier in context
          switch
        - x86/speculation: Use IBRS if available before calling into firmware
        - x86/speculation: Move firmware_restrict_branch_speculation_*() from C to CPP
        - selftest/seccomp: Fix the seccomp(2) signature
        - xen: set cpu capabilities from xen_start_kernel()
        - x86/amd: don't set X86_BUG_SYSRET_SS_ATTRS when running under Xen
        - SAUCE: Preserve SPEC_CTRL MSR in new inlines
        - SAUCE: Add Knights Mill to NO SSB list
        - x86/process: Correct and optimize TIF_BLOCKSTEP switch
        - x86/process: Optimize TIF_NOTSC switch
        - Revert "x86/cpufeatures: Add FEATURE_ZEN"
        - Revert "x86/cpu/AMD: Fix erratum 1076 (CPB bit)"
        - x86/cpu/AMD: Fix erratum 1076 (CPB bit)
        - x86/cpufeatures: Add FEATURE_ZEN
        - x86/xen: Add call of speculative_store_bypass_ht_init() to PV paths
        - x86/cpu: Re-apply forced caps every time CPU caps are re-read
        - block: do not use interruptible wait anywhere
        - clk: tegra: Fix PLL_U post divider and initial rate on Tegra30
        - ubi: Introduce vol_ignored()
        - ubi: Rework Fastmap attach base code
        - ubi: Be more paranoid while seaching for the most recent Fastmap
        - ubi: Fix races around ubi_refill_pools()
        - ubi: Fix Fastmap's update_vol()
        - ubi: fastmap: Erase outdated anchor PEBs during attach
        - Linux 4.4.144
    
      * CVE-2017-5715 (Spectre v2 s390x)
        - s390: detect etoken facility
        - s390/lib: use expoline for all bcr instructions
        - SAUCE: s390: use expoline thunks for all branches generated by the BPF JIT
    
      * Xenial update to 4.4.143 stable release (LP: #1790884)
        - compiler, clang: suppress warning for unused static inline functions
        - compiler, clang: properly override 'inline' for clang
        - compiler, clang: always inline when CONFIG_OPTIMIZE_INLINING is disabled
        - compiler-gcc.h: Add __attribute__((gnu_inline)) to all inline declarations
        - x86/asm: Add _ASM_ARG* constants for argument registers to <asm/asm.h>
        - ocfs2: subsystem.su_mutex is required while accessing the item->ci_parent
        - bcm63xx_enet: correct clock usage
        - bcm63xx_enet: do not write to random DMA channel on BCM6345
        - crypto: crypto4xx - remove bad list_del
        - crypto: crypto4xx - fix crypto4xx_build_pdr, crypto4xx_build_sdr leak
        - atm: zatm: Fix potential Spectre v1
        - net: dccp: avoid crash in ccid3_hc_rx_send_feedback()
        - net: dccp: switch rx_tstamp_last_feedback to monotonic clock
        - net/mlx5: Fix incorrect raw command length parsing
        - net: sungem: fix rx checksum support
        - qed: Limit msix vectors in kdump kernel to the minimum required count.
        - r8152: napi hangup fix after disconnect
        - tcp: fix Fast Open key endianness
        - tcp: prevent bogus FRTO undos with non-SACK flows
        - vhost_net: validate sock before trying to put its fd
        - net_sched: blackhole: tell upper qdisc about dropped packets
        - net/mlx5: Fix command interface race in polling mode
        - net: cxgb3_main: fix potential Spectre v1
        - rtlwifi: rtl8821ae: fix firmware is not ready to run
        - MIPS: Call dump_stack() from show_regs()
        - MIPS: Use async IPIs for arch_trigger_cpumask_backtrace()
        - netfilter: ebtables: reject non-bridge targets
        - KEYS: DNS: fix parsing multiple options
        - rds: avoid unenecessary cong_update in loop transport
        - net/nfc: Avoid stalls when nfc_alloc_send_skb() returned NULL.
        - Linux 4.4.143
    
      * Xenial update to 4.4.142 stable release (LP: #1790883)
        - Kbuild: fix # escaping in .cmd files for future Make
        - perf tools: Move syscall number fallbacks from perf-sys.h to
          tools/arch/x86/include/asm/
        - Linux 4.4.142
    
      * Xenial update to 4.4.141 stable release (LP: #1790620)
        - MIPS: Fix ioremap() RAM check
        - ibmasm: don't write out of bounds in read handler
        - vmw_balloon: fix inflation with batching
        - ahci: Disable LPM on Lenovo 50 series laptops with a too old BIOS
        - USB: serial: ch341: fix type promotion bug in ch341_control_in()
        - USB: serial: cp210x: add another USB ID for Qivicon ZigBee stick
        - USB: serial: keyspan_pda: fix modem-status error handling
        - USB: yurex: fix out-of-bounds uaccess in read handler
        - USB: serial: mos7840: fix status-register error handling
        - usb: quirks: add delay quirks for Corsair Strafe
        - xhci: xhci-mem: off by one in xhci_stream_id_to_ring()
        - HID: usbhid: add quirk for innomedia INNEX GENESIS/ATARI adapter
        - tools build: fix # escaping in .cmd files for future Make
        - iw_cxgb4: correctly enforce the max reg_mr depth
        - x86/cpufeature: Move some of the scattered feature bits to x86_capability
        - x86/cpu: Provide a config option to disable static_cpu_has
        - x86/fpu: Add an XSTATE_OP() macro
        - x86/fpu: Get rid of xstate_fault()
        - x86/headers: Don't include asm/processor.h in asm/atomic.h
        - x86/cpufeature: Replace the old static_cpu_has() with safe variant
        - x86/cpufeature: Get rid of the non-asm goto variant
        - x86/alternatives: Add an auxilary section
        - x86/alternatives: Discard dynamic check after init
        - x86/vdso: Use static_cpu_has()
        - x86/boot: Simplify kernel load address alignment check
        - x86/cpufeature: Speed up cpu_feature_enabled()
        - x86/cpufeature, x86/mm/pkeys: Add protection keys related CPUID definitions
        - x86/mm/pkeys: Fix mismerge of protection keys CPUID bits
        - x86/cpu: Add detection of AMD RAS Capabilities
        - x86/cpufeature, x86/mm/pkeys: Fix broken compile-time disabling of pkeys
        - x86/cpufeature: Make sure DISABLED/REQUIRED macros are updated
        - x86/cpufeature: Add helper macro for mask check macros
        - uprobes/x86: Remove incorrect WARN_ON() in uprobe_init_insn()
        - netfilter: nf_queue: augment nfqa_cfg_policy
        - netfilter: x_tables: initialise match/target check parameter struct
        - loop: add recursion validation to LOOP_CHANGE_FD
        - PM / hibernate: Fix oops at snapshot_write()
        - SAUCE: RDMA/ucm: Blacklist UCM module
        - loop: remember whether sysfs_create_group() was done
        - Linux 4.4.141
        - [Config] Refresh configs for 4.4.141
    
      * regression with EXT4 file systems and meta_bg flag (LP: #1789653)
        - ext4: fix false negatives *and* false positives in ext4_check_descriptors()
    
      * CVE-2018-15572
        - x86/speculation: Protect against userspace-userspace spectreRSB
    
      * random oopses on s390 systems using NVMe devices (LP: #1790480)
        - s390/pci: fix out of bounds access during irq setup
    
      * CVE-2018-6555
        - SAUCE: irda: Only insert new objects into the global database via setsockopt
    
      * CVE-2018-6554
        - SAUCE: irda: Fix memory leak caused by repeated binds of irda socket
    
      * errors when scanning partition table of corrupted AIX disk (LP: #1787281)
        - partitions/aix: fix usage of uninitialized lv_info and lvname structures
        - partitions/aix: append null character to print data from disk
    
     -- Kleber Sacilotto de Souza <email address hidden>  Tue, 11 Sep 2018 15:50:12 +0200
  • linux (4.4.0-135.161) xenial; urgency=medium
    
      * linux: 4.4.0-135.161 -proposed tracker (LP: #1788766)
    
      * [Regression] APM Merlin boards fail to recover link after interface down/up
        (LP: #1785739)
        - net: phylib: fix interrupts re-enablement in phy_start
        - net: phy: fix phy_start to consider PHY_IGNORE_INTERRUPT
    
      * qeth: don't clobber buffer on async TX completion (LP: #1786057)
        - s390/qeth: don't clobber buffer on async TX completion
    
      * nvme: avoid cqe corruption (LP: #1788035)
        - nvme: avoid cqe corruption when update at the same time as read
    
      * CacheFiles: Error: Overlong wait for old active object to go away.
        (LP: #1776254)
        - cachefiles: Fix missing clear of the CACHEFILES_OBJECT_ACTIVE flag
        - cachefiles: Wait rather than BUG'ing on "Unexpected object collision"
    
      * fscache cookie refcount updated incorrectly during fscache object allocation
        (LP: #1776277) // fscache cookie refcount updated incorrectly during fscache
        object allocation (LP: #1776277)
        - fscache: Fix reference overput in fscache_attach_object() error handling
    
      * FS-Cache: Assertion failed: FS-Cache: 6 == 5 is false (LP: #1774336)
        - Revert "UBUNTU: SAUCE: CacheFiles: fix a read_waiter/read_copier race"
        - fscache: Allow cancelled operations to be enqueued
        - cachefiles: Fix refcounting bug in backing-file read monitoring
    
      * linux-cloud-tools-common: Ensure hv-kvp-daemon.service starts before
        walinuxagent.service (LP: #1739107)
        - [Debian] hyper-v -- Ensure that hv-kvp-daemon.service starts before
          walinuxagent.service
    
     -- Khalid Elmously <email address hidden>  Sun, 26 Aug 2018 23:56:50 -0400
  • linux (4.4.0-134.160) xenial; urgency=medium
    
      * linux: 4.4.0-134.160 -proposed tracker (LP: #1787177)
    
      * locking sockets broken due to missing AppArmor socket mediation patches
        (LP: #1780227)
        - UBUNTU SAUCE: apparmor: fix apparmor mediating locking non-fs, unix sockets
    
      * Backport namespaced fscaps to xenial 4.4 (LP: #1778286)
        - Introduce v3 namespaced file capabilities
        - commoncap: move assignment of fs_ns to avoid null pointer dereference
        - capabilities: fix buffer overread on very short xattr
        - commoncap: Handle memory allocation failure.
    
      * Xenial update to 4.4.140 stable release (LP: #1784409)
        - usb: cdc_acm: Add quirk for Uniden UBC125 scanner
        - USB: serial: cp210x: add CESINEL device ids
        - USB: serial: cp210x: add Silicon Labs IDs for Windows Update
        - n_tty: Fix stall at n_tty_receive_char_special().
        - staging: android: ion: Return an ERR_PTR in ion_map_kernel
        - n_tty: Access echo_* variables carefully.
        - x86/boot: Fix early command-line parsing when matching at end
        - ath10k: fix rfc1042 header retrieval in QCA4019 with eth decap mode
        - i2c: rcar: fix resume by always initializing registers before transfer
        - ipv4: Fix error return value in fib_convert_metrics()
        - kprobes/x86: Do not modify singlestep buffer while resuming
        - nvme-pci: initialize queue memory before interrupts
        - netfilter: nf_tables: use WARN_ON_ONCE instead of BUG_ON in nft_do_chain()
        - ARM: dts: imx6q: Use correct SDMA script for SPI5 core
        - ubi: fastmap: Correctly handle interrupted erasures in EBA
        - mm: hugetlb: yield when prepping struct pages
        - tracing: Fix missing return symbol in function_graph output
        - scsi: sg: mitigate read/write abuse
        - s390: Correct register corruption in critical section cleanup
        - drbd: fix access after free
        - cifs: Fix infinite loop when using hard mount option
        - jbd2: don't mark block as modified if the handle is out of credits
        - ext4: make sure bitmaps and the inode table don't overlap with bg
          descriptors
        - ext4: always check block group bounds in ext4_init_block_bitmap()
        - ext4: only look at the bg_flags field if it is valid
        - ext4: verify the depth of extent tree in ext4_find_extent()
        - ext4: include the illegal physical block in the bad map ext4_error msg
        - ext4: clear i_data in ext4_inode_info when removing inline data
        - ext4: add more inode number paranoia checks
        - ext4: add more mount time checks of the superblock
        - ext4: check superblock mapped prior to committing
        - HID: i2c-hid: Fix "incomplete report" noise
        - HID: hiddev: fix potential Spectre v1
        - HID: debug: check length before copy_to_user()
        - x86/mce: Detect local MCEs properly
        - x86/mce: Fix incorrect "Machine check from unknown source" message
        - media: cx25840: Use subdev host data for PLL override
        - mm, page_alloc: do not break __GFP_THISNODE by zonelist reset
        - dm bufio: avoid sleeping while holding the dm_bufio lock
        - dm bufio: drop the lock when doing GFP_NOIO allocation
        - mtd: rawnand: mxc: set spare area size register explicitly
        - dm bufio: don't take the lock in dm_bufio_shrink_count
        - mtd: cfi_cmdset_0002: Change definition naming to retry write operation
        - mtd: cfi_cmdset_0002: Change erase functions to retry for error
        - mtd: cfi_cmdset_0002: Change erase functions to check chip good only
        - netfilter: nf_log: don't hold nf_log_mutex during user access
        - staging: comedi: quatech_daqp_cs: fix no-op loop daqp_ao_insn_write()
        - Linux 4.4.140
    
      * Xenial update to 4.4.139 stable release (LP: #1784382)
        - xfrm6: avoid potential infinite loop in _decode_session6()
        - netfilter: ebtables: handle string from userspace with care
        - ipvs: fix buffer overflow with sync daemon and service
        - atm: zatm: fix memcmp casting
        - net: qmi_wwan: Add Netgear Aircard 779S
        - net/sonic: Use dma_mapping_error()
        - Revert "Btrfs: fix scrub to repair raid6 corruption"
        - tcp: do not overshoot window_clamp in tcp_rcv_space_adjust()
        - Btrfs: make raid6 rebuild retry more
        - usb: musb: fix remote wakeup racing with suspend
        - bonding: re-evaluate force_primary when the primary slave name changes
        - tcp: verify the checksum of the first data segment in a new connection
        - ext4: update mtime in ext4_punch_hole even if no blocks are released
        - ext4: fix fencepost error in check for inode count overflow during resize
        - driver core: Don't ignore class_dir_create_and_add() failure.
        - btrfs: scrub: Don't use inode pages for device replace
        - ALSA: hda - Handle kzalloc() failure in snd_hda_attach_pcm_stream()
        - ALSA: hda: add dock and led support for HP EliteBook 830 G5
        - ALSA: hda: add dock and led support for HP ProBook 640 G4
        - cpufreq: Fix new policy initialization during limits updates via sysfs
        - libata: zpodd: make arrays cdb static, reduces object code size
        - libata: zpodd: small read overflow in eject_tray()
        - libata: Drop SanDisk SD7UB3Q*G1001 NOLPM quirk
        - w1: mxc_w1: Enable clock before calling clk_get_rate() on it
        - x86/spectre_v1: Disable compiler optimizations over
          array_index_mask_nospec()
        - m68k/mm: Adjust VM area to be unmapped by gap size for __iounmap()
        - serial: sh-sci: Use spin_{try}lock_irqsave instead of open coding version
        - signal/xtensa: Consistenly use SIGBUS in do_unaligned_user
        - usb: do not reset if a low-speed or full-speed device timed out
        - 1wire: family module autoload fails because of upper/lower case mismatch.
        - ASoC: dapm: delete dapm_kcontrol_data paths list before freeing it
        - ASoC: cirrus: i2s: Fix LRCLK configuration
        - ASoC: cirrus: i2s: Fix {TX|RX}LinCtrlData setup
        - lib/vsprintf: Remove atomic-unsafe support for %pCr
        - mips: ftrace: fix static function graph tracing
        - branch-check: fix long->int truncation when profiling branches
        - ipmi:bt: Set the timeout before doing a capabilities check
        - Bluetooth: hci_qca: Avoid missing rampatch failure with userspace fw loader
        - fuse: atomic_o_trunc should truncate pagecache
        - fuse: don't keep dead fuse_conn at fuse_fill_super().
        - fuse: fix control dir setup and teardown
        - powerpc/mm/hash: Add missing isync prior to kernel stack SLB switch
        - powerpc/ptrace: Fix setting 512B aligned breakpoints with
          PTRACE_SET_DEBUGREG
        - powerpc/ptrace: Fix enforcement of DAWR constraints
        - cpuidle: powernv: Fix promotion from snooze if next state disabled
        - powerpc/fadump: Unregister fadump on kexec down path.
        - ARM: 8764/1: kgdb: fix NUMREGBYTES so that gdb_regs[] is the correct size
        - of: unittest: for strings, account for trailing \0 in property length field
        - IB/qib: Fix DMA api warning with debug kernel
        - RDMA/mlx4: Discard unknown SQP work requests
        - mtd: cfi_cmdset_0002: Change write buffer to check correct value
        - mtd: cfi_cmdset_0002: Use right chip in do_ppb_xxlock()
        - mtd: cfi_cmdset_0002: fix SEGV unlocking multiple chips
        - mtd: cfi_cmdset_0002: Fix unlocking requests crossing a chip boudary
        - mtd: cfi_cmdset_0002: Avoid walking all chips when unlocking.
        - MIPS: BCM47XX: Enable 74K Core ExternalSync for PCIe erratum
        - PCI: pciehp: Clear Presence Detect and Data Link Layer Status Changed on
          resume
        - MIPS: io: Add barrier after register read in inX()
        - time: Make sure jiffies_to_msecs() preserves non-zero time periods
        - Btrfs: fix clone vs chattr NODATASUM race
        - iio:buffer: make length types match kfifo types
        - scsi: qla2xxx: Fix setting lower transfer speed if GPSC fails
        - scsi: zfcp: fix missing SCSI trace for result of eh_host_reset_handler
        - scsi: zfcp: fix missing SCSI trace for retry of abort / scsi_eh TMF
        - scsi: zfcp: fix misleading REC trigger trace where erp_action setup failed
        - scsi: zfcp: fix missing REC trigger trace on terminate_rport_io early return
        - scsi: zfcp: fix missing REC trigger trace on terminate_rport_io for
          ERP_FAILED
        - scsi: zfcp: fix missing REC trigger trace for all objects in ERP_FAILED
        - scsi: zfcp: fix missing REC trigger trace on enqueue without ERP thread
        - linvdimm, pmem: Preserve read-only setting for pmem devices
        - md: fix two problems with setting the "re-add" device state.
        - ubi: fastmap: Cancel work upon detach
        - UBIFS: Fix potential integer overflow in allocation
        - xfrm: skip policies marked as dead while rehashing
        - backlight: as3711_bl: Fix Device Tree node lookup
        - backlight: max8925_bl: Fix Device Tree node lookup
        - backlight: tps65217_bl: Fix Device Tree node lookup
        - mfd: intel-lpss: Program REMAP register in PIO mode
        - perf tools: Fix symbol and object code resolution for vdso32 and vdsox32
        - perf intel-pt: Fix sync_switch INTEL_PT_SS_NOT_TRACING
        - perf intel-pt: Fix decoding to accept CBR between FUP and corresponding TIP
        - perf intel-pt: Fix MTC timing after overflow
        - perf intel-pt: Fix "Unexpected indirect branch" error
        - perf intel-pt: Fix packet decoding of CYC packets
        - media: v4l2-compat-ioctl32: prevent go past max size
        - media: dvb_frontend: fix locking issues at dvb_frontend_get_event()
        - nfsd: restrict rd_maxcount to svc_max_payload in nfsd_encode_readdir
        - NFSv4: Fix possible 1-byte stack overflow in
          nfs_idmap_read_and_verify_message
        - video: uvesafb: Fix integer overflow in allocation
        - Input: elan_i2c - add ELAN0618 (Lenovo v330 15IKB) ACPI ID
        - xen: Remove unnecessary BUG_ON from __unbind_from_irq()
        - udf: Detect incorrect directory size
        - Input: elan_i2c_smbus - fix more potential stack buffer overflows
        - Input: elantech - enable middle button of touchpads on ThinkPad P52
        - Input: elantech - fix V4 report decoding for module with middle key
        - ALSA: hda/realtek - Add a quirk for FSC ESPRIMO U9210
        - Btrfs: fix unexpected cow in run_delalloc_nocow
        - spi: Fix scatterlist elements size in spi_map_buf
        - block: Fix transfer when chunk sectors exceeds max
        - dm thin: handle running out of data space vs concurrent discard
        - cdc_ncm: avoid padding beyond end of skb
        - Bluetooth: Fix connection if directed advertising and privacy is used
        - Linux 4.4.139
    
      * Support AverMedia DVD EZMaker 7 USB video capture dongle (LP: #1620762) //
        Xenial update to 4.4.139 stable release (LP: #1784382)
        - media: cx231xx: Add support for AverMedia DVD EZMaker 7
    
      * vfio/pci: cannot assign a i40e pf device to a vm using vfio-pci
        (LP: #1779830)
        - vfio/pci: Hide broken INTx support from user
    
      * Kernel error "task zfs:pid blocked for more than 120 seconds" (LP: #1781364)
        - SAUCE: (noup) zfs to 0.6.5.6-0ubuntu25
    
      * Allow multiple mounts of zfs datasets (LP: #1759848)
        - SAUCE: Allow mounting datasets more than once (LP: #1759848)
    
      * CVE-2018-12233
        - jfs: Fix inconsistency between memory allocation and ea_buf->max_size
    
      * Redpine: Observed kernel panic while running wireless tests in regression
        mode (LP: #1773410) // Redpine: Observed kernel panic while running soft-ap
        tests (LP: #1777850)
        - SAUCE: Redpine: improve cancel_hw_scan handling to fix kernel panic
    
      * [HMS] Upgrades to Support SocketCAN over USB on Dell IoT 300x Gateways
        (LP: #1783241)
        - SAUCE: (no-up) upgrade IXXAT USB SocketCAN driver
    
      * CVE-2018-13094
        - xfs: don't call xfs_da_shrink_inode with NULL bp
    
      * other users' coredumps can be read via setgid directory and killpriv bypass
        (LP: #1779923) // CVE-2018-13405
        - Fix up non-directory creation in SGID directories
    
      * snapcraft.yaml: missing ubuntu-retpoline-extract-one script breaks the build
        (LP: #1782116)
        - snapcraft.yaml: copy retpoline-extract-one to scripts before build
    
      * Enable basic support for Solarflare 8000 series NIC (LP: #1783152)
        - sfc: make TSO version a per-queue parameter
        - sfc: Add PCI ID for Solarflare 8000 series 10/40G NIC
    
      * Redpine: Observed kernel panic while running wireless regressions tests
        (LP: #1777858)
        - SAUCE: Redpine: improve kernel thread handling to fix kernel panic
    
      * Xenial update to 4.4.138 stable release (LP: #1777389)
        - x86: Remove unused function cpu_has_ht_siblings()
        - x86/cpufeature: Remove unused and seldomly used cpu_has_xx macros
        - x86/fpu: Disable AVX when eagerfpu is off
        - x86/fpu: Revert ("x86/fpu: Disable AVX when eagerfpu is off")
        - x86/fpu: Hard-disable lazy FPU mode
        - af_key: Always verify length of provided sadb_key
        - x86/crypto, x86/fpu: Remove X86_FEATURE_EAGER_FPU #ifdef from the crc32c
          code
        - gpio: No NULL owner
        - Clarify (and fix) MAX_LFS_FILESIZE macros
        - serial: samsung: fix maxburst parameter for DMA transactions
        - vmw_balloon: fixing double free when batching mode is off
        - Input: goodix - add new ACPI id for GPD Win 2 touch screen
        - crypto: vmx - Remove overly verbose printk from AES init routines
        - Linux 4.4.138
    
      * Redpine: wifi-ap stopped working after restart (LP: #1773400)
        - SAUCE: Redpine: fix soft-ap invisible issue
    
      * Xenial update to 4.4.137 stable release (LP: #1777063)
        - tpm: do not suspend/resume if power stays on
        - tpm: self test failure should not cause suspend to fail
        - mmap: introduce sane default mmap limits
        - mmap: relax file size limit for regular files
        - kconfig: Avoid format overflow warning from GCC 8.1
        - xfs: fix incorrect log_flushed on fsync
        - drm: set FMODE_UNSIGNED_OFFSET for drm files
        - brcmfmac: Fix check for ISO3166 code
        - bnx2x: use the right constant
        - dccp: don't free ccid2_hc_tx_sock struct in dccp_disconnect()
        - enic: set DMA mask to 47 bit
        - ip6mr: only set ip6mr_table from setsockopt when ip6mr_new_table succeeds
        - ipv4: remove warning in ip_recv_error
        - isdn: eicon: fix a missing-check bug
        - netdev-FAQ: clarify DaveM's position for stable backports
        - net/packet: refine check for priv area size
        - net: usb: cdc_mbim: add flag FLAG_SEND_ZLP
        - packet: fix reserve calculation
        - qed: Fix mask for physical address in ILT entry
        - net/mlx4: Fix irq-unsafe spinlock usage
        - team: use netdev_features_t instead of u32
        - rtnetlink: validate attributes in do_setlink()
        - net: phy: broadcom: Fix bcm_write_exp()
        - net: metrics: add proper netlink validation
        - Linux 4.4.137
    
      * Xenial update to 4.4.136 stable release (LP: #1776177)
        - arm64: lse: Add early clobbers to some input/output asm operands
        - powerpc/64s: Clear PCR on boot
        - USB: serial: cp210x: use tcflag_t to fix incompatible pointer type
        - sh: New gcc support
        - xfs: detect agfl count corruption and reset agfl
        - Input: elan_i2c_smbus - fix corrupted stack
        - tracing: Fix crash when freeing instances with event triggers
        - selinux: KASAN: slab-out-of-bounds in xattr_getsecurity
        - cfg80211: further limit wiphy names to 64 bytes
        - rtlwifi: rtl8192cu: Remove variable self-assignment in rf.c
        - ASoC: Intel: sst: remove redundant variable dma_dev_name
        - irda: fix overly long udelay()
        - tcp: avoid integer overflows in tcp_rcv_space_adjust()
        - i2c: rcar: make sure clocks are on when doing clock calculation
        - i2c: rcar: rework hw init
        - i2c: rcar: remove unused IOERROR state
        - i2c: rcar: remove spinlock
        - i2c: rcar: refactor setup of a msg
        - i2c: rcar: init new messages in irq
        - i2c: rcar: don't issue stop when HW does it automatically
        - i2c: rcar: check master irqs before slave irqs
        - i2c: rcar: revoke START request early
        - dmaengine: usb-dmac: fix endless loop in usb_dmac_chan_terminate_all()
        - iio:kfifo_buf: check for uint overflow
        - MIPS: ptrace: Fix PTRACE_PEEKUSR requests for 64-bit FGRs
        - MIPS: prctl: Disallow FRE without FR with PR_SET_FP_MODE requests
        - scsi: scsi_transport_srp: Fix shost to rport translation
        - stm class: Use vmalloc for the master map
        - hwtracing: stm: fix build error on some arches
        - drm/i915: Disable LVDS on Radiant P845
        - Kbuild: change CC_OPTIMIZE_FOR_SIZE definition
        - [Config] Add CONFIG_CC_OPTIMIZE_FOR_PERFORMANCE=y
        - fix io_destroy()/aio_complete() race
        - mm: fix the NULL mapping case in __isolate_lru_page()
        - sparc64: Fix build warnings with gcc 7.
        - Linux 4.4.136
    
      * Xenial update to 4.4.135 stable release (LP: #1776158)
        - Revert "vti4: Don't override MTU passed on link creation via IFLA_MTU"
        - Linux 4.4.135
    
     -- Kleber Sacilotto de Souza <email address hidden>  Wed, 15 Aug 2018 13:51:11 +0000
  • linux (4.4.0-133.159) xenial; urgency=medium
    
      * CVE-2018-5390
        - tcp: avoid collapses in tcp_prune_queue() if possible
        - tcp: detect malicious patterns in tcp_collapse_ofo_queue()
    
      * CVE-2018-5391
        - Revert "net: increase fragment memory usage limits"
    
      * CVE-2018-3620 // CVE-2018-3646
        - KVM: x86: introduce linear_{read,write}_system
        - KVM: x86: pass kvm_vcpu to kvm_read_guest_virt and
          kvm_write_guest_virt_system
        - kvm: x86: use correct privilege level for sgdt/sidt/fxsave/fxrstor access
        - x86/speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT
        - x86/speculation/l1tf: Change order of offset/type in swap entry
        - x86/speculation/l1tf: Protect swap entries against L1TF
        - x86/mm: Simplify p[g4um]d_page() macros
        - x86/speculation/l1tf: Protect PROT_NONE PTEs against speculation
        - x86/speculation/l1tf: Make sure the first page is always reserved
        - SAUCE: x86/cpu: Add Knights Mill/Gemini Lake
        - x86/speculation/l1tf: Add sysfs reporting for l1tf
        - x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings
        - x86/speculation/l1tf: Limit swap file size to MAX_PA/2
        - x86/smp: Provide topology_is_primary_thread()
        - x86/topology: Provide topology_smt_supported()
        - cpu/hotplug: Split do_cpu_down()
        - x86/topology: Add topology_max_smt_threads()
        - cpu/hotplug: Provide knobs to control SMT
        - x86/CPU: Modify detect_extended_topology() to return result
        - x86/cpu: Remove the pointless CPU printout
        - x86/cpu/AMD: Remove the pointless detect_ht() call
        - x86/cpu/common: Provide detect_ht_early()
        - x86/cpu/topology: Provide detect_extended_topology_early()
        - x86/cpu/intel: Evaluate smp_num_siblings early
        - x86/cpu/AMD: Evaluate smp_num_siblings early
        - x86/apic: Ignore secondary threads if nosmt=force
        - x86/speculation/l1tf: Extend 64bit swap file size limit
        - x86/CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings
        - x86/cpufeatures: Add detection of L1D cache flush support.
        - x86/speculation/l1tf: Protect PAE swap entries against L1TF
        - x86/speculation/l1tf: Fix up pte->pfn conversion for PAE
        - Revert "x86/apic: Ignore secondary threads if nosmt=force"
        - SAUCE: x86/mce: register mce notifier earlier
        - cpu/hotplug: Boot HT siblings at least once
        - KVM: x86: Introducing kvm_x86_ops VM init/destroy hooks
        - x86/KVM: Warn user if KVM is loaded SMT and L1TF CPU bug being present.
        - x86/KVM/VMX: Add module argument for L1TF mitigation
        - x86/KVM/VMX: Add L1D flush algorithm
        - x86/KVM/VMX: Add L1D MSR based flush
        - x86/KVM/VMX: Add L1D flush logic
        - x86/KVM/VMX: Split the VMX MSR LOAD structures to have an host/guest numbers
        - x86/KVM/VMX: Add find_msr() helper function
        - x86/KVM/VMX: Seperate the VMX AUTOLOAD guest/host number accounting.
        - x86/KVM/VMX: Extend add_atomic_switch_msr() to allow VMENTER only MSRs
        - x86/KVM/VMX: Use MSR save list for IA32_FLUSH_CMD if required
        - cpu/hotplug: Online siblings when SMT control is turned on
        - x86/litf: Introduce vmx status variable
        - x86/kvm: Drop L1TF MSR list approach
        - x86/l1tf: Handle EPT disabled state proper
        - x86/kvm: Move l1tf setup function
        - x86/kvm: Add static key for flush always
        - x86/kvm: Serialize L1D flush parameter setter
        - x86/kvm: Allow runtime control of L1D flush
        - cpu/hotplug: Expose SMT control init function
        - cpu/hotplug: Set CPU_SMT_NOT_SUPPORTED early
        - x86/bugs, kvm: Introduce boot-time control of L1TF mitigations
        - Documentation: Add section about CPU vulnerabilities
        - x86/speculation/l1tf: Unbreak !__HAVE_ARCH_PFN_MODIFY_ALLOWED architectures
        - x86/KVM/VMX: Initialize the vmx_l1d_flush_pages' content
        - Documentation/l1tf: Fix typos
        - cpu/hotplug: detect SMT disabled by BIOS
        - x86/KVM/VMX: Don't set l1tf_flush_l1d to true from vmx_l1d_flush()
        - x86/KVM/VMX: Replace 'vmx_l1d_flush_always' with 'vmx_l1d_flush_cond'
        - x86/KVM/VMX: Move the l1tf_flush_l1d test to vmx_l1d_flush()
        - x86/irq: Demote irq_cpustat_t::__softirq_pending to u16
        - x86/KVM/VMX: Introduce per-host-cpu analogue of l1tf_flush_l1d
        - x86: Don't include linux/irq.h from asm/hardirq.h
        - x86/apic: Order irq_enter/exit() calls correctly vs. ack_APIC_irq()
        - x86/irq: Let interrupt handlers set kvm_cpu_l1tf_flush_l1d
        - x86/KVM/VMX: Don't set l1tf_flush_l1d from vmx_handle_external_intr()
        - Documentation/l1tf: Remove Yonah processors from not vulnerable list
        - x86/speculation: Simplify sysfs report of VMX L1TF vulnerability
        - x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry
        - KVM/VMX: Emulate MSR_IA32_ARCH_CAPABILITIES
        - KVM: x86: Add a framework for supporting MSR-based features
        - KVM: X86: Introduce kvm_get_msr_feature()
        - KVM: VMX: support MSR_IA32_ARCH_CAPABILITIES as a feature MSR
        - KVM: VMX: Tell the nested hypervisor to skip L1D flush on vmentry
        - cpu/hotplug: Fix SMT supported evaluation
        - x86/speculation/l1tf: Invert all not present mappings
        - x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert
        - x86/mm/pat: Ensure cpa->pfn only contains page frame numbers
        - SAUCE: Add pfn_pud() and pud_mkhuge()
        - x86/mm/pat: Make set_memory_np() L1TF safe
    
     -- Stefan Bader <email address hidden>  Wed, 08 Aug 2018 12:04:38 +0200
  • linux (4.4.0-132.158) xenial; urgency=medium
    
      * linux: 4.4.0-132.158 -proposed tracker (LP: #1784302)
    
      * locking sockets broken due to missing AppArmor socket mediation patches
        (LP: #1780227)
        - UBUNTU SAUCE: apparmor: fix apparmor mediating locking non-fs, unix sockets
    
      * Backport namespaced fscaps to xenial 4.4 (LP: #1778286)
        - Introduce v3 namespaced file capabilities
        - commoncap: move assignment of fs_ns to avoid null pointer dereference
        - capabilities: fix buffer overread on very short xattr
        - commoncap: Handle memory allocation failure.
    
      * Xenial update to 4.4.140 stable release (LP: #1784409)
        - usb: cdc_acm: Add quirk for Uniden UBC125 scanner
        - USB: serial: cp210x: add CESINEL device ids
        - USB: serial: cp210x: add Silicon Labs IDs for Windows Update
        - n_tty: Fix stall at n_tty_receive_char_special().
        - staging: android: ion: Return an ERR_PTR in ion_map_kernel
        - n_tty: Access echo_* variables carefully.
        - x86/boot: Fix early command-line parsing when matching at end
        - ath10k: fix rfc1042 header retrieval in QCA4019 with eth decap mode
        - i2c: rcar: fix resume by always initializing registers before transfer
        - ipv4: Fix error return value in fib_convert_metrics()
        - kprobes/x86: Do not modify singlestep buffer while resuming
        - nvme-pci: initialize queue memory before interrupts
        - netfilter: nf_tables: use WARN_ON_ONCE instead of BUG_ON in nft_do_chain()
        - ARM: dts: imx6q: Use correct SDMA script for SPI5 core
        - ubi: fastmap: Correctly handle interrupted erasures in EBA
        - mm: hugetlb: yield when prepping struct pages
        - tracing: Fix missing return symbol in function_graph output
        - scsi: sg: mitigate read/write abuse
        - s390: Correct register corruption in critical section cleanup
        - drbd: fix access after free
        - cifs: Fix infinite loop when using hard mount option
        - jbd2: don't mark block as modified if the handle is out of credits
        - ext4: make sure bitmaps and the inode table don't overlap with bg
          descriptors
        - ext4: always check block group bounds in ext4_init_block_bitmap()
        - ext4: only look at the bg_flags field if it is valid
        - ext4: verify the depth of extent tree in ext4_find_extent()
        - ext4: include the illegal physical block in the bad map ext4_error msg
        - ext4: clear i_data in ext4_inode_info when removing inline data
        - ext4: add more inode number paranoia checks
        - ext4: add more mount time checks of the superblock
        - ext4: check superblock mapped prior to committing
        - HID: i2c-hid: Fix "incomplete report" noise
        - HID: hiddev: fix potential Spectre v1
        - HID: debug: check length before copy_to_user()
        - x86/mce: Detect local MCEs properly
        - x86/mce: Fix incorrect "Machine check from unknown source" message
        - media: cx25840: Use subdev host data for PLL override
        - mm, page_alloc: do not break __GFP_THISNODE by zonelist reset
        - dm bufio: avoid sleeping while holding the dm_bufio lock
        - dm bufio: drop the lock when doing GFP_NOIO allocation
        - mtd: rawnand: mxc: set spare area size register explicitly
        - dm bufio: don't take the lock in dm_bufio_shrink_count
        - mtd: cfi_cmdset_0002: Change definition naming to retry write operation
        - mtd: cfi_cmdset_0002: Change erase functions to retry for error
        - mtd: cfi_cmdset_0002: Change erase functions to check chip good only
        - netfilter: nf_log: don't hold nf_log_mutex during user access
        - staging: comedi: quatech_daqp_cs: fix no-op loop daqp_ao_insn_write()
        - Linux 4.4.140
    
      * Xenial update to 4.4.139 stable release (LP: #1784382)
        - xfrm6: avoid potential infinite loop in _decode_session6()
        - netfilter: ebtables: handle string from userspace with care
        - ipvs: fix buffer overflow with sync daemon and service
        - atm: zatm: fix memcmp casting
        - net: qmi_wwan: Add Netgear Aircard 779S
        - net/sonic: Use dma_mapping_error()
        - Revert "Btrfs: fix scrub to repair raid6 corruption"
        - tcp: do not overshoot window_clamp in tcp_rcv_space_adjust()
        - Btrfs: make raid6 rebuild retry more
        - usb: musb: fix remote wakeup racing with suspend
        - bonding: re-evaluate force_primary when the primary slave name changes
        - tcp: verify the checksum of the first data segment in a new connection
        - ext4: update mtime in ext4_punch_hole even if no blocks are released
        - ext4: fix fencepost error in check for inode count overflow during resize
        - driver core: Don't ignore class_dir_create_and_add() failure.
        - btrfs: scrub: Don't use inode pages for device replace
        - ALSA: hda - Handle kzalloc() failure in snd_hda_attach_pcm_stream()
        - ALSA: hda: add dock and led support for HP EliteBook 830 G5
        - ALSA: hda: add dock and led support for HP ProBook 640 G4
        - cpufreq: Fix new policy initialization during limits updates via sysfs
        - libata: zpodd: make arrays cdb static, reduces object code size
        - libata: zpodd: small read overflow in eject_tray()
        - libata: Drop SanDisk SD7UB3Q*G1001 NOLPM quirk
        - w1: mxc_w1: Enable clock before calling clk_get_rate() on it
        - x86/spectre_v1: Disable compiler optimizations over
          array_index_mask_nospec()
        - m68k/mm: Adjust VM area to be unmapped by gap size for __iounmap()
        - serial: sh-sci: Use spin_{try}lock_irqsave instead of open coding version
        - signal/xtensa: Consistenly use SIGBUS in do_unaligned_user
        - usb: do not reset if a low-speed or full-speed device timed out
        - 1wire: family module autoload fails because of upper/lower case mismatch.
        - ASoC: dapm: delete dapm_kcontrol_data paths list before freeing it
        - ASoC: cirrus: i2s: Fix LRCLK configuration
        - ASoC: cirrus: i2s: Fix {TX|RX}LinCtrlData setup
        - lib/vsprintf: Remove atomic-unsafe support for %pCr
        - mips: ftrace: fix static function graph tracing
        - branch-check: fix long->int truncation when profiling branches
        - ipmi:bt: Set the timeout before doing a capabilities check
        - Bluetooth: hci_qca: Avoid missing rampatch failure with userspace fw loader
        - fuse: atomic_o_trunc should truncate pagecache
        - fuse: don't keep dead fuse_conn at fuse_fill_super().
        - fuse: fix control dir setup and teardown
        - powerpc/mm/hash: Add missing isync prior to kernel stack SLB switch
        - powerpc/ptrace: Fix setting 512B aligned breakpoints with
          PTRACE_SET_DEBUGREG
        - powerpc/ptrace: Fix enforcement of DAWR constraints
        - cpuidle: powernv: Fix promotion from snooze if next state disabled
        - powerpc/fadump: Unregister fadump on kexec down path.
        - ARM: 8764/1: kgdb: fix NUMREGBYTES so that gdb_regs[] is the correct size
        - of: unittest: for strings, account for trailing \0 in property length field
        - IB/qib: Fix DMA api warning with debug kernel
        - RDMA/mlx4: Discard unknown SQP work requests
        - mtd: cfi_cmdset_0002: Change write buffer to check correct value
        - mtd: cfi_cmdset_0002: Use right chip in do_ppb_xxlock()
        - mtd: cfi_cmdset_0002: fix SEGV unlocking multiple chips
        - mtd: cfi_cmdset_0002: Fix unlocking requests crossing a chip boudary
        - mtd: cfi_cmdset_0002: Avoid walking all chips when unlocking.
        - MIPS: BCM47XX: Enable 74K Core ExternalSync for PCIe erratum
        - PCI: pciehp: Clear Presence Detect and Data Link Layer Status Changed on
          resume
        - MIPS: io: Add barrier after register read in inX()
        - time: Make sure jiffies_to_msecs() preserves non-zero time periods
        - Btrfs: fix clone vs chattr NODATASUM race
        - iio:buffer: make length types match kfifo types
        - scsi: qla2xxx: Fix setting lower transfer speed if GPSC fails
        - scsi: zfcp: fix missing SCSI trace for result of eh_host_reset_handler
        - scsi: zfcp: fix missing SCSI trace for retry of abort / scsi_eh TMF
        - scsi: zfcp: fix misleading REC trigger trace where erp_action set