[ubuntu/bionic-security] linux-raspi-5.4 5.4.0-1047.52~18.04.1 (Accepted)

Andy Whitcroft apw at canonical.com
Wed Dec 1 20:32:49 UTC 2021

linux-raspi-5.4 (5.4.0-1047.52~18.04.1) bionic; urgency=medium

  * bionic/linux-raspi-5.4: 5.4.0-1047.52~18.04.1 -proposed tracker
    (LP: #1952092)

  [ Ubuntu: 5.4.0-1047.52 ]

  * focal/linux-raspi: 5.4.0-1047.52 -proposed tracker (LP: #1952046)
  * Packaging resync (LP: #1786013)
    - [Packaging] update Ubuntu.md
  * Miscellaneous Ubuntu changes
    - SAUCE: Revert "Bluetooth: hci_ldisc: require CAP_NET_ADMIN to attach N_HCI
  * focal/linux: 5.4.0-91.102 -proposed tracker (LP: #1949840)
  * Packaging resync (LP: #1786013)
    - [Packaging] update Ubuntu.md
    - debian/dkms-versions -- update from kernel-versions (main/2021.11.08)
  * KVM emulation failure when booting into  VM crash kernel with multiple CPUs
    (LP: #1948862)
    - KVM: x86: Properly reset MMU context at vCPU RESET/INIT
  * aufs: kernel bug with apparmor and fuseblk (LP: #1948470)
    - SAUCE: aufs: bugfix, stop omitting path->mnt
  * ebpf:  bpf_redirect fails with ip6 gre interfaces (LP: #1947164)
    - net: handle ARPHRD_IP6GRE in dev_is_mac_header_xmit()
  * require CAP_NET_ADMIN to attach N_HCI ldisc (LP: #1949516)
    - Bluetooth: hci_ldisc: require CAP_NET_ADMIN to attach N_HCI ldisc
  * ACL updates on OCFS2 are not revalidated (LP: #1947161)
    - ocfs2: fix remounting needed after setfacl command
  * ppc64 BPF JIT mod by 1 will not return 0 (LP: #1948351)
    - powerpc/bpf: Fix BPF_MOD when imm == 1
  * Drop "UBUNTU: SAUCE: cachefiles: Page leaking in
    cachefiles_read_backing_file while vmscan is active" (LP: #1947709)
    - Revert "UBUNTU: SAUCE: cachefiles: Page leaking in
      cachefiles_read_backing_file while vmscan is active"
  * Reassign I/O Path of ConnectX-5 Port 1 before Port 2 causes NULL dereference
    (LP: #1943464)
    - s390/pci: fix leak of PCI device structure
    - s390/pci: fix use after free of zpci_dev
    - s390/pci: fix zpci_zdev_put() on reserve
  * [SRU][F] USB: serial: pl2303: add support for PL2303HXN (LP: #1948377)
    - USB: serial: pl2303: add support for PL2303HXN
    - USB: serial: pl2303: fix line-speed handling on newer chips
  * Focal update: v5.4.151 upstream stable release (LP: #1947888)
    - tty: Fix out-of-bound vmalloc access in imageblit
    - cpufreq: schedutil: Use kobject release() method to free sugov_tunables
    - cpufreq: schedutil: Destroy mutex before kobject_put() frees the memory
    - usb: cdns3: fix race condition before setting doorbell
    - fs-verity: fix signed integer overflow with i_size near S64_MAX
    - hwmon: (w83793) Fix NULL pointer dereference by removing unnecessary
      structure field
    - hwmon: (w83792d) Fix NULL pointer dereference by removing unnecessary
      structure field
    - hwmon: (w83791d) Fix NULL pointer dereference by removing unnecessary
      structure field
    - scsi: ufs: Fix illegal offset in UPIU event trace
    - mac80211: fix use-after-free in CCMP/GCMP RX
    - x86/kvmclock: Move this_cpu_pvti into kvmclock.h
    - drm/amd/display: Pass PCI deviceid into DC
    - ipvs: check that ip_vs_conn_tab_bits is between 8 and 20
    - hwmon: (mlxreg-fan) Return non-zero value when fan current state is enforced
      from sysfs
    - mac80211: Fix ieee80211_amsdu_aggregate frag_tail bug
    - mac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap
    - mac80211: mesh: fix potentially unaligned access
    - mac80211-hwsim: fix late beacon hrtimer handling
    - sctp: break out if skb_header_pointer returns NULL in sctp_rcv_ootb
    - hwmon: (tmp421) report /PVLD condition as fault
    - hwmon: (tmp421) fix rounding for negative values
    - net: ipv4: Fix rtnexthop len when RTA_FLOW is present
    - e100: fix length calculation in e100_get_regs_len
    - e100: fix buffer overrun in e100_get_regs
    - selftests, bpf: test_lwt_ip_encap: Really disable rp_filter
    - scsi: csiostor: Add module softdep on cxgb4
    - net: hns3: do not allow call hns3_nic_net_open repeatedly
    - net: sched: flower: protect fl_walk() with rcu
    - af_unix: fix races in sk_peer_pid and sk_peer_cred accesses
    - perf/x86/intel: Update event constraints for ICX
    - elf: don't use MAP_FIXED_NOREPLACE for elf interpreter mappings
    - debugfs: debugfs_create_file_size(): use IS_ERR to check for error
    - ipack: ipoctal: fix stack information leak
    - ipack: ipoctal: fix tty registration race
    - ipack: ipoctal: fix tty-registration error handling
    - ipack: ipoctal: fix missing allocation-failure check
    - ipack: ipoctal: fix module reference leak
    - ext4: fix loff_t overflow in ext4_max_bitmap_size()
    - ext4: fix reserved space counter leakage
    - ext4: fix potential infinite loop in ext4_dx_readdir()
    - HID: u2fzero: ignore incomplete packets without data
    - net: udp: annotate data race around udp_sk(sk)->corkflag
    - net: stmmac: don't attach interface until resume finishes
    - PCI: Fix pci_host_bridge struct device release/free handling
    - libnvdimm/pmem: Fix crash triggered when I/O in-flight during unbind
    - hso: fix bailout in error case of probe
    - usb: hso: fix error handling code of hso_create_net_device
    - usb: hso: remove the bailout parameter
    - crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()
    - HID: betop: fix slab-out-of-bounds Write in betop_probe
    - netfilter: ipset: Fix oversized kvmalloc() calls
    - HID: usbhid: free raw_report buffers in usbhid_stop
    - Linux 5.4.151
  * Focal update: v5.4.150 upstream stable release (LP: #1947886)
    - usb: gadget: r8a66597: fix a loop in set_feature()
    - usb: dwc2: gadget: Fix ISOC flow for BDMA and Slave
    - usb: dwc2: gadget: Fix ISOC transfer complete handling for DDMA
    - usb: musb: tusb6010: uninitialized data in tusb_fifo_write_unaligned()
    - cifs: fix incorrect check for null pointer in header_assemble
    - xen/x86: fix PV trap handling on secondary processors
    - usb-storage: Add quirk for ScanLogic SL11R-IDE older than 2.6c
    - USB: serial: cp210x: add ID for GW Instek GDM-834x Digital Multimeter
    - USB: cdc-acm: fix minor-number release
    - binder: make sure fd closes complete
    - staging: greybus: uart: fix tty use after free
    - Re-enable UAS for LaCie Rugged USB3-FW with fk quirk
    - USB: serial: mos7840: remove duplicated 0xac24 device ID
    - USB: serial: option: add Telit LN920 compositions
    - USB: serial: option: remove duplicate USB device ID
    - USB: serial: option: add device id for Foxconn T99W265
    - mcb: fix error handling in mcb_alloc_bus()
    - erofs: fix up erofs_lookup tracepoint
    - btrfs: prevent __btrfs_dump_space_info() to underflow its free space
    - serial: mvebu-uart: fix driver's tx_empty callback
    - net: hso: fix muxed tty registration
    - afs: Fix incorrect triggering of sillyrename on 3rd-party invalidation
    - platform/x86/intel: punit_ipc: Drop wrong use of ACPI_PTR()
    - enetc: Fix illegal access when reading affinity_hint
    - bnxt_en: Fix TX timeout when TX ring size is set to the smallest
    - net/smc: add missing error check in smc_clc_prfx_set()
    - gpio: uniphier: Fix void functions to remove return value
    - qed: rdma - don't wait for resources under hw error recovery flow
    - net/mlx4_en: Don't allow aRFS for encapsulated packets
    - scsi: iscsi: Adjust iface sysfs attr detection
    - tty: synclink_gt, drop unneeded forward declarations
    - tty: synclink_gt: rename a conflicting function name
    - fpga: machxo2-spi: Return an error on failure
    - fpga: machxo2-spi: Fix missing error code in machxo2_write_complete()
    - thermal/core: Potential buffer overflow in thermal_build_list_of_policies()
    - cifs: fix a sign extension bug
    - scsi: qla2xxx: Restore initiator in dual mode
    - scsi: lpfc: Use correct scnprintf() limit
    - irqchip/goldfish-pic: Select GENERIC_IRQ_CHIP to fix build
    - irqchip/gic-v3-its: Fix potential VPE leak on error
    - md: fix a lock order reversal in md_alloc
    - blktrace: Fix uaf in blk_trace access after removing by sysfs
    - net: macb: fix use after free on rmmod
    - net: stmmac: allow CSR clock of 300MHz
    - m68k: Double cast io functions to unsigned long
    - ipv6: delay fib6_sernum increase in fib6_add
    - bpf: Add oversize check before call kvcalloc()
    - xen/balloon: use a kernel thread instead a workqueue
    - nvme-multipath: fix ANA state updates when a namespace is not present
    - sparc32: page align size in arch_dma_alloc
    - blk-cgroup: fix UAF by grabbing blkcg lock before destroying blkg pd
    - compiler.h: Introduce absolute_pointer macro
    - net: i825xx: Use absolute_pointer for memcpy from fixed memory location
    - sparc: avoid stringop-overread errors
    - qnx4: avoid stringop-overread errors
    - parisc: Use absolute_pointer() to define PAGE0
    - arm64: Mark __stack_chk_guard as __ro_after_init
    - alpha: Declare virt_to_phys and virt_to_bus parameter as pointer to volatile
    - net: 6pack: Fix tx timeout and slot time
    - spi: Fix tegra20 build with CONFIG_PM=n
    - EDAC/synopsys: Fix wrong value type assignment for edac_mode
    - thermal/drivers/int340x: Do not set a wrong tcc offset on resume
    - arm64: dts: marvell: armada-37xx: Extend PCIe MEM space
    - xen/balloon: fix balloon kthread freezing
    - qnx4: work around gcc false positive warning bug
    - Linux 5.4.150
  * ACL updates on OCFS2 are not revalidated (LP: #1947161) // Focal update:
    v5.4.150 upstream stable release (LP: #1947886)
    - ocfs2: drop acl cache for directories too
  * Focal update: v5.4.149 upstream stable release (LP: #1947885)
    - PCI: pci-bridge-emul: Fix big-endian support
    - PCI: aardvark: Indicate error in 'val' when config read fails
    - PCI: pci-bridge-emul: Add PCIe Root Capabilities Register
    - PCI: aardvark: Fix reporting CRS value
    - PCI/ACPI: Add Ampere Altra SOC MCFG quirk
    - KVM: remember position in kvm->vcpus array
    - console: consume APC, DM, DCS
    - s390/pci_mmio: fully validate the VMA before calling follow_pte()
    - ARM: Qualify enabling of swiotlb_init()
    - apparmor: remove duplicate macro list_entry_is_head()
    - ARM: 9077/1: PLT: Move struct plt_entries definition to header
    - ARM: 9078/1: Add warn suppress parameter to arm_gen_branch_link()
    - ARM: 9079/1: ftrace: Add MODULE_PLTS support
    - ARM: 9098/1: ftrace: MODULE_PLT: Fix build problem without DYNAMIC_FTRACE
    - sctp: validate chunk size in __rcv_asconf_lookup
    - sctp: add param size validation for SCTP_PARAM_SET_PRIMARY
    - staging: rtl8192u: Fix bitwise vs logical operator in
    - um: virtio_uml: fix memory leak on init failures
    - dmaengine: acpi: Avoid comparison GSI with Linux vIRQ
    - thermal/drivers/exynos: Fix an error code in exynos_tmu_probe()
    - 9p/trans_virtio: Remove sysfs file on probe failure
    - prctl: allow to setup brk for et_dyn executables
    - nilfs2: use refcount_dec_and_lock() to fix potential UAF
    - profiling: fix shift-out-of-bounds bugs
    - pwm: lpc32xx: Don't modify HW state in .probe() after the PWM chip was
    - phy: avoid unnecessary link-up delay in polling mode
    - net: stmmac: reset Tx desc base address before restarting Tx
    - Kconfig.debug: drop selecting non-existing HARDLOCKUP_DETECTOR_ARCH
    - thermal/core: Fix thermal_cooling_device_register() prototype
    - drivers: base: cacheinfo: Get rid of DEFINE_SMP_CALL_CACHE_FUNCTION()
    - parisc: Move pci_dev_is_behind_card_dino to where it is used
    - dmaengine: sprd: Add missing MODULE_DEVICE_TABLE
    - dmaengine: ioat: depends on !UML
    - dmaengine: xilinx_dma: Set DMA mask for coherent APIs
    - ceph: request Fw caps before updating the mtime in ceph_write_iter
    - ceph: lockdep annotations for try_nonblocking_invalidate
    - btrfs: fix lockdep warning while mounting sprout fs
    - nilfs2: fix memory leak in nilfs_sysfs_create_device_group
    - nilfs2: fix NULL pointer in nilfs_##name##_attr_release
    - nilfs2: fix memory leak in nilfs_sysfs_create_##name##_group
    - nilfs2: fix memory leak in nilfs_sysfs_delete_##name##_group
    - nilfs2: fix memory leak in nilfs_sysfs_create_snapshot_group
    - nilfs2: fix memory leak in nilfs_sysfs_delete_snapshot_group
    - pwm: img: Don't modify HW state in .remove() callback
    - pwm: rockchip: Don't modify HW state in .remove() callback
    - pwm: stm32-lp: Don't modify HW state in .remove() callback
    - blk-throttle: fix UAF by deleteing timer in blk_throtl_exit()
    - rtc: rx8010: select REGMAP_I2C
    - drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV
    - Linux 5.4.149

Date: 2021-11-24 12:26:13.640118+00:00
Changed-By: Juerg Haefliger <juergh at canonical.com>
Signed-By: Andy Whitcroft <apw at canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Bionic-changes mailing list