[ubuntu/trusty-security] linux-lts-xenial 4.4.0-57.78~14.04.1 (Accepted)

Steve Langasek steve.langasek at canonical.com
Tue Dec 20 18:51:35 UTC 2016


linux-lts-xenial (4.4.0-57.78~14.04.1) trusty; urgency=low

  * Release Tracking Bug
    - LP: #1648876

  * Miscellaneous Ubuntu changes
    - SAUCE: Do not build the xr-usb-serial driver for s390

linux (4.4.0-56.77) xenial; urgency=low

  * Release Tracking Bug
    - LP: #1648867

  * Release Tracking Bug
    - LP: #1648579

  * CONFIG_NR_CPUS=256 is too low (LP: #1579205)
    - [Config] Increase the NR_CPUS to 512 for amd64 to support systems with a
      large number of cores.

  * NVMe drives in Amazon AWS instance fail to initialize (LP: #1648449)
    - SAUCE: (no-up) NVMe: only setup MSIX once

linux (4.4.0-55.76) xenial; urgency=low

  [ Luis Henriques ]

  * Release Tracking Bug
    - LP: #1648503

  * NVMe driver accidentally reverted to use GSI instead of MSIX (LP: #1647887)
    - (fix) NVMe: restore code to always use MSI/MSI-x interrupts

linux (4.4.0-54.75) xenial; urgency=low

  [ Luis Henriques ]

  * Release Tracking Bug
    - LP: #1648017

  * Update hio driver to 2.1.0.28 (LP: #1646643)
    - SAUCE: hio: update to Huawei ES3000_V2 (2.1.0.28)

  * linux: Enable live patching for all supported architectures (LP: #1633577)
    - [Config] CONFIG_LIVEPATCH=y for s390x

  * Botched backport breaks level triggered EOIs in QEMU guests with --machine
    kernel_irqchip=split (LP: #1644394)
    - kvm/irqchip: kvm_arch_irq_routing_update renaming split

  * Xenial update to v4.4.35 stable release (LP: #1645453)
    - x86/cpu/AMD: Fix cpu_llc_id for AMD Fam17h systems
    - KVM: x86: fix missed SRCU usage in kvm_lapic_set_vapic_addr
    - KVM: Disable irq while unregistering user notifier
    - fuse: fix fuse_write_end() if zero bytes were copied
    - mfd: intel-lpss: Do not put device in reset state on suspend
    - can: bcm: fix warning in bcm_connect/proc_register
    - i2c: mux: fix up dependencies
    - kbuild: add -fno-PIE
    - scripts/has-stack-protector: add -fno-PIE
    - x86/kexec: add -fno-PIE
    - kbuild: Steal gcc's pie from the very beginning
    - ext4: sanity check the block and cluster size at mount time
    - crypto: caam - do not register AES-XTS mode on LP units
    - drm/amdgpu: Attach exclusive fence to prime exported bo's. (v5)
    - clk: mmp: pxa910: fix return value check in pxa910_clk_init()
    - clk: mmp: pxa168: fix return value check in pxa168_clk_init()
    - clk: mmp: mmp2: fix return value check in mmp2_clk_init()
    - rtc: omap: Fix selecting external osc
    - iwlwifi: pcie: fix SPLC structure parsing
    - mfd: core: Fix device reference leak in mfd_clone_cell
    - uwb: fix device reference leaks
    - PM / sleep: fix device reference leak in test_suspend
    - PM / sleep: don't suspend parent when async child suspend_{noirq, late}
      fails
    - IB/mlx4: Check gid_index return value
    - IB/mlx4: Fix create CQ error flow
    - IB/mlx5: Use cache line size to select CQE stride
    - IB/mlx5: Fix fatal error dispatching
    - IB/core: Avoid unsigned int overflow in sg_alloc_table
    - IB/uverbs: Fix leak of XRC target QPs
    - IB/cm: Mark stale CM id's whenever the mad agent was unregistered
    - netfilter: nft_dynset: fix element timeout for HZ != 1000
    - Linux 4.4.35

  * Upstream stable 4.4.34 and 4.8.10 regression (LP: #1645278)
    - flow_dissect: call init_default_flow_dissectors() earlier

  * AD5593R configurable multi-channel converter support (LP: #1644726)
    - iio: dac: Add support for the AD5592R/AD5593R ADCs/DACs
    - iio: dac: ad5592r: Off by one bug in ad5592r_alloc_channels()
    - [Config] CONFIG_AD5592R/AD5593R=m

  * ST Micro lps22hb pressure sensor support (LP: #1642258)
    - iio:st_pressure:initial lps22hb sensor support
    - iio:st_pressure: align storagebits on power of 2
    - iio:st_pressure: document sampling gains
    - iio:st_pressure:lps22hb: temperature support

  * Fix Kernel Crashing under IBM Virtual Scsi Driver (LP: #1642299)
    - SAUCE: ibmvscsis: Rearrange functions for future patches
    - SAUCE: ibmvscsis: Synchronize cmds at tpg_enable_store time
    - SAUCE: ibmvscsis: Synchronize cmds at remove time
    - SAUCE: ibmvscsis: Clean up properly if target_submit_cmd/tmr fails
    - SAUCE: ibmvscsis: Return correct partition name/# to client
    - SAUCE: ibmvscsis: Issues from Dan Carpenter/Smatch

  * System stalls when creating device node on booting (LP: #1643797)
    - sched/fair: Fix new task's load avg removed from source CPU in
      wake_up_new_task()

  * nvme: improve performance for virtual Google NVMe devices (LP: #1637565)
    - blk-mq: add blk_mq_alloc_request_hctx
    - nvme.h: add NVMe over Fabrics definitions
    - [Config] CONFIG_NVME_VENDOR_EXT_GOOGLE=y
    - SAUCE: nvme: improve performance for virtual NVMe devices

  * Move some kernel modules to the main kernel package (LP: #1642228)
    - [Config] Move some powerpc kernel modules to the main kernel package

  * sched: Match-all classifier is missing in xenial (LP: #1642514)
    - [Config] CONFIG_NET_CLS_MATCHALL=m
    - net/sched: introduce Match-all classifier

  * Xenial update to 4.4.34 stable release (LP: #1643637)
    - dctcp: avoid bogus doubling of cwnd after loss
    - net: clear sk_err_soft in sk_clone_lock()
    - net: mangle zero checksum in skb_checksum_help()
    - bgmac: stop clearing DMA receive control register right after it is set
    - ip6_tunnel: Clear IP6CB in ip6tunnel_xmit()
    - tcp: fix potential memory corruption
    - dccp: do not send reset to already closed sockets
    - dccp: fix out of bound access in dccp_v4_err()
    - ipv6: dccp: fix out of bound access in dccp_v6_err()
    - ipv6: dccp: add missing bind_conflict to dccp_ipv6_mapped
    - sctp: assign assoc_id earlier in __sctp_connect
    - fib_trie: Correct /proc/net/route off by one error
    - sock: fix sendmmsg for partial sendmsg
    - net: __skb_flow_dissect() must cap its return value
    - ipv4: use new_gw for redirect neigh lookup
    - tcp: take care of truncations done by sk_filter()
    - tty: Prevent ldisc drivers from re-using stale tty fields
    - sparc: Don't leak context bits into thread->fault_address
    - sparc: serial: sunhv: fix a double lock bug
    - sparc64 mm: Fix base TSB sizing when hugetlb pages are used
    - sparc: Handle negative offsets in arch_jump_label_transform
    - sparc64: Handle extremely large kernel TSB range flushes sanely.
    - sparc64: Fix illegal relative branches in hypervisor patched TLB code.
    - sparc64: Fix instruction count in comment for
      __hypervisor_flush_tlb_pending.
    - sparc64: Fix illegal relative branches in hypervisor patched TLB cross-call
      code.
    - sparc64: Handle extremely large kernel TLB range flushes more gracefully.
    - sparc64: Delete __ret_efault.
    - sparc64: Prepare to move to more saner user copy exception handling.
    - sparc64: Convert copy_in_user to accurate exception reporting.
    - sparc64: Convert GENcopy_{from,to}_user to accurate exception reporting.
    - sparc64: Convert U1copy_{from,to}_user to accurate exception reporting.
    - sparc64: Convert NG4copy_{from,to}_user to accurate exception reporting.
    - sparc64: Convert NGcopy_{from,to}_user to accurate exception reporting.
    - sparc64: Convert NG2copy_{from,to}_user to accurate exception reporting.
    - sparc64: Convert U3copy_{from,to}_user to accurate exception reporting.
    - sparc64: Delete now unused user copy assembler helpers.
    - sparc64: Delete now unused user copy fixup functions.
    - Linux 4.4.34

  * Xenial update to v4.4.33 stable release (LP: #1642968)
    - ALSA: info: Return error for invalid read/write
    - ALSA: info: Limit the proc text input size
    - ASoC: cs4270: fix DAPM stream name mismatch
    - dib0700: fix nec repeat handling
    - swapfile: fix memory corruption via malformed swapfile
    - coredump: fix unfreezable coredumping task
    - s390/hypfs: Use get_free_page() instead of kmalloc to ensure page alignment
    - ARC: timer: rtc: implement read loop in "C" vs. inline asm
    - pinctrl: cherryview: Serialize register access in suspend/resume
    - pinctrl: cherryview: Prevent possible interrupt storm on resume
    - staging: iio: ad5933: avoid uninitialized variable in error case
    - drivers: staging: nvec: remove bogus reset command for PS/2 interface
    - Revert "staging: nvec: ps2: change serio type to passthrough"
    - staging: nvec: remove managed resource from PS2 driver
    - USB: cdc-acm: fix TIOCMIWAIT
    - usb: gadget: u_ether: remove interrupt throttling
    - drbd: Fix kernel_sendmsg() usage - potential NULL deref
    - toshiba-wmi: Fix loading the driver on non Toshiba laptops
    - clk: qoriq: Don't allow CPU clocks higher than starting value
    - iio: hid-sensors: Increase the precision of scale to fix wrong reading
      interpretation.
    - iio: orientation: hid-sensor-rotation: Add PM function (fix non working
      driver)
    - scsi: qla2xxx: Fix scsi scan hang triggered if adapter fails during init
    - scsi: mpt3sas: Fix for block device of raid exists even after deleting raid
      disk
    - KVM: MIPS: Precalculate MMIO load resume PC
    - drm/i915: Respect alternate_ddc_pin for all DDI ports
    - dmaengine: at_xdmac: fix spurious flag status for mem2mem transfers
    - tty/serial: at91: fix hardware handshake on Atmel platforms
    - iommu/amd: Free domain id when free a domain of struct dma_ops_domain
    - iommu/vt-d: Fix dead-locks in disable_dmar_iommu() path
    - mei: bus: fix received data size check in NFC fixup
    - lib/genalloc.c: start search from start of chunk
    - hwrng: core - Don't use a stack buffer in add_early_randomness()
    - i40e: fix call of ndo_dflt_bridge_getlink()
    - ACPI / APEI: Fix incorrect return value of ghes_proc()
    - ASoC: sun4i-codec: return error code instead of NULL when create_card fails
    - mmc: mxs: Initialize the spinlock prior to using it
    - btrfs: qgroup: Prevent qgroup->reserved from going subzero
    - netfilter: fix namespace handling in nf_log_proc_dostring
    - Linux 4.4.33

  * Xenial update to 4.4.32 stable release (LP: #1642573)
    - tcp: fix overflow in __tcp_retransmit_skb()
    - net: avoid sk_forward_alloc overflows
    - tcp: fix wrong checksum calculation on MTU probing
    - tcp: fix a compile error in DBGUNDO()
    - ip6_gre: fix flowi6_proto value in ip6gre_xmit_other()
    - ipmr, ip6mr: fix scheduling while atomic and a deadlock with ipmr_get_route
    - tg3: Avoid NULL pointer dereference in tg3_io_error_detected()
    - net: fec: set mac address unconditionally
    - net: pktgen: fix pkt_size
    - net/sched: act_vlan: Push skb->data to mac_header prior calling skb_vlan_*()
      functions
    - net: Add netdev all_adj_list refcnt propagation to fix panic
    - packet: call fanout_release, while UNREGISTERING a netdev
    - netlink: do not enter direct reclaim from netlink_dump()
    - ipv6: tcp: restore IP6CB for pktoptions skbs
    - ip6_tunnel: fix ip6_tnl_lookup
    - net: pktgen: remove rcu locking in pktgen_change_name()
    - bridge: multicast: restore perm router ports on multicast enable
    - rtnetlink: Add rtnexthop offload flag to compare mask
    - net: add recursion limit to GRO
    - ipv4: disable BH in set_ping_group_range()
    - ipv4: use the right lock for ping_group_range
    - net: sctp, forbid negative length
    - udp: fix IP_CHECKSUM handling
    - net sched filters: fix notification of filter delete with proper handle
    - sctp: validate chunk len before actually using it
    - packet: on direct_xmit, limit tso and csum to supported devices
    - of: silence warnings due to max() usage
    - Revert KVM: MIPS: Drop other CPU ASIDs on guest MMU changes
    - KVM: MIPS: Drop other CPU ASIDs on guest MMU changes
    - drm/amdgpu/dp: add back special handling for NUTMEG
    - drm/amdgpu: fix DP mode validation
    - drm/radeon: fix DP mode validation
    - scsi: megaraid_sas: fix macro MEGASAS_IS_LOGICAL to avoid regression
    - Linux 4.4.32

  * Xenial update to 4.4.31 stable release (LP: #1642572)
    - i2c: xgene: Avoid dma_buffer overrun
    - i2c: core: fix NULL pointer dereference under race condition
    - drm/dp/mst: Clear port->pdt when tearing down the i2c adapter
    - h8300: fix syscall restarting
    - libxfs: clean up _calc_dquots_per_chunk
    - mm/list_lru.c: avoid error-path NULL pointer deref
    - mm: memcontrol: do not recurse in direct reclaim
    - ALSA: usb-audio: Add quirk for Syntek STK1160
    - ALSA: hda - Merge RIRB_PRE_DELAY into CTX_WORKAROUND caps
    - ALSA: hda - Raise AZX_DCAPS_RIRB_DELAY handling into top drivers
    - ALSA: hda - allow 40 bit DMA mask for NVidia devices
    - ALSA: hda - Adding a new group of pin cfg into ALC295 pin quirk table
    - ALSA: hda - Fix headset mic detection problem for two Dell laptops
    - ANDROID: binder: Add strong ref checks
    - ANDROID: binder: Clear binder and cookie when setting handle in flat binder
      struct
    - btrfs: fix races on root_log_ctx lists
    - ubifs: Abort readdir upon error
    - ubifs: Fix regression in ubifs_readdir()
    - mei: txe: don't clean an unprocessed interrupt cause.
    - usb: gadget: function: u_ether: don't starve tx request queue
    - USB: serial: fix potential NULL-dereference at probe
    - USB: serial: ftdi_sio: add support for Infineon TriBoard TC2X7
    - xhci: use default USB_RESUME_TIMEOUT when resuming ports.
    - usb: increase ohci watchdog delay to 275 msec
    - Fix potential infoleak in older kernels
    - vt: clear selection before resizing
    - xhci: add restart quirk for Intel Wildcatpoint PCH
    - tty: limit terminal size to 4M chars
    - USB: serial: cp210x: fix tiocmget error handling
    - dm: free io_barrier after blk_cleanup_queue call
    - KVM: x86: fix wbinvd_dirty_mask use-after-free
    - KVM: MIPS: Make ERET handle ERL before EXL
    - ovl: fsync after copy-up
    - parisc: Ensure consistent state when switching to kernel stack at syscall
      entry
    - virtio_ring: Make interrupt suppression spec compliant
    - virtio: console: Unlock vqs while freeing buffers
    - dm mirror: fix read error on recovery after default leg failure
    - Input: i8042 - add XMG C504 to keyboard reset table
    - firewire: net: guard against rx buffer overflows
    - firewire: net: fix fragmented datagram_size off-by-one
    - mac80211: discard multicast and 4-addr A-MSDUs
    - scsi: megaraid_sas: Fix data integrity failure for JBOD (passthrough)
      devices
    - scsi: scsi_debug: Fix memory leak if LBP enabled and module is unloaded
    - scsi: arcmsr: Send SYNCHRONIZE_CACHE command to firmware
    - mmc: dw_mmc-pltfm: fix the potential NULL pointer dereference
    - Revert "drm/radeon: fix DP link training issue with second 4K monitor"
    - drm/radeon/si_dpm: Limit clocks on HD86xx part
    - drm/radeon/si_dpm: workaround for SI kickers
    - drm/radeon: drop register readback in cayman_cp_int_cntl_setup
    - drm/dp/mst: Check peer device type before attempting EDID read
    - perf build: Fix traceevent plugins build race
    - x86/xen: fix upper bound of pmd loop in xen_cleanhighmap()
    - powerpc/ptrace: Fix out of bounds array access warning
    - ARM: 8584/1: floppy: avoid gcc-6 warning
    - mm/cma: silence warnings due to max() usage
    - drm/exynos: fix error handling in exynos_drm_subdrv_open
    - cgroup: avoid false positive gcc-6 warning
    - smc91x: avoid self-comparison warning
    - Disable "frame-address" warning
    - UBI: fastmap: scrub PEB when bitflips are detected in a free PEB EC header
    - pwm: Unexport children before chip removal
    - usb: dwc3: Fix size used in dma_free_coherent()
    - tty: vt, fix bogus division in csi_J
    - kvm: x86: Check memopp before dereference (CVE-2016-8630)
    - ubi: fastmap: Fix add_vol() return value test in ubi_attach_fastmap()
    - HID: usbhid: add ATEN CS962 to list of quirky devices
    - Linux 4.4.31

  * CVE-2016-6213
    - mnt: Add a per mount namespace limit on the number of mounts

  * ThinkPad T460 hotkeys stop working in Ubuntu 16.04 (LP: #1642114)
    - thinkpad_acpi: Add support for HKEY version 0x200

  * CVE-2016-4568
    - videobuf2-v4l2: Verify planes array in buffer dequeueing

  * [SRU] Add 0cf3:e009 to btusb (LP: #1641562)
    - Bluetooth: btusb: Add support for 0cf3:e009

  * Fix resource leak in btusb (LP: #1641569)
    - SAUCE: Bluetooth: decrease refcount after use

  * WiFi LED doesn't work on some Edge Gateway units (LP: #1640418)
    - SAUCE: mwifiex: Use PCI ID instead of DMI ID to identify Edge Gateways

  * [Hyper-V] do not lose pending heartbeat vmbus packets (LP: #1632786)
    - hv: do not lose pending heartbeat vmbus packets

  * ipv6: connected routes are missing after a down/up cycle on the loopback
    (LP: #1634545)
    - ipv6: correctly add local routes when lo goes up

  * audit: prevent a new auditd to stop an old auditd still alive (LP: #1633404)
    - audit: stop an old auditd being starved out by a new auditd

  * hv_set_ifconfig script parsing fails for certain configuration
    (LP: #1640109)
    - hv_set_ifconfig -- handle DHCP interfaces correctly
    - hv_set_ifconfig -- ensure we include the last stanza

  * CVE-2016-7039 and CVE-2016-8666 (LP: #1631287)
    - Revert "UBUNTU: SAUCE: net: add recursion limit to GRO"

linux (4.4.0-53.74) xenial; urgency=low

  * CVE-2016-8655 (LP: #1646318)
    - packet: fix race condition in packet_set_ring

Date: 2016-12-10 00:09:12.926038+00:00
Changed-By: Brad Figg <brad.figg at canonical.com>
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/linux-lts-xenial/4.4.0-57.78~14.04.1
-------------- next part --------------
Sorry, changesfile not available.


More information about the Trusty-changes mailing list