[ubuntu/trusty-security] linux-lts-xenial 4.4.0-47.68~14.04.1 (Accepted)

Andy Whitcroft apw at canonical.com
Wed Nov 9 16:21:29 UTC 2016


linux-lts-xenial (4.4.0-47.68~14.04.1) trusty; urgency=low

  [ Kamal Mostafa ]

  * Release Tracking Bug
    - LP: #1636951

  * Add a driver for Amazon Elastic Network Adapters (ENA) (LP: #1635721)
    - lib/bitmap.c: conversion routines to/from u32 array
    - net: ethtool: add new ETHTOOL_xLINKSETTINGS API
    - net: ena: Add a driver for Amazon Elastic Network Adapters (ENA)
    - [config] enable CONFIG_ENA_ETHERNET=m (Amazon ENA driver)

  * unexpectedly large memory usage of mounted snaps (LP: #1636847)
    - [Config] switch squashfs to single threaded decode

linux (4.4.0-46.67) xenial; urgency=low

  [ Seth Forshee ]

  * Release Tracking Bug
    - LP: #1635242

  * proc_keys_show crash when reading /proc/keys (LP: #1634496)
    - SAUCE: KEYS: ensure xbuf is large enough to fix buffer overflow in
      proc_keys_show (LP: #1634496)

  * [Trusty->Yakkety] powerpc/64: Fix incorrect return value from
    __copy_tofrom_user (LP: #1632462)
    - SAUCE: (no-up) powerpc/64: Fix incorrect return value from
      __copy_tofrom_user

  * Ubuntu 16.10: Oops panic in move_page_tables/page_remove_rmap after running
    memory_stress_ng. (LP: #1628976)
    - SAUCE: (no-up) powerpc/pseries: Fix stack corruption in htpe code

  * Paths not failed properly when unmapping virtual FC ports in VIOS (using
    ibmvfc) (LP: #1632116)
    - scsi: ibmvfc: Fix I/O hang when port is not mapped

  * PSL data cache should be flushed before resetting CAPI adapter
    (LP: #1632049)
    - cxl: Flush PSL cache before resetting the adapter

  * thunder nic: avoid link delays due to RX_PACKET_DIS (LP: #1630038)
    - net: thunderx: Don't set RX_PACKET_DIS while initializing

  * Support snaps inside of lxd containers (LP: #1611078)
    - Revert "UBUNTU: SAUCE: apparmor: fix sleep in critical section"
    - SAUCE: (no-up) apparmor: sync of apparmor 3.6 (from Ubuntu 16.10)

  * crypto/vmx/p8_ghash memory corruption (LP: #1630970)
    - crypto: ghash-generic - move common definitions to a new header file
    - crypto: vmx - Fix memory corruption caused by p8_ghash
    - crypto: vmx - Ensure ghash-generic is enabled

  * Xenial update to v4.4.24 stable release (LP: #1631468)
    - cpuset: handle race between CPU hotplug and cpuset_hotplug_work
    - mtd: nand: davinci: Reinitialize the HW ECC engine in 4bit hwctl
    - mm,ksm: fix endless looping in allocating memory when ksm enable
    - can: dev: fix deadlock reported after bus-off
    - x86/init: Fix cr4_init_shadow() on CR4-less machines
    - x86/boot: Initialize FPU and X86_FEATURE_ALWAYS even if we don't have CPUID
    - drm/nouveau/fifo/nv04: avoid ramht race against cookie insertion
    - drm/radeon/si/dpm: add workaround for for Jet parts
    - ARM: 8616/1: dt: Respect property size when parsing CPUs
    - ARM: 8617/1: dma: fix dma_max_pfn()
    - usb: musb: Fix DMA desired mode for Mentor DMA engine
    - usb: musb: fix DMA for host mode
    - iwlwifi: mvm: fix a few firmware capability checks
    - perf/core: Fix pmu::filter_match for SW-led groups
    - i40e: avoid null pointer dereference
    - pinctrl: uniphier: fix .pin_dbg_show() callback
    - pinctrl: Flag strict is a field in struct pinmux_ops
    - drivers/perf: arm_pmu: Fix leak in error path
    - mmc: pxamci: fix potential oops
    - tools/vm/slabinfo: fix an unintentional printf
    - ipvs: fix bind to link-local mcast IPv6 address in backup
    - nvmem: Declare nvmem_cell_read() consistently
    - hwmon: (adt7411) set bit 3 in CFG1 register
    - spi: sh-msiof: Avoid invalid clock generator parameters
    - iwlwifi: pcie: fix access to scratch buffer
    - iwlwifi: mvm: don't use ret when not initialised
    - ceph: fix race during filling readdir cache
    - usb: gadget: fsl_qe_udc: signedness bug in qe_get_frame()
    - gpio: sa1100: fix irq probing for ucb1x00
    - irqchip/gicv3: Silence noisy DEBUG_PER_CPU_MAPS warning
    - ARM: 8618/1: decompressor: reset ttbcr fields to use TTBR0 on ARMv7
    - arm64: debug: avoid resetting stepping state machine when TIF_SINGLESTEP
    - MIPS: uprobes: remove incorrect set_orig_insn
    - MIPS: fix uretprobe implementation
    - MIPS: Malta: Fix IOCU disable switch read for MIPS64
    - MIPS: uprobes: fix use of uninitialised variable
    - printk: fix parsing of "brl=" option
    - tpm: fix byte-order for the value read by tpm2_get_tpm_pt
    - regulator: qcom_spmi: Add support for S4 supply on pm8941
    - regulator: qcom_spmi: Add support for get_mode/set_mode on switches
    - regulator: qcom_spmi: Update mvs1/mvs2 switches on pm8941
    - regulator: qcom_smd: Fix voltage ranges for pm8x41
    - ARM: sun5i: Fix typo in trip point temperature
    - ARM: sa1100: register clocks early
    - ARM: sa1100: fix 3.6864MHz clock
    - ARM: sa1100: clear reset status prior to reboot
    - ARM: shmobile: fix regulator quirk for Gen2
    - ARM: sa1111: fix pcmcia suspend/resume
    - hwrng: omap - Fix assumption that runtime_get_sync will always succeed
    - blk-mq: actually hook up defer list when running requests
    - pstore: drop file opened reference count
    - tile: Define AT_VECTOR_SIZE_ARCH for ARCH_DLINFO
    - iwlmvm: mvm: set correct state in smart-fifo configuration
    - NFC: fdp: Detect errors from fdp_nci_create_conn()
    - em28xx-i2c: rt_mutex_trylock() returns zero on failure
    - gspca: avoid unused variable warnings
    - ath9k: Fix programming of minCCA power threshold
    - avr32: off by one in at32_init_pio()
    - fnic: pci_dma_mapping_error() doesn't return an error code
    - dmaengine: at_xdmac: fix debug string
    - svc: Avoid garbage replies when pc_func() returns rpc_drop_reply
    - NFS: Don't drop CB requests with invalid principals
    - pNFS/files: Fix layoutcommit after a commit to DS
    - pNFS/flexfiles: Fix layoutcommit after a commit to DS
    - ASoC: Intel: Skylake: Fix error return code in skl_probe()
    - brcmfmac: Fix glob_skb leak in brcmf_sdiod_recv_chain
    - brcmsmac: Free packet if dma_mapping_error() fails in dma_rxfill
    - brcmsmac: Initialize power in brcms_c_stf_ss_algo_channel_get()
    - powerpc/prom: Fix sub-processor option passed to ibm, client-architecture-
      support
    - sysctl: handle error writing UINT_MAX to u32 fields
    - ASoC: omap-mcpdm: Fix irq resource handling
    - kernel/fork: fix CLONE_CHILD_CLEARTID regression in nscd
    - dmaengine: at_xdmac: fix to pass correct device identity to free_irq()
    - KVM: nVMX: postpone VMCS changes on MSR_IA32_APICBASE write
    - IB/ipoib: Fix memory corruption in ipoib cm mode connect flow
    - IB/core: Fix use after free in send_leave function
    - IB/ipoib: Don't allow MC joins during light MC flush
    - IB/mlx4: Fix incorrect MC join state bit-masking on SR-IOV
    - IB/mlx4: Fix code indentation in QP1 MAD flow
    - IB/mlx4: Use correct subnet-prefix in QP1 mads under SR-IOV
    - batman-adv: remove unused callback from batadv_algo_ops struct
    - aio: mark AIO pseudo-fs noexec
    - clk: xgene: Add missing parenthesis when clearing divider value
    - dm log writes: fix bug with too large bios
    - USB: serial: cp210x: fix hardware flow-control disable
    - usb: misc: legousbtower: Fix NULL pointer deference
    - Staging: fbtft: Fix bug in fbtft-core
    - USB: serial: cp210x: Add ID for a Juniper console
    - Revert "usbtmc: convert to devm_kzalloc"
    - ALSA: hda - Adding one more ALC255 pin definition for headset problem
    - ACPICA: acpi_get_sleep_type_data: Reduce warnings
    - ALSA: hda - Fix headset mic detection problem for several Dell laptops
    - ALSA: hda - Add the top speaker pin config for HP Spectre x360
    - Linux 4.4.24

  * sha1-powerpc returning wrong results (LP: #1629977)
    - crypto: sha1-powerpc - little-endian support

  *  Dell Precision Trackpoint not working after suspend (LP: #1630857)
    - HID: alps: fix stick device not working after resume

  * OOPS on beaglebone on boot of 4.4.0-36-generic under snappy ubuntu core
    xenial (LP: #1625177)
    - net: ethernet: ti: cpdma: fix lockup in cpdma_ctlr_destroy()
    - drivers: net: cpsw: fix wrong regs access in cpsw_remove
    - drivers: net: cpsw: use of_platform_depopulate()
    - ARM: OMAP2+: omap_device: fix crash on omap_device removal
    - ARM: OMAP2+: Fix omap_device for module reload on PM runtime forbid
    - ARM: OMAP2+: Fix typo in omap_device.c
    - drivers: net: cpsw: fix suspend when all ethX devices are down
    - drivers: net: cpsw: fix wrong regs access in cpsw_ndo_open
    - drivers: net: cpsw: check return code from pm runtime calls
    - drivers: net: cpsw: remove pm runtime calls from suspend callbacks
    - drivers: net: cpsw: ethtool: fix accessing to suspended device
    - drivers: net: cpsw: ndev: fix accessing to suspended device
    - drivers: net: cpsw: fix kmemleak false-positive reports for sk buffers

  * Autofs parameter substitution broken in kernel 4.4.0-38 and 4.4.0-40
    (LP: #1629204)
    - SAUCE: (namespace) autofs4: Use real_cred for requestor's ids

  * Xenial update to v4.4.23 stable release (LP: #1629386)
    - include/linux/kernel.h: change abs() macro so it uses consistent return type
    - Fix build warning in kernel/cpuset.c
    - reiserfs: fix "new_insert_key may be used uninitialized ..."
    - ipv4: panic in leaf_walk_rcu due to stale node pointer
    - ipv6: release dst in ping_v6_sendmsg
    - tcp: cwnd does not increase in TCP YeAH
    - tcp: properly scale window in tcp_v[46]_reqsk_send_ack()
    - crypto: arm64/aes-ctr - fix NULL dereference in tail processing
    - crypto: arm/aes-ctr - fix NULL dereference in tail processing
    - crypto: skcipher - Fix blkcipher walk OOM crash
    - crypto: echainiv - Replace chaining with multiplication
    - ocfs2/dlm: fix race between convert and migration
    - ocfs2: fix start offset to ocfs2_zero_range_for_truncate()
    - kbuild: Do not run modules_install and install in paralel
    - Makefile: revert "Makefile: Document ability to make file.lst and file.S"
      partially
    - tools: Support relative directory path for 'O='
    - kbuild: forbid kernel directory to contain spaces and colons
    - Kbuild: disable 'maybe-uninitialized' warning for
      CONFIG_PROFILE_ALL_BRANCHES
    - gcov: disable -Wmaybe-uninitialized warning
    - Disable "maybe-uninitialized" warning globally
    - Disable "frame-address" warning
    - Makefile: Mute warning for __builtin_return_address(>0) for tracing only
    - net: caif: fix misleading indentation
    - Add braces to avoid "ambiguous ‘else’" compiler warnings
    - am437x-vfpe: fix typo in vpfe_get_app_input_index
    - ath9k: fix misleading indentation
    - iwlegacy: avoid warning about missing braces
    - Staging: iio: adc: fix indent on break statement
    - nouveau: fix nv40_perfctr_next() cleanup regression
    - bonding: Fix bonding crash
    - Revert "af_unix: Fix splice-bind deadlock"
    - af_unix: split 'u->readlock' into two: 'iolock' and 'bindlock'
    - vti: flush x-netns xfrm cache when vti interface is removed
    - net/irda: handle iriap_register_lsap() allocation failure
    - tipc: fix NULL pointer dereference in shutdown()
    - net/mlx5: Added missing check of msg length in verifying its signature
    - net: dsa: bcm_sf2: Fix race condition while unmasking interrupts
    - Revert "phy: IRQ cannot be shared"
    - net: smc91x: fix SMC accesses
    - bridge: re-introduce 'fix parsing of MLDv2 reports'
    - autofs races
    - autofs: use dentry flags to block walks during expire
    - xfs: prevent dropping ioend completions during buftarg wait
    - fsnotify: add a way to stop queueing events on group shutdown
    - fanotify: fix list corruption in fanotify_get_response()
    - fix fault_in_multipages_...() on architectures with no-op access_ok()
    - mtd: maps: sa1100-flash: potential NULL dereference
    - mtd: pmcmsp-flash: Allocating too much in init_msp_flash()
    - power: reset: hisi-reboot: Unmap region obtained by of_iomap
    - fix memory leaks in tracing_buffers_splice_read()
    - tracing: Move mutex to protect against resetting of seq data
    - mm: delete unnecessary and unsafe init_tlb_ubc()
    - can: flexcan: fix resume function
    - nl80211: validate number of probe response CSA counters
    - btrfs: ensure that file descriptor used with subvol ioctls is a dir
    - i2c-eg20t: fix race between i2c init and interrupt enable
    - i2c: qup: skip qup_i2c_suspend if the device is already runtime suspended
    - MIPS: Fix pre-r6 emulation FPU initialisation
    - MIPS: SMP: Fix possibility of deadlock when bringing CPUs online
    - MIPS: vDSO: Fix Malta EVA mapping to vDSO page structs
    - MIPS: Remove compact branch policy Kconfig entries
    - MIPS: Avoid a BUG warning during prctl(PR_SET_FP_MODE, ...)
    - MIPS: Add a missing ".set pop" in an early commit
    - MIPS: paravirt: Fix undefined reference to smp_bootstrap
    - PM / hibernate: Restore processor state before using per-CPU variables
    - PM / hibernate: Fix rtree_next_node() to avoid walking off list ends
    - power_supply: tps65217-charger: fix missing platform_set_drvdata()
    - power: supply: max17042_battery: fix model download bug.
    - qxl: check for kmap failures
    - hostfs: Freeing an ERR_PTR in hostfs_fill_sb_common()
    - Linux 4.4.23

  * Xenial update to v4.4.22 stable release (LP: #1627730)
    - ext4: use __GFP_NOFAIL in ext4_free_blocks()
    - fscrypto: add authorization check for setting encryption policy
    - clocksource/drivers/sun4i: Clear interrupts after stopping timer in probe
      function
    - MIPS: KVM: Check for pfn noslot case
    - fscrypto: require write access to mount to set encryption policy
    - lightnvm: put bio before return
    - powerpc/tm: do not use r13 for tabort_syscall
    - powerpc/mm: Don't alias user region to other regions below PAGE_OFFSET
    - kernfs: don't depend on d_find_any_alias() when generating notifications
    - pNFS: The client must not do I/O to the DS if it's lease has expired
    - NFSv4.x: Fix a refcount leak in nfs_callback_up_net
    - nfsd: Close race between nfsd4_release_lockowner and nfsd4_lock
    - pNFS: Ensure LAYOUTGET and LAYOUTRETURN are properly serialised
    - NFSv4.1: Fix the CREATE_SESSION slot number accounting
    - kexec: fix double-free when failing to relocate the purgatory
    - mm: introduce get_task_exe_file
    - audit: fix exe_file access in audit_exe_compare
    - dm flakey: fix reads to be issued if drop_writes configured
    - IB/uverbs: Fix race between uverbs_close and remove_one
    - ARC: mm: fix build breakage with STRICT_MM_TYPECHECKS
    - x86/paravirt: Do not trace _paravirt_ident_*() functions
    - x86/AMD: Apply erratum 665 on machines without a BIOS fix
    - kvm-arm: Unmap shadow pagetables properly
    - iio: accel: kxsd9: Fix raw read return
    - iio: proximity: as3935: set up buffer timestamps for non-zero values
    - iio: adc: rockchip_saradc: reset saradc controller before programming it
    - iio: adc: ti_am335x_adc: Protect FIFO1 from concurrent access
    - iio: adc: ti_am335x_adc: Increase timeout value waiting for ADC sample
    - iio: ad799x: Fix buffered capture for ad7991/ad7995/ad7999
    - iio: adc: at91: unbreak channel adc channel 3
    - iio: accel: bmc150: reset chip at init time
    - iio: fix pressure data output unit in hid-sensor-attributes
    - iio: accel: kxsd9: Fix scaling bug
    - iio:core: fix IIO_VAL_FRACTIONAL sign handling
    - iio: ensure ret is initialized to zero before entering do loop
    - serial: 8250_mid: fix divide error bug if baud rate is 0
    - serial: 8250: added acces i/o products quad and octal serial cards
    - USB: serial: simple: add support for another Infineon flashloader
    - usb: renesas_usbhs: fix clearing the {BRDY,BEMP}STS condition
    - usb: chipidea: udc: fix NULL ptr dereference in isr_setup_status_phase
    - ARM: dts: STiH410: Handle interconnect clock required by EHCI/OHCI (USB)
    - USB: change bInterval default to 10 ms
    - net: thunderx: Fix OOPs with ethtool --register-dump
    - cpuset: make sure new tasks conform to the current config of the cpuset
    - ARM: AM43XX: hwmod: Fix RSTST register offset for pruss
    - ARM: imx6: add missing BM_CLPCR_BYP_MMDC_CH0_LPM_HS setting for imx6ul
    - ARM: imx6: add missing BM_CLPCR_BYPASS_PMIC_READY setting for imx6sx
    - ARM: kirkwood: ib62x0: fix size of u-boot environment partition
    - ARM: OMAP3: hwmod data: Add sysc information for DSI
    - ARM: dts: imx6qdl: Fix SPDIF regression
    - ARM: dts: overo: fix gpmc nand cs0 range
    - ARM: dts: overo: fix gpmc nand on boards with ethernet
    - ARM: dts: STiH407-family: Provide interconnect clock for consumption in ST
      SDHCI
    - bus: arm-ccn: Fix PMU handling of MN
    - bus: arm-ccn: Do not attempt to configure XPs for cycle counter
    - bus: arm-ccn: Fix XP watchpoint settings bitmask
    - dm log writes: fix check of kthread_run() return value
    - dm log writes: move IO accounting earlier to fix error path
    - dm crypt: fix error with too large bios
    - pinctrl: pistachio: fix mfio pll_lock pinmux
    - pinctrl: sunxi: fix uart1 CTS/RTS pins at PG on A23/A33
    - arm64: spinlocks: implement smp_mb__before_spinlock() as smp_mb()
    - crypto: cryptd - initialize child shash_desc on import
    - Btrfs: remove root_log_ctx from ctx list before btrfs_sync_log returns
    - fuse: direct-io: don't dirty ITER_BVEC pages
    - xhci: fix null pointer dereference in stop command timeout function
    - md-cluster: make md-cluster also can work when compiled into kernel
    - ath9k: fix using sta->drv_priv before initializing it
    - Revert "wext: Fix 32 bit iwpriv compatibility issue with 64 bit Kernel"
    - sched/core: Fix a race between try_to_wake_up() and a woken up task
    - ipv6: addrconf: fix dev refcont leak when DAD failed
    - gma500: remove annoying deprecation warning
    - mpssd: fix buffer overflow warning
    - drm/i915: Avoid pointer arithmetic in calculating plane surface offset
    - mmc: dw_mmc: use resource_size_t to store physical address
    - pinctrl: at91-pio4: use %pr format string for resource
    - soc: qcom/spm: shut up uninitialized variable warning
    - kconfig: tinyconfig: provide whole choice blocks to avoid warnings
    - net: simplify napi_synchronize() to avoid warnings
    - drm: atmel-hlcdc: Fix vertical scaling
    - drm: Only use compat ioctl for addfb2 on X86/IA64
    - genirq: Provide irq_gc_{lock_irqsave,unlock_irqrestore}() helpers
    - irqchip/atmel-aic: Fix potential deadlock in ->xlate()
    - fix iov_iter_fault_in_readable()
    - microblaze: fix __get_user()
    - avr32: fix copy_from_user()
    - microblaze: fix copy_from_user()
    - fix minor infoleak in get_user_ex()
    - mn10300: failing __get_user() and get_user() should zero
    - m32r: fix __get_user()
    - sh64: failing __get_user() should zero
    - nios2: fix __get_user()
    - score: fix __get_user/get_user
    - s390: get_user() should zero on failure
    - ARC: uaccess: get_user to zero out dest in cause of fault
    - asm-generic: make get_user() clear the destination on errors
    - frv: fix clear_user()
    - cris: buggered copy_from_user/copy_to_user/clear_user
    - blackfin: fix copy_from_user()
    - score: fix copy_from_user() and friends
    - sh: fix copy_from_user()
    - hexagon: fix strncpy_from_user() error return
    - mips: copy_from_user() must zero the destination on access_ok() failure
    - asm-generic: make copy_from_user() zero the destination properly
    - alpha: fix copy_from_user()
    - metag: copy_from_user() should zero the destination on access_ok() failure
    - parisc: fix copy_from_user()
    - openrisc: fix copy_from_user()
    - nios2: copy_from_user() should zero the tail of destination
    - mn10300: copy_from_user() should zero on access_ok() failure...
    - sparc32: fix copy_from_user()
    - ppc32: fix copy_from_user()
    - genirq/msi: Fix broken debug output
    - ia64: copy_from_user() should zero the destination on access_ok() failure
    - avr32: fix 'undefined reference to `___copy_from_user'
    - openrisc: fix the fix of copy_from_user()
    - Linux 4.4.22

  * AES-XTS poor performance in Ubuntu 16.04 (LP: #1613295)
    - crypto: vmx - fix null dereference in p8_aes_xts_crypt

  * i40e/setting some ethtool features and remove module right after (modprobe
    -r) lead to crash in systems with more than 127 CPUs (LP: #1626782)
    - i40e: Fix errors resulted while turning off TSO

  * STC860:alpine-pdq:alpdq5p03: kernel panic when adding vnic (LP: #1626222)
    - ibmvnic: fix to use list_for_each_safe() when delete items

  * Stratton: ISST-LTE:UbuntuKVM: Failed to hotplug virtual devices to guest
    running Ubuntu 16.04.1 on UbuntuKVM16.04.1 #179 (LP: #1625986)
    - PCI: rpaphp: Fix slot registration for multiple slots under a PHB

  * nvme: Missing patch in Ubuntu-4.4.0-41.61 (LP: #1628520)
    - nvme: Call pci_disable_device on the error path.

linux (4.4.0-45.66) xenial; urgency=low

  * CVE-2016-5195
    - SAUCE: mm: remove gup_flags FOLL_WRITE games from __get_user_pages()

  * srcname from mount rule corrupted under load (LP: #1634753)
    - SAUCE: apparmor: fix sleep in critical section

Date: 2016-10-26 19:37:15.998265+00:00
Changed-By: Kamal Mostafa <kamal at canonical.com>
Signed-By: Andy Whitcroft <apw at canonical.com>
https://launchpad.net/ubuntu/+source/linux-lts-xenial/4.4.0-47.68~14.04.1
-------------- next part --------------
Sorry, changesfile not available.


More information about the Trusty-changes mailing list