[ubuntu/xenial-security] linux-raspi2 4.4.0-1071.79 (Accepted)

Łukasz Zemczak lukasz.zemczak at canonical.com
Mon Aug 28 10:36:17 UTC 2017


linux-raspi2 (4.4.0-1071.79) xenial; urgency=low

  * linux-raspi2: 4.4.0-1071.79 -proposed tracker (LP: #1709298)

  * Board hangs with 'dtoverlay=vc4-kms-v3d' while writing to /dev/fb0
    (LP: #1708417)
    - drm/fb_cma_helper: Implement fb_mmap callback

  * Snapcraft.yaml update (LP: #1700577)
    - snapcraft.yaml: various improvements

  [ Ubuntu: 4.4.0-93.116 ]

  * linux: 4.4.0-93.116 -proposed tracker (LP: #1709296)
  * Creating conntrack entry failure with kernel 4.4.0-89 (LP: #1709032)
    - Revert "Revert "netfilter: synproxy: fix conntrackd interaction""
    - netfilter: nf_ct_ext: fix possible panic after nf_ct_extend_unregister
  * CVE-2017-1000112
    - Revert "udp: consistently apply ufo or fragmentation"
    - udp: consistently apply ufo or fragmentation
  * CVE-2017-1000111
    - Revert "net-packet: fix race in packet_set_ring on PACKET_RESERVE"
    - packet: fix tp_reserve race in packet_set_ring
  * kernel BUG at [tty_ldisc_reinit] mm/slub.c! (LP: #1709126)
    - tty: Simplify tty_set_ldisc() exit handling
    - tty: Reset c_line from driver's init_termios
    - tty: Handle NULL tty->ldisc
    - tty: Move tty_ldisc_kill()
    - tty: Use 'disc' for line discipline index name
    - tty: Refactor tty_ldisc_reinit() for reuse
    - tty: Destroy ldisc instance on hangup
  * atheros bt failed after S3 (LP: #1706833)
    - SAUCE: Bluetooth: Make request workqueue freezable
  * The Precision Touchpad(PTP) button sends incorrect event code (LP: #1708372)
    - HID: multitouch: handle external buttons for Precision Touchpads
  * Set CONFIG_SATA_HIGHBANK=y on armhf (LP: #1703430)
    - [Config] CONFIG_SATA_HIGHBANK=y
  * xfs slab objects (memory) leak when xfs shutdown is called (LP: #1706132)
    - xfs: fix xfs_log_ticket leak in xfs_end_io() after fs shutdown
  * Adt tests of src:linux time out often on armhf lxc containers (LP: #1705495)
    - [Packaging] tests -- reduce rebuild test to one flavour
  * CVE-2017-7495
    - ext4: fix data exposure after a crash
  * ubuntu/rsi driver downlink wifi throughput drops to 5-6 Mbps when BT
    keyboard is connected (LP: #1706991)
    - SAUCE: Redpine: enable power save by default for coex mode
    - SAUCE: Redpine: uapsd configuration changes
  * [Hyper-V] hv_netvsc: Exclude non-TCP port numbers from vRSS hashing
    (LP: #1690174)
    - hv_netvsc: Exclude non-TCP port numbers from vRSS hashing
  * ath10k doesn't report full RSSI information (LP: #1706531)
    - ath10k: add per chain RSSI reporting
  * ideapad_laptop don't support v310-14isk (LP: #1705378)
    - platform/x86: ideapad-laptop: Add several models to no_hw_rfkill
  * [8087:0a2b] Failed to load bluetooth firmware(might affect some other Intel
    bt devices) (LP: #1705633)
    - Bluetooth: btintel: Create common Intel Version Read function
    - Bluetooth: Use switch statement for Intel hardware variants
    - Bluetooth: Replace constant hw_variant from Intel Bluetooth firmware
      filename
    - Bluetooth: hci_intel: Fix firmware file name to use hw_variant
    - Bluetooth: btintel: Add MODULE_FIRMWARE entries for iBT 3.5 controllers
  * xhci_hcd: ERROR Transfer event TRB DMA ptr not part of current TD ep_index 2
    comp_code 13 (LP: #1667750)
    - xhci: Bad Ethernet performance plugged in ASM1042A host
  * OpenPower: Some multipaths temporarily have only a single path
    (LP: #1696445)
    - scsi: ses: don't get power status of SES device slot on probe
  * Hotkeys on new Thinkpad systems aren't working (LP: #1705169)
    - platform/x86: thinkpad_acpi: Adding new hotkey ID for Lenovo thinkpad
    - platform/x86: thinkpad_acpi: guard generic hotkey case
    - platform/x86: thinkpad_acpi: add mapping for new hotkeys
  * CVE-2015-7837
    - SAUCE: (no-up) kexec/uefi: copy secure_boot flag in boot params across kexec
      reboot
  * misleading kernel warning skb_warn_bad_offload during checksum calculation
    (LP: #1705447)
    - net: reduce skb_warn_bad_offload() noise
  * bonding: stack dump when unregistering a netdev (LP: #1704102)
    - bonding: avoid NETDEV_CHANGEMTU event when unregistering slave
  * Ubuntu 16.04 IOB Error when the Mustang board rebooted (LP: #1693673)
    - drivers: net: xgene: Fix redundant prefetch buffer cleanup
  * Ubuntu16.04: NVMe 4K+T10 DIF/DIX format returns I/O error on dd with split
    op (LP: #1689946)
    - blk-mq: NVMe 512B/4K+T10 DIF/DIX format returns I/O error on dd with split
      op
  * linux >= 4.2: bonding 802.3ad does not work with 5G, 25G and 50G link speeds
    (LP: #1697892)
    - bonding: add 802.3ad support for 100G speeds
    - bonding: fix 802.3ad aggregator reselection
    - bonding: add 802.3ad support for 25G speeds
    - bonding: fix 802.3ad support for 5G and 50G speeds
  * Xenial update to 4.4.79 stable release (LP: #1707233)
    - disable new gcc-7.1.1 warnings for now
    - ir-core: fix gcc-7 warning on bool arithmetic
    - s5p-jpeg: don't return a random width/height
    - thermal: cpu_cooling: Avoid accessing potentially freed structures
    - ath9k: fix tx99 use after free
    - ath9k: fix tx99 bus error
    - NFC: fix broken device allocation
    - NFC: nfcmrvl_uart: add missing tty-device sanity check
    - NFC: nfcmrvl: do not use device-managed resources
    - NFC: nfcmrvl: use nfc-device for firmware download
    - NFC: nfcmrvl: fix firmware-management initialisation
    - nfc: Ensure presence of required attributes in the activate_target handler
    - nfc: Fix the sockaddr length sanitization in llcp_sock_connect
    - NFC: Add sockaddr length checks before accessing sa_family in bind handlers
    - perf intel-pt: Move decoder error setting into one condition
    - perf intel-pt: Improve sample timestamp
    - perf intel-pt: Fix missing stack clear
    - perf intel-pt: Ensure IP is zero when state is INTEL_PT_STATE_NO_IP
    - perf intel-pt: Clear FUP flag on error
    - Bluetooth: use constant time memory comparison for secret values
    - wlcore: fix 64K page support
    - ASoC: compress: Derive substream from stream based on direction
    - PM / Domains: Fix unsafe iteration over modified list of device links
    - PM / Domains: Fix unsafe iteration over modified list of domain providers
    - scsi: ses: do not add a device to an enclosure if enclosure_add_links()
      fails.
    - iscsi-target: Add login_keys_workaround attribute for non RFC initiators
    - powerpc/64: Fix atomic64_inc_not_zero() to return an int
    - powerpc: Fix emulation of mcrf in emulate_step()
    - powerpc: Fix emulation of mfocrf in emulate_step()
    - powerpc/asm: Mark cr0 as clobbered in mftb()
    - af_key: Fix sadb_x_ipsecrequest parsing
    - PCI/PM: Restore the status of PCI devices across hibernation
    - ipvs: SNAT packet replies only for NATed connections
    - xhci: fix 20000ms port resume timeout
    - xhci: Fix NULL pointer dereference when cleaning up streams for removed host
    - usb: storage: return on error to avoid a null pointer dereference
    - USB: cdc-acm: add device-id for quirky printer
    - usb: renesas_usbhs: fix usbhsc_resume() for !USBHSF_RUNTIME_PWCTRL
    - usb: renesas_usbhs: gadget: disable all eps when the driver stops
    - md: don't use flush_signals in userspace processes
    - x86/xen: allow userspace access during hypercalls
    - cx88: Fix regression in initial video standard setting
    - Raid5 should update rdev->sectors after reshape
    - s390/syscalls: Fix out of bounds arguments access
    - drm/amd/amdgpu: Return error if initiating read out of range on vram
    - drm/radeon/ci: disable mclk switching for high refresh rates (v2)
    - drm/radeon: Fix eDP for single-display iMac10,1 (v2)
    - ipmi: use rcu lock around call to intf->handlers->sender()
    - ipmi:ssif: Add missing unlock in error branch
    - f2fs: Don't clear SGID when inheriting ACLs
    - vfio: Fix group release deadlock
    - vfio: New external user group/file match
    - ftrace: Fix uninitialized variable in match_records()
    - MIPS: Fix mips_atomic_set() retry condition
    - MIPS: Fix mips_atomic_set() with EVA
    - MIPS: Negate error syscall return in trace
    - x86/acpi: Prevent out of bound access caused by broken ACPI tables
    - x86/ioapic: Pass the correct data to unmask_ioapic_irq()
    - MIPS: Fix MIPS I ISA /proc/cpuinfo reporting
    - MIPS: Save static registers before sysmips
    - MIPS: Actually decode JALX in `__compute_return_epc_for_insn'
    - MIPS: Fix unaligned PC interpretation in `compute_return_epc'
    - MIPS: math-emu: Prevent wrong ISA mode instruction emulation
    - MIPS: Send SIGILL for BPOSGE32 in `__compute_return_epc_for_insn'
    - MIPS: Rename `sigill_r6' to `sigill_r2r6' in `__compute_return_epc_for_insn'
    - MIPS: Send SIGILL for linked branches in `__compute_return_epc_for_insn'
    - MIPS: Fix a typo: s/preset/present/ in r2-to-r6 emulation error message
    - Input: i8042 - fix crash at boot time
    - NFS: only invalidate dentrys that are clearly invalid.
    - udf: Fix deadlock between writeback and udf_setsize()
    - target: Fix COMPARE_AND_WRITE caw_sem leak during se_cmd quiesce
    - perf annotate: Fix broken arrow at row 0 connecting jmp instruction to its
      target
    - Revert "perf/core: Drop kernel samples even though :u is specified"
    - staging: rtl8188eu: add TL-WN722N v2 support
    - ceph: fix race in concurrent readdir
    - RDMA/core: Initialize port_num in qp_attr
    - drm/mst: Fix error handling during MST sideband message reception
    - drm/mst: Avoid dereferencing a NULL mstb in drm_dp_mst_handle_up_req()
    - drm/mst: Avoid processing partially received up/down message transactions
    - of: device: Export of_device_{get_modalias, uvent_modalias} to modules
    - spmi: Include OF based modalias in device uevent
    - tracing: Fix kmemleak in instance_rmdir
    - alarmtimer: don't rate limit one-shot timers
    - Linux 4.4.79
  * Xenial update to 4.4.78 stable release (LP: #1705707)
    - net_sched: fix error recovery at qdisc creation
    - net: sched: Fix one possible panic when no destroy callback
    - net/phy: micrel: configure intterupts after autoneg workaround
    - ipv6: avoid unregistering inet6_dev for loopback
    - net: dp83640: Avoid NULL pointer dereference.
    - tcp: reset sk_rx_dst in tcp_disconnect()
    - net: prevent sign extension in dev_get_stats()
    - bpf: prevent leaking pointer via xadd on unpriviledged
    - net: handle NAPI_GRO_FREE_STOLEN_HEAD case also in napi_frags_finish()
    - ipv6: dad: don't remove dynamic addresses if link is down
    - net: ipv6: Compare lwstate in detecting duplicate nexthops
    - vrf: fix bug_on triggered by rx when destroying a vrf
    - rds: tcp: use sock_create_lite() to create the accept socket
    - brcmfmac: fix possible buffer overflow in brcmf_cfg80211_mgmt_tx()
    - cfg80211: Define nla_policy for NL80211_ATTR_LOCAL_MESH_POWER_MODE
    - cfg80211: Validate frequencies nested in NL80211_ATTR_SCAN_FREQUENCIES
    - cfg80211: Check if PMKID attribute is of expected size
    - irqchip/gic-v3: Fix out-of-bound access in gic_set_affinity
    - parisc: Report SIGSEGV instead of SIGBUS when running out of stack
    - parisc: use compat_sys_keyctl()
    - parisc: DMA API: return error instead of BUG_ON for dma ops on non dma devs
    - parisc/mm: Ensure IRQs are off in switch_mm()
    - tools/lib/lockdep: Reduce MAX_LOCK_DEPTH to avoid overflowing lock_chain/:
      Depth
    - kernel/extable.c: mark core_kernel_text notrace
    - mm/list_lru.c: fix list_lru_count_node() to be race free
    - fs/dcache.c: fix spin lockup issue on nlru->lock
    - checkpatch: silence perl 5.26.0 unescaped left brace warnings
    - binfmt_elf: use ELF_ET_DYN_BASE only for PIE
    - arm: move ELF_ET_DYN_BASE to 4MB
    - arm64: move ELF_ET_DYN_BASE to 4GB / 4MB
    - powerpc: move ELF_ET_DYN_BASE to 4GB / 4MB
    - s390: reduce ELF_ET_DYN_BASE
    - exec: Limit arg stack to at most 75% of _STK_LIM
    - vt: fix unchecked __put_user() in tioclinux ioctls
    - mnt: In umount propagation reparent in a separate pass
    - mnt: In propgate_umount handle visiting mounts in any order
    - mnt: Make propagate_umount less slow for overlapping mount propagation trees
    - selftests/capabilities: Fix the test_execve test
    - tpm: Get rid of chip->pdev
    - tpm: Provide strong locking for device removal
    - Add "shutdown" to "struct class".
    - tpm: Issue a TPM2_Shutdown for TPM2 devices.
    - mm: fix overflow check in expand_upwards()
    - crypto: talitos - Extend max key length for SHA384/512-HMAC and AEAD
    - crypto: atmel - only treat EBUSY as transient if backlog
    - crypto: sha1-ssse3 - Disable avx2
    - crypto: caam - fix signals handling
    - sched/topology: Fix overlapping sched_group_mask
    - sched/topology: Optimize build_group_mask()
    - PM / wakeirq: Convert to SRCU
    - PM / QoS: return -EINVAL for bogus strings
    - tracing: Use SOFTIRQ_OFFSET for softirq dectection for more accurate results
    - KVM: x86: disable MPX if host did not enable MPX XSAVE features
    - kvm: vmx: Do not disable intercepts for BNDCFGS
    - kvm: x86: Guest BNDCFGS requires guest MPX support
    - kvm: vmx: Check value written to IA32_BNDCFGS
    - kvm: vmx: allow host to access guest MSR_IA32_BNDCFGS
    - Linux 4.4.78
  * Xenial update to 4.4.77 stable release (LP: #1705238)
    - fs: add a VALID_OPEN_FLAGS
    - fs: completely ignore unknown open flags
    - driver core: platform: fix race condition with driver_override
    - bgmac: reset & enable Ethernet core before using it
    - mm: fix classzone_idx underflow in shrink_zones()
    - tracing/kprobes: Allow to create probe with a module name starting with a
      digit
    - usb: dwc3: replace %p with %pK
    - USB: serial: cp210x: add ID for CEL EM3588 USB ZigBee stick
    - Add USB quirk for HVR-950q to avoid intermittent device resets
    - usb: usbip: set buffer pointers to NULL after free
    - usb: Fix typo in the definition of Endpoint[out]Request
    - mac80211_hwsim: Replace bogus hrtimer clockid
    - sysctl: don't print negative flag for proc_douintvec
    - sysctl: report EINVAL if value is larger than UINT_MAX for proc_douintvec
    - pinctrl: sh-pfc: r8a7791: Fix SCIF2 pinmux data
    - pinctrl: meson: meson8b: fix the NAND DQS pins
    - pinctrl: sunxi: Fix SPDIF function name for A83T
    - pinctrl: mxs: atomically switch mux and drive strength config
    - pinctrl: sh-pfc: Update info pointer after SoC-specific init
    - USB: serial: option: add two Longcheer device ids
    - USB: serial: qcserial: new Sierra Wireless EM7305 device ID
    - gfs2: Fix glock rhashtable rcu bug
    - x86/tools: Fix gcc-7 warning in relocs.c
    - x86/uaccess: Optimize copy_user_enhanced_fast_string() for short strings
    - ath10k: override CE5 config for QCA9377
    - KEYS: Fix an error code in request_master_key()
    - RDMA/uverbs: Check port number supplied by user verbs cmds
    - mqueue: fix a use-after-free in sys_mq_notify()
    - tools include: Add a __fallthrough statement
    - tools string: Use __fallthrough in perf_atoll()
    - tools strfilter: Use __fallthrough
    - perf top: Use __fallthrough
    - perf intel-pt: Use __fallthrough
    - perf thread_map: Correctly size buffer used with dirent->dt_name
    - perf scripting perl: Fix compile error with some perl5 versions
    - perf tests: Avoid possible truncation with dirent->d_name + snprintf
    - perf bench numa: Avoid possible truncation when using snprintf()
    - perf tools: Use readdir() instead of deprecated readdir_r()
    - perf thread_map: Use readdir() instead of deprecated readdir_r()
    - perf script: Use readdir() instead of deprecated readdir_r()
    - perf tools: Remove duplicate const qualifier
    - perf annotate browser: Fix behaviour of Shift-Tab with nothing focussed
    - perf pmu: Fix misleadingly indented assignment (whitespace)
    - perf dwarf: Guard !x86_64 definitions under #ifdef else clause
    - perf trace: Do not process PERF_RECORD_LOST twice
    - perf tests: Remove wrong semicolon in while loop in CQM test
    - perf tools: Use readdir() instead of deprecated readdir_r() again
    - md: fix incorrect use of lexx_to_cpu in does_sb_need_changing
    - md: fix super_offset endianness in super_1_rdev_size_change
    - tcp: fix tcp_mark_head_lost to check skb len before fragmenting
    - staging: vt6556: vnt_start Fix missing call to vnt_key_init_table.
    - staging: comedi: fix clean-up of comedi_class in comedi_init()
    - ext4: check return value of kstrtoull correctly in reserved_clusters_store
    - x86/mm/pat: Don't report PAT on CPUs that don't support it
    - saa7134: fix warm Medion 7134 EEPROM read
    - Linux 4.4.77

Date: 2017-08-14 10:48:15.477999+00:00
Changed-By: Kleber Sacilotto de Souza <kleber.souza at canonical.com>
Signed-By: Łukasz Zemczak <lukasz.zemczak at canonical.com>
https://launchpad.net/ubuntu/+source/linux-raspi2/4.4.0-1071.79
-------------- next part --------------
Sorry, changesfile not available.


More information about the Xenial-changes mailing list