[ubuntu/xenial-security] linux 4.4.0-65.86 (Accepted)

Łukasz Zemczak lukasz.zemczak at canonical.com
Thu Mar 2 08:49:22 UTC 2017


linux (4.4.0-65.86) xenial; urgency=low

  * linux: 4.4.0-65.86 -proposed tracker (LP: #1667052)

  [ Stefan Bader ]
  * Upgrade Redpine RS9113 driver to support AP mode (LP: #1665211)
    - SAUCE: Redpine driver to support Host AP mode

  * NFS client : permission denied when trying to access subshare, since kernel
    4.4.0-31 (LP: #1649292)
    - fs: Better permission checking for submounts

  * [Hyper-V] SAUCE: pci-hyperv fixes for SR-IOV on Azure (LP: #1665097)
    - SAUCE: PCI: hv: Fix wslot_to_devfn() to fix warnings on device removal
    - SAUCE: pci-hyperv: properly handle pci bus remove
    - SAUCE: pci-hyperv: lock pci bus on device eject

  * [Hyper-V/Azure] Please include Mellanox OFED drivers in Azure kernel and
    image (LP: #1650058)
    - net/mlx4_en: Fix bad WQE issue
    - net/mlx4_core: Fix racy CQ (Completion Queue) free
    - net/mlx4_core: Fix when to save some qp context flags for dynamic VST to VGT
      transitions
    - net/mlx4_core: Avoid command timeouts during VF driver device shutdown

  * Xenial update to v4.4.49 stable release (LP: #1664960)
    - ARC: [arcompact] brown paper bag bug in unaligned access delay slot fixup
    - selinux: fix off-by-one in setprocattr
    - Revert "x86/ioapic: Restore IO-APIC irq_chip retrigger callback"
    - cpumask: use nr_cpumask_bits for parsing functions
    - hns: avoid stack overflow with CONFIG_KASAN
    - ARM: 8643/3: arm/ptrace: Preserve previous registers for short regset write
    - target: Don't BUG_ON during NodeACL dynamic -> explicit conversion
    - target: Use correct SCSI status during EXTENDED_COPY exception
    - target: Fix early transport_generic_handle_tmr abort scenario
    - target: Fix COMPARE_AND_WRITE ref leak for non GOOD status
    - ARM: 8642/1: LPAE: catch pending imprecise abort on unmask
    - mac80211: Fix adding of mesh vendor IEs
    - netvsc: Set maximum GSO size in the right place
    - scsi: zfcp: fix use-after-free by not tracing WKA port open/close on failed
      send
    - scsi: aacraid: Fix INTx/MSI-x issue with older controllers
    - scsi: mpt3sas: disable ASPM for MPI2 controllers
    - xen-netfront: Delete rx_refill_timer in xennet_disconnect_backend()
    - ALSA: seq: Fix race at creating a queue
    - ALSA: seq: Don't handle loop timeout at snd_seq_pool_done()
    - drm/i915: fix use-after-free in page_flip_completed()
    - Linux 4.4.49

  * NFS client : kernel 4.4.0-57 crash with nfsv4 enries in /etc/fstab
    (LP: #1650336)
    - SUNRPC: fix refcounting problems with auth_gss messages.

  * [0bda:0328] Card reader failed after S3 (LP: #1664809)
    - usb: hub: Wait for connection to be reestablished after port reset

  * linux-lts-xenial 4.4.0-63.84~14.04.2 ADT test failure with linux-lts-xenial
    4.4.0-63.84~14.04.2 (LP: #1664912)
    - SAUCE: apparmor: fix link auditing failure due to, uninitialized var

  * ibmvscsis: Add SGL LIMIT (LP: #1662551)
    - ibmvscsis: Add SGL limit

  * [Hyper-V] Bug fixes for storvsc (tagged queuing, error conditions)
    (LP: #1663687)
    - scsi: storvsc: Enable tracking of queue depth
    - scsi: storvsc: Remove the restriction on max segment size
    - scsi: storvsc: Enable multi-queue support
    - scsi: storvsc: use tagged SRB requests if supported by the device
    - scsi: storvsc: properly handle SRB_ERROR when sense message is present
    - scsi: storvsc: properly set residual data length on errors

  * ISST-LTE:pNV: ppc64_cpu command is hung w HDs, SSDs and NVMe (LP: #1662666)
    - blk-mq: Avoid memory reclaim when remapping queues
    - blk-mq: Fix failed allocation path when mapping queues

  * Possible missing firmware /lib/firmware/i915/kbl_dmc_ver1.bin for module
    i915_bpo (LP: #1624164)
    - SAUCE: i915_bpo: Remove MODULE_FIRMWARE statement for i915/kbl_dmc_ver1.bin

  *  Intel I210 ethernet does not work both after S3 (LP: #1662763)
    - igb: implement igb_ptp_suspend
    - igb: call igb_ptp_suspend during suspend/resume cycle

  * [Hyper-V] Fix ring buffer handling to avoid host throttling (LP: #1661430)
    - Drivers: hv: vmbus: On write cleanup the logic to interrupt the host
    - Drivers: hv: vmbus: On the read path cleanup the logic to interrupt the host
    - Drivers: hv: vmbus: finally fix hv_need_to_signal_on_read()

  * brd module compiled as built-in (LP: #1593293)
    - [Config] CONFIG_BLK_DEV_RAM=m

  * regession tests failing after stackprofile test is run (LP: #1661030)
    - SAUCE: fix regression with domain change in complain mode

  * Permission denied and inconsistent behavior in complain mode with 'ip netns
    list' command (LP: #1648903)
    - SAUCE: fix regression with domain change in complain mode

  * flock not mediated by 'k' (LP: #1658219)
    - SAUCE: apparmor: flock mediation is not being enforced on cache check

  * unexpected errno=13 and disconnected path when trying to open /proc/1/ns/mnt
    from a unshared mount namespace (LP: #1656121)
    - SAUCE: apparmor: null profiles should inherit parent control flags

  * apparmor refcount leak of profile namespace when removing profiles
    (LP: #1660849)
    - SAUCE: apparmor: fix ns ref count link when removing profiles from policy

  * tor in lxd: apparmor="DENIED" operation="change_onexec"
    namespace="root//CONTAINERNAME_<var-lib-lxd>" profile="unconfined"
    name="system_tor" (LP: #1648143)
    - SAUCE: apparmor: Fix no_new_privs blocking change_onexec when using stacked
      namespaces

  * apparmor_parser hangs indefinitely when called by multiple threads
    (LP: #1645037)
    - SAUCE: apparmor: fix lock ordering for mkdir

  * apparmor leaking securityfs pin count (LP: #1660846)
    - SAUCE: apparmor: fix leak on securityfs pin count

  * apparmor reference count leak when securityfs_setup_d_inode\ () fails
    (LP: #1660845)
    - SAUCE: apparmor: fix reference count leak when securityfs_setup_d_inode()
      fails

  * apparmor not checking error if security_pin_fs() fails (LP: #1660842)
    - SAUCE: apparmor: fix not handling error case when securityfs_pin_fs() fails

  * apparmor oops in bind_mnt when dev_path lookup fails (LP: #1660840)
    - SAUCE: apparmor: fix oops in bind_mnt when dev_path lookup fails

  * apparmor  auditing denied access of special apparmor .null fi\ le
    (LP: #1660836)
    - SAUCE: apparmor: Don't audit denied access of special apparmor .null file

  * apparmor label leak when new label is unused (LP: #1660834)
    - SAUCE: apparmor: fix label leak when new label is unused

  * apparmor reference count bug in label_merge_insert() (LP: #1660833)
    - SAUCE: apparmor: fix reference count bug in label_merge_insert()

  * apparmor's raw_data file in securityfs is sometimes truncated (LP: #1638996)
    - SAUCE: apparmor: fix replacement race in reading rawdata

  * unix domain socket cross permission check failing with nested namespaces
    (LP: #1660832)
    - SAUCE: apparmor: fix cross ns perm of unix domain sockets

  * docker permission issues with overlay2 storage driver (LP: #1659417)
    - SAUCE: overlayfs: Replace ovl_prepare_creds() with ovl_override_creds()
    - Revert "UBUNTU: SAUCE: cred: Add clone_cred() interface"
    - ovl: check mounter creds on underlying lookup

  * Enable CONFIG_NET_DROP_MONITOR=m in Ubuntu Kernel (LP: #1660634)
    - [Config] CONFIG_NET_DROP_MONITOR=m

  * Xenial update to v4.4.48 stable release (LP: #1663657)
    - PCI/ASPM: Handle PCI-to-PCIe bridges as roots of PCIe hierarchies
    - ext4: validate s_first_meta_bg at mount time
    - drm/nouveau/disp/gt215: Fix HDA ELD handling (thus, HDMI audio) on gt215
    - drm/nouveau/nv1a,nv1f/disp: fix memory clock rate retrieval
    - crypto: api - Clear CRYPTO_ALG_DEAD bit before registering an alg
    - crypto: arm64/aes-blk - honour iv_out requirement in CBC and CTR modes
    - perf/core: Fix PERF_RECORD_MMAP2 prot/flags for anonymous memory
    - ata: sata_mv:- Handle return value of devm_ioremap.
    - libata: apply MAX_SEC_1024 to all CX1-JB*-HP devices
    - powerpc/eeh: Fix wrong flag passed to eeh_unfreeze_pe()
    - powerpc: Add missing error check to prom_find_boot_cpu()
    - NFSD: Fix a null reference case in find_or_create_lock_stateid()
    - svcrpc: fix oops in absence of krb5 module
    - zswap: disable changing params if init fails
    - cifs: initialize file_info_lock
    - mm/memory_hotplug.c: check start_pfn in test_pages_in_a_zone()
    - mm, fs: check for fatal signals in do_generic_file_read()
    - can: bcm: fix hrtimer/tasklet termination in bcm op removal
    - mmc: sdhci: Ignore unexpected CARD_INT interrupts
    - percpu-refcount: fix reference leak during percpu-atomic transition
    - HID: wacom: Fix poor prox handling in 'wacom_pl_irq'
    - KVM: x86: do not save guest-unsupported XSAVE state
    - USB: serial: qcserial: add Dell DW5570 QDL
    - USB: serial: pl2303: add ATEN device ID
    - USB: Add quirk for WORLDE easykey.25 MIDI keyboard
    - usb: gadget: f_fs: Assorted buffer overflow checks.
    - USB: serial: option: add device ID for HP lt2523 (Novatel E371)
    - x86/irq: Make irq activate operations symmetric
    - base/memory, hotplug: fix a kernel oops in show_valid_zones()
    - Linux 4.4.48

  * Xenial update to v4.4.47 stable release (LP: #1662507)
    - r8152: fix the sw rx checksum is unavailable
    - mlxsw: spectrum: Fix memory leak at skb reallocation
    - mlxsw: switchx2: Fix memory leak at skb reallocation
    - mlxsw: pci: Fix EQE structure definition
    - net: lwtunnel: Handle lwtunnel_fill_encap failure
    - net: ipv4: fix table id in getroute response
    - net: systemport: Decouple flow control from __bcm_sysport_tx_reclaim
    - tcp: fix tcp_fastopen unaligned access complaints on sparc
    - openvswitch: maintain correct checksum state in conntrack actions
    - ravb: do not use zero-length alignment DMA descriptor
    - ax25: Fix segfault after sock connection timeout
    - net: fix harmonize_features() vs NETIF_F_HIGHDMA
    - net: phy: bcm63xx: Utilize correct config_intr function
    - ipv6: addrconf: Avoid addrconf_disable_change() using RCU read-side lock
    - tcp: initialize max window for a new fastopen socket
    - bridge: netlink: call br_changelink() during br_dev_newlink()
    - r8152: don't execute runtime suspend if the tx is not empty
    - af_unix: move unix_mknod() out of bindlock
    - qmi_wwan/cdc_ether: add device ID for HP lt2523 (Novatel E371) WWAN card
    - net: dsa: Bring back device detaching in dsa_slave_suspend()
    - Linux 4.4.47

  * Xenial update to v4.4.46 stable release (LP: #1660994)
    - fbdev: color map copying bounds checking
    - tile/ptrace: Preserve previous registers for short regset write
    - drm: Fix broken VT switch with video=1366x768 option
    - mm/mempolicy.c: do not put mempolicy before using its nodemask
    - sysctl: fix proc_doulongvec_ms_jiffies_minmax()
    - ISDN: eicon: silence misleading array-bounds warning
    - RDMA/cma: Fix unknown symbol when CONFIG_IPV6 is not enabled
    - s390/ptrace: Preserve previous registers for short regset write
    - can: c_can_pci: fix null-pointer-deref in c_can_start() - set device pointer
    - can: ti_hecc: add missing prepare and unprepare of the clock
    - ARC: udelay: fix inline assembler by adding LP_COUNT to clobber list
    - ARC: [arcompact] handle unaligned access delay slot corner case
    - parisc: Don't use BITS_PER_LONG in userspace-exported swab.h header
    - nfs: Don't increment lock sequence ID after NFS4ERR_MOVED
    - NFSv4.0: always send mode in SETATTR after EXCLUSIVE4
    - SUNRPC: cleanup ida information when removing sunrpc module
    - drm/i915: Don't leak edid in intel_crt_detect_ddc()
    - IB/ipoib: move back IB LL address into the hard header
    - IB/umem: Release pid in error and ODP flow
    - s5k4ecgx: select CRC32 helper
    - pinctrl: broxton: Use correct PADCFGLOCK offset
    - platform/x86: intel_mid_powerbtn: Set IRQ_ONESHOT
    - mm, memcg: do not retry precharge charges
    - Linux 4.4.46

  * Xenial update to v4.4.45 stable release (LP: #1660993)
    - ftrace/x86: Set ftrace_stub to weak to prevent gcc from using short jumps to
      it
    - IB/mlx5: Wait for all async command completions to complete
    - IB/mlx4: Set traffic class in AH
    - IB/mlx4: Fix out-of-range array index in destroy qp flow
    - IB/mlx4: Fix port query for 56Gb Ethernet links
    - IB/mlx4: When no DMFS for IPoIB, don't allow NET_IF QPs
    - IB/IPoIB: Remove can't use GFP_NOIO warning
    - perf scripting: Avoid leaking the scripting_context variable
    - ARM: dts: imx31: fix clock control module interrupts description
    - ARM: dts: imx31: move CCM device node to AIPS2 bus devices
    - ARM: dts: imx31: fix AVIC base address
    - tmpfs: clear S_ISGID when setting posix ACLs
    - x86/PCI: Ignore _CRS on Supermicro X8DTH-i/6/iF/6F
    - svcrpc: don't leak contexts on PROC_DESTROY
    - fuse: clear FR_PENDING flag when moving requests out of pending queue
    - PCI: Enumerate switches below PCI-to-PCIe bridges
    - HID: corsair: fix DMA buffers on stack
    - HID: corsair: fix control-transfer error handling
    - mmc: mxs-mmc: Fix additional cycles after transmission stop
    - ieee802154: atusb: do not use the stack for buffers to make them DMA able
    - mtd: nand: xway: disable module support
    - x86/ioapic: Restore IO-APIC irq_chip retrigger callback
    - qla2xxx: Fix crash due to null pointer access
    - ubifs: Fix journal replay wrt. xattr nodes
    - clocksource/exynos_mct: Clear interrupt when cpu is shut down
    - svcrdma: avoid duplicate dma unmapping during error recovery
    - ARM: 8634/1: hw_breakpoint: blacklist Scorpion CPUs
    - ceph: fix bad endianness handling in parse_reply_info_extra
    - ARM: dts: da850-evm: fix read access to SPI flash
    - arm64/ptrace: Preserve previous registers for short regset write
    - arm64/ptrace: Preserve previous registers for short regset write - 2
    - arm64/ptrace: Preserve previous registers for short regset write - 3
    - arm64/ptrace: Avoid uninitialised struct padding in fpr_set()
    - arm64/ptrace: Reject attempts to set incomplete hardware breakpoint fields
    - ARM: dts: imx6qdl-nitrogen6_max: fix sgtl5000 pinctrl init
    - ARM: ux500: fix prcmu_is_cpu_in_wfi() calculation
    - ARM: 8613/1: Fix the uaccess crash on PB11MPCore
    - blackfin: check devm_pinctrl_get() for errors
    - ite-cir: initialize use_demodulator before using it
    - dmaengine: pl330: Fix runtime PM support for terminated transfers
    - selftest/powerpc: Wrong PMC initialized in pmc56_overflow test
    - arm64: avoid returning from bad_mode
    - Linux 4.4.45

Date: 2017-02-23 17:45:28.396583+00:00
Changed-By: Thadeu Lima de Souza Cascardo <thadeu.cascardo at canonical.com>
Signed-By: Łukasz Zemczak <lukasz.zemczak at canonical.com>
https://launchpad.net/ubuntu/+source/linux/4.4.0-65.86
-------------- next part --------------
Sorry, changesfile not available.


More information about the Xenial-changes mailing list