[ubuntu/xenial-security] linux-raspi2 4.4.0-1095.103 (Accepted)

Łukasz Zemczak lukasz.zemczak at canonical.com
Thu Aug 23 19:49:16 UTC 2018


linux-raspi2 (4.4.0-1095.103) xenial; urgency=medium

  * linux-raspi2: 4.4.0-1095.103 -proposed tracker (LP: #1787183)

  * Xenial update to 4.4.136 stable release (LP: #1776177)
    - [Config] Add CONFIG_CC_OPTIMIZE_FOR_PERFORMANCE=y

  [ Ubuntu: 4.4.0-134.160 ]

  * linux: 4.4.0-134.160 -proposed tracker (LP: #1787177)
  * locking sockets broken due to missing AppArmor socket mediation patches
    (LP: #1780227)
    - UBUNTU SAUCE: apparmor: fix apparmor mediating locking non-fs, unix sockets
  * Backport namespaced fscaps to xenial 4.4 (LP: #1778286)
    - Introduce v3 namespaced file capabilities
    - commoncap: move assignment of fs_ns to avoid null pointer dereference
    - capabilities: fix buffer overread on very short xattr
    - commoncap: Handle memory allocation failure.
  * Xenial update to 4.4.140 stable release (LP: #1784409)
    - usb: cdc_acm: Add quirk for Uniden UBC125 scanner
    - USB: serial: cp210x: add CESINEL device ids
    - USB: serial: cp210x: add Silicon Labs IDs for Windows Update
    - n_tty: Fix stall at n_tty_receive_char_special().
    - staging: android: ion: Return an ERR_PTR in ion_map_kernel
    - n_tty: Access echo_* variables carefully.
    - x86/boot: Fix early command-line parsing when matching at end
    - ath10k: fix rfc1042 header retrieval in QCA4019 with eth decap mode
    - i2c: rcar: fix resume by always initializing registers before transfer
    - ipv4: Fix error return value in fib_convert_metrics()
    - kprobes/x86: Do not modify singlestep buffer while resuming
    - nvme-pci: initialize queue memory before interrupts
    - netfilter: nf_tables: use WARN_ON_ONCE instead of BUG_ON in nft_do_chain()
    - ARM: dts: imx6q: Use correct SDMA script for SPI5 core
    - ubi: fastmap: Correctly handle interrupted erasures in EBA
    - mm: hugetlb: yield when prepping struct pages
    - tracing: Fix missing return symbol in function_graph output
    - scsi: sg: mitigate read/write abuse
    - s390: Correct register corruption in critical section cleanup
    - drbd: fix access after free
    - cifs: Fix infinite loop when using hard mount option
    - jbd2: don't mark block as modified if the handle is out of credits
    - ext4: make sure bitmaps and the inode table don't overlap with bg
      descriptors
    - ext4: always check block group bounds in ext4_init_block_bitmap()
    - ext4: only look at the bg_flags field if it is valid
    - ext4: verify the depth of extent tree in ext4_find_extent()
    - ext4: include the illegal physical block in the bad map ext4_error msg
    - ext4: clear i_data in ext4_inode_info when removing inline data
    - ext4: add more inode number paranoia checks
    - ext4: add more mount time checks of the superblock
    - ext4: check superblock mapped prior to committing
    - HID: i2c-hid: Fix "incomplete report" noise
    - HID: hiddev: fix potential Spectre v1
    - HID: debug: check length before copy_to_user()
    - x86/mce: Detect local MCEs properly
    - x86/mce: Fix incorrect "Machine check from unknown source" message
    - media: cx25840: Use subdev host data for PLL override
    - mm, page_alloc: do not break __GFP_THISNODE by zonelist reset
    - dm bufio: avoid sleeping while holding the dm_bufio lock
    - dm bufio: drop the lock when doing GFP_NOIO allocation
    - mtd: rawnand: mxc: set spare area size register explicitly
    - dm bufio: don't take the lock in dm_bufio_shrink_count
    - mtd: cfi_cmdset_0002: Change definition naming to retry write operation
    - mtd: cfi_cmdset_0002: Change erase functions to retry for error
    - mtd: cfi_cmdset_0002: Change erase functions to check chip good only
    - netfilter: nf_log: don't hold nf_log_mutex during user access
    - staging: comedi: quatech_daqp_cs: fix no-op loop daqp_ao_insn_write()
    - Linux 4.4.140
  * Xenial update to 4.4.139 stable release (LP: #1784382)
    - xfrm6: avoid potential infinite loop in _decode_session6()
    - netfilter: ebtables: handle string from userspace with care
    - ipvs: fix buffer overflow with sync daemon and service
    - atm: zatm: fix memcmp casting
    - net: qmi_wwan: Add Netgear Aircard 779S
    - net/sonic: Use dma_mapping_error()
    - Revert "Btrfs: fix scrub to repair raid6 corruption"
    - tcp: do not overshoot window_clamp in tcp_rcv_space_adjust()
    - Btrfs: make raid6 rebuild retry more
    - usb: musb: fix remote wakeup racing with suspend
    - bonding: re-evaluate force_primary when the primary slave name changes
    - tcp: verify the checksum of the first data segment in a new connection
    - ext4: update mtime in ext4_punch_hole even if no blocks are released
    - ext4: fix fencepost error in check for inode count overflow during resize
    - driver core: Don't ignore class_dir_create_and_add() failure.
    - btrfs: scrub: Don't use inode pages for device replace
    - ALSA: hda - Handle kzalloc() failure in snd_hda_attach_pcm_stream()
    - ALSA: hda: add dock and led support for HP EliteBook 830 G5
    - ALSA: hda: add dock and led support for HP ProBook 640 G4
    - cpufreq: Fix new policy initialization during limits updates via sysfs
    - libata: zpodd: make arrays cdb static, reduces object code size
    - libata: zpodd: small read overflow in eject_tray()
    - libata: Drop SanDisk SD7UB3Q*G1001 NOLPM quirk
    - w1: mxc_w1: Enable clock before calling clk_get_rate() on it
    - x86/spectre_v1: Disable compiler optimizations over
      array_index_mask_nospec()
    - m68k/mm: Adjust VM area to be unmapped by gap size for __iounmap()
    - serial: sh-sci: Use spin_{try}lock_irqsave instead of open coding version
    - signal/xtensa: Consistenly use SIGBUS in do_unaligned_user
    - usb: do not reset if a low-speed or full-speed device timed out
    - 1wire: family module autoload fails because of upper/lower case mismatch.
    - ASoC: dapm: delete dapm_kcontrol_data paths list before freeing it
    - ASoC: cirrus: i2s: Fix LRCLK configuration
    - ASoC: cirrus: i2s: Fix {TX|RX}LinCtrlData setup
    - lib/vsprintf: Remove atomic-unsafe support for %pCr
    - mips: ftrace: fix static function graph tracing
    - branch-check: fix long->int truncation when profiling branches
    - ipmi:bt: Set the timeout before doing a capabilities check
    - Bluetooth: hci_qca: Avoid missing rampatch failure with userspace fw loader
    - fuse: atomic_o_trunc should truncate pagecache
    - fuse: don't keep dead fuse_conn at fuse_fill_super().
    - fuse: fix control dir setup and teardown
    - powerpc/mm/hash: Add missing isync prior to kernel stack SLB switch
    - powerpc/ptrace: Fix setting 512B aligned breakpoints with
      PTRACE_SET_DEBUGREG
    - powerpc/ptrace: Fix enforcement of DAWR constraints
    - cpuidle: powernv: Fix promotion from snooze if next state disabled
    - powerpc/fadump: Unregister fadump on kexec down path.
    - ARM: 8764/1: kgdb: fix NUMREGBYTES so that gdb_regs[] is the correct size
    - of: unittest: for strings, account for trailing \0 in property length field
    - IB/qib: Fix DMA api warning with debug kernel
    - RDMA/mlx4: Discard unknown SQP work requests
    - mtd: cfi_cmdset_0002: Change write buffer to check correct value
    - mtd: cfi_cmdset_0002: Use right chip in do_ppb_xxlock()
    - mtd: cfi_cmdset_0002: fix SEGV unlocking multiple chips
    - mtd: cfi_cmdset_0002: Fix unlocking requests crossing a chip boudary
    - mtd: cfi_cmdset_0002: Avoid walking all chips when unlocking.
    - MIPS: BCM47XX: Enable 74K Core ExternalSync for PCIe erratum
    - PCI: pciehp: Clear Presence Detect and Data Link Layer Status Changed on
      resume
    - MIPS: io: Add barrier after register read in inX()
    - time: Make sure jiffies_to_msecs() preserves non-zero time periods
    - Btrfs: fix clone vs chattr NODATASUM race
    - iio:buffer: make length types match kfifo types
    - scsi: qla2xxx: Fix setting lower transfer speed if GPSC fails
    - scsi: zfcp: fix missing SCSI trace for result of eh_host_reset_handler
    - scsi: zfcp: fix missing SCSI trace for retry of abort / scsi_eh TMF
    - scsi: zfcp: fix misleading REC trigger trace where erp_action setup failed
    - scsi: zfcp: fix missing REC trigger trace on terminate_rport_io early return
    - scsi: zfcp: fix missing REC trigger trace on terminate_rport_io for
      ERP_FAILED
    - scsi: zfcp: fix missing REC trigger trace for all objects in ERP_FAILED
    - scsi: zfcp: fix missing REC trigger trace on enqueue without ERP thread
    - linvdimm, pmem: Preserve read-only setting for pmem devices
    - md: fix two problems with setting the "re-add" device state.
    - ubi: fastmap: Cancel work upon detach
    - UBIFS: Fix potential integer overflow in allocation
    - xfrm: skip policies marked as dead while rehashing
    - backlight: as3711_bl: Fix Device Tree node lookup
    - backlight: max8925_bl: Fix Device Tree node lookup
    - backlight: tps65217_bl: Fix Device Tree node lookup
    - mfd: intel-lpss: Program REMAP register in PIO mode
    - perf tools: Fix symbol and object code resolution for vdso32 and vdsox32
    - perf intel-pt: Fix sync_switch INTEL_PT_SS_NOT_TRACING
    - perf intel-pt: Fix decoding to accept CBR between FUP and corresponding TIP
    - perf intel-pt: Fix MTC timing after overflow
    - perf intel-pt: Fix "Unexpected indirect branch" error
    - perf intel-pt: Fix packet decoding of CYC packets
    - media: v4l2-compat-ioctl32: prevent go past max size
    - media: dvb_frontend: fix locking issues at dvb_frontend_get_event()
    - nfsd: restrict rd_maxcount to svc_max_payload in nfsd_encode_readdir
    - NFSv4: Fix possible 1-byte stack overflow in
      nfs_idmap_read_and_verify_message
    - video: uvesafb: Fix integer overflow in allocation
    - Input: elan_i2c - add ELAN0618 (Lenovo v330 15IKB) ACPI ID
    - xen: Remove unnecessary BUG_ON from __unbind_from_irq()
    - udf: Detect incorrect directory size
    - Input: elan_i2c_smbus - fix more potential stack buffer overflows
    - Input: elantech - enable middle button of touchpads on ThinkPad P52
    - Input: elantech - fix V4 report decoding for module with middle key
    - ALSA: hda/realtek - Add a quirk for FSC ESPRIMO U9210
    - Btrfs: fix unexpected cow in run_delalloc_nocow
    - spi: Fix scatterlist elements size in spi_map_buf
    - block: Fix transfer when chunk sectors exceeds max
    - dm thin: handle running out of data space vs concurrent discard
    - cdc_ncm: avoid padding beyond end of skb
    - Bluetooth: Fix connection if directed advertising and privacy is used
    - Linux 4.4.139
  * Support AverMedia DVD EZMaker 7 USB video capture dongle (LP: #1620762) //
    Xenial update to 4.4.139 stable release (LP: #1784382)
    - media: cx231xx: Add support for AverMedia DVD EZMaker 7
  * vfio/pci: cannot assign a i40e pf device to a vm using vfio-pci
    (LP: #1779830)
    - vfio/pci: Hide broken INTx support from user
  * Kernel error "task zfs:pid blocked for more than 120 seconds" (LP: #1781364)
    - SAUCE: (noup) zfs to 0.6.5.6-0ubuntu25
  * Allow multiple mounts of zfs datasets (LP: #1759848)
    - SAUCE: Allow mounting datasets more than once (LP: #1759848)
  * CVE-2018-12233
    - jfs: Fix inconsistency between memory allocation and ea_buf->max_size
  * Redpine: Observed kernel panic while running wireless tests in regression
    mode (LP: #1773410) // Redpine: Observed kernel panic while running soft-ap
    tests (LP: #1777850)
    - SAUCE: Redpine: improve cancel_hw_scan handling to fix kernel panic
  * [HMS] Upgrades to Support SocketCAN over USB on Dell IoT 300x Gateways
    (LP: #1783241)
    - SAUCE: (no-up) upgrade IXXAT USB SocketCAN driver
  * CVE-2018-13094
    - xfs: don't call xfs_da_shrink_inode with NULL bp
  * other users' coredumps can be read via setgid directory and killpriv bypass
    (LP: #1779923) // CVE-2018-13405
    - Fix up non-directory creation in SGID directories
  * snapcraft.yaml: missing ubuntu-retpoline-extract-one script breaks the build
    (LP: #1782116)
    - snapcraft.yaml: copy retpoline-extract-one to scripts before build
  * Enable basic support for Solarflare 8000 series NIC (LP: #1783152)
    - sfc: make TSO version a per-queue parameter
    - sfc: Add PCI ID for Solarflare 8000 series 10/40G NIC
  * Redpine: Observed kernel panic while running wireless regressions tests
    (LP: #1777858)
    - SAUCE: Redpine: improve kernel thread handling to fix kernel panic
  * Xenial update to 4.4.138 stable release (LP: #1777389)
    - x86: Remove unused function cpu_has_ht_siblings()
    - x86/cpufeature: Remove unused and seldomly used cpu_has_xx macros
    - x86/fpu: Disable AVX when eagerfpu is off
    - x86/fpu: Revert ("x86/fpu: Disable AVX when eagerfpu is off")
    - x86/fpu: Hard-disable lazy FPU mode
    - af_key: Always verify length of provided sadb_key
    - x86/crypto, x86/fpu: Remove X86_FEATURE_EAGER_FPU #ifdef from the crc32c
      code
    - gpio: No NULL owner
    - Clarify (and fix) MAX_LFS_FILESIZE macros
    - serial: samsung: fix maxburst parameter for DMA transactions
    - vmw_balloon: fixing double free when batching mode is off
    - Input: goodix - add new ACPI id for GPD Win 2 touch screen
    - crypto: vmx - Remove overly verbose printk from AES init routines
    - Linux 4.4.138
  * Redpine: wifi-ap stopped working after restart (LP: #1773400)
    - SAUCE: Redpine: fix soft-ap invisible issue
  * Xenial update to 4.4.137 stable release (LP: #1777063)
    - tpm: do not suspend/resume if power stays on
    - tpm: self test failure should not cause suspend to fail
    - mmap: introduce sane default mmap limits
    - mmap: relax file size limit for regular files
    - kconfig: Avoid format overflow warning from GCC 8.1
    - xfs: fix incorrect log_flushed on fsync
    - drm: set FMODE_UNSIGNED_OFFSET for drm files
    - brcmfmac: Fix check for ISO3166 code
    - bnx2x: use the right constant
    - dccp: don't free ccid2_hc_tx_sock struct in dccp_disconnect()
    - enic: set DMA mask to 47 bit
    - ip6mr: only set ip6mr_table from setsockopt when ip6mr_new_table succeeds
    - ipv4: remove warning in ip_recv_error
    - isdn: eicon: fix a missing-check bug
    - netdev-FAQ: clarify DaveM's position for stable backports
    - net/packet: refine check for priv area size
    - net: usb: cdc_mbim: add flag FLAG_SEND_ZLP
    - packet: fix reserve calculation
    - qed: Fix mask for physical address in ILT entry
    - net/mlx4: Fix irq-unsafe spinlock usage
    - team: use netdev_features_t instead of u32
    - rtnetlink: validate attributes in do_setlink()
    - net: phy: broadcom: Fix bcm_write_exp()
    - net: metrics: add proper netlink validation
    - Linux 4.4.137
  * Xenial update to 4.4.136 stable release (LP: #1776177)
    - arm64: lse: Add early clobbers to some input/output asm operands
    - powerpc/64s: Clear PCR on boot
    - USB: serial: cp210x: use tcflag_t to fix incompatible pointer type
    - sh: New gcc support
    - xfs: detect agfl count corruption and reset agfl
    - Input: elan_i2c_smbus - fix corrupted stack
    - tracing: Fix crash when freeing instances with event triggers
    - selinux: KASAN: slab-out-of-bounds in xattr_getsecurity
    - cfg80211: further limit wiphy names to 64 bytes
    - rtlwifi: rtl8192cu: Remove variable self-assignment in rf.c
    - ASoC: Intel: sst: remove redundant variable dma_dev_name
    - irda: fix overly long udelay()
    - tcp: avoid integer overflows in tcp_rcv_space_adjust()
    - i2c: rcar: make sure clocks are on when doing clock calculation
    - i2c: rcar: rework hw init
    - i2c: rcar: remove unused IOERROR state
    - i2c: rcar: remove spinlock
    - i2c: rcar: refactor setup of a msg
    - i2c: rcar: init new messages in irq
    - i2c: rcar: don't issue stop when HW does it automatically
    - i2c: rcar: check master irqs before slave irqs
    - i2c: rcar: revoke START request early
    - dmaengine: usb-dmac: fix endless loop in usb_dmac_chan_terminate_all()
    - iio:kfifo_buf: check for uint overflow
    - MIPS: ptrace: Fix PTRACE_PEEKUSR requests for 64-bit FGRs
    - MIPS: prctl: Disallow FRE without FR with PR_SET_FP_MODE requests
    - scsi: scsi_transport_srp: Fix shost to rport translation
    - stm class: Use vmalloc for the master map
    - hwtracing: stm: fix build error on some arches
    - drm/i915: Disable LVDS on Radiant P845
    - Kbuild: change CC_OPTIMIZE_FOR_SIZE definition
    - [Config] Add CONFIG_CC_OPTIMIZE_FOR_PERFORMANCE=y
    - fix io_destroy()/aio_complete() race
    - mm: fix the NULL mapping case in __isolate_lru_page()
    - sparc64: Fix build warnings with gcc 7.
    - Linux 4.4.136
  * Xenial update to 4.4.135 stable release (LP: #1776158)
    - Revert "vti4: Don't override MTU passed on link creation via IFLA_MTU"
    - Linux 4.4.135

Date: 2018-08-16 15:53:12.624080+00:00
Changed-By: Khaled El Mously <khalid.elmously at canonical.com>
Signed-By: Łukasz Zemczak <lukasz.zemczak at canonical.com>
https://launchpad.net/ubuntu/+source/linux-raspi2/4.4.0-1095.103
-------------- next part --------------
Sorry, changesfile not available.


More information about the Xenial-changes mailing list