[ubuntu/xenial-security] linux-raspi2 4.4.0-1095.103 (Accepted)
Łukasz Zemczak
lukasz.zemczak at canonical.com
Thu Aug 23 19:49:16 UTC 2018
linux-raspi2 (4.4.0-1095.103) xenial; urgency=medium
* linux-raspi2: 4.4.0-1095.103 -proposed tracker (LP: #1787183)
* Xenial update to 4.4.136 stable release (LP: #1776177)
- [Config] Add CONFIG_CC_OPTIMIZE_FOR_PERFORMANCE=y
[ Ubuntu: 4.4.0-134.160 ]
* linux: 4.4.0-134.160 -proposed tracker (LP: #1787177)
* locking sockets broken due to missing AppArmor socket mediation patches
(LP: #1780227)
- UBUNTU SAUCE: apparmor: fix apparmor mediating locking non-fs, unix sockets
* Backport namespaced fscaps to xenial 4.4 (LP: #1778286)
- Introduce v3 namespaced file capabilities
- commoncap: move assignment of fs_ns to avoid null pointer dereference
- capabilities: fix buffer overread on very short xattr
- commoncap: Handle memory allocation failure.
* Xenial update to 4.4.140 stable release (LP: #1784409)
- usb: cdc_acm: Add quirk for Uniden UBC125 scanner
- USB: serial: cp210x: add CESINEL device ids
- USB: serial: cp210x: add Silicon Labs IDs for Windows Update
- n_tty: Fix stall at n_tty_receive_char_special().
- staging: android: ion: Return an ERR_PTR in ion_map_kernel
- n_tty: Access echo_* variables carefully.
- x86/boot: Fix early command-line parsing when matching at end
- ath10k: fix rfc1042 header retrieval in QCA4019 with eth decap mode
- i2c: rcar: fix resume by always initializing registers before transfer
- ipv4: Fix error return value in fib_convert_metrics()
- kprobes/x86: Do not modify singlestep buffer while resuming
- nvme-pci: initialize queue memory before interrupts
- netfilter: nf_tables: use WARN_ON_ONCE instead of BUG_ON in nft_do_chain()
- ARM: dts: imx6q: Use correct SDMA script for SPI5 core
- ubi: fastmap: Correctly handle interrupted erasures in EBA
- mm: hugetlb: yield when prepping struct pages
- tracing: Fix missing return symbol in function_graph output
- scsi: sg: mitigate read/write abuse
- s390: Correct register corruption in critical section cleanup
- drbd: fix access after free
- cifs: Fix infinite loop when using hard mount option
- jbd2: don't mark block as modified if the handle is out of credits
- ext4: make sure bitmaps and the inode table don't overlap with bg
descriptors
- ext4: always check block group bounds in ext4_init_block_bitmap()
- ext4: only look at the bg_flags field if it is valid
- ext4: verify the depth of extent tree in ext4_find_extent()
- ext4: include the illegal physical block in the bad map ext4_error msg
- ext4: clear i_data in ext4_inode_info when removing inline data
- ext4: add more inode number paranoia checks
- ext4: add more mount time checks of the superblock
- ext4: check superblock mapped prior to committing
- HID: i2c-hid: Fix "incomplete report" noise
- HID: hiddev: fix potential Spectre v1
- HID: debug: check length before copy_to_user()
- x86/mce: Detect local MCEs properly
- x86/mce: Fix incorrect "Machine check from unknown source" message
- media: cx25840: Use subdev host data for PLL override
- mm, page_alloc: do not break __GFP_THISNODE by zonelist reset
- dm bufio: avoid sleeping while holding the dm_bufio lock
- dm bufio: drop the lock when doing GFP_NOIO allocation
- mtd: rawnand: mxc: set spare area size register explicitly
- dm bufio: don't take the lock in dm_bufio_shrink_count
- mtd: cfi_cmdset_0002: Change definition naming to retry write operation
- mtd: cfi_cmdset_0002: Change erase functions to retry for error
- mtd: cfi_cmdset_0002: Change erase functions to check chip good only
- netfilter: nf_log: don't hold nf_log_mutex during user access
- staging: comedi: quatech_daqp_cs: fix no-op loop daqp_ao_insn_write()
- Linux 4.4.140
* Xenial update to 4.4.139 stable release (LP: #1784382)
- xfrm6: avoid potential infinite loop in _decode_session6()
- netfilter: ebtables: handle string from userspace with care
- ipvs: fix buffer overflow with sync daemon and service
- atm: zatm: fix memcmp casting
- net: qmi_wwan: Add Netgear Aircard 779S
- net/sonic: Use dma_mapping_error()
- Revert "Btrfs: fix scrub to repair raid6 corruption"
- tcp: do not overshoot window_clamp in tcp_rcv_space_adjust()
- Btrfs: make raid6 rebuild retry more
- usb: musb: fix remote wakeup racing with suspend
- bonding: re-evaluate force_primary when the primary slave name changes
- tcp: verify the checksum of the first data segment in a new connection
- ext4: update mtime in ext4_punch_hole even if no blocks are released
- ext4: fix fencepost error in check for inode count overflow during resize
- driver core: Don't ignore class_dir_create_and_add() failure.
- btrfs: scrub: Don't use inode pages for device replace
- ALSA: hda - Handle kzalloc() failure in snd_hda_attach_pcm_stream()
- ALSA: hda: add dock and led support for HP EliteBook 830 G5
- ALSA: hda: add dock and led support for HP ProBook 640 G4
- cpufreq: Fix new policy initialization during limits updates via sysfs
- libata: zpodd: make arrays cdb static, reduces object code size
- libata: zpodd: small read overflow in eject_tray()
- libata: Drop SanDisk SD7UB3Q*G1001 NOLPM quirk
- w1: mxc_w1: Enable clock before calling clk_get_rate() on it
- x86/spectre_v1: Disable compiler optimizations over
array_index_mask_nospec()
- m68k/mm: Adjust VM area to be unmapped by gap size for __iounmap()
- serial: sh-sci: Use spin_{try}lock_irqsave instead of open coding version
- signal/xtensa: Consistenly use SIGBUS in do_unaligned_user
- usb: do not reset if a low-speed or full-speed device timed out
- 1wire: family module autoload fails because of upper/lower case mismatch.
- ASoC: dapm: delete dapm_kcontrol_data paths list before freeing it
- ASoC: cirrus: i2s: Fix LRCLK configuration
- ASoC: cirrus: i2s: Fix {TX|RX}LinCtrlData setup
- lib/vsprintf: Remove atomic-unsafe support for %pCr
- mips: ftrace: fix static function graph tracing
- branch-check: fix long->int truncation when profiling branches
- ipmi:bt: Set the timeout before doing a capabilities check
- Bluetooth: hci_qca: Avoid missing rampatch failure with userspace fw loader
- fuse: atomic_o_trunc should truncate pagecache
- fuse: don't keep dead fuse_conn at fuse_fill_super().
- fuse: fix control dir setup and teardown
- powerpc/mm/hash: Add missing isync prior to kernel stack SLB switch
- powerpc/ptrace: Fix setting 512B aligned breakpoints with
PTRACE_SET_DEBUGREG
- powerpc/ptrace: Fix enforcement of DAWR constraints
- cpuidle: powernv: Fix promotion from snooze if next state disabled
- powerpc/fadump: Unregister fadump on kexec down path.
- ARM: 8764/1: kgdb: fix NUMREGBYTES so that gdb_regs[] is the correct size
- of: unittest: for strings, account for trailing \0 in property length field
- IB/qib: Fix DMA api warning with debug kernel
- RDMA/mlx4: Discard unknown SQP work requests
- mtd: cfi_cmdset_0002: Change write buffer to check correct value
- mtd: cfi_cmdset_0002: Use right chip in do_ppb_xxlock()
- mtd: cfi_cmdset_0002: fix SEGV unlocking multiple chips
- mtd: cfi_cmdset_0002: Fix unlocking requests crossing a chip boudary
- mtd: cfi_cmdset_0002: Avoid walking all chips when unlocking.
- MIPS: BCM47XX: Enable 74K Core ExternalSync for PCIe erratum
- PCI: pciehp: Clear Presence Detect and Data Link Layer Status Changed on
resume
- MIPS: io: Add barrier after register read in inX()
- time: Make sure jiffies_to_msecs() preserves non-zero time periods
- Btrfs: fix clone vs chattr NODATASUM race
- iio:buffer: make length types match kfifo types
- scsi: qla2xxx: Fix setting lower transfer speed if GPSC fails
- scsi: zfcp: fix missing SCSI trace for result of eh_host_reset_handler
- scsi: zfcp: fix missing SCSI trace for retry of abort / scsi_eh TMF
- scsi: zfcp: fix misleading REC trigger trace where erp_action setup failed
- scsi: zfcp: fix missing REC trigger trace on terminate_rport_io early return
- scsi: zfcp: fix missing REC trigger trace on terminate_rport_io for
ERP_FAILED
- scsi: zfcp: fix missing REC trigger trace for all objects in ERP_FAILED
- scsi: zfcp: fix missing REC trigger trace on enqueue without ERP thread
- linvdimm, pmem: Preserve read-only setting for pmem devices
- md: fix two problems with setting the "re-add" device state.
- ubi: fastmap: Cancel work upon detach
- UBIFS: Fix potential integer overflow in allocation
- xfrm: skip policies marked as dead while rehashing
- backlight: as3711_bl: Fix Device Tree node lookup
- backlight: max8925_bl: Fix Device Tree node lookup
- backlight: tps65217_bl: Fix Device Tree node lookup
- mfd: intel-lpss: Program REMAP register in PIO mode
- perf tools: Fix symbol and object code resolution for vdso32 and vdsox32
- perf intel-pt: Fix sync_switch INTEL_PT_SS_NOT_TRACING
- perf intel-pt: Fix decoding to accept CBR between FUP and corresponding TIP
- perf intel-pt: Fix MTC timing after overflow
- perf intel-pt: Fix "Unexpected indirect branch" error
- perf intel-pt: Fix packet decoding of CYC packets
- media: v4l2-compat-ioctl32: prevent go past max size
- media: dvb_frontend: fix locking issues at dvb_frontend_get_event()
- nfsd: restrict rd_maxcount to svc_max_payload in nfsd_encode_readdir
- NFSv4: Fix possible 1-byte stack overflow in
nfs_idmap_read_and_verify_message
- video: uvesafb: Fix integer overflow in allocation
- Input: elan_i2c - add ELAN0618 (Lenovo v330 15IKB) ACPI ID
- xen: Remove unnecessary BUG_ON from __unbind_from_irq()
- udf: Detect incorrect directory size
- Input: elan_i2c_smbus - fix more potential stack buffer overflows
- Input: elantech - enable middle button of touchpads on ThinkPad P52
- Input: elantech - fix V4 report decoding for module with middle key
- ALSA: hda/realtek - Add a quirk for FSC ESPRIMO U9210
- Btrfs: fix unexpected cow in run_delalloc_nocow
- spi: Fix scatterlist elements size in spi_map_buf
- block: Fix transfer when chunk sectors exceeds max
- dm thin: handle running out of data space vs concurrent discard
- cdc_ncm: avoid padding beyond end of skb
- Bluetooth: Fix connection if directed advertising and privacy is used
- Linux 4.4.139
* Support AverMedia DVD EZMaker 7 USB video capture dongle (LP: #1620762) //
Xenial update to 4.4.139 stable release (LP: #1784382)
- media: cx231xx: Add support for AverMedia DVD EZMaker 7
* vfio/pci: cannot assign a i40e pf device to a vm using vfio-pci
(LP: #1779830)
- vfio/pci: Hide broken INTx support from user
* Kernel error "task zfs:pid blocked for more than 120 seconds" (LP: #1781364)
- SAUCE: (noup) zfs to 0.6.5.6-0ubuntu25
* Allow multiple mounts of zfs datasets (LP: #1759848)
- SAUCE: Allow mounting datasets more than once (LP: #1759848)
* CVE-2018-12233
- jfs: Fix inconsistency between memory allocation and ea_buf->max_size
* Redpine: Observed kernel panic while running wireless tests in regression
mode (LP: #1773410) // Redpine: Observed kernel panic while running soft-ap
tests (LP: #1777850)
- SAUCE: Redpine: improve cancel_hw_scan handling to fix kernel panic
* [HMS] Upgrades to Support SocketCAN over USB on Dell IoT 300x Gateways
(LP: #1783241)
- SAUCE: (no-up) upgrade IXXAT USB SocketCAN driver
* CVE-2018-13094
- xfs: don't call xfs_da_shrink_inode with NULL bp
* other users' coredumps can be read via setgid directory and killpriv bypass
(LP: #1779923) // CVE-2018-13405
- Fix up non-directory creation in SGID directories
* snapcraft.yaml: missing ubuntu-retpoline-extract-one script breaks the build
(LP: #1782116)
- snapcraft.yaml: copy retpoline-extract-one to scripts before build
* Enable basic support for Solarflare 8000 series NIC (LP: #1783152)
- sfc: make TSO version a per-queue parameter
- sfc: Add PCI ID for Solarflare 8000 series 10/40G NIC
* Redpine: Observed kernel panic while running wireless regressions tests
(LP: #1777858)
- SAUCE: Redpine: improve kernel thread handling to fix kernel panic
* Xenial update to 4.4.138 stable release (LP: #1777389)
- x86: Remove unused function cpu_has_ht_siblings()
- x86/cpufeature: Remove unused and seldomly used cpu_has_xx macros
- x86/fpu: Disable AVX when eagerfpu is off
- x86/fpu: Revert ("x86/fpu: Disable AVX when eagerfpu is off")
- x86/fpu: Hard-disable lazy FPU mode
- af_key: Always verify length of provided sadb_key
- x86/crypto, x86/fpu: Remove X86_FEATURE_EAGER_FPU #ifdef from the crc32c
code
- gpio: No NULL owner
- Clarify (and fix) MAX_LFS_FILESIZE macros
- serial: samsung: fix maxburst parameter for DMA transactions
- vmw_balloon: fixing double free when batching mode is off
- Input: goodix - add new ACPI id for GPD Win 2 touch screen
- crypto: vmx - Remove overly verbose printk from AES init routines
- Linux 4.4.138
* Redpine: wifi-ap stopped working after restart (LP: #1773400)
- SAUCE: Redpine: fix soft-ap invisible issue
* Xenial update to 4.4.137 stable release (LP: #1777063)
- tpm: do not suspend/resume if power stays on
- tpm: self test failure should not cause suspend to fail
- mmap: introduce sane default mmap limits
- mmap: relax file size limit for regular files
- kconfig: Avoid format overflow warning from GCC 8.1
- xfs: fix incorrect log_flushed on fsync
- drm: set FMODE_UNSIGNED_OFFSET for drm files
- brcmfmac: Fix check for ISO3166 code
- bnx2x: use the right constant
- dccp: don't free ccid2_hc_tx_sock struct in dccp_disconnect()
- enic: set DMA mask to 47 bit
- ip6mr: only set ip6mr_table from setsockopt when ip6mr_new_table succeeds
- ipv4: remove warning in ip_recv_error
- isdn: eicon: fix a missing-check bug
- netdev-FAQ: clarify DaveM's position for stable backports
- net/packet: refine check for priv area size
- net: usb: cdc_mbim: add flag FLAG_SEND_ZLP
- packet: fix reserve calculation
- qed: Fix mask for physical address in ILT entry
- net/mlx4: Fix irq-unsafe spinlock usage
- team: use netdev_features_t instead of u32
- rtnetlink: validate attributes in do_setlink()
- net: phy: broadcom: Fix bcm_write_exp()
- net: metrics: add proper netlink validation
- Linux 4.4.137
* Xenial update to 4.4.136 stable release (LP: #1776177)
- arm64: lse: Add early clobbers to some input/output asm operands
- powerpc/64s: Clear PCR on boot
- USB: serial: cp210x: use tcflag_t to fix incompatible pointer type
- sh: New gcc support
- xfs: detect agfl count corruption and reset agfl
- Input: elan_i2c_smbus - fix corrupted stack
- tracing: Fix crash when freeing instances with event triggers
- selinux: KASAN: slab-out-of-bounds in xattr_getsecurity
- cfg80211: further limit wiphy names to 64 bytes
- rtlwifi: rtl8192cu: Remove variable self-assignment in rf.c
- ASoC: Intel: sst: remove redundant variable dma_dev_name
- irda: fix overly long udelay()
- tcp: avoid integer overflows in tcp_rcv_space_adjust()
- i2c: rcar: make sure clocks are on when doing clock calculation
- i2c: rcar: rework hw init
- i2c: rcar: remove unused IOERROR state
- i2c: rcar: remove spinlock
- i2c: rcar: refactor setup of a msg
- i2c: rcar: init new messages in irq
- i2c: rcar: don't issue stop when HW does it automatically
- i2c: rcar: check master irqs before slave irqs
- i2c: rcar: revoke START request early
- dmaengine: usb-dmac: fix endless loop in usb_dmac_chan_terminate_all()
- iio:kfifo_buf: check for uint overflow
- MIPS: ptrace: Fix PTRACE_PEEKUSR requests for 64-bit FGRs
- MIPS: prctl: Disallow FRE without FR with PR_SET_FP_MODE requests
- scsi: scsi_transport_srp: Fix shost to rport translation
- stm class: Use vmalloc for the master map
- hwtracing: stm: fix build error on some arches
- drm/i915: Disable LVDS on Radiant P845
- Kbuild: change CC_OPTIMIZE_FOR_SIZE definition
- [Config] Add CONFIG_CC_OPTIMIZE_FOR_PERFORMANCE=y
- fix io_destroy()/aio_complete() race
- mm: fix the NULL mapping case in __isolate_lru_page()
- sparc64: Fix build warnings with gcc 7.
- Linux 4.4.136
* Xenial update to 4.4.135 stable release (LP: #1776158)
- Revert "vti4: Don't override MTU passed on link creation via IFLA_MTU"
- Linux 4.4.135
Date: 2018-08-16 15:53:12.624080+00:00
Changed-By: Khaled El Mously <khalid.elmously at canonical.com>
Signed-By: Łukasz Zemczak <lukasz.zemczak at canonical.com>
https://launchpad.net/ubuntu/+source/linux-raspi2/4.4.0-1095.103
-------------- next part --------------
Sorry, changesfile not available.
More information about the Xenial-changes
mailing list