[ubuntu/xenial-security] linux-snapdragon 4.4.0-1154.164 (Accepted)

Andy Whitcroft apw at canonical.com
Tue Apr 13 13:34:53 UTC 2021


linux-snapdragon (4.4.0-1154.164) xenial; urgency=medium

  * xenial/linux-snapdragon: 4.4.0-1154.164 -proposed tracker (LP: #1922066)

  [ Ubuntu: 4.4.0-208.240 ]

  * xenial/linux: 4.4.0-208.240 -proposed tracker (LP: #1922069)
  * linux ADT test failure with linux/4.4.0-207.239 -
    ubuntu_qrt_kernel_security.test-kernel-security.py (LP: #1922200) //
    CVE-2018-5953 // CVE-2018-5995 // CVE-2018-7754
    - SAUCE: Revert "printk: hash addresses printed with %p"
  * lxd 2.0.11-0ubuntu1~16.04.4 ADT test failure with linux 4.4.0-207.239
    (LP: #1921969)
    - SAUCE: Fix fuse regression in 4.4.0-207.239

linux-snapdragon (4.4.0-1153.163) xenial; urgency=medium

  * xenial/linux-snapdragon: 4.4.0-1153.163 -proposed tracker (LP: #1919555)

  * Xenial update: v4.4.257 upstream stable release (LP: #1916660)
    - snapdragon: [Config] updateconfigs for ELFCORE

  * CVE-2017-5967
    - snapdragon: [Config] Dropped CONFIG_TIMER_STATS

  [ Ubuntu: 4.4.0-207.239 ]

  * xenial/linux: 4.4.0-207.239 -proposed tracker (LP: #1919558)
  * Xenial update: v4.4.262 upstream stable release (LP: #1920221)
    - uapi: nfnetlink_cthelper.h: fix userspace compilation error
    - ath9k: fix transmitting to stations in dynamic SMPS mode
    - net: Fix gro aggregation for udp encaps with zero csum
    - can: skb: can_skb_set_owner(): fix ref counting if socket was closed before
      setting skb ownership
    - can: flexcan: assert FRZ bit in flexcan_chip_freeze()
    - can: flexcan: enable RX FIFO after FRZ/HALT valid
    - netfilter: x_tables: gpf inside xt_find_revision()
    - cifs: return proper error code in statfs(2)
    - floppy: fix lock_fdc() signal handling
    - Revert "mm, slub: consider rest of partial list if acquire_slab() fails"
    - futex: Change locking rules
    - futex: Cure exit race
    - futex: fix dead code in attach_to_pi_owner()
    - net/mlx4_en: update moderation when config reset
    - net: lapbether: Remove netif_start_queue / netif_stop_queue
    - net: davicom: Fix regulator not turned off on failed probe
    - net: davicom: Fix regulator not turned off on driver removal
    - media: usbtv: Fix deadlock on suspend
    - mmc: mxs-mmc: Fix a resource leak in an error handling path in
      'mxs_mmc_probe()'
    - mmc: mediatek: fix race condition between msdc_request_timeout and irq
    - powerpc/perf: Record counter overflow always if SAMPLE_IP is unset
    - PCI: xgene-msi: Fix race in installing chained irq handler
    - s390/smp: __smp_rescan_cpus() - move cpumask away from stack
    - scsi: libiscsi: Fix iscsi_prep_scsi_cmd_pdu() error handling
    - ALSA: hda/hdmi: Cancel pending works before suspend
    - ALSA: hda: Avoid spurious unsol event handling during S3/S4
    - ALSA: usb-audio: Fix "cannot get freq eq" errors on Dell AE515 sound bar
    - s390/dasd: fix hanging DASD driver unbind
    - mmc: core: Fix partition switch time for eMMC
    - scripts/recordmcount.{c,pl}: support -ffunction-sections .text.* section
      names
    - Goodix Fingerprint device is not a modem
    - usb: gadget: f_uac2: always increase endpoint max_packet_size by one audio
      slot
    - usb: renesas_usbhs: Clear PIPECFG for re-enabling pipe with other EPNUM
    - xhci: Improve detection of device initiated wake signal.
    - USB: serial: io_edgeport: fix memory leak in edge_startup
    - USB: serial: ch341: add new Product ID
    - USB: serial: cp210x: add ID for Acuity Brands nLight Air Adapter
    - USB: serial: cp210x: add some more GE USB IDs
    - usbip: fix stub_dev to check for stream socket
    - usbip: fix vhci_hcd to check for stream socket
    - usbip: fix stub_dev usbip_sockfd_store() races leading to gpf
    - staging: rtl8192u: fix ->ssid overflow in r8192_wx_set_scan()
    - staging: rtl8188eu: prevent ->ssid overflow in rtw_wx_set_scan()
    - staging: rtl8712: unterminated string leads to read overflow
    - staging: rtl8188eu: fix potential memory corruption in
      rtw_check_beacon_data()
    - staging: rtl8712: Fix possible buffer overflow in r8712_sitesurvey_cmd
    - staging: rtl8192e: Fix possible buffer overflow in _rtl92e_wx_set_scan
    - staging: comedi: addi_apci_1032: Fix endian problem for COS sample
    - staging: comedi: addi_apci_1500: Fix endian problem for command sample
    - staging: comedi: adv_pci1710: Fix endian problem for AI command data
    - staging: comedi: das6402: Fix endian problem for AI command data
    - staging: comedi: das800: Fix endian problem for AI command data
    - staging: comedi: dmm32at: Fix endian problem for AI command data
    - staging: comedi: me4000: Fix endian problem for AI command data
    - staging: comedi: pcl711: Fix endian problem for AI command data
    - staging: comedi: pcl818: Fix endian problem for AI command data
    - NFSv4.2: fix return value of _nfs4_get_security_label()
    - block: rsxx: fix error return code of rsxx_pci_probe()
    - alpha: add $(src)/ rather than $(obj)/ to make source file path
    - alpha: merge build rules of division routines
    - alpha: make short build log available for division routines
    - alpha: Package string routines together
    - alpha: move exports to actual definitions
    - alpha: get rid of tail-zeroing in __copy_user()
    - alpha: switch __copy_user() and __do_clean_user() to normal calling
      conventions
    - powerpc/64s: Fix instruction encoding for lis in ppc_function_entry()
    - media: hdpvr: Fix an error handling path in hdpvr_probe()
    - KVM: arm64: Fix exclusive limit for IPA size
    - xen/events: reset affinity of 2-level event when tearing it down
    - xen/events: don't unmask an event channel when an eoi is pending
    - xen/events: avoid handling the same event on two cpus at the same time
    - Linux 4.4.262
  * Xenial update: v4.4.261 upstream stable release (LP: #1920218)
    - futex: fix irq self-deadlock and satisfy assertion
    - futex: fix spin_lock() / spin_unlock_irq() imbalance
    - ALSA: ctxfi: cthw20k2: fix mask on conf to allow 4 bits
    - rsxx: Return -EFAULT if copy_to_user() fails
    - dm table: fix iterate_devices based device capability checks
    - platform/x86: acer-wmi: Add new force_caps module parameter
    - PCI: Add function 1 DMA alias quirk for Marvell 9215 SATA controller
    - Linux 4.4.261
  * CVE-2019-19061
    - iio: imu: adis16400: fix memory leak
  * CVE-2018-5953 // CVE-2018-5995 // CVE-2018-7754
    - printk: hash addresses printed with %p
  * CVE-2017-5967
    - time: Remove CONFIG_TIMER_STATS
    - [Config] Dropped CONFIG_TIMER_STATS
  * CVE-2019-16232
    - libertas: fix a potential NULL pointer dereference
  * CVE-2015-1350
    - xfs: Propagate dentry down to inode_change_ok()
    - fuse: Propagate dentry down to inode_change_ok()
    - fs: Give dentry to inode_change_ok() instead of inode
    - fs: Avoid premature clearing of capabilities
  * CVE-2018-13095
    - xfs: More robust inode extent count validation
  * i40e PF reset due to incorrect MDD event (LP: #1772675)
    - i40e: change behavior on PF in response to MDD event
  * Xenial update: v4.4.260 upstream stable release (LP: #1918184)
    - futex: Ensure the correct return value from futex_lock_pi()
    - net: usb: qmi_wwan: support ZTE P685M modem
    - iwlwifi: pcie: fix to correct null check
    - mmc: sdhci-esdhc-imx: fix kernel panic when remove module
    - scripts: use pkg-config to locate libcrypto
    - scripts: set proper OpenSSL include dir also for sign-file
    - hugetlb: fix update_and_free_page contig page struct assumption
    - JFS: more checks for invalid superblock
    - xfs: Fix assert failure in xfs_setattr_size()
    - net: fix up truesize of cloned skb in skb_prepare_for_shift()
    - mm/hugetlb.c: fix unnecessary address expansion of pmd sharing
    - staging: fwserial: Fix error handling in fwserial_create
    - x86/reboot: Add Zotac ZBOX CI327 nano PCI reboot quirk
    - vt/consolemap: do font sum unsigned
    - wlcore: Fix command execute failure 19 for wl12xx
    - pktgen: fix misuse of BUG_ON() in pktgen_thread_worker()
    - ath10k: fix wmi mgmt tx queue full due to race condition
    - x86/build: Treat R_386_PLT32 relocation as R_386_PC32
    - Bluetooth: Fix null pointer dereference in amp_read_loc_assoc_final_data
    - staging: most: sound: add sanity check for function argument
    - media: uvcvideo: Allow entities with no pads
    - Xen/gnttab: handle p2m update errors on a per-slot basis
    - xen-netback: respect gnttab_map_refs()'s return value
    - zsmalloc: account the number of compacted pages correctly
    - swap: fix swapfile read/write offset
    - media: v4l: ioctl: Fix memory leak in video_usercopy
    - Linux 4.4.260
  * Xenial update: v4.4.259 upstream stable release (LP: #1918182)
    - HID: make arrays usage and value to be the same
    - usb: quirks: add quirk to start video capture on ELMO L-12F document camera
      reliable
    - xen-netback: delete NAPI instance when queue fails to initialize
    - ntfs: check for valid standard information attribute
    - igb: Remove incorrect "unexpected SYS WRAP" log message
    - scripts/recordmcount.pl: support big endian for ARCH sh
    - kdb: Make memory allocations more robust
    - MIPS: vmlinux.lds.S: add missing PAGE_ALIGNED_DATA() section
    - Bluetooth: Fix initializing response id after clearing struct
    - ARM: dts: exynos: correct PMIC interrupt trigger level on Spring
    - ARM: dts: exynos: correct PMIC interrupt trigger level on Arndale Octa
    - Bluetooth: drop HCI device reference before return
    - Bluetooth: Put HCI device if inquiry procedure interrupts
    - usb: dwc2: Abort transaction after errors with unknown reason
    - usb: dwc2: Make "trimming xfer length" a debug message
    - ARM: s3c: fix fiq for clang IAS
    - bnxt_en: reverse order of TX disable and carrier off
    - xen/netback: fix spurious event detection for common event case
    - b43: N-PHY: Fix the update of coef for the PHY revision >= 3case
    - fbdev: aty: SPARC64 requires FB_ATY_CT
    - drm/gma500: Fix error return code in psb_driver_load()
    - gma500: clean up error handling in init
    - MIPS: c-r4k: Fix section mismatch for loongson2_sc_init
    - MIPS: lantiq: Explicitly compare LTQ_EBU_PCC_ISTAT against 0
    - media: media/pci: Fix memleak in empress_init
    - media: tm6000: Fix memleak in tm6000_start_stream
    - ASoC: cs42l56: fix up error handling in probe
    - media: lmedm04: Fix misuse of comma
    - media: cx25821: Fix a bug when reallocating some dma memory
    - media: uvcvideo: Accept invalid bFormatIndex and bFrameIndex values
    - btrfs: clarify error returns values in __load_free_space_cache
    - fs/jfs: fix potential integer overflow on shift of a int
    - jffs2: fix use after free in jffs2_sum_write_data()
    - clk: meson: clk-pll: fix initializing the old rate (fallback) for a PLL
    - HID: core: detect and skip invalid inputs to snto32()
    - dmaengine: fsldma: Fix a resource leak in the remove function
    - dmaengine: fsldma: Fix a resource leak in an error handling path of the
      probe function
    - clocksource/drivers/mxs_timer: Add missing semicolon when DEBUG is defined
    - regulator: axp20x: Fix reference cout leak
    - isofs: release buffer head before return
    - IB/umad: Return EIO in case of when device disassociated
    - powerpc/47x: Disable 256k page size
    - mmc: usdhi6rol0: Fix a resource leak in the error handling path of the probe
    - ARM: 9046/1: decompressor: Do not clear SCTLR.nTLSMD for ARMv7+ cores
    - amba: Fix resource leak for drivers without .remove
    - tracepoint: Do not fail unregistering a probe due to memory failure
    - mfd: wm831x-auxadc: Prevent use after free in wm831x_auxadc_read_irq()
    - powerpc/pseries/dlpar: handle ibm, configure-connector delay status
    - perf intel-pt: Fix missing CYC processing in PSB
    - perf test: Fix unaligned access in sample parsing test
    - Input: elo - fix an error code in elo_connect()
    - sparc64: only select COMPAT_BINFMT_ELF if BINFMT_ELF is set
    - misc: eeprom_93xx46: Fix module alias to enable module autoprobe
    - misc: eeprom_93xx46: Add module alias to avoid breaking support for non
      device tree users
    - VMCI: Use set_page_dirty_lock() when unregistering guest memory
    - PCI: Align checking of syscall user config accessors
    - mm/memory.c: fix potential pte_unmap_unlock pte error
    - mm/hugetlb: fix potential double free in hugetlb_register_node() error path
    - i2c: brcmstb: Fix brcmstd_send_i2c_cmd condition
    - scsi: bnx2fc: Fix Kconfig warning & CNIC build errors
    - block: Move SECTOR_SIZE and SECTOR_SHIFT definitions into <linux/blkdev.h>
    - blk-settings: align max_sectors on "logical_block_size" boundary
    - Input: xpad - add support for PowerA Enhanced Wired Controller for Xbox
      Series X|S
    - Input: joydev - prevent potential read overflow in ioctl
    - Input: i8042 - add ASUS Zenbook Flip to noselftest list
    - USB: serial: option: update interface mapping for ZTE P685M
    - USB: serial: mos7840: fix error code in mos7840_write()
    - USB: serial: mos7720: fix error code in mos7720_write()
    - usb: dwc3: gadget: Fix setting of DEPCFG.bInterval_m1
    - usb: dwc3: gadget: Fix dep->interval for fullspeed interrupt
    - KEYS: trusted: Fix migratable=1 failing
    - btrfs: fix reloc root leak with 0 ref reloc roots on recovery
    - drivers/misc/vmw_vmci: restrict too big queue size in qp_host_alloc_queue
    - staging: rtl8188eu: Add Edimax EW-7811UN V2 to device table
    - x86/reboot: Force all cpus to exit VMX root if VMX is supported
    - floppy: reintroduce O_NDELAY fix
    - mm: hugetlb: fix a race between freeing and dissolving the page
    - usb: renesas_usbhs: Clear pipe running flag in usbhs_pkt_pop()
    - libnvdimm/dimm: Avoid race between probe and available_slots_show()
    - module: Ignore _GLOBAL_OFFSET_TABLE_ when warning for undefined symbols
    - gpio: pcf857x: Fix missing first interrupt
    - f2fs: fix out-of-repair __setattr_copy()
    - sparc32: fix a user-triggerable oops in clear_user()
    - gfs2: Don't skip dlm unlock if glock has an lvb
    - dm era: Recover committed writeset after crash
    - dm era: Verify the data block size hasn't changed
    - dm era: Fix bitset memory leaks
    - dm era: Use correct value size in equality function of writeset tree
    - dm era: Reinitialize bitset cache before digesting a new writeset
    - dm era: only resize metadata in preresume
    - futex: Fix OWNER_DEAD fixup
    - dm era: Update in-core bitset after committing the metadata
    - Linux 4.4.259
  * CVE-2019-16231
    - fjes: Handle workqueue allocation failure
  * Xenial update: v4.4.258 upstream stable release (LP: #1916661)
    - tracing: Do not count ftrace events in top level enable output
    - fgraph: Initialize tracing_graph_pause at task creation
    - af_key: relax availability checks for skb size calculation
    - iwlwifi: pcie: add a NULL check in iwl_pcie_txq_unmap
    - iwlwifi: mvm: guard against device removal in reprobe
    - SUNRPC: Move simple_get_bytes and simple_get_netobj into private header
    - SUNRPC: Handle 0 length opaque XDR object data properly
    - lib/string: Add strscpy_pad() function
    - include/trace/events/writeback.h: fix -Wstringop-truncation warnings
    - memcg: fix a crash in wb_workfn when a device disappears
    - squashfs: add more sanity checks in id lookup
    - squashfs: add more sanity checks in inode lookup
    - squashfs: add more sanity checks in xattr id lookup
    - memblock: do not start bottom-up allocations with kernel_end
    - netfilter: xt_recent: Fix attempt to update deleted entry
    - h8300: fix PREEMPTION build, TI_PRE_COUNT undefined
    - usb: dwc3: ulpi: fix checkpatch warning
    - usb: dwc3: ulpi: Replace CPU-based busyloop with Protocol-based one
    - net: watchdog: hold device global xmit lock during tx disable
    - vsock: fix locking in vsock_shutdown()
    - x86/build: Disable CET instrumentation in the kernel for 32-bit too
    - trace: Use -mcount-record for dynamic ftrace
    - tracing: Fix SKIP_STACK_VALIDATION=1 build due to bad merge with -mrecord-
      mcount
    - tracing: Avoid calling cc-option -mrecord-mcount for every Makefile
    - Xen/x86: don't bail early from clear_foreign_p2m_mapping()
    - Xen/x86: also check kernel mapping in set_foreign_p2m_mapping()
    - Xen/gntdev: correct dev_bus_addr handling in gntdev_map_grant_pages()
    - Xen/gntdev: correct error checking in gntdev_map_grant_pages()
    - xen/arm: don't ignore return errors from set_phys_to_machine
    - xen-blkback: don't "handle" error by BUG()
    - xen-netback: don't "handle" error by BUG()
    - xen-scsiback: don't "handle" error by BUG()
    - xen-blkback: fix error handling in xen_blkbk_map()
    - scsi: qla2xxx: Fix crash during driver load on big endian machines
    - kvm: check tlbs_dirty directly
    - Linux 4.4.258
  * Xenial update: v4.4.257 upstream stable release (LP: #1916660)
    - net_sched: reject silly cell_log in qdisc_get_rtab()
    - futex,rt_mutex: Provide futex specific rt_mutex API
    - futex: Remove rt_mutex_deadlock_account_*()
    - futex: Rework inconsistent rt_mutex/futex_q state
    - futex: Avoid violating the 10th rule of futex
    - futex: Replace pointless printk in fixup_owner()
    - futex: Provide and use pi_state_update_owner()
    - rtmutex: Remove unused argument from rt_mutex_proxy_unlock()
    - futex: Use pi_state_update_owner() in put_pi_state()
    - futex: Simplify fixup_pi_state_owner()
    - futex: Handle faults correctly for PI futexes
    - usb: udc: core: Use lock when write to soft_connect
    - scsi: libfc: Avoid invoking response handler twice if ep is already
      completed
    - scsi: ibmvfc: Set default timeout to avoid crash during migration
    - stable: clamp SUBLEVEL in 4.4 and 4.9
    - USB: serial: cp210x: add pid/vid for WSDA-200-USB
    - USB: serial: cp210x: add new VID/PID for supporting Teraoka AD2000
    - USB: serial: option: Adding support for Cinterion MV31
    - net: lapb: Copy the skb before sending a packet
    - [Config] updateconfigs for ELFCORE
    - ELF/MIPS build fix
    - elfcore: fix building with clang
    - USB: gadget: legacy: fix an error code in eth_bind()
    - USB: usblp: don't call usb_set_interface if there's a single alt
    - usb: dwc2: Fix endpoint direction check in ep_from_windex
    - mac80211: fix station rate table updates on assoc
    - kretprobe: Avoid re-registration of the same kretprobe earlier
    - cifs: report error instead of invalid when revalidating a dentry fails
    - mmc: core: Limit retries when analyse of SDIO tuples fails
    - ARM: footbridge: fix dc21285 PCI configuration accessors
    - mm: hugetlbfs: fix cannot migrate the fallocated HugeTLB page
    - mm: hugetlb: fix a race between isolating and freeing page
    - mm: hugetlb: remove VM_BUG_ON_PAGE from page_huge_active
    - x86/build: Disable CET instrumentation in the kernel
    - x86/apic: Add extra serialization for non-serializing MSRs
    - Input: xpad - sync supported devices with fork on GitHub
    - ACPI: thermal: Do not call acpi_thermal_check() directly
    - ALSA: hda/realtek - Fix typo of pincfg for Dell quirk
    - Linux 4.4.257
  * Xenial update: v4.4.256 upstream stable release (LP: #1916657)
    - Linux 4.4.256
  * Xenial update: v4.4.255 upstream stable release (LP: #1916656)
    - ACPI: sysfs: Prefer "compatible" modalias
    - wext: fix NULL-ptr-dereference with cfg80211's lack of commit()
    - net: usb: qmi_wwan: added support for Thales Cinterion PLSx3 modem family
    - KVM: x86/pmu: Fix HW_REF_CPU_CYCLES event pseudo-encoding in
      intel_arch_events[]
    - mt7601u: fix kernel crash unplugging the device
    - mt7601u: fix rx buffer refcounting
    - y2038: futex: Move compat implementation into futex.c
    - futex: Move futex exit handling into futex code
    - futex: Replace PF_EXITPIDONE with a state
    - exit/exec: Seperate mm_release()
    - futex: Split futex_mm_release() for exit/exec
    - futex: Set task::futex_state to DEAD right after handling futex exit
    - futex: Mark the begin of futex exit explicitly
    - futex: Sanitize exit state handling
    - futex: Provide state handling for exec() as well
    - futex: Add mutex around futex exit
    - futex: Provide distinct return value when owner is exiting
    - futex: Prevent exit livelock
    - ARM: imx: build suspend-imx6.S with arm instruction set
    - netfilter: nft_dynset: add timeout extension to template
    - xfrm: Fix oops in xfrm_replay_advance_bmp
    - RDMA/cxgb4: Fix the reported max_recv_sge value
    - mac80211: pause TX while changing interface type
    - can: dev: prevent potential information leak in can_fill_info()
    - iommu/vt-d: Gracefully handle DMAR units with no supported address widths
    - iommu/vt-d: Don't dereference iommu_device if IOMMU_API is not built
    - NFC: fix resource leak when target index is invalid
    - NFC: fix possible resource leak
    - Linux 4.4.255

Date: 2021-04-01 22:48:09.449779+00:00
Changed-By: Kelsey Skunberg <kelsey.skunberg at canonical.com>
Signed-By: Andy Whitcroft <apw at canonical.com>
https://launchpad.net/ubuntu/+source/linux-snapdragon/4.4.0-1154.164
-------------- next part --------------
Sorry, changesfile not available.


More information about the Xenial-changes mailing list