[ubuntu/zesty-proposed] linux 4.9.0-3.4 (Accepted)

Tim Gardner tim.gardner at canonical.com
Mon Nov 28 15:23:30 UTC 2016 

linux (4.9.0-3.4) zesty; urgency=low

  * Miscellaneous Ubuntu changes
    - SAUCE: (namespace) security/integrity: Harden against malformed xattrs
    - SAUCE: (namespace) block_dev: Support checking inode permissions in lookup_bdev()
    - SAUCE: (namespace) block_dev: Check permissions towards block device inode when mounting
    - SAUCE: (namespace) mtd: Check permissions towards mtd block device inode when mounting
    - SAUCE: (namespace) fs: Allow superblock owner to change ownership of inodes
    - SAUCE: (namespace) fs: Don't remove suid for CAP_FSETID for userns root
    - SAUCE: (namespace) fs: Allow superblock owner to access do_remount_sb()
    - SAUCE: (namespace) capabilities: Allow privileged user in s_user_ns to set security.* xattrs
    - SAUCE: (namespace) fs: Allow CAP_SYS_ADMIN in s_user_ns to freeze and thaw filesystems
    - SAUCE: (namespace) posix_acl: Export posix_acl_fix_xattr_userns() to modules
    - SAUCE: (namespace) fuse: Add support for pid namespaces
    - SAUCE: (namespace) fuse: Support fuse filesystems outside of init_user_ns
    - SAUCE: (namespace) fuse: Translate ids in posix acl xattrs
    - SAUCE: (namespace) fuse: Restrict allow_other to the superblock's namespace or a descendant
    - SAUCE: (namespace) fuse: Allow user namespace mounts
    - SAUCE: (namespace) ext4: Add support for unprivileged mounts from user namespaces
    - SAUCE: (namespace) ext4: Add module parameter to enable user namespace mounts
    - SAUCE: (namespace) block_dev: Forbid unprivileged mounting when device is opened for writing
    - SAUCE: (noup) Update spl to 0.6.5.8-0ubuntu7, zfs to 0.6.5.8-2ubuntu1

  * Miscellaneous upstream changes
    - Revert "UBUNTU: SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs"

  [ Upstream Kernel Changes ]

  * rebase to v4.9-rc7

Date: Tue, 22 Nov 2016 07:51:48 -0700
Changed-By: Tim Gardner <tim.gardner at canonical.com>
Maintainer: Ubuntu Kernel Team <kernel-team at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/linux/4.9.0-3.4
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 22 Nov 2016 07:51:48 -0700
Source: linux
Binary: linux-source-4.9.0 linux-doc linux-headers-4.9.0-3 linux-libc-dev linux-tools-common linux-tools-4.9.0-3 linux-cloud-tools-common linux-cloud-tools-4.9.0-3 linux-image-4.9.0-3-generic linux-image-extra-4.9.0-3-generic linux-headers-4.9.0-3-generic linux-image-4.9.0-3-generic-dbgsym linux-tools-4.9.0-3-generic linux-cloud-tools-4.9.0-3-generic linux-udebs-generic linux-image-4.9.0-3-generic-lpae linux-image-extra-4.9.0-3-generic-lpae linux-headers-4.9.0-3-generic-lpae linux-image-4.9.0-3-generic-lpae-dbgsym linux-tools-4.9.0-3-generic-lpae linux-cloud-tools-4.9.0-3-generic-lpae linux-udebs-generic-lpae linux-image-4.9.0-3-lowlatency linux-image-extra-4.9.0-3-lowlatency linux-headers-4.9.0-3-lowlatency linux-image-4.9.0-3-lowlatency-dbgsym linux-tools-4.9.0-3-lowlatency linux-cloud-tools-4.9.0-3-lowlatency linux-udebs-lowlatency linux-image-4.9.0-3-powerpc-e500mc linux-image-extra-4.9.0-3-powerpc-e500mc linux-headers-4.9.0-3-powerpc-e500mc
 linux-image-4.9.0-3-powerpc-e500mc-dbgsym linux-tools-4.9.0-3-powerpc-e500mc linux-cloud-tools-4.9.0-3-powerpc-e500mc linux-udebs-powerpc-e500mc linux-image-4.9.0-3-powerpc-smp linux-image-extra-4.9.0-3-powerpc-smp linux-headers-4.9.0-3-powerpc-smp linux-image-4.9.0-3-powerpc-smp-dbgsym linux-tools-4.9.0-3-powerpc-smp linux-cloud-tools-4.9.0-3-powerpc-smp linux-udebs-powerpc-smp linux-image-4.9.0-3-powerpc64-emb linux-image-extra-4.9.0-3-powerpc64-emb linux-headers-4.9.0-3-powerpc64-emb linux-image-4.9.0-3-powerpc64-emb-dbgsym linux-tools-4.9.0-3-powerpc64-emb linux-cloud-tools-4.9.0-3-powerpc64-emb
 linux-udebs-powerpc64-emb
Architecture: source
Version: 4.9.0-3.4
Distribution: zesty
Urgency: low
Maintainer: Ubuntu Kernel Team <kernel-team at lists.ubuntu.com>
Changed-By: Tim Gardner <tim.gardner at canonical.com>
Description:
 linux-cloud-tools-4.9.0-3 - Linux kernel version specific cloud tools for version 4.9.0-3
 linux-cloud-tools-4.9.0-3-generic - Linux kernel version specific cloud tools for version 4.9.0-3
 linux-cloud-tools-4.9.0-3-generic-lpae - Linux kernel version specific cloud tools for version 4.9.0-3
 linux-cloud-tools-4.9.0-3-lowlatency - Linux kernel version specific cloud tools for version 4.9.0-3
 linux-cloud-tools-4.9.0-3-powerpc-e500mc - Linux kernel version specific cloud tools for version 4.9.0-3
 linux-cloud-tools-4.9.0-3-powerpc-smp - Linux kernel version specific cloud tools for version 4.9.0-3
 linux-cloud-tools-4.9.0-3-powerpc64-emb - Linux kernel version specific cloud tools for version 4.9.0-3
 linux-cloud-tools-common - Linux kernel version specific cloud tools for version 4.9.0
 linux-doc  - Linux kernel specific documentation for version 4.9.0
 linux-headers-4.9.0-3 - Header files related to Linux kernel version 4.9.0
 linux-headers-4.9.0-3-generic - Linux kernel headers for version 4.9.0 on 64 bit x86 SMP
 linux-headers-4.9.0-3-generic-lpae - Linux kernel headers for version 4.9.0 on 64 bit x86 SMP
 linux-headers-4.9.0-3-lowlatency - Linux kernel headers for version 4.9.0 on 64 bit x86 SMP
 linux-headers-4.9.0-3-powerpc-e500mc - Linux kernel headers for version 4.9.0 on 32-bit Freescale Power
 linux-headers-4.9.0-3-powerpc-smp - Linux kernel headers for version 4.9.0 on 32-bit PowerPC SMP
 linux-headers-4.9.0-3-powerpc64-emb - Linux kernel headers for version 4.9.0 on 64-bit PowerPC SMP Book
 linux-image-4.9.0-3-generic - Linux kernel image for version 4.9.0 on 64 bit x86 SMP
 linux-image-4.9.0-3-generic-dbgsym - Linux kernel debug image for version 4.9.0 on 64 bit x86 SMP
 linux-image-4.9.0-3-generic-lpae - Linux kernel image for version 4.9.0 on 64 bit x86 SMP
 linux-image-4.9.0-3-generic-lpae-dbgsym - Linux kernel debug image for version 4.9.0 on 64 bit x86 SMP
 linux-image-4.9.0-3-lowlatency - Linux kernel image for version 4.9.0 on 64 bit x86 SMP
 linux-image-4.9.0-3-lowlatency-dbgsym - Linux kernel debug image for version 4.9.0 on 64 bit x86 SMP
 linux-image-4.9.0-3-powerpc-e500mc - Linux kernel image for version 4.9.0 on 32-bit Freescale Power e5
 linux-image-4.9.0-3-powerpc-e500mc-dbgsym - Linux kernel debug image for version 4.9.0 on 32-bit Freescale Po
 linux-image-4.9.0-3-powerpc-smp - Linux kernel image for version 4.9.0 on 32-bit PowerPC SMP
 linux-image-4.9.0-3-powerpc-smp-dbgsym - Linux kernel debug image for version 4.9.0 on 32-bit PowerPC SMP
 linux-image-4.9.0-3-powerpc64-emb - Linux kernel image for version 4.9.0 on 64-bit PowerPC SMP Book3E
 linux-image-4.9.0-3-powerpc64-emb-dbgsym - Linux kernel debug image for version 4.9.0 on 64-bit PowerPC SMP
 linux-image-extra-4.9.0-3-generic - Linux kernel extra modules for version 4.9.0 on 64 bit x86 SMP
 linux-image-extra-4.9.0-3-generic-lpae - Linux kernel extra modules for version 4.9.0 on 64 bit x86 SMP
 linux-image-extra-4.9.0-3-lowlatency - Linux kernel extra modules for version 4.9.0 on 64 bit x86 SMP
 linux-image-extra-4.9.0-3-powerpc-e500mc - Linux kernel extra modules for version 4.9.0 on 32-bit Freescale
 linux-image-extra-4.9.0-3-powerpc-smp - Linux kernel extra modules for version 4.9.0 on 32-bit PowerPC SM
 linux-image-extra-4.9.0-3-powerpc64-emb - Linux kernel extra modules for version 4.9.0 on 64-bit PowerPC SM
 linux-libc-dev - Linux Kernel Headers for development
 linux-source-4.9.0 - Linux kernel source for version 4.9.0 with Ubuntu patches
 linux-tools-4.9.0-3 - Linux kernel version specific tools for version 4.9.0-3
 linux-tools-4.9.0-3-generic - Linux kernel version specific tools for version 4.9.0-3
 linux-tools-4.9.0-3-generic-lpae - Linux kernel version specific tools for version 4.9.0-3
 linux-tools-4.9.0-3-lowlatency - Linux kernel version specific tools for version 4.9.0-3
 linux-tools-4.9.0-3-powerpc-e500mc - Linux kernel version specific tools for version 4.9.0-3
 linux-tools-4.9.0-3-powerpc-smp - Linux kernel version specific tools for version 4.9.0-3
 linux-tools-4.9.0-3-powerpc64-emb - Linux kernel version specific tools for version 4.9.0-3
 linux-tools-common - Linux kernel version specific tools for version 4.9.0
 linux-udebs-generic - Metapackage depending on kernel udebs (udeb)
 linux-udebs-generic-lpae - Metapackage depending on kernel udebs (udeb)
 linux-udebs-lowlatency - Metapackage depending on kernel udebs (udeb)
 linux-udebs-powerpc-e500mc - Metapackage depending on kernel udebs (udeb)
 linux-udebs-powerpc-smp - Metapackage depending on kernel udebs (udeb)
 linux-udebs-powerpc64-emb - Metapackage depending on kernel udebs (udeb)
Changes:
 linux (4.9.0-3.4) zesty; urgency=low
 .
   * Miscellaneous Ubuntu changes
     - SAUCE: (namespace) security/integrity: Harden against malformed xattrs
     - SAUCE: (namespace) block_dev: Support checking inode permissions in lookup_bdev()
     - SAUCE: (namespace) block_dev: Check permissions towards block device inode when mounting
     - SAUCE: (namespace) mtd: Check permissions towards mtd block device inode when mounting
     - SAUCE: (namespace) fs: Allow superblock owner to change ownership of inodes
     - SAUCE: (namespace) fs: Don't remove suid for CAP_FSETID for userns root
     - SAUCE: (namespace) fs: Allow superblock owner to access do_remount_sb()
     - SAUCE: (namespace) capabilities: Allow privileged user in s_user_ns to set security.* xattrs
     - SAUCE: (namespace) fs: Allow CAP_SYS_ADMIN in s_user_ns to freeze and thaw filesystems
     - SAUCE: (namespace) posix_acl: Export posix_acl_fix_xattr_userns() to modules
     - SAUCE: (namespace) fuse: Add support for pid namespaces
     - SAUCE: (namespace) fuse: Support fuse filesystems outside of init_user_ns
     - SAUCE: (namespace) fuse: Translate ids in posix acl xattrs
     - SAUCE: (namespace) fuse: Restrict allow_other to the superblock's namespace or a descendant
     - SAUCE: (namespace) fuse: Allow user namespace mounts
     - SAUCE: (namespace) ext4: Add support for unprivileged mounts from user namespaces
     - SAUCE: (namespace) ext4: Add module parameter to enable user namespace mounts
     - SAUCE: (namespace) block_dev: Forbid unprivileged mounting when device is opened for writing
     - SAUCE: (noup) Update spl to 0.6.5.8-0ubuntu7, zfs to 0.6.5.8-2ubuntu1
 .
   * Miscellaneous upstream changes
     - Revert "UBUNTU: SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs"
 .
   [ Upstream Kernel Changes ]
 .
   * rebase to v4.9-rc7
Checksums-Sha1:
 9ccb862836f54c121a8d6bcabfe3fa5cb22a9a22 8436 linux_4.9.0-3.4.dsc
 0d5deba5ce8eb4f0e976e145be7d624d8b583651 150791528 linux_4.9.0-3.4.tar.gz
Checksums-Sha256:
 a279dc7e33b939a65fbc0b8f4e268ffe363ebbaaa9995598ee1dabb9148d976f 8436 linux_4.9.0-3.4.dsc
 ec2bf64552c2f0e68dc3773097dd4e0f9f15572655cef9b203361adf06e21c02 150791528 linux_4.9.0-3.4.tar.gz
Files:
 272a6784b6752b7eaa80ddbf534be52f 8436 devel optional linux_4.9.0-3.4.dsc
 4ecbd549d7451da2f90901e22f892ca7 150791528 devel optional linux_4.9.0-3.4.tar.gz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCgAGBQJYPEmcAAoJED12yEX6FEfKsVgP/RGX9NDH5jR9G2zCmofuxDYR
Qhgc8JaXeYzec2iEQQtugKCJP+GbGqQYYQqagfI9aM907zCU0J+HpRauPaeupmjA
R+kD2ArG6bOza9eUu9uhpLquTKQDAj4CuXV9kx3XioRfLj5pJcSGiL+P8P5mN9No
2sFknFY6Y//lut94Cbvil1z6qOEpjkerkZ5erbYm9R/sX8FNZxzfsZFD9i2HBPzM
6irHTgYmIjy5Y/U3W4DR4Pb62gd8y32dIHEeVp+VUowc5vbKZjxV/Ak7JQQ4UtqZ
G6q7dFhKynk/NysOT/HnpUrj5vXlBSVWNpua3EumctGLKYXA0BywJRhgS7ivP7rz
zGMXqmRzt5MORWkBranVgIpIfFGAIYbtkKhsTrfgguy3F3aFSu39oJucMgPrcOWI
IgBKuKIpQfv/63nAHkVn92ODK32LrDvfhEqVB7k03EpuskAtqh0jsG73dGa6gxB3
OL2cFfp+HhoYm/ACvXHLeuaMcwIMu4IKqkV+R4cEtBr9x3mpGRWm2nDCtGoCdeUu
I14Tld8eCrfcurYjqrtlEXAosstZ60IESKb1IafYEDyHCs18zQ4U0A1aJtc6Ys6Q
Au6xzQyhcvuGqzzBPCyeMjryquw8q3IFdtxD3lKs/aqM0vl7Cq3s7fMsBeK5oCdK
Qzh1CajJjo49ijtbRB4V
=D+hM
-----END PGP SIGNATURE-----

More information about the Zesty-changes mailing list