[ubuntu/zesty-security] linux-raspi2 4.10.0-1010.13 (Accepted)

Andy Whitcroft apw at canonical.com
Thu Jun 29 07:19:07 UTC 2017


linux-raspi2 (4.10.0-1010.13) zesty; urgency=low

  * linux-raspi2: 4.10.0-1010.13 -proposed tracker (LP: #1700532)


  [ Ubuntu: 4.10.0-26.30 ]

  * linux: 4.10.0-26.30 -proposed tracker (LP: #1700528)
  * CVE-2017-1000364
    - Revert "UBUNTU: SAUCE: mm: Only expand stack if guard area is hit"
    - Revert "mm: do not collapse stack gap into THP"
    - Revert "mm: enlarge stack guard gap"
    - mm: larger stack guard gap, between vmas
    - mm: fix new crash in unmapped_area_topdown()
    - Allow stack to grow up to address space limit

linux-raspi2 (4.10.0-1009.12) zesty; urgency=low

  * linux-raspi2: 4.10.0-1009.12 -proposed tracker (LP: #1699032)

  [ Ubuntu: 4.10.0-25.29 ]

  * linux: 4.10.0-25.29 -proposed tracker (LP: #1699028)
  * CVE-2017-1000364
    - SAUCE: mm: Only expand stack if guard area is hit
  * CVE-2017-9074
    - ipv6: Prevent overrun when parsing v6 header options
    - ipv6: Check ip6_find_1stfragopt() return value properly.
  * [Zesty] QDF2400 ARM64 server - NMI watchdog: BUG: soft lockup - CPU#8 stuck
    for 22s!  (LP: #1680549)
    - iommu/dma: Stop getting dma_32bit_pfn wrong
    - iommu/dma: Implement PCI allocation optimisation
    - iommu/dma: Convert to address-based allocation
    - iommu/dma: Clean up MSI IOVA allocation
    - iommu/dma: Plumb in the per-CPU IOVA caches
    - iommu/iova: Fix underflow bug in __alloc_and_insert_iova_range
  * Zesty update to 4.10.17 stable release (LP: #1692898)
    - xen: adjust early dom0 p2m handling to xen hypervisor behavior
    - target: Fix compare_and_write_callback handling for non GOOD status
    - target/fileio: Fix zero-length READ and WRITE handling
    - iscsi-target: Set session_fall_back_to_erl0 when forcing reinstatement
    - usb: xhci: bInterval quirk for TI TUSB73x0
    - usb: host: xhci: print correct command ring address
    - USB: serial: ftdi_sio: add device ID for Microsemi/Arrow SF2PLUS Dev Kit
    - USB: Proper handling of Race Condition when two USB class drivers try to
      call init_usb_class simultaneously
    - USB: Revert "cdc-wdm: fix "out-of-sync" due to missing notifications"
    - staging: vt6656: use off stack for in buffer USB transfers.
    - staging: vt6656: use off stack for out buffer USB transfers.
    - staging: gdm724x: gdm_mux: fix use-after-free on module unload
    - staging: wilc1000: Fix problem with wrong vif index
    - staging: comedi: jr3_pci: fix possible null pointer dereference
    - staging: comedi: jr3_pci: cope with jiffies wraparound
    - usb: misc: add missing continue in switch
    - usb: gadget: legacy gadgets are optional
    - usb: Make sure usb/phy/of gets built-in
    - usb: hub: Fix error loop seen after hub communication errors
    - usb: hub: Do not attempt to autosuspend disconnected devices
    - x86/boot: Fix BSS corruption/overwrite bug in early x86 kernel startup
    - selftests/x86/ldt_gdt_32: Work around a glibc sigaction() bug
    - x86, pmem: Fix cache flushing for iovec write < 8 bytes
    - um: Fix PTRACE_POKEUSER on x86_64
    - perf/x86: Fix Broadwell-EP DRAM RAPL events
    - KVM: x86: fix user triggerable warning in kvm_apic_accept_events()
    - KVM: arm/arm64: fix races in kvm_psci_vcpu_on
    - arm64: KVM: Fix decoding of Rt/Rt2 when trapping AArch32 CP accesses
    - block: fix blk_integrity_register to use template's interval_exp if not 0
    - crypto: s5p-sss - Close possible race for completed requests
    - crypto: algif_aead - Require setkey before accept(2)
    - crypto: ccp - Use only the relevant interrupt bits
    - crypto: ccp - Disable interrupts early on unload
    - crypto: ccp - Change ISR handler method for a v3 CCP
    - crypto: ccp - Change ISR handler method for a v5 CCP
    - dm crypt: rewrite (wipe) key in crypto layer using random data
    - dm era: save spacemap metadata root after the pre-commit
    - dm rq: check blk_mq_register_dev() return value in
      dm_mq_init_request_queue()
    - dm thin: fix a memory leak when passing discard bio down
    - vfio/type1: Remove locked page accounting workqueue
    - iov_iter: don't revert iov buffer if csum error
    - IB/core: Fix sysfs registration error flow
    - IB/core: For multicast functions, verify that LIDs are multicast LIDs
    - IB/IPoIB: ibX: failed to create mcg debug file
    - IB/mlx4: Fix ib device initialization error flow
    - IB/mlx4: Reduce SRIOV multicast cleanup warning message to debug level
    - IB/hfi1: Prevent kernel QP post send hard lockups
    - perf auxtrace: Fix no_size logic in addr_filter__resolve_kernel_syms()
    - perf annotate s390: Fix perf annotate error -95 (4.10 regression)
    - perf annotate s390: Implement jump types for perf annotate
    - jbd2: fix dbench4 performance regression for 'nobarrier' mounts
    - ext4: evict inline data when writing to memory map
    - orangefs: fix bounds check for listxattr
    - orangefs: clean up oversize xattr validation
    - orangefs: do not set getattr_time on orangefs_lookup
    - orangefs: do not check possibly stale size on truncate
    - fs/xattr.c: zero out memory copied to userspace in getxattr
    - ceph: fix memory leak in __ceph_setxattr()
    - fs/block_dev: always invalidate cleancache in invalidate_bdev()
    - mm: prevent potential recursive reclaim due to clearing PF_MEMALLOC
    - Fix match_prepath()
    - Set unicode flag on cifs echo request to avoid Mac error
    - SMB3: Work around mount failure when using SMB3 dialect to Macs
    - CIFS: fix mapping of SFM_SPACE and SFM_PERIOD
    - cifs: fix leak in FSCTL_ENUM_SNAPS response handling
    - cifs: fix CIFS_ENUMERATE_SNAPSHOTS oops
    - CIFS: fix oplock break deadlocks
    - cifs: fix CIFS_IOC_GET_MNT_INFO oops
    - CIFS: add misssing SFM mapping for doublequote
    - ovl: do not set overlay.opaque on non-dir create
    - padata: free correct variable
    - md/raid1: avoid reusing a resync bio after error handling.
    - device-dax: fix cdev leak
    - device-dax: fix sysfs attribute deadlock
    - dax: prevent invalidation of mapped DAX entries
    - mm: fix data corruption due to stale mmap reads
    - f2fs: fix fs corruption due to zero inode page
    - fscrypt: fix context consistency check when key(s) unavailable
    - serial: samsung: Use right device for DMA-mapping calls
    - serial: omap: fix runtime-pm handling on unbind
    - serial: omap: suspend device on probe errors
    - tty: pty: Fix ldisc flush after userspace become aware of the data already
    - Bluetooth: Fix user channel for 32bit userspace on 64bit kernel
    - Bluetooth: hci_bcm: add missing tty-device sanity check
    - Bluetooth: hci_intel: add missing tty-device sanity check
    - libnvdimm, region: fix flush hint detection crash
    - libnvdimm, pmem: fix a NULL pointer BUG in nd_pmem_notify
    - libnvdimm: fix nvdimm_bus_lock() vs device_lock() ordering
    - libnvdimm, pfn: fix 'npfns' vs section alignment
    - pstore: Shut down worker when unregistering
    - Linux 4.10.17
  * [SRU][Zesty] Support SMMU passthrough using the default domain
    (LP: #1688158)
    - iommu/arm-smmu: Restrict domain attributes to UNMANAGED domains
    - iommu/arm-smmu: Install bypass S2CRs for IOMMU_DOMAIN_IDENTITY domains
    - iommu/arm-smmu-v3: Make arm_smmu_install_ste_for_dev return void
    - iommu: Rename iommu_get_instance()
    - iommu: Rename struct iommu_device
    - iommu: Introduce new 'struct iommu_device'
    - iommu: Add sysfs bindings for struct iommu_device
    - iommu: Make iommu_device_link/unlink take a struct iommu_device
    - iommu: Add iommu_device_set_fwnode() interface
    - iommu/arm-smmu: Make use of the iommu_register interface
    - iommu/arm-smmu-v3: Install bypass STEs for IOMMU_DOMAIN_IDENTITY domains
    - iommu: Allow default domain type to be set on the kernel command line
    - arm64: dma-mapping: Only swizzle DMA ops for IOMMU_DOMAIN_DMA
    - iommu/vt-d: Fix crash on boot when DMAR is disabled
  * Enable Matrox driver for Ubuntu 16.04.3 (LP: #1693337)
    - [Config] Enable CONFIG_DRM_MGAG200 as module
    - drm/mgag200: Added support for the new device G200eH3
  * Ubuntu16.04.03: POWER9 XIVE: msgsnd/doorbell IPI support (backport)
    (LP: #1691973)
    - powerpc/64s: Add msgp facility unavailable log string
    - powerpc/64s: Add SCV FSCR bit for ISA v3.0
    - powerpc/xmon: Dump memory in CPU endian format
    - powerpc/xive: Native exploitation of the XIVE interrupt controller
    - powerpc: Change the doorbell IPI calling convention
    - powerpc: Introduce msgsnd/doorbell barrier primitives
    - powerpc/64s: Avoid a branch for ppc_msgsnd
    - powerpc/powernv: POWER9 support for msgsnd/doorbell IPI
    - powerpc: Add optional smp_ops->prepare_cpu SMP callback
    - powerpc: Add more PPC bit conversion macros
    - powerpc/powernv: Add XIVE related definitions to opal-api.h
    - powerpc/smp: Remove migrate_irq() custom implementation
    - powerpc/powernv: Fix oops on P9 DD1 in cause_ipi()
    - (config) Update configs with PPC_XIVE options
  * CVE-2017-100363
    - char: lp: fix possible integer overflow in lp_setup()
  * CVE-2017-9242
    - ipv6: fix out of bound writes in __ip6_append_data()
  * CVE-2017-9075
    - sctp: do not inherit ipv6_{mc|ac|fl}_list from parent
  * CVE-2017-9076
    - ipv6/dccp: do not inherit ipv6_mc_list from parent
  * CVE-2017-9077
    - ipv6/dccp: do not inherit ipv6_mc_list from parent
  * CVE-2017-8890
    - dccp/tcp: do not inherit mc_list from parent
  * Module signing exclusion for staging drivers does not work properly
    (LP: #1690908)
    - SAUCE: Fix module signing exclusion in package builds
  * extend-diff-ignore should use exact matches (LP: #1693504)
    - [Packaging] exact extend-diff-ignore matches
  * Marvell MacchiatoBin crashes in fintek_8250_probe() (LP: #1692548)
    - drivers/tty: 8250: only call fintek_8250_probe when doing port I/O
  * arm-smmu arm-smmu.2.auto: Unhandled context fault (LP: #1694506)
    - net: thunderx: Fix IOMMU translation faults
  * arm64: mbigen updates (LP: #1692783)
    - Revert "UBUNTU: SAUCE: irqchip: mbigen: Add ACPI support"
    - irqchip/mbigen: Add ACPI support
    - irqchip/mbigen: Fix return value check in mbigen_device_probe()
    - irqchip/mbigen: Fix memory mapping code
    - irqchip/mbigen: Fix potential NULL dereferencing
    - irqchip/mbigen: Fix the clear register offset calculation
  * System doesn't boot properly on Gigabyte AM4 motherboards (AMD Ryzen)
    (LP: #1671360)
    - pinctrl: amd: make use of raw_spinlock variants
    - pinctrl/amd: Use regular interrupt instead of chained
  * PowerPC: Pstore dump for powerpc is broken (LP: #1691045)
    - pstore: Fix flags to enable dumps on powerpc
  * Dell Inspiron on kernel 4.10 : battery detected only after AC power adapter
    event (LP: #1678590)
    - ACPI / blacklist: add _REV quirk for Dell Inspiron 7537
  * APST quirk needed for Intel NVMe (LP: #1686592)
    - nvme: Quirk APST on Intel 600P/P3100 devices
  * Merlin SGMII fail on Ubuntu Xenial HWE kernel (LP: #1686305)
    - drivers: net: phy: xgene: Fix mdio write
  * Zesty update to 4.10.16 stable release (LP: #1691369)
    - 9p: fix a potential acl leak
    - drm/sti: fix GDP size to support up to UHD resolution
    - hwmon: (it87) Fix pwm4 detection for IT8620 and IT8628
    - mtd: nand: Add OX820 NAND hardware dependency
    - tpm: fix RC value check in tpm2_seal_trusted
    - tmp: use pdev for parent device in tpm_chip_alloc
    - crypto: caam - fix error path for ctx_dma mapping failure
    - crypto: caam - don't dma_map key for hash algorithms
    - power: supply: lp8788: prevent out of bounds array access
    - cpupower: Fix turbo frequency reporting for pre-Sandy Bridge cores
    - powerpc/perf: Fix perf_get_data_addr() for power9 DD1
    - powerpc/perf: Handle sdar_mode for marked event in power9
    - powerpc/mm: Fixup wrong LPCR_VRMASD value
    - powerpc/powernv: Fix opal_exit tracepoint opcode
    - powerpc/mm: Fix build break when CMA=n && SPAPR_TCE_IOMMU=y
    - powerpc/ftrace: Fix confusing help text for DISABLE_MPROFILE_KERNEL
    - powerpc: Correctly disable latent entropy GCC plugin on prom_init.o
    - power: supply: bq24190_charger: Fix irq trigger to IRQF_TRIGGER_FALLING
    - power: supply: bq24190_charger: Call set_mode_host() on pm_resume()
    - power: supply: bq24190_charger: Install irq_handler_thread() at end of
      probe()
    - power: supply: bq24190_charger: Call power_supply_changed() for relevant
      component
    - power: supply: bq24190_charger: Don't read fault register outside
      irq_handle_thread()
    - power: supply: bq24190_charger: Handle fault before status on interrupt
    - arm64: dts: r8a7795: Mark EthernetAVB device node disabled
    - arm: dts: qcom: Fix ipq board clock rates
    - arm64: remove wrong CONFIG_PROC_SYSCTL ifdef
    - arm64: Improve detection of user/non-user mappings in set_pte(_at)
    - spi: armada-3700: Remove spi_master_put in a3700_spi_remove()
    - leds: ktd2692: avoid harmless maybe-uninitialized warning
    - ARM: pxa: ezx: fix a910 camera data
    - ARM: dts: NSP: GPIO reboot open-source
    - ARM: dts: imx6sx-udoo-neo: Fix reboot hang
    - ARM: OMAP5 / DRA7: Fix HYP mode boot for thumb2 build
    - ARM: OMAP3: Fix smartreflex platform data regression
    - ARM: dts: am57xx-idk: tpic2810 is on I2C bus, not SPI
    - ARM: dts: sun7i: lamobo-r1: Fix CPU port RGMII settings
    - mwifiex: debugfs: Fix (sometimes) off-by-1 SSID print
    - mwifiex: remove redundant dma padding in AMSDU
    - mwifiex: Avoid skipping WEP key deletion for AP
    - mwifiex: don't enable/disable IRQ 0 during suspend/resume
    - mwifiex: set adapter->dev before starting to use mwifiex_dbg()
    - iwlwifi: mvm: properly check for transport data in dump
    - iwlwifi: mvm: don't restart HW if suspend fails with unified image
    - iwlwifi: mvm: overwrite skb info later
    - iwlwifi: pcie: don't increment / decrement a bool
    - iwlwifi: pcie: trans: Remove unused 'shift_param'
    - iwlwifi: pcie: fix the set of DMA memory mask
    - iwlwifi: mvm: fix reorder timer re-arming
    - iwlwifi: mvm: Use aux queue for offchannel frames in dqa
    - iwlwifi: mvm/pcie: adjust A-MSDU tx_cmd length in PCIe
    - iwlwifi: mvm: fix pending frame counter calculation
    - iwlwifi: mvm: fix references to first_agg_queue in DQA mode
    - iwlwifi: mvm: synchronize firmware DMA paging memory
    - iwlwifi: mvm: writing zero bytes to debugfs causes a crash
    - iwlwifi: mvm: fix accessing fw_id_to_mac_id
    - x86/ioapic: Restore IO-APIC irq_chip retrigger callback
    - x86/pci-calgary: Fix iommu_free() comparison of unsigned expression >= 0
    - x86/mpx: Re-add MPX to selftests Makefile
    - clk: Make x86/ conditional on CONFIG_COMMON_CLK
    - platform/x86: intel_pmc_core: fix out-of-bounds accesses on stack
    - kprobes/x86: Fix kernel panic when certain exception-handling addresses are
      probed
    - x86/platform/intel-mid: Correct MSI IRQ line for watchdog device
    - Revert "KVM: nested VMX: disable perf cpuid reporting"
    - KVM: nVMX: initialize PML fields in vmcs02
    - KVM: nVMX: do not leak PML full vmexit to L1
    - usb: dwc2: host: use msleep() for long delay
    - usb: host: ehci-exynos: Decrese node refcount on exynos_ehci_get_phy() error
      paths
    - usb: host: ohci-exynos: Decrese node refcount on exynos_ehci_get_phy() error
      paths
    - usb: chipidea: Only read/write OTGSC from one place
    - usb: chipidea: Handle extcon events properly
    - USB: serial: keyspan_pda: fix receive sanity checks
    - USB: serial: digi_acceleport: fix incomplete rx sanity check
    - USB: serial: ssu100: fix control-message error handling
    - USB: serial: io_edgeport: fix epic-descriptor handling
    - USB: serial: ti_usb_3410_5052: fix control-message error handling
    - USB: serial: ark3116: fix open error handling
    - USB: serial: ftdi_sio: fix latency-timer error handling
    - USB: serial: quatech2: fix control-message error handling
    - USB: serial: mct_u232: fix modem-status error handling
    - USB: serial: ch341: fix modem-status handling
    - USB: serial: io_edgeport: fix descriptor error handling
    - clk: rockchip: add "," to mux_pll_src_apll_dpll_gpll_usb480m_p on rk3036
    - phy: qcom-usb-hs: Add depends on EXTCON
    - serial: 8250_omap: Fix probe and remove for PM runtime
    - scsi: qedi: Fix possible memory leak in qedi_iscsi_update_conn()
    - scsi: qedi: fix build error without DEBUG_FS
    - scsi: qla2xxx: Fix crash in qla2xxx_eh_abort on bad ptr
    - scsi: mac_scsi: Fix MAC_SCSI=m option when SCSI=m
    - scsi: smartpqi: fix time handling
    - MIPS: R2-on-R6 MULTU/MADDU/MSUBU emulation bugfix
    - brcmfmac: Ensure pointer correctly set if skb data location changes
    - brcmfmac: Make skb header writable before use
    - staging/lustre/llite: move root_squash from sysfs to debugfs
    - staging: wlan-ng: add missing byte order conversion
    - staging: emxx_udc: remove incorrect __init annotations
    - staging: lustre: ptlrpc: avoid warning on missing return
    - ALSA: hda - Fix deadlock of controller device lock at unbinding
    - sparc64: fix fault handling in NGbzero.S and GENbzero.S
    - tcp: do not underestimate skb->truesize in tcp_trim_head()
    - net: adjust skb->truesize in ___pskb_trim()
    - net: macb: fix phy interrupt parsing
    - geneve: fix incorrect setting of UDP checksum flag
    - bpf: enhance verifier to understand stack pointer arithmetic
    - bpf, arm64: fix jit branch offset related to ldimm64
    - tcp: fix wraparound issue in tcp_lp
    - net: ipv6: Do not duplicate DAD on link up
    - net: usb: qmi_wwan: add Telit ME910 support
    - tcp: do not inherit fastopen_req from parent
    - ipv4, ipv6: ensure raw socket message is big enough to hold an IP header
    - rtnetlink: NUL-terminate IFLA_PHYS_PORT_NAME string
    - ipv6: initialize route null entry in addrconf_init()
    - ipv6: reorder ip6_route_dev_notifier after ipv6_dev_notf
    - bnxt_en: allocate enough space for ->ntp_fltr_bmap
    - bpf: don't let ldimm64 leak map addresses on unprivileged
    - net: mdio-mux: bcm-iproc: call mdiobus_free() in error path
    - openvswitch: Set internal device max mtu to ETH_MAX_MTU.
    - f2fs: sanity check segment count
    - xen: Revert commits da72ff5bfcb0 and 72a9b186292d
    - drm/hisilicon/hibmc: Fix wrong pointer passed to PTR_ERR()
    - drm: mxsfb: drm_dev_alloc() returns error pointers
    - drm/ttm: fix use-after-free races in vm fault handling
    - block: get rid of blk_integrity_revalidate()
    - Linux 4.10.16
    - [Config] Remove CONFIG_MTD_NAND_OXNAS=m
    - Ignore missing oxnas_nand
  * Keyboard backlight control does not work on some dell laptops.
    (LP: #1693126)
    - platform/x86: dell-laptop: Add Latitude 7480 and others to the DMI whitelist
    - platform/x86: dell-laptop: Add keyboard backlight timeout AC settings
  * Hardware transaction memory corruption (LP: #1691477)
    - powerpc/tm: Fix FP and VMX register corruption
  * Offlined CPUs of a core fail to come up online on POWER9 DD1 (Ubuntu 17.04)
    (LP: #1685792)
    - powerpc/powernv: Move CPU-Offline idle state invocation from smp.c to idle.c
    - powerpc/powernv/smp: Add busy-wait loop as fall back for CPU-Hotplug
    - powerpc/powernv/idle: Don't override default/deepest directly in kernel
    - powerpc/powernv: Recover correct PACA on wakeup from a stop on P9 DD1
  * [Regression] NUMA_BALANCING disabled on arm64 (LP: #1690914)
    - [Config] CONFIG_NUMA_BALANCING{,_DEFAULT_ENABLED}=y on arm64
  * ATS fix: Fix opal_npu_destroy_context call (LP: #1692580)
    - powerpc/powernv/npu-dma.c: Fix opal_npu_destroy_context() call
  * powerpc/powernv: Introduce address translation services for Nvlink2
    (LP: #1690412)
    - powerpc/powernv: Require MMU_NOTIFIER to fix NPU build
    - drivers/of/base.c: Add of_property_read_u64_index
    - powerpc/powernv: Add sanity checks to pnv_pci_get_{gpu|npu}_dev
    - powerpc/powernv: Introduce address translation services for Nvlink2
  * exec'ing a setuid binary from a threaded program sometimes fails to setuid
    (LP: #1672819)
    - SAUCE: exec: ensure file system accounting in check_unsafe_exec is correct

Date: 2017-06-27 14:36:15.215484+00:00
Changed-By: Juerg Haefliger <juerg.haefliger at canonical.com>
Signed-By: Andy Whitcroft <apw at canonical.com>
https://launchpad.net/ubuntu/+source/linux-raspi2/4.10.0-1010.13
-------------- next part --------------
Sorry, changesfile not available.


More information about the Zesty-changes mailing list