linux (4.12.0-11.12) artful; urgency=low * linux: 4.12.0-11.12 -proposed tracker (LP: #1709929) * CVE-2017-1000111 - packet: fix tp_reserve race in packet_set_ring * CVE-2017-1000112 - udp: consistently apply ufo or fragmentation * Please only recommend or suggest initramfs-tools | linux-initramfs-tool for kernels able to boot without initramfs (LP: #1700972) - Revert "UBUNTU: [Debian] Don't depend on initramfs-tools" - [Debian] Don't depend on initramfs-tools * Miscellaneous Ubuntu changes - SAUCE: (noup) Update spl to 0.6.5.11-ubuntu1, zfs to 0.6.5.11-1ubuntu3 - SAUCE: powerpc: Always initialize input array when calling epapr_hypercall() * Miscellaneous upstream changes - selftests: typo correction for memory-hotplug test - selftests: check hot-pluggagble memory for memory-hotplug test - selftests: check percentage range for memory-hotplug test - selftests: add missing test name in memory-hotplug test - selftests: fix memory-hotplug test -- Seth Forshee Thu, 10 Aug 2017 13:37:00 -0500 linux (4.12.0-10.11) artful; urgency=low * hisi_sas performance improvements (LP: #1708734) - scsi: hisi_sas: define hisi_sas_device.device_id as int - scsi: hisi_sas: optimise the usage of hisi_hba.lock - scsi: hisi_sas: relocate sata_done_v2_hw() - scsi: hisi_sas: optimise DMA slot memory * hisi_sas driver reports mistakes timed out task for internal abort (LP: #1708730) - scsi: hisi_sas: fix timeout check in hisi_sas_internal_task_abort() * scsi: hisi_sas: add null check before indirect pointer dereference (LP: #1708714) - scsi: hisi_sas: add null check before indirect pointer dereference * Artful update to 4.12.5 stable release (LP: #1709079) - jfs: Don't clear SGID when inheriting ACLs - ALSA: fm801: Initialize chip after IRQ handler is registered - ALSA: hda - Add missing NVIDIA GPU codec IDs to patch table - parisc: Prevent TLB speculation on flushed pages on CPUs that only support equivalent aliases - parisc: Extend disabled preemption in copy_user_page - parisc: Suspend lockup detectors before system halt - powerpc/pseries: Fix of_node_put() underflow during reconfig remove - mmc: sunxi: Keep default timing phase settings for new timing mode - NFS: invalidate file size when taking a lock. - NFSv4.1: Fix a race where CB_NOTIFY_LOCK fails to wake a waiter - scripts/dtc: dtx_diff - update include dts paths to match build - crypto: brcm - Fix SHA3-512 algorithm failure - crypto: brcm - remove BCM_PDC_MBOX dependency in Kconfig - crypto: authencesn - Fix digest_null crash - KVM: PPC: Book3S HV: Enable TM before accessing TM registers - KVM: PPC: Book3S HV: Fix host crash on changing HPT size - dm integrity: fix inefficient allocation of journal space - dm integrity: test for corrupted disk format during table load - md: remove 'idx' from 'struct resync_pages' - md/raid1: fix writebehind bio clone - md/raid5: add thread_group worker async_tx_issue_pending_all - drm/vmwgfx: Fix gcc-7.1.1 warning - drm/vmwgfx: Limit max desktop dimensions to 8Kx8K - drm/nouveau/disp/nv50-: bump max chans to 21 - drm/nouveau/bar/gf100: fix access to upper half of BAR2 - drm/i915: Fix scaler init during CRTC HW state readout - isdn/i4l: fix buffer overflow - ipmi/watchdog: fix watchdog timeout set on reboot - mmc: tmio-mmc: fix bad pointer math - Linux 4.12.5 * CVE-2017-7533 - dentry name snapshots * Lenovo Yoga 910 Sensors (LP: #1708120) - SAUCE: (no-up) HID: Add quirk for Lenovo Yoga 910 with ITE Chips * Unable to install Ubuntu on the NVMe disk under VMD PCI domain (LP: #1703339) - [Config] Add vmd driver to generic inclusion list * Set CONFIG_SATA_HIGHBANK=y on armhf (LP: #1703430) - [Config] CONFIG_SATA_HIGHBANK=y * Mute key LED does not work on HP ProBook 440 (LP: #1705586) - ALSA: hda - Add mute led support for HP ProBook 440 G4 * Hisilicon D05 onboard fibre NIC link indicator LEDs don't work (LP: #1704903) - net: hns: add acpi function of xge led control * Please only recommend or suggest initramfs-tools | linux-initramfs-tool for kernels able to boot without initramfs (LP: #1700972) - [Debian] Don't depend on initramfs-tools * Ubuntu 16.04.02: ibmveth: Support to enable LSO/CSO for Trunk VEA (LP: #1692538) - ibmveth: Support to enable LSO/CSO for Trunk VEA. * Artful update to 4.12.4 stable release (LP: #1707292) - disable new gcc-7.1.1 warnings for now - ir-core: fix gcc-7 warning on bool arithmetic - s5p-jpeg: don't return a random width/height - thermal: max77620: fix device-node reference imbalance - thermal: cpu_cooling: Avoid accessing potentially freed structures - ath9k: fix tx99 use after free - ath9k: fix tx99 bus error - iwlwifi: mvm: fix the recovery flow while connecting - NFC: fix broken device allocation - NFC: nfcmrvl_uart: add missing tty-device sanity check - NFC: nfcmrvl: do not use device-managed resources - NFC: nfcmrvl: use nfc-device for firmware download - NFC: nfcmrvl: fix firmware-management initialisation - nfc: Ensure presence of required attributes in the activate_target handler - nfc: Fix the sockaddr length sanitization in llcp_sock_connect - NFC: Add sockaddr length checks before accessing sa_family in bind handlers - perf intel-pt: Move decoder error setting into one condition - perf intel-pt: Improve sample timestamp - perf intel-pt: Fix missing stack clear - perf intel-pt: Ensure IP is zero when state is INTEL_PT_STATE_NO_IP - perf intel-pt: Fix last_ip usage - perf intel-pt: Ensure never to set 'last_ip' when packet 'count' is zero - perf intel-pt: Use FUP always when scanning for an IP - perf intel-pt: Clear FUP flag on error - Bluetooth: use constant time memory comparison for secret values - wlcore: fix 64K page support - pstore: Don't warn if data is uncompressed and type is not PSTORE_TYPE_DMESG - mwifiex: fixup error cases in mwifiex_add_virtual_intf() - Btrfs: fix invalid extent maps due to hole punching - btrfs: Don't clear SGID when inheriting ACLs - Btrfs: incremental send, fix invalid memory access - igb: Explicitly select page 0 at initialization - spi: atmel: fix corrupted data issue on SAM9 family SoCs - ASoC: zx-i2s: flip I2S master/slave mode - ASoC: compress: Derive substream from stream based on direction - ASoC: atmel: tse850: fix off-by-one in the "ANA" enumeration count - PM / Domains: Fix unsafe iteration over modified list of device links - PM / Domains: Fix unsafe iteration over modified list of domain providers - PM / Domains: Fix unsafe iteration over modified list of domains - scsi: ses: do not add a device to an enclosure if enclosure_add_links() fails. - scsi: virtio_scsi: let host do exception handling - scsi: qla2xxx: Allow ABTS, PURX, RIDA on ATIOQ for ISP83XX/27XX - scsi: Add STARGET_CREATED_REMOVE state to scsi_target_state - scsi: Avoid that scsi_exit_rq() triggers a use-after-free - iscsi-target: Add login_keys_workaround attribute for non RFC initiators - xen/scsiback: Fix a TMR related use-after-free - scsi: virtio_scsi: always read VPD pages for multiqueue too - powerpc/mm/radix: Only add X for pages overlapping kernel text - powerpc/pseries: Fix passing of pp0 in updatepp() and updateboltedpp() - powerpc/mm/radix: Fix execute permissions for interrupt_vectors - powerpc/64: Fix atomic64_inc_not_zero() to return an int - powerpc: Fix emulation of mcrf in emulate_step() - powerpc: Fix emulation of mfocrf in emulate_step() - powerpc/asm: Mark cr0 as clobbered in mftb() - powerpc/mm/radix: Properly clear process table entry - powerpc/perf: Fix SDAR_MODE value for continous sampling on Power9 - xen/x86: fix cpu hotplug - PCI: vmd: Move SRCU cleanup after bus, child device removal - PCI: Work around poweroff & suspend-to-RAM issue on Macbook Pro 11 - PCI: rockchip: Use normal register bank for config accessors - PCI/PM: Restore the status of PCI devices across hibernation - PCI/MSI: Ignore affinity if pre/post vector count is more than min_vecs - usb: xhci: fix spinlock recursion for USB2 test mode - xhci: fix memleak in xhci_run() - xhci: fix 20000ms port resume timeout - xhci: Fix NULL pointer dereference when cleaning up streams for removed host - mxl111sf: Fix driver to use heap allocate buffers for USB messages - usb: storage: return on error to avoid a null pointer dereference - USB: cdc-acm: add device-id for quirky printer - usb: renesas_usbhs: fix usbhsc_resume() for !USBHSF_RUNTIME_PWCTRL - usb: renesas_usbhs: gadget: disable all eps when the driver stops - HID: multitouch: do not blindly set EV_KEY or EV_ABS bits - md: don't use flush_signals in userspace processes - md: fix deadlock between mddev_suspend() and md_write_start() - x86/xen: allow userspace access during hypercalls - cx88: Fix regression in initial video standard setting - rc-core: fix input repeat handling - tools/testing/nvdimm: fix nfit_test buffer overflow - libnvdimm, btt: fix btt_rw_page not returning errors - libnvdimm: fix the clear-error check in nsio_rw_bytes - libnvdimm: fix badblock range handling of ARS range - ext2: Don't clear SGID when inheriting ACLs - dm raid: stop using BUG() in __rdev_sectors() - Raid5 should update rdev->sectors after reshape - s390/syscalls: Fix out of bounds arguments access - drm/amdgpu/gfx8: drop per-APU CU limits - drm/amdgpu: fix vblank_time when displays are off - drm/amdgpu/cgs: always set reference clock in mode_info - drm/amd/amdgpu: Return error if initiating read out of range on vram - drm/amdgpu: fix the memory corruption on S3 - drm/amdgpu: Don't call amd_powerplay_destroy() if we don't have powerplay - drm/radeon/ci: disable mclk switching for high refresh rates (v2) - drm/radeon: Fix eDP for single-display iMac10,1 (v2) - drm/ttm: Fix use-after-free in ttm_bo_clean_mm - drm/etnaviv: Expose our reservation object when exporting a dmabuf. - ipmi: use rcu lock around call to intf->handlers->sender() - ipmi:ssif: Add missing unlock in error branch - xfs: Don't clear SGID when inheriting ACLs - CIFS: Reconnect expired SMB sessions - f2fs: load inode's flag from disk - f2fs: wake up all waiters in f2fs_submit_discard_endio - f2fs: sanity check checkpoint segno and blkoff - f2fs: try to freeze in gc and discard threads - f2fs: Do not issue small discards in LFS mode - f2fs: sanity check size of nat and sit cache - f2fs: use spin_{,un}lock_irq{save,restore} - f2fs: Don't clear SGID when inheriting ACLs - serial: st-asc: Potential error pointer dereference - serial: sh-sci: Uninitialized variables in sysfs files - ovl: mark parent impure on ovl_link() - ovl: fix random return value on mount - drm/amd/powerplay: fix memory leak in cz_hwmgr backend - drm/i915: Disable MSI for all pre-gen5 - vfio: Fix group release deadlock - vfio: New external user group/file match - vfio: Remove unnecessary uses of vfio_container.group_lock - nvme-rdma: remove race conditions from IB signalling - ftrace: Fix uninitialized variable in match_records() - drm/i915/gvt: Fix inconsistent locks holding sequence - drm/atomic: Add missing drm_atomic_state_clear to atomic_remove_fb - MIPS: Fix mips_atomic_set() retry condition - MIPS: Fix mips_atomic_set() with EVA - MIPS: Negate error syscall return in trace - mtd: nand: tango: Fix incorrect use of SEQIN command - ubifs: Correctly evict xattr inodes - ubifs: Don't leak kernel memory to the MTD - ubifs: Don't encrypt special files on creation - ubifs: Set double hash cookie also for RENAME_EXCHANGE - ACPI / EC: Drop EC noirq hooks to fix a regression - Revert "ACPI / EC: Enable event freeze mode..." to fix a regression - x86/acpi: Prevent out of bound access caused by broken ACPI tables - x86/ioapic: Pass the correct data to unmask_ioapic_irq() - MIPS: Fix MIPS I ISA /proc/cpuinfo reporting - MIPS: Save static registers before sysmips - MIPS: Actually decode JALX in `__compute_return_epc_for_insn' - MIPS: Fix unaligned PC interpretation in `compute_return_epc' - MIPS: math-emu: Prevent wrong ISA mode instruction emulation - MIPS: Send SIGILL for BPOSGE32 in `__compute_return_epc_for_insn' - MIPS: Rename `sigill_r6' to `sigill_r2r6' in `__compute_return_epc_for_insn' - MIPS: Send SIGILL for linked branches in `__compute_return_epc_for_insn' - MIPS: Send SIGILL for R6 branches in `__compute_return_epc_for_insn' - MIPS: Fix a typo: s/preset/present/ in r2-to-r6 emulation error message - Input: i8042 - fix crash at boot time - IB/iser: Fix connection teardown race condition - IB/core: Namespace is mandatory input for address resolution - sunrpc: use constant time memory comparison for mac - net/sunrpc/xprt_sock: fix regression in connection error reporting. - NFS: Fix initialization of nfs_page_array->npages - PNFS fix EACCESS on commit to DS handling - NFS: only invalidate dentrys that are clearly invalid. - udf: Fix races with i_size changes during readpage - udf: Fix deadlock between writeback and udf_setsize() - target: Fix COMPARE_AND_WRITE caw_sem leak during se_cmd quiesce - iser-target: Avoid isert_conn->cm_id dereference in isert_login_recv_done - perf annotate: Fix broken arrow at row 0 connecting jmp instruction to its target - perf/core: Fix scheduling regression of pinned groups - Revert "perf/core: Drop kernel samples even though :u is specified" - staging: rtl8188eu: add TL-WN722N v2 support - staging: comedi: ni_mio_common: fix AO timer off-by-one regression - staging: sm750fb: avoid conflicting vesafb - staging: lustre: ko2iblnd: check copy_from_iter/copy_to_iter return code - ceph: fix race in concurrent readdir - RDMA/uverbs: Fix the check for port number - RDMA/core: Initialize port_num in qp_attr - drm/mst: Fix error handling during MST sideband message reception - drm/mst: Avoid dereferencing a NULL mstb in drm_dp_mst_handle_up_req() - drm/mst: Avoid processing partially received up/down message transactions - drm/i915: Make DP-MST connector info work - mlx5: Avoid that mlx5_ib_sg_to_klms() overflows the klms[] array - hfsplus: Don't clear SGID when inheriting ACLs - vtime, sched/cputime: Remove vtime_account_user() - sched/cputime: Always set tsk->vtime_snap_whence after accounting vtime - sched/cputime: Rename vtime fields - sched/cputime: Move the vtime task fields to their own struct - sched/cputime: Accumulate vtime on top of nsec clocksource - sched/fair: Fix load_balance() affinity redo path - percpu_counter: Rename __percpu_counter_add to percpu_counter_add_batch - writeback: rework wb_[dec|inc]_stat family of functions - kernel/fork.c: virtually mapped stacks: do not disable interrupts - acpi/nfit: Fix memory corruption/Unregister mce decoder on failure - vmbus: re-enable channel tasklet - cpufreq: intel_pstate: Correct the busy calculation for KNL - spmi: Include OF based modalias in device uevent - reiserfs: Don't clear SGID when inheriting ACLs - device-dax: fix sysfs duplicate warnings - drm/imx: parallel-display: Accept drm_of_find_panel_or_bridge failure - PM / Domains: defer dev_pm_domain_set() until genpd->attach_dev succeeds if present - tracing: Fix kmemleak in instance_rmdir - drm/i915/fbdev: Check for existence of ifbdev->vma before operations - drm/i915: Hold RPM wakelock while initializing OA buffer - drm/i915: reintroduce VLV/CHV PFI programming power domain workaround - smp/hotplug: Move unparking of percpu threads to the control CPU - smp/hotplug: Replace BUG_ON and react useful - alarmtimer: don't rate limit one-shot timers - sched/cputime: Don't use smp_processor_id() in preemptible context - Linux 4.12.4 * Adt tests of src:linux time out often on armhf lxc containers (LP: #1705495) - [Packaging] tests -- reduce rebuild test to one flavour - [Packaging] tests -- reduce rebuild test to one flavour -- use filter * Miscellaneous Ubuntu changes - Revert "UBUNTU: SAUCE: virtio_net: Revert mergeable buffer handling rework" - SAUCE: (no-up) virtio_net: fix truesize for mergeable buffers - ubuntu: vbox -- update to 5.1.26-dfsg-1 - SAUCE: (noup) Update spl to 0.6.5.11-1, zfs to 0.6.5.11-1ubuntu1 - [debian] use all rather than amd64 dkms debs for sync * Miscellaneous upstream changes - selftest/net/Makefile: Specify output with $(OUTPUT) -- Seth Forshee Mon, 07 Aug 2017 12:32:45 -0500 linux (4.12.0-9.10) artful; urgency=low * ath10k doesn't report full RSSI information (LP: #1706531) - ath10k: add per chain RSSI reporting * ideapad_laptop don't support v310-14isk (LP: #1705378) - platform/x86: ideapad-laptop: Add several models to no_hw_rfkill * snapd 2.26.8+17.10 ADT test failure with linux 4.12.0-6.7 (LP: #1704158) - SAUCE: virtio_net: Revert mergeable buffer handling rework -- Seth Forshee Thu, 27 Jul 2017 15:29:37 -0500 linux (4.12.0-8.9) artful; urgency=low * ath9k freezes suspend resume Ubuntu 17.04 (LP: #1697027) - ath9k: fix an invalid pointer dereference in ath9k_rng_stop() * xhci_hcd: ERROR Transfer event TRB DMA ptr not part of current TD ep_index 2 comp_code 13 (LP: #1667750) - xhci: Bad Ethernet performance plugged in ASM1042A host * Migrating KSM page causes the VM lock up as the KSM page merging list is too large (LP: #1680513) - ksm: introduce ksm_max_page_sharing per page deduplication limit - ksm: fix use after free with merge_across_nodes = 0 - ksm: cleanup stable_node chain collapse case - ksm: swap the two output parameters of chain/chain_prune - ksm: optimize refile of stable_node_dup at the head of the chain * Artful update to v4.12.3 stable release (LP: #1706064) - staging: android: uapi: drop definitions of removed ION_IOC_{FREE,SHARE} ioctls - net/mlx5: Fix driver load error flow when firmware is stuck - net/mlx5: Cancel delayed recovery work when unloading the driver - net/mlx5e: Fix TX carrier errors report in get stats ndo - ipv6: dad: don't remove dynamic addresses if link is down - vxlan: fix hlist corruption - geneve: fix hlist corruption - net: core: Fix slab-out-of-bounds in netdev_stats_to_stats64 - liquidio: fix bug in soft reset failure detection - net: ipv6: Compare lwstate in detecting duplicate nexthops - vrf: fix bug_on triggered by rx when destroying a vrf - virtio-net: fix leaking of ctx array - rds: tcp: use sock_create_lite() to create the accept socket - net/mlx5e: Initialize CEE's getpermhwaddr address buffer to 0xff - cxgb4: fix BUG() on interrupt deallocating path of ULD - tap: convert a mutex to a spinlock - bridge: mdb: fix leak on complete_info ptr on fail path - brcmfmac: fix possible buffer overflow in brcmf_cfg80211_mgmt_tx() - sfc: don't read beyond unicast address list - Adding asm-prototypes.h for genksyms to generate crc - sed regex in Makefile.build requires line break between exported symbols - Adding the type of exported symbols - sparc64: Fix gup_huge_pmd - brcmfmac: Fix a memory leak in error handling path in 'brcmf_cfg80211_attach' - brcmfmac: Fix glom_skb leak in brcmf_sdiod_recv_chain - efi: Process the MEMATTR table only if EFI_MEMMAP is enabled - cfg80211: Define nla_policy for NL80211_ATTR_LOCAL_MESH_POWER_MODE - cfg80211: Validate frequencies nested in NL80211_ATTR_SCAN_FREQUENCIES - cfg80211: Check if PMKID attribute is of expected size - cfg80211: Check if NAN service ID is of expected size - drm/amdgpu/gfx6: properly cache mc_arb_ramcfg - KVM: ARM64: fix phy counter access failure in guest. - KVM: PPC: Book3S: Fix typo in XICS-on-XIVE state saving code - kvm-vfio: Decouple only when we match a group - irqchip/gic-v3: Fix out-of-bound access in gic_set_affinity - parisc: Report SIGSEGV instead of SIGBUS when running out of stack - parisc: use compat_sys_keyctl() - parisc: DMA API: return error instead of BUG_ON for dma ops on non dma devs - parisc/mm: Ensure IRQs are off in switch_mm() - tools/lib/lockdep: Reduce MAX_LOCK_DEPTH to avoid overflowing lock_chain/: Depth - compiler, clang: always inline when CONFIG_OPTIMIZE_INLINING is disabled - thp, mm: fix crash due race in MADV_FREE handling - kernel/extable.c: mark core_kernel_text notrace - mm/list_lru.c: fix list_lru_count_node() to be race free - fs/dcache.c: fix spin lockup issue on nlru->lock - checkpatch: silence perl 5.26.0 unescaped left brace warnings - binfmt_elf: use ELF_ET_DYN_BASE only for PIE - arm: move ELF_ET_DYN_BASE to 4MB - arm64: move ELF_ET_DYN_BASE to 4GB / 4MB - powerpc: move ELF_ET_DYN_BASE to 4GB / 4MB - s390: reduce ELF_ET_DYN_BASE - exec: Limit arg stack to at most 75% of _STK_LIM - powerpc/kexec: Fix radix to hash kexec due to IAMR/AMOR - ARM64: dts: marvell: armada37xx: Fix timer interrupt specifiers - arm64: Preventing READ_IMPLIES_EXEC propagation - vt: fix unchecked __put_user() in tioclinux ioctls - rcu: Add memory barriers for NOCB leader wakeup - nvmem: core: fix leaks on registration errors - Drivers: hv: vmbus: Close timing hole that can corrupt per-cpu page - mnt: In umount propagation reparent in a separate pass - mnt: In propgate_umount handle visiting mounts in any order - mnt: Make propagate_umount less slow for overlapping mount propagation trees - selftests/capabilities: Fix the test_execve test - mm: fix overflow check in expand_upwards() - crypto: talitos - Extend max key length for SHA384/512-HMAC and AEAD - crypto: atmel - only treat EBUSY as transient if backlog - crypto: sha1-ssse3 - Disable avx2 - crypto: caam - properly set IV after {en,de}crypt - crypto: caam - fix signals handling - KEYS: DH: validate __spare field - sched/headers/uapi: Fix linux/sched/types.h userspace compilation errors - sched/topology: Fix building of overlapping sched-groups - sched/topology: Optimize build_group_mask() - sched/topology: Fix overlapping sched_group_mask - PM / wakeirq: Convert to SRCU - pstore: Fix leaked pstore_record in pstore_get_backend_records() - ALSA: x86: Clear the pdata.notify_lpe_audio pointer before teardown - ALSA: hda/realtek - change the location for one of two front microphones - PM / QoS: return -EINVAL for bogus strings - kvm: vmx: Do not disable intercepts for BNDCFGS - kvm: x86: Guest BNDCFGS requires guest MPX support - kvm: vmx: Check value written to IA32_BNDCFGS - kvm: vmx: allow host to access guest MSR_IA32_BNDCFGS - Linux 4.12.3 * Change CONFIG_IBMVETH to module (LP: #1704479) - [Config] CONFIG_IBMVETH=m * [SRU][Zesty] arm64: Add support for handling memory corruption (LP: #1696852) - arm64: mm: Update perf accounting to handle poison faults - arm64: hugetlb: Fix huge_pte_offset to return poisoned page table entries - arm64: kconfig: allow support for memory failure handling - arm64: hwpoison: add VM_FAULT_HWPOISON[_LARGE] handling * [SRU][Zesty] Add UEFI 2.6 and ACPI 6.1 updates for RAS on ARM64 (LP: #1696570) - acpi: apei: read ack upon ghes record consumption - ras: acpi/apei: cper: add support for generic data v3 structure - cper: add timestamp print to CPER status printing - efi: parse ARM processor error - arm64: exception: handle Synchronous External Abort - acpi: apei: handle SEA notification type for ARMv8 - acpi: apei: panic OS with fatal error status block - efi: print unrecognized CPER section - ras: acpi / apei: generate trace event for unrecognized CPER section - trace, ras: add ARM processor error trace event - ras: mark stub functions as 'inline' - arm/arm64: KVM: add guest SEA support - acpi: apei: check for pending errors when probing GHES entries - [Config] CONFIG_ACPI_APEI_SEA=y * Artful update to v4.12.2 stable release (LP: #1705261) - mqueue: fix a use-after-free in sys_mq_notify() - imx-serial: RX DMA startup latency - proc: Fix proc_sys_prune_dcache to hold a sb reference - locking/rwsem-spinlock: Fix EINTR branch in __down_write_common() - staging: vt6556: vnt_start Fix missing call to vnt_key_init_table. - staging: comedi: fix clean-up of comedi_class in comedi_init() - crypto: caam - fix gfp allocation flags (part I) - crypto: rsa-pkcs1pad - use constant time memory comparison for MACs - ext4: check return value of kstrtoull correctly in reserved_clusters_store - x86/mm/pat: Don't report PAT on CPUs that don't support it - Linux 4.12.2 * hns: use after free in hns_nic_net_xmit_hw (LP: #1704885) - net: hns: Fix a skb used after free bug * Opal and POWER9 DD2 (LP: #1702159) - powerpc/powernv: Fix boot on Power8 bare metal due to opal_configure_cores() * CVE-2017-1000364 - mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack - mm/mmap.c: expand_downwards: don't require the gap if !vm_prev * [Xenial] nvme: Quirks for PM1725 controllers (LP: #1704435) - nvme: Quirks for PM1725 controllers * bonding: stack dump when unregistering a netdev (LP: #1704102) - bonding: avoid NETDEV_CHANGEMTU event when unregistering slave * Ubuntu 16.04 IOB Error when the Mustang board rebooted (LP: #1693673) - drivers: net: xgene: Fix redundant prefetch buffer cleanup * Miscellaneous Ubuntu changes - ubuntu: vbox -- update to 5.1.24-dfsg-1 * Miscellaneous upstream changes - selftest/memfd/Makefile: Fix build error -- Seth Forshee Mon, 24 Jul 2017 13:47:33 -0500 linux (4.12.0-7.8) artful; urgency=low * ThunderX: soft lockup on 4.8+ kernels when running qemu-efi with vhost=on (LP: #1673564) - arm64: Add a facility to turn an ESR syndrome into a sysreg encoding - KVM: arm/arm64: vgic-v3: Add accessors for the ICH_APxRn_EL2 registers - KVM: arm64: Make kvm_condition_valid32() accessible from EL2 - KVM: arm64: vgic-v3: Add hook to handle guest GICv3 sysreg accesses at EL2 - KVM: arm64: vgic-v3: Add ICV_BPR1_EL1 handler - KVM: arm64: vgic-v3: Add ICV_IGRPEN1_EL1 handler - KVM: arm64: vgic-v3: Add ICV_IAR1_EL1 handler - KVM: arm64: vgic-v3: Add ICV_EOIR1_EL1 handler - KVM: arm64: vgic-v3: Add ICV_AP1Rn_EL1 handler - KVM: arm64: vgic-v3: Add ICV_HPPIR1_EL1 handler - KVM: arm64: vgic-v3: Enable trapping of Group-1 system registers - KVM: arm64: Enable GICv3 Group-1 sysreg trapping via command-line - KVM: arm64: vgic-v3: Add ICV_BPR0_EL1 handler - KVM: arm64: vgic-v3: Add ICV_IGNREN0_EL1 handler - KVM: arm64: vgic-v3: Add misc Group-0 handlers - KVM: arm64: vgic-v3: Enable trapping of Group-0 system registers - KVM: arm64: Enable GICv3 Group-0 sysreg trapping via command-line - arm64: Add MIDR values for Cavium cn83XX SoCs - arm64: Add workaround for Cavium Thunder erratum 30115 - KVM: arm64: vgic-v3: Add ICV_DIR_EL1 handler - KVM: arm64: vgic-v3: Add ICV_RPR_EL1 handler - KVM: arm64: vgic-v3: Add ICV_CTLR_EL1 handler - KVM: arm64: vgic-v3: Add ICV_PMR_EL1 handler - KVM: arm64: Enable GICv3 common sysreg trapping via command-line - KVM: arm64: vgic-v3: Log which GICv3 system registers are trapped - KVM: arm64: Log an error if trapping a read-from-write-only GICv3 access - KVM: arm64: Log an error if trapping a write-to-read-only GICv3 access * hns: under heavy load, NIC may fail and require reboot (LP: #1704146) - net: hns: Bugfix for Tx timeout handling in hns driver * New ACPI identifiers for ThunderX SMMU (LP: #1703437) - iommu/arm-smmu: Plumb in new ACPI identifiers * Transparent hugepages should default to enabled=madvise (LP: #1703742) - SAUCE: use CONFIG_TRANSPARENT_HUGEPAGE_MADVISE=y as default * Artful update to v4.12.1 stable release (LP: #1703858) - driver core: platform: fix race condition with driver_override - RDMA/uverbs: Check port number supplied by user verbs cmds - usb: dwc3: replace %p with %pK - USB: serial: cp210x: add ID for CEL EM3588 USB ZigBee stick - usb: usbip: set buffer pointers to NULL after free - Add USB quirk for HVR-950q to avoid intermittent device resets - usb: Fix typo in the definition of Endpoint[out]Request - USB: core: fix device node leak - USB: serial: option: add two Longcheer device ids - USB: serial: qcserial: new Sierra Wireless EM7305 device ID - xhci: Limit USB2 port wake support for AMD Promontory hosts - gfs2: Fix glock rhashtable rcu bug - Add "shutdown" to "struct class". - tpm: Issue a TPM2_Shutdown for TPM2 devices. - tpm: fix a kernel memory leak in tpm-sysfs.c - powerpc/powernv: Fix CPU_HOTPLUG=n idle.c compile error - x86/uaccess: Optimize copy_user_enhanced_fast_string() for short strings - sched/fair, cpumask: Export for_each_cpu_wrap() - sched/core: Implement new approach to scale select_idle_cpu() - sched/numa: Use down_read_trylock() for the mmap_sem - sched/numa: Override part of migrate_degrades_locality() when idle balancing - sched/fair: Simplify wake_affine() for the single socket case - sched/numa: Implement NUMA node level wake_affine() - sched/fair: Remove effective_load() - sched/numa: Hide numa_wake_affine() from UP build - xen: avoid deadlock in xenbus driver - crypto: drbg - Fixes panic in wait_for_completion call - Linux 4.12.1 * cxlflash update request in the Xenial SRU stream (LP: #1702521) - scsi: cxlflash: Combine the send queue locks - scsi: cxlflash: Update cxlflash_afu_sync() to return errno - scsi: cxlflash: Reset hardware queue context via specified register - scsi: cxlflash: Schedule asynchronous reset of the host - scsi: cxlflash: Handle AFU sync failures - scsi: cxlflash: Track pending scsi commands in each hardware queue - scsi: cxlflash: Flush pending commands in cleanup path - scsi: cxlflash: Add scsi command abort handler - scsi: cxlflash: Create character device to provide host management interface - scsi: cxlflash: Separate AFU internal command handling from AFU sync specifics - scsi: cxlflash: Introduce host ioctl support - scsi: cxlflash: Refactor AFU capability checking - scsi: cxlflash: Support LUN provisioning - scsi: cxlflash: Support AFU debug - scsi: cxlflash: Support WS16 unmap - scsi: cxlflash: Remove zeroing of private command data - scsi: cxlflash: Update TMF command processing - scsi: cxlflash: Avoid double free of character device - scsi: cxlflash: Update send_tmf() parameters - scsi: cxlflash: Update debug prints in reset handlers * make snap-pkg support (LP: #1700747) - make snap-pkg support * Quirk for non-compliant PCI bridge on HiSilicon D05 board (LP: #1698706) - SAUCE: PCI: Support hibmc VGA cards behind a misbehaving HiSilicon bridge * arm64: fix crash reading /proc/kcore (LP: #1702749) - fs/proc: kcore: use kcore_list type to check for vmalloc/module address - arm64: mm: select CONFIG_ARCH_PROC_KCORE_TEXT * Opal and POWER9 DD2 (LP: #1702159) - SAUCE: powerpc/powernv: Tell OPAL about our MMU mode on POWER9 * Data corruption with hio driver (LP: #1701316) - SAUCE: hio: Fix incorrect use of enum req_opf values * Miscellaneous Ubuntu changes - SAUCE: (noup) Update spl to 0.6.5.10-1, zfs to 0.6.5.10-1ubuntu2 - snapcraft.yaml: Sync with xenial - [Config] CONFIG_CAVIUM_ERRATUM_30115=y * Miscellaneous upstream changes - Revert "UBUNTU: SAUCE: (efi-lockdown) efi: Add sysctls for secureboot and MokSBState" -- Seth Forshee Fri, 14 Jul 2017 15:25:41 -0500 linux (4.12.0-6.7) artful; urgency=low * update ENA driver to 1.2.0k from net-next (LP: #1701575) - net: ena: change return value for unsupported features unsupported return value - net: ena: add hardware hints capability to the driver - net: ena: change sizeof() argument to be the type pointer - net: ena: add reset reason for each device FLR - net: ena: add support for out of order rx buffers refill - net: ena: allow the driver to work with small number of msix vectors - net: ena: use napi_schedule_irqoff when possible - net: ena: separate skb allocation to dedicated function - net: ena: use lower_32_bits()/upper_32_bits() to split dma address - net: ena: update driver's rx drop statistics - net: ena: update ena driver to version 1.2.0 * APST gets enabled against explicit kernel option (LP: #1699004) - nvme: explicitly disable APST on quirked devices * Miscellaneous Ubuntu changes - SAUCE: hio: Update to Huawei ES3000_V2 (2.1.0.40) - SAUCE: hio updates for 4.12 - SAUCE: Enable hio build -- Seth Forshee Wed, 05 Jul 2017 14:23:20 -0500 linux (4.12.0-5.6) artful; urgency=low * ERAT invalidate on context switch removal (LP: #1700819) - powerpc: Only do ERAT invalidate on radix context switch on P9 DD1 * powerpc: Invalidate ERAT on powersave wakeup for POWER9 (LP: #1700521) - SAUCE: powerpc: Invalidate ERAT on powersave wakeup for POWER9 * Miscellaneous Ubuntu changes - d-i: Move qcom-emac from arm64 to shared nic-modules [ Upstream Kernel Changes ] * Rebase to v4.12 -- Seth Forshee Mon, 03 Jul 2017 07:52:02 -0500 linux (4.12.0-4.5) artful; urgency=low * aacraid driver may return uninitialized stack data to userspace (LP: #1700077) - SAUCE: scsi: aacraid: Don't copy uninitialized stack memory to userspace * KILLER1435-S[0489:e0a2] BT cannot search BT 4.0 device (LP: #1699651) - Bluetooth: btusb: Add support for 0489:e0a2 QCA_ROME device * AACRAID for power9 platform (LP: #1689980) - scsi: aacraid: Remove __GFP_DMA for raw srb memory - scsi: aacraid: Fix DMAR issues with iommu=pt - scsi: aacraid: Added 32 and 64 queue depth for arc natives - scsi: aacraid: Set correct Queue Depth for HBA1000 RAW disks - scsi: aacraid: Remove reset support from check_health - scsi: aacraid: Change wait time for fib completion - scsi: aacraid: Log count info of scsi cmds before reset - scsi: aacraid: Print ctrl status before eh reset - scsi: aacraid: Using single reset mask for IOP reset - scsi: aacraid: Rework IOP reset - scsi: aacraid: Add periodic checks to see IOP reset status - scsi: aacraid: Rework SOFT reset code - scsi: aacraid: Rework aac_src_restart - scsi: aacraid: Use correct function to get ctrl health - scsi: aacraid: Make sure ioctl returns on controller reset - scsi: aacraid: Enable ctrl reset for both hba and arc - scsi: aacraid: Add reset debugging statements - scsi: aacraid: Remove reference to Series-9 - scsi: aacraid: Update driver version to 50834 * hibmc driver does not include "pci:" prefix in bus ID (LP: #1698700) - SAUCE: drm: hibmc: Use set_busid function from drm core * HiSilicon D05: installer doesn't appear on VGA (LP: #1698954) - d-i: Add hibmc-drm to kernel-image udeb * Fix /proc/cpuinfo revision for POWER9 DD2 (LP: #1698844) - SAUCE: powerpc: Fix /proc/cpuinfo revision for POWER9 DD2 * Miscellaneous Ubuntu changes - [Config] CONFIG_SATA_MV=n and CONFIG_GENERIC_PHY=n for s390x - [Config] CONFIG_ATA=n for s390x - [Config] Update annotations for 4.12 [ Upstream Kernel Changes ] * Rebase to v4.12-rc7 -- Seth Forshee Mon, 26 Jun 2017 11:27:29 -0500 linux (4.12.0-3.4) artful; urgency=low * Miscellaneous upstream changes - ufs: fix the logics for tail relocation [ Upstream Kernel Changes ] * Rebase to v4.12-rc6 -- Seth Forshee Mon, 19 Jun 2017 14:50:39 -0500 linux (4.12.0-2.3) artful; urgency=low * CVE-2014-9900 - SAUCE: (no-up) net: Zeroing the structure ethtool_wolinfo in ethtool_get_wol() * System doesn't boot properly on Gigabyte AM4 motherboards (AMD Ryzen) (LP: #1671360) - pinctrl/amd: Use regular interrupt instead of chained * extend-diff-ignore should use exact matches (LP: #1693504) - [Packaging] exact extend-diff-ignore matches * Miscellaneous Ubuntu changes - SAUCE: efi: Don't print secure boot state from the efi stub - ubuntu: vbox -- Update to 5.1.22-dfsg-1 - SAUCE: vbox fixes for 4.12 - Re-enable virtualbox build - [Config] CONFIG_ORANGEFS_FS=m - SAUCE: (noup) Update spl to 0.6.5.9-1ubuntu2, zfs to 0.6.5.9-5ubuntu7 - Enable zfs build [ Upstream Kernel Changes ] * Rebase to v4.12-rc4 * Rebase to v4.12-rc5 -- Seth Forshee Sun, 11 Jun 2017 22:25:13 -0500 linux (4.12.0-1.2) artful; urgency=low * Enable Matrox driver for Ubuntu 16.04.3 (LP: #1693337) - [Config] Enable CONFIG_DRM_MGAG200 as module * Support low-pin-count devices on Hisilicon SoCs (LP: #1677319) - [Config] CONFIG_LIBIO=y on arm64 only - SAUCE: LIBIO: Introduce a generic PIO mapping method - SAUCE: OF: Add missing I/O range exception for indirect-IO devices - [Config] CONFIG_HISILICON_LPC=y - SAUCE: LPC: Support the device-tree LPC host on Hip06/Hip07 - SAUCE: LIBIO: Support the dynamically logical PIO registration of ACPI host I/O - SAUCE: LPC: Add the ACPI LPC support - SAUCE: PCI: Apply the new generic I/O management on PCI IO hosts - SAUCE: PCI: Restore codepath for !CONFIG_LIBIO * POWER9: Additional patches for TTY and CPU_IDLE (LP: #1674325) - SAUCE: tty: Fix ldisc crash on reopened tty * Miscellaneous Ubuntu changes - [Debian] Add build-dep on libnuma-dev to enable 'perf bench numa' - Rebase to v4.12-rc3 [ Upstream Kernel Changes ] * Rebase to v4.12-rc3 -- Seth Forshee Mon, 29 May 2017 20:56:29 -0500 linux (4.12.0-0.1) artful; urgency=low * please enable CONFIG_ARM64_LSE_ATOMICS (LP: #1691614) - [Config] CONFIG_ARM64_LSE_ATOMICS=y * [Regression] NUMA_BALANCING disabled on arm64 (LP: #1690914) - [Config] CONFIG_NUMA_BALANCING{,_DEFAULT_ENABLED}=y on arm64 * exec'ing a setuid binary from a threaded program sometimes fails to setuid (LP: #1672819) - SAUCE: exec: ensure file system accounting in check_unsafe_exec is correct * Miscellaneous Ubuntu changes - Update find-missing-sauce.sh to compare to artful - Update dropped.txt - SAUCE: (efi-lockdown) efi: Add EFI_SECURE_BOOT bit - SAUCE: (efi-lockdown) Add the ability to lock down access to the running kernel image - SAUCE: (efi-lockdown) efi: Lock down the kernel if booted in secure boot mode - SAUCE: (efi-lockdown) Enforce module signatures if the kernel is locked down - SAUCE: (efi-lockdown) Restrict /dev/mem and /dev/kmem when the kernel is locked down - SAUCE: (efi-lockdown) Add a sysrq option to exit secure boot mode - SAUCE: (efi-lockdown) kexec: Disable at runtime if the kernel is locked down - SAUCE: (efi-lockdown) Copy secure_boot flag in boot params across kexec reboot - SAUCE: (efi-lockdown) kexec_file: Disable at runtime if securelevel has been set - SAUCE: (efi-lockdown) hibernate: Disable when the kernel is locked down - SAUCE: (efi-lockdown) uswsusp: Disable when the kernel is locked down - SAUCE: (efi-lockdown) PCI: Lock down BAR access when the kernel is locked down - SAUCE: (efi-lockdown) x86: Lock down IO port access when the kernel is locked down - SAUCE: (efi-lockdown) x86: Restrict MSR access when the kernel is locked down - SAUCE: (efi-lockdown) asus-wmi: Restrict debugfs interface when the kernel is locked down - SAUCE: (efi-lockdown) ACPI: Limit access to custom_method when the kernel is locked down - SAUCE: (efi-lockdown) acpi: Ignore acpi_rsdp kernel param when the kernel has been locked down - SAUCE: (efi-lockdown) acpi: Disable ACPI table override if the kernel is locked down - SAUCE: (efi-lockdown) acpi: Disable APEI error injection if the kernel is locked down - SAUCE: (efi-lockdown) Enable cold boot attack mitigation - SAUCE: (efi-lockdown) bpf: Restrict kernel image access functions when the kernel is locked down - SAUCE: (efi-lockdown) scsi: Lock down the eata driver - SAUCE: (efi-lockdown) Prohibit PCMCIA CIS storage when the kernel is locked down - SAUCE: (efi-lockdown) Lock down TIOCSSERIAL - SAUCE: (efi-lockdown) KEYS: Allow unrestricted boot-time addition of keys to secondary keyring - SAUCE: (efi-lockdown) efi: Add EFI signature data types - SAUCE: (efi-lockdown) efi: Add an EFI signature blob parser - SAUCE: (efi-lockdown) MODSIGN: Import certificates from UEFI Secure Boot - SAUCE: (efi-lockdown) MODSIGN: Allow the "db" UEFI variable to be suppressed - SAUCE: (efi-lockdown) efi: Sanitize boot_params in efi stub - SAUCE: (efi-lockdown) efi: Add secure_boot state and status bit for MokSBState - SAUCE: (efi-lockdown) efi: Add sysctls for secureboot and MokSBState - [Config] Set values for UEFI secure boot lockdown options - Disable virtualbox build - Disable hio build - SAUCE: securityfs: Replace CURRENT_TIME with current_time() - Disable zfs build - [Debian] Work out upstream tag for use with gen-auto-reconstruct - SAUCE: Import aufs driver - SAUCE: aufs -- Include linux/mm.h in fs/aufs/file.h - [Config] Enable aufs - SAUCE: perf callchain: Include errno.h on x86 unconditinally [ Upstream Kernel Changes ] * Rebase to v4.12-rc2 -- Seth Forshee Sun, 21 May 2017 23:44:44 -0500 linux (4.11.0-3.8) artful; urgency=low [ Seth Forshee ] * Release Tracking Bug - LP: #1690999 * apparmor_parser hangs indefinitely when called by multiple threads (LP: #1645037) - SAUCE: apparmor: fix lock ordering for mkdir * apparmor leaking securityfs pin count (LP: #1660846) - SAUCE: apparmor: fix leak on securityfs pin count * apparmor reference count leak when securityfs_setup_d_inode\ () fails (LP: #1660845) - SAUCE: apparmor: fix reference count leak when securityfs_setup_d_inode() fails * apparmor not checking error if security_pin_fs() fails (LP: #1660842) - SAUCE: apparmor: fix not handling error case when securityfs_pin_fs() fails * libvirt profile is blocking global setrlimit despite having no rlimit rule (LP: #1679704) - SAUCE: apparmor: fix complain mode failure for rlimit mediation - apparmor: update auditing of rlimit check to provide capability information * apparmor: does not provide a way to detect policy updataes (LP: #1678032) - SAUCE: apparmor: add policy revision file interface * apparmor does not make support of query data visible (LP: #1678023) - SAUCE: apparmor: add label data availability to the feature set * apparmor query interface does not make supported query info available (LP: #1678030) - SAUCE: apparmor: add information about the query inteface to the feature set * change_profile incorrect when using namespaces with a compound stack (LP: #1677959) - SAUCE: apparmor: fix label parse for stacked labels * Regression in 4.4.0-65-generic causes very frequent system crashes (LP: #1669611) - apparmor: sync of apparmor 3.6+ (17.04) * Artful update to 4.11.1 stable release (LP: #1690814) - dm ioctl: prevent stack leak in dm ioctl call - drm/sti: fix GDP size to support up to UHD resolution - power: supply: lp8788: prevent out of bounds array access - brcmfmac: Ensure pointer correctly set if skb data location changes - brcmfmac: Make skb header writable before use - sparc64: fix fault handling in NGbzero.S and GENbzero.S - refcount: change EXPORT_SYMBOL markings - net: macb: fix phy interrupt parsing - tcp: fix access to sk->sk_state in tcp_poll() - geneve: fix incorrect setting of UDP checksum flag - bpf: enhance verifier to understand stack pointer arithmetic - bpf, arm64: fix jit branch offset related to ldimm64 - tcp: fix wraparound issue in tcp_lp - net: ipv6: Do not duplicate DAD on link up - net: usb: qmi_wwan: add Telit ME910 support - tcp: do not inherit fastopen_req from parent - ipv4, ipv6: ensure raw socket message is big enough to hold an IP header - rtnetlink: NUL-terminate IFLA_PHYS_PORT_NAME string - ipv6: initialize route null entry in addrconf_init() - ipv6: reorder ip6_route_dev_notifier after ipv6_dev_notf - tcp: randomize timestamps on syncookies - bnxt_en: allocate enough space for ->ntp_fltr_bmap - bpf: don't let ldimm64 leak map addresses on unprivileged - net: mdio-mux: bcm-iproc: call mdiobus_free() in error path - f2fs: sanity check segment count - xen/arm,arm64: fix xen_dma_ops after 815dd18 "Consolidate get_dma_ops..." - xen: Revert commits da72ff5bfcb0 and 72a9b186292d - block: get rid of blk_integrity_revalidate() - Linux 4.11.1 * Module signing exclusion for staging drivers does not work properly (LP: #1690908) - SAUCE: Fix module signing exclusion in package builds * perf: qcom: Add L3 cache PMU driver (LP: #1689856) - [Config] CONFIG_QCOM_L3_PMU=y - perf: qcom: Add L3 cache PMU driver * No PMU support for ACPI-based arm64 systems (LP: #1689661) - drivers/perf: arm_pmu: rework per-cpu allocation - drivers/perf: arm_pmu: manage interrupts per-cpu - drivers/perf: arm_pmu: split irq request from enable - drivers/perf: arm_pmu: remove pointless PMU disabling - drivers/perf: arm_pmu: define armpmu_init_fn - drivers/perf: arm_pmu: fold init into alloc - drivers/perf: arm_pmu: factor out pmu registration - drivers/perf: arm_pmu: simplify cpu_pmu_request_irqs() - drivers/perf: arm_pmu: handle no platform_device - drivers/perf: arm_pmu: rename irq request/free functions - drivers/perf: arm_pmu: split cpu-local irq request/free - drivers/perf: arm_pmu: move irq request/free into probe - drivers/perf: arm_pmu: split out platform device probe logic - arm64: add function to get a cpu's MADT GICC table - [Config] CONFIG_ARM_PMU_ACPI=y - drivers/perf: arm_pmu: add ACPI framework - arm64: pmuv3: handle !PMUv3 when probing - arm64: pmuv3: use arm_pmu ACPI framework * Fix NVLINK2 TCE route (LP: #1690155) - powerpc/powernv: Fix TCE kill on NVLink2 * CVE-2017-0605 - tracing: Use strlcpy() instead of strcpy() in __trace_find_cmdline() * Miscellaneous Ubuntu changes - [Config] Restore powerpc arch to annotations file - [Config] Disable runtime testing modules - [Config] Disable drivers not needed on s390x - [Config] Update annotations for 4.11 - [Config] updateconfigs after apparmor updates * Miscellaneous upstream changes - apparmor: use SHASH_DESC_ON_STACK - apparmor: fix invalid reference to index variable of iterator line 836 - apparmor: fix parameters so that the permission test is bypassed at boot - apparmor: Make path_max parameter readonly - apparmorfs: Combine two function calls into one in aa_fs_seq_raw_abi_show() - apparmorfs: Use seq_putc() in two functions - apparmor: provide information about path buffer size at boot - apparmor: add/use fns to print hash string hex value -- Seth Forshee Tue, 16 May 2017 00:39:13 -0500 linux (4.11.0-2.7) artful; urgency=low * kernel-wedge fails in artful due to leftover squashfs-modules d-i files (LP: #1688259) - Remove squashfs-modules files from d-i - [Config] as squashfs-modules is builtin kernel-image must Provides: it * [Zesty] d-i: replace msm_emac with qcom_emac (LP: #1677297) - Revert "UBUNTU: d-i: initrd needs msm_emac on amberwing platform." - d-i: initrd needs qcom_emac on amberwing platform. * update for V3 kernel bits and improved multiple fan slice support (LP: #1470091) - SAUCE: fan: tunnel multiple mapping mode (v3) * Miscellaneous Ubuntu changes - SAUCE: (noup) Update spl to 0.6.5.9-1ubuntu1, zfs to 0.6.5.9-5ubuntu5 - Enable zfs - SAUCE: fan: add VXLAN implementation - SAUCE: (efi-lockdown) efi: Add EFI_SECURE_BOOT bit - SAUCE: (efi-lockdown) Add the ability to lock down access to the running kernel image - SAUCE: (efi-lockdown) efi: Lock down the kernel if booted in secure boot mode - SAUCE: (efi-lockdown) Enforce module signatures if the kernel is locked down - SAUCE: (efi-lockdown) Restrict /dev/mem and /dev/kmem when the kernel is locked down - SAUCE: (efi-lockdown) Add a sysrq option to exit secure boot mode - SAUCE: (efi-lockdown) kexec: Disable at runtime if the kernel is locked down - SAUCE: (efi-lockdown) Copy secure_boot flag in boot params across kexec reboot - SAUCE: (efi-lockdown) kexec_file: Disable at runtime if securelevel has been set - SAUCE: (efi-lockdown) hibernate: Disable when the kernel is locked down - SAUCE: (efi-lockdown) uswsusp: Disable when the kernel is locked down - SAUCE: (efi-lockdown) PCI: Lock down BAR access when the kernel is locked down - SAUCE: (efi-lockdown) x86: Lock down IO port access when the kernel is locked down - SAUCE: (efi-lockdown) x86: Restrict MSR access when the kernel is locked down - SAUCE: (efi-lockdown) asus-wmi: Restrict debugfs interface when the kernel is locked down - SAUCE: (efi-lockdown) ACPI: Limit access to custom_method when the kernel is locked down - SAUCE: (efi-lockdown) acpi: Ignore acpi_rsdp kernel param when the kernel has been locked down - SAUCE: (efi-lockdown) acpi: Disable ACPI table override if the kernel is locked down - SAUCE: (efi-lockdown) acpi: Disable APEI error injection if the kernel is locked down - SAUCE: (efi-lockdown) Enable cold boot attack mitigation - SAUCE: (efi-lockdown) bpf: Restrict kernel image access functions when the kernel is locked down - SAUCE: (efi-lockdown) scsi: Lock down the eata driver - SAUCE: (efi-lockdown) Prohibit PCMCIA CIS storage when the kernel is locked down - SAUCE: (efi-lockdown) Lock down TIOCSSERIAL - SAUCE: (efi-lockdown) Add EFI signature data types - SAUCE: (efi-lockdown) Add an EFI signature blob parser and key loader. - SAUCE: (efi-lockdown) KEYS: Add a system blacklist keyring - SAUCE: (efi-lockdown) MODSIGN: Import certificates from UEFI Secure Boot - SAUCE: (efi-lockdown) MODSIGN: Support not importing certs from db - SAUCE: (efi-lockdown) MODSIGN: Don't try secure boot if EFI runtime is disabled - SAUCE: (efi-lockdown) efi: Sanitize boot_params in efi stub - SAUCE: (efi-lockdown) efi: Add secure_boot state and status bit for MokSBState - SAUCE: (efi-lockdown) efi: Add sysctls for secureboot and MokSBState - [Config] Set values for UEFI secure boot lockdown options - Update dropped.txt [ Upstream Kernel Changes ] * rebase to v4.11 -- Seth Forshee Fri, 05 May 2017 07:43:14 -0500 linux (4.11.0-1.6) artful; urgency=low * Miscellaneous Ubuntu changes - [Debian] Use default compression for all packages - SAUCE: (namespace) block_dev: Support checking inode permissions in lookup_bdev() - SAUCE: (namespace) block_dev: Check permissions towards block device inode when mounting - SAUCE: (namespace) mtd: Check permissions towards mtd block device inode when mounting - SAUCE: (namespace) fs: Allow superblock owner to change ownership of inodes - SAUCE: (namespace) fs: Don't remove suid for CAP_FSETID for userns root - SAUCE: (namespace) fs: Allow superblock owner to access do_remount_sb() - SAUCE: (namespace) capabilities: Allow privileged user in s_user_ns to set security.* xattrs - SAUCE: (namespace) fs: Allow CAP_SYS_ADMIN in s_user_ns to freeze and thaw filesystems - SAUCE: (namespace) fuse: Add support for pid namespaces - SAUCE: (namespace) fuse: Support fuse filesystems outside of init_user_ns - SAUCE: (namespace) fuse: Restrict allow_other to the superblock's namespace or a descendant - SAUCE: (namespace) fuse: Allow user namespace mounts - SAUCE: (namespace) ext4: Add support for unprivileged mounts from user namespaces - SAUCE: (namespace) evm: Don't update hmacs in user ns mounts - SAUCE: (namespace) ext4: Add module parameter to enable user namespace mounts - SAUCE: (namespace) block_dev: Forbid unprivileged mounting when device is opened for writing -- Seth Forshee Wed, 26 Apr 2017 10:08:29 -0500 linux (4.11.0-0.5) artful; urgency=low * [Hyper-V][SAUCE] pci-hyperv: Use only 16 bit integer for PCI domain (LP: #1684971) - SAUCE: pci-hyperv: Use only 16 bit integer for PCI domain * [Hyper-V] Ubuntu 14.04.2 LTS Generation 2 SCSI Errors on VSS Based Backups (LP: #1470250) - SAUCE: Tools: hv: vss: Thaw the filesystem and continue after freeze fails * Enable virtual scsi server driver for Power (LP: #1615665) - SAUCE: Return TCMU-generated sense data to fabric module * include/linux/security.h header syntax error with !CONFIG_SECURITYFS (LP: #1630990) - SAUCE: (no-up) include/linux/security.h -- fix syntax error with CONFIG_SECURITYFS=n * Miscellaneous Ubuntu changes - SAUCE: Import aufs driver - [Config] Enable aufs - [Debian] Add script to update virtualbox - ubuntu: vbox -- Update to 5.1.20-dfsg-2 - Enable vbox - SAUCE: aufs -- Include linux/mm.h in fs/aufs/file.h [ Upstream Kernel Changes ] * rebase to v4.11-rc8 -- Seth Forshee Tue, 25 Apr 2017 13:42:54 -0500 linux (4.11.0-0.4) zesty; urgency=low * POWER9: Improve performance on memory management (LP: #1681429) - SAUCE: powerpc/mm/radix: Don't do page walk cache flush when doing full mm flush - SAUCE: powerpc/mm/radix: Remove unnecessary ptesync * Miscellaneous Ubuntu changes - find-missing-sauce.sh [ Upstream Kernel Changes ] * rebase to v4.11-rc7 -- Seth Forshee Tue, 18 Apr 2017 08:19:43 -0500 linux (4.11.0-0.3) zesty; urgency=low * Disable CONFIG_HVC_UDBG on ppc64el (LP: #1680888) - [Config] Disable CONFIG_HVC_UDBG on ppc64el * smartpqi driver needed in initram disk and installer (LP: #1680156) - [Config] Add smartpqi to d-i * Disable CONFIG_SECURITY_SELINUX_DISABLE (LP: #1680315) - [Config] CONFIG_SECURITY_SELINUX_DISABLE=n * Miscellaneous Ubuntu changes - [Config] flash-kernel should be a Breaks - [Config] drop the info directory - [Config] drop NOTES as obsolete - [Config] drop changelog.historical as obsolete - rebase to v4.11-rc6 [ Upstream Kernel Changes ] * rebase to v4.11-rc6 -- Tim Gardner Tue, 11 Apr 2017 07:16:52 -0600 linux (4.11.0-0.2) zesty; urgency=low [ Upstream Kernel Changes ] * rebase to v4.11-rc5 -- Tim Gardner Mon, 03 Apr 2017 08:26:07 +0100 linux (4.11.0-0.1) zesty; urgency=low [ Upstream Kernel Changes ] * rebase to v4.11-rc4 - LP: #1591053 -- Tim Gardner Mon, 20 Mar 2017 05:15:32 -0600 linux (4.11.0-0.0) zesty; urgency=low * dummy entry -- Tim Gardner Mon, 20 Mar 2017 05:15:32 -0600