Package "linux-lts-zesty"

 linux-lts-zesty (4.10.0-9.11~16.04.1) xenial; urgency=low
 .
   [ Tim Gardner ]
 .
   * Release Tracking Bug
     - LP: #1666214
 .
   * linux: disable CONFIG_PCIEPORTBUS in the kernel (LP: #1665404)
     - [Config] CONFIG_PCIEPORTBUS=n for ppc64el
 .
   * linux-lts-xenial 4.4.0-63.84~14.04.2 ADT test failure with linux-lts-xenial
     4.4.0-63.84~14.04.2 (LP: #1664912)
     - SAUCE: apparmor: fix link auditing failure due to, uninitialized var
 .
   * Ubuntu 17.04: "Oops: Exception in kernel mode, sig: 5 [#1]" seen during
     fadump over ssh on Alpine machine. (LP: #1655241)
     - SAUCE: powerpc/fadump: set an upper limit for boot memory size
 .
   * In Ubuntu 17.04 : after reboot getting message in console like Unable to
     open file: /etc/keys/x509_ima.der (-2) (LP: #1656908)
     - SAUCE: ima: Downgrade error to warning
 .
   * NFS client : permission denied when trying to access subshare, since kernel
     4.4.0-31 (LP: #1649292)
     - fs: Better permission checking for submounts
 .
   * Miscellaneous Ubuntu changes
     - SAUCE: (noup) Update spl to 0.6.5.9-1, zfs to 0.6.5.9-2
     - [Config] CONFIG_SCSI_HISI_SAS=m on arm64
     - d-i: Add hisi_sas_v2_hw to scsi-modules
     - d-i: Add hns_enet_drv to nic-modules
     - d-i: Add supporting modules for hns_enet_drv to nic-modules
     - rebase to v4.10
 .
   [ Upstream Kernel Changes ]
 .
   * rebase to v4.10

 linux-lts-zesty (4.10.0-8.10~16.04.1) xenial; urgency=low
 .
   [ Tim Gardner ]
 .
   * Release Tracking Bug
     - LP: #1664217
 .
   * [Hyper-V] Bug fixes for storvsc (tagged queuing, error conditions)
     (LP: #1663687)
     - scsi: storvsc: Enable tracking of queue depth
     - scsi: storvsc: Remove the restriction on max segment size
     - scsi: storvsc: Enable multi-queue support
     - scsi: storvsc: use tagged SRB requests if supported by the device
     - scsi: storvsc: properly handle SRB_ERROR when sense message is present
     - scsi: storvsc: properly set residual data length on errors
 .
   * Ubuntu16.10-KVM:Big configuration with multiple guests running SRIOV VFs
     caused KVM host hung and all KVM guests down. (LP: #1651248)
     - KVM: PPC: Book 3S: XICS cleanup: remove XICS_RM_REJECT
     - KVM: PPC: Book 3S: XICS: correct the real mode ICP rejecting counter
     - KVM: PPC: Book 3S: XICS: Fix potential issue with duplicate IRQ resends
     - KVM: PPC: Book 3S: XICS: Implement ICS P/Q states
     - KVM: PPC: Book 3S: XICS: Don't lock twice when checking for resend
 .
   * overlay: mkdir fails if directory exists in lowerdir in a user namespace
     (LP: #1531747)
     - SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs
 .
   * CVE-2016-1575 (LP: #1534961)
     - SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs
 .
   * CVE-2016-1576 (LP: #1535150)
     - SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs
 .
   * Miscellaneous Ubuntu changes
     - SAUCE: md/raid6 algorithms: scale test duration for speedier boots
     - SAUCE: Import aufs driver
     - d-i: Build message-modules udeb for arm64
     - rebase to v4.10-rc8
 .
   * Miscellaneous upstream changes
     - Revert "UBUNTU: SAUCE: aufs -- remove .readlink assignment"
     - Revert "UBUNTU: SAUCE: (no-up) aufs: for v4.9-rc1, support setattr_prepare()"
     - Revert "UBUNTU: SAUCE: aufs -- Add flags argument to aufs_rename()"
     - Revert "UBUNTU: SAUCE: aufs -- Convert to use xattr handlers"
     - Revert "UBUNTU: SAUCE: Import aufs driver"
 .
   [ Upstream Kernel Changes ]
 .
   * rebase to v4.10-rc8

 linux-lts-zesty (4.10.0-7.9~16.04.1) xenial; urgency=low
 .
   [ Tim Gardner ]
 .
   * Release Tracking Bug
     - LP: #1662201
 .
   * AMDGPU support for CIK parts in kernel config? (LP: #1661887)
     - [Config] CONFIG_DRM_AMDGPU_CIK=y
 .
   * regession tests failing after stackprofile test is run (LP: #1661030)
     - fix regression with domain change in complain mode
 .
   * Permission denied and inconsistent behavior in complain mode with 'ip netns
     list' command (LP: #1648903)
     - fix regression with domain change in complain mode
 .
   * flock not mediated by 'k' (LP: #1658219)
     - SAUCE: apparmor: flock mediation is not being enforced on cache check
 .
   * unexpected errno=13 and disconnected path when trying to open /proc/1/ns/mnt
     from a unshared mount namespace (LP: #1656121)
     - SAUCE: apparmor: null profiles should inherit parent control flags
 .
   * apparmor refcount leak of profile namespace when removing profiles
     (LP: #1660849)
     - SAUCE: apparmor: fix ns ref count link when removing profiles from policy
 .
   * tor in lxd: apparmor="DENIED" operation="change_onexec"
     namespace="root//CONTAINERNAME_" profile="unconfined"
     name="system_tor" (LP: #1648143)
     - SAUCE: apparmor: Fix no_new_privs blocking change_onexec when using stacked
       namespaces
 .
   * apparmor_parser hangs indefinitely when called by multiple threads
     (LP: #1645037)
     - SAUCE: apparmor: fix lock ordering for mkdir
 .
   * apparmor leaking securityfs pin count (LP: #1660846)
     - SAUCE: apparmor: fix leak on securityfs pin count
 .
   * apparmor reference count leak when securityfs_setup_d_inode\ () fails
     (LP: #1660845)
     - SAUCE: apparmor: fix reference count leak when securityfs_setup_d_inode()
       fails
 .
   * apparmor not checking error if security_pin_fs() fails (LP: #1660842)
     - SAUCE: apparmor: fix not handling error case when securityfs_pin_fs() fails
 .
   * apparmor oops in bind_mnt when dev_path lookup fails (LP: #1660840)
     - SAUCE: apparmor: fix oops in bind_mnt when dev_path lookup fails
 .
   * apparmor auditing denied access of special apparmor .null fi\ le
     (LP: #1660836)
     - SAUCE: apparmor: Don't audit denied access of special apparmor .null file
 .
   * apparmor label leak when new label is unused (LP: #1660834)
     - SAUCE: apparmor: fix label leak when new label is unused
 .
   * apparmor reference count bug in label_merge_insert() (LP: #1660833)
     - SAUCE: apparmor: fix reference count bug in label_merge_insert()
 .
   * apparmor's raw_data file in securityfs is sometimes truncated (LP: #1638996)
     - SAUCE: apparmor: fix replacement race in reading rawdata
 .
   * unix domain socket cross permission check failing with nested namespaces
     (LP: #1660832)
     - SAUCE: apparmor: fix cross ns perm of unix domain sockets
 .
   * Regression tests can not detect binfmt_elf mmpa semantic change
     (LP: #1630069)
     - SAUCE: apparmor: add flag to detect semantic change, to binfmt_elf mmap
 .
   * Support snaps inside of lxd containers (LP: #1611078)
     - apparmor: add interface to be able to grab loaded policy
     - apparmor: refactor aa_prepare_ns into prepare_ns and create_ns routines
     - apparmor: add __aa_find_ns fn
     - apparmor: add mkdir/rmdir interface to manage policy namespaces
     - apparmor: fix oops in pivot_root mediation
     - apparmor: fix warning that fn build_pivotroot discards const
     - apparmor: add interface to advertise status of current task stacking
     - apparmor: update policy permissions to consider ns being viewed/managed
     - apparmor: add per ns policy management interface
     - apparmor: bump domain stacking version to 1.2
 .
   * change_hat is logging failures during expected hat probing (LP: #1615893)
     - SAUCE: apparmor: Fix auditing behavior for change_hat probing
 .
   * deleted files outside of the namespace are not being treated as disconnected
     (LP: #1615892)
     - SAUCE: apparmor: deleted dentries can be disconnected
 .
   * stacking to unconfined in a child namespace confuses mediation
     (LP: #1615890)
     - SAUCE: apparmor: special case unconfined when determining the mode
 .
   * apparmor module parameters can be changed after the policy is locked
     (LP: #1615895)
     - SAUCE: apparmor: fix: parameters can be changed after policy is locked
 .
   * AppArmor profile reloading causes an intermittent kernel BUG (LP: #1579135)
     - SAUCE: apparmor: fix vec_unique for vectors larger than 8
 .
   * label vec reductions can result in reference labels instead of direct access
     to labels (LP: #1615889)
     - SAUCE: apparmor: reduction of vec to single entry is just that entry
 .
   * profiles from different namespaces can block other namespaces from being
     able to load a profile (LP: #1615887)
     - SAUCE: apparmor: profiles in one ns can affect mediation in another ns
 .
   * The label build for onexec when stacking is wrong (LP: #1615881)
     - SAUCE: apparmor: Fix label build for onexec stacking.
 .
   * The inherit check for new to old label comparison for domain transitions is
     wrong (LP: #1615880)
     - SAUCE: apparmor: Fix new to old label comparison for domain transitions
 .
   * warning stack trace while playing with apparmor namespaces (LP: #1593874)
     - SAUCE: apparmor: fix stack trace when removing namespace with profiles
 .
   * __label_update proxy comparison test is wrong (LP: #1615878)
     - SAUCE: apparmor: Fix __label_update proxy comparison test
 .
   * reading /sys/kernel/security/apparmor/profiles requires CAP_MAC_ADMIN
     (LP: #1560583)
     - SAUCE: apparmor: Allow ns_root processes to open profiles file
     - SAUCE: apparmor: Consult sysctl when reading profiles in a user ns
 .
   * policy namespace stacking (LP: #1379535)
     - SAUCE: (no-up) apparmor: rebase of apparmor3.5-beta1 snapshot for 4.8
     - SAUCE: add a sysctl to enable unprivileged user ns AppArmor policy loading
 .
   

 linux-lts-zesty (4.9.0-16.17~16.04.1) xenial; urgency=low
 .
   [ Tim Gardner ]
 .
   * Release Tracking Bug
     - LP: #1660738
 .
   * Zesty update to v4.9.6 stable release (LP: #1660732)
     - IB/core: Release allocated memory in cache setup failure
     - IB/rxe: Increase max number of completions to 32k
     - IB/rxe: avoid putting a large struct rxe_qp on stack
     - IB/mlx5: Avoid system crash when enabling many VFs
     - IB/mlx5: Fix reported max SGE calculation
     - IB/mlx5: Assign SRQ type earlier
     - IB/mlx5: Wait for all async command completions to complete
     - IB/mlx4: Set traffic class in AH
     - IB/mlx4: Fix out-of-range array index in destroy qp flow
     - IB/mlx4: Handle well-known-gid in mad_demux processing
     - IB/mlx4: Fix port query for 56Gb Ethernet links
     - IB/mlx4: When no DMFS for IPoIB, don't allow NET_IF QPs
     - IB/mlx4: Check if GRH is available before using it
     - IB/IPoIB: Remove can't use GFP_NOIO warning
     - perf trace: Use the syscall raw_syscalls:sys_enter timestamp
     - perf mem: Fix --all-user/--all-kernel options
     - perf trace: Check if MAP_32BIT is defined (again)
     - perf diff: Do not overwrite valid build id
     - perf callchain: Fixup help/config for no-unwinding
     - perf scripting: Avoid leaking the scripting_context variable
     - perf jit: Enable jitdump support without dwarf
     - ARM: dts: bcm283x: fix typo in mailbox address
     - ARM: dts: r8a7794: Use SYSC "always-on" PM Domain for sound
     - ARM: dts: r8a7794: remove Z clock
     - ARM: dts: imx6q-cm-fx6: fix fec pinctrl
     - ARM: dts: imx31: fix clock control module interrupts description
     - ARM: dts: imx31: move CCM device node to AIPS2 bus devices
     - ARM: dts: imx31: fix AVIC base address
     - ARM: dts: omap3: Add DTS for Logic PD SOM-LV 37xx Dev Kit
     - tmpfs: clear S_ISGID when setting posix ACLs
     - x86/PCI: Ignore _CRS on Supermicro X8DTH-i/6/iF/6F
     - rcu: Remove cond_resched() from Tiny synchronize_sched()
     - rcu: Narrow early boot window of illegal synchronous grace periods
     - sunrpc: don't call sleeping functions from the notifier block callbacks
     - svcrpc: don't leak contexts on PROC_DESTROY
     - libnvdimm, namespace: fix pmem namespace leak, delete when size set to zero
     - ARC: module: Fix !CONFIG_ARC_DW2_UNWIND builds
     - fuse: clear FR_PENDING flag when moving requests out of pending queue
     - fuse: fix time_to_jiffies nsec sanity check
     - PCI: designware: Check for iATU unroll only on platforms that use ATU
     - PCI: Enumerate switches below PCI-to-PCIe bridges
     - HID: corsair: fix DMA buffers on stack
     - HID: corsair: fix control-transfer error handling
     - mmc: sdhci-acpi: Only powered up enabled acpi child devices
     - mmc: mxs-mmc: Fix additional cycles after transmission stop
     - ieee802154: atusb: do not use the stack for buffers to make them DMA able
     - mtd: nand: lpc32xx: fix invalid error handling of a requested irq
     - mtd: nand: xway: disable module support
     - mtd: nand: xway: fix build because of module functions
     - KVM: s390: do not expose random data via facility bitmap
     - KVM: arm/arm64: vgic: Fix deadlock on error handling
     - powerpc/icp-opal: Fix missing KVM case and harden replay
     - powerpc/perf: Fix PM_BRU_CMPL event code for power9
     - powerpc/ptrace: Preserve previous fprs/vsrs on short regset write
     - powerpc/ptrace: Preserve previous TM fprs/vsrs on short regset write
     - powerpc: Ignore reserved field in DCSR and PVR reads and writes
     - x86/ioapic: Restore IO-APIC irq_chip retrigger callback
     - qla2xxx: Fix crash due to null pointer access
     - mac80211: implement multicast forwarding on fast-RX path
     - ubifs: Fix journal replay wrt. xattr nodes
     - clocksource/exynos_mct: Clear interrupt when cpu is shut down
     - svcrdma: avoid duplicate dma unmapping during error recovery
     - ARM: 8634/1: hw_breakpoint: blacklist Scorpion CPUs
     - ceph: fix bad endianness handling in parse_reply_info_extra
     - ARM: dts: OMAP5 / DRA7: indicate that SATA port 0 is available.
     - ARM: dts: da850-evm: fix read access to SPI flash
     - arm64: avoid returning from bad_mode
     - arm64/ptrace: Preserve previous registers for short regset write
     - arm64/ptrace: Preserve previous registers for short regset write - 2
     - arm64/ptrace: Preserve previous registers for short regset write - 3
     - arm64/ptrace: Avoid uninitialised struct padding in fpr_set()
     - arm64/ptrace: Reject attempts to set incomplete hardware breakpoint fields
     - Input: ALPS - fix TrackStick support for SS5 hardware
     - libceph: ceph_x_encrypt_buflen() takes in_len
     - libceph: old_key in process_one_ticket() is redundant
     - libceph: introduce ceph_x_encrypt_offset()
     - libceph: introduce ceph_crypt() for in-place en/decryption
     - libceph: rename and align ceph_x_authorizer::reply_buf
     - libceph: tweak calcu_signature() a little
     - libceph: switch ceph_x_encrypt() to ceph_crypt()
     - libceph: switch ceph_x_decrypt() to ceph_crypt()
     - libceph: remove now unused ceph_*{en,de}crypt*() functions
     - ARM: dts: dra7: Add an empty chosen node to top level DTSI
     - ARM: dts: dm816x: Add an empty chosen node to top level DTSI
     - ARM: dts: dm814x: Add an empty chosen node to top level DTSI
     - ARM: dts: am33xx: Add an empty chosen node to top level DTSI
     - ARM: dts: omap4: Add an empty chosen node to top level DTSI
     - ARM: dts: omap5: Add an empty chosen node to top level DTSI
     - ARM: dts: am4372: Add an empty chosen node to top level DTSI
     - ARM: dts: omap3: Add an empty chosen node to top level DTSI
     - ARM: dts: omap2: Add an empty chosen node to top level DTSI
     - ARM: dts: imx6qdl-nitrogen6_max: fix sgtl5000 pinctrl init
     - ARM: dts: omap3: Fix Card Detect and Write Protect on Logic PD SOM-LV
     - ARM: ux500: fix prcmu_is_cpu_in_wfi