Package "linux-kvm"

 linux-kvm (4.4.0-1069.76) xenial; urgency=medium
 .
   * xenial/linux-kvm: 4.4.0-1069.76 -proposed tracker (LP: #1867234)
 .
   [ Ubuntu: 4.4.0-177.207 ]
 .
   * xenial/linux: 4.4.0-177.207 -proposed tracker (LP: #1867243)
   * Packaging resync (LP: #1786013)
     - [Packaging] resync getabis
     - [Packaging] update helper scripts
   * Xenial update: 4.4.214 upstream stable release (LP: #1864775)
     - media: iguanair: fix endpoint sanity check
     - x86/cpu: Update cached HLE state on write to TSX_CTRL_CPUID_CLEAR
     - sparc32: fix struct ipc64_perm type definition
     - ASoC: qcom: Fix of-node refcount unbalance to link->codec_of_node
     - cls_rsvp: fix rsvp_policy
     - net: hsr: fix possible NULL deref in hsr_handle_frame()
     - net_sched: fix an OOB access in cls_tcindex
     - tcp: clear tp->total_retrans in tcp_disconnect()
     - tcp: clear tp->segs_{in|out} in tcp_disconnect()
     - media: uvcvideo: Avoid cyclic entity chains due to malformed USB descriptors
     - mfd: dln2: More sanity checking for endpoints
     - brcmfmac: Fix memory leak in brcmf_usbdev_qinit
     - usb: gadget: legacy: set max_speed to super-speed
     - usb: gadget: f_ncm: Use atomic_t to track in-flight request
     - usb: gadget: f_ecm: Use atomic_t to track in-flight request
     - ALSA: dummy: Fix PCM format loop in proc output
     - lib/test_kasan.c: fix memory leak in kmalloc_oob_krealloc_more()
     - powerpc/pseries: Advance pfn if section is not present in lmb_is_removable()
     - mmc: spi: Toggle SPI polarity, do not hardcode it
     - PCI: keystone: Fix link training retries initiation
     - crypto: api - Check spawn->alg under lock in crypto_drop_spawn
     - scsi: qla2xxx: Fix mtcp dump collection failure
     - power: supply: ltc2941-battery-gauge: fix use-after-free
     - of: Add OF_DMA_DEFAULT_COHERENT & select it on powerpc
     - dm space map common: fix to ensure new block isn't already in use
     - crypto: pcrypt - Do not clear MAY_SLEEP flag in original request
     - crypto: api - Fix race condition in crypto_spawn_alg
     - crypto: picoxcell - adjust the position of tasklet_init and fix missed
       tasklet_kill
     - btrfs: set trans->drity in btrfs_commit_transaction
     - ARM: tegra: Enable PLLP bypass during Tegra124 LP1
     - mwifiex: fix unbalanced locking in mwifiex_process_country_ie()
     - sunrpc: expiry_time should be seconds not timeval
     - KVM: x86: Refactor prefix decoding to prevent Spectre-v1/L1TF attacks
     - KVM: x86: Protect DR-based index computations from Spectre-v1/L1TF attacks
     - KVM: x86: Protect kvm_hv_msr_[get|set]_crash_data() from Spectre-v1/L1TF
       attacks
     - KVM: x86: Protect ioapic_write_indirect() from Spectre-v1/L1TF attacks
     - KVM: x86: Protect MSR-based index computations in pmu.h from Spectre-v1/L1TF
       attacks
     - KVM: x86: Protect ioapic_read_indirect() from Spectre-v1/L1TF attacks
     - KVM: x86: Protect MSR-based index computations from Spectre-v1/L1TF attacks
       in x86.c
     - KVM: x86: Protect x86_decode_insn from Spectre-v1/L1TF attacks
     - KVM: x86: Protect MSR-based index computations in fixed_msr_to_seg_unit()
       from Spectre-v1/L1TF attacks
     - KVM: PPC: Book3S HV: Uninit vCPU if vcore creation fails
     - KVM: PPC: Book3S PR: Free shared page if mmu initialization fails
     - KVM: x86: Free wbinvd_dirty_mask if vCPU creation fails
     - scsi: qla2xxx: Fix the endianness of the qla82xx_get_fw_size() return type
     - scsi: csiostor: Adjust indentation in csio_device_reset
     - scsi: qla4xxx: Adjust indentation in qla4xxx_mem_free
     - ext2: Adjust indentation in ext2_fill_super
     - powerpc/44x: Adjust indentation in ibm4xx_denali_fixup_memsize
     - NFC: pn544: Adjust indentation in pn544_hci_check_presence
     - ppp: Adjust indentation into ppp_async_input
     - net: smc911x: Adjust indentation in smc911x_phy_configure
     - net: tulip: Adjust indentation in {dmfe, uli526x}_init_module
     - mfd: da9062: Fix watchdog compatible string
     - mfd: rn5t618: Mark ADC control register volatile
     - net: systemport: Avoid RBUF stuck in Wake-on-LAN mode
     - bonding/alb: properly access headers in bond_alb_xmit()
     - NFS: Fix memory leaks and corruption in readdir
     - NFS: Fix bool initialization/comparison
     - NFS: Directory page cache pages need to be locked when read
     - Btrfs: fix assertion failure on fsync with NO_HOLES enabled
     - btrfs: remove trivial locking wrappers of tree mod log
     - Btrfs: fix race between adding and putting tree mod seq elements and nodes
     - drm: atmel-hlcdc: enable clock before configuring timing engine
     - KVM: x86: drop picdev_in_range()
     - KVM: x86: Refactor picdev_write() to prevent Spectre-v1/L1TF attacks
     - KVM: x86: Protect pmu_intel.c from Spectre-v1/L1TF attacks
     - KVM: x86: Protect kvm_lapic_reg_write() from Spectre-v1/L1TF attacks
     - btrfs: flush write bio if we loop in extent_write_cache_pages
     - KVM: x86/mmu: Apply max PA check for MMIO sptes to 32-bit KVM
     - KVM: VMX: Add non-canonical check on writes to RTIT address MSRs
     - KVM: nVMX: vmread should not set rflags to specify success in case of #PF
     - cifs: fail i/o on soft mounts if sessionsetup errors out
     - clocksource: Prevent double add_timer_on() for watchdog_timer
     - perf/core: Fix mlock accounting in perf_mmap()
     - ASoC: pcm: update FE/BE trigger order based on the command
     - scsi: ufs: Fix ufshcd_probe_hba() reture value in case
       ufshcd_scsi_add_wlus() fails
     - rtc: hym8563: Return -EINVAL if the time is known to be invalid
     - ARC: [plat-axs10x]: Add missing multicast filter number to GMAC node
     - ARM: dts: at91: sama5d3: fix maximum peripheral clock rates
     - ARM: dts: at91: sama5d3: define clock rate range for tcb1
     - powerpc/pseries: Allow not having ibm, hypertas-functions::hcall-multi-tce
       for DDW
     - pinctrl: sh-pfc: r8a77

 linux-kvm (4.4.0-1068.75) xenial; urgency=medium
 .
   * xenial/linux-kvm: 4.4.0-1068.75 -proposed tracker (LP: #1865243)
 .
   [ Ubuntu: 4.4.0-176.206 ]
 .
   * xenial/linux: 4.4.0-176.206 -proposed tracker (LP: #1865106)
   * CVE-2020-2732
     - x86/vdso: Use RDPID in preference to LSL when available
     - KVM: x86: emulate RDPID
     - KVM: nVMX: Don't emulate instructions in guest mode
     - KVM: nVMX: Refactor IO bitmap checks into helper function
     - KVM: nVMX: Check IO instruction VM-exit conditions
 .

 linux-kvm (4.4.0-1067.74) xenial; urgency=medium
 .
   * xenial/linux-kvm: 4.4.0-1067.74 -proposed tracker (LP: #1863319)
 .
   [ Ubuntu: 4.4.0-175.205 ]
 .
   * xenial/linux: 4.4.0-175.205 -proposed tracker (LP: #1863338)
   * run_afpackettests in ubuntu_kernel_selftests failed with "./in_netns.sh:
     Permission denied" (LP: #1861973)
     - [Debian] autoreconstruct - add resoration of execute permissions
   * pty03 from pty in ubuntu_ltp failed on Eoan (LP: #1862114)
     - can, slip: Protect tty->disc_data in write_wakeup and close with RCU

 linux-kvm (4.4.0-1066.73) xenial; urgency=medium
 .
   * xenial/linux-kvm: 4.4.0-1066.73 -proposed tracker (LP: #1861110)
 .
   [ Ubuntu: 4.4.0-174.204 ]
 .
   * xenial/linux: 4.4.0-174.204 -proposed tracker (LP: #1861122)
   * Xenial update: 4.4.211 upstream stable release (LP: #1860681)
     - hidraw: Return EPOLLOUT from hidraw_poll
     - HID: hidraw: Fix returning EPOLLOUT from hidraw_poll
     - HID: hidraw, uhid: Always report EPOLLOUT
     - cfg80211/mac80211: make ieee80211_send_layer2_update a public function
     - mac80211: Do not send Layer 2 Update frame before authorization
     - media: usb:zr364xx:Fix KASAN:null-ptr-deref Read in zr364xx_vidioc_querycap
     - p54usb: Fix race between disconnect and firmware loading
     - ALSA: line6: Fix write on zero-sized buffer
     - ALSA: line6: Fix memory leak at line6_init_pcm() error path
     - xen: let alloc_xenballooned_pages() fail if not enough memory free
     - wimax: i2400: fix memory leak
     - wimax: i2400: Fix memory leak in i2400m_op_rfkill_sw_toggle
     - ext4: fix use-after-free race with debug_want_extra_isize
     - ext4: add more paranoia checking in ext4_expand_extra_isize handling
     - rtc: mt6397: fix alarm register overwrite
     - iommu: Remove device link to group on failure
     - gpio: Fix error message on out-of-range GPIO in lookup table
     - hsr: reset network header when supervision frame is created
     - cifs: Adjust indentation in smb2_open_file
     - RDMA/srpt: Report the SCSI residual to the initiator
     - scsi: enclosure: Fix stale device oops with hot replug
     - scsi: sd: Clear sdkp->protection_type if disk is reformatted without PI
     - platform/x86: asus-wmi: Fix keyboard brightness cannot be set to 0
     - iio: imu: adis16480: assign bias value only if operation succeeded
     - mei: fix modalias documentation
     - clk: samsung: exynos5420: Preserve CPU clocks configuration during
       suspend/resume
     - compat_ioctl: handle SIOCOUTQNSD
     - tty: serial: imx: use the sg count from dma_map_sg
     - tty: serial: pch_uart: correct usage of dma_unmap_sg
     - media: exynos4-is: Fix recursive locking in isp_video_release()
     - spi: atmel: fix handling of cs_change set on non-last xfer
     - rtlwifi: Remove unnecessary NULL check in rtl_regd_init
     - rtc: msm6242: Fix reading of 10-hour digit
     - rseq/selftests: Turn off timeout setting
     - hexagon: work around compiler crash
     - ocfs2: call journal flush to mark journal as empty after journal recovery
       when mount
     - ALSA: seq: Fix racy access for queue timer in proc read
     - Fix built-in early-load Intel microcode alignment
     - block: fix an integer overflow in logical block size
     - USB: serial: simple: Add Motorola Solutions TETRA MTP3xxx and MTP85xx
     - USB: serial: opticon: fix control-message timeouts
     - USB: serial: suppress driver bind attributes
     - USB: serial: ch341: handle unbound port at reset_resume
     - USB: serial: io_edgeport: add missing active-port sanity check
     - USB: serial: quatech2: handle unbound ports
     - scsi: mptfusion: Fix double fetch bug in ioctl
     - usb: core: hub: Improved device recognition on remote wakeup
     - x86/efistub: Disable paging at mixed mode entry
     - mm/page-writeback.c: avoid potential division by zero in wb_min_max_ratio()
     - net: stmmac: 16KB buffer must be 16 byte aligned
     - net: stmmac: Enable 16KB buffer size
     - USB: serial: io_edgeport: use irqsave() in USB's complete callback
     - USB: serial: io_edgeport: handle unbound ports on URB completion
     - USB: serial: keyspan: handle unbound ports
     - scsi: fnic: use kernel's '%pM' format option to print MAC
     - scsi: fnic: fix invalid stack access
     - arm64: dts: agilex/stratix10: fix pmu interrupt numbers
     - netfilter: fix a use-after-free in mtype_destroy()
     - batman-adv: Fix DAT candidate selection on little endian systems
     - macvlan: use skb_reset_mac_header() in macvlan_queue_xmit()
     - r8152: add missing endpoint sanity check
     - tcp: fix marked lost packets not being retransmitted
     - net: usb: lan78xx: limit size of local TSO packets
     - xen/blkfront: Adjust indentation in xlvbd_alloc_gendisk
     - cw1200: Fix a signedness bug in cw1200_load_firmware()
     - cfg80211: check for set_wiphy_params
     - scsi: esas2r: unlock on error in esas2r_nvram_read_direct()
     - scsi: qla4xxx: fix double free bug
     - scsi: bnx2i: fix potential use after free
     - scsi: target: core: Fix a pr_debug() argument
     - scsi: core: scsi_trace: Use get_unaligned_be*()
     - perf probe: Fix wrong address verification
     - regulator: ab8500: Remove SYSCLKREQ from enum ab8505_regulator_id
     - Linux 4.4.211
   * Xenial update: 4.4.210 upstream stable release (LP: #1859865)
     - chardev: Avoid potential use-after-free in 'chrdev_open()'
     - usb: chipidea: host: Disable port power only if previously enabled
     - ALSA: usb-audio: Apply the sample rate quirk for Bose Companion 5
     - kernel/trace: Fix do not unregister tracepoints when register
       sched_migrate_task fail
     - tracing: Have stack tracer compile when MCOUNT_INSN_SIZE is not defined
     - HID: Fix slab-out-of-bounds read in hid_field_extract
     - HID: uhid: Fix returning EPOLLOUT from uhid_char_poll
     - HID: hid-input: clear unmapped usages
     - Input: add safety guards to input_set_keycode()
     - drm/dp_mst: correct the shifting in DP_REMOTE_I2C_READ
     - can: gs_usb: gs_usb_probe(): use descriptors of current altsetting
     - can: mscan: mscan_rx_poll(): fix rx path lockup when returning from polling
       to irq mode
     - can: can_dropped_invalid_skb(): ensure an initialized headroom in outgoing
       CAN sk_buffs
     - staging: vt6656: set usb_set_intfdata on driver fail.
     - USB: serial: option: add ZLP support for 0x1bc7/0x9010
     - usb: musb: Disable pullup at init
     - usb: musb: dma: Correct parameter

 linux-kvm (4.4.0-1065.72) xenial; urgency=medium
 .
   * xenial/linux-kvm: 4.4.0-1065.72 -proposed tracker (LP: #1858584)
 .
   [ Ubuntu: 4.4.0-172.202 ]
 .
   * xenial/linux: 4.4.0-172.202 -proposed tracker (LP: #1858594)
   * tools/perf fails to build after Xenial update to 4.4.208 upstream stable
     release (LP: #1858798)
     - Revert "perf report: Add warning when libunwind not compiled in"
   * CVE-2019-18885
     - btrfs: refactor btrfs_find_device() take fs_devices as argument
     - btrfs: merge btrfs_find_device and find_device
   * Integrate Intel SGX driver into linux-azure (LP: #1844245)
     - [Packaging] Add systemd service to load intel_sgx
   * Xenial update: 4.4.208 upstream stable release (LP: #1858462)
     - btrfs: do not leak reloc root if we fail to read the fs root
     - btrfs: handle ENOENT in btrfs_uuid_tree_iterate
     - ALSA: hda/ca0132 - Keep power on during processing DSP response
     - ALSA: hda/ca0132 - Avoid endless loop
     - drm: mst: Fix query_payload ack reply struct
     - iio: light: bh1750: Resolve compiler warning and make code more readable
     - spi: Add call to spi_slave_abort() function when spidev driver is released
     - staging: rtl8188eu: fix possible null dereference
     - rtlwifi: prevent memory leak in rtl_usb_probe
     - IB/iser: bound protection_sg size by data_sg size
     - media: am437x-vpfe: Setting STD to current value is not an error
     - media: i2c: ov2659: fix s_stream return value
     - media: i2c: ov2659: Fix missing 720p register config
     - media: ov6650: Fix stored frame format not in sync with hardware
     - tools/power/cpupower: Fix initializer override in hsw_ext_cstates
     - usb: renesas_usbhs: add suspend event support in gadget mode
     - hwrng: omap3-rom - Call clk_disable_unprepare() on exit only if not idled
     - regulator: max8907: Fix the usage of uninitialized variable in
       max8907_regulator_probe()
     - media: flexcop-usb: fix NULL-ptr deref in flexcop_usb_transfer_init()
     - samples: pktgen: fix proc_cmd command result check logic
     - mwifiex: pcie: Fix memory leak in mwifiex_pcie_init_evt_ring
     - media: ti-vpe: vpe: fix a v4l2-compliance warning about invalid pixel format
     - media: ti-vpe: vpe: fix a v4l2-compliance failure about frame sequence
       number
     - media: ti-vpe: vpe: Make sure YUYV is set as default format
     - extcon: sm5502: Reset registers during initialization
     - x86/mm: Use the correct function type for native_set_fixmap()
     - perf report: Add warning when libunwind not compiled in
     - iio: adc: max1027: Reset the device at probe time
     - Bluetooth: hci_core: fix init for HCI_USER_CHANNEL
     - drm/gma500: fix memory disclosures due to uninitialized bytes
     - x86/ioapic: Prevent inconsistent state when moving an interrupt
     - arm64: psci: Reduce the waiting time for cpu_psci_cpu_kill()
     - libata: Ensure ata_port probe has completed before detach
     - pinctrl: sh-pfc: sh7734: Fix duplicate TCLK1_B
     - bnx2x: Fix PF-VF communication over multi-cos queues.
     - spi: img-spfi: fix potential double release
     - rtlwifi: fix memory leak in rtl92c_set_fw_rsvdpagepkt()
     - perf probe: Fix to find range-only function instance
     - perf probe: Fix to list probe event with correct line number
     - perf probe: Walk function lines in lexical blocks
     - perf probe: Fix to probe an inline function which has no entry pc
     - perf probe: Fix to show ranges of variables in functions without entry_pc
     - perf probe: Fix to show inlined function callsite without entry_pc
     - perf probe: Skip overlapped location on searching variables
     - perf probe: Return a better scope DIE if there is no best scope
     - perf probe: Fix to show calling lines of inlined functions
     - perf probe: Skip end-of-sequence and non statement lines
     - perf probe: Filter out instances except for inlined subroutine and
       subprogram
     - ath10k: fix get invalid tx rate for Mesh metric
     - media: pvrusb2: Fix oops on tear-down when radio support is not present
     - media: si470x-i2c: add missed operations in remove
     - EDAC/ghes: Fix grain calculation
     - spi: pxa2xx: Add missed security checks
     - ASoC: rt5677: Mark reg RT5677_PWR_ANLG2 as volatile
     - parport: load lowlevel driver if ports not found
     - cpufreq: Register drivers only after CPU devices have been registered
     - x86/crash: Add a forward declaration of struct kimage
     - spi: tegra20-slink: add missed clk_unprepare
     - btrfs: don't prematurely free work in end_workqueue_fn()
     - iwlwifi: check kasprintf() return value
     - fbtft: Make sure string is NULL terminated
     - crypto: sun4i-ss - Fix 64-bit size_t warnings on sun4i-ss-hash.c
     - crypto: vmx - Avoid weird build failures
     - libtraceevent: Fix memory leakage in copy_filter_type
     - net: phy: initialise phydev speed and duplex sanely
     - Revert "mmc: sdhci: Fix incorrect switch to HS mode"
     - usb: xhci: Fix build warning seen with CONFIG_PM=n
     - btrfs: do not call synchronize_srcu() in inode_tree_del
     - btrfs: return error pointer from alloc_test_extent_buffer
     - btrfs: abort transaction after failed inode updates in create_subvol
     - Btrfs: fix removal logic of the tree mod log that leads to use-after-free
       issues
     - ALSA: pcm: Avoid possible info leaks from PCM stream buffers
     - af_packet: set defaule value for tmo
     - fjes: fix missed check in fjes_acpi_add
     - mod_devicetable: fix PHY module format
     - net: hisilicon: Fix a BUG trigered by wrong bytes_compl
     - net: nfc: nci: fix a possible sleep-in-atomic-context bug in
       nci_uart_tty_receive()
     - net: qlogic: Fix error paths in ql_alloc_large_buffers()
     - net: usb: lan78xx: Fix suspend/resume PHY register access error
     - sctp: fully initialize v4 addr in some functions
     - net: dst: Force 4-byte alignment of dst_metrics
     - usbip: