Package "linux"

  linux (4.15.0-68.77) bionic; urgency=medium

  * bionic/linux: 4.15.0-68.77 -proposed tracker (LP: #1849855)

  * [REGRESSION] md/raid0: cannot assemble multi-zone RAID0 with default_layout
    setting (LP: #1849682)
    - Revert "md/raid0: avoid RAID0 data corruption due to layout confusion."

  linux (4.15.0-67.76) bionic; urgency=medium

  * bionic/linux: 4.15.0-67.76 -proposed tracker (LP: #1849035)

  * Unexpected CFS throttling (LP: #1832151)
    - sched/fair: Add lsub_positive() and use it consistently
    - sched/fair: Fix low cpu usage with high throttling by removing expiration of
      cpu-local slices
    - sched/fair: Fix -Wunused-but-set-variable warnings

  * [CML] New device IDs for CML-U (LP: #1843774)
    - i2c: i801: Add support for Intel Comet Lake
    - spi: pxa2xx: Add support for Intel Comet Lake

  * CVE-2019-17666
    - SAUCE: rtlwifi: rtl8822b: Fix potential overflow on P2P code
    - SAUCE: rtlwifi: Fix potential overflow on P2P code

  * md raid0/linear doesn't show error state if an array member is removed and
    allows successful writes (LP: #1847773)
    - md raid0/linear: Mark array as 'broken' and fail BIOs if a member is gone

  * Change Config Option CONFIG_MEMORY_HOTPLUG_DEFAULT_ONLINE for s390x from yes
    to no (LP: #1848492)
    - [Config] Change Config Option CONFIG_MEMORY_HOTPLUG_DEFAULT_ONLINE for s390x
      from yes to no

  * [Packaging] Support building Flattened Image Tree (FIT) kernels
    (LP: #1847969)
    - [Packaging] add rules to build FIT image
    - [Packaging] force creation of headers directory

  * bcache: Performance degradation when querying priority_stats (LP: #1840043)
    - bcache: add cond_resched() in __bch_cache_cmp()

  * Add installer support for iwlmvm adapters (LP: #1848236)
    - d-i: Add iwlmvm to nic-modules

  * Check for CPU Measurement sampling (LP: #1847590)
    - s390/cpumsf: Check for CPU Measurement sampling

  * [CML-U] Comet lake platform need ISH driver support (LP: #1843775)
    - HID: intel-ish-hid: Add Comet Lake PCI device ID

  * intel-lpss driver conflicts with write-combining MTRR region (LP: #1845584)
    - SAUCE: mfd: intel-lpss: add quirk for Dell XPS 13 7390 2-in-1

  * Fix non-working Realtek USB ethernet after system resume (LP: #1847063)
    - r8152: remove extra action copying ethernet address
    - r8152: Refresh MAC address during USBDEVFS_RESET
    - r8152: Set macpassthru in reset_resume callback

  * Ubuntu 18.04 - wrong cpu-mf counter number (LP: #1847109)
    - s390/cpum_cf: correct counter number of LAST_HOST_TRANSLATIONS

  * PM / hibernate: fix potential memory corruption (LP: #1847118)
    - PM / hibernate: memory_bm_find_bit(): Tighten node optimisation

  * Microphone-Mute keyboard LED is always on/off on Dell Latitude 3310
    (LP: #1846453)
    - platform/x86: dell-laptop: Add 2-in-1 devices to the DMI whitelist
    - platform/x86: dell-laptop: Removed duplicates in DMI whitelist

  * xHCI on AMD Stoney Ridge cannot detect USB 2.0 or 1.1 devices.
    (LP: #1846470)
    - x86/PCI: Avoid AMD FCH XHCI USB PME# from D0 defect

  * CVE-2019-15098
    - ath6kl: fix a NULL-ptr-deref bug in ath6kl_usb_alloc_urb_from_pipe()

  * Bionic update: upstream stable patchset 2019-10-15 (LP: #1848274)
    - tpm: use tpm_try_get_ops() in tpm-sysfs.c.
    - tpm: Fix TPM 1.2 Shutdown sequence to prevent future TPM operations
    - drm/bridge: tc358767: Increase AUX transfer length limit
    - drm/panel: simple: fix AUO g185han01 horizontal blanking
    - video: ssd1307fb: Start page range at page_offset
    - drm/stm: attach gem fence to atomic state
    - drm/radeon: Fix EEH during kexec
    - gpu: drm: radeon: Fix a possible null-pointer dereference in
      radeon_connector_set_property()
    - ipmi_si: Only schedule continuously in the thread in maintenance mode
    - clk: qoriq: Fix -Wunused-const-variable
    - clk: sunxi-ng: v3s: add missing clock slices for MMC2 module clocks
    - clk: sirf: Don't reference clk_init_data after registration
    - clk: zx296718: Don't reference clk_init_data after registration
    - powerpc/xmon: Check for HV mode when dumping XIVE info from OPAL
    - powerpc/rtas: use device model APIs and serialization during LPM
    - powerpc/futex: Fix warning: 'oldval' may be used uninitialized in this
      function
    - powerpc/pseries/mobility: use cond_resched when updating device tree
    - pinctrl: tegra: Fix write barrier placement in pmx_writel
    - vfio_pci: Restore original state on release
    - drm/nouveau/volt: Fix for some cards having 0 maximum voltage
    - drm/amdgpu/si: fix ASIC tests
    - powerpc/64s/exception: machine check use correct cfar for late handler
    - powerpc/pseries: correctly track irq state in default idle
    - arm64: fix unreachable code issue with cmpxchg
    - clk: at91: select parent if main oscillator or bypass is enabled
    - scsi: core: Reduce memory required for SCSI logging
    - dma-buf/sw_sync: Synchronize signal vs syncpt free
    - MIPS: tlbex: Explicitly cast _PAGE_NO_EXEC to a boolean
    - i2c-cht-wc: Fix lockdep warning
    - PCI: tegra: Fix OF node reference leak
    - livepatch: Nullify obj->mod in klp_module_coming()'s error path
    - ARM: 8898/1: mm: Don't treat faults reported from cache maintenance as
      writes
    - rtc: snvs: fix possible race condition
    - HID: apple: Fix stuck function keys when using FN
    - PCI: rockchip: Propagate errors for optional regulators
    - PCI: imx6: Propagate errors for optional regulators
    - PCI: exynos: Propagate errors for optional PHYs
    - security: smack: Fix possible null-pointer dereferences in
      smack_socket_sock_rcv_skb()
    - ARM: 8903/1: ensure that usable memory in bank 0 starts from a PMD-aligned
      address
    - fat: work around race with userspace's read via blockdev while mounting
    - pktcdvd: remove warning on attempting to register non-passthrough dev
    - hypfs: Fix error number left in struct pointer member
    - kbuild: clean compressed initramfs image
    - ocfs2: wait for recovering done after direct unlock request
    - kmemleak: increase DEBUG_KMEMLEAK_EARLY_LOG_SIZE default to 16K
    - bpf: fix use after free in prog symbol exposure
    - cxgb4:Fix out-of-bounds MSI-X info array access
    - erspan: remo

  linux (4.15.0-66.75) bionic; urgency=medium

  * bionic/linux: 4.15.0-66.75 -proposed tracker (LP: #1846131)

  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts

  * CVE-2018-21008
    - rsi: add fix for crash during assertions

  * ipv6: fix neighbour resolution with raw socket (LP: #1834465)
    - ipv6: constify rt6_nexthop()
    - ipv6: fix neighbour resolution with raw socket

  * run_netsocktests from net in ubuntu_kernel_selftests failed with X-4.15
    (LP: #1842023)
    - SAUCE: selftests: net: replace AF_MAX with INT_MAX in socket.c

  * No sound inputs from the external microphone and headset on a Dell machine
    (LP: #1842265)
    - ALSA: hda - Expand pin_match function to match upcoming new tbls
    - ALSA: hda - Define a fallback_pin_fixup_tbl for alc269 family

  * Add -fcf-protection=none when using retpoline flags (LP: #1843291)
    - SAUCE: kbuild: add -fcf-protection=none when using retpoline flags

  * Enhanced Hardware Support - Finalize Naming (LP: #1842774)
    - s390: add support for IBM z15 machines

  * Bionic update: upstream stable patchset 2019-09-24 (LP: #1845266)
    - bridge/mdb: remove wrong use of NLM_F_MULTI
    - cdc_ether: fix rndis support for Mediatek based smartphones
    - ipv6: Fix the link time qualifier of 'ping_v6_proc_exit_net()'
    - isdn/capi: check message length in capi_write()
    - net: Fix null de-reference of device refcount
    - net: gso: Fix skb_segment splat when splitting gso_size mangled skb having
      linear-headed frag_list
    - net: phylink: Fix flow control resolution
    - sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
    - sctp: Fix the link time qualifier of 'sctp_ctrlsock_exit()'
    - sctp: use transport pf_retrans in sctp_do_8_2_transport_strike
    - tcp: fix tcp_ecn_withdraw_cwr() to clear TCP_ECN_QUEUE_CWR
    - tipc: add NULL pointer check before calling kfree_rcu
    - tun: fix use-after-free when register netdev failed
    - btrfs: compression: add helper for type to string conversion
    - btrfs: correctly validate compression type
    - Revert "MIPS: SiByte: Enable swiotlb for SWARM, LittleSur and BigSur"
    - gpiolib: acpi: Add gpiolib_acpi_run_edge_events_on_boot option and blacklist
    - gpio: fix line flag validation in linehandle_create
    - gpio: fix line flag validation in lineevent_create
    - Btrfs: fix assertion failure during fsync and use of stale transaction
    - genirq: Prevent NULL pointer dereference in resend_irqs()
    - KVM: s390: Do not leak kernel stack data in the KVM_S390_INTERRUPT ioctl
    - KVM: x86: work around leak of uninitialized stack contents
    - KVM: nVMX: handle page fault in vmread
    - MIPS: VDSO: Prevent use of smp_processor_id()
    - MIPS: VDSO: Use same -m%-float cflag as the kernel proper
    - powerpc: Add barrier_nospec to raw_copy_in_user()
    - drm/meson: Add support for XBGR8888 & ABGR8888 formats
    - clk: rockchip: Don't yell about bad mmc phases when getting
    - mtd: rawnand: mtk: Fix wrongly assigned OOB buffer pointer issue
    - PCI: Always allow probing with driver_override
    - ubifs: Correctly use tnc_next() in search_dh_cookie()
    - driver core: Fix use-after-free and double free on glue directory
    - crypto: talitos - check AES key size
    - crypto: talitos - fix CTR alg blocksize
    - crypto: talitos - check data blocksize in ablkcipher.
    - crypto: talitos - fix ECB algs ivsize
    - crypto: talitos - Do not modify req->cryptlen on decryption.
    - crypto: talitos - HMAC SNOOP NO AFEU mode requires SW icv checking.
    - firmware: ti_sci: Always request response from firmware
    - drm/mediatek: mtk_drm_drv.c: Add of_node_put() before goto
    - Revert "Bluetooth: btusb: driver to enable the usb-wakeup feature"
    - platform/x86: pmc_atom: Add CB4063 Beckhoff Automation board to
      critclk_systems DMI table
    - nvmem: Use the same permissions for eeprom as for nvmem
    - x86/build: Add -Wnoaddress-of-packed-member to REALMODE_CFLAGS, to silence
      GCC9 build warning
    - ixgbe: Prevent u8 wrapping of ITR value to something less than 10us
    - x86/purgatory: Change compiler flags from -mcmodel=kernel to -mcmodel=large
      to fix kexec relocation errors
    - modules: fix BUG when load module with rodata=n
    - modules: fix compile error if don't have strict module rwx
    - HID: wacom: generic: read HID_DG_CONTACTMAX from any feature report
    - Input: elan_i2c - remove Lenovo Legion Y7000 PnpID
    - powerpc/mm/radix: Use the right page size for vmemmap mapping
    - USB: usbcore: Fix slab-out-of-bounds bug during device reset
    - phy: renesas: rcar-gen3-usb2: Disable clearing VBUS in over-current
    - media: tm6000: double free if usb disconnect while streaming
    - xen-netfront: do not assume sk_buff_head list is empty in error handling
    - net_sched: let qdisc_put() accept NULL pointer
    - KVM: coalesced_mmio: add bounds checking
    - firmware: google: check if size is valid when decoding VPD data
    - serial: sprd: correct the wrong sequence of arguments
    - tty/serial: atmel: reschedule TX after RX was started
    - mwifiex: Fix three heap overflow at parsing element in cfg80211_ap_settings
    - nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds
    - ARM: OMAP2+: Fix missing SYSC_HAS_RESET_STATUS for dra7 epwmss
    - s390/bpf: fix lcgr instruction encoding
    - ARM: OMAP2+: Fix omap4 errata warning on other SoCs
    - ARM: dts: dra74x: Fix iodelay configuration for mmc3
    - s390/bpf: use 32-bit index for tail calls
    - fpga: altera-ps-spi: Fix getting of optional confd gpio
    - netfilter: xt_nfacct: Fix alignment mismatch in xt_nfacct_match_info
    - NFSv4: Fix return values for nfs4_file_open()
    - NFSv4: Fix return value in nfs_finish_open()
    - NFS: Fix initialisation of I/O result struct in nfs_pgio_rpcsetup
    - Kconfig: Fix the reference to the IDT77105 Phy driver in the description of
      ATM_NICSTAR_USE_IDT77105
    -

  linux (4.15.0-65.74) bionic; urgency=medium

  * bionic/linux: 4.15.0-65.74 -proposed tracker (LP: #1844403)

  * arm64: large modules fail to load (LP: #1841109)
    - arm64/kernel: kaslr: reduce module randomization range to 4 GB
    - arm64/kernel: don't ban ADRP to work around Cortex-A53 erratum #843419
    - arm64: fix undefined reference to 'printk'
    - arm64/kernel: rename module_emit_adrp_veneer->module_emit_veneer_for_adrp
    - [config] Remove CONFIG_ARM64_MODULE_CMODEL_LARGE

  * CVE-2018-20976
    - xfs: clear sb->s_fs_info on mount failure

  * br_netfilter: namespace sysctl operations (LP: #1836910)
    - net: bridge: add bitfield for options and convert vlan opts
    - net: bridge: convert nf call options to bits
    - netfilter: bridge: port sysctls to use brnf_net
    - netfilter: bridge: namespace bridge netfilter sysctls
    - netfilter: bridge: prevent UAF in brnf_exit_net()

  * tuntap: correctly set SOCKWQ_ASYNC_NOSPACE (LP: #1830756)
    - tuntap: correctly set SOCKWQ_ASYNC_NOSPACE

  * Bionic update: upstream stable patchset 2019-08-30 (LP: #1842114)
    - HID: Add 044f:b320 ThrustMaster, Inc. 2 in 1 DT
    - MIPS: kernel: only use i8253 clocksource with periodic clockevent
    - mips: fix cacheinfo
    - netfilter: ebtables: fix a memory leak bug in compat
    - ASoC: dapm: Fix handling of custom_stop_condition on DAPM graph walks
    - bonding: Force slave speed check after link state recovery for 802.3ad
    - can: dev: call netif_carrier_off() in register_candev()
    - ASoC: Fail card instantiation if DAI format setup fails
    - st21nfca_connectivity_event_received: null check the allocation
    - st_nci_hci_connectivity_event_received: null check the allocation
    - ASoC: ti: davinci-mcasp: Correct slot_width posed constraint
    - net: usb: qmi_wwan: Add the BroadMobi BM818 card
    - qed: RDMA - Fix the hw_ver returned in device attributes
    - isdn: mISDN: hfcsusb: Fix possible null-pointer dereferences in
      start_isoc_chain()
    - netfilter: ipset: Fix rename concurrency with listing
    - isdn: hfcsusb: Fix mISDN driver crash caused by transfer buffer on the stack
    - perf bench numa: Fix cpu0 binding
    - can: sja1000: force the string buffer NULL-terminated
    - can: peak_usb: force the string buffer NULL-terminated
    - net/ethernet/qlogic/qed: force the string buffer NULL-terminated
    - NFSv4: Fix a potential sleep while atomic in nfs4_do_reclaim()
    - HID: input: fix a4tech horizontal wheel custom usage
    - SMB3: Kernel oops mounting a encryptData share with CONFIG_DEBUG_VIRTUAL
    - net: cxgb3_main: Fix a resource leak in a error path in 'init_one()'
    - net: hisilicon: make hip04_tx_reclaim non-reentrant
    - net: hisilicon: fix hip04-xmit never return TX_BUSY
    - net: hisilicon: Fix dma_map_single failed on arm64
    - libata: have ata_scsi_rw_xlat() fail invalid passthrough requests
    - libata: add SG safety checks in SFF pio transfers
    - x86/lib/cpu: Address missing prototypes warning
    - drm/vmwgfx: fix memory leak when too many retries have occurred
    - perf ftrace: Fix failure to set cpumask when only one cpu is present
    - perf cpumap: Fix writing to illegal memory in handling cpumap mask
    - perf pmu-events: Fix missing "cpu_clk_unhalted.core" event
    - selftests: kvm: Adding config fragments
    - HID: wacom: correct misreported EKR ring values
    - HID: wacom: Correct distance scale for 2nd-gen Intuos devices
    - Revert "dm bufio: fix deadlock with loop device"
    - ceph: don't try fill file_lock on unsuccessful GETFILELOCK reply
    - libceph: fix PG split vs OSD (re)connect race
    - drm/nouveau: Don't retry infinitely when receiving no data on i2c over AUX
    - gpiolib: never report open-drain/source lines as 'input' to user-space
    - userfaultfd_release: always remove uffd flags and clear vm_userfaultfd_ctx
    - x86/retpoline: Don't clobber RFLAGS during CALL_NOSPEC on i386
    - x86/apic: Handle missing global clockevent gracefully
    - x86/CPU/AMD: Clear RDRAND CPUID bit on AMD family 15h/16h
    - x86/boot: Save fields explicitly, zero out everything else
    - x86/boot: Fix boot regression caused by bootparam sanitizing
    - dm kcopyd: always complete failed jobs
    - dm btree: fix order of block initialization in btree_split_beneath
    - dm space map metadata: fix missing store of apply_bops() return value
    - dm table: fix invalid memory accesses with too high sector number
    - dm zoned: improve error handling in reclaim
    - dm zoned: improve error handling in i/o map code
    - dm zoned: properly handle backing device failure
    - genirq: Properly pair kobject_del() with kobject_add()
    - mm, page_owner: handle THP splits correctly
    - mm/zsmalloc.c: migration can leave pages in ZS_EMPTY indefinitely
    - mm/zsmalloc.c: fix race condition in zs_destroy_pool
    - xfs: fix missing ILOCK unlock when xfs_setattr_nonsize fails due to EDQUOT
    - dm zoned: fix potential NULL dereference in dmz_do_reclaim()
    - powerpc: Allow flush_(inval_)dcache_range to work across ranges >4GB
    - can: mcp251x: add error check when wq alloc failed
    - netfilter: ipset: Actually allow destination MAC address for hash:ip,mac
      sets too
    - netfilter: ipset: Copy the right MAC address in bitmap:ip,mac and
      hash:ip,mac sets
    - rxrpc: Fix the lack of notification when sendmsg() fails on a DATA packet
    - net: phy: phy_led_triggers: Fix a possible null-pointer dereference in
      phy_led_trigger_change_speed()
    - NFS: Fix regression whereby fscache errors are appearing on 'nofsc' mounts
    - net: stmmac: Fix issues when number of Queues >= 4
    - KVM: arm64: Don't write junk to sysregs on reset
    - KVM: arm: Don't write junk to CP15 registers on reset
    - xfs: don't trip over uninitialized buffer on extent read of corrupted inode
    - xfs: Move fs/xfs/xfs_attr.h to fs/xfs/libxfs/xfs_attr.h
    - xfs: Add helper function xfs_attr_try_sf_add