Package "linux"

  linux (4.15.0-143.147) bionic; urgency=medium

  * bionic/linux: 4.15.0-143.147 -proposed tracker (LP: #1923811)

  * CVE-2021-29650
    - netfilter: x_tables: Use correct memory barriers.

  * LRMv4: switch to signing nvidia modules via the Ubuntu Modules signing key
    (LP: #1918134)
    - [Packaging] dkms-build{,--nvidia-N} sync back from LRMv4

  * Security-Fix Xen XSA 371 for Kernel 5.4.0-71 (LP: #1921902) //
    CVE-2021-28688
    - xen-blkback: don't leak persistent grants from xen_blkbk_map()

  * CVE-2021-20292
    - drm/ttm/nouveau: don't call tt destroy callback on alloc failure.

  * CVE-2021-29264
    - gianfar: fix jumbo packets+napi+rx overrun crash

  * CVE-2021-29265
    - usbip: fix stub_dev usbip_sockfd_store() races leading to gpf

  * Bcache bypasse writeback on caching device with fragmentation (LP: #1900438)
    - bcache: consider the fragmentation when update the writeback rate

  * Bionic update: upstream stable patchset 2021-03-31 (LP: #1922124)
    - net: usb: qmi_wwan: support ZTE P685M modem
    - scripts: use pkg-config to locate libcrypto
    - scripts: set proper OpenSSL include dir also for sign-file
    - hugetlb: fix update_and_free_page contig page struct assumption
    - drm/virtio: use kvmalloc for large allocations
    - virtio/s390: implement virtio-ccw revision 2 correctly
    - arm64 module: set plt* section addresses to 0x0
    - arm64: Avoid redundant type conversions in xchg() and cmpxchg()
    - arm64: cmpxchg: Use "K" instead of "L" for ll/sc immediate constraint
    - arm64: Use correct ll/sc atomic constraints
    - JFS: more checks for invalid superblock
    - media: mceusb: sanity check for prescaler value
    - xfs: Fix assert failure in xfs_setattr_size()
    - smackfs: restrict bytes count in smackfs write functions
    - net: fix up truesize of cloned skb in skb_prepare_for_shift()
    - mm/hugetlb.c: fix unnecessary address expansion of pmd sharing
    - net: bridge: use switchdev for port flags set through sysfs too
    - dt-bindings: net: btusb: DT fix s/interrupt-name/interrupt-names/
    - staging: fwserial: Fix error handling in fwserial_create
    - x86/reboot: Add Zotac ZBOX CI327 nano PCI reboot quirk
    - vt/consolemap: do font sum unsigned
    - wlcore: Fix command execute failure 19 for wl12xx
    - pktgen: fix misuse of BUG_ON() in pktgen_thread_worker()
    - ath10k: fix wmi mgmt tx queue full due to race condition
    - x86/build: Treat R_386_PLT32 relocation as R_386_PC32
    - Bluetooth: Fix null pointer dereference in amp_read_loc_assoc_final_data
    - staging: most: sound: add sanity check for function argument
    - media: uvcvideo: Allow entities with no pads
    - f2fs: handle unallocated section and zone on pinned/atgc
    - parisc: Bump 64-bit IRQ stack size to 64 KB
    - Xen/gnttab: handle p2m update errors on a per-slot basis
    - xen-netback: respect gnttab_map_refs()'s return value
    - zsmalloc: account the number of compacted pages correctly
    - swap: fix swapfile read/write offset
    - media: v4l: ioctl: Fix memory leak in video_usercopy
    - PCI: Add a REBAR size quirk for Sapphire RX 5600 XT Pulse
    - drm/amd/display: Guard against NULL pointer deref when get_i2c_info fails
    - f2fs: fix to set/clear I_LINKABLE under i_lock
    - btrfs: fix error handling in commit_fs_roots
    - ALSA: hda/realtek: Add quirk for Clevo NH55RZQ
    - ALSA: hda/realtek: Apply dual codec quirks for MSI Godlike X570 board
    - btrfs: raid56: simplify tracking of Q stripe presence
    - btrfs: fix raid6 qstripe kmap
    - usbip: tools: fix build error for multiple definition
    - ALSA: ctxfi: cthw20k2: fix mask on conf to allow 4 bits
    - rsxx: Return -EFAULT if copy_to_user() fails
    - dm table: fix iterate_devices based device capability checks
    - dm table: fix DAX iterate_devices based device capability checks
    - dm table: fix zoned iterate_devices based device capability checks
    - iommu/amd: Fix sleeping in atomic in increase_address_space()
    - mwifiex: pcie: skip cancel_work_sync() on reset failure path
    - platform/x86: acer-wmi: Cleanup ACER_CAP_FOO defines
    - platform/x86: acer-wmi: Cleanup accelerometer device handling
    - platform/x86: acer-wmi: Add new force_caps module parameter
    - platform/x86: acer-wmi: Add ACER_CAP_SET_FUNCTION_MODE capability flag
    - platform/x86: acer-wmi: Add support for SW_TABLET_MODE on Switch devices
    - platform/x86: acer-wmi: Add ACER_CAP_KBD_DOCK quirk for the Aspire Switch
      10E SW3-016
    - PCI: Add function 1 DMA alias quirk for Marvell 9215 SATA controller
    - misc: eeprom_93xx46: Add quirk to support Microchip 93LC46B eeprom
    - drm/msm/a5xx: Remove overwriting A5XX_PC_DBG_ECO_CNTL register
    - Revert "zram: close udev startup race condition as default groups"
    - HID: mf: add support for 0079:1846 Mayflash/Dragonrise USB Gamecube Adapter

  * Bionic update: upstream stable patchset 2021-03-16 (LP: #1919380)
    - fgraph: Initialize tracing_graph_pause at task creation
    - tracing: Do not count ftrace events in top level enable output
    - tracing: Check length before giving out the filter buffer
    - arm/xen: Don't probe xenbus as part of an early initcall
    - MIPS: BMIPS: Fix section mismatch warning
    - arm64: dts: rockchip: Fix PCIe DT properties on rk3399
    - platform/x86: hp-wmi: Disable tablet-mode reporting by default
    - ovl: perform vfs_getxattr() with mounter creds
    - cap: fix conversions on getxattr
    - ovl: skip getxattr of security labels
    - ARM: dts: lpc32xx: Revert set default clock rate of HCLK PLL
    - ARM: ensure the signal page contains defined contents
    - bpf: Check for integer overflow when using roundup_pow_of_two()
    - netfilter: xt_recent: Fix attempt to update deleted entry
    - xen/netback: avoid race in xenvif_rx_ring_slots_available()
    - netfilter: conntrack: skip identical origin tuple in same zone only
    - usb: dwc3: ulpi: fix checkpatch warning
    - usb:

  linux (4.15.0-142.146) bionic; urgency=medium

  * overlayfs calls vfs_setxattr without cap_convert_nscap
    - vfs: move cap_convert_nscap() call into vfs_setxattr()

  * CVE-2021-29154
    - SAUCE: bpf, x86: Validate computation of branch displacements for x86-64

 -- Marcelo Henrique Cerri <email address hidden> Mon, 12 Apr 2021 18:46:50 -0300

  linux (4.15.0-141.145) bionic; urgency=medium

  * bionic/linux: 4.15.0-141.145 -proposed tracker (LP: #1919536)

  * binary assembly failures with CONFIG_MODVERSIONS present (LP: #1919315)
    - [Packaging] quiet (nomially) benign errors in BUILD script

  * selftests: bpf verifier fails after sanitize_ptr_alu fixes (LP: #1920995)
    - bpf: Simplify alu_limit masking for pointer arithmetic
    - bpf: Add sanity check for upper ptr_limit
    - bpf, selftests: Fix up some test_verifier cases for unprivileged

  * Packaging resync (LP: #1786013)
    - update dkms package versions

  * CVE-2018-13095
    - xfs: More robust inode extent count validation

  * i40e PF reset due to incorrect MDD event (LP: #1772675)
    - i40e: change behavior on PF in response to MDD event

  * Bionic update: upstream stable patchset 2021-03-09 (LP: #1918330)
    - ACPI: sysfs: Prefer "compatible" modalias
    - ARM: dts: imx6qdl-gw52xx: fix duplicate regulator naming
    - wext: fix NULL-ptr-dereference with cfg80211's lack of commit()
    - net: usb: qmi_wwan: added support for Thales Cinterion PLSx3 modem family
    - drivers: soc: atmel: Avoid calling at91_soc_init on non AT91 SoCs
    - drivers: soc: atmel: add null entry at the end of at91_soc_allowed_list[]
    - KVM: x86/pmu: Fix HW_REF_CPU_CYCLES event pseudo-encoding in
      intel_arch_events[]
    - KVM: x86: get smi pending status correctly
    - xen: Fix XenStore initialisation for XS_LOCAL
    - leds: trigger: fix potential deadlock with libata
    - mt7601u: fix kernel crash unplugging the device
    - mt7601u: fix rx buffer refcounting
    - xen-blkfront: allow discard-* nodes to be optional
    - ARM: imx: build suspend-imx6.S with arm instruction set
    - netfilter: nft_dynset: add timeout extension to template
    - xfrm: Fix oops in xfrm_replay_advance_bmp
    - RDMA/cxgb4: Fix the reported max_recv_sge value
    - iwlwifi: pcie: use jiffies for memory read spin time limit
    - iwlwifi: pcie: reschedule in long-running memory reads
    - mac80211: pause TX while changing interface type
    - can: dev: prevent potential information leak in can_fill_info()
    - x86/entry/64/compat: Preserve r8-r11 in int $0x80
    - x86/entry/64/compat: Fix "x86/entry/64/compat: Preserve r8-r11 in int $0x80"
    - iommu/vt-d: Gracefully handle DMAR units with no supported address widths
    - iommu/vt-d: Don't dereference iommu_device if IOMMU_API is not built
    - NFC: fix resource leak when target index is invalid
    - NFC: fix possible resource leak
    - team: protect features update by RCU to avoid deadlock
    - tcp: fix TLP timer not set when CA_STATE changes from DISORDER to OPEN
    - kernel: kexec: remove the lock operation of system_transition_mutex
    - PM: hibernate: flush swap writer after marking
    - pNFS/NFSv4: Fix a layout segment leak in pnfs_layout_process()
    - net/mlx5: Fix memory leak on flow table creation error flow
    - rxrpc: Fix memory leak in rxrpc_lookup_local
    - net: dsa: bcm_sf2: put device node before return
    - ibmvnic: Ensure that CRQ entry read are correctly ordered
    - ACPI: thermal: Do not call acpi_thermal_check() directly
    - net_sched: gen_estimator: support large ewma log
    - phy: cpcap-usb: Fix warning for missing regulator_disable
    - x86: __always_inline __{rd,wr}msr()
    - scsi: scsi_transport_srp: Don't block target in failfast state
    - scsi: libfc: Avoid invoking response handler twice if ep is already
      completed
    - mac80211: fix fast-rx encryption check
    - scsi: ibmvfc: Set default timeout to avoid crash during migration
    - objtool: Don't fail on missing symbol table
    - kthread: Extract KTHREAD_IS_PER_CPU
    - workqueue: Restrict affinity change to rescuer
    - USB: serial: cp210x: add pid/vid for WSDA-200-USB
    - USB: serial: cp210x: add new VID/PID for supporting Teraoka AD2000
    - USB: serial: option: Adding support for Cinterion MV31
    - arm64: dts: ls1046a: fix dcfg address range
    - net: lapb: Copy the skb before sending a packet
    - elfcore: fix building with clang
    - USB: gadget: legacy: fix an error code in eth_bind()
    - USB: usblp: don't call usb_set_interface if there's a single alt
    - usb: dwc2: Fix endpoint direction check in ep_from_windex
    - ovl: fix dentry leak in ovl_get_redirect
    - mac80211: fix station rate table updates on assoc
    - kretprobe: Avoid re-registration of the same kretprobe earlier
    - xhci: fix bounce buffer usage for non-sg list case
    - cifs: report error instead of invalid when revalidating a dentry fails
    - smb3: Fix out-of-bounds bug in SMB2_negotiate()
    - mmc: core: Limit retries when analyse of SDIO tuples fails
    - nvme-pci: avoid the deepest sleep state on Kingston A2000 SSDs
    - ARM: footbridge: fix dc21285 PCI configuration accessors
    - mm: hugetlbfs: fix cannot migrate the fallocated HugeTLB page
    - mm: hugetlb: fix a race between isolating and freeing page
    - mm: hugetlb: remove VM_BUG_ON_PAGE from page_huge_active
    - mm: thp: fix MADV_REMOVE deadlock on shmem THP
    - x86/build: Disable CET instrumentation in the kernel
    - x86/apic: Add extra serialization for non-serializing MSRs
    - Input: xpad - sync supported devices with fork on GitHub
    - iommu/vt-d: Do not use flush-queue when caching-mode is on
    - net: dsa: mv88e6xxx: override existent unicast portvec in port_fdb_add
    - net: mvpp2: TCAM entry enable should be written after SRAM data
    - memblock: do not start bottom-up allocations with kernel_end
    - usb: renesas_usbhs: Clear pipe running flag in usbhs_pkt_pop()
    - genirq/msi: Activate Multi-MSI early when MSI_FLAG_ACTIVATE_EARLY is set
    - KVM: SVM: Treat SVM as unsupported when running as an SEV guest
    - md: Set prev_flush_start and flush_bio in an atomic way
    - net: ip_tunnel: fix mtu calculation
    - block: fix NULL pointer dereference in register_disk
    - remoteproc: qcom_q6v5_mss: Validate modem blob firmware size bef

  linux (4.15.0-140.144) bionic; urgency=medium

  * bionic/linux: 4.15.0-140.144 -proposed tracker (LP: #1920169)

  * CVE-2020-27170
    - bpf: Fix off-by-one for area size in creating mask to left

  * CVE-2020-27171
    - bpf: Prohibit alu ops for pointer types not defining ptr_limit

 -- Thadeu Lima de Souza Cascardo <email address hidden> Fri, 19 Mar 2021 09:17:46 -0300

  linux (4.15.0-139.143) bionic; urgency=medium

  * bionic/linux: 4.15.0-139.143 -proposed tracker (LP: #1919218)

  * CVE-2021-27365
    - scsi: iscsi: Verify lengths on passthrough PDUs
    - sysfs: Add sysfs_emit and sysfs_emit_at to format sysfs output
    - scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE

  * CVE-2021-27363 // CVE-2021-27364
    - scsi: iscsi: Restrict sessions and handles to admin capabilities

 -- Thadeu Lima de Souza Cascardo <email address hidden> Mon, 15 Mar 2021 17:54:59 -0300