UbuntuUpdates.org

Package "linux-hwe-5.8-tools-host"

Name: linux-hwe-5.8-tools-host

Description:

Linux kernel VM host tools

Latest version: 5.8.0-66.74
Release: focal (20.04)
Level: proposed
Repository: main
Head package: linux-hwe-5.8

Links


Download "linux-hwe-5.8-tools-host"


Other versions of "linux-hwe-5.8-tools-host" in Focal

Repository Area Version
security main 5.8.0-63.71~20.04.1
updates main 5.8.0-63.71~20.04.1
PPA: Canonical Kernel Team 5.8.0-66.74

Changelog

Version: 5.8.0-66.74 2021-10-08 10:06:21 UTC

  linux-hwe-5.8 (5.8.0-66.74) focal; urgency=medium

  * focal/linux-hwe-5.8: 5.8.0-66.74 -proposed tracker (LP: #1944903)

  * Packaging resync (LP: #1786013)
    - debian/dkms-versions -- update from kernel-versions (main/2021.09.27)

  * linux: btrfs: fix NULL pointer dereference when deleting device by invalid
    id (LP: #1945987)
    - btrfs: fix NULL pointer dereference when deleting device by invalid id

  * CVE-2021-38199
    - NFSv4: Initialise connection to the server in nfs4_alloc_client()

  * BCM57800 SRIOV bug causes interfaces to disappear (LP: #1945707)
    - bnx2x: Fix enabling network interfaces without VFs

  * CVE-2021-3759
    - memcg: enable accounting of ipc resources

  * CVE-2019-19449
    - f2fs: fix wrong total_sections check and fsmeta check
    - f2fs: fix to do sanity check on segment/section count

  * Support builtin revoked certificates (LP: #1932029)
    - Revert "UBUNTU: SAUCE: Dump stack when X.509 certificates cannot be loaded"
    - integrity: Move import of MokListRT certs to a separate routine
    - integrity: Load certs from the EFI MOK config table
    - certs: Add EFI_CERT_X509_GUID support for dbx entries
    - certs: Move load_system_certificate_list to a common function
    - certs: Add ability to preload revocation certs
    - integrity: Load mokx variables into the blacklist keyring
    - certs: add 'x509_revocation_list' to gitignore
    - SAUCE: Dump stack when X.509 certificates cannot be loaded
    - [Packaging] build canonical-revoked-certs.pem from branch/arch certs
    - [Packaging] Revoke 2012 UEFI signing certificate as built-in
    - [Config] Configure CONFIG_SYSTEM_REVOCATION_KEYS with revoked keys

  * Support importing mokx keys into revocation list from the mok table
    (LP: #1928679)
    - efi: Support for MOK variable config table
    - efi: mokvar-table: fix some issues in new code
    - efi: mokvar: add missing include of asm/early_ioremap.h
    - efi/mokvar: Reserve the table only if it is in boot services data
    - SAUCE: integrity: add informational messages when revoking certs

  * Support importing mokx keys into revocation list from the mok table
    (LP: #1928679) // CVE-2020-26541 when certificates are revoked via
    MokListXRT.
    - SAUCE: integrity: Load mokx certs from the EFI MOK config table

  * CVE-2020-36311
    - KVM: SVM: Periodically schedule when unregistering regions on destroy

  * CVE-2021-22543
    - KVM: do not allow mapping valid but non-reference-counted pages

  * CVE-2021-3612
    - Input: joydev - prevent use of not validated data in JSIOCSBTNMAP ioctl

  * CVE-2021-38207
    - net: ll_temac: Fix TX BD buffer overwrite

  * CVE-2021-40490
    - ext4: fix race writing to an inline_data file while its xattrs are changing

  * LRMv5: switch primary version handling to kernel-versions data set
    (LP: #1928921)
    - [Packaging] switch to kernel-versions

 -- Stefan Bader <email address hidden> Tue, 05 Oct 2021 10:54:57 +0200

Source diff to previous version
1786013 Packaging resync
1945987 linux: btrfs: fix NULL pointer dereference when deleting device by invalid id
1945707 BCM57800 SRIOV bug causes interfaces to disappear
1932029 Support builtin revoked certificates
1928679 Support importing mokx keys into revocation list from the mok table
1928921 LRMv5: switch primary version handling to kernel-versions data set
CVE-2021-38199 fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect connection-setup ordering, which allows operators of remote NFSv4 servers to caus
CVE-2021-3759 unaccounted ipc objects in Linux kernel lead to breaking memcg limits and DoS attacks
CVE-2019-19449 In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can lead to slab-out-of-bounds read access in f2fs_build_segment_manager in fs/f
CVE-2020-26541 The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects c
CVE-2020-36311 An issue was discovered in the Linux kernel before 5.9. arch/x86/kvm/svm/sev.c allows attackers to cause a denial of service (soft lockup) by trigger
CVE-2021-22543 An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed
CVE-2021-3612 An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls i
CVE-2021-38207 drivers/net/ethernet/xilinx/ll_temac_main.c in the Linux kernel before 5.12.13 allows remote attackers to cause a denial of service (buffer overflow
CVE-2021-40490 A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13.

Version: 5.8.0-65.73 2021-08-31 23:06:21 UTC

  linux-hwe-5.8 (5.8.0-65.73) focal; urgency=medium

  * focal/linux-hwe-5.8: 5.8.0-65.73 -proposed tracker (LP: #1939805)

  * Packaging resync (LP: #1786013)
    - [Packaging] update variants
    - debian/dkms-versions -- update from kernel-versions (main/2021.08.16)

  * CVE-2021-3656
    - SAUCE: KVM: nSVM: always intercept VMLOAD/VMSAVE when nested

  * CVE-2021-3653
    - KVM: nSVM: introduce nested_svm_load_cr3()/nested_npt_enabled()
    - SAUCE: KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl

 -- Stefan Bader <email address hidden> Fri, 13 Aug 2021 14:19:52 +0200

Source diff to previous version
1786013 Packaging resync
CVE-2021-3656 KVM: nSVM: always intercept VMLOAD/VMSAVE when nested
CVE-2021-3653 KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl

Version: 5.8.0-64.72 2021-07-23 12:06:19 UTC

  linux-hwe-5.8 (5.8.0-64.72) focal; urgency=medium

  * focal/linux-hwe-5.8: 5.8.0-64.72 -proposed tracker (LP: #1937067)

  * Packaging resync (LP: #1786013)
    - [Packaging] update update.conf

  * large_dir in ext4 broken (LP: #1933074)
    - SAUCE: ext4: fix directory index node split corruption

  * Add l2tp.sh in net from ubuntu_kernel_selftests back (LP: #1934293)
    - Revert "UBUNTU: SAUCE: selftests/net -- disable l2tp.sh test"

  * icmp_redirect.sh in net from ubuntu_kernel_selftests failed on F-OEM-5.6 /
    F-OEM-5.10 / F-OEM-5.13 / F / G / H (LP: #1880645)
    - selftests: icmp_redirect: support expected failures

  * ubuntu-host driver lacks lseek ops (LP: #1934110)
    - ubuntu-host: add generic lseek op

  * ubuntu_kernel_selftests ftrace fails on arm64 F / aws-5.8 / amd64 F
    azure-5.8 (LP: #1927749)
    - selftests/ftrace: fix event-no-pid on 1-core machine

  * pmtu.sh from net in ubuntu_kernel_selftests failed with no error message
    (LP: #1887661)
    - selftests: pmtu.sh: improve the test result processing

  * cifs: On cifs_reconnect, resolve the hostname again (LP: #1929831)
    - cifs: rename reconn_inval_dfs_target()
    - cifs: Simplify reconnect code when dfs upcall is enabled
    - cifs: Avoid error pointer dereference
    - cifs: On cifs_reconnect, resolve the hostname again.

  * Pixel format change broken for Elgato Cam Link 4K (LP: #1932367)
    - (upstream) media: uvcvideo: Fix pixel format change for Elgato Cam Link 4K

  * Groovy update: upstream stable patchset 2021-06-28 (LP: #1933877)
    - proc: Track /proc/$pid/attr/ opener mm_struct
    - ASoC: max98088: fix ni clock divider calculation
    - spi: Fix spi device unregister flow
    - net/nfc/rawsock.c: fix a permission check bug
    - ASoC: Intel: bytcr_rt5640: Add quirk for the Glavey TM800A550L tablet
    - ASoC: Intel: bytcr_rt5640: Add quirk for the Lenovo Miix 3-830 tablet
    - vfio-ccw: Serialize FSM IDLE state with I/O completion
    - ASoC: sti-sas: add missing MODULE_DEVICE_TABLE
    - spi: sprd: Add missing MODULE_DEVICE_TABLE
    - isdn: mISDN: netjet: Fix crash in nj_probe:
    - bonding: init notify_work earlier to avoid uninitialized use
    - netlink: disable IRQs for netlink_lock_table()
    - net: mdiobus: get rid of a BUG_ON()
    - cgroup: disable controllers at parse time
    - wq: handle VM suspension in stall detection
    - net/qla3xxx: fix schedule while atomic in ql_sem_spinlock
    - RDS tcp loopback connection can hang
    - scsi: bnx2fc: Return failure if io_req is already in ABTS processing
    - scsi: vmw_pvscsi: Set correct residual data length
    - scsi: hisi_sas: Drop free_irq() of devm_request_irq() allocated irq
    - scsi: target: qla2xxx: Wait for stop_phase1 at WWN removal
    - net: macb: ensure the device is available before accessing GEMGXL control
      registers
    - net: appletalk: cops: Fix data race in cops_probe1
    - net: dsa: microchip: enable phy errata workaround on 9567
    - nvme-fabrics: decode host pathing error for connect
    - MIPS: Fix kernel hang under FUNCTION_GRAPH_TRACER and PREEMPT_TRACER
    - dm verity: fix require_signatures module_param permissions
    - bnx2x: Fix missing error code in bnx2x_iov_init_one()
    - nvme-tcp: remove incorrect Kconfig dep in BLK_DEV_NVME
    - powerpc/fsl: set fsl,i2c-erratum-a004447 flag for P2041 i2c controllers
    - powerpc/fsl: set fsl,i2c-erratum-a004447 flag for P1010 i2c controllers
    - spi: Don't have controller clean up spi device before driver unbind
    - spi: Cleanup on failure of initial setup
    - i2c: mpc: Make use of i2c_recover_bus()
    - i2c: mpc: implement erratum A-004447 workaround
    - x86/boot: Add .text.* to setup.ld
    - spi: bcm2835: Fix out-of-bounds access with more than 4 slaves
    - drm: Fix use-after-free read in drm_getunique()
    - drm: Lock pointer access in drm_master_release()
    - kvm: avoid speculation-based attacks from out-of-range memslot accesses
    - staging: rtl8723bs: Fix uninitialized variables
    - btrfs: return value from btrfs_mark_extent_written() in case of error
    - btrfs: promote debugging asserts to full-fledged checks in validate_super
    - cgroup1: don't allow '\n' in renaming
    - USB: f_ncm: ncm_bitrate (speed) is unsigned
    - usb: f_ncm: only first packet of aggregate needs to start timer
    - usb: pd: Set PD_T_SINK_WAIT_CAP to 310ms
    - usb: dwc3: ep0: fix NULL pointer exception
    - usb: musb: fix MUSB_QUIRK_B_DISCONNECT_99 handling
    - usb: typec: wcove: Use LE to CPU conversion when accessing msg->header
    - usb: typec: ucsi: Clear PPM capability data in ucsi_init() error path
    - usb: gadget: f_fs: Ensure io_completion_wq is idle during unbind
    - USB: serial: ftdi_sio: add NovaTech OrionMX product ID
    - USB: serial: omninet: add device id for Zyxel Omni 56K Plus
    - USB: serial: quatech2: fix control-request directions
    - USB: serial: cp210x: fix alternate function for CP2102N QFN20
    - usb: gadget: eem: fix wrong eem header operation
    - usb: fix various gadgets null ptr deref on 10gbps cabling.
    - usb: fix various gadget panics on 10gbps cabling
    - regulator: core: resolve supply for boot-on/always-on regulators
    - regulator: max77620: Use device_set_of_node_from_dev()
    - usb: typec: mux: Fix copy-paste mistake in typec_mux_match
    - RDMA/ipoib: Fix warning caused by destroying non-initial netns
    - RDMA/mlx4: Do not map the core_clock page to user space unless enabled
    - vmlinux.lds.h: Avoid orphan section with !SMP
    - perf: Fix data race between pin_count increment/decrement
    - sched/fair: Make sure to update tg contrib for blocked load
    - KVM: x86: Ensure liveliness of nested VM-Enter fail tracepoint message
    - IB/mlx5: Fix initializing CQ fragments buffer
    - NFS: Fix a potential NULL dereference in nfs_get_client()
    - NFSv4: Fix deadlock between nfs4_evict_inode() and nfs4_opendata_get_inode()
    - perf session: Correct buffer copying whe

Source diff to previous version
1786013 Packaging resync
1933074 large_dir in ext4 broken
1934110 ubuntu-host driver lacks lseek ops
1929831 cifs: On cifs_reconnect, resolve the hostname again
1932367 Pixel format change broken for Elgato Cam Link 4K
1933877 Groovy update: upstream stable patchset 2021-06-28
1930188 Acer Aspire 5 sound driver issues
1933541 Groovy update: upstream stable patchset 2021-06-24
1933262 Groovy update: upstream stable patchset 2021-06-22
1926165 Bass speakers not enabled on Lenovo Yoga 9i
1932359 Groovy update: upstream stable patchset 2021-06-17
1925057 [82A1, Realtek ALC287, Speaker, Internal] Underruns, dropouts or crackling sound
804178 \

Version: 5.8.0-61.68~20.04.1 2021-07-01 10:06:23 UTC

  linux-hwe-5.8 (5.8.0-61.68~20.04.1) focal; urgency=medium

  * focal/linux-hwe-5.8: 5.8.0-61.68~20.04.1 -proposed tracker (LP: #1934092)

  [ Ubuntu: 5.8.0-61.68 ]

  * test_pmtu_vti4_link_add_mtu() test from net/pmtu.sh in
    ubuntu_kernel_selftests cannot finish properly on 5.11 and 5.8
    (LP: #1933969)
    - ip6_gre: proper dev_{hold|put} in ndo_[un]init methods
    - sit: proper dev_{hold|put} in ndo_[un]init methods
    - ip6_tunnel: sit: proper dev_{hold|put} in ndo_[un]init methods
    - ipv6: remove extra dev_hold() for fallback tunnels

Source diff to previous version
1933969 test_pmtu_vti4_link_add_mtu() test from net/pmtu.sh in ubuntu_kernel_selftests cannot finish properly on 5.11 and 5.8

Version: 5.8.0-60.67~20.04.1 2021-06-25 23:06:18 UTC

  linux-hwe-5.8 (5.8.0-60.67~20.04.1) focal; urgency=medium

  * focal/linux-hwe-5.8: 5.8.0-60.67~20.04.1 -proposed tracker (LP: #1932437)

  * Packaging resync (LP: #1786013)
    - [Packaging] update variants

  [ Ubuntu: 5.8.0-60.67 ]

  * groovy/linux: 5.8.0-60.67 -proposed tracker (LP: #1932438)
  * Packaging resync (LP: #1786013)
    - [Packaging] resync getabis
    - [Packaging] update helper scripts
    - update dkms package versions
  * Add support for IO functions of AAEON devices (LP: #1929504)
    - ODM: mfd: Add support for IO functions of AAEON devices
    - ODM: gpio: add driver for AAEON devices
    - ODM: watchdog: add driver for AAEON devices
    - ODM: hwmon: add driver for AAEON devices
    - ODM: leds: add driver for AAEON devices
    - ODM: [Config] update config for AAEON devices
  * Add support for selective build of special drivers (LP: #1912789)
    - [Packaging] Add support for ODM drivers
    - [Packaging] Turn on ODM support for amd64
    - [Packaging] Fix ODM support in actual build
  * Upstream v5.9 introduced 'module' patches that removed exported symbols
    (LP: #1932065)
    - SAUCE: Revert "modules: inherit TAINT_PROPRIETARY_MODULE"
    - SAUCE: Revert "modules: return licensing information from find_symbol"
    - SAUCE: Revert "modules: rename the licence field in struct symsearch to
      license"
    - SAUCE: Revert "modules: unexport __module_address"
    - SAUCE: Revert "modules: unexport __module_text_address"
    - SAUCE: Revert "modules: mark each_symbol_section static"
    - SAUCE: Revert "modules: mark find_symbol static"
    - SAUCE: Revert "modules: mark ref_module static"
  * Disable hv-kvp-daemon.service on certain instance types (LP: #1932081)
    - [Packaging]: Add kernel command line condition to hv-kvp-daemon service
  * Groovy update: upstream stable patchset 2021-06-10 (LP: #1931637)
    - KEYS: trusted: Fix memory leak on object td
    - tpm: fix error return code in tpm2_get_cc_attrs_tbl()
    - tpm, tpm_tis: Extend locality handling to TPM2 in tpm_tis_gen_interrupt()
    - tpm, tpm_tis: Reserve locality in tpm_tis_resume()
    - KVM: x86/mmu: Remove the defunct update_pte() paging hook
    - PM: runtime: Fix unpaired parent child_count for force_resume
    - kvm: Cap halt polling at kvm->max_halt_poll_ns
    - ath11k: fix thermal temperature read
    - fs: dlm: fix debugfs dump
    - tipc: convert dest node's address to network order
    - ASoC: Intel: bytcr_rt5640: Enable jack-detect support on Asus T100TAF
    - net: stmmac: Set FIFO sizes for ipq806x
    - ASoC: rsnd: core: Check convert rate in rsnd_hw_params
    - Bluetooth: Fix incorrect status handling in LE PHY UPDATE event
    - i2c: bail out early when RDWR parameters are wrong
    - ALSA: hdsp: don't disable if not enabled
    - ALSA: hdspm: don't disable if not enabled
    - ALSA: rme9652: don't disable if not enabled
    - ALSA: bebob: enable to deliver MIDI messages for multiple ports
    - Bluetooth: Set CONF_NOT_COMPLETE as l2cap_chan default
    - Bluetooth: initialize skb_queue_head at l2cap_chan_create()
    - net/sched: cls_flower: use ntohs for struct flow_dissector_key_ports
    - net: bridge: when suppression is enabled exclude RARP packets
    - Bluetooth: check for zapped sk before connecting
    - powerpc/32: Statically initialise first emergency context
    - net: hns3: remediate a potential overflow risk of bd_num_list
    - ip6_vti: proper dev_{hold|put} in ndo_[un]init methods
    - ASoC: Intel: bytcr_rt5640: Add quirk for the Chuwi Hi8 tablet
    - ice: handle increasing Tx or Rx ring sizes
    - Bluetooth: btusb: Enable quirk boolean flag for Mediatek Chip.
    - i2c: Add I2C_AQ_NO_REP_START adapter quirk
    - MIPS: Loongson64: Use _CACHE_UNCACHED instead of _CACHE_UNCACHED_ACCELERATED
    - coresight: Do not scan for graph if none is present
    - IB/hfi1: Correct oversized ring allocation
    - mac80211: clear the beacon's CRC after channel switch
    - pinctrl: samsung: use 'int' for register masks in Exynos
    - rtw88: 8822c: add LC calibration for RTL8822C
    - mt76: mt7615: support loading EEPROM for MT7613BE
    - mt76: mt76x0: disable GTK offloading
    - mt76: mt7915: fix txpower init for TSSI off chips
    - virtiofs: fix userns
    - cuse: prevent clone
    - iwlwifi: pcie: make cfg vs. trans_cfg more robust
    - powerpc/mm: Add cond_resched() while removing hpte mappings
    - ASoC: rsnd: call rsnd_ssi_master_clk_start() from rsnd_ssi_init()
    - Revert "iommu/amd: Fix performance counter initialization"
    - iommu/amd: Remove performance counter pre-initialization test
    - drm/amd/display: Force vsync flip when reconfiguring MPCC
    - selftests: Set CC to clang in lib.mk if LLVM is set
    - kconfig: nconf: stop endless search loops
    - ALSA: hda/realtek: Add quirk for Lenovo Ideapad S740
    - ASoC: Intel: sof_sdw: add quirk for new ADL-P Rvp
    - ALSA: hda/hdmi: fix race in handling acomp ELD notification at resume
    - sctp: Fix out-of-bounds warning in sctp_process_asconf_param()
    - flow_dissector: Fix out-of-bounds warning in __skb_flow_bpf_to_target()
    - powerpc/smp: Set numa node before updating mask
    - ASoC: rt286: Generalize support for ALC3263 codec
    - ethtool: ioctl: Fix out-of-bounds warning in store_link_ksettings_for_user()
    - net: sched: tapr: prevent cycle_time == 0 in parse_taprio_schedule
    - samples/bpf: Fix broken tracex1 due to kprobe argument change
    - powerpc/pseries: Stop calling printk in rtas_stop_self()
    - drm/amd/display: fixed divide by zero kernel crash during dsc enablement
    - drm/amd/display: add handling for hdcp2 rx id list validation
    - drm/amdgpu: Add mem sync flag for IB allocated by SA
    - mt76: mt7615: fix entering driver-own state on mt7663
    - crypto: ccp: Free SEV device if SEV init fails
    - wl3501_cs: Fix out-of-bounds warnings in wl3501_send_pkt
    - wl3501_cs: Fix out-of-bounds warnings in wl3501_mgmt_join
    - qtnfmac: Fix possible buffer

1786013 Packaging resync
1929504 Add support for IO functions of AAEON devices
1912789 Add support for selective build of special drivers
1932065 Upstream v5.9 introduced 'module' patches that removed exported symbols
1932081 Disable hv-kvp-daemon.service on certain instance types
1931637 Groovy update: upstream stable patchset 2021-06-10
1930766 Groovy update: upstream stable patchset 2021-06-03
1930095 Groovy update: upstream stable patchset 2021-05-28



About   -   Send Feedback to @ubuntu_updates