Package "linux-kvm"

  linux-kvm (4.4.0-1082.91) xenial; urgency=medium

  [ Ubuntu: 4.4.0-193.224 ]

  * CVE-2020-16119
    - SAUCE: dccp: avoid double free of ccid on child socket

  [ Ubuntu: 4.4.0-192.222 ]

  * xenial/linux: 4.4.0-192.222 -proposed tracker (LP: #1897734)
  * mwifiex stops working after kernel upgrade (LP: #1897299)
    - mwifiex: Increase AES key storage size to 256 bits
  * xenial 4.4.0-191-generic in -proposed has a regression (LP: #1896725)
    - Revert "XEN uses irqdesc::irq_data_common::handler_data to store a per
      interrupt XEN data pointer which contains XEN specific information."

  linux-kvm (4.4.0-1081.89) xenial; urgency=medium

  * xenial/linux-kvm: 4.4.0-1081.89 -proposed tracker (LP: #1896059)

  [ Ubuntu: 4.4.0-191.221 ]

  * xenial/linux: 4.4.0-191.221 -proposed tracker (LP: #1896067)
  * Novalink (mkvterm command failure) (LP: #1892546)
    - tty: hvcs: Don't NULL tty->driver_data until hvcs_cleanup()
  * Xenial update: v4.4.236 upstream stable release (LP: #1895891)
    - HID: core: Correctly handle ReportSize being zero
    - HID: core: Sanitize event code and type when mapping input
    - perf record/stat: Explicitly call out event modifiers in the documentation
    - mm, page_alloc: remove unnecessary variable from free_pcppages_bulk
    - hwmon: (applesmc) check status earlier.
    - ceph: don't allow setlease on cephfs
    - s390: don't trace preemption in percpu macros
    - xen/xenbus: Fix granting of vmalloc'd memory
    - dmaengine: of-dma: Fix of_dma_router_xlate's of_dma_xlate handling
    - batman-adv: Avoid uninitialized chaddr when handling DHCP
    - batman-adv: bla: use netif_rx_ni when not in interrupt context
    - dmaengine: at_hdmac: check return value of of_find_device_by_node() in
      at_dma_xlate()
    - netfilter: nf_tables: incorrect enum nft_list_attributes definition
    - netfilter: nf_tables: fix destination register zeroing
    - dmaengine: pl330: Fix burst length if burst size is smaller than bus width
    - bnxt_en: Check for zero dir entries in NVRAM.
    - fix regression in "epoll: Keep a reference on files added to the check list"
    - tg3: Fix soft lockup when tg3_reset_task() fails.
    - iommu/vt-d: Serialize IOMMU GCMD register modifications
    - thermal: ti-soc-thermal: Fix bogus thermal shutdowns for omap4430
    - include/linux/log2.h: add missing () around n in roundup_pow_of_two()
    - btrfs: drop path before adding new uuid tree entry
    - btrfs: Remove redundant extent_buffer_get in get_old_root
    - btrfs: Remove extraneous extent_buffer_get from tree_mod_log_rewind
    - btrfs: set the lockdep class for log tree extent buffers
    - uaccess: Add non-pagefault user-space read functions
    - uaccess: Add non-pagefault user-space write function
    - btrfs: fix potential deadlock in the search ioctl
    - net: qmi_wwan: MDM9x30 specific power management
    - net: qmi_wwan: support "raw IP" mode
    - net: qmi_wwan: should hold RTNL while changing netdev type
    - net: qmi_wwan: ignore bogus CDC Union descriptors
    - Add Dell Wireless 5809e Gobi 4G HSPA+ Mobile Broadband Card (rev3) to
      qmi_wwan
    - qmi_wwan: Added support for Gemalto's Cinterion PHxx WWAN interface
    - qmi_wwan: add support for Quectel EC21 and EC25
    - NET: usb: qmi_wwan: add support for Telit LE922A PID 0x1040
    - drivers: net: usb: qmi_wwan: add QMI_QUIRK_SET_DTR for Telit PID 0x1201
    - usb: qmi_wwan: add D-Link DWM-222 A2 device ID
    - net: usb: qmi_wwan: add Telit ME910 support
    - net: usb: qmi_wwan: add Telit 0x1050 composition
    - ALSA: ca0106: fix error code handling
    - ALSA: pcm: oss: Remove superfluous WARN_ON() for mulaw sanity check
    - dm cache metadata: Avoid returning cmd->bm wild pointer on error
    - dm thin metadata: Avoid returning cmd->bm wild pointer on error
    - net: refactor bind_bucket fastreuse into helper
    - net: initialize fastreuse on inet_inherit_port
    - checkpatch: fix the usage of capture group ( ... )
    - mm/hugetlb: fix a race between hugetlb sysctl handlers
    - cfg80211: regulatory: reject invalid hints
    - net: usb: Fix uninit-was-stored issue in asix_read_phy_addr()
    - ALSA: firewire-digi00x: add support for console models of Digi00x series
    - ALSA: firewire-digi00x: exclude Avid Adrenaline from detection
    - ALSA; firewire-tascam: exclude Tascam FE-8 from detection
    - fs/affs: use octal for permissions
    - affs: fix basic permission bits to actually work
    - ravb: Fixed to be able to unload modules
    - net: ethernet: mlx4: Fix memory allocation in mlx4_buddy_init()
    - bnxt_en: Failure to update PHY is not fatal condition.
    - bnxt: don't enable NAPI until rings are ready
    - net: usb: dm9601: Add USB ID of Keenetic Plus DSL
    - sctp: not disable bh in the whole sctp_get_port_local()
    - net: disable netpoll on fresh napis
    - Linux 4.4.236
  * clock: overriding the clocksource should select the requested clocksource
    (LP: #1894591)
    - clocksource: Defer override invalidation unless clock is unstable
  * alsa/hdmi: the hdmi audio stops working from Ubuntu-4.4.0-155.182
    (LP: #1895603)
    - ALSA: hda/hdmi - Read the pin sense from register when repolling
    - SAUCE: ALSA: hda/hdmi - Check pin_eld->monitor_present
  * Xenial update: v4.4.235 upstream stable release (LP: #1895031)
    - net: Fix potential wrong skb->protocol in skb_vlan_untag()
    - tipc: fix uninit skb->data in tipc_nl_compat_dumpit()
    - ipvlan: fix device features
    - bonding: show saner speed for broadcast mode
    - bonding: fix a potential double-unregister
    - powerpc/pseries: Do not initiate shutdown when system is running on UPS
    - ALSA: pci: delete repeated words in comments
    - ASoC: tegra: Fix reference count leaks.
    - media: pci: ttpci: av7110: fix possible buffer overflow caused by bad DMA
      value in debiirq()
    - scsi: target: tcmu: Fix crash on ARM during cmd completion
    - drm/amdkfd: Fix reference count leaks.
    - drm/radeon: fix multiple reference count leak
    - drm/amdgpu: fix ref count leak in amdgpu_driver_open_kms
    - drm/amd/display: fix ref count leak in amdgpu_drm_ioctl
    - drm/amdgpu: fix ref count leak in amdgpu_display_crtc_set_config
    - drm/amdgpu/display: fix ref count leak when pm_runtime_get_sync fails
    - scsi: lpfc: Fix shost refcount mismatch when deleting vport
    - selftests/powerpc: Purge extra count_pmc() calls of ebb selftests
    - PCI: Fix pci_create_slot() reference count leak
    - rtlwifi: rtl8192cu: Prevent leaking urb
    - mips/vdso: Fix resource l

  linux-kvm (4.4.0-1080.87) xenial; urgency=medium

  * xenial/linux-kvm: 4.4.0-1080.87 -proposed tracker (LP: #1893423)

  [ Ubuntu: 4.4.0-190.220 ]

  * xenial/linux: 4.4.0-190.220 -proposed tracker (LP: #1893431)
  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts
  * [Hyper-V] VSS and File Copy daemons intermittently fails to start
    (LP: #1891224)
    - [Packaging] Bind hv_vss_daemon startup to hv_vss device
    - [Packaging] bind hv_fcopy_daemon startup to hv_fcopy device
  * CVE-2019-20811
    - net-sysfs: call dev_hold if kobject_init_and_add success
  * CVE-2020-0067
    - f2fs: fix to avoid memory leakage in f2fs_listxattr
  * CVE-2019-9453
    - f2fs: fix to avoid accessing xattr across the boundary
  * Xenial update: 4.4.233 upstream stable release (LP: #1892822)
    - media: rc: prevent memory leak in cx23888_ir_probe
    - ath9k_htc: release allocated buffer if timed out
    - ath9k: release allocated buffer if timed out
    - nfs: Move call to security_inode_listsecurity into nfs_listxattr
    - PCI/ASPM: Disable ASPM on ASMedia ASM1083/1085 PCIe-to-PCI bridge
    - drm/amdgpu: Prevent kernel-infoleak in amdgpu_info_ioctl()
    - drm: hold gem reference until object is no longer accessed
    - f2fs: check memory boundary by insane namelen
    - f2fs: check if file namelen exceeds max value
    - ARM: 8986/1: hw_breakpoint: Don't invoke overflow handler on uaccess
      watchpoints
    - fbdev: Detect integer underflow at "struct fbcon_ops"->clear_margins.
    - rds: Prevent kernel-infoleak in rds_notify_queue_get()
    - net/x25: Fix x25_neigh refcnt leak when x25 disconnect
    - net/x25: Fix null-ptr-deref in x25_disconnect
    - sh: Fix validation of system call number
    - net: lan78xx: add missing endpoint sanity check
    - net: lan78xx: fix transfer-buffer memory leak
    - mlxsw: core: Increase scope of RCU read-side critical section
    - mac80211: mesh: Free ie data when leaving mesh
    - nfc: s3fwrn5: add missing release on skb in s3fwrn5_recv_frame
    - net: ethernet: ravb: exit if re-initialization fails in tx timeout
    - Revert "i2c: cadence: Fix the hold bit setting"
    - xen-netfront: fix potential deadlock in xennet_remove()
    - x86/i8259: Use printk_deferred() to prevent deadlock
    - random32: update the net random state on interrupt and activity
    - ARM: percpu.h: fix build error
    - random: fix circular include dependency on arm64 after addition of percpu.h
    - random32: remove net_rand_state from the latent entropy gcc plugin
    - random32: move the pseudo-random 32-bit definitions to prandom.h
    - ext4: fix direct I/O read error
    - USB: serial: qcserial: add EM7305 QDL product ID
    - ALSA: seq: oss: Serialize ioctls
    - Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt()
    - Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_evt()
    - Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_with_rssi_evt()
    - vgacon: Fix for missing check in scrollback handling
    - mtd: properly check all write ioctls for permissions
    - net/9p: validate fds in p9_fd_open
    - drm/nouveau/fbcon: fix module unload when fbcon init has failed for some
      reason
    - cfg80211: check vendor command doit pointer before use
    - igb: reinit_locked() should be called with rtnl_lock
    - atm: fix atm_dev refcnt leaks in atmtcp_remove_persistent
    - tools lib traceevent: Fix memory leak in process_dynamic_array_len
    - binder: Prevent context manager from incrementing ref 0
    - ipv4: Silence suspicious RCU usage warning
    - ipv6: fix memory leaks on IPV6_ADDRFORM path
    - Revert "vxlan: fix tos value before xmit"
    - net: lan78xx: replace bogus endpoint lookup
    - usb: hso: check for return value in hso_serial_common_create()
    - vxlan: Ensure FDB dump is performed under RCU
    - Smack: fix use-after-free in smk_write_relabel_self()
    - tracepoint: Mark __tracepoint_string's __used
    - udp: drop corrupt packets earlier to avoid data corruption
    - gpio: fix oops resulting from calling of_get_named_gpio(NULL, ...)
    - EDAC: Fix reference count leaks
    - m68k: mac: Don't send IOP message until channel is idle
    - m68k: mac: Fix IOP status/control register writes
    - ARM: at91: pm: add missing put_device() call in at91_pm_sram_init()
    - ARM: socfpga: PM: add missing put_device() call in
      socfpga_setup_ocram_self_refresh()
    - drm/tilcdc: fix leak & null ref in panel_connector_get_modes
    - Bluetooth: add a mutex lock to avoid UAF in do_enale_set
    - fs/btrfs: Add cond_resched() for try_release_extent_mapping() stalls
    - drm/radeon: Fix reference count leaks caused by pm_runtime_get_sync
    - video: fbdev: neofb: fix memory leak in neo_scan_monitor()
    - drm/nouveau: fix multiple instances of reference count leaks
    - drm/debugfs: fix plain echo to connector "force" attribute
    - mm/mmap.c: Add cond_resched() for exit_mmap() CPU stalls
    - brcmfmac: To fix Bss Info flag definition Bug
    - iwlegacy: Check the return value of pcie_capability_read_*()
    - usb: gadget: net2280: fix memory leak on probe error handling paths
    - bdc: Fix bug causing crash after multiple disconnects
    - dyndbg: fix a BUG_ON in ddebug_describe_flags
    - bcache: fix super block seq numbers comparision in register_cache_set()
    - ACPICA: Do not increment operation_region reference counts for field units
    - agp/intel: Fix a memory leak on module initialisation failure
    - video: fbdev: sm712fb: fix an issue about iounmap for a wrong address
    - console: newport_con: fix an issue about leak related system resources
    - iio: improve IIO_CONCENTRATION channel type description
    - leds: lm355x: avoid enum conversion warning
    - media: omap3isp: Add missed v4l2_ctrl_handler_free() for
      preview_init_entities()
    - scsi: cumana_2: Fix different dev_id between request_irq() and free_irq()
    - drm/radeon: fix array o

  linux-kvm (4.4.0-1079.86) xenial; urgency=medium

  * xenial/linux-kvm: 4.4.0-1079.86 -proposed tracker (LP: #1890662)

  * Build and ship a signed wireguard.ko (LP: #1861284)
    - [Config] kvm: wireguard -- enable for all architectures

  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts
    - [Packaging] update update.conf
    - [Packaging] resync dkms-build and family

  [ Ubuntu: 4.4.0-189.219 ]

  * xenial/linux: 4.4.0-189.219 -proposed tracker (LP: #1891057)
  * Build and ship a signed wireguard.ko (LP: #1861284)
    - [Packaging] autoreconstruct -- manage executable debian files
    - [Packaging] dkms -- dkms package build packaging support
    - [Packaging] wireguard -- add support for building signed .ko
    - [Packaging] ignore wireguard modules when wireguard is disabled
    - [Config] update dkms package versions
    - [Config] wireguard -- enable for all architectures
  * ipsec: policy priority management is broken (LP: #1890796)
    - xfrm: policy: match with both mark and mask on user interfaces

  [ Ubuntu: 4.4.0-188.218 ]

  * xenial/linux: 4.4.0-188.218 -proposed tracker (LP: #1890670)
  * Xenial update: v4.4.232 upstream stable release (LP: #1889928)
    - pinctrl: amd: fix npins for uart0 in kerncz_groups
    - mac80211: allow rx of mesh eapol frames with default rx key
    - scsi: scsi_transport_spi: Fix function pointer check
    - xtensa: fix __sync_fetch_and_{and,or}_4 declarations
    - xtensa: update *pos in cpuinfo_op.next
    - drivers/net/wan/lapbether: Fixed the value of hard_header_len
    - net: sky2: initialize return of gm_phy_read
    - drm/nouveau/i2c/g94-: increase NV_PMGR_DP_AUXCTL_TRANSACTREQ timeout
    - SUNRPC reverting d03727b248d0 ("NFSv4 fix CLOSE not waiting for direct IO
      compeletion")
    - perf/core: Fix locking for children siblings group read
    - uprobes: Change handle_swbp() to send SIGTRAP with si_code=SI_KERNEL, to fix
      GDB regression
    - ALSA: info: Drop WARN_ON() from buffer NULL sanity check
    - ASoC: rt5670: Correct RT5670_LDO_SEL_MASK
    - btrfs: fix double free on ulist after backref resolution failure
    - x86/fpu: Disable bottom halves while loading FPU registers
    - btrfs: fix mount failure caused by race with umount
    - hippi: Fix a size used in a 'pci_free_consistent()' in an error handling
      path
    - ax88172a: fix ax88172a_unbind() failures
    - net: dp83640: fix SIOCSHWTSTAMP to update the struct with actual
      configuration
    - net: smc91x: Fix possible memory leak in smc_drv_probe()
    - scripts/decode_stacktrace: strip basepath from all paths
    - regmap: dev_get_regmap_match(): fix string comparison
    - usb: gadget: udc: gr_udc: fix memleak on error handling path in gr_ep_init()
    - arm64: Use test_tsk_thread_flag() for checking TIF_SINGLESTEP
    - x86: math-emu: Fix up 'cmp' insn for clang ias
    - Revert "cifs: Fix the target file was deleted when rename failed."
    - staging: wlan-ng: properly check endpoint types
    - staging: comedi: addi_apci_1032: check INSN_CONFIG_DIGITAL_TRIG shift
    - staging: comedi: ni_6527: fix INSN_CONFIG_DIGITAL_TRIG support
    - staging: comedi: addi_apci_1500: check INSN_CONFIG_DIGITAL_TRIG shift
    - staging: comedi: addi_apci_1564: check INSN_CONFIG_DIGITAL_TRIG shift
    - serial: 8250: fix null-ptr-deref in serial8250_start_tx()
    - serial: 8250_mtk: Fix high-speed baud rates clamping
    - mm/memcg: fix refcount error while moving and swapping
    - parisc: Add atomic64_set_release() define to avoid CPU soft lockups
    - ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb
    - ath9k: Fix regression with Atheros 9271
    - AX.25: Fix out-of-bounds read in ax25_connect()
    - AX.25: Prevent out-of-bounds read in ax25_sendmsg()
    - net-sysfs: add a newline when printing 'tx_timeout' by sysfs
    - net: udp: Fix wrong clean up for IS_UDPLITE macro
    - AX.25: Prevent integer overflows in connect and sendmsg
    - tcp: allow at most one TLP probe per flight
    - rxrpc: Fix sendmsg() returning EPIPE due to recvmsg() returning ENODATA
    - ip6_gre: fix null-ptr-deref in ip6gre_init_net()
    - drivers/net/wan/x25_asy: Fix to make it work
    - Makefile: Fix GCC_TOOLCHAIN_DIR prefix for Clang cross compilation
    - regmap: debugfs: check count when read regmap file
    - xfs: set format back to extents if xfs_bmap_extents_to_btree
    - tools/lib/subcmd/pager.c: do not alias select() params
    - perf: Make perf able to build with latest libbfd
    - perf tools: Fix snprint warnings for gcc 8
    - perf annotate: Use asprintf when formatting objdump command line
    - perf probe: Fix to check blacklist address correctly
    - Linux 4.4.232
  * Xenial update: v4.4.231 upstream stable release (LP: #1888690)
    - KVM: s390: reduce number of IO pins to 1
    - spi: spidev: fix a race between spidev_release and spidev_remove
    - spi: spidev: fix a potential use-after-free in spidev_release()
    - scsi: mptscsih: Fix read sense data size
    - net: cxgb4: fix return error value in t4_prep_fw
    - smsc95xx: check return value of smsc95xx_reset
    - smsc95xx: avoid memory leak in smsc95xx_bind
    - ALSA: compress: fix partial_drain completion state
    - arm64: kgdb: Fix single-step exception handling oops
    - ALSA: opl3: fix infoleak in opl3
    - ALSA: hda - let hs_mic be picked ahead of hp_mic
    - ALSA: usb-audio: add quirk for MacroSilicon MS2109
    - KVM: x86: bit 8 of non-leaf PDPEs is not reserved
    - Revert "ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb"
    - btrfs: fix fatal extent_buffer readahead vs releasepage race
    - drm/radeon: fix double free
    - ARC: entry: fix potential EFA clobber when TIF_SYSCALL_TRACE
    - ARC: elf: use right ELF_ARCH
    - bnxt_en: fix NULL dereference in case SR-IOV configuration fails
    - ipv4: fill fl4_icmp_{type,code} in ping_v4_sendmsg
    - l2tp: remove skb_dst_set() from l2tp_xmit_skb()
    - llc: make sure applications use