Package "linux"

  linux (4.4.0-154.181) xenial; urgency=medium

  * linux: 4.4.0-154.181 -proposed tracker (LP: #1834030)

  * CVE-2019-11478
    - tcp: refine memory limit test in tcp_fragment()

  * CVE-2019-11479
    - SAUCE: tcp: add tcp_min_snd_mss sysctl
    - SAUCE: tcp: enforce tcp_min_snd_mss in tcp_mtu_probing()

 -- Khalid Elmously <email address hidden> Tue, 25 Jun 2019 00:36:38 -0400

  linux (4.4.0-151.178) xenial; urgency=medium

  * Remote denial of service (system crash) caused by integer overflow in TCP
    SACK handling (LP: #1831637)
    - SAUCE: tcp: limit payload size of sacked skbs
    - SAUCE: tcp: fix fack_count accounting on tcp_shift_skb_data()

  * Remote denial of service (resource exhaustion) caused by TCP SACK scoreboard
    manipulation (LP: #1831638)
    - SAUCE: tcp: tcp_fragment() should apply sane memory limits

 -- Stefan Bader <email address hidden> Tue, 11 Jun 2019 09:36:19 +0200

  linux (4.4.0-150.176) xenial; urgency=medium

  * linux: 4.4.0-150.176 -proposed tracker (LP: #1830941)

  * glibc 2.23-0ubuntu11 ADT test failure with linux 4.4.0-149.175
    (LP: #1830890)
    - x86/vdso: Pass --eh-frame-hdr to the linker

  linux (4.4.0-148.174) xenial; urgency=medium

  * CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130
    - Documentation/l1tf: Fix small spelling typo
    - perf/x86/intel: Add model number for Skylake Server to perf
    - perf/x86: Add model numbers for Kabylake CPUs
    - perf/x86/intel: Use Intel family macros for core perf events
    - perf/x86/msr: Use Intel family macros for MSR events code
    - perf/x86/msr: Add missing Intel models
    - SAUCE: perf/x86/{cstate,rapl,uncore}: Use Intel Model name macros
    - perf/x86/msr: Add missing CPU IDs
    - x86/speculation: Simplify the CPU bug detection logic
    - x86/cpu: Sanitize FAM6_ATOM naming
    - kvm: x86: Report STIBP on GET_SUPPORTED_CPUID
    - bitops: avoid integer overflow in GENMASK(_ULL)
    - locking/atomics, asm-generic: Move some macros from <linux/bitops.h> to a
      new <linux/bits.h> file
    - tools include: Adopt linux/bits.h
    - x86/msr-index: Cleanup bit defines
    - x86/speculation: Consolidate CPU whitelists
    - x86/speculation/mds: Add basic bug infrastructure for MDS
    - x86/speculation/mds: Add BUG_MSBDS_ONLY
    - x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests
    - x86/speculation/mds: Add mds_clear_cpu_buffers()
    - locking/static_keys: Provide DECLARE and well as DEFINE macros
    - x86/speculation/mds: Clear CPU buffers on exit to user
    - x86/kvm/vmx: Add MDS protection when L1D Flush is not active
    - x86/speculation/mds: Conditionally clear CPU buffers on idle entry
    - SAUCE: sched/smt: Introduce sched_smt_{active,present}
    - SAUCE: Rename the Ubuntu-only spec_ctrl_mutex mutex
    - SAUCE: x86/speculation: Introduce arch_smt_update()
    - x86/speculation: Rework SMT state change
    - x86/speculation: Reorder the spec_v2 code
    - x86/speculation: Unify conditional spectre v2 print functions
    - x86/speculation/mds: Add mitigation control for MDS
    - x86/speculation/mds: Add sysfs reporting for MDS
    - x86/speculation/mds: Add mitigation mode VMWERV
    - Documentation: Move L1TF to separate directory
    - Documentation: Add MDS vulnerability documentation
    - x86/speculation/mds: Add mds=full,nosmt cmdline option
    - x86/speculation: Move arch_smt_update() call to after mitigation decisions
    - x86/speculation/mds: Add SMT warning message
    - x86/speculation/mds: Fix comment
    - x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off
    - x86/speculation/mds: Add 'mitigations=' support for MDS

  * CVE-2017-5715 // CVE-2017-5753
    - s390/speculation: Support 'mitigations=' cmdline option

  * CVE-2017-5715 // CVE-2017-5753 // CVE-2017-5754 // CVE-2018-3639
    - powerpc/speculation: Support 'mitigations=' cmdline option

  * CVE-2017-5715 // CVE-2017-5754 // CVE-2018-3620 // CVE-2018-3639 //
    CVE-2018-3646
    - cpu/speculation: Add 'mitigations=' cmdline option
    - x86/speculation: Support 'mitigations=' cmdline option

  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log

  linux (4.4.0-146.172) xenial; urgency=medium

  * linux: 4.4.0-146.172 -proposed tracker (LP: #1822834)

  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts
    - [Packaging] resync retpoline extraction

  * 3b080b2564287be91605bfd1d5ee985696e61d3c in ubuntu_btrfs_kernel_fixes
    triggers system hang on i386 (LP: #1812845)
    - btrfs: raid56: properly unmap parity page in finish_parity_scrub()

  * Xenial update: 4.4.177 upstream stable release (LP: #1822271)
    - ceph: avoid repeatedly adding inode to mdsc->snap_flush_list
    - numa: change get_mempolicy() to use nr_node_ids instead of MAX_NUMNODES
    - KEYS: allow reaching the keys quotas exactly
    - mfd: ti_am335x_tscadc: Use PLATFORM_DEVID_AUTO while registering mfd cells
    - mfd: twl-core: Fix section annotations on {,un}protect_pm_master
    - mfd: db8500-prcmu: Fix some section annotations
    - mfd: ab8500-core: Return zero in get_register_interruptible()
    - mfd: qcom_rpm: write fw_version to CTRL_REG
    - mfd: wm5110: Add missing ASRC rate register
    - mfd: mc13xxx: Fix a missing check of a register-read failure
    - net: hns: Fix use after free identified by SLUB debug
    - MIPS: ath79: Enable OF serial ports in the default config
    - scsi: qla4xxx: check return code of qla4xxx_copy_from_fwddb_param
    - scsi: isci: initialize shost fully before calling scsi_add_host()
    - MIPS: jazz: fix 64bit build
    - isdn: i4l: isdn_tty: Fix some concurrency double-free bugs
    - atm: he: fix sign-extension overflow on large shift
    - leds: lp5523: fix a missing check of return value of lp55xx_read
    - isdn: avm: Fix string plus integer warning from Clang
    - RDMA/srp: Rework SCSI device reset handling
    - KEYS: user: Align the payload buffer
    - KEYS: always initialize keyring_index_key::desc_len
    - batman-adv: fix uninit-value in batadv_interface_tx()
    - net/packet: fix 4gb buffer limit due to overflow check
    - team: avoid complex list operations in team_nl_cmd_options_set()
    - sit: check if IPv6 enabled before calling ip6_err_gen_icmpv6_unreach()
    - net/mlx4_en: Force CHECKSUM_NONE for short ethernet frames
    - ARCv2: Enable unaligned access in early ASM code
    - Revert "bridge: do not add port to router list when receives query with
      source 0.0.0.0"
    - libceph: handle an empty authorize reply
    - drm/msm: Unblock writer if reader closes file
    - ASoC: Intel: Haswell/Broadwell: fix setting for .dynamic field
    - ALSA: compress: prevent potential divide by zero bugs
    - thermal: int340x_thermal: Fix a NULL vs IS_ERR() check
    - usb: dwc3: gadget: Fix the uninitialized link_state when udc starts
    - usb: gadget: Potential NULL dereference on allocation error
    - ASoC: dapm: change snprintf to scnprintf for possible overflow
    - ASoC: imx-audmux: change snprintf to scnprintf for possible overflow
    - ARC: fix __ffs return value to avoid build warnings
    - mac80211: fix miscounting of ttl-dropped frames
    - serial: fsl_lpuart: fix maximum acceptable baud rate with over-sampling
    - scsi: csiostor: fix NULL pointer dereference in csio_vport_set_state()
    - net: altera_tse: fix connect_local_phy error path
    - ibmveth: Do not process frames after calling napi_reschedule
    - mac80211: don't initiate TDLS connection if station is not associated to AP
    - cfg80211: extend range deviation for DMG
    - KVM: nSVM: clear events pending from svm_complete_interrupts() when exiting
      to L1
    - arm/arm64: KVM: Feed initialized memory to MMIO accesses
    - KVM: arm/arm64: Fix MMIO emulation data handling
    - powerpc: Always initialize input array when calling epapr_hypercall()
    - mmc: spi: Fix card detection during probe
    - x86/uaccess: Don't leak the AC flag into __put_user() value evaluation
    - USB: serial: option: add Telit ME910 ECM composition
    - USB: serial: cp210x: add ID for Ingenico 3070
    - USB: serial: ftdi_sio: add ID for Hjelmslund Electronics USB485
    - cpufreq: Use struct kobj_attribute instead of struct global_attr
    - sockfs: getxattr: Fail with -EOPNOTSUPP for invalid attribute names
    - ncpfs: fix build warning of strncpy
    - isdn: isdn_tty: fix build warning of strncpy
    - staging: lustre: fix buffer overflow of string buffer
    - net-sysfs: Fix mem leak in netdev_register_kobject
    - team: Free BPF filter when unregistering netdev
    - bnxt_en: Drop oversize TX packets to prevent errors.
    - net: nfc: Fix NULL dereference on nfc_llcp_build_tlv fails
    - xen-netback: fix occasional leak of grant ref mappings under memory pressure
    - net: Add __icmp_send helper.
    - net: avoid use IPCB in cipso_v4_error
    - net: phy: Micrel KSZ8061: link failure after cable connect
    - x86/CPU/AMD: Set the CPB bit unconditionally on F17h
    - applicom: Fix potential Spectre v1 vulnerabilities
    - MIPS: irq: Allocate accurate order pages for irq stack
    - hugetlbfs: fix races and page leaks during migration
    - netlabel: fix out-of-bounds memory accesses
    - net: dsa: mv88e6xxx: Fix u64 statistics
    - ip6mr: Do not call __IP6_INC_STATS() from preemptible context
    - media: uvcvideo: Fix 'type' check leading to overflow
    - vti4: Fix a ipip packet processing bug in 'IPCOMP' virtual tunnel
    - perf tools: Handle TOPOLOGY headers with no CPU
    - IB/{hfi1, qib}: Fix WC.byte_len calculation for UD_SEND_WITH_IMM
    - ipvs: Fix signed integer overflow when setsockopt timeout
    - iommu/amd: Fix IOMMU page flush when detach device from a domain
    - xtensa: SMP: fix ccount_timer_shutdown
    - xtensa: SMP: fix secondary CPU initialization
    - xtensa: smp_lx200_defconfig: fix vectors clash
    - xtensa: SMP: mark each possible CPU as present
    - xtensa: SMP: limit number of possible CPUs by NR_CPUS
    - net: altera_tse: fix msgdma_tx_completion on non-zero fill_level case
    - net: hns: Fix wrong read accesses via Clause 45 MDIO protocol
    - net: stmmac: dwmac-rk