Package "linux"

  linux (4.4.0-193.224) xenial; urgency=medium

  * CVE-2020-16119
    - SAUCE: dccp: avoid double free of ccid on child socket

  linux (4.4.0-190.220) xenial; urgency=medium

  * xenial/linux: 4.4.0-190.220 -proposed tracker (LP: #1893431)

  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts

  * [Hyper-V] VSS and File Copy daemons intermittently fails to start
    (LP: #1891224)
    - [Packaging] Bind hv_vss_daemon startup to hv_vss device
    - [Packaging] bind hv_fcopy_daemon startup to hv_fcopy device

  * CVE-2019-20811
    - net-sysfs: call dev_hold if kobject_init_and_add success

  * CVE-2020-0067
    - f2fs: fix to avoid memory leakage in f2fs_listxattr

  * CVE-2019-9453
    - f2fs: fix to avoid accessing xattr across the boundary

  * Xenial update: 4.4.233 upstream stable release (LP: #1892822)
    - media: rc: prevent memory leak in cx23888_ir_probe
    - ath9k_htc: release allocated buffer if timed out
    - ath9k: release allocated buffer if timed out
    - nfs: Move call to security_inode_listsecurity into nfs_listxattr
    - PCI/ASPM: Disable ASPM on ASMedia ASM1083/1085 PCIe-to-PCI bridge
    - drm/amdgpu: Prevent kernel-infoleak in amdgpu_info_ioctl()
    - drm: hold gem reference until object is no longer accessed
    - f2fs: check memory boundary by insane namelen
    - f2fs: check if file namelen exceeds max value
    - ARM: 8986/1: hw_breakpoint: Don't invoke overflow handler on uaccess
      watchpoints
    - fbdev: Detect integer underflow at "struct fbcon_ops"->clear_margins.
    - rds: Prevent kernel-infoleak in rds_notify_queue_get()
    - net/x25: Fix x25_neigh refcnt leak when x25 disconnect
    - net/x25: Fix null-ptr-deref in x25_disconnect
    - sh: Fix validation of system call number
    - net: lan78xx: add missing endpoint sanity check
    - net: lan78xx: fix transfer-buffer memory leak
    - mlxsw: core: Increase scope of RCU read-side critical section
    - mac80211: mesh: Free ie data when leaving mesh
    - nfc: s3fwrn5: add missing release on skb in s3fwrn5_recv_frame
    - net: ethernet: ravb: exit if re-initialization fails in tx timeout
    - Revert "i2c: cadence: Fix the hold bit setting"
    - xen-netfront: fix potential deadlock in xennet_remove()
    - x86/i8259: Use printk_deferred() to prevent deadlock
    - random32: update the net random state on interrupt and activity
    - ARM: percpu.h: fix build error
    - random: fix circular include dependency on arm64 after addition of percpu.h
    - random32: remove net_rand_state from the latent entropy gcc plugin
    - random32: move the pseudo-random 32-bit definitions to prandom.h
    - ext4: fix direct I/O read error
    - USB: serial: qcserial: add EM7305 QDL product ID
    - ALSA: seq: oss: Serialize ioctls
    - Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt()
    - Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_evt()
    - Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_with_rssi_evt()
    - vgacon: Fix for missing check in scrollback handling
    - mtd: properly check all write ioctls for permissions
    - net/9p: validate fds in p9_fd_open
    - drm/nouveau/fbcon: fix module unload when fbcon init has failed for some
      reason
    - cfg80211: check vendor command doit pointer before use
    - igb: reinit_locked() should be called with rtnl_lock
    - atm: fix atm_dev refcnt leaks in atmtcp_remove_persistent
    - tools lib traceevent: Fix memory leak in process_dynamic_array_len
    - binder: Prevent context manager from incrementing ref 0
    - ipv4: Silence suspicious RCU usage warning
    - ipv6: fix memory leaks on IPV6_ADDRFORM path
    - Revert "vxlan: fix tos value before xmit"
    - net: lan78xx: replace bogus endpoint lookup
    - usb: hso: check for return value in hso_serial_common_create()
    - vxlan: Ensure FDB dump is performed under RCU
    - Smack: fix use-after-free in smk_write_relabel_self()
    - tracepoint: Mark __tracepoint_string's __used
    - udp: drop corrupt packets earlier to avoid data corruption
    - gpio: fix oops resulting from calling of_get_named_gpio(NULL, ...)
    - EDAC: Fix reference count leaks
    - m68k: mac: Don't send IOP message until channel is idle
    - m68k: mac: Fix IOP status/control register writes
    - ARM: at91: pm: add missing put_device() call in at91_pm_sram_init()
    - ARM: socfpga: PM: add missing put_device() call in
      socfpga_setup_ocram_self_refresh()
    - drm/tilcdc: fix leak & null ref in panel_connector_get_modes
    - Bluetooth: add a mutex lock to avoid UAF in do_enale_set
    - fs/btrfs: Add cond_resched() for try_release_extent_mapping() stalls
    - drm/radeon: Fix reference count leaks caused by pm_runtime_get_sync
    - video: fbdev: neofb: fix memory leak in neo_scan_monitor()
    - drm/nouveau: fix multiple instances of reference count leaks
    - drm/debugfs: fix plain echo to connector "force" attribute
    - mm/mmap.c: Add cond_resched() for exit_mmap() CPU stalls
    - brcmfmac: To fix Bss Info flag definition Bug
    - iwlegacy: Check the return value of pcie_capability_read_*()
    - usb: gadget: net2280: fix memory leak on probe error handling paths
    - bdc: Fix bug causing crash after multiple disconnects
    - dyndbg: fix a BUG_ON in ddebug_describe_flags
    - bcache: fix super block seq numbers comparision in register_cache_set()
    - ACPICA: Do not increment operation_region reference counts for field units
    - agp/intel: Fix a memory leak on module initialisation failure
    - video: fbdev: sm712fb: fix an issue about iounmap for a wrong address
    - console: newport_con: fix an issue about leak related system resources
    - iio: improve IIO_CONCENTRATION channel type description
    - leds: lm355x: avoid enum conversion warning
    - media: omap3isp: Add missed v4l2_ctrl_handler_free() for
      preview_init_entities()
    - scsi: cumana_2: Fix different dev_id between request_irq() and free_irq()
    - drm/radeon: fix array out-of-bounds read and write issues
    - scsi: powertec: Fix different dev_id between request_irq

  linux (4.4.0-189.219) xenial; urgency=medium

  * xenial/linux: 4.4.0-189.219 -proposed tracker (LP: #1891057)

  * Build and ship a signed wireguard.ko (LP: #1861284)
    - [Packaging] autoreconstruct -- manage executable debian files
    - [Packaging] dkms -- dkms package build packaging support
    - [Packaging] wireguard -- add support for building signed .ko
    - [Packaging] ignore wireguard modules when wireguard is disabled
    - [Config] update dkms package versions
    - [Config] wireguard -- enable for all architectures

  * ipsec: policy priority management is broken (LP: #1890796)
    - xfrm: policy: match with both mark and mask on user interfaces

  linux (4.4.0-187.217) xenial; urgency=medium

  * xenial/linux: 4.4.0-187.217 -proposed tracker (LP: #1888274)

  * Regression in kernel 4.15.0-91 causes kernel panic with Bcache
    (LP: #1867916)
    - bcache: check and adjust logical block size for backing devices

  * Xenial update: v4.4.230 upstream stable release (LP: #1887011)
    - btrfs: cow_file_range() num_bytes and disk_num_bytes are same
    - btrfs: fix data block group relocation failure due to concurrent scrub
    - mm: fix swap cache node allocation mask
    - EDAC/amd64: Read back the scrub rate PCI register on F15h
    - mm/slub: fix stack overruns with SLUB_STATS
    - usb: usbtest: fix missing kfree(dev->buf) in usbtest_disconnect
    - kgdb: Avoid suspicious RCU usage warning
    - crypto: af_alg - fix use-after-free in af_alg_accept() due to bh_lock_sock()
    - sched/rt: Show the 'sched_rr_timeslice' SCHED_RR timeslice tuning knob in
      milliseconds
    - hwmon: (max6697) Make sure the OVERT mask is set correctly
    - hwmon: (acpi_power_meter) Fix potential memory leak in
      acpi_power_meter_add()
    - virtio-blk: free vblk-vqs in error path of virtblk_probe()
    - i2c: algo-pca: Add 0x78 as SCL stuck low status for PCA9665
    - Revert "ALSA: usb-audio: Improve frames size computation"
    - SMB3: Honor 'seal' flag for multiuser mounts
    - SMB3: Honor persistent/resilient handle flags for multiuser mounts
    - cifs: Fix the target file was deleted when rename failed.
    - MIPS: Add missing EHB in mtc0 -> mfc0 sequence for DSPen
    - netfilter: nf_conntrack_h323: lost .data_len definition for Q.931/ipv6
    - Linux 4.4.230

  * Xenial update: v4.4.229 upstream stable release (LP: #1885932)
    - s390: fix syscall_get_error for compat processes
    - clk: sunxi: Fix incorrect usage of round_down()
    - i2c: piix4: Detect secondary SMBus controller on AMD AM4 chipsets
    - clk: qcom: msm8916: Fix the address location of pll->config_reg
    - ALSA: isa/wavefront: prevent out of bounds write in ioctl
    - scsi: qla2xxx: Fix issue with adapter's stopping state
    - i2c: pxa: clear all master action bits in i2c_pxa_stop_message()
    - usblp: poison URBs upon disconnect
    - ps3disk: use the default segment boundary
    - vfio/pci: fix memory leaks in alloc_perm_bits()
    - mfd: wm8994: Fix driver operation if loaded as modules
    - scsi: lpfc: Fix lpfc_nodelist leak when processing unsolicited event
    - nfsd: Fix svc_xprt refcnt leak when setup callback client failed
    - powerpc/crashkernel: Take "mem=" option into account
    - yam: fix possible memory leak in yam_init_driver
    - mksysmap: Fix the mismatch of '.L' symbols in System.map
    - scsi: sr: Fix sr_probe() missing deallocate of device minor
    - scsi: ibmvscsi: Don't send host info in adapter info MAD after LPM
    - ALSA: usb-audio: Improve frames size computation
    - s390/qdio: put thinint indicator after early error
    - tty: hvc: Fix data abort due to race in hvc_open
    - staging: sm750fb: add missing case while setting FB_VISUAL
    - i2c: pxa: fix i2c_pxa_scream_blue_murder() debug output
    - serial: amba-pl011: Make sure we initialize the port.lock spinlock
    - drivers: base: Fix NULL pointer exception in __platform_driver_probe() if a
      driver developer is foolish
    - PCI/ASPM: Allow ASPM on links to PCIe-to-PCI/PCI-X Bridges
    - power: supply: smb347-charger: IRQSTAT_D is volatile
    - scsi: mpt3sas: Fix double free warnings
    - dlm: remove BUG() before panic()
    - clk: ti: composite: fix memory leak
    - tty: n_gsm: Fix SOF skipping
    - tty: n_gsm: Fix waking up upper tty layer when room available
    - powerpc/pseries/ras: Fix FWNMI_VALID off by one
    - powerpc/ps3: Fix kexec shutdown hang
    - vfio-pci: Mask cap zero
    - usb/ohci-platform: Fix a warning when hibernating
    - USB: host: ehci-mxc: Add error handling in ehci_mxc_drv_probe()
    - tty: n_gsm: Fix bogus i++ in gsm_data_kick
    - clk: samsung: exynos5433: Add IGNORE_UNUSED flag to sclk_i2s1
    - watchdog: da9062: No need to ping manually before setting timeout
    - usb: dwc2: gadget: move gadget resume after the core is in L0 state
    - USB: gadget: udc: s3c2410_udc: Remove pointless NULL check in
      s3c2410_udc_nuke
    - usb: gadget: lpc32xx_udc: don't dereference ep pointer before null check
    - usb: gadget: fix potential double-free in m66592_probe.
    - net: sunrpc: Fix off-by-one issues in 'rpc_ntop6'
    - ASoC: fsl_asrc_dma: Fix dma_chan leak when config DMA channel failed
    - openrisc: Fix issue with argument clobbering for clone/fork
    - gfs2: Allow lock_nolock mount to specify jid=X
    - scsi: iscsi: Fix reference count leak in iscsi_boot_create_kobj
    - lib/zlib: remove outdated and incorrect pre-increment optimization
    - include/linux/bitops.h: avoid clang shift-count-overflow warnings
    - elfnote: mark all .note sections SHF_ALLOC
    - selftests/net: in timestamping, strncpy needs to preserve null byte
    - scsi: acornscsi: Fix an error handling path in acornscsi_probe()
    - usb/xhci-plat: Set PM runtime as active on resume
    - usb/ehci-platform: Set PM runtime as active on resume
    - perf report: Fix NULL pointer dereference in
      hists__fprintf_nr_sample_events()
    - bcache: fix potential deadlock problem in btree_gc_coalesce
    - block: Fix use-after-free in blkdev_get()
    - drm: encoder_slave: fix refcouting error for modules
    - drm/dp_mst: Reformat drm_dp_check_act_status() a bit
    - drm/qxl: Use correct notify port address when creating cursor ring
    - selinux: fix double free
    - ext4: fix partial cluster initialization when splitting extent
    - drm/dp_mst: Increase ACT retry timeout to 3s
    - sparc64: fix misuses of access_process_vm() in genregs32_[sg]et()
    - block: nr_sects_write(): Disable preemption on seqcount write
    - crypto: algboss - don't wait during notifier callback
    - kprobes: Fix to protect kick_kprobe_optimizer() by kprobe

  linux (4.4.0-186.216) xenial; urgency=medium

  * xenial/linux: 4.4.0-186.216 -proposed tracker (LP: #1885514)

  * Xenial update: v4.4.228 upstream stable release (LP: #1884564)
    - ipv6: fix IPV6_ADDRFORM operation logic
    - vxlan: Avoid infinite loop when suppressing NS messages with invalid options
    - scsi: return correct blkprep status code in case scsi_init_io() fails.
    - net: phy: marvell: Limit 88m1101 autoneg errata to 88E1145 as well.
    - pwm: fsl-ftm: Use flat regmap cache
    - ARM: 8977/1: ptrace: Fix mask for thumb breakpoint hook
    - sched/fair: Don't NUMA balance for kthreads
    - ath9k_htc: Silence undersized packet warnings
    - x86_64: Fix jiffies ODR violation
    - x86/speculation: Prevent rogue cross-process SSBD shutdown
    - x86/reboot/quirks: Add MacBook6,1 reboot quirk
    - efi/efivars: Add missing kobject_put() in sysfs entry creation error path
    - ALSA: es1688: Add the missed snd_card_free()
    - ALSA: usb-audio: Fix inconsistent card PM state after resume
    - ACPI: sysfs: Fix reference count leak in acpi_sysfs_add_hotplug_profile()
    - ACPI: PM: Avoid using power resources if there are none for D0
    - cgroup, blkcg: Prepare some symbols for module and !CONFIG_CGROUP usages
    - nilfs2: fix null pointer dereference at nilfs_segctor_do_construct()
    - spi: bcm2835aux: Fix controller unregister order
    - ALSA: pcm: disallow linking stream to itself
    - x86/speculation: Change misspelled STIPB to STIBP
    - x86/speculation: Add support for STIBP always-on preferred mode
    - x86/speculation: Avoid force-disabling IBPB based on STIBP and enhanced
      IBRS.
    - x86/speculation: PR_SPEC_FORCE_DISABLE enforcement for indirect branches.
    - spi: dw: fix possible race condition
    - spi: dw: Fix controller unregister order
    - spi: No need to assign dummy value in spi_unregister_controller()
    - spi: Fix controller unregister order
    - spi: pxa2xx: Fix controller unregister order
    - spi: bcm2835: Fix controller unregister order
    - ovl: initialize error in ovl_copy_xattr
    - proc: Use new_inode not new_inode_pseudo
    - video: fbdev: w100fb: Fix a potential double free.
    - KVM: nSVM: leave ASID aside in copy_vmcb_control_area
    - KVM: nVMX: Consult only the "basic" exit reason when routing nested exit
    - KVM: arm64: Make vcpu_cp1x() work on Big Endian hosts
    - ath9k: Fix use-after-free Read in ath9k_wmi_ctrl_rx
    - ath9k: Fix use-after-free Write in ath9k_htc_rx_msg
    - ath9x: Fix stack-out-of-bounds Write in ath9k_hif_usb_rx_cb
    - ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb
    - Smack: slab-out-of-bounds in vsscanf
    - mm/slub: fix a memory leak in sysfs_slab_add()
    - fat: don't allow to mount if the FAT length == 0
    - can: kvaser_usb: kvaser_usb_leaf: Fix some info-leaks to USB devices
    - spi: dw: Zero DMA Tx and Rx configurations on stack
    - Bluetooth: Add SCO fallback for invalid LMP parameters error
    - kgdb: Prevent infinite recursive entries to the debugger
    - spi: dw: Enable interrupts in accordance with DMA xfer mode
    - clocksource: dw_apb_timer_of: Fix missing clockevent timers
    - btrfs: do not ignore error from btrfs_next_leaf() when inserting checksums
    - ARM: 8978/1: mm: make act_mm() respect THREAD_SIZE
    - net: vmxnet3: fix possible buffer overflow caused by bad DMA value in
      vmxnet3_get_rss()
    - staging: android: ion: use vmap instead of vm_map_ram
    - e1000: Distribute switch variables for initialization
    - media: dvb: return -EREMOTEIO on i2c transfer failure.
    - MIPS: Make sparse_init() using top-down allocation
    - netfilter: nft_nat: return EOPNOTSUPP if type or flags are not supported
    - lib/mpi: Fix 64-bit MIPS build with Clang
    - net: lpc-enet: fix error return code in lpc_mii_init()
    - net: allwinner: Fix use correct return type for ndo_start_xmit()
    - powerpc/spufs: fix copy_to_user while atomic
    - mips: cm: Fix an invalid error code of INTVN_*_ERR
    - kgdb: Fix spurious true from in_dbg_master()
    - md: don't flush workqueue unconditionally in md_open
    - mwifiex: Fix memory corruption in dump_station
    - mips: Add udelay lpj numbers adjustment
    - x86/mm: Stop printing BRK addresses
    - m68k: mac: Don't call via_flush_cache() on Mac IIfx
    - macvlan: Skip loopback packets in RX handler
    - PCI: Don't disable decoding when mmio_always_on is set
    - MIPS: Fix IRQ tracing when call handle_fpe() and handle_msa_fpe()
    - ixgbe: fix signed-integer-overflow warning
    - spi: dw: Return any value retrieved from the dma_transfer callback
    - cpuidle: Fix three reference count leaks
    - ima: Fix ima digest hash table key calculation
    - ext4: fix EXT_MAX_EXTENT/INDEX to check for zeroed eh_max
    - Btrfs: fix unreplayable log after snapshot delete + parent dir fsync
    - btrfs: send: emit file capabilities after chown
    - btrfs: fix error handling when submitting direct I/O bio
    - ima: Directly assign the ima_default_policy pointer to ima_rules
    - PCI: Program MPS for RCiEP devices
    - e1000e: Relax condition to trigger reset for ME workaround
    - carl9170: remove P2P_GO support
    - media: go7007: fix a miss of snd_card_free
    - b43legacy: Fix case where channel status is corrupted
    - b43: Fix connection problem with WPA3
    - b43_legacy: Fix connection problem with WPA3
    - igb: Report speed and duplex as unknown when device is runtime suspended
    - power: vexpress: add suppress_bind_attrs to true
    - pinctrl: samsung: Save/restore eint_mask over suspend for EINT_TYPE GPIOs
    - sparc32: fix register window handling in genregs32_[gs]et()
    - kernel/cpu_pm: Fix uninitted local in cpu_pm
    - ARM: tegra: Correct PL310 Auxiliary Control Register initialization
    - drivers/macintosh: Fix memleak in windfarm_pm112 driver
    - kbuild: force to build vmlinux if CONFIG_MODVERSION=y
    - sunrpc: svcauth_gss_register_pseudoflavor must reject du