Package "linux-kvm"

  linux-kvm (4.4.0-1054.61) xenial; urgency=medium

  [ Ubuntu: 4.4.0-159.187 ]

  * CVE-2019-1125
    - x86/cpufeatures: Carve out CQM features retrieval
    - x86/cpufeatures: Combine word 11 and 12 into a new scattered features word
    - x86/speculation: Prepare entry code for Spectre v1 swapgs mitigations
    - x86/speculation: Enable Spectre v1 swapgs mitigations
    - x86/entry/64: Use JMP instead of JMPQ
    - x86/speculation/swapgs: Exclude ATOMs from speculation through SWAPGS

  linux-kvm (4.4.0-1052.59) xenial; urgency=medium

  * linux-kvm: 4.4.0-1052.59 -proposed tracker (LP: #1834909)

  * Xenial update: 4.4.180 upstream stable release (LP: #1830176)
    - [Config]: enable CONFIG_SCHED_SMT

  * q-r-t security test wants SCHED_STACK_END_CHECK to be enabled in KVM kernels
    (LP: #1812159)
    - [Config]: enable SCHED_STACK_END_CHECK

  [ Ubuntu: 4.4.0-155.182 ]

  * linux: 4.4.0-155.182 -proposed tracker (LP: #1834918)
  * Geneve tunnels don't work when ipv6 is disabled (LP: #1794232)
    - geneve: correctly handle ipv6.disable module parameter
  * Kernel modules generated incorrectly when system is localized to a non-
    English language (LP: #1828084)
    - scripts: override locale from environment when running recordmcount.pl
  * Handle overflow in proc_get_long of sysctl (LP: #1833935)
    - sysctl: handle overflow in proc_get_long
  * Xenial update: 4.4.181 upstream stable release (LP: #1832661)
    - x86/speculation/mds: Revert CPU buffer clear on double fault exit
    - x86/speculation/mds: Improve CPU buffer clear documentation
    - ARM: exynos: Fix a leaked reference by adding missing of_node_put
    - crypto: vmx - fix copy-paste error in CTR mode
    - crypto: crct10dif-generic - fix use via crypto_shash_digest()
    - crypto: x86/crct10dif-pcl - fix use via crypto_shash_digest()
    - ALSA: usb-audio: Fix a memory leak bug
    - ALSA: hda/hdmi - Consider eld_valid when reporting jack event
    - ALSA: hda/realtek - EAPD turn on later
    - ASoC: max98090: Fix restore of DAPM Muxes
    - ASoC: RT5677-SPI: Disable 16Bit SPI Transfers
    - mm/mincore.c: make mincore() more conservative
    - ocfs2: fix ocfs2 read inode data panic in ocfs2_iget
    - mfd: da9063: Fix OTP control register names to match datasheets for
      DA9063/63L
    - tty/vt: fix write/write race in ioctl(KDSKBSENT) handler
    - ext4: actually request zeroing of inode table after grow
    - ext4: fix ext4_show_options for file systems w/o journal
    - Btrfs: do not start a transaction at iterate_extent_inodes()
    - bcache: fix a race between cache register and cacheset unregister
    - bcache: never set KEY_PTRS of journal key to 0 in journal_reclaim()
    - ipmi:ssif: compare block number correctly for multi-part return messages
    - crypto: gcm - Fix error return code in crypto_gcm_create_common()
    - crypto: gcm - fix incompatibility between "gcm" and "gcm_base"
    - crypto: chacha20poly1305 - set cra_name correctly
    - crypto: salsa20 - don't access already-freed walk.iv
    - crypto: arm/aes-neonbs - don't access already-freed walk.iv
    - writeback: synchronize sync(2) against cgroup writeback membership switches
    - fs/writeback.c: use rcu_barrier() to wait for inflight wb switches going
      into workqueue when umount
    - ALSA: hda/realtek - Fix for Lenovo B50-70 inverted internal microphone bug
    - KVM: x86: Skip EFER vs. guest CPUID checks for host-initiated writes
    - net: avoid weird emergency message
    - net/mlx4_core: Change the error print to info print
    - ppp: deflate: Fix possible crash in deflate_init
    - tipc: switch order of device registration to fix a crash
    - tipc: fix modprobe tipc failed after switch order of device registration
    - stm class: Fix channel free in stm output free path
    - md: add mddev->pers to avoid potential NULL pointer dereference
    - intel_th: msu: Fix single mode with IOMMU
    - of: fix clang -Wunsequenced for be32_to_cpu()
    - cifs: fix strcat buffer overflow and reduce raciness in
      smb21_set_oplock_level()
    - media: ov6650: Fix sensor possibly not detected on probe
    - NFS4: Fix v4.0 client state corruption when mount
    - clk: tegra: Fix PLLM programming on Tegra124+ when PMC overrides divider
    - fuse: fix writepages on 32bit
    - fuse: honor RLIMIT_FSIZE in fuse_file_fallocate
    - iommu/tegra-smmu: Fix invalid ASID bits on Tegra30/114
    - ceph: flush dirty inodes before proceeding with remount
    - tracing: Fix partial reading of trace event's id file
    - memory: tegra: Fix integer overflow on tick value calculation
    - perf intel-pt: Fix instructions sampling rate
    - perf intel-pt: Fix improved sample timestamp
    - perf intel-pt: Fix sample timestamp wrt non-taken branches
    - fbdev: sm712fb: fix brightness control on reboot, don't set SR30
    - fbdev: sm712fb: fix VRAM detection, don't set SR70/71/74/75
    - fbdev: sm712fb: fix white screen of death on reboot, don't set CR3B-CR3F
    - fbdev: sm712fb: fix boot screen glitch when sm712fb replaces VGA
    - fbdev: sm712fb: fix crashes during framebuffer writes by correctly mapping
      VRAM
    - fbdev: sm712fb: fix support for 1024x768-16 mode
    - fbdev: sm712fb: use 1024x768 by default on non-MIPS, fix garbled display
    - fbdev: sm712fb: fix crashes and garbled display during DPMS modesetting
    - PCI: Mark Atheros AR9462 to avoid bus reset
    - dm delay: fix a crash when invalid device is specified
    - xfrm: policy: Fix out-of-bound array accesses in __xfrm_policy_unlink
    - xfrm6_tunnel: Fix potential panic when unloading xfrm6_tunnel module
    - vti4: ipip tunnel deregistration fixes.
    - xfrm4: Fix uninitialized memory read in _decode_session4
    - KVM: arm/arm64: Ensure vcpu target is unset on reset failure
    - power: supply: sysfs: prevent endless uevent loop with
      CONFIG_POWER_SUPPLY_DEBUG
    - ufs: fix braino in ufs_get_inode_gid() for solaris UFS flavour
    - perf bench numa: Add define for RUSAGE_THREAD if not present
    - Revert "Don't jump to compute_result state from check_result state"
    - md/raid: raid5 preserve the writeback action after the parity check
    - btrfs: Honour FITRIM range constraints during free space trim
    - fbdev: sm712fb: fix memory frequency by avoiding a switch/case fallthrough
    - ext4: do not delete unlinked inode from orphan list on failed truncate
    - KVM: x86: fix return value for reserved EFER
    - bio: fix improper use of

  linux-kvm (4.4.0-1051.58) xenial; urgency=medium

  * linux-kvm: 4.4.0-1051.58 -proposed tracker (LP: #1834021)

  [ Ubuntu: 4.4.0-154.181 ]

  * linux: 4.4.0-154.181 -proposed tracker (LP: #1834030)
  * CVE-2019-11478
    - tcp: refine memory limit test in tcp_fragment()
  * CVE-2019-11479
    - SAUCE: tcp: add tcp_min_snd_mss sysctl
    - SAUCE: tcp: enforce tcp_min_snd_mss in tcp_mtu_probing()

 -- Connor Kuehl <email address hidden> Tue, 25 Jun 2019 11:01:45 -0700

  linux-kvm (4.4.0-1048.55) xenial; urgency=medium

  [ Ubuntu: 4.4.0-151.178 ]

  * Remote denial of service (system crash) caused by integer overflow in TCP
    SACK handling (LP: #1831637)
    - SAUCE: tcp: limit payload size of sacked skbs
    - SAUCE: tcp: fix fack_count accounting on tcp_shift_skb_data()
  * Remote denial of service (resource exhaustion) caused by TCP SACK scoreboard
    manipulation (LP: #1831638)
    - SAUCE: tcp: tcp_fragment() should apply sane memory limits

  [ Ubuntu: 4.4.0-150.176 ]

  * linux: 4.4.0-150.176 -proposed tracker (LP: #1830941)
  * glibc 2.23-0ubuntu11 ADT test failure with linux 4.4.0-149.175
    (LP: #1830890)
    - x86/vdso: Pass --eh-frame-hdr to the linker

 -- Stefan Bader <email address hidden> Tue, 11 Jun 2019 11:10:53 +0200

  linux-kvm (4.4.0-1047.53) xenial; urgency=medium

  * linux-kvm: 4.4.0-1047.53 -proposed tracker (LP: #1829195)

  * Xenial update: 4.4.179 upstream stable release (LP: #1828420)
    - [Config]: add CONFIG_LDISC_AUTOLOAD=y
    - [Config]: remove CONFIG_R3964

  [ Ubuntu: 4.4.0-149.175 ]

  * linux: 4.4.0-149.175 -proposed tracker (LP: #1829209)
  * disable a.out support (LP: #1818552)
    - [Config] Disable a.out support
  * autopkgtests run too often, too much and don't skip enough (LP: #1823056)
    - [Debian] Set +x on rebuild testcase.
    - [Debian] Skip rebuild test, for regression-suite deps.
    - [Debian] Make ubuntu-regression-suite skippable on unbootable kernels.
    - [Debian] make rebuild use skippable error codes when skipping.
    - [Debian] Only run regression-suite, if requested to.
  * Xenial update: 4.4.179 upstream stable release (LP: #1828420)
    - arm64: debug: Don't propagate UNKNOWN FAR into si_code for debug signals
    - arm64: debug: Ensure debug handlers check triggering exception level
    - ext4: cleanup bh release code in ext4_ind_remove_space()
    - lib/int_sqrt: optimize initial value compute
    - tty/serial: atmel: Add is_half_duplex helper
    - mm: mempolicy: make mbind() return -EIO when MPOL_MF_STRICT is specified
    - i2c: core-smbus: prevent stack corruption on read I2C_BLOCK_DATA
    - Bluetooth: Fix decrementing reference count twice in releasing socket
    - tty/serial: atmel: RS485 HD w/DMA: enable RX after TX is stopped
    - CIFS: fix POSIX lock leak and invalid ptr deref
    - h8300: use cc-cross-prefix instead of hardcoding h8300-unknown-linux-
    - tracing: kdb: Fix ftdump to not sleep
    - gpio: gpio-omap: fix level interrupt idling
    - sysctl: handle overflow for file-max
    - enic: fix build warning without CONFIG_CPUMASK_OFFSTACK
    - mm/cma.c: cma_declare_contiguous: correct err handling
    - mm/page_ext.c: fix an imbalance with kmemleak
    - mm/vmalloc.c: fix kernel BUG at mm/vmalloc.c:512!
    - mm/slab.c: kmemleak no scan alien caches
    - ocfs2: fix a panic problem caused by o2cb_ctl
    - f2fs: do not use mutex lock in atomic context
    - fs/file.c: initialize init_files.resize_wait
    - cifs: use correct format characters
    - dm thin: add sanity checks to thin-pool and external snapshot creation
    - cifs: Fix NULL pointer dereference of devname
    - fs: fix guard_bio_eod to check for real EOD errors
    - tools lib traceevent: Fix buffer overflow in arg_eval
    - usb: chipidea: Grab the (legacy) USB PHY by phandle first
    - scsi: core: replace GFP_ATOMIC with GFP_KERNEL in scsi_scan.c
    - coresight: etm4x: Add support to enable ETMv4.2
    - ARM: 8840/1: use a raw_spinlock_t in unwind
    - mmc: omap: fix the maximum timeout setting
    - e1000e: Fix -Wformat-truncation warnings
    - IB/mlx4: Increase the timeout for CM cache
    - scsi: megaraid_sas: return error when create DMA pool failed
    - perf test: Fix failure of 'evsel-tp-sched' test on s390
    - SoC: imx-sgtl5000: add missing put_device()
    - media: sh_veu: Correct return type for mem2mem buffer helpers
    - media: s5p-jpeg: Correct return type for mem2mem buffer helpers
    - media: s5p-g2d: Correct return type for mem2mem buffer helpers
    - media: mx2_emmaprp: Correct return type for mem2mem buffer helpers
    - leds: lp55xx: fix null deref on firmware load failure
    - kprobes: Prohibit probing on bsearch()
    - ARM: 8833/1: Ensure that NEON code always compiles with Clang
    - ALSA: PCM: check if ops are defined before suspending PCM
    - bcache: fix input overflow to cache set sysfs file io_error_halflife
    - bcache: fix input overflow to sequential_cutoff
    - bcache: improve sysfs_strtoul_clamp()
    - fbdev: fbmem: fix memory access if logo is bigger than the screen
    - cdrom: Fix race condition in cdrom_sysctl_register
    - ASoC: fsl-asoc-card: fix object reference leaks in fsl_asoc_card_probe
    - soc: qcom: gsbi: Fix error handling in gsbi_probe()
    - mt7601u: bump supported EEPROM version
    - ARM: avoid Cortex-A9 livelock on tight dmb loops
    - tty: increase the default flip buffer limit to 2*640K
    - media: mt9m111: set initial frame size other than 0x0
    - hwrng: virtio - Avoid repeated init of completion
    - soc/tegra: fuse: Fix illegal free of IO base address
    - hpet: Fix missing '=' character in the __setup() code of hpet_mmap_enable
    - dmaengine: imx-dma: fix warning comparison of distinct pointer types
    - netfilter: physdev: relax br_netfilter dependency
    - media: s5p-jpeg: Check for fmt_ver_flag when doing fmt enumeration
    - regulator: act8865: Fix act8600_sudcdc_voltage_ranges setting
    - wlcore: Fix memory leak in case wl12xx_fetch_firmware failure
    - x86/build: Mark per-CPU symbols as absolute explicitly for LLD
    - dmaengine: tegra: avoid overflow of byte tracking
    - drm/dp/mst: Configure no_stop_bit correctly for remote i2c xfers
    - binfmt_elf: switch to new creds when switching to new mm
    - kbuild: clang: choose GCC_TOOLCHAIN_DIR not on LD
    - x86/build: Specify elf_i386 linker emulation explicitly for i386 objects
    - x86: vdso: Use $LD instead of $CC to link
    - x86/vdso: Drop implicit common-page-size linker flag
    - lib/string.c: implement a basic bcmp
    - tty: mark Siemens R3964 line discipline as BROKEN
    - [Config]: remove CONFIG_R3964
    - [Config]: add CONFIG_LDISC_AUTOLOAD=y
    - tty: ldisc: add sysctl to prevent autoloading of ldiscs
    - ipv6: Fix dangling pointer when ipv6 fragment
    - ipv6: sit: reset ip header pointer in ipip6_rcv
    - net: rds: force to destroy connection if t_sock is NULL in
      rds_tcp_kill_sock().
    - qmi_wwan: add Olicard 600
    - sctp: initialize _pad of sockaddr_in before copying to user memory
    - tcp: Ensure DCTCP reacts to losses
    - netns: provide pure entropy for net_hash_mix()
    - net: ethtool: not call vzalloc for zero sized memory request
    - ip6_tunnel: Match to ARPHRD_TUNNEL6