Package "linux-kvm"

  linux-kvm (4.4.0-1085.94) xenial; urgency=medium

  * xenial/linux-kvm: 4.4.0-1085.94 -proposed tracker (LP: #1906044)

  [ Ubuntu: 4.4.0-198.230 ]

  * xenial/linux: 4.4.0-198.230 -proposed tracker (LP: #1906052)
  * Xenial update: v4.4.244 upstream stable release (LP: #1904914)
    - ring-buffer: Fix recursion protection transitions between interrupt context
    - gfs2: Wake up when sd_glock_disposal becomes zero
    - mm: mempolicy: fix potential pte_unmap_unlock pte error
    - time: Prevent undefined behaviour in timespec64_to_ns()
    - btrfs: reschedule when cloning lots of extents
    - net: xfrm: fix a race condition during allocing spi
    - perf tools: Add missing swap for ino_generation
    - ALSA: hda: prevent undefined shift in snd_hdac_ext_bus_get_link()
    - can: dev: can_get_echo_skb(): prevent call to kfree_skb() in hard IRQ
      context
    - can: dev: __can_get_echo_skb(): fix real payload length return value for RTR
      frames
    - can: can_create_echo_skb(): fix echo skb generation: always use skb_clone()
    - can: peak_usb: add range checking in decode operations
    - can: peak_usb: peak_usb_get_ts_time(): fix timestamp wrapping
    - Btrfs: fix missing error return if writeback for extent buffer never started
    - i40e: Wrong truncation from u16 to u8
    - i40e: Fix of memory leak and integer truncation in i40e_virtchnl.c
    - ath9k_htc: Use appropriate rs_datalen type
    - usb: gadget: goku_udc: fix potential crashes in probe
    - gfs2: Free rd_bits later in gfs2_clear_rgrpd to fix use-after-free
    - gfs2: check for live vs. read-only file system in gfs2_fitrim
    - drm/amdgpu: perform srbm soft reset always on SDMA resume
    - mac80211: fix use of skb payload instead of header
    - cfg80211: regulatory: Fix inconsistent format argument
    - iommu/amd: Increase interrupt remapping table limit to 512 entries
    - xfs: fix a missing unlock on error in xfs_fs_map_blocks
    - of/address: Fix of_node memory leak in of_dma_is_coherent
    - cosa: Add missing kfree in error path of cosa_write
    - perf: Fix get_recursion_context()
    - ext4: correctly report "not supported" for {usr,grp}jquota when
      !CONFIG_QUOTA
    - ext4: unlock xattr_sem properly in ext4_inline_data_truncate()
    - usb: cdc-acm: Add DISABLE_ECHO for Renesas USB Download mode
    - mei: protect mei_cl_mtu from null dereference
    - ocfs2: initialize ip_next_orphan
    - don't dump the threads that had been already exiting when zapped.
    - drm/gma500: Fix out-of-bounds access to struct drm_device.vblank[]
    - pinctrl: amd: use higher precision for 512 RtcClk
    - pinctrl: amd: fix incorrect way to disable debounce filter
    - swiotlb: fix "x86: Don't panic if can not alloc buffer for swiotlb"
    - IPv6: Set SIT tunnel hard_header_len to zero
    - net/af_iucv: fix null pointer dereference on shutdown
    - net/x25: Fix null-ptr-deref in x25_connect
    - net: Update window_clamp if SOCK_RCVBUF is set
    - random32: make prandom_u32() output unpredictable
    - x86/speculation: Allow IBPB to be conditionally enabled on CPUs with always-
      on STIBP
    - xen/events: avoid removing an event channel while handling it
    - xen/events: add a proper barrier to 2-level uevent unmasking
    - xen/events: fix race in evtchn_fifo_unmask()
    - xen/events: add a new "late EOI" evtchn framework
    - xen/blkback: use lateeoi irq binding
    - xen/netback: use lateeoi irq binding
    - xen/scsiback: use lateeoi irq binding
    - xen/pciback: use lateeoi irq binding
    - xen/events: switch user event channels to lateeoi model
    - xen/events: use a common cpu hotplug hook for event channels
    - xen/events: defer eoi in case of excessive number of events
    - xen/events: block rogue events for some time
    - Revert "kernel/reboot.c: convert simple_strtoul to kstrtoint"
    - reboot: fix overflow parsing reboot cpu number
    - ext4: fix leaking sysfs kobject after failed mount
    - Convert trailing spaces and periods in path components
    - Linux 4.4.244
  * Xenial update: v4.4.243 upstream stable release (LP: #1904904)
    - Linux 4.4.243
  * Xenial update: v4.4.242 upstream stable release (LP: #1903750)
    - SUNRPC: ECONNREFUSED should cause a rebind.
    - scripts/setlocalversion: make git describe output more reliable
    - ravb: Fix bit fields checking in ravb_hwtstamp_get()
    - tipc: fix memory leak caused by tipc_buf_append()
    - mtd: lpddr: Fix bad logic in print_drs_error
    - ata: sata_rcar: Fix DMA boundary mask
    - fscrypt: return -EXDEV for incompatible rename or link into encrypted dir
    - f2fs crypto: avoid unneeded memory allocation in ->readdir
    - powerpc/powernv/smp: Fix spurious DBG() warning
    - sparc64: remove mm_cpumask clearing to fix kthread_use_mm race
    - f2fs: fix to check segment boundary during SIT page readahead
    - um: change sigio_spinlock to a mutex
    - xfs: fix realtime bitmap/summary file truncation when growing rt volume
    - video: fbdev: pvr2fb: initialize variables
    - ath10k: fix VHT NSS calculation when STBC is enabled
    - mmc: via-sdmmc: Fix data race bug
    - printk: reduce LOG_BUF_SHIFT range for H8300
    - kgdb: Make "kgdbcon" work properly with "kgdb_earlycon"
    - USB: adutux: fix debugging
    - drivers/net/wan/hdlc_fr: Correctly handle special skb->protocol values
    - power: supply: test_power: add missing newlines when printing parameters by
      sysfs
    - md/bitmap: md_bitmap_get_counter returns wrong blocks
    - clk: ti: clockdomain: fix static checker warning
    - net: 9p: initialize sun_server.sun_path to have addr's value only when addr
      is valid
    - drivers: watchdog: rdc321x_wdt: Fix race condition bugs
    - ext4: Detect already used quota file early
    - gfs2: add validation checks for size of superblock
    - memory: emif: Remove bogus debugfs error handling
    - ARM: dts: s5pv210: move PMU node out of clock controller
    - ARM: dts: s5pv210: remove dedic

  linux-kvm (4.4.0-1084.93) xenial; urgency=medium

  * xenial/linux-kvm: 4.4.0-1084.93 -proposed tracker (LP: #1905657)

  * CONFIG options for (ipip, sit) should not be built-in to the KVM kernels
    (LP: #1899832)
    - [config] Set CONFIG_NET_IPIP and CONIG_IPV6_SIT =m

  linux-kvm (4.4.0-1082.91) xenial; urgency=medium

  [ Ubuntu: 4.4.0-193.224 ]

  * CVE-2020-16119
    - SAUCE: dccp: avoid double free of ccid on child socket

  [ Ubuntu: 4.4.0-192.222 ]

  * xenial/linux: 4.4.0-192.222 -proposed tracker (LP: #1897734)
  * mwifiex stops working after kernel upgrade (LP: #1897299)
    - mwifiex: Increase AES key storage size to 256 bits
  * xenial 4.4.0-191-generic in -proposed has a regression (LP: #1896725)
    - Revert "XEN uses irqdesc::irq_data_common::handler_data to store a per
      interrupt XEN data pointer which contains XEN specific information."

  linux-kvm (4.4.0-1080.87) xenial; urgency=medium

  * xenial/linux-kvm: 4.4.0-1080.87 -proposed tracker (LP: #1893423)

  [ Ubuntu: 4.4.0-190.220 ]

  * xenial/linux: 4.4.0-190.220 -proposed tracker (LP: #1893431)
  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts
  * [Hyper-V] VSS and File Copy daemons intermittently fails to start
    (LP: #1891224)
    - [Packaging] Bind hv_vss_daemon startup to hv_vss device
    - [Packaging] bind hv_fcopy_daemon startup to hv_fcopy device
  * CVE-2019-20811
    - net-sysfs: call dev_hold if kobject_init_and_add success
  * CVE-2020-0067
    - f2fs: fix to avoid memory leakage in f2fs_listxattr
  * CVE-2019-9453
    - f2fs: fix to avoid accessing xattr across the boundary
  * Xenial update: 4.4.233 upstream stable release (LP: #1892822)
    - media: rc: prevent memory leak in cx23888_ir_probe
    - ath9k_htc: release allocated buffer if timed out
    - ath9k: release allocated buffer if timed out
    - nfs: Move call to security_inode_listsecurity into nfs_listxattr
    - PCI/ASPM: Disable ASPM on ASMedia ASM1083/1085 PCIe-to-PCI bridge
    - drm/amdgpu: Prevent kernel-infoleak in amdgpu_info_ioctl()
    - drm: hold gem reference until object is no longer accessed
    - f2fs: check memory boundary by insane namelen
    - f2fs: check if file namelen exceeds max value
    - ARM: 8986/1: hw_breakpoint: Don't invoke overflow handler on uaccess
      watchpoints
    - fbdev: Detect integer underflow at "struct fbcon_ops"->clear_margins.
    - rds: Prevent kernel-infoleak in rds_notify_queue_get()
    - net/x25: Fix x25_neigh refcnt leak when x25 disconnect
    - net/x25: Fix null-ptr-deref in x25_disconnect
    - sh: Fix validation of system call number
    - net: lan78xx: add missing endpoint sanity check
    - net: lan78xx: fix transfer-buffer memory leak
    - mlxsw: core: Increase scope of RCU read-side critical section
    - mac80211: mesh: Free ie data when leaving mesh
    - nfc: s3fwrn5: add missing release on skb in s3fwrn5_recv_frame
    - net: ethernet: ravb: exit if re-initialization fails in tx timeout
    - Revert "i2c: cadence: Fix the hold bit setting"
    - xen-netfront: fix potential deadlock in xennet_remove()
    - x86/i8259: Use printk_deferred() to prevent deadlock
    - random32: update the net random state on interrupt and activity
    - ARM: percpu.h: fix build error
    - random: fix circular include dependency on arm64 after addition of percpu.h
    - random32: remove net_rand_state from the latent entropy gcc plugin
    - random32: move the pseudo-random 32-bit definitions to prandom.h
    - ext4: fix direct I/O read error
    - USB: serial: qcserial: add EM7305 QDL product ID
    - ALSA: seq: oss: Serialize ioctls
    - Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt()
    - Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_evt()
    - Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_with_rssi_evt()
    - vgacon: Fix for missing check in scrollback handling
    - mtd: properly check all write ioctls for permissions
    - net/9p: validate fds in p9_fd_open
    - drm/nouveau/fbcon: fix module unload when fbcon init has failed for some
      reason
    - cfg80211: check vendor command doit pointer before use
    - igb: reinit_locked() should be called with rtnl_lock
    - atm: fix atm_dev refcnt leaks in atmtcp_remove_persistent
    - tools lib traceevent: Fix memory leak in process_dynamic_array_len
    - binder: Prevent context manager from incrementing ref 0
    - ipv4: Silence suspicious RCU usage warning
    - ipv6: fix memory leaks on IPV6_ADDRFORM path
    - Revert "vxlan: fix tos value before xmit"
    - net: lan78xx: replace bogus endpoint lookup
    - usb: hso: check for return value in hso_serial_common_create()
    - vxlan: Ensure FDB dump is performed under RCU
    - Smack: fix use-after-free in smk_write_relabel_self()
    - tracepoint: Mark __tracepoint_string's __used
    - udp: drop corrupt packets earlier to avoid data corruption
    - gpio: fix oops resulting from calling of_get_named_gpio(NULL, ...)
    - EDAC: Fix reference count leaks
    - m68k: mac: Don't send IOP message until channel is idle
    - m68k: mac: Fix IOP status/control register writes
    - ARM: at91: pm: add missing put_device() call in at91_pm_sram_init()
    - ARM: socfpga: PM: add missing put_device() call in
      socfpga_setup_ocram_self_refresh()
    - drm/tilcdc: fix leak & null ref in panel_connector_get_modes
    - Bluetooth: add a mutex lock to avoid UAF in do_enale_set
    - fs/btrfs: Add cond_resched() for try_release_extent_mapping() stalls
    - drm/radeon: Fix reference count leaks caused by pm_runtime_get_sync
    - video: fbdev: neofb: fix memory leak in neo_scan_monitor()
    - drm/nouveau: fix multiple instances of reference count leaks
    - drm/debugfs: fix plain echo to connector "force" attribute
    - mm/mmap.c: Add cond_resched() for exit_mmap() CPU stalls
    - brcmfmac: To fix Bss Info flag definition Bug
    - iwlegacy: Check the return value of pcie_capability_read_*()
    - usb: gadget: net2280: fix memory leak on probe error handling paths
    - bdc: Fix bug causing crash after multiple disconnects
    - dyndbg: fix a BUG_ON in ddebug_describe_flags
    - bcache: fix super block seq numbers comparision in register_cache_set()
    - ACPICA: Do not increment operation_region reference counts for field units
    - agp/intel: Fix a memory leak on module initialisation failure
    - video: fbdev: sm712fb: fix an issue about iounmap for a wrong address
    - console: newport_con: fix an issue about leak related system resources
    - iio: improve IIO_CONCENTRATION channel type description
    - leds: lm355x: avoid enum conversion warning
    - media: omap3isp: Add missed v4l2_ctrl_handler_free() for
      preview_init_entities()
    - scsi: cumana_2: Fix different dev_id between request_irq() and free_irq()
    - drm/radeon: fix array o

  linux-kvm (4.4.0-1079.86) xenial; urgency=medium

  * xenial/linux-kvm: 4.4.0-1079.86 -proposed tracker (LP: #1890662)

  * Build and ship a signed wireguard.ko (LP: #1861284)
    - [Config] kvm: wireguard -- enable for all architectures

  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts
    - [Packaging] update update.conf
    - [Packaging] resync dkms-build and family

  [ Ubuntu: 4.4.0-189.219 ]

  * xenial/linux: 4.4.0-189.219 -proposed tracker (LP: #1891057)
  * Build and ship a signed wireguard.ko (LP: #1861284)
    - [Packaging] autoreconstruct -- manage executable debian files
    - [Packaging] dkms -- dkms package build packaging support
    - [Packaging] wireguard -- add support for building signed .ko
    - [Packaging] ignore wireguard modules when wireguard is disabled
    - [Config] update dkms package versions
    - [Config] wireguard -- enable for all architectures
  * ipsec: policy priority management is broken (LP: #1890796)
    - xfrm: policy: match with both mark and mask on user interfaces

  [ Ubuntu: 4.4.0-188.218 ]

  * xenial/linux: 4.4.0-188.218 -proposed tracker (LP: #1890670)
  * Xenial update: v4.4.232 upstream stable release (LP: #1889928)
    - pinctrl: amd: fix npins for uart0 in kerncz_groups
    - mac80211: allow rx of mesh eapol frames with default rx key
    - scsi: scsi_transport_spi: Fix function pointer check
    - xtensa: fix __sync_fetch_and_{and,or}_4 declarations
    - xtensa: update *pos in cpuinfo_op.next
    - drivers/net/wan/lapbether: Fixed the value of hard_header_len
    - net: sky2: initialize return of gm_phy_read
    - drm/nouveau/i2c/g94-: increase NV_PMGR_DP_AUXCTL_TRANSACTREQ timeout
    - SUNRPC reverting d03727b248d0 ("NFSv4 fix CLOSE not waiting for direct IO
      compeletion")
    - perf/core: Fix locking for children siblings group read
    - uprobes: Change handle_swbp() to send SIGTRAP with si_code=SI_KERNEL, to fix
      GDB regression
    - ALSA: info: Drop WARN_ON() from buffer NULL sanity check
    - ASoC: rt5670: Correct RT5670_LDO_SEL_MASK
    - btrfs: fix double free on ulist after backref resolution failure
    - x86/fpu: Disable bottom halves while loading FPU registers
    - btrfs: fix mount failure caused by race with umount
    - hippi: Fix a size used in a 'pci_free_consistent()' in an error handling
      path
    - ax88172a: fix ax88172a_unbind() failures
    - net: dp83640: fix SIOCSHWTSTAMP to update the struct with actual
      configuration
    - net: smc91x: Fix possible memory leak in smc_drv_probe()
    - scripts/decode_stacktrace: strip basepath from all paths
    - regmap: dev_get_regmap_match(): fix string comparison
    - usb: gadget: udc: gr_udc: fix memleak on error handling path in gr_ep_init()
    - arm64: Use test_tsk_thread_flag() for checking TIF_SINGLESTEP
    - x86: math-emu: Fix up 'cmp' insn for clang ias
    - Revert "cifs: Fix the target file was deleted when rename failed."
    - staging: wlan-ng: properly check endpoint types
    - staging: comedi: addi_apci_1032: check INSN_CONFIG_DIGITAL_TRIG shift
    - staging: comedi: ni_6527: fix INSN_CONFIG_DIGITAL_TRIG support
    - staging: comedi: addi_apci_1500: check INSN_CONFIG_DIGITAL_TRIG shift
    - staging: comedi: addi_apci_1564: check INSN_CONFIG_DIGITAL_TRIG shift
    - serial: 8250: fix null-ptr-deref in serial8250_start_tx()
    - serial: 8250_mtk: Fix high-speed baud rates clamping
    - mm/memcg: fix refcount error while moving and swapping
    - parisc: Add atomic64_set_release() define to avoid CPU soft lockups
    - ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb
    - ath9k: Fix regression with Atheros 9271
    - AX.25: Fix out-of-bounds read in ax25_connect()
    - AX.25: Prevent out-of-bounds read in ax25_sendmsg()
    - net-sysfs: add a newline when printing 'tx_timeout' by sysfs
    - net: udp: Fix wrong clean up for IS_UDPLITE macro
    - AX.25: Prevent integer overflows in connect and sendmsg
    - tcp: allow at most one TLP probe per flight
    - rxrpc: Fix sendmsg() returning EPIPE due to recvmsg() returning ENODATA
    - ip6_gre: fix null-ptr-deref in ip6gre_init_net()
    - drivers/net/wan/x25_asy: Fix to make it work
    - Makefile: Fix GCC_TOOLCHAIN_DIR prefix for Clang cross compilation
    - regmap: debugfs: check count when read regmap file
    - xfs: set format back to extents if xfs_bmap_extents_to_btree
    - tools/lib/subcmd/pager.c: do not alias select() params
    - perf: Make perf able to build with latest libbfd
    - perf tools: Fix snprint warnings for gcc 8
    - perf annotate: Use asprintf when formatting objdump command line
    - perf probe: Fix to check blacklist address correctly
    - Linux 4.4.232
  * Xenial update: v4.4.231 upstream stable release (LP: #1888690)
    - KVM: s390: reduce number of IO pins to 1
    - spi: spidev: fix a race between spidev_release and spidev_remove
    - spi: spidev: fix a potential use-after-free in spidev_release()
    - scsi: mptscsih: Fix read sense data size
    - net: cxgb4: fix return error value in t4_prep_fw
    - smsc95xx: check return value of smsc95xx_reset
    - smsc95xx: avoid memory leak in smsc95xx_bind
    - ALSA: compress: fix partial_drain completion state
    - arm64: kgdb: Fix single-step exception handling oops
    - ALSA: opl3: fix infoleak in opl3
    - ALSA: hda - let hs_mic be picked ahead of hp_mic
    - ALSA: usb-audio: add quirk for MacroSilicon MS2109
    - KVM: x86: bit 8 of non-leaf PDPEs is not reserved
    - Revert "ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb"
    - btrfs: fix fatal extent_buffer readahead vs releasepage race
    - drm/radeon: fix double free
    - ARC: entry: fix potential EFA clobber when TIF_SYSCALL_TRACE
    - ARC: elf: use right ELF_ARCH
    - bnxt_en: fix NULL dereference in case SR-IOV configuration fails
    - ipv4: fill fl4_icmp_{type,code} in ping_v4_sendmsg
    - l2tp: remove skb_dst_set() from l2tp_xmit_skb()
    - llc: make sure applications use