Package "linux-oem-osp1"

  linux-oem-osp1 (5.0.0-1071.77) bionic; urgency=medium

  [ Ubuntu: 5.0.0-63.69 ]

  * CVE-2020-8694
    - powercap: make attributes only readable by root
  * CVE-2020-12351 // CVE-2020-12352 // CVE-2020-24490
    - Bluetooth: Disable High Speed by default
    - Bluetooth: MGMT: Fix not checking if BT_HS is enabled
    - [Config] Disable BlueZ highspeed support
  * CVE-2020-12351
    - Bluetooth: L2CAP: Fix calling sk_filter on non-socket based channel
  * CVE-2020-12352
    - Bluetooth: A2MP: Fix not initializing all members

 -- Stefan Bader <email address hidden> Thu, 22 Oct 2020 11:47:24 +0200

  linux-oem-osp1 (5.0.0-1070.76) bionic; urgency=medium

  * bionic/linux-oem-osp1: 5.0.0-1070.76 -proposed tracker (LP: #1899961)

  * CVE-2020-12351 // CVE-2020-12352 // CVE-2020-24490
    - Bluetooth: Disable High Speed by default
    - Bluetooth: MGMT: Fix not checking if BT_HS is enabled
    - [Config] oem-osp1: Disable BlueZ highspeed support

  * CVE-2020-12351
    - Bluetooth: L2CAP: Fix calling sk_filter on non-socket based channel

  * CVE-2020-12352
    - Bluetooth: A2MP: Fix not initializing all members

  * Focal update: v5.4.56 upstream stable release (LP: #1891063) //
    CVE-2020-24490
    - Bluetooth: fix kernel oops in store_pending_adv_report

 -- Stefan Bader <email address hidden> Thu, 15 Oct 2020 16:11:14 +0200

  linux-oem-osp1 (5.0.0-1069.75) bionic; urgency=medium

  * Packaging resync (LP: #1786013)
    - [Packaging] update update.conf

  [ Ubuntu: 5.0.0-62.67 ]

  * Packaging resync (LP: #1786013)
    - [Packaging] update variants
  * CVE-2020-16119
    - SAUCE: dccp: avoid double free of ccid on child socket
  * CVE-2020-16120
    - Revert "UBUNTU: SAUCE: overlayfs: ensure mounter privileges when reading
      directories"
    - ovl: pass correct flags for opening real directory
    - ovl: switch to mounter creds in readdir
    - ovl: verify permissions in ovl_path_open()
    - ovl: call secutiry hook in ovl_real_ioctl()
    - ovl: check permission to open real file

 -- Thadeu Lima de Souza Cascardo <email address hidden> Mon, 28 Sep 2020 16:47:15 -0300

  linux-oem-osp1 (5.0.0-1068.73) bionic; urgency=medium

  * bionic/linux-oem-osp1: 5.0.0-1068.73 -proposed tracker (LP: #1894285)

  * CVE-2020-14386
    - SAUCE: net/packet: fix overflow in tpacket_rcv

 -- Kleber Sacilotto de Souza <email address hidden> Sun, 06 Sep 2020 11:56:27 +0200

  linux-oem-osp1 (5.0.0-1067.72) bionic; urgency=medium

  * bionic/linux-oem-osp1: 5.0.0-1067.72 -proposed tracker (LP: #1889723)

  * Packaging resync (LP: #1786013)
    - [Packaging] resync dkms-build and family

  [ Ubuntu: 5.0.0-60.64 ]

  * disco/linux: 5.0.0-60.64 -proposed tracker (LP: #1889602)
  * debian/scripts/file-downloader does not handle positive failures correctly
    (LP: #1878897)
    - [Packaging] file-downloader not handling positive failures correctly
  * dkms artifacts may expire from the pool (LP: #1850958)
    - [Packaging] autoreconstruct -- manage executable debian files
    - [packaging] handle downloads from the librarian better

  [ Ubuntu: 5.0.0-59.63 ]

  * disco/linux: 5.0.0-59.63 -proposed tracker (LP: #1888293)
  * net test from ubuntu_kernel_selftest will timeout on B-5.0 (LP: #1888381)
    - net/tls: fix lowat calculation if some data came from previous record
    - net/tls: fix no wakeup on partial reads
    - net/tls: fix poll ignoring partially copied records
  * Regression in kernel 4.15.0-91 causes kernel panic with Bcache
    (LP: #1867916)
    - bcache: check and adjust logical block size for backing devices
  * use-after-free in af_alg_accept() due to bh_lock_sock() (LP: #1884766)
    - crypto: af_alg - fix use-after-free in af_alg_accept() due to bh_lock_sock()
  * Disco update: upstream stable patchset 2020-07-08 (LP: #1886876)
    - ARM: dts: renesas: Fix IOMMU device node names
    - scsi: core: free sgtables in case command setup fails
    - arm64: dts: meson: fixup SCP sram nodes
    - powerpc/kasan: Fix stack overflow by increasing THREAD_SHIFT
    - pinctrl: ocelot: Fix GPIO interrupt decoding on Jaguar2
    - clk: renesas: cpg-mssr: Fix STBCR suspend/resume handling
    - coresight: tmc: Fix TMC mode read in tmc_read_prepare_etb()
    - scsi: hisi_sas: Do not reset phy timer to wait for stray phy up
    - PCI: pci-bridge-emul: Fix PCIe bit conflicts
    - usb: gadget: core: sync interrupt before unbind the udc
    - clk: zynqmp: fix memory leak in zynqmp_register_clocks
    - scsi: vhost: Notify TCM about the maximum sg entries supported per command
    - IB/mlx5: Fix DEVX support for MLX5_CMD_OP_INIT2INIT_QP command
    - cifs: set up next DFS target before generic_ip_connect()
    - ASoC: qcom: q6asm-dai: kCFI fix
    - sparc32: mm: Don't try to free page-table pages if ctor() fails
    - net: dsa: lantiq_gswip: fix and improve the unsupported interface error
    - bpf, sockhash: Fix memory leak when unlinking sockets in sock_hash_free
    - RDMA/mlx5: Fix udata response upon SRQ creation
    - clk: meson: meson8b: Fix the polarity of the RESET_N lines
    - clk: meson: meson8b: Fix the vclk_div{1, 2, 4, 6, 12}_en gate bits
    - gpio: pca953x: fix handling of automatic address incrementing
    - ASoC: max98373: reorder max98373_reset() in resume
    - soundwire: slave: don't init debugfs on device registration error
    - arm64: dts: msm8996: Fix CSI IRQ types
    - scsi: target: loopback: Fix READ with data and sensebytes
    - SoC: rsnd: add interrupt support for SSI BUSIF buffer
    - ASoC: ux500: mop500: Fix some refcounted resources issues
    - ASoC: ti: omap-mcbsp: Fix an error handling path in 'asoc_mcbsp_probe()'
    - ALSA: usb-audio: Add duplex sound support for USB devices using implicit
      feedback
    - RDMA/hns: Fix cmdq parameter of querying pf timer resource
    - firmware: imx: scu: Fix possible memory leak in imx_scu_probe()
    - PCI: amlogic: meson: Don't use FAST_LINK_MODE to set up link
    - KVM: PPC: Book3S: Fix some RCU-list locks
    - input: i8042 - Remove special PowerPC handling
    - drm/nouveau/disp/gm200-: fix NV_PDISP_SOR_HDMI2_CTRL(n) selection
    - net: marvell: Fix OF_MDIO config check
    - bpf/sockmap: Fix kernel panic at __tcp_bpf_recvmsg
    - bpf, sockhash: Synchronize delete from bucket list on map free
    - nfs: set invalid blocks after NFSv4 writes
    - powerpc: Fix kernel crash in show_instructions() w/DEBUG_VIRTUAL
    - bnxt_en: Return from timer if interface is not in open state.
    - scsi: ufs-bsg: Fix runtime PM imbalance on error
    - jbd2: clean __jbd2_journal_abort_hard() and __journal_abort_soft()
    - drm/amd/display: Use swap() where appropriate
    - drm/msm: Check for powered down HW in the devfreq callbacks
    - drm/connector: notify userspace on hotplug after register complete
  * Disco update: upstream stable patchset 2020-07-02 (LP: #1886105)
    - power: supply: bq24257_charger: Replace depends on REGMAP_I2C with select
    - clk: sunxi: Fix incorrect usage of round_down()
    - ASoC: tegra: tegra_wm8903: Support nvidia, headset property
    - i2c: piix4: Detect secondary SMBus controller on AMD AM4 chipsets
    - iio: pressure: bmp280: Tolerate IRQ before registering
    - remoteproc: Fix IDR initialisation in rproc_alloc()
    - clk: qcom: msm8916: Fix the address location of pll->config_reg
    - backlight: lp855x: Ensure regulators are disabled on probe failure
    - ASoC: davinci-mcasp: Fix dma_chan refcnt leak when getting dma type
    - ARM: integrator: Add some Kconfig selections
    - scsi: qedi: Check for buffer overflow in qedi_set_path()
    - ALSA: hda/realtek - Introduce polarity for micmute LED GPIO
    - ALSA: isa/wavefront: prevent out of bounds write in ioctl
    - PCI: Allow pci_resize_resource() for devices on root bus
    - scsi: qla2xxx: Fix issue with adapter's stopping state
    - iio: bmp280: fix compensation of humidity
    - f2fs: report delalloc reserve as non-free in statfs for project quota
    - i2c: pxa: clear all master action bits in i2c_pxa_stop_message()
    - clk: samsung: Mark top ISP and CAM clocks on Exynos542x as critical
    - usblp: poison URBs upon disconnect
    - serial: 8250: Fix max baud limit in generic 8250 port
    - dm mpath: switch paths in dm_blk_ioctl() code path
    - PCI: aardvark: Don't blindly enable ASPM L0s and don't write to read-only
      register
    - ps3disk: use the default segment boundar