Package "linux-aws"

  linux-aws (4.4.0-1011.20) xenial; urgency=low

  * linux-aws: 4.4.0-1011.20 -proposed tracker (LP: #1674944)

  [ Ubuntu: 4.4.0-70.91 ]

  * linux: 4.4.0-70.91 -proposed tracker (LP: #1674938)
  * snaps with classic + jailmode confinement started to fail on zesty
    (LP: #1666897)
    - Revert "UBUNTU: SAUCE: apparmor: fix link auditing failure due to,
      uninitialized var"
    - Revert "UBUNTU: SAUCE: fix regression with domain change in complain mode"
    - Revert "UBUNTU: SAUCE: apparmor: flock mediation is not being enforced on
      cache check"
    - Revert "UBUNTU: SAUCE: apparmor: null profiles should inherit parent control
      flags"
    - Revert "UBUNTU: SAUCE: apparmor: fix ns ref count link when removing
      profiles from policy"
    - Revert "UBUNTU: SAUCE: apparmor: Fix no_new_privs blocking change_onexec
      when using stacked namespaces"
    - Revert "UBUNTU: SAUCE: apparmor: fix oops in bind_mnt when dev_path lookup
      fails"
    - Revert "UBUNTU: SAUCE: apparmor: Don't audit denied access of special
      apparmor .null file"
    - Revert "UBUNTU: SAUCE: apparmor: fix label leak when new label is unused"
    - Revert "UBUNTU: SAUCE: apparmor: fix reference count bug in
      label_merge_insert()"
    - Revert "UBUNTU: SAUCE: apparmor: fix replacement race in reading rawdata"
    - Revert "UBUNTU: SAUCE: apparmor: fix cross ns perm of unix domain sockets"

 -- Stefan Bader <email address hidden> Wed, 22 Mar 2017 10:08:02 +0100

  linux-aws (4.4.0-1010.19) xenial; urgency=low

  * linux-aws: 4.4.0-1010.19 -proposed tracker (LP: #1673220)

  [ Ubuntu: 4.4.0-69.90 ]

  * linux: 4.4.0-69.90 -proposed tracker (LP: #1673213)
  * [Xenial] net: better skb->sender_cpu and skb->napi_id cohabitation
    (LP: #1673303)
    - net: better skb->sender_cpu and skb->napi_id cohabitation

  [ Ubuntu: 4.4.0-68.89 ]

  * linux: 4.4.0-68.89 -proposed tracker (LP: #1673213)
  * lsattr 32bit does not work on 64bit kernel (Inappropriate ioctl error)
    (LP: #1619918)
    - btrfs: fix btrfs_compat_ioctl failures on non-compat ioctls
  * linux-tools-common should Depends: lsb-release (LP: #1667571)
    - [Config] linux-tools-common depends on lsb-release
  * Add Use-After-Free Patch for Ubuntu16.10 - EEH on BELL3 adapter fails to
    recover (serial/tty) (LP: #1669153)
    - 8250_pci: Fix potential use-after-free in error path
  * [Hyper-V] pci-hyperv: Use device serial number as PCI domain (LP: #1667527)
    - net/mlx4_core: Use cq quota in SRIOV when creating completion EQs
    - PCI: hv: Use device serial number as PCI domain
  * [Xenial - 16.04 ]Bonding driver - stack corruption when trying to copy 20
    bytes to a sockaddr (LP: #1668042)
    - net/bonding: Enforce active-backup policy for IPoIB bonds
  * Request to backport cxlflash patches to Xenial SRU stream (LP: #1623750)
    - scsi: cxlflash: Scan host only after the port is ready for I/O
    - scsi: cxlflash: Remove the device cleanly in the system shutdown path
    - scsi: cxlflash: Fix to avoid EEH and host reset collisions
    - scsi: cxlflash: Improve EEH recovery time
  * Xenial update to v4.4.52 stable release (LP: #1669016)
    - net/llc: avoid BUG_ON() in skb_orphan()
    - packet: fix races in fanout_add()
    - packet: Do not call fanout_release from atomic contexts
    - irda: Fix lockdep annotations in hashbin_delete().
    - ip: fix IP_CHECKSUM handling
    - net: socket: fix recvmmsg not returning error from sock_error
    - tty: serial: msm: Fix module autoload
    - USB: serial: mos7840: fix another NULL-deref at open
    - USB: serial: cp210x: add new IDs for GE Bx50v3 boards
    - USB: serial: ftdi_sio: fix modem-status error handling
    - USB: serial: ftdi_sio: fix extreme low-latency setting
    - USB: serial: ftdi_sio: fix line-status over-reporting
    - USB: serial: spcp8x5: fix modem-status handling
    - USB: serial: opticon: fix CTS retrieval at open
    - USB: serial: ark3116: fix register-accessor error handling
    - x86/platform/goldfish: Prevent unconditional loading
    - goldfish: Sanitize the broken interrupt handler
    - block: fix double-free in the failure path of cgwb_bdi_init()
    - rtlwifi: rtl_usb: Fix for URB leaking when doing ifconfig up/down
    - Revert "usb: chipidea: imx: enable CI_HDRC_SET_NON_ZERO_TTHA"
    - kvm: vmx: ensure VMCS is current while enabling PML
    - Linux 4.4.52
  * Xenial update to v4.4.51 stable release (LP: #1669015)
    - vfs: fix uninitialized flags in splice_to_pipe()
    - siano: make it work again with CONFIG_VMAP_STACK
    - fuse: fix use after free issue in fuse_dev_do_read()
    - scsi: don't BUG_ON() empty DMA transfers
    - Fix missing sanity check in /dev/sg
    - Input: elan_i2c - add ELAN0605 to the ACPI table
    - drm/radeon: Use mode h/vdisplay fields to hide out of bounds HW cursor
    - drm/dp/mst: fix kernel oops when turning off secondary monitor
    - futex: Move futex_init() to core_initcall
    - ARM: 8658/1: uaccess: fix zeroing of 64-bit get_user()
    - printk: use rcuidle console tracepoint
    - NTB: ntb_transport: fix debugfs_remove_recursive
    - ntb_transport: Pick an unused queue
    - bcache: Make gc wakeup sane, remove set_task_state()
    - mmc: core: fix multi-bit bus width without high-speed mode
    - Linux 4.4.51
  * Xenial update to v4.4.50 stable release (LP: #1666324)
    - can: Fix kernel panic at security_sock_rcv_skb
    - ipv6: fix ip6_tnl_parse_tlv_enc_lim()
    - ipv6: pointer math error in ip6_tnl_parse_tlv_enc_lim()
    - tcp: fix 0 divide in __tcp_select_window()
    - net: use a work queue to defer net_disable_timestamp() work
    - ipv4: keep skb->dst around in presence of IP options
    - netlabel: out of bound access in cipso_v4_validate()
    - ip6_gre: fix ip6gre_err() invalid reads
    - ipv6: tcp: add a missing tcp_v6_restore_cb()
    - tcp: avoid infinite loop in tcp_splice_read()
    - tun: read vnet_hdr_sz once
    - macvtap: read vnet_hdr_size once
    - mlx4: Invoke softirqs after napi_reschedule
    - sctp: avoid BUG_ON on sctp_wait_for_sndbuf
    - sit: fix a double free on error path
    - net: introduce device min_header_len
    - packet: round up linear to header len
    - ping: fix a null pointer dereference
    - l2tp: do not use udp_ioctl()
    - Linux 4.4.50
  * FlashGT Integration and Setup: fsbmc30: After 17th reboot of soft bootme,
    HTX & Linux errors seen with 256 virtual LUNs (LP: #1667239)
    - cxl: Fix coredump generation when cxl_get_fd() is used
  * [Hyper-V] Ubuntu 14.04.2 LTS Generation 2 SCSI Errors on VSS Based Backups
    (LP: #1470250)
    - Drivers: hv: vss: Operation timeouts should match host expectation
    - SAUCE: Tools: hv: vss: Thaw the filesystem and continue after freeze fails
  * kernel 4.4.0-63 with USB WLAN RTL8192CU freezes desktop (LP: #1666421)
    - rtlwifi: rtl_usb: Fix missing entry in USB driver's private data
  * Export symbol "dev_pm_qos_update_user_latency_tolerance" (LP: #1666401)
    - PM / QoS: Export dev_pm_qos_update_user_latency_tolerance
  * Linux ZFS port doesn't respect RLIMIT_FSIZE (LP: #1656259)
    - SAUCE: (noup) Update zfs to 0.6.5.6-0ubuntu16

 -- Thadeu Lima de Souza Cascardo <email address hidden> Mon, 20 Mar 2017 14:26:12 -0300

  linux-aws (4.4.0-1009.18) xenial; urgency=low

  [ Kamal Mostafa ]

  * Release Tracking Bug
    - LP: #1672505

  * aufs filesystem not available in linux-aws (LP: #1672464)
    - [config] AWS: aufs.ko moved to linux-image package

  linux-aws (4.4.0-1008.17) xenial; urgency=low

  [ Kamal Mostafa ]

  * Release Tracking Bug
    - LP: #1671237

  [ Ubuntu-4.4.0-67.88 ]

  * Recent KVM RTC cherry-picks break (some) Windows Live-Migrations
    (LP: #1668594)
    - kvm: x86: correctly reset dest_map->vector when restoring LAPIC state

  * Regression in 4.4.0-65-generic causes very frequent system crashes
    (LP: #1669611)
    - Revert "UBUNTU: SAUCE: apparmor: fix lock ordering for mkdir"
    - Revert "UBUNTU: SAUCE: apparmor: fix leak on securityfs pin count"
    - Revert "UBUNTU: SAUCE: apparmor: fix reference count leak when
      securityfs_setup_d_inode() fails"
    - Revert "UBUNTU: SAUCE: apparmor: fix not handling error case when
      securityfs_pin_fs() fails"

  * Upgrade Redpine RS9113 driver to support AP mode (LP: #1665211)
    - SAUCE: Redpine driver to support Host AP mode

  * NFS client : permission denied when trying to access subshare, since kernel
    4.4.0-31 (LP: #1649292)
    - fs: Better permission checking for submounts

  * [Hyper-V] SAUCE: pci-hyperv fixes for SR-IOV on Azure (LP: #1665097)
    - SAUCE: PCI: hv: Fix wslot_to_devfn() to fix warnings on device removal
    - SAUCE: pci-hyperv: properly handle pci bus remove
    - SAUCE: pci-hyperv: lock pci bus on device eject

  * [Hyper-V/Azure] Please include Mellanox OFED drivers in Azure kernel and
    image (LP: #1650058)
    - net/mlx4_en: Fix bad WQE issue
    - net/mlx4_core: Fix racy CQ (Completion Queue) free
    - net/mlx4_core: Fix when to save some qp context flags for dynamic VST to VGT
      transitions
    - net/mlx4_core: Avoid command timeouts during VF driver device shutdown

  * Xenial update to v4.4.49 stable release (LP: #1664960)
    - ARC: [arcompact] brown paper bag bug in unaligned access delay slot fixup
    - selinux: fix off-by-one in setprocattr
    - Revert "x86/ioapic: Restore IO-APIC irq_chip retrigger callback"
    - cpumask: use nr_cpumask_bits for parsing functions
    - hns: avoid stack overflow with CONFIG_KASAN
    - ARM: 8643/3: arm/ptrace: Preserve previous registers for short regset write
    - target: Don't BUG_ON during NodeACL dynamic -> explicit conversion
    - target: Use correct SCSI status during EXTENDED_COPY exception
    - target: Fix early transport_generic_handle_tmr abort scenario
    - target: Fix COMPARE_AND_WRITE ref leak for non GOOD status
    - ARM: 8642/1: LPAE: catch pending imprecise abort on unmask
    - mac80211: Fix adding of mesh vendor IEs
    - netvsc: Set maximum GSO size in the right place
    - scsi: zfcp: fix use-after-free by not tracing WKA port open/close on failed
      send
    - scsi: aacraid: Fix INTx/MSI-x issue with older controllers
    - scsi: mpt3sas: disable ASPM for MPI2 controllers
    - xen-netfront: Delete rx_refill_timer in xennet_disconnect_backend()
    - ALSA: seq: Fix race at creating a queue
    - ALSA: seq: Don't handle loop timeout at snd_seq_pool_done()
    - drm/i915: fix use-after-free in page_flip_completed()
    - Linux 4.4.49

  * NFS client : kernel 4.4.0-57 crash with nfsv4 enries in /etc/fstab
    (LP: #1650336)
    - SUNRPC: fix refcounting problems with auth_gss messages.

  * [0bda:0328] Card reader failed after S3 (LP: #1664809)
    - usb: hub: Wait for connection to be reestablished after port reset

  * linux-lts-xenial 4.4.0-63.84~14.04.2 ADT test failure with linux-lts-xenial
    4.4.0-63.84~14.04.2 (LP: #1664912)
    - SAUCE: apparmor: fix link auditing failure due to, uninitialized var

  * ibmvscsis: Add SGL LIMIT (LP: #1662551)
    - ibmvscsis: Add SGL limit

  * [Hyper-V] Bug fixes for storvsc (tagged queuing, error conditions)
    (LP: #1663687)
    - scsi: storvsc: Enable tracking of queue depth
    - scsi: storvsc: Remove the restriction on max segment size
    - scsi: storvsc: Enable multi-queue support
    - scsi: storvsc: use tagged SRB requests if supported by the device
    - scsi: storvsc: properly handle SRB_ERROR when sense message is present
    - scsi: storvsc: properly set residual data length on errors

  * ISST-LTE:pNV: ppc64_cpu command is hung w HDs, SSDs and NVMe (LP: #1662666)
    - blk-mq: Avoid memory reclaim when remapping queues
    - blk-mq: Fix failed allocation path when mapping queues

  * Possible missing firmware /lib/firmware/i915/kbl_dmc_ver1.bin for module
    i915_bpo (LP: #1624164)
    - SAUCE: i915_bpo: Remove MODULE_FIRMWARE statement for i915/kbl_dmc_ver1.bin

  * Intel I210 ethernet does not work both after S3 (LP: #1662763)
    - igb: implement igb_ptp_suspend
    - igb: call igb_ptp_suspend during suspend/resume cycle

  * [Hyper-V] Fix ring buffer handling to avoid host throttling (LP: #1661430)
    - Drivers: hv: vmbus: On write cleanup the logic to interrupt the host
    - Drivers: hv: vmbus: On the read path cleanup the logic to interrupt the host
    - Drivers: hv: vmbus: finally fix hv_need_to_signal_on_read()

  * brd module compiled as built-in (LP: #1593293)
    - [Config] CONFIG_BLK_DEV_RAM=m

  * regession tests failing after stackprofile test is run (LP: #1661030)
    - SAUCE: fix regression with domain change in complain mode

  * Permission denied and inconsistent behavior in complain mode with 'ip netns
    list' command (LP: #1648903)
    - SAUCE: fix regression with domain change in complain mode

  * flock not mediated by 'k' (LP: #1658219)
    - SAUCE: apparmor: flock mediation is not being enforced on cache check

  * unexpected errno=13 and disconnected path when trying to open /proc/1/ns/mnt
    from a unshared mount namespace (LP: #1656121)
    - SAUCE: apparmor: null profiles should inherit parent control flags

  * apparmor refcount leak of profile namespace when removing profiles
    (LP: #1660849)
    - SAUCE: apparmor: fix ns ref count link when removing profiles from policy

  * tor in lxd: apparmor="DENIED" operation="change_onexec"
    namespace="root//CONTAINERNAME_<var-lib-lxd>" profile="unconfined"
    name="system_tor" (LP: #1648143)

  linux-aws (4.4.0-1007.16) xenial; urgency=low

  [ Ubuntu: 4.4.0-66.87 ]

  * CVE-2017-2636
    - TTY: n_hdlc, fix lockdep false positive
    - tty: n_hdlc: get rid of racy n_hdlc.tbuf

 -- Stefan Bader <email address hidden> Sat, 04 Mar 2017 08:17:31 +0100