[ubuntu/xenial-security] libreoffice 1:5.1.6~rc2-0ubuntu1~xenial3 (Accepted)

[Chris Coulson]

libreoffice (1:5.1.6~rc2-0ubuntu1~xenial3) xenial-security; urgency=medium

  [ Marc Deslauriers ]

  * SECURITY UPDATE: remote arbitrary file disclosure vulnerability using
WEBSERVICE
- debian/patches/CVE-2018-6871-1.patch: limit WEBSERVICE to http[s]
  protocols.
- debian/patches/CVE-2018-6871-2.patch: better handle ScDde formulas
  with missing dde-link entries.
- debian/patches/CVE-2018-6871-3.patch: handle ocWebservice similarly
  to ocDde.
- debian/patches/CVE-2018-6871-4.patch: CheckLinkFormulaNeedingCheck()
  for .xls and .xlsx formula cells.
- debian/patches/CVE-2018-6871-5.patch: CheckLinkFormulaNeedingCheck()
  for conditional format expressions
- debian/patches/CVE-2018-6871-6.patch: CheckLinkFormulaNeedingCheck()
  for named expressions
- debian/patches/CVE-2018-6871-7.patch: fix for DDE link update via
  Function Wizard
- CVE-2018-6871
  * SECURITY UPDATE: use-after-free in SwRootFrame
- debian/patches/layout-footnote-use-after-free.diff: fix layout
  footnote use-after-free in SwRootFrame.
- No CVE number.

Date: 2018-02-19 16:33:12.783974+00:00
Changed-By: Olivier Tilloy 
Signed-By: Chris Coulson 
https://launchpad.net/ubuntu/+source/libreoffice/1:5.1.6~rc2-0ubuntu1~xenial3
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] linux-meta-hwe 4.13.0.36.55 (Accepted)

[Łukasz Zemczak]

linux-meta-hwe (4.13.0.36.55) xenial; urgency=medium

  * Bump ABI 4.13.0-36

linux-meta-hwe (4.13.0.35.54) xenial; urgency=medium

  * Bump ABI 4.13.0-35

linux-meta-hwe (4.13.0.33.53) xenial; urgency=medium

  * Bump ABI 4.13.0-33

Date: 2018-02-16 23:22:51.703806+00:00
Changed-By: Kamal Mostafa 
Signed-By: Łukasz Zemczak 
https://launchpad.net/ubuntu/+source/linux-meta-hwe/4.13.0.36.55
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] libreoffice 1:5.1.6~rc2-0ubuntu1~xenial3 (Accepted)

[Ubuntu Archive Robot]

libreoffice (1:5.1.6~rc2-0ubuntu1~xenial3) xenial-security; urgency=medium

  [ Marc Deslauriers ]

  * SECURITY UPDATE: remote arbitrary file disclosure vulnerability using
WEBSERVICE
- debian/patches/CVE-2018-6871-1.patch: limit WEBSERVICE to http[s]
  protocols.
- debian/patches/CVE-2018-6871-2.patch: better handle ScDde formulas
  with missing dde-link entries.
- debian/patches/CVE-2018-6871-3.patch: handle ocWebservice similarly
  to ocDde.
- debian/patches/CVE-2018-6871-4.patch: CheckLinkFormulaNeedingCheck()
  for .xls and .xlsx formula cells.
- debian/patches/CVE-2018-6871-5.patch: CheckLinkFormulaNeedingCheck()
  for conditional format expressions
- debian/patches/CVE-2018-6871-6.patch: CheckLinkFormulaNeedingCheck()
  for named expressions
- debian/patches/CVE-2018-6871-7.patch: fix for DDE link update via
  Function Wizard
- CVE-2018-6871
  * SECURITY UPDATE: use-after-free in SwRootFrame
- debian/patches/layout-footnote-use-after-free.diff: fix layout
  footnote use-after-free in SwRootFrame.
- No CVE number.

Date: 2018-02-19 16:33:12.783974+00:00
Changed-By: Olivier Tilloy 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/libreoffice/1:5.1.6~rc2-0ubuntu1~xenial3
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-security] linux-oem 4.13.0-1021.23 (Accepted)

[Łukasz Zemczak]

linux-oem (4.13.0-1021.23) xenial; urgency=low

  * linux-oem: 4.13.0-1021.23 -proposed tracker (LP: #1748481)

  * Intel 9462 A370:42A4 doesn't work (LP: #1748853)
- SAUCE: iwlwifi: Adding missing id A370:42A4

  * headset mic can't be detected on two Dell machines (LP: #1748807)
- ALSA: hda/realtek - Support headset mode for ALC215/ALC285/ALC289
- ALSA: hda - Fix headset mic detection problem for two Dell machines

  * [linux-oem] Use I2C transport for touchpad on Precision M5530 (LP: #1746661)
- SAUCE: ACPI: Parse entire table as a term_list for Dell XPS 9570 and
  Precision M5530

  * QCA9377 requires more IRAM banks for its new firmware (LP: #1748345)
- SAUCE: ath10k: change QCA9377 IRAM back to 9

  * TrackPoint: middle button doesn't work on TrackPoint-compatible device.
(LP: #1746002)
- Input: trackpoint - force 3 buttons if 0 button is reported

  * [linux-oem] Fix out of bound VBT pin on CNP (LP: #1746411)
- drm/i914/bios: amend child device config parameters
- drm/i915/bios: document BDB versions of child device config fields
- drm/i915/bios: remove the raw version of child device config
- drm/i915/bios: add legacy contents to common child device config
- drm/i915/bios: throw away high level child device union
- drm/i915/bios: throw away struct old_child_dev_config
- drm/i915/bios: document child device config dvo_port values a bit better
- drm/i915/bios: group device type definitions together
- drm/i915/bios: throw away unused DVO_* macros
- drm/i915/bios: drop the rest of the p_ prefixes from pointers
- drm/i915/cnl: Don't trust VBT's alternate pin for port D for now.
- drm/i915/cnl: Map VBT DDC Pin to BSpec DDC Pin.
- drm/i915/bios: split up iboost to hdmi and dp bitfields
- drm/i915/bios: add DP max link rate to VBT child device struct
- drm/i915/cnp: Ignore VBT request for know invalid DDC pin.
- drm/i915/cnp: Properly handle VBT ddc pin out of bounds.

  * Miscellaneous upstream changes
- Rebase to 4.13.0-35.39
- [Config] update configs following rebase to 4.13.0-35.39
- [oem config] Keep ignoring retpoline

  [ Ubuntu: 4.13.0-35.39 ]

  * linux: 4.13.0-35.39 -proposed tracker (LP: #1748743)
  * CVE-2017-5715 (Spectre v2 Intel)
- Revert "UBUNTU: SAUCE: turn off IBPB when full retpoline is present"
- SAUCE: turn off IBRS when full retpoline is present
- [Packaging] retpoline files must be sorted
- [Packaging] pull in retpoline files

  [ Ubuntu: 4.13.0-34.37 ]

  * linux: 4.13.0-34.37 -proposed tracker (LP: #1748475)
  * libata: apply MAX_SEC_1024 to all LITEON EP1 series devices (LP: #1743053)
- libata: apply MAX_SEC_1024 to all LITEON EP1 series devices
  * KVM patches for s390x to provide facility bits 81 (ppa15) and 82 (bpb)
(LP: #1747090)
- KVM: s390: wire up bpb feature
  * artful 4.13 i386 kernels crash after memory hotplug remove (LP: #1747069)
- Revert "mm, memory_hotplug: do not associate hotadded memory to zones 
until
  online"
  * CVE-2017-5715 (Spectre v2 Intel)
- x86/feature: Enable the x86 feature to control Speculation
- x86/feature: Report presence of IBPB and IBRS control
- x86/enter: MACROS to set/clear IBRS and set IBPB
- x86/enter: Use IBRS on syscall and interrupts
- x86/idle: Disable IBRS entering idle and enable it on wakeup
- x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup
- x86/mm: Set IBPB upon context switch
- x86/mm: Only set IBPB when the new thread cannot ptrace current thread
- x86/entry: Stuff RSB for entry to kernel for non-SMEP platform
- x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm
- x86/kvm: Set IBPB when switching VM
- x86/kvm: Toggle IBRS on VM entry and exit
- x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature
- x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control
- x86/cpu/AMD: Add speculative control support for AMD
- x86/microcode: Extend post microcode reload to support IBPB feature
- KVM: SVM: Do not intercept new speculative control MSRs
- x86/svm: Set IBRS value on VM entry and exit
- x86/svm: Set IBPB when running a different VCPU
- KVM: x86: Add speculative control CPUID support for guests
- SAUCE: turn off IBPB when full retpoline is present
  * Artful 4.13 fixes for tun (LP: #1748846)
- tun: call dev_get_valid_name() before register_netdevice()
- tun: allow positive return values on dev_get_valid_name() call
- tun/tap: sanitize TUNSETSNDBUF input
  * boot failure on AMD Raven + WestonXT (LP: #1742759)
- SAUCE: drm/amdgpu: add atpx quirk handling (v2)

  [ Ubuntu: 4.13.0-33.36 ]

  * linux: 4.13.0-33.36 -proposed tracker (LP: #1746903)
  * starting VMs causing retpoline4 to reboot (LP: #1747507) // CVE-2017-5715
(Spectre v2 retpoline)
- x86/retpoline: Fill RSB on context switch for affected CPUs
- x86/retpoline: Add 

[ubuntu/xenial-updates] linux-meta-raspi2 4.4.0.1085.85 (Accepted)

[Łukasz Zemczak]

linux-meta-raspi2 (4.4.0.1085.85) xenial; urgency=medium

  * Bump ABI 4.4.0-1085

linux-meta-raspi2 (4.4.0.1084.84) xenial; urgency=medium

  * Bump ABI 4.4.0-1084

linux-meta-raspi2 (4.4.0.1083.83) xenial; urgency=medium

  * Bump ABI 4.4.0-1083

Date: 2018-02-13 09:44:24.489811+00:00
Changed-By: Stefan Bader 
Signed-By: Łukasz Zemczak 
https://launchpad.net/ubuntu/+source/linux-meta-raspi2/4.4.0.1085.85
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] linux-signed-hwe 4.13.0-36.40~16.04.1 (Accepted)

[Łukasz Zemczak]

linux-signed-hwe (4.13.0-36.40~16.04.1) xenial; urgency=medium

  * Master version: 4.13.0-36.40~16.04.1

linux-signed-hwe (4.13.0-35.39~16.04.1) xenial; urgency=medium

  * Master version: 4.13.0-35.39~16.04.1

linux-signed-hwe (4.13.0-33.36~16.04.1) xenial; urgency=medium

  * Master version: 4.13.0-33.36~16.04.1

Date: 2018-02-16 23:22:54.455755+00:00
Changed-By: Kamal Mostafa 
Signed-By: Łukasz Zemczak 
https://launchpad.net/ubuntu/+source/linux-signed-hwe/4.13.0-36.40~16.04.1
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-security] linux-meta-aws 4.4.0.1052.54 (Accepted)

[Łukasz Zemczak]

linux-meta-aws (4.4.0.1052.54) xenial; urgency=medium

  * Bump ABI 4.4.0-1052

linux-meta-aws (4.4.0.1051.53) xenial; urgency=medium

  * Bump ABI 4.4.0-1051

linux-meta-aws (4.4.0.1050.52) xenial; urgency=medium

  * Bump ABI 4.4.0-1050

Date: 2018-02-12 22:59:07.790994+00:00
Changed-By: Kamal Mostafa 
Signed-By: Łukasz Zemczak 
https://launchpad.net/ubuntu/+source/linux-meta-aws/4.4.0.1052.54
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] linux-meta-gcp 4.13.0.1011.13 (Accepted)

[Łukasz Zemczak]

linux-meta-gcp (4.13.0.1011.13) xenial; urgency=medium

  * Bump ABI 4.13.0-1011

linux-meta-gcp (4.13.0.1010.12) xenial; urgency=medium

  * Bump ABI 4.13.0-1010

linux-meta-gcp (4.13.0.1009.11) xenial; urgency=medium

  * Bump ABI 4.13.0-1009

Date: 2018-02-12 17:22:17.39+00:00
Changed-By: Stefan Bader 
Signed-By: Łukasz Zemczak 
https://launchpad.net/ubuntu/+source/linux-meta-gcp/4.13.0.1011.13
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] linux-signed-oem 4.13.0-1021.23 (Accepted)

[Łukasz Zemczak]

linux-signed-oem (4.13.0-1021.23) xenial; urgency=medium

  * Master version: 4.13.0-1021.23

linux-signed-oem (4.13.0-1021.22) xenial; urgency=medium

  * Master version: 4.13.0-1021.22

Date: 2018-02-13 12:24:13.448887+00:00
Changed-By: Timo Aaltonen 
Signed-By: Łukasz Zemczak 
https://launchpad.net/ubuntu/+source/linux-signed-oem/4.13.0-1021.23
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-security] linux-raspi2 4.4.0-1085.93 (Accepted)

[Łukasz Zemczak]

linux-raspi2 (4.4.0-1085.93) xenial; urgency=medium

  * linux-raspi2: 4.4.0-1085.93 -proposed tracker (LP: #1749094)

  [ Ubuntu: 4.4.0-116.140 ]

  * linux: 4.4.0-116.140 -proposed tracker (LP: #1748990)
  * BUG: unable to handle kernel NULL pointer dereference at 0009
(LP: #1748671)
- SAUCE: net: ipv4: fix for a race condition in raw_sendmsg -- fix backport

linux-raspi2 (4.4.0-1084.92) xenial; urgency=medium

  * linux-raspi2: 4.4.0-1084.92 -proposed tracker (LP: #1748493)

  [ Ubuntu: 4.4.0-115.139 ]

  * linux: 4.4.0-115.138 -proposed tracker (LP: #1748745)
  * CVE-2017-5715 (Spectre v2 Intel)
- Revert "UBUNTU: SAUCE: turn off IBPB when full retpoline is present"
- SAUCE: turn off IBRS when full retpoline is present
- [Packaging] retpoline files must be sorted
- [Packaging] pull in retpoline files

  [ Ubuntu: 4.4.0-114.137 ]

  * linux: 4.4.0-114.137 -proposed tracker (LP: #1748484)
  * ALSA backport missing NVIDIA GPU codec IDs to patch table to
Ubuntu 16.04 LTS Kernel (LP: #1744117)
- ALSA: hda - Add missing NVIDIA GPU codec IDs to patch table
  * Shutdown hang on 16.04 with iscsi targets (LP: #1569925)
- scsi: libiscsi: Allow sd_shutdown on bad transport
  * libata: apply MAX_SEC_1024 to all LITEON EP1 series devices (LP: #1743053)
- libata: apply MAX_SEC_1024 to all LITEON EP1 series devices
  * KVM patches for s390x to provide facility bits 81 (ppa15) and 82 (bpb)
(LP: #1747090)
- KVM: s390: wire up bpb feature
- KVM: s390: Enable all facility bits that are known good for passthrough
  * CVE-2017-5715 (Spectre v2 Intel)
- SAUCE: drop lingering gmb() macro
- x86/feature: Enable the x86 feature to control Speculation
- x86/feature: Report presence of IBPB and IBRS control
- x86/enter: MACROS to set/clear IBRS and set IBPB
- x86/enter: Use IBRS on syscall and interrupts
- x86/idle: Disable IBRS entering idle and enable it on wakeup
- x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup
- x86/mm: Set IBPB upon context switch
- x86/mm: Only set IBPB when the new thread cannot ptrace current thread
- x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm
- x86/kvm: Set IBPB when switching VM
- x86/kvm: Toggle IBRS on VM entry and exit
- x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature
- x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control
- x86/cpu/amd, kvm: Satisfy guest kernel reads of IC_CFG MSR
- x86/cpu/AMD: Add speculative control support for AMD
- x86/microcode: Extend post microcode reload to support IBPB feature
- KVM: SVM: Do not intercept new speculative control MSRs
- x86/svm: Set IBRS value on VM entry and exit
- x86/svm: Set IBPB when running a different VCPU
- KVM: x86: Add speculative control CPUID support for guests
- SAUCE: Fix spec_ctrl support in KVM
- SAUCE: turn off IBPB when full retpoline is present

linux-raspi2 (4.4.0-1083.91) xenial; urgency=low

  * linux-raspi2: 4.4.0-1083.91 -proposed tracker (LP: #1746941)


  [ Ubuntu: 4.4.0-113.136 ]

  * linux: 4.4.0-113.136 -proposed tracker (LP: #1746936)
  * Missing install-time driver for QLogic QED 25/40/100Gb Ethernet NIC
(LP: #1743638)
- [d-i] Add qede to nic-modules udeb
  * CVE-2017-5753 (Spectre v1 Intel)
- x86/cpu/AMD: Make the LFENCE instruction serialized
- x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature
- SAUCE: reinstate MFENCE_RDTSC feature definition
- locking/barriers: introduce new observable speculation barrier
- bpf: prevent speculative execution in eBPF interpreter
- x86, bpf, jit: prevent speculative execution when JIT is enabled
- SAUCE: FIX: x86, bpf, jit: prevent speculative execution when JIT is 
enabled
- carl9170: prevent speculative execution
- qla2xxx: prevent speculative execution
- Thermal/int340x: prevent speculative execution
- ipv4: prevent speculative execution
- ipv6: prevent speculative execution
- fs: prevent speculative execution
- net: mpls: prevent speculative execution
- udf: prevent speculative execution
- userns: prevent speculative execution
- SAUCE: claim mitigation via observable speculation barrier
- SAUCE: powerpc: add osb barrier
- SAUCE: s390/spinlock: add osb memory barrier
- SAUCE: arm64: no osb() implementation yet
- SAUCE: arm: no osb() implementation yet
  * CVE-2017-5715 (Spectre v2 retpoline)
- x86/cpuid: Provide get_scattered_cpuid_leaf()
- x86/cpu: Factor out application of forced CPU caps
- x86/cpufeatures: Make CPU bugs sticky
- x86/cpufeatures: Add X86_BUG_CPU_INSECURE
- x86/cpu, x86/pti: Do not enable PTI on AMD processors
- x86/pti: Rename BUG_CPU_INSECURE to BUG_CPU_MELTDOWN
- x86/cpufeatures: Add X86_BUG_SPECTRE_V[12]
- x86/cpu: Merge bugs.c and bugs_64.c
- sysfs/cpu: Add vulnerability folder
- x86/cpu: 

[ubuntu/xenial-security] linux-signed 4.4.0-116.140 (Accepted)

[Łukasz Zemczak]

linux-signed (4.4.0-116.140) xenial; urgency=medium

  * Version 4.4.0-116.140

linux-signed (4.4.0-115.138) xenial; urgency=medium

  * Version 4.4.0-115.138

linux-signed (4.4.0-114.137) xenial; urgency=medium

  * Version 4.4.0-114.137

linux-signed (4.4.0-113.136) xenial; urgency=medium

  * Version 4.4.0-113.136

Date: 2018-02-12 21:19:25.925684+00:00
Changed-By: Khaled El Mously 
Signed-By: Łukasz Zemczak 
https://launchpad.net/ubuntu/+source/linux-signed/4.4.0-116.140
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] linux 4.4.0-116.140 (Accepted)

[Łukasz Zemczak]

linux (4.4.0-116.140) xenial; urgency=medium

  * linux: 4.4.0-116.140 -proposed tracker (LP: #1748990)

  * BUG: unable to handle kernel NULL pointer dereference at 0009
(LP: #1748671)
- SAUCE: net: ipv4: fix for a race condition in raw_sendmsg -- fix backport

linux (4.4.0-115.139) xenial; urgency=medium

  * linux: 4.4.0-115.138 -proposed tracker (LP: #1748745)

  * CVE-2017-5715 (Spectre v2 Intel)
- Revert "UBUNTU: SAUCE: turn off IBPB when full retpoline is present"
- SAUCE: turn off IBRS when full retpoline is present
- [Packaging] retpoline files must be sorted
- [Packaging] pull in retpoline files

linux (4.4.0-114.137) xenial; urgency=medium

  * linux: 4.4.0-114.137 -proposed tracker (LP: #1748484)

  * ALSA backport missing NVIDIA GPU codec IDs to patch table to
Ubuntu 16.04 LTS Kernel (LP: #1744117)
- ALSA: hda - Add missing NVIDIA GPU codec IDs to patch table

  * Shutdown hang on 16.04 with iscsi targets (LP: #1569925)
- scsi: libiscsi: Allow sd_shutdown on bad transport

  * libata: apply MAX_SEC_1024 to all LITEON EP1 series devices (LP: #1743053)
- libata: apply MAX_SEC_1024 to all LITEON EP1 series devices

  * KVM patches for s390x to provide facility bits 81 (ppa15) and 82 (bpb)
(LP: #1747090)
- KVM: s390: wire up bpb feature
- KVM: s390: Enable all facility bits that are known good for passthrough

  * CVE-2017-5715 (Spectre v2 Intel)
- SAUCE: drop lingering gmb() macro
- x86/feature: Enable the x86 feature to control Speculation
- x86/feature: Report presence of IBPB and IBRS control
- x86/enter: MACROS to set/clear IBRS and set IBPB
- x86/enter: Use IBRS on syscall and interrupts
- x86/idle: Disable IBRS entering idle and enable it on wakeup
- x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup
- x86/mm: Set IBPB upon context switch
- x86/mm: Only set IBPB when the new thread cannot ptrace current thread
- x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm
- x86/kvm: Set IBPB when switching VM
- x86/kvm: Toggle IBRS on VM entry and exit
- x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature
- x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control
- x86/cpu/amd, kvm: Satisfy guest kernel reads of IC_CFG MSR
- x86/cpu/AMD: Add speculative control support for AMD
- x86/microcode: Extend post microcode reload to support IBPB feature
- KVM: SVM: Do not intercept new speculative control MSRs
- x86/svm: Set IBRS value on VM entry and exit
- x86/svm: Set IBPB when running a different VCPU
- KVM: x86: Add speculative control CPUID support for guests
- SAUCE: Fix spec_ctrl support in KVM
- SAUCE: turn off IBPB when full retpoline is present

linux (4.4.0-113.136) xenial; urgency=low

  * linux: 4.4.0-113.136 -proposed tracker (LP: #1746936)

  [ Stefan Bader ]
  * Missing install-time driver for QLogic QED 25/40/100Gb Ethernet NIC
(LP: #1743638)
- [d-i] Add qede to nic-modules udeb

  * CVE-2017-5753 (Spectre v1 Intel)
- x86/cpu/AMD: Make the LFENCE instruction serialized
- x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature
- SAUCE: reinstate MFENCE_RDTSC feature definition
- locking/barriers: introduce new observable speculation barrier
- bpf: prevent speculative execution in eBPF interpreter
- x86, bpf, jit: prevent speculative execution when JIT is enabled
- SAUCE: FIX: x86, bpf, jit: prevent speculative execution when JIT is 
enabled
- carl9170: prevent speculative execution
- qla2xxx: prevent speculative execution
- Thermal/int340x: prevent speculative execution
- ipv4: prevent speculative execution
- ipv6: prevent speculative execution
- fs: prevent speculative execution
- net: mpls: prevent speculative execution
- udf: prevent speculative execution
- userns: prevent speculative execution
- SAUCE: claim mitigation via observable speculation barrier
- SAUCE: powerpc: add osb barrier
- SAUCE: s390/spinlock: add osb memory barrier
- SAUCE: arm64: no osb() implementation yet
- SAUCE: arm: no osb() implementation yet

  * CVE-2017-5715 (Spectre v2 retpoline)
- x86/cpuid: Provide get_scattered_cpuid_leaf()
- x86/cpu: Factor out application of forced CPU caps
- x86/cpufeatures: Make CPU bugs sticky
- x86/cpufeatures: Add X86_BUG_CPU_INSECURE
- x86/cpu, x86/pti: Do not enable PTI on AMD processors
- x86/pti: Rename BUG_CPU_INSECURE to BUG_CPU_MELTDOWN
- x86/cpufeatures: Add X86_BUG_SPECTRE_V[12]
- x86/cpu: Merge bugs.c and bugs_64.c
- sysfs/cpu: Add vulnerability folder
- x86/cpu: Implement CPU vulnerabilites sysfs functions
- x86/alternatives: Add missing '\n' at end of ALTERNATIVE inline asm
- x86/mm/32: Move setup_clear_cpu_cap(X86_FEATURE_PCID) earlier
- x86/asm: Use register variable to get stack pointer value
- x86/kbuild: 

[ubuntu/xenial-security] linux-meta-hwe 4.13.0.36.55 (Accepted)

[Łukasz Zemczak]

linux-meta-hwe (4.13.0.36.55) xenial; urgency=medium

  * Bump ABI 4.13.0-36

linux-meta-hwe (4.13.0.35.54) xenial; urgency=medium

  * Bump ABI 4.13.0-35

linux-meta-hwe (4.13.0.33.53) xenial; urgency=medium

  * Bump ABI 4.13.0-33

Date: 2018-02-16 23:22:51.703806+00:00
Changed-By: Kamal Mostafa 
Signed-By: Łukasz Zemczak 
https://launchpad.net/ubuntu/+source/linux-meta-hwe/4.13.0.36.55
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-security] linux 4.4.0-116.140 (Accepted)

[Łukasz Zemczak]

linux (4.4.0-116.140) xenial; urgency=medium

  * linux: 4.4.0-116.140 -proposed tracker (LP: #1748990)

  * BUG: unable to handle kernel NULL pointer dereference at 0009
(LP: #1748671)
- SAUCE: net: ipv4: fix for a race condition in raw_sendmsg -- fix backport

linux (4.4.0-115.139) xenial; urgency=medium

  * linux: 4.4.0-115.138 -proposed tracker (LP: #1748745)

  * CVE-2017-5715 (Spectre v2 Intel)
- Revert "UBUNTU: SAUCE: turn off IBPB when full retpoline is present"
- SAUCE: turn off IBRS when full retpoline is present
- [Packaging] retpoline files must be sorted
- [Packaging] pull in retpoline files

linux (4.4.0-114.137) xenial; urgency=medium

  * linux: 4.4.0-114.137 -proposed tracker (LP: #1748484)

  * ALSA backport missing NVIDIA GPU codec IDs to patch table to
Ubuntu 16.04 LTS Kernel (LP: #1744117)
- ALSA: hda - Add missing NVIDIA GPU codec IDs to patch table

  * Shutdown hang on 16.04 with iscsi targets (LP: #1569925)
- scsi: libiscsi: Allow sd_shutdown on bad transport

  * libata: apply MAX_SEC_1024 to all LITEON EP1 series devices (LP: #1743053)
- libata: apply MAX_SEC_1024 to all LITEON EP1 series devices

  * KVM patches for s390x to provide facility bits 81 (ppa15) and 82 (bpb)
(LP: #1747090)
- KVM: s390: wire up bpb feature
- KVM: s390: Enable all facility bits that are known good for passthrough

  * CVE-2017-5715 (Spectre v2 Intel)
- SAUCE: drop lingering gmb() macro
- x86/feature: Enable the x86 feature to control Speculation
- x86/feature: Report presence of IBPB and IBRS control
- x86/enter: MACROS to set/clear IBRS and set IBPB
- x86/enter: Use IBRS on syscall and interrupts
- x86/idle: Disable IBRS entering idle and enable it on wakeup
- x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup
- x86/mm: Set IBPB upon context switch
- x86/mm: Only set IBPB when the new thread cannot ptrace current thread
- x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm
- x86/kvm: Set IBPB when switching VM
- x86/kvm: Toggle IBRS on VM entry and exit
- x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature
- x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control
- x86/cpu/amd, kvm: Satisfy guest kernel reads of IC_CFG MSR
- x86/cpu/AMD: Add speculative control support for AMD
- x86/microcode: Extend post microcode reload to support IBPB feature
- KVM: SVM: Do not intercept new speculative control MSRs
- x86/svm: Set IBRS value on VM entry and exit
- x86/svm: Set IBPB when running a different VCPU
- KVM: x86: Add speculative control CPUID support for guests
- SAUCE: Fix spec_ctrl support in KVM
- SAUCE: turn off IBPB when full retpoline is present

linux (4.4.0-113.136) xenial; urgency=low

  * linux: 4.4.0-113.136 -proposed tracker (LP: #1746936)

  [ Stefan Bader ]
  * Missing install-time driver for QLogic QED 25/40/100Gb Ethernet NIC
(LP: #1743638)
- [d-i] Add qede to nic-modules udeb

  * CVE-2017-5753 (Spectre v1 Intel)
- x86/cpu/AMD: Make the LFENCE instruction serialized
- x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature
- SAUCE: reinstate MFENCE_RDTSC feature definition
- locking/barriers: introduce new observable speculation barrier
- bpf: prevent speculative execution in eBPF interpreter
- x86, bpf, jit: prevent speculative execution when JIT is enabled
- SAUCE: FIX: x86, bpf, jit: prevent speculative execution when JIT is 
enabled
- carl9170: prevent speculative execution
- qla2xxx: prevent speculative execution
- Thermal/int340x: prevent speculative execution
- ipv4: prevent speculative execution
- ipv6: prevent speculative execution
- fs: prevent speculative execution
- net: mpls: prevent speculative execution
- udf: prevent speculative execution
- userns: prevent speculative execution
- SAUCE: claim mitigation via observable speculation barrier
- SAUCE: powerpc: add osb barrier
- SAUCE: s390/spinlock: add osb memory barrier
- SAUCE: arm64: no osb() implementation yet
- SAUCE: arm: no osb() implementation yet

  * CVE-2017-5715 (Spectre v2 retpoline)
- x86/cpuid: Provide get_scattered_cpuid_leaf()
- x86/cpu: Factor out application of forced CPU caps
- x86/cpufeatures: Make CPU bugs sticky
- x86/cpufeatures: Add X86_BUG_CPU_INSECURE
- x86/cpu, x86/pti: Do not enable PTI on AMD processors
- x86/pti: Rename BUG_CPU_INSECURE to BUG_CPU_MELTDOWN
- x86/cpufeatures: Add X86_BUG_SPECTRE_V[12]
- x86/cpu: Merge bugs.c and bugs_64.c
- sysfs/cpu: Add vulnerability folder
- x86/cpu: Implement CPU vulnerabilites sysfs functions
- x86/alternatives: Add missing '\n' at end of ALTERNATIVE inline asm
- x86/mm/32: Move setup_clear_cpu_cap(X86_FEATURE_PCID) earlier
- x86/asm: Use register variable to get stack pointer value
- x86/kbuild: 

[ubuntu/xenial-updates] linux-aws 4.4.0-1052.61 (Accepted)

[Łukasz Zemczak]

linux-aws (4.4.0-1052.61) xenial; urgency=medium

  * linux-aws: 4.4.0-1052.61 -proposed tracker (LP: #1748489)

  [ Ubuntu: 4.4.0-116.140 ]

  * linux: 4.4.0-116.140 -proposed tracker (LP: #1748990)
  * BUG: unable to handle kernel NULL pointer dereference at 0009
(LP: #1748671)
- SAUCE: net: ipv4: fix for a race condition in raw_sendmsg -- fix backport

  [ Ubuntu: 4.4.0-115.139 ]

  * linux: 4.4.0-115.138 -proposed tracker (LP: #1748745)
  * CVE-2017-5715 (Spectre v2 Intel)
- Revert "UBUNTU: SAUCE: turn off IBPB when full retpoline is present"
- SAUCE: turn off IBRS when full retpoline is present
- [Packaging] retpoline files must be sorted
- [Packaging] pull in retpoline files

  [ Ubuntu: 4.4.0-114.137 ]

  * linux: 4.4.0-114.137 -proposed tracker (LP: #1748484)
  * ALSA backport missing NVIDIA GPU codec IDs to patch table to
Ubuntu 16.04 LTS Kernel (LP: #1744117)
- ALSA: hda - Add missing NVIDIA GPU codec IDs to patch table
  * Shutdown hang on 16.04 with iscsi targets (LP: #1569925)
- scsi: libiscsi: Allow sd_shutdown on bad transport
  * libata: apply MAX_SEC_1024 to all LITEON EP1 series devices (LP: #1743053)
- libata: apply MAX_SEC_1024 to all LITEON EP1 series devices
  * KVM patches for s390x to provide facility bits 81 (ppa15) and 82 (bpb)
(LP: #1747090)
- KVM: s390: wire up bpb feature
- KVM: s390: Enable all facility bits that are known good for passthrough
  * CVE-2017-5715 (Spectre v2 Intel)
- SAUCE: drop lingering gmb() macro
- x86/feature: Enable the x86 feature to control Speculation
- x86/feature: Report presence of IBPB and IBRS control
- x86/enter: MACROS to set/clear IBRS and set IBPB
- x86/enter: Use IBRS on syscall and interrupts
- x86/idle: Disable IBRS entering idle and enable it on wakeup
- x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup
- x86/mm: Set IBPB upon context switch
- x86/mm: Only set IBPB when the new thread cannot ptrace current thread
- x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm
- x86/kvm: Set IBPB when switching VM
- x86/kvm: Toggle IBRS on VM entry and exit
- x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature
- x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control
- x86/cpu/amd, kvm: Satisfy guest kernel reads of IC_CFG MSR
- x86/cpu/AMD: Add speculative control support for AMD
- x86/microcode: Extend post microcode reload to support IBPB feature
- KVM: SVM: Do not intercept new speculative control MSRs
- x86/svm: Set IBRS value on VM entry and exit
- x86/svm: Set IBPB when running a different VCPU
- KVM: x86: Add speculative control CPUID support for guests
- SAUCE: Fix spec_ctrl support in KVM
- SAUCE: turn off IBPB when full retpoline is present

linux-aws (4.4.0-1051.60) xenial; urgency=low

  * linux-aws: 4.4.0-1051.60 -proposed tracker (LP: #1746946)

  [ Ubuntu: 4.4.0-113.136 ]

  * linux: 4.4.0-113.136 -proposed tracker (LP: #1746936)
  * Missing install-time driver for QLogic QED 25/40/100Gb Ethernet NIC
(LP: #1743638)
- [d-i] Add qede to nic-modules udeb
  * CVE-2017-5753 (Spectre v1 Intel)
- x86/cpu/AMD: Make the LFENCE instruction serialized
- x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature
- SAUCE: reinstate MFENCE_RDTSC feature definition
- locking/barriers: introduce new observable speculation barrier
- bpf: prevent speculative execution in eBPF interpreter
- x86, bpf, jit: prevent speculative execution when JIT is enabled
- SAUCE: FIX: x86, bpf, jit: prevent speculative execution when JIT is 
enabled
- carl9170: prevent speculative execution
- qla2xxx: prevent speculative execution
- Thermal/int340x: prevent speculative execution
- ipv4: prevent speculative execution
- ipv6: prevent speculative execution
- fs: prevent speculative execution
- net: mpls: prevent speculative execution
- udf: prevent speculative execution
- userns: prevent speculative execution
- SAUCE: claim mitigation via observable speculation barrier
- SAUCE: powerpc: add osb barrier
- SAUCE: s390/spinlock: add osb memory barrier
- SAUCE: arm64: no osb() implementation yet
- SAUCE: arm: no osb() implementation yet
  * CVE-2017-5715 (Spectre v2 retpoline)
- x86/cpuid: Provide get_scattered_cpuid_leaf()
- x86/cpu: Factor out application of forced CPU caps
- x86/cpufeatures: Make CPU bugs sticky
- x86/cpufeatures: Add X86_BUG_CPU_INSECURE
- x86/cpu, x86/pti: Do not enable PTI on AMD processors
- x86/pti: Rename BUG_CPU_INSECURE to BUG_CPU_MELTDOWN
- x86/cpufeatures: Add X86_BUG_SPECTRE_V[12]
- x86/cpu: Merge bugs.c and bugs_64.c
- sysfs/cpu: Add vulnerability folder
- x86/cpu: Implement CPU vulnerabilites sysfs functions
- x86/alternatives: Add missing '\n' at end of ALTERNATIVE inline asm
- x86/mm/32: 

[ubuntu/xenial-updates] linux-meta-azure 4.13.0.1011.12 (Accepted)

[Łukasz Zemczak]

linux-meta-azure (4.13.0.1011.12) xenial; urgency=medium

  * Bump ABI 4.13.0-1011

linux-meta-azure (4.13.0.1010.11) xenial; urgency=medium

  * Bump ABI 4.13.0-1010

Date: 2018-02-15 16:12:59.584192+00:00
Changed-By: Marcelo Cerri 
Signed-By: Łukasz Zemczak 
https://launchpad.net/ubuntu/+source/linux-meta-azure/4.13.0.1011.12
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] linux_4.4.0-116.140_amd64.tar.gz - (Accepted)

[Khalid Elmously]

linux (4.4.0-116.140) xenial; urgency=medium

  * linux: 4.4.0-116.140 -proposed tracker (LP: #1748990)

  * BUG: unable to handle kernel NULL pointer dereference at 0009
(LP: #1748671)
- SAUCE: net: ipv4: fix for a race condition in raw_sendmsg -- fix backport

Date: Mon, 12 Feb 2018 20:17:57 +
Changed-By: Khalid Elmously 
Maintainer: Launchpad Build Daemon 

Format: 1.8
Date: Mon, 12 Feb 2018 20:17:57 +
Source: linux
Binary: linux-source-4.4.0 linux-doc linux-headers-4.4.0-116 linux-libc-dev 
linux-tools-common linux-tools-4.4.0-116 linux-cloud-tools-common 
linux-cloud-tools-4.4.0-116 linux-image-4.4.0-116-generic 
linux-image-extra-4.4.0-116-generic linux-headers-4.4.0-116-generic 
linux-image-4.4.0-116-generic-dbgsym linux-tools-4.4.0-116-generic 
linux-cloud-tools-4.4.0-116-generic linux-udebs-generic 
linux-image-4.4.0-116-generic-lpae linux-image-extra-4.4.0-116-generic-lpae 
linux-headers-4.4.0-116-generic-lpae linux-image-4.4.0-116-generic-lpae-dbgsym 
linux-tools-4.4.0-116-generic-lpae linux-cloud-tools-4.4.0-116-generic-lpae 
linux-udebs-generic-lpae linux-image-4.4.0-116-lowlatency 
linux-image-extra-4.4.0-116-lowlatency linux-headers-4.4.0-116-lowlatency 
linux-image-4.4.0-116-lowlatency-dbgsym linux-tools-4.4.0-116-lowlatency 
linux-cloud-tools-4.4.0-116-lowlatency linux-udebs-lowlatency 
linux-image-4.4.0-116-powerpc-e500mc linux-image-extra-4.4.0-116-powerpc-e500mc
 linux-headers-4.4.0-116-powerpc-e500mc 
linux-image-4.4.0-116-powerpc-e500mc-dbgsym 
linux-tools-4.4.0-116-powerpc-e500mc linux-cloud-tools-4.4.0-116-powerpc-e500mc 
linux-udebs-powerpc-e500mc linux-image-4.4.0-116-powerpc-smp 
linux-image-extra-4.4.0-116-powerpc-smp linux-headers-4.4.0-116-powerpc-smp 
linux-image-4.4.0-116-powerpc-smp-dbgsym linux-tools-4.4.0-116-powerpc-smp 
linux-cloud-tools-4.4.0-116-powerpc-smp linux-udebs-powerpc-smp 
linux-image-4.4.0-116-powerpc64-emb linux-image-extra-4.4.0-116-powerpc64-emb 
linux-headers-4.4.0-116-powerpc64-emb 
linux-image-4.4.0-116-powerpc64-emb-dbgsym linux-tools-4.4.0-116-powerpc64-emb 
linux-cloud-tools-4.4.0-116-powerpc64-emb linux-udebs-powerpc64-emb 
linux-image-4.4.0-116-powerpc64-smp linux-image-extra-4.4.0-116-powerpc64-smp 
linux-headers-4.4.0-116-powerpc64-smp 
linux-image-4.4.0-116-powerpc64-smp-dbgsym linux-tools-4.4.0-116-powerpc64-smp 
linux-cloud-tools-4.4.0-116-powerpc64-smp linux-udebs-powerpc64-smp
 kernel-image-4.4.0-116-generic-di nic-modules-4.4.0-116-generic-di 
nic-shared-modules-4.4.0-116-generic-di serial-modules-4.4.0-116-generic-di 
ppp-modules-4.4.0-116-generic-di pata-modules-4.4.0-116-generic-di 
firewire-core-modules-4.4.0-116-generic-di scsi-modules-4.4.0-116-generic-di 
plip-modules-4.4.0-116-generic-di floppy-modules-4.4.0-116-generic-di 
fat-modules-4.4.0-116-generic-di nfs-modules-4.4.0-116-generic-di 
md-modules-4.4.0-116-generic-di multipath-modules-4.4.0-116-generic-di 
usb-modules-4.4.0-116-generic-di pcmcia-storage-modules-4.4.0-116-generic-di 
fb-modules-4.4.0-116-generic-di input-modules-4.4.0-116-generic-di 
mouse-modules-4.4.0-116-generic-di irda-modules-4.4.0-116-generic-di 
parport-modules-4.4.0-116-generic-di nic-pcmcia-modules-4.4.0-116-generic-di 
pcmcia-modules-4.4.0-116-generic-di nic-usb-modules-4.4.0-116-generic-di 
sata-modules-4.4.0-116-generic-di crypto-modules-4.4.0-116-generic-di 
speakup-modules-4.4.0-116-generic-di
 virtio-modules-4.4.0-116-generic-di fs-core-modules-4.4.0-116-generic-di 
fs-secondary-modules-4.4.0-116-generic-di 
storage-core-modules-4.4.0-116-generic-di block-modules-4.4.0-116-generic-di 
message-modules-4.4.0-116-generic-di vlan-modules-4.4.0-116-generic-di
 ipmi-modules-4.4.0-116-generic-di
Architecture: amd64 all amd64_translations
Version: 4.4.0-116.140
Distribution: xenial
Urgency: medium
Maintainer: Launchpad Build Daemon 
Changed-By: Khalid Elmously 
Description:
 block-modules-4.4.0-116-generic-di - Block storage devices (udeb)
 crypto-modules-4.4.0-116-generic-di - crypto modules (udeb)
 fat-modules-4.4.0-116-generic-di - FAT filesystem support (udeb)
 fb-modules-4.4.0-116-generic-di - Framebuffer modules (udeb)
 firewire-core-modules-4.4.0-116-generic-di - Firewire (IEEE-1394) Support 
(udeb)
 floppy-modules-4.4.0-116-generic-di - Floppy driver support (udeb)
 fs-core-modules-4.4.0-116-generic-di - Base filesystem modules (udeb)
 fs-secondary-modules-4.4.0-116-generic-di - Extra filesystem modules (udeb)
 input-modules-4.4.0-116-generic-di - Support for various input methods (udeb)
 ipmi-modules-4.4.0-116-generic-di - ipmi modules (udeb)
 irda-modules-4.4.0-116-generic-di - Support for Infrared protocols (udeb)
 kernel-image-4.4.0-116-generic-di - Linux kernel binary image for the Debian 
installer (udeb)
 linux-cloud-tools-4.4.0-116 - Linux kernel version specific cloud tools for 
version 4.4.0-116
 linux-cloud-tools-4.4.0-116-generic - 

[ubuntu/xenial-security] linux-meta-hwe 4.13.0.36.55 (Accepted)

[Łukasz Zemczak]

linux-meta-hwe (4.13.0.36.55) xenial; urgency=medium

  * Bump ABI 4.13.0-36

linux-meta-hwe (4.13.0.35.54) xenial; urgency=medium

  * Bump ABI 4.13.0-35

linux-meta-hwe (4.13.0.33.53) xenial; urgency=medium

  * Bump ABI 4.13.0-33

Date: 2018-02-16 23:22:51.703806+00:00
Changed-By: Kamal Mostafa 
Signed-By: Łukasz Zemczak 
https://launchpad.net/ubuntu/+source/linux-meta-hwe/4.13.0.36.55
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] linux-hwe_4.13.0-36.40~16.04.1_amd64.tar.gz - (Accepted)

[Kamal Mostafa]

linux-hwe (4.13.0-36.40~16.04.1) xenial; urgency=medium

  * linux-hwe: 4.13.0-36.40~16.04.1 -proposed tracker (LP: #1750052)

  * linux: 4.13.0-36.40 -proposed tracker (LP: #1750010)

  * Rebuild without "CVE-2017-5754 ARM64 KPTI fixes" patch set

Date: Fri, 16 Feb 2018 15:00:34 -0800
Changed-By: Kamal Mostafa 
Maintainer: Launchpad Build Daemon 

Format: 1.8
Date: Fri, 16 Feb 2018 15:00:34 -0800
Source: linux-hwe
Binary: linux-source-4.13.0 linux-headers-4.13.0-36 linux-hwe-tools-4.13.0-36 
linux-hwe-cloud-tools-4.13.0-36 linux-image-4.13.0-36-generic 
linux-image-extra-4.13.0-36-generic linux-headers-4.13.0-36-generic 
linux-image-4.13.0-36-generic-dbgsym linux-tools-4.13.0-36-generic 
linux-cloud-tools-4.13.0-36-generic linux-hwe-udebs-generic 
linux-image-4.13.0-36-generic-lpae linux-image-extra-4.13.0-36-generic-lpae 
linux-headers-4.13.0-36-generic-lpae linux-image-4.13.0-36-generic-lpae-dbgsym 
linux-tools-4.13.0-36-generic-lpae linux-cloud-tools-4.13.0-36-generic-lpae 
linux-hwe-udebs-generic-lpae linux-image-4.13.0-36-lowlatency 
linux-image-extra-4.13.0-36-lowlatency linux-headers-4.13.0-36-lowlatency 
linux-image-4.13.0-36-lowlatency-dbgsym linux-tools-4.13.0-36-lowlatency 
linux-cloud-tools-4.13.0-36-lowlatency linux-hwe-udebs-lowlatency 
kernel-image-4.13.0-36-generic-di fat-modules-4.13.0-36-generic-di 
fb-modules-4.13.0-36-generic-di firewire-core-modules-4.13.0-36-generic-di
 floppy-modules-4.13.0-36-generic-di fs-core-modules-4.13.0-36-generic-di 
fs-secondary-modules-4.13.0-36-generic-di input-modules-4.13.0-36-generic-di 
irda-modules-4.13.0-36-generic-di md-modules-4.13.0-36-generic-di 
nic-modules-4.13.0-36-generic-di nic-pcmcia-modules-4.13.0-36-generic-di 
nic-usb-modules-4.13.0-36-generic-di nic-shared-modules-4.13.0-36-generic-di 
parport-modules-4.13.0-36-generic-di pata-modules-4.13.0-36-generic-di 
pcmcia-modules-4.13.0-36-generic-di pcmcia-storage-modules-4.13.0-36-generic-di 
plip-modules-4.13.0-36-generic-di ppp-modules-4.13.0-36-generic-di 
sata-modules-4.13.0-36-generic-di scsi-modules-4.13.0-36-generic-di 
serial-modules-4.13.0-36-generic-di storage-core-modules-4.13.0-36-generic-di 
usb-modules-4.13.0-36-generic-di nfs-modules-4.13.0-36-generic-di 
block-modules-4.13.0-36-generic-di message-modules-4.13.0-36-generic-di 
crypto-modules-4.13.0-36-generic-di virtio-modules-4.13.0-36-generic-di 
mouse-modules-4.13.0-36-generic-di
 vlan-modules-4.13.0-36-generic-di ipmi-modules-4.13.0-36-generic-di
 multipath-modules-4.13.0-36-generic-di
Architecture: amd64 all amd64_translations
Version: 4.13.0-36.40~16.04.1
Distribution: xenial
Urgency: medium
Maintainer: Launchpad Build Daemon 
Changed-By: Kamal Mostafa 
Description:
 block-modules-4.13.0-36-generic-di - Block storage devices (udeb)
 crypto-modules-4.13.0-36-generic-di - crypto modules (udeb)
 fat-modules-4.13.0-36-generic-di - FAT filesystem support (udeb)
 fb-modules-4.13.0-36-generic-di - Framebuffer modules (udeb)
 firewire-core-modules-4.13.0-36-generic-di - Firewire (IEEE-1394) Support 
(udeb)
 floppy-modules-4.13.0-36-generic-di - Floppy driver support (udeb)
 fs-core-modules-4.13.0-36-generic-di - Base filesystem modules (udeb)
 fs-secondary-modules-4.13.0-36-generic-di - Extra filesystem modules (udeb)
 input-modules-4.13.0-36-generic-di - Support for various input methods (udeb)
 ipmi-modules-4.13.0-36-generic-di - ipmi modules (udeb)
 irda-modules-4.13.0-36-generic-di - Support for Infrared protocols (udeb)
 kernel-image-4.13.0-36-generic-di - kernel image and system map (udeb)
 linux-cloud-tools-4.13.0-36-generic - Linux kernel version specific cloud 
tools for version 4.13.0-36
 linux-cloud-tools-4.13.0-36-generic-lpae - Linux kernel version specific cloud 
tools for version 4.13.0-36
 linux-cloud-tools-4.13.0-36-lowlatency - Linux kernel version specific cloud 
tools for version 4.13.0-36
 linux-headers-4.13.0-36 - Header files related to Linux kernel version 4.13.0
 linux-headers-4.13.0-36-generic - Linux kernel headers for version 4.13.0 on 
64 bit x86 SMP
 linux-headers-4.13.0-36-generic-lpae - Linux kernel headers for version 4.13.0 
on 64 bit x86 SMP
 linux-headers-4.13.0-36-lowlatency - Linux kernel headers for version 4.13.0 
on 64 bit x86 SMP
 linux-hwe-cloud-tools-4.13.0-36 - Linux kernel version specific cloud tools 
for version 4.13.0-36
 linux-hwe-tools-4.13.0-36 - Linux kernel version specific tools for version 
4.13.0-36
 linux-hwe-udebs-generic - Metapackage depending on kernel udebs (udeb)
 linux-hwe-udebs-generic-lpae - Metapackage depending on kernel udebs (udeb)
 linux-hwe-udebs-lowlatency - Metapackage depending on kernel udebs (udeb)
 linux-image-4.13.0-36-generic - Linux kernel image for version 4.13.0 on 64 
bit x86 SMP
 linux-image-4.13.0-36-generic-dbgsym - Linux kernel debug image for version 
4.13.0 on 64 bit x86 SMP
 linux-image-4.13.0-36-generic-lpae - Linux kernel image for 

[ubuntu/xenial-security] linux-meta-kvm 4.4.0.1019.18 (Accepted)

[Łukasz Zemczak]

linux-meta-kvm (4.4.0.1019.18) xenial; urgency=medium

  * Bump ABI 4.4.0-1019

linux-meta-kvm (4.4.0.1018.17) xenial; urgency=medium

  * Bump ABI 4.4.0-1018

Date: 2018-02-13 13:13:12.836802+00:00
Changed-By: Stefan Bader 
Signed-By: Łukasz Zemczak 
https://launchpad.net/ubuntu/+source/linux-meta-kvm/4.4.0.1019.18
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] linux-meta-oem 4.13.0.1021.25 (Accepted)

[Łukasz Zemczak]

linux-meta-oem (4.13.0.1021.25) xenial; urgency=medium

  * Bump ABI 4.13.0-1021

Date: 2018-02-12 15:22:12.773423+00:00
Changed-By: Timo Aaltonen 
Signed-By: Łukasz Zemczak 
https://launchpad.net/ubuntu/+source/linux-meta-oem/4.13.0.1021.25
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-security] linux-aws 4.4.0-1052.61 (Accepted)

[Łukasz Zemczak]

linux-aws (4.4.0-1052.61) xenial; urgency=medium

  * linux-aws: 4.4.0-1052.61 -proposed tracker (LP: #1748489)

  [ Ubuntu: 4.4.0-116.140 ]

  * linux: 4.4.0-116.140 -proposed tracker (LP: #1748990)
  * BUG: unable to handle kernel NULL pointer dereference at 0009
(LP: #1748671)
- SAUCE: net: ipv4: fix for a race condition in raw_sendmsg -- fix backport

  [ Ubuntu: 4.4.0-115.139 ]

  * linux: 4.4.0-115.138 -proposed tracker (LP: #1748745)
  * CVE-2017-5715 (Spectre v2 Intel)
- Revert "UBUNTU: SAUCE: turn off IBPB when full retpoline is present"
- SAUCE: turn off IBRS when full retpoline is present
- [Packaging] retpoline files must be sorted
- [Packaging] pull in retpoline files

  [ Ubuntu: 4.4.0-114.137 ]

  * linux: 4.4.0-114.137 -proposed tracker (LP: #1748484)
  * ALSA backport missing NVIDIA GPU codec IDs to patch table to
Ubuntu 16.04 LTS Kernel (LP: #1744117)
- ALSA: hda - Add missing NVIDIA GPU codec IDs to patch table
  * Shutdown hang on 16.04 with iscsi targets (LP: #1569925)
- scsi: libiscsi: Allow sd_shutdown on bad transport
  * libata: apply MAX_SEC_1024 to all LITEON EP1 series devices (LP: #1743053)
- libata: apply MAX_SEC_1024 to all LITEON EP1 series devices
  * KVM patches for s390x to provide facility bits 81 (ppa15) and 82 (bpb)
(LP: #1747090)
- KVM: s390: wire up bpb feature
- KVM: s390: Enable all facility bits that are known good for passthrough
  * CVE-2017-5715 (Spectre v2 Intel)
- SAUCE: drop lingering gmb() macro
- x86/feature: Enable the x86 feature to control Speculation
- x86/feature: Report presence of IBPB and IBRS control
- x86/enter: MACROS to set/clear IBRS and set IBPB
- x86/enter: Use IBRS on syscall and interrupts
- x86/idle: Disable IBRS entering idle and enable it on wakeup
- x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup
- x86/mm: Set IBPB upon context switch
- x86/mm: Only set IBPB when the new thread cannot ptrace current thread
- x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm
- x86/kvm: Set IBPB when switching VM
- x86/kvm: Toggle IBRS on VM entry and exit
- x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature
- x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control
- x86/cpu/amd, kvm: Satisfy guest kernel reads of IC_CFG MSR
- x86/cpu/AMD: Add speculative control support for AMD
- x86/microcode: Extend post microcode reload to support IBPB feature
- KVM: SVM: Do not intercept new speculative control MSRs
- x86/svm: Set IBRS value on VM entry and exit
- x86/svm: Set IBPB when running a different VCPU
- KVM: x86: Add speculative control CPUID support for guests
- SAUCE: Fix spec_ctrl support in KVM
- SAUCE: turn off IBPB when full retpoline is present

linux-aws (4.4.0-1051.60) xenial; urgency=low

  * linux-aws: 4.4.0-1051.60 -proposed tracker (LP: #1746946)

  [ Ubuntu: 4.4.0-113.136 ]

  * linux: 4.4.0-113.136 -proposed tracker (LP: #1746936)
  * Missing install-time driver for QLogic QED 25/40/100Gb Ethernet NIC
(LP: #1743638)
- [d-i] Add qede to nic-modules udeb
  * CVE-2017-5753 (Spectre v1 Intel)
- x86/cpu/AMD: Make the LFENCE instruction serialized
- x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature
- SAUCE: reinstate MFENCE_RDTSC feature definition
- locking/barriers: introduce new observable speculation barrier
- bpf: prevent speculative execution in eBPF interpreter
- x86, bpf, jit: prevent speculative execution when JIT is enabled
- SAUCE: FIX: x86, bpf, jit: prevent speculative execution when JIT is 
enabled
- carl9170: prevent speculative execution
- qla2xxx: prevent speculative execution
- Thermal/int340x: prevent speculative execution
- ipv4: prevent speculative execution
- ipv6: prevent speculative execution
- fs: prevent speculative execution
- net: mpls: prevent speculative execution
- udf: prevent speculative execution
- userns: prevent speculative execution
- SAUCE: claim mitigation via observable speculation barrier
- SAUCE: powerpc: add osb barrier
- SAUCE: s390/spinlock: add osb memory barrier
- SAUCE: arm64: no osb() implementation yet
- SAUCE: arm: no osb() implementation yet
  * CVE-2017-5715 (Spectre v2 retpoline)
- x86/cpuid: Provide get_scattered_cpuid_leaf()
- x86/cpu: Factor out application of forced CPU caps
- x86/cpufeatures: Make CPU bugs sticky
- x86/cpufeatures: Add X86_BUG_CPU_INSECURE
- x86/cpu, x86/pti: Do not enable PTI on AMD processors
- x86/pti: Rename BUG_CPU_INSECURE to BUG_CPU_MELTDOWN
- x86/cpufeatures: Add X86_BUG_SPECTRE_V[12]
- x86/cpu: Merge bugs.c and bugs_64.c
- sysfs/cpu: Add vulnerability folder
- x86/cpu: Implement CPU vulnerabilites sysfs functions
- x86/alternatives: Add missing '\n' at end of ALTERNATIVE inline asm
- x86/mm/32: 

[ubuntu/xenial-updates] linux-raspi2 4.4.0-1085.93 (Accepted)

[Łukasz Zemczak]

linux-raspi2 (4.4.0-1085.93) xenial; urgency=medium

  * linux-raspi2: 4.4.0-1085.93 -proposed tracker (LP: #1749094)

  [ Ubuntu: 4.4.0-116.140 ]

  * linux: 4.4.0-116.140 -proposed tracker (LP: #1748990)
  * BUG: unable to handle kernel NULL pointer dereference at 0009
(LP: #1748671)
- SAUCE: net: ipv4: fix for a race condition in raw_sendmsg -- fix backport

linux-raspi2 (4.4.0-1084.92) xenial; urgency=medium

  * linux-raspi2: 4.4.0-1084.92 -proposed tracker (LP: #1748493)

  [ Ubuntu: 4.4.0-115.139 ]

  * linux: 4.4.0-115.138 -proposed tracker (LP: #1748745)
  * CVE-2017-5715 (Spectre v2 Intel)
- Revert "UBUNTU: SAUCE: turn off IBPB when full retpoline is present"
- SAUCE: turn off IBRS when full retpoline is present
- [Packaging] retpoline files must be sorted
- [Packaging] pull in retpoline files

  [ Ubuntu: 4.4.0-114.137 ]

  * linux: 4.4.0-114.137 -proposed tracker (LP: #1748484)
  * ALSA backport missing NVIDIA GPU codec IDs to patch table to
Ubuntu 16.04 LTS Kernel (LP: #1744117)
- ALSA: hda - Add missing NVIDIA GPU codec IDs to patch table
  * Shutdown hang on 16.04 with iscsi targets (LP: #1569925)
- scsi: libiscsi: Allow sd_shutdown on bad transport
  * libata: apply MAX_SEC_1024 to all LITEON EP1 series devices (LP: #1743053)
- libata: apply MAX_SEC_1024 to all LITEON EP1 series devices
  * KVM patches for s390x to provide facility bits 81 (ppa15) and 82 (bpb)
(LP: #1747090)
- KVM: s390: wire up bpb feature
- KVM: s390: Enable all facility bits that are known good for passthrough
  * CVE-2017-5715 (Spectre v2 Intel)
- SAUCE: drop lingering gmb() macro
- x86/feature: Enable the x86 feature to control Speculation
- x86/feature: Report presence of IBPB and IBRS control
- x86/enter: MACROS to set/clear IBRS and set IBPB
- x86/enter: Use IBRS on syscall and interrupts
- x86/idle: Disable IBRS entering idle and enable it on wakeup
- x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup
- x86/mm: Set IBPB upon context switch
- x86/mm: Only set IBPB when the new thread cannot ptrace current thread
- x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm
- x86/kvm: Set IBPB when switching VM
- x86/kvm: Toggle IBRS on VM entry and exit
- x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature
- x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control
- x86/cpu/amd, kvm: Satisfy guest kernel reads of IC_CFG MSR
- x86/cpu/AMD: Add speculative control support for AMD
- x86/microcode: Extend post microcode reload to support IBPB feature
- KVM: SVM: Do not intercept new speculative control MSRs
- x86/svm: Set IBRS value on VM entry and exit
- x86/svm: Set IBPB when running a different VCPU
- KVM: x86: Add speculative control CPUID support for guests
- SAUCE: Fix spec_ctrl support in KVM
- SAUCE: turn off IBPB when full retpoline is present

linux-raspi2 (4.4.0-1083.91) xenial; urgency=low

  * linux-raspi2: 4.4.0-1083.91 -proposed tracker (LP: #1746941)


  [ Ubuntu: 4.4.0-113.136 ]

  * linux: 4.4.0-113.136 -proposed tracker (LP: #1746936)
  * Missing install-time driver for QLogic QED 25/40/100Gb Ethernet NIC
(LP: #1743638)
- [d-i] Add qede to nic-modules udeb
  * CVE-2017-5753 (Spectre v1 Intel)
- x86/cpu/AMD: Make the LFENCE instruction serialized
- x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature
- SAUCE: reinstate MFENCE_RDTSC feature definition
- locking/barriers: introduce new observable speculation barrier
- bpf: prevent speculative execution in eBPF interpreter
- x86, bpf, jit: prevent speculative execution when JIT is enabled
- SAUCE: FIX: x86, bpf, jit: prevent speculative execution when JIT is 
enabled
- carl9170: prevent speculative execution
- qla2xxx: prevent speculative execution
- Thermal/int340x: prevent speculative execution
- ipv4: prevent speculative execution
- ipv6: prevent speculative execution
- fs: prevent speculative execution
- net: mpls: prevent speculative execution
- udf: prevent speculative execution
- userns: prevent speculative execution
- SAUCE: claim mitigation via observable speculation barrier
- SAUCE: powerpc: add osb barrier
- SAUCE: s390/spinlock: add osb memory barrier
- SAUCE: arm64: no osb() implementation yet
- SAUCE: arm: no osb() implementation yet
  * CVE-2017-5715 (Spectre v2 retpoline)
- x86/cpuid: Provide get_scattered_cpuid_leaf()
- x86/cpu: Factor out application of forced CPU caps
- x86/cpufeatures: Make CPU bugs sticky
- x86/cpufeatures: Add X86_BUG_CPU_INSECURE
- x86/cpu, x86/pti: Do not enable PTI on AMD processors
- x86/pti: Rename BUG_CPU_INSECURE to BUG_CPU_MELTDOWN
- x86/cpufeatures: Add X86_BUG_SPECTRE_V[12]
- x86/cpu: Merge bugs.c and bugs_64.c
- sysfs/cpu: Add vulnerability folder
- x86/cpu: 

[ubuntu/xenial-updates] linux-snapdragon 4.4.0-1087.92 (Accepted)

[Łukasz Zemczak]

linux-snapdragon (4.4.0-1087.92) xenial; urgency=medium

  * linux-snapdragon: 4.4.0-1087.92 -proposed tracker (LP: #1749096)

  [ Ubuntu: 4.4.0-116.140 ]

  * linux: 4.4.0-116.140 -proposed tracker (LP: #1748990)
  * BUG: unable to handle kernel NULL pointer dereference at 0009
(LP: #1748671)
- SAUCE: net: ipv4: fix for a race condition in raw_sendmsg -- fix backport

linux-snapdragon (4.4.0-1086.91) xenial; urgency=medium

  * linux-snapdragon: 4.4.0-1086.91 -proposed tracker (LP: #1748494)

  [ Ubuntu: 4.4.0-115.139 ]

  * linux: 4.4.0-115.138 -proposed tracker (LP: #1748745)
  * CVE-2017-5715 (Spectre v2 Intel)
- Revert "UBUNTU: SAUCE: turn off IBPB when full retpoline is present"
- SAUCE: turn off IBRS when full retpoline is present
- [Packaging] retpoline files must be sorted
- [Packaging] pull in retpoline files

  [ Ubuntu: 4.4.0-114.137 ]

  * linux: 4.4.0-114.137 -proposed tracker (LP: #1748484)
  * ALSA backport missing NVIDIA GPU codec IDs to patch table to
Ubuntu 16.04 LTS Kernel (LP: #1744117)
- ALSA: hda - Add missing NVIDIA GPU codec IDs to patch table
  * Shutdown hang on 16.04 with iscsi targets (LP: #1569925)
- scsi: libiscsi: Allow sd_shutdown on bad transport
  * libata: apply MAX_SEC_1024 to all LITEON EP1 series devices (LP: #1743053)
- libata: apply MAX_SEC_1024 to all LITEON EP1 series devices
  * KVM patches for s390x to provide facility bits 81 (ppa15) and 82 (bpb)
(LP: #1747090)
- KVM: s390: wire up bpb feature
- KVM: s390: Enable all facility bits that are known good for passthrough
  * CVE-2017-5715 (Spectre v2 Intel)
- SAUCE: drop lingering gmb() macro
- x86/feature: Enable the x86 feature to control Speculation
- x86/feature: Report presence of IBPB and IBRS control
- x86/enter: MACROS to set/clear IBRS and set IBPB
- x86/enter: Use IBRS on syscall and interrupts
- x86/idle: Disable IBRS entering idle and enable it on wakeup
- x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup
- x86/mm: Set IBPB upon context switch
- x86/mm: Only set IBPB when the new thread cannot ptrace current thread
- x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm
- x86/kvm: Set IBPB when switching VM
- x86/kvm: Toggle IBRS on VM entry and exit
- x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature
- x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control
- x86/cpu/amd, kvm: Satisfy guest kernel reads of IC_CFG MSR
- x86/cpu/AMD: Add speculative control support for AMD
- x86/microcode: Extend post microcode reload to support IBPB feature
- KVM: SVM: Do not intercept new speculative control MSRs
- x86/svm: Set IBRS value on VM entry and exit
- x86/svm: Set IBPB when running a different VCPU
- KVM: x86: Add speculative control CPUID support for guests
- SAUCE: Fix spec_ctrl support in KVM
- SAUCE: turn off IBPB when full retpoline is present

linux-snapdragon (4.4.0-1085.90) xenial; urgency=low

  * linux-snapdragon: 4.4.0-1085.90 -proposed tracker (LP: #1746942)


  [ Ubuntu: 4.4.0-113.136 ]

  * linux: 4.4.0-113.136 -proposed tracker (LP: #1746936)
  * Missing install-time driver for QLogic QED 25/40/100Gb Ethernet NIC
(LP: #1743638)
- [d-i] Add qede to nic-modules udeb
  * CVE-2017-5753 (Spectre v1 Intel)
- x86/cpu/AMD: Make the LFENCE instruction serialized
- x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature
- SAUCE: reinstate MFENCE_RDTSC feature definition
- locking/barriers: introduce new observable speculation barrier
- bpf: prevent speculative execution in eBPF interpreter
- x86, bpf, jit: prevent speculative execution when JIT is enabled
- SAUCE: FIX: x86, bpf, jit: prevent speculative execution when JIT is 
enabled
- carl9170: prevent speculative execution
- qla2xxx: prevent speculative execution
- Thermal/int340x: prevent speculative execution
- ipv4: prevent speculative execution
- ipv6: prevent speculative execution
- fs: prevent speculative execution
- net: mpls: prevent speculative execution
- udf: prevent speculative execution
- userns: prevent speculative execution
- SAUCE: claim mitigation via observable speculation barrier
- SAUCE: powerpc: add osb barrier
- SAUCE: s390/spinlock: add osb memory barrier
- SAUCE: arm64: no osb() implementation yet
- SAUCE: arm: no osb() implementation yet
  * CVE-2017-5715 (Spectre v2 retpoline)
- x86/cpuid: Provide get_scattered_cpuid_leaf()
- x86/cpu: Factor out application of forced CPU caps
- x86/cpufeatures: Make CPU bugs sticky
- x86/cpufeatures: Add X86_BUG_CPU_INSECURE
- x86/cpu, x86/pti: Do not enable PTI on AMD processors
- x86/pti: Rename BUG_CPU_INSECURE to BUG_CPU_MELTDOWN
- x86/cpufeatures: Add X86_BUG_SPECTRE_V[12]
- x86/cpu: Merge bugs.c and bugs_64.c
- sysfs/cpu: Add vulnerability 

[ubuntu/xenial-security] linux-snapdragon 4.4.0-1087.92 (Accepted)

[Łukasz Zemczak]

linux-snapdragon (4.4.0-1087.92) xenial; urgency=medium

  * linux-snapdragon: 4.4.0-1087.92 -proposed tracker (LP: #1749096)

  [ Ubuntu: 4.4.0-116.140 ]

  * linux: 4.4.0-116.140 -proposed tracker (LP: #1748990)
  * BUG: unable to handle kernel NULL pointer dereference at 0009
(LP: #1748671)
- SAUCE: net: ipv4: fix for a race condition in raw_sendmsg -- fix backport

linux-snapdragon (4.4.0-1086.91) xenial; urgency=medium

  * linux-snapdragon: 4.4.0-1086.91 -proposed tracker (LP: #1748494)

  [ Ubuntu: 4.4.0-115.139 ]

  * linux: 4.4.0-115.138 -proposed tracker (LP: #1748745)
  * CVE-2017-5715 (Spectre v2 Intel)
- Revert "UBUNTU: SAUCE: turn off IBPB when full retpoline is present"
- SAUCE: turn off IBRS when full retpoline is present
- [Packaging] retpoline files must be sorted
- [Packaging] pull in retpoline files

  [ Ubuntu: 4.4.0-114.137 ]

  * linux: 4.4.0-114.137 -proposed tracker (LP: #1748484)
  * ALSA backport missing NVIDIA GPU codec IDs to patch table to
Ubuntu 16.04 LTS Kernel (LP: #1744117)
- ALSA: hda - Add missing NVIDIA GPU codec IDs to patch table
  * Shutdown hang on 16.04 with iscsi targets (LP: #1569925)
- scsi: libiscsi: Allow sd_shutdown on bad transport
  * libata: apply MAX_SEC_1024 to all LITEON EP1 series devices (LP: #1743053)
- libata: apply MAX_SEC_1024 to all LITEON EP1 series devices
  * KVM patches for s390x to provide facility bits 81 (ppa15) and 82 (bpb)
(LP: #1747090)
- KVM: s390: wire up bpb feature
- KVM: s390: Enable all facility bits that are known good for passthrough
  * CVE-2017-5715 (Spectre v2 Intel)
- SAUCE: drop lingering gmb() macro
- x86/feature: Enable the x86 feature to control Speculation
- x86/feature: Report presence of IBPB and IBRS control
- x86/enter: MACROS to set/clear IBRS and set IBPB
- x86/enter: Use IBRS on syscall and interrupts
- x86/idle: Disable IBRS entering idle and enable it on wakeup
- x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup
- x86/mm: Set IBPB upon context switch
- x86/mm: Only set IBPB when the new thread cannot ptrace current thread
- x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm
- x86/kvm: Set IBPB when switching VM
- x86/kvm: Toggle IBRS on VM entry and exit
- x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature
- x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control
- x86/cpu/amd, kvm: Satisfy guest kernel reads of IC_CFG MSR
- x86/cpu/AMD: Add speculative control support for AMD
- x86/microcode: Extend post microcode reload to support IBPB feature
- KVM: SVM: Do not intercept new speculative control MSRs
- x86/svm: Set IBRS value on VM entry and exit
- x86/svm: Set IBPB when running a different VCPU
- KVM: x86: Add speculative control CPUID support for guests
- SAUCE: Fix spec_ctrl support in KVM
- SAUCE: turn off IBPB when full retpoline is present

linux-snapdragon (4.4.0-1085.90) xenial; urgency=low

  * linux-snapdragon: 4.4.0-1085.90 -proposed tracker (LP: #1746942)


  [ Ubuntu: 4.4.0-113.136 ]

  * linux: 4.4.0-113.136 -proposed tracker (LP: #1746936)
  * Missing install-time driver for QLogic QED 25/40/100Gb Ethernet NIC
(LP: #1743638)
- [d-i] Add qede to nic-modules udeb
  * CVE-2017-5753 (Spectre v1 Intel)
- x86/cpu/AMD: Make the LFENCE instruction serialized
- x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature
- SAUCE: reinstate MFENCE_RDTSC feature definition
- locking/barriers: introduce new observable speculation barrier
- bpf: prevent speculative execution in eBPF interpreter
- x86, bpf, jit: prevent speculative execution when JIT is enabled
- SAUCE: FIX: x86, bpf, jit: prevent speculative execution when JIT is 
enabled
- carl9170: prevent speculative execution
- qla2xxx: prevent speculative execution
- Thermal/int340x: prevent speculative execution
- ipv4: prevent speculative execution
- ipv6: prevent speculative execution
- fs: prevent speculative execution
- net: mpls: prevent speculative execution
- udf: prevent speculative execution
- userns: prevent speculative execution
- SAUCE: claim mitigation via observable speculation barrier
- SAUCE: powerpc: add osb barrier
- SAUCE: s390/spinlock: add osb memory barrier
- SAUCE: arm64: no osb() implementation yet
- SAUCE: arm: no osb() implementation yet
  * CVE-2017-5715 (Spectre v2 retpoline)
- x86/cpuid: Provide get_scattered_cpuid_leaf()
- x86/cpu: Factor out application of forced CPU caps
- x86/cpufeatures: Make CPU bugs sticky
- x86/cpufeatures: Add X86_BUG_CPU_INSECURE
- x86/cpu, x86/pti: Do not enable PTI on AMD processors
- x86/pti: Rename BUG_CPU_INSECURE to BUG_CPU_MELTDOWN
- x86/cpufeatures: Add X86_BUG_SPECTRE_V[12]
- x86/cpu: Merge bugs.c and bugs_64.c
- sysfs/cpu: Add vulnerability 

[ubuntu/xenial-updates] linux-meta-aws 4.4.0.1052.54 (Accepted)

[Łukasz Zemczak]

linux-meta-aws (4.4.0.1052.54) xenial; urgency=medium

  * Bump ABI 4.4.0-1052

linux-meta-aws (4.4.0.1051.53) xenial; urgency=medium

  * Bump ABI 4.4.0-1051

Date: 2018-02-12 22:59:07.790994+00:00
Changed-By: Kamal Mostafa 
Signed-By: Łukasz Zemczak 
https://launchpad.net/ubuntu/+source/linux-meta-aws/4.4.0.1052.54
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-security] linux-gcp 4.13.0-1011.15 (Accepted)

[Łukasz Zemczak]

linux-gcp (4.13.0-1011.15) xenial; urgency=medium

  * linux-gcp: 4.13.0-1011.15 -proposed tracker (LP: #1748478)

  [ Ubuntu: 4.13.0-35.39 ]

  * linux: 4.13.0-35.39 -proposed tracker (LP: #1748743)
  * CVE-2017-5715 (Spectre v2 Intel)
- Revert "UBUNTU: SAUCE: turn off IBPB when full retpoline is present"
- SAUCE: turn off IBRS when full retpoline is present
- [Packaging] retpoline files must be sorted
- [Packaging] pull in retpoline files

  [ Ubuntu: 4.13.0-34.37 ]

  * linux: 4.13.0-34.37 -proposed tracker (LP: #1748475)
  * libata: apply MAX_SEC_1024 to all LITEON EP1 series devices (LP: #1743053)
- libata: apply MAX_SEC_1024 to all LITEON EP1 series devices
  * KVM patches for s390x to provide facility bits 81 (ppa15) and 82 (bpb)
(LP: #1747090)
- KVM: s390: wire up bpb feature
  * artful 4.13 i386 kernels crash after memory hotplug remove (LP: #1747069)
- Revert "mm, memory_hotplug: do not associate hotadded memory to zones
  until online"
  * CVE-2017-5715 (Spectre v2 Intel)
- x86/feature: Enable the x86 feature to control Speculation
- x86/feature: Report presence of IBPB and IBRS control
- x86/enter: MACROS to set/clear IBRS and set IBPB
- x86/enter: Use IBRS on syscall and interrupts
- x86/idle: Disable IBRS entering idle and enable it on wakeup
- x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup
- x86/mm: Set IBPB upon context switch
- x86/mm: Only set IBPB when the new thread cannot ptrace current thread
- x86/entry: Stuff RSB for entry to kernel for non-SMEP platform
- x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm
- x86/kvm: Set IBPB when switching VM
- x86/kvm: Toggle IBRS on VM entry and exit
- x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature
- x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control
- x86/cpu/AMD: Add speculative control support for AMD
- x86/microcode: Extend post microcode reload to support IBPB feature
- KVM: SVM: Do not intercept new speculative control MSRs
- x86/svm: Set IBRS value on VM entry and exit
- x86/svm: Set IBPB when running a different VCPU
- KVM: x86: Add speculative control CPUID support for guests
- SAUCE: turn off IBPB when full retpoline is present
  * Artful 4.13 fixes for tun (LP: #1748846)
- tun: call dev_get_valid_name() before register_netdevice()
- tun: allow positive return values on dev_get_valid_name() call
- tun/tap: sanitize TUNSETSNDBUF input
  * boot failure on AMD Raven + WestonXT (LP: #1742759)
- SAUCE: drm/amdgpu: add atpx quirk handling (v2)

linux-gcp (4.13.0-1010.14) xenial; urgency=medium

  * linux-gcp: 4.13.0-1010.14 -proposed tracker (LP: #1746905)
  * CVE-2017-5715 (Spectre v2 retpoline)
- [Config] enable CONFIG_RETPOLINE for gcp kernel

  [ Ubuntu: 4.13.0-33.36 ]

  * linux: 4.13.0-33.36 -proposed tracker (LP: #1746903)
  * starting VMs causing retpoline4 to reboot (LP: #1747507) // CVE-2017-5715
(Spectre v2 retpoline)
- x86/retpoline: Fill RSB on context switch for affected CPUs
- x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB macros
- x86/retpoline: Optimize inline assembler for vmexit_fill_RSB
- x86/retpoline: Remove the esp/rsp thunk
- x86/retpoline: Simplify vmexit_fill_RSB()
  * Missing install-time driver for QLogic QED 25/40/100Gb Ethernet NIC
(LP: #1743638)
- [d-i] Add qede to nic-modules udeb
  * hisi_sas: driver robustness fixes (LP: #1739807)
- scsi: hisi_sas: fix reset and port ID refresh issues
- scsi: hisi_sas: avoid potential v2 hw interrupt issue
- scsi: hisi_sas: fix v2 hw underflow residual value
- scsi: hisi_sas: add v2 hw DFX feature
- scsi: hisi_sas: add irq and tasklet cleanup in v2 hw
- scsi: hisi_sas: service interrupt ITCT_CLR interrupt in v2 hw
- scsi: hisi_sas: fix internal abort slot timeout bug
- scsi: hisi_sas: us start_phy in PHY_FUNC_LINK_RESET
- scsi: hisi_sas: fix NULL check in SMP abort task path
- scsi: hisi_sas: fix the risk of freeing slot twice
- scsi: hisi_sas: kill tasklet when destroying irq in v3 hw
- scsi: hisi_sas: complete all tasklets prior to host reset
  * [Artful/Zesty] ACPI APEI error handling bug fixes (LP: #1732990)
- ACPI: APEI: fix the wrong iteration of generic error status block
- ACPI / APEI: clear error status before acknowledging the error
  * [Zesty/Artful] On ARM64 PCIE physical function passthrough guest fails to
boot (LP: #1732804)
- vfio/pci: Virtualize Maximum Payload Size
- vfio/pci: Virtualize Maximum Read Request Size
  * hisi_sas: Add ATA command support for SMR disks (LP: #1739891)
- scsi: hisi_sas: support zone management commands
  * thunderx2: i2c driver PEC and ACPI clock fixes (LP: #1738073)
- ACPI / APD: Add clock frequency for ThunderX2 I2C controller
- i2c: xlp9xx: Get clock frequency with clk API
- i2c: xlp9xx: Handle 

[ubuntu/xenial-security] linux-meta-snapdragon 4.4.0.1087.79 (Accepted)

[Łukasz Zemczak]

linux-meta-snapdragon (4.4.0.1087.79) xenial; urgency=medium

  * Bump ABI 4.4.0-1087

linux-meta-snapdragon (4.4.0.1086.78) xenial; urgency=medium

  * Bump ABI 4.4.0-1086

linux-meta-snapdragon (4.4.0.1085.77) xenial; urgency=medium

  * Bump ABI 4.4.0-1085

Date: 2018-02-13 10:18:12.400392+00:00
Changed-By: Stefan Bader 
Signed-By: Łukasz Zemczak 
https://launchpad.net/ubuntu/+source/linux-meta-snapdragon/4.4.0.1087.79
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] linux-azure 4.13.0-1011.14 (Accepted)

[Łukasz Zemczak]

linux-azure (4.13.0-1011.14) xenial; urgency=medium

  * linux-azure: 4.13.0-1011.14 -proposed tracker (LP: #1748476)

  * [Hyper-V] Fixes for Network Direct InfiniBand/RDMA driver (LP: #1749332)
- SAUCE: vmbus-rdma: ND142: don't wait forever for disconnection from remote
  connector
- SAUCE: vmbus-rdma: ND142: remove idr handle before calling ND on freeing 
CQ
  and QP
- SAUCE: vmbus-rdma: ND142: do not crash on idr allocation failure - warn
  instead
- SAUCE: vmbus-rdma: ND144: don't wait forever for disconnection from remote
  connector
- SAUCE: vmbus-rdma: ND144: remove idr handle before calling ND on freeing 
CQ
  and QP
- SAUCE: vmbus-rdma: ND144: do not crash on idr allocation failure - warn
  instead

  * [Hyper-V] vsock: always call vsock_init_tables() (LP: #1747970)
- vsock: always call vsock_init_tables()

  * Update the source code location in the debian package for cloud kernels
(LP: #1747890)
- [Debian] Update git repository URI

  [ Ubuntu: 4.13.0-35.39 ]

  * linux: 4.13.0-35.39 -proposed tracker (LP: #1748743)
  * CVE-2017-5715 (Spectre v2 Intel)
- Revert "UBUNTU: SAUCE: turn off IBPB when full retpoline is present"
- SAUCE: turn off IBRS when full retpoline is present
- [Packaging] retpoline files must be sorted
- [Packaging] pull in retpoline files

  [ Ubuntu: 4.13.0-34.37 ]

  * linux: 4.13.0-34.37 -proposed tracker (LP: #1748475)
  * libata: apply MAX_SEC_1024 to all LITEON EP1 series devices (LP: #1743053)
- libata: apply MAX_SEC_1024 to all LITEON EP1 series devices
  * KVM patches for s390x to provide facility bits 81 (ppa15) and 82 (bpb)
(LP: #1747090)
- KVM: s390: wire up bpb feature
  * artful 4.13 i386 kernels crash after memory hotplug remove (LP: #1747069)
- Revert "mm, memory_hotplug: do not associate hotadded memory to zones 
until
  online"
  * CVE-2017-5715 (Spectre v2 Intel)
- x86/feature: Enable the x86 feature to control Speculation
- x86/feature: Report presence of IBPB and IBRS control
- x86/enter: MACROS to set/clear IBRS and set IBPB
- x86/enter: Use IBRS on syscall and interrupts
- x86/idle: Disable IBRS entering idle and enable it on wakeup
- x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup
- x86/mm: Set IBPB upon context switch
- x86/mm: Only set IBPB when the new thread cannot ptrace current thread
- x86/entry: Stuff RSB for entry to kernel for non-SMEP platform
- x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm
- x86/kvm: Set IBPB when switching VM
- x86/kvm: Toggle IBRS on VM entry and exit
- x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature
- x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control
- x86/cpu/AMD: Add speculative control support for AMD
- x86/microcode: Extend post microcode reload to support IBPB feature
- KVM: SVM: Do not intercept new speculative control MSRs
- x86/svm: Set IBRS value on VM entry and exit
- x86/svm: Set IBPB when running a different VCPU
- KVM: x86: Add speculative control CPUID support for guests
- SAUCE: turn off IBPB when full retpoline is present
  * Artful 4.13 fixes for tun (LP: #1748846)
- tun: call dev_get_valid_name() before register_netdevice()
- tun: allow positive return values on dev_get_valid_name() call
- tun/tap: sanitize TUNSETSNDBUF input
  * boot failure on AMD Raven + WestonXT (LP: #1742759)
- SAUCE: drm/amdgpu: add atpx quirk handling (v2)

linux-azure (4.13.0-1010.13) xenial; urgency=low

  * linux-azure: 4.13.0-1010.13 -proposed tracker (LP: #1746907)

  * CVE-2017-5715 (Spectre v2 retpoline)
- x86/retpoline/hyperv: Convert assembler indirect jumps
- [Config] azure: enable CONFIG_GENERIC_CPU_VULNERABILITIES
- [Config] azure: enable CONFIG_RETPOLINE
- [Config] azure: disable retpoline checks for first upload

  * Update the source code location in the debian package for cloud kernels
(LP: #1747890)
- [Debian] Update git repository URI

  * [Hyper-V] linux-azure: PCI: hv: Do not sleep in compose_msi_msg()
(LP: #1747543)
- PCI: hv: Do not sleep in compose_msi_msg()

  [ Ubuntu: 4.13.0-33.36 ]

  * linux: 4.13.0-33.36 -proposed tracker (LP: #1746903)
  * starting VMs causing retpoline4 to reboot (LP: #1747507) // CVE-2017-5715
(Spectre v2 retpoline)
- x86/retpoline: Fill RSB on context switch for affected CPUs
- x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB macros
- x86/retpoline: Optimize inline assembler for vmexit_fill_RSB
- x86/retpoline: Remove the esp/rsp thunk
- x86/retpoline: Simplify vmexit_fill_RSB()
  * Missing install-time driver for QLogic QED 25/40/100Gb Ethernet NIC
(LP: #1743638)
- [d-i] Add qede to nic-modules udeb
  * hisi_sas: driver robustness fixes (LP: #1739807)
- scsi: hisi_sas: fix reset and port ID refresh issues
- scsi: hisi_sas: avoid 

[ubuntu/xenial-updates] linux-gcp 4.13.0-1011.15 (Accepted)

[Łukasz Zemczak]

linux-gcp (4.13.0-1011.15) xenial; urgency=medium

  * linux-gcp: 4.13.0-1011.15 -proposed tracker (LP: #1748478)

  [ Ubuntu: 4.13.0-35.39 ]

  * linux: 4.13.0-35.39 -proposed tracker (LP: #1748743)
  * CVE-2017-5715 (Spectre v2 Intel)
- Revert "UBUNTU: SAUCE: turn off IBPB when full retpoline is present"
- SAUCE: turn off IBRS when full retpoline is present
- [Packaging] retpoline files must be sorted
- [Packaging] pull in retpoline files

  [ Ubuntu: 4.13.0-34.37 ]

  * linux: 4.13.0-34.37 -proposed tracker (LP: #1748475)
  * libata: apply MAX_SEC_1024 to all LITEON EP1 series devices (LP: #1743053)
- libata: apply MAX_SEC_1024 to all LITEON EP1 series devices
  * KVM patches for s390x to provide facility bits 81 (ppa15) and 82 (bpb)
(LP: #1747090)
- KVM: s390: wire up bpb feature
  * artful 4.13 i386 kernels crash after memory hotplug remove (LP: #1747069)
- Revert "mm, memory_hotplug: do not associate hotadded memory to zones
  until online"
  * CVE-2017-5715 (Spectre v2 Intel)
- x86/feature: Enable the x86 feature to control Speculation
- x86/feature: Report presence of IBPB and IBRS control
- x86/enter: MACROS to set/clear IBRS and set IBPB
- x86/enter: Use IBRS on syscall and interrupts
- x86/idle: Disable IBRS entering idle and enable it on wakeup
- x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup
- x86/mm: Set IBPB upon context switch
- x86/mm: Only set IBPB when the new thread cannot ptrace current thread
- x86/entry: Stuff RSB for entry to kernel for non-SMEP platform
- x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm
- x86/kvm: Set IBPB when switching VM
- x86/kvm: Toggle IBRS on VM entry and exit
- x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature
- x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control
- x86/cpu/AMD: Add speculative control support for AMD
- x86/microcode: Extend post microcode reload to support IBPB feature
- KVM: SVM: Do not intercept new speculative control MSRs
- x86/svm: Set IBRS value on VM entry and exit
- x86/svm: Set IBPB when running a different VCPU
- KVM: x86: Add speculative control CPUID support for guests
- SAUCE: turn off IBPB when full retpoline is present
  * Artful 4.13 fixes for tun (LP: #1748846)
- tun: call dev_get_valid_name() before register_netdevice()
- tun: allow positive return values on dev_get_valid_name() call
- tun/tap: sanitize TUNSETSNDBUF input
  * boot failure on AMD Raven + WestonXT (LP: #1742759)
- SAUCE: drm/amdgpu: add atpx quirk handling (v2)

linux-gcp (4.13.0-1010.14) xenial; urgency=medium

  * linux-gcp: 4.13.0-1010.14 -proposed tracker (LP: #1746905)
  * CVE-2017-5715 (Spectre v2 retpoline)
- [Config] enable CONFIG_RETPOLINE for gcp kernel

  [ Ubuntu: 4.13.0-33.36 ]

  * linux: 4.13.0-33.36 -proposed tracker (LP: #1746903)
  * starting VMs causing retpoline4 to reboot (LP: #1747507) // CVE-2017-5715
(Spectre v2 retpoline)
- x86/retpoline: Fill RSB on context switch for affected CPUs
- x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB macros
- x86/retpoline: Optimize inline assembler for vmexit_fill_RSB
- x86/retpoline: Remove the esp/rsp thunk
- x86/retpoline: Simplify vmexit_fill_RSB()
  * Missing install-time driver for QLogic QED 25/40/100Gb Ethernet NIC
(LP: #1743638)
- [d-i] Add qede to nic-modules udeb
  * hisi_sas: driver robustness fixes (LP: #1739807)
- scsi: hisi_sas: fix reset and port ID refresh issues
- scsi: hisi_sas: avoid potential v2 hw interrupt issue
- scsi: hisi_sas: fix v2 hw underflow residual value
- scsi: hisi_sas: add v2 hw DFX feature
- scsi: hisi_sas: add irq and tasklet cleanup in v2 hw
- scsi: hisi_sas: service interrupt ITCT_CLR interrupt in v2 hw
- scsi: hisi_sas: fix internal abort slot timeout bug
- scsi: hisi_sas: us start_phy in PHY_FUNC_LINK_RESET
- scsi: hisi_sas: fix NULL check in SMP abort task path
- scsi: hisi_sas: fix the risk of freeing slot twice
- scsi: hisi_sas: kill tasklet when destroying irq in v3 hw
- scsi: hisi_sas: complete all tasklets prior to host reset
  * [Artful/Zesty] ACPI APEI error handling bug fixes (LP: #1732990)
- ACPI: APEI: fix the wrong iteration of generic error status block
- ACPI / APEI: clear error status before acknowledging the error
  * [Zesty/Artful] On ARM64 PCIE physical function passthrough guest fails to
boot (LP: #1732804)
- vfio/pci: Virtualize Maximum Payload Size
- vfio/pci: Virtualize Maximum Read Request Size
  * hisi_sas: Add ATA command support for SMR disks (LP: #1739891)
- scsi: hisi_sas: support zone management commands
  * thunderx2: i2c driver PEC and ACPI clock fixes (LP: #1738073)
- ACPI / APD: Add clock frequency for ThunderX2 I2C controller
- i2c: xlp9xx: Get clock frequency with clk API
- i2c: xlp9xx: Handle 

[ubuntu/xenial-updates] linux-oem_4.13.0-1021.23_amd64.tar.gz - (Accepted)

[Timo Aaltonen]

linux-oem (4.13.0-1021.23) xenial; urgency=low

  * linux-oem: 4.13.0-1021.23 -proposed tracker (LP: #1748481)

  * Intel 9462 A370:42A4 doesn't work (LP: #1748853)
- SAUCE: iwlwifi: Adding missing id A370:42A4

  * headset mic can't be detected on two Dell machines (LP: #1748807)
- ALSA: hda/realtek - Support headset mode for ALC215/ALC285/ALC289
- ALSA: hda - Fix headset mic detection problem for two Dell machines

  * [linux-oem] Use I2C transport for touchpad on Precision M5530 (LP: #1746661)
- SAUCE: ACPI: Parse entire table as a term_list for Dell XPS 9570 and
  Precision M5530

  * QCA9377 requires more IRAM banks for its new firmware (LP: #1748345)
- SAUCE: ath10k: change QCA9377 IRAM back to 9

  * TrackPoint: middle button doesn't work on TrackPoint-compatible device.
(LP: #1746002)
- Input: trackpoint - force 3 buttons if 0 button is reported

  * [linux-oem] Fix out of bound VBT pin on CNP (LP: #1746411)
- drm/i914/bios: amend child device config parameters
- drm/i915/bios: document BDB versions of child device config fields
- drm/i915/bios: remove the raw version of child device config
- drm/i915/bios: add legacy contents to common child device config
- drm/i915/bios: throw away high level child device union
- drm/i915/bios: throw away struct old_child_dev_config
- drm/i915/bios: document child device config dvo_port values a bit better
- drm/i915/bios: group device type definitions together
- drm/i915/bios: throw away unused DVO_* macros
- drm/i915/bios: drop the rest of the p_ prefixes from pointers
- drm/i915/cnl: Don't trust VBT's alternate pin for port D for now.
- drm/i915/cnl: Map VBT DDC Pin to BSpec DDC Pin.
- drm/i915/bios: split up iboost to hdmi and dp bitfields
- drm/i915/bios: add DP max link rate to VBT child device struct
- drm/i915/cnp: Ignore VBT request for know invalid DDC pin.
- drm/i915/cnp: Properly handle VBT ddc pin out of bounds.

  * Miscellaneous upstream changes
- Rebase to 4.13.0-35.39
- [Config] update configs following rebase to 4.13.0-35.39
- [oem config] Keep ignoring retpoline

  [ Ubuntu: 4.13.0-35.39 ]

  * linux: 4.13.0-35.39 -proposed tracker (LP: #1748743)
  * CVE-2017-5715 (Spectre v2 Intel)
- Revert "UBUNTU: SAUCE: turn off IBPB when full retpoline is present"
- SAUCE: turn off IBRS when full retpoline is present
- [Packaging] retpoline files must be sorted
- [Packaging] pull in retpoline files

  [ Ubuntu: 4.13.0-34.37 ]

  * linux: 4.13.0-34.37 -proposed tracker (LP: #1748475)
  * libata: apply MAX_SEC_1024 to all LITEON EP1 series devices (LP: #1743053)
- libata: apply MAX_SEC_1024 to all LITEON EP1 series devices
  * KVM patches for s390x to provide facility bits 81 (ppa15) and 82 (bpb)
(LP: #1747090)
- KVM: s390: wire up bpb feature
  * artful 4.13 i386 kernels crash after memory hotplug remove (LP: #1747069)
- Revert "mm, memory_hotplug: do not associate hotadded memory to zones 
until
  online"
  * CVE-2017-5715 (Spectre v2 Intel)
- x86/feature: Enable the x86 feature to control Speculation
- x86/feature: Report presence of IBPB and IBRS control
- x86/enter: MACROS to set/clear IBRS and set IBPB
- x86/enter: Use IBRS on syscall and interrupts
- x86/idle: Disable IBRS entering idle and enable it on wakeup
- x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup
- x86/mm: Set IBPB upon context switch
- x86/mm: Only set IBPB when the new thread cannot ptrace current thread
- x86/entry: Stuff RSB for entry to kernel for non-SMEP platform
- x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm
- x86/kvm: Set IBPB when switching VM
- x86/kvm: Toggle IBRS on VM entry and exit
- x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature
- x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control
- x86/cpu/AMD: Add speculative control support for AMD
- x86/microcode: Extend post microcode reload to support IBPB feature
- KVM: SVM: Do not intercept new speculative control MSRs
- x86/svm: Set IBRS value on VM entry and exit
- x86/svm: Set IBPB when running a different VCPU
- KVM: x86: Add speculative control CPUID support for guests
- SAUCE: turn off IBPB when full retpoline is present
  * Artful 4.13 fixes for tun (LP: #1748846)
- tun: call dev_get_valid_name() before register_netdevice()
- tun: allow positive return values on dev_get_valid_name() call
- tun/tap: sanitize TUNSETSNDBUF input
  * boot failure on AMD Raven + WestonXT (LP: #1742759)
- SAUCE: drm/amdgpu: add atpx quirk handling (v2)

  [ Ubuntu: 4.13.0-33.36 ]

  * linux: 4.13.0-33.36 -proposed tracker (LP: #1746903)
  * starting VMs causing retpoline4 to reboot (LP: #1747507) // CVE-2017-5715
(Spectre v2 retpoline)
- x86/retpoline: Fill RSB on context switch for affected CPUs
- x86/retpoline: Add 

[ubuntu/xenial-security] linux-meta-raspi2 4.4.0.1085.85 (Accepted)

[Łukasz Zemczak]

linux-meta-raspi2 (4.4.0.1085.85) xenial; urgency=medium

  * Bump ABI 4.4.0-1085

linux-meta-raspi2 (4.4.0.1084.84) xenial; urgency=medium

  * Bump ABI 4.4.0-1084

linux-meta-raspi2 (4.4.0.1083.83) xenial; urgency=medium

  * Bump ABI 4.4.0-1083

Date: 2018-02-13 09:44:24.489811+00:00
Changed-By: Stefan Bader 
Signed-By: Łukasz Zemczak 
https://launchpad.net/ubuntu/+source/linux-meta-raspi2/4.4.0.1085.85
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] linux-meta-kvm 4.4.0.1019.18 (Accepted)

[Łukasz Zemczak]

linux-meta-kvm (4.4.0.1019.18) xenial; urgency=medium

  * Bump ABI 4.4.0-1019

linux-meta-kvm (4.4.0.1018.17) xenial; urgency=medium

  * Bump ABI 4.4.0-1018

Date: 2018-02-13 13:13:12.836802+00:00
Changed-By: Stefan Bader 
Signed-By: Łukasz Zemczak 
https://launchpad.net/ubuntu/+source/linux-meta-kvm/4.4.0.1019.18
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-security] linux-azure 4.13.0-1011.14 (Accepted)

[Łukasz Zemczak]

linux-azure (4.13.0-1011.14) xenial; urgency=medium

  * linux-azure: 4.13.0-1011.14 -proposed tracker (LP: #1748476)

  * [Hyper-V] Fixes for Network Direct InfiniBand/RDMA driver (LP: #1749332)
- SAUCE: vmbus-rdma: ND142: don't wait forever for disconnection from remote
  connector
- SAUCE: vmbus-rdma: ND142: remove idr handle before calling ND on freeing 
CQ
  and QP
- SAUCE: vmbus-rdma: ND142: do not crash on idr allocation failure - warn
  instead
- SAUCE: vmbus-rdma: ND144: don't wait forever for disconnection from remote
  connector
- SAUCE: vmbus-rdma: ND144: remove idr handle before calling ND on freeing 
CQ
  and QP
- SAUCE: vmbus-rdma: ND144: do not crash on idr allocation failure - warn
  instead

  * [Hyper-V] vsock: always call vsock_init_tables() (LP: #1747970)
- vsock: always call vsock_init_tables()

  * Update the source code location in the debian package for cloud kernels
(LP: #1747890)
- [Debian] Update git repository URI

  [ Ubuntu: 4.13.0-35.39 ]

  * linux: 4.13.0-35.39 -proposed tracker (LP: #1748743)
  * CVE-2017-5715 (Spectre v2 Intel)
- Revert "UBUNTU: SAUCE: turn off IBPB when full retpoline is present"
- SAUCE: turn off IBRS when full retpoline is present
- [Packaging] retpoline files must be sorted
- [Packaging] pull in retpoline files

  [ Ubuntu: 4.13.0-34.37 ]

  * linux: 4.13.0-34.37 -proposed tracker (LP: #1748475)
  * libata: apply MAX_SEC_1024 to all LITEON EP1 series devices (LP: #1743053)
- libata: apply MAX_SEC_1024 to all LITEON EP1 series devices
  * KVM patches for s390x to provide facility bits 81 (ppa15) and 82 (bpb)
(LP: #1747090)
- KVM: s390: wire up bpb feature
  * artful 4.13 i386 kernels crash after memory hotplug remove (LP: #1747069)
- Revert "mm, memory_hotplug: do not associate hotadded memory to zones 
until
  online"
  * CVE-2017-5715 (Spectre v2 Intel)
- x86/feature: Enable the x86 feature to control Speculation
- x86/feature: Report presence of IBPB and IBRS control
- x86/enter: MACROS to set/clear IBRS and set IBPB
- x86/enter: Use IBRS on syscall and interrupts
- x86/idle: Disable IBRS entering idle and enable it on wakeup
- x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup
- x86/mm: Set IBPB upon context switch
- x86/mm: Only set IBPB when the new thread cannot ptrace current thread
- x86/entry: Stuff RSB for entry to kernel for non-SMEP platform
- x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm
- x86/kvm: Set IBPB when switching VM
- x86/kvm: Toggle IBRS on VM entry and exit
- x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature
- x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control
- x86/cpu/AMD: Add speculative control support for AMD
- x86/microcode: Extend post microcode reload to support IBPB feature
- KVM: SVM: Do not intercept new speculative control MSRs
- x86/svm: Set IBRS value on VM entry and exit
- x86/svm: Set IBPB when running a different VCPU
- KVM: x86: Add speculative control CPUID support for guests
- SAUCE: turn off IBPB when full retpoline is present
  * Artful 4.13 fixes for tun (LP: #1748846)
- tun: call dev_get_valid_name() before register_netdevice()
- tun: allow positive return values on dev_get_valid_name() call
- tun/tap: sanitize TUNSETSNDBUF input
  * boot failure on AMD Raven + WestonXT (LP: #1742759)
- SAUCE: drm/amdgpu: add atpx quirk handling (v2)

linux-azure (4.13.0-1010.13) xenial; urgency=low

  * linux-azure: 4.13.0-1010.13 -proposed tracker (LP: #1746907)

  * CVE-2017-5715 (Spectre v2 retpoline)
- x86/retpoline/hyperv: Convert assembler indirect jumps
- [Config] azure: enable CONFIG_GENERIC_CPU_VULNERABILITIES
- [Config] azure: enable CONFIG_RETPOLINE
- [Config] azure: disable retpoline checks for first upload

  * Update the source code location in the debian package for cloud kernels
(LP: #1747890)
- [Debian] Update git repository URI

  * [Hyper-V] linux-azure: PCI: hv: Do not sleep in compose_msi_msg()
(LP: #1747543)
- PCI: hv: Do not sleep in compose_msi_msg()

  [ Ubuntu: 4.13.0-33.36 ]

  * linux: 4.13.0-33.36 -proposed tracker (LP: #1746903)
  * starting VMs causing retpoline4 to reboot (LP: #1747507) // CVE-2017-5715
(Spectre v2 retpoline)
- x86/retpoline: Fill RSB on context switch for affected CPUs
- x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB macros
- x86/retpoline: Optimize inline assembler for vmexit_fill_RSB
- x86/retpoline: Remove the esp/rsp thunk
- x86/retpoline: Simplify vmexit_fill_RSB()
  * Missing install-time driver for QLogic QED 25/40/100Gb Ethernet NIC
(LP: #1743638)
- [d-i] Add qede to nic-modules udeb
  * hisi_sas: driver robustness fixes (LP: #1739807)
- scsi: hisi_sas: fix reset and port ID refresh issues
- scsi: hisi_sas: avoid 

[ubuntu/xenial-security] linux-meta-oem 4.13.0.1021.25 (Accepted)

[Łukasz Zemczak]

linux-meta-oem (4.13.0.1021.25) xenial; urgency=medium

  * Bump ABI 4.13.0-1021

Date: 2018-02-12 15:22:12.773423+00:00
Changed-By: Timo Aaltonen 
Signed-By: Łukasz Zemczak 
https://launchpad.net/ubuntu/+source/linux-meta-oem/4.13.0.1021.25
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-security] linux-signed-oem 4.13.0-1021.23 (Accepted)

[Łukasz Zemczak]

linux-signed-oem (4.13.0-1021.23) xenial; urgency=medium

  * Master version: 4.13.0-1021.23

linux-signed-oem (4.13.0-1021.22) xenial; urgency=medium

  * Master version: 4.13.0-1021.22

Date: 2018-02-13 12:24:13.448887+00:00
Changed-By: Timo Aaltonen 
Signed-By: Łukasz Zemczak 
https://launchpad.net/ubuntu/+source/linux-signed-oem/4.13.0-1021.23
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] linux-oem 4.13.0-1021.23 (Accepted)

[Łukasz Zemczak]

linux-oem (4.13.0-1021.23) xenial; urgency=low

  * linux-oem: 4.13.0-1021.23 -proposed tracker (LP: #1748481)

  * Intel 9462 A370:42A4 doesn't work (LP: #1748853)
- SAUCE: iwlwifi: Adding missing id A370:42A4

  * headset mic can't be detected on two Dell machines (LP: #1748807)
- ALSA: hda/realtek - Support headset mode for ALC215/ALC285/ALC289
- ALSA: hda - Fix headset mic detection problem for two Dell machines

  * [linux-oem] Use I2C transport for touchpad on Precision M5530 (LP: #1746661)
- SAUCE: ACPI: Parse entire table as a term_list for Dell XPS 9570 and
  Precision M5530

  * QCA9377 requires more IRAM banks for its new firmware (LP: #1748345)
- SAUCE: ath10k: change QCA9377 IRAM back to 9

  * TrackPoint: middle button doesn't work on TrackPoint-compatible device.
(LP: #1746002)
- Input: trackpoint - force 3 buttons if 0 button is reported

  * [linux-oem] Fix out of bound VBT pin on CNP (LP: #1746411)
- drm/i914/bios: amend child device config parameters
- drm/i915/bios: document BDB versions of child device config fields
- drm/i915/bios: remove the raw version of child device config
- drm/i915/bios: add legacy contents to common child device config
- drm/i915/bios: throw away high level child device union
- drm/i915/bios: throw away struct old_child_dev_config
- drm/i915/bios: document child device config dvo_port values a bit better
- drm/i915/bios: group device type definitions together
- drm/i915/bios: throw away unused DVO_* macros
- drm/i915/bios: drop the rest of the p_ prefixes from pointers
- drm/i915/cnl: Don't trust VBT's alternate pin for port D for now.
- drm/i915/cnl: Map VBT DDC Pin to BSpec DDC Pin.
- drm/i915/bios: split up iboost to hdmi and dp bitfields
- drm/i915/bios: add DP max link rate to VBT child device struct
- drm/i915/cnp: Ignore VBT request for know invalid DDC pin.
- drm/i915/cnp: Properly handle VBT ddc pin out of bounds.

  * Miscellaneous upstream changes
- Rebase to 4.13.0-35.39
- [Config] update configs following rebase to 4.13.0-35.39
- [oem config] Keep ignoring retpoline

  [ Ubuntu: 4.13.0-35.39 ]

  * linux: 4.13.0-35.39 -proposed tracker (LP: #1748743)
  * CVE-2017-5715 (Spectre v2 Intel)
- Revert "UBUNTU: SAUCE: turn off IBPB when full retpoline is present"
- SAUCE: turn off IBRS when full retpoline is present
- [Packaging] retpoline files must be sorted
- [Packaging] pull in retpoline files

  [ Ubuntu: 4.13.0-34.37 ]

  * linux: 4.13.0-34.37 -proposed tracker (LP: #1748475)
  * libata: apply MAX_SEC_1024 to all LITEON EP1 series devices (LP: #1743053)
- libata: apply MAX_SEC_1024 to all LITEON EP1 series devices
  * KVM patches for s390x to provide facility bits 81 (ppa15) and 82 (bpb)
(LP: #1747090)
- KVM: s390: wire up bpb feature
  * artful 4.13 i386 kernels crash after memory hotplug remove (LP: #1747069)
- Revert "mm, memory_hotplug: do not associate hotadded memory to zones 
until
  online"
  * CVE-2017-5715 (Spectre v2 Intel)
- x86/feature: Enable the x86 feature to control Speculation
- x86/feature: Report presence of IBPB and IBRS control
- x86/enter: MACROS to set/clear IBRS and set IBPB
- x86/enter: Use IBRS on syscall and interrupts
- x86/idle: Disable IBRS entering idle and enable it on wakeup
- x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup
- x86/mm: Set IBPB upon context switch
- x86/mm: Only set IBPB when the new thread cannot ptrace current thread
- x86/entry: Stuff RSB for entry to kernel for non-SMEP platform
- x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm
- x86/kvm: Set IBPB when switching VM
- x86/kvm: Toggle IBRS on VM entry and exit
- x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature
- x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control
- x86/cpu/AMD: Add speculative control support for AMD
- x86/microcode: Extend post microcode reload to support IBPB feature
- KVM: SVM: Do not intercept new speculative control MSRs
- x86/svm: Set IBRS value on VM entry and exit
- x86/svm: Set IBPB when running a different VCPU
- KVM: x86: Add speculative control CPUID support for guests
- SAUCE: turn off IBPB when full retpoline is present
  * Artful 4.13 fixes for tun (LP: #1748846)
- tun: call dev_get_valid_name() before register_netdevice()
- tun: allow positive return values on dev_get_valid_name() call
- tun/tap: sanitize TUNSETSNDBUF input
  * boot failure on AMD Raven + WestonXT (LP: #1742759)
- SAUCE: drm/amdgpu: add atpx quirk handling (v2)

  [ Ubuntu: 4.13.0-33.36 ]

  * linux: 4.13.0-33.36 -proposed tracker (LP: #1746903)
  * starting VMs causing retpoline4 to reboot (LP: #1747507) // CVE-2017-5715
(Spectre v2 retpoline)
- x86/retpoline: Fill RSB on context switch for affected CPUs
- x86/retpoline: Add 

[ubuntu/xenial-security] linux-meta-gcp 4.13.0.1011.13 (Accepted)

[Łukasz Zemczak]

linux-meta-gcp (4.13.0.1011.13) xenial; urgency=medium

  * Bump ABI 4.13.0-1011

linux-meta-gcp (4.13.0.1010.12) xenial; urgency=medium

  * Bump ABI 4.13.0-1010

linux-meta-gcp (4.13.0.1009.11) xenial; urgency=medium

  * Bump ABI 4.13.0-1009

Date: 2018-02-12 17:22:17.39+00:00
Changed-By: Stefan Bader 
Signed-By: Łukasz Zemczak 
https://launchpad.net/ubuntu/+source/linux-meta-gcp/4.13.0.1011.13
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] linux-meta 4.4.0.116.122 (Accepted)

[Łukasz Zemczak]

linux-meta (4.4.0.116.122) xenial; urgency=medium

  * Bump ABI 4.4.0-116

linux-meta (4.4.0.115.121) xenial; urgency=medium

  * Bump ABI 4.4.0-115

linux-meta (4.4.0.114.120) xenial; urgency=medium

  * Bump ABI 4.4.0-114

linux-meta (4.4.0.113.119) xenial; urgency=medium

  * Bump ABI 4.4.0-113

Date: 2018-02-12 21:19:12.220448+00:00
Changed-By: Khaled El Mously 
Signed-By: Łukasz Zemczak 
https://launchpad.net/ubuntu/+source/linux-meta/4.4.0.116.122
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] linux-signed 4.4.0-116.140 (Accepted)

[Łukasz Zemczak]

linux-signed (4.4.0-116.140) xenial; urgency=medium

  * Version 4.4.0-116.140

linux-signed (4.4.0-115.138) xenial; urgency=medium

  * Version 4.4.0-115.138

linux-signed (4.4.0-114.137) xenial; urgency=medium

  * Version 4.4.0-114.137

linux-signed (4.4.0-113.136) xenial; urgency=medium

  * Version 4.4.0-113.136

Date: 2018-02-12 21:19:25.925684+00:00
Changed-By: Khaled El Mously 
Signed-By: Łukasz Zemczak 
https://launchpad.net/ubuntu/+source/linux-signed/4.4.0-116.140
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-security] linux-hwe 4.13.0-36.40~16.04.1 (Accepted)

[Łukasz Zemczak]

linux-hwe (4.13.0-36.40~16.04.1) xenial; urgency=medium

  * linux-hwe: 4.13.0-36.40~16.04.1 -proposed tracker (LP: #1750052)

  * linux: 4.13.0-36.40 -proposed tracker (LP: #1750010)

  * Rebuild without "CVE-2017-5754 ARM64 KPTI fixes" patch set

linux (4.13.0-35.39) artful; urgency=medium

  * linux: 4.13.0-35.39 -proposed tracker (LP: #1748743)

  * CVE-2017-5715 (Spectre v2 Intel)
- Revert "UBUNTU: SAUCE: turn off IBPB when full retpoline is present"
- SAUCE: turn off IBRS when full retpoline is present
- [Packaging] retpoline files must be sorted
- [Packaging] pull in retpoline files

linux (4.13.0-34.37) artful; urgency=medium

  * linux: 4.13.0-34.37 -proposed tracker (LP: #1748475)

  * libata: apply MAX_SEC_1024 to all LITEON EP1 series devices (LP: #1743053)
- libata: apply MAX_SEC_1024 to all LITEON EP1 series devices

  * KVM patches for s390x to provide facility bits 81 (ppa15) and 82 (bpb)
(LP: #1747090)
- KVM: s390: wire up bpb feature

  * artful 4.13 i386 kernels crash after memory hotplug remove (LP: #1747069)
- Revert "mm, memory_hotplug: do not associate hotadded memory to zones 
until
  online"

  * CVE-2017-5715 (Spectre v2 Intel)
- x86/feature: Enable the x86 feature to control Speculation
- x86/feature: Report presence of IBPB and IBRS control
- x86/enter: MACROS to set/clear IBRS and set IBPB
- x86/enter: Use IBRS on syscall and interrupts
- x86/idle: Disable IBRS entering idle and enable it on wakeup
- x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup
- x86/mm: Set IBPB upon context switch
- x86/mm: Only set IBPB when the new thread cannot ptrace current thread
- x86/entry: Stuff RSB for entry to kernel for non-SMEP platform
- x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm
- x86/kvm: Set IBPB when switching VM
- x86/kvm: Toggle IBRS on VM entry and exit
- x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature
- x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control
- x86/cpu/AMD: Add speculative control support for AMD
- x86/microcode: Extend post microcode reload to support IBPB feature
- KVM: SVM: Do not intercept new speculative control MSRs
- x86/svm: Set IBRS value on VM entry and exit
- x86/svm: Set IBPB when running a different VCPU
- KVM: x86: Add speculative control CPUID support for guests
- SAUCE: turn off IBPB when full retpoline is present

  * Artful 4.13 fixes for tun (LP: #1748846)
- tun: call dev_get_valid_name() before register_netdevice()
- tun: allow positive return values on dev_get_valid_name() call
- tun/tap: sanitize TUNSETSNDBUF input

  * boot failure on AMD Raven + WestonXT (LP: #1742759)
- SAUCE: drm/amdgpu: add atpx quirk handling (v2)

linux (4.13.0-33.36) artful; urgency=low

  * linux: 4.13.0-33.36 -proposed tracker (LP: #1746903)

  [ Stefan Bader ]
  * starting VMs causing retpoline4 to reboot (LP: #1747507) // CVE-2017-5715
(Spectre v2 retpoline)
- x86/retpoline: Fill RSB on context switch for affected CPUs
- x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB macros
- x86/retpoline: Optimize inline assembler for vmexit_fill_RSB
- x86/retpoline: Remove the esp/rsp thunk
- x86/retpoline: Simplify vmexit_fill_RSB()

  * Missing install-time driver for QLogic QED 25/40/100Gb Ethernet NIC
(LP: #1743638)
- [d-i] Add qede to nic-modules udeb

  * hisi_sas: driver robustness fixes (LP: #1739807)
- scsi: hisi_sas: fix reset and port ID refresh issues
- scsi: hisi_sas: avoid potential v2 hw interrupt issue
- scsi: hisi_sas: fix v2 hw underflow residual value
- scsi: hisi_sas: add v2 hw DFX feature
- scsi: hisi_sas: add irq and tasklet cleanup in v2 hw
- scsi: hisi_sas: service interrupt ITCT_CLR interrupt in v2 hw
- scsi: hisi_sas: fix internal abort slot timeout bug
- scsi: hisi_sas: us start_phy in PHY_FUNC_LINK_RESET
- scsi: hisi_sas: fix NULL check in SMP abort task path
- scsi: hisi_sas: fix the risk of freeing slot twice
- scsi: hisi_sas: kill tasklet when destroying irq in v3 hw
- scsi: hisi_sas: complete all tasklets prior to host reset

  * [Artful/Zesty] ACPI APEI error handling bug fixes (LP: #1732990)
- ACPI: APEI: fix the wrong iteration of generic error status block
- ACPI / APEI: clear error status before acknowledging the error

  * [Zesty/Artful] On ARM64 PCIE physical function passthrough guest fails to
boot (LP: #1732804)
- vfio/pci: Virtualize Maximum Payload Size
- vfio/pci: Virtualize Maximum Read Request Size

  * hisi_sas: Add ATA command support for SMR disks (LP: #1739891)
- scsi: hisi_sas: support zone management commands

  * thunderx2: i2c driver PEC and ACPI clock fixes (LP: #1738073)
- ACPI / APD: Add clock frequency for ThunderX2 I2C controller
- i2c: xlp9xx: Get clock frequency with clk API
- i2c: xlp9xx: 

[ubuntu/xenial-updates] linux-hwe 4.13.0-36.40~16.04.1 (Accepted)

[Łukasz Zemczak]

linux-hwe (4.13.0-36.40~16.04.1) xenial; urgency=medium

  * linux-hwe: 4.13.0-36.40~16.04.1 -proposed tracker (LP: #1750052)

  * linux: 4.13.0-36.40 -proposed tracker (LP: #1750010)

  * Rebuild without "CVE-2017-5754 ARM64 KPTI fixes" patch set

linux (4.13.0-35.39) artful; urgency=medium

  * linux: 4.13.0-35.39 -proposed tracker (LP: #1748743)

  * CVE-2017-5715 (Spectre v2 Intel)
- Revert "UBUNTU: SAUCE: turn off IBPB when full retpoline is present"
- SAUCE: turn off IBRS when full retpoline is present
- [Packaging] retpoline files must be sorted
- [Packaging] pull in retpoline files

linux (4.13.0-34.37) artful; urgency=medium

  * linux: 4.13.0-34.37 -proposed tracker (LP: #1748475)

  * libata: apply MAX_SEC_1024 to all LITEON EP1 series devices (LP: #1743053)
- libata: apply MAX_SEC_1024 to all LITEON EP1 series devices

  * KVM patches for s390x to provide facility bits 81 (ppa15) and 82 (bpb)
(LP: #1747090)
- KVM: s390: wire up bpb feature

  * artful 4.13 i386 kernels crash after memory hotplug remove (LP: #1747069)
- Revert "mm, memory_hotplug: do not associate hotadded memory to zones 
until
  online"

  * CVE-2017-5715 (Spectre v2 Intel)
- x86/feature: Enable the x86 feature to control Speculation
- x86/feature: Report presence of IBPB and IBRS control
- x86/enter: MACROS to set/clear IBRS and set IBPB
- x86/enter: Use IBRS on syscall and interrupts
- x86/idle: Disable IBRS entering idle and enable it on wakeup
- x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup
- x86/mm: Set IBPB upon context switch
- x86/mm: Only set IBPB when the new thread cannot ptrace current thread
- x86/entry: Stuff RSB for entry to kernel for non-SMEP platform
- x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm
- x86/kvm: Set IBPB when switching VM
- x86/kvm: Toggle IBRS on VM entry and exit
- x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature
- x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control
- x86/cpu/AMD: Add speculative control support for AMD
- x86/microcode: Extend post microcode reload to support IBPB feature
- KVM: SVM: Do not intercept new speculative control MSRs
- x86/svm: Set IBRS value on VM entry and exit
- x86/svm: Set IBPB when running a different VCPU
- KVM: x86: Add speculative control CPUID support for guests
- SAUCE: turn off IBPB when full retpoline is present

  * Artful 4.13 fixes for tun (LP: #1748846)
- tun: call dev_get_valid_name() before register_netdevice()
- tun: allow positive return values on dev_get_valid_name() call
- tun/tap: sanitize TUNSETSNDBUF input

  * boot failure on AMD Raven + WestonXT (LP: #1742759)
- SAUCE: drm/amdgpu: add atpx quirk handling (v2)

linux (4.13.0-33.36) artful; urgency=low

  * linux: 4.13.0-33.36 -proposed tracker (LP: #1746903)

  [ Stefan Bader ]
  * starting VMs causing retpoline4 to reboot (LP: #1747507) // CVE-2017-5715
(Spectre v2 retpoline)
- x86/retpoline: Fill RSB on context switch for affected CPUs
- x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB macros
- x86/retpoline: Optimize inline assembler for vmexit_fill_RSB
- x86/retpoline: Remove the esp/rsp thunk
- x86/retpoline: Simplify vmexit_fill_RSB()

  * Missing install-time driver for QLogic QED 25/40/100Gb Ethernet NIC
(LP: #1743638)
- [d-i] Add qede to nic-modules udeb

  * hisi_sas: driver robustness fixes (LP: #1739807)
- scsi: hisi_sas: fix reset and port ID refresh issues
- scsi: hisi_sas: avoid potential v2 hw interrupt issue
- scsi: hisi_sas: fix v2 hw underflow residual value
- scsi: hisi_sas: add v2 hw DFX feature
- scsi: hisi_sas: add irq and tasklet cleanup in v2 hw
- scsi: hisi_sas: service interrupt ITCT_CLR interrupt in v2 hw
- scsi: hisi_sas: fix internal abort slot timeout bug
- scsi: hisi_sas: us start_phy in PHY_FUNC_LINK_RESET
- scsi: hisi_sas: fix NULL check in SMP abort task path
- scsi: hisi_sas: fix the risk of freeing slot twice
- scsi: hisi_sas: kill tasklet when destroying irq in v3 hw
- scsi: hisi_sas: complete all tasklets prior to host reset

  * [Artful/Zesty] ACPI APEI error handling bug fixes (LP: #1732990)
- ACPI: APEI: fix the wrong iteration of generic error status block
- ACPI / APEI: clear error status before acknowledging the error

  * [Zesty/Artful] On ARM64 PCIE physical function passthrough guest fails to
boot (LP: #1732804)
- vfio/pci: Virtualize Maximum Payload Size
- vfio/pci: Virtualize Maximum Read Request Size

  * hisi_sas: Add ATA command support for SMR disks (LP: #1739891)
- scsi: hisi_sas: support zone management commands

  * thunderx2: i2c driver PEC and ACPI clock fixes (LP: #1738073)
- ACPI / APD: Add clock frequency for ThunderX2 I2C controller
- i2c: xlp9xx: Get clock frequency with clk API
- i2c: xlp9xx: 

[ubuntu/xenial-security] linux-signed-hwe 4.13.0-36.40~16.04.1 (Accepted)

[Łukasz Zemczak]

linux-signed-hwe (4.13.0-36.40~16.04.1) xenial; urgency=medium

  * Master version: 4.13.0-36.40~16.04.1

linux-signed-hwe (4.13.0-35.39~16.04.1) xenial; urgency=medium

  * Master version: 4.13.0-35.39~16.04.1

linux-signed-hwe (4.13.0-33.36~16.04.1) xenial; urgency=medium

  * Master version: 4.13.0-33.36~16.04.1

Date: 2018-02-16 23:22:54.455755+00:00
Changed-By: Kamal Mostafa 
Signed-By: Łukasz Zemczak 
https://launchpad.net/ubuntu/+source/linux-signed-hwe/4.13.0-36.40~16.04.1
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-security] linux-meta 4.4.0.116.122 (Accepted)

[Łukasz Zemczak]

linux-meta (4.4.0.116.122) xenial; urgency=medium

  * Bump ABI 4.4.0-116

linux-meta (4.4.0.115.121) xenial; urgency=medium

  * Bump ABI 4.4.0-115

linux-meta (4.4.0.114.120) xenial; urgency=medium

  * Bump ABI 4.4.0-114

linux-meta (4.4.0.113.119) xenial; urgency=medium

  * Bump ABI 4.4.0-113

Date: 2018-02-12 21:19:12.220448+00:00
Changed-By: Khaled El Mously 
Signed-By: Łukasz Zemczak 
https://launchpad.net/ubuntu/+source/linux-meta/4.4.0.116.122
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-proposed] hw-detect 1.117ubuntu2.3 (Accepted)

[Dimitri John Ledkov]

hw-detect (1.117ubuntu2.3) xenial; urgency=medium

  * hw-detect.sh: install opal-prd on OpenPOWER machines. LP: #1555904
  * Drop hw-detect.pre-pkgsel.d/20install-hwpackages, as it installs
universe package, which is probably in itself not useful on
Ubuntu. LP: #1577833

Date: Wed, 21 Feb 2018 15:36:54 +
Changed-By: Dimitri John Ledkov 
Maintainer: Ubuntu Installer Team 
https://launchpad.net/ubuntu/+source/hw-detect/1.117ubuntu2.3
Format: 1.8
Date: Wed, 21 Feb 2018 15:36:54 +
Source: hw-detect
Binary: hw-detect ethdetect disk-detect driver-injection-disk-detect archdetect 
archdetect-deb
Architecture: source
Version: 1.117ubuntu2.3
Distribution: xenial
Urgency: medium
Maintainer: Ubuntu Installer Team 
Changed-By: Dimitri John Ledkov 
Description:
 archdetect - Hardware architecture detector (udeb)
 archdetect-deb - Hardware architecture detector
 disk-detect - Detect disk drives (udeb)
 driver-injection-disk-detect - Detect OEM driver injection disks (udeb)
 ethdetect  - Detect network hardware and load kernel drivers for it (udeb)
 hw-detect  - Detect hardware and load kernel drivers for it (udeb)
Launchpad-Bugs-Fixed: 1555904 1577833
Changes:
 hw-detect (1.117ubuntu2.3) xenial; urgency=medium
 .
   * hw-detect.sh: install opal-prd on OpenPOWER machines. LP: #1555904
   * Drop hw-detect.pre-pkgsel.d/20install-hwpackages, as it installs
 universe package, which is probably in itself not useful on
 Ubuntu. LP: #1577833
Checksums-Sha1:
 9fe0ad5bf31cd994ee078e2bc5be940295083afc 1970 hw-detect_1.117ubuntu2.3.dsc
 97c38db7801399fc8a0e82f38a64108a492df315 192940 hw-detect_1.117ubuntu2.3.tar.xz
 d5734dfb9b47b07bc2de1752b87e7dd0e98d1366 6699 
hw-detect_1.117ubuntu2.3_source.buildinfo
Checksums-Sha256:
 0e2f09a7e56beb8601c9088ce753c3023478ab6b99113be4aa36aa51ca34a419 1970 
hw-detect_1.117ubuntu2.3.dsc
 e7238c5b1e0e01e9bdb01a97b567db772db0d54f44730e20e1fc1a9f0faa7420 192940 
hw-detect_1.117ubuntu2.3.tar.xz
 376273ecb202522b0c6ecf0d93799fc393f2ac4b67763529f1ee162073de4bc8 6699 
hw-detect_1.117ubuntu2.3_source.buildinfo
Files:
 763fe4becc4fdce196cafad8487d1291 1970 debian-installer standard 
hw-detect_1.117ubuntu2.3.dsc
 641e6a87fc51d5d17b5d21f4eb9873d7 192940 debian-installer standard 
hw-detect_1.117ubuntu2.3.tar.xz
 26011a2c63a139642a35f13505b6600b 6699 debian-installer standard 
hw-detect_1.117ubuntu2.3_source.buildinfo
Original-Maintainer: Debian Install System Team 
-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-proposed] s390-tools 1.34.0-0ubuntu8.5 (Accepted)

[Dimitri John Ledkov]

s390-tools (1.34.0-0ubuntu8.5) xenial; urgency=medium

  * Correct postinst, which cleans up erroneous directory from
1.34.0-0ubuntu8 upload and earlier. LP: #1608927

Date: Wed, 21 Feb 2018 16:44:02 +
Changed-By: Dimitri John Ledkov 
Maintainer: Ubuntu Developers 
https://launchpad.net/ubuntu/+source/s390-tools/1.34.0-0ubuntu8.5
Format: 1.8
Date: Wed, 21 Feb 2018 16:44:02 +
Source: s390-tools
Binary: s390-tools s390-tools-cpuplugd s390-tools-statd s390-tools-osasnmpd 
s390-tools-udeb
Architecture: source
Version: 1.34.0-0ubuntu8.5
Distribution: xenial
Urgency: medium
Maintainer: Ubuntu Developers 
Changed-By: Dimitri John Ledkov 
Description:
 s390-tools - fundamental utilities for Linux on z Systems
 s390-tools-cpuplugd - cpuplugd utility for Linux on z Systems
 s390-tools-osasnmpd - osasnmpd utility for Linux on z Systems
 s390-tools-statd - mon_statd monitoring daemons for Linux on z Systems
 s390-tools-udeb - utilities for Linux on z Systems (udeb)
Launchpad-Bugs-Fixed: 1608927
Changes:
 s390-tools (1.34.0-0ubuntu8.5) xenial; urgency=medium
 .
   * Correct postinst, which cleans up erroneous directory from
 1.34.0-0ubuntu8 upload and earlier. LP: #1608927
Checksums-Sha1:
 25c6439991d0317ba86ae9ef1f090347204e5d0f 2069 s390-tools_1.34.0-0ubuntu8.5.dsc
 c4a88bb7fd2089570fe9680f83e0087ca99e5d46 20236 
s390-tools_1.34.0-0ubuntu8.5.debian.tar.xz
 01c6570775b889bcf7a47f29b8b32b193d51602f 7547 
s390-tools_1.34.0-0ubuntu8.5_source.buildinfo
Checksums-Sha256:
 adaf3a5731733a715c52bbe59651c0874c3390cc825b70a08003d6c7bb4814e3 2069 
s390-tools_1.34.0-0ubuntu8.5.dsc
 da0b1da4d4e8a93fd84e609867eacc0916cc795e966455397c975825a9c253df 20236 
s390-tools_1.34.0-0ubuntu8.5.debian.tar.xz
 794b0d043a5ea132160bc3b349d1cce6b11b31fc34d9025245785081cddd079e 7547 
s390-tools_1.34.0-0ubuntu8.5_source.buildinfo
Files:
 256853e1d0a9edb7ee96413c4acd7091 2069 admin optional 
s390-tools_1.34.0-0ubuntu8.5.dsc
 c0b5107f785f845f7d4ccb3f304b6d84 20236 admin optional 
s390-tools_1.34.0-0ubuntu8.5.debian.tar.xz
 6acd2bc248073266bd6243e18dc568f8 7547 admin optional 
s390-tools_1.34.0-0ubuntu8.5_source.buildinfo
Original-Maintainer: Debian S/390 Team 
-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-proposed] libgcrypt20 1.6.5-2ubuntu0.4 (Accepted)

[Vineetha Pai]

libgcrypt20 (1.6.5-2ubuntu0.4) xenial; urgency=medium

  * Disable the library reading /proc/sys/crypto/fips_enabled file
and going into FIPS mode. This fixes a hang on boot when using a
FIPS-enabled kernel with encrypted installations (LP: #1748310)
- debian/patches/disable_fips_enabled_read.patch

Date: Fri, 16 Feb 2018 13:31:19 -0500
Changed-By: Vineetha Pai 
Maintainer: Ubuntu Developers 
Signed-By: Robie Basak 
https://launchpad.net/ubuntu/+source/libgcrypt20/1.6.5-2ubuntu0.4
Format: 1.8
Date: Fri, 16 Feb 2018 13:31:19 -0500
Source: libgcrypt20
Binary: libgcrypt20-doc libgcrypt20-dev libgcrypt20 libgcrypt20-udeb 
libgcrypt11-dev
Architecture: source
Version: 1.6.5-2ubuntu0.4
Distribution: xenial
Urgency: medium
Maintainer: Ubuntu Developers 
Changed-By: Vineetha Pai 
Description:
 libgcrypt11-dev - transitional libgcrypt11-dev package
 libgcrypt20 - LGPL Crypto library - runtime library
 libgcrypt20-dev - LGPL Crypto library - development files
 libgcrypt20-doc - LGPL Crypto library - documentation
 libgcrypt20-udeb - LGPL Crypto library - runtime library (udeb)
Launchpad-Bugs-Fixed: 1748310
Changes:
 libgcrypt20 (1.6.5-2ubuntu0.4) xenial; urgency=medium
 .
   * Disable the library reading /proc/sys/crypto/fips_enabled file
 and going into FIPS mode. This fixes a hang on boot when using a
 FIPS-enabled kernel with encrypted installations (LP: #1748310)
 - debian/patches/disable_fips_enabled_read.patch
Checksums-Sha1:
 a10a7291615ba753a0690bcc55ad52b2181ae1b8 2639 libgcrypt20_1.6.5-2ubuntu0.4.dsc
 6ef38e9f470e1ff2585ec84c0f1fbb20afafe672 36840 
libgcrypt20_1.6.5-2ubuntu0.4.debian.tar.xz
Checksums-Sha256:
 8563d406770c214117424b8d5f6744f988c18ec3bed8f593984661bff0b3 2639 
libgcrypt20_1.6.5-2ubuntu0.4.dsc
 c27b1256f1d63cf3c7e410d3be397ada333be229edbfb6d24723325f7deb9748 36840 
libgcrypt20_1.6.5-2ubuntu0.4.debian.tar.xz
Files:
 2db2e6724a3d41daceb4e8bfbbd62e76 2639 libs optional 
libgcrypt20_1.6.5-2ubuntu0.4.dsc
 2cad482b477253f252c813c7c04c8cd8 36840 libs optional 
libgcrypt20_1.6.5-2ubuntu0.4.debian.tar.xz
Original-Maintainer: Debian GnuTLS Maintainers 

-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-proposed] apparmor 2.10.95-0ubuntu2.9 (Accepted)

[Christian Ehrhardt]

apparmor (2.10.95-0ubuntu2.9) xenial; urgency=medium

  * debian/patches/base-journald-updates.patch: update base abstraction
for additional journald sockets (LP: #1670408)
Backport from 2.11.0-2ubuntu5 by Jamie Strandboge 

Date: Tue, 20 Feb 2018 16:04:02 +0100
Changed-By: Christian Ehrhardt 
Maintainer: Ubuntu Developers 
https://launchpad.net/ubuntu/+source/apparmor/2.10.95-0ubuntu2.9
Format: 1.8
Date: Tue, 20 Feb 2018 16:04:02 +0100
Source: apparmor
Binary: apparmor apparmor-utils apparmor-profiles apparmor-docs libapparmor-dev 
libapparmor1 libapparmor-perl libapache2-mod-apparmor libpam-apparmor 
apparmor-notify python-libapparmor python3-libapparmor python-apparmor 
python3-apparmor dh-apparmor apparmor-easyprof
Architecture: source
Version: 2.10.95-0ubuntu2.9
Distribution: xenial
Urgency: medium
Maintainer: Ubuntu Developers 
Changed-By: Christian Ehrhardt 
Description:
 apparmor   - user-space parser utility for AppArmor
 apparmor-docs - documentation for AppArmor
 apparmor-easyprof - AppArmor easyprof profiling tool
 apparmor-notify - AppArmor notification system
 apparmor-profiles - profiles for AppArmor Security policies
 apparmor-utils - utilities for controlling AppArmor
 dh-apparmor - AppArmor debhelper routines
 libapache2-mod-apparmor - changehat AppArmor library as an Apache module
 libapparmor-dev - AppArmor development libraries and header files
 libapparmor-perl - AppArmor library Perl bindings
 libapparmor1 - changehat AppArmor library
 libpam-apparmor - changehat AppArmor library as a PAM module
 python-apparmor - AppArmor Python utility library
 python-libapparmor - AppArmor library Python bindings
 python3-apparmor - AppArmor Python3 utility library
 python3-libapparmor - AppArmor library Python3 bindings
Launchpad-Bugs-Fixed: 1670408
Changes:
 apparmor (2.10.95-0ubuntu2.9) xenial; urgency=medium
 .
   * debian/patches/base-journald-updates.patch: update base abstraction
 for additional journald sockets (LP: #1670408)
 Backport from 2.11.0-2ubuntu5 by Jamie Strandboge 
Checksums-Sha1:
 ac020002013fe640092bdf573febdcbd957e1941 3252 apparmor_2.10.95-0ubuntu2.9.dsc
 5dc329254c18572a4b26fded93aec0f947100187 97000 
apparmor_2.10.95-0ubuntu2.9.debian.tar.xz
Checksums-Sha256:
 e0ffa6f0c0610e68e87bdc44af9c86dd02e4e98fbed4a4ac531ea8ebd112a6f0 3252 
apparmor_2.10.95-0ubuntu2.9.dsc
 22afd37e164269a152f37bd33e5c3fd208dbd35b324e9a0d13154acc45792be9 97000 
apparmor_2.10.95-0ubuntu2.9.debian.tar.xz
Files:
 841f2b7bc19ede2cda1ddb2141a69257 3252 admin extra 
apparmor_2.10.95-0ubuntu2.9.dsc
 17385aa78ab290228d952a0ef037895c 97000 admin extra 
apparmor_2.10.95-0ubuntu2.9.debian.tar.xz
Original-Maintainer: Debian AppArmor Team 

-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-proposed] net-snmp 5.7.3+dfsg-1ubuntu4.1 (Accepted)

[Christian Ehrhardt]

net-snmp (5.7.3+dfsg-1ubuntu4.1) xenial; urgency=medium

  * d/snmpd.init: also match start-stop-daemon against pidfile to avoid
killing extra snmpd processes for example in container (LP: #1720109)

Date: Tue, 20 Feb 2018 14:53:51 +0100
Changed-By: Christian Ehrhardt 
Maintainer: Ubuntu Developers 
https://launchpad.net/ubuntu/+source/net-snmp/5.7.3+dfsg-1ubuntu4.1
Format: 1.8
Date: Tue, 20 Feb 2018 14:53:51 +0100
Source: net-snmp
Binary: snmpd snmptrapd snmp libsnmp-base libsnmp30 libsnmp30-dbg libsnmp-dev 
libsnmp-perl python-netsnmp tkmib
Architecture: source
Version: 5.7.3+dfsg-1ubuntu4.1
Distribution: xenial
Urgency: medium
Maintainer: Ubuntu Developers 
Changed-By: Christian Ehrhardt 
Description:
 libsnmp-base - SNMP configuration script, MIBs and documentation
 libsnmp-dev - SNMP (Simple Network Management Protocol) development files
 libsnmp-perl - SNMP (Simple Network Management Protocol) Perl5 support
 libsnmp30  - SNMP (Simple Network Management Protocol) library
 libsnmp30-dbg - SNMP (Simple Network Management Protocol) library debug
 python-netsnmp - SNMP (Simple Network Management Protocol) Python support
 snmp   - SNMP (Simple Network Management Protocol) applications
 snmpd  - SNMP (Simple Network Management Protocol) agents
 snmptrapd  - Net-SNMP notification receiver
 tkmib  - SNMP (Simple Network Management Protocol) MIB browser
Launchpad-Bugs-Fixed: 1720109
Changes:
 net-snmp (5.7.3+dfsg-1ubuntu4.1) xenial; urgency=medium
 .
   * d/snmpd.init: also match start-stop-daemon against pidfile to avoid
 killing extra snmpd processes for example in container (LP: #1720109)
Checksums-Sha1:
 51edecaaebc0223e8acdd0b3744cd0f87bf1c6bf 3142 
net-snmp_5.7.3+dfsg-1ubuntu4.1.dsc
 6d0563414c9039e22e9af9425a6c7adaf8a81d92 66164 
net-snmp_5.7.3+dfsg-1ubuntu4.1.debian.tar.xz
Checksums-Sha256:
 63001c618006cf7bc39c8f2e1e48504092fa8854ff75cfd6632cae585c6f6541 3142 
net-snmp_5.7.3+dfsg-1ubuntu4.1.dsc
 0ce3964cd1be0bfad3528e55db01560aa6dcb319cd4a51c8f3fb109c661fda1a 66164 
net-snmp_5.7.3+dfsg-1ubuntu4.1.debian.tar.xz
Files:
 1f4aadede925dba7ebe34f402d02b887 3142 net optional 
net-snmp_5.7.3+dfsg-1ubuntu4.1.dsc
 d068431a5b82a5db348a76fbb428650b 66164 net optional 
net-snmp_5.7.3+dfsg-1ubuntu4.1.debian.tar.xz
Original-Maintainer: Net-SNMP Packaging Team 

-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-updates] tor 0.2.9.14-1ubuntu1~16.04.1 (Accepted)

[Robie Basak]

tor (0.2.9.14-1ubuntu1~16.04.1) xenial; urgency=medium

  [ Peter Palfrader ]
  * apparmor: use Pix instead of PUx for obfs4proxy, giving us
better confinement of the child process while actually working
with systemd's NoNewPrivileges.  (closes: #867342)
  * Do not rely on aa-exec and aa-enabled being in /usr/sbin in the
SysV init script.  This change enables apparmor confinement
on some system-V systems again.  (closes: #869153)
  * Update apparmor profile: replace CAP_DAC_OVERRIDE with
CAP_DAC_READ_SEARCH to match the systemd capability bounding set
changed with 0.3.0.4-rc-1.  This change will allow tor to start
again under apparmor if hidden services are configured.
Patch by intrigeri.  (closes: #862993)
  * Replace CAP_DAC_OVERRIDE with CAP_DAC_READ_SEARCH in systemd's service
capability bounding set.  Read access is sufficient for Tor (as root on
startup) to check its onion service directories (see #847598).
  * Change "AppArmorProfile=system_tor" to AppArmorProfile=-system_tor,
causing all errors while switching to the new apparmor profile to
be ignored.  This is not ideal, but for now it's probably the
best solution. Thanks to intrigeri; closes: #880490.

  [ Simon Deziel ]
  * Backport 0.2.9.14 to 16.04 (LP: #1731698)
  * debian/rules: stop overriding micro-revision.i
  * debian/control: drop build-conflicts
  * debian/control: Limit the seccomp build-dependency to [amd64 i386 x32 armel 
armhf]
  * Resync with Debian Stretch

tor (0.2.9.14-1) stretch-security; urgency=medium

  * New upstream version, including among others:
- Fix an issue causing DNS to fail on high-bandwidth exit nodes,
  making them nearly unusable. Fixes bugs 21394 and 18580; bugfix on
  0.1.2.2-alpha, which introduced eventdns. Thanks to Dhalgren for
  identifying and finding a workaround to this bug and to Moritz,
  Arthur Edelstein, and Roger for helping to track it down and
  analyze it.
- Fix a denial of service bug where an attacker could use a
  malformed directory object to cause a Tor instance to pause while
  OpenSSL would try to read a passphrase from the terminal. (Tor
  instances run without a terminal, which is the case for most Tor
  packages, are not impacted.) Fixes bug 24246; bugfix on every
  version of Tor. Also tracked as TROVE-2017-011 and CVE-2017-8821.
  Found by OSS-Fuzz as testcase 6360145429790720.
- Fix a denial of service issue where an attacker could crash a
  directory authority using a malformed router descriptor. Fixes bug
  24245; bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2017-010
  and CVE-2017-8820.
- When checking for replays in the INTRODUCE1 cell data for a
  (legacy) onion service, correctly detect replays in the RSA-
  encrypted part of the cell. We were previously checking for
  replays on the entire cell, but those can be circumvented due to
  the malleability of Tor's legacy hybrid encryption. This fix helps
  prevent a traffic confirmation attack. Fixes bug 24244; bugfix on
  0.2.4.1-alpha. This issue is also tracked as TROVE-2017-009
  and CVE-2017-8819.
- Fix a use-after-free error that could crash v2 Tor onion services
  when they failed to open circuits while expiring introduction
  points. Fixes bug 24313; bugfix on 0.2.7.2-alpha. This issue is
  also tracked as TROVE-2017-013 and CVE-2017-8823.
- When running as a relay, make sure that we never build a path
  through ourselves, even in the case where we have somehow lost the
  version of our descriptor appearing in the consensus. Fixes part
  of bug 21534; bugfix on 0.2.0.1-alpha. This issue is also tracked
  as TROVE-2017-012 and CVE-2017-8822.

tor (0.2.9.13-1) stretch; urgency=medium

  * New upstream version:
- update directory authority set

tor (0.2.9.12-1) stretch-security; urgency=medium

  * New upstream version:
- CVE-2017-0380 (TROVE-2017-008): Stack disclosure in hidden services logs
  when SafeLogging disabled
- other maintenance and security related fixes, see upstream changelog.

Date: 2018-02-13 23:57:11.143810+00:00
Changed-By: Simon Déziel 
Signed-By: Robie Basak 
https://launchpad.net/ubuntu/+source/tor/0.2.9.14-1ubuntu1~16.04.1
Sorry, changesfile not available.-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-proposed] debian-installer 20101020ubuntu451.22 (Accepted)

[Łukasz 'sil2100' Zemczak]

debian-installer (20101020ubuntu451.22) xenial; urgency=medium

  [ dann frazier ]
  * arm64-efi/netboot: Improvements to mini.iso generation:
- Add an EFI System Partition to fix booting from USB stick on
  same platforms LP: #1692876.
- Remove no-op arguments -boot-load-size and -boot-info-table.
- Use simpler "-e" instead of "--efi-boot" since we only have 1
  el torito image.
- Add -partition_offset 16 so that the output of commands like
  'isosize' is correct.
  * netboot/arm64: Include nic-firmware. LP: #1743638.

  [ Łukasz 'sil2100' Zemczak ]
  * Bump FLOPPY_SIZE on amd64, i386, and powerpc for kernel growth.

Date: Wed, 21 Feb 2018 10:43:54 +0100
Changed-By: Łukasz 'sil2100' Zemczak 
Maintainer: Ubuntu Installer Team 
https://launchpad.net/ubuntu/+source/debian-installer/20101020ubuntu451.22
Format: 1.8
Date: Wed, 21 Feb 2018 10:43:54 +0100
Source: debian-installer
Binary: debian-installer debian-installer-udebs
Architecture: source
Version: 20101020ubuntu451.22
Distribution: xenial
Urgency: medium
Maintainer: Ubuntu Installer Team 
Changed-By: Łukasz 'sil2100' Zemczak 
Description:
 debian-installer - Debian installer
 debian-installer-udebs - Metapackage depending on debian-installer's built-in 
udebs (udeb)
Launchpad-Bugs-Fixed: 1692876 1743638
Changes:
 debian-installer (20101020ubuntu451.22) xenial; urgency=medium
 .
   [ dann frazier ]
   * arm64-efi/netboot: Improvements to mini.iso generation:
 - Add an EFI System Partition to fix booting from USB stick on
   same platforms LP: #1692876.
 - Remove no-op arguments -boot-load-size and -boot-info-table.
 - Use simpler "-e" instead of "--efi-boot" since we only have 1
   el torito image.
 - Add -partition_offset 16 so that the output of commands like
   'isosize' is correct.
   * netboot/arm64: Include nic-firmware. LP: #1743638.
 .
   [ Łukasz 'sil2100' Zemczak ]
   * Bump FLOPPY_SIZE on amd64, i386, and powerpc for kernel growth.
Checksums-Sha1:
 a7c3a832d3a8f5c4bffc20748d3ed462f4e6ae63 3447 
debian-installer_20101020ubuntu451.22.dsc
 13688d74a3b205c3ccc89af3c3391210ef3b1016 1396692 
debian-installer_20101020ubuntu451.22.tar.xz
 1f4dc640ac8677c14c64b07459a570a16d50360e 12262 
debian-installer_20101020ubuntu451.22_source.buildinfo
Checksums-Sha256:
 fc9a5b3bb2bfcea7027349aa1851c889175e1ebd04167359726991415b41b206 3447 
debian-installer_20101020ubuntu451.22.dsc
 5005228040411dff1b5b6b716c0ff68ea34d31bb4101d8be28a0c7421b699731 1396692 
debian-installer_20101020ubuntu451.22.tar.xz
 9b6c9337761cd9458779ff9f1daf829246519726dd07dc0fd66c7883bfd7c7b0 12262 
debian-installer_20101020ubuntu451.22_source.buildinfo
Files:
 fadb59f449757761b9ab071cb3f32a7d 3447 devel optional 
debian-installer_20101020ubuntu451.22.dsc
 0a1468ef2df58a39d5cca164de6a7b34 1396692 devel optional 
debian-installer_20101020ubuntu451.22.tar.xz
 c2091d59c0bbd05fc0fcc545c1c544ed 12262 devel optional 
debian-installer_20101020ubuntu451.22_source.buildinfo
Original-Maintainer: Debian Install System Team 
-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes