+linux (4.13.0-44.49) UNRELEASED; urgency=medium
+
+ CHANGELOG: Do not edit directly. Autogenerated at release.
+ CHANGELOG: Use the printchanges target to see the curent changes.
+ CHANGELOG: Use the insertchanges target to create the final log.
+
+ -- Stefan Bader <stefan.bader@canonical.com> Wed, 23 May 2018 09:06:26 +0200
+
+linux (4.13.0-43.48) artful; urgency=medium
+
+ * CVE-2018-3639 (powerpc)
+ - SAUCE: rfi-flush: update H_CPU_* macro names to upstream
+ - SAUCE: rfi-flush: update plpar_get_cpu_characteristics() signature to
+ upstream
+ - SAUCE: update pseries_setup_rfi_flush() capitalization to upstream
+ - powerpc/pseries: Support firmware disable of RFI flush
+ - powerpc/powernv: Support firmware disable of RFI flush
+ - powerpc/64s: Allow control of RFI flush via debugfs
+ - powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code
+ - powerpc/rfi-flush: Always enable fallback flush on pseries
+ - powerpc/rfi-flush: Differentiate enabled and patched flush types
+ - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags
+ - powerpc: Add security feature flags for Spectre/Meltdown
+ - powerpc/powernv: Set or clear security feature flags
+ - powerpc/pseries: Set or clear security feature flags
+ - powerpc/powernv: Use the security flags in pnv_setup_rfi_flush()
+ - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush()
+ - powerpc/pseries: Fix clearing of security feature flags
+ - powerpc: Move default security feature flags
+ - powerpc/pseries: Restore default security feature flags on setup
+ - powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit
+
+ * CVE-2018-3639 (x86)
+ - SAUCE: Add X86_FEATURE_ARCH_CAPABILITIES
+ - SAUCE: x86: Add alternative_msr_write
+ - x86/nospec: Simplify alternative_msr_write()
+ - x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
+ - x86/bugs: Concentrate bug detection into a separate function
+ - x86/bugs: Concentrate bug reporting into a separate function
+ - x86/msr: Add definitions for new speculation control MSRs
+ - x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
+ - x86/bugs, KVM: Support the combination of guest and host IBRS
+ - x86/bugs: Expose /sys/../spec_store_bypass
+ - x86/cpufeatures: Add X86_FEATURE_RDS
+ - x86/bugs: Provide boot parameters for the spec_store_bypass_disable
+ mitigation
+ - x86/bugs/intel: Set proper CPU features and setup RDS
+ - x86/bugs: Whitelist allowed SPEC_CTRL MSR values
+ - x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested
+ - x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
+ - x86/speculation: Create spec-ctrl.h to avoid include hell
+ - prctl: Add speculation control prctls
+ - x86/process: Allow runtime control of Speculative Store Bypass
+ - x86/speculation: Add prctl for Speculative Store Bypass mitigation
+ - nospec: Allow getting/setting on non-current task
+ - proc: Provide details on speculation flaw mitigations
+ - seccomp: Enable speculation flaw mitigations
+ - SAUCE: x86/bugs: Honour SPEC_CTRL default
+ - x86/bugs: Make boot modes __ro_after_init
+ - prctl: Add force disable speculation
+ - seccomp: Use PR_SPEC_FORCE_DISABLE
+ - seccomp: Add filter flag to opt-out of SSB mitigation
+ - seccomp: Move speculation migitation control to arch code
+ - x86/speculation: Make "seccomp" the default mode for Speculative Store
+ Bypass
+ - x86/bugs: Rename _RDS to _SSBD
+ - proc: Use underscores for SSBD in 'status'
+ - Documentation/spec_ctrl: Do some minor cleanups
+ - x86/bugs: Fix __ssb_select_mitigation() return type
+ - x86/bugs: Make cpu_show_common() static
+
+ * LSM Stacking prctl values should be redefined as to not collide with
+ upstream prctls (LP: #1769263) // CVE-2018-3639
+ - SAUCE: LSM stacking: adjust prctl values
+
+ -- Stefan Bader <stefan.bader@canonical.com> Tue, 15 May 2018 07:39:26 +0200
+
+linux (4.13.0-42.47) artful; urgency=medium
+
+ * linux: 4.13.0-42.47 -proposed tracker (LP: #1769993)
+
+ * arm64: fix CONFIG_DEBUG_WX address reporting (LP: #1765850)
+ - arm64: fix CONFIG_DEBUG_WX address reporting
+
+ * HiSilicon HNS NIC names are truncated in /proc/interrupts (LP: #1765977)
+ - net: hns: Avoid action name truncation
+
+ * CVE-2017-18208
+ - mm/madvise.c: fix madvise() infinite loop under special circumstances
+
+ * CVE-2018-8822
+ - staging: ncpfs: memory corruption in ncp_read_kernel()
+
+ * CVE-2017-18203
+ - dm: fix race between dm_get_from_kobject() and __dm_destroy()
+
+ * CVE-2017-17449
+ - netlink: Add netns check on taps
+
+ * CVE-2017-17975
+ - media: usbtv: prevent double free in error case
+
+ * [8086:3e92] display becomes blank after S3 (LP: #1763271)
+ - drm/i915/edp: Allow alternate fixed mode for eDP if available.
+ - drm/i915/dp: rename intel_dp_is_edp to intel_dp_is_port_edp
+ - drm/i915/dp: make is_edp non-static and rename to intel_dp_is_edp
+ - drm/i915/edp: Do not do link training fallback or prune modes on EDP
+
+ * sky2 gigabit ethernet driver sometimes stops working after lid-open resume
+ from sleep (88E8055) (LP: #1758507)
+ - sky2: Increase D3 delay to sky2 stops working after suspend
+
+ * perf vendor events arm64: Enable JSON events for ThunderX2 B0 (LP: #1760712)
+ - perf vendor events arm64: Enable JSON events for ThunderX2 B0
+
+ * No network with e1000e driver on 4.13.0-38-generic (LP: #1762693)
+ - e1000e: Fix e1000_check_for_copper_link_ich8lan return value.
+
+ * /dev/ipmi enumeration flaky on Cavium Sabre nodes (LP: #1762812)
+ - i2c: xlp9xx: return ENXIO on slave address NACK
+ - i2c: xlp9xx: Handle transactions with I2C_M_RECV_LEN properly
+ - i2c: xlp9xx: Check for Bus state before every transfer
+ - i2c: xlp9xx: Handle NACK on DATA properly
+
+ * "ip a" command on a guest VM shows UNKNOWN status (LP: #1761534)
+ - virtio-net: Fix operstate for virtio when no VIRTIO_NET_F_STATUS
+
+ * fix regression in mm/hotplug, allows NVIDIA driver to work (LP: #1761104)
+ - SAUCE: Fix revert "mm, memory_hotplug: do not associate hotadded memory to
+ zones until online"
+
+ * ibrs/ibpb fixes result in excessive kernel logging (LP: #1755627)
+ - SAUCE: remove ibrs_dump sysctl interface
+
+ -- Kleber Sacilotto de Souza <kleber.souza@canonical.com> Mon, 07 May 2018 15:06:58 +0200
+
+linux (4.13.0-41.46) artful; urgency=medium
+
+ * CVE-2018-8897
+ - x86/entry/64: Don't use IST entry for #BP stack
+
+ * CVE-2018-1087
+ - kvm/x86: fix icebp instruction handling
+
+ * CVE-2018-1000199
+ - perf/hwbp: Simplify the perf-hwbp code, fix documentation
+
+ -- Kleber Sacilotto de Souza <kleber.souza@canonical.com> Wed, 02 May 2018 11:58:49 +0200
+
+linux (4.13.0-39.44) artful; urgency=medium
+
+ * linux: 4.13.0-39.44 -proposed tracker (LP: #1761456)
+
+ * intel-microcode 3.20180312.0 causes lockup at login screen(w/ linux-
+ image-4.13.0-37-generic) (LP: #1759920) // CVE-2017-5715 (Spectre v2
+ Intel) // CVE-2017-5754
+ - x86/mm: Reinitialize TLB state on hotplug and resume
+
+ * intel-microcode 3.20180312.0 causes lockup at login screen(w/ linux-
+ image-4.13.0-37-generic) (LP: #1759920) // CVE-2017-5715 (Spectre v2 Intel)
+ - Revert "x86/mm: Only set IBPB when the new thread cannot ptrace current
+ thread"
+ - x86/speculation: Use Indirect Branch Prediction Barrier in context switch
+
+ * DKMS driver builds fail with: Cannot use CONFIG_STACK_VALIDATION=y, please
+ install libelf-dev, libelf-devel or elfutils-libelf-devel (LP: #1760876)
+ - [Packaging] include the retpoline extractor in the headers
+
+ * retpoline hints: primary infrastructure and initial hints (LP: #1758856)
+ - [Packaging] retpoline-extract: flag *0xNNN(%reg) branches
+ - x86/speculation, objtool: Annotate indirect calls/jumps for objtool
+ - x86/speculation, objtool: Annotate indirect calls/jumps for objtool on 32bit
+ - x86/paravirt, objtool: Annotate indirect calls
+ - [Packaging] retpoline -- add safe usage hint support
+ - [Packaging] retpoline-check -- only report additions
+ - [Packaging] retpoline -- widen indirect call/jmp detection
+ - [Packaging] retpoline -- elide %rip relative indirections
+ - [Packaging] retpoline -- clear hint information from packages
+ - KVM: x86: Make indirect calls in emulator speculation safe
+ - KVM: VMX: Make indirect call speculation safe
+ - x86/boot, objtool: Annotate indirect jump in secondary_startup_64()
+ - SAUCE: early/late -- annotate indirect calls in early/late initialisation
+ code
+ - SAUCE: vga_set_mode -- avoid jump tables
+ - [Config] retpoline -- switch to new format
+ - [Packaging] retpoline hints -- handle missing files when RETPOLINE not
+ enabled
+ - [Packaging] final-checks -- remove check for empty retpoline files
+
+ * retpoline: ignore %cs:0xNNN constant indirections (LP: #1752655)
+ - [Packaging] retpoline -- elide %cs:0xNNNN constants on i386
+
+ * zfs system process hung on container stop/delete (LP: #1754584)
+ - SAUCE: Fix non-prefaulted page deadlock (LP: #1754584)
+
+ * zfs-linux 0.6.5.11-1ubuntu5 ADT test failure with linux 4.15.0-1.2
+ (LP: #1737761)
+ - SAUCE: (noup) Update zfs to 0.6.5.11-1ubuntu3.2
+
+ * AT_BASE_PLATFORM in AUXV is absent on kernels available on Ubuntu 17.10
+ (LP: #1759312)
+ - powerpc/64s: Fix NULL AT_BASE_PLATFORM when using DT CPU features
+
+ * btrfs and tar sparse truncate archives (LP: #1757565)
+ - Btrfs: move definition of the function btrfs_find_new_delalloc_bytes
+ - Btrfs: fix reported number of inode blocks after buffered append writes
+
+ * efifb broken on ThunderX-based Gigabyte nodes (LP: #1758375)
+ - drivers/fbdev/efifb: Allow BAR to be moved instead of claiming it
+
+ * Intel i40e PF reset due to incorrect MDD detection (continues...)
+ (LP: #1723127)
+ - i40e/i40evf: Account for frags split over multiple descriptors in check
+ linearize
+
+ * Fix an issue that when system in S3, USB keyboard can't wake up the system.
+ (LP: #1759511)
+ - ACPI / PM: Allow deeper wakeup power states with no _SxD nor _SxW
+
+ * [8086:3e92] display becomes blank after S3 (LP: #1759188)
+ - drm/i915: Apply Display WA #1183 on skl, kbl, and cfl
+
+ * add audio kernel patches for Raven (LP: #1758364)
+ - ALSA: hda: Add Raven PCI ID
+ - ALSA: hda/realtek - Fix ALC700 family no sound issue
+
+ * Cpu utilization showing system time for kvm guests (performance) (sysstat)
+ (LP: #1755979)
+ - KVM: PPC: Book3S HV: Fix guest time accounting with VIRT_CPU_ACCOUNTING_GEN
+
+ * Kernel panic on a nfsroot system (LP: #1734327)
+ - Revert "UBUNTU: SAUCE: LSM stacking: add stacking support to apparmor
+ network hooks"
+ - Revert "UBUNTU: SAUCE: LSM stacking: LSM: Infrastructure management of the
+ remaining blobs"
+
+ * can't record sound via front headset port on the Dell Precision 3630
+ (LP: #1759088)
+ - ALSA: hda/realtek - Fix Dell headset Mic can't record
+
+ * speaker can't output sound anymore after system resumes from S3 on a lenovo
+ machine with alc257 (LP: #1758829)
+ - ALSA: hda/realtek - Fix speaker no sound after system resume
+
+ * hda driver initialization takes too much time on the machine with coffeelake
+ audio controller [8086:a348] (LP: #1758800)
+ - ALSA: hda - Force polling mode on CFL for fixing codec communication
+
+ * Let headset-mode initialization be called on Dell Precision 3930
+ (LP: #1757584)
+ - ALSA: hda/realtek - Add headset mode support for Dell laptop
+
+ * ubuntu_zram_smoke test will cause soft lockup on Artful ThunderX ARM64
+ (LP: #1755073)
+ - SAUCE: crypto: thunderx_zip: Fix fallout from CONFIG_VMAP_STACK
+
+ * [Hyper-V] include kvp fix for Avoid reading past allocated blocks from KVP
+ file (LP: #1750349)
+ - hv: kvp: Avoid reading past allocated blocks from KVP file
+
+ * IMA policy parsing is broken in 4.13 (LP: #1755804)
+ - ima/policy: fix parsing of fsuuid
+
+ * external mic not work on Dell OptiPlex 7460 AIO (LP: #1755954)
+ - ALSA: hda/realtek - Add headset mode support for Dell laptop
+
+ * sbsa watchdog crashes thunderx2 system (LP: #1755595)
+ - watchdog: sbsa: use 32-bit read for WCV
+
+ * CVE-2018-8043
+ - net: phy: mdio-bcm-unimac: fix potential NULL dereference in
+ unimac_mdio_probe()
+
+ -- Stefan Bader <stefan.bader@canonical.com> Thu, 05 Apr 2018 14:47:00 +0200
+