+linux (4.10.0-10.12) UNRELEASED; urgency=low
+
+ CHANGELOG: Do not edit directly. Autogenerated at release.
+ CHANGELOG: Use the printchanges target to see the curent changes.
+ CHANGELOG: Use the insertchanges target to create the final log.
+
+ -- Tim Gardner <tim.gardner@canonical.com> Mon, 20 Feb 2017 15:32:54 -0700
+
+linux (4.10.0-9.11) zesty; urgency=low
+
+ [ Tim Gardner ]
+
+ * Release Tracking Bug
+ - LP: #1666214
+
+ * linux: disable CONFIG_PCIEPORTBUS in the kernel (LP: #1665404)
+ - [Config] CONFIG_PCIEPORTBUS=n for ppc64el
+
+ * linux-lts-xenial 4.4.0-63.84~14.04.2 ADT test failure with linux-lts-xenial
+ 4.4.0-63.84~14.04.2 (LP: #1664912)
+ - SAUCE: apparmor: fix link auditing failure due to, uninitialized var
+
+ * Ubuntu 17.04: "Oops: Exception in kernel mode, sig: 5 [#1]" seen during
+ fadump over ssh on Alpine machine. (LP: #1655241)
+ - SAUCE: powerpc/fadump: set an upper limit for boot memory size
+
+ * In Ubuntu 17.04 : after reboot getting message in console like Unable to
+ open file: /etc/keys/x509_ima.der (-2) (LP: #1656908)
+ - SAUCE: ima: Downgrade error to warning
+
+ * NFS client : permission denied when trying to access subshare, since kernel
+ 4.4.0-31 (LP: #1649292)
+ - fs: Better permission checking for submounts
+
+ * Miscellaneous Ubuntu changes
+ - SAUCE: (noup) Update spl to 0.6.5.9-1, zfs to 0.6.5.9-2
+ - [Config] CONFIG_SCSI_HISI_SAS=m on arm64
+ - d-i: Add hisi_sas_v2_hw to scsi-modules
+ - d-i: Add hns_enet_drv to nic-modules
+ - d-i: Add supporting modules for hns_enet_drv to nic-modules
+ - rebase to v4.10
+
+ [ Upstream Kernel Changes ]
+
+ * rebase to v4.10
+
+ -- Tim Gardner <tim.gardner@canonical.com> Wed, 15 Feb 2017 11:18:07 -0700
+
+linux (4.10.0-8.10) zesty; urgency=low
+
+ [ Tim Gardner ]
+
+ * Release Tracking Bug
+ - LP: #1664217
+
+ * [Hyper-V] Bug fixes for storvsc (tagged queuing, error conditions)
+ (LP: #1663687)
+ - scsi: storvsc: Enable tracking of queue depth
+ - scsi: storvsc: Remove the restriction on max segment size
+ - scsi: storvsc: Enable multi-queue support
+ - scsi: storvsc: use tagged SRB requests if supported by the device
+ - scsi: storvsc: properly handle SRB_ERROR when sense message is present
+ - scsi: storvsc: properly set residual data length on errors
+
+ * Ubuntu16.10-KVM:Big configuration with multiple guests running SRIOV VFs
+ caused KVM host hung and all KVM guests down. (LP: #1651248)
+ - KVM: PPC: Book 3S: XICS cleanup: remove XICS_RM_REJECT
+ - KVM: PPC: Book 3S: XICS: correct the real mode ICP rejecting counter
+ - KVM: PPC: Book 3S: XICS: Fix potential issue with duplicate IRQ resends
+ - KVM: PPC: Book 3S: XICS: Implement ICS P/Q states
+ - KVM: PPC: Book 3S: XICS: Don't lock twice when checking for resend
+
+ * overlay: mkdir fails if directory exists in lowerdir in a user namespace
+ (LP: #1531747)
+ - SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs
+
+ * CVE-2016-1575 (LP: #1534961)
+ - SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs
+
+ * CVE-2016-1576 (LP: #1535150)
+ - SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs
+
+ * Miscellaneous Ubuntu changes
+ - SAUCE: md/raid6 algorithms: scale test duration for speedier boots
+ - SAUCE: Import aufs driver
+ - d-i: Build message-modules udeb for arm64
+ - rebase to v4.10-rc8
+
+ * Miscellaneous upstream changes
+ - Revert "UBUNTU: SAUCE: aufs -- remove .readlink assignment"
+ - Revert "UBUNTU: SAUCE: (no-up) aufs: for v4.9-rc1, support setattr_prepare()"
+ - Revert "UBUNTU: SAUCE: aufs -- Add flags argument to aufs_rename()"
+ - Revert "UBUNTU: SAUCE: aufs -- Convert to use xattr handlers"
+ - Revert "UBUNTU: SAUCE: Import aufs driver"
+
+ [ Upstream Kernel Changes ]
+
+ * rebase to v4.10-rc8
+
+ -- Tim Gardner <tim.gardner@canonical.com> Mon, 06 Feb 2017 08:34:24 -0700
+
+linux (4.10.0-7.9) zesty; urgency=low
+
+ [ Tim Gardner ]
+
+ * Release Tracking Bug
+ - LP: #1662201
+
+ * AMDGPU support for CIK parts in kernel config? (LP: #1661887)
+ - [Config] CONFIG_DRM_AMDGPU_CIK=y
+
+ * regession tests failing after stackprofile test is run (LP: #1661030)
+ - fix regression with domain change in complain mode
+
+ * Permission denied and inconsistent behavior in complain mode with 'ip netns
+ list' command (LP: #1648903)
+ - fix regression with domain change in complain mode
+
+ * flock not mediated by 'k' (LP: #1658219)
+ - SAUCE: apparmor: flock mediation is not being enforced on cache check
+
+ * unexpected errno=13 and disconnected path when trying to open /proc/1/ns/mnt
+ from a unshared mount namespace (LP: #1656121)
+ - SAUCE: apparmor: null profiles should inherit parent control flags
+
+ * apparmor refcount leak of profile namespace when removing profiles
+ (LP: #1660849)
+ - SAUCE: apparmor: fix ns ref count link when removing profiles from policy
+
+ * tor in lxd: apparmor="DENIED" operation="change_onexec"
+ namespace="root//CONTAINERNAME_<var-lib-lxd>" profile="unconfined"
+ name="system_tor" (LP: #1648143)
+ - SAUCE: apparmor: Fix no_new_privs blocking change_onexec when using stacked
+ namespaces
+
+ * apparmor_parser hangs indefinitely when called by multiple threads
+ (LP: #1645037)
+ - SAUCE: apparmor: fix lock ordering for mkdir
+
+ * apparmor leaking securityfs pin count (LP: #1660846)
+ - SAUCE: apparmor: fix leak on securityfs pin count
+
+ * apparmor reference count leak when securityfs_setup_d_inode\ () fails
+ (LP: #1660845)
+ - SAUCE: apparmor: fix reference count leak when securityfs_setup_d_inode()
+ fails
+
+ * apparmor not checking error if security_pin_fs() fails (LP: #1660842)
+ - SAUCE: apparmor: fix not handling error case when securityfs_pin_fs() fails
+
+ * apparmor oops in bind_mnt when dev_path lookup fails (LP: #1660840)
+ - SAUCE: apparmor: fix oops in bind_mnt when dev_path lookup fails
+
+ * apparmor auditing denied access of special apparmor .null fi\ le
+ (LP: #1660836)
+ - SAUCE: apparmor: Don't audit denied access of special apparmor .null file
+
+ * apparmor label leak when new label is unused (LP: #1660834)
+ - SAUCE: apparmor: fix label leak when new label is unused
+
+ * apparmor reference count bug in label_merge_insert() (LP: #1660833)
+ - SAUCE: apparmor: fix reference count bug in label_merge_insert()
+
+ * apparmor's raw_data file in securityfs is sometimes truncated (LP: #1638996)
+ - SAUCE: apparmor: fix replacement race in reading rawdata
+
+ * unix domain socket cross permission check failing with nested namespaces
+ (LP: #1660832)
+ - SAUCE: apparmor: fix cross ns perm of unix domain sockets
+
+ * Regression tests can not detect binfmt_elf mmpa semantic change
+ (LP: #1630069)
+ - SAUCE: apparmor: add flag to detect semantic change, to binfmt_elf mmap
+
+ * Support snaps inside of lxd containers (LP: #1611078)
+ - apparmor: add interface to be able to grab loaded policy
+ - apparmor: refactor aa_prepare_ns into prepare_ns and create_ns routines
+ - apparmor: add __aa_find_ns fn
+ - apparmor: add mkdir/rmdir interface to manage policy namespaces
+ - apparmor: fix oops in pivot_root mediation
+ - apparmor: fix warning that fn build_pivotroot discards const
+ - apparmor: add interface to advertise status of current task stacking
+ - apparmor: update policy permissions to consider ns being viewed/managed
+ - apparmor: add per ns policy management interface
+ - apparmor: bump domain stacking version to 1.2
+
+ * change_hat is logging failures during expected hat probing (LP: #1615893)
+ - SAUCE: apparmor: Fix auditing behavior for change_hat probing
+
+ * deleted files outside of the namespace are not being treated as disconnected
+ (LP: #1615892)
+ - SAUCE: apparmor: deleted dentries can be disconnected
+
+ * stacking to unconfined in a child namespace confuses mediation
+ (LP: #1615890)
+ - SAUCE: apparmor: special case unconfined when determining the mode
+
+ * apparmor module parameters can be changed after the policy is locked
+ (LP: #1615895)
+ - SAUCE: apparmor: fix: parameters can be changed after policy is locked
+
+ * AppArmor profile reloading causes an intermittent kernel BUG (LP: #1579135)
+ - SAUCE: apparmor: fix vec_unique for vectors larger than 8
+
+ * label vec reductions can result in reference labels instead of direct access
+ to labels (LP: #1615889)
+ - SAUCE: apparmor: reduction of vec to single entry is just that entry
+
+ * profiles from different namespaces can block other namespaces from being
+ able to load a profile (LP: #1615887)
+ - SAUCE: apparmor: profiles in one ns can affect mediation in another ns
+
+ * The label build for onexec when stacking is wrong (LP: #1615881)
+ - SAUCE: apparmor: Fix label build for onexec stacking.
+
+ * The inherit check for new to old label comparison for domain transitions is
+ wrong (LP: #1615880)
+ - SAUCE: apparmor: Fix new to old label comparison for domain transitions
+
+ * warning stack trace while playing with apparmor namespaces (LP: #1593874)
+ - SAUCE: apparmor: fix stack trace when removing namespace with profiles
+
+ * __label_update proxy comparison test is wrong (LP: #1615878)
+ - SAUCE: apparmor: Fix __label_update proxy comparison test
+
+ * reading /sys/kernel/security/apparmor/profiles requires CAP_MAC_ADMIN
+ (LP: #1560583)
+ - SAUCE: apparmor: Allow ns_root processes to open profiles file
+ - SAUCE: apparmor: Consult sysctl when reading profiles in a user ns
+
+ * policy namespace stacking (LP: #1379535)
+ - SAUCE: (no-up) apparmor: rebase of apparmor3.5-beta1 snapshot for 4.8
+ - SAUCE: add a sysctl to enable unprivileged user ns AppArmor policy loading
+
+ * brd module compiled as built-in (LP: #1593293)
+ - [Config] CONFIG_BLK_DEV_RAM=m
+
+ * Miscellaneous Ubuntu changes
+ - SAUCE: apparmor: Fix FTBFS due to bad include path
+ - SAUCE: apparmor: add data query support
+ - rebase to v4.10-rc7
+
+ * Miscellaneous upstream changes
+ - fixup backout policy view capable for forward port
+ - apparmor: fix: Rework the iter loop for label_update
+ - apparmor: add more assertions for updates/merges to help catch errors
+ - apparmor: Make pivot root transitions work with stacking
+ - apparmor: convert delegating deleted files to mediate deleted files
+ - apparmor: add missing parens. not a bug fix but highly recommended
+ - apparmor: add a stack_version file to allow detection of bug fixes
+ - apparmor: push path lookup into mediation loop
+ - apparmor: default to allowing unprivileged userns policy
+ - apparmor: fix: permissions test to view and manage policy
+ - apparmor: Add Basic ns cross check condition for ipc
+
+ [ Upstream Kernel Changes ]
+
+ * rebase to v4.10-rc7
+
+ -- Tim Gardner <tim.gardner@canonical.com> Thu, 02 Feb 2017 10:48:30 -0700
+
+linux (4.10.0-6.8) zesty; urgency=low
+
+ [ Tim Gardner ]
+
+ * Release Tracking Bug
+ - LP: #1661300
+
+ * flock not mediated by 'k' (LP: #1658219)
+ - SAUCE: apparmor: flock mediation is not being enforced on cache check
+
+ * unexpected errno=13 and disconnected path when trying to open /proc/1/ns/mnt
+ from a unshared mount namespace (LP: #1656121)
+ - SAUCE: apparmor: null profiles should inherit parent control flags
+
+ * apparmor refcount leak of profile namespace when removing profiles
+ (LP: #1660849)
+ - SAUCE: apparmor: fix ns ref count link when removing profiles from policy
+
+ * tor in lxd: apparmor="DENIED" operation="change_onexec"
+ namespace="root//CONTAINERNAME_<var-lib-lxd>" profile="unconfined"
+ name="system_tor" (LP: #1648143)
+ - SAUCE: apparmor: Fix no_new_privs blocking change_onexec when using stacked
+ namespaces
+
+ * apparmor_parser hangs indefinitely when called by multiple threads
+ (LP: #1645037)
+ - SAUCE: apparmor: fix lock ordering for mkdir
+
+ * apparmor leaking securityfs pin count (LP: #1660846)
+ - SAUCE: apparmor: fix leak on securityfs pin count
+
+ * apparmor reference count leak when securityfs_setup_d_inode\ () fails
+ (LP: #1660845)
+ - SAUCE: apparmor: fix reference count leak when securityfs_setup_d_inode()
+ fails
+
+ * apparmor not checking error if security_pin_fs() fails (LP: #1660842)
+ - SAUCE: apparmor: fix not handling error case when securityfs_pin_fs() fails
+
+ * apparmor oops in bind_mnt when dev_path lookup fails (LP: #1660840)
+ - SAUCE: apparmor: fix oops in bind_mnt when dev_path lookup fails
+
+ * apparmor auditing denied access of special apparmor .null fi\ le
+ (LP: #1660836)
+ - SAUCE: apparmor: Don't audit denied access of special apparmor .null file
+
+ * apparmor label leak when new label is unused (LP: #1660834)
+ - SAUCE: apparmor: fix label leak when new label is unused
+
+ * apparmor reference count bug in label_merge_insert() (LP: #1660833)
+ - SAUCE: apparmor: fix reference count bug in label_merge_insert()
+
+ * apparmor's raw_data file in securityfs is sometimes truncated (LP: #1638996)
+ - SAUCE: apparmor: fix replacement race in reading rawdata
+
+ * unix domain socket cross permission check failing with nested namespaces
+ (LP: #1660832)
+ - SAUCE: apparmor: fix cross ns perm of unix domain sockets
+
+ * Kdump through NMI SMP and single core not working on Ubuntu16.10
+ (LP: #1630924)
+ - hv: don't reset hv_context.tsc_page on crash
+
+ * [17.04 FEAT] Integrate kernel message catalogue for s390x into Ubuntu
+ distribution (LP: #1628889)
+ - SAUCE: s390: kernel message catalog
+
+ * Miscellaneous Ubuntu changes
+ - [Config] Drop powerpc ABI files
+
+ -- Tim Gardner <tim.gardner@canonical.com> Wed, 01 Feb 2017 15:21:35 -0700
+
+linux (4.10.0-5.7) zesty; urgency=low
+
+ * [regression 4.8.0-14 -> 4.8.0-17] keyboard and touchscreen lost on Acer
+ Chromebook R11 (LP: #1630238)
+ - [Config] CONFIG_TOUCHSCREEN_ELAN=y,CONFIG_PINCTRL_CHERRYVIEW=y for amd64
+
+ * Enable CONFIG_NET_DROP_MONITOR=m in Ubuntu Kernel (LP: #1660634)
+ - [Config] Update annotations for CONFIG_NET_DROP_MONITOR
+
+ * Miscellaneous Ubuntu changes
+ - d-i: initrd needs msm_emac on amberwing platform.
+ - [Config] Remove powerpc architecture builds
+ - [Config] updateconfigs after removing powerpc configs
+ - [Config] Update annotations after removing powerpc configs
+ - SAUCE: Disable timers selftest for now
+ - Rebase to v4.10-rc6
+ - SAUCE: (no-up) Update zfs to 0.6.5.8-0ubuntu9
+ - Enable zfs build
+ - [Config] CONFIG_NET_DROP_MONITOR=m
+
+ [ Upstream Kernel Changes ]
+
+ * rebase to v4.10-rc6
+
+ -- Seth Forshee <seth.forshee@canonical.com> Wed, 01 Feb 2017 12:26:09 -0600
+
linux (4.10.0-4.6) zesty; urgency=low
* Miscellaneous upstream changes