From: Stefan Bader <stefan.bader@canonical.com>
Date: Mon, 14 May 2018 11:09:34 +0000 (+0200)
Subject: UBUNTU: Ubuntu-4.13.0-43.48
X-Git-Tag: Ubuntu-4.13.0-43.48^0
X-Git-Url: https://git.proxmox.com/?a=commitdiff_plain;h=37760d263aa0faf63fd6abfd1250d38f666db5aa;p=mirror_ubuntu-artful-kernel.git

UBUNTU: Ubuntu-4.13.0-43.48

Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
---

diff --git a/debian.master/changelog b/debian.master/changelog
index c7e99c0bea0a..a47df15923e0 100644
--- a/debian.master/changelog
+++ b/debian.master/changelog
@@ -1,10 +1,71 @@
-linux (4.13.0-43.48) UNRELEASED; urgency=medium
-
-  CHANGELOG: Do not edit directly. Autogenerated at release.
-  CHANGELOG: Use the printchanges target to see the curent changes.
-  CHANGELOG: Use the insertchanges target to create the final log.
-
- -- Stefan Bader <stefan.bader@canonical.com>  Mon, 14 May 2018 11:57:33 +0200
+linux (4.13.0-43.48) artful; urgency=medium
+
+  * CVE-2018-3639 (powerpc)
+    - SAUCE: rfi-flush: update H_CPU_* macro names to upstream
+    - SAUCE: rfi-flush: update plpar_get_cpu_characteristics() signature to
+      upstream
+    - SAUCE: update pseries_setup_rfi_flush() capitalization to upstream
+    - powerpc/pseries: Support firmware disable of RFI flush
+    - powerpc/powernv: Support firmware disable of RFI flush
+    - powerpc/64s: Allow control of RFI flush via debugfs
+    - powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code
+    - powerpc/rfi-flush: Always enable fallback flush on pseries
+    - powerpc/rfi-flush: Differentiate enabled and patched flush types
+    - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags
+    - powerpc: Add security feature flags for Spectre/Meltdown
+    - powerpc/powernv: Set or clear security feature flags
+    - powerpc/pseries: Set or clear security feature flags
+    - powerpc/powernv: Use the security flags in pnv_setup_rfi_flush()
+    - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush()
+    - powerpc/pseries: Fix clearing of security feature flags
+    - powerpc: Move default security feature flags
+    - powerpc/pseries: Restore default security feature flags on setup
+    - powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit
+
+  * CVE-2018-3639 (x86)
+    - SAUCE: Add X86_FEATURE_ARCH_CAPABILITIES
+    - SAUCE: x86: Add alternative_msr_write
+    - x86/nospec: Simplify alternative_msr_write()
+    - x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
+    - x86/bugs: Concentrate bug detection into a separate function
+    - x86/bugs: Concentrate bug reporting into a separate function
+    - x86/msr: Add definitions for new speculation control MSRs
+    - x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
+    - x86/bugs, KVM: Support the combination of guest and host IBRS
+    - x86/bugs: Expose /sys/../spec_store_bypass
+    - x86/cpufeatures: Add X86_FEATURE_RDS
+    - x86/bugs: Provide boot parameters for the spec_store_bypass_disable
+      mitigation
+    - x86/bugs/intel: Set proper CPU features and setup RDS
+    - x86/bugs: Whitelist allowed SPEC_CTRL MSR values
+    - x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested
+    - x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
+    - x86/speculation: Create spec-ctrl.h to avoid include hell
+    - prctl: Add speculation control prctls
+    - x86/process: Allow runtime control of Speculative Store Bypass
+    - x86/speculation: Add prctl for Speculative Store Bypass mitigation
+    - nospec: Allow getting/setting on non-current task
+    - proc: Provide details on speculation flaw mitigations
+    - seccomp: Enable speculation flaw mitigations
+    - SAUCE: x86/bugs: Honour SPEC_CTRL default
+    - x86/bugs: Make boot modes __ro_after_init
+    - prctl: Add force disable speculation
+    - seccomp: Use PR_SPEC_FORCE_DISABLE
+    - seccomp: Add filter flag to opt-out of SSB mitigation
+    - seccomp: Move speculation migitation control to arch code
+    - x86/speculation: Make "seccomp" the default mode for Speculative Store
+      Bypass
+    - x86/bugs: Rename _RDS to _SSBD
+    - proc: Use underscores for SSBD in 'status'
+    - Documentation/spec_ctrl: Do some minor cleanups
+    - x86/bugs: Fix __ssb_select_mitigation() return type
+    - x86/bugs: Make cpu_show_common() static
+
+  * LSM Stacking prctl values should be redefined as to not collide with
+    upstream prctls (LP: #1769263) // CVE-2018-3639
+    - SAUCE: LSM stacking: adjust prctl values
+
+ -- Stefan Bader <stefan.bader@canonical.com>  Tue, 15 May 2018 07:39:26 +0200
 
 linux (4.13.0-42.47) artful; urgency=medium