debian.master/changelog

   1 linux (4.13.0-2.3) UNRELEASED; urgency=low
   2
   3   CHANGELOG: Do not edit directly. Autogenerated at release.
   4   CHANGELOG: Use the printchanges target to see the curent changes.
   5   CHANGELOG: Use the insertchanges target to create the final log.
   6
   7  -- Seth Forshee <seth.forshee@canonical.com>  Thu, 20 Jul 2017 14:44:58 -0500
   8
   9 linux (4.13.0-1.2) artful; urgency=low
  10
  11   * Miscellaneous Ubuntu changes
  12     - [Debian] Support sphinx-based kernel documentation
  13
  14  -- Seth Forshee <seth.forshee@canonical.com>  Thu, 20 Jul 2017 09:18:33 -0500
  15
  16 linux (4.13.0-0.1) artful; urgency=low
  17
  18   * Miscellaneous Ubuntu changes
  19     - Disable hio
  20     - Disable zfs build
  21     - ubuntu: vbox -- update to 5.1.24-dfsg-1
  22
  23   [ Upstream Kernel Changes ]
  24
  25   * Rebase to v4.13-rc1
  26
  27  -- Seth Forshee <seth.forshee@canonical.com>  Wed, 19 Jul 2017 15:09:31 -0500
  28
  29 linux (4.12.0-7.8) artful; urgency=low
  30
  31   * ThunderX: soft lockup on 4.8+ kernels when running qemu-efi with vhost=on
  32     (LP: #1673564)
  33     - arm64: Add a facility to turn an ESR syndrome into a sysreg encoding
  34     - KVM: arm/arm64: vgic-v3: Add accessors for the ICH_APxRn_EL2 registers
  35     - KVM: arm64: Make kvm_condition_valid32() accessible from EL2
  36     - KVM: arm64: vgic-v3: Add hook to handle guest GICv3 sysreg accesses at EL2
  37     - KVM: arm64: vgic-v3: Add ICV_BPR1_EL1 handler
  38     - KVM: arm64: vgic-v3: Add ICV_IGRPEN1_EL1 handler
  39     - KVM: arm64: vgic-v3: Add ICV_IAR1_EL1 handler
  40     - KVM: arm64: vgic-v3: Add ICV_EOIR1_EL1 handler
  41     - KVM: arm64: vgic-v3: Add ICV_AP1Rn_EL1 handler
  42     - KVM: arm64: vgic-v3: Add ICV_HPPIR1_EL1 handler
  43     - KVM: arm64: vgic-v3: Enable trapping of Group-1 system registers
  44     - KVM: arm64: Enable GICv3 Group-1 sysreg trapping via command-line
  45     - KVM: arm64: vgic-v3: Add ICV_BPR0_EL1 handler
  46     - KVM: arm64: vgic-v3: Add ICV_IGNREN0_EL1 handler
  47     - KVM: arm64: vgic-v3: Add misc Group-0 handlers
  48     - KVM: arm64: vgic-v3: Enable trapping of Group-0 system registers
  49     - KVM: arm64: Enable GICv3 Group-0 sysreg trapping via command-line
  50     - arm64: Add MIDR values for Cavium cn83XX SoCs
  51     - arm64: Add workaround for Cavium Thunder erratum 30115
  52     - KVM: arm64: vgic-v3: Add ICV_DIR_EL1 handler
  53     - KVM: arm64: vgic-v3: Add ICV_RPR_EL1 handler
  54     - KVM: arm64: vgic-v3: Add ICV_CTLR_EL1 handler
  55     - KVM: arm64: vgic-v3: Add ICV_PMR_EL1 handler
  56     - KVM: arm64: Enable GICv3 common sysreg trapping via command-line
  57     - KVM: arm64: vgic-v3: Log which GICv3 system registers are trapped
  58     - KVM: arm64: Log an error if trapping a read-from-write-only GICv3 access
  59     - KVM: arm64: Log an error if trapping a write-to-read-only GICv3 access
  60
  61   * hns: under heavy load, NIC may fail and require reboot (LP: #1704146)
  62     - net: hns: Bugfix for Tx timeout handling in hns driver
  63
  64   * New ACPI identifiers for ThunderX SMMU (LP: #1703437)
  65     - iommu/arm-smmu: Plumb in new ACPI identifiers
  66
  67   * Transparent hugepages should default to enabled=madvise (LP: #1703742)
  68     - SAUCE: use CONFIG_TRANSPARENT_HUGEPAGE_MADVISE=y as default
  69
  70   * Artful update to v4.12.1 stable release (LP: #1703858)
  71     - driver core: platform: fix race condition with driver_override
  72     - RDMA/uverbs: Check port number supplied by user verbs cmds
  73     - usb: dwc3: replace %p with %pK
  74     - USB: serial: cp210x: add ID for CEL EM3588 USB ZigBee stick
  75     - usb: usbip: set buffer pointers to NULL after free
  76     - Add USB quirk for HVR-950q to avoid intermittent device resets
  77     - usb: Fix typo in the definition of Endpoint[out]Request
  78     - USB: core: fix device node leak
  79     - USB: serial: option: add two Longcheer device ids
  80     - USB: serial: qcserial: new Sierra Wireless EM7305 device ID
  81     - xhci: Limit USB2 port wake support for AMD Promontory hosts
  82     - gfs2: Fix glock rhashtable rcu bug
  83     - Add "shutdown" to "struct class".
  84     - tpm: Issue a TPM2_Shutdown for TPM2 devices.
  85     - tpm: fix a kernel memory leak in tpm-sysfs.c
  86     - powerpc/powernv: Fix CPU_HOTPLUG=n idle.c compile error
  87     - x86/uaccess: Optimize copy_user_enhanced_fast_string() for short strings
  88     - sched/fair, cpumask: Export for_each_cpu_wrap()
  89     - sched/core: Implement new approach to scale select_idle_cpu()
  90     - sched/numa: Use down_read_trylock() for the mmap_sem
  91     - sched/numa: Override part of migrate_degrades_locality() when idle balancing
  92     - sched/fair: Simplify wake_affine() for the single socket case
  93     - sched/numa: Implement NUMA node level wake_affine()
  94     - sched/fair: Remove effective_load()
  95     - sched/numa: Hide numa_wake_affine() from UP build
  96     - xen: avoid deadlock in xenbus driver
  97     - crypto: drbg - Fixes panic in wait_for_completion call
  98     - Linux 4.12.1
  99
 100   * cxlflash update request in the Xenial SRU stream (LP: #1702521)
 101     - scsi: cxlflash: Combine the send queue locks
 102     - scsi: cxlflash: Update cxlflash_afu_sync() to return errno
 103     - scsi: cxlflash: Reset hardware queue context via specified register
 104     - scsi: cxlflash: Schedule asynchronous reset of the host
 105     - scsi: cxlflash: Handle AFU sync failures
 106     - scsi: cxlflash: Track pending scsi commands in each hardware queue
 107     - scsi: cxlflash: Flush pending commands in cleanup path
 108     - scsi: cxlflash: Add scsi command abort handler
 109     - scsi: cxlflash: Create character device to provide host management interface
 110     - scsi: cxlflash: Separate AFU internal command handling from AFU sync
 111       specifics
 112     - scsi: cxlflash: Introduce host ioctl support
 113     - scsi: cxlflash: Refactor AFU capability checking
 114     - scsi: cxlflash: Support LUN provisioning
 115     - scsi: cxlflash: Support AFU debug
 116     - scsi: cxlflash: Support WS16 unmap
 117     - scsi: cxlflash: Remove zeroing of private command data
 118     - scsi: cxlflash: Update TMF command processing
 119     - scsi: cxlflash: Avoid double free of character device
 120     - scsi: cxlflash: Update send_tmf() parameters
 121     - scsi: cxlflash: Update debug prints in reset handlers
 122
 123   * make snap-pkg support (LP: #1700747)
 124     - make snap-pkg support
 125
 126   * Quirk for non-compliant PCI bridge on HiSilicon D05 board (LP: #1698706)
 127     - SAUCE: PCI: Support hibmc VGA cards behind a misbehaving HiSilicon bridge
 128
 129   * arm64: fix crash reading /proc/kcore (LP: #1702749)
 130     - fs/proc: kcore: use kcore_list type to check for vmalloc/module address
 131     - arm64: mm: select CONFIG_ARCH_PROC_KCORE_TEXT
 132
 133   * Opal and POWER9 DD2 (LP: #1702159)
 134     - SAUCE: powerpc/powernv: Tell OPAL about our MMU mode on POWER9
 135
 136   * Data corruption with hio driver  (LP: #1701316)
 137     - SAUCE: hio: Fix incorrect use of enum req_opf values
 138
 139   * Miscellaneous Ubuntu changes
 140     - SAUCE: (noup) Update spl to 0.6.5.10-1, zfs to 0.6.5.10-1ubuntu2
 141     - snapcraft.yaml: Sync with xenial
 142     - [Config] CONFIG_CAVIUM_ERRATUM_30115=y
 143
 144   * Miscellaneous upstream changes
 145     - Revert "UBUNTU: SAUCE: (efi-lockdown) efi: Add sysctls for secureboot and
 146       MokSBState"
 147
 148  -- Seth Forshee <seth.forshee@canonical.com>  Fri, 14 Jul 2017 15:25:41 -0500
 149
 150 linux (4.12.0-6.7) artful; urgency=low
 151
 152   * update ENA driver to 1.2.0k from net-next (LP: #1701575)
 153     - net: ena: change return value for unsupported features unsupported return
 154       value
 155     - net: ena: add hardware hints capability to the driver
 156     - net: ena: change sizeof() argument to be the type pointer
 157     - net: ena: add reset reason for each device FLR
 158     - net: ena: add support for out of order rx buffers refill
 159     - net: ena: allow the driver to work with small number of msix vectors
 160     - net: ena: use napi_schedule_irqoff when possible
 161     - net: ena: separate skb allocation to dedicated function
 162     - net: ena: use lower_32_bits()/upper_32_bits() to split dma address
 163     - net: ena: update driver's rx drop statistics
 164     - net: ena: update ena driver to version 1.2.0
 165
 166   * APST gets enabled against explicit kernel option (LP: #1699004)
 167     - nvme: explicitly disable APST on quirked devices
 168
 169   * Miscellaneous Ubuntu changes
 170     - SAUCE: hio: Update to Huawei ES3000_V2 (2.1.0.40)
 171     - SAUCE: hio updates for 4.12
 172     - SAUCE: Enable hio build
 173
 174  -- Seth Forshee <seth.forshee@canonical.com>  Wed, 05 Jul 2017 14:23:20 -0500
 175
 176 linux (4.12.0-5.6) artful; urgency=low
 177
 178   * ERAT invalidate on context switch removal (LP: #1700819)
 179     - powerpc: Only do ERAT invalidate on radix context switch on P9 DD1
 180
 181   * powerpc: Invalidate ERAT on powersave wakeup for POWER9 (LP: #1700521)
 182     - SAUCE: powerpc: Invalidate ERAT on powersave wakeup for POWER9
 183
 184   * Miscellaneous Ubuntu changes
 185     - d-i: Move qcom-emac from arm64 to shared nic-modules
 186
 187   [ Upstream Kernel Changes ]
 188
 189   * Rebase to v4.12
 190
 191  -- Seth Forshee <seth.forshee@canonical.com>  Mon, 03 Jul 2017 07:52:02 -0500
 192
 193 linux (4.12.0-4.5) artful; urgency=low
 194
 195   * aacraid driver may return uninitialized stack data to userspace
 196     (LP: #1700077)
 197     - SAUCE: scsi: aacraid: Don't copy uninitialized stack memory to userspace
 198
 199   * KILLER1435-S[0489:e0a2] BT cannot search BT 4.0 device (LP: #1699651)
 200     - Bluetooth: btusb: Add support for 0489:e0a2 QCA_ROME device
 201
 202   * AACRAID for power9 platform (LP: #1689980)
 203     - scsi: aacraid: Remove __GFP_DMA for raw srb memory
 204     - scsi: aacraid: Fix DMAR issues with iommu=pt
 205     - scsi: aacraid: Added 32 and 64 queue depth for arc natives
 206     - scsi: aacraid: Set correct Queue Depth for HBA1000 RAW disks
 207     - scsi: aacraid: Remove reset support from check_health
 208     - scsi: aacraid: Change wait time for fib completion
 209     - scsi: aacraid: Log count info of scsi cmds before reset
 210     - scsi: aacraid: Print ctrl status before eh reset
 211     - scsi: aacraid: Using single reset mask for IOP reset
 212     - scsi: aacraid: Rework IOP reset
 213     - scsi: aacraid: Add periodic checks to see IOP reset status
 214     - scsi: aacraid: Rework SOFT reset code
 215     - scsi: aacraid: Rework aac_src_restart
 216     - scsi: aacraid: Use correct function to get ctrl health
 217     - scsi: aacraid: Make sure ioctl returns on controller reset
 218     - scsi: aacraid: Enable ctrl reset for both hba and arc
 219     - scsi: aacraid: Add reset debugging statements
 220     - scsi: aacraid: Remove reference to Series-9
 221     - scsi: aacraid: Update driver version to 50834
 222
 223   * hibmc driver does not include "pci:" prefix in bus ID (LP: #1698700)
 224     - SAUCE: drm: hibmc: Use set_busid function from drm core
 225
 226   * HiSilicon D05: installer doesn't appear on VGA (LP: #1698954)
 227     - d-i: Add hibmc-drm to kernel-image udeb
 228
 229   * Fix /proc/cpuinfo revision for POWER9 DD2 (LP: #1698844)
 230     - SAUCE: powerpc: Fix /proc/cpuinfo revision for POWER9 DD2
 231
 232   * Miscellaneous Ubuntu changes
 233     - [Config] CONFIG_SATA_MV=n and CONFIG_GENERIC_PHY=n for s390x
 234     - [Config] CONFIG_ATA=n for s390x
 235     - [Config] Update annotations for 4.12
 236
 237   [ Upstream Kernel Changes ]
 238
 239   * Rebase to v4.12-rc7
 240
 241  -- Seth Forshee <seth.forshee@canonical.com>  Mon, 26 Jun 2017 11:27:29 -0500
 242
 243 linux (4.12.0-3.4) artful; urgency=low
 244
 245   * Miscellaneous upstream changes
 246     - ufs: fix the logics for tail relocation
 247
 248   [ Upstream Kernel Changes ]
 249
 250   * Rebase to v4.12-rc6
 251
 252  -- Seth Forshee <seth.forshee@canonical.com>  Mon, 19 Jun 2017 14:50:39 -0500
 253
 254 linux (4.12.0-2.3) artful; urgency=low
 255
 256   * CVE-2014-9900
 257     - SAUCE: (no-up) net: Zeroing the structure ethtool_wolinfo in
 258       ethtool_get_wol()
 259
 260   * System doesn't boot properly on Gigabyte AM4 motherboards (AMD Ryzen)
 261     (LP: #1671360)
 262     - pinctrl/amd: Use regular interrupt instead of chained
 263
 264   * extend-diff-ignore should use exact matches (LP: #1693504)
 265     - [Packaging] exact extend-diff-ignore matches
 266
 267   * Miscellaneous Ubuntu changes
 268     - SAUCE: efi: Don't print secure boot state from the efi stub
 269     - ubuntu: vbox -- Update to 5.1.22-dfsg-1
 270     - SAUCE: vbox fixes for 4.12
 271     - Re-enable virtualbox build
 272     - [Config] CONFIG_ORANGEFS_FS=m
 273     - SAUCE: (noup) Update spl to 0.6.5.9-1ubuntu2, zfs to 0.6.5.9-5ubuntu7
 274     - Enable zfs build
 275
 276   [ Upstream Kernel Changes ]
 277
 278   * Rebase to v4.12-rc4
 279   * Rebase to v4.12-rc5
 280
 281  -- Seth Forshee <seth.forshee@canonical.com>  Sun, 11 Jun 2017 22:25:13 -0500
 282
 283 linux (4.12.0-1.2) artful; urgency=low
 284
 285   * Enable Matrox driver for Ubuntu 16.04.3 (LP: #1693337)
 286     - [Config] Enable CONFIG_DRM_MGAG200 as module
 287
 288   * Support low-pin-count devices on Hisilicon SoCs (LP: #1677319)
 289     - [Config] CONFIG_LIBIO=y on arm64 only
 290     - SAUCE: LIBIO: Introduce a generic PIO mapping method
 291     - SAUCE: OF: Add missing I/O range exception for indirect-IO devices
 292     - [Config] CONFIG_HISILICON_LPC=y
 293     - SAUCE: LPC: Support the device-tree LPC host on Hip06/Hip07
 294     - SAUCE: LIBIO: Support the dynamically logical PIO registration of ACPI host
 295       I/O
 296     - SAUCE: LPC: Add the ACPI LPC support
 297     - SAUCE: PCI: Apply the new generic I/O management on PCI IO hosts
 298     - SAUCE: PCI: Restore codepath for !CONFIG_LIBIO
 299
 300   * POWER9: Additional patches for TTY and CPU_IDLE (LP: #1674325)
 301     - SAUCE: tty: Fix ldisc crash on reopened tty
 302
 303   * Miscellaneous Ubuntu changes
 304     - [Debian] Add build-dep on libnuma-dev to enable 'perf bench numa'
 305     - Rebase to v4.12-rc3
 306
 307   [ Upstream Kernel Changes ]
 308
 309   * Rebase to v4.12-rc3
 310
 311  -- Seth Forshee <seth.forshee@canonical.com>  Mon, 29 May 2017 20:56:29 -0500
 312
 313 linux (4.12.0-0.1) artful; urgency=low
 314
 315   * please enable CONFIG_ARM64_LSE_ATOMICS (LP: #1691614)
 316     - [Config] CONFIG_ARM64_LSE_ATOMICS=y
 317
 318   * [Regression] NUMA_BALANCING disabled on arm64 (LP: #1690914)
 319     - [Config] CONFIG_NUMA_BALANCING{,_DEFAULT_ENABLED}=y on arm64
 320
 321   * exec'ing a setuid binary from a threaded program sometimes fails to setuid
 322     (LP: #1672819)
 323     - SAUCE: exec: ensure file system accounting in check_unsafe_exec is correct
 324
 325   * Miscellaneous Ubuntu changes
 326     - Update find-missing-sauce.sh to compare to artful
 327     - Update dropped.txt
 328     - SAUCE: (efi-lockdown) efi: Add EFI_SECURE_BOOT bit
 329     - SAUCE: (efi-lockdown) Add the ability to lock down access to the running
 330       kernel image
 331     - SAUCE: (efi-lockdown) efi: Lock down the kernel if booted in secure boot
 332       mode
 333     - SAUCE: (efi-lockdown) Enforce module signatures if the kernel is locked down
 334     - SAUCE: (efi-lockdown) Restrict /dev/mem and /dev/kmem when the kernel is
 335       locked down
 336     - SAUCE: (efi-lockdown) Add a sysrq option to exit secure boot mode
 337     - SAUCE: (efi-lockdown) kexec: Disable at runtime if the kernel is locked down
 338     - SAUCE: (efi-lockdown) Copy secure_boot flag in boot params across kexec
 339       reboot
 340     - SAUCE: (efi-lockdown) kexec_file: Disable at runtime if securelevel has been
 341       set
 342     - SAUCE: (efi-lockdown) hibernate: Disable when the kernel is locked down
 343     - SAUCE: (efi-lockdown) uswsusp: Disable when the kernel is locked down
 344     - SAUCE: (efi-lockdown) PCI: Lock down BAR access when the kernel is locked
 345       down
 346     - SAUCE: (efi-lockdown) x86: Lock down IO port access when the kernel is
 347       locked down
 348     - SAUCE: (efi-lockdown) x86: Restrict MSR access when the kernel is locked
 349       down
 350     - SAUCE: (efi-lockdown) asus-wmi: Restrict debugfs interface when the kernel
 351       is locked down
 352     - SAUCE: (efi-lockdown) ACPI: Limit access to custom_method when the kernel is
 353       locked down
 354     - SAUCE: (efi-lockdown) acpi: Ignore acpi_rsdp kernel param when the kernel
 355       has been locked down
 356     - SAUCE: (efi-lockdown) acpi: Disable ACPI table override if the kernel is
 357       locked down
 358     - SAUCE: (efi-lockdown) acpi: Disable APEI error injection if the kernel is
 359       locked down
 360     - SAUCE: (efi-lockdown) Enable cold boot attack mitigation
 361     - SAUCE: (efi-lockdown) bpf: Restrict kernel image access functions when the
 362       kernel is locked down
 363     - SAUCE: (efi-lockdown) scsi: Lock down the eata driver
 364     - SAUCE: (efi-lockdown) Prohibit PCMCIA CIS storage when the kernel is locked
 365       down
 366     - SAUCE: (efi-lockdown) Lock down TIOCSSERIAL
 367     - SAUCE: (efi-lockdown) KEYS: Allow unrestricted boot-time addition of keys to
 368       secondary keyring
 369     - SAUCE: (efi-lockdown) efi: Add EFI signature data types
 370     - SAUCE: (efi-lockdown) efi: Add an EFI signature blob parser
 371     - SAUCE: (efi-lockdown) MODSIGN: Import certificates from UEFI Secure Boot
 372     - SAUCE: (efi-lockdown) MODSIGN: Allow the "db" UEFI variable to be suppressed
 373     - SAUCE: (efi-lockdown) efi: Sanitize boot_params in efi stub
 374     - SAUCE: (efi-lockdown) efi: Add secure_boot state and status bit for
 375       MokSBState
 376     - SAUCE: (efi-lockdown) efi: Add sysctls for secureboot and MokSBState
 377     - [Config] Set values for UEFI secure boot lockdown options
 378     - Disable virtualbox build
 379     - Disable hio build
 380     - SAUCE: securityfs: Replace CURRENT_TIME with current_time()
 381     - Disable zfs build
 382     - [Debian] Work out upstream tag for use with gen-auto-reconstruct
 383     - SAUCE: Import aufs driver
 384     - SAUCE: aufs -- Include linux/mm.h in fs/aufs/file.h
 385     - [Config] Enable aufs
 386     - SAUCE: perf callchain: Include errno.h on x86 unconditinally
 387
 388   [ Upstream Kernel Changes ]
 389
 390   * Rebase to v4.12-rc2
 391
 392  -- Seth Forshee <seth.forshee@canonical.com>  Sun, 21 May 2017 23:44:44 -0500
 393
 394 linux (4.11.0-3.8) artful; urgency=low
 395
 396   [ Seth Forshee ]
 397
 398   * Release Tracking Bug
 399     - LP: #1690999
 400
 401   * apparmor_parser hangs indefinitely when called by multiple threads
 402     (LP: #1645037)
 403     - SAUCE: apparmor: fix lock ordering for mkdir
 404
 405   * apparmor leaking securityfs pin count (LP: #1660846)
 406     - SAUCE: apparmor: fix leak on securityfs pin count
 407
 408   * apparmor reference count leak when securityfs_setup_d_inode\ () fails
 409     (LP: #1660845)
 410     - SAUCE: apparmor: fix reference count leak when securityfs_setup_d_inode()
 411       fails
 412
 413   * apparmor not checking error if security_pin_fs() fails (LP: #1660842)
 414     - SAUCE: apparmor: fix not handling error case when securityfs_pin_fs() fails
 415
 416   * libvirt profile is blocking global setrlimit despite having no rlimit rule
 417     (LP: #1679704)
 418     - SAUCE: apparmor: fix complain mode failure for rlimit mediation
 419     - apparmor: update auditing of rlimit check to provide capability information
 420
 421   * apparmor: does not provide a way to detect policy updataes (LP: #1678032)
 422     - SAUCE: apparmor: add policy revision file interface
 423
 424   * apparmor does not make support of query data visible (LP: #1678023)
 425     - SAUCE: apparmor: add label data availability to the feature set
 426
 427   * apparmor query interface does not make supported query info available
 428     (LP: #1678030)
 429     - SAUCE: apparmor: add information about the query inteface to the feature set
 430
 431   * change_profile incorrect when using namespaces with a compound stack
 432     (LP: #1677959)
 433     - SAUCE: apparmor: fix label parse for stacked labels
 434
 435   * Regression in 4.4.0-65-generic causes very frequent system crashes
 436     (LP: #1669611)
 437     - apparmor: sync of apparmor 3.6+ (17.04)
 438
 439   * Artful update to 4.11.1 stable release (LP: #1690814)
 440     - dm ioctl: prevent stack leak in dm ioctl call
 441     - drm/sti: fix GDP size to support up to UHD resolution
 442     - power: supply: lp8788: prevent out of bounds array access
 443     - brcmfmac: Ensure pointer correctly set if skb data location changes
 444     - brcmfmac: Make skb header writable before use
 445     - sparc64: fix fault handling in NGbzero.S and GENbzero.S
 446     - refcount: change EXPORT_SYMBOL markings
 447     - net: macb: fix phy interrupt parsing
 448     - tcp: fix access to sk->sk_state in tcp_poll()
 449     - geneve: fix incorrect setting of UDP checksum flag
 450     - bpf: enhance verifier to understand stack pointer arithmetic
 451     - bpf, arm64: fix jit branch offset related to ldimm64
 452     - tcp: fix wraparound issue in tcp_lp
 453     - net: ipv6: Do not duplicate DAD on link up
 454     - net: usb: qmi_wwan: add Telit ME910 support
 455     - tcp: do not inherit fastopen_req from parent
 456     - ipv4, ipv6: ensure raw socket message is big enough to hold an IP header
 457     - rtnetlink: NUL-terminate IFLA_PHYS_PORT_NAME string
 458     - ipv6: initialize route null entry in addrconf_init()
 459     - ipv6: reorder ip6_route_dev_notifier after ipv6_dev_notf
 460     - tcp: randomize timestamps on syncookies
 461     - bnxt_en: allocate enough space for ->ntp_fltr_bmap
 462     - bpf: don't let ldimm64 leak map addresses on unprivileged
 463     - net: mdio-mux: bcm-iproc: call mdiobus_free() in error path
 464     - f2fs: sanity check segment count
 465     - xen/arm,arm64: fix xen_dma_ops after 815dd18 "Consolidate get_dma_ops..."
 466     - xen: Revert commits da72ff5bfcb0 and 72a9b186292d
 467     - block: get rid of blk_integrity_revalidate()
 468     - Linux 4.11.1
 469
 470   * Module signing exclusion for staging drivers does not work properly
 471     (LP: #1690908)
 472     - SAUCE: Fix module signing exclusion in package builds
 473
 474   * perf: qcom: Add L3 cache PMU driver (LP: #1689856)
 475     - [Config] CONFIG_QCOM_L3_PMU=y
 476     - perf: qcom: Add L3 cache PMU driver
 477
 478   * No PMU support for ACPI-based arm64 systems (LP: #1689661)
 479     - drivers/perf: arm_pmu: rework per-cpu allocation
 480     - drivers/perf: arm_pmu: manage interrupts per-cpu
 481     - drivers/perf: arm_pmu: split irq request from enable
 482     - drivers/perf: arm_pmu: remove pointless PMU disabling
 483     - drivers/perf: arm_pmu: define armpmu_init_fn
 484     - drivers/perf: arm_pmu: fold init into alloc
 485     - drivers/perf: arm_pmu: factor out pmu registration
 486     - drivers/perf: arm_pmu: simplify cpu_pmu_request_irqs()
 487     - drivers/perf: arm_pmu: handle no platform_device
 488     - drivers/perf: arm_pmu: rename irq request/free functions
 489     - drivers/perf: arm_pmu: split cpu-local irq request/free
 490     - drivers/perf: arm_pmu: move irq request/free into probe
 491     - drivers/perf: arm_pmu: split out platform device probe logic
 492     - arm64: add function to get a cpu's MADT GICC table
 493     - [Config] CONFIG_ARM_PMU_ACPI=y
 494     - drivers/perf: arm_pmu: add ACPI framework
 495     - arm64: pmuv3: handle !PMUv3 when probing
 496     - arm64: pmuv3: use arm_pmu ACPI framework
 497
 498   * Fix NVLINK2 TCE route (LP: #1690155)
 499     - powerpc/powernv: Fix TCE kill on NVLink2
 500
 501   * CVE-2017-0605
 502     - tracing: Use strlcpy() instead of strcpy() in __trace_find_cmdline()
 503
 504   * Miscellaneous Ubuntu changes
 505     - [Config] Restore powerpc arch to annotations file
 506     - [Config] Disable runtime testing modules
 507     - [Config] Disable drivers not needed on s390x
 508     - [Config] Update annotations for 4.11
 509     - [Config] updateconfigs after apparmor updates
 510
 511   * Miscellaneous upstream changes
 512     - apparmor: use SHASH_DESC_ON_STACK
 513     - apparmor: fix invalid reference to index variable of iterator line 836
 514     - apparmor: fix parameters so that the permission test is bypassed at boot
 515     - apparmor: Make path_max parameter readonly
 516     - apparmorfs: Combine two function calls into one in aa_fs_seq_raw_abi_show()
 517     - apparmorfs: Use seq_putc() in two functions
 518     - apparmor: provide information about path buffer size at boot
 519     - apparmor: add/use fns to print hash string hex value
 520
 521  -- Seth Forshee <seth.forshee@canonical.com>  Tue, 16 May 2017 00:39:13 -0500
 522
 523 linux (4.11.0-2.7) artful; urgency=low
 524
 525   * kernel-wedge fails in artful due to leftover squashfs-modules d-i files
 526     (LP: #1688259)
 527     - Remove squashfs-modules files from d-i
 528     - [Config] as squashfs-modules is builtin kernel-image must Provides: it
 529
 530   * [Zesty] d-i: replace msm_emac with qcom_emac (LP: #1677297)
 531     - Revert "UBUNTU: d-i: initrd needs msm_emac on amberwing platform."
 532     - d-i: initrd needs qcom_emac on amberwing platform.
 533
 534   * update for V3 kernel bits and improved multiple fan slice support
 535     (LP: #1470091)
 536     - SAUCE: fan: tunnel multiple mapping mode (v3)
 537
 538   * Miscellaneous Ubuntu changes
 539     - SAUCE: (noup) Update spl to 0.6.5.9-1ubuntu1, zfs to 0.6.5.9-5ubuntu5
 540     - Enable zfs
 541     - SAUCE: fan: add VXLAN implementation
 542     - SAUCE: (efi-lockdown) efi: Add EFI_SECURE_BOOT bit
 543     - SAUCE: (efi-lockdown) Add the ability to lock down access to the running
 544       kernel image
 545     - SAUCE: (efi-lockdown) efi: Lock down the kernel if booted in secure boot
 546       mode
 547     - SAUCE: (efi-lockdown) Enforce module signatures if the kernel is locked down
 548     - SAUCE: (efi-lockdown) Restrict /dev/mem and /dev/kmem when the kernel is
 549       locked down
 550     - SAUCE: (efi-lockdown) Add a sysrq option to exit secure boot mode
 551     - SAUCE: (efi-lockdown) kexec: Disable at runtime if the kernel is locked down
 552     - SAUCE: (efi-lockdown) Copy secure_boot flag in boot params across kexec
 553       reboot
 554     - SAUCE: (efi-lockdown) kexec_file: Disable at runtime if securelevel has been
 555       set
 556     - SAUCE: (efi-lockdown) hibernate: Disable when the kernel is locked down
 557     - SAUCE: (efi-lockdown) uswsusp: Disable when the kernel is locked down
 558     - SAUCE: (efi-lockdown) PCI: Lock down BAR access when the kernel is locked
 559       down
 560     - SAUCE: (efi-lockdown) x86: Lock down IO port access when the kernel is
 561       locked down
 562     - SAUCE: (efi-lockdown) x86: Restrict MSR access when the kernel is locked
 563       down
 564     - SAUCE: (efi-lockdown) asus-wmi: Restrict debugfs interface when the kernel
 565       is locked down
 566     - SAUCE: (efi-lockdown) ACPI: Limit access to custom_method when the kernel is
 567       locked down
 568     - SAUCE: (efi-lockdown) acpi: Ignore acpi_rsdp kernel param when the kernel
 569       has been locked down
 570     - SAUCE: (efi-lockdown) acpi: Disable ACPI table override if the kernel is
 571       locked down
 572     - SAUCE: (efi-lockdown) acpi: Disable APEI error injection if the kernel is
 573       locked down
 574     - SAUCE: (efi-lockdown) Enable cold boot attack mitigation
 575     - SAUCE: (efi-lockdown) bpf: Restrict kernel image access functions when the
 576       kernel is locked down
 577     - SAUCE: (efi-lockdown) scsi: Lock down the eata driver
 578     - SAUCE: (efi-lockdown) Prohibit PCMCIA CIS storage when the kernel is locked
 579       down
 580     - SAUCE: (efi-lockdown) Lock down TIOCSSERIAL
 581     - SAUCE: (efi-lockdown) Add EFI signature data types
 582     - SAUCE: (efi-lockdown) Add an EFI signature blob parser and key loader.
 583     - SAUCE: (efi-lockdown) KEYS: Add a system blacklist keyring
 584     - SAUCE: (efi-lockdown) MODSIGN: Import certificates from UEFI Secure Boot
 585     - SAUCE: (efi-lockdown) MODSIGN: Support not importing certs from db
 586     - SAUCE: (efi-lockdown) MODSIGN: Don't try secure boot if EFI runtime is
 587       disabled
 588     - SAUCE: (efi-lockdown) efi: Sanitize boot_params in efi stub
 589     - SAUCE: (efi-lockdown) efi: Add secure_boot state and status bit for
 590       MokSBState
 591     - SAUCE: (efi-lockdown) efi: Add sysctls for secureboot and MokSBState
 592     - [Config] Set values for UEFI secure boot lockdown options
 593     - Update dropped.txt
 594
 595   [ Upstream Kernel Changes ]
 596
 597   * rebase to v4.11
 598
 599  -- Seth Forshee <seth.forshee@canonical.com>  Fri, 05 May 2017 07:43:14 -0500
 600
 601 linux (4.11.0-1.6) artful; urgency=low
 602
 603   * Miscellaneous Ubuntu changes
 604     - [Debian] Use default compression for all packages
 605     - SAUCE: (namespace) block_dev: Support checking inode permissions in
 606       lookup_bdev()
 607     - SAUCE: (namespace) block_dev: Check permissions towards block device inode
 608       when mounting
 609     - SAUCE: (namespace) mtd: Check permissions towards mtd block device inode
 610       when mounting
 611     - SAUCE: (namespace) fs: Allow superblock owner to change ownership of inodes
 612     - SAUCE: (namespace) fs: Don't remove suid for CAP_FSETID for userns root
 613     - SAUCE: (namespace) fs: Allow superblock owner to access do_remount_sb()
 614     - SAUCE: (namespace) capabilities: Allow privileged user in s_user_ns to set
 615       security.* xattrs
 616     - SAUCE: (namespace) fs: Allow CAP_SYS_ADMIN in s_user_ns to freeze and thaw
 617       filesystems
 618     - SAUCE: (namespace) fuse: Add support for pid namespaces
 619     - SAUCE: (namespace) fuse: Support fuse filesystems outside of init_user_ns
 620     - SAUCE: (namespace) fuse: Restrict allow_other to the superblock's namespace
 621       or a descendant
 622     - SAUCE: (namespace) fuse: Allow user namespace mounts
 623     - SAUCE: (namespace) ext4: Add support for unprivileged mounts from user
 624       namespaces
 625     - SAUCE: (namespace) evm: Don't update hmacs in user ns mounts
 626     - SAUCE: (namespace) ext4: Add module parameter to enable user namespace
 627       mounts
 628     - SAUCE: (namespace) block_dev: Forbid unprivileged mounting when device is
 629       opened for writing
 630
 631  -- Seth Forshee <seth.forshee@canonical.com>  Wed, 26 Apr 2017 10:08:29 -0500
 632
 633 linux (4.11.0-0.5) artful; urgency=low
 634
 635   * [Hyper-V][SAUCE] pci-hyperv: Use only 16 bit integer for PCI domain
 636     (LP: #1684971)
 637     - SAUCE: pci-hyperv: Use only 16 bit integer for PCI domain
 638
 639   * [Hyper-V] Ubuntu 14.04.2 LTS Generation 2 SCSI Errors on VSS Based Backups
 640     (LP: #1470250)
 641     - SAUCE: Tools: hv: vss: Thaw the filesystem and continue after freeze fails
 642
 643   * Enable virtual scsi server driver for Power (LP: #1615665)
 644     - SAUCE: Return TCMU-generated sense data to fabric module
 645
 646   * include/linux/security.h header syntax error with !CONFIG_SECURITYFS
 647     (LP: #1630990)
 648     - SAUCE: (no-up) include/linux/security.h -- fix syntax error with
 649       CONFIG_SECURITYFS=n
 650
 651   * Miscellaneous Ubuntu changes
 652     - SAUCE: Import aufs driver
 653     - [Config] Enable aufs
 654     - [Debian] Add script to update virtualbox
 655     - ubuntu: vbox -- Update to 5.1.20-dfsg-2
 656     - Enable vbox
 657     - SAUCE: aufs -- Include linux/mm.h in fs/aufs/file.h
 658
 659   [ Upstream Kernel Changes ]
 660
 661   * rebase to v4.11-rc8
 662
 663  -- Seth Forshee <seth.forshee@canonical.com>  Tue, 25 Apr 2017 13:42:54 -0500
 664
 665 linux (4.11.0-0.4) zesty; urgency=low
 666
 667   * POWER9: Improve performance on memory management (LP: #1681429)
 668     - SAUCE: powerpc/mm/radix: Don't do page walk cache flush when doing full mm
 669       flush
 670     - SAUCE: powerpc/mm/radix: Remove unnecessary ptesync
 671
 672   * Miscellaneous Ubuntu changes
 673     - find-missing-sauce.sh
 674
 675   [ Upstream Kernel Changes ]
 676
 677   * rebase to v4.11-rc7
 678
 679  -- Seth Forshee <seth.forshee@canonical.com>  Tue, 18 Apr 2017 08:19:43 -0500
 680
 681 linux (4.11.0-0.3) zesty; urgency=low
 682
 683   * Disable CONFIG_HVC_UDBG on ppc64el (LP: #1680888)
 684     - [Config] Disable CONFIG_HVC_UDBG on ppc64el
 685
 686   * smartpqi driver needed in initram disk and installer (LP: #1680156)
 687     - [Config] Add smartpqi to d-i
 688
 689   * Disable CONFIG_SECURITY_SELINUX_DISABLE (LP: #1680315)
 690     - [Config] CONFIG_SECURITY_SELINUX_DISABLE=n
 691
 692   * Miscellaneous Ubuntu changes
 693     - [Config] flash-kernel should be a Breaks
 694     - [Config] drop the info directory
 695     - [Config] drop NOTES as obsolete
 696     - [Config] drop changelog.historical as obsolete
 697     - rebase to v4.11-rc6
 698
 699   [ Upstream Kernel Changes ]
 700
 701   * rebase to v4.11-rc6
 702
 703  -- Tim Gardner <tim.gardner@canonical.com>  Tue, 11 Apr 2017 07:16:52 -0600
 704
 705 linux (4.11.0-0.2) zesty; urgency=low
 706
 707   [ Upstream Kernel Changes ]
 708
 709   * rebase to v4.11-rc5
 710
 711  -- Tim Gardner <tim.gardner@canonical.com>  Mon, 03 Apr 2017 08:26:07 +0100
 712
 713 linux (4.11.0-0.1) zesty; urgency=low
 714
 715   [ Upstream Kernel Changes ]
 716
 717   * rebase to v4.11-rc4
 718     - LP: #1591053
 719
 720  -- Tim Gardner <tim.gardner@canonical.com>  Mon, 20 Mar 2017 05:15:32 -0600
 721
 722 linux (4.11.0-0.0) zesty; urgency=low
 723
 724   * dummy entry
 725
 726  -- Tim Gardner <tim.gardner@canonical.com>  Mon, 20 Mar 2017 05:15:32 -0600