This bug was fixed in the package linux - 4.15.0-19.20

---------------
linux (4.15.0-19.20) bionic; urgency=medium

  * linux: 4.15.0-19.20 -proposed tracker (LP: #1766021)

  * Kernel 4.15.0-15 breaks Dell PowerEdge 12th Gen servers (LP: #1765232)
    - Revert "blk-mq: simplify queue mapping & schedule with each possisble CPU"
    - Revert "genirq/affinity: assign vectors to all possible CPUs"

linux (4.15.0-18.19) bionic; urgency=medium

  * linux: 4.15.0-18.19 -proposed tracker (LP: #1765490)

  * [regression] Ubuntu 18.04:[4.15.0-17-generic #18] KVM Guest Kernel:
    meltdown: rfi/fallback displacement flush not enabled bydefault (kvm)
    (LP: #1765429)
    - powerpc/pseries: Fix clearing of security feature flags

  * signing: only install a signed kernel (LP: #1764794)
    - [Packaging] update to Debian like control scripts
    - [Packaging] switch to triggers for postinst.d postrm.d handling
    - [Packaging] signing -- switch to raw-signing tarballs
    - [Packaging] signing -- switch to linux-image as signed when available
    - [Config] signing -- enable Opal signing for ppc64el
    - [Packaging] printenv -- add signing options

  * [18.04 FEAT] Sign POWER host/NV kernels (LP: #1696154)
    - [Packaging] signing -- add support for signing Opal kernel binaries

  * Please cherrypick s390 unwind fix (LP: #1765083)
    - s390/compat: fix setup_frame32

  * Ubuntu 18.04 installer does not detect any IPR based HDD/RAID array [S822L]
    [ipr] (LP: #1751813)
    - d-i: move ipr to storage-core-modules on ppc64el

  * drivers/gpu/drm/bridge/adv7511/adv7511.ko missing (LP: #1764816)
    - SAUCE: (no-up) rename the adv7511 drm driver to adv7511_drm

  * Miscellaneous Ubuntu changes
    - [Packaging] Add linux-oem to rebuild test blacklist.

linux (4.15.0-17.18) bionic; urgency=medium

  * linux: 4.15.0-17.18 -proposed tracker (LP: #1764498)

  * Eventual OOM with profile reloads (LP: #1750594)
    - SAUCE: apparmor: fix memory leak when duplicate profile load

linux (4.15.0-16.17) bionic; urgency=medium

  * linux: 4.15.0-16.17 -proposed tracker (LP: #1763785)

  * [18.04] [bug] CFL-S(CNP)/CNL GPIO testing failed (LP: #1757346)
    - [Config]: Set CONFIG_PINCTRL_CANNONLAKE=y

  * [Ubuntu 18.04] USB Type-C test failed on GLK (LP: #1758797)
    - SAUCE: usb: typec: ucsi: Increase command completion timeout value

  * Fix trying to "push" an already active pool VP (LP: #1763386)
    - SAUCE: powerpc/xive: Fix trying to "push" an already active pool VP

  * hisi_sas: Revert and replace SAUCE patches w/ upstream (LP: #1762824)
    - Revert "UBUNTU: SAUCE: scsi: hisi_sas: export device table of v3 hw to
      userspace"
    - Revert "UBUNTU: SAUCE: scsi: hisi_sas: config for hip08 ES"
    - scsi: hisi_sas: modify some register config for hip08
    - scsi: hisi_sas: add v3 hw MODULE_DEVICE_TABLE()

  * Realtek card reader - RTS5243 [VEN_10EC&DEV_5260] (LP: #1737673)
    - misc: rtsx: Move Realtek Card Reader Driver to misc
    - updateconfigs for Realtek Card Reader Driver
    - misc: rtsx: Add support for RTS5260
    - misc: rtsx: Fix symbol clashes

  * Mellanox [mlx5] [bionic] UBSAN: Undefined behaviour in
    ./include/linux/net_dim.h (LP: #1763269)
    - net/mlx5e: Fix int overflow

  * apparmor bug fixes for bionic (LP: #1763427)
    - apparmor: fix logging of the existence test for signals
    - apparmor: make signal label match work when matching stacked labels
    - apparmor: audit unknown signal numbers
    - apparmor: fix memory leak on buffer on error exit path
    - apparmor: fix mediation of prlimit

  * dangling symlinks to loaded apparmor policy (LP: #1755563) // apparmor bug
    fixes for bionic (LP: #1763427)
    - apparmor: fix dangling symlinks to policy rawdata after replacement

  * [OPAL] Assert fail:
    core/mem_region.c:447:lock_held_by_me(&region->free_list_lock)
    (LP: #1762913)
    - powerpc/watchdog: remove arch_trigger_cpumask_backtrace

  * [LTC Test] Ubuntu 18.04: tm_trap_test failed on P8 compat mode guest
    (LP: #1762928)
    - powerpc/tm: Fix endianness flip on trap

  * Add support for RT5660 codec based sound cards on Baytrail (LP: #1657674)
    - SAUCE: (no-up) ASoC: Intel: Support machine driver for RT5660 on Baytrail
    - SAUCE: (no-up) ASoC: rt5660: Add ACPI support
    - SAUCE: (no-up): ASoC: Intel: bytcr-rt5660: Add MCLK, quirks
    - [Config] CONFIG_SND_SOC_INTEL_BYTCR_RT5660_MACH=m, CONFIG_SND_SOC_RT5660=m

  * /dev/ipmi enumeration flaky on Cavium Sabre nodes (LP: #1762812)
    - i2c: xlp9xx: return ENXIO on slave address NACK
    - i2c: xlp9xx: Handle transactions with I2C_M_RECV_LEN properly
    - i2c: xlp9xx: Check for Bus state before every transfer
    - i2c: xlp9xx: Handle NACK on DATA properly

  * [18.04 FEAT] Add kvm_stat from kernel tree (LP: #1734130)
    - tools/kvm_stat: simplify the sortkey function
    - tools/kvm_stat: use a namedtuple for storing the values
    - tools/kvm_stat: use a more pythonic way to iterate over dictionaries
    - tools/kvm_stat: avoid 'is' for equality checks
    - tools/kvm_stat: fix crash when filtering out all non-child trace events
    - tools/kvm_stat: print error on invalid regex
    - tools/kvm_stat: fix debugfs handling
    - tools/kvm_stat: mark private methods as such
    - tools/kvm_stat: eliminate extra guest/pid selection dialog
    - tools/kvm_stat: separate drilldown and fields filtering
    - tools/kvm_stat: group child events indented after parent
    - tools/kvm_stat: print 'Total' line for multiple events only
    - tools/kvm_stat: Fix python3 syntax
    - tools/kvm_stat: Don't use deprecated file()
    - tools/kvm_stat: Remove unused function
    - [Packaging] Add linux-tools-host package for VM host tools
    - [Config] do_tools_host=true for amd64

  * Bionic update to v4.15.17 stable release (LP: #1763366)
    - i40iw: Fix sequence number for the first partial FPDU
    - i40iw: Correct Q1/XF object count equation
    - i40iw: Validate correct IRD/ORD connection parameters
    - clk: meson: mpll: use 64-bit maths in params_from_rate
    - ARM: dts: ls1021a: add "fsl,ls1021a-esdhc" compatible string to esdhc node
    - Bluetooth: Add a new 04ca:3015 QCA_ROME device
    - ipv6: Reinject IPv6 packets if IPsec policy matches after SNAT
    - thermal: power_allocator: fix one race condition issue for 
thermal_instances
      list
    - perf probe: Find versioned symbols from map
    - perf probe: Add warning message if there is unexpected event name
    - perf evsel: Fix swap for samples with raw data
    - perf evsel: Enable ignore_missing_thread for pid option
    - l2tp: fix missing print session offset info
    - rds; Reset rs->rs_bound_addr in rds_add_bound() failure path
    - ACPI / video: Default lcd_only to true on Win8-ready and newer machines
    - IB/mlx5: Report inner RSS capability
    - VFS: close race between getcwd() and d_move()
    - watchdog: dw_wdt: add stop watchdog operation
    - clk: divider: fix incorrect usage of container_of
    - PM / devfreq: Fix potential NULL pointer dereference in governor_store
    - gpiolib: don't dereference a desc before validation
    - net_sch: red: Fix the new offload indication
    - selftests/net: fix bugs in address and port initialization
    - thermal/drivers/hisi: Remove bogus const from function return type
    - RDMA/cma: Mark end of CMA ID messages
    - hwmon: (ina2xx) Make calibration register value fixed
    - f2fs: fix lock dependency in between dio_rwsem & i_mmap_sem
    - clk: sunxi-ng: a83t: Add M divider to TCON1 clock
    - media: videobuf2-core: don't go out of the buffer range
    - ASoC: Intel: Skylake: Disable clock gating during firmware and library
      download
    - ASoC: Intel: cht_bsw_rt5645: Analog Mic support
    - drm/msm: Fix NULL deref in adreno_load_gpu
    - IB/ipoib: Fix for notify send CQ failure messages
    - spi: sh-msiof: Fix timeout failures for TX-only DMA transfers
    - scsi: mpt3sas: Proper handling of set/clear of "ATA command pending" flag.
    - irqchip/ompic: fix return value check in ompic_of_init()
    - irqchip/gic-v3: Fix the driver probe() fail due to disabled GICC entry
    - ACPI: EC: Fix debugfs_create_*() usage
    - mac80211: Fix setting TX power on monitor interfaces
    - vfb: fix video mode and line_length being set when loaded
    - crypto: crypto4xx - perform aead icv check in the driver
    - gpio: label descriptors using the device name
    - arm64: asid: Do not replace active_asids if already 0
    - powernv-cpufreq: Add helper to extract pstate from PMSR
    - IB/rdmavt: Allocate CQ memory on the correct node
    - blk-mq: avoid to map CPU into stale hw queue
    - blk-mq: fix race between updating nr_hw_queues and switching io sched
    - backlight: tdo24m: Fix the SPI CS between transfers
    - nvme-fabrics: protect against module unload during create_ctrl
    - nvme-fabrics: don't check for non-NULL module in nvmf_register_transport
    - pinctrl: baytrail: Enable glitch filter for GPIOs used as interrupts
    - nvme_fcloop: disassocate local port structs
    - nvme_fcloop: fix abort race condition
    - tpm: return a TPM_RC_COMMAND_CODE response if command is not implemented
    - perf report: Fix a no annotate browser displayed issue
    - staging: lustre: disable preempt while sampling processor id.
    - ASoC: Intel: sst: Fix the return value of 'sst_send_byte_stream_mrfld()'
    - power: supply: axp288_charger: Properly stop work on probe-error / remove
    - rt2x00: do not pause queue unconditionally on error path
    - wl1251: check return from call to wl1251_acx_arp_ip_filter
    - net/mlx5: Fix race for multiple RoCE enable
    - bcache: ret IOERR when read meets metadata error
    - bcache: stop writeback thread after detaching
    - bcache: segregate flash only volume write streams
    - net: Fix netdev_WARN_ONCE macro
    - net/mlx5e: IPoIB, Use correct timestamp in child receive flow
    - blk-mq: fix kernel oops in blk_mq_tag_idle()
    - tty: n_gsm: Allow ADM response in addition to UA for control dlci
    - block, bfq: put async queues for root bfq groups too
    - serdev: Fix serdev_uevent failure on ACPI enumerated serdev-controllers
    - EDAC, mv64x60: Fix an error handling path
    - uio_hv_generic: check that host supports monitor page
    - Bluetooth: hci_bcm: Mandate presence of shutdown and device wake GPIO
    - Bluetooth: hci_bcm: Validate IRQ before using it
    - Bluetooth: hci_bcm: Make shutdown and device wake GPIO optional
    - i40evf: don't rely on netif_running() outside rtnl_lock()
    - drm/amd/powerplay: fix memory leakage when reload (v2)
    - cxgb4vf: Fix SGE FL buffer initialization logic for 64K pages
    - PM / domains: Don't skip driver's ->suspend|resume_noirq() callbacks
    - scsi: megaraid_sas: Error handling for invalid ldcount provided by 
firmware
      in RAID map
    - scsi: megaraid_sas: unload flag should be set after scsi_remove_host is
      called
    - RDMA/cma: Fix rdma_cm path querying for RoCE
    - gpio: thunderx: fix error return code in thunderx_gpio_probe()
    - x86/gart: Exclude GART aperture from vmcore
    - sdhci: Advertise 2.0v supply on SDIO host controller
    - Input: goodix - disable IRQs while suspended
    - mtd: mtd_oobtest: Handle bitflips during reads
    - crypto: aes-generic - build with -Os on gcc-7+
    - perf tools: Fix copyfile_offset update of output offset
    - tcmu: release blocks for partially setup cmds
    - thermal: int3400_thermal: fix error handling in int3400_thermal_probe()
    - drm/i915/cnp: Ignore VBT request for know invalid DDC pin.
    - drm/i915/cnp: Properly handle VBT ddc pin out of bounds.
    - x86/microcode: Propagate return value from updating functions
    - x86/CPU: Add a microcode loader callback
    - x86/CPU: Check CPU feature bits after microcode upgrade
    - x86/microcode: Get rid of struct apply_microcode_ctx
    - x86/microcode/intel: Check microcode revision before updating sibling
      threads
    - x86/microcode/intel: Writeback and invalidate caches before updating
      microcode
    - x86/microcode: Do not upload microcode if CPUs are offline
    - x86/microcode/intel: Look into the patch cache first
    - x86/microcode: Request microcode on the BSP
    - x86/microcode: Synchronize late microcode loading
    - x86/microcode: Attempt late loading only when new microcode is present
    - x86/microcode: Fix CPU synchronization routine
    - arp: fix arp_filter on l3slave devices
    - ipv6: the entire IPv6 header chain must fit the first fragment
    - lan78xx: Crash in lan78xx_writ_reg (Workqueue: events
      lan78xx_deferred_multicast_write)
    - net: dsa: Discard frames from unused ports
    - net: fix possible out-of-bound read in skb_network_protocol()
    - net/ipv6: Fix route leaking between VRFs
    - net/ipv6: Increment OUTxxx counters after netfilter hook
    - netlink: make sure nladdr has correct size in netlink_connect()
    - net/mlx5e: Verify coalescing parameters in range
    - net sched actions: fix dumping which requires several messages to user 
space
    - net/sched: fix NULL dereference in the error path of tcf_bpf_init()
    - pptp: remove a buggy dst release in pptp_connect()
    - r8169: fix setting driver_data after register_netdev
    - sctp: do not leak kernel memory to user space
    - sctp: sctp_sockaddr_af must check minimal addr length for AF_INET6
    - vhost: correctly remove wait queue during poll failure
    - vlan: also check phy_driver ts_info for vlan's real device
    - vrf: Fix use after free and double free in vrf_finish_output
    - bonding: fix the err path for dev hwaddr sync in bond_enslave
    - bonding: move dev_mc_sync after master_upper_dev_link in bond_enslave
    - bonding: process the err returned by dev_set_allmulti properly in
      bond_enslave
    - net: fool proof dev_valid_name()
    - ip_tunnel: better validate user provided tunnel names
    - ipv6: sit: better validate user provided tunnel names
    - ip6_gre: better validate user provided tunnel names
    - ip6_tunnel: better validate user provided tunnel names
    - vti6: better validate user provided tunnel names
    - net/mlx5e: Set EQE based as default TX interrupt moderation mode
    - net_sched: fix a missing idr_remove() in u32_delete_key()
    - net/sched: fix NULL dereference in the error path of tcf_vlan_init()
    - net/mlx5e: Avoid using the ipv6 stub in the TC offload neigh update path
    - net/mlx5e: Fix memory usage issues in offloading TC flows
    - net/sched: fix NULL dereference in the error path of tcf_sample_init()
    - nfp: use full 40 bits of the NSP buffer address
    - ipv6: sr: fix seg6 encap performances with TSO enabled
    - net/mlx5e: Don't override vport admin link state in switchdev mode
    - net/mlx5e: Sync netdev vxlan ports at open
    - net/sched: fix NULL dereference in the error path of tunnel_key_init()
    - net/sched: fix NULL dereference on the error path of tcf_skbmod_init()
    - strparser: Fix sign of err codes
    - net/mlx4_en: Fix mixed PFC and Global pause user control requests
    - net/mlx5e: Fix traffic being dropped on VF representor
    - vhost: validate log when IOTLB is enabled
    - route: check sysctl_fib_multipath_use_neigh earlier than hash
    - team: move dev_mc_sync after master_upper_dev_link in team_port_add
    - vhost_net: add missing lock nesting notation
    - net/mlx4_core: Fix memory leak while delete slave's resources
    - Linux 4.15.17

  * sky2 gigabit ethernet driver sometimes stops working after lid-open resume
    from sleep (88E8055) (LP: #1758507) // Bionic update to v4.15.17 stable
    release (LP: #1763366)
    - sky2: Increase D3 delay to sky2 stops working after suspend

  * [Featire] CNL: Enable RAPL support (LP: #1685712)
    - powercap: RAPL: Add support for Cannon Lake

  * System Z {kernel} UBUNTU18.04 wrong kernel config (LP: #1762719)
    - s390: move nobp parameter functions to nospec-branch.c
    - s390: add automatic detection of the spectre defense
    - s390: report spectre mitigation via syslog
    - s390: add sysfs attributes for spectre
    - [Config] CONFIG_EXPOLINE_AUTO=y, CONFIG_KERNEL_NOBP=n for s390
    - s390: correct nospec auto detection init order

  * Merge the linux-snapdragon kernel into bionic master/snapdragon
    (LP: #1763040)
    - drm/msm: fix spelling mistake: "ringubffer" -> "ringbuffer"
    - drm/msm: fix msm_rd_dump_submit prototype
    - drm/msm: gpu: Only sync fences on rings that exist
    - wcn36xx: set default BTLE coexistence config
    - wcn36xx: Add hardware scan offload support
    - wcn36xx: Reduce spinlock in indication handler
    - wcn36xx: fix incorrect assignment to msg_body.min_ch_time
    - wcn36xx: release DMA memory in case of error
    - mailbox: qcom: Convert APCS IPC driver to use regmap
    - mailbox: qcom: Create APCS child device for clock controller
    - clk: qcom: Add A53 PLL support
    - clk: qcom: Add regmap mux-div clocks support
    - clk: qcom: Add APCS clock controller support
    - clk: qcom: msm8916: Fix return value check in 
qcom_apcs_msm8916_clk_probe()
    - media: venus: venc: set correctly GOP size and number of B-frames
    - media: venus: venc: configure entropy mode
    - media: venus: venc: Apply inloop deblocking filter
    - media: venus: cleanup set_property controls
    - arm64: defconfig: enable REMOTEPROC
    - arm64: defconfig: enable QCOM audio drivers for APQ8016 and DB410c
    - kernel: configs; add distro.config
    - arm64: configs: enable WCN36xx
    - kernel: distro.config: enable debug friendly USB network adpater
    - arm64: configs: enable QCOM Venus
    - arm64: defconfig: Enable a53/apcs and avs
    - arm64: defconfig: enable ondemand governor as default
    - arm64: defconfig: enable QCOM_TSENS
    - arm64: defconfig: enable new trigger modes for leds
    - kernel: configs: enable dm_mod and dm_crypt
    - Force the SMD regulator driver to be compiled-in
    - arm64: defconfig: enable CFG80211_DEFAULT_PS by default
    - arm64: configs: enable BT_QCOMSMD
    - kernel: configs: add more USB net drivers
    - arm64: defconfig: disable ANALOG_TV and DIGITAL_TV
    - arm64: configs: Enable camera drivers
    - kernel: configs: add freq stat to sysfs
    - arm64: defconfig: enable CONFIG_USB_CONFIGFS_F_FS by default
    - arm64: defconfig: Enable QRTR features
    - kernel: configs: set USB_CONFIG_F_FS in distro.config
    - kernel: distro.config: enable 'schedutil' CPUfreq governor
    - kernel: distro.config: enable 'fq' and 'fq_codel' qdiscs
    - kernel: distro.config: enable 'BBR' TCP congestion algorithm
    - arm64: defconfig: enable LEDS_QCOM_LPG
    - HACK: drm/msm/iommu: Remove runtime_put calls in map/unmap
    - power: avs: Add support for CPR (Core Power Reduction)
    - power: avs: cpr: Use raw mem access for qfprom
    - power: avs: cpr: fix with new reg_sequence structures
    - power: avs: cpr: Register with cpufreq-dt
    - regulator: smd: Add floor and corner operations
    - PM / OPP: Support adjusting OPP voltages at runtime
    - PM / OPP: Drop RCU usage in dev_pm_opp_adjust_voltage()
    - PM / OPP: HACK: Allow to set regulator without opp_list
    - PM / OPP: Add a helper to get an opp regulator for device
    - cpufreq: Add apq8016 to cpufreq-dt-platdev blacklist
    - regulator: smd: Allow REGULATOR_QCOM_SMD_RPM=m
    - ov5645: I2C address change
    - i2c: Add Qualcomm Camera Control Interface driver
    - camss: vfe: Skip first four frames from sensor
    - camss: Do not register if no cameras are present
    - i2c-qcom-cci: Fix run queue completion timeout
    - i2c-qcom-cci: Fix I2C address bug
    - media: ov5645: Fix I2C address
    - drm/bridge/adv7511: Delay clearing of HPD interrupt status
    - HACK: drm/msm/adv7511: Don't rely on interrupts for EDID parsing
    - leds: Add driver for Qualcomm LPG
    - wcn36xx: Fix warning due to duplicate scan_completed notification
    - arm64: dts: Add CPR DT node for msm8916
    - arm64: dts: add spmi-regulator nodes
    - arm64: dts: msm8916: Add cpufreq support
    - arm64: dts: msm8916: Add a shared CPU opp table
    - arm64: dts: msm8916: Add cpu cooling maps
    - arm64: dts: pm8916: Mark the s2 regulator as always-on
    - dt-bindings: mailbox: qcom: Document the APCS clock binding
    - arm64: dts: qcom: msm8916: Add msm8916 A53 PLL DT node
    - arm64: dts: qcom: msm8916: Use the new APCS mailbox driver
    - arm64: dts: qcom: msm8916: Add clock properties to the APCS node
    - arm64: dts: qcom: apq8016-sbc: Allow USR4 LED to notify kernel panic
    - dt-bindings: media: Binding document for Qualcomm Camera Control Interface
      driver
    - MAINTAINERS: Add Qualcomm Camera Control Interface driver
    - DT: leds: Add Qualcomm Light Pulse Generator binding
    - arm64: dts: qcom: msm8996: Add mpp and lpg blocks
    - arm64: dts: qcom: Add pwm node for pm8916
    - arm64: dts: qcom: Add user LEDs on db820c
    - arm64: dts: qcom: Add WiFI/BT LEDs on db820c
    - ARM: dts: qcom: Add LPG node to pm8941
    - ARM: dts: qcom: honami: Add LPG node and RGB LED
    - arm64: dts: qcom: Add Camera Control Interface support
    - arm64: dts: qcom: Add apps_iommu vfe child node
    - arm64: dts: qcom: Add camss device node
    - arm64: dts: qcom: Add ov5645 device nodes
    - arm64: dts: msm8916: Fix camera sensors I2C addresses
    - arm: dts: qcom: db410c: Enable PWM signal on MPP4
    - packaging: arm64: add a uboot flavour - part1
    - packaging: arm64: add a uboot flavour - part2
    - packaging: arm64: add a uboot flavour - part3
    - packaging: arm64: add a uboot flavour - part4
    - packaging: arm64: add a uboot flavour - part5
    - packaging: arm64: rename uboot flavour to snapdragon
    - [Config] updateconfigs after qcomlt import
    - [Config] arm64: snapdragon: COMMON_CLK_QCOM=y
    - [Config] arm64: snapdragon: MSM_GCC_8916=y
    - [Config] arm64: snapdragon: REGULATOR_FIXED_VOLTAGE=y
    - [Config] arm64: snapdragon: PINCTRL_MSM8916=y
    - [Config] arm64: snapdragon: HWSPINLOCK_QCOM=y
    - [Config] arm64: snapdragon: SPMI=y, SPMI_MSM_PMIC_ARB=y
    - [Config] arm64: snapdragon: REGMAP_SPMI=y, PINCTRL_QCOM_SPMI_PMIC=y
    - [Config] arm64: snapdragon: REGULATOR_QCOM_SPMI=y
    - [Config] arm64: snapdragon: MFD_SPMI_PMIC=y
    - [Config] arm64: snapdragon: QCOM_SMEM=y
    - [Config] arm64: snapdragon: RPMSG=y, RPMSG_QCOM_SMD=y
    - [Config] arm64: snapdragon: QCOM_SMD_RPM=y, REGULATOR_QCOM_SMD_RPM=y
    - [Config] arm64: snapdragon: QCOM_CLK_SMD_RPM=y
    - [Config] arm64: snapdragon: QCOM_BAM_DMA=y
    - [Config] arm64: snapdragon: QCOM_HIDMA=y, QCOM_HIDMA_MGMT=y
    - [Config] arm64: snapdragon: QCOM_CPR=y
    - [Config] arm64: snapdragon: QCOM_QFPROM=y, QCOM_TSENS=y
    - [Config] arm64: snapdragon: MMC_SDHCI=y, MMC_SDHCI_PLTFM=y, 
MMC_SDHCI_MSM=y
    - [Config] turn off DRM_MSM_REGISTER_LOGGING
    - [Config] arm64: snapdragon: I2C_QUP=y
    - [Config] arm64: snapdragon: SPI_QUP=y
    - [Config] arm64: snapdragon: USB_ULPI_BUS=y, PHY_QCOM_USB_HS=y
    - [Config] arm64: snapdragon: QCOM_APCS_IPC=y
    - [Config] arm64: snapdragon: QCOM_WCNSS_CTRL=y
    - [Config] arm64: snapdragon: QCOM_SMSM=y
    - [Config] arm64: snapdragon: QCOM_SMP2P=y
    - [Config] arm64: snapdragon: DRM_MSM=y
    - [Config] arm64: snapdragon: SND_SOC=y
    - [Config] arm64: snapdragon: QCOM_WCNSS_PIL=m
    - [Config] arm64: snapdragon: QCOM_A53PLL=y, QCOM_CLK_APCS_MSM8916=y
    - [Config] arm64: snapdragon: INPUT_PM8941_PWRKEY=y
    - [Config] arm64: snapdragon: MEDIA_SUBDRV_AUTOSELECT=y, VIDEO_OV5645=m
    - [Config] arm64: snapdragon: SND_SOC_APQ8016_SBC=y, SND_SOC_LPASS_APQ8016=y
    - [Config] arm64: snapdragon: SND_SOC_MSM8916_WCD_ANALOG=y,
      SND_SOC_MSM8916_WCD_DIGITAL=y
    - SAUCE: media: ov5645: skip address change if dt addr == default addr
    - SAUCE: drm/msm/adv7511: wrap hacks under CONFIG_ADV7511_SNAPDRAGON_HACKS
      #ifdefs
    - [Config] arm64: snapdragon: ADV7511_SNAPDRAGON_HACKS=y
    - packaging: snapdragon: fixup ABI paths

  * LSM stacking patches for bionic (LP: #1763062)
    - SAUCE: LSM stacking: procfs: add smack subdir to attrs
    - SAUCE: LSM stacking: LSM: Manage credential security blobs
    - SAUCE: LSM stacking: LSM: Manage file security blobs
    - SAUCE: LSM stacking: LSM: Manage task security blobs
    - SAUCE: LSM stacking: LSM: Manage remaining security blobs
    - SAUCE: LSM stacking: LSM: General stacking
    - SAUCE: LSM stacking: fixup initialize task->security
    - SAUCE: LSM stacking: fixup: alloc_task_ctx is dead code
    - SAUCE: LSM stacking: add support for stacking getpeersec_stream
    - SAUCE: LSM stacking: add stacking support to apparmor network hooks
    - SAUCE: LSM stacking: fixup apparmor stacking enablement
    - SAUCE: LSM stacking: fixup stacking kconfig
    - SAUCE: LSM stacking: allow selecting multiple LSMs using kernel boot 
params
    - SAUCE: LSM stacking: provide prctl interface for setting context
    - SAUCE: LSM stacking: inherit current display LSM
    - SAUCE: LSM stacking: keep an index for each registered LSM
    - SAUCE: LSM stacking: verify display LSM
    - SAUCE: LSM stacking: provide a way to specify the default display lsm
    - SAUCE: LSM stacking: make sure LSM blob align on 64 bit boundaries
    - SAUCE: LSM stacking: add /proc/<pid>/attr/display_lsm
    - SAUCE: LSM stacking: add Kconfig to set default display LSM
    - SAUCE: LSM stacking: add configs for LSM stacking
    - SAUCE: LSM stacking: add apparmor and selinux proc dirs
    - SAUCE: LSM stacking: remove procfs context interface

  * linux 4.13.0-13.14 ADT test failure with linux 4.13.0-13.14
    (LP: #1720779) // LSM stacking patches for bionic (LP: #1763062)
    - SAUCE: LSM stacking: check for invalid zero sized writes

  * RDMA/hns: ensure for-loop actually iterates and free's buffers
    (LP: #1762757)
    - RDMA/hns: ensure for-loop actually iterates and free's buffers

  * Support cq/rq record doorbell for RDMA on HSilicon hip08 systems
    (LP: #1762755)
    - RDMA/hns: Fix the endian problem for hns
    - RDMA/hns: Support rq record doorbell for the user space
    - RDMA/hns: Support cq record doorbell for the user space
    - RDMA/hns: Support rq record doorbell for kernel space
    - RDMA/hns: Support cq record doorbell for kernel space
    - RDMA/hns: Fix cqn type and init resp
    - RDMA/hns: Fix init resp when alloc ucontext
    - RDMA/hns: Fix cq record doorbell enable in kernel

  * Replace LPC patchset with upstream version (LP: #1762758)
    - Revert "UBUNTU: SAUCE: MAINTAINERS: Add maintainer for HiSilicon LPC 
driver"
    - Revert "UBUNTU: SAUCE: HISI LPC: Add ACPI support"
    - Revert "UBUNTU: SAUCE: ACPI / scan: do not enumerate Indirect IO host
      children"
    - Revert "UBUNTU: SAUCE: HISI LPC: Support the LPC host on Hip06/Hip07 with 
DT
      bindings"
    - Revert "UBUNTU: SAUCE: OF: Add missing I/O range exception for indirect-IO
      devices"
    - Revert "UBUNTU: SAUCE: PCI: Apply the new generic I/O management on PCI IO
      hosts"
    - Revert "UBUNTU: SAUCE: PCI: Add fwnode handler as input param of
      pci_register_io_range()"
    - Revert "UBUNTU: SAUCE: PCI: Remove unused __weak attribute in
      pci_register_io_range()"
    - Revert "UBUNTU: SAUCE: LIB: Introduce a generic PIO mapping method"
    - lib: Add generic PIO mapping method
    - PCI: Remove __weak tag from pci_register_io_range()
    - PCI: Add fwnode handler as input param of pci_register_io_range()
    - PCI: Apply the new generic I/O management on PCI IO hosts
    - of: Add missing I/O range exception for indirect-IO devices
    - HISI LPC: Support the LPC host on Hip06/Hip07 with DT bindings
    - ACPI / scan: Rename acpi_is_serial_bus_slave() for more general use
    - ACPI / scan: Do not enumerate Indirect IO host children
    - HISI LPC: Add ACPI support
    - MAINTAINERS: Add John Garry as maintainer for HiSilicon LPC driver

  * Enable Tunneled Operations on POWER9 (LP: #1762448)
    - powerpc/powernv: Enable tunneled operations
    - cxl: read PHB indications from the device tree

  * PSL traces reset after PERST for debug AFU image (LP: #1762462)
    - cxl: Enable NORST bit in PSL_DEBUG register for PSL9

  * NFS + sec=krb5 is broken (LP: #1759791)
    - sunrpc: remove incorrect HMAC request initialization

  * Raspberry Pi 3 microSD support missing from the installer (LP: #1729128)
    - d-i: add bcm2835 to block-modules

  * Backport USB core quirks (LP: #1762695)
    - usb: core: Add "quirks" parameter for usbcore
    - usb: core: Copy parameter string correctly and remove superfluous null 
check
    - usb: core: Add USB_QUIRK_DELAY_CTRL_MSG to usbcore quirks

  * [Ubuntu 18.04] cryptsetup: 'device-mapper: reload ioctl on  failed' when
    setting up a second end-to-end encrypted disk (LP: #1762353)
    - SAUCE: s390/crypto: Adjust s390 aes and paes cipher

  * Additional spectre and meltdown patches (LP: #1760099) // CVE-2017-5715
    - powerpc/64s: Wire up cpu_show_spectre_v2()

  * Additional spectre and meltdown patches (LP: #1760099) // CVE-2017-5753
    - powerpc/64s: Wire up cpu_show_spectre_v1()

  * Additional spectre and meltdown patches (LP: #1760099) // CVE-2017-5754
    - powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code
    - powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again
    - powerpc/rfi-flush: Always enable fallback flush on pseries
    - powerpc/rfi-flush: Differentiate enabled and patched flush types
    - powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration
    - powerpc/64s: Move cpu_show_meltdown()
    - powerpc/64s: Enhance the information in cpu_show_meltdown()
    - powerpc/powernv: Use the security flags in pnv_setup_rfi_flush()
    - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush()

  * Additional spectre and meltdown patches (LP: #1760099) // CVE-2017-5715 //
    CVE-2017-5753 // CVE-2017-5754
    - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags
    - powerpc: Add security feature flags for Spectre/Meltdown
    - powerpc/pseries: Set or clear security feature flags
    - powerpc/powernv: Set or clear security feature flags

  * Hisilicon network subsystem 3 support (LP: #1761610)
    - net: hns3: export pci table of hclge and hclgevf to userspace
    - d-i: Add hns3 drivers to nic-modules

  * "ip a" command on a guest VM shows UNKNOWN status (LP: #1761534)
    - virtio-net: Fix operstate for virtio when no VIRTIO_NET_F_STATUS

  * perf vendor events arm64: Enable JSON events for ThunderX2 B0 (LP: #1760712)
    - perf vendor events aarch64: Add JSON metrics for ARM Cortex-A53 Processor
    - perf vendor events: Drop incomplete multiple mapfile support
    - perf vendor events: Fix error code in json_events()
    - perf vendor events: Drop support for unused topic directories
    - perf vendor events: Add support for pmu events vendor subdirectory
    - perf vendor events arm64: Relocate ThunderX2 JSON to cavium subdirectory
    - perf vendor events arm64: Relocate Cortex A53 JSONs to arm subdirectory
    - perf vendor events: Add support for arch standard events
    - perf vendor events arm64: Add armv8-recommended.json
    - perf vendor events arm64: Fixup ThunderX2 to use recommended events
    - perf vendor events arm64: fixup A53 to use recommended events
    - perf vendor events arm64: add HiSilicon hip08 JSON file
    - perf vendor events arm64: Enable JSON events for ThunderX2 B0

  * Warning "cache flush timed out!" seen when unloading the cxl driver
    (LP: #1762367)
    - cxl: Check if PSL data-cache is available before issue flush request

  * Bionic update to 4.15.16 stable release (LP: #1762370)
    - ARM: OMAP: Fix SRAM W+X mapping
    - ARM: 8746/1: vfp: Go back to clearing vfp_current_hw_state[]
    - ARM: dts: sun6i: a31s: bpi-m2: improve pmic properties
    - ARM: dts: sun6i: a31s: bpi-m2: add missing regulators
    - mtd: jedec_probe: Fix crash in jedec_read_mfr()
    - mtd: nand: atmel: Fix get_sectorsize() function
    - ALSA: usb-audio: Add native DSD support for TEAC UD-301
    - ALSA: pcm: Use dma_bytes as size parameter in dma_mmap_coherent()
    - ALSA: pcm: potential uninitialized return values
    - x86/platform/uv/BAU: Add APIC idt entry
    - perf/hwbp: Simplify the perf-hwbp code, fix documentation
    - ceph: only dirty ITER_IOVEC pages for direct read
    - ipc/shm.c: add split function to shm_vm_ops
    - i2c: i2c-stm32f7: fix no check on returned setup
    - powerpc/mm: Add tracking of the number of coprocessors using a context
    - powerpc/mm: Workaround Nest MMU bug with TLB invalidations
    - powerpc/64s: Fix i-side SLB miss bad address handler saving nonvolatile 
GPRs
    - partitions/msdos: Unable to mount UFS 44bsd partitions
    - xfrm_user: uncoditionally validate esn replay attribute struct
    - RDMA/ucma: Check AF family prior resolving address
    - RDMA/ucma: Fix use-after-free access in ucma_close
    - RDMA/ucma: Ensure that CM_ID exists prior to access it
    - RDMA/rdma_cm: Fix use after free race with process_one_req
    - RDMA/ucma: Check that device is connected prior to access it
    - RDMA/ucma: Check that device exists prior to accessing it
    - RDMA/ucma: Introduce safer rdma_addr_size() variants
    - ipv6: fix possible deadlock in rt6_age_examine_exception()
    - net: xfrm: use preempt-safe this_cpu_read() in ipcomp_alloc_tfms()
    - xfrm: Refuse to insert 32 bit userspace socket policies on 64 bit systems
    - percpu: add __GFP_NORETRY semantics to the percpu balancing path
    - netfilter: x_tables: make allocation less aggressive
    - netfilter: bridge: ebt_among: add more missing match size checks
    - l2tp: fix races with ipv4-mapped ipv6 addresses
    - netfilter: drop template ct when conntrack is skipped.
    - netfilter: x_tables: add and use xt_check_proc_name
    - phy: qcom-ufs: add MODULE_LICENSE tag
    - Bluetooth: Fix missing encryption refresh on Security Request
    - drm/i915/dp: Write to SET_POWER dpcd to enable MST hub.
    - bitmap: fix memset optimization on big-endian systems
    - USB: serial: ftdi_sio: add RT Systems VX-8 cable
    - USB: serial: ftdi_sio: add support for Harman FirmwareHubEmulator
    - USB: serial: cp210x: add ELDAT Easywave RX09 id
    - serial: 8250: Add Nuvoton NPCM UART
    - mei: remove dev_err message on an unsupported ioctl
    - /dev/mem: Avoid overwriting "err" in read_mem()
    - media: usbtv: prevent double free in error case
    - parport_pc: Add support for WCH CH382L PCI-E single parallel port card.
    - crypto: lrw - Free rctx->ext with kzfree
    - crypto: talitos - don't persistently map req_ctx->hw_context and
      req_ctx->buf
    - crypto: inside-secure - fix clock management
    - crypto: testmgr - Fix incorrect values in PKCS#1 test vector
    - crypto: talitos - fix IPsec cipher in length
    - crypto: ahash - Fix early termination in hash walk
    - crypto: caam - Fix null dereference at error path
    - crypto: ccp - return an actual key size from RSA max_size callback
    - crypto: arm,arm64 - Fix random regeneration of S_shipped
    - crypto: x86/cast5-avx - fix ECB encryption when long sg follows short one
    - Btrfs: fix unexpected cow in run_delalloc_nocow
    - staging: comedi: ni_mio_common: ack ai fifo error interrupts.
    - Revert "base: arch_topology: fix section mismatch build warnings"
    - Input: ALPS - fix TrackStick detection on Thinkpad L570 and Latitude 7370
    - Input: i8042 - add Lenovo ThinkPad L460 to i8042 reset list
    - Input: i8042 - enable MUX on Sony VAIO VGN-CS series to fix touchpad
    - vt: change SGR 21 to follow the standards
    - ARM: dts: DRA76-EVM: Set powerhold property for tps65917
    - net: hns: Fix ethtool private flags
    - Fix slab name "biovec-(1<<(21-12))"
    - Revert "ARM: dts: am335x-pepper: Fix the audio CODEC's reset pin"
    - Revert "ARM: dts: omap3-n900: Fix the audio CODEC's reset pin"
    - Revert "cpufreq: Fix governor module removal race"
    - Revert "ip6_vti: adjust vti mtu according to mtu of lower device"
    - Linux 4.15.16

  * [18.04][config] regression: nvme and nvme_core couldn't be built as modules
    starting 4.15-rc2 (LP: #1759893)
    - SAUCE: Revert "lightnvm: include NVM Express driver if OCSSD is selected 
for
      build"
    - [Config] CONFIG_BLK_DEV_NMVE=m

  * Miscellaneous Ubuntu changes
    - [Packaging] Only install cloud init files when do_tools_common=true

 -- Seth Forshee <seth.fors...@canonical.com>  Sat, 21 Apr 2018 17:19:00
-0500

** Changed in: linux (Ubuntu)
       Status: Fix Committed => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5715

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5753

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5754

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1764794

Title:
  signing: only install a signed kernel

Status in linux package in Ubuntu:
  Fix Released

Bug description:
  We should switch the default kernle install to the signed kernel.
  This makes it much harder to uninstall the signed kernel in
  environments which enforce the kernel to be signed.  Boot loaders
  which can understand and validate it want the signed image, those
  which do not should ignore the appended signature.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1764794/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to