linux-lts-trusty (3.13.0-185.236~12.04.1) precise; urgency=medium

  * precise/linux-lts-trusty: 3.13.0-185.236~12.04.1 -proposed tracker
    (LP: #1919170)

  * Packaging resync (LP: #1786013)
    - [Packaging] update update.conf

  [ Ubuntu: 3.13.0-185.236 ]

  * trusty/linux: 3.13.0-185.236 -proposed tracker (LP: #1919171)
  * CVE-2021-27365
    - scsi: iscsi: Verify lengths on passthrough PDUs
    - sysfs: Add sysfs_emit and sysfs_emit_at to format sysfs output
    - scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE
  * CVE-2021-27363 // CVE-2021-27364
    - scsi: iscsi: Restrict sessions and handles to admin capabilities
  * CVE-2021-27364
    - scsi: iscsi: respond to netlink with unicast when appropriate

  [ Ubuntu: 3.13.0-184.235 ]

  * trusty/linux: 3.13.0-184.235 -proposed tracker (LP: #1914232)
  * CVE-2020-28374
    - SAUCE: target: cleanup some boolean tests
    - target: simplify XCOPY wwn->se_dev lookup helper
    - xcopy: loop over devices using idr helper
    - scsi: target: Fix XCOPY NAA identifier lookup
  * Update kernel packaging to support forward porting kernels (LP: #1902957)
    - [Debian] Update for leader included in BACKPORT_SUFFIX

linux-lts-trusty (3.13.0-183.234~12.04.1) precise; urgency=medium


  [ Ubuntu: 3.13.0-183.234 ]

  * CVE-2020-8694
    - powercap: make attributes only readable by root

linux-lts-trusty (3.13.0-182.233~12.04.1) precise; urgency=medium

  * Packaging resync (LP: #1786013)
    - [Packaging] update update.conf

  [ Ubuntu: 3.13.0-182.233 ]

  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts
  * CVE-2020-16119
    - SAUCE: dccp: avoid double free of ccid on child socket

linux-lts-trusty (3.13.0-181.232~12.04.1) precise; urgency=medium

  * precise/linux-lts-trusty: 3.13.0-181.232~12.04.1 -proposed tracker
    (LP: #1882771)

  [ Ubuntu: 3.13.0-181.232 ]

  * trusty/linux: 3.13.0-181.232 -proposed tracker (LP: #1882772)
  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts
  * CVE-2020-0543
    - UBUNTU/SAUCE: x86/speculation/srbds: do not try to turn mitigation off 
when
      not supported

linux-lts-trusty (3.13.0-180.231~12.04.1) precise; urgency=medium


  [ Ubuntu: 3.13.0-180.231 ]

  * CVE-2020-0543
    - SAUCE: x86/cpu: Add a steppings field to struct x86_cpu_id
    - SAUCE: x86/cpu: Add 'table' argument to cpu_matches()
    - SAUCE: x86/speculation: Add Special Register Buffer Data Sampling (SRBDS)
      mitigation
    - SAUCE: x86/speculation: Add SRBDS vulnerability and mitigation 
documentation
    - SAUCE: x86/speculation: Add Ivy Bridge to affected list

linux-lts-trusty (3.13.0-177.228~12.04.1) precise; urgency=medium

  * precise/linux-lts-trusty: 3.13.0-177.228~12.04.1 -proposed tracker
    (LP: #1878874)

  [ Ubuntu: 3.13.0-177.228 ]

  * trusty/linux: 3.13.0-177.228 -proposed tracker (LP: #1878875)
  * Packaging resync (LP: #1786013)
    - [Packaging] resync getabis
    - [Packaging] update helper scripts
  * CVE-2020-12114
    - fs/namespace.c: fix mountpoint reference counter race
    - propagate_one(): mnt_set_mountpoint() needs mount_lock
  * CVE-2020-12654
    - mwifiex: Fix possible buffer overflows in mwifiex_ret_wmm_get_status()

linux-lts-trusty (3.13.0-176.227~12.04.1) precise; urgency=medium

  * precise/linux-lts-trusty: 3.13.0-176.227~12.04.1 -proposed tracker
    (LP: #1858624)

  [ Ubuntu: 3.13.0-176.227 ]

  * trusty/linux: 3.13.0-176.227 -proposed tracker (LP: #1858625)
  * multi-zone raid0 corruption (LP: #1850540)
    - md/raid0: avoid RAID0 data corruption due to layout confusion.
    - md: add feature flag MD_FEATURE_RAID0_LAYOUT
    - SAUCE: md/raid0: Link to wiki with guidance on multi-zone RAID0 layout
      migration
    - SAUCE: md/raid0: Use kernel specific layout

linux-lts-trusty (3.13.0-175.226~12.04.1) precise; urgency=medium

  [ Ubuntu: 3.13.0-175.226 ]

  * CVE-2019-11135
    - KVM/VMX: Emulate MSR_IA32_ARCH_CAPABILITIES
    - kvm: x86: IA32_ARCH_CAPABILITIES is always supported
    - KVM: x86: Emulate MSR_IA32_ARCH_CAPABILITIES on AMD hosts
    - KVM: x86: use Intel speculation bugs and features as derived in generic 
x86
      code
    - x86/msr: Add the IA32_TSX_CTRL MSR
    - x86/cpu: Add a helper function x86_read_arch_cap_msr()
    - x86/cpu: Add a "tsx=" cmdline option with TSX disabled by default
    - x86/speculation/taa: Add mitigation for TSX Async Abort
    - x86/speculation/taa: Add sysfs reporting for TSX Async Abort
    - kvm/x86: Export MDS_NO=0 to guests when TSX is enabled
    - x86/tsx: Add "auto" option to the tsx= cmdline parameter
    - x86/speculation/taa: Add documentation for TSX Async Abort
    - x86/tsx: Add config options to set tsx=on|off|auto
    - SAUCE: x86/speculation/taa: Call tsx_init()
    - SAUCE: x86/cpu: Include cpu header from bugs.c
    - [Config] Disable TSX by default when possible
  * CVE-2018-3646
    - KVM: VMX: Tell the nested hypervisor to skip L1D flush on vmentry
  * Kernel Oops - unable to handle kernel paging request; RIP is at
    wait_migrate_huge_page+0x51/0x70 (LP: #1813018)
    - mm: numa: do not dereference pmd outside of the lock during NUMA hinting
      fault
  * The 3.13 kernel for Precise ESM does not provide the expected version number
    (LP: #1838610)
    - [debian] Fix regression with ABI subversions and backport
    - [Packaging] uploadnum should be the remainder of the version

linux-lts-trusty (3.13.0-174.225~12.04.1) precise; urgency=medium

  * precise/linux-lts-trusty: 3.13.0-174.225~12.04.1 -proposed tracker
    (LP: #1846248)

  [ Ubuntu: 3.13.0-174.225 ]

  * trusty/linux: 3.13.0-174.225 -proposed tracker (LP: #1846250)
  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log
    - [Packaging] resync getabis
    - [Packaging] update helper scripts
  * fanotify06 in LTP syscall test failed with T kernel  (LP: #1775378)
    - fanotify: fix notification of groups with inode & mount marks
  * ixgbe{vf} - Physical Function gets IRQ when VF checks link state
    (LP: #1836760)
    - ixgbevf: Use cached link state instead of re-reading the value for ethtool

linux-lts-trusty (3.13.0-173.224~12.04.1) precise; urgency=medium


  [ Ubuntu: 3.13.0-173.224 ]

  * CVE-2019-14835
    - vhost: make sure log_num < in_num

linux-lts-trusty (3.13.0-172.223~12.04.1) precise; urgency=medium

  * linux-lts-trusty: 3.13.0-172.223~12.04.1 -proposed tracker (LP: #1835189)

  [ Ubuntu: 3.13.0-172.223 ]

  * linux: 3.13.0-172.223 -proposed tracker (LP: #1835190)
  * Switch getabis to the new format (LP: #1829882)
    - [Packaging] Switch getabis to the new format
  * CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130 // CVE-2019-11091 // MDS:
    CPU buffers are not cleared on all paths from kernel to userspace (LP:
    #1833047)
    - x86/asm: Error out if asm/jump_label.h is included inappropriately
    - SAUCE: [Fix] x86/speculation/mds: Clear CPU buffers on exit to user
  * CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130 // CVE-2019-11091
    - SAUCE: Synchronize MDS mitigations with upstream
    - Documentation: Correct the possible MDS sysfs values
    - x86/speculation/mds: Fix documentation typo
    - SAUCE: [Fix] UBUNTU: SAUCE: sched/smt: Introduce 
sched_smt_{active,present}
  * CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130 // CVE-2019-11091 // MDS:
    Incorrect warning when booting with 'nosmt' (LP: #1830018)
    - SAUCE: [Fix] x86/speculation/mds: Add SMT warning message
  * CVE-2017-5715 // CVE-2018-3639
    - x86/cpu: Re-apply forced caps every time CPU caps are re-read
    - x86/speculataion: Mark command line parser data __initdata
    - x86/cpu/bugs: Use __initconst for 'const' init data
  * CVE-2017-5715 // CVE-2018-3615 // CVE-2018-3620 // CVE-2018-3639 //
    CVE-2018-3646
    - x86/speculation: Mark string arrays const correctly
  * CVE-2018-3639
    - x86/speculation: Rename SSBD update functions
  * CVE-2017-5715
    - x86/speculation: Clean up various Spectre related details
    - SAUCE: x86/cpufeatures: Reorder feature bits
    - SAUCE: x86/speculation, objtool: Remove unused macro
      ANNOTATE_NOSPEC_ALTERNATIVE
    - SAUCE: Move vmexit_fill_RSB()
    - x86/speculation: Add RETPOLINE_AMD support to the inline asm CALL_NOSPEC
      variant
    - SAUCE: Rename restricted_branch_speculation_{start,end}
    - SAUCE: Allow STIBP in MSR_SPEC_CTRL if supported
    - x86/speculation: Clean up spectre_v2_parse_cmdline()
  * CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130
    - x86/speculation: Remove redundant arch_smt_update() invocation
  * CVE-2017-5754
    - SAUCE: Show 'pti' in /proc/cpuinfo
  * Guests using IBRS incur a large performance penalty (LP: #1764956) //
    CVE-2017-5715
    - SAUCE: Restore the IBRS host state on VMEXIT
  * CVE-2019-11091
    - x86/mds: Add MDSUM variant to the MDS documentation
  * CVE-2018-3620 // CVE-2018-3646
    - x86/speculation/l1tf: Suggest what to do on systems with too much RAM
  * CVE-2019-11478
    - tcp: refine memory limit test in tcp_fragment()
  * Intel I210 Ethernet card not working after hotplug [8086:1533]
    (LP: #1818490)
    - igb: Fix WARN_ONCE on runtime suspend
  * systemd cause kernel trace "BUG: unable to handle kernel paging request at
    6db23a14" on Cosmic i386 (LP: #1813244)
    - openvswitch: fix flow actions reallocation

linux-lts-trusty (3.13.0-171.222~12.04.1) precise; urgency=medium

  * Switch getabis to the new format (LP: #1829882)
    - [Packaging] Switch getabis to the new format

  [ Ubuntu: 3.13.0-171.222 ]

  * Remote denial of service (system crash) caused by integer overflow in TCP
    SACK handling (LP: #1831637)
    - SAUCE: tcp: limit payload size of sacked skbs
    - SAUCE: tcp: fix fack_count accounting on tcp_shift_skb_data()
  * Remote denial of service (resource exhaustion) caused by TCP SACK scoreboard
    manipulation (LP: #1831638)
    - SAUCE: tcp: tcp_fragment() should apply sane memory limits

linux-lts-trusty (3.13.0-170.220~12.04.2) precise; urgency=medium

  * Packaging resync (LP: #1786013)
    - [Packaging] update update.conf

  [ Ubuntu: 3.13.0-170.220 ]

  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log
  * CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130
    - KVM: x86: pass host_initiated to functions that read MSRs
    - KVM: x86: remove data variable from kvm_get_msr_common
    - x86/cpufeature: Move some of the scattered feature bits to x86_capability
    - x86/cpufeature: Cleanup get_cpu_cap()
    - x86/cpufeature: Use enum cpuid_leafs instead of magic numbers
    - KVM: x86: remove magic number with enum cpuid_leafs
    - SAUCE: KVM/VMX: Move spec_ctrl from kvm_vcpu_arch to vcpu_vmx
    - KVM: VMX: fixes for vmentry_l1d_flush module parameter
    - perf/x86/intel: Use Intel family macros for core perf events
    - SAUCE: perf/x86/uncore: Use Intel Model name macros
    - x86/speculation: Simplify the CPU bug detection logic
    - x86/cpu: Sanitize FAM6_ATOM naming
    - kvm: x86: Report STIBP on GET_SUPPORTED_CPUID
    - bitops: avoid integer overflow in GENMASK(_ULL)
    - locking/atomics, asm-generic: Move some macros from <linux/bitops.h> to a
      new <linux/bits.h> file
    - tools include: Adopt linux/bits.h
    - x86/msr-index: Cleanup bit defines
    - x86/speculation: Consolidate CPU whitelists
    - x86/speculation/mds: Add basic bug infrastructure for MDS
    - x86/speculation/mds: Add BUG_MSBDS_ONLY
    - x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests
    - x86/speculation/mds: Add mds_clear_cpu_buffers()
    - locking/static_keys: Provide DECLARE and well as DEFINE macros
    - include/linux/jump_label.h: expose the reference count
    - jump_label: Allow asm/jump_label.h to be included in assembly
    - jump_label: Allow jump labels to be used in assembly
    - x86/headers: Don't include asm/processor.h in asm/atomic.h
    - SAUCE: locking/static_key: Mimick the new static key API
    - x86/speculation/mds: Clear CPU buffers on exit to user
    - x86/kvm/vmx: Add MDS protection when L1D Flush is not active
    - x86/speculation/mds: Conditionally clear CPU buffers on idle entry
    - SAUCE: sched: Expose cpu_smt_mask()
    - SAUCE: jump_label: Introduce static_branch_{inc,dec}
    - SAUCE: sched/smt: Introduce sched_smt_{active,present}
    - SAUCE: Rename the Ubuntu-only spec_ctrl_mutex mutex
    - SAUCE: x86/speculation: Introduce arch_smt_update()
    - x86/speculation: Rework SMT state change
    - x86/speculation: Reorder the spec_v2 code
    - x86/speculation: Unify conditional spectre v2 print functions
    - x86/speculation/mds: Add mitigation control for MDS
    - x86/speculation/mds: Add sysfs reporting for MDS
    - x86/speculation/mds: Add mitigation mode VMWERV
    - Documentation: Move L1TF to separate directory
    - Documentation: Add MDS vulnerability documentation
    - x86/speculation/mds: Add mds=full,nosmt cmdline option
    - x86/speculation: Move arch_smt_update() call to after mitigation decisions
    - x86/speculation/mds: Add SMT warning message
    - x86/speculation/mds: Fix comment
    - x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off
    - x86/speculation/mds: Add 'mitigations=' support for MDS
  * CVE-2017-5715 // CVE-2017-5753 // CVE-2017-5754 // CVE-2018-3639
    - powerpc/speculation: Support 'mitigations=' cmdline option
  * CVE-2017-5715 // CVE-2017-5754 // CVE-2018-3620 // CVE-2018-3639 //
    CVE-2018-3646
    - cpu/speculation: Add 'mitigations=' cmdline option
    - x86/speculation: Support 'mitigations=' cmdline option
  * CVE-2017-5715
    - SAUCE: Fix 'check_fpu defined but not used' compiler warning on x86_64
    - SAUCE: x86/speculation: Cleanup IBRS and IBPB runtime control handling 
(v2)
    - SAUCE: KVM/x86: Expose IBRS to guests
    - SAUCE: x86/speculation: Use x86_spec_ctrl_base in entry/exit code
  * CVE-2017-5715 // CVE-2018-3639
    - SAUCE: KVM/x86: Use host_initiated when accessing MSRs

  [ Ubuntu: 3.13.0-169.219 ]

  * linux: 3.13.0-169.219 -proposed tracker (LP: #1822883)
  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts
    - [Packaging] resync retpoline extraction

linux-lts-trusty (3.13.0-168.218~precise1) precise; urgency=medium

  * linux-lts-trusty: 3.13.0-168.218~precise1 -proposed tracker (LP: #1819662)

  * Packaging resync (LP: #1786013)
    - [Packaging] update update.conf

  * Strip specific changes from update-from-*master (LP: #1817734)
    - Packaging: Introduce copy-files and local-mangle
    - Packaging: Make update-from-*master call copy-files

  [ Ubuntu: 3.13.0-168.218 ]

  * linux: 3.13.0-168.218 -proposed tracker (LP: #1819663)
  * CVE-2019-9213
    - mm: enforce min addr even if capable() in expand_downwards()
  * CVE-2019-3460
    - Bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt
  * CVE-2017-1000410
    - Bluetooth: Prevent stack info leak from the EFS element.
  * ixgbe: Kernel Oops when attempting to disable spoofchk in a non-existing VF
    (LP: #1815501)
    - ixgbe: check for vfs outside of sriov_num_vfs before dereference
  * CVE-2018-19824
    - ALSA: usb-audio: Fix UAF decrement if card has no live interfaces in 
card.c
  * CVE-2019-3459
    - Bluetooth: Verify that l2cap_get_conf_opt provides large enough buffer
  * CVE-2019-7222
    - KVM: x86: work around leak of uninitialized stack contents (CVE-2019-7222)
  * CVE-2019-6974
    - kvm: fix kvm_ioctl_create_device() reference counting (CVE-2019-6974)
  * CVE-2017-18360
    - USB: serial: io_ti: fix div-by-zero in set_termios

  [ Ubuntu: 3.13.0-167.217 ]

  * linux: 3.13.0-167.217 -proposed tracker (LP: #1819917)
  * Packaging resync (LP: #1786013)
    - [Packaging] resync getabis
    - [Packaging] update helper scripts
    - [Packaging] resync retpoline extraction
  * linux-cloud-tools-common 3.13.0-166.216 in Trusty is missing contents of
    /usr/sbin (LP: #1819869)
    - Revert "UBUNTU: [Packaging] skip cloud tools packaging when not building
      package"

linux-lts-trusty (3.13.0-166.216~precise1) precise; urgency=medium

  * linux-lts-trusty: 3.13.0-166.216~precise1 -proposed tracker (LP: #1814646)

  * linux-buildinfo: pull out ABI information into its own package
    (LP: #1806380)
    - [Config] resync flavour-control.stub
    - [Config] hooks.mk -- add basic LTS hook configuration

  * signing: only install a signed kernel (LP: #1764794)
    - [debian] fix check for the reconstruct file

  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts

  [ Ubuntu: 3.13.0-166.216 ]

  * linux: 3.13.0-166.216 -proposed tracker (LP: #1814645)
  * linux-buildinfo: pull out ABI information into its own package
    (LP: #1806380)
    - [Packaging] limit preparation to linux-libc-dev in headers
    - [Packaging] commonise debhelper invocation
    - [Packaging] ABI -- accumulate abi information at the end of the build
    - [Packaging] buildinfo -- add basic build information
    - [Packaging] buildinfo -- add firmware information to the flavour ABI
    - [Packaging] buildinfo -- add compiler information to the flavour ABI
    - [Packaging] buildinfo -- add buildinfo support to getabis
    - [Config] buildinfo -- add retpoline version markers
    - [Packaging] getabis -- handle all known package combinations
    - [Packaging] getabis -- support parsing a simple version
    - [Packaging] autoreconstruct -- base tag is always primary mainline version
  * signing: only install a signed kernel (LP: #1764794)
    - [Debian] usbip tools packaging
    - [Debian] Don't fail if a symlink already exists
    - [Debian] perf -- build in the context of the full generated local headers
    - [Debian] basic hook support
    - [Debian] follow rename of DEB_BUILD_PROFILES
    - [Debian] standardise on stage1 for the bootstrap stage in line with debian
    - [Debian] set do_*_tools after stage1 or bootstrap is determined
    - [Debian] initscripts need installing when making the package
    - [Packaging] reconstruct -- automatically reconstruct against base tag
    - [Debian] add feature interlock with mainline builds
    - [Debian] Remove generated intermediate files on clean
    - [Packaging] prevent linux-*-tools-common from being produced from non 
linux
      packages
    - SAUCE: ubuntu: vbox -- elide the new symlinks and reconstruct on clean:
    - [Debian] Update to new signing key type and location
    - [Packaging] autoreconstruct -- generate extend-diff-ignore for links
    - [Packaging] reconstruct -- update when inserting final changes
    - [Packaging] update to Debian like control scripts
    - [Packaging] switch to triggers for postinst.d postrm.d handling
    - [Packaging] signing -- switch to raw-signing tarballs
    - [Packaging] signing -- switch to linux-image as signed when available
    - [Packaging] printenv -- add signing options
    - [Packaging] fix invocation of header postinst hooks
    - [Packaging] signing -- add support for signing Opal kernel binaries
    - [Debian] Use src_pkg_name when constructing udeb control files
    - [Debian] Dynamically determine linux udebs package name
    - [Packaging] handle both linux-lts* and linux-hwe* as backports
    - [Config] linux-source-* is in the primary linux namespace
    - [Packaging] lookup the upstream tag
    - [Packaging] switch up to debhelper 9
    - [Packaging] autopkgtest -- disable d-i when dropping flavours
    - [debian] support for ship_extras_package=false
    - [Debian] do_common_tools should always be on
    - [debian] do not force do_tools_common
    - [Packaging] skip cloud tools packaging when not building package
    - [debian] prep linux-libc-dev only if do_libc_dev_package=true
  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts
  * kernel oops in bcache module (LP: #1793901)
    - SAUCE: bcache: never writeback a discard operation
  * iptables connlimit allows more connections than the limit when using
    multiple CPUs (LP: #1811094)
    - netfilter: connlimit: improve packet-to-closed-connection logic
    - netfilter: nf_conncount: fix garbage collection confirm race
    - netfilter: nf_conncount: don't skip eviction when age is negative
  * CVE-2019-6133
    - fork: record start_time late
  * test_095_kernel_symbols_missing_proc_self_stack failed on P-LTS
    (LP: #1813001)
    - procfs: make /proc/*/{stack, syscall, personality} 0400

linux-lts-trusty (3.13.0-165.215~precise1) precise; urgency=medium

  * linux-lts-trusty: 3.13.0-165.215~precise1 -proposed tracker (LP: #1811857)

  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts

  [ Ubuntu: 3.13.0-165.215 ]

  * linux: 3.13.0-165.215 -proposed tracker (LP: #1811856)
  * CVE-2018-17972
    - proc: restrict kernel stack dumps to root
  * CVE-2018-18281
    - mremap: properly flush TLB before releasing the page
  * 29d6d30f5c8aa58b04f40a58442df3bcaae5a1d5 in btrfs_kernel_fixes failed on T
    (LP: #1809868)
    - Btrfs: send, don't send rmdir for same target multiple times
  * CVE-2018-9568
    - net: Set sk_prot_creator when cloning sockets to the right proto
  * CVE-2018-1066
    - cifs: empty TargetInfo leads to crash on recovery

linux-lts-trusty (3.13.0-164.214~precise1) precise; urgency=medium

  * linux-lts-trusty: 3.13.0-164.214~precise1 -proposed tracker (LP: #1806429)

  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts
    - [Packaging] update update.conf

  [ Ubuntu: 3.13.0-164.214 ]

  * linux: 3.13.0-164.214 -proposed tracker (LP: #1806428)
  * CVE-2018-12896
    - posix-timers: Sanitize overrun handling
  * CVE-2018-16276
    - USB: yurex: fix out-of-bounds uaccess in read handler
  * CVE-2018-10902
    - ALSA: rawmidi: Change resized buffers atomically
  * CVE-2018-18386
    - n_tty: fix EXTPROC vs ICANON interaction with TIOCINQ (aka FIONREAD)
  * CVE-2017-5753
    - x86/spectre_v1: Disable compiler optimizations over
      array_index_mask_nospec()
    - x86/speculation: Fix up array_index_nospec_mask() asm constraint
    - ALSA: opl3: Hardening for potential Spectre v1
    - ALSA: asihpi: Hardening for potential Spectre v1
    - ALSA: hdspm: Hardening for potential Spectre v1
    - ALSA: rme9652: Hardening for potential Spectre v1
    - ALSA: control: Hardening for potential Spectre v1
    - ALSA: seq: oss: Hardening for potential Spectre v1
    - ALSA: hda: Hardening for potential Spectre v1
    - net: atm: Fix potential Spectre v1
    - atm: zatm: Fix potential Spectre v1
    - perf/x86: Fix possible Spectre-v1 indexing for hw_perf_event cache_*
    - perf/x86: Fix possible Spectre-v1 indexing for x86_pmu::event_map()
    - kernel/sys.c: fix potential Spectre v1 issue
    - HID: hiddev: fix potential Spectre v1
    - atm: zatm: Fix potential Spectre v1
    - net: cxgb3_main: fix potential Spectre v1
    - netlink: Fix spectre v1 gadget in netlink_create()
    - net: socket: fix potential spectre v1 gadget in socketcall
    - libahci: Fix possible Spectre-v1 pmp indexing in ahci_led_store()
    - ext4: fix spectre gadget in ext4_mb_regular_allocator()
    - fs/quota: Fix spectre gadget in do_quotactl
    - misc: hmc6352: fix potential Spectre v1
    - tty: vt_ioctl: fix potential Spectre v1
  * CVE-2018-18710
    - cdrom: fix improper type cast, which can leat to information leak.
  * CVE-2018-18690
    - xfs: don't fail when converting shortform attr to long form during
      ATTR_REPLACE
  * CVE-2018-14734
    - infiniband: fix a possible use-after-free bug
  * CVE-2017-2647 // CVE-2017-2647 / CVE-2017-6951
    - keys: Guard against null match function in keyring_search_aux()

linux-lts-trusty (3.13.0-163.213~precise1) precise; urgency=medium

  * linux-lts-trusty: 3.13.0-163.213~precise1 -proposed tracker (LP: #1802772)

  * linux: 3.13.0-163.213 -proposed tracker (LP: #1802769)

  * Bypass of mount visibility through userns + mount propagation (LP: #1789161)
    - mount: Retest MNT_LOCKED in do_umount
    - mount: Don't allow copying MNT_UNBINDABLE|MNT_LOCKED mounts

  * dev test in ubuntu_stress_smoke_test cause kernel oops on T-3.13
    (LP: #1797546)
    - drm: fix NULL pointer access by wrong ioctl

  * Packaging resync (LP: #1786013)
    - [Package] add support for specifying the primary makefile

linux (3.13.0-162.212) trusty; urgency=medium

  * linux: 3.13.0-162.212 -proposed tracker (LP: #1799399)

  * packet socket panic in Trusty 3.13.0-157 and later (LP: #1800254)
    - SAUCE: (no-up) net/packet: fix erroneous dev_add_pack usage in fanout

  * Cleanup Meltdown/Spectre implementation (LP: #1779848)
    - x86/Documentation: Add PTI description
    - Revert "x86/cpu/AMD: Make the LFENCE instruction serialized"
    - x86/cpu/AMD: Make LFENCE a serializing instruction
    - x86/cpu/AMD: Use LFENCE_RDTSC in preference to MFENCE_RDTSC
    - x86/pti: Document fix wrong index
    - x86/nospec: Fix header guards names
    - x86/bugs: Drop one "mitigation" from dmesg
    - x86/spectre: Check CONFIG_RETPOLINE in command line parser
    - x86/spectre: Simplify spectre_v2 command line parsing
    - x86/spectre: Fix an error message
    - SAUCE: x86/cpufeatures: Reorder spectre-related feature bits
    - x86/cpufeatures: Add AMD feature bits for Speculation Control
    - SAUCE: x86/msr: Fix formatting of msr-index.h
    - SAUCE: x86/msr: Rename MSR spec control feature bits
    - x86/pti: Mark constant arrays as __initconst
    - x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) 
support
    - x86/cpufeatures: Clean up Spectre v2 related CPUID flags
    - x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel
    - SAUCE: x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP
    - SAUCE: x86/cpufeatures: Disentangle MSR_SPEC_CTRL enumeration from IBRS
    - x86/speculation: Use IBRS if available before calling into firmware
    - x86/speculation: Move firmware_restrict_branch_speculation_*() from C to 
CPP
    - SAUCE: x86/bugs: Fix re-use of SPEC_CTRL MSR boot value
    - SAUCE: Move SSBD feature detection to common code
    - SAUCE: x86/speculation: Move vendor specific IBRS/IBPB control code
    - SAUCE: x86/speculation: Query individual feature flags when reloading
      microcode
    - xen: Add xen_arch_suspend()
    - x86/xen: Zero MSR_IA32_SPEC_CTRL before suspend
    - SAUCE: x86/pti: Evaluate X86_BUG_CPU_MELTDOWN when pti=auto
    - SAUCE: x86/speculation: Make use of indirect_branch_prediction_barrier()
    - SAUCE: x86/speculation: Cleanup IBPB runtime control handling
    - SAUCE: x86/speculation: Cleanup IBRS runtime control handling

  * CVE-2016-9588
    - kvm: nVMX: Allow L1 to intercept software exceptions (#BP and #OF)

  * CVE-2017-16649
    - net: cdc_ether: fix divide by 0 on bad descriptors

  * CVE-2018-9363
    - Bluetooth: hidp: buffer overflow in hidp_process_report

  * CVE-2017-13168
    - scsi: sg: mitigate read/write abuse

  * xattr length returned by vfs_getxattr() is not correct in Trusty kernel
    (LP: #1798013)
    - getxattr: use correct xattr length

  * CVE-2018-16658
    - cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status

linux (3.13.0-161.211) trusty; urgency=medium

  * linux: 3.13.0-161.211 -proposed tracker (LP: #1795595)

  * CVE-2017-0794
    - scsi: sg: protect accesses to 'reserved' page array
    - scsi: sg: reset 'res_in_use' after unlinking reserved array
    - scsi: sg: recheck MMAP_IO request length with lock held

  * CVE-2017-15299
    - KEYS: don't let add_key() update an uninstantiated key

  * CVE-2015-8539
    - KEYS: Fix handling of stored error in a negatively instantiated user key

  * CVE-2018-7566
    - ALSA: seq: Fix racy pool initializations
    - ALSA: seq: More protection for concurrent write and ioctl races

  * CVE-2018-1000004. // CVE-2018-7566
    - ALSA: seq: Don't allow resizing pool in use

  * CVE-2018-1000004
    - ALSA: seq: Make ioctls race-free

  * CVE-2017-18216
    - ocfs2: subsystem.su_mutex is required while accessing the item->ci_parent

  * CVE-2016-7913
    - tuner-xc2028: Don't try to sleep twice
    - xc2028: avoid use after free
    - xc2028: unlock on error in xc2028_set_config()
    - xc2028: Fix use-after-free bug properly

  * The VM hang happens because of pending interrupts not reinjected when
    migrating the VM several times (LP: #1791286)
    - KVM: ioapic: merge ioapic_deliver into ioapic_service
    - KVM: ioapic: clear IRR for edge-triggered interrupts at delivery
    - KVM: ioapic: extract body of kvm_ioapic_set_irq
    - KVM: ioapic: reinject pending interrupts on KVM_SET_IRQCHIP

  * CVE-2018-5390
    - SAUCE: tcp: Correct the backport of the CVE-2018-5390 fix

  * CVE-2018-9518
    - NFC: llcp: Limit size of SDP URI

  * Improvements to the kernel source package preparation (LP: #1793461)
    - [Packaging] startnewrelease: add support for backport kernels

linux (3.13.0-160.210) trusty; urgency=medium

  * CVE-2018-14633
    - iscsi target: Use hex2bin instead of a re-implementation

  * CVE-2018-14634
    - exec: Limit arg stack to at most 75% of _STK_LIM

linux (3.13.0-159.209) trusty; urgency=medium

  * linux: 3.13.0-159.209 -proposed tracker (LP: #1791754)

  * L1TF mitigation not effective in some CPU and RAM combinations
    (LP: #1788563) // CVE-2018-3620 // CVE-2018-3646
    - x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit
    - x86/speculation/l1tf: Fix off-by-one error when warning that system has 
too
      much RAM
    - x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+

  * CVE-2018-15594
    - x86/paravirt: Fix spectre-v2 mitigations for paravirt guests

  * i40e NIC not recognized (LP: #1789215)
    - SAUCE: i40e_bpo: Import the i40e driver from Xenial 4.4
    - SAUCE: i40e_bpo: Add a compatibility layer
    - SAUCE: i40e_bpo: Don't probe for NICs supported by the in-tree driver
    - SAUCE: i40e_bpo: Rename the driver to i40e_bpo
    - SAUCE: i40e_bpo: Hook the driver into the kernel tree
    - [Config] Add CONFIG_I40E_BPO=m

  * Probable regression with EXT3 file systems and CVE-2018-1093 patches
    (LP: #1789131)
    - ext4: fix bitmap position validation

  * CVE-2018-3620 // CVE-2018-3646
    - mm: x86 pgtable: drop unneeded preprocessor ifdef
    - x86/asm: Move PUD_PAGE macros to page_types.h
    - x86/asm: Add pud/pmd mask interfaces to handle large PAT bit
    - x86/asm: Fix pud/pmd interfaces to handle large PAT bit
    - x86/mm: Fix regression with huge pages on PAE
    - SAUCE: x86/speculation/l1tf: Protect NUMA hinting PTEs against speculation
    - Revert "UBUNTU: [Config] disable NUMA_BALANCING"

  * CVE-2018-15572
    - x86/retpoline: Fill RSB on context switch for affected CPUs
    - x86/speculation: Protect against userspace-userspace spectreRSB

  * CVE-2018-6555
    - SAUCE: irda: Only insert new objects into the global database via 
setsockopt

  * CVE-2018-6554
    - SAUCE: irda: Fix memory leak caused by repeated binds of irda socket

  * BUG: soft lockup - CPU#0 stuck for 23s! [kworker/0:1:1119] (LP: #1788817)
    - drm/ast: Fixed system hanged if disable P2A

  * errors when scanning partition table of corrupted AIX disk (LP: #1787281)
    - partitions/aix: fix usage of uninitialized lv_info and lvname structures
    - partitions/aix: append null character to print data from disk

linux (3.13.0-158.208) trusty; urgency=medium

  * linux: 3.13.0-158.208 -proposed tracker (LP: #1788764)

  * CVE-2018-3620 // CVE-2018-3646
    - SAUCE: x86/fremap: Invert the offset when converting to/from a PTE

  * BUG: scheduling while atomic (Kernel : Ubuntu-3.13 + VMware: 6.0 and late)
    (LP: #1780470)
    - VSOCK: sock_put wasn't safe to call in interrupt context
    - VSOCK: Fix lockdep issue.
    - VSOCK: Detach QP check should filter out non matching QPs.

  * CacheFiles: Error: Overlong wait for old active object to go away.
    (LP: #1776254)
    - cachefiles: Fix missing clear of the CACHEFILES_OBJECT_ACTIVE flag
    - cachefiles: Wait rather than BUG'ing on "Unexpected object collision"

  * fscache cookie refcount updated incorrectly during fscache object allocation
    (LP: #1776277)
    - fscache: Fix reference overput in fscache_attach_object() error handling

  * FS-Cache: Assertion failed: FS-Cache: 6 == 5 is false (LP: #1774336)
    - Revert "UBUNTU: SAUCE: CacheFiles: fix a read_waiter/read_copier race"
    - fscache: Allow cancelled operations to be enqueued
    - cachefiles: Fix refcounting bug in backing-file read monitoring

linux (3.13.0-157.207) trusty; urgency=medium

  * linux: 3.13.0-157.207 -proposed tracker (LP: #1787982)

  * CVE-2017-5715 (Spectre v2 retpoline)
    - SAUCE: Fix "x86/retpoline/entry: Convert entry assembler indirect jumps"

  * CVE-2017-2583
    - KVM: x86: fix emulation of "MOV SS, null selector"

  * CVE-2017-7518
    - KVM: x86: fix singlestepping over syscall

  * CVE-2017-18270
    - KEYS: prevent creating a different user's keyrings

  * Update to upstream's implementation of Spectre v1 mitigation (LP: #1774181)
    - Documentation: Document array_index_nospec
    - array_index_nospec: Sanitize speculative array de-references
    - x86: Implement array_index_mask_nospec
    - x86: Introduce barrier_nospec
    - x86/get_user: Use pointer masking to limit speculation
    - x86/syscall: Sanitize syscall table de-references under speculation
    - vfs, fdtable: Prevent bounds-check bypass via speculative execution
    - nl80211: Sanitize array index in parse_txq_params
    - x86/spectre: Report get_user mitigation for spectre_v1
    - x86/kvm: Update spectre-v1 mitigation
    - nospec: Allow index argument to have const-qualified type
    - nospec: Move array_index_nospec() parameter checking into separate macro
    - nospec: Kill array_index_nospec_mask_check()
    - SAUCE: Replace osb() calls with array_index_nospec()
    - SAUCE: Rename osb() to barrier_nospec()
    - SAUCE: x86: Use barrier_nospec in arch/x86/um/asm/barrier.h

  * Prevent speculation on user controlled pointer (LP: #1775137)
    - x86: reorganize SMAP handling in user space accesses
    - x86: fix SMAP in 32-bit environments
    - x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec
    - x86/usercopy: Replace open coded stac/clac with __uaccess_{begin, end}
    - x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec

  * CVE-2016-10208
    - ext4: validate s_first_meta_bg at mount time
    - ext4: fix fencepost in s_first_meta_bg validation

  * CVE-2018-10323
    - xfs: set format back to extents if xfs_bmap_extents_to_btree

  * CVE-2017-16911
    - usbip: prevent vhci_hcd driver from leaking a socket pointer address

  * CVE-2018-13406
    - video: uvesafb: Fix integer overflow in allocation

  * CVE-2018-10877
    - ext4: verify the depth of extent tree in ext4_find_extent()

  * CVE-2018-10881
    - ext4: clear i_data in ext4_inode_info when removing inline data

  * CVE-2018-1092
    - ext4: fail ext4_iget for root directory if unallocated

  * CVE-2018-1093
    - ext4: fix block bitmap validation when bigalloc, ^flex_bg
    - ext4: add validity checks for bitmap block numbers

  * CVE-2018-12233
    - jfs: Fix inconsistency between memory allocation and ea_buf->max_size

  * CVE-2017-16912
    - usbip: fix stub_rx: get_pipe() to validate endpoint number

  * CVE-2018-10675
    - mm/mempolicy: fix use after free when calling get_mempolicy

  * CVE-2017-8831
    - saa7164: fix sparse warnings
    - saa7164: fix double fetch PCIe access condition

  * CVE-2017-16533
    - HID: usbhid: fix out-of-bounds bug

  * CVE-2017-16538
    - media: dvb-usb-v2: lmedm04: move ts2020 attach to dm04_lme2510_tuner
    - media: dvb-usb-v2: lmedm04: Improve logic checking of warm start

  * CVE-2017-16644
    - hdpvr: Remove deprecated create_singlethread_workqueue
    - media: hdpvr: Fix an error handling path in hdpvr_probe()

  * CVE-2017-16645
    - Input: ims-psu - check if CDC union descriptor is sane

  * CVE-2017-5549
    - USB: serial: kl5kusb105: fix line-state error handling

  * CVE-2017-16532
    - usb: usbtest: fix NULL pointer dereference

  * CVE-2017-16537
    - media: imon: Fix null-ptr-deref in imon_probe

  * CVE-2017-11472
    - ACPICA: Add additional debug info/statements
    - ACPICA: Namespace: fix operand cache leak

  * CVE-2017-16643
    - Input: gtco - fix potential out-of-bound access

  * CVE-2017-16531
    - USB: fix out-of-bounds in usb_set_configuration

  * CVE-2018-10124
    - kernel/signal.c: avoid undefined behaviour in kill_something_info

  * CVE-2017-6348
    - irda: Fix lockdep annotations in hashbin_delete().

  * CVE-2017-17558
    - USB: core: prevent malicious bNumInterfaces overflow

  * CVE-2017-5897
    - ip6_gre: fix ip6gre_err() invalid reads

  * CVE-2017-6345
    - SAUCE: import sock_efree()
    - net/llc: avoid BUG_ON() in skb_orphan()

  * CVE-2017-7645
    - nfsd: check for oversized NFSv2/v3 arguments

  * CVE-2017-9984
    - ALSA: msnd: Optimize / harden DSP and MIDI loops

  * CVE-2018-1000204
    - scsi: sg: allocate with __GFP_ZERO in sg_build_indirect()

  * CVE-2018-10021
    - scsi: libsas: defer ata device eh commands to libata

  * CVE-2017-16914
    - usbip: fix stub_send_ret_submit() vulnerability to null transfer_buffer

  * CVE-2017-16913
    - usbip: fix stub_rx: harden CMD_SUBMIT path to handle malicious input

  * CVE-2017-16535
    - USB: core: fix out-of-bounds access bug in usb_get_bos_descriptor()

  * CVE-2017-16536
    - cx231xx-cards: fix NULL-deref on missing association descriptor

  * CVE-2017-16650
    - net: qmi_wwan: fix divide by 0 on bad descriptors

  * CVE-2017-18255
    - perf/core: Fix the perf_cpu_time_max_percent check

  * CVE-2018-10940
    - cdrom: information leak in cdrom_ioctl_media_changed()

  * CVE-2018-13094
    - xfs: don't call xfs_da_shrink_inode with NULL bp

  * other users' coredumps can be read via setgid directory and killpriv bypass
    (LP: #1779923) // CVE-2018-13405
    - Fix up non-directory creation in SGID directories

  * CVE-2017-16529
    - ALSA: usb-audio: Check out-of-bounds access by corrupted buffer descriptor

  * CVE-2017-2671
    - ping: implement proper locking

  * CVE-2017-15649
    - packet: hold bind lock when rebinding to fanout hook
    - packet: in packet_do_bind, test fanout with bind_lock held

  * CVE-2017-16527
    - ALSA: usb-audio: Kill stray URB at exiting

  * CVE-2017-16526
    - uwb: properly check kthread_run return value

  * CVE-2017-11473
    - x86/acpi: Prevent out of bound access caused by broken ACPI tables

  * CVE-2017-14991
    - scsi: sg: fixup infoleak when using SG_GET_REQUEST_TABLE

  * CVE-2017-2584
    - KVM: x86: Introduce segmented_write_std

  * CVE-2018-10087
    - kernel/exit.c: avoid undefined behaviour when calling wait4()

  * fscache: Fix hanging wait on page discarded by writeback (LP: #1777029)
    - fscache: Fix hanging wait on page discarded by writeback

linux (3.13.0-156.206) trusty; urgency=medium

  * linux: 3.13.0-156.206 -proposed tracker (LP: #1787187)

  * java Corrupted page table (LP: #1787127)
    - [Config] disable NUMA_BALANCING

  * java Corrupted page table (LP: #1787127) // CVE-2018-3620 // CVE-2018-3646
    - x86/mm: Simplify p[g4um]d_page() macros

  * 3.13.0-155.205 Kernel Panic - divide by zero (LP: #1787258)
    - x86/topology: Handle CPUID bogosity gracefully

linux (3.13.0-155.205) trusty; urgency=medium

  * CVE-2017-18344
    - posix-timer: Properly check sigevent->sigev_notify

  * CVE-2018-5390
    - tcp: avoid collapses in tcp_prune_queue() if possible
    - tcp: detect malicious patterns in tcp_collapse_ofo_queue()

  * CVE-2018-5391
    - Revert "net: increase fragment memory usage limits"

  * CVE-2018-3620 // CVE-2018-3646
    - SAUCE: x86/cpufeatures: Add CPUID_7_EDX CPUID leaf
    - x86/speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT
    - x86/speculation/l1tf: Change order of offset/type in swap entry
    - x86/speculation/l1tf: Protect swap entries against L1TF
    - x86/speculation/l1tf: Protect PROT_NONE PTEs against speculation
    - x86/speculation/l1tf: Make sure the first page is always reserved
    - x86/speculation/l1tf: Add sysfs reporting for l1tf
    - x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings
    - x86/speculation/l1tf: Limit swap file size to MAX_PA/2
    - x86/topology: Create logical package id
    - x86/topology: Fix logical package mapping
    - x86/topology: Fix Intel HT disable
    - x86/topology: Use total_cpus not nr_cpu_ids for logical packages
    - x86/topology: Fix AMD core count
    - x86/smp: Provide topology_is_primary_thread()
    - x86/topology: Provide topology_smt_supported()
    - cpu/hotplug: Split do_cpu_down()
    - x86/topology: Add topology_max_smt_threads()
    - cpu/hotplug: Provide knobs to control SMT
    - [Config] updateconfigs - enable CONFIG_HOTPLUG_SMT
    - x86/CPU: Modify detect_extended_topology() to return result
    - x86/CPU/AMD: Derive CPU topology from CPUID function 0xB when available
    - x86/cpu: Remove the pointless CPU printout
    - x86/cpu/AMD: Remove the pointless detect_ht() call
    - x86/cpu/common: Provide detect_ht_early()
    - x86/cpu/topology: Provide detect_extended_topology_early()
    - x86/cpu/intel: Evaluate smp_num_siblings early
    - x86/cpu/AMD: Evaluate smp_num_siblings early
    - x86/apic: Ignore secondary threads if nosmt=force
    - x86/speculation/l1tf: Extend 64bit swap file size limit
    - x86/cpufeatures: Add detection of L1D cache flush support.
    - x86/CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings
    - x86/speculation/l1tf: Protect PAE swap entries against L1TF
    - x86/speculation/l1tf: Fix up pte->pfn conversion for PAE
    - Revert "x86/apic: Ignore secondary threads if nosmt=force"
    - cpu/hotplug: Boot HT siblings at least once
    - SAUCE: Alternative approach to boot nosmt
    - SAUCE: x86/mce: Try register mce notifier earlier
    - KVM: x86: Introducing kvm_x86_ops VM init/destroy hooks
    - x86/KVM: Warn user if KVM is loaded SMT and L1TF CPU bug being present.
    - x86/KVM/VMX: Add module argument for L1TF mitigation
    - x86/KVM/VMX: Add L1D flush algorithm
    - x86/KVM/VMX: Add L1D MSR based flush
    - KVM: add kvm_arch_sched_in
    - x86/KVM/VMX: Add L1D flush logic
    - x86/KVM/VMX: Split the VMX MSR LOAD structures to have an host/guest 
numbers
    - x86/KVM/VMX: Add find_msr() helper function
    - x86/KVM/VMX: Seperate the VMX AUTOLOAD guest/host number accounting
    - x86/KVM/VMX: Extend add_atomic_switch_msr() to allow VMENTER only MSRs
    - x86/KVM/VMX: Use MSR save list for IA32_FLUSH_CMD if required
    - cpu/hotplug: Online siblings when SMT control is turned on
    - x86/litf: Introduce vmx status variable
    - x86/kvm: Drop L1TF MSR list approach
    - x86/l1tf: Handle EPT disabled state proper
    - x86/kvm: Move l1tf setup function
    - x86/kvm: Add static key for flush always
    - x86/kvm: Serialize L1D flush parameter setter
    - x86/kvm: Allow runtime control of L1D flush
    - cpu/hotplug: Expose SMT control init function
    - cpu/hotplug: Set CPU_SMT_NOT_SUPPORTED early
    - x86/bugs, kvm: Introduce boot-time control of L1TF mitigations
    - Documentation: Add section about CPU vulnerabilities
    - x86/speculation/l1tf: Unbreak !__HAVE_ARCH_PFN_MODIFY_ALLOWED 
architectures
    - x86/KVM/VMX: Initialize the vmx_l1d_flush_pages' content
    - Documentation/l1tf: Fix typos
    - cpu/hotplug: detect SMT disabled by BIOS
    - x86/KVM/VMX: Don't set l1tf_flush_l1d to true from vmx_l1d_flush()
    - x86/KVM/VMX: Replace 'vmx_l1d_flush_always' with 'vmx_l1d_flush_cond'
    - x86/KVM/VMX: Move the l1tf_flush_l1d test to vmx_l1d_flush()
    - x86/irq: Demote irq_cpustat_t::__softirq_pending to u16
    - x86/KVM/VMX: Introduce per-host-cpu analogue of l1tf_flush_l1d
    - x86: Don't include linux/irq.h from asm/hardirq.h
    - x86/apic: Order irq_enter/exit() calls correctly vs. ack_APIC_irq()
    - SAUCE: Move __this_cpu_{read,write} to percpu-ubuntu.h
    - x86/irq: Let interrupt handlers set kvm_cpu_l1tf_flush_l1d
    - x86/KVM/VMX: Don't set l1tf_flush_l1d from vmx_handle_external_intr()
    - Documentation/l1tf: Remove Yonah processors from not vulnerable list
    - x86/speculation: Simplify sysfs report of VMX L1TF vulnerability
    - x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry
    - cpu/hotplug: Fix SMT supported evaluation
    - x86/speculation/l1tf: Invert all not present mappings
    - x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert
    - x86/mm/pat: Ensure cpa->pfn only contains page frame numbers
    - SAUCE: Add pfn_pud() and pud_mkhuge()
    - x86/mm/pat: Make set_memory_np() L1TF safe

linux (3.13.0-153.203) trusty; urgency=medium

  * linux: 3.13.0-153.203 -proposed tracker (LP: #1776819)

  * CVE-2018-3665 (x86)
    - x86/fpu: Print out whether we are doing lazy/eager FPU context switches
    - x86/fpu: Default eagerfpu=on on all CPUs
    - x86/fpu: Fix math emulation in eager fpu mode

linux (3.13.0-152.202) trusty; urgency=medium

  * linux: 3.13.0-152.202 -proposed tracker (LP: #1776350)

  * CVE-2017-15265
    - ALSA: seq: Fix use-after-free at creating a port

  * register on binfmt_misc may overflow and crash the system (LP: #1775856)
    - fs/binfmt_misc.c: do not allow offset overflow

  * CVE-2018-1130
    - dccp: check sk for closed state in dccp_sendmsg()
    - ipv6: dccp: add missing bind_conflict to dccp_ipv6_mapped

  * add_key04 in LTP syscall test cause kernel oops (NULL pointer dereference)
    with T kernel (LP: #1775316) // CVE-2017-12193
    - assoc_array: Fix a buggy node-splitting case

  * CVE-2017-12154
    - kvm: nVMX: Don't allow L2 to access the hardware CR8

  * CVE-2018-7757
    - scsi: libsas: fix memory leak in sas_smp_get_phy_events()

  * CVE-2018-6927
    - futex: Prevent overflow by strengthen input validation

  * FS-Cache: Assertion failed: FS-Cache: 6 == 5 is false (LP: #1774336)
    - SAUCE: CacheFiles: fix a read_waiter/read_copier race

  * CVE-2018-5803
    - sctp: verify size of a new chunk in _sctp_make_chunk()

  * WARNING: CPU: 28 PID: 34085 at /build/linux-
    90Gc2C/linux-3.13.0/net/core/dev.c:1433 dev_disable_lro+0x87/0x90()
    (LP: #1771480)
    - net/core: generic support for disabling netdev features down stack
    - SAUCE: Backport helper function netdev_upper_get_next_dev_rcu

  * CVE-2018-7755
    - SAUCE: floppy: Do not copy a kernel pointer to user memory in FDGETPRM 
ioctl

  * CVE-2018-5750
    - ACPI: sbshc: remove raw pointer from printk() message

linux (3.13.0-151.201) trusty; urgency=medium

  * linux: 3.13.0-151.201 -proposed tracker (LP: #1774190)

  * CVE-2018-3639 (x86)
    - SAUCE: Set generic SSBD feature for Intel cpus
    - KVM: vmx: fix MPX detection
    - KVM: x86: Fix MSR_IA32_BNDCFGS in msrs_to_save
    - x86/cpu: Add CLZERO detection

  * Trusty cannot load microcode for family 17h AMD processors (LP: #1774082)
    - x86/microcode/AMD: Add support for fam17h microcode loading

linux (3.13.0-150.200) trusty; urgency=medium

  * linux: 3.13.0-150.200 -proposed tracker (LP: #1772970)

  * CVE-2018-3639 (x86)
    - x86/cpu: Make alternative_msr_write work for 32-bit code
    - x86/cpu/AMD: Fix erratum 1076 (CPB bit)
    - x86/bugs: Fix the parameters alignment and missing void
    - KVM: SVM: Move spec control call after restore of GS
    - x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP
    - x86/cpufeatures: Disentangle MSR_SPEC_CTRL enumeration from IBRS
    - x86/cpufeatures: Disentangle SSBD enumeration
    - x86/cpufeatures: Add FEATURE_ZEN
    - x86/speculation: Handle HT correctly on AMD
    - x86/bugs, KVM: Extend speculation control for VIRT_SPEC_CTRL
    - x86/speculation: Add virtualized speculative store bypass disable support
    - SAUCE: x86/cpu: Rename x86_amd_ssbd_enable
    - x86/speculation: Rework speculative_store_bypass_update()
    - x86/bugs: Unify x86_spec_ctrl_{set_guest,restore_host}
    - x86/bugs: Expose x86_spec_ctrl_base directly
    - x86/bugs: Remove x86_spec_ctrl_set()
    - x86/bugs: Rework spec_ctrl base and mask logic
    - x86/speculation, KVM: Implement support for VIRT_SPEC_CTRL/LS_CFG
    - KVM: x86: introduce num_emulated_msrs
    - KVM: SVM: Implement VIRT_SPEC_CTRL support for SSBD
    - x86/bugs: Rename SSBD_NO to SSB_NO
    - KVM: VMX: Expose SSBD properly to guests.

  * CVE-2018-7492
    - rds: Fix NULL pointer dereference in __rds_rdma_map

  * CVE-2017-0627
    - media: uvcvideo: Prevent heap overflow when accessing mapped controls

  * CVE-2018-8781
    - drm: udl: Properly check framebuffer mmap offsets

  * CVE-2018-1068
    - netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets

linux (3.13.0-149.199) trusty; urgency=medium

  * CVE-2018-3639 (powerpc)
    - SAUCE: rfi-flush: update H_CPU_* macro names to upstream
    - SAUCE: rfi-flush: update plpar_get_cpu_characteristics() signature to
      upstream
    - powerpc/pseries: Support firmware disable of RFI flush
    - powerpc/powernv: Support firmware disable of RFI flush
    - powerpc/64s: Allow control of RFI flush via debugfs
    - powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code
    - powerpc/rfi-flush: Always enable fallback flush on pseries
    - powerpc/rfi-flush: Differentiate enabled and patched flush types
    - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags
    - powerpc: Add security feature flags for Spectre/Meltdown
    - powerpc/pseries: Set or clear security feature flags
    - powerpc/powernv: Set or clear security feature flags
    - powerpc/powernv: Use the security flags in pnv_setup_rfi_flush()
    - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush()
    - powerpc/pseries: Fix clearing of security feature flags
    - powerpc: Move default security feature flags
    - powerpc/pseries: Restore default security feature flags on setup
    - powerpc/64s: Add support for a store forwarding barrier at kernel 
entry/exit
    - SAUCE: powerpc/64s: Move the data access exception out-of-line

  * CVE-2018-3639 (x86)
    - arch: Introduce post-init read-only memory
    - SAUCE: Add X86_FEATURE_ARCH_CAPABILITIES
    - SAUCE: x86: Add alternative_msr_write
    - x86/nospec: Simplify alternative_msr_write()
    - x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
    - x86/bugs: Concentrate bug detection into a separate function
    - x86/bugs: Concentrate bug reporting into a separate function
    - x86/msr: Add definitions for new speculation control MSRs
    - x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
    - x86/bugs, KVM: Support the combination of guest and host IBRS
    - x86/bugs: Expose /sys/../spec_store_bypass
    - x86/cpufeatures: Add X86_FEATURE_RDS
    - x86/bugs: Provide boot parameters for the spec_store_bypass_disable
      mitigation
    - x86/bugs/intel: Set proper CPU features and setup RDS
    - x86/bugs: Whitelist allowed SPEC_CTRL MSR values
    - x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested
    - x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
    - x86/speculation: Create spec-ctrl.h to avoid include hell
    - prctl: Add speculation control prctls
    - x86/process: Allow runtime control of Speculative Store Bypass
    - x86/speculation: Add prctl for Speculative Store Bypass mitigation
    - nospec: Allow getting/setting on non-current task
    - proc: Provide details on speculation flaw mitigations
    - seccomp: Enable speculation flaw mitigations
    - SAUCE: x86/bugs: Honour SPEC_CTRL default
    - x86/bugs: Make boot modes __ro_after_init
    - prctl: Add force disable speculation
    - seccomp: Use PR_SPEC_FORCE_DISABLE
    - seccomp: Add filter flag to opt-out of SSB mitigation
    - seccomp: Move speculation migitation control to arch code
    - x86/speculation: Make "seccomp" the default mode for Speculative Store
      Bypass
    - x86/bugs: Rename _RDS to _SSBD
    - proc: Use underscores for SSBD in 'status'
    - Documentation/spec_ctrl: Do some minor cleanups
    - x86/bugs: Fix __ssb_select_mitigation() return type
    - x86/bugs: Make cpu_show_common() static

linux (3.13.0-148.197) trusty; urgency=medium

  * linux: 3.13.0-148.197 -proposed tracker (LP: #1769077)

  * CVE-2017-18208
    - mm/madvise.c: fix madvise() infinite loop under special circumstances

  * CVE-2018-8822
    - staging: ncpfs: memory corruption in ncp_read_kernel()

  * CVE-2017-18221
    - mlock: fix mlock count can not decrease in race condition

  * CVE-2017-12134
    - xen: fix bio vec merging

  * CVE-2017-18203
    - dm: fix race between dm_get_from_kobject() and __dm_destroy()

  * CVE-2017-17449
    - netlink: Add netns check on taps

  * CVE-2017-13220
    - Bluetooth: hidp_connection_add() unsafe use of l2cap_pi()

  * CVE-2017-18204
    - ocfs2: should wait dio before inode lock in ocfs2_setattr()

  * CVE-2017-13305
    - KEYS: encrypted: fix buffer overread in valid_master_desc()

  * CVE-2017-18079
    - Input: i8042 - fix crash at boot time

  * "ip a" command on a guest VM shows UNKNOWN status (LP: #1761534)
    - virtio-net: Fix operstate for virtio when no VIRTIO_NET_F_STATUS

  * ibrs/ibpb fixes result in excessive kernel logging  (LP: #1755627)
    - SAUCE: remove ibrs_dump sysctl interface

linux (3.13.0-147.196) trusty; urgency=medium

  * CVE-2018-8897
    - x86/traps: Enable DEBUG_STACK after cpu_init() for TRAP_DB/BP
    - x86/entry/64: Don't use IST entry for #BP stack

  * CVE-2018-1087
    - KVM: VMX: Fix DR6 update on #DB exception
    - KVM: VMX: Advance rip to after an ICEBP instruction
    - kvm/x86: fix icebp instruction handling

  * CVE-2018-1000199
    - perf/hwbp: Simplify the perf-hwbp code, fix documentation

linux (3.13.0-145.194) trusty; urgency=medium

  * linux: 3.13.0-145.194 -proposed tracker (LP: #1761430)

  * intel-microcode 3.20180312.0 causes lockup at login screen(w/ linux-
    image-4.13.0-37-generic) (LP: #1759920) // CVE-2017-5715 (Spectre v2 Intel)
    - Revert "UBUNTU: SAUCE: x86/mm: Only set IBPB when the new thread cannot
      ptrace current thread"
    - x86/speculation: Use Indirect Branch Prediction Barrier in context switch

  * DKMS driver builds fail with: Cannot use CONFIG_STACK_VALIDATION=y, please
    install libelf-dev, libelf-devel or elfutils-libelf-devel (LP: #1760876)
    - [Packaging] include the retpoline extractor in the headers

  * retpoline hints: primary infrastructure and initial hints (LP: #1758856)
    - [Packaging] retpoline-extract: flag *0xNNN(%reg) branches
    - x86/speculation, objtool: Annotate indirect calls/jumps for objtool
    - x86/speculation, objtool: Annotate indirect calls/jumps for objtool on 
32bit
    - x86/paravirt, objtool: Annotate indirect calls
    - x86/asm: Stop depending on ptrace.h in alternative.h
    - [Packaging] retpoline -- add safe usage hint support
    - [Packaging] retpoline-check -- only report additions
    - [Packaging] retpoline -- widen indirect call/jmp detection
    - [Packaging] retpoline -- elide %rip relative indirections
    - [Packaging] retpoline -- clear hint information from packages
    - SAUCE: modpost: add discard to non-allocatable whitelist
    - KVM: x86: Make indirect calls in emulator speculation safe
    - KVM: VMX: Make indirect call speculation safe
    - x86/boot, objtool: Annotate indirect jump in secondary_startup_64()
    - SAUCE: early/late -- annotate indirect calls in early/late initialisation
      code
    - SAUCE: vga_set_mode -- avoid jump tables
    - [Config] retpoline -- switch to new format
    - [Packaging] retpoline hints -- handle missing files when RETPOLINE not
      enabled
    - [Packaging] final-checks -- remove check for empty retpoline files

  * retpoline: ignore %cs:0xNNN constant indirections (LP: #1752655)
    - [Packaging] retpoline -- elide %cs:0xNNNN constants on i386

  * Boot crash with Trusty 3.13 (LP: #1757193)
    - Revert "UBUNTU: SAUCE: x86, extable: fix uaccess fixup detection"
    - x86/mm: Expand the exception table logic to allow new handling options

  * Segmentation fault in ldt_gdt_64 (LP: #1755817) // CVE-2017-5754
    - x86/kvm: Rename VMX's segment access rights defines
    - x86/signal/64: Fix SS if needed when delivering a 64-bit signal

linux (3.13.0-144.193) trusty; urgency=medium

  * linux: 3.13.0-144.193 -proposed tracker (LP: #1755227)

  * CVE-2017-12762
    - isdn/i4l: fix buffer overflow

  * CVE-2017-17807
    - KEYS: add missing permission check for request_key() destination

  * bnx2x_attn_int_deasserted3:4323 MC assert! (LP: #1715519) //
    CVE-2018-1000026
    - net: Add ndo_gso_check
    - net: create skb_gso_validate_mac_len()
    - bnx2x: disable GSO where gso_size is too big for hardware

  * CVE-2017-17448
    - netfilter: nfnetlink_cthelper: Add missing permission checks

  * CVE-2017-11089
    - cfg80211: Define nla_policy for NL80211_ATTR_LOCAL_MESH_POWER_MODE

  * CVE-2018-5332
    - RDS: Heap OOB write in rds_message_alloc_sgs()

  * ppc64el: Do not call ibm,os-term on panic (LP: #1736954)
    - powerpc: Do not call ppc_md.panic in fadump panic notifier

  * CVE-2017-17805
    - crypto: salsa20 - fix blkcipher_walk API usage

  * [Hyper-V] storvsc: do not assume SG list is continuous when doing bounce
    buffers (LP: #1742480)
    - SAUCE: storvsc: do not assume SG list is continuous when doing bounce
      buffers

  * Shutdown hang on 16.04 with iscsi targets (LP: #1569925)
    - scsi: libiscsi: Allow sd_shutdown on bad transport

  * CVE-2017-17741
    - KVM: Fix stack-out-of-bounds read in write_mmio

  * CVE-2017-5715 (Spectre v2 Intel)
    - [Packaging] pull in retpoline files

linux (3.13.0-143.192) trusty; urgency=medium

  * linux: 3.13.0-143.192 -proposed tracker (LP: #1751838)

  * CVE-2017-5715 (Spectre v2 retpoline)
    - x86/alternatives: Fix ALTERNATIVE_2 padding generation properly
    - x86/alternatives: Fix alt_max_short macro to really be a max()
    - x86/alternatives: Guard NOPs optimization
    - x86/alternatives: Switch AMD F15h and later to the P6 NOPs
    - x86/alternatives: Make optimize_nops() interrupt safe and synced
    - x86/alternatives: Fix optimize_nops() checking
    - x86/cpuid: Provide get_scattered_cpuid_leaf()
    - x86/cpu: Factor out application of forced CPU caps
    - x86/cpufeatures: Make CPU bugs sticky
    - x86/cpufeatures: Add X86_BUG_CPU_INSECURE
    - x86/pti: Rename BUG_CPU_INSECURE to BUG_CPU_MELTDOWN
    - x86/cpufeatures: Add X86_BUG_SPECTRE_V[12]
    - x86/cpu, x86/pti: Do not enable PTI on AMD processors
    - x86/cpu: Merge bugs.c and bugs_64.c
    - sysfs/cpu: Add vulnerability folder
    - x86/cpu: Implement CPU vulnerabilites sysfs functions
    - x86/alternatives: Add missing '\n' at end of ALTERNATIVE inline asm
    - x86/mm/32: Move setup_clear_cpu_cap(X86_FEATURE_PCID) earlier
    - x86/asm: Use register variable to get stack pointer value
    - x86/kbuild: enable modversions for symbols exported from asm
    - x86/asm: Make asm/alternative.h safe from assembly
    - EXPORT_SYMBOL() for asm
    - kconfig.h: use __is_defined() to check if MODULE is defined
    - x86/retpoline: Add initial retpoline support
    - x86/spectre: Add boot time option to select Spectre v2 mitigation
    - x86/retpoline/crypto: Convert crypto assembler indirect jumps
    - x86/retpoline/entry: Convert entry assembler indirect jumps
    - x86/retpoline/ftrace: Convert ftrace assembler indirect jumps
    - x86/retpoline/hyperv: Convert assembler indirect jumps
    - x86/retpoline/xen: Convert Xen hypercall indirect jumps
    - x86/retpoline/checksum32: Convert assembler indirect jumps
    - x86/retpoline/irq32: Convert assembler indirect jumps
    - x86/retpoline: Fill return stack buffer on vmexit
    - x86/retpoline: Remove compile time warning
    - x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB macros
    - module: Add retpoline tag to VERMAGIC
    - x86/mce: Make machine check speculation protected
    - retpoline: Introduce start/end markers of indirect thunk
    - kprobes/x86: Disable optimizing on the function jumps to indirect thunk
    - x86/retpoline: Optimize inline assembler for vmexit_fill_RSB
    - [Config] CONFIG_RETPOLINE=y
    - [Packaging] retpoline -- add call site validation
    - [Packaging] retpoline files must be sorted
    - [Config] disable retpoline for the first upload
    - [Config] updateconfigs - enable CONFIG_GENERIC_CPU_VULNERABILITIES

  * retpoline abi files are empty on i386 (LP: #1751021)
    - [Packaging] retpoline-extract -- instantiate retpoline files for i386
    - [Packaging] final-checks -- sanity checking ABI contents
    - [Packaging] final-checks -- check for empty retpoline files

  * CVE-2017-5715 (Spectre v2 Intel)
    - x86, microcode: Share native MSR accessing variants
    - kvm: vmx: Scrub hardware GPRs at VM-exit
    - SAUCE: x86/feature: Enable the x86 feature to control Speculation
    - SAUCE: x86/feature: Report presence of IBPB and IBRS control
    - SAUCE: x86/enter: MACROS to set/clear IBRS and set IBPB
    - SAUCE: x86/enter: Use IBRS on syscall and interrupts
    - SAUCE: x86/idle: Disable IBRS entering idle and enable it on wakeup
    - SAUCE: x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup
    - SAUCE: x86/mm: Set IBPB upon context switch
    - SAUCE: x86/mm: Only set IBPB when the new thread cannot ptrace current
      thread
    - SAUCE: x86/entry: Stuff RSB for entry to kernel for non-SMEP platform
    - SAUCE: x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm
    - SAUCE: x86/kvm: Set IBPB when switching VM
    - SAUCE: x86/kvm: Toggle IBRS on VM entry and exit
    - SAUCE: x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature
    - SAUCE: x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb 
control
    - SAUCE: x86/cpu/AMD: Add speculative control support for AMD
    - SAUCE: x86/microcode: Extend post microcode reload to support IBPB feature
    - SAUCE: KVM: SVM: Do not intercept new speculative control MSRs
    - SAUCE: x86/svm: Set IBRS value on VM entry and exit
    - SAUCE: x86/svm: Set IBPB when running a different VCPU
    - SAUCE: KVM: x86: Add speculative control CPUID support for guests
    - SAUCE: x86/entry: Fixup 32bit compat call locations
    - SAUCE: KVM: Fix spec_ctrl CPUID support for guests
    - SAUCE: x86/cpuid: Fix ordering of scattered feature list
    - SAUCE: turn off IBRS when full retpoline is present

  * CVE-2017-5753 (Spectre v1 Intel)
    - x86: Add another set of MSR accessor functions
    - x86/cpu/AMD: Make the LFENCE instruction serialized
    - SAUCE: x86/cpu/AMD: switch to lfence rather than mfence
    - locking/barriers: introduce new observable speculation barrier
    - bpf: prevent speculative execution in eBPF interpreter
    - uvcvideo: prevent speculative execution
    - carl9170: prevent speculative execution
    - qla2xxx: prevent speculative execution
    - fs: prevent speculative execution
    - udf: prevent speculative execution
    - userns: prevent speculative execution
    - SAUCE: claim mitigation via observable speculation barrier
    - powerpc: add osb barrier
    - s390/spinlock: add osb memory barrier
    - arm64: no osb() implementation yet
    - arm: no osb() implementation yet

  * CVE-2017-5715 (revert embargoed) // CVE-2017-5753 (revert embargoed)
    - Revert "UBUNTU: SAUCE: x86/cpuid: Fix ordering of scattered feature list"
    - Revert "UBUNTU: SAUCE: KVM: Fix spec_ctrl CPUID support for guests"
    - Revert "UBUNTU: SAUCE: x86/entry: Fixup 32bit compat call locations"
    - Revert "UBUNTU: SAUCE: powerpc: no gmb() implementation yet"
    - Revert "UBUNTU: SAUCE: arm: no gmb() implementation yet"
    - Revert "UBUNTU: SAUCE: arm64: no gmb() implementation yet"
    - Revert "UBUNTU: SAUCE: x86/kvm: Fix stuff_RSB() for 32-bit"
    - Revert "UBUNTU: SAUCE: x86/cpu/AMD: Remove now unused definition of
      MFENCE_RDTSC feature"
    - Revert "UBUNTU: SAUCE: x86/cpu/AMD: Make the LFENCE instruction 
serialized"
    - Revert "UBUNTU: SAUCE: x86/svm: Add code to clobber the RSB on VM exit"
    - Revert "UBUNTU: SAUCE: KVM: x86: Add speculative control CPUID support for
      guests"
    - Revert "UBUNTU: SAUCE: x86/svm: Set IBPB when running a different VCPU"
    - Revert "UBUNTU: SAUCE: x86/svm: Set IBRS value on VM entry and exit"
    - Revert "UBUNTU: SAUCE: KVM: SVM: Do not intercept new speculative control
      MSRs"
    - Revert "UBUNTU: SAUCE: x86/microcode: Extend post microcode reload to
      support IBPB feature"
    - Revert "UBUNTU: SAUCE: x86/cpu/AMD: Add speculative control support for 
AMD"
    - Revert "UBUNTU: SAUCE: x86/entry: Use retpoline for syscall's indirect
      calls"
    - Revert "UBUNTU: SAUCE: x86/spec_ctrl: Add lock to serialize changes to 
ibrs
      and ibpb control"
    - Revert "UBUNTU: SAUCE: x86/spec_ctrl: Add sysctl knobs to enable/disable
      SPEC_CTRL feature"
    - Revert "UBUNTU: SAUCE: x86/kvm: Pad RSB on VM transition"
    - Revert "UBUNTU: SAUCE: x86/kvm: Toggle IBRS on VM entry and exit"
    - Revert "UBUNTU: SAUCE: x86/kvm: Set IBPB when switching VM"
    - Revert "UBUNTU: SAUCE: x86/kvm: add MSR_IA32_SPEC_CTRL and 
MSR_IA32_PRED_CMD
      to kvm"
    - Revert "UBUNTU: SAUCE: x86/entry: Stuff RSB for entry to kernel for 
non-SMEP
      platform"
    - Revert "UBUNTU: SAUCE: x86/mm: Only set IBPB when the new thread cannot
      ptrace current thread"
    - Revert "UBUNTU: SAUCE: x86/mm: Set IBPB upon context switch"
    - Revert "UBUNTU: SAUCE: x86/idle: Disable IBRS when offlining cpu and re-
      enable on wakeup"
    - Revert "UBUNTU: SAUCE: x86/idle: Disable IBRS entering idle and enable it 
on
      wakeup"
    - Revert "UBUNTU: SAUCE: x86/enter: Use IBRS on syscall and interrupts"
    - Revert "UBUNTU: SAUCE: x86/enter: MACROS to set/clear IBRS and set IBPB"
    - Revert "UBUNTU: SAUCE: x86/feature: Report presence of IBPB and IBRS
      control"
    - Revert "UBUNTU: SAUCE: x86/feature: Enable the x86 feature to control
      Speculation"
    - Revert "UBUNTU: SAUCE: udf: prevent speculative execution"
    - Revert "UBUNTU: SAUCE: fs: prevent speculative execution"
    - Revert "UBUNTU: SAUCE: userns: prevent speculative execution"
    - Revert "UBUNTU: SAUCE: cw1200: prevent speculative execution"
    - Revert "UBUNTU: SAUCE: qla2xxx: prevent speculative execution"
    - Revert "UBUNTU: SAUCE: p54: prevent speculative execution"
    - Revert "UBUNTU: SAUCE: carl9170: prevent speculative execution"
    - Revert "UBUNTU: SAUCE: uvcvideo: prevent speculative execution"
    - Revert "UBUNTU: SAUCE: locking/barriers: introduce new memory barrier 
gmb()"
    - Revert "kvm: vmx: Scrub hardware GPRs at VM-exit"
    - Revert "x86/cpuid: Provide get_scattered_cpuid_leaf()"
    - Revert "x86: Add another set of MSR accessor functions"
    - Revert "x86, microcode: Share native MSR accessing variants"

  * stress-ng enosys stressor triggers a kernel BUG (LP: #1750786)
    - SAUCE: x86, extable: fix uaccess fixup detection

linux (3.13.0-142.191) trusty; urgency=medium

  * linux: 3.13.0-142.191 -proposed tracker (LP: #1746900)

  * CVE-2017-17806
    - crypto: hmac - require that the underlying hash algorithm is unkeyed

  * CVE-2017-18017
    - netfilter: xt_TCPMSS: add more sanity tests on tcph->doff

  * CVE-2017-17450
    - netfilter: xt_osf: Add missing permission checks

  * CVE-2018-5344
    - loop: fix concurrent lo_open/lo_release

  * CVE-2017-5715 (Spectre v2 embargoed) // CVE-2017-5753 (Spectre v1 embargoed)
    - x86/asm/msr: Make wrmsrl_safe() a function

  * CVE-2017-1000407
    - KVM: VMX: remove I/O port 0x80 bypass on Intel hosts

  * CVE-2017-0861
    - ALSA: pcm: prevent UAF in snd_pcm_info

  * CVE-2017-14051
    - scsi: qla2xxx: Fix an integer overflow in sysfs code

  * CVE-2017-15868
    - Bluetooth: bnep: bnep_add_connection() should verify that it's dealing 
with
      l2cap socket

  * CVE-2018-5333
    - RDS: null pointer dereference in rds_atomic_free_op

  * powerpc: flush L1D on return to use (LP: #1742772) // CVE-2017-5754
    (Meltdown)
    - SAUCE: powerpc: Prevent Meltdown attack with L1-D$ flush
    - SAUCE: powerpc: Remove dead code in sycall entry
    - SAUCE: rfi-flush: Add barriers to the fallback L1D flushing
    - SAUCE: rfi-flush: Fallback flush add load dependency
    - SAUCE: rfi-flush: Fix the 32-bit KVM build
    - SAUCE: rfi-flush: Fix some RFI conversions in the KVM code
    - SAUCE: rfi-flush: Make the fallback robust against memory corruption
    - SAUCE: powerpc/kernel: Does not use sync
    - SAUCE: rfi-flush: Factor out init_fallback_flush()
    - SAUCE: rfi-flush: Make setup_rfi_flush() not __init
    - SAUCE: rfi-flush: Move the logic to avoid a redo into the sysfs code
    - SAUCE: rfi-flush: Make it possible to call setup_rfi_flush() again
    - SAUCE: rfi-flush: Call setup_rfi_flush() after LPM migration
    - SAUCE: rfi-flush: Fix fallback on distros using bootmem
    - SAUCE: rfi-flush: fix package build error (unused variable limit)
    - SAUCE: rfi-flush: Fix kernel package build using bootmem
    - SAUCE: rfi-flush: Move rfi_flush_fallback_area to end of paca
    - SAUCE: rfi-flush: Fix rename of pseries_setup_rfi_flush()
    - SAUCE: rfi-flush: Mark DEBUG_RFI as BROKEN
    - SAUCE: rfi-flush: Switch to new linear fallback flush
    - SAUCE: powerpc/kernel: Remove unused variable
    - SAUCE: powerpc/kernel: Fix typo on variable
    - SAUCE: powerpc/kernel: Fix instructions usage
    - SAUCE: powerpc/kernel: Define PACA_L1D_FLUSH_SIZE
    - SAUCE: rfi-flush: Fix for kernel crash.

  * upload urgency should be medium by default (LP: #1745338)
    - [Packaging] update urgency to medium by default

  * CVE-2017-12190
    - fix unbalanced page refcounting in bio_map_user_iov
    - more bio_map_user_iov() leak fixes

  * CVE-2017-15274
    - KEYS: fix dereferencing NULL payload with nonzero length

  * CVE-2017-14140
    - Sanitize 'move_pages()' permission checks

  * CVE-2017-15115
    - sctp: do not peel off an assoc from one netns to another one

  * CVE-2017-14489
    - scsi: scsi_transport_iscsi: fix the issue that iscsi_if_rx doesn't parse
      nlmsg properly

  * CVE-2017-12153
    - nl80211: check for the required netlink attributes presence

  * CVE-2017-16525
    - USB: serial: console: fix use-after-free after failed setup
    - USB: serial: console: fix use-after-free on disconnect

  * CVE-2017-7542
    - ipv6: avoid overflow of offset in ip6_find_1stfragopt
    - ipv6: accept 64k - 1 packet length in ip6_find_1stfragopt()

  * CVE-2017-15102
    - usb: misc: legousbtower: Fix NULL pointer deference

  * CVE-2017-12192
    - KEYS: prevent KEYCTL_READ on negative key

  * CVE-2017-14156
    - video: fbdev: aty: do not leak uninitialized padding in clk to userspace

  * CVE-2017-5669
    - ipc/shm: Fix shmat mmap nil-page protection

  * CVE-2017-0750
    - f2fs: do more integrity verification for superblock

  * CVE-2017-7889
    - mm: Tighten x86 /dev/mem with zeroing reads

  * CVE-2017-8824
    - dccp: CVE-2017-8824: use-after-free in DCCP code

linux (3.13.0-141.190) trusty; urgency=low

  * linux: 3.13.0-141.190 -proposed tracker (LP: #1744308)

  * ubuntu_32_on_64 test crash Trusty 3.13.0-140 amd64 system (LP: #1744199) //
    test_too_early_vsyscall from ubuntu_qrt_kernel_panic crashes Trusty
    3.13.0-140 amd64 system (LP: #1744226) // CVE-2017-5715 // CVE-2017-5753
    - SAUCE: x86/entry: Fixup 32bit compat call locations

  * CVE-2017-5715 // CVE-2017-5753
    - SAUCE: x86/cpuid: Fix ordering of scattered feature list
    - SAUCE: KVM: Fix spec_ctrl CPUID support for guests

  * CVE-2017-5754
    - kaiser: Set _PAGE_NX only if supported
    - kaiser: Set _PAGE_NX only if supported

linux (3.13.0-140.189) trusty; urgency=low

  * linux: 3.13.0-140.189 -proposed tracker (LP: #1743375)

  [ Stefan Bader ]
  * CVE-2017-5715 // CVE-2017-5753
    - x86, microcode: Share native MSR accessing variants
    - x86: Add another set of MSR accessor functions
    - x86/cpuid: Provide get_scattered_cpuid_leaf()
    - kvm: vmx: Scrub hardware GPRs at VM-exit
    - SAUCE: locking/barriers: introduce new memory barrier gmb()
    - SAUCE: uvcvideo: prevent speculative execution
    - SAUCE: carl9170: prevent speculative execution
    - SAUCE: p54: prevent speculative execution
    - SAUCE: qla2xxx: prevent speculative execution
    - SAUCE: cw1200: prevent speculative execution
    - SAUCE: userns: prevent speculative execution
    - SAUCE: fs: prevent speculative execution
    - SAUCE: udf: prevent speculative execution
    - SAUCE: x86/feature: Enable the x86 feature to control Speculation
    - SAUCE: x86/feature: Report presence of IBPB and IBRS control
    - SAUCE: x86/enter: MACROS to set/clear IBRS and set IBPB
    - SAUCE: x86/enter: Use IBRS on syscall and interrupts
    - SAUCE: x86/idle: Disable IBRS entering idle and enable it on wakeup
    - SAUCE: x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup
    - SAUCE: x86/mm: Set IBPB upon context switch
    - SAUCE: x86/mm: Only set IBPB when the new thread cannot ptrace current
      thread
    - SAUCE: x86/entry: Stuff RSB for entry to kernel for non-SMEP platform
    - SAUCE: x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm
    - SAUCE: x86/kvm: Set IBPB when switching VM
    - SAUCE: x86/kvm: Toggle IBRS on VM entry and exit
    - SAUCE: x86/kvm: Pad RSB on VM transition
    - SAUCE: x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature
    - SAUCE: x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb 
control
    - SAUCE: x86/entry: Use retpoline for syscall's indirect calls
    - SAUCE: x86/cpu/AMD: Add speculative control support for AMD
    - SAUCE: x86/microcode: Extend post microcode reload to support IBPB feature
    - SAUCE: KVM: SVM: Do not intercept new speculative control MSRs
    - SAUCE: x86/svm: Set IBRS value on VM entry and exit
    - SAUCE: x86/svm: Set IBPB when running a different VCPU
    - SAUCE: KVM: x86: Add speculative control CPUID support for guests
    - SAUCE: x86/svm: Add code to clobber the RSB on VM exit
    - SAUCE: x86/cpu/AMD: Make the LFENCE instruction serialized
    - SAUCE: x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature
    - SAUCE: x86/kvm: Fix stuff_RSB() for 32-bit
    - SAUCE: arm64: no gmb() implementation yet
    - SAUCE: arm: no gmb() implementation yet
    - SAUCE: powerpc: no gmb() implementation yet

  * Do not duplicate changelog entries assigned to more than one bug or CVE
    (LP: #1743383)
    - [Packaging] git-ubuntu-log -- handle multiple bugs/cves better

linux (3.13.0-139.188) trusty; urgency=low

  * linux: 3.13.0-139.188 -proposed tracker (LP: #1741609)

  * CVE-2017-5754
    - perf/x86: Correctly use FEATURE_PDCM
    - arch: Introduce smp_load_acquire(), smp_store_release()
    - mm, x86: Account for TLB flushes only when debugging
    - x86/mm: Clean up inconsistencies when flushing TLB ranges
    - x86/mm: Eliminate redundant page table walk during TLB range flushing
    - mm, x86: Revisit tlb_flushall_shift tuning for page flushes except on
      IvyBridge
    - x86/mm: Clean up the TLB flushing code
    - x86/mm: Rip out complicated, out-of-date, buggy TLB flushing
    - x86/mm: Fix missed global TLB flush stat
    - x86/mm: New tunable for single vs full TLB flush
    - x86/mm: Set TLB flush tunable to sane value (33)
    - x86/mm: Fix sparse 'tlb_single_page_flush_ceiling' warning and make the
      variable read-mostly
    - rcu: Provide counterpart to rcu_dereference() for non-RCU situations
    - rcu: Move lockless_dereference() out of rcupdate.h
    - x86/ldt: Make modify_ldt synchronous
    - x86/ldt: Correct LDT access in single stepping logic
    - x86/ldt: Correct FPU emulation access to LDT
    - x86/ldt: Further fix FPU emulation
    - x86/mm: Disable preemption during CR3 read+write
    - x86: Clean up cr4 manipulation
    - x86/mm: Add INVPCID helpers
    - x86/mm: Fix INVPCID asm constraint
    - x86/mm: Add a 'noinvpcid' boot option to turn off INVPCID
    - x86/mm: If INVPCID is available, use it to flush global mappings
    - mm/mmu_context, sched/core: Fix mmu_context.h assumption
    - sched/core: Add switch_mm_irqs_off() and use it in the scheduler
    - x86/mm: Build arch/x86/mm/tlb.c even on !SMP
    - x86/mm, sched/core: Uninline switch_mm()
    - x86/mm, sched/core: Turn off IRQs in switch_mm()
    - sched/core: Idle_task_exit() shouldn't use switch_mm_irqs_off()
    - x86/irq: Do not substract irq_tlb_count from irq_call_count
    - x86/vm86/32: Switch to flush_tlb_mm_range() in mark_screen_rdonly()
    - x86/mm: Remove flush_tlb() and flush_tlb_current_task()
    - x86/mm: Make flush_tlb_mm_range() more predictable
    - x86/mm: Reimplement flush_tlb_page() using flush_tlb_mm_range()
    - x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP
      code
    - x86/mm: Disable PCID on 32-bit kernels
    - x86/mm: Add the 'nopcid' boot option to turn off PCID
    - x86/mm: Enable CR4.PCIDE on supported systems
    - x86/mm/64: Fix reboot interaction with CR4.PCIDE
    - KAISER: Kernel Address Isolation
    - x86/mm/kaiser: re-enable vsyscalls
    - kaiser: user_map __kprobes_text too
    - kaiser: alloc_ldt_struct() use get_zeroed_page()
    - x86/alternatives: Cleanup DPRINTK macro
    - x86/alternatives: Add instruction padding
    - x86/alternatives: Make JMPs more robust
    - x86/alternatives: Use optimized NOPs for padding
    - kaiser: add "nokaiser" boot option, using ALTERNATIVE
    - x86, boot: Carve out early cmdline parsing function
    - x86/boot: Fix early command-line parsing when matching at end
    - x86/boot: Fix early command-line parsing when partial word matches
    - x86/boot: Simplify early command line parsing
    - x86/boot: Pass in size to early cmdline parsing
    - x86/boot: Add early cmdline parsing for options with arguments
    - x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling
    - x86/kaiser: Check boottime cmdline params
    - kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush
    - kaiser: asm/tlbflush.h handle noPGE at lower level
    - kaiser: kaiser_flush_tlb_on_return_to_user() check PCID
    - x86/paravirt: Dont patch flush_tlb_single
    - x86/kaiser: Reenable PARAVIRT
    - kaiser: disabled on Xen PV
    - x86/kaiser: Move feature detection up
    - KPTI: Rename to PAGE_TABLE_ISOLATION
    - KPTI: Report when enabled
    - kvmclock: export kvmclock clocksource and data pointers
    - x86/mm/kaiser: remove paravirt clock warning
    - kaiser: x86: Fix NMI handling
    - [Config] updateconfigs - enable PAGE_TABLE_ISOLATION

linux (3.13.0-137.186) trusty; urgency=low

  * linux: 3.13.0-137.186 -proposed tracker (LP: #1736194)

  * CVE-2017-1000405
    - mm, thp: Do not make page table dirty unconditionally in touch_p[mu]d()

  * CVE-2017-16939
    - netlink: add a start callback for starting a netlink dump
    - ipsec: Fix aborted xfrm policy dump crash

linux (3.13.0-136.185) trusty; urgency=low

  * linux: 3.13.0-136.185 -proposed tracker (LP: #1734733)

  * NVMe timeout is too short (LP: #1729119)
    - NVMe: Make I/O timeout a module parameter
    - nvme: update timeout module parameter type

linux (3.13.0-135.184) trusty; urgency=low

  * linux: 3.13.0-135.184 -proposed tracker (LP: #1724500)

  * Trusty NVMe boot fails on some systems (LP: #1720867)
    - NVMe: RCU protected access to io queues
    - NVMe: IOCTL path RCU protect queue access
    - powerpc/mm: fix ".__node_distance" undefined
    - NVMe: per-cpu io queues
    - nvme: Use pci_enable_msi_range() and pci_enable_msix_range()
    - NVMe: make setup work for devices that don't do INTx
    - NVMe: Always use MSI/MSI-x interrupts

linux (3.13.0-134.183) trusty; urgency=low

  * linux: 3.13.0-134.183 -proposed tracker (LP: #1722335)

  [ Thadeu Lima de Souza Cascardo ]
  * CVE-2017-10661
    - timerfd: Protect the might cancel mechanism proper

  * CVE-2017-10662
    - f2fs: sanity check segment count

  * CVE-2017-10663
    - f2fs: sanity check checkpoint segno and blkoff

  * CVE-2017-14340
    - xfs: XFS_IS_REALTIME_INODE() should be false if no rt device present

  * CVE-2017-10911
    - xen-blkback: don't leak stack data via response ring

  * CVE-2017-11176
    - mqueue: fix a use-after-free in sys_mq_notify()

  * CVE-2016-8632
    - tipc: check minimum bearer MTU

linux (3.13.0-133.182) trusty; urgency=low

  * linux: 3.13.0-133.182 -proposed tracker (LP: #1718159)

  [ Stefan Bader ]
  * CVE-2016-8633
    - firewire: net: guard against rx buffer overflows

  * CVE-2017-14106
    - tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0

linux (3.13.0-132.181) trusty; urgency=low

  * linux: 3.13.0-132.181 -proposed tracker (LP: #1716634)

  * CVE-2017-1000251
    - Bluetooth: Properly check L2CAP config option output buffer length

linux (3.13.0-131.180) trusty; urgency=low

  * linux: 3.13.0-131.180 -proposed tracker (LP: #1715439)

  * CVE-2016-7097
    - posix_acl: Clear SGID bit when setting file permissions

  * CVE-2016-9083
    - vfio/pci: Fix integer overflows, bitmask check

  * CVE-2016-9084
    - vfio/pci: Fix integer overflows, bitmask check

  * CVE-2016-9604
    - KEYS: Disallow keyrings beginning with '.' to be joined as session 
keyrings

  * CVE-2016-9191
    - sysctl: Drop reference added by grab_header in proc_sys_readdir

  * CVE-2016-9178
    - fix minor infoleak in get_user_ex()

  * CVE-2016-8650
    - mpi: Fix NULL ptr dereference in mpi_powm() [ver #3]

  * CVE-2016-10044
    - vfs: Commit to never having exectuables on proc and sysfs.
    - aio: mark AIO pseudo-fs noexec

linux (3.13.0-130.179) trusty; urgency=low

  * linux: 3.13.0-130.179 -proposed tracker (LP: #1713456)

  * CVE-2016-10200
    - l2tp: fix racy SOCK_ZAPPED flag check in l2tp_ip{, 6}_bind()

  * CVE-2016-9754
    - ring-buffer: Prevent overflow of size in ring_buffer_resize()

  * CVE-2017-5970
    - ipv4: keep skb->dst around in presence of IP options

  * CVE-2017-6346
    - packet: fix races in fanout_add()

  * CVE-2017-6214
    - tcp: avoid infinite loop in tcp_splice_read()

  * CVE-2017-6951
    - KEYS: Change the name of the dead type to ".dead" to prevent user access

  * CVE-2017-7472
    - KEYS: fix keyctl_set_reqkey_keyring() to not leak thread keyrings

  * CVE-2017-7187
    - scsi: sg: check length passed to SG_NEXT_CMD_LEN

  * CVE-2017-7541
    - brcmfmac: fix possible buffer overflow in brcmf_cfg80211_mgmt_tx()

  * sort ABI files with C.UTF-8 locale (LP: #1712345)
    - [Packaging] sort ABI files with C.UTF-8 locale

  * Please only recommend or suggest initramfs-tools | linux-initramfs-tool for
    kernels able to boot without initramfs (LP: #1700972)
    - [Debian] Don't depend on initramfs-tools

linux (3.13.0-129.178) trusty; urgency=low

  * linux: 3.13.0-129.178 -proposed tracker (LP: #1709292)

  * CVE-2017-1000112
    - Revert "udp: consistently apply ufo or fragmentation"
    - udp: consistently apply ufo or fragmentation

  * CVE-2017-1000111
    - Revert "net-packet: fix race in packet_set_ring on PACKET_RESERVE"
    - packet: fix tp_reserve race in packet_set_ring

  * Adt tests of src:linux time out often on armhf lxc containers (LP: #1705495)
    - [Packaging] tests -- reduce rebuild test to one flavour

  * CVE-2016-7914
    - assoc_array: don't call compare_object() on a node

  * CVE-2017-7616
    - mm/mempolicy.c: fix error handling in set_mempolicy and mbind.

  * CVE-2017-7261
    - drm/vmwgfx: NULL pointer dereference in vmw_surface_define_ioctl()

  * CVE-2017-7273
    - HID: hid-cypress: validate length of report

  * CVE-2017-7487
    - ipx: call ipxitf_put() in ioctl error path

  * CVE-2017-7495
    - ext4: fix data exposure after a crash

linux (3.13.0-128.177) trusty; urgency=low

  * CVE-2017-1000112
    - ipv4: Should use consistent conditional judgement for ip fragment in
      __ip_append_data and ip_finish_output
    - ipv6: Don't use ufo handling on later transformed packets
    - ipv6: Should use consistent conditional judgement for ip6 fragment between
      __ip6_append_data and ip6_finish_output
    - udp: avoid ufo handling on IP payload compression packets
    - net: account for current skb length when deciding about UFO
    - udp: consistently apply ufo or fragmentation

  * CVE-2017-1000111
    - net-packet: fix race in packet_set_ring on PACKET_RESERVE

linux (3.13.0-126.175) trusty; urgency=low

  * linux: 3.13.0-126.175 -proposed tracker (LP: #1704994)

  * CVE-2017-1000364
    - mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack
    - mm/mmap.c: expand_downwards: don't require the gap if !vm_prev

  * CVE-2017-7482
    - rxrpc: Fix several cases where a padded len isn't checked in ticket decode

  * CVE-2017-1000365
    - fs/exec.c: account for argv/envp pointers

  * CVE-2016-8405
    - fbdev: color map copying bounds checking

  * CVE-2017-2618
    - selinux: fix off-by-one in setprocattr

  * update ENA driver to 1.2.0k from net-next (LP: #1701575)
    - lib: devres: add a helper function for ioremap_wc
    - net: ena: remove superfluous check in ena_remove()
    - net: ena: fix rare uncompleted admin command false alarm
    - net: ena: add missing return when ena_com_get_io_handlers() fails
    - net: ena: fix race condition between submit and completion admin command
    - net: ena: add missing unmap bars on device removal
    - net: ena: fix theoretical Rx hang on low memory systems
    - net: ena: disable admin msix while working in polling mode
    - net: ena: bug fix in lost tx packets detection mechanism
    - net: ena: update ena driver to version 1.1.7
    - net: ena: change return value for unsupported features unsupported return
      value
    - net: ena: add hardware hints capability to the driver
    - net: ena: change sizeof() argument to be the type pointer
    - net: ena: add reset reason for each device FLR
    - net: ena: add support for out of order rx buffers refill
    - net: ena: separate skb allocation to dedicated function
    - net: ena: use lower_32_bits()/upper_32_bits() to split dma address
    - net: ena: update driver's rx drop statistics
    - net: ena: update ena driver to version 1.2.0

linux (3.13.0-125.174) trusty; urgency=low

  * linux: 3.13.0-125.174 -proposed tracker (LP: #1703396)

  * NULL pointer dereference triggered by openvswitch autopkg testcase
    (LP: #1703401)
    - Revert "rtnl/do_setlink(): notify when a netdev is modified"
    - Revert "rtnl/do_setlink(): last arg is now a set of flags"
    - Revert "rtnl/do_setlink(): set modified when IFLA_LINKMODE is updated"
    - Revert "rtnl/do_setlink(): set modified when IFLA_TXQLEN is updated"
    - Revert "rtnetlink: provide api for getting and setting slave info"

linux (3.13.0-124.173) trusty; urgency=low

  * linux: 3.13.0-124.173 -proposed tracker (LP: #1701042)

  * CVE-2017-7895
    - nfsd: Remove assignments inside conditions
    - svcrdma: Do not add XDR padding to xdr_buf page vector
    - nfsd4: minor NFSv2/v3 write decoding cleanup
    - nfsd: stricter decoding of write-like NFSv2/v3 ops

  * CVE-2017-9605
    - drm/vmwgfx: Make sure backup_handle is always valid

  * CVE-2017-1000380
    - ALSA: timer: Fix race between read and ioctl
    - ALSA: timer: Fix missing queue indices reset at SNDRV_TIMER_IOCTL_SELECT

  * linux <3.18: netlink notification is missing when an interface is modified
    (LP: #1690094)
    - rtnetlink: provide api for getting and setting slave info
    - rtnl/do_setlink(): set modified when IFLA_TXQLEN is updated
    - rtnl/do_setlink(): set modified when IFLA_LINKMODE is updated
    - rtnl/do_setlink(): last arg is now a set of flags
    - rtnl/do_setlink(): notify when a netdev is modified

  * CVE-2015-8944
    - Make file credentials available to the seqfile interfaces
    - /proc/iomem: only expose physical resource addresses to privileged users

  * CVE-2016-10088
    - sg_write()/bsg_write() is not fit to be called under KERNEL_DS

  * CVE-2017-7346
    - drm/vmwgfx: limit the number of mip levels in 
vmw_gb_surface_define_ioctl()

  * CVE-2015-8966
    - arm: fix handling of F_OFD_... in oabi_fcntl64()

  * Missing IOTLB flush causes DMAR errors with SR-IOV (LP: #1697053)
    - iommu/vt-d: Fix missing IOTLB flush in intel_iommu_unmap()

  * CVE-2017-8924
    - USB: serial: io_ti: fix information leak in completion handler

  * CVE-2017-8925
    - USB: serial: omninet: fix reference leaks at open

  * CVE-2015-8967
    - arm64: make sys_call_table const

  * CVE-2015-8964
    - tty: Prevent ldisc drivers from re-using stale tty fields

  * CVE-2015-8955
    - arm64: perf: reject groups spanning multiple HW PMUs

  * CVE-2015-8962
    - sg: Fix double-free when drives detach during SG_IO

  * CVE-2015-8963
    - perf: Fix race in swevent hash

  * CVE-2017-9074
    - ipv6: Check ip6_find_1stfragopt() return value properly.

  * CVE-2014-9900
    - net: Zeroing the structure ethtool_wolinfo in ethtool_get_wol()

linux (3.13.0-123.172) trusty; urgency=low

  * linux: 3.13.0-123.172 -proposed tracker (LP: #1700558)

  * CVE-2017-1000364
    - Revert "UBUNTU: SAUCE: mm: Only expand stack if guard area is hit"
    - Revert "mm: do not collapse stack gap into THP"
    - Revert "mm: enlarge stack guard gap"
    - mm: vma_adjust: remove superfluous confusing update in remove_next == 1 
case
    - mm: larger stack guard gap, between vmas
    - mm: fix new crash in unmapped_area_topdown()
    - Allow stack to grow up to address space limit

linux (3.13.0-122.171) trusty; urgency=low

  * linux: 3.13.0-122.171 -proposed tracker (LP: #1699047)

  * CVE-2017-1000364
    - SAUCE: mm: Only expand stack if guard area is hit

  * CVE-2014-9940
    - regulator: core: Fix regualtor_ena_gpio_free not to access pin after 
freeing

  * CVE-2017-100363
    - char: lp: fix possible integer overflow in lp_setup()

  * CVE-2017-9242
    - ipv6: fix out of bound writes in __ip6_append_data()

  * CVE-2017-9075
    - sctp: do not inherit ipv6_{mc|ac|fl}_list from parent

  * CVE-2017-9074
    - ipv6: Prevent overrun when parsing v6 header options

  * CVE-2017-9076
    - ipv6/dccp: do not inherit ipv6_mc_list from parent

  * CVE-2017-9077
    - ipv6/dccp: do not inherit ipv6_mc_list from parent

  * CVE-2017-8890
    - dccp/tcp: do not inherit mc_list from parent

  * CVE-2017-0605
    - tracing: Use strlcpy() instead of strcpy() in __trace_find_cmdline()

  * CVE-2017-7294
    - drm/vmwgfx: fix integer overflow in vmw_surface_define_ioctl()

linux (3.13.0-121.170) trusty; urgency=low

  * CVE-2017-1000364
    - mm: enlarge stack guard gap
    - mm: do not collapse stack gap into THP

linux (3.13.0-119.166) trusty; urgency=low

  * linux: 3.13.0-119.166 -proposed tracker (LP: #1687718)

  * CVE-2016-8645: Linux kernel mishandles socket buffer (skb) truncation
    (LP: #1687107)
    - rose: limit sk_filter trim to payload
    - tcp: take care of truncations done by sk_filter()

linux (3.13.0-118.165) trusty; urgency=low

  * linux: 3.13.0-118.165 -proposed tracker (LP: #1686154)

  * linux_3.13.0-*.*: nVMX: Check current_vmcs12 before accessing in
    handle_invept() (LP: #1678676)
    - SAUCE: KVM has a flaw in INVEPT emulation that could crash the host

  * Please backport fix to reference leak in cgroup blkio throttle
    (LP: #1683976)
    - block: fix module reference leak on put_disk() call for cgroups throttle

linux (3.13.0-117.164) trusty; urgency=low

  * linux: 3.13.0-117.164 -proposed tracker (LP: #1680733)

  * CVE-2017-6353
    - sctp: deny peeloff operation on asocs with threads sleeping on it

  * CVE-2017-5986
    - sctp: avoid BUG_ON on sctp_wait_for_sndbuf

  * Update ENA driver to 1.1.2 from net-next (LP: #1664312)
    - net: ena: Remove unnecessary pci_set_drvdata()
    - net: ena: Fix error return code in ena_device_init()
    - net: ena: change the return type of ena_set_push_mode() to be void.
    - net: ena: use setup_timer() and mod_timer()
    - net/ena: remove ntuple filter support from device feature list
    - net/ena: fix queues number calculation
    - net/ena: fix ethtool RSS flow configuration
    - net/ena: fix RSS default hash configuration
    - net/ena: fix NULL dereference when removing the driver after device reset
      failed
    - net/ena: refactor ena_get_stats64 to be atomic context safe
    - net/ena: fix potential access to freed memory during device reset
    - net/ena: use READ_ONCE to access completion descriptors
    - net/ena: reduce the severity of ena printouts
    - net/ena: change driver's default timeouts
    - net/ena: change condition for host attribute configuration
    - net/ena: update driver version to 1.1.2

  * [Xenial - 16.04 ]Bonding driver - stack corruption when trying to copy 20
    bytes to a sockaddr (LP: #1668042)
    - net/bonding: Enforce active-backup policy for IPoIB bonds

  * stress_smoke_test passing and exiting rc=9 (linux 4.9.0-12.13 ADT test
    failure with linux 4.9.0-12.13) (LP: #1658633)
    - ext4: lock the xattr block before checksuming it

  * vmxnet3 LRO IPv6 performance issues (stalling TCP) (LP: #1605494)
    - Driver: Vmxnet3: set CHECKSUM_UNNECESSARY for IPv6 packets

  * move aufs.ko from -extra to linux-image package (LP: #1673498)
    - [config] aufs.ko moved to linux-image package

  * lsattr 32bit does not work on 64bit kernel (Inappropriate ioctl error)
    (LP: #1619918)
    - btrfs: fix btrfs_compat_ioctl failures on non-compat ioctls

Date: 2021-03-18 15:43:09.304736+00:00
Changed-By: Stefan Bader <stefan.ba...@canonical.com>
Signed-By: Steve Langasek <steve.langa...@canonical.com>
https://launchpad.net/ubuntu/+source/linux-lts-trusty/3.13.0-185.236~12.04.1
Sorry, changesfile not available.
-- 
Precise-changes mailing list
Precise-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/precise-changes

Reply via email to