[Group.of.nepali.translators] [Bug 1771826] Re: Creation of IMA file hashes fails when appraisal is enabled
** Changed in: linux (Ubuntu) Importance: Undecided => Medium ** Also affects: linux (Ubuntu Xenial) Importance: Undecided Status: New ** Changed in: linux (Ubuntu) Status: Confirmed => Triaged ** Changed in: linux (Ubuntu Xenial) Status: New => Triaged ** Changed in: linux (Ubuntu Xenial) Importance: Undecided => Medium -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1771826 Title: Creation of IMA file hashes fails when appraisal is enabled Status in linux package in Ubuntu: Invalid Status in linux source package in Xenial: In Progress Bug description: On a system that has IMA appraisal enabled it is impossible to create security.ima extended attribute files that contain IMA hash. For instance, consider the following use case: 1) extract application files to a staging area as non root user 2) verify that installation is correct 3) create IMA extended attributes for the installed files 4) move the files to their destination 5) change the files ownership to root With kernel 4.4.x step 3 will fail. The issues is fixed in upstream kernels by the following commit [1]: commit f5acb3dcba1ffb7f0b8cbb9dba61500eea5d610b Author: Mimi ZoharDate: Wed Nov 2 09:14:16 2016 -0400 Revert "ima: limit file hash setting by user to fix and log modes" [1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i d=f5acb3dcba1ffb7f0b8cbb9dba61500eea5d610b ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: linux-image-4.4.0-124-generic 4.4.0-124.148 ProcVersionSignature: User Name 4.4.0-124.148-generic 4.4.117 Uname: Linux 4.4.0-124-generic x86_64 AlsaDevices: total 0 crw-rw 1 root audio 116, 1 May 17 14:07 seq crw-rw 1 root audio 116, 33 May 17 14:07 timer AplayDevices: Error: [Errno 2] No such file or directory: 'aplay' ApportVersion: 2.20.1-0ubuntu2.15 Architecture: amd64 ArecordDevices: Error: [Errno 2] No such file or directory: 'arecord' AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1: CRDA: Error: command ['iw', 'reg', 'get'] failed with exit code 1: nl80211 not found. Date: Thu May 17 14:08:59 2018 IwConfig: Error: [Errno 2] No such file or directory: 'iwconfig' Lsusb: Error: command ['lsusb'] failed with exit code 1: MachineType: QEMU Standard PC (i440FX + PIIX, 1996) PciMultimedia: ProcFB: ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.4.0-124-generic root=UUID=aef88a4e-dbea-4cc7-be8b-03cf8501cc8f ro biosdevname=0 net.ifnames=0 console=tty1 console=ttyS0 crashkernel=384M-:128M RelatedPackageVersions: linux-restricted-modules-4.4.0-124-generic N/A linux-backports-modules-4.4.0-124-generic N/A linux-firmware 1.157.17 RfKill: Error: [Errno 2] No such file or directory: 'rfkill' SourcePackage: linux UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 04/01/2014 dmi.bios.vendor: SeaBIOS dmi.bios.version: rel-1.11.0-0-g63451fca13-prebuilt.qemu-project.org dmi.chassis.type: 1 dmi.chassis.vendor: QEMU dmi.chassis.version: pc-i440fx-2.12 dmi.modalias: dmi:bvnSeaBIOS:bvrrel-1.11.0-0-g63451fca13-prebuilt.qemu-project.org:bd04/01/2014:svnQEMU:pnStandardPC(i440FX+PIIX,1996):pvrpc-i440fx-2.12:cvnQEMU:ct1:cvrpc-i440fx-2.12: dmi.product.name: Standard PC (i440FX + PIIX, 1996) dmi.product.version: pc-i440fx-2.12 dmi.sys.vendor: QEMU To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1771826/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1772456] Re: ebtables lock file fcntl errno value not correctly checked
thanks @setuid for reproducer bash script that I used in description ** Also affects: ebtables (Ubuntu Precise) Importance: Undecided Status: New ** Also affects: ebtables (Ubuntu Trusty) Importance: Undecided Status: New ** Also affects: ebtables (Ubuntu Artful) Importance: Undecided Status: New ** Also affects: ebtables (Ubuntu Cosmic) Importance: Medium Assignee: Dan Streetman (ddstreet) Status: In Progress ** Also affects: ebtables (Ubuntu Bionic) Importance: Undecided Status: New ** Also affects: ebtables (Ubuntu Xenial) Importance: Undecided Status: New ** No longer affects: ebtables (Ubuntu Precise) ** Also affects: ebtables (Ubuntu Precise) Importance: Undecided Status: New ** No longer affects: ebtables (Ubuntu Precise) ** Changed in: ebtables (Ubuntu Trusty) Status: New => In Progress -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1772456 Title: ebtables lock file fcntl errno value not correctly checked Status in ebtables package in Ubuntu: In Progress Status in ebtables source package in Trusty: In Progress Status in ebtables source package in Xenial: New Status in ebtables source package in Artful: New Status in ebtables source package in Bionic: New Status in ebtables source package in Cosmic: In Progress Bug description: [impact] bug 1645324 introduced code to improve the existing file-based locking, by using fcntl instead of exclusive file opening. However, when fcntl fails the new code tries to check for errno of EAGAIN or EACCES, but does so incorrectly: + ret = fcntl(lockfd, F_SETLK, ); + if (ret == -1 && errno != (EAGAIN || EACCES)) "errno != (EAGAIN || EACCES)" is not correct, because it will always evaluate to true when errno is either EAGAIN or EACCES; the bitwise OR of EAGAIN (11) and EACCES (13) produces 15 (ENOTBLK) which will never match either, so != always is true. [test case] run ebtables in a tight loop from two separate shells, to force lockfile contention, for example: #!/bin/bash dev="$1" while test 1; do sleep 0 ebtables --concurrent -t nat -A PREROUTING -i ${dev} -j ACCEPT if [ $? -ne 0 ]; then echo "odd!" fi ebtables --concurrent -t nat -D PREROUTING -i ${dev} -j ACCEPT if [ $? -ne 0 ]; then echo "odd!" fi done that can be run with any text param (e.g. "foo" and "bar") from 2 shells, to produce the failure: Unable to create lock file /var/lib/ebtables/lock. [regression potential] like the previous patch, this change also has the potential to introduce errors in file locking that ebtables uses; however considering the file locking currently does not work at all due to the above logic error, this patch should only help. The only regression potential is see is the possibility of breaking non-contended file locking, which currently does work. [other info] see previous bug 1645324 https://launchpad.net/bugs/1645324 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ebtables/+bug/1772456/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1771826] Re: Creation of IMA file hashes fails when appraisal is enabled
** Changed in: linux (Ubuntu) Status: Triaged => Invalid ** Changed in: linux (Ubuntu Xenial) Status: Triaged => In Progress ** Changed in: linux (Ubuntu Xenial) Assignee: (unassigned) => Joseph Salisbury (jsalisbury) -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1771826 Title: Creation of IMA file hashes fails when appraisal is enabled Status in linux package in Ubuntu: Invalid Status in linux source package in Xenial: In Progress Bug description: On a system that has IMA appraisal enabled it is impossible to create security.ima extended attribute files that contain IMA hash. For instance, consider the following use case: 1) extract application files to a staging area as non root user 2) verify that installation is correct 3) create IMA extended attributes for the installed files 4) move the files to their destination 5) change the files ownership to root With kernel 4.4.x step 3 will fail. The issues is fixed in upstream kernels by the following commit [1]: commit f5acb3dcba1ffb7f0b8cbb9dba61500eea5d610b Author: Mimi ZoharDate: Wed Nov 2 09:14:16 2016 -0400 Revert "ima: limit file hash setting by user to fix and log modes" [1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i d=f5acb3dcba1ffb7f0b8cbb9dba61500eea5d610b ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: linux-image-4.4.0-124-generic 4.4.0-124.148 ProcVersionSignature: User Name 4.4.0-124.148-generic 4.4.117 Uname: Linux 4.4.0-124-generic x86_64 AlsaDevices: total 0 crw-rw 1 root audio 116, 1 May 17 14:07 seq crw-rw 1 root audio 116, 33 May 17 14:07 timer AplayDevices: Error: [Errno 2] No such file or directory: 'aplay' ApportVersion: 2.20.1-0ubuntu2.15 Architecture: amd64 ArecordDevices: Error: [Errno 2] No such file or directory: 'arecord' AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1: CRDA: Error: command ['iw', 'reg', 'get'] failed with exit code 1: nl80211 not found. Date: Thu May 17 14:08:59 2018 IwConfig: Error: [Errno 2] No such file or directory: 'iwconfig' Lsusb: Error: command ['lsusb'] failed with exit code 1: MachineType: QEMU Standard PC (i440FX + PIIX, 1996) PciMultimedia: ProcFB: ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.4.0-124-generic root=UUID=aef88a4e-dbea-4cc7-be8b-03cf8501cc8f ro biosdevname=0 net.ifnames=0 console=tty1 console=ttyS0 crashkernel=384M-:128M RelatedPackageVersions: linux-restricted-modules-4.4.0-124-generic N/A linux-backports-modules-4.4.0-124-generic N/A linux-firmware 1.157.17 RfKill: Error: [Errno 2] No such file or directory: 'rfkill' SourcePackage: linux UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 04/01/2014 dmi.bios.vendor: SeaBIOS dmi.bios.version: rel-1.11.0-0-g63451fca13-prebuilt.qemu-project.org dmi.chassis.type: 1 dmi.chassis.vendor: QEMU dmi.chassis.version: pc-i440fx-2.12 dmi.modalias: dmi:bvnSeaBIOS:bvrrel-1.11.0-0-g63451fca13-prebuilt.qemu-project.org:bd04/01/2014:svnQEMU:pnStandardPC(i440FX+PIIX,1996):pvrpc-i440fx-2.12:cvnQEMU:ct1:cvrpc-i440fx-2.12: dmi.product.name: Standard PC (i440FX + PIIX, 1996) dmi.product.version: pc-i440fx-2.12 dmi.sys.vendor: QEMU To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1771826/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1771780] Re: [LTCTest][OPAL][OP920] cpupower idle-info is not listing stop4 and stop5 idle states when all CORES are guarded
I built a Bionic test kernel with the patch posted in the description. The test kernel can be downloaded from: http://kernel.ubuntu.com/~jsalisbury/lp1771780 Can you test this kernel and see if it resolves this bug? Note about installing test kernels: • If the test kernel is prior to 4.15(Bionic) you need to install the linux-image and linux-image-extra .deb packages. • If the test kernel is 4.15(Bionic) or newer, you need to install the linux-image-unsigned, linux-modules and linux-modules-extra .deb packages. Thanks in advance! ** Also affects: linux (Ubuntu Cosmic) Importance: Critical Assignee: Joseph Salisbury (jsalisbury) Status: In Progress ** Also affects: linux (Ubuntu Artful) Importance: Undecided Status: New ** Also affects: linux (Ubuntu Xenial) Importance: Undecided Status: New ** Changed in: linux (Ubuntu Artful) Importance: Undecided => Critical ** Changed in: linux (Ubuntu Xenial) Importance: Undecided => Critical ** No longer affects: linux (Ubuntu Artful) ** No longer affects: linux (Ubuntu Xenial) -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1771780 Title: [LTCTest][OPAL][OP920] cpupower idle-info is not listing stop4 and stop5 idle states when all CORES are guarded Status in The Ubuntu-power-systems project: Triaged Status in linux package in Ubuntu: In Progress Status in linux source package in Bionic: In Progress Status in linux source package in Cosmic: In Progress Bug description: == Comment: #0 - PAVAMAN SUBRAMANIYAM - 2018-05-16 04:07:59 == ---Problem Description--- cpupower idle-info is not listing stop4 and stop5 idle states when all CORES are guarded ---uname output--- Linux ltc-wspoon11 4.15.0-20-generic #21-Ubuntu SMP Tue Apr 24 06:14:44 UTC 2018 ppc64le ppc64le ppc64le GNU/Linux Machine Type = P9 ---Debugger--- A debugger is not configured ---Steps to Reproduce--- Install a P9 Open Power Hardware with Ubuntu 18.04 OS. root@ltc-wspoon11:~# uname -a Linux ltc-wspoon11 4.15.0-20-generic #21-Ubuntu SMP Tue Apr 24 06:14:44 UTC 2018 ppc64le ppc64le ppc64le GNU/Linux root@ltc-wspoon11:~# cat /etc/os-release NAME="Ubuntu" VERSION="18.04 LTS (Bionic Beaver)" ID=ubuntu ID_LIKE=debian PRETTY_NAME="Ubuntu 18.04 LTS" VERSION_ID="18.04" HOME_URL="https://www.ubuntu.com/; SUPPORT_URL="https://help.ubuntu.com/; BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/; PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy; VERSION_CODENAME=bionic UBUNTU_CODENAME=bionic Then guard an entire processor and also guard all the CORES in the processor 0 except for 1 single core. root@ltc-wspoon11:~# opal-gard list ID | Error| Type | Path --- 0001 | | Manual | /Sys0/Node0/Proc0/EQ1/EX0/Core0 0002 | | Manual | /Sys0/Node0/Proc0/EQ1/EX0/Core1 0003 | | Manual | /Sys0/Node0/Proc1 0004 | | Manual | /Sys0/Node0/Proc0/EQ2/EX0/Core1 0005 | | Manual | /Sys0/Node0/Proc0/EQ2/EX0/Core0 0006 | | Manual | /Sys0/Node0/Proc0/EQ2/EX1/Core0 0007 | | Manual | /Sys0/Node0/Proc0/EQ2/EX1/Core1 0008 | | Manual | /Sys0/Node0/Proc0/EQ3/EX0/Core0 0009 | | Manual | /Sys0/Node0/Proc0/EQ3/EX0/Core1 000a | | Manual | /Sys0/Node0/Proc0/EQ3/EX1/Core0 000b | | Manual | /Sys0/Node0/Proc0/EQ3/EX1/Core1 000c | | Manual | /Sys0/Node0/Proc0/EQ4/EX0/Core0 000d | | Manual | /Sys0/Node0/Proc0/EQ4/EX0/Core1 000e | | Manual | /Sys0/Node0/Proc0/EQ4/EX1/Core0 000f | | Manual | /Sys0/Node0/Proc0/EQ4/EX1/Core1 0010 | | Manual | /Sys0/Node0/Proc0/EQ5/EX0/Core0 0011 | | Manual | /Sys0/Node0/Proc0/EQ5/EX0/Core1 0012 | | Manual | /Sys0/Node0/Proc0/EQ5/EX1/Core0 0013 | | Manual | /Sys0/Node0/Proc0/EQ5/EX1/Core1 0014 | | Manual | /Sys0/Node0/Proc0/EQ1/EX1/Core0 0015 | | Manual | /Sys0/Node0/Proc0/EQ1/EX1/Core1 0016 | | Manual | /Sys0/Node0/Proc0/EQ0/EX1/Core1 0017 | | Manual | /Sys0/Node0/Proc0/EQ0/EX1/Core0 === Then execute the cpupower idle-info command to check the idle states being shown in the OS. root@ltc-wspoon11:~# cpupower idle-info CPUidle driver: powernv_idle CPUidle governor: menu analyzing CPU 0: Number of idle states: 7 Available idle states: snooze stop0_lite stop0 stop1_lite stop1
[Group.of.nepali.translators] [Bug 1732150] Re: Unbound behaviour changes (wrong) when domain-insecure is set for a stub zone with multiple stub-addr(s)
Dropping zesty as it's EOL. Cosmic and bionic affected. ** Changed in: unbound (Ubuntu Zesty) Status: New => Won't Fix ** Also affects: unbound (Ubuntu Bionic) Importance: Undecided Status: New -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1732150 Title: Unbound behaviour changes (wrong) when domain-insecure is set for a stub zone with multiple stub-addr(s) Status in Unbound - Caching DNS Resolver: Unknown Status in unbound package in Ubuntu: Triaged Status in unbound source package in Trusty: New Status in unbound source package in Xenial: New Status in unbound source package in Zesty: Won't Fix Status in unbound source package in Artful: New Status in unbound source package in Bionic: New Bug description: Unbound contains a bug when domain-insecure is set for a (stub) zone. This bug is fixed, see https://www.nlnetlabs.nl/bugs- script/show_bug.cgi?id=2882. Can you please backport this to the Trusty package? With regards, Richard Arends To manage notifications about this bug go to: https://bugs.launchpad.net/unbound/+bug/1732150/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1769980] Re: Intel WiFi Linux driver update for ETSI 5GHz Adaptivity Requirement
This bug was fixed in the package wireless-regdb - 2018.05.09-0ubuntu1 --- wireless-regdb (2018.05.09-0ubuntu1) cosmic; urgency=medium * New upstream release. (LP: #1769980) * debian/patches: - Drop existing patches. - 0001-wireless-regdb-Fix-comparison-of-WmmRule-with-NoneTy.patch, 0002-wireless-regdb-Fix-iteration-in-create_wmms-for-pyth.patch: Fix errors when building regdb with python 3. * debian/rules: Change to no longer build from source; use upstream binaries instead. * debian/control: Update Build-Depends and maintainer information -- Seth ForsheeFri, 18 May 2018 12:07:58 -0500 ** Changed in: wireless-regdb (Ubuntu) Status: In Progress => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1769980 Title: Intel WiFi Linux driver update for ETSI 5GHz Adaptivity Requirement Status in HWE Next: In Progress Status in OEM Priority Project: Triaged Status in linux package in Ubuntu: Confirmed Status in linux-firmware package in Ubuntu: Fix Released Status in linux-oem package in Ubuntu: New Status in wireless-regdb package in Ubuntu: Fix Released Status in linux source package in Xenial: In Progress Status in linux-firmware source package in Xenial: Fix Committed Status in linux-oem source package in Xenial: New Status in wireless-regdb source package in Xenial: New Status in linux source package in Bionic: In Progress Status in linux-firmware source package in Bionic: Fix Committed Status in linux-oem source package in Bionic: New Status in wireless-regdb source package in Bionic: New Bug description: Intel wireless driver and firmware require updates in order to meet the new ETSI regulation [1] for OEM machines shipped from factories. Intel provided us the following information for what are required to update: 1. Kernel driver: https://patchwork.kernel.org/patch/10322121/ https://patchwork.kernel.org/patch/10312731/ https://patchwork.kernel.org/patch/10312735/ https://patchwork.kernel.org/patch/10312733/ - 7260, 7265, 7265D and 3168 NICs, 4.15 plus above driver patches - 8000 series requires 4.16. - 9000 series requires 4.17. 2. linux-firmware Requires latest versions from linux-firmware.git 3. wireless-regdb update [1] http://www.etsi.org/deliver/etsi_en/301800_301899/301893/02.01.01_60/en_301893v020101p.pdf --- == SRU Justification for linux-firmware == [Impact] Intel released these firmware updates to support the new ETSI 5GHz Adaptivity Requirement, OEM has to meet it in order to ship. [Test Case] Check dmesg to confirm the correct firmware is loaded, make sure the revision is correct, and check wifi can functions properly. [Regression Potential] It is possible that there is regression introduced by Intel's firmware, so should make sure wifi still works properly after the new firmware is used. We have verified the new firmwares of 7260 and 7265D on 4.4 and 4.15 kernels. The 8000 and 9000 series firmwares have newer API versions and will need to confirm with subsequent driver changes. To manage notifications about this bug go to: https://bugs.launchpad.net/hwe-next/+bug/1769980/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1765007] Re: Xenial update to 4.4.127 stable release
This bug was fixed in the package linux - 4.4.0-127.153 --- linux (4.4.0-127.153) xenial; urgency=medium * CVE-2018-3639 (powerpc) - powerpc/pseries: Support firmware disable of RFI flush - powerpc/powernv: Support firmware disable of RFI flush - powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code - powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again - powerpc/rfi-flush: Always enable fallback flush on pseries - powerpc/rfi-flush: Differentiate enabled and patched flush types - powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags - powerpc: Add security feature flags for Spectre/Meltdown - powerpc/pseries: Set or clear security feature flags - powerpc/powernv: Set or clear security feature flags - powerpc/64s: Move cpu_show_meltdown() - powerpc/64s: Enhance the information in cpu_show_meltdown() - powerpc/powernv: Use the security flags in pnv_setup_rfi_flush() - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush() - powerpc/64s: Wire up cpu_show_spectre_v1() - powerpc/64s: Wire up cpu_show_spectre_v2() - powerpc/pseries: Fix clearing of security feature flags - powerpc: Move default security feature flags - powerpc/pseries: Restore default security feature flags on setup - SAUCE: powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit * CVE-2018-3639 (x86) - SAUCE: Clean up IBPB and IBRS control functions and macros - SAUCE: Fix up IBPB and IBRS kernel parameters documentation - SAUCE: Remove #define X86_FEATURE_PTI - x86/cpufeature: Move some of the scattered feature bits to x86_capability - x86/cpufeature: Cleanup get_cpu_cap() - x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6 - x86/cpufeatures: Add CPUID_7_EDX CPUID leaf - x86/cpufeatures: Add Intel feature bits for Speculation Control - SAUCE: x86/kvm: Expose SPEC_CTRL from the leaf - x86/cpufeatures: Add AMD feature bits for Speculation Control - x86/msr: Add definitions for new speculation control MSRs - SAUCE: x86/msr: Rename MSR spec control feature bits - x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown - x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes - x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support - x86/speculation: Add dependency - x86/cpufeatures: Clean up Spectre v2 related CPUID flags - x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel - SAUCE: x86/speculation: Move vendor specific IBRS/IBPB control code - SAUCE: x86: Add alternative_msr_write - SAUCE: x86/nospec: Simplify alternative_msr_write() - SAUCE: x86/bugs: Concentrate bug detection into a separate function - SAUCE: x86/bugs: Concentrate bug reporting into a separate function - arch: Introduce post-init read-only memory - SAUCE: x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits - SAUCE: x86/bugs, KVM: Support the combination of guest and host IBRS - SAUCE: x86/bugs: Expose /sys/../spec_store_bypass - SAUCE: x86/cpufeatures: Add X86_FEATURE_RDS - SAUCE: x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation - SAUCE: x86/bugs/intel: Set proper CPU features and setup RDS - SAUCE: x86/bugs: Whitelist allowed SPEC_CTRL MSR values - SAUCE: x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested - SAUCE: x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest - SAUCE: x86/speculation: Create spec-ctrl.h to avoid include hell - SAUCE: prctl: Add speculation control prctls - x86/process: Optimize TIF checks in __switch_to_xtra() - SAUCE: x86/process: Allow runtime control of Speculative Store Bypass - SAUCE: x86/speculation: Add prctl for Speculative Store Bypass mitigation - SAUCE: nospec: Allow getting/setting on non-current task - SAUCE: proc: Provide details on speculation flaw mitigations - SAUCE: seccomp: Enable speculation flaw mitigations - SAUCE: x86/bugs: Honour SPEC_CTRL default - SAUCE: x86/bugs: Make boot modes __ro_after_init - SAUCE: prctl: Add force disable speculation - SAUCE: seccomp: Use PR_SPEC_FORCE_DISABLE - selftest/seccomp: Fix the flag name SECCOMP_FILTER_FLAG_TSYNC - SAUCE: seccomp: Add filter flag to opt-out of SSB mitigation - SAUCE: seccomp: Move speculation migitation control to arch code - SAUCE: x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass - SAUCE: x86/bugs: Rename _RDS to _SSBD - SAUCE: proc: Use underscores for SSBD in 'status' - SAUCE: Documentation/spec_ctrl: Do some minor cleanups - SAUCE: x86/bugs: Fix __ssb_select_mitigation() return type - SAUCE: x86/bugs: Make cpu_show_common() static
[Group.of.nepali.translators] [Bug 1765010] Re: Xenial update to 4.4.128 stable release
This bug was fixed in the package linux - 4.4.0-127.153 --- linux (4.4.0-127.153) xenial; urgency=medium * CVE-2018-3639 (powerpc) - powerpc/pseries: Support firmware disable of RFI flush - powerpc/powernv: Support firmware disable of RFI flush - powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code - powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again - powerpc/rfi-flush: Always enable fallback flush on pseries - powerpc/rfi-flush: Differentiate enabled and patched flush types - powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags - powerpc: Add security feature flags for Spectre/Meltdown - powerpc/pseries: Set or clear security feature flags - powerpc/powernv: Set or clear security feature flags - powerpc/64s: Move cpu_show_meltdown() - powerpc/64s: Enhance the information in cpu_show_meltdown() - powerpc/powernv: Use the security flags in pnv_setup_rfi_flush() - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush() - powerpc/64s: Wire up cpu_show_spectre_v1() - powerpc/64s: Wire up cpu_show_spectre_v2() - powerpc/pseries: Fix clearing of security feature flags - powerpc: Move default security feature flags - powerpc/pseries: Restore default security feature flags on setup - SAUCE: powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit * CVE-2018-3639 (x86) - SAUCE: Clean up IBPB and IBRS control functions and macros - SAUCE: Fix up IBPB and IBRS kernel parameters documentation - SAUCE: Remove #define X86_FEATURE_PTI - x86/cpufeature: Move some of the scattered feature bits to x86_capability - x86/cpufeature: Cleanup get_cpu_cap() - x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6 - x86/cpufeatures: Add CPUID_7_EDX CPUID leaf - x86/cpufeatures: Add Intel feature bits for Speculation Control - SAUCE: x86/kvm: Expose SPEC_CTRL from the leaf - x86/cpufeatures: Add AMD feature bits for Speculation Control - x86/msr: Add definitions for new speculation control MSRs - SAUCE: x86/msr: Rename MSR spec control feature bits - x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown - x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes - x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support - x86/speculation: Add dependency - x86/cpufeatures: Clean up Spectre v2 related CPUID flags - x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel - SAUCE: x86/speculation: Move vendor specific IBRS/IBPB control code - SAUCE: x86: Add alternative_msr_write - SAUCE: x86/nospec: Simplify alternative_msr_write() - SAUCE: x86/bugs: Concentrate bug detection into a separate function - SAUCE: x86/bugs: Concentrate bug reporting into a separate function - arch: Introduce post-init read-only memory - SAUCE: x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits - SAUCE: x86/bugs, KVM: Support the combination of guest and host IBRS - SAUCE: x86/bugs: Expose /sys/../spec_store_bypass - SAUCE: x86/cpufeatures: Add X86_FEATURE_RDS - SAUCE: x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation - SAUCE: x86/bugs/intel: Set proper CPU features and setup RDS - SAUCE: x86/bugs: Whitelist allowed SPEC_CTRL MSR values - SAUCE: x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested - SAUCE: x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest - SAUCE: x86/speculation: Create spec-ctrl.h to avoid include hell - SAUCE: prctl: Add speculation control prctls - x86/process: Optimize TIF checks in __switch_to_xtra() - SAUCE: x86/process: Allow runtime control of Speculative Store Bypass - SAUCE: x86/speculation: Add prctl for Speculative Store Bypass mitigation - SAUCE: nospec: Allow getting/setting on non-current task - SAUCE: proc: Provide details on speculation flaw mitigations - SAUCE: seccomp: Enable speculation flaw mitigations - SAUCE: x86/bugs: Honour SPEC_CTRL default - SAUCE: x86/bugs: Make boot modes __ro_after_init - SAUCE: prctl: Add force disable speculation - SAUCE: seccomp: Use PR_SPEC_FORCE_DISABLE - selftest/seccomp: Fix the flag name SECCOMP_FILTER_FLAG_TSYNC - SAUCE: seccomp: Add filter flag to opt-out of SSB mitigation - SAUCE: seccomp: Move speculation migitation control to arch code - SAUCE: x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass - SAUCE: x86/bugs: Rename _RDS to _SSBD - SAUCE: proc: Use underscores for SSBD in 'status' - SAUCE: Documentation/spec_ctrl: Do some minor cleanups - SAUCE: x86/bugs: Fix __ssb_select_mitigation() return type - SAUCE: x86/bugs: Make cpu_show_common() static
[Group.of.nepali.translators] [Bug 1764973] Re: Xenial update to 4.4.125 stable release
This bug was fixed in the package linux - 4.4.0-127.153 --- linux (4.4.0-127.153) xenial; urgency=medium * CVE-2018-3639 (powerpc) - powerpc/pseries: Support firmware disable of RFI flush - powerpc/powernv: Support firmware disable of RFI flush - powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code - powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again - powerpc/rfi-flush: Always enable fallback flush on pseries - powerpc/rfi-flush: Differentiate enabled and patched flush types - powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags - powerpc: Add security feature flags for Spectre/Meltdown - powerpc/pseries: Set or clear security feature flags - powerpc/powernv: Set or clear security feature flags - powerpc/64s: Move cpu_show_meltdown() - powerpc/64s: Enhance the information in cpu_show_meltdown() - powerpc/powernv: Use the security flags in pnv_setup_rfi_flush() - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush() - powerpc/64s: Wire up cpu_show_spectre_v1() - powerpc/64s: Wire up cpu_show_spectre_v2() - powerpc/pseries: Fix clearing of security feature flags - powerpc: Move default security feature flags - powerpc/pseries: Restore default security feature flags on setup - SAUCE: powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit * CVE-2018-3639 (x86) - SAUCE: Clean up IBPB and IBRS control functions and macros - SAUCE: Fix up IBPB and IBRS kernel parameters documentation - SAUCE: Remove #define X86_FEATURE_PTI - x86/cpufeature: Move some of the scattered feature bits to x86_capability - x86/cpufeature: Cleanup get_cpu_cap() - x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6 - x86/cpufeatures: Add CPUID_7_EDX CPUID leaf - x86/cpufeatures: Add Intel feature bits for Speculation Control - SAUCE: x86/kvm: Expose SPEC_CTRL from the leaf - x86/cpufeatures: Add AMD feature bits for Speculation Control - x86/msr: Add definitions for new speculation control MSRs - SAUCE: x86/msr: Rename MSR spec control feature bits - x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown - x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes - x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support - x86/speculation: Add dependency - x86/cpufeatures: Clean up Spectre v2 related CPUID flags - x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel - SAUCE: x86/speculation: Move vendor specific IBRS/IBPB control code - SAUCE: x86: Add alternative_msr_write - SAUCE: x86/nospec: Simplify alternative_msr_write() - SAUCE: x86/bugs: Concentrate bug detection into a separate function - SAUCE: x86/bugs: Concentrate bug reporting into a separate function - arch: Introduce post-init read-only memory - SAUCE: x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits - SAUCE: x86/bugs, KVM: Support the combination of guest and host IBRS - SAUCE: x86/bugs: Expose /sys/../spec_store_bypass - SAUCE: x86/cpufeatures: Add X86_FEATURE_RDS - SAUCE: x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation - SAUCE: x86/bugs/intel: Set proper CPU features and setup RDS - SAUCE: x86/bugs: Whitelist allowed SPEC_CTRL MSR values - SAUCE: x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested - SAUCE: x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest - SAUCE: x86/speculation: Create spec-ctrl.h to avoid include hell - SAUCE: prctl: Add speculation control prctls - x86/process: Optimize TIF checks in __switch_to_xtra() - SAUCE: x86/process: Allow runtime control of Speculative Store Bypass - SAUCE: x86/speculation: Add prctl for Speculative Store Bypass mitigation - SAUCE: nospec: Allow getting/setting on non-current task - SAUCE: proc: Provide details on speculation flaw mitigations - SAUCE: seccomp: Enable speculation flaw mitigations - SAUCE: x86/bugs: Honour SPEC_CTRL default - SAUCE: x86/bugs: Make boot modes __ro_after_init - SAUCE: prctl: Add force disable speculation - SAUCE: seccomp: Use PR_SPEC_FORCE_DISABLE - selftest/seccomp: Fix the flag name SECCOMP_FILTER_FLAG_TSYNC - SAUCE: seccomp: Add filter flag to opt-out of SSB mitigation - SAUCE: seccomp: Move speculation migitation control to arch code - SAUCE: x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass - SAUCE: x86/bugs: Rename _RDS to _SSBD - SAUCE: proc: Use underscores for SSBD in 'status' - SAUCE: Documentation/spec_ctrl: Do some minor cleanups - SAUCE: x86/bugs: Fix __ssb_select_mitigation() return type - SAUCE: x86/bugs: Make cpu_show_common() static
[Group.of.nepali.translators] [Bug 1764684] Re: Fix an issue that some PCI devices get incorrectly suspended
This bug was fixed in the package linux-oem - 4.13.0-1028.31 --- linux-oem (4.13.0-1028.31) xenial; urgency=medium [ Ubuntu: 4.13.0-43.48 ] * CVE-2018-3639 (powerpc) - SAUCE: rfi-flush: update H_CPU_* macro names to upstream - SAUCE: rfi-flush: update plpar_get_cpu_characteristics() signature to upstream - SAUCE: update pseries_setup_rfi_flush() capitalization to upstream - powerpc/pseries: Support firmware disable of RFI flush - powerpc/powernv: Support firmware disable of RFI flush - powerpc/64s: Allow control of RFI flush via debugfs - powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code - powerpc/rfi-flush: Always enable fallback flush on pseries - powerpc/rfi-flush: Differentiate enabled and patched flush types - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags - powerpc: Add security feature flags for Spectre/Meltdown - powerpc/powernv: Set or clear security feature flags - powerpc/pseries: Set or clear security feature flags - powerpc/powernv: Use the security flags in pnv_setup_rfi_flush() - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush() - powerpc/pseries: Fix clearing of security feature flags - powerpc: Move default security feature flags - powerpc/pseries: Restore default security feature flags on setup - powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit * CVE-2018-3639 (x86) - SAUCE: Add X86_FEATURE_ARCH_CAPABILITIES - SAUCE: x86: Add alternative_msr_write - x86/nospec: Simplify alternative_msr_write() - x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown - x86/bugs: Concentrate bug detection into a separate function - x86/bugs: Concentrate bug reporting into a separate function - x86/msr: Add definitions for new speculation control MSRs - x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits - x86/bugs, KVM: Support the combination of guest and host IBRS - x86/bugs: Expose /sys/../spec_store_bypass - x86/cpufeatures: Add X86_FEATURE_RDS - x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation - x86/bugs/intel: Set proper CPU features and setup RDS - x86/bugs: Whitelist allowed SPEC_CTRL MSR values - x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested - x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest - x86/speculation: Create spec-ctrl.h to avoid include hell - prctl: Add speculation control prctls - x86/process: Allow runtime control of Speculative Store Bypass - x86/speculation: Add prctl for Speculative Store Bypass mitigation - nospec: Allow getting/setting on non-current task - proc: Provide details on speculation flaw mitigations - seccomp: Enable speculation flaw mitigations - SAUCE: x86/bugs: Honour SPEC_CTRL default - x86/bugs: Make boot modes __ro_after_init - prctl: Add force disable speculation - seccomp: Use PR_SPEC_FORCE_DISABLE - seccomp: Add filter flag to opt-out of SSB mitigation - seccomp: Move speculation migitation control to arch code - x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass - x86/bugs: Rename _RDS to _SSBD - proc: Use underscores for SSBD in 'status' - Documentation/spec_ctrl: Do some minor cleanups - x86/bugs: Fix __ssb_select_mitigation() return type - x86/bugs: Make cpu_show_common() static * LSM Stacking prctl values should be redefined as to not collide with upstream prctls (LP: #1769263) // CVE-2018-3639 - SAUCE: LSM stacking: adjust prctl values linux-oem (4.13.0-1027.30) xenial; urgency=medium * linux-oem: 4.13.0-1027.30 -proposed tracker (LP: #1769996) * set PINCFG_HEADSET_MIC to parse_flags for Dell precision 3630 (LP: #1766398) - ALSA: hda/realtek - set PINCFG_HEADSET_MIC to parse_flags * Change the location for one of two front mics on a lenovo thinkcentre machine (LP: #1766477) - ALSA: hda/realtek - adjust the location of one mic * Update btusb reset-resume quirk to decrease power usage (LP: #1766197) - SAUCE: Revert "usb: quirks: Add reset-resume quirk for Dell DW1820 QCA Rome Bluetooth" - Bluetooth: btusb: Use DMI matching for QCA reset_resume quirking - Bluetooth: btusb: Remove Yoga 920 from the btusb_needs_reset_resume_table - Bluetooth: btusb: Add Dell OptiPlex 3060 to btusb_needs_reset_resume_table * Update Aquantia driver to fix various issues (LP: #1759303) - SAUCE: Revert "net: aquantia: Reset nic statistics on interface up/down" - SAUCE: Revert "net: aquantia: Add queue restarts stats counter" - SAUCE: Revert "net: aquantia: Fixed transient link up/down/up notification" - SAUCE: Revert "net: aquantia: Limit number of MSIX irqs to the number of cpus" - SAUCE: Revert "net: aquantia: mmio unmap was not performed on driver
[Group.of.nepali.translators] [Bug 1765241] Re: virtio_scsi race can corrupt memory, panic kernel
This bug was fixed in the package linux - 4.4.0-127.153 --- linux (4.4.0-127.153) xenial; urgency=medium * CVE-2018-3639 (powerpc) - powerpc/pseries: Support firmware disable of RFI flush - powerpc/powernv: Support firmware disable of RFI flush - powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code - powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again - powerpc/rfi-flush: Always enable fallback flush on pseries - powerpc/rfi-flush: Differentiate enabled and patched flush types - powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags - powerpc: Add security feature flags for Spectre/Meltdown - powerpc/pseries: Set or clear security feature flags - powerpc/powernv: Set or clear security feature flags - powerpc/64s: Move cpu_show_meltdown() - powerpc/64s: Enhance the information in cpu_show_meltdown() - powerpc/powernv: Use the security flags in pnv_setup_rfi_flush() - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush() - powerpc/64s: Wire up cpu_show_spectre_v1() - powerpc/64s: Wire up cpu_show_spectre_v2() - powerpc/pseries: Fix clearing of security feature flags - powerpc: Move default security feature flags - powerpc/pseries: Restore default security feature flags on setup - SAUCE: powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit * CVE-2018-3639 (x86) - SAUCE: Clean up IBPB and IBRS control functions and macros - SAUCE: Fix up IBPB and IBRS kernel parameters documentation - SAUCE: Remove #define X86_FEATURE_PTI - x86/cpufeature: Move some of the scattered feature bits to x86_capability - x86/cpufeature: Cleanup get_cpu_cap() - x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6 - x86/cpufeatures: Add CPUID_7_EDX CPUID leaf - x86/cpufeatures: Add Intel feature bits for Speculation Control - SAUCE: x86/kvm: Expose SPEC_CTRL from the leaf - x86/cpufeatures: Add AMD feature bits for Speculation Control - x86/msr: Add definitions for new speculation control MSRs - SAUCE: x86/msr: Rename MSR spec control feature bits - x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown - x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes - x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support - x86/speculation: Add dependency - x86/cpufeatures: Clean up Spectre v2 related CPUID flags - x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel - SAUCE: x86/speculation: Move vendor specific IBRS/IBPB control code - SAUCE: x86: Add alternative_msr_write - SAUCE: x86/nospec: Simplify alternative_msr_write() - SAUCE: x86/bugs: Concentrate bug detection into a separate function - SAUCE: x86/bugs: Concentrate bug reporting into a separate function - arch: Introduce post-init read-only memory - SAUCE: x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits - SAUCE: x86/bugs, KVM: Support the combination of guest and host IBRS - SAUCE: x86/bugs: Expose /sys/../spec_store_bypass - SAUCE: x86/cpufeatures: Add X86_FEATURE_RDS - SAUCE: x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation - SAUCE: x86/bugs/intel: Set proper CPU features and setup RDS - SAUCE: x86/bugs: Whitelist allowed SPEC_CTRL MSR values - SAUCE: x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested - SAUCE: x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest - SAUCE: x86/speculation: Create spec-ctrl.h to avoid include hell - SAUCE: prctl: Add speculation control prctls - x86/process: Optimize TIF checks in __switch_to_xtra() - SAUCE: x86/process: Allow runtime control of Speculative Store Bypass - SAUCE: x86/speculation: Add prctl for Speculative Store Bypass mitigation - SAUCE: nospec: Allow getting/setting on non-current task - SAUCE: proc: Provide details on speculation flaw mitigations - SAUCE: seccomp: Enable speculation flaw mitigations - SAUCE: x86/bugs: Honour SPEC_CTRL default - SAUCE: x86/bugs: Make boot modes __ro_after_init - SAUCE: prctl: Add force disable speculation - SAUCE: seccomp: Use PR_SPEC_FORCE_DISABLE - selftest/seccomp: Fix the flag name SECCOMP_FILTER_FLAG_TSYNC - SAUCE: seccomp: Add filter flag to opt-out of SSB mitigation - SAUCE: seccomp: Move speculation migitation control to arch code - SAUCE: x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass - SAUCE: x86/bugs: Rename _RDS to _SSBD - SAUCE: proc: Use underscores for SSBD in 'status' - SAUCE: Documentation/spec_ctrl: Do some minor cleanups - SAUCE: x86/bugs: Fix __ssb_select_mitigation() return type - SAUCE: x86/bugs: Make cpu_show_common() static
[Group.of.nepali.translators] [Bug 1764999] Re: Xenial update to 4.4.126 stable release
This bug was fixed in the package linux - 4.4.0-127.153 --- linux (4.4.0-127.153) xenial; urgency=medium * CVE-2018-3639 (powerpc) - powerpc/pseries: Support firmware disable of RFI flush - powerpc/powernv: Support firmware disable of RFI flush - powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code - powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again - powerpc/rfi-flush: Always enable fallback flush on pseries - powerpc/rfi-flush: Differentiate enabled and patched flush types - powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags - powerpc: Add security feature flags for Spectre/Meltdown - powerpc/pseries: Set or clear security feature flags - powerpc/powernv: Set or clear security feature flags - powerpc/64s: Move cpu_show_meltdown() - powerpc/64s: Enhance the information in cpu_show_meltdown() - powerpc/powernv: Use the security flags in pnv_setup_rfi_flush() - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush() - powerpc/64s: Wire up cpu_show_spectre_v1() - powerpc/64s: Wire up cpu_show_spectre_v2() - powerpc/pseries: Fix clearing of security feature flags - powerpc: Move default security feature flags - powerpc/pseries: Restore default security feature flags on setup - SAUCE: powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit * CVE-2018-3639 (x86) - SAUCE: Clean up IBPB and IBRS control functions and macros - SAUCE: Fix up IBPB and IBRS kernel parameters documentation - SAUCE: Remove #define X86_FEATURE_PTI - x86/cpufeature: Move some of the scattered feature bits to x86_capability - x86/cpufeature: Cleanup get_cpu_cap() - x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6 - x86/cpufeatures: Add CPUID_7_EDX CPUID leaf - x86/cpufeatures: Add Intel feature bits for Speculation Control - SAUCE: x86/kvm: Expose SPEC_CTRL from the leaf - x86/cpufeatures: Add AMD feature bits for Speculation Control - x86/msr: Add definitions for new speculation control MSRs - SAUCE: x86/msr: Rename MSR spec control feature bits - x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown - x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes - x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support - x86/speculation: Add dependency - x86/cpufeatures: Clean up Spectre v2 related CPUID flags - x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel - SAUCE: x86/speculation: Move vendor specific IBRS/IBPB control code - SAUCE: x86: Add alternative_msr_write - SAUCE: x86/nospec: Simplify alternative_msr_write() - SAUCE: x86/bugs: Concentrate bug detection into a separate function - SAUCE: x86/bugs: Concentrate bug reporting into a separate function - arch: Introduce post-init read-only memory - SAUCE: x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits - SAUCE: x86/bugs, KVM: Support the combination of guest and host IBRS - SAUCE: x86/bugs: Expose /sys/../spec_store_bypass - SAUCE: x86/cpufeatures: Add X86_FEATURE_RDS - SAUCE: x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation - SAUCE: x86/bugs/intel: Set proper CPU features and setup RDS - SAUCE: x86/bugs: Whitelist allowed SPEC_CTRL MSR values - SAUCE: x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested - SAUCE: x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest - SAUCE: x86/speculation: Create spec-ctrl.h to avoid include hell - SAUCE: prctl: Add speculation control prctls - x86/process: Optimize TIF checks in __switch_to_xtra() - SAUCE: x86/process: Allow runtime control of Speculative Store Bypass - SAUCE: x86/speculation: Add prctl for Speculative Store Bypass mitigation - SAUCE: nospec: Allow getting/setting on non-current task - SAUCE: proc: Provide details on speculation flaw mitigations - SAUCE: seccomp: Enable speculation flaw mitigations - SAUCE: x86/bugs: Honour SPEC_CTRL default - SAUCE: x86/bugs: Make boot modes __ro_after_init - SAUCE: prctl: Add force disable speculation - SAUCE: seccomp: Use PR_SPEC_FORCE_DISABLE - selftest/seccomp: Fix the flag name SECCOMP_FILTER_FLAG_TSYNC - SAUCE: seccomp: Add filter flag to opt-out of SSB mitigation - SAUCE: seccomp: Move speculation migitation control to arch code - SAUCE: x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass - SAUCE: x86/bugs: Rename _RDS to _SSBD - SAUCE: proc: Use underscores for SSBD in 'status' - SAUCE: Documentation/spec_ctrl: Do some minor cleanups - SAUCE: x86/bugs: Fix __ssb_select_mitigation() return type - SAUCE: x86/bugs: Make cpu_show_common() static
[Group.of.nepali.translators] [Bug 1758507] Re: sky2 gigabit ethernet driver sometimes stops working after lid-open resume from sleep (88E8055)
This bug was fixed in the package linux - 4.4.0-127.153 --- linux (4.4.0-127.153) xenial; urgency=medium * CVE-2018-3639 (powerpc) - powerpc/pseries: Support firmware disable of RFI flush - powerpc/powernv: Support firmware disable of RFI flush - powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code - powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again - powerpc/rfi-flush: Always enable fallback flush on pseries - powerpc/rfi-flush: Differentiate enabled and patched flush types - powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags - powerpc: Add security feature flags for Spectre/Meltdown - powerpc/pseries: Set or clear security feature flags - powerpc/powernv: Set or clear security feature flags - powerpc/64s: Move cpu_show_meltdown() - powerpc/64s: Enhance the information in cpu_show_meltdown() - powerpc/powernv: Use the security flags in pnv_setup_rfi_flush() - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush() - powerpc/64s: Wire up cpu_show_spectre_v1() - powerpc/64s: Wire up cpu_show_spectre_v2() - powerpc/pseries: Fix clearing of security feature flags - powerpc: Move default security feature flags - powerpc/pseries: Restore default security feature flags on setup - SAUCE: powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit * CVE-2018-3639 (x86) - SAUCE: Clean up IBPB and IBRS control functions and macros - SAUCE: Fix up IBPB and IBRS kernel parameters documentation - SAUCE: Remove #define X86_FEATURE_PTI - x86/cpufeature: Move some of the scattered feature bits to x86_capability - x86/cpufeature: Cleanup get_cpu_cap() - x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6 - x86/cpufeatures: Add CPUID_7_EDX CPUID leaf - x86/cpufeatures: Add Intel feature bits for Speculation Control - SAUCE: x86/kvm: Expose SPEC_CTRL from the leaf - x86/cpufeatures: Add AMD feature bits for Speculation Control - x86/msr: Add definitions for new speculation control MSRs - SAUCE: x86/msr: Rename MSR spec control feature bits - x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown - x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes - x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support - x86/speculation: Add dependency - x86/cpufeatures: Clean up Spectre v2 related CPUID flags - x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel - SAUCE: x86/speculation: Move vendor specific IBRS/IBPB control code - SAUCE: x86: Add alternative_msr_write - SAUCE: x86/nospec: Simplify alternative_msr_write() - SAUCE: x86/bugs: Concentrate bug detection into a separate function - SAUCE: x86/bugs: Concentrate bug reporting into a separate function - arch: Introduce post-init read-only memory - SAUCE: x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits - SAUCE: x86/bugs, KVM: Support the combination of guest and host IBRS - SAUCE: x86/bugs: Expose /sys/../spec_store_bypass - SAUCE: x86/cpufeatures: Add X86_FEATURE_RDS - SAUCE: x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation - SAUCE: x86/bugs/intel: Set proper CPU features and setup RDS - SAUCE: x86/bugs: Whitelist allowed SPEC_CTRL MSR values - SAUCE: x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested - SAUCE: x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest - SAUCE: x86/speculation: Create spec-ctrl.h to avoid include hell - SAUCE: prctl: Add speculation control prctls - x86/process: Optimize TIF checks in __switch_to_xtra() - SAUCE: x86/process: Allow runtime control of Speculative Store Bypass - SAUCE: x86/speculation: Add prctl for Speculative Store Bypass mitigation - SAUCE: nospec: Allow getting/setting on non-current task - SAUCE: proc: Provide details on speculation flaw mitigations - SAUCE: seccomp: Enable speculation flaw mitigations - SAUCE: x86/bugs: Honour SPEC_CTRL default - SAUCE: x86/bugs: Make boot modes __ro_after_init - SAUCE: prctl: Add force disable speculation - SAUCE: seccomp: Use PR_SPEC_FORCE_DISABLE - selftest/seccomp: Fix the flag name SECCOMP_FILTER_FLAG_TSYNC - SAUCE: seccomp: Add filter flag to opt-out of SSB mitigation - SAUCE: seccomp: Move speculation migitation control to arch code - SAUCE: x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass - SAUCE: x86/bugs: Rename _RDS to _SSBD - SAUCE: proc: Use underscores for SSBD in 'status' - SAUCE: Documentation/spec_ctrl: Do some minor cleanups - SAUCE: x86/bugs: Fix __ssb_select_mitigation() return type - SAUCE: x86/bugs: Make cpu_show_common() static
[Group.of.nepali.translators] [Bug 1762693] Re: No network with e1000e driver on 4.13.0-38-generic
This bug was fixed in the package linux - 4.13.0-43.48 --- linux (4.13.0-43.48) artful; urgency=medium * CVE-2018-3639 (powerpc) - SAUCE: rfi-flush: update H_CPU_* macro names to upstream - SAUCE: rfi-flush: update plpar_get_cpu_characteristics() signature to upstream - SAUCE: update pseries_setup_rfi_flush() capitalization to upstream - powerpc/pseries: Support firmware disable of RFI flush - powerpc/powernv: Support firmware disable of RFI flush - powerpc/64s: Allow control of RFI flush via debugfs - powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code - powerpc/rfi-flush: Always enable fallback flush on pseries - powerpc/rfi-flush: Differentiate enabled and patched flush types - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags - powerpc: Add security feature flags for Spectre/Meltdown - powerpc/powernv: Set or clear security feature flags - powerpc/pseries: Set or clear security feature flags - powerpc/powernv: Use the security flags in pnv_setup_rfi_flush() - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush() - powerpc/pseries: Fix clearing of security feature flags - powerpc: Move default security feature flags - powerpc/pseries: Restore default security feature flags on setup - powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit * CVE-2018-3639 (x86) - SAUCE: Add X86_FEATURE_ARCH_CAPABILITIES - SAUCE: x86: Add alternative_msr_write - x86/nospec: Simplify alternative_msr_write() - x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown - x86/bugs: Concentrate bug detection into a separate function - x86/bugs: Concentrate bug reporting into a separate function - x86/msr: Add definitions for new speculation control MSRs - x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits - x86/bugs, KVM: Support the combination of guest and host IBRS - x86/bugs: Expose /sys/../spec_store_bypass - x86/cpufeatures: Add X86_FEATURE_RDS - x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation - x86/bugs/intel: Set proper CPU features and setup RDS - x86/bugs: Whitelist allowed SPEC_CTRL MSR values - x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested - x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest - x86/speculation: Create spec-ctrl.h to avoid include hell - prctl: Add speculation control prctls - x86/process: Allow runtime control of Speculative Store Bypass - x86/speculation: Add prctl for Speculative Store Bypass mitigation - nospec: Allow getting/setting on non-current task - proc: Provide details on speculation flaw mitigations - seccomp: Enable speculation flaw mitigations - SAUCE: x86/bugs: Honour SPEC_CTRL default - x86/bugs: Make boot modes __ro_after_init - prctl: Add force disable speculation - seccomp: Use PR_SPEC_FORCE_DISABLE - seccomp: Add filter flag to opt-out of SSB mitigation - seccomp: Move speculation migitation control to arch code - x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass - x86/bugs: Rename _RDS to _SSBD - proc: Use underscores for SSBD in 'status' - Documentation/spec_ctrl: Do some minor cleanups - x86/bugs: Fix __ssb_select_mitigation() return type - x86/bugs: Make cpu_show_common() static * LSM Stacking prctl values should be redefined as to not collide with upstream prctls (LP: #1769263) // CVE-2018-3639 - SAUCE: LSM stacking: adjust prctl values linux (4.13.0-42.47) artful; urgency=medium * linux: 4.13.0-42.47 -proposed tracker (LP: #1769993) * arm64: fix CONFIG_DEBUG_WX address reporting (LP: #1765850) - arm64: fix CONFIG_DEBUG_WX address reporting * HiSilicon HNS NIC names are truncated in /proc/interrupts (LP: #1765977) - net: hns: Avoid action name truncation * CVE-2017-18208 - mm/madvise.c: fix madvise() infinite loop under special circumstances * CVE-2018-8822 - staging: ncpfs: memory corruption in ncp_read_kernel() * CVE-2017-18203 - dm: fix race between dm_get_from_kobject() and __dm_destroy() * CVE-2017-17449 - netlink: Add netns check on taps * CVE-2017-17975 - media: usbtv: prevent double free in error case * [8086:3e92] display becomes blank after S3 (LP: #1763271) - drm/i915/edp: Allow alternate fixed mode for eDP if available. - drm/i915/dp: rename intel_dp_is_edp to intel_dp_is_port_edp - drm/i915/dp: make is_edp non-static and rename to intel_dp_is_edp - drm/i915/edp: Do not do link training fallback or prune modes on EDP * sky2 gigabit ethernet driver sometimes stops working after lid-open resume from sleep (88E8055) (LP: #1758507) - sky2: Increase D3 delay to sky2 stops working after suspend * perf vendor events arm64: Enable JSON events for
[Group.of.nepali.translators] [Bug 1772058] Re: linux-azure-edge headers are broken after change to support scripted rebases
This bug was fixed in the package linux-azure-edge - 4.15.0-1012.12~16.04.2 --- linux-azure-edge (4.15.0-1012.12~16.04.2) xenial; urgency=medium * linux-azure-edge headers are broken after change to support scripted rebases (LP: #1772058) - [Packaging]: azure-edge: Fix headers packages after switching to scripted rebase linux-azure-edge (4.15.0-1012.12~16.04.1) xenial; urgency=medium * linux-image-4.15.0-20-generic install after upgrade from xenial breaks (LP: #1767133) - Packaging: Add versioned dependency for linux-base [ Ubuntu: 4.15.0-22.24 ] * CVE-2018-3639 (powerpc) - powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit - stf-barrier: set eieio instruction bit 6 for future optimisations * CVE-2018-3639 (x86) - x86/nospec: Simplify alternative_msr_write() - x86/bugs: Concentrate bug detection into a separate function - x86/bugs: Concentrate bug reporting into a separate function - x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits - x86/bugs, KVM: Support the combination of guest and host IBRS - x86/bugs: Expose /sys/../spec_store_bypass - x86/cpufeatures: Add X86_FEATURE_RDS - x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation - x86/bugs/intel: Set proper CPU features and setup RDS - x86/bugs: Whitelist allowed SPEC_CTRL MSR values - x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested - x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest - x86/speculation: Create spec-ctrl.h to avoid include hell - prctl: Add speculation control prctls - x86/process: Allow runtime control of Speculative Store Bypass - x86/speculation: Add prctl for Speculative Store Bypass mitigation - nospec: Allow getting/setting on non-current task - proc: Provide details on speculation flaw mitigations - seccomp: Enable speculation flaw mitigations - x86/bugs: Make boot modes __ro_after_init - prctl: Add force disable speculation - seccomp: Use PR_SPEC_FORCE_DISABLE - seccomp: Add filter flag to opt-out of SSB mitigation - seccomp: Move speculation migitation control to arch code - x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass - x86/bugs: Rename _RDS to _SSBD - proc: Use underscores for SSBD in 'status' - Documentation/spec_ctrl: Do some minor cleanups - x86/bugs: Fix __ssb_select_mitigation() return type - x86/bugs: Make cpu_show_common() static * LSM Stacking prctl values should be redefined as to not collide with upstream prctls (LP: #1769263) // CVE-2018-3639 - SAUCE: LSM stacking: adjust prctl values [ Ubuntu: 4.15.0-21.22 ] * linux: 4.15.0-21.22 -proposed tracker (LP: #1767397) * initramfs-tools exception during pm.DoInstall with do-release-upgrade from 16.04 to 18.04 (LP: #1766727) - Add linux-image-* Breaks on s390-tools (<< 2.3.0-0ubuntu3) * linux-image-4.15.0-20-generic install after upgrade from xenial breaks (LP: #1767133) - Packaging: Depends on linux-base that provides the necessary tools * linux-image packages need to Breaks flash-kernel << 3.90ubuntu2 (LP: #1766629) - linux-image-* breaks on flash-kernel (<< 3.90ubuntu2) linux-azure (4.15.0-1011.11) bionic; urgency=medium * linux-azure: 4.15.0-1011.11 -proposed tracker (LP: #1770294) * fsnotify: Fix fsnotify_mark_connector race (LP: #1765564) - fsnotify: Fix fsnotify_mark_connector race linux-azure (4.15.0-1009.9) bionic; urgency=medium * linux-azure: 4.15.0-1009.9 -proposed tracker (LP: #1766467) [ Ubuntu: 4.15.0-20.21 ] * linux: 4.15.0-20.21 -proposed tracker (LP: #1766452) * package shim-signed (not installed) failed to install/upgrade: installed shim-signed package post-installation script subprocess returned error exit status 5 (LP: #1766391) - [Packaging] fix invocation of header postinst hooks linux-azure (4.15.0-1008.8) bionic; urgency=medium * linux-azure: 4.15.0-1008.8 -proposed tracker (LP: #1766025) [ Ubuntu: 4.15.0-19.20 ] * linux: 4.15.0-19.20 -proposed tracker (LP: #1766021) * Kernel 4.15.0-15 breaks Dell PowerEdge 12th Gen servers (LP: #1765232) - Revert "blk-mq: simplify queue mapping & schedule with each possisble CPU" - Revert "genirq/affinity: assign vectors to all possible CPUs" linux-azure (4.15.0-1007.7) bionic; urgency=medium * linux-azure: 4.15.0-1007.7 -proposed tracker (LP: #1765495) * Miscellaneous Ubuntu changes - [Config] updateconfigs after rebase to Ubuntu-4.15.0-18.19 - [Packaging] update flavour-control.stub for signing changes [ Ubuntu: 4.15.0-18.19 ] * linux: 4.15.0-18.19 -proposed tracker (LP: #1765490) * [regression] Ubuntu 18.04:[4.15.0-17-generic #18] KVM Guest Kernel: meltdown: rfi/fallback displacement flush not enabled bydefault (kvm) (LP: #1765429) - powerpc/pseries: Fix clearing of
[Group.of.nepali.translators] [Bug 1765564] Re: fsnotify: Fix fsnotify_mark_connector race
This bug was fixed in the package linux-azure - 4.15.0-1012.12 --- linux-azure (4.15.0-1012.12) bionic; urgency=medium * linux-image-4.15.0-20-generic install after upgrade from xenial breaks (LP: #1767133) - Packaging: Add versioned dependency for linux-base [ Ubuntu: 4.15.0-22.24 ] * CVE-2018-3639 (powerpc) - powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit - stf-barrier: set eieio instruction bit 6 for future optimisations * CVE-2018-3639 (x86) - x86/nospec: Simplify alternative_msr_write() - x86/bugs: Concentrate bug detection into a separate function - x86/bugs: Concentrate bug reporting into a separate function - x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits - x86/bugs, KVM: Support the combination of guest and host IBRS - x86/bugs: Expose /sys/../spec_store_bypass - x86/cpufeatures: Add X86_FEATURE_RDS - x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation - x86/bugs/intel: Set proper CPU features and setup RDS - x86/bugs: Whitelist allowed SPEC_CTRL MSR values - x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested - x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest - x86/speculation: Create spec-ctrl.h to avoid include hell - prctl: Add speculation control prctls - x86/process: Allow runtime control of Speculative Store Bypass - x86/speculation: Add prctl for Speculative Store Bypass mitigation - nospec: Allow getting/setting on non-current task - proc: Provide details on speculation flaw mitigations - seccomp: Enable speculation flaw mitigations - x86/bugs: Make boot modes __ro_after_init - prctl: Add force disable speculation - seccomp: Use PR_SPEC_FORCE_DISABLE - seccomp: Add filter flag to opt-out of SSB mitigation - seccomp: Move speculation migitation control to arch code - x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass - x86/bugs: Rename _RDS to _SSBD - proc: Use underscores for SSBD in 'status' - Documentation/spec_ctrl: Do some minor cleanups - x86/bugs: Fix __ssb_select_mitigation() return type - x86/bugs: Make cpu_show_common() static * LSM Stacking prctl values should be redefined as to not collide with upstream prctls (LP: #1769263) // CVE-2018-3639 - SAUCE: LSM stacking: adjust prctl values [ Ubuntu: 4.15.0-21.22 ] * linux: 4.15.0-21.22 -proposed tracker (LP: #1767397) * initramfs-tools exception during pm.DoInstall with do-release-upgrade from 16.04 to 18.04 (LP: #1766727) - Add linux-image-* Breaks on s390-tools (<< 2.3.0-0ubuntu3) * linux-image-4.15.0-20-generic install after upgrade from xenial breaks (LP: #1767133) - Packaging: Depends on linux-base that provides the necessary tools * linux-image packages need to Breaks flash-kernel << 3.90ubuntu2 (LP: #1766629) - linux-image-* breaks on flash-kernel (<< 3.90ubuntu2) linux-azure (4.15.0-1011.11) bionic; urgency=medium * linux-azure: 4.15.0-1011.11 -proposed tracker (LP: #1770294) * fsnotify: Fix fsnotify_mark_connector race (LP: #1765564) - fsnotify: Fix fsnotify_mark_connector race -- Stefan BaderWed, 16 May 2018 18:31:36 +0200 ** Changed in: linux-azure (Ubuntu Bionic) Status: In Progress => Fix Released ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-3639 ** Changed in: linux-azure (Ubuntu Bionic) Status: In Progress => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1765564 Title: fsnotify: Fix fsnotify_mark_connector race Status in Linux: New Status in linux-azure package in Ubuntu: In Progress Status in linux-azure source package in Xenial: Fix Released Status in linux-azure source package in Bionic: Fix Released Bug description: On Azure we have had sporadic cases of soft lockups in fsnotify that may very well be mitigated by the following fix. The LKML thread is "kernel panics with 4.14.X". This should be applied to 4.13 and 4.15 versions of the linux-azure kernel, and possibly the 4.15 generic kernel in bionic as well. - fsnotify() acquires a reference to a fsnotify_mark_connector through the SRCU-protected pointer to_tell->i_fsnotify_marks. However, it appears that no precautions are taken in fsnotify_put_mark() to ensure that fsnotify() drops its reference to this fsnotify_mark_connector before assigning a value to its 'destroy_next' field. This can result in fsnotify_put_mark() assigning a value to a connector's 'destroy_next' field right before fsnotify() tries to traverse the linked list referenced by the connector's 'list' field. Since these two fields are members of the same union,
[Group.of.nepali.translators] [Bug 1765698] Re: Unable to insert test_bpf module on Xenial
This bug was fixed in the package linux - 4.4.0-127.153 --- linux (4.4.0-127.153) xenial; urgency=medium * CVE-2018-3639 (powerpc) - powerpc/pseries: Support firmware disable of RFI flush - powerpc/powernv: Support firmware disable of RFI flush - powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code - powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again - powerpc/rfi-flush: Always enable fallback flush on pseries - powerpc/rfi-flush: Differentiate enabled and patched flush types - powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags - powerpc: Add security feature flags for Spectre/Meltdown - powerpc/pseries: Set or clear security feature flags - powerpc/powernv: Set or clear security feature flags - powerpc/64s: Move cpu_show_meltdown() - powerpc/64s: Enhance the information in cpu_show_meltdown() - powerpc/powernv: Use the security flags in pnv_setup_rfi_flush() - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush() - powerpc/64s: Wire up cpu_show_spectre_v1() - powerpc/64s: Wire up cpu_show_spectre_v2() - powerpc/pseries: Fix clearing of security feature flags - powerpc: Move default security feature flags - powerpc/pseries: Restore default security feature flags on setup - SAUCE: powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit * CVE-2018-3639 (x86) - SAUCE: Clean up IBPB and IBRS control functions and macros - SAUCE: Fix up IBPB and IBRS kernel parameters documentation - SAUCE: Remove #define X86_FEATURE_PTI - x86/cpufeature: Move some of the scattered feature bits to x86_capability - x86/cpufeature: Cleanup get_cpu_cap() - x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6 - x86/cpufeatures: Add CPUID_7_EDX CPUID leaf - x86/cpufeatures: Add Intel feature bits for Speculation Control - SAUCE: x86/kvm: Expose SPEC_CTRL from the leaf - x86/cpufeatures: Add AMD feature bits for Speculation Control - x86/msr: Add definitions for new speculation control MSRs - SAUCE: x86/msr: Rename MSR spec control feature bits - x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown - x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes - x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support - x86/speculation: Add dependency - x86/cpufeatures: Clean up Spectre v2 related CPUID flags - x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel - SAUCE: x86/speculation: Move vendor specific IBRS/IBPB control code - SAUCE: x86: Add alternative_msr_write - SAUCE: x86/nospec: Simplify alternative_msr_write() - SAUCE: x86/bugs: Concentrate bug detection into a separate function - SAUCE: x86/bugs: Concentrate bug reporting into a separate function - arch: Introduce post-init read-only memory - SAUCE: x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits - SAUCE: x86/bugs, KVM: Support the combination of guest and host IBRS - SAUCE: x86/bugs: Expose /sys/../spec_store_bypass - SAUCE: x86/cpufeatures: Add X86_FEATURE_RDS - SAUCE: x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation - SAUCE: x86/bugs/intel: Set proper CPU features and setup RDS - SAUCE: x86/bugs: Whitelist allowed SPEC_CTRL MSR values - SAUCE: x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested - SAUCE: x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest - SAUCE: x86/speculation: Create spec-ctrl.h to avoid include hell - SAUCE: prctl: Add speculation control prctls - x86/process: Optimize TIF checks in __switch_to_xtra() - SAUCE: x86/process: Allow runtime control of Speculative Store Bypass - SAUCE: x86/speculation: Add prctl for Speculative Store Bypass mitigation - SAUCE: nospec: Allow getting/setting on non-current task - SAUCE: proc: Provide details on speculation flaw mitigations - SAUCE: seccomp: Enable speculation flaw mitigations - SAUCE: x86/bugs: Honour SPEC_CTRL default - SAUCE: x86/bugs: Make boot modes __ro_after_init - SAUCE: prctl: Add force disable speculation - SAUCE: seccomp: Use PR_SPEC_FORCE_DISABLE - selftest/seccomp: Fix the flag name SECCOMP_FILTER_FLAG_TSYNC - SAUCE: seccomp: Add filter flag to opt-out of SSB mitigation - SAUCE: seccomp: Move speculation migitation control to arch code - SAUCE: x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass - SAUCE: x86/bugs: Rename _RDS to _SSBD - SAUCE: proc: Use underscores for SSBD in 'status' - SAUCE: Documentation/spec_ctrl: Do some minor cleanups - SAUCE: x86/bugs: Fix __ssb_select_mitigation() return type - SAUCE: x86/bugs: Make cpu_show_common() static
[Group.of.nepali.translators] [Bug 1766197] Re: Update btusb reset-resume quirk to decrease power usage
This bug was fixed in the package linux-oem - 4.13.0-1028.31 --- linux-oem (4.13.0-1028.31) xenial; urgency=medium [ Ubuntu: 4.13.0-43.48 ] * CVE-2018-3639 (powerpc) - SAUCE: rfi-flush: update H_CPU_* macro names to upstream - SAUCE: rfi-flush: update plpar_get_cpu_characteristics() signature to upstream - SAUCE: update pseries_setup_rfi_flush() capitalization to upstream - powerpc/pseries: Support firmware disable of RFI flush - powerpc/powernv: Support firmware disable of RFI flush - powerpc/64s: Allow control of RFI flush via debugfs - powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code - powerpc/rfi-flush: Always enable fallback flush on pseries - powerpc/rfi-flush: Differentiate enabled and patched flush types - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags - powerpc: Add security feature flags for Spectre/Meltdown - powerpc/powernv: Set or clear security feature flags - powerpc/pseries: Set or clear security feature flags - powerpc/powernv: Use the security flags in pnv_setup_rfi_flush() - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush() - powerpc/pseries: Fix clearing of security feature flags - powerpc: Move default security feature flags - powerpc/pseries: Restore default security feature flags on setup - powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit * CVE-2018-3639 (x86) - SAUCE: Add X86_FEATURE_ARCH_CAPABILITIES - SAUCE: x86: Add alternative_msr_write - x86/nospec: Simplify alternative_msr_write() - x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown - x86/bugs: Concentrate bug detection into a separate function - x86/bugs: Concentrate bug reporting into a separate function - x86/msr: Add definitions for new speculation control MSRs - x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits - x86/bugs, KVM: Support the combination of guest and host IBRS - x86/bugs: Expose /sys/../spec_store_bypass - x86/cpufeatures: Add X86_FEATURE_RDS - x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation - x86/bugs/intel: Set proper CPU features and setup RDS - x86/bugs: Whitelist allowed SPEC_CTRL MSR values - x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested - x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest - x86/speculation: Create spec-ctrl.h to avoid include hell - prctl: Add speculation control prctls - x86/process: Allow runtime control of Speculative Store Bypass - x86/speculation: Add prctl for Speculative Store Bypass mitigation - nospec: Allow getting/setting on non-current task - proc: Provide details on speculation flaw mitigations - seccomp: Enable speculation flaw mitigations - SAUCE: x86/bugs: Honour SPEC_CTRL default - x86/bugs: Make boot modes __ro_after_init - prctl: Add force disable speculation - seccomp: Use PR_SPEC_FORCE_DISABLE - seccomp: Add filter flag to opt-out of SSB mitigation - seccomp: Move speculation migitation control to arch code - x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass - x86/bugs: Rename _RDS to _SSBD - proc: Use underscores for SSBD in 'status' - Documentation/spec_ctrl: Do some minor cleanups - x86/bugs: Fix __ssb_select_mitigation() return type - x86/bugs: Make cpu_show_common() static * LSM Stacking prctl values should be redefined as to not collide with upstream prctls (LP: #1769263) // CVE-2018-3639 - SAUCE: LSM stacking: adjust prctl values linux-oem (4.13.0-1027.30) xenial; urgency=medium * linux-oem: 4.13.0-1027.30 -proposed tracker (LP: #1769996) * set PINCFG_HEADSET_MIC to parse_flags for Dell precision 3630 (LP: #1766398) - ALSA: hda/realtek - set PINCFG_HEADSET_MIC to parse_flags * Change the location for one of two front mics on a lenovo thinkcentre machine (LP: #1766477) - ALSA: hda/realtek - adjust the location of one mic * Update btusb reset-resume quirk to decrease power usage (LP: #1766197) - SAUCE: Revert "usb: quirks: Add reset-resume quirk for Dell DW1820 QCA Rome Bluetooth" - Bluetooth: btusb: Use DMI matching for QCA reset_resume quirking - Bluetooth: btusb: Remove Yoga 920 from the btusb_needs_reset_resume_table - Bluetooth: btusb: Add Dell OptiPlex 3060 to btusb_needs_reset_resume_table * Update Aquantia driver to fix various issues (LP: #1759303) - SAUCE: Revert "net: aquantia: Reset nic statistics on interface up/down" - SAUCE: Revert "net: aquantia: Add queue restarts stats counter" - SAUCE: Revert "net: aquantia: Fixed transient link up/down/up notification" - SAUCE: Revert "net: aquantia: Limit number of MSIX irqs to the number of cpus" - SAUCE: Revert "net: aquantia: mmio unmap was not performed on driver
[Group.of.nepali.translators] [Bug 1765564] Re: fsnotify: Fix fsnotify_mark_connector race
This bug was fixed in the package linux-azure - 4.15.0-1012.12 --- linux-azure (4.15.0-1012.12) bionic; urgency=medium * linux-image-4.15.0-20-generic install after upgrade from xenial breaks (LP: #1767133) - Packaging: Add versioned dependency for linux-base [ Ubuntu: 4.15.0-22.24 ] * CVE-2018-3639 (powerpc) - powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit - stf-barrier: set eieio instruction bit 6 for future optimisations * CVE-2018-3639 (x86) - x86/nospec: Simplify alternative_msr_write() - x86/bugs: Concentrate bug detection into a separate function - x86/bugs: Concentrate bug reporting into a separate function - x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits - x86/bugs, KVM: Support the combination of guest and host IBRS - x86/bugs: Expose /sys/../spec_store_bypass - x86/cpufeatures: Add X86_FEATURE_RDS - x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation - x86/bugs/intel: Set proper CPU features and setup RDS - x86/bugs: Whitelist allowed SPEC_CTRL MSR values - x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested - x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest - x86/speculation: Create spec-ctrl.h to avoid include hell - prctl: Add speculation control prctls - x86/process: Allow runtime control of Speculative Store Bypass - x86/speculation: Add prctl for Speculative Store Bypass mitigation - nospec: Allow getting/setting on non-current task - proc: Provide details on speculation flaw mitigations - seccomp: Enable speculation flaw mitigations - x86/bugs: Make boot modes __ro_after_init - prctl: Add force disable speculation - seccomp: Use PR_SPEC_FORCE_DISABLE - seccomp: Add filter flag to opt-out of SSB mitigation - seccomp: Move speculation migitation control to arch code - x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass - x86/bugs: Rename _RDS to _SSBD - proc: Use underscores for SSBD in 'status' - Documentation/spec_ctrl: Do some minor cleanups - x86/bugs: Fix __ssb_select_mitigation() return type - x86/bugs: Make cpu_show_common() static * LSM Stacking prctl values should be redefined as to not collide with upstream prctls (LP: #1769263) // CVE-2018-3639 - SAUCE: LSM stacking: adjust prctl values [ Ubuntu: 4.15.0-21.22 ] * linux: 4.15.0-21.22 -proposed tracker (LP: #1767397) * initramfs-tools exception during pm.DoInstall with do-release-upgrade from 16.04 to 18.04 (LP: #1766727) - Add linux-image-* Breaks on s390-tools (<< 2.3.0-0ubuntu3) * linux-image-4.15.0-20-generic install after upgrade from xenial breaks (LP: #1767133) - Packaging: Depends on linux-base that provides the necessary tools * linux-image packages need to Breaks flash-kernel << 3.90ubuntu2 (LP: #1766629) - linux-image-* breaks on flash-kernel (<< 3.90ubuntu2) linux-azure (4.15.0-1011.11) bionic; urgency=medium * linux-azure: 4.15.0-1011.11 -proposed tracker (LP: #1770294) * fsnotify: Fix fsnotify_mark_connector race (LP: #1765564) - fsnotify: Fix fsnotify_mark_connector race -- Stefan BaderWed, 16 May 2018 18:31:36 +0200 ** Changed in: linux-azure (Ubuntu Xenial) Status: In Progress => Fix Released ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-17449 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-17975 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-18203 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-18208 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-8822 -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1765564 Title: fsnotify: Fix fsnotify_mark_connector race Status in Linux: New Status in linux-azure package in Ubuntu: In Progress Status in linux-azure source package in Xenial: Fix Released Status in linux-azure source package in Bionic: Fix Released Bug description: On Azure we have had sporadic cases of soft lockups in fsnotify that may very well be mitigated by the following fix. The LKML thread is "kernel panics with 4.14.X". This should be applied to 4.13 and 4.15 versions of the linux-azure kernel, and possibly the 4.15 generic kernel in bionic as well. - fsnotify() acquires a reference to a fsnotify_mark_connector through the SRCU-protected pointer to_tell->i_fsnotify_marks. However, it appears that no precautions are taken in fsnotify_put_mark() to ensure that fsnotify() drops its reference to this fsnotify_mark_connector before assigning a value to its 'destroy_next' field. This can result in fsnotify_put_mark() assigning a
[Group.of.nepali.translators] [Bug 1763454] Re: bpf_map_lookup_elem: BUG: unable to handle kernel paging request
This bug was fixed in the package linux - 4.4.0-127.153 --- linux (4.4.0-127.153) xenial; urgency=medium * CVE-2018-3639 (powerpc) - powerpc/pseries: Support firmware disable of RFI flush - powerpc/powernv: Support firmware disable of RFI flush - powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code - powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again - powerpc/rfi-flush: Always enable fallback flush on pseries - powerpc/rfi-flush: Differentiate enabled and patched flush types - powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags - powerpc: Add security feature flags for Spectre/Meltdown - powerpc/pseries: Set or clear security feature flags - powerpc/powernv: Set or clear security feature flags - powerpc/64s: Move cpu_show_meltdown() - powerpc/64s: Enhance the information in cpu_show_meltdown() - powerpc/powernv: Use the security flags in pnv_setup_rfi_flush() - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush() - powerpc/64s: Wire up cpu_show_spectre_v1() - powerpc/64s: Wire up cpu_show_spectre_v2() - powerpc/pseries: Fix clearing of security feature flags - powerpc: Move default security feature flags - powerpc/pseries: Restore default security feature flags on setup - SAUCE: powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit * CVE-2018-3639 (x86) - SAUCE: Clean up IBPB and IBRS control functions and macros - SAUCE: Fix up IBPB and IBRS kernel parameters documentation - SAUCE: Remove #define X86_FEATURE_PTI - x86/cpufeature: Move some of the scattered feature bits to x86_capability - x86/cpufeature: Cleanup get_cpu_cap() - x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6 - x86/cpufeatures: Add CPUID_7_EDX CPUID leaf - x86/cpufeatures: Add Intel feature bits for Speculation Control - SAUCE: x86/kvm: Expose SPEC_CTRL from the leaf - x86/cpufeatures: Add AMD feature bits for Speculation Control - x86/msr: Add definitions for new speculation control MSRs - SAUCE: x86/msr: Rename MSR spec control feature bits - x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown - x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes - x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support - x86/speculation: Add dependency - x86/cpufeatures: Clean up Spectre v2 related CPUID flags - x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel - SAUCE: x86/speculation: Move vendor specific IBRS/IBPB control code - SAUCE: x86: Add alternative_msr_write - SAUCE: x86/nospec: Simplify alternative_msr_write() - SAUCE: x86/bugs: Concentrate bug detection into a separate function - SAUCE: x86/bugs: Concentrate bug reporting into a separate function - arch: Introduce post-init read-only memory - SAUCE: x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits - SAUCE: x86/bugs, KVM: Support the combination of guest and host IBRS - SAUCE: x86/bugs: Expose /sys/../spec_store_bypass - SAUCE: x86/cpufeatures: Add X86_FEATURE_RDS - SAUCE: x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation - SAUCE: x86/bugs/intel: Set proper CPU features and setup RDS - SAUCE: x86/bugs: Whitelist allowed SPEC_CTRL MSR values - SAUCE: x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested - SAUCE: x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest - SAUCE: x86/speculation: Create spec-ctrl.h to avoid include hell - SAUCE: prctl: Add speculation control prctls - x86/process: Optimize TIF checks in __switch_to_xtra() - SAUCE: x86/process: Allow runtime control of Speculative Store Bypass - SAUCE: x86/speculation: Add prctl for Speculative Store Bypass mitigation - SAUCE: nospec: Allow getting/setting on non-current task - SAUCE: proc: Provide details on speculation flaw mitigations - SAUCE: seccomp: Enable speculation flaw mitigations - SAUCE: x86/bugs: Honour SPEC_CTRL default - SAUCE: x86/bugs: Make boot modes __ro_after_init - SAUCE: prctl: Add force disable speculation - SAUCE: seccomp: Use PR_SPEC_FORCE_DISABLE - selftest/seccomp: Fix the flag name SECCOMP_FILTER_FLAG_TSYNC - SAUCE: seccomp: Add filter flag to opt-out of SSB mitigation - SAUCE: seccomp: Move speculation migitation control to arch code - SAUCE: x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass - SAUCE: x86/bugs: Rename _RDS to _SSBD - SAUCE: proc: Use underscores for SSBD in 'status' - SAUCE: Documentation/spec_ctrl: Do some minor cleanups - SAUCE: x86/bugs: Fix __ssb_select_mitigation() return type - SAUCE: x86/bugs: Make cpu_show_common() static
[Group.of.nepali.translators] [Bug 1761534] Re: "ip a" command on a guest VM shows UNKNOWN status
This bug was fixed in the package linux - 4.4.0-127.153 --- linux (4.4.0-127.153) xenial; urgency=medium * CVE-2018-3639 (powerpc) - powerpc/pseries: Support firmware disable of RFI flush - powerpc/powernv: Support firmware disable of RFI flush - powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code - powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again - powerpc/rfi-flush: Always enable fallback flush on pseries - powerpc/rfi-flush: Differentiate enabled and patched flush types - powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags - powerpc: Add security feature flags for Spectre/Meltdown - powerpc/pseries: Set or clear security feature flags - powerpc/powernv: Set or clear security feature flags - powerpc/64s: Move cpu_show_meltdown() - powerpc/64s: Enhance the information in cpu_show_meltdown() - powerpc/powernv: Use the security flags in pnv_setup_rfi_flush() - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush() - powerpc/64s: Wire up cpu_show_spectre_v1() - powerpc/64s: Wire up cpu_show_spectre_v2() - powerpc/pseries: Fix clearing of security feature flags - powerpc: Move default security feature flags - powerpc/pseries: Restore default security feature flags on setup - SAUCE: powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit * CVE-2018-3639 (x86) - SAUCE: Clean up IBPB and IBRS control functions and macros - SAUCE: Fix up IBPB and IBRS kernel parameters documentation - SAUCE: Remove #define X86_FEATURE_PTI - x86/cpufeature: Move some of the scattered feature bits to x86_capability - x86/cpufeature: Cleanup get_cpu_cap() - x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6 - x86/cpufeatures: Add CPUID_7_EDX CPUID leaf - x86/cpufeatures: Add Intel feature bits for Speculation Control - SAUCE: x86/kvm: Expose SPEC_CTRL from the leaf - x86/cpufeatures: Add AMD feature bits for Speculation Control - x86/msr: Add definitions for new speculation control MSRs - SAUCE: x86/msr: Rename MSR spec control feature bits - x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown - x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes - x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support - x86/speculation: Add dependency - x86/cpufeatures: Clean up Spectre v2 related CPUID flags - x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel - SAUCE: x86/speculation: Move vendor specific IBRS/IBPB control code - SAUCE: x86: Add alternative_msr_write - SAUCE: x86/nospec: Simplify alternative_msr_write() - SAUCE: x86/bugs: Concentrate bug detection into a separate function - SAUCE: x86/bugs: Concentrate bug reporting into a separate function - arch: Introduce post-init read-only memory - SAUCE: x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits - SAUCE: x86/bugs, KVM: Support the combination of guest and host IBRS - SAUCE: x86/bugs: Expose /sys/../spec_store_bypass - SAUCE: x86/cpufeatures: Add X86_FEATURE_RDS - SAUCE: x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation - SAUCE: x86/bugs/intel: Set proper CPU features and setup RDS - SAUCE: x86/bugs: Whitelist allowed SPEC_CTRL MSR values - SAUCE: x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested - SAUCE: x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest - SAUCE: x86/speculation: Create spec-ctrl.h to avoid include hell - SAUCE: prctl: Add speculation control prctls - x86/process: Optimize TIF checks in __switch_to_xtra() - SAUCE: x86/process: Allow runtime control of Speculative Store Bypass - SAUCE: x86/speculation: Add prctl for Speculative Store Bypass mitigation - SAUCE: nospec: Allow getting/setting on non-current task - SAUCE: proc: Provide details on speculation flaw mitigations - SAUCE: seccomp: Enable speculation flaw mitigations - SAUCE: x86/bugs: Honour SPEC_CTRL default - SAUCE: x86/bugs: Make boot modes __ro_after_init - SAUCE: prctl: Add force disable speculation - SAUCE: seccomp: Use PR_SPEC_FORCE_DISABLE - selftest/seccomp: Fix the flag name SECCOMP_FILTER_FLAG_TSYNC - SAUCE: seccomp: Add filter flag to opt-out of SSB mitigation - SAUCE: seccomp: Move speculation migitation control to arch code - SAUCE: x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass - SAUCE: x86/bugs: Rename _RDS to _SSBD - SAUCE: proc: Use underscores for SSBD in 'status' - SAUCE: Documentation/spec_ctrl: Do some minor cleanups - SAUCE: x86/bugs: Fix __ssb_select_mitigation() return type - SAUCE: x86/bugs: Make cpu_show_common() static
[Group.of.nepali.translators] [Bug 1756866] Re: Xenial update to 4.4.118 stable release
This bug was fixed in the package linux - 4.4.0-127.153 --- linux (4.4.0-127.153) xenial; urgency=medium * CVE-2018-3639 (powerpc) - powerpc/pseries: Support firmware disable of RFI flush - powerpc/powernv: Support firmware disable of RFI flush - powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code - powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again - powerpc/rfi-flush: Always enable fallback flush on pseries - powerpc/rfi-flush: Differentiate enabled and patched flush types - powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags - powerpc: Add security feature flags for Spectre/Meltdown - powerpc/pseries: Set or clear security feature flags - powerpc/powernv: Set or clear security feature flags - powerpc/64s: Move cpu_show_meltdown() - powerpc/64s: Enhance the information in cpu_show_meltdown() - powerpc/powernv: Use the security flags in pnv_setup_rfi_flush() - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush() - powerpc/64s: Wire up cpu_show_spectre_v1() - powerpc/64s: Wire up cpu_show_spectre_v2() - powerpc/pseries: Fix clearing of security feature flags - powerpc: Move default security feature flags - powerpc/pseries: Restore default security feature flags on setup - SAUCE: powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit * CVE-2018-3639 (x86) - SAUCE: Clean up IBPB and IBRS control functions and macros - SAUCE: Fix up IBPB and IBRS kernel parameters documentation - SAUCE: Remove #define X86_FEATURE_PTI - x86/cpufeature: Move some of the scattered feature bits to x86_capability - x86/cpufeature: Cleanup get_cpu_cap() - x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6 - x86/cpufeatures: Add CPUID_7_EDX CPUID leaf - x86/cpufeatures: Add Intel feature bits for Speculation Control - SAUCE: x86/kvm: Expose SPEC_CTRL from the leaf - x86/cpufeatures: Add AMD feature bits for Speculation Control - x86/msr: Add definitions for new speculation control MSRs - SAUCE: x86/msr: Rename MSR spec control feature bits - x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown - x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes - x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support - x86/speculation: Add dependency - x86/cpufeatures: Clean up Spectre v2 related CPUID flags - x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel - SAUCE: x86/speculation: Move vendor specific IBRS/IBPB control code - SAUCE: x86: Add alternative_msr_write - SAUCE: x86/nospec: Simplify alternative_msr_write() - SAUCE: x86/bugs: Concentrate bug detection into a separate function - SAUCE: x86/bugs: Concentrate bug reporting into a separate function - arch: Introduce post-init read-only memory - SAUCE: x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits - SAUCE: x86/bugs, KVM: Support the combination of guest and host IBRS - SAUCE: x86/bugs: Expose /sys/../spec_store_bypass - SAUCE: x86/cpufeatures: Add X86_FEATURE_RDS - SAUCE: x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation - SAUCE: x86/bugs/intel: Set proper CPU features and setup RDS - SAUCE: x86/bugs: Whitelist allowed SPEC_CTRL MSR values - SAUCE: x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested - SAUCE: x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest - SAUCE: x86/speculation: Create spec-ctrl.h to avoid include hell - SAUCE: prctl: Add speculation control prctls - x86/process: Optimize TIF checks in __switch_to_xtra() - SAUCE: x86/process: Allow runtime control of Speculative Store Bypass - SAUCE: x86/speculation: Add prctl for Speculative Store Bypass mitigation - SAUCE: nospec: Allow getting/setting on non-current task - SAUCE: proc: Provide details on speculation flaw mitigations - SAUCE: seccomp: Enable speculation flaw mitigations - SAUCE: x86/bugs: Honour SPEC_CTRL default - SAUCE: x86/bugs: Make boot modes __ro_after_init - SAUCE: prctl: Add force disable speculation - SAUCE: seccomp: Use PR_SPEC_FORCE_DISABLE - selftest/seccomp: Fix the flag name SECCOMP_FILTER_FLAG_TSYNC - SAUCE: seccomp: Add filter flag to opt-out of SSB mitigation - SAUCE: seccomp: Move speculation migitation control to arch code - SAUCE: x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass - SAUCE: x86/bugs: Rename _RDS to _SSBD - SAUCE: proc: Use underscores for SSBD in 'status' - SAUCE: Documentation/spec_ctrl: Do some minor cleanups - SAUCE: x86/bugs: Fix __ssb_select_mitigation() return type - SAUCE: x86/bugs: Make cpu_show_common() static
[Group.of.nepali.translators] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu
This bug was fixed in the package linux-meta-oem - 4.15.0.1006.8 --- linux-meta-oem (4.15.0.1006.8) bionic; urgency=medium * Bump ABI 4.15.0-1006 linux-meta-oem (4.15.0.1005.7) bionic; urgency=medium * need to ensure microcode updates are available to all bare-metal installs of Ubuntu (LP: #1738259) - Make kernel image packages depend on cpu microcode updates linux-meta-oem (4.15.0.1005.6) bionic; urgency=medium * Bump ABI 4.15.0-1005 -- Stefan BaderFri, 18 May 2018 09:13:24 +0200 ** Changed in: linux-meta-oem (Ubuntu) Status: Invalid => Fix Released ** Changed in: linux-meta-oem (Ubuntu Xenial) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1738259 Title: need to ensure microcode updates are available to all bare-metal installs of Ubuntu Status in linux-meta package in Ubuntu: Triaged Status in linux-meta-hwe package in Ubuntu: New Status in linux-meta-hwe-edge package in Ubuntu: New Status in linux-meta-lts-xenial package in Ubuntu: Fix Released Status in linux-meta-oem package in Ubuntu: Fix Released Status in linux-meta source package in Precise: New Status in linux-meta source package in Trusty: Fix Released Status in linux-meta source package in Xenial: Fix Released Status in linux-meta-hwe source package in Xenial: Fix Released Status in linux-meta-hwe-edge source package in Xenial: Fix Released Status in linux-meta-lts-xenial source package in Xenial: Fix Committed Status in linux-meta-oem source package in Xenial: Fix Released Status in linux-meta source package in Zesty: Invalid Status in linux-meta source package in Artful: Fix Released Status in linux-meta source package in Bionic: Triaged Bug description: From time to time, CPU vendors release updates to microcode that can be loaded into the CPU from the OS. For x86, we have these updates available in the archive as amd64-microcode and intel-microcode. Sometimes, these microcode updates have addressed security issues with the CPU. They almost certainly will again in the future. We should ensure that all users of Ubuntu on baremetal x86 receive these security updates, and have them applied to the CPU in early boot where at all feasible. Because these are hardware-dependent packages which we don't want to install except on baremetal (so: not in VMs or containers), the logical place to pull them into the system is via the kernel, so that only the kernel baremetal flavors pull them in. This is analogous to linux-firmware, which is already a dependency of the linux- image-{lowlatency,generic} metapackages, and whose contents are applied to the hardware by the kernel similar to microcode. So, please update the linux-image-{lowlatency,generic} metapackages to add a dependency on amd64-microcode [amd64], intel-microcode [amd64], and the corresponding hwe metapackages also. Please time this change to coincide with the next updates of the microcode packages in the archive. I believe we will also need to promote the *-microcode packages to main from restricted as part of this (again, by analogy with linux- firmware). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1755627] Re: ibrs/ibpb fixes result in excessive kernel logging
This bug was fixed in the package linux - 4.13.0-43.48 --- linux (4.13.0-43.48) artful; urgency=medium * CVE-2018-3639 (powerpc) - SAUCE: rfi-flush: update H_CPU_* macro names to upstream - SAUCE: rfi-flush: update plpar_get_cpu_characteristics() signature to upstream - SAUCE: update pseries_setup_rfi_flush() capitalization to upstream - powerpc/pseries: Support firmware disable of RFI flush - powerpc/powernv: Support firmware disable of RFI flush - powerpc/64s: Allow control of RFI flush via debugfs - powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code - powerpc/rfi-flush: Always enable fallback flush on pseries - powerpc/rfi-flush: Differentiate enabled and patched flush types - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags - powerpc: Add security feature flags for Spectre/Meltdown - powerpc/powernv: Set or clear security feature flags - powerpc/pseries: Set or clear security feature flags - powerpc/powernv: Use the security flags in pnv_setup_rfi_flush() - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush() - powerpc/pseries: Fix clearing of security feature flags - powerpc: Move default security feature flags - powerpc/pseries: Restore default security feature flags on setup - powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit * CVE-2018-3639 (x86) - SAUCE: Add X86_FEATURE_ARCH_CAPABILITIES - SAUCE: x86: Add alternative_msr_write - x86/nospec: Simplify alternative_msr_write() - x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown - x86/bugs: Concentrate bug detection into a separate function - x86/bugs: Concentrate bug reporting into a separate function - x86/msr: Add definitions for new speculation control MSRs - x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits - x86/bugs, KVM: Support the combination of guest and host IBRS - x86/bugs: Expose /sys/../spec_store_bypass - x86/cpufeatures: Add X86_FEATURE_RDS - x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation - x86/bugs/intel: Set proper CPU features and setup RDS - x86/bugs: Whitelist allowed SPEC_CTRL MSR values - x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested - x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest - x86/speculation: Create spec-ctrl.h to avoid include hell - prctl: Add speculation control prctls - x86/process: Allow runtime control of Speculative Store Bypass - x86/speculation: Add prctl for Speculative Store Bypass mitigation - nospec: Allow getting/setting on non-current task - proc: Provide details on speculation flaw mitigations - seccomp: Enable speculation flaw mitigations - SAUCE: x86/bugs: Honour SPEC_CTRL default - x86/bugs: Make boot modes __ro_after_init - prctl: Add force disable speculation - seccomp: Use PR_SPEC_FORCE_DISABLE - seccomp: Add filter flag to opt-out of SSB mitigation - seccomp: Move speculation migitation control to arch code - x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass - x86/bugs: Rename _RDS to _SSBD - proc: Use underscores for SSBD in 'status' - Documentation/spec_ctrl: Do some minor cleanups - x86/bugs: Fix __ssb_select_mitigation() return type - x86/bugs: Make cpu_show_common() static * LSM Stacking prctl values should be redefined as to not collide with upstream prctls (LP: #1769263) // CVE-2018-3639 - SAUCE: LSM stacking: adjust prctl values linux (4.13.0-42.47) artful; urgency=medium * linux: 4.13.0-42.47 -proposed tracker (LP: #1769993) * arm64: fix CONFIG_DEBUG_WX address reporting (LP: #1765850) - arm64: fix CONFIG_DEBUG_WX address reporting * HiSilicon HNS NIC names are truncated in /proc/interrupts (LP: #1765977) - net: hns: Avoid action name truncation * CVE-2017-18208 - mm/madvise.c: fix madvise() infinite loop under special circumstances * CVE-2018-8822 - staging: ncpfs: memory corruption in ncp_read_kernel() * CVE-2017-18203 - dm: fix race between dm_get_from_kobject() and __dm_destroy() * CVE-2017-17449 - netlink: Add netns check on taps * CVE-2017-17975 - media: usbtv: prevent double free in error case * [8086:3e92] display becomes blank after S3 (LP: #1763271) - drm/i915/edp: Allow alternate fixed mode for eDP if available. - drm/i915/dp: rename intel_dp_is_edp to intel_dp_is_port_edp - drm/i915/dp: make is_edp non-static and rename to intel_dp_is_edp - drm/i915/edp: Do not do link training fallback or prune modes on EDP * sky2 gigabit ethernet driver sometimes stops working after lid-open resume from sleep (88E8055) (LP: #1758507) - sky2: Increase D3 delay to sky2 stops working after suspend * perf vendor events arm64: Enable JSON events for
[Group.of.nepali.translators] [Bug 1761534] Re: "ip a" command on a guest VM shows UNKNOWN status
This bug was fixed in the package linux - 3.13.0-149.199 --- linux (3.13.0-149.199) trusty; urgency=medium * CVE-2018-3639 (powerpc) - SAUCE: rfi-flush: update H_CPU_* macro names to upstream - SAUCE: rfi-flush: update plpar_get_cpu_characteristics() signature to upstream - powerpc/pseries: Support firmware disable of RFI flush - powerpc/powernv: Support firmware disable of RFI flush - powerpc/64s: Allow control of RFI flush via debugfs - powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code - powerpc/rfi-flush: Always enable fallback flush on pseries - powerpc/rfi-flush: Differentiate enabled and patched flush types - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags - powerpc: Add security feature flags for Spectre/Meltdown - powerpc/pseries: Set or clear security feature flags - powerpc/powernv: Set or clear security feature flags - powerpc/powernv: Use the security flags in pnv_setup_rfi_flush() - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush() - powerpc/pseries: Fix clearing of security feature flags - powerpc: Move default security feature flags - powerpc/pseries: Restore default security feature flags on setup - powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit - SAUCE: powerpc/64s: Move the data access exception out-of-line * CVE-2018-3639 (x86) - arch: Introduce post-init read-only memory - SAUCE: Add X86_FEATURE_ARCH_CAPABILITIES - SAUCE: x86: Add alternative_msr_write - x86/nospec: Simplify alternative_msr_write() - x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown - x86/bugs: Concentrate bug detection into a separate function - x86/bugs: Concentrate bug reporting into a separate function - x86/msr: Add definitions for new speculation control MSRs - x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits - x86/bugs, KVM: Support the combination of guest and host IBRS - x86/bugs: Expose /sys/../spec_store_bypass - x86/cpufeatures: Add X86_FEATURE_RDS - x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation - x86/bugs/intel: Set proper CPU features and setup RDS - x86/bugs: Whitelist allowed SPEC_CTRL MSR values - x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested - x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest - x86/speculation: Create spec-ctrl.h to avoid include hell - prctl: Add speculation control prctls - x86/process: Allow runtime control of Speculative Store Bypass - x86/speculation: Add prctl for Speculative Store Bypass mitigation - nospec: Allow getting/setting on non-current task - proc: Provide details on speculation flaw mitigations - seccomp: Enable speculation flaw mitigations - SAUCE: x86/bugs: Honour SPEC_CTRL default - x86/bugs: Make boot modes __ro_after_init - prctl: Add force disable speculation - seccomp: Use PR_SPEC_FORCE_DISABLE - seccomp: Add filter flag to opt-out of SSB mitigation - seccomp: Move speculation migitation control to arch code - x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass - x86/bugs: Rename _RDS to _SSBD - proc: Use underscores for SSBD in 'status' - Documentation/spec_ctrl: Do some minor cleanups - x86/bugs: Fix __ssb_select_mitigation() return type - x86/bugs: Make cpu_show_common() static linux (3.13.0-148.197) trusty; urgency=medium * linux: 3.13.0-148.197 -proposed tracker (LP: #1769077) * CVE-2017-18208 - mm/madvise.c: fix madvise() infinite loop under special circumstances * CVE-2018-8822 - staging: ncpfs: memory corruption in ncp_read_kernel() * CVE-2017-18221 - mlock: fix mlock count can not decrease in race condition * CVE-2017-12134 - xen: fix bio vec merging * CVE-2017-18203 - dm: fix race between dm_get_from_kobject() and __dm_destroy() * CVE-2017-17449 - netlink: Add netns check on taps * CVE-2017-13220 - Bluetooth: hidp_connection_add() unsafe use of l2cap_pi() * CVE-2017-18204 - ocfs2: should wait dio before inode lock in ocfs2_setattr() * CVE-2017-13305 - KEYS: encrypted: fix buffer overread in valid_master_desc() * CVE-2017-18079 - Input: i8042 - fix crash at boot time * "ip a" command on a guest VM shows UNKNOWN status (LP: #1761534) - virtio-net: Fix operstate for virtio when no VIRTIO_NET_F_STATUS * ibrs/ibpb fixes result in excessive kernel logging (LP: #1755627) - SAUCE: remove ibrs_dump sysctl interface -- Stefan BaderMon, 14 May 2018 16:58:50 +0200 ** Changed in: linux (Ubuntu Trusty) Status: Fix Committed => Fix Released ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-12134 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-13220
[Group.of.nepali.translators] [Bug 1755627] Re: ibrs/ibpb fixes result in excessive kernel logging
This bug was fixed in the package linux - 3.13.0-149.199 --- linux (3.13.0-149.199) trusty; urgency=medium * CVE-2018-3639 (powerpc) - SAUCE: rfi-flush: update H_CPU_* macro names to upstream - SAUCE: rfi-flush: update plpar_get_cpu_characteristics() signature to upstream - powerpc/pseries: Support firmware disable of RFI flush - powerpc/powernv: Support firmware disable of RFI flush - powerpc/64s: Allow control of RFI flush via debugfs - powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code - powerpc/rfi-flush: Always enable fallback flush on pseries - powerpc/rfi-flush: Differentiate enabled and patched flush types - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags - powerpc: Add security feature flags for Spectre/Meltdown - powerpc/pseries: Set or clear security feature flags - powerpc/powernv: Set or clear security feature flags - powerpc/powernv: Use the security flags in pnv_setup_rfi_flush() - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush() - powerpc/pseries: Fix clearing of security feature flags - powerpc: Move default security feature flags - powerpc/pseries: Restore default security feature flags on setup - powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit - SAUCE: powerpc/64s: Move the data access exception out-of-line * CVE-2018-3639 (x86) - arch: Introduce post-init read-only memory - SAUCE: Add X86_FEATURE_ARCH_CAPABILITIES - SAUCE: x86: Add alternative_msr_write - x86/nospec: Simplify alternative_msr_write() - x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown - x86/bugs: Concentrate bug detection into a separate function - x86/bugs: Concentrate bug reporting into a separate function - x86/msr: Add definitions for new speculation control MSRs - x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits - x86/bugs, KVM: Support the combination of guest and host IBRS - x86/bugs: Expose /sys/../spec_store_bypass - x86/cpufeatures: Add X86_FEATURE_RDS - x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation - x86/bugs/intel: Set proper CPU features and setup RDS - x86/bugs: Whitelist allowed SPEC_CTRL MSR values - x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested - x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest - x86/speculation: Create spec-ctrl.h to avoid include hell - prctl: Add speculation control prctls - x86/process: Allow runtime control of Speculative Store Bypass - x86/speculation: Add prctl for Speculative Store Bypass mitigation - nospec: Allow getting/setting on non-current task - proc: Provide details on speculation flaw mitigations - seccomp: Enable speculation flaw mitigations - SAUCE: x86/bugs: Honour SPEC_CTRL default - x86/bugs: Make boot modes __ro_after_init - prctl: Add force disable speculation - seccomp: Use PR_SPEC_FORCE_DISABLE - seccomp: Add filter flag to opt-out of SSB mitigation - seccomp: Move speculation migitation control to arch code - x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass - x86/bugs: Rename _RDS to _SSBD - proc: Use underscores for SSBD in 'status' - Documentation/spec_ctrl: Do some minor cleanups - x86/bugs: Fix __ssb_select_mitigation() return type - x86/bugs: Make cpu_show_common() static linux (3.13.0-148.197) trusty; urgency=medium * linux: 3.13.0-148.197 -proposed tracker (LP: #1769077) * CVE-2017-18208 - mm/madvise.c: fix madvise() infinite loop under special circumstances * CVE-2018-8822 - staging: ncpfs: memory corruption in ncp_read_kernel() * CVE-2017-18221 - mlock: fix mlock count can not decrease in race condition * CVE-2017-12134 - xen: fix bio vec merging * CVE-2017-18203 - dm: fix race between dm_get_from_kobject() and __dm_destroy() * CVE-2017-17449 - netlink: Add netns check on taps * CVE-2017-13220 - Bluetooth: hidp_connection_add() unsafe use of l2cap_pi() * CVE-2017-18204 - ocfs2: should wait dio before inode lock in ocfs2_setattr() * CVE-2017-13305 - KEYS: encrypted: fix buffer overread in valid_master_desc() * CVE-2017-18079 - Input: i8042 - fix crash at boot time * "ip a" command on a guest VM shows UNKNOWN status (LP: #1761534) - virtio-net: Fix operstate for virtio when no VIRTIO_NET_F_STATUS * ibrs/ibpb fixes result in excessive kernel logging (LP: #1755627) - SAUCE: remove ibrs_dump sysctl interface -- Stefan BaderMon, 14 May 2018 16:58:50 +0200 ** Changed in: linux (Ubuntu Xenial) Status: Fix Committed => Fix Released ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-16995 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-17862
[Group.of.nepali.translators] [Bug 1657682] Re: Support latest Redpine WLAN/BT RS9113 driver
This bug was fixed in the package linux-oem - 4.15.0-1006.9 --- linux-oem (4.15.0-1006.9) bionic; urgency=medium * linux-image-4.15.0-20-generic install after upgrade from xenial breaks (LP: #1767133) - Packaging: Depends on linux-base that provides the necessary tools [ Ubuntu: 4.15.0-22.24 ] * CVE-2018-3639 (powerpc) - powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit - stf-barrier: set eieio instruction bit 6 for future optimisations * CVE-2018-3639 (x86) - x86/nospec: Simplify alternative_msr_write() - x86/bugs: Concentrate bug detection into a separate function - x86/bugs: Concentrate bug reporting into a separate function - x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits - x86/bugs, KVM: Support the combination of guest and host IBRS - x86/bugs: Expose /sys/../spec_store_bypass - x86/cpufeatures: Add X86_FEATURE_RDS - x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation - x86/bugs/intel: Set proper CPU features and setup RDS - x86/bugs: Whitelist allowed SPEC_CTRL MSR values - x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested - x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest - x86/speculation: Create spec-ctrl.h to avoid include hell - prctl: Add speculation control prctls - x86/process: Allow runtime control of Speculative Store Bypass - x86/speculation: Add prctl for Speculative Store Bypass mitigation - nospec: Allow getting/setting on non-current task - proc: Provide details on speculation flaw mitigations - seccomp: Enable speculation flaw mitigations - x86/bugs: Make boot modes __ro_after_init - prctl: Add force disable speculation - seccomp: Use PR_SPEC_FORCE_DISABLE - seccomp: Add filter flag to opt-out of SSB mitigation - seccomp: Move speculation migitation control to arch code - x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass - x86/bugs: Rename _RDS to _SSBD - proc: Use underscores for SSBD in 'status' - Documentation/spec_ctrl: Do some minor cleanups - x86/bugs: Fix __ssb_select_mitigation() return type - x86/bugs: Make cpu_show_common() static * LSM Stacking prctl values should be redefined as to not collide with upstream prctls (LP: #1769263) // CVE-2018-3639 - SAUCE: LSM stacking: adjust prctl values linux-oem (4.15.0-1005.8) bionic; urgency=medium * linux-oem: 4.15.0-1005.8 -proposed tracker (LP: #1767398) - source built with a clean tree * [i915 CNL-Y] system hangs soon after bootup (LP: #1769843) - SAUCE: drm/i915/execlists: Use rmb() to order CSB reads * hts221 sensor stops working after resume from S3/S4 (LP: #1769658) - SAUCE: iio: humidity: hts221: Fix sensor reads after resume * Support Intel Atom (Baytrail-I) HS-UART serdev slaves over tty (LP: #1769610) - serdev: ttyport: release tty lock sooner on open - serdev: ttyport: ignore carrier detect to avoid hangups - serdev: ttyport: do not used keyed wakeup in write_wakeup - serdev: Make .remove in struct serdev_device_driver optional - serdev: Introduce devm_serdev_device_open() - serdev: do not generate modaliases for controllers - serdev: only match serdev devices - serdev: add method to set parity - SAUCE: (no-up) Support HS-UART serdev slaves over tty - [Config] CONFIG_HSUART_SERIAL_DEVICE=y * Support latest Redpine WLAN/BT RS9113 driver (LP: #1657682) - SAUCE: rsi: add rx control block to handle rx packets in USB - SAUCE: rsi: add bluetooth rx endpoint - SAUCE: rsi: add header file rsi_91x - SAUCE: rsi: add coex support - SAUCE: Bluetooth: bt: rsi: add new rsi bluetooth driver - SAUCE: rsi: handle BT traffic in driver - SAUCE: rsi: add module parameter operating mode - SAUCE: rsi: sdio changes to support BT - SAUCE: rsi: improve RX handling in SDIO interface - SAUCE: rsi: use dynamic RX control blocks instead of MAX_RX_URB - SAUCE: rsi: improve RX packet handling in USB interface - SAUCE: rsi: add support for hardware scan offload - SAUCE: rsi: move xtend_desc structure from rsi_main.h to rsi_mgmt.h - SAUCE: rsi: move descriptor preparation to core - SAUCE: rsi: enable 80MHz clock by default - SAUCE: rsi: roaming enhancements - SAUCE: rsi: add module parameter rsi_reg - SAUCE: rsi: regulatory modifications for 'dlcar' mode - SAUCE: rsi: device disconnect changes - SAUCE: rsi: tx improvements - SAUCE: rsi: drop RX broadcast/multicast packets with invalid PN - SAUCE: rsi: fix for incorrect data pointer alignment in 64-bit - SAUCE: rsi: Remove stack VLA usage - SAUCE: rsi: fix nommu_map_sg overflow kernel panic - SAUCE: rsi: Fix 'invalid vdd' warning in mmc - SAUCE: Redpine: Fix wowlan issue with S4 - SAUCE: Redpine: rsi: Add deep sleep enable
[Group.of.nepali.translators] [Bug 1759303] Re: Update Aquantia driver to fix various issues
This bug was fixed in the package linux-oem - 4.13.0-1028.31 --- linux-oem (4.13.0-1028.31) xenial; urgency=medium [ Ubuntu: 4.13.0-43.48 ] * CVE-2018-3639 (powerpc) - SAUCE: rfi-flush: update H_CPU_* macro names to upstream - SAUCE: rfi-flush: update plpar_get_cpu_characteristics() signature to upstream - SAUCE: update pseries_setup_rfi_flush() capitalization to upstream - powerpc/pseries: Support firmware disable of RFI flush - powerpc/powernv: Support firmware disable of RFI flush - powerpc/64s: Allow control of RFI flush via debugfs - powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code - powerpc/rfi-flush: Always enable fallback flush on pseries - powerpc/rfi-flush: Differentiate enabled and patched flush types - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags - powerpc: Add security feature flags for Spectre/Meltdown - powerpc/powernv: Set or clear security feature flags - powerpc/pseries: Set or clear security feature flags - powerpc/powernv: Use the security flags in pnv_setup_rfi_flush() - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush() - powerpc/pseries: Fix clearing of security feature flags - powerpc: Move default security feature flags - powerpc/pseries: Restore default security feature flags on setup - powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit * CVE-2018-3639 (x86) - SAUCE: Add X86_FEATURE_ARCH_CAPABILITIES - SAUCE: x86: Add alternative_msr_write - x86/nospec: Simplify alternative_msr_write() - x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown - x86/bugs: Concentrate bug detection into a separate function - x86/bugs: Concentrate bug reporting into a separate function - x86/msr: Add definitions for new speculation control MSRs - x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits - x86/bugs, KVM: Support the combination of guest and host IBRS - x86/bugs: Expose /sys/../spec_store_bypass - x86/cpufeatures: Add X86_FEATURE_RDS - x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation - x86/bugs/intel: Set proper CPU features and setup RDS - x86/bugs: Whitelist allowed SPEC_CTRL MSR values - x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested - x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest - x86/speculation: Create spec-ctrl.h to avoid include hell - prctl: Add speculation control prctls - x86/process: Allow runtime control of Speculative Store Bypass - x86/speculation: Add prctl for Speculative Store Bypass mitigation - nospec: Allow getting/setting on non-current task - proc: Provide details on speculation flaw mitigations - seccomp: Enable speculation flaw mitigations - SAUCE: x86/bugs: Honour SPEC_CTRL default - x86/bugs: Make boot modes __ro_after_init - prctl: Add force disable speculation - seccomp: Use PR_SPEC_FORCE_DISABLE - seccomp: Add filter flag to opt-out of SSB mitigation - seccomp: Move speculation migitation control to arch code - x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass - x86/bugs: Rename _RDS to _SSBD - proc: Use underscores for SSBD in 'status' - Documentation/spec_ctrl: Do some minor cleanups - x86/bugs: Fix __ssb_select_mitigation() return type - x86/bugs: Make cpu_show_common() static * LSM Stacking prctl values should be redefined as to not collide with upstream prctls (LP: #1769263) // CVE-2018-3639 - SAUCE: LSM stacking: adjust prctl values linux-oem (4.13.0-1027.30) xenial; urgency=medium * linux-oem: 4.13.0-1027.30 -proposed tracker (LP: #1769996) * set PINCFG_HEADSET_MIC to parse_flags for Dell precision 3630 (LP: #1766398) - ALSA: hda/realtek - set PINCFG_HEADSET_MIC to parse_flags * Change the location for one of two front mics on a lenovo thinkcentre machine (LP: #1766477) - ALSA: hda/realtek - adjust the location of one mic * Update btusb reset-resume quirk to decrease power usage (LP: #1766197) - SAUCE: Revert "usb: quirks: Add reset-resume quirk for Dell DW1820 QCA Rome Bluetooth" - Bluetooth: btusb: Use DMI matching for QCA reset_resume quirking - Bluetooth: btusb: Remove Yoga 920 from the btusb_needs_reset_resume_table - Bluetooth: btusb: Add Dell OptiPlex 3060 to btusb_needs_reset_resume_table * Update Aquantia driver to fix various issues (LP: #1759303) - SAUCE: Revert "net: aquantia: Reset nic statistics on interface up/down" - SAUCE: Revert "net: aquantia: Add queue restarts stats counter" - SAUCE: Revert "net: aquantia: Fixed transient link up/down/up notification" - SAUCE: Revert "net: aquantia: Limit number of MSIX irqs to the number of cpus" - SAUCE: Revert "net: aquantia: mmio unmap was not performed on driver
[Group.of.nepali.translators] [Bug 1770002] Re: linux-gcp: 4.13.0-1016.20 -proposed tracker
This bug was fixed in the package linux-gcp - 4.13.0-1017.21 --- linux-gcp (4.13.0-1017.21) xenial; urgency=medium [ Ubuntu: 4.13.0-43.48 ] * CVE-2018-3639 (powerpc) - SAUCE: rfi-flush: update H_CPU_* macro names to upstream - SAUCE: rfi-flush: update plpar_get_cpu_characteristics() signature to upstream - SAUCE: update pseries_setup_rfi_flush() capitalization to upstream - powerpc/pseries: Support firmware disable of RFI flush - powerpc/powernv: Support firmware disable of RFI flush - powerpc/64s: Allow control of RFI flush via debugfs - powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code - powerpc/rfi-flush: Always enable fallback flush on pseries - powerpc/rfi-flush: Differentiate enabled and patched flush types - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags - powerpc: Add security feature flags for Spectre/Meltdown - powerpc/powernv: Set or clear security feature flags - powerpc/pseries: Set or clear security feature flags - powerpc/powernv: Use the security flags in pnv_setup_rfi_flush() - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush() - powerpc/pseries: Fix clearing of security feature flags - powerpc: Move default security feature flags - powerpc/pseries: Restore default security feature flags on setup - powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit * CVE-2018-3639 (x86) - SAUCE: Add X86_FEATURE_ARCH_CAPABILITIES - SAUCE: x86: Add alternative_msr_write - x86/nospec: Simplify alternative_msr_write() - x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown - x86/bugs: Concentrate bug detection into a separate function - x86/bugs: Concentrate bug reporting into a separate function - x86/msr: Add definitions for new speculation control MSRs - x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits - x86/bugs, KVM: Support the combination of guest and host IBRS - x86/bugs: Expose /sys/../spec_store_bypass - x86/cpufeatures: Add X86_FEATURE_RDS - x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation - x86/bugs/intel: Set proper CPU features and setup RDS - x86/bugs: Whitelist allowed SPEC_CTRL MSR values - x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested - x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest - x86/speculation: Create spec-ctrl.h to avoid include hell - prctl: Add speculation control prctls - x86/process: Allow runtime control of Speculative Store Bypass - x86/speculation: Add prctl for Speculative Store Bypass mitigation - nospec: Allow getting/setting on non-current task - proc: Provide details on speculation flaw mitigations - seccomp: Enable speculation flaw mitigations - SAUCE: x86/bugs: Honour SPEC_CTRL default - x86/bugs: Make boot modes __ro_after_init - prctl: Add force disable speculation - seccomp: Use PR_SPEC_FORCE_DISABLE - seccomp: Add filter flag to opt-out of SSB mitigation - seccomp: Move speculation migitation control to arch code - x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass - x86/bugs: Rename _RDS to _SSBD - proc: Use underscores for SSBD in 'status' - Documentation/spec_ctrl: Do some minor cleanups - x86/bugs: Fix __ssb_select_mitigation() return type - x86/bugs: Make cpu_show_common() static * LSM Stacking prctl values should be redefined as to not collide with upstream prctls (LP: #1769263) // CVE-2018-3639 - SAUCE: LSM stacking: adjust prctl values linux-gcp (4.13.0-1016.20) xenial; urgency=medium * linux-gcp: 4.13.0-1016.20 -proposed tracker (LP: #1770002) [ Ubuntu: 4.13.0-42.47 ] * linux: 4.13.0-42.47 -proposed tracker (LP: #1769993) * arm64: fix CONFIG_DEBUG_WX address reporting (LP: #1765850) - arm64: fix CONFIG_DEBUG_WX address reporting * HiSilicon HNS NIC names are truncated in /proc/interrupts (LP: #1765977) - net: hns: Avoid action name truncation * CVE-2017-18208 - mm/madvise.c: fix madvise() infinite loop under special circumstances * CVE-2018-8822 - staging: ncpfs: memory corruption in ncp_read_kernel() * CVE-2017-18203 - dm: fix race between dm_get_from_kobject() and __dm_destroy() * CVE-2017-17449 - netlink: Add netns check on taps * CVE-2017-17975 - media: usbtv: prevent double free in error case * [8086:3e92] display becomes blank after S3 (LP: #1763271) - drm/i915/edp: Allow alternate fixed mode for eDP if available. - drm/i915/dp: rename intel_dp_is_edp to intel_dp_is_port_edp - drm/i915/dp: make is_edp non-static and rename to intel_dp_is_edp - drm/i915/edp: Do not do link training fallback or prune modes on EDP * sky2 gigabit ethernet driver sometimes stops working after lid-open resume from sleep (88E8055) (LP: #1758507)
[Group.of.nepali.translators] [Bug 1769997] Re: linux-azure: 4.13.0-1017.20 -proposed tracker
This bug was fixed in the package linux-azure - 4.13.0-1018.21 --- linux-azure (4.13.0-1018.21) xenial; urgency=medium [ Ubuntu: 4.13.0-43.48 ] * CVE-2018-3639 (powerpc) - SAUCE: rfi-flush: update H_CPU_* macro names to upstream - SAUCE: rfi-flush: update plpar_get_cpu_characteristics() signature to upstream - SAUCE: update pseries_setup_rfi_flush() capitalization to upstream - powerpc/pseries: Support firmware disable of RFI flush - powerpc/powernv: Support firmware disable of RFI flush - powerpc/64s: Allow control of RFI flush via debugfs - powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code - powerpc/rfi-flush: Always enable fallback flush on pseries - powerpc/rfi-flush: Differentiate enabled and patched flush types - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags - powerpc: Add security feature flags for Spectre/Meltdown - powerpc/powernv: Set or clear security feature flags - powerpc/pseries: Set or clear security feature flags - powerpc/powernv: Use the security flags in pnv_setup_rfi_flush() - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush() - powerpc/pseries: Fix clearing of security feature flags - powerpc: Move default security feature flags - powerpc/pseries: Restore default security feature flags on setup - powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit * CVE-2018-3639 (x86) - SAUCE: Add X86_FEATURE_ARCH_CAPABILITIES - SAUCE: x86: Add alternative_msr_write - x86/nospec: Simplify alternative_msr_write() - x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown - x86/bugs: Concentrate bug detection into a separate function - x86/bugs: Concentrate bug reporting into a separate function - x86/msr: Add definitions for new speculation control MSRs - x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits - x86/bugs, KVM: Support the combination of guest and host IBRS - x86/bugs: Expose /sys/../spec_store_bypass - x86/cpufeatures: Add X86_FEATURE_RDS - x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation - x86/bugs/intel: Set proper CPU features and setup RDS - x86/bugs: Whitelist allowed SPEC_CTRL MSR values - x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested - x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest - x86/speculation: Create spec-ctrl.h to avoid include hell - prctl: Add speculation control prctls - x86/process: Allow runtime control of Speculative Store Bypass - x86/speculation: Add prctl for Speculative Store Bypass mitigation - nospec: Allow getting/setting on non-current task - proc: Provide details on speculation flaw mitigations - seccomp: Enable speculation flaw mitigations - SAUCE: x86/bugs: Honour SPEC_CTRL default - x86/bugs: Make boot modes __ro_after_init - prctl: Add force disable speculation - seccomp: Use PR_SPEC_FORCE_DISABLE - seccomp: Add filter flag to opt-out of SSB mitigation - seccomp: Move speculation migitation control to arch code - x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass - x86/bugs: Rename _RDS to _SSBD - proc: Use underscores for SSBD in 'status' - Documentation/spec_ctrl: Do some minor cleanups - x86/bugs: Fix __ssb_select_mitigation() return type - x86/bugs: Make cpu_show_common() static * LSM Stacking prctl values should be redefined as to not collide with upstream prctls (LP: #1769263) // CVE-2018-3639 - SAUCE: LSM stacking: adjust prctl values [ Ubuntu: 4.13.0-42.47 ] * linux: 4.13.0-42.47 -proposed tracker (LP: #1769993) * arm64: fix CONFIG_DEBUG_WX address reporting (LP: #1765850) - arm64: fix CONFIG_DEBUG_WX address reporting * HiSilicon HNS NIC names are truncated in /proc/interrupts (LP: #1765977) - net: hns: Avoid action name truncation * CVE-2017-18208 - mm/madvise.c: fix madvise() infinite loop under special circumstances * CVE-2018-8822 - staging: ncpfs: memory corruption in ncp_read_kernel() * CVE-2017-18203 - dm: fix race between dm_get_from_kobject() and __dm_destroy() * CVE-2017-17449 - netlink: Add netns check on taps * CVE-2017-17975 - media: usbtv: prevent double free in error case * [8086:3e92] display becomes blank after S3 (LP: #1763271) - drm/i915/edp: Allow alternate fixed mode for eDP if available. - drm/i915/dp: rename intel_dp_is_edp to intel_dp_is_port_edp - drm/i915/dp: make is_edp non-static and rename to intel_dp_is_edp - drm/i915/edp: Do not do link training fallback or prune modes on EDP * sky2 gigabit ethernet driver sometimes stops working after lid-open resume from sleep (88E8055) (LP: #1758507) - sky2: Increase D3 delay to sky2 stops working after suspend * perf vendor events arm64: Enable JSON
[Group.of.nepali.translators] [Bug 1770011] Re: linux: 4.4.0-125.150 -proposed tracker
This bug was fixed in the package linux - 4.4.0-127.153 --- linux (4.4.0-127.153) xenial; urgency=medium * CVE-2018-3639 (powerpc) - powerpc/pseries: Support firmware disable of RFI flush - powerpc/powernv: Support firmware disable of RFI flush - powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code - powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again - powerpc/rfi-flush: Always enable fallback flush on pseries - powerpc/rfi-flush: Differentiate enabled and patched flush types - powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags - powerpc: Add security feature flags for Spectre/Meltdown - powerpc/pseries: Set or clear security feature flags - powerpc/powernv: Set or clear security feature flags - powerpc/64s: Move cpu_show_meltdown() - powerpc/64s: Enhance the information in cpu_show_meltdown() - powerpc/powernv: Use the security flags in pnv_setup_rfi_flush() - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush() - powerpc/64s: Wire up cpu_show_spectre_v1() - powerpc/64s: Wire up cpu_show_spectre_v2() - powerpc/pseries: Fix clearing of security feature flags - powerpc: Move default security feature flags - powerpc/pseries: Restore default security feature flags on setup - SAUCE: powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit * CVE-2018-3639 (x86) - SAUCE: Clean up IBPB and IBRS control functions and macros - SAUCE: Fix up IBPB and IBRS kernel parameters documentation - SAUCE: Remove #define X86_FEATURE_PTI - x86/cpufeature: Move some of the scattered feature bits to x86_capability - x86/cpufeature: Cleanup get_cpu_cap() - x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6 - x86/cpufeatures: Add CPUID_7_EDX CPUID leaf - x86/cpufeatures: Add Intel feature bits for Speculation Control - SAUCE: x86/kvm: Expose SPEC_CTRL from the leaf - x86/cpufeatures: Add AMD feature bits for Speculation Control - x86/msr: Add definitions for new speculation control MSRs - SAUCE: x86/msr: Rename MSR spec control feature bits - x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown - x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes - x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support - x86/speculation: Add dependency - x86/cpufeatures: Clean up Spectre v2 related CPUID flags - x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel - SAUCE: x86/speculation: Move vendor specific IBRS/IBPB control code - SAUCE: x86: Add alternative_msr_write - SAUCE: x86/nospec: Simplify alternative_msr_write() - SAUCE: x86/bugs: Concentrate bug detection into a separate function - SAUCE: x86/bugs: Concentrate bug reporting into a separate function - arch: Introduce post-init read-only memory - SAUCE: x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits - SAUCE: x86/bugs, KVM: Support the combination of guest and host IBRS - SAUCE: x86/bugs: Expose /sys/../spec_store_bypass - SAUCE: x86/cpufeatures: Add X86_FEATURE_RDS - SAUCE: x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation - SAUCE: x86/bugs/intel: Set proper CPU features and setup RDS - SAUCE: x86/bugs: Whitelist allowed SPEC_CTRL MSR values - SAUCE: x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested - SAUCE: x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest - SAUCE: x86/speculation: Create spec-ctrl.h to avoid include hell - SAUCE: prctl: Add speculation control prctls - x86/process: Optimize TIF checks in __switch_to_xtra() - SAUCE: x86/process: Allow runtime control of Speculative Store Bypass - SAUCE: x86/speculation: Add prctl for Speculative Store Bypass mitigation - SAUCE: nospec: Allow getting/setting on non-current task - SAUCE: proc: Provide details on speculation flaw mitigations - SAUCE: seccomp: Enable speculation flaw mitigations - SAUCE: x86/bugs: Honour SPEC_CTRL default - SAUCE: x86/bugs: Make boot modes __ro_after_init - SAUCE: prctl: Add force disable speculation - SAUCE: seccomp: Use PR_SPEC_FORCE_DISABLE - selftest/seccomp: Fix the flag name SECCOMP_FILTER_FLAG_TSYNC - SAUCE: seccomp: Add filter flag to opt-out of SSB mitigation - SAUCE: seccomp: Move speculation migitation control to arch code - SAUCE: x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass - SAUCE: x86/bugs: Rename _RDS to _SSBD - SAUCE: proc: Use underscores for SSBD in 'status' - SAUCE: Documentation/spec_ctrl: Do some minor cleanups - SAUCE: x86/bugs: Fix __ssb_select_mitigation() return type - SAUCE: x86/bugs: Make cpu_show_common() static
[Group.of.nepali.translators] [Bug 1769996] Re: linux-oem: 4.13.0-1027.30 -proposed tracker
This bug was fixed in the package linux-oem - 4.13.0-1028.31 --- linux-oem (4.13.0-1028.31) xenial; urgency=medium [ Ubuntu: 4.13.0-43.48 ] * CVE-2018-3639 (powerpc) - SAUCE: rfi-flush: update H_CPU_* macro names to upstream - SAUCE: rfi-flush: update plpar_get_cpu_characteristics() signature to upstream - SAUCE: update pseries_setup_rfi_flush() capitalization to upstream - powerpc/pseries: Support firmware disable of RFI flush - powerpc/powernv: Support firmware disable of RFI flush - powerpc/64s: Allow control of RFI flush via debugfs - powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code - powerpc/rfi-flush: Always enable fallback flush on pseries - powerpc/rfi-flush: Differentiate enabled and patched flush types - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags - powerpc: Add security feature flags for Spectre/Meltdown - powerpc/powernv: Set or clear security feature flags - powerpc/pseries: Set or clear security feature flags - powerpc/powernv: Use the security flags in pnv_setup_rfi_flush() - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush() - powerpc/pseries: Fix clearing of security feature flags - powerpc: Move default security feature flags - powerpc/pseries: Restore default security feature flags on setup - powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit * CVE-2018-3639 (x86) - SAUCE: Add X86_FEATURE_ARCH_CAPABILITIES - SAUCE: x86: Add alternative_msr_write - x86/nospec: Simplify alternative_msr_write() - x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown - x86/bugs: Concentrate bug detection into a separate function - x86/bugs: Concentrate bug reporting into a separate function - x86/msr: Add definitions for new speculation control MSRs - x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits - x86/bugs, KVM: Support the combination of guest and host IBRS - x86/bugs: Expose /sys/../spec_store_bypass - x86/cpufeatures: Add X86_FEATURE_RDS - x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation - x86/bugs/intel: Set proper CPU features and setup RDS - x86/bugs: Whitelist allowed SPEC_CTRL MSR values - x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested - x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest - x86/speculation: Create spec-ctrl.h to avoid include hell - prctl: Add speculation control prctls - x86/process: Allow runtime control of Speculative Store Bypass - x86/speculation: Add prctl for Speculative Store Bypass mitigation - nospec: Allow getting/setting on non-current task - proc: Provide details on speculation flaw mitigations - seccomp: Enable speculation flaw mitigations - SAUCE: x86/bugs: Honour SPEC_CTRL default - x86/bugs: Make boot modes __ro_after_init - prctl: Add force disable speculation - seccomp: Use PR_SPEC_FORCE_DISABLE - seccomp: Add filter flag to opt-out of SSB mitigation - seccomp: Move speculation migitation control to arch code - x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass - x86/bugs: Rename _RDS to _SSBD - proc: Use underscores for SSBD in 'status' - Documentation/spec_ctrl: Do some minor cleanups - x86/bugs: Fix __ssb_select_mitigation() return type - x86/bugs: Make cpu_show_common() static * LSM Stacking prctl values should be redefined as to not collide with upstream prctls (LP: #1769263) // CVE-2018-3639 - SAUCE: LSM stacking: adjust prctl values linux-oem (4.13.0-1027.30) xenial; urgency=medium * linux-oem: 4.13.0-1027.30 -proposed tracker (LP: #1769996) * set PINCFG_HEADSET_MIC to parse_flags for Dell precision 3630 (LP: #1766398) - ALSA: hda/realtek - set PINCFG_HEADSET_MIC to parse_flags * Change the location for one of two front mics on a lenovo thinkcentre machine (LP: #1766477) - ALSA: hda/realtek - adjust the location of one mic * Update btusb reset-resume quirk to decrease power usage (LP: #1766197) - SAUCE: Revert "usb: quirks: Add reset-resume quirk for Dell DW1820 QCA Rome Bluetooth" - Bluetooth: btusb: Use DMI matching for QCA reset_resume quirking - Bluetooth: btusb: Remove Yoga 920 from the btusb_needs_reset_resume_table - Bluetooth: btusb: Add Dell OptiPlex 3060 to btusb_needs_reset_resume_table * Update Aquantia driver to fix various issues (LP: #1759303) - SAUCE: Revert "net: aquantia: Reset nic statistics on interface up/down" - SAUCE: Revert "net: aquantia: Add queue restarts stats counter" - SAUCE: Revert "net: aquantia: Fixed transient link up/down/up notification" - SAUCE: Revert "net: aquantia: Limit number of MSIX irqs to the number of cpus" - SAUCE: Revert "net: aquantia: mmio unmap was not performed on driver
[Group.of.nepali.translators] [Bug 1766832] Re: test_140_kernel_modules_not_tainted in kernel security test failed with 4.15 kvm kernel
This bug was fixed in the package linux-kvm - 4.15.0-1010.10 --- linux-kvm (4.15.0-1010.10) bionic; urgency=medium [ Ubuntu: 4.15.0-22.24 ] * CVE-2018-3639 (powerpc) - powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit - stf-barrier: set eieio instruction bit 6 for future optimisations * CVE-2018-3639 (x86) - x86/nospec: Simplify alternative_msr_write() - x86/bugs: Concentrate bug detection into a separate function - x86/bugs: Concentrate bug reporting into a separate function - x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits - x86/bugs, KVM: Support the combination of guest and host IBRS - x86/bugs: Expose /sys/../spec_store_bypass - x86/cpufeatures: Add X86_FEATURE_RDS - x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation - x86/bugs/intel: Set proper CPU features and setup RDS - x86/bugs: Whitelist allowed SPEC_CTRL MSR values - x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested - x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest - x86/speculation: Create spec-ctrl.h to avoid include hell - prctl: Add speculation control prctls - x86/process: Allow runtime control of Speculative Store Bypass - x86/speculation: Add prctl for Speculative Store Bypass mitigation - nospec: Allow getting/setting on non-current task - proc: Provide details on speculation flaw mitigations - seccomp: Enable speculation flaw mitigations - x86/bugs: Make boot modes __ro_after_init - prctl: Add force disable speculation - seccomp: Use PR_SPEC_FORCE_DISABLE - seccomp: Add filter flag to opt-out of SSB mitigation - seccomp: Move speculation migitation control to arch code - x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass - x86/bugs: Rename _RDS to _SSBD - proc: Use underscores for SSBD in 'status' - Documentation/spec_ctrl: Do some minor cleanups - x86/bugs: Fix __ssb_select_mitigation() return type - x86/bugs: Make cpu_show_common() static * LSM Stacking prctl values should be redefined as to not collide with upstream prctls (LP: #1769263) // CVE-2018-3639 - SAUCE: LSM stacking: adjust prctl values linux-kvm (4.15.0-1009.9) bionic; urgency=medium * linux-kvm: 4.15.0-1009.9 -proposed tracker (LP: #1767409) * linux-image-4.15.0-20-generic install after upgrade from xenial breaks (LP: #1767133) - Packaging: Depends on linux-base that provides the necessary tools * Unable to start docker application with B-KVM kernel (LP: #1763630) - kvm: [config] enable NF_NAT, NF_CONNTRACK - kvm: [config] enable IP_NF_TABLES * test_078_SLAB_freelist_randomization failed on 4.15 KVM kernel (LP: #1764975) - kvm: [config] enable CONFIG_SLAB_FREELIST_{HARDENED,RANDOM} * linux-kvm 4.15 needs CONFIG_VMAP_STACK set (LP: #1764985) - kvm: [config] enable CONFIG_VMAP_STACK * test_140_kernel_modules_not_tainted in kernel security test failed with 4.15 kvm kernel (LP: #1766832) - kvm: [config] enable CONFIG_MODULE_UNLOAD [ Ubuntu: 4.15.0-21.22 ] * linux: 4.15.0-21.22 -proposed tracker (LP: #1767397) * initramfs-tools exception during pm.DoInstall with do-release-upgrade from 16.04 to 18.04 (LP: #1766727) - Add linux-image-* Breaks on s390-tools (<< 2.3.0-0ubuntu3) * linux-image-4.15.0-20-generic install after upgrade from xenial breaks (LP: #1767133) - Packaging: Depends on linux-base that provides the necessary tools * linux-image packages need to Breaks flash-kernel << 3.90ubuntu2 (LP: #1766629) - linux-image-* breaks on flash-kernel (<< 3.90ubuntu2) -- Stefan BaderThu, 17 May 2018 10:30:53 +0200 ** Changed in: linux-kvm (Ubuntu Bionic) Status: Fix Committed => Fix Released ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-3639 -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1766832 Title: test_140_kernel_modules_not_tainted in kernel security test failed with 4.15 kvm kernel Status in linux-kvm package in Ubuntu: Fix Committed Status in linux-kvm source package in Xenial: Fix Committed Status in linux-kvm source package in Bionic: Fix Released Bug description: == Justification == In the Bionic KVM and Xenial KVM kernel, the CONFIG_MODULE_UNLOAD was not set, this will cause the rmmod command in test_072_strict_devmem test from the kernel security test suite fail to run, and induce a failure in the following test_140_kernel_modules_not_tainted test. == Test == Before enabling the config, rmmod command will return: "ERROR: Module signpost is in use" After the config was enabled, rmmod will succeed and it will pass with this
[Group.of.nepali.translators] [Bug 1766398] Re: set PINCFG_HEADSET_MIC to parse_flags for Dell precision 3630
This bug was fixed in the package linux-oem - 4.13.0-1028.31 --- linux-oem (4.13.0-1028.31) xenial; urgency=medium [ Ubuntu: 4.13.0-43.48 ] * CVE-2018-3639 (powerpc) - SAUCE: rfi-flush: update H_CPU_* macro names to upstream - SAUCE: rfi-flush: update plpar_get_cpu_characteristics() signature to upstream - SAUCE: update pseries_setup_rfi_flush() capitalization to upstream - powerpc/pseries: Support firmware disable of RFI flush - powerpc/powernv: Support firmware disable of RFI flush - powerpc/64s: Allow control of RFI flush via debugfs - powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code - powerpc/rfi-flush: Always enable fallback flush on pseries - powerpc/rfi-flush: Differentiate enabled and patched flush types - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags - powerpc: Add security feature flags for Spectre/Meltdown - powerpc/powernv: Set or clear security feature flags - powerpc/pseries: Set or clear security feature flags - powerpc/powernv: Use the security flags in pnv_setup_rfi_flush() - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush() - powerpc/pseries: Fix clearing of security feature flags - powerpc: Move default security feature flags - powerpc/pseries: Restore default security feature flags on setup - powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit * CVE-2018-3639 (x86) - SAUCE: Add X86_FEATURE_ARCH_CAPABILITIES - SAUCE: x86: Add alternative_msr_write - x86/nospec: Simplify alternative_msr_write() - x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown - x86/bugs: Concentrate bug detection into a separate function - x86/bugs: Concentrate bug reporting into a separate function - x86/msr: Add definitions for new speculation control MSRs - x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits - x86/bugs, KVM: Support the combination of guest and host IBRS - x86/bugs: Expose /sys/../spec_store_bypass - x86/cpufeatures: Add X86_FEATURE_RDS - x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation - x86/bugs/intel: Set proper CPU features and setup RDS - x86/bugs: Whitelist allowed SPEC_CTRL MSR values - x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested - x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest - x86/speculation: Create spec-ctrl.h to avoid include hell - prctl: Add speculation control prctls - x86/process: Allow runtime control of Speculative Store Bypass - x86/speculation: Add prctl for Speculative Store Bypass mitigation - nospec: Allow getting/setting on non-current task - proc: Provide details on speculation flaw mitigations - seccomp: Enable speculation flaw mitigations - SAUCE: x86/bugs: Honour SPEC_CTRL default - x86/bugs: Make boot modes __ro_after_init - prctl: Add force disable speculation - seccomp: Use PR_SPEC_FORCE_DISABLE - seccomp: Add filter flag to opt-out of SSB mitigation - seccomp: Move speculation migitation control to arch code - x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass - x86/bugs: Rename _RDS to _SSBD - proc: Use underscores for SSBD in 'status' - Documentation/spec_ctrl: Do some minor cleanups - x86/bugs: Fix __ssb_select_mitigation() return type - x86/bugs: Make cpu_show_common() static * LSM Stacking prctl values should be redefined as to not collide with upstream prctls (LP: #1769263) // CVE-2018-3639 - SAUCE: LSM stacking: adjust prctl values linux-oem (4.13.0-1027.30) xenial; urgency=medium * linux-oem: 4.13.0-1027.30 -proposed tracker (LP: #1769996) * set PINCFG_HEADSET_MIC to parse_flags for Dell precision 3630 (LP: #1766398) - ALSA: hda/realtek - set PINCFG_HEADSET_MIC to parse_flags * Change the location for one of two front mics on a lenovo thinkcentre machine (LP: #1766477) - ALSA: hda/realtek - adjust the location of one mic * Update btusb reset-resume quirk to decrease power usage (LP: #1766197) - SAUCE: Revert "usb: quirks: Add reset-resume quirk for Dell DW1820 QCA Rome Bluetooth" - Bluetooth: btusb: Use DMI matching for QCA reset_resume quirking - Bluetooth: btusb: Remove Yoga 920 from the btusb_needs_reset_resume_table - Bluetooth: btusb: Add Dell OptiPlex 3060 to btusb_needs_reset_resume_table * Update Aquantia driver to fix various issues (LP: #1759303) - SAUCE: Revert "net: aquantia: Reset nic statistics on interface up/down" - SAUCE: Revert "net: aquantia: Add queue restarts stats counter" - SAUCE: Revert "net: aquantia: Fixed transient link up/down/up notification" - SAUCE: Revert "net: aquantia: Limit number of MSIX irqs to the number of cpus" - SAUCE: Revert "net: aquantia: mmio unmap was not performed on driver
[Group.of.nepali.translators] [Bug 1766477] Re: Change the location for one of two front mics on a lenovo thinkcentre machine
This bug was fixed in the package linux-oem - 4.13.0-1028.31 --- linux-oem (4.13.0-1028.31) xenial; urgency=medium [ Ubuntu: 4.13.0-43.48 ] * CVE-2018-3639 (powerpc) - SAUCE: rfi-flush: update H_CPU_* macro names to upstream - SAUCE: rfi-flush: update plpar_get_cpu_characteristics() signature to upstream - SAUCE: update pseries_setup_rfi_flush() capitalization to upstream - powerpc/pseries: Support firmware disable of RFI flush - powerpc/powernv: Support firmware disable of RFI flush - powerpc/64s: Allow control of RFI flush via debugfs - powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code - powerpc/rfi-flush: Always enable fallback flush on pseries - powerpc/rfi-flush: Differentiate enabled and patched flush types - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags - powerpc: Add security feature flags for Spectre/Meltdown - powerpc/powernv: Set or clear security feature flags - powerpc/pseries: Set or clear security feature flags - powerpc/powernv: Use the security flags in pnv_setup_rfi_flush() - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush() - powerpc/pseries: Fix clearing of security feature flags - powerpc: Move default security feature flags - powerpc/pseries: Restore default security feature flags on setup - powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit * CVE-2018-3639 (x86) - SAUCE: Add X86_FEATURE_ARCH_CAPABILITIES - SAUCE: x86: Add alternative_msr_write - x86/nospec: Simplify alternative_msr_write() - x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown - x86/bugs: Concentrate bug detection into a separate function - x86/bugs: Concentrate bug reporting into a separate function - x86/msr: Add definitions for new speculation control MSRs - x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits - x86/bugs, KVM: Support the combination of guest and host IBRS - x86/bugs: Expose /sys/../spec_store_bypass - x86/cpufeatures: Add X86_FEATURE_RDS - x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation - x86/bugs/intel: Set proper CPU features and setup RDS - x86/bugs: Whitelist allowed SPEC_CTRL MSR values - x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested - x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest - x86/speculation: Create spec-ctrl.h to avoid include hell - prctl: Add speculation control prctls - x86/process: Allow runtime control of Speculative Store Bypass - x86/speculation: Add prctl for Speculative Store Bypass mitigation - nospec: Allow getting/setting on non-current task - proc: Provide details on speculation flaw mitigations - seccomp: Enable speculation flaw mitigations - SAUCE: x86/bugs: Honour SPEC_CTRL default - x86/bugs: Make boot modes __ro_after_init - prctl: Add force disable speculation - seccomp: Use PR_SPEC_FORCE_DISABLE - seccomp: Add filter flag to opt-out of SSB mitigation - seccomp: Move speculation migitation control to arch code - x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass - x86/bugs: Rename _RDS to _SSBD - proc: Use underscores for SSBD in 'status' - Documentation/spec_ctrl: Do some minor cleanups - x86/bugs: Fix __ssb_select_mitigation() return type - x86/bugs: Make cpu_show_common() static * LSM Stacking prctl values should be redefined as to not collide with upstream prctls (LP: #1769263) // CVE-2018-3639 - SAUCE: LSM stacking: adjust prctl values linux-oem (4.13.0-1027.30) xenial; urgency=medium * linux-oem: 4.13.0-1027.30 -proposed tracker (LP: #1769996) * set PINCFG_HEADSET_MIC to parse_flags for Dell precision 3630 (LP: #1766398) - ALSA: hda/realtek - set PINCFG_HEADSET_MIC to parse_flags * Change the location for one of two front mics on a lenovo thinkcentre machine (LP: #1766477) - ALSA: hda/realtek - adjust the location of one mic * Update btusb reset-resume quirk to decrease power usage (LP: #1766197) - SAUCE: Revert "usb: quirks: Add reset-resume quirk for Dell DW1820 QCA Rome Bluetooth" - Bluetooth: btusb: Use DMI matching for QCA reset_resume quirking - Bluetooth: btusb: Remove Yoga 920 from the btusb_needs_reset_resume_table - Bluetooth: btusb: Add Dell OptiPlex 3060 to btusb_needs_reset_resume_table * Update Aquantia driver to fix various issues (LP: #1759303) - SAUCE: Revert "net: aquantia: Reset nic statistics on interface up/down" - SAUCE: Revert "net: aquantia: Add queue restarts stats counter" - SAUCE: Revert "net: aquantia: Fixed transient link up/down/up notification" - SAUCE: Revert "net: aquantia: Limit number of MSIX irqs to the number of cpus" - SAUCE: Revert "net: aquantia: mmio unmap was not performed on driver
[Group.of.nepali.translators] [Bug 1766727] Re: initramfs-tools exception during pm.DoInstall with do-release-upgrade from 16.04 to 18.04
This bug was fixed in the package linux-hwe-edge - 4.15.0-22.24~16.04.1 --- linux-hwe-edge (4.15.0-22.24~16.04.1) xenial; urgency=medium * CVE-2018-3639 (powerpc) - powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit - stf-barrier: set eieio instruction bit 6 for future optimisations * CVE-2018-3639 (x86) - x86/nospec: Simplify alternative_msr_write() - x86/bugs: Concentrate bug detection into a separate function - x86/bugs: Concentrate bug reporting into a separate function - x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits - x86/bugs, KVM: Support the combination of guest and host IBRS - x86/bugs: Expose /sys/../spec_store_bypass - x86/cpufeatures: Add X86_FEATURE_RDS - x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation - x86/bugs/intel: Set proper CPU features and setup RDS - x86/bugs: Whitelist allowed SPEC_CTRL MSR values - x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested - x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest - x86/speculation: Create spec-ctrl.h to avoid include hell - prctl: Add speculation control prctls - x86/process: Allow runtime control of Speculative Store Bypass - x86/speculation: Add prctl for Speculative Store Bypass mitigation - nospec: Allow getting/setting on non-current task - proc: Provide details on speculation flaw mitigations - seccomp: Enable speculation flaw mitigations - x86/bugs: Make boot modes __ro_after_init - prctl: Add force disable speculation - seccomp: Use PR_SPEC_FORCE_DISABLE - seccomp: Add filter flag to opt-out of SSB mitigation - seccomp: Move speculation migitation control to arch code - x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass - x86/bugs: Rename _RDS to _SSBD - proc: Use underscores for SSBD in 'status' - Documentation/spec_ctrl: Do some minor cleanups - x86/bugs: Fix __ssb_select_mitigation() return type - x86/bugs: Make cpu_show_common() static * LSM Stacking prctl values should be redefined as to not collide with upstream prctls (LP: #1769263) // CVE-2018-3639 - SAUCE: LSM stacking: adjust prctl values linux (4.15.0-21.22) bionic; urgency=medium * linux: 4.15.0-21.22 -proposed tracker (LP: #1767397) * initramfs-tools exception during pm.DoInstall with do-release-upgrade from 16.04 to 18.04 (LP: #1766727) - Add linux-image-* Breaks on s390-tools (<< 2.3.0-0ubuntu3) * linux-image-4.15.0-20-generic install after upgrade from xenial breaks (LP: #1767133) - Packaging: Depends on linux-base that provides the necessary tools * linux-image packages need to Breaks flash-kernel << 3.90ubuntu2 (LP: #1766629) - linux-image-* breaks on flash-kernel (<< 3.90ubuntu2) -- Stefan BaderTue, 15 May 2018 07:41:28 +0200 ** Changed in: linux-hwe-edge (Ubuntu Xenial) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1766727 Title: initramfs-tools exception during pm.DoInstall with do-release-upgrade from 16.04 to 18.04 Status in Ubuntu on IBM z Systems: Fix Released Status in initramfs-tools package in Ubuntu: Invalid Status in linux package in Ubuntu: Fix Committed Status in linux-hwe-edge package in Ubuntu: Fix Committed Status in s390-tools package in Ubuntu: Fix Released Status in ubuntu-release-upgrader package in Ubuntu: Invalid Status in initramfs-tools source package in Xenial: Invalid Status in linux source package in Xenial: New Status in linux-hwe-edge source package in Xenial: Fix Released Status in s390-tools source package in Xenial: Fix Released Status in ubuntu-release-upgrader source package in Xenial: Invalid Status in initramfs-tools source package in Bionic: Invalid Status in linux source package in Bionic: Fix Released Status in linux-hwe-edge source package in Bionic: Invalid Status in s390-tools source package in Bionic: Fix Released Status in ubuntu-release-upgrader source package in Bionic: Invalid Bug description: [Impact] Upgrades of linux-image-generic-hwe-16.04-edge will fail to configure because the post-update script for zipl will fail. [Test Case] Upgrade linux-image-generic-hwe-16.04-edge from xenial to xenial-proposed on s390x. [Regression] zipl update on s390x might fail, causing the system to be unbootable. Upgrading from 16.04 to 18.04 using 'do-release-upgrade -d' results in: Errors were encountered while processing: initramfs-tools Exception during pm.DoInstall(): E:Sub-process /usr/bin/dpkg returned an error code (1) Could not install the upgrades The upgrade
[Group.of.nepali.translators] [Bug 1766727] Re: initramfs-tools exception during pm.DoInstall with do-release-upgrade from 16.04 to 18.04
This bug was fixed in the package linux - 4.15.0-22.24 --- linux (4.15.0-22.24) bionic; urgency=medium * CVE-2018-3639 (powerpc) - powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit - stf-barrier: set eieio instruction bit 6 for future optimisations * CVE-2018-3639 (x86) - x86/nospec: Simplify alternative_msr_write() - x86/bugs: Concentrate bug detection into a separate function - x86/bugs: Concentrate bug reporting into a separate function - x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits - x86/bugs, KVM: Support the combination of guest and host IBRS - x86/bugs: Expose /sys/../spec_store_bypass - x86/cpufeatures: Add X86_FEATURE_RDS - x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation - x86/bugs/intel: Set proper CPU features and setup RDS - x86/bugs: Whitelist allowed SPEC_CTRL MSR values - x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested - x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest - x86/speculation: Create spec-ctrl.h to avoid include hell - prctl: Add speculation control prctls - x86/process: Allow runtime control of Speculative Store Bypass - x86/speculation: Add prctl for Speculative Store Bypass mitigation - nospec: Allow getting/setting on non-current task - proc: Provide details on speculation flaw mitigations - seccomp: Enable speculation flaw mitigations - x86/bugs: Make boot modes __ro_after_init - prctl: Add force disable speculation - seccomp: Use PR_SPEC_FORCE_DISABLE - seccomp: Add filter flag to opt-out of SSB mitigation - seccomp: Move speculation migitation control to arch code - x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass - x86/bugs: Rename _RDS to _SSBD - proc: Use underscores for SSBD in 'status' - Documentation/spec_ctrl: Do some minor cleanups - x86/bugs: Fix __ssb_select_mitigation() return type - x86/bugs: Make cpu_show_common() static * LSM Stacking prctl values should be redefined as to not collide with upstream prctls (LP: #1769263) // CVE-2018-3639 - SAUCE: LSM stacking: adjust prctl values linux (4.15.0-21.22) bionic; urgency=medium * linux: 4.15.0-21.22 -proposed tracker (LP: #1767397) * initramfs-tools exception during pm.DoInstall with do-release-upgrade from 16.04 to 18.04 (LP: #1766727) - Add linux-image-* Breaks on s390-tools (<< 2.3.0-0ubuntu3) * linux-image-4.15.0-20-generic install after upgrade from xenial breaks (LP: #1767133) - Packaging: Depends on linux-base that provides the necessary tools * linux-image packages need to Breaks flash-kernel << 3.90ubuntu2 (LP: #1766629) - linux-image-* breaks on flash-kernel (<< 3.90ubuntu2) -- Stefan BaderTue, 15 May 2018 07:41:28 +0200 ** Changed in: linux (Ubuntu Bionic) Status: Fix Committed => Fix Released ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-3639 ** Changed in: linux-hwe-edge (Ubuntu Xenial) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1766727 Title: initramfs-tools exception during pm.DoInstall with do-release-upgrade from 16.04 to 18.04 Status in Ubuntu on IBM z Systems: Fix Released Status in initramfs-tools package in Ubuntu: Invalid Status in linux package in Ubuntu: Fix Committed Status in linux-hwe-edge package in Ubuntu: Fix Committed Status in s390-tools package in Ubuntu: Fix Released Status in ubuntu-release-upgrader package in Ubuntu: Invalid Status in initramfs-tools source package in Xenial: Invalid Status in linux source package in Xenial: New Status in linux-hwe-edge source package in Xenial: Fix Released Status in s390-tools source package in Xenial: Fix Released Status in ubuntu-release-upgrader source package in Xenial: Invalid Status in initramfs-tools source package in Bionic: Invalid Status in linux source package in Bionic: Fix Released Status in linux-hwe-edge source package in Bionic: Invalid Status in s390-tools source package in Bionic: Fix Released Status in ubuntu-release-upgrader source package in Bionic: Invalid Bug description: [Impact] Upgrades of linux-image-generic-hwe-16.04-edge will fail to configure because the post-update script for zipl will fail. [Test Case] Upgrade linux-image-generic-hwe-16.04-edge from xenial to xenial-proposed on s390x. [Regression] zipl update on s390x might fail, causing the system to be unbootable. Upgrading from 16.04 to 18.04 using 'do-release-upgrade -d' results in: Errors were encountered while processing: initramfs-tools Exception during
[Group.of.nepali.translators] [Bug 1765564] Re: fsnotify: Fix fsnotify_mark_connector race
This bug was fixed in the package linux-azure - 4.13.0-1018.21 --- linux-azure (4.13.0-1018.21) xenial; urgency=medium [ Ubuntu: 4.13.0-43.48 ] * CVE-2018-3639 (powerpc) - SAUCE: rfi-flush: update H_CPU_* macro names to upstream - SAUCE: rfi-flush: update plpar_get_cpu_characteristics() signature to upstream - SAUCE: update pseries_setup_rfi_flush() capitalization to upstream - powerpc/pseries: Support firmware disable of RFI flush - powerpc/powernv: Support firmware disable of RFI flush - powerpc/64s: Allow control of RFI flush via debugfs - powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code - powerpc/rfi-flush: Always enable fallback flush on pseries - powerpc/rfi-flush: Differentiate enabled and patched flush types - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags - powerpc: Add security feature flags for Spectre/Meltdown - powerpc/powernv: Set or clear security feature flags - powerpc/pseries: Set or clear security feature flags - powerpc/powernv: Use the security flags in pnv_setup_rfi_flush() - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush() - powerpc/pseries: Fix clearing of security feature flags - powerpc: Move default security feature flags - powerpc/pseries: Restore default security feature flags on setup - powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit * CVE-2018-3639 (x86) - SAUCE: Add X86_FEATURE_ARCH_CAPABILITIES - SAUCE: x86: Add alternative_msr_write - x86/nospec: Simplify alternative_msr_write() - x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown - x86/bugs: Concentrate bug detection into a separate function - x86/bugs: Concentrate bug reporting into a separate function - x86/msr: Add definitions for new speculation control MSRs - x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits - x86/bugs, KVM: Support the combination of guest and host IBRS - x86/bugs: Expose /sys/../spec_store_bypass - x86/cpufeatures: Add X86_FEATURE_RDS - x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation - x86/bugs/intel: Set proper CPU features and setup RDS - x86/bugs: Whitelist allowed SPEC_CTRL MSR values - x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested - x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest - x86/speculation: Create spec-ctrl.h to avoid include hell - prctl: Add speculation control prctls - x86/process: Allow runtime control of Speculative Store Bypass - x86/speculation: Add prctl for Speculative Store Bypass mitigation - nospec: Allow getting/setting on non-current task - proc: Provide details on speculation flaw mitigations - seccomp: Enable speculation flaw mitigations - SAUCE: x86/bugs: Honour SPEC_CTRL default - x86/bugs: Make boot modes __ro_after_init - prctl: Add force disable speculation - seccomp: Use PR_SPEC_FORCE_DISABLE - seccomp: Add filter flag to opt-out of SSB mitigation - seccomp: Move speculation migitation control to arch code - x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass - x86/bugs: Rename _RDS to _SSBD - proc: Use underscores for SSBD in 'status' - Documentation/spec_ctrl: Do some minor cleanups - x86/bugs: Fix __ssb_select_mitigation() return type - x86/bugs: Make cpu_show_common() static * LSM Stacking prctl values should be redefined as to not collide with upstream prctls (LP: #1769263) // CVE-2018-3639 - SAUCE: LSM stacking: adjust prctl values [ Ubuntu: 4.13.0-42.47 ] * linux: 4.13.0-42.47 -proposed tracker (LP: #1769993) * arm64: fix CONFIG_DEBUG_WX address reporting (LP: #1765850) - arm64: fix CONFIG_DEBUG_WX address reporting * HiSilicon HNS NIC names are truncated in /proc/interrupts (LP: #1765977) - net: hns: Avoid action name truncation * CVE-2017-18208 - mm/madvise.c: fix madvise() infinite loop under special circumstances * CVE-2018-8822 - staging: ncpfs: memory corruption in ncp_read_kernel() * CVE-2017-18203 - dm: fix race between dm_get_from_kobject() and __dm_destroy() * CVE-2017-17449 - netlink: Add netns check on taps * CVE-2017-17975 - media: usbtv: prevent double free in error case * [8086:3e92] display becomes blank after S3 (LP: #1763271) - drm/i915/edp: Allow alternate fixed mode for eDP if available. - drm/i915/dp: rename intel_dp_is_edp to intel_dp_is_port_edp - drm/i915/dp: make is_edp non-static and rename to intel_dp_is_edp - drm/i915/edp: Do not do link training fallback or prune modes on EDP * sky2 gigabit ethernet driver sometimes stops working after lid-open resume from sleep (88E8055) (LP: #1758507) - sky2: Increase D3 delay to sky2 stops working after suspend * perf vendor events arm64: Enable JSON
[Group.of.nepali.translators] [Bug 1767133] Re: linux-image-4.15.0-20-generic install after upgrade from xenial breaks
This bug was fixed in the package linux - 4.15.0-22.24 --- linux (4.15.0-22.24) bionic; urgency=medium * CVE-2018-3639 (powerpc) - powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit - stf-barrier: set eieio instruction bit 6 for future optimisations * CVE-2018-3639 (x86) - x86/nospec: Simplify alternative_msr_write() - x86/bugs: Concentrate bug detection into a separate function - x86/bugs: Concentrate bug reporting into a separate function - x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits - x86/bugs, KVM: Support the combination of guest and host IBRS - x86/bugs: Expose /sys/../spec_store_bypass - x86/cpufeatures: Add X86_FEATURE_RDS - x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation - x86/bugs/intel: Set proper CPU features and setup RDS - x86/bugs: Whitelist allowed SPEC_CTRL MSR values - x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested - x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest - x86/speculation: Create spec-ctrl.h to avoid include hell - prctl: Add speculation control prctls - x86/process: Allow runtime control of Speculative Store Bypass - x86/speculation: Add prctl for Speculative Store Bypass mitigation - nospec: Allow getting/setting on non-current task - proc: Provide details on speculation flaw mitigations - seccomp: Enable speculation flaw mitigations - x86/bugs: Make boot modes __ro_after_init - prctl: Add force disable speculation - seccomp: Use PR_SPEC_FORCE_DISABLE - seccomp: Add filter flag to opt-out of SSB mitigation - seccomp: Move speculation migitation control to arch code - x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass - x86/bugs: Rename _RDS to _SSBD - proc: Use underscores for SSBD in 'status' - Documentation/spec_ctrl: Do some minor cleanups - x86/bugs: Fix __ssb_select_mitigation() return type - x86/bugs: Make cpu_show_common() static * LSM Stacking prctl values should be redefined as to not collide with upstream prctls (LP: #1769263) // CVE-2018-3639 - SAUCE: LSM stacking: adjust prctl values linux (4.15.0-21.22) bionic; urgency=medium * linux: 4.15.0-21.22 -proposed tracker (LP: #1767397) * initramfs-tools exception during pm.DoInstall with do-release-upgrade from 16.04 to 18.04 (LP: #1766727) - Add linux-image-* Breaks on s390-tools (<< 2.3.0-0ubuntu3) * linux-image-4.15.0-20-generic install after upgrade from xenial breaks (LP: #1767133) - Packaging: Depends on linux-base that provides the necessary tools * linux-image packages need to Breaks flash-kernel << 3.90ubuntu2 (LP: #1766629) - linux-image-* breaks on flash-kernel (<< 3.90ubuntu2) -- Stefan BaderTue, 15 May 2018 07:41:28 +0200 ** Changed in: linux (Ubuntu Bionic) Status: Fix Committed => Fix Released ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-3639 ** Changed in: linux-hwe-edge (Ubuntu Xenial) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1767133 Title: linux-image-4.15.0-20-generic install after upgrade from xenial breaks Status in linux package in Ubuntu: Fix Committed Status in linux-hwe-edge package in Ubuntu: Invalid Status in linux source package in Xenial: Invalid Status in linux-hwe-edge source package in Xenial: Fix Released Status in linux source package in Bionic: Fix Released Status in linux-hwe-edge source package in Bionic: Invalid Bug description: [Impact] Some upgrades from xenial to bionic break. [Test Case] Change sources.list from xenial to bionic, then apt install linux-image-4.15.0-20-generic. [Regression Potential] The kernel may be uninstallable if there is no linux-base with the appropriate version in the archive. When installing the linux-image-4.15.0-20-generic kernel from bionic on xenial breaks because of the unversioned Depends on linux-base. /var/lib/dpkg/info/linux-image-4.15.0-20-generic.postinst: 50: /var/lib/dpkg/info/linux-image-4.15.0-20-generic.postinst: linux-update-symlinks: not found dpkg: error processing package linux-image-4.15.0-20-generic (--configure): subprocess installed post-installation script returned error exit status 127 Errors were encountered while processing: linux-image-4.15.0-20-generic E: Sub-process /usr/bin/dpkg returned an error code (1) If the trigger is called, when some meta packages are installed, it won't happen. If all packages are upgraded, it's possible linux-base is going to be upgraded first, so the problem won't happen either. So, not all upgrades will be affected. To
[Group.of.nepali.translators] [Bug 1755627] Re: ibrs/ibpb fixes result in excessive kernel logging
This bug was fixed in the package linux - 4.4.0-127.153 --- linux (4.4.0-127.153) xenial; urgency=medium * CVE-2018-3639 (powerpc) - powerpc/pseries: Support firmware disable of RFI flush - powerpc/powernv: Support firmware disable of RFI flush - powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code - powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again - powerpc/rfi-flush: Always enable fallback flush on pseries - powerpc/rfi-flush: Differentiate enabled and patched flush types - powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags - powerpc: Add security feature flags for Spectre/Meltdown - powerpc/pseries: Set or clear security feature flags - powerpc/powernv: Set or clear security feature flags - powerpc/64s: Move cpu_show_meltdown() - powerpc/64s: Enhance the information in cpu_show_meltdown() - powerpc/powernv: Use the security flags in pnv_setup_rfi_flush() - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush() - powerpc/64s: Wire up cpu_show_spectre_v1() - powerpc/64s: Wire up cpu_show_spectre_v2() - powerpc/pseries: Fix clearing of security feature flags - powerpc: Move default security feature flags - powerpc/pseries: Restore default security feature flags on setup - SAUCE: powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit * CVE-2018-3639 (x86) - SAUCE: Clean up IBPB and IBRS control functions and macros - SAUCE: Fix up IBPB and IBRS kernel parameters documentation - SAUCE: Remove #define X86_FEATURE_PTI - x86/cpufeature: Move some of the scattered feature bits to x86_capability - x86/cpufeature: Cleanup get_cpu_cap() - x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6 - x86/cpufeatures: Add CPUID_7_EDX CPUID leaf - x86/cpufeatures: Add Intel feature bits for Speculation Control - SAUCE: x86/kvm: Expose SPEC_CTRL from the leaf - x86/cpufeatures: Add AMD feature bits for Speculation Control - x86/msr: Add definitions for new speculation control MSRs - SAUCE: x86/msr: Rename MSR spec control feature bits - x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown - x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes - x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support - x86/speculation: Add dependency - x86/cpufeatures: Clean up Spectre v2 related CPUID flags - x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel - SAUCE: x86/speculation: Move vendor specific IBRS/IBPB control code - SAUCE: x86: Add alternative_msr_write - SAUCE: x86/nospec: Simplify alternative_msr_write() - SAUCE: x86/bugs: Concentrate bug detection into a separate function - SAUCE: x86/bugs: Concentrate bug reporting into a separate function - arch: Introduce post-init read-only memory - SAUCE: x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits - SAUCE: x86/bugs, KVM: Support the combination of guest and host IBRS - SAUCE: x86/bugs: Expose /sys/../spec_store_bypass - SAUCE: x86/cpufeatures: Add X86_FEATURE_RDS - SAUCE: x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation - SAUCE: x86/bugs/intel: Set proper CPU features and setup RDS - SAUCE: x86/bugs: Whitelist allowed SPEC_CTRL MSR values - SAUCE: x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested - SAUCE: x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest - SAUCE: x86/speculation: Create spec-ctrl.h to avoid include hell - SAUCE: prctl: Add speculation control prctls - x86/process: Optimize TIF checks in __switch_to_xtra() - SAUCE: x86/process: Allow runtime control of Speculative Store Bypass - SAUCE: x86/speculation: Add prctl for Speculative Store Bypass mitigation - SAUCE: nospec: Allow getting/setting on non-current task - SAUCE: proc: Provide details on speculation flaw mitigations - SAUCE: seccomp: Enable speculation flaw mitigations - SAUCE: x86/bugs: Honour SPEC_CTRL default - SAUCE: x86/bugs: Make boot modes __ro_after_init - SAUCE: prctl: Add force disable speculation - SAUCE: seccomp: Use PR_SPEC_FORCE_DISABLE - selftest/seccomp: Fix the flag name SECCOMP_FILTER_FLAG_TSYNC - SAUCE: seccomp: Add filter flag to opt-out of SSB mitigation - SAUCE: seccomp: Move speculation migitation control to arch code - SAUCE: x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass - SAUCE: x86/bugs: Rename _RDS to _SSBD - SAUCE: proc: Use underscores for SSBD in 'status' - SAUCE: Documentation/spec_ctrl: Do some minor cleanups - SAUCE: x86/bugs: Fix __ssb_select_mitigation() return type - SAUCE: x86/bugs: Make cpu_show_common() static
[Group.of.nepali.translators] [Bug 1755627] Re: ibrs/ibpb fixes result in excessive kernel logging
This bug was fixed in the package linux - 3.13.0-149.199 --- linux (3.13.0-149.199) trusty; urgency=medium * CVE-2018-3639 (powerpc) - SAUCE: rfi-flush: update H_CPU_* macro names to upstream - SAUCE: rfi-flush: update plpar_get_cpu_characteristics() signature to upstream - powerpc/pseries: Support firmware disable of RFI flush - powerpc/powernv: Support firmware disable of RFI flush - powerpc/64s: Allow control of RFI flush via debugfs - powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code - powerpc/rfi-flush: Always enable fallback flush on pseries - powerpc/rfi-flush: Differentiate enabled and patched flush types - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags - powerpc: Add security feature flags for Spectre/Meltdown - powerpc/pseries: Set or clear security feature flags - powerpc/powernv: Set or clear security feature flags - powerpc/powernv: Use the security flags in pnv_setup_rfi_flush() - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush() - powerpc/pseries: Fix clearing of security feature flags - powerpc: Move default security feature flags - powerpc/pseries: Restore default security feature flags on setup - powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit - SAUCE: powerpc/64s: Move the data access exception out-of-line * CVE-2018-3639 (x86) - arch: Introduce post-init read-only memory - SAUCE: Add X86_FEATURE_ARCH_CAPABILITIES - SAUCE: x86: Add alternative_msr_write - x86/nospec: Simplify alternative_msr_write() - x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown - x86/bugs: Concentrate bug detection into a separate function - x86/bugs: Concentrate bug reporting into a separate function - x86/msr: Add definitions for new speculation control MSRs - x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits - x86/bugs, KVM: Support the combination of guest and host IBRS - x86/bugs: Expose /sys/../spec_store_bypass - x86/cpufeatures: Add X86_FEATURE_RDS - x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation - x86/bugs/intel: Set proper CPU features and setup RDS - x86/bugs: Whitelist allowed SPEC_CTRL MSR values - x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested - x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest - x86/speculation: Create spec-ctrl.h to avoid include hell - prctl: Add speculation control prctls - x86/process: Allow runtime control of Speculative Store Bypass - x86/speculation: Add prctl for Speculative Store Bypass mitigation - nospec: Allow getting/setting on non-current task - proc: Provide details on speculation flaw mitigations - seccomp: Enable speculation flaw mitigations - SAUCE: x86/bugs: Honour SPEC_CTRL default - x86/bugs: Make boot modes __ro_after_init - prctl: Add force disable speculation - seccomp: Use PR_SPEC_FORCE_DISABLE - seccomp: Add filter flag to opt-out of SSB mitigation - seccomp: Move speculation migitation control to arch code - x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass - x86/bugs: Rename _RDS to _SSBD - proc: Use underscores for SSBD in 'status' - Documentation/spec_ctrl: Do some minor cleanups - x86/bugs: Fix __ssb_select_mitigation() return type - x86/bugs: Make cpu_show_common() static linux (3.13.0-148.197) trusty; urgency=medium * linux: 3.13.0-148.197 -proposed tracker (LP: #1769077) * CVE-2017-18208 - mm/madvise.c: fix madvise() infinite loop under special circumstances * CVE-2018-8822 - staging: ncpfs: memory corruption in ncp_read_kernel() * CVE-2017-18221 - mlock: fix mlock count can not decrease in race condition * CVE-2017-12134 - xen: fix bio vec merging * CVE-2017-18203 - dm: fix race between dm_get_from_kobject() and __dm_destroy() * CVE-2017-17449 - netlink: Add netns check on taps * CVE-2017-13220 - Bluetooth: hidp_connection_add() unsafe use of l2cap_pi() * CVE-2017-18204 - ocfs2: should wait dio before inode lock in ocfs2_setattr() * CVE-2017-13305 - KEYS: encrypted: fix buffer overread in valid_master_desc() * CVE-2017-18079 - Input: i8042 - fix crash at boot time * "ip a" command on a guest VM shows UNKNOWN status (LP: #1761534) - virtio-net: Fix operstate for virtio when no VIRTIO_NET_F_STATUS * ibrs/ibpb fixes result in excessive kernel logging (LP: #1755627) - SAUCE: remove ibrs_dump sysctl interface -- Stefan BaderMon, 14 May 2018 16:58:50 +0200 ** Changed in: linux (Ubuntu Trusty) Status: Fix Committed => Fix Released ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-12134 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-13220
[Group.of.nepali.translators] [Bug 1437353] Re: UEFI network boot hangs at grub for adapter 82599ES 10-Gigabit SFI/SFP+
This bug was fixed in the package grub2 - 2.02~beta2-36ubuntu3.18 --- grub2 (2.02~beta2-36ubuntu3.18) xenial; urgency=medium * debian/patches/efinet_check_imm_completion.patch: check for immediate completion when sending data to the net device buffer. This is a required commit for the patch below. * debian/patches/efinet_handle_buggy_get_status.patch: correctly handle the output of get_status() for EFI net devices on buggy firmware. (LP: #1437353) -- Mathieu Trudel-LapierreMon, 19 Mar 2018 16:11:06 -0400 ** Changed in: grub2 (Ubuntu Xenial) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1437353 Title: UEFI network boot hangs at grub for adapter 82599ES 10-Gigabit SFI/SFP+ Status in MAAS: Invalid Status in maas-images: Triaged Status in python-tx-tftp: Invalid Status in grub2 package in Ubuntu: Fix Released Status in grub2-signed package in Ubuntu: New Status in grub2 source package in Trusty: New Status in grub2-signed source package in Trusty: New Status in grub2 source package in Xenial: Fix Released Status in grub2-signed source package in Xenial: Fix Released Status in grub2 source package in Yakkety: Won't Fix Status in grub2-signed source package in Yakkety: Won't Fix Bug description: [Impact] MAAS commissioning may fail when deploying Xenial images or using grubx64.efi from Xenial due to hardware particularities of some Intel 82599-based network cards. Other network manufacturers may be affected as well. The main failure mode appears to be an infinite re-send of some packets because of an unexpected response from the network hardware. [Test case] 1) Attempt to netboot on a system with a "82599ES 10-Gigabit SFI/SFP+" network adapter; in UEFI mode. 2) Validate that netbooting happens correctly, passing control over to the kernel as configured in grub.cfg. 3) Validate that netbooting another system, not using an Intel 82599 adapter, behaves normally when booting in UEFI mode. 4) Validate that netbooting another system, not using an Intel 82599 adapter, behaves normally when booting in LEGACY mode. [Regression potential] As this affects network in EFI mode; any failure to netboot using EFI should be considered a possible regression. Systems may fail to receive data from the network boot server and terminate the process with a timeout. Another possible failure scenario is to fail to receive complete data over the network, or data corruption. I am using MAAS to commission and install machines. When I attempt to commission a machine with a "82599ES 10-Gigabit SFI/SFP+" network adapter the following happens: 1) TFTP Request — bootx64.efi 2) TFTP Request — /grubx64.efi 3) Console hangs at grub prompt If I go into bios and force the adapter above into legacy mode then the machine is able to network boot and run through the commission process. 1) TFTP Request — ubuntu/amd64/generic/trusty/release/boot-initrd 2) TFTP Request — ubuntu/amd64/generic/trusty/release/boot-kernel 3) TFTP Request — ifcpu64.c32 4) PXE Request — power off 5) TFTP Request — pxelinux.cfg/01-90-e2-ba-52-23-78 6) TFTP Request — pxelinux.cfg/71e3f102-bd8b-11e4-b634-3c18a001c80a 7) TFTP Request — pxelinux.0 Also, if I disconnect the cable to the adapter above and connect a cable to the integrated "I210 Gigabit" adapter which is configured for UEFI mode. The machine is able to network boot grubx64.efi and run through the commission process. ~$ dpkg -l '*maas*'|cat Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) ||/ Name Version Architecture Description +++-=-==--=== ii maas 1.7.2+bzr3355-0ubuntu1~trusty1 all MAAS server all-in-one metapackage ii maas-cli 1.7.2+bzr3355-0ubuntu1~trusty1 all MAAS command line API tool ii maas-cluster-controller 1.7.2+bzr3355-0ubuntu1~trusty1 all MAAS server cluster controller ii maas-common 1.7.2+bzr3355-0ubuntu1~trusty1 all MAAS server common files ii maas-dhcp 1.7.2+bzr3355-0ubuntu1~trusty1 all MAAS DHCP server ii maas-dns 1.7.2+bzr3355-0ubuntu1~trusty1 all MAAS DNS server ii maas-proxy
[Group.of.nepali.translators] [Bug 1437353] Re: UEFI network boot hangs at grub for adapter 82599ES 10-Gigabit SFI/SFP+
This bug was fixed in the package grub2-signed - 1.66.18 --- grub2-signed (1.66.18) xenial; urgency=medium * Rebuild against grub2 2.02~beta2-36ubuntu3.18. (LP: #1437353) -- Mathieu Trudel-LapierreTue, 20 Mar 2018 10:27:27 -0400 ** Changed in: grub2-signed (Ubuntu Xenial) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1437353 Title: UEFI network boot hangs at grub for adapter 82599ES 10-Gigabit SFI/SFP+ Status in MAAS: Invalid Status in maas-images: Triaged Status in python-tx-tftp: Invalid Status in grub2 package in Ubuntu: Fix Released Status in grub2-signed package in Ubuntu: New Status in grub2 source package in Trusty: New Status in grub2-signed source package in Trusty: New Status in grub2 source package in Xenial: Fix Released Status in grub2-signed source package in Xenial: Fix Released Status in grub2 source package in Yakkety: Won't Fix Status in grub2-signed source package in Yakkety: Won't Fix Bug description: [Impact] MAAS commissioning may fail when deploying Xenial images or using grubx64.efi from Xenial due to hardware particularities of some Intel 82599-based network cards. Other network manufacturers may be affected as well. The main failure mode appears to be an infinite re-send of some packets because of an unexpected response from the network hardware. [Test case] 1) Attempt to netboot on a system with a "82599ES 10-Gigabit SFI/SFP+" network adapter; in UEFI mode. 2) Validate that netbooting happens correctly, passing control over to the kernel as configured in grub.cfg. 3) Validate that netbooting another system, not using an Intel 82599 adapter, behaves normally when booting in UEFI mode. 4) Validate that netbooting another system, not using an Intel 82599 adapter, behaves normally when booting in LEGACY mode. [Regression potential] As this affects network in EFI mode; any failure to netboot using EFI should be considered a possible regression. Systems may fail to receive data from the network boot server and terminate the process with a timeout. Another possible failure scenario is to fail to receive complete data over the network, or data corruption. I am using MAAS to commission and install machines. When I attempt to commission a machine with a "82599ES 10-Gigabit SFI/SFP+" network adapter the following happens: 1) TFTP Request — bootx64.efi 2) TFTP Request — /grubx64.efi 3) Console hangs at grub prompt If I go into bios and force the adapter above into legacy mode then the machine is able to network boot and run through the commission process. 1) TFTP Request — ubuntu/amd64/generic/trusty/release/boot-initrd 2) TFTP Request — ubuntu/amd64/generic/trusty/release/boot-kernel 3) TFTP Request — ifcpu64.c32 4) PXE Request — power off 5) TFTP Request — pxelinux.cfg/01-90-e2-ba-52-23-78 6) TFTP Request — pxelinux.cfg/71e3f102-bd8b-11e4-b634-3c18a001c80a 7) TFTP Request — pxelinux.0 Also, if I disconnect the cable to the adapter above and connect a cable to the integrated "I210 Gigabit" adapter which is configured for UEFI mode. The machine is able to network boot grubx64.efi and run through the commission process. ~$ dpkg -l '*maas*'|cat Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) ||/ Name Version Architecture Description +++-=-==--=== ii maas 1.7.2+bzr3355-0ubuntu1~trusty1 all MAAS server all-in-one metapackage ii maas-cli 1.7.2+bzr3355-0ubuntu1~trusty1 all MAAS command line API tool ii maas-cluster-controller 1.7.2+bzr3355-0ubuntu1~trusty1 all MAAS server cluster controller ii maas-common 1.7.2+bzr3355-0ubuntu1~trusty1 all MAAS server common files ii maas-dhcp 1.7.2+bzr3355-0ubuntu1~trusty1 all MAAS DHCP server ii maas-dns 1.7.2+bzr3355-0ubuntu1~trusty1 all MAAS DNS server ii maas-proxy1.7.2+bzr3355-0ubuntu1~trusty1 all MAAS Caching Proxy ii maas-region-controller1.7.2+bzr3355-0ubuntu1~trusty1 all MAAS server complete region controller ii maas-region-controller-min1.7.2+bzr3355-0ubuntu1~trusty1 all MAAS Server
[Group.of.nepali.translators] [Bug 1758037] Re: LTC Test- Ubuntu18.04: Starting the guest with network filter defined will fail with "cause is unknown".
** Changed in: ubuntu-power-systems Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1758037 Title: LTC Test- Ubuntu18.04: Starting the guest with network filter defined will fail with "cause is unknown". Status in libvirt: Unknown Status in The Ubuntu-power-systems project: Fix Released Status in libvirt package in Ubuntu: Fix Released Status in libvirt source package in Xenial: Fix Released Status in libvirt source package in Artful: Fix Released Status in libvirt source package in Bionic: Fix Released Bug description: [Impact] * nwfilters were not usable if configured to use dhcp based learning * Fix by backporting upstream bug [Test Case] * Add the following to the interface section of a guest description in libvirt: Then start the guest. Bad case: error: Failed to start domain VM1 error: An error occurred, but the cause is unknown Fixed: Guest starts and works. [Regression Potential] * I thought a while on this. On first sight one might say there is a regression risk due to increasing the size of the buffer. This risk would arise on hyperscale environments where the memory consumption per guest would increase by 2*128Kb*#guest-interfaces (not much, but can sum up on MANY guests). But then I realized that this is only true for the use case using dhcpsnoop which is a) clearly not the most common case b) failing to work at all before this fix So there can't be anyone today with a working setup that then runs OOM, due to the setup either not using the feature (=no change) or failing missing this fix. So I actually think this mem consumption increase is not an issue in terms of SRU considerations. Due to that the only remaining regression would be users that had a self-built libpcap without TPACKET_V3 to drive a workload like the above, and even then only the rather small size bump is what changes. [Other Info] * I have added this case and a few deeper checks on the created rules for iptables to the regression tests --- == Comment: #2 - Mallesh N. Koti- 2018-02-28 05:02:49 == Guest Xml === ISSUE === Defining a network filter and Starting a VM with this nwfiter in VM's xml is failing with "cause is unknown". == Recreation Steps == 1. Define a network filter as: virsh nwfilter-define filter.xml 2. Add nwfilter in guest xml and start guest. virsh start VM1 It fails with : # virsh start VM1 error: Failed to start domain VM1 error: An error occurred, but the cause is unknown XML used for defining network filter: ``` -b071-6127-b4ec- ``` will be attaching the guest xml The issue happens with Ubuntu 18.04 host - where not able to start the guest with network defined with value dhcp. . Found following commit is not there in 18.04 Ubuntu source. There could be some dependent commit too. we are facing some build issue and hence not able to verify it. . https://github.com/libvirt/libvirt/commit/e62cb4a9b78c7f4499a206635fb4f06e6ac627e5 . To manage notifications about this bug go to: https://bugs.launchpad.net/libvirt/+bug/1758037/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1752044] Re: Update Qualcomm QCA6174-HMC (DW1820) to comply with CE-RED (Radio Emissions Directive)
** Changed in: hwe-next Status: New => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1752044 Title: Update Qualcomm QCA6174-HMC (DW1820) to comply with CE-RED (Radio Emissions Directive) Status in HWE Next: Fix Released Status in linux-firmware package in Ubuntu: Fix Released Status in linux-firmware source package in Xenial: Fix Released Status in linux-firmware source package in Bionic: Fix Released Bug description: SRU Justification Impact: New ath10k firmware is needed for compliance with CE-RED. Fix: Updated firmware files. Regression Potential: This update has been in upstream linux-firmware for a while now. While regressions are possible, the firmware should have seen a lot of use by now. --- To comply with CE-RED (Radio Emissions Directive), ath10k/QCA6174/hw3.0/board-2.bin and ath10k/QCA6174/hw3.0/firmware-6.bin have to be updated. The commits are: commit 1d1dd4be21cde408b0fb12774d477293bc8d4cc2 Author: Kalle ValoAuthorDate: Thu Feb 15 15:10:51 2018 +0200 Commit: Kalle Valo CommitDate: Thu Feb 15 15:10:51 2018 +0200 ath10k: QCA6174 hw3.0: update board-2.bin Signed-off-by: Kalle Valo commit 6f1d3b7cfeef426f3c3d79bf916e3bef8f82a3dc Author: Kalle Valo AuthorDate: Thu Feb 15 15:10:51 2018 +0200 Commit: Kalle Valo CommitDate: Thu Feb 15 15:10:51 2018 +0200 ath10k: QCA6174 hw3.0: update firmware-6.bin to WLAN.RM.4.4.1-00079-QCARMSWPZ-1 Signed-off-by: Kalle Valo To manage notifications about this bug go to: https://bugs.launchpad.net/hwe-next/+bug/1752044/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1758037] Re: LTC Test- Ubuntu18.04: Starting the guest with network filter defined will fail with "cause is unknown".
This bug was fixed in the package libvirt - 3.6.0-1ubuntu6.7 --- libvirt (3.6.0-1ubuntu6.7) artful; urgency=medium * Fix nwfilters that set CTRL_IP_LEARNING set to dhcp failing with "An error occurred, but the cause is unknown" due to a buffer being too small for pcap with TPACKET_V3 enabled (LP: #1758037) - debian/patches/ubuntu/lp-1758037-nwfilter-increase-pcap-buffer-size.patch -- Christian EhrhardtFri, 11 May 2018 07:35:09 +0200 ** Changed in: libvirt (Ubuntu Artful) Status: Fix Committed => Fix Released ** Changed in: libvirt (Ubuntu Xenial) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1758037 Title: LTC Test- Ubuntu18.04: Starting the guest with network filter defined will fail with "cause is unknown". Status in libvirt: Unknown Status in The Ubuntu-power-systems project: Fix Committed Status in libvirt package in Ubuntu: Fix Released Status in libvirt source package in Xenial: Fix Released Status in libvirt source package in Artful: Fix Released Status in libvirt source package in Bionic: Fix Released Bug description: [Impact] * nwfilters were not usable if configured to use dhcp based learning * Fix by backporting upstream bug [Test Case] * Add the following to the interface section of a guest description in libvirt: Then start the guest. Bad case: error: Failed to start domain VM1 error: An error occurred, but the cause is unknown Fixed: Guest starts and works. [Regression Potential] * I thought a while on this. On first sight one might say there is a regression risk due to increasing the size of the buffer. This risk would arise on hyperscale environments where the memory consumption per guest would increase by 2*128Kb*#guest-interfaces (not much, but can sum up on MANY guests). But then I realized that this is only true for the use case using dhcpsnoop which is a) clearly not the most common case b) failing to work at all before this fix So there can't be anyone today with a working setup that then runs OOM, due to the setup either not using the feature (=no change) or failing missing this fix. So I actually think this mem consumption increase is not an issue in terms of SRU considerations. Due to that the only remaining regression would be users that had a self-built libpcap without TPACKET_V3 to drive a workload like the above, and even then only the rather small size bump is what changes. [Other Info] * I have added this case and a few deeper checks on the created rules for iptables to the regression tests --- == Comment: #2 - Mallesh N. Koti - 2018-02-28 05:02:49 == Guest Xml === ISSUE === Defining a network filter and Starting a VM with this nwfiter in VM's xml is failing with "cause is unknown". == Recreation Steps == 1. Define a network filter as: virsh nwfilter-define filter.xml 2. Add nwfilter in guest xml and start guest. virsh start VM1 It fails with : # virsh start VM1 error: Failed to start domain VM1 error: An error occurred, but the cause is unknown XML used for defining network filter: ``` -b071-6127-b4ec- ``` will be attaching the guest xml The issue happens with Ubuntu 18.04 host - where not able to start the guest with network defined with value dhcp. . Found following commit is not there in 18.04 Ubuntu source. There could be some dependent commit too. we are facing some build issue and hence not able to verify it. . https://github.com/libvirt/libvirt/commit/e62cb4a9b78c7f4499a206635fb4f06e6ac627e5 . To manage notifications about this bug go to: https://bugs.launchpad.net/libvirt/+bug/1758037/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1758037] Re: LTC Test- Ubuntu18.04: Starting the guest with network filter defined will fail with "cause is unknown".
This bug was fixed in the package libvirt - 1.3.1-1ubuntu10.23 --- libvirt (1.3.1-1ubuntu10.23) xenial; urgency=medium * Fix nwfilters that set CTRL_IP_LEARNING set to dhcp failing with "An error occurred, but the cause is unknown" due to a buffer being too small for pcap with TPACKET_V3 enabled (LP: #1758037) - debian/patches/ubuntu/lp-1758037-nwfilter-increase-pcap-buffer-size.patch -- Christian EhrhardtFri, 11 May 2018 07:37:36 +0200 ** Changed in: libvirt (Ubuntu Bionic) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1758037 Title: LTC Test- Ubuntu18.04: Starting the guest with network filter defined will fail with "cause is unknown". Status in libvirt: Unknown Status in The Ubuntu-power-systems project: Fix Committed Status in libvirt package in Ubuntu: Fix Released Status in libvirt source package in Xenial: Fix Released Status in libvirt source package in Artful: Fix Released Status in libvirt source package in Bionic: Fix Released Bug description: [Impact] * nwfilters were not usable if configured to use dhcp based learning * Fix by backporting upstream bug [Test Case] * Add the following to the interface section of a guest description in libvirt: Then start the guest. Bad case: error: Failed to start domain VM1 error: An error occurred, but the cause is unknown Fixed: Guest starts and works. [Regression Potential] * I thought a while on this. On first sight one might say there is a regression risk due to increasing the size of the buffer. This risk would arise on hyperscale environments where the memory consumption per guest would increase by 2*128Kb*#guest-interfaces (not much, but can sum up on MANY guests). But then I realized that this is only true for the use case using dhcpsnoop which is a) clearly not the most common case b) failing to work at all before this fix So there can't be anyone today with a working setup that then runs OOM, due to the setup either not using the feature (=no change) or failing missing this fix. So I actually think this mem consumption increase is not an issue in terms of SRU considerations. Due to that the only remaining regression would be users that had a self-built libpcap without TPACKET_V3 to drive a workload like the above, and even then only the rather small size bump is what changes. [Other Info] * I have added this case and a few deeper checks on the created rules for iptables to the regression tests --- == Comment: #2 - Mallesh N. Koti - 2018-02-28 05:02:49 == Guest Xml === ISSUE === Defining a network filter and Starting a VM with this nwfiter in VM's xml is failing with "cause is unknown". == Recreation Steps == 1. Define a network filter as: virsh nwfilter-define filter.xml 2. Add nwfilter in guest xml and start guest. virsh start VM1 It fails with : # virsh start VM1 error: Failed to start domain VM1 error: An error occurred, but the cause is unknown XML used for defining network filter: ``` -b071-6127-b4ec- ``` will be attaching the guest xml The issue happens with Ubuntu 18.04 host - where not able to start the guest with network defined with value dhcp. . Found following commit is not there in 18.04 Ubuntu source. There could be some dependent commit too. we are facing some build issue and hence not able to verify it. . https://github.com/libvirt/libvirt/commit/e62cb4a9b78c7f4499a206635fb4f06e6ac627e5 . To manage notifications about this bug go to: https://bugs.launchpad.net/libvirt/+bug/1758037/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1764810] Re: Xenial: rfkill: fix missing return on rfkill_init
This bug was fixed in the package linux - 4.4.0-127.153 --- linux (4.4.0-127.153) xenial; urgency=medium * CVE-2018-3639 (powerpc) - powerpc/pseries: Support firmware disable of RFI flush - powerpc/powernv: Support firmware disable of RFI flush - powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code - powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again - powerpc/rfi-flush: Always enable fallback flush on pseries - powerpc/rfi-flush: Differentiate enabled and patched flush types - powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags - powerpc: Add security feature flags for Spectre/Meltdown - powerpc/pseries: Set or clear security feature flags - powerpc/powernv: Set or clear security feature flags - powerpc/64s: Move cpu_show_meltdown() - powerpc/64s: Enhance the information in cpu_show_meltdown() - powerpc/powernv: Use the security flags in pnv_setup_rfi_flush() - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush() - powerpc/64s: Wire up cpu_show_spectre_v1() - powerpc/64s: Wire up cpu_show_spectre_v2() - powerpc/pseries: Fix clearing of security feature flags - powerpc: Move default security feature flags - powerpc/pseries: Restore default security feature flags on setup - SAUCE: powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit * CVE-2018-3639 (x86) - SAUCE: Clean up IBPB and IBRS control functions and macros - SAUCE: Fix up IBPB and IBRS kernel parameters documentation - SAUCE: Remove #define X86_FEATURE_PTI - x86/cpufeature: Move some of the scattered feature bits to x86_capability - x86/cpufeature: Cleanup get_cpu_cap() - x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6 - x86/cpufeatures: Add CPUID_7_EDX CPUID leaf - x86/cpufeatures: Add Intel feature bits for Speculation Control - SAUCE: x86/kvm: Expose SPEC_CTRL from the leaf - x86/cpufeatures: Add AMD feature bits for Speculation Control - x86/msr: Add definitions for new speculation control MSRs - SAUCE: x86/msr: Rename MSR spec control feature bits - x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown - x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes - x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support - x86/speculation: Add dependency - x86/cpufeatures: Clean up Spectre v2 related CPUID flags - x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel - SAUCE: x86/speculation: Move vendor specific IBRS/IBPB control code - SAUCE: x86: Add alternative_msr_write - SAUCE: x86/nospec: Simplify alternative_msr_write() - SAUCE: x86/bugs: Concentrate bug detection into a separate function - SAUCE: x86/bugs: Concentrate bug reporting into a separate function - arch: Introduce post-init read-only memory - SAUCE: x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits - SAUCE: x86/bugs, KVM: Support the combination of guest and host IBRS - SAUCE: x86/bugs: Expose /sys/../spec_store_bypass - SAUCE: x86/cpufeatures: Add X86_FEATURE_RDS - SAUCE: x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation - SAUCE: x86/bugs/intel: Set proper CPU features and setup RDS - SAUCE: x86/bugs: Whitelist allowed SPEC_CTRL MSR values - SAUCE: x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested - SAUCE: x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest - SAUCE: x86/speculation: Create spec-ctrl.h to avoid include hell - SAUCE: prctl: Add speculation control prctls - x86/process: Optimize TIF checks in __switch_to_xtra() - SAUCE: x86/process: Allow runtime control of Speculative Store Bypass - SAUCE: x86/speculation: Add prctl for Speculative Store Bypass mitigation - SAUCE: nospec: Allow getting/setting on non-current task - SAUCE: proc: Provide details on speculation flaw mitigations - SAUCE: seccomp: Enable speculation flaw mitigations - SAUCE: x86/bugs: Honour SPEC_CTRL default - SAUCE: x86/bugs: Make boot modes __ro_after_init - SAUCE: prctl: Add force disable speculation - SAUCE: seccomp: Use PR_SPEC_FORCE_DISABLE - selftest/seccomp: Fix the flag name SECCOMP_FILTER_FLAG_TSYNC - SAUCE: seccomp: Add filter flag to opt-out of SSB mitigation - SAUCE: seccomp: Move speculation migitation control to arch code - SAUCE: x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass - SAUCE: x86/bugs: Rename _RDS to _SSBD - SAUCE: proc: Use underscores for SSBD in 'status' - SAUCE: Documentation/spec_ctrl: Do some minor cleanups - SAUCE: x86/bugs: Fix __ssb_select_mitigation() return type - SAUCE: x86/bugs: Make cpu_show_common() static
[Group.of.nepali.translators] [Bug 1764666] Re: Xenial update to 4.4.123 stable release
This bug was fixed in the package linux - 4.4.0-127.153 --- linux (4.4.0-127.153) xenial; urgency=medium * CVE-2018-3639 (powerpc) - powerpc/pseries: Support firmware disable of RFI flush - powerpc/powernv: Support firmware disable of RFI flush - powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code - powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again - powerpc/rfi-flush: Always enable fallback flush on pseries - powerpc/rfi-flush: Differentiate enabled and patched flush types - powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags - powerpc: Add security feature flags for Spectre/Meltdown - powerpc/pseries: Set or clear security feature flags - powerpc/powernv: Set or clear security feature flags - powerpc/64s: Move cpu_show_meltdown() - powerpc/64s: Enhance the information in cpu_show_meltdown() - powerpc/powernv: Use the security flags in pnv_setup_rfi_flush() - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush() - powerpc/64s: Wire up cpu_show_spectre_v1() - powerpc/64s: Wire up cpu_show_spectre_v2() - powerpc/pseries: Fix clearing of security feature flags - powerpc: Move default security feature flags - powerpc/pseries: Restore default security feature flags on setup - SAUCE: powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit * CVE-2018-3639 (x86) - SAUCE: Clean up IBPB and IBRS control functions and macros - SAUCE: Fix up IBPB and IBRS kernel parameters documentation - SAUCE: Remove #define X86_FEATURE_PTI - x86/cpufeature: Move some of the scattered feature bits to x86_capability - x86/cpufeature: Cleanup get_cpu_cap() - x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6 - x86/cpufeatures: Add CPUID_7_EDX CPUID leaf - x86/cpufeatures: Add Intel feature bits for Speculation Control - SAUCE: x86/kvm: Expose SPEC_CTRL from the leaf - x86/cpufeatures: Add AMD feature bits for Speculation Control - x86/msr: Add definitions for new speculation control MSRs - SAUCE: x86/msr: Rename MSR spec control feature bits - x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown - x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes - x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support - x86/speculation: Add dependency - x86/cpufeatures: Clean up Spectre v2 related CPUID flags - x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel - SAUCE: x86/speculation: Move vendor specific IBRS/IBPB control code - SAUCE: x86: Add alternative_msr_write - SAUCE: x86/nospec: Simplify alternative_msr_write() - SAUCE: x86/bugs: Concentrate bug detection into a separate function - SAUCE: x86/bugs: Concentrate bug reporting into a separate function - arch: Introduce post-init read-only memory - SAUCE: x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits - SAUCE: x86/bugs, KVM: Support the combination of guest and host IBRS - SAUCE: x86/bugs: Expose /sys/../spec_store_bypass - SAUCE: x86/cpufeatures: Add X86_FEATURE_RDS - SAUCE: x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation - SAUCE: x86/bugs/intel: Set proper CPU features and setup RDS - SAUCE: x86/bugs: Whitelist allowed SPEC_CTRL MSR values - SAUCE: x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested - SAUCE: x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest - SAUCE: x86/speculation: Create spec-ctrl.h to avoid include hell - SAUCE: prctl: Add speculation control prctls - x86/process: Optimize TIF checks in __switch_to_xtra() - SAUCE: x86/process: Allow runtime control of Speculative Store Bypass - SAUCE: x86/speculation: Add prctl for Speculative Store Bypass mitigation - SAUCE: nospec: Allow getting/setting on non-current task - SAUCE: proc: Provide details on speculation flaw mitigations - SAUCE: seccomp: Enable speculation flaw mitigations - SAUCE: x86/bugs: Honour SPEC_CTRL default - SAUCE: x86/bugs: Make boot modes __ro_after_init - SAUCE: prctl: Add force disable speculation - SAUCE: seccomp: Use PR_SPEC_FORCE_DISABLE - selftest/seccomp: Fix the flag name SECCOMP_FILTER_FLAG_TSYNC - SAUCE: seccomp: Add filter flag to opt-out of SSB mitigation - SAUCE: seccomp: Move speculation migitation control to arch code - SAUCE: x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass - SAUCE: x86/bugs: Rename _RDS to _SSBD - SAUCE: proc: Use underscores for SSBD in 'status' - SAUCE: Documentation/spec_ctrl: Do some minor cleanups - SAUCE: x86/bugs: Fix __ssb_select_mitigation() return type - SAUCE: x86/bugs: Make cpu_show_common() static
[Group.of.nepali.translators] [Bug 1764367] Re: Xenial update to 4.4.121 stable release
This bug was fixed in the package linux - 4.4.0-127.153 --- linux (4.4.0-127.153) xenial; urgency=medium * CVE-2018-3639 (powerpc) - powerpc/pseries: Support firmware disable of RFI flush - powerpc/powernv: Support firmware disable of RFI flush - powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code - powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again - powerpc/rfi-flush: Always enable fallback flush on pseries - powerpc/rfi-flush: Differentiate enabled and patched flush types - powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags - powerpc: Add security feature flags for Spectre/Meltdown - powerpc/pseries: Set or clear security feature flags - powerpc/powernv: Set or clear security feature flags - powerpc/64s: Move cpu_show_meltdown() - powerpc/64s: Enhance the information in cpu_show_meltdown() - powerpc/powernv: Use the security flags in pnv_setup_rfi_flush() - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush() - powerpc/64s: Wire up cpu_show_spectre_v1() - powerpc/64s: Wire up cpu_show_spectre_v2() - powerpc/pseries: Fix clearing of security feature flags - powerpc: Move default security feature flags - powerpc/pseries: Restore default security feature flags on setup - SAUCE: powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit * CVE-2018-3639 (x86) - SAUCE: Clean up IBPB and IBRS control functions and macros - SAUCE: Fix up IBPB and IBRS kernel parameters documentation - SAUCE: Remove #define X86_FEATURE_PTI - x86/cpufeature: Move some of the scattered feature bits to x86_capability - x86/cpufeature: Cleanup get_cpu_cap() - x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6 - x86/cpufeatures: Add CPUID_7_EDX CPUID leaf - x86/cpufeatures: Add Intel feature bits for Speculation Control - SAUCE: x86/kvm: Expose SPEC_CTRL from the leaf - x86/cpufeatures: Add AMD feature bits for Speculation Control - x86/msr: Add definitions for new speculation control MSRs - SAUCE: x86/msr: Rename MSR spec control feature bits - x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown - x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes - x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support - x86/speculation: Add dependency - x86/cpufeatures: Clean up Spectre v2 related CPUID flags - x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel - SAUCE: x86/speculation: Move vendor specific IBRS/IBPB control code - SAUCE: x86: Add alternative_msr_write - SAUCE: x86/nospec: Simplify alternative_msr_write() - SAUCE: x86/bugs: Concentrate bug detection into a separate function - SAUCE: x86/bugs: Concentrate bug reporting into a separate function - arch: Introduce post-init read-only memory - SAUCE: x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits - SAUCE: x86/bugs, KVM: Support the combination of guest and host IBRS - SAUCE: x86/bugs: Expose /sys/../spec_store_bypass - SAUCE: x86/cpufeatures: Add X86_FEATURE_RDS - SAUCE: x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation - SAUCE: x86/bugs/intel: Set proper CPU features and setup RDS - SAUCE: x86/bugs: Whitelist allowed SPEC_CTRL MSR values - SAUCE: x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested - SAUCE: x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest - SAUCE: x86/speculation: Create spec-ctrl.h to avoid include hell - SAUCE: prctl: Add speculation control prctls - x86/process: Optimize TIF checks in __switch_to_xtra() - SAUCE: x86/process: Allow runtime control of Speculative Store Bypass - SAUCE: x86/speculation: Add prctl for Speculative Store Bypass mitigation - SAUCE: nospec: Allow getting/setting on non-current task - SAUCE: proc: Provide details on speculation flaw mitigations - SAUCE: seccomp: Enable speculation flaw mitigations - SAUCE: x86/bugs: Honour SPEC_CTRL default - SAUCE: x86/bugs: Make boot modes __ro_after_init - SAUCE: prctl: Add force disable speculation - SAUCE: seccomp: Use PR_SPEC_FORCE_DISABLE - selftest/seccomp: Fix the flag name SECCOMP_FILTER_FLAG_TSYNC - SAUCE: seccomp: Add filter flag to opt-out of SSB mitigation - SAUCE: seccomp: Move speculation migitation control to arch code - SAUCE: x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass - SAUCE: x86/bugs: Rename _RDS to _SSBD - SAUCE: proc: Use underscores for SSBD in 'status' - SAUCE: Documentation/spec_ctrl: Do some minor cleanups - SAUCE: x86/bugs: Fix __ssb_select_mitigation() return type - SAUCE: x86/bugs: Make cpu_show_common() static
[Group.of.nepali.translators] [Bug 1764762] Re: Xenial update to 4.4.124 stable release
This bug was fixed in the package linux - 4.4.0-127.153 --- linux (4.4.0-127.153) xenial; urgency=medium * CVE-2018-3639 (powerpc) - powerpc/pseries: Support firmware disable of RFI flush - powerpc/powernv: Support firmware disable of RFI flush - powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code - powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again - powerpc/rfi-flush: Always enable fallback flush on pseries - powerpc/rfi-flush: Differentiate enabled and patched flush types - powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags - powerpc: Add security feature flags for Spectre/Meltdown - powerpc/pseries: Set or clear security feature flags - powerpc/powernv: Set or clear security feature flags - powerpc/64s: Move cpu_show_meltdown() - powerpc/64s: Enhance the information in cpu_show_meltdown() - powerpc/powernv: Use the security flags in pnv_setup_rfi_flush() - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush() - powerpc/64s: Wire up cpu_show_spectre_v1() - powerpc/64s: Wire up cpu_show_spectre_v2() - powerpc/pseries: Fix clearing of security feature flags - powerpc: Move default security feature flags - powerpc/pseries: Restore default security feature flags on setup - SAUCE: powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit * CVE-2018-3639 (x86) - SAUCE: Clean up IBPB and IBRS control functions and macros - SAUCE: Fix up IBPB and IBRS kernel parameters documentation - SAUCE: Remove #define X86_FEATURE_PTI - x86/cpufeature: Move some of the scattered feature bits to x86_capability - x86/cpufeature: Cleanup get_cpu_cap() - x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6 - x86/cpufeatures: Add CPUID_7_EDX CPUID leaf - x86/cpufeatures: Add Intel feature bits for Speculation Control - SAUCE: x86/kvm: Expose SPEC_CTRL from the leaf - x86/cpufeatures: Add AMD feature bits for Speculation Control - x86/msr: Add definitions for new speculation control MSRs - SAUCE: x86/msr: Rename MSR spec control feature bits - x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown - x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes - x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support - x86/speculation: Add dependency - x86/cpufeatures: Clean up Spectre v2 related CPUID flags - x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel - SAUCE: x86/speculation: Move vendor specific IBRS/IBPB control code - SAUCE: x86: Add alternative_msr_write - SAUCE: x86/nospec: Simplify alternative_msr_write() - SAUCE: x86/bugs: Concentrate bug detection into a separate function - SAUCE: x86/bugs: Concentrate bug reporting into a separate function - arch: Introduce post-init read-only memory - SAUCE: x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits - SAUCE: x86/bugs, KVM: Support the combination of guest and host IBRS - SAUCE: x86/bugs: Expose /sys/../spec_store_bypass - SAUCE: x86/cpufeatures: Add X86_FEATURE_RDS - SAUCE: x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation - SAUCE: x86/bugs/intel: Set proper CPU features and setup RDS - SAUCE: x86/bugs: Whitelist allowed SPEC_CTRL MSR values - SAUCE: x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested - SAUCE: x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest - SAUCE: x86/speculation: Create spec-ctrl.h to avoid include hell - SAUCE: prctl: Add speculation control prctls - x86/process: Optimize TIF checks in __switch_to_xtra() - SAUCE: x86/process: Allow runtime control of Speculative Store Bypass - SAUCE: x86/speculation: Add prctl for Speculative Store Bypass mitigation - SAUCE: nospec: Allow getting/setting on non-current task - SAUCE: proc: Provide details on speculation flaw mitigations - SAUCE: seccomp: Enable speculation flaw mitigations - SAUCE: x86/bugs: Honour SPEC_CTRL default - SAUCE: x86/bugs: Make boot modes __ro_after_init - SAUCE: prctl: Add force disable speculation - SAUCE: seccomp: Use PR_SPEC_FORCE_DISABLE - selftest/seccomp: Fix the flag name SECCOMP_FILTER_FLAG_TSYNC - SAUCE: seccomp: Add filter flag to opt-out of SSB mitigation - SAUCE: seccomp: Move speculation migitation control to arch code - SAUCE: x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass - SAUCE: x86/bugs: Rename _RDS to _SSBD - SAUCE: proc: Use underscores for SSBD in 'status' - SAUCE: Documentation/spec_ctrl: Do some minor cleanups - SAUCE: x86/bugs: Fix __ssb_select_mitigation() return type - SAUCE: x86/bugs: Make cpu_show_common() static
[Group.of.nepali.translators] [Bug 1764316] Re: Xenial update to 4.4.120 stable release
This bug was fixed in the package linux - 4.4.0-127.153 --- linux (4.4.0-127.153) xenial; urgency=medium * CVE-2018-3639 (powerpc) - powerpc/pseries: Support firmware disable of RFI flush - powerpc/powernv: Support firmware disable of RFI flush - powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code - powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again - powerpc/rfi-flush: Always enable fallback flush on pseries - powerpc/rfi-flush: Differentiate enabled and patched flush types - powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags - powerpc: Add security feature flags for Spectre/Meltdown - powerpc/pseries: Set or clear security feature flags - powerpc/powernv: Set or clear security feature flags - powerpc/64s: Move cpu_show_meltdown() - powerpc/64s: Enhance the information in cpu_show_meltdown() - powerpc/powernv: Use the security flags in pnv_setup_rfi_flush() - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush() - powerpc/64s: Wire up cpu_show_spectre_v1() - powerpc/64s: Wire up cpu_show_spectre_v2() - powerpc/pseries: Fix clearing of security feature flags - powerpc: Move default security feature flags - powerpc/pseries: Restore default security feature flags on setup - SAUCE: powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit * CVE-2018-3639 (x86) - SAUCE: Clean up IBPB and IBRS control functions and macros - SAUCE: Fix up IBPB and IBRS kernel parameters documentation - SAUCE: Remove #define X86_FEATURE_PTI - x86/cpufeature: Move some of the scattered feature bits to x86_capability - x86/cpufeature: Cleanup get_cpu_cap() - x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6 - x86/cpufeatures: Add CPUID_7_EDX CPUID leaf - x86/cpufeatures: Add Intel feature bits for Speculation Control - SAUCE: x86/kvm: Expose SPEC_CTRL from the leaf - x86/cpufeatures: Add AMD feature bits for Speculation Control - x86/msr: Add definitions for new speculation control MSRs - SAUCE: x86/msr: Rename MSR spec control feature bits - x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown - x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes - x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support - x86/speculation: Add dependency - x86/cpufeatures: Clean up Spectre v2 related CPUID flags - x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel - SAUCE: x86/speculation: Move vendor specific IBRS/IBPB control code - SAUCE: x86: Add alternative_msr_write - SAUCE: x86/nospec: Simplify alternative_msr_write() - SAUCE: x86/bugs: Concentrate bug detection into a separate function - SAUCE: x86/bugs: Concentrate bug reporting into a separate function - arch: Introduce post-init read-only memory - SAUCE: x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits - SAUCE: x86/bugs, KVM: Support the combination of guest and host IBRS - SAUCE: x86/bugs: Expose /sys/../spec_store_bypass - SAUCE: x86/cpufeatures: Add X86_FEATURE_RDS - SAUCE: x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation - SAUCE: x86/bugs/intel: Set proper CPU features and setup RDS - SAUCE: x86/bugs: Whitelist allowed SPEC_CTRL MSR values - SAUCE: x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested - SAUCE: x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest - SAUCE: x86/speculation: Create spec-ctrl.h to avoid include hell - SAUCE: prctl: Add speculation control prctls - x86/process: Optimize TIF checks in __switch_to_xtra() - SAUCE: x86/process: Allow runtime control of Speculative Store Bypass - SAUCE: x86/speculation: Add prctl for Speculative Store Bypass mitigation - SAUCE: nospec: Allow getting/setting on non-current task - SAUCE: proc: Provide details on speculation flaw mitigations - SAUCE: seccomp: Enable speculation flaw mitigations - SAUCE: x86/bugs: Honour SPEC_CTRL default - SAUCE: x86/bugs: Make boot modes __ro_after_init - SAUCE: prctl: Add force disable speculation - SAUCE: seccomp: Use PR_SPEC_FORCE_DISABLE - selftest/seccomp: Fix the flag name SECCOMP_FILTER_FLAG_TSYNC - SAUCE: seccomp: Add filter flag to opt-out of SSB mitigation - SAUCE: seccomp: Move speculation migitation control to arch code - SAUCE: x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass - SAUCE: x86/bugs: Rename _RDS to _SSBD - SAUCE: proc: Use underscores for SSBD in 'status' - SAUCE: Documentation/spec_ctrl: Do some minor cleanups - SAUCE: x86/bugs: Fix __ssb_select_mitigation() return type - SAUCE: x86/bugs: Make cpu_show_common() static
[Group.of.nepali.translators] [Bug 1763494] Re: linux-azure-edge should follow bionic/linux-azure in a similar way to linux-hwe
This bug was fixed in the package linux-azure-edge - 4.15.0-1012.12~16.04.2 --- linux-azure-edge (4.15.0-1012.12~16.04.2) xenial; urgency=medium * linux-azure-edge headers are broken after change to support scripted rebases (LP: #1772058) - [Packaging]: azure-edge: Fix headers packages after switching to scripted rebase linux-azure-edge (4.15.0-1012.12~16.04.1) xenial; urgency=medium * linux-image-4.15.0-20-generic install after upgrade from xenial breaks (LP: #1767133) - Packaging: Add versioned dependency for linux-base [ Ubuntu: 4.15.0-22.24 ] * CVE-2018-3639 (powerpc) - powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit - stf-barrier: set eieio instruction bit 6 for future optimisations * CVE-2018-3639 (x86) - x86/nospec: Simplify alternative_msr_write() - x86/bugs: Concentrate bug detection into a separate function - x86/bugs: Concentrate bug reporting into a separate function - x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits - x86/bugs, KVM: Support the combination of guest and host IBRS - x86/bugs: Expose /sys/../spec_store_bypass - x86/cpufeatures: Add X86_FEATURE_RDS - x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation - x86/bugs/intel: Set proper CPU features and setup RDS - x86/bugs: Whitelist allowed SPEC_CTRL MSR values - x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested - x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest - x86/speculation: Create spec-ctrl.h to avoid include hell - prctl: Add speculation control prctls - x86/process: Allow runtime control of Speculative Store Bypass - x86/speculation: Add prctl for Speculative Store Bypass mitigation - nospec: Allow getting/setting on non-current task - proc: Provide details on speculation flaw mitigations - seccomp: Enable speculation flaw mitigations - x86/bugs: Make boot modes __ro_after_init - prctl: Add force disable speculation - seccomp: Use PR_SPEC_FORCE_DISABLE - seccomp: Add filter flag to opt-out of SSB mitigation - seccomp: Move speculation migitation control to arch code - x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass - x86/bugs: Rename _RDS to _SSBD - proc: Use underscores for SSBD in 'status' - Documentation/spec_ctrl: Do some minor cleanups - x86/bugs: Fix __ssb_select_mitigation() return type - x86/bugs: Make cpu_show_common() static * LSM Stacking prctl values should be redefined as to not collide with upstream prctls (LP: #1769263) // CVE-2018-3639 - SAUCE: LSM stacking: adjust prctl values [ Ubuntu: 4.15.0-21.22 ] * linux: 4.15.0-21.22 -proposed tracker (LP: #1767397) * initramfs-tools exception during pm.DoInstall with do-release-upgrade from 16.04 to 18.04 (LP: #1766727) - Add linux-image-* Breaks on s390-tools (<< 2.3.0-0ubuntu3) * linux-image-4.15.0-20-generic install after upgrade from xenial breaks (LP: #1767133) - Packaging: Depends on linux-base that provides the necessary tools * linux-image packages need to Breaks flash-kernel << 3.90ubuntu2 (LP: #1766629) - linux-image-* breaks on flash-kernel (<< 3.90ubuntu2) linux-azure (4.15.0-1011.11) bionic; urgency=medium * linux-azure: 4.15.0-1011.11 -proposed tracker (LP: #1770294) * fsnotify: Fix fsnotify_mark_connector race (LP: #1765564) - fsnotify: Fix fsnotify_mark_connector race linux-azure (4.15.0-1009.9) bionic; urgency=medium * linux-azure: 4.15.0-1009.9 -proposed tracker (LP: #1766467) [ Ubuntu: 4.15.0-20.21 ] * linux: 4.15.0-20.21 -proposed tracker (LP: #1766452) * package shim-signed (not installed) failed to install/upgrade: installed shim-signed package post-installation script subprocess returned error exit status 5 (LP: #1766391) - [Packaging] fix invocation of header postinst hooks linux-azure (4.15.0-1008.8) bionic; urgency=medium * linux-azure: 4.15.0-1008.8 -proposed tracker (LP: #1766025) [ Ubuntu: 4.15.0-19.20 ] * linux: 4.15.0-19.20 -proposed tracker (LP: #1766021) * Kernel 4.15.0-15 breaks Dell PowerEdge 12th Gen servers (LP: #1765232) - Revert "blk-mq: simplify queue mapping & schedule with each possisble CPU" - Revert "genirq/affinity: assign vectors to all possible CPUs" linux-azure (4.15.0-1007.7) bionic; urgency=medium * linux-azure: 4.15.0-1007.7 -proposed tracker (LP: #1765495) * Miscellaneous Ubuntu changes - [Config] updateconfigs after rebase to Ubuntu-4.15.0-18.19 - [Packaging] update flavour-control.stub for signing changes [ Ubuntu: 4.15.0-18.19 ] * linux: 4.15.0-18.19 -proposed tracker (LP: #1765490) * [regression] Ubuntu 18.04:[4.15.0-17-generic #18] KVM Guest Kernel: meltdown: rfi/fallback displacement flush not enabled bydefault (kvm) (LP: #1765429) - powerpc/pseries: Fix clearing of
[Group.of.nepali.translators] [Bug 1764627] Re: Xenial update to 4.4.122 stable release
This bug was fixed in the package linux - 4.4.0-127.153 --- linux (4.4.0-127.153) xenial; urgency=medium * CVE-2018-3639 (powerpc) - powerpc/pseries: Support firmware disable of RFI flush - powerpc/powernv: Support firmware disable of RFI flush - powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code - powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again - powerpc/rfi-flush: Always enable fallback flush on pseries - powerpc/rfi-flush: Differentiate enabled and patched flush types - powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags - powerpc: Add security feature flags for Spectre/Meltdown - powerpc/pseries: Set or clear security feature flags - powerpc/powernv: Set or clear security feature flags - powerpc/64s: Move cpu_show_meltdown() - powerpc/64s: Enhance the information in cpu_show_meltdown() - powerpc/powernv: Use the security flags in pnv_setup_rfi_flush() - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush() - powerpc/64s: Wire up cpu_show_spectre_v1() - powerpc/64s: Wire up cpu_show_spectre_v2() - powerpc/pseries: Fix clearing of security feature flags - powerpc: Move default security feature flags - powerpc/pseries: Restore default security feature flags on setup - SAUCE: powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit * CVE-2018-3639 (x86) - SAUCE: Clean up IBPB and IBRS control functions and macros - SAUCE: Fix up IBPB and IBRS kernel parameters documentation - SAUCE: Remove #define X86_FEATURE_PTI - x86/cpufeature: Move some of the scattered feature bits to x86_capability - x86/cpufeature: Cleanup get_cpu_cap() - x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6 - x86/cpufeatures: Add CPUID_7_EDX CPUID leaf - x86/cpufeatures: Add Intel feature bits for Speculation Control - SAUCE: x86/kvm: Expose SPEC_CTRL from the leaf - x86/cpufeatures: Add AMD feature bits for Speculation Control - x86/msr: Add definitions for new speculation control MSRs - SAUCE: x86/msr: Rename MSR spec control feature bits - x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown - x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes - x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support - x86/speculation: Add dependency - x86/cpufeatures: Clean up Spectre v2 related CPUID flags - x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel - SAUCE: x86/speculation: Move vendor specific IBRS/IBPB control code - SAUCE: x86: Add alternative_msr_write - SAUCE: x86/nospec: Simplify alternative_msr_write() - SAUCE: x86/bugs: Concentrate bug detection into a separate function - SAUCE: x86/bugs: Concentrate bug reporting into a separate function - arch: Introduce post-init read-only memory - SAUCE: x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits - SAUCE: x86/bugs, KVM: Support the combination of guest and host IBRS - SAUCE: x86/bugs: Expose /sys/../spec_store_bypass - SAUCE: x86/cpufeatures: Add X86_FEATURE_RDS - SAUCE: x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation - SAUCE: x86/bugs/intel: Set proper CPU features and setup RDS - SAUCE: x86/bugs: Whitelist allowed SPEC_CTRL MSR values - SAUCE: x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested - SAUCE: x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest - SAUCE: x86/speculation: Create spec-ctrl.h to avoid include hell - SAUCE: prctl: Add speculation control prctls - x86/process: Optimize TIF checks in __switch_to_xtra() - SAUCE: x86/process: Allow runtime control of Speculative Store Bypass - SAUCE: x86/speculation: Add prctl for Speculative Store Bypass mitigation - SAUCE: nospec: Allow getting/setting on non-current task - SAUCE: proc: Provide details on speculation flaw mitigations - SAUCE: seccomp: Enable speculation flaw mitigations - SAUCE: x86/bugs: Honour SPEC_CTRL default - SAUCE: x86/bugs: Make boot modes __ro_after_init - SAUCE: prctl: Add force disable speculation - SAUCE: seccomp: Use PR_SPEC_FORCE_DISABLE - selftest/seccomp: Fix the flag name SECCOMP_FILTER_FLAG_TSYNC - SAUCE: seccomp: Add filter flag to opt-out of SSB mitigation - SAUCE: seccomp: Move speculation migitation control to arch code - SAUCE: x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass - SAUCE: x86/bugs: Rename _RDS to _SSBD - SAUCE: proc: Use underscores for SSBD in 'status' - SAUCE: Documentation/spec_ctrl: Do some minor cleanups - SAUCE: x86/bugs: Fix __ssb_select_mitigation() return type - SAUCE: x86/bugs: Make cpu_show_common() static
[Group.of.nepali.translators] [Bug 1770016] Re: linux-aws: 4.4.0-1058.67 -proposed tracker
This bug was fixed in the package linux-aws - 4.4.0-1060.69 --- linux-aws (4.4.0-1060.69) xenial; urgency=medium [ Ubuntu: 4.4.0-127.153 ] * CVE-2018-3639 (powerpc) - powerpc/pseries: Support firmware disable of RFI flush - powerpc/powernv: Support firmware disable of RFI flush - powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code - powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again - powerpc/rfi-flush: Always enable fallback flush on pseries - powerpc/rfi-flush: Differentiate enabled and patched flush types - powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags - powerpc: Add security feature flags for Spectre/Meltdown - powerpc/pseries: Set or clear security feature flags - powerpc/powernv: Set or clear security feature flags - powerpc/64s: Move cpu_show_meltdown() - powerpc/64s: Enhance the information in cpu_show_meltdown() - powerpc/powernv: Use the security flags in pnv_setup_rfi_flush() - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush() - powerpc/64s: Wire up cpu_show_spectre_v1() - powerpc/64s: Wire up cpu_show_spectre_v2() - powerpc/pseries: Fix clearing of security feature flags - powerpc: Move default security feature flags - powerpc/pseries: Restore default security feature flags on setup - SAUCE: powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit * CVE-2018-3639 (x86) - SAUCE: Clean up IBPB and IBRS control functions and macros - SAUCE: Fix up IBPB and IBRS kernel parameters documentation - SAUCE: Remove #define X86_FEATURE_PTI - x86/cpufeature: Move some of the scattered feature bits to x86_capability - x86/cpufeature: Cleanup get_cpu_cap() - x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6 - x86/cpufeatures: Add CPUID_7_EDX CPUID leaf - x86/cpufeatures: Add Intel feature bits for Speculation Control - SAUCE: x86/kvm: Expose SPEC_CTRL from the leaf - x86/cpufeatures: Add AMD feature bits for Speculation Control - x86/msr: Add definitions for new speculation control MSRs - SAUCE: x86/msr: Rename MSR spec control feature bits - x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown - x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes - x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support - x86/speculation: Add dependency - x86/cpufeatures: Clean up Spectre v2 related CPUID flags - x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel - SAUCE: x86/speculation: Move vendor specific IBRS/IBPB control code - SAUCE: x86: Add alternative_msr_write - SAUCE: x86/nospec: Simplify alternative_msr_write() - SAUCE: x86/bugs: Concentrate bug detection into a separate function - SAUCE: x86/bugs: Concentrate bug reporting into a separate function - arch: Introduce post-init read-only memory - SAUCE: x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits - SAUCE: x86/bugs, KVM: Support the combination of guest and host IBRS - SAUCE: x86/bugs: Expose /sys/../spec_store_bypass - SAUCE: x86/cpufeatures: Add X86_FEATURE_RDS - SAUCE: x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation - SAUCE: x86/bugs/intel: Set proper CPU features and setup RDS - SAUCE: x86/bugs: Whitelist allowed SPEC_CTRL MSR values - SAUCE: x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested - SAUCE: x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest - SAUCE: x86/speculation: Create spec-ctrl.h to avoid include hell - SAUCE: prctl: Add speculation control prctls - x86/process: Optimize TIF checks in __switch_to_xtra() - SAUCE: x86/process: Allow runtime control of Speculative Store Bypass - SAUCE: x86/speculation: Add prctl for Speculative Store Bypass mitigation - SAUCE: nospec: Allow getting/setting on non-current task - SAUCE: proc: Provide details on speculation flaw mitigations - SAUCE: seccomp: Enable speculation flaw mitigations - SAUCE: x86/bugs: Honour SPEC_CTRL default - SAUCE: x86/bugs: Make boot modes __ro_after_init - SAUCE: prctl: Add force disable speculation - SAUCE: seccomp: Use PR_SPEC_FORCE_DISABLE - selftest/seccomp: Fix the flag name SECCOMP_FILTER_FLAG_TSYNC - SAUCE: seccomp: Add filter flag to opt-out of SSB mitigation - SAUCE: seccomp: Move speculation migitation control to arch code - SAUCE: x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass - SAUCE: x86/bugs: Rename _RDS to _SSBD - SAUCE: proc: Use underscores for SSBD in 'status' - SAUCE: Documentation/spec_ctrl: Do some minor cleanups - SAUCE: x86/bugs: Fix __ssb_select_mitigation() return type - SAUCE:
[Group.of.nepali.translators] [Bug 1770019] Re: linux-kvm: 4.4.0-1024.29 -proposed tracker
This bug was fixed in the package linux-kvm - 4.4.0-1026.31 --- linux-kvm (4.4.0-1026.31) xenial; urgency=medium * Xenial update to 4.4.118 stable release (LP: #1756866) - kvm: [config] Add CONFIG_DST_CACHE=y * getlogin will fail to open /proc/self/loginuid (LP: #1770245) - Config: Enable CONFIG_AUDITSYSCALL [ Ubuntu: 4.4.0-127.153 ] * CVE-2018-3639 (powerpc) - powerpc/pseries: Support firmware disable of RFI flush - powerpc/powernv: Support firmware disable of RFI flush - powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code - powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again - powerpc/rfi-flush: Always enable fallback flush on pseries - powerpc/rfi-flush: Differentiate enabled and patched flush types - powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags - powerpc: Add security feature flags for Spectre/Meltdown - powerpc/pseries: Set or clear security feature flags - powerpc/powernv: Set or clear security feature flags - powerpc/64s: Move cpu_show_meltdown() - powerpc/64s: Enhance the information in cpu_show_meltdown() - powerpc/powernv: Use the security flags in pnv_setup_rfi_flush() - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush() - powerpc/64s: Wire up cpu_show_spectre_v1() - powerpc/64s: Wire up cpu_show_spectre_v2() - powerpc/pseries: Fix clearing of security feature flags - powerpc: Move default security feature flags - powerpc/pseries: Restore default security feature flags on setup - SAUCE: powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit * CVE-2018-3639 (x86) - SAUCE: Clean up IBPB and IBRS control functions and macros - SAUCE: Fix up IBPB and IBRS kernel parameters documentation - SAUCE: Remove #define X86_FEATURE_PTI - x86/cpufeature: Move some of the scattered feature bits to x86_capability - x86/cpufeature: Cleanup get_cpu_cap() - x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6 - x86/cpufeatures: Add CPUID_7_EDX CPUID leaf - x86/cpufeatures: Add Intel feature bits for Speculation Control - SAUCE: x86/kvm: Expose SPEC_CTRL from the leaf - x86/cpufeatures: Add AMD feature bits for Speculation Control - x86/msr: Add definitions for new speculation control MSRs - SAUCE: x86/msr: Rename MSR spec control feature bits - x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown - x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes - x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support - x86/speculation: Add dependency - x86/cpufeatures: Clean up Spectre v2 related CPUID flags - x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel - SAUCE: x86/speculation: Move vendor specific IBRS/IBPB control code - SAUCE: x86: Add alternative_msr_write - SAUCE: x86/nospec: Simplify alternative_msr_write() - SAUCE: x86/bugs: Concentrate bug detection into a separate function - SAUCE: x86/bugs: Concentrate bug reporting into a separate function - arch: Introduce post-init read-only memory - SAUCE: x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits - SAUCE: x86/bugs, KVM: Support the combination of guest and host IBRS - SAUCE: x86/bugs: Expose /sys/../spec_store_bypass - SAUCE: x86/cpufeatures: Add X86_FEATURE_RDS - SAUCE: x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation - SAUCE: x86/bugs/intel: Set proper CPU features and setup RDS - SAUCE: x86/bugs: Whitelist allowed SPEC_CTRL MSR values - SAUCE: x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested - SAUCE: x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest - SAUCE: x86/speculation: Create spec-ctrl.h to avoid include hell - SAUCE: prctl: Add speculation control prctls - x86/process: Optimize TIF checks in __switch_to_xtra() - SAUCE: x86/process: Allow runtime control of Speculative Store Bypass - SAUCE: x86/speculation: Add prctl for Speculative Store Bypass mitigation - SAUCE: nospec: Allow getting/setting on non-current task - SAUCE: proc: Provide details on speculation flaw mitigations - SAUCE: seccomp: Enable speculation flaw mitigations - SAUCE: x86/bugs: Honour SPEC_CTRL default - SAUCE: x86/bugs: Make boot modes __ro_after_init - SAUCE: prctl: Add force disable speculation - SAUCE: seccomp: Use PR_SPEC_FORCE_DISABLE - selftest/seccomp: Fix the flag name SECCOMP_FILTER_FLAG_TSYNC - SAUCE: seccomp: Add filter flag to opt-out of SSB mitigation - SAUCE: seccomp: Move speculation migitation control to arch code - SAUCE: x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass - SAUCE: x86/bugs: Rename _RDS
[Group.of.nepali.translators] [Bug 1770245] Re: getlogin will fail to open /proc/self/loginuid
This bug was fixed in the package linux-kvm - 4.4.0-1026.31 --- linux-kvm (4.4.0-1026.31) xenial; urgency=medium * Xenial update to 4.4.118 stable release (LP: #1756866) - kvm: [config] Add CONFIG_DST_CACHE=y * getlogin will fail to open /proc/self/loginuid (LP: #1770245) - Config: Enable CONFIG_AUDITSYSCALL [ Ubuntu: 4.4.0-127.153 ] * CVE-2018-3639 (powerpc) - powerpc/pseries: Support firmware disable of RFI flush - powerpc/powernv: Support firmware disable of RFI flush - powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code - powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again - powerpc/rfi-flush: Always enable fallback flush on pseries - powerpc/rfi-flush: Differentiate enabled and patched flush types - powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags - powerpc: Add security feature flags for Spectre/Meltdown - powerpc/pseries: Set or clear security feature flags - powerpc/powernv: Set or clear security feature flags - powerpc/64s: Move cpu_show_meltdown() - powerpc/64s: Enhance the information in cpu_show_meltdown() - powerpc/powernv: Use the security flags in pnv_setup_rfi_flush() - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush() - powerpc/64s: Wire up cpu_show_spectre_v1() - powerpc/64s: Wire up cpu_show_spectre_v2() - powerpc/pseries: Fix clearing of security feature flags - powerpc: Move default security feature flags - powerpc/pseries: Restore default security feature flags on setup - SAUCE: powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit * CVE-2018-3639 (x86) - SAUCE: Clean up IBPB and IBRS control functions and macros - SAUCE: Fix up IBPB and IBRS kernel parameters documentation - SAUCE: Remove #define X86_FEATURE_PTI - x86/cpufeature: Move some of the scattered feature bits to x86_capability - x86/cpufeature: Cleanup get_cpu_cap() - x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6 - x86/cpufeatures: Add CPUID_7_EDX CPUID leaf - x86/cpufeatures: Add Intel feature bits for Speculation Control - SAUCE: x86/kvm: Expose SPEC_CTRL from the leaf - x86/cpufeatures: Add AMD feature bits for Speculation Control - x86/msr: Add definitions for new speculation control MSRs - SAUCE: x86/msr: Rename MSR spec control feature bits - x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown - x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes - x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support - x86/speculation: Add dependency - x86/cpufeatures: Clean up Spectre v2 related CPUID flags - x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel - SAUCE: x86/speculation: Move vendor specific IBRS/IBPB control code - SAUCE: x86: Add alternative_msr_write - SAUCE: x86/nospec: Simplify alternative_msr_write() - SAUCE: x86/bugs: Concentrate bug detection into a separate function - SAUCE: x86/bugs: Concentrate bug reporting into a separate function - arch: Introduce post-init read-only memory - SAUCE: x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits - SAUCE: x86/bugs, KVM: Support the combination of guest and host IBRS - SAUCE: x86/bugs: Expose /sys/../spec_store_bypass - SAUCE: x86/cpufeatures: Add X86_FEATURE_RDS - SAUCE: x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation - SAUCE: x86/bugs/intel: Set proper CPU features and setup RDS - SAUCE: x86/bugs: Whitelist allowed SPEC_CTRL MSR values - SAUCE: x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested - SAUCE: x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest - SAUCE: x86/speculation: Create spec-ctrl.h to avoid include hell - SAUCE: prctl: Add speculation control prctls - x86/process: Optimize TIF checks in __switch_to_xtra() - SAUCE: x86/process: Allow runtime control of Speculative Store Bypass - SAUCE: x86/speculation: Add prctl for Speculative Store Bypass mitigation - SAUCE: nospec: Allow getting/setting on non-current task - SAUCE: proc: Provide details on speculation flaw mitigations - SAUCE: seccomp: Enable speculation flaw mitigations - SAUCE: x86/bugs: Honour SPEC_CTRL default - SAUCE: x86/bugs: Make boot modes __ro_after_init - SAUCE: prctl: Add force disable speculation - SAUCE: seccomp: Use PR_SPEC_FORCE_DISABLE - selftest/seccomp: Fix the flag name SECCOMP_FILTER_FLAG_TSYNC - SAUCE: seccomp: Add filter flag to opt-out of SSB mitigation - SAUCE: seccomp: Move speculation migitation control to arch code - SAUCE: x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass - SAUCE: x86/bugs: Rename _RDS