[Group.of.nepali.translators] [Bug 1771826] Re: Creation of IMA file hashes fails when appraisal is enabled

[Joseph Salisbury]

** Changed in: linux (Ubuntu)
   Importance: Undecided => Medium

** Also affects: linux (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Changed in: linux (Ubuntu)
   Status: Confirmed => Triaged

** Changed in: linux (Ubuntu Xenial)
   Status: New => Triaged

** Changed in: linux (Ubuntu Xenial)
   Importance: Undecided => Medium

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1771826

Title:
  Creation of IMA file hashes fails when appraisal is enabled

Status in linux package in Ubuntu:
  Invalid
Status in linux source package in Xenial:
  In Progress

Bug description:
  On a system that has IMA appraisal enabled it is impossible to create
  security.ima extended attribute files that contain IMA hash.

  For instance, consider the following use case:

  1) extract application files to a staging area as non root user
  2) verify that installation is correct
  3) create IMA extended attributes for the installed files
  4) move the files to their destination
  5) change the files ownership to root

  With kernel 4.4.x step 3 will fail.

  The issues is fixed in upstream kernels by the following commit [1]:

  commit f5acb3dcba1ffb7f0b8cbb9dba61500eea5d610b
  Author: Mimi Zohar 
  Date:   Wed Nov 2 09:14:16 2016 -0400

  Revert "ima: limit file hash setting by user to fix and log modes"

  [1] 
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i
  d=f5acb3dcba1ffb7f0b8cbb9dba61500eea5d610b

  ProblemType: Bug
  DistroRelease: Ubuntu 16.04
  Package: linux-image-4.4.0-124-generic 4.4.0-124.148
  ProcVersionSignature: User Name 4.4.0-124.148-generic 4.4.117
  Uname: Linux 4.4.0-124-generic x86_64
  AlsaDevices:
   total 0
   crw-rw 1 root audio 116,  1 May 17 14:07 seq
   crw-rw 1 root audio 116, 33 May 17 14:07 timer
  AplayDevices: Error: [Errno 2] No such file or directory: 'aplay'
  ApportVersion: 2.20.1-0ubuntu2.15
  Architecture: amd64
  ArecordDevices: Error: [Errno 2] No such file or directory: 'arecord'
  AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', 
'/dev/snd/timer'] failed with exit code 1:
  CRDA: Error: command ['iw', 'reg', 'get'] failed with exit code 1: nl80211 
not found.
  Date: Thu May 17 14:08:59 2018
  IwConfig: Error: [Errno 2] No such file or directory: 'iwconfig'
  Lsusb: Error: command ['lsusb'] failed with exit code 1:
  MachineType: QEMU Standard PC (i440FX + PIIX, 1996)
  PciMultimedia:

  ProcFB:

  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.4.0-124-generic 
root=UUID=aef88a4e-dbea-4cc7-be8b-03cf8501cc8f ro biosdevname=0 net.ifnames=0 
console=tty1 console=ttyS0 crashkernel=384M-:128M
  RelatedPackageVersions:
   linux-restricted-modules-4.4.0-124-generic N/A
   linux-backports-modules-4.4.0-124-generic  N/A
   linux-firmware 1.157.17
  RfKill: Error: [Errno 2] No such file or directory: 'rfkill'
  SourcePackage: linux
  UpgradeStatus: No upgrade log present (probably fresh install)
  dmi.bios.date: 04/01/2014
  dmi.bios.vendor: SeaBIOS
  dmi.bios.version: rel-1.11.0-0-g63451fca13-prebuilt.qemu-project.org
  dmi.chassis.type: 1
  dmi.chassis.vendor: QEMU
  dmi.chassis.version: pc-i440fx-2.12
  dmi.modalias: 
dmi:bvnSeaBIOS:bvrrel-1.11.0-0-g63451fca13-prebuilt.qemu-project.org:bd04/01/2014:svnQEMU:pnStandardPC(i440FX+PIIX,1996):pvrpc-i440fx-2.12:cvnQEMU:ct1:cvrpc-i440fx-2.12:
  dmi.product.name: Standard PC (i440FX + PIIX, 1996)
  dmi.product.version: pc-i440fx-2.12
  dmi.sys.vendor: QEMU

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1771826/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1772456] Re: ebtables lock file fcntl errno value not correctly checked

[Dan Streetman]

thanks @setuid for reproducer bash script that I used in description

** Also affects: ebtables (Ubuntu Precise)
   Importance: Undecided
   Status: New

** Also affects: ebtables (Ubuntu Trusty)
   Importance: Undecided
   Status: New

** Also affects: ebtables (Ubuntu Artful)
   Importance: Undecided
   Status: New

** Also affects: ebtables (Ubuntu Cosmic)
   Importance: Medium
 Assignee: Dan Streetman (ddstreet)
   Status: In Progress

** Also affects: ebtables (Ubuntu Bionic)
   Importance: Undecided
   Status: New

** Also affects: ebtables (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** No longer affects: ebtables (Ubuntu Precise)

** Also affects: ebtables (Ubuntu Precise)
   Importance: Undecided
   Status: New

** No longer affects: ebtables (Ubuntu Precise)

** Changed in: ebtables (Ubuntu Trusty)
   Status: New => In Progress

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1772456

Title:
  ebtables lock file fcntl errno value not correctly checked

Status in ebtables package in Ubuntu:
  In Progress
Status in ebtables source package in Trusty:
  In Progress
Status in ebtables source package in Xenial:
  New
Status in ebtables source package in Artful:
  New
Status in ebtables source package in Bionic:
  New
Status in ebtables source package in Cosmic:
  In Progress

Bug description:
  [impact]

  bug 1645324 introduced code to improve the existing file-based
  locking, by using fcntl instead of exclusive file opening.

  However, when fcntl fails the new code tries to check for errno of
  EAGAIN or EACCES, but does so incorrectly:

  + ret = fcntl(lockfd, F_SETLK, );
  + if (ret == -1 && errno != (EAGAIN || EACCES))

  "errno != (EAGAIN || EACCES)" is not correct, because it will always
  evaluate to true when errno is either EAGAIN or EACCES; the bitwise OR
  of EAGAIN (11) and EACCES (13) produces 15 (ENOTBLK) which will never
  match either, so != always is true.

  [test case]

  run ebtables in a tight loop from two separate shells, to force
  lockfile contention, for example:

  #!/bin/bash

  dev="$1"

  while test 1; do
  sleep 0
  ebtables --concurrent -t nat -A PREROUTING -i ${dev} -j ACCEPT
  if [ $? -ne 0 ]; then
  echo "odd!"
  fi
  ebtables --concurrent -t nat -D PREROUTING -i ${dev} -j ACCEPT
  if [ $? -ne 0 ]; then
  echo "odd!"
  fi
  done

  that can be run with any text param (e.g. "foo" and "bar") from 2
  shells, to produce the failure:

  Unable to create lock file /var/lib/ebtables/lock.

  [regression potential]

  like the previous patch, this change also has the potential to
  introduce errors in file locking that ebtables uses; however
  considering the file locking currently does not work at all due to the
  above logic error, this patch should only help.  The only regression
  potential is see is the possibility of breaking non-contended file
  locking, which currently does work.

  [other info]

  see previous bug 1645324
  https://launchpad.net/bugs/1645324

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ebtables/+bug/1772456/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1771826] Re: Creation of IMA file hashes fails when appraisal is enabled

[Joseph Salisbury]

** Changed in: linux (Ubuntu)
   Status: Triaged => Invalid

** Changed in: linux (Ubuntu Xenial)
   Status: Triaged => In Progress

** Changed in: linux (Ubuntu Xenial)
 Assignee: (unassigned) => Joseph Salisbury (jsalisbury)

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1771826

Title:
  Creation of IMA file hashes fails when appraisal is enabled

Status in linux package in Ubuntu:
  Invalid
Status in linux source package in Xenial:
  In Progress

Bug description:
  On a system that has IMA appraisal enabled it is impossible to create
  security.ima extended attribute files that contain IMA hash.

  For instance, consider the following use case:

  1) extract application files to a staging area as non root user
  2) verify that installation is correct
  3) create IMA extended attributes for the installed files
  4) move the files to their destination
  5) change the files ownership to root

  With kernel 4.4.x step 3 will fail.

  The issues is fixed in upstream kernels by the following commit [1]:

  commit f5acb3dcba1ffb7f0b8cbb9dba61500eea5d610b
  Author: Mimi Zohar 
  Date:   Wed Nov 2 09:14:16 2016 -0400

  Revert "ima: limit file hash setting by user to fix and log modes"

  [1] 
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i
  d=f5acb3dcba1ffb7f0b8cbb9dba61500eea5d610b

  ProblemType: Bug
  DistroRelease: Ubuntu 16.04
  Package: linux-image-4.4.0-124-generic 4.4.0-124.148
  ProcVersionSignature: User Name 4.4.0-124.148-generic 4.4.117
  Uname: Linux 4.4.0-124-generic x86_64
  AlsaDevices:
   total 0
   crw-rw 1 root audio 116,  1 May 17 14:07 seq
   crw-rw 1 root audio 116, 33 May 17 14:07 timer
  AplayDevices: Error: [Errno 2] No such file or directory: 'aplay'
  ApportVersion: 2.20.1-0ubuntu2.15
  Architecture: amd64
  ArecordDevices: Error: [Errno 2] No such file or directory: 'arecord'
  AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', 
'/dev/snd/timer'] failed with exit code 1:
  CRDA: Error: command ['iw', 'reg', 'get'] failed with exit code 1: nl80211 
not found.
  Date: Thu May 17 14:08:59 2018
  IwConfig: Error: [Errno 2] No such file or directory: 'iwconfig'
  Lsusb: Error: command ['lsusb'] failed with exit code 1:
  MachineType: QEMU Standard PC (i440FX + PIIX, 1996)
  PciMultimedia:

  ProcFB:

  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.4.0-124-generic 
root=UUID=aef88a4e-dbea-4cc7-be8b-03cf8501cc8f ro biosdevname=0 net.ifnames=0 
console=tty1 console=ttyS0 crashkernel=384M-:128M
  RelatedPackageVersions:
   linux-restricted-modules-4.4.0-124-generic N/A
   linux-backports-modules-4.4.0-124-generic  N/A
   linux-firmware 1.157.17
  RfKill: Error: [Errno 2] No such file or directory: 'rfkill'
  SourcePackage: linux
  UpgradeStatus: No upgrade log present (probably fresh install)
  dmi.bios.date: 04/01/2014
  dmi.bios.vendor: SeaBIOS
  dmi.bios.version: rel-1.11.0-0-g63451fca13-prebuilt.qemu-project.org
  dmi.chassis.type: 1
  dmi.chassis.vendor: QEMU
  dmi.chassis.version: pc-i440fx-2.12
  dmi.modalias: 
dmi:bvnSeaBIOS:bvrrel-1.11.0-0-g63451fca13-prebuilt.qemu-project.org:bd04/01/2014:svnQEMU:pnStandardPC(i440FX+PIIX,1996):pvrpc-i440fx-2.12:cvnQEMU:ct1:cvrpc-i440fx-2.12:
  dmi.product.name: Standard PC (i440FX + PIIX, 1996)
  dmi.product.version: pc-i440fx-2.12
  dmi.sys.vendor: QEMU

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1771826/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1771780] Re: [LTCTest][OPAL][OP920] cpupower idle-info is not listing stop4 and stop5 idle states when all CORES are guarded

[Joseph Salisbury]

I built a Bionic test kernel with the patch posted in the description.  The 
test kernel can be downloaded from:
http://kernel.ubuntu.com/~jsalisbury/lp1771780

Can you test this kernel and see if it resolves this bug?

Note about installing test kernels:
• If the test kernel is prior to 4.15(Bionic) you need to install the 
linux-image and linux-image-extra .deb packages.
• If the test kernel is 4.15(Bionic) or newer, you need to install the 
linux-image-unsigned, linux-modules and linux-modules-extra .deb packages.

Thanks in advance!

** Also affects: linux (Ubuntu Cosmic)
   Importance: Critical
 Assignee: Joseph Salisbury (jsalisbury)
   Status: In Progress

** Also affects: linux (Ubuntu Artful)
   Importance: Undecided
   Status: New

** Also affects: linux (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Changed in: linux (Ubuntu Artful)
   Importance: Undecided => Critical

** Changed in: linux (Ubuntu Xenial)
   Importance: Undecided => Critical

** No longer affects: linux (Ubuntu Artful)

** No longer affects: linux (Ubuntu Xenial)

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1771780

Title:
  [LTCTest][OPAL][OP920] cpupower idle-info is not listing stop4 and
  stop5 idle states when all CORES are guarded

Status in The Ubuntu-power-systems project:
  Triaged
Status in linux package in Ubuntu:
  In Progress
Status in linux source package in Bionic:
  In Progress
Status in linux source package in Cosmic:
  In Progress

Bug description:
  == Comment: #0 - PAVAMAN SUBRAMANIYAM  - 2018-05-16 04:07:59 ==
  ---Problem Description---
  cpupower idle-info is not listing stop4 and stop5 idle states when all CORES 
are guarded
   
  ---uname output---
  Linux ltc-wspoon11 4.15.0-20-generic #21-Ubuntu SMP Tue Apr 24 06:14:44 UTC 
2018 ppc64le ppc64le ppc64le GNU/Linux
   
  Machine Type = P9 
   
  ---Debugger---
  A debugger is not configured
   
  ---Steps to Reproduce---
  Install a P9 Open Power Hardware with Ubuntu 18.04 OS.

  root@ltc-wspoon11:~# uname -a
  Linux ltc-wspoon11 4.15.0-20-generic #21-Ubuntu SMP Tue Apr 24 06:14:44 UTC 
2018 ppc64le ppc64le ppc64le GNU/Linux

  root@ltc-wspoon11:~# cat /etc/os-release
  NAME="Ubuntu"
  VERSION="18.04 LTS (Bionic Beaver)"
  ID=ubuntu
  ID_LIKE=debian
  PRETTY_NAME="Ubuntu 18.04 LTS"
  VERSION_ID="18.04"
  HOME_URL="https://www.ubuntu.com/;
  SUPPORT_URL="https://help.ubuntu.com/;
  BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/;
  
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy;
  VERSION_CODENAME=bionic
  UBUNTU_CODENAME=bionic

  Then guard an entire processor and also guard all the CORES in the
  processor 0 except for 1 single core.

  root@ltc-wspoon11:~# opal-gard list
   ID   | Error| Type   | Path
  ---
   0001 |  | Manual | /Sys0/Node0/Proc0/EQ1/EX0/Core0
   0002 |  | Manual | /Sys0/Node0/Proc0/EQ1/EX0/Core1
   0003 |  | Manual | /Sys0/Node0/Proc1
   0004 |  | Manual | /Sys0/Node0/Proc0/EQ2/EX0/Core1
   0005 |  | Manual | /Sys0/Node0/Proc0/EQ2/EX0/Core0
   0006 |  | Manual | /Sys0/Node0/Proc0/EQ2/EX1/Core0
   0007 |  | Manual | /Sys0/Node0/Proc0/EQ2/EX1/Core1
   0008 |  | Manual | /Sys0/Node0/Proc0/EQ3/EX0/Core0
   0009 |  | Manual | /Sys0/Node0/Proc0/EQ3/EX0/Core1
   000a |  | Manual | /Sys0/Node0/Proc0/EQ3/EX1/Core0
   000b |  | Manual | /Sys0/Node0/Proc0/EQ3/EX1/Core1
   000c |  | Manual | /Sys0/Node0/Proc0/EQ4/EX0/Core0
   000d |  | Manual | /Sys0/Node0/Proc0/EQ4/EX0/Core1
   000e |  | Manual | /Sys0/Node0/Proc0/EQ4/EX1/Core0
   000f |  | Manual | /Sys0/Node0/Proc0/EQ4/EX1/Core1
   0010 |  | Manual | /Sys0/Node0/Proc0/EQ5/EX0/Core0
   0011 |  | Manual | /Sys0/Node0/Proc0/EQ5/EX0/Core1
   0012 |  | Manual | /Sys0/Node0/Proc0/EQ5/EX1/Core0
   0013 |  | Manual | /Sys0/Node0/Proc0/EQ5/EX1/Core1
   0014 |  | Manual | /Sys0/Node0/Proc0/EQ1/EX1/Core0
   0015 |  | Manual | /Sys0/Node0/Proc0/EQ1/EX1/Core1
   0016 |  | Manual | /Sys0/Node0/Proc0/EQ0/EX1/Core1
   0017 |  | Manual | /Sys0/Node0/Proc0/EQ0/EX1/Core0
  ===

  Then execute the cpupower idle-info command to check the idle states
  being shown in the OS.

  root@ltc-wspoon11:~# cpupower idle-info
  CPUidle driver: powernv_idle
  CPUidle governor: menu
  analyzing CPU 0:

  Number of idle states: 7
  Available idle states: snooze stop0_lite stop0 stop1_lite stop1 

[Group.of.nepali.translators] [Bug 1732150] Re: Unbound behaviour changes (wrong) when domain-insecure is set for a stub zone with multiple stub-addr(s)

[Andreas Hasenack]

Dropping zesty as it's EOL.

Cosmic and bionic affected.

** Changed in: unbound (Ubuntu Zesty)
   Status: New => Won't Fix

** Also affects: unbound (Ubuntu Bionic)
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1732150

Title:
  Unbound behaviour changes (wrong) when domain-insecure is set for a
  stub zone with multiple stub-addr(s)

Status in Unbound - Caching DNS Resolver:
  Unknown
Status in unbound package in Ubuntu:
  Triaged
Status in unbound source package in Trusty:
  New
Status in unbound source package in Xenial:
  New
Status in unbound source package in Zesty:
  Won't Fix
Status in unbound source package in Artful:
  New
Status in unbound source package in Bionic:
  New

Bug description:
  Unbound contains a bug when domain-insecure is set for a (stub) zone.
  This bug is fixed, see https://www.nlnetlabs.nl/bugs-
  script/show_bug.cgi?id=2882. Can you please backport this to the
  Trusty package?

  With regards,
  Richard Arends

To manage notifications about this bug go to:
https://bugs.launchpad.net/unbound/+bug/1732150/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1769980] Re: Intel WiFi Linux driver update for ETSI 5GHz Adaptivity Requirement

[Launchpad Bug Tracker]

This bug was fixed in the package wireless-regdb - 2018.05.09-0ubuntu1

---
wireless-regdb (2018.05.09-0ubuntu1) cosmic; urgency=medium

  * New upstream release. (LP: #1769980)
  * debian/patches:
- Drop existing patches.
- 0001-wireless-regdb-Fix-comparison-of-WmmRule-with-NoneTy.patch,
  0002-wireless-regdb-Fix-iteration-in-create_wmms-for-pyth.patch: Fix
  errors when building regdb with python 3.
  * debian/rules: Change to no longer build from source; use upstream
binaries instead.
  * debian/control: Update Build-Depends and maintainer information

 -- Seth Forshee   Fri, 18 May 2018 12:07:58
-0500

** Changed in: wireless-regdb (Ubuntu)
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1769980

Title:
  Intel WiFi Linux driver update for ETSI 5GHz Adaptivity Requirement

Status in HWE Next:
  In Progress
Status in OEM Priority Project:
  Triaged
Status in linux package in Ubuntu:
  Confirmed
Status in linux-firmware package in Ubuntu:
  Fix Released
Status in linux-oem package in Ubuntu:
  New
Status in wireless-regdb package in Ubuntu:
  Fix Released
Status in linux source package in Xenial:
  In Progress
Status in linux-firmware source package in Xenial:
  Fix Committed
Status in linux-oem source package in Xenial:
  New
Status in wireless-regdb source package in Xenial:
  New
Status in linux source package in Bionic:
  In Progress
Status in linux-firmware source package in Bionic:
  Fix Committed
Status in linux-oem source package in Bionic:
  New
Status in wireless-regdb source package in Bionic:
  New

Bug description:
  Intel wireless driver and firmware require updates in order to meet
  the new ETSI regulation [1] for OEM machines shipped from factories.

  Intel provided us the following information for what are required to
  update:

  1. Kernel driver:

  https://patchwork.kernel.org/patch/10322121/
  https://patchwork.kernel.org/patch/10312731/
  https://patchwork.kernel.org/patch/10312735/
  https://patchwork.kernel.org/patch/10312733/

  - 7260, 7265, 7265D and 3168 NICs, 4.15 plus above driver patches
  - 8000 series requires 4.16.
  - 9000 series requires 4.17.

  2. linux-firmware
  Requires latest versions from linux-firmware.git

  3. wireless-regdb update

  [1]
  
http://www.etsi.org/deliver/etsi_en/301800_301899/301893/02.01.01_60/en_301893v020101p.pdf

  ---
  == SRU Justification for linux-firmware ==
  [Impact]
  Intel released these firmware updates to support the new ETSI 5GHz Adaptivity 
Requirement, OEM has to meet it in order to ship.

  [Test Case]
  Check dmesg to confirm the correct firmware is loaded, make sure the revision 
is correct, and check wifi can functions properly.

  [Regression Potential]
  It is possible that there is regression introduced by Intel's firmware, so 
should make sure wifi still works properly after the new firmware is used. We 
have verified the new firmwares of 7260 and 7265D on 4.4
  and 4.15 kernels. The 8000 and 9000 series firmwares have newer API versions 
and will need to confirm with subsequent driver changes.

To manage notifications about this bug go to:
https://bugs.launchpad.net/hwe-next/+bug/1769980/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1765007] Re: Xenial update to 4.4.127 stable release

[Launchpad Bug Tracker]

This bug was fixed in the package linux - 4.4.0-127.153

---
linux (4.4.0-127.153) xenial; urgency=medium

  * CVE-2018-3639 (powerpc)
- powerpc/pseries: Support firmware disable of RFI flush
- powerpc/powernv: Support firmware disable of RFI flush
- powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code
- powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again
- powerpc/rfi-flush: Always enable fallback flush on pseries
- powerpc/rfi-flush: Differentiate enabled and patched flush types
- powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration
- powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags
- powerpc: Add security feature flags for Spectre/Meltdown
- powerpc/pseries: Set or clear security feature flags
- powerpc/powernv: Set or clear security feature flags
- powerpc/64s: Move cpu_show_meltdown()
- powerpc/64s: Enhance the information in cpu_show_meltdown()
- powerpc/powernv: Use the security flags in pnv_setup_rfi_flush()
- powerpc/pseries: Use the security flags in pseries_setup_rfi_flush()
- powerpc/64s: Wire up cpu_show_spectre_v1()
- powerpc/64s: Wire up cpu_show_spectre_v2()
- powerpc/pseries: Fix clearing of security feature flags
- powerpc: Move default security feature flags
- powerpc/pseries: Restore default security feature flags on setup
- SAUCE: powerpc/64s: Add support for a store forwarding barrier at kernel
  entry/exit

  * CVE-2018-3639 (x86)
- SAUCE: Clean up IBPB and IBRS control functions and macros
- SAUCE: Fix up IBPB and IBRS kernel parameters documentation
- SAUCE: Remove #define X86_FEATURE_PTI
- x86/cpufeature: Move some of the scattered feature bits to x86_capability
- x86/cpufeature: Cleanup get_cpu_cap()
- x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6
- x86/cpufeatures: Add CPUID_7_EDX CPUID leaf
- x86/cpufeatures: Add Intel feature bits for Speculation Control
- SAUCE: x86/kvm: Expose SPEC_CTRL from the leaf
- x86/cpufeatures: Add AMD feature bits for Speculation Control
- x86/msr: Add definitions for new speculation control MSRs
- SAUCE: x86/msr: Rename MSR spec control feature bits
- x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
- x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 
microcodes
- x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) 
support
- x86/speculation: Add  dependency
- x86/cpufeatures: Clean up Spectre v2 related CPUID flags
- x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel
- SAUCE: x86/speculation: Move vendor specific IBRS/IBPB control code
- SAUCE: x86: Add alternative_msr_write
- SAUCE: x86/nospec: Simplify alternative_msr_write()
- SAUCE: x86/bugs: Concentrate bug detection into a separate function
- SAUCE: x86/bugs: Concentrate bug reporting into a separate function
- arch: Introduce post-init read-only memory
- SAUCE: x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
- SAUCE: x86/bugs, KVM: Support the combination of guest and host IBRS
- SAUCE: x86/bugs: Expose /sys/../spec_store_bypass
- SAUCE: x86/cpufeatures: Add X86_FEATURE_RDS
- SAUCE: x86/bugs: Provide boot parameters for the spec_store_bypass_disable
  mitigation
- SAUCE: x86/bugs/intel: Set proper CPU features and setup RDS
- SAUCE: x86/bugs: Whitelist allowed SPEC_CTRL MSR values
- SAUCE: x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if
  requested
- SAUCE: x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
- SAUCE: x86/speculation: Create spec-ctrl.h to avoid include hell
- SAUCE: prctl: Add speculation control prctls
- x86/process: Optimize TIF checks in __switch_to_xtra()
- SAUCE: x86/process: Allow runtime control of Speculative Store Bypass
- SAUCE: x86/speculation: Add prctl for Speculative Store Bypass mitigation
- SAUCE: nospec: Allow getting/setting on non-current task
- SAUCE: proc: Provide details on speculation flaw mitigations
- SAUCE: seccomp: Enable speculation flaw mitigations
- SAUCE: x86/bugs: Honour SPEC_CTRL default
- SAUCE: x86/bugs: Make boot modes __ro_after_init
- SAUCE: prctl: Add force disable speculation
- SAUCE: seccomp: Use PR_SPEC_FORCE_DISABLE
- selftest/seccomp: Fix the flag name SECCOMP_FILTER_FLAG_TSYNC
- SAUCE: seccomp: Add filter flag to opt-out of SSB mitigation
- SAUCE: seccomp: Move speculation migitation control to arch code
- SAUCE: x86/speculation: Make "seccomp" the default mode for Speculative
  Store Bypass
- SAUCE: x86/bugs: Rename _RDS to _SSBD
- SAUCE: proc: Use underscores for SSBD in 'status'
- SAUCE: Documentation/spec_ctrl: Do some minor cleanups
- SAUCE: x86/bugs: Fix __ssb_select_mitigation() return type
- SAUCE: x86/bugs: Make cpu_show_common() static

[Group.of.nepali.translators] [Bug 1765010] Re: Xenial update to 4.4.128 stable release

[Launchpad Bug Tracker]

This bug was fixed in the package linux - 4.4.0-127.153

---
linux (4.4.0-127.153) xenial; urgency=medium

  * CVE-2018-3639 (powerpc)
- powerpc/pseries: Support firmware disable of RFI flush
- powerpc/powernv: Support firmware disable of RFI flush
- powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code
- powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again
- powerpc/rfi-flush: Always enable fallback flush on pseries
- powerpc/rfi-flush: Differentiate enabled and patched flush types
- powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration
- powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags
- powerpc: Add security feature flags for Spectre/Meltdown
- powerpc/pseries: Set or clear security feature flags
- powerpc/powernv: Set or clear security feature flags
- powerpc/64s: Move cpu_show_meltdown()
- powerpc/64s: Enhance the information in cpu_show_meltdown()
- powerpc/powernv: Use the security flags in pnv_setup_rfi_flush()
- powerpc/pseries: Use the security flags in pseries_setup_rfi_flush()
- powerpc/64s: Wire up cpu_show_spectre_v1()
- powerpc/64s: Wire up cpu_show_spectre_v2()
- powerpc/pseries: Fix clearing of security feature flags
- powerpc: Move default security feature flags
- powerpc/pseries: Restore default security feature flags on setup
- SAUCE: powerpc/64s: Add support for a store forwarding barrier at kernel
  entry/exit

  * CVE-2018-3639 (x86)
- SAUCE: Clean up IBPB and IBRS control functions and macros
- SAUCE: Fix up IBPB and IBRS kernel parameters documentation
- SAUCE: Remove #define X86_FEATURE_PTI
- x86/cpufeature: Move some of the scattered feature bits to x86_capability
- x86/cpufeature: Cleanup get_cpu_cap()
- x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6
- x86/cpufeatures: Add CPUID_7_EDX CPUID leaf
- x86/cpufeatures: Add Intel feature bits for Speculation Control
- SAUCE: x86/kvm: Expose SPEC_CTRL from the leaf
- x86/cpufeatures: Add AMD feature bits for Speculation Control
- x86/msr: Add definitions for new speculation control MSRs
- SAUCE: x86/msr: Rename MSR spec control feature bits
- x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
- x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 
microcodes
- x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) 
support
- x86/speculation: Add  dependency
- x86/cpufeatures: Clean up Spectre v2 related CPUID flags
- x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel
- SAUCE: x86/speculation: Move vendor specific IBRS/IBPB control code
- SAUCE: x86: Add alternative_msr_write
- SAUCE: x86/nospec: Simplify alternative_msr_write()
- SAUCE: x86/bugs: Concentrate bug detection into a separate function
- SAUCE: x86/bugs: Concentrate bug reporting into a separate function
- arch: Introduce post-init read-only memory
- SAUCE: x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
- SAUCE: x86/bugs, KVM: Support the combination of guest and host IBRS
- SAUCE: x86/bugs: Expose /sys/../spec_store_bypass
- SAUCE: x86/cpufeatures: Add X86_FEATURE_RDS
- SAUCE: x86/bugs: Provide boot parameters for the spec_store_bypass_disable
  mitigation
- SAUCE: x86/bugs/intel: Set proper CPU features and setup RDS
- SAUCE: x86/bugs: Whitelist allowed SPEC_CTRL MSR values
- SAUCE: x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if
  requested
- SAUCE: x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
- SAUCE: x86/speculation: Create spec-ctrl.h to avoid include hell
- SAUCE: prctl: Add speculation control prctls
- x86/process: Optimize TIF checks in __switch_to_xtra()
- SAUCE: x86/process: Allow runtime control of Speculative Store Bypass
- SAUCE: x86/speculation: Add prctl for Speculative Store Bypass mitigation
- SAUCE: nospec: Allow getting/setting on non-current task
- SAUCE: proc: Provide details on speculation flaw mitigations
- SAUCE: seccomp: Enable speculation flaw mitigations
- SAUCE: x86/bugs: Honour SPEC_CTRL default
- SAUCE: x86/bugs: Make boot modes __ro_after_init
- SAUCE: prctl: Add force disable speculation
- SAUCE: seccomp: Use PR_SPEC_FORCE_DISABLE
- selftest/seccomp: Fix the flag name SECCOMP_FILTER_FLAG_TSYNC
- SAUCE: seccomp: Add filter flag to opt-out of SSB mitigation
- SAUCE: seccomp: Move speculation migitation control to arch code
- SAUCE: x86/speculation: Make "seccomp" the default mode for Speculative
  Store Bypass
- SAUCE: x86/bugs: Rename _RDS to _SSBD
- SAUCE: proc: Use underscores for SSBD in 'status'
- SAUCE: Documentation/spec_ctrl: Do some minor cleanups
- SAUCE: x86/bugs: Fix __ssb_select_mitigation() return type
- SAUCE: x86/bugs: Make cpu_show_common() static

[Group.of.nepali.translators] [Bug 1764973] Re: Xenial update to 4.4.125 stable release

[Launchpad Bug Tracker]

This bug was fixed in the package linux - 4.4.0-127.153

---
linux (4.4.0-127.153) xenial; urgency=medium

  * CVE-2018-3639 (powerpc)
- powerpc/pseries: Support firmware disable of RFI flush
- powerpc/powernv: Support firmware disable of RFI flush
- powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code
- powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again
- powerpc/rfi-flush: Always enable fallback flush on pseries
- powerpc/rfi-flush: Differentiate enabled and patched flush types
- powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration
- powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags
- powerpc: Add security feature flags for Spectre/Meltdown
- powerpc/pseries: Set or clear security feature flags
- powerpc/powernv: Set or clear security feature flags
- powerpc/64s: Move cpu_show_meltdown()
- powerpc/64s: Enhance the information in cpu_show_meltdown()
- powerpc/powernv: Use the security flags in pnv_setup_rfi_flush()
- powerpc/pseries: Use the security flags in pseries_setup_rfi_flush()
- powerpc/64s: Wire up cpu_show_spectre_v1()
- powerpc/64s: Wire up cpu_show_spectre_v2()
- powerpc/pseries: Fix clearing of security feature flags
- powerpc: Move default security feature flags
- powerpc/pseries: Restore default security feature flags on setup
- SAUCE: powerpc/64s: Add support for a store forwarding barrier at kernel
  entry/exit

  * CVE-2018-3639 (x86)
- SAUCE: Clean up IBPB and IBRS control functions and macros
- SAUCE: Fix up IBPB and IBRS kernel parameters documentation
- SAUCE: Remove #define X86_FEATURE_PTI
- x86/cpufeature: Move some of the scattered feature bits to x86_capability
- x86/cpufeature: Cleanup get_cpu_cap()
- x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6
- x86/cpufeatures: Add CPUID_7_EDX CPUID leaf
- x86/cpufeatures: Add Intel feature bits for Speculation Control
- SAUCE: x86/kvm: Expose SPEC_CTRL from the leaf
- x86/cpufeatures: Add AMD feature bits for Speculation Control
- x86/msr: Add definitions for new speculation control MSRs
- SAUCE: x86/msr: Rename MSR spec control feature bits
- x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
- x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 
microcodes
- x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) 
support
- x86/speculation: Add  dependency
- x86/cpufeatures: Clean up Spectre v2 related CPUID flags
- x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel
- SAUCE: x86/speculation: Move vendor specific IBRS/IBPB control code
- SAUCE: x86: Add alternative_msr_write
- SAUCE: x86/nospec: Simplify alternative_msr_write()
- SAUCE: x86/bugs: Concentrate bug detection into a separate function
- SAUCE: x86/bugs: Concentrate bug reporting into a separate function
- arch: Introduce post-init read-only memory
- SAUCE: x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
- SAUCE: x86/bugs, KVM: Support the combination of guest and host IBRS
- SAUCE: x86/bugs: Expose /sys/../spec_store_bypass
- SAUCE: x86/cpufeatures: Add X86_FEATURE_RDS
- SAUCE: x86/bugs: Provide boot parameters for the spec_store_bypass_disable
  mitigation
- SAUCE: x86/bugs/intel: Set proper CPU features and setup RDS
- SAUCE: x86/bugs: Whitelist allowed SPEC_CTRL MSR values
- SAUCE: x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if
  requested
- SAUCE: x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
- SAUCE: x86/speculation: Create spec-ctrl.h to avoid include hell
- SAUCE: prctl: Add speculation control prctls
- x86/process: Optimize TIF checks in __switch_to_xtra()
- SAUCE: x86/process: Allow runtime control of Speculative Store Bypass
- SAUCE: x86/speculation: Add prctl for Speculative Store Bypass mitigation
- SAUCE: nospec: Allow getting/setting on non-current task
- SAUCE: proc: Provide details on speculation flaw mitigations
- SAUCE: seccomp: Enable speculation flaw mitigations
- SAUCE: x86/bugs: Honour SPEC_CTRL default
- SAUCE: x86/bugs: Make boot modes __ro_after_init
- SAUCE: prctl: Add force disable speculation
- SAUCE: seccomp: Use PR_SPEC_FORCE_DISABLE
- selftest/seccomp: Fix the flag name SECCOMP_FILTER_FLAG_TSYNC
- SAUCE: seccomp: Add filter flag to opt-out of SSB mitigation
- SAUCE: seccomp: Move speculation migitation control to arch code
- SAUCE: x86/speculation: Make "seccomp" the default mode for Speculative
  Store Bypass
- SAUCE: x86/bugs: Rename _RDS to _SSBD
- SAUCE: proc: Use underscores for SSBD in 'status'
- SAUCE: Documentation/spec_ctrl: Do some minor cleanups
- SAUCE: x86/bugs: Fix __ssb_select_mitigation() return type
- SAUCE: x86/bugs: Make cpu_show_common() static

[Group.of.nepali.translators] [Bug 1764684] Re: Fix an issue that some PCI devices get incorrectly suspended

[Launchpad Bug Tracker]

This bug was fixed in the package linux-oem - 4.13.0-1028.31

---
linux-oem (4.13.0-1028.31) xenial; urgency=medium

  [ Ubuntu: 4.13.0-43.48 ]

  * CVE-2018-3639 (powerpc)
- SAUCE: rfi-flush: update H_CPU_* macro names to upstream
- SAUCE: rfi-flush: update plpar_get_cpu_characteristics() signature to
  upstream
- SAUCE: update pseries_setup_rfi_flush() capitalization to upstream
- powerpc/pseries: Support firmware disable of RFI flush
- powerpc/powernv: Support firmware disable of RFI flush
- powerpc/64s: Allow control of RFI flush via debugfs
- powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code
- powerpc/rfi-flush: Always enable fallback flush on pseries
- powerpc/rfi-flush: Differentiate enabled and patched flush types
- powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags
- powerpc: Add security feature flags for Spectre/Meltdown
- powerpc/powernv: Set or clear security feature flags
- powerpc/pseries: Set or clear security feature flags
- powerpc/powernv: Use the security flags in pnv_setup_rfi_flush()
- powerpc/pseries: Use the security flags in pseries_setup_rfi_flush()
- powerpc/pseries: Fix clearing of security feature flags
- powerpc: Move default security feature flags
- powerpc/pseries: Restore default security feature flags on setup
- powerpc/64s: Add support for a store forwarding barrier at kernel 
entry/exit
  * CVE-2018-3639 (x86)
- SAUCE: Add X86_FEATURE_ARCH_CAPABILITIES
- SAUCE: x86: Add alternative_msr_write
- x86/nospec: Simplify alternative_msr_write()
- x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
- x86/bugs: Concentrate bug detection into a separate function
- x86/bugs: Concentrate bug reporting into a separate function
- x86/msr: Add definitions for new speculation control MSRs
- x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
- x86/bugs, KVM: Support the combination of guest and host IBRS
- x86/bugs: Expose /sys/../spec_store_bypass
- x86/cpufeatures: Add X86_FEATURE_RDS
- x86/bugs: Provide boot parameters for the spec_store_bypass_disable
  mitigation
- x86/bugs/intel: Set proper CPU features and setup RDS
- x86/bugs: Whitelist allowed SPEC_CTRL MSR values
- x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested
- x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
- x86/speculation: Create spec-ctrl.h to avoid include hell
- prctl: Add speculation control prctls
- x86/process: Allow runtime control of Speculative Store Bypass
- x86/speculation: Add prctl for Speculative Store Bypass mitigation
- nospec: Allow getting/setting on non-current task
- proc: Provide details on speculation flaw mitigations
- seccomp: Enable speculation flaw mitigations
- SAUCE: x86/bugs: Honour SPEC_CTRL default
- x86/bugs: Make boot modes __ro_after_init
- prctl: Add force disable speculation
- seccomp: Use PR_SPEC_FORCE_DISABLE
- seccomp: Add filter flag to opt-out of SSB mitigation
- seccomp: Move speculation migitation control to arch code
- x86/speculation: Make "seccomp" the default mode for Speculative Store
  Bypass
- x86/bugs: Rename _RDS to _SSBD
- proc: Use underscores for SSBD in 'status'
- Documentation/spec_ctrl: Do some minor cleanups
- x86/bugs: Fix __ssb_select_mitigation() return type
- x86/bugs: Make cpu_show_common() static
  * LSM Stacking prctl values should be redefined as to not collide with
upstream prctls (LP: #1769263) // CVE-2018-3639
- SAUCE: LSM stacking: adjust prctl values

linux-oem (4.13.0-1027.30) xenial; urgency=medium

  * linux-oem: 4.13.0-1027.30 -proposed tracker (LP: #1769996)

  * set PINCFG_HEADSET_MIC to parse_flags for Dell precision 3630 (LP: #1766398)
- ALSA: hda/realtek - set PINCFG_HEADSET_MIC to parse_flags

  * Change the location for one of two front mics on a lenovo thinkcentre
machine (LP: #1766477)
- ALSA: hda/realtek - adjust the location of one mic

  * Update btusb reset-resume quirk to decrease power usage (LP: #1766197)
- SAUCE: Revert "usb: quirks: Add reset-resume quirk for Dell DW1820 QCA 
Rome
  Bluetooth"
- Bluetooth: btusb: Use DMI matching for QCA reset_resume quirking
- Bluetooth: btusb: Remove Yoga 920 from the btusb_needs_reset_resume_table
- Bluetooth: btusb: Add Dell OptiPlex 3060 to btusb_needs_reset_resume_table

  * Update Aquantia driver to fix various issues (LP: #1759303)
- SAUCE: Revert "net: aquantia: Reset nic statistics on interface up/down"
- SAUCE: Revert "net: aquantia: Add queue restarts stats counter"
- SAUCE: Revert "net: aquantia: Fixed transient link up/down/up 
notification"
- SAUCE: Revert "net: aquantia: Limit number of MSIX irqs to the number of
  cpus"
- SAUCE: Revert "net: aquantia: mmio unmap was not performed on driver
   

[Group.of.nepali.translators] [Bug 1765241] Re: virtio_scsi race can corrupt memory, panic kernel

[Launchpad Bug Tracker]

This bug was fixed in the package linux - 4.4.0-127.153

---
linux (4.4.0-127.153) xenial; urgency=medium

  * CVE-2018-3639 (powerpc)
- powerpc/pseries: Support firmware disable of RFI flush
- powerpc/powernv: Support firmware disable of RFI flush
- powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code
- powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again
- powerpc/rfi-flush: Always enable fallback flush on pseries
- powerpc/rfi-flush: Differentiate enabled and patched flush types
- powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration
- powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags
- powerpc: Add security feature flags for Spectre/Meltdown
- powerpc/pseries: Set or clear security feature flags
- powerpc/powernv: Set or clear security feature flags
- powerpc/64s: Move cpu_show_meltdown()
- powerpc/64s: Enhance the information in cpu_show_meltdown()
- powerpc/powernv: Use the security flags in pnv_setup_rfi_flush()
- powerpc/pseries: Use the security flags in pseries_setup_rfi_flush()
- powerpc/64s: Wire up cpu_show_spectre_v1()
- powerpc/64s: Wire up cpu_show_spectre_v2()
- powerpc/pseries: Fix clearing of security feature flags
- powerpc: Move default security feature flags
- powerpc/pseries: Restore default security feature flags on setup
- SAUCE: powerpc/64s: Add support for a store forwarding barrier at kernel
  entry/exit

  * CVE-2018-3639 (x86)
- SAUCE: Clean up IBPB and IBRS control functions and macros
- SAUCE: Fix up IBPB and IBRS kernel parameters documentation
- SAUCE: Remove #define X86_FEATURE_PTI
- x86/cpufeature: Move some of the scattered feature bits to x86_capability
- x86/cpufeature: Cleanup get_cpu_cap()
- x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6
- x86/cpufeatures: Add CPUID_7_EDX CPUID leaf
- x86/cpufeatures: Add Intel feature bits for Speculation Control
- SAUCE: x86/kvm: Expose SPEC_CTRL from the leaf
- x86/cpufeatures: Add AMD feature bits for Speculation Control
- x86/msr: Add definitions for new speculation control MSRs
- SAUCE: x86/msr: Rename MSR spec control feature bits
- x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
- x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 
microcodes
- x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) 
support
- x86/speculation: Add  dependency
- x86/cpufeatures: Clean up Spectre v2 related CPUID flags
- x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel
- SAUCE: x86/speculation: Move vendor specific IBRS/IBPB control code
- SAUCE: x86: Add alternative_msr_write
- SAUCE: x86/nospec: Simplify alternative_msr_write()
- SAUCE: x86/bugs: Concentrate bug detection into a separate function
- SAUCE: x86/bugs: Concentrate bug reporting into a separate function
- arch: Introduce post-init read-only memory
- SAUCE: x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
- SAUCE: x86/bugs, KVM: Support the combination of guest and host IBRS
- SAUCE: x86/bugs: Expose /sys/../spec_store_bypass
- SAUCE: x86/cpufeatures: Add X86_FEATURE_RDS
- SAUCE: x86/bugs: Provide boot parameters for the spec_store_bypass_disable
  mitigation
- SAUCE: x86/bugs/intel: Set proper CPU features and setup RDS
- SAUCE: x86/bugs: Whitelist allowed SPEC_CTRL MSR values
- SAUCE: x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if
  requested
- SAUCE: x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
- SAUCE: x86/speculation: Create spec-ctrl.h to avoid include hell
- SAUCE: prctl: Add speculation control prctls
- x86/process: Optimize TIF checks in __switch_to_xtra()
- SAUCE: x86/process: Allow runtime control of Speculative Store Bypass
- SAUCE: x86/speculation: Add prctl for Speculative Store Bypass mitigation
- SAUCE: nospec: Allow getting/setting on non-current task
- SAUCE: proc: Provide details on speculation flaw mitigations
- SAUCE: seccomp: Enable speculation flaw mitigations
- SAUCE: x86/bugs: Honour SPEC_CTRL default
- SAUCE: x86/bugs: Make boot modes __ro_after_init
- SAUCE: prctl: Add force disable speculation
- SAUCE: seccomp: Use PR_SPEC_FORCE_DISABLE
- selftest/seccomp: Fix the flag name SECCOMP_FILTER_FLAG_TSYNC
- SAUCE: seccomp: Add filter flag to opt-out of SSB mitigation
- SAUCE: seccomp: Move speculation migitation control to arch code
- SAUCE: x86/speculation: Make "seccomp" the default mode for Speculative
  Store Bypass
- SAUCE: x86/bugs: Rename _RDS to _SSBD
- SAUCE: proc: Use underscores for SSBD in 'status'
- SAUCE: Documentation/spec_ctrl: Do some minor cleanups
- SAUCE: x86/bugs: Fix __ssb_select_mitigation() return type
- SAUCE: x86/bugs: Make cpu_show_common() static

[Group.of.nepali.translators] [Bug 1764999] Re: Xenial update to 4.4.126 stable release

[Launchpad Bug Tracker]

This bug was fixed in the package linux - 4.4.0-127.153

---
linux (4.4.0-127.153) xenial; urgency=medium

  * CVE-2018-3639 (powerpc)
- powerpc/pseries: Support firmware disable of RFI flush
- powerpc/powernv: Support firmware disable of RFI flush
- powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code
- powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again
- powerpc/rfi-flush: Always enable fallback flush on pseries
- powerpc/rfi-flush: Differentiate enabled and patched flush types
- powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration
- powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags
- powerpc: Add security feature flags for Spectre/Meltdown
- powerpc/pseries: Set or clear security feature flags
- powerpc/powernv: Set or clear security feature flags
- powerpc/64s: Move cpu_show_meltdown()
- powerpc/64s: Enhance the information in cpu_show_meltdown()
- powerpc/powernv: Use the security flags in pnv_setup_rfi_flush()
- powerpc/pseries: Use the security flags in pseries_setup_rfi_flush()
- powerpc/64s: Wire up cpu_show_spectre_v1()
- powerpc/64s: Wire up cpu_show_spectre_v2()
- powerpc/pseries: Fix clearing of security feature flags
- powerpc: Move default security feature flags
- powerpc/pseries: Restore default security feature flags on setup
- SAUCE: powerpc/64s: Add support for a store forwarding barrier at kernel
  entry/exit

  * CVE-2018-3639 (x86)
- SAUCE: Clean up IBPB and IBRS control functions and macros
- SAUCE: Fix up IBPB and IBRS kernel parameters documentation
- SAUCE: Remove #define X86_FEATURE_PTI
- x86/cpufeature: Move some of the scattered feature bits to x86_capability
- x86/cpufeature: Cleanup get_cpu_cap()
- x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6
- x86/cpufeatures: Add CPUID_7_EDX CPUID leaf
- x86/cpufeatures: Add Intel feature bits for Speculation Control
- SAUCE: x86/kvm: Expose SPEC_CTRL from the leaf
- x86/cpufeatures: Add AMD feature bits for Speculation Control
- x86/msr: Add definitions for new speculation control MSRs
- SAUCE: x86/msr: Rename MSR spec control feature bits
- x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
- x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 
microcodes
- x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) 
support
- x86/speculation: Add  dependency
- x86/cpufeatures: Clean up Spectre v2 related CPUID flags
- x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel
- SAUCE: x86/speculation: Move vendor specific IBRS/IBPB control code
- SAUCE: x86: Add alternative_msr_write
- SAUCE: x86/nospec: Simplify alternative_msr_write()
- SAUCE: x86/bugs: Concentrate bug detection into a separate function
- SAUCE: x86/bugs: Concentrate bug reporting into a separate function
- arch: Introduce post-init read-only memory
- SAUCE: x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
- SAUCE: x86/bugs, KVM: Support the combination of guest and host IBRS
- SAUCE: x86/bugs: Expose /sys/../spec_store_bypass
- SAUCE: x86/cpufeatures: Add X86_FEATURE_RDS
- SAUCE: x86/bugs: Provide boot parameters for the spec_store_bypass_disable
  mitigation
- SAUCE: x86/bugs/intel: Set proper CPU features and setup RDS
- SAUCE: x86/bugs: Whitelist allowed SPEC_CTRL MSR values
- SAUCE: x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if
  requested
- SAUCE: x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
- SAUCE: x86/speculation: Create spec-ctrl.h to avoid include hell
- SAUCE: prctl: Add speculation control prctls
- x86/process: Optimize TIF checks in __switch_to_xtra()
- SAUCE: x86/process: Allow runtime control of Speculative Store Bypass
- SAUCE: x86/speculation: Add prctl for Speculative Store Bypass mitigation
- SAUCE: nospec: Allow getting/setting on non-current task
- SAUCE: proc: Provide details on speculation flaw mitigations
- SAUCE: seccomp: Enable speculation flaw mitigations
- SAUCE: x86/bugs: Honour SPEC_CTRL default
- SAUCE: x86/bugs: Make boot modes __ro_after_init
- SAUCE: prctl: Add force disable speculation
- SAUCE: seccomp: Use PR_SPEC_FORCE_DISABLE
- selftest/seccomp: Fix the flag name SECCOMP_FILTER_FLAG_TSYNC
- SAUCE: seccomp: Add filter flag to opt-out of SSB mitigation
- SAUCE: seccomp: Move speculation migitation control to arch code
- SAUCE: x86/speculation: Make "seccomp" the default mode for Speculative
  Store Bypass
- SAUCE: x86/bugs: Rename _RDS to _SSBD
- SAUCE: proc: Use underscores for SSBD in 'status'
- SAUCE: Documentation/spec_ctrl: Do some minor cleanups
- SAUCE: x86/bugs: Fix __ssb_select_mitigation() return type
- SAUCE: x86/bugs: Make cpu_show_common() static

[Group.of.nepali.translators] [Bug 1758507] Re: sky2 gigabit ethernet driver sometimes stops working after lid-open resume from sleep (88E8055)

[Launchpad Bug Tracker]

This bug was fixed in the package linux - 4.4.0-127.153

---
linux (4.4.0-127.153) xenial; urgency=medium

  * CVE-2018-3639 (powerpc)
- powerpc/pseries: Support firmware disable of RFI flush
- powerpc/powernv: Support firmware disable of RFI flush
- powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code
- powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again
- powerpc/rfi-flush: Always enable fallback flush on pseries
- powerpc/rfi-flush: Differentiate enabled and patched flush types
- powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration
- powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags
- powerpc: Add security feature flags for Spectre/Meltdown
- powerpc/pseries: Set or clear security feature flags
- powerpc/powernv: Set or clear security feature flags
- powerpc/64s: Move cpu_show_meltdown()
- powerpc/64s: Enhance the information in cpu_show_meltdown()
- powerpc/powernv: Use the security flags in pnv_setup_rfi_flush()
- powerpc/pseries: Use the security flags in pseries_setup_rfi_flush()
- powerpc/64s: Wire up cpu_show_spectre_v1()
- powerpc/64s: Wire up cpu_show_spectre_v2()
- powerpc/pseries: Fix clearing of security feature flags
- powerpc: Move default security feature flags
- powerpc/pseries: Restore default security feature flags on setup
- SAUCE: powerpc/64s: Add support for a store forwarding barrier at kernel
  entry/exit

  * CVE-2018-3639 (x86)
- SAUCE: Clean up IBPB and IBRS control functions and macros
- SAUCE: Fix up IBPB and IBRS kernel parameters documentation
- SAUCE: Remove #define X86_FEATURE_PTI
- x86/cpufeature: Move some of the scattered feature bits to x86_capability
- x86/cpufeature: Cleanup get_cpu_cap()
- x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6
- x86/cpufeatures: Add CPUID_7_EDX CPUID leaf
- x86/cpufeatures: Add Intel feature bits for Speculation Control
- SAUCE: x86/kvm: Expose SPEC_CTRL from the leaf
- x86/cpufeatures: Add AMD feature bits for Speculation Control
- x86/msr: Add definitions for new speculation control MSRs
- SAUCE: x86/msr: Rename MSR spec control feature bits
- x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
- x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 
microcodes
- x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) 
support
- x86/speculation: Add  dependency
- x86/cpufeatures: Clean up Spectre v2 related CPUID flags
- x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel
- SAUCE: x86/speculation: Move vendor specific IBRS/IBPB control code
- SAUCE: x86: Add alternative_msr_write
- SAUCE: x86/nospec: Simplify alternative_msr_write()
- SAUCE: x86/bugs: Concentrate bug detection into a separate function
- SAUCE: x86/bugs: Concentrate bug reporting into a separate function
- arch: Introduce post-init read-only memory
- SAUCE: x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
- SAUCE: x86/bugs, KVM: Support the combination of guest and host IBRS
- SAUCE: x86/bugs: Expose /sys/../spec_store_bypass
- SAUCE: x86/cpufeatures: Add X86_FEATURE_RDS
- SAUCE: x86/bugs: Provide boot parameters for the spec_store_bypass_disable
  mitigation
- SAUCE: x86/bugs/intel: Set proper CPU features and setup RDS
- SAUCE: x86/bugs: Whitelist allowed SPEC_CTRL MSR values
- SAUCE: x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if
  requested
- SAUCE: x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
- SAUCE: x86/speculation: Create spec-ctrl.h to avoid include hell
- SAUCE: prctl: Add speculation control prctls
- x86/process: Optimize TIF checks in __switch_to_xtra()
- SAUCE: x86/process: Allow runtime control of Speculative Store Bypass
- SAUCE: x86/speculation: Add prctl for Speculative Store Bypass mitigation
- SAUCE: nospec: Allow getting/setting on non-current task
- SAUCE: proc: Provide details on speculation flaw mitigations
- SAUCE: seccomp: Enable speculation flaw mitigations
- SAUCE: x86/bugs: Honour SPEC_CTRL default
- SAUCE: x86/bugs: Make boot modes __ro_after_init
- SAUCE: prctl: Add force disable speculation
- SAUCE: seccomp: Use PR_SPEC_FORCE_DISABLE
- selftest/seccomp: Fix the flag name SECCOMP_FILTER_FLAG_TSYNC
- SAUCE: seccomp: Add filter flag to opt-out of SSB mitigation
- SAUCE: seccomp: Move speculation migitation control to arch code
- SAUCE: x86/speculation: Make "seccomp" the default mode for Speculative
  Store Bypass
- SAUCE: x86/bugs: Rename _RDS to _SSBD
- SAUCE: proc: Use underscores for SSBD in 'status'
- SAUCE: Documentation/spec_ctrl: Do some minor cleanups
- SAUCE: x86/bugs: Fix __ssb_select_mitigation() return type
- SAUCE: x86/bugs: Make cpu_show_common() static

[Group.of.nepali.translators] [Bug 1762693] Re: No network with e1000e driver on 4.13.0-38-generic

[Launchpad Bug Tracker]

This bug was fixed in the package linux - 4.13.0-43.48

---
linux (4.13.0-43.48) artful; urgency=medium

  * CVE-2018-3639 (powerpc)
- SAUCE: rfi-flush: update H_CPU_* macro names to upstream
- SAUCE: rfi-flush: update plpar_get_cpu_characteristics() signature to
  upstream
- SAUCE: update pseries_setup_rfi_flush() capitalization to upstream
- powerpc/pseries: Support firmware disable of RFI flush
- powerpc/powernv: Support firmware disable of RFI flush
- powerpc/64s: Allow control of RFI flush via debugfs
- powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code
- powerpc/rfi-flush: Always enable fallback flush on pseries
- powerpc/rfi-flush: Differentiate enabled and patched flush types
- powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags
- powerpc: Add security feature flags for Spectre/Meltdown
- powerpc/powernv: Set or clear security feature flags
- powerpc/pseries: Set or clear security feature flags
- powerpc/powernv: Use the security flags in pnv_setup_rfi_flush()
- powerpc/pseries: Use the security flags in pseries_setup_rfi_flush()
- powerpc/pseries: Fix clearing of security feature flags
- powerpc: Move default security feature flags
- powerpc/pseries: Restore default security feature flags on setup
- powerpc/64s: Add support for a store forwarding barrier at kernel 
entry/exit

  * CVE-2018-3639 (x86)
- SAUCE: Add X86_FEATURE_ARCH_CAPABILITIES
- SAUCE: x86: Add alternative_msr_write
- x86/nospec: Simplify alternative_msr_write()
- x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
- x86/bugs: Concentrate bug detection into a separate function
- x86/bugs: Concentrate bug reporting into a separate function
- x86/msr: Add definitions for new speculation control MSRs
- x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
- x86/bugs, KVM: Support the combination of guest and host IBRS
- x86/bugs: Expose /sys/../spec_store_bypass
- x86/cpufeatures: Add X86_FEATURE_RDS
- x86/bugs: Provide boot parameters for the spec_store_bypass_disable
  mitigation
- x86/bugs/intel: Set proper CPU features and setup RDS
- x86/bugs: Whitelist allowed SPEC_CTRL MSR values
- x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested
- x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
- x86/speculation: Create spec-ctrl.h to avoid include hell
- prctl: Add speculation control prctls
- x86/process: Allow runtime control of Speculative Store Bypass
- x86/speculation: Add prctl for Speculative Store Bypass mitigation
- nospec: Allow getting/setting on non-current task
- proc: Provide details on speculation flaw mitigations
- seccomp: Enable speculation flaw mitigations
- SAUCE: x86/bugs: Honour SPEC_CTRL default
- x86/bugs: Make boot modes __ro_after_init
- prctl: Add force disable speculation
- seccomp: Use PR_SPEC_FORCE_DISABLE
- seccomp: Add filter flag to opt-out of SSB mitigation
- seccomp: Move speculation migitation control to arch code
- x86/speculation: Make "seccomp" the default mode for Speculative Store
  Bypass
- x86/bugs: Rename _RDS to _SSBD
- proc: Use underscores for SSBD in 'status'
- Documentation/spec_ctrl: Do some minor cleanups
- x86/bugs: Fix __ssb_select_mitigation() return type
- x86/bugs: Make cpu_show_common() static

  * LSM Stacking prctl values should be redefined as to not collide with
upstream prctls (LP: #1769263) // CVE-2018-3639
- SAUCE: LSM stacking: adjust prctl values

linux (4.13.0-42.47) artful; urgency=medium

  * linux: 4.13.0-42.47 -proposed tracker (LP: #1769993)

  * arm64: fix CONFIG_DEBUG_WX address reporting (LP: #1765850)
- arm64: fix CONFIG_DEBUG_WX address reporting

  * HiSilicon HNS NIC names are truncated in /proc/interrupts (LP: #1765977)
- net: hns: Avoid action name truncation

  * CVE-2017-18208
- mm/madvise.c: fix madvise() infinite loop under special circumstances

  * CVE-2018-8822
- staging: ncpfs: memory corruption in ncp_read_kernel()

  * CVE-2017-18203
- dm: fix race between dm_get_from_kobject() and __dm_destroy()

  * CVE-2017-17449
- netlink: Add netns check on taps

  * CVE-2017-17975
- media: usbtv: prevent double free in error case

  * [8086:3e92] display becomes blank after S3 (LP: #1763271)
- drm/i915/edp: Allow alternate fixed mode for eDP if available.
- drm/i915/dp: rename intel_dp_is_edp to intel_dp_is_port_edp
- drm/i915/dp: make is_edp non-static and rename to intel_dp_is_edp
- drm/i915/edp: Do not do link training fallback or prune modes on EDP

  * sky2 gigabit ethernet driver sometimes stops working after lid-open resume
from sleep (88E8055) (LP: #1758507)
- sky2: Increase D3 delay to sky2 stops working after suspend

  * perf vendor events arm64: Enable JSON events for 

[Group.of.nepali.translators] [Bug 1772058] Re: linux-azure-edge headers are broken after change to support scripted rebases

[Launchpad Bug Tracker]

This bug was fixed in the package linux-azure-edge -
4.15.0-1012.12~16.04.2

---
linux-azure-edge (4.15.0-1012.12~16.04.2) xenial; urgency=medium

  * linux-azure-edge headers are broken after change to support scripted
rebases (LP: #1772058)
- [Packaging]: azure-edge: Fix headers packages after switching to scripted
  rebase

linux-azure-edge (4.15.0-1012.12~16.04.1) xenial; urgency=medium

  * linux-image-4.15.0-20-generic install after upgrade from xenial breaks
(LP: #1767133)
- Packaging: Add versioned dependency for linux-base

  [ Ubuntu: 4.15.0-22.24 ]

  * CVE-2018-3639 (powerpc)
- powerpc/64s: Add support for a store forwarding barrier at kernel 
entry/exit
- stf-barrier: set eieio instruction bit 6 for future optimisations
  * CVE-2018-3639 (x86)
- x86/nospec: Simplify alternative_msr_write()
- x86/bugs: Concentrate bug detection into a separate function
- x86/bugs: Concentrate bug reporting into a separate function
- x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
- x86/bugs, KVM: Support the combination of guest and host IBRS
- x86/bugs: Expose /sys/../spec_store_bypass
- x86/cpufeatures: Add X86_FEATURE_RDS
- x86/bugs: Provide boot parameters for the spec_store_bypass_disable
  mitigation
- x86/bugs/intel: Set proper CPU features and setup RDS
- x86/bugs: Whitelist allowed SPEC_CTRL MSR values
- x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested
- x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
- x86/speculation: Create spec-ctrl.h to avoid include hell
- prctl: Add speculation control prctls
- x86/process: Allow runtime control of Speculative Store Bypass
- x86/speculation: Add prctl for Speculative Store Bypass mitigation
- nospec: Allow getting/setting on non-current task
- proc: Provide details on speculation flaw mitigations
- seccomp: Enable speculation flaw mitigations
- x86/bugs: Make boot modes __ro_after_init
- prctl: Add force disable speculation
- seccomp: Use PR_SPEC_FORCE_DISABLE
- seccomp: Add filter flag to opt-out of SSB mitigation
- seccomp: Move speculation migitation control to arch code
- x86/speculation: Make "seccomp" the default mode for Speculative Store
  Bypass
- x86/bugs: Rename _RDS to _SSBD
- proc: Use underscores for SSBD in 'status'
- Documentation/spec_ctrl: Do some minor cleanups
- x86/bugs: Fix __ssb_select_mitigation() return type
- x86/bugs: Make cpu_show_common() static
  * LSM Stacking prctl values should be redefined as to not collide with
upstream prctls (LP: #1769263) // CVE-2018-3639
- SAUCE: LSM stacking: adjust prctl values

  [ Ubuntu: 4.15.0-21.22 ]

  * linux: 4.15.0-21.22 -proposed tracker (LP: #1767397)
  * initramfs-tools exception during pm.DoInstall with  do-release-upgrade from
16.04 to 18.04  (LP: #1766727)
- Add linux-image-* Breaks on s390-tools (<< 2.3.0-0ubuntu3)
  * linux-image-4.15.0-20-generic install after upgrade from xenial breaks
(LP: #1767133)
- Packaging: Depends on linux-base that provides the necessary tools
  * linux-image packages need to Breaks flash-kernel << 3.90ubuntu2
(LP: #1766629)
- linux-image-* breaks on flash-kernel (<< 3.90ubuntu2)

linux-azure (4.15.0-1011.11) bionic; urgency=medium

  * linux-azure: 4.15.0-1011.11 -proposed tracker (LP: #1770294)

  * fsnotify: Fix fsnotify_mark_connector race (LP: #1765564)
- fsnotify: Fix fsnotify_mark_connector race

linux-azure (4.15.0-1009.9) bionic; urgency=medium

  * linux-azure: 4.15.0-1009.9 -proposed tracker (LP: #1766467)

  [ Ubuntu: 4.15.0-20.21 ]

  * linux: 4.15.0-20.21 -proposed tracker (LP: #1766452)
  * package shim-signed (not installed) failed to install/upgrade: installed
shim-signed package post-installation script subprocess returned error exit
status 5 (LP: #1766391)
- [Packaging] fix invocation of header postinst hooks

linux-azure (4.15.0-1008.8) bionic; urgency=medium

  * linux-azure: 4.15.0-1008.8 -proposed tracker (LP: #1766025)

  [ Ubuntu: 4.15.0-19.20 ]

  * linux: 4.15.0-19.20 -proposed tracker (LP: #1766021)
  * Kernel 4.15.0-15 breaks Dell PowerEdge 12th Gen servers (LP: #1765232)
- Revert "blk-mq: simplify queue mapping & schedule with each possisble CPU"
- Revert "genirq/affinity: assign vectors to all possible CPUs"

linux-azure (4.15.0-1007.7) bionic; urgency=medium

  * linux-azure: 4.15.0-1007.7 -proposed tracker (LP: #1765495)

  * Miscellaneous Ubuntu changes
- [Config] updateconfigs after rebase to Ubuntu-4.15.0-18.19
- [Packaging] update flavour-control.stub for signing changes

  [ Ubuntu: 4.15.0-18.19 ]

  * linux: 4.15.0-18.19 -proposed tracker (LP: #1765490)
  * [regression] Ubuntu 18.04:[4.15.0-17-generic #18] KVM Guest Kernel:
meltdown: rfi/fallback displacement flush not enabled bydefault (kvm)
(LP: #1765429)
- powerpc/pseries: Fix clearing of 

[Group.of.nepali.translators] [Bug 1765564] Re: fsnotify: Fix fsnotify_mark_connector race

[Launchpad Bug Tracker]

This bug was fixed in the package linux-azure - 4.15.0-1012.12

---
linux-azure (4.15.0-1012.12) bionic; urgency=medium

  * linux-image-4.15.0-20-generic install after upgrade from xenial breaks
(LP: #1767133)
- Packaging: Add versioned dependency for linux-base

  [ Ubuntu: 4.15.0-22.24 ]

  * CVE-2018-3639 (powerpc)
- powerpc/64s: Add support for a store forwarding barrier at kernel 
entry/exit
- stf-barrier: set eieio instruction bit 6 for future optimisations
  * CVE-2018-3639 (x86)
- x86/nospec: Simplify alternative_msr_write()
- x86/bugs: Concentrate bug detection into a separate function
- x86/bugs: Concentrate bug reporting into a separate function
- x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
- x86/bugs, KVM: Support the combination of guest and host IBRS
- x86/bugs: Expose /sys/../spec_store_bypass
- x86/cpufeatures: Add X86_FEATURE_RDS
- x86/bugs: Provide boot parameters for the spec_store_bypass_disable
  mitigation
- x86/bugs/intel: Set proper CPU features and setup RDS
- x86/bugs: Whitelist allowed SPEC_CTRL MSR values
- x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested
- x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
- x86/speculation: Create spec-ctrl.h to avoid include hell
- prctl: Add speculation control prctls
- x86/process: Allow runtime control of Speculative Store Bypass
- x86/speculation: Add prctl for Speculative Store Bypass mitigation
- nospec: Allow getting/setting on non-current task
- proc: Provide details on speculation flaw mitigations
- seccomp: Enable speculation flaw mitigations
- x86/bugs: Make boot modes __ro_after_init
- prctl: Add force disable speculation
- seccomp: Use PR_SPEC_FORCE_DISABLE
- seccomp: Add filter flag to opt-out of SSB mitigation
- seccomp: Move speculation migitation control to arch code
- x86/speculation: Make "seccomp" the default mode for Speculative Store
  Bypass
- x86/bugs: Rename _RDS to _SSBD
- proc: Use underscores for SSBD in 'status'
- Documentation/spec_ctrl: Do some minor cleanups
- x86/bugs: Fix __ssb_select_mitigation() return type
- x86/bugs: Make cpu_show_common() static
  * LSM Stacking prctl values should be redefined as to not collide with
upstream prctls (LP: #1769263) // CVE-2018-3639
- SAUCE: LSM stacking: adjust prctl values

  [ Ubuntu: 4.15.0-21.22 ]

  * linux: 4.15.0-21.22 -proposed tracker (LP: #1767397)
  * initramfs-tools exception during pm.DoInstall with  do-release-upgrade from
16.04 to 18.04  (LP: #1766727)
- Add linux-image-* Breaks on s390-tools (<< 2.3.0-0ubuntu3)
  * linux-image-4.15.0-20-generic install after upgrade from xenial breaks
(LP: #1767133)
- Packaging: Depends on linux-base that provides the necessary tools
  * linux-image packages need to Breaks flash-kernel << 3.90ubuntu2
(LP: #1766629)
- linux-image-* breaks on flash-kernel (<< 3.90ubuntu2)

linux-azure (4.15.0-1011.11) bionic; urgency=medium

  * linux-azure: 4.15.0-1011.11 -proposed tracker (LP: #1770294)

  * fsnotify: Fix fsnotify_mark_connector race (LP: #1765564)
- fsnotify: Fix fsnotify_mark_connector race

 -- Stefan Bader   Wed, 16 May 2018 18:31:36
+0200

** Changed in: linux-azure (Ubuntu Bionic)
   Status: In Progress => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-3639

** Changed in: linux-azure (Ubuntu Bionic)
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1765564

Title:
  fsnotify: Fix fsnotify_mark_connector race

Status in Linux:
  New
Status in linux-azure package in Ubuntu:
  In Progress
Status in linux-azure source package in Xenial:
  Fix Released
Status in linux-azure source package in Bionic:
  Fix Released

Bug description:
  On Azure we have had sporadic cases of soft lockups in fsnotify that
  may very well be mitigated by the following fix. The LKML thread is
  "kernel panics with 4.14.X".

  This should be applied to 4.13 and 4.15 versions of the linux-azure
  kernel, and possibly the 4.15 generic kernel in bionic as well.

  -

  fsnotify() acquires a reference to a fsnotify_mark_connector through
  the SRCU-protected pointer to_tell->i_fsnotify_marks. However, it
  appears that no precautions are taken in fsnotify_put_mark() to
  ensure that fsnotify() drops its reference to this
  fsnotify_mark_connector before assigning a value to its 'destroy_next'
  field. This can result in fsnotify_put_mark() assigning a value
  to a connector's 'destroy_next' field right before fsnotify() tries to
  traverse the linked list referenced by the connector's 'list' field.
  Since these two fields are members of the same union, 

[Group.of.nepali.translators] [Bug 1765698] Re: Unable to insert test_bpf module on Xenial

[Launchpad Bug Tracker]

This bug was fixed in the package linux - 4.4.0-127.153

---
linux (4.4.0-127.153) xenial; urgency=medium

  * CVE-2018-3639 (powerpc)
- powerpc/pseries: Support firmware disable of RFI flush
- powerpc/powernv: Support firmware disable of RFI flush
- powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code
- powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again
- powerpc/rfi-flush: Always enable fallback flush on pseries
- powerpc/rfi-flush: Differentiate enabled and patched flush types
- powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration
- powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags
- powerpc: Add security feature flags for Spectre/Meltdown
- powerpc/pseries: Set or clear security feature flags
- powerpc/powernv: Set or clear security feature flags
- powerpc/64s: Move cpu_show_meltdown()
- powerpc/64s: Enhance the information in cpu_show_meltdown()
- powerpc/powernv: Use the security flags in pnv_setup_rfi_flush()
- powerpc/pseries: Use the security flags in pseries_setup_rfi_flush()
- powerpc/64s: Wire up cpu_show_spectre_v1()
- powerpc/64s: Wire up cpu_show_spectre_v2()
- powerpc/pseries: Fix clearing of security feature flags
- powerpc: Move default security feature flags
- powerpc/pseries: Restore default security feature flags on setup
- SAUCE: powerpc/64s: Add support for a store forwarding barrier at kernel
  entry/exit

  * CVE-2018-3639 (x86)
- SAUCE: Clean up IBPB and IBRS control functions and macros
- SAUCE: Fix up IBPB and IBRS kernel parameters documentation
- SAUCE: Remove #define X86_FEATURE_PTI
- x86/cpufeature: Move some of the scattered feature bits to x86_capability
- x86/cpufeature: Cleanup get_cpu_cap()
- x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6
- x86/cpufeatures: Add CPUID_7_EDX CPUID leaf
- x86/cpufeatures: Add Intel feature bits for Speculation Control
- SAUCE: x86/kvm: Expose SPEC_CTRL from the leaf
- x86/cpufeatures: Add AMD feature bits for Speculation Control
- x86/msr: Add definitions for new speculation control MSRs
- SAUCE: x86/msr: Rename MSR spec control feature bits
- x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
- x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 
microcodes
- x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) 
support
- x86/speculation: Add  dependency
- x86/cpufeatures: Clean up Spectre v2 related CPUID flags
- x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel
- SAUCE: x86/speculation: Move vendor specific IBRS/IBPB control code
- SAUCE: x86: Add alternative_msr_write
- SAUCE: x86/nospec: Simplify alternative_msr_write()
- SAUCE: x86/bugs: Concentrate bug detection into a separate function
- SAUCE: x86/bugs: Concentrate bug reporting into a separate function
- arch: Introduce post-init read-only memory
- SAUCE: x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
- SAUCE: x86/bugs, KVM: Support the combination of guest and host IBRS
- SAUCE: x86/bugs: Expose /sys/../spec_store_bypass
- SAUCE: x86/cpufeatures: Add X86_FEATURE_RDS
- SAUCE: x86/bugs: Provide boot parameters for the spec_store_bypass_disable
  mitigation
- SAUCE: x86/bugs/intel: Set proper CPU features and setup RDS
- SAUCE: x86/bugs: Whitelist allowed SPEC_CTRL MSR values
- SAUCE: x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if
  requested
- SAUCE: x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
- SAUCE: x86/speculation: Create spec-ctrl.h to avoid include hell
- SAUCE: prctl: Add speculation control prctls
- x86/process: Optimize TIF checks in __switch_to_xtra()
- SAUCE: x86/process: Allow runtime control of Speculative Store Bypass
- SAUCE: x86/speculation: Add prctl for Speculative Store Bypass mitigation
- SAUCE: nospec: Allow getting/setting on non-current task
- SAUCE: proc: Provide details on speculation flaw mitigations
- SAUCE: seccomp: Enable speculation flaw mitigations
- SAUCE: x86/bugs: Honour SPEC_CTRL default
- SAUCE: x86/bugs: Make boot modes __ro_after_init
- SAUCE: prctl: Add force disable speculation
- SAUCE: seccomp: Use PR_SPEC_FORCE_DISABLE
- selftest/seccomp: Fix the flag name SECCOMP_FILTER_FLAG_TSYNC
- SAUCE: seccomp: Add filter flag to opt-out of SSB mitigation
- SAUCE: seccomp: Move speculation migitation control to arch code
- SAUCE: x86/speculation: Make "seccomp" the default mode for Speculative
  Store Bypass
- SAUCE: x86/bugs: Rename _RDS to _SSBD
- SAUCE: proc: Use underscores for SSBD in 'status'
- SAUCE: Documentation/spec_ctrl: Do some minor cleanups
- SAUCE: x86/bugs: Fix __ssb_select_mitigation() return type
- SAUCE: x86/bugs: Make cpu_show_common() static

[Group.of.nepali.translators] [Bug 1766197] Re: Update btusb reset-resume quirk to decrease power usage

[Launchpad Bug Tracker]

This bug was fixed in the package linux-oem - 4.13.0-1028.31

---
linux-oem (4.13.0-1028.31) xenial; urgency=medium

  [ Ubuntu: 4.13.0-43.48 ]

  * CVE-2018-3639 (powerpc)
- SAUCE: rfi-flush: update H_CPU_* macro names to upstream
- SAUCE: rfi-flush: update plpar_get_cpu_characteristics() signature to
  upstream
- SAUCE: update pseries_setup_rfi_flush() capitalization to upstream
- powerpc/pseries: Support firmware disable of RFI flush
- powerpc/powernv: Support firmware disable of RFI flush
- powerpc/64s: Allow control of RFI flush via debugfs
- powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code
- powerpc/rfi-flush: Always enable fallback flush on pseries
- powerpc/rfi-flush: Differentiate enabled and patched flush types
- powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags
- powerpc: Add security feature flags for Spectre/Meltdown
- powerpc/powernv: Set or clear security feature flags
- powerpc/pseries: Set or clear security feature flags
- powerpc/powernv: Use the security flags in pnv_setup_rfi_flush()
- powerpc/pseries: Use the security flags in pseries_setup_rfi_flush()
- powerpc/pseries: Fix clearing of security feature flags
- powerpc: Move default security feature flags
- powerpc/pseries: Restore default security feature flags on setup
- powerpc/64s: Add support for a store forwarding barrier at kernel 
entry/exit
  * CVE-2018-3639 (x86)
- SAUCE: Add X86_FEATURE_ARCH_CAPABILITIES
- SAUCE: x86: Add alternative_msr_write
- x86/nospec: Simplify alternative_msr_write()
- x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
- x86/bugs: Concentrate bug detection into a separate function
- x86/bugs: Concentrate bug reporting into a separate function
- x86/msr: Add definitions for new speculation control MSRs
- x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
- x86/bugs, KVM: Support the combination of guest and host IBRS
- x86/bugs: Expose /sys/../spec_store_bypass
- x86/cpufeatures: Add X86_FEATURE_RDS
- x86/bugs: Provide boot parameters for the spec_store_bypass_disable
  mitigation
- x86/bugs/intel: Set proper CPU features and setup RDS
- x86/bugs: Whitelist allowed SPEC_CTRL MSR values
- x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested
- x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
- x86/speculation: Create spec-ctrl.h to avoid include hell
- prctl: Add speculation control prctls
- x86/process: Allow runtime control of Speculative Store Bypass
- x86/speculation: Add prctl for Speculative Store Bypass mitigation
- nospec: Allow getting/setting on non-current task
- proc: Provide details on speculation flaw mitigations
- seccomp: Enable speculation flaw mitigations
- SAUCE: x86/bugs: Honour SPEC_CTRL default
- x86/bugs: Make boot modes __ro_after_init
- prctl: Add force disable speculation
- seccomp: Use PR_SPEC_FORCE_DISABLE
- seccomp: Add filter flag to opt-out of SSB mitigation
- seccomp: Move speculation migitation control to arch code
- x86/speculation: Make "seccomp" the default mode for Speculative Store
  Bypass
- x86/bugs: Rename _RDS to _SSBD
- proc: Use underscores for SSBD in 'status'
- Documentation/spec_ctrl: Do some minor cleanups
- x86/bugs: Fix __ssb_select_mitigation() return type
- x86/bugs: Make cpu_show_common() static
  * LSM Stacking prctl values should be redefined as to not collide with
upstream prctls (LP: #1769263) // CVE-2018-3639
- SAUCE: LSM stacking: adjust prctl values

linux-oem (4.13.0-1027.30) xenial; urgency=medium

  * linux-oem: 4.13.0-1027.30 -proposed tracker (LP: #1769996)

  * set PINCFG_HEADSET_MIC to parse_flags for Dell precision 3630 (LP: #1766398)
- ALSA: hda/realtek - set PINCFG_HEADSET_MIC to parse_flags

  * Change the location for one of two front mics on a lenovo thinkcentre
machine (LP: #1766477)
- ALSA: hda/realtek - adjust the location of one mic

  * Update btusb reset-resume quirk to decrease power usage (LP: #1766197)
- SAUCE: Revert "usb: quirks: Add reset-resume quirk for Dell DW1820 QCA 
Rome
  Bluetooth"
- Bluetooth: btusb: Use DMI matching for QCA reset_resume quirking
- Bluetooth: btusb: Remove Yoga 920 from the btusb_needs_reset_resume_table
- Bluetooth: btusb: Add Dell OptiPlex 3060 to btusb_needs_reset_resume_table

  * Update Aquantia driver to fix various issues (LP: #1759303)
- SAUCE: Revert "net: aquantia: Reset nic statistics on interface up/down"
- SAUCE: Revert "net: aquantia: Add queue restarts stats counter"
- SAUCE: Revert "net: aquantia: Fixed transient link up/down/up 
notification"
- SAUCE: Revert "net: aquantia: Limit number of MSIX irqs to the number of
  cpus"
- SAUCE: Revert "net: aquantia: mmio unmap was not performed on driver
   

[Group.of.nepali.translators] [Bug 1765564] Re: fsnotify: Fix fsnotify_mark_connector race

[Launchpad Bug Tracker]

This bug was fixed in the package linux-azure - 4.15.0-1012.12

---
linux-azure (4.15.0-1012.12) bionic; urgency=medium

  * linux-image-4.15.0-20-generic install after upgrade from xenial breaks
(LP: #1767133)
- Packaging: Add versioned dependency for linux-base

  [ Ubuntu: 4.15.0-22.24 ]

  * CVE-2018-3639 (powerpc)
- powerpc/64s: Add support for a store forwarding barrier at kernel 
entry/exit
- stf-barrier: set eieio instruction bit 6 for future optimisations
  * CVE-2018-3639 (x86)
- x86/nospec: Simplify alternative_msr_write()
- x86/bugs: Concentrate bug detection into a separate function
- x86/bugs: Concentrate bug reporting into a separate function
- x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
- x86/bugs, KVM: Support the combination of guest and host IBRS
- x86/bugs: Expose /sys/../spec_store_bypass
- x86/cpufeatures: Add X86_FEATURE_RDS
- x86/bugs: Provide boot parameters for the spec_store_bypass_disable
  mitigation
- x86/bugs/intel: Set proper CPU features and setup RDS
- x86/bugs: Whitelist allowed SPEC_CTRL MSR values
- x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested
- x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
- x86/speculation: Create spec-ctrl.h to avoid include hell
- prctl: Add speculation control prctls
- x86/process: Allow runtime control of Speculative Store Bypass
- x86/speculation: Add prctl for Speculative Store Bypass mitigation
- nospec: Allow getting/setting on non-current task
- proc: Provide details on speculation flaw mitigations
- seccomp: Enable speculation flaw mitigations
- x86/bugs: Make boot modes __ro_after_init
- prctl: Add force disable speculation
- seccomp: Use PR_SPEC_FORCE_DISABLE
- seccomp: Add filter flag to opt-out of SSB mitigation
- seccomp: Move speculation migitation control to arch code
- x86/speculation: Make "seccomp" the default mode for Speculative Store
  Bypass
- x86/bugs: Rename _RDS to _SSBD
- proc: Use underscores for SSBD in 'status'
- Documentation/spec_ctrl: Do some minor cleanups
- x86/bugs: Fix __ssb_select_mitigation() return type
- x86/bugs: Make cpu_show_common() static
  * LSM Stacking prctl values should be redefined as to not collide with
upstream prctls (LP: #1769263) // CVE-2018-3639
- SAUCE: LSM stacking: adjust prctl values

  [ Ubuntu: 4.15.0-21.22 ]

  * linux: 4.15.0-21.22 -proposed tracker (LP: #1767397)
  * initramfs-tools exception during pm.DoInstall with  do-release-upgrade from
16.04 to 18.04  (LP: #1766727)
- Add linux-image-* Breaks on s390-tools (<< 2.3.0-0ubuntu3)
  * linux-image-4.15.0-20-generic install after upgrade from xenial breaks
(LP: #1767133)
- Packaging: Depends on linux-base that provides the necessary tools
  * linux-image packages need to Breaks flash-kernel << 3.90ubuntu2
(LP: #1766629)
- linux-image-* breaks on flash-kernel (<< 3.90ubuntu2)

linux-azure (4.15.0-1011.11) bionic; urgency=medium

  * linux-azure: 4.15.0-1011.11 -proposed tracker (LP: #1770294)

  * fsnotify: Fix fsnotify_mark_connector race (LP: #1765564)
- fsnotify: Fix fsnotify_mark_connector race

 -- Stefan Bader   Wed, 16 May 2018 18:31:36
+0200

** Changed in: linux-azure (Ubuntu Xenial)
   Status: In Progress => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-17449

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-17975

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-18203

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-18208

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-8822

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1765564

Title:
  fsnotify: Fix fsnotify_mark_connector race

Status in Linux:
  New
Status in linux-azure package in Ubuntu:
  In Progress
Status in linux-azure source package in Xenial:
  Fix Released
Status in linux-azure source package in Bionic:
  Fix Released

Bug description:
  On Azure we have had sporadic cases of soft lockups in fsnotify that
  may very well be mitigated by the following fix. The LKML thread is
  "kernel panics with 4.14.X".

  This should be applied to 4.13 and 4.15 versions of the linux-azure
  kernel, and possibly the 4.15 generic kernel in bionic as well.

  -

  fsnotify() acquires a reference to a fsnotify_mark_connector through
  the SRCU-protected pointer to_tell->i_fsnotify_marks. However, it
  appears that no precautions are taken in fsnotify_put_mark() to
  ensure that fsnotify() drops its reference to this
  fsnotify_mark_connector before assigning a value to its 'destroy_next'
  field. This can result in fsnotify_put_mark() assigning a 

[Group.of.nepali.translators] [Bug 1763454] Re: bpf_map_lookup_elem: BUG: unable to handle kernel paging request

[Launchpad Bug Tracker]

This bug was fixed in the package linux - 4.4.0-127.153

---
linux (4.4.0-127.153) xenial; urgency=medium

  * CVE-2018-3639 (powerpc)
- powerpc/pseries: Support firmware disable of RFI flush
- powerpc/powernv: Support firmware disable of RFI flush
- powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code
- powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again
- powerpc/rfi-flush: Always enable fallback flush on pseries
- powerpc/rfi-flush: Differentiate enabled and patched flush types
- powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration
- powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags
- powerpc: Add security feature flags for Spectre/Meltdown
- powerpc/pseries: Set or clear security feature flags
- powerpc/powernv: Set or clear security feature flags
- powerpc/64s: Move cpu_show_meltdown()
- powerpc/64s: Enhance the information in cpu_show_meltdown()
- powerpc/powernv: Use the security flags in pnv_setup_rfi_flush()
- powerpc/pseries: Use the security flags in pseries_setup_rfi_flush()
- powerpc/64s: Wire up cpu_show_spectre_v1()
- powerpc/64s: Wire up cpu_show_spectre_v2()
- powerpc/pseries: Fix clearing of security feature flags
- powerpc: Move default security feature flags
- powerpc/pseries: Restore default security feature flags on setup
- SAUCE: powerpc/64s: Add support for a store forwarding barrier at kernel
  entry/exit

  * CVE-2018-3639 (x86)
- SAUCE: Clean up IBPB and IBRS control functions and macros
- SAUCE: Fix up IBPB and IBRS kernel parameters documentation
- SAUCE: Remove #define X86_FEATURE_PTI
- x86/cpufeature: Move some of the scattered feature bits to x86_capability
- x86/cpufeature: Cleanup get_cpu_cap()
- x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6
- x86/cpufeatures: Add CPUID_7_EDX CPUID leaf
- x86/cpufeatures: Add Intel feature bits for Speculation Control
- SAUCE: x86/kvm: Expose SPEC_CTRL from the leaf
- x86/cpufeatures: Add AMD feature bits for Speculation Control
- x86/msr: Add definitions for new speculation control MSRs
- SAUCE: x86/msr: Rename MSR spec control feature bits
- x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
- x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 
microcodes
- x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) 
support
- x86/speculation: Add  dependency
- x86/cpufeatures: Clean up Spectre v2 related CPUID flags
- x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel
- SAUCE: x86/speculation: Move vendor specific IBRS/IBPB control code
- SAUCE: x86: Add alternative_msr_write
- SAUCE: x86/nospec: Simplify alternative_msr_write()
- SAUCE: x86/bugs: Concentrate bug detection into a separate function
- SAUCE: x86/bugs: Concentrate bug reporting into a separate function
- arch: Introduce post-init read-only memory
- SAUCE: x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
- SAUCE: x86/bugs, KVM: Support the combination of guest and host IBRS
- SAUCE: x86/bugs: Expose /sys/../spec_store_bypass
- SAUCE: x86/cpufeatures: Add X86_FEATURE_RDS
- SAUCE: x86/bugs: Provide boot parameters for the spec_store_bypass_disable
  mitigation
- SAUCE: x86/bugs/intel: Set proper CPU features and setup RDS
- SAUCE: x86/bugs: Whitelist allowed SPEC_CTRL MSR values
- SAUCE: x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if
  requested
- SAUCE: x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
- SAUCE: x86/speculation: Create spec-ctrl.h to avoid include hell
- SAUCE: prctl: Add speculation control prctls
- x86/process: Optimize TIF checks in __switch_to_xtra()
- SAUCE: x86/process: Allow runtime control of Speculative Store Bypass
- SAUCE: x86/speculation: Add prctl for Speculative Store Bypass mitigation
- SAUCE: nospec: Allow getting/setting on non-current task
- SAUCE: proc: Provide details on speculation flaw mitigations
- SAUCE: seccomp: Enable speculation flaw mitigations
- SAUCE: x86/bugs: Honour SPEC_CTRL default
- SAUCE: x86/bugs: Make boot modes __ro_after_init
- SAUCE: prctl: Add force disable speculation
- SAUCE: seccomp: Use PR_SPEC_FORCE_DISABLE
- selftest/seccomp: Fix the flag name SECCOMP_FILTER_FLAG_TSYNC
- SAUCE: seccomp: Add filter flag to opt-out of SSB mitigation
- SAUCE: seccomp: Move speculation migitation control to arch code
- SAUCE: x86/speculation: Make "seccomp" the default mode for Speculative
  Store Bypass
- SAUCE: x86/bugs: Rename _RDS to _SSBD
- SAUCE: proc: Use underscores for SSBD in 'status'
- SAUCE: Documentation/spec_ctrl: Do some minor cleanups
- SAUCE: x86/bugs: Fix __ssb_select_mitigation() return type
- SAUCE: x86/bugs: Make cpu_show_common() static

[Group.of.nepali.translators] [Bug 1761534] Re: "ip a" command on a guest VM shows UNKNOWN status

[Launchpad Bug Tracker]

This bug was fixed in the package linux - 4.4.0-127.153

---
linux (4.4.0-127.153) xenial; urgency=medium

  * CVE-2018-3639 (powerpc)
- powerpc/pseries: Support firmware disable of RFI flush
- powerpc/powernv: Support firmware disable of RFI flush
- powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code
- powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again
- powerpc/rfi-flush: Always enable fallback flush on pseries
- powerpc/rfi-flush: Differentiate enabled and patched flush types
- powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration
- powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags
- powerpc: Add security feature flags for Spectre/Meltdown
- powerpc/pseries: Set or clear security feature flags
- powerpc/powernv: Set or clear security feature flags
- powerpc/64s: Move cpu_show_meltdown()
- powerpc/64s: Enhance the information in cpu_show_meltdown()
- powerpc/powernv: Use the security flags in pnv_setup_rfi_flush()
- powerpc/pseries: Use the security flags in pseries_setup_rfi_flush()
- powerpc/64s: Wire up cpu_show_spectre_v1()
- powerpc/64s: Wire up cpu_show_spectre_v2()
- powerpc/pseries: Fix clearing of security feature flags
- powerpc: Move default security feature flags
- powerpc/pseries: Restore default security feature flags on setup
- SAUCE: powerpc/64s: Add support for a store forwarding barrier at kernel
  entry/exit

  * CVE-2018-3639 (x86)
- SAUCE: Clean up IBPB and IBRS control functions and macros
- SAUCE: Fix up IBPB and IBRS kernel parameters documentation
- SAUCE: Remove #define X86_FEATURE_PTI
- x86/cpufeature: Move some of the scattered feature bits to x86_capability
- x86/cpufeature: Cleanup get_cpu_cap()
- x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6
- x86/cpufeatures: Add CPUID_7_EDX CPUID leaf
- x86/cpufeatures: Add Intel feature bits for Speculation Control
- SAUCE: x86/kvm: Expose SPEC_CTRL from the leaf
- x86/cpufeatures: Add AMD feature bits for Speculation Control
- x86/msr: Add definitions for new speculation control MSRs
- SAUCE: x86/msr: Rename MSR spec control feature bits
- x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
- x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 
microcodes
- x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) 
support
- x86/speculation: Add  dependency
- x86/cpufeatures: Clean up Spectre v2 related CPUID flags
- x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel
- SAUCE: x86/speculation: Move vendor specific IBRS/IBPB control code
- SAUCE: x86: Add alternative_msr_write
- SAUCE: x86/nospec: Simplify alternative_msr_write()
- SAUCE: x86/bugs: Concentrate bug detection into a separate function
- SAUCE: x86/bugs: Concentrate bug reporting into a separate function
- arch: Introduce post-init read-only memory
- SAUCE: x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
- SAUCE: x86/bugs, KVM: Support the combination of guest and host IBRS
- SAUCE: x86/bugs: Expose /sys/../spec_store_bypass
- SAUCE: x86/cpufeatures: Add X86_FEATURE_RDS
- SAUCE: x86/bugs: Provide boot parameters for the spec_store_bypass_disable
  mitigation
- SAUCE: x86/bugs/intel: Set proper CPU features and setup RDS
- SAUCE: x86/bugs: Whitelist allowed SPEC_CTRL MSR values
- SAUCE: x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if
  requested
- SAUCE: x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
- SAUCE: x86/speculation: Create spec-ctrl.h to avoid include hell
- SAUCE: prctl: Add speculation control prctls
- x86/process: Optimize TIF checks in __switch_to_xtra()
- SAUCE: x86/process: Allow runtime control of Speculative Store Bypass
- SAUCE: x86/speculation: Add prctl for Speculative Store Bypass mitigation
- SAUCE: nospec: Allow getting/setting on non-current task
- SAUCE: proc: Provide details on speculation flaw mitigations
- SAUCE: seccomp: Enable speculation flaw mitigations
- SAUCE: x86/bugs: Honour SPEC_CTRL default
- SAUCE: x86/bugs: Make boot modes __ro_after_init
- SAUCE: prctl: Add force disable speculation
- SAUCE: seccomp: Use PR_SPEC_FORCE_DISABLE
- selftest/seccomp: Fix the flag name SECCOMP_FILTER_FLAG_TSYNC
- SAUCE: seccomp: Add filter flag to opt-out of SSB mitigation
- SAUCE: seccomp: Move speculation migitation control to arch code
- SAUCE: x86/speculation: Make "seccomp" the default mode for Speculative
  Store Bypass
- SAUCE: x86/bugs: Rename _RDS to _SSBD
- SAUCE: proc: Use underscores for SSBD in 'status'
- SAUCE: Documentation/spec_ctrl: Do some minor cleanups
- SAUCE: x86/bugs: Fix __ssb_select_mitigation() return type
- SAUCE: x86/bugs: Make cpu_show_common() static

[Group.of.nepali.translators] [Bug 1756866] Re: Xenial update to 4.4.118 stable release

[Launchpad Bug Tracker]

This bug was fixed in the package linux - 4.4.0-127.153

---
linux (4.4.0-127.153) xenial; urgency=medium

  * CVE-2018-3639 (powerpc)
- powerpc/pseries: Support firmware disable of RFI flush
- powerpc/powernv: Support firmware disable of RFI flush
- powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code
- powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again
- powerpc/rfi-flush: Always enable fallback flush on pseries
- powerpc/rfi-flush: Differentiate enabled and patched flush types
- powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration
- powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags
- powerpc: Add security feature flags for Spectre/Meltdown
- powerpc/pseries: Set or clear security feature flags
- powerpc/powernv: Set or clear security feature flags
- powerpc/64s: Move cpu_show_meltdown()
- powerpc/64s: Enhance the information in cpu_show_meltdown()
- powerpc/powernv: Use the security flags in pnv_setup_rfi_flush()
- powerpc/pseries: Use the security flags in pseries_setup_rfi_flush()
- powerpc/64s: Wire up cpu_show_spectre_v1()
- powerpc/64s: Wire up cpu_show_spectre_v2()
- powerpc/pseries: Fix clearing of security feature flags
- powerpc: Move default security feature flags
- powerpc/pseries: Restore default security feature flags on setup
- SAUCE: powerpc/64s: Add support for a store forwarding barrier at kernel
  entry/exit

  * CVE-2018-3639 (x86)
- SAUCE: Clean up IBPB and IBRS control functions and macros
- SAUCE: Fix up IBPB and IBRS kernel parameters documentation
- SAUCE: Remove #define X86_FEATURE_PTI
- x86/cpufeature: Move some of the scattered feature bits to x86_capability
- x86/cpufeature: Cleanup get_cpu_cap()
- x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6
- x86/cpufeatures: Add CPUID_7_EDX CPUID leaf
- x86/cpufeatures: Add Intel feature bits for Speculation Control
- SAUCE: x86/kvm: Expose SPEC_CTRL from the leaf
- x86/cpufeatures: Add AMD feature bits for Speculation Control
- x86/msr: Add definitions for new speculation control MSRs
- SAUCE: x86/msr: Rename MSR spec control feature bits
- x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
- x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 
microcodes
- x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) 
support
- x86/speculation: Add  dependency
- x86/cpufeatures: Clean up Spectre v2 related CPUID flags
- x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel
- SAUCE: x86/speculation: Move vendor specific IBRS/IBPB control code
- SAUCE: x86: Add alternative_msr_write
- SAUCE: x86/nospec: Simplify alternative_msr_write()
- SAUCE: x86/bugs: Concentrate bug detection into a separate function
- SAUCE: x86/bugs: Concentrate bug reporting into a separate function
- arch: Introduce post-init read-only memory
- SAUCE: x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
- SAUCE: x86/bugs, KVM: Support the combination of guest and host IBRS
- SAUCE: x86/bugs: Expose /sys/../spec_store_bypass
- SAUCE: x86/cpufeatures: Add X86_FEATURE_RDS
- SAUCE: x86/bugs: Provide boot parameters for the spec_store_bypass_disable
  mitigation
- SAUCE: x86/bugs/intel: Set proper CPU features and setup RDS
- SAUCE: x86/bugs: Whitelist allowed SPEC_CTRL MSR values
- SAUCE: x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if
  requested
- SAUCE: x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
- SAUCE: x86/speculation: Create spec-ctrl.h to avoid include hell
- SAUCE: prctl: Add speculation control prctls
- x86/process: Optimize TIF checks in __switch_to_xtra()
- SAUCE: x86/process: Allow runtime control of Speculative Store Bypass
- SAUCE: x86/speculation: Add prctl for Speculative Store Bypass mitigation
- SAUCE: nospec: Allow getting/setting on non-current task
- SAUCE: proc: Provide details on speculation flaw mitigations
- SAUCE: seccomp: Enable speculation flaw mitigations
- SAUCE: x86/bugs: Honour SPEC_CTRL default
- SAUCE: x86/bugs: Make boot modes __ro_after_init
- SAUCE: prctl: Add force disable speculation
- SAUCE: seccomp: Use PR_SPEC_FORCE_DISABLE
- selftest/seccomp: Fix the flag name SECCOMP_FILTER_FLAG_TSYNC
- SAUCE: seccomp: Add filter flag to opt-out of SSB mitigation
- SAUCE: seccomp: Move speculation migitation control to arch code
- SAUCE: x86/speculation: Make "seccomp" the default mode for Speculative
  Store Bypass
- SAUCE: x86/bugs: Rename _RDS to _SSBD
- SAUCE: proc: Use underscores for SSBD in 'status'
- SAUCE: Documentation/spec_ctrl: Do some minor cleanups
- SAUCE: x86/bugs: Fix __ssb_select_mitigation() return type
- SAUCE: x86/bugs: Make cpu_show_common() static

[Group.of.nepali.translators] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu

[Launchpad Bug Tracker]

This bug was fixed in the package linux-meta-oem - 4.15.0.1006.8

---
linux-meta-oem (4.15.0.1006.8) bionic; urgency=medium

  * Bump ABI 4.15.0-1006

linux-meta-oem (4.15.0.1005.7) bionic; urgency=medium

  * need to ensure microcode updates are available to all bare-metal installs of
Ubuntu (LP: #1738259)
- Make kernel image packages depend on cpu microcode updates

linux-meta-oem (4.15.0.1005.6) bionic; urgency=medium

  * Bump ABI 4.15.0-1005

 -- Stefan Bader   Fri, 18 May 2018 09:13:24
+0200

** Changed in: linux-meta-oem (Ubuntu)
   Status: Invalid => Fix Released

** Changed in: linux-meta-oem (Ubuntu Xenial)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1738259

Title:
  need to ensure microcode updates are available to all bare-metal
  installs of Ubuntu

Status in linux-meta package in Ubuntu:
  Triaged
Status in linux-meta-hwe package in Ubuntu:
  New
Status in linux-meta-hwe-edge package in Ubuntu:
  New
Status in linux-meta-lts-xenial package in Ubuntu:
  Fix Released
Status in linux-meta-oem package in Ubuntu:
  Fix Released
Status in linux-meta source package in Precise:
  New
Status in linux-meta source package in Trusty:
  Fix Released
Status in linux-meta source package in Xenial:
  Fix Released
Status in linux-meta-hwe source package in Xenial:
  Fix Released
Status in linux-meta-hwe-edge source package in Xenial:
  Fix Released
Status in linux-meta-lts-xenial source package in Xenial:
  Fix Committed
Status in linux-meta-oem source package in Xenial:
  Fix Released
Status in linux-meta source package in Zesty:
  Invalid
Status in linux-meta source package in Artful:
  Fix Released
Status in linux-meta source package in Bionic:
  Triaged

Bug description:
  From time to time, CPU vendors release updates to microcode that can
  be loaded into the CPU from the OS.  For x86, we have these updates
  available in the archive as amd64-microcode and intel-microcode.

  Sometimes, these microcode updates have addressed security issues with
  the CPU.  They almost certainly will again in the future.

  We should ensure that all users of Ubuntu on baremetal x86 receive
  these security updates, and have them applied to the CPU in early boot
  where at all feasible.

  Because these are hardware-dependent packages which we don't want to
  install except on baremetal (so: not in VMs or containers), the
  logical place to pull them into the system is via the kernel, so that
  only the kernel baremetal flavors pull them in.  This is analogous to
  linux-firmware, which is already a dependency of the linux-
  image-{lowlatency,generic} metapackages, and whose contents are
  applied to the hardware by the kernel similar to microcode.

  So, please update the linux-image-{lowlatency,generic} metapackages to
  add a dependency on amd64-microcode [amd64], intel-microcode [amd64],
  and the corresponding hwe metapackages also.

  Please time this change to coincide with the next updates of the
  microcode packages in the archive.

  I believe we will also need to promote the *-microcode packages to
  main from restricted as part of this (again, by analogy with linux-
  firmware).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1755627] Re: ibrs/ibpb fixes result in excessive kernel logging

[Launchpad Bug Tracker]

This bug was fixed in the package linux - 4.13.0-43.48

---
linux (4.13.0-43.48) artful; urgency=medium

  * CVE-2018-3639 (powerpc)
- SAUCE: rfi-flush: update H_CPU_* macro names to upstream
- SAUCE: rfi-flush: update plpar_get_cpu_characteristics() signature to
  upstream
- SAUCE: update pseries_setup_rfi_flush() capitalization to upstream
- powerpc/pseries: Support firmware disable of RFI flush
- powerpc/powernv: Support firmware disable of RFI flush
- powerpc/64s: Allow control of RFI flush via debugfs
- powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code
- powerpc/rfi-flush: Always enable fallback flush on pseries
- powerpc/rfi-flush: Differentiate enabled and patched flush types
- powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags
- powerpc: Add security feature flags for Spectre/Meltdown
- powerpc/powernv: Set or clear security feature flags
- powerpc/pseries: Set or clear security feature flags
- powerpc/powernv: Use the security flags in pnv_setup_rfi_flush()
- powerpc/pseries: Use the security flags in pseries_setup_rfi_flush()
- powerpc/pseries: Fix clearing of security feature flags
- powerpc: Move default security feature flags
- powerpc/pseries: Restore default security feature flags on setup
- powerpc/64s: Add support for a store forwarding barrier at kernel 
entry/exit

  * CVE-2018-3639 (x86)
- SAUCE: Add X86_FEATURE_ARCH_CAPABILITIES
- SAUCE: x86: Add alternative_msr_write
- x86/nospec: Simplify alternative_msr_write()
- x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
- x86/bugs: Concentrate bug detection into a separate function
- x86/bugs: Concentrate bug reporting into a separate function
- x86/msr: Add definitions for new speculation control MSRs
- x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
- x86/bugs, KVM: Support the combination of guest and host IBRS
- x86/bugs: Expose /sys/../spec_store_bypass
- x86/cpufeatures: Add X86_FEATURE_RDS
- x86/bugs: Provide boot parameters for the spec_store_bypass_disable
  mitigation
- x86/bugs/intel: Set proper CPU features and setup RDS
- x86/bugs: Whitelist allowed SPEC_CTRL MSR values
- x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested
- x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
- x86/speculation: Create spec-ctrl.h to avoid include hell
- prctl: Add speculation control prctls
- x86/process: Allow runtime control of Speculative Store Bypass
- x86/speculation: Add prctl for Speculative Store Bypass mitigation
- nospec: Allow getting/setting on non-current task
- proc: Provide details on speculation flaw mitigations
- seccomp: Enable speculation flaw mitigations
- SAUCE: x86/bugs: Honour SPEC_CTRL default
- x86/bugs: Make boot modes __ro_after_init
- prctl: Add force disable speculation
- seccomp: Use PR_SPEC_FORCE_DISABLE
- seccomp: Add filter flag to opt-out of SSB mitigation
- seccomp: Move speculation migitation control to arch code
- x86/speculation: Make "seccomp" the default mode for Speculative Store
  Bypass
- x86/bugs: Rename _RDS to _SSBD
- proc: Use underscores for SSBD in 'status'
- Documentation/spec_ctrl: Do some minor cleanups
- x86/bugs: Fix __ssb_select_mitigation() return type
- x86/bugs: Make cpu_show_common() static

  * LSM Stacking prctl values should be redefined as to not collide with
upstream prctls (LP: #1769263) // CVE-2018-3639
- SAUCE: LSM stacking: adjust prctl values

linux (4.13.0-42.47) artful; urgency=medium

  * linux: 4.13.0-42.47 -proposed tracker (LP: #1769993)

  * arm64: fix CONFIG_DEBUG_WX address reporting (LP: #1765850)
- arm64: fix CONFIG_DEBUG_WX address reporting

  * HiSilicon HNS NIC names are truncated in /proc/interrupts (LP: #1765977)
- net: hns: Avoid action name truncation

  * CVE-2017-18208
- mm/madvise.c: fix madvise() infinite loop under special circumstances

  * CVE-2018-8822
- staging: ncpfs: memory corruption in ncp_read_kernel()

  * CVE-2017-18203
- dm: fix race between dm_get_from_kobject() and __dm_destroy()

  * CVE-2017-17449
- netlink: Add netns check on taps

  * CVE-2017-17975
- media: usbtv: prevent double free in error case

  * [8086:3e92] display becomes blank after S3 (LP: #1763271)
- drm/i915/edp: Allow alternate fixed mode for eDP if available.
- drm/i915/dp: rename intel_dp_is_edp to intel_dp_is_port_edp
- drm/i915/dp: make is_edp non-static and rename to intel_dp_is_edp
- drm/i915/edp: Do not do link training fallback or prune modes on EDP

  * sky2 gigabit ethernet driver sometimes stops working after lid-open resume
from sleep (88E8055) (LP: #1758507)
- sky2: Increase D3 delay to sky2 stops working after suspend

  * perf vendor events arm64: Enable JSON events for 

[Group.of.nepali.translators] [Bug 1761534] Re: "ip a" command on a guest VM shows UNKNOWN status

[Launchpad Bug Tracker]

This bug was fixed in the package linux - 3.13.0-149.199

---
linux (3.13.0-149.199) trusty; urgency=medium

  * CVE-2018-3639 (powerpc)
- SAUCE: rfi-flush: update H_CPU_* macro names to upstream
- SAUCE: rfi-flush: update plpar_get_cpu_characteristics() signature to
  upstream
- powerpc/pseries: Support firmware disable of RFI flush
- powerpc/powernv: Support firmware disable of RFI flush
- powerpc/64s: Allow control of RFI flush via debugfs
- powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code
- powerpc/rfi-flush: Always enable fallback flush on pseries
- powerpc/rfi-flush: Differentiate enabled and patched flush types
- powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags
- powerpc: Add security feature flags for Spectre/Meltdown
- powerpc/pseries: Set or clear security feature flags
- powerpc/powernv: Set or clear security feature flags
- powerpc/powernv: Use the security flags in pnv_setup_rfi_flush()
- powerpc/pseries: Use the security flags in pseries_setup_rfi_flush()
- powerpc/pseries: Fix clearing of security feature flags
- powerpc: Move default security feature flags
- powerpc/pseries: Restore default security feature flags on setup
- powerpc/64s: Add support for a store forwarding barrier at kernel 
entry/exit
- SAUCE: powerpc/64s: Move the data access exception out-of-line

  * CVE-2018-3639 (x86)
- arch: Introduce post-init read-only memory
- SAUCE: Add X86_FEATURE_ARCH_CAPABILITIES
- SAUCE: x86: Add alternative_msr_write
- x86/nospec: Simplify alternative_msr_write()
- x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
- x86/bugs: Concentrate bug detection into a separate function
- x86/bugs: Concentrate bug reporting into a separate function
- x86/msr: Add definitions for new speculation control MSRs
- x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
- x86/bugs, KVM: Support the combination of guest and host IBRS
- x86/bugs: Expose /sys/../spec_store_bypass
- x86/cpufeatures: Add X86_FEATURE_RDS
- x86/bugs: Provide boot parameters for the spec_store_bypass_disable
  mitigation
- x86/bugs/intel: Set proper CPU features and setup RDS
- x86/bugs: Whitelist allowed SPEC_CTRL MSR values
- x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested
- x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
- x86/speculation: Create spec-ctrl.h to avoid include hell
- prctl: Add speculation control prctls
- x86/process: Allow runtime control of Speculative Store Bypass
- x86/speculation: Add prctl for Speculative Store Bypass mitigation
- nospec: Allow getting/setting on non-current task
- proc: Provide details on speculation flaw mitigations
- seccomp: Enable speculation flaw mitigations
- SAUCE: x86/bugs: Honour SPEC_CTRL default
- x86/bugs: Make boot modes __ro_after_init
- prctl: Add force disable speculation
- seccomp: Use PR_SPEC_FORCE_DISABLE
- seccomp: Add filter flag to opt-out of SSB mitigation
- seccomp: Move speculation migitation control to arch code
- x86/speculation: Make "seccomp" the default mode for Speculative Store
  Bypass
- x86/bugs: Rename _RDS to _SSBD
- proc: Use underscores for SSBD in 'status'
- Documentation/spec_ctrl: Do some minor cleanups
- x86/bugs: Fix __ssb_select_mitigation() return type
- x86/bugs: Make cpu_show_common() static

linux (3.13.0-148.197) trusty; urgency=medium

  * linux: 3.13.0-148.197 -proposed tracker (LP: #1769077)

  * CVE-2017-18208
- mm/madvise.c: fix madvise() infinite loop under special circumstances

  * CVE-2018-8822
- staging: ncpfs: memory corruption in ncp_read_kernel()

  * CVE-2017-18221
- mlock: fix mlock count can not decrease in race condition

  * CVE-2017-12134
- xen: fix bio vec merging

  * CVE-2017-18203
- dm: fix race between dm_get_from_kobject() and __dm_destroy()

  * CVE-2017-17449
- netlink: Add netns check on taps

  * CVE-2017-13220
- Bluetooth: hidp_connection_add() unsafe use of l2cap_pi()

  * CVE-2017-18204
- ocfs2: should wait dio before inode lock in ocfs2_setattr()

  * CVE-2017-13305
- KEYS: encrypted: fix buffer overread in valid_master_desc()

  * CVE-2017-18079
- Input: i8042 - fix crash at boot time

  * "ip a" command on a guest VM shows UNKNOWN status (LP: #1761534)
- virtio-net: Fix operstate for virtio when no VIRTIO_NET_F_STATUS

  * ibrs/ibpb fixes result in excessive kernel logging  (LP: #1755627)
- SAUCE: remove ibrs_dump sysctl interface

 -- Stefan Bader   Mon, 14 May 2018 16:58:50
+0200

** Changed in: linux (Ubuntu Trusty)
   Status: Fix Committed => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-12134

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-13220

[Group.of.nepali.translators] [Bug 1755627] Re: ibrs/ibpb fixes result in excessive kernel logging

[Launchpad Bug Tracker]

This bug was fixed in the package linux - 3.13.0-149.199

---
linux (3.13.0-149.199) trusty; urgency=medium

  * CVE-2018-3639 (powerpc)
- SAUCE: rfi-flush: update H_CPU_* macro names to upstream
- SAUCE: rfi-flush: update plpar_get_cpu_characteristics() signature to
  upstream
- powerpc/pseries: Support firmware disable of RFI flush
- powerpc/powernv: Support firmware disable of RFI flush
- powerpc/64s: Allow control of RFI flush via debugfs
- powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code
- powerpc/rfi-flush: Always enable fallback flush on pseries
- powerpc/rfi-flush: Differentiate enabled and patched flush types
- powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags
- powerpc: Add security feature flags for Spectre/Meltdown
- powerpc/pseries: Set or clear security feature flags
- powerpc/powernv: Set or clear security feature flags
- powerpc/powernv: Use the security flags in pnv_setup_rfi_flush()
- powerpc/pseries: Use the security flags in pseries_setup_rfi_flush()
- powerpc/pseries: Fix clearing of security feature flags
- powerpc: Move default security feature flags
- powerpc/pseries: Restore default security feature flags on setup
- powerpc/64s: Add support for a store forwarding barrier at kernel 
entry/exit
- SAUCE: powerpc/64s: Move the data access exception out-of-line

  * CVE-2018-3639 (x86)
- arch: Introduce post-init read-only memory
- SAUCE: Add X86_FEATURE_ARCH_CAPABILITIES
- SAUCE: x86: Add alternative_msr_write
- x86/nospec: Simplify alternative_msr_write()
- x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
- x86/bugs: Concentrate bug detection into a separate function
- x86/bugs: Concentrate bug reporting into a separate function
- x86/msr: Add definitions for new speculation control MSRs
- x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
- x86/bugs, KVM: Support the combination of guest and host IBRS
- x86/bugs: Expose /sys/../spec_store_bypass
- x86/cpufeatures: Add X86_FEATURE_RDS
- x86/bugs: Provide boot parameters for the spec_store_bypass_disable
  mitigation
- x86/bugs/intel: Set proper CPU features and setup RDS
- x86/bugs: Whitelist allowed SPEC_CTRL MSR values
- x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested
- x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
- x86/speculation: Create spec-ctrl.h to avoid include hell
- prctl: Add speculation control prctls
- x86/process: Allow runtime control of Speculative Store Bypass
- x86/speculation: Add prctl for Speculative Store Bypass mitigation
- nospec: Allow getting/setting on non-current task
- proc: Provide details on speculation flaw mitigations
- seccomp: Enable speculation flaw mitigations
- SAUCE: x86/bugs: Honour SPEC_CTRL default
- x86/bugs: Make boot modes __ro_after_init
- prctl: Add force disable speculation
- seccomp: Use PR_SPEC_FORCE_DISABLE
- seccomp: Add filter flag to opt-out of SSB mitigation
- seccomp: Move speculation migitation control to arch code
- x86/speculation: Make "seccomp" the default mode for Speculative Store
  Bypass
- x86/bugs: Rename _RDS to _SSBD
- proc: Use underscores for SSBD in 'status'
- Documentation/spec_ctrl: Do some minor cleanups
- x86/bugs: Fix __ssb_select_mitigation() return type
- x86/bugs: Make cpu_show_common() static

linux (3.13.0-148.197) trusty; urgency=medium

  * linux: 3.13.0-148.197 -proposed tracker (LP: #1769077)

  * CVE-2017-18208
- mm/madvise.c: fix madvise() infinite loop under special circumstances

  * CVE-2018-8822
- staging: ncpfs: memory corruption in ncp_read_kernel()

  * CVE-2017-18221
- mlock: fix mlock count can not decrease in race condition

  * CVE-2017-12134
- xen: fix bio vec merging

  * CVE-2017-18203
- dm: fix race between dm_get_from_kobject() and __dm_destroy()

  * CVE-2017-17449
- netlink: Add netns check on taps

  * CVE-2017-13220
- Bluetooth: hidp_connection_add() unsafe use of l2cap_pi()

  * CVE-2017-18204
- ocfs2: should wait dio before inode lock in ocfs2_setattr()

  * CVE-2017-13305
- KEYS: encrypted: fix buffer overread in valid_master_desc()

  * CVE-2017-18079
- Input: i8042 - fix crash at boot time

  * "ip a" command on a guest VM shows UNKNOWN status (LP: #1761534)
- virtio-net: Fix operstate for virtio when no VIRTIO_NET_F_STATUS

  * ibrs/ibpb fixes result in excessive kernel logging  (LP: #1755627)
- SAUCE: remove ibrs_dump sysctl interface

 -- Stefan Bader   Mon, 14 May 2018 16:58:50
+0200

** Changed in: linux (Ubuntu Xenial)
   Status: Fix Committed => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-16995

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-17862

[Group.of.nepali.translators] [Bug 1657682] Re: Support latest Redpine WLAN/BT RS9113 driver

[Launchpad Bug Tracker]

This bug was fixed in the package linux-oem - 4.15.0-1006.9

---
linux-oem (4.15.0-1006.9) bionic; urgency=medium

  * linux-image-4.15.0-20-generic install after upgrade from xenial breaks
(LP: #1767133)
- Packaging: Depends on linux-base that provides the necessary tools

  [ Ubuntu: 4.15.0-22.24 ]

  * CVE-2018-3639 (powerpc)
- powerpc/64s: Add support for a store forwarding barrier at kernel 
entry/exit
- stf-barrier: set eieio instruction bit 6 for future optimisations
  * CVE-2018-3639 (x86)
- x86/nospec: Simplify alternative_msr_write()
- x86/bugs: Concentrate bug detection into a separate function
- x86/bugs: Concentrate bug reporting into a separate function
- x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
- x86/bugs, KVM: Support the combination of guest and host IBRS
- x86/bugs: Expose /sys/../spec_store_bypass
- x86/cpufeatures: Add X86_FEATURE_RDS
- x86/bugs: Provide boot parameters for the spec_store_bypass_disable
  mitigation
- x86/bugs/intel: Set proper CPU features and setup RDS
- x86/bugs: Whitelist allowed SPEC_CTRL MSR values
- x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested
- x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
- x86/speculation: Create spec-ctrl.h to avoid include hell
- prctl: Add speculation control prctls
- x86/process: Allow runtime control of Speculative Store Bypass
- x86/speculation: Add prctl for Speculative Store Bypass mitigation
- nospec: Allow getting/setting on non-current task
- proc: Provide details on speculation flaw mitigations
- seccomp: Enable speculation flaw mitigations
- x86/bugs: Make boot modes __ro_after_init
- prctl: Add force disable speculation
- seccomp: Use PR_SPEC_FORCE_DISABLE
- seccomp: Add filter flag to opt-out of SSB mitigation
- seccomp: Move speculation migitation control to arch code
- x86/speculation: Make "seccomp" the default mode for Speculative Store
  Bypass
- x86/bugs: Rename _RDS to _SSBD
- proc: Use underscores for SSBD in 'status'
- Documentation/spec_ctrl: Do some minor cleanups
- x86/bugs: Fix __ssb_select_mitigation() return type
- x86/bugs: Make cpu_show_common() static
  * LSM Stacking prctl values should be redefined as to not collide with
upstream prctls (LP: #1769263) // CVE-2018-3639
- SAUCE: LSM stacking: adjust prctl values

linux-oem (4.15.0-1005.8) bionic; urgency=medium

  * linux-oem: 4.15.0-1005.8 -proposed tracker (LP: #1767398)
- source built with a clean tree

  * [i915 CNL-Y] system hangs soon after bootup (LP: #1769843)
- SAUCE: drm/i915/execlists: Use rmb() to order CSB reads

  * hts221 sensor stops working after resume from S3/S4 (LP: #1769658)
- SAUCE: iio: humidity: hts221: Fix sensor reads after resume

  * Support Intel Atom (Baytrail-I) HS-UART serdev slaves over tty
(LP: #1769610)
- serdev: ttyport: release tty lock sooner on open
- serdev: ttyport: ignore carrier detect to avoid hangups
- serdev: ttyport: do not used keyed wakeup in write_wakeup
- serdev: Make .remove in struct serdev_device_driver optional
- serdev: Introduce devm_serdev_device_open()
- serdev: do not generate modaliases for controllers
- serdev: only match serdev devices
- serdev: add method to set parity
- SAUCE: (no-up) Support HS-UART serdev slaves over tty
- [Config] CONFIG_HSUART_SERIAL_DEVICE=y

  * Support latest Redpine WLAN/BT RS9113 driver (LP: #1657682)
- SAUCE: rsi: add rx control block to handle rx packets in USB
- SAUCE: rsi: add bluetooth rx endpoint
- SAUCE: rsi: add header file rsi_91x
- SAUCE: rsi: add coex support
- SAUCE: Bluetooth: bt: rsi: add new rsi bluetooth driver
- SAUCE: rsi: handle BT traffic in driver
- SAUCE: rsi: add module parameter operating mode
- SAUCE: rsi: sdio changes to support BT
- SAUCE: rsi: improve RX handling in SDIO interface
- SAUCE: rsi: use dynamic RX control blocks instead of MAX_RX_URB
- SAUCE: rsi: improve RX packet handling in USB interface
- SAUCE: rsi: add support for hardware scan offload
- SAUCE: rsi: move xtend_desc structure from rsi_main.h to rsi_mgmt.h
- SAUCE: rsi: move descriptor preparation to core
- SAUCE: rsi: enable 80MHz clock by default
- SAUCE: rsi: roaming enhancements
- SAUCE: rsi: add module parameter rsi_reg
- SAUCE: rsi: regulatory modifications for 'dlcar' mode
- SAUCE: rsi: device disconnect changes
- SAUCE: rsi: tx improvements
- SAUCE: rsi: drop RX broadcast/multicast packets with invalid PN
- SAUCE: rsi: fix for incorrect data pointer alignment in 64-bit
- SAUCE: rsi: Remove stack VLA usage
- SAUCE: rsi: fix nommu_map_sg overflow kernel panic
- SAUCE: rsi: Fix 'invalid vdd' warning in mmc
- SAUCE: Redpine: Fix wowlan issue with S4
- SAUCE: Redpine: rsi: Add deep sleep enable 

[Group.of.nepali.translators] [Bug 1759303] Re: Update Aquantia driver to fix various issues

[Launchpad Bug Tracker]

This bug was fixed in the package linux-oem - 4.13.0-1028.31

---
linux-oem (4.13.0-1028.31) xenial; urgency=medium

  [ Ubuntu: 4.13.0-43.48 ]

  * CVE-2018-3639 (powerpc)
- SAUCE: rfi-flush: update H_CPU_* macro names to upstream
- SAUCE: rfi-flush: update plpar_get_cpu_characteristics() signature to
  upstream
- SAUCE: update pseries_setup_rfi_flush() capitalization to upstream
- powerpc/pseries: Support firmware disable of RFI flush
- powerpc/powernv: Support firmware disable of RFI flush
- powerpc/64s: Allow control of RFI flush via debugfs
- powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code
- powerpc/rfi-flush: Always enable fallback flush on pseries
- powerpc/rfi-flush: Differentiate enabled and patched flush types
- powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags
- powerpc: Add security feature flags for Spectre/Meltdown
- powerpc/powernv: Set or clear security feature flags
- powerpc/pseries: Set or clear security feature flags
- powerpc/powernv: Use the security flags in pnv_setup_rfi_flush()
- powerpc/pseries: Use the security flags in pseries_setup_rfi_flush()
- powerpc/pseries: Fix clearing of security feature flags
- powerpc: Move default security feature flags
- powerpc/pseries: Restore default security feature flags on setup
- powerpc/64s: Add support for a store forwarding barrier at kernel 
entry/exit
  * CVE-2018-3639 (x86)
- SAUCE: Add X86_FEATURE_ARCH_CAPABILITIES
- SAUCE: x86: Add alternative_msr_write
- x86/nospec: Simplify alternative_msr_write()
- x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
- x86/bugs: Concentrate bug detection into a separate function
- x86/bugs: Concentrate bug reporting into a separate function
- x86/msr: Add definitions for new speculation control MSRs
- x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
- x86/bugs, KVM: Support the combination of guest and host IBRS
- x86/bugs: Expose /sys/../spec_store_bypass
- x86/cpufeatures: Add X86_FEATURE_RDS
- x86/bugs: Provide boot parameters for the spec_store_bypass_disable
  mitigation
- x86/bugs/intel: Set proper CPU features and setup RDS
- x86/bugs: Whitelist allowed SPEC_CTRL MSR values
- x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested
- x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
- x86/speculation: Create spec-ctrl.h to avoid include hell
- prctl: Add speculation control prctls
- x86/process: Allow runtime control of Speculative Store Bypass
- x86/speculation: Add prctl for Speculative Store Bypass mitigation
- nospec: Allow getting/setting on non-current task
- proc: Provide details on speculation flaw mitigations
- seccomp: Enable speculation flaw mitigations
- SAUCE: x86/bugs: Honour SPEC_CTRL default
- x86/bugs: Make boot modes __ro_after_init
- prctl: Add force disable speculation
- seccomp: Use PR_SPEC_FORCE_DISABLE
- seccomp: Add filter flag to opt-out of SSB mitigation
- seccomp: Move speculation migitation control to arch code
- x86/speculation: Make "seccomp" the default mode for Speculative Store
  Bypass
- x86/bugs: Rename _RDS to _SSBD
- proc: Use underscores for SSBD in 'status'
- Documentation/spec_ctrl: Do some minor cleanups
- x86/bugs: Fix __ssb_select_mitigation() return type
- x86/bugs: Make cpu_show_common() static
  * LSM Stacking prctl values should be redefined as to not collide with
upstream prctls (LP: #1769263) // CVE-2018-3639
- SAUCE: LSM stacking: adjust prctl values

linux-oem (4.13.0-1027.30) xenial; urgency=medium

  * linux-oem: 4.13.0-1027.30 -proposed tracker (LP: #1769996)

  * set PINCFG_HEADSET_MIC to parse_flags for Dell precision 3630 (LP: #1766398)
- ALSA: hda/realtek - set PINCFG_HEADSET_MIC to parse_flags

  * Change the location for one of two front mics on a lenovo thinkcentre
machine (LP: #1766477)
- ALSA: hda/realtek - adjust the location of one mic

  * Update btusb reset-resume quirk to decrease power usage (LP: #1766197)
- SAUCE: Revert "usb: quirks: Add reset-resume quirk for Dell DW1820 QCA 
Rome
  Bluetooth"
- Bluetooth: btusb: Use DMI matching for QCA reset_resume quirking
- Bluetooth: btusb: Remove Yoga 920 from the btusb_needs_reset_resume_table
- Bluetooth: btusb: Add Dell OptiPlex 3060 to btusb_needs_reset_resume_table

  * Update Aquantia driver to fix various issues (LP: #1759303)
- SAUCE: Revert "net: aquantia: Reset nic statistics on interface up/down"
- SAUCE: Revert "net: aquantia: Add queue restarts stats counter"
- SAUCE: Revert "net: aquantia: Fixed transient link up/down/up 
notification"
- SAUCE: Revert "net: aquantia: Limit number of MSIX irqs to the number of
  cpus"
- SAUCE: Revert "net: aquantia: mmio unmap was not performed on driver
   

[Group.of.nepali.translators] [Bug 1770002] Re: linux-gcp: 4.13.0-1016.20 -proposed tracker

[Launchpad Bug Tracker]

This bug was fixed in the package linux-gcp - 4.13.0-1017.21

---
linux-gcp (4.13.0-1017.21) xenial; urgency=medium

  [ Ubuntu: 4.13.0-43.48 ]

  * CVE-2018-3639 (powerpc)
- SAUCE: rfi-flush: update H_CPU_* macro names to upstream
- SAUCE: rfi-flush: update plpar_get_cpu_characteristics() signature to
  upstream
- SAUCE: update pseries_setup_rfi_flush() capitalization to upstream
- powerpc/pseries: Support firmware disable of RFI flush
- powerpc/powernv: Support firmware disable of RFI flush
- powerpc/64s: Allow control of RFI flush via debugfs
- powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code
- powerpc/rfi-flush: Always enable fallback flush on pseries
- powerpc/rfi-flush: Differentiate enabled and patched flush types
- powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags
- powerpc: Add security feature flags for Spectre/Meltdown
- powerpc/powernv: Set or clear security feature flags
- powerpc/pseries: Set or clear security feature flags
- powerpc/powernv: Use the security flags in pnv_setup_rfi_flush()
- powerpc/pseries: Use the security flags in pseries_setup_rfi_flush()
- powerpc/pseries: Fix clearing of security feature flags
- powerpc: Move default security feature flags
- powerpc/pseries: Restore default security feature flags on setup
- powerpc/64s: Add support for a store forwarding barrier at kernel 
entry/exit
  * CVE-2018-3639 (x86)
- SAUCE: Add X86_FEATURE_ARCH_CAPABILITIES
- SAUCE: x86: Add alternative_msr_write
- x86/nospec: Simplify alternative_msr_write()
- x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
- x86/bugs: Concentrate bug detection into a separate function
- x86/bugs: Concentrate bug reporting into a separate function
- x86/msr: Add definitions for new speculation control MSRs
- x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
- x86/bugs, KVM: Support the combination of guest and host IBRS
- x86/bugs: Expose /sys/../spec_store_bypass
- x86/cpufeatures: Add X86_FEATURE_RDS
- x86/bugs: Provide boot parameters for the spec_store_bypass_disable
  mitigation
- x86/bugs/intel: Set proper CPU features and setup RDS
- x86/bugs: Whitelist allowed SPEC_CTRL MSR values
- x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested
- x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
- x86/speculation: Create spec-ctrl.h to avoid include hell
- prctl: Add speculation control prctls
- x86/process: Allow runtime control of Speculative Store Bypass
- x86/speculation: Add prctl for Speculative Store Bypass mitigation
- nospec: Allow getting/setting on non-current task
- proc: Provide details on speculation flaw mitigations
- seccomp: Enable speculation flaw mitigations
- SAUCE: x86/bugs: Honour SPEC_CTRL default
- x86/bugs: Make boot modes __ro_after_init
- prctl: Add force disable speculation
- seccomp: Use PR_SPEC_FORCE_DISABLE
- seccomp: Add filter flag to opt-out of SSB mitigation
- seccomp: Move speculation migitation control to arch code
- x86/speculation: Make "seccomp" the default mode for Speculative Store
  Bypass
- x86/bugs: Rename _RDS to _SSBD
- proc: Use underscores for SSBD in 'status'
- Documentation/spec_ctrl: Do some minor cleanups
- x86/bugs: Fix __ssb_select_mitigation() return type
- x86/bugs: Make cpu_show_common() static
  * LSM Stacking prctl values should be redefined as to not collide with
upstream prctls (LP: #1769263) // CVE-2018-3639
- SAUCE: LSM stacking: adjust prctl values

linux-gcp (4.13.0-1016.20) xenial; urgency=medium

  * linux-gcp: 4.13.0-1016.20 -proposed tracker (LP: #1770002)

  [ Ubuntu: 4.13.0-42.47 ]

  * linux: 4.13.0-42.47 -proposed tracker (LP: #1769993)
  * arm64: fix CONFIG_DEBUG_WX address reporting (LP: #1765850)
- arm64: fix CONFIG_DEBUG_WX address reporting
  * HiSilicon HNS NIC names are truncated in /proc/interrupts (LP: #1765977)
- net: hns: Avoid action name truncation
  * CVE-2017-18208
- mm/madvise.c: fix madvise() infinite loop under special circumstances
  * CVE-2018-8822
- staging: ncpfs: memory corruption in ncp_read_kernel()
  * CVE-2017-18203
- dm: fix race between dm_get_from_kobject() and __dm_destroy()
  * CVE-2017-17449
- netlink: Add netns check on taps
  * CVE-2017-17975
- media: usbtv: prevent double free in error case
  * [8086:3e92] display becomes blank after S3 (LP: #1763271)
- drm/i915/edp: Allow alternate fixed mode for eDP if available.
- drm/i915/dp: rename intel_dp_is_edp to intel_dp_is_port_edp
- drm/i915/dp: make is_edp non-static and rename to intel_dp_is_edp
- drm/i915/edp: Do not do link training fallback or prune modes on EDP
  * sky2 gigabit ethernet driver sometimes stops working after lid-open resume
from sleep (88E8055) (LP: #1758507)
 

[Group.of.nepali.translators] [Bug 1769997] Re: linux-azure: 4.13.0-1017.20 -proposed tracker

[Launchpad Bug Tracker]

This bug was fixed in the package linux-azure - 4.13.0-1018.21

---
linux-azure (4.13.0-1018.21) xenial; urgency=medium

  [ Ubuntu: 4.13.0-43.48 ]

  * CVE-2018-3639 (powerpc)
- SAUCE: rfi-flush: update H_CPU_* macro names to upstream
- SAUCE: rfi-flush: update plpar_get_cpu_characteristics() signature to
  upstream
- SAUCE: update pseries_setup_rfi_flush() capitalization to upstream
- powerpc/pseries: Support firmware disable of RFI flush
- powerpc/powernv: Support firmware disable of RFI flush
- powerpc/64s: Allow control of RFI flush via debugfs
- powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code
- powerpc/rfi-flush: Always enable fallback flush on pseries
- powerpc/rfi-flush: Differentiate enabled and patched flush types
- powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags
- powerpc: Add security feature flags for Spectre/Meltdown
- powerpc/powernv: Set or clear security feature flags
- powerpc/pseries: Set or clear security feature flags
- powerpc/powernv: Use the security flags in pnv_setup_rfi_flush()
- powerpc/pseries: Use the security flags in pseries_setup_rfi_flush()
- powerpc/pseries: Fix clearing of security feature flags
- powerpc: Move default security feature flags
- powerpc/pseries: Restore default security feature flags on setup
- powerpc/64s: Add support for a store forwarding barrier at kernel 
entry/exit
  * CVE-2018-3639 (x86)
- SAUCE: Add X86_FEATURE_ARCH_CAPABILITIES
- SAUCE: x86: Add alternative_msr_write
- x86/nospec: Simplify alternative_msr_write()
- x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
- x86/bugs: Concentrate bug detection into a separate function
- x86/bugs: Concentrate bug reporting into a separate function
- x86/msr: Add definitions for new speculation control MSRs
- x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
- x86/bugs, KVM: Support the combination of guest and host IBRS
- x86/bugs: Expose /sys/../spec_store_bypass
- x86/cpufeatures: Add X86_FEATURE_RDS
- x86/bugs: Provide boot parameters for the spec_store_bypass_disable
  mitigation
- x86/bugs/intel: Set proper CPU features and setup RDS
- x86/bugs: Whitelist allowed SPEC_CTRL MSR values
- x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested
- x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
- x86/speculation: Create spec-ctrl.h to avoid include hell
- prctl: Add speculation control prctls
- x86/process: Allow runtime control of Speculative Store Bypass
- x86/speculation: Add prctl for Speculative Store Bypass mitigation
- nospec: Allow getting/setting on non-current task
- proc: Provide details on speculation flaw mitigations
- seccomp: Enable speculation flaw mitigations
- SAUCE: x86/bugs: Honour SPEC_CTRL default
- x86/bugs: Make boot modes __ro_after_init
- prctl: Add force disable speculation
- seccomp: Use PR_SPEC_FORCE_DISABLE
- seccomp: Add filter flag to opt-out of SSB mitigation
- seccomp: Move speculation migitation control to arch code
- x86/speculation: Make "seccomp" the default mode for Speculative Store
  Bypass
- x86/bugs: Rename _RDS to _SSBD
- proc: Use underscores for SSBD in 'status'
- Documentation/spec_ctrl: Do some minor cleanups
- x86/bugs: Fix __ssb_select_mitigation() return type
- x86/bugs: Make cpu_show_common() static
  * LSM Stacking prctl values should be redefined as to not collide with
upstream prctls (LP: #1769263) // CVE-2018-3639
- SAUCE: LSM stacking: adjust prctl values

  [ Ubuntu: 4.13.0-42.47 ]

  * linux: 4.13.0-42.47 -proposed tracker (LP: #1769993)
  * arm64: fix CONFIG_DEBUG_WX address reporting (LP: #1765850)
- arm64: fix CONFIG_DEBUG_WX address reporting
  * HiSilicon HNS NIC names are truncated in /proc/interrupts (LP: #1765977)
- net: hns: Avoid action name truncation
  * CVE-2017-18208
- mm/madvise.c: fix madvise() infinite loop under special circumstances
  * CVE-2018-8822
- staging: ncpfs: memory corruption in ncp_read_kernel()
  * CVE-2017-18203
- dm: fix race between dm_get_from_kobject() and __dm_destroy()
  * CVE-2017-17449
- netlink: Add netns check on taps
  * CVE-2017-17975
- media: usbtv: prevent double free in error case
  * [8086:3e92] display becomes blank after S3 (LP: #1763271)
- drm/i915/edp: Allow alternate fixed mode for eDP if available.
- drm/i915/dp: rename intel_dp_is_edp to intel_dp_is_port_edp
- drm/i915/dp: make is_edp non-static and rename to intel_dp_is_edp
- drm/i915/edp: Do not do link training fallback or prune modes on EDP
  * sky2 gigabit ethernet driver sometimes stops working after lid-open resume
from sleep (88E8055) (LP: #1758507)
- sky2: Increase D3 delay to sky2 stops working after suspend
  * perf vendor events arm64: Enable JSON 

[Group.of.nepali.translators] [Bug 1770011] Re: linux: 4.4.0-125.150 -proposed tracker

[Launchpad Bug Tracker]

This bug was fixed in the package linux - 4.4.0-127.153

---
linux (4.4.0-127.153) xenial; urgency=medium

  * CVE-2018-3639 (powerpc)
- powerpc/pseries: Support firmware disable of RFI flush
- powerpc/powernv: Support firmware disable of RFI flush
- powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code
- powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again
- powerpc/rfi-flush: Always enable fallback flush on pseries
- powerpc/rfi-flush: Differentiate enabled and patched flush types
- powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration
- powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags
- powerpc: Add security feature flags for Spectre/Meltdown
- powerpc/pseries: Set or clear security feature flags
- powerpc/powernv: Set or clear security feature flags
- powerpc/64s: Move cpu_show_meltdown()
- powerpc/64s: Enhance the information in cpu_show_meltdown()
- powerpc/powernv: Use the security flags in pnv_setup_rfi_flush()
- powerpc/pseries: Use the security flags in pseries_setup_rfi_flush()
- powerpc/64s: Wire up cpu_show_spectre_v1()
- powerpc/64s: Wire up cpu_show_spectre_v2()
- powerpc/pseries: Fix clearing of security feature flags
- powerpc: Move default security feature flags
- powerpc/pseries: Restore default security feature flags on setup
- SAUCE: powerpc/64s: Add support for a store forwarding barrier at kernel
  entry/exit

  * CVE-2018-3639 (x86)
- SAUCE: Clean up IBPB and IBRS control functions and macros
- SAUCE: Fix up IBPB and IBRS kernel parameters documentation
- SAUCE: Remove #define X86_FEATURE_PTI
- x86/cpufeature: Move some of the scattered feature bits to x86_capability
- x86/cpufeature: Cleanup get_cpu_cap()
- x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6
- x86/cpufeatures: Add CPUID_7_EDX CPUID leaf
- x86/cpufeatures: Add Intel feature bits for Speculation Control
- SAUCE: x86/kvm: Expose SPEC_CTRL from the leaf
- x86/cpufeatures: Add AMD feature bits for Speculation Control
- x86/msr: Add definitions for new speculation control MSRs
- SAUCE: x86/msr: Rename MSR spec control feature bits
- x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
- x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 
microcodes
- x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) 
support
- x86/speculation: Add  dependency
- x86/cpufeatures: Clean up Spectre v2 related CPUID flags
- x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel
- SAUCE: x86/speculation: Move vendor specific IBRS/IBPB control code
- SAUCE: x86: Add alternative_msr_write
- SAUCE: x86/nospec: Simplify alternative_msr_write()
- SAUCE: x86/bugs: Concentrate bug detection into a separate function
- SAUCE: x86/bugs: Concentrate bug reporting into a separate function
- arch: Introduce post-init read-only memory
- SAUCE: x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
- SAUCE: x86/bugs, KVM: Support the combination of guest and host IBRS
- SAUCE: x86/bugs: Expose /sys/../spec_store_bypass
- SAUCE: x86/cpufeatures: Add X86_FEATURE_RDS
- SAUCE: x86/bugs: Provide boot parameters for the spec_store_bypass_disable
  mitigation
- SAUCE: x86/bugs/intel: Set proper CPU features and setup RDS
- SAUCE: x86/bugs: Whitelist allowed SPEC_CTRL MSR values
- SAUCE: x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if
  requested
- SAUCE: x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
- SAUCE: x86/speculation: Create spec-ctrl.h to avoid include hell
- SAUCE: prctl: Add speculation control prctls
- x86/process: Optimize TIF checks in __switch_to_xtra()
- SAUCE: x86/process: Allow runtime control of Speculative Store Bypass
- SAUCE: x86/speculation: Add prctl for Speculative Store Bypass mitigation
- SAUCE: nospec: Allow getting/setting on non-current task
- SAUCE: proc: Provide details on speculation flaw mitigations
- SAUCE: seccomp: Enable speculation flaw mitigations
- SAUCE: x86/bugs: Honour SPEC_CTRL default
- SAUCE: x86/bugs: Make boot modes __ro_after_init
- SAUCE: prctl: Add force disable speculation
- SAUCE: seccomp: Use PR_SPEC_FORCE_DISABLE
- selftest/seccomp: Fix the flag name SECCOMP_FILTER_FLAG_TSYNC
- SAUCE: seccomp: Add filter flag to opt-out of SSB mitigation
- SAUCE: seccomp: Move speculation migitation control to arch code
- SAUCE: x86/speculation: Make "seccomp" the default mode for Speculative
  Store Bypass
- SAUCE: x86/bugs: Rename _RDS to _SSBD
- SAUCE: proc: Use underscores for SSBD in 'status'
- SAUCE: Documentation/spec_ctrl: Do some minor cleanups
- SAUCE: x86/bugs: Fix __ssb_select_mitigation() return type
- SAUCE: x86/bugs: Make cpu_show_common() static

[Group.of.nepali.translators] [Bug 1769996] Re: linux-oem: 4.13.0-1027.30 -proposed tracker

[Launchpad Bug Tracker]

This bug was fixed in the package linux-oem - 4.13.0-1028.31

---
linux-oem (4.13.0-1028.31) xenial; urgency=medium

  [ Ubuntu: 4.13.0-43.48 ]

  * CVE-2018-3639 (powerpc)
- SAUCE: rfi-flush: update H_CPU_* macro names to upstream
- SAUCE: rfi-flush: update plpar_get_cpu_characteristics() signature to
  upstream
- SAUCE: update pseries_setup_rfi_flush() capitalization to upstream
- powerpc/pseries: Support firmware disable of RFI flush
- powerpc/powernv: Support firmware disable of RFI flush
- powerpc/64s: Allow control of RFI flush via debugfs
- powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code
- powerpc/rfi-flush: Always enable fallback flush on pseries
- powerpc/rfi-flush: Differentiate enabled and patched flush types
- powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags
- powerpc: Add security feature flags for Spectre/Meltdown
- powerpc/powernv: Set or clear security feature flags
- powerpc/pseries: Set or clear security feature flags
- powerpc/powernv: Use the security flags in pnv_setup_rfi_flush()
- powerpc/pseries: Use the security flags in pseries_setup_rfi_flush()
- powerpc/pseries: Fix clearing of security feature flags
- powerpc: Move default security feature flags
- powerpc/pseries: Restore default security feature flags on setup
- powerpc/64s: Add support for a store forwarding barrier at kernel 
entry/exit
  * CVE-2018-3639 (x86)
- SAUCE: Add X86_FEATURE_ARCH_CAPABILITIES
- SAUCE: x86: Add alternative_msr_write
- x86/nospec: Simplify alternative_msr_write()
- x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
- x86/bugs: Concentrate bug detection into a separate function
- x86/bugs: Concentrate bug reporting into a separate function
- x86/msr: Add definitions for new speculation control MSRs
- x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
- x86/bugs, KVM: Support the combination of guest and host IBRS
- x86/bugs: Expose /sys/../spec_store_bypass
- x86/cpufeatures: Add X86_FEATURE_RDS
- x86/bugs: Provide boot parameters for the spec_store_bypass_disable
  mitigation
- x86/bugs/intel: Set proper CPU features and setup RDS
- x86/bugs: Whitelist allowed SPEC_CTRL MSR values
- x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested
- x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
- x86/speculation: Create spec-ctrl.h to avoid include hell
- prctl: Add speculation control prctls
- x86/process: Allow runtime control of Speculative Store Bypass
- x86/speculation: Add prctl for Speculative Store Bypass mitigation
- nospec: Allow getting/setting on non-current task
- proc: Provide details on speculation flaw mitigations
- seccomp: Enable speculation flaw mitigations
- SAUCE: x86/bugs: Honour SPEC_CTRL default
- x86/bugs: Make boot modes __ro_after_init
- prctl: Add force disable speculation
- seccomp: Use PR_SPEC_FORCE_DISABLE
- seccomp: Add filter flag to opt-out of SSB mitigation
- seccomp: Move speculation migitation control to arch code
- x86/speculation: Make "seccomp" the default mode for Speculative Store
  Bypass
- x86/bugs: Rename _RDS to _SSBD
- proc: Use underscores for SSBD in 'status'
- Documentation/spec_ctrl: Do some minor cleanups
- x86/bugs: Fix __ssb_select_mitigation() return type
- x86/bugs: Make cpu_show_common() static
  * LSM Stacking prctl values should be redefined as to not collide with
upstream prctls (LP: #1769263) // CVE-2018-3639
- SAUCE: LSM stacking: adjust prctl values

linux-oem (4.13.0-1027.30) xenial; urgency=medium

  * linux-oem: 4.13.0-1027.30 -proposed tracker (LP: #1769996)

  * set PINCFG_HEADSET_MIC to parse_flags for Dell precision 3630 (LP: #1766398)
- ALSA: hda/realtek - set PINCFG_HEADSET_MIC to parse_flags

  * Change the location for one of two front mics on a lenovo thinkcentre
machine (LP: #1766477)
- ALSA: hda/realtek - adjust the location of one mic

  * Update btusb reset-resume quirk to decrease power usage (LP: #1766197)
- SAUCE: Revert "usb: quirks: Add reset-resume quirk for Dell DW1820 QCA 
Rome
  Bluetooth"
- Bluetooth: btusb: Use DMI matching for QCA reset_resume quirking
- Bluetooth: btusb: Remove Yoga 920 from the btusb_needs_reset_resume_table
- Bluetooth: btusb: Add Dell OptiPlex 3060 to btusb_needs_reset_resume_table

  * Update Aquantia driver to fix various issues (LP: #1759303)
- SAUCE: Revert "net: aquantia: Reset nic statistics on interface up/down"
- SAUCE: Revert "net: aquantia: Add queue restarts stats counter"
- SAUCE: Revert "net: aquantia: Fixed transient link up/down/up 
notification"
- SAUCE: Revert "net: aquantia: Limit number of MSIX irqs to the number of
  cpus"
- SAUCE: Revert "net: aquantia: mmio unmap was not performed on driver
   

[Group.of.nepali.translators] [Bug 1766832] Re: test_140_kernel_modules_not_tainted in kernel security test failed with 4.15 kvm kernel

[Launchpad Bug Tracker]

This bug was fixed in the package linux-kvm - 4.15.0-1010.10

---
linux-kvm (4.15.0-1010.10) bionic; urgency=medium

  [ Ubuntu: 4.15.0-22.24 ]

  * CVE-2018-3639 (powerpc)
- powerpc/64s: Add support for a store forwarding barrier at kernel 
entry/exit
- stf-barrier: set eieio instruction bit 6 for future optimisations
  * CVE-2018-3639 (x86)
- x86/nospec: Simplify alternative_msr_write()
- x86/bugs: Concentrate bug detection into a separate function
- x86/bugs: Concentrate bug reporting into a separate function
- x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
- x86/bugs, KVM: Support the combination of guest and host IBRS
- x86/bugs: Expose /sys/../spec_store_bypass
- x86/cpufeatures: Add X86_FEATURE_RDS
- x86/bugs: Provide boot parameters for the spec_store_bypass_disable
  mitigation
- x86/bugs/intel: Set proper CPU features and setup RDS
- x86/bugs: Whitelist allowed SPEC_CTRL MSR values
- x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested
- x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
- x86/speculation: Create spec-ctrl.h to avoid include hell
- prctl: Add speculation control prctls
- x86/process: Allow runtime control of Speculative Store Bypass
- x86/speculation: Add prctl for Speculative Store Bypass mitigation
- nospec: Allow getting/setting on non-current task
- proc: Provide details on speculation flaw mitigations
- seccomp: Enable speculation flaw mitigations
- x86/bugs: Make boot modes __ro_after_init
- prctl: Add force disable speculation
- seccomp: Use PR_SPEC_FORCE_DISABLE
- seccomp: Add filter flag to opt-out of SSB mitigation
- seccomp: Move speculation migitation control to arch code
- x86/speculation: Make "seccomp" the default mode for Speculative Store
  Bypass
- x86/bugs: Rename _RDS to _SSBD
- proc: Use underscores for SSBD in 'status'
- Documentation/spec_ctrl: Do some minor cleanups
- x86/bugs: Fix __ssb_select_mitigation() return type
- x86/bugs: Make cpu_show_common() static
  * LSM Stacking prctl values should be redefined as to not collide with
upstream prctls (LP: #1769263) // CVE-2018-3639
- SAUCE: LSM stacking: adjust prctl values

linux-kvm (4.15.0-1009.9) bionic; urgency=medium

  * linux-kvm: 4.15.0-1009.9 -proposed tracker (LP: #1767409)

  * linux-image-4.15.0-20-generic install after upgrade from xenial breaks
(LP: #1767133)
- Packaging: Depends on linux-base that provides the necessary tools

  * Unable to start docker application with B-KVM kernel (LP: #1763630)
- kvm: [config] enable NF_NAT, NF_CONNTRACK
- kvm: [config] enable IP_NF_TABLES

  * test_078_SLAB_freelist_randomization failed on 4.15 KVM kernel
(LP: #1764975)
- kvm: [config] enable CONFIG_SLAB_FREELIST_{HARDENED,RANDOM}

  * linux-kvm 4.15 needs CONFIG_VMAP_STACK set (LP: #1764985)
- kvm: [config] enable CONFIG_VMAP_STACK

  * test_140_kernel_modules_not_tainted in kernel security test failed with 4.15
kvm kernel (LP: #1766832)
- kvm: [config] enable CONFIG_MODULE_UNLOAD

  [ Ubuntu: 4.15.0-21.22 ]

  * linux: 4.15.0-21.22 -proposed tracker (LP: #1767397)
  * initramfs-tools exception during pm.DoInstall with  do-release-upgrade from
16.04 to 18.04  (LP: #1766727)
- Add linux-image-* Breaks on s390-tools (<< 2.3.0-0ubuntu3)
  * linux-image-4.15.0-20-generic install after upgrade from xenial breaks
(LP: #1767133)
- Packaging: Depends on linux-base that provides the necessary tools
  * linux-image packages need to Breaks flash-kernel << 3.90ubuntu2
(LP: #1766629)
- linux-image-* breaks on flash-kernel (<< 3.90ubuntu2)

 -- Stefan Bader   Thu, 17 May 2018 10:30:53
+0200

** Changed in: linux-kvm (Ubuntu Bionic)
   Status: Fix Committed => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-3639

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1766832

Title:
  test_140_kernel_modules_not_tainted in kernel security test failed
  with 4.15 kvm kernel

Status in linux-kvm package in Ubuntu:
  Fix Committed
Status in linux-kvm source package in Xenial:
  Fix Committed
Status in linux-kvm source package in Bionic:
  Fix Released

Bug description:
  == Justification ==
  In the Bionic KVM and Xenial KVM kernel, the CONFIG_MODULE_UNLOAD was not 
set, this will cause the rmmod command in test_072_strict_devmem test from the 
kernel security test suite fail to run, and induce a failure in the following 
test_140_kernel_modules_not_tainted test.

  == Test ==
  Before enabling the config, rmmod command will return:
  "ERROR: Module signpost is in use"
  After the config was enabled, rmmod will succeed and it will pass with this 

[Group.of.nepali.translators] [Bug 1766398] Re: set PINCFG_HEADSET_MIC to parse_flags for Dell precision 3630

[Launchpad Bug Tracker]

This bug was fixed in the package linux-oem - 4.13.0-1028.31

---
linux-oem (4.13.0-1028.31) xenial; urgency=medium

  [ Ubuntu: 4.13.0-43.48 ]

  * CVE-2018-3639 (powerpc)
- SAUCE: rfi-flush: update H_CPU_* macro names to upstream
- SAUCE: rfi-flush: update plpar_get_cpu_characteristics() signature to
  upstream
- SAUCE: update pseries_setup_rfi_flush() capitalization to upstream
- powerpc/pseries: Support firmware disable of RFI flush
- powerpc/powernv: Support firmware disable of RFI flush
- powerpc/64s: Allow control of RFI flush via debugfs
- powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code
- powerpc/rfi-flush: Always enable fallback flush on pseries
- powerpc/rfi-flush: Differentiate enabled and patched flush types
- powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags
- powerpc: Add security feature flags for Spectre/Meltdown
- powerpc/powernv: Set or clear security feature flags
- powerpc/pseries: Set or clear security feature flags
- powerpc/powernv: Use the security flags in pnv_setup_rfi_flush()
- powerpc/pseries: Use the security flags in pseries_setup_rfi_flush()
- powerpc/pseries: Fix clearing of security feature flags
- powerpc: Move default security feature flags
- powerpc/pseries: Restore default security feature flags on setup
- powerpc/64s: Add support for a store forwarding barrier at kernel 
entry/exit
  * CVE-2018-3639 (x86)
- SAUCE: Add X86_FEATURE_ARCH_CAPABILITIES
- SAUCE: x86: Add alternative_msr_write
- x86/nospec: Simplify alternative_msr_write()
- x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
- x86/bugs: Concentrate bug detection into a separate function
- x86/bugs: Concentrate bug reporting into a separate function
- x86/msr: Add definitions for new speculation control MSRs
- x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
- x86/bugs, KVM: Support the combination of guest and host IBRS
- x86/bugs: Expose /sys/../spec_store_bypass
- x86/cpufeatures: Add X86_FEATURE_RDS
- x86/bugs: Provide boot parameters for the spec_store_bypass_disable
  mitigation
- x86/bugs/intel: Set proper CPU features and setup RDS
- x86/bugs: Whitelist allowed SPEC_CTRL MSR values
- x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested
- x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
- x86/speculation: Create spec-ctrl.h to avoid include hell
- prctl: Add speculation control prctls
- x86/process: Allow runtime control of Speculative Store Bypass
- x86/speculation: Add prctl for Speculative Store Bypass mitigation
- nospec: Allow getting/setting on non-current task
- proc: Provide details on speculation flaw mitigations
- seccomp: Enable speculation flaw mitigations
- SAUCE: x86/bugs: Honour SPEC_CTRL default
- x86/bugs: Make boot modes __ro_after_init
- prctl: Add force disable speculation
- seccomp: Use PR_SPEC_FORCE_DISABLE
- seccomp: Add filter flag to opt-out of SSB mitigation
- seccomp: Move speculation migitation control to arch code
- x86/speculation: Make "seccomp" the default mode for Speculative Store
  Bypass
- x86/bugs: Rename _RDS to _SSBD
- proc: Use underscores for SSBD in 'status'
- Documentation/spec_ctrl: Do some minor cleanups
- x86/bugs: Fix __ssb_select_mitigation() return type
- x86/bugs: Make cpu_show_common() static
  * LSM Stacking prctl values should be redefined as to not collide with
upstream prctls (LP: #1769263) // CVE-2018-3639
- SAUCE: LSM stacking: adjust prctl values

linux-oem (4.13.0-1027.30) xenial; urgency=medium

  * linux-oem: 4.13.0-1027.30 -proposed tracker (LP: #1769996)

  * set PINCFG_HEADSET_MIC to parse_flags for Dell precision 3630 (LP: #1766398)
- ALSA: hda/realtek - set PINCFG_HEADSET_MIC to parse_flags

  * Change the location for one of two front mics on a lenovo thinkcentre
machine (LP: #1766477)
- ALSA: hda/realtek - adjust the location of one mic

  * Update btusb reset-resume quirk to decrease power usage (LP: #1766197)
- SAUCE: Revert "usb: quirks: Add reset-resume quirk for Dell DW1820 QCA 
Rome
  Bluetooth"
- Bluetooth: btusb: Use DMI matching for QCA reset_resume quirking
- Bluetooth: btusb: Remove Yoga 920 from the btusb_needs_reset_resume_table
- Bluetooth: btusb: Add Dell OptiPlex 3060 to btusb_needs_reset_resume_table

  * Update Aquantia driver to fix various issues (LP: #1759303)
- SAUCE: Revert "net: aquantia: Reset nic statistics on interface up/down"
- SAUCE: Revert "net: aquantia: Add queue restarts stats counter"
- SAUCE: Revert "net: aquantia: Fixed transient link up/down/up 
notification"
- SAUCE: Revert "net: aquantia: Limit number of MSIX irqs to the number of
  cpus"
- SAUCE: Revert "net: aquantia: mmio unmap was not performed on driver
   

[Group.of.nepali.translators] [Bug 1766477] Re: Change the location for one of two front mics on a lenovo thinkcentre machine

[Launchpad Bug Tracker]

This bug was fixed in the package linux-oem - 4.13.0-1028.31

---
linux-oem (4.13.0-1028.31) xenial; urgency=medium

  [ Ubuntu: 4.13.0-43.48 ]

  * CVE-2018-3639 (powerpc)
- SAUCE: rfi-flush: update H_CPU_* macro names to upstream
- SAUCE: rfi-flush: update plpar_get_cpu_characteristics() signature to
  upstream
- SAUCE: update pseries_setup_rfi_flush() capitalization to upstream
- powerpc/pseries: Support firmware disable of RFI flush
- powerpc/powernv: Support firmware disable of RFI flush
- powerpc/64s: Allow control of RFI flush via debugfs
- powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code
- powerpc/rfi-flush: Always enable fallback flush on pseries
- powerpc/rfi-flush: Differentiate enabled and patched flush types
- powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags
- powerpc: Add security feature flags for Spectre/Meltdown
- powerpc/powernv: Set or clear security feature flags
- powerpc/pseries: Set or clear security feature flags
- powerpc/powernv: Use the security flags in pnv_setup_rfi_flush()
- powerpc/pseries: Use the security flags in pseries_setup_rfi_flush()
- powerpc/pseries: Fix clearing of security feature flags
- powerpc: Move default security feature flags
- powerpc/pseries: Restore default security feature flags on setup
- powerpc/64s: Add support for a store forwarding barrier at kernel 
entry/exit
  * CVE-2018-3639 (x86)
- SAUCE: Add X86_FEATURE_ARCH_CAPABILITIES
- SAUCE: x86: Add alternative_msr_write
- x86/nospec: Simplify alternative_msr_write()
- x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
- x86/bugs: Concentrate bug detection into a separate function
- x86/bugs: Concentrate bug reporting into a separate function
- x86/msr: Add definitions for new speculation control MSRs
- x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
- x86/bugs, KVM: Support the combination of guest and host IBRS
- x86/bugs: Expose /sys/../spec_store_bypass
- x86/cpufeatures: Add X86_FEATURE_RDS
- x86/bugs: Provide boot parameters for the spec_store_bypass_disable
  mitigation
- x86/bugs/intel: Set proper CPU features and setup RDS
- x86/bugs: Whitelist allowed SPEC_CTRL MSR values
- x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested
- x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
- x86/speculation: Create spec-ctrl.h to avoid include hell
- prctl: Add speculation control prctls
- x86/process: Allow runtime control of Speculative Store Bypass
- x86/speculation: Add prctl for Speculative Store Bypass mitigation
- nospec: Allow getting/setting on non-current task
- proc: Provide details on speculation flaw mitigations
- seccomp: Enable speculation flaw mitigations
- SAUCE: x86/bugs: Honour SPEC_CTRL default
- x86/bugs: Make boot modes __ro_after_init
- prctl: Add force disable speculation
- seccomp: Use PR_SPEC_FORCE_DISABLE
- seccomp: Add filter flag to opt-out of SSB mitigation
- seccomp: Move speculation migitation control to arch code
- x86/speculation: Make "seccomp" the default mode for Speculative Store
  Bypass
- x86/bugs: Rename _RDS to _SSBD
- proc: Use underscores for SSBD in 'status'
- Documentation/spec_ctrl: Do some minor cleanups
- x86/bugs: Fix __ssb_select_mitigation() return type
- x86/bugs: Make cpu_show_common() static
  * LSM Stacking prctl values should be redefined as to not collide with
upstream prctls (LP: #1769263) // CVE-2018-3639
- SAUCE: LSM stacking: adjust prctl values

linux-oem (4.13.0-1027.30) xenial; urgency=medium

  * linux-oem: 4.13.0-1027.30 -proposed tracker (LP: #1769996)

  * set PINCFG_HEADSET_MIC to parse_flags for Dell precision 3630 (LP: #1766398)
- ALSA: hda/realtek - set PINCFG_HEADSET_MIC to parse_flags

  * Change the location for one of two front mics on a lenovo thinkcentre
machine (LP: #1766477)
- ALSA: hda/realtek - adjust the location of one mic

  * Update btusb reset-resume quirk to decrease power usage (LP: #1766197)
- SAUCE: Revert "usb: quirks: Add reset-resume quirk for Dell DW1820 QCA 
Rome
  Bluetooth"
- Bluetooth: btusb: Use DMI matching for QCA reset_resume quirking
- Bluetooth: btusb: Remove Yoga 920 from the btusb_needs_reset_resume_table
- Bluetooth: btusb: Add Dell OptiPlex 3060 to btusb_needs_reset_resume_table

  * Update Aquantia driver to fix various issues (LP: #1759303)
- SAUCE: Revert "net: aquantia: Reset nic statistics on interface up/down"
- SAUCE: Revert "net: aquantia: Add queue restarts stats counter"
- SAUCE: Revert "net: aquantia: Fixed transient link up/down/up 
notification"
- SAUCE: Revert "net: aquantia: Limit number of MSIX irqs to the number of
  cpus"
- SAUCE: Revert "net: aquantia: mmio unmap was not performed on driver
   

[Group.of.nepali.translators] [Bug 1766727] Re: initramfs-tools exception during pm.DoInstall with do-release-upgrade from 16.04 to 18.04

[Launchpad Bug Tracker]

This bug was fixed in the package linux-hwe-edge - 4.15.0-22.24~16.04.1

---
linux-hwe-edge (4.15.0-22.24~16.04.1) xenial; urgency=medium

  * CVE-2018-3639 (powerpc)
- powerpc/64s: Add support for a store forwarding barrier at kernel 
entry/exit
- stf-barrier: set eieio instruction bit 6 for future optimisations

  * CVE-2018-3639 (x86)
- x86/nospec: Simplify alternative_msr_write()
- x86/bugs: Concentrate bug detection into a separate function
- x86/bugs: Concentrate bug reporting into a separate function
- x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
- x86/bugs, KVM: Support the combination of guest and host IBRS
- x86/bugs: Expose /sys/../spec_store_bypass
- x86/cpufeatures: Add X86_FEATURE_RDS
- x86/bugs: Provide boot parameters for the spec_store_bypass_disable
  mitigation
- x86/bugs/intel: Set proper CPU features and setup RDS
- x86/bugs: Whitelist allowed SPEC_CTRL MSR values
- x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested
- x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
- x86/speculation: Create spec-ctrl.h to avoid include hell
- prctl: Add speculation control prctls
- x86/process: Allow runtime control of Speculative Store Bypass
- x86/speculation: Add prctl for Speculative Store Bypass mitigation
- nospec: Allow getting/setting on non-current task
- proc: Provide details on speculation flaw mitigations
- seccomp: Enable speculation flaw mitigations
- x86/bugs: Make boot modes __ro_after_init
- prctl: Add force disable speculation
- seccomp: Use PR_SPEC_FORCE_DISABLE
- seccomp: Add filter flag to opt-out of SSB mitigation
- seccomp: Move speculation migitation control to arch code
- x86/speculation: Make "seccomp" the default mode for Speculative Store
  Bypass
- x86/bugs: Rename _RDS to _SSBD
- proc: Use underscores for SSBD in 'status'
- Documentation/spec_ctrl: Do some minor cleanups
- x86/bugs: Fix __ssb_select_mitigation() return type
- x86/bugs: Make cpu_show_common() static

  * LSM Stacking prctl values should be redefined as to not collide with
upstream prctls (LP: #1769263) // CVE-2018-3639
- SAUCE: LSM stacking: adjust prctl values

linux (4.15.0-21.22) bionic; urgency=medium

  * linux: 4.15.0-21.22 -proposed tracker (LP: #1767397)

  * initramfs-tools exception during pm.DoInstall with  do-release-upgrade from
16.04 to 18.04  (LP: #1766727)
- Add linux-image-* Breaks on s390-tools (<< 2.3.0-0ubuntu3)

  * linux-image-4.15.0-20-generic install after upgrade from xenial breaks
(LP: #1767133)
- Packaging: Depends on linux-base that provides the necessary tools

  * linux-image packages need to Breaks flash-kernel << 3.90ubuntu2
(LP: #1766629)
- linux-image-* breaks on flash-kernel (<< 3.90ubuntu2)

 -- Stefan Bader   Tue, 15 May 2018 07:41:28
+0200

** Changed in: linux-hwe-edge (Ubuntu Xenial)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1766727

Title:
  initramfs-tools exception during pm.DoInstall with  do-release-upgrade
  from 16.04 to 18.04

Status in Ubuntu on IBM z Systems:
  Fix Released
Status in initramfs-tools package in Ubuntu:
  Invalid
Status in linux package in Ubuntu:
  Fix Committed
Status in linux-hwe-edge package in Ubuntu:
  Fix Committed
Status in s390-tools package in Ubuntu:
  Fix Released
Status in ubuntu-release-upgrader package in Ubuntu:
  Invalid
Status in initramfs-tools source package in Xenial:
  Invalid
Status in linux source package in Xenial:
  New
Status in linux-hwe-edge source package in Xenial:
  Fix Released
Status in s390-tools source package in Xenial:
  Fix Released
Status in ubuntu-release-upgrader source package in Xenial:
  Invalid
Status in initramfs-tools source package in Bionic:
  Invalid
Status in linux source package in Bionic:
  Fix Released
Status in linux-hwe-edge source package in Bionic:
  Invalid
Status in s390-tools source package in Bionic:
  Fix Released
Status in ubuntu-release-upgrader source package in Bionic:
  Invalid

Bug description:
  [Impact]
  Upgrades of linux-image-generic-hwe-16.04-edge will fail to configure because 
the post-update script for zipl will fail.

  [Test Case]
  Upgrade linux-image-generic-hwe-16.04-edge from xenial to xenial-proposed on 
s390x.

  [Regression]
  zipl update on s390x might fail, causing the system to be unbootable.

  
  

  Upgrading from 16.04 to 18.04 using 'do-release-upgrade -d' results
  in:

  Errors were encountered while processing:
   initramfs-tools
  Exception during pm.DoInstall():  E:Sub-process /usr/bin/dpkg returned an 
error code (1)

  Could not install the upgrades

  The upgrade 

[Group.of.nepali.translators] [Bug 1766727] Re: initramfs-tools exception during pm.DoInstall with do-release-upgrade from 16.04 to 18.04

[Launchpad Bug Tracker]

This bug was fixed in the package linux - 4.15.0-22.24

---
linux (4.15.0-22.24) bionic; urgency=medium

  * CVE-2018-3639 (powerpc)
- powerpc/64s: Add support for a store forwarding barrier at kernel 
entry/exit
- stf-barrier: set eieio instruction bit 6 for future optimisations

  * CVE-2018-3639 (x86)
- x86/nospec: Simplify alternative_msr_write()
- x86/bugs: Concentrate bug detection into a separate function
- x86/bugs: Concentrate bug reporting into a separate function
- x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
- x86/bugs, KVM: Support the combination of guest and host IBRS
- x86/bugs: Expose /sys/../spec_store_bypass
- x86/cpufeatures: Add X86_FEATURE_RDS
- x86/bugs: Provide boot parameters for the spec_store_bypass_disable
  mitigation
- x86/bugs/intel: Set proper CPU features and setup RDS
- x86/bugs: Whitelist allowed SPEC_CTRL MSR values
- x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested
- x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
- x86/speculation: Create spec-ctrl.h to avoid include hell
- prctl: Add speculation control prctls
- x86/process: Allow runtime control of Speculative Store Bypass
- x86/speculation: Add prctl for Speculative Store Bypass mitigation
- nospec: Allow getting/setting on non-current task
- proc: Provide details on speculation flaw mitigations
- seccomp: Enable speculation flaw mitigations
- x86/bugs: Make boot modes __ro_after_init
- prctl: Add force disable speculation
- seccomp: Use PR_SPEC_FORCE_DISABLE
- seccomp: Add filter flag to opt-out of SSB mitigation
- seccomp: Move speculation migitation control to arch code
- x86/speculation: Make "seccomp" the default mode for Speculative Store
  Bypass
- x86/bugs: Rename _RDS to _SSBD
- proc: Use underscores for SSBD in 'status'
- Documentation/spec_ctrl: Do some minor cleanups
- x86/bugs: Fix __ssb_select_mitigation() return type
- x86/bugs: Make cpu_show_common() static

  * LSM Stacking prctl values should be redefined as to not collide with
upstream prctls (LP: #1769263) // CVE-2018-3639
- SAUCE: LSM stacking: adjust prctl values

linux (4.15.0-21.22) bionic; urgency=medium

  * linux: 4.15.0-21.22 -proposed tracker (LP: #1767397)

  * initramfs-tools exception during pm.DoInstall with  do-release-upgrade from
16.04 to 18.04  (LP: #1766727)
- Add linux-image-* Breaks on s390-tools (<< 2.3.0-0ubuntu3)

  * linux-image-4.15.0-20-generic install after upgrade from xenial breaks
(LP: #1767133)
- Packaging: Depends on linux-base that provides the necessary tools

  * linux-image packages need to Breaks flash-kernel << 3.90ubuntu2
(LP: #1766629)
- linux-image-* breaks on flash-kernel (<< 3.90ubuntu2)

 -- Stefan Bader   Tue, 15 May 2018 07:41:28
+0200

** Changed in: linux (Ubuntu Bionic)
   Status: Fix Committed => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-3639

** Changed in: linux-hwe-edge (Ubuntu Xenial)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1766727

Title:
  initramfs-tools exception during pm.DoInstall with  do-release-upgrade
  from 16.04 to 18.04

Status in Ubuntu on IBM z Systems:
  Fix Released
Status in initramfs-tools package in Ubuntu:
  Invalid
Status in linux package in Ubuntu:
  Fix Committed
Status in linux-hwe-edge package in Ubuntu:
  Fix Committed
Status in s390-tools package in Ubuntu:
  Fix Released
Status in ubuntu-release-upgrader package in Ubuntu:
  Invalid
Status in initramfs-tools source package in Xenial:
  Invalid
Status in linux source package in Xenial:
  New
Status in linux-hwe-edge source package in Xenial:
  Fix Released
Status in s390-tools source package in Xenial:
  Fix Released
Status in ubuntu-release-upgrader source package in Xenial:
  Invalid
Status in initramfs-tools source package in Bionic:
  Invalid
Status in linux source package in Bionic:
  Fix Released
Status in linux-hwe-edge source package in Bionic:
  Invalid
Status in s390-tools source package in Bionic:
  Fix Released
Status in ubuntu-release-upgrader source package in Bionic:
  Invalid

Bug description:
  [Impact]
  Upgrades of linux-image-generic-hwe-16.04-edge will fail to configure because 
the post-update script for zipl will fail.

  [Test Case]
  Upgrade linux-image-generic-hwe-16.04-edge from xenial to xenial-proposed on 
s390x.

  [Regression]
  zipl update on s390x might fail, causing the system to be unbootable.

  
  

  Upgrading from 16.04 to 18.04 using 'do-release-upgrade -d' results
  in:

  Errors were encountered while processing:
   initramfs-tools
  Exception during 

[Group.of.nepali.translators] [Bug 1765564] Re: fsnotify: Fix fsnotify_mark_connector race

[Launchpad Bug Tracker]

This bug was fixed in the package linux-azure - 4.13.0-1018.21

---
linux-azure (4.13.0-1018.21) xenial; urgency=medium

  [ Ubuntu: 4.13.0-43.48 ]

  * CVE-2018-3639 (powerpc)
- SAUCE: rfi-flush: update H_CPU_* macro names to upstream
- SAUCE: rfi-flush: update plpar_get_cpu_characteristics() signature to
  upstream
- SAUCE: update pseries_setup_rfi_flush() capitalization to upstream
- powerpc/pseries: Support firmware disable of RFI flush
- powerpc/powernv: Support firmware disable of RFI flush
- powerpc/64s: Allow control of RFI flush via debugfs
- powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code
- powerpc/rfi-flush: Always enable fallback flush on pseries
- powerpc/rfi-flush: Differentiate enabled and patched flush types
- powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags
- powerpc: Add security feature flags for Spectre/Meltdown
- powerpc/powernv: Set or clear security feature flags
- powerpc/pseries: Set or clear security feature flags
- powerpc/powernv: Use the security flags in pnv_setup_rfi_flush()
- powerpc/pseries: Use the security flags in pseries_setup_rfi_flush()
- powerpc/pseries: Fix clearing of security feature flags
- powerpc: Move default security feature flags
- powerpc/pseries: Restore default security feature flags on setup
- powerpc/64s: Add support for a store forwarding barrier at kernel 
entry/exit
  * CVE-2018-3639 (x86)
- SAUCE: Add X86_FEATURE_ARCH_CAPABILITIES
- SAUCE: x86: Add alternative_msr_write
- x86/nospec: Simplify alternative_msr_write()
- x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
- x86/bugs: Concentrate bug detection into a separate function
- x86/bugs: Concentrate bug reporting into a separate function
- x86/msr: Add definitions for new speculation control MSRs
- x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
- x86/bugs, KVM: Support the combination of guest and host IBRS
- x86/bugs: Expose /sys/../spec_store_bypass
- x86/cpufeatures: Add X86_FEATURE_RDS
- x86/bugs: Provide boot parameters for the spec_store_bypass_disable
  mitigation
- x86/bugs/intel: Set proper CPU features and setup RDS
- x86/bugs: Whitelist allowed SPEC_CTRL MSR values
- x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested
- x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
- x86/speculation: Create spec-ctrl.h to avoid include hell
- prctl: Add speculation control prctls
- x86/process: Allow runtime control of Speculative Store Bypass
- x86/speculation: Add prctl for Speculative Store Bypass mitigation
- nospec: Allow getting/setting on non-current task
- proc: Provide details on speculation flaw mitigations
- seccomp: Enable speculation flaw mitigations
- SAUCE: x86/bugs: Honour SPEC_CTRL default
- x86/bugs: Make boot modes __ro_after_init
- prctl: Add force disable speculation
- seccomp: Use PR_SPEC_FORCE_DISABLE
- seccomp: Add filter flag to opt-out of SSB mitigation
- seccomp: Move speculation migitation control to arch code
- x86/speculation: Make "seccomp" the default mode for Speculative Store
  Bypass
- x86/bugs: Rename _RDS to _SSBD
- proc: Use underscores for SSBD in 'status'
- Documentation/spec_ctrl: Do some minor cleanups
- x86/bugs: Fix __ssb_select_mitigation() return type
- x86/bugs: Make cpu_show_common() static
  * LSM Stacking prctl values should be redefined as to not collide with
upstream prctls (LP: #1769263) // CVE-2018-3639
- SAUCE: LSM stacking: adjust prctl values

  [ Ubuntu: 4.13.0-42.47 ]

  * linux: 4.13.0-42.47 -proposed tracker (LP: #1769993)
  * arm64: fix CONFIG_DEBUG_WX address reporting (LP: #1765850)
- arm64: fix CONFIG_DEBUG_WX address reporting
  * HiSilicon HNS NIC names are truncated in /proc/interrupts (LP: #1765977)
- net: hns: Avoid action name truncation
  * CVE-2017-18208
- mm/madvise.c: fix madvise() infinite loop under special circumstances
  * CVE-2018-8822
- staging: ncpfs: memory corruption in ncp_read_kernel()
  * CVE-2017-18203
- dm: fix race between dm_get_from_kobject() and __dm_destroy()
  * CVE-2017-17449
- netlink: Add netns check on taps
  * CVE-2017-17975
- media: usbtv: prevent double free in error case
  * [8086:3e92] display becomes blank after S3 (LP: #1763271)
- drm/i915/edp: Allow alternate fixed mode for eDP if available.
- drm/i915/dp: rename intel_dp_is_edp to intel_dp_is_port_edp
- drm/i915/dp: make is_edp non-static and rename to intel_dp_is_edp
- drm/i915/edp: Do not do link training fallback or prune modes on EDP
  * sky2 gigabit ethernet driver sometimes stops working after lid-open resume
from sleep (88E8055) (LP: #1758507)
- sky2: Increase D3 delay to sky2 stops working after suspend
  * perf vendor events arm64: Enable JSON 

[Group.of.nepali.translators] [Bug 1767133] Re: linux-image-4.15.0-20-generic install after upgrade from xenial breaks

[Launchpad Bug Tracker]

This bug was fixed in the package linux - 4.15.0-22.24

---
linux (4.15.0-22.24) bionic; urgency=medium

  * CVE-2018-3639 (powerpc)
- powerpc/64s: Add support for a store forwarding barrier at kernel 
entry/exit
- stf-barrier: set eieio instruction bit 6 for future optimisations

  * CVE-2018-3639 (x86)
- x86/nospec: Simplify alternative_msr_write()
- x86/bugs: Concentrate bug detection into a separate function
- x86/bugs: Concentrate bug reporting into a separate function
- x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
- x86/bugs, KVM: Support the combination of guest and host IBRS
- x86/bugs: Expose /sys/../spec_store_bypass
- x86/cpufeatures: Add X86_FEATURE_RDS
- x86/bugs: Provide boot parameters for the spec_store_bypass_disable
  mitigation
- x86/bugs/intel: Set proper CPU features and setup RDS
- x86/bugs: Whitelist allowed SPEC_CTRL MSR values
- x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested
- x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
- x86/speculation: Create spec-ctrl.h to avoid include hell
- prctl: Add speculation control prctls
- x86/process: Allow runtime control of Speculative Store Bypass
- x86/speculation: Add prctl for Speculative Store Bypass mitigation
- nospec: Allow getting/setting on non-current task
- proc: Provide details on speculation flaw mitigations
- seccomp: Enable speculation flaw mitigations
- x86/bugs: Make boot modes __ro_after_init
- prctl: Add force disable speculation
- seccomp: Use PR_SPEC_FORCE_DISABLE
- seccomp: Add filter flag to opt-out of SSB mitigation
- seccomp: Move speculation migitation control to arch code
- x86/speculation: Make "seccomp" the default mode for Speculative Store
  Bypass
- x86/bugs: Rename _RDS to _SSBD
- proc: Use underscores for SSBD in 'status'
- Documentation/spec_ctrl: Do some minor cleanups
- x86/bugs: Fix __ssb_select_mitigation() return type
- x86/bugs: Make cpu_show_common() static

  * LSM Stacking prctl values should be redefined as to not collide with
upstream prctls (LP: #1769263) // CVE-2018-3639
- SAUCE: LSM stacking: adjust prctl values

linux (4.15.0-21.22) bionic; urgency=medium

  * linux: 4.15.0-21.22 -proposed tracker (LP: #1767397)

  * initramfs-tools exception during pm.DoInstall with  do-release-upgrade from
16.04 to 18.04  (LP: #1766727)
- Add linux-image-* Breaks on s390-tools (<< 2.3.0-0ubuntu3)

  * linux-image-4.15.0-20-generic install after upgrade from xenial breaks
(LP: #1767133)
- Packaging: Depends on linux-base that provides the necessary tools

  * linux-image packages need to Breaks flash-kernel << 3.90ubuntu2
(LP: #1766629)
- linux-image-* breaks on flash-kernel (<< 3.90ubuntu2)

 -- Stefan Bader   Tue, 15 May 2018 07:41:28
+0200

** Changed in: linux (Ubuntu Bionic)
   Status: Fix Committed => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-3639

** Changed in: linux-hwe-edge (Ubuntu Xenial)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1767133

Title:
  linux-image-4.15.0-20-generic install after upgrade from xenial breaks

Status in linux package in Ubuntu:
  Fix Committed
Status in linux-hwe-edge package in Ubuntu:
  Invalid
Status in linux source package in Xenial:
  Invalid
Status in linux-hwe-edge source package in Xenial:
  Fix Released
Status in linux source package in Bionic:
  Fix Released
Status in linux-hwe-edge source package in Bionic:
  Invalid

Bug description:
  [Impact]
  Some upgrades from xenial to bionic break.

  [Test Case]
  Change sources.list from xenial to bionic, then apt install 
linux-image-4.15.0-20-generic.

  [Regression Potential]
  The kernel may be uninstallable if there is no linux-base with the 
appropriate version in the archive.

  

  When installing the linux-image-4.15.0-20-generic kernel from bionic
  on xenial breaks because of the unversioned Depends on linux-base.

  /var/lib/dpkg/info/linux-image-4.15.0-20-generic.postinst: 50: 
/var/lib/dpkg/info/linux-image-4.15.0-20-generic.postinst: 
linux-update-symlinks: not found
  dpkg: error processing package linux-image-4.15.0-20-generic (--configure):
   subprocess installed post-installation script returned error exit status 127
  Errors were encountered while processing:
   linux-image-4.15.0-20-generic
  E: Sub-process /usr/bin/dpkg returned an error code (1)

  If the trigger is called, when some meta packages are installed, it
  won't happen. If all packages are upgraded, it's possible linux-base
  is going to be upgraded first, so the problem won't happen either.

  So, not all upgrades will be affected.

To 

[Group.of.nepali.translators] [Bug 1755627] Re: ibrs/ibpb fixes result in excessive kernel logging

[Launchpad Bug Tracker]

This bug was fixed in the package linux - 4.4.0-127.153

---
linux (4.4.0-127.153) xenial; urgency=medium

  * CVE-2018-3639 (powerpc)
- powerpc/pseries: Support firmware disable of RFI flush
- powerpc/powernv: Support firmware disable of RFI flush
- powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code
- powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again
- powerpc/rfi-flush: Always enable fallback flush on pseries
- powerpc/rfi-flush: Differentiate enabled and patched flush types
- powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration
- powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags
- powerpc: Add security feature flags for Spectre/Meltdown
- powerpc/pseries: Set or clear security feature flags
- powerpc/powernv: Set or clear security feature flags
- powerpc/64s: Move cpu_show_meltdown()
- powerpc/64s: Enhance the information in cpu_show_meltdown()
- powerpc/powernv: Use the security flags in pnv_setup_rfi_flush()
- powerpc/pseries: Use the security flags in pseries_setup_rfi_flush()
- powerpc/64s: Wire up cpu_show_spectre_v1()
- powerpc/64s: Wire up cpu_show_spectre_v2()
- powerpc/pseries: Fix clearing of security feature flags
- powerpc: Move default security feature flags
- powerpc/pseries: Restore default security feature flags on setup
- SAUCE: powerpc/64s: Add support for a store forwarding barrier at kernel
  entry/exit

  * CVE-2018-3639 (x86)
- SAUCE: Clean up IBPB and IBRS control functions and macros
- SAUCE: Fix up IBPB and IBRS kernel parameters documentation
- SAUCE: Remove #define X86_FEATURE_PTI
- x86/cpufeature: Move some of the scattered feature bits to x86_capability
- x86/cpufeature: Cleanup get_cpu_cap()
- x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6
- x86/cpufeatures: Add CPUID_7_EDX CPUID leaf
- x86/cpufeatures: Add Intel feature bits for Speculation Control
- SAUCE: x86/kvm: Expose SPEC_CTRL from the leaf
- x86/cpufeatures: Add AMD feature bits for Speculation Control
- x86/msr: Add definitions for new speculation control MSRs
- SAUCE: x86/msr: Rename MSR spec control feature bits
- x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
- x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 
microcodes
- x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) 
support
- x86/speculation: Add  dependency
- x86/cpufeatures: Clean up Spectre v2 related CPUID flags
- x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel
- SAUCE: x86/speculation: Move vendor specific IBRS/IBPB control code
- SAUCE: x86: Add alternative_msr_write
- SAUCE: x86/nospec: Simplify alternative_msr_write()
- SAUCE: x86/bugs: Concentrate bug detection into a separate function
- SAUCE: x86/bugs: Concentrate bug reporting into a separate function
- arch: Introduce post-init read-only memory
- SAUCE: x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
- SAUCE: x86/bugs, KVM: Support the combination of guest and host IBRS
- SAUCE: x86/bugs: Expose /sys/../spec_store_bypass
- SAUCE: x86/cpufeatures: Add X86_FEATURE_RDS
- SAUCE: x86/bugs: Provide boot parameters for the spec_store_bypass_disable
  mitigation
- SAUCE: x86/bugs/intel: Set proper CPU features and setup RDS
- SAUCE: x86/bugs: Whitelist allowed SPEC_CTRL MSR values
- SAUCE: x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if
  requested
- SAUCE: x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
- SAUCE: x86/speculation: Create spec-ctrl.h to avoid include hell
- SAUCE: prctl: Add speculation control prctls
- x86/process: Optimize TIF checks in __switch_to_xtra()
- SAUCE: x86/process: Allow runtime control of Speculative Store Bypass
- SAUCE: x86/speculation: Add prctl for Speculative Store Bypass mitigation
- SAUCE: nospec: Allow getting/setting on non-current task
- SAUCE: proc: Provide details on speculation flaw mitigations
- SAUCE: seccomp: Enable speculation flaw mitigations
- SAUCE: x86/bugs: Honour SPEC_CTRL default
- SAUCE: x86/bugs: Make boot modes __ro_after_init
- SAUCE: prctl: Add force disable speculation
- SAUCE: seccomp: Use PR_SPEC_FORCE_DISABLE
- selftest/seccomp: Fix the flag name SECCOMP_FILTER_FLAG_TSYNC
- SAUCE: seccomp: Add filter flag to opt-out of SSB mitigation
- SAUCE: seccomp: Move speculation migitation control to arch code
- SAUCE: x86/speculation: Make "seccomp" the default mode for Speculative
  Store Bypass
- SAUCE: x86/bugs: Rename _RDS to _SSBD
- SAUCE: proc: Use underscores for SSBD in 'status'
- SAUCE: Documentation/spec_ctrl: Do some minor cleanups
- SAUCE: x86/bugs: Fix __ssb_select_mitigation() return type
- SAUCE: x86/bugs: Make cpu_show_common() static

[Group.of.nepali.translators] [Bug 1755627] Re: ibrs/ibpb fixes result in excessive kernel logging

[Launchpad Bug Tracker]

This bug was fixed in the package linux - 3.13.0-149.199

---
linux (3.13.0-149.199) trusty; urgency=medium

  * CVE-2018-3639 (powerpc)
- SAUCE: rfi-flush: update H_CPU_* macro names to upstream
- SAUCE: rfi-flush: update plpar_get_cpu_characteristics() signature to
  upstream
- powerpc/pseries: Support firmware disable of RFI flush
- powerpc/powernv: Support firmware disable of RFI flush
- powerpc/64s: Allow control of RFI flush via debugfs
- powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code
- powerpc/rfi-flush: Always enable fallback flush on pseries
- powerpc/rfi-flush: Differentiate enabled and patched flush types
- powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags
- powerpc: Add security feature flags for Spectre/Meltdown
- powerpc/pseries: Set or clear security feature flags
- powerpc/powernv: Set or clear security feature flags
- powerpc/powernv: Use the security flags in pnv_setup_rfi_flush()
- powerpc/pseries: Use the security flags in pseries_setup_rfi_flush()
- powerpc/pseries: Fix clearing of security feature flags
- powerpc: Move default security feature flags
- powerpc/pseries: Restore default security feature flags on setup
- powerpc/64s: Add support for a store forwarding barrier at kernel 
entry/exit
- SAUCE: powerpc/64s: Move the data access exception out-of-line

  * CVE-2018-3639 (x86)
- arch: Introduce post-init read-only memory
- SAUCE: Add X86_FEATURE_ARCH_CAPABILITIES
- SAUCE: x86: Add alternative_msr_write
- x86/nospec: Simplify alternative_msr_write()
- x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
- x86/bugs: Concentrate bug detection into a separate function
- x86/bugs: Concentrate bug reporting into a separate function
- x86/msr: Add definitions for new speculation control MSRs
- x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
- x86/bugs, KVM: Support the combination of guest and host IBRS
- x86/bugs: Expose /sys/../spec_store_bypass
- x86/cpufeatures: Add X86_FEATURE_RDS
- x86/bugs: Provide boot parameters for the spec_store_bypass_disable
  mitigation
- x86/bugs/intel: Set proper CPU features and setup RDS
- x86/bugs: Whitelist allowed SPEC_CTRL MSR values
- x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested
- x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
- x86/speculation: Create spec-ctrl.h to avoid include hell
- prctl: Add speculation control prctls
- x86/process: Allow runtime control of Speculative Store Bypass
- x86/speculation: Add prctl for Speculative Store Bypass mitigation
- nospec: Allow getting/setting on non-current task
- proc: Provide details on speculation flaw mitigations
- seccomp: Enable speculation flaw mitigations
- SAUCE: x86/bugs: Honour SPEC_CTRL default
- x86/bugs: Make boot modes __ro_after_init
- prctl: Add force disable speculation
- seccomp: Use PR_SPEC_FORCE_DISABLE
- seccomp: Add filter flag to opt-out of SSB mitigation
- seccomp: Move speculation migitation control to arch code
- x86/speculation: Make "seccomp" the default mode for Speculative Store
  Bypass
- x86/bugs: Rename _RDS to _SSBD
- proc: Use underscores for SSBD in 'status'
- Documentation/spec_ctrl: Do some minor cleanups
- x86/bugs: Fix __ssb_select_mitigation() return type
- x86/bugs: Make cpu_show_common() static

linux (3.13.0-148.197) trusty; urgency=medium

  * linux: 3.13.0-148.197 -proposed tracker (LP: #1769077)

  * CVE-2017-18208
- mm/madvise.c: fix madvise() infinite loop under special circumstances

  * CVE-2018-8822
- staging: ncpfs: memory corruption in ncp_read_kernel()

  * CVE-2017-18221
- mlock: fix mlock count can not decrease in race condition

  * CVE-2017-12134
- xen: fix bio vec merging

  * CVE-2017-18203
- dm: fix race between dm_get_from_kobject() and __dm_destroy()

  * CVE-2017-17449
- netlink: Add netns check on taps

  * CVE-2017-13220
- Bluetooth: hidp_connection_add() unsafe use of l2cap_pi()

  * CVE-2017-18204
- ocfs2: should wait dio before inode lock in ocfs2_setattr()

  * CVE-2017-13305
- KEYS: encrypted: fix buffer overread in valid_master_desc()

  * CVE-2017-18079
- Input: i8042 - fix crash at boot time

  * "ip a" command on a guest VM shows UNKNOWN status (LP: #1761534)
- virtio-net: Fix operstate for virtio when no VIRTIO_NET_F_STATUS

  * ibrs/ibpb fixes result in excessive kernel logging  (LP: #1755627)
- SAUCE: remove ibrs_dump sysctl interface

 -- Stefan Bader   Mon, 14 May 2018 16:58:50
+0200

** Changed in: linux (Ubuntu Trusty)
   Status: Fix Committed => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-12134

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-13220

[Group.of.nepali.translators] [Bug 1437353] Re: UEFI network boot hangs at grub for adapter 82599ES 10-Gigabit SFI/SFP+

[Launchpad Bug Tracker]

This bug was fixed in the package grub2 - 2.02~beta2-36ubuntu3.18

---
grub2 (2.02~beta2-36ubuntu3.18) xenial; urgency=medium

  * debian/patches/efinet_check_imm_completion.patch: check for immediate
completion when sending data to the net device buffer. This is a required
commit for the patch below.
  * debian/patches/efinet_handle_buggy_get_status.patch: correctly handle the
output of get_status() for EFI net devices on buggy firmware.
(LP: #1437353)

 -- Mathieu Trudel-Lapierre   Mon, 19 Mar 2018
16:11:06 -0400

** Changed in: grub2 (Ubuntu Xenial)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1437353

Title:
  UEFI network boot hangs at grub for adapter 82599ES 10-Gigabit
  SFI/SFP+

Status in MAAS:
  Invalid
Status in maas-images:
  Triaged
Status in python-tx-tftp:
  Invalid
Status in grub2 package in Ubuntu:
  Fix Released
Status in grub2-signed package in Ubuntu:
  New
Status in grub2 source package in Trusty:
  New
Status in grub2-signed source package in Trusty:
  New
Status in grub2 source package in Xenial:
  Fix Released
Status in grub2-signed source package in Xenial:
  Fix Released
Status in grub2 source package in Yakkety:
  Won't Fix
Status in grub2-signed source package in Yakkety:
  Won't Fix

Bug description:
  [Impact]
  MAAS commissioning may fail when deploying Xenial images or using grubx64.efi 
from Xenial due to hardware particularities of some Intel 82599-based network 
cards. Other network manufacturers may be affected as well. The main failure 
mode appears to be an infinite re-send of some packets because of an unexpected 
response from the network hardware.

  [Test case]
  1) Attempt to netboot on a system with a "82599ES 10-Gigabit SFI/SFP+" 
network adapter; in UEFI mode.
  2) Validate that netbooting happens correctly, passing control over to the 
kernel as configured in grub.cfg.

  3) Validate that netbooting another system, not using an Intel 82599
  adapter, behaves normally when booting in UEFI mode.

  4) Validate that netbooting another system, not using an Intel 82599
  adapter, behaves normally when booting in LEGACY mode.

  [Regression potential]
  As this affects network in EFI mode; any failure to netboot using EFI should 
be considered a possible regression. Systems may fail to receive data from the 
network boot server and terminate the process with a timeout. Another possible 
failure scenario is to fail to receive complete data over the network, or data 
corruption.

  

  I am using MAAS to commission and install machines. When I attempt to 
commission a machine with a "82599ES 10-Gigabit SFI/SFP+" network adapter the 
following happens:
  1) TFTP Request — bootx64.efi
  2) TFTP Request — /grubx64.efi
  3) Console hangs at grub prompt

  If I go into bios and force the adapter above into legacy mode then the 
machine is able to network boot and run through the commission process.
  1) TFTP Request — ubuntu/amd64/generic/trusty/release/boot-initrd
  2) TFTP Request — ubuntu/amd64/generic/trusty/release/boot-kernel
  3) TFTP Request — ifcpu64.c32
  4) PXE Request — power off
  5) TFTP Request — pxelinux.cfg/01-90-e2-ba-52-23-78
  6) TFTP Request — pxelinux.cfg/71e3f102-bd8b-11e4-b634-3c18a001c80a
  7) TFTP Request — pxelinux.0

  Also, if I disconnect the cable to the adapter above and connect a
  cable to the integrated "I210 Gigabit" adapter which is configured for
  UEFI mode. The machine is able to network boot grubx64.efi and run
  through the commission process.

  ~$ dpkg -l '*maas*'|cat
  Desired=Unknown/Install/Remove/Purge/Hold
  | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
  |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
  ||/ Name  Version
Architecture Description
  
+++-=-==--===
  ii  maas  1.7.2+bzr3355-0ubuntu1~trusty1 
all  MAAS server all-in-one metapackage
  ii  maas-cli  1.7.2+bzr3355-0ubuntu1~trusty1 
all  MAAS command line API tool
  ii  maas-cluster-controller   1.7.2+bzr3355-0ubuntu1~trusty1 
all  MAAS server cluster controller
  ii  maas-common   1.7.2+bzr3355-0ubuntu1~trusty1 
all  MAAS server common files
  ii  maas-dhcp 1.7.2+bzr3355-0ubuntu1~trusty1 
all  MAAS DHCP server
  ii  maas-dns  1.7.2+bzr3355-0ubuntu1~trusty1 
all  MAAS DNS server
  ii  maas-proxy

[Group.of.nepali.translators] [Bug 1437353] Re: UEFI network boot hangs at grub for adapter 82599ES 10-Gigabit SFI/SFP+

[Launchpad Bug Tracker]

This bug was fixed in the package grub2-signed - 1.66.18

---
grub2-signed (1.66.18) xenial; urgency=medium

  * Rebuild against grub2 2.02~beta2-36ubuntu3.18. (LP: #1437353)

 -- Mathieu Trudel-Lapierre   Tue, 20 Mar 2018
10:27:27 -0400

** Changed in: grub2-signed (Ubuntu Xenial)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1437353

Title:
  UEFI network boot hangs at grub for adapter 82599ES 10-Gigabit
  SFI/SFP+

Status in MAAS:
  Invalid
Status in maas-images:
  Triaged
Status in python-tx-tftp:
  Invalid
Status in grub2 package in Ubuntu:
  Fix Released
Status in grub2-signed package in Ubuntu:
  New
Status in grub2 source package in Trusty:
  New
Status in grub2-signed source package in Trusty:
  New
Status in grub2 source package in Xenial:
  Fix Released
Status in grub2-signed source package in Xenial:
  Fix Released
Status in grub2 source package in Yakkety:
  Won't Fix
Status in grub2-signed source package in Yakkety:
  Won't Fix

Bug description:
  [Impact]
  MAAS commissioning may fail when deploying Xenial images or using grubx64.efi 
from Xenial due to hardware particularities of some Intel 82599-based network 
cards. Other network manufacturers may be affected as well. The main failure 
mode appears to be an infinite re-send of some packets because of an unexpected 
response from the network hardware.

  [Test case]
  1) Attempt to netboot on a system with a "82599ES 10-Gigabit SFI/SFP+" 
network adapter; in UEFI mode.
  2) Validate that netbooting happens correctly, passing control over to the 
kernel as configured in grub.cfg.

  3) Validate that netbooting another system, not using an Intel 82599
  adapter, behaves normally when booting in UEFI mode.

  4) Validate that netbooting another system, not using an Intel 82599
  adapter, behaves normally when booting in LEGACY mode.

  [Regression potential]
  As this affects network in EFI mode; any failure to netboot using EFI should 
be considered a possible regression. Systems may fail to receive data from the 
network boot server and terminate the process with a timeout. Another possible 
failure scenario is to fail to receive complete data over the network, or data 
corruption.

  

  I am using MAAS to commission and install machines. When I attempt to 
commission a machine with a "82599ES 10-Gigabit SFI/SFP+" network adapter the 
following happens:
  1) TFTP Request — bootx64.efi
  2) TFTP Request — /grubx64.efi
  3) Console hangs at grub prompt

  If I go into bios and force the adapter above into legacy mode then the 
machine is able to network boot and run through the commission process.
  1) TFTP Request — ubuntu/amd64/generic/trusty/release/boot-initrd
  2) TFTP Request — ubuntu/amd64/generic/trusty/release/boot-kernel
  3) TFTP Request — ifcpu64.c32
  4) PXE Request — power off
  5) TFTP Request — pxelinux.cfg/01-90-e2-ba-52-23-78
  6) TFTP Request — pxelinux.cfg/71e3f102-bd8b-11e4-b634-3c18a001c80a
  7) TFTP Request — pxelinux.0

  Also, if I disconnect the cable to the adapter above and connect a
  cable to the integrated "I210 Gigabit" adapter which is configured for
  UEFI mode. The machine is able to network boot grubx64.efi and run
  through the commission process.

  ~$ dpkg -l '*maas*'|cat
  Desired=Unknown/Install/Remove/Purge/Hold
  | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
  |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
  ||/ Name  Version
Architecture Description
  
+++-=-==--===
  ii  maas  1.7.2+bzr3355-0ubuntu1~trusty1 
all  MAAS server all-in-one metapackage
  ii  maas-cli  1.7.2+bzr3355-0ubuntu1~trusty1 
all  MAAS command line API tool
  ii  maas-cluster-controller   1.7.2+bzr3355-0ubuntu1~trusty1 
all  MAAS server cluster controller
  ii  maas-common   1.7.2+bzr3355-0ubuntu1~trusty1 
all  MAAS server common files
  ii  maas-dhcp 1.7.2+bzr3355-0ubuntu1~trusty1 
all  MAAS DHCP server
  ii  maas-dns  1.7.2+bzr3355-0ubuntu1~trusty1 
all  MAAS DNS server
  ii  maas-proxy1.7.2+bzr3355-0ubuntu1~trusty1 
all  MAAS Caching Proxy
  ii  maas-region-controller1.7.2+bzr3355-0ubuntu1~trusty1 
all  MAAS server complete region controller
  ii  maas-region-controller-min1.7.2+bzr3355-0ubuntu1~trusty1 
all  MAAS Server 

[Group.of.nepali.translators] [Bug 1758037] Re: LTC Test- Ubuntu18.04: Starting the guest with network filter defined will fail with "cause is unknown".

[Andrew Cloke]

** Changed in: ubuntu-power-systems
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1758037

Title:
  LTC Test- Ubuntu18.04: Starting the guest with network filter defined
  will fail with "cause is unknown".

Status in libvirt:
  Unknown
Status in The Ubuntu-power-systems project:
  Fix Released
Status in libvirt package in Ubuntu:
  Fix Released
Status in libvirt source package in Xenial:
  Fix Released
Status in libvirt source package in Artful:
  Fix Released
Status in libvirt source package in Bionic:
  Fix Released

Bug description:
  [Impact]

   * nwfilters were not usable if configured to use dhcp based learning

   * Fix by backporting upstream bug

  [Test Case]

   * Add the following to the interface section of a guest description in 
 libvirt:
   
 
   
  Then start the guest.

  Bad case:
  error: Failed to start domain VM1
  error: An error occurred, but the cause is unknown

  Fixed:
  Guest starts and works.

  [Regression Potential]

   * I thought a while on this. On first sight one might say there is a 
 regression risk due to increasing the size of the buffer. This risk 
 would arise on hyperscale environments where the memory consumption per 
 guest would increase by 2*128Kb*#guest-interfaces (not much, but can 
 sum up on MANY guests).
 But then I realized that this is only true for the use case using 
 dhcpsnoop which is
 a) clearly not the most common case
 b) failing to work at all before this fix
 So there can't be anyone today with a working setup that then runs OOM, 
 due to the setup either not using the feature (=no change) or failing 
 missing this fix.
 So I actually think this mem consumption increase is not an issue in 
 terms of SRU considerations.
 Due to that the only remaining regression would be users that had a 
 self-built libpcap without TPACKET_V3 to drive a workload like the 
 above, and even then only the rather small size bump is what changes.

  [Other Info]
   
   * I have added this case and a few deeper checks on the created rules for 
 iptables to the regression tests

  ---

  == Comment: #2 - Mallesh N. Koti  - 2018-02-28
  05:02:49 ==

  Guest Xml

  ===
  ISSUE
  ===
  Defining a network filter and Starting a VM with this nwfiter in VM's xml is 
failing with "cause is unknown".

  ==
  Recreation Steps
  ==

  1. Define a network filter as:
    virsh nwfilter-define filter.xml

  2. Add nwfilter in guest xml and start guest.
    virsh start VM1

  It fails with :
  # virsh start VM1
  error: Failed to start domain VM1
  error: An error occurred, but the cause is unknown

  XML used for defining network filter:
  ```
  
    -b071-6127-b4ec-
    
  
  
  ```

  will be attaching the guest xml

  The issue happens with Ubuntu 18.04 host - where not able to start the
  guest with network defined with value dhcp.

  
  .
  Found following commit is not there in 18.04 Ubuntu source. There could be 
some dependent commit too.  we are facing some build issue and hence not able 
to verify it.
  .
  
https://github.com/libvirt/libvirt/commit/e62cb4a9b78c7f4499a206635fb4f06e6ac627e5
  .

To manage notifications about this bug go to:
https://bugs.launchpad.net/libvirt/+bug/1758037/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1752044] Re: Update Qualcomm QCA6174-HMC (DW1820) to comply with CE-RED (Radio Emissions Directive)

[Anthony Wong]

** Changed in: hwe-next
   Status: New => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1752044

Title:
  Update Qualcomm QCA6174-HMC (DW1820) to comply with CE-RED (Radio
  Emissions Directive)

Status in HWE Next:
  Fix Released
Status in linux-firmware package in Ubuntu:
  Fix Released
Status in linux-firmware source package in Xenial:
  Fix Released
Status in linux-firmware source package in Bionic:
  Fix Released

Bug description:
  SRU Justification

  Impact: New ath10k firmware is needed for compliance with CE-RED.

  Fix: Updated firmware files.

  Regression Potential: This update has been in upstream linux-firmware
  for a while now. While regressions are possible, the firmware should
  have seen a lot of use by now.

  ---

  To comply with CE-RED (Radio Emissions Directive),
  ath10k/QCA6174/hw3.0/board-2.bin and
  ath10k/QCA6174/hw3.0/firmware-6.bin have to be updated.

  The commits are:

  commit 1d1dd4be21cde408b0fb12774d477293bc8d4cc2
  Author: Kalle Valo 
  AuthorDate: Thu Feb 15 15:10:51 2018 +0200
  Commit: Kalle Valo 
  CommitDate: Thu Feb 15 15:10:51 2018 +0200

  ath10k: QCA6174 hw3.0: update board-2.bin

  Signed-off-by: Kalle Valo 

  commit 6f1d3b7cfeef426f3c3d79bf916e3bef8f82a3dc
  Author: Kalle Valo 
  AuthorDate: Thu Feb 15 15:10:51 2018 +0200
  Commit: Kalle Valo 
  CommitDate: Thu Feb 15 15:10:51 2018 +0200

  ath10k: QCA6174 hw3.0: update firmware-6.bin to
  WLAN.RM.4.4.1-00079-QCARMSWPZ-1

  Signed-off-by: Kalle Valo 

To manage notifications about this bug go to:
https://bugs.launchpad.net/hwe-next/+bug/1752044/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1758037] Re: LTC Test- Ubuntu18.04: Starting the guest with network filter defined will fail with "cause is unknown".

[Launchpad Bug Tracker]

This bug was fixed in the package libvirt - 3.6.0-1ubuntu6.7

---
libvirt (3.6.0-1ubuntu6.7) artful; urgency=medium

  * Fix nwfilters that set CTRL_IP_LEARNING set to dhcp failing with "An error
occurred, but the cause is unknown" due to a buffer being too small
for pcap with TPACKET_V3 enabled (LP: #1758037)
- debian/patches/ubuntu/lp-1758037-nwfilter-increase-pcap-buffer-size.patch

 -- Christian Ehrhardt   Fri, 11 May
2018 07:35:09 +0200

** Changed in: libvirt (Ubuntu Artful)
   Status: Fix Committed => Fix Released

** Changed in: libvirt (Ubuntu Xenial)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1758037

Title:
  LTC Test- Ubuntu18.04: Starting the guest with network filter defined
  will fail with "cause is unknown".

Status in libvirt:
  Unknown
Status in The Ubuntu-power-systems project:
  Fix Committed
Status in libvirt package in Ubuntu:
  Fix Released
Status in libvirt source package in Xenial:
  Fix Released
Status in libvirt source package in Artful:
  Fix Released
Status in libvirt source package in Bionic:
  Fix Released

Bug description:
  [Impact]

   * nwfilters were not usable if configured to use dhcp based learning

   * Fix by backporting upstream bug

  [Test Case]

   * Add the following to the interface section of a guest description in 
 libvirt:
   
 
   
  Then start the guest.

  Bad case:
  error: Failed to start domain VM1
  error: An error occurred, but the cause is unknown

  Fixed:
  Guest starts and works.

  [Regression Potential]

   * I thought a while on this. On first sight one might say there is a 
 regression risk due to increasing the size of the buffer. This risk 
 would arise on hyperscale environments where the memory consumption per 
 guest would increase by 2*128Kb*#guest-interfaces (not much, but can 
 sum up on MANY guests).
 But then I realized that this is only true for the use case using 
 dhcpsnoop which is
 a) clearly not the most common case
 b) failing to work at all before this fix
 So there can't be anyone today with a working setup that then runs OOM, 
 due to the setup either not using the feature (=no change) or failing 
 missing this fix.
 So I actually think this mem consumption increase is not an issue in 
 terms of SRU considerations.
 Due to that the only remaining regression would be users that had a 
 self-built libpcap without TPACKET_V3 to drive a workload like the 
 above, and even then only the rather small size bump is what changes.

  [Other Info]
   
   * I have added this case and a few deeper checks on the created rules for 
 iptables to the regression tests

  ---

  == Comment: #2 - Mallesh N. Koti  - 2018-02-28
  05:02:49 ==

  Guest Xml

  ===
  ISSUE
  ===
  Defining a network filter and Starting a VM with this nwfiter in VM's xml is 
failing with "cause is unknown".

  ==
  Recreation Steps
  ==

  1. Define a network filter as:
    virsh nwfilter-define filter.xml

  2. Add nwfilter in guest xml and start guest.
    virsh start VM1

  It fails with :
  # virsh start VM1
  error: Failed to start domain VM1
  error: An error occurred, but the cause is unknown

  XML used for defining network filter:
  ```
  
    -b071-6127-b4ec-
    
  
  
  ```

  will be attaching the guest xml

  The issue happens with Ubuntu 18.04 host - where not able to start the
  guest with network defined with value dhcp.

  
  .
  Found following commit is not there in 18.04 Ubuntu source. There could be 
some dependent commit too.  we are facing some build issue and hence not able 
to verify it.
  .
  
https://github.com/libvirt/libvirt/commit/e62cb4a9b78c7f4499a206635fb4f06e6ac627e5
  .

To manage notifications about this bug go to:
https://bugs.launchpad.net/libvirt/+bug/1758037/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1758037] Re: LTC Test- Ubuntu18.04: Starting the guest with network filter defined will fail with "cause is unknown".

[Launchpad Bug Tracker]

This bug was fixed in the package libvirt - 1.3.1-1ubuntu10.23

---
libvirt (1.3.1-1ubuntu10.23) xenial; urgency=medium

  * Fix nwfilters that set CTRL_IP_LEARNING set to dhcp failing with "An error
occurred, but the cause is unknown" due to a buffer being too small
for pcap with TPACKET_V3 enabled (LP: #1758037)
- debian/patches/ubuntu/lp-1758037-nwfilter-increase-pcap-buffer-size.patch

 -- Christian Ehrhardt   Fri, 11 May
2018 07:37:36 +0200

** Changed in: libvirt (Ubuntu Bionic)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1758037

Title:
  LTC Test- Ubuntu18.04: Starting the guest with network filter defined
  will fail with "cause is unknown".

Status in libvirt:
  Unknown
Status in The Ubuntu-power-systems project:
  Fix Committed
Status in libvirt package in Ubuntu:
  Fix Released
Status in libvirt source package in Xenial:
  Fix Released
Status in libvirt source package in Artful:
  Fix Released
Status in libvirt source package in Bionic:
  Fix Released

Bug description:
  [Impact]

   * nwfilters were not usable if configured to use dhcp based learning

   * Fix by backporting upstream bug

  [Test Case]

   * Add the following to the interface section of a guest description in 
 libvirt:
   
 
   
  Then start the guest.

  Bad case:
  error: Failed to start domain VM1
  error: An error occurred, but the cause is unknown

  Fixed:
  Guest starts and works.

  [Regression Potential]

   * I thought a while on this. On first sight one might say there is a 
 regression risk due to increasing the size of the buffer. This risk 
 would arise on hyperscale environments where the memory consumption per 
 guest would increase by 2*128Kb*#guest-interfaces (not much, but can 
 sum up on MANY guests).
 But then I realized that this is only true for the use case using 
 dhcpsnoop which is
 a) clearly not the most common case
 b) failing to work at all before this fix
 So there can't be anyone today with a working setup that then runs OOM, 
 due to the setup either not using the feature (=no change) or failing 
 missing this fix.
 So I actually think this mem consumption increase is not an issue in 
 terms of SRU considerations.
 Due to that the only remaining regression would be users that had a 
 self-built libpcap without TPACKET_V3 to drive a workload like the 
 above, and even then only the rather small size bump is what changes.

  [Other Info]
   
   * I have added this case and a few deeper checks on the created rules for 
 iptables to the regression tests

  ---

  == Comment: #2 - Mallesh N. Koti  - 2018-02-28
  05:02:49 ==

  Guest Xml

  ===
  ISSUE
  ===
  Defining a network filter and Starting a VM with this nwfiter in VM's xml is 
failing with "cause is unknown".

  ==
  Recreation Steps
  ==

  1. Define a network filter as:
    virsh nwfilter-define filter.xml

  2. Add nwfilter in guest xml and start guest.
    virsh start VM1

  It fails with :
  # virsh start VM1
  error: Failed to start domain VM1
  error: An error occurred, but the cause is unknown

  XML used for defining network filter:
  ```
  
    -b071-6127-b4ec-
    
  
  
  ```

  will be attaching the guest xml

  The issue happens with Ubuntu 18.04 host - where not able to start the
  guest with network defined with value dhcp.

  
  .
  Found following commit is not there in 18.04 Ubuntu source. There could be 
some dependent commit too.  we are facing some build issue and hence not able 
to verify it.
  .
  
https://github.com/libvirt/libvirt/commit/e62cb4a9b78c7f4499a206635fb4f06e6ac627e5
  .

To manage notifications about this bug go to:
https://bugs.launchpad.net/libvirt/+bug/1758037/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1764810] Re: Xenial: rfkill: fix missing return on rfkill_init

[Launchpad Bug Tracker]

This bug was fixed in the package linux - 4.4.0-127.153

---
linux (4.4.0-127.153) xenial; urgency=medium

  * CVE-2018-3639 (powerpc)
- powerpc/pseries: Support firmware disable of RFI flush
- powerpc/powernv: Support firmware disable of RFI flush
- powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code
- powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again
- powerpc/rfi-flush: Always enable fallback flush on pseries
- powerpc/rfi-flush: Differentiate enabled and patched flush types
- powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration
- powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags
- powerpc: Add security feature flags for Spectre/Meltdown
- powerpc/pseries: Set or clear security feature flags
- powerpc/powernv: Set or clear security feature flags
- powerpc/64s: Move cpu_show_meltdown()
- powerpc/64s: Enhance the information in cpu_show_meltdown()
- powerpc/powernv: Use the security flags in pnv_setup_rfi_flush()
- powerpc/pseries: Use the security flags in pseries_setup_rfi_flush()
- powerpc/64s: Wire up cpu_show_spectre_v1()
- powerpc/64s: Wire up cpu_show_spectre_v2()
- powerpc/pseries: Fix clearing of security feature flags
- powerpc: Move default security feature flags
- powerpc/pseries: Restore default security feature flags on setup
- SAUCE: powerpc/64s: Add support for a store forwarding barrier at kernel
  entry/exit

  * CVE-2018-3639 (x86)
- SAUCE: Clean up IBPB and IBRS control functions and macros
- SAUCE: Fix up IBPB and IBRS kernel parameters documentation
- SAUCE: Remove #define X86_FEATURE_PTI
- x86/cpufeature: Move some of the scattered feature bits to x86_capability
- x86/cpufeature: Cleanup get_cpu_cap()
- x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6
- x86/cpufeatures: Add CPUID_7_EDX CPUID leaf
- x86/cpufeatures: Add Intel feature bits for Speculation Control
- SAUCE: x86/kvm: Expose SPEC_CTRL from the leaf
- x86/cpufeatures: Add AMD feature bits for Speculation Control
- x86/msr: Add definitions for new speculation control MSRs
- SAUCE: x86/msr: Rename MSR spec control feature bits
- x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
- x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 
microcodes
- x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) 
support
- x86/speculation: Add  dependency
- x86/cpufeatures: Clean up Spectre v2 related CPUID flags
- x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel
- SAUCE: x86/speculation: Move vendor specific IBRS/IBPB control code
- SAUCE: x86: Add alternative_msr_write
- SAUCE: x86/nospec: Simplify alternative_msr_write()
- SAUCE: x86/bugs: Concentrate bug detection into a separate function
- SAUCE: x86/bugs: Concentrate bug reporting into a separate function
- arch: Introduce post-init read-only memory
- SAUCE: x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
- SAUCE: x86/bugs, KVM: Support the combination of guest and host IBRS
- SAUCE: x86/bugs: Expose /sys/../spec_store_bypass
- SAUCE: x86/cpufeatures: Add X86_FEATURE_RDS
- SAUCE: x86/bugs: Provide boot parameters for the spec_store_bypass_disable
  mitigation
- SAUCE: x86/bugs/intel: Set proper CPU features and setup RDS
- SAUCE: x86/bugs: Whitelist allowed SPEC_CTRL MSR values
- SAUCE: x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if
  requested
- SAUCE: x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
- SAUCE: x86/speculation: Create spec-ctrl.h to avoid include hell
- SAUCE: prctl: Add speculation control prctls
- x86/process: Optimize TIF checks in __switch_to_xtra()
- SAUCE: x86/process: Allow runtime control of Speculative Store Bypass
- SAUCE: x86/speculation: Add prctl for Speculative Store Bypass mitigation
- SAUCE: nospec: Allow getting/setting on non-current task
- SAUCE: proc: Provide details on speculation flaw mitigations
- SAUCE: seccomp: Enable speculation flaw mitigations
- SAUCE: x86/bugs: Honour SPEC_CTRL default
- SAUCE: x86/bugs: Make boot modes __ro_after_init
- SAUCE: prctl: Add force disable speculation
- SAUCE: seccomp: Use PR_SPEC_FORCE_DISABLE
- selftest/seccomp: Fix the flag name SECCOMP_FILTER_FLAG_TSYNC
- SAUCE: seccomp: Add filter flag to opt-out of SSB mitigation
- SAUCE: seccomp: Move speculation migitation control to arch code
- SAUCE: x86/speculation: Make "seccomp" the default mode for Speculative
  Store Bypass
- SAUCE: x86/bugs: Rename _RDS to _SSBD
- SAUCE: proc: Use underscores for SSBD in 'status'
- SAUCE: Documentation/spec_ctrl: Do some minor cleanups
- SAUCE: x86/bugs: Fix __ssb_select_mitigation() return type
- SAUCE: x86/bugs: Make cpu_show_common() static

[Group.of.nepali.translators] [Bug 1764666] Re: Xenial update to 4.4.123 stable release

[Launchpad Bug Tracker]

This bug was fixed in the package linux - 4.4.0-127.153

---
linux (4.4.0-127.153) xenial; urgency=medium

  * CVE-2018-3639 (powerpc)
- powerpc/pseries: Support firmware disable of RFI flush
- powerpc/powernv: Support firmware disable of RFI flush
- powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code
- powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again
- powerpc/rfi-flush: Always enable fallback flush on pseries
- powerpc/rfi-flush: Differentiate enabled and patched flush types
- powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration
- powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags
- powerpc: Add security feature flags for Spectre/Meltdown
- powerpc/pseries: Set or clear security feature flags
- powerpc/powernv: Set or clear security feature flags
- powerpc/64s: Move cpu_show_meltdown()
- powerpc/64s: Enhance the information in cpu_show_meltdown()
- powerpc/powernv: Use the security flags in pnv_setup_rfi_flush()
- powerpc/pseries: Use the security flags in pseries_setup_rfi_flush()
- powerpc/64s: Wire up cpu_show_spectre_v1()
- powerpc/64s: Wire up cpu_show_spectre_v2()
- powerpc/pseries: Fix clearing of security feature flags
- powerpc: Move default security feature flags
- powerpc/pseries: Restore default security feature flags on setup
- SAUCE: powerpc/64s: Add support for a store forwarding barrier at kernel
  entry/exit

  * CVE-2018-3639 (x86)
- SAUCE: Clean up IBPB and IBRS control functions and macros
- SAUCE: Fix up IBPB and IBRS kernel parameters documentation
- SAUCE: Remove #define X86_FEATURE_PTI
- x86/cpufeature: Move some of the scattered feature bits to x86_capability
- x86/cpufeature: Cleanup get_cpu_cap()
- x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6
- x86/cpufeatures: Add CPUID_7_EDX CPUID leaf
- x86/cpufeatures: Add Intel feature bits for Speculation Control
- SAUCE: x86/kvm: Expose SPEC_CTRL from the leaf
- x86/cpufeatures: Add AMD feature bits for Speculation Control
- x86/msr: Add definitions for new speculation control MSRs
- SAUCE: x86/msr: Rename MSR spec control feature bits
- x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
- x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 
microcodes
- x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) 
support
- x86/speculation: Add  dependency
- x86/cpufeatures: Clean up Spectre v2 related CPUID flags
- x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel
- SAUCE: x86/speculation: Move vendor specific IBRS/IBPB control code
- SAUCE: x86: Add alternative_msr_write
- SAUCE: x86/nospec: Simplify alternative_msr_write()
- SAUCE: x86/bugs: Concentrate bug detection into a separate function
- SAUCE: x86/bugs: Concentrate bug reporting into a separate function
- arch: Introduce post-init read-only memory
- SAUCE: x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
- SAUCE: x86/bugs, KVM: Support the combination of guest and host IBRS
- SAUCE: x86/bugs: Expose /sys/../spec_store_bypass
- SAUCE: x86/cpufeatures: Add X86_FEATURE_RDS
- SAUCE: x86/bugs: Provide boot parameters for the spec_store_bypass_disable
  mitigation
- SAUCE: x86/bugs/intel: Set proper CPU features and setup RDS
- SAUCE: x86/bugs: Whitelist allowed SPEC_CTRL MSR values
- SAUCE: x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if
  requested
- SAUCE: x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
- SAUCE: x86/speculation: Create spec-ctrl.h to avoid include hell
- SAUCE: prctl: Add speculation control prctls
- x86/process: Optimize TIF checks in __switch_to_xtra()
- SAUCE: x86/process: Allow runtime control of Speculative Store Bypass
- SAUCE: x86/speculation: Add prctl for Speculative Store Bypass mitigation
- SAUCE: nospec: Allow getting/setting on non-current task
- SAUCE: proc: Provide details on speculation flaw mitigations
- SAUCE: seccomp: Enable speculation flaw mitigations
- SAUCE: x86/bugs: Honour SPEC_CTRL default
- SAUCE: x86/bugs: Make boot modes __ro_after_init
- SAUCE: prctl: Add force disable speculation
- SAUCE: seccomp: Use PR_SPEC_FORCE_DISABLE
- selftest/seccomp: Fix the flag name SECCOMP_FILTER_FLAG_TSYNC
- SAUCE: seccomp: Add filter flag to opt-out of SSB mitigation
- SAUCE: seccomp: Move speculation migitation control to arch code
- SAUCE: x86/speculation: Make "seccomp" the default mode for Speculative
  Store Bypass
- SAUCE: x86/bugs: Rename _RDS to _SSBD
- SAUCE: proc: Use underscores for SSBD in 'status'
- SAUCE: Documentation/spec_ctrl: Do some minor cleanups
- SAUCE: x86/bugs: Fix __ssb_select_mitigation() return type
- SAUCE: x86/bugs: Make cpu_show_common() static

[Group.of.nepali.translators] [Bug 1764367] Re: Xenial update to 4.4.121 stable release

[Launchpad Bug Tracker]

This bug was fixed in the package linux - 4.4.0-127.153

---
linux (4.4.0-127.153) xenial; urgency=medium

  * CVE-2018-3639 (powerpc)
- powerpc/pseries: Support firmware disable of RFI flush
- powerpc/powernv: Support firmware disable of RFI flush
- powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code
- powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again
- powerpc/rfi-flush: Always enable fallback flush on pseries
- powerpc/rfi-flush: Differentiate enabled and patched flush types
- powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration
- powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags
- powerpc: Add security feature flags for Spectre/Meltdown
- powerpc/pseries: Set or clear security feature flags
- powerpc/powernv: Set or clear security feature flags
- powerpc/64s: Move cpu_show_meltdown()
- powerpc/64s: Enhance the information in cpu_show_meltdown()
- powerpc/powernv: Use the security flags in pnv_setup_rfi_flush()
- powerpc/pseries: Use the security flags in pseries_setup_rfi_flush()
- powerpc/64s: Wire up cpu_show_spectre_v1()
- powerpc/64s: Wire up cpu_show_spectre_v2()
- powerpc/pseries: Fix clearing of security feature flags
- powerpc: Move default security feature flags
- powerpc/pseries: Restore default security feature flags on setup
- SAUCE: powerpc/64s: Add support for a store forwarding barrier at kernel
  entry/exit

  * CVE-2018-3639 (x86)
- SAUCE: Clean up IBPB and IBRS control functions and macros
- SAUCE: Fix up IBPB and IBRS kernel parameters documentation
- SAUCE: Remove #define X86_FEATURE_PTI
- x86/cpufeature: Move some of the scattered feature bits to x86_capability
- x86/cpufeature: Cleanup get_cpu_cap()
- x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6
- x86/cpufeatures: Add CPUID_7_EDX CPUID leaf
- x86/cpufeatures: Add Intel feature bits for Speculation Control
- SAUCE: x86/kvm: Expose SPEC_CTRL from the leaf
- x86/cpufeatures: Add AMD feature bits for Speculation Control
- x86/msr: Add definitions for new speculation control MSRs
- SAUCE: x86/msr: Rename MSR spec control feature bits
- x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
- x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 
microcodes
- x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) 
support
- x86/speculation: Add  dependency
- x86/cpufeatures: Clean up Spectre v2 related CPUID flags
- x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel
- SAUCE: x86/speculation: Move vendor specific IBRS/IBPB control code
- SAUCE: x86: Add alternative_msr_write
- SAUCE: x86/nospec: Simplify alternative_msr_write()
- SAUCE: x86/bugs: Concentrate bug detection into a separate function
- SAUCE: x86/bugs: Concentrate bug reporting into a separate function
- arch: Introduce post-init read-only memory
- SAUCE: x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
- SAUCE: x86/bugs, KVM: Support the combination of guest and host IBRS
- SAUCE: x86/bugs: Expose /sys/../spec_store_bypass
- SAUCE: x86/cpufeatures: Add X86_FEATURE_RDS
- SAUCE: x86/bugs: Provide boot parameters for the spec_store_bypass_disable
  mitigation
- SAUCE: x86/bugs/intel: Set proper CPU features and setup RDS
- SAUCE: x86/bugs: Whitelist allowed SPEC_CTRL MSR values
- SAUCE: x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if
  requested
- SAUCE: x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
- SAUCE: x86/speculation: Create spec-ctrl.h to avoid include hell
- SAUCE: prctl: Add speculation control prctls
- x86/process: Optimize TIF checks in __switch_to_xtra()
- SAUCE: x86/process: Allow runtime control of Speculative Store Bypass
- SAUCE: x86/speculation: Add prctl for Speculative Store Bypass mitigation
- SAUCE: nospec: Allow getting/setting on non-current task
- SAUCE: proc: Provide details on speculation flaw mitigations
- SAUCE: seccomp: Enable speculation flaw mitigations
- SAUCE: x86/bugs: Honour SPEC_CTRL default
- SAUCE: x86/bugs: Make boot modes __ro_after_init
- SAUCE: prctl: Add force disable speculation
- SAUCE: seccomp: Use PR_SPEC_FORCE_DISABLE
- selftest/seccomp: Fix the flag name SECCOMP_FILTER_FLAG_TSYNC
- SAUCE: seccomp: Add filter flag to opt-out of SSB mitigation
- SAUCE: seccomp: Move speculation migitation control to arch code
- SAUCE: x86/speculation: Make "seccomp" the default mode for Speculative
  Store Bypass
- SAUCE: x86/bugs: Rename _RDS to _SSBD
- SAUCE: proc: Use underscores for SSBD in 'status'
- SAUCE: Documentation/spec_ctrl: Do some minor cleanups
- SAUCE: x86/bugs: Fix __ssb_select_mitigation() return type
- SAUCE: x86/bugs: Make cpu_show_common() static

[Group.of.nepali.translators] [Bug 1764762] Re: Xenial update to 4.4.124 stable release

[Launchpad Bug Tracker]

This bug was fixed in the package linux - 4.4.0-127.153

---
linux (4.4.0-127.153) xenial; urgency=medium

  * CVE-2018-3639 (powerpc)
- powerpc/pseries: Support firmware disable of RFI flush
- powerpc/powernv: Support firmware disable of RFI flush
- powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code
- powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again
- powerpc/rfi-flush: Always enable fallback flush on pseries
- powerpc/rfi-flush: Differentiate enabled and patched flush types
- powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration
- powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags
- powerpc: Add security feature flags for Spectre/Meltdown
- powerpc/pseries: Set or clear security feature flags
- powerpc/powernv: Set or clear security feature flags
- powerpc/64s: Move cpu_show_meltdown()
- powerpc/64s: Enhance the information in cpu_show_meltdown()
- powerpc/powernv: Use the security flags in pnv_setup_rfi_flush()
- powerpc/pseries: Use the security flags in pseries_setup_rfi_flush()
- powerpc/64s: Wire up cpu_show_spectre_v1()
- powerpc/64s: Wire up cpu_show_spectre_v2()
- powerpc/pseries: Fix clearing of security feature flags
- powerpc: Move default security feature flags
- powerpc/pseries: Restore default security feature flags on setup
- SAUCE: powerpc/64s: Add support for a store forwarding barrier at kernel
  entry/exit

  * CVE-2018-3639 (x86)
- SAUCE: Clean up IBPB and IBRS control functions and macros
- SAUCE: Fix up IBPB and IBRS kernel parameters documentation
- SAUCE: Remove #define X86_FEATURE_PTI
- x86/cpufeature: Move some of the scattered feature bits to x86_capability
- x86/cpufeature: Cleanup get_cpu_cap()
- x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6
- x86/cpufeatures: Add CPUID_7_EDX CPUID leaf
- x86/cpufeatures: Add Intel feature bits for Speculation Control
- SAUCE: x86/kvm: Expose SPEC_CTRL from the leaf
- x86/cpufeatures: Add AMD feature bits for Speculation Control
- x86/msr: Add definitions for new speculation control MSRs
- SAUCE: x86/msr: Rename MSR spec control feature bits
- x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
- x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 
microcodes
- x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) 
support
- x86/speculation: Add  dependency
- x86/cpufeatures: Clean up Spectre v2 related CPUID flags
- x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel
- SAUCE: x86/speculation: Move vendor specific IBRS/IBPB control code
- SAUCE: x86: Add alternative_msr_write
- SAUCE: x86/nospec: Simplify alternative_msr_write()
- SAUCE: x86/bugs: Concentrate bug detection into a separate function
- SAUCE: x86/bugs: Concentrate bug reporting into a separate function
- arch: Introduce post-init read-only memory
- SAUCE: x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
- SAUCE: x86/bugs, KVM: Support the combination of guest and host IBRS
- SAUCE: x86/bugs: Expose /sys/../spec_store_bypass
- SAUCE: x86/cpufeatures: Add X86_FEATURE_RDS
- SAUCE: x86/bugs: Provide boot parameters for the spec_store_bypass_disable
  mitigation
- SAUCE: x86/bugs/intel: Set proper CPU features and setup RDS
- SAUCE: x86/bugs: Whitelist allowed SPEC_CTRL MSR values
- SAUCE: x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if
  requested
- SAUCE: x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
- SAUCE: x86/speculation: Create spec-ctrl.h to avoid include hell
- SAUCE: prctl: Add speculation control prctls
- x86/process: Optimize TIF checks in __switch_to_xtra()
- SAUCE: x86/process: Allow runtime control of Speculative Store Bypass
- SAUCE: x86/speculation: Add prctl for Speculative Store Bypass mitigation
- SAUCE: nospec: Allow getting/setting on non-current task
- SAUCE: proc: Provide details on speculation flaw mitigations
- SAUCE: seccomp: Enable speculation flaw mitigations
- SAUCE: x86/bugs: Honour SPEC_CTRL default
- SAUCE: x86/bugs: Make boot modes __ro_after_init
- SAUCE: prctl: Add force disable speculation
- SAUCE: seccomp: Use PR_SPEC_FORCE_DISABLE
- selftest/seccomp: Fix the flag name SECCOMP_FILTER_FLAG_TSYNC
- SAUCE: seccomp: Add filter flag to opt-out of SSB mitigation
- SAUCE: seccomp: Move speculation migitation control to arch code
- SAUCE: x86/speculation: Make "seccomp" the default mode for Speculative
  Store Bypass
- SAUCE: x86/bugs: Rename _RDS to _SSBD
- SAUCE: proc: Use underscores for SSBD in 'status'
- SAUCE: Documentation/spec_ctrl: Do some minor cleanups
- SAUCE: x86/bugs: Fix __ssb_select_mitigation() return type
- SAUCE: x86/bugs: Make cpu_show_common() static

[Group.of.nepali.translators] [Bug 1764316] Re: Xenial update to 4.4.120 stable release

[Launchpad Bug Tracker]

This bug was fixed in the package linux - 4.4.0-127.153

---
linux (4.4.0-127.153) xenial; urgency=medium

  * CVE-2018-3639 (powerpc)
- powerpc/pseries: Support firmware disable of RFI flush
- powerpc/powernv: Support firmware disable of RFI flush
- powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code
- powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again
- powerpc/rfi-flush: Always enable fallback flush on pseries
- powerpc/rfi-flush: Differentiate enabled and patched flush types
- powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration
- powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags
- powerpc: Add security feature flags for Spectre/Meltdown
- powerpc/pseries: Set or clear security feature flags
- powerpc/powernv: Set or clear security feature flags
- powerpc/64s: Move cpu_show_meltdown()
- powerpc/64s: Enhance the information in cpu_show_meltdown()
- powerpc/powernv: Use the security flags in pnv_setup_rfi_flush()
- powerpc/pseries: Use the security flags in pseries_setup_rfi_flush()
- powerpc/64s: Wire up cpu_show_spectre_v1()
- powerpc/64s: Wire up cpu_show_spectre_v2()
- powerpc/pseries: Fix clearing of security feature flags
- powerpc: Move default security feature flags
- powerpc/pseries: Restore default security feature flags on setup
- SAUCE: powerpc/64s: Add support for a store forwarding barrier at kernel
  entry/exit

  * CVE-2018-3639 (x86)
- SAUCE: Clean up IBPB and IBRS control functions and macros
- SAUCE: Fix up IBPB and IBRS kernel parameters documentation
- SAUCE: Remove #define X86_FEATURE_PTI
- x86/cpufeature: Move some of the scattered feature bits to x86_capability
- x86/cpufeature: Cleanup get_cpu_cap()
- x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6
- x86/cpufeatures: Add CPUID_7_EDX CPUID leaf
- x86/cpufeatures: Add Intel feature bits for Speculation Control
- SAUCE: x86/kvm: Expose SPEC_CTRL from the leaf
- x86/cpufeatures: Add AMD feature bits for Speculation Control
- x86/msr: Add definitions for new speculation control MSRs
- SAUCE: x86/msr: Rename MSR spec control feature bits
- x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
- x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 
microcodes
- x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) 
support
- x86/speculation: Add  dependency
- x86/cpufeatures: Clean up Spectre v2 related CPUID flags
- x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel
- SAUCE: x86/speculation: Move vendor specific IBRS/IBPB control code
- SAUCE: x86: Add alternative_msr_write
- SAUCE: x86/nospec: Simplify alternative_msr_write()
- SAUCE: x86/bugs: Concentrate bug detection into a separate function
- SAUCE: x86/bugs: Concentrate bug reporting into a separate function
- arch: Introduce post-init read-only memory
- SAUCE: x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
- SAUCE: x86/bugs, KVM: Support the combination of guest and host IBRS
- SAUCE: x86/bugs: Expose /sys/../spec_store_bypass
- SAUCE: x86/cpufeatures: Add X86_FEATURE_RDS
- SAUCE: x86/bugs: Provide boot parameters for the spec_store_bypass_disable
  mitigation
- SAUCE: x86/bugs/intel: Set proper CPU features and setup RDS
- SAUCE: x86/bugs: Whitelist allowed SPEC_CTRL MSR values
- SAUCE: x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if
  requested
- SAUCE: x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
- SAUCE: x86/speculation: Create spec-ctrl.h to avoid include hell
- SAUCE: prctl: Add speculation control prctls
- x86/process: Optimize TIF checks in __switch_to_xtra()
- SAUCE: x86/process: Allow runtime control of Speculative Store Bypass
- SAUCE: x86/speculation: Add prctl for Speculative Store Bypass mitigation
- SAUCE: nospec: Allow getting/setting on non-current task
- SAUCE: proc: Provide details on speculation flaw mitigations
- SAUCE: seccomp: Enable speculation flaw mitigations
- SAUCE: x86/bugs: Honour SPEC_CTRL default
- SAUCE: x86/bugs: Make boot modes __ro_after_init
- SAUCE: prctl: Add force disable speculation
- SAUCE: seccomp: Use PR_SPEC_FORCE_DISABLE
- selftest/seccomp: Fix the flag name SECCOMP_FILTER_FLAG_TSYNC
- SAUCE: seccomp: Add filter flag to opt-out of SSB mitigation
- SAUCE: seccomp: Move speculation migitation control to arch code
- SAUCE: x86/speculation: Make "seccomp" the default mode for Speculative
  Store Bypass
- SAUCE: x86/bugs: Rename _RDS to _SSBD
- SAUCE: proc: Use underscores for SSBD in 'status'
- SAUCE: Documentation/spec_ctrl: Do some minor cleanups
- SAUCE: x86/bugs: Fix __ssb_select_mitigation() return type
- SAUCE: x86/bugs: Make cpu_show_common() static

[Group.of.nepali.translators] [Bug 1763494] Re: linux-azure-edge should follow bionic/linux-azure in a similar way to linux-hwe

[Launchpad Bug Tracker]

This bug was fixed in the package linux-azure-edge -
4.15.0-1012.12~16.04.2

---
linux-azure-edge (4.15.0-1012.12~16.04.2) xenial; urgency=medium

  * linux-azure-edge headers are broken after change to support scripted
rebases (LP: #1772058)
- [Packaging]: azure-edge: Fix headers packages after switching to scripted
  rebase

linux-azure-edge (4.15.0-1012.12~16.04.1) xenial; urgency=medium

  * linux-image-4.15.0-20-generic install after upgrade from xenial breaks
(LP: #1767133)
- Packaging: Add versioned dependency for linux-base

  [ Ubuntu: 4.15.0-22.24 ]

  * CVE-2018-3639 (powerpc)
- powerpc/64s: Add support for a store forwarding barrier at kernel 
entry/exit
- stf-barrier: set eieio instruction bit 6 for future optimisations
  * CVE-2018-3639 (x86)
- x86/nospec: Simplify alternative_msr_write()
- x86/bugs: Concentrate bug detection into a separate function
- x86/bugs: Concentrate bug reporting into a separate function
- x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
- x86/bugs, KVM: Support the combination of guest and host IBRS
- x86/bugs: Expose /sys/../spec_store_bypass
- x86/cpufeatures: Add X86_FEATURE_RDS
- x86/bugs: Provide boot parameters for the spec_store_bypass_disable
  mitigation
- x86/bugs/intel: Set proper CPU features and setup RDS
- x86/bugs: Whitelist allowed SPEC_CTRL MSR values
- x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested
- x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
- x86/speculation: Create spec-ctrl.h to avoid include hell
- prctl: Add speculation control prctls
- x86/process: Allow runtime control of Speculative Store Bypass
- x86/speculation: Add prctl for Speculative Store Bypass mitigation
- nospec: Allow getting/setting on non-current task
- proc: Provide details on speculation flaw mitigations
- seccomp: Enable speculation flaw mitigations
- x86/bugs: Make boot modes __ro_after_init
- prctl: Add force disable speculation
- seccomp: Use PR_SPEC_FORCE_DISABLE
- seccomp: Add filter flag to opt-out of SSB mitigation
- seccomp: Move speculation migitation control to arch code
- x86/speculation: Make "seccomp" the default mode for Speculative Store
  Bypass
- x86/bugs: Rename _RDS to _SSBD
- proc: Use underscores for SSBD in 'status'
- Documentation/spec_ctrl: Do some minor cleanups
- x86/bugs: Fix __ssb_select_mitigation() return type
- x86/bugs: Make cpu_show_common() static
  * LSM Stacking prctl values should be redefined as to not collide with
upstream prctls (LP: #1769263) // CVE-2018-3639
- SAUCE: LSM stacking: adjust prctl values

  [ Ubuntu: 4.15.0-21.22 ]

  * linux: 4.15.0-21.22 -proposed tracker (LP: #1767397)
  * initramfs-tools exception during pm.DoInstall with  do-release-upgrade from
16.04 to 18.04  (LP: #1766727)
- Add linux-image-* Breaks on s390-tools (<< 2.3.0-0ubuntu3)
  * linux-image-4.15.0-20-generic install after upgrade from xenial breaks
(LP: #1767133)
- Packaging: Depends on linux-base that provides the necessary tools
  * linux-image packages need to Breaks flash-kernel << 3.90ubuntu2
(LP: #1766629)
- linux-image-* breaks on flash-kernel (<< 3.90ubuntu2)

linux-azure (4.15.0-1011.11) bionic; urgency=medium

  * linux-azure: 4.15.0-1011.11 -proposed tracker (LP: #1770294)

  * fsnotify: Fix fsnotify_mark_connector race (LP: #1765564)
- fsnotify: Fix fsnotify_mark_connector race

linux-azure (4.15.0-1009.9) bionic; urgency=medium

  * linux-azure: 4.15.0-1009.9 -proposed tracker (LP: #1766467)

  [ Ubuntu: 4.15.0-20.21 ]

  * linux: 4.15.0-20.21 -proposed tracker (LP: #1766452)
  * package shim-signed (not installed) failed to install/upgrade: installed
shim-signed package post-installation script subprocess returned error exit
status 5 (LP: #1766391)
- [Packaging] fix invocation of header postinst hooks

linux-azure (4.15.0-1008.8) bionic; urgency=medium

  * linux-azure: 4.15.0-1008.8 -proposed tracker (LP: #1766025)

  [ Ubuntu: 4.15.0-19.20 ]

  * linux: 4.15.0-19.20 -proposed tracker (LP: #1766021)
  * Kernel 4.15.0-15 breaks Dell PowerEdge 12th Gen servers (LP: #1765232)
- Revert "blk-mq: simplify queue mapping & schedule with each possisble CPU"
- Revert "genirq/affinity: assign vectors to all possible CPUs"

linux-azure (4.15.0-1007.7) bionic; urgency=medium

  * linux-azure: 4.15.0-1007.7 -proposed tracker (LP: #1765495)

  * Miscellaneous Ubuntu changes
- [Config] updateconfigs after rebase to Ubuntu-4.15.0-18.19
- [Packaging] update flavour-control.stub for signing changes

  [ Ubuntu: 4.15.0-18.19 ]

  * linux: 4.15.0-18.19 -proposed tracker (LP: #1765490)
  * [regression] Ubuntu 18.04:[4.15.0-17-generic #18] KVM Guest Kernel:
meltdown: rfi/fallback displacement flush not enabled bydefault (kvm)
(LP: #1765429)
- powerpc/pseries: Fix clearing of 

[Group.of.nepali.translators] [Bug 1764627] Re: Xenial update to 4.4.122 stable release

[Launchpad Bug Tracker]

This bug was fixed in the package linux - 4.4.0-127.153

---
linux (4.4.0-127.153) xenial; urgency=medium

  * CVE-2018-3639 (powerpc)
- powerpc/pseries: Support firmware disable of RFI flush
- powerpc/powernv: Support firmware disable of RFI flush
- powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code
- powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again
- powerpc/rfi-flush: Always enable fallback flush on pseries
- powerpc/rfi-flush: Differentiate enabled and patched flush types
- powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration
- powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags
- powerpc: Add security feature flags for Spectre/Meltdown
- powerpc/pseries: Set or clear security feature flags
- powerpc/powernv: Set or clear security feature flags
- powerpc/64s: Move cpu_show_meltdown()
- powerpc/64s: Enhance the information in cpu_show_meltdown()
- powerpc/powernv: Use the security flags in pnv_setup_rfi_flush()
- powerpc/pseries: Use the security flags in pseries_setup_rfi_flush()
- powerpc/64s: Wire up cpu_show_spectre_v1()
- powerpc/64s: Wire up cpu_show_spectre_v2()
- powerpc/pseries: Fix clearing of security feature flags
- powerpc: Move default security feature flags
- powerpc/pseries: Restore default security feature flags on setup
- SAUCE: powerpc/64s: Add support for a store forwarding barrier at kernel
  entry/exit

  * CVE-2018-3639 (x86)
- SAUCE: Clean up IBPB and IBRS control functions and macros
- SAUCE: Fix up IBPB and IBRS kernel parameters documentation
- SAUCE: Remove #define X86_FEATURE_PTI
- x86/cpufeature: Move some of the scattered feature bits to x86_capability
- x86/cpufeature: Cleanup get_cpu_cap()
- x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6
- x86/cpufeatures: Add CPUID_7_EDX CPUID leaf
- x86/cpufeatures: Add Intel feature bits for Speculation Control
- SAUCE: x86/kvm: Expose SPEC_CTRL from the leaf
- x86/cpufeatures: Add AMD feature bits for Speculation Control
- x86/msr: Add definitions for new speculation control MSRs
- SAUCE: x86/msr: Rename MSR spec control feature bits
- x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
- x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 
microcodes
- x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) 
support
- x86/speculation: Add  dependency
- x86/cpufeatures: Clean up Spectre v2 related CPUID flags
- x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel
- SAUCE: x86/speculation: Move vendor specific IBRS/IBPB control code
- SAUCE: x86: Add alternative_msr_write
- SAUCE: x86/nospec: Simplify alternative_msr_write()
- SAUCE: x86/bugs: Concentrate bug detection into a separate function
- SAUCE: x86/bugs: Concentrate bug reporting into a separate function
- arch: Introduce post-init read-only memory
- SAUCE: x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
- SAUCE: x86/bugs, KVM: Support the combination of guest and host IBRS
- SAUCE: x86/bugs: Expose /sys/../spec_store_bypass
- SAUCE: x86/cpufeatures: Add X86_FEATURE_RDS
- SAUCE: x86/bugs: Provide boot parameters for the spec_store_bypass_disable
  mitigation
- SAUCE: x86/bugs/intel: Set proper CPU features and setup RDS
- SAUCE: x86/bugs: Whitelist allowed SPEC_CTRL MSR values
- SAUCE: x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if
  requested
- SAUCE: x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
- SAUCE: x86/speculation: Create spec-ctrl.h to avoid include hell
- SAUCE: prctl: Add speculation control prctls
- x86/process: Optimize TIF checks in __switch_to_xtra()
- SAUCE: x86/process: Allow runtime control of Speculative Store Bypass
- SAUCE: x86/speculation: Add prctl for Speculative Store Bypass mitigation
- SAUCE: nospec: Allow getting/setting on non-current task
- SAUCE: proc: Provide details on speculation flaw mitigations
- SAUCE: seccomp: Enable speculation flaw mitigations
- SAUCE: x86/bugs: Honour SPEC_CTRL default
- SAUCE: x86/bugs: Make boot modes __ro_after_init
- SAUCE: prctl: Add force disable speculation
- SAUCE: seccomp: Use PR_SPEC_FORCE_DISABLE
- selftest/seccomp: Fix the flag name SECCOMP_FILTER_FLAG_TSYNC
- SAUCE: seccomp: Add filter flag to opt-out of SSB mitigation
- SAUCE: seccomp: Move speculation migitation control to arch code
- SAUCE: x86/speculation: Make "seccomp" the default mode for Speculative
  Store Bypass
- SAUCE: x86/bugs: Rename _RDS to _SSBD
- SAUCE: proc: Use underscores for SSBD in 'status'
- SAUCE: Documentation/spec_ctrl: Do some minor cleanups
- SAUCE: x86/bugs: Fix __ssb_select_mitigation() return type
- SAUCE: x86/bugs: Make cpu_show_common() static

[Group.of.nepali.translators] [Bug 1770016] Re: linux-aws: 4.4.0-1058.67 -proposed tracker

[Launchpad Bug Tracker]

This bug was fixed in the package linux-aws - 4.4.0-1060.69

---
linux-aws (4.4.0-1060.69) xenial; urgency=medium

  [ Ubuntu: 4.4.0-127.153 ]

  * CVE-2018-3639 (powerpc)
- powerpc/pseries: Support firmware disable of RFI flush
- powerpc/powernv: Support firmware disable of RFI flush
- powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code
- powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again
- powerpc/rfi-flush: Always enable fallback flush on pseries
- powerpc/rfi-flush: Differentiate enabled and patched flush types
- powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration
- powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags
- powerpc: Add security feature flags for Spectre/Meltdown
- powerpc/pseries: Set or clear security feature flags
- powerpc/powernv: Set or clear security feature flags
- powerpc/64s: Move cpu_show_meltdown()
- powerpc/64s: Enhance the information in cpu_show_meltdown()
- powerpc/powernv: Use the security flags in pnv_setup_rfi_flush()
- powerpc/pseries: Use the security flags in pseries_setup_rfi_flush()
- powerpc/64s: Wire up cpu_show_spectre_v1()
- powerpc/64s: Wire up cpu_show_spectre_v2()
- powerpc/pseries: Fix clearing of security feature flags
- powerpc: Move default security feature flags
- powerpc/pseries: Restore default security feature flags on setup
- SAUCE: powerpc/64s: Add support for a store forwarding barrier at kernel
  entry/exit
  * CVE-2018-3639 (x86)
- SAUCE: Clean up IBPB and IBRS control functions and macros
- SAUCE: Fix up IBPB and IBRS kernel parameters documentation
- SAUCE: Remove #define X86_FEATURE_PTI
- x86/cpufeature: Move some of the scattered feature bits to x86_capability
- x86/cpufeature: Cleanup get_cpu_cap()
- x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6
- x86/cpufeatures: Add CPUID_7_EDX CPUID leaf
- x86/cpufeatures: Add Intel feature bits for Speculation Control
- SAUCE: x86/kvm: Expose SPEC_CTRL from the leaf
- x86/cpufeatures: Add AMD feature bits for Speculation Control
- x86/msr: Add definitions for new speculation control MSRs
- SAUCE: x86/msr: Rename MSR spec control feature bits
- x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
- x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 
microcodes
- x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) 
support
- x86/speculation: Add  dependency
- x86/cpufeatures: Clean up Spectre v2 related CPUID flags
- x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel
- SAUCE: x86/speculation: Move vendor specific IBRS/IBPB control code
- SAUCE: x86: Add alternative_msr_write
- SAUCE: x86/nospec: Simplify alternative_msr_write()
- SAUCE: x86/bugs: Concentrate bug detection into a separate function
- SAUCE: x86/bugs: Concentrate bug reporting into a separate function
- arch: Introduce post-init read-only memory
- SAUCE: x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
- SAUCE: x86/bugs, KVM: Support the combination of guest and host IBRS
- SAUCE: x86/bugs: Expose /sys/../spec_store_bypass
- SAUCE: x86/cpufeatures: Add X86_FEATURE_RDS
- SAUCE: x86/bugs: Provide boot parameters for the spec_store_bypass_disable
  mitigation
- SAUCE: x86/bugs/intel: Set proper CPU features and setup RDS
- SAUCE: x86/bugs: Whitelist allowed SPEC_CTRL MSR values
- SAUCE: x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if
  requested
- SAUCE: x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
- SAUCE: x86/speculation: Create spec-ctrl.h to avoid include hell
- SAUCE: prctl: Add speculation control prctls
- x86/process: Optimize TIF checks in __switch_to_xtra()
- SAUCE: x86/process: Allow runtime control of Speculative Store Bypass
- SAUCE: x86/speculation: Add prctl for Speculative Store Bypass mitigation
- SAUCE: nospec: Allow getting/setting on non-current task
- SAUCE: proc: Provide details on speculation flaw mitigations
- SAUCE: seccomp: Enable speculation flaw mitigations
- SAUCE: x86/bugs: Honour SPEC_CTRL default
- SAUCE: x86/bugs: Make boot modes __ro_after_init
- SAUCE: prctl: Add force disable speculation
- SAUCE: seccomp: Use PR_SPEC_FORCE_DISABLE
- selftest/seccomp: Fix the flag name SECCOMP_FILTER_FLAG_TSYNC
- SAUCE: seccomp: Add filter flag to opt-out of SSB mitigation
- SAUCE: seccomp: Move speculation migitation control to arch code
- SAUCE: x86/speculation: Make "seccomp" the default mode for Speculative
  Store Bypass
- SAUCE: x86/bugs: Rename _RDS to _SSBD
- SAUCE: proc: Use underscores for SSBD in 'status'
- SAUCE: Documentation/spec_ctrl: Do some minor cleanups
- SAUCE: x86/bugs: Fix __ssb_select_mitigation() return type
- SAUCE: 

[Group.of.nepali.translators] [Bug 1770019] Re: linux-kvm: 4.4.0-1024.29 -proposed tracker

[Launchpad Bug Tracker]

This bug was fixed in the package linux-kvm - 4.4.0-1026.31

---
linux-kvm (4.4.0-1026.31) xenial; urgency=medium

  * Xenial update to 4.4.118 stable release (LP: #1756866)
- kvm: [config] Add CONFIG_DST_CACHE=y

  * getlogin will fail to open /proc/self/loginuid (LP: #1770245)
- Config: Enable CONFIG_AUDITSYSCALL

  [ Ubuntu: 4.4.0-127.153 ]

  * CVE-2018-3639 (powerpc)
- powerpc/pseries: Support firmware disable of RFI flush
- powerpc/powernv: Support firmware disable of RFI flush
- powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code
- powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again
- powerpc/rfi-flush: Always enable fallback flush on pseries
- powerpc/rfi-flush: Differentiate enabled and patched flush types
- powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration
- powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags
- powerpc: Add security feature flags for Spectre/Meltdown
- powerpc/pseries: Set or clear security feature flags
- powerpc/powernv: Set or clear security feature flags
- powerpc/64s: Move cpu_show_meltdown()
- powerpc/64s: Enhance the information in cpu_show_meltdown()
- powerpc/powernv: Use the security flags in pnv_setup_rfi_flush()
- powerpc/pseries: Use the security flags in pseries_setup_rfi_flush()
- powerpc/64s: Wire up cpu_show_spectre_v1()
- powerpc/64s: Wire up cpu_show_spectre_v2()
- powerpc/pseries: Fix clearing of security feature flags
- powerpc: Move default security feature flags
- powerpc/pseries: Restore default security feature flags on setup
- SAUCE: powerpc/64s: Add support for a store forwarding barrier at kernel
  entry/exit
  * CVE-2018-3639 (x86)
- SAUCE: Clean up IBPB and IBRS control functions and macros
- SAUCE: Fix up IBPB and IBRS kernel parameters documentation
- SAUCE: Remove #define X86_FEATURE_PTI
- x86/cpufeature: Move some of the scattered feature bits to x86_capability
- x86/cpufeature: Cleanup get_cpu_cap()
- x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6
- x86/cpufeatures: Add CPUID_7_EDX CPUID leaf
- x86/cpufeatures: Add Intel feature bits for Speculation Control
- SAUCE: x86/kvm: Expose SPEC_CTRL from the leaf
- x86/cpufeatures: Add AMD feature bits for Speculation Control
- x86/msr: Add definitions for new speculation control MSRs
- SAUCE: x86/msr: Rename MSR spec control feature bits
- x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
- x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 
microcodes
- x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) 
support
- x86/speculation: Add  dependency
- x86/cpufeatures: Clean up Spectre v2 related CPUID flags
- x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel
- SAUCE: x86/speculation: Move vendor specific IBRS/IBPB control code
- SAUCE: x86: Add alternative_msr_write
- SAUCE: x86/nospec: Simplify alternative_msr_write()
- SAUCE: x86/bugs: Concentrate bug detection into a separate function
- SAUCE: x86/bugs: Concentrate bug reporting into a separate function
- arch: Introduce post-init read-only memory
- SAUCE: x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
- SAUCE: x86/bugs, KVM: Support the combination of guest and host IBRS
- SAUCE: x86/bugs: Expose /sys/../spec_store_bypass
- SAUCE: x86/cpufeatures: Add X86_FEATURE_RDS
- SAUCE: x86/bugs: Provide boot parameters for the spec_store_bypass_disable
  mitigation
- SAUCE: x86/bugs/intel: Set proper CPU features and setup RDS
- SAUCE: x86/bugs: Whitelist allowed SPEC_CTRL MSR values
- SAUCE: x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if
  requested
- SAUCE: x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
- SAUCE: x86/speculation: Create spec-ctrl.h to avoid include hell
- SAUCE: prctl: Add speculation control prctls
- x86/process: Optimize TIF checks in __switch_to_xtra()
- SAUCE: x86/process: Allow runtime control of Speculative Store Bypass
- SAUCE: x86/speculation: Add prctl for Speculative Store Bypass mitigation
- SAUCE: nospec: Allow getting/setting on non-current task
- SAUCE: proc: Provide details on speculation flaw mitigations
- SAUCE: seccomp: Enable speculation flaw mitigations
- SAUCE: x86/bugs: Honour SPEC_CTRL default
- SAUCE: x86/bugs: Make boot modes __ro_after_init
- SAUCE: prctl: Add force disable speculation
- SAUCE: seccomp: Use PR_SPEC_FORCE_DISABLE
- selftest/seccomp: Fix the flag name SECCOMP_FILTER_FLAG_TSYNC
- SAUCE: seccomp: Add filter flag to opt-out of SSB mitigation
- SAUCE: seccomp: Move speculation migitation control to arch code
- SAUCE: x86/speculation: Make "seccomp" the default mode for Speculative
  Store Bypass
- SAUCE: x86/bugs: Rename _RDS 

[Group.of.nepali.translators] [Bug 1770245] Re: getlogin will fail to open /proc/self/loginuid

[Launchpad Bug Tracker]

This bug was fixed in the package linux-kvm - 4.4.0-1026.31

---
linux-kvm (4.4.0-1026.31) xenial; urgency=medium

  * Xenial update to 4.4.118 stable release (LP: #1756866)
- kvm: [config] Add CONFIG_DST_CACHE=y

  * getlogin will fail to open /proc/self/loginuid (LP: #1770245)
- Config: Enable CONFIG_AUDITSYSCALL

  [ Ubuntu: 4.4.0-127.153 ]

  * CVE-2018-3639 (powerpc)
- powerpc/pseries: Support firmware disable of RFI flush
- powerpc/powernv: Support firmware disable of RFI flush
- powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code
- powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again
- powerpc/rfi-flush: Always enable fallback flush on pseries
- powerpc/rfi-flush: Differentiate enabled and patched flush types
- powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration
- powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags
- powerpc: Add security feature flags for Spectre/Meltdown
- powerpc/pseries: Set or clear security feature flags
- powerpc/powernv: Set or clear security feature flags
- powerpc/64s: Move cpu_show_meltdown()
- powerpc/64s: Enhance the information in cpu_show_meltdown()
- powerpc/powernv: Use the security flags in pnv_setup_rfi_flush()
- powerpc/pseries: Use the security flags in pseries_setup_rfi_flush()
- powerpc/64s: Wire up cpu_show_spectre_v1()
- powerpc/64s: Wire up cpu_show_spectre_v2()
- powerpc/pseries: Fix clearing of security feature flags
- powerpc: Move default security feature flags
- powerpc/pseries: Restore default security feature flags on setup
- SAUCE: powerpc/64s: Add support for a store forwarding barrier at kernel
  entry/exit
  * CVE-2018-3639 (x86)
- SAUCE: Clean up IBPB and IBRS control functions and macros
- SAUCE: Fix up IBPB and IBRS kernel parameters documentation
- SAUCE: Remove #define X86_FEATURE_PTI
- x86/cpufeature: Move some of the scattered feature bits to x86_capability
- x86/cpufeature: Cleanup get_cpu_cap()
- x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6
- x86/cpufeatures: Add CPUID_7_EDX CPUID leaf
- x86/cpufeatures: Add Intel feature bits for Speculation Control
- SAUCE: x86/kvm: Expose SPEC_CTRL from the leaf
- x86/cpufeatures: Add AMD feature bits for Speculation Control
- x86/msr: Add definitions for new speculation control MSRs
- SAUCE: x86/msr: Rename MSR spec control feature bits
- x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
- x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 
microcodes
- x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) 
support
- x86/speculation: Add  dependency
- x86/cpufeatures: Clean up Spectre v2 related CPUID flags
- x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel
- SAUCE: x86/speculation: Move vendor specific IBRS/IBPB control code
- SAUCE: x86: Add alternative_msr_write
- SAUCE: x86/nospec: Simplify alternative_msr_write()
- SAUCE: x86/bugs: Concentrate bug detection into a separate function
- SAUCE: x86/bugs: Concentrate bug reporting into a separate function
- arch: Introduce post-init read-only memory
- SAUCE: x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
- SAUCE: x86/bugs, KVM: Support the combination of guest and host IBRS
- SAUCE: x86/bugs: Expose /sys/../spec_store_bypass
- SAUCE: x86/cpufeatures: Add X86_FEATURE_RDS
- SAUCE: x86/bugs: Provide boot parameters for the spec_store_bypass_disable
  mitigation
- SAUCE: x86/bugs/intel: Set proper CPU features and setup RDS
- SAUCE: x86/bugs: Whitelist allowed SPEC_CTRL MSR values
- SAUCE: x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if
  requested
- SAUCE: x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
- SAUCE: x86/speculation: Create spec-ctrl.h to avoid include hell
- SAUCE: prctl: Add speculation control prctls
- x86/process: Optimize TIF checks in __switch_to_xtra()
- SAUCE: x86/process: Allow runtime control of Speculative Store Bypass
- SAUCE: x86/speculation: Add prctl for Speculative Store Bypass mitigation
- SAUCE: nospec: Allow getting/setting on non-current task
- SAUCE: proc: Provide details on speculation flaw mitigations
- SAUCE: seccomp: Enable speculation flaw mitigations
- SAUCE: x86/bugs: Honour SPEC_CTRL default
- SAUCE: x86/bugs: Make boot modes __ro_after_init
- SAUCE: prctl: Add force disable speculation
- SAUCE: seccomp: Use PR_SPEC_FORCE_DISABLE
- selftest/seccomp: Fix the flag name SECCOMP_FILTER_FLAG_TSYNC
- SAUCE: seccomp: Add filter flag to opt-out of SSB mitigation
- SAUCE: seccomp: Move speculation migitation control to arch code
- SAUCE: x86/speculation: Make "seccomp" the default mode for Speculative
  Store Bypass
- SAUCE: x86/bugs: Rename _RDS