UBUNTU: Ubuntu-4.4.0-113.136

Signed-off-by: Khalid Elmously <khalid.elmously@canonical.com>

UBUNTU: Ubuntu-4.4.0-113.136
Signed-off-by: Khalid Elmously <khalid.elmously@canonical.com>
0d65082c · Khalid Elmously · 4b438032 · 0d65082c · 0d65082c · 0d65082c
Commit 0d65082c authored Feb 07, 2018 by Khalid Elmously
Showing with 157 additions and 5 deletions

debian.master/changelog debian.master/changelog +155 -5

debian.master/config/config.common.ubuntu debian.master/config/config.common.ubuntu +1 -0

debian.master/reconstruct debian.master/reconstruct +1 -0

No files found.
--- a/debian.master/changelog
+++ b/debian.master/changelog
-linux (4.4.0-113.136) UNRELEASED; urgency=low
+linux (4.4.0-113.136) xenial; urgency=low

-  CHANGELOG: Do not edit directly. Autogenerated at release.
-  CHANGELOG: Use the printchanges target to see the curent changes.
-  CHANGELOG: Use the insertchanges target to create the final log.
+  * linux: 4.4.0-113.136 -proposed tracker (LP: #1746936)

- -- Stefan Bader <stefan.bader@canonical.com>  Tue, 23 Jan 2018 10:34:25 +0100
+  [ Stefan Bader ]
+  * Missing install-time driver for QLogic QED 25/40/100Gb Ethernet NIC
+    (LP: #1743638)
+    - [d-i] Add qede to nic-modules udeb
+
+  * CVE-2017-5753 (Spectre v1 Intel)
+    - x86/cpu/AMD: Make the LFENCE instruction serialized
+    - x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature
+    - SAUCE: reinstate MFENCE_RDTSC feature definition
+    - locking/barriers: introduce new observable speculation barrier
+    - bpf: prevent speculative execution in eBPF interpreter
+    - x86, bpf, jit: prevent speculative execution when JIT is enabled
+    - SAUCE: FIX: x86, bpf, jit: prevent speculative execution when JIT is enabled
+    - carl9170: prevent speculative execution
+    - qla2xxx: prevent speculative execution
+    - Thermal/int340x: prevent speculative execution
+    - ipv4: prevent speculative execution
+    - ipv6: prevent speculative execution
+    - fs: prevent speculative execution
+    - net: mpls: prevent speculative execution
+    - udf: prevent speculative execution
+    - userns: prevent speculative execution
+    - SAUCE: claim mitigation via observable speculation barrier
+    - SAUCE: powerpc: add osb barrier
+    - SAUCE: s390/spinlock: add osb memory barrier
+    - SAUCE: arm64: no osb() implementation yet
+    - SAUCE: arm: no osb() implementation yet
+
+  * CVE-2017-5715 (Spectre v2 retpoline)
+    - x86/cpuid: Provide get_scattered_cpuid_leaf()
+    - x86/cpu: Factor out application of forced CPU caps
+    - x86/cpufeatures: Make CPU bugs sticky
+    - x86/cpufeatures: Add X86_BUG_CPU_INSECURE
+    - x86/cpu, x86/pti: Do not enable PTI on AMD processors
+    - x86/pti: Rename BUG_CPU_INSECURE to BUG_CPU_MELTDOWN
+    - x86/cpufeatures: Add X86_BUG_SPECTRE_V[12]
+    - x86/cpu: Merge bugs.c and bugs_64.c
+    - sysfs/cpu: Add vulnerability folder
+    - x86/cpu: Implement CPU vulnerabilites sysfs functions
+    - x86/alternatives: Add missing '\n' at end of ALTERNATIVE inline asm
+    - x86/mm/32: Move setup_clear_cpu_cap(X86_FEATURE_PCID) earlier
+    - x86/asm: Use register variable to get stack pointer value
+    - x86/kbuild: enable modversions for symbols exported from asm
+    - x86/asm: Make asm/alternative.h safe from assembly
+    - EXPORT_SYMBOL() for asm
+    - kconfig.h: use __is_defined() to check if MODULE is defined
+    - x86/retpoline: Add initial retpoline support
+    - x86/spectre: Add boot time option to select Spectre v2 mitigation
+    - x86/retpoline/crypto: Convert crypto assembler indirect jumps
+    - x86/retpoline/entry: Convert entry assembler indirect jumps
+    - x86/retpoline/ftrace: Convert ftrace assembler indirect jumps
+    - x86/retpoline/hyperv: Convert assembler indirect jumps
+    - x86/retpoline/xen: Convert Xen hypercall indirect jumps
+    - x86/retpoline/checksum32: Convert assembler indirect jumps
+    - x86/retpoline/irq32: Convert assembler indirect jumps
+    - x86/retpoline: Fill return stack buffer on vmexit
+    - x86/retpoline: Remove compile time warning
+    - x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB macros
+    - module: Add retpoline tag to VERMAGIC
+    - x86/mce: Make machine check speculation protected
+    - retpoline: Introduce start/end markers of indirect thunk
+    - kprobes/x86: Blacklist indirect thunk functions for kprobes
+    - kprobes/x86: Disable optimizing on the function jumps to indirect thunk
+    - x86/retpoline: Optimize inline assembler for vmexit_fill_RSB
+    - [Config] CONFIG_RETPOLINE=y
+    - [Packaging] retpoline -- add call site validation
+    - [Config] disable retpoline checks for first upload
+
+  * CVE-2017-5715 (revert embargoed) // CVE-2017-5753 (revert embargoed)
+    - Revert "UBUNTU: SAUCE: Fix spec_ctrl support in KVM"
+    - Revert "x86/cpuid: Provide get_scattered_cpuid_leaf()"
+    - Revert "kvm: vmx: Scrub hardware GPRs at VM-exit"
+    - Revert "Revert "x86/svm: Add code to clear registers on VM exit""
+    - Revert "UBUNTU: SAUCE: x86/microcode: Extend post microcode reload to
+      support IBPB feature -- repair missmerge"
+    - Revert "arm: no gmb() implementation yet"
+    - Revert "arm64: no gmb() implementation yet"
+    - Revert "UBUNTU: SAUCE: x86/kvm: Fix stuff_RSB() for 32-bit"
+    - Revert "s390/spinlock: add gmb memory barrier"
+    - Revert "powerpc: add gmb barrier"
+    - Revert "x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature"
+    - Revert "x86/cpu/AMD: Make the LFENCE instruction serialized"
+    - Revert "x86/svm: Add code to clear registers on VM exit"
+    - Revert "x86/svm: Add code to clobber the RSB on VM exit"
+    - Revert "KVM: x86: Add speculative control CPUID support for guests"
+    - Revert "x86/svm: Set IBPB when running a different VCPU"
+    - Revert "x86/svm: Set IBRS value on VM entry and exit"
+    - Revert "KVM: SVM: Do not intercept new speculative control MSRs"
+    - Revert "x86/microcode: Extend post microcode reload to support IBPB feature"
+    - Revert "x86/cpu/AMD: Add speculative control support for AMD"
+    - Revert "x86/cpu/amd, kvm: Satisfy guest kernel reads of IC_CFG MSR"
+    - Revert "x86/entry: Use retpoline for syscall's indirect calls"
+    - Revert "x86/syscall: Clear unused extra registers on 32-bit compatible
+      syscall entrance"
+    - Revert "x86/syscall: Clear unused extra registers on syscall entrance"
+    - Revert "x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb
+      control"
+    - Revert "x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature"
+    - Revert "x86/kvm: Pad RSB on VM transition"
+    - Revert "x86/kvm: Toggle IBRS on VM entry and exit"
+    - Revert "x86/kvm: Set IBPB when switching VM"
+    - Revert "x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm"
+    - Revert "x86/entry: Stuff RSB for entry to kernel for non-SMEP platform"
+    - Revert "x86/mm: Only set IBPB when the new thread cannot ptrace current
+      thread"
+    - Revert "x86/mm: Set IBPB upon context switch"
+    - Revert "x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup"
+    - Revert "x86/idle: Disable IBRS entering idle and enable it on wakeup"
+    - Revert "x86/enter: Use IBRS on syscall and interrupts"
+    - Revert "x86/enter: MACROS to set/clear IBRS and set IBPB"
+    - Revert "x86/feature: Report presence of IBPB and IBRS control"
+    - Revert "x86/feature: Enable the x86 feature to control Speculation"
+    - Revert "udf: prevent speculative execution"
+    - Revert "net: mpls: prevent speculative execution"
+    - Revert "fs: prevent speculative execution"
+    - Revert "ipv6: prevent speculative execution"
+    - Revert "userns: prevent speculative execution"
+    - Revert "Thermal/int340x: prevent speculative execution"
+    - Revert "qla2xxx: prevent speculative execution"
+    - Revert "carl9170: prevent speculative execution"
+    - Revert "uvcvideo: prevent speculative execution"
+    - Revert "x86, bpf, jit: prevent speculative execution when JIT is enabled"
+    - Revert "bpf: prevent speculative execution in eBPF interpreter"
+
+  * CVE-2017-17712
+    - net: ipv4: fix for a race condition in raw_sendmsg
+
+  * upload urgency should be medium by default (LP: #1745338)
+    - [Packaging] update urgency to medium by default
+
+  * CVE-CVE-2017-12190
+    - more bio_map_user_iov() leak fixes
+
+  * CVE-2015-8952
+    - mbcache2: reimplement mbcache
+    - ext2: convert to mbcache2
+    - ext4: convert to mbcache2
+    - mbcache2: limit cache size
+    - mbcache2: Use referenced bit instead of LRU
+    - ext4: kill ext4_mballoc_ready
+    - ext4: shortcut setting of xattr to the same value
+    - mbcache: remove mbcache
+    - mbcache2: rename to mbcache
+    - mbcache: get rid of _e_hash_list_head
+    - mbcache: add reusable flag to cache entries
+
+  * CVE-2017-15115
+    - sctp: do not peel off an assoc from one netns to another one
+
+  * CVE-2017-8824
+    - dccp: CVE-2017-8824: use-after-free in DCCP code
+
+ -- Khalid Elmously <khalid.elmously@canonical.com>  Wed, 07 Feb 2018 16:05:50 +0000

 linux (4.4.0-112.135) xenial; urgency=low


--- a/debian.master/config/config.common.ubuntu
+++ b/debian.master/config/config.common.ubuntu
@@ -2701,6 +2701,7 @@ CONFIG_GENERIC_CMOS_UPDATE=y
 CONFIG_GENERIC_CPU=y
 CONFIG_GENERIC_CPU_AUTOPROBE=y
 # CONFIG_GENERIC_CPU_DEVICES is not set
+CONFIG_GENERIC_CPU_VULNERABILITIES=y
 CONFIG_GENERIC_EARLY_IOREMAP=y
 CONFIG_GENERIC_FIND_FIRST_BIT=y
 CONFIG_GENERIC_HWEIGHT=y

--- a/debian.master/reconstruct
+++ b/debian.master/reconstruct
@@ -16,6 +16,7 @@ rm -f 'Documentation/mic/mpssd/mpssd.h'
 rm -f 'Documentation/mic/mpssd/sysfs.c'
 rm -f 'Documentation/networking/netlink_mmap.txt'
 rm -f 'arch/sparc/lib/user_fixup.c'
+rm -f 'arch/x86/kernel/cpu/bugs_64.c'
 rm -f 'arch/x86/kernel/cpu/intel_pt.h'
 rm -f 'arch/x86/kernel/cpu/perf_event.c'
 rm -f 'arch/x86/kernel/cpu/perf_event.h'