group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #12457
[Bug 1677959] Re: change_profile incorrect when using namespaces with a compound stack
This bug was fixed in the package linux - 4.10.0-19.21
---------------
linux (4.10.0-19.21) zesty; urgency=low
[ Tim Gardner ]
* Release Tracking Bug
- LP: #1680535
* ADT regressions caused by "audit: fix auditd/kernel connection state
tracking" (LP: #1680532)
- SAUCE: Revert "audit: fix auditd/kernel connection state tracking"
* Miscellaneous Ubuntu changes
- [Config] updateconfigs to update CONFIG_GENERIC_CSUM for ppc64el
This cleans up behind a Kconfig change that went undetected.
linux (4.10.0-18.20) zesty; urgency=low
[ Tim Gardner ]
* Release Tracking Bug
- LP: #1680168
* smartpqi driver needed in initram disk and installer (LP: #1680156)
- UBUNU: [Config] Add smartpqi to d-i
linux (4.10.0-17.19) zesty; urgency=low
[ Tim Gardner ]
* Release Tracking Bug
- LP: #1679718
* Fix CVE-2017-7308 (LP: #1678009)
- net/packet: fix overflow in check for priv area size
- net/packet: fix overflow in check for tp_frame_nr
- net/packet: fix overflow in check for tp_reserve
* apparmor: oops on boot if parameters set on grub command line (LP: #1678048)
- SAUCE: apparmor: fix parameters so that the permission test is bypassed at boot
* apparmor: does not provide a way to detect policy updataes (LP: #1678032)
- SAUCE: apparmor: add policy revision file interface
* apparmor does not make support of query data visible (LP: #1678023)
- SAUCE: apparmor: add label data availability to the feature set
* apparmor query interface does not make supported query info available
(LP: #1678030)
- SAUCE: apparmor: add information about the query inteface to the feature set
* change_profile incorrect when using namespaces with a compound stack
(LP: #1677959)
- SAUCE: apparmor: fix label parse for stacked labels
* Zesty update to v4.10.8 stable release (LP: #1678930)
- xfrm: policy: init locks early
- xfrm_user: validate XFRM_MSG_NEWAE XFRMA_REPLAY_ESN_VAL replay_window
- xfrm_user: validate XFRM_MSG_NEWAE incoming ESN size harder
- KVM: nVMX: Fix nested VPID vmx exec control
- KVM: x86: cleanup the page tracking SRCU instance
- virtio_balloon: init 1st buffer in stats vq
- pinctrl: qcom: Don't clear status bit on irq_unmask
- c6x/ptrace: Remove useless PTRACE_SETREGSET implementation
- h8300/ptrace: Fix incorrect register transfer count
- mips/ptrace: Preserve previous registers for short regset write
- sparc/ptrace: Preserve previous registers for short regset write
- metag/ptrace: Preserve previous registers for short regset write
- metag/ptrace: Provide default TXSTATUS for short NT_PRSTATUS
- metag/ptrace: Reject partial NT_METAG_RPIPE writes
- qla2xxx: Allow vref count to timeout on vport delete.
- sched/rt: Add a missing rescheduling point
- usb: musb: fix possible spinlock deadlock
- Linux 4.10.8
* [Hyper-V] pci-hyperv: Use device serial number as PCI domain (LP: #1667527)
- net/mlx4_core: Use cq quota in SRIOV when creating completion EQs
- PCI: hv: Use device serial number as PCI domain
* Miscellaneous Ubuntu changes
- [Config] flash-kernel should be a Breaks
- [Config] drop the info directory
- [Config] drop NOTES as obsolete
- [Config] drop changelog.historical as obsolete
linux (4.10.0-16.18) zesty; urgency=low
[ Tim Gardner ]
* Release Tracking Bug
- LP: #1677697
* [Feature] ISH (Intel Sensor Hub) support (LP: #1645521)
- iio: accel: hid-sensor-accel-3d: Add timestamp
* Zesty update to v4.10.7 stable release (LP: #1677589)
- net/openvswitch: Set the ipv6 source tunnel key address attribute correctly
- net: bcmgenet: Do not suspend PHY if Wake-on-LAN is enabled
- net: properly release sk_frag.page
- amd-xgbe: Fix jumbo MTU processing on newer hardware
- openvswitch: Add missing case OVS_TUNNEL_KEY_ATTR_PAD
- net: unix: properly re-increment inflight counter of GC discarded candidates
- qmi_wwan: add Dell DW5811e
- net: vrf: Reset rt6i_idev in local dst after put
- net/mlx5: Add missing entries for set/query rate limit commands
- net/mlx5e: Use the proper UAPI values when offloading TC vlan actions
- net/mlx5: Increase number of max QPs in default profile
- net/mlx5e: Count GSO packets correctly
- net/mlx5e: Count LRO packets correctly
- ipv6: make sure to initialize sockc.tsflags before first use
- net: bcmgenet: remove bcmgenet_internal_phy_setup()
- ipv4: provide stronger user input validation in nl_fib_input()
- socket, bpf: fix sk_filter use after free in sk_clone_lock
- genetlink: fix counting regression on ctrl_dumpfamily()
- tcp: initialize icsk_ack.lrcvtime at session start time
- amd-xgbe: Fix the ECC-related bit position definitions
- net: solve a NAPI race
- HID: sony: Fix input device leak when connecting a DS4 twice using USB/BT
- Input: ALPS - fix V8+ protocol handling (73 03 28)
- Input: ALPS - fix trackstick button handling on V8 devices
- Input: elan_i2c - add ASUS EeeBook X205TA special touchpad fw
- Input: i8042 - add noloop quirk for Dell Embedded Box PC 3000
- Input: iforce - validate number of endpoints before using them
- Input: ims-pcu - validate number of endpoints before using them
- Input: hanwang - validate number of endpoints before using them
- Input: yealink - validate number of endpoints before using them
- Input: cm109 - validate number of endpoints before using them
- Input: kbtab - validate number of endpoints before using them
- Input: sur40 - validate number of endpoints before using them
- ALSA: seq: Fix racy cell insertions during snd_seq_pool_done()
- ALSA: ctxfi: Fix the incorrect check of dma_set_mask() call
- ALSA: hda - Adding a group of pin definition to fix headset problem
- USB: serial: option: add Quectel UC15, UC20, EC21, and EC25 modems
- USB: serial: qcserial: add Dell DW5811e
- ACM gadget: fix endianness in notifications
- usb: gadget: f_uvc: Fix SuperSpeed companion descriptor's wBytesPerInterval
- dvb-usb-firmware: don't do DMA on stack
- usb-core: Add LINEAR_FRAME_INTR_BINTERVAL USB quirk
- USB: uss720: fix NULL-deref at probe
- USB: lvtest: fix NULL-deref at probe
- USB: idmouse: fix NULL-deref at probe
- USB: wusbcore: fix NULL-deref at probe
- usb: musb: cppi41: don't check early-TX-interrupt for Isoch transfer
- usb: hub: Fix crash after failure to read BOS descriptor
- USB: usbtmc: add missing endpoint sanity check
- USB: usbtmc: fix probe error path
- uwb: i1480-dfu: fix NULL-deref at probe
- uwb: hwa-rc: fix NULL-deref at probe
- mmc: ushc: fix NULL-deref at probe
- nl80211: fix dumpit error path RTNL deadlocks
- mmc: core: Fix access to HS400-ES devices
- iio: adc: ti_am335x_adc: fix fifo overrun recovery
- iio: sw-device: Fix config group initialization
- iio: hid-sensor-trigger: Change get poll value function order to avoid
sensor properties losing after resume from S3
- iio: magnetometer: ak8974: remove incorrect __exit markups
- mei: fix deadlock on mei reset
- mei: don't wait for os version message reply
- parport: fix attempt to write duplicate procfiles
- ppdev: fix registering same device name
- ext4: mark inode dirty after converting inline directory
- powerpc/64s: Fix idle wakeup potential to clobber registers
- audit: fix auditd/kernel connection state tracking
- mmc: sdhci-of-at91: Support external regulators
- mmc: sdhci-of-arasan: fix incorrect timeout clock
- mmc: sdhci: Do not disable interrupts while waiting for clock
- mmc: sdhci-pci: Do not disable interrupts in sdhci_intel_set_power
- hwrng: amd - Revert managed API changes
- hwrng: geode - Revert managed API changes
- clk: sunxi-ng: sun6i: Fix enable bit offset for hdmi-ddc module clock
- clk: sunxi-ng: mp: Adjust parent rate for pre-dividers
- mwifiex: pcie: don't leak DMA buffers when removing
- ath10k: fix incorrect wlan_mac_base in qca6174_regs
- crypto: ccp - Assign DMA commands to the channel's CCP
- fscrypt: remove broken support for detecting keyring key revocation
- vfio: Rework group release notifier warning
- xen/acpi: upload PM state from init-domain to Xen
- iommu/vt-d: Fix NULL pointer dereference in device_to_iommu
- iommu/exynos: Block SYSMMU while invalidating FLPD cache
- iommu/exynos: Workaround FLPD cache flush issues for SYSMMU v5
- Revert "ARM: at91/dt: sama5d2: Use new compatible for ohci node"
- ARM: at91: pm: cpu_idle: switch DDR to power-down mode
- arm64: kaslr: Fix up the kernel image alignment
- cpufreq: Restore policy min/max limits on CPU online
- cgroup, net_cls: iterate the fds of only the tasks which are being migrated
- blk-mq: don't complete un-started request in timeout handler
- cpsw/netcp: cpts depends on posix_timers
- drm/amdgpu: reinstate oland workaround for sclk
- drm/amd/amdgpu: add POLARIS12 PCI ID
- auxdisplay: img-ascii-lcd: add missing sentinel entry in
img_ascii_lcd_matches
- jbd2: don't leak memory if setting up journal fails
- intel_th: Don't leak module refcount on failure to activate
- Drivers: hv: vmbus: Don't leak channel ids
- Drivers: hv: vmbus: Don't leak memory when a channel is rescinded
- mmc: block: Fix is_waiting_last_req set incorrectly
- libceph: don't set weight to IN when OSD is destroyed
- device-dax: fix pmd/pte fault fallback handling
- scsi: sd: Check for unaligned partial completion
- cpuidle: Validate cpu_dev in cpuidle_add_sysfs()
- xen: do not re-use pirq number cached in pci device msi msg data
- drm: reference count event->completion
- fbcon: Fix vc attr at deinit
- crypto: algif_hash - avoid zero-sized array
- Linux 4.10.7
* PS/2 mouse does not work on Dell embedded computer (LP: #1591053)
- Input: i8042 - add noloop quirk for Dell Embedded Box PC 3000
* [Zesty] mlx5_core Kernel oops with bonding mode 1 and 6 (LP: #1676786)
- SAUCE: (no-up) net/mlx5: Avoid dereferencing uninitialized pointer
* [Hyper-V] Implement Hyper-V PTP Source (LP: #1676635)
- Revert "hv: don't reset hv_context.tsc_page on crash"
- Revert "Drivers: hv: vmbus: Raise retry/wait limits in vmbus_post_msg()"
- Revert "hv: allocate synic pages for all present CPUs"
- Revert "hv: init percpu_list in hv_synic_alloc()"
- Revert "Drivers: hv: vmbus: Prevent sending data on a rescinded channel"
- Revert "Drivers: hv: vmbus: Fix a rescind handling bug"
- Revert "Drivers: hv: util: kvp: Fix a rescind processing issue"
- Revert "Drivers: hv: util: Fcopy: Fix a rescind processing issue"
- Revert "Drivers: hv: util: Backup: Fix a rescind processing issue"
- Revert "drivers: hv: Turn off write permission on the hypercall page"
- Revert "UBUNTU: SAUCE: (no-up) hv: Supply vendor ID and package ABI"
- Drivers: hv: vmbus: Raise retry/wait limits in vmbus_post_msg()
- hv: allocate synic pages for all present CPUs
- hv: init percpu_list in hv_synic_alloc()
- hv: don't reset hv_context.tsc_page on crash
- Drivers: hv: vmbus: Prevent sending data on a rescinded channel
- hv: switch to cpuhp state machine for synic init/cleanup
- hv: make CPU offlining prevention fine-grained
- Drivers: hv: vmbus: Fix a rescind handling bug
- Drivers: hv: util: kvp: Fix a rescind processing issue
- Drivers: hv: util: Fcopy: Fix a rescind processing issue
- Drivers: hv: util: Backup: Fix a rescind processing issue
- Drivers: hv: vmbus: Move the definition of hv_x64_msr_hypercall_contents
- Drivers: hv: vmbus: Move the definition of generate_guest_id()
- Drivers: hv vmbus: Move Hypercall page setup out of common code
- Drivers: hv: vmbus: Move Hypercall invocation code out of common code
- Drivers: hv: vmbus: Consolidate all Hyper-V specific clocksource code
- Drivers: hv: vmbus: Move the extracting of Hypervisor version information
- Drivers: hv: vmbus: Move the crash notification function
- Drivers: hv: vmbus: Move the check for hypercall page setup
- Drivers: hv: vmbus: Move the code to signal end of message
- Drivers: hv: vmbus: Restructure the clockevents code
- Drivers: hv: util: Use hv_get_current_tick() to get current tick
- Drivers: hv: vmbus: Get rid of an unsused variable
- Drivers: hv: vmbus: Define APIs to manipulate the message page
- Drivers: hv: vmbus: Define APIs to manipulate the event page
- Drivers: hv: vmbus: Define APIs to manipulate the synthetic interrupt controller
- Drivers: hv: vmbus: Define an API to retrieve virtual processor index
- Drivers: hv: vmbus: Define an APIs to manage interrupt state
- Drivers: hv: vmbus: Cleanup hyperv_vmbus.h
- hv_util: switch to using timespec64
- Drivers: hv: restore hypervcall page cleanup before kexec
- Drivers: hv: restore TSC page cleanup before kexec
- Drivers: hv: balloon: add a fall through comment to hv_memory_notifier()
- Drivers: hv: vmbus: Use all supported IC versions to negotiate
- Drivers: hv: Log the negotiated IC versions.
- Drivers: hv: Fix the bug in generating the guest ID
- hv: export current Hyper-V clocksource
- hv_utils: implement Hyper-V PTP source
- SAUCE: (no-up) hv: Supply vendor ID and package ABI
- drivers: hv: Turn off write permission on the hypercall page
* Populating Hyper-V MSR for Ubuntu 13.10 (LP: #1193172)
- SAUCE: (no-up) hv: Supply vendor ID and package ABI
* Ubuntu 16.10: Network checksum fixes needed for IPoIB for Mellanox CX4/CX5
card (LP: #1670247)
- powerpc/64: Fix checksum folding in csum_tcpudp_nofold and ip_fast_csum_nofold
- powerpc/64: Use optimized checksum routines on little-endian
* Kernel linux-image-4.4.0-67-generic prevent the boot on Microsoft Hyper-v
2012r2 Gen2 VM (LP: #1674635)
- scsi: storvsc: Workaround for virtual DVD SCSI version
* POWER9 Radix mode KVM (LP: #1675806)
- Revert "powerpc: Update to new option-vector-5 format for CAS"
- Revert "powerpc/powernv: Initialise nest mmu"
- Revert "KVM: PPC: Book 3S: XICS: Don't lock twice when checking for resend"
- KVM: PPC: Book3S: Change interrupt call to reduce scratch space use on HV
- KVM: PPC: Book3S: Move 64-bit KVM interrupt handler out from alt section
- KVM: PPC: Book3S: 64-bit CONFIG_RELOCATABLE support for interrupts
- powerpc/64: More definitions for POWER9
- powerpc/64: Export pgtable_cache and pgtable_cache_add for KVM
- powerpc/64: Make type of partition table flush depend on partition type
- powerpc/64: Allow for relocation-on interrupts from guest to host
- KVM: PPC: Book3S HV: Add userspace interfaces for POWER9 MMU
- KVM: PPC: Book3S HV: Set process table for HPT guests on POWER9
- KVM: PPC: Book3S HV: Use ASDR for HPT guests on POWER9
- KVM: PPC: Book3S HV: Add basic infrastructure for radix guests
- KVM: PPC: Book3S HV: Modify guest entry/exit paths to handle radix guests
- KVM: PPC: Book3S HV: Page table construction and page faults for radix guests
- KVM: PPC: Book3S HV: MMU notifier callbacks for radix guests
- KVM: PPC: Book3S HV: Implement dirty page logging for radix guests
- KVM: PPC: Book3S HV: Make HPT-specific hypercalls return error in radix mode
- KVM: PPC: Book3S HV: Invalidate TLB on radix guest vcpu movement
- KVM: PPC: Book3S HV: Allow guest exit path to have MMU on
- KVM: PPC: Book3S HV: Invalidate ERAT on guest entry/exit for POWER9 DD1
- KVM: PPC: Book3S HV: Enable radix guest support
- powerpc/64: CONFIG_RELOCATABLE support for hmi interrupts
- KVM: PPC: Book3S HV: Fix software walk of guest process page tables
- KVM: PPC: Book3S HV: Don't use ASDR for real-mode HPT faults on POWER9
- KVM: PPC: Book3S HV: Don't try to signal cpu -1
- KVM: PPC: Book 3S: Fix error return in kvm_vm_ioctl_create_spapr_tce()
- powerpc/64: Invalidate process table caching after setting process table
- powerpc: Update to new option-vector-5 format for CAS
- KVM: PPC: Book 3S: XICS: Don't lock twice when checking for resend
- powerpc/powernv: Initialise nest mmu
- powerpc/powernv: Remove separate entry for OPAL real mode calls
* [Hyper-V][Mellanox] net/mlx4_core: Avoid delays during VF driver device shutdown (LP: #1672785)
- net/mlx4_core: Avoid delays during VF driver device shutdown
* [zesty] mlx4_core OOM with 32 bit arch (LP: #1676858)
- mlx4: reduce OOM risk on arches with large pages
* [Feature] GLK Northpeak Enabling (LP: #1645963)
- intel_th: pci: Add Denverton SOC support
- intel_th: pci: Add Gemini Lake support
* [zesty] mlx5e OVS fixes (LP: #1676388)
- net/mlx5: Fix create autogroup prev initializer
- net/mlx5e: Avoid supporting udp tunnel port ndo for VF reps
- net/mlx5e: Avoid wrong identification of rules on deletion
- devlink: fix the name of eswitch commands
- devlink: rename devlink_eswitch_fill to devlink_nl_eswitch_fill
- devlink: use nla_put_failure goto label instead of out
- devlink: allow to fillup eswitch attrs even if mode_get op does not exist
- net/mlx5e: Change the TC offload rule add/del code path to be per NIC or E-Switch
- net/mlx5: E-Switch, Don't allow changing inline mode when flows are configured
* [ARM64] Support systems where the physical memory footprint exceeds the size
of the linear mapping. (LP: #1675046)
- SAUCE: efi: arm-stub: Correct FDT and initrd allocation rules for arm64
- SAUCE: efi: arm-stub: Round up FDT allocation to mapping size
* AACRAID Driver: Add 3 patch fixes to Kernel release (LP: #1675872)
- scsi: aacraid: remove redundant zero check on ret
- scsi: aacraid: Fix typo in blink status
- scsi: aacraid: Fix potential null access
* stress_smoke_test passing and exiting rc=9 (linux 4.9.0-12.13 ADT test
failure with linux 4.9.0-12.13) (LP: #1658633)
- ext4: lock the xattr block before checksuming it
* ARM arch_timer erratum (LP: #1675509)
- arm64: ptrace: add XZR-safe regs accessors
- SAUCE: arm64: Allow checking of a CPU-local erratum
- SAUCE: arm64: Add CNTVCT_EL0 trap handler
- SAUCE: arm64: Define Cortex-A73 MIDR
- SAUCE: arm64: cpu_errata: Allow an erratum to be match for all revisions of a core
- SAUCE: arm64: cpu_errata: Add capability to advertise Cortex-A73 erratum 858921
- SAUCE: arm64: arch_timer: Add infrastructure for multiple erratum detection methods
- SAUCE: arm64: arch_timer: Add erratum handler for globally defined capability
- SAUCE: arm64: arch_timer: Add erratum handler for CPU-specific capability
- SAUCE: arm64: arch_timer: Move arch_timer_reg_read/write around
- SAUCE: arm64: arch_timer: Get rid of erratum_workaround_set_sne
- SAUCE: arm64: arch_timer: Rework the set_next_event workarounds
- SAUCE: arm64: arch_timer: Make workaround methods optional
- SAUCE: arm64: arch_timer: Allows a CPU-specific erratum to only affect a subset of CPUs
- SAUCE: arm64: arch_timer: Move clocksource_counter and co around
- SAUCE: arm64: arch_timer: Enable CNTVCT_EL0 trap if workaround is enabled
- SAUCE: arm64: arch_timer: Workaround for Cortex-A73 erratum 858921
- SAUCE: arm64: arch_timer: Allow erratum matching with ACPI OEM information
- SAUCE: arm64: arch_timer: Add HISILICON_ERRATUM_161010101 ACPI matching data
- SAUCE: arm64: arch_timer: Add check for unknown erratum
* Zesty update to v4.10.6 stable release (LP: #1676429)
- give up on gcc ilog2() constant optimizations
- qla2xxx: Fix memory leak for abts processing
- qla2xxx: Fix request queue corruption.
- parisc: Optimize flush_kernel_vmap_range and invalidate_kernel_vmap_range
- parisc: support R_PARISC_SECREL32 relocation in modules
- parisc: Fix system shutdown halt
- perf/core: Fix use-after-free in perf_release()
- perf/core: Fix event inheritance on fork()
- md/r5cache: fix set_syndrome_sources() for data in cache
- xprtrdma: Squelch kbuild sparse complaint
- NFS prevent double free in async nfs4_exchange_id
- cpufreq: Fix and clean up show_cpuinfo_cur_freq()
- powerpc/boot: Fix zImage TOC alignment
- hwrng: omap - write registers after enabling the clock
- hwrng: omap - use devm_clk_get() instead of of_clk_get()
- hwrng: omap - Do not access INTMASK_REG on EIP76
- md/raid1/10: fix potential deadlock
- target/pscsi: Fix TYPE_TAPE + TYPE_MEDIMUM_CHANGER export
- scsi: lpfc: Add shutdown method for kexec
- scsi: libiscsi: add lock around task lists to fix list corruption regression
- scsi: mpt3sas: Avoid sleeping in interrupt context
- target: Fix VERIFY_16 handling in sbc_parse_cdb
- isdn/gigaset: fix NULL-deref at probe
- gfs2: Avoid alignment hole in struct lm_lockname
- percpu: acquire pcpu_lock when updating pcpu_nr_empty_pop_pages
- cgroup/pids: remove spurious suspicious RCU usage warning
- drm/amdgpu/si: add dpm quirk for Oland
- Linux 4.10.6
* Miscellaneous Ubuntu changes
- [Config] CONFIG_ARM64_ERRATUM_858921=y
- [Debian] add rprovides for spl-modules and zfs-modules
-- Tim Gardner <tim.gardner@xxxxxxxxxxxxx> Thu, 06 Apr 2017 17:28:49
+0100
** Changed in: linux (Ubuntu Zesty)
Status: Fix Committed => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2017-7308
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1677959
Title:
change_profile incorrect when using namespaces with a compound stack
Status in AppArmor:
New
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Xenial:
Confirmed
Status in linux source package in Yakkety:
Confirmed
Status in linux source package in Zesty:
Fix Released
Bug description:
When a compound label is used as part of a target namespace the change
profile will result in a bad change
a task confined by profile lxd doing
change_profile(&:ns://foo//&unconfined)
results in a change_profile to
:ns://foo
and
unconfined
causing the local system profile to change instead of setting up a stack in the sub namespace
ie.
unconfined//&:ns://foo
instead of the expected
lxd//&:ns://foo//&:ns://unconfined
https://github.com/lxc/lxd/issues/2981
To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1677959/+subscriptions