group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #36115
[Bug 1881338] Re: linux-azure: Update SGX version to version LD_1.33
This bug was fixed in the package linux-azure-4.15 - 4.15.0-1091.101
---------------
linux-azure-4.15 (4.15.0-1091.101) bionic; urgency=medium
* bionic/linux-azure-4.15: 4.15.0-1091.101 -proposed tracker (LP:
#1885057)
* linux-azure: Update SGX version to version LD_1.33 (LP: #1881338)
- SAUCE: ubuntu/sgx: Add module alias for ACPI device INT0E0C
[ Ubuntu: 4.15.0-109.110 ]
* Packaging resync (LP: #1786013)
- [Packaging] update helper scripts
- update dkms package versions
* Build and ship a signed wireguard.ko (LP: #1861284)
- [Packaging] wireguard -- add support for building signed .ko
* CVE-2019-16089
- SAUCE: nbd_genl_status: null check for nla_nest_start
* CVE-2019-19642
- kernel/relay.c: handle alloc_percpu returning NULL in relay_open
* CVE-2019-12380
- efi/x86/Add missing error handling to old_memmap 1:1 mapping code
* CVE-2019-19039 // CVE-2019-19377
- btrfs: sink flush_fn to extent_write_cache_pages
- btrfs: extent_io: Move the BUG_ON() in flush_write_bio() one level up
- btrfs: Don't submit any btree write bio if the fs has errors
* CVE-2019-19036
- btrfs: volumes: Use more straightforward way to calculate map length
- btrfs: tree-checker: Try to detect missing INODE_ITEM
- Btrfs: tree-checker: detect file extent items with overlapping ranges
- Btrfs: make tree checker detect checksum items with overlapping ranges
- btrfs: harden agaist duplicate fsid on scanned devices
- Btrfs: fix missing data checksums after replaying a log tree
- btrfs: reloc: fix reloc root leak and NULL pointer dereference
- btrfs: Validate child tree block's level and first key
- btrfs: Detect unbalanced tree with empty leaf before crashing btree
operations
* CVE-2019-19318
- btrfs: tree-checker: Replace root parameter with fs_info
- btrfs: tree-checker: Check level for leaves and nodes
- btrfs: tree-checker: get fs_info from eb in generic_err
- btrfs: tree-checker: get fs_info from eb in file_extent_err
- btrfs: tree-checker: get fs_info from eb in check_csum_item
- btrfs: tree-checker: get fs_info from eb in dir_item_err
- btrfs: tree-checker: get fs_info from eb in check_dir_item
- btrfs: tree-checker: get fs_info from eb in block_group_err
- btrfs: tree-checker: get fs_info from eb in check_block_group_item
- btrfs: tree-checker: get fs_info from eb in check_extent_data_item
- btrfs: tree-checker: get fs_info from eb in check_leaf_item
- btrfs: tree-checker: get fs_info from eb in check_leaf
- btrfs: tree-checker: get fs_info from eb in chunk_err
- btrfs: tree-checker: get fs_info from eb in dev_item_err
- btrfs: tree-checker: get fs_info from eb in check_dev_item
- btrfs: tree-checker: get fs_info from eb in check_inode_item
- btrfs: tree-checker: Add ROOT_ITEM check
- btrfs: tree-checker: Add EXTENT_ITEM and METADATA_ITEM check
- btrfs: tree-checker: Add simple keyed refs check
- btrfs: tree-checker: Add EXTENT_DATA_REF check
- btrfs: tree-checker: Fix wrong check on max devid
- Btrfs: fix selftests failure due to uninitialized i_mode in test inodes
* CVE-2019-19813 // CVE-2019-19816
- btrfs: Refactor parameter of BTRFS_MAX_DEVS() from root to fs_info
- btrfs: Move btrfs_check_chunk_valid() to tree-check.[ch] and export it
- btrfs: tree-checker: Make chunk item checker messages more readable
- btrfs: tree-checker: Make btrfs_check_chunk_valid() return EUCLEAN instead
of EIO
- btrfs: tree-checker: Check chunk item at tree block read time
- btrfs: tree-checker: Verify dev item
- btrfs: tree-checker: Enhance chunk checker to validate chunk profile
- btrfs: tree-checker: Verify inode item
- btrfs: inode: Verify inode mode to avoid NULL pointer dereference
* CVE-2020-0543
- UBUNTU/SAUCE: x86/speculation/srbds: do not try to turn mitigation off when
not supported
* Build Nvidia drivers in conjunction with kernel (LP: #1764792)
- [Packaging] disable nvidia dkms builds for mainline
* Bionic update: upstream stable patchset 2020-06-02 (LP: #1881801)
- i2c: dev: Fix the race between the release of i2c_dev and cdev
- ima: Set file->f_mode instead of file->f_flags in ima_calc_file_hash()
- evm: Check also if *tfm is an error pointer in init_desc()
- ima: Fix return value of ima_write_policy()
- fix multiplication overflow in copy_fdtable()
- iommu/amd: Fix over-read of ACPI UID from IVRS table
- i2c: mux: demux-pinctrl: Fix an error handling path in
'i2c_demux_pinctrl_probe()'
- ubi: Fix seq_file usage in detailed_erase_block_info debugfs file
- gcc-common.h: Update for GCC 10
- HID: multitouch: add eGalaxTouch P80H84 support
- scsi: qla2xxx: Fix hang when issuing nvme disconnect-all in NPIV
- configfs: fix config_item refcnt leak in configfs_rmdir()
- vhost/vsock: fix packet delivery order to monitoring devices
- component: Silence bind error on -EPROBE_DEFER
- scsi: ibmvscsi: Fix WARN_ON during event pool release
- x86/apic: Move TSC deadline timer debug printk
- gtp: set NLM_F_MULTI flag in gtp_genl_dump_pdp()
- ceph: fix double unlock in handle_cap_export()
- USB: core: Fix misleading driver bug report
- platform/x86: asus-nb-wmi: Do not load on Asus T100TA and T200TA
- ARM: futex: Address build warning
- padata: Replace delayed timer with immediate workqueue in padata_reorder
- padata: initialize pd->cpu with effective cpumask
- padata: purge get_cpu and reorder_via_wq from padata_do_serial
- arm64: fix the flush_icache_range arguments in machine_kexec
- ALSA: iec1712: Initialize STDSP24 properly when using the model=staudio
option
- ALSA: pcm: fix incorrect hw_base increase
- apparmor: Fix aa_label refcnt leak in policy_update
- dmaengine: tegra210-adma: Fix an error handling path in 'tegra_adma_probe()'
- powerpc: restore alphabetic order in Kconfig
- powerpc: Remove STRICT_KERNEL_RWX incompatibility with RELOCATABLE
- powerpc/64s: Disable STRICT_KERNEL_RWX
- x86/uaccess, ubsan: Fix UBSAN vs. SMAP
- ubsan: build ubsan.c more conservatively
- libnvdimm/btt: Remove unnecessary code in btt_freelist_init
- libnvdimm/btt: Fix LBA masking during 'free list' population
- media: fdp1: Fix R-Car M3-N naming in debug message
- cxgb4: free mac_hlist properly
- cxgb4/cxgb4vf: Fix mac_hlist initialization and free
- Revert "gfs2: Don't demote a glock until its revokes are written"
- staging: iio: ad2s1210: Fix SPI reading
- staging: greybus: Fix uninitialized scalar variable
- iio: sca3000: Remove an erroneous 'get_device()'
- iio: dac: vf610: Fix an error handling path in 'vf610_dac_probe()'
- mei: release me_cl object reference
- rapidio: fix an error in get_user_pages_fast() error handling
- rxrpc: Fix a memory leak in rxkad_verify_response()
- x86/unwind/orc: Fix unwind_get_return_address_ptr() for inactive tasks
- iio: adc: stm32-adc: Use dma_request_chan() instead
dma_request_slave_channel()
- iio: adc: stm32-adc: fix device used to request dma
- riscv: set max_pfn to the PFN of the last page
- ubifs: remove broken lazytime support
- HID: alps: Add AUI1657 device ID
- HID: alps: ALPS_1657 is too specific; use U1_UNICORN_LEGACY instead
- aquantia: Fix the media type of AQC100 ethernet controller in the driver
- HID: i2c-hid: reset Synaptics SYNA2393 on resume
- HID: quirks: Add HID_QUIRK_NO_INIT_REPORTS quirk for Dell K12A keyboard-dock
- stmmac: fix pointer check after utilization in stmmac_interrupt
- ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Xtreme
- ALSA: hda/realtek - Add more fixup entries for Clevo machines
- drm/etnaviv: fix perfmon domain interation
- nfit: Add Hyper-V NVDIMM DSM command set to white list
- thunderbolt: Drop duplicated get_switch_at_route()
- net: bcmgenet: code movement
- net: bcmgenet: abort suspend on error
- misc: rtsx: Add short delay after exit from ASPM
* Bionic update: upstream stable patchset 2020-05-21 (LP: #1880014)
- USB: serial: qcserial: Add DW5816e support
- dp83640: reverse arguments to list_add_tail
- fq_codel: fix TCA_FQ_CODEL_DROP_BATCH_SIZE sanity checks
- net: macsec: preserve ingress frame ordering
- net/mlx4_core: Fix use of ENOSPC around mlx4_counter_alloc()
- net: usb: qmi_wwan: add support for DW5816e
- sch_choke: avoid potential panic in choke_reset()
- sch_sfq: validate silly quantum values
- bnxt_en: Fix VLAN acceleration handling in bnxt_fix_features().
- net/mlx5: Fix forced completion access non initialized command entry
- net/mlx5: Fix command entry leak in Internal Error State
- bnxt_en: Improve AER slot reset.
- bnxt_en: Fix VF anti-spoof filter setup.
- net: stricter validation of untrusted gso packets
- ipv6: fix cleanup ordering for ip6_mr failure
- HID: wacom: Read HID_DG_CONTACTMAX directly for non-generic devices
- HID: usbhid: Fix race between usbhid_close() and usbhid_stop()
- USB: uas: add quirk for LaCie 2Big Quadra
- USB: serial: garmin_gps: add sanity checking for data length
- tracing: Add a vmalloc_sync_mappings() for safe measure
- KVM: arm: vgic: Fix limit condition when writing to GICD_I[CS]ACTIVER
- mm/page_alloc: fix watchdog soft lockups during set_zone_contiguous()
- coredump: fix crash when umh is disabled
- batman-adv: fix batadv_nc_random_weight_tq
- batman-adv: Fix refcnt leak in batadv_show_throughput_override
- batman-adv: Fix refcnt leak in batadv_store_throughput_override
- batman-adv: Fix refcnt leak in batadv_v_ogm_process
- x86/entry/64: Fix unwind hints in kernel exit path
- x86/entry/64: Fix unwind hints in rewind_stack_do_exit()
- x86/unwind/orc: Don't skip the first frame for inactive tasks
- x86/unwind/orc: Prevent unwinding before ORC initialization
- x86/unwind/orc: Fix error path for bad ORC entry type
- netfilter: nat: never update the UDP checksum when it's 0
- objtool: Fix stack offset tracking for indirect CFAs
- scripts/decodecode: fix trapping instruction formatting
- net: stmmac: Use mutex instead of spinlock
- shmem: fix possible deadlocks on shmlock_user_lock
- net/sonic: Fix a resource leak in an error handling path in
'jazz_sonic_probe()'
- net: moxa: Fix a potential double 'free_irq()'
- drop_monitor: work around gcc-10 stringop-overflow warning
- virtio-blk: handle block_device_operations callbacks after hot unplug
- scsi: sg: add sg_remove_request in sg_write
- dmaengine: pch_dma.c: Avoid data race between probe and irq handler
- dmaengine: mmp_tdma: Reset channel error on release
- cpufreq: intel_pstate: Only mention the BIOS disabling turbo mode once
- ALSA: hda/hdmi: fix race in monitor detection during probe
- drm/qxl: lost qxl_bo_kunmap_atomic_page in qxl_image_init_helper()
- ipc/util.c: sysvipc_find_ipc() incorrectly updates position index
- x86/entry/64: Fix unwind hints in register clearing code
- ipmi: Fix NULL pointer dereference in ssif_probe
- pinctrl: baytrail: Enable pin configuration setting for GPIO chip
- pinctrl: cherryview: Add missing spinlock usage in chv_gpio_irq_handler
- i40iw: Fix error handling in i40iw_manage_arp_cache()
- netfilter: conntrack: avoid gcc-10 zero-length-bounds warning
- IB/mlx4: Test return value of calls to ib_get_cached_pkey
- hwmon: (da9052) Synchronize access with mfd
- pnp: Use list_for_each_entry() instead of open coding
- gcc-10 warnings: fix low-hanging fruit
- kbuild: compute false-positive -Wmaybe-uninitialized cases in Kconfig
- Stop the ad-hoc games with -Wno-maybe-initialized
- gcc-10: disable 'zero-length-bounds' warning for now
- gcc-10: disable 'array-bounds' warning for now
- gcc-10: disable 'stringop-overflow' warning for now
- gcc-10: disable 'restrict' warning for now
- gcc-10: avoid shadowing standard library 'free()' in crypto
- x86/asm: Add instruction suffixes to bitops
- net: phy: micrel: Use strlcpy() for ethtool::get_strings
- net: fix a potential recursive NETDEV_FEAT_CHANGE
- net: phy: fix aneg restart in phy_ethtool_set_eee
- Revert "ipv6: add mtu lock check in __ip6_rt_update_pmtu"
- hinic: fix a bug of ndo_stop
- net: dsa: loop: Add module soft dependency
- net: ipv4: really enforce backoff for redirects
- netprio_cgroup: Fix unlimited memory leak of v2 cgroups
- net: tcp: fix rx timestamp behavior for tcp_recvmsg
- ALSA: hda/realtek - Limit int mic boost for Thinkpad T530
- ALSA: rawmidi: Initialize allocated buffers
- ALSA: rawmidi: Fix racy buffer resize under concurrent accesses
- ARM: dts: dra7: Fix bus_dma_limit for PCIe
- ARM: dts: imx27-phytec-phycard-s-rdk: Fix the I2C1 pinctrl entries
- x86: Fix early boot crash on gcc-10, third try
- ALSA: usb-audio: Add control message quirk delay for Kingston HyperX headset
- usb: core: hub: limit HUB_QUIRK_DISABLE_AUTOSUSPEND to USB5534B
- usb: host: xhci-plat: keep runtime active when removing host
- usb: xhci: Fix NULL pointer dereference when enqueuing trbs from urb sg list
- x86/unwind/orc: Fix error handling in __unwind_start()
- exec: Move would_dump into flush_old_exec
- clk: rockchip: fix incorrect configuration of rk3228 aclk_gpu* clocks
- usb: gadget: net2272: Fix a memory leak in an error handling path in
'net2272_plat_probe()'
- usb: gadget: audio: Fix a missing error return value in audio_bind()
- usb: gadget: legacy: fix error return code in gncm_bind()
- usb: gadget: legacy: fix error return code in cdc_bind()
- arm64: dts: rockchip: Replace RK805 PMIC node name with "pmic" on rk3328
boards
- arm64: dts: rockchip: Rename dwc3 device nodes on rk3399 to make dtc happy
- ARM: dts: r8a73a4: Add missing CMT1 interrupts
- ARM: dts: r8a7740: Add missing extal2 to CPG node
- KVM: x86: Fix off-by-one error in kvm_vcpu_ioctl_x86_setup_mce
- Makefile: disallow data races on gcc-10 as well
- sctp: Fix bundling of SHUTDOWN with COOKIE-ACK
- arm64: hugetlb: avoid potential NULL dereference
- net: dsa: Do not make user port errors fatal
- pppoe: only process PADT targeted at local interfaces
- riscv: fix vdso build with lld
- netfilter: nft_set_rbtree: Introduce and use nft_rbtree_interval_start()
- cifs: fix leaked reference on requeued write
- clk: Unlink clock if failed to prepare or enable
* upgrading to 4.15.0-99-generic breaks the sound and the trackpad
(LP: #1875916) // Bionic update: upstream stable patchset 2020-05-21
(LP: #1880014)
- Revert "ALSA: hda/realtek: Fix pop noise on ALC225"
* Pop sound from build-in speaker during cold boot and resume from S3
(LP: #1866357) // Bionic update: upstream stable patchset 2020-05-21
(LP: #1880014)
- ALSA: hda/realtek - Fix S3 pop noise on Dell Wyse
* Bionic update: upstream stable patchset 2020-05-19 (LP: #1879536)
- vhost: vsock: kick send_pkt worker once device is started
- powerpc/pci/of: Parse unassigned resources
- ASoC: topology: Check return value of pcm_new_ver
- selftests/ipc: Fix test failure seen after initial test run
- ASoC: sgtl5000: Fix VAG power-on handling
- ASoC: rsnd: Fix HDMI channel mapping for multi-SSI mode
- ASoC: codecs: hdac_hdmi: Fix incorrect use of list_for_each_entry
- wimax/i2400m: Fix potential urb refcnt leak
- net: stmmac: fix enabling socfpga's ptp_ref_clock
- net: stmmac: Fix sub-second increment
- cifs: protect updating server->dstaddr with a spinlock
- s390/ftrace: fix potential crashes when switching tracers
- scripts/config: allow colons in option strings for sed
- lib/mpi: Fix building for powerpc with clang
- net: bcmgenet: suppress warnings on failed Rx SKB allocations
- net: systemport: suppress warnings on failed Rx SKB allocations
- sctp: Fix SHUTDOWN CTSN Ack in the peer restart case
- ALSA: hda: Match both PCI ID and SSID for driver blacklist
- mac80211: add ieee80211_is_any_nullfunc()
- cgroup, netclassid: remove double cond_resched
- ASoC: rsnd: Fix parent SSI start/stop in multi-SSI mode
- drm/amdgpu: Correctly initialize thermal controller for GPUs with Powerplay
table v0 (e.g Hawaii)
- ASoC: rsnd: Don't treat master SSI in multi SSI setup as parent
- ASoC: rsnd: Fix "status check failed" spam for multi-SSI
- drm/amdgpu: Fix oops when pp_funcs is unset in ACPI event
- hexagon: clean up ioremap
- hexagon: define ioremap_uc
- drm/atomic: Take the atomic toys away from X
* Performing function level reset of AMD onboard USB and audio devices causes
system lockup (LP: #1865988)
- SAUCE: PCI: Avoid FLR for AMD Matisse HD Audio & USB 3.0
- SAUCE: PCI: Avoid FLR for AMD Starship USB 3.0
* add 16-bit width registers support for EEPROM at24 device (LP: #1876699)
- SAUCE: at24-smbus-16bit-address
* qeth: utilize virtual MAC for Layer2 OSD devices (LP: #1880834)
- s390/qeth: improve fallback to random MAC address
- s390/qeth: utilize virtual MAC for Layer2 OSD devices
* Slow send speed with Intel I219-V on Ubuntu 18.04.1 (LP: #1802691)
- e1000e: Disable TSO for buffer overrun workaround
* CVE-2020-10711
- netlabel: cope with NULL catmap
* CVE-2020-13143
- USB: gadget: fix illegal array access in binding with UDC
* rtl8723bu wifi issue after being turned off (LP: #1878296)
- rtl8xxxu: Improve TX performance of RTL8723BU on rtl8xxxu driver
- rtl8xxxu: add bluetooth co-existence support for single antenna
- rtl8xxxu: remove set but not used variable 'rate_mask'
- rtl8xxxu: Remove set but not used variable 'vif', 'dev', 'len'
* Cannot create ipvlans with > 1500 MTU on recent Bionic kernels
(LP: #1879658)
- ipvlan: use ETH_MAX_MTU as max mtu
* Miscellaneous Ubuntu changes
- [Config] wireguard -- enable on all architectures
[ Ubuntu: 4.15.0-108.109 ]
* Packaging resync (LP: #1786013)
- update dkms package versions
* dkms-build: downloads fail in private PPAs (LP: #1883874)
- dkms-build: apt-cache policy elides username:password information
-- Marcelo Henrique Cerri <marcelo.cerri@xxxxxxxxxxxxx> Thu, 25 Jun
2020 18:41:41 -0300
** Changed in: linux-azure-4.15 (Ubuntu Bionic)
Status: Fix Committed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-12380
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-16089
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-19036
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-19039
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-19318
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-19377
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-19642
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-19813
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-19816
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-0543
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-10711
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-13143
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1881338
Title:
linux-azure: Update SGX version to version LD_1.33
Status in linux-azure package in Ubuntu:
In Progress
Status in linux-azure-4.15 package in Ubuntu:
New
Status in linux-base package in Ubuntu:
Fix Released
Status in linux-azure source package in Xenial:
Invalid
Status in linux-azure-4.15 source package in Xenial:
Invalid
Status in linux-base source package in Xenial:
Fix Released
Status in linux-azure source package in Bionic:
Fix Committed
Status in linux-azure-4.15 source package in Bionic:
Fix Released
Status in linux-base source package in Bionic:
Fix Released
Status in linux-azure source package in Eoan:
Fix Committed
Status in linux-azure-4.15 source package in Eoan:
Invalid
Status in linux-base source package in Eoan:
Fix Released
Status in linux-azure source package in Focal:
Fix Committed
Status in linux-azure-4.15 source package in Focal:
Invalid
Status in linux-base source package in Focal:
Fix Released
Bug description:
[Impact]
We have included the DCAP version of SGX into the linux-azure kernels
in order to provide a signed version of this driver that can be used
with secure boot in Azure instances.
Since a new version of this driver was released, we should update the
embedded driver:
https://github.com/intel/SGXDataCenterAttestationPrimitives/tree/LD_1.33/driver/linux
[Test Case]
- Install the new kernel on an ACC azure instance.
- Ensure the module loads properly.
- Check if ECL (provided on the azure images) is working properly.
[Regression Potential]
The changes are extensive, but both Canonical and Microsoft perform
validation tests on SGX. Besides that, the change is restricted to
linux-azure running on specific instances.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-azure/+bug/1881338/+subscriptions