14.04.6

This is a brief summary of bugs fixed between Ubuntu 14.04.5 and 14.04.6. This summary covers only changes to packages in main and restricted, which account for all packages in the officially-supported CD images; there are further changes to various packages in universe and multiverse. Some of these fixes were by Ubuntu developers directly, while others were by upstream developers and backported to Ubuntu. For full details, see the individual package changelogs.

In addition to the bugs listed below, this update includes all security updates from the Ubuntu Security Notice list affecting Ubuntu 14.04 LTS that were released up to and including March 4, 2019. The last update included was USN-3885-2 (OpenSSH vulnerability).

Installation bug fixes

Updated CD images are provided with this release, including fixes for some installation bugs. (Many installation problems are hardware-specific; for those, see "Hardware support bugs" below.)

curtin

1588547

curtin/net: fix inet value for subnets, don't add interface attributes to alias

curtin

1592149

improve net-meta network configuration

curtin

1590846

reporting: set webhook handler level to DEBUG, no filtering

curtin

1551937

fix multipath configuration and add multipath tests

curtin

1577872

Detect and remove legacy /etc/network/interfaces.d/eth0.cfg from target

curtin

1577872

sru current curtin

preseed

1452202

Fix for netcfg/hostname, if set, to take precedence.

debian-installer

1452202

No change rebuild to pick up the latest change in preseed

debian-installer

1623090

Drop support for removed keystone kernel

livecd-rootfs

1693018

Add ubuntu-cpc project

livecd-rootfs

1690440

Add basic but configurable autopkgtest. .

live-build

1693018

Add support for the ubuntu-cpc project

livecd-rootfs

1711735

Fix security mirror sources.list entries for non-x86 architectures by backporting trunk revision 1408.

debian-installer

1743787

Include $efi_name in shim filename.

debian-installer

1745531

Rebuild to pick up the latest change in preseed.

preseed

1745531

Fix for netcfg/hostname, if set, to take precedence.

partman-partitioning

1733276

Make get_real_device() both simpler and more generic.

ubuntu-meta

1686183

Added ubuntu-advantage-tools to minimal

ca-certificates

1807023

Add ca-certificates udeb package

debian-installer

1807023

build/pkg-lists/base: add ca-certificates-udeb to enable HTTPS without d-i/allow_unauthenticated_ssl in stock initramfs image as in Debian.

live-build

1778811

Backport Adam's ubuntu-initramfs-handling.patch patch from xenial: Use initramfs-tools to work with initrds, instead of trying to naively repack and unpack them blindly

Upgrade bug fixes

These changes fix upgrade issues, smoothing the way for future upgrades to later releases of Ubuntu.

update-notifier

1498059

Add support for the HWE End-of-Life notification via motd.

update-manager

1498059

hwe-support-status: utilize a virtualbox metapackage set.

update-manager

1617448

hwe-support-status: Deal with the fact that fglrx was deprecated in 16.04 so will not work with the Xenial 16.04 HWE stack.

update-manager

1574193

Correctly calculate the end of support, and return correctly when support has ended. Patch from Andrew Gaul, with thanks.

ubuntu-release-upgrader

1645906

No change rebuild so the dist-upgrader tarball will be signed with the new method.

update-manager

1654008

Use a 64 bit integer for launch-time instead of a 32 bit one which won't work someday.

update-notifier

1654008

Switch to using a 64 bit integer for launch-time as update-manager also did.

unattended-upgrades

1687129

Add UbuntuESM to the list of sources automatically upgraded from by default. .

update-manager

1607929

Recommend libgtk2-perl be installed so we have a working debconf frontend.

update-manager

1574670

ubuntu-support-status: use component to differentiate packages supported by the community and packages supported by Canonical, override the Supported tag for main and restricted to work around the inaccurate Packages files, hardcode the release date since distro-info-date isn't installed by default in Trusty.

ubuntu-release-upgrader

1174007

Properly drop permissions when opening a browser.

Desktop fixes

These changes mainly affect desktop installations of Ubuntu, Kubuntu, Edubuntu and other Ubuntu-based systems.

oxide-qt

1532910

Stop using deprecated V8 APIs

xserver-xorg-video-ati-lts-xenial

1611982

control: Move mach64, r128 back to Depends.

gnome-contacts

1063019

Log a warning instead of a crash error when communication with evolution-data-server times out. Fix backported from 3.20

gnome-keyring

1421955

Use upstream gnome-keyring-daemon man page instead of stub Debian version

whoopsie

1616559

Allow uploading of any field with data less than 1KB, creating a whitelist of fields with large data, and a blacklist of fields we don't want in the Error Tracker.

whoopsie

1616517

src/whoopsie.c: Add fields from package management applications that can be larger than 1KB to the list of accepted fields.

xorg-server-lts-xenial

1617448

Add conflicts for fglrx, fglrx-core, fglrx-updates, and fglrx-updates-core because support for fglrx was removed in 16.04.

oxide-qt

1615832

Don't compile the mock QPA plugin with Qt5.6

oxide-qt

1618589

Compile with -fno-delete-null-pointer-checks to work around issues related to changes in GCC6

oxide-qt

1618530

Ensure we use the correct ozone platform

oxide-qt

1616595

Fix Qt5.2 build

oxide-qt

1260103

Oxide should use an app-specific path for shared memory files

oxide-qt

1615683

Implement KeyboardEvent.code and KeyboardEvent.key, as parts of Blink now depend on this

oxide-qt

1605365

Front camera is inverted on BQ E5

oxide-qt

1608657

Ensure shrinksViewportContentToFit option is enabled on mobile

oxide-qt

1597420

Add a mock QPA plugin and add integration tests for the Screen and ScreenOrientation APIs

oxide-qt

1568145

Correctly report the position for video capture devices

oxide-qt

1599236

ensure GN builds are built with Pango support

oxide-qt

1588219

fix mediahub GN build

oxide-qt

1592020

Make oxide_shared_unittests / oxide_qt_unittests work with the GN build

oxide-qt

1597262

Only enable plugin support on x86 / x86-64

oxide-qt

1560271

Refactor CookieStoreProxy and ensure that the cookie store is created on the IO thread

oxide-qt

1510603

Stop using GetFormFactorHint for memory optimizations

oxide-qt

1595320

Ensure GN builds are linked without --fatal-warnings

oxide-qt

1595321

Various allocator related fixes

oxide-qt

1595324

Various allocator related fixes

oxide-qt

1588218

Make ENABLE_TCMALLOC work with GN builds

oxide-qt

1597040

Disable TCMalloc on AArch64

oxide-qt

1585291

Add copy image support to the context menu

oxide-qt

1593232

Fix navigator.vibrate regression and add tests for this

oxide-qt

1595136

Compile the core library with -g1 on hosts with less than 8GB of RAM

oxide-qt

1594941

Fix static ENABLE_PLUGINS=0 GN build

oxide-qt

1594962

Disable gn check step for now

oxide-qt

1326697

Preliminary support for building with GN

oxide-qt

1588217

Cross-compiling support with GN

oxide-qt

1588942

Support for bootstrapping a GN binary

oxide-qt

1582638

Initial build support for AArch64

oxide-qt

1592296

Support filenames in drag and drop

oxide-qt

1601887

Add a quirk to assume that the native orientation of the primary screen on freiza and cooler devices is landscape

oxide-qt

1613258

Avoid a hard runtime dependency on MADV_FREE when compiled against glibc 2.24, and ensure madvise(MADV_FREE) is allowed in the seccomp policy so that it works when the kernel is upgraded to 4.5

oxide-qt

1616132

Explicitly whitelist accelerated canvas and GPU raster on various devices. This got disabled due to a recent change in libhybris

libgweather

1620557

Switch to the new METAR data provider, the previous one was shut down (update_metar_provider.patch,).

oxide-qt

1625122

Ensure we actually initialize the elements of Clipboard::cached_info_

oxide-qt

1625484

Initialize the locationbar position before the webview is navigated for the first time

oxide-qt

1448079

Don't spin the event loop during shutdown

oxide-qt

1503639

Fix and - Refactor ownership of BrowserContext

oxide-qt

1547130

Stop using GetFormFactorHint in PowerSaveBlocker

oxide-qt

1615832

ENABLE_TESTS fixes for Qt5.6

oxide-qt

1616043

OSK not displaying

oxide-qt

1547149

Stop using device form factor for configuring various WebPreferences options. This also deprecates OxideQWebPreferences::shrinksStandaloneImagesToFit, which never actually worked and the corresponding setting in Blink no longer exists

oxide-qt

1589902

Delete gyp support

oxide-qt

1547160

Use WebPreferences::main_frame_resizes_are_orientation_changes rather than the corresponding command line option

oxide-qt

1547138

Clean up pinch-zoom settings and always send pinch gestures to content

oxide-qt

1545088

Turn off WebPreferences::shrinks_viewport_contents_to_fit in windowed mode to avoid some sites being scaled on window resize (incomplete fix for)

oxide-qt

1610363

Stop using GetFormFactorHint in shared/renderer

oxide-qt

1597418

Rename ScreenClient to Screen and move all screen state handling there. This removes some duplication and makes it easier to unit-test

accountsservice

1443052

Backport 0.6.43 commit to fix logout records when a user shuts down or restarts their computer

nvidia-prime

1642662

Add support for EGL alternatives.

oxide-qt

1640542

Frequent web process crashes with webapps

oxide-qt

1639185

Crash during webbrowser-app tests

software-center

899878

Added support for Adwaita Dark theme variant to fix

oxide-qt

1620528

Ensure navigator.languages matches the embedder provided value (via WebContext::acceptLangs)

oxide-qt

1628496

Make the auto mode of LocationBarController more intelligent. It now blocks auto hide in the following circumstances:

oxide-qt

1628494

Add WebView::terminateWebProcess and WebProcessUnresponsive enum to WebProcessStatus so that applications can implement handling for hung web content processes

oxide-qt

1631450

Implement RWHV::GetFrameSinkId, and ensure our RWHV implementation uses the same cc::SurfaceManager as Chromium's RWHVChildFrame, so that cross-process frames work

oxide-qt

1622385

Add initial API reference documentation

oxide-qt

1599771

The webview shouldn't indicate that it is focused when one of its children is

oxide-qt

1570828

Don't crash when receiving messages as the webview is unloading

oxide-qt

1638915

build failure on trusty

oxide-qt

1637609

Make OxideQQuickNavigationHistory constructor private

oxide-qt

1631184

Location bar is hidden for webviews that are script opened

oxide-qt

1640264

Find-in-page doesn't wrap correctly

xserver-xorg-video-intel

1247528

Package intel-virtual-output

dbus

1641243

debian/patches/unrequested-reply-mediation.patch: Don't let unrequested reply messages through and don't audit them. Unrequested reply messages are error or method_return messages that are sent from D-Bus connection A to D-Bus connection B that do not correspond to any message ever sent by D-Bus connection B. They should be quietly dropped as there's no use for them outside of malicious activity. Patch based on upstream patches.

firefox

1659922

Fix Apparmor denials triggered by shared memory usage when e10s is enabled

xorg-server-lts-xenial

1655724

Drop the unnecessary systemd breaks clause which conflicts with snapd. In trusty, logind is managed by upstart. .

pyqt5

1654840

Backport a change from upstream 5.2-maint branch to fix conversion of QStrings with surrogate pairs (fix_qstring_conversion.patch). Fixes.

oxide-qt

1642318

Build failure on arm64

oxide-qt

1649861

session save/restore across oxide versions

oxide-qt

1632490

Disable zoom-for-dsf

oxide-qt

1632487

Update tst_WebView_findController.qml to test that results are updated on navigation

oxide-qt

1610929

Implement Screen::GetShellMode()

oxide-qt

1637184

Add libOxideUbuntuUITK, associated QML plugin and UbuntuWebView implementation, which will eventually replace the Ubuntu.Web component

oxide-qt

1637186

Add context menu implementation to UbuntuWebView

oxide-qt

1639241

Set the solid colour scrollbar colour correctly

oxide-qt

1643428

Fix an issue where the fling direction sometimes reverses

oxide-qt

1643548

Emit a warning when importing Oxide.Ubuntu

oxide-qt

1642381

Don't spin up a zygote process in single process mode

oxide-qt

1637187

Add QML tests for context menu

oxide-qt

1637190

Add API to allow embedders to customize actions in the context menu

oxide-qt

1640634

"Open {link,media} in new {tab,window}" entries in context menu shouldn't cause WebView.navigationRequested to fire

oxide-qt

1642317

misaligned access when running mksnapshot during the armhf build. Add this as a distro-patch to avoid having to fork the v8 repo for upstream checkouts. This isn't a problem for cross-builds anyway

imagemagick

1646485

SECURITY REGRESSION: test label regression

imagemagick

1589580

SECURITY REGRESSION: text coder issue

cups

1665018

Fixed processing of server overrides without port numbers.

firefox

1671079

Don't crash if LOGNAME is not set in the environment

fglrx-installer-updates

1511301

Avoid triggering any prompts for /etc.

fglrx-installer-updates

1511301

Bump the release replacing etc/ati so that we don't trigger a bug in software updater.

fglrx-installer-updates

1511301

Back up and restore the files that the old fglrx removes when upgrading.

fglrx-installer-updates

1511301

Make sure to also migrate the real ati configuration dir, not only the symlinks, or the upgrade will fail.

fglrx-installer

1511301

Avoid triggering any prompts for /etc.

fglrx-installer

1511301

Bump the release replacing etc/ati so that we don't trigger a bug in software updater.

fglrx-installer

1511301

Back up and restore the files that the old fglrx removes when upgrading.

fglrx-installer

1511301

Make sure to also migrate the real ati configuration dir, not only the symlinks, or the upgrade will fail.

linux-lts-xenial

1666897

snaps with classic + jailmode confinement started to fail on zesty

oxide-qt

1649577

Revert "Decide focus state of webview based on activeFocusItem check of window", as it caused a regression in popup menu handling

oxide-qt

1654363

Fails to build with vivid gcc

oxide-qt

1654512

Unbreak component build

oxide-qt

1649577

Decide the webview focus state from ItemChanged event not the focusIn/Out events

oxide-qt

1637194

Add <select> popup menu implementation to UbuntuWebView

oxide-qt

1656303

Test hang at the start of tst_focus.qml

oxide-qt

1649861

Session save/restore across oxide versions

oxide-qt

1647799

Don't run ubuntu-api and ubuntu-ui test sequences when built without ENABLE_UITK_WEBVIEW

oxide-qt

1568296

Change the behaviour of JS dialogs.

oxide-qt

1656905

Change the behaviour of JS dialogs.

oxide-qt

1637195

Add JS dialog implementation to UbuntuWebView

oxide-qt

1665978

Sync ParamTraits for content::WebPreferences to make double-tap-to-zoom work again

oxide-qt

1668614

Fix build failure with GCC 4.8 due to lack of stdatomic.h

firefox

1671079

Don't crash if LOGNAME is not set in the environment

firefox

1671273

Build with --enable-alsa for now to re-enable the unmaintained ALSA backend. Note that problems with the ALSA backend will not block future updates and Ubuntu flavors that ship without Pulseaudio need to participate in maintaining this code

ido

1506427

IdoCalendarMenuItem: disconnect from parent signals on item destruction

graphviz

1398028

Add missing dependency from libgraphviz-dev to libgvc6-plugins-gtk

activity-log-manager

1303508

Fix calendars not working when selecting date range to clear

thunderbird

1690445

Drop the previous workaround for failing to link libprldap60.so on x86 (exporting LIBS=-lc) and replace it with a more targetted workaround

apport

1673557

data/general/ubuntu.py: Collect a minimal version of /proc/cpuinfo in every report.

apport

1689093

data/general/ubuntu-gnome.py: The GNOME3 PPAs are no longer supported for 14.04 or 16.04 so set an UnreportableReason in those reports.

whoopsie

1673557

src/whoopsie.c: Add ProcCpuinfoMinimal which can be larger than 1KB to the list of accepted fields.

software-properties

1679784

depend on libgtk2-perl to ensure it's available, since it was not seeded on the desktop at release time. This is only a Recommends: in zesty, but we need to ensure this isn't ignored on upgrade..

nvidia-graphics-drivers-375

1566446

Drop nvidia-prime and bumblebee Recommends on armhf.

nvidia-graphics-drivers-375

1688431

Limit the amount of cores to a maximum of 16.

nvidia-graphics-drivers-375

1674677

install glvnd EGL vendor configuration file.

desktop-file-utils

1693089

Add Cinnamon, EDE, and LXQt to the list of registered desktop environments

imagemagick

1707015

SECURITY REGRESSION: image composite function regression

firefox

1615549

Don't restrict Destop Actions to Unity and make them compliant with GNOME-Shell

firefox

1720908

Backport patch to stub gdk_screen_get_monitor_workarea in mozgtk2 (fixes)

firefox

1725238

Remote OSProtocolHandlerExists to properly launch custom protocol handler

firefox

1733970

Search suggestions are broken after refreshing the Google searchplugin

firefox

1644021

Install EmojiOneMozilla.ttf

avahi

1661869

Remove all overly restrictive default rlimit restrictions in avahi-daemon.conf which can cause avahi to fail to start due to too many running process or crash out of memory.

firefox

1758107

Cannot customize toolbars in Unity

plymouth

927636

debian/patches/misc-changes.patch: Drop call to stop_animation as it would unreference a bunch of variables and cause a crash writing a NULL VMA.

gnome-user-docs

1696418

debian/rules: Set NO_PKG_MANGLE so the translations are not stripped. This works around the fact that the localized gnome-help pages are not included in the latest (last?) version of the language-pack-gnome-XX-base packages.

firefox

1791789

Fix: Mark distribution search engines as read-only, so that they are marked as hidden in rather than removed from the search engine cache when a user "removes" them (they can't actually be removed from disk). This stops them from reappearing on cache rebuilds

firefox

1791789

Backport upstream change to the search service to not handle locale changes on shutdown. As well as resulting in en-US search engines being added to the search engine cache for all locales, it was resulting in a cache rebuild on every restart, making the above bug worse (fixes another part of)

firefox

1791789

Set "spellchecker.dictionary_path" by default to point to /usr/share/hunspell so that system dictionaries are loaded again, now that Firefox no longer loads them from its own install directory. Fixes another part of

firefox

1791789

Final part of the fix for: Cleanup extra Amazon.com search engine in locales that have their own Amazon search engine

ghostscript

1802958

Fix dependency for libgs9-common

ghostscript

1806517

SECURITY REGRESSION: multiple regressions

gnome-desktop3

1755490

some vendors encode the screen ratio (e.g 16/9) in the EDID instead of including the screen size, detect those cases and display the product name instead of the screen diagonal.

firefox

1808980

Build with --enable-rust-simd (except on i386 and armhf)

ghostscript

1815339

SECURITY REGRESSION: High RIP_MAX_CACHE makes cups output device fail

ghostscript

1817308

SECURITY REGRESSION: Ghostscript update causes blue background

ghostscript

1815339

SECURITY REGRESSION: High RIP_MAX_CACHE makes cups output device fail, second fix attempt.

These changes mainly affect installations of Ubuntu on server systems and clouds.

maas

1509147

New Upstream Release, 1.9:

pollinate

1576333

debian/pollinate.service: Move installation from network.target to multi-user.target. network.target is too early and causes dependency loops with e. g. NFS.

pollinate

1578833

use the right flag file for

pollinate

1578833

Don't run pollinate.service in containers (as containers can't and should not write the host's random pool) and when we already have a saved random seeds (i. e. only on first boot).

pollinate

1578833

pollinate: use timeout(1) to limit curl, related to

pollinate

1555362

pollinate:

pollinate

1554152

pollinate, pollinate.1:

neutron

1414218

Backport performance fix by refactoring logging statements.:

cloud-init

1581200

debian/patches/lp-1581200-gce-metadatafqdn.patch : Remove trailing dot in metadata.google.internal GCE metadata lookup.

curl

1613698

fix problem with chunked encoded data

isc-dhcp

1529815

Fixed missing broadcast flag for Infiniband interfaces

sssd

1443802 1453253 1456498 1578191 1585698

New upstream bugfix release.

sssd

1519086

fix-upstream-2620.diff: Set sdap handle as explicitly connected in LDAP auth.

sssd

1587988

debian/patches/AD-*.diff: Prefer site-local-DCs in LDAP ping, thanks Jorge Niedbalski!

neutron

1453264

iptables_manager can run very slowly when a large number of security group rules are present

isc-dhcp

1609898

Don't assume IPv6 prefix length of 64. Pulled from debian commit c347ab8a43587164486ce1f104eedfd638594e59.

logwatch

1010602

debian/patches/fix-match-samba-logs.patch: Fix match rules for samba logs

multipath-tools

1535898

d/p/0045-fix-mpp_alias-freeing.patch, d/p/0046-revert-act_reload.patch: Fix double-free situation that generate segfaults with multipathd

pollinate

1621280

New upstream release:

linux-keystone

1626610

Release Tracking Bug

tzdata

1621373

New upstream release, with DST changes for Turkey

qemu

1606940

Apply upstream fix for memory slot alignement

vlan

1224007

If VLAN is configured with higher MTU than raw device MTU, which can happen if VLAN is ifup'ed before raw device, then increase raw device MTU first so the VLAN ifup does not fail.

strongswan

1629241

debian/patches/fix_reauth_crash.patch: auth-cfg: Fix crash after several reauthentications with multiple authentication rounds. Thanks to Tobias Brunner <tobias@strongswan.org>.

libnl3

1567578

d/p/lib-nl-Increase-receive-buffer-size-to-4-pages.patch: Increase receive buffer size to 4 pages by default..

multipath-tools

1621835

d/p/0047-Add-existing-multipath-devices-to-wwids-file-on.patch: Fix multipathd which does not update /etc/multipath/wwids file when reconfigure is invoked.

multipath-tools

1616213

d/p/0048-multipathd-delay-free-pathvec.patch : Fix SEGV on multipathd shutdown

multipath-tools

1628723

debian/patches/fix_use_after_free.patch: Fix use-after-free bugs. Thanks to Christof Schmitt <christof.schmitt@de.ibm.com> and Benjamin Marzinski <bmarzins@redhat.com>.

postgresql-9.3

1637236

New upstream bug fix release

qemu

1536331

Drop pc-1.0-qemu-kvm alias to pc-1.0, which is a duplicate id to the pc-1.0-qemu-kvm type, to fix migration from precise.

libnss-ldap

1397250

SIGPIPE not caught in do_atfork_child()

neutron

1374663

agent/linux/ip_lib.py does not correctly handle output from 'iproute2' command.:

cinder

1439371

Include boot properties from glance v2 images:

cinder

1323660

Fix extract properties from image with glance api v2:

python-glanceclient

1323660

Expose is base schema property attribute

samba

1644428

Revert to version prior to the 2:4.3.11+dfsg-0ubuntu0.14.04.2 which is causing regression with statically linked libpam_winbind. Removes d/p/fix-1584485.patch.

isc-dhcp

1633479

ipv6: wait for duplicate address detection to finish.

sssd

1640805

d/p/fix-upstream-2519.diff SSSD should not fail authentication when only allow rules are used

cloud-init

1603222

Use /dev/disk/cloud entries for ephemeral disk

walinuxagent

1603581

Backport to trusty

libspectre

1348384

Replace fix-document-rotation.patch with new version from 0.2.8. This fixes a regression introduced in 0.2.7-2ubuntu1.1 where some eps files are mostly unreadable with a black background when viewed in apps like Evince or Okular

libseccomp

1653487

Cherrypick various bpf fixes to support argument filtering on 64-bit

libseccomp

1653487

debian/patches/bpf-track-accumulator-state.patch: track accumulator state and reload it when necessary. This is the fix for. The previous patches are required by this patch.

libseccomp

1450642

Bring libseccomp 2.1.1-1ubuntu1~vivid2, from Ubuntu 14.10, to Ubuntu 14.04 and add a couple patches to account for new syscalls found in the 4.4 based hardware enablement kernel. This allows for proper snap seccomp confinement on Ubuntu 14.04 when using the hardware enablement kernel

libseccomp

1450642

sync-syscall-table-entries-3.19.patch

lxc

1647016

Cherry-pick upstream bugfix:

krb5

1643708

d/p/upstream/0001-Add-SPNEGO-special-case-for-NTLMSSP-MechListMIC.patch: Cherry-pick from upstream to add SPNEGO special case for NTLMSSP+MechListMIC. .

neutron

1411163

d/p/update_dhcp_host_portbinding_on_failover.patch: Update dhcp host portbinding on failover.

walinuxagent

1651128

New upstream release

kombu

1656333

d/p/fix-uuid-shim.patch: Cherry-pick patch from upstream to fix uuid shim in newer Python versions.

systemd

1656280

Add support for installing deputy systemd for snapd on Ubuntu Desktop 14.04.5

tomcat7

1659589

SECURITY REGRESSION: security manager startup issue

python-glanceclient

1404227

d/p/Update-HTTPS-certificate-handling-for-pep-0476.patch: Partial cherry-picks from upstream to update HTTPS certificate handling for pep-0476.

nova

1298061

Allow evacuate for an instance in the Error state

qemu

1640382

aio: fix qemu_bh_schedule() bh->ctx race condition

qemu

1587039

aio: strengthen memory barriers for bottom half scheduling

bind9

1553176

Backport (70_precise_mtime.diff) 18b87b2a58d422fe4d3073540bf89b5a812ed2e5 to trusty.

qemu

1655225

Qemu VM crash with error "bdrv_error_action: Assertion `error >= 0' failed"

postgresql-9.3

1664478

New upstream release

tcpdump

1624633

Merge from Debian unstable. Remaining changes:

tcpdump

1632399

debian/usr.sbin.tcpdump: Allow the tcpdump binary to be mapped as required by version 4.8 and newer kernels. tcpdump was immediately segfaulting when used inside of LXD containers before this AppArmor profile change.

tcpdump

1229664

debian/usr.sbin.tcpdump: allow capability net_admin to support '-j'. Patch thanks to Graeme Hewson.

tcpdump

1229664

debian/usr.sbin.tcpdump: allow capability net_admin to support '-j'. Patch thanks to Graeme Hewson.

tcpdump

1352750

Merge from Debian unstable. Remaining changes:

tcpdump

1229664

debian/usr.sbin.tcpdump: allow capability net_admin to support '-j'. Patch thanks to Graeme Hewson.

tcpdump

1229664

debian/usr.sbin.tcpdump: allow capability net_admin to support '-j'. Patch thanks to Graeme Hewson.

sssd

1641875

d/p/BUILD-Fix-linking-with-librt.patch: Upstream fix for FTBS on ppc64el/arm64 after the implementation of timer functions in watchdog.

walinuxagent

1661750

New upstream release.

walinuxagent

1657528

Change the maintainer to Ubuntu Developers.

walinuxagent

1673862

Add the dependency of isc-dhcp-client as our maintainer scripts assume it's installed.

walinuxagent

1650522

We now ship with auto-updates enabled.

walinuxagent

1673152

Add a maintscript to rename the old logrotate file on upgrade from an ancient version of walinuxagent.

maas

1669591

Stable Release Update. New MAAS upstream bugfix release 1.9.5:

landscape-client

1668583

Don't report packages that are coming from backports, so that Landscape doesn't try to upgrade to versions of packages that are in backports.

tftp-hpa

1342580

Replace the default value of TFTP_ADDRESS to :69 instead of [::]:69. The previous default caused a failure to start when the NIC is not available at startup time

libvirt

1317491

d/p/reject-blockcommit-of-active-layer.patch: Block commit code isn't ready for QEMU 2.0 and has to be blocked. This avoids virsh to hang forever on blackcommit jobs.

tomcat7

1666570

Fix an upgrade error when JAVA_OPTS in /etc/default/tomcat7 contains the '%' character.

tomcat7

1664179

Fix javax.servlet.jsp POM to use servlet-api version 3.0 instead of 2.2.

walinuxagent

1683521

New upstream release.

sosreport

1614052

Collection of the OPAL msglog

sosreport

1666239

Add ZFS sosreport plugin

sosreport

1605243

Take into account the iscsi initiator config and logs

openjdk-7

1691126

Fix JDK regression introduced by 7u131 upgrade:

cloud-initramfs-tools

1688606

Add cloud-initramfs-rooturl package.

isc-dhcp

1689854

4b8251a] DHCPv6: fix socket handling so multiple DHCPv6 local clients will successfully get addresses

ceph

1636322

Start ceph-all after static-network-up.

sssd

1566508

d/p/pidfile-creation.diff: Delay the pidfile creation until the responders are up

sssd

1669712

d/p/sanitize_newline.diff: Sanitize newline and carriage return characters before LDAP queries.

isc-dhcp

1176046

Introduction of a new binary package "isc-dhcp-client-noddns"

walinuxagent

1690854

New upstream release.

sssd

1695870

Fix regression where SSSD doesn't start on boot if autofs is not installed:

sssd

1566508

sssd-common.sssd-autofs.upstart.in: Restart autofs to read direct mounts after SSSD and autofs have started (only on startup). This keeps the fix for the autofs and SSSD race condition

ebtables

1645324

Use real locking in ebtables

logrotate

1630516

createOutputFile: rename already existing file

vlan

1573272

Don't trust ifup return code, as it returns 0 on failure; call ip link set up after ifup to force vlan raw device up.

klibc

1652348

debian/patches/dhcp-one-socket-per-interface.patch: Use separate sockets for DHCP from multiple interfaces. Thanks to Jay Vosburgh <jay.vosburgh@canonical.com>.

cinder

1692446

Fix issue that upload-to-image doesn't copy os_type property:

cloud-init

1655934

Correctly detect kernels ending in -aws as kernels that can boot on EC2

cloud-init

1379080

Consider kernels with CONFIG_XEN=y bootable on aws.

multipath-tools

1695789

Fixes multipathd crash on usa after free (mpp->alias)

multipath-tools

1687004

Fixes multipathd crash on log thread initialization

walinuxagent

1701350

New upstream release.

swift

1683076

Fix issue where swift daemons crash while writing logs to a stopped rsyslogd /dev/log socket.

rsyslog

1429427

d/p/bugfix-plug-a-memleak-in-imuxsock.patch: Applied upstream patches fixing abnormal timestamps in rsyslog when using cron.

ntp

1593907

debian/ntpdate.if-up: Drop delta to stop/start service around ntpdate updates - fixes ntp restart storms due to network changes, fixes accidential start of ntp, avoids issues of ntpdate jumping too far while running ntp was supposed to drift

pollinate

1656484

Add missing dependency on vim-common, for xxd.

ubuntu-advantage-tools

1686183

ubuntu-advantage & /etc/update-motd.d/99-esm now build, run and are quiet on non-precise release.

ubuntu-advantage-tools

1690270

Also install ca-certificates

libapache2-mod-auth-pgsql

1272857

d/p/fixdoublefree.patch: set freed pointers to NULL before subsequent checks against NULL.

libapache2-mod-auth-pgsql

1698758

d/p/crypt-check-null-1698758.patch: check for a NULL return from crypt(3)

libseccomp

1703580

debian/libseccomp-dev.install: include static library

landscape-client

1636477

Minor updates:

pollinate

1708192

New upstream release:

logcheck

1357880

ignore.d.server/dhclient: rewrite rules (

logrotate

1709670

logrotate does not ever recover from a corrupted statefile

libvirt

1707400

d/libvirt-bin.postinst: call apparmor_parser with options to ignore the apparmor cache and rebuild it, otherwise old apparmor rules are used and this might break upgrades

walinuxagent

1714299

New upstream release.

nut

1540008

debian/nut-server.postinst: The udevd process is called systemd-udevd for quite sometimes already, properly detect whether it's running or not, this should fix the devices permissions for USB UPS's

libvirt

1393842

fix guest channel support.

walinuxagent

1717306

New upstream release.

postgresql-9.3

1713979

New upstream release

vlan

1716964

Allow ip-rp-filter to be 0, 1, or 2 instead of only 0 or 1

libvirt

1571209

d/libvirt-bin.init, d/libvirt-bin.upstart: fix waiting for the libvirt socket

maas

1713795

debian/patches/fix-shim-name-lp1713795.patch: Grub package in Trusty has changed the name of the shim and has caused MAAS to being unable to import new images.

initramfs-tools

1718055

hook-functions: handle lvm-on-nvme case.

systemd

1718966

rules: introduce fsck@.service for snappy

initramfs-tools

1712491

hook-functions: include backported bnxt driver.

squid3

1423498

debian/patches/fix-assertion-ftp-put-empty-file.patch: Fix ftp assertion error when uploading empty file. Thanks to Alex Rousskov <rousskov@measurement-factory.com>.

ubuntu-advantage-tools

1719671

Backports from upstream version 13:

tzdata

1712675 1696298 1691092 1676117

New upstream release

postgresql-9.3

1730661

New upstream release

oslo.messaging

1521958

d/p/fix-rabbit-starvation-of-connections-for-reply: To solve nova-conductor infinitely loop issue.

mdadm

1617919

Prevent segfault when get_md_name() returns NULL This fixes mdadm segfaults when running inside a container.

resolvconf

1711760

Fix bad shell syntax in newly added /lib/resolvconf/net-interface-handler

resolvconf

1711760

support reading dns information written by initramfs.

hibagent

1733353

Rebuild for Trusty

mailman

1251495

Fixed a misspelling in Tagger.py that breaks Lists with topics enabled

landscape-client

1531150

Add proxy handling to package reporter.

landscape-client

1699789

Fix regression in configuration hook under install-cd chroot

landscape-client

1208393

Report autoremovable packages

landscape-client

1618483

No not re-register client by default

iproute2

1720126

debian/patches/99-increase-receive-buffer-size.patch: Fix "Message truncated" issue with many VF's. Thanks to Phil Sutter <phil@nwl.cc>.

corosync

1739033

d/p/Parser-Make-config-file-parser-more-hierarchy.patch: Fixes how corosync parses a config file with malformed entries.

maas

1732703

debian/patches/harcode-upstart-lp1732703.patch: Running snapd or livepatch in Trusty installs systemd. Due to a systemd regressions, this causes MAAS to incorrectly detect the init system. As such, hardcode the init system to upstart (as systemd is not supported in Ubuntu).

iproute2

1732032

Fix ip maddr show:

landscape-client

1742531

d/p/set-vm-info-to-kvm-for-aws-C5-instances.patch: Sets vm_info to kvm for new AWS EC2 C5 instances.

landscape-client

1743232

d/p/set-vm-info-to-kvm-for-digitalocean-instances.patch: Sets vm_info to kvm for digitalocean instances.

sosreport

1734983

d/p/0003-fix-name-containers-is-not-defined.patch: "containers" is an unknown variable, "insp" is the correct one.

sosreport

1734983

New upstream release v3.5 New features include : New plugins for :

resolvconf

1735225

Read and apply dns information written by initramfs if using rooturl (root=http* on the command line)

walinuxagent

1749589

Revert to an older upstream release: 2.2.20.

open-vm-tools

1748122

Make tools.conf template useful.

isc-dhcp

1718568

dhclient-script.linux: handle empty case also when waiting for ipv6 link local DAD.

horizon

1755027

d/openstack-dashboard.postinst: Ensure permissions are not world-readable for /etc/openstack-dashboard/local_settings.py.

pacemaker

1316970

Fixing memory leak

strongswan

1755693

d/control: Add Conflicts from strongswan-starter to openswan to avoid file conflict on upgrade.

apache2

1752683

Avoid crashes, hangs and loops by fixing mod_ldap locking:

systemd

1750013

logind: fix memleaks in session's free path and cgmanager glue code

landscape-client

1754073

d/p/detect-cloudstack-kvm-1754073.patch: Detect CloudStack kvm hypervisor

vlan

1701023

Revert change for lp1573272; instead fix by redesigning when vlan interfaces are created; after raw-device ifup, not during raw-device udev processing.

ifupdown

1701023

We are not even reading the contents of the per-interface state files when running ifquery, so there is no need to lock them. Not locking will allow ifquery to be called recursively from ifup and ifdown.

ebtables

1772456

Fix check of fcntl errno value, to allow lockfile contention to work.

sosreport

1761442

d/p/Fix-string-decoding-for-debug-log-output.patch: Fix bug in _collect_strings that causes error trying to str.decode()

pollinate

1761240

New upstream release:

smartmontools

1209085

d/p/curl-follow-redirects.patch: allow curl to follow redirects

samba

1583324

d/p/bug_1583324_include_with_macro.patch: don't fail parsing the config file if it has macros in include directives

tzdata

1750627

New upstream release. .

cloud-init

1781039

debian/patches/lp-1781039-gce-datasource-update.patch: Backport GCE datasource functionality from Xenial.

openldap

1783183

d/apparmor-profile: update apparmor profile to allow reading of files needed when slapd is behaving as a kerberos/gssapi client and acquiring its own ticket.

ceph

1798081

Don't truncate message sequence to 32-bit.

walinuxagent

1799498

New upstream release.

apache2

1529355

d/p/AuthzProviderAlias-visibility.patch: Allow <AuthzProviderAlias>'es to be seen from auth stanzas under virtual hosts

landscape-client

1788219

debian/patches/nutanix-kvm.patch: Update vm_info.py to include Nutanix hypervisor.

landscape-client

1699179

Fixes for release-upgrade.

landscape-client

1699179

debian/patches/1699179-release-upgrade-check.diff: Check if ubuntu- release-upgrader is running before apt-update.

landscape-client

1670291

debian/patches/release-upgrade-success.patch: Enable landscape-client to survive trusty upgrade.

landscape-client

1670291

debian/patches/post-upgrade-reboot.patch: Force reboot operation in case systemd fails.

landscape-client

1616116

debian/patches/1616116-resync-loop.patch: Clear hash id database on package resync.

backuppc

1576187

d/rules, d/p/smb-compat-fix.patch: cope with changes in newer smbclient. Thanks to Maksym Schipka <maksym@hotmail.com>

backuppc

1677755

d/t/{control,smb-backup}: simple smb-based DEP8 test

sqlite3

1814869

d/p/0001-Fix-a-parsing-issue-associated-with-a-corrupt-sqlite.patch: Check if parser is busy before using it and raise an error if positive.

Kernel and Hardware support updates

Considerable work has been done in Ubuntu 14.04.5 on improving support for many specific items of hardware.

Note that upstream commits to stable kernel releases are listed separately below.

linux-meta

1609945

Update HWE meta packages to point to xenial

linux-lts-xenial

1612135

CIFS client: access problems after updating to kernel 4.4.0-29-generic

linux-lts-xenial

1618572

apt-key add fails in overlayfs

linux-lts-xenial

1618040

Release Tracking Bug

linux-lts-xenial

1591655

Feature] Instruction decoder support for new SKX instructions- AVX512

linux-lts-xenial

1608652

Ubuntu 16.04] FCoE Lun not visible in OS with inbox driver - Issue with ioremap() call on 32bit kernel

linux-lts-xenial

1591802

Feature] turbostat support for Skylake-SP server

linux-lts-xenial

1616894

BYT] display hotplug doesn't work on console

linux-lts-xenial

1520446

Feature]intel_idle enabling on Broxton-P

linux-lts-xenial

1591815

Feature] EDAC: Update driver for SKX-SP

linux-lts-xenial

1591648

Feature] KBL: Sandy Peak(3168) WiFi/BT support

linux-lts-xenial

1616813

Please add support for alps touchpad.

linux-lts-xenial

1616781

DINO2M - System hangs with a black screen during s4 stress test

linux-lts-xenial

1611833

Xenial update to v4.4.17 stable release

linux-lts-xenial

1615665

Enable virtual scsi server driver for Power

linux-lts-xenial

1613295

AES-XTS poor performance in Ubuntu 16.04

linux-lts-xenial

1616318

System hang when plug/pull USB 3.1 key via thunderbolt port over 5 times

linux-lts-xenial

1615893

change_hat is logging failures during expected hat probing

linux-lts-xenial

1615892

deleted files outside of the namespace are not being treated as disconnected

linux-lts-xenial

1615890

stacking to unconfined in a child namespace confuses mediation

linux-lts-xenial

1615895

apparmor module parameters can be changed after the policy is locked

linux-lts-xenial

1579135

AppArmor profile reloading causes an intermittent kernel BUG

linux-lts-xenial

1615889

label vec reductions can result in reference labels instead of direct access to labels

linux-lts-xenial

1615887

profiles from different namespaces can block other namespaces from being able to load a profile

linux-lts-xenial

1592547

vmalloc failure leads to null ptr dereference in aa_dfa_next

linux-lts-xenial

1615885

vmalloc_addr is being checked on the failed return address of kvzalloc()

linux-lts-xenial

1615882

dfa is missing a bounds check which can cause an oops

linux-lts-xenial

1615881

The label build for onexec when stacking is wrong

linux-lts-xenial

1615880

The inherit check for new to old label comparison for domain transitions is wrong

linux-lts-xenial

1593874

warning stack trace while playing with apparmor namespaces

linux-lts-xenial

1615878

label_update proxy comparison test is wrong

linux-lts-xenial

1615620

Xenial update to v4.4.19 stable release

linux-lts-xenial

1614565

ISST-LTE:pKVM311:lotg5:Ubutu16041:lotg5 crashed @ writeback_sb_inodes+0x30c/0x590

linux-lts-xenial

1612725

IBM Power 720 Ethernet Not Seen

linux-lts-xenial

1612431

CAPI: Update default setting for the psl_fir_cntl register

linux-lts-xenial

1614560

Xenial update to v4.4.18 stable release

linux-lts-xenial

1614309

Ubuntu16.10:installation fails on Brazos system (31TB and 192 cores) No memory for flatten_device_tree (no room)

linux-lts-xenial

1613157

SRU] xgene_enet: 10g performance only hits ~75% on multi-client tests

linux-lts-xenial

1611399

SRU] xgene_enet: an extra interrupt may be pending for an interrupt controller that doesn't support irq_disable and hardware with level interrupt

linux-lts-xenial

1609606

Mic mute hotkey does not work on usb keyboard [03f0:2f4a]

dkms

1608499

debian/patches/Parallel-depmod-failure.patch:

linux-lts-xenial

1615665

Enable virtual scsi server driver for Power

dkms

1588479

apport_name_in_valueerror.diff:

makedumpfile

1634132

Remove hugepages/hugepagesz from kdump's cmdline.

linux

1563345

Trusty update to 3.16.7-ckt26 stable release

linux

1514911

Trusty update to 3.16.7-ckt19 stable release

linux

1493305

Trusty update to 3.13.11-ckt26 stable release

linux-lts-xenial

1636951

Release Tracking Bug

shim-signed

1604936

Add a --help option, document other options.

shim-signed

1595611

Rework prompting to display our Secure Boot warning and explanation text more prominently, rather than forcing graphical users to hit "Help" to see the full explanation for why we ask about disabling Secure Boot.

klibc

1624014

debian/patches/fix_broadcast_flag-bit.patch: the previous patch set the wrong bit in the bootp flags field, instead of 0x800 it must be 0x8000.

ubuntu-drivers-common

1642662

Add all the necessary changes for nvidia and hybrid graphics to handle the new kernel modules and the EGL alternatives. Also detect the new amdgpu driver.

util-linux

1640823

mount/lomount.c: Query /dev/loop-control for next free loopback device.

initramfs-tools

1500751

hooks/framebuffer: Copy kernel/ubuntu/i915 backport driver too.

linux-firmware

1646197

Trigger update-initramfs following linux-firmware install

linux-firmware

1642709

Add i915/skl_guc_ver6.bin to linux-firmware in Trusty

initramfs-tools

1496163

hook-functions: firmware -- copy symlink components into initramfs

linux-lts-xenial

1657434

Release Tracking Bug

linux-lts-xenial

1657353

Backport DP MST fixes to i915

linux-lts-xenial

1657281

Ubuntu xenial - 4.4.0-59-generic i3 I/O performance issue

linux-lts-xenial

1656810

Release Tracking Bug

linux-lts-xenial

1656084

Release Tracking Bug

linux-lts-xenial

1634129

Couldn't emulate instruction 0x7813427c

linux-lts-xenial

1560482

perf: 24x7: Eliminate domain name suffix in event names

linux-lts-xenial

1655040

i386 ftrace tests hang on ADT testing

linux-lts-xenial

1651322

VMX module autoloading if available

linux-lts-xenial

1654497

ACPI probe support for AD5592/3 configurable multi-channel converter

linux-lts-xenial

1654602

Xenial update to v4.4.40 stable release

linux-lts-xenial

1639810

igb i210 probe of pci device failed with error -2

linux-lts-xenial

1652018

PowerNV: PCI Slot is invalid after fencedPHB Error injection

linux-lts-xenial

1635177

mfd: intel-lpss: Add default I2C device properties for Apollo Lake

linux-lts-xenial

1650609

Xenial update to v4.4.39 stable release

linux-lts-xenial

1650607

Xenial update to v4.4.38 stable release

linux-lts-xenial

1650604

Xenial update to v4.4.37 stable release

linux-lts-xenial

1650601

Xenial update to v4.4.36 stable release

linux-meta

1601954

ensure all items are included in changelog and standardise packaging

linux-lts-xenial

1663662

Release Tracking Bug

linux-lts-xenial

1660704

Release Tracking Bug

linux-lts-xenial

1630238

regression 4.8.0-14 -> 4.8.0-17] keyboard and touchscreen lost on Acer Chromebook R11

linux-lts-xenial

1652132

Call trace when testing fstat stressor on ppc64el with virtual keyboard and mouse present

linux-lts-xenial

1658491

VLAN SR-IOV regression for IXGBE driver

linux-lts-xenial

1655842

"Out of memory" errors after upgrade to 4.4.0-59

linux-lts-xenial

1657194

Backport 3 patches to fix bugs with AIX clients using IBMVSCSI Target Driver

linux-lts-xenial

1656913

NVMe: adapter is missing after abnormal shutdown followed by quick reboot, quirk needed

linux-lts-xenial

1625318

Ubuntu 16.10 KVM SRIOV: if enable sriov while ping flood is running ping will stop working

linux-lts-xenial

1649718

Linux rtc self test fails in a VM under xenial

linux-lts-xenial

1658091

Xenial update to v4.4.44 stable release

linux-lts-xenial

1657540

Hyper-V] netvsc: add rcu_read locked to netvsc callback

linux-lts-xenial

1650059

Hyper-V] Rebase Hyper-V in 16.04 and 16.10 to the the upstream 4.9 kernel

linux-lts-xenial

1655420

Ubuntu - ibmveth: abnormally large TCP MSS value caused a TCP session to hang with a zero window

linux-lts-xenial

1640786

netfilter regression introducing a performance slowdown in binary arp/ip/ip6tables

linux-lts-xenial

1655002

Move some kernel modules to the main kernel package (part 2)

linux-lts-xenial

1656876

Xenial update to v4.4.43 stable release

linux-lts-xenial

1655969

Xenial update to v4.4.42 stable release

linux-lts-xenial

1655041

Xenial update to v4.4.41 stable release

linux-meta-lts-xenial

1601954

ensure all items are included in changelog and standardise packaging

linux

1666905

Release Tracking Bug

linux

1660519

Windows guest got 0x5c BSOD when rebooting

linux

1662096

ipv6: fix a refcnt leak with peer addr

linux

1660519

Windows guest got 0x5c BSOD when rebooting

linux

1662096

ipv6: fix a refcnt leak with peer addr

linux-meta

1666897

make linux-image-* Breaks: snapd before 2.23.1

linux-lts-xenial

1668594

Recent KVM RTC cherry-picks break (some) Windows Live-Migrations

linux-lts-xenial

1665211

Upgrade Redpine RS9113 driver to support AP mode

linux-lts-xenial

1649292

NFS client : permission denied when trying to access subshare, since kernel 4.4.0-31

linux-lts-xenial

1665097

Hyper-V] SAUCE: pci-hyperv fixes for SR-IOV on Azure

linux-lts-xenial

1664960

Xenial update to v4.4.49 stable release

linux-lts-xenial

1650336

NFS client : kernel 4.4.0-57 crash with nfsv4 enries in /etc/fstab

linux-lts-xenial

1664809

0bda:0328] Card reader failed after S3

linux-lts-xenial

1662551

ibmvscsis: Add SGL LIMIT

linux-lts-xenial

1662666

ISST-LTE:pNV: ppc64_cpu command is hung w HDs, SSDs and NVMe

linux-lts-xenial

1624164

Possible missing firmware /lib/firmware/i915/kbl_dmc_ver1.bin for module i915_bpo

linux-lts-xenial

1662763

Intel I210 ethernet does not work both after S3

linux-lts-xenial

1661430

Hyper-V] Fix ring buffer handling to avoid host throttling

linux-lts-xenial

1645037

apparmor_parser hangs indefinitely when called by multiple threads

linux-lts-xenial

1660842

apparmor not checking error if security_pin_fs() fails

linux-lts-xenial

1659417

docker permission issues with overlay2 storage driver

linux-lts-xenial

1663657

Xenial update to v4.4.48 stable release

linux-lts-xenial

1662507

Xenial update to v4.4.47 stable release

linux-lts-xenial

1660994

Xenial update to v4.4.46 stable release

linux-lts-xenial

1660993

Xenial update to v4.4.45 stable release

linux-meta-lts-xenial

1666897

make linux-image-* Breaks: snapd before 2.23.1

crash

1607894

Fix for: Unable to analyse vmcore/dump via crash due to bad kernel debug info build.

initramfs-tools

1649213

hook-functions: copy xhci-plat-hcd also.

makedev

1675163

Don't attempt to create /dev devices when inside a container.

linux-lts-xenial

1676747

Enable lspcon on i915

linux-lts-xenial

1483101

Broadcom bluetooth modules sometimes fail to initialize

binutils

1644363

002-dont-segv-on-initial-instructions-overflow.patch: Fix ld crash on arm64

linux-lts-xenial

1659111

UbuntuKVM guest crashed while running I/O stress test with Ubuntu kernel 4.4.0-47-generic

linux-lts-xenial

1683728

Xenial update to v4.4.62 stable release

linux-lts-xenial

1591641

Feature] KBL: intel_powerclamp driver support

linux-lts-xenial

1682103

sysfs channel reads of lps22hb pressure sensor are stale

linux-lts-xenial

1667323

Backlight control does not work and there are no entries in /sys/class/backlight

linux-lts-xenial

1591640

Feature] KBL: intel_rapl driver support

linux-lts-xenial

1682140

Xenial update to v4.4.61 stable release

linux-lts-xenial

1681862

Xenial update to v4.4.60 stable release

linux-lts-xenial

1669672

Upgrade Redpine WLAN/BT driver to ver. 1.2.RC4

linux-lts-xenial

1685133

Fix RX fail issue on Exar USB serial driver after resume from S3/S4

kexec-tools

1705054

Fixes non-efi systems, upstream code regression not present

linux-lts-xenial

1709032

Creating conntrack entry failure with kernel 4.4.0-89

linux-lts-xenial

1709032

Creating conntrack entry failure with kernel 4.4.0-89

grub2-signed

1637290

Rebuild against grub-efi-amd64 2.02~beta2-9ubuntu1.14

grub2

1637290

debian/patches/install_signed.patch: update to use the new names for the shim binary (shim$arch) and MokManager (mm$arch).

shim

1644806

debian/patches/0001-shim-fix-the-mirroring-MokSBState-fail.patch: guard against errors in mirroring MokSBState to MokSBStateRT. Thanks to Ivan Hu for the patch. This will fix issues updating MokSBStateRT if the variable already exists with different attributes.

shim-signed

1700170

Backport shim-signed 1.32 to 14.04.

shim-signed

1695578

update-secureboot-policy: track the installed DKMS modules so we can skip failing unattended upgrades if they hasn't changed (ie. if no new DKMS modules have been installed, just honour the user's previous decision to not disable shim validation).

shim-signed

1673904

update-secureboot-policy: allow re-enabling shim validation when no DKMS packages are installed.

shim-signed

1680279

debian/source_shim-signed.py: add the textual representation of SecureBoot and MokSBStateRT EFI variables rather than just adding the files directly; also, make sure we include the relevant EFI bits from kernel log.

shim-signed

1680279

Adjust apport hook to include key files that tell us about the system's current SB state. .

shim-signed

1673817

detect when we have no debconf prompting and error out instead of ending up in an infinite loop. .

shim-signed

1673817

some more fixes to properly handle non-interactive mode.

shim-signed

1581299

Update to the signed 0.9+1465500757.14a5905-0ubuntu1 binary from Microsoft.

lshw

1471983

Fix situation where lshw segfaults, when there is an external USB 3.0 drive connected to the system.

linux-lts-xenial

1730596

s390/mm: fix write access check in gup_huge_pmd()

linux-lts-xenial

1729107

Xenial update to 4.4.95 stable release

linux-lts-xenial

1729105

Xenial update to 4.4.94 stable release

linux-lts-xenial

1721538

Remove vmbus-rdma driver from Xenial kernel

linux-lts-xenial

1708499

usb 3-1: 2:1: cannot get freq at ep 0x1

linux-lts-xenial

1709282

Plantronics Blackwire C520-M - Cannot get freq at ep 0x1, 0x81

linux-lts-xenial

696435

wait-for-root fails to detect nbd root

linux-lts-xenial

1718388

Fix OpenNSL GPL bugs found by CoverityScan static analysis

linux-lts-xenial

1722719

HID: multitouch: Correct ALPS PTP Stick and Touchpad devices ID

linux-lts-xenial

1724836

Xenial update to 4.4.93 stable release

linux-lts-xenial

1721065

NULL pointer dereference in tty_write() in kernel 4.4.0-93.116+

linux-lts-xenial

1724783

Xenial update to 4.4.92 stable release

linux-lts-xenial

1724772

Xenial update to 4.4.91 stable release

linux-lts-xenial

1737033

upgrading linux-image package to 4.4.0-103.126 breaks Ceph network file system connection

intel-microcode

1335156

New upstream data file: microcode-20140624

initramfs-tools

1713004

mkinitramfs: Delete or report temporary files in /var/tmp/ on failure.

linux-lts-xenial

1737033

upgrading linux-image package to 4.4.0-103.126 breaks Ceph network file system connection

btrfs-tools

1735046

Cherry-pick upstream fix loop device mount checks

intel-microcode

1742933

Revert to 20170707 version of microcode because of regressions on certain hardware.

linux-meta

1738259

Make the kernel image packages depend on the cpu microcode updates, to ensure they are pulled into all host installs of Ubuntu on upgrade..

linux-meta-lts-xenial

1738259

Make the kernel image packages depend on the cpu microcode updates, to ensure they are pulled into all host installs of Ubuntu on upgrade..

xfsprogs

1763086

dda4129] xfs_logprint: Handle multiply-logged inode fields. xlog_print_trans_inode() will error "illegal inode type" if more than one flag is set on f->ilf_fields.

intel-microcode

1769043

SECURITY UPDATE: New upstream microcode data file 20180425 to provide IBRS/IBPB/STIBP microcode support for Spectre variant 2 mitigation for Pentium Silver N/J5xxx, Celeron N/J4xxx (sig 0x000706a1) and Xeon E5/E7 v4; Core i7-69xx/68xx (sig 0x000406f1)

linux-meta

1738259

need to ensure microcode updates are available to all bare-metal installs of Ubuntu

linux-meta

1738259

need to ensure microcode updates are available to all bare-metal installs of Ubuntu

kmod

1696710

depmod-ignore-powerpc64-abiv2-toc-symbol.patch: Ignore the TOC symbol in depmod on PPC64 as it does not need to be relocated

linux-meta

1738259

need to ensure microcode updates are available to all bare-metal installs of Ubuntu

linux-meta-lts-xenial

1738259

need to ensure microcode updates are available to all bare-metal installs of Ubuntu

initramfs-tools

1771557

hook-functions: handle md arrays with nvme disk members.

amd64-microcode

1779092

REGRESSION UPDATE: revert to 2.20131007.1+really20130710.1 due to 3.20180524.1~ubuntu0.14.04.1 causing boot looping for some AMD processors

squashfs-tools

1779914

debian/patches/0004-use-macros-not-raw-octal-with-chmod.patch, debian/patches/0005-also-set-stickybit-as-non-root.patch: apply stickybit when run as non-root. Patches thanks to Tyler Hicks.

linux-lts-xenial

1781413

Cannot set MTU higher than 1500 in Xen instance

zlib

1766566

SRU:.

intel-microcode

1778738

Default to early instead of auto, and install all of the microcode, not just the one matching the current CPU, if MODULES=most is set in the initramfs-tools config

linux

1787258

3.13.0-155.205 Kernel Panic - divide by zero

amd64-microcode

1778738

Install (all) microcode on non-amd systems too if MODULES=most in initramfs-tools config

linux-base

1766728

Update trusty to the latest linux-base.

linux-lts-xenial

1785739

Regression] APM Merlin boards fail to recover link after interface down/up

linux-lts-xenial

1788035

nvme: avoid cqe corruption

gnu-efi

1790709

New upstream version 3.0.8.

grub2-signed

1708245

Rebuild against grub-efi-amd64 2.02~beta2-9ubuntu1.14

shim-signed

1708245

Backport shim-signed 1.33.1 to 14.04.

shim-signed

1708245

Update to the signed 13-0ubuntu2 binary from Microsoft.

grub2

1708245

util/grub-install.c: Use MokManager EFI binary name without the .signed extension now that shim handles signing via sbsigntool natively.

linux-lts-xenial

1793753

kernel panic - null pointer dereference on ipset operations

shim-signed

1792497

debian/control: Add a Pre-Depends on dpkg (>= 1.17.5ubuntu5.8) in order to help ensure upgrades have the right dpkg to be able to extract shim.

secureboot-db

1776996

Backport secureboot-db from cosmic to apply the August 2016 dbx updates from Microsoft. .

linux-azure

1796542

Silent data corruption in Linux kernel 4.15

linux-azure

1789746

getxattr: always handle namespaced attributes

linux-azure

1789118

Fails to boot under Xen PV: BUG: unable to handle kernel paging request at edc21fd9

linux-azure

1791569

some nvidia p1000 graphic cards hang during the boot

linux-azure

1783746

ipmmu is always registered

linux-azure

1794889

Bionic update: upstream stable patchset 2018-09-27

mokutil

1797011

Backport mokutil 0.3.0+1538710437.fb6250f-0ubuntu2 to 14.04.

linux-azure

1722226

linux-azure: fix systemd ADT test failure

linux

1797546

dev test in ubuntu_stress_smoke_test cause kernel oops on T-3.13

linux-lts-xenial

1797092

xenial guest on arm64 drops to busybox under openstack bionic-rocky

linux-lts-xenial

1801900

Xenial update: 4.4.162 upstream stable release

linux-lts-xenial

1801893

Xenial update: 4.4.161 upstream stable release

linux-lts-xenial

1793451

mlock203 test in ubuntu_ltp_syscalls failed with Xenial kernel

hwdata

1755490

Change PNP vendor name for GSM to LG Electronics

systemd

1802525

d/p/0001-udev-build-by-path-identifiers-for-ATA-devices.patch create /dev/disk/by-path/ symlinks for (s)ata disks

mountall

1807077

try_udev_device: Ignore udev block device nodes which are missing devnames.

grub2

1785033

debian/patches/0001-i386-linux-Add-support-for-ext_lfb_base.patch: Add support for ext_lfb_base.

grub2

1642298

Add grub2/update_nvram template to allow users to disable NVRAM updates during package upgrades.

grub2

1696599

debian/patches: Rework linuxefi/SecureBoot support and sync with upstream SB patch set:

grub2

1792575

debian/patches/linuxefi_fix_relocate_coff.patch: fix typo in relocate_coff() causing issues with relocation of code in chainload.

grub2

1792575

debian/patches/linuxefi_truncate_overlong_relocs.patch: The Windows 7 bootloader has inconsistent headers; truncate to the smaller, correct size to fix chainloading Windows 7.

grub2-signed

1785033

Rebuild against grub-efi-amd64 2.02~beta2-9ubuntu1.16

grub2-signed

1642298

Rebuild against grub-efi-amd64 2.02~beta2-9ubuntu1.16

grub2-signed

1696599

Rebuild against grub-efi-amd64 2.02~beta2-9ubuntu1.16

grub2-signed

1792575

Rebuild against grub-efi-amd64 2.02~beta2-9ubuntu1.16

shim-signed

1748983

update-secureboot-policy:

dkms

1772950

Move to signing just after module build to ensure it correctly applies at kernel update times.

dkms

1748983

Generate a new MOK if there isn't one yet, and use that so sign newly-built kernel modules.

Unsorted changes

lsb

1582813

01-upstart-lsb: when diverting an init script to an upstart job, we can't directly map the 'status' subcommand to /sbin/status because the return value of the latter is always 0 if we communicated successfully with upstart. Instead, parse the output of the command to correctly map this to the LSB return codes. .

python3.4

1620754

SRU:: Fix invalid code in pyhash/siphash24. Issue #28055.

apt

1625667

Fixes failure to download the Package index file when using mirror:// URL in sources.list and the archive fails to profile a file. APT would try the next archive in the list for .deb packages but did not retry when the index file failed to download.

distro-info-data

1634235

Copy data from 0.30

sudo

1595558

include /snap/bin in the secure_path

debootstrap

1636583

Add (Ubuntu) zesty as a symlink to gutsy.

init-system-helpers

1616422

script/deb-systemd-invoke: Replace with /bin/true. systemd as pid 1 and for /lib/systemd/system/ is not supported in Ubuntu 14.04. It will only be supported as "deputy init" running as an upstart job and handling /lib/systemd/upstart/ (and /{run,etc}/systemd/system as usual). This completely disables the handling of systemd units shipped by Ubuntu packages, to avoid suddenly breaking them when installing them alongside the new deputy systemd init.

systemd

1616422

Build systemd binary package. Drop installation of /etc/* aside from systemd's own config files. This avoids a package conflict with systemd-services and we don't want to support the full feature set anyway.

deja-dup

918489

Fixes a bug that allowed an incorrect password when making a new full backup

apparmor

1641243

This allows for proper snap confinement on Ubuntu 14.04 when using the hardware enablement kernel

systemd

1642903

rules: introduce disk/by-id (wwid and model_serial) symlinks for NVMe drives

systemd

1562344

keymap: Some HP refactoring, add Probook 440 G3 keys

systemd

1660573

Do not create /run/nologin, and thus make sure deputy systemd does not prevent system logins..

systemd

1647485

d/p/0001-libudev-util-change-util_replace_whitespace-to-retur.patch, d/p/0002-udev-event-add-replace_whitespace-param-to-udev_even.patch, d/p/0003-udev-rules-perform-whitespace-replacement-for-symlin.patch: Cherry-pick upstream fixes from Dan Streetman <ddstreet@ieee.org> to fix by-id symlinks for devices whose IDs contain whitespace..

distro-info-data

1685055

Copy data from 0.35

bash

1422795

When the readline `revert-all-at-newline' option is set, pressing newline when the current line is one retrieved from history results in a double free and a segmentation fault..

debootstrap

1698686

Add (Debian) stretch, buster and bullseye as a symlink to sid.

ubufox

1627808

Add multiProcessCompatible to the install.rdf. Thanks to Shih-Yuan Lee for this

gdebi

1352322

Backport a fix from 0.9.5.5 to fix FTBFS with non en_US locales

distro-info-data

1727046

Add Ubuntu 18.04 LTS Bionic Beaver.

squashfs-tools

1555305

debian/patches/0003-unsquashfs-preserve-symlink-times.patch: Preserve atime and mtime of symlink inodes in unsquashfs rather than using the current time

apparmor

1717714

Modify the existing/renamed patch to use the dir that should be use to patch a profile. profiles-14.04/ should be use instead of profiles/ which is not use.

gcc-4.8

1749261

mindirect-branch-register, and -mfunction-return= support

debootstrap

1727732

Add (Ubuntu) bionic as a symlink to gutsy.

dpkg

1730627

Add support for .deb archives with a control member not compressed (control.tar) or compressed with xz (control.tar.xz).

apt

1332440

ExecFork: Use /proc/self/fd to determine which files to close.

distro-info-data

1769992

Add Ubuntu 18.10 Cosmic Cuttlefish.

distro-info-data

1743936

Correct EOL date for zesty.

apport

1733366

REGRESSION UPDATE: Fix regression that caused a Traceback in the container support

apport

1746668

data/apport: Properly handle crashes originating from a PID namespace.

debootstrap

1773496

Add (Ubuntu) cosmic as a symlink to gutsy.

python-apt

1737441

Raise CacheMismatchError if objects passed to DepCache are from different cache; also includes the following regression fixes from bionic:

clamav

1783632

SECURITY REGRESSION: clamav-daemon fails to start due to options removed in new version and manually edited configuration file.

clamav

1792051

debian/clamav-daemon.config.in: fix infinite loop during dpkg-reconfigure

apparmor

1788929

disallow writes to thumbnailer dir

apparmor

1794848

disallow access to the dirs of private files

apturl

1338482

Make Synaptic backend actually work.

distro-info-data

1800656

Add Ubuntu 19.04 Disco Dingo.

debootstrap

1773496

For (Ubuntu) releases disco+ default to MERGED_USR=yes, -k extract option.

apt

1815187

Fix crashes in apt search, cache file

apt

1815129

backport "do not segfault in cache generation on mmap failure" (Closes: 803417)

TrustyTahr/ReleaseNotes/ChangeSummary/14.04.6 (last edited 2019-03-06 10:25:11 by sil2100)