-
linux-oracle (6.8.0-1005.5) noble; urgency=medium
* noble/linux-oracle: 6.8.0-1005.5 -proposed tracker (LP: #2062926)
* Packaging resync (LP: #1786013)
- [Packaging] debian.oracle/dkms-versions -- update from kernel-versions
(main/d2024.04.16)
* Rebase on Ubuntu-6.8.0-31.31
-- Andrea Righi <email address hidden> Sat, 20 Apr 2024 01:13:13 +0200
-
linux-oracle (6.8.0-1004.4) noble; urgency=medium
* noble/linux-oracle: 6.8.0-1004.4 -proposed tracker (LP: #2061873)
* Rebase on Ubuntu-6.8.0-28.28
-- Paolo Pisati <email address hidden> Tue, 16 Apr 2024 19:36:13 +0200
-
linux-oracle (6.8.0-1003.3) noble; urgency=medium
* noble/linux-oracle: 6.8.0-1003.3 -proposed tracker (LP: #2061098)
* Packaging resync (LP: #1786013)
- [Packaging] debian.oracle/dkms-versions -- update from kernel-versions
(main/d2024.04.04)
- [Packaging] drop getabis data
- [Packaging] Replace fs/cifs with fs/smb in inclusion list
* Provide an arm64 linux-oracle 64k kernel variant (LP: #2052469)
- [Packaging] oracle: Adding 64KB page flavor
* Miscellaneous Ubuntu changes
- rebase on Ubuntu-6.8.0-25.25
- [Config] updateconfigs following Ubuntu-6.8.0-25.25 rebase
- [Packaging] sync build dependencies with generic
-- Paolo Pisati <email address hidden> Fri, 12 Apr 2024 12:45:51 +0200
-
linux-oracle (6.8.0-1002.2) noble; urgency=medium
* noble/linux-oracle: 6.8.0-1002.2 -proposed tracker (LP: #2060230)
* Packaging resync (LP: #1786013)
- [Packaging] debian.oracle/dkms-versions -- update from kernel-versions
(main/d2024.04.04)
- [Packaging] drop getabis data
- [Packaging] Replace fs/cifs with fs/smb in inclusion list
* Provide an arm64 linux-oracle 64k kernel variant (LP: #2052469)
- [Packaging] oracle: Adding 64KB page flavor
* Miscellaneous Ubuntu changes
- [Config] updateconfigs following 6.8.0-24.24 rebase
[ Ubuntu: 6.8.0-24.24 ]
* noble/linux: 6.8.0-24.24 -proposed tracker (LP: #2060654)
* Add Real-time Linux Analysis tool (rtla) to linux-tools (LP: #2059080)
- [Packaging] update dependencies for rtla
[ Ubuntu: 6.8.0-23.23 ]
* noble/linux: 6.8.0-23.23 -proposed tracker (LP: #2060530)
* Packaging resync (LP: #1786013)
- debian.master/dkms-versions -- update from kernel-versions
(main/d2024.04.02)
* Noble update: v6.8.4 upstream stable release (LP: #2060533)
- Revert "workqueue: Shorten events_freezable_power_efficient name"
- Revert "workqueue: Don't call cpumask_test_cpu() with -1 CPU in
wq_update_node_max_active()"
- Revert "workqueue: Implement system-wide nr_active enforcement for unbound
workqueues"
- Revert "workqueue: Introduce struct wq_node_nr_active"
- Revert "workqueue: RCU protect wq->dfl_pwq and implement accessors for it"
- Revert "workqueue: Make wq_adjust_max_active() round-robin pwqs while
activating"
- Revert "workqueue: Move nr_active handling into helpers"
- Revert "workqueue: Replace pwq_activate_inactive_work() with
[__]pwq_activate_work()"
- Revert "workqueue: Factor out pwq_is_empty()"
- Revert "workqueue: Move pwq->max_active to wq->max_active"
- Revert "workqueue.c: Increase workqueue name length"
- Linux 6.8.4
* Noble update: v6.8.3 upstream stable release (LP: #2060531)
- drm/vmwgfx: Unmap the surface before resetting it on a plane state
- wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach
- wifi: brcmfmac: avoid invalid list operation when vendor attach fails
- media: staging: ipu3-imgu: Set fields before media_entity_pads_init()
- arm64: dts: qcom: sc7280: Add additional MSI interrupts
- remoteproc: virtio: Fix wdg cannot recovery remote processor
- clk: qcom: gcc-sdm845: Add soft dependency on rpmhpd
- smack: Set SMACK64TRANSMUTE only for dirs in smack_inode_setxattr()
- smack: Handle SMACK64TRANSMUTE in smack_inode_setsecurity()
- arm: dts: marvell: Fix maxium->maxim typo in brownstone dts
- drm/vmwgfx: Fix possible null pointer derefence with invalid contexts
- arm64: dts: qcom: sm8450-hdk: correct AMIC4 and AMIC5 microphones
- serial: max310x: fix NULL pointer dereference in I2C instantiation
- drm/vmwgfx: Fix the lifetime of the bo cursor memory
- pci_iounmap(): Fix MMIO mapping leak
- media: xc4000: Fix atomicity violation in xc4000_get_frequency
- media: mc: Add local pad to pipeline regardless of the link state
- media: mc: Fix flags handling when creating pad links
- media: nxp: imx8-isi: Check whether crossbar pad is non-NULL before access
- media: mc: Add num_links flag to media_pad
- media: mc: Rename pad variable to clarify intent
- media: mc: Expand MUST_CONNECT flag to always require an enabled link
- media: nxp: imx8-isi: Mark all crossbar sink pads as MUST_CONNECT
- md: use RCU lock to protect traversal in md_spares_need_change()
- KVM: Always flush async #PF workqueue when vCPU is being destroyed
- arm64: dts: qcom: sm8550-qrd: correct WCD9385 TX port mapping
- arm64: dts: qcom: sm8550-mtp: correct WCD9385 TX port mapping
- cpufreq: amd-pstate: Fix min_perf assignment in amd_pstate_adjust_perf()
- thermal/intel: Fix intel_tcc_get_temp() to support negative CPU temperature
- powercap: intel_rapl: Fix a NULL pointer dereference
- powercap: intel_rapl: Fix locking in TPMI RAPL
- powercap: intel_rapl_tpmi: Fix a register bug
- powercap: intel_rapl_tpmi: Fix System Domain probing
- powerpc/smp: Adjust nr_cpu_ids to cover all threads of a core
- powerpc/smp: Increase nr_cpu_ids to include the boot CPU
- sparc64: NMI watchdog: fix return value of __setup handler
- sparc: vDSO: fix return value of __setup handler
- selftests/mqueue: Set timeout to 180 seconds
- pinctrl: qcom: sm8650-lpass-lpi: correct Kconfig name
- ext4: correct best extent lstart adjustment logic
- drm/amdgpu/display: Address kdoc for 'is_psr_su' in 'fill_dc_dirty_rects'
- block: Clear zone limits for a non-zoned stacked queue
- kasan/test: avoid gcc warning for intentional overflow
- bounds: support non-power-of-two CONFIG_NR_CPUS
- fat: fix uninitialized field in nostale filehandles
- fuse: fix VM_MAYSHARE and direct_io_allow_mmap
- mfd: twl: Select MFD_CORE
- ubifs: Set page uptodate in the correct place
- ubi: Check for too small LEB size in VTBL code
- ubi: correct the calculation of fastmap size
- ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path
- mtd: rawnand: meson: fix scrambling mode value in command macro
- md/md-bitmap: fix incorrect usage for sb_index
- x86/nmi: Fix the inverse "in NMI handler" check
- parisc/unaligned: Rewrite 64-bit inline assembly of emulate_ldd()
- parisc: Avoid clobbering the C/B bits in the PSW with tophys and tovirt
macros
- parisc: Fix ip_fast_csum
- parisc: Fix csum_ipv6_magic on 32-bit systems
- parisc: Fix csum_ipv6_magic on 64-bit systems
- parisc: Strip upper 32 bit of sum in csum_ipv6_magic for 64-bit builds
- md/raid5: fix atomicity violation in raid5_cache_count
- iio: adc: rockchip_saradc: fix bitmask for channels on SARADCv2
- iio: adc: rockchip_saradc: use mask for write_enable bitfield
- docs: Restore "smart quotes" for quotes
- cpufreq: Limit resolving a frequency to policy min/max
- PM: suspend: Set mem_sleep_current during kernel command line setup
- vfio/pds: Always clear the save/restore FDs on reset
- clk: qcom: gcc-ipq5018: fix terminating of frequency table arrays
- clk: qcom: gcc-ipq6018: fix terminating of frequency table arrays
- clk: qcom: gcc-ipq8074: fix terminating of frequency table arrays
- clk: qcom: gcc-ipq9574: fix terminating of frequency table arrays
- clk: qcom: camcc-sc8280xp: fix terminating of frequency table arrays
- clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays
- clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays
- usb: xhci: Add error handling in xhci_map_urb_for_dma
- powerpc/fsl: Fix mfpmr build errors with newer binutils
- USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB
- USB: serial: add device ID for VeriFone adapter
- USB: serial: cp210x: add ID for MGP Instruments PDS100
- wifi: mac80211: track capability/opmode NSS separately
- USB: serial: option: add MeiG Smart SLM320 product
- KVM: x86/xen: inject vCPU upcall vector when local APIC is enabled
- USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M
- PM: sleep: wakeirq: fix wake irq warning in system suspend
- mmc: tmio: avoid concurrent runs of mmc_request_done()
- fuse: replace remaining make_bad_inode() with fuse_make_bad()
- fuse: fix root lookup with nonzero generation
- fuse: don't unhash root
- usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros
- usb: dwc3-am62: fix module unload/reload behavior
- usb: dwc3-am62: Disable wakeup at remove
- serial: core: only stop transmit when HW fifo is empty
- serial: Lock console when calling into driver before registration
- btrfs: qgroup: always free reserved space for extent records
- btrfs: fix off-by-one chunk length calculation at contains_pending_extent()
- wifi: rtw88: Add missing VID/PIDs for 8811CU and 8821CU
- docs: Makefile: Add dependency to $(YNL_INDEX) for targets other than
htmldocs
- PCI/PM: Drain runtime-idle callbacks before driver removal
- PCI/DPC: Quirk PIO log size for Intel Raptor Lake Root Ports
- Revert "Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d""
- md: don't clear MD_RECOVERY_FROZEN for new dm-raid until resume
- md: export helpers to stop sync_thread
- md: export helper md_is_rdwr()
- md: add a new helper reshape_interrupted()
- dm-raid: really frozen sync_thread during suspend
- md/dm-raid: don't call md_reap_sync_thread() directly
- dm-raid: add a new helper prepare_suspend() in md_personality
- dm-raid456, md/raid456: fix a deadlock for dm-raid456 while io concurrent
with reshape
- dm-raid: fix lockdep waring in "pers->hot_add_disk"
- powerpc: xor_vmx: Add '-mhard-float' to CFLAGS
- block: Fix page refcounts for unaligned buffers in __bio_release_pages()
- mac802154: fix llsec key resources release in mac802154_llsec_key_del
- mm: swap: fix race between free_swap_and_cache() and swapoff()
- mmc: core: Fix switch on gp3 partition
- Bluetooth: btnxpuart: Fix btnxpuart_close
- leds: trigger: netdev: Fix kernel panic on interface rename trig notify
- drm/etnaviv: Restore some id values
- landlock: Warn once if a Landlock action is requested while disabled
- io_uring: fix mshot read defer taskrun cqe posting
- hwmon: (amc6821) add of_match table
- io_uring: fix io_queue_proc modifying req->flags
- ext4: fix corruption during on-line resize
- nvmem: meson-efuse: fix function pointer type mismatch
- slimbus: core: Remove usage of the deprecated ida_simple_xx() API
- phy: tegra: xusb: Add API to retrieve the port number of phy
- usb: gadget: tegra-xudc: Fix USB3 PHY retrieval logic
- speakup: Fix 8bit characters from direct synth
- debugfs: fix wait/cancellation handling during remove
- PCI/AER: Block runtime suspend when handling errors
- io_uring/net: correctly handle multishot recvmsg retry setup
- io_uring: fix mshot io-wq checks
- PCI: qcom: Disable ASPM L0s for sc8280xp, sa8540p and sa8295p
- sparc32: Fix parport build with sparc32
- nfs: fix UAF in direct writes
- NFS: Read unlock folio on nfs_page_create_from_folio() error
- kbuild: Move -Wenum-{compare-conditional,enum-conversion} into W=1
- PCI: qcom: Enable BDF to SID translation properly
- PCI: dwc: endpoint: Fix advertised resizable BAR size
- PCI: hv: Fix ring buffer size calculation
- cifs: prevent updating file size from server if we have a read/write lease
- cifs: allow changing password during remount
- thermal/drivers/mediatek: Fix control buffer enablement on MT7896
- vfio/pci: Disable auto-enable of exclusive INTx IRQ
- vfio/pci: Lock external INTx masking ops
- vfio/platform: Disable virqfds on cleanup
- vfio/platform: Create persistent IRQ handlers
- vfio/fsl-mc: Block calling interrupt handler without trigger
- tpm,tpm_tis: Avoid warning splat at shutdown
- ksmbd: replace generic_fillattr with vfs_getattr
- ksmbd: retrieve number of blocks using vfs_getattr in
set_file_allocation_info
- platform/x86/intel/tpmi: Change vsec offset to u64
- io_uring/rw: return IOU_ISSUE_SKIP_COMPLETE for multishot retry
- io_uring: clean rings on NO_MMAP alloc fail
- ring-buffer: Do not set shortest_full when full target is hit
- ring-buffer: Fix full_waiters_pending in poll
- ring-buffer: Use wait_event_interruptible() in ring_buffer_wait()
- tracing/ring-buffer: Fix wait_on_pipe() race
- dlm: fix user space lkb refcounting
- soc: fsl: qbman: Always disable interrupts when taking cgr_lock
- soc: fsl: qbman: Use raw spinlock for cgr_lock
- s390/zcrypt: fix reference counting on zcrypt card objects
- drm/probe-helper: warn about negative .get_modes()
- drm/panel: do not return negative error codes from drm_panel_get_modes()
- drm/exynos: do not return negative values from .get_modes()
- drm/imx/ipuv3: do not return negative values from .get_modes()
- drm/vc4: hdmi: do not return negative values from .get_modes()
- clocksource/drivers/timer-riscv: Clear timer interrupt on timer
initialization
- memtest: use {READ,WRITE}_ONCE in memory scanning
- Revert "block/mq-deadline: use correct way to throttling write requests"
- lsm: use 32-bit compatible data types in LSM syscalls
- lsm: handle the NULL buffer case in lsm_fill_user_ctx()
- f2fs: mark inode dirty for FI_ATOMIC_COMMITTED flag
- f2fs: truncate page cache before clearing flags when aborting atomic write
- nilfs2: fix failure to detect DAT corruption in btree and direct mappings
- nilfs2: prevent kernel bug at submit_bh_wbc()
- cifs: make sure server interfaces are requested only for SMB3+
- cifs: reduce warning log level for server not advertising interfaces
- cifs: open_cached_dir(): add FILE_READ_EA to desired access
- mtd: rawnand: Fix and simplify again the continuous read derivations
- mtd: rawnand: Add a helper for calculating a page index
- mtd: rawnand: Ensure all continuous terms are always in sync
- mtd: rawnand: Constrain even more when continuous reads are enabled
- cpufreq: dt: always allocate zeroed cpumask
- io_uring/futex: always remove futex entry for cancel all
- io_uring/waitid: always remove waitid entry for cancel all
- x86/CPU/AMD: Update the Zenbleed microcode revisions
- ksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16()
- net: esp: fix bad handling of pages from page_pool
- NFSD: Fix nfsd_clid_class use of __string_len() macro
- drm/i915: Add missing ; to __assign_str() macros in tracepoint code
- net: hns3: tracing: fix hclgevf trace event strings
- cxl/trace: Properly initialize cxl_poison region name
- ksmbd: fix potencial out-of-bounds when buffer offset is invalid
- virtio: reenable config if freezing device failed
- LoongArch: Change __my_cpu_offset definition to avoid mis-optimization
- LoongArch: Define the __io_aw() hook as mmiowb()
- LoongArch/crypto: Clean up useless assignment operations
- wireguard: netlink: check for dangling peer via is_dead instead of empty
list
- wireguard: netlink: access device through ctx instead of peer
- wireguard: selftests: set RISCV_ISA_FALLBACK on riscv{32,64}
- ahci: asm1064: asm1166: don't limit reported ports
- drm/amd/display: Change default size for dummy plane in DML2
- drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag
- drm/amdgpu/pm: Fix NULL pointer dereference when get power limit
- drm/amdgpu/pm: Check the validity of overdiver power limit
- drm/amd/display: Override min required DCFCLK in dml1_validate
- drm/amd/display: Allow dirty rects to be sent to dmub when abm is active
- drm/amd/display: Init DPPCLK from SMU on dcn32
- drm/amd/display: Update odm when ODM combine is changed on an otg master
pipe with no plane
- drm/amd/display: Fix idle check for shared firmware state
- drm/amd/display: Amend coasting vtotal for replay low hz
- drm/amd/display: Lock all enabled otg pipes even with no planes
- drm/amd/display: Implement wait_for_odm_update_pending_complete
- drm/amd/display: Return the correct HDCP error code
- drm/amd/display: Add a dc_state NULL check in dc_state_release
- drm/amd/display: Fix noise issue on HDMI AV mute
- dm snapshot: fix lockup in dm_exception_table_exit
- x86/pm: Work around false positive kmemleak report in msr_build_context()
- wifi: brcmfmac: add per-vendor feature detection callback
- wifi: brcmfmac: cfg80211: Use WSEC to set SAE password
- wifi: brcmfmac: Demote vendor-specific attach/detach messages to info
- drm/ttm: Make sure the mapped tt pages are decrypted when needed
- drm/amd/display: Unify optimize_required flags and VRR adjustments
- drm/amd/display: Add more checks for exiting idle in DC
- btrfs: add set_folio_extent_mapped() helper
- btrfs: replace sb::s_blocksize by fs_info::sectorsize
- btrfs: add helpers to get inode from page/folio pointers
- btrfs: add helpers to get fs_info from page/folio pointers
- btrfs: add helper to get fs_info from struct inode pointer
- btrfs: qgroup: validate btrfs_qgroup_inherit parameter
- vfio: Introduce interface to flush virqfd inject workqueue
- vfio/pci: Create persistent INTx handler
- drm/bridge: add ->edid_read hook and drm_bridge_edid_read()
- drm/bridge: lt8912b: use drm_bridge_edid_read()
- drm/bridge: lt8912b: clear the EDID property on failures
- drm/bridge: lt8912b: do not return negative values from .get_modes()
- drm/amd/display: Remove pixle rate limit for subvp
- drm/amd/display: Revert Remove pixle rate limit for subvp
- workqueue: Shorten events_freezable_power_efficient name
- drm/amd/display: Use freesync when `DRM_EDID_FEATURE_CONTINUOUS_FREQ` found
- netfilter: nf_tables: reject constant set with timeout
- Revert "crypto: pkcs7 - remove sha1 support"
- x86/efistub: Call mixed mode boot services on the firmware's stack
- ASoC: amd: yc: Revert "Fix non-functional mic on Lenovo 21J2"
- ASoC: amd: yc: Revert "add new YC platform variant (0x63) support"
- Fix memory leak in posix_clock_open()
- wifi: rtw88: 8821cu: Fix connection failure
- x86/Kconfig: Remove CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT
- x86/sev: Fix position dependent variable references in startup code
- clocksource/drivers/arm_global_timer: Fix maximum prescaler value
- ARM: 9352/1: iwmmxt: Remove support for PJ4/PJ4B cores
- ARM: 9359/1: flush: check if the folio is reserved for no-mapping addresses
- entry: Respect changes to system call number by trace_sys_enter()
- swiotlb: Fix double-allocation of slots due to broken alignment handling
- swiotlb: Honour dma_alloc_coherent() alignment in swiotlb_alloc()
- swiotlb: Fix alignment checks when both allocation and DMA masks are present
- iommu/dma: Force swiotlb_max_mapping_size on an untrusted device
- printk: Update @console_may_schedule in console_trylock_spinning()
- irqchip/renesas-rzg2l: Flush posted write in irq_eoi()
- irqchip/renesas-rzg2l: Rename rzg2l_tint_eoi()
- irqchip/renesas-rzg2l: Rename rzg2l_irq_eoi()
- irqchip/renesas-rzg2l: Prevent spurious interrupts when setting trigger type
- kprobes/x86: Use copy_from_kernel_nofault() to read from unsafe address
- efi/libstub: fix efi_random_alloc() to allocate memory at alloc_min or
higher address
- x86/mpparse: Register APIC address only once
- x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD
- efi: fix panic in kdump kernel
- pwm: img: fix pwm clock lookup
- selftests/mm: Fix build with _FORTIFY_SOURCE
- btrfs: handle errors returned from unpin_extent_cache()
- btrfs: fix warning messages not printing interval at unpin_extent_range()
- btrfs: do not skip re-registration for the mounted device
- mfd: intel-lpss: Switch to generalized quirk table
- mfd: intel-lpss: Introduce QUIRK_CLOCK_DIVIDER_UNITY for XPS 9530
- drm/i915: Replace a memset() with zero initialization
- drm/i915: Try to preserve the current shared_dpll for fastset on type-c
ports
- drm/i915: Include the PLL name in the debug messages
- drm/i915: Suppress old PLL pipe_mask checks for MG/TC/TBT PLLs
- crypto: iaa - Fix nr_cpus < nr_iaa case
- drm/amd/display: Prevent crash when disable stream
- ALSA: hda/tas2781: remove digital gain kcontrol
- ALSA: hda/tas2781: add locks to kcontrols
- mm: zswap: fix writeback shinker GFP_NOIO/GFP_NOFS recursion
- init: open /initrd.image with O_LARGEFILE
- x86/efistub: Add missing boot_params for mixed mode compat entry
- efi/libstub: Cast away type warning in use of max()
- x86/efistub: Reinstate soft limit for initrd loading
- prctl: generalize PR_SET_MDWE support check to be per-arch
- ARM: prctl: reject PR_SET_MDWE on pre-ARMv6
- tmpfs: fix race on handling dquot rbtree
- btrfs: validate device maj:min during open
- btrfs: fix race in read_extent_buffer_pages()
- btrfs: zoned: don't skip block groups with 100% zone unusable
- btrfs: zoned: use zone aware sb location for scrub
- btrfs: zoned: fix use-after-free in do_zone_finish()
- wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes
- wifi: cfg80211: add a flag to disable wireless extensions
- wifi: iwlwifi: mvm: disable MLO for the time being
- wifi: iwlwifi: fw: don't always use FW dump trig
- wifi: iwlwifi: mvm: handle debugfs names more carefully
- Revert "drm/amd/display: Fix sending VSC (+ colorimetry) packets for DP/eDP
displays without PSR"
- fbdev: Select I/O-memory framebuffer ops for SBus
- exec: Fix NOMMU linux_binprm::exec in transfer_args_to_stack()
- hexagon: vmlinux.lds.S: handle attributes section
- mm: cachestat: fix two shmem bugs
- selftests/mm: sigbus-wp test requires UFFD_FEATURE_WP_HUGETLBFS_SHMEM
- selftests/mm: fix ARM related issue with fork after pthread_create
- mmc: sdhci-omap: re-tuning is needed after a pm transition to support emmc
HS200 mode
- mmc: core: Initialize mmc_blk_ioc_data
- mmc: core: Avoid negative index with array access
- sdhci-of-dwcmshc: disable PM runtime in dwcmshc_remove()
- block: Do not force full zone append completion in req_bio_endio()
- thermal: devfreq_cooling: Fix perf state when calculate dfc res_util
- Revert "thermal: core: Don't update trip points inside the hysteresis range"
- nouveau/dmem: handle kcalloc() allocation failure
- net: ll_temac: platform_get_resource replaced by wrong function
- net: wan: framer: Add missing static inline qualifiers
- net: phy: qcom: at803x: fix kernel panic with at8031_probe
- drm/xe/query: fix gt_id bounds check
- drm/dp: Fix divide-by-zero regression on DP MST unplug with nouveau
- drm/vmwgfx: Create debugfs ttm_resource_manager entry only if needed
- drm/amdkfd: fix TLB flush after unmap for GFX9.4.2
- drm/amdgpu: fix deadlock while reading mqd from debugfs
- drm/amd/display: Remove MPC rate control logic from DCN30 and above
- drm/amd/display: Set DCN351 BB and IP the same as DCN35
- drm/i915/hwmon: Fix locking inversion in sysfs getter
- drm/i915/vma: Fix UAF on destroy against retire race
- drm/i915/bios: Tolerate devdata==NULL in
intel_bios_encoder_supports_dp_dual_mode()
- drm/i915/vrr: Generate VRR "safe window" for DSB
- drm/i915/dsi: Go back to the previous INIT_OTP/DISPLAY_ON order, mostly
- drm/i915/dsb: Fix DSB vblank waits when using VRR
- drm/i915: Do not match JSL in ehl_combo_pll_div_frac_wa_needed()
- drm/i915: Pre-populate the cursor physical dma address
- drm/i915/gt: Reset queue_priority_hint on parking
- drm/amd/display: Fix bounds check for dcn35 DcfClocks
- Bluetooth: hci_sync: Fix not checking error on hci_cmd_sync_cancel_sync
- mtd: spinand: Add support for 5-byte IDs
- Revert "usb: phy: generic: Get the vbus supply"
- usb: cdc-wdm: close race between read and workqueue
- usb: misc: ljca: Fix double free in error handling path
- USB: UAS: return ENODEV when submit urbs fail with device not attached
- vfio/pds: Make sure migration file isn't accessed after reset
- ring-buffer: Make wake once of ring_buffer_wait() more robust
- btrfs: fix extent map leak in unexpected scenario at unpin_extent_cache()
- ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs
- scsi: ufs: qcom: Provide default cycles_in_1us value
- scsi: sd: Fix TCG OPAL unlock on system resume
- scsi: core: Fix unremoved procfs host directory regression
- staging: vc04_services: changen strncpy() to strscpy_pad()
- staging: vc04_services: fix information leak in create_component()
- genirq: Introduce IRQF_COND_ONESHOT and use it in pinctrl-amd
- usb: dwc3: Properly set system wakeup
- USB: core: Fix deadlock in usb_deauthorize_interface()
- USB: core: Add hub_get() and hub_put() routines
- USB: core: Fix deadlock in port "disable" sysfs attribute
- usb: dwc2: host: Fix remote wakeup from hibernation
- usb: dwc2: host: Fix hibernation flow
- usb: dwc2: host: Fix ISOC flow in DDMA mode
- usb: dwc2: gadget: Fix exiting from clock gating
- usb: dwc2: gadget: LPM flow fix
- usb: udc: remove warning when queue disabled ep
- usb: typec: ucsi: Fix race between typec_switch and role_switch
- usb: typec: tcpm: fix double-free issue in tcpm_port_unregister_pd()
- usb: typec: tcpm: Correct port source pdo array in pd_set callback
- usb: typec: tcpm: Update PD of Type-C port upon pd_set
- usb: typec: Return size of buffer if pd_set operation succeeds
- usb: typec: ucsi: Clear EVENT_PENDING under PPM lock
- usb: typec: ucsi: Ack unsupported commands
- usb: typec: ucsi_acpi: Refactor and fix DELL quirk
- usb: typec: ucsi: Clear UCSI_CCI_RESET_COMPLETE before reset
- scsi: qla2xxx: Prevent command send on chip reset
- scsi: qla2xxx: Fix N2N stuck connection
- scsi: qla2xxx: Split FCE|EFT trace control
- scsi: qla2xxx: Update manufacturer detail
- scsi: qla2xxx: NVME|FCP prefer flag not being honored
- scsi: qla2xxx: Fix command flush on cable pull
- scsi: qla2xxx: Fix double free of the ha->vp_map pointer
- scsi: qla2xxx: Fix double free of fcport
- scsi: qla2xxx: Change debug message during driver unload
- scsi: qla2xxx: Delay I/O Abort on PCI error
- x86/bugs: Fix the SRSO mitigation on Zen3/4
- crash: use macro to add crashk_res into iomem early for specific arch
- drm/amd/display: fix IPX enablement
- x86/bugs: Use fixed addressing for VERW operand
- Revert "x86/bugs: Use fixed addressing for VERW operand"
- usb: dwc3: pci: Drop duplicate ID
- scsi: lpfc: Correct size for cmdwqe/rspwqe for memset()
- scsi: lpfc: Correct size for wqe for memset()
- scsi: libsas: Add a helper sas_get_sas_addr_and_dev_type()
- scsi: libsas: Fix disk not being scanned in after being removed
- perf/x86/amd/core: Update and fix stalled-cycles-* events for Zen 2 and
later
- x86/sev: Skip ROM range scans and validation for SEV-SNP guests
- tools/resolve_btfids: fix build with musl libc
- drm/amdgpu: fix use-after-free bug
- drm/sched: fix null-ptr-deref in init entity
- Linux 6.8.3
- [Config] updateconfigs following v6.8.3 import
* [24.04 FEAT] [SEC2353] zcrypt: extend error recovery to deal with device
scans (LP: #2050019)
- s390/zcrypt: harmonize debug feature calls and defines
- s390/zcrypt: introduce dynamic debugging for AP and zcrypt code
- s390/pkey: harmonize pkey s390 debug feature calls
- s390/pkey: introduce dynamic debugging for pkey
- s390/ap: add debug possibility for AP messages
- s390/zcrypt: add debug possibility for CCA and EP11 messages
- s390/ap: rearm APQNs bindings complete completion
- s390/ap: clarify AP scan bus related functions and variables
- s390/ap: rework ap_scan_bus() to return true on config change
- s390/ap: introduce mutex to lock the AP bus scan
- s390/zcrypt: introduce retries on in-kernel send CPRB functions
- s390/zcrypt: improve zcrypt retry behavior
- s390/pkey: improve pkey retry behavior
* [SPR][EMR][GNR] TDX: efi: TD Measurement support for kernel cmdline/initrd
sections from EFI stub (LP: #2060130)
- efi/libstub: Use TPM event typedefs from the TCG PC Client spec
- efi/tpm: Use symbolic GUID name from spec for final events table
- efi/libstub: Add Confidential Computing (CC) measurement typedefs
- efi/libstub: Measure into CC protocol if TCG2 protocol is absent
- efi/libstub: Add get_event_log() support for CC platforms
- x86/efistub: Remap kernel text read-only before dropping NX attribute
* backport arm64 THP improvements from 6.9 (LP: #2059316)
- SAUCE: arm64/mm: make set_ptes() robust when OAs cross 48-bit boundary
- SAUCE: arm/pgtable: define PFN_PTE_SHIFT
- SAUCE: nios2/pgtable: define PFN_PTE_SHIFT
- SAUCE: powerpc/pgtable: define PFN_PTE_SHIFT
- SAUCE: riscv/pgtable: define PFN_PTE_SHIFT
- SAUCE: s390/pgtable: define PFN_PTE_SHIFT
- SAUCE: sparc/pgtable: define PFN_PTE_SHIFT
- SAUCE: mm/pgtable: make pte_next_pfn() independent of set_ptes()
- SAUCE: arm/mm: use pte_next_pfn() in set_ptes()
- SAUCE: powerpc/mm: use pte_next_pfn() in set_ptes()
- SAUCE: mm/memory: factor out copying the actual PTE in copy_present_pte()
- SAUCE: mm/memory: pass PTE to copy_present_pte()
- SAUCE: mm/memory: optimize fork() with PTE-mapped THP
- SAUCE: mm/memory: ignore dirty/accessed/soft-dirty bits in folio_pte_batch()
- SAUCE: mm/memory: ignore writable bit in folio_pte_batch()
- SAUCE: mm: clarify the spec for set_ptes()
- SAUCE: mm: thp: batch-collapse PMD with set_ptes()
- SAUCE: mm: introduce pte_advance_pfn() and use for pte_next_pfn()
- SAUCE: arm64/mm: convert pte_next_pfn() to pte_advance_pfn()
- SAUCE: x86/mm: convert pte_next_pfn() to pte_advance_pfn()
- SAUCE: mm: tidy up pte_next_pfn() definition
- SAUCE: arm64/mm: convert READ_ONCE(*ptep) to ptep_get(ptep)
- SAUCE: arm64/mm: convert set_pte_at() to set_ptes(..., 1)
- SAUCE: arm64/mm: convert ptep_clear() to ptep_get_and_clear()
- SAUCE: arm64/mm: new ptep layer to manage contig bit
- SAUCE: arm64/mm: dplit __flush_tlb_range() to elide trailing DSB
- [Config] arm64: ARM64_CONTPTE=y
- SAUCE: arm64/mm: wire up PTE_CONT for user mappings
- SAUCE: arm64/mm: implement new wrprotect_ptes() batch API
- SAUCE: arm64/mm: implement new [get_and_]clear_full_ptes() batch APIs
- SAUCE: mm: add pte_batch_hint() to reduce scanning in folio_pte_batch()
- SAUCE: arm64/mm: implement pte_batch_hint()
- SAUCE: arm64/mm: __always_inline to improve fork() perf
- SAUCE: arm64/mm: automatically fold contpte mappings
- SAUCE: arm64/mm: export contpte symbols only to GPL users
- SAUCE: arm64/mm: improve comment in contpte_ptep_get_lockless()
* Fix acpi_power_meter accessing IPMI region before it's ready (LP: #2059263)
- ACPI: IPMI: Add helper to wait for when SMI is selected
- hwmon: (acpi_power_meter) Ensure IPMI space handler is ready on Dell systems
* Drop fips-checks script from trees (LP: #2055083)
- [Packaging] Remove fips-checks script
* alsa/realtek: adjust max output valume for headphone on 2 LG machines
(LP: #2058573)
- ALSA: hda/realtek: fix the hp playback volume issue for LG machines
* Noble update: v6.8.2 upstream stable release (LP: #2060097)
- do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak
- workqueue.c: Increase workqueue name length
- workqueue: Move pwq->max_active to wq->max_active
- workqueue: Factor out pwq_is_empty()
- workqueue: Replace pwq_activate_inactive_work() with [__]pwq_activate_work()
- workqueue: Move nr_active handling into helpers
- workqueue: Make wq_adjust_max_active() round-robin pwqs while activating
- workqueue: RCU protect wq->dfl_pwq and implement accessors for it
- workqueue: Introduce struct wq_node_nr_active
- workqueue: Implement system-wide nr_active enforcement for unbound
workqueues
- workqueue: Don't call cpumask_test_cpu() with -1 CPU in
wq_update_node_max_active()
- iomap: clear the per-folio dirty bits on all writeback failures
- fs: Fix rw_hint validation
- io_uring: remove looping around handling traditional task_work
- io_uring: remove unconditional looping in local task_work handling
- s390/dasd: Use dev_*() for device log messages
- s390/dasd: fix double module refcount decrement
- fs/hfsplus: use better @opf description
- md: fix kmemleak of rdev->serial
- rcu/exp: Fix RCU expedited parallel grace period kworker allocation failure
recovery
- rcu/exp: Handle RCU expedited grace period kworker allocation failure
- fs/select: rework stack allocation hack for clang
- block: fix deadlock between bd_link_disk_holder and partition scan
- md: Don't clear MD_CLOSING when the raid is about to stop
- kunit: Setup DMA masks on the kunit device
- ovl: Always reject mounting over case-insensitive directories
- kunit: test: Log the correct filter string in executor_test
- lib/cmdline: Fix an invalid format specifier in an assertion msg
- lib: memcpy_kunit: Fix an invalid format specifier in an assertion msg
- time: test: Fix incorrect format specifier
- rtc: test: Fix invalid format specifier.
- net: test: Fix printf format specifier in skb_segment kunit test
- drm/xe/tests: Fix printf format specifiers in xe_migrate test
- drm: tests: Fix invalid printf format specifiers in KUnit tests
- md/raid1: factor out helpers to add rdev to conf
- md/raid1: record nonrot rdevs while adding/removing rdevs to conf
- md/raid1: fix choose next idle in read_balance()
- io_uring/net: unify how recvmsg and sendmsg copy in the msghdr
- io_uring/net: move receive multishot out of the generic msghdr path
- io_uring/net: fix overflow check in io_recvmsg_mshot_prep()
- nvme: host: fix double-free of struct nvme_id_ns in ns_update_nuse()
- aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts
- x86/mm: Ensure input to pfn_to_kaddr() is treated as a 64-bit type
- x86/resctrl: Remove hard-coded memory bandwidth limit
- x86/resctrl: Read supported bandwidth sources from CPUID
- x86/resctrl: Implement new mba_MBps throttling heuristic
- x86/sme: Fix memory encryption setting if enabled by default and not
overridden
- timekeeping: Fix cross-timestamp interpolation on counter wrap
- timekeeping: Fix cross-timestamp interpolation corner case decision
- timekeeping: Fix cross-timestamp interpolation for non-x86
- x86/asm: Remove the __iomem annotation of movdir64b()'s dst argument
- sched/fair: Take the scheduling domain into account in select_idle_smt()
- sched/fair: Take the scheduling domain into account in select_idle_core()
- wifi: ath10k: fix NULL pointer dereference in
ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev()
- wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled
- wifi: b43: Stop/wake correct queue in PIO Tx path when QoS is disabled
- wifi: b43: Stop correct queue in DMA worker when QoS is disabled
- wifi: b43: Disable QoS for bcm4331
- wifi: wilc1000: fix declarations ordering
- wifi: wilc1000: fix RCU usage in connect path
- wifi: ath11k: add support to select 6 GHz regulatory type
- wifi: ath11k: store cur_regulatory_info for each radio
- wifi: ath11k: fix a possible dead lock caused by ab->base_lock
- wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work
- wifi: wilc1000: do not realloc workqueue everytime an interface is added
- wifi: wilc1000: fix multi-vif management when deleting a vif
- wifi: mwifiex: debugfs: Drop unnecessary error check for
debugfs_create_dir()
- ARM: dts: renesas: r8a73a4: Fix external clocks and clock rate
- arm64: dts: qcom: x1e80100: drop qcom,drv-count
- arm64: dts: qcom: sc8180x: Hook up VDD_CX as GCC parent domain
- arm64: dts: qcom: sc8180x: Fix up big CPU idle state entry latency
- arm64: dts: qcom: sc8180x: Add missing CPU off state
- arm64: dts: qcom: sc8180x: Fix eDP PHY power-domains
- arm64: dts: qcom: sc8180x: Don't hold MDP core clock at FMAX
- arm64: dts: qcom: sc8180x: Require LOW_SVS vote for MMCX if DISPCC is on
- arm64: dts: qcom: sc8180x: Add missing CPU<->MDP_CFG path
- arm64: dts: qcom: sc8180x: Shrink aoss_qmp register space size
- cpufreq: brcmstb-avs-cpufreq: add check for cpufreq_cpu_get's return value
- cpufreq: mediatek-hw: Wait for CPU supplies before probing
- sock_diag: annotate data-races around sock_diag_handlers[family]
- inet_diag: annotate data-races around inet_diag_table[]
- bpftool: Silence build warning about calloc()
- selftests/bpf: Fix potential premature unload in bpf_testmod
- libbpf: Apply map_set_def_max_entries() for inner_maps on creation
- selftest/bpf: Add map_in_maps with BPF_MAP_TYPE_PERF_EVENT_ARRAY values
- bpftool: Fix wrong free call in do_show_link
- wifi: ath12k: Fix issues in channel list update
- selftests/bpf: Fix the flaky tc_redirect_dtime test
- selftests/bpf: Wait for the netstamp_needed_key static key to be turned on
- wifi: cfg80211: add RNR with reporting AP information
- wifi: mac80211: use deflink and fix typo in link ID check
- wifi: iwlwifi: change link id in time event to s8
- af_unix: Annotate data-race of gc_in_progress in wait_for_unix_gc().
- arm64: dts: qcom: sm8450: Add missing interconnects to serial
- soc: qcom: socinfo: rename PM2250 to PM4125
- arm64: dts: qcom: sc7280: Add static properties to cryptobam
- arm64: dts: qcom: qcm6490-fairphone-fp5: Add missing reserved-memory
- arm64: dts: qcom: sdm845-oneplus-common: improve DAI node naming
- arm64: dts: qcom: rename PM2250 to PM4125
- cpufreq: mediatek-hw: Don't error out if supply is not found
- libbpf: Fix faccessat() usage on Android
- libbpf: fix __arg_ctx type enforcement for perf_event programs
- pmdomain: qcom: rpmhpd: Drop SA8540P gfx.lvl
- arm64: dts: qcom: sa8540p: Drop gfx.lvl as power-domain for gpucc
- arm64: dts: renesas: r8a779g0: Restore sort order
- arm64: dts: renesas: r8a779g0: Add missing SCIF_CLK2
- selftests/bpf: Disable IPv6 for lwt_redirect test
- arm64: dts: imx8mm-kontron: Disable pullups for I2C signals on OSM-S i.MX8MM
- arm64: dts: imx8mm-kontron: Disable pullups for I2C signals on SL/BL i.MX8MM
- arm64: dts: imx8mm-kontron: Disable pullups for onboard UART signals on BL
OSM-S board
- arm64: dts: imx8mm-kontron: Disable pullups for onboard UART signals on BL
board
- arm64: dts: imx8mm-kontron: Disable pull resistors for SD card signals on BL
OSM-S board
- arm64: dts: imx8mm-kontron: Disable pull resistors for SD card signals on BL
board
- arm64: dts: imx8mm-kontron: Fix interrupt for RTC on OSM-S i.MX8MM module
- arm64: dts: imx8qm: Align edma3 power-domains resources indentation
- arm64: dts: imx8qm: Correct edma3 power-domains and interrupt numbers
- libbpf: Add missing LIBBPF_API annotation to libbpf_set_memlock_rlim API
- wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete
- wifi: ath11k: change to move WMI_VDEV_PARAM_SET_HEMU_MODE before
WMI_PEER_ASSOC_CMDID
- wifi: ath12k: fix fetching MCBC flag for QCN9274
- wifi: iwlwifi: mvm: report beacon protection failures
- wifi: iwlwifi: dbg-tlv: ensure NUL termination
- wifi: iwlwifi: acpi: fix WPFC reading
- wifi: iwlwifi: mvm: initialize rates in FW earlier
- wifi: iwlwifi: fix EWRD table validity check
- wifi: iwlwifi: mvm: d3: fix IPN byte order
- wifi: iwlwifi: always have 'uats_enabled'
- wifi: iwlwifi: mvm: fix the TLC command after ADD_STA
- wifi: iwlwifi: read BIOS PNVM only for non-Intel SKU
- gpio: vf610: allow disabling the vf610 driver
- selftests/bpf: trace_helpers.c: do not use poisoned type
- bpf: make sure scalar args don't accept __arg_nonnull tag
- bpf: don't emit warnings intended for global subprogs for static subprogs
- arm64: dts: imx8mm-venice-gw71xx: fix USB OTG VBUS
- pwm: atmel-hlcdc: Fix clock imbalance related to suspend support
- net: blackhole_dev: fix build warning for ethh set but not used
- spi: consolidate setting message->spi
- spi: move split xfers for CS_WORD emulation
- arm64: dts: ti: k3-am62p5-sk: Enable CPSW MDIO node
- arm64: dts: ti: k3-j721s2: Fix power domain for VTM node
- arm64: dts: ti: k3-j784s4: Fix power domain for VTM node
- wifi: ath11k: initialize rx_mcs_80 and rx_mcs_160 before use
- wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer()
- arm64: dts: ti: k3-am69-sk: remove assigned-clock-parents for unused VP
- libbpf: fix return value for PERF_EVENT __arg_ctx type fix up check
- arm64: dts: ti: k3-am62p-mcu/wakeup: Disable MCU and wakeup R5FSS nodes
- arm64: dts: qcom: x1e80100-qcp: Fix supplies for LDOs 3E and 2J
- libbpf: Use OPTS_SET() macro in bpf_xdp_query()
- wifi: wfx: fix memory leak when starting AP
- arm64: dts: qcom: qcm2290: declare VLS CLAMP register for USB3 PHY
- arm64: dts: qcom: sm6115: declare VLS CLAMP register for USB3 PHY
- arm64: dts: qcom: sm8650: Fix UFS PHY clocks
- wifi: ath12k: fix incorrect logic of calculating vdev_stats_id
- printk: nbcon: Relocate 32bit seq macros
- printk: ringbuffer: Do not skip non-finalized records with prb_next_seq()
- printk: Wait for all reserved records with pr_flush()
- printk: Add this_cpu_in_panic()
- printk: ringbuffer: Cleanup reader terminology
- printk: ringbuffer: Skip non-finalized records in panic
- printk: Disable passing console lock owner completely during panic()
- pwm: sti: Fix capture for st,pwm-num-chan < st,capture-num-chan
- tools/resolve_btfids: Refactor set sorting with types from btf_ids.h
- tools/resolve_btfids: Fix cross-compilation to non-host endianness
- wifi: iwlwifi: support EHT for WH
- wifi: iwlwifi: properly check if link is active
- wifi: iwlwifi: mvm: fix erroneous queue index mask
- wifi: iwlwifi: mvm: don't set the MFP flag for the GTK
- wifi: iwlwifi: mvm: don't set replay counters to 0xff
- s390/pai: fix attr_event_free upper limit for pai device drivers
- s390/vdso: drop '-fPIC' from LDFLAGS
- arm64: dts: qcom: qcm6490-idp: Correct the voltage setting for vph_pwr
- arm64: dts: qcom: qcs6490-rb3gen2: Correct the voltage setting for vph_pwr
- selftests: forwarding: Add missing config entries
- selftests: forwarding: Add missing multicast routing config entries
- arm64: dts: qcom: sm6115: drop pipe clock selection
- ipv6: mcast: remove one synchronize_net() barrier in ipv6_mc_down()
- arm64: dts: mt8183: Move CrosEC base detection node to kukui-based DTs
- arm64: dts: mediatek: mt7986: fix reference to PWM in fan node
- arm64: dts: mediatek: mt7986: drop crypto's unneeded/invalid clock name
- arm64: dts: mediatek: mt7986: fix SPI bus width properties
- arm64: dts: mediatek: mt7986: fix SPI nodename
- arm64: dts: mediatek: mt7986: drop "#clock-cells" from PWM
- arm64: dts: mediatek: mt7986: add "#reset-cells" to infracfg
- arm64: dts: mediatek: mt8192-asurada: Remove CrosEC base detection node
- arm64: dts: mediatek: mt8192: fix vencoder clock name
- arm64: dts: mediatek: mt8186: fix VENC power domain clocks
- arm64: dts: mediatek: mt7622: add missing "device_type" to memory nodes
- can: m_can: Start/Cancel polling timer together with interrupts
- wifi: iwlwifi: mvm: Fix the listener MAC filter flags
- bpf: Mark bpf_spin_{lock,unlock}() helpers with notrace correctly
- arm64: dts: qcom: sdm845: Use the Low Power Island CX/MX for SLPI
- soc: qcom: llcc: Check return value on Broadcast_OR reg read
- ARM: dts: qcom: msm8974: correct qfprom node size
- arm64: dts: mediatek: mt8186: Add missing clocks to ssusb power domains
- arm64: dts: mediatek: mt8186: Add missing xhci clock to usb controllers
- arm64: dts: ti: am65x: Fix dtbs_install for Rocktech OLDI overlay
- cpufreq: qcom-hw: add CONFIG_COMMON_CLK dependency
- wifi: wilc1000: prevent use-after-free on vif when cleaning up all
interfaces
- pwm: dwc: use pm_sleep_ptr() macro
- arm64: dts: ti: k3-am69-sk: fix PMIC interrupt number
- arm64: dts: ti: k3-j721e-sk: fix PMIC interrupt number
- arm64: dts: ti: k3-am62-main: disable usb lpm
- ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit()
- bus: tegra-aconnect: Update dependency to ARCH_TEGRA
- iommu/amd: Mark interrupt as managed
- wifi: brcmsmac: avoid function pointer casts
- arm64: dts: qcom: sdm845-db845c: correct PCIe wake-gpios
- arm64: dts: qcom: sm8150: correct PCIe wake-gpios
- powercap: dtpm_cpu: Fix error check against freq_qos_add_request()
- net: ena: Remove ena_select_queue
- arm64: dts: ti: k3-j7200-common-proc-board: Modify Pinmux for wkup_uart0 and
mcu_uart0
- arm64: dts: ti: k3-j7200-common-proc-board: Remove clock-frequency from
mcu_uart0
- arm64: dts: ti: k3-j721s2-common-proc-board: Remove Pinmux for CTS and RTS
in wkup_uart0
- arm64: dts: ti: k3-j784s4-evm: Remove Pinmux for CTS and RTS in wkup_uart0
- arm64: dts: ti: k3-am64-main: Fix ITAP/OTAP values for MMC
- arm64: dts: mt8195-cherry-tomato: change watchdog reset boot flow
- arm64: dts: ti: Add common1 register space for AM65x SoC
- arm64: dts: ti: Add common1 register space for AM62x SoC
- firmware: arm_scmi: Fix double free in SMC transport cleanup path
- wifi: cfg80211: set correct param change count in ML element
- arm64: dts: ti: k3-j721e: Fix mux-reg-masks in hbmc_mux
- arm64: dts: ti: k3-j784s4-main: Fix mux-reg-masks in serdes_ln_ctrl
- arm64: dts: ti: k3-am62p: Fix memory ranges for DMSS
- wifi: wilc1000: revert reset line logic flip
- ARM: dts: arm: realview: Fix development chip ROM compatible value
- memory: tegra: Correct DLA client names
- wifi: mt76: mt7996: fix fw loading timeout
- wifi: mt76: mt7925: fix connect to 80211b mode fail in 2Ghz band
- wifi: mt76: mt7925: fix SAP no beacon issue in 5Ghz and 6Ghz band
- wifi: mt76: mt7925: fix mcu query command fail
- wifi: mt76: mt7925: fix wmm queue mapping
- wifi: mt76: mt7925: fix fw download fail
- wifi: mt76: mt7925: fix WoW failed in encrypted mode
- wifi: mt76: mt7925: fix the wrong header translation config
- wifi: mt76: mt7925: add flow to avoid chip bt function fail
- wifi: mt76: mt7925: add support to set ifs time by mcu command
- wifi: mt76: mt7925: update PCIe DMA settings
- wifi: mt76: mt7996: check txs format before getting skb by pid
- wifi: mt76: mt7996: fix TWT issues
- wifi: mt76: mt7996: fix incorrect interpretation of EHT MCS caps
- wifi: mt76: mt7996: fix HE beamformer phy cap for station vif
- wifi: mt76: mt7996: fix efuse reading issue
- wifi: mt76: mt7996: fix HIF_TXD_V2_1 value
- wifi: mt76: mt792x: fix ethtool warning
- wifi: mt76: mt7921e: fix use-after-free in free_irq()
- wifi: mt76: mt7925e: fix use-after-free in free_irq()
- wifi: mt76: mt7921: fix incorrect type conversion for CLC command
- wifi: mt76: mt792x: fix a potential loading failure of the 6Ghz channel
config from ACPI
- wifi: mt76: fix the issue of missing txpwr settings from ch153 to ch177
- arm64: dts: renesas: rzg2l: Add missing interrupts to IRQC nodes
- arm64: dts: renesas: r9a08g045: Add missing interrupts to IRQC node
- arm64: dts: renesas: rzg3s-smarc-som: Guard Ethernet IRQ GPIO hogs
- arm64: dts: renesas: r8a779a0: Correct avb[01] reg sizes
- arm64: dts: renesas: r8a779g0: Correct avb[01] reg sizes
- net: mctp: copy skb ext data when fragmenting
- pstore: inode: Only d_invalidate() is needed
- arm64: dts: allwinner: h6: Add RX DMA channel for SPDIF
- ARM: dts: imx6dl-yapp4: Fix typo in the QCA switch register address
- ARM: dts: imx6dl-yapp4: Move the internal switch PHYs under the switch node
- arm64: dts: imx8mp: Set SPI NOR to max 40 MHz on Data Modul i.MX8M Plus eDM
SBC
- arm64: dts: imx8mp-evk: Fix hdmi@3d node
- regulator: userspace-consumer: add module device table
- gpiolib: Pass consumer device through to core in
devm_fwnode_gpiod_get_index()
- arm64: dts: marvell: reorder crypto interrupts on Armada SoCs
- ACPI: resource: Do IRQ override on Lunnen Ground laptops
- ACPI: resource: Add MAIBENBEN X577 to irq1_edge_low_force_override
- ACPI: scan: Fix device check notification handling
- arm64: dts: rockchip: add missing interrupt-names for rk356x vdpu
- arm64: dts: rockchip: fix reset-names for rk356x i2s2 controller
- arm64: dts: rockchip: drop rockchip,trcm-sync-tx-only from rk3588 i2s
- objtool: Fix UNWIND_HINT_{SAVE,RESTORE} across basic blocks
- x86, relocs: Ignore relocations in .notes section
- SUNRPC: fix a memleak in gss_import_v2_context
- SUNRPC: fix some memleaks in gssx_dec_option_array
- arm64: dts: qcom: sm8550: Fix SPMI channels size
- arm64: dts: qcom: sm8650: Fix SPMI channels size
- mmc: wmt-sdmmc: remove an incorrect release_mem_region() call in the .remove
function
- ACPI: CPPC: enable AMD CPPC V2 support for family 17h processors
- btrfs: fix race when detecting delalloc ranges during fiemap
- wifi: rtw88: 8821cu: Fix firmware upload fail
- wifi: rtw88: 8821c: Fix beacon loss and disconnect
- wifi: rtw88: 8821c: Fix false alarm count
- wifi: brcm80211: handle pmk_op allocation failure
- riscv: dts: starfive: jh7100: fix root clock names
- PCI: Make pci_dev_is_disconnected() helper public for other drivers
- iommu/vt-d: Don't issue ATS Invalidation request when device is disconnected
- iommu/vt-d: Use rbtree to track iommu probed devices
- iommu/vt-d: Improve ITE fault handling if target device isn't present
- iommu/vt-d: Use device rbtree in iopf reporting path
- iommu: Add static iommu_ops->release_domain
- iommu/vt-d: Fix NULL domain on device release
- igc: Fix missing time sync events
- igb: Fix missing time sync events
- ice: fix stats being updated by way too large values
- Bluetooth: Remove HCI_POWER_OFF_TIMEOUT
- Bluetooth: mgmt: Remove leftover queuing of power_off work
- Bluetooth: Remove superfluous call to hci_conn_check_pending()
- Bluetooth: Remove BT_HS
- Bluetooth: hci_event: Fix not indicating new connection for BIG Sync
- Bluetooth: hci_qca: don't use IS_ERR_OR_NULL() with gpiod_get_optional()
- Bluetooth: hci_core: Cancel request on command timeout
- Bluetooth: hci_sync: Fix overwriting request callback
- Bluetooth: hci_h5: Add ability to allocate memory for private data
- Bluetooth: btrtl: fix out of bounds memory access
- Bluetooth: hci_core: Fix possible buffer overflow
- Bluetooth: msft: Fix memory leak
- Bluetooth: btusb: Fix memory leak
- Bluetooth: af_bluetooth: Fix deadlock
- Bluetooth: fix use-after-free in accessing skb after sending it
- sr9800: Add check for usbnet_get_endpoints
- s390/cache: prevent rebuild of shared_cpu_list
- bpf: Fix DEVMAP_HASH overflow check on 32-bit arches
- bpf: Fix hashtab overflow check on 32-bit arches
- bpf: Fix stackmap overflow check on 32-bit arches
- net: dsa: microchip: make sure drive strength configuration is not lost by
soft reset
- dpll: spec: use proper enum for pin capabilities attribute
- iommu: Fix compilation without CONFIG_IOMMU_INTEL
- ipv6: fib6_rules: flush route cache when rule is changed
- net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv()
- octeontx2-af: Fix devlink params
- net: phy: fix phy_get_internal_delay accessing an empty array
- dpll: fix dpll_xa_ref_*_del() for multiple registrations
- net: hns3: fix wrong judgment condition issue
- net: hns3: fix kernel crash when 1588 is received on HIP08 devices
- net: hns3: fix port duplex configure error in IMP reset
- Bluetooth: Fix eir name length
- net: phy: dp83822: Fix RGMII TX delay configuration
- erofs: fix lockdep false positives on initializing erofs_pseudo_mnt
- OPP: debugfs: Fix warning around icc_get_name()
- tcp: fix incorrect parameter validation in the do_tcp_getsockopt() function
- ipmr: fix incorrect parameter validation in the ip_mroute_getsockopt()
function
- l2tp: fix incorrect parameter validation in the pppol2tp_getsockopt()
function
- udp: fix incorrect parameter validation in the udp_lib_getsockopt() function
- net: kcm: fix incorrect parameter validation in the kcm_getsockopt) function
- net/x25: fix incorrect parameter validation in the x25_getsockopt() function
- devlink: Fix length of eswitch inline-mode
- r8152: fix unknown device for choose_configuration
- nfp: flower: handle acti_netdevs allocation failure
- bpf: hardcode BPF_PROG_PACK_SIZE to 2MB * num_possible_nodes()
- dm raid: fix false positive for requeue needed during reshape
- dm: call the resume method on internal suspend
- fbdev/simplefb: change loglevel when the power domains cannot be parsed
- drm/tegra: dsi: Add missing check for of_find_device_by_node
- drm/tegra: dpaux: Fix PM disable depth imbalance in tegra_dpaux_probe
- drm/tegra: dsi: Fix some error handling paths in tegra_dsi_probe()
- drm/tegra: dsi: Fix missing pm_runtime_disable() in the error handling path
of tegra_dsi_probe()
- drm/tegra: hdmi: Fix some error handling paths in tegra_hdmi_probe()
- drm/tegra: rgb: Fix some error handling paths in tegra_dc_rgb_probe()
- drm/tegra: rgb: Fix missing clk_put() in the error handling paths of
tegra_dc_rgb_probe()
- drm/tegra: output: Fix missing i2c_put_adapter() in the error handling paths
of tegra_output_probe()
- drm/rockchip: inno_hdmi: Fix video timing
- drm: Don't treat 0 as -1 in drm_fixp2int_ceil
- drm/vkms: Avoid reading beyond LUT array
- drm/vmwgfx: fix a memleak in vmw_gmrid_man_get_node
- drm/rockchip: lvds: do not overwrite error code
- drm/rockchip: lvds: do not print scary message when probing defer
- drm/panel-edp: use put_sync in unprepare
- drm/lima: fix a memleak in lima_heap_alloc
- ASoC: amd: acp: Add missing error handling in sof-mach
- ASoC: SOF: amd: Fix memory leak in amd_sof_acp_probe()
- ASoC: SOF: core: Skip firmware test for custom loaders
- ASoC: SOF: amd: Compute file paths on firmware load
- soundwire: stream: add missing const to Documentation
- dmaengine: tegra210-adma: Update dependency to ARCH_TEGRA
- media: tc358743: register v4l2 async device only after successful setup
- media: cadence: csi2rx: use match fwnode for media link
- PCI/DPC: Print all TLP Prefixes, not just the first
- perf record: Fix possible incorrect free in record__switch_output()
- perf record: Check conflict between '--timestamp-filename' option and pipe
mode before recording
- HID: lenovo: Add middleclick_workaround sysfs knob for cptkbd
- drm/amd/display: Fix a potential buffer overflow in 'dp_dsc_clock_en_read()'
- perf pmu: Treat the msr pmu as software
- crypto: qat - avoid memcpy() overflow warning
- ALSA: hda: cs35l41: Set Channel Index correctly when system is missing _DSD
- drm/amd/display: Fix potential NULL pointer dereferences in
'dcn10_set_output_transfer_func()'
- ASoC: sh: rz-ssi: Fix error message print
- drm/vmwgfx: Fix vmw_du_get_cursor_mob fencing of newly-created MOBs
- clk: renesas: r8a779g0: Fix PCIe clock name
- pinctrl: renesas: rzg2l: Fix locking in rzg2l_dt_subnode_to_map()
- pinctrl: renesas: r8a779g0: Add missing SCIF_CLK2 pin group/function
- clk: samsung: exynos850: Propagate SPI IPCLK rate change
- media: v4l2: cci: print leading 0 on error
- perf evsel: Fix duplicate initialization of data->id in
evsel__parse_sample()
- perf bpf: Clean up the generated/copied vmlinux.h
- clk: meson: Add missing clocks to axg_clk_regmaps
- media: em28xx: annotate unchecked call to media_device_register()
- media: v4l2-tpg: fix some memleaks in tpg_alloc
- media: v4l2-mem2mem: fix a memleak in v4l2_m2m_register_entity
- media: dt-bindings: techwell,tw9900: Fix port schema ref
- mtd: spinand: esmt: Extend IDs to 5 bytes
- media: edia: dvbdev: fix a use-after-free
- pinctrl: mediatek: Drop bogus slew rate register range for MT8186
- pinctrl: mediatek: Drop bogus slew rate register range for MT8192
- drm/amdgpu: Fix potential out-of-bounds access in
'amdgpu_discovery_reg_base_init()'
- clk: qcom: reset: Commonize the de/assert functions
- clk: qcom: reset: Ensure write completion on reset de/assertion
- quota: Fix potential NULL pointer dereference
- quota: Fix rcu annotations of inode dquot pointers
- quota: Properly annotate i_dquot arrays with __rcu
- ASoC: Intel: ssp-common: Add stub for sof_ssp_get_codec_name
- PCI/P2PDMA: Fix a sleeping issue in a RCU read section
- PCI: switchtec: Fix an error handling path in switchtec_pci_probe()
- crypto: xilinx - call finalize with bh disabled
- drivers/ps3: select VIDEO to provide cmdline functions
- perf thread_map: Free strlist on normal path in thread_map__new_by_tid_str()
- perf srcline: Add missed addr2line closes
- dt-bindings: msm: qcom, mdss: Include ommited fam-b compatible
- drm/msm/dpu: fix the programming of INTF_CFG2_DATA_HCTL_EN
- drm/msm/dpu: Only enable DSC_MODE_MULTIPLEX if dsc_merge is enabled
- drm/radeon/ni: Fix wrong firmware size logging in ni_init_microcode()
- drm/amd/display: fix NULL checks for adev->dm.dc in amdgpu_dm_fini()
- clk: renesas: r8a779g0: Correct PFC/GPIO parent clocks
- clk: renesas: r8a779f0: Correct PFC/GPIO parent clock
- clk: renesas: r9a07g04[34]: Use SEL_SDHI1_STS status configuration for SD1
mux
- ALSA: seq: fix function cast warnings
- perf expr: Fix "has_event" function for metric style events
- perf stat: Avoid metric-only segv
- perf metric: Don't remove scale from counts
- ASoC: meson: aiu: fix function pointer type mismatch
- ASoC: meson: t9015: fix function pointer type mismatch
- powerpc: Force inlining of arch_vmap_p{u/m}d_supported()
- ASoC: SOF: Add some bounds checking to firmware data
- drm: ci: use clk_ignore_unused for apq8016
- NTB: fix possible name leak in ntb_register_device()
- media: cedrus: h265: Fix configuring bitstream size
- media: sun8i-di: Fix coefficient writes
- media: sun8i-di: Fix power on/off sequences
- media: sun8i-di: Fix chroma difference threshold
- staging: media: starfive: Set 16 bpp for capture_raw device
- media: imx: csc/scaler: fix v4l2_ctrl_handler memory leak
- media: go7007: add check of return value of go7007_read_addr()
- media: pvrusb2: remove redundant NULL check
- media: videobuf2: Add missing doc comment for waiting_in_dqbuf
- media: pvrusb2: fix pvr2_stream_callback casts
- clk: qcom: dispcc-sdm845: Adjust internal GDSC wait times
- drm/amd/display: Add 'replay' NULL check in 'edp_set_replay_allow_active()'
- drm/panel: boe-tv101wum-nl6: make use of prepare_prev_first
- drm/msm/dpu: finalise global state object
- drm/mediatek: dsi: Fix DSI RGB666 formats and definitions
- PCI: Mark 3ware-9650SE Root Port Extended Tags as broken
- drm/bridge: adv7511: fix crash on irq during probe
- pinctrl: renesas: Allow the compiler to optimize away sh_pfc_pm
- clk: hisilicon: hi3519: Release the correct number of gates in
hi3519_clk_unregister()
- clk: hisilicon: hi3559a: Fix an erroneous devm_kfree()
- clk: mediatek: mt8135: Fix an error handling path in
clk_mt8135_apmixed_probe()
- clk: mediatek: mt7622-apmixedsys: Fix an error handling path in
clk_mt8135_apmixed_probe()
- clk: mediatek: mt8183: Correct parent of CLK_INFRA_SSPM_32K_SELF
- clk: mediatek: mt7981-topckgen: flag SGM_REG_SEL as critical
- drm/tegra: put drm_gem_object ref on error in tegra_fb_create
- tty: mips_ejtag_fdc: Fix passing incompatible pointer type warning
- media: ivsc: csi: Swap SINK and SOURCE pads
- media: i2c: imx290: Fix IMX920 typo
- mfd: syscon: Call of_node_put() only when of_parse_phandle() takes a ref
- mfd: altera-sysmgr: Call of_node_put() only when of_parse_phandle() takes a
ref
- perf print-events: make is_event_supported() more robust
- crypto: arm/sha - fix function cast warnings
- crypto: ccp - Avoid discarding errors in psp_send_platform_access_msg()
- crypto: qat - remove unused macros in qat_comp_alg.c
- crypto: qat - removed unused macro in adf_cnv_dbgfs.c
- crypto: qat - avoid division by zero
- crypto: qat - remove double initialization of value
- crypto: qat - fix ring to service map for dcc in 4xxx
- crypto: qat - fix ring to service map for dcc in 420xx
- crypto: jitter - fix CRYPTO_JITTERENTROPY help text
- drm/tidss: Fix initial plane zpos values
- drm/tidss: Fix sync-lost issue with two displays
- clk: imx: imx8mp: Fix SAI_MCLK_SEL definition
- mtd: maps: physmap-core: fix flash size larger than 32-bit
- mtd: rawnand: lpc32xx_mlc: fix irq handler prototype
- mtd: rawnand: brcmnand: exec_op helper functions return type fixes
- ASoC: meson: axg-tdm-interface: fix mclk setup without mclk-fs
- ASoC: meson: axg-tdm-interface: add frame rate constraint
- drm/msm/a6xx: specify UBWC config for sc7180
- drm/msm/a7xx: Fix LLC typo
- dt-bindings: arm-smmu: fix SM8[45]50 GPU SMMU if condition
- perf pmu: Fix a potential memory leak in perf_pmu__lookup()
- HID: amd_sfh: Update HPD sensor structure elements
- HID: amd_sfh: Avoid disabling the interrupt
- drm/amdgpu: Fix missing break in ATOM_ARG_IMM Case of atom_get_src_int()
- media: pvrusb2: fix uaf in pvr2_context_set_notify
- media: dvb-frontends: avoid stack overflow warnings with clang
- media: go7007: fix a memleak in go7007_load_encoder
- media: ttpci: fix two memleaks in budget_av_attach
- media: mediatek: vcodec: avoid -Wcast-function-type-strict warning
- arm64: ftrace: Don't forbid CALL_OPS+CC_OPTIMIZE_FOR_SIZE with Clang
- drm/tests: helpers: Include missing drm_drv header
- drm/amd/pm: Fix esm reg mask use to get pcie speed
- gpio: nomadik: fix offset bug in nmk_pmx_set()
- drm/mediatek: Fix a null pointer crash in mtk_drm_crtc_finish_page_flip
- mfd: cs42l43: Fix wrong register defaults
- powerpc/32: fix ADB_CUDA kconfig warning
- powerpc/pseries: Fix potential memleak in papr_get_attr()
- powerpc/hv-gpci: Fix the H_GET_PERF_COUNTER_INFO hcall return value checks
- clk: qcom: gcc-ipq5018: fix 'enable_reg' offset of 'gcc_gmac0_sys_clk'
- clk: qcom: gcc-ipq5018: fix 'halt_reg' offset of 'gcc_pcie1_pipe_clk'
- clk: qcom: gcc-ipq5018: fix register offset for GCC_UBI0_AXI_ARES reset
- perf vendor events amd: Fix Zen 4 cache latency events
- drm/msm/dpu: allow certain formats for CDM for DP
- drm/msm/dpu: add division of drm_display_mode's hskew parameter
- media: usbtv: Remove useless locks in usbtv_video_free()
- drm/xe: Fix ref counting leak on page fault
- drm/xe: Replace 'grouped target' in Makefile with pattern rule
- lib/stackdepot: fix first entry having a 0-handle
- lib/stackdepot: off by one in depot_fetch_stack()
- modules: wait do_free_init correctly
- mfd: cs42l43: Fix wrong GPIO_FN_SEL and SPI_CLK_CONFIG1 defaults
- power: supply: mm8013: fix "not charging" detection
- powerpc/embedded6xx: Fix no previous prototype for avr_uart_send() etc.
- powerpc/4xx: Fix warp_gpio_leds build failure
- RISC-V: KVM: Forward SEED CSR access to user space
- leds: aw2013: Unlock mutex before destroying it
- leds: sgm3140: Add missing timer cleanup and flash gpio control
- backlight: hx8357: Fix potential NULL pointer dereference
- backlight: ktz8866: Correct the check for of_property_read_u32
- backlight: lm3630a: Initialize backlight_properties on init
- backlight: lm3630a: Don't set bl->props.brightness in get_brightness
- backlight: da9052: Fully initialize backlight_properties during probe
- backlight: lm3639: Fully initialize backlight_properties during probe
- backlight: lp8788: Fully initialize backlight_properties during probe
- sparc32: Use generic cmpdi2/ucmpdi2 variants
- mtd: maps: sun_uflash: Declare uflash_devinit static
- sparc32: Do not select GENERIC_ISA_DMA
- sparc32: Fix section mismatch in leon_pci_grpci
- clk: Fix clk_core_get NULL dereference
- clk: zynq: Prevent null pointer dereference caused by kmalloc failure
- PCI: brcmstb: Fix broken brcm_pcie_mdio_write() polling
- cifs: Fix writeback data corruption
- ALSA: hda/realtek: fix ALC285 issues on HP Envy x360 laptops
- ALSA: hda/tas2781: use dev_dbg in system_resume
- ALSA: hda/tas2781: add lock to system_suspend
- ALSA: hda/tas2781: do not reset cur_* values in runtime_suspend
- ALSA: hda/tas2781: do not call pm_runtime_force_* in system_resume/suspend
- ALSA: hda/tas2781: restore power state after system_resume
- ALSA: scarlett2: Fix Scarlett 4th Gen 4i4 low-voltage detection
- ALSA: scarlett2: Fix Scarlett 4th Gen autogain status values
- ALSA: scarlett2: Fix Scarlett 4th Gen input gain range
- ALSA: scarlett2: Fix Scarlett 4th Gen input gain range again
- mips: cm: Convert __mips_cm_l2sync_phys_base() to weak function
- platform/x86/intel/pmc/lnl: Remove SSRAM support
- platform/x86/intel/pmc/arl: Put GNA device in D3
- platform/x86/amd/pmf: Do not use readl() for policy buffer access
- ALSA: usb-audio: Stop parsing channels bits when all channels are found.
- phy: qcom: qmp-usb: split USB-C PHY driver
- phy: qcom: qmp-usbc: add support for the Type-C handling
- phy: qcom: qmp-usbc: handle CLAMP register in a correct way
- scsi: hisi_sas: Fix a deadlock issue related to automatic dump
- RDMA/irdma: Remove duplicate assignment
- RDMA/srpt: Do not register event handler until srpt device is fully setup
- f2fs: compress: fix to guarantee persisting compressed blocks by CP
- f2fs: compress: fix to cover normal cluster write with cp_rwsem
- f2fs: compress: fix to check unreleased compressed cluster
- f2fs: compress: fix to avoid inconsistence bewteen i_blocks and dnode
- f2fs: fix to remove unnecessary f2fs_bug_on() to avoid panic
- f2fs: zone: fix to wait completion of last bio in zone correctly
- f2fs: fix NULL pointer dereference in f2fs_submit_page_write()
- f2fs: compress: fix to cover f2fs_disable_compressed_file() w/ i_sem
- f2fs: fix to avoid potential panic during recovery
- scsi: csiostor: Avoid function pointer casts
- i3c: dw: Disable IBI IRQ depends on hot-join and SIR enabling
- RDMA/hns: Fix mis-modifying default congestion control algorithm
- RDMA/device: Fix a race between mad_client and cm_client init
- RDMA/rtrs-clt: Check strnlen return len in sysfs mpath_policy_store()
- scsi: bfa: Fix function pointer type mismatch for hcb_qe->cbfn
- f2fs: fix to create selinux label during whiteout initialization
- f2fs: compress: fix to check zstd compress level correctly in mount option
- net: sunrpc: Fix an off by one in rpc_sockaddr2uaddr()
- NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102
- NFSv4.2: fix listxattr maximum XDR buffer size
- f2fs: compress: fix to check compress flag w/ .i_sem lock
- f2fs: check number of blocks in a current section
- watchdog: starfive: Check pm_runtime_enabled() before decrementing usage
counter
- watchdog: stm32_iwdg: initialize default timeout
- f2fs: fix to use correct segment type in f2fs_allocate_data_block()
- f2fs: ro: compress: fix to avoid caching unaligned extent
- RDMA/mana_ib: Fix bug in creation of dma regions
- RDMA/mana_ib: Introduce mdev_to_gc helper function
- RDMA/mana_ib: Introduce mana_ib_get_netdev helper function
- RDMA/mana_ib: Introduce mana_ib_install_cq_cb helper function
- RDMA/mana_ib: Use virtual address in dma regions for MRs
- Input: iqs7222 - add support for IQS7222D v1.1 and v1.2
- NFS: Fix nfs_netfs_issue_read() xarray locking for writeback interrupt
- NFS: Fix an off by one in root_nfs_cat()
- NFSv4.1/pnfs: fix NFS with TLS in pnfs
- ACPI: HMAT: Remove register of memory node for generic target
- f2fs: compress: relocate some judgments in f2fs_reserve_compress_blocks
- f2fs: compress: fix reserve_cblocks counting error when out of space
- f2fs: fix to truncate meta inode pages forcely
- f2fs: zone: fix to remove pow2 check condition for zoned block device
- cxl: Fix the incorrect assignment of SSLBIS entry pointer initial location
- perf/x86/amd/core: Avoid register reset when CPU is dead
- afs: Revert "afs: Hide silly-rename files from userspace"
- afs: Don't cache preferred address
- afs: Fix occasional rmdir-then-VNOVNODE with generic/011
- f2fs: fix to avoid use-after-free issue in f2fs_filemap_fault
- nfs: fix panic when nfs4_ff_layout_prepare_ds() fails
- ovl: relax WARN_ON in ovl_verify_area()
- io_uring/net: correct the type of variable
- remoteproc: stm32: Fix incorrect type in assignment for va
- remoteproc: stm32: Fix incorrect type assignment returned by
stm32_rproc_get_loaded_rsc_tablef
- iio: pressure: mprls0025pa fix off-by-one enum
- usb: phy: generic: Get the vbus supply
- tty: vt: fix 20 vs 0x20 typo in EScsiignore
- serial: max310x: fix syntax error in IRQ error message
- tty: serial: samsung: fix tx_empty() to return TIOCSER_TEMT
- arm64: dts: broadcom: bcmbca: bcm4908: drop invalid switch cells
- coresight: Fix issue where a source device's helpers aren't disabled
- coresight: etm4x: Set skip_power_up in etm4_init_arch_data function
- xhci: Add interrupt pending autoclear flag to each interrupter
- xhci: make isoc_bei_interval variable interrupter specific.
- xhci: remove unnecessary event_ring_deq parameter from xhci_handle_event()
- xhci: update event ring dequeue pointer position to controller correctly
- coccinelle: device_attr_show: Remove useless expression STR
- kconfig: fix infinite loop when expanding a macro at the end of file
- iio: gts-helper: Fix division loop
- bus: mhi: ep: check the correct variable in mhi_ep_register_controller()
- hwtracing: hisi_ptt: Move type check to the beginning of
hisi_ptt_pmu_event_init()
- rtc: mt6397: select IRQ_DOMAIN instead of depending on it
- rtc: max31335: fix interrupt status reg
- serial: 8250_exar: Don't remove GPIO device on suspend
- staging: greybus: fix get_channel_from_mode() failure path
- mei: vsc: Call wake_up() in the threaded IRQ handler
- mei: vsc: Don't use sleeping condition in wait_event_timeout()
- usb: gadget: net2272: Use irqflags in the call to net2272_probe_fin
- char: xilinx_hwicap: Fix NULL vs IS_ERR() bug
- x86/hyperv: Use per cpu initial stack for vtl context
- ASoC: tlv320adc3xxx: Don't strip remove function when driver is builtin
- thermal/drivers/mediatek/lvts_thermal: Fix a memory leak in an error
handling path
- thermal/drivers/qoriq: Fix getting tmu range
- io_uring: don't save/restore iowait state
- spi: lpspi: Avoid potential use-after-free in probe()
- spi: Restore delays for non-GPIO chip select
- ASoC: rockchip: i2s-tdm: Fix inaccurate sampling rates
- nouveau: reset the bo resource bus info after an eviction
- tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge()
- rds: tcp: Fix use-after-free of net in reqsk_timer_handler().
- octeontx2-af: Use matching wake_up API variant in CGX command interface
- s390/vtime: fix average steal time calculation
- net/sched: taprio: proper TCA_TAPRIO_TC_ENTRY_INDEX check
- devlink: Fix devlink parallel commands processing
- riscv: Only check online cpus for emulated accesses
- soc: fsl: dpio: fix kcalloc() argument order
- cpufreq: Fix per-policy boost behavior on SoCs using cpufreq_boost_set_sw()
- io_uring: Fix release of pinned pages when __io_uaddr_map fails
- tcp: Fix refcnt handling in __inet_hash_connect().
- vmxnet3: Fix missing reserved tailroom
- hsr: Fix uninit-value access in hsr_get_node()
- net: txgbe: fix clk_name exceed MAX_DEV_ID limits
- spi: spi-mem: add statistics support to ->exec_op() calls
- spi: Fix error code checking in spi_mem_exec_op()
- nvme: fix reconnection fail due to reserved tag allocation
- drm/xe: Invalidate userptr VMA on page pin fault
- drm/xe: Skip VMAs pin when requesting signal to the last XE_EXEC
- net: mediatek: mtk_eth_soc: clear MAC_MCR_FORCE_LINK only when MAC is up
- net: ethernet: mtk_eth_soc: fix PPE hanging issue
- io_uring: fix poll_remove stalled req completion
- ASoC: SOF: amd: Move signed_fw_image to struct acp_quirk_entry
- ASoC: SOF: amd: Skip IRAM/DRAM size modification for Steam Deck OLED
- riscv: Fix compilation error with FAST_GUP and rv32
- xen/evtchn: avoid WARN() when unbinding an event channel
- xen/events: increment refcnt only if event channel is refcounted
- packet: annotate data-races around ignore_outgoing
- xfrm: Allow UDP encapsulation only in offload modes
- net: veth: do not manipulate GRO when using XDP
- net: dsa: mt7530: prevent possible incorrect XTAL frequency selection
- spi: spi-imx: fix off-by-one in mx51 CPU mode burst length
- drm: Fix drm_fixp2int_round() making it add 0.5
- virtio: uapi: Drop __packed attribute in linux/virtio_pci.h
- vdpa_sim: reset must not run
- vdpa/mlx5: Allow CVQ size changes
- virtio: packed: fix unmap leak for indirect desc table
- net: move dev->state into net_device_read_txrx group
- wireguard: receive: annotate data-race around receiving_counter.counter
- rds: introduce acquire/release ordering in acquire/release_in_xmit()
- hsr: Handle failures in module init
- ipv4: raw: Fix sending packets from raw sockets via IPsec tunnels
- nouveau/gsp: don't check devinit disable on GSP.
- ceph: stop copying to iter at EOF on sync reads
- net: phy: fix phy_read_poll_timeout argument type in genphy_loopback
- dm-integrity: fix a memory leak when rechecking the data
- net/bnx2x: Prevent access to a freed page in page_pool
- devlink: fix port new reply cmd type
- octeontx2: Detect the mbox up or down message via register
- octeontx2-pf: Wait till detach_resources msg is complete
- octeontx2-pf: Use default max_active works instead of one
- octeontx2-pf: Send UP messages to VF only when VF is up.
- octeontx2-af: Use separate handlers for interrupts
- drm/amdgpu: add MMHUB 3.3.1 support
- drm/amdgpu: fix mmhub client id out-of-bounds access
- drm/amdgpu: drop setting buffer funcs in sdma442
- netfilter: nft_set_pipapo: release elements in clone only from destroy path
- netfilter: nf_tables: do not compare internal table flags on updates
- rcu: add a helper to report consolidated flavor QS
- net: report RCU QS on threaded NAPI repolling
- bpf: report RCU QS in cpumap kthread
- net: dsa: mt7530: fix link-local frames that ingress vlan filtering ports
- net: dsa: mt7530: fix handling of all link-local frames
- netfilter: nf_tables: Fix a memory leak in nf_tables_updchain
- spi: spi-mt65xx: Fix NULL pointer access in interrupt handler
- selftests: forwarding: Fix ping failure due to short timeout
- dm io: Support IO priority
- dm-integrity: align the outgoing bio in integrity_recheck
- x86/efistub: Clear decompressor BSS in native EFI entrypoint
- x86/efistub: Don't clear BSS twice in mixed mode
- printk: Adjust mapping for 32bit seq macros
- printk: Use prb_first_seq() as base for 32bit seq macros
- Linux 6.8.2
- [Config] updateconfig following v6.8.2 import
* Add Real-time Linux Analysis tool (rtla) to linux-tools (LP: #2059080)
- SAUCE: rtla: fix deb build
- [Packaging] add Real-time Linux Analysis tool (rtla) to linux-tools
* Provide python perf module (LP: #2051560)
- [Packaging] enable perf python module
- [Packaging] provide a wrapper module for python-perf
* update apparmor and LSM stacking patch set (LP: #2028253)
- SAUCE: apparmor4.0.0 [01/90]: LSM stacking v39: integrity: disassociate
ima_filter_rule from security_audit_rule
- SAUCE: apparmor4.0.0 [02/90]: LSM stacking v39: SM: Infrastructure
management of the sock security
- SAUCE: apparmor4.0.0 [03/90]: LSM stacking v39: LSM: Add the lsmblob data
structure.
- SAUCE: apparmor4.0.0 [04/90]: LSM stacking v39: IMA: avoid label collisions
with stacked LSMs
- SAUCE: apparmor4.0.0 [05/90]: LSM stacking v39: LSM: Use lsmblob in
security_audit_rule_match
- SAUCE: apparmor4.0.0 [06/90]: LSM stacking v39: LSM: Add lsmblob_to_secctx
hook
- SAUCE: apparmor4.0.0 [07/90]: LSM stacking v39: Audit: maintain an lsmblob
in audit_context
- SAUCE: apparmor4.0.0 [08/90]: LSM stacking v39: LSM: Use lsmblob in
security_ipc_getsecid
- SAUCE: apparmor4.0.0 [09/90]: LSM stacking v39: Audit: Update shutdown LSM
data
- SAUCE: apparmor4.0.0 [10/90]: LSM stacking v39: LSM: Use lsmblob in
security_current_getsecid
- SAUCE: apparmor4.0.0 [11/90]: LSM stacking v39: LSM: Use lsmblob in
security_inode_getsecid
- SAUCE: apparmor4.0.0 [12/90]: LSM stacking v39: Audit: use an lsmblob in
audit_names
- SAUCE: apparmor4.0.0 [13/90]: LSM stacking v39: LSM: Create new
security_cred_getlsmblob LSM hook
- SAUCE: apparmor4.0.0 [14/90]: LSM stacking v39: Audit: Change context data
from secid to lsmblob
- SAUCE: apparmor4.0.0 [15/90]: LSM stacking v39: Netlabel: Use lsmblob for
audit data
- SAUCE: apparmor4.0.0 [16/90]: LSM stacking v39: LSM: Ensure the correct LSM
context releaser
- SAUCE: apparmor4.0.0 [17/90]: LSM stacking v39: LSM: Use lsmcontext in
security_secid_to_secctx
- SAUCE: apparmor4.0.0 [18/90]: LSM stacking v39: LSM: Use lsmcontext in
security_lsmblob_to_secctx
- SAUCE: apparmor4.0.0 [19/90]: LSM stacking v39: LSM: Use lsmcontext in
security_inode_getsecctx
- SAUCE: apparmor4.0.0 [20/90]: LSM stacking v39: LSM: Use lsmcontext in
security_dentry_init_security
- SAUCE: apparmor4.0.0 [21/90]: LSM stacking v39: LSM:
security_lsmblob_to_secctx module selection
- SAUCE: apparmor4.0.0 [22/90]: LSM stacking v39: Audit: Create audit_stamp
structure
- SAUCE: apparmor4.0.0 [23/90]: LSM stacking v39: Audit: Allow multiple
records in an audit_buffer
- SAUCE: apparmor4.0.0 [24/90]: LSM stacking v39: Audit: Add record for
multiple task security contexts
- SAUCE: apparmor4.0.0 [25/90]: LSM stacking v39: audit: multiple subject lsm
values for netlabel
- SAUCE: apparmor4.0.0 [26/90]: LSM stacking v39: Audit: Add record for
multiple object contexts
- SAUCE: apparmor4.0.0 [27/90]: LSM stacking v39: LSM: Remove unused
lsmcontext_init()
- SAUCE: apparmor4.0.0 [28/90]: LSM stacking v39: LSM: Improve logic in
security_getprocattr
- SAUCE: apparmor4.0.0 [29/90]: LSM stacking v39: LSM: secctx provider check
on release
- SAUCE: apparmor4.0.0 [31/90]: LSM stacking v39: LSM: Exclusive secmark usage
- SAUCE: apparmor4.0.0 [32/90]: LSM stacking v39: LSM: Identify which LSM
handles the context string
- SAUCE: apparmor4.0.0 [33/90]: LSM stacking v39: AppArmor: Remove the
exclusive flag
- SAUCE: apparmor4.0.0 [34/90]: LSM stacking v39: LSM: Add mount opts blob
size tracking
- SAUCE: apparmor4.0.0 [35/90]: LSM stacking v39: LSM: allocate mnt_opts blobs
instead of module specific data
- SAUCE: apparmor4.0.0 [36/90]: LSM stacking v39: LSM: Infrastructure
management of the key security blob
- SAUCE: apparmor4.0.0 [37/90]: LSM stacking v39: LSM: Infrastructure
management of the mnt_opts security blob
- SAUCE: apparmor4.0.0 [38/90]: LSM stacking v39: LSM: Correct handling of
ENOSYS in inode_setxattr
- SAUCE: apparmor4.0.0 [39/90]: LSM stacking v39: LSM: Remove lsmblob
scaffolding
- SAUCE: apparmor4.0.0 [40/90]: LSM stacking v39: LSM: Allow reservation of
netlabel
- SAUCE: apparmor4.0.0 [41/90]: LSM stacking v39: LSM: restrict
security_cred_getsecid() to a single LSM
- SAUCE: apparmor4.0.0 [42/90]: LSM stacking v39: Smack: Remove
LSM_FLAG_EXCLUSIVE
- SAUCE: apparmor4.0.0 [43/90]: LSM stacking v39: UBUNTU: SAUCE: apparmor4.0.0
[12/95]: add/use fns to print hash string hex value
- SAUCE: apparmor4.0.0 [44/90]: patch to provide compatibility with v2.x net
rules
- SAUCE: apparmor4.0.0 [45/90]: add unpriviled user ns mediation
- SAUCE: apparmor4.0.0 [46/90]: Add sysctls for additional controls of unpriv
userns restrictions
- SAUCE: apparmor4.0.0 [47/90]: af_unix mediation
- SAUCE: apparmor4.0.0 [48/90]: Add fine grained mediation of posix mqueues
- SAUCE: apparmor4.0.0 [49/90]: setup slab cache for audit data
- SAUCE: apparmor4.0.0 [50/90]: Improve debug print infrastructure
- SAUCE: apparmor4.0.0 [51/90]: add the ability for profiles to have a
learning cache
- SAUCE: apparmor4.0.0 [52/90]: enable userspace upcall for mediation
- SAUCE: apparmor4.0.0 [53/90]: prompt - lock down prompt interface
- SAUCE: apparmor4.0.0 [54/90]: prompt - allow controlling of caching of a
prompt response
- SAUCE: apparmor4.0.0 [55/90]: prompt - add refcount to audit_node in prep or
reuse and delete
- SAUCE: apparmor4.0.0 [56/90]: prompt - refactor to moving caching to
uresponse
- SAUCE: apparmor4.0.0 [57/90]: prompt - Improve debug statements
- SAUCE: apparmor4.0.0 [58/90]: prompt - fix caching
- SAUCE: apparmor4.0.0 [59/90]: prompt - rework build to use append fn, to
simplify adding strings
- SAUCE: apparmor4.0.0 [60/90]: prompt - refcount notifications
- SAUCE: apparmor4.0.0 [61/90]: prompt - add the ability to reply with a
profile name
- SAUCE: apparmor4.0.0 [62/90]: prompt - fix notification cache when updating
- SAUCE: apparmor4.0.0 [63/90]: prompt - add tailglob on name for cache
support
- SAUCE: apparmor4.0.0 [64/90]: prompt - allow profiles to set prompts as
interruptible
- SAUCE: apparmor4.0.0 [65/90] v6.8 prompt:fixup interruptible
- SAUCE: apparmor4.0.0 [69/90]: add io_uring mediation
- SAUCE: apparmor4.0.0 [70/90]: apparmor: fix oops when racing to retrieve
notification
- SAUCE: apparmor4.0.0 [71/90]: apparmor: fix notification header size
- SAUCE: apparmor4.0.0 [72/90]: apparmor: fix request field from a prompt
reply that denies all access
- SAUCE: apparmor4.0.0 [73/90]: apparmor: open userns related sysctl so lxc
can check if restriction are in place
- SAUCE: apparmor4.0.0 [74/90]: apparmor: cleanup attachment perm lookup to
use lookup_perms()
- SAUCE: apparmor4.0.0 [75/90]: apparmor: remove redundant unconfined check.
- SAUCE: apparmor4.0.0 [76/90]: apparmor: switch signal mediation to using
RULE_MEDIATES
- SAUCE: apparmor4.0.0 [77/90]: apparmor: ensure labels with more than one
entry have correct flags
- SAUCE: apparmor4.0.0 [78/90]: apparmor: remove explicit restriction that
unconfined cannot use change_hat
- SAUCE: apparmor4.0.0 [79/90]: apparmor: cleanup: refactor file_perm() to
provide semantics of some checks
- SAUCE: apparmor4.0.0 [80/90]: apparmor: carry mediation check on label
- SAUCE: apparmor4.0.0 [81/90]: apparmor: convert easy uses of unconfined() to
label_mediates()
- SAUCE: apparmor4.0.0 [82/90]: apparmor: add additional flags to extended
permission.
- SAUCE: apparmor4.0.0 [83/90]: apparmor: add support for profiles to define
the kill signal
- SAUCE: apparmor4.0.0 [84/90]: apparmor: fix x_table_lookup when stacking is
not the first entry
- SAUCE: apparmor4.0.0 [85/90]: apparmor: allow profile to be transitioned
when a user ns is created
- SAUCE: apparmor4.0.0 [86/90]: apparmor: add ability to mediate caps with
policy state machine
- SAUCE: apparmor4.0.0 [87/90]: fixup notify
- SAUCE: apparmor4.0.0 [88/90]: apparmor: add fine grained ipv4/ipv6 mediation
- SAUCE: apparmor4.0.0 [89/90]:apparmor: disable tailglob responses for now
- SAUCE: apparmor4.0.0 [90/90]: apparmor: Fix notify build warnings
- SAUCE: apparmor4.0.0: fix reserved mem for when we save ipv6 addresses
- [Config] disable CONFIG_SECURITY_APPARMOR_RESTRICT_USERNS
* update apparmor and LSM stacking patch set (LP: #2028253) // [FFe]
apparmor-4.0.0-alpha2 for unprivileged user namespace restrictions in mantic
(LP: #2032602)
- SAUCE: apparmor4.0.0 [66/90]: prompt - add support for advanced filtering of
notifications
- SAUCE: apparmor4.0.0 [67/90]: userns - add the ability to reference a global
variable for a feature value
- SAUCE: apparmor4.0.0 [68/90]: userns - make it so special unconfined
profiles can mediate user namespaces
* [24.04 FEAT] Memory hotplug vmem pages (s390x) (LP: #2051835)
- mm/memory_hotplug: introduce MEM_PREPARE_ONLINE/MEM_FINISH_OFFLINE notifiers
- s390/mm: allocate vmemmap pages from self-contained memory range
- s390/sclp: remove unhandled memory notifier type
- s390/mm: implement MEM_PREPARE_ONLINE/MEM_FINISH_OFFLINE notifiers
- s390: enable MHP_MEMMAP_ON_MEMORY
- [Config] enable CONFIG_ARCH_MHP_MEMMAP_ON_MEMORY_ENABLE and
CONFIG_MHP_MEMMAP_ON_MEMORY for s390x
* To support AMD Adaptive Backlight Management (ABM) for power profiles daemon
>= 2.0 (LP: #2056716)
- drm/amd/display: add panel_power_savings sysfs entry to eDP connectors
- drm/amdgpu: respect the abmlevel module parameter value if it is set
* [MTL] x86: Fix Cache info sysfs is not populated (LP: #2049793)
- SAUCE: cacheinfo: Check for null last-level cache info
- SAUCE: cacheinfo: Allocate memory for memory if not done from the primary
CPU
- SAUCE: x86/cacheinfo: Delete global num_cache_leaves
- SAUCE: x86/cacheinfo: Clean out init_cache_level()
* Miscellaneous Ubuntu changes
- SAUCE: apparmor4.0.0: LSM stacking v39: fix build error with
CONFIG_SECURITY=n
[ Ubuntu: 6.8.0-22.22 ]
* noble/linux: 6.8.0-22.22 -proposed tracker (LP: #2060238)
[ Ubuntu: 6.8.0-21.21 ]
* noble/linux: 6.8.0-21.21 -proposed tracker (LP: #2060225)
* Miscellaneous Ubuntu changes
- [Config] update toolchain version in annotations
[ Ubuntu: 6.8.0-20.20 ]
* noble/linux: 6.8.0-20.20 -proposed tracker (LP: #2058221)
* Noble update: v6.8.1 upstream stable release (LP: #2058224)
- x86/mmio: Disable KVM mitigation when X86_FEATURE_CLEAR_CPU_BUF is set
- Documentation/hw-vuln: Add documentation for RFDS
- x86/rfds: Mitigate Register File Data Sampling (RFDS)
- KVM/x86: Export RFDS_NO and RFDS_CLEAR to guests
- Linux 6.8.1
* Autopkgtest failures on amd64 (LP: #2048768)
- [Packaging] update to clang-18
* Miscellaneous Ubuntu changes
- SAUCE: apparmor4.0.0: LSM stacking v39: fix build error with
CONFIG_SECURITY=n
- [Config] amd64: MITIGATION_RFDS=y
[ Ubuntu: 6.8.0-19.19 ]
* noble/linux: 6.8.0-19.19 -proposed tracker (LP: #2057910)
* Miscellaneous Ubuntu changes
- [Packaging] re-introduce linux-doc as an empty package
[ Ubuntu: 6.8.0-18.18 ]
* noble/linux: 6.8.0-18.18 -proposed tracker (LP: #2057456)
* Miscellaneous Ubuntu changes
- [Packaging] drop dependency on libclang-17
[ Ubuntu: 6.8.0-17.17 ]
* noble/linux: 6.8.0-17.17 -proposed tracker (LP: #2056745)
* Miscellaneous upstream changes
- Revert "UBUNTU: [Packaging] Add debian/control sanity check"
[ Ubuntu: 6.8.0-16.16 ]
* noble/linux: 6.8.0-16.16 -proposed tracker (LP: #2056738)
* left-over ceph debugging printks (LP: #2056616)
- Revert "UBUNTU: SAUCE: ceph: make sure all the files successfully put before
unmounting"
* qat: Improve error recovery flows (LP: #2056354)
- crypto: qat - add heartbeat error simulator
- crypto: qat - disable arbitration before reset
- crypto: qat - update PFVF protocol for recovery
- crypto: qat - re-enable sriov after pf reset
- crypto: qat - add fatal error notification
- crypto: qat - add auto reset on error
- crypto: qat - limit heartbeat notifications
- crypto: qat - improve aer error reset handling
- crypto: qat - change SLAs cleanup flow at shutdown
- crypto: qat - resolve race condition during AER recovery
- Documentation: qat: fix auto_reset section
* update apparmor and LSM stacking patch set (LP: #2028253)
- SAUCE: apparmor4.0.0 [01/87]: LSM stacking v39: integrity: disassociate
ima_filter_rule from security_audit_rule
- SAUCE: apparmor4.0.0 [02/87]: LSM stacking v39: SM: Infrastructure
management of the sock security
- SAUCE: apparmor4.0.0 [03/87]: LSM stacking v39: LSM: Add the lsmblob data
structure.
- SAUCE: apparmor4.0.0 [04/87]: LSM stacking v39: IMA: avoid label collisions
with stacked LSMs
- SAUCE: apparmor4.0.0 [05/87]: LSM stacking v39: LSM: Use lsmblob in
security_audit_rule_match
- SAUCE: apparmor4.0.0 [06/87]: LSM stacking v39: LSM: Add lsmblob_to_secctx
hook
- SAUCE: apparmor4.0.0 [07/87]: LSM stacking v39: Audit: maintain an lsmblob
in audit_context
- SAUCE: apparmor4.0.0 [08/87]: LSM stacking v39: LSM: Use lsmblob in
security_ipc_getsecid
- SAUCE: apparmor4.0.0 [09/87]: LSM stacking v39: Audit: Update shutdown LSM
data
- SAUCE: apparmor4.0.0 [10/87]: LSM stacking v39: LSM: Use lsmblob in
security_current_getsecid
- SAUCE: apparmor4.0.0 [11/87]: LSM stacking v39: LSM: Use lsmblob in
security_inode_getsecid
- SAUCE: apparmor4.0.0 [12/87]: LSM stacking v39: Audit: use an lsmblob in
audit_names
- SAUCE: apparmor4.0.0 [13/87]: LSM stacking v39: LSM: Create new
security_cred_getlsmblob LSM hook
- SAUCE: apparmor4.0.0 [14/87]: LSM stacking v39: Audit: Change context data
from secid to lsmblob
- SAUCE: apparmor4.0.0 [15/87]: LSM stacking v39: Netlabel: Use lsmblob for
audit data
- SAUCE: apparmor4.0.0 [16/87]: LSM stacking v39: LSM: Ensure the correct LSM
context releaser
- SAUCE: apparmor4.0.0 [17/87]: LSM stacking v39: LSM: Use lsmcontext in
security_secid_to_secctx
- SAUCE: apparmor4.0.0 [18/87]: LSM stacking v39: LSM: Use lsmcontext in
security_lsmblob_to_secctx
- SAUCE: apparmor4.0.0 [19/87]: LSM stacking v39: LSM: Use lsmcontext in
security_inode_getsecctx
- SAUCE: apparmor4.0.0 [20/87]: LSM stacking v39: LSM: Use lsmcontext in
security_dentry_init_security
- SAUCE: apparmor4.0.0 [21/87]: LSM stacking v39: LSM:
security_lsmblob_to_secctx module selection
- SAUCE: apparmor4.0.0 [22/87]: LSM stacking v39: Audit: Create audit_stamp
structure
- SAUCE: apparmor4.0.0 [23/87]: LSM stacking v39: Audit: Allow multiple
records in an audit_buffer
- SAUCE: apparmor4.0.0 [24/87]: LSM stacking v39: Audit: Add record for
multiple task security contexts
- SAUCE: apparmor4.0.0 [25/87]: LSM stacking v39: audit: multiple subject lsm
values for netlabel
- SAUCE: apparmor4.0.0 [26/87]: LSM stacking v39: Audit: Add record for
multiple object contexts
- SAUCE: apparmor4.0.0 [27/87]: LSM stacking v39: LSM: Remove unused
lsmcontext_init()
- SAUCE: apparmor4.0.0 [28/87]: LSM stacking v39: LSM: Improve logic in
security_getprocattr
- SAUCE: apparmor4.0.0 [29/87]: LSM stacking v39: LSM: secctx provider check
on release
- SAUCE: apparmor4.0.0 [31/87]: LSM stacking v39: LSM: Exclusive secmark usage
- SAUCE: apparmor4.0.0 [32/87]: LSM stacking v39: LSM: Identify which LSM
handles the context string
- SAUCE: apparmor4.0.0 [33/87]: LSM stacking v39: AppArmor: Remove the
exclusive flag
- SAUCE: apparmor4.0.0 [34/87]: LSM stacking v39: LSM: Add mount opts blob
size tracking
- SAUCE: apparmor4.0.0 [35/87]: LSM stacking v39: LSM: allocate mnt_opts blobs
instead of module specific data
- SAUCE: apparmor4.0.0 [36/87]: LSM stacking v39: LSM: Infrastructure
management of the key security blob
- SAUCE: apparmor4.0.0 [37/87]: LSM stacking v39: LSM: Infrastructure
management of the mnt_opts security blob
- SAUCE: apparmor4.0.0 [38/87]: LSM stacking v39: LSM: Correct handling of
ENOSYS in inode_setxattr
- SAUCE: apparmor4.0.0 [39/87]: LSM stacking v39: LSM: Remove lsmblob
scaffolding
- SAUCE: apparmor4.0.0 [40/87]: LSM stacking v39: LSM: Allow reservation of
netlabel
- SAUCE: apparmor4.0.0 [41/87]: LSM stacking v39: LSM: restrict
security_cred_getsecid() to a single LSM
- SAUCE: apparmor4.0.0 [42/87]: LSM stacking v39: Smack: Remove
LSM_FLAG_EXCLUSIVE
- SAUCE: apparmor4.0.0 [43/87]: LSM stacking v39: UBUNTU: SAUCE: apparmor4.0.0
[12/95]: add/use fns to print hash string hex value
- SAUCE: apparmor4.0.0 [44/87]: patch to provide compatibility with v2.x net
rules
- SAUCE: apparmor4.0.0 [45/87]: add unpriviled user ns mediation
- SAUCE: apparmor4.0.0 [46/87]: Add sysctls for additional controls of unpriv
userns restrictions
- SAUCE: apparmor4.0.0 [47/87]: af_unix mediation
- SAUCE: apparmor4.0.0 [48/87]: Add fine grained mediation of posix mqueues
- SAUCE: apparmor4.0.0 [49/87]: setup slab cache for audit data
- SAUCE: apparmor4.0.0 [50/87]: Improve debug print infrastructure
- SAUCE: apparmor4.0.0 [51/87]: add the ability for profiles to have a
learning cache
- SAUCE: apparmor4.0.0 [52/87]: enable userspace upcall for mediation
- SAUCE: apparmor4.0.0 [53/87]: prompt - lock down prompt interface
- SAUCE: apparmor4.0.0 [54/87]: prompt - allow controlling of caching of a
prompt response
- SAUCE: apparmor4.0.0 [55/87]: prompt - add refcount to audit_node in prep or
reuse and delete
- SAUCE: apparmor4.0.0 [56/87]: prompt - refactor to moving caching to
uresponse
- SAUCE: apparmor4.0.0 [57/87]: prompt - Improve debug statements
- SAUCE: apparmor4.0.0 [58/87]: prompt - fix caching
- SAUCE: apparmor4.0.0 [59/87]: prompt - rework build to use append fn, to
simplify adding strings
- SAUCE: apparmor4.0.0 [60/87]: prompt - refcount notifications
- SAUCE: apparmor4.0.0 [61/87]: prompt - add the ability to reply with a
profile name
- SAUCE: apparmor4.0.0 [62/87]: prompt - fix notification cache when updating
- SAUCE: apparmor4.0.0 [63/87]: prompt - add tailglob on name for cache
support
- SAUCE: apparmor4.0.0 [64/87]: prompt - allow profiles to set prompts as
interruptible
- SAUCE: apparmor4.0.0 [65/87] v6.8 prompt:fixup interruptible
- SAUCE: apparmor4.0.0 [69/87]: add io_uring mediation
- SAUCE: apparmor4.0.0 [70/87]: apparmor: fix oops when racing to retrieve
notification
- SAUCE: apparmor4.0.0 [71/87]: apparmor: fix notification header size
- SAUCE: apparmor4.0.0 [72/87]: apparmor: fix request field from a prompt
reply that denies all access
- SAUCE: apparmor4.0.0 [73/87]: apparmor: open userns related sysctl so lxc
can check if restriction are in place
- SAUCE: apparmor4.0.0 [74/87]: apparmor: cleanup attachment perm lookup to
use lookup_perms()
- SAUCE: apparmor4.0.0 [75/87]: apparmor: remove redundant unconfined check.
- SAUCE: apparmor4.0.0 [76/87]: apparmor: switch signal mediation to using
RULE_MEDIATES
- SAUCE: apparmor4.0.0 [77/87]: apparmor: ensure labels with more than one
entry have correct flags
- SAUCE: apparmor4.0.0 [78/87]: apparmor: remove explicit restriction that
unconfined cannot use change_hat
- SAUCE: apparmor4.0.0 [79/87]: apparmor: cleanup: refactor file_perm() to
provide semantics of some checks
- SAUCE: apparmor4.0.0 [80/87]: apparmor: carry mediation check on label
- SAUCE: apparmor4.0.0 [81/87]: apparmor: convert easy uses of unconfined() to
label_mediates()
- SAUCE: apparmor4.0.0 [82/87]: apparmor: add additional flags to extended
permission.
- SAUCE: apparmor4.0.0 [83/87]: apparmor: add support for profiles to define
the kill signal
- SAUCE: apparmor4.0.0 [84/87]: apparmor: fix x_table_lookup when stacking is
not the first entry
- SAUCE: apparmor4.0.0 [85/87]: apparmor: allow profile to be transitioned
when a user ns is created
- SAUCE: apparmor4.0.0 [86/87]: apparmor: add ability to mediate caps with
policy state machine
- SAUCE: apparmor4.0.0 [87/87]: fixup notify
- [Config] disable CONFIG_SECURITY_APPARMOR_RESTRICT_USERNS
* update apparmor and LSM stacking patch set (LP: #2028253) // [FFe]
apparmor-4.0.0-alpha2 for unprivileged user namespace restrictions in mantic
(LP: #2032602)
- SAUCE: apparmor4.0.0 [66/87]: prompt - add support for advanced filtering of
notifications
- SAUCE: apparmor4.0.0 [67/87]: userns - add the ability to reference a global
variable for a feature value
- SAUCE: apparmor4.0.0 [68/87]: userns - make it so special unconfined
profiles can mediate user namespaces
* Enable lowlatency settings in the generic kernel (LP: #2051342)
- [Config] enable low-latency settings
* hwmon: (coretemp) Fix core count limitation (LP: #2056126)
- hwmon: (coretemp) Introduce enum for attr index
- hwmon: (coretemp) Remove unnecessary dependency of array index
- hwmon: (coretemp) Replace sensor_device_attribute with device_attribute
- hwmon: (coretemp) Remove redundant pdata->cpu_map[]
- hwmon: (coretemp) Abstract core_temp helpers
- hwmon: (coretemp) Split package temp_data and core temp_data
- hwmon: (coretemp) Remove redundant temp_data->is_pkg_data
- hwmon: (coretemp) Use dynamic allocated memory for core temp_data
* Miscellaneous Ubuntu changes
- [Config] Disable CONFIG_CRYPTO_DEV_QAT_ERROR_INJECTION
- [Packaging] remove debian/scripts/misc/arch-has-odm-enabled.sh
- rebase on v6.8
- [Config] toolchain version update
* Miscellaneous upstream changes
- crypto: qat - add fatal error notify method
* Rebase on v6.8
[ Ubuntu: 6.8.0-15.15 ]
* noble/linux: 6.8.0-15.15 -proposed tracker (LP: #2055871)
* Miscellaneous Ubuntu changes
- rebase on v6.8-rc7
* Miscellaneous upstream changes
- Revert "UBUNTU: [Packaging] Transition laptop-23.10 to generic"
* Rebase on v6.8-rc7
[ Ubuntu: 6.8.0-14.14 ]
* noble/linux: 6.8.0-14.14 -proposed tracker (LP: #2055551)
* Please change CONFIG_CONSOLE_LOGLEVEL_QUIET to 3 (LP: #2049390)
- [Config] reduce verbosity when booting in quiet mode
* linux: please move erofs.ko (CONFIG_EROFS for EROFS support) from linux-
modules-extra to linux-modules (LP: #2054809)
- UBUNTU [Packaging]: Include erofs in linux-modules instead of linux-modules-
extra
* linux: please move dmi-sysfs.ko (CONFIG_DMI_SYSFS for SMBIOS support) from
linux-modules-extra to linux-modules (LP: #2045561)
- [Packaging] Move dmi-sysfs.ko into linux-modules
* Enable CONFIG_INTEL_IOMMU_DEFAULT_ON and
CONFIG_INTEL_IOMMU_SCALABLE_MODE_DEFAULT_ON (LP: #1951440)
- [Config] enable Intel DMA remapping by default
* disable Intel DMA remapping by default (LP: #1971699)
- [Config] update tracking bug for CONFIG_INTEL_IOMMU_DEFAULT_ON
* Packaging resync (LP: #1786013)
- debian.master/dkms-versions -- update from kernel-versions
(main/d2024.02.29)
* Miscellaneous Ubuntu changes
- SAUCE: modpost: Replace 0-length array with flex-array member
- [packaging] do not include debian/ directory in a binary package
- [packaging] remove debian/stamps/keep-dir
[ Ubuntu: 6.8.0-13.13 ]
* noble/linux: 6.8.0-13.13 -proposed tracker (LP: #2055421)
* Packaging resync (LP: #1786013)
- debian.master/dkms-versions -- update from kernel-versions
(main/d2024.02.29)
* Miscellaneous Ubuntu changes
- rebase on v6.8-rc6
- [Config] updateconfifs following v6.8-rc6 rebase
* Rebase on v6.8-rc6
[ Ubuntu: 6.8.0-12.12 ]
* linux-tools-common: man page of usbip[d] is misplaced (LP: #2054094)
- [Packaging] rules: Put usbip manpages in the correct directory
* Validate connection interval to pass Bluetooth Test Suite (LP: #2052005)
- Bluetooth: Enforce validation on max value of connection interval
* Turning COMPAT_32BIT_TIME off on s390x (LP: #2038583)
- [Config] Turn off 31-bit COMPAT on s390x
* Don't produce linux-source binary package (LP: #2043994)
- [Packaging] Add debian/control sanity check
* Don't produce linux-*-source-<version> package (LP: #2052439)
- [Packaging] Move linux-source package stub to debian/control.d
- [Packaging] Build linux-source package only for the main kernel
* Don't produce linux-*-cloud-tools-common, linux-*-tools-common and
linux-*-tools-host binary packages (LP: #2048183)
- [Packaging] Move indep tools package stubs to debian/control.d
- [Packaging] Build indep tools packages only for the main kernel
* Enable CONFIG_INTEL_IOMMU_DEFAULT_ON and
CONFIG_INTEL_IOMMU_SCALABLE_MODE_DEFAULT_ON (LP: #1951440)
- [Config] enable Intel DMA remapping by default
* disable Intel DMA remapping by default (LP: #1971699)
- [Config] update tracking bug for CONFIG_INTEL_IOMMU_DEFAULT_ON
* Miscellaneous Ubuntu changes
- [Packaging] Transition laptop-23.10 to generic
[ Ubuntu: 6.8.0-11.11 ]
* noble/linux: 6.8.0-11.11 -proposed tracker (LP: #2053094)
* Miscellaneous Ubuntu changes
- [Packaging] riscv64: disable building unnecessary binary debs
[ Ubuntu: 6.8.0-10.10 ]
* noble/linux: 6.8.0-10.10 -proposed tracker (LP: #2053015)
* Miscellaneous Ubuntu changes
- [Packaging] add Rust build-deps for riscv64
* Miscellaneous upstream changes
- Revert "Revert "UBUNTU: [Packaging] temporarily disable Rust dependencies on
riscv64""
[ Ubuntu: 6.8.0-9.9 ]
* noble/linux: 6.8.0-9.9 -proposed tracker (LP: #2052945)
* Miscellaneous upstream changes
- Revert "UBUNTU: [Packaging] temporarily disable Rust dependencies on
riscv64"
[ Ubuntu: 6.8.0-8.8 ]
* noble/linux: 6.8.0-8.8 -proposed tracker (LP: #2052918)
* Miscellaneous Ubuntu changes
- [Packaging] riscv64: enable linux-libc-dev build
- v6.8-rc4 rebase
* Rebase on v6.8-rc4
-- Paolo Pisati <email address hidden> Wed, 10 Apr 2024 16:39:23 +0200
-
linux-oracle (6.8.0-1001.1) noble; urgency=medium
* noble/linux-oracle: 6.8.0-1001.1 -proposed tracker (LP: #2052776)
* Packaging resync (LP: #1786013)
- debian.oracle/dkms-versions -- update from kernel-versions
(main/d2024.02.07)
* [arm64] Increase max CPU count to 512 (LP: #2046184)
- [Config]: oracle: Increase max CPU count to 512
* Miscellaneous Ubuntu changes
- [Config] updateconfigs following 6.8.0-7.7 rebase
[ Ubuntu: 6.8.0-7.7 ]
* noble/linux: 6.8.0-7.7 -proposed tracker (LP: #2052691)
* update apparmor and LSM stacking patch set (LP: #2028253)
- SAUCE: apparmor4.0.0 [01/87]: LSM stacking v39: integrity: disassociate
ima_filter_rule from security_audit_rule
- SAUCE: apparmor4.0.0 [02/87]: LSM stacking v39: SM: Infrastructure
management of the sock security
- SAUCE: apparmor4.0.0 [03/87]: LSM stacking v39: LSM: Add the lsmblob data
structure.
- SAUCE: apparmor4.0.0 [04/87]: LSM stacking v39: IMA: avoid label collisions
with stacked LSMs
- SAUCE: apparmor4.0.0 [05/87]: LSM stacking v39: LSM: Use lsmblob in
security_audit_rule_match
- SAUCE: apparmor4.0.0 [06/87]: LSM stacking v39: LSM: Add lsmblob_to_secctx
hook
- SAUCE: apparmor4.0.0 [07/87]: LSM stacking v39: Audit: maintain an lsmblob
in audit_context
- SAUCE: apparmor4.0.0 [08/87]: LSM stacking v39: LSM: Use lsmblob in
security_ipc_getsecid
- SAUCE: apparmor4.0.0 [09/87]: LSM stacking v39: Audit: Update shutdown LSM
data
- SAUCE: apparmor4.0.0 [10/87]: LSM stacking v39: LSM: Use lsmblob in
security_current_getsecid
- SAUCE: apparmor4.0.0 [11/87]: LSM stacking v39: LSM: Use lsmblob in
security_inode_getsecid
- SAUCE: apparmor4.0.0 [12/87]: LSM stacking v39: Audit: use an lsmblob in
audit_names
- SAUCE: apparmor4.0.0 [13/87]: LSM stacking v39: LSM: Create new
security_cred_getlsmblob LSM hook
- SAUCE: apparmor4.0.0 [14/87]: LSM stacking v39: Audit: Change context data
from secid to lsmblob
- SAUCE: apparmor4.0.0 [15/87]: LSM stacking v39: Netlabel: Use lsmblob for
audit data
- SAUCE: apparmor4.0.0 [16/87]: LSM stacking v39: LSM: Ensure the correct LSM
context releaser
- SAUCE: apparmor4.0.0 [17/87]: LSM stacking v39: LSM: Use lsmcontext in
security_secid_to_secctx
- SAUCE: apparmor4.0.0 [18/87]: LSM stacking v39: LSM: Use lsmcontext in
security_lsmblob_to_secctx
- SAUCE: apparmor4.0.0 [19/87]: LSM stacking v39: LSM: Use lsmcontext in
security_inode_getsecctx
- SAUCE: apparmor4.0.0 [20/87]: LSM stacking v39: LSM: Use lsmcontext in
security_dentry_init_security
- SAUCE: apparmor4.0.0 [21/87]: LSM stacking v39: LSM:
security_lsmblob_to_secctx module selection
- SAUCE: apparmor4.0.0 [22/87]: LSM stacking v39: Audit: Create audit_stamp
structure
- SAUCE: apparmor4.0.0 [23/87]: LSM stacking v39: Audit: Allow multiple
records in an audit_buffer
- SAUCE: apparmor4.0.0 [24/87]: LSM stacking v39: Audit: Add record for
multiple task security contexts
- SAUCE: apparmor4.0.0 [25/87]: LSM stacking v39: audit: multiple subject lsm
values for netlabel
- SAUCE: apparmor4.0.0 [26/87]: LSM stacking v39: Audit: Add record for
multiple object contexts
- SAUCE: apparmor4.0.0 [27/87]: LSM stacking v39: LSM: Remove unused
lsmcontext_init()
- SAUCE: apparmor4.0.0 [28/87]: LSM stacking v39: LSM: Improve logic in
security_getprocattr
- SAUCE: apparmor4.0.0 [29/87]: LSM stacking v39: LSM: secctx provider check
on release
- SAUCE: apparmor4.0.0 [31/87]: LSM stacking v39: LSM: Exclusive secmark usage
- SAUCE: apparmor4.0.0 [32/87]: LSM stacking v39: LSM: Identify which LSM
handles the context string
- SAUCE: apparmor4.0.0 [33/87]: LSM stacking v39: AppArmor: Remove the
exclusive flag
- SAUCE: apparmor4.0.0 [34/87]: LSM stacking v39: LSM: Add mount opts blob
size tracking
- SAUCE: apparmor4.0.0 [35/87]: LSM stacking v39: LSM: allocate mnt_opts blobs
instead of module specific data
- SAUCE: apparmor4.0.0 [36/87]: LSM stacking v39: LSM: Infrastructure
management of the key security blob
- SAUCE: apparmor4.0.0 [37/87]: LSM stacking v39: LSM: Infrastructure
management of the mnt_opts security blob
- SAUCE: apparmor4.0.0 [38/87]: LSM stacking v39: LSM: Correct handling of
ENOSYS in inode_setxattr
- SAUCE: apparmor4.0.0 [39/87]: LSM stacking v39: LSM: Remove lsmblob
scaffolding
- SAUCE: apparmor4.0.0 [40/87]: LSM stacking v39: LSM: Allow reservation of
netlabel
- SAUCE: apparmor4.0.0 [41/87]: LSM stacking v39: LSM: restrict
security_cred_getsecid() to a single LSM
- SAUCE: apparmor4.0.0 [42/87]: LSM stacking v39: Smack: Remove
LSM_FLAG_EXCLUSIVE
- SAUCE: apparmor4.0.0 [43/87]: LSM stacking v39: UBUNTU: SAUCE: apparmor4.0.0
[12/95]: add/use fns to print hash string hex value
- SAUCE: apparmor4.0.0 [44/87]: patch to provide compatibility with v2.x net
rules
- SAUCE: apparmor4.0.0 [45/87]: add unpriviled user ns mediation
- SAUCE: apparmor4.0.0 [46/87]: Add sysctls for additional controls of unpriv
userns restrictions
- SAUCE: apparmor4.0.0 [47/87]: af_unix mediation
- SAUCE: apparmor4.0.0 [48/87]: Add fine grained mediation of posix mqueues
- SAUCE: apparmor4.0.0 [49/87]: setup slab cache for audit data
- SAUCE: apparmor4.0.0 [50/87]: Improve debug print infrastructure
- SAUCE: apparmor4.0.0 [51/87]: add the ability for profiles to have a
learning cache
- SAUCE: apparmor4.0.0 [52/87]: enable userspace upcall for mediation
- SAUCE: apparmor4.0.0 [53/87]: prompt - lock down prompt interface
- SAUCE: apparmor4.0.0 [54/87]: prompt - allow controlling of caching of a
prompt response
- SAUCE: apparmor4.0.0 [55/87]: prompt - add refcount to audit_node in prep or
reuse and delete
- SAUCE: apparmor4.0.0 [56/87]: prompt - refactor to moving caching to
uresponse
- SAUCE: apparmor4.0.0 [57/87]: prompt - Improve debug statements
- SAUCE: apparmor4.0.0 [58/87]: prompt - fix caching
- SAUCE: apparmor4.0.0 [59/87]: prompt - rework build to use append fn, to
simplify adding strings
- SAUCE: apparmor4.0.0 [60/87]: prompt - refcount notifications
- SAUCE: apparmor4.0.0 [61/87]: prompt - add the ability to reply with a
profile name
- SAUCE: apparmor4.0.0 [62/87]: prompt - fix notification cache when updating
- SAUCE: apparmor4.0.0 [63/87]: prompt - add tailglob on name for cache
support
- SAUCE: apparmor4.0.0 [64/87]: prompt - allow profiles to set prompts as
interruptible
- SAUCE: apparmor4.0.0 [65/87] v6.8 prompt:fixup interruptible
- SAUCE: apparmor4.0.0 [69/87]: add io_uring mediation
- SAUCE: apparmor4.0.0 [70/87]: apparmor: fix oops when racing to retrieve
notification
- SAUCE: apparmor4.0.0 [71/87]: apparmor: fix notification header size
- SAUCE: apparmor4.0.0 [72/87]: apparmor: fix request field from a prompt
reply that denies all access
- SAUCE: apparmor4.0.0 [73/87]: apparmor: open userns related sysctl so lxc
can check if restriction are in place
- SAUCE: apparmor4.0.0 [74/87]: apparmor: cleanup attachment perm lookup to
use lookup_perms()
- SAUCE: apparmor4.0.0 [75/87]: apparmor: remove redundant unconfined check.
- SAUCE: apparmor4.0.0 [76/87]: apparmor: switch signal mediation to using
RULE_MEDIATES
- SAUCE: apparmor4.0.0 [77/87]: apparmor: ensure labels with more than one
entry have correct flags
- SAUCE: apparmor4.0.0 [78/87]: apparmor: remove explicit restriction that
unconfined cannot use change_hat
- SAUCE: apparmor4.0.0 [79/87]: apparmor: cleanup: refactor file_perm() to
provide semantics of some checks
- SAUCE: apparmor4.0.0 [80/87]: apparmor: carry mediation check on label
- SAUCE: apparmor4.0.0 [81/87]: apparmor: convert easy uses of unconfined() to
label_mediates()
- SAUCE: apparmor4.0.0 [82/87]: apparmor: add additional flags to extended
permission.
- SAUCE: apparmor4.0.0 [83/87]: apparmor: add support for profiles to define
the kill signal
- SAUCE: apparmor4.0.0 [84/87]: apparmor: fix x_table_lookup when stacking is
not the first entry
- SAUCE: apparmor4.0.0 [85/87]: apparmor: allow profile to be transitioned
when a user ns is created
- SAUCE: apparmor4.0.0 [86/87]: apparmor: add ability to mediate caps with
policy state machine
- SAUCE: apparmor4.0.0 [87/87]: fixup notify
- [Config] disable CONFIG_SECURITY_APPARMOR_RESTRICT_USERNS
* update apparmor and LSM stacking patch set (LP: #2028253) // [FFe]
apparmor-4.0.0-alpha2 for unprivileged user namespace restrictions in mantic
(LP: #2032602)
- SAUCE: apparmor4.0.0 [66/87]: prompt - add support for advanced filtering of
notifications
- SAUCE: apparmor4.0.0 [67/87]: userns - add the ability to reference a global
variable for a feature value
- SAUCE: apparmor4.0.0 [68/87]: userns - make it so special unconfined
profiles can mediate user namespaces
[ Ubuntu: 6.8.0-6.6 ]
* noble/linux: 6.8.0-6.6 -proposed tracker (LP: #2052592)
* Packaging resync (LP: #1786013)
- debian.master/dkms-versions -- update from kernel-versions
(main/d2024.02.07)
- [Packaging] update variants
* FIPS kernels should default to fips mode (LP: #2049082)
- SAUCE: Enable fips mode by default, in FIPS kernels only
* Fix snapcraftyaml.yaml for jammy:linux-raspi (LP: #2051468)
- [Packaging] Remove old snapcraft.yaml
* Azure: Fix regression introduced in LP: #2045069 (LP: #2052453)
- hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed
* Miscellaneous Ubuntu changes
- [Packaging] Remove in-tree abi checks
- [Packaging] drop abi files with clean
- [Packaging] Remove do_full_source variable (fixup)
- [Packaging] Remove update-dkms-versions and move dkms-versions
- [Config] updateconfigs following v6.8-rc3 rebase
- [packaging] rename to linux
- [packaging] rebase on v6.8-rc3
- [packaging] disable signing for ppc64el
* Rebase on v6.8-rc3
[ Ubuntu: 6.8.0-5.5 ]
* noble/linux-unstable: 6.8.0-5.5 -proposed tracker (LP: #2052136)
* Miscellaneous upstream changes
- Revert "mm/sparsemem: fix race in accessing memory_section->usage"
[ Ubuntu: 6.8.0-4.4 ]
* noble/linux-unstable: 6.8.0-4.4 -proposed tracker (LP: #2051502)
* Migrate from fbdev drivers to simpledrm and DRM fbdev emulation layer
(LP: #1965303)
- [Config] enable simpledrm and DRM fbdev emulation layer
* Miscellaneous Ubuntu changes
- [Config] toolchain update
* Miscellaneous upstream changes
- rust: upgrade to Rust 1.75.0
[ Ubuntu: 6.8.0-3.3 ]
* noble/linux-unstable: 6.8.0-3.3 -proposed tracker (LP: #2051488)
* update apparmor and LSM stacking patch set (LP: #2028253)
- SAUCE: apparmor4.0.0 [43/87]: LSM stacking v39: UBUNTU: SAUCE: apparmor4.0.0
[12/95]: add/use fns to print hash string hex value
- SAUCE: apparmor4.0.0 [44/87]: patch to provide compatibility with v2.x net
rules
- SAUCE: apparmor4.0.0 [45/87]: add unpriviled user ns mediation
- SAUCE: apparmor4.0.0 [46/87]: Add sysctls for additional controls of unpriv
userns restrictions
- SAUCE: apparmor4.0.0 [47/87]: af_unix mediation
- SAUCE: apparmor4.0.0 [48/87]: Add fine grained mediation of posix mqueues
- SAUCE: apparmor4.0.0 [49/87]: setup slab cache for audit data
- SAUCE: apparmor4.0.0 [50/87]: Improve debug print infrastructure
- SAUCE: apparmor4.0.0 [51/87]: add the ability for profiles to have a
learning cache
- SAUCE: apparmor4.0.0 [52/87]: enable userspace upcall for mediation
- SAUCE: apparmor4.0.0 [53/87]: prompt - lock down prompt interface
- SAUCE: apparmor4.0.0 [54/87]: prompt - allow controlling of caching of a
prompt response
- SAUCE: apparmor4.0.0 [55/87]: prompt - add refcount to audit_node in prep or
reuse and delete
- SAUCE: apparmor4.0.0 [56/87]: prompt - refactor to moving caching to
uresponse
- SAUCE: apparmor4.0.0 [57/87]: prompt - Improve debug statements
- SAUCE: apparmor4.0.0 [58/87]: prompt - fix caching
- SAUCE: apparmor4.0.0 [59/87]: prompt - rework build to use append fn, to
simplify adding strings
- SAUCE: apparmor4.0.0 [60/87]: prompt - refcount notifications
- SAUCE: apparmor4.0.0 [61/87]: prompt - add the ability to reply with a
profile name
- SAUCE: apparmor4.0.0 [62/87]: prompt - fix notification cache when updating
- SAUCE: apparmor4.0.0 [63/87]: prompt - add tailglob on name for cache
support
- SAUCE: apparmor4.0.0 [64/87]: prompt - allow profiles to set prompts as
interruptible
- SAUCE: apparmor4.0.0 [69/87]: add io_uring mediation
- [Config] disable CONFIG_SECURITY_APPARMOR_RESTRICT_USERNS
* apparmor restricts read access of user namespace mediation sysctls to root
(LP: #2040194)
- SAUCE: apparmor4.0.0 [73/87]: apparmor: open userns related sysctl so lxc
can check if restriction are in place
* AppArmor spams kernel log with assert when auditing (LP: #2040192)
- SAUCE: apparmor4.0.0 [72/87]: apparmor: fix request field from a prompt
reply that denies all access
* apparmor notification files verification (LP: #2040250)
- SAUCE: apparmor4.0.0 [71/87]: apparmor: fix notification header size
* apparmor oops when racing to retrieve a notification (LP: #2040245)
- SAUCE: apparmor4.0.0 [70/87]: apparmor: fix oops when racing to retrieve
notification
* update apparmor and LSM stacking patch set (LP: #2028253) // [FFe]
apparmor-4.0.0-alpha2 for unprivileged user namespace restrictions in mantic
(LP: #2032602)
- SAUCE: apparmor4.0.0 [66/87]: prompt - add support for advanced filtering of
notifications
- SAUCE: apparmor4.0.0 [67/87]: userns - add the ability to reference a global
variable for a feature value
- SAUCE: apparmor4.0.0 [68/87]: userns - make it so special unconfined
profiles can mediate user namespaces
* Miscellaneous Ubuntu changes
- SAUCE: apparmor4.0.0 [01/87]: LSM stacking v39: integrity: disassociate
ima_filter_rule from security_audit_rule
- SAUCE: apparmor4.0.0 [02/87]: LSM stacking v39: SM: Infrastructure
management of the sock security
- SAUCE: apparmor4.0.0 [03/87]: LSM stacking v39: LSM: Add the lsmblob data
structure.
- SAUCE: apparmor4.0.0 [04/87]: LSM stacking v39: IMA: avoid label collisions
with stacked LSMs
- SAUCE: apparmor4.0.0 [05/87]: LSM stacking v39: LSM: Use lsmblob in
security_audit_rule_match
- SAUCE: apparmor4.0.0 [06/87]: LSM stacking v39: LSM: Add lsmblob_to_secctx
hook
- SAUCE: apparmor4.0.0 [07/87]: LSM stacking v39: Audit: maintain an lsmblob
in audit_context
- SAUCE: apparmor4.0.0 [08/87]: LSM stacking v39: LSM: Use lsmblob in
security_ipc_getsecid
- SAUCE: apparmor4.0.0 [09/87]: LSM stacking v39: Audit: Update shutdown LSM
data
- SAUCE: apparmor4.0.0 [10/87]: LSM stacking v39: LSM: Use lsmblob in
security_current_getsecid
- SAUCE: apparmor4.0.0 [11/87]: LSM stacking v39: LSM: Use lsmblob in
security_inode_getsecid
- SAUCE: apparmor4.0.0 [12/87]: LSM stacking v39: Audit: use an lsmblob in
audit_names
- SAUCE: apparmor4.0.0 [13/87]: LSM stacking v39: LSM: Create new
security_cred_getlsmblob LSM hook
- SAUCE: apparmor4.0.0 [14/87]: LSM stacking v39: Audit: Change context data
from secid to lsmblob
- SAUCE: apparmor4.0.0 [15/87]: LSM stacking v39: Netlabel: Use lsmblob for
audit data
- SAUCE: apparmor4.0.0 [16/87]: LSM stacking v39: LSM: Ensure the correct LSM
context releaser
- SAUCE: apparmor4.0.0 [17/87]: LSM stacking v39: LSM: Use lsmcontext in
security_secid_to_secctx
- SAUCE: apparmor4.0.0 [18/87]: LSM stacking v39: LSM: Use lsmcontext in
security_lsmblob_to_secctx
- SAUCE: apparmor4.0.0 [19/87]: LSM stacking v39: LSM: Use lsmcontext in
security_inode_getsecctx
- SAUCE: apparmor4.0.0 [20/87]: LSM stacking v39: LSM: Use lsmcontext in
security_dentry_init_security
- SAUCE: apparmor4.0.0 [21/87]: LSM stacking v39: LSM:
security_lsmblob_to_secctx module selection
- SAUCE: apparmor4.0.0 [22/87]: LSM stacking v39: Audit: Create audit_stamp
structure
- SAUCE: apparmor4.0.0 [23/87]: LSM stacking v39: Audit: Allow multiple
records in an audit_buffer
- SAUCE: apparmor4.0.0 [24/87]: LSM stacking v39: Audit: Add record for
multiple task security contexts
- SAUCE: apparmor4.0.0 [25/87]: LSM stacking v39: audit: multiple subject lsm
values for netlabel
- SAUCE: apparmor4.0.0 [26/87]: LSM stacking v39: Audit: Add record for
multiple object contexts
- SAUCE: apparmor4.0.0 [27/87]: LSM stacking v39: LSM: Remove unused
lsmcontext_init()
- SAUCE: apparmor4.0.0 [28/87]: LSM stacking v39: LSM: Improve logic in
security_getprocattr
- SAUCE: apparmor4.0.0 [29/87]: LSM stacking v39: LSM: secctx provider check
on release
- SAUCE: apparmor4.0.0 [30/87]: LSM stacking v39: LSM: Single calls in
socket_getpeersec hooks
- SAUCE: apparmor4.0.0 [31/87]: LSM stacking v39: LSM: Exclusive secmark usage
- SAUCE: apparmor4.0.0 [32/87]: LSM stacking v39: LSM: Identify which LSM
handles the context string
- SAUCE: apparmor4.0.0 [33/87]: LSM stacking v39: AppArmor: Remove the
exclusive flag
- SAUCE: apparmor4.0.0 [34/87]: LSM stacking v39: LSM: Add mount opts blob
size tracking
- SAUCE: apparmor4.0.0 [35/87]: LSM stacking v39: LSM: allocate mnt_opts blobs
instead of module specific data
- SAUCE: apparmor4.0.0 [36/87]: LSM stacking v39: LSM: Infrastructure
management of the key security blob
- SAUCE: apparmor4.0.0 [37/87]: LSM stacking v39: LSM: Infrastructure
management of the mnt_opts security blob
- SAUCE: apparmor4.0.0 [38/87]: LSM stacking v39: LSM: Correct handling of
ENOSYS in inode_setxattr
- SAUCE: apparmor4.0.0 [39/87]: LSM stacking v39: LSM: Remove lsmblob
scaffolding
- SAUCE: apparmor4.0.0 [40/87]: LSM stacking v39: LSM: Allow reservation of
netlabel
- SAUCE: apparmor4.0.0 [41/87]: LSM stacking v39: LSM: restrict
security_cred_getsecid() to a single LSM
- SAUCE: apparmor4.0.0 [42/87]: LSM stacking v39: Smack: Remove
LSM_FLAG_EXCLUSIVE
- SAUCE: apparmor4.0.0 [65/87] v6.8 prompt:fixup interruptible
- SAUCE: apparmor4.0.0 [74/87]: apparmor: cleanup attachment perm lookup to
use lookup_perms()
- SAUCE: apparmor4.0.0 [75/87]: apparmor: remove redundant unconfined check.
- SAUCE: apparmor4.0.0 [76/87]: apparmor: switch signal mediation to using
RULE_MEDIATES
- SAUCE: apparmor4.0.0 [77/87]: apparmor: ensure labels with more than one
entry have correct flags
- SAUCE: apparmor4.0.0 [78/87]: apparmor: remove explicit restriction that
unconfined cannot use change_hat
- SAUCE: apparmor4.0.0 [79/87]: apparmor: cleanup: refactor file_perm() to
provide semantics of some checks
- SAUCE: apparmor4.0.0 [80/87]: apparmor: carry mediation check on label
- SAUCE: apparmor4.0.0 [81/87]: apparmor: convert easy uses of unconfined() to
label_mediates()
- SAUCE: apparmor4.0.0 [82/87]: apparmor: add additional flags to extended
permission.
- SAUCE: apparmor4.0.0 [83/87]: apparmor: add support for profiles to define
the kill signal
- SAUCE: apparmor4.0.0 [84/87]: apparmor: fix x_table_lookup when stacking is
not the first entry
- SAUCE: apparmor4.0.0 [85/87]: apparmor: allow profile to be transitioned
when a user ns is created
- SAUCE: apparmor4.0.0 [86/87]: apparmor: add ability to mediate caps with
policy state machine
- SAUCE: apparmor4.0.0 [87/87]: fixup notify
- [Config] updateconfigs following v6.8-rc2 rebase
[ Ubuntu: 6.8.0-2.2 ]
* noble/linux-unstable: 6.8.0-2.2 -proposed tracker (LP: #2051110)
* Miscellaneous Ubuntu changes
- [Config] toolchain update
- [Config] enable Rust
[ Ubuntu: 6.8.0-1.1 ]
* noble/linux-unstable: 6.8.0-1.1 -proposed tracker (LP: #2051102)
* Miscellaneous Ubuntu changes
- [packaging] move to v6.8-rc1
- [Config] updateconfigs following v6.8-rc1 rebase
- SAUCE: export file_close_fd() instead of close_fd_get_file()
- SAUCE: cpufreq: s/strlcpy/strscpy/
- debian/dkms-versions -- temporarily disable zfs dkms
- debian/dkms-versions -- temporarily disable ipu6 and isvsc dkms
- debian/dkms-versions -- temporarily disable v4l2loopback
[ Ubuntu: 6.8.0-0.0 ]
* Empty entry.
[ Ubuntu: 6.7.0-7.7 ]
* noble/linux-unstable: 6.7.0-7.7 -proposed tracker (LP: #2049357)
* Packaging resync (LP: #1786013)
- [Packaging] update variants
* Miscellaneous Ubuntu changes
- [Packaging] re-enable signing for s390x and ppc64el
[ Ubuntu: 6.7.0-6.6 ]
* Empty entry.
[ Ubuntu: 6.7.0-2.2 ]
* noble/linux: 6.7.0-2.2 -proposed tracker (LP: #2049182)
* Packaging resync (LP: #1786013)
- [Packaging] resync getabis
* Enforce RETPOLINE and SLS mitigrations (LP: #2046440)
- SAUCE: objtool: Make objtool check actually fatal upon fatal errors
- SAUCE: objtool: make objtool SLS validation fatal when building with
CONFIG_SLS=y
- SAUCE: objtool: make objtool RETPOLINE validation fatal when building with
CONFIG_RETPOLINE=y
- SAUCE: scripts: remove generating .o-ur objects
- [Packaging] Remove all custom retpoline-extract code
- Revert "UBUNTU: SAUCE: vga_set_mode -- avoid jump tables"
- Revert "UBUNTU: SAUCE: early/late -- annotate indirect calls in early/late
initialisation code"
- Revert "UBUNTU: SAUCE: apm -- annotate indirect calls within
firmware_restrict_branch_speculation_{start,end}"
* Miscellaneous Ubuntu changes
- [Packaging] temporarily disable riscv64 builds
- [Packaging] temporarily disable Rust dependencies on riscv64
[ Ubuntu: 6.7.0-1.1 ]
* noble/linux: 6.7.0-1.1 -proposed tracker (LP: #2048859)
* Packaging resync (LP: #1786013)
- [Packaging] update variants
- debian/dkms-versions -- update from kernel-versions (main/d2024.01.02)
* [UBUNTU 23.04] Regression: Ubuntu 23.04/23.10 do not include uvdevice
anymore (LP: #2048919)
- [Config] Enable S390_UV_UAPI (built-in)
* Support mipi camera on Intel Meteor Lake platform (LP: #2031412)
- SAUCE: iommu: intel-ipu: use IOMMU passthrough mode for Intel IPUs on Meteor
Lake
- SAUCE: platform/x86: int3472: Add handshake GPIO function
* [SRU][J/L/M] UBUNTU: [Packaging] Make WWAN driver a loadable module
(LP: #2033406)
- [Packaging] Make WWAN driver loadable modules
* usbip: error: failed to open /usr/share/hwdata//usb.ids (LP: #2039439)
- [Packaging] Make linux-tools-common depend on hwdata
* [Mediatek] mt8195-demo: enable CONFIG_MTK_IOMMU as module for multimedia and
PCIE peripherals (LP: #2036587)
- [Config] Enable CONFIG_MTK_IOMMU on arm64
* linux-*: please enable dm-verity kconfigs to allow MoK/db verified root
images (LP: #2019040)
- [Config] CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING=y
* kexec enable to load/kdump zstd compressed zimg (LP: #2037398)
- [Packaging] Revert arm64 image format to Image.gz
* Mantic minimized/minimal cloud images do not receive IP address during
provisioning; systemd regression with wait-online (LP: #2036968)
- [Config] Enable virtio-net as built-in to avoid race
* Make backlight module auto detect dell_uart_backlight (LP: #2008882)
- SAUCE: ACPI: video: Dell AIO UART backlight detection
* Linux 6.2 fails to reboot with current u-boot-nezha (LP: #2021364)
- [Config] Default to performance CPUFreq governor on riscv64
* Enable Nezha board (LP: #1975592)
- [Config] Build in D1 clock drivers on riscv64
- [Config] Enable CONFIG_SUN6I_RTC_CCU on riscv64
- [Config] Enable CONFIG_SUNXI_WATCHDOG on riscv64
- [Config] Disable SUN50I_DE2_BUS on riscv64
- [Config] Disable unneeded sunxi pinctrl drivers on riscv64
* Enable StarFive VisionFive 2 board (LP: #2013232)
- [Config] Enable CONFIG_PINCTRL_STARFIVE_JH7110_SYS on riscv64
- [Config] Enable CONFIG_STARFIVE_WATCHDOG on riscv64
* rcu_sched detected stalls on CPUs/tasks (LP: #1967130)
- [Config] Enable virtually mapped stacks on riscv64
* Check for changes relevant for security certifications (LP: #1945989)
- [Packaging] Add a new fips-checks script
* Installation support for SMARC RZ/G2L platform (LP: #2030525)
- [Config] build Renesas RZ/G2L USBPHY control driver statically
* Add support for kernels compiled with CONFIG_EFI_ZBOOT (LP: #2002226)
- [Config]: Turn on CONFIG_EFI_ZBOOT on ARM64
* Default module signing algo should be accelerated (LP: #2034061)
- [Config] Default module signing algo should be accelerated
* Miscellaneous Ubuntu changes
- [Config] annotations clean-up
[ Upstream Kernel Changes ]
* Rebase to v6.7
[ Ubuntu: 6.7.0-0.0 ]
* Empty entry
[ Ubuntu: 6.7.0-5.5 ]
* noble/linux-unstable: 6.7.0-5.5 -proposed tracker (LP: #2048118)
* Packaging resync (LP: #1786013)
- debian/dkms-versions -- update from kernel-versions (main/d2024.01.02)
* Miscellaneous Ubuntu changes
- [Packaging] re-enable Rust support
- [Packaging] temporarily disable riscv64 builds
[ Ubuntu: 6.7.0-4.4 ]
* noble/linux-unstable: 6.7.0-4.4 -proposed tracker (LP: #2047807)
* unconfined profile denies userns_create for chromium based processes
(LP: #1990064)
- [Config] disable CONFIG_SECURITY_APPARMOR_RESTRICT_USERNS
* apparmor restricts read access of user namespace mediation sysctls to root
(LP: #2040194)
- SAUCE: apparmor4.0.0 [69/69]: apparmor: open userns related sysctl so lxc
can check if restriction are in place
* AppArmor spams kernel log with assert when auditing (LP: #2040192)
- SAUCE: apparmor4.0.0 [68/69]: apparmor: fix request field from a prompt
reply that denies all access
* apparmor notification files verification (LP: #2040250)
- SAUCE: apparmor4.0.0 [67/69]: apparmor: fix notification header size
* apparmor oops when racing to retrieve a notification (LP: #2040245)
- SAUCE: apparmor4.0.0 [66/69]: apparmor: fix oops when racing to retrieve
notification
* update apparmor and LSM stacking patch set (LP: #2028253)
- SAUCE: apparmor4.0.0 [01/69]: add/use fns to print hash string hex value
- SAUCE: apparmor4.0.0 [02/69]: patch to provide compatibility with v2.x net
rules
- SAUCE: apparmor4.0.0 [03/69]: add unpriviled user ns mediation
- SAUCE: apparmor4.0.0 [04/69]: Add sysctls for additional controls of unpriv
userns restrictions
- SAUCE: apparmor4.0.0 [05/69]: af_unix mediation
- SAUCE: apparmor4.0.0 [06/69]: Add fine grained mediation of posix mqueues
- SAUCE: apparmor4.0.0 [07/69]: Stacking v38: LSM: Identify modules by more
than name
- SAUCE: apparmor4.0.0 [08/69]: Stacking v38: LSM: Add an LSM identifier for
external use
- SAUCE: apparmor4.0.0 [09/69]: Stacking v38: LSM: Identify the process
attributes for each module
- SAUCE: apparmor4.0.0 [10/69]: Stacking v38: LSM: Maintain a table of LSM
attribute data
- SAUCE: apparmor4.0.0 [11/69]: Stacking v38: proc: Use lsmids instead of lsm
names for attrs
- SAUCE: apparmor4.0.0 [12/69]: Stacking v38: integrity: disassociate
ima_filter_rule from security_audit_rule
- SAUCE: apparmor4.0.0 [13/69]: Stacking v38: LSM: Infrastructure management
of the sock security
- SAUCE: apparmor4.0.0 [14/69]: Stacking v38: LSM: Add the lsmblob data
structure.
- SAUCE: apparmor4.0.0 [15/69]: Stacking v38: LSM: provide lsm name and id
slot mappings
- SAUCE: apparmor4.0.0 [16/69]: Stacking v38: IMA: avoid label collisions with
stacked LSMs
- SAUCE: apparmor4.0.0 [17/69]: Stacking v38: LSM: Use lsmblob in
security_audit_rule_match
- SAUCE: apparmor4.0.0 [18/69]: Stacking v38: LSM: Use lsmblob in
security_kernel_act_as
- SAUCE: apparmor4.0.0 [19/69]: Stacking v38: LSM: Use lsmblob in
security_secctx_to_secid
- SAUCE: apparmor4.0.0 [20/69]: Stacking v38: LSM: Use lsmblob in
security_secid_to_secctx
- SAUCE: apparmor4.0.0 [21/69]: Stacking v38: LSM: Use lsmblob in
security_ipc_getsecid
- SAUCE: apparmor4.0.0 [22/69]: Stacking v38: LSM: Use lsmblob in
security_current_getsecid
- SAUCE: apparmor4.0.0 [23/69]: Stacking v38: LSM: Use lsmblob in
security_inode_getsecid
- SAUCE: apparmor4.0.0 [24/69]: Stacking v38: LSM: Use lsmblob in
security_cred_getsecid
- SAUCE: apparmor4.0.0 [25/69]: Stacking v38: LSM: Specify which LSM to
display
- SAUCE: apparmor4.0.0 [27/69]: Stacking v38: LSM: Ensure the correct LSM
context releaser
- SAUCE: apparmor4.0.0 [28/69]: Stacking v38: LSM: Use lsmcontext in
security_secid_to_secctx
- SAUCE: apparmor4.0.0 [29/69]: Stacking v38: LSM: Use lsmcontext in
security_inode_getsecctx
- SAUCE: apparmor4.0.0 [30/69]: Stacking v38: Use lsmcontext in
security_dentry_init_security
- SAUCE: apparmor4.0.0 [31/69]: Stacking v38: LSM: security_secid_to_secctx in
netlink netfilter
- SAUCE: apparmor4.0.0 [32/69]: Stacking v38: NET: Store LSM netlabel data in
a lsmblob
- SAUCE: apparmor4.0.0 [33/69]: Stacking v38: binder: Pass LSM identifier for
confirmation
- SAUCE: apparmor4.0.0 [34/69]: Stacking v38: LSM: security_secid_to_secctx
module selection
- SAUCE: apparmor4.0.0 [35/69]: Stacking v38: Audit: Keep multiple LSM data in
audit_names
- SAUCE: apparmor4.0.0 [36/69]: Stacking v38: Audit: Create audit_stamp
structure
- SAUCE: apparmor4.0.0 [37/69]: Stacking v38: LSM: Add a function to report
multiple LSMs
- SAUCE: apparmor4.0.0 [38/69]: Stacking v38: Audit: Allow multiple records in
an audit_buffer
- SAUCE: apparmor4.0.0 [39/69]: Stacking v38: Audit: Add record for multiple
task security contexts
- SAUCE: apparmor4.0.0 [40/69]: Stacking v38: audit: multiple subject lsm
values for netlabel
- SAUCE: apparmor4.0.0 [41/69]: Stacking v38: Audit: Add record for multiple
object contexts
- SAUCE: apparmor4.0.0 [42/69]: Stacking v38: netlabel: Use a struct lsmblob
in audit data
- SAUCE: apparmor4.0.0 [43/69]: Stacking v38: LSM: Removed scaffolding
function lsmcontext_init
- SAUCE: apparmor4.0.0 [44/69]: Stacking v38: AppArmor: Remove the exclusive
flag
- SAUCE: apparmor4.0.0 [45/69]: setup slab cache for audit data
- SAUCE: apparmor4.0.0 [46/69]: Improve debug print infrastructure
- SAUCE: apparmor4.0.0 [47/69]: add the ability for profiles to have a
learning cache
- SAUCE: apparmor4.0.0 [48/69]: enable userspace upcall for mediation
- SAUCE: apparmor4.0.0 [49/69]: prompt - lock down prompt interface
- SAUCE: apparmor4.0.0 [50/69]: prompt - allow controlling of caching of a
prompt response
- SAUCE: apparmor4.0.0 [51/69]: prompt - add refcount to audit_node in prep or
reuse and delete
- SAUCE: apparmor4.0.0 [52/69]: prompt - refactor to moving caching to
uresponse
- SAUCE: apparmor4.0.0 [53/69]: prompt - Improve debug statements
- SAUCE: apparmor4.0.0 [54/69]: prompt - fix caching
- SAUCE: apparmor4.0.0 [55/69]: prompt - rework build to use append fn, to
simplify adding strings
- SAUCE: apparmor4.0.0 [56/69]: prompt - refcount notifications
- SAUCE: apparmor4.0.0 [57/69]: prompt - add the ability to reply with a
profile name
- SAUCE: apparmor4.0.0 [58/69]: prompt - fix notification cache when updating
- SAUCE: apparmor4.0.0 [59/69]: prompt - add tailglob on name for cache
support
- SAUCE: apparmor4.0.0 [60/69]: prompt - allow profiles to set prompts as
interruptible
- SAUCE: apparmor4.0.0 [64/69]: advertise disconnected.path is available
- SAUCE: apparmor4.0.0 [65/69]: add io_uring mediation
* update apparmor and LSM stacking patch set (LP: #2028253) // [FFe]
apparmor-4.0.0-alpha2 for unprivileged user namespace restrictions in mantic
(LP: #2032602)
- SAUCE: apparmor4.0.0 [61/69]: prompt - add support for advanced filtering of
notifications
- SAUCE: apparmor4.0.0 [62/69]: userns - add the ability to reference a global
variable for a feature value
- SAUCE: apparmor4.0.0 [63/69]: userns - make it so special unconfined
profiles can mediate user namespaces
* udev fails to make prctl() syscall with apparmor=0 (as used by maas by
default) (LP: #2016908) // update apparmor and LSM stacking patch set
(LP: #2028253)
- SAUCE: apparmor4.0.0 [26/69]: Stacking v38: Fix prctl() syscall with
apparmor=0
* Fix RPL-U CPU C-state always keep at C3 when system run PHM with idle screen
on (LP: #2042385)
- SAUCE: r8169: Add quirks to enable ASPM on Dell platforms
* [Debian] autoreconstruct - Do not generate chmod -x for deleted files
(LP: #2045562)
- [Debian] autoreconstruct - Do not generate chmod -x for deleted files
* Disable Legacy TIOCSTI (LP: #2046192)
- [Config]: disable CONFIG_LEGACY_TIOCSTI
* Packaging resync (LP: #1786013)
- [Packaging] update variants
- [Packaging] remove helper scripts
- [Packaging] update annotations scripts
* Miscellaneous Ubuntu changes
- [Packaging] rules: Remove unused dkms make variables
- [Config] update annotations after rebase to v6.7-rc8
[ Upstream Kernel Changes ]
* Rebase to v6.7-rc8
[ Ubuntu: 6.7.0-3.3 ]
* noble/linux-unstable: 6.7.0-3.3 -proposed tracker (LP: #2046060)
* enable CONFIG_INTEL_TDX_HOST in linux >= 6.7 for noble (LP: #2046040)
- [Config] enable CONFIG_INTEL_TDX_HOST
* linux tools packages for derived kernels refuse to install simultaneously
due to libcpupower name collision (LP: #2035971)
- [Packaging] Statically link libcpupower into cpupower tool
* make lazy RCU a boot time option (LP: #2045492)
- SAUCE: rcu: Provide a boot time parameter to control lazy RCU
* Build failure if run in a console (LP: #2044512)
- [Packaging] Fix kernel module compression failures
* Turning COMPAT_32BIT_TIME off on arm64 (64k & derivatives) (LP: #2038582)
- [Config] y2038: Turn off COMPAT and COMPAT_32BIT_TIME on arm64 64k
* Turning COMPAT_32BIT_TIME off on riscv64 (LP: #2038584)
- [Config] y2038: Disable COMPAT_32BIT_TIME on riscv64
* Turning COMPAT_32BIT_TIME off on ppc64el (LP: #2038587)
- [Config] y2038: Disable COMPAT and COMPAT_32BIT_TIME on ppc64le
* [UBUNTU 23.04] Kernel config option missing for s390x PCI passthrough
(LP: #2042853)
- [Config] CONFIG_VFIO_PCI_ZDEV_KVM=y
* back-out zstd module compression automatic for backports (LP: #2045593)
- [Packaging] make ZSTD module compression conditional
* Miscellaneous Ubuntu changes
- [Packaging] Remove do_full_source variable
- [Packaging] Remove obsolete config handling
- [Packaging] Remove support for sub-flavors
- [Packaging] Remove old linux-libc-dev version hack
- [Packaging] Remove obsolete scripts
- [Packaging] Remove README.inclusion-list
- [Packaging] make $(stampdir)/stamp-build-perarch depend on build-arch
- [Packaging] Enable rootless builds
- [Packaging] Allow to run debian/rules without (fake)root
- [Packaging] remove unneeded trailing slash for INSTALL_MOD_PATH
- [Packaging] override KERNELRELEASE instead of KERNELVERSION
- [Config] update toolchain versions in annotations
- [Packaging] drop useless linux-doc
- [Packaging] scripts: Rewrite insert-ubuntu-changes in Python
- [Packaging] enable riscv64 builds
- [Packaging] remove the last sub-flavours bit
- [Packaging] check debian.env to determine do_libc_dev_package
- [Packaging] remove debian.*/variants
- [Packaging] remove do_libc_dev_package variable
- [Packaging] move linux-libc-dev.stub to debian/control.d/
- [Packaging] Update check to build linux-libc-dev to the source package name
- [Packaging] rules: Remove startnewrelease target
- [Packaging] Remove debian/commit-templates
- [Config] update annotations after rebase to v6.7-rc4
[ Upstream Kernel Changes ]
* Rebase to v6.7-rc4
[ Ubuntu: 6.7.0-2.2 ]
* noble/linux-unstable: 6.7.0-2.2 -proposed tracker (LP: #2045107)
* Miscellaneous Ubuntu changes
- [Packaging] re-enable Rust
- [Config] enable Rust in annotations
- [Packaging] Remove do_enforce_all variable
- [Config] disable Softlogic 6x10 capture card driver on armhf
- [Packaging] disable Rust support
- [Config] update annotations after rebase to v6.7-rc3
[ Upstream Kernel Changes ]
* Rebase to v6.7-rc3
[ Ubuntu: 6.7.0-1.1 ]
* noble/linux-unstable: 6.7.0-1.1 -proposed tracker (LP: #2044069)
* Packaging resync (LP: #1786013)
- [Packaging] update annotations scripts
- [Packaging] update helper scripts
* Miscellaneous Ubuntu changes
- [Config] update annotations after rebase to v6.7-rc2
[ Upstream Kernel Changes ]
* Rebase to v6.7-rc2
[ Ubuntu: 6.7.0-0.0 ]
* Empty entry
[ Ubuntu: 6.6.0-12.12 ]
* noble/linux-unstable: 6.6.0-12.12 -proposed tracker (LP: #2043664)
* Miscellaneous Ubuntu changes
- [Packaging] temporarily disable zfs dkms
[ Ubuntu: 6.6.0-11.11 ]
* noble/linux-unstable: 6.6.0-11.11 -proposed tracker (LP: #2043480)
* Packaging resync (LP: #1786013)
- [Packaging] resync git-ubuntu-log
- [Packaging] resync update-dkms-versions helper
- [Packaging] update variants
- debian/dkms-versions -- update from kernel-versions (main/d2023.11.14)
* Miscellaneous Ubuntu changes
- [Packaging] move to Noble
- [Config] toolchain version update
[ Ubuntu: 6.6.0-10.10 ]
* mantic/linux-unstable: 6.6.0-10.10 -proposed tracker (LP: #2043088)
* Bump arm64's CONFIG_NR_CPUS to 512 (LP: #2042897)
- [Config] Bump CONFIG_NR_CPUS to 512 for arm64
* Miscellaneous Ubuntu changes
- [Config] Include a note for the NR_CPUS setting on riscv64
- SAUCE: apparmor4.0.0 [83/83]: Fix inode_init for changed prototype
[ Ubuntu: 6.6.0-9.9 ]
* mantic/linux-unstable: 6.6.0-9.9 -proposed tracker (LP: #2041852)
* Switch IMA default hash to sha256 (LP: #2041735)
- [Config] Switch IMA_DEFAULT_HASH from sha1 to sha256
* apparmor restricts read access of user namespace mediation sysctls to root
(LP: #2040194)
- SAUCE: apparmor4.0.0 [82/82]: apparmor: open userns related sysctl so lxc
can check if restriction are in place
* AppArmor spams kernel log with assert when auditing (LP: #2040192)
- SAUCE: apparmor4.0.0 [81/82]: apparmor: fix request field from a prompt
reply that denies all access
* apparmor notification files verification (LP: #2040250)
- SAUCE: apparmor4.0.0 [80/82]: apparmor: fix notification header size
* apparmor oops when racing to retrieve a notification (LP: #2040245)
- SAUCE: apparmor4.0.0 [79/82]: apparmor: fix oops when racing to retrieve
notification
* Disable restricting unprivileged change_profile by default, due to LXD
latest/stable not yet compatible with this new apparmor feature
(LP: #2038567)
- SAUCE: apparmor4.0.0 [78/82]: apparmor: Make
apparmor_restrict_unprivileged_unconfined opt-in
* update apparmor and LSM stacking patch set (LP: #2028253)
- SAUCE: apparmor4.0.0 [01/82]: add/use fns to print hash string hex value
- SAUCE: apparmor4.0.0 [02/82]: rename SK_CTX() to aa_sock and make it an
inline fn
- SAUCE: apparmor4.0.0 [03/82]: patch to provide compatibility with v2.x net
rules
- SAUCE: apparmor4.0.0 [04/82]: add user namespace creation mediation
- SAUCE: apparmor4.0.0 [05/82]: Add sysctls for additional controls of unpriv
userns restrictions
- SAUCE: apparmor4.0.0 [06/82]: af_unix mediation
- SAUCE: apparmor4.0.0 [07/82]: Add fine grained mediation of posix mqueues
- SAUCE: apparmor4.0.0 [08/82]: Stacking v38: LSM: Identify modules by more
than name
- SAUCE: apparmor4.0.0 [09/82]: Stacking v38: LSM: Add an LSM identifier for
external use
- SAUCE: apparmor4.0.0 [10/82]: Stacking v38: LSM: Identify the process
attributes for each module
- SAUCE: apparmor4.0.0 [11/82]: Stacking v38: LSM: Maintain a table of LSM
attribute data
- SAUCE: apparmor4.0.0 [12/82]: Stacking v38: proc: Use lsmids instead of lsm
names for attrs
- SAUCE: apparmor4.0.0 [13/82]: Stacking v38: integrity: disassociate
ima_filter_rule from security_audit_rule
- SAUCE: apparmor4.0.0 [14/82]: Stacking v38: LSM: Infrastructure management
of the sock security
- SAUCE: apparmor4.0.0 [15/82]: Stacking v38: LSM: Add the lsmblob data
structure.
- SAUCE: apparmor4.0.0 [16/82]: Stacking v38: LSM: provide lsm name and id
slot mappings
- SAUCE: apparmor4.0.0 [17/82]: Stacking v38: IMA: avoid label collisions with
stacked LSMs
- SAUCE: apparmor4.0.0 [18/82]: Stacking v38: LSM: Use lsmblob in
security_audit_rule_match
- SAUCE: apparmor4.0.0 [19/82]: Stacking v38: LSM: Use lsmblob in
security_kernel_act_as
- SAUCE: apparmor4.0.0 [20/82]: Stacking v38: LSM: Use lsmblob in
security_secctx_to_secid
- SAUCE: apparmor4.0.0 [21/82]: Stacking v38: LSM: Use lsmblob in
security_secid_to_secctx
- SAUCE: apparmor4.0.0 [22/82]: Stacking v38: LSM: Use lsmblob in
security_ipc_getsecid
- SAUCE: apparmor4.0.0 [23/82]: Stacking v38: LSM: Use lsmblob in
security_current_getsecid
- SAUCE: apparmor4.0.0 [24/82]: Stacking v38: LSM: Use lsmblob in
security_inode_getsecid
- SAUCE: apparmor4.0.0 [25/82]: Stacking v38: LSM: Use lsmblob in
security_cred_getsecid
- SAUCE: apparmor4.0.0 [26/82]: Stacking v38: LSM: Specify which LSM to
display
- SAUCE: apparmor4.0.0 [28/82]: Stacking v38: LSM: Ensure the correct LSM
context releaser
- SAUCE: apparmor4.0.0 [29/82]: Stacking v38: LSM: Use lsmcontext in
security_secid_to_secctx
- SAUCE: apparmor4.0.0 [30/82]: Stacking v38: LSM: Use lsmcontext in
security_inode_getsecctx
- SAUCE: apparmor4.0.0 [31/82]: Stacking v38: Use lsmcontext in
security_dentry_init_security
- SAUCE: apparmor4.0.0 [32/82]: Stacking v38: LSM: security_secid_to_secctx in
netlink netfilter
- SAUCE: apparmor4.0.0 [33/82]: Stacking v38: NET: Store LSM netlabel data in
a lsmblob
- SAUCE: apparmor4.0.0 [34/82]: Stacking v38: binder: Pass LSM identifier for
confirmation
- SAUCE: apparmor4.0.0 [35/82]: Stacking v38: LSM: security_secid_to_secctx
module selection
- SAUCE: apparmor4.0.0 [36/82]: Stacking v38: Audit: Keep multiple LSM data in
audit_names
- SAUCE: apparmor4.0.0 [37/82]: Stacking v38: Audit: Create audit_stamp
structure
- SAUCE: apparmor4.0.0 [38/82]: Stacking v38: LSM: Add a function to report
multiple LSMs
- SAUCE: apparmor4.0.0 [39/82]: Stacking v38: Audit: Allow multiple records in
an audit_buffer
- SAUCE: apparmor4.0.0 [40/82]: Stacking v38: Audit: Add record for multiple
task security contexts
- SAUCE: apparmor4.0.0 [41/82]: Stacking v38: audit: multiple subject lsm
values for netlabel
- SAUCE: apparmor4.0.0 [42/82]: Stacking v38: Audit: Add record for multiple
object contexts
- SAUCE: apparmor4.0.0 [43/82]: Stacking v38: netlabel: Use a struct lsmblob
in audit data
- SAUCE: apparmor4.0.0 [44/82]: Stacking v38: LSM: Removed scaffolding
function lsmcontext_init
- SAUCE: apparmor4.0.0 [45/82]: Stacking v38: AppArmor: Remove the exclusive
flag
- SAUCE: apparmor4.0.0 [46/82]: combine common_audit_data and
apparmor_audit_data
- SAUCE: apparmor4.0.0 [47/82]: setup slab cache for audit data
- SAUCE: apparmor4.0.0 [48/82]: rename audit_data->label to
audit_data->subj_label
- SAUCE: apparmor4.0.0 [49/82]: pass cred through to audit info.
- SAUCE: apparmor4.0.0 [50/82]: Improve debug print infrastructure
- SAUCE: apparmor4.0.0 [51/82]: add the ability for profiles to have a
learning cache
- SAUCE: apparmor4.0.0 [52/82]: enable userspace upcall for mediation
- SAUCE: apparmor4.0.0 [53/82]: cache buffers on percpu list if there is lock
contention
- SAUCE: apparmor4.0.0 [54/82]: advertise availability of exended perms
- SAUCE: apparmor4.0.0 [56/82]: cleanup: provide separate audit messages for
file and policy checks
- SAUCE: apparmor4.0.0 [57/82]: prompt - lock down prompt interface
- SAUCE: apparmor4.0.0 [58/82]: prompt - ref count pdb
- SAUCE: apparmor4.0.0 [59/82]: prompt - allow controlling of caching of a
prompt response
- SAUCE: apparmor4.0.0 [60/82]: prompt - add refcount to audit_node in prep or
reuse and delete
- SAUCE: apparmor4.0.0 [61/82]: prompt - refactor to moving caching to
uresponse
- SAUCE: apparmor4.0.0 [62/82]: prompt - Improve debug statements
- SAUCE: apparmor4.0.0 [63/82]: prompt - fix caching
- SAUCE: apparmor4.0.0 [64/82]: prompt - rework build to use append fn, to
simplify adding strings
- SAUCE: apparmor4.0.0 [65/82]: prompt - refcount notifications
- SAUCE: apparmor4.0.0 [66/82]: prompt - add the ability to reply with a
profile name
- SAUCE: apparmor4.0.0 [67/82]: prompt - fix notification cache when updating
- SAUCE: apparmor4.0.0 [68/82]: prompt - add tailglob on name for cache
support
- SAUCE: apparmor4.0.0 [69/82]: prompt - allow profiles to set prompts as
interruptible
- SAUCE: apparmor4.0.0 [74/82]: advertise disconnected.path is available
- SAUCE: apparmor4.0.0 [75/82]: fix invalid reference on profile->disconnected
- SAUCE: apparmor4.0.0 [76/82]: add io_uring mediation
- SAUCE: apparmor4.0.0 [77/82]: apparmor: Fix regression in mount mediation
* update apparmor and LSM stacking patch set (LP: #2028253) // [FFe]
apparmor-4.0.0-alpha2 for unprivileged user namespace restrictions in mantic
(LP: #2032602)
- SAUCE: apparmor4.0.0 [70/82]: prompt - add support for advanced filtering of
notifications
- SAUCE: apparmor4.0.0 [71/82]: userns - add the ability to reference a global
variable for a feature value
- SAUCE: apparmor4.0.0 [72/82]: userns - make it so special unconfined
profiles can mediate user namespaces
- SAUCE: apparmor4.0.0 [73/82]: userns - allow restricting unprivileged
change_profile
* LSM stacking and AppArmor for 6.2: additional fixes (LP: #2017903) // update
apparmor and LSM stacking patch set (LP: #2028253)
- SAUCE: apparmor4.0.0 [55/82]: fix profile verification and enable it
* udev fails to make prctl() syscall with apparmor=0 (as used by maas by
default) (LP: #2016908) // update apparmor and LSM stacking patch set
(LP: #2028253)
- SAUCE: apparmor4.0.0 [27/82]: Stacking v38: Fix prctl() syscall with
apparmor=0
* Miscellaneous Ubuntu changes
- [Config] SECURITY_APPARMOR_RESTRICT_USERNS=y
[ Ubuntu: 6.6.0-8.8 ]
* mantic/linux-unstable: 6.6.0-8.8 -proposed tracker (LP: #2040243)
* Miscellaneous Ubuntu changes
- abi: gc reference to phy-rtk-usb2/phy-rtk-usb3
[ Ubuntu: 6.6.0-7.7 ]
* mantic/linux-unstable: 6.6.0-7.7 -proposed tracker (LP: #2040147)
* test_021_aslr_dapper_libs from ubuntu_qrt_kernel_security failed on K-5.19 /
J-OEM-6.1 / J-6.2 AMD64 (LP: #1983357)
- [Config]: set ARCH_MMAP_RND_{COMPAT_, }BITS to the maximum
* Miscellaneous Ubuntu changes
- [Config] updateconfigs following v6.6-rc7 rebase
[ Ubuntu: 6.6.0-6.6 ]
* mantic/linux-unstable: 6.6.0-6.6 -proposed tracker (LP: #2039780)
* Miscellaneous Ubuntu changes
- rebase on v6.6-rc6
- [Config] updateconfigs following v6.6-rc6 rebase
[ Upstream Kernel Changes ]
* Rebase to v6.6-rc6
[ Ubuntu: 6.6.0-5.5 ]
* mantic/linux-unstable: 6.6.0-5.5 -proposed tracker (LP: #2038899)
* Miscellaneous Ubuntu changes
- rebase on v6.6-rc5
- [Config] updateconfigs following v6.6-rc5 rebase
[ Upstream Kernel Changes ]
* Rebase to v6.6-rc5
[ Ubuntu: 6.6.0-4.4 ]
* mantic/linux-unstable: 6.6.0-4.4 -proposed tracker (LP: #2038423)
* Miscellaneous Ubuntu changes
- rebase on v6.6-rc4
[ Upstream Kernel Changes ]
* Rebase to v6.6-rc4
[ Ubuntu: 6.6.0-3.3 ]
* mantic/linux-unstable: 6.6.0-3.3 -proposed tracker (LP: #2037622)
* Miscellaneous Ubuntu changes
- [Config] updateconfigs following v6.6-rc3 rebase
* Miscellaneous upstream changes
- Revert "UBUNTU: SAUCE: enforce rust availability only on x86_64"
- arm64: rust: Enable Rust support for AArch64
- arm64: rust: Enable PAC support for Rust.
- arm64: Restrict Rust support to little endian only.
[ Ubuntu: 6.6.0-2.2 ]
* Miscellaneous upstream changes
- UBUBNTU: [Config] build all COMEDI drivers as modules
[ Ubuntu: 6.6.0-1.1 ]
* Miscellaneous Ubuntu changes
- [Packaging] move linux to linux-unstable
- [Packaging] rebase on v6.6-rc1
- [Config] updateconfigs following v6.6-rc1 rebase
- [packaging] skip ABI, modules and retpoline checks
- update dropped.txt
- [Config] SHIFT_FS FTBFS with Linux 6.6, disable it
- [Config] DELL_UART_BACKLIGHT FTBFS with Linux 6.6, disable it
- [Packaging] debian/dkms-versions: temporarily disable dkms
- [Packaging] temporarily disable signing for s390x
[ Upstream Kernel Changes ]
* Rebase to v6.6-rc1
[ Ubuntu: 6.6.0-0.0 ]
* Empty entry
-- Paolo Pisati <email address hidden> Fri, 09 Feb 2024 12:08:10 +0100
-
linux-oracle (6.6.0-1001.1) noble; urgency=medium
* noble/linux-oracle: 6.6.0-1001.1 -proposed tracker (LP: #2045155)
* Packaging resync (LP: #1786013)
- [Packaging] update update.conf
- debian/dkms-versions -- update from kernel-versions (main/d2023.11.21)
* Miscellaneous Ubuntu changes
- [Config] updateconfigs after Ubuntu-6.6.0-14.14 rebase
-- Paolo Pisati <email address hidden> Thu, 30 Nov 2023 16:44:12 +0100
-
linux-oracle (6.5.0-1010.10) mantic; urgency=medium
* mantic/linux-oracle: 6.5.0-1010.10 -proposed tracker (LP: #2038692)
[ Ubuntu: 6.5.0-9.9 ]
* mantic/linux: 6.5.0-9.9 -proposed tracker (LP: #2038687)
* update apparmor and LSM stacking patch set (LP: #2028253)
- re-apply apparmor 4.0.0
* Disable restricting unprivileged change_profile by default, due to LXD
latest/stable not yet compatible with this new apparmor feature
(LP: #2038567)
- SAUCE: apparmor: Make apparmor_restrict_unprivileged_unconfined opt-in
[ Ubuntu: 6.5.0-8.8 ]
* mantic/linux: 6.5.0-8.8 -proposed tracker (LP: #2038577)
* update apparmor and LSM stacking patch set (LP: #2028253)
- SAUCE: apparmor3.2.0 [02/60]: rename SK_CTX() to aa_sock and make it an
inline fn
- SAUCE: apparmor3.2.0 [05/60]: Add sysctls for additional controls of unpriv
userns restrictions
- SAUCE: apparmor3.2.0 [08/60]: Stacking v38: LSM: Identify modules by more
than name
- SAUCE: apparmor3.2.0 [09/60]: Stacking v38: LSM: Add an LSM identifier for
external use
- SAUCE: apparmor3.2.0 [10/60]: Stacking v38: LSM: Identify the process
attributes for each module
- SAUCE: apparmor3.2.0 [11/60]: Stacking v38: LSM: Maintain a table of LSM
attribute data
- SAUCE: apparmor3.2.0 [12/60]: Stacking v38: proc: Use lsmids instead of lsm
names for attrs
- SAUCE: apparmor3.2.0 [13/60]: Stacking v38: integrity: disassociate
ima_filter_rule from security_audit_rule
- SAUCE: apparmor3.2.0 [14/60]: Stacking v38: LSM: Infrastructure management
of the sock security
- SAUCE: apparmor3.2.0 [15/60]: Stacking v38: LSM: Add the lsmblob data
structure.
- SAUCE: apparmor3.2.0 [16/60]: Stacking v38: LSM: provide lsm name and id
slot mappings
- SAUCE: apparmor3.2.0 [17/60]: Stacking v38: IMA: avoid label collisions with
stacked LSMs
- SAUCE: apparmor3.2.0 [18/60]: Stacking v38: LSM: Use lsmblob in
security_audit_rule_match
- SAUCE: apparmor3.2.0 [19/60]: Stacking v38: LSM: Use lsmblob in
security_kernel_act_as
- SAUCE: apparmor3.2.0 [20/60]: Stacking v38: LSM: Use lsmblob in
security_secctx_to_secid
- SAUCE: apparmor3.2.0 [21/60]: Stacking v38: LSM: Use lsmblob in
security_secid_to_secctx
- SAUCE: apparmor3.2.0 [22/60]: Stacking v38: LSM: Use lsmblob in
security_ipc_getsecid
- SAUCE: apparmor3.2.0 [23/60]: Stacking v38: LSM: Use lsmblob in
security_current_getsecid
- SAUCE: apparmor3.2.0 [24/60]: Stacking v38: LSM: Use lsmblob in
security_inode_getsecid
- SAUCE: apparmor3.2.0 [25/60]: Stacking v38: LSM: Use lsmblob in
security_cred_getsecid
- SAUCE: apparmor3.2.0 [26/60]: Stacking v38: LSM: Specify which LSM to
display
- SAUCE: apparmor3.2.0 [28/60]: Stacking v38: LSM: Ensure the correct LSM
context releaser
- SAUCE: apparmor3.2.0 [29/60]: Stacking v38: LSM: Use lsmcontext in
security_secid_to_secctx
- SAUCE: apparmor3.2.0 [30/60]: Stacking v38: LSM: Use lsmcontext in
security_inode_getsecctx
- SAUCE: apparmor3.2.0 [31/60]: Stacking v38: Use lsmcontext in
security_dentry_init_security
- SAUCE: apparmor3.2.0 [32/60]: Stacking v38: LSM: security_secid_to_secctx in
netlink netfilter
- SAUCE: apparmor3.2.0 [33/60]: Stacking v38: NET: Store LSM netlabel data in
a lsmblob
- SAUCE: apparmor3.2.0 [34/60]: Stacking v38: binder: Pass LSM identifier for
confirmation
- SAUCE: apparmor3.2.0 [35/60]: Stacking v38: LSM: security_secid_to_secctx
module selection
- SAUCE: apparmor3.2.0 [36/60]: Stacking v38: Audit: Keep multiple LSM data in
audit_names
- SAUCE: apparmor3.2.0 [37/60]: Stacking v38: Audit: Create audit_stamp
structure
- SAUCE: apparmor3.2.0 [38/60]: Stacking v38: LSM: Add a function to report
multiple LSMs
- SAUCE: apparmor3.2.0 [39/60]: Stacking v38: Audit: Allow multiple records in
an audit_buffer
- SAUCE: apparmor3.2.0 [40/60]: Stacking v38: Audit: Add record for multiple
task security contexts
- SAUCE: apparmor3.2.0 [41/60]: Stacking v38: audit: multiple subject lsm
values for netlabel
- SAUCE: apparmor3.2.0 [42/60]: Stacking v38: Audit: Add record for multiple
object contexts
- SAUCE: apparmor3.2.0 [43/60]: Stacking v38: netlabel: Use a struct lsmblob
in audit data
- SAUCE: apparmor3.2.0 [44/60]: Stacking v38: LSM: Removed scaffolding
function lsmcontext_init
- SAUCE: apparmor3.2.0 [45/60]: Stacking v38: AppArmor: Remove the exclusive
flag
- SAUCE: apparmor3.2.0 [46/60]: combine common_audit_data and
apparmor_audit_data
- SAUCE: apparmor3.2.0 [47/60]: setup slab cache for audit data
- SAUCE: apparmor3.2.0 [48/60]: rename audit_data->label to
audit_data->subj_label
- SAUCE: apparmor3.2.0 [49/60]: pass cred through to audit info.
- SAUCE: apparmor3.2.0 [50/60]: Improve debug print infrastructure
- SAUCE: apparmor3.2.0 [51/60]: add the ability for profiles to have a
learning cache
- SAUCE: apparmor3.2.0 [52/60]: enable userspace upcall for mediation
- SAUCE: apparmor3.2.0 [53/60]: cache buffers on percpu list if there is lock
contention
- SAUCE: apparmor3.2.0 [55/60]: advertise availability of exended perms
- SAUCE: apparmor3.2.0 [60/60]: [Config] enable
CONFIG_SECURITY_APPARMOR_RESTRICT_USERNS
* LSM stacking and AppArmor for 6.2: additional fixes (LP: #2017903) // update
apparmor and LSM stacking patch set (LP: #2028253)
- SAUCE: apparmor3.2.0 [57/60]: fix profile verification and enable it
* udev fails to make prctl() syscall with apparmor=0 (as used by maas by
default) (LP: #2016908) // update apparmor and LSM stacking patch set
(LP: #2028253)
- SAUCE: apparmor3.2.0 [27/60]: Stacking v38: Fix prctl() syscall with
apparmor=0
* kinetic: apply new apparmor and LSM stacking patch set (LP: #1989983) //
update apparmor and LSM stacking patch set (LP: #2028253)
- SAUCE: apparmor3.2.0 [01/60]: add/use fns to print hash string hex value
- SAUCE: apparmor3.2.0 [03/60]: patch to provide compatibility with v2.x net
rules
- SAUCE: apparmor3.2.0 [04/60]: add user namespace creation mediation
- SAUCE: apparmor3.2.0 [06/60]: af_unix mediation
- SAUCE: apparmor3.2.0 [07/60]: Add fine grained mediation of posix mqueues
-- Paolo Pisati <email address hidden> Fri, 06 Oct 2023 21:30:07 +0200