[ubuntu/jammy-proposed] linux-nvidia-6.8 6.8.0-1006.6~22.04.2 (Accepted)
Andy Whitcroft
apw at canonical.com
Tue May 14 18:25:27 UTC 2024
linux-nvidia-6.8 (6.8.0-1006.6~22.04.2) jammy; urgency=medium
* jammy/linux-nvidia-6.8: 6.8.0-1006.6~22.04.2 -proposed tracker
(LP: #2064357)
* Packaging resync (LP: #1786013)
- [Packaging] drop getabis data
- [Packaging] update variants
- [Packaging] update Ubuntu.md
- [Packaging] debian.nvidia/dkms-versions -- update from kernel-versions
(main/d2024.04.04)
[ Ubuntu: 6.8.0-1006.6 ]
* noble/linux-nvidia: 6.8.0-1006.6 -proposed tracker (LP: #2060232)
* Packaging resync (LP: #1786013)
- [Packaging] drop getabis data
- [Packaging] Replace fs/cifs with fs/smb in inclusion list
- [Packaging] debian.nvidia/dkms-versions -- update from kernel-versions
(main/d2024.04.04)
* Enable GDS in the 6.8 based linux-nvidia kernel (LP: #2059814)
- NVIDIA: SAUCE: Patch NFS driver to support GDS with 6.8 Kernel
- NVIDIA: SAUCE: NVMe/MVMEeOF: Patch NVMe/NVMeOF driver to support GDS on
Linux 6.8 Kernel
- NVIDIA: [Config] Add nvidia-fs build dependencies
* Reapply the linux-nvidia kernel config options from the 5.15 and 6.5 kernels
(LP: #2060327)
- NVIDIA: [Config]: Grouping AAEON config options together, under a comment
- NVIDIA: [Config]: Disable the NOUVEAU driver which is not used with -nvidia
kernels
- NVIDIA: [Config]: Adding CORESIGHT and ARM64_ERRATUM configs to annotations
[ Ubuntu: 6.8.0-31.31 ]
* noble/linux: 6.8.0-31.31 -proposed tracker (LP: #2062933)
* Packaging resync (LP: #1786013)
- [Packaging] debian.master/dkms-versions -- update from kernel-versions
(main/d2024.04.04)
[ Ubuntu: 6.8.0-30.30 ]
* noble/linux: 6.8.0-30.30 -proposed tracker (LP: #2061893)
* System unstable, kernel ring buffer flooded with "BUG: Bad page state in
process swapper/0" (LP: #2056706)
- xen-netfront: Add missing skb_mark_for_recycle
[ Ubuntu: 6.8.0-29.29 ]
* noble/linux: 6.8.0-29.29 -proposed tracker (LP: #2061888)
* [24.04 FEAT] [SEC2353] zcrypt: extend error recovery to deal with device
scans (LP: #2050019)
- s390/zcrypt: harmonize debug feature calls and defines
- s390/zcrypt: introduce dynamic debugging for AP and zcrypt code
- s390/pkey: harmonize pkey s390 debug feature calls
- s390/pkey: introduce dynamic debugging for pkey
- s390/ap: add debug possibility for AP messages
- s390/zcrypt: add debug possibility for CCA and EP11 messages
- s390/ap: rearm APQNs bindings complete completion
- s390/ap: clarify AP scan bus related functions and variables
- s390/ap: rework ap_scan_bus() to return true on config change
- s390/ap: introduce mutex to lock the AP bus scan
- s390/zcrypt: introduce retries on in-kernel send CPRB functions
- s390/zcrypt: improve zcrypt retry behavior
- s390/pkey: improve pkey retry behavior
* [24.04 FEAT] Memory hotplug vmem pages (s390x) (LP: #2051835)
- mm/memory_hotplug: introduce MEM_PREPARE_ONLINE/MEM_FINISH_OFFLINE notifiers
- s390/mm: allocate vmemmap pages from self-contained memory range
- s390/sclp: remove unhandled memory notifier type
- s390/mm: implement MEM_PREPARE_ONLINE/MEM_FINISH_OFFLINE notifiers
- s390: enable MHP_MEMMAP_ON_MEMORY
- [Config] enable CONFIG_ARCH_MHP_MEMMAP_ON_MEMORY_ENABLE and
CONFIG_MHP_MEMMAP_ON_MEMORY for s390x
[ Ubuntu: 6.8.0-28.28 ]
* noble/linux: 6.8.0-28.28 -proposed tracker (LP: #2061867)
* linux-gcp 6.8.0-1005.5 (+ others) Noble kernel regression iwth new apparmor
profiles/features (LP: #2061851)
- SAUCE: apparmor4.0.0 [92/90]: fix address mapping for recvfrom
[ Ubuntu: 6.8.0-25.25 ]
* noble/linux: 6.8.0-25.25 -proposed tracker (LP: #2061083)
* Packaging resync (LP: #1786013)
- [Packaging] debian.master/dkms-versions -- update from kernel-versions
(main/d2024.04.04)
* Apply mitigations for the native BHI hardware vulnerabilty (LP: #2060909)
- x86/cpufeatures: Add new word for scattered features
- x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file
- x86/syscall: Don't force use of indirect calls for system calls
- x86/bhi: Add support for clearing branch history at syscall entry
- x86/bhi: Define SPEC_CTRL_BHI_DIS_S
- x86/bhi: Enumerate Branch History Injection (BHI) bug
- x86/bhi: Add BHI mitigation knob
- x86/bhi: Mitigate KVM by default
- KVM: x86: Add BHI_NO
- x86: set SPECTRE_BHI_ON as default
- [Config] enable spectre_bhi=auto by default
* update apparmor and LSM stacking patch set (LP: #2028253)
- SAUCE: apparmor4.0.0 [01/90]: LSM stacking v39: integrity: disassociate
ima_filter_rule from security_audit_rule
- SAUCE: apparmor4.0.0 [02/90]: LSM stacking v39: SM: Infrastructure
management of the sock security
- SAUCE: apparmor4.0.0 [03/90]: LSM stacking v39: LSM: Add the lsmblob data
structure.
- SAUCE: apparmor4.0.0 [04/90]: LSM stacking v39: IMA: avoid label collisions
with stacked LSMs
- SAUCE: apparmor4.0.0 [05/90]: LSM stacking v39: LSM: Use lsmblob in
security_audit_rule_match
- SAUCE: apparmor4.0.0 [06/90]: LSM stacking v39: LSM: Add lsmblob_to_secctx
hook
- SAUCE: apparmor4.0.0 [07/90]: LSM stacking v39: Audit: maintain an lsmblob
in audit_context
- SAUCE: apparmor4.0.0 [08/90]: LSM stacking v39: LSM: Use lsmblob in
security_ipc_getsecid
- SAUCE: apparmor4.0.0 [09/90]: LSM stacking v39: Audit: Update shutdown LSM
data
- SAUCE: apparmor4.0.0 [10/90]: LSM stacking v39: LSM: Use lsmblob in
security_current_getsecid
- SAUCE: apparmor4.0.0 [11/90]: LSM stacking v39: LSM: Use lsmblob in
security_inode_getsecid
- SAUCE: apparmor4.0.0 [12/90]: LSM stacking v39: Audit: use an lsmblob in
audit_names
- SAUCE: apparmor4.0.0 [13/90]: LSM stacking v39: LSM: Create new
security_cred_getlsmblob LSM hook
- SAUCE: apparmor4.0.0 [14/90]: LSM stacking v39: Audit: Change context data
from secid to lsmblob
- SAUCE: apparmor4.0.0 [15/90]: LSM stacking v39: Netlabel: Use lsmblob for
audit data
- SAUCE: apparmor4.0.0 [16/90]: LSM stacking v39: LSM: Ensure the correct LSM
context releaser
- SAUCE: apparmor4.0.0 [17/90]: LSM stacking v39: LSM: Use lsmcontext in
security_secid_to_secctx
- SAUCE: apparmor4.0.0 [18/90]: LSM stacking v39: LSM: Use lsmcontext in
security_lsmblob_to_secctx
- SAUCE: apparmor4.0.0 [19/90]: LSM stacking v39: LSM: Use lsmcontext in
security_inode_getsecctx
- SAUCE: apparmor4.0.0 [20/90]: LSM stacking v39: LSM: Use lsmcontext in
security_dentry_init_security
- SAUCE: apparmor4.0.0 [21/90]: LSM stacking v39: LSM:
security_lsmblob_to_secctx module selection
- SAUCE: apparmor4.0.0 [22/90]: LSM stacking v39: Audit: Create audit_stamp
structure
- SAUCE: apparmor4.0.0 [23/90]: LSM stacking v39: Audit: Allow multiple
records in an audit_buffer
- SAUCE: apparmor4.0.0 [24/90]: LSM stacking v39: Audit: Add record for
multiple task security contexts
- SAUCE: apparmor4.0.0 [25/90]: LSM stacking v39: audit: multiple subject lsm
values for netlabel
- SAUCE: apparmor4.0.0 [26/90]: LSM stacking v39: Audit: Add record for
multiple object contexts
- SAUCE: apparmor4.0.0 [27/90]: LSM stacking v39: LSM: Remove unused
lsmcontext_init()
- SAUCE: apparmor4.0.0 [28/90]: LSM stacking v39: LSM: Improve logic in
security_getprocattr
- SAUCE: apparmor4.0.0 [29/90]: LSM stacking v39: LSM: secctx provider check
on release
- SAUCE: apparmor4.0.0 [31/90]: LSM stacking v39: LSM: Exclusive secmark usage
- SAUCE: apparmor4.0.0 [32/90]: LSM stacking v39: LSM: Identify which LSM
handles the context string
- SAUCE: apparmor4.0.0 [33/90]: LSM stacking v39: AppArmor: Remove the
exclusive flag
- SAUCE: apparmor4.0.0 [34/90]: LSM stacking v39: LSM: Add mount opts blob
size tracking
- SAUCE: apparmor4.0.0 [35/90]: LSM stacking v39: LSM: allocate mnt_opts blobs
instead of module specific data
- SAUCE: apparmor4.0.0 [36/90]: LSM stacking v39: LSM: Infrastructure
management of the key security blob
- SAUCE: apparmor4.0.0 [37/90]: LSM stacking v39: LSM: Infrastructure
management of the mnt_opts security blob
- SAUCE: apparmor4.0.0 [38/90]: LSM stacking v39: LSM: Correct handling of
ENOSYS in inode_setxattr
- SAUCE: apparmor4.0.0 [39/90]: LSM stacking v39: LSM: Remove lsmblob
scaffolding
- SAUCE: apparmor4.0.0 [40/90]: LSM stacking v39: LSM: Allow reservation of
netlabel
- SAUCE: apparmor4.0.0 [41/90]: LSM stacking v39: LSM: restrict
security_cred_getsecid() to a single LSM
- SAUCE: apparmor4.0.0 [42/90]: LSM stacking v39: Smack: Remove
LSM_FLAG_EXCLUSIVE
- SAUCE: apparmor4.0.0 [43/90]: LSM stacking v39: UBUNTU: SAUCE: apparmor4.0.0
[12/95]: add/use fns to print hash string hex value
- SAUCE: apparmor4.0.0 [44/90]: patch to provide compatibility with v2.x net
rules
- SAUCE: apparmor4.0.0 [45/90]: add unpriviled user ns mediation
- SAUCE: apparmor4.0.0 [46/90]: Add sysctls for additional controls of unpriv
userns restrictions
- SAUCE: apparmor4.0.0 [47/90]: af_unix mediation
- SAUCE: apparmor4.0.0 [48/90]: Add fine grained mediation of posix mqueues
- SAUCE: apparmor4.0.0 [49/90]: setup slab cache for audit data
- SAUCE: apparmor4.0.0 [50/90]: Improve debug print infrastructure
- SAUCE: apparmor4.0.0 [51/90]: add the ability for profiles to have a
learning cache
- SAUCE: apparmor4.0.0 [52/90]: enable userspace upcall for mediation
- SAUCE: apparmor4.0.0 [53/90]: prompt - lock down prompt interface
- SAUCE: apparmor4.0.0 [54/90]: prompt - allow controlling of caching of a
prompt response
- SAUCE: apparmor4.0.0 [55/90]: prompt - add refcount to audit_node in prep or
reuse and delete
- SAUCE: apparmor4.0.0 [56/90]: prompt - refactor to moving caching to
uresponse
- SAUCE: apparmor4.0.0 [57/90]: prompt - Improve debug statements
- SAUCE: apparmor4.0.0 [58/90]: prompt - fix caching
- SAUCE: apparmor4.0.0 [59/90]: prompt - rework build to use append fn, to
simplify adding strings
- SAUCE: apparmor4.0.0 [60/90]: prompt - refcount notifications
- SAUCE: apparmor4.0.0 [61/90]: prompt - add the ability to reply with a
profile name
- SAUCE: apparmor4.0.0 [62/90]: prompt - fix notification cache when updating
- SAUCE: apparmor4.0.0 [63/90]: prompt - add tailglob on name for cache
support
- SAUCE: apparmor4.0.0 [64/90]: prompt - allow profiles to set prompts as
interruptible
- SAUCE: apparmor4.0.0 [65/90] v6.8 prompt:fixup interruptible
- SAUCE: apparmor4.0.0 [69/90]: add io_uring mediation
- SAUCE: apparmor4.0.0 [70/90]: apparmor: fix oops when racing to retrieve
notification
- SAUCE: apparmor4.0.0 [71/90]: apparmor: fix notification header size
- SAUCE: apparmor4.0.0 [72/90]: apparmor: fix request field from a prompt
reply that denies all access
- SAUCE: apparmor4.0.0 [73/90]: apparmor: open userns related sysctl so lxc
can check if restriction are in place
- SAUCE: apparmor4.0.0 [74/90]: apparmor: cleanup attachment perm lookup to
use lookup_perms()
- SAUCE: apparmor4.0.0 [75/90]: apparmor: remove redundant unconfined check.
- SAUCE: apparmor4.0.0 [76/90]: apparmor: switch signal mediation to using
RULE_MEDIATES
- SAUCE: apparmor4.0.0 [77/90]: apparmor: ensure labels with more than one
entry have correct flags
- SAUCE: apparmor4.0.0 [78/90]: apparmor: remove explicit restriction that
unconfined cannot use change_hat
- SAUCE: apparmor4.0.0 [79/90]: apparmor: cleanup: refactor file_perm() to
provide semantics of some checks
- SAUCE: apparmor4.0.0 [80/90]: apparmor: carry mediation check on label
- SAUCE: apparmor4.0.0 [81/90]: apparmor: convert easy uses of unconfined() to
label_mediates()
- SAUCE: apparmor4.0.0 [82/90]: apparmor: add additional flags to extended
permission.
- SAUCE: apparmor4.0.0 [83/90]: apparmor: add support for profiles to define
the kill signal
- SAUCE: apparmor4.0.0 [84/90]: apparmor: fix x_table_lookup when stacking is
not the first entry
- SAUCE: apparmor4.0.0 [85/90]: apparmor: allow profile to be transitioned
when a user ns is created
- SAUCE: apparmor4.0.0 [86/90]: apparmor: add ability to mediate caps with
policy state machine
- SAUCE: apparmor4.0.0 [87/90]: fixup notify
- SAUCE: apparmor4.0.0 [88/90]: apparmor: add fine grained ipv4/ipv6 mediation
- SAUCE: apparmor4.0.0 [89/90]:apparmor: disable tailglob responses for now
- SAUCE: apparmor4.0.0 [90/90]: apparmor: Fix notify build warnings
- SAUCE: apparmor4.0.0: fix reserved mem for when we save ipv6 addresses
- [Config] disable CONFIG_SECURITY_APPARMOR_RESTRICT_USERNS
* update apparmor and LSM stacking patch set (LP: #2028253) // [FFe]
apparmor-4.0.0-alpha2 for unprivileged user namespace restrictions in mantic
(LP: #2032602)
- SAUCE: apparmor4.0.0 [66/90]: prompt - add support for advanced filtering of
notifications
- SAUCE: apparmor4.0.0 [67/90]: userns - add the ability to reference a global
variable for a feature value
- SAUCE: apparmor4.0.0 [68/90]: userns - make it so special unconfined
profiles can mediate user namespaces
* [MTL] x86: Fix Cache info sysfs is not populated (LP: #2049793)
- SAUCE: cacheinfo: Check for null last-level cache info
- SAUCE: cacheinfo: Allocate memory for memory if not done from the primary
CPU
- SAUCE: x86/cacheinfo: Delete global num_cache_leaves
- SAUCE: x86/cacheinfo: Clean out init_cache_level()
* Miscellaneous Ubuntu changes
- SAUCE: apparmor4.0.0: LSM stacking v39: fix build error with
CONFIG_SECURITY=n
- [Config] toolchain version update
[ Ubuntu: 6.8.0-22.22 ]
* noble/linux: 6.8.0-22.22 -proposed tracker (LP: #2060238)
[ Ubuntu: 6.8.0-21.21 ]
* noble/linux: 6.8.0-21.21 -proposed tracker (LP: #2060225)
* Miscellaneous Ubuntu changes
- [Config] update toolchain version in annotations
[ Ubuntu: 6.8.0-1002.2 ]
* noble/linux-nvidia: 6.8.0-1002.2 -proposed tracker (LP: #2058266)
[ Ubuntu: 6.8.0-20.20 ]
* noble/linux: 6.8.0-20.20 -proposed tracker (LP: #2058221)
* Noble update: v6.8.1 upstream stable release (LP: #2058224)
- x86/mmio: Disable KVM mitigation when X86_FEATURE_CLEAR_CPU_BUF is set
- Documentation/hw-vuln: Add documentation for RFDS
- x86/rfds: Mitigate Register File Data Sampling (RFDS)
- KVM/x86: Export RFDS_NO and RFDS_CLEAR to guests
- Linux 6.8.1
* Autopkgtest failures on amd64 (LP: #2048768)
- [Packaging] update to clang-18
* Miscellaneous Ubuntu changes
- SAUCE: apparmor4.0.0: LSM stacking v39: fix build error with
CONFIG_SECURITY=n
- [Config] amd64: MITIGATION_RFDS=y
[ Ubuntu: 6.8.0-19.19 ]
* noble/linux: 6.8.0-19.19 -proposed tracker (LP: #2057910)
* Miscellaneous Ubuntu changes
- [Packaging] re-introduce linux-doc as an empty package
[ Ubuntu: 6.8.0-18.18 ]
* noble/linux: 6.8.0-18.18 -proposed tracker (LP: #2057456)
* Miscellaneous Ubuntu changes
- [Packaging] drop dependency on libclang-17
[ Ubuntu: 6.8.0-17.17 ]
* noble/linux: 6.8.0-17.17 -proposed tracker (LP: #2056745)
* Miscellaneous upstream changes
- Revert "UBUNTU: [Packaging] Add debian/control sanity check"
[ Ubuntu: 6.8.0-16.16 ]
* noble/linux: 6.8.0-16.16 -proposed tracker (LP: #2056738)
* left-over ceph debugging printks (LP: #2056616)
- Revert "UBUNTU: SAUCE: ceph: make sure all the files successfully put before
unmounting"
* qat: Improve error recovery flows (LP: #2056354)
- crypto: qat - add heartbeat error simulator
- crypto: qat - disable arbitration before reset
- crypto: qat - update PFVF protocol for recovery
- crypto: qat - re-enable sriov after pf reset
- crypto: qat - add fatal error notification
- crypto: qat - add auto reset on error
- crypto: qat - limit heartbeat notifications
- crypto: qat - improve aer error reset handling
- crypto: qat - change SLAs cleanup flow at shutdown
- crypto: qat - resolve race condition during AER recovery
- Documentation: qat: fix auto_reset section
* update apparmor and LSM stacking patch set (LP: #2028253)
- SAUCE: apparmor4.0.0 [01/87]: LSM stacking v39: integrity: disassociate
ima_filter_rule from security_audit_rule
- SAUCE: apparmor4.0.0 [02/87]: LSM stacking v39: SM: Infrastructure
management of the sock security
- SAUCE: apparmor4.0.0 [03/87]: LSM stacking v39: LSM: Add the lsmblob data
structure.
- SAUCE: apparmor4.0.0 [04/87]: LSM stacking v39: IMA: avoid label collisions
with stacked LSMs
- SAUCE: apparmor4.0.0 [05/87]: LSM stacking v39: LSM: Use lsmblob in
security_audit_rule_match
- SAUCE: apparmor4.0.0 [06/87]: LSM stacking v39: LSM: Add lsmblob_to_secctx
hook
- SAUCE: apparmor4.0.0 [07/87]: LSM stacking v39: Audit: maintain an lsmblob
in audit_context
- SAUCE: apparmor4.0.0 [08/87]: LSM stacking v39: LSM: Use lsmblob in
security_ipc_getsecid
- SAUCE: apparmor4.0.0 [09/87]: LSM stacking v39: Audit: Update shutdown LSM
data
- SAUCE: apparmor4.0.0 [10/87]: LSM stacking v39: LSM: Use lsmblob in
security_current_getsecid
- SAUCE: apparmor4.0.0 [11/87]: LSM stacking v39: LSM: Use lsmblob in
security_inode_getsecid
- SAUCE: apparmor4.0.0 [12/87]: LSM stacking v39: Audit: use an lsmblob in
audit_names
- SAUCE: apparmor4.0.0 [13/87]: LSM stacking v39: LSM: Create new
security_cred_getlsmblob LSM hook
- SAUCE: apparmor4.0.0 [14/87]: LSM stacking v39: Audit: Change context data
from secid to lsmblob
- SAUCE: apparmor4.0.0 [15/87]: LSM stacking v39: Netlabel: Use lsmblob for
audit data
- SAUCE: apparmor4.0.0 [16/87]: LSM stacking v39: LSM: Ensure the correct LSM
context releaser
- SAUCE: apparmor4.0.0 [17/87]: LSM stacking v39: LSM: Use lsmcontext in
security_secid_to_secctx
- SAUCE: apparmor4.0.0 [18/87]: LSM stacking v39: LSM: Use lsmcontext in
security_lsmblob_to_secctx
- SAUCE: apparmor4.0.0 [19/87]: LSM stacking v39: LSM: Use lsmcontext in
security_inode_getsecctx
- SAUCE: apparmor4.0.0 [20/87]: LSM stacking v39: LSM: Use lsmcontext in
security_dentry_init_security
- SAUCE: apparmor4.0.0 [21/87]: LSM stacking v39: LSM:
security_lsmblob_to_secctx module selection
- SAUCE: apparmor4.0.0 [22/87]: LSM stacking v39: Audit: Create audit_stamp
structure
- SAUCE: apparmor4.0.0 [23/87]: LSM stacking v39: Audit: Allow multiple
records in an audit_buffer
- SAUCE: apparmor4.0.0 [24/87]: LSM stacking v39: Audit: Add record for
multiple task security contexts
- SAUCE: apparmor4.0.0 [25/87]: LSM stacking v39: audit: multiple subject lsm
values for netlabel
- SAUCE: apparmor4.0.0 [26/87]: LSM stacking v39: Audit: Add record for
multiple object contexts
- SAUCE: apparmor4.0.0 [27/87]: LSM stacking v39: LSM: Remove unused
lsmcontext_init()
- SAUCE: apparmor4.0.0 [28/87]: LSM stacking v39: LSM: Improve logic in
security_getprocattr
- SAUCE: apparmor4.0.0 [29/87]: LSM stacking v39: LSM: secctx provider check
on release
- SAUCE: apparmor4.0.0 [31/87]: LSM stacking v39: LSM: Exclusive secmark usage
- SAUCE: apparmor4.0.0 [32/87]: LSM stacking v39: LSM: Identify which LSM
handles the context string
- SAUCE: apparmor4.0.0 [33/87]: LSM stacking v39: AppArmor: Remove the
exclusive flag
- SAUCE: apparmor4.0.0 [34/87]: LSM stacking v39: LSM: Add mount opts blob
size tracking
- SAUCE: apparmor4.0.0 [35/87]: LSM stacking v39: LSM: allocate mnt_opts blobs
instead of module specific data
- SAUCE: apparmor4.0.0 [36/87]: LSM stacking v39: LSM: Infrastructure
management of the key security blob
- SAUCE: apparmor4.0.0 [37/87]: LSM stacking v39: LSM: Infrastructure
management of the mnt_opts security blob
- SAUCE: apparmor4.0.0 [38/87]: LSM stacking v39: LSM: Correct handling of
ENOSYS in inode_setxattr
- SAUCE: apparmor4.0.0 [39/87]: LSM stacking v39: LSM: Remove lsmblob
scaffolding
- SAUCE: apparmor4.0.0 [40/87]: LSM stacking v39: LSM: Allow reservation of
netlabel
- SAUCE: apparmor4.0.0 [41/87]: LSM stacking v39: LSM: restrict
security_cred_getsecid() to a single LSM
- SAUCE: apparmor4.0.0 [42/87]: LSM stacking v39: Smack: Remove
LSM_FLAG_EXCLUSIVE
- SAUCE: apparmor4.0.0 [43/87]: LSM stacking v39: UBUNTU: SAUCE: apparmor4.0.0
[12/95]: add/use fns to print hash string hex value
- SAUCE: apparmor4.0.0 [44/87]: patch to provide compatibility with v2.x net
rules
- SAUCE: apparmor4.0.0 [45/87]: add unpriviled user ns mediation
- SAUCE: apparmor4.0.0 [46/87]: Add sysctls for additional controls of unpriv
userns restrictions
- SAUCE: apparmor4.0.0 [47/87]: af_unix mediation
- SAUCE: apparmor4.0.0 [48/87]: Add fine grained mediation of posix mqueues
- SAUCE: apparmor4.0.0 [49/87]: setup slab cache for audit data
- SAUCE: apparmor4.0.0 [50/87]: Improve debug print infrastructure
- SAUCE: apparmor4.0.0 [51/87]: add the ability for profiles to have a
learning cache
- SAUCE: apparmor4.0.0 [52/87]: enable userspace upcall for mediation
- SAUCE: apparmor4.0.0 [53/87]: prompt - lock down prompt interface
- SAUCE: apparmor4.0.0 [54/87]: prompt - allow controlling of caching of a
prompt response
- SAUCE: apparmor4.0.0 [55/87]: prompt - add refcount to audit_node in prep or
reuse and delete
- SAUCE: apparmor4.0.0 [56/87]: prompt - refactor to moving caching to
uresponse
- SAUCE: apparmor4.0.0 [57/87]: prompt - Improve debug statements
- SAUCE: apparmor4.0.0 [58/87]: prompt - fix caching
- SAUCE: apparmor4.0.0 [59/87]: prompt - rework build to use append fn, to
simplify adding strings
- SAUCE: apparmor4.0.0 [60/87]: prompt - refcount notifications
- SAUCE: apparmor4.0.0 [61/87]: prompt - add the ability to reply with a
profile name
- SAUCE: apparmor4.0.0 [62/87]: prompt - fix notification cache when updating
- SAUCE: apparmor4.0.0 [63/87]: prompt - add tailglob on name for cache
support
- SAUCE: apparmor4.0.0 [64/87]: prompt - allow profiles to set prompts as
interruptible
- SAUCE: apparmor4.0.0 [65/87] v6.8 prompt:fixup interruptible
- SAUCE: apparmor4.0.0 [69/87]: add io_uring mediation
- SAUCE: apparmor4.0.0 [70/87]: apparmor: fix oops when racing to retrieve
notification
- SAUCE: apparmor4.0.0 [71/87]: apparmor: fix notification header size
- SAUCE: apparmor4.0.0 [72/87]: apparmor: fix request field from a prompt
reply that denies all access
- SAUCE: apparmor4.0.0 [73/87]: apparmor: open userns related sysctl so lxc
can check if restriction are in place
- SAUCE: apparmor4.0.0 [74/87]: apparmor: cleanup attachment perm lookup to
use lookup_perms()
- SAUCE: apparmor4.0.0 [75/87]: apparmor: remove redundant unconfined check.
- SAUCE: apparmor4.0.0 [76/87]: apparmor: switch signal mediation to using
RULE_MEDIATES
- SAUCE: apparmor4.0.0 [77/87]: apparmor: ensure labels with more than one
entry have correct flags
- SAUCE: apparmor4.0.0 [78/87]: apparmor: remove explicit restriction that
unconfined cannot use change_hat
- SAUCE: apparmor4.0.0 [79/87]: apparmor: cleanup: refactor file_perm() to
provide semantics of some checks
- SAUCE: apparmor4.0.0 [80/87]: apparmor: carry mediation check on label
- SAUCE: apparmor4.0.0 [81/87]: apparmor: convert easy uses of unconfined() to
label_mediates()
- SAUCE: apparmor4.0.0 [82/87]: apparmor: add additional flags to extended
permission.
- SAUCE: apparmor4.0.0 [83/87]: apparmor: add support for profiles to define
the kill signal
- SAUCE: apparmor4.0.0 [84/87]: apparmor: fix x_table_lookup when stacking is
not the first entry
- SAUCE: apparmor4.0.0 [85/87]: apparmor: allow profile to be transitioned
when a user ns is created
- SAUCE: apparmor4.0.0 [86/87]: apparmor: add ability to mediate caps with
policy state machine
- SAUCE: apparmor4.0.0 [87/87]: fixup notify
- [Config] disable CONFIG_SECURITY_APPARMOR_RESTRICT_USERNS
* update apparmor and LSM stacking patch set (LP: #2028253) // [FFe]
apparmor-4.0.0-alpha2 for unprivileged user namespace restrictions in mantic
(LP: #2032602)
- SAUCE: apparmor4.0.0 [66/87]: prompt - add support for advanced filtering of
notifications
- SAUCE: apparmor4.0.0 [67/87]: userns - add the ability to reference a global
variable for a feature value
- SAUCE: apparmor4.0.0 [68/87]: userns - make it so special unconfined
profiles can mediate user namespaces
* Enable lowlatency settings in the generic kernel (LP: #2051342)
- [Config] enable low-latency settings
* hwmon: (coretemp) Fix core count limitation (LP: #2056126)
- hwmon: (coretemp) Introduce enum for attr index
- hwmon: (coretemp) Remove unnecessary dependency of array index
- hwmon: (coretemp) Replace sensor_device_attribute with device_attribute
- hwmon: (coretemp) Remove redundant pdata->cpu_map[]
- hwmon: (coretemp) Abstract core_temp helpers
- hwmon: (coretemp) Split package temp_data and core temp_data
- hwmon: (coretemp) Remove redundant temp_data->is_pkg_data
- hwmon: (coretemp) Use dynamic allocated memory for core temp_data
* Miscellaneous Ubuntu changes
- [Config] Disable CONFIG_CRYPTO_DEV_QAT_ERROR_INJECTION
- [Packaging] remove debian/scripts/misc/arch-has-odm-enabled.sh
- rebase on v6.8
- [Config] toolchain version update
* Miscellaneous upstream changes
- crypto: qat - add fatal error notify method
* Rebase on v6.8
[ Ubuntu: 6.8.0-15.15 ]
* noble/linux: 6.8.0-15.15 -proposed tracker (LP: #2055871)
* Miscellaneous Ubuntu changes
- rebase on v6.8-rc7
* Miscellaneous upstream changes
- Revert "UBUNTU: [Packaging] Transition laptop-23.10 to generic"
* Rebase on v6.8-rc7
[ Ubuntu: 6.8.0-14.14 ]
* noble/linux: 6.8.0-14.14 -proposed tracker (LP: #2055551)
* Please change CONFIG_CONSOLE_LOGLEVEL_QUIET to 3 (LP: #2049390)
- [Config] reduce verbosity when booting in quiet mode
* linux: please move erofs.ko (CONFIG_EROFS for EROFS support) from linux-
modules-extra to linux-modules (LP: #2054809)
- UBUNTU [Packaging]: Include erofs in linux-modules instead of linux-modules-
extra
* linux: please move dmi-sysfs.ko (CONFIG_DMI_SYSFS for SMBIOS support) from
linux-modules-extra to linux-modules (LP: #2045561)
- [Packaging] Move dmi-sysfs.ko into linux-modules
* Enable CONFIG_INTEL_IOMMU_DEFAULT_ON and
CONFIG_INTEL_IOMMU_SCALABLE_MODE_DEFAULT_ON (LP: #1951440)
- [Config] enable Intel DMA remapping by default
* disable Intel DMA remapping by default (LP: #1971699)
- [Config] update tracking bug for CONFIG_INTEL_IOMMU_DEFAULT_ON
* Packaging resync (LP: #1786013)
- debian.master/dkms-versions -- update from kernel-versions
(main/d2024.02.29)
* Miscellaneous Ubuntu changes
- SAUCE: modpost: Replace 0-length array with flex-array member
- [packaging] do not include debian/ directory in a binary package
- [packaging] remove debian/stamps/keep-dir
[ Ubuntu: 6.8.0-13.13 ]
* noble/linux: 6.8.0-13.13 -proposed tracker (LP: #2055421)
* Packaging resync (LP: #1786013)
- debian.master/dkms-versions -- update from kernel-versions
(main/d2024.02.29)
* Miscellaneous Ubuntu changes
- rebase on v6.8-rc6
- [Config] updateconfifs following v6.8-rc6 rebase
* Rebase on v6.8-rc6
[ Ubuntu: 6.8.0-12.12 ]
* linux-tools-common: man page of usbip[d] is misplaced (LP: #2054094)
- [Packaging] rules: Put usbip manpages in the correct directory
* Validate connection interval to pass Bluetooth Test Suite (LP: #2052005)
- Bluetooth: Enforce validation on max value of connection interval
* Turning COMPAT_32BIT_TIME off on s390x (LP: #2038583)
- [Config] Turn off 31-bit COMPAT on s390x
* Don't produce linux-source binary package (LP: #2043994)
- [Packaging] Add debian/control sanity check
* Don't produce linux-*-source-<version> package (LP: #2052439)
- [Packaging] Move linux-source package stub to debian/control.d
- [Packaging] Build linux-source package only for the main kernel
* Don't produce linux-*-cloud-tools-common, linux-*-tools-common and
linux-*-tools-host binary packages (LP: #2048183)
- [Packaging] Move indep tools package stubs to debian/control.d
- [Packaging] Build indep tools packages only for the main kernel
* Enable CONFIG_INTEL_IOMMU_DEFAULT_ON and
CONFIG_INTEL_IOMMU_SCALABLE_MODE_DEFAULT_ON (LP: #1951440)
- [Config] enable Intel DMA remapping by default
* disable Intel DMA remapping by default (LP: #1971699)
- [Config] update tracking bug for CONFIG_INTEL_IOMMU_DEFAULT_ON
* Miscellaneous Ubuntu changes
- [Packaging] Transition laptop-23.10 to generic
[ Ubuntu: 6.8.0-1001.1 ]
* noble/linux-nvidia: 6.8.0-1001.1 -proposed tracker (LP: #2055128)
* Packaging resync (LP: #1786013)
- debian.nvidia/dkms-versions -- update from kernel-versions
(main/d2024.02.07)
* Miscellaneous Ubuntu changes
- [Packaging] add Rust build dependencies
- [Config] update annotations after rebase to v6.8
[ Ubuntu: 6.8.0-11.11 ]
* noble/linux: 6.8.0-11.11 -proposed tracker (LP: #2053094)
* Miscellaneous Ubuntu changes
- [Packaging] riscv64: disable building unnecessary binary debs
[ Ubuntu: 6.8.0-10.10 ]
* noble/linux: 6.8.0-10.10 -proposed tracker (LP: #2053015)
* Miscellaneous Ubuntu changes
- [Packaging] add Rust build-deps for riscv64
* Miscellaneous upstream changes
- Revert "Revert "UBUNTU: [Packaging] temporarily disable Rust dependencies on
riscv64""
[ Ubuntu: 6.8.0-9.9 ]
* noble/linux: 6.8.0-9.9 -proposed tracker (LP: #2052945)
* Miscellaneous upstream changes
- Revert "UBUNTU: [Packaging] temporarily disable Rust dependencies on
riscv64"
[ Ubuntu: 6.8.0-8.8 ]
* noble/linux: 6.8.0-8.8 -proposed tracker (LP: #2052918)
* Miscellaneous Ubuntu changes
- [Packaging] riscv64: enable linux-libc-dev build
- v6.8-rc4 rebase
* Rebase on v6.8-rc4
[ Ubuntu: 6.8.0-7.7 ]
* noble/linux: 6.8.0-7.7 -proposed tracker (LP: #2052691)
* update apparmor and LSM stacking patch set (LP: #2028253)
- SAUCE: apparmor4.0.0 [01/87]: LSM stacking v39: integrity: disassociate
ima_filter_rule from security_audit_rule
- SAUCE: apparmor4.0.0 [02/87]: LSM stacking v39: SM: Infrastructure
management of the sock security
- SAUCE: apparmor4.0.0 [03/87]: LSM stacking v39: LSM: Add the lsmblob data
structure.
- SAUCE: apparmor4.0.0 [04/87]: LSM stacking v39: IMA: avoid label collisions
with stacked LSMs
- SAUCE: apparmor4.0.0 [05/87]: LSM stacking v39: LSM: Use lsmblob in
security_audit_rule_match
- SAUCE: apparmor4.0.0 [06/87]: LSM stacking v39: LSM: Add lsmblob_to_secctx
hook
- SAUCE: apparmor4.0.0 [07/87]: LSM stacking v39: Audit: maintain an lsmblob
in audit_context
- SAUCE: apparmor4.0.0 [08/87]: LSM stacking v39: LSM: Use lsmblob in
security_ipc_getsecid
- SAUCE: apparmor4.0.0 [09/87]: LSM stacking v39: Audit: Update shutdown LSM
data
- SAUCE: apparmor4.0.0 [10/87]: LSM stacking v39: LSM: Use lsmblob in
security_current_getsecid
- SAUCE: apparmor4.0.0 [11/87]: LSM stacking v39: LSM: Use lsmblob in
security_inode_getsecid
- SAUCE: apparmor4.0.0 [12/87]: LSM stacking v39: Audit: use an lsmblob in
audit_names
- SAUCE: apparmor4.0.0 [13/87]: LSM stacking v39: LSM: Create new
security_cred_getlsmblob LSM hook
- SAUCE: apparmor4.0.0 [14/87]: LSM stacking v39: Audit: Change context data
from secid to lsmblob
- SAUCE: apparmor4.0.0 [15/87]: LSM stacking v39: Netlabel: Use lsmblob for
audit data
- SAUCE: apparmor4.0.0 [16/87]: LSM stacking v39: LSM: Ensure the correct LSM
context releaser
- SAUCE: apparmor4.0.0 [17/87]: LSM stacking v39: LSM: Use lsmcontext in
security_secid_to_secctx
- SAUCE: apparmor4.0.0 [18/87]: LSM stacking v39: LSM: Use lsmcontext in
security_lsmblob_to_secctx
- SAUCE: apparmor4.0.0 [19/87]: LSM stacking v39: LSM: Use lsmcontext in
security_inode_getsecctx
- SAUCE: apparmor4.0.0 [20/87]: LSM stacking v39: LSM: Use lsmcontext in
security_dentry_init_security
- SAUCE: apparmor4.0.0 [21/87]: LSM stacking v39: LSM:
security_lsmblob_to_secctx module selection
- SAUCE: apparmor4.0.0 [22/87]: LSM stacking v39: Audit: Create audit_stamp
structure
- SAUCE: apparmor4.0.0 [23/87]: LSM stacking v39: Audit: Allow multiple
records in an audit_buffer
- SAUCE: apparmor4.0.0 [24/87]: LSM stacking v39: Audit: Add record for
multiple task security contexts
- SAUCE: apparmor4.0.0 [25/87]: LSM stacking v39: audit: multiple subject lsm
values for netlabel
- SAUCE: apparmor4.0.0 [26/87]: LSM stacking v39: Audit: Add record for
multiple object contexts
- SAUCE: apparmor4.0.0 [27/87]: LSM stacking v39: LSM: Remove unused
lsmcontext_init()
- SAUCE: apparmor4.0.0 [28/87]: LSM stacking v39: LSM: Improve logic in
security_getprocattr
- SAUCE: apparmor4.0.0 [29/87]: LSM stacking v39: LSM: secctx provider check
on release
- SAUCE: apparmor4.0.0 [31/87]: LSM stacking v39: LSM: Exclusive secmark usage
- SAUCE: apparmor4.0.0 [32/87]: LSM stacking v39: LSM: Identify which LSM
handles the context string
- SAUCE: apparmor4.0.0 [33/87]: LSM stacking v39: AppArmor: Remove the
exclusive flag
- SAUCE: apparmor4.0.0 [34/87]: LSM stacking v39: LSM: Add mount opts blob
size tracking
- SAUCE: apparmor4.0.0 [35/87]: LSM stacking v39: LSM: allocate mnt_opts blobs
instead of module specific data
- SAUCE: apparmor4.0.0 [36/87]: LSM stacking v39: LSM: Infrastructure
management of the key security blob
- SAUCE: apparmor4.0.0 [37/87]: LSM stacking v39: LSM: Infrastructure
management of the mnt_opts security blob
- SAUCE: apparmor4.0.0 [38/87]: LSM stacking v39: LSM: Correct handling of
ENOSYS in inode_setxattr
- SAUCE: apparmor4.0.0 [39/87]: LSM stacking v39: LSM: Remove lsmblob
scaffolding
- SAUCE: apparmor4.0.0 [40/87]: LSM stacking v39: LSM: Allow reservation of
netlabel
- SAUCE: apparmor4.0.0 [41/87]: LSM stacking v39: LSM: restrict
security_cred_getsecid() to a single LSM
- SAUCE: apparmor4.0.0 [42/87]: LSM stacking v39: Smack: Remove
LSM_FLAG_EXCLUSIVE
- SAUCE: apparmor4.0.0 [43/87]: LSM stacking v39: UBUNTU: SAUCE: apparmor4.0.0
[12/95]: add/use fns to print hash string hex value
- SAUCE: apparmor4.0.0 [44/87]: patch to provide compatibility with v2.x net
rules
- SAUCE: apparmor4.0.0 [45/87]: add unpriviled user ns mediation
- SAUCE: apparmor4.0.0 [46/87]: Add sysctls for additional controls of unpriv
userns restrictions
- SAUCE: apparmor4.0.0 [47/87]: af_unix mediation
- SAUCE: apparmor4.0.0 [48/87]: Add fine grained mediation of posix mqueues
- SAUCE: apparmor4.0.0 [49/87]: setup slab cache for audit data
- SAUCE: apparmor4.0.0 [50/87]: Improve debug print infrastructure
- SAUCE: apparmor4.0.0 [51/87]: add the ability for profiles to have a
learning cache
- SAUCE: apparmor4.0.0 [52/87]: enable userspace upcall for mediation
- SAUCE: apparmor4.0.0 [53/87]: prompt - lock down prompt interface
- SAUCE: apparmor4.0.0 [54/87]: prompt - allow controlling of caching of a
prompt response
- SAUCE: apparmor4.0.0 [55/87]: prompt - add refcount to audit_node in prep or
reuse and delete
- SAUCE: apparmor4.0.0 [56/87]: prompt - refactor to moving caching to
uresponse
- SAUCE: apparmor4.0.0 [57/87]: prompt - Improve debug statements
- SAUCE: apparmor4.0.0 [58/87]: prompt - fix caching
- SAUCE: apparmor4.0.0 [59/87]: prompt - rework build to use append fn, to
simplify adding strings
- SAUCE: apparmor4.0.0 [60/87]: prompt - refcount notifications
- SAUCE: apparmor4.0.0 [61/87]: prompt - add the ability to reply with a
profile name
- SAUCE: apparmor4.0.0 [62/87]: prompt - fix notification cache when updating
- SAUCE: apparmor4.0.0 [63/87]: prompt - add tailglob on name for cache
support
- SAUCE: apparmor4.0.0 [64/87]: prompt - allow profiles to set prompts as
interruptible
- SAUCE: apparmor4.0.0 [65/87] v6.8 prompt:fixup interruptible
- SAUCE: apparmor4.0.0 [69/87]: add io_uring mediation
- SAUCE: apparmor4.0.0 [70/87]: apparmor: fix oops when racing to retrieve
notification
- SAUCE: apparmor4.0.0 [71/87]: apparmor: fix notification header size
- SAUCE: apparmor4.0.0 [72/87]: apparmor: fix request field from a prompt
reply that denies all access
- SAUCE: apparmor4.0.0 [73/87]: apparmor: open userns related sysctl so lxc
can check if restriction are in place
- SAUCE: apparmor4.0.0 [74/87]: apparmor: cleanup attachment perm lookup to
use lookup_perms()
- SAUCE: apparmor4.0.0 [75/87]: apparmor: remove redundant unconfined check.
- SAUCE: apparmor4.0.0 [76/87]: apparmor: switch signal mediation to using
RULE_MEDIATES
- SAUCE: apparmor4.0.0 [77/87]: apparmor: ensure labels with more than one
entry have correct flags
- SAUCE: apparmor4.0.0 [78/87]: apparmor: remove explicit restriction that
unconfined cannot use change_hat
- SAUCE: apparmor4.0.0 [79/87]: apparmor: cleanup: refactor file_perm() to
provide semantics of some checks
- SAUCE: apparmor4.0.0 [80/87]: apparmor: carry mediation check on label
- SAUCE: apparmor4.0.0 [81/87]: apparmor: convert easy uses of unconfined() to
label_mediates()
- SAUCE: apparmor4.0.0 [82/87]: apparmor: add additional flags to extended
permission.
- SAUCE: apparmor4.0.0 [83/87]: apparmor: add support for profiles to define
the kill signal
- SAUCE: apparmor4.0.0 [84/87]: apparmor: fix x_table_lookup when stacking is
not the first entry
- SAUCE: apparmor4.0.0 [85/87]: apparmor: allow profile to be transitioned
when a user ns is created
- SAUCE: apparmor4.0.0 [86/87]: apparmor: add ability to mediate caps with
policy state machine
- SAUCE: apparmor4.0.0 [87/87]: fixup notify
- [Config] disable CONFIG_SECURITY_APPARMOR_RESTRICT_USERNS
* update apparmor and LSM stacking patch set (LP: #2028253) // [FFe]
apparmor-4.0.0-alpha2 for unprivileged user namespace restrictions in mantic
(LP: #2032602)
- SAUCE: apparmor4.0.0 [66/87]: prompt - add support for advanced filtering of
notifications
- SAUCE: apparmor4.0.0 [67/87]: userns - add the ability to reference a global
variable for a feature value
- SAUCE: apparmor4.0.0 [68/87]: userns - make it so special unconfined
profiles can mediate user namespaces
[ Ubuntu: 6.8.0-6.6 ]
* noble/linux: 6.8.0-6.6 -proposed tracker (LP: #2052592)
* Packaging resync (LP: #1786013)
- debian.master/dkms-versions -- update from kernel-versions
(main/d2024.02.07)
- [Packaging] update variants
* FIPS kernels should default to fips mode (LP: #2049082)
- SAUCE: Enable fips mode by default, in FIPS kernels only
* Fix snapcraftyaml.yaml for jammy:linux-raspi (LP: #2051468)
- [Packaging] Remove old snapcraft.yaml
* Azure: Fix regression introduced in LP: #2045069 (LP: #2052453)
- hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed
* Miscellaneous Ubuntu changes
- [Packaging] Remove in-tree abi checks
- [Packaging] drop abi files with clean
- [Packaging] Remove do_full_source variable (fixup)
- [Packaging] Remove update-dkms-versions and move dkms-versions
- [Config] updateconfigs following v6.8-rc3 rebase
- [packaging] rename to linux
- [packaging] rebase on v6.8-rc3
- [packaging] disable signing for ppc64el
* Rebase on v6.8-rc3
[ Ubuntu: 6.8.0-5.5 ]
* noble/linux-unstable: 6.8.0-5.5 -proposed tracker (LP: #2052136)
* Miscellaneous upstream changes
- Revert "mm/sparsemem: fix race in accessing memory_section->usage"
[ Ubuntu: 6.8.0-4.4 ]
* noble/linux-unstable: 6.8.0-4.4 -proposed tracker (LP: #2051502)
* Migrate from fbdev drivers to simpledrm and DRM fbdev emulation layer
(LP: #1965303)
- [Config] enable simpledrm and DRM fbdev emulation layer
* Miscellaneous Ubuntu changes
- [Config] toolchain update
* Miscellaneous upstream changes
- rust: upgrade to Rust 1.75.0
[ Ubuntu: 6.8.0-3.3 ]
* noble/linux-unstable: 6.8.0-3.3 -proposed tracker (LP: #2051488)
* update apparmor and LSM stacking patch set (LP: #2028253)
- SAUCE: apparmor4.0.0 [43/87]: LSM stacking v39: UBUNTU: SAUCE: apparmor4.0.0
[12/95]: add/use fns to print hash string hex value
- SAUCE: apparmor4.0.0 [44/87]: patch to provide compatibility with v2.x net
rules
- SAUCE: apparmor4.0.0 [45/87]: add unpriviled user ns mediation
- SAUCE: apparmor4.0.0 [46/87]: Add sysctls for additional controls of unpriv
userns restrictions
- SAUCE: apparmor4.0.0 [47/87]: af_unix mediation
- SAUCE: apparmor4.0.0 [48/87]: Add fine grained mediation of posix mqueues
- SAUCE: apparmor4.0.0 [49/87]: setup slab cache for audit data
- SAUCE: apparmor4.0.0 [50/87]: Improve debug print infrastructure
- SAUCE: apparmor4.0.0 [51/87]: add the ability for profiles to have a
learning cache
- SAUCE: apparmor4.0.0 [52/87]: enable userspace upcall for mediation
- SAUCE: apparmor4.0.0 [53/87]: prompt - lock down prompt interface
- SAUCE: apparmor4.0.0 [54/87]: prompt - allow controlling of caching of a
prompt response
- SAUCE: apparmor4.0.0 [55/87]: prompt - add refcount to audit_node in prep or
reuse and delete
- SAUCE: apparmor4.0.0 [56/87]: prompt - refactor to moving caching to
uresponse
- SAUCE: apparmor4.0.0 [57/87]: prompt - Improve debug statements
- SAUCE: apparmor4.0.0 [58/87]: prompt - fix caching
- SAUCE: apparmor4.0.0 [59/87]: prompt - rework build to use append fn, to
simplify adding strings
- SAUCE: apparmor4.0.0 [60/87]: prompt - refcount notifications
- SAUCE: apparmor4.0.0 [61/87]: prompt - add the ability to reply with a
profile name
- SAUCE: apparmor4.0.0 [62/87]: prompt - fix notification cache when updating
- SAUCE: apparmor4.0.0 [63/87]: prompt - add tailglob on name for cache
support
- SAUCE: apparmor4.0.0 [64/87]: prompt - allow profiles to set prompts as
interruptible
- SAUCE: apparmor4.0.0 [69/87]: add io_uring mediation
- [Config] disable CONFIG_SECURITY_APPARMOR_RESTRICT_USERNS
* apparmor restricts read access of user namespace mediation sysctls to root
(LP: #2040194)
- SAUCE: apparmor4.0.0 [73/87]: apparmor: open userns related sysctl so lxc
can check if restriction are in place
* AppArmor spams kernel log with assert when auditing (LP: #2040192)
- SAUCE: apparmor4.0.0 [72/87]: apparmor: fix request field from a prompt
reply that denies all access
* apparmor notification files verification (LP: #2040250)
- SAUCE: apparmor4.0.0 [71/87]: apparmor: fix notification header size
* apparmor oops when racing to retrieve a notification (LP: #2040245)
- SAUCE: apparmor4.0.0 [70/87]: apparmor: fix oops when racing to retrieve
notification
* update apparmor and LSM stacking patch set (LP: #2028253) // [FFe]
apparmor-4.0.0-alpha2 for unprivileged user namespace restrictions in mantic
(LP: #2032602)
- SAUCE: apparmor4.0.0 [66/87]: prompt - add support for advanced filtering of
notifications
- SAUCE: apparmor4.0.0 [67/87]: userns - add the ability to reference a global
variable for a feature value
- SAUCE: apparmor4.0.0 [68/87]: userns - make it so special unconfined
profiles can mediate user namespaces
* Miscellaneous Ubuntu changes
- SAUCE: apparmor4.0.0 [01/87]: LSM stacking v39: integrity: disassociate
ima_filter_rule from security_audit_rule
- SAUCE: apparmor4.0.0 [02/87]: LSM stacking v39: SM: Infrastructure
management of the sock security
- SAUCE: apparmor4.0.0 [03/87]: LSM stacking v39: LSM: Add the lsmblob data
structure.
- SAUCE: apparmor4.0.0 [04/87]: LSM stacking v39: IMA: avoid label collisions
with stacked LSMs
- SAUCE: apparmor4.0.0 [05/87]: LSM stacking v39: LSM: Use lsmblob in
security_audit_rule_match
- SAUCE: apparmor4.0.0 [06/87]: LSM stacking v39: LSM: Add lsmblob_to_secctx
hook
- SAUCE: apparmor4.0.0 [07/87]: LSM stacking v39: Audit: maintain an lsmblob
in audit_context
- SAUCE: apparmor4.0.0 [08/87]: LSM stacking v39: LSM: Use lsmblob in
security_ipc_getsecid
- SAUCE: apparmor4.0.0 [09/87]: LSM stacking v39: Audit: Update shutdown LSM
data
- SAUCE: apparmor4.0.0 [10/87]: LSM stacking v39: LSM: Use lsmblob in
security_current_getsecid
- SAUCE: apparmor4.0.0 [11/87]: LSM stacking v39: LSM: Use lsmblob in
security_inode_getsecid
- SAUCE: apparmor4.0.0 [12/87]: LSM stacking v39: Audit: use an lsmblob in
audit_names
- SAUCE: apparmor4.0.0 [13/87]: LSM stacking v39: LSM: Create new
security_cred_getlsmblob LSM hook
- SAUCE: apparmor4.0.0 [14/87]: LSM stacking v39: Audit: Change context data
from secid to lsmblob
- SAUCE: apparmor4.0.0 [15/87]: LSM stacking v39: Netlabel: Use lsmblob for
audit data
- SAUCE: apparmor4.0.0 [16/87]: LSM stacking v39: LSM: Ensure the correct LSM
context releaser
- SAUCE: apparmor4.0.0 [17/87]: LSM stacking v39: LSM: Use lsmcontext in
security_secid_to_secctx
- SAUCE: apparmor4.0.0 [18/87]: LSM stacking v39: LSM: Use lsmcontext in
security_lsmblob_to_secctx
- SAUCE: apparmor4.0.0 [19/87]: LSM stacking v39: LSM: Use lsmcontext in
security_inode_getsecctx
- SAUCE: apparmor4.0.0 [20/87]: LSM stacking v39: LSM: Use lsmcontext in
security_dentry_init_security
- SAUCE: apparmor4.0.0 [21/87]: LSM stacking v39: LSM:
security_lsmblob_to_secctx module selection
- SAUCE: apparmor4.0.0 [22/87]: LSM stacking v39: Audit: Create audit_stamp
structure
- SAUCE: apparmor4.0.0 [23/87]: LSM stacking v39: Audit: Allow multiple
records in an audit_buffer
- SAUCE: apparmor4.0.0 [24/87]: LSM stacking v39: Audit: Add record for
multiple task security contexts
- SAUCE: apparmor4.0.0 [25/87]: LSM stacking v39: audit: multiple subject lsm
values for netlabel
- SAUCE: apparmor4.0.0 [26/87]: LSM stacking v39: Audit: Add record for
multiple object contexts
- SAUCE: apparmor4.0.0 [27/87]: LSM stacking v39: LSM: Remove unused
lsmcontext_init()
- SAUCE: apparmor4.0.0 [28/87]: LSM stacking v39: LSM: Improve logic in
security_getprocattr
- SAUCE: apparmor4.0.0 [29/87]: LSM stacking v39: LSM: secctx provider check
on release
- SAUCE: apparmor4.0.0 [30/87]: LSM stacking v39: LSM: Single calls in
socket_getpeersec hooks
- SAUCE: apparmor4.0.0 [31/87]: LSM stacking v39: LSM: Exclusive secmark usage
- SAUCE: apparmor4.0.0 [32/87]: LSM stacking v39: LSM: Identify which LSM
handles the context string
- SAUCE: apparmor4.0.0 [33/87]: LSM stacking v39: AppArmor: Remove the
exclusive flag
- SAUCE: apparmor4.0.0 [34/87]: LSM stacking v39: LSM: Add mount opts blob
size tracking
- SAUCE: apparmor4.0.0 [35/87]: LSM stacking v39: LSM: allocate mnt_opts blobs
instead of module specific data
- SAUCE: apparmor4.0.0 [36/87]: LSM stacking v39: LSM: Infrastructure
management of the key security blob
- SAUCE: apparmor4.0.0 [37/87]: LSM stacking v39: LSM: Infrastructure
management of the mnt_opts security blob
- SAUCE: apparmor4.0.0 [38/87]: LSM stacking v39: LSM: Correct handling of
ENOSYS in inode_setxattr
- SAUCE: apparmor4.0.0 [39/87]: LSM stacking v39: LSM: Remove lsmblob
scaffolding
- SAUCE: apparmor4.0.0 [40/87]: LSM stacking v39: LSM: Allow reservation of
netlabel
- SAUCE: apparmor4.0.0 [41/87]: LSM stacking v39: LSM: restrict
security_cred_getsecid() to a single LSM
- SAUCE: apparmor4.0.0 [42/87]: LSM stacking v39: Smack: Remove
LSM_FLAG_EXCLUSIVE
- SAUCE: apparmor4.0.0 [65/87] v6.8 prompt:fixup interruptible
- SAUCE: apparmor4.0.0 [74/87]: apparmor: cleanup attachment perm lookup to
use lookup_perms()
- SAUCE: apparmor4.0.0 [75/87]: apparmor: remove redundant unconfined check.
- SAUCE: apparmor4.0.0 [76/87]: apparmor: switch signal mediation to using
RULE_MEDIATES
- SAUCE: apparmor4.0.0 [77/87]: apparmor: ensure labels with more than one
entry have correct flags
- SAUCE: apparmor4.0.0 [78/87]: apparmor: remove explicit restriction that
unconfined cannot use change_hat
- SAUCE: apparmor4.0.0 [79/87]: apparmor: cleanup: refactor file_perm() to
provide semantics of some checks
- SAUCE: apparmor4.0.0 [80/87]: apparmor: carry mediation check on label
- SAUCE: apparmor4.0.0 [81/87]: apparmor: convert easy uses of unconfined() to
label_mediates()
- SAUCE: apparmor4.0.0 [82/87]: apparmor: add additional flags to extended
permission.
- SAUCE: apparmor4.0.0 [83/87]: apparmor: add support for profiles to define
the kill signal
- SAUCE: apparmor4.0.0 [84/87]: apparmor: fix x_table_lookup when stacking is
not the first entry
- SAUCE: apparmor4.0.0 [85/87]: apparmor: allow profile to be transitioned
when a user ns is created
- SAUCE: apparmor4.0.0 [86/87]: apparmor: add ability to mediate caps with
policy state machine
- SAUCE: apparmor4.0.0 [87/87]: fixup notify
- [Config] updateconfigs following v6.8-rc2 rebase
[ Ubuntu: 6.8.0-2.2 ]
* noble/linux-unstable: 6.8.0-2.2 -proposed tracker (LP: #2051110)
* Miscellaneous Ubuntu changes
- [Config] toolchain update
- [Config] enable Rust
[ Ubuntu: 6.8.0-1.1 ]
* noble/linux-unstable: 6.8.0-1.1 -proposed tracker (LP: #2051102)
* Miscellaneous Ubuntu changes
- [packaging] move to v6.8-rc1
- [Config] updateconfigs following v6.8-rc1 rebase
- SAUCE: export file_close_fd() instead of close_fd_get_file()
- SAUCE: cpufreq: s/strlcpy/strscpy/
- debian/dkms-versions -- temporarily disable zfs dkms
- debian/dkms-versions -- temporarily disable ipu6 and isvsc dkms
- debian/dkms-versions -- temporarily disable v4l2loopback
[ Ubuntu: 6.8.0-0.0 ]
* Empty entry.
[ Ubuntu: 6.7.0-7.7 ]
* noble/linux-unstable: 6.7.0-7.7 -proposed tracker (LP: #2049357)
* Packaging resync (LP: #1786013)
- [Packaging] update variants
* Miscellaneous Ubuntu changes
- [Packaging] re-enable signing for s390x and ppc64el
[ Ubuntu: 6.7.0-6.6 ]
* Empty entry.
[ Ubuntu: 6.7.0-2.2 ]
* noble/linux: 6.7.0-2.2 -proposed tracker (LP: #2049182)
* Packaging resync (LP: #1786013)
- [Packaging] resync getabis
* Enforce RETPOLINE and SLS mitigrations (LP: #2046440)
- SAUCE: objtool: Make objtool check actually fatal upon fatal errors
- SAUCE: objtool: make objtool SLS validation fatal when building with
CONFIG_SLS=y
- SAUCE: objtool: make objtool RETPOLINE validation fatal when building with
CONFIG_RETPOLINE=y
- SAUCE: scripts: remove generating .o-ur objects
- [Packaging] Remove all custom retpoline-extract code
- Revert "UBUNTU: SAUCE: vga_set_mode -- avoid jump tables"
- Revert "UBUNTU: SAUCE: early/late -- annotate indirect calls in early/late
initialisation code"
- Revert "UBUNTU: SAUCE: apm -- annotate indirect calls within
firmware_restrict_branch_speculation_{start,end}"
* Miscellaneous Ubuntu changes
- [Packaging] temporarily disable riscv64 builds
- [Packaging] temporarily disable Rust dependencies on riscv64
[ Ubuntu: 6.7.0-1.1 ]
* noble/linux: 6.7.0-1.1 -proposed tracker (LP: #2048859)
* Packaging resync (LP: #1786013)
- [Packaging] update variants
- debian/dkms-versions -- update from kernel-versions (main/d2024.01.02)
* [UBUNTU 23.04] Regression: Ubuntu 23.04/23.10 do not include uvdevice
anymore (LP: #2048919)
- [Config] Enable S390_UV_UAPI (built-in)
* Support mipi camera on Intel Meteor Lake platform (LP: #2031412)
- SAUCE: iommu: intel-ipu: use IOMMU passthrough mode for Intel IPUs on Meteor
Lake
- SAUCE: platform/x86: int3472: Add handshake GPIO function
* [SRU][J/L/M] UBUNTU: [Packaging] Make WWAN driver a loadable module
(LP: #2033406)
- [Packaging] Make WWAN driver loadable modules
* usbip: error: failed to open /usr/share/hwdata//usb.ids (LP: #2039439)
- [Packaging] Make linux-tools-common depend on hwdata
* [Mediatek] mt8195-demo: enable CONFIG_MTK_IOMMU as module for multimedia and
PCIE peripherals (LP: #2036587)
- [Config] Enable CONFIG_MTK_IOMMU on arm64
* linux-*: please enable dm-verity kconfigs to allow MoK/db verified root
images (LP: #2019040)
- [Config] CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING=y
* kexec enable to load/kdump zstd compressed zimg (LP: #2037398)
- [Packaging] Revert arm64 image format to Image.gz
* Mantic minimized/minimal cloud images do not receive IP address during
provisioning; systemd regression with wait-online (LP: #2036968)
- [Config] Enable virtio-net as built-in to avoid race
* Make backlight module auto detect dell_uart_backlight (LP: #2008882)
- SAUCE: ACPI: video: Dell AIO UART backlight detection
* Linux 6.2 fails to reboot with current u-boot-nezha (LP: #2021364)
- [Config] Default to performance CPUFreq governor on riscv64
* Enable Nezha board (LP: #1975592)
- [Config] Build in D1 clock drivers on riscv64
- [Config] Enable CONFIG_SUN6I_RTC_CCU on riscv64
- [Config] Enable CONFIG_SUNXI_WATCHDOG on riscv64
- [Config] Disable SUN50I_DE2_BUS on riscv64
- [Config] Disable unneeded sunxi pinctrl drivers on riscv64
* Enable StarFive VisionFive 2 board (LP: #2013232)
- [Config] Enable CONFIG_PINCTRL_STARFIVE_JH7110_SYS on riscv64
- [Config] Enable CONFIG_STARFIVE_WATCHDOG on riscv64
* rcu_sched detected stalls on CPUs/tasks (LP: #1967130)
- [Config] Enable virtually mapped stacks on riscv64
* Check for changes relevant for security certifications (LP: #1945989)
- [Packaging] Add a new fips-checks script
* Installation support for SMARC RZ/G2L platform (LP: #2030525)
- [Config] build Renesas RZ/G2L USBPHY control driver statically
* Add support for kernels compiled with CONFIG_EFI_ZBOOT (LP: #2002226)
- [Config]: Turn on CONFIG_EFI_ZBOOT on ARM64
* Default module signing algo should be accelerated (LP: #2034061)
- [Config] Default module signing algo should be accelerated
* Miscellaneous Ubuntu changes
- [Config] annotations clean-up
[ Upstream Kernel Changes ]
* Rebase to v6.7
[ Ubuntu: 6.7.0-0.0 ]
* Empty entry
[ Ubuntu: 6.7.0-5.5 ]
* noble/linux-unstable: 6.7.0-5.5 -proposed tracker (LP: #2048118)
* Packaging resync (LP: #1786013)
- debian/dkms-versions -- update from kernel-versions (main/d2024.01.02)
* Miscellaneous Ubuntu changes
- [Packaging] re-enable Rust support
- [Packaging] temporarily disable riscv64 builds
[ Ubuntu: 6.7.0-4.4 ]
* noble/linux-unstable: 6.7.0-4.4 -proposed tracker (LP: #2047807)
* unconfined profile denies userns_create for chromium based processes
(LP: #1990064)
- [Config] disable CONFIG_SECURITY_APPARMOR_RESTRICT_USERNS
* apparmor restricts read access of user namespace mediation sysctls to root
(LP: #2040194)
- SAUCE: apparmor4.0.0 [69/69]: apparmor: open userns related sysctl so lxc
can check if restriction are in place
* AppArmor spams kernel log with assert when auditing (LP: #2040192)
- SAUCE: apparmor4.0.0 [68/69]: apparmor: fix request field from a prompt
reply that denies all access
* apparmor notification files verification (LP: #2040250)
- SAUCE: apparmor4.0.0 [67/69]: apparmor: fix notification header size
* apparmor oops when racing to retrieve a notification (LP: #2040245)
- SAUCE: apparmor4.0.0 [66/69]: apparmor: fix oops when racing to retrieve
notification
* update apparmor and LSM stacking patch set (LP: #2028253)
- SAUCE: apparmor4.0.0 [01/69]: add/use fns to print hash string hex value
- SAUCE: apparmor4.0.0 [02/69]: patch to provide compatibility with v2.x net
rules
- SAUCE: apparmor4.0.0 [03/69]: add unpriviled user ns mediation
- SAUCE: apparmor4.0.0 [04/69]: Add sysctls for additional controls of unpriv
userns restrictions
- SAUCE: apparmor4.0.0 [05/69]: af_unix mediation
- SAUCE: apparmor4.0.0 [06/69]: Add fine grained mediation of posix mqueues
- SAUCE: apparmor4.0.0 [07/69]: Stacking v38: LSM: Identify modules by more
than name
- SAUCE: apparmor4.0.0 [08/69]: Stacking v38: LSM: Add an LSM identifier for
external use
- SAUCE: apparmor4.0.0 [09/69]: Stacking v38: LSM: Identify the process
attributes for each module
- SAUCE: apparmor4.0.0 [10/69]: Stacking v38: LSM: Maintain a table of LSM
attribute data
- SAUCE: apparmor4.0.0 [11/69]: Stacking v38: proc: Use lsmids instead of lsm
names for attrs
- SAUCE: apparmor4.0.0 [12/69]: Stacking v38: integrity: disassociate
ima_filter_rule from security_audit_rule
- SAUCE: apparmor4.0.0 [13/69]: Stacking v38: LSM: Infrastructure management
of the sock security
- SAUCE: apparmor4.0.0 [14/69]: Stacking v38: LSM: Add the lsmblob data
structure.
- SAUCE: apparmor4.0.0 [15/69]: Stacking v38: LSM: provide lsm name and id
slot mappings
- SAUCE: apparmor4.0.0 [16/69]: Stacking v38: IMA: avoid label collisions with
stacked LSMs
- SAUCE: apparmor4.0.0 [17/69]: Stacking v38: LSM: Use lsmblob in
security_audit_rule_match
- SAUCE: apparmor4.0.0 [18/69]: Stacking v38: LSM: Use lsmblob in
security_kernel_act_as
- SAUCE: apparmor4.0.0 [19/69]: Stacking v38: LSM: Use lsmblob in
security_secctx_to_secid
- SAUCE: apparmor4.0.0 [20/69]: Stacking v38: LSM: Use lsmblob in
security_secid_to_secctx
- SAUCE: apparmor4.0.0 [21/69]: Stacking v38: LSM: Use lsmblob in
security_ipc_getsecid
- SAUCE: apparmor4.0.0 [22/69]: Stacking v38: LSM: Use lsmblob in
security_current_getsecid
- SAUCE: apparmor4.0.0 [23/69]: Stacking v38: LSM: Use lsmblob in
security_inode_getsecid
- SAUCE: apparmor4.0.0 [24/69]: Stacking v38: LSM: Use lsmblob in
security_cred_getsecid
- SAUCE: apparmor4.0.0 [25/69]: Stacking v38: LSM: Specify which LSM to
display
- SAUCE: apparmor4.0.0 [27/69]: Stacking v38: LSM: Ensure the correct LSM
context releaser
- SAUCE: apparmor4.0.0 [28/69]: Stacking v38: LSM: Use lsmcontext in
security_secid_to_secctx
- SAUCE: apparmor4.0.0 [29/69]: Stacking v38: LSM: Use lsmcontext in
security_inode_getsecctx
- SAUCE: apparmor4.0.0 [30/69]: Stacking v38: Use lsmcontext in
security_dentry_init_security
- SAUCE: apparmor4.0.0 [31/69]: Stacking v38: LSM: security_secid_to_secctx in
netlink netfilter
- SAUCE: apparmor4.0.0 [32/69]: Stacking v38: NET: Store LSM netlabel data in
a lsmblob
- SAUCE: apparmor4.0.0 [33/69]: Stacking v38: binder: Pass LSM identifier for
confirmation
- SAUCE: apparmor4.0.0 [34/69]: Stacking v38: LSM: security_secid_to_secctx
module selection
- SAUCE: apparmor4.0.0 [35/69]: Stacking v38: Audit: Keep multiple LSM data in
audit_names
- SAUCE: apparmor4.0.0 [36/69]: Stacking v38: Audit: Create audit_stamp
structure
- SAUCE: apparmor4.0.0 [37/69]: Stacking v38: LSM: Add a function to report
multiple LSMs
- SAUCE: apparmor4.0.0 [38/69]: Stacking v38: Audit: Allow multiple records in
an audit_buffer
- SAUCE: apparmor4.0.0 [39/69]: Stacking v38: Audit: Add record for multiple
task security contexts
- SAUCE: apparmor4.0.0 [40/69]: Stacking v38: audit: multiple subject lsm
values for netlabel
- SAUCE: apparmor4.0.0 [41/69]: Stacking v38: Audit: Add record for multiple
object contexts
- SAUCE: apparmor4.0.0 [42/69]: Stacking v38: netlabel: Use a struct lsmblob
in audit data
- SAUCE: apparmor4.0.0 [43/69]: Stacking v38: LSM: Removed scaffolding
function lsmcontext_init
- SAUCE: apparmor4.0.0 [44/69]: Stacking v38: AppArmor: Remove the exclusive
flag
- SAUCE: apparmor4.0.0 [45/69]: setup slab cache for audit data
- SAUCE: apparmor4.0.0 [46/69]: Improve debug print infrastructure
- SAUCE: apparmor4.0.0 [47/69]: add the ability for profiles to have a
learning cache
- SAUCE: apparmor4.0.0 [48/69]: enable userspace upcall for mediation
- SAUCE: apparmor4.0.0 [49/69]: prompt - lock down prompt interface
- SAUCE: apparmor4.0.0 [50/69]: prompt - allow controlling of caching of a
prompt response
- SAUCE: apparmor4.0.0 [51/69]: prompt - add refcount to audit_node in prep or
reuse and delete
- SAUCE: apparmor4.0.0 [52/69]: prompt - refactor to moving caching to
uresponse
- SAUCE: apparmor4.0.0 [53/69]: prompt - Improve debug statements
- SAUCE: apparmor4.0.0 [54/69]: prompt - fix caching
- SAUCE: apparmor4.0.0 [55/69]: prompt - rework build to use append fn, to
simplify adding strings
- SAUCE: apparmor4.0.0 [56/69]: prompt - refcount notifications
- SAUCE: apparmor4.0.0 [57/69]: prompt - add the ability to reply with a
profile name
- SAUCE: apparmor4.0.0 [58/69]: prompt - fix notification cache when updating
- SAUCE: apparmor4.0.0 [59/69]: prompt - add tailglob on name for cache
support
- SAUCE: apparmor4.0.0 [60/69]: prompt - allow profiles to set prompts as
interruptible
- SAUCE: apparmor4.0.0 [64/69]: advertise disconnected.path is available
- SAUCE: apparmor4.0.0 [65/69]: add io_uring mediation
* update apparmor and LSM stacking patch set (LP: #2028253) // [FFe]
apparmor-4.0.0-alpha2 for unprivileged user namespace restrictions in mantic
(LP: #2032602)
- SAUCE: apparmor4.0.0 [61/69]: prompt - add support for advanced filtering of
notifications
- SAUCE: apparmor4.0.0 [62/69]: userns - add the ability to reference a global
variable for a feature value
- SAUCE: apparmor4.0.0 [63/69]: userns - make it so special unconfined
profiles can mediate user namespaces
* udev fails to make prctl() syscall with apparmor=0 (as used by maas by
default) (LP: #2016908) // update apparmor and LSM stacking patch set
(LP: #2028253)
- SAUCE: apparmor4.0.0 [26/69]: Stacking v38: Fix prctl() syscall with
apparmor=0
* Fix RPL-U CPU C-state always keep at C3 when system run PHM with idle screen
on (LP: #2042385)
- SAUCE: r8169: Add quirks to enable ASPM on Dell platforms
* [Debian] autoreconstruct - Do not generate chmod -x for deleted files
(LP: #2045562)
- [Debian] autoreconstruct - Do not generate chmod -x for deleted files
* Disable Legacy TIOCSTI (LP: #2046192)
- [Config]: disable CONFIG_LEGACY_TIOCSTI
* Packaging resync (LP: #1786013)
- [Packaging] update variants
- [Packaging] remove helper scripts
- [Packaging] update annotations scripts
* Miscellaneous Ubuntu changes
- [Packaging] rules: Remove unused dkms make variables
- [Config] update annotations after rebase to v6.7-rc8
[ Upstream Kernel Changes ]
* Rebase to v6.7-rc8
[ Ubuntu: 6.7.0-3.3 ]
* noble/linux-unstable: 6.7.0-3.3 -proposed tracker (LP: #2046060)
* enable CONFIG_INTEL_TDX_HOST in linux >= 6.7 for noble (LP: #2046040)
- [Config] enable CONFIG_INTEL_TDX_HOST
* linux tools packages for derived kernels refuse to install simultaneously
due to libcpupower name collision (LP: #2035971)
- [Packaging] Statically link libcpupower into cpupower tool
* make lazy RCU a boot time option (LP: #2045492)
- SAUCE: rcu: Provide a boot time parameter to control lazy RCU
* Build failure if run in a console (LP: #2044512)
- [Packaging] Fix kernel module compression failures
* Turning COMPAT_32BIT_TIME off on arm64 (64k & derivatives) (LP: #2038582)
- [Config] y2038: Turn off COMPAT and COMPAT_32BIT_TIME on arm64 64k
* Turning COMPAT_32BIT_TIME off on riscv64 (LP: #2038584)
- [Config] y2038: Disable COMPAT_32BIT_TIME on riscv64
* Turning COMPAT_32BIT_TIME off on ppc64el (LP: #2038587)
- [Config] y2038: Disable COMPAT and COMPAT_32BIT_TIME on ppc64le
* [UBUNTU 23.04] Kernel config option missing for s390x PCI passthrough
(LP: #2042853)
- [Config] CONFIG_VFIO_PCI_ZDEV_KVM=y
* back-out zstd module compression automatic for backports (LP: #2045593)
- [Packaging] make ZSTD module compression conditional
* Miscellaneous Ubuntu changes
- [Packaging] Remove do_full_source variable
- [Packaging] Remove obsolete config handling
- [Packaging] Remove support for sub-flavors
- [Packaging] Remove old linux-libc-dev version hack
- [Packaging] Remove obsolete scripts
- [Packaging] Remove README.inclusion-list
- [Packaging] make $(stampdir)/stamp-build-perarch depend on build-arch
- [Packaging] Enable rootless builds
- [Packaging] Allow to run debian/rules without (fake)root
- [Packaging] remove unneeded trailing slash for INSTALL_MOD_PATH
- [Packaging] override KERNELRELEASE instead of KERNELVERSION
- [Config] update toolchain versions in annotations
- [Packaging] drop useless linux-doc
- [Packaging] scripts: Rewrite insert-ubuntu-changes in Python
- [Packaging] enable riscv64 builds
- [Packaging] remove the last sub-flavours bit
- [Packaging] check debian.env to determine do_libc_dev_package
- [Packaging] remove debian.*/variants
- [Packaging] remove do_libc_dev_package variable
- [Packaging] move linux-libc-dev.stub to debian/control.d/
- [Packaging] Update check to build linux-libc-dev to the source package name
- [Packaging] rules: Remove startnewrelease target
- [Packaging] Remove debian/commit-templates
- [Config] update annotations after rebase to v6.7-rc4
[ Upstream Kernel Changes ]
* Rebase to v6.7-rc4
[ Ubuntu: 6.7.0-2.2 ]
* noble/linux-unstable: 6.7.0-2.2 -proposed tracker (LP: #2045107)
* Miscellaneous Ubuntu changes
- [Packaging] re-enable Rust
- [Config] enable Rust in annotations
- [Packaging] Remove do_enforce_all variable
- [Config] disable Softlogic 6x10 capture card driver on armhf
- [Packaging] disable Rust support
- [Config] update annotations after rebase to v6.7-rc3
[ Upstream Kernel Changes ]
* Rebase to v6.7-rc3
[ Ubuntu: 6.7.0-1.1 ]
* noble/linux-unstable: 6.7.0-1.1 -proposed tracker (LP: #2044069)
* Packaging resync (LP: #1786013)
- [Packaging] update annotations scripts
- [Packaging] update helper scripts
* Miscellaneous Ubuntu changes
- [Config] update annotations after rebase to v6.7-rc2
[ Upstream Kernel Changes ]
* Rebase to v6.7-rc2
[ Ubuntu: 6.7.0-0.0 ]
* Empty entry
[ Ubuntu: 6.6.0-12.12 ]
* noble/linux-unstable: 6.6.0-12.12 -proposed tracker (LP: #2043664)
* Miscellaneous Ubuntu changes
- [Packaging] temporarily disable zfs dkms
[ Ubuntu: 6.6.0-11.11 ]
* noble/linux-unstable: 6.6.0-11.11 -proposed tracker (LP: #2043480)
* Packaging resync (LP: #1786013)
- [Packaging] resync git-ubuntu-log
- [Packaging] resync update-dkms-versions helper
- [Packaging] update variants
- debian/dkms-versions -- update from kernel-versions (main/d2023.11.14)
* Miscellaneous Ubuntu changes
- [Packaging] move to Noble
- [Config] toolchain version update
[ Ubuntu: 6.6.0-10.10 ]
* mantic/linux-unstable: 6.6.0-10.10 -proposed tracker (LP: #2043088)
* Bump arm64's CONFIG_NR_CPUS to 512 (LP: #2042897)
- [Config] Bump CONFIG_NR_CPUS to 512 for arm64
* Miscellaneous Ubuntu changes
- [Config] Include a note for the NR_CPUS setting on riscv64
- SAUCE: apparmor4.0.0 [83/83]: Fix inode_init for changed prototype
[ Ubuntu: 6.6.0-9.9 ]
* mantic/linux-unstable: 6.6.0-9.9 -proposed tracker (LP: #2041852)
* Switch IMA default hash to sha256 (LP: #2041735)
- [Config] Switch IMA_DEFAULT_HASH from sha1 to sha256
* apparmor restricts read access of user namespace mediation sysctls to root
(LP: #2040194)
- SAUCE: apparmor4.0.0 [82/82]: apparmor: open userns related sysctl so lxc
can check if restriction are in place
* AppArmor spams kernel log with assert when auditing (LP: #2040192)
- SAUCE: apparmor4.0.0 [81/82]: apparmor: fix request field from a prompt
reply that denies all access
* apparmor notification files verification (LP: #2040250)
- SAUCE: apparmor4.0.0 [80/82]: apparmor: fix notification header size
* apparmor oops when racing to retrieve a notification (LP: #2040245)
- SAUCE: apparmor4.0.0 [79/82]: apparmor: fix oops when racing to retrieve
notification
* Disable restricting unprivileged change_profile by default, due to LXD
latest/stable not yet compatible with this new apparmor feature
(LP: #2038567)
- SAUCE: apparmor4.0.0 [78/82]: apparmor: Make
apparmor_restrict_unprivileged_unconfined opt-in
* update apparmor and LSM stacking patch set (LP: #2028253)
- SAUCE: apparmor4.0.0 [01/82]: add/use fns to print hash string hex value
- SAUCE: apparmor4.0.0 [02/82]: rename SK_CTX() to aa_sock and make it an
inline fn
- SAUCE: apparmor4.0.0 [03/82]: patch to provide compatibility with v2.x net
rules
- SAUCE: apparmor4.0.0 [04/82]: add user namespace creation mediation
- SAUCE: apparmor4.0.0 [05/82]: Add sysctls for additional controls of unpriv
userns restrictions
- SAUCE: apparmor4.0.0 [06/82]: af_unix mediation
- SAUCE: apparmor4.0.0 [07/82]: Add fine grained mediation of posix mqueues
- SAUCE: apparmor4.0.0 [08/82]: Stacking v38: LSM: Identify modules by more
than name
- SAUCE: apparmor4.0.0 [09/82]: Stacking v38: LSM: Add an LSM identifier for
external use
- SAUCE: apparmor4.0.0 [10/82]: Stacking v38: LSM: Identify the process
attributes for each module
- SAUCE: apparmor4.0.0 [11/82]: Stacking v38: LSM: Maintain a table of LSM
attribute data
- SAUCE: apparmor4.0.0 [12/82]: Stacking v38: proc: Use lsmids instead of lsm
names for attrs
- SAUCE: apparmor4.0.0 [13/82]: Stacking v38: integrity: disassociate
ima_filter_rule from security_audit_rule
- SAUCE: apparmor4.0.0 [14/82]: Stacking v38: LSM: Infrastructure management
of the sock security
- SAUCE: apparmor4.0.0 [15/82]: Stacking v38: LSM: Add the lsmblob data
structure.
- SAUCE: apparmor4.0.0 [16/82]: Stacking v38: LSM: provide lsm name and id
slot mappings
- SAUCE: apparmor4.0.0 [17/82]: Stacking v38: IMA: avoid label collisions with
stacked LSMs
- SAUCE: apparmor4.0.0 [18/82]: Stacking v38: LSM: Use lsmblob in
security_audit_rule_match
- SAUCE: apparmor4.0.0 [19/82]: Stacking v38: LSM: Use lsmblob in
security_kernel_act_as
- SAUCE: apparmor4.0.0 [20/82]: Stacking v38: LSM: Use lsmblob in
security_secctx_to_secid
- SAUCE: apparmor4.0.0 [21/82]: Stacking v38: LSM: Use lsmblob in
security_secid_to_secctx
- SAUCE: apparmor4.0.0 [22/82]: Stacking v38: LSM: Use lsmblob in
security_ipc_getsecid
- SAUCE: apparmor4.0.0 [23/82]: Stacking v38: LSM: Use lsmblob in
security_current_getsecid
- SAUCE: apparmor4.0.0 [24/82]: Stacking v38: LSM: Use lsmblob in
security_inode_getsecid
- SAUCE: apparmor4.0.0 [25/82]: Stacking v38: LSM: Use lsmblob in
security_cred_getsecid
- SAUCE: apparmor4.0.0 [26/82]: Stacking v38: LSM: Specify which LSM to
display
- SAUCE: apparmor4.0.0 [28/82]: Stacking v38: LSM: Ensure the correct LSM
context releaser
- SAUCE: apparmor4.0.0 [29/82]: Stacking v38: LSM: Use lsmcontext in
security_secid_to_secctx
- SAUCE: apparmor4.0.0 [30/82]: Stacking v38: LSM: Use lsmcontext in
security_inode_getsecctx
- SAUCE: apparmor4.0.0 [31/82]: Stacking v38: Use lsmcontext in
security_dentry_init_security
- SAUCE: apparmor4.0.0 [32/82]: Stacking v38: LSM: security_secid_to_secctx in
netlink netfilter
- SAUCE: apparmor4.0.0 [33/82]: Stacking v38: NET: Store LSM netlabel data in
a lsmblob
- SAUCE: apparmor4.0.0 [34/82]: Stacking v38: binder: Pass LSM identifier for
confirmation
- SAUCE: apparmor4.0.0 [35/82]: Stacking v38: LSM: security_secid_to_secctx
module selection
- SAUCE: apparmor4.0.0 [36/82]: Stacking v38: Audit: Keep multiple LSM data in
audit_names
- SAUCE: apparmor4.0.0 [37/82]: Stacking v38: Audit: Create audit_stamp
structure
- SAUCE: apparmor4.0.0 [38/82]: Stacking v38: LSM: Add a function to report
multiple LSMs
- SAUCE: apparmor4.0.0 [39/82]: Stacking v38: Audit: Allow multiple records in
an audit_buffer
- SAUCE: apparmor4.0.0 [40/82]: Stacking v38: Audit: Add record for multiple
task security contexts
- SAUCE: apparmor4.0.0 [41/82]: Stacking v38: audit: multiple subject lsm
values for netlabel
- SAUCE: apparmor4.0.0 [42/82]: Stacking v38: Audit: Add record for multiple
object contexts
- SAUCE: apparmor4.0.0 [43/82]: Stacking v38: netlabel: Use a struct lsmblob
in audit data
- SAUCE: apparmor4.0.0 [44/82]: Stacking v38: LSM: Removed scaffolding
function lsmcontext_init
- SAUCE: apparmor4.0.0 [45/82]: Stacking v38: AppArmor: Remove the exclusive
flag
- SAUCE: apparmor4.0.0 [46/82]: combine common_audit_data and
apparmor_audit_data
- SAUCE: apparmor4.0.0 [47/82]: setup slab cache for audit data
- SAUCE: apparmor4.0.0 [48/82]: rename audit_data->label to
audit_data->subj_label
- SAUCE: apparmor4.0.0 [49/82]: pass cred through to audit info.
- SAUCE: apparmor4.0.0 [50/82]: Improve debug print infrastructure
- SAUCE: apparmor4.0.0 [51/82]: add the ability for profiles to have a
learning cache
- SAUCE: apparmor4.0.0 [52/82]: enable userspace upcall for mediation
- SAUCE: apparmor4.0.0 [53/82]: cache buffers on percpu list if there is lock
contention
- SAUCE: apparmor4.0.0 [54/82]: advertise availability of exended perms
- SAUCE: apparmor4.0.0 [56/82]: cleanup: provide separate audit messages for
file and policy checks
- SAUCE: apparmor4.0.0 [57/82]: prompt - lock down prompt interface
- SAUCE: apparmor4.0.0 [58/82]: prompt - ref count pdb
- SAUCE: apparmor4.0.0 [59/82]: prompt - allow controlling of caching of a
prompt response
- SAUCE: apparmor4.0.0 [60/82]: prompt - add refcount to audit_node in prep or
reuse and delete
- SAUCE: apparmor4.0.0 [61/82]: prompt - refactor to moving caching to
uresponse
- SAUCE: apparmor4.0.0 [62/82]: prompt - Improve debug statements
- SAUCE: apparmor4.0.0 [63/82]: prompt - fix caching
- SAUCE: apparmor4.0.0 [64/82]: prompt - rework build to use append fn, to
simplify adding strings
- SAUCE: apparmor4.0.0 [65/82]: prompt - refcount notifications
- SAUCE: apparmor4.0.0 [66/82]: prompt - add the ability to reply with a
profile name
- SAUCE: apparmor4.0.0 [67/82]: prompt - fix notification cache when updating
- SAUCE: apparmor4.0.0 [68/82]: prompt - add tailglob on name for cache
support
- SAUCE: apparmor4.0.0 [69/82]: prompt - allow profiles to set prompts as
interruptible
- SAUCE: apparmor4.0.0 [74/82]: advertise disconnected.path is available
- SAUCE: apparmor4.0.0 [75/82]: fix invalid reference on profile->disconnected
- SAUCE: apparmor4.0.0 [76/82]: add io_uring mediation
- SAUCE: apparmor4.0.0 [77/82]: apparmor: Fix regression in mount mediation
* update apparmor and LSM stacking patch set (LP: #2028253) // [FFe]
apparmor-4.0.0-alpha2 for unprivileged user namespace restrictions in mantic
(LP: #2032602)
- SAUCE: apparmor4.0.0 [70/82]: prompt - add support for advanced filtering of
notifications
- SAUCE: apparmor4.0.0 [71/82]: userns - add the ability to reference a global
variable for a feature value
- SAUCE: apparmor4.0.0 [72/82]: userns - make it so special unconfined
profiles can mediate user namespaces
- SAUCE: apparmor4.0.0 [73/82]: userns - allow restricting unprivileged
change_profile
* LSM stacking and AppArmor for 6.2: additional fixes (LP: #2017903) // update
apparmor and LSM stacking patch set (LP: #2028253)
- SAUCE: apparmor4.0.0 [55/82]: fix profile verification and enable it
* udev fails to make prctl() syscall with apparmor=0 (as used by maas by
default) (LP: #2016908) // update apparmor and LSM stacking patch set
(LP: #2028253)
- SAUCE: apparmor4.0.0 [27/82]: Stacking v38: Fix prctl() syscall with
apparmor=0
* Miscellaneous Ubuntu changes
- [Config] SECURITY_APPARMOR_RESTRICT_USERNS=y
[ Ubuntu: 6.6.0-8.8 ]
* mantic/linux-unstable: 6.6.0-8.8 -proposed tracker (LP: #2040243)
* Miscellaneous Ubuntu changes
- abi: gc reference to phy-rtk-usb2/phy-rtk-usb3
[ Ubuntu: 6.6.0-7.7 ]
* mantic/linux-unstable: 6.6.0-7.7 -proposed tracker (LP: #2040147)
* test_021_aslr_dapper_libs from ubuntu_qrt_kernel_security failed on K-5.19 /
J-OEM-6.1 / J-6.2 AMD64 (LP: #1983357)
- [Config]: set ARCH_MMAP_RND_{COMPAT_, }BITS to the maximum
* Miscellaneous Ubuntu changes
- [Config] updateconfigs following v6.6-rc7 rebase
[ Ubuntu: 6.6.0-6.6 ]
* mantic/linux-unstable: 6.6.0-6.6 -proposed tracker (LP: #2039780)
* Miscellaneous Ubuntu changes
- rebase on v6.6-rc6
- [Config] updateconfigs following v6.6-rc6 rebase
[ Upstream Kernel Changes ]
* Rebase to v6.6-rc6
[ Ubuntu: 6.6.0-5.5 ]
* mantic/linux-unstable: 6.6.0-5.5 -proposed tracker (LP: #2038899)
* Miscellaneous Ubuntu changes
- rebase on v6.6-rc5
- [Config] updateconfigs following v6.6-rc5 rebase
[ Upstream Kernel Changes ]
* Rebase to v6.6-rc5
[ Ubuntu: 6.6.0-4.4 ]
* mantic/linux-unstable: 6.6.0-4.4 -proposed tracker (LP: #2038423)
* Miscellaneous Ubuntu changes
- rebase on v6.6-rc4
[ Upstream Kernel Changes ]
* Rebase to v6.6-rc4
[ Ubuntu: 6.6.0-3.3 ]
* mantic/linux-unstable: 6.6.0-3.3 -proposed tracker (LP: #2037622)
* Miscellaneous Ubuntu changes
- [Config] updateconfigs following v6.6-rc3 rebase
* Miscellaneous upstream changes
- Revert "UBUNTU: SAUCE: enforce rust availability only on x86_64"
- arm64: rust: Enable Rust support for AArch64
- arm64: rust: Enable PAC support for Rust.
- arm64: Restrict Rust support to little endian only.
[ Ubuntu: 6.6.0-2.2 ]
* Miscellaneous upstream changes
- UBUBNTU: [Config] build all COMEDI drivers as modules
[ Ubuntu: 6.6.0-1.1 ]
* Miscellaneous Ubuntu changes
- [Packaging] move linux to linux-unstable
- [Packaging] rebase on v6.6-rc1
- [Config] updateconfigs following v6.6-rc1 rebase
- [packaging] skip ABI, modules and retpoline checks
- update dropped.txt
- [Config] SHIFT_FS FTBFS with Linux 6.6, disable it
- [Config] DELL_UART_BACKLIGHT FTBFS with Linux 6.6, disable it
- [Packaging] debian/dkms-versions: temporarily disable dkms
- [Packaging] temporarily disable signing for s390x
[ Upstream Kernel Changes ]
* Rebase to v6.6-rc1
[ Ubuntu: 6.6.0-0.0 ]
* Empty entry
[ Ubuntu: 6.8.0-1000.0 ]
* Empty entry
Date: 2024-05-01 18:59:11.517679+00:00
Changed-By: Ian May <ianm at nvidia.com>
Signed-By: Andy Whitcroft <apw at canonical.com>
https://launchpad.net/ubuntu/+source/linux-nvidia-6.8/6.8.0-1006.6~22.04.2
-------------- next part --------------
Sorry, changesfile not available.
More information about the jammy-changes
mailing list