[ubuntu/noble-proposed] linux-nvidia 6.8.0-1002.2 (Accepted)
Andy Whitcroft
apw at canonical.com
Mon Mar 25 21:25:35 UTC 2024
linux-nvidia (6.8.0-1002.2) noble; urgency=medium
* noble/linux-nvidia: 6.8.0-1002.2 -proposed tracker (LP: #2058266)
[ Ubuntu: 6.8.0-20.20 ]
* noble/linux: 6.8.0-20.20 -proposed tracker (LP: #2058221)
* Noble update: v6.8.1 upstream stable release (LP: #2058224)
- x86/mmio: Disable KVM mitigation when X86_FEATURE_CLEAR_CPU_BUF is set
- Documentation/hw-vuln: Add documentation for RFDS
- x86/rfds: Mitigate Register File Data Sampling (RFDS)
- KVM/x86: Export RFDS_NO and RFDS_CLEAR to guests
- Linux 6.8.1
* Autopkgtest failures on amd64 (LP: #2048768)
- [Packaging] update to clang-18
* Miscellaneous Ubuntu changes
- SAUCE: apparmor4.0.0: LSM stacking v39: fix build error with
CONFIG_SECURITY=n
- [Config] amd64: MITIGATION_RFDS=y
[ Ubuntu: 6.8.0-19.19 ]
* noble/linux: 6.8.0-19.19 -proposed tracker (LP: #2057910)
* Miscellaneous Ubuntu changes
- [Packaging] re-introduce linux-doc as an empty package
[ Ubuntu: 6.8.0-18.18 ]
* noble/linux: 6.8.0-18.18 -proposed tracker (LP: #2057456)
* Miscellaneous Ubuntu changes
- [Packaging] drop dependency on libclang-17
[ Ubuntu: 6.8.0-17.17 ]
* noble/linux: 6.8.0-17.17 -proposed tracker (LP: #2056745)
* Miscellaneous upstream changes
- Revert "UBUNTU: [Packaging] Add debian/control sanity check"
[ Ubuntu: 6.8.0-16.16 ]
* noble/linux: 6.8.0-16.16 -proposed tracker (LP: #2056738)
* left-over ceph debugging printks (LP: #2056616)
- Revert "UBUNTU: SAUCE: ceph: make sure all the files successfully put before
unmounting"
* qat: Improve error recovery flows (LP: #2056354)
- crypto: qat - add heartbeat error simulator
- crypto: qat - disable arbitration before reset
- crypto: qat - update PFVF protocol for recovery
- crypto: qat - re-enable sriov after pf reset
- crypto: qat - add fatal error notification
- crypto: qat - add auto reset on error
- crypto: qat - limit heartbeat notifications
- crypto: qat - improve aer error reset handling
- crypto: qat - change SLAs cleanup flow at shutdown
- crypto: qat - resolve race condition during AER recovery
- Documentation: qat: fix auto_reset section
* update apparmor and LSM stacking patch set (LP: #2028253)
- SAUCE: apparmor4.0.0 [01/87]: LSM stacking v39: integrity: disassociate
ima_filter_rule from security_audit_rule
- SAUCE: apparmor4.0.0 [02/87]: LSM stacking v39: SM: Infrastructure
management of the sock security
- SAUCE: apparmor4.0.0 [03/87]: LSM stacking v39: LSM: Add the lsmblob data
structure.
- SAUCE: apparmor4.0.0 [04/87]: LSM stacking v39: IMA: avoid label collisions
with stacked LSMs
- SAUCE: apparmor4.0.0 [05/87]: LSM stacking v39: LSM: Use lsmblob in
security_audit_rule_match
- SAUCE: apparmor4.0.0 [06/87]: LSM stacking v39: LSM: Add lsmblob_to_secctx
hook
- SAUCE: apparmor4.0.0 [07/87]: LSM stacking v39: Audit: maintain an lsmblob
in audit_context
- SAUCE: apparmor4.0.0 [08/87]: LSM stacking v39: LSM: Use lsmblob in
security_ipc_getsecid
- SAUCE: apparmor4.0.0 [09/87]: LSM stacking v39: Audit: Update shutdown LSM
data
- SAUCE: apparmor4.0.0 [10/87]: LSM stacking v39: LSM: Use lsmblob in
security_current_getsecid
- SAUCE: apparmor4.0.0 [11/87]: LSM stacking v39: LSM: Use lsmblob in
security_inode_getsecid
- SAUCE: apparmor4.0.0 [12/87]: LSM stacking v39: Audit: use an lsmblob in
audit_names
- SAUCE: apparmor4.0.0 [13/87]: LSM stacking v39: LSM: Create new
security_cred_getlsmblob LSM hook
- SAUCE: apparmor4.0.0 [14/87]: LSM stacking v39: Audit: Change context data
from secid to lsmblob
- SAUCE: apparmor4.0.0 [15/87]: LSM stacking v39: Netlabel: Use lsmblob for
audit data
- SAUCE: apparmor4.0.0 [16/87]: LSM stacking v39: LSM: Ensure the correct LSM
context releaser
- SAUCE: apparmor4.0.0 [17/87]: LSM stacking v39: LSM: Use lsmcontext in
security_secid_to_secctx
- SAUCE: apparmor4.0.0 [18/87]: LSM stacking v39: LSM: Use lsmcontext in
security_lsmblob_to_secctx
- SAUCE: apparmor4.0.0 [19/87]: LSM stacking v39: LSM: Use lsmcontext in
security_inode_getsecctx
- SAUCE: apparmor4.0.0 [20/87]: LSM stacking v39: LSM: Use lsmcontext in
security_dentry_init_security
- SAUCE: apparmor4.0.0 [21/87]: LSM stacking v39: LSM:
security_lsmblob_to_secctx module selection
- SAUCE: apparmor4.0.0 [22/87]: LSM stacking v39: Audit: Create audit_stamp
structure
- SAUCE: apparmor4.0.0 [23/87]: LSM stacking v39: Audit: Allow multiple
records in an audit_buffer
- SAUCE: apparmor4.0.0 [24/87]: LSM stacking v39: Audit: Add record for
multiple task security contexts
- SAUCE: apparmor4.0.0 [25/87]: LSM stacking v39: audit: multiple subject lsm
values for netlabel
- SAUCE: apparmor4.0.0 [26/87]: LSM stacking v39: Audit: Add record for
multiple object contexts
- SAUCE: apparmor4.0.0 [27/87]: LSM stacking v39: LSM: Remove unused
lsmcontext_init()
- SAUCE: apparmor4.0.0 [28/87]: LSM stacking v39: LSM: Improve logic in
security_getprocattr
- SAUCE: apparmor4.0.0 [29/87]: LSM stacking v39: LSM: secctx provider check
on release
- SAUCE: apparmor4.0.0 [31/87]: LSM stacking v39: LSM: Exclusive secmark usage
- SAUCE: apparmor4.0.0 [32/87]: LSM stacking v39: LSM: Identify which LSM
handles the context string
- SAUCE: apparmor4.0.0 [33/87]: LSM stacking v39: AppArmor: Remove the
exclusive flag
- SAUCE: apparmor4.0.0 [34/87]: LSM stacking v39: LSM: Add mount opts blob
size tracking
- SAUCE: apparmor4.0.0 [35/87]: LSM stacking v39: LSM: allocate mnt_opts blobs
instead of module specific data
- SAUCE: apparmor4.0.0 [36/87]: LSM stacking v39: LSM: Infrastructure
management of the key security blob
- SAUCE: apparmor4.0.0 [37/87]: LSM stacking v39: LSM: Infrastructure
management of the mnt_opts security blob
- SAUCE: apparmor4.0.0 [38/87]: LSM stacking v39: LSM: Correct handling of
ENOSYS in inode_setxattr
- SAUCE: apparmor4.0.0 [39/87]: LSM stacking v39: LSM: Remove lsmblob
scaffolding
- SAUCE: apparmor4.0.0 [40/87]: LSM stacking v39: LSM: Allow reservation of
netlabel
- SAUCE: apparmor4.0.0 [41/87]: LSM stacking v39: LSM: restrict
security_cred_getsecid() to a single LSM
- SAUCE: apparmor4.0.0 [42/87]: LSM stacking v39: Smack: Remove
LSM_FLAG_EXCLUSIVE
- SAUCE: apparmor4.0.0 [43/87]: LSM stacking v39: UBUNTU: SAUCE: apparmor4.0.0
[12/95]: add/use fns to print hash string hex value
- SAUCE: apparmor4.0.0 [44/87]: patch to provide compatibility with v2.x net
rules
- SAUCE: apparmor4.0.0 [45/87]: add unpriviled user ns mediation
- SAUCE: apparmor4.0.0 [46/87]: Add sysctls for additional controls of unpriv
userns restrictions
- SAUCE: apparmor4.0.0 [47/87]: af_unix mediation
- SAUCE: apparmor4.0.0 [48/87]: Add fine grained mediation of posix mqueues
- SAUCE: apparmor4.0.0 [49/87]: setup slab cache for audit data
- SAUCE: apparmor4.0.0 [50/87]: Improve debug print infrastructure
- SAUCE: apparmor4.0.0 [51/87]: add the ability for profiles to have a
learning cache
- SAUCE: apparmor4.0.0 [52/87]: enable userspace upcall for mediation
- SAUCE: apparmor4.0.0 [53/87]: prompt - lock down prompt interface
- SAUCE: apparmor4.0.0 [54/87]: prompt - allow controlling of caching of a
prompt response
- SAUCE: apparmor4.0.0 [55/87]: prompt - add refcount to audit_node in prep or
reuse and delete
- SAUCE: apparmor4.0.0 [56/87]: prompt - refactor to moving caching to
uresponse
- SAUCE: apparmor4.0.0 [57/87]: prompt - Improve debug statements
- SAUCE: apparmor4.0.0 [58/87]: prompt - fix caching
- SAUCE: apparmor4.0.0 [59/87]: prompt - rework build to use append fn, to
simplify adding strings
- SAUCE: apparmor4.0.0 [60/87]: prompt - refcount notifications
- SAUCE: apparmor4.0.0 [61/87]: prompt - add the ability to reply with a
profile name
- SAUCE: apparmor4.0.0 [62/87]: prompt - fix notification cache when updating
- SAUCE: apparmor4.0.0 [63/87]: prompt - add tailglob on name for cache
support
- SAUCE: apparmor4.0.0 [64/87]: prompt - allow profiles to set prompts as
interruptible
- SAUCE: apparmor4.0.0 [65/87] v6.8 prompt:fixup interruptible
- SAUCE: apparmor4.0.0 [69/87]: add io_uring mediation
- SAUCE: apparmor4.0.0 [70/87]: apparmor: fix oops when racing to retrieve
notification
- SAUCE: apparmor4.0.0 [71/87]: apparmor: fix notification header size
- SAUCE: apparmor4.0.0 [72/87]: apparmor: fix request field from a prompt
reply that denies all access
- SAUCE: apparmor4.0.0 [73/87]: apparmor: open userns related sysctl so lxc
can check if restriction are in place
- SAUCE: apparmor4.0.0 [74/87]: apparmor: cleanup attachment perm lookup to
use lookup_perms()
- SAUCE: apparmor4.0.0 [75/87]: apparmor: remove redundant unconfined check.
- SAUCE: apparmor4.0.0 [76/87]: apparmor: switch signal mediation to using
RULE_MEDIATES
- SAUCE: apparmor4.0.0 [77/87]: apparmor: ensure labels with more than one
entry have correct flags
- SAUCE: apparmor4.0.0 [78/87]: apparmor: remove explicit restriction that
unconfined cannot use change_hat
- SAUCE: apparmor4.0.0 [79/87]: apparmor: cleanup: refactor file_perm() to
provide semantics of some checks
- SAUCE: apparmor4.0.0 [80/87]: apparmor: carry mediation check on label
- SAUCE: apparmor4.0.0 [81/87]: apparmor: convert easy uses of unconfined() to
label_mediates()
- SAUCE: apparmor4.0.0 [82/87]: apparmor: add additional flags to extended
permission.
- SAUCE: apparmor4.0.0 [83/87]: apparmor: add support for profiles to define
the kill signal
- SAUCE: apparmor4.0.0 [84/87]: apparmor: fix x_table_lookup when stacking is
not the first entry
- SAUCE: apparmor4.0.0 [85/87]: apparmor: allow profile to be transitioned
when a user ns is created
- SAUCE: apparmor4.0.0 [86/87]: apparmor: add ability to mediate caps with
policy state machine
- SAUCE: apparmor4.0.0 [87/87]: fixup notify
- [Config] disable CONFIG_SECURITY_APPARMOR_RESTRICT_USERNS
* update apparmor and LSM stacking patch set (LP: #2028253) // [FFe]
apparmor-4.0.0-alpha2 for unprivileged user namespace restrictions in mantic
(LP: #2032602)
- SAUCE: apparmor4.0.0 [66/87]: prompt - add support for advanced filtering of
notifications
- SAUCE: apparmor4.0.0 [67/87]: userns - add the ability to reference a global
variable for a feature value
- SAUCE: apparmor4.0.0 [68/87]: userns - make it so special unconfined
profiles can mediate user namespaces
* Enable lowlatency settings in the generic kernel (LP: #2051342)
- [Config] enable low-latency settings
* hwmon: (coretemp) Fix core count limitation (LP: #2056126)
- hwmon: (coretemp) Introduce enum for attr index
- hwmon: (coretemp) Remove unnecessary dependency of array index
- hwmon: (coretemp) Replace sensor_device_attribute with device_attribute
- hwmon: (coretemp) Remove redundant pdata->cpu_map[]
- hwmon: (coretemp) Abstract core_temp helpers
- hwmon: (coretemp) Split package temp_data and core temp_data
- hwmon: (coretemp) Remove redundant temp_data->is_pkg_data
- hwmon: (coretemp) Use dynamic allocated memory for core temp_data
* Miscellaneous Ubuntu changes
- [Config] Disable CONFIG_CRYPTO_DEV_QAT_ERROR_INJECTION
- [Packaging] remove debian/scripts/misc/arch-has-odm-enabled.sh
- rebase on v6.8
- [Config] toolchain version update
* Miscellaneous upstream changes
- crypto: qat - add fatal error notify method
* Rebase on v6.8
[ Ubuntu: 6.8.0-15.15 ]
* noble/linux: 6.8.0-15.15 -proposed tracker (LP: #2055871)
* Miscellaneous Ubuntu changes
- rebase on v6.8-rc7
* Miscellaneous upstream changes
- Revert "UBUNTU: [Packaging] Transition laptop-23.10 to generic"
* Rebase on v6.8-rc7
[ Ubuntu: 6.8.0-14.14 ]
* noble/linux: 6.8.0-14.14 -proposed tracker (LP: #2055551)
* Please change CONFIG_CONSOLE_LOGLEVEL_QUIET to 3 (LP: #2049390)
- [Config] reduce verbosity when booting in quiet mode
* linux: please move erofs.ko (CONFIG_EROFS for EROFS support) from linux-
modules-extra to linux-modules (LP: #2054809)
- UBUNTU [Packaging]: Include erofs in linux-modules instead of linux-modules-
extra
* linux: please move dmi-sysfs.ko (CONFIG_DMI_SYSFS for SMBIOS support) from
linux-modules-extra to linux-modules (LP: #2045561)
- [Packaging] Move dmi-sysfs.ko into linux-modules
* Enable CONFIG_INTEL_IOMMU_DEFAULT_ON and
CONFIG_INTEL_IOMMU_SCALABLE_MODE_DEFAULT_ON (LP: #1951440)
- [Config] enable Intel DMA remapping by default
* disable Intel DMA remapping by default (LP: #1971699)
- [Config] update tracking bug for CONFIG_INTEL_IOMMU_DEFAULT_ON
* Packaging resync (LP: #1786013)
- debian.master/dkms-versions -- update from kernel-versions
(main/d2024.02.29)
* Miscellaneous Ubuntu changes
- SAUCE: modpost: Replace 0-length array with flex-array member
- [packaging] do not include debian/ directory in a binary package
- [packaging] remove debian/stamps/keep-dir
[ Ubuntu: 6.8.0-13.13 ]
* noble/linux: 6.8.0-13.13 -proposed tracker (LP: #2055421)
* Packaging resync (LP: #1786013)
- debian.master/dkms-versions -- update from kernel-versions
(main/d2024.02.29)
* Miscellaneous Ubuntu changes
- rebase on v6.8-rc6
- [Config] updateconfifs following v6.8-rc6 rebase
* Rebase on v6.8-rc6
[ Ubuntu: 6.8.0-12.12 ]
* linux-tools-common: man page of usbip[d] is misplaced (LP: #2054094)
- [Packaging] rules: Put usbip manpages in the correct directory
* Validate connection interval to pass Bluetooth Test Suite (LP: #2052005)
- Bluetooth: Enforce validation on max value of connection interval
* Turning COMPAT_32BIT_TIME off on s390x (LP: #2038583)
- [Config] Turn off 31-bit COMPAT on s390x
* Don't produce linux-source binary package (LP: #2043994)
- [Packaging] Add debian/control sanity check
* Don't produce linux-*-source-<version> package (LP: #2052439)
- [Packaging] Move linux-source package stub to debian/control.d
- [Packaging] Build linux-source package only for the main kernel
* Don't produce linux-*-cloud-tools-common, linux-*-tools-common and
linux-*-tools-host binary packages (LP: #2048183)
- [Packaging] Move indep tools package stubs to debian/control.d
- [Packaging] Build indep tools packages only for the main kernel
* Enable CONFIG_INTEL_IOMMU_DEFAULT_ON and
CONFIG_INTEL_IOMMU_SCALABLE_MODE_DEFAULT_ON (LP: #1951440)
- [Config] enable Intel DMA remapping by default
* disable Intel DMA remapping by default (LP: #1971699)
- [Config] update tracking bug for CONFIG_INTEL_IOMMU_DEFAULT_ON
* Miscellaneous Ubuntu changes
- [Packaging] Transition laptop-23.10 to generic
Date: 2024-03-21 16:28:09.307310+00:00
Changed-By: Ian May <ian.may at canonical.com>
Signed-By: Andy Whitcroft <apw at canonical.com>
https://launchpad.net/ubuntu/+source/linux-nvidia/6.8.0-1002.2
-------------- next part --------------
Sorry, changesfile not available.
More information about the noble-changes
mailing list