[Bug 1993133] Re: kinetic/linux-raspi: 5.19.0-1004.10 -proposed tracker
Launchpad Bug Tracker
1993133 at bugs.launchpad.net
Tue Oct 18 13:00:13 UTC 2022
This bug was fixed in the package linux-raspi - 5.19.0-1004.10
---------------
linux-raspi (5.19.0-1004.10) kinetic; urgency=medium
* kinetic/linux-raspi: 5.19.0-1004.10 -proposed tracker (LP: #1993133)
* armhf kernel compiled with gcc-12 fails to boot on pi 3/2 (LP: #1993120)
- [Packaging] raspi: Use gcc-11 for armhf
- [Config] raspi: updateconfigs for gcc-11 for armhf
[ Ubuntu: 5.19.0-21.21 ]
* kinetic/linux: 5.19.0-21.21 -proposed tracker (LP: #1992639)
* cannot change mount namespace (LP: #1991691)
- SAUCE: apparmor: Fix getaatr mediation causing snap failures
* Kernel regresses openjdk on riscv64 (LP: #1992484)
- SAUCE: Revert "riscv: mmap with PROT_WRITE but no PROT_READ is invalid"
[ Ubuntu: 5.19.0-20.20 ]
* kinetic/linux: 5.19.0-20.20 -proposed tracker (LP: #1992408)
* Packaging resync (LP: #1786013)
- debian/dkms-versions -- update from kernel-versions (main/master)
* Kinetic kernels 5.19.0-18/19-generic won't boot on Intel 11th/12th gen
(LP: #1991704)
- drm/i915: fix null pointer dereference
* rcu_sched detected stalls on CPUs/tasks (LP: #1967130)
- [Config] Disable VMAP_STACK on riscv64
* Disable sv57 as the userspace is not ready (LP: #1991790)
- SAUCE: riscv: mm: Force disable sv57
* earlyconsole prints question marks on 5.19.0-1002-generic (LP: #1988984)
- [Config] Set CONFIG_PWM_SIFIVE=m for riscv64
* RCU stalls (LP: #1991951)
- [Config] Harmonize RCU_CPU_STALL_TIMEOUT
* backport dkms fixes to build modules correctly for hwe-5.19+ kernels with
custom compiler (LP: #1991664)
- [Packaging] use versioned gcc-12
- [Packaging] Update configs with versioned compiler version
* FTBFS on kinetic (LP: #1990964)
- SAUCE: uapi: Fixup strace compile error
* CVE-2022-40768
- scsi: stex: Properly zero out the passthrough command structure
* [22.10 FEAT] zKVM: Crypto Passthrough Hotplug - kernel part (LP: #1852741)
- s390/vfio-ap: use new AP bus interface to search for queue devices
- s390/vfio-ap: move probe and remove callbacks to vfio_ap_ops.c
- s390/vfio-ap: manage link between queue struct and matrix mdev
- s390/vfio-ap: introduce shadow APCB
- s390/vfio-ap: refresh guest's APCB by filtering AP resources assigned to
mdev
- s390/vfio-ap: allow assignment of unavailable AP queues to mdev device
- s390/vfio-ap: rename matrix_dev->lock mutex to matrix_dev->mdevs_lock
- s390/vfio-ap: introduce new mutex to control access to the KVM pointer
- s390/vfio-ap: use proper locking order when setting/clearing KVM pointer
- s390/vfio-ap: prepare for dynamic update of guest's APCB on assign/unassign
- s390/vfio-ap: prepare for dynamic update of guest's APCB on queue
probe/remove
- s390/vfio-ap: allow hot plug/unplug of AP devices when assigned/unassigned
- s390/vfio-ap: hot plug/unplug of AP devices when probed/removed
- s390/vfio-ap: reset queues after adapter/domain unassignment
- s390/vfio-ap: implement in-use callback for vfio_ap driver
- s390/vfio-ap: sysfs attribute to display the guest's matrix
- s390/vfio-ap: handle config changed and scan complete notification
- s390/vfio-ap: update docs to include dynamic config support
- s390/Docs: new doc describing lock usage by the vfio_ap device driver
- MAINTAINERS: pick up all vfio_ap docs for VFIO AP maintainers
linux-raspi (5.19.0-1003.7) kinetic; urgency=medium
* kinetic/linux-raspi: 5.19.0-1003.7 -proposed tracker (LP: #1991799)
* Packaging resync (LP: #1786013)
- debian/dkms-versions -- update from kernel-versions (main/master)
* Please enable CONFIG_SQUASHFS_DECOMP_MULTI_PERCPU (LP: #1980861)
- [Config] raspi: Switch from DECOMP_SINGLE to DECOMP_MULTI_PERCPU
* kinetic: apply new apparmor and LSM stacking patch set (LP: #1989983)
- [Config] raspi: update configs after apply new apparmor patch set
* No HDMI sound output from alsa in server (no KMS) (LP: #1991254)
- staging: bcm2835-audio: Find compatible firmware node
- staging: bcm2835-audio: Fix firmware node refcounting
- staging: bcm2835-audio: Log errors in case of firmware query failures
- staging: bcm2835-audio: Fix unused enable_hdmi module parameter
- staging: bcm2835-audio: Fix unused enable_headphones module parameter
* Essential staging modules are unsigned (LP: #1968834)
- [Packaging] raspi: Add signature-inclusion list
* Miscellaneous upstream changes
- ARM: dts: Don't enable the 8250 UART on CM4S
[ Ubuntu: 5.19.0-19.19 ]
* kinetic/linux: 5.19.0-19.19 -proposed tracker (LP: #1990960)
* kinetic: apply new apparmor and LSM stacking patch set (LP: #1989983)
- Revert "Revert "Revert "UBUNTU: SAUCE: LSM: Specify which LSM to display
(using struct cred as input)"""
- Revert "Revert "Revert "UBUNTU: SAUCE: apparmor: Fix build error, make sk
parameter const"""
- Revert "Revert "Revert "UBUNTU: SAUCE: LSM: Use lsmblob in
smk_netlbl_mls()"""
- Revert "Revert "Revert "UBUNTU: SAUCE: LSM: change ima_read_file() to use
lsmblob"""
- Revert "Revert "Revert "UBUNTU: SAUCE: apparmor: rename kzfree() to
kfree_sensitive()"""
- Revert "Revert "Revert "UBUNTU: SAUCE: Audit: Fix for missing NULL check"""
- Revert "Revert "Revert "UBUNTU: SAUCE: AppArmor: Remove the exclusive
flag"""
- Revert "Revert "Revert "UBUNTU: SAUCE: LSM: Add /proc attr entry for full
LSM context"""
- Revert "Revert "Revert "UBUNTU: SAUCE: Audit: Add a new record for multiple
object LSM attributes"""
- Revert "Revert "Revert "UBUNTU: SAUCE: Audit: Fix incorrect static inline
function declration."""
- Revert "Revert "Revert "UBUNTU: SAUCE: Audit: Add new record for multiple
process LSM attributes"""
- Revert "Revert "Revert "UBUNTU: SAUCE: NET: Store LSM netlabel data in a
lsmblob"""
- Revert "Revert "Revert "UBUNTU: SAUCE: LSM: security_secid_to_secctx in
netlink netfilter"""
- Revert "Revert "Revert "UBUNTU: SAUCE: LSM: Use lsmcontext in
security_inode_getsecctx"""
- Revert "Revert "Revert "UBUNTU: SAUCE: LSM: Use lsmcontext in
security_secid_to_secctx"""
- Revert "Revert "Revert "UBUNTU: SAUCE: LSM: Ensure the correct LSM context
releaser"""
- Revert "Revert "Revert "UBUNTU: SAUCE: LSM: Specify which LSM to display"""
- Revert "Revert "Revert "UBUNTU: SAUCE: IMA: Change internal interfaces to
use lsmblobs"""
- Revert "Revert "Revert "UBUNTU: SAUCE: LSM: Use lsmblob in
security_cred_getsecid"""
- Revert "Revert "Revert "UBUNTU: SAUCE: LSM: Use lsmblob in
security_inode_getsecid"""
- Revert "Revert "Revert "UBUNTU: SAUCE: LSM: Use lsmblob in
security_task_getsecid"""
- Revert "Revert "Revert "UBUNTU: SAUCE: LSM: Use lsmblob in
security_ipc_getsecid"""
- Revert "Revert "Revert "UBUNTU: SAUCE: LSM: Use lsmblob in
security_secid_to_secctx"""
- Revert "Revert "Revert "UBUNTU: SAUCE: LSM: Use lsmblob in
security_secctx_to_secid"""
- Revert "Revert "Revert "UBUNTU: SAUCE: net: Prepare UDS for security module
stacking"""
- Revert "Revert "Revert "UBUNTU: SAUCE: LSM: Use lsmblob in
security_kernel_act_as"""
- Revert "Revert "Revert "UBUNTU: SAUCE: LSM: Use lsmblob in
security_audit_rule_match"""
- Revert "Revert "Revert "UBUNTU: SAUCE: LSM: Create and manage the lsmblob
data structure."""
- Revert "Revert "Revert "UBUNTU: SAUCE: LSM: Infrastructure management of the
sock security"""
- Revert "Revert "Revert "UBUNTU: SAUCE: apparmor: LSM stacking: switch from
SK_CTX() to aa_sock()"""
- Revert "Revert "Revert "UBUNTU: SAUCE: apparmor: rename aa_sock() to
aa_unix_sk()"""
- Revert "Revert "Revert "UBUNTU: SAUCE: apparmor: disable showing the mode as
part of a secid to secctx"""
- Revert "Revert "Revert "apparmor: fix absroot causing audited secids to
begin with ="""
- Revert "Revert "Revert "UBUNTU SAUCE: apparmor: fix apparmor mediating
locking non-fs, unix sockets"""
- Revert "Revert "Revert "UBUNTU: SAUCE: apparmor: fix use after free in
sk_peer_label"""
- Revert "Revert "Revert "UBUNTU: SAUCE: apparmor: af_unix mediation"""
- Revert "Revert "Revert "UBUNTU: SAUCE: apparmor: patch to provide
compatibility with v2.x net rules"""
- Revert "Revert "Revert "UBUNTU: SAUCE: apparmor: add/use fns to print hash
string hex value"""
- SAUCE: upstream v6.0: apparmor: fix absroot causing audited secids to begin
with =
- SAUCE: upstream v6.0: apparmor: Fix kernel-doc
- SAUCE: upstream v6.0: lsm: Fix kernel-doc
- SAUCE: upstream v6.0: apparmor: Update help description of policy hash for
introspection
- SAUCE: upstream v6.0: apparmor: make export of raw binary profile to
userspace optional
- SAUCE: upstream v6.0: apparmor: Enable tuning of policy paranoid load for
embedded systems
- SAUCE: upstream v6.0: apparmor: don't create raw_sha1 symlink if sha1
hashing is disabled
- SAUCE: upstream v6.0: apparmor: resolve uninitialized symbol warnings in
policy_unpack_test.c
- SAUCE: upstream v6.0: security/apparmor: remove redundant ret variable
- SAUCE: upstream v6.0: apparmor: Use struct_size() helper in kmalloc()
- SAUCE: upstream v6.0: apparmor: Fix match_mnt_path_str() and match_mnt()
kernel-doc comment
- SAUCE: upstream v6.0: apparmor: Fix some kernel-doc comments
- SAUCE: upstream v6.0: apparmor: Fix some kernel-doc comments
- SAUCE: upstream v6.0: apparmor: Fix undefined reference to
`zlib_deflate_workspacesize'
- SAUCE: upstream v6.0: apparmor: Fix some kernel-doc comments
- SAUCE: upstream v6.0: apparmor: test: Remove some casts which are no-longer
required
- SAUCE: upstream v6.0: apparmor: add a kernel label to use on kernel objects
- SAUCE: upstream v6.0: apparmor: Convert secid mapping to XArrays instead of
IDR
- SAUCE: upstream v6.0: apparmor: disable showing the mode as part of a secid
to secctx
- SAUCE: upstream v6.0: apparmor: Mark alloc_unconfined() as static
- SAUCE: upstream v6.0: apparmor: Fix some kernel-doc comments
- SAUCE: upstream v6.0: apparmor: allow label to carry debug flags
- SAUCE: upstream v6.0: apparmor: extend policydb permission set by making use
of the xbits
- SAUCE: upstream v6.0: apparmor: move ptrace mediation to more logical
task.{h,c}
- SAUCE: upstream v6.0: apparmor: correct config reference to intended one
- SAUCE: upstream v6.0: lsm,io_uring: add LSM hooks for the new uring_cmd file
op
- SAUCE: upstream v6.0: selinux: implement the security_uring_cmd() LSM hook
- SAUCE: upstream v6.0: Smack: Provide read control for io_uring_cmd
- SAUCE: apparmor-next 6.1: apparmor: fix a memleak in multi_transaction_new()
- SAUCE: apparmor-next 6.1: apparmor: fix lockdep warning when removing a
namespace
- SAUCE: apparmor-next 6.1: apparmor: reserve mediation classes
- SAUCE: apparmor-next 6.1: apparmor: use zstd compression for profile data
- SAUCE: apparmor-next 6.1: apparmor: expose compression level limits in sysfs
- SAUCE: apparmor-next 6.1: apparmor: compute file permissions on profile load
- SAUCE: apparmor-next 6.1: apparmor: compute xmatch permissions on profile
load
- SAUCE: apparmor-next 6.1: apparmor: move fperm computation into
policy_unpack
- SAUCE: apparmor-next 6.1: apparmor: rework and cleanup fperm computation
- SAUCE: apparmor-next 6.1: apparmor: convert xmatch to use aa_perms structure
- SAUCE: apparmor-next 6.1: apparmor: compute policydb permission on profile
load
- SAUCE: apparmor-next 6.1: apparmor: combine file_rules and aa_policydb into
a single shared struct
- SAUCE: apparmor-next 6.1: apparmor: convert xmatch to using the new shared
policydb struct
- SAUCE: apparmor-next 6.1: apparmor: convert fperm lookup to use accept as an
index
- SAUCE: apparmor-next 6.1: apparmor: convert xmatch lookup to use accept as
an index
- SAUCE: apparmor-next 6.1: apparmor: cleanup shared permission struct
- SAUCE: apparmor-next 6.1: apparmor: convert policy lookup to use accept as
an index
- SAUCE: apparmor-next 6.1: apparmor: preparse for state being more than just
an integer
- SAUCE: apparmor-next 6.1: apparmor: Fix abi check to include v8 abi
- SAUCE: apparmor-next 6.1: apparmor: fix apparmor mediating locking non-fs
unix sockets
- SAUCE: apparmor-next 6.1: apparmor: extend policydb permission set by making
use of the xbits
- SAUCE: apparmor-next 6.1: apparmor: move dfa perm macros into policy_unpack
- SAUCE: apparmor-next 6.1: apparmor: extend xindex size
- SAUCE: apparmor-next 6.1: apparmor: isolate policy backwards compatibility
to its own file
- SAUCE: apparmor-next 6.1: apparmor: extend permissions to support a label
and tag string
- SAUCE: apparmor-next 6.1: apparmor: add mediation class information to
auditing
- SAUCE: apparmor-next 6.1: apparmor: add user mode flag
- SAUCE: apparmor-next 6.1: apparmor: make transition table unpack generic so
it can be reused
- SAUCE: apparmor-next 6.1: apparmor: group dfa policydb unpacking
- SAUCE: apparmor-next 6.1: apparmor: make unpack_array return a trianary
value
- SAUCE: apparmor-next 6.1: apparmor: add the ability for policy to specify a
permission table
- SAUCE: apparmor-next 6.1: apparmor: verify permission table indexes
- SAUCE: apparmor-next 6.1: apparmor: make sure perm indexes are accumulated
- SAUCE: apparmor-next 6.1: apparmor: cleanup: move perm accumulation into
perms.h
- SAUCE: apparmor-next 6.1: apparmor: verify loaded permission bits masks
don't overlap
- SAUCE: apparmor-next 6.1: apparmor: refactor profile rules and attachments
- SAUCE: apparmor-next 6.1: apparmor: rework profile->rules to be a list
- SAUCE: apparmor-next 6.1: apparmor: fix aa_class_names[] to match reserved
classes
- SAUCE: apparmor-next 6.1: apparmor: Fix regression in stacking due to label
flags
- SAUCE: apparmor-next 6.1: apparmor: Simplify obtain the newest label on a
cred
- SAUCE: apparmor-next 6.1: apparmor: make __aa_path_perm() static
- SAUCE: apparmor-next 6.1: apparmor: Fix doc comment for compute_fperms
- SAUCE: apparmor-next 6.1: apparmor: Remove unnecessary size check when
unpacking trans_table
- SAUCE: apparmor-next 6.1: apparmor: make sure the decompression ctx is
promperly initialized
- SAUCE: apparmor: add/use fns to print hash string hex value
- SAUCE: apparmor: patch to provide compatibility with v2.x net rules
- SAUCE: Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: make
__aa_path_perm() static"
- SAUCE: apparmor: af_unix mediation
- SAUCE: fix shutdown unix socket owner conditional check
- SAUCE: apparmor: rename aa_sock() to aa_unix_sk()
- SAUCE: apparmor: Add fine grained mediation of posix mqueues
- SAUCE: apparmor: LSM stacking: switch from SK_CTX() to aa_sock()
- SAUCE: lsm stacking v37: integrity: disassociate ima_filter_rule from
security_audit_rule
- SAUCE: lsm stacking v37: LSM: Infrastructure management of the sock security
- SAUCE: lsm stacking v37: LSM: Add the lsmblob data structure.
- SAUCE: lsm stacking v37: LSM: provide lsm name and id slot mappings
- SAUCE: lsm stacking v37: IMA: avoid label collisions with stacked LSMs
- SAUCE: lsm stacking v37: LSM: Use lsmblob in security_audit_rule_match
- SAUCE: lsm stacking v37: LSM: Use lsmblob in security_kernel_act_as
- SAUCE: lsm stacking v37: LSM: Use lsmblob in security_secctx_to_secid
- SAUCE: lsm stacking v37: LSM: Use lsmblob in security_secid_to_secctx
- SAUCE: lsm stacking v37: LSM: Use lsmblob in security_ipc_getsecid
- SAUCE: lsm stacking v37: LSM: Use lsmblob in security_current_getsecid
- SAUCE: lsm stacking v37: LSM: Use lsmblob in security_inode_getsecid
- SAUCE: lsm stacking v37: LSM: Use lsmblob in security_cred_getsecid
- SAUCE: lsm stacking v37: LSM: Specify which LSM to display
- SAUCE: fixup lsm stacking v37: LSM: Specify which LSM to display
- SAUCE: lsm stacking v37: LSM: Ensure the correct LSM context releaser
- SAUCE: lsm stacking v37: LSM: Use lsmcontext in security_secid_to_secctx
- SAUCE: lsm stacking v37: LSM: Use lsmcontext in security_inode_getsecctx
- SAUCE: lsm stacking v37: LSM: Use lsmcontext in
security_dentry_init_security
- SAUCE: lsm stacking v37: LSM: security_secid_to_secctx in netlink netfilter
- SAUCE: lsm stacking v37: NET: Store LSM netlabel data in a lsmblob
- SAUCE: lsm stacking v37: binder: Pass LSM identifier for confirmation
- SAUCE: lsm stacking v37: LSM: security_secid_to_secctx module selection
- SAUCE: lsm stacking v37: Audit: Keep multiple LSM data in audit_names
- SAUCE: lsm stacking v37: Audit: Create audit_stamp structure
- SAUCE: lsm stacking v37: LSM: Add a function to report multiple LSMs
- SAUCE: lsm stacking v37: Audit: Allow multiple records in an audit_buffer
- SAUCE: lsm stacking v37: Audit: Add record for multiple task security
contexts
- SAUCE: lsm stacking v37: audit: multiple subject lsm values for netlabel
- SAUCE: lsm stacking v37: Audit: Add record for multiple object contexts
- SAUCE: lsm stacking v37: netlabel: Use a struct lsmblob in audit data
- SAUCE: lsm stacking v37: LSM: Removed scaffolding function lsmcontext_init
- SAUCE: lsm stacking v37: LSM: Add /proc attr entry for full LSM context
- SAUCE: lsm stacking v37: AppArmor: Remove the exclusive flag
- SAUCE: security, lsm: Introduce security_create_user_ns()
- SAUCE: bpf-lsm: Make bpf_lsm_userns_create() sleepable
- SAUCE: selinux: Implement userns_create hook
- SAUCE: apparmor: add user namespace creation mediation
- [Config] update configs after apply new apparmor patch set
* kinetic: apply new apparmor and LSM stacking patch set (LP: #1989983) //
5.19.0-17.17: kernel NULL pointer dereference, address: 0000000000000084
(LP: #1990236)
- SAUCE: apparmor: fix oops in unix owner conditional setup
* Miscellaneous Ubuntu changes
- [Config] make sure CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT is enforced
[ Ubuntu: 5.19.0-18.18 ]
* kinetic/linux: 5.19.0-18.18 -proposed tracker (LP: #1990366)
* 5.19.0-17.17: kernel NULL pointer dereference, address: 0000000000000084
(LP: #1990236)
- Revert "UBUNTU: SAUCE: apparmor: Fix regression in stacking due to label
flags"
- Revert "UBUNTU: [Config] disable SECURITY_APPARMOR_RESTRICT_USERNS"
- Revert "UBUNTU: SAUCE: Revert "hwrng: virtio - add an internal buffer""
- Revert "UBUNTU: SAUCE: Revert "hwrng: virtio - don't wait on cleanup""
- Revert "UBUNTU: SAUCE: Revert "hwrng: virtio - don't waste entropy""
- Revert "UBUNTU: SAUCE: Revert "hwrng: virtio - always add a pending
request""
- Revert "UBUNTU: SAUCE: Revert "hwrng: virtio - unregister device before
reset""
- Revert "UBUNTU: SAUCE: Revert "virtio-rng: make device ready before making
request""
- Revert "UBUNTU: [Config] update configs after apply new apparmor patch set"
- Revert "UBUNTU: SAUCE: apparmor: add user namespace creation mediation"
- Revert "UBUNTU: SAUCE: selinux: Implement userns_create hook"
- Revert "UBUNTU: SAUCE: bpf-lsm: Make bpf_lsm_userns_create() sleepable"
- Revert "UBUNTU: SAUCE: security, lsm: Introduce security_create_user_ns()"
- Revert "UBUNTU: SAUCE: lsm stacking v37: AppArmor: Remove the exclusive
flag"
- Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: Add /proc attr entry for full
LSM context"
- Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: Removed scaffolding function
lsmcontext_init"
- Revert "UBUNTU: SAUCE: lsm stacking v37: netlabel: Use a struct lsmblob in
audit data"
- Revert "UBUNTU: SAUCE: lsm stacking v37: Audit: Add record for multiple
object contexts"
- Revert "UBUNTU: SAUCE: lsm stacking v37: audit: multiple subject lsm values
for netlabel"
- Revert "UBUNTU: SAUCE: lsm stacking v37: Audit: Add record for multiple task
security contexts"
- Revert "UBUNTU: SAUCE: lsm stacking v37: Audit: Allow multiple records in an
audit_buffer"
- Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: Add a function to report
multiple LSMs"
- Revert "UBUNTU: SAUCE: lsm stacking v37: Audit: Create audit_stamp
structure"
- Revert "UBUNTU: SAUCE: lsm stacking v37: Audit: Keep multiple LSM data in
audit_names"
- Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: security_secid_to_secctx
module selection"
- Revert "UBUNTU: SAUCE: lsm stacking v37: binder: Pass LSM identifier for
confirmation"
- Revert "UBUNTU: SAUCE: lsm stacking v37: NET: Store LSM netlabel data in a
lsmblob"
- Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: security_secid_to_secctx in
netlink netfilter"
- Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: Use lsmcontext in
security_dentry_init_security"
- Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: Use lsmcontext in
security_inode_getsecctx"
- Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: Use lsmcontext in
security_secid_to_secctx"
- Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: Ensure the correct LSM context
releaser"
- Revert "UBUNTU: SAUCE: fixup lsm stacking v37: LSM: Specify which LSM to
display"
- Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: Specify which LSM to display"
- Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: Use lsmblob in
security_cred_getsecid"
- Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: Use lsmblob in
security_inode_getsecid"
- Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: Use lsmblob in
security_current_getsecid"
- Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: Use lsmblob in
security_ipc_getsecid"
- Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: Use lsmblob in
security_secid_to_secctx"
- Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: Use lsmblob in
security_secctx_to_secid"
- Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: Use lsmblob in
security_kernel_act_as"
- Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: Use lsmblob in
security_audit_rule_match"
- Revert "UBUNTU: SAUCE: lsm stacking v37: IMA: avoid label collisions with
stacked LSMs"
- Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: provide lsm name and id slot
mappings"
- Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: Add the lsmblob data
structure."
- Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: Infrastructure management of
the sock security"
- Revert "UBUNTU: SAUCE: lsm stacking v37: integrity: disassociate
ima_filter_rule from security_audit_rule"
- Revert "UBUNTU: SAUCE: apparmor: LSM stacking: switch from SK_CTX() to
aa_sock()"
- Revert "UBUNTU: SAUCE: apparmor: Add fine grained mediation of posix
mqueues"
- Revert "UBUNTU: SAUCE: apparmor: rename aa_sock() to aa_unix_sk()"
- Revert "UBUNTU: SAUCE: fix shutdown unix socket owner conditional check"
- Revert "UBUNTU: SAUCE: apparmor: af_unix mediation"
- Revert "UBUNTU: SAUCE: apparmor: patch to provide compatibility with v2.x
net rules"
- Revert "UBUNTU: SAUCE: apparmor: add/use fns to print hash string hex value"
- Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: fix aa_class_names[] to
match reserved classes"
- Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: rework profile->rules to
be a list"
- Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: refactor profile rules
and attachments"
- Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: verify loaded permission
bits masks don't overlap"
- Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: cleanup: move perm
accumulation into perms.h"
- Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: make sure perm indexes
are accumulated"
- Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: verify permission table
indexes"
- Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: add the ability for
policy to specify a permission table"
- Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: make unpack_array return
a trianary value"
- Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: group dfa policydb
unpacking"
- Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: make transition table
unpack generic so it can be reused"
- Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: add user mode flag"
- Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: add mediation class
information to auditing"
- Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: extend permissions to
support a label and tag string"
- Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: isolate policy backwards
compatibility to its own file"
- Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: extend xindex size"
- Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: move dfa perm macros
into policy_unpack"
- Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: extend policydb
permission set by making use of the xbits"
- Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: fix apparmor mediating
locking non-fs unix sockets"
- Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: Fix abi check to include
v8 abi"
- Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: preparse for state being
more than just an integer"
- Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: convert policy lookup to
use accept as an index"
- Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: cleanup shared
permission struct"
- Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: convert xmatch lookup to
use accept as an index"
- Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: convert fperm lookup to
use accept as an index"
- Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: convert xmatch to using
the new shared policydb struct"
- Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: combine file_rules and
aa_policydb into a single shared struct"
- Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: compute policydb
permission on profile load"
- Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: convert xmatch to use
aa_perms structure"
- Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: rework and cleanup fperm
computation"
- Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: move fperm computation
into policy_unpack"
- Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: compute xmatch
permissions on profile load"
- Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: compute file permissions
on profile load"
- Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: expose compression level
limits in sysfs"
- Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: use zstd compression for
profile data"
- Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: reserve mediation
classes"
- Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: fix lockdep warning when
removing a namespace"
- Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: fix a memleak in
multi_transaction_new()"
- Revert "UBUNTU: SAUCE: upstream v6.0: Smack: Provide read control for
io_uring_cmd"
- Revert "UBUNTU: SAUCE: upstream v6.0: selinux: implement the
security_uring_cmd() LSM hook"
- Revert "UBUNTU: SAUCE: upstream v6.0: lsm,io_uring: add LSM hooks for the
new uring_cmd file op"
- Revert "UBUNTU: SAUCE: upstream v6.0: apparmor: correct config reference to
intended one"
- Revert "UBUNTU: SAUCE: upstream v6.0: apparmor: move ptrace mediation to
more logical task.{h,c}"
- Revert "UBUNTU: SAUCE: upstream v6.0: apparmor: extend policydb permission
set by making use of the xbits"
- Revert "UBUNTU: SAUCE: upstream v6.0: apparmor: allow label to carry debug
flags"
- Revert "UBUNTU: SAUCE: upstream v6.0: apparmor: Fix some kernel-doc
comments"
- Revert "UBUNTU: SAUCE: upstream v6.0: apparmor: Mark alloc_unconfined() as
static"
- Revert "UBUNTU: SAUCE: upstream v6.0: apparmor: disable showing the mode as
part of a secid to secctx"
- Revert "UBUNTU: SAUCE: upstream v6.0: apparmor: Convert secid mapping to
XArrays instead of IDR"
- Revert "UBUNTU: SAUCE: upstream v6.0: apparmor: add a kernel label to use on
kernel objects"
- Revert "UBUNTU: SAUCE: upstream v6.0: apparmor: test: Remove some casts
which are no-longer required"
- Revert "UBUNTU: SAUCE: upstream v6.0: apparmor: Fix some kernel-doc
comments"
- Revert "UBUNTU: SAUCE: upstream v6.0: apparmor: Fix undefined reference to
`zlib_deflate_workspacesize'"
- Revert "UBUNTU: SAUCE: upstream v6.0: apparmor: Fix some kernel-doc
comments"
- Revert "UBUNTU: SAUCE: upstream v6.0: apparmor: Fix some kernel-doc
comments"
- Revert "UBUNTU: SAUCE: upstream v6.0: apparmor: Fix match_mnt_path_str() and
match_mnt() kernel-doc comment"
- Revert "UBUNTU: SAUCE: upstream v6.0: apparmor: Use struct_size() helper in
kmalloc()"
- Revert "UBUNTU: SAUCE: upstream v6.0: security/apparmor: remove redundant
ret variable"
- Revert "UBUNTU: SAUCE: upstream v6.0: apparmor: resolve uninitialized symbol
warnings in policy_unpack_test.c"
- Revert "UBUNTU: SAUCE: upstream v6.0: apparmor: don't create raw_sha1
symlink if sha1 hashing is disabled"
- Revert "UBUNTU: SAUCE: upstream v6.0: apparmor: Enable tuning of policy
paranoid load for embedded systems"
- Revert "UBUNTU: SAUCE: upstream v6.0: apparmor: make export of raw binary
profile to userspace optional"
- Revert "UBUNTU: SAUCE: upstream v6.0: apparmor: Update help description of
policy hash for introspection"
- Revert "UBUNTU: SAUCE: upstream v6.0: lsm: Fix kernel-doc"
- Revert "UBUNTU: SAUCE: upstream v6.0: apparmor: Fix kernel-doc"
- Revert "UBUNTU: SAUCE: upstream v6.0: apparmor: fix absroot causing audited
secids to begin with ="
- Revert "Revert "UBUNTU: SAUCE: apparmor: add/use fns to print hash string
hex value""
- Revert "Revert "UBUNTU: SAUCE: apparmor: patch to provide compatibility with
v2.x net rules""
- Revert "Revert "UBUNTU: SAUCE: apparmor: af_unix mediation""
- Revert "Revert "UBUNTU: SAUCE: apparmor: fix use after free in
sk_peer_label""
- Revert "Revert "UBUNTU SAUCE: apparmor: fix apparmor mediating locking non-
fs, unix sockets""
- Revert "Revert "apparmor: fix absroot causing audited secids to begin with
=""
- Revert "Revert "UBUNTU: SAUCE: apparmor: disable showing the mode as part of
a secid to secctx""
- Revert "Revert "UBUNTU: SAUCE: apparmor: rename aa_sock() to aa_unix_sk()""
- Revert "Revert "UBUNTU: SAUCE: apparmor: LSM stacking: switch from SK_CTX()
to aa_sock()""
- Revert "Revert "UBUNTU: SAUCE: LSM: Infrastructure management of the sock
security""
- Revert "Revert "UBUNTU: SAUCE: LSM: Create and manage the lsmblob data
structure.""
- Revert "Revert "UBUNTU: SAUCE: LSM: Use lsmblob in
security_audit_rule_match""
- Revert "Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_kernel_act_as""
- Revert "Revert "UBUNTU: SAUCE: net: Prepare UDS for security module
stacking""
- Revert "Revert "UBUNTU: SAUCE: LSM: Use lsmblob in
security_secctx_to_secid""
- Revert "Revert "UBUNTU: SAUCE: LSM: Use lsmblob in
security_secid_to_secctx""
- Revert "Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_ipc_getsecid""
- Revert "Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_task_getsecid""
- Revert "Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_inode_getsecid""
- Revert "Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_cred_getsecid""
- Revert "Revert "UBUNTU: SAUCE: IMA: Change internal interfaces to use
lsmblobs""
- Revert "Revert "UBUNTU: SAUCE: LSM: Specify which LSM to display""
- Revert "Revert "UBUNTU: SAUCE: LSM: Ensure the correct LSM context
releaser""
- Revert "Revert "UBUNTU: SAUCE: LSM: Use lsmcontext in
security_secid_to_secctx""
- Revert "Revert "UBUNTU: SAUCE: LSM: Use lsmcontext in
security_inode_getsecctx""
- Revert "Revert "UBUNTU: SAUCE: LSM: security_secid_to_secctx in netlink
netfilter""
- Revert "Revert "UBUNTU: SAUCE: NET: Store LSM netlabel data in a lsmblob""
- Revert "Revert "UBUNTU: SAUCE: Audit: Add new record for multiple process
LSM attributes""
- Revert "Revert "UBUNTU: SAUCE: Audit: Fix incorrect static inline function
declration.""
- Revert "Revert "UBUNTU: SAUCE: Audit: Add a new record for multiple object
LSM attributes""
- Revert "Revert "UBUNTU: SAUCE: LSM: Add /proc attr entry for full LSM
context""
- Revert "Revert "UBUNTU: SAUCE: AppArmor: Remove the exclusive flag""
- Revert "Revert "UBUNTU: SAUCE: Audit: Fix for missing NULL check""
- Revert "Revert "UBUNTU: SAUCE: apparmor: rename kzfree() to
kfree_sensitive()""
- Revert "Revert "UBUNTU: SAUCE: LSM: change ima_read_file() to use lsmblob""
- Revert "Revert "UBUNTU: SAUCE: LSM: Use lsmblob in smk_netlbl_mls()""
- Revert "Revert "UBUNTU: SAUCE: apparmor: Fix build error, make sk parameter
const""
- Revert "Revert "UBUNTU: SAUCE: LSM: Specify which LSM to display (using
struct cred as input)""
* [22.04 FEAT] Enhanced Interpretation for PCI Functions on s390x - kernel
part (LP: #1853306)
- s390/sclp: detect the zPCI load/store interpretation facility
- s390/sclp: detect the AISII facility
- s390/sclp: detect the AENI facility
- s390/sclp: detect the AISI facility
- s390/airq: pass more TPI info to airq handlers
- s390/airq: allow for airq structure that uses an input vector
- s390/pci: externalize the SIC operation controls and routine
- s390/pci: stash associated GISA designation
- s390/pci: stash dtsm and maxstbl
- vfio/pci: introduce CONFIG_VFIO_PCI_ZDEV_KVM
- KVM: s390: pci: add basic kvm_zdev structure
- KVM: s390: pci: do initial setup for AEN interpretation
- KVM: s390: pci: enable host forwarding of Adapter Event Notifications
- KVM: s390: mechanism to enable guest zPCI Interpretation
- KVM: s390: pci: provide routines for enabling/disabling interrupt forwarding
- KVM: s390: pci: add routines to start/stop interpretive execution
- vfio-pci/zdev: add open/close device hooks
- vfio-pci/zdev: add function handle to clp base capability
- vfio-pci/zdev: different maxstbl for interpreted devices
- KVM: s390: add KVM_S390_ZPCI_OP to manage guest zPCI devices
- MAINTAINERS: additional files related kvm s390 pci passthrough
- Documentation: kvm: extend KVM_S390_ZPCI_OP subheading underline
- KVM: s390: pci: Hook to access KVM lowlevel from VFIO
* [22.10 FEAT] [IO2201] Independent Usage of Secondary Physical Function
(LP: #1959542)
- PCI: Clean up pci_scan_slot()
- PCI: Split out next_ari_fn() from next_fn()
- PCI: Move jailhouse's isolated function handling to pci_scan_slot()
- PCI: Extend isolated function probing to s390
- s390/pci: allow zPCI zbus without a function zero
* AMD ACP 6.2 DMIC support (LP: #1989518)
- ASoC: amd: add Pink Sardine platform ACP IP register header
- ASoC: amd: add Pink Sardine ACP PCI driver
- ASoC: amd: add acp6.2 init/de-init functions
- ASoC: amd: add platform devices for acp6.2 pdm driver and dmic driver
- ASoC: amd: add acp6.2 pdm platform driver
- ASoC: amd: add acp6.2 irq handler
- ASoC: amd: add acp6.2 pdm driver dma ops
- ASoC: amd: add acp6.2 pci driver pm ops
- ASoC: amd: add acp6.2 pdm driver pm ops
- ASoC: amd: enable Pink Sardine acp6.2 drivers build
- ASoC: amd: create platform device for acp6.2 machine driver
- ASoC: amd: add Pink Sardine machine driver using dmic
- ASoC: amd: enable Pink sardine platform machine driver build.
- [Config] Enable audio for AMD PinkSardine
* support independent clock and LED GPIOs for Intel IPU6 platforms
(LP: #1989046)
- SAUCE: platform/x86: int3472: support independent clock and LED GPIOs
* CVE-2022-2978
- SAUCE: fs: fix UAF/GPF bug in nilfs_mdt_destroy
* Miscellaneous Ubuntu changes
- [Config] disable SECURITY_APPARMOR_RESTRICT_USERNS
- SAUCE: Add mdev_set_iommu_device() kABI.
- SAUCE: apparmor: Fix regression in stacking due to label flags
- [Config] update toolchain version
* Miscellaneous upstream changes
- Revert "drm/i915/opregion: check port number bounds for SWSCI display power
state"
[ Ubuntu: 5.19.0-17.17 ]
* kinetic/linux: 5.19.0-17.17 -proposed tracker (LP: #1989987)
* Packaging resync (LP: #1786013)
- debian/dkms-versions -- update from kernel-versions (main/master)
- debian/dkms-versions -- update from kernel-versions (main/master)
* multiple kernel oops regarding hung tasks delaying boot (LP: #1989258)
- SAUCE: Revert "virtio-rng: make device ready before making request"
- SAUCE: Revert "hwrng: virtio - unregister device before reset"
- SAUCE: Revert "hwrng: virtio - always add a pending request"
- SAUCE: Revert "hwrng: virtio - don't waste entropy"
- SAUCE: Revert "hwrng: virtio - don't wait on cleanup"
- SAUCE: Revert "hwrng: virtio - add an internal buffer"
* kinetic: apply new apparmor and LSM stacking patch set (LP: #1989983)
- Revert "UBUNTU: SAUCE: LSM: Specify which LSM to display (using struct cred
as input)"
- Revert "UBUNTU: SAUCE: apparmor: Fix build error, make sk parameter const"
- Revert "UBUNTU: SAUCE: LSM: Use lsmblob in smk_netlbl_mls()"
- Revert "UBUNTU: SAUCE: LSM: change ima_read_file() to use lsmblob"
- Revert "UBUNTU: SAUCE: apparmor: rename kzfree() to kfree_sensitive()"
- Revert "UBUNTU: SAUCE: Audit: Fix for missing NULL check"
- Revert "UBUNTU: SAUCE: AppArmor: Remove the exclusive flag"
- Revert "UBUNTU: SAUCE: LSM: Add /proc attr entry for full LSM context"
- Revert "UBUNTU: SAUCE: Audit: Add a new record for multiple object LSM
attributes"
- Revert "UBUNTU: SAUCE: Audit: Fix incorrect static inline function
declration."
- Revert "UBUNTU: SAUCE: Audit: Add new record for multiple process LSM
attributes"
- Revert "UBUNTU: SAUCE: NET: Store LSM netlabel data in a lsmblob"
- Revert "UBUNTU: SAUCE: LSM: security_secid_to_secctx in netlink netfilter"
- Revert "UBUNTU: SAUCE: LSM: Use lsmcontext in security_inode_getsecctx"
- Revert "UBUNTU: SAUCE: LSM: Use lsmcontext in security_secid_to_secctx"
- Revert "UBUNTU: SAUCE: LSM: Ensure the correct LSM context releaser"
- Revert "UBUNTU: SAUCE: LSM: Specify which LSM to display"
- Revert "UBUNTU: SAUCE: IMA: Change internal interfaces to use lsmblobs"
- Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_cred_getsecid"
- Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_inode_getsecid"
- Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_task_getsecid"
- Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_ipc_getsecid"
- Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_secid_to_secctx"
- Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_secctx_to_secid"
- Revert "UBUNTU: SAUCE: net: Prepare UDS for security module stacking"
- Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_kernel_act_as"
- Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_audit_rule_match"
- Revert "UBUNTU: SAUCE: LSM: Create and manage the lsmblob data structure."
- Revert "UBUNTU: SAUCE: LSM: Infrastructure management of the sock security"
- Revert "UBUNTU: SAUCE: apparmor: LSM stacking: switch from SK_CTX() to
aa_sock()"
- Revert "UBUNTU: SAUCE: apparmor: rename aa_sock() to aa_unix_sk()"
- Revert "UBUNTU: SAUCE: apparmor: disable showing the mode as part of a secid
to secctx"
- Revert "apparmor: fix absroot causing audited secids to begin with ="
- Revert "UBUNTU SAUCE: apparmor: fix apparmor mediating locking non-fs, unix
sockets"
- Revert "UBUNTU: SAUCE: apparmor: fix use after free in sk_peer_label"
- Revert "UBUNTU: SAUCE: apparmor: af_unix mediation"
- Revert "UBUNTU: SAUCE: apparmor: patch to provide compatibility with v2.x
net rules"
- Revert "UBUNTU: SAUCE: apparmor: add/use fns to print hash string hex value"
- SAUCE: upstream v6.0: apparmor: fix absroot causing audited secids to begin
with =
- SAUCE: upstream v6.0: apparmor: Fix kernel-doc
- SAUCE: upstream v6.0: lsm: Fix kernel-doc
- SAUCE: upstream v6.0: apparmor: Update help description of policy hash for
introspection
- SAUCE: upstream v6.0: apparmor: make export of raw binary profile to
userspace optional
- SAUCE: upstream v6.0: apparmor: Enable tuning of policy paranoid load for
embedded systems
- SAUCE: upstream v6.0: apparmor: don't create raw_sha1 symlink if sha1
hashing is disabled
- SAUCE: upstream v6.0: apparmor: resolve uninitialized symbol warnings in
policy_unpack_test.c
- SAUCE: upstream v6.0: security/apparmor: remove redundant ret variable
- SAUCE: upstream v6.0: apparmor: Use struct_size() helper in kmalloc()
- SAUCE: upstream v6.0: apparmor: Fix match_mnt_path_str() and match_mnt()
kernel-doc comment
- SAUCE: upstream v6.0: apparmor: Fix some kernel-doc comments
- SAUCE: upstream v6.0: apparmor: Fix some kernel-doc comments
- SAUCE: upstream v6.0: apparmor: Fix undefined reference to
`zlib_deflate_workspacesize'
- SAUCE: upstream v6.0: apparmor: Fix some kernel-doc comments
- SAUCE: upstream v6.0: apparmor: test: Remove some casts which are no-longer
required
- SAUCE: upstream v6.0: apparmor: add a kernel label to use on kernel objects
- SAUCE: upstream v6.0: apparmor: Convert secid mapping to XArrays instead of
IDR
- SAUCE: upstream v6.0: apparmor: disable showing the mode as part of a secid
to secctx
- SAUCE: upstream v6.0: apparmor: Mark alloc_unconfined() as static
- SAUCE: upstream v6.0: apparmor: Fix some kernel-doc comments
- SAUCE: upstream v6.0: apparmor: allow label to carry debug flags
- SAUCE: upstream v6.0: apparmor: extend policydb permission set by making use
of the xbits
- SAUCE: upstream v6.0: apparmor: move ptrace mediation to more logical
task.{h,c}
- SAUCE: upstream v6.0: apparmor: correct config reference to intended one
- SAUCE: upstream v6.0: lsm,io_uring: add LSM hooks for the new uring_cmd file
op
- SAUCE: upstream v6.0: selinux: implement the security_uring_cmd() LSM hook
- SAUCE: upstream v6.0: Smack: Provide read control for io_uring_cmd
- SAUCE: apparmor-next 6.1: apparmor: fix a memleak in multi_transaction_new()
- SAUCE: apparmor-next 6.1: apparmor: fix lockdep warning when removing a
namespace
- SAUCE: apparmor-next 6.1: apparmor: reserve mediation classes
- SAUCE: apparmor-next 6.1: apparmor: use zstd compression for profile data
- SAUCE: apparmor-next 6.1: apparmor: expose compression level limits in sysfs
- SAUCE: apparmor-next 6.1: apparmor: compute file permissions on profile load
- SAUCE: apparmor-next 6.1: apparmor: compute xmatch permissions on profile
load
- SAUCE: apparmor-next 6.1: apparmor: move fperm computation into
policy_unpack
- SAUCE: apparmor-next 6.1: apparmor: rework and cleanup fperm computation
- SAUCE: apparmor-next 6.1: apparmor: convert xmatch to use aa_perms structure
- SAUCE: apparmor-next 6.1: apparmor: compute policydb permission on profile
load
- SAUCE: apparmor-next 6.1: apparmor: combine file_rules and aa_policydb into
a single shared struct
- SAUCE: apparmor-next 6.1: apparmor: convert xmatch to using the new shared
policydb struct
- SAUCE: apparmor-next 6.1: apparmor: convert fperm lookup to use accept as an
index
- SAUCE: apparmor-next 6.1: apparmor: convert xmatch lookup to use accept as
an index
- SAUCE: apparmor-next 6.1: apparmor: cleanup shared permission struct
- SAUCE: apparmor-next 6.1: apparmor: convert policy lookup to use accept as
an index
- SAUCE: apparmor-next 6.1: apparmor: preparse for state being more than just
an integer
- SAUCE: apparmor-next 6.1: apparmor: Fix abi check to include v8 abi
- SAUCE: apparmor-next 6.1: apparmor: fix apparmor mediating locking non-fs
unix sockets
- SAUCE: apparmor-next 6.1: apparmor: extend policydb permission set by making
use of the xbits
- SAUCE: apparmor-next 6.1: apparmor: move dfa perm macros into policy_unpack
- SAUCE: apparmor-next 6.1: apparmor: extend xindex size
- SAUCE: apparmor-next 6.1: apparmor: isolate policy backwards compatibility
to its own file
- SAUCE: apparmor-next 6.1: apparmor: extend permissions to support a label
and tag string
- SAUCE: apparmor-next 6.1: apparmor: add mediation class information to
auditing
- SAUCE: apparmor-next 6.1: apparmor: add user mode flag
- SAUCE: apparmor-next 6.1: apparmor: make transition table unpack generic so
it can be reused
- SAUCE: apparmor-next 6.1: apparmor: group dfa policydb unpacking
- SAUCE: apparmor-next 6.1: apparmor: make unpack_array return a trianary
value
- SAUCE: apparmor-next 6.1: apparmor: add the ability for policy to specify a
permission table
- SAUCE: apparmor-next 6.1: apparmor: verify permission table indexes
- SAUCE: apparmor-next 6.1: apparmor: make sure perm indexes are accumulated
- SAUCE: apparmor-next 6.1: apparmor: cleanup: move perm accumulation into
perms.h
- SAUCE: apparmor-next 6.1: apparmor: verify loaded permission bits masks
don't overlap
- SAUCE: apparmor-next 6.1: apparmor: refactor profile rules and attachments
- SAUCE: apparmor-next 6.1: apparmor: rework profile->rules to be a list
- SAUCE: apparmor-next 6.1: apparmor: fix aa_class_names[] to match reserved
classes
- SAUCE: apparmor: add/use fns to print hash string hex value
- SAUCE: apparmor: patch to provide compatibility with v2.x net rules
- SAUCE: apparmor: af_unix mediation
- SAUCE: fix shutdown unix socket owner conditional check
- SAUCE: apparmor: rename aa_sock() to aa_unix_sk()
- SAUCE: apparmor: Add fine grained mediation of posix mqueues
- SAUCE: apparmor: LSM stacking: switch from SK_CTX() to aa_sock()
- SAUCE: lsm stacking v37: integrity: disassociate ima_filter_rule from
security_audit_rule
- SAUCE: lsm stacking v37: LSM: Infrastructure management of the sock security
- SAUCE: lsm stacking v37: LSM: Add the lsmblob data structure.
- SAUCE: lsm stacking v37: LSM: provide lsm name and id slot mappings
- SAUCE: lsm stacking v37: IMA: avoid label collisions with stacked LSMs
- SAUCE: lsm stacking v37: LSM: Use lsmblob in security_audit_rule_match
- SAUCE: lsm stacking v37: LSM: Use lsmblob in security_kernel_act_as
- SAUCE: lsm stacking v37: LSM: Use lsmblob in security_secctx_to_secid
- SAUCE: lsm stacking v37: LSM: Use lsmblob in security_secid_to_secctx
- SAUCE: lsm stacking v37: LSM: Use lsmblob in security_ipc_getsecid
- SAUCE: lsm stacking v37: LSM: Use lsmblob in security_current_getsecid
- SAUCE: lsm stacking v37: LSM: Use lsmblob in security_inode_getsecid
- SAUCE: lsm stacking v37: LSM: Use lsmblob in security_cred_getsecid
- SAUCE: lsm stacking v37: LSM: Specify which LSM to display
- SAUCE: fixup lsm stacking v37: LSM: Specify which LSM to display
- SAUCE: lsm stacking v37: LSM: Ensure the correct LSM context releaser
- SAUCE: lsm stacking v37: LSM: Use lsmcontext in security_secid_to_secctx
- SAUCE: lsm stacking v37: LSM: Use lsmcontext in security_inode_getsecctx
- SAUCE: lsm stacking v37: LSM: Use lsmcontext in
security_dentry_init_security
- SAUCE: lsm stacking v37: LSM: security_secid_to_secctx in netlink netfilter
- SAUCE: lsm stacking v37: NET: Store LSM netlabel data in a lsmblob
- SAUCE: lsm stacking v37: binder: Pass LSM identifier for confirmation
- SAUCE: lsm stacking v37: LSM: security_secid_to_secctx module selection
- SAUCE: lsm stacking v37: Audit: Keep multiple LSM data in audit_names
- SAUCE: lsm stacking v37: Audit: Create audit_stamp structure
- SAUCE: lsm stacking v37: LSM: Add a function to report multiple LSMs
- SAUCE: lsm stacking v37: Audit: Allow multiple records in an audit_buffer
- SAUCE: lsm stacking v37: Audit: Add record for multiple task security
contexts
- SAUCE: lsm stacking v37: audit: multiple subject lsm values for netlabel
- SAUCE: lsm stacking v37: Audit: Add record for multiple object contexts
- SAUCE: lsm stacking v37: netlabel: Use a struct lsmblob in audit data
- SAUCE: lsm stacking v37: LSM: Removed scaffolding function lsmcontext_init
- SAUCE: lsm stacking v37: LSM: Add /proc attr entry for full LSM context
- SAUCE: lsm stacking v37: AppArmor: Remove the exclusive flag
- SAUCE: security, lsm: Introduce security_create_user_ns()
- SAUCE: bpf-lsm: Make bpf_lsm_userns_create() sleepable
- SAUCE: selinux: Implement userns_create hook
- SAUCE: apparmor: add user namespace creation mediation
- [Config] update configs after apply new apparmor patch set
* [22.10 FEAT] KVM: Secure Execution guest dump encryption with customer keys
- kernel part (LP: #1959940)
- s390/uv: Add SE hdr query information
- s390/uv: Add dump fields to query
- KVM: s390: pv: Add query interface
- KVM: s390: pv: Add dump support definitions
- KVM: s390: pv: Add query dump information
- KVM: s390: Add configuration dump functionality
- KVM: s390: Add CPU dump functionality
- KVM: s390: Add KVM_CAP_S390_PROTECTED_DUMP
- Documentation: virt: Protected virtual machine dumps
- Documentation/virt/kvm/api.rst: Add protvirt dump/info api descriptions
- Documentation/virt/kvm/api.rst: Explain rc/rrc delivery
* [SRU][OEM-5.14/Jammy/OEM-5.17][PATCH 0/1] Fix blank screen on Thinkpad ADL
4K+ panel (LP: #1980621)
- SAUCE: drm/i915: Implement WaEdpLinkRateDataReload
- SAUCE: Revert "drm/i915/display: Re-add check for low voltage sku for max dp
source rate"
* [UBUNTU 22.04] s390/qeth: cache link_info for ethtool (LP: #1984103)
- s390/qeth: cache link_info for ethtool
* Kernel livepatch support for for s390x (LP: #1639924)
- [Config] Enable EXPOLINE_EXTERN on s390x
* IWLMEI may cause device down at resuming from s2idle (LP: #1987312)
- [Config] Disable IWLMEI
* Raise CONFIG_NR_CPUS (LP: #1967889)
- [Config] Raise riscv64 CONFIG_NR_CPUS to 32
* PolarFire Icicle Kit: missing USB support (LP: #1986970)
- usb: musb: Add support for PolarFire SoC's musb controller
- usb: musb: mpfs: Fix error codes in probe()
- usb: musb: mpfs: add missing clk_disable_unprepare() in mpfs_remove()
- [Config] Enable CONFIG_USB_MUSB_POLARFIRE_SOC on riscv64
* System freeze after resuming from suspend due to PCI ASPM settings
(LP: #1980829)
- SAUCE: PCI/ASPM: Save/restore L1SS Capability for suspend/resume
- SAUCE: whitelist platforms that needs save/restore ASPM L1SS for
suspend/resume
* Please enable CONFIG_SQUASHFS_DECOMP_MULTI_PERCPU (LP: #1980861)
- [Config] Switch from DECOMP_SINGLE to DECOMP_MULTI_PERCPU
* Miscellaneous Ubuntu changes
- [Config] enable security-related configs
- [Packaging] Make stamp-install-<flavor> target reentrant
- [Packaging] Pass kernel build_arch to dkms
- [Packaging] Enable building zfs during cross-compile
- [Packaging] temporarily disable signing for ppc64el
-- Juerg Haefliger <juerg.haefliger at canonical.com> Mon, 17 Oct 2022
13:17:32 +0200
** Changed in: linux-raspi (Ubuntu Kinetic)
Status: New => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-2978
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-40768
--
You received this bug notification because you are a member of Ubuntu
Package Archive Administrators, which is a bug assignee.
https://bugs.launchpad.net/bugs/1993133
Title:
kinetic/linux-raspi: 5.19.0-1004.10 -proposed tracker
To manage notifications about this bug go to:
https://bugs.launchpad.net/canonical-signing-jobs/+bug/1993133/+subscriptions
More information about the ubuntu-archive
mailing list