[Bug 2052774] Re: noble/linux-aws: 6.8.0-1001.1 -proposed tracker
Launchpad Bug Tracker
2052774 at bugs.launchpad.net
Sat Mar 2 18:35:35 UTC 2024
This bug was fixed in the package linux-aws - 6.8.0-1001.1
---------------
linux-aws (6.8.0-1001.1) noble; urgency=medium
* noble/linux-aws: 6.8.0-1001.1 -proposed tracker (LP: #2052774)
* Packaging resync (LP: #1786013)
- debian.aws/dkms-versions -- update from kernel-versions (main/d2024.02.07)
* AWS: Set ENA_INTR_INITIAL_TX_INTERVAL_USECS to 64 (LP: #2045428)
- Revert "UBUNTU: SAUCE: net: ena: fix too long default tx interrupt
moderation interval"
* Miscellaneous Ubuntu changes
- [Packaging] remove custom ABI/retpoline check files
- [Config] update annotations after rebase to v6.8
[ Ubuntu: 6.8.0-7.7 ]
* noble/linux: 6.8.0-7.7 -proposed tracker (LP: #2052691)
* update apparmor and LSM stacking patch set (LP: #2028253)
- SAUCE: apparmor4.0.0 [01/87]: LSM stacking v39: integrity: disassociate
ima_filter_rule from security_audit_rule
- SAUCE: apparmor4.0.0 [02/87]: LSM stacking v39: SM: Infrastructure
management of the sock security
- SAUCE: apparmor4.0.0 [03/87]: LSM stacking v39: LSM: Add the lsmblob data
structure.
- SAUCE: apparmor4.0.0 [04/87]: LSM stacking v39: IMA: avoid label collisions
with stacked LSMs
- SAUCE: apparmor4.0.0 [05/87]: LSM stacking v39: LSM: Use lsmblob in
security_audit_rule_match
- SAUCE: apparmor4.0.0 [06/87]: LSM stacking v39: LSM: Add lsmblob_to_secctx
hook
- SAUCE: apparmor4.0.0 [07/87]: LSM stacking v39: Audit: maintain an lsmblob
in audit_context
- SAUCE: apparmor4.0.0 [08/87]: LSM stacking v39: LSM: Use lsmblob in
security_ipc_getsecid
- SAUCE: apparmor4.0.0 [09/87]: LSM stacking v39: Audit: Update shutdown LSM
data
- SAUCE: apparmor4.0.0 [10/87]: LSM stacking v39: LSM: Use lsmblob in
security_current_getsecid
- SAUCE: apparmor4.0.0 [11/87]: LSM stacking v39: LSM: Use lsmblob in
security_inode_getsecid
- SAUCE: apparmor4.0.0 [12/87]: LSM stacking v39: Audit: use an lsmblob in
audit_names
- SAUCE: apparmor4.0.0 [13/87]: LSM stacking v39: LSM: Create new
security_cred_getlsmblob LSM hook
- SAUCE: apparmor4.0.0 [14/87]: LSM stacking v39: Audit: Change context data
from secid to lsmblob
- SAUCE: apparmor4.0.0 [15/87]: LSM stacking v39: Netlabel: Use lsmblob for
audit data
- SAUCE: apparmor4.0.0 [16/87]: LSM stacking v39: LSM: Ensure the correct LSM
context releaser
- SAUCE: apparmor4.0.0 [17/87]: LSM stacking v39: LSM: Use lsmcontext in
security_secid_to_secctx
- SAUCE: apparmor4.0.0 [18/87]: LSM stacking v39: LSM: Use lsmcontext in
security_lsmblob_to_secctx
- SAUCE: apparmor4.0.0 [19/87]: LSM stacking v39: LSM: Use lsmcontext in
security_inode_getsecctx
- SAUCE: apparmor4.0.0 [20/87]: LSM stacking v39: LSM: Use lsmcontext in
security_dentry_init_security
- SAUCE: apparmor4.0.0 [21/87]: LSM stacking v39: LSM:
security_lsmblob_to_secctx module selection
- SAUCE: apparmor4.0.0 [22/87]: LSM stacking v39: Audit: Create audit_stamp
structure
- SAUCE: apparmor4.0.0 [23/87]: LSM stacking v39: Audit: Allow multiple
records in an audit_buffer
- SAUCE: apparmor4.0.0 [24/87]: LSM stacking v39: Audit: Add record for
multiple task security contexts
- SAUCE: apparmor4.0.0 [25/87]: LSM stacking v39: audit: multiple subject lsm
values for netlabel
- SAUCE: apparmor4.0.0 [26/87]: LSM stacking v39: Audit: Add record for
multiple object contexts
- SAUCE: apparmor4.0.0 [27/87]: LSM stacking v39: LSM: Remove unused
lsmcontext_init()
- SAUCE: apparmor4.0.0 [28/87]: LSM stacking v39: LSM: Improve logic in
security_getprocattr
- SAUCE: apparmor4.0.0 [29/87]: LSM stacking v39: LSM: secctx provider check
on release
- SAUCE: apparmor4.0.0 [31/87]: LSM stacking v39: LSM: Exclusive secmark usage
- SAUCE: apparmor4.0.0 [32/87]: LSM stacking v39: LSM: Identify which LSM
handles the context string
- SAUCE: apparmor4.0.0 [33/87]: LSM stacking v39: AppArmor: Remove the
exclusive flag
- SAUCE: apparmor4.0.0 [34/87]: LSM stacking v39: LSM: Add mount opts blob
size tracking
- SAUCE: apparmor4.0.0 [35/87]: LSM stacking v39: LSM: allocate mnt_opts blobs
instead of module specific data
- SAUCE: apparmor4.0.0 [36/87]: LSM stacking v39: LSM: Infrastructure
management of the key security blob
- SAUCE: apparmor4.0.0 [37/87]: LSM stacking v39: LSM: Infrastructure
management of the mnt_opts security blob
- SAUCE: apparmor4.0.0 [38/87]: LSM stacking v39: LSM: Correct handling of
ENOSYS in inode_setxattr
- SAUCE: apparmor4.0.0 [39/87]: LSM stacking v39: LSM: Remove lsmblob
scaffolding
- SAUCE: apparmor4.0.0 [40/87]: LSM stacking v39: LSM: Allow reservation of
netlabel
- SAUCE: apparmor4.0.0 [41/87]: LSM stacking v39: LSM: restrict
security_cred_getsecid() to a single LSM
- SAUCE: apparmor4.0.0 [42/87]: LSM stacking v39: Smack: Remove
LSM_FLAG_EXCLUSIVE
- SAUCE: apparmor4.0.0 [43/87]: LSM stacking v39: UBUNTU: SAUCE: apparmor4.0.0
[12/95]: add/use fns to print hash string hex value
- SAUCE: apparmor4.0.0 [44/87]: patch to provide compatibility with v2.x net
rules
- SAUCE: apparmor4.0.0 [45/87]: add unpriviled user ns mediation
- SAUCE: apparmor4.0.0 [46/87]: Add sysctls for additional controls of unpriv
userns restrictions
- SAUCE: apparmor4.0.0 [47/87]: af_unix mediation
- SAUCE: apparmor4.0.0 [48/87]: Add fine grained mediation of posix mqueues
- SAUCE: apparmor4.0.0 [49/87]: setup slab cache for audit data
- SAUCE: apparmor4.0.0 [50/87]: Improve debug print infrastructure
- SAUCE: apparmor4.0.0 [51/87]: add the ability for profiles to have a
learning cache
- SAUCE: apparmor4.0.0 [52/87]: enable userspace upcall for mediation
- SAUCE: apparmor4.0.0 [53/87]: prompt - lock down prompt interface
- SAUCE: apparmor4.0.0 [54/87]: prompt - allow controlling of caching of a
prompt response
- SAUCE: apparmor4.0.0 [55/87]: prompt - add refcount to audit_node in prep or
reuse and delete
- SAUCE: apparmor4.0.0 [56/87]: prompt - refactor to moving caching to
uresponse
- SAUCE: apparmor4.0.0 [57/87]: prompt - Improve debug statements
- SAUCE: apparmor4.0.0 [58/87]: prompt - fix caching
- SAUCE: apparmor4.0.0 [59/87]: prompt - rework build to use append fn, to
simplify adding strings
- SAUCE: apparmor4.0.0 [60/87]: prompt - refcount notifications
- SAUCE: apparmor4.0.0 [61/87]: prompt - add the ability to reply with a
profile name
- SAUCE: apparmor4.0.0 [62/87]: prompt - fix notification cache when updating
- SAUCE: apparmor4.0.0 [63/87]: prompt - add tailglob on name for cache
support
- SAUCE: apparmor4.0.0 [64/87]: prompt - allow profiles to set prompts as
interruptible
- SAUCE: apparmor4.0.0 [65/87] v6.8 prompt:fixup interruptible
- SAUCE: apparmor4.0.0 [69/87]: add io_uring mediation
- SAUCE: apparmor4.0.0 [70/87]: apparmor: fix oops when racing to retrieve
notification
- SAUCE: apparmor4.0.0 [71/87]: apparmor: fix notification header size
- SAUCE: apparmor4.0.0 [72/87]: apparmor: fix request field from a prompt
reply that denies all access
- SAUCE: apparmor4.0.0 [73/87]: apparmor: open userns related sysctl so lxc
can check if restriction are in place
- SAUCE: apparmor4.0.0 [74/87]: apparmor: cleanup attachment perm lookup to
use lookup_perms()
- SAUCE: apparmor4.0.0 [75/87]: apparmor: remove redundant unconfined check.
- SAUCE: apparmor4.0.0 [76/87]: apparmor: switch signal mediation to using
RULE_MEDIATES
- SAUCE: apparmor4.0.0 [77/87]: apparmor: ensure labels with more than one
entry have correct flags
- SAUCE: apparmor4.0.0 [78/87]: apparmor: remove explicit restriction that
unconfined cannot use change_hat
- SAUCE: apparmor4.0.0 [79/87]: apparmor: cleanup: refactor file_perm() to
provide semantics of some checks
- SAUCE: apparmor4.0.0 [80/87]: apparmor: carry mediation check on label
- SAUCE: apparmor4.0.0 [81/87]: apparmor: convert easy uses of unconfined() to
label_mediates()
- SAUCE: apparmor4.0.0 [82/87]: apparmor: add additional flags to extended
permission.
- SAUCE: apparmor4.0.0 [83/87]: apparmor: add support for profiles to define
the kill signal
- SAUCE: apparmor4.0.0 [84/87]: apparmor: fix x_table_lookup when stacking is
not the first entry
- SAUCE: apparmor4.0.0 [85/87]: apparmor: allow profile to be transitioned
when a user ns is created
- SAUCE: apparmor4.0.0 [86/87]: apparmor: add ability to mediate caps with
policy state machine
- SAUCE: apparmor4.0.0 [87/87]: fixup notify
- [Config] disable CONFIG_SECURITY_APPARMOR_RESTRICT_USERNS
* update apparmor and LSM stacking patch set (LP: #2028253) // [FFe]
apparmor-4.0.0-alpha2 for unprivileged user namespace restrictions in mantic
(LP: #2032602)
- SAUCE: apparmor4.0.0 [66/87]: prompt - add support for advanced filtering of
notifications
- SAUCE: apparmor4.0.0 [67/87]: userns - add the ability to reference a global
variable for a feature value
- SAUCE: apparmor4.0.0 [68/87]: userns - make it so special unconfined
profiles can mediate user namespaces
[ Ubuntu: 6.8.0-6.6 ]
* noble/linux: 6.8.0-6.6 -proposed tracker (LP: #2052592)
* Packaging resync (LP: #1786013)
- debian.master/dkms-versions -- update from kernel-versions
(main/d2024.02.07)
- [Packaging] update variants
* FIPS kernels should default to fips mode (LP: #2049082)
- SAUCE: Enable fips mode by default, in FIPS kernels only
* Fix snapcraftyaml.yaml for jammy:linux-raspi (LP: #2051468)
- [Packaging] Remove old snapcraft.yaml
* Azure: Fix regression introduced in LP: #2045069 (LP: #2052453)
- hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed
* Miscellaneous Ubuntu changes
- [Packaging] Remove in-tree abi checks
- [Packaging] drop abi files with clean
- [Packaging] Remove do_full_source variable (fixup)
- [Packaging] Remove update-dkms-versions and move dkms-versions
- [Config] updateconfigs following v6.8-rc3 rebase
- [packaging] rename to linux
- [packaging] rebase on v6.8-rc3
- [packaging] disable signing for ppc64el
* Rebase on v6.8-rc3
[ Ubuntu: 6.8.0-5.5 ]
* noble/linux-unstable: 6.8.0-5.5 -proposed tracker (LP: #2052136)
* Miscellaneous upstream changes
- Revert "mm/sparsemem: fix race in accessing memory_section->usage"
[ Ubuntu: 6.8.0-4.4 ]
* noble/linux-unstable: 6.8.0-4.4 -proposed tracker (LP: #2051502)
* Migrate from fbdev drivers to simpledrm and DRM fbdev emulation layer
(LP: #1965303)
- [Config] enable simpledrm and DRM fbdev emulation layer
* Miscellaneous Ubuntu changes
- [Config] toolchain update
* Miscellaneous upstream changes
- rust: upgrade to Rust 1.75.0
[ Ubuntu: 6.8.0-3.3 ]
* noble/linux-unstable: 6.8.0-3.3 -proposed tracker (LP: #2051488)
* update apparmor and LSM stacking patch set (LP: #2028253)
- SAUCE: apparmor4.0.0 [43/87]: LSM stacking v39: UBUNTU: SAUCE: apparmor4.0.0
[12/95]: add/use fns to print hash string hex value
- SAUCE: apparmor4.0.0 [44/87]: patch to provide compatibility with v2.x net
rules
- SAUCE: apparmor4.0.0 [45/87]: add unpriviled user ns mediation
- SAUCE: apparmor4.0.0 [46/87]: Add sysctls for additional controls of unpriv
userns restrictions
- SAUCE: apparmor4.0.0 [47/87]: af_unix mediation
- SAUCE: apparmor4.0.0 [48/87]: Add fine grained mediation of posix mqueues
- SAUCE: apparmor4.0.0 [49/87]: setup slab cache for audit data
- SAUCE: apparmor4.0.0 [50/87]: Improve debug print infrastructure
- SAUCE: apparmor4.0.0 [51/87]: add the ability for profiles to have a
learning cache
- SAUCE: apparmor4.0.0 [52/87]: enable userspace upcall for mediation
- SAUCE: apparmor4.0.0 [53/87]: prompt - lock down prompt interface
- SAUCE: apparmor4.0.0 [54/87]: prompt - allow controlling of caching of a
prompt response
- SAUCE: apparmor4.0.0 [55/87]: prompt - add refcount to audit_node in prep or
reuse and delete
- SAUCE: apparmor4.0.0 [56/87]: prompt - refactor to moving caching to
uresponse
- SAUCE: apparmor4.0.0 [57/87]: prompt - Improve debug statements
- SAUCE: apparmor4.0.0 [58/87]: prompt - fix caching
- SAUCE: apparmor4.0.0 [59/87]: prompt - rework build to use append fn, to
simplify adding strings
- SAUCE: apparmor4.0.0 [60/87]: prompt - refcount notifications
- SAUCE: apparmor4.0.0 [61/87]: prompt - add the ability to reply with a
profile name
- SAUCE: apparmor4.0.0 [62/87]: prompt - fix notification cache when updating
- SAUCE: apparmor4.0.0 [63/87]: prompt - add tailglob on name for cache
support
- SAUCE: apparmor4.0.0 [64/87]: prompt - allow profiles to set prompts as
interruptible
- SAUCE: apparmor4.0.0 [69/87]: add io_uring mediation
- [Config] disable CONFIG_SECURITY_APPARMOR_RESTRICT_USERNS
* apparmor restricts read access of user namespace mediation sysctls to root
(LP: #2040194)
- SAUCE: apparmor4.0.0 [73/87]: apparmor: open userns related sysctl so lxc
can check if restriction are in place
* AppArmor spams kernel log with assert when auditing (LP: #2040192)
- SAUCE: apparmor4.0.0 [72/87]: apparmor: fix request field from a prompt
reply that denies all access
* apparmor notification files verification (LP: #2040250)
- SAUCE: apparmor4.0.0 [71/87]: apparmor: fix notification header size
* apparmor oops when racing to retrieve a notification (LP: #2040245)
- SAUCE: apparmor4.0.0 [70/87]: apparmor: fix oops when racing to retrieve
notification
* update apparmor and LSM stacking patch set (LP: #2028253) // [FFe]
apparmor-4.0.0-alpha2 for unprivileged user namespace restrictions in mantic
(LP: #2032602)
- SAUCE: apparmor4.0.0 [66/87]: prompt - add support for advanced filtering of
notifications
- SAUCE: apparmor4.0.0 [67/87]: userns - add the ability to reference a global
variable for a feature value
- SAUCE: apparmor4.0.0 [68/87]: userns - make it so special unconfined
profiles can mediate user namespaces
* Miscellaneous Ubuntu changes
- SAUCE: apparmor4.0.0 [01/87]: LSM stacking v39: integrity: disassociate
ima_filter_rule from security_audit_rule
- SAUCE: apparmor4.0.0 [02/87]: LSM stacking v39: SM: Infrastructure
management of the sock security
- SAUCE: apparmor4.0.0 [03/87]: LSM stacking v39: LSM: Add the lsmblob data
structure.
- SAUCE: apparmor4.0.0 [04/87]: LSM stacking v39: IMA: avoid label collisions
with stacked LSMs
- SAUCE: apparmor4.0.0 [05/87]: LSM stacking v39: LSM: Use lsmblob in
security_audit_rule_match
- SAUCE: apparmor4.0.0 [06/87]: LSM stacking v39: LSM: Add lsmblob_to_secctx
hook
- SAUCE: apparmor4.0.0 [07/87]: LSM stacking v39: Audit: maintain an lsmblob
in audit_context
- SAUCE: apparmor4.0.0 [08/87]: LSM stacking v39: LSM: Use lsmblob in
security_ipc_getsecid
- SAUCE: apparmor4.0.0 [09/87]: LSM stacking v39: Audit: Update shutdown LSM
data
- SAUCE: apparmor4.0.0 [10/87]: LSM stacking v39: LSM: Use lsmblob in
security_current_getsecid
- SAUCE: apparmor4.0.0 [11/87]: LSM stacking v39: LSM: Use lsmblob in
security_inode_getsecid
- SAUCE: apparmor4.0.0 [12/87]: LSM stacking v39: Audit: use an lsmblob in
audit_names
- SAUCE: apparmor4.0.0 [13/87]: LSM stacking v39: LSM: Create new
security_cred_getlsmblob LSM hook
- SAUCE: apparmor4.0.0 [14/87]: LSM stacking v39: Audit: Change context data
from secid to lsmblob
- SAUCE: apparmor4.0.0 [15/87]: LSM stacking v39: Netlabel: Use lsmblob for
audit data
- SAUCE: apparmor4.0.0 [16/87]: LSM stacking v39: LSM: Ensure the correct LSM
context releaser
- SAUCE: apparmor4.0.0 [17/87]: LSM stacking v39: LSM: Use lsmcontext in
security_secid_to_secctx
- SAUCE: apparmor4.0.0 [18/87]: LSM stacking v39: LSM: Use lsmcontext in
security_lsmblob_to_secctx
- SAUCE: apparmor4.0.0 [19/87]: LSM stacking v39: LSM: Use lsmcontext in
security_inode_getsecctx
- SAUCE: apparmor4.0.0 [20/87]: LSM stacking v39: LSM: Use lsmcontext in
security_dentry_init_security
- SAUCE: apparmor4.0.0 [21/87]: LSM stacking v39: LSM:
security_lsmblob_to_secctx module selection
- SAUCE: apparmor4.0.0 [22/87]: LSM stacking v39: Audit: Create audit_stamp
structure
- SAUCE: apparmor4.0.0 [23/87]: LSM stacking v39: Audit: Allow multiple
records in an audit_buffer
- SAUCE: apparmor4.0.0 [24/87]: LSM stacking v39: Audit: Add record for
multiple task security contexts
- SAUCE: apparmor4.0.0 [25/87]: LSM stacking v39: audit: multiple subject lsm
values for netlabel
- SAUCE: apparmor4.0.0 [26/87]: LSM stacking v39: Audit: Add record for
multiple object contexts
- SAUCE: apparmor4.0.0 [27/87]: LSM stacking v39: LSM: Remove unused
lsmcontext_init()
- SAUCE: apparmor4.0.0 [28/87]: LSM stacking v39: LSM: Improve logic in
security_getprocattr
- SAUCE: apparmor4.0.0 [29/87]: LSM stacking v39: LSM: secctx provider check
on release
- SAUCE: apparmor4.0.0 [30/87]: LSM stacking v39: LSM: Single calls in
socket_getpeersec hooks
- SAUCE: apparmor4.0.0 [31/87]: LSM stacking v39: LSM: Exclusive secmark usage
- SAUCE: apparmor4.0.0 [32/87]: LSM stacking v39: LSM: Identify which LSM
handles the context string
- SAUCE: apparmor4.0.0 [33/87]: LSM stacking v39: AppArmor: Remove the
exclusive flag
- SAUCE: apparmor4.0.0 [34/87]: LSM stacking v39: LSM: Add mount opts blob
size tracking
- SAUCE: apparmor4.0.0 [35/87]: LSM stacking v39: LSM: allocate mnt_opts blobs
instead of module specific data
- SAUCE: apparmor4.0.0 [36/87]: LSM stacking v39: LSM: Infrastructure
management of the key security blob
- SAUCE: apparmor4.0.0 [37/87]: LSM stacking v39: LSM: Infrastructure
management of the mnt_opts security blob
- SAUCE: apparmor4.0.0 [38/87]: LSM stacking v39: LSM: Correct handling of
ENOSYS in inode_setxattr
- SAUCE: apparmor4.0.0 [39/87]: LSM stacking v39: LSM: Remove lsmblob
scaffolding
- SAUCE: apparmor4.0.0 [40/87]: LSM stacking v39: LSM: Allow reservation of
netlabel
- SAUCE: apparmor4.0.0 [41/87]: LSM stacking v39: LSM: restrict
security_cred_getsecid() to a single LSM
- SAUCE: apparmor4.0.0 [42/87]: LSM stacking v39: Smack: Remove
LSM_FLAG_EXCLUSIVE
- SAUCE: apparmor4.0.0 [65/87] v6.8 prompt:fixup interruptible
- SAUCE: apparmor4.0.0 [74/87]: apparmor: cleanup attachment perm lookup to
use lookup_perms()
- SAUCE: apparmor4.0.0 [75/87]: apparmor: remove redundant unconfined check.
- SAUCE: apparmor4.0.0 [76/87]: apparmor: switch signal mediation to using
RULE_MEDIATES
- SAUCE: apparmor4.0.0 [77/87]: apparmor: ensure labels with more than one
entry have correct flags
- SAUCE: apparmor4.0.0 [78/87]: apparmor: remove explicit restriction that
unconfined cannot use change_hat
- SAUCE: apparmor4.0.0 [79/87]: apparmor: cleanup: refactor file_perm() to
provide semantics of some checks
- SAUCE: apparmor4.0.0 [80/87]: apparmor: carry mediation check on label
- SAUCE: apparmor4.0.0 [81/87]: apparmor: convert easy uses of unconfined() to
label_mediates()
- SAUCE: apparmor4.0.0 [82/87]: apparmor: add additional flags to extended
permission.
- SAUCE: apparmor4.0.0 [83/87]: apparmor: add support for profiles to define
the kill signal
- SAUCE: apparmor4.0.0 [84/87]: apparmor: fix x_table_lookup when stacking is
not the first entry
- SAUCE: apparmor4.0.0 [85/87]: apparmor: allow profile to be transitioned
when a user ns is created
- SAUCE: apparmor4.0.0 [86/87]: apparmor: add ability to mediate caps with
policy state machine
- SAUCE: apparmor4.0.0 [87/87]: fixup notify
- [Config] updateconfigs following v6.8-rc2 rebase
[ Ubuntu: 6.8.0-2.2 ]
* noble/linux-unstable: 6.8.0-2.2 -proposed tracker (LP: #2051110)
* Miscellaneous Ubuntu changes
- [Config] toolchain update
- [Config] enable Rust
[ Ubuntu: 6.8.0-1.1 ]
* noble/linux-unstable: 6.8.0-1.1 -proposed tracker (LP: #2051102)
* Miscellaneous Ubuntu changes
- [packaging] move to v6.8-rc1
- [Config] updateconfigs following v6.8-rc1 rebase
- SAUCE: export file_close_fd() instead of close_fd_get_file()
- SAUCE: cpufreq: s/strlcpy/strscpy/
- debian/dkms-versions -- temporarily disable zfs dkms
- debian/dkms-versions -- temporarily disable ipu6 and isvsc dkms
- debian/dkms-versions -- temporarily disable v4l2loopback
[ Ubuntu: 6.8.0-0.0 ]
* Empty entry.
[ Ubuntu: 6.7.0-7.7 ]
* noble/linux-unstable: 6.7.0-7.7 -proposed tracker (LP: #2049357)
* Packaging resync (LP: #1786013)
- [Packaging] update variants
* Miscellaneous Ubuntu changes
- [Packaging] re-enable signing for s390x and ppc64el
[ Ubuntu: 6.7.0-6.6 ]
* Empty entry.
[ Ubuntu: 6.7.0-2.2 ]
* noble/linux: 6.7.0-2.2 -proposed tracker (LP: #2049182)
* Packaging resync (LP: #1786013)
- [Packaging] resync getabis
* Enforce RETPOLINE and SLS mitigrations (LP: #2046440)
- SAUCE: objtool: Make objtool check actually fatal upon fatal errors
- SAUCE: objtool: make objtool SLS validation fatal when building with
CONFIG_SLS=y
- SAUCE: objtool: make objtool RETPOLINE validation fatal when building with
CONFIG_RETPOLINE=y
- SAUCE: scripts: remove generating .o-ur objects
- [Packaging] Remove all custom retpoline-extract code
- Revert "UBUNTU: SAUCE: vga_set_mode -- avoid jump tables"
- Revert "UBUNTU: SAUCE: early/late -- annotate indirect calls in early/late
initialisation code"
- Revert "UBUNTU: SAUCE: apm -- annotate indirect calls within
firmware_restrict_branch_speculation_{start,end}"
* Miscellaneous Ubuntu changes
- [Packaging] temporarily disable riscv64 builds
- [Packaging] temporarily disable Rust dependencies on riscv64
[ Ubuntu: 6.7.0-1.1 ]
* noble/linux: 6.7.0-1.1 -proposed tracker (LP: #2048859)
* Packaging resync (LP: #1786013)
- [Packaging] update variants
- debian/dkms-versions -- update from kernel-versions (main/d2024.01.02)
* [UBUNTU 23.04] Regression: Ubuntu 23.04/23.10 do not include uvdevice
anymore (LP: #2048919)
- [Config] Enable S390_UV_UAPI (built-in)
* Support mipi camera on Intel Meteor Lake platform (LP: #2031412)
- SAUCE: iommu: intel-ipu: use IOMMU passthrough mode for Intel IPUs on Meteor
Lake
- SAUCE: platform/x86: int3472: Add handshake GPIO function
* [SRU][J/L/M] UBUNTU: [Packaging] Make WWAN driver a loadable module
(LP: #2033406)
- [Packaging] Make WWAN driver loadable modules
* usbip: error: failed to open /usr/share/hwdata//usb.ids (LP: #2039439)
- [Packaging] Make linux-tools-common depend on hwdata
* [Mediatek] mt8195-demo: enable CONFIG_MTK_IOMMU as module for multimedia and
PCIE peripherals (LP: #2036587)
- [Config] Enable CONFIG_MTK_IOMMU on arm64
* linux-*: please enable dm-verity kconfigs to allow MoK/db verified root
images (LP: #2019040)
- [Config] CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING=y
* kexec enable to load/kdump zstd compressed zimg (LP: #2037398)
- [Packaging] Revert arm64 image format to Image.gz
* Mantic minimized/minimal cloud images do not receive IP address during
provisioning; systemd regression with wait-online (LP: #2036968)
- [Config] Enable virtio-net as built-in to avoid race
* Make backlight module auto detect dell_uart_backlight (LP: #2008882)
- SAUCE: ACPI: video: Dell AIO UART backlight detection
* Linux 6.2 fails to reboot with current u-boot-nezha (LP: #2021364)
- [Config] Default to performance CPUFreq governor on riscv64
* Enable Nezha board (LP: #1975592)
- [Config] Build in D1 clock drivers on riscv64
- [Config] Enable CONFIG_SUN6I_RTC_CCU on riscv64
- [Config] Enable CONFIG_SUNXI_WATCHDOG on riscv64
- [Config] Disable SUN50I_DE2_BUS on riscv64
- [Config] Disable unneeded sunxi pinctrl drivers on riscv64
* Enable StarFive VisionFive 2 board (LP: #2013232)
- [Config] Enable CONFIG_PINCTRL_STARFIVE_JH7110_SYS on riscv64
- [Config] Enable CONFIG_STARFIVE_WATCHDOG on riscv64
* rcu_sched detected stalls on CPUs/tasks (LP: #1967130)
- [Config] Enable virtually mapped stacks on riscv64
* Check for changes relevant for security certifications (LP: #1945989)
- [Packaging] Add a new fips-checks script
* Installation support for SMARC RZ/G2L platform (LP: #2030525)
- [Config] build Renesas RZ/G2L USBPHY control driver statically
* Add support for kernels compiled with CONFIG_EFI_ZBOOT (LP: #2002226)
- [Config]: Turn on CONFIG_EFI_ZBOOT on ARM64
* Default module signing algo should be accelerated (LP: #2034061)
- [Config] Default module signing algo should be accelerated
* Miscellaneous Ubuntu changes
- [Config] annotations clean-up
[ Upstream Kernel Changes ]
* Rebase to v6.7
[ Ubuntu: 6.7.0-0.0 ]
* Empty entry
[ Ubuntu: 6.7.0-5.5 ]
* noble/linux-unstable: 6.7.0-5.5 -proposed tracker (LP: #2048118)
* Packaging resync (LP: #1786013)
- debian/dkms-versions -- update from kernel-versions (main/d2024.01.02)
* Miscellaneous Ubuntu changes
- [Packaging] re-enable Rust support
- [Packaging] temporarily disable riscv64 builds
[ Ubuntu: 6.7.0-4.4 ]
* noble/linux-unstable: 6.7.0-4.4 -proposed tracker (LP: #2047807)
* unconfined profile denies userns_create for chromium based processes
(LP: #1990064)
- [Config] disable CONFIG_SECURITY_APPARMOR_RESTRICT_USERNS
* apparmor restricts read access of user namespace mediation sysctls to root
(LP: #2040194)
- SAUCE: apparmor4.0.0 [69/69]: apparmor: open userns related sysctl so lxc
can check if restriction are in place
* AppArmor spams kernel log with assert when auditing (LP: #2040192)
- SAUCE: apparmor4.0.0 [68/69]: apparmor: fix request field from a prompt
reply that denies all access
* apparmor notification files verification (LP: #2040250)
- SAUCE: apparmor4.0.0 [67/69]: apparmor: fix notification header size
* apparmor oops when racing to retrieve a notification (LP: #2040245)
- SAUCE: apparmor4.0.0 [66/69]: apparmor: fix oops when racing to retrieve
notification
* update apparmor and LSM stacking patch set (LP: #2028253)
- SAUCE: apparmor4.0.0 [01/69]: add/use fns to print hash string hex value
- SAUCE: apparmor4.0.0 [02/69]: patch to provide compatibility with v2.x net
rules
- SAUCE: apparmor4.0.0 [03/69]: add unpriviled user ns mediation
- SAUCE: apparmor4.0.0 [04/69]: Add sysctls for additional controls of unpriv
userns restrictions
- SAUCE: apparmor4.0.0 [05/69]: af_unix mediation
- SAUCE: apparmor4.0.0 [06/69]: Add fine grained mediation of posix mqueues
- SAUCE: apparmor4.0.0 [07/69]: Stacking v38: LSM: Identify modules by more
than name
- SAUCE: apparmor4.0.0 [08/69]: Stacking v38: LSM: Add an LSM identifier for
external use
- SAUCE: apparmor4.0.0 [09/69]: Stacking v38: LSM: Identify the process
attributes for each module
- SAUCE: apparmor4.0.0 [10/69]: Stacking v38: LSM: Maintain a table of LSM
attribute data
- SAUCE: apparmor4.0.0 [11/69]: Stacking v38: proc: Use lsmids instead of lsm
names for attrs
- SAUCE: apparmor4.0.0 [12/69]: Stacking v38: integrity: disassociate
ima_filter_rule from security_audit_rule
- SAUCE: apparmor4.0.0 [13/69]: Stacking v38: LSM: Infrastructure management
of the sock security
- SAUCE: apparmor4.0.0 [14/69]: Stacking v38: LSM: Add the lsmblob data
structure.
- SAUCE: apparmor4.0.0 [15/69]: Stacking v38: LSM: provide lsm name and id
slot mappings
- SAUCE: apparmor4.0.0 [16/69]: Stacking v38: IMA: avoid label collisions with
stacked LSMs
- SAUCE: apparmor4.0.0 [17/69]: Stacking v38: LSM: Use lsmblob in
security_audit_rule_match
- SAUCE: apparmor4.0.0 [18/69]: Stacking v38: LSM: Use lsmblob in
security_kernel_act_as
- SAUCE: apparmor4.0.0 [19/69]: Stacking v38: LSM: Use lsmblob in
security_secctx_to_secid
- SAUCE: apparmor4.0.0 [20/69]: Stacking v38: LSM: Use lsmblob in
security_secid_to_secctx
- SAUCE: apparmor4.0.0 [21/69]: Stacking v38: LSM: Use lsmblob in
security_ipc_getsecid
- SAUCE: apparmor4.0.0 [22/69]: Stacking v38: LSM: Use lsmblob in
security_current_getsecid
- SAUCE: apparmor4.0.0 [23/69]: Stacking v38: LSM: Use lsmblob in
security_inode_getsecid
- SAUCE: apparmor4.0.0 [24/69]: Stacking v38: LSM: Use lsmblob in
security_cred_getsecid
- SAUCE: apparmor4.0.0 [25/69]: Stacking v38: LSM: Specify which LSM to
display
- SAUCE: apparmor4.0.0 [27/69]: Stacking v38: LSM: Ensure the correct LSM
context releaser
- SAUCE: apparmor4.0.0 [28/69]: Stacking v38: LSM: Use lsmcontext in
security_secid_to_secctx
- SAUCE: apparmor4.0.0 [29/69]: Stacking v38: LSM: Use lsmcontext in
security_inode_getsecctx
- SAUCE: apparmor4.0.0 [30/69]: Stacking v38: Use lsmcontext in
security_dentry_init_security
- SAUCE: apparmor4.0.0 [31/69]: Stacking v38: LSM: security_secid_to_secctx in
netlink netfilter
- SAUCE: apparmor4.0.0 [32/69]: Stacking v38: NET: Store LSM netlabel data in
a lsmblob
- SAUCE: apparmor4.0.0 [33/69]: Stacking v38: binder: Pass LSM identifier for
confirmation
- SAUCE: apparmor4.0.0 [34/69]: Stacking v38: LSM: security_secid_to_secctx
module selection
- SAUCE: apparmor4.0.0 [35/69]: Stacking v38: Audit: Keep multiple LSM data in
audit_names
- SAUCE: apparmor4.0.0 [36/69]: Stacking v38: Audit: Create audit_stamp
structure
- SAUCE: apparmor4.0.0 [37/69]: Stacking v38: LSM: Add a function to report
multiple LSMs
- SAUCE: apparmor4.0.0 [38/69]: Stacking v38: Audit: Allow multiple records in
an audit_buffer
- SAUCE: apparmor4.0.0 [39/69]: Stacking v38: Audit: Add record for multiple
task security contexts
- SAUCE: apparmor4.0.0 [40/69]: Stacking v38: audit: multiple subject lsm
values for netlabel
- SAUCE: apparmor4.0.0 [41/69]: Stacking v38: Audit: Add record for multiple
object contexts
- SAUCE: apparmor4.0.0 [42/69]: Stacking v38: netlabel: Use a struct lsmblob
in audit data
- SAUCE: apparmor4.0.0 [43/69]: Stacking v38: LSM: Removed scaffolding
function lsmcontext_init
- SAUCE: apparmor4.0.0 [44/69]: Stacking v38: AppArmor: Remove the exclusive
flag
- SAUCE: apparmor4.0.0 [45/69]: setup slab cache for audit data
- SAUCE: apparmor4.0.0 [46/69]: Improve debug print infrastructure
- SAUCE: apparmor4.0.0 [47/69]: add the ability for profiles to have a
learning cache
- SAUCE: apparmor4.0.0 [48/69]: enable userspace upcall for mediation
- SAUCE: apparmor4.0.0 [49/69]: prompt - lock down prompt interface
- SAUCE: apparmor4.0.0 [50/69]: prompt - allow controlling of caching of a
prompt response
- SAUCE: apparmor4.0.0 [51/69]: prompt - add refcount to audit_node in prep or
reuse and delete
- SAUCE: apparmor4.0.0 [52/69]: prompt - refactor to moving caching to
uresponse
- SAUCE: apparmor4.0.0 [53/69]: prompt - Improve debug statements
- SAUCE: apparmor4.0.0 [54/69]: prompt - fix caching
- SAUCE: apparmor4.0.0 [55/69]: prompt - rework build to use append fn, to
simplify adding strings
- SAUCE: apparmor4.0.0 [56/69]: prompt - refcount notifications
- SAUCE: apparmor4.0.0 [57/69]: prompt - add the ability to reply with a
profile name
- SAUCE: apparmor4.0.0 [58/69]: prompt - fix notification cache when updating
- SAUCE: apparmor4.0.0 [59/69]: prompt - add tailglob on name for cache
support
- SAUCE: apparmor4.0.0 [60/69]: prompt - allow profiles to set prompts as
interruptible
- SAUCE: apparmor4.0.0 [64/69]: advertise disconnected.path is available
- SAUCE: apparmor4.0.0 [65/69]: add io_uring mediation
* update apparmor and LSM stacking patch set (LP: #2028253) // [FFe]
apparmor-4.0.0-alpha2 for unprivileged user namespace restrictions in mantic
(LP: #2032602)
- SAUCE: apparmor4.0.0 [61/69]: prompt - add support for advanced filtering of
notifications
- SAUCE: apparmor4.0.0 [62/69]: userns - add the ability to reference a global
variable for a feature value
- SAUCE: apparmor4.0.0 [63/69]: userns - make it so special unconfined
profiles can mediate user namespaces
* udev fails to make prctl() syscall with apparmor=0 (as used by maas by
default) (LP: #2016908) // update apparmor and LSM stacking patch set
(LP: #2028253)
- SAUCE: apparmor4.0.0 [26/69]: Stacking v38: Fix prctl() syscall with
apparmor=0
* Fix RPL-U CPU C-state always keep at C3 when system run PHM with idle screen
on (LP: #2042385)
- SAUCE: r8169: Add quirks to enable ASPM on Dell platforms
* [Debian] autoreconstruct - Do not generate chmod -x for deleted files
(LP: #2045562)
- [Debian] autoreconstruct - Do not generate chmod -x for deleted files
* Disable Legacy TIOCSTI (LP: #2046192)
- [Config]: disable CONFIG_LEGACY_TIOCSTI
* Packaging resync (LP: #1786013)
- [Packaging] update variants
- [Packaging] remove helper scripts
- [Packaging] update annotations scripts
* Miscellaneous Ubuntu changes
- [Packaging] rules: Remove unused dkms make variables
- [Config] update annotations after rebase to v6.7-rc8
[ Upstream Kernel Changes ]
* Rebase to v6.7-rc8
[ Ubuntu: 6.7.0-3.3 ]
* noble/linux-unstable: 6.7.0-3.3 -proposed tracker (LP: #2046060)
* enable CONFIG_INTEL_TDX_HOST in linux >= 6.7 for noble (LP: #2046040)
- [Config] enable CONFIG_INTEL_TDX_HOST
* linux tools packages for derived kernels refuse to install simultaneously
due to libcpupower name collision (LP: #2035971)
- [Packaging] Statically link libcpupower into cpupower tool
* make lazy RCU a boot time option (LP: #2045492)
- SAUCE: rcu: Provide a boot time parameter to control lazy RCU
* Build failure if run in a console (LP: #2044512)
- [Packaging] Fix kernel module compression failures
* Turning COMPAT_32BIT_TIME off on arm64 (64k & derivatives) (LP: #2038582)
- [Config] y2038: Turn off COMPAT and COMPAT_32BIT_TIME on arm64 64k
* Turning COMPAT_32BIT_TIME off on riscv64 (LP: #2038584)
- [Config] y2038: Disable COMPAT_32BIT_TIME on riscv64
* Turning COMPAT_32BIT_TIME off on ppc64el (LP: #2038587)
- [Config] y2038: Disable COMPAT and COMPAT_32BIT_TIME on ppc64le
* [UBUNTU 23.04] Kernel config option missing for s390x PCI passthrough
(LP: #2042853)
- [Config] CONFIG_VFIO_PCI_ZDEV_KVM=y
* back-out zstd module compression automatic for backports (LP: #2045593)
- [Packaging] make ZSTD module compression conditional
* Miscellaneous Ubuntu changes
- [Packaging] Remove do_full_source variable
- [Packaging] Remove obsolete config handling
- [Packaging] Remove support for sub-flavors
- [Packaging] Remove old linux-libc-dev version hack
- [Packaging] Remove obsolete scripts
- [Packaging] Remove README.inclusion-list
- [Packaging] make $(stampdir)/stamp-build-perarch depend on build-arch
- [Packaging] Enable rootless builds
- [Packaging] Allow to run debian/rules without (fake)root
- [Packaging] remove unneeded trailing slash for INSTALL_MOD_PATH
- [Packaging] override KERNELRELEASE instead of KERNELVERSION
- [Config] update toolchain versions in annotations
- [Packaging] drop useless linux-doc
- [Packaging] scripts: Rewrite insert-ubuntu-changes in Python
- [Packaging] enable riscv64 builds
- [Packaging] remove the last sub-flavours bit
- [Packaging] check debian.env to determine do_libc_dev_package
- [Packaging] remove debian.*/variants
- [Packaging] remove do_libc_dev_package variable
- [Packaging] move linux-libc-dev.stub to debian/control.d/
- [Packaging] Update check to build linux-libc-dev to the source package name
- [Packaging] rules: Remove startnewrelease target
- [Packaging] Remove debian/commit-templates
- [Config] update annotations after rebase to v6.7-rc4
[ Upstream Kernel Changes ]
* Rebase to v6.7-rc4
[ Ubuntu: 6.7.0-2.2 ]
* noble/linux-unstable: 6.7.0-2.2 -proposed tracker (LP: #2045107)
* Miscellaneous Ubuntu changes
- [Packaging] re-enable Rust
- [Config] enable Rust in annotations
- [Packaging] Remove do_enforce_all variable
- [Config] disable Softlogic 6x10 capture card driver on armhf
- [Packaging] disable Rust support
- [Config] update annotations after rebase to v6.7-rc3
[ Upstream Kernel Changes ]
* Rebase to v6.7-rc3
[ Ubuntu: 6.7.0-1.1 ]
* noble/linux-unstable: 6.7.0-1.1 -proposed tracker (LP: #2044069)
* Packaging resync (LP: #1786013)
- [Packaging] update annotations scripts
- [Packaging] update helper scripts
* Miscellaneous Ubuntu changes
- [Config] update annotations after rebase to v6.7-rc2
[ Upstream Kernel Changes ]
* Rebase to v6.7-rc2
[ Ubuntu: 6.7.0-0.0 ]
* Empty entry
[ Ubuntu: 6.6.0-12.12 ]
* noble/linux-unstable: 6.6.0-12.12 -proposed tracker (LP: #2043664)
* Miscellaneous Ubuntu changes
- [Packaging] temporarily disable zfs dkms
[ Ubuntu: 6.6.0-11.11 ]
* noble/linux-unstable: 6.6.0-11.11 -proposed tracker (LP: #2043480)
* Packaging resync (LP: #1786013)
- [Packaging] resync git-ubuntu-log
- [Packaging] resync update-dkms-versions helper
- [Packaging] update variants
- debian/dkms-versions -- update from kernel-versions (main/d2023.11.14)
* Miscellaneous Ubuntu changes
- [Packaging] move to Noble
- [Config] toolchain version update
[ Ubuntu: 6.6.0-10.10 ]
* mantic/linux-unstable: 6.6.0-10.10 -proposed tracker (LP: #2043088)
* Bump arm64's CONFIG_NR_CPUS to 512 (LP: #2042897)
- [Config] Bump CONFIG_NR_CPUS to 512 for arm64
* Miscellaneous Ubuntu changes
- [Config] Include a note for the NR_CPUS setting on riscv64
- SAUCE: apparmor4.0.0 [83/83]: Fix inode_init for changed prototype
[ Ubuntu: 6.6.0-9.9 ]
* mantic/linux-unstable: 6.6.0-9.9 -proposed tracker (LP: #2041852)
* Switch IMA default hash to sha256 (LP: #2041735)
- [Config] Switch IMA_DEFAULT_HASH from sha1 to sha256
* apparmor restricts read access of user namespace mediation sysctls to root
(LP: #2040194)
- SAUCE: apparmor4.0.0 [82/82]: apparmor: open userns related sysctl so lxc
can check if restriction are in place
* AppArmor spams kernel log with assert when auditing (LP: #2040192)
- SAUCE: apparmor4.0.0 [81/82]: apparmor: fix request field from a prompt
reply that denies all access
* apparmor notification files verification (LP: #2040250)
- SAUCE: apparmor4.0.0 [80/82]: apparmor: fix notification header size
* apparmor oops when racing to retrieve a notification (LP: #2040245)
- SAUCE: apparmor4.0.0 [79/82]: apparmor: fix oops when racing to retrieve
notification
* Disable restricting unprivileged change_profile by default, due to LXD
latest/stable not yet compatible with this new apparmor feature
(LP: #2038567)
- SAUCE: apparmor4.0.0 [78/82]: apparmor: Make
apparmor_restrict_unprivileged_unconfined opt-in
* update apparmor and LSM stacking patch set (LP: #2028253)
- SAUCE: apparmor4.0.0 [01/82]: add/use fns to print hash string hex value
- SAUCE: apparmor4.0.0 [02/82]: rename SK_CTX() to aa_sock and make it an
inline fn
- SAUCE: apparmor4.0.0 [03/82]: patch to provide compatibility with v2.x net
rules
- SAUCE: apparmor4.0.0 [04/82]: add user namespace creation mediation
- SAUCE: apparmor4.0.0 [05/82]: Add sysctls for additional controls of unpriv
userns restrictions
- SAUCE: apparmor4.0.0 [06/82]: af_unix mediation
- SAUCE: apparmor4.0.0 [07/82]: Add fine grained mediation of posix mqueues
- SAUCE: apparmor4.0.0 [08/82]: Stacking v38: LSM: Identify modules by more
than name
- SAUCE: apparmor4.0.0 [09/82]: Stacking v38: LSM: Add an LSM identifier for
external use
- SAUCE: apparmor4.0.0 [10/82]: Stacking v38: LSM: Identify the process
attributes for each module
- SAUCE: apparmor4.0.0 [11/82]: Stacking v38: LSM: Maintain a table of LSM
attribute data
- SAUCE: apparmor4.0.0 [12/82]: Stacking v38: proc: Use lsmids instead of lsm
names for attrs
- SAUCE: apparmor4.0.0 [13/82]: Stacking v38: integrity: disassociate
ima_filter_rule from security_audit_rule
- SAUCE: apparmor4.0.0 [14/82]: Stacking v38: LSM: Infrastructure management
of the sock security
- SAUCE: apparmor4.0.0 [15/82]: Stacking v38: LSM: Add the lsmblob data
structure.
- SAUCE: apparmor4.0.0 [16/82]: Stacking v38: LSM: provide lsm name and id
slot mappings
- SAUCE: apparmor4.0.0 [17/82]: Stacking v38: IMA: avoid label collisions with
stacked LSMs
- SAUCE: apparmor4.0.0 [18/82]: Stacking v38: LSM: Use lsmblob in
security_audit_rule_match
- SAUCE: apparmor4.0.0 [19/82]: Stacking v38: LSM: Use lsmblob in
security_kernel_act_as
- SAUCE: apparmor4.0.0 [20/82]: Stacking v38: LSM: Use lsmblob in
security_secctx_to_secid
- SAUCE: apparmor4.0.0 [21/82]: Stacking v38: LSM: Use lsmblob in
security_secid_to_secctx
- SAUCE: apparmor4.0.0 [22/82]: Stacking v38: LSM: Use lsmblob in
security_ipc_getsecid
- SAUCE: apparmor4.0.0 [23/82]: Stacking v38: LSM: Use lsmblob in
security_current_getsecid
- SAUCE: apparmor4.0.0 [24/82]: Stacking v38: LSM: Use lsmblob in
security_inode_getsecid
- SAUCE: apparmor4.0.0 [25/82]: Stacking v38: LSM: Use lsmblob in
security_cred_getsecid
- SAUCE: apparmor4.0.0 [26/82]: Stacking v38: LSM: Specify which LSM to
display
- SAUCE: apparmor4.0.0 [28/82]: Stacking v38: LSM: Ensure the correct LSM
context releaser
- SAUCE: apparmor4.0.0 [29/82]: Stacking v38: LSM: Use lsmcontext in
security_secid_to_secctx
- SAUCE: apparmor4.0.0 [30/82]: Stacking v38: LSM: Use lsmcontext in
security_inode_getsecctx
- SAUCE: apparmor4.0.0 [31/82]: Stacking v38: Use lsmcontext in
security_dentry_init_security
- SAUCE: apparmor4.0.0 [32/82]: Stacking v38: LSM: security_secid_to_secctx in
netlink netfilter
- SAUCE: apparmor4.0.0 [33/82]: Stacking v38: NET: Store LSM netlabel data in
a lsmblob
- SAUCE: apparmor4.0.0 [34/82]: Stacking v38: binder: Pass LSM identifier for
confirmation
- SAUCE: apparmor4.0.0 [35/82]: Stacking v38: LSM: security_secid_to_secctx
module selection
- SAUCE: apparmor4.0.0 [36/82]: Stacking v38: Audit: Keep multiple LSM data in
audit_names
- SAUCE: apparmor4.0.0 [37/82]: Stacking v38: Audit: Create audit_stamp
structure
- SAUCE: apparmor4.0.0 [38/82]: Stacking v38: LSM: Add a function to report
multiple LSMs
- SAUCE: apparmor4.0.0 [39/82]: Stacking v38: Audit: Allow multiple records in
an audit_buffer
- SAUCE: apparmor4.0.0 [40/82]: Stacking v38: Audit: Add record for multiple
task security contexts
- SAUCE: apparmor4.0.0 [41/82]: Stacking v38: audit: multiple subject lsm
values for netlabel
- SAUCE: apparmor4.0.0 [42/82]: Stacking v38: Audit: Add record for multiple
object contexts
- SAUCE: apparmor4.0.0 [43/82]: Stacking v38: netlabel: Use a struct lsmblob
in audit data
- SAUCE: apparmor4.0.0 [44/82]: Stacking v38: LSM: Removed scaffolding
function lsmcontext_init
- SAUCE: apparmor4.0.0 [45/82]: Stacking v38: AppArmor: Remove the exclusive
flag
- SAUCE: apparmor4.0.0 [46/82]: combine common_audit_data and
apparmor_audit_data
- SAUCE: apparmor4.0.0 [47/82]: setup slab cache for audit data
- SAUCE: apparmor4.0.0 [48/82]: rename audit_data->label to
audit_data->subj_label
- SAUCE: apparmor4.0.0 [49/82]: pass cred through to audit info.
- SAUCE: apparmor4.0.0 [50/82]: Improve debug print infrastructure
- SAUCE: apparmor4.0.0 [51/82]: add the ability for profiles to have a
learning cache
- SAUCE: apparmor4.0.0 [52/82]: enable userspace upcall for mediation
- SAUCE: apparmor4.0.0 [53/82]: cache buffers on percpu list if there is lock
contention
- SAUCE: apparmor4.0.0 [54/82]: advertise availability of exended perms
- SAUCE: apparmor4.0.0 [56/82]: cleanup: provide separate audit messages for
file and policy checks
- SAUCE: apparmor4.0.0 [57/82]: prompt - lock down prompt interface
- SAUCE: apparmor4.0.0 [58/82]: prompt - ref count pdb
- SAUCE: apparmor4.0.0 [59/82]: prompt - allow controlling of caching of a
prompt response
- SAUCE: apparmor4.0.0 [60/82]: prompt - add refcount to audit_node in prep or
reuse and delete
- SAUCE: apparmor4.0.0 [61/82]: prompt - refactor to moving caching to
uresponse
- SAUCE: apparmor4.0.0 [62/82]: prompt - Improve debug statements
- SAUCE: apparmor4.0.0 [63/82]: prompt - fix caching
- SAUCE: apparmor4.0.0 [64/82]: prompt - rework build to use append fn, to
simplify adding strings
- SAUCE: apparmor4.0.0 [65/82]: prompt - refcount notifications
- SAUCE: apparmor4.0.0 [66/82]: prompt - add the ability to reply with a
profile name
- SAUCE: apparmor4.0.0 [67/82]: prompt - fix notification cache when updating
- SAUCE: apparmor4.0.0 [68/82]: prompt - add tailglob on name for cache
support
- SAUCE: apparmor4.0.0 [69/82]: prompt - allow profiles to set prompts as
interruptible
- SAUCE: apparmor4.0.0 [74/82]: advertise disconnected.path is available
- SAUCE: apparmor4.0.0 [75/82]: fix invalid reference on profile->disconnected
- SAUCE: apparmor4.0.0 [76/82]: add io_uring mediation
- SAUCE: apparmor4.0.0 [77/82]: apparmor: Fix regression in mount mediation
* update apparmor and LSM stacking patch set (LP: #2028253) // [FFe]
apparmor-4.0.0-alpha2 for unprivileged user namespace restrictions in mantic
(LP: #2032602)
- SAUCE: apparmor4.0.0 [70/82]: prompt - add support for advanced filtering of
notifications
- SAUCE: apparmor4.0.0 [71/82]: userns - add the ability to reference a global
variable for a feature value
- SAUCE: apparmor4.0.0 [72/82]: userns - make it so special unconfined
profiles can mediate user namespaces
- SAUCE: apparmor4.0.0 [73/82]: userns - allow restricting unprivileged
change_profile
* LSM stacking and AppArmor for 6.2: additional fixes (LP: #2017903) // update
apparmor and LSM stacking patch set (LP: #2028253)
- SAUCE: apparmor4.0.0 [55/82]: fix profile verification and enable it
* udev fails to make prctl() syscall with apparmor=0 (as used by maas by
default) (LP: #2016908) // update apparmor and LSM stacking patch set
(LP: #2028253)
- SAUCE: apparmor4.0.0 [27/82]: Stacking v38: Fix prctl() syscall with
apparmor=0
* Miscellaneous Ubuntu changes
- [Config] SECURITY_APPARMOR_RESTRICT_USERNS=y
[ Ubuntu: 6.6.0-8.8 ]
* mantic/linux-unstable: 6.6.0-8.8 -proposed tracker (LP: #2040243)
* Miscellaneous Ubuntu changes
- abi: gc reference to phy-rtk-usb2/phy-rtk-usb3
[ Ubuntu: 6.6.0-7.7 ]
* mantic/linux-unstable: 6.6.0-7.7 -proposed tracker (LP: #2040147)
* test_021_aslr_dapper_libs from ubuntu_qrt_kernel_security failed on K-5.19 /
J-OEM-6.1 / J-6.2 AMD64 (LP: #1983357)
- [Config]: set ARCH_MMAP_RND_{COMPAT_, }BITS to the maximum
* Miscellaneous Ubuntu changes
- [Config] updateconfigs following v6.6-rc7 rebase
[ Ubuntu: 6.6.0-6.6 ]
* mantic/linux-unstable: 6.6.0-6.6 -proposed tracker (LP: #2039780)
* Miscellaneous Ubuntu changes
- rebase on v6.6-rc6
- [Config] updateconfigs following v6.6-rc6 rebase
[ Upstream Kernel Changes ]
* Rebase to v6.6-rc6
[ Ubuntu: 6.6.0-5.5 ]
* mantic/linux-unstable: 6.6.0-5.5 -proposed tracker (LP: #2038899)
* Miscellaneous Ubuntu changes
- rebase on v6.6-rc5
- [Config] updateconfigs following v6.6-rc5 rebase
[ Upstream Kernel Changes ]
* Rebase to v6.6-rc5
[ Ubuntu: 6.6.0-4.4 ]
* mantic/linux-unstable: 6.6.0-4.4 -proposed tracker (LP: #2038423)
* Miscellaneous Ubuntu changes
- rebase on v6.6-rc4
[ Upstream Kernel Changes ]
* Rebase to v6.6-rc4
[ Ubuntu: 6.6.0-3.3 ]
* mantic/linux-unstable: 6.6.0-3.3 -proposed tracker (LP: #2037622)
* Miscellaneous Ubuntu changes
- [Config] updateconfigs following v6.6-rc3 rebase
* Miscellaneous upstream changes
- Revert "UBUNTU: SAUCE: enforce rust availability only on x86_64"
- arm64: rust: Enable Rust support for AArch64
- arm64: rust: Enable PAC support for Rust.
- arm64: Restrict Rust support to little endian only.
[ Ubuntu: 6.6.0-2.2 ]
* Miscellaneous upstream changes
- UBUBNTU: [Config] build all COMEDI drivers as modules
[ Ubuntu: 6.6.0-1.1 ]
* Miscellaneous Ubuntu changes
- [Packaging] move linux to linux-unstable
- [Packaging] rebase on v6.6-rc1
- [Config] updateconfigs following v6.6-rc1 rebase
- [packaging] skip ABI, modules and retpoline checks
- update dropped.txt
- [Config] SHIFT_FS FTBFS with Linux 6.6, disable it
- [Config] DELL_UART_BACKLIGHT FTBFS with Linux 6.6, disable it
- [Packaging] debian/dkms-versions: temporarily disable dkms
- [Packaging] temporarily disable signing for s390x
[ Upstream Kernel Changes ]
* Rebase to v6.6-rc1
[ Ubuntu: 6.6.0-0.0 ]
* Empty entry
-- Andrea Righi <andrea.righi at canonical.com> Mon, 12 Feb 2024 12:46:57
+0100
** Changed in: linux-aws (Ubuntu Noble)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Package Archive Administrators, which is a bug assignee.
https://bugs.launchpad.net/bugs/2052774
Title:
noble/linux-aws: 6.8.0-1001.1 -proposed tracker
To manage notifications about this bug go to:
https://bugs.launchpad.net/canonical-signing-jobs/task00/+bug/2052774/+subscriptions
More information about the ubuntu-archive
mailing list