linux-gke 5.4.0-1065.68 source package in Ubuntu
Changelog
linux-gke (5.4.0-1065.68) focal; urgency=medium * Disable unprivileged BPF by default (LP: #1961338) - [Config] gke: Enable CONFIG_BPF_UNPRIV_DEFAULT_OFF [ Ubuntu: 5.4.0-103.117 ] * CVE-2022-23960 - arm64: Add part number for Arm Cortex-A77 - arm64: Add Neoverse-N2, Cortex-A710 CPU part definition - arm64: Add Cortex-X2 CPU part definition - arm64: add ID_AA64ISAR2_EL1 sys register - SAUCE: arm64: entry.S: Add ventry overflow sanity checks - SAUCE: arm64: entry: Make the trampoline cleanup optional - SAUCE: arm64: entry: Free up another register on kpti's tramp_exit path - SAUCE: arm64: entry: Move the trampoline data page before the text page - SAUCE: arm64: entry: Allow tramp_alias to access symbols after the 4K boundary - SAUCE: arm64: entry: Don't assume tramp_vectors is the start of the vectors - SAUCE: arm64: entry: Move trampoline macros out of ifdef'd section - SAUCE: arm64: entry: Make the kpti trampoline's kpti sequence optional - SAUCE: arm64: entry: Allow the trampoline text to occupy multiple pages - SAUCE: arm64: entry: Add non-kpti __bp_harden_el1_vectors for mitigations - SAUCE: arm64: entry: Add vectors that have the bhb mitigation sequences - SAUCE: arm64: entry: Add macro for reading symbol addresses from the trampoline - SAUCE: arm64: Add percpu vectors for EL1 - SAUCE: arm64: proton-pack: Report Spectre-BHB vulnerabilities as part of Spectre-v2 - SAUCE: KVM: arm64: Add templates for BHB mitigation sequences - SAUCE: arm64: Mitigate spectre style branch history side channels - SAUCE: KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered and migrated - SAUCE: arm64: Use the clearbhb instruction in mitigations - [Config]: set CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY=y * CVE-2022-25636 - netfilter: nf_tables_offload: incorrect flow offload action array size * CVE-2022-0001 - x86/speculation: Merge one test in spectre_v2_user_select_mitigation() - x86,bugs: Unconditionally allow spectre_v2=retpoline,amd - SAUCE: x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE - SAUCE: x86/speculation: Add eIBRS + Retpoline options - SAUCE: Documentation/hw-vuln: Update spectre doc * Disable unprivileged BPF by default (LP: #1961338) - bpf: Add kconfig knob for disabling unpriv bpf by default - [Config] set CONFIG_BPF_UNPRIV_DEFAULT_OFF=y -- Stefan Bader <email address hidden> Wed, 02 Mar 2022 15:44:28 +0100
Upload details
- Uploaded by:
- Stefan Bader
- Uploaded to:
- Focal
- Original maintainer:
- Ubuntu Kernel Team
- Architectures:
- amd64
- Section:
- devel
- Urgency:
- Medium Urgency
See full publishing history Publishing
Series | Published | Component | Section |
---|
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
linux-gke_5.4.0.orig.tar.gz | 162.4 MiB | 805f3ed93854317814c59caf2dbfd2097745685f95c8c18b509c9347dcc7d51f |
linux-gke_5.4.0-1065.68.diff.gz | 9.0 MiB | c9fd3fe7af05ec35b48bf3573ae0fe6aee90f41fc5b22c6fb16d5b2a1994d43d |
linux-gke_5.4.0-1065.68.dsc | 3.7 KiB | 0eb28f7d7caf98e01d20363abb27472d5244d488f6f3fcd8d802cfddae8a5adc |
Available diffs
Binary packages built by this source
- linux-buildinfo-5.4.0-1065-gke: Linux kernel buildinfo for version 5.4.0 on 64 bit x86 SMP
This package contains the Linux kernel buildinfo for version 5.4.0 on
64 bit x86 SMP.
.
You likely do not want to install this package.
- linux-gke-headers-5.4.0-1065: Header files related to Linux kernel version 5.4.0
This package provides kernel header files for version 5.4.0, for sites
that want the latest kernel headers. Please read
/usr/share/doc/linux- gke-headers- 5.4.0-1065/ debian. README. gz for details
- linux-gke-tools-5.4.0-1065: Linux kernel version specific tools for version 5.4.0-1065
This package provides the architecture dependant parts for kernel
version locked tools (such as perf and x86_energy_perf_policy) for
version 5.4.0-1065 on
64 bit x86.
You probably want to install linux-tools-5.4.0-1065- <flavour> .
- linux-headers-5.4.0-1065-gke: Linux kernel headers for version 5.4.0 on 64 bit x86 SMP
This package provides kernel header files for version 5.4.0 on
64 bit x86 SMP.
.
This is for sites that want the latest kernel headers. Please read
/usr/share/doc/linux- headers- 5.4.0-1065/ debian. README. gz for details.
- linux-image-unsigned-5.4.0-1065-gke: Linux kernel image for version 5.4.0 on 64 bit x86 SMP
This package contains the unsigned Linux kernel image for version 5.4.0 on
64 bit x86 SMP.
.
Supports amd64 processors.
.
Geared toward GKE systems.
.
You likely do not want to install this package directly. Instead, install
the linux-gke meta-package, which will ensure that upgrades work
correctly, and that supporting packages are also installed.
- linux-image-unsigned-5.4.0-1065-gke-dbgsym: Linux kernel debug image for version 5.4.0 on 64 bit x86 SMP
This package provides the unsigned kernel debug image for version 5.4.0 on
64 bit x86 SMP.
.
This is for sites that wish to debug the kernel.
.
The kernel image contained in this package is NOT meant to boot from. It
is uncompressed, and unstripped. This package also includes the
unstripped modules.
- linux-modules-5.4.0-1065-gke: Linux kernel extra modules for version 5.4.0 on 64 bit x86 SMP
Contains the corresponding System.map file, the modules built by the
packager, and scripts that try to ensure that the system is not left in an
unbootable state after an update.
.
Supports amd64 processors.
.
Geared toward GKE systems.
.
You likely do not want to install this package directly. Instead, install
the linux-gke meta-package, which will ensure that upgrades work
correctly, and that supporting packages are also installed.
- linux-modules-extra-5.4.0-1065-gke: Linux kernel extra modules for version 5.4.0 on 64 bit x86 SMP
This package contains the Linux kernel extra modules for version 5.4.0 on
64 bit x86 SMP.
.
Also includes the corresponding System.map file, the modules built by the
packager, and scripts that try to ensure that the system is not left in an
unbootable state after an update.
.
Supports amd64 processors.
.
Geared toward GKE systems.
.
You likely do not want to install this package directly. Instead, install
the linux-gke meta-package, which will ensure that upgrades work
correctly, and that supporting packages are also installed.
- linux-tools-5.4.0-1065-gke: Linux kernel version specific tools for version 5.4.0-1065
This package provides the architecture dependant parts for kernel
version locked tools (such as perf and x86_energy_perf_policy) for
version 5.4.0-1065 on
64 bit x86.