linux-gke 5.4.0-1065.68 source package in Ubuntu

Changelog

linux-gke (5.4.0-1065.68) focal; urgency=medium

  * Disable unprivileged BPF by default (LP: #1961338)
    - [Config] gke: Enable CONFIG_BPF_UNPRIV_DEFAULT_OFF

  [ Ubuntu: 5.4.0-103.117 ]

  * CVE-2022-23960
    - arm64: Add part number for Arm Cortex-A77
    - arm64: Add Neoverse-N2, Cortex-A710 CPU part definition
    - arm64: Add Cortex-X2 CPU part definition
    - arm64: add ID_AA64ISAR2_EL1 sys register
    - SAUCE: arm64: entry.S: Add ventry overflow sanity checks
    - SAUCE: arm64: entry: Make the trampoline cleanup optional
    - SAUCE: arm64: entry: Free up another register on kpti's tramp_exit path
    - SAUCE: arm64: entry: Move the trampoline data page before the text page
    - SAUCE: arm64: entry: Allow tramp_alias to access symbols after the 4K
      boundary
    - SAUCE: arm64: entry: Don't assume tramp_vectors is the start of the vectors
    - SAUCE: arm64: entry: Move trampoline macros out of ifdef'd section
    - SAUCE: arm64: entry: Make the kpti trampoline's kpti sequence optional
    - SAUCE: arm64: entry: Allow the trampoline text to occupy multiple pages
    - SAUCE: arm64: entry: Add non-kpti __bp_harden_el1_vectors for mitigations
    - SAUCE: arm64: entry: Add vectors that have the bhb mitigation sequences
    - SAUCE: arm64: entry: Add macro for reading symbol addresses from the
      trampoline
    - SAUCE: arm64: Add percpu vectors for EL1
    - SAUCE: arm64: proton-pack: Report Spectre-BHB vulnerabilities as part of
      Spectre-v2
    - SAUCE: KVM: arm64: Add templates for BHB mitigation sequences
    - SAUCE: arm64: Mitigate spectre style branch history side channels
    - SAUCE: KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered and
      migrated
    - SAUCE: arm64: Use the clearbhb instruction in mitigations
    - [Config]: set CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY=y
  * CVE-2022-25636
    - netfilter: nf_tables_offload: incorrect flow offload action array size
  * CVE-2022-0001
    - x86/speculation: Merge one test in spectre_v2_user_select_mitigation()
    - x86,bugs: Unconditionally allow spectre_v2=retpoline,amd
    - SAUCE: x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE
    - SAUCE: x86/speculation: Add eIBRS + Retpoline options
    - SAUCE: Documentation/hw-vuln: Update spectre doc
  * Disable unprivileged BPF by default (LP: #1961338)
    - bpf: Add kconfig knob for disabling unpriv bpf by default
    - [Config] set CONFIG_BPF_UNPRIV_DEFAULT_OFF=y

 -- Stefan Bader <email address hidden>  Wed, 02 Mar 2022 15:44:28 +0100

Upload details

Uploaded by:
Stefan Bader
Uploaded to:
Focal
Original maintainer:
Ubuntu Kernel Team
Architectures:
amd64
Section:
devel
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Builds

Focal: [FULLYBUILT] amd64

Downloads

File Size SHA-256 Checksum
linux-gke_5.4.0.orig.tar.gz 162.4 MiB 805f3ed93854317814c59caf2dbfd2097745685f95c8c18b509c9347dcc7d51f
linux-gke_5.4.0-1065.68.diff.gz 9.0 MiB c9fd3fe7af05ec35b48bf3573ae0fe6aee90f41fc5b22c6fb16d5b2a1994d43d
linux-gke_5.4.0-1065.68.dsc 3.7 KiB 0eb28f7d7caf98e01d20363abb27472d5244d488f6f3fcd8d802cfddae8a5adc

View changes file

Binary packages built by this source

linux-buildinfo-5.4.0-1065-gke: Linux kernel buildinfo for version 5.4.0 on 64 bit x86 SMP

 This package contains the Linux kernel buildinfo for version 5.4.0 on
 64 bit x86 SMP.
 .
 You likely do not want to install this package.

linux-gke-headers-5.4.0-1065: Header files related to Linux kernel version 5.4.0

 This package provides kernel header files for version 5.4.0, for sites
 that want the latest kernel headers. Please read
 /usr/share/doc/linux-gke-headers-5.4.0-1065/debian.README.gz for details

linux-gke-tools-5.4.0-1065: Linux kernel version specific tools for version 5.4.0-1065

 This package provides the architecture dependant parts for kernel
 version locked tools (such as perf and x86_energy_perf_policy) for
 version 5.4.0-1065 on
 64 bit x86.
 You probably want to install linux-tools-5.4.0-1065-<flavour>.

linux-headers-5.4.0-1065-gke: Linux kernel headers for version 5.4.0 on 64 bit x86 SMP

 This package provides kernel header files for version 5.4.0 on
 64 bit x86 SMP.
 .
 This is for sites that want the latest kernel headers. Please read
 /usr/share/doc/linux-headers-5.4.0-1065/debian.README.gz for details.

linux-image-unsigned-5.4.0-1065-gke: Linux kernel image for version 5.4.0 on 64 bit x86 SMP

 This package contains the unsigned Linux kernel image for version 5.4.0 on
 64 bit x86 SMP.
 .
 Supports amd64 processors.
 .
 Geared toward GKE systems.
 .
 You likely do not want to install this package directly. Instead, install
 the linux-gke meta-package, which will ensure that upgrades work
 correctly, and that supporting packages are also installed.

linux-image-unsigned-5.4.0-1065-gke-dbgsym: Linux kernel debug image for version 5.4.0 on 64 bit x86 SMP

 This package provides the unsigned kernel debug image for version 5.4.0 on
 64 bit x86 SMP.
 .
 This is for sites that wish to debug the kernel.
 .
 The kernel image contained in this package is NOT meant to boot from. It
 is uncompressed, and unstripped. This package also includes the
 unstripped modules.

linux-modules-5.4.0-1065-gke: Linux kernel extra modules for version 5.4.0 on 64 bit x86 SMP

 Contains the corresponding System.map file, the modules built by the
 packager, and scripts that try to ensure that the system is not left in an
 unbootable state after an update.
 .
 Supports amd64 processors.
 .
 Geared toward GKE systems.
 .
 You likely do not want to install this package directly. Instead, install
 the linux-gke meta-package, which will ensure that upgrades work
 correctly, and that supporting packages are also installed.

linux-modules-extra-5.4.0-1065-gke: Linux kernel extra modules for version 5.4.0 on 64 bit x86 SMP

 This package contains the Linux kernel extra modules for version 5.4.0 on
 64 bit x86 SMP.
 .
 Also includes the corresponding System.map file, the modules built by the
 packager, and scripts that try to ensure that the system is not left in an
 unbootable state after an update.
 .
 Supports amd64 processors.
 .
 Geared toward GKE systems.
 .
 You likely do not want to install this package directly. Instead, install
 the linux-gke meta-package, which will ensure that upgrades work
 correctly, and that supporting packages are also installed.

linux-tools-5.4.0-1065-gke: Linux kernel version specific tools for version 5.4.0-1065

 This package provides the architecture dependant parts for kernel
 version locked tools (such as perf and x86_energy_perf_policy) for
 version 5.4.0-1065 on
 64 bit x86.