Format: 1.8
Date: Wed, 27 Mar 2024 10:37:03 +0100
Source: linux
Built-For-Profiles: noudeb
Architecture: source
Version: 6.8.0-21.21+arighi9
Distribution: noble
Urgency: medium
Maintainer: Ubuntu Kernel Team <kernel-team@lists.ubuntu.com>
Changed-By: Andrea Righi <andrea.righi@canonical.com>
Launchpad-Bugs-Fixed: 2028253 2032602 2049793 2051560 2051835 2056716 2059080
Changes:
 linux (6.8.0-21.21+arighi9) noble; urgency=medium
 .
   * Add Real-time Linux Analysis tool (rtla) to linux-tools (LP: #2059080)
     - [Packaging] add Real-time Linux Analysis tool (rtla) to linux-tools
 .
   * Provide python perf module (LP: #2051560)
     - [Packaging] enable perf python module
     - [Packaging] provide a wrapper module for python-perf
 .
   * update apparmor and LSM stacking patch set (LP: #2028253)
     - SAUCE: apparmor4.0.0 [01/90]: LSM stacking v39: integrity: disassociate
       ima_filter_rule from security_audit_rule
     - SAUCE: apparmor4.0.0 [02/90]: LSM stacking v39: SM: Infrastructure
       management of the sock security
     - SAUCE: apparmor4.0.0 [03/90]: LSM stacking v39: LSM: Add the lsmblob data
       structure.
     - SAUCE: apparmor4.0.0 [04/90]: LSM stacking v39: IMA: avoid label collisions
       with stacked LSMs
     - SAUCE: apparmor4.0.0 [05/90]: LSM stacking v39: LSM: Use lsmblob in
       security_audit_rule_match
     - SAUCE: apparmor4.0.0 [06/90]: LSM stacking v39: LSM: Add lsmblob_to_secctx
       hook
     - SAUCE: apparmor4.0.0 [07/90]: LSM stacking v39: Audit: maintain an lsmblob
       in audit_context
     - SAUCE: apparmor4.0.0 [08/90]: LSM stacking v39: LSM: Use lsmblob in
       security_ipc_getsecid
     - SAUCE: apparmor4.0.0 [09/90]: LSM stacking v39: Audit: Update shutdown LSM
       data
     - SAUCE: apparmor4.0.0 [10/90]: LSM stacking v39: LSM: Use lsmblob in
       security_current_getsecid
     - SAUCE: apparmor4.0.0 [11/90]: LSM stacking v39: LSM: Use lsmblob in
       security_inode_getsecid
     - SAUCE: apparmor4.0.0 [12/90]: LSM stacking v39: Audit: use an lsmblob in
       audit_names
     - SAUCE: apparmor4.0.0 [13/90]: LSM stacking v39: LSM: Create new
       security_cred_getlsmblob LSM hook
     - SAUCE: apparmor4.0.0 [14/90]: LSM stacking v39: Audit: Change context data
       from secid to lsmblob
     - SAUCE: apparmor4.0.0 [15/90]: LSM stacking v39: Netlabel: Use lsmblob for
       audit data
     - SAUCE: apparmor4.0.0 [16/90]: LSM stacking v39: LSM: Ensure the correct LSM
       context releaser
     - SAUCE: apparmor4.0.0 [17/90]: LSM stacking v39: LSM: Use lsmcontext in
       security_secid_to_secctx
     - SAUCE: apparmor4.0.0 [18/90]: LSM stacking v39: LSM: Use lsmcontext in
       security_lsmblob_to_secctx
     - SAUCE: apparmor4.0.0 [19/90]: LSM stacking v39: LSM: Use lsmcontext in
       security_inode_getsecctx
     - SAUCE: apparmor4.0.0 [20/90]: LSM stacking v39: LSM: Use lsmcontext in
       security_dentry_init_security
     - SAUCE: apparmor4.0.0 [21/90]: LSM stacking v39: LSM:
       security_lsmblob_to_secctx module selection
     - SAUCE: apparmor4.0.0 [22/90]: LSM stacking v39: Audit: Create audit_stamp
       structure
     - SAUCE: apparmor4.0.0 [23/90]: LSM stacking v39: Audit: Allow multiple
       records in an audit_buffer
     - SAUCE: apparmor4.0.0 [24/90]: LSM stacking v39: Audit: Add record for
       multiple task security contexts
     - SAUCE: apparmor4.0.0 [25/90]: LSM stacking v39: audit: multiple subject lsm
       values for netlabel
     - SAUCE: apparmor4.0.0 [26/90]: LSM stacking v39: Audit: Add record for
       multiple object contexts
     - SAUCE: apparmor4.0.0 [27/90]: LSM stacking v39: LSM: Remove unused
       lsmcontext_init()
     - SAUCE: apparmor4.0.0 [28/90]: LSM stacking v39: LSM: Improve logic in
       security_getprocattr
     - SAUCE: apparmor4.0.0 [29/90]: LSM stacking v39: LSM: secctx provider check
       on release
     - SAUCE: apparmor4.0.0 [31/90]: LSM stacking v39: LSM: Exclusive secmark usage
     - SAUCE: apparmor4.0.0 [32/90]: LSM stacking v39: LSM: Identify which LSM
       handles the context string
     - SAUCE: apparmor4.0.0 [33/90]: LSM stacking v39: AppArmor: Remove the
       exclusive flag
     - SAUCE: apparmor4.0.0 [34/90]: LSM stacking v39: LSM: Add mount opts blob
       size tracking
     - SAUCE: apparmor4.0.0 [35/90]: LSM stacking v39: LSM: allocate mnt_opts blobs
       instead of module specific data
     - SAUCE: apparmor4.0.0 [36/90]: LSM stacking v39: LSM: Infrastructure
       management of the key security blob
     - SAUCE: apparmor4.0.0 [37/90]: LSM stacking v39: LSM: Infrastructure
       management of the mnt_opts security blob
     - SAUCE: apparmor4.0.0 [38/90]: LSM stacking v39: LSM: Correct handling of
       ENOSYS in inode_setxattr
     - SAUCE: apparmor4.0.0 [39/90]: LSM stacking v39: LSM: Remove lsmblob
       scaffolding
     - SAUCE: apparmor4.0.0 [40/90]: LSM stacking v39: LSM: Allow reservation of
       netlabel
     - SAUCE: apparmor4.0.0 [41/90]: LSM stacking v39: LSM: restrict
       security_cred_getsecid() to a single LSM
     - SAUCE: apparmor4.0.0 [42/90]: LSM stacking v39: Smack: Remove
       LSM_FLAG_EXCLUSIVE
     - SAUCE: apparmor4.0.0 [43/90]: LSM stacking v39: UBUNTU: SAUCE: apparmor4.0.0
       [12/95]: add/use fns to print hash string hex value
     - SAUCE: apparmor4.0.0 [44/90]: patch to provide compatibility with v2.x net
       rules
     - SAUCE: apparmor4.0.0 [45/90]: add unpriviled user ns mediation
     - SAUCE: apparmor4.0.0 [46/90]: Add sysctls for additional controls of unpriv
       userns restrictions
     - SAUCE: apparmor4.0.0 [47/90]: af_unix mediation
     - SAUCE: apparmor4.0.0 [48/90]: Add fine grained mediation of posix mqueues
     - SAUCE: apparmor4.0.0 [49/90]: setup slab cache for audit data
     - SAUCE: apparmor4.0.0 [50/90]: Improve debug print infrastructure
     - SAUCE: apparmor4.0.0 [51/90]: add the ability for profiles to have a
       learning cache
     - SAUCE: apparmor4.0.0 [52/90]: enable userspace upcall for mediation
     - SAUCE: apparmor4.0.0 [53/90]: prompt - lock down prompt interface
     - SAUCE: apparmor4.0.0 [54/90]: prompt - allow controlling of caching of a
       prompt response
     - SAUCE: apparmor4.0.0 [55/90]: prompt - add refcount to audit_node in prep or
       reuse and delete
     - SAUCE: apparmor4.0.0 [56/90]: prompt - refactor to moving caching to
       uresponse
     - SAUCE: apparmor4.0.0 [57/90]: prompt - Improve debug statements
     - SAUCE: apparmor4.0.0 [58/90]: prompt - fix caching
     - SAUCE: apparmor4.0.0 [59/90]: prompt - rework build to use append fn, to
       simplify adding strings
     - SAUCE: apparmor4.0.0 [60/90]: prompt - refcount notifications
     - SAUCE: apparmor4.0.0 [61/90]: prompt - add the ability to reply with a
       profile name
     - SAUCE: apparmor4.0.0 [62/90]: prompt - fix notification cache when updating
     - SAUCE: apparmor4.0.0 [63/90]: prompt - add tailglob on name for cache
       support
     - SAUCE: apparmor4.0.0 [64/90]: prompt - allow profiles to set prompts as
       interruptible
     - SAUCE: apparmor4.0.0 [65/90] v6.8 prompt:fixup interruptible
     - SAUCE: apparmor4.0.0 [69/90]: add io_uring mediation
     - SAUCE: apparmor4.0.0 [70/90]: apparmor: fix oops when racing to retrieve
       notification
     - SAUCE: apparmor4.0.0 [71/90]: apparmor: fix notification header size
     - SAUCE: apparmor4.0.0 [72/90]: apparmor: fix request field from a prompt
       reply that denies all access
     - SAUCE: apparmor4.0.0 [73/90]: apparmor: open userns related sysctl so lxc
       can check if restriction are in place
     - SAUCE: apparmor4.0.0 [74/90]: apparmor: cleanup attachment perm lookup to
       use lookup_perms()
     - SAUCE: apparmor4.0.0 [75/90]: apparmor: remove redundant unconfined check.
     - SAUCE: apparmor4.0.0 [76/90]: apparmor: switch signal mediation to using
       RULE_MEDIATES
     - SAUCE: apparmor4.0.0 [77/90]: apparmor: ensure labels with more than one
       entry have correct flags
     - SAUCE: apparmor4.0.0 [78/90]: apparmor: remove explicit restriction that
       unconfined cannot use change_hat
     - SAUCE: apparmor4.0.0 [79/90]: apparmor: cleanup: refactor file_perm() to
       provide semantics of some checks
     - SAUCE: apparmor4.0.0 [80/90]: apparmor: carry mediation check on label
     - SAUCE: apparmor4.0.0 [81/90]: apparmor: convert easy uses of unconfined() to
       label_mediates()
     - SAUCE: apparmor4.0.0 [82/90]: apparmor: add additional flags to extended
       permission.
     - SAUCE: apparmor4.0.0 [83/90]: apparmor: add support for profiles to define
       the kill signal
     - SAUCE: apparmor4.0.0 [84/90]: apparmor: fix x_table_lookup when stacking is
       not the first entry
     - SAUCE: apparmor4.0.0 [85/90]: apparmor: allow profile to be transitioned
       when a user ns is created
     - SAUCE: apparmor4.0.0 [86/90]: apparmor: add ability to mediate caps with
       policy state machine
     - SAUCE: apparmor4.0.0 [87/90]: fixup notify
     - SAUCE: apparmor4.0.0 [88/90]: apparmor: add fine grained ipv4/ipv6 mediation
     - SAUCE: apparmor4.0.0 [89/90]:apparmor: disable tailglob responses for now
     - SAUCE: apparmor4.0.0 [90/90]: apparmor: Fix notify build warnings
     - SAUCE: apparmor4.0.0: fix reserved mem for when we save ipv6 addresses
     - [Config] disable CONFIG_SECURITY_APPARMOR_RESTRICT_USERNS
 .
   * update apparmor and LSM stacking patch set (LP: #2028253) // [FFe]
     apparmor-4.0.0-alpha2 for unprivileged user namespace restrictions in mantic
     (LP: #2032602)
     - SAUCE: apparmor4.0.0 [66/90]: prompt - add support for advanced filtering of
       notifications
     - SAUCE: apparmor4.0.0 [67/90]: userns - add the ability to reference a global
       variable for a feature value
     - SAUCE: apparmor4.0.0 [68/90]: userns - make it so special unconfined
       profiles can mediate user namespaces
 .
   * [24.04 FEAT] Memory hotplug vmem pages (s390x) (LP: #2051835)
     - mm/memory_hotplug: introduce MEM_PREPARE_ONLINE/MEM_FINISH_OFFLINE notifiers
     - s390/mm: allocate vmemmap pages from self-contained memory range
     - s390/sclp: remove unhandled memory notifier type
     - s390/mm: implement MEM_PREPARE_ONLINE/MEM_FINISH_OFFLINE notifiers
     - s390: enable MHP_MEMMAP_ON_MEMORY
     - [Config] enable CONFIG_ARCH_MHP_MEMMAP_ON_MEMORY_ENABLE and
       CONFIG_MHP_MEMMAP_ON_MEMORY for s390x
 .
   * To support AMD Adaptive Backlight Management (ABM) for power profiles daemon
     >= 2.0 (LP: #2056716)
     - drm/amd/display: add panel_power_savings sysfs entry to eDP connectors
     - drm/amdgpu: respect the abmlevel module parameter value if it is set
 .
   * [MTL] x86: Fix Cache info sysfs is not populated (LP: #2049793)
     - SAUCE: cacheinfo: Check for null last-level cache info
     - SAUCE: cacheinfo: Allocate memory for memory if not done from the primary
       CPU
     - SAUCE: x86/cacheinfo: Delete global num_cache_leaves
     - SAUCE: x86/cacheinfo: Clean out init_cache_level()
 .
   * Miscellaneous Ubuntu changes
     - SAUCE: apparmor4.0.0: LSM stacking v39: fix build error with
       CONFIG_SECURITY=n
 .
   * Miscellaneous upstream changes
     - fixup
Checksums-Sha1:
 5fe0fc97be9ec95c6e2712f1585a4aafb915d068 8561 linux_6.8.0-21.21+arighi9.dsc
 0bc4bf5ae31af5eaae3993b44394c6181720e649 1133586 linux_6.8.0-21.21+arighi9.diff.gz
 84a7e1b1965a3eba8f18229964084db53305487d 10410 linux_6.8.0-21.21+arighi9_source.buildinfo
Checksums-Sha256:
 24b3fb8d8524057e5b7c5abfe9ba99e5c49e63be9b175fdb77a0c9fbea9877ca 8561 linux_6.8.0-21.21+arighi9.dsc
 e70149b42b2b4fe677f02fdc700ddd6a07b124260339b2d32e23bdfec2a7264a 1133586 linux_6.8.0-21.21+arighi9.diff.gz
 7bb3dc512de21118d60ec85746ac61f340f7876373d4c81020a276f830665a60 10410 linux_6.8.0-21.21+arighi9_source.buildinfo
Files:
 df31e48472a5d10398782a3d7a63618e 8561 devel optional linux_6.8.0-21.21+arighi9.dsc
 8051231d32a5a475c75eb0660ec7b5c7 1133586 devel optional linux_6.8.0-21.21+arighi9.diff.gz
 399618d3b9b9a609ca701bd0ef977351 10410 devel optional linux_6.8.0-21.21+arighi9_source.buildinfo
Ubuntu-Compatible-Signing: ubuntu/4 pro/3