Format: 1.8 Date: Fri, 09 Feb 2024 18:08:28 +0100 Source: linux-ibm Binary: linux-buildinfo-6.8.0-1001-ibm linux-headers-6.8.0-1001-ibm linux-ibm-cloud-tools-common linux-ibm-headers-6.8.0-1001 linux-ibm-source-6.8.0 linux-ibm-tools-6.8.0-1001 linux-ibm-tools-common linux-image-unsigned-6.8.0-1001-ibm linux-modules-6.8.0-1001-ibm linux-modules-extra-6.8.0-1001-ibm linux-modules-iwlwifi-6.8.0-1001-ibm linux-tools-6.8.0-1001-ibm Built-For-Profiles: noudeb Architecture: amd64 all amd64_translations Version: 6.8.0-1001.1 Distribution: noble Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Paolo Pisati Description: linux-buildinfo-6.8.0-1001-ibm - Linux kernel buildinfo for version 6.8.0 on 64 bit x86 SMP linux-headers-6.8.0-1001-ibm - Linux kernel headers for version 6.8.0 on 64 bit x86 SMP linux-ibm-cloud-tools-common - Linux kernel version specific cloud tools for version 6.8.0 linux-ibm-headers-6.8.0-1001 - Header files related to Linux kernel version 6.8.0 linux-ibm-source-6.8.0 - Linux kernel source for version 6.8.0 with Ubuntu patches linux-ibm-tools-6.8.0-1001 - Linux kernel version specific tools for version 6.8.0-1001 linux-ibm-tools-common - Linux kernel version specific tools for version 6.8.0 linux-image-unsigned-6.8.0-1001-ibm - Linux kernel image for version 6.8.0 on 64 bit x86 SMP linux-modules-6.8.0-1001-ibm - Linux kernel extra modules for version 6.8.0 on 64 bit x86 SMP linux-modules-extra-6.8.0-1001-ibm - Linux kernel extra modules for version 6.8.0 on 64 bit x86 SMP linux-modules-iwlwifi-6.8.0-1001-ibm - Linux kernel iwlwifi modules for version 6.8.0-1001 linux-tools-6.8.0-1001-ibm - Linux kernel version specific tools for version 6.8.0-1001 Launchpad-Bugs-Fixed: 1786013 1945989 1965303 1967130 1975592 1983357 1990064 2002226 2008882 2013232 2016908 2017903 2019040 2021364 2028253 2030525 2031412 2032602 2033406 2034061 2035971 2036587 2036968 2037398 2037622 2038423 2038567 2038582 2038584 2038587 2038899 2039439 2039780 2040147 2040192 2040194 2040243 2040245 2040250 2041735 2041852 2042385 2042853 2042897 2043088 2043480 2043664 2044069 2044512 2045069 2045107 2045492 2045562 2045593 2046040 2046060 2046192 2046440 2047807 2048118 2048859 2048919 2049082 2049182 2049357 2051102 2051110 2051468 2051488 2051502 2052136 2052453 2052592 2052691 2052778 Changes: linux-ibm (6.8.0-1001.1) noble; urgency=medium . * noble/linux-ibm: 6.8.0-1001.1 -proposed tracker (LP: #2052778) . * Packaging resync (LP: #1786013) - debian.ibm/dkms-versions -- update from kernel-versions (main/d2024.02.07) . * Miscellaneous Ubuntu changes - [packaging] update rust, clang and bindgen build-deps - [Config] updateconfigs following 6.8.0-7.7 rebase . [ Ubuntu: 6.8.0-7.7 ] . * noble/linux: 6.8.0-7.7 -proposed tracker (LP: #2052691) * update apparmor and LSM stacking patch set (LP: #2028253) - SAUCE: apparmor4.0.0 [01/87]: LSM stacking v39: integrity: disassociate ima_filter_rule from security_audit_rule - SAUCE: apparmor4.0.0 [02/87]: LSM stacking v39: SM: Infrastructure management of the sock security - SAUCE: apparmor4.0.0 [03/87]: LSM stacking v39: LSM: Add the lsmblob data structure. - SAUCE: apparmor4.0.0 [04/87]: LSM stacking v39: IMA: avoid label collisions with stacked LSMs - SAUCE: apparmor4.0.0 [05/87]: LSM stacking v39: LSM: Use lsmblob in security_audit_rule_match - SAUCE: apparmor4.0.0 [06/87]: LSM stacking v39: LSM: Add lsmblob_to_secctx hook - SAUCE: apparmor4.0.0 [07/87]: LSM stacking v39: Audit: maintain an lsmblob in audit_context - SAUCE: apparmor4.0.0 [08/87]: LSM stacking v39: LSM: Use lsmblob in security_ipc_getsecid - SAUCE: apparmor4.0.0 [09/87]: LSM stacking v39: Audit: Update shutdown LSM data - SAUCE: apparmor4.0.0 [10/87]: LSM stacking v39: LSM: Use lsmblob in security_current_getsecid - SAUCE: apparmor4.0.0 [11/87]: LSM stacking v39: LSM: Use lsmblob in security_inode_getsecid - SAUCE: apparmor4.0.0 [12/87]: LSM stacking v39: Audit: use an lsmblob in audit_names - SAUCE: apparmor4.0.0 [13/87]: LSM stacking v39: LSM: Create new security_cred_getlsmblob LSM hook - SAUCE: apparmor4.0.0 [14/87]: LSM stacking v39: Audit: Change context data from secid to lsmblob - SAUCE: apparmor4.0.0 [15/87]: LSM stacking v39: Netlabel: Use lsmblob for audit data - SAUCE: apparmor4.0.0 [16/87]: LSM stacking v39: LSM: Ensure the correct LSM context releaser - SAUCE: apparmor4.0.0 [17/87]: LSM stacking v39: LSM: Use lsmcontext in security_secid_to_secctx - SAUCE: apparmor4.0.0 [18/87]: LSM stacking v39: LSM: Use lsmcontext in security_lsmblob_to_secctx - SAUCE: apparmor4.0.0 [19/87]: LSM stacking v39: LSM: Use lsmcontext in security_inode_getsecctx - SAUCE: apparmor4.0.0 [20/87]: LSM stacking v39: LSM: Use lsmcontext in security_dentry_init_security - SAUCE: apparmor4.0.0 [21/87]: LSM stacking v39: LSM: security_lsmblob_to_secctx module selection - SAUCE: apparmor4.0.0 [22/87]: LSM stacking v39: Audit: Create audit_stamp structure - SAUCE: apparmor4.0.0 [23/87]: LSM stacking v39: Audit: Allow multiple records in an audit_buffer - SAUCE: apparmor4.0.0 [24/87]: LSM stacking v39: Audit: Add record for multiple task security contexts - SAUCE: apparmor4.0.0 [25/87]: LSM stacking v39: audit: multiple subject lsm values for netlabel - SAUCE: apparmor4.0.0 [26/87]: LSM stacking v39: Audit: Add record for multiple object contexts - SAUCE: apparmor4.0.0 [27/87]: LSM stacking v39: LSM: Remove unused lsmcontext_init() - SAUCE: apparmor4.0.0 [28/87]: LSM stacking v39: LSM: Improve logic in security_getprocattr - SAUCE: apparmor4.0.0 [29/87]: LSM stacking v39: LSM: secctx provider check on release - SAUCE: apparmor4.0.0 [31/87]: LSM stacking v39: LSM: Exclusive secmark usage - SAUCE: apparmor4.0.0 [32/87]: LSM stacking v39: LSM: Identify which LSM handles the context string - SAUCE: apparmor4.0.0 [33/87]: LSM stacking v39: AppArmor: Remove the exclusive flag - SAUCE: apparmor4.0.0 [34/87]: LSM stacking v39: LSM: Add mount opts blob size tracking - SAUCE: apparmor4.0.0 [35/87]: LSM stacking v39: LSM: allocate mnt_opts blobs instead of module specific data - SAUCE: apparmor4.0.0 [36/87]: LSM stacking v39: LSM: Infrastructure management of the key security blob - SAUCE: apparmor4.0.0 [37/87]: LSM stacking v39: LSM: Infrastructure management of the mnt_opts security blob - SAUCE: apparmor4.0.0 [38/87]: LSM stacking v39: LSM: Correct handling of ENOSYS in inode_setxattr - SAUCE: apparmor4.0.0 [39/87]: LSM stacking v39: LSM: Remove lsmblob scaffolding - SAUCE: apparmor4.0.0 [40/87]: LSM stacking v39: LSM: Allow reservation of netlabel - SAUCE: apparmor4.0.0 [41/87]: LSM stacking v39: LSM: restrict security_cred_getsecid() to a single LSM - SAUCE: apparmor4.0.0 [42/87]: LSM stacking v39: Smack: Remove LSM_FLAG_EXCLUSIVE - SAUCE: apparmor4.0.0 [43/87]: LSM stacking v39: UBUNTU: SAUCE: apparmor4.0.0 [12/95]: add/use fns to print hash string hex value - SAUCE: apparmor4.0.0 [44/87]: patch to provide compatibility with v2.x net rules - SAUCE: apparmor4.0.0 [45/87]: add unpriviled user ns mediation - SAUCE: apparmor4.0.0 [46/87]: Add sysctls for additional controls of unpriv userns restrictions - SAUCE: apparmor4.0.0 [47/87]: af_unix mediation - SAUCE: apparmor4.0.0 [48/87]: Add fine grained mediation of posix mqueues - SAUCE: apparmor4.0.0 [49/87]: setup slab cache for audit data - SAUCE: apparmor4.0.0 [50/87]: Improve debug print infrastructure - SAUCE: apparmor4.0.0 [51/87]: add the ability for profiles to have a learning cache - SAUCE: apparmor4.0.0 [52/87]: enable userspace upcall for mediation - SAUCE: apparmor4.0.0 [53/87]: prompt - lock down prompt interface - SAUCE: apparmor4.0.0 [54/87]: prompt - allow controlling of caching of a prompt response - SAUCE: apparmor4.0.0 [55/87]: prompt - add refcount to audit_node in prep or reuse and delete - SAUCE: apparmor4.0.0 [56/87]: prompt - refactor to moving caching to uresponse - SAUCE: apparmor4.0.0 [57/87]: prompt - Improve debug statements - SAUCE: apparmor4.0.0 [58/87]: prompt - fix caching - SAUCE: apparmor4.0.0 [59/87]: prompt - rework build to use append fn, to simplify adding strings - SAUCE: apparmor4.0.0 [60/87]: prompt - refcount notifications - SAUCE: apparmor4.0.0 [61/87]: prompt - add the ability to reply with a profile name - SAUCE: apparmor4.0.0 [62/87]: prompt - fix notification cache when updating - SAUCE: apparmor4.0.0 [63/87]: prompt - add tailglob on name for cache support - SAUCE: apparmor4.0.0 [64/87]: prompt - allow profiles to set prompts as interruptible - SAUCE: apparmor4.0.0 [65/87] v6.8 prompt:fixup interruptible - SAUCE: apparmor4.0.0 [69/87]: add io_uring mediation - SAUCE: apparmor4.0.0 [70/87]: apparmor: fix oops when racing to retrieve notification - SAUCE: apparmor4.0.0 [71/87]: apparmor: fix notification header size - SAUCE: apparmor4.0.0 [72/87]: apparmor: fix request field from a prompt reply that denies all access - SAUCE: apparmor4.0.0 [73/87]: apparmor: open userns related sysctl so lxc can check if restriction are in place - SAUCE: apparmor4.0.0 [74/87]: apparmor: cleanup attachment perm lookup to use lookup_perms() - SAUCE: apparmor4.0.0 [75/87]: apparmor: remove redundant unconfined check. - SAUCE: apparmor4.0.0 [76/87]: apparmor: switch signal mediation to using RULE_MEDIATES - SAUCE: apparmor4.0.0 [77/87]: apparmor: ensure labels with more than one entry have correct flags - SAUCE: apparmor4.0.0 [78/87]: apparmor: remove explicit restriction that unconfined cannot use change_hat - SAUCE: apparmor4.0.0 [79/87]: apparmor: cleanup: refactor file_perm() to provide semantics of some checks - SAUCE: apparmor4.0.0 [80/87]: apparmor: carry mediation check on label - SAUCE: apparmor4.0.0 [81/87]: apparmor: convert easy uses of unconfined() to label_mediates() - SAUCE: apparmor4.0.0 [82/87]: apparmor: add additional flags to extended permission. - SAUCE: apparmor4.0.0 [83/87]: apparmor: add support for profiles to define the kill signal - SAUCE: apparmor4.0.0 [84/87]: apparmor: fix x_table_lookup when stacking is not the first entry - SAUCE: apparmor4.0.0 [85/87]: apparmor: allow profile to be transitioned when a user ns is created - SAUCE: apparmor4.0.0 [86/87]: apparmor: add ability to mediate caps with policy state machine - SAUCE: apparmor4.0.0 [87/87]: fixup notify - [Config] disable CONFIG_SECURITY_APPARMOR_RESTRICT_USERNS * update apparmor and LSM stacking patch set (LP: #2028253) // [FFe] apparmor-4.0.0-alpha2 for unprivileged user namespace restrictions in mantic (LP: #2032602) - SAUCE: apparmor4.0.0 [66/87]: prompt - add support for advanced filtering of notifications - SAUCE: apparmor4.0.0 [67/87]: userns - add the ability to reference a global variable for a feature value - SAUCE: apparmor4.0.0 [68/87]: userns - make it so special unconfined profiles can mediate user namespaces . [ Ubuntu: 6.8.0-6.6 ] . * noble/linux: 6.8.0-6.6 -proposed tracker (LP: #2052592) * Packaging resync (LP: #1786013) - debian.master/dkms-versions -- update from kernel-versions (main/d2024.02.07) - [Packaging] update variants * FIPS kernels should default to fips mode (LP: #2049082) - SAUCE: Enable fips mode by default, in FIPS kernels only * Fix snapcraftyaml.yaml for jammy:linux-raspi (LP: #2051468) - [Packaging] Remove old snapcraft.yaml * Azure: Fix regression introduced in LP: #2045069 (LP: #2052453) - hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed * Miscellaneous Ubuntu changes - [Packaging] Remove in-tree abi checks - [Packaging] drop abi files with clean - [Packaging] Remove do_full_source variable (fixup) - [Packaging] Remove update-dkms-versions and move dkms-versions - [Config] updateconfigs following v6.8-rc3 rebase - [packaging] rename to linux - [packaging] rebase on v6.8-rc3 - [packaging] disable signing for ppc64el * Rebase on v6.8-rc3 . [ Ubuntu: 6.8.0-5.5 ] . * noble/linux-unstable: 6.8.0-5.5 -proposed tracker (LP: #2052136) * Miscellaneous upstream changes - Revert "mm/sparsemem: fix race in accessing memory_section->usage" . [ Ubuntu: 6.8.0-4.4 ] . * noble/linux-unstable: 6.8.0-4.4 -proposed tracker (LP: #2051502) * Migrate from fbdev drivers to simpledrm and DRM fbdev emulation layer (LP: #1965303) - [Config] enable simpledrm and DRM fbdev emulation layer * Miscellaneous Ubuntu changes - [Config] toolchain update * Miscellaneous upstream changes - rust: upgrade to Rust 1.75.0 . [ Ubuntu: 6.8.0-3.3 ] . * noble/linux-unstable: 6.8.0-3.3 -proposed tracker (LP: #2051488) * update apparmor and LSM stacking patch set (LP: #2028253) - SAUCE: apparmor4.0.0 [43/87]: LSM stacking v39: UBUNTU: SAUCE: apparmor4.0.0 [12/95]: add/use fns to print hash string hex value - SAUCE: apparmor4.0.0 [44/87]: patch to provide compatibility with v2.x net rules - SAUCE: apparmor4.0.0 [45/87]: add unpriviled user ns mediation - SAUCE: apparmor4.0.0 [46/87]: Add sysctls for additional controls of unpriv userns restrictions - SAUCE: apparmor4.0.0 [47/87]: af_unix mediation - SAUCE: apparmor4.0.0 [48/87]: Add fine grained mediation of posix mqueues - SAUCE: apparmor4.0.0 [49/87]: setup slab cache for audit data - SAUCE: apparmor4.0.0 [50/87]: Improve debug print infrastructure - SAUCE: apparmor4.0.0 [51/87]: add the ability for profiles to have a learning cache - SAUCE: apparmor4.0.0 [52/87]: enable userspace upcall for mediation - SAUCE: apparmor4.0.0 [53/87]: prompt - lock down prompt interface - SAUCE: apparmor4.0.0 [54/87]: prompt - allow controlling of caching of a prompt response - SAUCE: apparmor4.0.0 [55/87]: prompt - add refcount to audit_node in prep or reuse and delete - SAUCE: apparmor4.0.0 [56/87]: prompt - refactor to moving caching to uresponse - SAUCE: apparmor4.0.0 [57/87]: prompt - Improve debug statements - SAUCE: apparmor4.0.0 [58/87]: prompt - fix caching - SAUCE: apparmor4.0.0 [59/87]: prompt - rework build to use append fn, to simplify adding strings - SAUCE: apparmor4.0.0 [60/87]: prompt - refcount notifications - SAUCE: apparmor4.0.0 [61/87]: prompt - add the ability to reply with a profile name - SAUCE: apparmor4.0.0 [62/87]: prompt - fix notification cache when updating - SAUCE: apparmor4.0.0 [63/87]: prompt - add tailglob on name for cache support - SAUCE: apparmor4.0.0 [64/87]: prompt - allow profiles to set prompts as interruptible - SAUCE: apparmor4.0.0 [69/87]: add io_uring mediation - [Config] disable CONFIG_SECURITY_APPARMOR_RESTRICT_USERNS * apparmor restricts read access of user namespace mediation sysctls to root (LP: #2040194) - SAUCE: apparmor4.0.0 [73/87]: apparmor: open userns related sysctl so lxc can check if restriction are in place * AppArmor spams kernel log with assert when auditing (LP: #2040192) - SAUCE: apparmor4.0.0 [72/87]: apparmor: fix request field from a prompt reply that denies all access * apparmor notification files verification (LP: #2040250) - SAUCE: apparmor4.0.0 [71/87]: apparmor: fix notification header size * apparmor oops when racing to retrieve a notification (LP: #2040245) - SAUCE: apparmor4.0.0 [70/87]: apparmor: fix oops when racing to retrieve notification * update apparmor and LSM stacking patch set (LP: #2028253) // [FFe] apparmor-4.0.0-alpha2 for unprivileged user namespace restrictions in mantic (LP: #2032602) - SAUCE: apparmor4.0.0 [66/87]: prompt - add support for advanced filtering of notifications - SAUCE: apparmor4.0.0 [67/87]: userns - add the ability to reference a global variable for a feature value - SAUCE: apparmor4.0.0 [68/87]: userns - make it so special unconfined profiles can mediate user namespaces * Miscellaneous Ubuntu changes - SAUCE: apparmor4.0.0 [01/87]: LSM stacking v39: integrity: disassociate ima_filter_rule from security_audit_rule - SAUCE: apparmor4.0.0 [02/87]: LSM stacking v39: SM: Infrastructure management of the sock security - SAUCE: apparmor4.0.0 [03/87]: LSM stacking v39: LSM: Add the lsmblob data structure. - SAUCE: apparmor4.0.0 [04/87]: LSM stacking v39: IMA: avoid label collisions with stacked LSMs - SAUCE: apparmor4.0.0 [05/87]: LSM stacking v39: LSM: Use lsmblob in security_audit_rule_match - SAUCE: apparmor4.0.0 [06/87]: LSM stacking v39: LSM: Add lsmblob_to_secctx hook - SAUCE: apparmor4.0.0 [07/87]: LSM stacking v39: Audit: maintain an lsmblob in audit_context - SAUCE: apparmor4.0.0 [08/87]: LSM stacking v39: LSM: Use lsmblob in security_ipc_getsecid - SAUCE: apparmor4.0.0 [09/87]: LSM stacking v39: Audit: Update shutdown LSM data - SAUCE: apparmor4.0.0 [10/87]: LSM stacking v39: LSM: Use lsmblob in security_current_getsecid - SAUCE: apparmor4.0.0 [11/87]: LSM stacking v39: LSM: Use lsmblob in security_inode_getsecid - SAUCE: apparmor4.0.0 [12/87]: LSM stacking v39: Audit: use an lsmblob in audit_names - SAUCE: apparmor4.0.0 [13/87]: LSM stacking v39: LSM: Create new security_cred_getlsmblob LSM hook - SAUCE: apparmor4.0.0 [14/87]: LSM stacking v39: Audit: Change context data from secid to lsmblob - SAUCE: apparmor4.0.0 [15/87]: LSM stacking v39: Netlabel: Use lsmblob for audit data - SAUCE: apparmor4.0.0 [16/87]: LSM stacking v39: LSM: Ensure the correct LSM context releaser - SAUCE: apparmor4.0.0 [17/87]: LSM stacking v39: LSM: Use lsmcontext in security_secid_to_secctx - SAUCE: apparmor4.0.0 [18/87]: LSM stacking v39: LSM: Use lsmcontext in security_lsmblob_to_secctx - SAUCE: apparmor4.0.0 [19/87]: LSM stacking v39: LSM: Use lsmcontext in security_inode_getsecctx - SAUCE: apparmor4.0.0 [20/87]: LSM stacking v39: LSM: Use lsmcontext in security_dentry_init_security - SAUCE: apparmor4.0.0 [21/87]: LSM stacking v39: LSM: security_lsmblob_to_secctx module selection - SAUCE: apparmor4.0.0 [22/87]: LSM stacking v39: Audit: Create audit_stamp structure - SAUCE: apparmor4.0.0 [23/87]: LSM stacking v39: Audit: Allow multiple records in an audit_buffer - SAUCE: apparmor4.0.0 [24/87]: LSM stacking v39: Audit: Add record for multiple task security contexts - SAUCE: apparmor4.0.0 [25/87]: LSM stacking v39: audit: multiple subject lsm values for netlabel - SAUCE: apparmor4.0.0 [26/87]: LSM stacking v39: Audit: Add record for multiple object contexts - SAUCE: apparmor4.0.0 [27/87]: LSM stacking v39: LSM: Remove unused lsmcontext_init() - SAUCE: apparmor4.0.0 [28/87]: LSM stacking v39: LSM: Improve logic in security_getprocattr - SAUCE: apparmor4.0.0 [29/87]: LSM stacking v39: LSM: secctx provider check on release - SAUCE: apparmor4.0.0 [30/87]: LSM stacking v39: LSM: Single calls in socket_getpeersec hooks - SAUCE: apparmor4.0.0 [31/87]: LSM stacking v39: LSM: Exclusive secmark usage - SAUCE: apparmor4.0.0 [32/87]: LSM stacking v39: LSM: Identify which LSM handles the context string - SAUCE: apparmor4.0.0 [33/87]: LSM stacking v39: AppArmor: Remove the exclusive flag - SAUCE: apparmor4.0.0 [34/87]: LSM stacking v39: LSM: Add mount opts blob size tracking - SAUCE: apparmor4.0.0 [35/87]: LSM stacking v39: LSM: allocate mnt_opts blobs instead of module specific data - SAUCE: apparmor4.0.0 [36/87]: LSM stacking v39: LSM: Infrastructure management of the key security blob - SAUCE: apparmor4.0.0 [37/87]: LSM stacking v39: LSM: Infrastructure management of the mnt_opts security blob - SAUCE: apparmor4.0.0 [38/87]: LSM stacking v39: LSM: Correct handling of ENOSYS in inode_setxattr - SAUCE: apparmor4.0.0 [39/87]: LSM stacking v39: LSM: Remove lsmblob scaffolding - SAUCE: apparmor4.0.0 [40/87]: LSM stacking v39: LSM: Allow reservation of netlabel - SAUCE: apparmor4.0.0 [41/87]: LSM stacking v39: LSM: restrict security_cred_getsecid() to a single LSM - SAUCE: apparmor4.0.0 [42/87]: LSM stacking v39: Smack: Remove LSM_FLAG_EXCLUSIVE - SAUCE: apparmor4.0.0 [65/87] v6.8 prompt:fixup interruptible - SAUCE: apparmor4.0.0 [74/87]: apparmor: cleanup attachment perm lookup to use lookup_perms() - SAUCE: apparmor4.0.0 [75/87]: apparmor: remove redundant unconfined check. - SAUCE: apparmor4.0.0 [76/87]: apparmor: switch signal mediation to using RULE_MEDIATES - SAUCE: apparmor4.0.0 [77/87]: apparmor: ensure labels with more than one entry have correct flags - SAUCE: apparmor4.0.0 [78/87]: apparmor: remove explicit restriction that unconfined cannot use change_hat - SAUCE: apparmor4.0.0 [79/87]: apparmor: cleanup: refactor file_perm() to provide semantics of some checks - SAUCE: apparmor4.0.0 [80/87]: apparmor: carry mediation check on label - SAUCE: apparmor4.0.0 [81/87]: apparmor: convert easy uses of unconfined() to label_mediates() - SAUCE: apparmor4.0.0 [82/87]: apparmor: add additional flags to extended permission. - SAUCE: apparmor4.0.0 [83/87]: apparmor: add support for profiles to define the kill signal - SAUCE: apparmor4.0.0 [84/87]: apparmor: fix x_table_lookup when stacking is not the first entry - SAUCE: apparmor4.0.0 [85/87]: apparmor: allow profile to be transitioned when a user ns is created - SAUCE: apparmor4.0.0 [86/87]: apparmor: add ability to mediate caps with policy state machine - SAUCE: apparmor4.0.0 [87/87]: fixup notify - [Config] updateconfigs following v6.8-rc2 rebase . [ Ubuntu: 6.8.0-2.2 ] . * noble/linux-unstable: 6.8.0-2.2 -proposed tracker (LP: #2051110) * Miscellaneous Ubuntu changes - [Config] toolchain update - [Config] enable Rust . [ Ubuntu: 6.8.0-1.1 ] . * noble/linux-unstable: 6.8.0-1.1 -proposed tracker (LP: #2051102) * Miscellaneous Ubuntu changes - [packaging] move to v6.8-rc1 - [Config] updateconfigs following v6.8-rc1 rebase - SAUCE: export file_close_fd() instead of close_fd_get_file() - SAUCE: cpufreq: s/strlcpy/strscpy/ - debian/dkms-versions -- temporarily disable zfs dkms - debian/dkms-versions -- temporarily disable ipu6 and isvsc dkms - debian/dkms-versions -- temporarily disable v4l2loopback . [ Ubuntu: 6.8.0-0.0 ] . * Empty entry. . [ Ubuntu: 6.7.0-7.7 ] . * noble/linux-unstable: 6.7.0-7.7 -proposed tracker (LP: #2049357) * Packaging resync (LP: #1786013) - [Packaging] update variants * Miscellaneous Ubuntu changes - [Packaging] re-enable signing for s390x and ppc64el . [ Ubuntu: 6.7.0-6.6 ] . * Empty entry. . [ Ubuntu: 6.7.0-2.2 ] . * noble/linux: 6.7.0-2.2 -proposed tracker (LP: #2049182) * Packaging resync (LP: #1786013) - [Packaging] resync getabis * Enforce RETPOLINE and SLS mitigrations (LP: #2046440) - SAUCE: objtool: Make objtool check actually fatal upon fatal errors - SAUCE: objtool: make objtool SLS validation fatal when building with CONFIG_SLS=y - SAUCE: objtool: make objtool RETPOLINE validation fatal when building with CONFIG_RETPOLINE=y - SAUCE: scripts: remove generating .o-ur objects - [Packaging] Remove all custom retpoline-extract code - Revert "UBUNTU: SAUCE: vga_set_mode -- avoid jump tables" - Revert "UBUNTU: SAUCE: early/late -- annotate indirect calls in early/late initialisation code" - Revert "UBUNTU: SAUCE: apm -- annotate indirect calls within firmware_restrict_branch_speculation_{start,end}" * Miscellaneous Ubuntu changes - [Packaging] temporarily disable riscv64 builds - [Packaging] temporarily disable Rust dependencies on riscv64 . [ Ubuntu: 6.7.0-1.1 ] . * noble/linux: 6.7.0-1.1 -proposed tracker (LP: #2048859) * Packaging resync (LP: #1786013) - [Packaging] update variants - debian/dkms-versions -- update from kernel-versions (main/d2024.01.02) * [UBUNTU 23.04] Regression: Ubuntu 23.04/23.10 do not include uvdevice anymore (LP: #2048919) - [Config] Enable S390_UV_UAPI (built-in) * Support mipi camera on Intel Meteor Lake platform (LP: #2031412) - SAUCE: iommu: intel-ipu: use IOMMU passthrough mode for Intel IPUs on Meteor Lake - SAUCE: platform/x86: int3472: Add handshake GPIO function * [SRU][J/L/M] UBUNTU: [Packaging] Make WWAN driver a loadable module (LP: #2033406) - [Packaging] Make WWAN driver loadable modules * usbip: error: failed to open /usr/share/hwdata//usb.ids (LP: #2039439) - [Packaging] Make linux-tools-common depend on hwdata * [Mediatek] mt8195-demo: enable CONFIG_MTK_IOMMU as module for multimedia and PCIE peripherals (LP: #2036587) - [Config] Enable CONFIG_MTK_IOMMU on arm64 * linux-*: please enable dm-verity kconfigs to allow MoK/db verified root images (LP: #2019040) - [Config] CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING=y * kexec enable to load/kdump zstd compressed zimg (LP: #2037398) - [Packaging] Revert arm64 image format to Image.gz * Mantic minimized/minimal cloud images do not receive IP address during provisioning; systemd regression with wait-online (LP: #2036968) - [Config] Enable virtio-net as built-in to avoid race * Make backlight module auto detect dell_uart_backlight (LP: #2008882) - SAUCE: ACPI: video: Dell AIO UART backlight detection * Linux 6.2 fails to reboot with current u-boot-nezha (LP: #2021364) - [Config] Default to performance CPUFreq governor on riscv64 * Enable Nezha board (LP: #1975592) - [Config] Build in D1 clock drivers on riscv64 - [Config] Enable CONFIG_SUN6I_RTC_CCU on riscv64 - [Config] Enable CONFIG_SUNXI_WATCHDOG on riscv64 - [Config] Disable SUN50I_DE2_BUS on riscv64 - [Config] Disable unneeded sunxi pinctrl drivers on riscv64 * Enable StarFive VisionFive 2 board (LP: #2013232) - [Config] Enable CONFIG_PINCTRL_STARFIVE_JH7110_SYS on riscv64 - [Config] Enable CONFIG_STARFIVE_WATCHDOG on riscv64 * rcu_sched detected stalls on CPUs/tasks (LP: #1967130) - [Config] Enable virtually mapped stacks on riscv64 * Check for changes relevant for security certifications (LP: #1945989) - [Packaging] Add a new fips-checks script * Installation support for SMARC RZ/G2L platform (LP: #2030525) - [Config] build Renesas RZ/G2L USBPHY control driver statically * Add support for kernels compiled with CONFIG_EFI_ZBOOT (LP: #2002226) - [Config]: Turn on CONFIG_EFI_ZBOOT on ARM64 * Default module signing algo should be accelerated (LP: #2034061) - [Config] Default module signing algo should be accelerated * Miscellaneous Ubuntu changes - [Config] annotations clean-up [ Upstream Kernel Changes ] * Rebase to v6.7 . [ Ubuntu: 6.7.0-0.0 ] . * Empty entry . [ Ubuntu: 6.7.0-5.5 ] . * noble/linux-unstable: 6.7.0-5.5 -proposed tracker (LP: #2048118) * Packaging resync (LP: #1786013) - debian/dkms-versions -- update from kernel-versions (main/d2024.01.02) * Miscellaneous Ubuntu changes - [Packaging] re-enable Rust support - [Packaging] temporarily disable riscv64 builds . [ Ubuntu: 6.7.0-4.4 ] . * noble/linux-unstable: 6.7.0-4.4 -proposed tracker (LP: #2047807) * unconfined profile denies userns_create for chromium based processes (LP: #1990064) - [Config] disable CONFIG_SECURITY_APPARMOR_RESTRICT_USERNS * apparmor restricts read access of user namespace mediation sysctls to root (LP: #2040194) - SAUCE: apparmor4.0.0 [69/69]: apparmor: open userns related sysctl so lxc can check if restriction are in place * AppArmor spams kernel log with assert when auditing (LP: #2040192) - SAUCE: apparmor4.0.0 [68/69]: apparmor: fix request field from a prompt reply that denies all access * apparmor notification files verification (LP: #2040250) - SAUCE: apparmor4.0.0 [67/69]: apparmor: fix notification header size * apparmor oops when racing to retrieve a notification (LP: #2040245) - SAUCE: apparmor4.0.0 [66/69]: apparmor: fix oops when racing to retrieve notification * update apparmor and LSM stacking patch set (LP: #2028253) - SAUCE: apparmor4.0.0 [01/69]: add/use fns to print hash string hex value - SAUCE: apparmor4.0.0 [02/69]: patch to provide compatibility with v2.x net rules - SAUCE: apparmor4.0.0 [03/69]: add unpriviled user ns mediation - SAUCE: apparmor4.0.0 [04/69]: Add sysctls for additional controls of unpriv userns restrictions - SAUCE: apparmor4.0.0 [05/69]: af_unix mediation - SAUCE: apparmor4.0.0 [06/69]: Add fine grained mediation of posix mqueues - SAUCE: apparmor4.0.0 [07/69]: Stacking v38: LSM: Identify modules by more than name - SAUCE: apparmor4.0.0 [08/69]: Stacking v38: LSM: Add an LSM identifier for external use - SAUCE: apparmor4.0.0 [09/69]: Stacking v38: LSM: Identify the process attributes for each module - SAUCE: apparmor4.0.0 [10/69]: Stacking v38: LSM: Maintain a table of LSM attribute data - SAUCE: apparmor4.0.0 [11/69]: Stacking v38: proc: Use lsmids instead of lsm names for attrs - SAUCE: apparmor4.0.0 [12/69]: Stacking v38: integrity: disassociate ima_filter_rule from security_audit_rule - SAUCE: apparmor4.0.0 [13/69]: Stacking v38: LSM: Infrastructure management of the sock security - SAUCE: apparmor4.0.0 [14/69]: Stacking v38: LSM: Add the lsmblob data structure. - SAUCE: apparmor4.0.0 [15/69]: Stacking v38: LSM: provide lsm name and id slot mappings - SAUCE: apparmor4.0.0 [16/69]: Stacking v38: IMA: avoid label collisions with stacked LSMs - SAUCE: apparmor4.0.0 [17/69]: Stacking v38: LSM: Use lsmblob in security_audit_rule_match - SAUCE: apparmor4.0.0 [18/69]: Stacking v38: LSM: Use lsmblob in security_kernel_act_as - SAUCE: apparmor4.0.0 [19/69]: Stacking v38: LSM: Use lsmblob in security_secctx_to_secid - SAUCE: apparmor4.0.0 [20/69]: Stacking v38: LSM: Use lsmblob in security_secid_to_secctx - SAUCE: apparmor4.0.0 [21/69]: Stacking v38: LSM: Use lsmblob in security_ipc_getsecid - SAUCE: apparmor4.0.0 [22/69]: Stacking v38: LSM: Use lsmblob in security_current_getsecid - SAUCE: apparmor4.0.0 [23/69]: Stacking v38: LSM: Use lsmblob in security_inode_getsecid - SAUCE: apparmor4.0.0 [24/69]: Stacking v38: LSM: Use lsmblob in security_cred_getsecid - SAUCE: apparmor4.0.0 [25/69]: Stacking v38: LSM: Specify which LSM to display - SAUCE: apparmor4.0.0 [27/69]: Stacking v38: LSM: Ensure the correct LSM context releaser - SAUCE: apparmor4.0.0 [28/69]: Stacking v38: LSM: Use lsmcontext in security_secid_to_secctx - SAUCE: apparmor4.0.0 [29/69]: Stacking v38: LSM: Use lsmcontext in security_inode_getsecctx - SAUCE: apparmor4.0.0 [30/69]: Stacking v38: Use lsmcontext in security_dentry_init_security - SAUCE: apparmor4.0.0 [31/69]: Stacking v38: LSM: security_secid_to_secctx in netlink netfilter - SAUCE: apparmor4.0.0 [32/69]: Stacking v38: NET: Store LSM netlabel data in a lsmblob - SAUCE: apparmor4.0.0 [33/69]: Stacking v38: binder: Pass LSM identifier for confirmation - SAUCE: apparmor4.0.0 [34/69]: Stacking v38: LSM: security_secid_to_secctx module selection - SAUCE: apparmor4.0.0 [35/69]: Stacking v38: Audit: Keep multiple LSM data in audit_names - SAUCE: apparmor4.0.0 [36/69]: Stacking v38: Audit: Create audit_stamp structure - SAUCE: apparmor4.0.0 [37/69]: Stacking v38: LSM: Add a function to report multiple LSMs - SAUCE: apparmor4.0.0 [38/69]: Stacking v38: Audit: Allow multiple records in an audit_buffer - SAUCE: apparmor4.0.0 [39/69]: Stacking v38: Audit: Add record for multiple task security contexts - SAUCE: apparmor4.0.0 [40/69]: Stacking v38: audit: multiple subject lsm values for netlabel - SAUCE: apparmor4.0.0 [41/69]: Stacking v38: Audit: Add record for multiple object contexts - SAUCE: apparmor4.0.0 [42/69]: Stacking v38: netlabel: Use a struct lsmblob in audit data - SAUCE: apparmor4.0.0 [43/69]: Stacking v38: LSM: Removed scaffolding function lsmcontext_init - SAUCE: apparmor4.0.0 [44/69]: Stacking v38: AppArmor: Remove the exclusive flag - SAUCE: apparmor4.0.0 [45/69]: setup slab cache for audit data - SAUCE: apparmor4.0.0 [46/69]: Improve debug print infrastructure - SAUCE: apparmor4.0.0 [47/69]: add the ability for profiles to have a learning cache - SAUCE: apparmor4.0.0 [48/69]: enable userspace upcall for mediation - SAUCE: apparmor4.0.0 [49/69]: prompt - lock down prompt interface - SAUCE: apparmor4.0.0 [50/69]: prompt - allow controlling of caching of a prompt response - SAUCE: apparmor4.0.0 [51/69]: prompt - add refcount to audit_node in prep or reuse and delete - SAUCE: apparmor4.0.0 [52/69]: prompt - refactor to moving caching to uresponse - SAUCE: apparmor4.0.0 [53/69]: prompt - Improve debug statements - SAUCE: apparmor4.0.0 [54/69]: prompt - fix caching - SAUCE: apparmor4.0.0 [55/69]: prompt - rework build to use append fn, to simplify adding strings - SAUCE: apparmor4.0.0 [56/69]: prompt - refcount notifications - SAUCE: apparmor4.0.0 [57/69]: prompt - add the ability to reply with a profile name - SAUCE: apparmor4.0.0 [58/69]: prompt - fix notification cache when updating - SAUCE: apparmor4.0.0 [59/69]: prompt - add tailglob on name for cache support - SAUCE: apparmor4.0.0 [60/69]: prompt - allow profiles to set prompts as interruptible - SAUCE: apparmor4.0.0 [64/69]: advertise disconnected.path is available - SAUCE: apparmor4.0.0 [65/69]: add io_uring mediation * update apparmor and LSM stacking patch set (LP: #2028253) // [FFe] apparmor-4.0.0-alpha2 for unprivileged user namespace restrictions in mantic (LP: #2032602) - SAUCE: apparmor4.0.0 [61/69]: prompt - add support for advanced filtering of notifications - SAUCE: apparmor4.0.0 [62/69]: userns - add the ability to reference a global variable for a feature value - SAUCE: apparmor4.0.0 [63/69]: userns - make it so special unconfined profiles can mediate user namespaces * udev fails to make prctl() syscall with apparmor=0 (as used by maas by default) (LP: #2016908) // update apparmor and LSM stacking patch set (LP: #2028253) - SAUCE: apparmor4.0.0 [26/69]: Stacking v38: Fix prctl() syscall with apparmor=0 * Fix RPL-U CPU C-state always keep at C3 when system run PHM with idle screen on (LP: #2042385) - SAUCE: r8169: Add quirks to enable ASPM on Dell platforms * [Debian] autoreconstruct - Do not generate chmod -x for deleted files (LP: #2045562) - [Debian] autoreconstruct - Do not generate chmod -x for deleted files * Disable Legacy TIOCSTI (LP: #2046192) - [Config]: disable CONFIG_LEGACY_TIOCSTI * Packaging resync (LP: #1786013) - [Packaging] update variants - [Packaging] remove helper scripts - [Packaging] update annotations scripts * Miscellaneous Ubuntu changes - [Packaging] rules: Remove unused dkms make variables - [Config] update annotations after rebase to v6.7-rc8 [ Upstream Kernel Changes ] * Rebase to v6.7-rc8 . [ Ubuntu: 6.7.0-3.3 ] . * noble/linux-unstable: 6.7.0-3.3 -proposed tracker (LP: #2046060) * enable CONFIG_INTEL_TDX_HOST in linux >= 6.7 for noble (LP: #2046040) - [Config] enable CONFIG_INTEL_TDX_HOST * linux tools packages for derived kernels refuse to install simultaneously due to libcpupower name collision (LP: #2035971) - [Packaging] Statically link libcpupower into cpupower tool * make lazy RCU a boot time option (LP: #2045492) - SAUCE: rcu: Provide a boot time parameter to control lazy RCU * Build failure if run in a console (LP: #2044512) - [Packaging] Fix kernel module compression failures * Turning COMPAT_32BIT_TIME off on arm64 (64k & derivatives) (LP: #2038582) - [Config] y2038: Turn off COMPAT and COMPAT_32BIT_TIME on arm64 64k * Turning COMPAT_32BIT_TIME off on riscv64 (LP: #2038584) - [Config] y2038: Disable COMPAT_32BIT_TIME on riscv64 * Turning COMPAT_32BIT_TIME off on ppc64el (LP: #2038587) - [Config] y2038: Disable COMPAT and COMPAT_32BIT_TIME on ppc64le * [UBUNTU 23.04] Kernel config option missing for s390x PCI passthrough (LP: #2042853) - [Config] CONFIG_VFIO_PCI_ZDEV_KVM=y * back-out zstd module compression automatic for backports (LP: #2045593) - [Packaging] make ZSTD module compression conditional * Miscellaneous Ubuntu changes - [Packaging] Remove do_full_source variable - [Packaging] Remove obsolete config handling - [Packaging] Remove support for sub-flavors - [Packaging] Remove old linux-libc-dev version hack - [Packaging] Remove obsolete scripts - [Packaging] Remove README.inclusion-list - [Packaging] make $(stampdir)/stamp-build-perarch depend on build-arch - [Packaging] Enable rootless builds - [Packaging] Allow to run debian/rules without (fake)root - [Packaging] remove unneeded trailing slash for INSTALL_MOD_PATH - [Packaging] override KERNELRELEASE instead of KERNELVERSION - [Config] update toolchain versions in annotations - [Packaging] drop useless linux-doc - [Packaging] scripts: Rewrite insert-ubuntu-changes in Python - [Packaging] enable riscv64 builds - [Packaging] remove the last sub-flavours bit - [Packaging] check debian.env to determine do_libc_dev_package - [Packaging] remove debian.*/variants - [Packaging] remove do_libc_dev_package variable - [Packaging] move linux-libc-dev.stub to debian/control.d/ - [Packaging] Update check to build linux-libc-dev to the source package name - [Packaging] rules: Remove startnewrelease target - [Packaging] Remove debian/commit-templates - [Config] update annotations after rebase to v6.7-rc4 [ Upstream Kernel Changes ] * Rebase to v6.7-rc4 . [ Ubuntu: 6.7.0-2.2 ] . * noble/linux-unstable: 6.7.0-2.2 -proposed tracker (LP: #2045107) * Miscellaneous Ubuntu changes - [Packaging] re-enable Rust - [Config] enable Rust in annotations - [Packaging] Remove do_enforce_all variable - [Config] disable Softlogic 6x10 capture card driver on armhf - [Packaging] disable Rust support - [Config] update annotations after rebase to v6.7-rc3 [ Upstream Kernel Changes ] * Rebase to v6.7-rc3 . [ Ubuntu: 6.7.0-1.1 ] . * noble/linux-unstable: 6.7.0-1.1 -proposed tracker (LP: #2044069) * Packaging resync (LP: #1786013) - [Packaging] update annotations scripts - [Packaging] update helper scripts * Miscellaneous Ubuntu changes - [Config] update annotations after rebase to v6.7-rc2 [ Upstream Kernel Changes ] * Rebase to v6.7-rc2 . [ Ubuntu: 6.7.0-0.0 ] . * Empty entry . [ Ubuntu: 6.6.0-12.12 ] . * noble/linux-unstable: 6.6.0-12.12 -proposed tracker (LP: #2043664) * Miscellaneous Ubuntu changes - [Packaging] temporarily disable zfs dkms . [ Ubuntu: 6.6.0-11.11 ] . * noble/linux-unstable: 6.6.0-11.11 -proposed tracker (LP: #2043480) * Packaging resync (LP: #1786013) - [Packaging] resync git-ubuntu-log - [Packaging] resync update-dkms-versions helper - [Packaging] update variants - debian/dkms-versions -- update from kernel-versions (main/d2023.11.14) * Miscellaneous Ubuntu changes - [Packaging] move to Noble - [Config] toolchain version update . [ Ubuntu: 6.6.0-10.10 ] . * mantic/linux-unstable: 6.6.0-10.10 -proposed tracker (LP: #2043088) * Bump arm64's CONFIG_NR_CPUS to 512 (LP: #2042897) - [Config] Bump CONFIG_NR_CPUS to 512 for arm64 * Miscellaneous Ubuntu changes - [Config] Include a note for the NR_CPUS setting on riscv64 - SAUCE: apparmor4.0.0 [83/83]: Fix inode_init for changed prototype . [ Ubuntu: 6.6.0-9.9 ] . * mantic/linux-unstable: 6.6.0-9.9 -proposed tracker (LP: #2041852) * Switch IMA default hash to sha256 (LP: #2041735) - [Config] Switch IMA_DEFAULT_HASH from sha1 to sha256 * apparmor restricts read access of user namespace mediation sysctls to root (LP: #2040194) - SAUCE: apparmor4.0.0 [82/82]: apparmor: open userns related sysctl so lxc can check if restriction are in place * AppArmor spams kernel log with assert when auditing (LP: #2040192) - SAUCE: apparmor4.0.0 [81/82]: apparmor: fix request field from a prompt reply that denies all access * apparmor notification files verification (LP: #2040250) - SAUCE: apparmor4.0.0 [80/82]: apparmor: fix notification header size * apparmor oops when racing to retrieve a notification (LP: #2040245) - SAUCE: apparmor4.0.0 [79/82]: apparmor: fix oops when racing to retrieve notification * Disable restricting unprivileged change_profile by default, due to LXD latest/stable not yet compatible with this new apparmor feature (LP: #2038567) - SAUCE: apparmor4.0.0 [78/82]: apparmor: Make apparmor_restrict_unprivileged_unconfined opt-in * update apparmor and LSM stacking patch set (LP: #2028253) - SAUCE: apparmor4.0.0 [01/82]: add/use fns to print hash string hex value - SAUCE: apparmor4.0.0 [02/82]: rename SK_CTX() to aa_sock and make it an inline fn - SAUCE: apparmor4.0.0 [03/82]: patch to provide compatibility with v2.x net rules - SAUCE: apparmor4.0.0 [04/82]: add user namespace creation mediation - SAUCE: apparmor4.0.0 [05/82]: Add sysctls for additional controls of unpriv userns restrictions - SAUCE: apparmor4.0.0 [06/82]: af_unix mediation - SAUCE: apparmor4.0.0 [07/82]: Add fine grained mediation of posix mqueues - SAUCE: apparmor4.0.0 [08/82]: Stacking v38: LSM: Identify modules by more than name - SAUCE: apparmor4.0.0 [09/82]: Stacking v38: LSM: Add an LSM identifier for external use - SAUCE: apparmor4.0.0 [10/82]: Stacking v38: LSM: Identify the process attributes for each module - SAUCE: apparmor4.0.0 [11/82]: Stacking v38: LSM: Maintain a table of LSM attribute data - SAUCE: apparmor4.0.0 [12/82]: Stacking v38: proc: Use lsmids instead of lsm names for attrs - SAUCE: apparmor4.0.0 [13/82]: Stacking v38: integrity: disassociate ima_filter_rule from security_audit_rule - SAUCE: apparmor4.0.0 [14/82]: Stacking v38: LSM: Infrastructure management of the sock security - SAUCE: apparmor4.0.0 [15/82]: Stacking v38: LSM: Add the lsmblob data structure. - SAUCE: apparmor4.0.0 [16/82]: Stacking v38: LSM: provide lsm name and id slot mappings - SAUCE: apparmor4.0.0 [17/82]: Stacking v38: IMA: avoid label collisions with stacked LSMs - SAUCE: apparmor4.0.0 [18/82]: Stacking v38: LSM: Use lsmblob in security_audit_rule_match - SAUCE: apparmor4.0.0 [19/82]: Stacking v38: LSM: Use lsmblob in security_kernel_act_as - SAUCE: apparmor4.0.0 [20/82]: Stacking v38: LSM: Use lsmblob in security_secctx_to_secid - SAUCE: apparmor4.0.0 [21/82]: Stacking v38: LSM: Use lsmblob in security_secid_to_secctx - SAUCE: apparmor4.0.0 [22/82]: Stacking v38: LSM: Use lsmblob in security_ipc_getsecid - SAUCE: apparmor4.0.0 [23/82]: Stacking v38: LSM: Use lsmblob in security_current_getsecid - SAUCE: apparmor4.0.0 [24/82]: Stacking v38: LSM: Use lsmblob in security_inode_getsecid - SAUCE: apparmor4.0.0 [25/82]: Stacking v38: LSM: Use lsmblob in security_cred_getsecid - SAUCE: apparmor4.0.0 [26/82]: Stacking v38: LSM: Specify which LSM to display - SAUCE: apparmor4.0.0 [28/82]: Stacking v38: LSM: Ensure the correct LSM context releaser - SAUCE: apparmor4.0.0 [29/82]: Stacking v38: LSM: Use lsmcontext in security_secid_to_secctx - SAUCE: apparmor4.0.0 [30/82]: Stacking v38: LSM: Use lsmcontext in security_inode_getsecctx - SAUCE: apparmor4.0.0 [31/82]: Stacking v38: Use lsmcontext in security_dentry_init_security - SAUCE: apparmor4.0.0 [32/82]: Stacking v38: LSM: security_secid_to_secctx in netlink netfilter - SAUCE: apparmor4.0.0 [33/82]: Stacking v38: NET: Store LSM netlabel data in a lsmblob - SAUCE: apparmor4.0.0 [34/82]: Stacking v38: binder: Pass LSM identifier for confirmation - SAUCE: apparmor4.0.0 [35/82]: Stacking v38: LSM: security_secid_to_secctx module selection - SAUCE: apparmor4.0.0 [36/82]: Stacking v38: Audit: Keep multiple LSM data in audit_names - SAUCE: apparmor4.0.0 [37/82]: Stacking v38: Audit: Create audit_stamp structure - SAUCE: apparmor4.0.0 [38/82]: Stacking v38: LSM: Add a function to report multiple LSMs - SAUCE: apparmor4.0.0 [39/82]: Stacking v38: Audit: Allow multiple records in an audit_buffer - SAUCE: apparmor4.0.0 [40/82]: Stacking v38: Audit: Add record for multiple task security contexts - SAUCE: apparmor4.0.0 [41/82]: Stacking v38: audit: multiple subject lsm values for netlabel - SAUCE: apparmor4.0.0 [42/82]: Stacking v38: Audit: Add record for multiple object contexts - SAUCE: apparmor4.0.0 [43/82]: Stacking v38: netlabel: Use a struct lsmblob in audit data - SAUCE: apparmor4.0.0 [44/82]: Stacking v38: LSM: Removed scaffolding function lsmcontext_init - SAUCE: apparmor4.0.0 [45/82]: Stacking v38: AppArmor: Remove the exclusive flag - SAUCE: apparmor4.0.0 [46/82]: combine common_audit_data and apparmor_audit_data - SAUCE: apparmor4.0.0 [47/82]: setup slab cache for audit data - SAUCE: apparmor4.0.0 [48/82]: rename audit_data->label to audit_data->subj_label - SAUCE: apparmor4.0.0 [49/82]: pass cred through to audit info. - SAUCE: apparmor4.0.0 [50/82]: Improve debug print infrastructure - SAUCE: apparmor4.0.0 [51/82]: add the ability for profiles to have a learning cache - SAUCE: apparmor4.0.0 [52/82]: enable userspace upcall for mediation - SAUCE: apparmor4.0.0 [53/82]: cache buffers on percpu list if there is lock contention - SAUCE: apparmor4.0.0 [54/82]: advertise availability of exended perms - SAUCE: apparmor4.0.0 [56/82]: cleanup: provide separate audit messages for file and policy checks - SAUCE: apparmor4.0.0 [57/82]: prompt - lock down prompt interface - SAUCE: apparmor4.0.0 [58/82]: prompt - ref count pdb - SAUCE: apparmor4.0.0 [59/82]: prompt - allow controlling of caching of a prompt response - SAUCE: apparmor4.0.0 [60/82]: prompt - add refcount to audit_node in prep or reuse and delete - SAUCE: apparmor4.0.0 [61/82]: prompt - refactor to moving caching to uresponse - SAUCE: apparmor4.0.0 [62/82]: prompt - Improve debug statements - SAUCE: apparmor4.0.0 [63/82]: prompt - fix caching - SAUCE: apparmor4.0.0 [64/82]: prompt - rework build to use append fn, to simplify adding strings - SAUCE: apparmor4.0.0 [65/82]: prompt - refcount notifications - SAUCE: apparmor4.0.0 [66/82]: prompt - add the ability to reply with a profile name - SAUCE: apparmor4.0.0 [67/82]: prompt - fix notification cache when updating - SAUCE: apparmor4.0.0 [68/82]: prompt - add tailglob on name for cache support - SAUCE: apparmor4.0.0 [69/82]: prompt - allow profiles to set prompts as interruptible - SAUCE: apparmor4.0.0 [74/82]: advertise disconnected.path is available - SAUCE: apparmor4.0.0 [75/82]: fix invalid reference on profile->disconnected - SAUCE: apparmor4.0.0 [76/82]: add io_uring mediation - SAUCE: apparmor4.0.0 [77/82]: apparmor: Fix regression in mount mediation * update apparmor and LSM stacking patch set (LP: #2028253) // [FFe] apparmor-4.0.0-alpha2 for unprivileged user namespace restrictions in mantic (LP: #2032602) - SAUCE: apparmor4.0.0 [70/82]: prompt - add support for advanced filtering of notifications - SAUCE: apparmor4.0.0 [71/82]: userns - add the ability to reference a global variable for a feature value - SAUCE: apparmor4.0.0 [72/82]: userns - make it so special unconfined profiles can mediate user namespaces - SAUCE: apparmor4.0.0 [73/82]: userns - allow restricting unprivileged change_profile * LSM stacking and AppArmor for 6.2: additional fixes (LP: #2017903) // update apparmor and LSM stacking patch set (LP: #2028253) - SAUCE: apparmor4.0.0 [55/82]: fix profile verification and enable it * udev fails to make prctl() syscall with apparmor=0 (as used by maas by default) (LP: #2016908) // update apparmor and LSM stacking patch set (LP: #2028253) - SAUCE: apparmor4.0.0 [27/82]: Stacking v38: Fix prctl() syscall with apparmor=0 * Miscellaneous Ubuntu changes - [Config] SECURITY_APPARMOR_RESTRICT_USERNS=y . [ Ubuntu: 6.6.0-8.8 ] . * mantic/linux-unstable: 6.6.0-8.8 -proposed tracker (LP: #2040243) * Miscellaneous Ubuntu changes - abi: gc reference to phy-rtk-usb2/phy-rtk-usb3 . [ Ubuntu: 6.6.0-7.7 ] . * mantic/linux-unstable: 6.6.0-7.7 -proposed tracker (LP: #2040147) * test_021_aslr_dapper_libs from ubuntu_qrt_kernel_security failed on K-5.19 / J-OEM-6.1 / J-6.2 AMD64 (LP: #1983357) - [Config]: set ARCH_MMAP_RND_{COMPAT_, }BITS to the maximum * Miscellaneous Ubuntu changes - [Config] updateconfigs following v6.6-rc7 rebase . [ Ubuntu: 6.6.0-6.6 ] . * mantic/linux-unstable: 6.6.0-6.6 -proposed tracker (LP: #2039780) * Miscellaneous Ubuntu changes - rebase on v6.6-rc6 - [Config] updateconfigs following v6.6-rc6 rebase [ Upstream Kernel Changes ] * Rebase to v6.6-rc6 . [ Ubuntu: 6.6.0-5.5 ] . * mantic/linux-unstable: 6.6.0-5.5 -proposed tracker (LP: #2038899) * Miscellaneous Ubuntu changes - rebase on v6.6-rc5 - [Config] updateconfigs following v6.6-rc5 rebase [ Upstream Kernel Changes ] * Rebase to v6.6-rc5 . [ Ubuntu: 6.6.0-4.4 ] . * mantic/linux-unstable: 6.6.0-4.4 -proposed tracker (LP: #2038423) * Miscellaneous Ubuntu changes - rebase on v6.6-rc4 [ Upstream Kernel Changes ] * Rebase to v6.6-rc4 . [ Ubuntu: 6.6.0-3.3 ] . * mantic/linux-unstable: 6.6.0-3.3 -proposed tracker (LP: #2037622) * Miscellaneous Ubuntu changes - [Config] updateconfigs following v6.6-rc3 rebase * Miscellaneous upstream changes - Revert "UBUNTU: SAUCE: enforce rust availability only on x86_64" - arm64: rust: Enable Rust support for AArch64 - arm64: rust: Enable PAC support for Rust. - arm64: Restrict Rust support to little endian only. . [ Ubuntu: 6.6.0-2.2 ] . * Miscellaneous upstream changes - UBUBNTU: [Config] build all COMEDI drivers as modules . [ Ubuntu: 6.6.0-1.1 ] . * Miscellaneous Ubuntu changes - [Packaging] move linux to linux-unstable - [Packaging] rebase on v6.6-rc1 - [Config] updateconfigs following v6.6-rc1 rebase - [packaging] skip ABI, modules and retpoline checks - update dropped.txt - [Config] SHIFT_FS FTBFS with Linux 6.6, disable it - [Config] DELL_UART_BACKLIGHT FTBFS with Linux 6.6, disable it - [Packaging] debian/dkms-versions: temporarily disable dkms - [Packaging] temporarily disable signing for s390x [ Upstream Kernel Changes ] * Rebase to v6.6-rc1 . [ Ubuntu: 6.6.0-0.0 ] . * Empty entry Checksums-Sha1: aa84725827fecd768aeb4b594ff829a3e2c25c73 485900 linux-buildinfo-6.8.0-1001-ibm_6.8.0-1001.1_amd64.deb 9d13254ff0bd6931cb0687f89b39bbd47a1f4c05 3454398 linux-headers-6.8.0-1001-ibm_6.8.0-1001.1_amd64.deb 3200b8a3232c11a9ad2d79d68f5c199eed6f4ed2 11734 linux-ibm-cloud-tools-common_6.8.0-1001.1_all.deb 4ef64249779f3f8219c960b626b627a3f9094544 13423656 linux-ibm-headers-6.8.0-1001_6.8.0-1001.1_all.deb cb759e8ea761dafdc8e8cc734d3e1b6efaac8189 12004 linux-ibm-source-6.8.0_6.8.0-1001.1_all.deb 94406de9b647797ed2d72037a28dfc9cfafbf151 3663176 linux-ibm-tools-6.8.0-1001_6.8.0-1001.1_amd64.deb b07808a1146dbeac5f0e096134fddb7c2b03932d 11762 linux-ibm-tools-common_6.8.0-1001.1_all.deb 35ef7d4d4243a90a0a71535e3ff3473831876137 17956 linux-ibm_6.8.0-1001.1_amd64.buildinfo 0a8af347d244ac96fdebad4a6f8cac89e5bc90c7 46886 linux-ibm_6.8.0-1001.1_amd64_translations.tar.gz 3297f9aaba024776a6ad829c108febe20e7af10e 1741512572 linux-image-unsigned-6.8.0-1001-ibm-dbgsym_6.8.0-1001.1_amd64.ddeb c2ac3a273bba0660e09ef9e717ad8c6a4a5b51bf 14745792 linux-image-unsigned-6.8.0-1001-ibm_6.8.0-1001.1_amd64.deb cacf98fff95c233814bdd603a78a0886e852c55a 37017792 linux-modules-6.8.0-1001-ibm_6.8.0-1001.1_amd64.deb 3ab669b4433854474f5e9de6ef65a665ce405c5f 114288832 linux-modules-extra-6.8.0-1001-ibm_6.8.0-1001.1_amd64.deb eb02355a8de0198a86a5b00d85e89cd87c4f5331 1597632 linux-modules-iwlwifi-6.8.0-1001-ibm_6.8.0-1001.1_amd64.deb 79071e69f463e3967446d9a6d36d43548dbaabb8 1784 linux-tools-6.8.0-1001-ibm_6.8.0-1001.1_amd64.deb Checksums-Sha256: 2cb81d74a2ac2f2899f3a5f5feba24c6b9134225198889d299b8111ade5e68ea 485900 linux-buildinfo-6.8.0-1001-ibm_6.8.0-1001.1_amd64.deb 4001c8a2b8d7c63babce6cca738461d5bf95bac32e99075ac3880a7b1b11d44b 3454398 linux-headers-6.8.0-1001-ibm_6.8.0-1001.1_amd64.deb 22dace16cd055c48c83af7e77d61adfbb5df1a94f5c7882a82928ba24002fd21 11734 linux-ibm-cloud-tools-common_6.8.0-1001.1_all.deb c1af20493a399ad1263eec7e1cedee19b5b5207b93ab073aab2045e2684603a5 13423656 linux-ibm-headers-6.8.0-1001_6.8.0-1001.1_all.deb dfa5d2a284751808944b35243e1ab70cc09653b415035d1adf7ac15583628ec6 12004 linux-ibm-source-6.8.0_6.8.0-1001.1_all.deb 3ab36dbabcff20bd7aa25a767c3464709b1ed6997b8f005b08e446d8ce5aea85 3663176 linux-ibm-tools-6.8.0-1001_6.8.0-1001.1_amd64.deb ab16c6ba59110086965a26018eae69952230e246da9ac3f647784a854a7c0614 11762 linux-ibm-tools-common_6.8.0-1001.1_all.deb 11024b2a236eee0ab1fd78fbd7c97a8577abfe6007571f65e2fceeff9d7b44e9 17956 linux-ibm_6.8.0-1001.1_amd64.buildinfo f1fb44fead5378cb19c161842638fc97b1aa830fbfb177e22097a67d51374727 46886 linux-ibm_6.8.0-1001.1_amd64_translations.tar.gz 46ef75ca6bff986f6a77fec6758053bb7c342a9f35107ec0128c3cf2b5f36634 1741512572 linux-image-unsigned-6.8.0-1001-ibm-dbgsym_6.8.0-1001.1_amd64.ddeb 2bd9d25553bd46a818c0ddb1900f1475e3c126a136542e3f0fd15214f32a3df9 14745792 linux-image-unsigned-6.8.0-1001-ibm_6.8.0-1001.1_amd64.deb 4ccf6dc94440dfd496528bc958d2ceb2c67d7858075fd77265ea3eb3b65f1014 37017792 linux-modules-6.8.0-1001-ibm_6.8.0-1001.1_amd64.deb f0fb2870ebb6a587e3b8233c2e8ac2f4cf89ed580b57b6980e0e2fd9ac41635c 114288832 linux-modules-extra-6.8.0-1001-ibm_6.8.0-1001.1_amd64.deb 077bf4ce47fc9dba74ad56acb9568dd70b929571f34230917acfa7246e16a790 1597632 linux-modules-iwlwifi-6.8.0-1001-ibm_6.8.0-1001.1_amd64.deb b68f010d52db075ba92a8f2f692a52a7a69eff7e1992c1b63151d07a7ff5ee7c 1784 linux-tools-6.8.0-1001-ibm_6.8.0-1001.1_amd64.deb Files: 4ea320cc336fed75f707dbfeed86793b 485900 kernel optional linux-buildinfo-6.8.0-1001-ibm_6.8.0-1001.1_amd64.deb 799e492f5cf45c00cc055477d4397f5a 3454398 devel optional linux-headers-6.8.0-1001-ibm_6.8.0-1001.1_amd64.deb 64be0dd9a4670ba806cc45f775dee7fb 11734 kernel optional linux-ibm-cloud-tools-common_6.8.0-1001.1_all.deb 1525ef0ccdcab7611b08c10415bb3f1a 13423656 devel optional linux-ibm-headers-6.8.0-1001_6.8.0-1001.1_all.deb 7d37f4f4dba5afa794e6718b6c7e868c 12004 devel optional linux-ibm-source-6.8.0_6.8.0-1001.1_all.deb 189e528992bce51a5d05e3978b48e993 3663176 devel optional linux-ibm-tools-6.8.0-1001_6.8.0-1001.1_amd64.deb 043d58e5f377b8298577568da88d1817 11762 kernel optional linux-ibm-tools-common_6.8.0-1001.1_all.deb f1a731d4a20d5582aaaca9dee0c9b533 17956 devel optional linux-ibm_6.8.0-1001.1_amd64.buildinfo 704a07a83d54121c0c7e36440def59be 46886 raw-translations - linux-ibm_6.8.0-1001.1_amd64_translations.tar.gz c404e851fb35c12073ab7a6701606d61 1741512572 devel optional linux-image-unsigned-6.8.0-1001-ibm-dbgsym_6.8.0-1001.1_amd64.ddeb 8fa50e67dbd96989eb32e61a35669c0d 14745792 kernel optional linux-image-unsigned-6.8.0-1001-ibm_6.8.0-1001.1_amd64.deb a1438cee48bf12ec850eb7b61cde4c40 37017792 kernel optional linux-modules-6.8.0-1001-ibm_6.8.0-1001.1_amd64.deb aed385f04d3c26dac9e182fcac974daf 114288832 kernel optional linux-modules-extra-6.8.0-1001-ibm_6.8.0-1001.1_amd64.deb a64a00952ed3ec4706c85559e13088f2 1597632 kernel optional linux-modules-iwlwifi-6.8.0-1001-ibm_6.8.0-1001.1_amd64.deb 6a92c8a0d57b93f94b083289584a1d6d 1784 devel optional linux-tools-6.8.0-1001-ibm_6.8.0-1001.1_amd64.deb Ubuntu-Compatible-Signing: ubuntu/4 pro/3