Format: 1.8 Date: Wed, 17 Apr 2024 16:00:18 +0200 Source: linux-raspi Binary: linux-buildinfo-6.8.0-1003-raspi linux-headers-6.8.0-1003-raspi linux-image-6.8.0-1003-raspi linux-modules-6.8.0-1003-raspi linux-raspi-headers-6.8.0-1003 linux-raspi-tools-6.8.0-1003 linux-tools-6.8.0-1003-raspi Built-For-Profiles: noudeb Architecture: arm64 arm64_translations Version: 6.8.0-1003.3 Distribution: noble Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Paolo Pisati Description: linux-buildinfo-6.8.0-1003-raspi - Linux kernel buildinfo for version 6.8.0 on ARMv8 SMP linux-headers-6.8.0-1003-raspi - Linux kernel headers for version 6.8.0 on ARMv8 SMP linux-image-6.8.0-1003-raspi - Linux kernel image for version 6.8.0 on ARMv8 SMP linux-modules-6.8.0-1003-raspi - Linux kernel modules for version 6.8.0 on ARMv8 SMP linux-raspi-headers-6.8.0-1003 - Header files related to Linux kernel version 6.8.0 linux-raspi-tools-6.8.0-1003 - Linux kernel version specific tools for version 6.8.0-1003 linux-tools-6.8.0-1003-raspi - Linux kernel version specific tools for version 6.8.0-1003 Launchpad-Bugs-Fixed: 1786013 2028253 2032602 2049793 2060225 2060238 2060909 2061083 2061851 2061867 2062008 Changes: linux-raspi (6.8.0-1003.3) noble; urgency=medium . * noble/linux-raspi: 6.8.0-1003.3 -proposed tracker (LP: #2062008) . * Packaging resync (LP: #1786013) - [Packaging] drop getabis data . [ Ubuntu: 6.8.0-28.28 ] . * noble/linux: 6.8.0-28.28 -proposed tracker (LP: #2061867) * linux-gcp 6.8.0-1005.5 (+ others) Noble kernel regression iwth new apparmor profiles/features (LP: #2061851) - SAUCE: apparmor4.0.0 [92/90]: fix address mapping for recvfrom . [ Ubuntu: 6.8.0-25.25 ] . * noble/linux: 6.8.0-25.25 -proposed tracker (LP: #2061083) * Packaging resync (LP: #1786013) - [Packaging] debian.master/dkms-versions -- update from kernel-versions (main/d2024.04.04) * Apply mitigations for the native BHI hardware vulnerabilty (LP: #2060909) - x86/cpufeatures: Add new word for scattered features - x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file - x86/syscall: Don't force use of indirect calls for system calls - x86/bhi: Add support for clearing branch history at syscall entry - x86/bhi: Define SPEC_CTRL_BHI_DIS_S - x86/bhi: Enumerate Branch History Injection (BHI) bug - x86/bhi: Add BHI mitigation knob - x86/bhi: Mitigate KVM by default - KVM: x86: Add BHI_NO - x86: set SPECTRE_BHI_ON as default - [Config] enable spectre_bhi=auto by default * update apparmor and LSM stacking patch set (LP: #2028253) - SAUCE: apparmor4.0.0 [01/90]: LSM stacking v39: integrity: disassociate ima_filter_rule from security_audit_rule - SAUCE: apparmor4.0.0 [02/90]: LSM stacking v39: SM: Infrastructure management of the sock security - SAUCE: apparmor4.0.0 [03/90]: LSM stacking v39: LSM: Add the lsmblob data structure. - SAUCE: apparmor4.0.0 [04/90]: LSM stacking v39: IMA: avoid label collisions with stacked LSMs - SAUCE: apparmor4.0.0 [05/90]: LSM stacking v39: LSM: Use lsmblob in security_audit_rule_match - SAUCE: apparmor4.0.0 [06/90]: LSM stacking v39: LSM: Add lsmblob_to_secctx hook - SAUCE: apparmor4.0.0 [07/90]: LSM stacking v39: Audit: maintain an lsmblob in audit_context - SAUCE: apparmor4.0.0 [08/90]: LSM stacking v39: LSM: Use lsmblob in security_ipc_getsecid - SAUCE: apparmor4.0.0 [09/90]: LSM stacking v39: Audit: Update shutdown LSM data - SAUCE: apparmor4.0.0 [10/90]: LSM stacking v39: LSM: Use lsmblob in security_current_getsecid - SAUCE: apparmor4.0.0 [11/90]: LSM stacking v39: LSM: Use lsmblob in security_inode_getsecid - SAUCE: apparmor4.0.0 [12/90]: LSM stacking v39: Audit: use an lsmblob in audit_names - SAUCE: apparmor4.0.0 [13/90]: LSM stacking v39: LSM: Create new security_cred_getlsmblob LSM hook - SAUCE: apparmor4.0.0 [14/90]: LSM stacking v39: Audit: Change context data from secid to lsmblob - SAUCE: apparmor4.0.0 [15/90]: LSM stacking v39: Netlabel: Use lsmblob for audit data - SAUCE: apparmor4.0.0 [16/90]: LSM stacking v39: LSM: Ensure the correct LSM context releaser - SAUCE: apparmor4.0.0 [17/90]: LSM stacking v39: LSM: Use lsmcontext in security_secid_to_secctx - SAUCE: apparmor4.0.0 [18/90]: LSM stacking v39: LSM: Use lsmcontext in security_lsmblob_to_secctx - SAUCE: apparmor4.0.0 [19/90]: LSM stacking v39: LSM: Use lsmcontext in security_inode_getsecctx - SAUCE: apparmor4.0.0 [20/90]: LSM stacking v39: LSM: Use lsmcontext in security_dentry_init_security - SAUCE: apparmor4.0.0 [21/90]: LSM stacking v39: LSM: security_lsmblob_to_secctx module selection - SAUCE: apparmor4.0.0 [22/90]: LSM stacking v39: Audit: Create audit_stamp structure - SAUCE: apparmor4.0.0 [23/90]: LSM stacking v39: Audit: Allow multiple records in an audit_buffer - SAUCE: apparmor4.0.0 [24/90]: LSM stacking v39: Audit: Add record for multiple task security contexts - SAUCE: apparmor4.0.0 [25/90]: LSM stacking v39: audit: multiple subject lsm values for netlabel - SAUCE: apparmor4.0.0 [26/90]: LSM stacking v39: Audit: Add record for multiple object contexts - SAUCE: apparmor4.0.0 [27/90]: LSM stacking v39: LSM: Remove unused lsmcontext_init() - SAUCE: apparmor4.0.0 [28/90]: LSM stacking v39: LSM: Improve logic in security_getprocattr - SAUCE: apparmor4.0.0 [29/90]: LSM stacking v39: LSM: secctx provider check on release - SAUCE: apparmor4.0.0 [31/90]: LSM stacking v39: LSM: Exclusive secmark usage - SAUCE: apparmor4.0.0 [32/90]: LSM stacking v39: LSM: Identify which LSM handles the context string - SAUCE: apparmor4.0.0 [33/90]: LSM stacking v39: AppArmor: Remove the exclusive flag - SAUCE: apparmor4.0.0 [34/90]: LSM stacking v39: LSM: Add mount opts blob size tracking - SAUCE: apparmor4.0.0 [35/90]: LSM stacking v39: LSM: allocate mnt_opts blobs instead of module specific data - SAUCE: apparmor4.0.0 [36/90]: LSM stacking v39: LSM: Infrastructure management of the key security blob - SAUCE: apparmor4.0.0 [37/90]: LSM stacking v39: LSM: Infrastructure management of the mnt_opts security blob - SAUCE: apparmor4.0.0 [38/90]: LSM stacking v39: LSM: Correct handling of ENOSYS in inode_setxattr - SAUCE: apparmor4.0.0 [39/90]: LSM stacking v39: LSM: Remove lsmblob scaffolding - SAUCE: apparmor4.0.0 [40/90]: LSM stacking v39: LSM: Allow reservation of netlabel - SAUCE: apparmor4.0.0 [41/90]: LSM stacking v39: LSM: restrict security_cred_getsecid() to a single LSM - SAUCE: apparmor4.0.0 [42/90]: LSM stacking v39: Smack: Remove LSM_FLAG_EXCLUSIVE - SAUCE: apparmor4.0.0 [43/90]: LSM stacking v39: UBUNTU: SAUCE: apparmor4.0.0 [12/95]: add/use fns to print hash string hex value - SAUCE: apparmor4.0.0 [44/90]: patch to provide compatibility with v2.x net rules - SAUCE: apparmor4.0.0 [45/90]: add unpriviled user ns mediation - SAUCE: apparmor4.0.0 [46/90]: Add sysctls for additional controls of unpriv userns restrictions - SAUCE: apparmor4.0.0 [47/90]: af_unix mediation - SAUCE: apparmor4.0.0 [48/90]: Add fine grained mediation of posix mqueues - SAUCE: apparmor4.0.0 [49/90]: setup slab cache for audit data - SAUCE: apparmor4.0.0 [50/90]: Improve debug print infrastructure - SAUCE: apparmor4.0.0 [51/90]: add the ability for profiles to have a learning cache - SAUCE: apparmor4.0.0 [52/90]: enable userspace upcall for mediation - SAUCE: apparmor4.0.0 [53/90]: prompt - lock down prompt interface - SAUCE: apparmor4.0.0 [54/90]: prompt - allow controlling of caching of a prompt response - SAUCE: apparmor4.0.0 [55/90]: prompt - add refcount to audit_node in prep or reuse and delete - SAUCE: apparmor4.0.0 [56/90]: prompt - refactor to moving caching to uresponse - SAUCE: apparmor4.0.0 [57/90]: prompt - Improve debug statements - SAUCE: apparmor4.0.0 [58/90]: prompt - fix caching - SAUCE: apparmor4.0.0 [59/90]: prompt - rework build to use append fn, to simplify adding strings - SAUCE: apparmor4.0.0 [60/90]: prompt - refcount notifications - SAUCE: apparmor4.0.0 [61/90]: prompt - add the ability to reply with a profile name - SAUCE: apparmor4.0.0 [62/90]: prompt - fix notification cache when updating - SAUCE: apparmor4.0.0 [63/90]: prompt - add tailglob on name for cache support - SAUCE: apparmor4.0.0 [64/90]: prompt - allow profiles to set prompts as interruptible - SAUCE: apparmor4.0.0 [65/90] v6.8 prompt:fixup interruptible - SAUCE: apparmor4.0.0 [69/90]: add io_uring mediation - SAUCE: apparmor4.0.0 [70/90]: apparmor: fix oops when racing to retrieve notification - SAUCE: apparmor4.0.0 [71/90]: apparmor: fix notification header size - SAUCE: apparmor4.0.0 [72/90]: apparmor: fix request field from a prompt reply that denies all access - SAUCE: apparmor4.0.0 [73/90]: apparmor: open userns related sysctl so lxc can check if restriction are in place - SAUCE: apparmor4.0.0 [74/90]: apparmor: cleanup attachment perm lookup to use lookup_perms() - SAUCE: apparmor4.0.0 [75/90]: apparmor: remove redundant unconfined check. - SAUCE: apparmor4.0.0 [76/90]: apparmor: switch signal mediation to using RULE_MEDIATES - SAUCE: apparmor4.0.0 [77/90]: apparmor: ensure labels with more than one entry have correct flags - SAUCE: apparmor4.0.0 [78/90]: apparmor: remove explicit restriction that unconfined cannot use change_hat - SAUCE: apparmor4.0.0 [79/90]: apparmor: cleanup: refactor file_perm() to provide semantics of some checks - SAUCE: apparmor4.0.0 [80/90]: apparmor: carry mediation check on label - SAUCE: apparmor4.0.0 [81/90]: apparmor: convert easy uses of unconfined() to label_mediates() - SAUCE: apparmor4.0.0 [82/90]: apparmor: add additional flags to extended permission. - SAUCE: apparmor4.0.0 [83/90]: apparmor: add support for profiles to define the kill signal - SAUCE: apparmor4.0.0 [84/90]: apparmor: fix x_table_lookup when stacking is not the first entry - SAUCE: apparmor4.0.0 [85/90]: apparmor: allow profile to be transitioned when a user ns is created - SAUCE: apparmor4.0.0 [86/90]: apparmor: add ability to mediate caps with policy state machine - SAUCE: apparmor4.0.0 [87/90]: fixup notify - SAUCE: apparmor4.0.0 [88/90]: apparmor: add fine grained ipv4/ipv6 mediation - SAUCE: apparmor4.0.0 [89/90]:apparmor: disable tailglob responses for now - SAUCE: apparmor4.0.0 [90/90]: apparmor: Fix notify build warnings - SAUCE: apparmor4.0.0: fix reserved mem for when we save ipv6 addresses - [Config] disable CONFIG_SECURITY_APPARMOR_RESTRICT_USERNS * update apparmor and LSM stacking patch set (LP: #2028253) // [FFe] apparmor-4.0.0-alpha2 for unprivileged user namespace restrictions in mantic (LP: #2032602) - SAUCE: apparmor4.0.0 [66/90]: prompt - add support for advanced filtering of notifications - SAUCE: apparmor4.0.0 [67/90]: userns - add the ability to reference a global variable for a feature value - SAUCE: apparmor4.0.0 [68/90]: userns - make it so special unconfined profiles can mediate user namespaces * [MTL] x86: Fix Cache info sysfs is not populated (LP: #2049793) - SAUCE: cacheinfo: Check for null last-level cache info - SAUCE: cacheinfo: Allocate memory for memory if not done from the primary CPU - SAUCE: x86/cacheinfo: Delete global num_cache_leaves - SAUCE: x86/cacheinfo: Clean out init_cache_level() * Miscellaneous Ubuntu changes - SAUCE: apparmor4.0.0: LSM stacking v39: fix build error with CONFIG_SECURITY=n - [Config] toolchain version update . [ Ubuntu: 6.8.0-22.22 ] . * noble/linux: 6.8.0-22.22 -proposed tracker (LP: #2060238) . [ Ubuntu: 6.8.0-21.21 ] . * noble/linux: 6.8.0-21.21 -proposed tracker (LP: #2060225) * Miscellaneous Ubuntu changes - [Config] update toolchain version in annotations . * Rebase on Ubuntu-6.8.0-28.28 Checksums-Sha1: fd18ea927ca7078fc67e0535ad89443b6aa9f734 481602 linux-buildinfo-6.8.0-1003-raspi_6.8.0-1003.3_arm64.deb cfd08c28cd6d3530e20d8649733a4dc856205c1a 1091832 linux-headers-6.8.0-1003-raspi_6.8.0-1003.3_arm64.deb 6c3da83295b6f4d1fcea2d861d4d76dc50170c8f 1375375724 linux-image-6.8.0-1003-raspi-dbgsym_6.8.0-1003.3_arm64.ddeb 5b7f0d8d27b0e5eb72655ffd3263209e9fbccd83 10772672 linux-image-6.8.0-1003-raspi_6.8.0-1003.3_arm64.deb 3b594eac0d91ca936a88b666801a6b60380228a4 91269312 linux-modules-6.8.0-1003-raspi_6.8.0-1003.3_arm64.deb b259b61c9348837d36d0f3f623be3dd76c5e9d50 13496766 linux-raspi-headers-6.8.0-1003_6.8.0-1003.3_arm64.deb d35b92ecd9d3f23c588c27f5150ded8b0ea36841 2523116 linux-raspi-tools-6.8.0-1003_6.8.0-1003.3_arm64.deb 967edbc19ee71afd6c3d9d1cc6c10b7ae8a4ec5a 13336 linux-raspi_6.8.0-1003.3_arm64.buildinfo e8a862e9c10bb54363729bb74e3785e9b9722841 47145 linux-raspi_6.8.0-1003.3_arm64_translations.tar.gz a17bdf2ebafc2b636675fde289612f7bb9ef1699 1708 linux-tools-6.8.0-1003-raspi_6.8.0-1003.3_arm64.deb Checksums-Sha256: 644849fcf1efa8024d1cce3e50ae694477024bd50c0eadf9d6e6284638782249 481602 linux-buildinfo-6.8.0-1003-raspi_6.8.0-1003.3_arm64.deb c7981c77d493c8412a059119bf4efcd951ccf093adf845b118ea66784fde6fda 1091832 linux-headers-6.8.0-1003-raspi_6.8.0-1003.3_arm64.deb 4576332ee0f1af8e0292729ecf5d605f8cc171af98b4348b30474f75fa54f47e 1375375724 linux-image-6.8.0-1003-raspi-dbgsym_6.8.0-1003.3_arm64.ddeb 588b88b18803e1e8797155739acf431e9d954d4b64840cb70fd489d4d7fcb9af 10772672 linux-image-6.8.0-1003-raspi_6.8.0-1003.3_arm64.deb ce628207802bddbe459dac59679b9f480263fa0503a1a52ab4412cea65617ad7 91269312 linux-modules-6.8.0-1003-raspi_6.8.0-1003.3_arm64.deb ab01c6d503e8cc9bf42ca26d93babc27ef8c04dd5bd120863fafc21224bbe51d 13496766 linux-raspi-headers-6.8.0-1003_6.8.0-1003.3_arm64.deb de43b2b79ef9295d03ea08beab08ed1f1bcc284e5fa4f9f186502b1ab687df20 2523116 linux-raspi-tools-6.8.0-1003_6.8.0-1003.3_arm64.deb 22a200756e26d29055eca1b0aa27ebf7cb303b2658de32e507484830fbf33b51 13336 linux-raspi_6.8.0-1003.3_arm64.buildinfo 9754f196be59cf484c01ba9a0b2856c4328bb800dc2192e868a3d5680060b375 47145 linux-raspi_6.8.0-1003.3_arm64_translations.tar.gz e2b1947c6913d26546e57cf2062166273387903e337236c8d14792185b79b397 1708 linux-tools-6.8.0-1003-raspi_6.8.0-1003.3_arm64.deb Files: ea750b5e578fe9b4eeb38c63492c47c8 481602 kernel optional linux-buildinfo-6.8.0-1003-raspi_6.8.0-1003.3_arm64.deb e57f3610d02accb89192223ce05e9c39 1091832 devel optional linux-headers-6.8.0-1003-raspi_6.8.0-1003.3_arm64.deb 90cb915695f14d23f8f825145b3d5b37 1375375724 devel optional linux-image-6.8.0-1003-raspi-dbgsym_6.8.0-1003.3_arm64.ddeb 64793bf0b68c2cdd20e95c681621cb0b 10772672 kernel optional linux-image-6.8.0-1003-raspi_6.8.0-1003.3_arm64.deb 25114ca4ae0dd1076759a3a15f2dd5fb 91269312 kernel optional linux-modules-6.8.0-1003-raspi_6.8.0-1003.3_arm64.deb 985aa903bbb668d34dbce57ba51bce31 13496766 devel optional linux-raspi-headers-6.8.0-1003_6.8.0-1003.3_arm64.deb ba21886e3dfc9d2810a828e38b3b48e1 2523116 devel optional linux-raspi-tools-6.8.0-1003_6.8.0-1003.3_arm64.deb 29c96bd1bdce34a453b8d5b86960ac7b 13336 devel optional linux-raspi_6.8.0-1003.3_arm64.buildinfo 6610650be058cf6c8e4c3bc9f3adc731 47145 raw-translations - linux-raspi_6.8.0-1003.3_arm64_translations.tar.gz 6449a5ff47463b7efe49fe2ea053b491 1708 devel optional linux-tools-6.8.0-1003-raspi_6.8.0-1003.3_arm64.deb Ubuntu-Compatible-Signing: ubuntu/4 pro/3