Format: 1.8 Date: Tue, 16 Apr 2024 23:27:33 +0200 Source: linux-riscv Binary: linux-buildinfo-6.8.0-28-generic linux-headers-6.8.0-28-generic linux-image-6.8.0-28-generic linux-modules-6.8.0-28-generic linux-riscv-headers-6.8.0-28 linux-riscv-tools-6.8.0-28 linux-tools-6.8.0-28-generic Built-For-Profiles: noudeb Architecture: riscv64 all riscv64_translations Version: 6.8.0-28.28.1~2 Distribution: noble Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Emil Renner Berthing Description: linux-buildinfo-6.8.0-28-generic - Linux kernel buildinfo for version 6.8.0 on RISC-V SMP linux-headers-6.8.0-28-generic - Linux kernel headers for version 6.8.0 on RISC-V SMP linux-image-6.8.0-28-generic - Linux kernel image for version 6.8.0 on RISC-V SMP linux-modules-6.8.0-28-generic - Linux kernel extra modules for version 6.8.0 on RISC-V SMP linux-riscv-headers-6.8.0-28 - Header files related to Linux kernel version 6.8.0 linux-riscv-tools-6.8.0-28 - Linux kernel version specific tools for version 6.8.0-28 linux-tools-6.8.0-28-generic - Linux kernel version specific tools for version 6.8.0-28 Launchpad-Bugs-Fixed: 1786013 2013232 2028253 2032602 2049793 2060225 2060238 2060909 2061083 2061851 2061867 2061897 Changes: linux-riscv (6.8.0-28.28.1~2) noble; urgency=medium . * Enable Milk-V Mars board (LP: #2061897) - SAUCE: riscv: dts: starfive: add 'cpus' label to jh7110 and jh7100 soc dtsi - SAUCE: dt-bindings: riscv: starfive: add Milkv Mars board - SAUCE: riscv: dts: starfive: visionfive 2: update sound and codec dt node name - SAUCE: riscv: dts: starfive: visionfive 2: use cpus label for timebase freq - SAUCE: riscv: dts: starfive: introduce a common board dtsi for jh7110 based boards - SAUCE: riscv: dts: starfive: add Milkv Mars board device tree . * Enable StarFive VisionFive 2 board (LP: #2013232) - SAUCE: riscv: dts: starfive: visionfive 2: Remove non-existing TDM hardware - SAUCE: riscv: dts: starfive: visionfive 2: Remove non-existing I2S hardware . [ Ubuntu: 6.8.0-28.28 ] . * noble/linux: 6.8.0-28.28 -proposed tracker (LP: #2061867) * linux-gcp 6.8.0-1005.5 (+ others) Noble kernel regression iwth new apparmor profiles/features (LP: #2061851) - SAUCE: apparmor4.0.0 [92/90]: fix address mapping for recvfrom . [ Ubuntu: 6.8.0-25.25 ] . * noble/linux: 6.8.0-25.25 -proposed tracker (LP: #2061083) * Packaging resync (LP: #1786013) - [Packaging] debian.master/dkms-versions -- update from kernel-versions (main/d2024.04.04) * Apply mitigations for the native BHI hardware vulnerabilty (LP: #2060909) - x86/cpufeatures: Add new word for scattered features - x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file - x86/syscall: Don't force use of indirect calls for system calls - x86/bhi: Add support for clearing branch history at syscall entry - x86/bhi: Define SPEC_CTRL_BHI_DIS_S - x86/bhi: Enumerate Branch History Injection (BHI) bug - x86/bhi: Add BHI mitigation knob - x86/bhi: Mitigate KVM by default - KVM: x86: Add BHI_NO - x86: set SPECTRE_BHI_ON as default - [Config] enable spectre_bhi=auto by default * update apparmor and LSM stacking patch set (LP: #2028253) - SAUCE: apparmor4.0.0 [01/90]: LSM stacking v39: integrity: disassociate ima_filter_rule from security_audit_rule - SAUCE: apparmor4.0.0 [02/90]: LSM stacking v39: SM: Infrastructure management of the sock security - SAUCE: apparmor4.0.0 [03/90]: LSM stacking v39: LSM: Add the lsmblob data structure. - SAUCE: apparmor4.0.0 [04/90]: LSM stacking v39: IMA: avoid label collisions with stacked LSMs - SAUCE: apparmor4.0.0 [05/90]: LSM stacking v39: LSM: Use lsmblob in security_audit_rule_match - SAUCE: apparmor4.0.0 [06/90]: LSM stacking v39: LSM: Add lsmblob_to_secctx hook - SAUCE: apparmor4.0.0 [07/90]: LSM stacking v39: Audit: maintain an lsmblob in audit_context - SAUCE: apparmor4.0.0 [08/90]: LSM stacking v39: LSM: Use lsmblob in security_ipc_getsecid - SAUCE: apparmor4.0.0 [09/90]: LSM stacking v39: Audit: Update shutdown LSM data - SAUCE: apparmor4.0.0 [10/90]: LSM stacking v39: LSM: Use lsmblob in security_current_getsecid - SAUCE: apparmor4.0.0 [11/90]: LSM stacking v39: LSM: Use lsmblob in security_inode_getsecid - SAUCE: apparmor4.0.0 [12/90]: LSM stacking v39: Audit: use an lsmblob in audit_names - SAUCE: apparmor4.0.0 [13/90]: LSM stacking v39: LSM: Create new security_cred_getlsmblob LSM hook - SAUCE: apparmor4.0.0 [14/90]: LSM stacking v39: Audit: Change context data from secid to lsmblob - SAUCE: apparmor4.0.0 [15/90]: LSM stacking v39: Netlabel: Use lsmblob for audit data - SAUCE: apparmor4.0.0 [16/90]: LSM stacking v39: LSM: Ensure the correct LSM context releaser - SAUCE: apparmor4.0.0 [17/90]: LSM stacking v39: LSM: Use lsmcontext in security_secid_to_secctx - SAUCE: apparmor4.0.0 [18/90]: LSM stacking v39: LSM: Use lsmcontext in security_lsmblob_to_secctx - SAUCE: apparmor4.0.0 [19/90]: LSM stacking v39: LSM: Use lsmcontext in security_inode_getsecctx - SAUCE: apparmor4.0.0 [20/90]: LSM stacking v39: LSM: Use lsmcontext in security_dentry_init_security - SAUCE: apparmor4.0.0 [21/90]: LSM stacking v39: LSM: security_lsmblob_to_secctx module selection - SAUCE: apparmor4.0.0 [22/90]: LSM stacking v39: Audit: Create audit_stamp structure - SAUCE: apparmor4.0.0 [23/90]: LSM stacking v39: Audit: Allow multiple records in an audit_buffer - SAUCE: apparmor4.0.0 [24/90]: LSM stacking v39: Audit: Add record for multiple task security contexts - SAUCE: apparmor4.0.0 [25/90]: LSM stacking v39: audit: multiple subject lsm values for netlabel - SAUCE: apparmor4.0.0 [26/90]: LSM stacking v39: Audit: Add record for multiple object contexts - SAUCE: apparmor4.0.0 [27/90]: LSM stacking v39: LSM: Remove unused lsmcontext_init() - SAUCE: apparmor4.0.0 [28/90]: LSM stacking v39: LSM: Improve logic in security_getprocattr - SAUCE: apparmor4.0.0 [29/90]: LSM stacking v39: LSM: secctx provider check on release - SAUCE: apparmor4.0.0 [31/90]: LSM stacking v39: LSM: Exclusive secmark usage - SAUCE: apparmor4.0.0 [32/90]: LSM stacking v39: LSM: Identify which LSM handles the context string - SAUCE: apparmor4.0.0 [33/90]: LSM stacking v39: AppArmor: Remove the exclusive flag - SAUCE: apparmor4.0.0 [34/90]: LSM stacking v39: LSM: Add mount opts blob size tracking - SAUCE: apparmor4.0.0 [35/90]: LSM stacking v39: LSM: allocate mnt_opts blobs instead of module specific data - SAUCE: apparmor4.0.0 [36/90]: LSM stacking v39: LSM: Infrastructure management of the key security blob - SAUCE: apparmor4.0.0 [37/90]: LSM stacking v39: LSM: Infrastructure management of the mnt_opts security blob - SAUCE: apparmor4.0.0 [38/90]: LSM stacking v39: LSM: Correct handling of ENOSYS in inode_setxattr - SAUCE: apparmor4.0.0 [39/90]: LSM stacking v39: LSM: Remove lsmblob scaffolding - SAUCE: apparmor4.0.0 [40/90]: LSM stacking v39: LSM: Allow reservation of netlabel - SAUCE: apparmor4.0.0 [41/90]: LSM stacking v39: LSM: restrict security_cred_getsecid() to a single LSM - SAUCE: apparmor4.0.0 [42/90]: LSM stacking v39: Smack: Remove LSM_FLAG_EXCLUSIVE - SAUCE: apparmor4.0.0 [43/90]: LSM stacking v39: UBUNTU: SAUCE: apparmor4.0.0 [12/95]: add/use fns to print hash string hex value - SAUCE: apparmor4.0.0 [44/90]: patch to provide compatibility with v2.x net rules - SAUCE: apparmor4.0.0 [45/90]: add unpriviled user ns mediation - SAUCE: apparmor4.0.0 [46/90]: Add sysctls for additional controls of unpriv userns restrictions - SAUCE: apparmor4.0.0 [47/90]: af_unix mediation - SAUCE: apparmor4.0.0 [48/90]: Add fine grained mediation of posix mqueues - SAUCE: apparmor4.0.0 [49/90]: setup slab cache for audit data - SAUCE: apparmor4.0.0 [50/90]: Improve debug print infrastructure - SAUCE: apparmor4.0.0 [51/90]: add the ability for profiles to have a learning cache - SAUCE: apparmor4.0.0 [52/90]: enable userspace upcall for mediation - SAUCE: apparmor4.0.0 [53/90]: prompt - lock down prompt interface - SAUCE: apparmor4.0.0 [54/90]: prompt - allow controlling of caching of a prompt response - SAUCE: apparmor4.0.0 [55/90]: prompt - add refcount to audit_node in prep or reuse and delete - SAUCE: apparmor4.0.0 [56/90]: prompt - refactor to moving caching to uresponse - SAUCE: apparmor4.0.0 [57/90]: prompt - Improve debug statements - SAUCE: apparmor4.0.0 [58/90]: prompt - fix caching - SAUCE: apparmor4.0.0 [59/90]: prompt - rework build to use append fn, to simplify adding strings - SAUCE: apparmor4.0.0 [60/90]: prompt - refcount notifications - SAUCE: apparmor4.0.0 [61/90]: prompt - add the ability to reply with a profile name - SAUCE: apparmor4.0.0 [62/90]: prompt - fix notification cache when updating - SAUCE: apparmor4.0.0 [63/90]: prompt - add tailglob on name for cache support - SAUCE: apparmor4.0.0 [64/90]: prompt - allow profiles to set prompts as interruptible - SAUCE: apparmor4.0.0 [65/90] v6.8 prompt:fixup interruptible - SAUCE: apparmor4.0.0 [69/90]: add io_uring mediation - SAUCE: apparmor4.0.0 [70/90]: apparmor: fix oops when racing to retrieve notification - SAUCE: apparmor4.0.0 [71/90]: apparmor: fix notification header size - SAUCE: apparmor4.0.0 [72/90]: apparmor: fix request field from a prompt reply that denies all access - SAUCE: apparmor4.0.0 [73/90]: apparmor: open userns related sysctl so lxc can check if restriction are in place - SAUCE: apparmor4.0.0 [74/90]: apparmor: cleanup attachment perm lookup to use lookup_perms() - SAUCE: apparmor4.0.0 [75/90]: apparmor: remove redundant unconfined check. - SAUCE: apparmor4.0.0 [76/90]: apparmor: switch signal mediation to using RULE_MEDIATES - SAUCE: apparmor4.0.0 [77/90]: apparmor: ensure labels with more than one entry have correct flags - SAUCE: apparmor4.0.0 [78/90]: apparmor: remove explicit restriction that unconfined cannot use change_hat - SAUCE: apparmor4.0.0 [79/90]: apparmor: cleanup: refactor file_perm() to provide semantics of some checks - SAUCE: apparmor4.0.0 [80/90]: apparmor: carry mediation check on label - SAUCE: apparmor4.0.0 [81/90]: apparmor: convert easy uses of unconfined() to label_mediates() - SAUCE: apparmor4.0.0 [82/90]: apparmor: add additional flags to extended permission. - SAUCE: apparmor4.0.0 [83/90]: apparmor: add support for profiles to define the kill signal - SAUCE: apparmor4.0.0 [84/90]: apparmor: fix x_table_lookup when stacking is not the first entry - SAUCE: apparmor4.0.0 [85/90]: apparmor: allow profile to be transitioned when a user ns is created - SAUCE: apparmor4.0.0 [86/90]: apparmor: add ability to mediate caps with policy state machine - SAUCE: apparmor4.0.0 [87/90]: fixup notify - SAUCE: apparmor4.0.0 [88/90]: apparmor: add fine grained ipv4/ipv6 mediation - SAUCE: apparmor4.0.0 [89/90]:apparmor: disable tailglob responses for now - SAUCE: apparmor4.0.0 [90/90]: apparmor: Fix notify build warnings - SAUCE: apparmor4.0.0: fix reserved mem for when we save ipv6 addresses - [Config] disable CONFIG_SECURITY_APPARMOR_RESTRICT_USERNS * update apparmor and LSM stacking patch set (LP: #2028253) // [FFe] apparmor-4.0.0-alpha2 for unprivileged user namespace restrictions in mantic (LP: #2032602) - SAUCE: apparmor4.0.0 [66/90]: prompt - add support for advanced filtering of notifications - SAUCE: apparmor4.0.0 [67/90]: userns - add the ability to reference a global variable for a feature value - SAUCE: apparmor4.0.0 [68/90]: userns - make it so special unconfined profiles can mediate user namespaces * [MTL] x86: Fix Cache info sysfs is not populated (LP: #2049793) - SAUCE: cacheinfo: Check for null last-level cache info - SAUCE: cacheinfo: Allocate memory for memory if not done from the primary CPU - SAUCE: x86/cacheinfo: Delete global num_cache_leaves - SAUCE: x86/cacheinfo: Clean out init_cache_level() * Miscellaneous Ubuntu changes - SAUCE: apparmor4.0.0: LSM stacking v39: fix build error with CONFIG_SECURITY=n - [Config] toolchain version update . [ Ubuntu: 6.8.0-22.22 ] . * noble/linux: 6.8.0-22.22 -proposed tracker (LP: #2060238) . [ Ubuntu: 6.8.0-21.21 ] . * noble/linux: 6.8.0-21.21 -proposed tracker (LP: #2060225) * Miscellaneous Ubuntu changes - [Config] update toolchain version in annotations Checksums-Sha1: 0fe1f9d1407c10fa859eeba4bf4b618b2868b241 642640 linux-buildinfo-6.8.0-28-generic_6.8.0-28.28.1~2_riscv64.deb 1fc8fc8952185743ca6323ab5e84a684495e7963 7466342 linux-headers-6.8.0-28-generic_6.8.0-28.28.1~2_riscv64.deb 1efe623cf147c8a2f3af22cf2f1ceb90149e43ec 38830272 linux-image-6.8.0-28-generic_6.8.0-28.28.1~2_riscv64.deb 6bc93fd41abcd10b4e31b236cb31496b69501857 145141952 linux-modules-6.8.0-28-generic_6.8.0-28.28.1~2_riscv64.deb afd0e2bf8e6f0e72b29f853b68459246fb8da6d7 13610194 linux-riscv-headers-6.8.0-28_6.8.0-28.28.1~2_all.deb 7efd0e2f947920eedb5c53afc39f861d33250dfa 2772964 linux-riscv-tools-6.8.0-28_6.8.0-28.28.1~2_riscv64.deb 0086a46d4a7dc2a06ef79fb51af44c6d2fbb4673 12584 linux-riscv_6.8.0-28.28.1~2_riscv64.buildinfo a5655b4c3f24d8726d5a1eecd955ebcfff2ec0a9 47016 linux-riscv_6.8.0-28.28.1~2_riscv64_translations.tar.gz 4a68709143f84592cb78c83ab4184fc2c52ca71b 1738 linux-tools-6.8.0-28-generic_6.8.0-28.28.1~2_riscv64.deb Checksums-Sha256: 9ceaf51cc391e22606094ba7e204b64721b8af6561d3c875b93abe1d79e05f32 642640 linux-buildinfo-6.8.0-28-generic_6.8.0-28.28.1~2_riscv64.deb 04dc6bf1fdff1b93f989f91a465d968b267e678faa560bd580579e17c5c696bd 7466342 linux-headers-6.8.0-28-generic_6.8.0-28.28.1~2_riscv64.deb a2c080b54e23ca0d47fa0f65d3009fbc41febbdb2e2129eb338c779fe40a81c8 38830272 linux-image-6.8.0-28-generic_6.8.0-28.28.1~2_riscv64.deb 9806bf3424ab810bb8d15154fa63f42b101a3eb9603490da8e52ce0c97fc5878 145141952 linux-modules-6.8.0-28-generic_6.8.0-28.28.1~2_riscv64.deb 996ad8a7934db8ae245e48539a65d1ff93e19a457bab7262064798e498bd81cf 13610194 linux-riscv-headers-6.8.0-28_6.8.0-28.28.1~2_all.deb 47c927aceac610853c0b150d7605548b8122ad7660d340f06c329b6116fe616a 2772964 linux-riscv-tools-6.8.0-28_6.8.0-28.28.1~2_riscv64.deb 24e9559d9d513bf42631573a3818bb958980158670faa89986be1839c247d9cd 12584 linux-riscv_6.8.0-28.28.1~2_riscv64.buildinfo a88fe7c3ded63ac9236106f32d418128113b25d21754096d347c511f001fb780 47016 linux-riscv_6.8.0-28.28.1~2_riscv64_translations.tar.gz 59039e0904b4e35955f757d7fdd8ca77f3e3fecf124c7fd2f2f3f23939e415eb 1738 linux-tools-6.8.0-28-generic_6.8.0-28.28.1~2_riscv64.deb Files: 5976d00dd84af4e8d26b1ef56497108d 642640 kernel optional linux-buildinfo-6.8.0-28-generic_6.8.0-28.28.1~2_riscv64.deb cde7536c6c569c1c24166fb52ec8036a 7466342 devel optional linux-headers-6.8.0-28-generic_6.8.0-28.28.1~2_riscv64.deb bcbd4b9a1c220a72c3de0cab1d430e14 38830272 kernel optional linux-image-6.8.0-28-generic_6.8.0-28.28.1~2_riscv64.deb 8f9664435ed5a23e48552e8ca5ea08a4 145141952 kernel optional linux-modules-6.8.0-28-generic_6.8.0-28.28.1~2_riscv64.deb 040cb6a55e5f08e0b992430fa1177d41 13610194 devel optional linux-riscv-headers-6.8.0-28_6.8.0-28.28.1~2_all.deb d8bb59411d783f1bbf2d02984e8c1b5f 2772964 devel optional linux-riscv-tools-6.8.0-28_6.8.0-28.28.1~2_riscv64.deb 5b13b6ccf590bbbff269c255475faff1 12584 devel optional linux-riscv_6.8.0-28.28.1~2_riscv64.buildinfo a6410e7a03aaefb366460d64035ca596 47016 raw-translations - linux-riscv_6.8.0-28.28.1~2_riscv64_translations.tar.gz 9bb447adb5b1ffe52a280bd60fb20dd9 1738 devel optional linux-tools-6.8.0-28-generic_6.8.0-28.28.1~2_riscv64.deb Ubuntu-Compatible-Signing: ubuntu/4 pro/3