This bug was fixed in the package linux-azure - 6.8.0-1001.1 --------------- linux-azure (6.8.0-1001.1) noble; urgency=medium * noble/linux-azure: 6.8.0-1001.1 -proposed tracker (LP: #2052777) * Packaging resync (LP: #1786013) - debian.azure/dkms-versions -- update from kernel-versions (main/d2024.02.07) * Azure: cifs modules missing from the linux-modules package (LP: #2052980) - [Config] Move cifs.ko to linux-modules package * Azure: Enable CONFIG_TEST_LOCKUP (LP: #2052723) - [Config] CONFIG_TEST_LOCKUP=m * Miscellaneous Ubuntu changes - [Packaging] azure: update Rust toolchain - [Packaging] azure: move to kernel v6.8 - [Config] azure: update annotations after moving to v6.8 [ Ubuntu: 6.8.0-9.9 ] * noble/linux: 6.8.0-9.9 -proposed tracker (LP: #2052945) * Miscellaneous upstream changes - Revert "UBUNTU: [Packaging] temporarily disable Rust dependencies on riscv64" [ Ubuntu: 6.8.0-8.8 ] * noble/linux: 6.8.0-8.8 -proposed tracker (LP: #2052918) * Miscellaneous Ubuntu changes - [Packaging] riscv64: enable linux-libc-dev build - v6.8-rc4 rebase * Rebase on v6.8-rc4 [ Ubuntu: 6.8.0-7.7 ] * noble/linux: 6.8.0-7.7 -proposed tracker (LP: #2052691) * update apparmor and LSM stacking patch set (LP: #2028253) - SAUCE: apparmor4.0.0 [01/87]: LSM stacking v39: integrity: disassociate ima_filter_rule from security_audit_rule - SAUCE: apparmor4.0.0 [02/87]: LSM stacking v39: SM: Infrastructure management of the sock security - SAUCE: apparmor4.0.0 [03/87]: LSM stacking v39: LSM: Add the lsmblob data structure. - SAUCE: apparmor4.0.0 [04/87]: LSM stacking v39: IMA: avoid label collisions with stacked LSMs - SAUCE: apparmor4.0.0 [05/87]: LSM stacking v39: LSM: Use lsmblob in security_audit_rule_match - SAUCE: apparmor4.0.0 [06/87]: LSM stacking v39: LSM: Add lsmblob_to_secctx hook - SAUCE: apparmor4.0.0 [07/87]: LSM stacking v39: Audit: maintain an lsmblob in audit_context - SAUCE: apparmor4.0.0 [08/87]: LSM stacking v39: LSM: Use lsmblob in security_ipc_getsecid - SAUCE: apparmor4.0.0 [09/87]: LSM stacking v39: Audit: Update shutdown LSM data - SAUCE: apparmor4.0.0 [10/87]: LSM stacking v39: LSM: Use lsmblob in security_current_getsecid - SAUCE: apparmor4.0.0 [11/87]: LSM stacking v39: LSM: Use lsmblob in security_inode_getsecid - SAUCE: apparmor4.0.0 [12/87]: LSM stacking v39: Audit: use an lsmblob in audit_names - SAUCE: apparmor4.0.0 [13/87]: LSM stacking v39: LSM: Create new security_cred_getlsmblob LSM hook - SAUCE: apparmor4.0.0 [14/87]: LSM stacking v39: Audit: Change context data from secid to lsmblob - SAUCE: apparmor4.0.0 [15/87]: LSM stacking v39: Netlabel: Use lsmblob for audit data - SAUCE: apparmor4.0.0 [16/87]: LSM stacking v39: LSM: Ensure the correct LSM context releaser - SAUCE: apparmor4.0.0 [17/87]: LSM stacking v39: LSM: Use lsmcontext in security_secid_to_secctx - SAUCE: apparmor4.0.0 [18/87]: LSM stacking v39: LSM: Use lsmcontext in security_lsmblob_to_secctx - SAUCE: apparmor4.0.0 [19/87]: LSM stacking v39: LSM: Use lsmcontext in security_inode_getsecctx - SAUCE: apparmor4.0.0 [20/87]: LSM stacking v39: LSM: Use lsmcontext in security_dentry_init_security - SAUCE: apparmor4.0.0 [21/87]: LSM stacking v39: LSM: security_lsmblob_to_secctx module selection - SAUCE: apparmor4.0.0 [22/87]: LSM stacking v39: Audit: Create audit_stamp structure - SAUCE: apparmor4.0.0 [23/87]: LSM stacking v39: Audit: Allow multiple records in an audit_buffer - SAUCE: apparmor4.0.0 [24/87]: LSM stacking v39: Audit: Add record for multiple task security contexts - SAUCE: apparmor4.0.0 [25/87]: LSM stacking v39: audit: multiple subject lsm values for netlabel - SAUCE: apparmor4.0.0 [26/87]: LSM stacking v39: Audit: Add record for multiple object contexts - SAUCE: apparmor4.0.0 [27/87]: LSM stacking v39: LSM: Remove unused lsmcontext_init() - SAUCE: apparmor4.0.0 [28/87]: LSM stacking v39: LSM: Improve logic in security_getprocattr - SAUCE: apparmor4.0.0 [29/87]: LSM stacking v39: LSM: secctx provider check on release - SAUCE: apparmor4.0.0 [31/87]: LSM stacking v39: LSM: Exclusive secmark usage - SAUCE: apparmor4.0.0 [32/87]: LSM stacking v39: LSM: Identify which LSM handles the context string - SAUCE: apparmor4.0.0 [33/87]: LSM stacking v39: AppArmor: Remove the exclusive flag - SAUCE: apparmor4.0.0 [34/87]: LSM stacking v39: LSM: Add mount opts blob size tracking - SAUCE: apparmor4.0.0 [35/87]: LSM stacking v39: LSM: allocate mnt_opts blobs instead of module specific data - SAUCE: apparmor4.0.0 [36/87]: LSM stacking v39: LSM: Infrastructure management of the key security blob - SAUCE: apparmor4.0.0 [37/87]: LSM stacking v39: LSM: Infrastructure management of the mnt_opts security blob - SAUCE: apparmor4.0.0 [38/87]: LSM stacking v39: LSM: Correct handling of ENOSYS in inode_setxattr - SAUCE: apparmor4.0.0 [39/87]: LSM stacking v39: LSM: Remove lsmblob scaffolding - SAUCE: apparmor4.0.0 [40/87]: LSM stacking v39: LSM: Allow reservation of netlabel - SAUCE: apparmor4.0.0 [41/87]: LSM stacking v39: LSM: restrict security_cred_getsecid() to a single LSM - SAUCE: apparmor4.0.0 [42/87]: LSM stacking v39: Smack: Remove LSM_FLAG_EXCLUSIVE - SAUCE: apparmor4.0.0 [43/87]: LSM stacking v39: UBUNTU: SAUCE: apparmor4.0.0 [12/95]: add/use fns to print hash string hex value - SAUCE: apparmor4.0.0 [44/87]: patch to provide compatibility with v2.x net rules - SAUCE: apparmor4.0.0 [45/87]: add unpriviled user ns mediation - SAUCE: apparmor4.0.0 [46/87]: Add sysctls for additional controls of unpriv userns restrictions - SAUCE: apparmor4.0.0 [47/87]: af_unix mediation - SAUCE: apparmor4.0.0 [48/87]: Add fine grained mediation of posix mqueues - SAUCE: apparmor4.0.0 [49/87]: setup slab cache for audit data - SAUCE: apparmor4.0.0 [50/87]: Improve debug print infrastructure - SAUCE: apparmor4.0.0 [51/87]: add the ability for profiles to have a learning cache - SAUCE: apparmor4.0.0 [52/87]: enable userspace upcall for mediation - SAUCE: apparmor4.0.0 [53/87]: prompt - lock down prompt interface - SAUCE: apparmor4.0.0 [54/87]: prompt - allow controlling of caching of a prompt response - SAUCE: apparmor4.0.0 [55/87]: prompt - add refcount to audit_node in prep or reuse and delete - SAUCE: apparmor4.0.0 [56/87]: prompt - refactor to moving caching to uresponse - SAUCE: apparmor4.0.0 [57/87]: prompt - Improve debug statements - SAUCE: apparmor4.0.0 [58/87]: prompt - fix caching - SAUCE: apparmor4.0.0 [59/87]: prompt - rework build to use append fn, to simplify adding strings - SAUCE: apparmor4.0.0 [60/87]: prompt - refcount notifications - SAUCE: apparmor4.0.0 [61/87]: prompt - add the ability to reply with a profile name - SAUCE: apparmor4.0.0 [62/87]: prompt - fix notification cache when updating - SAUCE: apparmor4.0.0 [63/87]: prompt - add tailglob on name for cache support - SAUCE: apparmor4.0.0 [64/87]: prompt - allow profiles to set prompts as interruptible - SAUCE: apparmor4.0.0 [65/87] v6.8 prompt:fixup interruptible - SAUCE: apparmor4.0.0 [69/87]: add io_uring mediation - SAUCE: apparmor4.0.0 [70/87]: apparmor: fix oops when racing to retrieve notification - SAUCE: apparmor4.0.0 [71/87]: apparmor: fix notification header size - SAUCE: apparmor4.0.0 [72/87]: apparmor: fix request field from a prompt reply that denies all access - SAUCE: apparmor4.0.0 [73/87]: apparmor: open userns related sysctl so lxc can check if restriction are in place - SAUCE: apparmor4.0.0 [74/87]: apparmor: cleanup attachment perm lookup to use lookup_perms() - SAUCE: apparmor4.0.0 [75/87]: apparmor: remove redundant unconfined check. - SAUCE: apparmor4.0.0 [76/87]: apparmor: switch signal mediation to using RULE_MEDIATES - SAUCE: apparmor4.0.0 [77/87]: apparmor: ensure labels with more than one entry have correct flags - SAUCE: apparmor4.0.0 [78/87]: apparmor: remove explicit restriction that unconfined cannot use change_hat - SAUCE: apparmor4.0.0 [79/87]: apparmor: cleanup: refactor file_perm() to provide semantics of some checks - SAUCE: apparmor4.0.0 [80/87]: apparmor: carry mediation check on label - SAUCE: apparmor4.0.0 [81/87]: apparmor: convert easy uses of unconfined() to label_mediates() - SAUCE: apparmor4.0.0 [82/87]: apparmor: add additional flags to extended permission. - SAUCE: apparmor4.0.0 [83/87]: apparmor: add support for profiles to define the kill signal - SAUCE: apparmor4.0.0 [84/87]: apparmor: fix x_table_lookup when stacking is not the first entry - SAUCE: apparmor4.0.0 [85/87]: apparmor: allow profile to be transitioned when a user ns is created - SAUCE: apparmor4.0.0 [86/87]: apparmor: add ability to mediate caps with policy state machine - SAUCE: apparmor4.0.0 [87/87]: fixup notify - [Config] disable CONFIG_SECURITY_APPARMOR_RESTRICT_USERNS * update apparmor and LSM stacking patch set (LP: #2028253) // [FFe] apparmor-4.0.0-alpha2 for unprivileged user namespace restrictions in mantic (LP: #2032602) - SAUCE: apparmor4.0.0 [66/87]: prompt - add support for advanced filtering of notifications - SAUCE: apparmor4.0.0 [67/87]: userns - add the ability to reference a global variable for a feature value - SAUCE: apparmor4.0.0 [68/87]: userns - make it so special unconfined profiles can mediate user namespaces [ Ubuntu: 6.8.0-6.6 ] * noble/linux: 6.8.0-6.6 -proposed tracker (LP: #2052592) * Packaging resync (LP: #1786013) - debian.master/dkms-versions -- update from kernel-versions (main/d2024.02.07) - [Packaging] update variants * FIPS kernels should default to fips mode (LP: #2049082) - SAUCE: Enable fips mode by default, in FIPS kernels only * Fix snapcraftyaml.yaml for jammy:linux-raspi (LP: #2051468) - [Packaging] Remove old snapcraft.yaml * Azure: Fix regression introduced in LP: #2045069 (LP: #2052453) - hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed * Miscellaneous Ubuntu changes - [Packaging] Remove in-tree abi checks - [Packaging] drop abi files with clean - [Packaging] Remove do_full_source variable (fixup) - [Packaging] Remove update-dkms-versions and move dkms-versions - [Config] updateconfigs following v6.8-rc3 rebase - [packaging] rename to linux - [packaging] rebase on v6.8-rc3 - [packaging] disable signing for ppc64el * Rebase on v6.8-rc3 [ Ubuntu: 6.8.0-5.5 ] * noble/linux-unstable: 6.8.0-5.5 -proposed tracker (LP: #2052136) * Miscellaneous upstream changes - Revert "mm/sparsemem: fix race in accessing memory_section->usage" [ Ubuntu: 6.8.0-4.4 ] * noble/linux-unstable: 6.8.0-4.4 -proposed tracker (LP: #2051502) * Migrate from fbdev drivers to simpledrm and DRM fbdev emulation layer (LP: #1965303) - [Config] enable simpledrm and DRM fbdev emulation layer * Miscellaneous Ubuntu changes - [Config] toolchain update * Miscellaneous upstream changes - rust: upgrade to Rust 1.75.0 [ Ubuntu: 6.8.0-3.3 ] * noble/linux-unstable: 6.8.0-3.3 -proposed tracker (LP: #2051488) * update apparmor and LSM stacking patch set (LP: #2028253) - SAUCE: apparmor4.0.0 [43/87]: LSM stacking v39: UBUNTU: SAUCE: apparmor4.0.0 [12/95]: add/use fns to print hash string hex value - SAUCE: apparmor4.0.0 [44/87]: patch to provide compatibility with v2.x net rules - SAUCE: apparmor4.0.0 [45/87]: add unpriviled user ns mediation - SAUCE: apparmor4.0.0 [46/87]: Add sysctls for additional controls of unpriv userns restrictions - SAUCE: apparmor4.0.0 [47/87]: af_unix mediation - SAUCE: apparmor4.0.0 [48/87]: Add fine grained mediation of posix mqueues - SAUCE: apparmor4.0.0 [49/87]: setup slab cache for audit data - SAUCE: apparmor4.0.0 [50/87]: Improve debug print infrastructure - SAUCE: apparmor4.0.0 [51/87]: add the ability for profiles to have a learning cache - SAUCE: apparmor4.0.0 [52/87]: enable userspace upcall for mediation - SAUCE: apparmor4.0.0 [53/87]: prompt - lock down prompt interface - SAUCE: apparmor4.0.0 [54/87]: prompt - allow controlling of caching of a prompt response - SAUCE: apparmor4.0.0 [55/87]: prompt - add refcount to audit_node in prep or reuse and delete - SAUCE: apparmor4.0.0 [56/87]: prompt - refactor to moving caching to uresponse - SAUCE: apparmor4.0.0 [57/87]: prompt - Improve debug statements - SAUCE: apparmor4.0.0 [58/87]: prompt - fix caching - SAUCE: apparmor4.0.0 [59/87]: prompt - rework build to use append fn, to simplify adding strings - SAUCE: apparmor4.0.0 [60/87]: prompt - refcount notifications - SAUCE: apparmor4.0.0 [61/87]: prompt - add the ability to reply with a profile name - SAUCE: apparmor4.0.0 [62/87]: prompt - fix notification cache when updating - SAUCE: apparmor4.0.0 [63/87]: prompt - add tailglob on name for cache support - SAUCE: apparmor4.0.0 [64/87]: prompt - allow profiles to set prompts as interruptible - SAUCE: apparmor4.0.0 [69/87]: add io_uring mediation - [Config] disable CONFIG_SECURITY_APPARMOR_RESTRICT_USERNS * apparmor restricts read access of user namespace mediation sysctls to root (LP: #2040194) - SAUCE: apparmor4.0.0 [73/87]: apparmor: open userns related sysctl so lxc can check if restriction are in place * AppArmor spams kernel log with assert when auditing (LP: #2040192) - SAUCE: apparmor4.0.0 [72/87]: apparmor: fix request field from a prompt reply that denies all access * apparmor notification files verification (LP: #2040250) - SAUCE: apparmor4.0.0 [71/87]: apparmor: fix notification header size * apparmor oops when racing to retrieve a notification (LP: #2040245) - SAUCE: apparmor4.0.0 [70/87]: apparmor: fix oops when racing to retrieve notification * update apparmor and LSM stacking patch set (LP: #2028253) // [FFe] apparmor-4.0.0-alpha2 for unprivileged user namespace restrictions in mantic (LP: #2032602) - SAUCE: apparmor4.0.0 [66/87]: prompt - add support for advanced filtering of notifications - SAUCE: apparmor4.0.0 [67/87]: userns - add the ability to reference a global variable for a feature value - SAUCE: apparmor4.0.0 [68/87]: userns - make it so special unconfined profiles can mediate user namespaces * Miscellaneous Ubuntu changes - SAUCE: apparmor4.0.0 [01/87]: LSM stacking v39: integrity: disassociate ima_filter_rule from security_audit_rule - SAUCE: apparmor4.0.0 [02/87]: LSM stacking v39: SM: Infrastructure management of the sock security - SAUCE: apparmor4.0.0 [03/87]: LSM stacking v39: LSM: Add the lsmblob data structure. - SAUCE: apparmor4.0.0 [04/87]: LSM stacking v39: IMA: avoid label collisions with stacked LSMs - SAUCE: apparmor4.0.0 [05/87]: LSM stacking v39: LSM: Use lsmblob in security_audit_rule_match - SAUCE: apparmor4.0.0 [06/87]: LSM stacking v39: LSM: Add lsmblob_to_secctx hook - SAUCE: apparmor4.0.0 [07/87]: LSM stacking v39: Audit: maintain an lsmblob in audit_context - SAUCE: apparmor4.0.0 [08/87]: LSM stacking v39: LSM: Use lsmblob in security_ipc_getsecid - SAUCE: apparmor4.0.0 [09/87]: LSM stacking v39: Audit: Update shutdown LSM data - SAUCE: apparmor4.0.0 [10/87]: LSM stacking v39: LSM: Use lsmblob in security_current_getsecid - SAUCE: apparmor4.0.0 [11/87]: LSM stacking v39: LSM: Use lsmblob in security_inode_getsecid - SAUCE: apparmor4.0.0 [12/87]: LSM stacking v39: Audit: use an lsmblob in audit_names - SAUCE: apparmor4.0.0 [13/87]: LSM stacking v39: LSM: Create new security_cred_getlsmblob LSM hook - SAUCE: apparmor4.0.0 [14/87]: LSM stacking v39: Audit: Change context data from secid to lsmblob - SAUCE: apparmor4.0.0 [15/87]: LSM stacking v39: Netlabel: Use lsmblob for audit data - SAUCE: apparmor4.0.0 [16/87]: LSM stacking v39: LSM: Ensure the correct LSM context releaser - SAUCE: apparmor4.0.0 [17/87]: LSM stacking v39: LSM: Use lsmcontext in security_secid_to_secctx - SAUCE: apparmor4.0.0 [18/87]: LSM stacking v39: LSM: Use lsmcontext in security_lsmblob_to_secctx - SAUCE: apparmor4.0.0 [19/87]: LSM stacking v39: LSM: Use lsmcontext in security_inode_getsecctx - SAUCE: apparmor4.0.0 [20/87]: LSM stacking v39: LSM: Use lsmcontext in security_dentry_init_security - SAUCE: apparmor4.0.0 [21/87]: LSM stacking v39: LSM: security_lsmblob_to_secctx module selection - SAUCE: apparmor4.0.0 [22/87]: LSM stacking v39: Audit: Create audit_stamp structure - SAUCE: apparmor4.0.0 [23/87]: LSM stacking v39: Audit: Allow multiple records in an audit_buffer - SAUCE: apparmor4.0.0 [24/87]: LSM stacking v39: Audit: Add record for multiple task security contexts - SAUCE: apparmor4.0.0 [25/87]: LSM stacking v39: audit: multiple subject lsm values for netlabel - SAUCE: apparmor4.0.0 [26/87]: LSM stacking v39: Audit: Add record for multiple object contexts - SAUCE: apparmor4.0.0 [27/87]: LSM stacking v39: LSM: Remove unused lsmcontext_init() - SAUCE: apparmor4.0.0 [28/87]: LSM stacking v39: LSM: Improve logic in security_getprocattr - SAUCE: apparmor4.0.0 [29/87]: LSM stacking v39: LSM: secctx provider check on release - SAUCE: apparmor4.0.0 [30/87]: LSM stacking v39: LSM: Single calls in socket_getpeersec hooks - SAUCE: apparmor4.0.0 [31/87]: LSM stacking v39: LSM: Exclusive secmark usage - SAUCE: apparmor4.0.0 [32/87]: LSM stacking v39: LSM: Identify which LSM handles the context string - SAUCE: apparmor4.0.0 [33/87]: LSM stacking v39: AppArmor: Remove the exclusive flag - SAUCE: apparmor4.0.0 [34/87]: LSM stacking v39: LSM: Add mount opts blob size tracking - SAUCE: apparmor4.0.0 [35/87]: LSM stacking v39: LSM: allocate mnt_opts blobs instead of module specific data - SAUCE: apparmor4.0.0 [36/87]: LSM stacking v39: LSM: Infrastructure management of the key security blob - SAUCE: apparmor4.0.0 [37/87]: LSM stacking v39: LSM: Infrastructure management of the mnt_opts security blob - SAUCE: apparmor4.0.0 [38/87]: LSM stacking v39: LSM: Correct handling of ENOSYS in inode_setxattr - SAUCE: apparmor4.0.0 [39/87]: LSM stacking v39: LSM: Remove lsmblob scaffolding - SAUCE: apparmor4.0.0 [40/87]: LSM stacking v39: LSM: Allow reservation of netlabel - SAUCE: apparmor4.0.0 [41/87]: LSM stacking v39: LSM: restrict security_cred_getsecid() to a single LSM - SAUCE: apparmor4.0.0 [42/87]: LSM stacking v39: Smack: Remove LSM_FLAG_EXCLUSIVE - SAUCE: apparmor4.0.0 [65/87] v6.8 prompt:fixup interruptible - SAUCE: apparmor4.0.0 [74/87]: apparmor: cleanup attachment perm lookup to use lookup_perms() - SAUCE: apparmor4.0.0 [75/87]: apparmor: remove redundant unconfined check. - SAUCE: apparmor4.0.0 [76/87]: apparmor: switch signal mediation to using RULE_MEDIATES - SAUCE: apparmor4.0.0 [77/87]: apparmor: ensure labels with more than one entry have correct flags - SAUCE: apparmor4.0.0 [78/87]: apparmor: remove explicit restriction that unconfined cannot use change_hat - SAUCE: apparmor4.0.0 [79/87]: apparmor: cleanup: refactor file_perm() to provide semantics of some checks - SAUCE: apparmor4.0.0 [80/87]: apparmor: carry mediation check on label - SAUCE: apparmor4.0.0 [81/87]: apparmor: convert easy uses of unconfined() to label_mediates() - SAUCE: apparmor4.0.0 [82/87]: apparmor: add additional flags to extended permission. - SAUCE: apparmor4.0.0 [83/87]: apparmor: add support for profiles to define the kill signal - SAUCE: apparmor4.0.0 [84/87]: apparmor: fix x_table_lookup when stacking is not the first entry - SAUCE: apparmor4.0.0 [85/87]: apparmor: allow profile to be transitioned when a user ns is created - SAUCE: apparmor4.0.0 [86/87]: apparmor: add ability to mediate caps with policy state machine - SAUCE: apparmor4.0.0 [87/87]: fixup notify - [Config] updateconfigs following v6.8-rc2 rebase [ Ubuntu: 6.8.0-2.2 ] * noble/linux-unstable: 6.8.0-2.2 -proposed tracker (LP: #2051110) * Miscellaneous Ubuntu changes - [Config] toolchain update - [Config] enable Rust [ Ubuntu: 6.8.0-1.1 ] * noble/linux-unstable: 6.8.0-1.1 -proposed tracker (LP: #2051102) * Miscellaneous Ubuntu changes - [packaging] move to v6.8-rc1 - [Config] updateconfigs following v6.8-rc1 rebase - SAUCE: export file_close_fd() instead of close_fd_get_file() - SAUCE: cpufreq: s/strlcpy/strscpy/ - debian/dkms-versions -- temporarily disable zfs dkms - debian/dkms-versions -- temporarily disable ipu6 and isvsc dkms - debian/dkms-versions -- temporarily disable v4l2loopback [ Ubuntu: 6.8.0-0.0 ] * Empty entry. [ Ubuntu: 6.7.0-7.7 ] * noble/linux-unstable: 6.7.0-7.7 -proposed tracker (LP: #2049357) * Packaging resync (LP: #1786013) - [Packaging] update variants * Miscellaneous Ubuntu changes - [Packaging] re-enable signing for s390x and ppc64el [ Ubuntu: 6.7.0-6.6 ] * Empty entry. [ Ubuntu: 6.7.0-2.2 ] * noble/linux: 6.7.0-2.2 -proposed tracker (LP: #2049182) * Packaging resync (LP: #1786013) - [Packaging] resync getabis * Enforce RETPOLINE and SLS mitigrations (LP: #2046440) - SAUCE: objtool: Make objtool check actually fatal upon fatal errors - SAUCE: objtool: make objtool SLS validation fatal when building with CONFIG_SLS=y - SAUCE: objtool: make objtool RETPOLINE validation fatal when building with CONFIG_RETPOLINE=y - SAUCE: scripts: remove generating .o-ur objects - [Packaging] Remove all custom retpoline-extract code - Revert "UBUNTU: SAUCE: vga_set_mode -- avoid jump tables" - Revert "UBUNTU: SAUCE: early/late -- annotate indirect calls in early/late initialisation code" - Revert "UBUNTU: SAUCE: apm -- annotate indirect calls within firmware_restrict_branch_speculation_{start,end}" * Miscellaneous Ubuntu changes - [Packaging] temporarily disable riscv64 builds - [Packaging] temporarily disable Rust dependencies on riscv64 [ Ubuntu: 6.7.0-1.1 ] * noble/linux: 6.7.0-1.1 -proposed tracker (LP: #2048859) * Packaging resync (LP: #1786013) - [Packaging] update variants - debian/dkms-versions -- update from kernel-versions (main/d2024.01.02) * [UBUNTU 23.04] Regression: Ubuntu 23.04/23.10 do not include uvdevice anymore (LP: #2048919) - [Config] Enable S390_UV_UAPI (built-in) * Support mipi camera on Intel Meteor Lake platform (LP: #2031412) - SAUCE: iommu: intel-ipu: use IOMMU passthrough mode for Intel IPUs on Meteor Lake - SAUCE: platform/x86: int3472: Add handshake GPIO function * [SRU][J/L/M] UBUNTU: [Packaging] Make WWAN driver a loadable module (LP: #2033406) - [Packaging] Make WWAN driver loadable modules * usbip: error: failed to open /usr/share/hwdata//usb.ids (LP: #2039439) - [Packaging] Make linux-tools-common depend on hwdata * [Mediatek] mt8195-demo: enable CONFIG_MTK_IOMMU as module for multimedia and PCIE peripherals (LP: #2036587) - [Config] Enable CONFIG_MTK_IOMMU on arm64 * linux-*: please enable dm-verity kconfigs to allow MoK/db verified root images (LP: #2019040) - [Config] CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING=y * kexec enable to load/kdump zstd compressed zimg (LP: #2037398) - [Packaging] Revert arm64 image format to Image.gz * Mantic minimized/minimal cloud images do not receive IP address during provisioning; systemd regression with wait-online (LP: #2036968) - [Config] Enable virtio-net as built-in to avoid race * Make backlight module auto detect dell_uart_backlight (LP: #2008882) - SAUCE: ACPI: video: Dell AIO UART backlight detection * Linux 6.2 fails to reboot with current u-boot-nezha (LP: #2021364) - [Config] Default to performance CPUFreq governor on riscv64 * Enable Nezha board (LP: #1975592) - [Config] Build in D1 clock drivers on riscv64 - [Config] Enable CONFIG_SUN6I_RTC_CCU on riscv64 - [Config] Enable CONFIG_SUNXI_WATCHDOG on riscv64 - [Config] Disable SUN50I_DE2_BUS on riscv64 - [Config] Disable unneeded sunxi pinctrl drivers on riscv64 * Enable StarFive VisionFive 2 board (LP: #2013232) - [Config] Enable CONFIG_PINCTRL_STARFIVE_JH7110_SYS on riscv64 - [Config] Enable CONFIG_STARFIVE_WATCHDOG on riscv64 * rcu_sched detected stalls on CPUs/tasks (LP: #1967130) - [Config] Enable virtually mapped stacks on riscv64 * Check for changes relevant for security certifications (LP: #1945989) - [Packaging] Add a new fips-checks script * Installation support for SMARC RZ/G2L platform (LP: #2030525) - [Config] build Renesas RZ/G2L USBPHY control driver statically * Add support for kernels compiled with CONFIG_EFI_ZBOOT (LP: #2002226) - [Config]: Turn on CONFIG_EFI_ZBOOT on ARM64 * Default module signing algo should be accelerated (LP: #2034061) - [Config] Default module signing algo should be accelerated * Miscellaneous Ubuntu changes - [Config] annotations clean-up [ Upstream Kernel Changes ] * Rebase to v6.7 [ Ubuntu: 6.7.0-0.0 ] * Empty entry [ Ubuntu: 6.7.0-5.5 ] * noble/linux-unstable: 6.7.0-5.5 -proposed tracker (LP: #2048118) * Packaging resync (LP: #1786013) - debian/dkms-versions -- update from kernel-versions (main/d2024.01.02) * Miscellaneous Ubuntu changes - [Packaging] re-enable Rust support - [Packaging] temporarily disable riscv64 builds [ Ubuntu: 6.7.0-4.4 ] * noble/linux-unstable: 6.7.0-4.4 -proposed tracker (LP: #2047807) * unconfined profile denies userns_create for chromium based processes (LP: #1990064) - [Config] disable CONFIG_SECURITY_APPARMOR_RESTRICT_USERNS * apparmor restricts read access of user namespace mediation sysctls to root (LP: #2040194) - SAUCE: apparmor4.0.0 [69/69]: apparmor: open userns related sysctl so lxc can check if restriction are in place * AppArmor spams kernel log with assert when auditing (LP: #2040192) - SAUCE: apparmor4.0.0 [68/69]: apparmor: fix request field from a prompt reply that denies all access * apparmor notification files verification (LP: #2040250) - SAUCE: apparmor4.0.0 [67/69]: apparmor: fix notification header size * apparmor oops when racing to retrieve a notification (LP: #2040245) - SAUCE: apparmor4.0.0 [66/69]: apparmor: fix oops when racing to retrieve notification * update apparmor and LSM stacking patch set (LP: #2028253) - SAUCE: apparmor4.0.0 [01/69]: add/use fns to print hash string hex value - SAUCE: apparmor4.0.0 [02/69]: patch to provide compatibility with v2.x net rules - SAUCE: apparmor4.0.0 [03/69]: add unpriviled user ns mediation - SAUCE: apparmor4.0.0 [04/69]: Add sysctls for additional controls of unpriv userns restrictions - SAUCE: apparmor4.0.0 [05/69]: af_unix mediation - SAUCE: apparmor4.0.0 [06/69]: Add fine grained mediation of posix mqueues - SAUCE: apparmor4.0.0 [07/69]: Stacking v38: LSM: Identify modules by more than name - SAUCE: apparmor4.0.0 [08/69]: Stacking v38: LSM: Add an LSM identifier for external use - SAUCE: apparmor4.0.0 [09/69]: Stacking v38: LSM: Identify the process attributes for each module - SAUCE: apparmor4.0.0 [10/69]: Stacking v38: LSM: Maintain a table of LSM attribute data - SAUCE: apparmor4.0.0 [11/69]: Stacking v38: proc: Use lsmids instead of lsm names for attrs - SAUCE: apparmor4.0.0 [12/69]: Stacking v38: integrity: disassociate ima_filter_rule from security_audit_rule - SAUCE: apparmor4.0.0 [13/69]: Stacking v38: LSM: Infrastructure management of the sock security - SAUCE: apparmor4.0.0 [14/69]: Stacking v38: LSM: Add the lsmblob data structure. - SAUCE: apparmor4.0.0 [15/69]: Stacking v38: LSM: provide lsm name and id slot mappings - SAUCE: apparmor4.0.0 [16/69]: Stacking v38: IMA: avoid label collisions with stacked LSMs - SAUCE: apparmor4.0.0 [17/69]: Stacking v38: LSM: Use lsmblob in security_audit_rule_match - SAUCE: apparmor4.0.0 [18/69]: Stacking v38: LSM: Use lsmblob in security_kernel_act_as - SAUCE: apparmor4.0.0 [19/69]: Stacking v38: LSM: Use lsmblob in security_secctx_to_secid - SAUCE: apparmor4.0.0 [20/69]: Stacking v38: LSM: Use lsmblob in security_secid_to_secctx - SAUCE: apparmor4.0.0 [21/69]: Stacking v38: LSM: Use lsmblob in security_ipc_getsecid - SAUCE: apparmor4.0.0 [22/69]: Stacking v38: LSM: Use lsmblob in security_current_getsecid - SAUCE: apparmor4.0.0 [23/69]: Stacking v38: LSM: Use lsmblob in security_inode_getsecid - SAUCE: apparmor4.0.0 [24/69]: Stacking v38: LSM: Use lsmblob in security_cred_getsecid - SAUCE: apparmor4.0.0 [25/69]: Stacking v38: LSM: Specify which LSM to display - SAUCE: apparmor4.0.0 [27/69]: Stacking v38: LSM: Ensure the correct LSM context releaser - SAUCE: apparmor4.0.0 [28/69]: Stacking v38: LSM: Use lsmcontext in security_secid_to_secctx - SAUCE: apparmor4.0.0 [29/69]: Stacking v38: LSM: Use lsmcontext in security_inode_getsecctx - SAUCE: apparmor4.0.0 [30/69]: Stacking v38: Use lsmcontext in security_dentry_init_security - SAUCE: apparmor4.0.0 [31/69]: Stacking v38: LSM: security_secid_to_secctx in netlink netfilter - SAUCE: apparmor4.0.0 [32/69]: Stacking v38: NET: Store LSM netlabel data in a lsmblob - SAUCE: apparmor4.0.0 [33/69]: Stacking v38: binder: Pass LSM identifier for confirmation - SAUCE: apparmor4.0.0 [34/69]: Stacking v38: LSM: security_secid_to_secctx module selection - SAUCE: apparmor4.0.0 [35/69]: Stacking v38: Audit: Keep multiple LSM data in audit_names - SAUCE: apparmor4.0.0 [36/69]: Stacking v38: Audit: Create audit_stamp structure - SAUCE: apparmor4.0.0 [37/69]: Stacking v38: LSM: Add a function to report multiple LSMs - SAUCE: apparmor4.0.0 [38/69]: Stacking v38: Audit: Allow multiple records in an audit_buffer - SAUCE: apparmor4.0.0 [39/69]: Stacking v38: Audit: Add record for multiple task security contexts - SAUCE: apparmor4.0.0 [40/69]: Stacking v38: audit: multiple subject lsm values for netlabel - SAUCE: apparmor4.0.0 [41/69]: Stacking v38: Audit: Add record for multiple object contexts - SAUCE: apparmor4.0.0 [42/69]: Stacking v38: netlabel: Use a struct lsmblob in audit data - SAUCE: apparmor4.0.0 [43/69]: Stacking v38: LSM: Removed scaffolding function lsmcontext_init - SAUCE: apparmor4.0.0 [44/69]: Stacking v38: AppArmor: Remove the exclusive flag - SAUCE: apparmor4.0.0 [45/69]: setup slab cache for audit data - SAUCE: apparmor4.0.0 [46/69]: Improve debug print infrastructure - SAUCE: apparmor4.0.0 [47/69]: add the ability for profiles to have a learning cache - SAUCE: apparmor4.0.0 [48/69]: enable userspace upcall for mediation - SAUCE: apparmor4.0.0 [49/69]: prompt - lock down prompt interface - SAUCE: apparmor4.0.0 [50/69]: prompt - allow controlling of caching of a prompt response - SAUCE: apparmor4.0.0 [51/69]: prompt - add refcount to audit_node in prep or reuse and delete - SAUCE: apparmor4.0.0 [52/69]: prompt - refactor to moving caching to uresponse - SAUCE: apparmor4.0.0 [53/69]: prompt - Improve debug statements - SAUCE: apparmor4.0.0 [54/69]: prompt - fix caching - SAUCE: apparmor4.0.0 [55/69]: prompt - rework build to use append fn, to simplify adding strings - SAUCE: apparmor4.0.0 [56/69]: prompt - refcount notifications - SAUCE: apparmor4.0.0 [57/69]: prompt - add the ability to reply with a profile name - SAUCE: apparmor4.0.0 [58/69]: prompt - fix notification cache when updating - SAUCE: apparmor4.0.0 [59/69]: prompt - add tailglob on name for cache support - SAUCE: apparmor4.0.0 [60/69]: prompt - allow profiles to set prompts as interruptible - SAUCE: apparmor4.0.0 [64/69]: advertise disconnected.path is available - SAUCE: apparmor4.0.0 [65/69]: add io_uring mediation * update apparmor and LSM stacking patch set (LP: #2028253) // [FFe] apparmor-4.0.0-alpha2 for unprivileged user namespace restrictions in mantic (LP: #2032602) - SAUCE: apparmor4.0.0 [61/69]: prompt - add support for advanced filtering of notifications - SAUCE: apparmor4.0.0 [62/69]: userns - add the ability to reference a global variable for a feature value - SAUCE: apparmor4.0.0 [63/69]: userns - make it so special unconfined profiles can mediate user namespaces * udev fails to make prctl() syscall with apparmor=0 (as used by maas by default) (LP: #2016908) // update apparmor and LSM stacking patch set (LP: #2028253) - SAUCE: apparmor4.0.0 [26/69]: Stacking v38: Fix prctl() syscall with apparmor=0 * Fix RPL-U CPU C-state always keep at C3 when system run PHM with idle screen on (LP: #2042385) - SAUCE: r8169: Add quirks to enable ASPM on Dell platforms * [Debian] autoreconstruct - Do not generate chmod -x for deleted files (LP: #2045562) - [Debian] autoreconstruct - Do not generate chmod -x for deleted files * Disable Legacy TIOCSTI (LP: #2046192) - [Config]: disable CONFIG_LEGACY_TIOCSTI * Packaging resync (LP: #1786013) - [Packaging] update variants - [Packaging] remove helper scripts - [Packaging] update annotations scripts * Miscellaneous Ubuntu changes - [Packaging] rules: Remove unused dkms make variables - [Config] update annotations after rebase to v6.7-rc8 [ Upstream Kernel Changes ] * Rebase to v6.7-rc8 [ Ubuntu: 6.7.0-3.3 ] * noble/linux-unstable: 6.7.0-3.3 -proposed tracker (LP: #2046060) * enable CONFIG_INTEL_TDX_HOST in linux >= 6.7 for noble (LP: #2046040) - [Config] enable CONFIG_INTEL_TDX_HOST * linux tools packages for derived kernels refuse to install simultaneously due to libcpupower name collision (LP: #2035971) - [Packaging] Statically link libcpupower into cpupower tool * make lazy RCU a boot time option (LP: #2045492) - SAUCE: rcu: Provide a boot time parameter to control lazy RCU * Build failure if run in a console (LP: #2044512) - [Packaging] Fix kernel module compression failures * Turning COMPAT_32BIT_TIME off on arm64 (64k & derivatives) (LP: #2038582) - [Config] y2038: Turn off COMPAT and COMPAT_32BIT_TIME on arm64 64k * Turning COMPAT_32BIT_TIME off on riscv64 (LP: #2038584) - [Config] y2038: Disable COMPAT_32BIT_TIME on riscv64 * Turning COMPAT_32BIT_TIME off on ppc64el (LP: #2038587) - [Config] y2038: Disable COMPAT and COMPAT_32BIT_TIME on ppc64le * [UBUNTU 23.04] Kernel config option missing for s390x PCI passthrough (LP: #2042853) - [Config] CONFIG_VFIO_PCI_ZDEV_KVM=y * back-out zstd module compression automatic for backports (LP: #2045593) - [Packaging] make ZSTD module compression conditional * Miscellaneous Ubuntu changes - [Packaging] Remove do_full_source variable - [Packaging] Remove obsolete config handling - [Packaging] Remove support for sub-flavors - [Packaging] Remove old linux-libc-dev version hack - [Packaging] Remove obsolete scripts - [Packaging] Remove README.inclusion-list - [Packaging] make $(stampdir)/stamp-build-perarch depend on build-arch - [Packaging] Enable rootless builds - [Packaging] Allow to run debian/rules without (fake)root - [Packaging] remove unneeded trailing slash for INSTALL_MOD_PATH - [Packaging] override KERNELRELEASE instead of KERNELVERSION - [Config] update toolchain versions in annotations - [Packaging] drop useless linux-doc - [Packaging] scripts: Rewrite insert-ubuntu-changes in Python - [Packaging] enable riscv64 builds - [Packaging] remove the last sub-flavours bit - [Packaging] check debian.env to determine do_libc_dev_package - [Packaging] remove debian.*/variants - [Packaging] remove do_libc_dev_package variable - [Packaging] move linux-libc-dev.stub to debian/control.d/ - [Packaging] Update check to build linux-libc-dev to the source package name - [Packaging] rules: Remove startnewrelease target - [Packaging] Remove debian/commit-templates - [Config] update annotations after rebase to v6.7-rc4 [ Upstream Kernel Changes ] * Rebase to v6.7-rc4 [ Ubuntu: 6.7.0-2.2 ] * noble/linux-unstable: 6.7.0-2.2 -proposed tracker (LP: #2045107) * Miscellaneous Ubuntu changes - [Packaging] re-enable Rust - [Config] enable Rust in annotations - [Packaging] Remove do_enforce_all variable - [Config] disable Softlogic 6x10 capture card driver on armhf - [Packaging] disable Rust support - [Config] update annotations after rebase to v6.7-rc3 [ Upstream Kernel Changes ] * Rebase to v6.7-rc3 [ Ubuntu: 6.7.0-1.1 ] * noble/linux-unstable: 6.7.0-1.1 -proposed tracker (LP: #2044069) * Packaging resync (LP: #1786013) - [Packaging] update annotations scripts - [Packaging] update helper scripts * Miscellaneous Ubuntu changes - [Config] update annotations after rebase to v6.7-rc2 [ Upstream Kernel Changes ] * Rebase to v6.7-rc2 [ Ubuntu: 6.7.0-0.0 ] * Empty entry [ Ubuntu: 6.6.0-12.12 ] * noble/linux-unstable: 6.6.0-12.12 -proposed tracker (LP: #2043664) * Miscellaneous Ubuntu changes - [Packaging] temporarily disable zfs dkms [ Ubuntu: 6.6.0-11.11 ] * noble/linux-unstable: 6.6.0-11.11 -proposed tracker (LP: #2043480) * Packaging resync (LP: #1786013) - [Packaging] resync git-ubuntu-log - [Packaging] resync update-dkms-versions helper - [Packaging] update variants - debian/dkms-versions -- update from kernel-versions (main/d2023.11.14) * Miscellaneous Ubuntu changes - [Packaging] move to Noble - [Config] toolchain version update [ Ubuntu: 6.6.0-10.10 ] * mantic/linux-unstable: 6.6.0-10.10 -proposed tracker (LP: #2043088) * Bump arm64's CONFIG_NR_CPUS to 512 (LP: #2042897) - [Config] Bump CONFIG_NR_CPUS to 512 for arm64 * Miscellaneous Ubuntu changes - [Config] Include a note for the NR_CPUS setting on riscv64 - SAUCE: apparmor4.0.0 [83/83]: Fix inode_init for changed prototype [ Ubuntu: 6.6.0-9.9 ] * mantic/linux-unstable: 6.6.0-9.9 -proposed tracker (LP: #2041852) * Switch IMA default hash to sha256 (LP: #2041735) - [Config] Switch IMA_DEFAULT_HASH from sha1 to sha256 * apparmor restricts read access of user namespace mediation sysctls to root (LP: #2040194) - SAUCE: apparmor4.0.0 [82/82]: apparmor: open userns related sysctl so lxc can check if restriction are in place * AppArmor spams kernel log with assert when auditing (LP: #2040192) - SAUCE: apparmor4.0.0 [81/82]: apparmor: fix request field from a prompt reply that denies all access * apparmor notification files verification (LP: #2040250) - SAUCE: apparmor4.0.0 [80/82]: apparmor: fix notification header size * apparmor oops when racing to retrieve a notification (LP: #2040245) - SAUCE: apparmor4.0.0 [79/82]: apparmor: fix oops when racing to retrieve notification * Disable restricting unprivileged change_profile by default, due to LXD latest/stable not yet compatible with this new apparmor feature (LP: #2038567) - SAUCE: apparmor4.0.0 [78/82]: apparmor: Make apparmor_restrict_unprivileged_unconfined opt-in * update apparmor and LSM stacking patch set (LP: #2028253) - SAUCE: apparmor4.0.0 [01/82]: add/use fns to print hash string hex value - SAUCE: apparmor4.0.0 [02/82]: rename SK_CTX() to aa_sock and make it an inline fn - SAUCE: apparmor4.0.0 [03/82]: patch to provide compatibility with v2.x net rules - SAUCE: apparmor4.0.0 [04/82]: add user namespace creation mediation - SAUCE: apparmor4.0.0 [05/82]: Add sysctls for additional controls of unpriv userns restrictions - SAUCE: apparmor4.0.0 [06/82]: af_unix mediation - SAUCE: apparmor4.0.0 [07/82]: Add fine grained mediation of posix mqueues - SAUCE: apparmor4.0.0 [08/82]: Stacking v38: LSM: Identify modules by more than name - SAUCE: apparmor4.0.0 [09/82]: Stacking v38: LSM: Add an LSM identifier for external use - SAUCE: apparmor4.0.0 [10/82]: Stacking v38: LSM: Identify the process attributes for each module - SAUCE: apparmor4.0.0 [11/82]: Stacking v38: LSM: Maintain a table of LSM attribute data - SAUCE: apparmor4.0.0 [12/82]: Stacking v38: proc: Use lsmids instead of lsm names for attrs - SAUCE: apparmor4.0.0 [13/82]: Stacking v38: integrity: disassociate ima_filter_rule from security_audit_rule - SAUCE: apparmor4.0.0 [14/82]: Stacking v38: LSM: Infrastructure management of the sock security - SAUCE: apparmor4.0.0 [15/82]: Stacking v38: LSM: Add the lsmblob data structure. - SAUCE: apparmor4.0.0 [16/82]: Stacking v38: LSM: provide lsm name and id slot mappings - SAUCE: apparmor4.0.0 [17/82]: Stacking v38: IMA: avoid label collisions with stacked LSMs - SAUCE: apparmor4.0.0 [18/82]: Stacking v38: LSM: Use lsmblob in security_audit_rule_match - SAUCE: apparmor4.0.0 [19/82]: Stacking v38: LSM: Use lsmblob in security_kernel_act_as - SAUCE: apparmor4.0.0 [20/82]: Stacking v38: LSM: Use lsmblob in security_secctx_to_secid - SAUCE: apparmor4.0.0 [21/82]: Stacking v38: LSM: Use lsmblob in security_secid_to_secctx - SAUCE: apparmor4.0.0 [22/82]: Stacking v38: LSM: Use lsmblob in security_ipc_getsecid - SAUCE: apparmor4.0.0 [23/82]: Stacking v38: LSM: Use lsmblob in security_current_getsecid - SAUCE: apparmor4.0.0 [24/82]: Stacking v38: LSM: Use lsmblob in security_inode_getsecid - SAUCE: apparmor4.0.0 [25/82]: Stacking v38: LSM: Use lsmblob in security_cred_getsecid - SAUCE: apparmor4.0.0 [26/82]: Stacking v38: LSM: Specify which LSM to display - SAUCE: apparmor4.0.0 [28/82]: Stacking v38: LSM: Ensure the correct LSM context releaser - SAUCE: apparmor4.0.0 [29/82]: Stacking v38: LSM: Use lsmcontext in security_secid_to_secctx - SAUCE: apparmor4.0.0 [30/82]: Stacking v38: LSM: Use lsmcontext in security_inode_getsecctx - SAUCE: apparmor4.0.0 [31/82]: Stacking v38: Use lsmcontext in security_dentry_init_security - SAUCE: apparmor4.0.0 [32/82]: Stacking v38: LSM: security_secid_to_secctx in netlink netfilter - SAUCE: apparmor4.0.0 [33/82]: Stacking v38: NET: Store LSM netlabel data in a lsmblob - SAUCE: apparmor4.0.0 [34/82]: Stacking v38: binder: Pass LSM identifier for confirmation - SAUCE: apparmor4.0.0 [35/82]: Stacking v38: LSM: security_secid_to_secctx module selection - SAUCE: apparmor4.0.0 [36/82]: Stacking v38: Audit: Keep multiple LSM data in audit_names - SAUCE: apparmor4.0.0 [37/82]: Stacking v38: Audit: Create audit_stamp structure - SAUCE: apparmor4.0.0 [38/82]: Stacking v38: LSM: Add a function to report multiple LSMs - SAUCE: apparmor4.0.0 [39/82]: Stacking v38: Audit: Allow multiple records in an audit_buffer - SAUCE: apparmor4.0.0 [40/82]: Stacking v38: Audit: Add record for multiple task security contexts - SAUCE: apparmor4.0.0 [41/82]: Stacking v38: audit: multiple subject lsm values for netlabel - SAUCE: apparmor4.0.0 [42/82]: Stacking v38: Audit: Add record for multiple object contexts - SAUCE: apparmor4.0.0 [43/82]: Stacking v38: netlabel: Use a struct lsmblob in audit data - SAUCE: apparmor4.0.0 [44/82]: Stacking v38: LSM: Removed scaffolding function lsmcontext_init - SAUCE: apparmor4.0.0 [45/82]: Stacking v38: AppArmor: Remove the exclusive flag - SAUCE: apparmor4.0.0 [46/82]: combine common_audit_data and apparmor_audit_data - SAUCE: apparmor4.0.0 [47/82]: setup slab cache for audit data - SAUCE: apparmor4.0.0 [48/82]: rename audit_data->label to audit_data->subj_label - SAUCE: apparmor4.0.0 [49/82]: pass cred through to audit info. - SAUCE: apparmor4.0.0 [50/82]: Improve debug print infrastructure - SAUCE: apparmor4.0.0 [51/82]: add the ability for profiles to have a learning cache - SAUCE: apparmor4.0.0 [52/82]: enable userspace upcall for mediation - SAUCE: apparmor4.0.0 [53/82]: cache buffers on percpu list if there is lock contention - SAUCE: apparmor4.0.0 [54/82]: advertise availability of exended perms - SAUCE: apparmor4.0.0 [56/82]: cleanup: provide separate audit messages for file and policy checks - SAUCE: apparmor4.0.0 [57/82]: prompt - lock down prompt interface - SAUCE: apparmor4.0.0 [58/82]: prompt - ref count pdb - SAUCE: apparmor4.0.0 [59/82]: prompt - allow controlling of caching of a prompt response - SAUCE: apparmor4.0.0 [60/82]: prompt - add refcount to audit_node in prep or reuse and delete - SAUCE: apparmor4.0.0 [61/82]: prompt - refactor to moving caching to uresponse - SAUCE: apparmor4.0.0 [62/82]: prompt - Improve debug statements - SAUCE: apparmor4.0.0 [63/82]: prompt - fix caching - SAUCE: apparmor4.0.0 [64/82]: prompt - rework build to use append fn, to simplify adding strings - SAUCE: apparmor4.0.0 [65/82]: prompt - refcount notifications - SAUCE: apparmor4.0.0 [66/82]: prompt - add the ability to reply with a profile name - SAUCE: apparmor4.0.0 [67/82]: prompt - fix notification cache when updating - SAUCE: apparmor4.0.0 [68/82]: prompt - add tailglob on name for cache support - SAUCE: apparmor4.0.0 [69/82]: prompt - allow profiles to set prompts as interruptible - SAUCE: apparmor4.0.0 [74/82]: advertise disconnected.path is available - SAUCE: apparmor4.0.0 [75/82]: fix invalid reference on profile->disconnected - SAUCE: apparmor4.0.0 [76/82]: add io_uring mediation - SAUCE: apparmor4.0.0 [77/82]: apparmor: Fix regression in mount mediation * update apparmor and LSM stacking patch set (LP: #2028253) // [FFe] apparmor-4.0.0-alpha2 for unprivileged user namespace restrictions in mantic (LP: #2032602) - SAUCE: apparmor4.0.0 [70/82]: prompt - add support for advanced filtering of notifications - SAUCE: apparmor4.0.0 [71/82]: userns - add the ability to reference a global variable for a feature value - SAUCE: apparmor4.0.0 [72/82]: userns - make it so special unconfined profiles can mediate user namespaces - SAUCE: apparmor4.0.0 [73/82]: userns - allow restricting unprivileged change_profile * LSM stacking and AppArmor for 6.2: additional fixes (LP: #2017903) // update apparmor and LSM stacking patch set (LP: #2028253) - SAUCE: apparmor4.0.0 [55/82]: fix profile verification and enable it * udev fails to make prctl() syscall with apparmor=0 (as used by maas by default) (LP: #2016908) // update apparmor and LSM stacking patch set (LP: #2028253) - SAUCE: apparmor4.0.0 [27/82]: Stacking v38: Fix prctl() syscall with apparmor=0 * Miscellaneous Ubuntu changes - [Config] SECURITY_APPARMOR_RESTRICT_USERNS=y [ Ubuntu: 6.6.0-8.8 ] * mantic/linux-unstable: 6.6.0-8.8 -proposed tracker (LP: #2040243) * Miscellaneous Ubuntu changes - abi: gc reference to phy-rtk-usb2/phy-rtk-usb3 [ Ubuntu: 6.6.0-7.7 ] * mantic/linux-unstable: 6.6.0-7.7 -proposed tracker (LP: #2040147) * test_021_aslr_dapper_libs from ubuntu_qrt_kernel_security failed on K-5.19 / J-OEM-6.1 / J-6.2 AMD64 (LP: #1983357) - [Config]: set ARCH_MMAP_RND_{COMPAT_, }BITS to the maximum * Miscellaneous Ubuntu changes - [Config] updateconfigs following v6.6-rc7 rebase [ Ubuntu: 6.6.0-6.6 ] * mantic/linux-unstable: 6.6.0-6.6 -proposed tracker (LP: #2039780) * Miscellaneous Ubuntu changes - rebase on v6.6-rc6 - [Config] updateconfigs following v6.6-rc6 rebase [ Upstream Kernel Changes ] * Rebase to v6.6-rc6 [ Ubuntu: 6.6.0-5.5 ] * mantic/linux-unstable: 6.6.0-5.5 -proposed tracker (LP: #2038899) * Miscellaneous Ubuntu changes - rebase on v6.6-rc5 - [Config] updateconfigs following v6.6-rc5 rebase [ Upstream Kernel Changes ] * Rebase to v6.6-rc5 [ Ubuntu: 6.6.0-4.4 ] * mantic/linux-unstable: 6.6.0-4.4 -proposed tracker (LP: #2038423) * Miscellaneous Ubuntu changes - rebase on v6.6-rc4 [ Upstream Kernel Changes ] * Rebase to v6.6-rc4 [ Ubuntu: 6.6.0-3.3 ] * mantic/linux-unstable: 6.6.0-3.3 -proposed tracker (LP: #2037622) * Miscellaneous Ubuntu changes - [Config] updateconfigs following v6.6-rc3 rebase * Miscellaneous upstream changes - Revert "UBUNTU: SAUCE: enforce rust availability only on x86_64" - arm64: rust: Enable Rust support for AArch64 - arm64: rust: Enable PAC support for Rust. - arm64: Restrict Rust support to little endian only. [ Ubuntu: 6.6.0-2.2 ] * Miscellaneous upstream changes - UBUBNTU: [Config] build all COMEDI drivers as modules [ Ubuntu: 6.6.0-1.1 ] * Miscellaneous Ubuntu changes - [Packaging] move linux to linux-unstable - [Packaging] rebase on v6.6-rc1 - [Config] updateconfigs following v6.6-rc1 rebase - [packaging] skip ABI, modules and retpoline checks - update dropped.txt - [Config] SHIFT_FS FTBFS with Linux 6.6, disable it - [Config] DELL_UART_BACKLIGHT FTBFS with Linux 6.6, disable it - [Packaging] debian/dkms-versions: temporarily disable dkms - [Packaging] temporarily disable signing for s390x [ Upstream Kernel Changes ] * Rebase to v6.6-rc1 [ Ubuntu: 6.6.0-0.0 ] * Empty entry -- Andrea Righi