This bug was fixed in the package linux-riscv - 6.8.0-28.28.1 --------------- linux-riscv (6.8.0-28.28.1) noble; urgency=medium * noble/linux-riscv: 6.8.0-28.28.1 -proposed tracker (LP: #2061974) * Packaging resync (LP: #1786013) - [Packaging] drop getabis data - [Packaging] debian.riscv/dkms-versions -- update from kernel-versions (main/d2024.04.04) * Enable Milk-V Mars board (LP: #2061897) - SAUCE: riscv: dts: starfive: add 'cpus' label to jh7110 and jh7100 soc dtsi - SAUCE: dt-bindings: riscv: starfive: add Milkv Mars board - SAUCE: riscv: dts: starfive: visionfive 2: update sound and codec dt node name - SAUCE: riscv: dts: starfive: visionfive 2: use cpus label for timebase freq - SAUCE: riscv: dts: starfive: introduce a common board dtsi for jh7110 based boards - SAUCE: riscv: dts: starfive: add Milkv Mars board device tree * Enable StarFive VisionFive 2 board (LP: #2013232) - SAUCE: riscv: dts: starfive: visionfive 2: Remove non-existing TDM hardware - SAUCE: riscv: dts: starfive: visionfive 2: Remove non-existing I2S hardware [ Ubuntu: 6.8.0-28.28 ] * noble/linux: 6.8.0-28.28 -proposed tracker (LP: #2061867) * linux-gcp 6.8.0-1005.5 (+ others) Noble kernel regression iwth new apparmor profiles/features (LP: #2061851) - SAUCE: apparmor4.0.0 [92/90]: fix address mapping for recvfrom [ Ubuntu: 6.8.0-25.25 ] * noble/linux: 6.8.0-25.25 -proposed tracker (LP: #2061083) * Packaging resync (LP: #1786013) - [Packaging] debian.master/dkms-versions -- update from kernel-versions (main/d2024.04.04) * Apply mitigations for the native BHI hardware vulnerabilty (LP: #2060909) - x86/cpufeatures: Add new word for scattered features - x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file - x86/syscall: Don't force use of indirect calls for system calls - x86/bhi: Add support for clearing branch history at syscall entry - x86/bhi: Define SPEC_CTRL_BHI_DIS_S - x86/bhi: Enumerate Branch History Injection (BHI) bug - x86/bhi: Add BHI mitigation knob - x86/bhi: Mitigate KVM by default - KVM: x86: Add BHI_NO - x86: set SPECTRE_BHI_ON as default - [Config] enable spectre_bhi=auto by default * update apparmor and LSM stacking patch set (LP: #2028253) - SAUCE: apparmor4.0.0 [01/90]: LSM stacking v39: integrity: disassociate ima_filter_rule from security_audit_rule - SAUCE: apparmor4.0.0 [02/90]: LSM stacking v39: SM: Infrastructure management of the sock security - SAUCE: apparmor4.0.0 [03/90]: LSM stacking v39: LSM: Add the lsmblob data structure. - SAUCE: apparmor4.0.0 [04/90]: LSM stacking v39: IMA: avoid label collisions with stacked LSMs - SAUCE: apparmor4.0.0 [05/90]: LSM stacking v39: LSM: Use lsmblob in security_audit_rule_match - SAUCE: apparmor4.0.0 [06/90]: LSM stacking v39: LSM: Add lsmblob_to_secctx hook - SAUCE: apparmor4.0.0 [07/90]: LSM stacking v39: Audit: maintain an lsmblob in audit_context - SAUCE: apparmor4.0.0 [08/90]: LSM stacking v39: LSM: Use lsmblob in security_ipc_getsecid - SAUCE: apparmor4.0.0 [09/90]: LSM stacking v39: Audit: Update shutdown LSM data - SAUCE: apparmor4.0.0 [10/90]: LSM stacking v39: LSM: Use lsmblob in security_current_getsecid - SAUCE: apparmor4.0.0 [11/90]: LSM stacking v39: LSM: Use lsmblob in security_inode_getsecid - SAUCE: apparmor4.0.0 [12/90]: LSM stacking v39: Audit: use an lsmblob in audit_names - SAUCE: apparmor4.0.0 [13/90]: LSM stacking v39: LSM: Create new security_cred_getlsmblob LSM hook - SAUCE: apparmor4.0.0 [14/90]: LSM stacking v39: Audit: Change context data from secid to lsmblob - SAUCE: apparmor4.0.0 [15/90]: LSM stacking v39: Netlabel: Use lsmblob for audit data - SAUCE: apparmor4.0.0 [16/90]: LSM stacking v39: LSM: Ensure the correct LSM context releaser - SAUCE: apparmor4.0.0 [17/90]: LSM stacking v39: LSM: Use lsmcontext in security_secid_to_secctx - SAUCE: apparmor4.0.0 [18/90]: LSM stacking v39: LSM: Use lsmcontext in security_lsmblob_to_secctx - SAUCE: apparmor4.0.0 [19/90]: LSM stacking v39: LSM: Use lsmcontext in security_inode_getsecctx - SAUCE: apparmor4.0.0 [20/90]: LSM stacking v39: LSM: Use lsmcontext in security_dentry_init_security - SAUCE: apparmor4.0.0 [21/90]: LSM stacking v39: LSM: security_lsmblob_to_secctx module selection - SAUCE: apparmor4.0.0 [22/90]: LSM stacking v39: Audit: Create audit_stamp structure - SAUCE: apparmor4.0.0 [23/90]: LSM stacking v39: Audit: Allow multiple records in an audit_buffer - SAUCE: apparmor4.0.0 [24/90]: LSM stacking v39: Audit: Add record for multiple task security contexts - SAUCE: apparmor4.0.0 [25/90]: LSM stacking v39: audit: multiple subject lsm values for netlabel - SAUCE: apparmor4.0.0 [26/90]: LSM stacking v39: Audit: Add record for multiple object contexts - SAUCE: apparmor4.0.0 [27/90]: LSM stacking v39: LSM: Remove unused lsmcontext_init() - SAUCE: apparmor4.0.0 [28/90]: LSM stacking v39: LSM: Improve logic in security_getprocattr - SAUCE: apparmor4.0.0 [29/90]: LSM stacking v39: LSM: secctx provider check on release - SAUCE: apparmor4.0.0 [31/90]: LSM stacking v39: LSM: Exclusive secmark usage - SAUCE: apparmor4.0.0 [32/90]: LSM stacking v39: LSM: Identify which LSM handles the context string - SAUCE: apparmor4.0.0 [33/90]: LSM stacking v39: AppArmor: Remove the exclusive flag - SAUCE: apparmor4.0.0 [34/90]: LSM stacking v39: LSM: Add mount opts blob size tracking - SAUCE: apparmor4.0.0 [35/90]: LSM stacking v39: LSM: allocate mnt_opts blobs instead of module specific data - SAUCE: apparmor4.0.0 [36/90]: LSM stacking v39: LSM: Infrastructure management of the key security blob - SAUCE: apparmor4.0.0 [37/90]: LSM stacking v39: LSM: Infrastructure management of the mnt_opts security blob - SAUCE: apparmor4.0.0 [38/90]: LSM stacking v39: LSM: Correct handling of ENOSYS in inode_setxattr - SAUCE: apparmor4.0.0 [39/90]: LSM stacking v39: LSM: Remove lsmblob scaffolding - SAUCE: apparmor4.0.0 [40/90]: LSM stacking v39: LSM: Allow reservation of netlabel - SAUCE: apparmor4.0.0 [41/90]: LSM stacking v39: LSM: restrict security_cred_getsecid() to a single LSM - SAUCE: apparmor4.0.0 [42/90]: LSM stacking v39: Smack: Remove LSM_FLAG_EXCLUSIVE - SAUCE: apparmor4.0.0 [43/90]: LSM stacking v39: UBUNTU: SAUCE: apparmor4.0.0 [12/95]: add/use fns to print hash string hex value - SAUCE: apparmor4.0.0 [44/90]: patch to provide compatibility with v2.x net rules - SAUCE: apparmor4.0.0 [45/90]: add unpriviled user ns mediation - SAUCE: apparmor4.0.0 [46/90]: Add sysctls for additional controls of unpriv userns restrictions - SAUCE: apparmor4.0.0 [47/90]: af_unix mediation - SAUCE: apparmor4.0.0 [48/90]: Add fine grained mediation of posix mqueues - SAUCE: apparmor4.0.0 [49/90]: setup slab cache for audit data - SAUCE: apparmor4.0.0 [50/90]: Improve debug print infrastructure - SAUCE: apparmor4.0.0 [51/90]: add the ability for profiles to have a learning cache - SAUCE: apparmor4.0.0 [52/90]: enable userspace upcall for mediation - SAUCE: apparmor4.0.0 [53/90]: prompt - lock down prompt interface - SAUCE: apparmor4.0.0 [54/90]: prompt - allow controlling of caching of a prompt response - SAUCE: apparmor4.0.0 [55/90]: prompt - add refcount to audit_node in prep or reuse and delete - SAUCE: apparmor4.0.0 [56/90]: prompt - refactor to moving caching to uresponse - SAUCE: apparmor4.0.0 [57/90]: prompt - Improve debug statements - SAUCE: apparmor4.0.0 [58/90]: prompt - fix caching - SAUCE: apparmor4.0.0 [59/90]: prompt - rework build to use append fn, to simplify adding strings - SAUCE: apparmor4.0.0 [60/90]: prompt - refcount notifications - SAUCE: apparmor4.0.0 [61/90]: prompt - add the ability to reply with a profile name - SAUCE: apparmor4.0.0 [62/90]: prompt - fix notification cache when updating - SAUCE: apparmor4.0.0 [63/90]: prompt - add tailglob on name for cache support - SAUCE: apparmor4.0.0 [64/90]: prompt - allow profiles to set prompts as interruptible - SAUCE: apparmor4.0.0 [65/90] v6.8 prompt:fixup interruptible - SAUCE: apparmor4.0.0 [69/90]: add io_uring mediation - SAUCE: apparmor4.0.0 [70/90]: apparmor: fix oops when racing to retrieve notification - SAUCE: apparmor4.0.0 [71/90]: apparmor: fix notification header size - SAUCE: apparmor4.0.0 [72/90]: apparmor: fix request field from a prompt reply that denies all access - SAUCE: apparmor4.0.0 [73/90]: apparmor: open userns related sysctl so lxc can check if restriction are in place - SAUCE: apparmor4.0.0 [74/90]: apparmor: cleanup attachment perm lookup to use lookup_perms() - SAUCE: apparmor4.0.0 [75/90]: apparmor: remove redundant unconfined check. - SAUCE: apparmor4.0.0 [76/90]: apparmor: switch signal mediation to using RULE_MEDIATES - SAUCE: apparmor4.0.0 [77/90]: apparmor: ensure labels with more than one entry have correct flags - SAUCE: apparmor4.0.0 [78/90]: apparmor: remove explicit restriction that unconfined cannot use change_hat - SAUCE: apparmor4.0.0 [79/90]: apparmor: cleanup: refactor file_perm() to provide semantics of some checks - SAUCE: apparmor4.0.0 [80/90]: apparmor: carry mediation check on label - SAUCE: apparmor4.0.0 [81/90]: apparmor: convert easy uses of unconfined() to label_mediates() - SAUCE: apparmor4.0.0 [82/90]: apparmor: add additional flags to extended permission. - SAUCE: apparmor4.0.0 [83/90]: apparmor: add support for profiles to define the kill signal - SAUCE: apparmor4.0.0 [84/90]: apparmor: fix x_table_lookup when stacking is not the first entry - SAUCE: apparmor4.0.0 [85/90]: apparmor: allow profile to be transitioned when a user ns is created - SAUCE: apparmor4.0.0 [86/90]: apparmor: add ability to mediate caps with policy state machine - SAUCE: apparmor4.0.0 [87/90]: fixup notify - SAUCE: apparmor4.0.0 [88/90]: apparmor: add fine grained ipv4/ipv6 mediation - SAUCE: apparmor4.0.0 [89/90]:apparmor: disable tailglob responses for now - SAUCE: apparmor4.0.0 [90/90]: apparmor: Fix notify build warnings - SAUCE: apparmor4.0.0: fix reserved mem for when we save ipv6 addresses - [Config] disable CONFIG_SECURITY_APPARMOR_RESTRICT_USERNS * update apparmor and LSM stacking patch set (LP: #2028253) // [FFe] apparmor-4.0.0-alpha2 for unprivileged user namespace restrictions in mantic (LP: #2032602) - SAUCE: apparmor4.0.0 [66/90]: prompt - add support for advanced filtering of notifications - SAUCE: apparmor4.0.0 [67/90]: userns - add the ability to reference a global variable for a feature value - SAUCE: apparmor4.0.0 [68/90]: userns - make it so special unconfined profiles can mediate user namespaces * [MTL] x86: Fix Cache info sysfs is not populated (LP: #2049793) - SAUCE: cacheinfo: Check for null last-level cache info - SAUCE: cacheinfo: Allocate memory for memory if not done from the primary CPU - SAUCE: x86/cacheinfo: Delete global num_cache_leaves - SAUCE: x86/cacheinfo: Clean out init_cache_level() * Miscellaneous Ubuntu changes - SAUCE: apparmor4.0.0: LSM stacking v39: fix build error with CONFIG_SECURITY=n - [Config] toolchain version update [ Ubuntu: 6.8.0-22.22 ] * noble/linux: 6.8.0-22.22 -proposed tracker (LP: #2060238) [ Ubuntu: 6.8.0-21.21 ] * noble/linux: 6.8.0-21.21 -proposed tracker (LP: #2060225) * Miscellaneous Ubuntu changes - [Config] update toolchain version in annotations -- Emil Renner Berthing