linux 5.19.0-19.19 source package in Ubuntu

Changelog

linux (5.19.0-19.19) kinetic; urgency=medium

  * kinetic/linux: 5.19.0-19.19 -proposed tracker (LP: #1990960)

  * kinetic: apply new apparmor and LSM stacking patch set (LP: #1989983)
    - Revert "Revert "Revert "UBUNTU: SAUCE: LSM: Specify which LSM to display
      (using struct cred as input)"""
    - Revert "Revert "Revert "UBUNTU: SAUCE: apparmor: Fix build error, make sk
      parameter const"""
    - Revert "Revert "Revert "UBUNTU: SAUCE: LSM: Use lsmblob in
      smk_netlbl_mls()"""
    - Revert "Revert "Revert "UBUNTU: SAUCE: LSM: change ima_read_file() to use
      lsmblob"""
    - Revert "Revert "Revert "UBUNTU: SAUCE: apparmor: rename kzfree() to
      kfree_sensitive()"""
    - Revert "Revert "Revert "UBUNTU: SAUCE: Audit: Fix for missing NULL check"""
    - Revert "Revert "Revert "UBUNTU: SAUCE: AppArmor: Remove the exclusive
      flag"""
    - Revert "Revert "Revert "UBUNTU: SAUCE: LSM: Add /proc attr entry for full
      LSM context"""
    - Revert "Revert "Revert "UBUNTU: SAUCE: Audit: Add a new record for multiple
      object LSM attributes"""
    - Revert "Revert "Revert "UBUNTU: SAUCE: Audit: Fix incorrect static inline
      function declration."""
    - Revert "Revert "Revert "UBUNTU: SAUCE: Audit: Add new record for multiple
      process LSM attributes"""
    - Revert "Revert "Revert "UBUNTU: SAUCE: NET: Store LSM netlabel data in a
      lsmblob"""
    - Revert "Revert "Revert "UBUNTU: SAUCE: LSM: security_secid_to_secctx in
      netlink netfilter"""
    - Revert "Revert "Revert "UBUNTU: SAUCE: LSM: Use lsmcontext in
      security_inode_getsecctx"""
    - Revert "Revert "Revert "UBUNTU: SAUCE: LSM: Use lsmcontext in
      security_secid_to_secctx"""
    - Revert "Revert "Revert "UBUNTU: SAUCE: LSM: Ensure the correct LSM context
      releaser"""
    - Revert "Revert "Revert "UBUNTU: SAUCE: LSM: Specify which LSM to display"""
    - Revert "Revert "Revert "UBUNTU: SAUCE: IMA: Change internal interfaces to
      use lsmblobs"""
    - Revert "Revert "Revert "UBUNTU: SAUCE: LSM: Use lsmblob in
      security_cred_getsecid"""
    - Revert "Revert "Revert "UBUNTU: SAUCE: LSM: Use lsmblob in
      security_inode_getsecid"""
    - Revert "Revert "Revert "UBUNTU: SAUCE: LSM: Use lsmblob in
      security_task_getsecid"""
    - Revert "Revert "Revert "UBUNTU: SAUCE: LSM: Use lsmblob in
      security_ipc_getsecid"""
    - Revert "Revert "Revert "UBUNTU: SAUCE: LSM: Use lsmblob in
      security_secid_to_secctx"""
    - Revert "Revert "Revert "UBUNTU: SAUCE: LSM: Use lsmblob in
      security_secctx_to_secid"""
    - Revert "Revert "Revert "UBUNTU: SAUCE: net: Prepare UDS for security module
      stacking"""
    - Revert "Revert "Revert "UBUNTU: SAUCE: LSM: Use lsmblob in
      security_kernel_act_as"""
    - Revert "Revert "Revert "UBUNTU: SAUCE: LSM: Use lsmblob in
      security_audit_rule_match"""
    - Revert "Revert "Revert "UBUNTU: SAUCE: LSM: Create and manage the lsmblob
      data structure."""
    - Revert "Revert "Revert "UBUNTU: SAUCE: LSM: Infrastructure management of the
      sock security"""
    - Revert "Revert "Revert "UBUNTU: SAUCE: apparmor: LSM stacking: switch from
      SK_CTX() to aa_sock()"""
    - Revert "Revert "Revert "UBUNTU: SAUCE: apparmor: rename aa_sock() to
      aa_unix_sk()"""
    - Revert "Revert "Revert "UBUNTU: SAUCE: apparmor: disable showing the mode as
      part of a secid to secctx"""
    - Revert "Revert "Revert "apparmor: fix absroot causing audited secids to
      begin with ="""
    - Revert "Revert "Revert "UBUNTU SAUCE: apparmor: fix apparmor mediating
      locking non-fs, unix sockets"""
    - Revert "Revert "Revert "UBUNTU: SAUCE: apparmor: fix use after free in
      sk_peer_label"""
    - Revert "Revert "Revert "UBUNTU: SAUCE: apparmor: af_unix mediation"""
    - Revert "Revert "Revert "UBUNTU: SAUCE: apparmor: patch to provide
      compatibility with v2.x net rules"""
    - Revert "Revert "Revert "UBUNTU: SAUCE: apparmor: add/use fns to print hash
      string hex value"""
    - SAUCE: upstream v6.0: apparmor: fix absroot causing audited secids to begin
      with =
    - SAUCE: upstream v6.0: apparmor: Fix kernel-doc
    - SAUCE: upstream v6.0: lsm: Fix kernel-doc
    - SAUCE: upstream v6.0: apparmor: Update help description of policy hash for
      introspection
    - SAUCE: upstream v6.0: apparmor: make export of raw binary profile to
      userspace optional
    - SAUCE: upstream v6.0: apparmor: Enable tuning of policy paranoid load for
      embedded systems
    - SAUCE: upstream v6.0: apparmor: don't create raw_sha1 symlink if sha1
      hashing is disabled
    - SAUCE: upstream v6.0: apparmor: resolve uninitialized symbol warnings in
      policy_unpack_test.c
    - SAUCE: upstream v6.0: security/apparmor: remove redundant ret variable
    - SAUCE: upstream v6.0: apparmor: Use struct_size() helper in kmalloc()
    - SAUCE: upstream v6.0: apparmor: Fix match_mnt_path_str() and match_mnt()
      kernel-doc comment
    - SAUCE: upstream v6.0: apparmor: Fix some kernel-doc comments
    - SAUCE: upstream v6.0: apparmor: Fix some kernel-doc comments
    - SAUCE: upstream v6.0: apparmor: Fix undefined reference to
      `zlib_deflate_workspacesize'
    - SAUCE: upstream v6.0: apparmor: Fix some kernel-doc comments
    - SAUCE: upstream v6.0: apparmor: test: Remove some casts which are no-longer
      required
    - SAUCE: upstream v6.0: apparmor: add a kernel label to use on kernel objects
    - SAUCE: upstream v6.0: apparmor: Convert secid mapping to XArrays instead of
      IDR
    - SAUCE: upstream v6.0: apparmor: disable showing the mode as part of a secid
      to secctx
    - SAUCE: upstream v6.0: apparmor: Mark alloc_unconfined() as static
    - SAUCE: upstream v6.0: apparmor: Fix some kernel-doc comments
    - SAUCE: upstream v6.0: apparmor: allow label to carry debug flags
    - SAUCE: upstream v6.0: apparmor: extend policydb permission set by making use
      of the xbits
    - SAUCE: upstream v6.0: apparmor: move ptrace mediation to more logical
      task.{h,c}
    - SAUCE: upstream v6.0: apparmor: correct config reference to intended one
    - SAUCE: upstream v6.0: lsm,io_uring: add LSM hooks for the new uring_cmd file
      op
    - SAUCE: upstream v6.0: selinux: implement the security_uring_cmd() LSM hook
    - SAUCE: upstream v6.0: Smack: Provide read control for io_uring_cmd
    - SAUCE: apparmor-next 6.1: apparmor: fix a memleak in multi_transaction_new()
    - SAUCE: apparmor-next 6.1: apparmor: fix lockdep warning when removing a
      namespace
    - SAUCE: apparmor-next 6.1: apparmor: reserve mediation classes
    - SAUCE: apparmor-next 6.1: apparmor: use zstd compression for profile data
    - SAUCE: apparmor-next 6.1: apparmor: expose compression level limits in sysfs
    - SAUCE: apparmor-next 6.1: apparmor: compute file permissions on profile load
    - SAUCE: apparmor-next 6.1: apparmor: compute xmatch permissions on profile
      load
    - SAUCE: apparmor-next 6.1: apparmor: move fperm computation into
      policy_unpack
    - SAUCE: apparmor-next 6.1: apparmor: rework and cleanup fperm computation
    - SAUCE: apparmor-next 6.1: apparmor: convert xmatch to use aa_perms structure
    - SAUCE: apparmor-next 6.1: apparmor: compute policydb permission on profile
      load
    - SAUCE: apparmor-next 6.1: apparmor: combine file_rules and aa_policydb into
      a single shared struct
    - SAUCE: apparmor-next 6.1: apparmor: convert xmatch to using the new shared
      policydb struct
    - SAUCE: apparmor-next 6.1: apparmor: convert fperm lookup to use accept as an
      index
    - SAUCE: apparmor-next 6.1: apparmor: convert xmatch lookup to use accept as
      an index
    - SAUCE: apparmor-next 6.1: apparmor: cleanup shared permission struct
    - SAUCE: apparmor-next 6.1: apparmor: convert policy lookup to use accept as
      an index
    - SAUCE: apparmor-next 6.1: apparmor: preparse for state being more than just
      an integer
    - SAUCE: apparmor-next 6.1: apparmor: Fix abi check to include v8 abi
    - SAUCE: apparmor-next 6.1: apparmor: fix apparmor mediating locking non-fs
      unix sockets
    - SAUCE: apparmor-next 6.1: apparmor: extend policydb permission set by making
      use of the xbits
    - SAUCE: apparmor-next 6.1: apparmor: move dfa perm macros into policy_unpack
    - SAUCE: apparmor-next 6.1: apparmor: extend xindex size
    - SAUCE: apparmor-next 6.1: apparmor: isolate policy backwards compatibility
      to its own file
    - SAUCE: apparmor-next 6.1: apparmor: extend permissions to support a label
      and tag string
    - SAUCE: apparmor-next 6.1: apparmor: add mediation class information to
      auditing
    - SAUCE: apparmor-next 6.1: apparmor: add user mode flag
    - SAUCE: apparmor-next 6.1: apparmor: make transition table unpack generic so
      it can be reused
    - SAUCE: apparmor-next 6.1: apparmor: group dfa policydb unpacking
    - SAUCE: apparmor-next 6.1: apparmor: make unpack_array return a trianary
      value
    - SAUCE: apparmor-next 6.1: apparmor: add the ability for policy to specify a
      permission table
    - SAUCE: apparmor-next 6.1: apparmor: verify permission table indexes
    - SAUCE: apparmor-next 6.1: apparmor: make sure perm indexes are accumulated
    - SAUCE: apparmor-next 6.1: apparmor: cleanup: move perm accumulation into
      perms.h
    - SAUCE: apparmor-next 6.1: apparmor: verify loaded permission bits masks
      don't overlap
    - SAUCE: apparmor-next 6.1: apparmor: refactor profile rules and attachments
    - SAUCE: apparmor-next 6.1: apparmor: rework profile->rules to be a list
    - SAUCE: apparmor-next 6.1: apparmor: fix aa_class_names[] to match reserved
      classes
    - SAUCE: apparmor-next 6.1: apparmor: Fix regression in stacking due to label
      flags
    - SAUCE: apparmor-next 6.1: apparmor: Simplify obtain the newest label on a
      cred
    - SAUCE: apparmor-next 6.1: apparmor: make __aa_path_perm() static
    - SAUCE: apparmor-next 6.1: apparmor: Fix doc comment for compute_fperms
    - SAUCE: apparmor-next 6.1: apparmor: Remove unnecessary size check when
      unpacking trans_table
    - SAUCE: apparmor-next 6.1: apparmor: make sure the decompression ctx is
      promperly initialized
    - SAUCE: apparmor: add/use fns to print hash string hex value
    - SAUCE: apparmor: patch to provide compatibility with v2.x net rules
    - SAUCE: Revert "UBUNTU: SAUCE: apparmor-next 6.1: apparmor: make
      __aa_path_perm() static"
    - SAUCE: apparmor: af_unix mediation
    - SAUCE: fix shutdown unix socket owner conditional check
    - SAUCE: apparmor: rename aa_sock() to aa_unix_sk()
    - SAUCE: apparmor: Add fine grained mediation of posix mqueues
    - SAUCE: apparmor: LSM stacking: switch from SK_CTX() to aa_sock()
    - SAUCE: lsm stacking v37: integrity: disassociate ima_filter_rule from
      security_audit_rule
    - SAUCE: lsm stacking v37: LSM: Infrastructure management of the sock security
    - SAUCE: lsm stacking v37: LSM: Add the lsmblob data structure.
    - SAUCE: lsm stacking v37: LSM: provide lsm name and id slot mappings
    - SAUCE: lsm stacking v37: IMA: avoid label collisions with stacked LSMs
    - SAUCE: lsm stacking v37: LSM: Use lsmblob in security_audit_rule_match
    - SAUCE: lsm stacking v37: LSM: Use lsmblob in security_kernel_act_as
    - SAUCE: lsm stacking v37: LSM: Use lsmblob in security_secctx_to_secid
    - SAUCE: lsm stacking v37: LSM: Use lsmblob in security_secid_to_secctx
    - SAUCE: lsm stacking v37: LSM: Use lsmblob in security_ipc_getsecid
    - SAUCE: lsm stacking v37: LSM: Use lsmblob in security_current_getsecid
    - SAUCE: lsm stacking v37: LSM: Use lsmblob in security_inode_getsecid
    - SAUCE: lsm stacking v37: LSM: Use lsmblob in security_cred_getsecid
    - SAUCE: lsm stacking v37: LSM: Specify which LSM to display
    - SAUCE: fixup lsm stacking v37: LSM: Specify which LSM to display
    - SAUCE: lsm stacking v37: LSM: Ensure the correct LSM context releaser
    - SAUCE: lsm stacking v37: LSM: Use lsmcontext in security_secid_to_secctx
    - SAUCE: lsm stacking v37: LSM: Use lsmcontext in security_inode_getsecctx
    - SAUCE: lsm stacking v37: LSM: Use lsmcontext in
      security_dentry_init_security
    - SAUCE: lsm stacking v37: LSM: security_secid_to_secctx in netlink netfilter
    - SAUCE: lsm stacking v37: NET: Store LSM netlabel data in a lsmblob
    - SAUCE: lsm stacking v37: binder: Pass LSM identifier for confirmation
    - SAUCE: lsm stacking v37: LSM: security_secid_to_secctx module selection
    - SAUCE: lsm stacking v37: Audit: Keep multiple LSM data in audit_names
    - SAUCE: lsm stacking v37: Audit: Create audit_stamp structure
    - SAUCE: lsm stacking v37: LSM: Add a function to report multiple LSMs
    - SAUCE: lsm stacking v37: Audit: Allow multiple records in an audit_buffer
    - SAUCE: lsm stacking v37: Audit: Add record for multiple task security
      contexts
    - SAUCE: lsm stacking v37: audit: multiple subject lsm values for netlabel
    - SAUCE: lsm stacking v37: Audit: Add record for multiple object contexts
    - SAUCE: lsm stacking v37: netlabel: Use a struct lsmblob in audit data
    - SAUCE: lsm stacking v37: LSM: Removed scaffolding function lsmcontext_init
    - SAUCE: lsm stacking v37: LSM: Add /proc attr entry for full LSM context
    - SAUCE: lsm stacking v37: AppArmor: Remove the exclusive flag
    - SAUCE: security, lsm: Introduce security_create_user_ns()
    - SAUCE: bpf-lsm: Make bpf_lsm_userns_create() sleepable
    - SAUCE: selinux: Implement userns_create hook
    - SAUCE: apparmor: add user namespace creation mediation
    - [Config] update configs after apply new apparmor patch set

  * kinetic: apply new apparmor and LSM stacking patch set (LP: #1989983) //
    5.19.0-17.17: kernel NULL pointer dereference, address: 0000000000000084
    (LP: #1990236)
    - SAUCE: apparmor: fix oops in unix owner conditional setup

  * Miscellaneous Ubuntu changes
    - [Config] make sure CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT is enforced

 -- Andrea Righi <email address hidden>  Tue, 27 Sep 2022 16:51:09 +0200

Upload details

Uploaded by:
Andrea Righi
Uploaded to:
Kinetic
Original maintainer:
Ubuntu Kernel Team
Architectures:
all amd64 armhf arm64 ppc64el s390x i386 riscv64
Section:
devel
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
linux_5.19.0.orig.tar.gz 198.6 MiB 32005c0e5b3d03c0fb513b798e0572e8e76d9c5d6c102dfa8ceb0f7422fb2100
linux_5.19.0-19.19.diff.gz 4.3 MiB 8ffbf56b26eddf335d9d6bb12434ec617a0026c07f59e3eba211fa8af42d3f22
linux_5.19.0-19.19.dsc 7.1 KiB aeebf819845af6adeb850bfcf71916bffb9bc70869f7dceb7c77a98021ad553d

Available diffs

View changes file

Binary packages built by this source

linux-buildinfo-5.19.0-19-generic: No summary available for linux-buildinfo-5.19.0-19-generic in ubuntu kinetic.

No description available for linux-buildinfo-5.19.0-19-generic in ubuntu kinetic.

linux-buildinfo-5.19.0-19-generic-64k: No summary available for linux-buildinfo-5.19.0-19-generic-64k in ubuntu kinetic.

No description available for linux-buildinfo-5.19.0-19-generic-64k in ubuntu kinetic.

linux-buildinfo-5.19.0-19-generic-lpae: No summary available for linux-buildinfo-5.19.0-19-generic-lpae in ubuntu kinetic.

No description available for linux-buildinfo-5.19.0-19-generic-lpae in ubuntu kinetic.

linux-cloud-tools-5.19.0-19: No summary available for linux-cloud-tools-5.19.0-19 in ubuntu kinetic.

No description available for linux-cloud-tools-5.19.0-19 in ubuntu kinetic.

linux-cloud-tools-5.19.0-19-generic: No summary available for linux-cloud-tools-5.19.0-19-generic in ubuntu kinetic.

No description available for linux-cloud-tools-5.19.0-19-generic in ubuntu kinetic.

linux-cloud-tools-common: No summary available for linux-cloud-tools-common in ubuntu kinetic.

No description available for linux-cloud-tools-common in ubuntu kinetic.

linux-doc: No summary available for linux-doc in ubuntu kinetic.

No description available for linux-doc in ubuntu kinetic.

linux-headers-5.19.0-19: No summary available for linux-headers-5.19.0-19 in ubuntu kinetic.

No description available for linux-headers-5.19.0-19 in ubuntu kinetic.

linux-headers-5.19.0-19-generic: No summary available for linux-headers-5.19.0-19-generic in ubuntu kinetic.

No description available for linux-headers-5.19.0-19-generic in ubuntu kinetic.

linux-headers-5.19.0-19-generic-64k: No summary available for linux-headers-5.19.0-19-generic-64k in ubuntu kinetic.

No description available for linux-headers-5.19.0-19-generic-64k in ubuntu kinetic.

linux-headers-5.19.0-19-generic-lpae: No summary available for linux-headers-5.19.0-19-generic-lpae in ubuntu kinetic.

No description available for linux-headers-5.19.0-19-generic-lpae in ubuntu kinetic.

linux-image-5.19.0-19-generic: No summary available for linux-image-5.19.0-19-generic in ubuntu kinetic.

No description available for linux-image-5.19.0-19-generic in ubuntu kinetic.

linux-image-5.19.0-19-generic-dbgsym: No summary available for linux-image-5.19.0-19-generic-dbgsym in ubuntu kinetic.

No description available for linux-image-5.19.0-19-generic-dbgsym in ubuntu kinetic.

linux-image-5.19.0-19-generic-lpae: No summary available for linux-image-5.19.0-19-generic-lpae in ubuntu kinetic.

No description available for linux-image-5.19.0-19-generic-lpae in ubuntu kinetic.

linux-image-5.19.0-19-generic-lpae-dbgsym: No summary available for linux-image-5.19.0-19-generic-lpae-dbgsym in ubuntu kinetic.

No description available for linux-image-5.19.0-19-generic-lpae-dbgsym in ubuntu kinetic.

linux-image-unsigned-5.19.0-19-generic: No summary available for linux-image-unsigned-5.19.0-19-generic in ubuntu kinetic.

No description available for linux-image-unsigned-5.19.0-19-generic in ubuntu kinetic.

linux-image-unsigned-5.19.0-19-generic-64k: No summary available for linux-image-unsigned-5.19.0-19-generic-64k in ubuntu kinetic.

No description available for linux-image-unsigned-5.19.0-19-generic-64k in ubuntu kinetic.

linux-image-unsigned-5.19.0-19-generic-64k-dbgsym: No summary available for linux-image-unsigned-5.19.0-19-generic-64k-dbgsym in ubuntu kinetic.

No description available for linux-image-unsigned-5.19.0-19-generic-64k-dbgsym in ubuntu kinetic.

linux-image-unsigned-5.19.0-19-generic-dbgsym: No summary available for linux-image-unsigned-5.19.0-19-generic-dbgsym in ubuntu kinetic.

No description available for linux-image-unsigned-5.19.0-19-generic-dbgsym in ubuntu kinetic.

linux-libc-dev: No summary available for linux-libc-dev in ubuntu kinetic.

No description available for linux-libc-dev in ubuntu kinetic.

linux-modules-5.19.0-19-generic: No summary available for linux-modules-5.19.0-19-generic in ubuntu kinetic.

No description available for linux-modules-5.19.0-19-generic in ubuntu kinetic.

linux-modules-5.19.0-19-generic-64k: No summary available for linux-modules-5.19.0-19-generic-64k in ubuntu kinetic.

No description available for linux-modules-5.19.0-19-generic-64k in ubuntu kinetic.

linux-modules-5.19.0-19-generic-lpae: No summary available for linux-modules-5.19.0-19-generic-lpae in ubuntu kinetic.

No description available for linux-modules-5.19.0-19-generic-lpae in ubuntu kinetic.

linux-modules-extra-5.19.0-19-generic: No summary available for linux-modules-extra-5.19.0-19-generic in ubuntu kinetic.

No description available for linux-modules-extra-5.19.0-19-generic in ubuntu kinetic.

linux-modules-iwlwifi-5.19.0-19-generic: No summary available for linux-modules-iwlwifi-5.19.0-19-generic in ubuntu kinetic.

No description available for linux-modules-iwlwifi-5.19.0-19-generic in ubuntu kinetic.

linux-source-5.19.0: No summary available for linux-source-5.19.0 in ubuntu kinetic.

No description available for linux-source-5.19.0 in ubuntu kinetic.

linux-tools-5.19.0-19: No summary available for linux-tools-5.19.0-19 in ubuntu kinetic.

No description available for linux-tools-5.19.0-19 in ubuntu kinetic.

linux-tools-5.19.0-19-generic: No summary available for linux-tools-5.19.0-19-generic in ubuntu kinetic.

No description available for linux-tools-5.19.0-19-generic in ubuntu kinetic.

linux-tools-5.19.0-19-generic-64k: No summary available for linux-tools-5.19.0-19-generic-64k in ubuntu kinetic.

No description available for linux-tools-5.19.0-19-generic-64k in ubuntu kinetic.

linux-tools-5.19.0-19-generic-lpae: No summary available for linux-tools-5.19.0-19-generic-lpae in ubuntu kinetic.

No description available for linux-tools-5.19.0-19-generic-lpae in ubuntu kinetic.

linux-tools-common: No summary available for linux-tools-common in ubuntu kinetic.

No description available for linux-tools-common in ubuntu kinetic.

linux-tools-host: No summary available for linux-tools-host in ubuntu kinetic.

No description available for linux-tools-host in ubuntu kinetic.