Ubuntu
linux package

linux 6.8.0-25.25 source package in Ubuntu

Changelog

linux (6.8.0-25.25) noble; urgency=medium

  * noble/linux: 6.8.0-25.25 -proposed tracker (LP: #2061083)

  * Packaging resync (LP: #1786013)
    - [Packaging] debian.master/dkms-versions -- update from kernel-versions
      (main/d2024.04.04)

  * Apply mitigations for the native BHI hardware vulnerabilty (LP: #2060909)
    - x86/cpufeatures: Add new word for scattered features
    - x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file
    - x86/syscall: Don't force use of indirect calls for system calls
    - x86/bhi: Add support for clearing branch history at syscall entry
    - x86/bhi: Define SPEC_CTRL_BHI_DIS_S
    - x86/bhi: Enumerate Branch History Injection (BHI) bug
    - x86/bhi: Add BHI mitigation knob
    - x86/bhi: Mitigate KVM by default
    - KVM: x86: Add BHI_NO
    - x86: set SPECTRE_BHI_ON as default
    - [Config] enable spectre_bhi=auto by default

  * update apparmor and LSM stacking patch set (LP: #2028253)
    - SAUCE: apparmor4.0.0 [01/90]: LSM stacking v39: integrity: disassociate
      ima_filter_rule from security_audit_rule
    - SAUCE: apparmor4.0.0 [02/90]: LSM stacking v39: SM: Infrastructure
      management of the sock security
    - SAUCE: apparmor4.0.0 [03/90]: LSM stacking v39: LSM: Add the lsmblob data
      structure.
    - SAUCE: apparmor4.0.0 [04/90]: LSM stacking v39: IMA: avoid label collisions
      with stacked LSMs
    - SAUCE: apparmor4.0.0 [05/90]: LSM stacking v39: LSM: Use lsmblob in
      security_audit_rule_match
    - SAUCE: apparmor4.0.0 [06/90]: LSM stacking v39: LSM: Add lsmblob_to_secctx
      hook
    - SAUCE: apparmor4.0.0 [07/90]: LSM stacking v39: Audit: maintain an lsmblob
      in audit_context
    - SAUCE: apparmor4.0.0 [08/90]: LSM stacking v39: LSM: Use lsmblob in
      security_ipc_getsecid
    - SAUCE: apparmor4.0.0 [09/90]: LSM stacking v39: Audit: Update shutdown LSM
      data
    - SAUCE: apparmor4.0.0 [10/90]: LSM stacking v39: LSM: Use lsmblob in
      security_current_getsecid
    - SAUCE: apparmor4.0.0 [11/90]: LSM stacking v39: LSM: Use lsmblob in
      security_inode_getsecid
    - SAUCE: apparmor4.0.0 [12/90]: LSM stacking v39: Audit: use an lsmblob in
      audit_names
    - SAUCE: apparmor4.0.0 [13/90]: LSM stacking v39: LSM: Create new
      security_cred_getlsmblob LSM hook
    - SAUCE: apparmor4.0.0 [14/90]: LSM stacking v39: Audit: Change context data
      from secid to lsmblob
    - SAUCE: apparmor4.0.0 [15/90]: LSM stacking v39: Netlabel: Use lsmblob for
      audit data
    - SAUCE: apparmor4.0.0 [16/90]: LSM stacking v39: LSM: Ensure the correct LSM
      context releaser
    - SAUCE: apparmor4.0.0 [17/90]: LSM stacking v39: LSM: Use lsmcontext in
      security_secid_to_secctx
    - SAUCE: apparmor4.0.0 [18/90]: LSM stacking v39: LSM: Use lsmcontext in
      security_lsmblob_to_secctx
    - SAUCE: apparmor4.0.0 [19/90]: LSM stacking v39: LSM: Use lsmcontext in
      security_inode_getsecctx
    - SAUCE: apparmor4.0.0 [20/90]: LSM stacking v39: LSM: Use lsmcontext in
      security_dentry_init_security
    - SAUCE: apparmor4.0.0 [21/90]: LSM stacking v39: LSM:
      security_lsmblob_to_secctx module selection
    - SAUCE: apparmor4.0.0 [22/90]: LSM stacking v39: Audit: Create audit_stamp
      structure
    - SAUCE: apparmor4.0.0 [23/90]: LSM stacking v39: Audit: Allow multiple
      records in an audit_buffer
    - SAUCE: apparmor4.0.0 [24/90]: LSM stacking v39: Audit: Add record for
      multiple task security contexts
    - SAUCE: apparmor4.0.0 [25/90]: LSM stacking v39: audit: multiple subject lsm
      values for netlabel
    - SAUCE: apparmor4.0.0 [26/90]: LSM stacking v39: Audit: Add record for
      multiple object contexts
    - SAUCE: apparmor4.0.0 [27/90]: LSM stacking v39: LSM: Remove unused
      lsmcontext_init()
    - SAUCE: apparmor4.0.0 [28/90]: LSM stacking v39: LSM: Improve logic in
      security_getprocattr
    - SAUCE: apparmor4.0.0 [29/90]: LSM stacking v39: LSM: secctx provider check
      on release
    - SAUCE: apparmor4.0.0 [31/90]: LSM stacking v39: LSM: Exclusive secmark usage
    - SAUCE: apparmor4.0.0 [32/90]: LSM stacking v39: LSM: Identify which LSM
      handles the context string
    - SAUCE: apparmor4.0.0 [33/90]: LSM stacking v39: AppArmor: Remove the
      exclusive flag
    - SAUCE: apparmor4.0.0 [34/90]: LSM stacking v39: LSM: Add mount opts blob
      size tracking
    - SAUCE: apparmor4.0.0 [35/90]: LSM stacking v39: LSM: allocate mnt_opts blobs
      instead of module specific data
    - SAUCE: apparmor4.0.0 [36/90]: LSM stacking v39: LSM: Infrastructure
      management of the key security blob
    - SAUCE: apparmor4.0.0 [37/90]: LSM stacking v39: LSM: Infrastructure
      management of the mnt_opts security blob
    - SAUCE: apparmor4.0.0 [38/90]: LSM stacking v39: LSM: Correct handling of
      ENOSYS in inode_setxattr
    - SAUCE: apparmor4.0.0 [39/90]: LSM stacking v39: LSM: Remove lsmblob
      scaffolding
    - SAUCE: apparmor4.0.0 [40/90]: LSM stacking v39: LSM: Allow reservation of
      netlabel
    - SAUCE: apparmor4.0.0 [41/90]: LSM stacking v39: LSM: restrict
      security_cred_getsecid() to a single LSM
    - SAUCE: apparmor4.0.0 [42/90]: LSM stacking v39: Smack: Remove
      LSM_FLAG_EXCLUSIVE
    - SAUCE: apparmor4.0.0 [43/90]: LSM stacking v39: UBUNTU: SAUCE: apparmor4.0.0
      [12/95]: add/use fns to print hash string hex value
    - SAUCE: apparmor4.0.0 [44/90]: patch to provide compatibility with v2.x net
      rules
    - SAUCE: apparmor4.0.0 [45/90]: add unpriviled user ns mediation
    - SAUCE: apparmor4.0.0 [46/90]: Add sysctls for additional controls of unpriv
      userns restrictions
    - SAUCE: apparmor4.0.0 [47/90]: af_unix mediation
    - SAUCE: apparmor4.0.0 [48/90]: Add fine grained mediation of posix mqueues
    - SAUCE: apparmor4.0.0 [49/90]: setup slab cache for audit data
    - SAUCE: apparmor4.0.0 [50/90]: Improve debug print infrastructure
    - SAUCE: apparmor4.0.0 [51/90]: add the ability for profiles to have a
      learning cache
    - SAUCE: apparmor4.0.0 [52/90]: enable userspace upcall for mediation
    - SAUCE: apparmor4.0.0 [53/90]: prompt - lock down prompt interface
    - SAUCE: apparmor4.0.0 [54/90]: prompt - allow controlling of caching of a
      prompt response
    - SAUCE: apparmor4.0.0 [55/90]: prompt - add refcount to audit_node in prep or
      reuse and delete
    - SAUCE: apparmor4.0.0 [56/90]: prompt - refactor to moving caching to
      uresponse
    - SAUCE: apparmor4.0.0 [57/90]: prompt - Improve debug statements
    - SAUCE: apparmor4.0.0 [58/90]: prompt - fix caching
    - SAUCE: apparmor4.0.0 [59/90]: prompt - rework build to use append fn, to
      simplify adding strings
    - SAUCE: apparmor4.0.0 [60/90]: prompt - refcount notifications
    - SAUCE: apparmor4.0.0 [61/90]: prompt - add the ability to reply with a
      profile name
    - SAUCE: apparmor4.0.0 [62/90]: prompt - fix notification cache when updating
    - SAUCE: apparmor4.0.0 [63/90]: prompt - add tailglob on name for cache
      support
    - SAUCE: apparmor4.0.0 [64/90]: prompt - allow profiles to set prompts as
      interruptible
    - SAUCE: apparmor4.0.0 [65/90] v6.8 prompt:fixup interruptible
    - SAUCE: apparmor4.0.0 [69/90]: add io_uring mediation
    - SAUCE: apparmor4.0.0 [70/90]: apparmor: fix oops when racing to retrieve
      notification
    - SAUCE: apparmor4.0.0 [71/90]: apparmor: fix notification header size
    - SAUCE: apparmor4.0.0 [72/90]: apparmor: fix request field from a prompt
      reply that denies all access
    - SAUCE: apparmor4.0.0 [73/90]: apparmor: open userns related sysctl so lxc
      can check if restriction are in place
    - SAUCE: apparmor4.0.0 [74/90]: apparmor: cleanup attachment perm lookup to
      use lookup_perms()
    - SAUCE: apparmor4.0.0 [75/90]: apparmor: remove redundant unconfined check.
    - SAUCE: apparmor4.0.0 [76/90]: apparmor: switch signal mediation to using
      RULE_MEDIATES
    - SAUCE: apparmor4.0.0 [77/90]: apparmor: ensure labels with more than one
      entry have correct flags
    - SAUCE: apparmor4.0.0 [78/90]: apparmor: remove explicit restriction that
      unconfined cannot use change_hat
    - SAUCE: apparmor4.0.0 [79/90]: apparmor: cleanup: refactor file_perm() to
      provide semantics of some checks
    - SAUCE: apparmor4.0.0 [80/90]: apparmor: carry mediation check on label
    - SAUCE: apparmor4.0.0 [81/90]: apparmor: convert easy uses of unconfined() to
      label_mediates()
    - SAUCE: apparmor4.0.0 [82/90]: apparmor: add additional flags to extended
      permission.
    - SAUCE: apparmor4.0.0 [83/90]: apparmor: add support for profiles to define
      the kill signal
    - SAUCE: apparmor4.0.0 [84/90]: apparmor: fix x_table_lookup when stacking is
      not the first entry
    - SAUCE: apparmor4.0.0 [85/90]: apparmor: allow profile to be transitioned
      when a user ns is created
    - SAUCE: apparmor4.0.0 [86/90]: apparmor: add ability to mediate caps with
      policy state machine
    - SAUCE: apparmor4.0.0 [87/90]: fixup notify
    - SAUCE: apparmor4.0.0 [88/90]: apparmor: add fine grained ipv4/ipv6 mediation
    - SAUCE: apparmor4.0.0 [89/90]:apparmor: disable tailglob responses for now
    - SAUCE: apparmor4.0.0 [90/90]: apparmor: Fix notify build warnings
    - SAUCE: apparmor4.0.0: fix reserved mem for when we save ipv6 addresses
    - [Config] disable CONFIG_SECURITY_APPARMOR_RESTRICT_USERNS

  * update apparmor and LSM stacking patch set (LP: #2028253) // [FFe]
    apparmor-4.0.0-alpha2 for unprivileged user namespace restrictions in mantic
    (LP: #2032602)
    - SAUCE: apparmor4.0.0 [66/90]: prompt - add support for advanced filtering of
      notifications
    - SAUCE: apparmor4.0.0 [67/90]: userns - add the ability to reference a global
      variable for a feature value
    - SAUCE: apparmor4.0.0 [68/90]: userns - make it so special unconfined
      profiles can mediate user namespaces

  * [MTL] x86: Fix Cache info sysfs is not populated (LP: #2049793)
    - SAUCE: cacheinfo: Check for null last-level cache info
    - SAUCE: cacheinfo: Allocate memory for memory if not done from the primary
      CPU
    - SAUCE: x86/cacheinfo: Delete global num_cache_leaves
    - SAUCE: x86/cacheinfo: Clean out init_cache_level()

  * Miscellaneous Ubuntu changes
    - SAUCE: apparmor4.0.0: LSM stacking v39: fix build error with
      CONFIG_SECURITY=n
    - [Config] toolchain version update

 -- Paolo Pisati <email address hidden>  Fri, 12 Apr 2024 10:42:33 +0200

Upload details

Uploaded by:
Paolo Pisati
Uploaded to:
Noble
Original maintainer:
Ubuntu Kernel Team
Architectures:
all amd64 armhf arm64 ppc64el s390x i386 riscv64
Section:
devel
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
linux_6.8.0.orig.tar.gz 219.4 MiB 26512115972bdf017a4ac826cc7d3e9b0ba397d4f85cd330e4e4ff54c78061c8
linux_6.8.0-25.25.diff.gz 1.1 MiB 7efbbd9b4aa37bb7047d4b7e73273c22bae1877340e5cac038abcf85409ce728
linux_6.8.0-25.25.dsc 8.9 KiB 6451bf80c469a8274c3d5f6fb33a996300a50abe9ec2e48e83079f94eb677c5e

Available diffs

View changes file

Binary packages built by this source

linux-buildinfo-6.8.0-25-generic: No summary available for linux-buildinfo-6.8.0-25-generic in ubuntu noble.

No description available for linux-buildinfo-6.8.0-25-generic in ubuntu noble.

linux-buildinfo-6.8.0-25-generic-64k: No summary available for linux-buildinfo-6.8.0-25-generic-64k in ubuntu noble.

No description available for linux-buildinfo-6.8.0-25-generic-64k in ubuntu noble.

linux-cloud-tools-6.8.0-25: No summary available for linux-cloud-tools-6.8.0-25 in ubuntu noble.

No description available for linux-cloud-tools-6.8.0-25 in ubuntu noble.

linux-cloud-tools-6.8.0-25-generic: No summary available for linux-cloud-tools-6.8.0-25-generic in ubuntu noble.

No description available for linux-cloud-tools-6.8.0-25-generic in ubuntu noble.

linux-cloud-tools-common: Linux kernel version specific cloud tools for version 6.8.0

 This package provides the architecture independent parts for kernel
 version locked tools for cloud tools for version 6.8.0.

linux-doc: Linux kernel specific documentation for version 6.8.0

 This package is deprecated and it is temporarily provided only for
 compatibility reasons. It will be dropped in the future.

linux-headers-6.8.0-25: No summary available for linux-headers-6.8.0-25 in ubuntu noble.

No description available for linux-headers-6.8.0-25 in ubuntu noble.

linux-headers-6.8.0-25-generic: No summary available for linux-headers-6.8.0-25-generic in ubuntu noble.

No description available for linux-headers-6.8.0-25-generic in ubuntu noble.

linux-headers-6.8.0-25-generic-64k: No summary available for linux-headers-6.8.0-25-generic-64k in ubuntu noble.

No description available for linux-headers-6.8.0-25-generic-64k in ubuntu noble.

linux-image-6.8.0-25-generic: No summary available for linux-image-6.8.0-25-generic in ubuntu noble.

No description available for linux-image-6.8.0-25-generic in ubuntu noble.

linux-image-6.8.0-25-generic-dbgsym: No summary available for linux-image-6.8.0-25-generic-dbgsym in ubuntu noble.

No description available for linux-image-6.8.0-25-generic-dbgsym in ubuntu noble.

linux-image-unsigned-6.8.0-25-generic: No summary available for linux-image-unsigned-6.8.0-25-generic in ubuntu noble.

No description available for linux-image-unsigned-6.8.0-25-generic in ubuntu noble.

linux-image-unsigned-6.8.0-25-generic-64k: No summary available for linux-image-unsigned-6.8.0-25-generic-64k in ubuntu noble.

No description available for linux-image-unsigned-6.8.0-25-generic-64k in ubuntu noble.

linux-image-unsigned-6.8.0-25-generic-64k-dbgsym: No summary available for linux-image-unsigned-6.8.0-25-generic-64k-dbgsym in ubuntu noble.

No description available for linux-image-unsigned-6.8.0-25-generic-64k-dbgsym in ubuntu noble.

linux-image-unsigned-6.8.0-25-generic-dbgsym: No summary available for linux-image-unsigned-6.8.0-25-generic-dbgsym in ubuntu noble.

No description available for linux-image-unsigned-6.8.0-25-generic-dbgsym in ubuntu noble.

linux-lib-rust-6.8.0-25-generic: No summary available for linux-lib-rust-6.8.0-25-generic in ubuntu noble.

No description available for linux-lib-rust-6.8.0-25-generic in ubuntu noble.

linux-libc-dev: Linux Kernel Headers for development

 This package provides headers from the Linux kernel. These headers
 are used by the installed headers for GNU glibc and other system
 libraries. They are NOT meant to be used to build third-party modules for
 your kernel. Use linux-headers-* packages for that.

linux-modules-6.8.0-25-generic: No summary available for linux-modules-6.8.0-25-generic in ubuntu noble.

No description available for linux-modules-6.8.0-25-generic in ubuntu noble.

linux-modules-6.8.0-25-generic-64k: No summary available for linux-modules-6.8.0-25-generic-64k in ubuntu noble.

No description available for linux-modules-6.8.0-25-generic-64k in ubuntu noble.

linux-modules-extra-6.8.0-25-generic: No summary available for linux-modules-extra-6.8.0-25-generic in ubuntu noble.

No description available for linux-modules-extra-6.8.0-25-generic in ubuntu noble.

linux-modules-ipu6-6.8.0-25-generic: No summary available for linux-modules-ipu6-6.8.0-25-generic in ubuntu noble.

No description available for linux-modules-ipu6-6.8.0-25-generic in ubuntu noble.

linux-modules-ivsc-6.8.0-25-generic: No summary available for linux-modules-ivsc-6.8.0-25-generic in ubuntu noble.

No description available for linux-modules-ivsc-6.8.0-25-generic in ubuntu noble.

linux-modules-iwlwifi-6.8.0-25-generic: No summary available for linux-modules-iwlwifi-6.8.0-25-generic in ubuntu noble.

No description available for linux-modules-iwlwifi-6.8.0-25-generic in ubuntu noble.

linux-source-6.8.0: Linux kernel source for version 6.8.0 with Ubuntu patches

 This package provides the source code for the Linux kernel version
 6.8.0.
 .
 This package is mainly meant for other packages to use, in order to build
 custom flavours.
 .
 If you wish to use this package to create a custom Linux kernel, then it
 is suggested that you investigate the package kernel-package, which has
 been designed to ease the task of creating kernel image packages.
 .
 If you are simply trying to build third-party modules for your kernel,
 you do not want this package. Install the appropriate linux-headers
 package instead.

linux-tools-6.8.0-25: No summary available for linux-tools-6.8.0-25 in ubuntu noble.

No description available for linux-tools-6.8.0-25 in ubuntu noble.

linux-tools-6.8.0-25-generic: No summary available for linux-tools-6.8.0-25-generic in ubuntu noble.

No description available for linux-tools-6.8.0-25-generic in ubuntu noble.

linux-tools-6.8.0-25-generic-64k: No summary available for linux-tools-6.8.0-25-generic-64k in ubuntu noble.

No description available for linux-tools-6.8.0-25-generic-64k in ubuntu noble.

linux-tools-common: Linux kernel version specific tools for version 6.8.0

 This package provides the architecture independent parts for kernel
 version locked tools (such as perf and x86_energy_perf_policy) for
 version 6.8.0.

linux-tools-host: Linux kernel VM host tools

 This package provides kernel tools useful for VM hosts.