Bug #2046184 “[arm64] Increase max CPU count to 512” : Bugs : linux-oracle package : Ubuntu

John Cabaj (john-cabaj) on 2023-12-11

description:	updated
description:	updated
description:	updated

Stefan Bader (smb) on 2023-12-12

Changed in linux-oracle (Ubuntu Mantic):
status:	New → In Progress
importance:	Undecided → Medium

Revision history for this message

John Cabaj (john-cabaj) wrote on 2023-12-12:

#1

Lunar will be EOL and Jammy now has the 6.5 kernel, so not including Lunar.

Changed in linux-oracle (Ubuntu Jammy):
status:	New → In Progress
Changed in linux-oracle (Ubuntu Noble):
status:	New → In Progress

Stefan Bader (smb) on 2023-12-13

Changed in linux-oracle (Ubuntu Jammy):
importance:	Undecided → Medium

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2024-01-16:

#2

This bug is awaiting verification that the linux-oracle/6.5.0-1014.14 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-mantic-linux-oracle' to 'verification-done-mantic-linux-oracle'. If the problem still exists, change the tag 'verification-needed-mantic-linux-oracle' to 'verification-failed-mantic-linux-oracle'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-mantic-linux-oracle-v2 verification-needed-mantic-linux-oracle

Revision history for this message

Launchpad Janitor (janitor) wrote on 2024-01-25:

#3

This bug was fixed in the package linux-oracle - 6.5.0-1014.14

---------------
linux-oracle (6.5.0-1014.14) mantic; urgency=medium

* mantic/linux-oracle: 6.5.0-1014.14 -proposed tracker (LP: #2048542)

  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log
    - [Packaging] resync update-dkms-versions helper
    - [Packaging] remove helper scripts

* [arm64] Increase max CPU count to 512 (LP: #2046184)
- [Config]: oracle: Increase max CPU count to 512

[ Ubuntu: 6.5.0-15.15 ]

  * mantic/linux: 6.5.0-15.15 -proposed tracker (LP: #2048549)
  * CVE-2024-0193
    - netfilter: nf_tables: skip set commit for deleted/destroyed sets
  * CVE-2023-6606
    - smb: client: fix OOB in smbCalcSize()
  * CVE-2023-6817
    - netfilter: nft_set_pipapo: skip inactive elements during set walk
  * CVE-2023-6932
    - ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet
  * CVE-2023-6931
    - perf: Fix perf_event_validate_size()
    - perf: Fix perf_event_validate_size() lockdep splat

-- John Cabaj <email address hidden> Thu, 11 Jan 2024 13:15:55 -0600

Changed in linux-oracle (Ubuntu Mantic):
status:	In Progress → Fix Released

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2024-01-26:

#4

This bug is awaiting verification that the linux-oracle/5.15.0-1051.57 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy-linux-oracle' to 'verification-done-jammy-linux-oracle'. If the problem still exists, change the tag 'verification-needed-jammy-linux-oracle' to 'verification-failed-jammy-linux-oracle'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-jammy-linux-oracle-v2 verification-needed-jammy-linux-oracle

John Cabaj (john-cabaj) on 2024-02-01

Changed in linux-oracle (Ubuntu Jammy):
status:	In Progress → Fix Released

Roxana Nicolescu (roxanan) on 2024-02-06

tags:

added: verification-done-jammy-linux-oracle verification-done-mantic-linux-oracle
removed: verification-needed-jammy-linux-oracle verification-needed-mantic-linux-oracle

Revision history for this message

Launchpad Janitor (janitor) wrote on 2024-03-02:

#5

Download full text (49.2 KiB)

This bug was fixed in the package linux-oracle - 6.8.0-1001.1

---------------
linux-oracle (6.8.0-1001.1) noble; urgency=medium

* noble/linux-oracle: 6.8.0-1001.1 -proposed tracker (LP: #2052776)

  * Packaging resync (LP: #1786013)
    - debian.oracle/dkms-versions -- update from kernel-versions
      (main/d2024.02.07)

* [arm64] Increase max CPU count to 512 (LP: #2046184)
- [Config]: oracle: Increase max CPU count to 512

* Miscellaneous Ubuntu changes
- [Config] updateconfigs following 6.8.0-7.7 rebase

[ Ubuntu: 6.8.0-7.7 ]

  * noble/linux: 6.8.0-7.7 -proposed tracker (LP: #2052691)
  * update apparmor and LSM stacking patch set (LP: #2028253)
    - SAUCE: apparmor4.0.0 [01/87]: LSM stacking v39: integrity: disassociate
      ima_filter_rule from security_audit_rule
    - SAUCE: apparmor4.0.0 [02/87]: LSM stacking v39: SM: Infrastructure
      management of the sock security
    - SAUCE: apparmor4.0.0 [03/87]: LSM stacking v39: LSM: Add the lsmblob data
      structure.
    - SAUCE: apparmor4.0.0 [04/87]: LSM stacking v39: IMA: avoid label collisions
      with stacked LSMs
    - SAUCE: apparmor4.0.0 [05/87]: LSM stacking v39: LSM: Use lsmblob in
      security_audit_rule_match
    - SAUCE: apparmor4.0.0 [06/87]: LSM stacking v39: LSM: Add lsmblob_to_secctx
      hook
    - SAUCE: apparmor4.0.0 [07/87]: LSM stacking v39: Audit: maintain an lsmblob
      in audit_context
    - SAUCE: apparmor4.0.0 [08/87]: LSM stacking v39: LSM: Use lsmblob in
      security_ipc_getsecid
    - SAUCE: apparmor4.0.0 [09/87]: LSM stacking v39: Audit: Update shutdown LSM
      data
    - SAUCE: apparmor4.0.0 [10/87]: LSM stacking v39: LSM: Use lsmblob in
      security_current_getsecid
    - SAUCE: apparmor4.0.0 [11/87]: LSM stacking v39: LSM: Use lsmblob in
      security_inode_getsecid
    - SAUCE: apparmor4.0.0 [12/87]: LSM stacking v39: Audit: use an lsmblob in
      audit_names
    - SAUCE: apparmor4.0.0 [13/87]: LSM stacking v39: LSM: Create new
      security_cred_getlsmblob LSM hook
    - SAUCE: apparmor4.0.0 [14/87]: LSM stacking v39: Audit: Change context data
      from secid to lsmblob
    - SAUCE: apparmor4.0.0 [15/87]: LSM stacking v39: Netlabel: Use lsmblob for
      audit data
    - SAUCE: apparmor4.0.0 [16/87]: LSM stacking v39: LSM: Ensure the correct LSM
      context releaser
    - SAUCE: apparmor4.0.0 [17/87]: LSM stacking v39: LSM: Use lsmcontext in
      security_secid_to_secctx
    - SAUCE: apparmor4.0.0 [18/87]: LSM stacking v39: LSM: Use lsmcontext in
      security_lsmblob_to_secctx
    - SAUCE: apparmor4.0.0 [19/87]: LSM stacking v39: LSM: Use lsmcontext in
      security_inode_getsecctx
    - SAUCE: apparmor4.0.0 [20/87]: LSM stacking v39: LSM: Use lsmcontext in
      security_dentry_init_security
    - SAUCE: apparmor4.0.0 [21/87]: LSM stacking v39: LSM:
      security_lsmblob_to_secctx module selection
    - SAUCE: apparmor4.0.0 [22/87]: LSM stacking v39: Audit: Create audit_stamp
      structure
    - SAUCE: apparmor4.0.0 [23/87]: LSM stacking v39: Audit: Allow multiple
      records in an audit_buffer
    - SAUCE: apparmor4.0.0 [24/87]: LSM stacking v39: Audit: Add record for
      multiple task security co...

This bug was fixed in the package linux-oracle - 6.8.0-1001.1

---------------
linux-oracle (6.8.0-1001.1) noble; urgency=medium

* noble/linux-oracle: 6.8.0-1001.1 -proposed tracker (LP: #2052776)

* Packaging resync (LP: #1786013)
    - debian.oracle/dkms-versions -- update from kernel-versions
      (main/d2024.02.07)

* [arm64] Increase max CPU count to 512 (LP: #2046184)
    - [Config]: oracle: Increase max CPU count to 512

* Miscellaneous Ubuntu changes
    - [Config] updateconfigs following 6.8.0-7.7 rebase

[ Ubuntu: 6.8.0-7.7 ]

* noble/linux: 6.8.0-7.7 -proposed tracker (LP: #2052691)
  * update apparmor and LSM stacking patch set (LP: #2028253)
    - SAUCE: apparmor4.0.0 [01/87]: LSM stacking v39: integrity: disassociate
      ima_filter_rule from security_audit_rule
    - SAUCE: apparmor4.0.0 [02/87]: LSM stacking v39: SM: Infrastructure
      management of the sock security
    - SAUCE: apparmor4.0.0 [03/87]: LSM stacking v39: LSM: Add the lsmblob data
      structure.
    - SAUCE: apparmor4.0.0 [04/87]: LSM stacking v39: IMA: avoid label collisions
      with stacked LSMs
    - SAUCE: apparmor4.0.0 [05/87]: LSM stacking v39: LSM: Use lsmblob in
      security_audit_rule_match
    - SAUCE: apparmor4.0.0 [06/87]: LSM stacking v39: LSM: Add lsmblob_to_secctx
      hook
    - SAUCE: apparmor4.0.0 [07/87]: LSM stacking v39: Audit: maintain an lsmblob
      in audit_context
    - SAUCE: apparmor4.0.0 [08/87]: LSM stacking v39: LSM: Use lsmblob in
      security_ipc_getsecid
    - SAUCE: apparmor4.0.0 [09/87]: LSM stacking v39: Audit: Update shutdown LSM
      data
    - SAUCE: apparmor4.0.0 [10/87]: LSM stacking v39: LSM: Use lsmblob in
      security_current_getsecid
    - SAUCE: apparmor4.0.0 [11/87]: LSM stacking v39: LSM: Use lsmblob in
      security_inode_getsecid
    - SAUCE: apparmor4.0.0 [12/87]: LSM stacking v39: Audit: use an lsmblob in
      audit_names
    - SAUCE: apparmor4.0.0 [13/87]: LSM stacking v39: LSM: Create new
      security_cred_getlsmblob LSM hook
    - SAUCE: apparmor4.0.0 [14/87]: LSM stacking v39: Audit: Change context data
      from secid to lsmblob
    - SAUCE: apparmor4.0.0 [15/87]: LSM stacking v39: Netlabel: Use lsmblob for
      audit data
    - SAUCE: apparmor4.0.0 [16/87]: LSM stacking v39: LSM: Ensure the correct LSM
      context releaser
    - SAUCE: apparmor4.0.0 [17/87]: LSM stacking v39: LSM: Use lsmcontext in
      security_secid_to_secctx
    - SAUCE: apparmor4.0.0 [18/87]: LSM stacking v39: LSM: Use lsmcontext in
      security_lsmblob_to_secctx
    - SAUCE: apparmor4.0.0 [19/87]: LSM stacking v39: LSM: Use lsmcontext in
      security_inode_getsecctx
    - SAUCE: apparmor4.0.0 [20/87]: LSM stacking v39: LSM: Use lsmcontext in
      security_dentry_init_security
    - SAUCE: apparmor4.0.0 [21/87]: LSM stacking v39: LSM:
      security_lsmblob_to_secctx module selection
    - SAUCE: apparmor4.0.0 [22/87]: LSM stacking v39: Audit: Create audit_stamp
      structure
    - SAUCE: apparmor4.0.0 [23/87]: LSM stacking v39: Audit: Allow multiple
      records in an audit_buffer
    - SAUCE: apparmor4.0.0 [24/87]: LSM stacking v39: Audit: Add record for
      multiple task security contexts
    - SAUCE: apparmor4.0.0 [25/87]: LSM stacking v39: audit: multiple subject lsm
      values for netlabel
    - SAUCE: apparmor4.0.0 [26/87]: LSM stacking v39: Audit: Add record for
      multiple object contexts
    - SAUCE: apparmor4.0.0 [27/87]: LSM stacking v39: LSM: Remove unused
      lsmcontext_init()
    - SAUCE: apparmor4.0.0 [28/87]: LSM stacking v39: LSM: Improve logic in
      security_getprocattr
    - SAUCE: apparmor4.0.0 [29/87]: LSM stacking v39: LSM: secctx provider check
      on release
    - SAUCE: apparmor4.0.0 [31/87]: LSM stacking v39: LSM: Exclusive secmark usage
    - SAUCE: apparmor4.0.0 [32/87]: LSM stacking v39: LSM: Identify which LSM
      handles the context string
    - SAUCE: apparmor4.0.0 [33/87]: LSM stacking v39: AppArmor: Remove the
      exclusive flag
    - SAUCE: apparmor4.0.0 [34/87]: LSM stacking v39: LSM: Add mount opts blob
      size tracking
    - SAUCE: apparmor4.0.0 [35/87]: LSM stacking v39: LSM: allocate mnt_opts blobs
      instead of module specific data
    - SAUCE: apparmor4.0.0 [36/87]: LSM stacking v39: LSM: Infrastructure
      management of the key security blob
    - SAUCE: apparmor4.0.0 [37/87]: LSM stacking v39: LSM: Infrastructure
      management of the mnt_opts security blob
    - SAUCE: apparmor4.0.0 [38/87]: LSM stacking v39: LSM: Correct handling of
      ENOSYS in inode_setxattr
    - SAUCE: apparmor4.0.0 [39/87]: LSM stacking v39: LSM: Remove lsmblob
      scaffolding
    - SAUCE: apparmor4.0.0 [40/87]: LSM stacking v39: LSM: Allow reservation of
      netlabel
    - SAUCE: apparmor4.0.0 [41/87]: LSM stacking v39: LSM: restrict
      security_cred_getsecid() to a single LSM
    - SAUCE: apparmor4.0.0 [42/87]: LSM stacking v39: Smack: Remove
      LSM_FLAG_EXCLUSIVE
    - SAUCE: apparmor4.0.0 [43/87]: LSM stacking v39: UBUNTU: SAUCE: apparmor4.0.0
      [12/95]: add/use fns to print hash string hex value
    - SAUCE: apparmor4.0.0 [44/87]: patch to provide compatibility with v2.x net
      rules
    - SAUCE: apparmor4.0.0 [45/87]: add unpriviled user ns mediation
    - SAUCE: apparmor4.0.0 [46/87]: Add sysctls for additional controls of unpriv
      userns restrictions
    - SAUCE: apparmor4.0.0 [47/87]: af_unix mediation
    - SAUCE: apparmor4.0.0 [48/87]: Add fine grained mediation of posix mqueues
    - SAUCE: apparmor4.0.0 [49/87]: setup slab cache for audit data
    - SAUCE: apparmor4.0.0 [50/87]: Improve debug print infrastructure
    - SAUCE: apparmor4.0.0 [51/87]: add the ability for profiles to have a
      learning cache
    - SAUCE: apparmor4.0.0 [52/87]: enable userspace upcall for mediation
    - SAUCE: apparmor4.0.0 [53/87]: prompt - lock down prompt interface
    - SAUCE: apparmor4.0.0 [54/87]: prompt - allow controlling of caching of a
      prompt response
    - SAUCE: apparmor4.0.0 [55/87]: prompt - add refcount to audit_node in prep or
      reuse and delete
    - SAUCE: apparmor4.0.0 [56/87]: prompt - refactor to moving caching to
      uresponse
    - SAUCE: apparmor4.0.0 [57/87]: prompt - Improve debug statements
    - SAUCE: apparmor4.0.0 [58/87]: prompt - fix caching
    - SAUCE: apparmor4.0.0 [59/87]: prompt - rework build to use append fn, to
      simplify adding strings
    - SAUCE: apparmor4.0.0 [60/87]: prompt - refcount notifications
    - SAUCE: apparmor4.0.0 [61/87]: prompt - add the ability to reply with a
      profile name
    - SAUCE: apparmor4.0.0 [62/87]: prompt - fix notification cache when updating
    - SAUCE: apparmor4.0.0 [63/87]: prompt - add tailglob on name for cache
      support
    - SAUCE: apparmor4.0.0 [64/87]: prompt - allow profiles to set prompts as
      interruptible
    - SAUCE: apparmor4.0.0 [65/87] v6.8 prompt:fixup interruptible
    - SAUCE: apparmor4.0.0 [69/87]: add io_uring mediation
    - SAUCE: apparmor4.0.0 [70/87]: apparmor: fix oops when racing to retrieve
      notification
    - SAUCE: apparmor4.0.0 [71/87]: apparmor: fix notification header size
    - SAUCE: apparmor4.0.0 [72/87]: apparmor: fix request field from a prompt
      reply that denies all access
    - SAUCE: apparmor4.0.0 [73/87]: apparmor: open userns related sysctl so lxc
      can check if restriction are in place
    - SAUCE: apparmor4.0.0 [74/87]: apparmor: cleanup attachment perm lookup to
      use lookup_perms()
    - SAUCE: apparmor4.0.0 [75/87]: apparmor: remove redundant unconfined check.
    - SAUCE: apparmor4.0.0 [76/87]: apparmor: switch signal mediation to using
      RULE_MEDIATES
    - SAUCE: apparmor4.0.0 [77/87]: apparmor: ensure labels with more than one
      entry have correct flags
    - SAUCE: apparmor4.0.0 [78/87]: apparmor: remove explicit restriction that
      unconfined cannot use change_hat
    - SAUCE: apparmor4.0.0 [79/87]: apparmor: cleanup: refactor file_perm() to
      provide semantics of some checks
    - SAUCE: apparmor4.0.0 [80/87]: apparmor: carry mediation check on label
    - SAUCE: apparmor4.0.0 [81/87]: apparmor: convert easy uses of unconfined() to
      label_mediates()
    - SAUCE: apparmor4.0.0 [82/87]: apparmor: add additional flags to extended
      permission.
    - SAUCE: apparmor4.0.0 [83/87]: apparmor: add support for profiles to define
      the kill signal
    - SAUCE: apparmor4.0.0 [84/87]: apparmor: fix x_table_lookup when stacking is
      not the first entry
    - SAUCE: apparmor4.0.0 [85/87]: apparmor: allow profile to be transitioned
      when a user ns is created
    - SAUCE: apparmor4.0.0 [86/87]: apparmor: add ability to mediate caps with
      policy state machine
    - SAUCE: apparmor4.0.0 [87/87]: fixup notify
    - [Config] disable CONFIG_SECURITY_APPARMOR_RESTRICT_USERNS
  * update apparmor and LSM stacking patch set (LP: #2028253) // [FFe]
    apparmor-4.0.0-alpha2 for unprivileged user namespace restrictions in mantic
    (LP: #2032602)
    - SAUCE: apparmor4.0.0 [66/87]: prompt - add support for advanced filtering of
      notifications
    - SAUCE: apparmor4.0.0 [67/87]: userns - add the ability to reference a global
      variable for a feature value
    - SAUCE: apparmor4.0.0 [68/87]: userns - make it so special unconfined
      profiles can mediate user namespaces

[ Ubuntu: 6.8.0-6.6 ]

* noble/linux: 6.8.0-6.6 -proposed tracker (LP: #2052592)
  * Packaging resync (LP: #1786013)
    - debian.master/dkms-versions -- update from kernel-versions
      (main/d2024.02.07)
    - [Packaging] update variants
  * FIPS kernels should default to fips mode (LP: #2049082)
    - SAUCE: Enable fips mode by default, in FIPS kernels only
  * Fix snapcraftyaml.yaml for jammy:linux-raspi (LP: #2051468)
    - [Packaging] Remove old snapcraft.yaml
  * Azure: Fix regression introduced in LP: #2045069 (LP: #2052453)
    - hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed
  * Miscellaneous Ubuntu changes
    - [Packaging] Remove in-tree abi checks
    - [Packaging] drop abi files with clean
    - [Packaging] Remove do_full_source variable (fixup)
    - [Packaging] Remove update-dkms-versions and move dkms-versions
    - [Config] updateconfigs following v6.8-rc3 rebase
    - [packaging] rename to linux
    - [packaging] rebase on v6.8-rc3
    - [packaging] disable signing for ppc64el
  * Rebase on v6.8-rc3

[ Ubuntu: 6.8.0-5.5 ]

* noble/linux-unstable: 6.8.0-5.5 -proposed tracker (LP: #2052136)
  * Miscellaneous upstream changes
    - Revert "mm/sparsemem: fix race in accessing memory_section->usage"

[ Ubuntu: 6.8.0-4.4 ]

* noble/linux-unstable: 6.8.0-4.4 -proposed tracker (LP: #2051502)
  * Migrate from fbdev drivers to simpledrm and DRM fbdev emulation layer
    (LP: #1965303)
    - [Config] enable simpledrm and DRM fbdev emulation layer
  * Miscellaneous Ubuntu changes
    - [Config] toolchain update
  * Miscellaneous upstream changes
    - rust: upgrade to Rust 1.75.0

[ Ubuntu: 6.8.0-3.3 ]

* noble/linux-unstable: 6.8.0-3.3 -proposed tracker (LP: #2051488)
  * update apparmor and LSM stacking patch set (LP: #2028253)
    - SAUCE: apparmor4.0.0 [43/87]: LSM stacking v39: UBUNTU: SAUCE: apparmor4.0.0
      [12/95]: add/use fns to print hash string hex value
    - SAUCE: apparmor4.0.0 [44/87]: patch to provide compatibility with v2.x net
      rules
    - SAUCE: apparmor4.0.0 [45/87]: add unpriviled user ns mediation
    - SAUCE: apparmor4.0.0 [46/87]: Add sysctls for additional controls of unpriv
      userns restrictions
    - SAUCE: apparmor4.0.0 [47/87]: af_unix mediation
    - SAUCE: apparmor4.0.0 [48/87]: Add fine grained mediation of posix mqueues
    - SAUCE: apparmor4.0.0 [49/87]: setup slab cache for audit data
    - SAUCE: apparmor4.0.0 [50/87]: Improve debug print infrastructure
    - SAUCE: apparmor4.0.0 [51/87]: add the ability for profiles to have a
      learning cache
    - SAUCE: apparmor4.0.0 [52/87]: enable userspace upcall for mediation
    - SAUCE: apparmor4.0.0 [53/87]: prompt - lock down prompt interface
    - SAUCE: apparmor4.0.0 [54/87]: prompt - allow controlling of caching of a
      prompt response
    - SAUCE: apparmor4.0.0 [55/87]: prompt - add refcount to audit_node in prep or
      reuse and delete
    - SAUCE: apparmor4.0.0 [56/87]: prompt - refactor to moving caching to
      uresponse
    - SAUCE: apparmor4.0.0 [57/87]: prompt - Improve debug statements
    - SAUCE: apparmor4.0.0 [58/87]: prompt - fix caching
    - SAUCE: apparmor4.0.0 [59/87]: prompt - rework build to use append fn, to
      simplify adding strings
    - SAUCE: apparmor4.0.0 [60/87]: prompt - refcount notifications
    - SAUCE: apparmor4.0.0 [61/87]: prompt - add the ability to reply with a
      profile name
    - SAUCE: apparmor4.0.0 [62/87]: prompt - fix notification cache when updating
    - SAUCE: apparmor4.0.0 [63/87]: prompt - add tailglob on name for cache
      support
    - SAUCE: apparmor4.0.0 [64/87]: prompt - allow profiles to set prompts as
      interruptible
    - SAUCE: apparmor4.0.0 [69/87]: add io_uring mediation
    - [Config] disable CONFIG_SECURITY_APPARMOR_RESTRICT_USERNS
  * apparmor restricts read access of user namespace mediation sysctls to root
    (LP: #2040194)
    - SAUCE: apparmor4.0.0 [73/87]: apparmor: open userns related sysctl so lxc
      can check if restriction are in place
  * AppArmor spams kernel log with assert when auditing (LP: #2040192)
    - SAUCE: apparmor4.0.0 [72/87]: apparmor: fix request field from a prompt
      reply that denies all access
  * apparmor notification files verification (LP: #2040250)
    - SAUCE: apparmor4.0.0 [71/87]: apparmor: fix notification header size
  * apparmor oops when racing to retrieve a notification (LP: #2040245)
    - SAUCE: apparmor4.0.0 [70/87]: apparmor: fix oops when racing to retrieve
      notification
  * update apparmor and LSM stacking patch set (LP: #2028253) // [FFe]
    apparmor-4.0.0-alpha2 for unprivileged user namespace restrictions in mantic
    (LP: #2032602)
    - SAUCE: apparmor4.0.0 [66/87]: prompt - add support for advanced filtering of
      notifications
    - SAUCE: apparmor4.0.0 [67/87]: userns - add the ability to reference a global
      variable for a feature value
    - SAUCE: apparmor4.0.0 [68/87]: userns - make it so special unconfined
      profiles can mediate user namespaces
  * Miscellaneous Ubuntu changes
    - SAUCE: apparmor4.0.0 [01/87]: LSM stacking v39: integrity: disassociate
      ima_filter_rule from security_audit_rule
    - SAUCE: apparmor4.0.0 [02/87]: LSM stacking v39: SM: Infrastructure
      management of the sock security
    - SAUCE: apparmor4.0.0 [03/87]: LSM stacking v39: LSM: Add the lsmblob data
      structure.
    - SAUCE: apparmor4.0.0 [04/87]: LSM stacking v39: IMA: avoid label collisions
      with stacked LSMs
    - SAUCE: apparmor4.0.0 [05/87]: LSM stacking v39: LSM: Use lsmblob in
      security_audit_rule_match
    - SAUCE: apparmor4.0.0 [06/87]: LSM stacking v39: LSM: Add lsmblob_to_secctx
      hook
    - SAUCE: apparmor4.0.0 [07/87]: LSM stacking v39: Audit: maintain an lsmblob
      in audit_context
    - SAUCE: apparmor4.0.0 [08/87]: LSM stacking v39: LSM: Use lsmblob in
      security_ipc_getsecid
    - SAUCE: apparmor4.0.0 [09/87]: LSM stacking v39: Audit: Update shutdown LSM
      data
    - SAUCE: apparmor4.0.0 [10/87]: LSM stacking v39: LSM: Use lsmblob in
      security_current_getsecid
    - SAUCE: apparmor4.0.0 [11/87]: LSM stacking v39: LSM: Use lsmblob in
      security_inode_getsecid
    - SAUCE: apparmor4.0.0 [12/87]: LSM stacking v39: Audit: use an lsmblob in
      audit_names
    - SAUCE: apparmor4.0.0 [13/87]: LSM stacking v39: LSM: Create new
      security_cred_getlsmblob LSM hook
    - SAUCE: apparmor4.0.0 [14/87]: LSM stacking v39: Audit: Change context data
      from secid to lsmblob
    - SAUCE: apparmor4.0.0 [15/87]: LSM stacking v39: Netlabel: Use lsmblob for
      audit data
    - SAUCE: apparmor4.0.0 [16/87]: LSM stacking v39: LSM: Ensure the correct LSM
      context releaser
    - SAUCE: apparmor4.0.0 [17/87]: LSM stacking v39: LSM: Use lsmcontext in
      security_secid_to_secctx
    - SAUCE: apparmor4.0.0 [18/87]: LSM stacking v39: LSM: Use lsmcontext in
      security_lsmblob_to_secctx
    - SAUCE: apparmor4.0.0 [19/87]: LSM stacking v39: LSM: Use lsmcontext in
      security_inode_getsecctx
    - SAUCE: apparmor4.0.0 [20/87]: LSM stacking v39: LSM: Use lsmcontext in
      security_dentry_init_security
    - SAUCE: apparmor4.0.0 [21/87]: LSM stacking v39: LSM:
      security_lsmblob_to_secctx module selection
    - SAUCE: apparmor4.0.0 [22/87]: LSM stacking v39: Audit: Create audit_stamp
      structure
    - SAUCE: apparmor4.0.0 [23/87]: LSM stacking v39: Audit: Allow multiple
      records in an audit_buffer
    - SAUCE: apparmor4.0.0 [24/87]: LSM stacking v39: Audit: Add record for
      multiple task security contexts
    - SAUCE: apparmor4.0.0 [25/87]: LSM stacking v39: audit: multiple subject lsm
      values for netlabel
    - SAUCE: apparmor4.0.0 [26/87]: LSM stacking v39: Audit: Add record for
      multiple object contexts
    - SAUCE: apparmor4.0.0 [27/87]: LSM stacking v39: LSM: Remove unused
      lsmcontext_init()
    - SAUCE: apparmor4.0.0 [28/87]: LSM stacking v39: LSM: Improve logic in
      security_getprocattr
    - SAUCE: apparmor4.0.0 [29/87]: LSM stacking v39: LSM: secctx provider check
      on release
    - SAUCE: apparmor4.0.0 [30/87]: LSM stacking v39: LSM: Single calls in
      socket_getpeersec hooks
    - SAUCE: apparmor4.0.0 [31/87]: LSM stacking v39: LSM: Exclusive secmark usage
    - SAUCE: apparmor4.0.0 [32/87]: LSM stacking v39: LSM: Identify which LSM
      handles the context string
    - SAUCE: apparmor4.0.0 [33/87]: LSM stacking v39: AppArmor: Remove the
      exclusive flag
    - SAUCE: apparmor4.0.0 [34/87]: LSM stacking v39: LSM: Add mount opts blob
      size tracking
    - SAUCE: apparmor4.0.0 [35/87]: LSM stacking v39: LSM: allocate mnt_opts blobs
      instead of module specific data
    - SAUCE: apparmor4.0.0 [36/87]: LSM stacking v39: LSM: Infrastructure
      management of the key security blob
    - SAUCE: apparmor4.0.0 [37/87]: LSM stacking v39: LSM: Infrastructure
      management of the mnt_opts security blob
    - SAUCE: apparmor4.0.0 [38/87]: LSM stacking v39: LSM: Correct handling of
      ENOSYS in inode_setxattr
    - SAUCE: apparmor4.0.0 [39/87]: LSM stacking v39: LSM: Remove lsmblob
      scaffolding
    - SAUCE: apparmor4.0.0 [40/87]: LSM stacking v39: LSM: Allow reservation of
      netlabel
    - SAUCE: apparmor4.0.0 [41/87]: LSM stacking v39: LSM: restrict
      security_cred_getsecid() to a single LSM
    - SAUCE: apparmor4.0.0 [42/87]: LSM stacking v39: Smack: Remove
      LSM_FLAG_EXCLUSIVE
    - SAUCE: apparmor4.0.0 [65/87] v6.8 prompt:fixup interruptible
    - SAUCE: apparmor4.0.0 [74/87]: apparmor: cleanup attachment perm lookup to
      use lookup_perms()
    - SAUCE: apparmor4.0.0 [75/87]: apparmor: remove redundant unconfined check.
    - SAUCE: apparmor4.0.0 [76/87]: apparmor: switch signal mediation to using
      RULE_MEDIATES
    - SAUCE: apparmor4.0.0 [77/87]: apparmor: ensure labels with more than one
      entry have correct flags
    - SAUCE: apparmor4.0.0 [78/87]: apparmor: remove explicit restriction that
      unconfined cannot use change_hat
    - SAUCE: apparmor4.0.0 [79/87]: apparmor: cleanup: refactor file_perm() to
      provide semantics of some checks
    - SAUCE: apparmor4.0.0 [80/87]: apparmor: carry mediation check on label
    - SAUCE: apparmor4.0.0 [81/87]: apparmor: convert easy uses of unconfined() to
      label_mediates()
    - SAUCE: apparmor4.0.0 [82/87]: apparmor: add additional flags to extended
      permission.
    - SAUCE: apparmor4.0.0 [83/87]: apparmor: add support for profiles to define
      the kill signal
    - SAUCE: apparmor4.0.0 [84/87]: apparmor: fix x_table_lookup when stacking is
      not the first entry
    - SAUCE: apparmor4.0.0 [85/87]: apparmor: allow profile to be transitioned
      when a user ns is created
    - SAUCE: apparmor4.0.0 [86/87]: apparmor: add ability to mediate caps with
      policy state machine
    - SAUCE: apparmor4.0.0 [87/87]: fixup notify
    - [Config] updateconfigs following v6.8-rc2 rebase

[ Ubuntu: 6.8.0-2.2 ]

* noble/linux-unstable: 6.8.0-2.2 -proposed tracker (LP: #2051110)
  * Miscellaneous Ubuntu changes
    - [Config] toolchain update
    - [Config] enable Rust

[ Ubuntu: 6.8.0-1.1 ]

* noble/linux-unstable: 6.8.0-1.1 -proposed tracker (LP: #2051102)
  * Miscellaneous Ubuntu changes
    - [packaging] move to v6.8-rc1
    - [Config] updateconfigs following v6.8-rc1 rebase
    - SAUCE: export file_close_fd() instead of close_fd_get_file()
    - SAUCE: cpufreq: s/strlcpy/strscpy/
    - debian/dkms-versions -- temporarily disable zfs dkms
    - debian/dkms-versions -- temporarily disable ipu6 and isvsc dkms
    - debian/dkms-versions -- temporarily disable v4l2loopback

[ Ubuntu: 6.8.0-0.0 ]

* Empty entry.

[ Ubuntu: 6.7.0-7.7 ]

* noble/linux-unstable: 6.7.0-7.7 -proposed tracker (LP: #2049357)
  * Packaging resync (LP: #1786013)
    - [Packaging] update variants
  * Miscellaneous Ubuntu changes
    - [Packaging] re-enable signing for s390x and ppc64el

[ Ubuntu: 6.7.0-6.6 ]

* Empty entry.

[ Ubuntu: 6.7.0-2.2 ]

* noble/linux: 6.7.0-2.2 -proposed tracker (LP: #2049182)
  * Packaging resync (LP: #1786013)
    - [Packaging] resync getabis
  * Enforce RETPOLINE and SLS mitigrations (LP: #2046440)
    - SAUCE: objtool: Make objtool check actually fatal upon fatal errors
    - SAUCE: objtool: make objtool SLS validation fatal when building with
      CONFIG_SLS=y
    - SAUCE: objtool: make objtool RETPOLINE validation fatal when building with
      CONFIG_RETPOLINE=y
    - SAUCE: scripts: remove generating .o-ur objects
    - [Packaging] Remove all custom retpoline-extract code
    - Revert "UBUNTU: SAUCE: vga_set_mode -- avoid jump tables"
    - Revert "UBUNTU: SAUCE: early/late -- annotate indirect calls in early/late
      initialisation code"
    - Revert "UBUNTU: SAUCE: apm -- annotate indirect calls within
      firmware_restrict_branch_speculation_{start,end}"
  * Miscellaneous Ubuntu changes
    - [Packaging] temporarily disable riscv64 builds
    - [Packaging] temporarily disable Rust dependencies on riscv64

[ Ubuntu: 6.7.0-1.1 ]

* noble/linux: 6.7.0-1.1 -proposed tracker (LP: #2048859)
  * Packaging resync (LP: #1786013)
    - [Packaging] update variants
    - debian/dkms-versions -- update from kernel-versions (main/d2024.01.02)
  * [UBUNTU 23.04] Regression: Ubuntu 23.04/23.10 do not include uvdevice
    anymore (LP: #2048919)
    - [Config] Enable S390_UV_UAPI (built-in)
  * Support mipi camera on Intel Meteor Lake platform (LP: #2031412)
    - SAUCE: iommu: intel-ipu: use IOMMU passthrough mode for Intel IPUs on Meteor
      Lake
    - SAUCE: platform/x86: int3472: Add handshake GPIO function
  * [SRU][J/L/M] UBUNTU: [Packaging] Make WWAN driver a loadable module
    (LP: #2033406)
    - [Packaging] Make WWAN driver loadable modules
  * usbip: error: failed to open /usr/share/hwdata//usb.ids (LP: #2039439)
    - [Packaging] Make linux-tools-common depend on hwdata
  * [Mediatek] mt8195-demo: enable CONFIG_MTK_IOMMU as module for multimedia and
    PCIE peripherals (LP: #2036587)
    - [Config] Enable CONFIG_MTK_IOMMU on arm64
  * linux-*: please enable dm-verity kconfigs to allow MoK/db verified root
    images (LP: #2019040)
    - [Config] CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING=y
  * kexec enable to load/kdump zstd compressed zimg (LP: #2037398)
    - [Packaging] Revert arm64 image format to Image.gz
  * Mantic minimized/minimal cloud images do not receive IP address during
    provisioning; systemd regression with wait-online (LP: #2036968)
    - [Config] Enable virtio-net as built-in to avoid race
  * Make backlight module auto detect dell_uart_backlight (LP: #2008882)
    - SAUCE: ACPI: video: Dell AIO UART backlight detection
  * Linux 6.2 fails to reboot with current u-boot-nezha (LP: #2021364)
    - [Config] Default to performance CPUFreq governor on riscv64
  * Enable Nezha board (LP: #1975592)
    - [Config] Build in D1 clock drivers on riscv64
    - [Config] Enable CONFIG_SUN6I_RTC_CCU on riscv64
    - [Config] Enable CONFIG_SUNXI_WATCHDOG on riscv64
    - [Config] Disable SUN50I_DE2_BUS on riscv64
    - [Config] Disable unneeded sunxi pinctrl drivers on riscv64
  * Enable StarFive VisionFive 2 board (LP: #2013232)
    - [Config] Enable CONFIG_PINCTRL_STARFIVE_JH7110_SYS on riscv64
    - [Config] Enable CONFIG_STARFIVE_WATCHDOG on riscv64
  * rcu_sched detected stalls on CPUs/tasks (LP: #1967130)
    - [Config] Enable virtually mapped stacks on riscv64
  * Check for changes relevant for security certifications (LP: #1945989)
    - [Packaging] Add a new fips-checks script
  * Installation support for SMARC RZ/G2L platform (LP: #2030525)
    - [Config] build Renesas RZ/G2L USBPHY control driver statically
  * Add support for kernels compiled with CONFIG_EFI_ZBOOT (LP: #2002226)
    - [Config]: Turn on CONFIG_EFI_ZBOOT on ARM64
  * Default module signing algo should be accelerated (LP: #2034061)
    - [Config] Default module signing algo should be accelerated
  * Miscellaneous Ubuntu changes
    - [Config] annotations clean-up
  [ Upstream Kernel Changes ]
  * Rebase to v6.7

[ Ubuntu: 6.7.0-0.0 ]

* Empty entry

[ Ubuntu: 6.7.0-5.5 ]

* noble/linux-unstable: 6.7.0-5.5 -proposed tracker (LP: #2048118)
  * Packaging resync (LP: #1786013)
    - debian/dkms-versions -- update from kernel-versions (main/d2024.01.02)
  * Miscellaneous Ubuntu changes
    - [Packaging] re-enable Rust support
    - [Packaging] temporarily disable riscv64 builds

[ Ubuntu: 6.7.0-4.4 ]

* noble/linux-unstable: 6.7.0-4.4 -proposed tracker (LP: #2047807)
  * unconfined profile denies userns_create for chromium based processes
    (LP: #1990064)
    - [Config] disable CONFIG_SECURITY_APPARMOR_RESTRICT_USERNS
  * apparmor restricts read access of user namespace mediation sysctls to root
    (LP: #2040194)
    - SAUCE: apparmor4.0.0 [69/69]: apparmor: open userns related sysctl so lxc
      can check if restriction are in place
  * AppArmor spams kernel log with assert when auditing (LP: #2040192)
    - SAUCE: apparmor4.0.0 [68/69]: apparmor: fix request field from a prompt
      reply that denies all access
  * apparmor notification files verification (LP: #2040250)
    - SAUCE: apparmor4.0.0 [67/69]: apparmor: fix notification header size
  * apparmor oops when racing to retrieve a notification (LP: #2040245)
    - SAUCE: apparmor4.0.0 [66/69]: apparmor: fix oops when racing to retrieve
      notification
  * update apparmor and LSM stacking patch set (LP: #2028253)
    - SAUCE: apparmor4.0.0 [01/69]: add/use fns to print hash string hex value
    - SAUCE: apparmor4.0.0 [02/69]: patch to provide compatibility with v2.x net
      rules
    - SAUCE: apparmor4.0.0 [03/69]: add unpriviled user ns mediation
    - SAUCE: apparmor4.0.0 [04/69]: Add sysctls for additional controls of unpriv
      userns restrictions
    - SAUCE: apparmor4.0.0 [05/69]: af_unix mediation
    - SAUCE: apparmor4.0.0 [06/69]: Add fine grained mediation of posix mqueues
    - SAUCE: apparmor4.0.0 [07/69]: Stacking v38: LSM: Identify modules by more
      than name
    - SAUCE: apparmor4.0.0 [08/69]: Stacking v38: LSM: Add an LSM identifier for
      external use
    - SAUCE: apparmor4.0.0 [09/69]: Stacking v38: LSM: Identify the process
      attributes for each module
    - SAUCE: apparmor4.0.0 [10/69]: Stacking v38: LSM: Maintain a table of LSM
      attribute data
    - SAUCE: apparmor4.0.0 [11/69]: Stacking v38: proc: Use lsmids instead of lsm
      names for attrs
    - SAUCE: apparmor4.0.0 [12/69]: Stacking v38: integrity: disassociate
      ima_filter_rule from security_audit_rule
    - SAUCE: apparmor4.0.0 [13/69]: Stacking v38: LSM: Infrastructure management
      of the sock security
    - SAUCE: apparmor4.0.0 [14/69]: Stacking v38: LSM: Add the lsmblob data
      structure.
    - SAUCE: apparmor4.0.0 [15/69]: Stacking v38: LSM: provide lsm name and id
      slot mappings
    - SAUCE: apparmor4.0.0 [16/69]: Stacking v38: IMA: avoid label collisions with
      stacked LSMs
    - SAUCE: apparmor4.0.0 [17/69]: Stacking v38: LSM: Use lsmblob in
      security_audit_rule_match
    - SAUCE: apparmor4.0.0 [18/69]: Stacking v38: LSM: Use lsmblob in
      security_kernel_act_as
    - SAUCE: apparmor4.0.0 [19/69]: Stacking v38: LSM: Use lsmblob in
      security_secctx_to_secid
    - SAUCE: apparmor4.0.0 [20/69]: Stacking v38: LSM: Use lsmblob in
      security_secid_to_secctx
    - SAUCE: apparmor4.0.0 [21/69]: Stacking v38: LSM: Use lsmblob in
      security_ipc_getsecid
    - SAUCE: apparmor4.0.0 [22/69]: Stacking v38: LSM: Use lsmblob in
      security_current_getsecid
    - SAUCE: apparmor4.0.0 [23/69]: Stacking v38: LSM: Use lsmblob in
      security_inode_getsecid
    - SAUCE: apparmor4.0.0 [24/69]: Stacking v38: LSM: Use lsmblob in
      security_cred_getsecid
    - SAUCE: apparmor4.0.0 [25/69]: Stacking v38: LSM: Specify which LSM to
      display
    - SAUCE: apparmor4.0.0 [27/69]: Stacking v38: LSM: Ensure the correct LSM
      context releaser
    - SAUCE: apparmor4.0.0 [28/69]: Stacking v38: LSM: Use lsmcontext in
      security_secid_to_secctx
    - SAUCE: apparmor4.0.0 [29/69]: Stacking v38: LSM: Use lsmcontext in
      security_inode_getsecctx
    - SAUCE: apparmor4.0.0 [30/69]: Stacking v38: Use lsmcontext in
      security_dentry_init_security
    - SAUCE: apparmor4.0.0 [31/69]: Stacking v38: LSM: security_secid_to_secctx in
      netlink netfilter
    - SAUCE: apparmor4.0.0 [32/69]: Stacking v38: NET: Store LSM netlabel data in
      a lsmblob
    - SAUCE: apparmor4.0.0 [33/69]: Stacking v38: binder: Pass LSM identifier for
      confirmation
    - SAUCE: apparmor4.0.0 [34/69]: Stacking v38: LSM: security_secid_to_secctx
      module selection
    - SAUCE: apparmor4.0.0 [35/69]: Stacking v38: Audit: Keep multiple LSM data in
      audit_names
    - SAUCE: apparmor4.0.0 [36/69]: Stacking v38: Audit: Create audit_stamp
      structure
    - SAUCE: apparmor4.0.0 [37/69]: Stacking v38: LSM: Add a function to report
      multiple LSMs
    - SAUCE: apparmor4.0.0 [38/69]: Stacking v38: Audit: Allow multiple records in
      an audit_buffer
    - SAUCE: apparmor4.0.0 [39/69]: Stacking v38: Audit: Add record for multiple
      task security contexts
    - SAUCE: apparmor4.0.0 [40/69]: Stacking v38: audit: multiple subject lsm
      values for netlabel
    - SAUCE: apparmor4.0.0 [41/69]: Stacking v38: Audit: Add record for multiple
      object contexts
    - SAUCE: apparmor4.0.0 [42/69]: Stacking v38: netlabel: Use a struct lsmblob
      in audit data
    - SAUCE: apparmor4.0.0 [43/69]: Stacking v38: LSM: Removed scaffolding
      function lsmcontext_init
    - SAUCE: apparmor4.0.0 [44/69]: Stacking v38: AppArmor: Remove the exclusive
      flag
    - SAUCE: apparmor4.0.0 [45/69]: setup slab cache for audit data
    - SAUCE: apparmor4.0.0 [46/69]: Improve debug print infrastructure
    - SAUCE: apparmor4.0.0 [47/69]: add the ability for profiles to have a
      learning cache
    - SAUCE: apparmor4.0.0 [48/69]: enable userspace upcall for mediation
    - SAUCE: apparmor4.0.0 [49/69]: prompt - lock down prompt interface
    - SAUCE: apparmor4.0.0 [50/69]: prompt - allow controlling of caching of a
      prompt response
    - SAUCE: apparmor4.0.0 [51/69]: prompt - add refcount to audit_node in prep or
      reuse and delete
    - SAUCE: apparmor4.0.0 [52/69]: prompt - refactor to moving caching to
      uresponse
    - SAUCE: apparmor4.0.0 [53/69]: prompt - Improve debug statements
    - SAUCE: apparmor4.0.0 [54/69]: prompt - fix caching
    - SAUCE: apparmor4.0.0 [55/69]: prompt - rework build to use append fn, to
      simplify adding strings
    - SAUCE: apparmor4.0.0 [56/69]: prompt - refcount notifications
    - SAUCE: apparmor4.0.0 [57/69]: prompt - add the ability to reply with a
      profile name
    - SAUCE: apparmor4.0.0 [58/69]: prompt - fix notification cache when updating
    - SAUCE: apparmor4.0.0 [59/69]: prompt - add tailglob on name for cache
      support
    - SAUCE: apparmor4.0.0 [60/69]: prompt - allow profiles to set prompts as
      interruptible
    - SAUCE: apparmor4.0.0 [64/69]: advertise disconnected.path is available
    - SAUCE: apparmor4.0.0 [65/69]: add io_uring mediation
  * update apparmor and LSM stacking patch set (LP: #2028253) // [FFe]
    apparmor-4.0.0-alpha2 for unprivileged user namespace restrictions in mantic
    (LP: #2032602)
    - SAUCE: apparmor4.0.0 [61/69]: prompt - add support for advanced filtering of
      notifications
    - SAUCE: apparmor4.0.0 [62/69]: userns - add the ability to reference a global
      variable for a feature value
    - SAUCE: apparmor4.0.0 [63/69]: userns - make it so special unconfined
      profiles can mediate user namespaces
  * udev fails to make prctl() syscall with apparmor=0 (as used by maas by
    default) (LP: #2016908) // update apparmor and LSM stacking patch set
    (LP: #2028253)
    - SAUCE: apparmor4.0.0 [26/69]: Stacking v38: Fix prctl() syscall with
      apparmor=0
  * Fix RPL-U CPU C-state always keep at C3 when system run PHM with idle screen
    on (LP: #2042385)
    - SAUCE: r8169: Add quirks to enable ASPM on Dell platforms
  * [Debian] autoreconstruct - Do not generate chmod -x for deleted  files
    (LP: #2045562)
    - [Debian] autoreconstruct - Do not generate chmod -x for deleted files
  * Disable Legacy TIOCSTI (LP: #2046192)
    - [Config]: disable CONFIG_LEGACY_TIOCSTI
  * Packaging resync (LP: #1786013)
    - [Packaging] update variants
    - [Packaging] remove helper scripts
    - [Packaging] update annotations scripts
  * Miscellaneous Ubuntu changes
    - [Packaging] rules: Remove unused dkms make variables
    - [Config] update annotations after rebase to v6.7-rc8
  [ Upstream Kernel Changes ]
  * Rebase to v6.7-rc8

[ Ubuntu: 6.7.0-3.3 ]

* noble/linux-unstable: 6.7.0-3.3 -proposed tracker (LP: #2046060)
  * enable CONFIG_INTEL_TDX_HOST in linux >= 6.7 for noble (LP: #2046040)
    - [Config] enable CONFIG_INTEL_TDX_HOST
  * linux tools packages for derived kernels refuse to install simultaneously
    due to libcpupower name collision (LP: #2035971)
    - [Packaging] Statically link libcpupower into cpupower tool
  * make lazy RCU a boot time option (LP: #2045492)
    - SAUCE: rcu: Provide a boot time parameter to control lazy RCU
  * Build failure if run in a console (LP: #2044512)
    - [Packaging] Fix kernel module compression failures
  * Turning COMPAT_32BIT_TIME off on arm64 (64k & derivatives) (LP: #2038582)
    - [Config] y2038: Turn off COMPAT and COMPAT_32BIT_TIME on arm64 64k
  * Turning COMPAT_32BIT_TIME off on riscv64 (LP: #2038584)
    - [Config] y2038: Disable COMPAT_32BIT_TIME on riscv64
  * Turning COMPAT_32BIT_TIME off on ppc64el (LP: #2038587)
    - [Config] y2038: Disable COMPAT and COMPAT_32BIT_TIME on ppc64le
  * [UBUNTU 23.04] Kernel config option missing for s390x PCI passthrough
    (LP: #2042853)
    - [Config] CONFIG_VFIO_PCI_ZDEV_KVM=y
  * back-out zstd module compression automatic for backports (LP: #2045593)
    - [Packaging] make ZSTD module compression conditional
  * Miscellaneous Ubuntu changes
    - [Packaging] Remove do_full_source variable
    - [Packaging] Remove obsolete config handling
    - [Packaging] Remove support for sub-flavors
    - [Packaging] Remove old linux-libc-dev version hack
    - [Packaging] Remove obsolete scripts
    - [Packaging] Remove README.inclusion-list
    - [Packaging] make $(stampdir)/stamp-build-perarch depend on build-arch
    - [Packaging] Enable rootless builds
    - [Packaging] Allow to run debian/rules without (fake)root
    - [Packaging] remove unneeded trailing slash for INSTALL_MOD_PATH
    - [Packaging] override KERNELRELEASE instead of KERNELVERSION
    - [Config] update toolchain versions in annotations
    - [Packaging] drop useless linux-doc
    - [Packaging] scripts: Rewrite insert-ubuntu-changes in Python
    - [Packaging] enable riscv64 builds
    - [Packaging] remove the last sub-flavours bit
    - [Packaging] check debian.env to determine do_libc_dev_package
    - [Packaging] remove debian.*/variants
    - [Packaging] remove do_libc_dev_package variable
    - [Packaging] move linux-libc-dev.stub to debian/control.d/
    - [Packaging] Update check to build linux-libc-dev to the source package name
    - [Packaging] rules: Remove startnewrelease target
    - [Packaging] Remove debian/commit-templates
    - [Config] update annotations after rebase to v6.7-rc4
  [ Upstream Kernel Changes ]
  * Rebase to v6.7-rc4

[ Ubuntu: 6.7.0-2.2 ]

* noble/linux-unstable: 6.7.0-2.2 -proposed tracker (LP: #2045107)
  * Miscellaneous Ubuntu changes
    - [Packaging] re-enable Rust
    - [Config] enable Rust in annotations
    - [Packaging] Remove do_enforce_all variable
    - [Config] disable Softlogic 6x10 capture card driver on armhf
    - [Packaging] disable Rust support
    - [Config] update annotations after rebase to v6.7-rc3
  [ Upstream Kernel Changes ]
  * Rebase to v6.7-rc3

[ Ubuntu: 6.7.0-1.1 ]

* noble/linux-unstable: 6.7.0-1.1 -proposed tracker (LP: #2044069)
  * Packaging resync (LP: #1786013)
    - [Packaging] update annotations scripts
    - [Packaging] update helper scripts
  * Miscellaneous Ubuntu changes
    - [Config] update annotations after rebase to v6.7-rc2
  [ Upstream Kernel Changes ]
  * Rebase to v6.7-rc2

[ Ubuntu: 6.7.0-0.0 ]

* Empty entry

[ Ubuntu: 6.6.0-12.12 ]

* noble/linux-unstable: 6.6.0-12.12 -proposed tracker (LP: #2043664)
  * Miscellaneous Ubuntu changes
    - [Packaging] temporarily disable zfs dkms

[ Ubuntu: 6.6.0-11.11 ]

* noble/linux-unstable: 6.6.0-11.11 -proposed tracker (LP: #2043480)
  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log
    - [Packaging] resync update-dkms-versions helper
    - [Packaging] update variants
    - debian/dkms-versions -- update from kernel-versions (main/d2023.11.14)
  * Miscellaneous Ubuntu changes
    - [Packaging] move to Noble
    - [Config] toolchain version update

[ Ubuntu: 6.6.0-10.10 ]

* mantic/linux-unstable: 6.6.0-10.10 -proposed tracker (LP: #2043088)
  * Bump arm64's CONFIG_NR_CPUS to 512 (LP: #2042897)
    - [Config] Bump CONFIG_NR_CPUS to 512 for arm64
  * Miscellaneous Ubuntu changes
    - [Config] Include a note for the NR_CPUS setting on riscv64
    - SAUCE: apparmor4.0.0 [83/83]: Fix inode_init for changed prototype

[ Ubuntu: 6.6.0-9.9 ]

* mantic/linux-unstable: 6.6.0-9.9 -proposed tracker (LP: #2041852)
  * Switch IMA default hash to sha256 (LP: #2041735)
    - [Config] Switch IMA_DEFAULT_HASH from sha1 to sha256
  * apparmor restricts read access of user namespace mediation sysctls to root
    (LP: #2040194)
    - SAUCE: apparmor4.0.0 [82/82]: apparmor: open userns related sysctl so lxc
      can check if restriction are in place
  * AppArmor spams kernel log with assert when auditing (LP: #2040192)
    - SAUCE: apparmor4.0.0 [81/82]: apparmor: fix request field from a prompt
      reply that denies all access
  * apparmor notification files verification (LP: #2040250)
    - SAUCE: apparmor4.0.0 [80/82]: apparmor: fix notification header size
  * apparmor oops when racing to retrieve a notification (LP: #2040245)
    - SAUCE: apparmor4.0.0 [79/82]: apparmor: fix oops when racing to retrieve
      notification
  * Disable restricting unprivileged change_profile by default, due to LXD
    latest/stable not yet compatible with this new apparmor feature
    (LP: #2038567)
    - SAUCE: apparmor4.0.0 [78/82]: apparmor: Make
      apparmor_restrict_unprivileged_unconfined opt-in
  * update apparmor and LSM stacking patch set (LP: #2028253)
    - SAUCE: apparmor4.0.0 [01/82]: add/use fns to print hash string hex value
    - SAUCE: apparmor4.0.0 [02/82]: rename SK_CTX() to aa_sock and make it an
      inline fn
    - SAUCE: apparmor4.0.0 [03/82]: patch to provide compatibility with v2.x net
      rules
    - SAUCE: apparmor4.0.0 [04/82]: add user namespace creation mediation
    - SAUCE: apparmor4.0.0 [05/82]: Add sysctls for additional controls of unpriv
      userns restrictions
    - SAUCE: apparmor4.0.0 [06/82]: af_unix mediation
    - SAUCE: apparmor4.0.0 [07/82]: Add fine grained mediation of posix mqueues
    - SAUCE: apparmor4.0.0 [08/82]: Stacking v38: LSM: Identify modules by more
      than name
    - SAUCE: apparmor4.0.0 [09/82]: Stacking v38: LSM: Add an LSM identifier for
      external use
    - SAUCE: apparmor4.0.0 [10/82]: Stacking v38: LSM: Identify the process
      attributes for each module
    - SAUCE: apparmor4.0.0 [11/82]: Stacking v38: LSM: Maintain a table of LSM
      attribute data
    - SAUCE: apparmor4.0.0 [12/82]: Stacking v38: proc: Use lsmids instead of lsm
      names for attrs
    - SAUCE: apparmor4.0.0 [13/82]: Stacking v38: integrity: disassociate
      ima_filter_rule from security_audit_rule
    - SAUCE: apparmor4.0.0 [14/82]: Stacking v38: LSM: Infrastructure management
      of the sock security
    - SAUCE: apparmor4.0.0 [15/82]: Stacking v38: LSM: Add the lsmblob data
      structure.
    - SAUCE: apparmor4.0.0 [16/82]: Stacking v38: LSM: provide lsm name and id
      slot mappings
    - SAUCE: apparmor4.0.0 [17/82]: Stacking v38: IMA: avoid label collisions with
      stacked LSMs
    - SAUCE: apparmor4.0.0 [18/82]: Stacking v38: LSM: Use lsmblob in
      security_audit_rule_match
    - SAUCE: apparmor4.0.0 [19/82]: Stacking v38: LSM: Use lsmblob in
      security_kernel_act_as
    - SAUCE: apparmor4.0.0 [20/82]: Stacking v38: LSM: Use lsmblob in
      security_secctx_to_secid
    - SAUCE: apparmor4.0.0 [21/82]: Stacking v38: LSM: Use lsmblob in
      security_secid_to_secctx
    - SAUCE: apparmor4.0.0 [22/82]: Stacking v38: LSM: Use lsmblob in
      security_ipc_getsecid
    - SAUCE: apparmor4.0.0 [23/82]: Stacking v38: LSM: Use lsmblob in
      security_current_getsecid
    - SAUCE: apparmor4.0.0 [24/82]: Stacking v38: LSM: Use lsmblob in
      security_inode_getsecid
    - SAUCE: apparmor4.0.0 [25/82]: Stacking v38: LSM: Use lsmblob in
      security_cred_getsecid
    - SAUCE: apparmor4.0.0 [26/82]: Stacking v38: LSM: Specify which LSM to
      display
    - SAUCE: apparmor4.0.0 [28/82]: Stacking v38: LSM: Ensure the correct LSM
      context releaser
    - SAUCE: apparmor4.0.0 [29/82]: Stacking v38: LSM: Use lsmcontext in
      security_secid_to_secctx
    - SAUCE: apparmor4.0.0 [30/82]: Stacking v38: LSM: Use lsmcontext in
      security_inode_getsecctx
    - SAUCE: apparmor4.0.0 [31/82]: Stacking v38: Use lsmcontext in
      security_dentry_init_security
    - SAUCE: apparmor4.0.0 [32/82]: Stacking v38: LSM: security_secid_to_secctx in
      netlink netfilter
    - SAUCE: apparmor4.0.0 [33/82]: Stacking v38: NET: Store LSM netlabel data in
      a lsmblob
    - SAUCE: apparmor4.0.0 [34/82]: Stacking v38: binder: Pass LSM identifier for
      confirmation
    - SAUCE: apparmor4.0.0 [35/82]: Stacking v38: LSM: security_secid_to_secctx
      module selection
    - SAUCE: apparmor4.0.0 [36/82]: Stacking v38: Audit: Keep multiple LSM data in
      audit_names
    - SAUCE: apparmor4.0.0 [37/82]: Stacking v38: Audit: Create audit_stamp
      structure
    - SAUCE: apparmor4.0.0 [38/82]: Stacking v38: LSM: Add a function to report
      multiple LSMs
    - SAUCE: apparmor4.0.0 [39/82]: Stacking v38: Audit: Allow multiple records in
      an audit_buffer
    - SAUCE: apparmor4.0.0 [40/82]: Stacking v38: Audit: Add record for multiple
      task security contexts
    - SAUCE: apparmor4.0.0 [41/82]: Stacking v38: audit: multiple subject lsm
      values for netlabel
    - SAUCE: apparmor4.0.0 [42/82]: Stacking v38: Audit: Add record for multiple
      object contexts
    - SAUCE: apparmor4.0.0 [43/82]: Stacking v38: netlabel: Use a struct lsmblob
      in audit data
    - SAUCE: apparmor4.0.0 [44/82]: Stacking v38: LSM: Removed scaffolding
      function lsmcontext_init
    - SAUCE: apparmor4.0.0 [45/82]: Stacking v38: AppArmor: Remove the exclusive
      flag
    - SAUCE: apparmor4.0.0 [46/82]: combine common_audit_data and
      apparmor_audit_data
    - SAUCE: apparmor4.0.0 [47/82]: setup slab cache for audit data
    - SAUCE: apparmor4.0.0 [48/82]: rename audit_data->label to
      audit_data->subj_label
    - SAUCE: apparmor4.0.0 [49/82]: pass cred through to audit info.
    - SAUCE: apparmor4.0.0 [50/82]: Improve debug print infrastructure
    - SAUCE: apparmor4.0.0 [51/82]: add the ability for profiles to have a
      learning cache
    - SAUCE: apparmor4.0.0 [52/82]: enable userspace upcall for mediation
    - SAUCE: apparmor4.0.0 [53/82]: cache buffers on percpu list if there is lock
      contention
    - SAUCE: apparmor4.0.0 [54/82]: advertise availability of exended perms
    - SAUCE: apparmor4.0.0 [56/82]: cleanup: provide separate audit messages for
      file and policy checks
    - SAUCE: apparmor4.0.0 [57/82]: prompt - lock down prompt interface
    - SAUCE: apparmor4.0.0 [58/82]: prompt - ref count pdb
    - SAUCE: apparmor4.0.0 [59/82]: prompt - allow controlling of caching of a
      prompt response
    - SAUCE: apparmor4.0.0 [60/82]: prompt - add refcount to audit_node in prep or
      reuse and delete
    - SAUCE: apparmor4.0.0 [61/82]: prompt - refactor to moving caching to
      uresponse
    - SAUCE: apparmor4.0.0 [62/82]: prompt - Improve debug statements
    - SAUCE: apparmor4.0.0 [63/82]: prompt - fix caching
    - SAUCE: apparmor4.0.0 [64/82]: prompt - rework build to use append fn, to
      simplify adding strings
    - SAUCE: apparmor4.0.0 [65/82]: prompt - refcount notifications
    - SAUCE: apparmor4.0.0 [66/82]: prompt - add the ability to reply with a
      profile name
    - SAUCE: apparmor4.0.0 [67/82]: prompt - fix notification cache when updating
    - SAUCE: apparmor4.0.0 [68/82]: prompt - add tailglob on name for cache
      support
    - SAUCE: apparmor4.0.0 [69/82]: prompt - allow profiles to set prompts as
      interruptible
    - SAUCE: apparmor4.0.0 [74/82]: advertise disconnected.path is available
    - SAUCE: apparmor4.0.0 [75/82]: fix invalid reference on profile->disconnected
    - SAUCE: apparmor4.0.0 [76/82]: add io_uring mediation
    - SAUCE: apparmor4.0.0 [77/82]: apparmor: Fix regression in mount mediation
  * update apparmor and LSM stacking patch set (LP: #2028253) // [FFe]
    apparmor-4.0.0-alpha2 for unprivileged user namespace restrictions in mantic
    (LP: #2032602)
    - SAUCE: apparmor4.0.0 [70/82]: prompt - add support for advanced filtering of
      notifications
    - SAUCE: apparmor4.0.0 [71/82]: userns - add the ability to reference a global
      variable for a feature value
    - SAUCE: apparmor4.0.0 [72/82]: userns - make it so special unconfined
      profiles can mediate user namespaces
    - SAUCE: apparmor4.0.0 [73/82]: userns - allow restricting unprivileged
      change_profile
  * LSM stacking and AppArmor for 6.2: additional fixes (LP: #2017903) // update
    apparmor and LSM stacking patch set (LP: #2028253)
    - SAUCE: apparmor4.0.0 [55/82]: fix profile verification and enable it
  * udev fails to make prctl() syscall with apparmor=0 (as used by maas by
    default) (LP: #2016908) // update apparmor and LSM stacking patch set
    (LP: #2028253)
    - SAUCE: apparmor4.0.0 [27/82]: Stacking v38: Fix prctl() syscall with
      apparmor=0
  * Miscellaneous Ubuntu changes
    - [Config] SECURITY_APPARMOR_RESTRICT_USERNS=y

[ Ubuntu: 6.6.0-8.8 ]

* mantic/linux-unstable: 6.6.0-8.8 -proposed tracker (LP: #2040243)
  * Miscellaneous Ubuntu changes
    - abi: gc reference to phy-rtk-usb2/phy-rtk-usb3

[ Ubuntu: 6.6.0-7.7 ]

* mantic/linux-unstable: 6.6.0-7.7 -proposed tracker (LP: #2040147)
  * test_021_aslr_dapper_libs from ubuntu_qrt_kernel_security failed on K-5.19 /
    J-OEM-6.1 / J-6.2 AMD64 (LP: #1983357)
    - [Config]: set ARCH_MMAP_RND_{COMPAT_, }BITS to the maximum
  * Miscellaneous Ubuntu changes
    - [Config] updateconfigs following v6.6-rc7 rebase

[ Ubuntu: 6.6.0-6.6 ]

* mantic/linux-unstable: 6.6.0-6.6 -proposed tracker (LP: #2039780)
  * Miscellaneous Ubuntu changes
    - rebase on v6.6-rc6
    - [Config] updateconfigs following v6.6-rc6 rebase
  [ Upstream Kernel Changes ]
  * Rebase to v6.6-rc6

[ Ubuntu: 6.6.0-5.5 ]

* mantic/linux-unstable: 6.6.0-5.5 -proposed tracker (LP: #2038899)
  * Miscellaneous Ubuntu changes
    - rebase on v6.6-rc5
    - [Config] updateconfigs following v6.6-rc5 rebase
  [ Upstream Kernel Changes ]
  * Rebase to v6.6-rc5

[ Ubuntu: 6.6.0-4.4 ]

* mantic/linux-unstable: 6.6.0-4.4 -proposed tracker (LP: #2038423)
  * Miscellaneous Ubuntu changes
    - rebase on v6.6-rc4
  [ Upstream Kernel Changes ]
  * Rebase to v6.6-rc4

[ Ubuntu: 6.6.0-3.3 ]

* mantic/linux-unstable: 6.6.0-3.3 -proposed tracker (LP: #2037622)
  * Miscellaneous Ubuntu changes
    - [Config] updateconfigs following v6.6-rc3 rebase
  * Miscellaneous upstream changes
    - Revert "UBUNTU: SAUCE: enforce rust availability only on x86_64"
    - arm64: rust: Enable Rust support for AArch64
    - arm64: rust: Enable PAC support for Rust.
    - arm64: Restrict Rust support to little endian only.

[ Ubuntu: 6.6.0-2.2 ]

* Miscellaneous upstream changes
    - UBUBNTU: [Config] build all COMEDI drivers as modules

[ Ubuntu: 6.6.0-1.1 ]

* Miscellaneous Ubuntu changes
    - [Packaging] move linux to linux-unstable
    - [Packaging] rebase on v6.6-rc1
    - [Config] updateconfigs following v6.6-rc1 rebase
    - [packaging] skip ABI, modules and retpoline checks
    - update dropped.txt
    - [Config] SHIFT_FS FTBFS with Linux 6.6, disable it
    - [Config] DELL_UART_BACKLIGHT FTBFS with Linux 6.6, disable it
    - [Packaging] debian/dkms-versions: temporarily disable dkms
    - [Packaging] temporarily disable signing for s390x
  [ Upstream Kernel Changes ]
  * Rebase to v6.6-rc1

[ Ubuntu: 6.6.0-0.0 ]

* Empty entry

-- Paolo Pisati <paolo.pisati@canonical.com>  Fri, 09 Feb 2024 12:08:10 +0100

Changed in linux-oracle (Ubuntu Noble):
status:	In Progress → Fix Released

Ubuntu
linux-oracle package

[arm64] Increase max CPU count to 512

Bug Description

CVE References

Other bug subscribers

Remote bug watches

	Status	Importance	Assigned to
linux-oracle (Ubuntu)	Fix Released	Undecided	Unassigned
Jammy	Fix Released	Medium	Unassigned
Mantic	Fix Released	Medium	Unassigned
Noble	Fix Released	Undecided	Unassigned

Ubuntulinux-oracle package

[arm64] Increase max CPU count to 512

Bug Description

CVE References

Other bug subscribers

Remote bug watches

Ubuntu
linux-oracle package