Package "linux-azure-5.15-tools-5.15.0-1067"

  linux-azure-5.15 (5.15.0-1067.76~20.04.1) focal; urgency=medium

  * focal/linux-azure-5.15: 5.15.0-1067.76~20.04.1 -proposed tracker
    (LP: #2068195)

  [ Ubuntu: 5.15.0-1067.76 ]

  * jammy/linux-azure: 5.15.0-1067.76 -proposed tracker (LP: #2068196)
  * jammy/linux: 5.15.0-113.123 -proposed tracker (LP: #2068242)
  * CVE-2024-26924
    - netfilter: nft_set_pipapo: do not free live element
  * CVE-2024-26643
    - netfilter: nf_tables: mark set as dead when unbinding anonymous set with
      timeout
  * jammy/linux: 5.15.0-112.122 -proposed tracker (LP: #2065898)
  * CVE-2024-21823
    - dmanegine: idxd: reformat opcap output to match bitmap_parse() input
    - dmaengine: idxd: add WQ operation cap restriction support
    - dmaengine: idxd: add knob for enqcmds retries
    - VFIO: Add the SPR_DSA and SPR_IAX devices to the denylist
    - dmaengine: idxd: add a new security check to deal with a hardware erratum
    - dmaengine: idxd: add a write() method for applications to submit work

  [ Ubuntu: 5.15.0-1066.75 ]

  * jammy/linux-azure: 5.15.0-1066.75 -proposed tracker (LP: #2067485)
  * Azure: Jammy azure CIFS backport to 5.15-backport-1-24-24 causes regression
    (LP: #2067612)
    - SAUCE: Restore CIFS to 5.15-backport-8-16-23

 -- John Cabaj <email address hidden> Thu, 13 Jun 2024 12:38:23 -0500

  linux-azure-5.15 (5.15.0-1065.74~20.04.1) focal; urgency=medium

  * focal/linux-azure-5.15: 5.15.0-1065.74~20.04.1 -proposed tracker
    (LP: #2063716)

  [ Ubuntu: 5.15.0-1065.74 ]

  * jammy/linux-azure: 5.15.0-1065.74 -proposed tracker (LP: #2063717)
  * Azure: Update CIFS to 5.15-backport-1-24-24 (LP: #2064514)
    - SAUCE: cifs: correcting entry
    - cifs: is_network_name_deleted should return a bool
    - cifs: fix charset issue in reconnection
    - cifs: update the ctime on a partial page write
    - smb: client: introduce DFS_CACHE_TGT_LIST()
    - smb: client: ensure to try all targets when finding nested links
    - smb: client: move some params to cifs_open_info_data
    - smb: client: make smb2_compound_op() return resp buffer on success
    - smb: client: rename cifs_dfs_ref.c to namespace.c
    - smb: client: get rid of dfs naming in automount code
    - smb: client: get rid of dfs code dep in namespace.c
    - smb: client: parse reparse point flag in create response
    - smb: client: do not query reparse points twice on symlinks
    - smb: client: query reparse points in older dialects
    - smb: cilent: set reparse mount points as automounts
    - smb: client: reduce stack usage in cifs_try_adding_channels()
    - smb: client: reduce stack usage in cifs_demultiplex_thread()
    - smb: client: reduce stack usage in smb_send_rqst()
    - smb: client: reduce stack usage in smb2_set_ea()
    - smb: client: reduce stack usage in smb2_query_info_compound()
    - smb: client: reduce stack usage in smb2_query_reparse_point()
    - cifs: update desired access while requesting for directory lease
    - send channel sequence number in SMB3 requests after reconnects
    - SMB3: rename macro CIFS_SERVER_IS_CHAN to avoid confusion
    - cifs: Add a laundromat thread for cached directories
    - smb3: allow controlling length of time directory entries are cached with dir
      leases
    - smb3: add trace point for queryfs (statfs)
    - smb3: allow controlling maximum number of cached directories
    - cifs: update internal module version number for cifs.ko
    - smb3: fix minor typo in SMB2_GLOBAL_CAP_LARGE_MTU
    - smb3: move server check earlier when setting channel sequence number
    - smb3: correct places where ENOTSUPP is used instead of preferred EOPNOTSUPP
    - smb3: fix some minor typos and repeated words
    - smb3: Add dynamic trace points for RDMA (smbdirect) reconnect
    - smb3: do not start laundromat thread when dir leases disabled
    - cifs: Fix UAF in cifs_demultiplex_thread()
    - smb3: remove duplicate error mapping
    - smb: client: handle STATUS_IO_REPARSE_TAG_NOT_HANDLED
    - smb3: fix confusing debug message
    - fs/smb/client: Reset password pointer to NULL
    - smb: client: do not start laundromat thread on nohandlecache
    - smb: client: make laundromat a delayed worker
    - smb: client: prevent new fids from being removed by laundromat
    - smb3: fix touch -h of symlink
    - cifs: Add client version details to NTLM authenticate message
    - SMB3: clarify some of the unused CreateOption flags
    - Add definition for new smb3.1.1 command type
    - smb3: fix creating FIFOs when mounting with "sfu" mount option
    - smb: client: fix potential deadlock when releasing mids
    - smb: client: fix use-after-free bug in cifs_debug_data_proc_show()
    - smb: use crypto_shash_digest() in symlink_hash()
    - cifs: print server capabilities in DebugData
    - cifs: add xid to query server interface call
    - smb: client: remove extra @chan_count check in __cifs_put_smb_ses()
    - smb: client: fix use-after-free in smb2_query_info_compound()
    - cifs: reconnect helper should set reconnect for the right channel
    - cifs: do not reset chan_max if multichannel is not supported at mount
    - cifs: force interface update before a fresh session setup
    - smb3: minor RDMA cleanup
    - smb3: more minor cleanups for session handling routines
    - cifs: handle cases where a channel is closed
    - cifs: distribute channels across interfaces based on speed
    - cifs: account for primary channel in the interface list
    - cifs: do not pass cifs_sb when trying to add channels
    - cifs: reconnect work should have reference on server struct
    - smb3: minor cleanup of session handling code
    - smb3: fix caching of ctime on setxattr
    - smb: client: fix mount when dns_resolver key is not available
    - smb3: allow dumping session and tcon id to improve stats analysis and
      debugging
    - Missing field not being returned in ioctl CIFS_IOC_GET_MNT_INFO
    - cifs: handle when server starts supporting multichannel
    - cifs: handle when server stops supporting multichannel
    - cifs: update internal module version number for cifs.ko
    - cifs: spnego: add ';' in HOST_KEY_LEN
    - cifs: fix check of rc in function generate_smb3signingkey
    - cifs: fix leak of iface for primary channel
    - cifs: fix lock ordering while disabling multichannel
    - cifs: fix use after free for iface while disabling secondary channels
    - smb: client: implement ->query_reparse_point() for SMB1
    - smb: client: introduce ->parse_reparse_point()
    - smb: client: set correct file type from NFS reparse points
    - smb: client: introduce cifs_sfu_make_node()
    - smb: client: fix missing mode bits for SMB symlinks
    - smb: client: report correct st_size for SMB and NFS symlinks
    - cifs: Fix FALLOC_FL_ZERO_RANGE by setting i_size if EOF moved
    - cifs: Fix FALLOC_FL_INSERT_RANGE by setting i_size after EOF moved
    - smb: client, common: fix fortify warnings
    - smb: client: fix potential NULL deref in parse_dfs_referrals()
    - cifs: Fix non-availability of dedup breaking generic/304
    - Revert "cifs: reconnect work should have reference on server struct"
    - cifs: reconnect worker should take reference on server struct
      unconditionally
    - smb3: add missing define
    - ksmbd: fix wrong name of SMB2_CREATE_ALLOCATION_SIZE

  linux-azure-5.15 (5.15.0-1064.73~20.04.1) focal; urgency=medium

  * focal/linux-azure-5.15: 5.15.0-1064.73~20.04.1 -proposed tracker
    (LP: #2063588)

  [ Ubuntu: 5.15.0-1064.73 ]

  * jammy/linux-azure: 5.15.0-1064.73 -proposed tracker (LP: #2063589)
  * jammy/linux: 5.15.0-107.117 -proposed tracker (LP: #2063635)
  * CVE-2023-52530
    - wifi: mac80211: fix potential key use-after-free
  * CVE-2024-26622
    - tomoyo: fix UAF write bug in tomoyo_write_control()
  * CVE-2023-47233
    - wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach

 -- Yuxuan Luo <email address hidden> Wed, 01 May 2024 16:40:18 -0400

  linux-azure-5.15 (5.15.0-1063.72~20.04.1) focal; urgency=medium

  * focal/linux-azure-5.15: 5.15.0-1063.72~20.04.1 -proposed tracker
    (LP: #2061766)

  [ Ubuntu: 5.15.0-1063.72 ]

  * jammy/linux-azure: 5.15.0-1063.72 -proposed tracker (LP: #2061767)
  * Packaging resync (LP: #1786013)
    - [Packaging] drop getabis data
  * Azure: Network doesn't get configured after triggering kdump (LP: #2054855)
    - Drivers: hv: Always reserve framebuffer region for Gen1 VMs
  * jammy/linux: 5.15.0-106.116 -proposed tracker (LP: #2061812)
  * CVE-2024-2201
    - x86/bugs: Use sysfs_emit()
    - KVM: x86: Update KVM-only leaf handling to allow for 100% KVM-only leafs
    - KVM: x86: Advertise CPUID.(EAX=7,ECX=2):EDX[5:0] to userspace
    - KVM: x86: Use a switch statement and macros in __feature_translate()
    - x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file
    - x86/syscall: Don't force use of indirect calls for system calls
    - x86/bhi: Add support for clearing branch history at syscall entry
    - x86/bhi: Define SPEC_CTRL_BHI_DIS_S
    - x86/bhi: Enumerate Branch History Injection (BHI) bug
    - x86/bhi: Add BHI mitigation knob
    - x86/bhi: Mitigate KVM by default
    - KVM: x86: Add BHI_NO
    - [Config] Set CONFIG_BHI to enabled (auto)
  * Drop fips-checks script from trees (LP: #2055083)
    - [Packaging] Remove fips-checks script
  * alsa/realtek: adjust max output valume for headphone on 2 LG machines
    (LP: #2058573)
    - ALSA: hda/realtek: fix the hp playback volume issue for LG machines
  * A general-proteciton exception during guest migration to unsupported PKRU
    machine (LP: #2032164)
    - x86/fpu: Allow caller to constrain xfeatures when copying to uabi buffer
    - KVM: x86: Constrain guest-supported xfeatures only at KVM_GET_XSAVE{2}
  * [ICX] [SPR] [ipc/msg] performance: Mitigate the lock contention with percpu
    counter (LP: #2058485)
    - ipc: check checkpoint_restore_ns_capable() to modify C/R proc files
    - ipc/ipc_sysctl.c: remove fallback for !CONFIG_PROC_SYSCTL
    - ipc: Store mqueue sysctls in the ipc namespace
    - ipc: Store ipc sysctls in the ipc namespace
    - ipc: Use the same namespace to modify and validate
    - ipc: Remove extra1 field abuse to pass ipc namespace
    - ipc: Check permissions for checkpoint_restart sysctls at open time
    - percpu: add percpu_counter_add_local and percpu_counter_sub_local
    - ipc/msg: mitigate the lock contention with percpu counter
  * Jammy update: v5.15.149 upstream stable release (LP: #2059014)
    - ksmbd: free ppace array on error in parse_dacl
    - ksmbd: don't allow O_TRUNC open on read-only share
    - ksmbd: validate mech token in session setup
    - ksmbd: fix UAF issue in ksmbd_tcp_new_connection()
    - ksmbd: only v2 leases handle the directory
    - iio: adc: ad7091r: Set alert bit in config register
    - iio: adc: ad7091r: Allow users to configure device events
    - iio: adc: ad7091r: Enable internal vref if external vref is not supplied
    - dmaengine: fix NULL pointer in channel unregistration function
    - scsi: ufs: core: Simplify power management during async scan
    - scsi: ufs: core: Remove the ufshcd_hba_exit() call from ufshcd_async_scan()
    - iio:adc:ad7091r: Move exports into IIO_AD7091R namespace.
    - ext4: allow for the last group to be marked as trimmed
    - btrfs: sysfs: validate scrub_speed_max value
    - crypto: api - Disallow identical driver names
    - PM: hibernate: Enforce ordering during image compression/decompression
    - hwrng: core - Fix page fault dead lock on mmap-ed hwrng
    - crypto: s390/aes - Fix buffer overread in CTR mode
    - media: imx355: Enable runtime PM before registering async sub-device
    - rpmsg: virtio: Free driver_override when rpmsg_remove()
    - media: ov9734: Enable runtime PM before registering async sub-device
    - mips: Fix max_mapnr being uninitialized on early stages
    - bus: mhi: host: Drop chan lock before queuing buffers
    - bus: mhi: host: Add spinlock to protect WP access when queueing TREs
    - parisc/firmware: Fix F-extend for PDC addresses
    - async: Split async_schedule_node_domain()
    - async: Introduce async_schedule_dev_nocall()
    - arm64: dts: qcom: sc7180: fix USB wakeup interrupt types
    - arm64: dts: qcom: sdm845: fix USB wakeup interrupt types
    - arm64: dts: qcom: sm8150: fix USB wakeup interrupt types
    - arm64: dts: qcom: sdm845: fix USB DP/DM HS PHY interrupts
    - lsm: new security_file_ioctl_compat() hook
    - scripts/get_abi: fix source path leak
    - mmc: core: Use mrq.sbc in close-ended ffu
    - mmc: mmc_spi: remove custom DMA mapped buffers
    - rtc: Adjust failure return code for cmos_set_alarm()
    - nouveau/vmm: don't set addr on the fail path to avoid warning
    - ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path
    - rename(): fix the locking of subdirectories
    - ksmbd: set v2 lease version on lease upgrade
    - ksmbd: fix potential circular locking issue in smb2_set_ea()
    - ksmbd: don't increment epoch if current state and request state are same
    - ksmbd: send lease break notification on FILE_RENAME_INFORMATION
    - ksmbd: Add missing set_freezable() for freezable kthread
    - net/smc: fix illegal rmb_desc access in SMC-D connection dump
    - tcp: make sure init the accept_queue's spinlocks once
    - bnxt_en: Wait for FLR to complete during probe
    - vlan: skip nested type that is not IFLA_VLAN_QOS_MAPPING
    - llc: make llc_ui_sendmsg() more robust against bonding changes
    - llc: Drop support for ETH_P_TR_802_2.
    - net/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv
    - tracing: Ensure visibility when inserting an element into tracing_map
    - afs: Hide silly-rename files from userspace
    - tcp: Add memory barrier to tcp_push()
    - netlink: fix potential sleeping issue in mqueue_flush_file
    - ipv6: init the accept_queue's spinlocks in inet6_create
    - net/mlx5: DR, Use the ri

  linux-azure-5.15 (5.15.0-1061.70~20.04.1) focal; urgency=medium

  * focal/linux-azure-5.15: 5.15.0-1061.70~20.04.1 -proposed tracker
    (LP: #2059641)

  * Packaging resync (LP: #1786013)
    - [Packaging] drop getabis data

  [ Ubuntu: 5.15.0-1061.70 ]

  * jammy/linux-azure: 5.15.0-1061.70 -proposed tracker (LP: #2059642)
  * jammy/linux: 5.15.0-103.113 -proposed tracker (LP: #2059683)
  * Packaging resync (LP: #1786013)
    - [Packaging] drop getabis data
  * Remove getabis scripts (LP: #2059143)
    - [Packaging] Remove getabis
  * CVE-2023-24023
    - Bluetooth: Add more enc key size check
  * CVE-2023-52600
    - jfs: fix uaf in jfs_evict_inode
  * Jammy update: v5.15.149 upstream stable release (LP: #2059014) //
    CVE-2023-52603
    - UBSAN: array-index-out-of-bounds in dtSplitRoot
  * CVE-2024-26581
    - netfilter: nft_set_rbtree: skip end interval element from gc

 -- Bethany Jamison <email address hidden> Thu, 04 Apr 2024 16:28:29 -0500