Package "linux-hwe-6.2-tools-common"

  linux-hwe-6.2 (6.2.0-33.33~22.04.1) jammy; urgency=medium

  * jammy/linux-hwe-6.2: 6.2.0-33.33~22.04.1 -proposed tracker (LP: #2034157)

  [ Ubuntu: 6.2.0-33.33 ]

  * lunar/linux: 6.2.0-33.33 -proposed tracker (LP: #2034158)
  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts
  * CVE-2023-21264
    - KVM: arm64: Prevent unconditional donation of unmapped regions from the host
  * CVE-2023-4569
    - netfilter: nf_tables: deactivate catchall elements in next generation
  * CVE-2023-40283
    - Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb
  * CVE-2023-20588
    - x86/bugs: Increase the x86 bugs vector size to two u32s
    - x86/CPU/AMD: Do not leak quotient data after a division by 0
    - x86/CPU/AMD: Fix the DIV(0) initial fix attempt
  * CVE-2023-4128
    - net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-
      free
    - net/sched: cls_fw: No longer copy tcf_result on update to avoid use-after-
      free
    - net/sched: cls_route: No longer copy tcf_result on update to avoid use-
      after-free

 -- Stefan Bader <email address hidden> Thu, 07 Sep 2023 09:11:45 +0200

  linux-hwe-6.2 (6.2.0-32.32~22.04.1) jammy; urgency=medium

  * jammy/linux-hwe-6.2: 6.2.0-32.32~22.04.1 -proposed tracker (LP: #2030380)

  [ Ubuntu: 6.2.0-32.32 ]

  * lunar/linux: 6.2.0-32.32 -proposed tracker (LP: #2031134)
  * libgnutls report "trap invalid opcode" when trying to install packages over
    https (LP: #2031093)
    - [Config]: disable CONFIG_GDS_FORCE_MITIGATION

  [ Ubuntu: 6.2.0-30.30 ]

  * lunar/linux: 6.2.0-30.30 -proposed tracker (LP: #2030381)
  * CVE-2022-40982
    - init: Provide arch_cpu_finalize_init()
    - x86/cpu: Switch to arch_cpu_finalize_init()
    - ARM: cpu: Switch to arch_cpu_finalize_init()
    - ia64/cpu: Switch to arch_cpu_finalize_init()
    - m68k/cpu: Switch to arch_cpu_finalize_init()
    - mips/cpu: Switch to arch_cpu_finalize_init()
    - sh/cpu: Switch to arch_cpu_finalize_init()
    - sparc/cpu: Switch to arch_cpu_finalize_init()
    - um/cpu: Switch to arch_cpu_finalize_init()
    - init: Remove check_bugs() leftovers
    - init: Invoke arch_cpu_finalize_init() earlier
    - init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init()
    - x86/init: Initialize signal frame size late
    - x86/fpu: Remove cpuinfo argument from init functions
    - x86/fpu: Mark init functions __init
    - x86/fpu: Move FPU initialization into arch_cpu_finalize_init()
    - x86/mem_encrypt: Unbreak the AMD_MEM_ENCRYPT=n build
    - x86/xen: Fix secondary processors' FPU initialization
    - x86/speculation: Add Gather Data Sampling mitigation
    - x86/speculation: Add force option to GDS mitigation
    - x86/speculation: Add Kconfig option for GDS
    - KVM: Add GDS_NO support to KVM
    - Documentation/x86: Fix backwards on/off logic about YMM support
    - [Config]: Enable CONFIG_ARCH_HAS_CPU_FINALIZE_INIT and
      CONFIG_GDS_FORCE_MITIGATION
  * CVE-2023-4015
    - netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound
      set/chain
    - netfilter: nf_tables: unbind non-anonymous set if rule construction fails
    - netfilter: nf_tables: skip immediate deactivate in _PREPARE_ERROR
  * CVE-2023-3995
    - netfilter: nf_tables: disallow rule addition to bound chain via
      NFTA_RULE_CHAIN_ID
  * CVE-2023-3777
    - netfilter: nf_tables: skip bound chain on rule flush
  * CVE-2023-3609
    - net/sched: cls_u32: Fix reference counter leak leading to overflow
  * NULL pointer dereference on CS35L41 HDA AMP (LP: #2029199)
    - ASoC: cs35l41: Refactor error release code
    - ALSA: cs35l41: Add shared boost feature
    - ASoC: dt-bindings: cirrus, cs35l41: Document CS35l41 shared boost
    - ALSA: hda: cs35l41: Ensure firmware/tuning pairs are always loaded
    - ALSA: hda: cs35l41: Enable Amp High Pass Filter
    - ALSA: cs35l41: Use mbox command to enable speaker output for external boost
    - ALSA: cs35l41: Poll for Power Up/Down rather than waiting a fixed delay
    - ALSA: hda: cs35l41: Check mailbox status of pause command after firmware
      load
    - ALSA: hda: cs35l41: Ensure we correctly re-sync regmap before system
      suspending.
    - ALSA: hda: cs35l41: Ensure we pass up any errors during system suspend.
    - ALSA: hda: cs35l41: Move Play and Pause into separate functions
    - ALSA: hda: hda_component: Add pre and post playback hooks to hda_component
    - ALSA: hda: cs35l41: Use pre and post playback hooks
    - ALSA: hda: cs35l41: Rework System Suspend to ensure correct call separation
    - ALSA: hda: cs35l41: Add device_link between HDA and cs35l41_hda
    - ALSA: hda: cs35l41: Ensure amp is only unmuted during playback
  * Reboot command powers off the system (LP: #2029332)
    - x86/smp: Make stop_other_cpus() more robust
    - x86/smp: Dont access non-existing CPUID leaf
  * losetup with mknod fails on jammy with kernel 5.15.0-69-generic
    (LP: #2015400)
    - loop: deprecate autoloading callback loop_probe()
    - loop: do not enforce max_loop hard limit by (new) default
  * Fix UBSAN in Intel EDAC driver (LP: #2028746)
    - EDAC/skx_common: Enable EDAC support for the "near" memory
    - EDAC/skx_common: Delete duplicated and unreachable code
    - EDAC/i10nm: Add Intel Emerald Rapids server support
    - EDAC/i10nm: Make more configurations CPU model specific
    - EDAC/i10nm: Add Intel Granite Rapids server support
    - EDAC/i10nm: Skip the absent memory controllers
  * Make TTY switching possible for NVIDIA when it's boot VGA (LP: #2028749)
    - drm/gma500: Use drm_aperture_remove_conflicting_pci_framebuffers
    - video/aperture: use generic code to figure out the vga default device
    - drm/aperture: Remove primary argument
    - video/aperture: Only kick vgacon when the pdev is decoding vga
    - video/aperture: Move vga handling to pci function
    - video/aperture: Drop primary argument
    - video/aperture: Only remove sysfb on the default vga pci device
    - fbdev: Simplify fb_is_primary_device for x86
    - video/aperture: Provide a VGA helper for gma500 and internal use
  * Fix AMD gpu hang when screen off/on (LP: #2028740)
    - drm/amd/display: Keep PHY active for dp config
  * Various backlight issues with the 6.0/6.1 kernel (LP: #2023638)
    - ACPI: video: Stop trying to use vendor backlight control on laptops from
      after ~2012
  * FM350(mtk_t7xx) failed to suspend, or early wake while suspending
    (LP: #2020743)
    - net: wwan: t7xx: Ensure init is completed before system sleep
  * Include the MAC address pass through function on RTL8153DD-CG (LP: #2020295)
    - r8152: add USB device driver for config selection
  * CVE-2023-20593
    - x86/cpu/amd: Move the errata checking functionality up
    - x86/cpu/amd: Add a Zenbleed fix
  * CVE-2023-4004
    - netfilter: nft_set_pipapo: fix improper element removal
  * CVE-2023-3611
    - net/sched: sch_qfq: refactor parsing of netlink parameters
    - net/sched: sch_qfq: account for stab overhead in qfq_enqueue
  * CVE-2023-3610
    - netfilter: nf_tables: fix chain binding transaction logic
  * CVE-2023-2898
    - f2fs: fix t

  linux-hwe-6.2 (6.2.0-31.31~22.04.1) jammy; urgency=medium

  * jammy/linux-hwe-6.2: 6.2.0-31.31~22.04.1 -proposed tracker (LP: #2030546)

  * Packaging resync (LP: #1786013)
    - [Packaging] resync update-dkms-versions helper
    - [Packaging] update variants
    - [Packaging] resync getabis

  [ Ubuntu: 6.2.0-31.31 ]

  * lunar/linux: 6.2.0-31.31 -proposed tracker (LP: #2031146)
  * libgnutls report "trap invalid opcode" when trying to install packages over
    https (LP: #2031093)
    - [Config]: disable CONFIG_GDS_FORCE_MITIGATION

  [ Ubuntu: 6.2.0-28.29 ]

  * lunar/linux: 6.2.0-28.29 -proposed tracker (LP: #2030547)
  * CVE-2022-40982
    - init: Provide arch_cpu_finalize_init()
    - x86/cpu: Switch to arch_cpu_finalize_init()
    - ARM: cpu: Switch to arch_cpu_finalize_init()
    - ia64/cpu: Switch to arch_cpu_finalize_init()
    - m68k/cpu: Switch to arch_cpu_finalize_init()
    - mips/cpu: Switch to arch_cpu_finalize_init()
    - sh/cpu: Switch to arch_cpu_finalize_init()
    - sparc/cpu: Switch to arch_cpu_finalize_init()
    - um/cpu: Switch to arch_cpu_finalize_init()
    - init: Remove check_bugs() leftovers
    - init: Invoke arch_cpu_finalize_init() earlier
    - init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init()
    - x86/init: Initialize signal frame size late
    - x86/fpu: Remove cpuinfo argument from init functions
    - x86/fpu: Mark init functions __init
    - x86/fpu: Move FPU initialization into arch_cpu_finalize_init()
    - x86/mem_encrypt: Unbreak the AMD_MEM_ENCRYPT=n build
    - x86/xen: Fix secondary processors' FPU initialization
    - x86/speculation: Add Gather Data Sampling mitigation
    - x86/speculation: Add force option to GDS mitigation
    - x86/speculation: Add Kconfig option for GDS
    - KVM: Add GDS_NO support to KVM
    - Documentation/x86: Fix backwards on/off logic about YMM support
    - [Config]: Enable CONFIG_ARCH_HAS_CPU_FINALIZE_INIT and
      CONFIG_GDS_FORCE_MITIGATION
  * CVE-2023-4015
    - netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound
      set/chain
    - netfilter: nf_tables: unbind non-anonymous set if rule construction fails
    - netfilter: nf_tables: skip immediate deactivate in _PREPARE_ERROR
  * CVE-2023-3777
    - netfilter: nf_tables: skip bound chain on rule flush
  * CVE-2023-3995
    - netfilter: nf_tables: disallow rule addition to bound chain via
      NFTA_RULE_CHAIN_ID
  * CVE-2023-20593
    - x86/cpu/amd: Move the errata checking functionality up
    - x86/cpu/amd: Add a Zenbleed fix
  * CVE-2023-3776
    - net/sched: cls_fw: Fix improper refcount update leads to use-after-free
  * CVE-2023-4004
    - netfilter: nft_set_pipapo: fix improper element removal
  * CVE-2023-3611
    - net/sched: sch_qfq: refactor parsing of netlink parameters
    - net/sched: sch_qfq: account for stab overhead in qfq_enqueue
  * CVE-2023-3610
    - netfilter: nf_tables: fix chain binding transaction logic
  * CVE-2023-3609
    - net/sched: cls_u32: Fix reference counter leak leading to overflow

  [ Ubuntu: 6.2.0-27.28 ]

  * lunar/linux: 6.2.0-27.28 -proposed tracker (LP: #2026488)
  * Packaging resync (LP: #1786013)
    - [Packaging] resync update-dkms-versions helper
    - [Packaging] update annotations scripts
  * CVE-2023-2640 // CVE-2023-32629
    - Revert "UBUNTU: SAUCE: overlayfs: handle idmapped mounts in
      ovl_do_(set|remove)xattr"
    - Revert "UBUNTU: SAUCE: overlayfs: Skip permission checking for
      trusted.overlayfs.* xattrs"
    - SAUCE: overlayfs: default to userxattr when mounted from non initial user
      namespace
  * UNII-4 5.9G Band support request on 8852BE (LP: #2023952)
    - wifi: rtw89: 8851b: add 8851B basic chip_info
    - wifi: rtw89: introduce realtek ACPI DSM method
    - wifi: rtw89: regd: judge UNII-4 according to BIOS and chip
    - wifi: rtw89: support U-NII-4 channels on 5GHz band
  * Disable hv-kvp-daemon if /dev/vmbus/hv_kvp is not present (LP: #2024900)
    - [Packaging] disable hv-kvp-daemon if needed
  * A deadlock issue in scsi rescan task while resuming from S3 (LP: #2018566)
    - ata: libata-scsi: Avoid deadlock on rescan after device resume
  * [SRU] Intel Sapphire Rapids HBM support needs CONFIG_NUMA_EMU (LP: #2008745)
    - [Config] Intel Sapphire Rapids HBM support needs CONFIG_NUMA_EMU
  * Lunar update: v6.2.15 upstream stable release (LP: #2025067)
    - ASOC: Intel: sof_sdw: add quirk for Intel 'Rooks County' NUC M15
    - ASoC: Intel: soc-acpi: add table for Intel 'Rooks County' NUC M15
    - ASoC: soc-pcm: fix hw->formats cleared by soc_pcm_hw_init() for dpcm
    - x86/hyperv: Block root partition functionality in a Confidential VM
    - ASoC: amd: yc: Add DMI entries to support Victus by HP Laptop 16-e1xxx
      (8A22)
    - iio: adc: palmas_gpadc: fix NULL dereference on rmmod
    - ASoC: Intel: bytcr_rt5640: Add quirk for the Acer Iconia One 7 B1-750
    - ASoC: da7213.c: add missing pm_runtime_disable()
    - net: wwan: t7xx: do not compile with -Werror
    - wifi: mt76: mt7921: Fix use-after-free in fw features query.
    - selftests mount: Fix mount_setattr_test builds failed
    - scsi: mpi3mr: Handle soft reset in progress fault code (0xF002)
    - net: sfp: add quirk enabling 2500Base-x for HG MXPD-483II
    - platform/x86: thinkpad_acpi: Add missing T14s Gen1 type to s2idle quirk list
    - wifi: ath11k: reduce the MHI timeout to 20s
    - tracing: Error if a trace event has an array for a __field()
    - asm-generic/io.h: suppress endianness warnings for readq() and writeq()
    - asm-generic/io.h: suppress endianness warnings for relaxed accessors
    - x86/cpu: Add model number for Intel Arrow Lake processor
    - wifi: mt76: mt7921e: Set memory space enable in PCI_COMMAND if unset
    - ASoC: amd: ps: update the acp clock source.
    - arm64: Always load shadow stack pointer directly from the task struct
    - arm64: Stash shadow stack pointer in the task struct on interrupt
    - powerpc/boot: Fix boot wrapper code g

  linux-hwe-6.2 (6.2.0-26.26~22.04.1) jammy; urgency=medium

  * jammy/linux-hwe-6.2: 6.2.0-26.26~22.04.1 -proposed tracker (LP: #2026752)

  [ Ubuntu: 6.2.0-26.26 ]

  * lunar/linux: 6.2.0-26.26 -proposed tracker (LP: #2026753)
  * CVE-2023-2640 // CVE-2023-32629
    - Revert "UBUNTU: SAUCE: overlayfs: handle idmapped mounts in
      ovl_do_(set|remove)xattr"
    - Revert "UBUNTU: SAUCE: overlayfs: Skip permission checking for
      trusted.overlayfs.* xattrs"
    - SAUCE: overlayfs: default to userxattr when mounted from non initial user
      namespace
  * CVE-2023-35001
    - netfilter: nf_tables: prevent OOB access in nft_byteorder_eval
  * CVE-2023-31248
    - netfilter: nf_tables: do not ignore genmask when looking up chain by id
  * CVE-2023-3389
    - io_uring/poll: serialize poll linked timer start with poll removal
  * CVE-2023-3390
    - netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE
  * CVE-2023-3090
    - ipvlan:Fix out-of-bounds caused by unclear skb->cb
  * CVE-2023-3269
    - mm: introduce new 'lock_mm_and_find_vma()' page fault helper
    - mm: make the page fault mmap locking killable
    - arm64/mm: Convert to using lock_mm_and_find_vma()
    - powerpc/mm: Convert to using lock_mm_and_find_vma()
    - mips/mm: Convert to using lock_mm_and_find_vma()
    - riscv/mm: Convert to using lock_mm_and_find_vma()
    - arm/mm: Convert to using lock_mm_and_find_vma()
    - mm/fault: convert remaining simple cases to lock_mm_and_find_vma()
    - powerpc/mm: convert coprocessor fault to lock_mm_and_find_vma()
    - mm: make find_extend_vma() fail if write lock not held
    - execve: expand new process stack manually ahead of time
    - mm: always expand the stack with the mmap write lock held
    - [CONFIG]: Set CONFIG_LOCK_MM_AND_FIND_VMA

 -- Stefan Bader <email address hidden> Thu, 13 Jul 2023 15:22:42 +0200

  linux-hwe-6.2 (6.2.0-25.25~22.04.2) jammy; urgency=medium

  * jammy/linux-hwe-6.2: 6.2.0-25.25~22.04.2 -proposed tracker (LP: #2024539)

  * Packaging resync (LP: #1786013)
    - [Packaging] resync update-dkms-versions helper

  [ Ubuntu: 6.2.0-25.25 ]

  * lunar/linux: 6.2.0-25.25 -proposed tracker (LP: #2024167)
  * ftrace in ubuntu_kernel_selftests failed with "check if duplicate events are
    caught" on J-5.15 P9 / J-kvm / L-kvm (LP: #1977827)
    - SAUCE: selftests/ftrace: Add test dependency
  * Add microphone support of the front headphone port on P3 Tower
    (LP: #2023650)
    - ALSA: hda/realtek: Add Lenovo P3 Tower platform
  * Add audio support for ThinkPad P1 Gen 6 and Z16 Gen 2 (LP: #2023539)
    - ALSA: hda/realtek: Add quirk for ThinkPad P1 Gen 6
  * Fix Disable thunderbolt clx make edp-monitor garbage while moving the
    touchpad (LP: #2023004)
    - drm/i915: Use 18 fast wake AUX sync len
  * Fix Monitor lost after replug WD19TBS to SUT port with VGA/DVI to type-C
    dongle (LP: #2021949)
    - thunderbolt: Increase timeout of DP OUT adapter handshake
    - thunderbolt: Do not touch CL state configuration during discovery
    - thunderbolt: Increase DisplayPort Connection Manager handshake timeout
  * Enable Tracing Configs for OSNOISE and TIMERLAT (LP: #2018591)
    - [Config] Enable OSNOISE_TRACER and TIMERLAT_TRACER configs
  * Fix only reach PC3 when ethernet is plugged r8169 (LP: #1946433)
    - r8169: use spinlock to protect mac ocp register access
    - r8169: use spinlock to protect access to registers Config2 and Config5
    - r8169: enable cfg9346 config register access in atomic context
    - r8169: prepare rtl_hw_aspm_clkreq_enable for usage in atomic context
    - r8169: disable ASPM during NAPI poll
    - r8169: remove ASPM restrictions now that ASPM is disabled during NAPI poll
  * introduce do_lib_rust=true|false to enable/disable linux-lib-rust package
    (LP: #2021605)
    - [Packaging] introduce do_lib_rust and enable it only on generic amd64
  * System either hang with black screen or rebooted on entering suspend on AMD
    Ryzen 9 PRO 7940HS w/ Radeon 780M Graphics (LP: #2020685)
    - drm/amdgpu: refine get gpu clock counter method
    - drm/amdgpu/gfx11: update gpu_clock_counter logic
  * generate linux-lib-rust only on amd64 (LP: #2020356)
    - [Packaging] generate linux-lib-rust only on amd64
  * No HDMI/DP audio output on dock(Nvidia GPU) (LP: #2020062)
    - ALSA: hda: Add NVIDIA codec IDs a3 through a7 to patch table
  * Add support for mdev_set_iommu_device() kABI in Ubuntu 22.10 kernel
    (LP: #1988806)
    - SAUCE: Add mdev_set_iommu_device() kABI.
  * Enable audio LEDs on HP laptops (LP: #2019915)
    - ALSA: hda/realtek: Fix mute and micmute LEDs for an HP laptop
    - ALSA: hda/realtek: Fix mute and micmute LEDs for yet another HP laptop
  * linux-*: please enable dm-verity kconfigs to allow MoK/db verified root
    images (LP: #2019040)
    - [Config] CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING=y
  * Lunar update: v6.2.13 upstream stable release (LP: #2023929)
    - ARM: dts: rockchip: fix a typo error for rk3288 spdif node
    - arm64: dts: rockchip: Lower sd speed on rk3566-soquartz
    - arm64: dts: qcom: ipq8074-hk01: enable QMP device, not the PHY node
    - arm64: dts: qcom: ipq8074-hk10: enable QMP device, not the PHY node
    - arm64: dts: meson-g12-common: specify full DMC range
    - arm64: dts: meson-g12-common: resolve conflict between canvas & pmu
    - perf/amlogic: adjust register offsets
    - arm64: dts: qcom: sc8280xp-pmics: fix pon compatible and registers
    - arm64: dts: imx8mm-evk: correct pmic clock source
    - arm64: dts: imx8mm-verdin: correct off-on-delay
    - arm64: dts: imx8mp-verdin: correct off-on-delay
    - netfilter: br_netfilter: fix recent physdev match breakage
    - netfilter: nf_tables: Modify nla_memdup's flag to GFP_KERNEL_ACCOUNT
    - rust: str: fix requierments->requirements typo
    - regulator: fan53555: Explicitly include bits header
    - regulator: fan53555: Fix wrong TCS_SLEW_MASK
    - virtio_net: bugfix overflow inside xdp_linearize_page()
    - sfc: Fix use-after-free due to selftest_work
    - netfilter: nf_tables: fix ifdef to also consider nf_tables=m
    - i40e: fix accessing vsi->active_filters without holding lock
    - i40e: fix i40e_setup_misc_vector() error handling
    - netfilter: nf_tables: validate catch-all set elements
    - cxgb4: fix use after free bugs caused by circular dependency problem
    - netfilter: nf_tables: tighten netlink attribute requirements for catch-all
      elements
    - bnxt_en: Do not initialize PTP on older P3/P4 chips
    - mlxfw: fix null-ptr-deref in mlxfw_mfa2_tlv_next()
    - LoongArch: Fix build error if CONFIG_SUSPEND is not set
    - bonding: Fix memory leak when changing bond type to Ethernet
    - net: rpl: fix rpl header size calculation
    - mlxsw: pci: Fix possible crash during initialization
    - spi: spi-rockchip: Fix missing unwind goto in rockchip_sfc_probe()
    - bpf: Fix incorrect verifier pruning due to missing register precision taints
    - net: dsa: microchip: ksz8795: Correctly handle huge frame configuration
    - bnxt_en: fix free-runnig PHC mode
    - e1000e: Disable TSO on i219-LM card to increase speed
    - net: bridge: switchdev: don't notify FDB entries with "master dynamic"
    - f2fs: Fix f2fs_truncate_partial_nodes ftrace event
    - platform/x86/intel: vsec: Fix a memory leak in intel_vsec_add_aux
    - platform/x86 (gigabyte-wmi): Add support for A320M-S2H V2
    - selftests: sigaltstack: fix -Wuninitialized
    - scsi: megaraid_sas: Fix fw_crash_buffer_show()
    - scsi: core: Improve scsi_vpd_inquiry() checks
    - net: dsa: b53: mmap: add phy ops
    - platform/x86: gigabyte-wmi: add support for B650 AORUS ELITE AX
    - s390/ptrace: fix PTRACE_GET_LAST_BREAK error handling
    - drm: buddy_allocator: Fix buddy allocator init on 32-bit systems
    - drm: test: Fix 32-bi