Package "linux-hwe-6.2-tools-common"

  linux-hwe-6.2 (6.2.0-39.40~22.04.1) jammy; urgency=medium

  * jammy/linux-hwe-6.2: 6.2.0-39.40~22.04.1 -proposed tracker (LP: #2041556)

  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log
    - [Packaging] resync update-dkms-versions helper
    - [Packaging] update variants

  [ Ubuntu: 6.2.0-39.40 ]

  * lunar/linux: 6.2.0-39.40 -proposed tracker (LP: #2043451)
  * USB bus error after upgrading to proposed kernel on lunar and jammy
    (LP: #2043197)
    - USB: core: Fix oversight in SuperSpeed initialization
  * Include cifs.ko in linux-modules package (LP: #2042546)
    - [Packaging] Replace fs/cifs with fs/smb/client in inclusion list

  [ Ubuntu: 6.2.0-38.39 ]

  * lunar/linux: 6.2.0-38.39 -proposed tracker (LP: #2041557)
  * CVE-2023-25775
    - RDMA/irdma: Prevent zero-length STAG registration
  * CVE-2023-5345
    - fs/smb/client: Reset password pointer to NULL
  * CVE-2023-39189
    - netfilter: nfnetlink_osf: avoid OOB read
  * SMC stats: Wrong bucket calculation for payload of exactly 4096 bytes
    (LP: #2039575)
    - net/smc: Fix pos miscalculation in statistics
  * [SRU][J/L/M] UBUNTU: [Packaging] Make WWAN driver a loadable module
    (LP: #2033406)
    - [Packaging] Make WWAN driver loadable modules
  * CVE-2023-45871
    - igb: set max size RX buffer when store bad packet is enabled
  * CVE-2023-39193
    - netfilter: xt_sctp: validate the flag_info count
  * CVE-2023-39192
    - netfilter: xt_u32: validate user space input
  * CVE-2023-31085
    - ubi: Refuse attaching if mtd's erasesize is 0
  * CVE-2023-5717
    - perf: Disallow mis-matched inherited group reads
  * CVE-2023-5178
    - nvmet-tcp: Fix a possible UAF in queue intialization setup
  * CVE-2023-5158
    - vringh: don't use vringh_kiov_advance() in vringh_iov_xfer()
  * CVE-2023-5090
    - x86: KVM: SVM: always update the x2avic msr interception
  * usbip: error: failed to open /usr/share/hwdata//usb.ids (LP: #2039439)
    - [Packaging] Make linux-tools-common depend on hwdata
  * Unable to use nvme drive to install Ubuntu 23.10 (LP: #2040157)
    - misc: rtsx: Fix some platforms can not boot and move the l1ss judgment to
      probe
  * Lunar update: upstream stable patchset 2023-10-19 (LP: #2039884)
    - ACPI: thermal: Drop nocrt parameter
    - module: Expose module_init_layout_section()
    - arm64: module-plts: inline linux/moduleloader.h
    - arm64: module: Use module_init_layout_section() to spot init sections
    - ARM: module: Use module_init_layout_section() to spot init sections
    - lockdep: fix static memory detection even more
    - parisc: Cleanup mmap implementation regarding color alignment
    - parisc: sys_parisc: parisc_personality() is called from asm code
    - io_uring/parisc: Adjust pgoff in io_uring mmap() for parisc
    - kallsyms: Fix kallsyms_selftest failure
    - module/decompress: use vmalloc() for zstd decompression workspace
    - Upstream stable to v6.1.51, v6.4.14
    - erofs: ensure that the post-EOF tails are all zeroed
    - ksmbd: fix wrong DataOffset validation of create context
    - ksmbd: fix slub overflow in ksmbd_decode_ntlmssp_auth_blob()
    - ksmbd: replace one-element array with flex-array member in struct
      smb2_ea_info
    - ksmbd: reduce descriptor size if remaining bytes is less than request size
    - ARM: pxa: remove use of symbol_get()
    - mmc: au1xmmc: force non-modular build and remove symbol_get usage
    - net: enetc: use EXPORT_SYMBOL_GPL for enetc_phc_index
    - rtc: ds1685: use EXPORT_SYMBOL_GPL for ds1685_rtc_poweroff
    - modules: only allow symbol_get of EXPORT_SYMBOL_GPL modules
    - USB: serial: option: add Quectel EM05G variant (0x030e)
    - USB: serial: option: add FOXCONN T99W368/T99W373 product
    - ALSA: usb-audio: Fix init call orders for UAC1
    - usb: dwc3: meson-g12a: do post init to fix broken usb after resumption
    - usb: chipidea: imx: improve logic if samsung,picophy-* parameter is 0
    - HID: wacom: remove the battery when the EKR is off
    - staging: rtl8712: fix race condition
    - Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race
      condition
    - wifi: mt76: mt7921: do not support one stream on secondary antenna only
    - wifi: mt76: mt7921: fix skb leak by txs missing in AMSDU
    - serial: qcom-geni: fix opp vote on shutdown
    - serial: sc16is7xx: fix broken port 0 uart init
    - serial: sc16is7xx: fix bug when first setting GPIO direction
    - firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe
    - fsi: master-ast-cf: Add MODULE_FIRMWARE macro
    - tcpm: Avoid soft reset when partner does not support get_status
    - dt-bindings: sc16is7xx: Add property to change GPIO function
    - nilfs2: fix general protection fault in nilfs_lookup_dirty_data_buffers()
    - nilfs2: fix WARNING in mark_buffer_dirty due to discarded buffer reuse
    - usb: typec: tcpci: clear the fault status bit
    - pinctrl: amd: Don't show `Invalid config param` errors
    - wifi: rtw88: usb: kill and free rx urbs on probe failure
    - Upstream stable to v6.1.52, v6.4.15
  * Lunar update: upstream stable patchset 2023-10-18 (LP: #2039742)
    - NFSv4.2: fix error handling in nfs42_proc_getxattr
    - NFSv4: fix out path in __nfs4_get_acl_uncached
    - xprtrdma: Remap Receive buffers after a reconnect
    - drm/ast: Use drm_aperture_remove_conflicting_pci_framebuffers
    - fbdev/radeon: use pci aperture helpers
    - PCI: acpiphp: Reassign resources on bridge if necessary
    - MIPS: cpu-features: Enable octeon_cache by cpu_type
    - MIPS: cpu-features: Use boot_cpu_type for CPU type based features
    - jbd2: remove t_checkpoint_io_list
    - jbd2: remove journal_clean_one_cp_list()
    - jbd2: fix a race when checking checkpoint buffer busy
    - can: raw: fix receiver memory leak
    - can: raw: fix lockdep issue in raw_release()
    - s390/zcrypt: remove unnecessary (void *) conversions
    - s390/zcrypt: fix reply buffer calculations for CCA replies

  linux-hwe-6.2 (6.2.0-37.38~22.04.1) jammy; urgency=medium

  * jammy/linux-hwe-6.2: 6.2.0-37.38~22.04.1 -proposed tracker (LP: #2041898)

  * Include cifs.ko in linux-modules package (LP: #2042546)
    - [Packaging] Replace fs/cifs with fs/smb/client in inclusion list

  [ Ubuntu: 6.2.0-37.38 ]

  * lunar/linux: 6.2.0-37.38 -proposed tracker (LP: #2041899)
  * CVE-2023-31085
    - ubi: Refuse attaching if mtd's erasesize is 0
  * CVE-2023-25775
    - RDMA/irdma: Prevent zero-length STAG registration
  * CVE-2023-45871
    - igb: set max size RX buffer when store bad packet is enabled
  * CVE-2023-5345
    - fs/smb/client: Reset password pointer to NULL
  * CVE-2023-5090
    - x86: KVM: SVM: always update the x2avic msr interception
  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts

 -- Stefan Bader <email address hidden> Thu, 02 Nov 2023 18:02:54 +0100

  linux-hwe-6.2 (6.2.0-36.37~22.04.1) jammy; urgency=medium

  * jammy/linux-hwe-6.2: 6.2.0-36.37~22.04.1 -proposed tracker (LP: #2038075)

  [ Ubuntu: 6.2.0-36.37 ]

  * lunar/linux: 6.2.0-36.37 -proposed tracker (LP: #2038076)
  * Regression for ubuntu_bpf test build caused by upstream bdeeed3498c7
    (LP: #2035181)
    - selftests/bpf: fix static assert compilation issue for test_cls_*.c
  * CVE-2023-4244
    - netfilter: nf_tables: don't skip expired elements during walk
    - netfilter: nf_tables: adapt set backend to use GC transaction API
    - netfilter: nft_set_hash: mark set element as dead when deleting from packet
      path
    - netfilter: nf_tables: GC transaction API to avoid race with control plane
    - netfilter: nf_tables: don't fail inserts if duplicate has expired
    - netfilter: nf_tables: fix kdoc warnings after gc rework
    - netfilter: nf_tables: fix GC transaction races with netns and netlink event
      exit path
    - netfilter: nf_tables: GC transaction race with netns dismantle
    - netfilter: nf_tables: GC transaction race with abort path
    - netfilter: nf_tables: use correct lock to protect gc_list
    - netfilter: nf_tables: defer gc run if previous batch is still pending
    - netfilter: nft_dynset: disallow object maps
    - netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction
  * CVE-2023-4563
    - netfilter: nf_tables: remove busy mark and gc batch API
  * CVE-2023-42756
    - netfilter: ipset: Fix race between IPSET_CMD_CREATE and IPSET_CMD_SWAP
  * CVE-2023-4623
    - net/sched: sch_hfsc: Ensure inner classes have fsc curve
  * Fix unstable audio at low levels on Thinkpad P1G4 (LP: #2037077)
    - ALSA: hda/realtek - ALC287 I2S speaker platform support
  * Lunar update: upstream stable patchset 2023-09-21 (LP: #2037005)
    - Upstream stable to v6.1.41, v6.4.6
    - io_uring: treat -EAGAIN for REQ_F_NOWAIT as final for io-wq
    - ALSA: hda/realtek - remove 3k pull low procedure
    - ALSA: hda/realtek: Add quirk for Clevo NS70AU
    - ALSA: hda/realtek: Enable Mute LED on HP Laptop 15s-eq2xxx
    - maple_tree: set the node limit when creating a new root node
    - maple_tree: fix node allocation testing on 32 bit
    - keys: Fix linking a duplicate key to a keyring's assoc_array
    - perf probe: Add test for regression introduced by switch to
      die_get_decl_file()
    - btrfs: fix warning when putting transaction with qgroups enabled after abort
    - fuse: revalidate: don't invalidate if interrupted
    - fuse: Apply flags2 only when userspace set the FUSE_INIT_EXT
    - btrfs: set_page_extent_mapped after read_folio in btrfs_cont_expand
    - btrfs: zoned: fix memory leak after finding block group with super blocks
    - fuse: ioctl: translate ENOSYS in outarg
    - btrfs: fix race between balance and cancel/pause
    - selftests: tc: set timeout to 15 minutes
    - selftests: tc: add 'ct' action kconfig dep
    - regmap: Drop initial version of maximum transfer length fixes
    - of: Preserve "of-display" device name for compatibility
    - regmap: Account for register length in SMBus I/O limits
    - arm64/fpsimd: Ensure SME storage is allocated after SVE VL changes
    - can: mcp251xfd: __mcp251xfd_chip_set_mode(): increase poll timeout
    - can: bcm: Fix UAF in bcm_proc_show()
    - can: gs_usb: gs_can_open(): improve error handling
    - selftests: tc: add ConnTrack procfs kconfig
    - dma-buf/dma-resv: Stop leaking on krealloc() failure
    - drm/amdgpu/vkms: relax timer deactivation by hrtimer_try_to_cancel
    - drm/amdgpu/pm: make gfxclock consistent for sienna cichlid
    - drm/amdgpu/pm: make mclk consistent for smu 13.0.7
    - drm/client: Fix memory leak in drm_client_target_cloned
    - drm/client: Fix memory leak in drm_client_modeset_probe
    - drm/amd/display: only accept async flips for fast updates
    - drm/amd/display: Disable MPC split by default on special asic
    - drm/amd/display: check TG is non-null before checking if enabled
    - drm/amd/display: Keep PHY active for DP displays on DCN31
    - ASoC: fsl_sai: Disable bit clock with transmitter
    - ASoC: fsl_sai: Revert "ASoC: fsl_sai: Enable MCTL_MCLK_EN bit for master
      mode"
    - ASoC: tegra: Fix ADX byte map
    - ASoC: rt5640: Fix sleep in atomic context
    - ASoC: cs42l51: fix driver to properly autoload with automatic module loading
    - ASoC: codecs: wcd938x: fix missing clsh ctrl error handling
    - ASoC: codecs: wcd-mbhc-v2: fix resource leaks on component remove
    - ASoC: qdsp6: audioreach: fix topology probe deferral
    - ASoC: tegra: Fix AMX byte map
    - ASoC: codecs: wcd938x: fix resource leaks on component remove
    - ASoC: codecs: wcd938x: fix missing mbhc init error handling
    - ASoC: codecs: wcd934x: fix resource leaks on component remove
    - ASoC: codecs: wcd938x: fix codec initialisation race
    - ASoC: codecs: wcd938x: fix soundwire initialisation race
    - ext4: correct inline offset when handling xattrs in inode body
    - drm/radeon: Fix integer overflow in radeon_cs_parser_init
    - ALSA: emu10k1: roll up loops in DSP setup code for Audigy
    - quota: Properly disable quotas when add_dquot_ref() fails
    - quota: fix warning in dqgrab()
    - HID: add quirk for 03f0:464a HP Elite Presenter Mouse
    - ovl: check type and offset of struct vfsmount in ovl_entry
    - udf: Fix uninitialized array access for some pathnames
    - fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev
    - MIPS: dec: prom: Address -Warray-bounds warning
    - FS: JFS: Fix null-ptr-deref Read in txBegin
    - FS: JFS: Check for read-only mounted filesystem in txBegin
    - ACPI: video: Add backlight=native DMI quirk for Dell Studio 1569
    - rcu-tasks: Avoid pr_info() with spin lock in cblist_init_generic()
    - rcu: Mark additional concurrent load from ->cpu_no_qs.b.exp
    - sched/fair: Don't balance task to its current running CPU
    - wifi: ath11k: fix registration of 6Ghz-only phy wit

  linux-hwe-6.2 (6.2.0-35.35~22.04.1) jammy; urgency=medium

  * jammy/linux-hwe-6.2: 6.2.0-35.35~22.04.1 -proposed tracker (LP: #2038228)

  * CVE-2023-42755
    - [Config] hwe-6.2: Mark cls_rsv[p,p6] gone

  [ Ubuntu: 6.2.0-35.35 ]

  * lunar/linux: 6.2.0-35.35 -proposed tracker (LP: #2038229)
  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts
  * CVE-2023-4244
    - netfilter: nf_tables: don't skip expired elements during walk
    - netfilter: nf_tables: integrate pipapo into commit protocol
    - netfilter: nft_set_rbtree: fix overlap expiration walk
    - netfilter: nf_tables: adapt set backend to use GC transaction API
    - netfilter: nft_set_hash: mark set element as dead when deleting from packet
      path
    - netfilter: nf_tables: drop map element references from preparation phase
    - netfilter: nf_tables: GC transaction API to avoid race with control plane
    - netfilter: nf_tables: remove busy mark and gc batch API
    - netfilter: nf_tables: don't fail inserts if duplicate has expired
    - netfilter: nf_tables: fix kdoc warnings after gc rework
    - netfilter: nf_tables: fix GC transaction races with netns and netlink event
      exit path
    - netfilter: nf_tables: GC transaction race with netns dismantle
    - netfilter: nf_tables: GC transaction race with abort path
    - netfilter: nf_tables: use correct lock to protect gc_list
    - netfilter: nf_tables: defer gc run if previous batch is still pending
    - netfilter: nft_dynset: disallow object maps
    - netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction
  * CVE-2023-5197
    - netfilter: nf_tables: skip bound chain in netns release path
    - netfilter: nf_tables: disallow rule removal from chain binding
  * CVE-2023-4921
    - net: sched: sch_qfq: Fix UAF in qfq_dequeue()
  * CVE-2023-4881
    - netfilter: nftables: exthdr: fix 4-byte stack OOB write
  * CVE-2023-4623
    - net/sched: sch_hfsc: Ensure inner classes have fsc curve
  * CVE-2023-4622
    - af_unix: Fix null-ptr-deref in unix_stream_sendpage().
  * CVE-2023-42756
    - netfilter: ipset: Fix race between IPSET_CMD_CREATE and IPSET_CMD_SWAP
  * CVE-2023-42755
    - net/sched: Retire rsvp classifier
    - [Config] remove NET_CLS_RSVP and NET_CLS_RSVP6
  * CVE-2023-42753
    - netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for
      ip_set_hash_netportnet.c
  * CVE-2023-42752
    - igmp: limit igmpv3_newpack() packet size to IP_MAX_MTU
    - net: add SKB_HEAD_ALIGN() helper
    - net: remove osize variable in __alloc_skb()
    - net: factorize code in kmalloc_reserve()
    - net: deal with integer overflows in kmalloc_reserve()
  * CVE-2023-34319
    - xen/netback: Fix buffer overrun triggered by unusual packet

 -- Stefan Bader <email address hidden> Fri, 06 Oct 2023 11:29:50 +0200

  linux-hwe-6.2 (6.2.0-34.34~22.04.1) jammy; urgency=medium

  * jammy/linux-hwe-6.2: 6.2.0-34.34~22.04.1 -proposed tracker (LP: #2033778)

  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts

  [ Ubuntu: 6.2.0-34.34 ]

  * lunar/linux: 6.2.0-34.34 -proposed tracker (LP: #2033779)
  * CVE-2023-20569
    - x86/cpu, kvm: Add support for CPUID_80000021_EAX
    - tools headers x86 cpufeatures: Sync with the kernel sources
    - x86/alternative: Optimize returns patching
    - x86/retbleed: Add __x86_return_thunk alignment checks
    - x86/srso: Add a Speculative RAS Overflow mitigation
    - x86/srso: Add IBPB_BRTYPE support
    - x86/srso: Add SRSO_NO support
    - x86/srso: Add IBPB
    - x86/srso: Add IBPB on VMEXIT
    - x86/srso: Fix return thunks in generated code
    - x86/srso: Add a forgotten NOENDBR annotation
    - x86/srso: Tie SBPB bit setting to microcode patch detection
    - Documentation/hw-vuln: Unify filename specification in index
    - Documentation/srso: Document IBPB aspect and fix formatting
    - x86/srso: Fix build breakage with the LLVM linker
    - x86: Move gds_ucode_mitigated() declaration to header
    - x86/retpoline: Don't clobber RFLAGS during srso_safe_ret()
    - x86/srso: Disable the mitigation on unaffected configurations
    - x86/retpoline,kprobes: Fix position of thunk sections with CONFIG_LTO_CLANG
    - x86/retpoline,kprobes: Skip optprobe check for indirect jumps with
      retpolines and IBT
    - x86/cpu: Fix __x86_return_thunk symbol type
    - x86/cpu: Fix up srso_safe_ret() and __x86_return_thunk()
    - objtool/x86: Fix SRSO mess
    - x86/alternative: Make custom return thunk unconditional
    - x86/cpu: Clean up SRSO return thunk mess
    - x86/cpu: Rename original retbleed methods
    - x86/cpu: Rename srso_(.*)_alias to srso_alias_\1
    - x86/cpu: Cleanup the untrain mess
    - x86/srso: Explain the untraining sequences a bit more
    - objtool/x86: Fixup frame-pointer vs rethunk
    - x86/static_call: Fix __static_call_fixup()
    - x86/srso: Correct the mitigation status when SMT is disabled
    - Ubuntu: [Config]: enable Speculative Return Stack Overflow mitigation
  * Please enable Renesas RZ platform serial installer (LP: #2022361)
    - [Config] enable hihope RZ/G2M serial console
    - [Config] Mark sh-sci as built-in
  * dGPU cannot resume because system firmware stuck in IPCS method
    (LP: #2021572)
    - drm/i915/tc: Abort DP AUX transfer on a disconnected TC port
    - drm/i915/tc: switch to intel_de_* register accessors in display code
    - drm/i915: Enable a PIPEDMC whenever its corresponding pipe is enabled
    - drm/i915/tc: Fix TC port link ref init for DP MST during HW readout
    - drm/i915/tc: Fix system resume MST mode restore for DP-alt sinks
    - drm/i915/tc: Wait for IOM/FW PHY initialization of legacy TC ports
    - drm/i915/tc: Factor out helpers converting HPD mask to TC mode
    - drm/i915/tc: Fix target TC mode for a disconnected legacy port
    - drm/i915/tc: Fix TC mode for a legacy port if the PHY is not ready
    - drm/i915/tc: Fix initial TC mode on disabled legacy ports
    - drm/i915/tc: Make the TC mode readout consistent in all PHY states
    - drm/i915: Add encoder hook to get the PLL type used by TC ports
    - drm/i915/tc: Assume a TC port is legacy if VBT says the port has HDMI
    - drm/i915/tc: Factor out a function querying active links on a TC port
    - drm/i915/tc: Check the PLL type used by an enabled TC port
    - drm/i915/tc: Group the TC PHY setup/query functions per platform
    - drm/i915/tc: Use the adlp prefix for ADLP TC PHY functions
    - drm/i915/tc: Rename tc_phy_status_complete() to tc_phy_is_ready()
    - drm/i915/tc: Use the tc_phy prefix for all TC PHY functions
    - drm/i915/tc: Move TC port fields to a new intel_tc_port struct
    - drm/i915/tc: Check for TC PHY explicitly in
      intel_tc_port_fia_max_lane_count()
    - drm/i915/tc: Move the intel_tc_port struct declaration to intel_tc.c
    - drm/i915/tc: Add TC PHY hook to get the PHY HPD live status
    - drm/i915/tc: Add TC PHY hooks to get the PHY ready/owned state
    - drm/i915/tc: Add TC PHY hook to read out the PHY HW state
    - drm/i915/tc: Add generic TC PHY connect/disconnect handlers
    - drm/i915/tc: Factor out tc_phy_verify_legacy_or_dp_alt_mode()
    - drm/i915/tc: Add TC PHY hooks to connect/disconnect the PHY
    - drm/i915/tc: Fix up the legacy VBT flag only in disconnected mode
    - drm/i915/tc: Check TC mode instead of the VBT legacy flag
    - drm/i915/tc: Block/unblock TC-cold in the PHY connect/disconnect hooks
    - drm/i915/tc: Remove redundant wakeref=0 check from unblock_tc_cold()
    - drm/i915/tc: Drop tc_cold_block()/unblock()'s power domain parameter
    - drm/i915/tc: Add TC PHY hook to get the TC-cold blocking power domain
    - drm/i915/tc: Add asserts in TC PHY hooks that the required power is on
    - drm/i915/tc: Add TC PHY hook to init the PHY
    - drm/i915/adlp/tc: Use the DE HPD ISR register for hotplug detection
    - drm/i915/tc: Get power ref for reading the HPD live status register
    - drm/i915/tc: Don't connect the PHY in intel_tc_port_connected()
    - drm/i915/adlp/tc: Align the connect/disconnect PHY sequence with bspec
    - drm/i915: Move shared DPLL disabling into CRTC disable hook
    - drm/i915: Disable DPLLs before disconnecting the TC PHY
    - drm/i915: Remove TC PHY disconnect workaround
    - drm/i915: Remove the encoder update_prepare()/complete() hooks
    - drm/i915/dp_mst: Fix active port PLL selection for secondary MST streams
    - drm/i915: Fix PIPEDMC disabling for a bigjoiner configuration
    - drm/i915: Add helpers to reference/unreference a DPLL for a CRTC
    - drm/i915: Make the CRTC state consistent during sanitize-disabling
    - drm/i915: Update connector atomic state before crtc sanitize-disabling
    - drm/i915: Separate intel_crtc_disable_noatomic_begin/complete()
    - drm/i915: Factor out set_encoder_for_co