Package "linux-tools-6.5.0-1027-oem"

  linux-oem-6.5 (6.5.0-1027.28) jammy; urgency=medium

  * jammy/linux-oem-6.5: 6.5.0-1027.28 -proposed tracker (LP: #2073849)

  * Packaging resync (LP: #1786013)
    - debian.oem/dkms-versions -- manual update for ipu6

 -- Kuan-Ying Lee <email address hidden> Wed, 24 Jul 2024 09:56:23 +0800

  linux-oem-6.5 (6.5.0-1025.26) jammy; urgency=medium

  * jammy/linux-oem-6.5: 6.5.0-1025.26 -proposed tracker (LP: #2068187)

  * Packaging resync (LP: #1786013)
    - [Packaging] drop getabis data

  * Disable the i915.psr2 on AUO(0x06,0xaf,0xa3,0xc3) panel (LP: #2067980)
    - SAUCE: drm/i915/display/psr: disable psr2 for panel_0x06_0xaf_0xa3_0xc3

  * Mute/mic LEDs no function on ProBook 440/460 G11 (LP: #2067669)
    - ALSA: hda/realtek: fix mute/micmute LEDs don't work for ProBook 440/460 G11.

  * rtw89_8852ce - Lost WIFI connection after suspend (LP: #2065128)
    - wifi: rtw89: reset AFEDIG register in power off sequence
    - wifi: rtw89: 8852c: refine power sequence to imporve power consumption

  [ Ubuntu: 6.5.0-42.42 ]

  * mantic/linux: 6.5.0-42.42 -proposed tracker (LP: #2068188)
  * CVE-2024-26925
    - netfilter: nf_tables: release batch on table validation from abort path
    - netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path
  * CVE-2024-26924
    - netfilter: nft_set_pipapo: do not free live element
  * CVE-2024-26809
    - netfilter: nft_set_pipapo: release elements in clone only from destroy path
  * Mantic update: upstream stable patchset 2024-04-02 (LP: #2059991) //
    CVE-2024-26809
    - netfilter: nft_set_pipapo: store index in scratch maps
    - netfilter: nft_set_pipapo: add helper to release pcpu scratch area
    - netfilter: nft_set_pipapo: remove scratch_aligned pointer
  * CVE-2024-26643
    - netfilter: nf_tables: mark set as dead when unbinding anonymous set with
      timeout

  [ Ubuntu: 6.5.0-41.41 ]

  * mantic/linux: 6.5.0-41.41 -proposed tracker (LP: #2065893)
  * CVE-2024-21823
    - VFIO: Add the SPR_DSA and SPR_IAX devices to the denylist
    - dmaengine: idxd: add a new security check to deal with a hardware erratum
    - dmaengine: idxd: add a write() method for applications to submit work

 -- Kuan-Ying Lee <email address hidden> Thu, 13 Jun 2024 15:13:51 +0800

  linux-oem-6.5 (6.5.0-1024.25) jammy; urgency=medium

  * jammy/linux-oem-6.5: 6.5.0-1024.25 -proposed tracker (LP: #2063708)

  * Fix inaudible HDMI/DP audio on USB-C MST dock (LP: #2064689)
    - SAUCE: drm/i915/audio: Fix audio time stamp programming for DP

  [ Ubuntu: 6.5.0-40.40 ]

  * mantic/linux: 6.5.0-40.40 -proposed tracker (LP: #2063709)
  * [Mantic] Compile broken on armhf (cc1 out of memory) (LP: #2060446)
    - Revert "minmax: relax check to allow comparison between unsigned arguments
      and signed constants"
    - Revert "minmax: allow comparisons of 'int' against 'unsigned char/short'"
    - Revert "minmax: allow min()/max()/clamp() if the arguments have the same
      signedness."
    - Revert "minmax: add umin(a, b) and umax(a, b)"
  * Drop fips-checks script from trees (LP: #2055083)
    - [Packaging] Remove fips-checks script
  * alsa/realtek: adjust max output valume for headphone on 2 LG machines
    (LP: #2058573)
    - ALSA: hda/realtek: fix the hp playback volume issue for LG machines
  * Mantic update: upstream stable patchset 2024-03-27 (LP: #2059284)
    - asm-generic: make sparse happy with odd-sized put_unaligned_*()
    - powerpc/mm: Fix null-pointer dereference in pgtable_cache_add
    - arm64: irq: set the correct node for VMAP stack
    - drivers/perf: pmuv3: don't expose SW_INCR event in sysfs
    - powerpc: Fix build error due to is_valid_bugaddr()
    - powerpc/mm: Fix build failures due to arch_reserved_kernel_pages()
    - powerpc/64s: Fix CONFIG_NUMA=n build due to create_section_mapping()
    - x86/boot: Ignore NMIs during very early boot
    - powerpc: pmd_move_must_withdraw() is only needed for
      CONFIG_TRANSPARENT_HUGEPAGE
    - powerpc/lib: Validate size for vector operations
    - x86/mce: Mark fatal MCE's page as poison to avoid panic in the kdump kernel
    - perf/core: Fix narrow startup race when creating the perf nr_addr_filters
      sysfs file
    - debugobjects: Stop accessing objects after releasing hash bucket lock
    - regulator: core: Only increment use_count when enable_count changes
    - audit: Send netlink ACK before setting connection in auditd_set
    - ACPI: video: Add quirk for the Colorful X15 AT 23 Laptop
    - PNP: ACPI: fix fortify warning
    - ACPI: extlog: fix NULL pointer dereference check
    - ACPI: NUMA: Fix the logic of getting the fake_pxm value
    - PM / devfreq: Synchronize devfreq_monitor_[start/stop]
    - ACPI: APEI: set memory failure flags as MF_ACTION_REQUIRED on synchronous
      events
    - FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree
    - jfs: fix array-index-out-of-bounds in dbAdjTree
    - pstore/ram: Fix crash when setting number of cpus to an odd number
    - crypto: octeontx2 - Fix cptvf driver cleanup
    - erofs: fix ztailpacking for subpage compressed blocks
    - crypto: stm32/crc32 - fix parsing list of devices
    - afs: fix the usage of read_seqbegin_or_lock() in afs_lookup_volume_rcu()
    - afs: fix the usage of read_seqbegin_or_lock() in afs_find_server*()
    - rxrpc_find_service_conn_rcu: fix the usage of read_seqbegin_or_lock()
    - jfs: fix array-index-out-of-bounds in diNewExt
    - arch: consolidate arch_irq_work_raise prototypes
    - s390/vfio-ap: fix sysfs status attribute for AP queue devices
    - s390/ptrace: handle setting of fpc register correctly
    - KVM: s390: fix setting of fpc register
    - SUNRPC: Fix a suspicious RCU usage warning
    - ecryptfs: Reject casefold directory inodes
    - ext4: fix inconsistent between segment fstrim and full fstrim
    - ext4: unify the type of flexbg_size to unsigned int
    - ext4: remove unnecessary check from alloc_flex_gd()
    - ext4: avoid online resizing failures due to oversized flex bg
    - wifi: rt2x00: restart beacon queue when hardware reset
    - selftests/bpf: satisfy compiler by having explicit return in btf test
    - selftests/bpf: Fix pyperf180 compilation failure with clang18
    - wifi: rt2x00: correct wrong BBP register in RxDCOC calibration
    - selftests/bpf: Fix issues in setup_classid_environment()
    - soc: xilinx: Fix for call trace due to the usage of smp_processor_id()
    - soc: xilinx: fix unhandled SGI warning message
    - scsi: lpfc: Fix possible file string name overflow when updating firmware
    - PCI: Add no PM reset quirk for NVIDIA Spectrum devices
    - bonding: return -ENOMEM instead of BUG in alb_upper_dev_walk
    - net: usb: ax88179_178a: avoid two consecutive device resets
    - scsi: arcmsr: Support new PCI device IDs 1883 and 1886
    - ARM: dts: imx7d: Fix coresight funnel ports
    - ARM: dts: imx7s: Fix lcdif compatible
    - ARM: dts: imx7s: Fix nand-controller #size-cells
    - wifi: ath9k: Fix potential array-index-out-of-bounds read in
      ath9k_htc_txstatus()
    - wifi: ath11k: fix race due to setting ATH11K_FLAG_EXT_IRQ_ENABLED too early
    - bpf: Check rcu_read_lock_trace_held() before calling bpf map helpers
    - scsi: libfc: Don't schedule abort twice
    - scsi: libfc: Fix up timeout error in fc_fcp_rec_error()
    - bpf: Set uattr->batch.count as zero before batched update or deletion
    - wifi: wfx: fix possible NULL pointer dereference in wfx_set_mfp_ap()
    - ARM: dts: rockchip: fix rk3036 hdmi ports node
    - ARM: dts: imx25/27-eukrea: Fix RTC node name
    - ARM: dts: imx: Use flash@0,0 pattern
    - ARM: dts: imx27: Fix sram node
    - ARM: dts: imx1: Fix sram node
    - net: phy: at803x: fix passing the wrong reference for config_intr
    - ionic: pass opcode to devcmd_wait
    - ionic: bypass firmware cmds when stuck in reset
    - block/rnbd-srv: Check for unlikely string overflow
    - ARM: dts: imx25: Fix the iim compatible string
    - ARM: dts: imx25/27: Pass timing0
    - ARM: dts: imx27-apf27dev: Fix LED name
    - ARM: dts: imx23-sansa: Use preferred i2c-gpios properties
    - ARM: dts: imx23/28: Fix the DMA controller node name
    - scsi: hisi_sas: Set .phy_attached before notifing phyup event
      HISI_PHYE_PHY_UP_P

  linux-oem-6.5 (6.5.0-1023.24) jammy; urgency=medium

  * jammy/linux-oem-6.5: 6.5.0-1023.24 -proposed tracker (LP: #2063580)

  * Add support for Quectel RM520N-GL modem [1eac:1007] (LP: #2063529)
    - bus: mhi: host: pci_generic: Add support for Quectel RM520N-GL modem
    - bus: mhi: host: pci_generic: Add support for Quectel RM520N-GL Lenovo
      variant

  * S2idle regression (LP: #2064595)
    - drm/amd: Evict resources during PM ops prepare() callback
    - drm/amd: Add concept of running prepare_suspend() sequence for IP blocks
    - drm/amd: Flush GFXOFF requests in prepare stage

  * Add support of TAS2781 amp of audio (LP: #2064064)
    - ALSA: hda/tas2781: Add tas2781 HDA driver
    - ALSA: hda/tas2781: Add tas2781 HDA driver
    - ALSA: hda/tas2781: handle missing EFI calibration data
    - ALSA: hda/tas2781: Add new vendor_id and subsystem_id to support ThinkPad
      ICE-1
    - ALSA: hda/realtek: tas2781: enable subwoofer volume control
    - ALSA: hda/tas2781: leave hda_component in usable state
    - ALSA: hda/tas2781: call cleanup functions only once
    - ALSA: hda/tas2781: do not use regcache
    - [Config] enable TAS2781 amplifier

  * Fix system hang while entering suspend with AMD Navi3x graphics
    (LP: #2063417)
    - drm/amdgpu: skip to program GFXDEC registers for suspend abort
    - drm/amdgpu: Reset dGPU if suspend got aborted
    - SAUCE: drm/amdgpu/mes: fix use-after-free issue

  * Add support for Quectel EM160R-GL modem [1eac:100d] (LP: #2063399)
    - bus: mhi: host: pci_generic: Add support for Quectel EM160R-GL modem

  * RTL8852BE fw security fail then lost WIFI function during suspend/resume
    cycle (LP: #2063096)
    - wifi: rtw89: download firmware with five times retry

  * Fix bluetooth connections with 3.0 device (LP: #2063067)
    - Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST

  * Fix the RTL8852CE BT FW Crash based on SER false alarm (LP: #2060904)
    - wifi: rtw89: disable txptctrl IMR to avoid flase alarm
    - SAUCE: wifi: rtw89: pci: correct TX resource checking for PCI DMA channel of
      firmware command

  * Add Cirrus Logic CS35L56 amplifier support (LP: #2062135)
    - ASoC: cs35l56: Patch soft registers to defaults
    - ASoC: cs35l56: Move shared data into a common data structure
    - ASoC: cs35l56: Make cs35l56_system_reset() code more generic
    - ASoC: cs35l56: Convert utility functions to use common data structure
    - ASoC: cs35l56: Move utility functions to shared file
    - ASoC: cs35l56: Move runtime suspend/resume to shared library
    - ASoC: cs35l56: Move cs_dsp init into shared library
    - ASoC: cs35l56: Move part of cs35l56_init() to shared library
    - ASoC: cs35l56: Make common function for control port wait
    - ASoC: cs35l56: Make a common function to shutdown the DSP
    - ALSA: hda: Fix missing header dependencies
    - ALSA: hda/cs35l56: Add driver for Cirrus Logic CS35L56 amplifier
    - ALSA: hda: realtek: Re-work CS35L41 fixups to re-use for other amps
    - ALSA: hda/realtek: Add quirks for HP G11 Laptops using CS35L56
    - ALSA: hda: cs35l56: Add ACPI device match tables
    - [Config] enable CS35L56 amplifier

  [ Ubuntu: 6.5.0-35.35 ]

  * mantic/linux: 6.5.0-35.35 -proposed tracker (LP: #2063581)
  * cifs: Copying file to same directory results in page fault (LP: #2060919)
    - SAUCE: Revert "cifs: fix flushing folio regression for 6.1 backport"
  * CVE-2024-26805
    - netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter
  * CVE-2024-26801
    - Bluetooth: Avoid potential use-after-free in hci_error_reset
  * CVE-2024-26704
    - ext4: fix double-free of blocks due to wrong extents moved_len
  * CVE-2023-52601
    - jfs: fix array-index-out-of-bounds in dbAdjTree
  * CVE-2024-26635
    - llc: Drop support for ETH_P_TR_802_2.
  * CVE-2024-26622
    - tomoyo: fix UAF write bug in tomoyo_write_control()
  * CVE-2024-26614
    - tcp: make sure init the accept_queue's spinlocks once
    - ipv6: init the accept_queue's spinlocks in inet6_create
  * CVE-2024-52615
    - hwrng: core - Fix page fault dead lock on mmap-ed hwrng
  * CVE-2024-52602
    - jfs: fix slab-out-of-bounds Read in dtSearch
  * CVE-2023-47233
    - wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach
  * CVE-2024-2201
    - x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file
    - x86/syscall: Don't force use of indirect calls for system calls
    - x86/bhi: Add support for clearing branch history at syscall entry
    - x86/bhi: Define SPEC_CTRL_BHI_DIS_S
    - x86/bhi: Enumerate Branch History Injection (BHI) bug
    - x86/bhi: Add BHI mitigation knob
    - x86/bhi: Mitigate KVM by default
    - KVM: x86: Add BHI_NO
    - [Config] Set CONFIG_BHI to enabled (auto)

 -- Timo Aaltonen <email address hidden> Tue, 07 May 2024 14:22:12 +0300

  linux-oem-6.5 (6.5.0-1022.23) jammy; urgency=medium

  * jammy/linux-oem-6.5: 6.5.0-1022.23 -proposed tracker (LP: #2063441)

  * The keyboard does not work after latest kernel update (LP: #2060727)
    - Input: atkbd - skip ATKBD_CMD_SETLEDS when skipping ATKBD_CMD_GETID
    - Input: atkbd - do not skip atkbd_deactivate() when skipping ATKBD_CMD_GETID

  * Fix random HuC/GuC initialization failure of Intel i915 driver
    (LP: #2061049)
    - drm/i915/guc: Dump perf_limit_reasons for debug
    - drm/i915/huc: Allow for very slow HuC loading

  * Fix acpi_power_meter accessing IPMI region before it's ready (LP: #2059263)
    - ACPI: IPMI: Add helper to wait for when SMI is selected
    - hwmon: (acpi_power_meter) Ensure IPMI space handler is ready on Dell systems

 -- Timo Aaltonen <email address hidden> Thu, 25 Apr 2024 14:15:27 +0300