Package "linux-mtk-headers-5.15.0-1037"

  linux-mtk (5.15.0-1037.44) jammy; urgency=medium

  * jammy/linux-mtk: 5.15.0-1037.44 -proposed tracker (LP: #2099348)

  * DSI and eDP panel can't rotate screen to flipped. (LP: #2099371)
    - drm/mediatek: Add support for 180-degree rotation in the display driver

 -- Jian Hui Lee <email address hidden> Fri, 21 Feb 2025 10:48:36 +0800

  linux-mtk (5.15.0-1036.43) jammy; urgency=medium

  * jammy/linux-mtk: 5.15.0-1036.43 -proposed tracker (LP: #2088406)

  * [g700] support p1v4 hardware (LP: #2081699)
    - SAUCE: (no-up) dtbo: genio-700-evk: fix touch for display-dsi-p1v4.dts

  * mtk-fsource: ubuntu kernel integration (LP: #2092506)
    - SAUCE: (no-up) ubuntu: mtk-fsource-driver: add mediatek fsource driver

  * [g1200-evk] Call trace appeared when reload mtk_mdp3 module (LP: #2090981)
    - SAUCE: (no-up) GENIO: media: mediatek: mdp3: fix unload module flow

  * [g510] mt8188-mdla-devfreq probe failed message found in dmesg
    (LP: #2090978)
    - SAUCE: (no-up) power: Ignore duplicate OPP entry to fix probe fail

  * Fail to detect card after unplugging DPoC cable and reboot (LP: #2090979)
    - SAUCE: (no-up) GENIO: drm/mediatek: dp: Remove DP enabled check

  * Miscellaneous Ubuntu changes
    - SAUCE: (no-up) drm/mediatek: fix build error for DRM_MODE_ROTATE_0
      declaration

  [ Ubuntu: 5.15.0-130.140 ]

  * jammy/linux: 5.15.0-130.140 -proposed tracker (LP: #2092132)
  * ovs/linuxbridge jobs running on ubuntu jammy broken with latest kernel
    5.15.0-127.137 (LP: #2091990)
    - netfilter: xtables: fix typo causing some targets not to load on IPv6

  [ Ubuntu: 5.15.0-128.138 ]

  * jammy/linux: 5.15.0-128.138 -proposed tracker (LP: #2090163)
  * CVE-2024-50264
    - vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans
  * CVE-2024-53057
    - net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT
  * CVE-2024-43904
    - drm/amd/display: Add null checks for 'stream' and 'plane' before
      dereferencing
  * CVE-2024-40973
    - media: mtk-vcodec: potential null pointer deference in SCP
  * CVE-2024-38553
    - net: fec: remove .ndo_poll_controller to avoid deadlocks
  * CVE-2024-26822
    - smb: client: set correct id, uid and cruid for multiuser automounts
  * CVE-2020-12351 // CVE-2020-12352 // CVE-2020-24490
    - [Config] Disable BlueZ highspeed support
  * CVE-2024-40910
    - ax25: Fix refcount imbalance on inbound connections
  * CVE-2024-35963
    - Bluetooth: hci_sock: Fix not validating setsockopt user input
  * CVE-2024-35965
    - Bluetooth: L2CAP: Fix not validating setsockopt user input
  * CVE-2024-35966
    - Bluetooth: RFCOMM: Fix not validating setsockopt user input
  * CVE-2024-35967
    - Bluetooth: SCO: Fix not validating setsockopt user input

  [ Ubuntu: 5.15.0-127.137 ]

  * jammy/linux: 5.15.0-127.137 -proposed tracker (LP: #2086357)
  * Jammy update: v5.15.168 upstream stable release (LP: #2086242)
    - parisc: Fix 64-bit userspace syscall path
    - parisc: Fix stack start for ADDR_NO_RANDOMIZE personality
    - of/irq: Support #msi-cells=<0> in of_msi_get_domain
    - drm: omapdrm: Add missing check for alloc_ordered_workqueue
    - jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error
    - jbd2: correctly compare tids with tid_geq function in jbd2_fc_begin_commit
    - mm: krealloc: consider spare memory for __GFP_ZERO
    - ocfs2: fix the la space leak when unmounting an ocfs2 volume
    - ocfs2: fix uninit-value in ocfs2_get_block()
    - ocfs2: reserve space for inline xattr before attaching reflink tree
    - ocfs2: cancel dqi_sync_work before freeing oinfo
    - ocfs2: remove unreasonable unlock in ocfs2_read_blocks
    - ocfs2: fix null-ptr-deref when journal load failed.
    - ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate
    - usbnet: ipheth: fix carrier detection in modes 1 and 4
    - net: ethernet: use ip_hdrlen() instead of bit shift
    - net: phy: vitesse: repair vsc73xx autonegotiation
    - powerpc/mm: Fix boot warning with hugepages and CONFIG_DEBUG_VIRTUAL
    - btrfs: update target inode's ctime on unlink
    - Input: ads7846 - ratelimit the spi_sync error message
    - Input: synaptics - enable SMBus for HP Elitebook 840 G2
    - HID: multitouch: Add support for GT7868Q
    - scripts: kconfig: merge_config: config files: add a trailing newline
    - platform/surface: aggregator_registry: Add support for Surface Laptop Go 3
    - drm/msm/adreno: Fix error return if missing firmware-name
    - Input: i8042 - add Fujitsu Lifebook E756 to i8042 quirk table
    - NFSv4: Fix clearing of layout segments in layoutreturn
    - NFS: Avoid unnecessary rescanning of the per-server delegation list
    - platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses
    - platform/x86: panasonic-laptop: Allocate 1 entry extra in the sinf array
    - mptcp: pm: Fix uaf in __timer_delete_sync
    - arm64: dts: rockchip: override BIOS_DISABLE signal via GPIO hog on RK3399
      Puma
    - minmax: reduce min/max macro expansion in atomisp driver
    - net: tighten bad gso csum offset check in virtio_net_hdr
    - mm: avoid leaving partial pfn mappings around in error case
    - fs/ntfs3: Use kvfree to free memory allocated by kvmalloc
    - arm64: dts: rockchip: fix PMIC interrupt pin in pinctrl for ROCK Pi E
    - eeprom: digsy_mtc: Fix 93xx46 driver probe failure
    - selftests/bpf: Support SOCK_STREAM in unix_inet_redir_to_connected()
    - hwmon: (pmbus) Introduce and use write_byte_data callback
    - hwmon: (pmbus) Conditionally clear individual status bits for pmbus rev >=
      1.2
    - ice: fix accounting for filters shared by multiple VSIs
    - igb: Always call igb_xdp_ring_update_tail() under Tx lock
    - net/mlx5e: Add missing link modes to ptys2ethtool_map
    - net/mlx5: Explicitly set scheduling element and TSAR type
    - net/mlx5: Add support to create match definer
    - net/mlx5: Add IFC bits and enums for flow meter
    - net/mlx5: Add missing masks and QoS bit masks for scheduling elements
    - fou: fix initialization of grc
    - octeontx2-af: Set XOFF on other child transmit schedulers during SMQ flush
    - octeontx2-af: Modify SMQ flush sequence to drop packets
    - net: ftgmac100: Enable TX interrupt to avoid TX timeout
    - netfilter: nft_socket: fix sk r

  linux-mtk (5.15.0-1034.40) jammy; urgency=medium

  * jammy/linux-mtk: 5.15.0-1034.40 -proposed tracker (LP: #2082876)

  * [g1200] regulators not enabled after sru d2024.08.12 (LP: #2082868)
    - SAUCE: (no-up) regulator: mt6360: fix compatibility issue for downstream
      device tree
    - SAUCE: (no-up) power: supply: mt6360_charger: fix compatibility issue for
      downstream device tree

  * [uc22][g700] systemd-backlight@backlight:1c008000.dsi0.0.service loaded
    failed during cold boot stress test (LP: #2078763)
    - [Config] CONFIG_DRM_MEDIATEK_HDMI=y and CONFIG_PHY_MTK_HDMI=y

  * [g510][g700] add fsource device tree node (LP: #2078762)
    - SAUCE: (no-up) GENIO: arm64: dts: mediatek: genio-700-evk/genio-510-evk: add
      fsource device tree node

  [ Ubuntu: 5.15.0-119.129 ]

  * jammy/linux: 5.15.0-119.129 -proposed tracker (LP: #2075665)
  * Virtualbox Guru meditation on VM start caused by kernel commit in v6.9-rc4
    (LP: #2073267)
    - SAUCE: Revert "randomize_kstack: Improve entropy diffusion"
  * CVE-2024-26921
    - inet: inet_defrag: prevent sk release while still in use
  * Jammy update: v5.15.162 upstream stable release (LP: #2073765) //
    CVE-2024-39484
    - mmc: davinci: Don't strip remove function when driver is builtin
  * Jammy update: v5.15.162 upstream stable release (LP: #2073765)
    - mmc: davinci_mmc: Convert to platform remove callback returning void
  * CVE-2024-39292
    - um: Add winch to winch_handlers before registering winch IRQ
  * CVE-2024-36901
    - ipv6: prevent NULL dereference in ip6_output()
  * CVE-2024-26830
    - i40e: Do not allow untrusted VF to remove administratively set MAC
  * CVE-2024-26680
    - net: atlantic: Fix DMA mapping for PTP hwts ring
  * CVE-2023-52760
    - gfs2: Fix slab-use-after-free in gfs2_qd_dealloc
  * CVE-2023-52629
    - sh: push-switch: Reorder cleanup operations to avoid use-after-free bug

  [ Ubuntu: 5.15.0-118.128 ]

  * jammy/linux: 5.15.0-118.128 -proposed tracker (LP: #2072255)
  * Jammy update: v5.15.160 upstream stable release (LP: #2070292)
    - drm/amd/display: Fix division by zero in setup_dsc_config
    - pinctrl: core: handle radix_tree_insert() errors in
      pinctrl_register_one_pin()
    - nfsd: don't allow nfsd threads to be signalled.
    - KEYS: trusted: Fix memory leak in tpm2_key_encode()
    - Revert "selftests: mm: fix map_hugetlb failure on 64K page size systems"
    - net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access
    - net: bcmgenet: synchronize UMAC_CMD access
    - netlink: annotate lockless accesses to nlk->max_recvmsg_len
    - netlink: annotate data-races around sk->sk_err
    - KVM: x86: Clear "has_error_code", not "error_code", for RM exception
      injection
    - drm/amdgpu: Fix possible NULL dereference in
      amdgpu_ras_query_error_status_helper()
    - binder: fix max_thread type inconsistency
    - usb: typec: ucsi: displayport: Fix potential deadlock
    - serial: kgdboc: Fix NMI-safety problems from keyboard reset code
    - remoteproc: mediatek: Make sure IPI buffer fits in L2TCM
    - KEYS: trusted: Do not use WARN when encode fails
    - admin-guide/hw-vuln/core-scheduling: fix return type of PR_SCHED_CORE_GET
    - docs: kernel_include.py: Cope with docutils 0.21
    - Linux 5.15.160
  * Jammy update: v5.15.159 upstream stable release (LP: #2070028)
    - dmaengine: pl330: issue_pending waits until WFP state
    - dmaengine: Revert "dmaengine: pl330: issue_pending waits until WFP state"
    - wifi: nl80211: don't free NULL coalescing rule
    - ksmbd: fix slab-out-of-bounds in smb2_allocate_rsp_buf
    - ksmbd: validate request buffer size in smb2_allocate_rsp_buf()
    - ksmbd: clear RENAME_NOREPLACE before calling vfs_rename
    - eeprom: at24: Use dev_err_probe for nvmem register failure
    - eeprom: at24: Probe for DDR3 thermal sensor in the SPD case
    - eeprom: at24: fix memory corruption race condition
    - pinctrl: pinctrl-aspeed-g6: Fix register offset for pinconf of GPIOR-T
    - pinctrl/meson: fix typo in PDM's pin name
    - pinctrl: core: delete incorrect free in pinctrl_enable()
    - pinctrl: mediatek: paris: Rework mtk_pinconf_{get,set} switch/case logic
    - pinctrl: mediatek: paris: Fix PIN_CONFIG_INPUT_SCHMITT_ENABLE readback
    - pinctrl: mediatek: paris: Rework support for
      PIN_CONFIG_{INPUT,OUTPUT}_ENABLE
    - sunrpc: add a struct rpc_stats arg to rpc_create_args
    - nfs: expose /proc/net/sunrpc/nfs in net namespaces
    - nfs: make the rpc_stat per net namespace
    - nfs: Handle error of rpc_proc_register() in nfs_net_init().
    - power: rt9455: hide unused rt9455_boost_voltage_values
    - power: supply: mt6360_charger: Fix of_match for usb-otg-vbus regulator
    - pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map()
    - regulator: mt6360: De-capitalize devicetree regulator subnodes
    - bpf, kconfig: Fix DEBUG_INFO_BTF_MODULES Kconfig definition
    - bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue
    - bpf: Fix a verifier verbose message
    - spi: hisi-kunpeng: Delete the dump interface of data registers in debugfs
    - s390/mm: Fix storage key clearing for guest huge pages
    - s390/mm: Fix clearing storage keys for huge pages
    - xdp: Move conversion to xdp_frame out of map functions
    - xdp: Add xdp_do_redirect_frame() for pre-computed xdp_frames
    - xdp: use flags field to disambiguate broadcast redirect
    - bna: ensure the copied buf is NUL terminated
    - octeontx2-af: avoid off-by-one read from userspace
    - nsh: Restore skb->{protocol,data,mac_header} for outer header in
      nsh_gso_segment().
    - net l2tp: drop flow hash on forward
    - s390/vdso: Add CFI for RA register to asm macro vdso_func
    - net: qede: sanitize 'rc' in qede_add_tc_flower_fltr()
    - net: qede: use return from qede_parse_flow_attr() for flower
    - net: qede: use return from qede_parse_flow_attr() for flow_spec
    - net: qede: use return from q

  linux-mtk (5.15.0-1033.38) jammy; urgency=medium

  * jammy/linux-mtk: 5.15.0-1033.38 -proposed tracker (LP: #2072455)

  * [g350] No video output on HDMI (LP: #2072531)
    - SAUCE: (no-up) drm/mediatek: dpi: fix hdmi output for g350(mt8365)

  * [UC22][g350] systemd-backlight@backlight:14014000.dsi0.0.service: Failed to
    write system 'brightness' attribute: Invalid argument during warm-boot /
    cold-boot stress test (LP: #2069787)
    - [Config] CONFIG_DRM_PANEL_STARTEK_KD070FHFID015=m

  * [SRU] UBSAN: shift-out-of-bounds in mt6359-regulator.c:281 (LP: #2059227)
    - SAUCE: (no-up) regulator: mt6359: fix regulator mode setting

  [ Ubuntu: 5.15.0-113.123 ]

  * jammy/linux: 5.15.0-113.123 -proposed tracker (LP: #2068242)
  * CVE-2024-26924
    - netfilter: nft_set_pipapo: do not free live element
  * CVE-2024-26643
    - netfilter: nf_tables: mark set as dead when unbinding anonymous set with
      timeout

 -- Jian Hui Lee <email address hidden> Mon, 15 Jul 2024 10:28:19 +0800

  linux-mtk (5.15.0-1031.36) jammy; urgency=medium

  * jammy/linux-mtk: 5.15.0-1031.36 -proposed tracker (LP: #2064983)

  * [SRU] ubuntu_ltp: fs testsuite causing tainted kernel (LP: #2059057)
    - SAUCE: (no-up) ubuntu: mtk-apusys-driver: fix fs testsuite in ubuntu_ltp
      causing tainted kernel

  * [SRU] UBSAN: shift-out-of-bounds in mt6359-regulator.c:281 (LP: #2059227)
    - SAUCE: (no-up) regulator: mt6359: fix UBSAN: shift-out-of-bounds

  * [uc22][g350][g700] long install time and vblank timeout (LP: #2060936)
    - SAUCE: (no-up) drm/panel: stk-kd070: fix relaxation time between regulator
      enablement
    - SAUCE: (no-up) drm/panel: stk-kd070: fix panel not responding if set/get
      brightness earlier before pre_enable

  * [uc22][g700] Unable boot into OS and got call trace during kernel boot while
    configuring DSI + DPoC (display-dsidp.dtbo) (LP: #2063185)
    - SAUCE: (no-up) drm/panel: stk-kd070: fix deference error after panel being
      defer probed

  * [SRU] dt node backward compatibility for rxfifo (LP: #2065760)
    - SAUCE: (no-up) usb: xhci-mtk: dt node backward compatibility for rxfifo

  * [g1200] Unable boot into OS while using display-lvdshdmidp.dtbo with 1030.35
    kernel (LP: #2059233)
    - SAUCE: (no-up) drm/mediatek: dpi: fix triple display if lvds/edp is enabled

  * Packaging resync (LP: #1786013)
    - [Packaging] drop ABI data
    - [Packaging] drop getabis data

  [ Ubuntu: 5.15.0-105.115 ]

  * jammy/linux: 5.15.0-105.115 -proposed tracker (LP: #2061372)
  * Jammy update: v5.15.149 upstream stable release (LP: #2059014) // CIFS
    stopped working/is unstable with kernel update to 5.15.0-102.112
    (LP: #2060780)
    - smb3: Replace smb2pdu 1-element arrays with flex-arrays

  [ Ubuntu: 5.15.0-103.113 ]

  * jammy/linux: 5.15.0-103.113 -proposed tracker (LP: #2059683)
  * Packaging resync (LP: #1786013)
    - [Packaging] drop getabis data
  * Remove getabis scripts (LP: #2059143)
    - [Packaging] Remove getabis
  * CVE-2023-24023
    - Bluetooth: Add more enc key size check
  * CVE-2023-52600
    - jfs: fix uaf in jfs_evict_inode
  * Jammy update: v5.15.149 upstream stable release (LP: #2059014) //
    CVE-2023-52603
    - UBSAN: array-index-out-of-bounds in dtSplitRoot
  * CVE-2024-26581
    - netfilter: nft_set_rbtree: skip end interval element from gc

  [ Ubuntu: 5.15.0-102.112 ]

  * jammy/linux: 5.15.0-102.112 -proposed tracker (LP: #2055632)
  * Drop ABI checks from kernel build (LP: #2055686)
    - [Packaging] Remove in-tree abi checks
    - [Packaging] Drop abi checks from final-checks
  * Packaging resync (LP: #1786013)
    - [Packaging] drop ABI data
    - [Packaging] update annotations scripts
    - debian.master/dkms-versions -- update from kernel-versions (main/2024.03.04)
  * block/loop: No longer allows to create partitions (LP: #2056143)
    - block, loop: support partitions without scanning
  * Cranky update-dkms-versions rollout (LP: #2055685)
    - [Packaging] remove update-dkms-versions
    - Move debian/dkms-versions to debian.master/dkms-versions
    - [Packaging] Replace debian/dkms-versions with $(DEBIAN)/dkms-versions
    - [Packaging] remove update-version-dkms
  * linux: please move erofs.ko (CONFIG_EROFS for EROFS support) from linux-
    modules-extra to linux-modules (LP: #2054809)
    - UBUNTU [Packaging]: Include erofs in linux-modules instead of linux-modules-
      extra
  * linux-tools-common: man page of usbip[d] is misplaced (LP: #2054094)
    - [Packaging] rules: Put usbip manpages in the correct directory
  * CVE-2024-23851
    - dm ioctl: log an error if the ioctl structure is corrupted
    - dm: limit the number of targets and parameter size area
  * CVE-2024-23850
    - btrfs: do not ASSERT() if the newly created subvolume already got read
  * x86: performance: tsc: Extend watchdog check exemption to 4-Sockets platform
    (LP: #2054699)
    - x86/tsc: Extend watchdog check exemption to 4-Sockets platform
  * linux: please move dmi-sysfs.ko (CONFIG_DMI_SYSFS for SMBIOS support) from
    linux-modules-extra to linux-modules (LP: #2045561)
    - [Packaging] Move dmi-sysfs.ko into linux-modules
  * Fix bpf selftests build failure after v5.15.139 update (LP: #2054567)
    - Revert "selftests/bpf: Test tail call counting with bpf2bpf and data on
      stack"
  * Jammy update: v5.15.148 upstream stable release (LP: #2055145)
    - f2fs: explicitly null-terminate the xattr list
    - pinctrl: lochnagar: Don't build on MIPS
    - ALSA: hda - Fix speaker and headset mic pin config for CHUWI CoreBook XPro
    - mptcp: fix uninit-value in mptcp_incoming_options
    - wifi: cfg80211: lock wiphy mutex for rfkill poll
    - debugfs: fix automount d_fsdata usage
    - drm/amdgpu: Fix cat debugfs amdgpu_regs_didt causes kernel null pointer
    - nvme-core: check for too small lba shift
    - ASoC: wm8974: Correct boost mixer inputs
    - ASoC: Intel: Skylake: Fix mem leak in few functions
    - ASoC: nau8822: Fix incorrect type in assignment and cast to restricted
      __be16
    - ASoC: Intel: Skylake: mem leak in skl register function
    - ASoC: cs43130: Fix the position of const qualifier
    - ASoC: cs43130: Fix incorrect frame delay configuration
    - ASoC: rt5650: add mutex to avoid the jack detection failure
    - nouveau/tu102: flush all pdbs on vmm flush
    - net/tg3: fix race condition in tg3_reset_task()
    - ASoC: da7219: Support low DC impedance headset
    - ASoC: ops: add correct range check for limiting volume
    - nvme: introduce helper function to get ctrl state
    - drm/amdgpu: Add NULL checks for function pointers
    - drm/exynos: fix a potential error pointer dereference
    - drm/exynos: fix a wrong error checking
    - hwmon: (corsair-psu) Fix probe when built-in
    - clk: rockchip: rk3128: Fix HCLK_OTG gate register
    - jbd2: correct the printing of write_flags in jbd2_write_superblock()
    - drm/crtc: Fix uninit-value bug in drm_mode_setcrtc
    - neighbour: Don't let nei