Package "linux-bpf-dev"

  linux (6.8.0-62.65) noble; urgency=medium

  * noble/linux: 6.8.0-62.65 -proposed tracker (LP: #2110737)

  * Rotate the Canonical Livepatch key (LP: #2111244)
    - [Config] Prepare for Canonical Livepatch key rotation

  * KVM bug causes Firecracker crash when it runs the vCPU for the first time
    (LP: #2109859)
    - vhost: return task creation error instead of NULL
    - kvm: retry nx_huge_page_recovery_thread creation

  * CVE-2025-2312 cifs.upcall could access incorrect kerberos credentials cache
    (LP: #2099914) // CVE-2025-2312
    - CIFS: New mount option for cifs.upcall namespace resolution

  * Noble update: upstream stable patchset 2025-04-29 (LP: #2109640)
    - ASoC: wm8994: Add depends on MFD core
    - ASoC: samsung: Add missing selects for MFD_WM8994
    - seccomp: Stub for !CONFIG_SECCOMP
    - scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request
    - of/unittest: Add test that of_address_to_resource() fails on non-
      translatable address
    - irqchip/sunxi-nmi: Add missing SKIP_WAKE flag
    - hwmon: (drivetemp) Set scsi command timeout to 10s
    - ASoC: samsung: Add missing depends on I2C
    - ata: libata-core: Set ATA_QCFLAG_RTF_FILLED in fill_result_tf()
    - Revert "libfs: fix infinite directory reads for offset dir"
    - libfs: Replace simple_offset end-of-directory detection
    - Revert "HID: multitouch: Add support for lenovo Y9000P Touchpad"
    - ALSA: usb-audio: Add delay quirk for USB Audio Device
    - Input: xpad - add support for Nacon Pro Compact
    - Input: atkbd - map F23 key to support default copilot shortcut
    - Input: xpad - add unofficial Xbox 360 wireless receiver clone
    - Input: xpad - add QH Electronics VID/PID
    - Input: xpad - improve name of 8BitDo controller 2dc8:3106
    - Input: xpad - add support for Nacon Evol-X Xbox One Controller
    - Input: xpad - add support for wooting two he (arm)
    - ASoC: codecs: es8316: Fix HW rate calculation for 48Mhz MCLK
    - ASoC: cs42l43: Add codec force suspend/resume ops
    - ALSA: hda/realtek: Fix volume adjustment issue on Lenovo ThinkBook 16P Gen5
    - libfs: Return ENOSPC when the directory offset range is exhausted
    - Revert "libfs: Add simple_offset_empty()"
    - libfs: Use d_children list to iterate simple_offset directories
    - wifi: rtl8xxxu: add more missing rtl8192cu USB IDs
    - HID: wacom: Initialize brightness of LED trigger
    - Upstream stable to v6.6.75, v6.12.12

  * Noble update: upstream stable patchset 2025-04-29 (LP: #2109640) //
    CVE-2025-21689
    - USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb()

  * Noble update: upstream stable patchset 2025-04-29 (LP: #2109640) //
    CVE-2025-21690
    - scsi: storvsc: Ratelimit warning logs to prevent VM denial of service

  * Noble update: upstream stable patchset 2025-04-29 (LP: #2109640) //
    CVE-2025-21691
    - cachestat: fix page cache statistics permission checking

  * Noble update: upstream stable patchset 2025-04-29 (LP: #2109640) //
    CVE-2025-21692
    - net: sched: fix ets qdisc OOB Indexing

  * Noble update: upstream stable patchset 2025-04-29 (LP: #2109640) //
    CVE-2025-21699
    - gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag

  * Noble update: upstream stable patchset 2025-04-29 (LP: #2109640) //
    CVE-2024-50157
    - RDMA/bnxt_re: Avoid CPU lockups due fifo occupancy check loop

  * rtw89: Support hardware rfkill (LP: #2077384)
    - wifi: rtw89: add support for hardware rfkill

  * Introduce configfs-based interface for gpio-aggregator (LP: #2103496)
    - gpio: introduce utilities for synchronous fake device creation
    - bitmap: Define a cleanup function for bitmaps
    - gpio: aggregator: simplify aggr_parse() with scoped bitmap
    - gpio: aggregator: protect driver attr handlers against module unload
    - gpio: aggregator: reorder functions to prepare for configfs introduction
    - gpio: aggregator: unify function naming
    - gpio: aggregator: add gpio_aggregator_{alloc, free}()
    - gpio: aggregator: introduce basic configfs interface
    - [Config] Enable DEV_SYNC_PROBE as module
    - SAUCE: gpio: aggregator: Fix error code in gpio_aggregator_activate()
    - gpio: aggregator: rename 'name' to 'key' in gpio_aggregator_parse()
    - gpio: aggregator: expose aggregator created via legacy sysfs to configfs
    - SAUCE: gpio: aggregator: fix "_sysfs" prefix check in
      gpio_aggregator_make_group()
    - SAUCE: gpio: aggregator: Fix gpio_aggregator_line_alloc() checking
    - SAUCE: gpio: aggregator: Return an error if there are no GPIOs in
      gpio_aggregator_parse()
    - SAUCE: gpio: aggregator: Fix leak in gpio_aggregator_parse()
    - gpio: aggregator: cancel deferred probe for devices created via configfs
    - Documentation: gpio: document configfs interface for gpio-aggregator
    - selftests: gpio: add test cases for gpio-aggregator
    - SAUCE: selftests: gpio: gpio-aggregator: add a test case for _sysfs prefix
      reservation

  * Noble update: upstream stable patchset 2025-04-16 (LP: #2107449)
    - net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field()
    - net: add exit_batch_rtnl() method
    - gtp: use exit_batch_rtnl() method
    - gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp().
    - gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl().
    - nfp: bpf: prevent integer overflow in nfp_bpf_event_output()
    - net: xilinx: axienet: Fix IRQ coalescing packet count overflow
    - net/mlx5: Fix RDMA TX steering prio
    - net/mlx5e: Rely on reqid in IPsec tunnel mode
    - net/mlx5e: Always start IPsec sequence number from 1
    - drm/vmwgfx: Add new keep_resv BO param
    - drm/v3d: Assign job pointer to NULL before signaling the fence
    - soc: ti: pruss: Fix pruss APIs
    - hwmon: (tmp513) Fix division of negative numbers
    - i2c: mux: demux-pinctrl: check initial mux selection, too
    - i2c: rcar: fix NACK handling when being a target
    - hfs: Sanity che

  linux (6.8.0-60.63) noble; urgency=medium

  * noble/linux: 6.8.0-60.63 -proposed tracker (LP: #2107138)

  * Packaging resync (LP: #1786013)
    - [Packaging] debian.master/dkms-versions -- update from kernel-versions
      (main/2025.04.14)

  * Missing upstream commits for LP: #2102181 (LP: #2107336)
    - libperf cpumap: Add any, empty and min helpers
    - libperf cpumap: Ensure empty cpumap is NULL from alloc

  * Noble update: upstream stable patchset 2025-04-10 (LP: #2106770)
    - memblock: use numa_valid_node() helper to check for invalid node ID
    - jbd2: increase IO priority for writing revoke records
    - jbd2: flush filesystem device before updating tail sequence
    - dm array: fix unreleased btree blocks on closing a faulty array cursor
    - dm array: fix cursor index when skipping across block boundaries
    - exfat: fix the infinite loop in __exfat_free_cluster()
    - erofs: fix PSI memstall accounting
    - ASoC: rt722: add delay time to wait for the calibration procedure
    - ASoC: mediatek: disable buffer pre-allocation
    - selftests/alsa: Fix circular dependency involving global-timer
    - ieee802154: ca8210: Add missing check for kfifo_alloc() in ca8210_probe()
    - net: 802: LLC+SNAP OID:PID lookup on start of skb data
    - tcp/dccp: complete lockless accesses to sk->sk_max_ack_backlog
    - tcp/dccp: allow a connection when sk_max_ack_backlog is zero
    - net: libwx: fix firmware mailbox abnormal return
    - pds_core: limit loop over fw name list
    - bnxt_en: Fix possible memory leak when hwrm_req_replace fails
    - cxgb4: Avoid removal of uninserted tid
    - ice: fix incorrect PHY settings for 100 GB/s
    - igc: return early when failing to read EECD register
    - tls: Fix tls_sw_sendmsg error handling
    - eth: gve: use appropriate helper to set xdp_features
    - Bluetooth: hci_sync: Fix not setting Random Address when required
    - Bluetooth: MGMT: Fix Add Device to responding before completing
    - Bluetooth: btnxpuart: Fix driver sending truncated data
    - tcp: Annotate data-race around sk->sk_mark in tcp_v4_send_reset
    - riscv: Fix early ftrace nop patching
    - memblock tests: fix implicit declaration of function 'numa_valid_node'
    - iio: imu: inv_icm42600: fix timestamps after suspend if sensor is on
    - netfilter: nf_tables: imbalance in flowtable binding
    - drm/mediatek: stop selecting foreign drivers
    - [Config] updateconfigs for MTK_SMI
    - drm/mediatek: Fix YCbCr422 color format issue for DP
    - drm/mediatek: Fix mode valid issue for dp
    - drm/mediatek: Add return value check when reading DPCD
    - cpuidle: riscv-sbi: fix device node release in early exit of
      for_each_possible_cpu
    - scsi: ufs: qcom: Power off the PHY if it was already powered on in
      ufs_qcom_power_up_sequence()
    - dm-ebs: don't set the flag DM_TARGET_PASSES_INTEGRITY
    - ksmbd: Implement new SMB3 POSIX type
    - thermal: of: fix OF node leak in of_thermal_zone_find()
    - smb: client: sync the root session and superblock context passwords before
      automounting
    - ACPI: resource: Add TongFang GM5HG0A to irq1_edge_low_force_override[]
    - ACPI: resource: Add Asus Vivobook X1504VAP to irq1_level_low_skip_override[]
    - drm/amd/display: increase MAX_SURFACES to the value supported by hw
    - io_uring/timeout: fix multishot updates
    - dm-verity FEC: Fix RS FEC repair for roots unaligned to block size (take 2)
    - USB: serial: option: add MeiG Smart SRM815
    - USB: serial: option: add Neoway N723-EA support
    - staging: iio: ad9834: Correct phase range check
    - staging: iio: ad9832: Correct phase range check
    - usb-storage: Add max sectors quirk for Nokia 208
    - USB: serial: cp210x: add Phoenix Contact UPS Device
    - usb: dwc3: gadget: fix writing NYET threshold
    - misc: microchip: pci1xxxx: Resolve return code mismatch during GPIO set
      config
    - tty: serial: 8250: Fix another runtime PM usage counter underflow
    - usb: dwc3-am62: Disable autosuspend during remove
    - USB: usblp: return error when setting unsupported protocol
    - USB: core: Disable LPM only for non-suspended ports
    - usb: fix reference leak in usb_new_device()
    - usb: gadget: midi2: Reverse-select at the right place
    - usb: chipidea: ci_hdrc_imx: decrement device's refcount in .remove() and in
      the error path of .probe()
    - usb: gadget: f_uac2: Fix incorrect setting of bNumEndpoints
    - usb: typec: tcpm/tcpci_maxim: fix error code in
      max_contaminant_read_resistance_kohm()
    - usb: gadget: configfs: Ignore trailing LF for user strings to cdev
    - iio: gyro: fxas21002c: Fix missing data update in trigger handler
    - iio: adc: ti-ads124s08: Use gpiod_set_value_cansleep()
    - iio: inkern: call iio_device_put() only on mapped devices
    - iio: adc: ad7124: Disable all channels at probe time
    - riscv: kprobes: Fix incorrect address calculation
    - ARM: dts: imxrt1050: Fix clocks for mmc
    - arm64: dts: rockchip: add hevc power domain clock to rk3328
    - pmdomain: imx: gpcv2: Simplify with scoped for each OF child loop
    - pmdomain: imx: gpcv2: fix an OF node reference leak in imx_gpcv2_probe()
    - workqueue: Add rcu lock check at the end of work item execution
    - workqueue: Update lock debugging code
    - mm/hugetlb: enforce that PMD PT sharing has split PMD PT locks
    - riscv: Fix text patching when IPI are used
    - drm/mediatek: Only touch DISP_REG_OVL_PITCH_MSB if AFBC is supported
    - ovl: pass realinode to ovl_encode_real_fh() instead of realdentry
    - net: don't dump Tx and uninitialized NAPIs
    - ice: fix max values for dpll pin phase adjust
    - net: hns3: fixed reset failure issues caused by the incorrect reset type
    - net: hns3: fix missing features due to dev->features configuration too early
    - net: hns3: Resolved the issue that the debugfs query result is inconsistent.
    - net: hns3: initialize reset_timer before hclgevf

  linux (6.8.0-58.60) noble; urgency=medium

  * noble/linux: 6.8.0-58.60 -proposed tracker (LP: #2102529)

  * Packaging resync (LP: #1786013)
    - [Packaging] update variants
    - [Packaging] debian.master/dkms-versions -- update from kernel-versions
      (main/2025.03.17)

  * wdat_wdt.ko should be pulled in by linux-image-virtual (LP: #2098554)
    - [Packaging]: wdat_wdt.ko is moved from "linux-modules-extra-*-generic" to
      "linux-modules-*-generic"

  * Noble update: upstream stable patchset 2025-03-12 (LP: #2102118)
    - openrisc: Use asm-generic's version of fix_to_virt() & virt_to_fix()
    - iTCO_wdt: mask NMI_NOW bit for update_no_reboot_bit() call
    - watchdog: xilinx_wwdt: Calculate max_hw_heartbeat_ms using clock frequency
    - watchdog: apple: Actually flush writes after requesting watchdog restart
    - watchdog: mediatek: Make sure system reset gets asserted in
      mtk_wdt_restart()
    - can: gs_usb: add VID/PID for Xylanta SAINT3 product family
    - can: gs_usb: add usb endpoint address detection at driver probe step
    - can: sun4i_can: sun4i_can_err(): call can_change_state() even if cf is NULL
    - can: m_can: m_can_handle_lec_err(): fix {rx,tx}_errors statistics
    - can: ifi_canfd: ifi_canfd_handle_lec_err(): fix {rx,tx}_errors statistics
    - can: hi311x: hi3110_can_ist(): fix {rx,tx}_errors statistics
    - can: sja1000: sja1000_err(): fix {rx,tx}_errors statistics
    - can: sun4i_can: sun4i_can_err(): fix {rx,tx}_errors statistics
    - can: ems_usb: ems_usb_rx_err(): fix {rx,tx}_errors statistics
    - can: f81604: f81604_handle_can_bus_errors(): fix {rx,tx}_errors statistics
    - ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init()
    - selftests: hid: fix typo and exit code
    - ptp: Add error handling for adjfine callback in ptp_clock_adjtime
    - net/sched: tbf: correct backlog statistic for GSO packets
    - net: hsr: fix fill_frame_info() regression vs VLAN packets
    - platform/x86: asus-wmi: add support for vivobook fan profiles
    - platform/x86: asus-wmi: Fix inconsistent use of thermal policies
    - platform/x86: asus-wmi: Ignore return value when writing thermal policy
    - net/smc: mark optional smcd_ops and check for support when called
    - net/smc: add operations to merge sndbuf with peer DMB
    - net/smc: {at|de}tach sndbuf to peer DMB if supported
    - net/smc: refactoring initialization of smc sock
    - net/qed: allow old cards not supporting "num_images" to work
    - ixgbevf: stop attempting IPSEC offload on Mailbox API 1.5
    - ixgbe: downgrade logging of unsupported VF API version to debug
    - net: sched: fix erspan_opt settings in cls_flower
    - netfilter: nft_set_hash: skip duplicated elements pending gc run
    - netfilter: nft_set_hash: unaligned atomic read on struct nft_set_ext
    - ethtool: Fix wrong mod state in case of verbose and no_mask bitset
    - mlxsw: spectrum_acl_flex_keys: Constify struct mlxsw_afk_element_inst
    - mlxsw: spectrum_acl_flex_keys: Use correct key block on Spectrum-4
    - net/mlx5e: Remove workaround to avoid syndrome for internal port
    - xhci: Allow RPM on the USB controller (1022:43f7) by default
    - gpio: grgpio: use a helper variable to store the address of ofdev->dev
    - usb: dwc3: gadget: Rewrite endpoint allocation flow
    - usb: dwc3: ep0: Don't reset resource alloc flag (including ep0)
    - usb: dwc3: ep0: Don't clear ep0 DWC3_EP_TRANSFER_STARTED
    - mmc: mtk-sd: use devm_mmc_alloc_host
    - mmc: mtk-sd: Fix error handle of probe function
    - mmc: mtk-sd: fix devm_clk_get_optional usage
    - mmc: mtk-sd: Fix MMC_CAP2_CRYPTO flag setting
    - zram: do not mark idle slots that cannot be idle
    - zram: clear IDLE flag in mark_idle()
    - powerpc/vdso: Refactor CFLAGS for CVDSO build
    - powerpc/vdso: Drop -mstack-protector-guard flags in 32-bit files with clang
    - ntp: Remove invalid cast in time offset math
    - driver core: Add FWLINK_FLAG_IGNORE to completely ignore a fwnode link
    - driver core: fw_devlink: Stop trying to optimize cycle detection logic
    - drivers: core: fix device leak in __fw_devlink_relax_cycles()
    - i3c: master: support to adjust first broadcast address speed
    - i3c: master: svc: use slow speed for first broadcast address
    - i3c: master: svc: Modify enabled_events bit 7:0 to act as IBI enable counter
    - i3c: master: Replace hard code 2 with macro I3C_ADDR_SLOT_STATUS_BITS
    - i3c: master: Extend address status bit to 4 and add
      I3C_ADDR_SLOT_EXT_DESIRED
    - i3c: master: Fix dynamic address leak when 'assigned-address' is present
    - i3c: master: Fix missing 'ret' assignment in set_speed()
    - drm/bridge: it6505: update usleep_range for RC circuit charge time
    - drm/bridge: it6505: Fix inverted reset polarity
    - scsi: ufs: core: Always initialize the UIC done completion
    - scsi: ufs: core: Add ufshcd_send_bsg_uic_cmd() for UFS BSG
    - bpf, vsock: Fix poll() missing a queue
    - bpf, vsock: Invoke proto::close on close()
    - xsk: always clear DMA mapping information when unmapping the pool
    - bpftool: fix potential NULL pointer dereferencing in prog_dump()
    - drm/sti: Add __iomem for mixer_dbg_mxn's parameter
    - ALSA: seq: ump: Use automatic cleanup of kfree()
    - ALSA: ump: Update substream name from assigned FB names
    - ALSA: seq: ump: Fix seq port updates per FB info notify
    - ALSA: usb-audio: Notify xrun for low-latency mode
    - tools: Override makefile ARCH variable if defined, but empty
    - ASoC: SOF: ipc3-topology: Convert the topology pin index to ALH dai index
    - ASoC: SOF: ipc3-topology: fix resource leaks in
      sof_ipc3_widget_setup_comp_dai()
    - bpf: Fix narrow scalar spill onto 64-bit spilled scalar slots
    - scsi: scsi_debug: Fix hrtimer support for ndelay
    - ASoC: mediatek: mt8188-mt6359: Remove hardcoded dmic codec
    - drm/v3d: Enable Performance Counters before clearing them
    - scatterlist:

  linux (6.8.0-56.58) noble; urgency=medium

  * noble/linux: 6.8.0-56.58 -proposed tracker (LP: #2098244)

  * Noble update: upstream stable patchset 2024-07-19 (LP: #2073603)
    - Revert "drm: Make drivers depends on DRM_DW_HDMI"
    - Revert "UBUNTU: [Config] Drivers now depend on DRM_DW_HDMI"

  * drm/amd/display: Add check for granularity in dml ceil/floor helpers
    (LP: #2098080)
    - drm/amd/display: Add check for granularity in dml ceil/floor helpers

  * optimized default EPP for GNR family (LP: #2097554)
    - cpufreq: intel_pstate: Update Balance-performance EPP for Granite Rapids

  * Incorrect LAPIC/x2APIC parsing order (LP: #2097455)
    - x86/acpi: Fix LAPIC/x2APIC parsing order

  * MGLRU: page allocation failure on NUMA-enabled systems (LP: #2097214)
    - mm/vmscan: wake up flushers conditionally to avoid cgroup OOM

  * Upstream commit 65357e2c164a: "RDMA/mana_ib: set node_guid" applied
    incorrectly (LP: #2096885)
    - Revert "RDMA/mana_ib: set node_guid"

  * AppArmor early policy load not funcitoning (LP: #2095370)
    - SAUCE: Revert "UBUNTU: SAUCE: apparmor4.0.0 [67/90]: userns - add the
      ability to reference a global variable for a feature value"

  * apparmor unconfined profile blocks pivot_root (LP: #2067900)
    - SAUCE: Revert "UBUNTU: SAUCE: apparmor4.0.0 [81/90]: apparmor: convert easy
      uses of unconfined() to label_mediates()"

  * CVE-2024-50117
    - drm/amd: Guard against bad data for ATIF ACPI method

  * CVE-2024-56582
    - btrfs: fix use-after-free in btrfs_encoded_read_endio()

  * CVE-2024-53165
    - sh: intc: Fix use-after-free bug in register_intc_controller()

  * CVE-2024-53156
    - wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service()

  * CVE-2024-56663
    - wifi: nl80211: fix NL80211_ATTR_MLO_LINK_ID off-by-one

  * CVE-2024-56614
    - xsk: fix OOB map writes when deleting elements

  * VM boots slowly with large-BAR GPU Passthrough due to pci/probe.c redundancy
    (LP: #2097389)
    - PCI: Batch BAR sizing operations

  * Noble update: upstream stable patchset 2025-02-04 (LP: #2097393)
    - Revert "PCI/MSI: Provide stubs for IMS functions"
    - gfs2: Revert "introduce qd_bh_get_or_undo"
    - gfs2: qd_check_sync cleanups
    - gfs2: Revert "ignore negated quota changes"
    - Revert "powerpc/ps3_defconfig: Disable PPC64_BIG_ENDIAN_ELF_ABI_V2"
    - tracing: Have saved_cmdlines arrays all in one allocation
    - spi: spi-fsl-lpspi: remove redundant spi_controller_put call
    - ata: ahci: Add mask_port_map module parameter
    - ASoC: tas2781: mark dvc_tlv with __maybe_unused
    - scsi: sd: Do not repeat the starting disk message
    - bootconfig: Fix the kerneldoc of _xbc_exit()
    - perf sched: Move start_work_mutex and work_done_wait_mutex initialization to
      perf_sched__replay()
    - perf sched: Fix memory leak in perf_sched__map()
    - perf sched: Move curr_thread initialization to perf_sched__map()
    - perf sched: Move curr_pid and cpu_last_switched initialization to
      perf_sched__{lat|map|replay}()
    - libsubcmd: Don't free the usage string
    - selftests: Introduce Makefile variable to list shared bash scripts
    - jbd2: fix kernel-doc for j_transaction_overhead_buffers
    - lib/build_OID_registry: avoid non-destructive substitution for Perl < 5.13.2
      compat
    - drm/amd/display: Remove a redundant check in authenticated_dp
    - drm/amd/display: Revert "Check HDCP returned status"
    - zram: don't free statically defined names
    - x86/amd_nb: Add new PCI IDs for AMD family 0x1a
    - rtnetlink: change nlk->cb_mutex role
    - rtnetlink: add RTNL_FLAG_DUMP_UNLOCKED flag
    - mpls: no longer hold RTNL in mpls_netconf_dump_devconf()
    - phonet: no longer hold RTNL in route_dumpit()
    - rcu/nocb: Make IRQs disablement symmetric
    - HID: asus: add ROG Ally N-Key ID and keycodes
    - HID: asus: add ROG Z13 lightbar
    - hid-asus: add ROG Ally X prod ID to quirk list
    - scsi: Revert "scsi: sd: Do not repeat the starting disk message"
    - btrfs: fix uninitialized pointer free in add_inode_ref()
    - btrfs: fix uninitialized pointer free on read_alloc_one_name() error
    - ksmbd: fix user-after-free from session log off
    - ALSA: hda/conexant - Fix audio routing for HP EliteOne 1000 G2
    - mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow
    - net: enetc: remove xdp_drops statistic from enetc_xdp_drop()
    - net: enetc: block concurrent XDP transmissions during ring reconfiguration
    - net: enetc: disable Tx BD rings after they are empty
    - net: enetc: disable NAPI after all rings are disabled
    - net: enetc: add missing static descriptor and inline keyword
    - posix-clock: Fix missing timespec64 check in pc_clock_settime()
    - udp: Compute L4 checksum as usual when not segmenting the skb
    - arm64: probes: Remove broken LDR (literal) uprobe support
    - arm64: probes: Fix simulate_ldr*_literal()
    - arm64: probes: Fix uprobes for big-endian kernels
    - net: macb: Avoid 20s boot delay by skipping MDIO bus registration for fixed-
      link PHY
    - net: microchip: vcap api: Fix memory leaks in vcap_api_encode_rule_test()
    - maple_tree: correct tree corruption on spanning store
    - nilfs2: propagate directory read errors from nilfs_find_entry()
    - fat: fix uninitialized variable
    - mm/mremap: fix move_normal_pmd/retract_page_tables race
    - mm/swapfile: skip HugeTLB pages for unuse_vma
    - mm/damon/tests/sysfs-kunit.h: fix memory leak in
      damon_sysfs_test_add_targets()
    - tcp: fix mptcp DSS corruption due to large pmtu xmit
    - net: fec: Move `fec_ptp_read()` to the top of the file
    - net: fec: Remove duplicated code
    - mptcp: prevent MPC handshake on port-based signal endpoints
    - iommu/vt-d: Fix incorrect pci_for_each_dma_alias() for non-PCI devices
    - s390/sclp: Deactivate sclp after all its users
    - s390/sclp_vt220: Convert newlines to CRLF instead of LFCR
    - KVM: s390: ga

  linux (6.8.0-54.56) noble; urgency=medium

  * CVE-2025-0927
    - SAUCE: fs: hfs/hfsplus: add key_len boundary check to hfs_bnode_read_key