Package "linux"

 linux (5.15.0-94.104) jammy; urgency=medium
 .
   * jammy/linux: 5.15.0-94.104 -proposed tracker (LP: #2048777)
 .
   * [SRU] Duplicate Device_dax ids Created and hence Probing is Failing.
     (LP: #2028158)
     - device-dax: Fix duplicate 'hmem' device registration
 .
   * Add ODM driver f81604 usb-can (LP: #2045387)
     - can: usb: f81604: add Fintek F81604 support
     - [Config] updateconfigs for ODM drivers CONFIG_CAN_F81604
 .
   * Add ODM driver gpio-m058ssan (LP: #2045386)
     - SAUCE: ODM: gpio: add M058SSAN gpio driver
     - [Config] updateconfigs for ODM drivers CONFIG_GPIO_M058SSAN
 .
   * Add ODM driver rtc-pcf85263 (LP: #2045385)
     - SAUCE: ODM: rtc: add PCF85263 RTC driver
     - [Config] updateconfigs for ODM drivers CONFIG_RTC_DRV_PCF85263
 .
   * AppArmor patch for mq-posix interface is missing in jammy (LP: #2045384)
     - SAUCE: (no-up) apparmor: reserve mediation classes
     - SAUCE: (no-up) apparmor: Add fine grained mediation of posix mqueues
 .
   * Packaging resync (LP: #1786013)
     - [Packaging] update annotations scripts
 .

 linux (5.15.0-93.103) jammy; urgency=medium
 .
   * jammy/linux: 5.15.0-93.103 -proposed tracker (LP: #2048330)
 .
   * Packaging resync (LP: #1786013)
     - [Packaging] resync git-ubuntu-log
     - [Packaging] resync update-dkms-versions helper
     - [Packaging] remove helper scripts
     - [Packaging] update annotations scripts
     - debian/dkms-versions -- update from kernel-versions (main/2024.01.08)
 .
   * Hotplugging SCSI disk in QEMU VM fails (LP: #2047382)
     - Revert "PCI: acpiphp: Reassign resources on bridge if necessary"
 .
   * CVE-2023-6622
     - netfilter: nf_tables: bail out on mismatching dynset and set expressions
 .
   * CVE-2024-0193
     - netfilter: nf_tables: skip set commit for deleted/destroyed sets
 .
   * CVE-2023-6040
     - netfilter: nf_tables: Reject tables of unsupported family
 .
   * Patches needed for AmpereOne (arm64) (LP: #2044192)
     - clocksource/arm_arch_timer: Add build-time guards for unhandled register
       accesses
     - clocksource/drivers/arm_arch_timer: Drop CNT*_TVAL read accessors
     - clocksource/drivers/arm_arch_timer: Extend write side of timer register
       accessors to u64
     - clocksource/drivers/arm_arch_timer: Move system register timer programming
       over to CVAL
     - clocksource/drivers/arm_arch_timer: Move drop _tval from erratum function
       names
     - clocksource/drivers/arm_arch_timer: Fix MMIO base address vs callback
       ordering issue
     - clocksource/drivers/arm_arch_timer: Move MMIO timer programming over to CVAL
     - clocksource/drivers/arm_arch_timer: Advertise 56bit timer to the core code
     - clocksource/drivers/arm_arch_timer: Work around broken CVAL implementations
     - clocksource/drivers/arm_arch_timer: Remove any trace of the TVAL programming
       interface
     - clocksource/drivers/arm_arch_timer: Drop unnecessary ISB on CVAL programming
     - clocksource/drivers/arm_arch_timer: Fix masking for high freq counters
     - clocksource/drivers/arch_arm_timer: Move workaround synchronisation around
 .
   * Add quirk to disable i915 fastboot on B&R PC (LP: #2047630)
     - SAUCE: i915: force disable fastboot quirk
 .
   * Some machines can't pass the pm-graph test (LP: #2046217)
     - wifi: iwlwifi: pcie: rescan bus if no parent
 .
   * Sound: Add rtl quirk of M90-Gen5 (LP: #2046105)
     - ALSA: hda/realtek: Enable headset on Lenovo M90 Gen5
 .
   * linux tools packages for derived kernels refuse to install simultaneously
     due to libcpupower name collision (LP: #2035971)
     - [Packaging] Statically link libcpupower into cpupower tool
 .
   * [Debian] autoreconstruct - Do not generate chmod -x for deleted files
     (LP: #2045562)
     - [Debian] autoreconstruct - Do not generate chmod -x for deleted files
 .
   * CVE-2023-6931
     - perf/core: Add a new read format to get a number of lost samples
     - perf: Fix perf_event_validate_size()
     - perf: Fix perf_event_validate_size() lockdep splat
 .
   * CVE-2023-6932
     - ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet
 .
   * CVE-2023-6606
     - smb: client: fix OOB in smbCalcSize()
 .
   * CVE-2023-6817
     - netfilter: nft_set_pipapo: skip inactive elements during set walk
 .
   * Jammy update: v5.15.136 upstream stable release (LP: #2046008)
     - iommu/vt-d: Avoid memory allocation in iommu_suspend()
     - scsi: core: Use a structure member to track the SCSI command submitter
     - scsi: core: Rename scsi_mq_done() into scsi_done() and export it
     - scsi: ib_srp: Call scsi_done() directly
     - RDMA/srp: Do not call scsi_done() from srp_abort()
     - RDMA/cxgb4: Check skb value for failure to allocate
     - perf/arm-cmn: Fix the unhandled overflow status of counter 4 to 7
     - of: overlay: Reorder struct fragment fields kerneldoc
     - platform/x86: think-lmi: Fix reference leak
     - platform/x86: hp-wmi:: Mark driver struct with __refdata to prevent section
       mismatch warning
     - lib/test_meminit: fix off-by-one error in test_pages()
     - HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect
     - quota: Fix slow quotaoff
     - net: prevent address rewrite in kernel_bind()
     - ALSA: usb-audio: Fix microphone sound on Opencomm2 Headset
     - KEYS: trusted: allow use of kernel RNG for key material
     - KEYS: trusted: Remove redundant static calls usage
     - drm/msm/dp: do not reinitialize phy unless retry during link training
     - drm/msm/dsi: skip the wait for video mode done if not applicable
     - drm/msm/dsi: fix irq_of_parse_and_map() error checking
     - drm/msm/dpu: change _dpu_plane_calc_bw() to use u64 to avoid overflow
     - ravb: Fix up dma_free_coherent() call in ravb_remove()
     - ravb: Fix use-after-free issue in ravb_tx_timeout_work()
     - ieee802154: ca8210: Fix a potential UAF in ca8210_probe
     - mlxsw: fix mlxsw_sp2_nve_vxlan_learning_set() return type
     - eth: remove copies of the NAPI_POLL_WEIGHT define
     - xen-netback: use default TX queue size for vifs
     - riscv, bpf: Factor out emit_call for kernel and bpf context
     - riscv, bpf: Sign-extend return values
     - drm/vmwgfx: fix typo of sizeof argument
     - bpf: Fix verifier log for async callback return values
     - net: macsec: indicate next pn update when offloading
     - net: phy: mscc: macsec: reject PN update requests
     - ixgbe: fix crash with empty VF macvlan list
     - net/mlx5e: Again mutually exclude RX-FCS and RX-port-timestamp
     - net: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn()
     - pinctrl: renesas: rzn1: Enable missing PINMUX
     - nfc: nci: assert requested protocol is valid
     - workqueue: Override implicit ordered attribute in
       workqueue_apply_unbound_cpumask()
     - net: add sysctl accept_ra_min_rtr_lft
     - net: change accept_ra_min_rtr_lft to affect all RA lifetimes
     - net: release reference to inet6_dev pointer
     - media: mtk-jpeg: Fix use after free bug due to uncancel

 linux (5.15.0-91.101) jammy; urgency=medium
 .
   * jammy/linux: 5.15.0-91.101 -proposed tracker (LP: #2043452)
 .
   * USB bus error after upgrading to proposed kernel on lunar and jammy
     (LP: #2043197)
     - USB: core: Fix oversight in SuperSpeed initialization
 .

 linux (5.15.0-90.100) jammy; urgency=medium
 .
   * jammy/linux: 5.15.0-90.100 -proposed tracker (LP: #2041603)
 .
   * CVE-2023-25775
     - RDMA/irdma: Remove irdma_uk_mw_bind()
     - RDMA/irdma: Remove irdma_sc_send_lsmm_nostag()
     - RDMA/irdma: Remove irdma_cqp_up_map_cmd()
     - RDMA/irdma: Remove irdma_get_hw_addr()
     - RDMA/irdma: Make irdma_uk_cq_init() return a void
     - RDMA/irdma: optimize rx path by removing unnecessary copy
     - RDMA/irdma: Remove enum irdma_status_code
     - RDMA/irdma: Remove excess error variables
     - RDMA/irdma: Prevent zero-length STAG registration
 .
   * CVE-2023-39189
     - netfilter: nfnetlink_osf: avoid OOB read
 .
   * SMC stats: Wrong bucket calculation for payload of exactly 4096 bytes
     (LP: #2039575)
     - net/smc: Fix pos miscalculation in statistics
 .
   * CVE-2023-45871
     - igb: set max size RX buffer when store bad packet is enabled
 .
   * CVE-2023-39193
     - netfilter: xt_sctp: validate the flag_info count
 .
   * CVE-2023-39192
     - netfilter: xt_u32: validate user space input
 .
   * CVE-2023-31085
     - ubi: Refuse attaching if mtd's erasesize is 0
 .
   * CVE-2023-5717
     - perf: Disallow mis-matched inherited group reads
 .
   * CVE-2023-5178
     - nvmet-tcp: Fix a possible UAF in queue intialization setup
 .
   * CVE-2023-5158
     - vringh: don't use vringh_kiov_advance() in vringh_iov_xfer()
 .
   * [SRU][J/L/M] UBUNTU: [Packaging] Make WWAN driver a loadable module
     (LP: #2033406)
     - [Packaging] Make WWAN driver loadable modules
 .
   * HP ProBook 450 G8 Notebook fail to wifi test (LP: #2037513)
     - iwlwifi: mvm: Don't fail if PPAG isn't supported
     - wifi: iwlwifi: fw: skip PPAG for JF
 .
   * usbip: error: failed to open /usr/share/hwdata//usb.ids (LP: #2039439)
     - [Packaging] Make linux-tools-common depend on hwdata
 .
   * scripts/pahole-flags.sh change return to exit 0 (LP: #2035123)
     - SAUCE: scripts/pahole-flags.sh change return to exit 0
 .
   * Unable to use nvme drive to install Ubuntu 23.10 (LP: #2040157)
     - misc: rtsx: Fix some platforms can not boot and move the l1ss judgment to
       probe
 .
   * Jammy update: v5.15.131 upstream stable release (LP: #2039610)
     - erofs: ensure that the post-EOF tails are all zeroed
     - ksmbd: fix wrong DataOffset validation of create context
     - ksmbd: replace one-element array with flex-array member in struct
       smb2_ea_info
     - ARM: pxa: remove use of symbol_get()
     - mmc: au1xmmc: force non-modular build and remove symbol_get usage
     - net: enetc: use EXPORT_SYMBOL_GPL for enetc_phc_index
     - rtc: ds1685: use EXPORT_SYMBOL_GPL for ds1685_rtc_poweroff
     - modules: only allow symbol_get of EXPORT_SYMBOL_GPL modules
     - USB: serial: option: add Quectel EM05G variant (0x030e)
     - USB: serial: option: add FOXCONN T99W368/T99W373 product
     - ALSA: usb-audio: Fix init call orders for UAC1
     - usb: dwc3: meson-g12a: do post init to fix broken usb after resumption
     - usb: chipidea: imx: improve logic if samsung,picophy-* parameter is 0
     - HID: wacom: remove the battery when the EKR is off
     - staging: rtl8712: fix race condition
     - Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race
       condition
     - wifi: mt76: mt7921: do not support one stream on secondary antenna only
     - serial: qcom-geni: fix opp vote on shutdown
     - serial: sc16is7xx: fix broken port 0 uart init
     - serial: sc16is7xx: fix bug when first setting GPIO direction
     - firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe
     - fsi: master-ast-cf: Add MODULE_FIRMWARE macro
     - tcpm: Avoid soft reset when partner does not support get_status
     - nilfs2: fix general protection fault in nilfs_lookup_dirty_data_buffers()
     - nilfs2: fix WARNING in mark_buffer_dirty due to discarded buffer reuse
     - pinctrl: amd: Don't show `Invalid config param` errors
     - usb: typec: tcpci: move tcpci.h to include/linux/usb/
     - usb: typec: tcpci: clear the fault status bit
     - Linux 5.15.131
 .
   * Jammy update: v5.15.130 upstream stable release (LP: #2039608)
     - ACPI: thermal: Drop nocrt parameter
     - module: Expose module_init_layout_section()
     - arm64: module-plts: inline linux/moduleloader.h
     - arm64: module: Use module_init_layout_section() to spot init sections
     - ARM: module: Use module_init_layout_section() to spot init sections
     - rcu: Prevent expedited GP from enabling tick on offline CPU
     - rcu-tasks: Fix IPI failure handling in trc_wait_for_one_reader
     - rcu-tasks: Wait for trc_read_check_handler() IPIs
     - rcu-tasks: Add trc_inspect_reader() checks for exiting critical section
     - Linux 5.15.130
 .
   * CVE-2023-42754
     - ipv4: fix null-deref in ipv4_link_failure
 .
   * Jammy update: v5.15.129 upstream stable release (LP: #2039227)
     - NFSv4.2: fix error handling in nfs42_proc_getxattr
     - NFSv4: fix out path in __nfs4_get_acl_uncached
     - xprtrdma: Remap Receive buffers after a reconnect
     - PCI: acpiphp: Reassign resources on bridge if necessary
     - dlm: improve plock logging if interrupted
     - dlm: replace usage of found with dedicated list iterator variable
     - fs: dlm: add pid to debug log
     - fs: dlm: change plock interrupted message to debug again
     - fs: dlm: use dlm_plock_info for do_unlock_close
     - fs: dlm: fix mismatch of plock results from userspace
     - MIPS: cpu-features: Enable octeon_cache by cpu_type
     - MIPS: cpu-features: Use boot_cpu_type for CPU type based features
     - fbdev: Improve performance of sys_imageblit()
     - fbdev: Fix sys_imageblit() for arbitrary image widths
     - fbdev: fix potential OOB read in fast_imageblit()
     - ALSA: pcm: Fix potential data race at PCM memory allocation helpers
     - jbd2: remove t_checkpoint_io_list
     - jbd2: remove journal_clean_one_cp_list()
     - jbd2: fix a race when checking checkpoint buffer bu

 linux (5.15.0-88.98) jammy; urgency=medium
 .
   * jammy/linux: 5.15.0-88.98 -proposed tracker (LP: #2038055)
 .
   * CVE-2023-4244
     - netfilter: nf_tables: don't skip expired elements during walk
     - netfilter: nf_tables: adapt set backend to use GC transaction API
     - netfilter: nft_set_hash: mark set element as dead when deleting from packet
       path
     - netfilter: nf_tables: GC transaction API to avoid race with control plane
     - netfilter: nf_tables: remove busy mark and gc batch API
     - netfilter: nf_tables: don't fail inserts if duplicate has expired
     - netfilter: nf_tables: fix kdoc warnings after gc rework
     - netfilter: nf_tables: fix GC transaction races with netns and netlink event
       exit path
     - netfilter: nf_tables: GC transaction race with netns dismantle
     - netfilter: nf_tables: GC transaction race with abort path
     - netfilter: nf_tables: use correct lock to protect gc_list
     - netfilter: nf_tables: defer gc run if previous batch is still pending
     - netfilter: nft_dynset: disallow object maps
     - netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction
 .
   * CVE-2023-42756
     - netfilter: ipset: Fix race between IPSET_CMD_CREATE and IPSET_CMD_SWAP
 .
   * CVE-2023-4623
     - net/sched: sch_hfsc: Ensure inner classes have fsc curve
 .
   * PCI BARs larger than 128GB are disabled (LP: #2037403)
     - PCI: Support BAR sizes up to 8TB
 .
   * Fix unstable audio at low levels on Thinkpad P1G4 (LP: #2037077)
     - ALSA: hda/realtek - ALC287 I2S speaker platform support
 .
   * Check for changes relevant for security certifications (LP: #1945989)
     - [Packaging] Add a new fips-checks script
 .
   * Jammy update: v5.15.126 upstream stable release (LP: #2037593)
     - io_uring: gate iowait schedule on having pending requests
     - perf: Fix function pointer case
     - net/mlx5: Free irqs only on shutdown callback
     - arm64: errata: Add workaround for TSB flush failures
     - arm64: errata: Add detection for TRBE write to out-of-range
     - [Config] updateconfigs for ARM64_ERRATUM_ and
       ARM64_WORKAROUND_TSB_FLUSH_FAILURE
     - iommu/arm-smmu-v3: Work around MMU-600 erratum 1076982
     - iommu/arm-smmu-v3: Document MMU-700 erratum 2812531
     - iommu/arm-smmu-v3: Add explicit feature for nesting
     - iommu/arm-smmu-v3: Document nesting-related errata
     - arm64: dts: imx8mn-var-som: add missing pull-up for onboard PHY reset pinmux
     - word-at-a-time: use the same return type for has_zero regardless of
       endianness
     - KVM: s390: fix sthyi error handling
     - wifi: cfg80211: Fix return value in scan logic
     - net/mlx5: DR, fix memory leak in mlx5dr_cmd_create_reformat_ctx
     - net/mlx5e: fix return value check in mlx5e_ipsec_remove_trailer()
     - bpf: Add length check for SK_DIAG_BPF_STORAGE_REQ_MAP_FD parsing
     - rtnetlink: let rtnl_bridge_setlink checks IFLA_BRIDGE_MODE length
     - net: dsa: fix value check in bcm_sf2_sw_probe()
     - perf test uprobe_from_different_cu: Skip if there is no gcc
     - net: sched: cls_u32: Fix match key mis-addressing
     - mISDN: hfcpci: Fix potential deadlock on &hc->lock
     - qed: Fix kernel-doc warnings
     - qed: Fix scheduling in a tasklet while getting stats
     - net: annotate data-races around sk->sk_max_pacing_rate
     - net: add missing READ_ONCE(sk->sk_rcvlowat) annotation
     - net: add missing READ_ONCE(sk->sk_sndbuf) annotation
     - net: add missing READ_ONCE(sk->sk_rcvbuf) annotation
     - net: add missing data-race annotations around sk->sk_peek_off
     - net: add missing data-race annotation for sk_ll_usec
     - net/sched: taprio: Limit TCA_TAPRIO_ATTR_SCHED_CYCLE_TIME to INT_MAX.
     - bpf, cpumap: Handle skb as well when clean up ptr_ring
     - bpf: sockmap: Remove preempt_disable in sock_map_sk_acquire
     - net: ll_temac: Switch to use dev_err_probe() helper
     - net: ll_temac: fix error checking of irq_of_parse_and_map()
     - net: korina: handle clk prepare error in korina_probe()
     - net: netsec: Ignore 'phy-mode' on SynQuacer in DT mode
     - net: dcb: choose correct policy to parse DCB_ATTR_BCN
     - s390/qeth: Don't call dev_close/dev_open (DOWN/UP)
     - ip6mr: Fix skb_under_panic in ip6mr_cache_report()
     - vxlan: Fix nexthop hash size
     - net/mlx5: fs_core: Make find_closest_ft more generic
     - net/mlx5: fs_core: Skip the FTs in the same FS_TYPE_PRIO_CHAINS fs_prio
     - prestera: fix fallback to previous version on same major version
     - tcp_metrics: fix addr_same() helper
     - tcp_metrics: annotate data-races around tm->tcpm_stamp
     - tcp_metrics: annotate data-races around tm->tcpm_lock
     - tcp_metrics: annotate data-races around tm->tcpm_vals[]
     - tcp_metrics: annotate data-races around tm->tcpm_net
     - tcp_metrics: fix data-race in tcpm_suck_dst() vs fastopen
     - scsi: zfcp: Defer fc_rport blocking until after ADISC response
     - scsi: storvsc: Limit max_sectors for virtual Fibre Channel devices
     - libceph: fix potential hang in ceph_osdc_notify()
     - USB: zaurus: Add ID for A-300/B-500/C-700
     - ceph: defer stopping mdsc delayed_work
     - firmware: arm_scmi: Drop OF node reference in the transport channel setup
     - exfat: use kvmalloc_array/kvfree instead of kmalloc_array/kfree
     - exfat: release s_lock before calling dir_emit()
     - mtd: spinand: toshiba: Fix ecc_get_status
     - mtd: rawnand: meson: fix OOB available bytes for ECC
     - arm64: dts: stratix10: fix incorrect I2C property for SCL signal
     - wifi: mt76: mt7615: do not advertise 5 GHz on first phy of MT7615D (DBDC)
     - rbd: prevent busy loop when requesting exclusive lock
     - bpf: Disable preemption in bpf_event_output
     - open: make RESOLVE_CACHED correctly test for O_TMPFILE
     - drm/ttm: check null pointer before accessing when swapping
     - bpf, cpumap: Make sure kthread is running before