Package "linux-gcp-5.15"

  linux-gcp-5.15 (5.15.0-1083.92~20.04.1) focal; urgency=medium

  * focal/linux-gcp-5.15: 5.15.0-1083.92~20.04.1 -proposed tracker
    (LP: #2106943)

  * Packaging resync (LP: #1786013)
    - [Packaging] debian.gcp-5.15/dkms-versions -- update from kernel-versions
      (main/2025.04.14)

  [ Ubuntu: 5.15.0-1083.92 ]

  * jammy/linux-gcp: 5.15.0-1083.92 -proposed tracker (LP: #2106944)
  * IDPF: TX timeout and crash (LP: #2093622)
    - idpf: refactor some missing field get/prep conversions
    - idpf: set scheduling mode for completion queue
    - idpf: make virtchnl2.h self-contained
    - idpf: stop using macros for accessing queue descriptors
    - idpf: fix kernel panic on unknown packet types
    - idpf: fix corrupted frames and skb leaks in singleq mode
    - idpf: split &idpf_queue into 4 strictly-typed queue structures
    - idpf: fix memory leaks and crashes while performing a soft reset
    - idpf: enable WB_ON_ITR
    - idpf: avoid vport access in idpf_get_link_ksettings
    - idpf: fix idpf_vc_core_init error path
    - idpf: add support for SW triggered interrupts
    - idpf: trigger SW interrupt when exiting wb_on_itr mode
  * kdump failures with instances using IDPF (LP: #2104324)
    - idpf: call set_real_num_queues in idpf_open
  * GCP kernels need CONFIG_VIRTIO_BALLOON=m (not =y) (LP: #2105142)
    - [Packaging] gcp: Make virtio_balloon loadable
  * jammy/linux: 5.15.0-140.150 -proposed tracker (LP: #2106996)
  * Packaging resync (LP: #1786013)
    - [Packaging] debian.master/dkms-versions -- update from kernel-versions
      (main/2025.04.14)
  * NFS, overlay, fstab issue after update to kernel 5.15.0-133-generic and -134
    (LP: #2103598)
    - udf: Fix directory iteration for longer tail extents
  * Remove floppy kernel module causes null pointer deference (LP: #2104326)
    - floppy: fix add_disk() assumption on exit due to new developments
  * CVE-2025-21971
    - net_sched: Prevent creation of classes with TC_H_ROOT
  * CVE-2024-56599
    - wifi: ath10k: avoid NULL pointer error during sdio remove
  * CVE-2024-56721
    - x86/CPU/AMD: Terminate the erratum_1386_microcode array
  * Jammy update: v5.15.179 upstream stable release (LP: #2106026)
    - afs: Fix EEXIST error returned from afs_rmdir() to be ENOTEMPTY
    - afs: Fix directory format encoding struct
    - hung_task: move hung_task sysctl interface to hung_task.c
    - sysctl: use const for typically used max/min proc sysctls
    - sysctl: share unsigned long const values
    - fs: move inode sysctls to its own file
    - fs: move fs stat sysctls to file_table.c
    - fs: fix proc_handler for sysctl_nr_open
    - block: deprecate autoloading based on dev_t
    - block: retry call probe after request_module in blk_request_module
    - pstore/blk: trivial typo fixes
    - nvme: Add error check for xa_store in nvme_get_effects_log
    - partitions: ldm: remove the initial kernel-doc notation
    - select: Fix unbalanced user_access_end()
    - afs: Fix the fallback handling for the YFS.RemoveFile2 RPC call
    - sched/psi: Use task->psi_flags to clear in CPU migration
    - sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat
    - drm/etnaviv: Fix page property being used for non writecombine buffers
    - genirq: Make handle_enforce_irqctx() unconditionally available
    - wifi: rtlwifi: do not complete firmware loading needlessly
    - wifi: rtlwifi: rtl8192se: rise completion of firmware loading as last step
    - wifi: rtlwifi: wait for firmware loading before releasing memory
    - wifi: rtlwifi: fix init_sw_vars leak when probe fails
    - wifi: rtlwifi: usb: fix workqueue leak when probe fails
    - spi: zynq-qspi: Add check for clk_enable()
    - dt-bindings: mmc: controller: clarify the address-cells description
    - spi: dt-bindings: add schema listing peripheral-specific properties
    - dt-bindings: Another pass removing cases of 'allOf' containing a '$ref'
    - dt-bindings: leds: Add Qualcomm Light Pulse Generator binding
    - dt-bindings: leds: Optional multi-led unit address
    - dt-bindings: leds: Add multicolor PWM LED bindings
    - dt-bindings: leds: class-multicolor: reference class directly in multi-led
      node
    - dt-bindings: leds: class-multicolor: Fix path to color definitions
    - rtlwifi: replace usage of found with dedicated list iterator variable
    - wifi: rtlwifi: remove unused timer and related code
    - wifi: rtlwifi: remove unused dualmac control leftovers
    - wifi: rtlwifi: destroy workqueue at rtl_deinit_core
    - wifi: rtlwifi: pci: wait for firmware loading before releasing memory
    - HID: multitouch: Add support for lenovo Y9000P Touchpad
    - Revert "HID: multitouch: Add support for lenovo Y9000P Touchpad"
    - HID: multitouch: fix support for Goodix PID 0x01e9
    - regulator: dt-bindings: mt6315: Drop regulator-compatible property
    - ACPI: fan: cleanup resources in the error path of .probe()
    - cpupower: fix TSC MHz calculation
    - dt-bindings: mfd: bd71815: Fix rsense and typos
    - leds: netxbig: Fix an OF node reference leak in netxbig_leds_get_of_pdata()
    - cpufreq: schedutil: Fix superfluous updates caused by need_freq_update
    - clk: imx8mp: Fix clkout1/2 support
    - regulator: of: Implement the unwind path of of_regulator_match()
    - samples/landlock: Fix possible NULL dereference in parse_path()
    - wifi: wlcore: fix unbalanced pm_runtime calls
    - net/smc: fix data error when recvmsg with MSG_PEEK flag
    - landlock: Move filesystem helpers and add a new one
    - wifi: mt76: mt76u_vendor_request: Do not print error messages when -EPROTO
    - cpufreq: ACPI: Fix max-frequency computation
    - selftests: harness: fix printing of mismatch values in __EXPECT()
    - wifi: cfg80211: Handle specific BSSID in 6GHz scanning
    - wifi: cfg80211: adjust allocation of colocated AP data
    - clk: analogbits: Fix incorrect calculation of vco rate delta
    - selftests/landlock: Fix error message
  

  linux-gcp-5.15 (5.15.0-1081.90~20.04.1) focal; urgency=medium

  * focal/linux-gcp-5.15: 5.15.0-1081.90~20.04.1 -proposed tracker
    (LP: #2102546)

  [ Ubuntu: 5.15.0-1081.90 ]

  * jammy/linux-gcp: 5.15.0-1081.90 -proposed tracker (LP: #2102547)
  * jammy/linux: 5.15.0-138.148 -proposed tracker (LP: #2102587)
  * ipsec_offload in rtnetlink.sh from ubunsu_kselftests_net fails on O/J
    (LP: #2096976)
    - SAUCE: selftest: netfilter: fix null IP field in kci_test_ipsec_offload
  * CVE-2025-21756
    - vsock: Keep the binding until socket destruction
    - vsock: Orphan socket after transport release
  * CVE-2024-50256
    - netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6()
  * CVE-2025-21702
    - pfifo_tail_enqueue: Drop new packet when sch->limit == 0
  * CVE-2025-21703
    - netem: Update sch->q.qlen before qdisc_tree_reduce_backlog()
  * CVE-2025-21700
    - net: sched: Disallow replacing of child qdisc from one parent to another
  * CVE-2024-46826
    - ELF: fix kernel.randomize_va_space double read
  * CVE-2024-56651
    - can: hi311x: hi3110_can_ist(): fix potential use-after-free
  * iBFT iSCSI out-of-bounds shift UBSAN warning (LP: #2097824)
    - iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic()
  * CVE-2024-50248
    - ntfs3: Add bounds checking to mi_enum_attr()
    - fs/ntfs3: Sequential field availability check in mi_enum_attr()
  * CVE-2022-0995
    - watch_queue: Use the bitmap API when applicable
  * CVE-2024-26837
    - net: bridge: switchdev: Skip MDB replays of deferred events on offload
  * CVE-2025-21701
    - net: avoid race between device unregistration and ethnl ops
  * CVE-2024-57798
    - drm/dp_mst: Skip CSN if topology probing is not done yet
    - drm/dp_mst: Ensure mst_primary pointer is valid in
      drm_dp_mst_handle_up_req()
  * CVE-2024-56658
    - net: defer final 'struct net' free in netns dismantle
  * CVE-2024-35864
    - smb: client: fix potential UAF in smb2_is_valid_lease_break()
  * CVE-2024-35864/CVE-2024-26928
    - smb: client: fix potential UAF in cifs_debug_files_proc_show()

 -- Stewart Hore <email address hidden> Tue, 01 Apr 2025 18:42:04 +1100

  linux-gcp-5.15 (5.15.0-1079.88~20.04.1) focal; urgency=medium

  * focal/linux-gcp-5.15: 5.15.0-1079.88~20.04.1 -proposed tracker
    (LP: #2098263)

  [ Ubuntu: 5.15.0-1079.88 ]

  * jammy/linux-gcp: 5.15.0-1079.88 -proposed tracker (LP: #2098264)
  * Fix bugs preventing boot on Intel TDX-enabled hosts (LP: #2097811)
    - x86/mtrr: Remove physical address size calculation
  * jammy/linux: 5.15.0-135.146 -proposed tracker (LP: #2098300)
  * Packaging resync (LP: #1786013)
    - [Packaging] debian.master/dkms-versions -- update from kernel-versions
      (main/2025.02.10)
  * Jammy update: v5.15.178 upstream stable release (LP: #2098441)
    - ASoC: wm8994: Add depends on MFD core
    - ASoC: samsung: Add missing selects for MFD_WM8994
    - seccomp: Stub for !CONFIG_SECCOMP
    - scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request
    - irqchip/sunxi-nmi: Add missing SKIP_WAKE flag
    - ASoC: samsung: Add missing depends on I2C
    - regmap: detach regmap from dev on regmap_exit
    - mptcp: don't always assume copied data in mptcp_cleanup_rbuf()
    - gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag
    - net: sched: fix ets qdisc OOB Indexing
    - vfio/platform: check the bounds of read/write syscalls
    - fs/ntfs3: Additional check in ntfs_file_release
    - platform/chrome: cros_ec_typec: Check for EC driver
    - ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find()
    - scsi: storvsc: Ratelimit warning logs to prevent VM denial of service
    - wifi: iwlwifi: add a few rate index validity checks
    - USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb()
    - ALSA: usb-audio: Add delay quirk for USB Audio Device
    - Input: atkbd - map F23 key to support default copilot shortcut
    - Input: xpad - add unofficial Xbox 360 wireless receiver clone
    - Input: xpad - add support for wooting two he (arm)
    - drm/v3d: Assign job pointer to NULL before signaling the fence
    - Linux 5.15.178
  * CVE-2024-49925
    - fbdev: efifb: Register sysfs groups through driver core
  * Jammy update: v5.15.177 upstream stable release (LP: #2097298)
    - ceph: give up on paths longer than PATH_MAX
    - jbd2: flush filesystem device before updating tail sequence
    - dm array: fix releasing a faulty array block twice in dm_array_cursor_end
    - dm array: fix unreleased btree blocks on closing a faulty array cursor
    - dm array: fix cursor index when skipping across block boundaries
    - exfat: fix the infinite loop in exfat_readdir()
    - exfat: fix the infinite loop in __exfat_free_cluster()
    - ASoC: mediatek: disable buffer pre-allocation
    - ieee802154: ca8210: Add missing check for kfifo_alloc() in ca8210_probe()
    - net: 802: LLC+SNAP OID:PID lookup on start of skb data
    - tcp/dccp: complete lockless accesses to sk->sk_max_ack_backlog
    - tcp/dccp: allow a connection when sk_max_ack_backlog is zero
    - net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute
    - bnxt_en: Fix possible memory leak when hwrm_req_replace fails
    - cxgb4: Avoid removal of uninserted tid
    - tls: Fix tls_sw_sendmsg error handling
    - netfilter: nf_tables: imbalance in flowtable binding
    - netfilter: conntrack: clamp maximum hashtable size to INT_MAX
    - drm/mediatek: Add support for 180-degree rotation in the display driver
    - ksmbd: fix a missing return value check bug
    - afs: Fix the maximum cell name length
    - dm thin: make get_first_thin use rcu-safe list first function
    - dm-ebs: don't set the flag DM_TARGET_PASSES_INTEGRITY
    - sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy
    - sctp: sysctl: rto_min/max: avoid using current->nsproxy
    - sctp: sysctl: auth_enable: avoid using current->nsproxy
    - sctp: sysctl: udp_port: avoid using current->nsproxy
    - sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy
    - drm/amd/display: Add check for granularity in dml ceil/floor helpers
    - riscv: Fix sleeping in invalid context in die()
    - ACPI: resource: Add TongFang GM5HG0A to irq1_edge_low_force_override[]
    - ACPI: resource: Add Asus Vivobook X1504VAP to irq1_level_low_skip_override[]
    - drm/amd/display: increase MAX_SURFACES to the value supported by hw
    - scripts/sorttable: fix orc_sort_cmp() to maintain symmetry and transitivity
    - USB: serial: option: add MeiG Smart SRM815
    - USB: serial: option: add Neoway N723-EA support
    - staging: iio: ad9834: Correct phase range check
    - staging: iio: ad9832: Correct phase range check
    - usb-storage: Add max sectors quirk for Nokia 208
    - USB: serial: cp210x: add Phoenix Contact UPS Device
    - usb: dwc3: gadget: fix writing NYET threshold
    - topology: Keep the cpumask unchanged when printing cpumap
    - USB: usblp: return error when setting unsupported protocol
    - USB: core: Disable LPM only for non-suspended ports
    - usb: fix reference leak in usb_new_device()
    - usb: gadget: f_uac2: Fix incorrect setting of bNumEndpoints
    - usb: gadget: f_fs: Remove WARN_ON in functionfs_bind
    - iio: pressure: zpa2326: fix information leak in triggered buffer
    - iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered
      buffer
    - iio: light: vcnl4035: fix information leak in triggered buffer
    - iio: imu: kmx61: fix information leak in triggered buffer
    - iio: adc: ti-ads8688: fix information leak in triggered buffer
    - iio: gyro: fxas21002c: Fix missing data update in trigger handler
    - iio: adc: ti-ads124s08: Use gpiod_set_value_cansleep()
    - iio: adc: at91: call input_free_device() on allocated iio_dev
    - iio: inkern: call iio_device_put() only on mapped devices
    - iio: adc: ad7124: Disable all channels at probe time
    - block, bfq: fix waker_bfqq UAF after bfq_split_bfqq()
    - arm64: dts: rockchip: add hevc power domain clock to rk3328
    - of: unittest: Add bus address range parsing tests
    - of/address: A

  linux-gcp-5.15 (5.15.0-1077.86~20.04.1) focal; urgency=medium

  * focal/linux-gcp-5.15: 5.15.0-1077.86~20.04.1 -proposed tracker
    (LP: #2097307)

  [ Ubuntu: 5.15.0-1077.86 ]

  * jammy/linux-gcp: 5.15.0-1077.86 -proposed tracker (LP: #2097047)
  * IDPF: TX timeout and crash (LP: #2093622)
    - Revert "idpf: trigger SW interrupt when exiting wb_on_itr mode"
    - Revert "idpf: add support for SW triggered interrupts"
    - Revert "idpf: fix idpf_vc_core_init error path"
    - Revert "idpf: avoid vport access in idpf_get_link_ksettings"
    - Revert "idpf: enable WB_ON_ITR"

  linux-gcp-5.15 (5.15.0-1076.85~20.04.1) focal; urgency=medium

  * focal/linux-gcp-5.15: 5.15.0-1076.85~20.04.1 -proposed tracker
    (LP: #2093697)

  * Packaging resync (LP: #1786013)
    - [Packaging] debian.gcp-5.15/dkms-versions -- update from kernel-versions
      (main/2025.01.13)

  * Add list of source files to linux-buildinfo (LP: #2086606)
    - [Packaging] Add dwarfdump package in the Build-Depends

  [ Ubuntu: 5.15.0-1076.85 ]

  * jammy/linux-gcp: 5.15.0-1076.85 -proposed tracker (LP: #2093698)
  * Add list of source files to linux-buildinfo (LP: #2086606)
    - [PATCH] UBUNTU: [Packaging] Add dwarfdump package in the Build-Depends
  * IDPF: TX timeout and crash (LP: #2093622)
    - idpf: enable WB_ON_ITR
    - idpf: avoid vport access in idpf_get_link_ksettings
    - idpf: fix idpf_vc_core_init error path
    - idpf: add support for SW triggered interrupts
    - idpf: trigger SW interrupt when exiting wb_on_itr mode
  * jammy/linux: 5.15.0-132.143 -proposed tracker (LP: #2093735)
  * Packaging resync (LP: #1786013)
    - [Packaging] debian.master/dkms-versions -- update from kernel-versions
      (main/2025.01.13)
  * KVM: Cache CPUID at KVM.ko module init to reduce latency of VM-Enter and VM-
    Exit (LP: #2093146)
    - kvm: x86: Fix xstate_required_size() to follow XSTATE alignment rule
    - KVM: x86: Cache CPUID.0xD XSTATE offsets+sizes during module init
  * Jammy update: v5.15.173 upstream stable release (LP: #2089541)
    - 9p: Avoid creating multiple slab caches with the same name
    - irqchip/ocelot: Fix trigger register address
    - block: Fix elevator_get_default() checking for NULL q->tag_set
    - HID: multitouch: Add support for B2402FVA track point
    - HID: multitouch: Add quirk for HONOR MagicBook Art 14 touchpad
    - bpf: use kvzmalloc to allocate BPF verifier environment
    - crypto: marvell/cesa - Disable hash algorithms
    - sound: Make CONFIG_SND depend on INDIRECT_IOMEM instead of UML
    - drm/vmwgfx: Limit display layout ioctl array size to
      VMWGFX_NUM_DISPLAY_UNITS
    - powerpc/powernv: Free name on error in opal_event_init()
    - vDPA/ifcvf: Fix pci_read_config_byte() return code handling
    - fs: Fix uninitialized value issue in from_kuid and from_kgid
    - HID: multitouch: Add quirk for Logitech Bolt receiver w/ Casa touchpad
    - HID: lenovo: Add support for Thinkpad X1 Tablet Gen 3 keyboard
    - net: usb: qmi_wwan: add Fibocom FG132 0x0112 composition
    - md/raid10: improve code of mrdev in raid10_sync_request
    - mm/memory: add non-anonymous page check in the copy_present_page()
    - udf: Allocate name buffer in directory iterator on heap
    - udf: Avoid directory type conversion failure due to ENOMEM
    - 9p: fix slab cache name creation for real
    - Linux 5.15.173
  * Jammy update: v5.15.173 upstream stable release (LP: #2089541) //
    CVE-2024-41080
    - io_uring: fix possible deadlock in io_register_iowq_max_workers()
  * Jammy update: v5.15.172 upstream stable release (LP: #2089533)
    - arm64: dts: rockchip: Fix rt5651 compatible value on rk3399-sapphire-
      excavator
    - arm64: dts: rockchip: Remove hdmi's 2nd interrupt on rk3328
    - arm64: dts: rockchip: Fix bluetooth properties on Rock960 boards
    - arm64: dts: rockchip: Remove #cooling-cells from fan on Theobroma lion
    - arm64: dts: rockchip: Fix LED triggers on rk3308-roc-cc
    - arm64: dts: imx8mp: correct sdhc ipg clk
    - ARM: dts: rockchip: fix rk3036 acodec node
    - ARM: dts: rockchip: drop grf reference from rk3036 hdmi
    - ARM: dts: rockchip: Fix the spi controller on rk3036
    - ARM: dts: rockchip: Fix the realtek audio codec on rk3036-kylin
    - NFSv3: only use NFS timeout for MOUNT when protocols are compatible
    - NFS: Add a tracepoint to show the results of nfs_set_cache_invalid()
    - NFSv3: handle out-of-order write replies.
    - nfs: avoid i_lock contention in nfs_clear_invalid_mapping
    - net: enetc: set MAC address to the VF net_device
    - can: c_can: fix {rx,tx}_errors statistics
    - net: phy: ti: add PHY_RST_AFTER_CLK_EN flag
    - net: stmmac: Fix unbalanced IRQ wake disable warning on single irq case
    - Revert "ALSA: hda/conexant: Mute speakers at suspend / shutdown"
    - media: stb0899_algo: initialize cfr before using it
    - media: dvb_frontend: don't play tricks with underflow values
    - media: adv7604: prevent underflow condition when reporting colorspace
    - scsi: sd_zbc: Use kvzalloc() to allocate REPORT ZONES buffer
    - ALSA: firewire-lib: fix return value on fail in amdtp_tscm_init()
    - media: pulse8-cec: fix data timestamp at pulse8_setup()
    - media: v4l2-ctrls-api: fix error handling for v4l2_g_ctrl()
    - pwm: imx-tpm: Use correct MODULO value for EPWM mode
    - drm/amdgpu: Adjust debugfs eviction and IB access permissions
    - drm/amdgpu: prevent NULL pointer dereference if ATIF is not supported
    - thermal/drivers/qcom/lmh: Remove false lockdep backtrace
    - dm cache: correct the number of origin blocks to match the target length
    - dm cache: optimize dirty bit checking with find_next_bit when resizing
    - dm-unstriped: cast an operand to sector_t to prevent potential uint32_t
      overflow
    - ALSA: usb-audio: Add quirk for HP 320 FHD Webcam
    - posix-cpu-timers: Clear TICK_DEP_BIT_POSIX_TIMER on clone
    - io_uring: rename kiocb_end_write() local helper
    - fs: create kiocb_{start,end}_write() helpers
    - io_uring: use kiocb_{start,end}_write() helpers
    - media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in
      uvc_parse_format
    - fs/proc: fix compile warning about variable 'vmcore_mmap_ops'
    - usb: dwc3: fix fault at system suspend if device was already runtime
      suspended
    - USB: serial: qcserial: add support for Sierra Wireless EM86xx
    - USB: serial: option: add Fibocom FG132 0x0112 composition
    - USB: serial: option: add Quectel RG650V
    - irqchip/gic-v3: Force propagation of the active state with a