Package "linux"

  linux (5.4.0-171.189) focal; urgency=medium

  * focal/linux: 5.4.0-171.189 -proposed tracker (LP: #2048282)

  * Packaging resync (LP: #1786013)
    - [Packaging] remove helper scripts
    - [Packaging] update annotations scripts
    - debian/dkms-versions -- update from kernel-versions (main/2024.01.08)

  * Page fault in RDMA ODP triggers BUG_ON during MMU notifier registration
    (LP: #2046534)
    - RDMA/odp: Ensure the mm is still alive before creating an implicit child

  * Hotplugging SCSI disk in QEMU VM fails (LP: #2047382)
    - Revert "PCI: acpiphp: Reassign resources on bridge if necessary"

  * CVE-2023-6040
    - netfilter: nf_tables: Reject tables of unsupported family

  * kernel_selftests failures on kernel-P10d-LPAR10.ppc64el.10
    (LP: #2032641)
    - selftests: Skip TM tests on synthetic TM implementations

  * [Debian] autoreconstruct - Do not generate chmod -x for deleted files
    (LP: #2045562)
    - [Debian] autoreconstruct - Do not generate chmod -x for deleted files

  * CVE-2023-6931
    - perf/core: Add a new read format to get a number of lost samples
    - perf: Fix perf_event_validate_size()
    - perf: Fix perf_event_validate_size() lockdep splat

  * CVE-2023-6932
    - ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet

  * CVE-2023-6606
    - smb: client: fix OOB in smbCalcSize()

  * CVE-2023-45863
    - kobject: Fix slab-out-of-bounds in fill_kobj_path()

  * Focal update: v5.4.259 upstream stable release (LP: #2043724)
    - RDMA/cxgb4: Check skb value for failure to allocate
    - lib/test_meminit: fix off-by-one error in test_pages()
    - pwm: hibvt: Explicitly set .polarity in .get_state()
    - HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect
    - quota: Fix slow quotaoff
    - net: prevent address rewrite in kernel_bind()
    - drm: etvnaviv: fix bad backport leading to warning
    - drm/msm/dsi: skip the wait for video mode done if not applicable
    - ravb: Fix up dma_free_coherent() call in ravb_remove()
    - ieee802154: ca8210: Fix a potential UAF in ca8210_probe
    - mlxsw: fix mlxsw_sp2_nve_vxlan_learning_set() return type
    - xen-netback: use default TX queue size for vifs
    - drm/vmwgfx: fix typo of sizeof argument
    - ixgbe: fix crash with empty VF macvlan list
    - net: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn()
    - nfc: nci: assert requested protocol is valid
    - workqueue: Override implicit ordered attribute in
      workqueue_apply_unbound_cpumask()
    - dmaengine: stm32-mdma: abort resume if no ongoing transfer
    - usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer
    - net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read
    - usb: dwc3: Soft reset phy on probe for host
    - usb: musb: Get the musb_qh poniter after musb_giveback
    - usb: musb: Modify the "HWVers" register address
    - iio: pressure: bmp280: Fix NULL pointer exception
    - iio: pressure: dps310: Adjust Timeout Settings
    - iio: pressure: ms5611: ms5611_prom_is_valid false negative bug
    - mcb: remove is_added flag from mcb_device struct
    - libceph: use kernel_connect()
    - ceph: fix incorrect revoked caps assert in ceph_fill_file_size()
    - Input: powermate - fix use-after-free in powermate_config_complete
    - Input: psmouse - fix fast_reconnect function for PS/2 mode
    - Input: xpad - add PXN V900 support
    - cgroup: Remove duplicates in cgroup v1 tasks file
    - pinctrl: avoid unsafe code pattern in find_pinctrl()
    - usb: gadget: udc-xilinx: replace memcpy with memcpy_toio
    - usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call
    - x86/cpu: Fix AMD erratum #1485 on Zen4-based CPUs
    - dmaengine: mediatek: Fix deadlock caused by synchronize_irq()
    - powerpc/8xx: Fix pte_access_permitted() for PAGE_NONE
    - powerpc/64e: Fix wrong test in __ptep_test_and_clear_young()
    - ravb: Fix use-after-free issue in ravb_tx_timeout_work()
    - Documentation: sysctl: align cells in second content column
    - usb: hub: Guard against accesses to uninitialized BOS descriptors
    - Bluetooth: hci_event: Ignore NULL link key
    - Bluetooth: Reject connection with the device which has same BD_ADDR
    - Bluetooth: Fix a refcnt underflow problem for hci_conn
    - Bluetooth: vhci: Fix race when opening vhci device
    - Bluetooth: hci_event: Fix coding style
    - Bluetooth: avoid memcmp() out of bounds warning
    - ice: fix over-shifted variable
    - nfc: nci: fix possible NULL pointer dereference in send_acknowledge()
    - regmap: fix NULL deref on lookup
    - KVM: x86: Mask LVTPC when handling a PMI
    - netfilter: nft_payload: fix wrong mac header matching
    - qed: fix LL2 RX buffer allocation
    - xfrm: fix a data-race in xfrm_gen_index()
    - xfrm: interface: use DEV_STATS_INC()
    - net: ipv4: fix return value check in esp_remove_trailer
    - net: ipv6: fix return value check in esp_remove_trailer
    - net: rfkill: gpio: prevent value glitch during probe
    - tcp: fix excessive TLP and RACK timeouts from HZ rounding
    - tcp: tsq: relax tcp_small_queue_check() when rtx queue contains a single skb
    - tun: prevent negative ifindex
    - ipv4: fib: annotate races around nh->nh_saddr_genid and nh->nh_saddr
    - net: usb: smsc95xx: Fix an error code in smsc95xx_reset()
    - i40e: prevent crash on probe if hw registers have invalid values
    - net/sched: sch_hfsc: upgrade 'rt' to 'sc' when it becomes a inner curve
    - neighbor: tracing: Move pin6 inside CONFIG_IPV6=y section
    - netfilter: nft_set_rbtree: .deactivate fails if element has expired
    - net: pktgen: Fix interface flags printing
    - resource: Add irqresource_disabled()
    - ACPI: Drop acpi_dev_irqresource_disabled()
    - ACPI: resource: Skip IRQ override on Asus Vivobook S5602ZA
    - ACPI: resource: Add Asus ExpertBook B2502 to Asus quirks
    - ACPI: resource: Skip IRQ override on Asus Expertbook B2402CBA
    - ACPI: resource:

  linux (5.4.0-170.188) focal; urgency=medium

  * focal/linux: 5.4.0-170.188 -proposed tracker (LP: #2048654)

  * CVE-2023-6040
    - netfilter: nf_tables: Reject tables of unsupported family

  * CVE-2023-6606
    - smb: client: fix OOB in smbCalcSize()

  * CVE-2023-6932
    - ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet

  * CVE-2023-6931
    - perf/core: Add a new read format to get a number of lost samples
    - perf: Fix perf_event_validate_size()
    - perf: Fix perf_event_validate_size() lockdep splat

 -- Thadeu Lima de Souza Cascardo <email address hidden> Wed, 10 Jan 2024 06:32:57 -0300

  linux (5.4.0-169.187) focal; urgency=medium

  * focal/linux: 5.4.0-169.187 -proposed tracker (LP: #2044375)

  * USB bus error after upgrading to proposed kernel on lunar, jammy and focal
    (LP: #2043197)
    - USB: core: Fix oversight in SuperSpeed initialization

  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log
    - [Packaging] resync update-dkms-versions helper
    - [Packaging] update annotations scripts

  linux (5.4.0-167.184) focal; urgency=medium

  * focal/linux: 5.4.0-167.184 -proposed tracker (LP: #2041988)

  * CVE-2023-45871
    - igb: set max size RX buffer when store bad packet is enabled

  * CVE-2023-31085
    - ubi: Refuse attaching if mtd's erasesize is 0

  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts

 -- Thadeu Lima de Souza Cascardo <email address hidden> Mon, 30 Oct 2023 17:22:16 -0300

  linux (5.4.0-166.183) focal; urgency=medium

  * focal/linux: 5.4.0-166.183 -proposed tracker (LP: #2038010)

  * Use new annotations model (LP: #2019000)
    - [Packaging] new annotations model infrastructure
    - [Packaging] config-check: Handle new annotations format 4
    - [Packaging] rules: Use old-kernelconfig for old configs
    - [Config] sanitize annotations
    - [Config] import generated configs into annotation file
    - [Packaging] kernelconfig: add i386 as supported arch
    - [Config] Remove all old configs files

  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts
    - [Packaging] update annotations scripts

  * fix typo in config-checks invocation (LP: #2020413)
    - [Packaging] fix typo when calling the old config-check
    - [Packaging] fix typo in 4-checks.mk

  * support python < 3.9 with annotations (LP: #2020531)
    - [Packaging] kconfig/annotations.py: support older way of merging dicts

  * CVE-2023-42756
    - netfilter: ipset: Fix race between IPSET_CMD_CREATE and IPSET_CMD_SWAP

  * CVE-2023-4623
    - net/sched: sch_hfsc: Ensure inner classes have fsc curve

  * Focal update: v5.4.252 upstream stable release (LP: #2036240)
    - ia64/cpu: Switch to arch_cpu_finalize_init()
    - m68k/cpu: Switch to arch_cpu_finalize_init()
    - mips/cpu: Switch to arch_cpu_finalize_init()
    - sh/cpu: Switch to arch_cpu_finalize_init()
    - x86/cpufeatures: Add SEV-ES CPU feature
    - x86/cpu: Add VM page flush MSR availablility as a CPUID feature
    - x86/cpufeatures: Assign dedicated feature word for CPUID_0x8000001F[EAX]
    - tools headers cpufeatures: Sync with the kernel sources
    - x86/cpu, kvm: Add support for CPUID_80000021_EAX
    - Linux 5.4.252
    - Upstream stable to v5.4.252

  * CVE-2023-42755
    - net/sched: Retire rsvp classifier
    - [Config] remove NET_CLS_RSVP and NET_CLS_RSVP6

  * CVE-2023-42753
    - netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for
      ip_set_hash_netportnet.c

  * CVE-2023-34319
    - xen/netback: Fix buffer overrun triggered by unusual packet

  * CVE-2023-4921
    - net: sched: sch_qfq: Fix UAF in qfq_dequeue()

  * CVE-2023-42752
    - igmp: limit igmpv3_newpack() packet size to IP_MAX_MTU

  * Avoid address overwrite in kernel_connect (LP: #2035163)
    - net: Avoid address overwrite in kernel_connect

  * [regression] Unable to initialize SGX enclaves with XFRM other than 3
    (LP: #2034745)
    - x86/fpu: Set X86_FEATURE_OSXSAVE feature after enabling OSXSAVE in CR4

  * CVE-2023-4881
    - netfilter: nftables: exthdr: fix 4-byte stack OOB write

  * CVE-2023-4622
    - af_unix: Fix null-ptr-deref in unix_stream_sendpage().

  * Focal update: v5.4.251 upstream stable release (LP: #2034918)
    - x86/smp: Use dedicated cache-line for mwait_play_dead()
    - video: imsttfb: check for ioremap() failures
    - fbdev: imsttfb: Fix use after free bug in imsttfb_probe
    - HID: wacom: Use ktime_t rather than int when dealing with timestamps
    - drm/i915: Initialise outparam for error return from wait_for_register
    - scripts/tags.sh: Resolve gtags empty index generation
    - drm/amdgpu: Validate VM ioctl flags.
    - bgmac: fix *initial* chip reset to support BCM5358
    - x86/resctrl: Use is_closid_match() in more places
    - x86/resctrl: Only show tasks' pid in current pid namespace
    - md/raid10: check slab-out-of-bounds in md_bitmap_get_counter
    - md/raid10: fix overflow of md/safe_mode_delay
    - md/raid10: fix wrong setting of max_corr_read_errors
    - md/raid10: fix null-ptr-deref of mreplace in raid10_sync_request
    - md/raid10: fix io loss while replacement replace rdev
    - irqchip/jcore-aic: Kill use of irq_create_strict_mappings()
    - irqchip/jcore-aic: Fix missing allocation of IRQ descriptors
    - tracing/timer: Add missing hrtimer modes to decode_hrtimer_mode().
    - clocksource/drivers/cadence-ttc: Use ttc driver as platform driver
    - clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe
    - PM: domains: fix integer overflow issues in genpd_parse_state()
    - powercap: RAPL: Fix CONFIG_IOSF_MBI dependency
    - ARM: 9303/1: kprobes: avoid missing-declaration warnings
    - evm: Complete description of evm_inode_setattr()
    - pstore/ram: Add check for kstrdup
    - ima: Fix build warnings
    - wifi: ath9k: fix AR9003 mac hardware hang check register offset calculation
    - wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx
    - samples/bpf: Fix buffer overflow in tcp_basertt
    - spi: spi-geni-qcom: Correct CS_TOGGLE bit in SPI_TRANS_CFG
    - wifi: mwifiex: Fix the size of a memory allocation in
      mwifiex_ret_802_11_scan()
    - nfc: constify several pointers to u8, char and sk_buff
    - nfc: llcp: fix possible use of uninitialized variable in
      nfc_llcp_send_connect()
    - regulator: core: Fix more error checking for debugfs_create_dir()
    - regulator: core: Streamline debugfs operations
    - wifi: orinoco: Fix an error handling path in spectrum_cs_probe()
    - wifi: orinoco: Fix an error handling path in orinoco_cs_probe()
    - wifi: atmel: Fix an error handling path in atmel_probe()
    - wl3501_cs: Fix a bunch of formatting issues related to function docs
    - wl3501_cs: Remove unnecessary NULL check
    - wl3501_cs: Fix misspelling and provide missing documentation
    - net: create netdev->dev_addr assignment helpers
    - wl3501_cs: use eth_hw_addr_set()
    - wifi: wl3501_cs: Fix an error handling path in wl3501_probe()
    - wifi: ray_cs: Utilize strnlen() in parse_addr()
    - wifi: ray_cs: Drop useless status variable in parse_addr()
    - wifi: ray_cs: Fix an error handling path in ray_probe()
    - wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes
    - wifi: rsi: Do not set MMC_PM_KEEP_POWER in shutdown
    - watchdog/perf: define dummy watchdog_update_hrtimer_threshold() on correct
      config
    - watchdog/perf: more properly prevent false positives wi