Package "linux-aws-5.15"

  linux-aws-5.15 (5.15.0-1045.50~20.04.1) focal; urgency=medium

  * focal/linux-aws-5.15: 5.15.0-1045.50~20.04.1 -proposed tracker
    (LP: #2034161)

  [ Ubuntu: 5.15.0-1045.50 ]

  * jammy/linux-aws: 5.15.0-1045.50 -proposed tracker (LP: #2034162)
  * jammy/linux: 5.15.0-84.93 -proposed tracker (LP: #2034202)
  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts
  * CVE-2023-4569
    - netfilter: nf_tables: deactivate catchall elements in next generation
  * CVE-2023-40283
    - Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb
  * CVE-2023-20588
    - x86/bugs: Increase the x86 bugs vector size to two u32s
    - x86/CPU/AMD: Do not leak quotient data after a division by 0
    - x86/CPU/AMD: Fix the DIV(0) initial fix attempt
  * CVE-2023-4128
    - net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-
      free
    - net/sched: cls_fw: No longer copy tcf_result on update to avoid use-after-
      free
    - net/sched: cls_route: No longer copy tcf_result on update to avoid use-
      after-free

  linux-aws-5.15 (5.15.0-1044.49~20.04.1) focal; urgency=medium

  * focal/linux-aws-5.15: 5.15.0-1044.49~20.04.1 -proposed tracker
    (LP: #2030382)

  [ Ubuntu: 5.15.0-1044.49 ]

  * jammy/linux-aws: 5.15.0-1044.49 -proposed tracker (LP: #2030383)
  * Packaging resync (LP: #1786013)
    - debian/dkms-versions -- update from kernel-versions (main/s2023.07.10)
  * jammy/linux: 5.15.0-83.92 -proposed tracker (LP: #2031132)
  * libgnutls report "trap invalid opcode" when trying to install packages over
    https (LP: #2031093)
    - [Config]: disable CONFIG_GDS_FORCE_MITIGATION

  linux-aws-5.15 (5.15.0-1043.48~20.04.1) focal; urgency=medium

  * focal/linux-aws-5.15: 5.15.0-1043.48~20.04.1 -proposed tracker
    (LP: #2030548)

  [ Ubuntu: 5.15.0-1043.48 ]

  * jammy/linux-aws: 5.15.0-1043.48 -proposed tracker (LP: #2030549)
  * jammy/linux: 5.15.0-82.91 -proposed tracker (LP: #2031147)
  * libgnutls report "trap invalid opcode" when trying to install packages over
    https (LP: #2031093)
    - [Config]: disable CONFIG_GDS_FORCE_MITIGATION
  * jammy/linux: 5.15.0-80.87 -proposed tracker (LP: #2030588)
  * CVE-2022-40982
    - x86/mm: Initialize text poking earlier
    - x86/mm: fix poking_init() for Xen PV guests
    - x86/mm: Use mm_alloc() in poking_init()
    - mm: Move mm_cachep initialization to mm_init()
    - init: Provide arch_cpu_finalize_init()
    - x86/cpu: Switch to arch_cpu_finalize_init()
    - ARM: cpu: Switch to arch_cpu_finalize_init()
    - sparc/cpu: Switch to arch_cpu_finalize_init()
    - um/cpu: Switch to arch_cpu_finalize_init()
    - init: Remove check_bugs() leftovers
    - init: Invoke arch_cpu_finalize_init() earlier
    - init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init()
    - x86/init: Initialize signal frame size late
    - x86/fpu: Remove cpuinfo argument from init functions
    - x86/fpu: Mark init functions __init
    - x86/fpu: Move FPU initialization into arch_cpu_finalize_init()
    - x86/xen: Fix secondary processors' FPU initialization
    - x86/speculation: Add Gather Data Sampling mitigation
    - x86/speculation: Add force option to GDS mitigation
    - x86/speculation: Add Kconfig option for GDS
    - KVM: Add GDS_NO support to KVM
    - Documentation/x86: Fix backwards on/off logic about YMM support
    - [Config]: Enable CONFIG_ARCH_HAS_CPU_FINALIZE_INIT and
      CONFIG_GDS_FORCE_MITIGATION
  * CVE-2023-21400
    - io_uring: ensure IOPOLL locks around deferred work
  * CVE-2023-4015
    - netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound
      set/chain
    - netfilter: nf_tables: unbind non-anonymous set if rule construction fails
    - netfilter: nf_tables: skip immediate deactivate in _PREPARE_ERROR
  * CVE-2023-3777
    - netfilter: nf_tables: skip bound chain on rule flush
  * CVE-2023-3995
    - netfilter: nf_tables: disallow rule addition to bound chain via
      NFTA_RULE_CHAIN_ID
  * CVE-2023-20593
    - x86/cpu/amd: Move the errata checking functionality up
    - x86/cpu/amd: Add a Zenbleed fix
  * CVE-2023-3776
    - net/sched: cls_fw: Fix improper refcount update leads to use-after-free
  * CVE-2023-4004
    - netfilter: nft_set_pipapo: fix improper element removal
  * CVE-2023-3611
    - net/sched: sch_qfq: refactor parsing of netlink parameters
    - net/sched: sch_qfq: account for stab overhead in qfq_enqueue
  * CVE-2023-3610
    - netfilter: nf_tables: fix chain binding transaction logic
  * CVE-2023-3609
    - net/sched: cls_u32: Fix reference counter leak leading to overflow

  [ Ubuntu: 5.15.0-1042.47 ]

  * jammy/linux-aws: 5.15.0-1042.47 -proposed tracker (LP: #2029289)
  * Packaging resync (LP: #1786013)
    - [Packaging] resync update-dkms-versions helper

  linux-aws-5.15 (5.15.0-1041.46~20.04.1) focal; urgency=medium

  * focal/linux-aws-5.15: 5.15.0-1041.46~20.04.1 -proposed tracker
    (LP: #2026490)

  * Packaging resync (LP: #1786013)
    - [Packaging] resync update-dkms-versions helper

  [ Ubuntu: 5.15.0-1041.46 ]

  * jammy/linux-aws: 5.15.0-1041.46 -proposed tracker (LP: #2026491)
  * Packaging resync (LP: #1786013)
    - [Packaging] resync getabis
  * jammy/linux: 5.15.0-79.86 -proposed tracker (LP: #2026531)
  * Jammy update: v5.15.111 upstream stable release (LP: #2025095)
    - ASOC: Intel: sof_sdw: add quirk for Intel 'Rooks County' NUC M15
    - ASoC: soc-pcm: fix hw->formats cleared by soc_pcm_hw_init() for dpcm
    - x86/hyperv: Block root partition functionality in a Confidential VM
    - iio: adc: palmas_gpadc: fix NULL dereference on rmmod
    - ASoC: Intel: bytcr_rt5640: Add quirk for the Acer Iconia One 7 B1-750
    - selftests mount: Fix mount_setattr_test builds failed
    - asm-generic/io.h: suppress endianness warnings for readq() and writeq()
    - x86/cpu: Add model number for Intel Arrow Lake processor
    - wireguard: timers: cast enum limits members to int in prints
    - wifi: mt76: mt7921e: Set memory space enable in PCI_COMMAND if unset
    - arm64: Always load shadow stack pointer directly from the task struct
    - arm64: Stash shadow stack pointer in the task struct on interrupt
    - PCI: pciehp: Fix AB-BA deadlock between reset_lock and device_lock
    - PCI: qcom: Fix the incorrect register usage in v2.7.0 config
    - IMA: allow/fix UML builds
    - USB: dwc3: fix runtime pm imbalance on probe errors
    - USB: dwc3: fix runtime pm imbalance on unbind
    - hwmon: (k10temp) Check range scale when CUR_TEMP register is read-write
    - hwmon: (adt7475) Use device_property APIs when configuring polarity
    - posix-cpu-timers: Implement the missing timer_wait_running callback
    - blk-mq: release crypto keyslot before reporting I/O complete
    - blk-crypto: make blk_crypto_evict_key() return void
    - blk-crypto: make blk_crypto_evict_key() more robust
    - ext4: use ext4_journal_start/stop for fast commit transactions
    - staging: iio: resolver: ads1210: fix config mode
    - tty: Prevent writing chars during tcsetattr TCSADRAIN/FLUSH
    - xhci: fix debugfs register accesses while suspended
    - tick/nohz: Fix cpu_is_hotpluggable() by checking with nohz subsystem
    - MIPS: fw: Allow firmware to pass a empty env
    - ipmi:ssif: Add send_retries increment
    - ipmi: fix SSIF not responding under certain cond.
    - kheaders: Use array declaration instead of char
    - wifi: mt76: add missing locking to protect against concurrent rx/status
      calls
    - pwm: meson: Fix axg ao mux parents
    - pwm: meson: Fix g12a ao clk81 name
    - soundwire: qcom: correct setting ignore bit on v1.5.1
    - pinctrl: qcom: lpass-lpi: set output value before enabling output
    - ring-buffer: Sync IRQ works before buffer destruction
    - crypto: api - Demote BUG_ON() in crypto_unregister_alg() to a WARN_ON()
    - crypto: safexcel - Cleanup ring IRQ workqueues on load failure
    - rcu: Avoid stack overflow due to __rcu_irq_enter_check_tick() being kprobe-
      ed
    - reiserfs: Add security prefix to xattr name in reiserfs_security_write()
    - KVM: nVMX: Emulate NOPs in L2, and PAUSE if it's not intercepted
    - relayfs: fix out-of-bounds access in relay_file_read
    - writeback, cgroup: fix null-ptr-deref write in bdi_split_work_to_wbs
    - ksmbd: call rcu_barrier() in ksmbd_server_exit()
    - ksmbd: fix NULL pointer dereference in smb2_get_info_filesystem()
    - ksmbd: fix memleak in session setup
    - i2c: omap: Fix standard mode false ACK readings
    - riscv: mm: remove redundant parameter of create_fdt_early_page_table
    - tracing: Fix permissions for the buffer_percent file
    - iommu/amd: Fix "Guest Virtual APIC Table Root Pointer" configuration in IRTE
    - ubifs: Fix memleak when insert_old_idx() failed
    - ubi: Fix return value overwrite issue in try_write_vid_and_data()
    - ubifs: Free memory for tmpfile name
    - xfs: don't consider future format versions valid
    - sound/oss/dmasound: fix build when drivers are mixed =y/=m
    - rcu: Fix missing TICK_DEP_MASK_RCU_EXP dependency check
    - selftests/resctrl: Return NULL if malloc_and_init_memory() did not alloc mem
    - selftests/resctrl: Extend CPU vendor detection
    - selftests/resctrl: Move ->setup() call outside of test specific branches
    - selftests/resctrl: Allow ->setup() to return errors
    - selftests/resctrl: Check for return value after write_schemata()
    - selinux: fix Makefile dependencies of flask.h
    - selinux: ensure av_permissions.h is built when needed
    - tpm, tpm_tis: Do not skip reset of original interrupt vector
    - tpm, tpm_tis: Claim locality before writing TPM_INT_ENABLE register
    - tpm, tpm_tis: Disable interrupts if tpm_tis_probe_irq() failed
    - tpm, tpm_tis: Claim locality before writing interrupt registers
    - tpm, tpm: Implement usage counter for locality
    - tpm, tpm_tis: Claim locality when interrupts are reenabled on resume
    - erofs: stop parsing non-compact HEAD index if clusterofs is invalid
    - erofs: fix potential overflow calculating xattr_isize
    - drm/rockchip: Drop unbalanced obj unref
    - drm/vgem: add missing mutex_destroy
    - drm/probe-helper: Cancel previous job before starting new one
    - tools/x86/kcpuid: Fix avx512bw and avx512lvl fields in Fn00000007
    - soc: ti: pm33xx: Fix refcount leak in am33xx_pm_probe
    - arm64: dts: renesas: r8a77990: Remove bogus voltages from OPP table
    - arm64: dts: renesas: r8a774c0: Remove bogus voltages from OPP table
    - drm/msm/disp/dpu: check for crtc enable rather than crtc active to release
      shared resources
    - EDAC/skx: Fix overflows on the DRAM row address mapping arrays
    - regulator: core: Shorten off-on-delay-us for always-on/boot-on by time since
      booted
    -

  linux-aws-5.15 (5.15.0-1040.45~20.04.1) focal; urgency=medium

  * focal/linux-aws-5.15: 5.15.0-1040.45~20.04.1 -proposed tracker
    (LP: #2026406)

  [ Ubuntu: 5.15.0-1040.45 ]

  * jammy/linux-aws: 5.15.0-1040.45 -proposed tracker (LP: #2026407)
  * jammy/linux: 5.15.0-78.85 -proposed tracker (LP: #2026448)
  * CVE-2023-35001
    - netfilter: nf_tables: prevent OOB access in nft_byteorder_eval
  * CVE-2023-31248
    - netfilter: nf_tables: do not ignore genmask when looking up chain by id
  * CVE-2023-3389
    - io_uring: hold uring mutex around poll removal
  * CVE-2023-3439
    - mctp: Add refcounts to mctp_dev
    - mctp: Allow MCTP on tun devices
    - mctp: make __mctp_dev_get() take a refcount hold
    - mctp: defer the kfree of object mdev->addrs
  * CVE-2023-3390
    - netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE
  * CVE-2023-3090
    - ipvlan:Fix out-of-bounds caused by unclear skb->cb
  * Packaging resync (LP: #1786013)
    - [Packaging] resync update-dkms-versions helper