Package "linux-hwe-5.15"

  linux-hwe-5.15 (5.15.0-105.115~20.04.1) focal; urgency=medium

  * focal/linux-hwe-5.15: 5.15.0-105.115~20.04.1 -proposed tracker
    (LP: #2061483)

  [ Ubuntu: 5.15.0-105.115 ]

  * jammy/linux: 5.15.0-105.115 -proposed tracker (LP: #2061372)
  * Jammy update: v5.15.149 upstream stable release (LP: #2059014) // CIFS
    stopped working/is unstable with kernel update to 5.15.0-102.112
    (LP: #2060780)
    - smb3: Replace smb2pdu 1-element arrays with flex-arrays

  linux-hwe-5.15 (5.15.0-102.112~20.04.1) focal; urgency=medium

  * focal/linux-hwe-5.15: 5.15.0-102.112~20.04.1 -proposed tracker
    (LP: #2055630)

  * Packaging resync (LP: #1786013)
    - [Packaging] drop ABI data
    - debian.hwe-5.15/dkms-versions -- update from kernel-versions
      (main/2024.03.04)

  [ Ubuntu: 5.15.0-102.112 ]

  * jammy/linux: 5.15.0-102.112 -proposed tracker (LP: #2055632)
  * Drop ABI checks from kernel build (LP: #2055686)
    - [Packaging] Remove in-tree abi checks
    - [Packaging] Drop abi checks from final-checks
  * Packaging resync (LP: #1786013)
    - [Packaging] drop ABI data
    - [Packaging] update annotations scripts
    - debian.master/dkms-versions -- update from kernel-versions (main/2024.03.04)
  * block/loop: No longer allows to create partitions (LP: #2056143)
    - block, loop: support partitions without scanning
  * Cranky update-dkms-versions rollout (LP: #2055685)
    - [Packaging] remove update-dkms-versions
    - Move debian/dkms-versions to debian.master/dkms-versions
    - [Packaging] Replace debian/dkms-versions with $(DEBIAN)/dkms-versions
    - [Packaging] remove update-version-dkms
  * linux: please move erofs.ko (CONFIG_EROFS for EROFS support) from linux-
    modules-extra to linux-modules (LP: #2054809)
    - UBUNTU [Packaging]: Include erofs in linux-modules instead of linux-modules-
      extra
  * linux-tools-common: man page of usbip[d] is misplaced (LP: #2054094)
    - [Packaging] rules: Put usbip manpages in the correct directory
  * CVE-2024-23851
    - dm ioctl: log an error if the ioctl structure is corrupted
    - dm: limit the number of targets and parameter size area
  * CVE-2024-23850
    - btrfs: do not ASSERT() if the newly created subvolume already got read
  * x86: performance: tsc: Extend watchdog check exemption to 4-Sockets platform
    (LP: #2054699)
    - x86/tsc: Extend watchdog check exemption to 4-Sockets platform
  * linux: please move dmi-sysfs.ko (CONFIG_DMI_SYSFS for SMBIOS support) from
    linux-modules-extra to linux-modules (LP: #2045561)
    - [Packaging] Move dmi-sysfs.ko into linux-modules
  * Fix bpf selftests build failure after v5.15.139 update (LP: #2054567)
    - Revert "selftests/bpf: Test tail call counting with bpf2bpf and data on
      stack"
  * Jammy update: v5.15.148 upstream stable release (LP: #2055145)
    - f2fs: explicitly null-terminate the xattr list
    - pinctrl: lochnagar: Don't build on MIPS
    - ALSA: hda - Fix speaker and headset mic pin config for CHUWI CoreBook XPro
    - mptcp: fix uninit-value in mptcp_incoming_options
    - wifi: cfg80211: lock wiphy mutex for rfkill poll
    - debugfs: fix automount d_fsdata usage
    - drm/amdgpu: Fix cat debugfs amdgpu_regs_didt causes kernel null pointer
    - nvme-core: check for too small lba shift
    - ASoC: wm8974: Correct boost mixer inputs
    - ASoC: Intel: Skylake: Fix mem leak in few functions
    - ASoC: nau8822: Fix incorrect type in assignment and cast to restricted
      __be16
    - ASoC: Intel: Skylake: mem leak in skl register function
    - ASoC: cs43130: Fix the position of const qualifier
    - ASoC: cs43130: Fix incorrect frame delay configuration
    - ASoC: rt5650: add mutex to avoid the jack detection failure
    - nouveau/tu102: flush all pdbs on vmm flush
    - net/tg3: fix race condition in tg3_reset_task()
    - ASoC: da7219: Support low DC impedance headset
    - ASoC: ops: add correct range check for limiting volume
    - nvme: introduce helper function to get ctrl state
    - drm/amdgpu: Add NULL checks for function pointers
    - drm/exynos: fix a potential error pointer dereference
    - drm/exynos: fix a wrong error checking
    - hwmon: (corsair-psu) Fix probe when built-in
    - clk: rockchip: rk3128: Fix HCLK_OTG gate register
    - jbd2: correct the printing of write_flags in jbd2_write_superblock()
    - drm/crtc: Fix uninit-value bug in drm_mode_setcrtc
    - neighbour: Don't let neigh_forced_gc() disable preemption for long
    - platform/x86: intel-vbtn: Fix missing tablet-mode-switch events
    - jbd2: fix soft lockup in journal_finish_inode_data_buffers()
    - tracing: Have large events show up as '[LINE TOO BIG]' instead of nothing
    - tracing: Add size check when printing trace_marker output
    - stmmac: dwmac-loongson: drop useless check for compatible fallback
    - MIPS: dts: loongson: drop incorrect dwmac fallback compatible
    - tracing: Fix uaf issue when open the hist or hist_debug file
    - ring-buffer: Do not record in NMI if the arch does not support cmpxchg in
      NMI
    - reset: hisilicon: hi6220: fix Wvoid-pointer-to-enum-cast warning
    - Input: atkbd - skip ATKBD_CMD_GETID in translated mode
    - Input: i8042 - add nomux quirk for Acer P459-G2-M
    - s390/scm: fix virtual vs physical address confusion
    - ARC: fix spare error
    - wifi: iwlwifi: pcie: avoid a NULL pointer dereference
    - Input: xpad - add Razer Wolverine V2 support
    - ASoC: Intel: bytcr_rt5640: Add quirk for the Medion Lifetab S10346
    - i2c: rk3x: fix potential spinlock recursion on poll
    - net: qrtr: ns: Return 0 if server port is not present
    - ARM: sun9i: smp: fix return code check of of_property_match_string
    - drm/crtc: fix uninitialized variable use
    - ACPI: resource: Add another DMI match for the TongFang GMxXGxx
    - Revert "ASoC: atmel: Remove system clock tree configuration for
      at91sam9g20ek"
    - bpf: Add --skip_encoding_btf_inconsistent_proto, --btf_gen_optimized to
      pahole flags for v1.25
    - kprobes: Fix to handle forcibly unoptimized kprobes on freeing_list
    - Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d"
    - binder: use EPOLLERR from eventpoll.h
    - binder: fix use-after-free in shinker's callback
    - binder: fix trivial typo of binder_free_buf_locked()
    - binder: fix comment on binder_alloc_new_buf() return value
    - uio: Fix use-after-free in uio_open
    - parport: parport_serial: Add Brainboxes BAR

  linux-hwe-5.15 (5.15.0-101.111~20.04.1) focal; urgency=medium

  * focal/linux-hwe-5.15: 5.15.0-101.111~20.04.1 -proposed tracker
    (LP: #2056024)

  [ Ubuntu: 5.15.0-101.111 ]

  * jammy/linux: 5.15.0-101.111 -proposed tracker (LP: #2056026)
  * Packaging resync (LP: #1786013)
    - [Packaging] update annotations scripts
    - debian/dkms-versions -- update from kernel-versions (main/s2024.02.05)
  * CVE-2024-24855
    - scsi: lpfc: Fix a possible data race in lpfc_unregister_fcf_rescan()
  * CVE-2024-1086
    - netfilter: nf_tables: reject QUEUE/DROP verdict parameters
  * CVE-2024-1085
    - netfilter: nf_tables: check if catch-all set element is active in next
      generation
  * CVE-2023-32247
    - ksmbd: destroy expired sessions
  * CVE-2023-23000
    - phy: tegra: xusb: Fix return value of tegra_xusb_find_port_node function

 -- Stefan Bader <email address hidden> Mon, 11 Mar 2024 15:53:54 +0100

  linux-hwe-5.15 (5.15.0-100.110~20.04.1) focal; urgency=medium

  * focal/linux-hwe-5.15: 5.15.0-100.110~20.04.1 -proposed tracker
    (LP: #2052087)

  [ Ubuntu: 5.15.0-100.110 ]

  * jammy/linux: 5.15.0-100.110 -proposed tracker (LP: #2052616)
  * i915 regression introduced with 5.5 kernel (LP: #2044131)
    - drm/i915: Skip some timing checks on BXT/GLK DSI transcoders
  * Audio balancing setting doesn't work with the cirrus codec (LP: #2051050)
    - ALSA: hda/cs8409: Suppress vmaster control for Dolphin models
  * partproke is broken on empty loopback device (LP: #2049689)
    - block: Move checking GENHD_FL_NO_PART to bdev_add_partition()
  * CVE-2023-0340
    - vhost: use kzalloc() instead of kmalloc() followed by memset()
  * CVE-2023-51780
    - atm: Fix Use-After-Free in do_vcc_ioctl
  * CVE-2023-6915
    - ida: Fix crash in ida_free when the bitmap is empty
  * CVE-2024-0646
    - net: tls, update curr on splice as well
  * CVE-2024-0565
    - smb: client: fix OOB in receive_encrypted_standard()
  * CVE-2023-51781
    - appletalk: Fix Use-After-Free in atalk_ioctl
  * Jammy update: v5.15.143 upstream stable release (LP: #2050858)
    - vdpa/mlx5: preserve CVQ vringh index
    - hrtimers: Push pending hrtimers away from outgoing CPU earlier
    - i2c: designware: Fix corrupted memory seen in the ISR
    - netfilter: ipset: fix race condition between swap/destroy and kernel side
      add/del/test
    - tg3: Move the [rt]x_dropped counters to tg3_napi
    - tg3: Increment tx_dropped in tg3_tso_bug()
    - kconfig: fix memory leak from range properties
    - drm/amdgpu: correct chunk_ptr to a pointer to chunk.
    - platform/x86: asus-wmi: Adjust tablet/lidflip handling to use enum
    - platform/x86: asus-wmi: Add support for ROG X13 tablet mode
    - platform/x86: asus-wmi: Simplify tablet-mode-switch probing
    - platform/x86: asus-wmi: Simplify tablet-mode-switch handling
    - platform/x86: asus-wmi: Move i8042 filter install to shared asus-wmi code
    - of: dynamic: Fix of_reconfig_get_state_change() return value documentation
    - platform/x86: wmi: Allow duplicate GUIDs for drivers that use struct
      wmi_driver
    - platform/x86: wmi: Skip blocks with zero instances
    - ipv6: fix potential NULL deref in fib6_add()
    - octeontx2-pf: Add missing mutex lock in otx2_get_pauseparam
    - octeontx2-af: Check return value of nix_get_nixlf before using nixlf
    - hv_netvsc: rndis_filter needs to select NLS
    - r8152: Rename RTL8152_UNPLUG to RTL8152_INACCESSIBLE
    - r8152: Add RTL8152_INACCESSIBLE checks to more loops
    - r8152: Add RTL8152_INACCESSIBLE to r8156b_wait_loading_flash()
    - r8152: Add RTL8152_INACCESSIBLE to r8153_pre_firmware_1()
    - r8152: Add RTL8152_INACCESSIBLE to r8153_aldps_en()
    - mlxbf-bootctl: correctly identify secure boot with development keys
    - platform/mellanox: Add null pointer checks for devm_kasprintf()
    - platform/mellanox: Check devm_hwmon_device_register_with_groups() return
      value
    - arcnet: restoring support for multiple Sohard Arcnet cards
    - net: stmmac: fix FPE events losing
    - octeontx2-af: fix a use-after-free in rvu_npa_register_reporters
    - i40e: Fix unexpected MFS warning message
    - net: bnxt: fix a potential use-after-free in bnxt_init_tc
    - ionic: fix snprintf format length warning
    - ionic: Fix dim work handling in split interrupt mode
    - ipv4: ip_gre: Avoid skb_pull() failure in ipgre_xmit()
    - net: hns: fix fake link up on xge port
    - octeontx2-af: Update Tx link register range
    - netfilter: nf_tables: validate family when identifying table via handle
    - netfilter: xt_owner: Fix for unsafe access of sk->sk_socket
    - tcp: do not accept ACK of bytes we never sent
    - bpf: sockmap, updating the sg structure should also update curr
    - psample: Require 'CAP_NET_ADMIN' when joining "packets" group
    - net: add missing kdoc for struct genl_multicast_group::flags
    - drop_monitor: Require 'CAP_SYS_ADMIN' when joining "events" group
    - tee: optee: Fix supplicant based device enumeration
    - RDMA/hns: Fix unnecessary err return when using invalid congest control
      algorithm
    - RDMA/irdma: Do not modify to SQD on error
    - RDMA/irdma: Add wait for suspend on SQD
    - arm64: dts: rockchip: Expand reg size of vdec node for RK3399
    - RDMA/rtrs-srv: Do not unconditionally enable irq
    - RDMA/rtrs-clt: Start hb after path_up
    - RDMA/rtrs-srv: Check return values while processing info request
    - RDMA/rtrs-srv: Free srv_mr iu only when always_invalidate is true
    - RDMA/rtrs-srv: Destroy path files after making sure no IOs in-flight
    - RDMA/rtrs-clt: Fix the max_send_wr setting
    - RDMA/rtrs-clt: Remove the warnings for req in_use check
    - RDMA/bnxt_re: Correct module description string
    - hwmon: (acpi_power_meter) Fix 4.29 MW bug
    - hwmon: (nzxt-kraken2) Fix error handling path in kraken2_probe()
    - ASoC: wm_adsp: fix memleak in wm_adsp_buffer_populate
    - RDMA/core: Fix umem iterator when PAGE_SIZE is greater then HCA pgsz
    - RDMA/irdma: Avoid free the non-cqp_request scratch
    - arm64: dts: imx8mq: drop usb3-resume-missing-cas from usb
    - arm64: dts: imx8mp: imx8mq: Add parkmode-disable-ss-quirk on DWC3
    - ARM: dts: imx6ul-pico: Describe the Ethernet PHY clock
    - tracing: Fix a warning when allocating buffered events fails
    - scsi: be2iscsi: Fix a memleak in beiscsi_init_wrb_handle()
    - ARM: imx: Check return value of devm_kasprintf in imx_mmdc_perf_init
    - ARM: dts: imx7: Declare timers compatible with fsl,imx6dl-gpt
    - ARM: dts: imx28-xea: Pass the 'model' property
    - riscv: fix misaligned access handling of C.SWSP and C.SDSP
    - md: introduce md_ro_state
    - md: don't leave 'MD_RECOVERY_FROZEN' in error path of md_set_readonly()
    - kprobes: consistent rcu api usage for kretprobe holder
    - nvme-pci: Add sleep quirk for Kingston drives
    - io_uring: fix mutex_unlock with

  linux-hwe-5.15 (5.15.0-97.107~20.04.1) focal; urgency=medium

  * focal/linux-hwe-5.15: 5.15.0-97.107~20.04.1 -proposed tracker (LP: #2052264)

  [ Ubuntu: 5.15.0-97.107 ]

  * jammy/linux: 5.15.0-97.107 -proposed tracker (LP: #2052600)
  * Packaging resync (LP: #1786013)
    - [Packaging] update annotations scripts
  * partproke is broken on empty loopback device (LP: #2049689)
    - block: Move checking GENHD_FL_NO_PART to bdev_add_partition()
  * CVE-2023-51781
    - appletalk: Fix Use-After-Free in atalk_ioctl
  * CVE-2023-51780
    - atm: Fix Use-After-Free in do_vcc_ioctl
  * CVE-2023-6915
    - ida: Fix crash in ida_free when the bitmap is empty
  * CVE-2024-0565
    - smb: client: fix OOB in receive_encrypted_standard()
  * CVE-2024-0646
    - net: tls, update curr on splice as well

 -- Stefan Bader <email address hidden> Fri, 09 Feb 2024 14:28:18 +0100