Package "linux-nvidia-tegra-5.15"

  linux-nvidia-tegra-5.15 (5.15.0-1019.19~20.04.1) focal; urgency=medium

  * focal/linux-nvidia-tegra-5.15: 5.15.0-1019.19~20.04.1 -proposed tracker
    (LP: #2041993)

  * CVE-2023-42755
    - [Config] linux-nvidia-tegra-5.15: NET_CLS_RSVP and NET_CLS_RSVP6

  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log
    - [Packaging] update helper scripts

  [ Ubuntu: 5.15.0-1019.19 ]

  * jammy/linux-nvidia-tegra: 5.15.0-1019.19 -proposed tracker (LP: #2041991)
  * NVIDIA pull requests 1017-001v3 (LP: #2034622)
    - NVIDIA: SAUCE: thermal: tegra-bpmp: Check if BPMP supports trip points
    - NVIDIA: SAUCE: simplefb: add support to parse fb-memory from DT
    - NVIDIA: SAUCE: memory: tegra: Add bpmp_id and type for nvdla
    - NVIDIA: SAUCE: memory: tegra: Add clients for VI in Tegra234
    - NVIDIA: SAUCE: mailbox: tegra-hsp: Add support for virtualization
    - NVIDIA: SAUCE: memory: tegra: Fix SID override
    - dma-buf: Update obsoluted comments on dma_buf_vmap/vunmap()
    - dma-buf-map: Rename to iosys-map
    - of: Move simple-framebuffer device handling from simplefb to of
    - iosys-map: Add offset to iosys_map_memcpy_to()
    - iosys-map: Add a few more helpers
    - NVIDIA: SAUCE: mtd: spi-nor: support for GD
    - NVIDIA: SAUCE: mmc: host: Apply post auto-tuning correction
    - NVIDIA: SAUCE: fs: eventpoll: Add smp_mb() before waitqueue_active
    - NVIDIA: SAUCE: crypto: tegra: Add Kconfig to support Tegra SE
    - drm/vgem: use shmem helpers
    - NVIDIA: SAUCE: dma-buf-map: Fix-up iosys-map integration
    - NVIDIA: SAUCE: arm64: configs: enable cifs
    - [Config] linux-nvidia-tegra: set CONFIG_CRYPTO_DEV_TEGRA=m
  * CVE-2023-42755
    - [Config] remove NET_CLS_RSVP and NET_CLS_RSVP6
  * jammy/linux-realtime: 5.15.0-1050.56 -proposed tracker (LP: #2038035)
  * jammy/linux: 5.15.0-88.98 -proposed tracker (LP: #2038055)
  * CVE-2023-4244
    - netfilter: nf_tables: don't skip expired elements during walk
    - netfilter: nf_tables: adapt set backend to use GC transaction API
    - netfilter: nft_set_hash: mark set element as dead when deleting from packet
      path
    - netfilter: nf_tables: GC transaction API to avoid race with control plane
    - netfilter: nf_tables: remove busy mark and gc batch API
    - netfilter: nf_tables: don't fail inserts if duplicate has expired
    - netfilter: nf_tables: fix kdoc warnings after gc rework
    - netfilter: nf_tables: fix GC transaction races with netns and netlink event
      exit path
    - netfilter: nf_tables: GC transaction race with netns dismantle
    - netfilter: nf_tables: GC transaction race with abort path
    - netfilter: nf_tables: use correct lock to protect gc_list
    - netfilter: nf_tables: defer gc run if previous batch is still pending
    - netfilter: nft_dynset: disallow object maps
    - netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction
  * CVE-2023-42756
    - netfilter: ipset: Fix race between IPSET_CMD_CREATE and IPSET_CMD_SWAP
  * CVE-2023-4623
    - net/sched: sch_hfsc: Ensure inner classes have fsc curve
  * PCI BARs larger than 128GB are disabled (LP: #2037403)
    - PCI: Support BAR sizes up to 8TB
  * Fix unstable audio at low levels on Thinkpad P1G4 (LP: #2037077)
    - ALSA: hda/realtek - ALC287 I2S speaker platform support
  * Check for changes relevant for security certifications (LP: #1945989)
    - [Packaging] Add a new fips-checks script
  * Jammy update: v5.15.126 upstream stable release (LP: #2037593)
    - io_uring: gate iowait schedule on having pending requests
    - perf: Fix function pointer case
    - net/mlx5: Free irqs only on shutdown callback
    - arm64: errata: Add workaround for TSB flush failures
    - arm64: errata: Add detection for TRBE write to out-of-range
    - [Config] updateconfigs for ARM64_ERRATUM_ and
      ARM64_WORKAROUND_TSB_FLUSH_FAILURE
    - iommu/arm-smmu-v3: Work around MMU-600 erratum 1076982
    - iommu/arm-smmu-v3: Document MMU-700 erratum 2812531
    - iommu/arm-smmu-v3: Add explicit feature for nesting
    - iommu/arm-smmu-v3: Document nesting-related errata
    - arm64: dts: imx8mn-var-som: add missing pull-up for onboard PHY reset pinmux
    - word-at-a-time: use the same return type for has_zero regardless of
      endianness
    - KVM: s390: fix sthyi error handling
    - wifi: cfg80211: Fix return value in scan logic
    - net/mlx5: DR, fix memory leak in mlx5dr_cmd_create_reformat_ctx
    - net/mlx5e: fix return value check in mlx5e_ipsec_remove_trailer()
    - bpf: Add length check for SK_DIAG_BPF_STORAGE_REQ_MAP_FD parsing
    - rtnetlink: let rtnl_bridge_setlink checks IFLA_BRIDGE_MODE length
    - net: dsa: fix value check in bcm_sf2_sw_probe()
    - perf test uprobe_from_different_cu: Skip if there is no gcc
    - net: sched: cls_u32: Fix match key mis-addressing
    - mISDN: hfcpci: Fix potential deadlock on &hc->lock
    - qed: Fix kernel-doc warnings
    - qed: Fix scheduling in a tasklet while getting stats
    - net: annotate data-races around sk->sk_max_pacing_rate
    - net: add missing READ_ONCE(sk->sk_rcvlowat) annotation
    - net: add missing READ_ONCE(sk->sk_sndbuf) annotation
    - net: add missing READ_ONCE(sk->sk_rcvbuf) annotation
    - net: add missing data-race annotations around sk->sk_peek_off
    - net: add missing data-race annotation for sk_ll_usec
    - net/sched: taprio: Limit TCA_TAPRIO_ATTR_SCHED_CYCLE_TIME to INT_MAX.
    - bpf, cpumap: Handle skb as well when clean up ptr_ring
    - bpf: sockmap: Remove preempt_disable in sock_map_sk_acquire
    - net: ll_temac: Switch to use dev_err_probe() helper
    - net: ll_temac: fix error checking of irq_of_parse_and_map()
    - net: korina: handle clk prepare error in korina_probe()
    - net: netsec: Ignore 'phy-mode' on SynQuacer in DT mode
    - net: dcb: choose correct policy to parse DCB_ATTR_BCN
    - s390/qeth: Don't call dev_close/dev_open (DOWN/UP)
    - ip6mr: Fix skb_under_panic in ip6mr_ca

  linux-nvidia-tegra-5.15 (5.15.0-1018.18~20.04.1) focal; urgency=medium

  * focal/linux-nvidia-tegra-5.15: 5.15.0-1018.18~20.04.1 -proposed tracker
    (LP: #2038682)

  * Jammy update: v5.15.117 upstream stable release (LP: #2030107)
    - [Config] nvidia-tegra-5.15: remove BLK_DEV_SX8 modules

  * Jammy update: v5.15.118 upstream stable release (LP: #2030239)
    - [Config] nvidia-tegra-5.15: remove DECNET modules

  * Please enable Renesas RZ platform serial installer (LP: #2022361)
    - [Config] nvidia-tegra-5.15: remove sh-sci modules

  [ Ubuntu: 5.15.0-1018.18 ]

  * jammy/linux-nvidia-tegra: 5.15.0-1018.18 -proposed tracker (LP: #2038680)
  * Packaging resync (LP: #1786013)
    - debian/dkms-versions -- update from kernel-versions (main/d2023.09.14)
  * Jammy update: v5.15.117 upstream stable release (LP: #2030107)
    - [Config] updateconfigs for BLK_DEV_SX8
  * Jammy update: v5.15.118 upstream stable release (LP: #2030239)
    - [Config] updateconfigs for DECNET
  * Please enable Renesas RZ platform serial installer (LP: #2022361)
    - [Config] Mark sh-sci as built-in
  * NVIDIA pull requests 1017-001v3 (LP: #2034622)
    - NVIDIA: SAUCE: driver: cpufreq: remove volatile as not needed
    - NVIDIA: SAUCE: config: Disable CONFIG_LOCALVERSION_AUTO
    - NVIDIA: SAUCE: code-owners: Populate OWNERS file
    - NVIDIA: SAUCE: mailbox: tegra-hsp: Add sm ops route_irq & set_irq
    - NVIDIA: SAUCE: arch: arm64: enable HDA_INTEL config
    - NVIDIA: SAUCE: spi: spi-tegra114: retain the spi mode
    - NVIDIA: SAUCE: arm64: config: Enable MTD_UBI
    - NVIDIA: SAUCE: s25fs: Add post-get-map-id fixup for S25FS512S
    - i2c: tegra: Fix i2c-tegra DMA config option processing
    - cpufreq: tegra194: add online/offline hooks
    - NVIDIA: SAUCE: Revert "i2c: tegra: Allocate DMA memory for DMA engine"
    - NVIDIA: SAUCE: arm64: configs: Enable BINFMT_MISC support
    - thermal: tegra-bpmp: Handle errors in BPMP response
    - thermal/drivers/tegra-bpmp: Handle offline zones
    - NVIDIA: SAUCE: arm64: config: recovery_chain: Enable KEXEC configs
    - NVIDIA: SAUCE: iommu: Don't reserve IOVA when address and size are zero
    - NVIDIA: SAUCE: memory: tegra: Add SID override on resume
    - [Config] linux-nvidia-tegra: integrate defconfig changes
  * jammy/linux-realtime: 5.15.0-1048.54 -proposed tracker (LP: #2036555)
  * jammy/linux: 5.15.0-86.96 -proposed tracker (LP: #2036575)
  * 5.15.0-85 live migration regression (LP: #2036675)
    - Revert "KVM: x86: Always enable legacy FP/SSE in allowed user XFEATURES"
    - Revert "x86/kvm/fpu: Limit guest user_xfeatures to supported bits of XCR0"
  * Regression for ubuntu_bpf test build on Jammy 5.15.0-85.95 (LP: #2035181)
    - selftests/bpf: fix static assert compilation issue for test_cls_*.c
  * `refcount_t: underflow; use-after-free.` on hidon w/ 5.15.0-85-generic
    (LP: #2034447)
    - crypto: rsa-pkcs1pad - Use helper to set reqsize
  * jammy/linux-realtime: 5.15.0-1047.53 -proposed tracker (LP: #2033801)
  * Jammy update: v5.15.117 upstream stable release (LP: #2030107)
    - [Config] updateconfigs for BLK_DEV_SX8
  * Jammy update: v5.15.118 upstream stable release (LP: #2030239)
    - [Config] updateconfigs for DECNET
  * Please enable Renesas RZ platform serial installer (LP: #2022361)
    - [Config] Mark sh-sci as built-in
  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts
  * jammy/linux: 5.15.0-85.95 -proposed tracker (LP: #2033821)
  * Please enable Renesas RZ platform serial installer (LP: #2022361)
    - [Config] enable hihope RZ/G2M serial console
    - [Config] Mark sh-sci as built-in
  * Request backport of xen timekeeping performance improvements (LP: #2033122)
    - x86/xen/time: prefer tsc as clocksource when it is invariant
  * kdump doesn't work with UEFI secure boot and kernel lockdown enabled on
    ARM64 (LP: #2033007)
    - [Config]: Enable CONFIG_KEXEC_IMAGE_VERIFY_SIG
    - kexec, KEYS: make the code in bzImage64_verify_sig generic
    - arm64: kexec_file: use more system keyrings to verify kernel image signature
  * ubuntu_kernel_selftests:net:vrf-xfrm-tests.sh: 8 failed test cases on
    jammy/fips (LP: #2019880)
    - selftests: net: vrf-xfrm-tests: change authentication and encryption algos
  * ubuntu_kernel_selftests:net:tls: 88 failed test cases on jammy/fips
    (LP: #2019868)
    - selftests/harness: allow tests to be skipped during setup
    - selftests: net: tls: check if FIPS mode is enabled
  * A general-proteciton exception during guest migration to unsupported PKRU
    machine (LP: #2032164, reverted)
    - x86/kvm/fpu: Limit guest user_xfeatures to supported bits of XCR0
    - KVM: x86: Always enable legacy FP/SSE in allowed user XFEATURES
  * CVE-2023-4569
    - netfilter: nf_tables: deactivate catchall elements in next generation
  * CVE-2023-20569
    - x86/cpu, kvm: Add support for CPUID_80000021_EAX
    - x86/srso: Add a Speculative RAS Overflow mitigation
    - x86/srso: Add IBPB_BRTYPE support
    - x86/srso: Add SRSO_NO support
    - x86/srso: Add IBPB
    - x86/srso: Add IBPB on VMEXIT
    - x86/srso: Fix return thunks in generated code
    - x86/srso: Tie SBPB bit setting to microcode patch detection
    - x86: fix backwards merge of GDS/SRSO bit
    - x86/srso: Fix build breakage with the LLVM linker
    - x86/cpu: Fix __x86_return_thunk symbol type
    - x86/cpu: Fix up srso_safe_ret() and __x86_return_thunk()
    - x86/alternative: Make custom return thunk unconditional
    - objtool: Add frame-pointer-specific function ignore
    - x86/ibt: Add ANNOTATE_NOENDBR
    - x86/cpu: Clean up SRSO return thunk mess
    - x86/cpu: Rename original retbleed methods
    - x86/cpu: Rename srso_(.*)_alias to srso_alias_\1
    - x86/cpu: Cleanup the untrain mess
    - x86/srso: Explain the untraining sequences a bit more
    - x86/static_call: Fix __static_call_fixup()
    - x86/retpoline: Don't clobber RFLAGS during srso_safe_ret()
    - x86/srso: Disable the mitigatio