Package "linux-azure-6.2"

  linux-azure-6.2 (6.2.0-1014.14~22.04.1) jammy; urgency=medium

  * jammy/linux-azure-6.2: 6.2.0-1014.14~22.04.1 -proposed tracker
    (LP: #2035365)

  [ Ubuntu: 6.2.0-1014.14 ]

  * lunar/linux-azure: 6.2.0-1014.14 -proposed tracker (LP: #2035366)
  * TDX azure instances crash during boot because of glibc bug (LP: #2011421)
    - Revert "UBUNTU: SAUCE: TDX: Work around the segfault issue in glibc 2.35 in
      Ubuntu 22.04."

  linux-azure-6.2 (6.2.0-1012.12~22.04.1) jammy; urgency=medium

  * jammy/linux-azure-6.2: 6.2.0-1012.12~22.04.1 -proposed tracker
    (LP: #2034143)

  [ Ubuntu: 6.2.0-1012.12 ]

  * lunar/linux-azure: 6.2.0-1012.12 -proposed tracker (LP: #2034144)
  * lunar/linux: 6.2.0-33.33 -proposed tracker (LP: #2034158)
  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts
  * CVE-2023-21264
    - KVM: arm64: Prevent unconditional donation of unmapped regions from the host
  * CVE-2023-4569
    - netfilter: nf_tables: deactivate catchall elements in next generation
  * CVE-2023-40283
    - Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb
  * CVE-2023-20588
    - x86/bugs: Increase the x86 bugs vector size to two u32s
    - x86/CPU/AMD: Do not leak quotient data after a division by 0
    - x86/CPU/AMD: Fix the DIV(0) initial fix attempt
  * CVE-2023-4128
    - net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-
      free
    - net/sched: cls_fw: No longer copy tcf_result on update to avoid use-after-
      free
    - net/sched: cls_route: No longer copy tcf_result on update to avoid use-
      after-free

  linux-azure-6.2 (6.2.0-1011.11~22.04.1) jammy; urgency=medium

  * jammy/linux-azure-6.2: 6.2.0-1011.11~22.04.1 -proposed tracker
    (LP: #2030367)

  [ Ubuntu: 6.2.0-1011.11 ]

  * lunar/linux-azure: 6.2.0-1011.11 -proposed tracker (LP: #2030368)
  * Case [Azure][TDX] TDX Updated Patch set w/HCL (LP: #2028286)
    - SAUCE: clocksource: hyper-v: Use InvariantTSC and enable TSC page for TDX VM
      (WIP)
    - SAUCE: Support TDX+HCL (July 9, 2023)
    - x86/hyperv: Fix hyperv_pcpu_input_arg handling when CPUs go online/offline
    - SAUCE: Drivers: hv: vmbus: support >64 VPs for a TDX VM without the
      pavavisor
    - SAUCE: Fix building ARM64
  * lunar/linux: 6.2.0-32.32 -proposed tracker (LP: #2031134)
  * libgnutls report "trap invalid opcode" when trying to install packages over
    https (LP: #2031093)
    - [Config]: disable CONFIG_GDS_FORCE_MITIGATION
  * lunar/linux: 6.2.0-30.30 -proposed tracker (LP: #2030381)
  * CVE-2022-40982
    - init: Provide arch_cpu_finalize_init()
    - x86/cpu: Switch to arch_cpu_finalize_init()
    - ARM: cpu: Switch to arch_cpu_finalize_init()
    - ia64/cpu: Switch to arch_cpu_finalize_init()
    - m68k/cpu: Switch to arch_cpu_finalize_init()
    - mips/cpu: Switch to arch_cpu_finalize_init()
    - sh/cpu: Switch to arch_cpu_finalize_init()
    - sparc/cpu: Switch to arch_cpu_finalize_init()
    - um/cpu: Switch to arch_cpu_finalize_init()
    - init: Remove check_bugs() leftovers
    - init: Invoke arch_cpu_finalize_init() earlier
    - init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init()
    - x86/init: Initialize signal frame size late
    - x86/fpu: Remove cpuinfo argument from init functions
    - x86/fpu: Mark init functions __init
    - x86/fpu: Move FPU initialization into arch_cpu_finalize_init()
    - x86/mem_encrypt: Unbreak the AMD_MEM_ENCRYPT=n build
    - x86/xen: Fix secondary processors' FPU initialization
    - x86/speculation: Add Gather Data Sampling mitigation
    - x86/speculation: Add force option to GDS mitigation
    - x86/speculation: Add Kconfig option for GDS
    - KVM: Add GDS_NO support to KVM
    - Documentation/x86: Fix backwards on/off logic about YMM support
    - [Config]: Enable CONFIG_ARCH_HAS_CPU_FINALIZE_INIT and
      CONFIG_GDS_FORCE_MITIGATION
  * CVE-2023-4015
    - netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound
      set/chain
    - netfilter: nf_tables: unbind non-anonymous set if rule construction fails
    - netfilter: nf_tables: skip immediate deactivate in _PREPARE_ERROR
  * CVE-2023-3995
    - netfilter: nf_tables: disallow rule addition to bound chain via
      NFTA_RULE_CHAIN_ID
  * CVE-2023-3777
    - netfilter: nf_tables: skip bound chain on rule flush
  * CVE-2023-3609
    - net/sched: cls_u32: Fix reference counter leak leading to overflow
  * NULL pointer dereference on CS35L41 HDA AMP (LP: #2029199)
    - ASoC: cs35l41: Refactor error release code
    - ALSA: cs35l41: Add shared boost feature
    - ASoC: dt-bindings: cirrus, cs35l41: Document CS35l41 shared boost
    - ALSA: hda: cs35l41: Ensure firmware/tuning pairs are always loaded
    - ALSA: hda: cs35l41: Enable Amp High Pass Filter
    - ALSA: cs35l41: Use mbox command to enable speaker output for external boost
    - ALSA: cs35l41: Poll for Power Up/Down rather than waiting a fixed delay
    - ALSA: hda: cs35l41: Check mailbox status of pause command after firmware
      load
    - ALSA: hda: cs35l41: Ensure we correctly re-sync regmap before system
      suspending.
    - ALSA: hda: cs35l41: Ensure we pass up any errors during system suspend.
    - ALSA: hda: cs35l41: Move Play and Pause into separate functions
    - ALSA: hda: hda_component: Add pre and post playback hooks to hda_component
    - ALSA: hda: cs35l41: Use pre and post playback hooks
    - ALSA: hda: cs35l41: Rework System Suspend to ensure correct call separation
    - ALSA: hda: cs35l41: Add device_link between HDA and cs35l41_hda
    - ALSA: hda: cs35l41: Ensure amp is only unmuted during playback
  * Reboot command powers off the system (LP: #2029332)
    - x86/smp: Make stop_other_cpus() more robust
    - x86/smp: Dont access non-existing CPUID leaf
  * losetup with mknod fails on jammy with kernel 5.15.0-69-generic
    (LP: #2015400)
    - loop: deprecate autoloading callback loop_probe()
    - loop: do not enforce max_loop hard limit by (new) default
  * Fix UBSAN in Intel EDAC driver (LP: #2028746)
    - EDAC/skx_common: Enable EDAC support for the "near" memory
    - EDAC/skx_common: Delete duplicated and unreachable code
    - EDAC/i10nm: Add Intel Emerald Rapids server support
    - EDAC/i10nm: Make more configurations CPU model specific
    - EDAC/i10nm: Add Intel Granite Rapids server support
    - EDAC/i10nm: Skip the absent memory controllers
  * Make TTY switching possible for NVIDIA when it's boot VGA (LP: #2028749)
    - drm/gma500: Use drm_aperture_remove_conflicting_pci_framebuffers
    - video/aperture: use generic code to figure out the vga default device
    - drm/aperture: Remove primary argument
    - video/aperture: Only kick vgacon when the pdev is decoding vga
    - video/aperture: Move vga handling to pci function
    - video/aperture: Drop primary argument
    - video/aperture: Only remove sysfb on the default vga pci device
    - fbdev: Simplify fb_is_primary_device for x86
    - video/aperture: Provide a VGA helper for gma500 and internal use
  * Fix AMD gpu hang when screen off/on (LP: #2028740)
    - drm/amd/display: Keep PHY active for dp config
  * Various backlight issues with the 6.0/6.1 kernel (LP: #2023638)
    - ACPI: video: Stop trying to use vendor backlight control on laptops from
      after ~2012
  * FM350(mtk_t7xx) failed to suspend, or early wake while suspending
    (LP: #2020743)
    - net: wwan: t7xx: Ensure init is completed before system sleep
  * Include the MAC address pass through function on RTL8153DD-CG (LP: #2020295)
    - r8152: add USB device driver for config selectio

  linux-azure-6.2 (6.2.0-1009.9~22.04.3) jammy; urgency=medium

  * jammy/linux-azure-6.2: 6.2.0-1009.9~22.04.3 -proposed tracker (LP: #2029294)

  * Packaging resync (LP: #1786013)
    - [Packaging] resync update-dkms-versions helper
    - [Packaging] update variants

  linux-azure-6.2 (6.2.0-1008.8~22.04.1) jammy; urgency=medium

  * jammy/linux-azure-6.2: 6.2.0-1008.8~22.04.1 -proposed tracker (LP: #2026740)

  [ Ubuntu: 6.2.0-1008.8 ]

  * lunar/linux-azure: 6.2.0-1008.8 -proposed tracker (LP: #2026741)
  * Azure: MANA: Fix doorbell access for receives (LP: #2027615)
    - SAUCE: net: mana: Batch ringing RX queue doorbell on receiving packets
    - SAUCE: net: mana: Use the correct WQE count for ringing RQ doorbell
  * lunar/linux: 6.2.0-26.26 -proposed tracker (LP: #2026753)
  * CVE-2023-2640 // CVE-2023-32629
    - Revert "UBUNTU: SAUCE: overlayfs: handle idmapped mounts in
      ovl_do_(set|remove)xattr"
    - Revert "UBUNTU: SAUCE: overlayfs: Skip permission checking for
      trusted.overlayfs.* xattrs"
    - SAUCE: overlayfs: default to userxattr when mounted from non initial user
      namespace
  * CVE-2023-35001
    - netfilter: nf_tables: prevent OOB access in nft_byteorder_eval
  * CVE-2023-31248
    - netfilter: nf_tables: do not ignore genmask when looking up chain by id
  * CVE-2023-3389
    - io_uring/poll: serialize poll linked timer start with poll removal
  * CVE-2023-3390
    - netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE
  * CVE-2023-3090
    - ipvlan:Fix out-of-bounds caused by unclear skb->cb
  * CVE-2023-3269
    - mm: introduce new 'lock_mm_and_find_vma()' page fault helper
    - mm: make the page fault mmap locking killable
    - arm64/mm: Convert to using lock_mm_and_find_vma()
    - powerpc/mm: Convert to using lock_mm_and_find_vma()
    - mips/mm: Convert to using lock_mm_and_find_vma()
    - riscv/mm: Convert to using lock_mm_and_find_vma()
    - arm/mm: Convert to using lock_mm_and_find_vma()
    - mm/fault: convert remaining simple cases to lock_mm_and_find_vma()
    - powerpc/mm: convert coprocessor fault to lock_mm_and_find_vma()
    - mm: make find_extend_vma() fail if write lock not held
    - execve: expand new process stack manually ahead of time
    - mm: always expand the stack with the mmap write lock held
    - [CONFIG]: Set CONFIG_LOCK_MM_AND_FIND_VMA