Package "linux-oem-6.1"

  linux-oem-6.1 (6.1.0-1036.36) jammy; urgency=medium

  * jammy/linux-oem-6.1: 6.1.0-1036.36 -proposed tracker (LP: #2056027)

  * CVE-2023-6039
    - timers: Use del_timer_sync() even on UP
    - timers: Update kernel-doc for various functions
    - timers: Rename del_timer_sync() to timer_delete_sync()
    - timers: Rename del_timer() to timer_delete()
    - timers: Split [try_to_]del_timer[_sync]() to prepare for shutdown mode
    - timers: Add shutdown mechanism to the internal functions
    - timers: Provide timer_shutdown[_sync]()
    - net: usb: lan78xx: reorder cleanup operations to avoid UAF bugs

 -- Timo Aaltonen <email address hidden> Mon, 11 Mar 2024 17:31:52 +0200

  linux-oem-6.1 (6.1.0-1035.35) jammy; urgency=medium

  * jammy/linux-oem-6.1: 6.1.0-1035.35 -proposed tracker (LP: #2052090)

  * Jammy update: v6.1.78 upstream stable release (LP: #2054541)
    - ext4: regenerate buddy after block freeing failed if under fc replay
    - dmaengine: fsl-dpaa2-qdma: Fix the size of dma pools
    - dmaengine: ti: k3-udma: Report short packet errors
    - dmaengine: fsl-qdma: Fix a memory leak related to the status queue DMA
    - dmaengine: fsl-qdma: Fix a memory leak related to the queue command DMA
    - phy: renesas: rcar-gen3-usb2: Fix returning wrong error code
    - dmaengine: fix is_slave_direction() return false when DMA_DEV_TO_DEV
    - phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP
    - cifs: failure to add channel on iface should bump up weight
    - drm/msms/dp: fixed link clock divider bits be over written in BPC unknown
      case
    - drm/msm/dp: return correct Colorimetry for DP_TEST_DYNAMIC_RANGE_CEA case
    - drm/msm/dpu: check for valid hw_pp in dpu_encoder_helper_phys_cleanup
    - net: stmmac: xgmac: fix handling of DPP safety error for DMA channels
    - wifi: mac80211: fix waiting for beacons logic
    - netdevsim: avoid potential loop in nsim_dev_trap_report_work()
    - net: atlantic: Fix DMA mapping for PTP hwts ring
    - selftests: net: cut more slack for gro fwd tests.
    - selftests: net: avoid just another constant wait
    - tunnels: fix out of bounds access when building IPv6 PMTU error
    - atm: idt77252: fix a memleak in open_card_ubr0
    - octeontx2-pf: Fix a memleak otx2_sq_init
    - hwmon: (aspeed-pwm-tacho) mutex for tach reading
    - hwmon: (coretemp) Fix out-of-bounds memory access
    - hwmon: (coretemp) Fix bogus core_id to attr name mapping
    - inet: read sk->sk_family once in inet_recv_error()
    - drm/i915/gvt: Fix uninitialized variable in handle_mmio()
    - rxrpc: Fix response to PING RESPONSE ACKs to a dead call
    - tipc: Check the bearer type before calling tipc_udp_nl_bearer_add()
    - af_unix: Call kfree_skb() for dead unix_(sk)->oob_skb in GC.
    - ppp_async: limit MRU to 64K
    - selftests: cmsg_ipv6: repeat the exact packet
    - netfilter: nft_compat: narrow down revision to unsigned 8-bits
    - netfilter: nft_compat: reject unused compat flag
    - netfilter: nft_compat: restrict match/target protocol to u16
    - drm/amd/display: Implement bounds check for stream encoder creation in
      DCN301
    - netfilter: nft_ct: reject direction for ct id
    - netfilter: nft_set_pipapo: store index in scratch maps
    - netfilter: nft_set_pipapo: add helper to release pcpu scratch area
    - netfilter: nft_set_pipapo: remove scratch_aligned pointer
    - fs/ntfs3: Fix an NULL dereference bug
    - scsi: core: Move scsi_host_busy() out of host lock if it is for per-command
    - blk-iocost: Fix an UBSAN shift-out-of-bounds warning
    - fs: dlm: don't put dlm_local_addrs on heap
    - mtd: parsers: ofpart: add workaround for #size-cells 0
    - ALSA: usb-audio: Add delay quirk for MOTU M Series 2nd revision
    - ALSA: usb-audio: Add a quirk for Yamaha YIT-W12TX transmitter
    - ALSA: usb-audio: add quirk for RODE NT-USB+
    - USB: serial: qcserial: add new usb-id for Dell Wireless DW5826e
    - USB: serial: option: add Fibocom FM101-GL variant
    - USB: serial: cp210x: add ID for IMST iM871A-USB
    - usb: dwc3: host: Set XHCI_SG_TRB_CACHE_SIZE_QUIRK
    - usb: host: xhci-plat: Add support for XHCI_SG_TRB_CACHE_SIZE_QUIRK
    - hrtimer: Report offline hrtimer enqueue
    - Input: i8042 - fix strange behavior of touchpad on Clevo NS70PU
    - Input: atkbd - skip ATKBD_CMD_SETLEDS when skipping ATKBD_CMD_GETID
    - io_uring/net: fix sr->len for IORING_OP_RECV with MSG_WAITALL and buffers
    - Revert "ASoC: amd: Add new dmi entries for acp5x platform"
    - vhost: use kzalloc() instead of kmalloc() followed by memset()
    - RDMA/irdma: Fix support for 64k pages
    - f2fs: add helper to check compression level
    - block: treat poll queue enter similarly to timeouts
    - clocksource: Skip watchdog check for large watchdog intervals
    - net: stmmac: xgmac: use #define for string constants
    - ALSA: usb-audio: Sort quirk table entries
    - net: stmmac: xgmac: fix a typo of register name in DPP safety handling
    - netfilter: nft_set_rbtree: skip end interval element from gc
    - Linux 6.1.78
    - upstream stable to v6.1.78

  * There is sound from the speakers and headphones at the same time on Oasis 14
    and 16 platforms (LP: #2054487)
    - ALSA: hda/realtek: add IDs for Dell dual spk platform

  * Jammy update: v6.1.77 upstream stable release (LP: #2052631)
    - asm-generic: make sparse happy with odd-sized put_unaligned_*()
    - powerpc/mm: Fix null-pointer dereference in pgtable_cache_add
    - arm64: irq: set the correct node for VMAP stack
    - drivers/perf: pmuv3: don't expose SW_INCR event in sysfs
    - powerpc: Fix build error due to is_valid_bugaddr()
    - powerpc/mm: Fix build failures due to arch_reserved_kernel_pages()
    - powerpc/64s: Fix CONFIG_NUMA=n build due to create_section_mapping()
    - x86/boot: Ignore NMIs during very early boot
    - powerpc: pmd_move_must_withdraw() is only needed for
      CONFIG_TRANSPARENT_HUGEPAGE
    - powerpc/lib: Validate size for vector operations
    - x86/mce: Mark fatal MCE's page as poison to avoid panic in the kdump kernel
    - perf/core: Fix narrow startup race when creating the perf nr_addr_filters
      sysfs file
    - debugobjects: Stop accessing objects after releasing hash bucket lock
    - regulator: core: Only increment use_count when enable_count changes
    - audit: Send netlink ACK before setting connection in auditd_set
    - ACPI: video: Add quirk for the Colorful X15 AT 23 Laptop
    - PNP: ACPI: fix fortify warning
    - ACPI: extlog: fix NULL pointer dereference check
    - ACPI: NUMA: Fix the logic of getting the fake_pxm value
    - PM / devfreq: Synchronize devfreq_mon

  linux-oem-6.1 (6.1.0-1034.34) jammy; urgency=medium

  * jammy/linux-oem-6.1: 6.1.0-1034.34 -proposed tracker (LP: #2052268)

  * CVE-2023-6915
    - ida: Fix crash in ida_free when the bitmap is empty

  * There is sound from the speakers and headphones at the same time on one dell
    platform (LP: #2051334)
    - ALSA: hda/realtek: Add support dual speaker for Dell
    - ALSA: hda/realtek - Add speaker pin verbtable for Dell dual speaker platform

  * Audio balancing setting doesn't work with the cirrus codec (LP: #2051050)
    - ALSA: hda/cs8409: Suppress vmaster control for Dolphin models

 -- Timo Aaltonen <email address hidden> Mon, 05 Feb 2024 17:55:15 +0200

  linux-oem-6.1 (6.1.0-1033.33) jammy; urgency=medium

  * jammy/linux-oem-6.1: 6.1.0-1033.33 -proposed tracker (LP: #2051966)

  * Jammy update: v6.1.63 upstream stable release (LP: #2046577)
    - Restore "UBUNTU: SAUCE: apparmor: patch to provide compatibility with v2.x
      net rules"

 -- Timo Aaltonen <email address hidden> Thu, 01 Feb 2024 20:16:28 +0200

  linux-oem-6.1 (6.1.0-1029.29) jammy; urgency=medium

  * jammy/linux-oem-6.1: 6.1.0-1029.29 -proposed tracker (LP: #2048615)

  * CVE-2023-6817
    - netfilter: nft_set_pipapo: skip inactive elements during set walk

  * CVE-2023-51779
    - Bluetooth: af_bluetooth: Fix Use-After-Free in bt_sock_recvmsg

  * CVE-2024-0193
    - netfilter: nf_tables: skip set commit for deleted/destroyed sets

  * CVE-2023-6931
    - perf: Fix perf_event_validate_size()
    - perf: Fix perf_event_validate_size() lockdep splat

  * CVE-2023-6606
    - smb: client: fix OOB in smbCalcSize()

 -- Timo Aaltonen <email address hidden> Mon, 08 Jan 2024 18:50:35 +0200