From 06dda676e64c9b85c48a739cf0213e7e4564b82b Mon Sep 17 00:00:00 2001 From: Kevin Becker Date: Fri, 23 May 2025 09:36:11 -0400 Subject: [PATCH] UBUNTU: Ubuntu-realtime-6.8.1-1023.24 Signed-off-by: Kevin Becker --- debian.realtime/changelog | 236 +++++++++++++++++++++++++++++++++++- debian.realtime/reconstruct | 1 + 2 files changed, 232 insertions(+), 5 deletions(-) diff --git a/debian.realtime/changelog b/debian.realtime/changelog index 46b87b45d07e..15cf93abad07 100644 --- a/debian.realtime/changelog +++ b/debian.realtime/changelog @@ -1,10 +1,236 @@ -linux-realtime (6.8.1-1023.24) UNRELEASED; urgency=medium +linux-realtime (6.8.1-1023.24) noble; urgency=medium - CHANGELOG: Do not edit directly. Autogenerated at release. - CHANGELOG: Use the printchanges target to see the curent changes. - CHANGELOG: Use the insertchanges target to create the final log. + * noble/linux-realtime: 6.8.1-1023.24 -proposed tracker (LP: #2110731) - -- Kevin Becker Fri, 23 May 2025 09:01:01 -0400 + [ Ubuntu: 6.8.0-62.65 ] + + * noble/linux: 6.8.0-62.65 -proposed tracker (LP: #2110737) + * Rotate the Canonical Livepatch key (LP: #2111244) + - [Config] Prepare for Canonical Livepatch key rotation + * KVM bug causes Firecracker crash when it runs the vCPU for the first time + (LP: #2109859) + - vhost: return task creation error instead of NULL + - kvm: retry nx_huge_page_recovery_thread creation + * CVE-2025-2312 cifs.upcall could access incorrect kerberos credentials cache + (LP: #2099914) // CVE-2025-2312 + - CIFS: New mount option for cifs.upcall namespace resolution + * Noble update: upstream stable patchset 2025-04-29 (LP: #2109640) + - ASoC: wm8994: Add depends on MFD core + - ASoC: samsung: Add missing selects for MFD_WM8994 + - seccomp: Stub for !CONFIG_SECCOMP + - scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request + - of/unittest: Add test that of_address_to_resource() fails on non- + translatable address + - irqchip/sunxi-nmi: Add missing SKIP_WAKE flag + - hwmon: (drivetemp) Set scsi command timeout to 10s + - ASoC: samsung: Add missing depends on I2C + - ata: libata-core: Set ATA_QCFLAG_RTF_FILLED in fill_result_tf() + - Revert "libfs: fix infinite directory reads for offset dir" + - libfs: Replace simple_offset end-of-directory detection + - Revert "HID: multitouch: Add support for lenovo Y9000P Touchpad" + - ALSA: usb-audio: Add delay quirk for USB Audio Device + - Input: xpad - add support for Nacon Pro Compact + - Input: atkbd - map F23 key to support default copilot shortcut + - Input: xpad - add unofficial Xbox 360 wireless receiver clone + - Input: xpad - add QH Electronics VID/PID + - Input: xpad - improve name of 8BitDo controller 2dc8:3106 + - Input: xpad - add support for Nacon Evol-X Xbox One Controller + - Input: xpad - add support for wooting two he (arm) + - ASoC: codecs: es8316: Fix HW rate calculation for 48Mhz MCLK + - ASoC: cs42l43: Add codec force suspend/resume ops + - ALSA: hda/realtek: Fix volume adjustment issue on Lenovo ThinkBook 16P Gen5 + - libfs: Return ENOSPC when the directory offset range is exhausted + - Revert "libfs: Add simple_offset_empty()" + - libfs: Use d_children list to iterate simple_offset directories + - wifi: rtl8xxxu: add more missing rtl8192cu USB IDs + - HID: wacom: Initialize brightness of LED trigger + - Upstream stable to v6.6.75, v6.12.12 + * Noble update: upstream stable patchset 2025-04-29 (LP: #2109640) // + CVE-2025-21689 + - USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb() + * Noble update: upstream stable patchset 2025-04-29 (LP: #2109640) // + CVE-2025-21690 + - scsi: storvsc: Ratelimit warning logs to prevent VM denial of service + * Noble update: upstream stable patchset 2025-04-29 (LP: #2109640) // + CVE-2025-21691 + - cachestat: fix page cache statistics permission checking + * Noble update: upstream stable patchset 2025-04-29 (LP: #2109640) // + CVE-2025-21692 + - net: sched: fix ets qdisc OOB Indexing + * Noble update: upstream stable patchset 2025-04-29 (LP: #2109640) // + CVE-2025-21699 + - gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag + * Noble update: upstream stable patchset 2025-04-29 (LP: #2109640) // + CVE-2024-50157 + - RDMA/bnxt_re: Avoid CPU lockups due fifo occupancy check loop + * rtw89: Support hardware rfkill (LP: #2077384) + - wifi: rtw89: add support for hardware rfkill + * Introduce configfs-based interface for gpio-aggregator (LP: #2103496) + - gpio: introduce utilities for synchronous fake device creation + - bitmap: Define a cleanup function for bitmaps + - gpio: aggregator: simplify aggr_parse() with scoped bitmap + - gpio: aggregator: protect driver attr handlers against module unload + - gpio: aggregator: reorder functions to prepare for configfs introduction + - gpio: aggregator: unify function naming + - gpio: aggregator: add gpio_aggregator_{alloc, free}() + - gpio: aggregator: introduce basic configfs interface + - [Config] Enable DEV_SYNC_PROBE as module + - SAUCE: gpio: aggregator: Fix error code in gpio_aggregator_activate() + - gpio: aggregator: rename 'name' to 'key' in gpio_aggregator_parse() + - gpio: aggregator: expose aggregator created via legacy sysfs to configfs + - SAUCE: gpio: aggregator: fix "_sysfs" prefix check in + gpio_aggregator_make_group() + - SAUCE: gpio: aggregator: Fix gpio_aggregator_line_alloc() checking + - SAUCE: gpio: aggregator: Return an error if there are no GPIOs in + gpio_aggregator_parse() + - SAUCE: gpio: aggregator: Fix leak in gpio_aggregator_parse() + - gpio: aggregator: cancel deferred probe for devices created via configfs + - Documentation: gpio: document configfs interface for gpio-aggregator + - selftests: gpio: add test cases for gpio-aggregator + - SAUCE: selftests: gpio: gpio-aggregator: add a test case for _sysfs prefix + reservation + * Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) + - net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field() + - net: add exit_batch_rtnl() method + - gtp: use exit_batch_rtnl() method + - gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp(). + - gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl(). + - nfp: bpf: prevent integer overflow in nfp_bpf_event_output() + - net: xilinx: axienet: Fix IRQ coalescing packet count overflow + - net/mlx5: Fix RDMA TX steering prio + - net/mlx5e: Rely on reqid in IPsec tunnel mode + - net/mlx5e: Always start IPsec sequence number from 1 + - drm/vmwgfx: Add new keep_resv BO param + - drm/v3d: Assign job pointer to NULL before signaling the fence + - soc: ti: pruss: Fix pruss APIs + - hwmon: (tmp513) Fix division of negative numbers + - i2c: mux: demux-pinctrl: check initial mux selection, too + - i2c: rcar: fix NACK handling when being a target + - hfs: Sanity check the root record + - fs: fix missing declaration of init_files + - kheaders: Ignore silly-rename files + - cachefiles: Parse the "secctx" immediately + - scsi: ufs: core: Honor runtime/system PM levels if set by host controller + drivers + - selftests: tc-testing: reduce rshift value + - ACPI: resource: acpi_dev_irq_override(): Check DMI match last + - poll_wait: add mb() to fix theoretical race between waitqueue_active() and + .poll() + - RDMA/bnxt_re: Fix to export port num to ib_query_qp + - nvmet: propagate npwg topology + - ALSA: hda/realtek: Add support for Ayaneo System using CS35L41 HDA + - i2c: atr: Fix client detach + - mptcp: be sure to send ack when mptcp-level window re-opens + - mptcp: fix spurious wake-up on under memory pressure + - selftests: mptcp: avoid spurious errors on disconnect + - net: ethernet: xgbe: re-add aneg to supported features in PHY quirks + - vsock/virtio: cancel close work in the destructor + - vsock: reset socket state when de-assigning the transport + - nouveau/fence: handle cross device fences properly + - irqchip: Plug a OF node reference leak in platform_irqchip_probe() + - irqchip/gic-v3: Handle CPU_PM_ENTER_FAILED correctly + - drm/i915/fb: Relax clear color alignment to 64 bytes + - drm/amdgpu: always sync the GFX pipe on ctx switch + - ocfs2: fix deadlock in ocfs2_get_system_file_inode + - nfsd: add list_head nf_gc to struct nfsd_file + - x86/xen: fix SLS mitigation in xen_hypercall_iret() + - efi/zboot: Limit compression options to GZIP and ZSTD + - [Config] updateconfigs for HAVE_KERNEL_(LZ4|LZMA|LZO|XZ) + - net: ravb: Fix max TX frame size for RZ/V2M + - net/mlx5: SF, Fix add port error handling + - drm/vmwgfx: Unreserve BO on error + - i2c: testunit: on errors, repeat NACK until STOP + - hwmon: (ltc2991) Fix mixed signed/unsigned in DIV_ROUND_CLOSEST + - fs/qnx6: Fix building with GCC 15 + - gpio: sim: lock up configfs that an instantiated device depends on + - gpio: sim: lock hog configfs items if present + - platform/x86: ISST: Add Clearwater Forest to support list + - drm/nouveau/disp: Fix missing backlight control on Macbook 5,1 + - net/ncsi: fix locking in Get MAC Address handling + - drm/amd/display: Do not elevate mem_type change to full update + - drm/xe: Mark ComputeCS read mode as UC on iGPU + - drm/amdgpu/smu13: update powersave optimizations + - drm/amdgpu: fix fw attestation for MP0_14_0_{2/3} + - drm/amdgpu: disable gfxoff with the compute workload on gfx12 + - drm/amd/display: Fix PSR-SU not support but still call the + amdgpu_dm_psr_enable + - Upstream stable to v6.6.73, v6.6.74, v6.12.11 + * Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) // + CVE-2025-21672 + - afs: Fix merge preference rule failure condition + * Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) // + CVE-2025-21682 + - eth: bnxt: always recalculate features after XDP clearing, fix null-deref + * Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) // + CVE-2024-53124 + - net: fix data-races around sk->sk_forward_alloc + * Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) // + CVE-2024-57924 + - fs: relax assertions on failure to encode file handles + * Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) // + CVE-2024-57951 + - hrtimers: Handle CPU state correctly on hotplug + * Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) // + CVE-2024-57949 + - irqchip/gic-v3-its: Don't enable interrupts in its_irq_set_vcpu_affinity() + * Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) // + CVE-2025-21668 + - pmdomain: imx8mp-blk-ctrl: add missing loop break condition + * Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) // + CVE-2025-21684 + - gpio: xilinx: Convert gpio_lock to raw spinlock + * Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) // + CVE-2025-21694 + - fs/proc: fix softlockup in __read_vmcore (part 2) + * Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) // + CVE-2025-21665 + - filemap: avoid truncating 64-bit offset to 32 bits + * Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) // + CVE-2025-21666 + - vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] + * Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) // + CVE-2025-21669 + - vsock/virtio: discard packets if the transport changes + * Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) // + CVE-2025-21670 + - vsock/bpf: return early if transport is not assigned + * Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) // + CVE-2025-21667 + - iomap: avoid avoid truncating 64-bit offset to 32 bits + * Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) // + CVE-2024-57948 + - mac802154: check local interfaces before deleting sdata list + * Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) // + CVE-2025-21673 + - smb: client: fix double free of TCP_Server_Info::hostname + * Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) // + CVE-2025-21697 + - drm/v3d: Ensure job pointer is set to NULL after job completion + * Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) // + CVE-2025-21674 + - net/mlx5e: Fix inversion dependency warning while enabling IPsec tunnel + * Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) // + CVE-2025-21675 + - net/mlx5: Clear port select structure when fail to create + * Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) // + CVE-2025-21676 + - net: fec: handle page_pool_dev_alloc_pages error + * Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) // + CVE-2025-21678 + - gtp: Destroy device along with udp socket's netns dismantle. + * Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) // + CVE-2025-21680 + - pktgen: Avoid out-of-bounds access in get_imix_entries + * Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) // + CVE-2025-21681 + - openvswitch: fix lockup on tx to unregistering netdev with carrier + * Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) // + CVE-2025-21683 + - bpf: Fix bpf_sk_select_reuseport() memory leak + * Packaging resync (LP: #1786013) + - [Packaging] update annotations scripts + + -- Kevin Becker Fri, 23 May 2025 09:36:11 -0400 linux-realtime (6.8.1-1022.23) noble; urgency=medium diff --git a/debian.realtime/reconstruct b/debian.realtime/reconstruct index df83da494958..cb419b1270b0 100644 --- a/debian.realtime/reconstruct +++ b/debian.realtime/reconstruct @@ -33,6 +33,7 @@ chmod +x 'debian/tests-build/check-aliases' chmod +x 'debian/tests/rebuild' chmod +x 'debian/tests/ubuntu-regression-suite' chmod +x 'drivers/watchdog/f71808e_wdt.c' +chmod +x 'tools/testing/selftests/gpio/gpio-aggregator.sh' chmod +x 'tools/testing/selftests/net/ipv6_route_update_soft_lockup.sh' # Remove any files deleted from the orig. rm -f 'arch/arm/kernel/pj4-cp0.c'