UBUNTU: Ubuntu-6.8.0-16.16

Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>

debian.master/changelog

@@ -1,12 +1,210 @@
-linux (6.8.0-16.16) UNRELEASED; urgency=medium
+linux (6.8.0-16.16) noble; urgency=medium
 
-  CHANGELOG: Do not edit directly. Autogenerated at release.
-  CHANGELOG: Use the printchanges target to see the curent changes.
-  CHANGELOG: Use the insertchanges target to create the final log.
+  * noble/linux: 6.8.0-16.16 -proposed tracker (LP: #2056738)
+
+  * left-over ceph debugging printks (LP: #2056616)
+    - Revert "UBUNTU: SAUCE: ceph: make sure all the files successfully put before
+      unmounting"
+
+  * qat: Improve error recovery flows (LP: #2056354)
+    - crypto: qat - add heartbeat error simulator
+    - crypto: qat - disable arbitration before reset
+    - crypto: qat - update PFVF protocol for recovery
+    - crypto: qat - re-enable sriov after pf reset
+    - crypto: qat - add fatal error notification
+    - crypto: qat - add auto reset on error
+    - crypto: qat - limit heartbeat notifications
+    - crypto: qat - improve aer error reset handling
+    - crypto: qat - change SLAs cleanup flow at shutdown
+    - crypto: qat - resolve race condition during AER recovery
+    - Documentation: qat: fix auto_reset section
+
+  * update apparmor and LSM stacking patch set (LP: #2028253)
+    - SAUCE: apparmor4.0.0 [01/87]: LSM stacking v39: integrity: disassociate
+      ima_filter_rule from security_audit_rule
+    - SAUCE: apparmor4.0.0 [02/87]: LSM stacking v39: SM: Infrastructure
+      management of the sock security
+    - SAUCE: apparmor4.0.0 [03/87]: LSM stacking v39: LSM: Add the lsmblob data
+      structure.
+    - SAUCE: apparmor4.0.0 [04/87]: LSM stacking v39: IMA: avoid label collisions
+      with stacked LSMs
+    - SAUCE: apparmor4.0.0 [05/87]: LSM stacking v39: LSM: Use lsmblob in
+      security_audit_rule_match
+    - SAUCE: apparmor4.0.0 [06/87]: LSM stacking v39: LSM: Add lsmblob_to_secctx
+      hook
+    - SAUCE: apparmor4.0.0 [07/87]: LSM stacking v39: Audit: maintain an lsmblob
+      in audit_context
+    - SAUCE: apparmor4.0.0 [08/87]: LSM stacking v39: LSM: Use lsmblob in
+      security_ipc_getsecid
+    - SAUCE: apparmor4.0.0 [09/87]: LSM stacking v39: Audit: Update shutdown LSM
+      data
+    - SAUCE: apparmor4.0.0 [10/87]: LSM stacking v39: LSM: Use lsmblob in
+      security_current_getsecid
+    - SAUCE: apparmor4.0.0 [11/87]: LSM stacking v39: LSM: Use lsmblob in
+      security_inode_getsecid
+    - SAUCE: apparmor4.0.0 [12/87]: LSM stacking v39: Audit: use an lsmblob in
+      audit_names
+    - SAUCE: apparmor4.0.0 [13/87]: LSM stacking v39: LSM: Create new
+      security_cred_getlsmblob LSM hook
+    - SAUCE: apparmor4.0.0 [14/87]: LSM stacking v39: Audit: Change context data
+      from secid to lsmblob
+    - SAUCE: apparmor4.0.0 [15/87]: LSM stacking v39: Netlabel: Use lsmblob for
+      audit data
+    - SAUCE: apparmor4.0.0 [16/87]: LSM stacking v39: LSM: Ensure the correct LSM
+      context releaser
+    - SAUCE: apparmor4.0.0 [17/87]: LSM stacking v39: LSM: Use lsmcontext in
+      security_secid_to_secctx
+    - SAUCE: apparmor4.0.0 [18/87]: LSM stacking v39: LSM: Use lsmcontext in
+      security_lsmblob_to_secctx
+    - SAUCE: apparmor4.0.0 [19/87]: LSM stacking v39: LSM: Use lsmcontext in
+      security_inode_getsecctx
+    - SAUCE: apparmor4.0.0 [20/87]: LSM stacking v39: LSM: Use lsmcontext in
+      security_dentry_init_security
+    - SAUCE: apparmor4.0.0 [21/87]: LSM stacking v39: LSM:
+      security_lsmblob_to_secctx module selection
+    - SAUCE: apparmor4.0.0 [22/87]: LSM stacking v39: Audit: Create audit_stamp
+      structure
+    - SAUCE: apparmor4.0.0 [23/87]: LSM stacking v39: Audit: Allow multiple
+      records in an audit_buffer
+    - SAUCE: apparmor4.0.0 [24/87]: LSM stacking v39: Audit: Add record for
+      multiple task security contexts
+    - SAUCE: apparmor4.0.0 [25/87]: LSM stacking v39: audit: multiple subject lsm
+      values for netlabel
+    - SAUCE: apparmor4.0.0 [26/87]: LSM stacking v39: Audit: Add record for
+      multiple object contexts
+    - SAUCE: apparmor4.0.0 [27/87]: LSM stacking v39: LSM: Remove unused
+      lsmcontext_init()
+    - SAUCE: apparmor4.0.0 [28/87]: LSM stacking v39: LSM: Improve logic in
+      security_getprocattr
+    - SAUCE: apparmor4.0.0 [29/87]: LSM stacking v39: LSM: secctx provider check
+      on release
+    - SAUCE: apparmor4.0.0 [31/87]: LSM stacking v39: LSM: Exclusive secmark usage
+    - SAUCE: apparmor4.0.0 [32/87]: LSM stacking v39: LSM: Identify which LSM
+      handles the context string
+    - SAUCE: apparmor4.0.0 [33/87]: LSM stacking v39: AppArmor: Remove the
+      exclusive flag
+    - SAUCE: apparmor4.0.0 [34/87]: LSM stacking v39: LSM: Add mount opts blob
+      size tracking
+    - SAUCE: apparmor4.0.0 [35/87]: LSM stacking v39: LSM: allocate mnt_opts blobs
+      instead of module specific data
+    - SAUCE: apparmor4.0.0 [36/87]: LSM stacking v39: LSM: Infrastructure
+      management of the key security blob
+    - SAUCE: apparmor4.0.0 [37/87]: LSM stacking v39: LSM: Infrastructure
+      management of the mnt_opts security blob
+    - SAUCE: apparmor4.0.0 [38/87]: LSM stacking v39: LSM: Correct handling of
+      ENOSYS in inode_setxattr
+    - SAUCE: apparmor4.0.0 [39/87]: LSM stacking v39: LSM: Remove lsmblob
+      scaffolding
+    - SAUCE: apparmor4.0.0 [40/87]: LSM stacking v39: LSM: Allow reservation of
+      netlabel
+    - SAUCE: apparmor4.0.0 [41/87]: LSM stacking v39: LSM: restrict
+      security_cred_getsecid() to a single LSM
+    - SAUCE: apparmor4.0.0 [42/87]: LSM stacking v39: Smack: Remove
+      LSM_FLAG_EXCLUSIVE
+    - SAUCE: apparmor4.0.0 [43/87]: LSM stacking v39: UBUNTU: SAUCE: apparmor4.0.0
+      [12/95]: add/use fns to print hash string hex value
+    - SAUCE: apparmor4.0.0 [44/87]: patch to provide compatibility with v2.x net
+      rules
+    - SAUCE: apparmor4.0.0 [45/87]: add unpriviled user ns mediation
+    - SAUCE: apparmor4.0.0 [46/87]: Add sysctls for additional controls of unpriv
+      userns restrictions
+    - SAUCE: apparmor4.0.0 [47/87]: af_unix mediation
+    - SAUCE: apparmor4.0.0 [48/87]: Add fine grained mediation of posix mqueues
+    - SAUCE: apparmor4.0.0 [49/87]: setup slab cache for audit data
+    - SAUCE: apparmor4.0.0 [50/87]: Improve debug print infrastructure
+    - SAUCE: apparmor4.0.0 [51/87]: add the ability for profiles to have a
+      learning cache
+    - SAUCE: apparmor4.0.0 [52/87]: enable userspace upcall for mediation
+    - SAUCE: apparmor4.0.0 [53/87]: prompt - lock down prompt interface
+    - SAUCE: apparmor4.0.0 [54/87]: prompt - allow controlling of caching of a
+      prompt response
+    - SAUCE: apparmor4.0.0 [55/87]: prompt - add refcount to audit_node in prep or
+      reuse and delete
+    - SAUCE: apparmor4.0.0 [56/87]: prompt - refactor to moving caching to
+      uresponse
+    - SAUCE: apparmor4.0.0 [57/87]: prompt - Improve debug statements
+    - SAUCE: apparmor4.0.0 [58/87]: prompt - fix caching
+    - SAUCE: apparmor4.0.0 [59/87]: prompt - rework build to use append fn, to
+      simplify adding strings
+    - SAUCE: apparmor4.0.0 [60/87]: prompt - refcount notifications
+    - SAUCE: apparmor4.0.0 [61/87]: prompt - add the ability to reply with a
+      profile name
+    - SAUCE: apparmor4.0.0 [62/87]: prompt - fix notification cache when updating
+    - SAUCE: apparmor4.0.0 [63/87]: prompt - add tailglob on name for cache
+      support
+    - SAUCE: apparmor4.0.0 [64/87]: prompt - allow profiles to set prompts as
+      interruptible
+    - SAUCE: apparmor4.0.0 [65/87] v6.8 prompt:fixup interruptible
+    - SAUCE: apparmor4.0.0 [69/87]: add io_uring mediation
+    - SAUCE: apparmor4.0.0 [70/87]: apparmor: fix oops when racing to retrieve
+      notification
+    - SAUCE: apparmor4.0.0 [71/87]: apparmor: fix notification header size
+    - SAUCE: apparmor4.0.0 [72/87]: apparmor: fix request field from a prompt
+      reply that denies all access
+    - SAUCE: apparmor4.0.0 [73/87]: apparmor: open userns related sysctl so lxc
+      can check if restriction are in place
+    - SAUCE: apparmor4.0.0 [74/87]: apparmor: cleanup attachment perm lookup to
+      use lookup_perms()
+    - SAUCE: apparmor4.0.0 [75/87]: apparmor: remove redundant unconfined check.
+    - SAUCE: apparmor4.0.0 [76/87]: apparmor: switch signal mediation to using
+      RULE_MEDIATES
+    - SAUCE: apparmor4.0.0 [77/87]: apparmor: ensure labels with more than one
+      entry have correct flags
+    - SAUCE: apparmor4.0.0 [78/87]: apparmor: remove explicit restriction that
+      unconfined cannot use change_hat
+    - SAUCE: apparmor4.0.0 [79/87]: apparmor: cleanup: refactor file_perm() to
+      provide semantics of some checks
+    - SAUCE: apparmor4.0.0 [80/87]: apparmor: carry mediation check on label
+    - SAUCE: apparmor4.0.0 [81/87]: apparmor: convert easy uses of unconfined() to
+      label_mediates()
+    - SAUCE: apparmor4.0.0 [82/87]: apparmor: add additional flags to extended
+      permission.
+    - SAUCE: apparmor4.0.0 [83/87]: apparmor: add support for profiles to define
+      the kill signal
+    - SAUCE: apparmor4.0.0 [84/87]: apparmor: fix x_table_lookup when stacking is
+      not the first entry
+    - SAUCE: apparmor4.0.0 [85/87]: apparmor: allow profile to be transitioned
+      when a user ns is created
+    - SAUCE: apparmor4.0.0 [86/87]: apparmor: add ability to mediate caps with
+      policy state machine
+    - SAUCE: apparmor4.0.0 [87/87]: fixup notify
+    - [Config] disable CONFIG_SECURITY_APPARMOR_RESTRICT_USERNS
+
+  * update apparmor and LSM stacking patch set (LP: #2028253) // [FFe]
+    apparmor-4.0.0-alpha2 for unprivileged user namespace restrictions in mantic
+    (LP: #2032602)
+    - SAUCE: apparmor4.0.0 [66/87]: prompt - add support for advanced filtering of
+      notifications
+    - SAUCE: apparmor4.0.0 [67/87]: userns - add the ability to reference a global
+      variable for a feature value
+    - SAUCE: apparmor4.0.0 [68/87]: userns - make it so special unconfined
+      profiles can mediate user namespaces
+
+  * Enable lowlatency settings in the generic kernel (LP: #2051342)
+    - [Config] enable low-latency settings
+
+  * hwmon: (coretemp) Fix core count limitation (LP: #2056126)
+    - hwmon: (coretemp) Introduce enum for attr index
+    - hwmon: (coretemp) Remove unnecessary dependency of array index
+    - hwmon: (coretemp) Replace sensor_device_attribute with device_attribute
+    - hwmon: (coretemp) Remove redundant pdata->cpu_map[]
+    - hwmon: (coretemp) Abstract core_temp helpers
+    - hwmon: (coretemp) Split package temp_data and core temp_data
+    - hwmon: (coretemp) Remove redundant temp_data->is_pkg_data
+    - hwmon: (coretemp) Use dynamic allocated memory for core temp_data
+
+  * Miscellaneous Ubuntu changes
+    - [Config] Disable CONFIG_CRYPTO_DEV_QAT_ERROR_INJECTION
+    - [Packaging] remove debian/scripts/misc/arch-has-odm-enabled.sh
+    - rebase on v6.8
+    - [Config] toolchain version update
+
+  * Miscellaneous upstream changes
+    - crypto: qat - add fatal error notify method
 
   * Rebase on v6.8
 
- -- Paolo Pisati <paolo.pisati@canonical.com>  Mon, 11 Mar 2024 09:46:27 +0100
+ -- Paolo Pisati <paolo.pisati@canonical.com>  Mon, 11 Mar 2024 10:14:10 +0100
 
 linux (6.8.0-15.15) noble; urgency=medium
 

debian.master/reconstruct

@@ -1 +1,38 @@
+# Recreate any symlinks created since the orig.
+chmod +x 'debian/cloud-tools/hv_get_dhcp_info'
+chmod +x 'debian/cloud-tools/hv_get_dns_info'
+chmod +x 'debian/cloud-tools/hv_set_ifconfig'
+chmod +x 'debian/rules'
+chmod +x 'debian/scripts/checks/control-check'
+chmod +x 'debian/scripts/checks/final-checks'
+chmod +x 'debian/scripts/checks/module-signature-check'
+chmod +x 'debian/scripts/control-create'
+chmod +x 'debian/scripts/dkms-build'
+chmod +x 'debian/scripts/dkms-build--nvidia-N'
+chmod +x 'debian/scripts/dkms-build-configure--zfs'
+chmod +x 'debian/scripts/file-downloader'
+chmod +x 'debian/scripts/link-headers'
+chmod +x 'debian/scripts/link-lib-rust'
+chmod +x 'debian/scripts/misc/annotations'
+chmod +x 'debian/scripts/misc/find-missing-sauce.sh'
+chmod +x 'debian/scripts/misc/fips-checks'
+chmod +x 'debian/scripts/misc/gen-auto-reconstruct'
+chmod +x 'debian/scripts/misc/git-ubuntu-log'
+chmod +x 'debian/scripts/misc/insert-changes'
+chmod +x 'debian/scripts/misc/insert-ubuntu-changes'
+chmod +x 'debian/scripts/misc/kernelconfig'
+chmod +x 'debian/scripts/module-inclusion'
+chmod +x 'debian/scripts/sign-module'
+chmod +x 'debian/templates/extra.postinst.in'
+chmod +x 'debian/templates/extra.postrm.in'
+chmod +x 'debian/templates/headers.postinst.in'
+chmod +x 'debian/templates/image.postinst.in'
+chmod +x 'debian/templates/image.postrm.in'
+chmod +x 'debian/templates/image.preinst.in'
+chmod +x 'debian/templates/image.prerm.in'
+chmod +x 'debian/tests-build/check-aliases'
+chmod +x 'debian/tests/rebuild'
+chmod +x 'debian/tests/ubuntu-regression-suite'
+chmod +x 'drivers/watchdog/f71808e_wdt.c'
+# Remove any files deleted from the orig.
 exit 0