UBUNTU: Ubuntu-realtime-6.8.0-1001.1

Signed-off-by: Joseph Salisbury <joseph.salisbury@canonical.com>

debian.realtime/abi/abiname

@@ -1 +0,0 @@
-3

debian.realtime/abi/amd64/ignore

@@ -1 +0,0 @@
-1

debian.realtime/abi/amd64/ignore.abi

@@ -1 +0,0 @@
-1

debian.realtime/abi/amd64/ignore.modules

@@ -1 +0,0 @@
-1

debian.realtime/abi/amd64/ignore.retpoline

@@ -1 +0,0 @@
-1

debian.realtime/abi/arm64/ignore

@@ -1 +0,0 @@
-1

debian.realtime/abi/arm64/ignore.abi

@@ -1 +0,0 @@
-1

debian.realtime/abi/arm64/ignore.modules

@@ -1 +0,0 @@
-1

debian.realtime/abi/arm64/ignore.retpoline

@@ -1 +0,0 @@
-1

debian.realtime/abi/version

@@ -1 +0,0 @@
-6.7.0-1003.2

debian.realtime/changelog

@@ -1,10 +1,551 @@
-linux-realtime (6.7.0-1005.6) UNRELEASED; urgency=medium
+linux-realtime (6.8.0-1001.1) noble; urgency=medium
 
-  CHANGELOG: Do not edit directly. Autogenerated at release.
-  CHANGELOG: Use the printchanges target to see the curent changes.
-  CHANGELOG: Use the insertchanges target to create the final log.
+  * noble/linux-realtime: 6.8.0-1001.1 -proposed tracker (LP: #2054838)
 
- -- Joseph Salisbury <joseph.salisbury@canonical.com>  Fri, 23 Feb 2024 12:05:18 -0500
+  * Packaging resync (LP: #1786013)
+    - [Packaging] resync update-dkms-versions helper
+    - debian/dkms-versions -- update from kernel-versions (main/d2024.02.07)
+
+  * Noble real-time initial patch set: v6.8-rt4 (LP: #2054837)
+    - net: Avoid the IPI to free the
+    - x86: Allow to enable RT
+    - x86: Enable RT also on 32bit
+    - sched/rt: Don't try push tasks if there are none.
+    - softirq: Use a dedicated thread for timer wakeups.
+    - rcutorture: Also force sched priority to timersd on boosting test.
+    - tick: Fix timer storm since introduction of timersd
+    - softirq: Wake ktimers thread also in softirq.
+    - zram: Replace bit spinlocks with spinlock_t for PREEMPT_RT.
+    - sched/core: Provide a method to check if a task is PI-boosted.
+    - softirq: Add function to preempt serving softirqs.
+    - time: Allow to preempt after a callback.
+    - printk: nbcon: Relocate 32bit seq macros
+    - printk: Adjust mapping for 32bit seq macros
+    - printk: Use prb_first_seq() as base for 32bit seq macros
+    - printk: ringbuffer: Do not skip non-finalized records with prb_next_seq()
+    - printk: ringbuffer: Clarify special lpos values
+    - printk: For @suppress_panic_printk check for other CPU in panic
+    - printk: Add this_cpu_in_panic()
+    - printk: ringbuffer: Cleanup reader terminology
+    - printk: Wait for all reserved records with pr_flush()
+    - printk: ringbuffer: Skip non-finalized records in panic
+    - printk: Disable passing console lock owner completely during panic()
+    - printk: Avoid non-panic CPUs writing to ringbuffer
+    - panic: Flush kernel log buffer at the end
+    - dump_stack: Do not get cpu_sync for panic CPU
+    - printk: Consider nbcon boot consoles on seq init
+    - printk: Add sparse notation to console_srcu locking
+    - printk: nbcon: Ensure ownership release on failed emit
+    - printk: Check printk_deferred_enter()/_exit() usage
+    - printk: nbcon: Implement processing in port->lock wrapper
+    - printk: nbcon: Add detailed doc for write_atomic()
+    - printk: nbcon: Fix kerneldoc for enums
+    - printk: Make console_is_usable() available to nbcon
+    - printk: Let console_is_usable() handle nbcon
+    - printk: Add @flags argument for console_is_usable()
+    - printk: nbcon: Provide function to flush using write_atomic()
+    - printk: Track registered boot consoles
+    - printk: nbcon: Use nbcon consoles in console_flush_all()
+    - printk: nbcon: Assign priority based on CPU state
+    - printk: nbcon: Add unsafe flushing on panic
+    - printk: Avoid console_lock dance if no legacy or boot consoles
+    - printk: Track nbcon consoles
+    - printk: Coordinate direct printing in panic
+    - printk: nbcon: Implement emergency sections
+    - panic: Mark emergency section in warn
+    - panic: Mark emergency section in oops
+    - rcu: Mark emergency section in rcu stalls
+    - lockdep: Mark emergency section in lockdep splats
+    - printk: nbcon: Introduce printing kthreads
+    - printk: Atomic print in printk context on shutdown
+    - printk: nbcon: Add context to console_is_usable()
+    - printk: nbcon: Add printer thread wakeups
+    - printk: nbcon: Stop threads on shutdown/reboot
+    - printk: nbcon: Start printing threads
+    - proc: Add nbcon support for /proc/consoles
+    - tty: sysfs: Add nbcon support for 'active'
+    - printk: nbcon: Provide function to reacquire ownership
+    - serial: core: Provide low-level functions to port lock
+    - serial: 8250: Switch to nbcon console
+    - serial: 8250: revert "drop lockdep annotation from serial8250_clear_IER()"
+    - printk: Add kthread for all legacy consoles
+    - printk: Provide threadprintk boot argument
+    - printk: Avoid false positive lockdep report for legacy printing
+    - drm/i915: Use preempt_disable/enable_rt() where recommended
+    - drm/i915: Don't disable interrupts on PREEMPT_RT during atomic updates
+    - drm/i915: Don't check for atomic context on PREEMPT_RT
+    - drm/i915: Disable tracing points on PREEMPT_RT
+    - drm/i915: skip DRM_I915_LOW_LEVEL_TRACEPOINTS with NOTRACE
+    - drm/i915/gt: Queue and wait for the irq_work item.
+    - drm/i915/gt: Use spin_lock_irq() instead of local_irq_disable() +
+      spin_lock()
+    - drm/i915: Drop the irqs_disabled() check
+    - drm/i915/guc: Consider also RCU depth in busy loop.
+    - Revert "drm/i915: Depend on !PREEMPT_RT."
+    - sched: define TIF_ALLOW_RESCHED
+    - arm: Disable jump-label on PREEMPT_RT.
+    - ARM: enable irq in translation/section permission fault handlers
+    - arm: Disable FAST_GUP on PREEMPT_RT if HIGHPTE is also enabled.
+    - tty/serial/omap: Make the locking RT aware
+    - tty/serial/pl011: Make the locking work on RT
+    - ARM: vfp: Provide vfp_lock() for VFP locking.
+    - ARM: vfp: Use vfp_lock() in vfp_sync_hwstate().
+    - ARM: vfp: Use vfp_lock() in vfp_support_entry().
+    - ARM: vfp: Move sending signals outside of vfp_lock()ed section.
+    - ARM: Allow to enable RT
+    - ARM64: Allow to enable RT
+    - powerpc: traps: Use PREEMPT_RT
+    - powerpc/pseries/iommu: Use a locallock instead local_irq_save()
+    - powerpc/pseries: Select the generic memory allocator.
+    - powerpc/kvm: Disable in-kernel MPIC emulation for PREEMPT_RT
+    - powerpc/stackprotector: work around stack-guard init from atomic
+    - POWERPC: Allow to enable RT
+    - riscv: add PREEMPT_AUTO support
+    - riscv: allow to enable RT
+    - sysfs: Add /sys/kernel/realtime entry
+
+  [ Ubuntu: 6.8.0-11.11 ]
+
+  * noble/linux: 6.8.0-11.11 -proposed tracker (LP: #2053094)
+  * Miscellaneous Ubuntu changes
+    - [Packaging] riscv64: disable building unnecessary binary debs
+
+  [ Ubuntu: 6.8.0-10.10 ]
+
+  * noble/linux: 6.8.0-10.10 -proposed tracker (LP: #2053015)
+  * Miscellaneous Ubuntu changes
+    - [Packaging] add Rust build-deps for riscv64
+  * Miscellaneous upstream changes
+    - Revert "Revert "UBUNTU: [Packaging] temporarily disable Rust dependencies on
+      riscv64""
+
+  [ Ubuntu: 6.8.0-9.9 ]
+
+  * noble/linux: 6.8.0-9.9 -proposed tracker (LP: #2052945)
+  * Miscellaneous upstream changes
+    - Revert "UBUNTU: [Packaging] temporarily disable Rust dependencies on
+      riscv64"
+
+  [ Ubuntu: 6.8.0-8.8 ]
+
+  * noble/linux: 6.8.0-8.8 -proposed tracker (LP: #2052918)
+  * Miscellaneous Ubuntu changes
+    - [Packaging] riscv64: enable linux-libc-dev build
+    - v6.8-rc4 rebase
+  * Rebase on v6.8-rc4
+
+  [ Ubuntu: 6.8.0-7.7 ]
+
+  * noble/linux: 6.8.0-7.7 -proposed tracker (LP: #2052691)
+  * update apparmor and LSM stacking patch set (LP: #2028253)
+    - SAUCE: apparmor4.0.0 [01/87]: LSM stacking v39: integrity: disassociate
+      ima_filter_rule from security_audit_rule
+    - SAUCE: apparmor4.0.0 [02/87]: LSM stacking v39: SM: Infrastructure
+      management of the sock security
+    - SAUCE: apparmor4.0.0 [03/87]: LSM stacking v39: LSM: Add the lsmblob data
+      structure.
+    - SAUCE: apparmor4.0.0 [04/87]: LSM stacking v39: IMA: avoid label collisions
+      with stacked LSMs
+    - SAUCE: apparmor4.0.0 [05/87]: LSM stacking v39: LSM: Use lsmblob in
+      security_audit_rule_match
+    - SAUCE: apparmor4.0.0 [06/87]: LSM stacking v39: LSM: Add lsmblob_to_secctx
+      hook
+    - SAUCE: apparmor4.0.0 [07/87]: LSM stacking v39: Audit: maintain an lsmblob
+      in audit_context
+    - SAUCE: apparmor4.0.0 [08/87]: LSM stacking v39: LSM: Use lsmblob in
+      security_ipc_getsecid
+    - SAUCE: apparmor4.0.0 [09/87]: LSM stacking v39: Audit: Update shutdown LSM
+      data
+    - SAUCE: apparmor4.0.0 [10/87]: LSM stacking v39: LSM: Use lsmblob in
+      security_current_getsecid
+    - SAUCE: apparmor4.0.0 [11/87]: LSM stacking v39: LSM: Use lsmblob in
+      security_inode_getsecid
+    - SAUCE: apparmor4.0.0 [12/87]: LSM stacking v39: Audit: use an lsmblob in
+      audit_names
+    - SAUCE: apparmor4.0.0 [13/87]: LSM stacking v39: LSM: Create new
+      security_cred_getlsmblob LSM hook
+    - SAUCE: apparmor4.0.0 [14/87]: LSM stacking v39: Audit: Change context data
+      from secid to lsmblob
+    - SAUCE: apparmor4.0.0 [15/87]: LSM stacking v39: Netlabel: Use lsmblob for
+      audit data
+    - SAUCE: apparmor4.0.0 [16/87]: LSM stacking v39: LSM: Ensure the correct LSM
+      context releaser
+    - SAUCE: apparmor4.0.0 [17/87]: LSM stacking v39: LSM: Use lsmcontext in
+      security_secid_to_secctx
+    - SAUCE: apparmor4.0.0 [18/87]: LSM stacking v39: LSM: Use lsmcontext in
+      security_lsmblob_to_secctx
+    - SAUCE: apparmor4.0.0 [19/87]: LSM stacking v39: LSM: Use lsmcontext in
+      security_inode_getsecctx
+    - SAUCE: apparmor4.0.0 [20/87]: LSM stacking v39: LSM: Use lsmcontext in
+      security_dentry_init_security
+    - SAUCE: apparmor4.0.0 [21/87]: LSM stacking v39: LSM:
+      security_lsmblob_to_secctx module selection
+    - SAUCE: apparmor4.0.0 [22/87]: LSM stacking v39: Audit: Create audit_stamp
+      structure
+    - SAUCE: apparmor4.0.0 [23/87]: LSM stacking v39: Audit: Allow multiple
+      records in an audit_buffer
+    - SAUCE: apparmor4.0.0 [24/87]: LSM stacking v39: Audit: Add record for
+      multiple task security contexts
+    - SAUCE: apparmor4.0.0 [25/87]: LSM stacking v39: audit: multiple subject lsm
+      values for netlabel
+    - SAUCE: apparmor4.0.0 [26/87]: LSM stacking v39: Audit: Add record for
+      multiple object contexts
+    - SAUCE: apparmor4.0.0 [27/87]: LSM stacking v39: LSM: Remove unused
+      lsmcontext_init()
+    - SAUCE: apparmor4.0.0 [28/87]: LSM stacking v39: LSM: Improve logic in
+      security_getprocattr
+    - SAUCE: apparmor4.0.0 [29/87]: LSM stacking v39: LSM: secctx provider check
+      on release
+    - SAUCE: apparmor4.0.0 [31/87]: LSM stacking v39: LSM: Exclusive secmark usage
+    - SAUCE: apparmor4.0.0 [32/87]: LSM stacking v39: LSM: Identify which LSM
+      handles the context string
+    - SAUCE: apparmor4.0.0 [33/87]: LSM stacking v39: AppArmor: Remove the
+      exclusive flag
+    - SAUCE: apparmor4.0.0 [34/87]: LSM stacking v39: LSM: Add mount opts blob
+      size tracking
+    - SAUCE: apparmor4.0.0 [35/87]: LSM stacking v39: LSM: allocate mnt_opts blobs
+      instead of module specific data
+    - SAUCE: apparmor4.0.0 [36/87]: LSM stacking v39: LSM: Infrastructure
+      management of the key security blob
+    - SAUCE: apparmor4.0.0 [37/87]: LSM stacking v39: LSM: Infrastructure
+      management of the mnt_opts security blob
+    - SAUCE: apparmor4.0.0 [38/87]: LSM stacking v39: LSM: Correct handling of
+      ENOSYS in inode_setxattr
+    - SAUCE: apparmor4.0.0 [39/87]: LSM stacking v39: LSM: Remove lsmblob
+      scaffolding
+    - SAUCE: apparmor4.0.0 [40/87]: LSM stacking v39: LSM: Allow reservation of
+      netlabel
+    - SAUCE: apparmor4.0.0 [41/87]: LSM stacking v39: LSM: restrict
+      security_cred_getsecid() to a single LSM
+    - SAUCE: apparmor4.0.0 [42/87]: LSM stacking v39: Smack: Remove
+      LSM_FLAG_EXCLUSIVE
+    - SAUCE: apparmor4.0.0 [43/87]: LSM stacking v39: UBUNTU: SAUCE: apparmor4.0.0
+      [12/95]: add/use fns to print hash string hex value
+    - SAUCE: apparmor4.0.0 [44/87]: patch to provide compatibility with v2.x net
+      rules
+    - SAUCE: apparmor4.0.0 [45/87]: add unpriviled user ns mediation
+    - SAUCE: apparmor4.0.0 [46/87]: Add sysctls for additional controls of unpriv
+      userns restrictions
+    - SAUCE: apparmor4.0.0 [47/87]: af_unix mediation
+    - SAUCE: apparmor4.0.0 [48/87]: Add fine grained mediation of posix mqueues
+    - SAUCE: apparmor4.0.0 [49/87]: setup slab cache for audit data
+    - SAUCE: apparmor4.0.0 [50/87]: Improve debug print infrastructure
+    - SAUCE: apparmor4.0.0 [51/87]: add the ability for profiles to have a
+      learning cache
+    - SAUCE: apparmor4.0.0 [52/87]: enable userspace upcall for mediation
+    - SAUCE: apparmor4.0.0 [53/87]: prompt - lock down prompt interface
+    - SAUCE: apparmor4.0.0 [54/87]: prompt - allow controlling of caching of a
+      prompt response
+    - SAUCE: apparmor4.0.0 [55/87]: prompt - add refcount to audit_node in prep or
+      reuse and delete
+    - SAUCE: apparmor4.0.0 [56/87]: prompt - refactor to moving caching to
+      uresponse
+    - SAUCE: apparmor4.0.0 [57/87]: prompt - Improve debug statements
+    - SAUCE: apparmor4.0.0 [58/87]: prompt - fix caching
+    - SAUCE: apparmor4.0.0 [59/87]: prompt - rework build to use append fn, to
+      simplify adding strings
+    - SAUCE: apparmor4.0.0 [60/87]: prompt - refcount notifications
+    - SAUCE: apparmor4.0.0 [61/87]: prompt - add the ability to reply with a
+      profile name
+    - SAUCE: apparmor4.0.0 [62/87]: prompt - fix notification cache when updating
+    - SAUCE: apparmor4.0.0 [63/87]: prompt - add tailglob on name for cache
+      support
+    - SAUCE: apparmor4.0.0 [64/87]: prompt - allow profiles to set prompts as
+      interruptible
+    - SAUCE: apparmor4.0.0 [65/87] v6.8 prompt:fixup interruptible
+    - SAUCE: apparmor4.0.0 [69/87]: add io_uring mediation
+    - SAUCE: apparmor4.0.0 [70/87]: apparmor: fix oops when racing to retrieve
+      notification
+    - SAUCE: apparmor4.0.0 [71/87]: apparmor: fix notification header size
+    - SAUCE: apparmor4.0.0 [72/87]: apparmor: fix request field from a prompt
+      reply that denies all access
+    - SAUCE: apparmor4.0.0 [73/87]: apparmor: open userns related sysctl so lxc
+      can check if restriction are in place
+    - SAUCE: apparmor4.0.0 [74/87]: apparmor: cleanup attachment perm lookup to
+      use lookup_perms()
+    - SAUCE: apparmor4.0.0 [75/87]: apparmor: remove redundant unconfined check.
+    - SAUCE: apparmor4.0.0 [76/87]: apparmor: switch signal mediation to using
+      RULE_MEDIATES
+    - SAUCE: apparmor4.0.0 [77/87]: apparmor: ensure labels with more than one
+      entry have correct flags
+    - SAUCE: apparmor4.0.0 [78/87]: apparmor: remove explicit restriction that
+      unconfined cannot use change_hat
+    - SAUCE: apparmor4.0.0 [79/87]: apparmor: cleanup: refactor file_perm() to
+      provide semantics of some checks
+    - SAUCE: apparmor4.0.0 [80/87]: apparmor: carry mediation check on label
+    - SAUCE: apparmor4.0.0 [81/87]: apparmor: convert easy uses of unconfined() to
+      label_mediates()
+    - SAUCE: apparmor4.0.0 [82/87]: apparmor: add additional flags to extended
+      permission.
+    - SAUCE: apparmor4.0.0 [83/87]: apparmor: add support for profiles to define
+      the kill signal
+    - SAUCE: apparmor4.0.0 [84/87]: apparmor: fix x_table_lookup when stacking is
+      not the first entry
+    - SAUCE: apparmor4.0.0 [85/87]: apparmor: allow profile to be transitioned
+      when a user ns is created
+    - SAUCE: apparmor4.0.0 [86/87]: apparmor: add ability to mediate caps with
+      policy state machine
+    - SAUCE: apparmor4.0.0 [87/87]: fixup notify
+    - [Config] disable CONFIG_SECURITY_APPARMOR_RESTRICT_USERNS
+  * update apparmor and LSM stacking patch set (LP: #2028253) // [FFe]
+    apparmor-4.0.0-alpha2 for unprivileged user namespace restrictions in mantic
+    (LP: #2032602)
+    - SAUCE: apparmor4.0.0 [66/87]: prompt - add support for advanced filtering of
+      notifications
+    - SAUCE: apparmor4.0.0 [67/87]: userns - add the ability to reference a global
+      variable for a feature value
+    - SAUCE: apparmor4.0.0 [68/87]: userns - make it so special unconfined
+      profiles can mediate user namespaces
+
+  [ Ubuntu: 6.8.0-6.6 ]
+
+  * noble/linux: 6.8.0-6.6 -proposed tracker (LP: #2052592)
+  * Packaging resync (LP: #1786013)
+    - debian.master/dkms-versions -- update from kernel-versions
+      (main/d2024.02.07)
+    - [Packaging] update variants
+  * FIPS kernels should default to fips mode (LP: #2049082)
+    - SAUCE: Enable fips mode by default, in FIPS kernels only
+  * Fix snapcraftyaml.yaml for jammy:linux-raspi (LP: #2051468)
+    - [Packaging] Remove old snapcraft.yaml
+  * Azure: Fix regression introduced in LP: #2045069 (LP: #2052453)
+    - hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed
+  * Miscellaneous Ubuntu changes
+    - [Packaging] Remove in-tree abi checks
+    - [Packaging] drop abi files with clean
+    - [Packaging] Remove do_full_source variable (fixup)
+    - [Packaging] Remove update-dkms-versions and move dkms-versions
+    - [Config] updateconfigs following v6.8-rc3 rebase
+    - [packaging] rename to linux
+    - [packaging] rebase on v6.8-rc3
+    - [packaging] disable signing for ppc64el
+  * Rebase on v6.8-rc3
+
+  [ Ubuntu: 6.8.0-5.5 ]
+
+  * noble/linux-unstable: 6.8.0-5.5 -proposed tracker (LP: #2052136)
+  * Miscellaneous upstream changes
+    - Revert "mm/sparsemem: fix race in accessing memory_section->usage"
+
+  [ Ubuntu: 6.8.0-4.4 ]
+
+  * noble/linux-unstable: 6.8.0-4.4 -proposed tracker (LP: #2051502)
+  * Migrate from fbdev drivers to simpledrm and DRM fbdev emulation layer
+    (LP: #1965303)
+    - [Config] enable simpledrm and DRM fbdev emulation layer
+  * Miscellaneous Ubuntu changes
+    - [Config] toolchain update
+  * Miscellaneous upstream changes
+    - rust: upgrade to Rust 1.75.0
+
+  [ Ubuntu: 6.8.0-3.3 ]
+
+  * noble/linux-unstable: 6.8.0-3.3 -proposed tracker (LP: #2051488)
+  * update apparmor and LSM stacking patch set (LP: #2028253)
+    - SAUCE: apparmor4.0.0 [43/87]: LSM stacking v39: UBUNTU: SAUCE: apparmor4.0.0
+      [12/95]: add/use fns to print hash string hex value
+    - SAUCE: apparmor4.0.0 [44/87]: patch to provide compatibility with v2.x net
+      rules
+    - SAUCE: apparmor4.0.0 [45/87]: add unpriviled user ns mediation
+    - SAUCE: apparmor4.0.0 [46/87]: Add sysctls for additional controls of unpriv
+      userns restrictions
+    - SAUCE: apparmor4.0.0 [47/87]: af_unix mediation
+    - SAUCE: apparmor4.0.0 [48/87]: Add fine grained mediation of posix mqueues
+    - SAUCE: apparmor4.0.0 [49/87]: setup slab cache for audit data
+    - SAUCE: apparmor4.0.0 [50/87]: Improve debug print infrastructure
+    - SAUCE: apparmor4.0.0 [51/87]: add the ability for profiles to have a
+      learning cache
+    - SAUCE: apparmor4.0.0 [52/87]: enable userspace upcall for mediation
+    - SAUCE: apparmor4.0.0 [53/87]: prompt - lock down prompt interface
+    - SAUCE: apparmor4.0.0 [54/87]: prompt - allow controlling of caching of a
+      prompt response
+    - SAUCE: apparmor4.0.0 [55/87]: prompt - add refcount to audit_node in prep or
+      reuse and delete
+    - SAUCE: apparmor4.0.0 [56/87]: prompt - refactor to moving caching to
+      uresponse
+    - SAUCE: apparmor4.0.0 [57/87]: prompt - Improve debug statements
+    - SAUCE: apparmor4.0.0 [58/87]: prompt - fix caching
+    - SAUCE: apparmor4.0.0 [59/87]: prompt - rework build to use append fn, to
+      simplify adding strings
+    - SAUCE: apparmor4.0.0 [60/87]: prompt - refcount notifications
+    - SAUCE: apparmor4.0.0 [61/87]: prompt - add the ability to reply with a
+      profile name
+    - SAUCE: apparmor4.0.0 [62/87]: prompt - fix notification cache when updating
+    - SAUCE: apparmor4.0.0 [63/87]: prompt - add tailglob on name for cache
+      support
+    - SAUCE: apparmor4.0.0 [64/87]: prompt - allow profiles to set prompts as
+      interruptible
+    - SAUCE: apparmor4.0.0 [69/87]: add io_uring mediation
+    - [Config] disable CONFIG_SECURITY_APPARMOR_RESTRICT_USERNS
+  * apparmor restricts read access of user namespace mediation sysctls to root
+    (LP: #2040194)
+    - SAUCE: apparmor4.0.0 [73/87]: apparmor: open userns related sysctl so lxc
+      can check if restriction are in place
+  * AppArmor spams kernel log with assert when auditing (LP: #2040192)
+    - SAUCE: apparmor4.0.0 [72/87]: apparmor: fix request field from a prompt
+      reply that denies all access
+  * apparmor notification files verification (LP: #2040250)
+    - SAUCE: apparmor4.0.0 [71/87]: apparmor: fix notification header size
+  * apparmor oops when racing to retrieve a notification (LP: #2040245)
+    - SAUCE: apparmor4.0.0 [70/87]: apparmor: fix oops when racing to retrieve
+      notification
+  * update apparmor and LSM stacking patch set (LP: #2028253) // [FFe]
+    apparmor-4.0.0-alpha2 for unprivileged user namespace restrictions in mantic
+    (LP: #2032602)
+    - SAUCE: apparmor4.0.0 [66/87]: prompt - add support for advanced filtering of
+      notifications
+    - SAUCE: apparmor4.0.0 [67/87]: userns - add the ability to reference a global
+      variable for a feature value
+    - SAUCE: apparmor4.0.0 [68/87]: userns - make it so special unconfined
+      profiles can mediate user namespaces
+  * Miscellaneous Ubuntu changes
+    - SAUCE: apparmor4.0.0 [01/87]: LSM stacking v39: integrity: disassociate
+      ima_filter_rule from security_audit_rule
+    - SAUCE: apparmor4.0.0 [02/87]: LSM stacking v39: SM: Infrastructure
+      management of the sock security
+    - SAUCE: apparmor4.0.0 [03/87]: LSM stacking v39: LSM: Add the lsmblob data
+      structure.
+    - SAUCE: apparmor4.0.0 [04/87]: LSM stacking v39: IMA: avoid label collisions
+      with stacked LSMs
+    - SAUCE: apparmor4.0.0 [05/87]: LSM stacking v39: LSM: Use lsmblob in
+      security_audit_rule_match
+    - SAUCE: apparmor4.0.0 [06/87]: LSM stacking v39: LSM: Add lsmblob_to_secctx
+      hook
+    - SAUCE: apparmor4.0.0 [07/87]: LSM stacking v39: Audit: maintain an lsmblob
+      in audit_context
+    - SAUCE: apparmor4.0.0 [08/87]: LSM stacking v39: LSM: Use lsmblob in
+      security_ipc_getsecid
+    - SAUCE: apparmor4.0.0 [09/87]: LSM stacking v39: Audit: Update shutdown LSM
+      data
+    - SAUCE: apparmor4.0.0 [10/87]: LSM stacking v39: LSM: Use lsmblob in
+      security_current_getsecid
+    - SAUCE: apparmor4.0.0 [11/87]: LSM stacking v39: LSM: Use lsmblob in
+      security_inode_getsecid
+    - SAUCE: apparmor4.0.0 [12/87]: LSM stacking v39: Audit: use an lsmblob in
+      audit_names
+    - SAUCE: apparmor4.0.0 [13/87]: LSM stacking v39: LSM: Create new
+      security_cred_getlsmblob LSM hook
+    - SAUCE: apparmor4.0.0 [14/87]: LSM stacking v39: Audit: Change context data
+      from secid to lsmblob
+    - SAUCE: apparmor4.0.0 [15/87]: LSM stacking v39: Netlabel: Use lsmblob for
+      audit data
+    - SAUCE: apparmor4.0.0 [16/87]: LSM stacking v39: LSM: Ensure the correct LSM
+      context releaser
+    - SAUCE: apparmor4.0.0 [17/87]: LSM stacking v39: LSM: Use lsmcontext in
+      security_secid_to_secctx
+    - SAUCE: apparmor4.0.0 [18/87]: LSM stacking v39: LSM: Use lsmcontext in
+      security_lsmblob_to_secctx
+    - SAUCE: apparmor4.0.0 [19/87]: LSM stacking v39: LSM: Use lsmcontext in
+      security_inode_getsecctx
+    - SAUCE: apparmor4.0.0 [20/87]: LSM stacking v39: LSM: Use lsmcontext in
+      security_dentry_init_security
+    - SAUCE: apparmor4.0.0 [21/87]: LSM stacking v39: LSM:
+      security_lsmblob_to_secctx module selection
+    - SAUCE: apparmor4.0.0 [22/87]: LSM stacking v39: Audit: Create audit_stamp
+      structure
+    - SAUCE: apparmor4.0.0 [23/87]: LSM stacking v39: Audit: Allow multiple
+      records in an audit_buffer
+    - SAUCE: apparmor4.0.0 [24/87]: LSM stacking v39: Audit: Add record for
+      multiple task security contexts
+    - SAUCE: apparmor4.0.0 [25/87]: LSM stacking v39: audit: multiple subject lsm
+      values for netlabel
+    - SAUCE: apparmor4.0.0 [26/87]: LSM stacking v39: Audit: Add record for
+      multiple object contexts
+    - SAUCE: apparmor4.0.0 [27/87]: LSM stacking v39: LSM: Remove unused
+      lsmcontext_init()
+    - SAUCE: apparmor4.0.0 [28/87]: LSM stacking v39: LSM: Improve logic in
+      security_getprocattr
+    - SAUCE: apparmor4.0.0 [29/87]: LSM stacking v39: LSM: secctx provider check
+      on release
+    - SAUCE: apparmor4.0.0 [30/87]: LSM stacking v39: LSM: Single calls in
+      socket_getpeersec hooks
+    - SAUCE: apparmor4.0.0 [31/87]: LSM stacking v39: LSM: Exclusive secmark usage
+    - SAUCE: apparmor4.0.0 [32/87]: LSM stacking v39: LSM: Identify which LSM
+      handles the context string
+    - SAUCE: apparmor4.0.0 [33/87]: LSM stacking v39: AppArmor: Remove the
+      exclusive flag
+    - SAUCE: apparmor4.0.0 [34/87]: LSM stacking v39: LSM: Add mount opts blob
+      size tracking
+    - SAUCE: apparmor4.0.0 [35/87]: LSM stacking v39: LSM: allocate mnt_opts blobs
+      instead of module specific data
+    - SAUCE: apparmor4.0.0 [36/87]: LSM stacking v39: LSM: Infrastructure
+      management of the key security blob
+    - SAUCE: apparmor4.0.0 [37/87]: LSM stacking v39: LSM: Infrastructure
+      management of the mnt_opts security blob
+    - SAUCE: apparmor4.0.0 [38/87]: LSM stacking v39: LSM: Correct handling of
+      ENOSYS in inode_setxattr
+    - SAUCE: apparmor4.0.0 [39/87]: LSM stacking v39: LSM: Remove lsmblob
+      scaffolding
+    - SAUCE: apparmor4.0.0 [40/87]: LSM stacking v39: LSM: Allow reservation of
+      netlabel
+    - SAUCE: apparmor4.0.0 [41/87]: LSM stacking v39: LSM: restrict
+      security_cred_getsecid() to a single LSM
+    - SAUCE: apparmor4.0.0 [42/87]: LSM stacking v39: Smack: Remove
+      LSM_FLAG_EXCLUSIVE
+    - SAUCE: apparmor4.0.0 [65/87] v6.8 prompt:fixup interruptible
+    - SAUCE: apparmor4.0.0 [74/87]: apparmor: cleanup attachment perm lookup to
+      use lookup_perms()
+    - SAUCE: apparmor4.0.0 [75/87]: apparmor: remove redundant unconfined check.
+    - SAUCE: apparmor4.0.0 [76/87]: apparmor: switch signal mediation to using
+      RULE_MEDIATES
+    - SAUCE: apparmor4.0.0 [77/87]: apparmor: ensure labels with more than one
+      entry have correct flags
+    - SAUCE: apparmor4.0.0 [78/87]: apparmor: remove explicit restriction that
+      unconfined cannot use change_hat
+    - SAUCE: apparmor4.0.0 [79/87]: apparmor: cleanup: refactor file_perm() to
+      provide semantics of some checks
+    - SAUCE: apparmor4.0.0 [80/87]: apparmor: carry mediation check on label
+    - SAUCE: apparmor4.0.0 [81/87]: apparmor: convert easy uses of unconfined() to
+      label_mediates()
+    - SAUCE: apparmor4.0.0 [82/87]: apparmor: add additional flags to extended
+      permission.
+    - SAUCE: apparmor4.0.0 [83/87]: apparmor: add support for profiles to define
+      the kill signal
+    - SAUCE: apparmor4.0.0 [84/87]: apparmor: fix x_table_lookup when stacking is
+      not the first entry
+    - SAUCE: apparmor4.0.0 [85/87]: apparmor: allow profile to be transitioned
+      when a user ns is created
+    - SAUCE: apparmor4.0.0 [86/87]: apparmor: add ability to mediate caps with
+      policy state machine
+    - SAUCE: apparmor4.0.0 [87/87]: fixup notify
+    - [Config] updateconfigs following v6.8-rc2 rebase
+
+  [ Ubuntu: 6.8.0-2.2 ]
+
+  * noble/linux-unstable: 6.8.0-2.2 -proposed tracker (LP: #2051110)
+  * Miscellaneous Ubuntu changes
+    - [Config] toolchain update
+    - [Config] enable Rust
+
+  [ Ubuntu: 6.8.0-1.1 ]
+
+  * noble/linux-unstable: 6.8.0-1.1 -proposed tracker (LP: #2051102)
+  * Miscellaneous Ubuntu changes
+    - [packaging] move to v6.8-rc1
+    - [Config] updateconfigs following v6.8-rc1 rebase
+    - SAUCE: export file_close_fd() instead of close_fd_get_file()
+    - SAUCE: cpufreq: s/strlcpy/strscpy/
+    - debian/dkms-versions -- temporarily disable zfs dkms
+    - debian/dkms-versions -- temporarily disable ipu6 and isvsc dkms
+    - debian/dkms-versions -- temporarily disable v4l2loopback
+
+  [ Ubuntu: 6.8.0-0.0 ]
+
+  * Empty entry.
+
+  [ Ubuntu: 6.7.0-7.7 ]
+
+  * noble/linux-unstable: 6.7.0-7.7 -proposed tracker (LP: #2049357)
+  * Packaging resync (LP: #1786013)
+    - [Packaging] update variants
+  * Miscellaneous Ubuntu changes
+    - [Packaging] re-enable signing for s390x and ppc64el
+
+  [ Ubuntu: 6.7.0-6.6 ]
+
+  * Empty entry.
+
+ -- Joseph Salisbury <joseph.salisbury@canonical.com>  Fri, 23 Feb 2024 12:23:42 -0500
 
 linux-realtime (6.7.0-1004.5) noble; urgency=medium
 

debian.realtime/reconstruct

@@ -1,42 +1 @@
-# Recreate any symlinks created since the orig.
-chmod +x 'debian/cloud-tools/hv_get_dhcp_info'
-chmod +x 'debian/cloud-tools/hv_get_dns_info'
-chmod +x 'debian/cloud-tools/hv_set_ifconfig'
-chmod +x 'debian/rules'
-chmod +x 'debian/scripts/checks/abi-check'
-chmod +x 'debian/scripts/checks/final-checks'
-chmod +x 'debian/scripts/checks/module-check'
-chmod +x 'debian/scripts/checks/module-signature-check'
-chmod +x 'debian/scripts/control-create'
-chmod +x 'debian/scripts/dkms-build'
-chmod +x 'debian/scripts/dkms-build--nvidia-N'
-chmod +x 'debian/scripts/dkms-build-configure--zfs'
-chmod +x 'debian/scripts/file-downloader'
-chmod +x 'debian/scripts/link-headers'
-chmod +x 'debian/scripts/link-lib-rust'
-chmod +x 'debian/scripts/misc/annotations'
-chmod +x 'debian/scripts/misc/arch-has-odm-enabled.sh'
-chmod +x 'debian/scripts/misc/find-missing-sauce.sh'
-chmod +x 'debian/scripts/misc/fips-checks'
-chmod +x 'debian/scripts/misc/gen-auto-reconstruct'
-chmod +x 'debian/scripts/misc/getabis'
-chmod +x 'debian/scripts/misc/git-ubuntu-log'
-chmod +x 'debian/scripts/misc/insert-changes'
-chmod +x 'debian/scripts/misc/insert-ubuntu-changes'
-chmod +x 'debian/scripts/misc/kernelconfig'
-chmod +x 'debian/scripts/module-inclusion'
-chmod +x 'debian/scripts/sign-module'
-chmod +x 'debian/templates/extra.postinst.in'
-chmod +x 'debian/templates/extra.postrm.in'
-chmod +x 'debian/templates/headers.postinst.in'
-chmod +x 'debian/templates/image.postinst.in'
-chmod +x 'debian/templates/image.postrm.in'
-chmod +x 'debian/templates/image.preinst.in'
-chmod +x 'debian/templates/image.prerm.in'
-chmod +x 'debian/tests-build/check-aliases'
-chmod +x 'debian/tests/rebuild'
-chmod +x 'debian/tests/ubuntu-regression-suite'
-chmod +x 'drivers/watchdog/f71808e_wdt.c'
-chmod +x 'update-dkms-versions'
-# Remove any files deleted from the orig.
 exit 0