UBUNTU: Ubuntu-oracle-6.8.0-1027.28

mrphilcox · mrphilcox · commit b922b6168ee1 · 2025-06-20T13:11:29.000-04:00
Signed-off-by: Philip Cox &lt;philip.cox@canonical.com&gt;
diff --git a/debian.oracle/changelog b/debian.oracle/changelog
@@ -1,10 +1,236 @@
-linux-oracle (6.8.0-1027.28) UNRELEASED; urgency=medium
-
-  CHANGELOG: Do not edit directly. Autogenerated at release.
-  CHANGELOG: Use the printchanges target to see the curent changes.
-  CHANGELOG: Use the insertchanges target to create the final log.
+linux-oracle (6.8.0-1027.28) noble; urgency=medium
+
+  * noble/linux-oracle: 6.8.0-1027.28 -proposed tracker (LP: #2110724)
+
+  [ Ubuntu: 6.8.0-62.65 ]
+
+  * noble/linux: 6.8.0-62.65 -proposed tracker (LP: #2110737)
+  * Rotate the Canonical Livepatch key (LP: #2111244)
+    - [Config] Prepare for Canonical Livepatch key rotation
+  * KVM bug causes Firecracker crash when it runs the vCPU for the first time
+    (LP: #2109859)
+    - vhost: return task creation error instead of NULL
+    - kvm: retry nx_huge_page_recovery_thread creation
+  * CVE-2025-2312 cifs.upcall could access incorrect kerberos credentials cache
+    (LP: #2099914) // CVE-2025-2312
+    - CIFS: New mount option for cifs.upcall namespace resolution
+  * Noble update: upstream stable patchset 2025-04-29 (LP: #2109640)
+    - ASoC: wm8994: Add depends on MFD core
+    - ASoC: samsung: Add missing selects for MFD_WM8994
+    - seccomp: Stub for !CONFIG_SECCOMP
+    - scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request
+    - of/unittest: Add test that of_address_to_resource() fails on non-
+      translatable address
+    - irqchip/sunxi-nmi: Add missing SKIP_WAKE flag
+    - hwmon: (drivetemp) Set scsi command timeout to 10s
+    - ASoC: samsung: Add missing depends on I2C
+    - ata: libata-core: Set ATA_QCFLAG_RTF_FILLED in fill_result_tf()
+    - Revert "libfs: fix infinite directory reads for offset dir"
+    - libfs: Replace simple_offset end-of-directory detection
+    - Revert "HID: multitouch: Add support for lenovo Y9000P Touchpad"
+    - ALSA: usb-audio: Add delay quirk for USB Audio Device
+    - Input: xpad - add support for Nacon Pro Compact
+    - Input: atkbd - map F23 key to support default copilot shortcut
+    - Input: xpad - add unofficial Xbox 360 wireless receiver clone
+    - Input: xpad - add QH Electronics VID/PID
+    - Input: xpad - improve name of 8BitDo controller 2dc8:3106
+    - Input: xpad - add support for Nacon Evol-X Xbox One Controller
+    - Input: xpad - add support for wooting two he (arm)
+    - ASoC: codecs: es8316: Fix HW rate calculation for 48Mhz MCLK
+    - ASoC: cs42l43: Add codec force suspend/resume ops
+    - ALSA: hda/realtek: Fix volume adjustment issue on Lenovo ThinkBook 16P Gen5
+    - libfs: Return ENOSPC when the directory offset range is exhausted
+    - Revert "libfs: Add simple_offset_empty()"
+    - libfs: Use d_children list to iterate simple_offset directories
+    - wifi: rtl8xxxu: add more missing rtl8192cu USB IDs
+    - HID: wacom: Initialize brightness of LED trigger
+    - Upstream stable to v6.6.75, v6.12.12
+  * Noble update: upstream stable patchset 2025-04-29 (LP: #2109640) //
+    CVE-2025-21689
+    - USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb()
+  * Noble update: upstream stable patchset 2025-04-29 (LP: #2109640) //
+    CVE-2025-21690
+    - scsi: storvsc: Ratelimit warning logs to prevent VM denial of service
+  * Noble update: upstream stable patchset 2025-04-29 (LP: #2109640) //
+    CVE-2025-21691
+    - cachestat: fix page cache statistics permission checking
+  * Noble update: upstream stable patchset 2025-04-29 (LP: #2109640) //
+    CVE-2025-21692
+    - net: sched: fix ets qdisc OOB Indexing
+  * Noble update: upstream stable patchset 2025-04-29 (LP: #2109640) //
+    CVE-2025-21699
+    - gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag
+  * Noble update: upstream stable patchset 2025-04-29 (LP: #2109640) //
+    CVE-2024-50157
+    - RDMA/bnxt_re: Avoid CPU lockups due fifo occupancy check loop
+  * rtw89: Support hardware rfkill (LP: #2077384)
+    - wifi: rtw89: add support for hardware rfkill
+  * Introduce configfs-based interface for gpio-aggregator (LP: #2103496)
+    - gpio: introduce utilities for synchronous fake device creation
+    - bitmap: Define a cleanup function for bitmaps
+    - gpio: aggregator: simplify aggr_parse() with scoped bitmap
+    - gpio: aggregator: protect driver attr handlers against module unload
+    - gpio: aggregator: reorder functions to prepare for configfs introduction
+    - gpio: aggregator: unify function naming
+    - gpio: aggregator: add gpio_aggregator_{alloc, free}()
+    - gpio: aggregator: introduce basic configfs interface
+    - [Config] Enable DEV_SYNC_PROBE as module
+    - SAUCE: gpio: aggregator: Fix error code in gpio_aggregator_activate()
+    - gpio: aggregator: rename 'name' to 'key' in gpio_aggregator_parse()
+    - gpio: aggregator: expose aggregator created via legacy sysfs to configfs
+    - SAUCE: gpio: aggregator: fix "_sysfs" prefix check in
+      gpio_aggregator_make_group()
+    - SAUCE: gpio: aggregator: Fix gpio_aggregator_line_alloc() checking
+    - SAUCE: gpio: aggregator: Return an error if there are no GPIOs in
+      gpio_aggregator_parse()
+    - SAUCE: gpio: aggregator: Fix leak in gpio_aggregator_parse()
+    - gpio: aggregator: cancel deferred probe for devices created via configfs
+    - Documentation: gpio: document configfs interface for gpio-aggregator
+    - selftests: gpio: add test cases for gpio-aggregator
+    - SAUCE: selftests: gpio: gpio-aggregator: add a test case for _sysfs prefix
+      reservation
+  * Noble update: upstream stable patchset 2025-04-16 (LP: #2107449)
+    - net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field()
+    - net: add exit_batch_rtnl() method
+    - gtp: use exit_batch_rtnl() method
+    - gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp().
+    - gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl().
+    - nfp: bpf: prevent integer overflow in nfp_bpf_event_output()
+    - net: xilinx: axienet: Fix IRQ coalescing packet count overflow
+    - net/mlx5: Fix RDMA TX steering prio
+    - net/mlx5e: Rely on reqid in IPsec tunnel mode
+    - net/mlx5e: Always start IPsec sequence number from 1
+    - drm/vmwgfx: Add new keep_resv BO param
+    - drm/v3d: Assign job pointer to NULL before signaling the fence
+    - soc: ti: pruss: Fix pruss APIs
+    - hwmon: (tmp513) Fix division of negative numbers
+    - i2c: mux: demux-pinctrl: check initial mux selection, too
+    - i2c: rcar: fix NACK handling when being a target
+    - hfs: Sanity check the root record
+    - fs: fix missing declaration of init_files
+    - kheaders: Ignore silly-rename files
+    - cachefiles: Parse the "secctx" immediately
+    - scsi: ufs: core: Honor runtime/system PM levels if set by host controller
+      drivers
+    - selftests: tc-testing: reduce rshift value
+    - ACPI: resource: acpi_dev_irq_override(): Check DMI match last
+    - poll_wait: add mb() to fix theoretical race between waitqueue_active() and
+      .poll()
+    - RDMA/bnxt_re: Fix to export port num to ib_query_qp
+    - nvmet: propagate npwg topology
+    - ALSA: hda/realtek: Add support for Ayaneo System using CS35L41 HDA
+    - i2c: atr: Fix client detach
+    - mptcp: be sure to send ack when mptcp-level window re-opens
+    - mptcp: fix spurious wake-up on under memory pressure
+    - selftests: mptcp: avoid spurious errors on disconnect
+    - net: ethernet: xgbe: re-add aneg to supported features in PHY quirks
+    - vsock/virtio: cancel close work in the destructor
+    - vsock: reset socket state when de-assigning the transport
+    - nouveau/fence: handle cross device fences properly
+    - irqchip: Plug a OF node reference leak in platform_irqchip_probe()
+    - irqchip/gic-v3: Handle CPU_PM_ENTER_FAILED correctly
+    - drm/i915/fb: Relax clear color alignment to 64 bytes
+    - drm/amdgpu: always sync the GFX pipe on ctx switch
+    - ocfs2: fix deadlock in ocfs2_get_system_file_inode
+    - nfsd: add list_head nf_gc to struct nfsd_file
+    - x86/xen: fix SLS mitigation in xen_hypercall_iret()
+    - efi/zboot: Limit compression options to GZIP and ZSTD
+    - [Config] updateconfigs for HAVE_KERNEL_(LZ4|LZMA|LZO|XZ)
+    - net: ravb: Fix max TX frame size for RZ/V2M
+    - net/mlx5: SF, Fix add port error handling
+    - drm/vmwgfx: Unreserve BO on error
+    - i2c: testunit: on errors, repeat NACK until STOP
+    - hwmon: (ltc2991) Fix mixed signed/unsigned in DIV_ROUND_CLOSEST
+    - fs/qnx6: Fix building with GCC 15
+    - gpio: sim: lock up configfs that an instantiated device depends on
+    - gpio: sim: lock hog configfs items if present
+    - platform/x86: ISST: Add Clearwater Forest to support list
+    - drm/nouveau/disp: Fix missing backlight control on Macbook 5,1
+    - net/ncsi: fix locking in Get MAC Address handling
+    - drm/amd/display: Do not elevate mem_type change to full update
+    - drm/xe: Mark ComputeCS read mode as UC on iGPU
+    - drm/amdgpu/smu13: update powersave optimizations
+    - drm/amdgpu: fix fw attestation for MP0_14_0_{2/3}
+    - drm/amdgpu: disable gfxoff with the compute workload on gfx12
+    - drm/amd/display: Fix PSR-SU not support but still call the
+      amdgpu_dm_psr_enable
+    - Upstream stable to v6.6.73, v6.6.74, v6.12.11
+  * Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) //
+    CVE-2025-21672
+    - afs: Fix merge preference rule failure condition
+  * Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) //
+    CVE-2025-21682
+    - eth: bnxt: always recalculate features after XDP clearing, fix null-deref
+  * Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) //
+    CVE-2024-53124
+    - net: fix data-races around sk->sk_forward_alloc
+  * Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) //
+    CVE-2024-57924
+    - fs: relax assertions on failure to encode file handles
+  * Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) //
+    CVE-2024-57951
+    - hrtimers: Handle CPU state correctly on hotplug
+  * Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) //
+    CVE-2024-57949
+    - irqchip/gic-v3-its: Don't enable interrupts in its_irq_set_vcpu_affinity()
+  * Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) //
+    CVE-2025-21668
+    - pmdomain: imx8mp-blk-ctrl: add missing loop break condition
+  * Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) //
+    CVE-2025-21684
+    - gpio: xilinx: Convert gpio_lock to raw spinlock
+  * Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) //
+    CVE-2025-21694
+    - fs/proc: fix softlockup in __read_vmcore (part 2)
+  * Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) //
+    CVE-2025-21665
+    - filemap: avoid truncating 64-bit offset to 32 bits
+  * Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) //
+    CVE-2025-21666
+    - vsock: prevent null-ptr-deref in vsock_*[has_data|has_space]
+  * Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) //
+    CVE-2025-21669
+    - vsock/virtio: discard packets if the transport changes
+  * Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) //
+    CVE-2025-21670
+    - vsock/bpf: return early if transport is not assigned
+  * Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) //
+    CVE-2025-21667
+    - iomap: avoid avoid truncating 64-bit offset to 32 bits
+  * Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) //
+    CVE-2024-57948
+    - mac802154: check local interfaces before deleting sdata list
+  * Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) //
+    CVE-2025-21673
+    - smb: client: fix double free of TCP_Server_Info::hostname
+  * Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) //
+    CVE-2025-21697
+    - drm/v3d: Ensure job pointer is set to NULL after job completion
+  * Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) //
+    CVE-2025-21674
+    - net/mlx5e: Fix inversion dependency warning while enabling IPsec tunnel
+  * Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) //
+    CVE-2025-21675
+    - net/mlx5: Clear port select structure when fail to create
+  * Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) //
+    CVE-2025-21676
+    - net: fec: handle page_pool_dev_alloc_pages error
+  * Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) //
+    CVE-2025-21678
+    - gtp: Destroy device along with udp socket's netns dismantle.
+  * Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) //
+    CVE-2025-21680
+    - pktgen: Avoid out-of-bounds access in get_imix_entries
+  * Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) //
+    CVE-2025-21681
+    - openvswitch: fix lockup on tx to unregistering netdev with carrier
+  * Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) //
+    CVE-2025-21683
+    - bpf: Fix bpf_sk_select_reuseport() memory leak
+  * Packaging resync (LP: #1786013)
+    - [Packaging] update annotations scripts
 
- -- Philip Cox <philip.cox@canonical.com>  Mon, 26 May 2025 11:51:47 -0400
+ -- Philip Cox <philip.cox@canonical.com>  Mon, 26 May 2025 11:57:20 -0400
 
 linux-oracle (6.8.0-1026.27) noble; urgency=medium
 
diff --git a/debian.oracle/reconstruct b/debian.oracle/reconstruct
@@ -35,6 +35,7 @@ chmod +x 'debian/tests-build/check-aliases'
 chmod +x 'debian/tests/rebuild'
 chmod +x 'debian/tests/ubuntu-regression-suite'
 chmod +x 'drivers/watchdog/f71808e_wdt.c'
+chmod +x 'tools/testing/selftests/gpio/gpio-aggregator.sh'
 chmod +x 'tools/testing/selftests/net/ipv6_route_update_soft_lockup.sh'
 # Remove any files deleted from the orig.
 rm -f 'arch/arm/kernel/pj4-cp0.c'
