linux-gcp 6.5.0-1007.7 source package in Ubuntu

Changelog

linux-gcp (6.5.0-1007.7) mantic; urgency=medium

  * mantic/linux-gcp: 6.5.0-1007.7 -proposed tracker (LP: #2038691)

  [ Ubuntu: 6.5.0-9.9 ]

  * mantic/linux: 6.5.0-9.9 -proposed tracker (LP: #2038687)
  * update apparmor and LSM stacking patch set (LP: #2028253)
    - re-apply apparmor 4.0.0
  * Disable restricting unprivileged change_profile by default, due to LXD
    latest/stable not yet compatible with this new apparmor feature
    (LP: #2038567)
    - SAUCE: apparmor: Make apparmor_restrict_unprivileged_unconfined opt-in

  [ Ubuntu: 6.5.0-8.8 ]

  * mantic/linux: 6.5.0-8.8 -proposed tracker (LP: #2038577)
  * update apparmor and LSM stacking patch set (LP: #2028253)
    - SAUCE: apparmor3.2.0 [02/60]: rename SK_CTX() to aa_sock and make it an
      inline fn
    - SAUCE: apparmor3.2.0 [05/60]: Add sysctls for additional controls of unpriv
      userns restrictions
    - SAUCE: apparmor3.2.0 [08/60]: Stacking v38: LSM: Identify modules by more
      than name
    - SAUCE: apparmor3.2.0 [09/60]: Stacking v38: LSM: Add an LSM identifier for
      external use
    - SAUCE: apparmor3.2.0 [10/60]: Stacking v38: LSM: Identify the process
      attributes for each module
    - SAUCE: apparmor3.2.0 [11/60]: Stacking v38: LSM: Maintain a table of LSM
      attribute data
    - SAUCE: apparmor3.2.0 [12/60]: Stacking v38: proc: Use lsmids instead of lsm
      names for attrs
    - SAUCE: apparmor3.2.0 [13/60]: Stacking v38: integrity: disassociate
      ima_filter_rule from security_audit_rule
    - SAUCE: apparmor3.2.0 [14/60]: Stacking v38: LSM: Infrastructure management
      of the sock security
    - SAUCE: apparmor3.2.0 [15/60]: Stacking v38: LSM: Add the lsmblob data
      structure.
    - SAUCE: apparmor3.2.0 [16/60]: Stacking v38: LSM: provide lsm name and id
      slot mappings
    - SAUCE: apparmor3.2.0 [17/60]: Stacking v38: IMA: avoid label collisions with
      stacked LSMs
    - SAUCE: apparmor3.2.0 [18/60]: Stacking v38: LSM: Use lsmblob in
      security_audit_rule_match
    - SAUCE: apparmor3.2.0 [19/60]: Stacking v38: LSM: Use lsmblob in
      security_kernel_act_as
    - SAUCE: apparmor3.2.0 [20/60]: Stacking v38: LSM: Use lsmblob in
      security_secctx_to_secid
    - SAUCE: apparmor3.2.0 [21/60]: Stacking v38: LSM: Use lsmblob in
      security_secid_to_secctx
    - SAUCE: apparmor3.2.0 [22/60]: Stacking v38: LSM: Use lsmblob in
      security_ipc_getsecid
    - SAUCE: apparmor3.2.0 [23/60]: Stacking v38: LSM: Use lsmblob in
      security_current_getsecid
    - SAUCE: apparmor3.2.0 [24/60]: Stacking v38: LSM: Use lsmblob in
      security_inode_getsecid
    - SAUCE: apparmor3.2.0 [25/60]: Stacking v38: LSM: Use lsmblob in
      security_cred_getsecid
    - SAUCE: apparmor3.2.0 [26/60]: Stacking v38: LSM: Specify which LSM to
      display
    - SAUCE: apparmor3.2.0 [28/60]: Stacking v38: LSM: Ensure the correct LSM
      context releaser
    - SAUCE: apparmor3.2.0 [29/60]: Stacking v38: LSM: Use lsmcontext in
      security_secid_to_secctx
    - SAUCE: apparmor3.2.0 [30/60]: Stacking v38: LSM: Use lsmcontext in
      security_inode_getsecctx
    - SAUCE: apparmor3.2.0 [31/60]: Stacking v38: Use lsmcontext in
      security_dentry_init_security
    - SAUCE: apparmor3.2.0 [32/60]: Stacking v38: LSM: security_secid_to_secctx in
      netlink netfilter
    - SAUCE: apparmor3.2.0 [33/60]: Stacking v38: NET: Store LSM netlabel data in
      a lsmblob
    - SAUCE: apparmor3.2.0 [34/60]: Stacking v38: binder: Pass LSM identifier for
      confirmation
    - SAUCE: apparmor3.2.0 [35/60]: Stacking v38: LSM: security_secid_to_secctx
      module selection
    - SAUCE: apparmor3.2.0 [36/60]: Stacking v38: Audit: Keep multiple LSM data in
      audit_names
    - SAUCE: apparmor3.2.0 [37/60]: Stacking v38: Audit: Create audit_stamp
      structure
    - SAUCE: apparmor3.2.0 [38/60]: Stacking v38: LSM: Add a function to report
      multiple LSMs
    - SAUCE: apparmor3.2.0 [39/60]: Stacking v38: Audit: Allow multiple records in
      an audit_buffer
    - SAUCE: apparmor3.2.0 [40/60]: Stacking v38: Audit: Add record for multiple
      task security contexts
    - SAUCE: apparmor3.2.0 [41/60]: Stacking v38: audit: multiple subject lsm
      values for netlabel
    - SAUCE: apparmor3.2.0 [42/60]: Stacking v38: Audit: Add record for multiple
      object contexts
    - SAUCE: apparmor3.2.0 [43/60]: Stacking v38: netlabel: Use a struct lsmblob
      in audit data
    - SAUCE: apparmor3.2.0 [44/60]: Stacking v38: LSM: Removed scaffolding
      function lsmcontext_init
    - SAUCE: apparmor3.2.0 [45/60]: Stacking v38: AppArmor: Remove the exclusive
      flag
    - SAUCE: apparmor3.2.0 [46/60]: combine common_audit_data and
      apparmor_audit_data
    - SAUCE: apparmor3.2.0 [47/60]: setup slab cache for audit data
    - SAUCE: apparmor3.2.0 [48/60]: rename audit_data->label to
      audit_data->subj_label
    - SAUCE: apparmor3.2.0 [49/60]: pass cred through to audit info.
    - SAUCE: apparmor3.2.0 [50/60]: Improve debug print infrastructure
    - SAUCE: apparmor3.2.0 [51/60]: add the ability for profiles to have a
      learning cache
    - SAUCE: apparmor3.2.0 [52/60]: enable userspace upcall for mediation
    - SAUCE: apparmor3.2.0 [53/60]: cache buffers on percpu list if there is lock
      contention
    - SAUCE: apparmor3.2.0 [55/60]: advertise availability of exended perms
    - SAUCE: apparmor3.2.0 [60/60]: [Config] enable
      CONFIG_SECURITY_APPARMOR_RESTRICT_USERNS
  * LSM stacking and AppArmor for 6.2: additional fixes (LP: #2017903) // update
    apparmor and LSM stacking patch set (LP: #2028253)
    - SAUCE: apparmor3.2.0 [57/60]: fix profile verification and enable it
  * udev fails to make prctl() syscall with apparmor=0 (as used by maas by
    default) (LP: #2016908) // update apparmor and LSM stacking patch set
    (LP: #2028253)
    - SAUCE: apparmor3.2.0 [27/60]: Stacking v38: Fix prctl() syscall with
      apparmor=0
  * kinetic: apply new apparmor and LSM stacking patch set (LP: #1989983) //
    update apparmor and LSM stacking patch set (LP: #2028253)
    - SAUCE: apparmor3.2.0 [01/60]: add/use fns to print hash string hex value
    - SAUCE: apparmor3.2.0 [03/60]: patch to provide compatibility with v2.x net
      rules
    - SAUCE: apparmor3.2.0 [04/60]: add user namespace creation mediation
    - SAUCE: apparmor3.2.0 [06/60]: af_unix mediation
    - SAUCE: apparmor3.2.0 [07/60]: Add fine grained mediation of posix mqueues

 -- Andrea Righi <email address hidden>  Fri, 06 Oct 2023 22:07:48 +0200

Upload details

Uploaded by:
Andrea Righi
Uploaded to:
Mantic
Original maintainer:
Ubuntu Kernel Team
Architectures:
amd64 arm64
Section:
devel
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Mantic release main devel

Builds

Mantic: [FULLYBUILT] amd64 [FULLYBUILT] arm64

Downloads

File Size SHA-256 Checksum
linux-gcp_6.5.0.orig.tar.gz 213.2 MiB 2a2e58f77ba57f0660d3cb51fcbf25058dce092aaf2cd09e662d730301b96064
linux-gcp_6.5.0-1007.7.diff.gz 5.5 MiB d65e5ac274245f75be2632608845d180d79c826cd52cc831bfd704773782c6cc
linux-gcp_6.5.0-1007.7.dsc 4.0 KiB 2a0756af70e96add2378bf4f7e805cd4bca4d62a2038549e2f1b9a0366304bcd

Available diffs

View changes file

Binary packages built by this source

linux-buildinfo-6.5.0-1007-gcp: Linux kernel buildinfo for version 6.5.0 on ARMv8 SMP

 This package contains the Linux kernel buildinfo for version 6.5.0 on
 ARMv8 SMP.
 .
 You likely do not want to install this package.

linux-gcp-headers-6.5.0-1007: Header files related to Linux kernel version 6.5.0

 This package provides kernel header files for version 6.5.0, for sites
 that want the latest kernel headers. Please read
 /usr/share/doc/linux-gcp-headers-6.5.0-1007/debian.README.gz for details

linux-gcp-tools-6.5.0-1007: Linux kernel version specific tools for version 6.5.0-1007

 This package provides the architecture dependant parts for kernel
 version locked tools (such as perf and x86_energy_perf_policy) for
 version 6.5.0-1007 on
 ARMv8.
 You probably want to install linux-tools-6.5.0-1007-<flavour>.

linux-headers-6.5.0-1007-gcp: Linux kernel headers for version 6.5.0 on ARMv8 SMP

 This package provides kernel header files for version 6.5.0 on
 ARMv8 SMP.
 .
 This is for sites that want the latest kernel headers. Please read
 /usr/share/doc/linux-headers-6.5.0-1007/debian.README.gz for details.

linux-image-unsigned-6.5.0-1007-gcp: Linux kernel image for version 6.5.0 on ARMv8 SMP

 This package contains the unsigned Linux kernel image for version 6.5.0 on
 ARMv8 SMP.
 .
 Supports amd64 processors.
 .
 Geared toward GCP/GKE systems.
 .
 You likely do not want to install this package directly. Instead, install
 the linux-gcp meta-package, which will ensure that upgrades work
 correctly, and that supporting packages are also installed.

linux-image-unsigned-6.5.0-1007-gcp-dbgsym: Linux kernel debug image for version 6.5.0 on ARMv8 SMP

 This package provides the unsigned kernel debug image for version 6.5.0 on
 ARMv8 SMP.
 .
 This is for sites that wish to debug the kernel.
 .
 The kernel image contained in this package is NOT meant to boot from. It
 is uncompressed, and unstripped. This package also includes the
 unstripped modules.

linux-modules-6.5.0-1007-gcp: Linux kernel extra modules for version 6.5.0 on ARMv8 SMP

 Contains the corresponding System.map file, the modules built by the
 packager, and scripts that try to ensure that the system is not left in an
 unbootable state after an update.
 .
 Supports amd64 processors.
 .
 Geared toward GCP/GKE systems.
 .
 You likely do not want to install this package directly. Instead, install
 the linux-gcp meta-package, which will ensure that upgrades work
 correctly, and that supporting packages are also installed.

linux-modules-extra-6.5.0-1007-gcp: Linux kernel extra modules for version 6.5.0 on ARMv8 SMP

 This package contains the Linux kernel extra modules for version 6.5.0 on
 ARMv8 SMP.
 .
 Also includes the corresponding System.map file, the modules built by the
 packager, and scripts that try to ensure that the system is not left in an
 unbootable state after an update.
 .
 Supports amd64 processors.
 .
 Geared toward GCP/GKE systems.
 .
 You likely do not want to install this package directly. Instead, install
 the linux-gcp meta-package, which will ensure that upgrades work
 correctly, and that supporting packages are also installed.

linux-modules-iwlwifi-6.5.0-1007-gcp: Linux kernel iwlwifi modules for version 6.5.0-1007

 This package provides the Linux kernel iwlwifi modules for version
 6.5.0-1007.
 .
 You likely do not want to install this package directly. Instead, install the
 one of the linux-modules-iwlwifi-gcp* meta-packages,
 which will ensure that upgrades work correctly, and that supporting packages are
 also installed.

linux-tools-6.5.0-1007-gcp: Linux kernel version specific tools for version 6.5.0-1007

 This package provides the architecture dependant parts for kernel
 version locked tools (such as perf and x86_energy_perf_policy) for
 version 6.5.0-1007 on
 ARMv8.