Ubuntu
linux package

  1. Bug #2012136
  2. Comment #2

Comment 2 for bug 2012136

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 6.2.0-19.19

---------------
linux (6.2.0-19.19) lunar; urgency=medium

  * lunar/linux: 6.2.0-19.19 -proposed tracker (LP: #2012488)

  * Neuter signing tarballs (LP: #2012776)
    - [Packaging] neuter the signing tarball

  * LSM stacking and AppArmor refresh for 6.2 kernel (LP: #2012136)
    - Revert "UBUNTU: [Config] define CONFIG_SECURITY_APPARMOR_RESTRICT_USERNS"
    - Revert "UBUNTU: SAUCE: apparmor: add user namespace creation mediation"
    - Revert "UBUNTU: SAUCE: apparmor: Add fine grained mediation of posix
      mqueues"
    - Revert "UBUNTU: SAUCE: Revert "apparmor: make __aa_path_perm() static""
    - Revert "UBUNTU: SAUCE: LSM: Specify which LSM to display (using struct cred
      as input)"
    - Revert "UBUNTU: SAUCE: apparmor: Fix build error, make sk parameter const"
    - Revert "UBUNTU: SAUCE: LSM: Use lsmblob in smk_netlbl_mls()"
    - Revert "UBUNTU: SAUCE: LSM: change ima_read_file() to use lsmblob"
    - Revert "UBUNTU: SAUCE: apparmor: rename kzfree() to kfree_sensitive()"
    - Revert "UBUNTU: SAUCE: AppArmor: Remove the exclusive flag"
    - Revert "UBUNTU: SAUCE: LSM: Add /proc attr entry for full LSM context"
    - Revert "UBUNTU: SAUCE: Audit: Fix incorrect static inline function
      declration."
    - Revert "UBUNTU: SAUCE: Audit: Fix for missing NULL check"
    - Revert "UBUNTU: SAUCE: Audit: Add a new record for multiple object LSM
      attributes"
    - Revert "UBUNTU: SAUCE: Audit: Add new record for multiple process LSM
      attributes"
    - Revert "UBUNTU: SAUCE: NET: Store LSM netlabel data in a lsmblob"
    - Revert "UBUNTU: SAUCE: LSM: security_secid_to_secctx in netlink netfilter"
    - Revert "UBUNTU: SAUCE: LSM: Use lsmcontext in security_inode_getsecctx"
    - Revert "UBUNTU: SAUCE: LSM: Use lsmcontext in security_secid_to_secctx"
    - Revert "UBUNTU: SAUCE: LSM: Ensure the correct LSM context releaser"
    - Revert "UBUNTU: SAUCE: LSM: Specify which LSM to display"
    - Revert "UBUNTU: SAUCE: IMA: Change internal interfaces to use lsmblobs"
    - Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_cred_getsecid"
    - Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_inode_getsecid"
    - Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_task_getsecid"
    - Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_ipc_getsecid"
    - Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_secid_to_secctx"
    - Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_secctx_to_secid"
    - Revert "UBUNTU: SAUCE: net: Prepare UDS for security module stacking"
    - Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_kernel_act_as"
    - Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_audit_rule_match"
    - Revert "UBUNTU: SAUCE: LSM: Create and manage the lsmblob data structure."
    - Revert "UBUNTU: SAUCE: LSM: Infrastructure management of the sock security"
    - Revert "UBUNTU: SAUCE: apparmor: LSM stacking: switch from SK_CTX() to
      aa_sock()"
    - Revert "UBUNTU: SAUCE: apparmor: rename aa_sock() to aa_unix_sk()"
    - Revert "UBUNTU: SAUCE: apparmor: disable showing the mode as part of a secid
      to secctx"
    - Revert "UBUNTU: SAUCE: apparmor: fix use after free in sk_peer_label"
    - Revert "UBUNTU: SAUCE: apparmor: af_unix mediation"
    - Revert "UBUNTU: SAUCE: apparmor: patch to provide compatibility with v2.x
      net rules"
    - Revert "UBUNTU: SAUCE: apparmor: add/use fns to print hash string hex value"
    - SAUCE: apparmor: rename SK_CTX() to aa_sock and make it an inline fn
    - SAUCE: apparmor: Add sysctls for additional controls of unpriv userns
      restrictions
    - SAUCE: Stacking v38: LSM: Identify modules by more than name
    - SAUCE: Stacking v38: LSM: Add an LSM identifier for external use
    - SAUCE: Stacking v38: LSM: Identify the process attributes for each module
    - SAUCE: Stacking v38: LSM: Maintain a table of LSM attribute data
    - SAUCE: Stacking v38: proc: Use lsmids instead of lsm names for attrs
    - SAUCE: Stacking v38: integrity: disassociate ima_filter_rule from
      security_audit_rule
    - SAUCE: Stacking v38: LSM: Infrastructure management of the sock security
    - SAUCE: Stacking v38: LSM: Add the lsmblob data structure.
    - SAUCE: Stacking v38: LSM: provide lsm name and id slot mappings
    - SAUCE: Stacking v38: IMA: avoid label collisions with stacked LSMs
    - SAUCE: Stacking v38: LSM: Use lsmblob in security_audit_rule_match
    - SAUCE: Stacking v38: LSM: Use lsmblob in security_kernel_act_as
    - SAUCE: Stacking v38: LSM: Use lsmblob in security_secctx_to_secid
    - SAUCE: Stacking v38: LSM: Use lsmblob in security_secid_to_secctx
    - SAUCE: Stacking v38: LSM: Use lsmblob in security_ipc_getsecid
    - SAUCE: Stacking v38: LSM: Use lsmblob in security_current_getsecid
    - SAUCE: Stacking v38: LSM: Use lsmblob in security_inode_getsecid
    - SAUCE: Stacking v38: LSM: Use lsmblob in security_cred_getsecid
    - SAUCE: Stacking v38: LSM: Specify which LSM to display
    - SAUCE: Stacking v38: LSM: Ensure the correct LSM context releaser
    - SAUCE: Stacking v38: LSM: Use lsmcontext in security_secid_to_secctx
    - SAUCE: Stacking v38: LSM: Use lsmcontext in security_inode_getsecctx
    - SAUCE: Stacking v38: Use lsmcontext in security_dentry_init_security
    - SAUCE: Stacking v38: LSM: security_secid_to_secctx in netlink netfilter
    - SAUCE: Stacking v38: NET: Store LSM netlabel data in a lsmblob
    - SAUCE: Stacking v38: binder: Pass LSM identifier for confirmation
    - SAUCE: Stacking v38: LSM: security_secid_to_secctx module selection
    - SAUCE: Stacking v38: Audit: Keep multiple LSM data in audit_names
    - SAUCE: Stacking v38: Audit: Create audit_stamp structure
    - SAUCE: Stacking v38: LSM: Add a function to report multiple LSMs
    - SAUCE: Stacking v38: Audit: Allow multiple records in an audit_buffer
    - SAUCE: Stacking v38: Audit: Add record for multiple task security contexts
    - SAUCE: Stacking v38: audit: multiple subject lsm values for netlabel
    - SAUCE: Stacking v38: Audit: Add record for multiple object contexts
    - SAUCE: Stacking v38: netlabel: Use a struct lsmblob in audit data
    - SAUCE: Stacking v38: LSM: Removed scaffolding function lsmcontext_init
    - SAUCE: Stacking v38: AppArmor: Remove the exclusive flag
    - SAUCE: apparmor: combine common_audit_data and apparmor_audit_data
    - SAUCE: apparmor: setup slab cache for audit data
    - SAUCE: apparmor: rename audit_data->label to audit_data->subj_label
    - SAUCE: apparmor: pass cred through to audit info.
    - SAUCE: apparmor: Improve debug print infrastructure
    - SAUCE: apparmor: add the ability for profiles to have a learning cache
    - SAUCE: apparmor: enable userspace upcall for mediation
    - SAUCE: apparmor: cache buffers on percpu list if there is lock contention
    - SAUCE: apparmor: fix policy_compat permission remap with extended
      permissions
    - SAUCE: apparmor: advertise availability of exended perms
    - [Config] define CONFIG_SECURITY_APPARMOR_RESTRICT_USERNS

  * kinetic: apply new apparmor and LSM stacking patch set (LP: #1989983) // LSM
    stacking and AppArmor refresh for 6.2 kernel (LP: #2012136)
    - SAUCE: apparmor: add/use fns to print hash string hex value
    - SAUCE: apparmor: patch to provide compatibility with v2.x net rules
    - SAUCE: apparmor: add user namespace creation mediation
    - SAUCE: apparmor: af_unix mediation
    - SAUCE: apparmor: Add fine grained mediation of posix mqueues

  * devlink_port_split from ubuntu_kernel_selftests.net fails on hirsute
    (KeyError: 'flavour') (LP: #1937133)
    - selftests: net: devlink_port_split.py: skip test if no suitable device
      available

  * NFS deathlock with last Kernel 5.4.0-144.161 and 5.15.0-67.74 (LP: #2009325)
    - NFS: Correct timing for assigning access cache timestamp

 -- Andrea Righi <email address hidden> Sat, 25 Mar 2023 07:37:30 +0100