[ubuntu/plucky-proposed] linux 6.12.0-12.12 (Accepted)
Andy Whitcroft
apw at canonical.com
Sat Jan 25 02:05:46 UTC 2025
linux (6.12.0-12.12) plucky; urgency=medium
* plucky/linux: 6.12.0-12.12 -proposed tracker (LP: #2095505)
* Miscellaneous Ubuntu changes
- [Packaging] temporarily disable signing for s390x
* Miscellaneous upstream changes
- modpost: remove unnecessary check in do_acpi_entry()
- modpost: introduce module_alias_printf() helper
- modpost: pass (struct module *) to do_*_entry() functions
- modpost: call module_alias_printf() from all do_*_entry() functions
- modpost: fix the missed iteration for the max bit in do_input()
- modpost: work around unaligned data access error
linux (6.12.0-11.11) plucky; urgency=medium
* plucky/linux: 6.12.0-11.11 -proposed tracker (LP: #2095425)
* update apparmor and LSM stacking patch set (LP: #2028253)
- SAUCE: apparmor4.0.0 [29/84]: patch to provide compatibility with v2.x net
rules
- SAUCE: apparmor4.0.0 [30/84]: add unpriviled user ns mediation
- SAUCE: apparmor4.0.0 [31/84]: Add sysctls for additional controls of unpriv
userns restrictions
- SAUCE: apparmor4.0.0 [32/84]: af_unix mediation
- SAUCE: apparmor4.0.0 [33/84]: Add fine grained mediation of posix mqueues
- SAUCE: apparmor4.0.0 [35/84]: setup slab cache for audit data
- SAUCE: apparmor4.0.0 [36/84]: Improve debug print infrastructure
- SAUCE: apparmor4.0.0 [37/84]: add the ability for profiles to have a
learning cache
- SAUCE: apparmor4.0.0 [38/84]: enable userspace upcall for mediation
- SAUCE: apparmor4.0.0 [39/84]: prompt - lock down prompt interface
- SAUCE: apparmor4.0.0 [40/84]: prompt - allow controlling of caching of a
prompt response
- SAUCE: apparmor4.0.0 [41/84]: prompt - add refcount to audit_node in prep or
reuse and delete
- SAUCE: apparmor4.0.0 [42/84]: prompt - refactor to moving caching to
uresponse
- SAUCE: apparmor4.0.0 [43/84]: prompt - Improve debug statements
- SAUCE: apparmor4.0.0 [44/84]: prompt - fix caching
- SAUCE: apparmor4.0.0 [45/84]: prompt - rework build to use append fn, to
simplify adding strings
- SAUCE: apparmor4.0.0 [46/84]: prompt - refcount notifications
- SAUCE: apparmor4.0.0 [47/84]: prompt - add the ability to reply with a
profile name
- SAUCE: apparmor4.0.0 [48/84]: prompt - fix notification cache when updating
- SAUCE: apparmor4.0.0 [49/84]: prompt - add tailglob on name for cache
support
- SAUCE: apparmor4.0.0 [50/84]: prompt - allow profiles to set prompts as
interruptible
- SAUCE: apparmor4.0.0 [65/93] v6.8 prompt:fixup interruptible
- SAUCE: apparmor4.0.0 [55/84]: add io_uring mediation
- SAUCE: apparmor4.0.0 [56/84]: apparmor: fix oops when racing to retrieve
notification
- SAUCE: apparmor4.0.0 [57/84]: apparmor: fix notification header size
- SAUCE: apparmor4.0.0 [58/84]: apparmor: fix request field from a prompt
reply that denies all access
- SAUCE: apparmor4.0.0 [59/84]: apparmor: open userns related sysctl so lxc
can check if restriction are in place
- SAUCE: apparmor4.0.0 [60/84]: apparmor: cleanup attachment perm lookup to
use lookup_perms()
- SAUCE: apparmor4.0.0 [61/84]: apparmor: remove redundant unconfined check.
- SAUCE: apparmor4.0.0 [62/84]: apparmor: switch signal mediation to using
RULE_MEDIATES
- SAUCE: apparmor4.0.0 [63/84]: apparmor: ensure labels with more than one
entry have correct flags
- SAUCE: apparmor4.0.0 [64/84]: apparmor: remove explicit restriction that
unconfined cannot use change_hat
- SAUCE: apparmor4.0.0 [65/84]: apparmor: cleanup: refactor file_perm() to
provide semantics of some checks
- SAUCE: apparmor4.0.0 [66/84]: apparmor: carry mediation check on label
- SAUCE: apparmor4.0.0 [67/84]: apparmor: add additional flags to extended
permission.
- SAUCE: apparmor4.0.0 [68/84]: apparmor: add support for profiles to define
the kill signal
- SAUCE: apparmor4.0.0 [69/84]: apparmor: fix x_table_lookup when stacking is
not the first entry
- SAUCE: apparmor4.0.0 [70/84]: apparmor: allow profile to be transitioned
when a user ns is created
- SAUCE: apparmor4.0.0 [71/84]: apparmor: add ability to mediate caps with
policy state machine
- SAUCE: apparmor4.0.0 [72/84]: fixup notify
- SAUCE: apparmor4.0.0 [73/84]: apparmor: add fine grained ipv4/ipv6 mediation
- SAUCE: apparmor4.0.0 [74/84]: apparmor: disable tailglob responses for now
- SAUCE: apparmor4.0.0 [75/84]: apparmor: Fix notify build warnings
- SAUCE: apparmor4.0.0 [76/84]: fix reserved mem for when we save ipv6
addresses
- [Config] disable CONFIG_SECURITY_APPARMOR_RESTRICT_USERNS
* linux-gcp 6.8.0-1005.5 (+ others) Noble kernel regression with new apparmor
profiles/features (LP: #2061851)
- SAUCE: apparmor4.0.0 [77/84]: fix address mapping for recvfrom
* update apparmor and LSM stacking patch set (LP: #2028253) // [FFe]
apparmor-4.0.0-alpha2 for unprivileged user namespace restrictions in mantic
(LP: #2032602)
- SAUCE: apparmor4.0.0 [52/84]: prompt - add support for advanced filtering of
notifications
- SAUCE: apparmor4.0.0 [53/84]: userns - add the ability to reference a global
variable for a feature value
- SAUCE: apparmor4.0.0 [54/84]: userns - make it so special unconfined
profiles can mediate user namespaces
* Miscellaneous Ubuntu changes
- SAUCE: apparmor4.0.0 [1/84]: LSM: Add the lsm_prop data structure.
- SAUCE: apparmor4.0.0 [2/84]: LSM: Use lsm_prop in security_audit_rule_match
- SAUCE: apparmor4.0.0 [3/84]: LSM: Add lsmprop_to_secctx hook
- SAUCE: apparmor4.0.0 [4/84]: Audit: maintain an lsm_prop in audit_context
- SAUCE: apparmor4.0.0 [5/84]: LSM: Use lsm_prop in security_ipc_getsecid
- SAUCE: apparmor4.0.0 [6/84]: Audit: Update shutdown LSM data
- SAUCE: apparmor4.0.0 [7/84]: LSM: Use lsm_prop in security_current_getsecid
- SAUCE: apparmor4.0.0 [8/84]: LSM: Use lsm_prop in security_inode_getsecid
- SAUCE: apparmor4.0.0 [9/84]: Audit: use an lsm_prop in audit_names
- SAUCE: apparmor4.0.0 [10/84]: LSM: Create new security_cred_getlsmprop LSM
hook
- SAUCE: apparmor4.0.0 [11/84]: Audit: Change context data from secid to
lsm_prop
- SAUCE: apparmor4.0.0 [12/84]: Use lsm_prop for audit data
- SAUCE: apparmor4.0.0 [13/84]: LSM: Remove lsm_prop scaffolding
- SAUCE: apparmor4.0.0 [14/84]: LSM: Ensure the correct LSM context releaser
- SAUCE: apparmor4.0.0 [15/84]: LSM: Replace context+len with lsm_context
- SAUCE: apparmor4.0.0 [16/84]: LSM: Use lsm_context in
security_inode_getsecctx
- SAUCE: apparmor4.0.0 [17/84]: LSM: lsm_context in
security_dentry_init_security
- SAUCE: apparmor4.0.0 [18/84]: LSM: secctx provider check on release
- SAUCE: apparmor4.0.0 [19/84]: LSM: Use lsm_context in
security_inode_notifysecctx
- SAUCE: apparmor4.0.0 [20/84]: Audit: Create audit_stamp structure
- SAUCE: apparmor4.0.0 [21/84]: Audit: Allow multiple records in an
audit_buffer
- SAUCE: apparmor4.0.0 [22/84]: LSM: security_lsmblob_to_secctx module
selection
- SAUCE: apparmor4.0.0 [23/84]: Audit: Add record for multiple task security
contexts
- SAUCE: apparmor4.0.0 [24/84]: Audit: multiple subject lsm values for
netlabel
- SAUCE: apparmor4.0.0 [25/84]: Audit: Add record for multiple object contexts
- SAUCE: apparmor4.0.0 [26/84]: LSM: Single calls in secid hooks
- SAUCE: apparmor4.0.0 [27/84]: LSM: Exclusive secmark usage
- SAUCE: apparmor4.0.0 [28/84]: AppArmor: Remove the exclusive flag
- SAUCE: apparmor4.0.0 [34/84]: fixup inode_set_attr
- SAUCE: apparmor4.0.0 [78/84]: apparmor: add support for 2^24 states to the
dfa state machine.
- SAUCE: apparmor4.0.0 [79/84]: apparmor: advertise to userspace support of
user upcall for file rules.
- SAUCE: apparmor4.0.0 [80/84]: apparmor: allocate xmatch for nullpdf inside
aa_alloc_null
- SAUCE: apparmor4.0.0 [81/84]: apparmor: properly handle cx/px lookup failure
for complain
- SAUCE: apparmor4.0.0 [82/84]: apparmor: fix prompt failing during large down
loads
- SAUCE: apparmor4.0.0 [83/84]: apparmor: fix allow field in notification
- SAUCE: apparmor4.0.0 [84/84]: apparmor: fix LSM hook call breakage due to
revert of static calls
- [Config] toolchain version update
Date: 2025-01-22 14:57:10.708421+00:00
Changed-By: Paolo Pisati <paolo.pisati at canonical.com>
Signed-By: Andy Whitcroft <apw at canonical.com>
https://launchpad.net/ubuntu/+source/linux/6.12.0-12.12
-------------- next part --------------
Sorry, changesfile not available.
More information about the plucky-changes
mailing list