[ubuntu/resolute-proposed] linux-aws 7.0.0-1003.3 (Accepted)
Andy Whitcroft
apw at canonical.com
Fri Apr 3 20:37:48 UTC 2026
linux-aws (7.0.0-1003.3) resolute; urgency=medium
* resolute/linux-aws: 7.0.0-1003.3 -proposed tracker (LP: #2147098)
* Miscellaneous Ubuntu changes
- [Config] updateconfigs after rebase to 7.0.0-12.12
[ Ubuntu: 7.0.0-12.12 ]
* resolute/linux: 7.0.0-12.12 -proposed tracker (LP: #2146778)
* Packaging resync (LP: #1786013)
- [Packaging] update variants
* linux-generic does not run scripts in /usr/share/kernel/*.d (LP: #2147005)
- [Packaging] templates: Use consistent indentation
- [Packaging] templates: Run scripts in /usr/share/kernel/*.d too
* RISC-V kernel config is out of sync with other archs (LP: #1981437)
- [Config] riscv64: Enable COUNTER=m
- [Config] riscv64: Use GENDWARFKSYMS like other architectures
* unconfined profile denies userns_create for chromium based processes
(LP: #1990064)
- [Config] disable CONFIG_SECURITY_APPARMOR_RESTRICT_USERNS
* FFe: add network interface mediation to 26.04 (LP: #2144679)
- SAUCE: apparmor5.0.0 [57/57]: apparmor: add the ability to use interface
in network mediation.
* Jellyfin Desktop Flatpak doesn't work with the current AppArmor profile
(LP: #2142956)
- SAUCE: apparmor5.0.0 [29/57]: apparmor: fix fine grained inet mediation
sock_file_perm
- SAUCE: apparmor5.0.0 [30/57]: apparmor-next 7.1: aapparmor: use target
task's context in apparmor_getprocattr()
- SAUCE: apparmor5.0.0 [31/57]: apparmor-next 7.1: apparmor: return error
on namespace mismatch in verify_header
- SAUCE: apparmor5.0.0 [32/57]: apparmor-next 7.1: apparmor: enable
differential encoding
- SAUCE: apparmor5.0.0 [33/57]: apparmor-next 7.1: apparmor: propagate
-ENOMEM correctly in unpack_table
- SAUCE: apparmor5.0.0 [34/57]: apparmor-next 7.1: apparmor: Replace
memcpy + NUL termination with kmemdup_nul in do_setattr
- SAUCE: apparmor5.0.0 [35/57]: apparmor-next 7.1: apparmor: Remove
redundant if check in sk_peer_get_label
- SAUCE: apparmor5.0.0 [36/57]: apparmor-next 7.1: apparmor: use
__label_make_stale in __aa_proxy_redirect
- SAUCE: apparmor5.0.0 [37/57]: apparmor-next 7.1: apparmor: fix net.h and
policy.h circular include pattern
- SAUCE: apparmor5.0.0 [39/57]: apparmor-next 7.1: apparmor: make include
headers self-contained
- SAUCE: apparmor5.0.0 [40/57]: apparmor-next 7.1: apparmor: Use
sysfs_emit in param_get_{audit,mode}
- SAUCE: apparmor5.0.0 [41/57]: apparmor-next 7.1: apparmor: fix
rawdata_f_data implicit flex array
- SAUCE: apparmor5.0.0 [42/57]: apparmor-next 7.1: apparmor: free rawdata
as soon as possible
- SAUCE: apparmor5.0.0 [43/57]: apparmor-next 7.1: apparmor: Initial
support for compressed policies
- SAUCE: apparmor5.0.0 [44/57]: apparmor-next 7.1: apparmor: fix potential
UAF in aa_replace_profiles
- SAUCE: apparmor5.0.0 [45/57]: apparmor-next 7.1: apparmor: hide unused
get_loaddata_common_ref() function
- SAUCE: apparmor5.0.0 [46/57]: apparmor-next 7.1: apparmor: Fix string
overrun due to missing termination
- SAUCE: apparmor5.0.0 [47/57]: apparmor: fix packed tag on v5 header
struct
- SAUCE: apparmor5.0.0 [48/57]: apparmor: add temporal caching to audit
responses.
- SAUCE: apparmor5.0.0 [49/57]: apparmor: change fn_label_build() call to
not return NULL
- SAUCE: apparmor5.0.0 [50/57]: apparmor: make fn_label_build() capable of
handling not supported
- SAUCE: apparmor5.0.0 [51/57]: apparmor: move netfilter functions next to
the LSM network operations
- SAUCE: apparmor5.0.0 [52/57]: apparmor: move sock_rvc_skb() next to
inet_conn_request
- SAUCE: apparmor5.0.0 [53/57]: apparmor: fix af_unix local addr mediation
binding
- SAUCE: apparmor5.0.0 [54/57]: cleanups of apparmor af_unix mediation
- SAUCE: apparmor5.0.0 [55/57]: apparmor: fix apparmor_secmark_check()
when !inet and secmark defined.
- SAUCE: apparmor5.0.0 [56/57]: apparmor: fix auditing of non-mediation
falures
* snap service cannot change apparmor hat (LP: #2139664) // Jellyfin Desktop
Flatpak doesn't work with the current AppArmor profile (LP: #2142956)
- SAUCE: apparmor5.0.0 [38/57]: apparmor-next 7.1: apparmor: grab ns lock
and refresh when looking up changehat child profiles
* AppArmor blocks write(2) to network sockets with Linux 6.19 (LP: #2141298)
- SAUCE: apparmor5.0.0 [28/57]: apparmor: fix aa_label_sk_perm to check
for RULE_MEDIATES_NET
* update apparmor and LSM stacking patch set (LP: #2028253)
- SAUCE: apparmor5.0.0 [1/57]: Stacking: LSM: Single calls in secid hooks
- SAUCE: apparmor5.0.0 [2/57]: Stacking: LSM: Exclusive secmark usage
- SAUCE: apparmor5.0.0 [3/57]: Stacking: AppArmor: Remove the exclusive
flag
- SAUCE: apparmor5.0.0 [4/57]: Revert "apparmor: fix dbus permission
queries to v9 ABI"
- SAUCE: apparmor5.0.0 [5/57]: Revert "apparmor: gate make fine grained
unix mediation behind v9 abi"
- SAUCE: apparmor5.0.0 [6/57]: apparmor: net: patch to provide
compatibility with v2.x net rules
- SAUCE: apparmor5.0.0 [7/57]: apparmor: net: add fine grained ipv4/ipv6
mediation
- SAUCE: apparmor5.0.0 [8/57]: apparmor: lift compatibility check out of
profile_af_perm
- SAUCE: apparmor5.0.0 [9/57]: apparmor: userns: add unprivileged user ns
mediation
- SAUCE: apparmor5.0.0 [10/57]: apparmor: userns: Add sysctls for
additional controls of unpriv userns restrictions
- SAUCE: apparmor5.0.0 [12/57]: apparmor: userns: open userns related
sysctl so lxc can check if restriction are in place
- SAUCE: apparmor5.0.0 [13/57]: apparmor: userns: allow profile to be
transitioned when a userns is created
- SAUCE: apparmor5.0.0 [14/57]: apparmor: mqueue: call
security_inode_init_security on inode creation
- SAUCE: apparmor5.0.0 [15/57]: apparmor: mqueue: add fine grained
mediation of posix mqueues
- SAUCE: apparmor5.0.0 [16/57]: apparmor: uring: add io_uring mediation
- SAUCE: apparmor5.0.0 [19/57]: apparmor: prompt: setup slab cache for
audit data
- SAUCE: apparmor5.0.0 [20/57]: apparmor: prompt: add the ability for
profiles to have a learning cache
- SAUCE: apparmor5.0.0 [21/57]: apparmor: prompt: enable userspace upcall
for mediation
- SAUCE: apparmor5.0.0 [22/57]: apparmor: prompt: pass prompt boolean
through into path_name as well
- SAUCE: apparmor5.0.0 [23/57]: apparmor: check for supported version in
notification messages.
- SAUCE: apparmor5.0.0 [24/57]: apparmor: refactor building notice so it
is easier to extend
- SAUCE: apparmor5.0.0 [25/57]: apparmor: switch from ENOTSUPP to
EPROTONOSUPPORT
- SAUCE: apparmor5.0.0 [26/57]: apparmor: add support for meta data tags
- SAUCE: apparmor5.0.0 [27/57]: apparmor: prevent profile->disconnected
double free in aa_free_profile
* update apparmor and LSM stacking patch set (LP: #2028253) // Installation
of AppArmor on a 6.14 kernel produces error message "Illegal number: yes"
(LP: #2102680)
- SAUCE: apparmor5.0.0 [17/57]: apparmor: create an
AA_SFS_TYPE_BOOLEAN_INTPRINT sysctl variant
- SAUCE: apparmor5.0.0 [18/57]: apparmor: Use AA_SFS_FILE_BOOLEAN_INTPRINT
for userns and io_uring sysctls
* update apparmor and LSM stacking patch set (LP: #2028253) // [FFe]
apparmor-4.0.0-alpha2 for unprivileged user namespace restrictions in
mantic (LP: #2032602)
- SAUCE: apparmor5.0.0 [11/57]: apparmor: userns - make it so special
unconfined profiles can mediate user namespaces
* Enable new Intel WCL soundwire support (LP: #2143301)
- ASoC: sdw_utils: Add CS42L43B codec info
- ASoC: dt-bindings: cirrus, cs42l43: Add CS42L43B variant
- mfd: cs42l43: Add support for the B variant
- ASoC: cs42l43: Add support for the B variant
* Enable audio functions on Dell Huracan/Renegade platforms w/o built-in
microphone (LP: #2143902)
- ASoC: SDCA: Add default value for mipi-sdca-function-reset-max-delay
- ASoC: SDCA: Update counting of SU/GE DAPM routes
- ASoC: SDCA: Improve mapping of Q7.8 SDCA volumes
- ASoC: SDCA: Pull the Q7.8 volume helpers out of soc-ops
- ASoC: add snd_soc_lookup_component_by_name helper
- ASoC: soc_sdw_utils: partial match the codec name
- ASoC: soc_sdw_utils: remove index from sdca codec name
* [SRU] MIPI camera is not working after upgrading to 6.17-oem
(LP: #2145171)
- SAUCE: ACPI: respect items already in honor_dep before skipping
* linux-tools: consider linking perf against LLVM (LP: #2138328)
- [Packaging] Actually enable llvm for perf
* Pull patch in qla2xxx to Resolute (LP: #2144856)
- scsi: qla2xxx: Add support to report MPI FW state
* Ubuntu Resolute Desktop image arm64 - Boot on SC8280XP stalls with gpi-dma
errors (LP: #2142403)
- Revert "arm64: dts: qcom: sc8280xp: Enable GPI DMA"
* 26.04 Snapdragon X Elite: Sync concept kernel changes (LP: #2144643)
- SAUCE: arm64: dts: add missing denali-oled.dtb to Makefile
- SAUCE: dt-bindings: phy: qcom: Add CSI2 C-PHY/DPHY schema
- SAUCE: phy: qcom-mipi-csi2: Add a CSI2 MIPI DPHY driver
- SAUCE: dt-bindings: media: qcom,x1e80100-camss: Add simple-mfd
compatible
- SAUCE: dt-bindings: media: qcom,x1e80100-camss: Add optional PHY handle
definitions
- SAUCE: dt-bindings: media: qcom,x1e80100-camss: Add support for combo-
mode endpoints
- SAUCE: dt-bindings: media: qcom,x1e80100-camss: Describe iommu entries
- SAUCE: media: qcom: camss: Add legacy_phy flag to SoC definition
structures
- SAUCE: media: qcom: camss: Add support for PHY API devices
- SAUCE: media: qcom: camss: Drop legacy PHY descriptions from x1e
- SAUCE: arm64: dts: qcom: x1e80100: Add CAMCC block definition
- SAUCE: arm64: dts: qcom: x1e80100: Add CCI definitions
- SAUCE: arm64: dts: qcom: x1e80100: Add CAMSS block definition
- SAUCE: arm64: dts: qcom: x1e80100-crd: Add pm8010 CRD pmic,id=m
regulators
- SAUCE: arm64: dts: qcom: x1e80100-crd: Add ov08x40 RGB sensor on CSIPHY4
- SAUCE: arm64: dts: qcom: x1e80100-t14s: Add pm8010 camera PMIC with
voltage levels for IR and RGB camera
- SAUCE: arm64: dts: qcom: x1e80100-t14s: Add on ov02c10 RGB sensor on
CSIPHY4
- SAUCE: arm64: dts: qcom: x1e80100-lenovo-yoga-slim7x: Add pm8010 camera
PMIC with voltage levels for IR and RGB camera
- SAUCE: arm64: dts: qcom: x1e80100-lenovo-yoga-slim7x: Add l7b_2p8
voltage regulator for RGB camera
- SAUCE: arm64: dts: qcom: x1e80100-lenovo-yoga-slim7x: Add ov02c10 RGB
sensor on CSIPHY4
- SAUCE: arm64: dts: qcom: x1e80100-dell-inspiron14-7441: Switch on CAMSS
RGB sensor
- SAUCE: arm64: dts: qcom: x1-asus-zenbook-a14: Add on OV02C10 RGB sensor
on CSIPHY4
- SAUCE: arm64: dts: qcom: x1e80100-dell-xps13-9345: add camera support
- SAUCE: arm64: dts: qcom: x1e78100-t14s: enable camera privacy indicator
- SAUCE: arm64: dts: qcom: x1e80100-lenovo-yoga-slim7x: enable camera
privacy indicator
- SAUCE: arm64: dts: qcom: x1e80100-dell-xps13-9345: enable camera privacy
indicator
- SAUCE: dt-bindings: arm: qcom: Add ASUS Vivobook X1P42100 variant
- SAUCE: arm64: dts: qcom: x1-vivobook-s15: create a common dtsi for Hamoa
and Purwa variants
- SAUCE: arm64: dts: qcom: x1-vivobook-s15: add Purwa-compatible device
tree
- SAUCE: firmware: qcom: scm: allow QSEECOM on ASUS Vivobook X1P42100
variant
- SAUCE: arm64: dts: qcom: hamoa: Move PCIe PERST and Wake GPIOs to port
nodes
- SAUCE: arm64: dts: qcom: x1e-acer-swift-14: Move PCIe PERST and Wake
GPIOs to port nodes
* 25.10 Snapdragon X Elite: Sync concept kernel changes (LP: #2121477)
- SAUCE: wip: arm64: dts: qcom: x1e78100-t14s: enable bluetooth
* Miscellaneous Ubuntu changes
- SAUCE: dt-bindings: arm: qcom: Document HP EliteBook 6 G1q
- SAUCE: firmware: qcom: scm: Allow QSEECOM for HP EliteBook 6 G1q
- SAUCE: arm64: dts: qcom: x1p42100-hp-elitebook-6-g1q: DT for HP
EliteBook 6 G1q
- [Config] PHY_QCOM_MIPI_CSI2=m
- SAUCE: arm64: dts: x1e80100-lenovo-yoga-slim7x: Fix RGB camera supplies
- [Config] toolchain version update
- Update Changes.md after v7.0-rc5 rebase
- [Packaging] update Ubuntu.md
- [Config] enable SECURITY_APPARMOR_PACKET_MEDIATION_ENABLED
- [Packaging] Add linux-main-modules-zfs to linux-modules depends
* Miscellaneous upstream changes
- Revert "UBUNTU: SAUCE: Add Bluetooth support for the Lenovo Yoga Slim
7x"
Date: 2026-04-02 11:44:39.477354+00:00
Changed-By: Paolo Pisati <paolo.pisati at canonical.com>
Signed-By: Andy Whitcroft <apw at canonical.com>
https://launchpad.net/ubuntu/+source/linux-aws/7.0.0-1003.3
-------------- next part --------------
Sorry, changesfile not available.
More information about the Resolute-changes
mailing list