From ba2a3c616588f29d7f6b85419a4992a36692f4c4 Mon Sep 17 00:00:00 2001 From: Thadeu Lima de Souza Cascardo Date: Wed, 2 Mar 2022 05:33:12 -0300 Subject: [PATCH] UBUNTU: Ubuntu-5.4.0-103.117 Signed-off-by: Thadeu Lima de Souza Cascardo --- debian.master/changelog | 53 +++++++++++++++++++++++++++++++++++------ 1 file changed, 46 insertions(+), 7 deletions(-) diff --git a/debian.master/changelog b/debian.master/changelog index 7e60df786ca6..5a6bcc714011 100644 --- a/debian.master/changelog +++ b/debian.master/changelog @@ -1,10 +1,49 @@ -linux (5.4.0-103.117) UNRELEASED; urgency=medium - - CHANGELOG: Do not edit directly. Autogenerated at release. - CHANGELOG: Use the printchanges target to see the curent changes. - CHANGELOG: Use the insertchanges target to create the final log. - - -- Thadeu Lima de Souza Cascardo Tue, 01 Mar 2022 16:47:27 -0300 +linux (5.4.0-103.117) focal; urgency=medium + + * CVE-2022-23960 + - arm64: Add part number for Arm Cortex-A77 + - arm64: Add Neoverse-N2, Cortex-A710 CPU part definition + - arm64: Add Cortex-X2 CPU part definition + - arm64: add ID_AA64ISAR2_EL1 sys register + - SAUCE: arm64: entry.S: Add ventry overflow sanity checks + - SAUCE: arm64: entry: Make the trampoline cleanup optional + - SAUCE: arm64: entry: Free up another register on kpti's tramp_exit path + - SAUCE: arm64: entry: Move the trampoline data page before the text page + - SAUCE: arm64: entry: Allow tramp_alias to access symbols after the 4K + boundary + - SAUCE: arm64: entry: Don't assume tramp_vectors is the start of the vectors + - SAUCE: arm64: entry: Move trampoline macros out of ifdef'd section + - SAUCE: arm64: entry: Make the kpti trampoline's kpti sequence optional + - SAUCE: arm64: entry: Allow the trampoline text to occupy multiple pages + - SAUCE: arm64: entry: Add non-kpti __bp_harden_el1_vectors for mitigations + - SAUCE: arm64: entry: Add vectors that have the bhb mitigation sequences + - SAUCE: arm64: entry: Add macro for reading symbol addresses from the + trampoline + - SAUCE: arm64: Add percpu vectors for EL1 + - SAUCE: arm64: proton-pack: Report Spectre-BHB vulnerabilities as part of + Spectre-v2 + - SAUCE: KVM: arm64: Add templates for BHB mitigation sequences + - SAUCE: arm64: Mitigate spectre style branch history side channels + - SAUCE: KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered and + migrated + - SAUCE: arm64: Use the clearbhb instruction in mitigations + - [Config]: set CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY=y + + * CVE-2022-25636 + - netfilter: nf_tables_offload: incorrect flow offload action array size + + * CVE-2022-0001 + - x86/speculation: Merge one test in spectre_v2_user_select_mitigation() + - x86,bugs: Unconditionally allow spectre_v2=retpoline,amd + - SAUCE: x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE + - SAUCE: x86/speculation: Add eIBRS + Retpoline options + - SAUCE: Documentation/hw-vuln: Update spectre doc + + * Disable unprivileged BPF by default (LP: #1961338) + - bpf: Add kconfig knob for disabling unpriv bpf by default + - [Config] set CONFIG_BPF_UNPRIV_DEFAULT_OFF=y + + -- Thadeu Lima de Souza Cascardo Wed, 02 Mar 2022 05:33:12 -0300 linux (5.4.0-100.113) focal; urgency=medium -- 2.39.5