~prashantdhumal/ubuntu/+source/linux/+git/jammy:hwe-5.17-next

Branch merges

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related charm recipes

001b81b... by Pablo Neira Ayuso <email address hidden> on 2023-01-18

netfilter: nft_payload: incorrect arithmetics when fetching VLAN header bits

If the offset + length goes over the ethernet + vlan header, then the
length is adjusted to copy the bytes that are within the boundaries of
the vlan_ethhdr scratchpad area. The remaining bytes beyond ethernet +
vlan header are copied directly from the skbuff data area.

Fix incorrect arithmetic operator: subtract, not add, the size of the
vlan header in case of double-tagged packets to adjust the length
accordingly to address CVE-2023-0179.

Reported-by: Davide Ornaghi <email address hidden>
Fixes: f6ae9f120dad ("netfilter: nft_payload: add C-VLAN support")
Signed-off-by: Pablo Neira Ayuso <email address hidden>
(cherry picked from commit 696e1a48b1a1b01edad542a1ef293665864a4dd0 net.git)
CVE-2023-0179
Signed-off-by: Thadeu Lima de Souza Cascardo <email address hidden>
Acked-by: Tim Gardner <email address hidden>
Acked-by: Stefan Bader <email address hidden>
Signed-off-by: Luke Nowakowski-Krijger <email address hidden>

7829565... by Dimitri John Ledkov on 2022-11-17

UBUNTU: [Packaging] Expose built-in trusted and revoked certificates

BugLink: https://bugs.launchpad.net/bugs/1996892

Kernels have a set of builtin trusted and revoked certificates as a
bundle.

It is not very easy to access them, one needs to either download linux
kernel package source code; or boot the kernel to look up builtin hashes;
and then find certificates externally.

It would be more convenient for inspection to expose these in the
buildinfo package, which already exposes auxiliary kernel information.

Signed-off-by: Dimitri John Ledkov <email address hidden>
Acked-by: Tim Gardner <email address hidden>
Acked-by: Cory Todd <email address hidden>
Signed-off-by: Stefan Bader <email address hidden>
Signed-off-by: Dimitri John Ledkov <email address hidden>

dd826a2... by Stefan Bader on 2023-01-20

UBUNTU: Ubuntu-hwe-5.17-5.17.0-15.16~22.04.8

Signed-off-by: Stefan Bader <email address hidden>

04b6c2f... by Stefan Bader on 2023-01-20

UBUNTU: debian/dkms-versions -- update from kernel-versions (main/2023.01.02)

BugLink: https://bugs.launchpad.net/bugs/1786013
Signed-off-by: Stefan Bader <email address hidden>

5cfedee... by Stefan Bader on 2023-01-20

UBUNTU: link-to-tracker: update tracking bug

BugLink: https://bugs.launchpad.net/bugs/2003452
Properties: no-test-build
Signed-off-by: Stefan Bader <email address hidden>

751eb7d... by Stefan Bader on 2023-01-20

UBUNTU: [Packaging] Add PPA2 to getabis

Needed to fetch stream 2 buildinfo.

Ignore: yes
Signed-off-by: Stefan Bader <email address hidden>

940b726... by Stefan Bader on 2023-01-20

UBUNTU: [Packaging] update helper scripts

BugLink: https://bugs.launchpad.net/bugs/1786013
Signed-off-by: Stefan Bader <email address hidden>

8628f67... by Dimitri John Ledkov on 2023-01-19

UBUNTU: [Packaging] Revoke and rotate to new signing key

BugLink: https://bugs.launchpad.net/bugs/2002812

Update revocations, which match the next Ubuntu shim v15.7
revocations. Specifically - revoke certs that were previously
protected with by-hash revocations, revoke lost/unused certificates.

Kernels with this patch applied should be signed using ubuntu/4 pro/3
core/2 signing streams.

TPM PCR values and measurements will change when changing the signing
key.

Signed-off-by: Dimitri John Ledkov <email address hidden>
Acked-by: Stefan Bader <email address hidden>
Acked-by: Luke Nowakowski-Krijger <email address hidden>
Signed-off-by: Stefan Bader <email address hidden>

fb24939... by Sungwoo Kim <email address hidden> on 2022-12-10

Bluetooth: L2CAP: Fix u8 overflow

By keep sending L2CAP_CONF_REQ packets, chan->num_conf_rsp increases
multiple times and eventually it will wrap around the maximum number
(i.e., 255).
This patch prevents this by adding a boundary check with
L2CAP_MAX_CONF_RSP

Btmon log:
Bluetooth monitor ver 5.64
= Note: Linux version 6.1.0-rc2 (x86_64) 0.264594
= Note: Bluetooth subsystem version 2.22 0.264636
@ MGMT Open: btmon (privileged) version 1.22 {0x0001} 0.272191
= New Index: 00:00:00:00:00:00 (Primary,Virtual,hci0) [hci0] 13.877604
@ RAW Open: 9496 (privileged) version 2.22 {0x0002} 13.890741
= Open Index: 00:00:00:00:00:00 [hci0] 13.900426
(...)
> > ACL Data RX: Handle 200 flags 0x00 dlen 1033 #32 [hci0] 14.273106
        invalid packet size (12 != 1033)
        08 00 01 00 02 01 04 00 01 10 ff ff ............
> > ACL Data RX: Handle 200 flags 0x00 dlen 1547 #33 [hci0] 14.273561
        invalid packet size (14 != 1547)
        0a 00 01 00 04 01 06 00 40 00 00 00 00 00 ........@.....
> > ACL Data RX: Handle 200 flags 0x00 dlen 2061 #34 [hci0] 14.274390
        invalid packet size (16 != 2061)
        0c 00 01 00 04 01 08 00 40 00 00 00 00 00 00 04 ........@.......
> > ACL Data RX: Handle 200 flags 0x00 dlen 2061 #35 [hci0] 14.274932
        invalid packet size (16 != 2061)
        0c 00 01 00 04 01 08 00 40 00 00 00 07 00 03 00 ........@.......
= bluetoothd: Bluetooth daemon 5.43 14.401828
> > ACL Data RX: Handle 200 flags 0x00 dlen 1033 #36 [hci0] 14.275753
        invalid packet size (12 != 1033)
        08 00 01 00 04 01 04 00 40 00 00 00 ........@...

Signed-off-by: Sungwoo Kim <email address hidden>
Signed-off-by: Luiz Augusto von Dentz <email address hidden>

CVE-2022-45934
(cherry picked from commit bcd70260ef56e0aee8a4fc6cd214a419900b0765)
Signed-off-by: Cengiz Can <email address hidden>
Acked-by: Tim Gardner <email address hidden>
Acked-by: Thadeu Lima de Souza Cascardo <email address hidden>
Signed-off-by: Stefan Bader <email address hidden>

5f3194f... by Luiz Augusto von Dentz <email address hidden> on 2022-12-02

Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm

l2cap_global_chan_by_psm shall not return fixed channels as they are not
meant to be connected by (S)PSM.

Signed-off-by: Luiz Augusto von Dentz <email address hidden>
Reviewed-by: Tedd Ho-Jeong An <email address hidden>

CVE-2022-42896
(cherry picked from commit f937b758a188d6fd328a81367087eddbb2fce50f)
Signed-off-by: Cengiz Can <email address hidden>
Acked-by: Tim Gardner <email address hidden>
Acked-by: Stefan Bader <email address hidden>
Signed-off-by: Stefan Bader <email address hidden>