~ubuntu-kernel/ubuntu/+source/linux/+git/jammy:hwe-5.17-prep

Branch merges

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related charm recipes

dd826a2... by Stefan Bader on 2023-01-20

UBUNTU: Ubuntu-hwe-5.17-5.17.0-15.16~22.04.8

Signed-off-by: Stefan Bader <email address hidden>

04b6c2f... by Stefan Bader on 2023-01-20

UBUNTU: debian/dkms-versions -- update from kernel-versions (main/2023.01.02)

BugLink: https://bugs.launchpad.net/bugs/1786013
Signed-off-by: Stefan Bader <email address hidden>

5cfedee... by Stefan Bader on 2023-01-20

UBUNTU: link-to-tracker: update tracking bug

BugLink: https://bugs.launchpad.net/bugs/2003452
Properties: no-test-build
Signed-off-by: Stefan Bader <email address hidden>

751eb7d... by Stefan Bader on 2023-01-20

UBUNTU: [Packaging] Add PPA2 to getabis

Needed to fetch stream 2 buildinfo.

Ignore: yes
Signed-off-by: Stefan Bader <email address hidden>

940b726... by Stefan Bader on 2023-01-20

UBUNTU: [Packaging] update helper scripts

BugLink: https://bugs.launchpad.net/bugs/1786013
Signed-off-by: Stefan Bader <email address hidden>

8628f67... by Dimitri John Ledkov on 2023-01-19

UBUNTU: [Packaging] Revoke and rotate to new signing key

BugLink: https://bugs.launchpad.net/bugs/2002812

Update revocations, which match the next Ubuntu shim v15.7
revocations. Specifically - revoke certs that were previously
protected with by-hash revocations, revoke lost/unused certificates.

Kernels with this patch applied should be signed using ubuntu/4 pro/3
core/2 signing streams.

TPM PCR values and measurements will change when changing the signing
key.

Signed-off-by: Dimitri John Ledkov <email address hidden>
Acked-by: Stefan Bader <email address hidden>
Acked-by: Luke Nowakowski-Krijger <email address hidden>
Signed-off-by: Stefan Bader <email address hidden>

fb24939... by Sungwoo Kim <email address hidden> on 2022-12-10

Bluetooth: L2CAP: Fix u8 overflow

By keep sending L2CAP_CONF_REQ packets, chan->num_conf_rsp increases
multiple times and eventually it will wrap around the maximum number
(i.e., 255).
This patch prevents this by adding a boundary check with
L2CAP_MAX_CONF_RSP

Btmon log:
Bluetooth monitor ver 5.64
= Note: Linux version 6.1.0-rc2 (x86_64) 0.264594
= Note: Bluetooth subsystem version 2.22 0.264636
@ MGMT Open: btmon (privileged) version 1.22 {0x0001} 0.272191
= New Index: 00:00:00:00:00:00 (Primary,Virtual,hci0) [hci0] 13.877604
@ RAW Open: 9496 (privileged) version 2.22 {0x0002} 13.890741
= Open Index: 00:00:00:00:00:00 [hci0] 13.900426
(...)
> > ACL Data RX: Handle 200 flags 0x00 dlen 1033 #32 [hci0] 14.273106
        invalid packet size (12 != 1033)
        08 00 01 00 02 01 04 00 01 10 ff ff ............
> > ACL Data RX: Handle 200 flags 0x00 dlen 1547 #33 [hci0] 14.273561
        invalid packet size (14 != 1547)
        0a 00 01 00 04 01 06 00 40 00 00 00 00 00 ........@.....
> > ACL Data RX: Handle 200 flags 0x00 dlen 2061 #34 [hci0] 14.274390
        invalid packet size (16 != 2061)
        0c 00 01 00 04 01 08 00 40 00 00 00 00 00 00 04 ........@.......
> > ACL Data RX: Handle 200 flags 0x00 dlen 2061 #35 [hci0] 14.274932
        invalid packet size (16 != 2061)
        0c 00 01 00 04 01 08 00 40 00 00 00 07 00 03 00 ........@.......
= bluetoothd: Bluetooth daemon 5.43 14.401828
> > ACL Data RX: Handle 200 flags 0x00 dlen 1033 #36 [hci0] 14.275753
        invalid packet size (12 != 1033)
        08 00 01 00 04 01 04 00 40 00 00 00 ........@...

Signed-off-by: Sungwoo Kim <email address hidden>
Signed-off-by: Luiz Augusto von Dentz <email address hidden>

CVE-2022-45934
(cherry picked from commit bcd70260ef56e0aee8a4fc6cd214a419900b0765)
Signed-off-by: Cengiz Can <email address hidden>
Acked-by: Tim Gardner <email address hidden>
Acked-by: Thadeu Lima de Souza Cascardo <email address hidden>
Signed-off-by: Stefan Bader <email address hidden>

5f3194f... by Luiz Augusto von Dentz <email address hidden> on 2022-12-02

Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm

l2cap_global_chan_by_psm shall not return fixed channels as they are not
meant to be connected by (S)PSM.

Signed-off-by: Luiz Augusto von Dentz <email address hidden>
Reviewed-by: Tedd Ho-Jeong An <email address hidden>

CVE-2022-42896
(cherry picked from commit f937b758a188d6fd328a81367087eddbb2fce50f)
Signed-off-by: Cengiz Can <email address hidden>
Acked-by: Tim Gardner <email address hidden>
Acked-by: Stefan Bader <email address hidden>
Signed-off-by: Stefan Bader <email address hidden>

9dd80df... by Luiz Augusto von Dentz <email address hidden> on 2022-12-02

Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM

The Bluetooth spec states that the valid range for SPSM is from
0x0001-0x00ff so it is invalid to accept values outside of this range:

  BLUETOOTH CORE SPECIFICATION Version 5.3 | Vol 3, Part A
  page 1059:
  Table 4.15: L2CAP_LE_CREDIT_BASED_CONNECTION_REQ SPSM ranges

CVE: CVE-2022-42896
CC: <email address hidden>
Reported-by: Tamás Koczka <email address hidden>
Signed-off-by: Luiz Augusto von Dentz <email address hidden>
Reviewed-by: Tedd Ho-Jeong An <email address hidden>

CVE-2022-42896
(cherry picked from commit 711f8c3fb3db61897080468586b970c87c61d9e4)
Signed-off-by: Cengiz Can <email address hidden>
Acked-by: Tim Gardner <email address hidden>
Acked-by: Stefan Bader <email address hidden>
Signed-off-by: Stefan Bader <email address hidden>

bf2d575... by Linus Torvalds <email address hidden> on 2022-12-12

proc: avoid integer type confusion in get_proc_long

proc_get_long() is passed a size_t, but then assigns it to an 'int'
variable for the length. Let's not do that, even if our IO paths are
limited to MAX_RW_COUNT (exactly because of these kinds of type errors).

So do the proper test in the rigth type.

Reported-by: Kyle Zeng <email address hidden>
Signed-off-by: Linus Torvalds <email address hidden>

CVE-2022-4378
(cherry picked from commit e6cfaf34be9fcd1a8285a294e18986bfc41a409c)
Signed-off-by: Thadeu Lima de Souza Cascardo <email address hidden>
Acked-by: Cengiz Can <email address hidden>
Acked-by: Tim Gardner <email address hidden>
Signed-off-by: Stefan Bader <email address hidden>