[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Accepted linux 6.1.38-3 (source) into proposed-updates



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 07 Aug 2023 23:01:57 +0200
Source: linux
Architecture: source
Version: 6.1.38-3
Distribution: bookworm-security
Urgency: high
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Changes:
 linux (6.1.38-3) bookworm-security; urgency=high
 .
   [ Salvatore Bonaccorso ]
   * [x86] Add mitigations for Gather Data Sampling (GDS) (CVE-2022-40982)
     - init: Provide arch_cpu_finalize_init()
     - x86/cpu: Switch to arch_cpu_finalize_init()
     - ARM: cpu: Switch to arch_cpu_finalize_init()
     - ia64/cpu: Switch to arch_cpu_finalize_init()
     - loongarch/cpu: Switch to arch_cpu_finalize_init()
     - m68k/cpu: Switch to arch_cpu_finalize_init()
     - mips/cpu: Switch to arch_cpu_finalize_init()
     - sh/cpu: Switch to arch_cpu_finalize_init()
     - sparc/cpu: Switch to arch_cpu_finalize_init()
     - um/cpu: Switch to arch_cpu_finalize_init()
     - init: Remove check_bugs() leftovers
     - init: Invoke arch_cpu_finalize_init() earlier
     - init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init()
     - x86/init: Initialize signal frame size late
     - x86/fpu: Remove cpuinfo argument from init functions
     - x86/fpu: Mark init functions __init
     - x86/fpu: Move FPU initialization into arch_cpu_finalize_init()
     - x86/speculation: Add Gather Data Sampling mitigation
     - x86/speculation: Add force option to GDS mitigation
     - x86/speculation: Add Kconfig option for GDS
     - KVM: Add GDS_NO support to KVM
     - x86/mem_encrypt: Unbreak the AMD_MEM_ENCRYPT=n build
     - x86/xen: Fix secondary processors' FPU initialization
     - x86/mm: fix poking_init() for Xen PV guests
     - x86/mm: Use mm_alloc() in poking_init()
     - mm: Move mm_cachep initialization to mm_init()
     - x86/mm: Initialize text poking earlier
     - Documentation/x86: Fix backwards on/off logic about YMM support
   * [x86] Add a Speculative RAS Overflow (SRSO) mitigation (CVE-2023-20569)
     - x86/bugs: Increase the x86 bugs vector size to two u32s
     - x86/srso: Add a Speculative RAS Overflow mitigation
     - x86/srso: Add IBPB_BRTYPE support
     - x86/srso: Add SRSO_NO support
     - x86/srso: Add IBPB
     - x86/srso: Add IBPB on VMEXIT
     - x86/srso: Fix return thunks in generated code
     - x86/srso: Add a forgotten NOENDBR annotation
   * Bump ABI to 11
 .
   [ Ben Hutchings ]
   * [x86] Add missing pieces of SRSO mitigation:
     - x86/cpu, kvm: Add support for CPUID_80000021_EAX
     - x86/srso: Tie SBPB bit setting to microcode patch detection
Checksums-Sha1:
 623777e14a9efdeb52cae24fa81e3375b047110a 290924 linux_6.1.38-3.dsc
 b62f7e5f8b2b056eb67f1c03b685d2e7f14e0458 1518432 linux_6.1.38-3.debian.tar.xz
 b058ebee35ac3d067cae7102e20a6f4755a868cd 6830 linux_6.1.38-3_source.buildinfo
Checksums-Sha256:
 5842342b18d24a08c2bce4bd929a963c214b2b9b08619b375a19538f8480f3ba 290924 linux_6.1.38-3.dsc
 6241f5204d60782054cce305e0686fe4c1018199b4ccf6b6d0b68253d1a36f8e 1518432 linux_6.1.38-3.debian.tar.xz
 b00a5281a2a91af98e696cca8a0c7d5ed22874df779b53f74b3c244e0f568451 6830 linux_6.1.38-3_source.buildinfo
Files:
 46f39dac226a3ac6c198a637407ddd3a 290924 kernel optional linux_6.1.38-3.dsc
 04cfd2d07847ace6bea8bbdc7c4ad153 1518432 kernel optional linux_6.1.38-3.debian.tar.xz
 f96337fdb5ef76c3a56027933d0ec267 6830 kernel optional linux_6.1.38-3_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmTRvphfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89Ef0AQAJUrP5FP2vuIvfFIIY5Q5NzX/uv5WBva
vZuVJG0l9HirpcMXBPrEKmbIK2d8FwAFLTLJjObc25nQx/DRfg9yFwPsLOgodRZs
UVvlcSITobMgs31ME6ZqsXjl0QUUWu0TDDihIUlMYw32ieUrQHYiuaR9lXGBo+Yu
qQsfV2xIAzLCLApt2jMyR9TPLnHzXSIl+r9z4vYERCNvfEE9KNGUro9qW1wim0Xm
Xnx/cWKdSq7jn0gE+b9wBnzVUMzAb680F0Z9ujPMpY32Y4VmTI+r2ubca8W3M3RT
BuoUBvmIp0fj8N9G6vpkZDeSGVyhpPLzgob8N07+NOgUMxnWr8W7gEEGvcnVsfE7
TYjLzuM3B0PT4LlqAgfxz61GzBhRy8pvAAz8QDkB1EeRDnzuejCL9RZWKVbd4izc
3K1f32R3bDhcu3pgSs6+2wxLZRj7Q8kcag94cIxVfIJM3efZY0jUScJtwaOZSb47
EYJ8vFb7qj68Tqpk8Nouhkr6KgEB+t4F6RsC2TVLWzPVFvGt93D7PRJL0KeFbbPY
lMGKr+UtsbNsaOZ6UeCU2ABFt73Jk5UkKbXtxlMJVgd3pcu4j7ChrosCWPJ529e1
BtJwuLlPbvmJA4hr4M72trCgS3BprP07HbxCxO6tCX0T+ZZHPu3u8cG5xbrqSRwp
0x7kI65evmfe
=J8kE
-----END PGP SIGNATURE-----


Reply to: