Accepted linux-signed-amd64 5.19~rc6+1~exp1 (source) into experimental, experimental
- To: debian-devel-changes@lists.debian.org, debian-experimental-changes@lists.debian.org
- Subject: Accepted linux-signed-amd64 5.19~rc6+1~exp1 (source) into experimental, experimental
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Thu, 14 Jul 2022 05:00:08 +0000
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id:Subject: Content-Transfer-Encoding:Content-Type:MIME-Version:To:Reply-To:From:Cc: Content-ID:Content-Description:In-Reply-To:References; bh=FS20j2TAxNzjexeBEUgCU60ZLyG0aPBphH/hpZAOals=; b=fI7lsHv3u/SyRGfvxAw6+zMiF+ LYxcdlzrmYeIoZ8PuTm12qLBNISsAQo7BsRh5odyQKrV16wSDtqK740UTmiumhGp8QpnIWUjkni0N 1rFxJqlqxwhoAkmM6UA/GPhUdRrgw5b43FvssxpFRLgg0Ux4ujWH3uT6JdQCmZ8xviDHA2h1CEsZL 6pHy0tN+Vpqgef/m7XF9W0kAdM/mezu1jTIsWEfK0mS1pHGGPMJ7NniZmZieJqMVYVRMGLCTkh4Mf 7A5xgPsl2vigGy/DGdPf7UBSeGJsO7NF3KzOQoZYKh36HxWPGTNwzEl/WYJ1q/LZ8nN3VAXQZzWnl 4eyYjbww==;
- Mail-followup-to: debian-devel@lists.debian.org
- Message-id: <E1oBqxM-000HNt-E5@fasolo.debian.org>
- Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 13 Jul 2022 01:20:17 +0200
Source: linux-signed-amd64
Architecture: source
Version: 5.19~rc6+1~exp1
Distribution: experimental
Urgency: medium
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
Changed-By: Ben Hutchings <benh@debian.org>
Changes:
linux-signed-amd64 (5.19~rc6+1~exp1) experimental; urgency=medium
.
* Sign kernel from linux 5.19~rc6-1~exp1
.
* New upstream release candidate
.
[ Ben Hutchings ]
* [mips64el/mips64r2el] Fix package description
* [x86] Add mitigations for RETbleed on AMD/Hygon (CVE-2022-29900) and
Intel (CVE-2022-29901) processors:
- x86/kvm/vmx: Make noinstr clean
- x86/cpufeatures: Move RETPOLINE flags to word 11
- x86/retpoline: Cleanup some #ifdefery
- x86/retpoline: Swizzle retpoline thunk
- x86/retpoline: Use -mfunction-return
- x86: Undo return-thunk damage
- x86,objtool: Create .return_sites
- x86,static_call: Use alternative RET encoding
- x86/ftrace: Use alternative RET encoding
- x86/bpf: Use alternative RET encoding
- x86/kvm: Fix SETcc emulation for return thunks
- x86/vsyscall_emu/64: Don't use RET in vsyscall emulation
- x86/sev: Avoid using __x86_return_thunk
- x86: Use return-thunk in asm code
- x86/entry: Avoid very early RET
- objtool: Treat .text.__x86.* as noinstr
- x86: Add magic AMD return-thunk
- x86/bugs: Report AMD retbleed vulnerability
- x86/bugs: Add AMD retbleed= boot parameter
- x86/bugs: Enable STIBP for JMP2RET
- x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value
- x86/entry: Add kernel IBRS implementation
- x86/bugs: Optimize SPEC_CTRL MSR writes
- x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS
- x86/bugs: Split spectre_v2_select_mitigation() and
spectre_v2_user_select_mitigation()
- x86/bugs: Report Intel retbleed vulnerability
- intel_idle: Disable IBRS during long idle
- objtool: Update Retpoline validation
- x86/xen: Rename SYS* entry points
- x86/xen: Add UNTRAIN_RET
- x86/bugs: Add retbleed=ibpb
- x86/bugs: Do IBPB fallback check only once
- objtool: Add entry UNRET validation
- x86/cpu/amd: Add Spectral Chicken
- x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n
- x86/speculation: Fix firmware entry SPEC_CTRL handling
- x86/speculation: Fix SPEC_CTRL write on SMT state change
- x86/speculation: Use cached host SPEC_CTRL value for guest entry/exit
- x86/speculation: Remove x86_spec_ctrl_mask
- objtool: Re-add UNWIND_HINT_{SAVE_RESTORE}
- KVM: VMX: Flatten __vmx_vcpu_run()
- KVM: VMX: Convert launched argument to flags
- KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS
- KVM: VMX: Fix IBRS handling after vmexit
- x86/speculation: Fill RSB on vmexit for IBRS
- KVM: VMX: Prevent RSB underflow before vmenter
- x86/common: Stamp out the stepping madness
- x86/cpu/amd: Enumerate BTC_NO
- x86/retbleed: Add fine grained Kconfig knobs
- x86/bugs: Add Cannon lake to RETBleed affected CPU list
- x86/entry: Move PUSH_AND_CLEAR_REGS() back into error_entry
- x86/bugs: Do not enable IBPB-on-entry when IBPB is not supported
- x86/kexec: Disable RET on kexec
- x86/speculation: Disable RRSBA behavior
- x86/static_call: Serialize __static_call_fixup() properly
* [amd64] Enable SLS mitigation
Checksums-Sha1:
eabf3c0f8d24609dd5fec6f04cf4bf07284fa48e 8763 linux-signed-amd64_5.19~rc6+1~exp1.dsc
844014ca990b75a01c7e854fa81e424c043108ee 2888048 linux-signed-amd64_5.19~rc6+1~exp1.tar.xz
Checksums-Sha256:
b987d35b80b6b1230343aff05636340a94bfbc3c36b8b85cb4336d4d1c71c59d 8763 linux-signed-amd64_5.19~rc6+1~exp1.dsc
1e89c42d739ac6576816c251c853ec78e7760d0e5ed4fa0aa30443456bf3c249 2888048 linux-signed-amd64_5.19~rc6+1~exp1.tar.xz
Files:
604b8a9f8e12d69406f3258eb68b2375 8763 kernel optional linux-signed-amd64_5.19~rc6+1~exp1.dsc
d733bee7446759915c834d3c918ce9d2 2888048 kernel optional linux-signed-amd64_5.19~rc6+1~exp1.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEfKFfvHEI+gkU+E+di0FRiLdONzYFAmLPMRUACgkQi0FRiLdO
Nzba7Q//dW1zxpdsmnGNn988z08Ikza22gRKO2TCz6b1eqL2ncL9WCOKUws//uv8
1hK0BOPXPYoDzMqlP64zv9yKTcKneyd0m+glgdq8vogxbdvC6nJ4gBTMjdY5HjeR
nPPA/4ro11a0nHqd3MvQxb+3AtlSJuQcHaBtVt788GWF6Tm3ueH5hbh6ppU9WnWq
7Ghue6Rksyq8CzqIW5uP+t6Jv4i5ThVjuYiE17WOADObXpiWd8TR7o5R9Z9eoQ1w
S3w8ArlUmM7houfZ0RtstfOHZSaEOF4H+fvXa5x/o8b8TbeCwIUaARqVUnssSy8Z
Qe3eazRXe6W0BjENqqyQMkPYbuI3z0lIIssiDMUDigrUfteW8aXI32ssYzDyZ+Hr
RK3x0tzpkrQIh71xmRzIVub+rI6x9pqrmAIKeljXHSYtmMv2TVsl0oM+3/nqNucC
HKe1jrq+u8Cqj3Wj0iqy0UVumXGNf5lG1nCR/SvGLp3W4l9Hr6sAJhjiLzpl0e1E
wIEi4QDbTmUf18ZfL4GfrcXpImHl8TZWf1BvbAEETpI7L9xWC5QeUAzW83Vpwvxu
mvV5Ln6QbwFiovVMOmQw/yEBAfshYHts2lesM80HIV84GNCVtSwNpvM9WKTEyEuP
vHiikuwCPDeimVOSovsEok0cODwXezUzmY9+VQrsha9Eltf4dn0=
=nozp
-----END PGP SIGNATURE-----