diff --git a/debian.master/changelog b/debian.master/changelog
index 45e4f015b6aa2..806482295be77 100644
--- a/debian.master/changelog
+++ b/debian.master/changelog
@@ -1,10 +1,570 @@
-linux (6.2.0-34.34) UNRELEASED; urgency=medium
-
- CHANGELOG: Do not edit directly. Autogenerated at release.
- CHANGELOG: Use the printchanges target to see the curent changes.
- CHANGELOG: Use the insertchanges target to create the final log.
-
- -- Stefan Bader <stefan.bader@canonical.com> Mon, 04 Sep 2023 11:08:58 +0200
+linux (6.2.0-34.34) lunar; urgency=medium
+
+ * lunar/linux: 6.2.0-34.34 -proposed tracker (LP: #2033779)
+
+ * CVE-2023-20569
+ - x86/cpu, kvm: Add support for CPUID_80000021_EAX
+ - tools headers x86 cpufeatures: Sync with the kernel sources
+ - x86/alternative: Optimize returns patching
+ - x86/retbleed: Add __x86_return_thunk alignment checks
+ - x86/srso: Add a Speculative RAS Overflow mitigation
+ - x86/srso: Add IBPB_BRTYPE support
+ - x86/srso: Add SRSO_NO support
+ - x86/srso: Add IBPB
+ - x86/srso: Add IBPB on VMEXIT
+ - x86/srso: Fix return thunks in generated code
+ - x86/srso: Add a forgotten NOENDBR annotation
+ - x86/srso: Tie SBPB bit setting to microcode patch detection
+ - Documentation/hw-vuln: Unify filename specification in index
+ - Documentation/srso: Document IBPB aspect and fix formatting
+ - x86/srso: Fix build breakage with the LLVM linker
+ - x86: Move gds_ucode_mitigated() declaration to header
+ - x86/retpoline: Don't clobber RFLAGS during srso_safe_ret()
+ - x86/srso: Disable the mitigation on unaffected configurations
+ - x86/retpoline,kprobes: Fix position of thunk sections with CONFIG_LTO_CLANG
+ - x86/retpoline,kprobes: Skip optprobe check for indirect jumps with
+ retpolines and IBT
+ - x86/cpu: Fix __x86_return_thunk symbol type
+ - x86/cpu: Fix up srso_safe_ret() and __x86_return_thunk()
+ - objtool/x86: Fix SRSO mess
+ - x86/alternative: Make custom return thunk unconditional
+ - x86/cpu: Clean up SRSO return thunk mess
+ - x86/cpu: Rename original retbleed methods
+ - x86/cpu: Rename srso_(.*)_alias to srso_alias_\1
+ - x86/cpu: Cleanup the untrain mess
+ - x86/srso: Explain the untraining sequences a bit more
+ - objtool/x86: Fixup frame-pointer vs rethunk
+ - x86/static_call: Fix __static_call_fixup()
+ - x86/srso: Correct the mitigation status when SMT is disabled
+ - Ubuntu: [Config]: enable Speculative Return Stack Overflow mitigation
+
+ * Please enable Renesas RZ platform serial installer (LP: #2022361)
+ - [Config] enable hihope RZ/G2M serial console
+ - [Config] Mark sh-sci as built-in
+
+ * dGPU cannot resume because system firmware stuck in IPCS method
+ (LP: #2021572)
+ - drm/i915/tc: Abort DP AUX transfer on a disconnected TC port
+ - drm/i915/tc: switch to intel_de_* register accessors in display code
+ - drm/i915: Enable a PIPEDMC whenever its corresponding pipe is enabled
+ - drm/i915/tc: Fix TC port link ref init for DP MST during HW readout
+ - drm/i915/tc: Fix system resume MST mode restore for DP-alt sinks
+ - drm/i915/tc: Wait for IOM/FW PHY initialization of legacy TC ports
+ - drm/i915/tc: Factor out helpers converting HPD mask to TC mode
+ - drm/i915/tc: Fix target TC mode for a disconnected legacy port
+ - drm/i915/tc: Fix TC mode for a legacy port if the PHY is not ready
+ - drm/i915/tc: Fix initial TC mode on disabled legacy ports
+ - drm/i915/tc: Make the TC mode readout consistent in all PHY states
+ - drm/i915: Add encoder hook to get the PLL type used by TC ports
+ - drm/i915/tc: Assume a TC port is legacy if VBT says the port has HDMI
+ - drm/i915/tc: Factor out a function querying active links on a TC port
+ - drm/i915/tc: Check the PLL type used by an enabled TC port
+ - drm/i915/tc: Group the TC PHY setup/query functions per platform
+ - drm/i915/tc: Use the adlp prefix for ADLP TC PHY functions
+ - drm/i915/tc: Rename tc_phy_status_complete() to tc_phy_is_ready()
+ - drm/i915/tc: Use the tc_phy prefix for all TC PHY functions
+ - drm/i915/tc: Move TC port fields to a new intel_tc_port struct
+ - drm/i915/tc: Check for TC PHY explicitly in
+ intel_tc_port_fia_max_lane_count()
+ - drm/i915/tc: Move the intel_tc_port struct declaration to intel_tc.c
+ - drm/i915/tc: Add TC PHY hook to get the PHY HPD live status
+ - drm/i915/tc: Add TC PHY hooks to get the PHY ready/owned state
+ - drm/i915/tc: Add TC PHY hook to read out the PHY HW state
+ - drm/i915/tc: Add generic TC PHY connect/disconnect handlers
+ - drm/i915/tc: Factor out tc_phy_verify_legacy_or_dp_alt_mode()
+ - drm/i915/tc: Add TC PHY hooks to connect/disconnect the PHY
+ - drm/i915/tc: Fix up the legacy VBT flag only in disconnected mode
+ - drm/i915/tc: Check TC mode instead of the VBT legacy flag
+ - drm/i915/tc: Block/unblock TC-cold in the PHY connect/disconnect hooks
+ - drm/i915/tc: Remove redundant wakeref=0 check from unblock_tc_cold()
+ - drm/i915/tc: Drop tc_cold_block()/unblock()'s power domain parameter
+ - drm/i915/tc: Add TC PHY hook to get the TC-cold blocking power domain
+ - drm/i915/tc: Add asserts in TC PHY hooks that the required power is on
+ - drm/i915/tc: Add TC PHY hook to init the PHY
+ - drm/i915/adlp/tc: Use the DE HPD ISR register for hotplug detection
+ - drm/i915/tc: Get power ref for reading the HPD live status register
+ - drm/i915/tc: Don't connect the PHY in intel_tc_port_connected()
+ - drm/i915/adlp/tc: Align the connect/disconnect PHY sequence with bspec
+ - drm/i915: Move shared DPLL disabling into CRTC disable hook
+ - drm/i915: Disable DPLLs before disconnecting the TC PHY
+ - drm/i915: Remove TC PHY disconnect workaround
+ - drm/i915: Remove the encoder update_prepare()/complete() hooks
+ - drm/i915/dp_mst: Fix active port PLL selection for secondary MST streams
+ - drm/i915: Fix PIPEDMC disabling for a bigjoiner configuration
+ - drm/i915: Add helpers to reference/unreference a DPLL for a CRTC
+ - drm/i915: Make the CRTC state consistent during sanitize-disabling
+ - drm/i915: Update connector atomic state before crtc sanitize-disabling
+ - drm/i915: Separate intel_crtc_disable_noatomic_begin/complete()
+ - drm/i915: Factor out set_encoder_for_connector()
+ - drm/i915: Add support for disabling any CRTCs during HW readout/sanitization
+ - drm/i915/dp: Prevent link training fallback on disconnected port
+ - drm/i915/dp: Factor out intel_dp_get_active_pipes()
+ - drm/i915: Factor out a helper for handling atomic modeset locks/state
+ - drm/i915/tc: Call TypeC port flush_work/cleanup without modeset locks held
+ - drm/i915/tc: Reset TypeC PHYs left enabled in DP-alt mode after the sink
+ disconnects
+
+ * amdgpu: Fixes for S0i3 resume on Phoenix (LP: #2033654)
+ - drm/amd/pm: skip the RLC stop when S0i3 suspend for SMU v13.0.4/11
+ - drm/amdgpu: skip fence GFX interrupts disable/enable for S0ix
+ - drm/amd: flush any delayed gfxoff on suspend entry
+
+ * Fix panel brightness issues on HP laptops (LP: #2032704)
+ - ACPI: video: Put ACPI video and its child devices into D0 on boot
+
+ * Fix ACPI TAD on some Intel based systems (LP: #2032767)
+ - ACPI: TAD: Install SystemCMOS address space handler for ACPI000E
+
+ * kdump doesn't work with UEFI secure boot and kernel lockdown enabled on
+ ARM64 (LP: #2033007)
+ - [Config]: Enable CONFIG_KEXEC_IMAGE_VERIFY_SIG
+
+ * Request backport of xen timekeeping performance improvements (LP: #2033122)
+ - x86/xen/time: prefer tsc as clocksource when it is invariant
+
+ * Fix numerous AER related issues (LP: #2033025)
+ - SAUCE: PCI/AER: Disable AER service during suspend, again
+ - SAUCE: PCI/DPC: Disable DPC service during suspend, again
+
+ * Enable D3cold at s2idle for Intel DG2 GPU (LP: #2033452)
+ - drm/i915/dgfx: Enable d3cold at s2idle
+
+ * CVE-2023-4569
+ - netfilter: nf_tables: deactivate catchall elements in next generation
+
+ * Fix non-working MT7921e when pre-boot WiFi is enabled (LP: #2026322)
+ - wifi: mt76: mt7921e: fix init command fail with enabled device
+
+ * Fix unreliable ethernet cable detection on I219 NIC (LP: #2028122)
+ - e1000e: Use PME poll to circumvent unreliable ACPI wake
+
+ * [SRU][Ubuntu 22.04.1] Unable to interpret the frequency values in
+ cpuinfo_min_freq and cpuino_max_freq sysfs files. (LP: #2030924)
+ - cpufreq: intel_pstate: Fix scaling for hybrid-capable
+
+ * CVE-2023-40283
+ - Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb
+
+ * CVE-2023-20588
+ - x86/bugs: Increase the x86 bugs vector size to two u32s
+ - x86/CPU/AMD: Do not leak quotient data after a division by 0
+ - x86/CPU/AMD: Fix the DIV(0) initial fix attempt
+
+ * CVE-2023-4194
+ - net: tun_chr_open(): set sk_uid from current_fsuid()
+ - net: tap_open(): set sk_uid from current_fsuid()
+
+ * CVE-2023-4155
+ - KVM: SEV: snapshot the GHCB before accessing it
+ - KVM: SEV: only access GHCB fields once
+
+ * CVE-2023-1206
+ - tcp: Reduce chance of collisions in inet6_hashfn().
+
+ * Lunar update: upstream stable patchset 2023-08-03 (LP: #2029808)
+ - RDMA/bnxt_re: Fix the page_size used during the MR creation
+ - phy: amlogic: phy-meson-g12a-mipi-dphy-analog: fix CNTL2_DIF_TX_CTL0 value
+ - RDMA/efa: Fix unsupported page sizes in device
+ - RDMA/hns: Fix timeout attr in query qp for HIP08
+ - RDMA/hns: Fix base address table allocation
+ - RDMA/hns: Modify the value of long message loopback slice
+ - dmaengine: at_xdmac: fix potential Oops in at_xdmac_prep_interleaved()
+ - RDMA/bnxt_re: Fix a possible memory leak
+ - RDMA/bnxt_re: Fix return value of bnxt_re_process_raw_qp_pkt_rx
+ - iommu/rockchip: Fix unwind goto issue
+ - iommu/amd: Don't block updates to GATag if guest mode is on
+ - iommu/amd: Handle GALog overflows
+ - iommu/amd: Fix up merge conflict resolution
+ - nfsd: make a copy of struct iattr before calling notify_change
+ - dmaengine: pl330: rename _start to prevent build error
+ - riscv: Fix unused variable warning when BUILTIN_DTB is set
+ - net/mlx5: Drain health before unregistering devlink
+ - net/mlx5: SF, Drain health before removing device
+ - net/mlx5: fw_tracer, Fix event handling
+ - net/mlx5e: Don't attach netdev profile while handling internal error
+ - net: mellanox: mlxbf_gige: Fix skb_panic splat under memory pressure
+ - netrom: fix info-leak in nr_write_internal()
+ - af_packet: Fix data-races of pkt_sk(sk)->num.
+ - tls: improve lockless access safety of tls_err_abort()
+ - amd-xgbe: fix the false linkup in xgbe_phy_status
+ - perf ftrace latency: Remove unnecessary "--" from --use-nsec option
+ - mtd: rawnand: ingenic: fix empty stub helper definitions
+ - RDMA/irdma: Prevent QP use after free
+ - RDMA/irdma: Fix Local Invalidate fencing
+ - af_packet: do not use READ_ONCE() in packet_bind()
+ - tcp: deny tcp_disconnect() when threads are waiting
+ - tcp: Return user_mss for TCP_MAXSEG in CLOSE/LISTEN state if user_mss set
+ - net/smc: Scan from current RMB list when no position specified
+ - net/smc: Don't use RMBs not mapped to new link in SMCRv2 ADD LINK
+ - net/sched: sch_ingress: Only create under TC_H_INGRESS
+ - net/sched: sch_clsact: Only create under TC_H_CLSACT
+ - net/sched: Reserve TC_H_INGRESS (TC_H_CLSACT) for ingress (clsact) Qdiscs
+ - net/sched: Prohibit regrafting ingress or clsact Qdiscs
+ - net: sched: fix NULL pointer dereference in mq_attach
+ - net/netlink: fix NETLINK_LIST_MEMBERSHIPS length report
+ - udp6: Fix race condition in udp6_sendmsg & connect
+ - nfsd: fix double fget() bug in __write_ports_addfd()
+ - nvme: fix the name of Zone Append for verbose logging
+ - net/mlx5e: Fix error handling in mlx5e_refresh_tirs
+ - net/mlx5: Read embedded cpu after init bit cleared
+ - iommu/mediatek: Flush IOTLB completely only if domain has been attached
+ - tcp: fix mishandling when the sack compression is deferred.
+ - net: dsa: mv88e6xxx: Increase wait after reset deactivation
+ - mtd: rawnand: marvell: ensure timing values are written
+ - mtd: rawnand: marvell: don't set the NAND frequency select
+ - rtnetlink: call validate_linkmsg in rtnl_create_link
+ - mptcp: avoid unneeded __mptcp_nmpc_socket() usage
+ - mptcp: add annotations around msk->subflow accesses
+ - mptcp: avoid unneeded address copy
+ - mptcp: simplify subflow_syn_recv_sock()
+ - mptcp: consolidate passive msk socket initialization
+ - mptcp: fix data race around msk->first access
+ - mptcp: add annotations around sk->sk_shutdown accesses
+ - drm/amdgpu: release gpu full access after "amdgpu_device_ip_late_init"
+ - watchdog: menz069_wdt: fix watchdog initialisation
+ - ALSA: hda: Glenfly: add HD Audio PCI IDs and HDMI Codec Vendor IDs.
+ - ASoC: Intel: soc-acpi-cht: Add quirk for Nextbook Ares 8A tablet
+ - drm/amdgpu: Use the default reset when loading or reloading the driver
+ - mailbox: mailbox-test: Fix potential double-free in
+ mbox_test_message_write()
+ - btrfs: abort transaction when sibling keys check fails for leaves
+ - ARM: 9295/1: unwind:fix unwind abort for uleb128 case
+ - hwmon: (k10temp) Add PCI ID for family 19, model 78h
+ - media: rcar-vin: Select correct interrupt mode for V4L2_FIELD_ALTERNATE
+ - platform/x86: intel_scu_pcidrv: Add back PCI ID for Medfield
+ - platform/mellanox: fix potential race in mlxbf-tmfifo driver
+ - drm/amdgpu: set gfx9 onwards APU atomics support to be true
+ - fbdev: imsttfb: Fix use after free bug in imsttfb_probe
+ - fbdev: modedb: Add 1920x1080 at 60 Hz video mode
+ - fbdev: stifb: Fix info entry in sti_struct on error path
+ - nbd: Fix debugfs_create_dir error checking
+ - block/rnbd: replace REQ_OP_FLUSH with REQ_OP_WRITE
+ - nvme-pci: add NVME_QUIRK_BOGUS_NID for HS-SSD-FUTURE 2048G
+ - nvme-pci: add quirk for missing secondary temperature thresholds
+ - ASoC: amd: yc: Add DMI entry to support System76 Pangolin 12
+ - ASoC: dwc: limit the number of overrun messages
+ - um: harddog: fix modular build
+ - xfrm: Check if_id in inbound policy/secpath match
+ - ASoC: dt-bindings: Adjust #sound-dai-cells on TI's single-DAI codecs
+ - ALSA: hda/realtek: Add quirks for ASUS GU604V and GU603V
+ - ASoC: ssm2602: Add workaround for playback distortions
+ - media: dvb_demux: fix a bug for the continuity counter
+ - media: dvb-usb: az6027: fix three null-ptr-deref in az6027_i2c_xfer()
+ - media: dvb-usb-v2: ec168: fix null-ptr-deref in ec168_i2c_xfer()
+ - media: dvb-usb-v2: ce6230: fix null-ptr-deref in ce6230_i2c_master_xfer()
+ - media: dvb-usb-v2: rtl28xxu: fix null-ptr-deref in rtl28xxu_i2c_xfer
+ - media: dvb-usb: digitv: fix null-ptr-deref in digitv_i2c_xfer()
+ - media: dvb-usb: dw2102: fix uninit-value in su3000_read_mac_address
+ - media: netup_unidvb: fix irq init by register it at the end of probe
+ - media: dvb_ca_en50221: fix a size write bug
+ - media: ttusb-dec: fix memory leak in ttusb_dec_exit_dvb()
+ - media: mn88443x: fix !CONFIG_OF error by drop of_match_ptr from ID table
+ - media: dvb-core: Fix use-after-free due on race condition at dvb_net
+ - media: dvb-core: Fix use-after-free due to race at dvb_register_device()
+ - media: dvb-core: Fix use-after-free due to race condition at dvb_ca_en50221
+ - ASoC: SOF: debug: conditionally bump runtime_pm counter on exceptions
+ - ASoC: SOF: pcm: fix pm_runtime imbalance in error handling
+ - ASoC: SOF: sof-client-probes: fix pm_runtime imbalance in error handling
+ - ASoC: SOF: pm: save io region state in case of errors in resume
+ - s390/pkey: zeroize key blobs
+ - s390/topology: honour nr_cpu_ids when adding CPUs
+ - ACPI: resource: Add IRQ override quirk for LG UltraPC 17U70P
+ - wifi: rtl8xxxu: fix authentication timeout due to incorrect RCR value
+ - ARM: dts: stm32: add pin map for CAN controller on stm32f7
+ - arm64/mm: mark private VM_FAULT_X defines as vm_fault_t
+ - arm64: vdso: Pass (void *) to virt_to_page()
+ - wifi: mac80211: simplify chanctx allocation
+ - wifi: mac80211: consider reserved chanctx for mindef
+ - wifi: mac80211: recalc chanctx mindef before assigning
+ - wifi: iwlwifi: mvm: Add locking to the rate read flow
+ - scsi: core: Decrease scsi_device's iorequest_cnt if dispatch failed
+ - wifi: b43: fix incorrect __packed annotation
+ - netfilter: conntrack: define variables exp_nat_nla_policy and any_addr with
+ CONFIG_NF_NAT
+ - nvme-multipath: don't call blk_mark_disk_dead in nvme_mpath_remove_disk
+ - nvme: do not let the user delete a ctrl before a complete initialization
+ - ALSA: oss: avoid missing-prototype warnings
+ - drm/msm: Be more shouty if per-process pgtables aren't working
+ - atm: hide unused procfs functions
+ - ceph: silence smatch warning in reconnect_caps_cb()
+ - drm/amdgpu: skip disabling fence driver src_irqs when device is unplugged
+ - ublk: fix AB-BA lockdep warning
+ - nvme-pci: Add quirk for Teamgroup MP33 SSD
+ - block: Deny writable memory mapping if block is read-only
+ - KVM: arm64: vgic: Fix a circular locking issue
+ - KVM: arm64: vgic: Wrap vgic_its_create() with config_lock
+ - KVM: arm64: vgic: Fix locking comment
+ - media: mediatek: vcodec: Only apply 4K frame sizes on decoder formats
+ - mailbox: mailbox-test: fix a locking issue in mbox_test_message_write()
+ - drivers: base: cacheinfo: Fix shared_cpu_map changes in event of CPU hotplug
+ - media: uvcvideo: Don't expose unsupported formats to userspace
+ - iio: accel: st_accel: Fix invalid mount_matrix on devices without ACPI _ONT
+ method
+ - iio: adc: mxs-lradc: fix the order of two cleanup operations
+ - HID: google: add jewel USB id
+ - HID: wacom: avoid integer overflow in wacom_intuos_inout()
+ - iio: imu: inv_icm42600: fix timestamp reset
+ - dt-bindings: iio: adc: renesas,rcar-gyroadc: Fix adi,ad7476 compatible value
+ - iio: light: vcnl4035: fixed chip ID check
+ - iio: adc: stm32-adc: skip adc-channels setup if none is present
+ - iio: adc: ad_sigma_delta: Fix IRQ issue by setting IRQ_DISABLE_UNLAZY flag
+ - iio: dac: mcp4725: Fix i2c_master_send() return value handling
+ - iio: addac: ad74413: fix resistance input processing
+ - iio: adc: ad7192: Change "shorted" channels to differential
+ - iio: adc: stm32-adc: skip adc-diff-channels setup if none is present
+ - iio: dac: build ad5758 driver when AD5758 is selected
+ - net: usb: qmi_wwan: Set DTR quirk for BroadMobi BM818
+ - dt-bindings: usb: snps,dwc3: Fix "snps,hsphy_interface" type
+ - usb: cdns3: fix NCM gadget RX speed 20x slow than expection at iMX8QM
+ - usb: gadget: f_fs: Add unbind event before functionfs_unbind
+ - md/raid5: fix miscalculation of 'end_sector' in raid5_read_one_chunk()
+ - misc: fastrpc: return -EPIPE to invocations on device removal
+ - misc: fastrpc: reject new invocations during device removal
+ - scsi: stex: Fix gcc 13 warnings
+ - ata: libata-scsi: Use correct device no in ata_find_dev()
+ - drm/amdgpu: enable tmz by default for GC 11.0.1
+ - drm/amd/pm: reverse mclk and fclk clocks levels for SMU v13.0.4
+ - drm/amd/pm: reverse mclk and fclk clocks levels for vangogh
+ - drm/amd/pm: resolve reboot exception for si oland
+ - drm/amd/pm: reverse mclk clocks levels for SMU v13.0.5
+ - drm/amd/pm: reverse mclk and fclk clocks levels for yellow carp
+ - drm/amd/pm: reverse mclk and fclk clocks levels for renoir
+ - mmc: vub300: fix invalid response handling
+ - mmc: pwrseq: sd8787: Fix WILC CHIP_EN and RESETN toggling order
+ - tty: serial: fsl_lpuart: use UARTCTRL_TXINV to send break instead of
+ UARTCTRL_SBK
+ - btrfs: fix csum_tree_block page iteration to avoid tripping on
+ -Werror=array-bounds
+ - phy: qcom-qmp-combo: fix init-count imbalance
+ - phy: qcom-qmp-pcie-msm8996: fix init-count imbalance
+ - block: fix revalidate performance regression
+ - powerpc/iommu: Limit number of TCEs to 512 for H_STUFF_TCE hcall
+ - iommu/amd: Fix domain flush size when syncing iotlb
+ - tpm, tpm_tis: correct tpm_tis_flags enumeration values
+ - riscv: perf: Fix callchain parse error with kernel tracepoint events
+ - io_uring: undeprecate epoll_ctl support
+ - selinux: don't use make's grouped targets feature yet
+ - mtdchar: mark bits of ioctl handler noinline
+ - tracing/timerlat: Always wakeup the timerlat thread
+ - tracing/histograms: Allow variables to have some modifiers
+ - tracing/probe: trace_probe_primary_from_call(): checked list_first_entry
+ - selftests: mptcp: connect: skip if MPTCP is not supported
+ - selftests: mptcp: pm nl: skip if MPTCP is not supported
+ - selftests: mptcp: join: skip if MPTCP is not supported
+ - selftests: mptcp: sockopt: skip if MPTCP is not supported
+ - selftests: mptcp: userspace pm: skip if MPTCP is not supported
+ - mptcp: fix connect timeout handling
+ - mptcp: fix active subflow finalization
+ - ext4: add EA_INODE checking to ext4_iget()
+ - ext4: set lockdep subclass for the ea_inode in ext4_xattr_inode_cache_find()
+ - ext4: disallow ea_inodes with extended attributes
+ - ext4: add lockdep annotations for i_data_sem for ea_inode's
+ - fbcon: Fix null-ptr-deref in soft_cursor
+ - serial: 8250_tegra: Fix an error handling path in tegra_uart_probe()
+ - serial: cpm_uart: Fix a COMPILE_TEST dependency
+ - powerpc/xmon: Use KSYM_NAME_LEN in array size
+ - test_firmware: fix a memory leak with reqs buffer
+ - test_firmware: fix the memory leak of the allocated firmware buffer
+ - KVM: arm64: Populate fault info for watchpoint
+ - KVM: x86: Account fastpath-only VM-Exits in vCPU stats
+ - ksmbd: fix credit count leakage
+ - ksmbd: fix UAF issue from opinfo->conn
+ - ksmbd: fix incorrect AllocationSize set in smb2_get_info
+ - ksmbd: fix slab-out-of-bounds read in smb2_handle_negotiate
+ - ksmbd: fix multiple out-of-bounds read during context decoding
+ - KEYS: asymmetric: Copy sig and digest in public_key_verify_signature()
+ - fs/ntfs3: Validate MFT flags before replaying logs
+ - regmap: Account for register length when chunking
+ - tpm, tpm_tis: Request threaded interrupt handler
+ - iommu/amd/pgtbl_v2: Fix domain max address
+ - drm/amd/display: Have Payload Properly Created After Resume
+ - tls: rx: strp: don't use GFP_KERNEL in softirq context
+ - selftests: mptcp: diag: skip if MPTCP is not supported
+ - selftests: mptcp: simult flows: skip if MPTCP is not supported
+ - selftests: mptcp: join: avoid using 'cmp --bytes'
+ - ext4: enable the lazy init thread when remounting read/write
+ - iommu: Make IPMMU_VMSA dependencies more strict
+ - [Config] updateconfigs for IPMMU_VMSA
+ - iommu/amd: Add missing domain type checks
+ - efi: Bump stub image version for macOS HVF compatibility
+ - rxrpc: Truncate UTS_RELEASE for rxrpc version
+ - net: renesas: rswitch: Fix return value in error path of xmit
+ - KVM: arm64: Prevent unconditional donation of unmapped regions from the host
+ - KVM: arm64: Reload PTE after invoking walker callback on preorder traversal
+ - iio: ad4130: Make sure clock provider gets removed
+ - iio: adc: mt6370: Fix ibus and ibat scaling value of some specific vendor ID
+ chips
+ - iio: accel: kx022a fix irq getting
+ - misc: fastrpc: Reassign memory ownership only for remote heap
+ - module/decompress: Fix error checking on zstd decompression
+ - dmaengine: at_hdmac: Repair bitfield macros for peripheral ID handling
+ - dmaengine: at_hdmac: Extend the Flow Controller bitfield to three bits
+ - test_firmware: prevent race conditions by a correct implementation of
+ locking
+ - KVM: arm64: Drop last page ref in kvm_pgtable_stage2_free_removed()
+ - KVM: x86/mmu: Grab memslot for correct address space in NX recovery worker
+ - Upstream stable to v6.1.33, v6.3.7
+ - scsi: megaraid_sas: Add flexible array member for SGLs
+ - net: sfp: fix state loss when updating state_hw_mask
+ - spi: mt65xx: make sure operations completed before unloading
+ - platform/surface: aggregator: Allow completion work-items to be executed in
+ parallel
+ - platform/surface: aggregator_tabletsw: Add support for book mode in KIP
+ subsystem
+ - spi: qup: Request DMA before enabling clocks
+ - afs: Fix setting of mtime when creating a file/dir/symlink
+ - wifi: mt76: mt7615: fix possible race in mt7615_mac_sta_poll
+ - bpf, sockmap: Avoid potential NULL dereference in
+ sk_psock_verdict_data_ready()
+ - neighbour: fix unaligned access to pneigh_entry
+ - net: dsa: lan9303: allow vid != 0 in port_fdb_{add|del} methods
+ - net/ipv4: ping_group_range: allow GID from 2147483648 to 4294967294
+ - bpf: Fix UAF in task local storage
+ - bpf: Fix elem_size not being set for inner maps
+ - net/ipv6: fix bool/int mismatch for skip_notify_on_dev_down
+ - net/smc: Avoid to access invalid RMBs' MRs in SMCRv1 ADD LINK CONT
+ - net: enetc: correct the statistics of rx bytes
+ - net: enetc: correct rx_bytes statistics of XDP
+ - net/sched: fq_pie: ensure reasonable TCA_FQ_PIE_QUANTUM values
+ - Bluetooth: hci_sync: add lock to protect HCI_UNREGISTER
+ - Bluetooth: Fix l2cap_disconnect_req deadlock
+ - Bluetooth: ISO: don't try to remove CIG if there are bound CIS left
+ - Bluetooth: L2CAP: Add missing checks for invalid DCID
+ - wifi: mac80211: use correct iftype HE cap
+ - wifi: cfg80211: reject bad AP MLD address
+ - wifi: mac80211: mlme: fix non-inheritence element
+ - wifi: mac80211: don't translate beacon/presp addrs
+ - qed/qede: Fix scheduling while atomic
+ - wifi: cfg80211: fix locking in sched scan stop work
+ - selftests/bpf: Verify optval=NULL case
+ - selftests/bpf: Fix sockopt_sk selftest
+ - netfilter: nft_bitwise: fix register tracking
+ - netfilter: conntrack: fix NULL pointer dereference in nf_confirm_cthelper
+ - netfilter: ipset: Add schedule point in call_ad().
+ - netfilter: nf_tables: out-of-bound check in chain blob
+ - ipv6: rpl: Fix Route of Death.
+ - tcp: gso: really support BIG TCP
+ - rfs: annotate lockless accesses to sk->sk_rxhash
+ - rfs: annotate lockless accesses to RFS sock flow table
+ - net: sched: add rcu annotations around qdisc->qdisc_sleeping
+ - drm/i915/selftests: Add some missing error propagation
+ - net: sched: move rtm_tca_policy declaration to include file
+ - net: sched: act_police: fix sparse errors in tcf_police_dump()
+ - net: sched: fix possible refcount leak in tc_chain_tmplt_add()
+ - bpf: Add extra path pointer check to d_path helper
+ - drm/amdgpu: fix Null pointer dereference error in amdgpu_device_recover_vram
+ - lib: cpu_rmap: Fix potential use-after-free in irq_cpu_rmap_release()
+ - net: bcmgenet: Fix EEE implementation
+ - bnxt_en: Don't issue AP reset during ethtool's reset operation
+ - bnxt_en: Query default VLAN before VNIC setup on a VF
+ - bnxt_en: Skip firmware fatal error recovery if chip is not accessible
+ - bnxt_en: Prevent kernel panic when receiving unexpected PHC_UPDATE event
+ - bnxt_en: Implement .set_port / .unset_port UDP tunnel callbacks
+ - batman-adv: Broken sync while rescheduling delayed work
+ - Input: xpad - delete a Razer DeathAdder mouse VID/PID entry
+ - Input: psmouse - fix OOB access in Elantech protocol
+ - Input: fix open count when closing inhibited device
+ - ALSA: hda: Fix kctl->id initialization
+ - ALSA: ymfpci: Fix kctl->id initialization
+ - ALSA: gus: Fix kctl->id initialization
+ - ALSA: cmipci: Fix kctl->id initialization
+ - ALSA: hda/realtek: Add quirk for Clevo NS50AU
+ - ALSA: ice1712,ice1724: fix the kcontrol->id initialization
+ - ALSA: hda/realtek: Add a quirk for HP Slim Desktop S01
+ - ALSA: hda/realtek: Add quirks for Asus ROG 2024 laptops using CS35L41
+ - drm/i915/gt: Use the correct error value when kernel_context() fails
+ - drm/amdgpu: fix xclk freq on CHIP_STONEY
+ - drm/amdgpu: change reserved vram info print
+ - drm/amd/pm: Fix power context allocation in SMU13
+ - drm/amd/display: Reduce sdp bw after urgent to 90%
+ - wifi: iwlwifi: mvm: Fix -Warray-bounds bug in iwl_mvm_wait_d3_notif()
+ - can: j1939: j1939_sk_send_loop_abort(): improved error queue handling in
+ J1939 Socket
+ - can: j1939: change j1939_netdev_lock type to mutex
+ - can: j1939: avoid possible use-after-free when j1939_can_rx_register fails
+ - mptcp: only send RM_ADDR in nl_cmd_remove
+ - mptcp: add address into userspace pm list
+ - mptcp: update userspace pm infos
+ - selftests: mptcp: update userspace pm addr tests
+ - selftests: mptcp: update userspace pm subflow tests
+ - ceph: fix use-after-free bug for inodes when flushing capsnaps
+ - s390/dasd: Use correct lock while counting channel queue length
+ - Bluetooth: Fix use-after-free in hci_remove_ltk/hci_remove_irk
+ - Bluetooth: fix debugfs registration
+ - Bluetooth: hci_qca: fix debugfs registration
+ - tee: amdtee: Add return_origin to 'struct tee_cmd_load_ta'
+ - rbd: move RBD_OBJ_FLAG_COPYUP_ENABLED flag setting
+ - rbd: get snapshot context after exclusive lock is ensured to be held
+ - virtio_net: use control_buf for coalesce params
+ - soc: qcom: icc-bwmon: fix incorrect error code passed to dev_err_probe()
+ - pinctrl: meson-axg: add missing GPIOA_18 gpio group
+ - usb: usbfs: Enforce page requirements for mmap
+ - usb: usbfs: Use consistent mmap functions
+ - mm: page_table_check: Make it dependent on EXCLUSIVE_SYSTEM_RAM
+ - mm: page_table_check: Ensure user pages are not slab pages
+ - arm64: dts: qcom: sc8280xp: Flush RSC sleep & wake votes
+ - ARM: at91: pm: fix imbalanced reference counter for ethernet devices
+ - ARM: dts: at91: sama7g5ek: fix debounce delay property for shdwc
+ - ASoC: codecs: wsa883x: do not set can_multi_write flag
+ - ASoC: codecs: wsa881x: do not set can_multi_write flag
+ - arm64: dts: qcom: sc7180-lite: Fix SDRAM freq for misidentified sc7180-lite
+ boards
+ - arm64: dts: imx8qm-mek: correct GPIOs for USDHC2 CD and WP signals
+ - arm64: dts: imx8-ss-dma: assign default clock rate for lpuarts
+ - ASoC: mediatek: mt8195-afe-pcm: Convert to platform remove callback
+ returning void
+ - ASoC: mediatek: mt8195: fix use-after-free in driver remove path
+ - ASoC: simple-card-utils: fix PCM constraint error check
+ - blk-mq: fix blk_mq_hw_ctx active request accounting
+ - arm64: dts: imx8mn-beacon: Fix SPI CS pinmux
+ - i2c: mv64xxx: Fix reading invalid status value in atomic mode
+ - firmware: arm_ffa: Set handle field to zero in memory descriptor
+ - gpio: sim: fix memory corruption when adding named lines and unnamed hogs
+ - i2c: sprd: Delete i2c adapter in .remove's error path
+ - riscv: mm: Ensure prot of VM_WRITE and VM_EXEC must be readable
+ - eeprom: at24: also select REGMAP
+ - soundwire: stream: Add missing clear of alloc_slave_rt
+ - riscv: fix kprobe __user string arg print fault issue
+ - [Config] updateconfigs for ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE
+ - vduse: avoid empty string for dev name
+ - vhost: support PACKED when setting-getting vring_base
+ - vhost_vdpa: support PACKED when setting-getting vring_base
+ - ksmbd: fix out-of-bound read in deassemble_neg_contexts()
+ - ksmbd: fix out-of-bound read in parse_lease_state()
+ - ksmbd: check the validation of pdu_size in ksmbd_conn_handler_loop
+ - ext4: only check dquot_initialize_needed() when debugging
+ - wifi: rtw89: correct PS calculation for SUPPORTS_DYNAMIC_PS
+ - wifi: rtw88: correct PS calculation for SUPPORTS_DYNAMIC_PS
+ - Bluetooth: Split bt_iso_qos into dedicated structures
+ - Bluetooth: ISO: consider right CIS when removing CIG at cleanup
+ - Bluetooth: ISO: Fix CIG auto-allocation to select configurable CIG
+ - netfilter: nf_tables: Add null check for nla_nest_start_noflag() in
+ nft_dump_basechain_hook()
+ - drm/lima: fix sched context destroy
+ - net: openvswitch: fix upcall counter access before allocation
+ - bnxt_en: Fix bnxt_hwrm_update_rss_hash_cfg()
+ - Input: cyttsp5 - fix array length
+ - soc: qcom: rpmh-rsc: drop redundant unsigned >=0 comparision
+ - arm64: dts: qcom: sm6375-pdx225: Fix remoteproc firmware paths
+ - vdpa/mlx5: Fix hang when cvq commands are triggered during device unregister
+ - ksmbd: fix posix_acls and acls dereferencing possible ERR_PTR()
+ - Upstream stable to v6.1.34, v6.3.8
+
+ * CVE-2023-4273
+ - exfat: check if filename entries exceeds max filename length
+
+ * CVE-2023-4128
+ - net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-
+ free
+ - net/sched: cls_fw: No longer copy tcf_result on update to avoid use-after-
+ free
+ - net/sched: cls_route: No longer copy tcf_result on update to avoid use-
+ after-free
+
+ * CVE-2023-3212
+ - gfs2: Don't deref jdesc in evict
+
+ -- Stefan Bader <stefan.bader@canonical.com> Mon, 04 Sep 2023 11:20:15 +0200
linux (6.2.0-32.32) lunar; urgency=medium