-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 07 Aug 2023 23:01:57 +0200 Source: linux Binary: linux-doc linux-doc-6.1 linux-headers-6.1.0-11-common linux-headers-6.1.0-11-common-rt linux-source linux-source-6.1 linux-support-6.1.0-11 Architecture: all Version: 6.1.38-3 Distribution: bookworm-security Urgency: high Maintainer: all / amd64 / i386 Build Daemon (x86-conova-01) Changed-By: Salvatore Bonaccorso Description: linux-doc - Linux kernel specific documentation (meta-package) linux-doc-6.1 - Linux kernel specific documentation for version 6.1 linux-headers-6.1.0-11-common - Common header files for Linux 6.1.0-11 linux-headers-6.1.0-11-common-rt - Common header files for Linux 6.1.0-11-rt linux-source - Linux kernel source (meta-package) linux-source-6.1 - Linux kernel source for version 6.1 with Debian patches linux-support-6.1.0-11 - Support files for Linux 6.1 Changes: linux (6.1.38-3) bookworm-security; urgency=high . [ Salvatore Bonaccorso ] * [x86] Add mitigations for Gather Data Sampling (GDS) (CVE-2022-40982) - init: Provide arch_cpu_finalize_init() - x86/cpu: Switch to arch_cpu_finalize_init() - ARM: cpu: Switch to arch_cpu_finalize_init() - ia64/cpu: Switch to arch_cpu_finalize_init() - loongarch/cpu: Switch to arch_cpu_finalize_init() - m68k/cpu: Switch to arch_cpu_finalize_init() - mips/cpu: Switch to arch_cpu_finalize_init() - sh/cpu: Switch to arch_cpu_finalize_init() - sparc/cpu: Switch to arch_cpu_finalize_init() - um/cpu: Switch to arch_cpu_finalize_init() - init: Remove check_bugs() leftovers - init: Invoke arch_cpu_finalize_init() earlier - init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init() - x86/init: Initialize signal frame size late - x86/fpu: Remove cpuinfo argument from init functions - x86/fpu: Mark init functions __init - x86/fpu: Move FPU initialization into arch_cpu_finalize_init() - x86/speculation: Add Gather Data Sampling mitigation - x86/speculation: Add force option to GDS mitigation - x86/speculation: Add Kconfig option for GDS - KVM: Add GDS_NO support to KVM - x86/mem_encrypt: Unbreak the AMD_MEM_ENCRYPT=n build - x86/xen: Fix secondary processors' FPU initialization - x86/mm: fix poking_init() for Xen PV guests - x86/mm: Use mm_alloc() in poking_init() - mm: Move mm_cachep initialization to mm_init() - x86/mm: Initialize text poking earlier - Documentation/x86: Fix backwards on/off logic about YMM support * [x86] Add a Speculative RAS Overflow (SRSO) mitigation (CVE-2023-20569) - x86/bugs: Increase the x86 bugs vector size to two u32s - x86/srso: Add a Speculative RAS Overflow mitigation - x86/srso: Add IBPB_BRTYPE support - x86/srso: Add SRSO_NO support - x86/srso: Add IBPB - x86/srso: Add IBPB on VMEXIT - x86/srso: Fix return thunks in generated code - x86/srso: Add a forgotten NOENDBR annotation * Bump ABI to 11 . [ Ben Hutchings ] * [x86] Add missing pieces of SRSO mitigation: - x86/cpu, kvm: Add support for CPUID_80000021_EAX - x86/srso: Tie SBPB bit setting to microcode patch detection Checksums-Sha1: 752f400e92956751d942b802e4907f02fb23daae 36665448 linux-doc-6.1_6.1.38-3_all.deb 40c86caa268285c165bb1fba7c945b12d82ed970 1104 linux-doc_6.1.38-3_all.deb a2499338a083a377a88c3071817f8bf58778cd76 8172392 linux-headers-6.1.0-11-common-rt_6.1.38-3_all.deb 4290fb9b9a75ebef2af9c804aad7bbacd43ba8e9 9819908 linux-headers-6.1.0-11-common_6.1.38-3_all.deb 0324c05544d2ae2546667092a8628fd6098af2b6 138018356 linux-source-6.1_6.1.38-3_all.deb c472aefa129ee1c5b01ec54e7326febb644007dc 1092 linux-source_6.1.38-3_all.deb cf51a23b84391c2567942eaab538b83f08781608 715656 linux-support-6.1.0-11_6.1.38-3_all.deb d9c305a87623c64aeca90bb4a6b0c30098abd3aa 12946 linux_6.1.38-3_all-buildd.buildinfo Checksums-Sha256: 79b1a8b0c9e0f2e159cba4d31829869b2198c1bde3f4a0419cd0f702e121ab98 36665448 linux-doc-6.1_6.1.38-3_all.deb 51a93bddef48d0def75516e519e07a792f38765e08ef1e21126049dc8e8e4020 1104 linux-doc_6.1.38-3_all.deb 11270529ba76be73bc4fc2391447629ee255330d3d6dfccf7f8eefbaa33fdf8c 8172392 linux-headers-6.1.0-11-common-rt_6.1.38-3_all.deb 9181439f80f953927689406aef698206440d337eff95c5b2eeee11cbf1541599 9819908 linux-headers-6.1.0-11-common_6.1.38-3_all.deb f813626c0d76f1148859ab366aa08f9e0f0304720f5f49eca7cd7a8ea2750dbd 138018356 linux-source-6.1_6.1.38-3_all.deb e6cf60f3f078afd41942c99420e512e434ecd1947c59054379211f34110a96d4 1092 linux-source_6.1.38-3_all.deb ed9f77e1613766b0bd717562245ae2311b8f74bd21887d60ef85ac13cf89216d 715656 linux-support-6.1.0-11_6.1.38-3_all.deb 4568d1b322123c3eb0d5f53e267d66c2a51dd1e1e3fc14ae9e379a94a8bc1fe2 12946 linux_6.1.38-3_all-buildd.buildinfo Files: ed6531cf93f83eaccc71476534ec0657 36665448 doc optional linux-doc-6.1_6.1.38-3_all.deb 715557b2e9f7f0b4953535e85d44c0ec 1104 doc optional linux-doc_6.1.38-3_all.deb 0a608530b279a9aa1440d430e41667ff 8172392 kernel optional linux-headers-6.1.0-11-common-rt_6.1.38-3_all.deb 18e863d37037a6c9749c9950e785c59a 9819908 kernel optional linux-headers-6.1.0-11-common_6.1.38-3_all.deb 69fbcf6586d8b59291565afd7da708dc 138018356 kernel optional linux-source-6.1_6.1.38-3_all.deb a00ea295d2e83d51a4d35d46478d7190 1092 kernel optional linux-source_6.1.38-3_all.deb 3bee86a12e944fd62f8140369c4fa6f7 715656 devel optional linux-support-6.1.0-11_6.1.38-3_all.deb f3d1e3c4a47440a27dc359abc4ee359b 12946 kernel optional linux_6.1.38-3_all-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEi/TVpVg0yb7dq8QfDZWW6X29YdoFAmTSCmQACgkQDZWW6X29 Ydoaow/9HE9r5eCgC2V9rdUvLOYnLerE0vRpgnGGcvm8iyUuoon3yycHgscgnLzv QCaBfqyRdOukmo32rA1ZFl0gPxuycZ6MlKOZ74bn2evXqtKqCdpWHF7QxXEIdsZN HnsbfGSbUTSNIIDNDO/kQFiYJV9ZfhFc79ok5DnfXkOWbTDyDr1PLE5QnpUeOffq LpnQ4JCtLgncb1OtwX9Vq3nszdmRSbgl6WlTmIW4EhvZWTHH2uNYPWjVPVwMJ7rZ XlVDJCEjqL0rKLfluBd/P+zm/WY3So86NYdLOUYLChBSDc+erFN5BH+BmWSLVCAr nX8X7dmxn1wTH6/aPF4ZwbGxk/FyG397s3YSqFh7VLLq2BDZ7MeChriYsoJmblgg nQb7xwH6PT208KqC63KIpZl9SPh7ZWbF0WYXFJD8TqU8OPIYGd89NThGaf24PPeT 9w+EKXITLY9JnnniP0mX327hzZKsp8UMmFj1IbXyxc+g+vzdDCRKc5Y/Not+Ptwt GHDa8ntcovawcjUiJF9zs+xPfnmESXSUwIT0ICn+GlprP410vwBqoeJdat4Rc0FD XgblF4bMVp8YXZoXJVCu0WL/dl5+WTfSacJA40/gZhw4zQseT2Y6+EI0wNYy/5se R9LOMGdvnh0VR+/TtLit3/Plzu7Kah3VgdRnkgZlimQtcD1ByW8= =Fd0k -----END PGP SIGNATURE-----