Drop fips-checks script from trees
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Fix Released
|
Medium
|
Magali Lemes do Sacramento | ||
Focal |
Fix Released
|
Medium
|
Magali Lemes do Sacramento | ||
Jammy |
Fix Released
|
Medium
|
Magali Lemes do Sacramento | ||
Mantic |
Fix Released
|
Medium
|
Magali Lemes do Sacramento | ||
Noble |
Fix Released
|
Medium
|
Magali Lemes do Sacramento |
Bug Description
[Impact]
When producing a new version of some kernels, we need to check for changes that might affect FIPS certs and justify why a commit was kept. For that, we have a fips-checks script that lives under debian/ in Focal, Jammy, Mantic and Noble.
This script has been moved to `cranky`[1], so now there is no need to have this script in the kernel Git trees as well.
[Fix]
Remove the fips-checks script and its calls.
[Test Plan]
Prepare a kernel and ensure that the `cranky close` step runs without any errors.
[Where problems could occur]
This only affects the preparation of FIPS kernels and not the kernel final binary. Moreover, I've prepared some FIPS kernels from the 2024.03.04 cycle relying on `cranky check-fips` to ensure that
we have it working well on the cranky side too.
Changed in linux (Ubuntu Jammy): | |
assignee: | nobody → Magali Lemes do Sacramento (magalilemes) |
Changed in linux (Ubuntu Noble): | |
assignee: | nobody → Magali Lemes do Sacramento (magalilemes) |
Changed in linux (Ubuntu Jammy): | |
importance: | Undecided → Medium |
Changed in linux (Ubuntu Noble): | |
importance: | Undecided → Medium |
Changed in linux (Ubuntu Jammy): | |
status: | New → In Progress |
Changed in linux (Ubuntu Noble): | |
status: | New → In Progress |
summary: |
- Make fips-check script aware of commit reverts + Drop fips-check script from trees |
description: | updated |
Changed in linux (Ubuntu Focal): | |
status: | New → In Progress |
assignee: | nobody → Magali Lemes do Sacramento (magalilemes) |
Changed in linux (Ubuntu Mantic): | |
assignee: | nobody → Magali Lemes do Sacramento (magalilemes) |
status: | New → In Progress |
Changed in linux (Ubuntu Focal): | |
importance: | Undecided → Critical |
importance: | Critical → Medium |
Changed in linux (Ubuntu Mantic): | |
importance: | Undecided → Medium |
summary: |
- Drop fips-check script from trees + Drop fips-checks script from trees |
description: | updated |
Changed in linux (Ubuntu Mantic): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu Jammy): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu Focal): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu Noble): | |
status: | In Progress → Fix Committed |
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : | #1 |
tags: | added: kernel-spammed-focal-linux-v2 verification-needed-focal-linux |
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : | #2 |
This bug is awaiting verification that the linux/5.
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/
tags: | added: kernel-spammed-jammy-linux-v2 verification-needed-jammy-linux |
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : | #3 |
This bug is awaiting verification that the linux/6.5.0-33.33 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/
tags: | added: kernel-spammed-mantic-linux-v2 verification-needed-mantic-linux |
tags: |
added: verification-done-focal-linux verification-done-jammy-linux verification-done-mantic-linux removed: verification-needed-focal-linux verification-needed-jammy-linux verification-needed-mantic-linux |
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : | #4 |
This bug is awaiting verification that the linux-azure/
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/
tags: | added: kernel-spammed-mantic-linux-azure-v2 verification-needed-mantic-linux-azure |
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : | #5 |
This bug is awaiting verification that the linux-azure/
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/
tags: | added: kernel-spammed-jammy-linux-azure-v2 verification-needed-jammy-linux-azure |
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : | #6 |
This bug is awaiting verification that the linux-azure/
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/
tags: | added: kernel-spammed-focal-linux-azure-v2 verification-needed-focal-linux-azure |
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : | #7 |
This bug is awaiting verification that the linux/6.8.0-32.32 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/
tags: | added: kernel-spammed-noble-linux-v2 verification-needed-noble-linux |
Launchpad Janitor (janitor) wrote : | #8 |
This bug was fixed in the package linux - 5.4.0-181.201
---------------
linux (5.4.0-181.201) focal; urgency=medium
* focal/linux: 5.4.0-181.201 -proposed tracker (LP: #2059549)
* Packaging resync (LP: #1786013)
- [Packaging] drop getabis data
* Drop fips-checks script from trees (LP: #2055083)
- [Packaging] Remove fips-checks script
* Remove getabis scripts (LP: #2059143)
- [Packaging] Remove getabis
* Focal update: v5.4.269 upstream stable release (LP: #2058948)
- PCI: mediatek: Clear interrupt status before dispatching handler
- include/
- units: Add Watt units
- units: change from 'L' to 'UL'
- units: add the HZ macros
- serial: sc16is7xx: set safe default SPI clock frequency
- spi: introduce SPI_MODE_X_MASK macro
- serial: sc16is7xx: add check for unsupported SPI modes during probe
- ext4: allow for the last group to be marked as trimmed
- crypto: api - Disallow identical driver names
- PM: hibernate: Enforce ordering during image compression/
- hwrng: core - Fix page fault dead lock on mmap-ed hwrng
- rpmsg: virtio: Free driver_override when rpmsg_remove()
- parisc/firmware: Fix F-extend for PDC addresses
- arm64: dts: qcom: sdm845: fix USB wakeup interrupt types
- mmc: core: Use mrq.sbc in close-ended ffu
- nouveau/vmm: don't set addr on the fail path to avoid warning
- ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path
- rename(): fix the locking of subdirectories
- block: Remove special-casing of compound pages
- mtd: spinand: macronix: Fix MX35LFxGE4AD page size
- fs: add mode_strip_sgid() helper
- fs: move S_ISGID stripping into the vfs_*() helpers
- powerpc: Use always instead of always-y in for crtsavres.o
- x86/CPU/AMD: Fix disabling XSAVES on AMD family 0x17 due to erratum
- net/smc: fix illegal rmb_desc access in SMC-D connection dump
- vlan: skip nested type that is not IFLA_VLAN_
- llc: make llc_ui_sendmsg() more robust against bonding changes
- llc: Drop support for ETH_P_TR_802_2.
- net/rds: Fix UBSAN: array-index-
- tracing: Ensure visibility when inserting an element into tracing_map
- afs: Hide silly-rename files from userspace
- tcp: Add memory barrier to tcp_push()
- netlink: fix potential sleeping issue in mqueue_flush_file
- net/mlx5: DR, Use the right GVMI number for drop action
- net/mlx5: Use kfree(ft->g) in arfs_create_
- net/mlx5e: fix a double-free in arfs_create_groups
- netfilter: nf_tables: restrict anonymous set and map names to 16 bytes
- netfilter: nf_tables: validate NFPROTO_* family
- fjes: fix memleaks in fjes_hw_setup
- net: fec: fix the unhandled context fault from smmu
- btrfs: ref-verify: free ref cache before clearing mount opt
- btrfs: tree-checker: fix inline ref size in error messages
- btrfs: don't warn if discard range is not aligned to sector
- btrfs: defrag: reject unknown flags of btrfs_ioctl_
- rbd: don't move requests to the...
Changed in linux (Ubuntu Focal): | |
status: | Fix Committed → Fix Released |
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : | #9 |
This bug is awaiting verification that the linux-aws/
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/
tags: | added: kernel-spammed-focal-linux-aws-v2 verification-needed-focal-linux-aws |
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : | #10 |
This bug is awaiting verification that the linux-raspi/
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/
tags: | added: kernel-spammed-focal-linux-raspi-v2 verification-needed-focal-linux-raspi |
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : | #11 |
This bug is awaiting verification that the linux-fips/
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/
tags: | added: kernel-spammed-focal-linux-fips-v2 verification-needed-focal-linux-fips |
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : | #12 |
This bug is awaiting verification that the linux-gcp/
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/
tags: | added: kernel-spammed-focal-linux-gcp-v2 verification-needed-focal-linux-gcp |
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : | #13 |
This bug is awaiting verification that the linux-gkeop/
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/
tags: | added: kernel-spammed-focal-linux-gkeop-v2 verification-needed-focal-linux-gkeop |
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : | #14 |
This bug is awaiting verification that the linux-ibm/
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/
tags: | added: kernel-spammed-focal-linux-ibm-v2 verification-needed-focal-linux-ibm |
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : | #15 |
This bug is awaiting verification that the linux-iot/
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/
tags: | added: kernel-spammed-focal-linux-iot-v2 verification-needed-focal-linux-iot |
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : | #16 |
This bug is awaiting verification that the linux-kvm/
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/
tags: | added: kernel-spammed-focal-linux-kvm-v2 verification-needed-focal-linux-kvm |
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : | #17 |
This bug is awaiting verification that the linux-oracle/
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/
tags: | added: kernel-spammed-focal-linux-oracle-v2 verification-needed-focal-linux-oracle |
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : | #18 |
This bug is awaiting verification that the linux-xilinx-
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/
tags: | added: kernel-spammed-focal-linux-xilinx-zynqmp-v2 verification-needed-focal-linux-xilinx-zynqmp |
Launchpad Janitor (janitor) wrote : | #19 |
This bug was fixed in the package linux - 5.15.0-106.116
---------------
linux (5.15.0-106.116) jammy; urgency=medium
* jammy/linux: 5.15.0-106.116 -proposed tracker (LP: #2061812)
* CVE-2024-2201
- x86/bugs: Use sysfs_emit()
- KVM: x86: Update KVM-only leaf handling to allow for 100% KVM-only leafs
- KVM: x86: Advertise CPUID.(
- KVM: x86: Use a switch statement and macros in __feature_
- x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file
- x86/syscall: Don't force use of indirect calls for system calls
- x86/bhi: Add support for clearing branch history at syscall entry
- x86/bhi: Define SPEC_CTRL_BHI_DIS_S
- x86/bhi: Enumerate Branch History Injection (BHI) bug
- x86/bhi: Add BHI mitigation knob
- x86/bhi: Mitigate KVM by default
- KVM: x86: Add BHI_NO
- [Config] Set CONFIG_BHI to enabled (auto)
* Drop fips-checks script from trees (LP: #2055083)
- [Packaging] Remove fips-checks script
* alsa/realtek: adjust max output valume for headphone on 2 LG machines
(LP: #2058573)
- ALSA: hda/realtek: fix the hp playback volume issue for LG machines
* A general-proteciton exception during guest migration to unsupported PKRU
machine (LP: #2032164)
- x86/fpu: Allow caller to constrain xfeatures when copying to uabi buffer
- KVM: x86: Constrain guest-supported xfeatures only at KVM_GET_XSAVE{2}
* [ICX] [SPR] [ipc/msg] performance: Mitigate the lock contention with percpu
counter (LP: #2058485)
- ipc: check checkpoint_
- ipc/ipc_sysctl.c: remove fallback for !CONFIG_PROC_SYSCTL
- ipc: Store mqueue sysctls in the ipc namespace
- ipc: Store ipc sysctls in the ipc namespace
- ipc: Use the same namespace to modify and validate
- ipc: Remove extra1 field abuse to pass ipc namespace
- ipc: Check permissions for checkpoint_restart sysctls at open time
- percpu: add percpu_
- ipc/msg: mitigate the lock contention with percpu counter
* Jammy update: v5.15.149 upstream stable release (LP: #2059014)
- ksmbd: free ppace array on error in parse_dacl
- ksmbd: don't allow O_TRUNC open on read-only share
- ksmbd: validate mech token in session setup
- ksmbd: fix UAF issue in ksmbd_tcp_
- ksmbd: only v2 leases handle the directory
- iio: adc: ad7091r: Set alert bit in config register
- iio: adc: ad7091r: Allow users to configure device events
- iio: adc: ad7091r: Enable internal vref if external vref is not supplied
- dmaengine: fix NULL pointer in channel unregistration function
- scsi: ufs: core: Simplify power management during async scan
- scsi: ufs: core: Remove the ufshcd_hba_exit() call from ufshcd_async_scan()
- iio:adc:ad7091r: Move exports into IIO_AD7091R namespace.
- ext4: allow for the last group to be marked as trimmed
- btrfs: sysfs: validate scrub_speed_max value
- crypto: api - Disallow identical driver names
- PM: hibernate: Enforce ordering during image compression/
- hwrng...
Changed in linux (Ubuntu Jammy): | |
status: | Fix Committed → Fix Released |
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : | #20 |
This bug is awaiting verification that the linux-gke/
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/
tags: | added: kernel-spammed-jammy-linux-gke-v2 verification-needed-jammy-linux-gke |
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : | #21 |
This bug is awaiting verification that the linux-gcp/
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/
tags: | added: kernel-spammed-jammy-linux-gcp-v2 verification-needed-jammy-linux-gcp |
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : | #22 |
This bug is awaiting verification that the linux-ibm/
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/
tags: | added: kernel-spammed-jammy-linux-ibm-v2 verification-needed-jammy-linux-ibm |
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : | #23 |
This bug is awaiting verification that the linux-bluefield
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/
tags: | added: kernel-spammed-focal-linux-bluefield-v2 verification-needed-focal-linux-bluefield |
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : | #24 |
This bug is awaiting verification that the linux-aws/
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : | #25 |
This bug is awaiting verification that the linux-raspi/
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/
tags: | added: kernel-spammed-jammy-linux-aws-v2 verification-needed-jammy-linux-aws |
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : | #26 |
This bug is awaiting verification that the linux-intel-
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/
tags: | added: kernel-spammed-jammy-linux-intel-iotg-v2 verification-needed-jammy-linux-intel-iotg |
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : | #27 |
This bug is awaiting verification that the linux-raspi/
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/
tags: | added: kernel-spammed-jammy-linux-raspi-v2 verification-needed-jammy-linux-raspi |
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : | #28 |
This bug is awaiting verification that the linux-hwe-
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/
tags: | added: kernel-spammed-focal-linux-hwe-5.15-v2 verification-needed-focal-linux-hwe-5.15 |
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : | #29 |
This bug is awaiting verification that the linux-intel-
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/
tags: | added: kernel-spammed-focal-linux-intel-iotg-5.15-v2 verification-needed-focal-linux-intel-iotg-5.15 |
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : | #30 |
This bug is awaiting verification that the linux-bluefield
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/
tags: | added: kernel-spammed-jammy-linux-bluefield-v2 verification-needed-jammy-linux-bluefield |
Launchpad Janitor (janitor) wrote : | #31 |
This bug was fixed in the package linux - 6.8.0-35.35
---------------
linux (6.8.0-35.35) noble; urgency=medium
* noble/linux: 6.8.0-35.35 -proposed tracker (LP: #2065886)
* CVE-2024-21823
- VFIO: Add the SPR_DSA and SPR_IAX devices to the denylist
- dmaengine: idxd: add a new security check to deal with a hardware erratum
- dmaengine: idxd: add a write() method for applications to submit work
linux (6.8.0-34.34) noble; urgency=medium
* noble/linux: 6.8.0-34.34 -proposed tracker (LP: #2065167)
* Packaging resync (LP: #1786013)
- [Packaging] debian.
(
linux (6.8.0-32.32) noble; urgency=medium
* noble/linux: 6.8.0-32.32 -proposed tracker (LP: #2064344)
* Packaging resync (LP: #1786013)
- [Packaging] drop getabis data
- [Packaging] update variants
- [Packaging] update annotations scripts
- [Packaging] debian.
(
* Enable Nezha board (LP: #1975592)
- [Config] Enable CONFIG_
* Enable Nezha board (LP: #1975592) // Enable StarFive VisionFive 2 board
(LP: #2013232)
- [Config] Enable CONFIG_
* RISC-V kernel config is out of sync with other archs (LP: #1981437)
- [Config] Sync riscv64 config with other architectures
* obsolete out-of-tree ivsc dkms in favor of in-tree one (LP: #2061747)
- ACPI: scan: Defer enumeration of devices with a _DEP pointing to IVSC device
- Revert "mei: vsc: Call wake_up() in the threaded IRQ handler"
- mei: vsc: Unregister interrupt handler for system suspend
- media: ipu-bridge: Add ov01a10 in Dell XPS 9315
- SAUCE: media: ipu-bridge: Support more sensors
* Fix after-suspend-
- PCI/ASPM: Move pci_configure_ltr() to aspm.c
- PCI/ASPM: Always build aspm.c
- PCI/ASPM: Move pci_save_
- PCI/ASPM: Save L1 PM Substates Capability for suspend/resume
- PCI/ASPM: Call pci_save_
- PCI/ASPM: Disable L1 before configuring L1 Substates
- PCI/ASPM: Update save_state when configuration changes
* RTL8852BE fw security fail then lost WIFI function during suspend/resume
cycle (LP: #2063096)
- wifi: rtw89: download firmware with five times retry
* intel_rapl_common: Add support for ARL and LNL (LP: #2061953)
- powercap: intel_rapl: Add support for Lunar Lake-M paltform
- powercap: intel_rapl: Add support for Arrow Lake
* Kernel panic during checkbox stress_ng_test on Grace running noble 6.8
(arm64+
- aio: Fix null ptr deref in aio_complete() wakeup
* Avoid creating non-working backlight sysfs knob from ASUS board
(LP: #2060422)
- platform/x86: asus-wmi: Consider device is absent when the read is ~0
* Include cifs.ko in linux-modules package (LP: #2042546)
- [Packaging] Replace fs/cifs with fs/smb/client in inclusion list
* Add Real-time Linux Analysis tool (rtla) to linux-tools (LP: #2059080)
- SAUCE: rtla: fix deb build
...
Changed in linux (Ubuntu Noble): | |
status: | Fix Committed → Fix Released |
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : | #32 |
This bug is awaiting verification that the linux-gke/
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/
tags: | added: kernel-spammed-noble-linux-gke-v2 verification-needed-noble-linux-gke |
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : | #33 |
This bug is awaiting verification that the linux-azure/
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/
tags: | added: kernel-spammed-noble-linux-azure-v2 verification-needed-noble-linux-azure |
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : | #34 |
This bug is awaiting verification that the linux-gcp/
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/
tags: | added: kernel-spammed-noble-linux-gcp-v2 verification-needed-noble-linux-gcp |
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : | #35 |
This bug is awaiting verification that the linux-aws/
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/
tags: | added: kernel-spammed-noble-linux-aws-v2 verification-needed-noble-linux-aws |
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : | #36 |
This bug is awaiting verification that the linux-ibm/
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/
tags: | added: kernel-spammed-noble-linux-ibm-v2 verification-needed-noble-linux-ibm |
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : | #37 |
This bug is awaiting verification that the linux-intel/
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/
tags: | added: kernel-spammed-noble-linux-intel-v2 verification-needed-noble-linux-intel |
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : | #38 |
This bug is awaiting verification that the linux-nvidia/
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/
tags: | added: kernel-spammed-noble-linux-nvidia-v2 verification-needed-noble-linux-nvidia |
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : | #39 |
This bug is awaiting verification that the linux-oem-
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/
tags: | added: kernel-spammed-noble-linux-oem-6.8-v2 verification-needed-noble-linux-oem-6.8 |
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : | #40 |
This bug is awaiting verification that the linux-riscv/
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/
tags: | added: kernel-spammed-noble-linux-riscv-v2 verification-needed-noble-linux-riscv |
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : | #41 |
This bug is awaiting verification that the linux-raspi-
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/
tags: | added: kernel-spammed-noble-linux-raspi-realtime-v2 verification-needed-noble-linux-raspi-realtime |
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : | #42 |
This bug is awaiting verification that the linux-lowlatenc
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/
tags: | added: kernel-spammed-noble-linux-lowlatency-v2 verification-needed-noble-linux-lowlatency |
Launchpad Janitor (janitor) wrote : | #43 |
This bug was fixed in the package linux - 6.5.0-41.41
---------------
linux (6.5.0-41.41) mantic; urgency=medium
* mantic/linux: 6.5.0-41.41 -proposed tracker (LP: #2065893)
* CVE-2024-21823
- VFIO: Add the SPR_DSA and SPR_IAX devices to the denylist
- dmaengine: idxd: add a new security check to deal with a hardware erratum
- dmaengine: idxd: add a write() method for applications to submit work
linux (6.5.0-40.40) mantic; urgency=medium
* mantic/linux: 6.5.0-40.40 -proposed tracker (LP: #2063709)
* [Mantic] Compile broken on armhf (cc1 out of memory) (LP: #2060446)
- Revert "minmax: relax check to allow comparison between unsigned arguments
and signed constants"
- Revert "minmax: allow comparisons of 'int' against 'unsigned char/short'"
- Revert "minmax: allow min()/max()/clamp() if the arguments have the same
signedness."
- Revert "minmax: add umin(a, b) and umax(a, b)"
* Drop fips-checks script from trees (LP: #2055083)
- [Packaging] Remove fips-checks script
* alsa/realtek: adjust max output valume for headphone on 2 LG machines
(LP: #2058573)
- ALSA: hda/realtek: fix the hp playback volume issue for LG machines
* Mantic update: upstream stable patchset 2024-03-27 (LP: #2059284)
- asm-generic: make sparse happy with odd-sized put_unaligned_*()
- powerpc/mm: Fix null-pointer dereference in pgtable_cache_add
- arm64: irq: set the correct node for VMAP stack
- drivers/perf: pmuv3: don't expose SW_INCR event in sysfs
- powerpc: Fix build error due to is_valid_bugaddr()
- powerpc/mm: Fix build failures due to arch_reserved_
- powerpc/64s: Fix CONFIG_NUMA=n build due to create_
- x86/boot: Ignore NMIs during very early boot
- powerpc: pmd_move_
CONFIG_
- powerpc/lib: Validate size for vector operations
- x86/mce: Mark fatal MCE's page as poison to avoid panic in the kdump kernel
- perf/core: Fix narrow startup race when creating the perf nr_addr_filters
sysfs file
- debugobjects: Stop accessing objects after releasing hash bucket lock
- regulator: core: Only increment use_count when enable_count changes
- audit: Send netlink ACK before setting connection in auditd_set
- ACPI: video: Add quirk for the Colorful X15 AT 23 Laptop
- PNP: ACPI: fix fortify warning
- ACPI: extlog: fix NULL pointer dereference check
- ACPI: NUMA: Fix the logic of getting the fake_pxm value
- PM / devfreq: Synchronize devfreq_
- ACPI: APEI: set memory failure flags as MF_ACTION_REQUIRED on synchronous
events
- FS:JFS:
- jfs: fix array-index-
- pstore/ram: Fix crash when setting number of cpus to an odd number
- crypto: octeontx2 - Fix cptvf driver cleanup
- erofs: fix ztailpacking for subpage compressed blocks
- crypto: stm32/crc32 - fix parsing list of devices
- afs: fix the usage of read_seqbegin_
- afs: fix the usage of read_seqbegin_
Changed in linux (Ubuntu Mantic): | |
status: | Fix Committed → Fix Released |
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : | #44 |
This bug is awaiting verification that the linux-aws/
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/
tags: | added: kernel-spammed-mantic-linux-aws-v2 verification-needed-mantic-linux-aws |
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : | #45 |
This bug is awaiting verification that the linux-laptop/
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/
tags: | added: kernel-spammed-mantic-linux-laptop-v2 verification-needed-mantic-linux-laptop |
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : | #46 |
This bug is awaiting verification that the linux-oracle/
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/
tags: | added: kernel-spammed-mantic-linux-oracle-v2 verification-needed-mantic-linux-oracle |
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : | #47 |
This bug is awaiting verification that the linux-oem-
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/
tags: | added: kernel-spammed-jammy-linux-oem-6.5-v2 verification-needed-jammy-linux-oem-6.5 |
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : | #48 |
This bug is awaiting verification that the linux-hwe-
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/
tags: | added: kernel-spammed-jammy-linux-hwe-6.5-v2 verification-needed-jammy-linux-hwe-6.5 |
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : | #49 |
This bug is awaiting verification that the linux-nvidia-
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/
tags: | added: kernel-spammed-jammy-linux-nvidia-6.5-v2 verification-needed-jammy-linux-nvidia-6.5 |
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : | #50 |
This bug is awaiting verification that the linux-oracle/
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/
tags: | added: kernel-spammed-noble-linux-oracle-v2 verification-needed-noble-linux-oracle |
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : | #51 |
This bug is awaiting verification that the linux-ibm-
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/
tags: | added: kernel-spammed-noble-linux-ibm-gt-v2 verification-needed-noble-linux-ibm-gt |
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : | #52 |
This bug is awaiting verification that the linux-aws-
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/
tags: | added: kernel-spammed-jammy-linux-aws-6.5-v2 verification-needed-jammy-linux-aws-6.5 |
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : | #53 |
This bug is awaiting verification that the linux-oracle-
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/
tags: | added: kernel-spammed-jammy-linux-oracle-6.5-v2 verification-needed-jammy-linux-oracle-6.5 |
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : | #54 |
This bug is awaiting verification that the linux-nvidia-
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/
tags: | added: kernel-spammed-jammy-linux-nvidia-6.8-v2 verification-needed-jammy-linux-nvidia-6.8 |
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : | #55 |
This bug is awaiting verification that the linux-mtk/
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/
tags: | added: kernel-spammed-jammy-linux-mtk-v2 verification-needed-jammy-linux-mtk |
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : | #56 |
This bug is awaiting verification that the linux-lowlatenc
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/
tags: | added: kernel-spammed-jammy-linux-lowlatency-hwe-6.8-v2 verification-needed-jammy-linux-lowlatency-hwe-6.8 |
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : | #57 |
This bug is awaiting verification that the linux-nvidia-
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/
tags: | added: kernel-spammed-jammy-linux-nvidia-tegra-v2 verification-needed-jammy-linux-nvidia-tegra |
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : | #58 |
This bug is awaiting verification that the linux-nvidia-
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/
tags: | added: kernel-spammed-jammy-linux-nvidia-tegra-igx-v2 verification-needed-jammy-linux-nvidia-tegra-igx |
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : | #59 |
This bug is awaiting verification that the linux-fips/
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/
tags: | added: kernel-spammed-noble-linux-fips-v2 verification-needed-noble-linux-fips |
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : | #60 |
This bug is awaiting verification that the linux-nvidia-
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/
tags: | added: kernel-spammed-focal-linux-nvidia-tegra-5.15-v2 verification-needed-focal-linux-nvidia-tegra-5.15 |
Launchpad Janitor (janitor) wrote : | #61 |
This bug was fixed in the package linux - 6.11.0-7.7
---------------
linux (6.11.0-7.7) oracular; urgency=medium
* oracular/linux: 6.11.0-7.7 -proposed tracker (LP: #2079949)
* update apparmor and LSM stacking patch set (LP: #2028253)
- SAUCE: apparmor4.0.0 [1/99]: LSM: Infrastructure management of the sock
security
- SAUCE: apparmor4.0.0 [2/99]: LSM: Add the lsmblob data structure.
- SAUCE: apparmor4.0.0 [3/99]: LSM: Use lsmblob in security_
- SAUCE: apparmor4.0.0 [4/99]: LSM: Call only one hook for audit rules
- SAUCE: apparmor4.0.0 [5/99]: LSM: Add lsmblob_to_secctx hook
- SAUCE: apparmor4.0.0 [6/99]: Audit: maintain an lsmblob in audit_context
- SAUCE: apparmor4.0.0 [7/99]: LSM: Use lsmblob in security_
- SAUCE: apparmor4.0.0 [8/99]: Audit: Update shutdown LSM data
- SAUCE: apparmor4.0.0 [9/99]: LSM: Use lsmblob in security_
- SAUCE: apparmor4.0.0 [10/99]: LSM: Use lsmblob in security_
- SAUCE: apparmor4.0.0 [11/99]: Audit: use an lsmblob in audit_names
- SAUCE: apparmor4.0.0 [12/99]: LSM: Create new security_
hook
- SAUCE: apparmor4.0.0 [13/99]: Audit: Change context data from secid to
lsmblob
- SAUCE: apparmor4.0.0 [14/99]: Netlabel: Use lsmblob for audit data
- SAUCE: apparmor4.0.0 [15/99]: LSM: Ensure the correct LSM context releaser
- SAUCE: apparmor4.0.0 [16/99]: LSM: Use lsmcontext in
security_
- SAUCE: apparmor4.0.0 [17/99]: LSM: Use lsmcontext in
security_
- SAUCE: apparmor4.0.0 [18/99]: LSM: Use lsmcontext in
security_
- SAUCE: apparmor4.0.0 [19/99]: LSM: lsmcontext in
security_
- SAUCE: apparmor4.0.0 [20/99]: LSM: security_
selection
- SAUCE: apparmor4.0.0 [21/99]: Audit: Create audit_stamp structure
- SAUCE: apparmor4.0.0 [22/99]: Audit: Allow multiple records in an
audit_buffer
- SAUCE: apparmor4.0.0 [23/99]: Audit: Add record for multiple task security
contexts
- SAUCE: apparmor4.0.0 [24/99]: audit: multiple subject lsm values for
netlabel
- SAUCE: apparmor4.0.0 [25/99]: Audit: Add record for multiple object contexts
- SAUCE: apparmor4.0.0 [26/99]: LSM: Remove unused lsmcontext_init()
- SAUCE: apparmor4.0.0 [27/99]: LSM: Improve logic in security_
- SAUCE: apparmor4.0.0 [28/99]: LSM: secctx provider check on release
- SAUCE: apparmor4.0.0 [29/99]: LSM: Single calls in socket_getpeersec hooks
- SAUCE: apparmor4.0.0 [30/99]: LSM: Exclusive secmark usage
- SAUCE: apparmor4.0.0 [31/99]: LSM: Identify which LSM handles the context
string
- SAUCE: apparmor4.0.0 [32/99]: AppArmor: Remove the exclusive flag
- SAUCE: apparmor4.0.0 [33/99]: LSM: Add mount opts blob size tracking
- SAUCE: apparmor4.0.0 [34/99]: LSM: allocate mnt_opts blobs instead of module
specific data
- SAUCE: apparmor4.0.0 [35/99]: LSM: Infrastructure management of the key
security blob
- SAUCE: apparmor4.0.0 [36/99]: LSM: Infrastructure management of the mnt...
Changed in linux (Ubuntu): | |
status: | Fix Committed → Fix Released |
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : | #62 |
This bug is awaiting verification that the linux-nvidia-
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/
tags: | added: kernel-spammed-noble-linux-nvidia-tegra-v2 verification-needed-noble-linux-nvidia-tegra |
This bug is awaiting verification that the linux/5.4.0-181.201 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification- needed- focal-linux' to 'verification- done-focal- linux'. If the problem still exists, change the tag 'verification- needed- focal-linux' to 'verification- failed- focal-linux' .
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/ /wiki.ubuntu. com/Testing/ EnableProposed for documentation how to enable and use -proposed. Thank you!