← Back to team overview

group.of.nepali.translators team mailing list archive

[Bug 1951011] Re: linux-aws: Make a signed kernel

 

This bug was fixed in the package linux-aws - 4.15.0-1119.127

---------------
linux-aws (4.15.0-1119.127) bionic; urgency=medium

  * bionic/linux-aws: 4.15.0-1119.127 -proposed tracker (LP: #1955252)

  * linux-aws: Make a signed kernel (LP: #1951011)
    - [Packaging] aws: Enable signed kernel
    - [Packaging] aws: remove handoff check for uefi signing
    - [Packaging] aws: decompress gzipped efi images in signing tarball

  [ Ubuntu: 4.15.0-167.175 ]

  * bionic/linux: 4.15.0-167.175 -proposed tracker (LP: #1955276)
  * hisi_sas driver may oops in prep_ssp_v3_hw() (LP: #1953386)
    - scsi: hisi_sas: Fix to only call scsi_get_prot_op() for non-NULL scsi_cmnd
  * Bionic update: upstream stable patchset 2021-12-13 (LP: #1954703)
    - xhci: Fix USB 3.1 enumeration issues by increasing roothub power-on-good
      delay
    - binder: use euid from cred instead of using task
    - Input: elantench - fix misreporting trackpoint coordinates
    - Input: i8042 - Add quirk for Fujitsu Lifebook T725
    - libata: fix read log timeout value
    - ocfs2: fix data corruption on truncate
    - mmc: dw_mmc: Dont wait for DRTO on Write RSP error
    - parisc: Fix ptrace check on syscall return
    - tpm: Check for integer overflow in tpm2_map_response_body()
    - media: ite-cir: IR receiver stop working after receive overflow
    - ALSA: ua101: fix division by zero at probe
    - ALSA: 6fire: fix control and bulk message timeouts
    - ALSA: line6: fix control and interrupt message timeouts
    - ALSA: synth: missing check for possible NULL after the call to kstrdup
    - ALSA: timer: Fix use-after-free problem
    - ALSA: timer: Unconditionally unlink slave instances, too
    - x86/irq: Ensure PI wakeup handler is unregistered before module unload
    - cavium: Return negative value when pci_alloc_irq_vectors() fails
    - scsi: qla2xxx: Fix unmap of already freed sgl
    - cavium: Fix return values of the probe function
    - sfc: Don't use netif_info before net_device setup
    - hyperv/vmbus: include linux/bitops.h
    - mmc: winbond: don't build on M68K
    - bpf: Prevent increasing bpf_jit_limit above max
    - xen/netfront: stop tx queues during live migration
    - spi: spl022: fix Microwire full duplex mode
    - watchdog: Fix OMAP watchdog early handling
    - vmxnet3: do not stop tx queues after netif_device_detach()
    - btrfs: fix lost error handling when replaying directory deletes
    - hwmon: (pmbus/lm25066) Add offset coefficients
    - regulator: s5m8767: do not use reset value as DVS voltage if GPIO DVS is
      disabled
    - regulator: dt-bindings: samsung,s5m8767: correct s5m8767,pmic-buck-default-
      dvs-idx property
    - EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell
    - mwifiex: fix division by zero in fw download path
    - ath6kl: fix division by zero in send path
    - ath6kl: fix control-message timeout
    - ath10k: fix control-message timeout
    - ath10k: fix division by zero in send path
    - PCI: Mark Atheros QCA6174 to avoid bus reset
    - rtl8187: fix control-message timeouts
    - evm: mark evm_fixmode as __ro_after_init
    - wcn36xx: Fix HT40 capability for 2Ghz band
    - mwifiex: Read a PCI register after writing the TX ring write pointer
    - libata: fix checking of DMA state
    - wcn36xx: handle connection loss indication
    - RDMA/qedr: Fix NULL deref for query_qp on the GSI QP
    - signal: Remove the bogus sigkill_pending in ptrace_stop
    - signal/mips: Update (_save|_restore)_fp_context to fail with -EFAULT
    - power: supply: max17042_battery: Prevent int underflow in set_soc_threshold
    - power: supply: max17042_battery: use VFSOC for capacity when no rsns
    - powerpc/85xx: Fix oops when mpc85xx_smp_guts_ids node cannot be found
    - serial: core: Fix initializing and restoring termios speed
    - ALSA: mixer: oss: Fix racy access to slots
    - ALSA: mixer: fix deadlock in snd_mixer_oss_set_volume
    - xen/balloon: add late_initcall_sync() for initial ballooning done
    - PCI: aardvark: Do not clear status bits of masked interrupts
    - PCI: aardvark: Do not unmask unused interrupts
    - PCI: aardvark: Fix return value of MSI domain .alloc() method
    - PCI: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG
    - quota: check block number when reading the block in quota file
    - quota: correct error number in free_dqentry()
    - pinctrl: core: fix possible memory leak in pinctrl_enable()
    - iio: dac: ad5446: Fix ad5622_write() return value
    - USB: serial: keyspan: fix memleak on probe errors
    - USB: iowarrior: fix control-message timeouts
    - Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg()
    - Bluetooth: fix use-after-free error in lock_sock_nested()
    - platform/x86: wmi: do not fail if disabling fails
    - MIPS: lantiq: dma: add small delay after reset
    - MIPS: lantiq: dma: reset correct number of channel
    - locking/lockdep: Avoid RCU-induced noinstr fail
    - smackfs: Fix use-after-free in netlbl_catmap_walk()
    - x86: Increase exception stack sizes
    - mwifiex: Run SET_BSS_MODE when changing from P2P to STATION vif-type
    - mwifiex: Properly initialize private structure on interface type changes
    - media: mt9p031: Fix corrupted frame after restarting stream
    - media: netup_unidvb: handle interrupt properly according to the firmware
    - media: uvcvideo: Set capability in s_param
    - media: s5p-mfc: fix possible null-pointer dereference in s5p_mfc_probe()
    - media: s5p-mfc: Add checking to s5p_mfc_probe().
    - media: mceusb: return without resubmitting URB in case of -EPROTO error.
    - ia64: don't do IA64_CMPXCHG_DEBUG without CONFIG_PRINTK
    - ACPICA: Avoid evaluating methods too early during system resume
    - media: usb: dvd-usb: fix uninit-value bug in dibusb_read_eeprom_byte()
    - tracefs: Have tracefs directories not set OTH permission bits by default
    - ath: dfs_pattern_detector: Fix possible null-pointer dereference in
      channel_detector_create()
    - ACPI: battery: Accept charges over the design capacity as full
    - leaking_addresses: Always print a trailing newline
    - memstick: r592: Fix a UAF bug when removing the driver
    - lib/xz: Avoid overlapping memcpy() with invalid input with in-place
      decompression
    - lib/xz: Validate the value before assigning it to an enum variable
    - tracing/cfi: Fix cmp_entries_* functions signature mismatch
    - mwl8k: Fix use-after-free in mwl8k_fw_state_machine()
    - PM: hibernate: Get block device exclusively in swsusp_check()
    - iwlwifi: mvm: disable RX-diversity in powersave
    - smackfs: use __GFP_NOFAIL for smk_cipso_doi()
    - ARM: clang: Do not rely on lr register for stacktrace
    - gre/sit: Don't generate link-local addr if addr_gen_mode is
      IN6_ADDR_GEN_MODE_NONE
    - ARM: 9136/1: ARMv7-M uses BE-8, not BE-32
    - spi: bcm-qspi: Fix missing clk_disable_unprepare() on error in
      bcm_qspi_probe()
    - parisc: fix warning in flush_tlb_all
    - task_stack: Fix end_of_stack() for architectures with upwards-growing stack
    - parisc/kgdb: add kgdb_roundup() to make kgdb work with idle polling
    - cgroup: Make rebind_subsystems() disable v2 controllers all at once
    - media: dvb-usb: fix ununit-value in az6027_rc_query
    - media: mtk-vpu: Fix a resource leak in the error handling path of
      'mtk_vpu_probe()'
    - media: si470x: Avoid card name truncation
    - media: cx23885: Fix snd_card_free call on null card pointer
    - cpuidle: Fix kobject memory leaks in error paths
    - ath9k: Fix potential interrupt storm on queue reset
    - crypto: qat - detect PFVF collision after ACK
    - crypto: qat - disregard spurious PFVF interrupts
    - hwrng: mtk - Force runtime pm ops for sleep ops
    - b43legacy: fix a lower bounds test
    - b43: fix a lower bounds test
    - memstick: avoid out-of-range warning
    - memstick: jmb38x_ms: use appropriate free function in jmb38x_ms_alloc_host()
    - hwmon: Fix possible memleak in __hwmon_device_register()
    - ath10k: fix max antenna gain unit
    - drm/msm: uninitialized variable in msm_gem_import()
    - net: stream: don't purge sk_error_queue in sk_stream_kill_queues()
    - mmc: mxs-mmc: disable regulator on error and in the remove function
    - platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning
    - mwifiex: Send DELBA requests according to spec
    - phy: micrel: ksz8041nl: do not use power down mode
    - PM: hibernate: fix sparse warnings
    - smackfs: use netlbl_cfg_cipsov4_del() for deleting cipso_v4_doi
    - s390/gmap: don't unconditionally call pte_unmap_unlock() in __gmap_zap()
    - irq: mips: avoid nested irq_enter()
    - samples/kretprobes: Fix return value if register_kretprobe() failed
    - libertas_tf: Fix possible memory leak in probe and disconnect
    - libertas: Fix possible memory leak in probe and disconnect
    - net: amd-xgbe: Toggle PLL settings during rate change
    - net: phylink: avoid mvneta warning when setting pause parameters
    - crypto: pcrypt - Delay write to padata->info
    - ibmvnic: Process crqs after enabling interrupts
    - RDMA/rxe: Fix wrong port_cap_flags
    - ARM: s3c: irq-s3c24xx: Fix return value check for s3c24xx_init_intc()
    - ARM: dts: at91: tse850: the emac<->phy interface is rmii
    - scsi: dc395: Fix error case unwinding
    - MIPS: loongson64: make CPU_LOONGSON64 depends on MIPS_FP_SUPPORT
    - JFS: fix memleak in jfs_mount
    - ALSA: hda: Reduce udelay() at SKL+ position reporting
    - arm: dts: omap3-gta04a4: accelerometer irq fix
    - soc/tegra: Fix an error handling path in tegra_powergate_power_up()
    - memory: fsl_ifc: fix leak of irq and nand_irq in fsl_ifc_ctrl_probe
    - video: fbdev: chipsfb: use memset_io() instead of memset()
    - serial: 8250_dw: Drop wrong use of ACPI_PTR()
    - usb: gadget: hid: fix error code in do_config()
    - power: supply: rt5033_battery: Change voltage values to µV
    - scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn()
    - RDMA/mlx4: Return missed an error if device doesn't support steering
    - ASoC: cs42l42: Correct some register default values
    - ASoC: cs42l42: Defer probe if request_threaded_irq() returns EPROBE_DEFER
    - serial: xilinx_uartps: Fix race condition causing stuck TX
    - mips: cm: Convert to bitfield API to fix out-of-bounds access
    - power: supply: bq27xxx: Fix kernel crash on IRQ handler register error
    - apparmor: fix error check
    - rpmsg: Fix rpmsg_create_ept return when RPMSG config is not defined
    - pnfs/flexfiles: Fix misplaced barrier in nfs4_ff_layout_prepare_ds
    - drm/plane-helper: fix uninitialized variable reference
    - PCI: aardvark: Don't spam about PIO Response Status
    - NFS: Fix deadlocks in nfs_scan_commit_list()
    - fs: orangefs: fix error return code of orangefs_revalidate_lookup()
    - mtd: spi-nor: hisi-sfc: Remove excessive clk_disable_unprepare()
    - dmaengine: at_xdmac: fix AT_XDMAC_CC_PERID() macro
    - auxdisplay: img-ascii-lcd: Fix lock-up when displaying empty string
    - auxdisplay: ht16k33: Connect backlight to fbdev
    - auxdisplay: ht16k33: Fix frame buffer device blanking
    - netfilter: nfnetlink_queue: fix OOB when mac header was cleared
    - dmaengine: dmaengine_desc_callback_valid(): Check for `callback_result`
    - m68k: set a default value for MEMORY_RESERVE
    - watchdog: f71808e_wdt: fix inaccurate report in WDIOC_GETTIMEOUT
    - ar7: fix kernel builds for compiler test
    - scsi: qla2xxx: Turn off target reset during issue_lip
    - i2c: xlr: Fix a resource leak in the error handling path of
      'xlr_i2c_probe()'
    - xen-pciback: Fix return in pm_ctrl_init()
    - net: davinci_emac: Fix interrupt pacing disable
    - ACPI: PMIC: Fix intel_pmic_regs_handler() read accesses
    - bonding: Fix a use-after-free problem when bond_sysfs_slave_add() failed
    - mm/zsmalloc.c: close race window between zs_pool_dec_isolated() and
      zs_unregister_migration()
    - llc: fix out-of-bound array index in llc_sk_dev_hash()
    - nfc: pn533: Fix double free when pn533_fill_fragment_skbs() fails
    - vsock: prevent unnecessary refcnt inc for nonblocking connect
    - USB: chipidea: fix interrupt deadlock
    - ARM: 9155/1: fix early early_iounmap()
    - ARM: 9156/1: drop cc-option fallbacks for architecture selection
    - powerpc/lib: Add helper to check if offset is within conditional branch
      range
    - powerpc/bpf: Validate branch ranges
    - powerpc/bpf: Fix BPF_SUB when imm == 0x80000000
    - mm, oom: pagefault_out_of_memory: don't force global OOM for dying tasks
    - mm, oom: do not trigger out_of_memory from the #PF
    - s390/cio: check the subchannel validity for dev_busid
    - PCI: Add PCI_EXP_DEVCTL_PAYLOAD_* macros
    - ext4: fix lazy initialization next schedule time computation in more
      granular unit
    - tracing: Resize tgid_map to pid_max, not PID_MAX_DEFAULT
    - parisc/entry: fix trace test in syscall exit path
    - PCI/MSI: Destroy sysfs before freeing entries
    - arm64: zynqmp: Fix serial compatible string
    - scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq()
    - usb: musb: tusb6010: check return value after calling
      platform_get_resource()
    - scsi: advansys: Fix kernel pointer leak
    - ARM: dts: omap: fix gpmc,mux-add-data type
    - usb: host: ohci-tmio: check return value after calling
      platform_get_resource()
    - tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc
    - MIPS: sni: Fix the build
    - scsi: target: Fix ordered tag handling
    - scsi: target: Fix alua_tg_pt_gps_count tracking
    - powerpc/5200: dts: fix memory node unit name
    - ALSA: gus: fix null pointer dereference on pointer block
    - powerpc/dcr: Use cmplwi instead of 3-argument cmpli
    - sh: check return code of request_irq
    - maple: fix wrong return value of maple_bus_init().
    - sh: fix kconfig unmet dependency warning for FRAME_POINTER
    - sh: define __BIG_ENDIAN for math-emu
    - mips: BCM63XX: ensure that CPU_SUPPORTS_32BIT_KERNEL is set
    - sched/core: Mitigate race cpus_share_cache()/update_top_cache_domain()
    - net: bnx2x: fix variable dereferenced before check
    - iavf: Fix for the false positive ASQ/ARQ errors while issuing VF reset
    - MIPS: generic/yamon-dt: fix uninitialized variable error
    - mips: bcm63xx: add support for clk_get_parent()
    - mips: lantiq: add support for clk_get_parent()
    - platform/x86: hp_accel: Fix an error handling path in 'lis3lv02d_probe()'
    - net: virtio_net_hdr_to_skb: count transport header in UFO
    - i40e: Fix NULL ptr dereference on VSI filter sync
    - NFC: reorganize the functions in nci_request
    - NFC: reorder the logic in nfc_{un,}register_device
    - perf/x86/intel/uncore: Fix filter_tid mask for CHA events on Skylake Server
    - perf/x86/intel/uncore: Fix IIO event constraints for Skylake Server
    - tun: fix bonding active backup with arp monitoring
    - hexagon: export raw I/O routines for modules
    - mm: kmemleak: slob: respect SLAB_NOLEAKTRACE flag
    - btrfs: fix memory ordering between normal and ordered work functions
    - parisc/sticon: fix reverse colors
    - cfg80211: call cfg80211_stop_ap when switch from P2P_GO type
    - drm/udl: fix control-message timeout
    - drm/amdgpu: fix set scaling mode Full/Full aspect/Center not works on vga
      and dvi connectors
    - perf/core: Avoid put_page() when GUP fails
    - batman-adv: mcast: fix duplicate mcast packets in BLA backbone from LAN
    - batman-adv: Consider fragmentation for needed_headroom
    - batman-adv: Reserve needed_*room for fragments
    - batman-adv: Don't always reallocate the fragmentation skb head
    - RDMA/netlink: Add __maybe_unused to static inline in C file
    - ASoC: DAPM: Cover regression by kctl change notification fix
    - usb: max-3421: Use driver data instead of maintaining a list of bound
      devices
    - soc/tegra: pmc: Fix imbalanced clock disabling in error code path
    - crypto: s5p-sss - Add error handling in s5p_aes_probe()
    - ia64: kprobes: Fix to pass correct trampoline address to the handler
    - rsi: fix key enabled check causing unwanted encryption for vap_id > 0
    - rsi: fix rate mask set leading to P2P failure
    - mmc: sdhci-omap: Fix NULL pointer exception if regulator is not configured
    - tcp: don't free a FIN sk_buff in tcp_remove_empty_skb()
    - wcn36xx: add proper DMA memory barriers in rx path
    - s390/tape: fix timer initialization in tape_std_assign()
    - fuse: truncate pagecache on atomic_o_trunc
    - f2fs: fix up f2fs_lookup tracepoints
    - iavf: check for null in iavf_fix_features
    - i40e: Fix correct max_pkt_size on VF RX queue
    - i40e: Fix changing previously set num_queue_pairs for PFs
    - i40e: Fix display error code in dmesg
  * Bionic update: upstream stable patchset 2021-12-03 (LP: #1953202)
    - ARM: 9133/1: mm: proc-macros: ensure *_tlb_fns are 4B aligned
    - ARM: 9134/1: remove duplicate memcpy() definition
    - ARM: 9139/1: kprobes: fix arch_init_kprobes() prototype
    - ARM: 8819/1: Remove '-p' from LDFLAGS
    - usbnet: sanity check for maxpacket
    - usbnet: fix error return code in usbnet_probe()
    - ata: sata_mv: Fix the error handling of mv_chip_id()
    - nfc: port100: fix using -ERRNO as command type mask
    - ipv4: use siphash instead of Jenkins in fnhe_hashfun()
    - mmc: vub300: fix control-message timeouts
    - mmc: dw_mmc: exynos: fix the finding clock sample value
    - mmc: sdhci: Map more voltage level to SDHCI_POWER_330
    - mmc: sdhci-esdhc-imx: clear the buffer_read_ready to reset standard tuning
      circuit
    - net: lan78xx: fix division by zero in send path
    - regmap: Fix possible double-free in regcache_rbtree_exit()
    - net: batman-adv: fix error handling
    - nios2: Make NIOS2_DTB_SOURCE_BOOL depend on !COMPILE_TEST
    - net: nxp: lpc_eth.c: avoid hang when bringing interface down
    - sctp: use init_tag from inithdr for ABORT chunk
    - sctp: fix the processing for COOKIE_ECHO chunk
    - sctp: add vtag check in sctp_sf_violation
    - sctp: add vtag check in sctp_sf_do_8_5_1_E_sa
    - sctp: add vtag check in sctp_sf_ootb
    - ARM: 9141/1: only warn about XIP address when not compile testing
    - arm64: Avoid premature usercopy failure
    - ipv6: use siphash in rt6_exception_hash()
    - ipv6: make exception cache less predictible
    - arm64: dts: allwinner: h5: NanoPI Neo 2: Fix ethernet node
    - scsi: core: Put LLD module refcnt after SCSI device is released
    - media: firewire: firedtv-avc: fix a buffer overflow in avc_ca_pmt()
    - sfc: Fix reading non-legacy supported link modes
    - ARM: 9120/1: Revert "amba: make use of -1 IRQs warn"
    - mm/zsmalloc: Prepare to variable MAX_PHYSMEM_BITS
    - arch: pgtable: define MAX_POSSIBLE_PHYSMEM_BITS where needed
    - block: introduce multi-page bvec helpers
    - Revert "x86/kvm: fix vcpu-id indexed array sizes"
    - usb: gadget: Mark USB_FSL_QE broken on 64-bit
    - usb: musb: Balance list entry in musb_gadget_queue
    - usb-storage: Add compatibility quirk flags for iODD 2531/2541
    - printk/console: Allow to disable console output by using console="" or
      console=null
    - isofs: Fix out of bound access for corrupted isofs image
    - comedi: dt9812: fix DMA buffers on stack
    - comedi: ni_usb6501: fix NULL-deref in command paths
    - comedi: vmk80xx: fix transfer-buffer overflows
    - comedi: vmk80xx: fix bulk-buffer overflow
    - comedi: vmk80xx: fix bulk and interrupt message timeouts
    - staging: r8712u: fix control-message timeout
    - staging: rtl8192u: fix control-message timeouts
    - rsi: fix control-message timeout
    - usb: ehci: handshake CMD_RUN instead of STS_HALT

 -- Ian May <ian.may@xxxxxxxxxxxxx>  Tue, 18 Jan 2022 16:09:28 -0600

** Changed in: linux-aws (Ubuntu Bionic)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1951011

Title:
  linux-aws: Make a signed kernel

Status in linux-aws package in Ubuntu:
  New
Status in linux-aws-5.11 package in Ubuntu:
  Invalid
Status in linux-aws-5.13 package in Ubuntu:
  Invalid
Status in linux-aws-hwe package in Ubuntu:
  Invalid
Status in linux-aws source package in Xenial:
  Invalid
Status in linux-aws-5.11 source package in Xenial:
  Invalid
Status in linux-aws-5.13 source package in Xenial:
  Invalid
Status in linux-aws-hwe source package in Xenial:
  Fix Committed
Status in linux-aws source package in Bionic:
  Fix Released
Status in linux-aws-5.11 source package in Bionic:
  Invalid
Status in linux-aws-5.13 source package in Bionic:
  Invalid
Status in linux-aws-hwe source package in Bionic:
  Invalid
Status in linux-aws source package in Focal:
  Fix Released
Status in linux-aws-5.11 source package in Focal:
  Fix Committed
Status in linux-aws-5.13 source package in Focal:
  Fix Released
Status in linux-aws-hwe source package in Focal:
  Invalid
Status in linux-aws source package in Hirsute:
  Won't Fix
Status in linux-aws-5.11 source package in Hirsute:
  Invalid
Status in linux-aws-5.13 source package in Hirsute:
  Invalid
Status in linux-aws-hwe source package in Hirsute:
  Invalid
Status in linux-aws source package in Impish:
  In Progress
Status in linux-aws-5.11 source package in Impish:
  Invalid
Status in linux-aws-5.13 source package in Impish:
  Invalid
Status in linux-aws-hwe source package in Impish:
  Invalid

Bug description:
  SRU Justification

  [Impact]

  Ubuntu AWS kernels on secure boot instances will not load.

  [Fix]

  Generate signed kernels and packages

  [Test Plan]

  Boot in a secure boot (UEFI) environment.

  [Where things could go wrong]

  This is a new packaging feature.

  [Other Info]

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-aws/+bug/1951011/+subscriptions