← Back to team overview

group.of.nepali.translators team mailing list archive

[Bug 1951011] Re: linux-aws: Make a signed kernel

 

This bug was fixed in the package linux-aws - 5.13.0-1014.15

---------------
linux-aws (5.13.0-1014.15) impish; urgency=medium

  * impish/linux-aws: 5.13.0-1014.15 -proposed tracker (LP: #1960525)

  * linux-aws: Make a signed kernel (LP: #1951011)
    - [Packaging] aws: Make a signed kernel

linux-aws (5.13.0-1013.14) impish; urgency=medium

  * impish/linux-aws: 5.13.0-1013.14 -proposed tracker (LP: #1960042)

  * tcm_loop requires '-extras' for EKS optimised AMIs (LP: #1959593)
    - [Packaging] aws: Include tcm_loop.ko

  [ Ubuntu: 5.13.0-30.33 ]

  * impish/linux: 5.13.0-30.33 -proposed tracker (LP: #1960055)
  * systemd/248.3-1ubuntu8.2 ADT test failure with linux/5.13.0-29.32
    (LP: #1960034)
    - Revert "block: avoid to quiesce queue in elevator_init_mq"
    - Revert "blk-mq: cancel blk-mq dispatch work in both blk_cleanup_queue and
      disk_release()"

  [ Ubuntu: 5.13.0-29.32 ]

  * impish/linux: 5.13.0-29.32 -proposed tracker (LP: #1959238)
  * Packaging resync (LP: #1786013)
    - debian/dkms-versions -- update from kernel-versions (main/2022.01.31)
  * CVE-2022-22942
    - SAUCE: drm/vmwgfx: Fix stale file descriptors on failed usercopy
  * CVE-2022-0330
    - drm/i915: Flush TLBs before releasing backing store
  * Impish update: upstream stable patchset 2022-01-05 (LP: #1956508)
    - ACPI: Get acpi_device's parent from the parent field
    - USB: serial: option: add Telit LE910S1 0x9200 composition
    - USB: serial: option: add Fibocom FM101-GL variants
    - usb: dwc2: gadget: Fix ISOC flow for elapsed frames
    - usb: dwc2: hcd_queue: Fix use of floating point literal
    - usb: dwc3: gadget: Ignore NoStream after End Transfer
    - usb: dwc3: gadget: Check for L1/L2/U3 for Start Transfer
    - usb: dwc3: gadget: Fix null pointer exception
    - net: nexthop: fix null pointer dereference when IPv6 is not enabled
    - usb: chipidea: ci_hdrc_imx: fix potential error pointer dereference in probe
    - usb: typec: fusb302: Fix masking of comparator and bc_lvl interrupts
    - usb: hub: Fix usb enumeration issue due to address0 race
    - usb: hub: Fix locking issues with address0_mutex
    - binder: fix test regression due to sender_euid change
    - ALSA: ctxfi: Fix out-of-range access
    - ALSA: hda/realtek: Add quirk for ASRock NUC Box 1100
    - ALSA: hda/realtek: Fix LED on HP ProBook 435 G7
    - media: cec: copy sequence field for the reply
    - Revert "parisc: Fix backtrace to always include init funtion names"
    - HID: wacom: Use "Confidence" flag to prevent reporting invalid contacts
    - staging/fbtft: Fix backlight
    - staging: greybus: Add missing rwsem around snd_ctl_remove() calls
    - staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect()
    - fuse: release pipe buf after last use
    - xen: don't continue xenstore initialization in case of errors
    - xen: detect uninitialized xenbus in xenbus_init
    - KVM: PPC: Book3S HV: Prevent POWER7/8 TLB flush flushing SLB
    - tracing/uprobe: Fix uprobe_perf_open probes iteration
    - tracing: Fix pid filtering when triggers are attached
    - mmc: sdhci-esdhc-imx: disable CMDQ support
    - mmc: sdhci: Fix ADMA for PAGE_SIZE >= 64KiB
    - mdio: aspeed: Fix "Link is Down" issue
    - powerpc/32: Fix hardlockup on vmap stack overflow
    - PCI: aardvark: Deduplicate code in advk_pcie_rd_conf()
    - PCI: aardvark: Implement re-issuing config requests on CRS response
    - PCI: aardvark: Simplify initialization of rootcap on virtual bridge
    - PCI: aardvark: Fix link training
    - proc/vmcore: fix clearing user buffer by properly using clear_user()
    - netfilter: ctnetlink: fix filtering with CTA_TUPLE_REPLY
    - netfilter: ctnetlink: do not erase error code with EINVAL
    - netfilter: ipvs: Fix reuse connection if RS weight is 0
    - netfilter: flowtable: fix IPv6 tunnel addr match
    - ARM: dts: BCM5301X: Fix I2C controller interrupt
    - ARM: dts: BCM5301X: Add interrupt properties to GPIO node
    - ARM: dts: bcm2711: Fix PCIe interrupts
    - ASoC: qdsp6: q6routing: Conditionally reset FrontEnd Mixer
    - ASoC: qdsp6: q6asm: fix q6asm_dai_prepare error handling
    - ASoC: topology: Add missing rwsem around snd_ctl_remove() calls
    - ASoC: codecs: wcd934x: return error code correctly from hw_params
    - net: ieee802154: handle iftypes as u32
    - firmware: arm_scmi: pm: Propagate return value to caller
    - NFSv42: Don't fail clone() unless the OP_CLONE operation failed
    - ARM: socfpga: Fix crash with CONFIG_FORTIRY_SOURCE
    - drm/nouveau/acr: fix a couple NULL vs IS_ERR() checks
    - scsi: mpt3sas: Fix kernel panic during drive powercycle test
    - drm/vc4: fix error code in vc4_create_object()
    - net: marvell: prestera: fix double free issue on err path
    - iavf: Prevent changing static ITR values if adaptive moderation is on
    - ALSA: intel-dsp-config: add quirk for JSL devices based on ES8336 codec
    - mptcp: fix delack timer
    - firmware: smccc: Fix check for ARCH_SOC_ID not implemented
    - ipv6: fix typos in __ip6_finish_output()
    - nfp: checking parameter process for rx-usecs/tx-usecs is invalid
    - net: stmmac: retain PTP clock time during SIOCSHWTSTAMP ioctls
    - net: ipv6: add fib6_nh_release_dsts stub
    - net: nexthop: release IPv6 per-cpu dsts when replacing a nexthop group
    - ice: fix vsi->txq_map sizing
    - ice: avoid bpf_prog refcount underflow
    - scsi: core: sysfs: Fix setting device state to SDEV_RUNNING
    - scsi: scsi_debug: Zero clear zones at reset write pointer
    - erofs: fix deadlock when shrink erofs slab
    - net/smc: Ensure the active closing peer first closes clcsock
    - mlxsw: Verify the accessed index doesn't exceed the array length
    - mlxsw: spectrum: Protect driver from buggy firmware
    - net: marvell: mvpp2: increase MTU limit when XDP enabled
    - nvmet-tcp: fix incomplete data digest send
    - net/ncsi : Add payload to be 32-bit aligned to fix dropped packets
    - PM: hibernate: use correct mode for swsusp_close()
    - drm/amd/display: Set plane update flags for all planes in reset
    - tcp_cubic: fix spurious Hystart ACK train detections for not-cwnd-limited
      flows
    - lan743x: fix deadlock in lan743x_phy_link_status_change()
    - net: phylink: Force link down and retrigger resolve on interface change
    - net: phylink: Force retrigger in case of latched link-fail indicator
    - net/smc: Fix NULL pointer dereferencing in smc_vlan_by_tcpsk()
    - net/smc: Fix loop in smc_listen
    - nvmet: use IOCB_NOWAIT only if the filesystem supports it
    - igb: fix netpoll exit with traffic
    - MIPS: loongson64: fix FTLB configuration
    - MIPS: use 3-level pgtable for 64KB page size on MIPS_VA_BITS_48
    - tls: splice_read: fix record type check
    - tls: fix replacing proto_ops
    - net/sched: sch_ets: don't peek at classes beyond 'nbands'
    - net: vlan: fix underflow for the real_dev refcnt
    - net/smc: Don't call clcsock shutdown twice when smc shutdown
    - net: hns3: fix VF RSS failed problem after PF enable multi-TCs
    - net: mscc: ocelot: don't downgrade timestamping RX filters in SIOCSHWTSTAMP
    - net: mscc: ocelot: correctly report the timestamping RX filters in ethtool
    - sched/scs: Reset task stack state in bringup_cpu()
    - f2fs: set SBI_NEED_FSCK flag when inconsistent node block found
    - ceph: properly handle statfs on multifs setups
    - iommu/amd: Clarify AMD IOMMUv2 initialization messages
    - vhost/vsock: fix incorrect used length reported to the guest
    - tracing: Check pid filtering when creating events
    - xen: sync include/xen/interface/io/ring.h with Xen's newest version
    - xen/blkfront: read response from backend only once
    - xen/blkfront: don't take local copy of a request from the ring page
    - xen/blkfront: don't trust the backend response data blindly
    - xen/netfront: read response from backend only once
    - xen/netfront: don't read data from request on the ring page
    - xen/netfront: disentangle tx_skb_freelist
    - xen/netfront: don't trust the backend response data blindly
    - tty: hvc: replace BUG_ON() with negative return value
    - net: stmmac: platform: fix build warning when with !CONFIG_PM_SLEEP
    - drm/amdgpu/gfx9: switch to golden tsc registers for renoir+
    - scsi: sd: Fix sd_do_mode_sense() buffer length handling
    - USB: serial: pl2303: fix GC type detection
    - usb: dwc3: core: Revise GHWPARAMS9 offset
    - net: usb: Correct PHY handling of smsc95xx
    - drm/amdgpu: IH process reset count when restart
    - drm/nouveau: recognise GA106
    - arm64: mm: Fix VM_BUG_ON(mm != &init_mm) for trans_pgd
    - cpufreq: intel_pstate: Fix active mode offline/online EPP handling
    - NFSv42: Fix pagecache invalidation after COPY/CLONE
    - ASoC: SOF: Intel: hda: fix hotplug when only codec is suspended
    - media: v4l2-core: fix VIDIOC_DQEVENT handling on non-x86
    - ASoC: codecs: lpass-rx-macro: fix HPHR setting CLSH mask
    - firmware: arm_scmi: Fix base agent discover response
    - ASoC: stm32: i2s: fix 32 bits channel length without mclk
    - scsi: mpt3sas: Fix system going into read-only mode
    - scsi: mpt3sas: Fix incorrect system timestamp
    - drm/aspeed: Fix vga_pw sysfs output
    - iavf: Fix refreshing iavf adapter stats on ethtool request
    - iavf: Fix VLAN feature flags after VFR
    - x86/pvh: add prototype for xen_pvh_init()
    - xen/pvh: add missing prototype to header
    - mptcp: use delegate action to schedule 3rd ack retrans
    - net: ipa: kill ipa_cmd_pipeline_clear()
    - arm64: uaccess: avoid blocking within critical sections
    - tls splice: remove inappropriate flags checking for MSG_PEEK
    - tls: splice_read: fix accessing pre-processed records
    - net: stmmac: Disable Tx queues when reconfiguring the interface
    - locking/rwsem: Make handoff bit handling more consistent
    - perf: Ignore sigtrap for tracepoints destined for other tasks
    - f2fs: quota: fix potential deadlock
    - riscv: dts: microchip: fix board compatible
    - riscv: dts: microchip: drop duplicated MMC/SDHC node
    - cifs: nosharesock should not share socket with future sessions
    - vdpa_sim: avoid putting an uninitialized iova_domain
    - io_uring: fix soft lockup when call __io_remove_buffers
    - firmware: arm_scmi: Fix type error assignment in voltage protocol
    - firmware: arm_scmi: Fix type error in sensor protocol
    - blk-mq: cancel blk-mq dispatch work in both blk_cleanup_queue and
      disk_release()
    - block: avoid to quiesce queue in elevator_init_mq
    - net/smc: Keep smc_close_final rc during active close
    - net/sched: sch_ets: don't remove idle classes from the round-robin list
    - HID: wacom: Reset expected and received contact counts at the same time
    - HID: wacom: Ignore the confidence flag when a touch is removed
    - net: usb: Correct reset handling of smsc95xx
    - cifs: nosharesock should be set on new server
    - net/packet: rx_owner_map depends on pg_vec
  * net/mlx5e: EPERM on vlan 0 programming (LP: #1957753)
    - net/mlx5e: Unblock setting vid 0 for VF in case PF isn't eswitch manager
  * [SRU][I/J/OEM-5.13/OEM-5.14] Add basic support of MT7922 (LP: #1958151)
    - mt76: mt7921: Add mt7922 support
    - mt76: mt7921: add support for PCIe ID 0x0608/0x0616
    - mt76: mt7921: introduce 160 MHz channel bandwidth support
    - Bluetooth: btusb: Add protocol for MediaTek bluetooth devices(MT7922)
    - Bluetooth: btusb: Add support for Foxconn MT7922A
  * Pod traffic not taking advantage of interfaces with multiple tx queues
    (LP: #1958155)
    - veth: Do not record rx queue hint in veth_xmit
  * [uacc-0623] hisi_sec2  fail to alloc uacce (LP: #1933301)
    - crypto: hisilicon/qm - modify the uacce mode check
  * ubunut_kernel_selftests: memory-hotplug: avoid spamming logs with
    dump_page() (LP: #1941829)
    - selftests: memory-hotplug: avoid spamming logs with dump_page(), ratio limit
      hot-remove error test
  * smartpqi: Update 20.04.4 to latest kernel.org patch level (LP: #1953689)
    - scsi: smartpqi: Replace one-element array with flexible-array member
    - scsi: smartpqi: Update device removal management
    - scsi: smartpqi: Capture controller reason codes
    - scsi: smartpqi: Update LUN reset handler
    - scsi: smartpqi: Add TEST UNIT READY check for SANITIZE operation
    - scsi: smartpqi: Avoid failing I/Os for offline devices
    - scsi: smartpqi: Add extended report physical LUNs
    - scsi: smartpqi: Fix boot failure during LUN rebuild
    - scsi: smartpqi: Fix duplicate device nodes for tape changers
    - scsi: smartpqi: Add 3252-8i PCI id
    - scsi: smartpqi: Update version to 2.1.12-055
  * CVE-2021-4083
    - fget: check that the fd still exists after getting a ref to it
  * CVE-2021-4155
    - xfs: map unwritten blocks in XFS_IOC_{ALLOC, FREE}SP just like fallocate

 -- Tim Gardner <tim.gardner@xxxxxxxxxxxxx>  Thu, 10 Feb 2022 08:54:36
-0700

** Changed in: linux-aws (Ubuntu Impish)
       Status: In Progress => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-4083

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-4155

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-0330

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-22942

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1951011

Title:
  linux-aws: Make a signed kernel

Status in linux-aws package in Ubuntu:
  New
Status in linux-aws-5.11 package in Ubuntu:
  Invalid
Status in linux-aws-5.13 package in Ubuntu:
  Invalid
Status in linux-aws-hwe package in Ubuntu:
  Invalid
Status in linux-aws source package in Xenial:
  Invalid
Status in linux-aws-5.11 source package in Xenial:
  Invalid
Status in linux-aws-5.13 source package in Xenial:
  Invalid
Status in linux-aws-hwe source package in Xenial:
  Fix Committed
Status in linux-aws source package in Bionic:
  Fix Released
Status in linux-aws-5.11 source package in Bionic:
  Invalid
Status in linux-aws-5.13 source package in Bionic:
  Invalid
Status in linux-aws-hwe source package in Bionic:
  Invalid
Status in linux-aws source package in Focal:
  Fix Released
Status in linux-aws-5.11 source package in Focal:
  Fix Released
Status in linux-aws-5.13 source package in Focal:
  Fix Released
Status in linux-aws-hwe source package in Focal:
  Invalid
Status in linux-aws source package in Hirsute:
  Won't Fix
Status in linux-aws-5.11 source package in Hirsute:
  Invalid
Status in linux-aws-5.13 source package in Hirsute:
  Invalid
Status in linux-aws-hwe source package in Hirsute:
  Invalid
Status in linux-aws source package in Impish:
  Fix Released
Status in linux-aws-5.11 source package in Impish:
  Invalid
Status in linux-aws-5.13 source package in Impish:
  Invalid
Status in linux-aws-hwe source package in Impish:
  Invalid

Bug description:
  SRU Justification

  [Impact]

  Ubuntu AWS kernels on secure boot instances will not load.

  [Fix]

  Generate signed kernels and packages

  [Test Plan]

  Boot in a secure boot (UEFI) environment.

  [Where things could go wrong]

  This is a new packaging feature.

  [Other Info]

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-aws/+bug/1951011/+subscriptions