group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #42133
[Bug 1951011] Re: linux-aws: Make a signed kernel
This bug was fixed in the package linux-aws - 5.13.0-1014.15
---------------
linux-aws (5.13.0-1014.15) impish; urgency=medium
* impish/linux-aws: 5.13.0-1014.15 -proposed tracker (LP: #1960525)
* linux-aws: Make a signed kernel (LP: #1951011)
- [Packaging] aws: Make a signed kernel
linux-aws (5.13.0-1013.14) impish; urgency=medium
* impish/linux-aws: 5.13.0-1013.14 -proposed tracker (LP: #1960042)
* tcm_loop requires '-extras' for EKS optimised AMIs (LP: #1959593)
- [Packaging] aws: Include tcm_loop.ko
[ Ubuntu: 5.13.0-30.33 ]
* impish/linux: 5.13.0-30.33 -proposed tracker (LP: #1960055)
* systemd/248.3-1ubuntu8.2 ADT test failure with linux/5.13.0-29.32
(LP: #1960034)
- Revert "block: avoid to quiesce queue in elevator_init_mq"
- Revert "blk-mq: cancel blk-mq dispatch work in both blk_cleanup_queue and
disk_release()"
[ Ubuntu: 5.13.0-29.32 ]
* impish/linux: 5.13.0-29.32 -proposed tracker (LP: #1959238)
* Packaging resync (LP: #1786013)
- debian/dkms-versions -- update from kernel-versions (main/2022.01.31)
* CVE-2022-22942
- SAUCE: drm/vmwgfx: Fix stale file descriptors on failed usercopy
* CVE-2022-0330
- drm/i915: Flush TLBs before releasing backing store
* Impish update: upstream stable patchset 2022-01-05 (LP: #1956508)
- ACPI: Get acpi_device's parent from the parent field
- USB: serial: option: add Telit LE910S1 0x9200 composition
- USB: serial: option: add Fibocom FM101-GL variants
- usb: dwc2: gadget: Fix ISOC flow for elapsed frames
- usb: dwc2: hcd_queue: Fix use of floating point literal
- usb: dwc3: gadget: Ignore NoStream after End Transfer
- usb: dwc3: gadget: Check for L1/L2/U3 for Start Transfer
- usb: dwc3: gadget: Fix null pointer exception
- net: nexthop: fix null pointer dereference when IPv6 is not enabled
- usb: chipidea: ci_hdrc_imx: fix potential error pointer dereference in probe
- usb: typec: fusb302: Fix masking of comparator and bc_lvl interrupts
- usb: hub: Fix usb enumeration issue due to address0 race
- usb: hub: Fix locking issues with address0_mutex
- binder: fix test regression due to sender_euid change
- ALSA: ctxfi: Fix out-of-range access
- ALSA: hda/realtek: Add quirk for ASRock NUC Box 1100
- ALSA: hda/realtek: Fix LED on HP ProBook 435 G7
- media: cec: copy sequence field for the reply
- Revert "parisc: Fix backtrace to always include init funtion names"
- HID: wacom: Use "Confidence" flag to prevent reporting invalid contacts
- staging/fbtft: Fix backlight
- staging: greybus: Add missing rwsem around snd_ctl_remove() calls
- staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect()
- fuse: release pipe buf after last use
- xen: don't continue xenstore initialization in case of errors
- xen: detect uninitialized xenbus in xenbus_init
- KVM: PPC: Book3S HV: Prevent POWER7/8 TLB flush flushing SLB
- tracing/uprobe: Fix uprobe_perf_open probes iteration
- tracing: Fix pid filtering when triggers are attached
- mmc: sdhci-esdhc-imx: disable CMDQ support
- mmc: sdhci: Fix ADMA for PAGE_SIZE >= 64KiB
- mdio: aspeed: Fix "Link is Down" issue
- powerpc/32: Fix hardlockup on vmap stack overflow
- PCI: aardvark: Deduplicate code in advk_pcie_rd_conf()
- PCI: aardvark: Implement re-issuing config requests on CRS response
- PCI: aardvark: Simplify initialization of rootcap on virtual bridge
- PCI: aardvark: Fix link training
- proc/vmcore: fix clearing user buffer by properly using clear_user()
- netfilter: ctnetlink: fix filtering with CTA_TUPLE_REPLY
- netfilter: ctnetlink: do not erase error code with EINVAL
- netfilter: ipvs: Fix reuse connection if RS weight is 0
- netfilter: flowtable: fix IPv6 tunnel addr match
- ARM: dts: BCM5301X: Fix I2C controller interrupt
- ARM: dts: BCM5301X: Add interrupt properties to GPIO node
- ARM: dts: bcm2711: Fix PCIe interrupts
- ASoC: qdsp6: q6routing: Conditionally reset FrontEnd Mixer
- ASoC: qdsp6: q6asm: fix q6asm_dai_prepare error handling
- ASoC: topology: Add missing rwsem around snd_ctl_remove() calls
- ASoC: codecs: wcd934x: return error code correctly from hw_params
- net: ieee802154: handle iftypes as u32
- firmware: arm_scmi: pm: Propagate return value to caller
- NFSv42: Don't fail clone() unless the OP_CLONE operation failed
- ARM: socfpga: Fix crash with CONFIG_FORTIRY_SOURCE
- drm/nouveau/acr: fix a couple NULL vs IS_ERR() checks
- scsi: mpt3sas: Fix kernel panic during drive powercycle test
- drm/vc4: fix error code in vc4_create_object()
- net: marvell: prestera: fix double free issue on err path
- iavf: Prevent changing static ITR values if adaptive moderation is on
- ALSA: intel-dsp-config: add quirk for JSL devices based on ES8336 codec
- mptcp: fix delack timer
- firmware: smccc: Fix check for ARCH_SOC_ID not implemented
- ipv6: fix typos in __ip6_finish_output()
- nfp: checking parameter process for rx-usecs/tx-usecs is invalid
- net: stmmac: retain PTP clock time during SIOCSHWTSTAMP ioctls
- net: ipv6: add fib6_nh_release_dsts stub
- net: nexthop: release IPv6 per-cpu dsts when replacing a nexthop group
- ice: fix vsi->txq_map sizing
- ice: avoid bpf_prog refcount underflow
- scsi: core: sysfs: Fix setting device state to SDEV_RUNNING
- scsi: scsi_debug: Zero clear zones at reset write pointer
- erofs: fix deadlock when shrink erofs slab
- net/smc: Ensure the active closing peer first closes clcsock
- mlxsw: Verify the accessed index doesn't exceed the array length
- mlxsw: spectrum: Protect driver from buggy firmware
- net: marvell: mvpp2: increase MTU limit when XDP enabled
- nvmet-tcp: fix incomplete data digest send
- net/ncsi : Add payload to be 32-bit aligned to fix dropped packets
- PM: hibernate: use correct mode for swsusp_close()
- drm/amd/display: Set plane update flags for all planes in reset
- tcp_cubic: fix spurious Hystart ACK train detections for not-cwnd-limited
flows
- lan743x: fix deadlock in lan743x_phy_link_status_change()
- net: phylink: Force link down and retrigger resolve on interface change
- net: phylink: Force retrigger in case of latched link-fail indicator
- net/smc: Fix NULL pointer dereferencing in smc_vlan_by_tcpsk()
- net/smc: Fix loop in smc_listen
- nvmet: use IOCB_NOWAIT only if the filesystem supports it
- igb: fix netpoll exit with traffic
- MIPS: loongson64: fix FTLB configuration
- MIPS: use 3-level pgtable for 64KB page size on MIPS_VA_BITS_48
- tls: splice_read: fix record type check
- tls: fix replacing proto_ops
- net/sched: sch_ets: don't peek at classes beyond 'nbands'
- net: vlan: fix underflow for the real_dev refcnt
- net/smc: Don't call clcsock shutdown twice when smc shutdown
- net: hns3: fix VF RSS failed problem after PF enable multi-TCs
- net: mscc: ocelot: don't downgrade timestamping RX filters in SIOCSHWTSTAMP
- net: mscc: ocelot: correctly report the timestamping RX filters in ethtool
- sched/scs: Reset task stack state in bringup_cpu()
- f2fs: set SBI_NEED_FSCK flag when inconsistent node block found
- ceph: properly handle statfs on multifs setups
- iommu/amd: Clarify AMD IOMMUv2 initialization messages
- vhost/vsock: fix incorrect used length reported to the guest
- tracing: Check pid filtering when creating events
- xen: sync include/xen/interface/io/ring.h with Xen's newest version
- xen/blkfront: read response from backend only once
- xen/blkfront: don't take local copy of a request from the ring page
- xen/blkfront: don't trust the backend response data blindly
- xen/netfront: read response from backend only once
- xen/netfront: don't read data from request on the ring page
- xen/netfront: disentangle tx_skb_freelist
- xen/netfront: don't trust the backend response data blindly
- tty: hvc: replace BUG_ON() with negative return value
- net: stmmac: platform: fix build warning when with !CONFIG_PM_SLEEP
- drm/amdgpu/gfx9: switch to golden tsc registers for renoir+
- scsi: sd: Fix sd_do_mode_sense() buffer length handling
- USB: serial: pl2303: fix GC type detection
- usb: dwc3: core: Revise GHWPARAMS9 offset
- net: usb: Correct PHY handling of smsc95xx
- drm/amdgpu: IH process reset count when restart
- drm/nouveau: recognise GA106
- arm64: mm: Fix VM_BUG_ON(mm != &init_mm) for trans_pgd
- cpufreq: intel_pstate: Fix active mode offline/online EPP handling
- NFSv42: Fix pagecache invalidation after COPY/CLONE
- ASoC: SOF: Intel: hda: fix hotplug when only codec is suspended
- media: v4l2-core: fix VIDIOC_DQEVENT handling on non-x86
- ASoC: codecs: lpass-rx-macro: fix HPHR setting CLSH mask
- firmware: arm_scmi: Fix base agent discover response
- ASoC: stm32: i2s: fix 32 bits channel length without mclk
- scsi: mpt3sas: Fix system going into read-only mode
- scsi: mpt3sas: Fix incorrect system timestamp
- drm/aspeed: Fix vga_pw sysfs output
- iavf: Fix refreshing iavf adapter stats on ethtool request
- iavf: Fix VLAN feature flags after VFR
- x86/pvh: add prototype for xen_pvh_init()
- xen/pvh: add missing prototype to header
- mptcp: use delegate action to schedule 3rd ack retrans
- net: ipa: kill ipa_cmd_pipeline_clear()
- arm64: uaccess: avoid blocking within critical sections
- tls splice: remove inappropriate flags checking for MSG_PEEK
- tls: splice_read: fix accessing pre-processed records
- net: stmmac: Disable Tx queues when reconfiguring the interface
- locking/rwsem: Make handoff bit handling more consistent
- perf: Ignore sigtrap for tracepoints destined for other tasks
- f2fs: quota: fix potential deadlock
- riscv: dts: microchip: fix board compatible
- riscv: dts: microchip: drop duplicated MMC/SDHC node
- cifs: nosharesock should not share socket with future sessions
- vdpa_sim: avoid putting an uninitialized iova_domain
- io_uring: fix soft lockup when call __io_remove_buffers
- firmware: arm_scmi: Fix type error assignment in voltage protocol
- firmware: arm_scmi: Fix type error in sensor protocol
- blk-mq: cancel blk-mq dispatch work in both blk_cleanup_queue and
disk_release()
- block: avoid to quiesce queue in elevator_init_mq
- net/smc: Keep smc_close_final rc during active close
- net/sched: sch_ets: don't remove idle classes from the round-robin list
- HID: wacom: Reset expected and received contact counts at the same time
- HID: wacom: Ignore the confidence flag when a touch is removed
- net: usb: Correct reset handling of smsc95xx
- cifs: nosharesock should be set on new server
- net/packet: rx_owner_map depends on pg_vec
* net/mlx5e: EPERM on vlan 0 programming (LP: #1957753)
- net/mlx5e: Unblock setting vid 0 for VF in case PF isn't eswitch manager
* [SRU][I/J/OEM-5.13/OEM-5.14] Add basic support of MT7922 (LP: #1958151)
- mt76: mt7921: Add mt7922 support
- mt76: mt7921: add support for PCIe ID 0x0608/0x0616
- mt76: mt7921: introduce 160 MHz channel bandwidth support
- Bluetooth: btusb: Add protocol for MediaTek bluetooth devices(MT7922)
- Bluetooth: btusb: Add support for Foxconn MT7922A
* Pod traffic not taking advantage of interfaces with multiple tx queues
(LP: #1958155)
- veth: Do not record rx queue hint in veth_xmit
* [uacc-0623] hisi_sec2 fail to alloc uacce (LP: #1933301)
- crypto: hisilicon/qm - modify the uacce mode check
* ubunut_kernel_selftests: memory-hotplug: avoid spamming logs with
dump_page() (LP: #1941829)
- selftests: memory-hotplug: avoid spamming logs with dump_page(), ratio limit
hot-remove error test
* smartpqi: Update 20.04.4 to latest kernel.org patch level (LP: #1953689)
- scsi: smartpqi: Replace one-element array with flexible-array member
- scsi: smartpqi: Update device removal management
- scsi: smartpqi: Capture controller reason codes
- scsi: smartpqi: Update LUN reset handler
- scsi: smartpqi: Add TEST UNIT READY check for SANITIZE operation
- scsi: smartpqi: Avoid failing I/Os for offline devices
- scsi: smartpqi: Add extended report physical LUNs
- scsi: smartpqi: Fix boot failure during LUN rebuild
- scsi: smartpqi: Fix duplicate device nodes for tape changers
- scsi: smartpqi: Add 3252-8i PCI id
- scsi: smartpqi: Update version to 2.1.12-055
* CVE-2021-4083
- fget: check that the fd still exists after getting a ref to it
* CVE-2021-4155
- xfs: map unwritten blocks in XFS_IOC_{ALLOC, FREE}SP just like fallocate
-- Tim Gardner <tim.gardner@xxxxxxxxxxxxx> Thu, 10 Feb 2022 08:54:36
-0700
** Changed in: linux-aws (Ubuntu Impish)
Status: In Progress => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-4083
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-4155
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-0330
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-22942
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1951011
Title:
linux-aws: Make a signed kernel
Status in linux-aws package in Ubuntu:
New
Status in linux-aws-5.11 package in Ubuntu:
Invalid
Status in linux-aws-5.13 package in Ubuntu:
Invalid
Status in linux-aws-hwe package in Ubuntu:
Invalid
Status in linux-aws source package in Xenial:
Invalid
Status in linux-aws-5.11 source package in Xenial:
Invalid
Status in linux-aws-5.13 source package in Xenial:
Invalid
Status in linux-aws-hwe source package in Xenial:
Fix Committed
Status in linux-aws source package in Bionic:
Fix Released
Status in linux-aws-5.11 source package in Bionic:
Invalid
Status in linux-aws-5.13 source package in Bionic:
Invalid
Status in linux-aws-hwe source package in Bionic:
Invalid
Status in linux-aws source package in Focal:
Fix Released
Status in linux-aws-5.11 source package in Focal:
Fix Released
Status in linux-aws-5.13 source package in Focal:
Fix Released
Status in linux-aws-hwe source package in Focal:
Invalid
Status in linux-aws source package in Hirsute:
Won't Fix
Status in linux-aws-5.11 source package in Hirsute:
Invalid
Status in linux-aws-5.13 source package in Hirsute:
Invalid
Status in linux-aws-hwe source package in Hirsute:
Invalid
Status in linux-aws source package in Impish:
Fix Released
Status in linux-aws-5.11 source package in Impish:
Invalid
Status in linux-aws-5.13 source package in Impish:
Invalid
Status in linux-aws-hwe source package in Impish:
Invalid
Bug description:
SRU Justification
[Impact]
Ubuntu AWS kernels on secure boot instances will not load.
[Fix]
Generate signed kernels and packages
[Test Plan]
Boot in a secure boot (UEFI) environment.
[Where things could go wrong]
This is a new packaging feature.
[Other Info]
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-aws/+bug/1951011/+subscriptions