← Back to team overview

kernel-packages team mailing list archive

[Bug 1557250] Re: linux fails to load x.509 built-in certificate

 

This bug was fixed in the package linux - 4.4.0-15.31

---------------
linux (4.4.0-15.31) xenial; urgency=low

  [ Tim Gardner ]

  * Release Tracking Bug
    - LP: #1559252

  * Xilinx KU3 Capi card does not show up in Ubuntu  16.04 (LP: #1557001)
    - SAUCE: (noup) cxl: Allow initialization on timebase sync failures

  * policy namespace stacking (LP: #1379535)
    - Revert "UBUNTU: SAUCE: Move replacedby allocation into label_alloc"
    - Revert "UBUNTU: SAUCE: Fixup: __label_update() still doesn't handle some cases correctly."
    - Revert "UBUNTU: SAUCE: fix: audit "no_new_privs" case for exec failure"
    - Revert "UBUNTU: SAUCE: fixup: warning about aa_label_vec_find_or_create not being static"
    - Revert "UBUNTU: SAUCE: apparmor: fix refcount race when finding a child profile"
    - Revert "UBUNTU: SAUCE: fixup: cast poison values to remove warnings"
    - Revert "UBUNTU: SAUCE: fixup: get rid of unused var build warning"
    - Revert "UBUNTU: SAUCE: fixup: 20/23 locking issue around in __label_update"
    - Revert "UBUNTU: SAUCE: fixup: make __share_replacedby private to get rid of build warning"
    - Revert "UBUNTU: SAUCE: fix: replacedby forwarding is not being properly update when ns is destroyed"
    - Revert "UBUNTU: SAUCE: apparmor: fix log of apparmor audit message when kern_path() fails"
    - Revert "UBUNTU: SAUCE: fixup: cleanup return handling of labels"
    - Revert "UBUNTU: SAUCE: apparmor: fix: ref count leak when profile sha1 hash is read"
    - Revert "UBUNTU: SAUCE: apparmor: Fix: query label file permission"
    - Revert "UBUNTU: SAUCE: apparmor: Don't remove label on rcu callback if the label has already been removed"
    - Revert "UBUNTU: SAUCE: apparmor: Fix: break circular refcount for label that is directly freed."
    - Revert "UBUNTU: SAUCE: apparmor: Fix: refcount bug when inserting label update that transitions ns"
    - Revert "UBUNTU: SAUCE: apparmor: Fix: now that insert can force replacement use it instead of remove_and_insert"
    - Revert "UBUNTU: SAUCE: apparmor Fix: refcount bug in pivotroot mediation"
    - Revert "UBUNTU: SAUCE: apparmor: ensure that repacedby sharing is done correctly"
    - Revert "UBUNTU: SAUCE: apparmor: Fix: update replacedby allocation to take a gfp parameter"
    - Revert "UBUNTU: SAUCE: apparmor: Fix: convert replacedby update to be protected by the labelset lock"
    - Revert "UBUNTU: SAUCE: apparmor: Fix: add required locking of __aa_update_replacedby on merge path"
    - Revert "UBUNTU: SAUCE: apparmor: Fix: deadlock in aa_put_label() call chain"
    - Revert "UBUNTU: SAUCE: apparmor: Fix: label_vec_merge insertion"
    - Revert "UBUNTU: SAUCE: apparmor: Fix: ensure new labels resulting from merge have a replacedby"
    - Revert "UBUNTU: SAUCE: apparmor: Fix: refcount leak in aa_label_merge"
    - Revert "UBUNTU: SAUCE: apparmor: Fix: refcount race between locating in labelset and get"
    - Revert "UBUNTU: SAUCE: apparmor: Fix: label merge handling of marking unconfined and stale"
    - Revert "UBUNTU: SAUCE: apparmor: add underscores to indicate aa_label_next_not_in_set() use needs locking"
    - Revert "UBUNTU: SAUCE: apparmor: debug: POISON label and replaceby pointer on free"
    - Revert "UBUNTU: SAUCE: apparmor: Fix: ensure aa_get_newest will trip debugging if the replacedby is not setup"
    - Revert "UBUNTU: SAUCE: apparmor: Fix: insert race between label_update and label_merge"
    - Revert "UBUNTU: SAUCE: apparmor: rework retrieval of the current label in the profile update case"
    - Revert "UBUNTU: SAUCE: apparmor: Disallow update of cred when then subjective != the objective cred"
    - Revert "UBUNTU: SAUCE: apparmor: Fix: oops do to invalid null ptr deref in label print fns"
    - Revert "UBUNTU: SAUCE: fix-up: kern_mount fail path should not be doing put_buffers()"
    - Revert "UBUNTU: SAUCE: apparmor: fix sleep from invalid context"
    - Revert "UBUNTU: SAUCE: (no-up): apparmor: fix for failed mediation of socket that is being shutdown"
    - Revert "UBUNTU: SAUCE: (no-up) apparmor: Fix incompatible pointer type warnings"
    - Revert "UBUNTU: SAUCE: (no-up) apparmor: fix mount not handling disconnected paths"
    - Revert "UBUNTU: SAUCE: (no-up): apparmor: fix mediation of fs unix sockets"
    - Revert "UBUNTU: apparmor -- follow change to this_cpu_ptr"
    - Revert "UBUNTU: SAUCE: (no-up) fix: bad unix_addr_fs macro"
    - Revert "UBUNTU: SAUCE: Revert: fix: only allow a single threaded process to ..."
    - Revert "UBUNTU: SAUCE: (no-up) apparmor: Sync to apparmor3 - RC1 snapshot"
    - Revert "UBUNTU: SAUCE: (no-up) apparmor: add parameter to control whether policy hashing is used"
    - SAUCE: (no-up) apparmor: sync of apparmor3.5-beta1 snapshot
    - SAUCE: add a sysctl to enable unprivileged user ns AppArmor policy loading

  * Add arm64 NUMA support (LP: #1558765)
    - SAUCE: (noup) efi: ARM/arm64: ignore DT memory nodes instead of removing them
    - SAUCE: (noup) Documentation, dt, numa: dt bindings for NUMA.
    - [Config] CONFIG_OF_NUMA=y
    - SAUCE: (noup) of, numa: Add NUMA of binding implementation.
    - SAUCE: (noup) arm64: Move unflatten_device_tree() call earlier.
    - [Config] CONFIG_NUMA=y and CONFIG_NODES_SHIFT=2 on arm64
    - SAUCE: (noup) arm64, numa: Add NUMA support for arm64 platforms.
    - SAUCE: (noup) arm64, mm, numa: Add NUMA balancing support for arm64.

  * vivid/linux: total ADT test failures (LP: #1558447)
    - Revert "Revert "af_unix: Revert 'lock_interruptible' in stream receive code""

  * [Hyper-V] patches to allow kdump crash through NMI (LP: #1558720)
    - Drivers: hv: vmbus: Support handling messages on multiple CPUs
    - Drivers: hv: vmbus: Support kexec on ws2012 r2 and above

  * s390/pci: enforce fmb page boundary rule (LP: #1558625)
    - s390/pci: enforce fmb page boundary rule

  * s390/pci: backport upstream commits since v4.4 (LP: #1558624)
    - s390/pci_dma: fix DMA table corruption with > 4 TB main memory
    - page_to_phys() always returns a multiple of PAGE_SIZE
    - s390/pci: provide ZPCI_ADDR macro
    - s390/pci: improve ZPCI_* macros
    - s390/pci: resize iomap
    - s390/pci: fix bar check
    - s390/pci: set error state for unusable functions
    - s390/pci: remove iomap sanity checks
    - s390/pci: remove pdev pointer from arch data
    - s390/pci: add ioctl interface for CLP

  * IMA-appraisal is unusable in Ubuntu 16.04 (LP: #1558553)
    - [Config] CONFIG_SYSTEM_EXTRA_CERTIFICATE=y, CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096
    - KEYS: Use the symbol value for list size, updated by scripts/insert-sys-cert
    - KEYS: Reserve an extra certificate symbol for inserting without recompiling
    - SAUCE: (noup) KEYS: Support for inserting a certificate into x86 bzImage

  * skb_warn_bad_offload Crash (LP: #1558025)
    - ipv4: only create late gso-skb if skb is already set up with CHECKSUM_PARTIAL

  * Add PCIe root complex to Cavium arm64 (LP: #1558342)
    - [Config] CONFIG_PCI_HOST_COMMON=y
    - [Config] CONFIG_PCI_HOST_THUNDER_PEM=y
    - [Config] CONFIG_PCI_HOST_THUNDER_ECAM=y
    - PCI: generic: Move structure definitions to separate header file
    - PCI: generic: Add pci_host_common_probe(), based on gen_pci_probe()
    - PCI: generic: Expose pci_host_common_probe() for use by other drivers
    - PCI: thunder: Add PCIe host driver for ThunderX processors
    - PCI: thunder: Add driver for ThunderX-pass{1,2} on-chip devices

  * [Hyper-V] vmbus: Fix a bug in hv_need_to_signal_on_read() (LP: #1556264)
    - SAUCE: (noup) Drivers: hv: vmbus: Fix a bug in hv_need_to_signal_on_read()

  * Xenial update to v4.4.6 stable release (LP: #1558330)
    - arm64: account for sparsemem section alignment when choosing vmemmap offset
    - ARM: mvebu: fix overlap of Crypto SRAM with PCIe memory window
    - ARM: dts: dra7: do not gate cpsw clock due to errata i877
    - ARM: OMAP2+: hwmod: Introduce ti,no-idle dt property
    - PCI: Allow a NULL "parent" pointer in pci_bus_assign_domain_nr()
    - kvm: cap halt polling at exactly halt_poll_ns
    - KVM: VMX: disable PEBS before a guest entry
    - KVM: s390: correct fprs on SIGP (STOP AND) STORE STATUS
    - KVM: PPC: Book3S HV: Sanitize special-purpose register values on guest exit
    - KVM: MMU: fix ept=0/pte.u=1/pte.w=0/CR0.WP=0/CR4.SMEP=1/EFER.NX=0 combo
    - KVM: MMU: fix reserved bit check for ept=0/CR0.WP=0/CR4.SMEP=1/EFER.NX=0
    - s390/dasd: fix diag 0x250 inline assembly
    - tracing: Fix check for cpu online when event is disabled
    - dmaengine: at_xdmac: fix residue computation
    - jffs2: reduce the breakage on recovery from halfway failed rename()
    - ncpfs: fix a braino in OOM handling in ncp_fill_cache()
    - ASoC: dapm: Fix ctl value accesses in a wrong type
    - ASoC: samsung: Use IRQ safe spin lock calls
    - ASoC: wm8994: Fix enum ctl accesses in a wrong type
    - ASoC: wm8958: Fix enum ctl accesses in a wrong type
    - ovl: ignore lower entries when checking purity of non-directory entries
    - ovl: fix working on distributed fs as lower layer
    - wext: fix message delay/ordering
    - cfg80211/wext: fix message ordering
    - can: gs_usb: fixed disconnect bug by removing erroneous use of kfree()
    - iwlwifi: mvm: inc pending frames counter also when txing non-sta
    - mac80211: minstrel: Change expected throughput unit back to Kbps
    - mac80211: fix use of uninitialised values in RX aggregation
    - mac80211: minstrel_ht: set default tx aggregation timeout to 0
    - mac80211: minstrel_ht: fix a logic error in RTS/CTS handling
    - mac80211: check PN correctly for GCMP-encrypted fragmented MPDUs
    - mac80211: Fix Public Action frame RX in AP mode
    - gpu: ipu-v3: Do not bail out on missing optional port nodes
    - drm/amdgpu: Fix error handling in amdgpu_flip_work_func.
    - drm/radeon: Fix error handling in radeon_flip_work_func.
    - Revert "drm/radeon/pm: adjust display configuration after powerstate"
    - userfaultfd: don't block on the last VM updates at exit time
    - ovl: fix getcwd() failure after unsuccessful rmdir
    - MIPS: Fix build error when SMP is used without GIC
    - MIPS: smp.c: Fix uninitialised temp_foreign_map
    - block: don't optimize for non-cloned bio in bio_get_last_bvec()
    - target: Drop incorrect ABORT_TASK put for completed commands
    - ld-version: Fix awk regex compile failure
    - Linux 4.4.6

  * linux fails to load x.509 built-in certificate (LP: #1557250)
    - lib/mpi: Endianness fix

  * s390/kconfig: setting for CONFIG...9P.... (LP: #1557994)
    - [Config] CONFIG_NET_9P=m for s390x

  * mlx5_core kernel trace after "ethtool -C eth1 adaptive-rx on" flow
    (LP: #1557950)
    - net/mlx5e: Don't try to modify CQ moderation if it is not supported
    - net/mlx5e: Don't modify CQ before it was created

  * [Feature]SD/SDIO/eMMC support for Broxton-P (LP: #1520454)
    - mmc: sdhci: Do not BUG on invalid vdd
    - mmc: enable MMC/SD/SDIO device to suspend/resume asynchronously
    - mmc: It is not an error for the card to be removed while suspended

  * s390/kconfig: disable CONFIG_VIRTIO_MMIO (LP: #1557689)
    - [Config] CONFIG_VIRTIO_MMIO=n for s390x

  * s390/kconfig: CONFIG_NUMA without CONFIG_NUMA_EMU does not make any sense on s390x (LP: #1557690)
    - [Config] CONFIG_NUMA_EMU=y for s390x

  * Miscellaneous Ubuntu changes
    - [Debian] git-ubuntu-log -- prevent bug references being split
    - [Debian] git-ubuntu-log -- git log output is UTF-8

 -- Tim Gardner <tim.gardner@xxxxxxxxxxxxx>  Tue, 15 Mar 2016 13:18:58
-0600

** Changed in: linux (Ubuntu)
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1557250

Title:
  linux fails to load x.509 built-in certificate

Status in linux package in Ubuntu:
  Fix Released

Bug description:
  $ dmesg | grep '\.509'
  [   11.950518] Loading compiled-in X.509 certificates
  [   11.951343] Problem loading in-kernel X.509 certificate (-74)

  ProblemType: Bug
  DistroRelease: Ubuntu 16.04
  Package: linux-image-4.4.0-12-generic 4.4.0-12.28
  ProcVersionSignature: Ubuntu 4.4.0-12.28-generic 4.4.4
  Uname: Linux 4.4.0-12-generic s390x
  AlsaDevices: Error: command ['ls', '-l', '/dev/snd/'] failed with exit code 2: ls: cannot access '/dev/snd/': No such file or directory
  AplayDevices: Error: [Errno 2] No such file or directory: 'aplay'
  ApportVersion: 2.20-0ubuntu3
  Architecture: s390x
  ArecordDevices: Error: [Errno 2] No such file or directory: 'arecord'
  CRDA: Error: command ['iw', 'reg', 'get'] failed with exit code 1: nl80211 not found.
  Date: Mon Mar 14 21:39:09 2016
  HibernationDevice: RESUME=/dev/mapper/vg0-swap
  IwConfig: Error: [Errno 2] No such file or directory: 'iwconfig'
  Lspci:
   
  Lsusb: Error: command ['lsusb'] failed with exit code 1:
  PciMultimedia:
   
  ProcEnviron:
   TERM=xterm-256color
   PATH=(custom, no user)
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  ProcFB: Error: [Errno 2] No such file or directory: '/proc/fb'
  ProcKernelCmdLine: root=/dev/mapper/vg0-rootfs BOOT_IMAGE=0
  RelatedPackageVersions:
   linux-restricted-modules-4.4.0-12-generic N/A
   linux-backports-modules-4.4.0-12-generic  N/A
   linux-firmware                            1.156
  RfKill: Error: [Errno 2] No such file or directory: 'rfkill'
  SourcePackage: linux
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1557250/+subscriptions


References