This bug was fixed in the package linux-signed - 5.8.0-36.40+21.04.1 --------------- linux-signed (5.8.0-36.40+21.04.1) hirsute; urgency=medium
* Master version: 5.8.0-36.40+21.04.1 -- Kleber Sacilotto de Souza <[email protected]> Thu, 07 Jan 2021 12:01:04 +0100 ** Changed in: linux-signed (Ubuntu) Status: Fix Committed => Fix Released ** Changed in: linux-restricted-modules (Ubuntu) Status: Fix Committed => Fix Released ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-1052 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-1053 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-signed in Ubuntu. https://bugs.launchpad.net/bugs/1904578 Title: Update linux-signed/linux-restricted-modules for forward port suffixes Status in linux-restricted-modules package in Ubuntu: Fix Released Status in linux-signed package in Ubuntu: Fix Released Bug description: Impact: When forward-porting kernels we add a +NN.NN.N suffix to the package version. We also append +N to the version for respins of linux-signed and linux-restricted-modules, which gets stripped to determine the version of kernel packages to use in the Build-Depends. The regex which strips +N does not do end-of-line matching, and so it ends up stripping part of the forward-port suffix, causing the wrong version to be placed in the Build-Depends. Fix: Add end-of-line matching to the regex which strips the +N from the version string, ensuring that this pattern is not stripped from elsewhere in the version. Test Case: Run 'fakeroot debian/rules clean' in a signed/l-r-m tree for a forward-port kernel and inspect debian/control. Without end-of- line matching the +NN part of +NN.NN.N is stripped from the versions in Build-Depends. With end-of-line matching it is not stripped. Regression Potential: Any problems will result in incorrect versions placed in the Build-Depends. The most likely result is that this is a package version which does not exist, so the packages fail to build due to missing dependencies. It is very unlikely that an incorrect but valid package version in the Build-Depends, but if this did happen the packages could successfully build against the wrong kernel. This would be noticed quickly in testing as modules from linux-modules will fail to load with the packages produced from the linux-signed build. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-restricted-modules/+bug/1904578/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
