Bug#1065585: linux-headers-6.7.7-amd64: Depends: linux-compiler-gcc-13-x86 -> linux-image-6.7.7-amd64, gcc-13 => uninstallable on x32
Source: linux Version: 6.7.7-1 Severity: grave Justification: user security hole Dear Maintainer, (Opting for grave/usersec because naturally updated kernels fix security vulnerabilities, but actually i think i can't update the kernel and that's grave, security be damned.) Observe: $ sudo apt install --no-install-recommends linux-headers-amd64 Reading package lists... Done Building dependency tree... Done Reading state information... Done Some packages could not be installed. This may mean that you have requested an impossible situation or if you are using the unstable distribution that some required packages have not yet been created or been moved out of Incoming. The following information may help to resolve the situation: The following packages have unmet dependencies: binutils-x86-64-linux-gnu:amd64 : Depends: libgcc-s1:amd64 (>= 4.2) but it is not going to be installed Depends: libjansson4:amd64 (>= 2.14) but it is not going to be installed Depends: libstdc++6:amd64 (>= 13.1) but it is not going to be installed cpp-13-x86-64-linux-gnu:amd64 : Depends: libgmp10:amd64 (>= 2:6.3.0+dfsg) but it is not going to be installed Depends: libisl23:amd64 (>= 0.15) but it is not going to be installed Depends: libmpc3:amd64 (>= 1.1.0) but it is not going to be installed Depends: libmpfr6:amd64 (>= 3.1.3) but it is not going to be installed gcc-13-x86-64-linux-gnu:amd64 : Depends: libcc1-0:amd64 (>= 13.2.0-18) but it is not going to be installed Depends: libgcc-s1:amd64 (>= 3.0) but it is not going to be installed Depends: libgmp10:amd64 (>= 2:6.3.0+dfsg) but it is not going to be installed Depends: libisl23:amd64 (>= 0.15) but it is not going to be installed Depends: libmpc3:amd64 (>= 1.1.0) but it is not going to be installed Depends: libmpfr6:amd64 (>= 3.1.3) but it is not going to be installed Depends: libstdc++6:amd64 (>= 5) but it is not going to be installed libc6:amd64 : Depends: libgcc-s1:amd64 but it is not going to be installed libgcc-13-dev:amd64 : Depends: libgcc-s1:amd64 (>= 13.2.0-18) but it is not going to be installed Depends: libgomp1:amd64 (>= 13.2.0-18) but it is not going to be installed Depends: libitm1:amd64 (>= 13.2.0-18) but it is not going to be installed Depends: libatomic1:amd64 (>= 13.2.0-18) but it is not going to be installed Depends: libasan8:amd64 (>= 13.2.0-18) but it is not going to be installed Depends: libubsan1:amd64 (>= 13.2.0-18) but it is not going to be installed Depends: libquadmath0:amd64 (>= 13.2.0-18) but it is not going to be installed libgprofng0:amd64 : Depends: libgcc-s1:amd64 (>= 3.3.1) but it is not going to be installed Depends: libstdc++6:amd64 (>= 13.1) but it is not going to be installed libhwasan0:amd64 : Depends: gcc-14-base:amd64 (= 14-20240303-1) but it is not going to be installed Depends: libgcc-s1:amd64 (>= 3.3) but it is not going to be installed liblsan0:amd64 : Depends: gcc-14-base:amd64 (= 14-20240303-1) but it is not going to be installed Depends: libgcc-s1:amd64 (>= 3.3) but it is not going to be installed libtsan2:amd64 : Depends: gcc-14-base:amd64 (= 14-20240303-1) but it is not going to be installed Depends: libgcc-s1:amd64 (>= 3.4) but it is not going to be installed linux-headers-6.7.7-amd64:amd64 : Depends: linux-kbuild-6.7.7:amd64 E: Unable to correct problems, you have held broken packages. or $ sudo apt install --no-install-recommends linux-headers-amd64 linux-kbuild-6.7.7:x32 Reading package lists... Done Building dependency tree... Done Reading state information... Done Some packages could not be installed. This may mean that you have requested an impossible situation or if you are using the unstable distribution that some required packages have not yet been created or been moved out of Incoming. The following information may help to resolve the situation: The following packages have unmet dependencies: binutils-x86-64-linux-gnu:amd64 : Depends: libgcc-s1:amd64 (>= 4.2) but it is not installable Depends: libjansson4:amd64 (>= 2.14) but it is not going to be installed Depends: libstdc++6:amd64 (>= 13.1) but it is not going to be installed cpp-13-x86-64-linux-gnu:amd64 : Depends: libgmp10:amd64 (>= 2:6.3.0+dfsg) but it is not going to be
Bug#1065392: Additional information
Hello, I made a test where I specified an empty field for --tpm2-pcrs instead of default 7 and the luks partition is decrypted with the tpm. I also made some test with other PCR values (1, 0) and it fails. It seems to be related to the PCR binding and linux-image-6.7.7-amd64 since this problem does not come up with previous versions (linux-image-6.6.15-amd64 and earlier) "Luckily", since the problem is not specific to the secure-boot PCR binding, I may be able to git-bisect the problem (i.e. with unsigned kernels). Best regards
Processed: retitle 1024149 to linux: CVE-2024-26621: 32-bit mmap() puts large files at non-random address
Processing commands for cont...@bugs.debian.org: > retitle 1024149 linux: CVE-2024-26621: 32-bit mmap() puts large files at > non-random address Bug #1024149 {Done: Salvatore Bonaccorso } [src:linux] linux-image-amd64: 32-bit mmap() puts large files at non-random address Changed Bug title to 'linux: CVE-2024-26621: 32-bit mmap() puts large files at non-random address' from 'linux-image-amd64: 32-bit mmap() puts large files at non-random address'. > thanks Stopping processing here. Please contact me if you need assistance. -- 1024149: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024149 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: closing 1024149
Processing commands for cont...@bugs.debian.org: > # fixed with 4ef9ad19e176 mm: huge_memory: don't force huge page alignment on > 32 bit > close 1024149 6.7.7-1 Bug #1024149 [src:linux] linux-image-amd64: 32-bit mmap() puts large files at non-random address Marked as fixed in versions linux/6.7.7-1. Bug #1024149 [src:linux] linux-image-amd64: 32-bit mmap() puts large files at non-random address Marked Bug as done > thanks Stopping processing here. Please contact me if you need assistance. -- 1024149: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024149 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Re: Bug#1064976: linux-headers-6.6.13+bpo-amd64 incorrectly depends on the corresponding linux-image-amd64 package
On Mon, 4 Mar 2024 13:54:49 +0100 Bastian Blank wrote: > On Mon, Mar 04, 2024 at 11:28:12AM +, Luca Boccassi wrote: > > > But we where talking about kernel modules. > > There are kernel modules using BPF stuff? Never seen one, do you have > > an example? > > No idea, but they get linked BTF information, so you could use them. Sure, but it's a bit of an unusual case to say the least, and I'm not aware of dkms packages in Debian doing that (happy to stand corrected if that's not the case). So surely any out-of-distro dkms package doing that should just ensure they pull in the dependencies they need for it? Assuming it's even needed. As far as I understand, the point of vmlinux.h is that it gives the equivalent information generated from BTF. The issue is that pulling the headers package also pulls the image, initramfs and all that machinery. We are going to depend on the headers package in src:systemd from the next release to get the vmlinux.h, and pulling all that stuff too adds considerable weight to the build dependency installation job. -- Kind regards, Luca Boccassi signature.asc Description: This is a digitally signed message part
Offer help on initramfs-tools
Hi, initramfs-tools hasn't seen an upload since 2022-07-12 and has several open merge requests without response. Since I am maintaining initramfs- tools in Ubuntu, I offer my help on initramfs-tools in Debian. In case I became uploader, I would merge the fixes and uncontroversial changes and cut a release. One change that we did in Ubuntu recently is using dracut-install which speeds up the initramfs generation a lot: https://launchpad.net/bugs/2031185 Do you want to have that in Debian as well? -- Benjamin Drung Debian & Ubuntu Developer