[Kernel-packages] [Bug 1996892] Re: Expose built-in trusted and revoked certificates
This bug was fixed in the package linux - 6.1.0-16.16 --- linux (6.1.0-16.16) lunar; urgency=medium * lunar/linux: 6.1.0-16.16 -proposed tracker (LP: #2008480) * Packaging resync (LP: #1786013) - debian/dkms-versions -- temporarily drop broken dkms -- Andrea Righi Fri, 24 Feb 2023 14:24:48 +0100 ** Changed in: linux (Ubuntu Lunar) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1996892 Title: Expose built-in trusted and revoked certificates Status in linux package in Ubuntu: Fix Released Status in linux source package in Bionic: Fix Released Status in linux source package in Focal: Fix Released Status in linux source package in Jammy: Fix Released Status in linux source package in Kinetic: Fix Released Status in linux source package in Lunar: Fix Released Bug description: [ Impact ] * Kernels have a set of builtin trusted and revoked certificates as a bundle * It is not very easy to access them, one needs to either download linux kernel package source code; or boot the kernel look up builtin hashes; and then find certificates externally * It would be more convenient for inspection to expose these in the buildinfo package, which already exposes auxiliary kernel information [ Test Plan ] * sudo apt install linux-buildinfo-$(uname -r) * check that /usr/lib/linux/$(uname -r)/canonical-certs.pem exists and contains livepatch cert * check that /usr/lib/linux/$(uname -r)/canonical-uefi-2012-all.pem exists and contains 2012 cert Example output: $ grep Subject: -r usr/lib/linux usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: CN = Canonical Ltd. Live Patch Signing usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: C = GB, ST = Isle of Man, L = Douglas, O = Canonical Ltd., CN = Canonical Ltd. Kernel Module Signing usr/lib/linux/5.19.0-24-generic/canonical-revoked-certs.pem:Subject: C = GB, ST = Isle of Man, O = Canonical Ltd., OU = Secure Boot, CN = Canonical Ltd. Secure Boot Signing [ Where problems could occur ] * buildinfo is an auxiliary package not installed by default, but used by developer tooling and packaging. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1996892/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1996892] Re: Expose built-in trusted and revoked certificates
** Tags removed: verification-done-bionic -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1996892 Title: Expose built-in trusted and revoked certificates Status in linux package in Ubuntu: Confirmed Status in linux source package in Bionic: Fix Released Status in linux source package in Focal: Fix Released Status in linux source package in Jammy: Fix Released Status in linux source package in Kinetic: Fix Released Status in linux source package in Lunar: Confirmed Bug description: [ Impact ] * Kernels have a set of builtin trusted and revoked certificates as a bundle * It is not very easy to access them, one needs to either download linux kernel package source code; or boot the kernel look up builtin hashes; and then find certificates externally * It would be more convenient for inspection to expose these in the buildinfo package, which already exposes auxiliary kernel information [ Test Plan ] * sudo apt install linux-buildinfo-$(uname -r) * check that /usr/lib/linux/$(uname -r)/canonical-certs.pem exists and contains livepatch cert * check that /usr/lib/linux/$(uname -r)/canonical-uefi-2012-all.pem exists and contains 2012 cert Example output: $ grep Subject: -r usr/lib/linux usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: CN = Canonical Ltd. Live Patch Signing usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: C = GB, ST = Isle of Man, L = Douglas, O = Canonical Ltd., CN = Canonical Ltd. Kernel Module Signing usr/lib/linux/5.19.0-24-generic/canonical-revoked-certs.pem:Subject: C = GB, ST = Isle of Man, O = Canonical Ltd., OU = Secure Boot, CN = Canonical Ltd. Secure Boot Signing [ Where problems could occur ] * buildinfo is an auxiliary package not installed by default, but used by developer tooling and packaging. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1996892/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1996892] Re: Expose built-in trusted and revoked certificates
** Tags removed: verification-done-focal -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1996892 Title: Expose built-in trusted and revoked certificates Status in linux package in Ubuntu: Confirmed Status in linux source package in Bionic: Fix Released Status in linux source package in Focal: Fix Released Status in linux source package in Jammy: Fix Released Status in linux source package in Kinetic: Fix Released Status in linux source package in Lunar: Confirmed Bug description: [ Impact ] * Kernels have a set of builtin trusted and revoked certificates as a bundle * It is not very easy to access them, one needs to either download linux kernel package source code; or boot the kernel look up builtin hashes; and then find certificates externally * It would be more convenient for inspection to expose these in the buildinfo package, which already exposes auxiliary kernel information [ Test Plan ] * sudo apt install linux-buildinfo-$(uname -r) * check that /usr/lib/linux/$(uname -r)/canonical-certs.pem exists and contains livepatch cert * check that /usr/lib/linux/$(uname -r)/canonical-uefi-2012-all.pem exists and contains 2012 cert Example output: $ grep Subject: -r usr/lib/linux usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: CN = Canonical Ltd. Live Patch Signing usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: C = GB, ST = Isle of Man, L = Douglas, O = Canonical Ltd., CN = Canonical Ltd. Kernel Module Signing usr/lib/linux/5.19.0-24-generic/canonical-revoked-certs.pem:Subject: C = GB, ST = Isle of Man, O = Canonical Ltd., OU = Secure Boot, CN = Canonical Ltd. Secure Boot Signing [ Where problems could occur ] * buildinfo is an auxiliary package not installed by default, but used by developer tooling and packaging. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1996892/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1996892] Re: Expose built-in trusted and revoked certificates
** Tags removed: verification-done-jammy -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1996892 Title: Expose built-in trusted and revoked certificates Status in linux package in Ubuntu: Confirmed Status in linux source package in Bionic: Fix Released Status in linux source package in Focal: Fix Released Status in linux source package in Jammy: Fix Released Status in linux source package in Kinetic: Fix Released Status in linux source package in Lunar: Confirmed Bug description: [ Impact ] * Kernels have a set of builtin trusted and revoked certificates as a bundle * It is not very easy to access them, one needs to either download linux kernel package source code; or boot the kernel look up builtin hashes; and then find certificates externally * It would be more convenient for inspection to expose these in the buildinfo package, which already exposes auxiliary kernel information [ Test Plan ] * sudo apt install linux-buildinfo-$(uname -r) * check that /usr/lib/linux/$(uname -r)/canonical-certs.pem exists and contains livepatch cert * check that /usr/lib/linux/$(uname -r)/canonical-uefi-2012-all.pem exists and contains 2012 cert Example output: $ grep Subject: -r usr/lib/linux usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: CN = Canonical Ltd. Live Patch Signing usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: C = GB, ST = Isle of Man, L = Douglas, O = Canonical Ltd., CN = Canonical Ltd. Kernel Module Signing usr/lib/linux/5.19.0-24-generic/canonical-revoked-certs.pem:Subject: C = GB, ST = Isle of Man, O = Canonical Ltd., OU = Secure Boot, CN = Canonical Ltd. Secure Boot Signing [ Where problems could occur ] * buildinfo is an auxiliary package not installed by default, but used by developer tooling and packaging. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1996892/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1996892] Re: Expose built-in trusted and revoked certificates
** Tags removed: verification-done-kinetic -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1996892 Title: Expose built-in trusted and revoked certificates Status in linux package in Ubuntu: Confirmed Status in linux source package in Bionic: Fix Released Status in linux source package in Focal: Fix Released Status in linux source package in Jammy: Fix Released Status in linux source package in Kinetic: Fix Released Status in linux source package in Lunar: Confirmed Bug description: [ Impact ] * Kernels have a set of builtin trusted and revoked certificates as a bundle * It is not very easy to access them, one needs to either download linux kernel package source code; or boot the kernel look up builtin hashes; and then find certificates externally * It would be more convenient for inspection to expose these in the buildinfo package, which already exposes auxiliary kernel information [ Test Plan ] * sudo apt install linux-buildinfo-$(uname -r) * check that /usr/lib/linux/$(uname -r)/canonical-certs.pem exists and contains livepatch cert * check that /usr/lib/linux/$(uname -r)/canonical-uefi-2012-all.pem exists and contains 2012 cert Example output: $ grep Subject: -r usr/lib/linux usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: CN = Canonical Ltd. Live Patch Signing usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: C = GB, ST = Isle of Man, L = Douglas, O = Canonical Ltd., CN = Canonical Ltd. Kernel Module Signing usr/lib/linux/5.19.0-24-generic/canonical-revoked-certs.pem:Subject: C = GB, ST = Isle of Man, O = Canonical Ltd., OU = Secure Boot, CN = Canonical Ltd. Secure Boot Signing [ Where problems could occur ] * buildinfo is an auxiliary package not installed by default, but used by developer tooling and packaging. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1996892/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1996892] Re: Expose built-in trusted and revoked certificates
** Tags removed: verification-needed-focal verification-needed-jammy verification-needed-kinetic ** Tags added: verification-done-focal verification-done-jammy verification-done-kinetic ** Tags added: kernel-stable-tracking-bug -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1996892 Title: Expose built-in trusted and revoked certificates Status in linux package in Ubuntu: Confirmed Status in linux source package in Bionic: Fix Released Status in linux source package in Focal: Fix Released Status in linux source package in Jammy: Fix Released Status in linux source package in Kinetic: Fix Released Status in linux source package in Lunar: Confirmed Bug description: [ Impact ] * Kernels have a set of builtin trusted and revoked certificates as a bundle * It is not very easy to access them, one needs to either download linux kernel package source code; or boot the kernel look up builtin hashes; and then find certificates externally * It would be more convenient for inspection to expose these in the buildinfo package, which already exposes auxiliary kernel information [ Test Plan ] * sudo apt install linux-buildinfo-$(uname -r) * check that /usr/lib/linux/$(uname -r)/canonical-certs.pem exists and contains livepatch cert * check that /usr/lib/linux/$(uname -r)/canonical-uefi-2012-all.pem exists and contains 2012 cert Example output: $ grep Subject: -r usr/lib/linux usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: CN = Canonical Ltd. Live Patch Signing usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: C = GB, ST = Isle of Man, L = Douglas, O = Canonical Ltd., CN = Canonical Ltd. Kernel Module Signing usr/lib/linux/5.19.0-24-generic/canonical-revoked-certs.pem:Subject: C = GB, ST = Isle of Man, O = Canonical Ltd., OU = Secure Boot, CN = Canonical Ltd. Secure Boot Signing [ Where problems could occur ] * buildinfo is an auxiliary package not installed by default, but used by developer tooling and packaging. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1996892/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1996892] Re: Expose built-in trusted and revoked certificates
This bug is awaiting verification that the linux-aws/5.15.0-1029.33 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy' to 'verification-done-jammy'. If the problem still exists, change the tag 'verification-needed-jammy' to 'verification-failed-jammy'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: kernel-spammed-jammy-linux-aws -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1996892 Title: Expose built-in trusted and revoked certificates Status in linux package in Ubuntu: Confirmed Status in linux source package in Bionic: Fix Released Status in linux source package in Focal: Fix Released Status in linux source package in Jammy: Fix Released Status in linux source package in Kinetic: Fix Released Status in linux source package in Lunar: Confirmed Bug description: [ Impact ] * Kernels have a set of builtin trusted and revoked certificates as a bundle * It is not very easy to access them, one needs to either download linux kernel package source code; or boot the kernel look up builtin hashes; and then find certificates externally * It would be more convenient for inspection to expose these in the buildinfo package, which already exposes auxiliary kernel information [ Test Plan ] * sudo apt install linux-buildinfo-$(uname -r) * check that /usr/lib/linux/$(uname -r)/canonical-certs.pem exists and contains livepatch cert * check that /usr/lib/linux/$(uname -r)/canonical-uefi-2012-all.pem exists and contains 2012 cert Example output: $ grep Subject: -r usr/lib/linux usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: CN = Canonical Ltd. Live Patch Signing usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: C = GB, ST = Isle of Man, L = Douglas, O = Canonical Ltd., CN = Canonical Ltd. Kernel Module Signing usr/lib/linux/5.19.0-24-generic/canonical-revoked-certs.pem:Subject: C = GB, ST = Isle of Man, O = Canonical Ltd., OU = Secure Boot, CN = Canonical Ltd. Secure Boot Signing [ Where problems could occur ] * buildinfo is an auxiliary package not installed by default, but used by developer tooling and packaging. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1996892/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1996892] Re: Expose built-in trusted and revoked certificates
This bug is awaiting verification that the linux-azure/5.4.0-1102.108 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: kernel-spammed-focal-linux-azure -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1996892 Title: Expose built-in trusted and revoked certificates Status in linux package in Ubuntu: Confirmed Status in linux source package in Bionic: Fix Released Status in linux source package in Focal: Fix Released Status in linux source package in Jammy: Fix Released Status in linux source package in Kinetic: Fix Released Status in linux source package in Lunar: Confirmed Bug description: [ Impact ] * Kernels have a set of builtin trusted and revoked certificates as a bundle * It is not very easy to access them, one needs to either download linux kernel package source code; or boot the kernel look up builtin hashes; and then find certificates externally * It would be more convenient for inspection to expose these in the buildinfo package, which already exposes auxiliary kernel information [ Test Plan ] * sudo apt install linux-buildinfo-$(uname -r) * check that /usr/lib/linux/$(uname -r)/canonical-certs.pem exists and contains livepatch cert * check that /usr/lib/linux/$(uname -r)/canonical-uefi-2012-all.pem exists and contains 2012 cert Example output: $ grep Subject: -r usr/lib/linux usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: CN = Canonical Ltd. Live Patch Signing usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: C = GB, ST = Isle of Man, L = Douglas, O = Canonical Ltd., CN = Canonical Ltd. Kernel Module Signing usr/lib/linux/5.19.0-24-generic/canonical-revoked-certs.pem:Subject: C = GB, ST = Isle of Man, O = Canonical Ltd., OU = Secure Boot, CN = Canonical Ltd. Secure Boot Signing [ Where problems could occur ] * buildinfo is an auxiliary package not installed by default, but used by developer tooling and packaging. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1996892/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1996892] Re: Expose built-in trusted and revoked certificates
This bug is awaiting verification that the linux-aws/5.4.0-1095.103 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: kernel-spammed-focal-linux-aws -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1996892 Title: Expose built-in trusted and revoked certificates Status in linux package in Ubuntu: Confirmed Status in linux source package in Bionic: Fix Released Status in linux source package in Focal: Fix Released Status in linux source package in Jammy: Fix Released Status in linux source package in Kinetic: Fix Released Status in linux source package in Lunar: Confirmed Bug description: [ Impact ] * Kernels have a set of builtin trusted and revoked certificates as a bundle * It is not very easy to access them, one needs to either download linux kernel package source code; or boot the kernel look up builtin hashes; and then find certificates externally * It would be more convenient for inspection to expose these in the buildinfo package, which already exposes auxiliary kernel information [ Test Plan ] * sudo apt install linux-buildinfo-$(uname -r) * check that /usr/lib/linux/$(uname -r)/canonical-certs.pem exists and contains livepatch cert * check that /usr/lib/linux/$(uname -r)/canonical-uefi-2012-all.pem exists and contains 2012 cert Example output: $ grep Subject: -r usr/lib/linux usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: CN = Canonical Ltd. Live Patch Signing usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: C = GB, ST = Isle of Man, L = Douglas, O = Canonical Ltd., CN = Canonical Ltd. Kernel Module Signing usr/lib/linux/5.19.0-24-generic/canonical-revoked-certs.pem:Subject: C = GB, ST = Isle of Man, O = Canonical Ltd., OU = Secure Boot, CN = Canonical Ltd. Secure Boot Signing [ Where problems could occur ] * buildinfo is an auxiliary package not installed by default, but used by developer tooling and packaging. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1996892/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1996892] Re: Expose built-in trusted and revoked certificates
This bug is awaiting verification that the linux-azure/5.15.0-1032.39 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy' to 'verification-done-jammy'. If the problem still exists, change the tag 'verification-needed-jammy' to 'verification-failed-jammy'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: kernel-spammed-jammy-linux-azure -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1996892 Title: Expose built-in trusted and revoked certificates Status in linux package in Ubuntu: Confirmed Status in linux source package in Bionic: Fix Released Status in linux source package in Focal: Fix Released Status in linux source package in Jammy: Fix Released Status in linux source package in Kinetic: Fix Released Status in linux source package in Lunar: Confirmed Bug description: [ Impact ] * Kernels have a set of builtin trusted and revoked certificates as a bundle * It is not very easy to access them, one needs to either download linux kernel package source code; or boot the kernel look up builtin hashes; and then find certificates externally * It would be more convenient for inspection to expose these in the buildinfo package, which already exposes auxiliary kernel information [ Test Plan ] * sudo apt install linux-buildinfo-$(uname -r) * check that /usr/lib/linux/$(uname -r)/canonical-certs.pem exists and contains livepatch cert * check that /usr/lib/linux/$(uname -r)/canonical-uefi-2012-all.pem exists and contains 2012 cert Example output: $ grep Subject: -r usr/lib/linux usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: CN = Canonical Ltd. Live Patch Signing usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: C = GB, ST = Isle of Man, L = Douglas, O = Canonical Ltd., CN = Canonical Ltd. Kernel Module Signing usr/lib/linux/5.19.0-24-generic/canonical-revoked-certs.pem:Subject: C = GB, ST = Isle of Man, O = Canonical Ltd., OU = Secure Boot, CN = Canonical Ltd. Secure Boot Signing [ Where problems could occur ] * buildinfo is an auxiliary package not installed by default, but used by developer tooling and packaging. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1996892/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1996892] Re: Expose built-in trusted and revoked certificates
This bug is awaiting verification that the linux-azure/5.19.0-1017.18 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-kinetic' to 'verification-done-kinetic'. If the problem still exists, change the tag 'verification-needed-kinetic' to 'verification-failed-kinetic'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: kernel-spammed-kinetic-linux-azure -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1996892 Title: Expose built-in trusted and revoked certificates Status in linux package in Ubuntu: Confirmed Status in linux source package in Bionic: Fix Released Status in linux source package in Focal: Fix Released Status in linux source package in Jammy: Fix Released Status in linux source package in Kinetic: Fix Released Status in linux source package in Lunar: Confirmed Bug description: [ Impact ] * Kernels have a set of builtin trusted and revoked certificates as a bundle * It is not very easy to access them, one needs to either download linux kernel package source code; or boot the kernel look up builtin hashes; and then find certificates externally * It would be more convenient for inspection to expose these in the buildinfo package, which already exposes auxiliary kernel information [ Test Plan ] * sudo apt install linux-buildinfo-$(uname -r) * check that /usr/lib/linux/$(uname -r)/canonical-certs.pem exists and contains livepatch cert * check that /usr/lib/linux/$(uname -r)/canonical-uefi-2012-all.pem exists and contains 2012 cert Example output: $ grep Subject: -r usr/lib/linux usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: CN = Canonical Ltd. Live Patch Signing usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: C = GB, ST = Isle of Man, L = Douglas, O = Canonical Ltd., CN = Canonical Ltd. Kernel Module Signing usr/lib/linux/5.19.0-24-generic/canonical-revoked-certs.pem:Subject: C = GB, ST = Isle of Man, O = Canonical Ltd., OU = Secure Boot, CN = Canonical Ltd. Secure Boot Signing [ Where problems could occur ] * buildinfo is an auxiliary package not installed by default, but used by developer tooling and packaging. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1996892/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1996892] Re: Expose built-in trusted and revoked certificates
This bug is awaiting verification that the linux- gke-5.15/5.15.0-1025.30~20.04.1 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: kernel-spammed-focal-linux-gke-5.15 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1996892 Title: Expose built-in trusted and revoked certificates Status in linux package in Ubuntu: Confirmed Status in linux source package in Bionic: Fix Released Status in linux source package in Focal: Fix Released Status in linux source package in Jammy: Fix Released Status in linux source package in Kinetic: Fix Released Status in linux source package in Lunar: Confirmed Bug description: [ Impact ] * Kernels have a set of builtin trusted and revoked certificates as a bundle * It is not very easy to access them, one needs to either download linux kernel package source code; or boot the kernel look up builtin hashes; and then find certificates externally * It would be more convenient for inspection to expose these in the buildinfo package, which already exposes auxiliary kernel information [ Test Plan ] * sudo apt install linux-buildinfo-$(uname -r) * check that /usr/lib/linux/$(uname -r)/canonical-certs.pem exists and contains livepatch cert * check that /usr/lib/linux/$(uname -r)/canonical-uefi-2012-all.pem exists and contains 2012 cert Example output: $ grep Subject: -r usr/lib/linux usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: CN = Canonical Ltd. Live Patch Signing usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: C = GB, ST = Isle of Man, L = Douglas, O = Canonical Ltd., CN = Canonical Ltd. Kernel Module Signing usr/lib/linux/5.19.0-24-generic/canonical-revoked-certs.pem:Subject: C = GB, ST = Isle of Man, O = Canonical Ltd., OU = Secure Boot, CN = Canonical Ltd. Secure Boot Signing [ Where problems could occur ] * buildinfo is an auxiliary package not installed by default, but used by developer tooling and packaging. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1996892/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1996892] Re: Expose built-in trusted and revoked certificates
This bug is awaiting verification that the linux-aws/5.19.0-1018.19 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-kinetic' to 'verification-done-kinetic'. If the problem still exists, change the tag 'verification-needed-kinetic' to 'verification-failed-kinetic'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: kernel-spammed-kinetic-linux-aws -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1996892 Title: Expose built-in trusted and revoked certificates Status in linux package in Ubuntu: Confirmed Status in linux source package in Bionic: Fix Released Status in linux source package in Focal: Fix Released Status in linux source package in Jammy: Fix Released Status in linux source package in Kinetic: Fix Released Status in linux source package in Lunar: Confirmed Bug description: [ Impact ] * Kernels have a set of builtin trusted and revoked certificates as a bundle * It is not very easy to access them, one needs to either download linux kernel package source code; or boot the kernel look up builtin hashes; and then find certificates externally * It would be more convenient for inspection to expose these in the buildinfo package, which already exposes auxiliary kernel information [ Test Plan ] * sudo apt install linux-buildinfo-$(uname -r) * check that /usr/lib/linux/$(uname -r)/canonical-certs.pem exists and contains livepatch cert * check that /usr/lib/linux/$(uname -r)/canonical-uefi-2012-all.pem exists and contains 2012 cert Example output: $ grep Subject: -r usr/lib/linux usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: CN = Canonical Ltd. Live Patch Signing usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: C = GB, ST = Isle of Man, L = Douglas, O = Canonical Ltd., CN = Canonical Ltd. Kernel Module Signing usr/lib/linux/5.19.0-24-generic/canonical-revoked-certs.pem:Subject: C = GB, ST = Isle of Man, O = Canonical Ltd., OU = Secure Boot, CN = Canonical Ltd. Secure Boot Signing [ Where problems could occur ] * buildinfo is an auxiliary package not installed by default, but used by developer tooling and packaging. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1996892/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1996892] Re: Expose built-in trusted and revoked certificates
This bug is awaiting verification that the linux-iot/5.4.0-1011.13 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags removed: verification-done-focal ** Tags added: kernel-spammed-focal-linux-iot verification-needed-focal -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1996892 Title: Expose built-in trusted and revoked certificates Status in linux package in Ubuntu: Confirmed Status in linux source package in Bionic: Fix Released Status in linux source package in Focal: Fix Released Status in linux source package in Jammy: Fix Released Status in linux source package in Kinetic: Fix Released Status in linux source package in Lunar: Confirmed Bug description: [ Impact ] * Kernels have a set of builtin trusted and revoked certificates as a bundle * It is not very easy to access them, one needs to either download linux kernel package source code; or boot the kernel look up builtin hashes; and then find certificates externally * It would be more convenient for inspection to expose these in the buildinfo package, which already exposes auxiliary kernel information [ Test Plan ] * sudo apt install linux-buildinfo-$(uname -r) * check that /usr/lib/linux/$(uname -r)/canonical-certs.pem exists and contains livepatch cert * check that /usr/lib/linux/$(uname -r)/canonical-uefi-2012-all.pem exists and contains 2012 cert Example output: $ grep Subject: -r usr/lib/linux usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: CN = Canonical Ltd. Live Patch Signing usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: C = GB, ST = Isle of Man, L = Douglas, O = Canonical Ltd., CN = Canonical Ltd. Kernel Module Signing usr/lib/linux/5.19.0-24-generic/canonical-revoked-certs.pem:Subject: C = GB, ST = Isle of Man, O = Canonical Ltd., OU = Secure Boot, CN = Canonical Ltd. Secure Boot Signing [ Where problems could occur ] * buildinfo is an auxiliary package not installed by default, but used by developer tooling and packaging. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1996892/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1996892] Re: Expose built-in trusted and revoked certificates
This bug is awaiting verification that the linux-ibm/5.19.0-1015.16 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-kinetic' to 'verification-done-kinetic'. If the problem still exists, change the tag 'verification-needed-kinetic' to 'verification-failed-kinetic'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: kernel-spammed-kinetic-linux-ibm -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1996892 Title: Expose built-in trusted and revoked certificates Status in linux package in Ubuntu: Confirmed Status in linux source package in Bionic: Fix Released Status in linux source package in Focal: Fix Released Status in linux source package in Jammy: Fix Released Status in linux source package in Kinetic: Fix Released Status in linux source package in Lunar: Confirmed Bug description: [ Impact ] * Kernels have a set of builtin trusted and revoked certificates as a bundle * It is not very easy to access them, one needs to either download linux kernel package source code; or boot the kernel look up builtin hashes; and then find certificates externally * It would be more convenient for inspection to expose these in the buildinfo package, which already exposes auxiliary kernel information [ Test Plan ] * sudo apt install linux-buildinfo-$(uname -r) * check that /usr/lib/linux/$(uname -r)/canonical-certs.pem exists and contains livepatch cert * check that /usr/lib/linux/$(uname -r)/canonical-uefi-2012-all.pem exists and contains 2012 cert Example output: $ grep Subject: -r usr/lib/linux usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: CN = Canonical Ltd. Live Patch Signing usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: C = GB, ST = Isle of Man, L = Douglas, O = Canonical Ltd., CN = Canonical Ltd. Kernel Module Signing usr/lib/linux/5.19.0-24-generic/canonical-revoked-certs.pem:Subject: C = GB, ST = Isle of Man, O = Canonical Ltd., OU = Secure Boot, CN = Canonical Ltd. Secure Boot Signing [ Where problems could occur ] * buildinfo is an auxiliary package not installed by default, but used by developer tooling and packaging. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1996892/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1996892] Re: Expose built-in trusted and revoked certificates
This bug was fixed in the package linux - 5.19.0-28.29 --- linux (5.19.0-28.29) kinetic; urgency=medium * kinetic/linux: 5.19.0-28.29 -proposed tracker (LP: #1999746) * mm:vma05 in ubuntu_ltp fails with '[vdso] bug not patched' on kinetic/linux 5.19.0-27.28 (LP: #1999094) - fix coredump breakage linux (5.19.0-27.28) kinetic; urgency=medium * kinetic/linux: 5.19.0-27.28 -proposed tracker (LP: #1997794) * Packaging resync (LP: #1786013) - debian/dkms-versions -- update from kernel-versions (main/2022.11.14) * selftests/.../nat6to4 breaks the selftests build (LP: #1996536) - [Config] Disable selftests/net/bpf/nat6to4 * Expose built-in trusted and revoked certificates (LP: #1996892) - [Packaging] Expose built-in trusted and revoked certificates * support for same series backports versioning numbers (LP: #1993563) - [Packaging] sameport -- add support for sameport versioning * Add cs35l41 firmware loading support (LP: #1995957) - ASoC: cs35l41: Move cs35l41 exit hibernate function into shared code - ASoC: cs35l41: Add common cs35l41 enter hibernate function - ASoC: cs35l41: Do not print error when waking from hibernation - ALSA: hda: cs35l41: Don't dereference fwnode handle - ALSA: hda: cs35l41: Allow compilation test on non-ACPI configurations - ALSA: hda: cs35l41: Drop wrong use of ACPI_PTR() - ALSA: hda: cs35l41: Consolidate selections under SND_HDA_SCODEC_CS35L41 - ALSA: hda: hda_cs_dsp_ctl: Add Library to support CS_DSP ALSA controls - ALSA: hda: hda_cs_dsp_ctl: Add apis to write the controls directly - ALSA: hda: cs35l41: Save codec object inside component struct - ALSA: hda: cs35l41: Add initial DSP support and firmware loading - ALSA: hda: cs35l41: Save Subsystem ID inside CS35L41 Driver - ALSA: hda: cs35l41: Support reading subsystem id from ACPI - ALSA: hda: cs35l41: Support multiple load paths for firmware - ALSA: hda: cs35l41: Support Speaker ID for laptops - ALSA: hda: cs35l41: Support Hibernation during Suspend - ALSA: hda: cs35l41: Read Speaker Calibration data from UEFI variables - ALSA: hda: hda_cs_dsp_ctl: Add fw id strings - ALSA: hda: cs35l41: Add defaulted values into dsp bypass config sequence - ALSA: hda: cs35l41: Support Firmware switching and reloading - ALSA: hda: cs35l41: Add module parameter to control firmware load - Revert "ALSA: hda: cs35l41: Allow compilation test on non-ACPI configurations" - ALSA: hda/realtek: More robust component matching for CS35L41 - [Config] updateconfigs for SND_HDA_CS_DSP_CONTROLS * Fibocom WWAN FM350-GL suspend error (notebook not suspend) (LP: #1990700) - net: wwan: t7xx: Add AP CLDMA * Screen cannot turn on after screen off with Matrox G200eW3 [102b:0536] (LP: #1995573) - drm/mgag200: Optimize damage clips - drm/mgag200: Add FB_DAMAGE_CLIPS support - drm/mgag200: Enable atomic gamma lut update * TEE Support for CCP driver (LP: #1991608) - crypto: ccp: Add support for TEE for PCI ID 0x14CA * AMD Cezanne takes 5 minutes to wake up from suspend (LP: #1993715) - platform/x86/amd: pmc: Read SMU version during suspend on Cezanne systems * Fix ath11k deadlock on WCN6855 (LP: #1995041) - wifi: ath11k: avoid deadlock during regulatory update in ath11k_regd_update() * intel_pmc_core not load on Raptor Lake (LP: #1988461) - x86/cpu: Add new Raptor Lake CPU model number - platform/x86/intel: pmc/core: Add Raptor Lake support to pmc core driver * [UBUNTU 20.04] boot: Add s390x secure boot trailer (LP: #1996071) - s390/boot: add secure boot trailer * Fix rfkill causing soft blocked wifi (LP: #1996198) - platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi * Support Icicle Kit reference design v2022.10 (LP: #1993148) - riscv: dts: microchip: icicle: re-jig fabric peripheral addresses - riscv: dts: microchip: reduce the fic3 clock rate - riscv: dts: microchip: update memory configuration for v2022.10 - riscv: dts: microchip: fix fabric i2c reg size - SAUCE: riscv: dts: microchip: Disable PCIe on the Icicle Kit * Fix Turbostat is not working for fam: 6 model: 191: stepping: 2 CPU (LP: #1991365) - tools/power turbostat: Add support for RPL-S * armhf kernel compiled with gcc-12 fails to boot on pi 3/2 (LP: #1993120) - [Packaging] Support arch-specific compilers in updateconfigs * Kinetic update: v5.19.17 upstream stable release (LP: #1994179) - Revert "fs: check FMODE_LSEEK to control internal pipe splicing" - ALSA: oss: Fix potential deadlock at unregistration - ALSA: rawmidi: Drop register_mutex in snd_rawmidi_free() - ALSA: usb-audio: Fix potential memory leaks - ALSA: usb-audio: Fix NULL dererence at error path - ALSA: hda/realtek: remove ALC289_FIXUP_DUAL_SPK for Dell 5530 - ALSA: hda/realtek: Correct pin configs for ASUS G533Z - ALSA:
[Kernel-packages] [Bug 1996892] Re: Expose built-in trusted and revoked certificates
This bug was fixed in the package linux - 5.15.0-57.63 --- linux (5.15.0-57.63) jammy; urgency=medium * jammy/linux: 5.15.0-57.63 -proposed tracker (LP: #1997737) * Packaging resync (LP: #1786013) - [Packaging] update variants - debian/dkms-versions -- update from kernel-versions (main/2022.11.14) * Expose built-in trusted and revoked certificates (LP: #1996892) - [Packaging] Expose built-in trusted and revoked certificates * TEE Support for CCP driver (LP: #1991608) - crypto: ccp: Add support for TEE for PCI ID 0x14CA * alsa: soc: the kernel print UBSAN calltrace on the machine with cs35l41 codec (LP: #1996121) - ASoC: cs35l41: Add one more variable in the debug log - ASoC: cs35l41: Fix an out-of-bounds access in otp_packed_element_t * Fix ath11k deadlock on WCN6855 (LP: #1995041) - wifi: ath11k: avoid deadlock during regulatory update in ath11k_regd_update() * [UBUNTU 20.04] boot: Add s390x secure boot trailer (LP: #1996071) - s390/boot: add secure boot trailer * Fix rfkill causing soft blocked wifi (LP: #1996198) - platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi * Fix Thunderbolt device hotplug fail when connect via thunderbolt dock (LP: #1991366) - PCI: Fix used_buses calculation in pci_scan_child_bus_extend() - PCI: Pass available buses even if the bridge is already configured - PCI: Move pci_assign_unassigned_root_bus_resources() - PCI: Distribute available resources for root buses, too - PCI: Fix whitespace and indentation - PCI: Fix typo in pci_scan_child_bus_extend() * md: Replace snprintf with scnprintf (LP: #1993315) - md: Replace snprintf with scnprintf * input/keyboard: the keyboard on some Asus laptops can't work (LP: #1992266) - ACPI: resource: Skip IRQ override on Asus Vivobook K3402ZA/K3502ZA - ACPI: resource: Add ASUS model S5402ZA to quirks * Fix Turbostat is not working for fam: 6 model: 191: stepping: 2 CPU (LP: #1991365) - tools/power turbostat: Add support for RPL-S * pcieport :00:1b.0: PCIe Bus Error: severity=Uncorrected (Non-Fatal), type=Transaction Layer, (Requester ID) (LP: #1988797) - PCI/PTM: Cache PTM Capability offset - PCI/PTM: Add pci_upstream_ptm() helper - PCI/PTM: Separate configuration and enable - PCI/PTM: Add pci_suspend_ptm() and pci_resume_ptm() - PCI/PTM: Move pci_ptm_info() body into its only caller - PCI/PTM: Preserve RsvdP bits in PTM Control register - PCI/PTM: Reorder functions in logical order - PCI/PTM: Consolidate PTM interface declarations - PCI/PM: Always disable PTM for all devices during suspend - PCI/PM: Simplify pci_pm_suspend_noirq() * Fix RPL-S support on powercap/intel_rapl (LP: #1990161) - x86/cpu: Drop spurious underscore from RAPTOR_LAKE #define - x86/cpu: Add new Alderlake and Raptorlake CPU model numbers - x86/cpu: Add new Raptor Lake CPU model number - powercap: intel_rapl: add support for RaptorLake - powercap: intel_rapl: Add support for RAPTORLAKE_P - powercap: intel_rapl: Add support for RAPTORLAKE_S * AMD Yellow Carp system hang on HDMI plug in/out over HP hook2 docking (LP: #1991974) - drm/amd/display: Fix for link encoder access for MST. - drm/amd/display: Fix MST link encoder availability check. - drm/amd/display: FEC configuration for dpia links - drm/amd/display: FEC configuration for dpia links in MST mode - drm/amd/display: Add work around for tunneled MST. * Jammy update: v5.15.74 upstream stable release (LP: #1995638) - nilfs2: fix use-after-free bug of struct nilfs_root - nilfs2: fix leak of nilfs_root in case of writer thread creation failure - nilfs2: replace WARN_ONs by nilfs_error for checkpoint acquisition failure - ceph: don't truncate file in atomic_open - random: restore O_NONBLOCK support - random: clamp credited irq bits to maximum mixed - ALSA: hda: Fix position reporting on Poulsbo - efi: Correct Macmini DMI match in uefi cert quirk - USB: serial: qcserial: add new usb-id for Dell branded EM7455 - Revert "powerpc/rtas: Implement reentrant rtas call" - Revert "crypto: qat - reduce size of mapped region" - random: avoid reading two cache lines on irq randomness - random: use expired timer rather than wq for mixing fast pool - Input: xpad - add supported devices as contributed on github - Input: xpad - fix wireless 360 controller breaking after suspend - misc: pci_endpoint_test: Aggregate params checking for xfer - misc: pci_endpoint_test: Fix pci_endpoint_test_{copy,write,read}() panic - Linux 5.15.74 * Jammy update: v5.15.73 upstream stable release (LP: #1995637) - Makefile.extrawarn: Move -Wcast-function-type-strict to W=1 - docs: update mediator information in CoC docs - xsk: Inherit need_wakeup flag for shared sockets - mm: gup: fix the fast GUP race against THP
[Kernel-packages] [Bug 1996892] Re: Expose built-in trusted and revoked certificates
This bug was fixed in the package linux - 5.4.0-136.153 --- linux (5.4.0-136.153) focal; urgency=medium * focal/linux: 5.4.0-136.153 -proposed tracker (LP: #1997835) * Expose built-in trusted and revoked certificates (LP: #1996892) - [Packaging] Expose built-in trusted and revoked certificates * [UBUNTU 20.04] KVM: PV: ext call delivered twice when receiver in PSW wait (LP: #1995941) - KVM: s390: pv: don't present the ecall interrupt twice * [UBUNTU 20.04] boot: Add s390x secure boot trailer (LP: #1996071) - s390/boot: add secure boot trailer * Fix rfkill causing soft blocked wifi (LP: #1996198) - platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi * md: Replace snprintf with scnprintf (LP: #1993315) - md: Replace snprintf with scnprintf * input/keyboard: the keyboard on some Asus laptops can't work (LP: #1992266) - ACPI: resource: Skip IRQ override on Asus Vivobook K3402ZA/K3502ZA - ACPI: resource: Add ASUS model S5402ZA to quirks * Focal update: v5.4.218 upstream stable release (LP: #1995530) - mm: pagewalk: Fix race between unmap and page walker - perf tools: Fixup get_current_dir_name() compilation - firmware: arm_scmi: Add SCMI PM driver remove routine - dmaengine: xilinx_dma: cleanup for fetching xlnx,num-fstores property - dmaengine: xilinx_dma: Report error in case of dma_set_mask_and_coherent API failure - ARM: dts: fix Moxa SDIO 'compatible', remove 'sdhci' misnomer - scsi: qedf: Fix a UAF bug in __qedf_probe() - net/ieee802154: fix uninit value bug in dgram_sendmsg - um: Cleanup syscall_handler_t cast in syscalls_32.h - um: Cleanup compiler warning in arch/x86/um/tls_32.c - arch: um: Mark the stack non-executable to fix a binutils warning - usb: mon: make mmapped memory read only - USB: serial: ftdi_sio: fix 300 bps rate for SIO - mmc: core: Replace with already defined values for readability - mmc: core: Terminate infinite loop in SD-UHS voltage switch - rpmsg: qcom: glink: replace strncpy() with strscpy_pad() - nilfs2: fix leak of nilfs_root in case of writer thread creation failure - nilfs2: replace WARN_ONs by nilfs_error for checkpoint acquisition failure - ceph: don't truncate file in atomic_open - random: clamp credited irq bits to maximum mixed - ALSA: hda: Fix position reporting on Poulsbo - efi: Correct Macmini DMI match in uefi cert quirk - USB: serial: qcserial: add new usb-id for Dell branded EM7455 - random: restore O_NONBLOCK support - random: avoid reading two cache lines on irq randomness - random: use expired timer rather than wq for mixing fast pool - Input: xpad - add supported devices as contributed on github - Input: xpad - fix wireless 360 controller breaking after suspend - Linux 5.4.218 * Focal update: v5.4.217 upstream stable release (LP: #1995528) - xfs: fix misuse of the XFS_ATTR_INCOMPLETE flag - xfs: introduce XFS_MAX_FILEOFF - xfs: truncate should remove all blocks, not just to the end of the page cache - xfs: fix s_maxbytes computation on 32-bit kernels - xfs: fix IOCB_NOWAIT handling in xfs_file_dio_aio_read - xfs: refactor remote attr value buffer invalidation - xfs: fix memory corruption during remote attr value buffer invalidation - xfs: move incore structures out of xfs_da_format.h - xfs: streamline xfs_attr3_leaf_inactive - xfs: fix uninitialized variable in xfs_attr3_leaf_inactive - xfs: remove unused variable 'done' - Makefile.extrawarn: Move -Wcast-function-type-strict to W=1 - docs: update mediator information in CoC docs - Linux 5.4.217 * Focal update: v5.4.216 upstream stable release (LP: #1995526) - uas: add no-uas quirk for Hiksemi usb_disk - usb-storage: Add Hiksemi USB3-FW to IGNORE_UAS - uas: ignore UAS for Thinkplus chips - net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455 - clk: ingenic-tcu: Properly enable registers before accessing timers - ARM: dts: integrator: Tag PCI host with device_type - ntfs: fix BUG_ON in ntfs_lookup_inode_by_name() - libata: add ATA_HORKAGE_NOLPM for Pioneer BDR-207M and BDR-205 - mmc: moxart: fix 4-bit bus width and remove 8-bit bus width - mm/page_alloc: fix race condition between build_all_zonelists and page allocation - mm: prevent page_frag_alloc() from corrupting the memory - mm/migrate_device.c: flush TLB while holding PTL - mm: fix madivse_pageout mishandling on non-LRU page - media: dvb_vb2: fix possible out of bound access - ARM: dts: Move am33xx and am43xx mmc nodes to sdhci-omap driver - ARM: dts: am33xx: Fix MMCHS0 dma properties - soc: sunxi: sram: Actually claim SRAM regions - soc: sunxi: sram: Prevent the driver from being unbound - soc: sunxi_sram: Make use of the helper function devm_platform_ioremap_resource() - soc: sunxi: sram: Fix
[Kernel-packages] [Bug 1996892] Re: Expose built-in trusted and revoked certificates
This bug is awaiting verification that the linux-oem-6.1/6.1.0-1004.4 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy' to 'verification-done-jammy'. If the problem still exists, change the tag 'verification-needed-jammy' to 'verification-failed-jammy'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags removed: verification-done-jammy ** Tags added: kernel-spammed-jammy-linux-oem-6.1 verification-needed-jammy -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1996892 Title: Expose built-in trusted and revoked certificates Status in linux package in Ubuntu: Confirmed Status in linux source package in Bionic: Fix Released Status in linux source package in Focal: Fix Committed Status in linux source package in Jammy: Fix Committed Status in linux source package in Kinetic: Fix Committed Status in linux source package in Lunar: Confirmed Bug description: [ Impact ] * Kernels have a set of builtin trusted and revoked certificates as a bundle * It is not very easy to access them, one needs to either download linux kernel package source code; or boot the kernel look up builtin hashes; and then find certificates externally * It would be more convenient for inspection to expose these in the buildinfo package, which already exposes auxiliary kernel information [ Test Plan ] * sudo apt install linux-buildinfo-$(uname -r) * check that /usr/lib/linux/$(uname -r)/canonical-certs.pem exists and contains livepatch cert * check that /usr/lib/linux/$(uname -r)/canonical-uefi-2012-all.pem exists and contains 2012 cert Example output: $ grep Subject: -r usr/lib/linux usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: CN = Canonical Ltd. Live Patch Signing usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: C = GB, ST = Isle of Man, L = Douglas, O = Canonical Ltd., CN = Canonical Ltd. Kernel Module Signing usr/lib/linux/5.19.0-24-generic/canonical-revoked-certs.pem:Subject: C = GB, ST = Isle of Man, O = Canonical Ltd., OU = Secure Boot, CN = Canonical Ltd. Secure Boot Signing [ Where problems could occur ] * buildinfo is an auxiliary package not installed by default, but used by developer tooling and packaging. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1996892/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1996892] Re: Expose built-in trusted and revoked certificates
Successfully verified for jammy/linux 5.15.0-57.63: $ grep Subject: -r usr/lib/linux usr/lib/linux/5.15.0-57-generic/canonical-certs.pem:Subject: CN = Canonical Ltd. Live Patch Signing usr/lib/linux/5.15.0-57-generic/canonical-certs.pem:Subject: C = GB, ST = Isle of Man, L = Douglas, O = Canonical Ltd., CN = Canonical Ltd. Kernel Module Signing usr/lib/linux/5.15.0-57-generic/canonical-revoked-certs.pem:Subject: C = GB, ST = Isle of Man, O = Canonical Ltd., OU = Secure Boot, CN = Canonical Ltd. Secure Boot Signing ** Tags removed: verification-needed-jammy ** Tags added: verification-done-jammy -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1996892 Title: Expose built-in trusted and revoked certificates Status in linux package in Ubuntu: Confirmed Status in linux source package in Bionic: Fix Released Status in linux source package in Focal: Fix Committed Status in linux source package in Jammy: Fix Committed Status in linux source package in Kinetic: Fix Committed Status in linux source package in Lunar: Confirmed Bug description: [ Impact ] * Kernels have a set of builtin trusted and revoked certificates as a bundle * It is not very easy to access them, one needs to either download linux kernel package source code; or boot the kernel look up builtin hashes; and then find certificates externally * It would be more convenient for inspection to expose these in the buildinfo package, which already exposes auxiliary kernel information [ Test Plan ] * sudo apt install linux-buildinfo-$(uname -r) * check that /usr/lib/linux/$(uname -r)/canonical-certs.pem exists and contains livepatch cert * check that /usr/lib/linux/$(uname -r)/canonical-uefi-2012-all.pem exists and contains 2012 cert Example output: $ grep Subject: -r usr/lib/linux usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: CN = Canonical Ltd. Live Patch Signing usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: C = GB, ST = Isle of Man, L = Douglas, O = Canonical Ltd., CN = Canonical Ltd. Kernel Module Signing usr/lib/linux/5.19.0-24-generic/canonical-revoked-certs.pem:Subject: C = GB, ST = Isle of Man, O = Canonical Ltd., OU = Secure Boot, CN = Canonical Ltd. Secure Boot Signing [ Where problems could occur ] * buildinfo is an auxiliary package not installed by default, but used by developer tooling and packaging. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1996892/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1996892] Re: Expose built-in trusted and revoked certificates
This bug is awaiting verification that the linux-nvidia/5.15.0-1011.11 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy' to 'verification-done-jammy'. If the problem still exists, change the tag 'verification-needed-jammy' to 'verification-failed-jammy'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: kernel-spammed-jammy-linux-nvidia -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1996892 Title: Expose built-in trusted and revoked certificates Status in linux package in Ubuntu: Confirmed Status in linux source package in Bionic: Fix Released Status in linux source package in Focal: Fix Committed Status in linux source package in Jammy: Fix Committed Status in linux source package in Kinetic: Fix Committed Status in linux source package in Lunar: Confirmed Bug description: [ Impact ] * Kernels have a set of builtin trusted and revoked certificates as a bundle * It is not very easy to access them, one needs to either download linux kernel package source code; or boot the kernel look up builtin hashes; and then find certificates externally * It would be more convenient for inspection to expose these in the buildinfo package, which already exposes auxiliary kernel information [ Test Plan ] * sudo apt install linux-buildinfo-$(uname -r) * check that /usr/lib/linux/$(uname -r)/canonical-certs.pem exists and contains livepatch cert * check that /usr/lib/linux/$(uname -r)/canonical-uefi-2012-all.pem exists and contains 2012 cert Example output: $ grep Subject: -r usr/lib/linux usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: CN = Canonical Ltd. Live Patch Signing usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: C = GB, ST = Isle of Man, L = Douglas, O = Canonical Ltd., CN = Canonical Ltd. Kernel Module Signing usr/lib/linux/5.19.0-24-generic/canonical-revoked-certs.pem:Subject: C = GB, ST = Isle of Man, O = Canonical Ltd., OU = Secure Boot, CN = Canonical Ltd. Secure Boot Signing [ Where problems could occur ] * buildinfo is an auxiliary package not installed by default, but used by developer tooling and packaging. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1996892/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1996892] Re: Expose built-in trusted and revoked certificates
** Tags removed: verification-needed-focal ** Tags added: verification-done-focal -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1996892 Title: Expose built-in trusted and revoked certificates Status in linux package in Ubuntu: Confirmed Status in linux source package in Bionic: Fix Released Status in linux source package in Focal: Fix Committed Status in linux source package in Jammy: Fix Committed Status in linux source package in Kinetic: Fix Committed Status in linux source package in Lunar: Confirmed Bug description: [ Impact ] * Kernels have a set of builtin trusted and revoked certificates as a bundle * It is not very easy to access them, one needs to either download linux kernel package source code; or boot the kernel look up builtin hashes; and then find certificates externally * It would be more convenient for inspection to expose these in the buildinfo package, which already exposes auxiliary kernel information [ Test Plan ] * sudo apt install linux-buildinfo-$(uname -r) * check that /usr/lib/linux/$(uname -r)/canonical-certs.pem exists and contains livepatch cert * check that /usr/lib/linux/$(uname -r)/canonical-uefi-2012-all.pem exists and contains 2012 cert Example output: $ grep Subject: -r usr/lib/linux usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: CN = Canonical Ltd. Live Patch Signing usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: C = GB, ST = Isle of Man, L = Douglas, O = Canonical Ltd., CN = Canonical Ltd. Kernel Module Signing usr/lib/linux/5.19.0-24-generic/canonical-revoked-certs.pem:Subject: C = GB, ST = Isle of Man, O = Canonical Ltd., OU = Secure Boot, CN = Canonical Ltd. Secure Boot Signing [ Where problems could occur ] * buildinfo is an auxiliary package not installed by default, but used by developer tooling and packaging. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1996892/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1996892] Re: Expose built-in trusted and revoked certificates
** Tags removed: verification-needed-bionic ** Tags added: verification-done-bionic -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1996892 Title: Expose built-in trusted and revoked certificates Status in linux package in Ubuntu: Confirmed Status in linux source package in Bionic: Fix Released Status in linux source package in Focal: Fix Committed Status in linux source package in Jammy: Fix Committed Status in linux source package in Kinetic: Fix Committed Status in linux source package in Lunar: Confirmed Bug description: [ Impact ] * Kernels have a set of builtin trusted and revoked certificates as a bundle * It is not very easy to access them, one needs to either download linux kernel package source code; or boot the kernel look up builtin hashes; and then find certificates externally * It would be more convenient for inspection to expose these in the buildinfo package, which already exposes auxiliary kernel information [ Test Plan ] * sudo apt install linux-buildinfo-$(uname -r) * check that /usr/lib/linux/$(uname -r)/canonical-certs.pem exists and contains livepatch cert * check that /usr/lib/linux/$(uname -r)/canonical-uefi-2012-all.pem exists and contains 2012 cert Example output: $ grep Subject: -r usr/lib/linux usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: CN = Canonical Ltd. Live Patch Signing usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: C = GB, ST = Isle of Man, L = Douglas, O = Canonical Ltd., CN = Canonical Ltd. Kernel Module Signing usr/lib/linux/5.19.0-24-generic/canonical-revoked-certs.pem:Subject: C = GB, ST = Isle of Man, O = Canonical Ltd., OU = Secure Boot, CN = Canonical Ltd. Secure Boot Signing [ Where problems could occur ] * buildinfo is an auxiliary package not installed by default, but used by developer tooling and packaging. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1996892/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1996892] Re: Expose built-in trusted and revoked certificates
This bug is awaiting verification that the linux/4.15.0-201.212 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed-bionic'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: kernel-spammed-bionic-linux verification-needed-bionic -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1996892 Title: Expose built-in trusted and revoked certificates Status in linux package in Ubuntu: Confirmed Status in linux source package in Bionic: Fix Released Status in linux source package in Focal: Fix Committed Status in linux source package in Jammy: Fix Committed Status in linux source package in Kinetic: Fix Committed Status in linux source package in Lunar: Confirmed Bug description: [ Impact ] * Kernels have a set of builtin trusted and revoked certificates as a bundle * It is not very easy to access them, one needs to either download linux kernel package source code; or boot the kernel look up builtin hashes; and then find certificates externally * It would be more convenient for inspection to expose these in the buildinfo package, which already exposes auxiliary kernel information [ Test Plan ] * sudo apt install linux-buildinfo-$(uname -r) * check that /usr/lib/linux/$(uname -r)/canonical-certs.pem exists and contains livepatch cert * check that /usr/lib/linux/$(uname -r)/canonical-uefi-2012-all.pem exists and contains 2012 cert Example output: $ grep Subject: -r usr/lib/linux usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: CN = Canonical Ltd. Live Patch Signing usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: C = GB, ST = Isle of Man, L = Douglas, O = Canonical Ltd., CN = Canonical Ltd. Kernel Module Signing usr/lib/linux/5.19.0-24-generic/canonical-revoked-certs.pem:Subject: C = GB, ST = Isle of Man, O = Canonical Ltd., OU = Secure Boot, CN = Canonical Ltd. Secure Boot Signing [ Where problems could occur ] * buildinfo is an auxiliary package not installed by default, but used by developer tooling and packaging. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1996892/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1996892] Re: Expose built-in trusted and revoked certificates
This bug is awaiting verification that the linux/5.15.0-57.63 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy' to 'verification-done-jammy'. If the problem still exists, change the tag 'verification-needed-jammy' to 'verification-failed-jammy'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: kernel-spammed-jammy-linux verification-needed-jammy -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1996892 Title: Expose built-in trusted and revoked certificates Status in linux package in Ubuntu: Confirmed Status in linux source package in Bionic: Fix Released Status in linux source package in Focal: Fix Committed Status in linux source package in Jammy: Fix Committed Status in linux source package in Kinetic: Fix Committed Status in linux source package in Lunar: Confirmed Bug description: [ Impact ] * Kernels have a set of builtin trusted and revoked certificates as a bundle * It is not very easy to access them, one needs to either download linux kernel package source code; or boot the kernel look up builtin hashes; and then find certificates externally * It would be more convenient for inspection to expose these in the buildinfo package, which already exposes auxiliary kernel information [ Test Plan ] * sudo apt install linux-buildinfo-$(uname -r) * check that /usr/lib/linux/$(uname -r)/canonical-certs.pem exists and contains livepatch cert * check that /usr/lib/linux/$(uname -r)/canonical-uefi-2012-all.pem exists and contains 2012 cert Example output: $ grep Subject: -r usr/lib/linux usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: CN = Canonical Ltd. Live Patch Signing usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: C = GB, ST = Isle of Man, L = Douglas, O = Canonical Ltd., CN = Canonical Ltd. Kernel Module Signing usr/lib/linux/5.19.0-24-generic/canonical-revoked-certs.pem:Subject: C = GB, ST = Isle of Man, O = Canonical Ltd., OU = Secure Boot, CN = Canonical Ltd. Secure Boot Signing [ Where problems could occur ] * buildinfo is an auxiliary package not installed by default, but used by developer tooling and packaging. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1996892/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1996892] Re: Expose built-in trusted and revoked certificates
This bug is awaiting verification that the linux/5.19.0-27.28 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-kinetic' to 'verification-done-kinetic'. If the problem still exists, change the tag 'verification-needed-kinetic' to 'verification-failed-kinetic'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: kernel-spammed-kinetic-linux verification-needed-kinetic -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1996892 Title: Expose built-in trusted and revoked certificates Status in linux package in Ubuntu: Confirmed Status in linux source package in Bionic: Fix Released Status in linux source package in Focal: Fix Committed Status in linux source package in Jammy: Fix Committed Status in linux source package in Kinetic: Fix Committed Status in linux source package in Lunar: Confirmed Bug description: [ Impact ] * Kernels have a set of builtin trusted and revoked certificates as a bundle * It is not very easy to access them, one needs to either download linux kernel package source code; or boot the kernel look up builtin hashes; and then find certificates externally * It would be more convenient for inspection to expose these in the buildinfo package, which already exposes auxiliary kernel information [ Test Plan ] * sudo apt install linux-buildinfo-$(uname -r) * check that /usr/lib/linux/$(uname -r)/canonical-certs.pem exists and contains livepatch cert * check that /usr/lib/linux/$(uname -r)/canonical-uefi-2012-all.pem exists and contains 2012 cert Example output: $ grep Subject: -r usr/lib/linux usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: CN = Canonical Ltd. Live Patch Signing usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: C = GB, ST = Isle of Man, L = Douglas, O = Canonical Ltd., CN = Canonical Ltd. Kernel Module Signing usr/lib/linux/5.19.0-24-generic/canonical-revoked-certs.pem:Subject: C = GB, ST = Isle of Man, O = Canonical Ltd., OU = Secure Boot, CN = Canonical Ltd. Secure Boot Signing [ Where problems could occur ] * buildinfo is an auxiliary package not installed by default, but used by developer tooling and packaging. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1996892/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1996892] Re: Expose built-in trusted and revoked certificates
This bug is awaiting verification that the linux/5.4.0-136.153 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: kernel-spammed-focal-linux verification-needed-focal -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1996892 Title: Expose built-in trusted and revoked certificates Status in linux package in Ubuntu: Confirmed Status in linux source package in Bionic: Fix Released Status in linux source package in Focal: Fix Committed Status in linux source package in Jammy: Fix Committed Status in linux source package in Kinetic: Fix Committed Status in linux source package in Lunar: Confirmed Bug description: [ Impact ] * Kernels have a set of builtin trusted and revoked certificates as a bundle * It is not very easy to access them, one needs to either download linux kernel package source code; or boot the kernel look up builtin hashes; and then find certificates externally * It would be more convenient for inspection to expose these in the buildinfo package, which already exposes auxiliary kernel information [ Test Plan ] * sudo apt install linux-buildinfo-$(uname -r) * check that /usr/lib/linux/$(uname -r)/canonical-certs.pem exists and contains livepatch cert * check that /usr/lib/linux/$(uname -r)/canonical-uefi-2012-all.pem exists and contains 2012 cert Example output: $ grep Subject: -r usr/lib/linux usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: CN = Canonical Ltd. Live Patch Signing usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: C = GB, ST = Isle of Man, L = Douglas, O = Canonical Ltd., CN = Canonical Ltd. Kernel Module Signing usr/lib/linux/5.19.0-24-generic/canonical-revoked-certs.pem:Subject: C = GB, ST = Isle of Man, O = Canonical Ltd., OU = Secure Boot, CN = Canonical Ltd. Secure Boot Signing [ Where problems could occur ] * buildinfo is an auxiliary package not installed by default, but used by developer tooling and packaging. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1996892/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1996892] Re: Expose built-in trusted and revoked certificates
This bug was fixed in the package linux - 4.15.0-201.212 --- linux (4.15.0-201.212) bionic; urgency=medium * bionic/linux: 4.15.0-201.212 -proposed tracker (LP: #1997871) * Expose built-in trusted and revoked certificates (LP: #1996892) - [Packaging] Expose built-in trusted and revoked certificates * Bionic update: upstream stable patchset 2022-09-21 (LP: #1990434) - s390/archrandom: prevent CPACF trng invocations in interrupt context * BUG: scheduling while atomic: ip/1210/0x0200 on xenial/hwe rumford (LP: #1995870) - tg3: prevent scheduling while atomic splat * Bionic update: upstream stable patchset 2022-10-18 (LP: #1993349) - bpf: Verifer, adjust_scalar_min_max_vals to always call update_reg_bounds() - selftests/bpf: Fix test_align verifier log patterns - drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg - platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask - wifi: cfg80211: debugfs: fix return type in ht40allow_map_read() - ethernet: rocker: fix sleep in atomic context bug in neigh_timer_handler - kcm: fix strp_init() order and cleanup - serial: fsl_lpuart: RS485 RTS polariy is inverse - staging: rtl8712: fix use after free bugs - vt: Clear selection before changing the font - USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id - binder: fix UAF of ref->proc caused by race condition - drm/i915/reg: Fix spelling mistake "Unsupport" -> "Unsupported" - Input: rk805-pwrkey - fix module autoloading - hwmon: (gpio-fan) Fix array out of bounds access - thunderbolt: Use the actual buffer in tb_async_error() - xhci: Add grace period after xHC start to prevent premature runtime suspend. - USB: serial: cp210x: add Decagon UCA device id - USB: serial: option: add support for OPPO R11 diag port - USB: serial: option: add Quectel EM060K modem - USB: serial: option: add support for Cinterion MV32-WA/WB RmNet mode - usb: dwc2: fix wrong order of phy_power_on and phy_init - USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020) - usb-storage: Add ignore-residue quirk for NXP PN7462AU - s390/hugetlb: fix prepare_hugepage_range() check for 2 GB hugepages - s390: fix nospec table alignments - USB: core: Prevent nested device-reset calls - usb: gadget: mass_storage: Fix cdrom data transfers on MAC-OS - wifi: mac80211: Don't finalize CSA in IBSS mode if state is disconnected - net: mac802154: Fix a condition in the receive path - ALSA: seq: oss: Fix data-race for max_midi_devs access - ALSA: seq: Fix data-race at module auto-loading - efi: capsule-loader: Fix use-after-free in efi_capsule_write - wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in il4965_rs_fill_link_cmd() - fs: only do a memory barrier for the first set_buffer_uptodate() - Revert "mm: kmemleak: take a full lowmem check in kmemleak_*_phys()" - drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup. - drm/radeon: add a force flush to delay work when radeon - parisc: ccio-dma: Handle kmalloc failure in ccio_init_resources() - parisc: Add runtime check to prevent PA2.0 kernels on PA1.x machines - fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init() - ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() - ALSA: aloop: Fix random zeros in capture data when using jiffies timer - ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface() - kprobes: Prohibit probes in gate area - scsi: mpt3sas: Fix use-after-free warning - driver core: Don't probe devices after bus_type.match() probe deferral - netfilter: br_netfilter: Drop dst references before setting. - sch_sfb: Don't assume the skb is still around after enqueueing to child - tipc: fix shift wrapping bug in map_get() - ipv6: sr: fix out-of-bounds read when setting HMAC data. - tcp: fix early ETIMEDOUT after spurious non-SACK RTO - sch_sfb: Also store skb len before calling child enqueue - usb: dwc3: fix PHY disable sequence - USB: serial: ch341: fix lost character on LCR updates - USB: serial: ch341: fix disabled rx timer on older devices - MIPS: loongson32: ls1c: Fix hang during startup - SUNRPC: use _bh spinlocking on ->transport_lock - net: dp83822: disable false carrier interrupt - tcp: annotate data-race around challenge_timestamp - clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops - clk: core: Fix runtime PM sequence in clk_core_unprepare() - soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs - i40e: Fix kernel crash during module removal - mm: Fix TLB flush for not-first PFNMAP mappings in unmap_region() - drm/msm/rd: Fix FIFO-full deadlock - HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo - tg3: Disable tg3 device on system reboot to avoid triggering AER -
[Kernel-packages] [Bug 1996892] Re: Expose built-in trusted and revoked certificates
** Changed in: linux (Ubuntu Kinetic) Status: Confirmed => Fix Committed ** Changed in: linux (Ubuntu Jammy) Status: Confirmed => Fix Committed ** Changed in: linux (Ubuntu Focal) Status: Confirmed => Fix Committed ** Changed in: linux (Ubuntu Bionic) Status: Confirmed => Fix Committed -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1996892 Title: Expose built-in trusted and revoked certificates Status in linux package in Ubuntu: Confirmed Status in linux source package in Bionic: Fix Committed Status in linux source package in Focal: Fix Committed Status in linux source package in Jammy: Fix Committed Status in linux source package in Kinetic: Fix Committed Status in linux source package in Lunar: Confirmed Bug description: [ Impact ] * Kernels have a set of builtin trusted and revoked certificates as a bundle * It is not very easy to access them, one needs to either download linux kernel package source code; or boot the kernel look up builtin hashes; and then find certificates externally * It would be more convenient for inspection to expose these in the buildinfo package, which already exposes auxiliary kernel information [ Test Plan ] * sudo apt install linux-buildinfo-$(uname -r) * check that /usr/lib/linux/$(uname -r)/canonical-certs.pem exists and contains livepatch cert * check that /usr/lib/linux/$(uname -r)/canonical-uefi-2012-all.pem exists and contains 2012 cert Example output: $ grep Subject: -r usr/lib/linux usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: CN = Canonical Ltd. Live Patch Signing usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: C = GB, ST = Isle of Man, L = Douglas, O = Canonical Ltd., CN = Canonical Ltd. Kernel Module Signing usr/lib/linux/5.19.0-24-generic/canonical-revoked-certs.pem:Subject: C = GB, ST = Isle of Man, O = Canonical Ltd., OU = Secure Boot, CN = Canonical Ltd. Secure Boot Signing [ Where problems could occur ] * buildinfo is an auxiliary package not installed by default, but used by developer tooling and packaging. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1996892/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1996892] Re: Expose built-in trusted and revoked certificates
** Changed in: linux (Ubuntu Kinetic) Importance: Undecided => Low ** Changed in: linux (Ubuntu Jammy) Importance: Undecided => Low ** Changed in: linux (Ubuntu Focal) Importance: Undecided => Low ** Changed in: linux (Ubuntu Bionic) Importance: Undecided => Low -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1996892 Title: Expose built-in trusted and revoked certificates Status in linux package in Ubuntu: Confirmed Status in linux source package in Bionic: Confirmed Status in linux source package in Focal: Confirmed Status in linux source package in Jammy: Confirmed Status in linux source package in Kinetic: Confirmed Status in linux source package in Lunar: Confirmed Bug description: [ Impact ] * Kernels have a set of builtin trusted and revoked certificates as a bundle * It is not very easy to access them, one needs to either download linux kernel package source code; or boot the kernel look up builtin hashes; and then find certificates externally * It would be more convenient for inspection to expose these in the buildinfo package, which already exposes auxiliary kernel information [ Test Plan ] * sudo apt install linux-buildinfo-$(uname -r) * check that /usr/lib/linux/$(uname -r)/canonical-certs.pem exists and contains livepatch cert * check that /usr/lib/linux/$(uname -r)/canonical-uefi-2012-all.pem exists and contains 2012 cert Example output: $ grep Subject: -r usr/lib/linux usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: CN = Canonical Ltd. Live Patch Signing usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: C = GB, ST = Isle of Man, L = Douglas, O = Canonical Ltd., CN = Canonical Ltd. Kernel Module Signing usr/lib/linux/5.19.0-24-generic/canonical-revoked-certs.pem:Subject: C = GB, ST = Isle of Man, O = Canonical Ltd., OU = Secure Boot, CN = Canonical Ltd. Secure Boot Signing [ Where problems could occur ] * buildinfo is an auxiliary package not installed by default, but used by developer tooling and packaging. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1996892/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1996892] Re: Expose built-in trusted and revoked certificates
** Changed in: linux (Ubuntu Bionic) Status: Incomplete => Confirmed ** Changed in: linux (Ubuntu Focal) Status: Incomplete => Confirmed ** Changed in: linux (Ubuntu Jammy) Status: Incomplete => Confirmed ** Changed in: linux (Ubuntu Kinetic) Status: Incomplete => Confirmed ** Changed in: linux (Ubuntu Lunar) Status: Incomplete => Confirmed -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1996892 Title: Expose built-in trusted and revoked certificates Status in linux package in Ubuntu: Confirmed Status in linux source package in Bionic: Confirmed Status in linux source package in Focal: Confirmed Status in linux source package in Jammy: Confirmed Status in linux source package in Kinetic: Confirmed Status in linux source package in Lunar: Confirmed Bug description: [ Impact ] * Kernels have a set of builtin trusted and revoked certificates as a bundle * It is not very easy to access them, one needs to either download linux kernel package source code; or boot the kernel look up builtin hashes; and then find certificates externally * It would be more convenient for inspection to expose these in the buildinfo package, which already exposes auxiliary kernel information [ Test Plan ] * sudo apt install linux-buildinfo-$(uname -r) * check that /usr/lib/linux/$(uname -r)/canonical-certs.pem exists and contains livepatch cert * check that /usr/lib/linux/$(uname -r)/canonical-uefi-2012-all.pem exists and contains 2012 cert Example output: $ grep Subject: -r usr/lib/linux usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: CN = Canonical Ltd. Live Patch Signing usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: C = GB, ST = Isle of Man, L = Douglas, O = Canonical Ltd., CN = Canonical Ltd. Kernel Module Signing usr/lib/linux/5.19.0-24-generic/canonical-revoked-certs.pem:Subject: C = GB, ST = Isle of Man, O = Canonical Ltd., OU = Secure Boot, CN = Canonical Ltd. Secure Boot Signing [ Where problems could occur ] * buildinfo is an auxiliary package not installed by default, but used by developer tooling and packaging. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1996892/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1996892] Re: Expose built-in trusted and revoked certificates
** Description changed: [ Impact ] - * Kernels have a set of builtin trusted and revoked certificates as a bundle - * It is not very easy to access them, one needs to either download linux kernel package source code; or boot the kernel look up builtin hashes; and then find certificates externally - * It would be more convenient for inspection to expose these in the buildinfo package, which already exposes auxiliary kernel information + * Kernels have a set of builtin trusted and revoked certificates as a bundle + * It is not very easy to access them, one needs to either download linux kernel package source code; or boot the kernel look up builtin hashes; and then find certificates externally + * It would be more convenient for inspection to expose these in the buildinfo package, which already exposes auxiliary kernel information [ Test Plan ] - * sudo apt install linux-buildinfo-$(uname -r) - * check that /usr/lib/linux/$(uname -r)/canonical-certs.pem exists and contains livepatch cert - * check that /usr/lib/linux/$(uname -r)/canonical-uefi-2012-all.pem exists and contains 2012 cert + * sudo apt install linux-buildinfo-$(uname -r) + * check that /usr/lib/linux/$(uname -r)/canonical-certs.pem exists and contains livepatch cert + * check that /usr/lib/linux/$(uname -r)/canonical-uefi-2012-all.pem exists and contains 2012 cert + + Example output: + $ grep Subject: -r usr/lib/linux + usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: CN = Canonical Ltd. Live Patch Signing + usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: C = GB, ST = Isle of Man, L = Douglas, O = Canonical Ltd., CN = Canonical Ltd. Kernel Module Signing + usr/lib/linux/5.19.0-24-generic/canonical-revoked-certs.pem:Subject: C = GB, ST = Isle of Man, O = Canonical Ltd., OU = Secure Boot, CN = Canonical Ltd. Secure Boot Signing + [ Where problems could occur ] - * buildinfo is an auxiliary package not installed by default, but used + * buildinfo is an auxiliary package not installed by default, but used by developer tooling and packaging. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1996892 Title: Expose built-in trusted and revoked certificates Status in linux package in Ubuntu: Incomplete Status in linux source package in Bionic: Incomplete Status in linux source package in Focal: Incomplete Status in linux source package in Jammy: Incomplete Status in linux source package in Kinetic: Incomplete Status in linux source package in Lunar: Incomplete Bug description: [ Impact ] * Kernels have a set of builtin trusted and revoked certificates as a bundle * It is not very easy to access them, one needs to either download linux kernel package source code; or boot the kernel look up builtin hashes; and then find certificates externally * It would be more convenient for inspection to expose these in the buildinfo package, which already exposes auxiliary kernel information [ Test Plan ] * sudo apt install linux-buildinfo-$(uname -r) * check that /usr/lib/linux/$(uname -r)/canonical-certs.pem exists and contains livepatch cert * check that /usr/lib/linux/$(uname -r)/canonical-uefi-2012-all.pem exists and contains 2012 cert Example output: $ grep Subject: -r usr/lib/linux usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: CN = Canonical Ltd. Live Patch Signing usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: C = GB, ST = Isle of Man, L = Douglas, O = Canonical Ltd., CN = Canonical Ltd. Kernel Module Signing usr/lib/linux/5.19.0-24-generic/canonical-revoked-certs.pem:Subject: C = GB, ST = Isle of Man, O = Canonical Ltd., OU = Secure Boot, CN = Canonical Ltd. Secure Boot Signing [ Where problems could occur ] * buildinfo is an auxiliary package not installed by default, but used by developer tooling and packaging. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1996892/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp