[Kernel-packages] [Bug 1996892] Re: Expose built-in trusted and revoked certificates

2023-03-02 Thread Launchpad Bug Tracker
This bug was fixed in the package linux - 6.1.0-16.16

---
linux (6.1.0-16.16) lunar; urgency=medium

  * lunar/linux: 6.1.0-16.16 -proposed tracker (LP: #2008480)

  * Packaging resync (LP: #1786013)
- debian/dkms-versions -- temporarily drop broken dkms

 -- Andrea Righi   Fri, 24 Feb 2023 14:24:48
+0100

** Changed in: linux (Ubuntu Lunar)
   Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1996892

Title:
  Expose built-in trusted and revoked certificates

Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Bionic:
  Fix Released
Status in linux source package in Focal:
  Fix Released
Status in linux source package in Jammy:
  Fix Released
Status in linux source package in Kinetic:
  Fix Released
Status in linux source package in Lunar:
  Fix Released

Bug description:
  [ Impact ]

   * Kernels have a set of builtin trusted and revoked certificates as a bundle
   * It is not very easy to access them, one needs to either download linux 
kernel package source code; or boot the kernel look up builtin hashes; and then 
find certificates externally
   * It would be more convenient for inspection to expose these in the 
buildinfo package, which already exposes auxiliary kernel information

  [ Test Plan ]

   * sudo apt install linux-buildinfo-$(uname -r)
   * check that /usr/lib/linux/$(uname -r)/canonical-certs.pem exists and 
contains livepatch cert
   * check that /usr/lib/linux/$(uname -r)/canonical-uefi-2012-all.pem exists 
and contains 2012 cert

  Example output:
  $ grep Subject: -r usr/lib/linux
  usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: CN = 
Canonical Ltd. Live Patch Signing
  usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: C = GB, 
ST = Isle of Man, L = Douglas, O = Canonical Ltd., CN = Canonical Ltd. Kernel 
Module Signing
  usr/lib/linux/5.19.0-24-generic/canonical-revoked-certs.pem:Subject: 
C = GB, ST = Isle of Man, O = Canonical Ltd., OU = Secure Boot, CN = Canonical 
Ltd. Secure Boot Signing

  
  [ Where problems could occur ]

   * buildinfo is an auxiliary package not installed by default, but
  used by developer tooling and packaging.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1996892/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp


[Kernel-packages] [Bug 1996892] Re: Expose built-in trusted and revoked certificates

2023-02-25 Thread Ubuntu Kernel Bot
** Tags removed: verification-done-bionic

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1996892

Title:
  Expose built-in trusted and revoked certificates

Status in linux package in Ubuntu:
  Confirmed
Status in linux source package in Bionic:
  Fix Released
Status in linux source package in Focal:
  Fix Released
Status in linux source package in Jammy:
  Fix Released
Status in linux source package in Kinetic:
  Fix Released
Status in linux source package in Lunar:
  Confirmed

Bug description:
  [ Impact ]

   * Kernels have a set of builtin trusted and revoked certificates as a bundle
   * It is not very easy to access them, one needs to either download linux 
kernel package source code; or boot the kernel look up builtin hashes; and then 
find certificates externally
   * It would be more convenient for inspection to expose these in the 
buildinfo package, which already exposes auxiliary kernel information

  [ Test Plan ]

   * sudo apt install linux-buildinfo-$(uname -r)
   * check that /usr/lib/linux/$(uname -r)/canonical-certs.pem exists and 
contains livepatch cert
   * check that /usr/lib/linux/$(uname -r)/canonical-uefi-2012-all.pem exists 
and contains 2012 cert

  Example output:
  $ grep Subject: -r usr/lib/linux
  usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: CN = 
Canonical Ltd. Live Patch Signing
  usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: C = GB, 
ST = Isle of Man, L = Douglas, O = Canonical Ltd., CN = Canonical Ltd. Kernel 
Module Signing
  usr/lib/linux/5.19.0-24-generic/canonical-revoked-certs.pem:Subject: 
C = GB, ST = Isle of Man, O = Canonical Ltd., OU = Secure Boot, CN = Canonical 
Ltd. Secure Boot Signing

  
  [ Where problems could occur ]

   * buildinfo is an auxiliary package not installed by default, but
  used by developer tooling and packaging.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1996892/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp


[Kernel-packages] [Bug 1996892] Re: Expose built-in trusted and revoked certificates

2023-01-27 Thread Ubuntu Kernel Bot
** Tags removed: verification-done-focal

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1996892

Title:
  Expose built-in trusted and revoked certificates

Status in linux package in Ubuntu:
  Confirmed
Status in linux source package in Bionic:
  Fix Released
Status in linux source package in Focal:
  Fix Released
Status in linux source package in Jammy:
  Fix Released
Status in linux source package in Kinetic:
  Fix Released
Status in linux source package in Lunar:
  Confirmed

Bug description:
  [ Impact ]

   * Kernels have a set of builtin trusted and revoked certificates as a bundle
   * It is not very easy to access them, one needs to either download linux 
kernel package source code; or boot the kernel look up builtin hashes; and then 
find certificates externally
   * It would be more convenient for inspection to expose these in the 
buildinfo package, which already exposes auxiliary kernel information

  [ Test Plan ]

   * sudo apt install linux-buildinfo-$(uname -r)
   * check that /usr/lib/linux/$(uname -r)/canonical-certs.pem exists and 
contains livepatch cert
   * check that /usr/lib/linux/$(uname -r)/canonical-uefi-2012-all.pem exists 
and contains 2012 cert

  Example output:
  $ grep Subject: -r usr/lib/linux
  usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: CN = 
Canonical Ltd. Live Patch Signing
  usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: C = GB, 
ST = Isle of Man, L = Douglas, O = Canonical Ltd., CN = Canonical Ltd. Kernel 
Module Signing
  usr/lib/linux/5.19.0-24-generic/canonical-revoked-certs.pem:Subject: 
C = GB, ST = Isle of Man, O = Canonical Ltd., OU = Secure Boot, CN = Canonical 
Ltd. Secure Boot Signing

  
  [ Where problems could occur ]

   * buildinfo is an auxiliary package not installed by default, but
  used by developer tooling and packaging.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1996892/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp


[Kernel-packages] [Bug 1996892] Re: Expose built-in trusted and revoked certificates

2023-01-25 Thread Ubuntu Kernel Bot
** Tags removed: verification-done-jammy

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1996892

Title:
  Expose built-in trusted and revoked certificates

Status in linux package in Ubuntu:
  Confirmed
Status in linux source package in Bionic:
  Fix Released
Status in linux source package in Focal:
  Fix Released
Status in linux source package in Jammy:
  Fix Released
Status in linux source package in Kinetic:
  Fix Released
Status in linux source package in Lunar:
  Confirmed

Bug description:
  [ Impact ]

   * Kernels have a set of builtin trusted and revoked certificates as a bundle
   * It is not very easy to access them, one needs to either download linux 
kernel package source code; or boot the kernel look up builtin hashes; and then 
find certificates externally
   * It would be more convenient for inspection to expose these in the 
buildinfo package, which already exposes auxiliary kernel information

  [ Test Plan ]

   * sudo apt install linux-buildinfo-$(uname -r)
   * check that /usr/lib/linux/$(uname -r)/canonical-certs.pem exists and 
contains livepatch cert
   * check that /usr/lib/linux/$(uname -r)/canonical-uefi-2012-all.pem exists 
and contains 2012 cert

  Example output:
  $ grep Subject: -r usr/lib/linux
  usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: CN = 
Canonical Ltd. Live Patch Signing
  usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: C = GB, 
ST = Isle of Man, L = Douglas, O = Canonical Ltd., CN = Canonical Ltd. Kernel 
Module Signing
  usr/lib/linux/5.19.0-24-generic/canonical-revoked-certs.pem:Subject: 
C = GB, ST = Isle of Man, O = Canonical Ltd., OU = Secure Boot, CN = Canonical 
Ltd. Secure Boot Signing

  
  [ Where problems could occur ]

   * buildinfo is an auxiliary package not installed by default, but
  used by developer tooling and packaging.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1996892/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp


[Kernel-packages] [Bug 1996892] Re: Expose built-in trusted and revoked certificates

2023-01-24 Thread Ubuntu Kernel Bot
** Tags removed: verification-done-kinetic

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1996892

Title:
  Expose built-in trusted and revoked certificates

Status in linux package in Ubuntu:
  Confirmed
Status in linux source package in Bionic:
  Fix Released
Status in linux source package in Focal:
  Fix Released
Status in linux source package in Jammy:
  Fix Released
Status in linux source package in Kinetic:
  Fix Released
Status in linux source package in Lunar:
  Confirmed

Bug description:
  [ Impact ]

   * Kernels have a set of builtin trusted and revoked certificates as a bundle
   * It is not very easy to access them, one needs to either download linux 
kernel package source code; or boot the kernel look up builtin hashes; and then 
find certificates externally
   * It would be more convenient for inspection to expose these in the 
buildinfo package, which already exposes auxiliary kernel information

  [ Test Plan ]

   * sudo apt install linux-buildinfo-$(uname -r)
   * check that /usr/lib/linux/$(uname -r)/canonical-certs.pem exists and 
contains livepatch cert
   * check that /usr/lib/linux/$(uname -r)/canonical-uefi-2012-all.pem exists 
and contains 2012 cert

  Example output:
  $ grep Subject: -r usr/lib/linux
  usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: CN = 
Canonical Ltd. Live Patch Signing
  usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: C = GB, 
ST = Isle of Man, L = Douglas, O = Canonical Ltd., CN = Canonical Ltd. Kernel 
Module Signing
  usr/lib/linux/5.19.0-24-generic/canonical-revoked-certs.pem:Subject: 
C = GB, ST = Isle of Man, O = Canonical Ltd., OU = Secure Boot, CN = Canonical 
Ltd. Secure Boot Signing

  
  [ Where problems could occur ]

   * buildinfo is an auxiliary package not installed by default, but
  used by developer tooling and packaging.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1996892/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp


[Kernel-packages] [Bug 1996892] Re: Expose built-in trusted and revoked certificates

2023-01-20 Thread Dimitri John Ledkov
** Tags removed: verification-needed-focal verification-needed-jammy 
verification-needed-kinetic
** Tags added: verification-done-focal verification-done-jammy 
verification-done-kinetic

** Tags added: kernel-stable-tracking-bug

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1996892

Title:
  Expose built-in trusted and revoked certificates

Status in linux package in Ubuntu:
  Confirmed
Status in linux source package in Bionic:
  Fix Released
Status in linux source package in Focal:
  Fix Released
Status in linux source package in Jammy:
  Fix Released
Status in linux source package in Kinetic:
  Fix Released
Status in linux source package in Lunar:
  Confirmed

Bug description:
  [ Impact ]

   * Kernels have a set of builtin trusted and revoked certificates as a bundle
   * It is not very easy to access them, one needs to either download linux 
kernel package source code; or boot the kernel look up builtin hashes; and then 
find certificates externally
   * It would be more convenient for inspection to expose these in the 
buildinfo package, which already exposes auxiliary kernel information

  [ Test Plan ]

   * sudo apt install linux-buildinfo-$(uname -r)
   * check that /usr/lib/linux/$(uname -r)/canonical-certs.pem exists and 
contains livepatch cert
   * check that /usr/lib/linux/$(uname -r)/canonical-uefi-2012-all.pem exists 
and contains 2012 cert

  Example output:
  $ grep Subject: -r usr/lib/linux
  usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: CN = 
Canonical Ltd. Live Patch Signing
  usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: C = GB, 
ST = Isle of Man, L = Douglas, O = Canonical Ltd., CN = Canonical Ltd. Kernel 
Module Signing
  usr/lib/linux/5.19.0-24-generic/canonical-revoked-certs.pem:Subject: 
C = GB, ST = Isle of Man, O = Canonical Ltd., OU = Secure Boot, CN = Canonical 
Ltd. Secure Boot Signing

  
  [ Where problems could occur ]

   * buildinfo is an auxiliary package not installed by default, but
  used by developer tooling and packaging.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1996892/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp


[Kernel-packages] [Bug 1996892] Re: Expose built-in trusted and revoked certificates

2023-01-18 Thread Ubuntu Kernel Bot
This bug is awaiting verification that the linux-aws/5.15.0-1029.33
kernel in -proposed solves the problem. Please test the kernel and
update this bug with the results. If the problem is solved, change the
tag 'verification-needed-jammy' to 'verification-done-jammy'. If the
problem still exists, change the tag 'verification-needed-jammy' to
'verification-failed-jammy'.

If verification is not done by 5 working days from today, this fix will
be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how
to enable and use -proposed. Thank you!


** Tags added: kernel-spammed-jammy-linux-aws

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1996892

Title:
  Expose built-in trusted and revoked certificates

Status in linux package in Ubuntu:
  Confirmed
Status in linux source package in Bionic:
  Fix Released
Status in linux source package in Focal:
  Fix Released
Status in linux source package in Jammy:
  Fix Released
Status in linux source package in Kinetic:
  Fix Released
Status in linux source package in Lunar:
  Confirmed

Bug description:
  [ Impact ]

   * Kernels have a set of builtin trusted and revoked certificates as a bundle
   * It is not very easy to access them, one needs to either download linux 
kernel package source code; or boot the kernel look up builtin hashes; and then 
find certificates externally
   * It would be more convenient for inspection to expose these in the 
buildinfo package, which already exposes auxiliary kernel information

  [ Test Plan ]

   * sudo apt install linux-buildinfo-$(uname -r)
   * check that /usr/lib/linux/$(uname -r)/canonical-certs.pem exists and 
contains livepatch cert
   * check that /usr/lib/linux/$(uname -r)/canonical-uefi-2012-all.pem exists 
and contains 2012 cert

  Example output:
  $ grep Subject: -r usr/lib/linux
  usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: CN = 
Canonical Ltd. Live Patch Signing
  usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: C = GB, 
ST = Isle of Man, L = Douglas, O = Canonical Ltd., CN = Canonical Ltd. Kernel 
Module Signing
  usr/lib/linux/5.19.0-24-generic/canonical-revoked-certs.pem:Subject: 
C = GB, ST = Isle of Man, O = Canonical Ltd., OU = Secure Boot, CN = Canonical 
Ltd. Secure Boot Signing

  
  [ Where problems could occur ]

   * buildinfo is an auxiliary package not installed by default, but
  used by developer tooling and packaging.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1996892/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp


[Kernel-packages] [Bug 1996892] Re: Expose built-in trusted and revoked certificates

2023-01-17 Thread Ubuntu Kernel Bot
This bug is awaiting verification that the linux-azure/5.4.0-1102.108
kernel in -proposed solves the problem. Please test the kernel and
update this bug with the results. If the problem is solved, change the
tag 'verification-needed-focal' to 'verification-done-focal'. If the
problem still exists, change the tag 'verification-needed-focal' to
'verification-failed-focal'.

If verification is not done by 5 working days from today, this fix will
be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how
to enable and use -proposed. Thank you!


** Tags added: kernel-spammed-focal-linux-azure

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1996892

Title:
  Expose built-in trusted and revoked certificates

Status in linux package in Ubuntu:
  Confirmed
Status in linux source package in Bionic:
  Fix Released
Status in linux source package in Focal:
  Fix Released
Status in linux source package in Jammy:
  Fix Released
Status in linux source package in Kinetic:
  Fix Released
Status in linux source package in Lunar:
  Confirmed

Bug description:
  [ Impact ]

   * Kernels have a set of builtin trusted and revoked certificates as a bundle
   * It is not very easy to access them, one needs to either download linux 
kernel package source code; or boot the kernel look up builtin hashes; and then 
find certificates externally
   * It would be more convenient for inspection to expose these in the 
buildinfo package, which already exposes auxiliary kernel information

  [ Test Plan ]

   * sudo apt install linux-buildinfo-$(uname -r)
   * check that /usr/lib/linux/$(uname -r)/canonical-certs.pem exists and 
contains livepatch cert
   * check that /usr/lib/linux/$(uname -r)/canonical-uefi-2012-all.pem exists 
and contains 2012 cert

  Example output:
  $ grep Subject: -r usr/lib/linux
  usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: CN = 
Canonical Ltd. Live Patch Signing
  usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: C = GB, 
ST = Isle of Man, L = Douglas, O = Canonical Ltd., CN = Canonical Ltd. Kernel 
Module Signing
  usr/lib/linux/5.19.0-24-generic/canonical-revoked-certs.pem:Subject: 
C = GB, ST = Isle of Man, O = Canonical Ltd., OU = Secure Boot, CN = Canonical 
Ltd. Secure Boot Signing

  
  [ Where problems could occur ]

   * buildinfo is an auxiliary package not installed by default, but
  used by developer tooling and packaging.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1996892/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp


[Kernel-packages] [Bug 1996892] Re: Expose built-in trusted and revoked certificates

2023-01-17 Thread Ubuntu Kernel Bot
This bug is awaiting verification that the linux-aws/5.4.0-1095.103
kernel in -proposed solves the problem. Please test the kernel and
update this bug with the results. If the problem is solved, change the
tag 'verification-needed-focal' to 'verification-done-focal'. If the
problem still exists, change the tag 'verification-needed-focal' to
'verification-failed-focal'.

If verification is not done by 5 working days from today, this fix will
be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how
to enable and use -proposed. Thank you!


** Tags added: kernel-spammed-focal-linux-aws

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1996892

Title:
  Expose built-in trusted and revoked certificates

Status in linux package in Ubuntu:
  Confirmed
Status in linux source package in Bionic:
  Fix Released
Status in linux source package in Focal:
  Fix Released
Status in linux source package in Jammy:
  Fix Released
Status in linux source package in Kinetic:
  Fix Released
Status in linux source package in Lunar:
  Confirmed

Bug description:
  [ Impact ]

   * Kernels have a set of builtin trusted and revoked certificates as a bundle
   * It is not very easy to access them, one needs to either download linux 
kernel package source code; or boot the kernel look up builtin hashes; and then 
find certificates externally
   * It would be more convenient for inspection to expose these in the 
buildinfo package, which already exposes auxiliary kernel information

  [ Test Plan ]

   * sudo apt install linux-buildinfo-$(uname -r)
   * check that /usr/lib/linux/$(uname -r)/canonical-certs.pem exists and 
contains livepatch cert
   * check that /usr/lib/linux/$(uname -r)/canonical-uefi-2012-all.pem exists 
and contains 2012 cert

  Example output:
  $ grep Subject: -r usr/lib/linux
  usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: CN = 
Canonical Ltd. Live Patch Signing
  usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: C = GB, 
ST = Isle of Man, L = Douglas, O = Canonical Ltd., CN = Canonical Ltd. Kernel 
Module Signing
  usr/lib/linux/5.19.0-24-generic/canonical-revoked-certs.pem:Subject: 
C = GB, ST = Isle of Man, O = Canonical Ltd., OU = Secure Boot, CN = Canonical 
Ltd. Secure Boot Signing

  
  [ Where problems could occur ]

   * buildinfo is an auxiliary package not installed by default, but
  used by developer tooling and packaging.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1996892/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp


[Kernel-packages] [Bug 1996892] Re: Expose built-in trusted and revoked certificates

2023-01-17 Thread Ubuntu Kernel Bot
This bug is awaiting verification that the linux-azure/5.15.0-1032.39
kernel in -proposed solves the problem. Please test the kernel and
update this bug with the results. If the problem is solved, change the
tag 'verification-needed-jammy' to 'verification-done-jammy'. If the
problem still exists, change the tag 'verification-needed-jammy' to
'verification-failed-jammy'.

If verification is not done by 5 working days from today, this fix will
be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how
to enable and use -proposed. Thank you!


** Tags added: kernel-spammed-jammy-linux-azure

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1996892

Title:
  Expose built-in trusted and revoked certificates

Status in linux package in Ubuntu:
  Confirmed
Status in linux source package in Bionic:
  Fix Released
Status in linux source package in Focal:
  Fix Released
Status in linux source package in Jammy:
  Fix Released
Status in linux source package in Kinetic:
  Fix Released
Status in linux source package in Lunar:
  Confirmed

Bug description:
  [ Impact ]

   * Kernels have a set of builtin trusted and revoked certificates as a bundle
   * It is not very easy to access them, one needs to either download linux 
kernel package source code; or boot the kernel look up builtin hashes; and then 
find certificates externally
   * It would be more convenient for inspection to expose these in the 
buildinfo package, which already exposes auxiliary kernel information

  [ Test Plan ]

   * sudo apt install linux-buildinfo-$(uname -r)
   * check that /usr/lib/linux/$(uname -r)/canonical-certs.pem exists and 
contains livepatch cert
   * check that /usr/lib/linux/$(uname -r)/canonical-uefi-2012-all.pem exists 
and contains 2012 cert

  Example output:
  $ grep Subject: -r usr/lib/linux
  usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: CN = 
Canonical Ltd. Live Patch Signing
  usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: C = GB, 
ST = Isle of Man, L = Douglas, O = Canonical Ltd., CN = Canonical Ltd. Kernel 
Module Signing
  usr/lib/linux/5.19.0-24-generic/canonical-revoked-certs.pem:Subject: 
C = GB, ST = Isle of Man, O = Canonical Ltd., OU = Secure Boot, CN = Canonical 
Ltd. Secure Boot Signing

  
  [ Where problems could occur ]

   * buildinfo is an auxiliary package not installed by default, but
  used by developer tooling and packaging.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1996892/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp


[Kernel-packages] [Bug 1996892] Re: Expose built-in trusted and revoked certificates

2023-01-17 Thread Ubuntu Kernel Bot
This bug is awaiting verification that the linux-azure/5.19.0-1017.18
kernel in -proposed solves the problem. Please test the kernel and
update this bug with the results. If the problem is solved, change the
tag 'verification-needed-kinetic' to 'verification-done-kinetic'. If the
problem still exists, change the tag 'verification-needed-kinetic' to
'verification-failed-kinetic'.

If verification is not done by 5 working days from today, this fix will
be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how
to enable and use -proposed. Thank you!


** Tags added: kernel-spammed-kinetic-linux-azure

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1996892

Title:
  Expose built-in trusted and revoked certificates

Status in linux package in Ubuntu:
  Confirmed
Status in linux source package in Bionic:
  Fix Released
Status in linux source package in Focal:
  Fix Released
Status in linux source package in Jammy:
  Fix Released
Status in linux source package in Kinetic:
  Fix Released
Status in linux source package in Lunar:
  Confirmed

Bug description:
  [ Impact ]

   * Kernels have a set of builtin trusted and revoked certificates as a bundle
   * It is not very easy to access them, one needs to either download linux 
kernel package source code; or boot the kernel look up builtin hashes; and then 
find certificates externally
   * It would be more convenient for inspection to expose these in the 
buildinfo package, which already exposes auxiliary kernel information

  [ Test Plan ]

   * sudo apt install linux-buildinfo-$(uname -r)
   * check that /usr/lib/linux/$(uname -r)/canonical-certs.pem exists and 
contains livepatch cert
   * check that /usr/lib/linux/$(uname -r)/canonical-uefi-2012-all.pem exists 
and contains 2012 cert

  Example output:
  $ grep Subject: -r usr/lib/linux
  usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: CN = 
Canonical Ltd. Live Patch Signing
  usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: C = GB, 
ST = Isle of Man, L = Douglas, O = Canonical Ltd., CN = Canonical Ltd. Kernel 
Module Signing
  usr/lib/linux/5.19.0-24-generic/canonical-revoked-certs.pem:Subject: 
C = GB, ST = Isle of Man, O = Canonical Ltd., OU = Secure Boot, CN = Canonical 
Ltd. Secure Boot Signing

  
  [ Where problems could occur ]

   * buildinfo is an auxiliary package not installed by default, but
  used by developer tooling and packaging.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1996892/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp


[Kernel-packages] [Bug 1996892] Re: Expose built-in trusted and revoked certificates

2023-01-16 Thread Ubuntu Kernel Bot
This bug is awaiting verification that the linux-
gke-5.15/5.15.0-1025.30~20.04.1 kernel in -proposed solves the problem.
Please test the kernel and update this bug with the results. If the
problem is solved, change the tag 'verification-needed-focal' to
'verification-done-focal'. If the problem still exists, change the tag
'verification-needed-focal' to 'verification-failed-focal'.

If verification is not done by 5 working days from today, this fix will
be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how
to enable and use -proposed. Thank you!


** Tags added: kernel-spammed-focal-linux-gke-5.15

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1996892

Title:
  Expose built-in trusted and revoked certificates

Status in linux package in Ubuntu:
  Confirmed
Status in linux source package in Bionic:
  Fix Released
Status in linux source package in Focal:
  Fix Released
Status in linux source package in Jammy:
  Fix Released
Status in linux source package in Kinetic:
  Fix Released
Status in linux source package in Lunar:
  Confirmed

Bug description:
  [ Impact ]

   * Kernels have a set of builtin trusted and revoked certificates as a bundle
   * It is not very easy to access them, one needs to either download linux 
kernel package source code; or boot the kernel look up builtin hashes; and then 
find certificates externally
   * It would be more convenient for inspection to expose these in the 
buildinfo package, which already exposes auxiliary kernel information

  [ Test Plan ]

   * sudo apt install linux-buildinfo-$(uname -r)
   * check that /usr/lib/linux/$(uname -r)/canonical-certs.pem exists and 
contains livepatch cert
   * check that /usr/lib/linux/$(uname -r)/canonical-uefi-2012-all.pem exists 
and contains 2012 cert

  Example output:
  $ grep Subject: -r usr/lib/linux
  usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: CN = 
Canonical Ltd. Live Patch Signing
  usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: C = GB, 
ST = Isle of Man, L = Douglas, O = Canonical Ltd., CN = Canonical Ltd. Kernel 
Module Signing
  usr/lib/linux/5.19.0-24-generic/canonical-revoked-certs.pem:Subject: 
C = GB, ST = Isle of Man, O = Canonical Ltd., OU = Secure Boot, CN = Canonical 
Ltd. Secure Boot Signing

  
  [ Where problems could occur ]

   * buildinfo is an auxiliary package not installed by default, but
  used by developer tooling and packaging.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1996892/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp


[Kernel-packages] [Bug 1996892] Re: Expose built-in trusted and revoked certificates

2023-01-12 Thread Ubuntu Kernel Bot
This bug is awaiting verification that the linux-aws/5.19.0-1018.19
kernel in -proposed solves the problem. Please test the kernel and
update this bug with the results. If the problem is solved, change the
tag 'verification-needed-kinetic' to 'verification-done-kinetic'. If the
problem still exists, change the tag 'verification-needed-kinetic' to
'verification-failed-kinetic'.

If verification is not done by 5 working days from today, this fix will
be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how
to enable and use -proposed. Thank you!


** Tags added: kernel-spammed-kinetic-linux-aws

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1996892

Title:
  Expose built-in trusted and revoked certificates

Status in linux package in Ubuntu:
  Confirmed
Status in linux source package in Bionic:
  Fix Released
Status in linux source package in Focal:
  Fix Released
Status in linux source package in Jammy:
  Fix Released
Status in linux source package in Kinetic:
  Fix Released
Status in linux source package in Lunar:
  Confirmed

Bug description:
  [ Impact ]

   * Kernels have a set of builtin trusted and revoked certificates as a bundle
   * It is not very easy to access them, one needs to either download linux 
kernel package source code; or boot the kernel look up builtin hashes; and then 
find certificates externally
   * It would be more convenient for inspection to expose these in the 
buildinfo package, which already exposes auxiliary kernel information

  [ Test Plan ]

   * sudo apt install linux-buildinfo-$(uname -r)
   * check that /usr/lib/linux/$(uname -r)/canonical-certs.pem exists and 
contains livepatch cert
   * check that /usr/lib/linux/$(uname -r)/canonical-uefi-2012-all.pem exists 
and contains 2012 cert

  Example output:
  $ grep Subject: -r usr/lib/linux
  usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: CN = 
Canonical Ltd. Live Patch Signing
  usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: C = GB, 
ST = Isle of Man, L = Douglas, O = Canonical Ltd., CN = Canonical Ltd. Kernel 
Module Signing
  usr/lib/linux/5.19.0-24-generic/canonical-revoked-certs.pem:Subject: 
C = GB, ST = Isle of Man, O = Canonical Ltd., OU = Secure Boot, CN = Canonical 
Ltd. Secure Boot Signing

  
  [ Where problems could occur ]

   * buildinfo is an auxiliary package not installed by default, but
  used by developer tooling and packaging.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1996892/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp


[Kernel-packages] [Bug 1996892] Re: Expose built-in trusted and revoked certificates

2023-01-10 Thread Ubuntu Kernel Bot
This bug is awaiting verification that the linux-iot/5.4.0-1011.13
kernel in -proposed solves the problem. Please test the kernel and
update this bug with the results. If the problem is solved, change the
tag 'verification-needed-focal' to 'verification-done-focal'. If the
problem still exists, change the tag 'verification-needed-focal' to
'verification-failed-focal'.

If verification is not done by 5 working days from today, this fix will
be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how
to enable and use -proposed. Thank you!


** Tags removed: verification-done-focal
** Tags added: kernel-spammed-focal-linux-iot verification-needed-focal

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1996892

Title:
  Expose built-in trusted and revoked certificates

Status in linux package in Ubuntu:
  Confirmed
Status in linux source package in Bionic:
  Fix Released
Status in linux source package in Focal:
  Fix Released
Status in linux source package in Jammy:
  Fix Released
Status in linux source package in Kinetic:
  Fix Released
Status in linux source package in Lunar:
  Confirmed

Bug description:
  [ Impact ]

   * Kernels have a set of builtin trusted and revoked certificates as a bundle
   * It is not very easy to access them, one needs to either download linux 
kernel package source code; or boot the kernel look up builtin hashes; and then 
find certificates externally
   * It would be more convenient for inspection to expose these in the 
buildinfo package, which already exposes auxiliary kernel information

  [ Test Plan ]

   * sudo apt install linux-buildinfo-$(uname -r)
   * check that /usr/lib/linux/$(uname -r)/canonical-certs.pem exists and 
contains livepatch cert
   * check that /usr/lib/linux/$(uname -r)/canonical-uefi-2012-all.pem exists 
and contains 2012 cert

  Example output:
  $ grep Subject: -r usr/lib/linux
  usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: CN = 
Canonical Ltd. Live Patch Signing
  usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: C = GB, 
ST = Isle of Man, L = Douglas, O = Canonical Ltd., CN = Canonical Ltd. Kernel 
Module Signing
  usr/lib/linux/5.19.0-24-generic/canonical-revoked-certs.pem:Subject: 
C = GB, ST = Isle of Man, O = Canonical Ltd., OU = Secure Boot, CN = Canonical 
Ltd. Secure Boot Signing

  
  [ Where problems could occur ]

   * buildinfo is an auxiliary package not installed by default, but
  used by developer tooling and packaging.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1996892/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp


[Kernel-packages] [Bug 1996892] Re: Expose built-in trusted and revoked certificates

2023-01-09 Thread Ubuntu Kernel Bot
This bug is awaiting verification that the linux-ibm/5.19.0-1015.16
kernel in -proposed solves the problem. Please test the kernel and
update this bug with the results. If the problem is solved, change the
tag 'verification-needed-kinetic' to 'verification-done-kinetic'. If the
problem still exists, change the tag 'verification-needed-kinetic' to
'verification-failed-kinetic'.

If verification is not done by 5 working days from today, this fix will
be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how
to enable and use -proposed. Thank you!


** Tags added: kernel-spammed-kinetic-linux-ibm

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1996892

Title:
  Expose built-in trusted and revoked certificates

Status in linux package in Ubuntu:
  Confirmed
Status in linux source package in Bionic:
  Fix Released
Status in linux source package in Focal:
  Fix Released
Status in linux source package in Jammy:
  Fix Released
Status in linux source package in Kinetic:
  Fix Released
Status in linux source package in Lunar:
  Confirmed

Bug description:
  [ Impact ]

   * Kernels have a set of builtin trusted and revoked certificates as a bundle
   * It is not very easy to access them, one needs to either download linux 
kernel package source code; or boot the kernel look up builtin hashes; and then 
find certificates externally
   * It would be more convenient for inspection to expose these in the 
buildinfo package, which already exposes auxiliary kernel information

  [ Test Plan ]

   * sudo apt install linux-buildinfo-$(uname -r)
   * check that /usr/lib/linux/$(uname -r)/canonical-certs.pem exists and 
contains livepatch cert
   * check that /usr/lib/linux/$(uname -r)/canonical-uefi-2012-all.pem exists 
and contains 2012 cert

  Example output:
  $ grep Subject: -r usr/lib/linux
  usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: CN = 
Canonical Ltd. Live Patch Signing
  usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: C = GB, 
ST = Isle of Man, L = Douglas, O = Canonical Ltd., CN = Canonical Ltd. Kernel 
Module Signing
  usr/lib/linux/5.19.0-24-generic/canonical-revoked-certs.pem:Subject: 
C = GB, ST = Isle of Man, O = Canonical Ltd., OU = Secure Boot, CN = Canonical 
Ltd. Secure Boot Signing

  
  [ Where problems could occur ]

   * buildinfo is an auxiliary package not installed by default, but
  used by developer tooling and packaging.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1996892/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp


[Kernel-packages] [Bug 1996892] Re: Expose built-in trusted and revoked certificates

2023-01-05 Thread Launchpad Bug Tracker
This bug was fixed in the package linux - 5.19.0-28.29

---
linux (5.19.0-28.29) kinetic; urgency=medium

  * kinetic/linux: 5.19.0-28.29 -proposed tracker (LP: #1999746)

  * mm:vma05 in ubuntu_ltp fails with '[vdso] bug not patched' on kinetic/linux
5.19.0-27.28 (LP: #1999094)
- fix coredump breakage

linux (5.19.0-27.28) kinetic; urgency=medium

  * kinetic/linux: 5.19.0-27.28 -proposed tracker (LP: #1997794)

  * Packaging resync (LP: #1786013)
- debian/dkms-versions -- update from kernel-versions (main/2022.11.14)

  * selftests/.../nat6to4  breaks the selftests build (LP: #1996536)
- [Config] Disable selftests/net/bpf/nat6to4

  * Expose built-in trusted and revoked certificates (LP: #1996892)
- [Packaging] Expose built-in trusted and revoked certificates

  * support for same series backports versioning numbers (LP: #1993563)
- [Packaging] sameport -- add support for sameport versioning

  * Add cs35l41 firmware loading support (LP: #1995957)
- ASoC: cs35l41: Move cs35l41 exit hibernate function into shared code
- ASoC: cs35l41: Add common cs35l41 enter hibernate function
- ASoC: cs35l41: Do not print error when waking from hibernation
- ALSA: hda: cs35l41: Don't dereference fwnode handle
- ALSA: hda: cs35l41: Allow compilation test on non-ACPI configurations
- ALSA: hda: cs35l41: Drop wrong use of ACPI_PTR()
- ALSA: hda: cs35l41: Consolidate selections under SND_HDA_SCODEC_CS35L41
- ALSA: hda: hda_cs_dsp_ctl: Add Library to support CS_DSP ALSA controls
- ALSA: hda: hda_cs_dsp_ctl: Add apis to write the controls directly
- ALSA: hda: cs35l41: Save codec object inside component struct
- ALSA: hda: cs35l41: Add initial DSP support and firmware loading
- ALSA: hda: cs35l41: Save Subsystem ID inside CS35L41 Driver
- ALSA: hda: cs35l41: Support reading subsystem id from ACPI
- ALSA: hda: cs35l41: Support multiple load paths for firmware
- ALSA: hda: cs35l41: Support Speaker ID for laptops
- ALSA: hda: cs35l41: Support Hibernation during Suspend
- ALSA: hda: cs35l41: Read Speaker Calibration data from UEFI variables
- ALSA: hda: hda_cs_dsp_ctl: Add fw id strings
- ALSA: hda: cs35l41: Add defaulted values into dsp bypass config sequence
- ALSA: hda: cs35l41: Support Firmware switching and reloading
- ALSA: hda: cs35l41: Add module parameter to control firmware load
- Revert "ALSA: hda: cs35l41: Allow compilation test on non-ACPI
  configurations"
- ALSA: hda/realtek: More robust component matching for CS35L41
- [Config] updateconfigs for SND_HDA_CS_DSP_CONTROLS

  *  Fibocom WWAN FM350-GL suspend error (notebook not suspend) (LP: #1990700)
- net: wwan: t7xx: Add AP CLDMA

  * Screen cannot turn on after screen off with Matrox G200eW3 [102b:0536]
(LP: #1995573)
- drm/mgag200: Optimize damage clips
- drm/mgag200: Add FB_DAMAGE_CLIPS support
- drm/mgag200: Enable atomic gamma lut update

  * TEE Support for CCP driver (LP: #1991608)
- crypto: ccp: Add support for TEE for PCI ID 0x14CA

  * AMD Cezanne takes 5 minutes to wake up from suspend (LP: #1993715)
- platform/x86/amd: pmc: Read SMU version during suspend on Cezanne systems

  * Fix ath11k deadlock on WCN6855 (LP: #1995041)
- wifi: ath11k: avoid deadlock during regulatory update in
  ath11k_regd_update()

  * intel_pmc_core not load on Raptor Lake (LP: #1988461)
- x86/cpu: Add new Raptor Lake CPU model number
- platform/x86/intel: pmc/core: Add Raptor Lake support to pmc core driver

  * [UBUNTU 20.04] boot: Add s390x secure boot trailer (LP: #1996071)
- s390/boot: add secure boot trailer

  * Fix rfkill causing soft blocked wifi (LP: #1996198)
- platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi

  * Support Icicle Kit reference design v2022.10 (LP: #1993148)
- riscv: dts: microchip: icicle: re-jig fabric peripheral addresses
- riscv: dts: microchip: reduce the fic3 clock rate
- riscv: dts: microchip: update memory configuration for v2022.10
- riscv: dts: microchip: fix fabric i2c reg size
- SAUCE: riscv: dts: microchip: Disable PCIe on the Icicle Kit

  * Fix Turbostat is not working for fam: 6 model: 191: stepping: 2 CPU
(LP: #1991365)
- tools/power turbostat: Add support for RPL-S

  * armhf kernel compiled with gcc-12 fails to boot on pi 3/2 (LP: #1993120)
- [Packaging] Support arch-specific compilers in updateconfigs

  * Kinetic update: v5.19.17 upstream stable release (LP: #1994179)
- Revert "fs: check FMODE_LSEEK to control internal pipe splicing"
- ALSA: oss: Fix potential deadlock at unregistration
- ALSA: rawmidi: Drop register_mutex in snd_rawmidi_free()
- ALSA: usb-audio: Fix potential memory leaks
- ALSA: usb-audio: Fix NULL dererence at error path
- ALSA: hda/realtek: remove ALC289_FIXUP_DUAL_SPK for Dell 5530
- ALSA: hda/realtek: Correct pin configs for ASUS G533Z
- ALSA: 

[Kernel-packages] [Bug 1996892] Re: Expose built-in trusted and revoked certificates

2023-01-05 Thread Launchpad Bug Tracker
This bug was fixed in the package linux - 5.15.0-57.63

---
linux (5.15.0-57.63) jammy; urgency=medium

  * jammy/linux: 5.15.0-57.63 -proposed tracker (LP: #1997737)

  * Packaging resync (LP: #1786013)
- [Packaging] update variants
- debian/dkms-versions -- update from kernel-versions (main/2022.11.14)

  * Expose built-in trusted and revoked certificates (LP: #1996892)
- [Packaging] Expose built-in trusted and revoked certificates

  * TEE Support for CCP driver (LP: #1991608)
- crypto: ccp: Add support for TEE for PCI ID 0x14CA

  * alsa: soc: the kernel print UBSAN calltrace on the machine with cs35l41
codec (LP: #1996121)
- ASoC: cs35l41: Add one more variable in the debug log
- ASoC: cs35l41: Fix an out-of-bounds access in otp_packed_element_t

  * Fix ath11k deadlock on WCN6855 (LP: #1995041)
- wifi: ath11k: avoid deadlock during regulatory update in
  ath11k_regd_update()

  * [UBUNTU 20.04] boot: Add s390x secure boot trailer (LP: #1996071)
- s390/boot: add secure boot trailer

  * Fix rfkill causing soft blocked wifi (LP: #1996198)
- platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi

  * Fix Thunderbolt device hotplug fail when connect via thunderbolt dock
(LP: #1991366)
- PCI: Fix used_buses calculation in pci_scan_child_bus_extend()
- PCI: Pass available buses even if the bridge is already configured
- PCI: Move pci_assign_unassigned_root_bus_resources()
- PCI: Distribute available resources for root buses, too
- PCI: Fix whitespace and indentation
- PCI: Fix typo in pci_scan_child_bus_extend()

  * md: Replace snprintf with scnprintf (LP: #1993315)
- md: Replace snprintf with scnprintf

  * input/keyboard: the keyboard on some Asus laptops can't work (LP: #1992266)
- ACPI: resource: Skip IRQ override on Asus Vivobook K3402ZA/K3502ZA
- ACPI: resource: Add ASUS model S5402ZA to quirks

  * Fix Turbostat is not working for fam: 6 model: 191: stepping: 2 CPU
(LP: #1991365)
- tools/power turbostat: Add support for RPL-S

  * pcieport :00:1b.0: PCIe Bus Error: severity=Uncorrected (Non-Fatal),
type=Transaction Layer, (Requester ID) (LP: #1988797)
- PCI/PTM: Cache PTM Capability offset
- PCI/PTM: Add pci_upstream_ptm() helper
- PCI/PTM: Separate configuration and enable
- PCI/PTM: Add pci_suspend_ptm() and pci_resume_ptm()
- PCI/PTM: Move pci_ptm_info() body into its only caller
- PCI/PTM: Preserve RsvdP bits in PTM Control register
- PCI/PTM: Reorder functions in logical order
- PCI/PTM: Consolidate PTM interface declarations
- PCI/PM: Always disable PTM for all devices during suspend
- PCI/PM: Simplify pci_pm_suspend_noirq()

  * Fix RPL-S support on powercap/intel_rapl (LP: #1990161)
- x86/cpu: Drop spurious underscore from RAPTOR_LAKE #define
- x86/cpu: Add new Alderlake and Raptorlake CPU model numbers
- x86/cpu: Add new Raptor Lake CPU model number
- powercap: intel_rapl: add support for RaptorLake
- powercap: intel_rapl: Add support for RAPTORLAKE_P
- powercap: intel_rapl: Add support for RAPTORLAKE_S

  * AMD Yellow Carp system hang on HDMI plug in/out over HP hook2 docking
(LP: #1991974)
- drm/amd/display: Fix for link encoder access for MST.
- drm/amd/display: Fix MST link encoder availability check.
- drm/amd/display: FEC configuration for dpia links
- drm/amd/display: FEC configuration for dpia links in MST mode
- drm/amd/display: Add work around for tunneled MST.

  * Jammy update: v5.15.74 upstream stable release (LP: #1995638)
- nilfs2: fix use-after-free bug of struct nilfs_root
- nilfs2: fix leak of nilfs_root in case of writer thread creation failure
- nilfs2: replace WARN_ONs by nilfs_error for checkpoint acquisition failure
- ceph: don't truncate file in atomic_open
- random: restore O_NONBLOCK support
- random: clamp credited irq bits to maximum mixed
- ALSA: hda: Fix position reporting on Poulsbo
- efi: Correct Macmini DMI match in uefi cert quirk
- USB: serial: qcserial: add new usb-id for Dell branded EM7455
- Revert "powerpc/rtas: Implement reentrant rtas call"
- Revert "crypto: qat - reduce size of mapped region"
- random: avoid reading two cache lines on irq randomness
- random: use expired timer rather than wq for mixing fast pool
- Input: xpad - add supported devices as contributed on github
- Input: xpad - fix wireless 360 controller breaking after suspend
- misc: pci_endpoint_test: Aggregate params checking for xfer
- misc: pci_endpoint_test: Fix pci_endpoint_test_{copy,write,read}() panic
- Linux 5.15.74

  * Jammy update: v5.15.73 upstream stable release (LP: #1995637)
- Makefile.extrawarn: Move -Wcast-function-type-strict to W=1
- docs: update mediator information in CoC docs
- xsk: Inherit need_wakeup flag for shared sockets
- mm: gup: fix the fast GUP race against THP 

[Kernel-packages] [Bug 1996892] Re: Expose built-in trusted and revoked certificates

2023-01-05 Thread Launchpad Bug Tracker
This bug was fixed in the package linux - 5.4.0-136.153

---
linux (5.4.0-136.153) focal; urgency=medium

  * focal/linux: 5.4.0-136.153 -proposed tracker (LP: #1997835)

  * Expose built-in trusted and revoked certificates (LP: #1996892)
- [Packaging] Expose built-in trusted and revoked certificates

  * [UBUNTU 20.04] KVM: PV: ext call delivered twice when receiver in PSW wait
(LP: #1995941)
- KVM: s390: pv: don't present the ecall interrupt twice

  * [UBUNTU 20.04] boot: Add s390x secure boot trailer (LP: #1996071)
- s390/boot: add secure boot trailer

  * Fix rfkill causing soft blocked wifi (LP: #1996198)
- platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi

  * md: Replace snprintf with scnprintf (LP: #1993315)
- md: Replace snprintf with scnprintf

  * input/keyboard: the keyboard on some Asus laptops can't work (LP: #1992266)
- ACPI: resource: Skip IRQ override on Asus Vivobook K3402ZA/K3502ZA
- ACPI: resource: Add ASUS model S5402ZA to quirks

  * Focal update: v5.4.218 upstream stable release (LP: #1995530)
- mm: pagewalk: Fix race between unmap and page walker
- perf tools: Fixup get_current_dir_name() compilation
- firmware: arm_scmi: Add SCMI PM driver remove routine
- dmaengine: xilinx_dma: cleanup for fetching xlnx,num-fstores property
- dmaengine: xilinx_dma: Report error in case of dma_set_mask_and_coherent 
API
  failure
- ARM: dts: fix Moxa SDIO 'compatible', remove 'sdhci' misnomer
- scsi: qedf: Fix a UAF bug in __qedf_probe()
- net/ieee802154: fix uninit value bug in dgram_sendmsg
- um: Cleanup syscall_handler_t cast in syscalls_32.h
- um: Cleanup compiler warning in arch/x86/um/tls_32.c
- arch: um: Mark the stack non-executable to fix a binutils warning
- usb: mon: make mmapped memory read only
- USB: serial: ftdi_sio: fix 300 bps rate for SIO
- mmc: core: Replace with already defined values for readability
- mmc: core: Terminate infinite loop in SD-UHS voltage switch
- rpmsg: qcom: glink: replace strncpy() with strscpy_pad()
- nilfs2: fix leak of nilfs_root in case of writer thread creation failure
- nilfs2: replace WARN_ONs by nilfs_error for checkpoint acquisition failure
- ceph: don't truncate file in atomic_open
- random: clamp credited irq bits to maximum mixed
- ALSA: hda: Fix position reporting on Poulsbo
- efi: Correct Macmini DMI match in uefi cert quirk
- USB: serial: qcserial: add new usb-id for Dell branded EM7455
- random: restore O_NONBLOCK support
- random: avoid reading two cache lines on irq randomness
- random: use expired timer rather than wq for mixing fast pool
- Input: xpad - add supported devices as contributed on github
- Input: xpad - fix wireless 360 controller breaking after suspend
- Linux 5.4.218

  * Focal update: v5.4.217 upstream stable release (LP: #1995528)
- xfs: fix misuse of the XFS_ATTR_INCOMPLETE flag
- xfs: introduce XFS_MAX_FILEOFF
- xfs: truncate should remove all blocks, not just to the end of the page
  cache
- xfs: fix s_maxbytes computation on 32-bit kernels
- xfs: fix IOCB_NOWAIT handling in xfs_file_dio_aio_read
- xfs: refactor remote attr value buffer invalidation
- xfs: fix memory corruption during remote attr value buffer invalidation
- xfs: move incore structures out of xfs_da_format.h
- xfs: streamline xfs_attr3_leaf_inactive
- xfs: fix uninitialized variable in xfs_attr3_leaf_inactive
- xfs: remove unused variable 'done'
- Makefile.extrawarn: Move -Wcast-function-type-strict to W=1
- docs: update mediator information in CoC docs
- Linux 5.4.217

  * Focal update: v5.4.216 upstream stable release (LP: #1995526)
- uas: add no-uas quirk for Hiksemi usb_disk
- usb-storage: Add Hiksemi USB3-FW to IGNORE_UAS
- uas: ignore UAS for Thinkplus chips
- net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455
- clk: ingenic-tcu: Properly enable registers before accessing timers
- ARM: dts: integrator: Tag PCI host with device_type
- ntfs: fix BUG_ON in ntfs_lookup_inode_by_name()
- libata: add ATA_HORKAGE_NOLPM for Pioneer BDR-207M and BDR-205
- mmc: moxart: fix 4-bit bus width and remove 8-bit bus width
- mm/page_alloc: fix race condition between build_all_zonelists and page
  allocation
- mm: prevent page_frag_alloc() from corrupting the memory
- mm/migrate_device.c: flush TLB while holding PTL
- mm: fix madivse_pageout mishandling on non-LRU page
- media: dvb_vb2: fix possible out of bound access
- ARM: dts: Move am33xx and am43xx mmc nodes to sdhci-omap driver
- ARM: dts: am33xx: Fix MMCHS0 dma properties
- soc: sunxi: sram: Actually claim SRAM regions
- soc: sunxi: sram: Prevent the driver from being unbound
- soc: sunxi_sram: Make use of the helper function
  devm_platform_ioremap_resource()
- soc: sunxi: sram: Fix 

[Kernel-packages] [Bug 1996892] Re: Expose built-in trusted and revoked certificates

2023-01-05 Thread Ubuntu Kernel Bot
This bug is awaiting verification that the linux-oem-6.1/6.1.0-1004.4
kernel in -proposed solves the problem. Please test the kernel and
update this bug with the results. If the problem is solved, change the
tag 'verification-needed-jammy' to 'verification-done-jammy'. If the
problem still exists, change the tag 'verification-needed-jammy' to
'verification-failed-jammy'.

If verification is not done by 5 working days from today, this fix will
be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how
to enable and use -proposed. Thank you!


** Tags removed: verification-done-jammy
** Tags added: kernel-spammed-jammy-linux-oem-6.1 verification-needed-jammy

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1996892

Title:
  Expose built-in trusted and revoked certificates

Status in linux package in Ubuntu:
  Confirmed
Status in linux source package in Bionic:
  Fix Released
Status in linux source package in Focal:
  Fix Committed
Status in linux source package in Jammy:
  Fix Committed
Status in linux source package in Kinetic:
  Fix Committed
Status in linux source package in Lunar:
  Confirmed

Bug description:
  [ Impact ]

   * Kernels have a set of builtin trusted and revoked certificates as a bundle
   * It is not very easy to access them, one needs to either download linux 
kernel package source code; or boot the kernel look up builtin hashes; and then 
find certificates externally
   * It would be more convenient for inspection to expose these in the 
buildinfo package, which already exposes auxiliary kernel information

  [ Test Plan ]

   * sudo apt install linux-buildinfo-$(uname -r)
   * check that /usr/lib/linux/$(uname -r)/canonical-certs.pem exists and 
contains livepatch cert
   * check that /usr/lib/linux/$(uname -r)/canonical-uefi-2012-all.pem exists 
and contains 2012 cert

  Example output:
  $ grep Subject: -r usr/lib/linux
  usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: CN = 
Canonical Ltd. Live Patch Signing
  usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: C = GB, 
ST = Isle of Man, L = Douglas, O = Canonical Ltd., CN = Canonical Ltd. Kernel 
Module Signing
  usr/lib/linux/5.19.0-24-generic/canonical-revoked-certs.pem:Subject: 
C = GB, ST = Isle of Man, O = Canonical Ltd., OU = Secure Boot, CN = Canonical 
Ltd. Secure Boot Signing

  
  [ Where problems could occur ]

   * buildinfo is an auxiliary package not installed by default, but
  used by developer tooling and packaging.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1996892/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp


[Kernel-packages] [Bug 1996892] Re: Expose built-in trusted and revoked certificates

2023-01-04 Thread Kleber Sacilotto de Souza
Successfully verified for jammy/linux 5.15.0-57.63:

$ grep Subject: -r usr/lib/linux
usr/lib/linux/5.15.0-57-generic/canonical-certs.pem:Subject: CN = 
Canonical Ltd. Live Patch Signing
usr/lib/linux/5.15.0-57-generic/canonical-certs.pem:Subject: C = GB, ST 
= Isle of Man, L = Douglas, O = Canonical Ltd., CN = Canonical Ltd. Kernel 
Module Signing
usr/lib/linux/5.15.0-57-generic/canonical-revoked-certs.pem:Subject: C 
= GB, ST = Isle of Man, O = Canonical Ltd., OU = Secure Boot, CN = Canonical 
Ltd. Secure Boot Signing


** Tags removed: verification-needed-jammy
** Tags added: verification-done-jammy

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1996892

Title:
  Expose built-in trusted and revoked certificates

Status in linux package in Ubuntu:
  Confirmed
Status in linux source package in Bionic:
  Fix Released
Status in linux source package in Focal:
  Fix Committed
Status in linux source package in Jammy:
  Fix Committed
Status in linux source package in Kinetic:
  Fix Committed
Status in linux source package in Lunar:
  Confirmed

Bug description:
  [ Impact ]

   * Kernels have a set of builtin trusted and revoked certificates as a bundle
   * It is not very easy to access them, one needs to either download linux 
kernel package source code; or boot the kernel look up builtin hashes; and then 
find certificates externally
   * It would be more convenient for inspection to expose these in the 
buildinfo package, which already exposes auxiliary kernel information

  [ Test Plan ]

   * sudo apt install linux-buildinfo-$(uname -r)
   * check that /usr/lib/linux/$(uname -r)/canonical-certs.pem exists and 
contains livepatch cert
   * check that /usr/lib/linux/$(uname -r)/canonical-uefi-2012-all.pem exists 
and contains 2012 cert

  Example output:
  $ grep Subject: -r usr/lib/linux
  usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: CN = 
Canonical Ltd. Live Patch Signing
  usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: C = GB, 
ST = Isle of Man, L = Douglas, O = Canonical Ltd., CN = Canonical Ltd. Kernel 
Module Signing
  usr/lib/linux/5.19.0-24-generic/canonical-revoked-certs.pem:Subject: 
C = GB, ST = Isle of Man, O = Canonical Ltd., OU = Secure Boot, CN = Canonical 
Ltd. Secure Boot Signing

  
  [ Where problems could occur ]

   * buildinfo is an auxiliary package not installed by default, but
  used by developer tooling and packaging.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1996892/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp


[Kernel-packages] [Bug 1996892] Re: Expose built-in trusted and revoked certificates

2022-12-12 Thread Ubuntu Kernel Bot
This bug is awaiting verification that the linux-nvidia/5.15.0-1011.11
kernel in -proposed solves the problem. Please test the kernel and
update this bug with the results. If the problem is solved, change the
tag 'verification-needed-jammy' to 'verification-done-jammy'. If the
problem still exists, change the tag 'verification-needed-jammy' to
'verification-failed-jammy'.

If verification is not done by 5 working days from today, this fix will
be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how
to enable and use -proposed. Thank you!


** Tags added: kernel-spammed-jammy-linux-nvidia

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1996892

Title:
  Expose built-in trusted and revoked certificates

Status in linux package in Ubuntu:
  Confirmed
Status in linux source package in Bionic:
  Fix Released
Status in linux source package in Focal:
  Fix Committed
Status in linux source package in Jammy:
  Fix Committed
Status in linux source package in Kinetic:
  Fix Committed
Status in linux source package in Lunar:
  Confirmed

Bug description:
  [ Impact ]

   * Kernels have a set of builtin trusted and revoked certificates as a bundle
   * It is not very easy to access them, one needs to either download linux 
kernel package source code; or boot the kernel look up builtin hashes; and then 
find certificates externally
   * It would be more convenient for inspection to expose these in the 
buildinfo package, which already exposes auxiliary kernel information

  [ Test Plan ]

   * sudo apt install linux-buildinfo-$(uname -r)
   * check that /usr/lib/linux/$(uname -r)/canonical-certs.pem exists and 
contains livepatch cert
   * check that /usr/lib/linux/$(uname -r)/canonical-uefi-2012-all.pem exists 
and contains 2012 cert

  Example output:
  $ grep Subject: -r usr/lib/linux
  usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: CN = 
Canonical Ltd. Live Patch Signing
  usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: C = GB, 
ST = Isle of Man, L = Douglas, O = Canonical Ltd., CN = Canonical Ltd. Kernel 
Module Signing
  usr/lib/linux/5.19.0-24-generic/canonical-revoked-certs.pem:Subject: 
C = GB, ST = Isle of Man, O = Canonical Ltd., OU = Secure Boot, CN = Canonical 
Ltd. Secure Boot Signing

  
  [ Where problems could occur ]

   * buildinfo is an auxiliary package not installed by default, but
  used by developer tooling and packaging.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1996892/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp


[Kernel-packages] [Bug 1996892] Re: Expose built-in trusted and revoked certificates

2022-12-09 Thread Luke Nowakowski-Krijger
** Tags removed: verification-needed-focal
** Tags added: verification-done-focal

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1996892

Title:
  Expose built-in trusted and revoked certificates

Status in linux package in Ubuntu:
  Confirmed
Status in linux source package in Bionic:
  Fix Released
Status in linux source package in Focal:
  Fix Committed
Status in linux source package in Jammy:
  Fix Committed
Status in linux source package in Kinetic:
  Fix Committed
Status in linux source package in Lunar:
  Confirmed

Bug description:
  [ Impact ]

   * Kernels have a set of builtin trusted and revoked certificates as a bundle
   * It is not very easy to access them, one needs to either download linux 
kernel package source code; or boot the kernel look up builtin hashes; and then 
find certificates externally
   * It would be more convenient for inspection to expose these in the 
buildinfo package, which already exposes auxiliary kernel information

  [ Test Plan ]

   * sudo apt install linux-buildinfo-$(uname -r)
   * check that /usr/lib/linux/$(uname -r)/canonical-certs.pem exists and 
contains livepatch cert
   * check that /usr/lib/linux/$(uname -r)/canonical-uefi-2012-all.pem exists 
and contains 2012 cert

  Example output:
  $ grep Subject: -r usr/lib/linux
  usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: CN = 
Canonical Ltd. Live Patch Signing
  usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: C = GB, 
ST = Isle of Man, L = Douglas, O = Canonical Ltd., CN = Canonical Ltd. Kernel 
Module Signing
  usr/lib/linux/5.19.0-24-generic/canonical-revoked-certs.pem:Subject: 
C = GB, ST = Isle of Man, O = Canonical Ltd., OU = Secure Boot, CN = Canonical 
Ltd. Secure Boot Signing

  
  [ Where problems could occur ]

   * buildinfo is an auxiliary package not installed by default, but
  used by developer tooling and packaging.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1996892/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp


[Kernel-packages] [Bug 1996892] Re: Expose built-in trusted and revoked certificates

2022-12-09 Thread Luke Nowakowski-Krijger
** Tags removed: verification-needed-bionic
** Tags added: verification-done-bionic

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1996892

Title:
  Expose built-in trusted and revoked certificates

Status in linux package in Ubuntu:
  Confirmed
Status in linux source package in Bionic:
  Fix Released
Status in linux source package in Focal:
  Fix Committed
Status in linux source package in Jammy:
  Fix Committed
Status in linux source package in Kinetic:
  Fix Committed
Status in linux source package in Lunar:
  Confirmed

Bug description:
  [ Impact ]

   * Kernels have a set of builtin trusted and revoked certificates as a bundle
   * It is not very easy to access them, one needs to either download linux 
kernel package source code; or boot the kernel look up builtin hashes; and then 
find certificates externally
   * It would be more convenient for inspection to expose these in the 
buildinfo package, which already exposes auxiliary kernel information

  [ Test Plan ]

   * sudo apt install linux-buildinfo-$(uname -r)
   * check that /usr/lib/linux/$(uname -r)/canonical-certs.pem exists and 
contains livepatch cert
   * check that /usr/lib/linux/$(uname -r)/canonical-uefi-2012-all.pem exists 
and contains 2012 cert

  Example output:
  $ grep Subject: -r usr/lib/linux
  usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: CN = 
Canonical Ltd. Live Patch Signing
  usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: C = GB, 
ST = Isle of Man, L = Douglas, O = Canonical Ltd., CN = Canonical Ltd. Kernel 
Module Signing
  usr/lib/linux/5.19.0-24-generic/canonical-revoked-certs.pem:Subject: 
C = GB, ST = Isle of Man, O = Canonical Ltd., OU = Secure Boot, CN = Canonical 
Ltd. Secure Boot Signing

  
  [ Where problems could occur ]

   * buildinfo is an auxiliary package not installed by default, but
  used by developer tooling and packaging.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1996892/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp


[Kernel-packages] [Bug 1996892] Re: Expose built-in trusted and revoked certificates

2022-12-07 Thread Ubuntu Kernel Bot
This bug is awaiting verification that the linux/4.15.0-201.212 kernel
in -proposed solves the problem. Please test the kernel and update this
bug with the results. If the problem is solved, change the tag
'verification-needed-bionic' to 'verification-done-bionic'. If the
problem still exists, change the tag 'verification-needed-bionic' to
'verification-failed-bionic'.

If verification is not done by 5 working days from today, this fix will
be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how
to enable and use -proposed. Thank you!


** Tags added: kernel-spammed-bionic-linux verification-needed-bionic

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1996892

Title:
  Expose built-in trusted and revoked certificates

Status in linux package in Ubuntu:
  Confirmed
Status in linux source package in Bionic:
  Fix Released
Status in linux source package in Focal:
  Fix Committed
Status in linux source package in Jammy:
  Fix Committed
Status in linux source package in Kinetic:
  Fix Committed
Status in linux source package in Lunar:
  Confirmed

Bug description:
  [ Impact ]

   * Kernels have a set of builtin trusted and revoked certificates as a bundle
   * It is not very easy to access them, one needs to either download linux 
kernel package source code; or boot the kernel look up builtin hashes; and then 
find certificates externally
   * It would be more convenient for inspection to expose these in the 
buildinfo package, which already exposes auxiliary kernel information

  [ Test Plan ]

   * sudo apt install linux-buildinfo-$(uname -r)
   * check that /usr/lib/linux/$(uname -r)/canonical-certs.pem exists and 
contains livepatch cert
   * check that /usr/lib/linux/$(uname -r)/canonical-uefi-2012-all.pem exists 
and contains 2012 cert

  Example output:
  $ grep Subject: -r usr/lib/linux
  usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: CN = 
Canonical Ltd. Live Patch Signing
  usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: C = GB, 
ST = Isle of Man, L = Douglas, O = Canonical Ltd., CN = Canonical Ltd. Kernel 
Module Signing
  usr/lib/linux/5.19.0-24-generic/canonical-revoked-certs.pem:Subject: 
C = GB, ST = Isle of Man, O = Canonical Ltd., OU = Secure Boot, CN = Canonical 
Ltd. Secure Boot Signing

  
  [ Where problems could occur ]

   * buildinfo is an auxiliary package not installed by default, but
  used by developer tooling and packaging.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1996892/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp


[Kernel-packages] [Bug 1996892] Re: Expose built-in trusted and revoked certificates

2022-12-07 Thread Ubuntu Kernel Bot
This bug is awaiting verification that the linux/5.15.0-57.63 kernel in
-proposed solves the problem. Please test the kernel and update this bug
with the results. If the problem is solved, change the tag
'verification-needed-jammy' to 'verification-done-jammy'. If the problem
still exists, change the tag 'verification-needed-jammy' to
'verification-failed-jammy'.

If verification is not done by 5 working days from today, this fix will
be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how
to enable and use -proposed. Thank you!


** Tags added: kernel-spammed-jammy-linux verification-needed-jammy

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1996892

Title:
  Expose built-in trusted and revoked certificates

Status in linux package in Ubuntu:
  Confirmed
Status in linux source package in Bionic:
  Fix Released
Status in linux source package in Focal:
  Fix Committed
Status in linux source package in Jammy:
  Fix Committed
Status in linux source package in Kinetic:
  Fix Committed
Status in linux source package in Lunar:
  Confirmed

Bug description:
  [ Impact ]

   * Kernels have a set of builtin trusted and revoked certificates as a bundle
   * It is not very easy to access them, one needs to either download linux 
kernel package source code; or boot the kernel look up builtin hashes; and then 
find certificates externally
   * It would be more convenient for inspection to expose these in the 
buildinfo package, which already exposes auxiliary kernel information

  [ Test Plan ]

   * sudo apt install linux-buildinfo-$(uname -r)
   * check that /usr/lib/linux/$(uname -r)/canonical-certs.pem exists and 
contains livepatch cert
   * check that /usr/lib/linux/$(uname -r)/canonical-uefi-2012-all.pem exists 
and contains 2012 cert

  Example output:
  $ grep Subject: -r usr/lib/linux
  usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: CN = 
Canonical Ltd. Live Patch Signing
  usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: C = GB, 
ST = Isle of Man, L = Douglas, O = Canonical Ltd., CN = Canonical Ltd. Kernel 
Module Signing
  usr/lib/linux/5.19.0-24-generic/canonical-revoked-certs.pem:Subject: 
C = GB, ST = Isle of Man, O = Canonical Ltd., OU = Secure Boot, CN = Canonical 
Ltd. Secure Boot Signing

  
  [ Where problems could occur ]

   * buildinfo is an auxiliary package not installed by default, but
  used by developer tooling and packaging.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1996892/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp


[Kernel-packages] [Bug 1996892] Re: Expose built-in trusted and revoked certificates

2022-12-07 Thread Ubuntu Kernel Bot
This bug is awaiting verification that the linux/5.19.0-27.28 kernel in
-proposed solves the problem. Please test the kernel and update this bug
with the results. If the problem is solved, change the tag
'verification-needed-kinetic' to 'verification-done-kinetic'. If the
problem still exists, change the tag 'verification-needed-kinetic' to
'verification-failed-kinetic'.

If verification is not done by 5 working days from today, this fix will
be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how
to enable and use -proposed. Thank you!


** Tags added: kernel-spammed-kinetic-linux verification-needed-kinetic

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1996892

Title:
  Expose built-in trusted and revoked certificates

Status in linux package in Ubuntu:
  Confirmed
Status in linux source package in Bionic:
  Fix Released
Status in linux source package in Focal:
  Fix Committed
Status in linux source package in Jammy:
  Fix Committed
Status in linux source package in Kinetic:
  Fix Committed
Status in linux source package in Lunar:
  Confirmed

Bug description:
  [ Impact ]

   * Kernels have a set of builtin trusted and revoked certificates as a bundle
   * It is not very easy to access them, one needs to either download linux 
kernel package source code; or boot the kernel look up builtin hashes; and then 
find certificates externally
   * It would be more convenient for inspection to expose these in the 
buildinfo package, which already exposes auxiliary kernel information

  [ Test Plan ]

   * sudo apt install linux-buildinfo-$(uname -r)
   * check that /usr/lib/linux/$(uname -r)/canonical-certs.pem exists and 
contains livepatch cert
   * check that /usr/lib/linux/$(uname -r)/canonical-uefi-2012-all.pem exists 
and contains 2012 cert

  Example output:
  $ grep Subject: -r usr/lib/linux
  usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: CN = 
Canonical Ltd. Live Patch Signing
  usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: C = GB, 
ST = Isle of Man, L = Douglas, O = Canonical Ltd., CN = Canonical Ltd. Kernel 
Module Signing
  usr/lib/linux/5.19.0-24-generic/canonical-revoked-certs.pem:Subject: 
C = GB, ST = Isle of Man, O = Canonical Ltd., OU = Secure Boot, CN = Canonical 
Ltd. Secure Boot Signing

  
  [ Where problems could occur ]

   * buildinfo is an auxiliary package not installed by default, but
  used by developer tooling and packaging.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1996892/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp


[Kernel-packages] [Bug 1996892] Re: Expose built-in trusted and revoked certificates

2022-12-07 Thread Ubuntu Kernel Bot
This bug is awaiting verification that the linux/5.4.0-136.153 kernel in
-proposed solves the problem. Please test the kernel and update this bug
with the results. If the problem is solved, change the tag
'verification-needed-focal' to 'verification-done-focal'. If the problem
still exists, change the tag 'verification-needed-focal' to
'verification-failed-focal'.

If verification is not done by 5 working days from today, this fix will
be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how
to enable and use -proposed. Thank you!


** Tags added: kernel-spammed-focal-linux verification-needed-focal

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1996892

Title:
  Expose built-in trusted and revoked certificates

Status in linux package in Ubuntu:
  Confirmed
Status in linux source package in Bionic:
  Fix Released
Status in linux source package in Focal:
  Fix Committed
Status in linux source package in Jammy:
  Fix Committed
Status in linux source package in Kinetic:
  Fix Committed
Status in linux source package in Lunar:
  Confirmed

Bug description:
  [ Impact ]

   * Kernels have a set of builtin trusted and revoked certificates as a bundle
   * It is not very easy to access them, one needs to either download linux 
kernel package source code; or boot the kernel look up builtin hashes; and then 
find certificates externally
   * It would be more convenient for inspection to expose these in the 
buildinfo package, which already exposes auxiliary kernel information

  [ Test Plan ]

   * sudo apt install linux-buildinfo-$(uname -r)
   * check that /usr/lib/linux/$(uname -r)/canonical-certs.pem exists and 
contains livepatch cert
   * check that /usr/lib/linux/$(uname -r)/canonical-uefi-2012-all.pem exists 
and contains 2012 cert

  Example output:
  $ grep Subject: -r usr/lib/linux
  usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: CN = 
Canonical Ltd. Live Patch Signing
  usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: C = GB, 
ST = Isle of Man, L = Douglas, O = Canonical Ltd., CN = Canonical Ltd. Kernel 
Module Signing
  usr/lib/linux/5.19.0-24-generic/canonical-revoked-certs.pem:Subject: 
C = GB, ST = Isle of Man, O = Canonical Ltd., OU = Secure Boot, CN = Canonical 
Ltd. Secure Boot Signing

  
  [ Where problems could occur ]

   * buildinfo is an auxiliary package not installed by default, but
  used by developer tooling and packaging.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1996892/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp


[Kernel-packages] [Bug 1996892] Re: Expose built-in trusted and revoked certificates

2022-11-30 Thread Launchpad Bug Tracker
This bug was fixed in the package linux - 4.15.0-201.212

---
linux (4.15.0-201.212) bionic; urgency=medium

  * bionic/linux: 4.15.0-201.212 -proposed tracker (LP: #1997871)

  * Expose built-in trusted and revoked certificates (LP: #1996892)
- [Packaging] Expose built-in trusted and revoked certificates

  * Bionic update: upstream stable patchset 2022-09-21 (LP: #1990434)
- s390/archrandom: prevent CPACF trng invocations in interrupt context

  * BUG: scheduling while atomic: ip/1210/0x0200 on xenial/hwe rumford
(LP: #1995870)
- tg3: prevent scheduling while atomic splat

  * Bionic update: upstream stable patchset 2022-10-18 (LP: #1993349)
- bpf: Verifer, adjust_scalar_min_max_vals to always call 
update_reg_bounds()
- selftests/bpf: Fix test_align verifier log patterns
- drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg
- platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask
- wifi: cfg80211: debugfs: fix return type in ht40allow_map_read()
- ethernet: rocker: fix sleep in atomic context bug in neigh_timer_handler
- kcm: fix strp_init() order and cleanup
- serial: fsl_lpuart: RS485 RTS polariy is inverse
- staging: rtl8712: fix use after free bugs
- vt: Clear selection before changing the font
- USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id
- binder: fix UAF of ref->proc caused by race condition
- drm/i915/reg: Fix spelling mistake "Unsupport" -> "Unsupported"
- Input: rk805-pwrkey - fix module autoloading
- hwmon: (gpio-fan) Fix array out of bounds access
- thunderbolt: Use the actual buffer in tb_async_error()
- xhci: Add grace period after xHC start to prevent premature runtime 
suspend.
- USB: serial: cp210x: add Decagon UCA device id
- USB: serial: option: add support for OPPO R11 diag port
- USB: serial: option: add Quectel EM060K modem
- USB: serial: option: add support for Cinterion MV32-WA/WB RmNet mode
- usb: dwc2: fix wrong order of phy_power_on and phy_init
- USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020)
- usb-storage: Add ignore-residue quirk for NXP PN7462AU
- s390/hugetlb: fix prepare_hugepage_range() check for 2 GB hugepages
- s390: fix nospec table alignments
- USB: core: Prevent nested device-reset calls
- usb: gadget: mass_storage: Fix cdrom data transfers on MAC-OS
- wifi: mac80211: Don't finalize CSA in IBSS mode if state is disconnected
- net: mac802154: Fix a condition in the receive path
- ALSA: seq: oss: Fix data-race for max_midi_devs access
- ALSA: seq: Fix data-race at module auto-loading
- efi: capsule-loader: Fix use-after-free in efi_capsule_write
- wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in
  il4965_rs_fill_link_cmd()
- fs: only do a memory barrier for the first set_buffer_uptodate()
- Revert "mm: kmemleak: take a full lowmem check in kmemleak_*_phys()"
- drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup.
- drm/radeon: add a force flush to delay work when radeon
- parisc: ccio-dma: Handle kmalloc failure in ccio_init_resources()
- parisc: Add runtime check to prevent PA2.0 kernels on PA1.x machines
- fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init()
- ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc()
- ALSA: aloop: Fix random zeros in capture data when using jiffies timer
- ALSA: usb-audio: Fix an out-of-bounds bug in
  __snd_usb_parse_audio_interface()
- kprobes: Prohibit probes in gate area
- scsi: mpt3sas: Fix use-after-free warning
- driver core: Don't probe devices after bus_type.match() probe deferral
- netfilter: br_netfilter: Drop dst references before setting.
- sch_sfb: Don't assume the skb is still around after enqueueing to child
- tipc: fix shift wrapping bug in map_get()
- ipv6: sr: fix out-of-bounds read when setting HMAC data.
- tcp: fix early ETIMEDOUT after spurious non-SACK RTO
- sch_sfb: Also store skb len before calling child enqueue
- usb: dwc3: fix PHY disable sequence
- USB: serial: ch341: fix lost character on LCR updates
- USB: serial: ch341: fix disabled rx timer on older devices
- MIPS: loongson32: ls1c: Fix hang during startup
- SUNRPC: use _bh spinlocking on ->transport_lock
- net: dp83822: disable false carrier interrupt
- tcp: annotate data-race around challenge_timestamp
- clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops
- clk: core: Fix runtime PM sequence in clk_core_unprepare()
- soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs
- i40e: Fix kernel crash during module removal
- mm: Fix TLB flush for not-first PFNMAP mappings in unmap_region()
- drm/msm/rd: Fix FIFO-full deadlock
- HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo
- tg3: Disable tg3 device on system reboot to avoid triggering AER
- 

[Kernel-packages] [Bug 1996892] Re: Expose built-in trusted and revoked certificates

2022-11-22 Thread Stefan Bader
** Changed in: linux (Ubuntu Kinetic)
   Status: Confirmed => Fix Committed

** Changed in: linux (Ubuntu Jammy)
   Status: Confirmed => Fix Committed

** Changed in: linux (Ubuntu Focal)
   Status: Confirmed => Fix Committed

** Changed in: linux (Ubuntu Bionic)
   Status: Confirmed => Fix Committed

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1996892

Title:
  Expose built-in trusted and revoked certificates

Status in linux package in Ubuntu:
  Confirmed
Status in linux source package in Bionic:
  Fix Committed
Status in linux source package in Focal:
  Fix Committed
Status in linux source package in Jammy:
  Fix Committed
Status in linux source package in Kinetic:
  Fix Committed
Status in linux source package in Lunar:
  Confirmed

Bug description:
  [ Impact ]

   * Kernels have a set of builtin trusted and revoked certificates as a bundle
   * It is not very easy to access them, one needs to either download linux 
kernel package source code; or boot the kernel look up builtin hashes; and then 
find certificates externally
   * It would be more convenient for inspection to expose these in the 
buildinfo package, which already exposes auxiliary kernel information

  [ Test Plan ]

   * sudo apt install linux-buildinfo-$(uname -r)
   * check that /usr/lib/linux/$(uname -r)/canonical-certs.pem exists and 
contains livepatch cert
   * check that /usr/lib/linux/$(uname -r)/canonical-uefi-2012-all.pem exists 
and contains 2012 cert

  Example output:
  $ grep Subject: -r usr/lib/linux
  usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: CN = 
Canonical Ltd. Live Patch Signing
  usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: C = GB, 
ST = Isle of Man, L = Douglas, O = Canonical Ltd., CN = Canonical Ltd. Kernel 
Module Signing
  usr/lib/linux/5.19.0-24-generic/canonical-revoked-certs.pem:Subject: 
C = GB, ST = Isle of Man, O = Canonical Ltd., OU = Secure Boot, CN = Canonical 
Ltd. Secure Boot Signing

  
  [ Where problems could occur ]

   * buildinfo is an auxiliary package not installed by default, but
  used by developer tooling and packaging.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1996892/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp


[Kernel-packages] [Bug 1996892] Re: Expose built-in trusted and revoked certificates

2022-11-18 Thread Stefan Bader
** Changed in: linux (Ubuntu Kinetic)
   Importance: Undecided => Low

** Changed in: linux (Ubuntu Jammy)
   Importance: Undecided => Low

** Changed in: linux (Ubuntu Focal)
   Importance: Undecided => Low

** Changed in: linux (Ubuntu Bionic)
   Importance: Undecided => Low

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1996892

Title:
  Expose built-in trusted and revoked certificates

Status in linux package in Ubuntu:
  Confirmed
Status in linux source package in Bionic:
  Confirmed
Status in linux source package in Focal:
  Confirmed
Status in linux source package in Jammy:
  Confirmed
Status in linux source package in Kinetic:
  Confirmed
Status in linux source package in Lunar:
  Confirmed

Bug description:
  [ Impact ]

   * Kernels have a set of builtin trusted and revoked certificates as a bundle
   * It is not very easy to access them, one needs to either download linux 
kernel package source code; or boot the kernel look up builtin hashes; and then 
find certificates externally
   * It would be more convenient for inspection to expose these in the 
buildinfo package, which already exposes auxiliary kernel information

  [ Test Plan ]

   * sudo apt install linux-buildinfo-$(uname -r)
   * check that /usr/lib/linux/$(uname -r)/canonical-certs.pem exists and 
contains livepatch cert
   * check that /usr/lib/linux/$(uname -r)/canonical-uefi-2012-all.pem exists 
and contains 2012 cert

  Example output:
  $ grep Subject: -r usr/lib/linux
  usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: CN = 
Canonical Ltd. Live Patch Signing
  usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: C = GB, 
ST = Isle of Man, L = Douglas, O = Canonical Ltd., CN = Canonical Ltd. Kernel 
Module Signing
  usr/lib/linux/5.19.0-24-generic/canonical-revoked-certs.pem:Subject: 
C = GB, ST = Isle of Man, O = Canonical Ltd., OU = Secure Boot, CN = Canonical 
Ltd. Secure Boot Signing

  
  [ Where problems could occur ]

   * buildinfo is an auxiliary package not installed by default, but
  used by developer tooling and packaging.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1996892/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp


[Kernel-packages] [Bug 1996892] Re: Expose built-in trusted and revoked certificates

2022-11-17 Thread Dimitri John Ledkov
** Changed in: linux (Ubuntu Bionic)
   Status: Incomplete => Confirmed

** Changed in: linux (Ubuntu Focal)
   Status: Incomplete => Confirmed

** Changed in: linux (Ubuntu Jammy)
   Status: Incomplete => Confirmed

** Changed in: linux (Ubuntu Kinetic)
   Status: Incomplete => Confirmed

** Changed in: linux (Ubuntu Lunar)
   Status: Incomplete => Confirmed

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1996892

Title:
  Expose built-in trusted and revoked certificates

Status in linux package in Ubuntu:
  Confirmed
Status in linux source package in Bionic:
  Confirmed
Status in linux source package in Focal:
  Confirmed
Status in linux source package in Jammy:
  Confirmed
Status in linux source package in Kinetic:
  Confirmed
Status in linux source package in Lunar:
  Confirmed

Bug description:
  [ Impact ]

   * Kernels have a set of builtin trusted and revoked certificates as a bundle
   * It is not very easy to access them, one needs to either download linux 
kernel package source code; or boot the kernel look up builtin hashes; and then 
find certificates externally
   * It would be more convenient for inspection to expose these in the 
buildinfo package, which already exposes auxiliary kernel information

  [ Test Plan ]

   * sudo apt install linux-buildinfo-$(uname -r)
   * check that /usr/lib/linux/$(uname -r)/canonical-certs.pem exists and 
contains livepatch cert
   * check that /usr/lib/linux/$(uname -r)/canonical-uefi-2012-all.pem exists 
and contains 2012 cert

  Example output:
  $ grep Subject: -r usr/lib/linux
  usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: CN = 
Canonical Ltd. Live Patch Signing
  usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: C = GB, 
ST = Isle of Man, L = Douglas, O = Canonical Ltd., CN = Canonical Ltd. Kernel 
Module Signing
  usr/lib/linux/5.19.0-24-generic/canonical-revoked-certs.pem:Subject: 
C = GB, ST = Isle of Man, O = Canonical Ltd., OU = Secure Boot, CN = Canonical 
Ltd. Secure Boot Signing

  
  [ Where problems could occur ]

   * buildinfo is an auxiliary package not installed by default, but
  used by developer tooling and packaging.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1996892/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp


[Kernel-packages] [Bug 1996892] Re: Expose built-in trusted and revoked certificates

2022-11-17 Thread Dimitri John Ledkov
** Description changed:

  [ Impact ]
  
-  * Kernels have a set of builtin trusted and revoked certificates as a bundle
-  * It is not very easy to access them, one needs to either download linux 
kernel package source code; or boot the kernel look up builtin hashes; and then 
find certificates externally
-  * It would be more convenient for inspection to expose these in the 
buildinfo package, which already exposes auxiliary kernel information
+  * Kernels have a set of builtin trusted and revoked certificates as a bundle
+  * It is not very easy to access them, one needs to either download linux 
kernel package source code; or boot the kernel look up builtin hashes; and then 
find certificates externally
+  * It would be more convenient for inspection to expose these in the 
buildinfo package, which already exposes auxiliary kernel information
  
  [ Test Plan ]
  
-  * sudo apt install linux-buildinfo-$(uname -r)
-  * check that /usr/lib/linux/$(uname -r)/canonical-certs.pem exists and 
contains livepatch cert
-  * check that /usr/lib/linux/$(uname -r)/canonical-uefi-2012-all.pem exists 
and contains 2012 cert
+  * sudo apt install linux-buildinfo-$(uname -r)
+  * check that /usr/lib/linux/$(uname -r)/canonical-certs.pem exists and 
contains livepatch cert
+  * check that /usr/lib/linux/$(uname -r)/canonical-uefi-2012-all.pem exists 
and contains 2012 cert
+ 
+ Example output:
+ $ grep Subject: -r usr/lib/linux
+ usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: CN = 
Canonical Ltd. Live Patch Signing
+ usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: C = GB, 
ST = Isle of Man, L = Douglas, O = Canonical Ltd., CN = Canonical Ltd. Kernel 
Module Signing
+ usr/lib/linux/5.19.0-24-generic/canonical-revoked-certs.pem:Subject: 
C = GB, ST = Isle of Man, O = Canonical Ltd., OU = Secure Boot, CN = Canonical 
Ltd. Secure Boot Signing
+ 
  
  [ Where problems could occur ]
  
-  * buildinfo is an auxiliary package not installed by default, but used
+  * buildinfo is an auxiliary package not installed by default, but used
  by developer tooling and packaging.

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1996892

Title:
  Expose built-in trusted and revoked certificates

Status in linux package in Ubuntu:
  Incomplete
Status in linux source package in Bionic:
  Incomplete
Status in linux source package in Focal:
  Incomplete
Status in linux source package in Jammy:
  Incomplete
Status in linux source package in Kinetic:
  Incomplete
Status in linux source package in Lunar:
  Incomplete

Bug description:
  [ Impact ]

   * Kernels have a set of builtin trusted and revoked certificates as a bundle
   * It is not very easy to access them, one needs to either download linux 
kernel package source code; or boot the kernel look up builtin hashes; and then 
find certificates externally
   * It would be more convenient for inspection to expose these in the 
buildinfo package, which already exposes auxiliary kernel information

  [ Test Plan ]

   * sudo apt install linux-buildinfo-$(uname -r)
   * check that /usr/lib/linux/$(uname -r)/canonical-certs.pem exists and 
contains livepatch cert
   * check that /usr/lib/linux/$(uname -r)/canonical-uefi-2012-all.pem exists 
and contains 2012 cert

  Example output:
  $ grep Subject: -r usr/lib/linux
  usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: CN = 
Canonical Ltd. Live Patch Signing
  usr/lib/linux/5.19.0-24-generic/canonical-certs.pem:Subject: C = GB, 
ST = Isle of Man, L = Douglas, O = Canonical Ltd., CN = Canonical Ltd. Kernel 
Module Signing
  usr/lib/linux/5.19.0-24-generic/canonical-revoked-certs.pem:Subject: 
C = GB, ST = Isle of Man, O = Canonical Ltd., OU = Secure Boot, CN = Canonical 
Ltd. Secure Boot Signing

  
  [ Where problems could occur ]

   * buildinfo is an auxiliary package not installed by default, but
  used by developer tooling and packaging.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1996892/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp