[Kernel-packages] [Bug 2002812] Re: Revoke & rotate to new signing key
** Tags removed: verification-done-kinetic -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2002812 Title: Revoke & rotate to new signing key Status in linux package in Ubuntu: Fix Released Status in linux source package in Bionic: Fix Released Status in linux source package in Focal: Fix Released Status in linux source package in Jammy: Fix Released Status in linux source package in Kinetic: Fix Released Bug description: [ Impact ] * Revoke & rotate to new signing key * Update revocations, which match the next Ubuntu shim 15.7 revocations. Specifically - revoke certs that were previously protected with by-hash revocations, revoke lost/unused certificates. * Start using advantage2021v1 and ubuntu2022v1 signing keys. * This is a routine key rotation. [ Test Plan ] * Check that old shim/grub boot this kernel * Check that the upcomming future shim/grub can boot this kernel * Check that these kernels can do signed kexec into itself [ Where problems could occur ] * Kernels with this patch applied should be signed using ubuntu/4 pro/3 core/2 signing streams. [ Other Info ] * TPM PCR values and measurements will change when changing the signing key To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2002812/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2002812] Re: Revoke & rotate to new signing key
** Tags removed: verification-done-focal -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2002812 Title: Revoke & rotate to new signing key Status in linux package in Ubuntu: Fix Released Status in linux source package in Bionic: Fix Released Status in linux source package in Focal: Fix Released Status in linux source package in Jammy: Fix Released Status in linux source package in Kinetic: Fix Released Bug description: [ Impact ] * Revoke & rotate to new signing key * Update revocations, which match the next Ubuntu shim 15.7 revocations. Specifically - revoke certs that were previously protected with by-hash revocations, revoke lost/unused certificates. * Start using advantage2021v1 and ubuntu2022v1 signing keys. * This is a routine key rotation. [ Test Plan ] * Check that old shim/grub boot this kernel * Check that the upcomming future shim/grub can boot this kernel * Check that these kernels can do signed kexec into itself [ Where problems could occur ] * Kernels with this patch applied should be signed using ubuntu/4 pro/3 core/2 signing streams. [ Other Info ] * TPM PCR values and measurements will change when changing the signing key To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2002812/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2002812] Re: Revoke & rotate to new signing key
** Tags removed: verification-done-jammy -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2002812 Title: Revoke & rotate to new signing key Status in linux package in Ubuntu: Fix Released Status in linux source package in Bionic: Fix Released Status in linux source package in Focal: Fix Released Status in linux source package in Jammy: Fix Released Status in linux source package in Kinetic: Fix Released Bug description: [ Impact ] * Revoke & rotate to new signing key * Update revocations, which match the next Ubuntu shim 15.7 revocations. Specifically - revoke certs that were previously protected with by-hash revocations, revoke lost/unused certificates. * Start using advantage2021v1 and ubuntu2022v1 signing keys. * This is a routine key rotation. [ Test Plan ] * Check that old shim/grub boot this kernel * Check that the upcomming future shim/grub can boot this kernel * Check that these kernels can do signed kexec into itself [ Where problems could occur ] * Kernels with this patch applied should be signed using ubuntu/4 pro/3 core/2 signing streams. [ Other Info ] * TPM PCR values and measurements will change when changing the signing key To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2002812/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2002812] Re: Revoke & rotate to new signing key
** Tags removed: verification-needed-bionic verification-needed-focal verification-needed-jammy verification-needed-kinetic ** Tags added: verification-done-bionic verification-done-focal verification-done-jammy verification-done-kinetic ** Tags added: kernel-stable-tracking-bug -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2002812 Title: Revoke & rotate to new signing key Status in linux package in Ubuntu: Fix Released Status in linux source package in Bionic: Fix Released Status in linux source package in Focal: Fix Released Status in linux source package in Jammy: Fix Released Status in linux source package in Kinetic: Fix Released Bug description: [ Impact ] * Revoke & rotate to new signing key * Update revocations, which match the next Ubuntu shim 15.7 revocations. Specifically - revoke certs that were previously protected with by-hash revocations, revoke lost/unused certificates. * Start using advantage2021v1 and ubuntu2022v1 signing keys. * This is a routine key rotation. [ Test Plan ] * Check that old shim/grub boot this kernel * Check that the upcomming future shim/grub can boot this kernel * Check that these kernels can do signed kexec into itself [ Where problems could occur ] * Kernels with this patch applied should be signed using ubuntu/4 pro/3 core/2 signing streams. [ Other Info ] * TPM PCR values and measurements will change when changing the signing key To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2002812/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2002812] Re: Revoke & rotate to new signing key
This bug was fixed in the package linux - 6.1.0-16.16 --- linux (6.1.0-16.16) lunar; urgency=medium * lunar/linux: 6.1.0-16.16 -proposed tracker (LP: #2008480) * Packaging resync (LP: #1786013) - debian/dkms-versions -- temporarily drop broken dkms -- Andrea Righi Fri, 24 Feb 2023 14:24:48 +0100 ** Changed in: linux (Ubuntu) Status: Triaged => Fix Released -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2002812 Title: Revoke & rotate to new signing key Status in linux package in Ubuntu: Fix Released Status in linux source package in Bionic: Fix Released Status in linux source package in Focal: Fix Released Status in linux source package in Jammy: Fix Released Status in linux source package in Kinetic: Fix Released Bug description: [ Impact ] * Revoke & rotate to new signing key * Update revocations, which match the next Ubuntu shim 15.7 revocations. Specifically - revoke certs that were previously protected with by-hash revocations, revoke lost/unused certificates. * Start using advantage2021v1 and ubuntu2022v1 signing keys. * This is a routine key rotation. [ Test Plan ] * Check that old shim/grub boot this kernel * Check that the upcomming future shim/grub can boot this kernel * Check that these kernels can do signed kexec into itself [ Where problems could occur ] * Kernels with this patch applied should be signed using ubuntu/4 pro/3 core/2 signing streams. [ Other Info ] * TPM PCR values and measurements will change when changing the signing key To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2002812/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2002812] Re: Revoke & rotate to new signing key
This bug is awaiting verification that the linux- azure-4.15/4.15.0-1162.177 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed-bionic'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: kernel-spammed-bionic-linux-azure-4.15 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2002812 Title: Revoke & rotate to new signing key Status in linux package in Ubuntu: Triaged Status in linux source package in Bionic: Fix Released Status in linux source package in Focal: Fix Released Status in linux source package in Jammy: Fix Released Status in linux source package in Kinetic: Fix Released Bug description: [ Impact ] * Revoke & rotate to new signing key * Update revocations, which match the next Ubuntu shim 15.7 revocations. Specifically - revoke certs that were previously protected with by-hash revocations, revoke lost/unused certificates. * Start using advantage2021v1 and ubuntu2022v1 signing keys. * This is a routine key rotation. [ Test Plan ] * Check that old shim/grub boot this kernel * Check that the upcomming future shim/grub can boot this kernel * Check that these kernels can do signed kexec into itself [ Where problems could occur ] * Kernels with this patch applied should be signed using ubuntu/4 pro/3 core/2 signing streams. [ Other Info ] * TPM PCR values and measurements will change when changing the signing key To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2002812/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2002812] Re: Revoke & rotate to new signing key
This bug is awaiting verification that the linux-xilinx- zynqmp/5.4.0-1022.26 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal' to 'verification- done-focal'. If the problem still exists, change the tag 'verification- needed-focal' to 'verification-failed-focal'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: kernel-spammed-focal-linux-xilinx-zynqmp -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2002812 Title: Revoke & rotate to new signing key Status in linux package in Ubuntu: Triaged Status in linux source package in Bionic: Fix Released Status in linux source package in Focal: Fix Released Status in linux source package in Jammy: Fix Released Status in linux source package in Kinetic: Fix Released Bug description: [ Impact ] * Revoke & rotate to new signing key * Update revocations, which match the next Ubuntu shim 15.7 revocations. Specifically - revoke certs that were previously protected with by-hash revocations, revoke lost/unused certificates. * Start using advantage2021v1 and ubuntu2022v1 signing keys. * This is a routine key rotation. [ Test Plan ] * Check that old shim/grub boot this kernel * Check that the upcomming future shim/grub can boot this kernel * Check that these kernels can do signed kexec into itself [ Where problems could occur ] * Kernels with this patch applied should be signed using ubuntu/4 pro/3 core/2 signing streams. [ Other Info ] * TPM PCR values and measurements will change when changing the signing key To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2002812/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2002812] Re: Revoke & rotate to new signing key
This bug is awaiting verification that the linux-realtime/5.15.0-1033.36 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy' to 'verification-done-jammy'. If the problem still exists, change the tag 'verification-needed-jammy' to 'verification-failed-jammy'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: kernel-spammed-jammy-linux-realtime -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2002812 Title: Revoke & rotate to new signing key Status in linux package in Ubuntu: Triaged Status in linux source package in Bionic: Fix Released Status in linux source package in Focal: Fix Released Status in linux source package in Jammy: Fix Released Status in linux source package in Kinetic: Fix Released Bug description: [ Impact ] * Revoke & rotate to new signing key * Update revocations, which match the next Ubuntu shim 15.7 revocations. Specifically - revoke certs that were previously protected with by-hash revocations, revoke lost/unused certificates. * Start using advantage2021v1 and ubuntu2022v1 signing keys. * This is a routine key rotation. [ Test Plan ] * Check that old shim/grub boot this kernel * Check that the upcomming future shim/grub can boot this kernel * Check that these kernels can do signed kexec into itself [ Where problems could occur ] * Kernels with this patch applied should be signed using ubuntu/4 pro/3 core/2 signing streams. [ Other Info ] * TPM PCR values and measurements will change when changing the signing key To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2002812/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2002812] Re: Revoke & rotate to new signing key
This bug is awaiting verification that the linux-raspi2/4.15.0-1128.136 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed-bionic'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: kernel-spammed-bionic-linux-raspi2 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2002812 Title: Revoke & rotate to new signing key Status in linux package in Ubuntu: Triaged Status in linux source package in Bionic: Fix Released Status in linux source package in Focal: Fix Released Status in linux source package in Jammy: Fix Released Status in linux source package in Kinetic: Fix Released Bug description: [ Impact ] * Revoke & rotate to new signing key * Update revocations, which match the next Ubuntu shim 15.7 revocations. Specifically - revoke certs that were previously protected with by-hash revocations, revoke lost/unused certificates. * Start using advantage2021v1 and ubuntu2022v1 signing keys. * This is a routine key rotation. [ Test Plan ] * Check that old shim/grub boot this kernel * Check that the upcomming future shim/grub can boot this kernel * Check that these kernels can do signed kexec into itself [ Where problems could occur ] * Kernels with this patch applied should be signed using ubuntu/4 pro/3 core/2 signing streams. [ Other Info ] * TPM PCR values and measurements will change when changing the signing key To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2002812/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2002812] Re: Revoke & rotate to new signing key
This bug is awaiting verification that the linux-raspi2/4.15.0-1128.136 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed-bionic'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2002812 Title: Revoke & rotate to new signing key Status in linux package in Ubuntu: Triaged Status in linux source package in Bionic: Fix Released Status in linux source package in Focal: Fix Released Status in linux source package in Jammy: Fix Released Status in linux source package in Kinetic: Fix Released Bug description: [ Impact ] * Revoke & rotate to new signing key * Update revocations, which match the next Ubuntu shim 15.7 revocations. Specifically - revoke certs that were previously protected with by-hash revocations, revoke lost/unused certificates. * Start using advantage2021v1 and ubuntu2022v1 signing keys. * This is a routine key rotation. [ Test Plan ] * Check that old shim/grub boot this kernel * Check that the upcomming future shim/grub can boot this kernel * Check that these kernels can do signed kexec into itself [ Where problems could occur ] * Kernels with this patch applied should be signed using ubuntu/4 pro/3 core/2 signing streams. [ Other Info ] * TPM PCR values and measurements will change when changing the signing key To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2002812/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2002812] Re: Revoke & rotate to new signing key
This bug is awaiting verification that the linux-raspi/5.4.0-1081.92 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: kernel-spammed-focal-linux-raspi -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2002812 Title: Revoke & rotate to new signing key Status in linux package in Ubuntu: Triaged Status in linux source package in Bionic: Fix Released Status in linux source package in Focal: Fix Released Status in linux source package in Jammy: Fix Released Status in linux source package in Kinetic: Fix Released Bug description: [ Impact ] * Revoke & rotate to new signing key * Update revocations, which match the next Ubuntu shim 15.7 revocations. Specifically - revoke certs that were previously protected with by-hash revocations, revoke lost/unused certificates. * Start using advantage2021v1 and ubuntu2022v1 signing keys. * This is a routine key rotation. [ Test Plan ] * Check that old shim/grub boot this kernel * Check that the upcomming future shim/grub can boot this kernel * Check that these kernels can do signed kexec into itself [ Where problems could occur ] * Kernels with this patch applied should be signed using ubuntu/4 pro/3 core/2 signing streams. [ Other Info ] * TPM PCR values and measurements will change when changing the signing key To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2002812/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2002812] Re: Revoke & rotate to new signing key
This bug is awaiting verification that the linux-raspi/5.19.0-1014.21 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-kinetic' to 'verification-done-kinetic'. If the problem still exists, change the tag 'verification-needed-kinetic' to 'verification-failed-kinetic'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: kernel-spammed-kinetic-linux-raspi -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2002812 Title: Revoke & rotate to new signing key Status in linux package in Ubuntu: Triaged Status in linux source package in Bionic: Fix Released Status in linux source package in Focal: Fix Released Status in linux source package in Jammy: Fix Released Status in linux source package in Kinetic: Fix Released Bug description: [ Impact ] * Revoke & rotate to new signing key * Update revocations, which match the next Ubuntu shim 15.7 revocations. Specifically - revoke certs that were previously protected with by-hash revocations, revoke lost/unused certificates. * Start using advantage2021v1 and ubuntu2022v1 signing keys. * This is a routine key rotation. [ Test Plan ] * Check that old shim/grub boot this kernel * Check that the upcomming future shim/grub can boot this kernel * Check that these kernels can do signed kexec into itself [ Where problems could occur ] * Kernels with this patch applied should be signed using ubuntu/4 pro/3 core/2 signing streams. [ Other Info ] * TPM PCR values and measurements will change when changing the signing key To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2002812/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2002812] Re: Revoke & rotate to new signing key
This bug is awaiting verification that the linux-raspi/5.15.0-1025.27 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy' to 'verification-done-jammy'. If the problem still exists, change the tag 'verification-needed-jammy' to 'verification-failed-jammy'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: kernel-spammed-jammy-linux-raspi -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2002812 Title: Revoke & rotate to new signing key Status in linux package in Ubuntu: Triaged Status in linux source package in Bionic: Fix Released Status in linux source package in Focal: Fix Released Status in linux source package in Jammy: Fix Released Status in linux source package in Kinetic: Fix Released Bug description: [ Impact ] * Revoke & rotate to new signing key * Update revocations, which match the next Ubuntu shim 15.7 revocations. Specifically - revoke certs that were previously protected with by-hash revocations, revoke lost/unused certificates. * Start using advantage2021v1 and ubuntu2022v1 signing keys. * This is a routine key rotation. [ Test Plan ] * Check that old shim/grub boot this kernel * Check that the upcomming future shim/grub can boot this kernel * Check that these kernels can do signed kexec into itself [ Where problems could occur ] * Kernels with this patch applied should be signed using ubuntu/4 pro/3 core/2 signing streams. [ Other Info ] * TPM PCR values and measurements will change when changing the signing key To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2002812/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2002812] Re: Revoke & rotate to new signing key
This bug is awaiting verification that the linux-aws/5.15.0-1031.35 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy' to 'verification-done-jammy'. If the problem still exists, change the tag 'verification-needed-jammy' to 'verification-failed-jammy'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: kernel-spammed-jammy-linux-aws -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2002812 Title: Revoke & rotate to new signing key Status in linux package in Ubuntu: Triaged Status in linux source package in Bionic: Fix Released Status in linux source package in Focal: Fix Released Status in linux source package in Jammy: Fix Released Status in linux source package in Kinetic: Fix Released Bug description: [ Impact ] * Revoke & rotate to new signing key * Update revocations, which match the next Ubuntu shim 15.7 revocations. Specifically - revoke certs that were previously protected with by-hash revocations, revoke lost/unused certificates. * Start using advantage2021v1 and ubuntu2022v1 signing keys. * This is a routine key rotation. [ Test Plan ] * Check that old shim/grub boot this kernel * Check that the upcomming future shim/grub can boot this kernel * Check that these kernels can do signed kexec into itself [ Where problems could occur ] * Kernels with this patch applied should be signed using ubuntu/4 pro/3 core/2 signing streams. [ Other Info ] * TPM PCR values and measurements will change when changing the signing key To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2002812/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2002812] Re: Revoke & rotate to new signing key
This bug is awaiting verification that the linux-azure/5.19.0-1021.22 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-kinetic' to 'verification-done-kinetic'. If the problem still exists, change the tag 'verification-needed-kinetic' to 'verification-failed-kinetic'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: kernel-spammed-kinetic-linux-azure -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2002812 Title: Revoke & rotate to new signing key Status in linux package in Ubuntu: Triaged Status in linux source package in Bionic: Fix Released Status in linux source package in Focal: Fix Released Status in linux source package in Jammy: Fix Released Status in linux source package in Kinetic: Fix Released Bug description: [ Impact ] * Revoke & rotate to new signing key * Update revocations, which match the next Ubuntu shim 15.7 revocations. Specifically - revoke certs that were previously protected with by-hash revocations, revoke lost/unused certificates. * Start using advantage2021v1 and ubuntu2022v1 signing keys. * This is a routine key rotation. [ Test Plan ] * Check that old shim/grub boot this kernel * Check that the upcomming future shim/grub can boot this kernel * Check that these kernels can do signed kexec into itself [ Where problems could occur ] * Kernels with this patch applied should be signed using ubuntu/4 pro/3 core/2 signing streams. [ Other Info ] * TPM PCR values and measurements will change when changing the signing key To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2002812/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2002812] Re: Revoke & rotate to new signing key
This bug is awaiting verification that the linux-azure/5.4.0-1104.110 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: kernel-spammed-focal-linux-azure -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2002812 Title: Revoke & rotate to new signing key Status in linux package in Ubuntu: Triaged Status in linux source package in Bionic: Fix Released Status in linux source package in Focal: Fix Released Status in linux source package in Jammy: Fix Released Status in linux source package in Kinetic: Fix Released Bug description: [ Impact ] * Revoke & rotate to new signing key * Update revocations, which match the next Ubuntu shim 15.7 revocations. Specifically - revoke certs that were previously protected with by-hash revocations, revoke lost/unused certificates. * Start using advantage2021v1 and ubuntu2022v1 signing keys. * This is a routine key rotation. [ Test Plan ] * Check that old shim/grub boot this kernel * Check that the upcomming future shim/grub can boot this kernel * Check that these kernels can do signed kexec into itself [ Where problems could occur ] * Kernels with this patch applied should be signed using ubuntu/4 pro/3 core/2 signing streams. [ Other Info ] * TPM PCR values and measurements will change when changing the signing key To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2002812/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2002812] Re: Revoke & rotate to new signing key
This bug is awaiting verification that the linux-aws/5.4.0-1097.105 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: kernel-spammed-focal-linux-aws -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2002812 Title: Revoke & rotate to new signing key Status in linux package in Ubuntu: Triaged Status in linux source package in Bionic: Fix Released Status in linux source package in Focal: Fix Released Status in linux source package in Jammy: Fix Released Status in linux source package in Kinetic: Fix Released Bug description: [ Impact ] * Revoke & rotate to new signing key * Update revocations, which match the next Ubuntu shim 15.7 revocations. Specifically - revoke certs that were previously protected with by-hash revocations, revoke lost/unused certificates. * Start using advantage2021v1 and ubuntu2022v1 signing keys. * This is a routine key rotation. [ Test Plan ] * Check that old shim/grub boot this kernel * Check that the upcomming future shim/grub can boot this kernel * Check that these kernels can do signed kexec into itself [ Where problems could occur ] * Kernels with this patch applied should be signed using ubuntu/4 pro/3 core/2 signing streams. [ Other Info ] * TPM PCR values and measurements will change when changing the signing key To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2002812/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2002812] Re: Revoke & rotate to new signing key
This bug is awaiting verification that the linux-azure/5.15.0-1034.41 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy' to 'verification-done-jammy'. If the problem still exists, change the tag 'verification-needed-jammy' to 'verification-failed-jammy'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: kernel-spammed-jammy-linux-azure -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2002812 Title: Revoke & rotate to new signing key Status in linux package in Ubuntu: Triaged Status in linux source package in Bionic: Fix Released Status in linux source package in Focal: Fix Released Status in linux source package in Jammy: Fix Released Status in linux source package in Kinetic: Fix Released Bug description: [ Impact ] * Revoke & rotate to new signing key * Update revocations, which match the next Ubuntu shim 15.7 revocations. Specifically - revoke certs that were previously protected with by-hash revocations, revoke lost/unused certificates. * Start using advantage2021v1 and ubuntu2022v1 signing keys. * This is a routine key rotation. [ Test Plan ] * Check that old shim/grub boot this kernel * Check that the upcomming future shim/grub can boot this kernel * Check that these kernels can do signed kexec into itself [ Where problems could occur ] * Kernels with this patch applied should be signed using ubuntu/4 pro/3 core/2 signing streams. [ Other Info ] * TPM PCR values and measurements will change when changing the signing key To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2002812/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2002812] Re: Revoke & rotate to new signing key
This bug is awaiting verification that the linux- snapdragon/4.15.0-1146.156 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed-bionic'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: kernel-spammed-bionic-linux-snapdragon -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2002812 Title: Revoke & rotate to new signing key Status in linux package in Ubuntu: Triaged Status in linux source package in Bionic: Fix Released Status in linux source package in Focal: Fix Released Status in linux source package in Jammy: Fix Released Status in linux source package in Kinetic: Fix Released Bug description: [ Impact ] * Revoke & rotate to new signing key * Update revocations, which match the next Ubuntu shim 15.7 revocations. Specifically - revoke certs that were previously protected with by-hash revocations, revoke lost/unused certificates. * Start using advantage2021v1 and ubuntu2022v1 signing keys. * This is a routine key rotation. [ Test Plan ] * Check that old shim/grub boot this kernel * Check that the upcomming future shim/grub can boot this kernel * Check that these kernels can do signed kexec into itself [ Where problems could occur ] * Kernels with this patch applied should be signed using ubuntu/4 pro/3 core/2 signing streams. [ Other Info ] * TPM PCR values and measurements will change when changing the signing key To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2002812/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2002812] Re: Revoke & rotate to new signing key
This bug is awaiting verification that the linux-lowlatency- hwe-5.19/5.19.0-1017.18~22.04.1 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy' to 'verification-done-jammy'. If the problem still exists, change the tag 'verification-needed-jammy' to 'verification-failed-jammy'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: kernel-spammed-jammy-linux-lowlatency-hwe-5.19 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2002812 Title: Revoke & rotate to new signing key Status in linux package in Ubuntu: Triaged Status in linux source package in Bionic: Fix Released Status in linux source package in Focal: Fix Released Status in linux source package in Jammy: Fix Released Status in linux source package in Kinetic: Fix Released Bug description: [ Impact ] * Revoke & rotate to new signing key * Update revocations, which match the next Ubuntu shim 15.7 revocations. Specifically - revoke certs that were previously protected with by-hash revocations, revoke lost/unused certificates. * Start using advantage2021v1 and ubuntu2022v1 signing keys. * This is a routine key rotation. [ Test Plan ] * Check that old shim/grub boot this kernel * Check that the upcomming future shim/grub can boot this kernel * Check that these kernels can do signed kexec into itself [ Where problems could occur ] * Kernels with this patch applied should be signed using ubuntu/4 pro/3 core/2 signing streams. [ Other Info ] * TPM PCR values and measurements will change when changing the signing key To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2002812/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2002812] Re: Revoke & rotate to new signing key
This bug is awaiting verification that the linux-bluefield/5.4.0-1058.64 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: kernel-spammed-focal-linux-bluefield -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2002812 Title: Revoke & rotate to new signing key Status in linux package in Ubuntu: Triaged Status in linux source package in Bionic: Fix Released Status in linux source package in Focal: Fix Released Status in linux source package in Jammy: Fix Released Status in linux source package in Kinetic: Fix Released Bug description: [ Impact ] * Revoke & rotate to new signing key * Update revocations, which match the next Ubuntu shim 15.7 revocations. Specifically - revoke certs that were previously protected with by-hash revocations, revoke lost/unused certificates. * Start using advantage2021v1 and ubuntu2022v1 signing keys. * This is a routine key rotation. [ Test Plan ] * Check that old shim/grub boot this kernel * Check that the upcomming future shim/grub can boot this kernel * Check that these kernels can do signed kexec into itself [ Where problems could occur ] * Kernels with this patch applied should be signed using ubuntu/4 pro/3 core/2 signing streams. [ Other Info ] * TPM PCR values and measurements will change when changing the signing key To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2002812/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2002812] Re: Revoke & rotate to new signing key
This bug is awaiting verification that the linux-aws/5.19.0-1020.21 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-kinetic' to 'verification-done-kinetic'. If the problem still exists, change the tag 'verification-needed-kinetic' to 'verification-failed-kinetic'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: kernel-spammed-kinetic-linux-aws -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2002812 Title: Revoke & rotate to new signing key Status in linux package in Ubuntu: Triaged Status in linux source package in Bionic: Fix Released Status in linux source package in Focal: Fix Released Status in linux source package in Jammy: Fix Released Status in linux source package in Kinetic: Fix Released Bug description: [ Impact ] * Revoke & rotate to new signing key * Update revocations, which match the next Ubuntu shim 15.7 revocations. Specifically - revoke certs that were previously protected with by-hash revocations, revoke lost/unused certificates. * Start using advantage2021v1 and ubuntu2022v1 signing keys. * This is a routine key rotation. [ Test Plan ] * Check that old shim/grub boot this kernel * Check that the upcomming future shim/grub can boot this kernel * Check that these kernels can do signed kexec into itself [ Where problems could occur ] * Kernels with this patch applied should be signed using ubuntu/4 pro/3 core/2 signing streams. [ Other Info ] * TPM PCR values and measurements will change when changing the signing key To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2002812/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2002812] Re: Revoke & rotate to new signing key
This bug is awaiting verification that the linux-kvm/4.15.0-1136.141 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed-bionic'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: kernel-spammed-bionic-linux-kvm -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2002812 Title: Revoke & rotate to new signing key Status in linux package in Ubuntu: Triaged Status in linux source package in Bionic: Fix Released Status in linux source package in Focal: Fix Released Status in linux source package in Jammy: Fix Released Status in linux source package in Kinetic: Fix Released Bug description: [ Impact ] * Revoke & rotate to new signing key * Update revocations, which match the next Ubuntu shim 15.7 revocations. Specifically - revoke certs that were previously protected with by-hash revocations, revoke lost/unused certificates. * Start using advantage2021v1 and ubuntu2022v1 signing keys. * This is a routine key rotation. [ Test Plan ] * Check that old shim/grub boot this kernel * Check that the upcomming future shim/grub can boot this kernel * Check that these kernels can do signed kexec into itself [ Where problems could occur ] * Kernels with this patch applied should be signed using ubuntu/4 pro/3 core/2 signing streams. [ Other Info ] * TPM PCR values and measurements will change when changing the signing key To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2002812/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2002812] Re: Revoke & rotate to new signing key
This bug was fixed in the package linux - 5.19.0-31.32 --- linux (5.19.0-31.32) kinetic; urgency=medium * kinetic/linux: 5.19.0-31.32 -proposed tracker (LP: #2003423) * amdgpu: framebuffer is destroyed and the screen freezes with unsupported IP blocks (LP: #2003524) - drm/amd: Delay removal of the firmware framebuffer * Revoke & rotate to new signing key (LP: #2002812) - [Packaging] Revoke and rotate to new signing key linux (5.19.0-30.31) kinetic; urgency=medium * kinetic/linux: 5.19.0-30.31 -proposed tracker (LP: #2001756) * Packaging resync (LP: #1786013) - [Packaging] update helper scripts - debian/dkms-versions -- update from kernel-versions (main/2023.01.02) * Add some ACPI device IDs for Intel HID device (LP: #1995453) - platform/x86/intel/hid: Add some ACPI device IDs * Fix iosm: WWAN cannot build the connection (DW5823e) (LP: #1998115) - net: wwan: iosm: fix driver not working with INTEL_IOMMU disabled - [Config] CONFIG_IOSM update annotations on arm64 armhf ppc64el s390x riscv64 * BPF_[AND|OR|XOR|FETCH|XCHG|CMPXCHG] in net:test_bpf.sh from ubuntu_kernel_selftests failed on K-5.19 P9 (LP: #2001618) - powerpc/bpf/64: add support for BPF_ATOMIC bitwise operations - powerpc/bpf/64: add support for atomic fetch operations - powerpc/bpf/64: Add instructions for atomic_[cmp]xchg * [DEP-8] Run ADT regression suite for lowlatency kernels Jammy and later (LP: #1999528) - [DEP-8] Fix regression suite to run on lowlatency * Kinetic update: upstream stable patchset 2022-12-15 (LP: #1999828) - serial: ar933x: Deassert Transmit Enable on ->rs485_config() - KVM: x86: Trace re-injected exceptions - RDMA/cma: Use output interface for net_dev check - IB/hfi1: Correctly move list in sc_disable() - RDMA/hns: Disable local invalidate operation - NFSv4: Fix a potential state reclaim deadlock - NFSv4.1: Handle RECLAIM_COMPLETE trunking errors - NFSv4.1: We must always send RECLAIM_COMPLETE after a reboot - SUNRPC: Fix null-ptr-deref when xps sysfs alloc failed - NFSv4.2: Fixup CLONE dest file size for zero-length count - nfs4: Fix kmemleak when allocate slot failed - net: dsa: Fix possible memory leaks in dsa_loop_init() - RDMA/core: Fix null-ptr-deref in ib_core_cleanup() - RDMA/qedr: clean up work queue on failure in qedr_alloc_resources() - net: dsa: fall back to default tagger if we can't load the one from DT - nfc: fdp: Fix potential memory leak in fdp_nci_send() - nfc: nxp-nci: Fix potential memory leak in nxp_nci_send() - nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send() - nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() - net: fec: fix improper use of NETDEV_TX_BUSY - ata: pata_legacy: fix pdc20230_set_piomode() - net: sched: Fix use after free in red_enqueue() - net: tun: fix bugs for oversize packet when napi frags enabled - netfilter: nf_tables: netlink notifier might race to release objects - netfilter: nf_tables: release flow rule object from commit path - ipvs: use explicitly signed chars - ipvs: fix WARNING in __ip_vs_cleanup_batch() - ipvs: fix WARNING in ip_vs_app_net_cleanup() - rose: Fix NULL pointer dereference in rose_send_frame() - mISDN: fix possible memory leak in mISDN_register_device() - isdn: mISDN: netjet: fix wrong check of device registration - btrfs: fix inode list leak during backref walking at resolve_indirect_refs() - btrfs: fix inode list leak during backref walking at find_parent_nodes() - btrfs: fix ulist leaks in error paths of qgroup self tests - netfilter: ipset: enforce documented limit to prevent allocating huge memory - Bluetooth: virtio_bt: Use skb_put to set length - Bluetooth: L2CAP: fix use-after-free in l2cap_conn_del() - Bluetooth: L2CAP: Fix memory leak in vhci_write - net: mdio: fix undefined behavior in bit shift for __mdiobus_register - ibmvnic: Free rwi on reset success - stmmac: dwmac-loongson: fix invalid mdio_node - net/smc: Fix possible leaked pernet namespace in smc_init() - net, neigh: Fix null-ptr-deref in neigh_table_clear() - ipv6: fix WARNING in ip6_route_net_exit_late() - vsock: fix possible infinite sleep in vsock_connectible_wait_data() - media: rkisp1: Don't pass the quantization to rkisp1_csm_config() - media: rkisp1: Initialize color space on resizer sink and source pads - media: rkisp1: Use correct macro for gradient registers - media: rkisp1: Zero v4l2_subdev_format fields in when validating links - media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE - media: cros-ec-cec: limit msg.len to CEC_MAX_MSG_SIZE - media: dvb-frontends/drxk: initialize err to 0 - media: meson: vdec: fix possible refcount leak in vdec_probe() - media: v4l: subdev: Fail graciously when getting try data for NULL state - ACPI: APEI:
[Kernel-packages] [Bug 2002812] Re: Revoke & rotate to new signing key
This bug was fixed in the package linux - 5.15.0-60.66 --- linux (5.15.0-60.66) jammy; urgency=medium * jammy/linux: 5.15.0-60.66 -proposed tracker (LP: #2003450) * Revoke & rotate to new signing key (LP: #2002812) - [Packaging] Revoke and rotate to new signing key linux (5.15.0-59.65) jammy; urgency=medium * jammy/linux: 5.15.0-59.65 -proposed tracker (LP: #2001801) * Packaging resync (LP: #1786013) - [Packaging] update helper scripts * CVE-2022-47940 - ksmbd: validate length in smb2_write() * Fix iosm: WWAN cannot build the connection (DW5823e) (LP: #1998115) - net: wwan: iosm: fix driver not working with INTEL_IOMMU disabled - [Config] CONFIG_IOSM update annotations on arm64 armhf ppc64el s390x * support for same series backports versioning numbers (LP: #1993563) - [Packaging] sameport -- add support for sameport versioning * [DEP-8] Run ADT regression suite for lowlatency kernels Jammy and later (LP: #1999528) - [DEP-8] Fix regression suite to run on lowlatency * Micron NVME storage failure [1344,5407] (LP: #1998883) - nvme: add a bogus subsystem NQN quirk for Micron MTFDKBA2T0TFH * Jammy update: v5.15.78 upstream stable release (LP: #1998843) - scsi: lpfc: Rework MIB Rx Monitor debug info logic - serial: ar933x: Deassert Transmit Enable on ->rs485_config() - KVM: x86: Trace re-injected exceptions - KVM: x86: Treat #DBs from the emulator as fault-like (code and DR7.GD=1) - drm/amd/display: explicitly disable psr_feature_enable appropriately - mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page - HID: playstation: add initial DualSense Edge controller support - KVM: x86: Protect the unused bits in MSR exiting flags - KVM: x86: Copy filter arg outside kvm_vm_ioctl_set_msr_filter() - KVM: x86: Add compat handler for KVM_X86_SET_MSR_FILTER - RDMA/cma: Use output interface for net_dev check - IB/hfi1: Correctly move list in sc_disable() - RDMA/hns: Remove magic number - RDMA/hns: Use hr_reg_xxx() instead of remaining roce_set_xxx() - RDMA/hns: Disable local invalidate operation - NFSv4: Fix a potential state reclaim deadlock - NFSv4.1: Handle RECLAIM_COMPLETE trunking errors - NFSv4.1: We must always send RECLAIM_COMPLETE after a reboot - SUNRPC: Fix null-ptr-deref when xps sysfs alloc failed - NFSv4.2: Fixup CLONE dest file size for zero-length count - nfs4: Fix kmemleak when allocate slot failed - net: dsa: Fix possible memory leaks in dsa_loop_init() - RDMA/core: Fix null-ptr-deref in ib_core_cleanup() - RDMA/qedr: clean up work queue on failure in qedr_alloc_resources() - net: dsa: fall back to default tagger if we can't load the one from DT - nfc: fdp: Fix potential memory leak in fdp_nci_send() - nfc: nxp-nci: Fix potential memory leak in nxp_nci_send() - nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send() - nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() - net: fec: fix improper use of NETDEV_TX_BUSY - ata: pata_legacy: fix pdc20230_set_piomode() - net: sched: Fix use after free in red_enqueue() - net: tun: fix bugs for oversize packet when napi frags enabled - netfilter: nf_tables: netlink notifier might race to release objects - netfilter: nf_tables: release flow rule object from commit path - ipvs: use explicitly signed chars - ipvs: fix WARNING in __ip_vs_cleanup_batch() - ipvs: fix WARNING in ip_vs_app_net_cleanup() - rose: Fix NULL pointer dereference in rose_send_frame() - mISDN: fix possible memory leak in mISDN_register_device() - isdn: mISDN: netjet: fix wrong check of device registration - btrfs: fix inode list leak during backref walking at resolve_indirect_refs() - btrfs: fix inode list leak during backref walking at find_parent_nodes() - btrfs: fix ulist leaks in error paths of qgroup self tests - netfilter: ipset: enforce documented limit to prevent allocating huge memory - Bluetooth: virtio_bt: Use skb_put to set length - Bluetooth: L2CAP: fix use-after-free in l2cap_conn_del() - Bluetooth: L2CAP: Fix memory leak in vhci_write - net: mdio: fix undefined behavior in bit shift for __mdiobus_register - ibmvnic: Free rwi on reset success - stmmac: dwmac-loongson: fix invalid mdio_node - net/smc: Fix possible leaked pernet namespace in smc_init() - net, neigh: Fix null-ptr-deref in neigh_table_clear() - ipv6: fix WARNING in ip6_route_net_exit_late() - vsock: fix possible infinite sleep in vsock_connectible_wait_data() - drm/msm/hdmi: Remove spurious IRQF_ONESHOT flag - drm/msm/hdmi: fix IRQ lifetime - video/fbdev/stifb: Implement the stifb_fillrect() function - fbdev: stifb: Fall back to cfb_fillrect() on 32-bit HCRX cards - mtd: parsers: bcm47xxpart: print correct offset on read error - mtd: parsers: bcm47xxpart: Fix
[Kernel-packages] [Bug 2002812] Re: Revoke & rotate to new signing key
This bug was fixed in the package linux - 5.4.0-139.156 --- linux (5.4.0-139.156) focal; urgency=medium * focal/linux: 5.4.0-139.156 -proposed tracker (LP: #2003486) * Revoke & rotate to new signing key (LP: #2002812) - [Packaging] Revoke and rotate to new signing key linux (5.4.0-138.155) focal; urgency=medium * focal/linux: 5.4.0-138.155 -proposed tracker (LP: #2001845) * Packaging resync (LP: #1786013) - [Packaging] update helper scripts * Focal update: v5.4.224 upstream stable release (LP: #1999273) - RDMA/cma: Use output interface for net_dev check - IB/hfi1: Correctly move list in sc_disable() - NFSv4.1: Handle RECLAIM_COMPLETE trunking errors - NFSv4.1: We must always send RECLAIM_COMPLETE after a reboot - nfs4: Fix kmemleak when allocate slot failed - net: dsa: Fix possible memory leaks in dsa_loop_init() - RDMA/core: Fix null-ptr-deref in ib_core_cleanup() - RDMA/qedr: clean up work queue on failure in qedr_alloc_resources() - nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send() - nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() - net: fec: fix improper use of NETDEV_TX_BUSY - ata: pata_legacy: fix pdc20230_set_piomode() - net: sched: Fix use after free in red_enqueue() - net: tun: fix bugs for oversize packet when napi frags enabled - netfilter: nf_tables: release flow rule object from commit path - ipvs: use explicitly signed chars - ipvs: fix WARNING in __ip_vs_cleanup_batch() - ipvs: fix WARNING in ip_vs_app_net_cleanup() - rose: Fix NULL pointer dereference in rose_send_frame() - mISDN: fix possible memory leak in mISDN_register_device() - isdn: mISDN: netjet: fix wrong check of device registration - btrfs: fix inode list leak during backref walking at resolve_indirect_refs() - btrfs: fix inode list leak during backref walking at find_parent_nodes() - btrfs: fix ulist leaks in error paths of qgroup self tests - Bluetooth: L2CAP: fix use-after-free in l2cap_conn_del() - net: mdio: fix undefined behavior in bit shift for __mdiobus_register - net, neigh: Fix null-ptr-deref in neigh_table_clear() - ipv6: fix WARNING in ip6_route_net_exit_late() - media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE - media: cros-ec-cec: limit msg.len to CEC_MAX_MSG_SIZE - media: dvb-frontends/drxk: initialize err to 0 - media: meson: vdec: fix possible refcount leak in vdec_probe() - scsi: core: Restrict legal sdev_state transitions via sysfs - HID: saitek: add madcatz variant of MMO7 mouse device ID - i2c: xiic: Add platform module alias - xfs: don't fail verifier on empty attr3 leaf block - xfs: use ordered buffers to initialize dquot buffers during quotacheck - xfs: gut error handling in xfs_trans_unreserve_and_mod_sb() - xfs: group quota should return EDQUOT when prj quota enabled - xfs: don't fail unwritten extent conversion on writeback due to edquot - xfs: Add the missed xfs_perag_put() for xfs_ifree_cluster() - Bluetooth: L2CAP: Fix attempting to access uninitialized memory - block, bfq: protect 'bfqd->queued' by 'bfqd->lock' - binder: fix UAF of alloc->vma in race with munmap() - btrfs: fix type of parameter generation in btrfs_get_dentry - tcp/udp: Make early_demux back namespacified. - kprobe: reverse kp->flags when arm_kprobe failed - tools/nolibc/string: Fix memcmp() implementation - tracing/histogram: Update document for KEYS_MAX size - capabilities: fix potential memleak on error path from vfs_getxattr_alloc() - fuse: add file_modified() to fallocate - efi: random: reduce seed size to 32 bytes - perf/x86/intel: Fix pebs event constraints for ICL - perf/x86/intel: Add Cooper Lake stepping to isolation_ucodes[] - ALSA: usb-audio: Add quirks for MacroSilicon MS2100/MS2106 devices - parisc: Make 8250_gsc driver dependend on CONFIG_PARISC - parisc: Export iosapic_serial_irq() symbol for serial port driver - parisc: Avoid printing the hardware path twice - ext4: fix warning in 'ext4_da_release_space' - ext4: fix BUG_ON() when directory entry has invalid rec_len - KVM: x86: Mask off reserved bits in CPUID.801AH - KVM: x86: Mask off reserved bits in CPUID.8008H - KVM: x86: emulator: em_sysexit should update ctxt->mode - KVM: x86: emulator: introduce emulator_recalc_and_set_mode - KVM: x86: emulator: update the emulation mode after CR0 write - mtd: rawnand: gpmi: Set WAIT_FOR_READY timeout based on program/erase times - drm/rockchip: dsi: Force synchronous probe - drm/i915/sdvo: Filter out invalid outputs more sensibly - drm/i915/sdvo: Setup DDC fully before output init - wifi: brcmfmac: Fix potential buffer overflow in brcmf_fweh_event_worker() - ipc: remove memcg accounting for sops objects in do_semtimedop() - Linux 5.4.224 * Focal update: v5.4.223
[Kernel-packages] [Bug 2002812] Re: Revoke & rotate to new signing key
This bug was fixed in the package linux - 4.15.0-204.215 --- linux (4.15.0-204.215) bionic; urgency=medium * bionic/linux: 4.15.0-204.215 -proposed tracker (LP: #2003522) * Revoke & rotate to new signing key (LP: #2002812) - [Packaging] Revoke and rotate to new signing key linux (4.15.0-203.214) bionic; urgency=medium * bionic/linux: 4.15.0-203.214 -proposed tracker (LP: #2001876) * Packaging resync (LP: #1786013) - [Packaging] update helper scripts * Bionic update: upstream stable patchset 2022-12-01 (LP: #1998542) - Revert "x86/cpu: Add a steppings field to struct x86_cpu_id" - x86/cpufeature: Add facility to check for min microcode revisions - x86/cpufeature: Fix various quality problems in the header - x86/devicetable: Move x86 specific macro out of generic code - x86/cpu: Add consistent CPU match macros - x86/cpu: Add a steppings field to struct x86_cpu_id - x86/entry: Remove skip_r11rcx - x86/cpufeatures: Move RETPOLINE flags to word 11 - x86/bugs: Report AMD retbleed vulnerability - x86/bugs: Add AMD retbleed= boot parameter - x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value - x86/entry: Add kernel IBRS implementation - x86/bugs: Optimize SPEC_CTRL MSR writes - x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS - x86/bugs: Split spectre_v2_select_mitigation() and spectre_v2_user_select_mitigation() - x86/bugs: Report Intel retbleed vulnerability - entel_idle: Disable IBRS during long idle - x86/speculation: Change FILL_RETURN_BUFFER to work with objtool - x86/speculation: Add LFENCE to RSB fill sequence - x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n - x86/speculation: Fix firmware entry SPEC_CTRL handling - x86/speculation: Fix SPEC_CTRL write on SMT state change - x86/speculation: Use cached host SPEC_CTRL value for guest entry/exit - x86/speculation: Remove x86_spec_ctrl_mask - KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS - KVM: VMX: Fix IBRS handling after vmexit - x86/speculation: Fill RSB on vmexit for IBRS - x86/common: Stamp out the stepping madness - x86/cpu/amd: Enumerate BTC_NO - x86/bugs: Add Cannon lake to RETBleed affected CPU list - x86/speculation: Disable RRSBA behavior - x86/speculation: Use DECLARE_PER_CPU for x86_spec_ctrl_current - x86/bugs: Warn when "ibrs" mitigation is selected on Enhanced IBRS parts - x86/speculation: Add RSB VM Exit protections - ocfs2: clear dinode links count in case of error - ocfs2: fix BUG when iput after ocfs2_mknod fails - x86/microcode/AMD: Apply the patch early on every logical thread - ata: ahci-imx: Fix MODULE_ALIAS - ata: ahci: Match EM_MAX_SLOTS with SATA_PMP_MAX_PORTS - KVM: arm64: vgic: Fix exit condition in scan_its_table() - [Config] updateconfigs for ARM64_ERRATUM_1742098 - arm64: errata: Remove AES hwcap for COMPAT tasks - r8152: add PID for the Lenovo OneLink+ Dock - btrfs: fix processing of delayed data refs during backref walking - ACPI: extlog: Handle multiple records - HID: magicmouse: Do not set BTN_MOUSE on double report - net/atm: fix proc_mpc_write incorrect return value - net: hns: fix possible memory leak in hnae_ae_register() - iommu/vt-d: Clean up si_domain in the init_dmars() error path - media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls - ACPI: video: Force backlight native for more TongFang devices - ALSA: Use del_timer_sync() before freeing timer - ALSA: au88x0: use explicitly signed char - USB: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM - usb: dwc3: gadget: Don't set IMI for no_interrupt - usb: bdc: change state when port disconnected - usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being a V0.96 controller - xhci: Remove device endpoints from bandwidth list when freeing the device - tools: iio: iio_utils: fix digit calculation - iio: light: tsl2583: Fix module unloading - fbdev: smscufx: Fix several use-after-free bugs - mac802154: Fix LQI recording - drm/msm/hdmi: fix memory corruption with too many bridges - mmc: core: Fix kernel panic when remove non-standard SDIO card - kernfs: fix use-after-free in __kernfs_remove - s390/futex: add missing EX_TABLE entry to __futex_atomic_op() - Xen/gntdev: don't ignore kernel unmapping error - xen/gntdev: Prevent leaking grants - mm,hugetlb: take hugetlb_lock before decrementing h->resv_huge_pages - net: ieee802154: fix error return code in dgram_bind() - drm/msm: Fix return type of mdp4_lvds_connector_mode_valid - arc: iounmap() arg is volatile - ALSA: ac97: fix possible memory leak in snd_ac97_dev_register() - x86/unwind/orc: Fix unreliable stack dump with gcov - amd-xgbe: fix the SFP compliance codes check for DAC cables - amd-xgbe: add the
[Kernel-packages] [Bug 2002812] Re: Revoke & rotate to new signing key
This bug is awaiting verification that the linux-oem-6.1/6.1.0-1006.6 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy' to 'verification-done-jammy'. If the problem still exists, change the tag 'verification-needed-jammy' to 'verification-failed-jammy'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: kernel-spammed-jammy-linux-oem-6.1 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2002812 Title: Revoke & rotate to new signing key Status in linux package in Ubuntu: Triaged Status in linux source package in Bionic: Fix Committed Status in linux source package in Focal: Fix Committed Status in linux source package in Jammy: Fix Committed Status in linux source package in Kinetic: Fix Committed Bug description: [ Impact ] * Revoke & rotate to new signing key * Update revocations, which match the next Ubuntu shim 15.7 revocations. Specifically - revoke certs that were previously protected with by-hash revocations, revoke lost/unused certificates. * Start using advantage2021v1 and ubuntu2022v1 signing keys. * This is a routine key rotation. [ Test Plan ] * Check that old shim/grub boot this kernel * Check that the upcomming future shim/grub can boot this kernel * Check that these kernels can do signed kexec into itself [ Where problems could occur ] * Kernels with this patch applied should be signed using ubuntu/4 pro/3 core/2 signing streams. [ Other Info ] * TPM PCR values and measurements will change when changing the signing key To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2002812/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2002812] Re: Revoke & rotate to new signing key
This bug is awaiting verification that the linux-oem-5.14/5.14.0-1057.64 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: kernel-spammed-focal-linux-oem-5.14 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2002812 Title: Revoke & rotate to new signing key Status in linux package in Ubuntu: Triaged Status in linux source package in Bionic: Fix Committed Status in linux source package in Focal: Fix Committed Status in linux source package in Jammy: Fix Committed Status in linux source package in Kinetic: Fix Committed Bug description: [ Impact ] * Revoke & rotate to new signing key * Update revocations, which match the next Ubuntu shim 15.7 revocations. Specifically - revoke certs that were previously protected with by-hash revocations, revoke lost/unused certificates. * Start using advantage2021v1 and ubuntu2022v1 signing keys. * This is a routine key rotation. [ Test Plan ] * Check that old shim/grub boot this kernel * Check that the upcomming future shim/grub can boot this kernel * Check that these kernels can do signed kexec into itself [ Where problems could occur ] * Kernels with this patch applied should be signed using ubuntu/4 pro/3 core/2 signing streams. [ Other Info ] * TPM PCR values and measurements will change when changing the signing key To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2002812/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2002812] Re: Revoke & rotate to new signing key
This bug is awaiting verification that the linux-oem-6.0/6.0.0-1011.11 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy' to 'verification-done-jammy'. If the problem still exists, change the tag 'verification-needed-jammy' to 'verification-failed-jammy'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: kernel-spammed-jammy-linux-oem-6.0 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2002812 Title: Revoke & rotate to new signing key Status in linux package in Ubuntu: Triaged Status in linux source package in Bionic: Fix Committed Status in linux source package in Focal: Fix Committed Status in linux source package in Jammy: Fix Committed Status in linux source package in Kinetic: Fix Committed Bug description: [ Impact ] * Revoke & rotate to new signing key * Update revocations, which match the next Ubuntu shim 15.7 revocations. Specifically - revoke certs that were previously protected with by-hash revocations, revoke lost/unused certificates. * Start using advantage2021v1 and ubuntu2022v1 signing keys. * This is a routine key rotation. [ Test Plan ] * Check that old shim/grub boot this kernel * Check that the upcomming future shim/grub can boot this kernel * Check that these kernels can do signed kexec into itself [ Where problems could occur ] * Kernels with this patch applied should be signed using ubuntu/4 pro/3 core/2 signing streams. [ Other Info ] * TPM PCR values and measurements will change when changing the signing key To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2002812/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2002812] Re: Revoke & rotate to new signing key
This bug is awaiting verification that the linux/5.15.0-60.66 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy' to 'verification-done-jammy'. If the problem still exists, change the tag 'verification-needed-jammy' to 'verification-failed-jammy'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: kernel-spammed-jammy-linux verification-needed-jammy -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2002812 Title: Revoke & rotate to new signing key Status in linux package in Ubuntu: Triaged Status in linux source package in Bionic: Fix Committed Status in linux source package in Focal: Fix Committed Status in linux source package in Jammy: Fix Committed Status in linux source package in Kinetic: Fix Committed Bug description: [ Impact ] * Revoke & rotate to new signing key * Update revocations, which match the next Ubuntu shim 15.7 revocations. Specifically - revoke certs that were previously protected with by-hash revocations, revoke lost/unused certificates. * Start using advantage2021v1 and ubuntu2022v1 signing keys. * This is a routine key rotation. [ Test Plan ] * Check that old shim/grub boot this kernel * Check that the upcomming future shim/grub can boot this kernel * Check that these kernels can do signed kexec into itself [ Where problems could occur ] * Kernels with this patch applied should be signed using ubuntu/4 pro/3 core/2 signing streams. [ Other Info ] * TPM PCR values and measurements will change when changing the signing key To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2002812/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2002812] Re: Revoke & rotate to new signing key
This bug is awaiting verification that the linux/5.4.0-139.156 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: kernel-spammed-focal-linux verification-needed-focal -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2002812 Title: Revoke & rotate to new signing key Status in linux package in Ubuntu: Triaged Status in linux source package in Bionic: Fix Committed Status in linux source package in Focal: Fix Committed Status in linux source package in Jammy: Fix Committed Status in linux source package in Kinetic: Fix Committed Bug description: [ Impact ] * Revoke & rotate to new signing key * Update revocations, which match the next Ubuntu shim 15.7 revocations. Specifically - revoke certs that were previously protected with by-hash revocations, revoke lost/unused certificates. * Start using advantage2021v1 and ubuntu2022v1 signing keys. * This is a routine key rotation. [ Test Plan ] * Check that old shim/grub boot this kernel * Check that the upcomming future shim/grub can boot this kernel * Check that these kernels can do signed kexec into itself [ Where problems could occur ] * Kernels with this patch applied should be signed using ubuntu/4 pro/3 core/2 signing streams. [ Other Info ] * TPM PCR values and measurements will change when changing the signing key To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2002812/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2002812] Re: Revoke & rotate to new signing key
This bug is awaiting verification that the linux/4.15.0-204.215 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed-bionic'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: kernel-spammed-bionic-linux verification-needed-bionic -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2002812 Title: Revoke & rotate to new signing key Status in linux package in Ubuntu: Triaged Status in linux source package in Bionic: Fix Committed Status in linux source package in Focal: Fix Committed Status in linux source package in Jammy: Fix Committed Status in linux source package in Kinetic: Fix Committed Bug description: [ Impact ] * Revoke & rotate to new signing key * Update revocations, which match the next Ubuntu shim 15.7 revocations. Specifically - revoke certs that were previously protected with by-hash revocations, revoke lost/unused certificates. * Start using advantage2021v1 and ubuntu2022v1 signing keys. * This is a routine key rotation. [ Test Plan ] * Check that old shim/grub boot this kernel * Check that the upcomming future shim/grub can boot this kernel * Check that these kernels can do signed kexec into itself [ Where problems could occur ] * Kernels with this patch applied should be signed using ubuntu/4 pro/3 core/2 signing streams. [ Other Info ] * TPM PCR values and measurements will change when changing the signing key To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2002812/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2002812] Re: Revoke & rotate to new signing key
This bug is awaiting verification that the linux/5.19.0-31.32 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-kinetic' to 'verification-done-kinetic'. If the problem still exists, change the tag 'verification-needed-kinetic' to 'verification-failed-kinetic'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: kernel-spammed-kinetic-linux verification-needed-kinetic -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2002812 Title: Revoke & rotate to new signing key Status in linux package in Ubuntu: Triaged Status in linux source package in Bionic: Fix Committed Status in linux source package in Focal: Fix Committed Status in linux source package in Jammy: Fix Committed Status in linux source package in Kinetic: Fix Committed Bug description: [ Impact ] * Revoke & rotate to new signing key * Update revocations, which match the next Ubuntu shim 15.7 revocations. Specifically - revoke certs that were previously protected with by-hash revocations, revoke lost/unused certificates. * Start using advantage2021v1 and ubuntu2022v1 signing keys. * This is a routine key rotation. [ Test Plan ] * Check that old shim/grub boot this kernel * Check that the upcomming future shim/grub can boot this kernel * Check that these kernels can do signed kexec into itself [ Where problems could occur ] * Kernels with this patch applied should be signed using ubuntu/4 pro/3 core/2 signing streams. [ Other Info ] * TPM PCR values and measurements will change when changing the signing key To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2002812/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2002812] Re: Revoke & rotate to new signing key
** Also affects: linux (Ubuntu Jammy) Importance: Undecided Status: New ** Also affects: linux (Ubuntu Focal) Importance: Undecided Status: New ** Also affects: linux (Ubuntu Kinetic) Importance: Undecided Status: New ** Also affects: linux (Ubuntu Bionic) Importance: Undecided Status: New ** Changed in: linux (Ubuntu Kinetic) Importance: Undecided => High ** Changed in: linux (Ubuntu Kinetic) Status: New => Fix Committed ** Changed in: linux (Ubuntu Jammy) Importance: Undecided => High ** Changed in: linux (Ubuntu Jammy) Status: New => Fix Committed ** Changed in: linux (Ubuntu Focal) Importance: Undecided => High ** Changed in: linux (Ubuntu Focal) Status: New => Fix Committed ** Changed in: linux (Ubuntu Bionic) Importance: Undecided => High ** Changed in: linux (Ubuntu Bionic) Status: New => Fix Committed -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2002812 Title: Revoke & rotate to new signing key Status in linux package in Ubuntu: Triaged Status in linux source package in Bionic: Fix Committed Status in linux source package in Focal: Fix Committed Status in linux source package in Jammy: Fix Committed Status in linux source package in Kinetic: Fix Committed Bug description: [ Impact ] * Revoke & rotate to new signing key * Update revocations, which match the next Ubuntu shim 15.7 revocations. Specifically - revoke certs that were previously protected with by-hash revocations, revoke lost/unused certificates. * Start using advantage2021v1 and ubuntu2022v1 signing keys. * This is a routine key rotation. [ Test Plan ] * Check that old shim/grub boot this kernel * Check that the upcomming future shim/grub can boot this kernel * Check that these kernels can do signed kexec into itself [ Where problems could occur ] * Kernels with this patch applied should be signed using ubuntu/4 pro/3 core/2 signing streams. [ Other Info ] * TPM PCR values and measurements will change when changing the signing key To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2002812/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp