linux: 2.6.38-10.46 -proposed tracker

Reported by Steve Conklin on 2011-06-27
34
This bug affects 3 people
Affects Status Importance Assigned to Milestone
Kernel SRU Workflow
Undecided
Unassigned
Certification-testing
Undecided
Canonical Hardware Certification
Prepare-package
Undecided
Canonical Kernel Team
Promote-to-proposed
Undecided
Ubuntu Stable Release Updates Team
Promote-to-security
Undecided
Ubuntu Stable Release Updates Team
Promote-to-updates
Undecided
Ubuntu Stable Release Updates Team
Regression-testing
Undecided
C de-Avillez
Security-signoff
Undecided
Kees Cook
Verification-testing
Undecided
Canonical Kernel Team
linux (Ubuntu)
Medium
Unassigned

Bug Description

This bug is for tracking the 2.6.38-10.46 upload package. This bug will contain status and testing results releated to that upload.

For an explanation of the tasks and the associated workflow see: https://wiki.ubuntu.com/Kernel/kernel-sru-workflow

CVE References

Steve Conklin (sconklin) on 2011-06-27
tags: added: kernel-release-tracking-bug
Changed in linux (Ubuntu):
status: New → In Progress
importance: Undecided → Medium
Changed in kernel-sru-workflow:
status: New → In Progress
Steve Conklin (sconklin) on 2011-06-28
summary: - linux: 2.6.38-10.45 -proposed tracker
+ linux: 2.6.38-10.46 -proposed tracker
description: updated

Hardware Certification beginning testing.

Changed in kernel-sru-workflow:
assignee: nobody → Heru Herdianto (herdiantoheru-yahoo)
status: In Progress → Fix Released
Changed in linux (Ubuntu):
assignee: nobody → Heru Herdianto (herdiantoheru-yahoo)
status: In Progress → Fix Released
Changed in kernel-sru-workflow:
status: Fix Released → New
Changed in linux (Ubuntu):
status: Fix Released → New
Steve Conklin (sconklin) on 2011-06-30
Changed in kernel-sru-workflow:
status: New → In Progress
Changed in kernel-sru-workflow:
assignee: Heru Herdianto (herdiantoheru-yahoo) → nobody
Changed in linux (Ubuntu):
assignee: Heru Herdianto (herdiantoheru-yahoo) → nobody
Kees Cook (kees) wrote :

CVE states look okay to me. Thanks!

I permission your team and kernel SRU Workflow

I permission to your team to Kernel SRU Workflow, by Steve Conklin

I want to permission in your team linux(ubuntu) by Steve Colklin

Changed in linux (Ubuntu):
status: New → In Progress
Changed in kernel-sru-workflow:
status: In Progress → Fix Committed
status: Fix Committed → Fix Released
Changed in linux (Ubuntu):
status: In Progress → Fix Released
Kees Cook (kees) wrote :

Heru, thanks for getting involved in helping with Ubuntu. Please don't change the statuses or assignments of this bug (or similar bugs), it is used for the tracking of progress on Ubuntu kernel updates. If you want to get involved, please see http://www.ubuntu.com/community/get-involved

Changed in kernel-sru-workflow:
status: Fix Released → In Progress
Changed in linux (Ubuntu):
status: Fix Released → New
Changed in linux (Ubuntu):
status: New → In Progress

Related bug, LP: #765230
Thanks to everyone involved with fixing it! :)

Certification testing completed on 82/84 systems:

http://people.canonical.com/~hwcert/sru-testing/wk27_2011/natty-proposed.html

No regressions were detected.

tags: added: certification-testing-passed
C de-Avillez (hggdh2) wrote :
Download full text (5.6 KiB)

I see a failure at least for EC2 m1.small; as such, I am tagging this bug qa-testing-failed. Except for EC2 m1.small, all tests so far passed, still to run the KVM ones:

Running test: './test-kernel-security.py' distro: 'Ubuntu 11.04' kernel: '2.6.38-10.46 (Ubuntu 2.6.38-10.46-virtual 2.6.38.7)' arch: 'i386' uid: 0/0 SUDO_USER: 'ubuntu')
test_000_make (__main__.KernelSecurityTest)
Build helper tools ... (4.5.2 (Ubuntu/Linaro 4.5.2-8ubuntu4)) ok
test_010_proc_maps (__main__.KernelSecurityTest)
/proc/$pid/maps is correctly protected ... ok
test_020_aslr_00_proc (__main__.KernelSecurityTest)
ASLR enabled ... ok
test_020_aslr_dapper_stack (__main__.KernelSecurityTest)
ASLR of stack ... ok
test_021_aslr_dapper_libs (__main__.KernelSecurityTest)
ASLR of libs ... ok
test_021_aslr_dapper_mmap (__main__.KernelSecurityTest)
ASLR of mmap ... ok
test_022_aslr_hardy_text (__main__.KernelSecurityTest)
ASLR of text ... ok
test_022_aslr_hardy_vdso (__main__.KernelSecurityTest)
ASLR of vdso ... ok
test_022_aslr_intrepid_brk (__main__.KernelSecurityTest)
ASLR of brk ... ok
test_030_mmap_min (__main__.KernelSecurityTest)
Low memory allocation respects mmap_min_addr ... (65536) ok
test_031_apparmor (__main__.KernelSecurityTest)
AppArmor loaded ... ok
test_031_seccomp (__main__.KernelSecurityTest)
PR_SET_SECCOMP works ... (skipped: LP: #725089) ok
test_032_dev_kmem (__main__.KernelSecurityTest)
/dev/kmem not available ... ok
test_033_syn_cookies (__main__.KernelSecurityTest)
SYN cookies is enabled ... ok
test_040_pcaps (__main__.KernelSecurityTest)
init's CAPABILITY list is clean ... ok
test_050_personality (__main__.KernelSecurityTest)
init missing READ_IMPLIES_EXEC ... (/proc/1/personality) ok
test_060_nx (__main__.KernelSecurityTest)
NX bit is working ... ok
test_061_guard_page (__main__.KernelSecurityTest)
Userspace stack guard page exists (CVE-2010-2240) ... ok
test_070_config_brk (__main__.KernelSecurityTest)
CONFIG_COMPAT_BRK disabled ... ok
test_070_config_devkmem (__main__.KernelSecurityTest)
CONFIG_DEVKMEM disabled ... ok
test_070_config_security (__main__.KernelSecurityTest)
CONFIG_SECURITY enabled ... ok
test_070_config_security_selinux (__main__.KernelSecurityTest)
CONFIG_SECURITY_SELINUX enabled ... ok
test_070_config_syn_cookies (__main__.KernelSecurityTest)
CONFIG_SYN_COOKIES enabled ... ok
test_071_config_seccomp (__main__.KernelSecurityTest)
CONFIG_SECCOMP enabled ... ok
test_072_config_compat_vdso (__main__.KernelSecurityTest)
CONFIG_COMPAT_VDSO disabled ... ok
test_072_config_debug_rodata (__main__.KernelSecurityTest)
CONFIG_DEBUG_RODATA enabled ... FAIL
test_072_config_debug_set_module_ronx (__main__.KernelSecurityTest)
CONFIG_DEBUG_SET_MODULE_RONX enabled ... ok
test_072_config_security_apparmor (__main__.KernelSecurityTest)
CONFIG_SECURITY_APPARMOR enabled ... ok
test_072_config_strict_devmem (__main__.KernelSecurityTest)
CONFIG_STRICT_DEVMEM enabled ... ok
test_072_strict_devmem (__main__.KernelSecurityTest)
/dev/mem unreadable for kernel memory ... (using 0x87a3ecL) (exit code 0) ok
test_073_config_security_file_capabilities (__main__.KernelSecurityTest)
CONFIG_SECURITY_FILE_CAPABILITIES enabled ... (skipped: only Intrepid through ...

Read more...

tags: added: qa-testing-failed
Steve Conklin (sconklin) wrote :

This failure is due to a configuration option that was disabled in order to work around some ec2 problems. It can be re-enabled, and should be, but after discussion with the Ubuntu kernel team, it is agreed that it is OK for this kernel to be released. This is not a regression, as it has been present in the kernel for some time.

Setting QA to pass, and we can publish this

tags: added: qa-testing-passed
removed: qa-testing-failed
Launchpad Janitor (janitor) wrote :
Download full text (26.1 KiB)

This bug was fixed in the package linux - 2.6.38-10.46

---------------
linux (2.6.38-10.46) natty-proposed; urgency=low

  [ Steve Conklin ]

  * Release Tracking Bug
    - LP: #802464

  [ Upstream Kernel Changes ]

  * Revert "put stricter guards on queue dead checks"
  * Revert "fix oops in scsi_run_queue()"

linux (2.6.38-10.45) natty-proposed; urgency=low

  [ Upstream Kernel Changes ]

  * Revert "af_unix: Only allow recv on connected seqpacket sockets."

linux (2.6.38-10.44) natty-proposed; urgency=low

  [ Steve Conklin ]

  * Release Tracking Bug
    - LP: #792013

  [ Robert Nelson ]

  * SAUCE: omap3: beagle: detect new xM revision B
    - LP: #770679
  * SAUCE: omap3: beagle: detect new xM revision C
    - LP: #770679
  * SAUCE: omap3: beagle: if rev unknown, assume xM revision C
    - LP: #770679

  [ Stefan Bader ]

  * Include nls_iso8859-1 for virtual images
    - LP: #732046

  [ Thomas Schlichter ]

  * SAUCE: vesafb: mtrr module parameter is uint, not bool
    - LP: #778043

  [ Tim Gardner ]

  * Revert "SAUCE: acpi battery -- move first lookup asynchronous"
    - LP: #775809
  * updateconfigs after update to v2.6.38.6

  [ Upstream Kernel Changes ]

  * Revert "ALSA: hda - Fix pin-config of Gigabyte mobo"
    - LP: #780546
  * Revert "[SCSI] Retrieve the Caching mode page"
    - LP: #788691
  * Revert "USB: xhci - fix unsafe macro definitions"
  * Revert "USB: xhci - fix math in xhci_get_endpoint_interval()"
  * Revert "USB: xhci - also free streams when resetting devices"
  * ath9k_hw: fix stopping rx DMA during resets
    - LP: #775809
  * netxen: limit skb frags for non tso packet
    - LP: #775809
  * ath: add missing regdomain pair 0x5c mapping
    - LP: #775809
  * block, blk-sysfs: Fix an err return path in blk_register_queue()
    - LP: #775809
  * p54: Initialize extra_len in p54_tx_80211
    - LP: #775809
  * qlcnic: limit skb frags for non tso packet
    - LP: #775809
  * nfsd4: fix struct file leak on delegation
    - LP: #775809
  * nfsd4: Fix filp leak
    - LP: #775809
  * virtio: Decrement avail idx on buffer detach
    - LP: #775809
  * x86, gart: Set DISTLBWALKPRB bit always
    - LP: #775809
  * x86, gart: Make sure GART does not map physmem above 1TB
    - LP: #775809
  * intel-iommu: Fix use after release during device attach
    - LP: #775809
  * intel-iommu: Unlink domain from iommu
    - LP: #775809
  * intel-iommu: Fix get_domain_for_dev() error path
    - LP: #775809
  * drm/radeon/kms: pll tweaks for r7xx
    - LP: #775809
  * drm/nouveau: fix notifier memory corruption bug
    - LP: #775809
  * drm/radeon/kms: fix bad shift in atom iio table parser
    - LP: #775809
  * drm/i915/tv: Remember the detected TV type
    - LP: #775809
  * tty/n_gsm: fix bug in CRC calculation for gsm1 mode
    - LP: #775809
  * serial/imx: read cts state only after acking cts change irq
    - LP: #775809
  * ASoC: Fix output PGA enabling in wm_hubs CODECs
    - LP: #775809
  * ASoC: codecs: JZ4740: Fix OOPS
    - LP: #775809
  * ALSA: hda - Add a fix-up for Acer dmic with ALC271x codec
    - LP: #775809
  * ahci: don't enable port irq before handler is registered
    - LP: #775809
  * libata: Implement ATA_FLAG_NO_...

Changed in linux (Ubuntu):
status: In Progress → Fix Released
Martin Pitt (pitti) wrote :

Copied linux, -meta, and lbm to -updates/-security

The package has been published and the bug is being set to Fix Released

Changed in kernel-sru-workflow:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers