Kernel SRU Workflow

linux-lts-backport-natty: 2.6.38-13.56~lucid1 -proposed tracker

  1. Series prepare-package
  2. Bug #931806
Bug #931806 reported by Brad Figg
28
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Kernel SRU Workflow
Fix Released
Undecided
Unassigned
Certification-testing
Invalid
Undecided
Unassigned
Prepare-package
Fix Released
Undecided
Brad Figg
Prepare-package-meta
Invalid
Undecided
Canonical Kernel Team
Promote-to-proposed
Fix Released
Undecided
Ubuntu Stable Release Updates Team
Promote-to-security
Fix Released
Undecided
Ubuntu Stable Release Updates Team
Promote-to-updates
Fix Released
Undecided
Ubuntu Stable Release Updates Team
Regression-testing
Fix Released
Undecided
C de-Avillez
Security-signoff
Fix Released
Undecided
John Johansen
Verification-testing
Fix Released
Undecided
Canonical Kernel Team
linux-lts-backport-natty (Ubuntu)
Invalid
Medium
Unassigned
Lucid
Fix Released
Undecided
Unassigned

Bug Description

This bug is for tracking the 2.6.38-13.56~lucid1 upload package. This bug will contain status and testing results related to that upload.

For an explanation of the tasks and the associated workflow see: https://wiki.ubuntu.com/Kernel/kernel-sru-workflow
kernel-stable-Prepare-package-start:Monday, 13. February 2012 23:56 UTC
kernel-stable-Certification-testing-end:Tuesday, 14. February 2012 00:03 UTC
kernel-stable-Prepare-package-end:Wednesday, 15. February 2012 14:01 UTC
kernel-stable-Promote-to-proposed-start:Wednesday, 15. February 2012 14:01 UTC
kernel-stable-Promote-to-proposed-end:Friday, 17. February 2012 10:18 UTC
kernel-stable-Verification-testing-start:Friday, 17. February 2012 10:18 UTC
kernel-stable-Security-signoff-start:Tuesday, 21. February 2012 17:16 UTC
kernel-stable-Verification-testing-end:Tuesday, 21. February 2012 17:16 UTC
kernel-stable-Regression-testing-start:Tuesday, 21. February 2012 17:16 UTC
kernel-stable-Security-signoff-end:Thursday, 23. February 2012 18:45 UTC
kernel-stable-Promote-to-updates-start:Tuesday, 28. February 2012 22:30 UTC
kernel-stable-Regression-testing-end:Tuesday, 28. February 2012 22:30 UTC
kernel-stable-phase:Released
kernel-stable-phase-changed:Monday, 05. March 2012 16:32 UTC
kernel-stable-Promote-to-updates-end:Monday, 05. March 2012 16:32 UTC

See original description
Brad Figg (brad-figg)
tags: added: kernel-release-tracking-bug
Changed in linux-lts-backport-natty (Ubuntu):
status: New → In Progress
importance: Undecided → Medium
tags: added: lucid
Changed in kernel-sru-workflow:
status: New → In Progress
Brad Figg (brad-figg)
description: updated
Brad Figg (brad-figg)
summary: - linux-lts-backport-natty: 2.6.38-13.55~lucid1 -proposed tracker
+ linux-lts-backport-natty: 2.6.38-13.56~lucid1 -proposed tracker
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in linux-lts-backport-natty (Ubuntu Lucid):
status: New → Confirmed
Herton R. Krzesinski (herton)
description: updated
Revision history for this message
Brad Figg (brad-figg) wrote : Packages are ready for -proposed

All builds are complete, packages in this bug can be copied to -proposed.

description: updated
Revision history for this message
nutznboltz (nutznboltz-deactivatedaccount) wrote :

I made a copy of linux-lts-backport-natty: 2.6.38-13.56~lucid1 into
https://launchpad.net/~nutznboltz/+archive/lp-931806-testing
and installed that on a KVM server.

by default now:

net.bridge.bridge-nf-call-iptables = 1

VM guest is firewalled off, can only reach the VM host.

If I run:

$ sudo sysctl -w net.bridge.bridge-nf-call-iptables=0
net.bridge.bridge-nf-call-iptables = 0

Then the VM guest can access the network.

This is the same behavior I see on Ubuntu 12.04 (developer branch).

I don't remember seeing this on a 2.6.38 backport to Lucid before.

During 12.04 testing I had to add this:

               case node[:lsb][:codename]
               when 'precise'
                       # Ubuntu 12.04 iptables FORWARD section will control the bridge (bridging) by default.
                       # Without the following adjustment VM guests' network will not be reachable
                       # beyond the VM host when the FORWARD policy is set to DROP or REJECT.

                       # Adjust firewall immediately
                       execute "/sbin/sysctl -w 'net.bridge.bridge-nf-call-iptables=0'" do
                               only_if { File.exists?('/proc/sys/net/bridge') }
                       end

                       # Also at boot time
                       execute "echo 'net.bridge.bridge-nf-call-iptables=0' >> /etc/sysctl.conf" do
                               only_if do
                                       File.exists?('/proc/sys/net/bridge') && \
                                       File.open("/etc/sysctl.conf").grep(/^net.bridge.bridge-nf-call-iptables=0/).empty?
                               end
                       end
                end

Revision history for this message
nutznboltz (nutznboltz-deactivatedaccount) wrote :

Turns out that this is not an issue. The behavior is the same as the previous kernel.

What I was missing is that custom firewall rules I did not know about were added to the servers.

Martin Pitt (pitti)
Changed in linux-lts-backport-natty (Ubuntu):
status: In Progress → Invalid
Brad Figg (brad-figg)
description: updated
Revision history for this message
nutznboltz (nutznboltz-deactivatedaccount) wrote :

uname -srvm
Linux 2.6.38-13-server #56~lucid1-Ubuntu SMP Tue Feb 14 03:35:38 UTC 2012 x86_64

apt-cache policy linux-image-2.6.38-13-server
linux-image-2.6.38-13-server:
  Installed: 2.6.38-13.56~lucid1
  Candidate: 2.6.38-13.56~lucid1
  Version table:
 *** 2.6.38-13.56~lucid1 0
        400 http://archive.ubuntu.com/ubuntu/ lucid-proposed/main Packages
        100 /var/lib/dpkg/status
     2.6.38-13.54~lucid1 0
        900 http://packages/ubuntu-updates/ lucid-updates/main Packages
        990 http://packages/ubuntu-security/ lucid-security/main Packages

Also tested -generic

Brad Figg (brad-figg)
description: updated
Revision history for this message
John Johansen (jjohansen) wrote :

looks good

Brad Figg (brad-figg)
description: updated
Revision history for this message
C de-Avillez (hggdh2) wrote :

no regressions observed

tags: added: qa-testing-passed
Brad Figg (brad-figg)
description: updated
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-lts-backport-natty - 2.6.38-13.56~lucid1

---------------
linux-lts-backport-natty (2.6.38-13.56~lucid1) lucid-proposed; urgency=low

  [Brad Figg]

  * Release Tracking Bug
    - LP: #931806

  [ Upstream Kernel Changes ]

  * igmp: Avoid zero delay when receiving odd mixture of IGMP queries
    - LP: #917848
    - CVE-2012-0207
  * TOMOYO: Fix oops in tomoyo_mount_acl().
    - LP: #922377
    - CVE-2011-2518
  * oom: fix integer overflow of points in oom_badness
    - LP: #922374
    - CVE-2011-2498

linux (2.6.38-13.55) natty-proposed; urgency=low

  [Brad Figg]

  * Release Tracking Bug
    - LP: #920790

  [ Upstream Kernel Changes ]

  * fuse: check size of FUSE_NOTIFY_INVAL_ENTRY message, CVE-2011-3353
    - LP: #905058
    - CVE-2011-3353
  * KVM: x86: Prevent starting PIT timers in the absence of irqchip support
    - LP: #911303
    - CVE-2011-4622
  * sched, x86: Avoid unnecessary overflow in sched_clock
    - LP: #805341
  * use cache type functions for arch_get_unmapped_area
    - LP: #861296
  * topdown mmap support
    - LP: #861296
  * xfs: validate acl count
    - LP: #917706
    - CVE-2012-0038
  * xfs: fix acl count validation in xfs_acl_from_disk()
    - LP: #917706
    - CVE-2012-0038
  * drm: integer overflow in drm_mode_dirtyfb_ioctl()
    - LP: #917838
    - CVE-2012-0044
  * x86/PCI: amd: factor out MMCONFIG discovery
    - LP: #647043
  * PNP: work around Dell 1536/1546 BIOS MMCONFIG bug that
    - LP: #647043

linux (2.6.38-13.54) natty-proposed; urgency=low

  [Herton R. Krzesinski]

  * Release Tracking Bug
    - LP: #911195

  [ Alex Bligh ]

  * (config) Change Xen paravirt drivers to be built-in
    - LP: #886521

  [ Paolo Pisati ]

  * [Config] DEFAULT_MMAP_MIN_ADDR=32k on arm
    - LP: #903346

  [ Seth Forshee ]

  * SAUCE: dell-wmi: Demote unknown WMI event message to pr_debug
    - LP: #581312

  [ Upstream Kernel Changes ]

  * VFS: Fix vfsmount overput on simultaneous automount
    - LP: #769927
  * TPM: Zero buffer after copying to userspace, CVE-2011-1162
    - LP: #899463
    - CVE-2011-1162
  * hfs: fix hfs_find_init() sb->ext_tree NULL ptr oops, CVE-2011-2203
    - LP: #899466
    - CVE-2011-2203
  * KEYS: Fix a NULL pointer deref in the user-defined key type,
    CVE-2011-4110
    - LP: #894369
    - CVE-2011-4110
  * nfsd4: permit read opens of executable-only files
    - LP: #833300
  * Support for Terratec G1
    - LP: #821061
 -- Brad Figg <email address hidden> Mon, 13 Feb 2012 15:58:51 -0800

Changed in linux-lts-backport-natty (Ubuntu Lucid):
status: Confirmed → Fix Released
Revision history for this message
Brad Figg (brad-figg) wrote : Package Released!

The package has been published and the bug is being set to Fix Released

Changed in kernel-sru-workflow:
status: In Progress → Fix Released
description: updated
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.