linux-ec2: 2.6.32-318.38 -proposed tracker

This tracking bug was opened to be worked from linux-2.6.32-34.76 update (bug 836914)

All builds are complete, packages in this bug can be copied to -proposed.

m1.large failed on CVE-2011-1020; bug 840002 opened. This is the only failure observed.

Nevertheless, tagging qa-testing-failed.

I went back to the m1.small instance, and re-run (also 10 times) this specific test. No failures observed.

Re-tagging qa-testing-passed, per Kees:

2011-09-02 18:30:22 hggdh kees: FAIL: /proc/$pid/ DAC bypass on setuid (CVE-2011-1020)
2011-09-02 18:31:23 hggdh kees: on Lucid EC2 2.6.32-318.38
2011-09-02 18:31:27 @kees hggdh: ?? which kernel, can you paste output?
2011-09-02 18:32:31 hggdh kees: http://pastebin.ubuntu.com/680900/
2011-09-02 18:32:43 hggdh (this is a m1.large instance
2011-09-02 18:32:53 hggdh m1.small did not show this error
2011-09-02 18:33:24 @kees hunh
2011-09-02 18:33:33 @kees that looks like a legit regression :(
2011-09-02 18:34:08 @kees it's possible there's some kind of additional race condition, but it really shouldn't report those ffff lines at all.
2011-09-02 18:34:58 hggdh kees: thank you, I will open a new bug
2011-09-02 18:35:39 @kees hggdh: okay, cool. and it always happens, even on repeated runs?
2011-09-02 18:36:04 hggdh kees: not sure, still I am preparing to run it again ;-)
2011-09-02 18:36:09 * kees -> out for the long weekend, see everyone next week
2011-09-02 18:36:14 @kees hggdh: okay, keep me posted. thanks!
2011-09-02 18:38:52 hggdh kees: more fun, now I really have a stacktrace
2011-09-02 18:47:46 hggdh kess 3 out of 7 so far
2011-09-02 18:50:28 hggdh kees: 5 out of 10. I think it is too high, but it is your call
2011-09-02 19:24:41 hggdh kees: bug 840002 opened
2011-09-03 01:13:22 @kees hggdh: i would say ignore this failure. the test looks like it can give false positives on some faster systems
2011-09-03 03:06:04 <-- apw (<email address hidden>) has quit (Ping timeout)
2011-09-03 09:02:21 lamont kees: I saved it for you if you want it... I didn't feel up to opening it
2011-09-03 09:02:39 lamont though I may just have to make a tarpit just to see what it has
2011-09-03 09:08:52 lamont sigh. ca-certificates
2011-09-03 09:58:25 hggdh kees: please comment on bug 837804 that you are OK with it; I will, then set it to go

I'm fine with going ahead -- I think this regression test has some timing flaws. Since it only ever shows "select" in the failure output, I believe this to be viewing the non-setuid process kernel stack, which is fine. Since it doesn't fail on some runs, that's a good sign that things are okay. Let's move ahead with this. +1

Certification-testing isn't done on linux-ec2, setting to Invalid.

This bug was fixed in the package linux-ec2 - 2.6.32-318.38

---------------
linux-ec2 (2.6.32-318.38) lucid-proposed; urgency=low

  [ Stefan Bader ]

  * Rebased to 2.6.32-34.76
  * Release Tracking Bug
    - LP: #837804

  [ Ubuntu: 2.6.32-34.76 ]

  * Revert "drm/nv50-nvc0: work around an evo channel hang that some people
    see"
  * Revert "eCryptfs: Handle failed metadata read in lookup"
  * Revert "tunnels: fix netns vs proto registration ordering"

  [ Ubuntu: 2.6.32-34.75 ]

  * drm/i915: Remove BUG_ON from i915_gem_evict_something
    - LP: #828550

linux-ec2 (2.6.32-318.37) lucid-proposed; urgency=low

  [ Stefan Bader ]

  * Release Tracking Bug
    - LP: #829162
  * XEN: exec: delay address limit change until point of no return
    - LP: #802383
  * Rebased to 2.6.32-34.74

  [ Ubuntu: 2.6.32-34.74 ]

  * proc: fix oops on invalid /proc/<pid>/maps access, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020

  [ Ubuntu: 2.6.32-34.73 ]

  * SAUCE: rtl8192se: Force a build for a 2.6/3.0 kernel
    - LP: #805494
  * [Config] Add enic/fnic to udebs
    - LP: #801610
  * tty: icount changeover for other main devices, CVE-2010-4076,
    CVE-2010-4077
    - LP: #720189
    - CVE-2010-4077
  * fs/partitions/efi.c: corrupted GUID partition tables can cause kernel
    oops
    - LP: #795418
    - CVE-2011-1577
  * ftrace: Only update the function code on write to filter files
    - LP: #802383
  * kmemleak: Do not return a pointer to an object that kmemleak did not
    get
    - LP: #802383
  * CPU hotplug, re-create sysfs directory and symlinks
    - LP: #802383
  * Fix memory leak in cpufreq_stat
    - LP: #802383
  * powerpc/kexec: Fix memory corruption from unallocated slaves
    - LP: #802383
  * powerpc/oprofile: Handle events that raise an exception without
    overflowing
    - LP: #802383
  * mtd: mtdconcat: fix NAND OOB write
    - LP: #802383
  * x86, 64-bit: Fix copy_[to/from]_user() checks for the userspace address
    limit
    - LP: #802383
  * ext3: Fix fs corruption when make_indexed_dir() fails
    - LP: #802383
  * jbd: Fix forever sleeping process in do_get_write_access()
    - LP: #802383
  * jbd: fix fsync() tid wraparound bug
    - LP: #802383
  * ext4: release page cache in ext4_mb_load_buddy error path
    - LP: #802383
  * Fix Ultrastor asm snippet
    - LP: #802383
  * x86, amd: Do not enable ARAT feature on AMD processors below family
    0x12
    - LP: #802383
  * x86, amd: Use _safe() msr access for GartTlbWlk disable code
    - LP: #802383
  * rcu: Fix unpaired rcu_irq_enter() from locking selftests
    - LP: #802383
  * staging: usbip: fix wrong endian conversion
    - LP: #802383
  * Fix for buffer overflow in ldm_frag_add not sufficient
    - LP: #802383
  * seqlock: Don't smp_rmb in seqlock reader spin loop
    - LP: #802383
  * ALSA: HDA: Use one dmic only for Dell Studio 1558
    - LP: #731706, #802383
  * ASoC: Ensure output PGA is enabled for line outputs in wm_hubs
    - LP: #802383
  * ASoC: Add some missing volume update bit sets for wm_hubs devices
    - LP: #802383
  * mm/page_alloc.c: prevent unending loop in __alloc_pages_slowpath()
    - LP: #802383
  * loop: limit 'max_part' module param to D...

released to -security/-updates

The package has been published and the bug is being set to Fix Released