[Packaging] Improve config annotations check on custom kernels

Bug #1820075 reported by Marcelo Cerri on 2019-03-14
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux-gcp (Ubuntu)
Undecided
Unassigned
Bionic
Undecided
Unassigned
Cosmic
Undecided
Unassigned

Bug Description

[Impact]

Currently for custom kernels, it's necessary to keep a separate annotations file that often gets out of sync with the corresponding file in debian.master/.

The "debian/scripts/config-check" script can be changed to allow additional annotations files to act as overlays over the original annotations file, allowing custom kernels to override the policies just for the relevant configs.

The proposal is to add support for an include directive in the annotations file so custom kernels can include the annotations file from its base kernel and override policies on a config basis.

[Test Case]

A kernel build should complete successfully after the change.

[Regression Potential]

Low regression potential since that's a change on the build process that doesn't affect the final kernel that is built.

Marcelo Cerri (mhcerri) on 2019-03-14
no longer affects: linux (Ubuntu)
Changed in linux-gcp (Ubuntu Cosmic):
status: New → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (5.5 KiB)

This bug was fixed in the package linux-gcp - 4.18.0-1008.9

---------------
linux-gcp (4.18.0-1008.9) cosmic; urgency=medium

  * linux-gcp: 4.18.0-1008.9 -proposed tracker (LP: #1819620)

  * [Packaging] Improve config annotations check on custom kernels
    (LP: #1820075)
    - [Config] linux-gcp: Replace annotations symlink with overlay
    - [Config] linux-gcp: Include master annotations to linux-gcp annotations
    - [Config] linux-gcp: Update annotations file

  * tcm_loop.ko: move from modules-extra into main modules-gcp package
    (LP: #1817786)
    - [Packaging] move tcm_loop.lo to main linux-modules-gcp package

  [ Ubuntu: 4.18.0-17.18 ]

  * linux: 4.18.0-17.18 -proposed tracker (LP: #1819624)
  * Packaging resync (LP: #1786013)
    - [Packaging] resync getabis
    - [Packaging] update helper scripts
  * C++ demangling support missing from perf (LP: #1396654)
    - [Packaging] fix a mistype
  * arm-smmu-v3 arm-smmu-v3.3.auto: CMD_SYNC timeout (LP: #1818162)
    - iommu/arm-smmu-v3: Fix unexpected CMD_SYNC timeout
  * Crash in nvme_irq_check() when using threaded interrupts (LP: #1818747)
    - nvme-pci: fix out of bounds access in nvme_cqe_pending
  * CVE-2019-9003
    - ipmi: fix use-after-free of user->release_barrier.rda
  * CVE-2019-9162
    - netfilter: nf_nat_snmp_basic: add missing length checks in ASN.1 cbs
  * CVE-2019-9213
    - mm: enforce min addr even if capable() in expand_downwards()
  * CVE-2019-3460
    - Bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt
  * tun/tap: unable to manage carrier state from userland (LP: #1806392)
    - tun: implement carrier change
  * CVE-2019-8980
    - exec: Fix mem leak in kernel_read_file
  * [Packaging] Allow overlay of config annotations (LP: #1752072)
    - [Packaging] config-check: Add an include directive
  * amdgpu with mst WARNING on blanking (LP: #1814308)
    - drm/amd/display: Fix MST dp_blank REG_WAIT timeout
  * CVE-2019-7308
    - bpf: move {prev_,}insn_idx into verifier env
    - bpf: move tmp variable into ax register in interpreter
    - bpf: enable access to ax register also from verifier rewrite
    - bpf: restrict map value pointer arithmetic for unprivileged
    - bpf: restrict stack pointer arithmetic for unprivileged
    - bpf: restrict unknown scalars of mixed signed bounds for unprivileged
    - bpf: fix check_map_access smin_value test when pointer contains offset
    - bpf: prevent out of bounds speculation on pointer arithmetic
    - bpf: fix sanitation of alu op with pointer / scalar type from different
      paths
    - bpf: add various test cases to test_verifier
    - bpf: add various test cases to selftests
  * CVE-2017-5753
    - bpf: fix inner map masking to prevent oob under speculation
  * Use memblock quirk instead of delayed allocation for GICv3 LPI tables
    (LP: #1816425)
    - efi/arm: Revert "Defer persistent reservations until after paging_init()"
    - arm64, mm, efi: Account for GICv3 LPI tables in static memblock reserve
      table
  * efi/arm/arm64: Allow SetVirtualAddressMap() to be omitted (LP: #1814982)
    - efi/arm/arm64: Allow SetVirtualAddressMap() to be omitted
  * Update ENA driver to version 2.0.3K (L...

Read more...

Changed in linux-gcp (Ubuntu Cosmic):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers