linux-lts-backport-natty: 2.6.38-13.56~lucid1 -proposed tracker

Bug #931806 reported by Brad Figg on 2012-02-13
28
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Kernel SRU Workflow
Undecided
Unassigned
Certification-testing
Undecided
Unassigned
Prepare-package
Undecided
Brad Figg
Prepare-package-meta
Undecided
Canonical Kernel Team
Promote-to-proposed
Undecided
Ubuntu Stable Release Updates Team
Promote-to-security
Undecided
Ubuntu Stable Release Updates Team
Promote-to-updates
Undecided
Ubuntu Stable Release Updates Team
Regression-testing
Undecided
C de-Avillez
Security-signoff
Undecided
John Johansen
Verification-testing
Undecided
Canonical Kernel Team
linux-lts-backport-natty (Ubuntu)
Medium
Unassigned
Lucid
Undecided
Unassigned

Bug Description

This bug is for tracking the 2.6.38-13.56~lucid1 upload package. This bug will contain status and testing results related to that upload.

For an explanation of the tasks and the associated workflow see: https://wiki.ubuntu.com/Kernel/kernel-sru-workflow
kernel-stable-Prepare-package-start:Monday, 13. February 2012 23:56 UTC
kernel-stable-Certification-testing-end:Tuesday, 14. February 2012 00:03 UTC
kernel-stable-Prepare-package-end:Wednesday, 15. February 2012 14:01 UTC
kernel-stable-Promote-to-proposed-start:Wednesday, 15. February 2012 14:01 UTC
kernel-stable-Promote-to-proposed-end:Friday, 17. February 2012 10:18 UTC
kernel-stable-Verification-testing-start:Friday, 17. February 2012 10:18 UTC
kernel-stable-Security-signoff-start:Tuesday, 21. February 2012 17:16 UTC
kernel-stable-Verification-testing-end:Tuesday, 21. February 2012 17:16 UTC
kernel-stable-Regression-testing-start:Tuesday, 21. February 2012 17:16 UTC
kernel-stable-Security-signoff-end:Thursday, 23. February 2012 18:45 UTC
kernel-stable-Promote-to-updates-start:Tuesday, 28. February 2012 22:30 UTC
kernel-stable-Regression-testing-end:Tuesday, 28. February 2012 22:30 UTC
kernel-stable-phase:Released
kernel-stable-phase-changed:Monday, 05. March 2012 16:32 UTC
kernel-stable-Promote-to-updates-end:Monday, 05. March 2012 16:32 UTC

Brad Figg (brad-figg) on 2012-02-13
tags: added: kernel-release-tracking-bug
Changed in linux-lts-backport-natty (Ubuntu):
status: New → In Progress
importance: Undecided → Medium
tags: added: lucid
Changed in kernel-sru-workflow:
status: New → In Progress
Brad Figg (brad-figg) on 2012-02-14
description: updated
Brad Figg (brad-figg) on 2012-02-14
summary: - linux-lts-backport-natty: 2.6.38-13.55~lucid1 -proposed tracker
+ linux-lts-backport-natty: 2.6.38-13.56~lucid1 -proposed tracker
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in linux-lts-backport-natty (Ubuntu Lucid):
status: New → Confirmed
description: updated

All builds are complete, packages in this bug can be copied to -proposed.

description: updated

I made a copy of linux-lts-backport-natty: 2.6.38-13.56~lucid1 into
https://launchpad.net/~nutznboltz/+archive/lp-931806-testing
and installed that on a KVM server.

by default now:

net.bridge.bridge-nf-call-iptables = 1

VM guest is firewalled off, can only reach the VM host.

If I run:

$ sudo sysctl -w net.bridge.bridge-nf-call-iptables=0
net.bridge.bridge-nf-call-iptables = 0

Then the VM guest can access the network.

This is the same behavior I see on Ubuntu 12.04 (developer branch).

I don't remember seeing this on a 2.6.38 backport to Lucid before.

During 12.04 testing I had to add this:

               case node[:lsb][:codename]
               when 'precise'
                       # Ubuntu 12.04 iptables FORWARD section will control the bridge (bridging) by default.
                       # Without the following adjustment VM guests' network will not be reachable
                       # beyond the VM host when the FORWARD policy is set to DROP or REJECT.

                       # Adjust firewall immediately
                       execute "/sbin/sysctl -w 'net.bridge.bridge-nf-call-iptables=0'" do
                               only_if { File.exists?('/proc/sys/net/bridge') }
                       end

                       # Also at boot time
                       execute "echo 'net.bridge.bridge-nf-call-iptables=0' >> /etc/sysctl.conf" do
                               only_if do
                                       File.exists?('/proc/sys/net/bridge') && \
                                       File.open("/etc/sysctl.conf").grep(/^net.bridge.bridge-nf-call-iptables=0/).empty?
                               end
                       end
                end

Turns out that this is not an issue. The behavior is the same as the previous kernel.

What I was missing is that custom firewall rules I did not know about were added to the servers.

Martin Pitt (pitti) on 2012-02-17
Changed in linux-lts-backport-natty (Ubuntu):
status: In Progress → Invalid
Brad Figg (brad-figg) on 2012-02-17
description: updated

uname -srvm
Linux 2.6.38-13-server #56~lucid1-Ubuntu SMP Tue Feb 14 03:35:38 UTC 2012 x86_64

apt-cache policy linux-image-2.6.38-13-server
linux-image-2.6.38-13-server:
  Installed: 2.6.38-13.56~lucid1
  Candidate: 2.6.38-13.56~lucid1
  Version table:
 *** 2.6.38-13.56~lucid1 0
        400 http://archive.ubuntu.com/ubuntu/ lucid-proposed/main Packages
        100 /var/lib/dpkg/status
     2.6.38-13.54~lucid1 0
        900 http://packages/ubuntu-updates/ lucid-updates/main Packages
        990 http://packages/ubuntu-security/ lucid-security/main Packages

Also tested -generic

Brad Figg (brad-figg) on 2012-02-21
description: updated
John Johansen (jjohansen) wrote :

looks good

Brad Figg (brad-figg) on 2012-02-23
description: updated
C de-Avillez (hggdh2) wrote :

no regressions observed

tags: added: qa-testing-passed
Brad Figg (brad-figg) on 2012-02-28
description: updated
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-lts-backport-natty - 2.6.38-13.56~lucid1

---------------
linux-lts-backport-natty (2.6.38-13.56~lucid1) lucid-proposed; urgency=low

  [Brad Figg]

  * Release Tracking Bug
    - LP: #931806

  [ Upstream Kernel Changes ]

  * igmp: Avoid zero delay when receiving odd mixture of IGMP queries
    - LP: #917848
    - CVE-2012-0207
  * TOMOYO: Fix oops in tomoyo_mount_acl().
    - LP: #922377
    - CVE-2011-2518
  * oom: fix integer overflow of points in oom_badness
    - LP: #922374
    - CVE-2011-2498

linux (2.6.38-13.55) natty-proposed; urgency=low

  [Brad Figg]

  * Release Tracking Bug
    - LP: #920790

  [ Upstream Kernel Changes ]

  * fuse: check size of FUSE_NOTIFY_INVAL_ENTRY message, CVE-2011-3353
    - LP: #905058
    - CVE-2011-3353
  * KVM: x86: Prevent starting PIT timers in the absence of irqchip support
    - LP: #911303
    - CVE-2011-4622
  * sched, x86: Avoid unnecessary overflow in sched_clock
    - LP: #805341
  * use cache type functions for arch_get_unmapped_area
    - LP: #861296
  * topdown mmap support
    - LP: #861296
  * xfs: validate acl count
    - LP: #917706
    - CVE-2012-0038
  * xfs: fix acl count validation in xfs_acl_from_disk()
    - LP: #917706
    - CVE-2012-0038
  * drm: integer overflow in drm_mode_dirtyfb_ioctl()
    - LP: #917838
    - CVE-2012-0044
  * x86/PCI: amd: factor out MMCONFIG discovery
    - LP: #647043
  * PNP: work around Dell 1536/1546 BIOS MMCONFIG bug that
    - LP: #647043

linux (2.6.38-13.54) natty-proposed; urgency=low

  [Herton R. Krzesinski]

  * Release Tracking Bug
    - LP: #911195

  [ Alex Bligh ]

  * (config) Change Xen paravirt drivers to be built-in
    - LP: #886521

  [ Paolo Pisati ]

  * [Config] DEFAULT_MMAP_MIN_ADDR=32k on arm
    - LP: #903346

  [ Seth Forshee ]

  * SAUCE: dell-wmi: Demote unknown WMI event message to pr_debug
    - LP: #581312

  [ Upstream Kernel Changes ]

  * VFS: Fix vfsmount overput on simultaneous automount
    - LP: #769927
  * TPM: Zero buffer after copying to userspace, CVE-2011-1162
    - LP: #899463
    - CVE-2011-1162
  * hfs: fix hfs_find_init() sb->ext_tree NULL ptr oops, CVE-2011-2203
    - LP: #899466
    - CVE-2011-2203
  * KEYS: Fix a NULL pointer deref in the user-defined key type,
    CVE-2011-4110
    - LP: #894369
    - CVE-2011-4110
  * nfsd4: permit read opens of executable-only files
    - LP: #833300
  * Support for Terratec G1
    - LP: #821061
 -- Brad Figg <email address hidden> Mon, 13 Feb 2012 15:58:51 -0800

Changed in linux-lts-backport-natty (Ubuntu Lucid):
status: Confirmed → Fix Released

The package has been published and the bug is being set to Fix Released

Changed in kernel-sru-workflow:
status: In Progress → Fix Released
description: updated
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers