vbox: resync with 5.0.18-dfsg-2build1

Bug #1571156 reported by Andy Whitcroft on 2016-04-16
This bug affects 10 people
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Andy Whitcroft

Bug Description

We are behind main vbox packages:

virtualbox (5.0.16-dfsg-3) experimental; urgency=low

  * Build without xorg legacy with the backport of 5.0.17
    code (revision 106564)
  * Bump std-version to 3.9.8, no changes required.
  * Add vbox-img (LP: #1558521).
    - thanks sworddragon for the bug report!

CVE References

Andy Whitcroft (apw) on 2016-04-16
Changed in linux (Ubuntu):
status: New → In Progress
importance: Undecided → High
assignee: nobody → Andy Whitcroft (apw)
milestone: none → ubuntu-16.04

Hi Andy, can you please sync with 5.0.18 (in xenial right now) again?

changes since 5.0.16-dfsg-3 should be minimal.

Andi, the current module is just broken
see LP: #1572001

Tim Gardner (timg-tpi) wrote :

You'll need to wait for linux 4.4.0-21.37 which supports MOKSBState. Once booted you can disable secure boot with 'sudo mokutil --disable-validation', then reboot.

Hi Tim, this won't fix the current driver brokeness

dino99 (9d9) wrote :

here is the 4.4.0-21 boot log:

virtualbox[1287]: ...done.
kernel: vboxpci: IOMMU not found (not registered)

dino99 (9d9) wrote :

note: xenial now has virtualbox 5.0.18-dfsg-1ubuntu1 (and get the error above into #5)

Andy Whitcroft (apw) wrote :

We need to re-re-re-do this to get the latest: 5.0.18-dfsg-2build1

summary: - vbox: resync with 5.0.16-dfsg-3
+ vbox: resync with 5.0.18-dfsg-2build1
Changed in linux (Ubuntu):
status: In Progress → Fix Committed

Setting severity to critical, I got two bug reports in the last 20 minutes for this issue.

Changed in linux (Ubuntu):
importance: High → Critical
Kamal Mostafa (kamalmostafa) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-xenial' to 'verification-done-xenial'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-xenial
dino99 (9d9) wrote :

The verification have to wait for a gcc toolchain issue fix: Bug #1574982

@dino99 we are talking about xenial here.

tags: added: verification-done-xenial
removed: verification-needed-xenial
dino99 (9d9) wrote :

Confirm that the 4.4.0-22 kernel installation on xenial is fine: no warning/error like with yakkety

Lars Kumbier (derlars) wrote :

Tested proposed kernel 4.4.0-22.38 for xenial, does not solve the virtualbox-bug. Virtualbox package is 5.0.18-dfsg-2build1, kernel module won't load with error message "modprobe: ERROR: could not insert 'vboxdrv': Required key not available".

I think you have to remove the virtualbox-dkms package.

Tim Gardner (timg-tpi) wrote :

Lars - It is because your platform is UEFI in secure boot mode. You can disable secure boot using 'sudo mokutil --disable-validation; sudo reboot', or create and enroll your own DKMS key (linux 4.4.0-22.38 or higher). See the rough example at https://docs.google.com/document/d/1Z1_jR3MmxuvqolQH4PORkJCgENkb2Tlw4FVA-sHqdMw

Kamal Mostafa (kamalmostafa) wrote :
Download full text (23.7 KiB)

This bug was fixed in the package linux - 4.4.0-22.38

linux (4.4.0-22.38) xenial; urgency=low

  [ Kamal Mostafa ]

  * Release Tracking Bug
    - LP: #1573817

  * autoreconstruct: need to also generate extend-diff-ignore options for links
    (LP: #1574362)
    - [Packaging] autoreconstruct -- generate extend-diff-ignore for links

  * tipc: missing linearization of sk_buff (LP: #1567064)
    - tipc: move linearization of buffers to generic code

  * [Hyper-V] In-flight PCI Passthrough Patches (LP: #1570124)
    - SAUCE:(noup) drivers:hv: Lock access to hyperv_mmio resource tree
    - SAUCE:(noup) drivers:hv: Call vmbus_mmio_free() to reverse
    - SAUCE:(noup) drivers:hv: Reverse order of resources in hyperv_mmio
    - SAUCE:(noup) drivers:hv: Track allocations of children of hv_vmbus in
      private resource tree
    - SAUCE:(noup) drivers:hv: Record MMIO range in use by frame buffer
    - SAUCE:(noup) drivers:hv: Separate out frame buffer logic when picking MMIO

  * vbox: resync with 5.0.18-dfsg-2build1 (LP: #1571156)
    - ubuntu: vbox -- update to 5.0.18-dfsg-2build1

  * CONFIG_AUFS_XATTR is not set (LP: #1557776)
    - [Config] CONFIG_AUFS_XATTR=y

  * CVE-2016-3672 (LP: #1568523)
    - x86/mm/32: Enable full randomization on i386 and X86_32

  * CVE-2016-3955 (LP: #1572666)
    - USB: usbip: fix potential out-of-bounds write

  * Xenial update to v4.4.8 stable release (LP: #1573034)
    - hwmon: (max1111) Return -ENODEV from max1111_read_channel if not
    - PKCS#7: pkcs7_validate_trust(): initialize the _trusted output argument
    - parisc: Avoid function pointers for kernel exception routines
    - parisc: Fix kernel crash with reversed copy_from_user()
    - parisc: Unbreak handling exceptions from kernel modules
    - ALSA: timer: Use mod_timer() for rearming the system timer
    - ALSA: hda - Asus N750JV external subwoofer fixup
    - ALSA: hda - Fix white noise on Asus N750JV headphone
    - ALSA: hda - Apply fix for white noise on Asus N550JV, too
    - mm: fix invalid node in alloc_migrate_target()
    - powerpc/mm: Fixup preempt underflow with huge pages
    - libnvdimm: fix smart data retrieval
    - libnvdimm, pfn: fix uuid validation
    - compiler-gcc: disable -ftracer for __noclone functions
    - arm64: opcodes.h: Add arm big-endian config options before including arm
    - drm/dp: move hw_mutex up the call stack
    - drm/udl: Use unlocked gem unreferencing
    - drm/radeon: add a dpm quirk for sapphire Dual-X R7 370 2G D5
    - drm/radeon: add another R7 370 quirk
    - drm/radeon: add a dpm quirk for all R7 370 parts
    - drm/amdgpu/gmc: move vram type fetching into sw_init
    - drm/amdgpu/gmc: use proper register for vram type on Fiji
    - xen/events: Mask a moving irq
    - tcp: convert cached rtt from usec to jiffies when feeding initial rto
    - tunnel: Clear IPCB(skb)->opt before dst_link_failure called
    - net: jme: fix suspend/resume on JMC260
    - net: vrf: Remove direct access to skb->data
    - net: qca_spi: Don't clear IFF_BROADCAST
    - net: qca_spi: clear IFF_TX_SKB_SHARING
    - net: fix bridge multicas...

Changed in linux (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers