linux_5.3.7-1_multi.changes ACCEPTED into unstable, unstable
Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 20 Oct 2019 00:56:32 +0200 Binary: linux-doc linux-doc-5.3 linux-headers-5.3.0-1-common linux-source linux-source-5.3 linux-support-5.3.0-1 Source: linux Architecture: all source Version: 5.3.7-1 Distribution: unstable Urgency: medium Maintainer: Debian Kernel Team Changed-By: Salvatore Bonaccorso Closes: 935945 940530 940726 Description: linux-doc - Linux kernel specific documentation (meta-package) linux-doc-5.3 - Linux kernel specific documentation for version 5.3 linux-headers-5.3.0-1-common - Common header files for Linux 5.3.0-1 linux-source - Linux kernel source (meta-package) linux-source-5.3 - Linux kernel source for version 5.3 with Debian patches linux-support-5.3.0-1 - Support files for Linux 5.3 Changes: linux (5.3.7-1) unstable; urgency=medium . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.3 https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.4 - mISDN: enforce CAP_NET_RAW for raw sockets (CVE-2019-17055) - appletalk: enforce CAP_NET_RAW for raw sockets (CVE-2019-17054) - ax25: enforce CAP_NET_RAW for raw sockets (CVE-2019-17052) - ieee802154: enforce CAP_NET_RAW for raw sockets (CVE-2019-17053) - nfc: enforce CAP_NET_RAW for raw sockets (CVE-2019-17056) https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.5 https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.6 - nl80211: validate beacon head (CVE-2019-16746) https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.7 . [ Aurelien Jarno ] * [riscv64] Enable SOC_SIFIVE. Do not select CLK_SIFIVE, CLK_SIFIVE_FU540_PRCI, SIFIVE_PLIC, SERIAL_SIFIVE and SERIAL_SIFIVE_CONSOLE as they are selected by SOC_SIFIVE. * [riscv64] Install DTBS using dtbs_install target. * [riscv64] Enable SPI_SIFIVE. * [riscv64] Enable SERIAL_EARLYCON_RISCV_SBI. * [riscv64] Enable MMC, MMC_SPI. * [riscv64] udeb: Add mmc-core-modules and mmc-modules. * [riscv64] Fix memblock reservation for device tree blob. * [riscv64] Clear load reservations while restoring hart contexts. . [ Ben Hutchings ] * [mips*] Revert "Only define MAX_PHYSMEM_BITS on Loongson-3" * KEYS: Re-enable SECONDARY_TRUSTED_KEYRING, dropped in 5.2.6-1 by mis-merge (Closes: #935945) . [ John Paul Adrian Glaubitz ] * [m68k] Enable CONFIG_CRYPTO_MANAGER_DISABLE_TESTS * [hppa] Enable CONFIG_CRYPTO_MANAGER_DISABLE_TESTS * [sh4] Enable CONFIG_CRYPTO_MANAGER_DISABLE_TESTS . [ Salvatore Bonaccorso ] * RDMA/cxgb4: Do not dma memory off of the stack (CVE-2019-17075) * ath6kl: fix a NULL-ptr-deref bug in ath6kl_usb_alloc_urb_from_pipe() (CVE-2019-15098) . [ Romain Perier ] * [armel/rpi] Enable CONFIG_BRCMFMAC_SDIO (Closes: #940530) . [ Héctor Orón Martínez ] * [x86] Enable ASoC: SOF sound driver (Closes: #940726) Checksums-Sha1: dd39fa2e65c62ec7c17add4d1578bbbff0429bd3 197683 linux_5.3.7-1.dsc 45d9f10d69dceefafb5e9d1e29ad3e6e58bb96ff 112780220 linux_5.3.7.orig.tar.xz ca48db4fb3ff8e40daf4b8dbdfaa598e92f673b5 1161944 linux_5.3.7-1.debian.tar.xz 71a522cf99e7872587c484cb2722bc2a08c4c5ad 48127 linux_5.3.7-1_source.buildinfo 45a3592576cd34f2c145fec7cf078ee303eb0314 23082928 linux-doc-5.3_5.3.7-1_all.deb 5b297e8a819ae1e44c9c3ab779b492c25d76b642 916 linux-doc_5.3.7-1_all.deb 86212659324eaf57c5a595e3b5efda1705ced0f4 8241652 linux-headers-5.3.0-1-common_5.3.7-1_all.deb 5d01961c534b93f080166348857e291c466eeca8 111565576 linux-source-5.3_5.3.7-1_all.deb b1f295b76ee1f3036bef1e2e250ba22142fa0a09 912 linux-source_5.3.7-1_all.deb f8d8f14538bfcb93dbc2ddda3b4595d5c3c1a90d 83344 linux-support-5.3.0-1_5.3.7-1_all.deb ad6e953567931073c23451652ceb12cec45789cc 53027 linux_5.3.7-1_all.buildinfo Checksums-Sha256: f725294a5feb858139b883e06173869822e13f3946416d0c2c59c40b05e34348 197683 linux_5.3.7-1.dsc 8a020a6770a87aa332be1f2cbf419b99b6c33bb578a27a91bea1011ec7ea860a 112780220 linux_5.3.7.orig.tar.xz ce04f29431a3a8fb6cb17f6c2cdce6201130c99c24cd7e1ba0198f4334352de6 1161944 linux_5.3.7-1.debian.tar.xz b48149c4befeda3f341dbe046efdb49e83434779a4109a7646d5984aa9fe8fcf 48127 linux_5.3.7-1_source.buildinfo b10f9939021844b5556f84fba3713aa830020892d857c452e407b76aa7f7334d 23082928 linux-doc-5.3_5.3.7-1_all.deb 9d05cb498d530c8aab18d70784fdda212a16a90c5be5bed87d4dca2abd7a3c20 916 linux-doc_5.3.7-1_all.deb 8308c4de8557bfc5f5aacd4103b5c0a40e57c3f9e5f22a11d9e6681d813e6cae 8241652 linux-headers-5.3.0-1-common_5.3.7-1_all.deb 6ad099c99fe4b90dd65f0e75270fbca1e80ac4964a3a41afd58ab5f436d95f3e 111565576 linux-source-5.3_5.3.7-1_all.deb fbf230a975ff9578713066afc2a2ae1382ae47ad1b3045a042d7ff9ab33b30a1 912 linux-source_5.3.7-1_all.deb e38b36003e5de24817cf02b59cd7a125cfebbb0f09629087f25df1416fca8e3f 83344 linux-support-5.3.0-1_5.3.7-1_all.deb 8b7276033768df6531c0394b758319a9784261121b4382be1ca16bd47f77fbe8 53027 linux_5.3
Bug#935945: marked as done (linux-image-5.2.0-2-amd64: does not load signed kernel modules when UEFI Secure Boot is enabled)
Your message dated Sun, 20 Oct 2019 22:05:41 + with message-id and subject line Bug#935945: fixed in linux 5.3.7-1 has caused the Debian Bug report #935945, regarding linux-image-5.2.0-2-amd64: does not load signed kernel modules when UEFI Secure Boot is enabled to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 935945: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935945 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: src:linux Version: 5.2.9-2 Severity: important Dear Maintainer, * What led up to the situation? I regularly update Debian Testing (bullseye) on multiple computers. Two days ago something broke when kernel update from 4.19 to 5.2 arrived. Could you please help me to troubleshoot it? * What exactly did you do (or not do) that was effective (or ineffective)? On computer with UEFI but without enabled Secure Boot everything works just fine and I can load DKMS ZFS module with kernel 5.2.0-2-amd64. On a computer with secure boot enabled I can’t load ZFS kernel module that is signed using my own key that was enrolled into UEFI using "mokutil". * What was the outcome of this action? as root: # modprobe zfs modprobe: ERROR: could not insert 'zfs': Operation not permitted * What outcome did you expect instead? Load it as usually. I was able to reproduce the same issue on a different computer with Secure Boot and signed modules. A few notes: * It works (modules are loaded) after I boot back to linux-image-4.19.0-5-amd64 (but this is not a solution) * It works (modules are loaded) after I disable Secure Boot (but this is not a solution) * I'm sure that the modules are signed. I tested using: find /lib/modules -name '*.ko' -exec grep -FL '~Module signature appended~' {} \+ * I can check that the key was loaded from UEFI during boot Boot log with `4.19.0-5-amd64` --- Aug 26 20:34:54 bedik002 kernel: efi: EFI v2.50 by INSYDE Corp. Aug 26 20:34:54 bedik002 kernel: efi: ACPI 2.0=0x7fffd014 SMBIOS=0x7f0d9000 SMBIOS 3.0=0x7f0d7000 ESRT=0x7f0d4158 MEMATTR=0x6f699018 TPMEventLog=0x66e32018 Aug 26 20:34:54 bedik002 kernel: Kernel is locked down from EFI secure boot; see https://wiki.debian.org/SecureBoot Aug 26 20:34:54 bedik002 kernel: ACPI: UEFI 0x7FFFC000 000236 (v01 HPQOEM 8362 0001 HP 0004) Aug 26 20:34:54 bedik002 kernel: ACPI: UEFI 0x7FFFB000 42 (v01 HPQOEM 8362 0002 HP 0004) Aug 26 20:34:54 bedik002 kernel: clocksource: refined-jiffies: mask: 0x max_cycles: 0x, max_idle_ns: 7645519600211568 ns Aug 26 20:34:54 bedik002 kernel: pci :00:02.0: BAR 2: assigned to efifb Aug 26 20:34:54 bedik002 kernel: Registered efivars operations Aug 26 20:34:54 bedik002 kernel: Asymmetric key parser 'x509' registered Aug 26 20:34:54 bedik002 kernel: efifb: probing for efifb Aug 26 20:34:54 bedik002 kernel: efifb: framebuffer at 0x9000, using 8100k, total 8100k Aug 26 20:34:54 bedik002 kernel: efifb: mode is 1920x1080x32, linelength=7680, pages=1 Aug 26 20:34:54 bedik002 kernel: efifb: scrolling: redraw Aug 26 20:34:54 bedik002 kernel: efifb: Truecolor: size=8:8:8:8, shift=24:16:8:0 Aug 26 20:34:54 bedik002 kernel: fb0: EFI VGA frame buffer device Aug 26 20:34:54 bedik002 kernel: Loading compiled-in X.509 certificates Aug 26 20:34:54 bedik002 kernel: Loaded X.509 cert 'Debian Secure Boot CA: 6ccece7e4c6c0d1f6149f3dd27dfcc5cbb419ea1' Aug 26 20:34:54 bedik002 kernel: Loaded X.509 cert 'Debian Secure Boot Signer: 00a7468def' Aug 26 20:34:54 bedik002 kernel: Loaded UEFI:db cert 'Microsoft Windows Production PCA 2011: a92902398e16c49778cd90f99e4f9ae17c55af53' linked to secondary sys keyring Aug 26 20:34:54 bedik002 kernel: Loaded UEFI:db cert 'Microsoft Corporation UEFI CA 2011: 13adbf4309bd82709c8cd54f316ed522988a1bd4' linked to secondary sys keyring Aug 26 20:34:54 bedik002 kernel: Loaded UEFI:db cert 'Hewlett-Packard Company: HP UEFI Secure Boot 2013 DB key: 1d7cf2c2b92673f69c8ee1ec7063967ab9b62bec' linked to secondary sys keyring my key: Aug 26 20:34:54 bedik002 kernel: Loaded UEFI:MokListRT cert 'bedik002 module signing key: b1025ea690c4c8f9593b0a158045e72586a3c12f' linked to secondary sys keyring Aug 26 20:34:54 bedik002 kernel: Loaded UEFI:MokListRT cert 'Debian Secure Boot CA: 6ccece7e4c6c0d1f6149f3dd27dfcc5cbb419ea1' linked to secondary sys keyring Aug 26 20:34:54 bedik002 kernel: fb: switching to inteldrmfb from EFI VGA Aug 26 20:34:54 bedik002 kernel: EFI Variables Facility v0.08 2004-May-17 Aug 26 20:34:54 bedik002 kernel:
Bug#940530: marked as done (Add CONFIG_BRCMFMAC_SDIO=y to linux-image-rpi)
Your message dated Sun, 20 Oct 2019 22:05:41 + with message-id and subject line Bug#940530: fixed in linux 5.3.7-1 has caused the Debian Bug report #940530, regarding Add CONFIG_BRCMFMAC_SDIO=y to linux-image-rpi to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 940530: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940530 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: linux-image-4.19.0-6-rpi Version: 4.19.67-2 The linux-image-rpi kernel for armel does not include CONFIG_BRCMFMAC_SDIO=y. This config option is necessary to support the WiFi on the Raspberry Pi Zero W. I have verified that enabling this option fixes the problem on my Pi Zero W by building a version of the kernel package with the option enabled following https://wiki.debian.org/HowToCrossBuildAnOfficialDebianKernelPackage. I installed Debian using the images available here: https://wiki.debian.org/RaspberryPiImages --- End Message --- --- Begin Message --- Source: linux Source-Version: 5.3.7-1 We believe that the bug you reported is fixed in the latest version of linux, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 940...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso (supplier of updated linux package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 20 Oct 2019 00:56:32 +0200 Binary: linux-doc linux-doc-5.3 linux-headers-5.3.0-1-common linux-source linux-source-5.3 linux-support-5.3.0-1 Source: linux Architecture: all source Version: 5.3.7-1 Distribution: unstable Urgency: medium Maintainer: Debian Kernel Team Changed-By: Salvatore Bonaccorso Closes: 935945 940530 940726 Description: linux-doc - Linux kernel specific documentation (meta-package) linux-doc-5.3 - Linux kernel specific documentation for version 5.3 linux-headers-5.3.0-1-common - Common header files for Linux 5.3.0-1 linux-source - Linux kernel source (meta-package) linux-source-5.3 - Linux kernel source for version 5.3 with Debian patches linux-support-5.3.0-1 - Support files for Linux 5.3 Changes: linux (5.3.7-1) unstable; urgency=medium . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.3 https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.4 - mISDN: enforce CAP_NET_RAW for raw sockets (CVE-2019-17055) - appletalk: enforce CAP_NET_RAW for raw sockets (CVE-2019-17054) - ax25: enforce CAP_NET_RAW for raw sockets (CVE-2019-17052) - ieee802154: enforce CAP_NET_RAW for raw sockets (CVE-2019-17053) - nfc: enforce CAP_NET_RAW for raw sockets (CVE-2019-17056) https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.5 https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.6 - nl80211: validate beacon head (CVE-2019-16746) https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.7 . [ Aurelien Jarno ] * [riscv64] Enable SOC_SIFIVE. Do not select CLK_SIFIVE, CLK_SIFIVE_FU540_PRCI, SIFIVE_PLIC, SERIAL_SIFIVE and SERIAL_SIFIVE_CONSOLE as they are selected by SOC_SIFIVE. * [riscv64] Install DTBS using dtbs_install target. * [riscv64] Enable SPI_SIFIVE. * [riscv64] Enable SERIAL_EARLYCON_RISCV_SBI. * [riscv64] Enable MMC, MMC_SPI. * [riscv64] udeb: Add mmc-core-modules and mmc-modules. * [riscv64] Fix memblock reservation for device tree blob. * [riscv64] Clear load reservations while restoring hart contexts. . [ Ben Hutchings ] * [mips*] Revert "Only define MAX_PHYSMEM_BITS on Loongson-3" * KEYS: Re-enable SECONDARY_TRUSTED_KEYRING, dropped in 5.2.6-1 by mis-merge (Closes: #935945) . [ John Paul Adrian Glaubitz ] * [m68k] Enable CONFIG_CRYPTO_MANAGER_DISABLE_TESTS * [hppa] Enable CONFIG_CRYPTO_MANAGER_DISABLE_TESTS * [sh4] Enable CONFIG_CRYPTO_MANAGER_DISABLE_TESTS . [ Salvatore Bonaccorso ] * RDMA/cxgb4: Do not dma memory off of the stack (CVE-2019-17075) * ath6kl: fix a NULL-ptr-deref bug in ath6kl_usb_alloc_urb_from_pipe() (CVE-2019-15098) . [ Romain Perier ] * [armel/rpi] Enable CONFIG_BRCMFMAC_SDIO (Closes: #940530) .
Bug#940181: marked as done (linux-image-5.2.0-2-amd64: Kernel does not accept self-signed modules using UEFI db key)
Your message dated Sun, 20 Oct 2019 22:05:41 + with message-id and subject line Bug#935945: fixed in linux 5.3.7-1 has caused the Debian Bug report #935945, regarding linux-image-5.2.0-2-amd64: Kernel does not accept self-signed modules using UEFI db key to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 935945: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935945 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: src:linux Version: 5.2.9-2 Severity: important Dear Maintainer, I sign the kernel for UEFI secure boot with my own key and also do so for custom-build kernel modules such as "vboxdrv" for VirtualBox (package virtualbox-6.0). This worked without a flaw for linux-image-4.19.0-5-amd64, but this kernel version rejects the signature: > sudo modprobe -v vboxdrv insmod /lib/modules/5.2.0-2-amd64/misc/vboxdrv.ko modprobe: ERROR: could not insert 'vboxdrv': Operation not permitted In `dmesg` I see my key being loaded: [1.609556] integrity: Loading X.509 certificate: UEFI:db [1.609992] integrity: Loaded X.509 cert 'My kernel signing key: XX' it also appears in `cat /proc/keys`, but is probably not trusted: > sudo keyctl list "%:.builtin_trusted_keys" 2 keys in keyring: 813811236: ---lswrv 0 0 asymmetric: Debian Secure Boot CA: 6ccece7e4c6c0d1f6149f3dd27dfcc5cbb419ea1 915392374: ---lswrv 0 0 asymmetric: Debian Secure Boot Signer: 00a7468def I suspect this is due to kernel config CONFIG_SECONDARY_TRUSTED_KEYRING not being set: > grep CONFIG_SECONDARY_TRUSTED_KEYRING /boot/config-5.2.0-2-amd64 # CONFIG_SECONDARY_TRUSTED_KEYRING is not set whereas > grep CONFIG_SECONDARY_TRUSTED_KEYRING /boot/config-4.19.0-5-amd64 CONFIG_SECONDARY_TRUSTED_KEYRING=y Could you please also set this configuration value in this version? Thank you very much. Best regards, Sven -- Package-specific info: ** Version: Linux version 5.2.0-2-amd64 (debian-kernel@lists.debian.org) (gcc version 8.3.0 (Debian 8.3.0-21)) #1 SMP Debian 5.2.9-2 (2019-08-21) ** Command line: resume=/dev/mapper/casaubon--vg-swap_1 root=/dev/mapper/casaubon--vg-root ro splash quiet loglevel=3 add_efi_memmap biosdevname=0 cgroup_enable=memory drm.vblankoffdelay=1 elevator=noop i915.enable_dc=2 i915.enable_fbc=1 i915.fastboot=1 net.ifnames=0 rd.systemd.show_status=auto rd.udev.log_priority=3 swapaccount=1 vga=current vt.global_cursor_default=0 ** Tainted: U (64) * Userspace-defined naughtiness. ** Kernel log: Unable to read kernel log; any relevant messages should be attached ** Model information sys_vendor: Dell Inc. product_name: Latitude 7480 product_version: chassis_vendor: Dell Inc. chassis_version: bios_vendor: Dell Inc. bios_version: 1.6.5 board_vendor: Dell Inc. board_name: 00F6D3 board_version: A00 ** Loaded modules: sha512_ssse3 sha512_generic ipheth xt_TPROXY nf_tproxy_ipv6 nf_tproxy_ipv4 xt_tcpudp xt_socket nf_socket_ipv4 nf_socket_ipv6 nf_defrag_ipv6 nf_defrag_ipv4 xt_mark nft_compat nft_counter nf_tables nfnetlink bnep cdc_ether usbnet r8152 mii snd_usb_audio snd_usbmidi_lib snd_rawmidi snd_seq_device uvcvideo videobuf2_vmalloc videobuf2_memops videobuf2_v4l2 videobuf2_common videodev media zram zsmalloc btusb btrtl btbcm btintel bluetooth drbg ansi_cprng binfmt_misc ecdh_generic ecc nls_ascii nls_cp437 vfat fat arc4 snd_hda_codec_hdmi snd_soc_skl snd_soc_skl_ipc snd_soc_sst_ipc snd_soc_sst_dsp snd_hda_ext_core intel_rapl snd_soc_acpi_intel_match snd_hda_codec_realtek snd_soc_acpi snd_hda_codec_generic snd_soc_core iwlmvm x86_pkg_temp_thermal intel_powerclamp dell_rbtn snd_compress mac80211 coretemp kvm_intel snd_hda_intel dell_laptop snd_hda_codec mei_wdt ledtrig_audio kvm watchdog irqbypass iwlwifi snd_hda_core dell_smm_hwmon snd_hwdep intel_cstate efi_pstore snd_pcm intel_uncore dell_wmi snd_timer dell_smbios dcdbas serio_raw intel_wmi_thunderbolt efivars intel_rapl_perf cfg80211 wmi_bmof dell_wmi_descriptor snd soundcore rtsx_pci_ms rfkill joydev memstick sg mei_me intel_pch_thermal mei idma64 processor_thermal_device intel_soc_dts_iosf battery pcc_cpufreq ac intel_hid acpi_pad sparse_keymap evdev int3403_thermal int340x_thermal_zone int3400_thermal acpi_thermal_rel parport_pc ppdev lp parport efivarfs ip_tables x_tables autofs4 ext4 crc16 mbcache jbd2 crc32c_generic dm_crypt dm_mod hid_lenovo usbhid hid_alps hid_generic sd_mod crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel i2c_designware_platform i2c_designware_core i915 rtsx_pci_sdmmc mmc_core aesni_intel i2c_algo_bit aes_x86_64 e1000e ahci crypto_simd cryptd glue_hel
Bug#940726: marked as done (linux-source-5.2: Enable SOF audio driver and back-port fixes required to 5.2 kernel)
Your message dated Sun, 20 Oct 2019 22:05:41 + with message-id and subject line Bug#940726: fixed in linux 5.3.7-1 has caused the Debian Bug report #940726, regarding linux-source-5.2: Enable SOF audio driver and back-port fixes required to 5.2 kernel to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 940726: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940726 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: linux-source-5.2 Version: 5.2.9-2~bpo10+1 Severity: important Tags: patch Dear Maintainer, * What led up to the situation? The Lenovo X1 Carbon Gen 7 laptops use the Whiskeylake CPU and when testing with Debian we found the audio was not working. Whiskeylake requires the new SOF audio driver to be enabled - but some fixes also need to be backported to prevent firmware load issues seen during suspend and resume Note we are using the buster-backports 5.2 kernel as SOF audio driver support is not available in the earlier kernels. * What exactly did you do (or not do) that was effective (or ineffective)? Enabled SOF audio driver kernel configs and rebuilt the kernel. Tested and debugged the suspend/resume issue and identified the required commits from the working 5.3 kernel.org kernel that are needed to fix the issue. * What was the outcome of this action? Audio is working correctly. The driver appears stable * What outcome did you expect instead? NA Notes: The patch I'm uploading is a combo of the following applied to 5.2: https://github.com/thesofproject/linux/commit/c760776089f147c4d28875619f3a917c02d42307 https://github.com/thesofproject/linux/commit/bb1ea3b31c28a131a5f5a50dd325198645526b19 https://github.com/thesofproject/linux/commit/64632de9140e52b72781fefe542314db7cd29d8c https://github.com/thesofproject/linux/commit/bf705eaa7ce07f9c132f8e367fc2fc46b7842528 https://github.com/thesofproject/linux/commit/38d0e9fc227c7876d09754863adc88aeca6dd205 https://github.com/thesofproject/linux/commit/f5dbba9fee801f4678a50d92c785f7f24d4ee2c6 https://github.com/thesofproject/linux/commit/7623ae793c28cc0928c5d1292542dbb92fc2e9e2 The kconfig snipped I'm also uploading is based on config settings from the SOF team This is my first bug raised against Debian - Lenovo are actively focussing on getting Debian working on our systems so I'm hoping to get a lot more involved. Please do let me know if I've made any mistakes or things I can improve on for future bugs. Thanks Mrk Pearson -- System Information: Debian Release: 10.1 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 5.2.9 (SMP w/8 CPU cores) Kernel taint flags: TAINT_UNSIGNED_MODULE Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8), LANGUAGE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages linux-source-5.2 depends on: ii binutils 2.31.1-16 ii xz-utils 5.2.4-1 Versions of packages linux-source-5.2 recommends: ii bc1.07.1-2+b1 ii bison 2:3.3.2.dfsg-1 ii flex 2.6.4-6.2 ii gcc 4:8.3.0-1 ii libc6-dev [libc-dev] 2.28-10 ii linux-config-5.2 5.2.9-2~bpo10+1 ii make 4.2.1-1.2 Versions of packages linux-source-5.2 suggests: ii libncurses-dev [ncurses-dev] 6.1+20181013-2+deb10u1 pn libqt4-dev pn pkg-config -- no debconf information diff -Naurp linux-source-5.2-orig/sound/soc/sof/control.c linux-source-5.2/sound/soc/sof/control.c --- linux-source-5.2-orig/sound/soc/sof/control.c 2019-08-16 04:11:12.0 -0400 +++ linux-source-5.2/sound/soc/sof/control.c2019-09-18 22:18:22.970932678 -0400 @@ -39,26 +39,8 @@ int snd_sof_volume_get(struct snd_kcontr struct soc_mixer_control *sm = (struct soc_mixer_control *)kcontrol->private_value; struct snd_sof_control *scontrol = sm->dobj.private; - struct snd_sof_dev *sdev = scontrol->sdev; struct sof_ipc_ctrl_data *cdata = scontrol->control_data; unsigned int i, channels = scontrol->num_channels; - int err, ret; - - ret = pm_runtime_get_sync(sdev->dev); - if (ret < 0) { - dev_err_ratelimited(sdev->dev, - "error: volume get failed to resume %d\n", - ret); - pm_runtime_put_noidle(sdev->dev); - return ret; - } - - /* get all the
Bug#939773: marked as done (linux-image-5.2.0-2-amd64: MOK key not used for verification of modules signatures.)
Your message dated Sun, 20 Oct 2019 22:05:41 + with message-id and subject line Bug#935945: fixed in linux 5.3.7-1 has caused the Debian Bug report #935945, regarding linux-image-5.2.0-2-amd64: MOK key not used for verification of modules signatures. to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 935945: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935945 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: src:linux Version: 5.2.9-2 Severity: important Dear Maintainer, I've updated kernel from 4.19 to 5.2 and kernel stopped accepting modules signed with MOK key. I have secure boot enabled on my system and enrolled generated MOK key. I use some out-of-tree modules that use DKMS. In the previous version of the kernel I was signing those modules with the MOK key and they loaded just fine as MOK key was loaded into the trusted keyring in the kernel. After the kernel update, MOK key gets inserted into the .platform keyring (I see CONFIG_INTEGRITY_PLATFORM_KEYRING is set to true in the kernel config) which apparently isn't used for validation of module signatures so I'm unable to load MOK signed modules. I would expect this to still work as the only option I have right now for using DKMS modules is building and using my own kernel image... This is also the method described in https://wiki.debian.org/SecureBoot. I've found this related bug in Fedora: https://bugzilla.redhat.com/show_bug.cgi?id=1701096. There are some links to upstream patches but I've just checked linux master and kernel/module_signing.c is still using only secondary_trusted_keyring and builtin_trusted_keyring to verify modules signatures. Thank you, Marek Rusinowski --- End Message --- --- Begin Message --- Source: linux Source-Version: 5.3.7-1 We believe that the bug you reported is fixed in the latest version of linux, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 935...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso (supplier of updated linux package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 20 Oct 2019 00:56:32 +0200 Binary: linux-doc linux-doc-5.3 linux-headers-5.3.0-1-common linux-source linux-source-5.3 linux-support-5.3.0-1 Source: linux Architecture: all source Version: 5.3.7-1 Distribution: unstable Urgency: medium Maintainer: Debian Kernel Team Changed-By: Salvatore Bonaccorso Closes: 935945 940530 940726 Description: linux-doc - Linux kernel specific documentation (meta-package) linux-doc-5.3 - Linux kernel specific documentation for version 5.3 linux-headers-5.3.0-1-common - Common header files for Linux 5.3.0-1 linux-source - Linux kernel source (meta-package) linux-source-5.3 - Linux kernel source for version 5.3 with Debian patches linux-support-5.3.0-1 - Support files for Linux 5.3 Changes: linux (5.3.7-1) unstable; urgency=medium . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.3 https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.4 - mISDN: enforce CAP_NET_RAW for raw sockets (CVE-2019-17055) - appletalk: enforce CAP_NET_RAW for raw sockets (CVE-2019-17054) - ax25: enforce CAP_NET_RAW for raw sockets (CVE-2019-17052) - ieee802154: enforce CAP_NET_RAW for raw sockets (CVE-2019-17053) - nfc: enforce CAP_NET_RAW for raw sockets (CVE-2019-17056) https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.5 https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.6 - nl80211: validate beacon head (CVE-2019-16746) https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.7 . [ Aurelien Jarno ] * [riscv64] Enable SOC_SIFIVE. Do not select CLK_SIFIVE, CLK_SIFIVE_FU540_PRCI, SIFIVE_PLIC, SERIAL_SIFIVE and SERIAL_SIFIVE_CONSOLE as they are selected by SOC_SIFIVE. * [riscv64] Install DTBS using dtbs_install target. * [riscv64] Enable SPI_SIFIVE. * [riscv64] Enable SERIAL_EARLYCON_RISCV_SBI. * [riscv64] Enable MMC, MMC_SPI. * [riscv64] udeb: Add mmc-core-modules and mmc-modules. * [riscv64] Fix memblock reservation for
Bug#941827: marked as done (module loading fails with error: "Lockdown: modprobe: Loading of unsigned module is restricted; see https://wiki.debian.org/SecureBoot")
Your message dated Sun, 20 Oct 2019 22:05:41 + with message-id and subject line Bug#935945: fixed in linux 5.3.7-1 has caused the Debian Bug report #935945, regarding module loading fails with error: "Lockdown: modprobe: Loading of unsigned module is restricted; see https://wiki.debian.org/SecureBoot"; to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 935945: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935945 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: src:linux Version: 5.3.2-1~exp1 Severity: important I can't figure out how to sign my kernel modules once I installed my MOK, the doc in https://wiki.debian.org/SecureBoot#MOK_-_Machine_Owner_Key didn't really help me out. └[cochabamba] mokutil --test-key mok/MOK.cer 22:41:13 mok/MOK.cer is already enrolled └[cochabamba] sudo keyctl show -x %:.builtin_trusted_keys 22:41:37 Keyring 0x2d16579e ---lswrv 0 0 keyring: .builtin_trusted_keys 0x29b4e884 ---lswrv 0 0 \_ asymmetric: Debian Secure Boot CA: 6ccece7e4c6c0d1f6149f3dd27dfcc5cbb419ea1 0x3681dcff ---lswrv 0 0 \_ asymmetric: Debian Secure Boot Signer: 00a7468def └[cochabamba] sudo keyctl show -x %:.platform 22:41:42 Keyring 0x1cbb137c ---lswrv 0 0 keyring: .platform 0x3d97fc8d ---lswrv 0 0 \_ asymmetric: Microsoft Windows Production PCA 2011: a92902398e16c49778cd90f99e4f9ae17c55af53 0x04167078 ---lswrv 0 0 \_ asymmetric: Debian Secure Boot CA: 6ccece7e4c6c0d1f6149f3dd27dfcc5cbb419ea1 0x3646f72f ---lswrv 0 0 \_ asymmetric: Canonical Ltd. Master Certificate Authority: ad91990bc22ab1f517048c23b6655a268e345a63 0x02bb95ba ---lswrv 0 0 \_ asymmetric: Niv Sardi: 8b6895ea20ac18cf58b558b8367eabd6400d021d 0x16f8c206 ---lswrv 0 0 \_ asymmetric: : 6e4c5e40f58b7aad499ef717e69bc28d 0x1120e45f ---lswrv 0 0 \_ asymmetric: Microsoft Corporation UEFI CA 2011: 13adbf4309bd82709c8cd54f316ed522988a1bd4 └[cochabamba] sudo /usr/src/linux-headers-(uname -r)/scripts/sign-file sha256 ~/mok/MOK.key ~/mok/MOK.cer /lib/modules/(uname -r)/updates/dkms/wireguard.ko wireguard.ko └[cochabamba] hexdump -C wireguard.ko |tail -24 22:44:22 00053be0 4e 69 76 20 53 61 72 64 69 02 14 4e 56 b2 8b 51 |Niv Sardi..NV..Q| 00053bf0 00 33 4c 28 86 cd 99 08 b6 c9 8a 6a bb f8 58 30 |.3L(...j..X0| 00053c00 0b 06 09 60 86 48 01 65 03 04 02 01 30 0d 06 09 |...`.H.e0...| 00053c10 2a 86 48 86 f7 0d 01 01 01 05 00 04 82 01 00 3e |*.H>| 00053c20 5e 55 0d bc 7a 4f c5 0f f8 05 bc f3 68 a3 88 3c |^U..zO..h..<| 00053c30 8e 52 d7 15 b9 2e 0a 26 1d a0 0f 17 48 01 bd f5 |.R.&H...| 00053c40 f1 b8 f8 f0 01 c3 8f 07 c5 33 65 08 14 f5 a6 58 |.3eX| 00053c50 44 d5 78 c2 be bf f6 14 93 3b 13 56 76 0e 46 29 |D.x..;.Vv.F)| 00053c60 de 2c b2 21 e2 c0 8b aa 04 a0 86 42 5f fb 81 89 |.,.!...B_...| 00053c70 da ca d7 23 e4 ea 1a 7c 8f 9f b6 0b c0 58 ad 6f |...#...|.X.o| 00053c80 4d ed f2 ed 54 5c ce f8 ff 99 f9 40 d3 6d 39 7a |M...T\.@.m9z| 00053c90 db 73 e5 47 3f da 4c 03 d0 25 f9 03 19 ad 2e cd |.s.G?.L..%..| 00053ca0 93 e5 c0 6b eb be 2e 38 2a 0e f4 9b 18 99 27 9d |...k...8*.'.| 00053cb0 ca 92 d1 f9 5f b2 2d 50 19 1a 8a 4b 88 3d 39 f5 |_.-P...K.=9.| 00053cc0 b4 59 9f 3e 70 5f 43 09 01 91 20 bc 95 c9 88 fc |.Y.>p_C... .| 00053cd0 96 32 f0 06 85 9c fb 26 3a f4 05 38 e0 b8 d0 9c |.2.&:..8| 00053ce0 94 a9 f9 c2 40 49 a9 95 43 db e1 cc 51 36 30 92 |@I..C...Q60.| 00053cf0 1e 6e ee 31 ac f4 e1 83 4a 19 91 72 26 44 f4 30 |.n.1J..r&D.0| 00053d00 6c d5 79 c4 f8 22 70 8c 9a 56 e9 ab f8 70 a9 65 |l.y.."p..V...p.e| 00053d10 cf 2e a1 96 3a ce 3d 88 30 23 2f 9c f6 be 87 00 |:.=.0#/.| 00053d20 00 02 00 00 00 00 00 00 00 01 8f 7e 4d 6f 64 75 |...~Modu| 00053d30 6c 65 20 73 69 67 6e 61 74 75 72 65 20 61 70 70 |le signature app| 00053d40 65 6e 64 65 64 7e 0a |ended~.| 00053d47 └[cochabamba] sudo insmod ./wireguard.ko 22:44:25 insmod: ERROR: could not insert module ./wireguard.ko: Operation not permitted this just get dmesg to output: [ 20.488940] Lockdown: modprobe: Loading of unsigned module is restricted; see https://wiki.debian.org/SecureBoot -- Package-specific info: ** Version: Linux version 5.3.0-trunk-amd64 (debian-kernel@lists.debian.org)
Re: Debian Linux kernel uploads
Hi, On Sun, Oct 20, 2019 at 02:27:21PM +0100, Ben Hutchings wrote: > On Sun, 2019-10-20 at 13:58 +0200, Hector Oron wrote: > > Hello, > > > > I would like to support Debian Linux kernel team by doing kernel > > package uploads. > > > > Initially, I would like to attempt timely (weekly or bi-weekly, it > > has not been discussed yet) updates for Debian Linux kernel package in > > SID and see how that works. > > > > In anycase, I would like to give a heads-up to the kernel and > > release team that I shall becoming a linux package uploader. Note, > > this has been discussed and agreed with Ben Hutchings and he suggested > > to inform you. > > > > I'll follow up with linux_5.2.17-2 upload real soon now. > > The 5.2 series is EOL, so please don't upload that version. Salvatore > has already updated the sid branch to 5.3.7 and you should coordinate > with him who will upload. FTR, this has happened earlier today[1] and is waiting for NEW processing. [1] https://lists.debian.org/debian-kernel/2019/10/msg00167.html Salvatore
linux_5.3.7-1_multi.changes is NEW
binary:acpi-modules-5.3.0-1-686-di is NEW. binary:acpi-modules-5.3.0-1-686-pae-di is NEW. binary:acpi-modules-5.3.0-1-amd64-di is NEW. binary:affs-modules-5.3.0-1-4kc-malta-di is NEW. binary:affs-modules-5.3.0-1-5kc-malta-di is NEW. binary:affs-modules-5.3.0-1-loongson-3-di is NEW. binary:affs-modules-5.3.0-1-octeon-di is NEW. binary:ata-modules-5.3.0-1-4kc-malta-di is NEW. binary:ata-modules-5.3.0-1-5kc-malta-di is NEW. binary:ata-modules-5.3.0-1-686-di is NEW. binary:ata-modules-5.3.0-1-686-pae-di is NEW. binary:ata-modules-5.3.0-1-amd64-di is NEW. binary:ata-modules-5.3.0-1-arm64-di is NEW. binary:ata-modules-5.3.0-1-armmp-di is NEW. binary:ata-modules-5.3.0-1-loongson-3-di is NEW. binary:ata-modules-5.3.0-1-powerpc64le-di is NEW. binary:btrfs-modules-5.3.0-1-4kc-malta-di is NEW. binary:btrfs-modules-5.3.0-1-5kc-malta-di is NEW. binary:btrfs-modules-5.3.0-1-686-di is NEW. binary:btrfs-modules-5.3.0-1-686-pae-di is NEW. binary:btrfs-modules-5.3.0-1-amd64-di is NEW. binary:btrfs-modules-5.3.0-1-arm64-di is NEW. binary:btrfs-modules-5.3.0-1-armmp-di is NEW. binary:btrfs-modules-5.3.0-1-loongson-3-di is NEW. binary:btrfs-modules-5.3.0-1-marvell-di is NEW. binary:btrfs-modules-5.3.0-1-octeon-di is NEW. binary:btrfs-modules-5.3.0-1-powerpc64le-di is NEW. binary:btrfs-modules-5.3.0-1-s390x-di is NEW. binary:cdrom-core-modules-5.3.0-1-4kc-malta-di is NEW. binary:cdrom-core-modules-5.3.0-1-5kc-malta-di is NEW. binary:cdrom-core-modules-5.3.0-1-686-di is NEW. binary:cdrom-core-modules-5.3.0-1-686-pae-di is NEW. binary:cdrom-core-modules-5.3.0-1-amd64-di is NEW. binary:cdrom-core-modules-5.3.0-1-arm64-di is NEW. binary:cdrom-core-modules-5.3.0-1-armmp-di is NEW. binary:cdrom-core-modules-5.3.0-1-loongson-3-di is NEW. binary:cdrom-core-modules-5.3.0-1-marvell-di is NEW. binary:cdrom-core-modules-5.3.0-1-octeon-di is NEW. binary:cdrom-core-modules-5.3.0-1-powerpc64le-di is NEW. binary:cdrom-core-modules-5.3.0-1-s390x-di is NEW. binary:compress-modules-5.3.0-1-4kc-malta-di is NEW. binary:compress-modules-5.3.0-1-5kc-malta-di is NEW. binary:compress-modules-5.3.0-1-686-di is NEW. binary:compress-modules-5.3.0-1-686-pae-di is NEW. binary:compress-modules-5.3.0-1-amd64-di is NEW. binary:compress-modules-5.3.0-1-arm64-di is NEW. binary:compress-modules-5.3.0-1-armmp-di is NEW. binary:compress-modules-5.3.0-1-loongson-3-di is NEW. binary:compress-modules-5.3.0-1-marvell-di is NEW. binary:compress-modules-5.3.0-1-octeon-di is NEW. binary:compress-modules-5.3.0-1-powerpc64le-di is NEW. binary:compress-modules-5.3.0-1-s390x-di is NEW. binary:crc-modules-5.3.0-1-4kc-malta-di is NEW. binary:crc-modules-5.3.0-1-5kc-malta-di is NEW. binary:crc-modules-5.3.0-1-686-di is NEW. binary:crc-modules-5.3.0-1-686-pae-di is NEW. binary:crc-modules-5.3.0-1-amd64-di is NEW. binary:crc-modules-5.3.0-1-arm64-di is NEW. binary:crc-modules-5.3.0-1-armmp-di is NEW. binary:crc-modules-5.3.0-1-loongson-3-di is NEW. binary:crc-modules-5.3.0-1-marvell-di is NEW. binary:crc-modules-5.3.0-1-octeon-di is NEW. binary:crc-modules-5.3.0-1-powerpc64le-di is NEW. binary:crc-modules-5.3.0-1-s390x-di is NEW. binary:crypto-dm-modules-5.3.0-1-4kc-malta-di is NEW. binary:crypto-dm-modules-5.3.0-1-5kc-malta-di is NEW. binary:crypto-dm-modules-5.3.0-1-686-di is NEW. binary:crypto-dm-modules-5.3.0-1-686-pae-di is NEW. binary:crypto-dm-modules-5.3.0-1-amd64-di is NEW. binary:crypto-dm-modules-5.3.0-1-arm64-di is NEW. binary:crypto-dm-modules-5.3.0-1-armmp-di is NEW. binary:crypto-dm-modules-5.3.0-1-loongson-3-di is NEW. binary:crypto-dm-modules-5.3.0-1-marvell-di is NEW. binary:crypto-dm-modules-5.3.0-1-octeon-di is NEW. binary:crypto-dm-modules-5.3.0-1-powerpc64le-di is NEW. binary:crypto-dm-modules-5.3.0-1-s390x-di is NEW. binary:crypto-modules-5.3.0-1-4kc-malta-di is NEW. binary:crypto-modules-5.3.0-1-5kc-malta-di is NEW. binary:crypto-modules-5.3.0-1-686-di is NEW. binary:crypto-modules-5.3.0-1-686-pae-di is NEW. binary:crypto-modules-5.3.0-1-amd64-di is NEW. binary:crypto-modules-5.3.0-1-arm64-di is NEW. binary:crypto-modules-5.3.0-1-armmp-di is NEW. binary:crypto-modules-5.3.0-1-loongson-3-di is NEW. binary:crypto-modules-5.3.0-1-marvell-di is NEW. binary:crypto-modules-5.3.0-1-octeon-di is NEW. binary:crypto-modules-5.3.0-1-powerpc64le-di is NEW. binary:crypto-modules-5.3.0-1-s390x-di is NEW. binary:dasd-extra-modules-5.3.0-1-s390x-di is NEW. binary:dasd-modules-5.3.0-1-s390x-di is NEW. binary:efi-modules-5.3.0-1-686-di is NEW. binary:efi-modules-5.3.0-1-686-pae-di is NEW. binary:efi-modules-5.3.0-1-amd64-di is NEW. binary:efi-modules-5.3.0-1-arm64-di is NEW. binary:efi-modules-5.3.0-1-armmp-di is NEW. binary:event-modules-5.3.0-1-4kc-malta-di is NEW. binary:event-modules-5.3.0-1-5kc-malta-di is NEW. binary:event-modules-5.3.0-1-686-di is NEW. binary:event-modules-5.3.0-1-686-pae-di is NEW. binary:event-modules-5.3.0-1-amd64-di is NEW. binary:event-modules-5.3.0-1-arm64-di is NEW. binary:event-modules-5.3.0-1-armmp-di is NEW. binary:event-modules-5.3.0-1-loon
Processing of linux_5.3.7-1_multi.changes
linux_5.3.7-1_multi.changes uploaded successfully to localhost along with the files: linux_5.3.7-1.dsc linux_5.3.7.orig.tar.xz linux_5.3.7-1.debian.tar.xz linux_5.3.7-1_source.buildinfo linux-doc-5.3_5.3.7-1_all.deb linux-doc_5.3.7-1_all.deb linux-headers-5.3.0-1-common_5.3.7-1_all.deb linux-source-5.3_5.3.7-1_all.deb linux-source_5.3.7-1_all.deb linux-support-5.3.0-1_5.3.7-1_all.deb linux_5.3.7-1_all.buildinfo Greetings, Your Debian queue daemon (running on host usper.debian.org)
Debian kernel patch propagation
Hi, What is the current workflow of the patch propagation from linux mainline to debian stable kernel versions? are the downstream debian kernels rebased against the latest mainline kernel version or are they just rebased against the lts upstream version from which the debian kernel was initially forked from. if so, how soon? Also, what is the difference between the patch propagation for the current supported debain kernel versions. i.e if stretch and buster are currently being supported, are the same upstream patches applied to both kernel versions or is there a difference? Best, - Ghani
Bug#939170: Maybe wrong package?
Hi, is it possible this one is reported against the wrong package? It seems like there are a few lenovo laptop / thinkpad owners who experience this. Is there some (pseudo)package to report this to? Maybe it gets a bit more traction there... Cheers, Daniel
Re: Debian Linux kernel uploads
On Sun, 2019-10-20 at 13:58 +0200, Hector Oron wrote: > Hello, > > I would like to support Debian Linux kernel team by doing kernel > package uploads. > > Initially, I would like to attempt timely (weekly or bi-weekly, it > has not been discussed yet) updates for Debian Linux kernel package in > SID and see how that works. > > In anycase, I would like to give a heads-up to the kernel and > release team that I shall becoming a linux package uploader. Note, > this has been discussed and agreed with Ben Hutchings and he suggested > to inform you. > > I'll follow up with linux_5.2.17-2 upload real soon now. The 5.2 series is EOL, so please don't upload that version. Salvatore has already updated the sid branch to 5.3.7 and you should coordinate with him who will upload. Ben. -- Ben Hutchings If the facts do not conform to your theory, they must be disposed of. signature.asc Description: This is a digitally signed message part
Bug#927026: Please enable CONFIG_MD_CLUSTER for linux packages in Buster
Hi, Please enable for kernels in unstable so we can test cluster functionality for bullseye release. -- Valentin
Debian Linux kernel uploads
Hello, I would like to support Debian Linux kernel team by doing kernel package uploads. Initially, I would like to attempt timely (weekly or bi-weekly, it has not been discussed yet) updates for Debian Linux kernel package in SID and see how that works. In anycase, I would like to give a heads-up to the kernel and release team that I shall becoming a linux package uploader. Note, this has been discussed and agreed with Ben Hutchings and he suggested to inform you. I'll follow up with linux_5.2.17-2 upload real soon now. Best regards, -- Héctor Orón -.. . -... .. .- -. -.. . ...- . .-.. --- .--. . .-.
Bug#942700: linux-image-5.2.0-3-amd64: Regularly, 1 CPU core is entirely hogged by kworker/0:1+kacpid
Package: src:linux Version: 5.2.17-1 Severity: important Dear Maintainer, Since the most recent kernel update, I regularly have 100% load on one CPU core, According to top, the load is caused by "kworker/0:1+kacpid". I have never seen this effect before so this is a recent regression. This happens roughly once or twice a day. To get rid of this, I have to put the machine to suspend and resume it again. Here are the dpkg logs from that kernel update: 2019-10-12 17:16:36 install linux-image-5.2.0-3-amd64:amd64 5.2.17-1 2019-10-12 17:16:36 status half-installed linux-image-5.2.0-3-amd64:amd64 5.2.17-1 2019-10-12 17:16:44 status unpacked linux-image-5.2.0-3-amd64:amd64 5.2.17-1 2019-10-12 17:16:45 upgrade linux-image-amd64:amd64 5.2+106 5.2+107 2019-10-12 17:16:45 status half-configured linux-image-amd64:amd64 5.2+106 2019-10-12 17:16:45 status unpacked linux-image-amd64:amd64 5.2+106 2019-10-12 17:16:45 status half-installed linux-image-amd64:amd64 5.2+106 2019-10-12 17:16:45 status unpacked linux-image-amd64:amd64 5.2+107 2019-10-12 17:21:59 configure linux-image-5.2.0-3-amd64:amd64 5.2.17-1 2019-10-12 17:21:59 status unpacked linux-image-5.2.0-3-amd64:amd64 5.2.17-1 2019-10-12 17:21:59 status half-configured linux-image-5.2.0-3-amd64:amd64 5.2.17-1 2019-10-12 17:22:56 status installed linux-image-5.2.0-3-amd64:amd64 5.2.17-1 2019-10-12 17:23:01 configure linux-image-amd64:amd64 5.2+107 2019-10-12 17:23:01 status unpacked linux-image-amd64:amd64 5.2+107 2019-10-12 17:23:01 status half-configured linux-image-amd64:amd64 5.2+107 2019-10-12 17:23:01 status installed linux-image-amd64:amd64 5.2+107 2019-10-12 21:07:30 status installed linux-image-4.19.0-5-amd64:amd64 4.19.37-6 2019-10-12 21:07:30 remove linux-image-4.19.0-5-amd64:amd64 4.19.37-6 2019-10-12 21:07:30 status half-configured linux-image-4.19.0-5-amd64:amd64 4.19.37-6 2019-10-12 21:07:31 status half-installed linux-image-4.19.0-5-amd64:amd64 4.19.37-6 2019-10-12 21:07:44 status config-files linux-image-4.19.0-5-amd64:amd64 4.19.37-6 2019-10-12 21:07:46 purge linux-image-4.19.0-5-amd64:amd64 4.19.37-6 2019-10-12 21:07:46 status config-files linux-image-4.19.0-5-amd64:amd64 4.19.37-6 2019-10-12 21:07:47 status not-installed linux-image-4.19.0-5-amd64:amd64 So, looks like 4.19.37-6 was fine but 5.2.17-1 has this bug. Kind regards, Ralf -- Package-specific info: ** Version: Linux version 5.2.0-3-amd64 (debian-kernel@lists.debian.org) (gcc version 8.3.0 (Debian 8.3.0-22)) #1 SMP Debian 5.2.17-1 (2019-09-26) ** Command line: BOOT_IMAGE=/vmlinuz-5.2.0-3-amd64 root=/dev/mapper/vg-root ro quiet splash ** Tainted: UOE (12352) * Userspace-defined naughtiness. * Out-of-tree module has been loaded. * Unsigned module has been loaded. ** Kernel log: [235833.744783] input: HID 046a:0023 as /devices/pci:00/:00:14.0/usb1/1-1/1-1.2/1-1.2:1.0/0003:046A:0023.0022/input/input52 [235833.808644] cherry 0003:046A:0023.0022: input,hidraw2: USB HID v1.11 Keyboard [HID 046a:0023] on usb-:00:14.0-1.2/input0 [235833.816037] input: HID 046a:0023 as /devices/pci:00/:00:14.0/usb1/1-1/1-1.2/1-1.2:1.1/0003:046A:0023.0023/input/input53 [235833.876857] cherry 0003:046A:0023.0023: input,hidraw3: USB HID v1.11 Device [HID 046a:0023] on usb-:00:14.0-1.2/input1 [235834.281211] Bluetooth: hci0: Waiting for firmware download to complete [235834.281734] Bluetooth: hci0: Firmware loaded in 1581442 usecs [235834.281749] Bluetooth: hci0: Waiting for device to boot [235834.292848] Bluetooth: hci0: Device booted in 10814 usecs [235834.292857] Bluetooth: hci0: Found Intel DDC parameters: intel/ibt-11-5.ddc [235834.296864] Bluetooth: hci0: Applying Intel DDC parameters completed [235835.831037] wlp2s0: authenticate with [235835.841303] wlp2s0: send auth to (try 1/3) [235835.848871] wlp2s0: authenticated [235835.852477] wlp2s0: associate with (try 1/3) [235835.861758] wlp2s0: RX AssocResp from (capab=0x411 status=0 aid=1) [235835.864046] wlp2s0: associated [235835.915890] wlp2s0: Limiting TX power to 20 (23 - 3) dBm as advertised by [235838.108682] e1000e: enp0s31f6 NIC Link is Down [235838.118650] wlp2s0: deauthenticating from by local choice (Reason: 3=DEAUTH_LEAVING) [235856.856999] wlp2s0: authenticate with [235856.868498] wlp2s0: send auth to (try 1/3) [235856.876405] wlp2s0: authenticated [235856.884644] wlp2s0: associate with (try 1/3) [235856.888084] wlp2s0: RX AssocResp from (capab=0x411 status=0 aid=1) [235856.891195] wlp2s0: associated [235856.906791] IPv6: ADDRCONF(NETDEV_CHANGE): wlp2s0: link becomes ready [235856.908319] wlp2s0: Limiting TX power to 20 (23 - 3) dBm as advertised by [238195.801553] mce: CPU1: Core temperature above threshold, cpu clock throttled (total events = 488) [238195.801554] mce: CPU5: Core temperature above threshold, cpu clock throttled (total events = 488) [238195.801556] mce: CPU0: Package temperature above threshold, cpu clock throttled (total events = 802) [238195.801557] mce: CPU7: Pac