Your message dated Fri, 17 Apr 2020 18:01:01 +0000 with message-id <E1jPVIT-000AQw-6J@fasolo.debian.org> and subject line Bug#956197: fixed in linux 5.6.4-1~exp1 has caused the Debian Bug report #956197, regarding src:linux: lockdown: set default (with Secure Boot) to LOCKDOWN_INTEGRITY_MAX to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 956197: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=956197 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: src:linux: lockdown: set default (with Secure Boot) to LOCKDOWN_INTEGRITY_MAX
- From: Luca Boccassi <bluca@debian.org>
- Date: Wed, 08 Apr 2020 10:17:13 +0100
- Message-id: <[🔎] f9af19c237490d59643ca3114aec5626e63b93f8.camel@debian.org>
Source: linux Version: 5.5.13-2 Severity: wishlist Tags: patch X-Debbugs-CC: quentin@isovalent.com Dear Maintainer(s), LOCKDOWN_CONFIDENTIALITY_MAX restricts a lot of useful features, even security ones (like monitoring via BPF), while not adding that much value for common use cases. Recently, Ubuntu, RedHat and SUSE changed the default to LOCKDOWN_INTEGRITY_MAX. I believe we should do the same. MR: https://salsa.debian.org/kernel-team/linux/-/merge_requests/230 References: https://github.com/iovisor/bcc/issues/2565#issuecomment-606566675 https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1868626 https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/focal/commit/?id=ef7c6600bb3e https://bugzilla.redhat.com/show_bug.cgi?id=1815571 Thanks! -- Kind regards, Luca BoccassiAttachment: signature.asc
Description: This is a digitally signed message part
--- End Message ---
--- Begin Message ---
- To: 956197-close@bugs.debian.org
- Subject: Bug#956197: fixed in linux 5.6.4-1~exp1
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Fri, 17 Apr 2020 18:01:01 +0000
- Message-id: <E1jPVIT-000AQw-6J@fasolo.debian.org>
- Reply-to: Ben Hutchings <benh@debian.org>
Source: linux Source-Version: 5.6.4-1~exp1 Done: Ben Hutchings <benh@debian.org> We believe that the bug you reported is fixed in the latest version of linux, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 956197@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Ben Hutchings <benh@debian.org> (supplier of updated linux package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 17 Apr 2020 01:26:42 +0100 Source: linux Architecture: source Version: 5.6.4-1~exp1 Distribution: experimental Urgency: medium Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org> Changed-By: Ben Hutchings <benh@debian.org> Closes: 956197 Changes: linux (5.6.4-1~exp1) experimental; urgency=medium . * New upstream release: https://kernelnewbies.org/Linux_5.6 * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.1 https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.2 https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.3 https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.4 . [ Ben Hutchings ] * Set ABI to trunk * [mips*] Revert "staging: octeon-usb: delete the octeon usb host controller driver" * [mips*] Revert "staging: octeon: delete driver" * [powerpc*] i2c: Enable I2C_PARPORT instead of I2C_PARPORT_LIGHT * aufs: Update support patchset to aufs5.x-rcN 20200302; no functional change * linux-signed-*: Build-Depend on kernel-wedge 2.102 for consistency * aufs: Update support patchset to aufs5.6 20200413; no functional change * [rt] Update to 5.6.4-rt3 and re-enable . [ Aurelien Jarno ] * Enable SENSORS_DRIVETEMP * [riscv64] Enable SOC_VIRT * [riscv64] Enable GPIOLIB, GPIO_SIFIVE, POWER_RESET, POWER_RESET_GPIO, POWER_RESET_GPIO_RESTART, POWER_RESET_RESTART, CONFIG_PWM, CONFIG_PWM_SIFIVE, CONFIG_SIFIVE_L2 . [ Christian Barcenas ] * linux-kbuild: Stop building conmakehash * linux-cpupower: Add libcap to Build-Depends and turbostat linker flags * [x86] Drop EFI cold boot mitigation patch in favor of upstream * [amd64] Update "x86: Make x32 syscall support conditional ..." for 5.6 . [ Romain Perier ] * [x86] udeb: Add crc32_pclmul to crc-modules * udeb: Add crc32_generic to crc-modules . [ Luca Boccassi ] * lockdown: set default (with Secure Boot) to LOCKDOWN_INTEGRITY_MAX (Closes: #956197) Checksums-Sha1: 10b616f453a2924d48c365eddfbdc5a75d95b74d 210002 linux_5.6.4-1~exp1.dsc 08fa53d17013fb81f710e285c439c25359a8b55d 116064736 linux_5.6.4.orig.tar.xz 7557a0504381a497566cc5c3f334a88bcf73a489 1287880 linux_5.6.4-1~exp1.debian.tar.xz 9f6893a7826ccb7a57df63553f9d3505b9b177b8 53956 linux_5.6.4-1~exp1_source.buildinfo Checksums-Sha256: 285decd6b401f74ce3a8d692e04c8dc58566fd66d08581ceb02b20de94bd7882 210002 linux_5.6.4-1~exp1.dsc 8115ac68648eeb0abc43f64405b488a070ed8dcaa4e0973d06971b204c829b5d 116064736 linux_5.6.4.orig.tar.xz 1cc26859937147739c92e92edd924334af209bc5477cc477c6044407da361e05 1287880 linux_5.6.4-1~exp1.debian.tar.xz 4bd4f6721bea5e47a8b6dec8bfa333afd8b2680154b66c1ec0aa262f4740e3b4 53956 linux_5.6.4-1~exp1_source.buildinfo Files: 5c2b784e5b125647ede0f2080b31b6ab 210002 kernel optional linux_5.6.4-1~exp1.dsc 3a098777e7f6ebbc7c833b3d9e3e994c 116064736 kernel optional linux_5.6.4.orig.tar.xz 17f681b54f3e7a7f0ee54e3e23884c6c 1287880 kernel optional linux_5.6.4-1~exp1.debian.tar.xz 13ab023261e0e035c82468ec51784e41 53956 kernel optional linux_5.6.4-1~exp1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAl6ZtuMACgkQ57/I7JWG EQlAYQ/+Nxtk18NIT/rgPH4MuzY4jw4MA5XzWtG49nKjRg7Fr+fYqkEI8m833qoQ 5PFF2qEKIy8Dx/l54FUau60vSzKt8By1BtMMe8pW0pKkB8w4ezSJPmomiDl11LVI 8bcq6nZ5bZ9mqYY/hfN4EW9zCm+5fXG2OBVSyqAvXviMFILzl1dyNuN3fdyZe6O6 uVeEt0/sUCznMjDazHtZGpMswfqWjS2iTInZh6NvTATRShssEzCqbXI5hsmSECeV ybMiLpvGa8o/OUKilc9eXFj+30KcLpcefPo2VsMgNpxP2qb7AeAxjzjfdNRBM+5K 3wSNwwnLnZWCEfIFP8wnq8yRG7tLKnqVaRLzm4Af9eIVrqO7VqIYt0aazz1wOsMR 2t6gI2Lquxcslrfgnonc++c+CqnOQHpRWKkYS5P4sYwlrxQdNTdWlLwxWbf/jYVD b4iGOTDdampnI/gZImDuw8z8Fvz/4P0Mf0DmmR5MYez46bmqY12jooMZVHYuu8xt OBul/c8uzgkJAxPEoMMBdlG6qJ4knRYVjVDApPqzQ9aTpyFHj2jtSvQnItGweYy5 A8iAEAL0zAxcPKtAmQ1xO2pDllD95C2ip4OyFjHwF34Gv6Kc378hTFRtwMy0cJoY C1+0n8VOP+Gytzyf61zSkX8o+InuxGaHBfYeoDqY2z7ZNEMHxM0= =KLBz -----END PGP SIGNATURE-----
--- End Message ---