[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#825141: marked as done (dasd_mod: module verification failed: signature and/or required key missing - tainting kernel)

Your message dated Wed, 25 Jan 2023 19:47:08 +0000
with message-id <E1pKljg-005WMz-Oy@fasolo.debian.org>
and subject line Bug#825141: fixed in linux 5.10.162-1
has caused the Debian Bug report #825141,
regarding dasd_mod: module verification failed: signature and/or required key missing - tainting kernel
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
825141: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=825141
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: linux
Version: 4.5.3-2
Severity: minor
X-Debbugs-CC: debian-s390@lists.debian.org

The following message is received at boot time when booting the stock Debian kernel
version 4.5.3-2 on the s390x architecture:

dasd_mod: module verification failed: signature and/or required key missing - tainting kernel

The kernel does boot; but the kernel gets tainted, which disables lock debugging.

-- 
  .''`.     Stephen Powell    <zlinuxman@fastmail.com>
 : :'  :
 `. `'`
   `-

--- End Message ---
--- Begin Message --- 
Source: linux
Source-Version: 5.10.162-1
Done: Salvatore Bonaccorso <carnil@debian.org>

We believe that the bug you reported is fixed in the latest version of
linux, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 825141@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated linux package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 21 Jan 2023 15:35:48 +0100
Source: linux
Architecture: source
Version: 5.10.162-1
Distribution: bullseye-security
Urgency: high
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 825141 1008501 1027430 1027483
Changes:
 linux (5.10.162-1) bullseye-security; urgency=high
 .
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.159
     - [armhf] dts: rockchip: fix node name for hym8563 rtc
     - [armhf] dts: rockchip: fix ir-receiver node names
     - [arm64] dts: rockchip: fix ir-receiver node names
     - [armel,armhf] 9266/1: mm: fix no-MMU ZERO_PAGE() implementation
     - 9p/fd: Use P9_HDRSZ for header size
     - ALSA: seq: Fix function prototype mismatch in snd_seq_expand_var_event
     - btrfs: send: avoid unaligned encoded writes when attempting to clone range
     - ASoC: soc-pcm: Add NULL check in BE reparenting
     - [armhf] regulator: twl6030: fix get status of twl6032 regulators
     - fbcon: Use kzalloc() in fbcon_prepare_logo()
     - [arm64,armhf] usb: dwc3: gadget: Disable GUSB2PHYCFG.SUSPHY for End
       Transfer
     - 9p/xen: check logical size for buffer size
     - net: usb: qmi_wwan: add u-blox 0x1342 composition
     - mm/khugepaged: take the right locks for page table retraction
     - mm/khugepaged: fix GUP-fast interaction by sending IPI
     - mm/khugepaged: invoke MMU notifiers in shmem/file collapse paths
     - rtc: mc146818: Prevent reading garbage
     - rtc: mc146818: Detect and handle broken RTCs
     - rtc: mc146818: Dont test for bit 0-5 in Register D
     - rtc: cmos: remove stale REVISIT comments
     - rtc: mc146818-lib: change return values of mc146818_get_time()
     - rtc: Check return value from mc146818_get_time()
     - rtc: mc146818-lib: fix RTC presence check
     - rtc: mc146818-lib: extract mc146818_avoid_UIP
     - rtc: cmos: avoid UIP when writing alarm time
     - rtc: cmos: avoid UIP when reading alarm time
     - rtc: cmos: Replace spin_lock_irqsave with spin_lock in hard IRQ
     - rtc: mc146818: Reduce spinlock section in mc146818_set_time()
     - media: videobuf2-core: take mmap_lock in vb2_get_unmapped_area()
     - media: v4l2-dv-timings.c: fix too strict blanking sanity checks
     - memcg: fix possible use-after-free in memcg_write_event_control()
     - mm/gup: fix gup_pud_range() for dax
     - Bluetooth: btusb: Add debug message for CSR controllers
     - Bluetooth: Fix crash when replugging CSR fake controllers
     - [s390x] KVM: s390: vsie: Fix the initialization of the epoch extension
       (epdx) field
     - [x86] drm/vmwgfx: Don't use screen objects when SEV is active
     - drm/shmem-helper: Remove errant put in error path
     - drm/shmem-helper: Avoid vm_open error paths
     - HID: usbhid: Add ALWAYS_POLL quirk for some mice
     - HID: hid-lg4ff: Add check for empty lbuf
     - HID: core: fix shift-out-of-bounds in hid_report_raw_event
     - can: af_can: fix NULL pointer dereference in can_rcv_filter
     - mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page
       (CVE-2022-3623)
     - rtc: cmos: Disable irq around direct invocation of cmos_interrupt()
     - rtc: mc146818-lib: fix locking in mc146818_set_time
     - rtc: mc146818-lib: fix signedness bug in mc146818_get_time()
     - netfilter: nft_set_pipapo: Actually validate intervals in fields after the
       first one
     - ieee802154: cc2520: Fix error return code in cc2520_hw_init()
     - netfilter: ctnetlink: fix compilation warning after data race fixes in ct
       mark
     - e1000e: Fix TX dispatch condition
     - igb: Allocate MSI-X vector when testing
     - [arm64,armhf] drm: bridge: dw_hdmi: fix preference of RGB modes over
       YUV420
     - af_unix: Get user_ns from in_skb in unix_diag_get_exact().
     - [x86] vmxnet3: correctly report encapsulated LRO packet
     - Bluetooth: 6LoWPAN: add missing hci_dev_put() in get_l2cap_conn()
     - Bluetooth: Fix not cleanup led when bt_init fails
     - mac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add()
     - xen-netfront: Fix NULL sring after live migration
     - [arm64,armhf] net: mvneta: Prevent out of bounds read in
       mvneta_config_rss()
     - i40e: Fix not setting default xps_cpus after reset
     - i40e: Fix for VF MAC address 0
     - i40e: Disallow ip4 and ip6 l4_4_bytes
     - nvme initialize core quirks before calling nvme_init_subsystem
     - net: stmmac: fix "snps,axi-config" node property parsing
     - ip_gre: do not report erspan version on GRE interface
     - [arm64] net: thunderx: Fix missing destroy_workqueue of nicvf_rx_mode_wq
     - [arm64] net: hisilicon: Fix potential use-after-free in hisi_femac_rx()
     - [arm64] net: hisilicon: Fix potential use-after-free in hix5hd2_rx()
     - tipc: Fix potential OOB in tipc_link_proto_rcv()
     - ipv4: Fix incorrect route flushing when source address is deleted
     - ipv4: Fix incorrect route flushing when table ID 0 is used
     - tipc: call tipc_lxc_xmit without holding node_read_lock
     - [x86] net: plip: don't call kfree_skb/dev_kfree_skb() under
       spin_lock_irq()
     - ipv6: avoid use-after-free in ip6_fragment()
     - [arm64,armhf] net: mvneta: Fix an out of bounds check
     - macsec: add missing attribute validation for offload
     - can: esd_usb: Allow REC and TEC to return to zero
     https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.160
     - [x86] smpboot: Move rcu_cpu_starting() earlier
     - vfs: fix copy_file_range() regression in cross-fs copies
     - vfs: fix copy_file_range() averts filesystem freeze protection
     - nfp: fix use-after-free in area_cache_get() (CVE-2022-3545)
     - fuse: always revalidate if exclusive create
     - io_uring: add missing item types for splice request (CVE-2022-4696)
     - ASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx()
     - can: mcba_usb: Fix termination command argument
     - [armel,armhf] ASoC: cs42l51: Correct PGA Volume minimum value
     - nvme-pci: clear the prp2 field when not used
     - ASoC: ops: Correct bounds check for second channel on SX controls
     https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.161
     - udf: Discard preallocation before extending file with a hole
     - udf: Fix preallocation discarding at indirect extent boundary
     - udf: Do not bother looking for prealloc extents if i_lenExtents matches
       i_size
     - udf: Fix extending file within last block
     - usb: gadget: uvc: Prevent buffer overflow in setup handler
     - USB: serial: option: add Quectel EM05-G modem
     - USB: serial: cp210x: add Kamstrup RF sniffer PIDs
     - USB: serial: f81232: fix division by zero on line-speed change
     - USB: serial: f81534: fix division by zero on line-speed change
     - xhci: Apply XHCI_RESET_TO_DEFAULT quirk to ADL-N
     - igb: Initialize mailbox message for VF reset
     - HID: ite: Add support for Acer S1002 keyboard-dock
     - HID: ite: Enable QUIRK_TOUCHPAD_ON_OFF_REPORT on Acer Aspire Switch 10E
     - HID: ite: Enable QUIRK_TOUCHPAD_ON_OFF_REPORT on Acer Aspire Switch V 10
     - HID: uclogic: Add HID_QUIRK_HIDINPUT_FORCE quirk
     - Bluetooth: L2CAP: Fix u8 overflow (CVE-2022-45934)
     - net: loopback: use NET_NAME_PREDICTABLE for name_assign_type
     https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.162
     - kernel: provide create_io_thread() helper
     - iov_iter: add helper to save iov_iter state
     - saner calling conventions for unlazy_child()
     - fs: add support for LOOKUP_CACHED
     - fix handling of nd->depth on LOOKUP_CACHED failures in try_to_unlazy*
     - Make sure nd->path.mnt and nd->path.dentry are always valid pointers
     - fs: expose LOOKUP_CACHED through openat2() RESOLVE_CACHED
     - tools headers UAPI: Sync openat2.h with the kernel sources
     - net: provide __sys_shutdown_sock() that takes a socket
     - net: add accept helper not installing fd
     - signal: Add task_sigpending() helper
     - fs: make do_renameat2() take struct filename
     - file: Rename __close_fd_get_file close_fd_get_file
     - fs: provide locked helper variant of close_fd_get_file()
     - entry: Add support for TIF_NOTIFY_SIGNAL
     - task_work: Use TIF_NOTIFY_SIGNAL if available
     - [x86] Wire up TIF_NOTIFY_SIGNAL
     - [arm64] add support for TIF_NOTIFY_SIGNAL
     - [powerpc*] add support for TIF_NOTIFY_SIGNAL
     - [mips*] add support for TIF_NOTIFY_SIGNAL
     - [s390x] add support for TIF_NOTIFY_SIGNAL
     - [armel,armhf] add support for TIF_NOTIFY_SIGNAL
     - task_work: remove legacy TWA_SIGNAL path
     - kernel: remove checking for TIF_NOTIFY_SIGNAL
     - coredump: Limit what can interrupt coredumps
     - kernel: allow fork with TIF_NOTIFY_SIGNAL pending
     - entry/kvm: Exit to user mode when TIF_NOTIFY_SIGNAL is set
     - arch: setup PF_IO_WORKER threads like PF_KTHREAD
     - arch: ensure parisc/powerpc handle PF_IO_WORKER in copy_thread()
     - [x86] process: setup io_threads more like normal user space threads
     - kernel: stop masking signals in create_io_thread()
     - kernel: don't call do_exit() for PF_IO_WORKER threads
     - task_work: add helper for more targeted task_work canceling
     - io_uring: import 5.15-stable io_uring
     - signal: kill JOBCTL_TASK_WORK
     - task_work: unconditionally run task_work from get_signal()
     - net: remove cmsg restriction from io_uring based send/recvmsg calls
     - Revert "proc: don't allow async path resolution of /proc/thread-self
       components"
     - Revert "proc: don't allow async path resolution of /proc/self components"
     - eventpoll: add EPOLL_URING_WAKE poll wakeup flag
     - eventfd: provide a eventfd_signal_mask() helper
     - io_uring: pass in EPOLL_URING_WAKE for eventfd signaling and wakeups
 .
   [ Salvatore Bonaccorso ]
   * linux-kbuild: Include scripts/pahole-flags.sh (Closes: #1008501)
   * Bump ABI to 21
   * Refresh "Export symbols needed by Android drivers"
   * ASoC: Intel/SOF: use set_stream() instead of set_tdm_slots() for HDAudio
     (Closes: #1027430, #1027483)
   * ASoC/SoundWire: dai: expand 'stream' concept beyond SoundWire
     (Closes: #1027430, #1027483)
   * [rt] Update to 5.10.162-rt78
   * i2c: ismt: Fix an out-of-bounds bug in ismt_access() (CVE-2022-2873)
   * [x86] drm/vmwgfx: Validate the box size for the snooped cursor
     (CVE-2022-36280)
   * media: dvb-core: Fix UAF due to refcount races at releasing (CVE-2022-41218)
   * net: sched: disallow noqueue for qdisc classes (CVE-2022-47929)
   * ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF
     (CVE-2023-0266)
   * net: sched: cbq: dont intepret cls results when asked to drop
     (CVE-2023-23454)
   * net: sched: atm: dont intepret cls results when asked to drop
     (CVE-2023-23455)
   * netfilter: nft_payload: incorrect arithmetics when fetching VLAN header bits
     (CVE-2023-0179)
   * ipv6: raw: Deduct extension header length in rawv6_push_pending_frames
     (CVE-2023-0394)
   * [rt] arm64: make _TIF_WORK_MASK bits contiguous
 .
   [ Ben Hutchings ]
   * Disable SECURITY_LOCKDOWN_LSM and MODULE_SIG where we don't sign code
     (Closes: #825141)
Checksums-Sha1:
 5ef6ef05ff952d90949632474fab0e6af8100caa 197238 linux_5.10.162-1.dsc
 3352d0bb3cc8a8177144374a9f8e1cf6e69631c9 121818544 linux_5.10.162.orig.tar.xz
 dfac62eae47d27331d0fc6ea4d9f0083fc8ff49d 1571940 linux_5.10.162-1.debian.tar.xz
 88e78d0bcdea427086d875b5a5a5d09fea0a8db5 6690 linux_5.10.162-1_source.buildinfo
Checksums-Sha256:
 798be0e726f7340d60bd66caea38e4825c9307cb7ff714c1edae68e991623481 197238 linux_5.10.162-1.dsc
 23ce1f61a85438549cc84ddb81b036beb8b2670f18c6298ae7a658c429c19e90 121818544 linux_5.10.162.orig.tar.xz
 59fab7dc23a56c8a691d2e9bea683dfa37458e2d11eaca2bcd6f39230225438e 1571940 linux_5.10.162-1.debian.tar.xz
 b19a3d3f1c800ebf3b9b32f87c11d87b3a89c5043023b4b0a2610c5c80ba273b 6690 linux_5.10.162-1_source.buildinfo
Files:
 15c6596246994d48db1559965276ac5e 197238 kernel optional linux_5.10.162-1.dsc
 a85401541f4ff7d41a3b283433cb790d 121818544 kernel optional linux_5.10.162.orig.tar.xz
 7bae1a68b75cae2b18001d14ef8183da 1571940 kernel optional linux_5.10.162-1.debian.tar.xz
 07f0a6c57028f0a5b4e1e1da0fbf74bd 6690 kernel optional linux_5.10.162-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmPL+URfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89E6J0P/jeZovyI+uk0m2QpUWVzD2FDMa7NwkXU
9t8qMLN7xlbufdWQxJzGgyPAXQ9LVQqBkO+zdcDumU30Mf09NAE+k9yYeiwNc3Jl
TH1Ngn0Koq4KaBmfqkOi0SElBCk92vQcOtMWkFzTbtVHP2fKGCo/Zr7pYM8QqZ23
6u2pUD8ndE+vv77FXZMhbdxySl31k7mWdchR9RgVpCKDyGQbEjiKBx+BdSheehaQ
dtkQn+wI1FlyBTsEEadF4bzgk3eDlezVF/iAMrjlbWd1UR5Mv78aHCnflcjGDgHY
8iaayMTz3NKlPoxO8bC4vySFJw5J7t6eGZU69NuJ0Ov2IgySwuUY2i4KBrD8N4fD
z/PHlfHx2XFkU0xlwBhl4tS8Yrz3GKNUE/Kig2mbELSWingFhF1st1WuabSDcAcQ
I9Y98XucprRRW1jOjV+ejg9F8XLrai53OA/4wc7lfazhqDg8op+QzdE+iJxmzNQ/
exD/x9KGEtCci+jvxcv/hPQVYbsXhPRojYedwRAuIQQSjyXjT/k32CqfSFHUyOYg
bNOkUKQlYijpE3c9+3jTBg7W0XAk7W7mdQnR9eS7tM2JFrgSijDiFOrtiBLW2D/8
C93stWRn2P+hEtpG9l44HPzYoG8yx7G9JoxFzf9Lp3fqx3Nbacrj7d10G70XXvZH
VRdVhxdTwvEW
=mhgw
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: