Your message dated Thu, 01 Sep 2022 14:10:11 +0000 with message-id <E1oTktX-002rm1-GB@fasolo.debian.org> and subject line Bug#1018752: fixed in linux 5.19.6-1 has caused the Debian Bug report #1018752, regarding src:linux: new certificate used for Secure Boot to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 1018752: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1018752 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: src:linux: new certificate used for Secure Boot
- From: Ansgar <ansgar@debian.org>
- Date: Tue, 30 Aug 2022 10:04:26 +0200
- Message-id: <87tu5ucg39.fsf@43-1.org>
Source: linux Version: 5.18.16-1 Control: found -1 5.10.127-1 Hi, there is a new certificate used to sign the kernel modules for Secure Boot. Its fingerprint (sha256) should be: # CN = Debian Secure Boot Signer 2022 - linux - 65378fdbd50b85960563bac3923b4cf6e43f60b7c969c1527ce2ca34f82f2dc5 It can also be found in the code-signing repository: https://salsa.debian.org/ftp-team/code-signing/-/blob/master/etc/debian-prod-2022-linux.pem Please switch to using it with the next src:linux upload (in any suite). Please also do so for src:linux-5.10. AnsgarAttachment: debian-prod-2022-linux.pem
Description: CN = Debian Secure Boot Signer 2022 - linuxAttachment: signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
- To: 1018752-close@bugs.debian.org
- Subject: Bug#1018752: fixed in linux 5.19.6-1
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Thu, 01 Sep 2022 14:10:11 +0000
- Message-id: <E1oTktX-002rm1-GB@fasolo.debian.org>
- Reply-to: Salvatore Bonaccorso <carnil@debian.org>
Source: linux Source-Version: 5.19.6-1 Done: Salvatore Bonaccorso <carnil@debian.org> We believe that the bug you reported is fixed in the latest version of linux, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1018752@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <carnil@debian.org> (supplier of updated linux package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 01 Sep 2022 09:04:35 +0200 Source: linux Architecture: source Version: 5.19.6-1 Distribution: unstable Urgency: medium Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org> Changed-By: Salvatore Bonaccorso <carnil@debian.org> Closes: 1016807 1017425 1017894 1017972 1018752 Changes: linux (5.19.6-1) unstable; urgency=medium . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19.1 https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19.2 - Revert "net: usb: ax88179_178a needs FLAG_SEND_ZLP" (Closes: #1017894) https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19.3 https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19.4 https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19.5 https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19.6 - mm/gup: fix FOLL_FORCE COW security issue and remove FOLL_COW (CVE-2022-2590) - af_key: Do not call xfrm_probe_algs in parallel (CVE-2022-3028) - [x86] nospec: Unwreck the RSB stuffing - [x86] nospec: Fix i386 RSB stuffing (Closes: #1017425) - bpf: Don't use tnum_range on array range checking for poke descriptors (CVE-2022-2905) . [ Ben Hutchings ] * d/tests/kbuild: Fix default-flavour lookup for arches with no featuresets * d/tests/kbuild: Make flavour lookup verbose * d/lib/python/debian_linux, d/templates: Use variable for binary package name * lintian: Update overrides in linux-image-*-dbg for lintian 2.115 * d/{signing_templates/,}rules.real: Run dh_lintian for all packages * [hppa,mips,mipsel,powerpc] lintian: Override error for 64-bit kernels * [mips64el,mipsel,ppc64el] lintian: Override error for unstripped vmlinux * [arm64] lintian: Override errors for vdso32.so in linux-image-*-dbg * android: Remove CONFIG_ANDROID: - Drop "wireguard: Clear keys after suspend despite CONFIG_ANDROID=y" - pm/sleep: Add PM_USERSPACE_AUTOSLEEP Kconfig - remove CONFIG_ANDROID - Enable/disable ANDROID_BINDER_IPC to match previous configuration . [ Vincent Blut ] * [x86] drivers/hwmon: Enable SENSORS_ASUS_WMI and SENSORS_ASUS_EC as modules * [x86] drivers/platform/x86: Enable NVIDIA_WMI_EC_BACKLIGHT as module (Closes: #1017972) * [arm64] drivers/spi: Enable SPI_GPIO and SPI_SUN6I as modules (Closes: #1016807) . [ Diederik de Haas ] * [arm64] drivers/gpu/drm/rockchip: Explicitly enable ROCKCHIP_VOP . [ Helge Deller ] * [hppa] Drop CONFIG_PATA_LEGACY for hppa architecture . [ Salvatore Bonaccorso ] * [rt] Refresh "rcutorture: Also force sched priority to timersd on boosting test." * Drop setting of CRYPTO_BLAKE2S crypto: blake2s shash module was removed upstream. * [arm] arch/arm/crypto: Enable CRYPTO_BLAKE2S_ARM * certs: Rotate to use the "Debian Secure Boot Signer 2022 - linux" certificate (Closes: #1018752) * Set ABI to 1 * [hppa/parisc64] Drop explicit setting of 64BIT Checksums-Sha1: 42a3c472d3128c9f851b9416e674497e8ddfd252 251841 linux_5.19.6-1.dsc 1aac6f7bbdd6de2d32a8e8da75b163d79383d207 133767148 linux_5.19.6.orig.tar.xz feabaae96187bad30f3967959c0c955fd050082c 1318072 linux_5.19.6-1.debian.tar.xz 0db0b77cb3cdeee0a626e24fed1828d455bacb93 6975 linux_5.19.6-1_source.buildinfo Checksums-Sha256: 4cc09d519dbd22b1b2ca074b98c3caf101494982e170fafa858d6ee930b18b4f 251841 linux_5.19.6-1.dsc 57b61adbafbd97e41da2153a2733ba3d3d2963c96d391ce57b29c0bb58010de4 133767148 linux_5.19.6.orig.tar.xz e3f6a4e6191a0e67678dacba4beea0dcf61fc0d90a96ceb79d993f41f4da9275 1318072 linux_5.19.6-1.debian.tar.xz 6ed558d70babbcfcc1d648d319eac9e639b973693e68ee99d5121c38875edbdd 6975 linux_5.19.6-1_source.buildinfo Files: 08b47f7b67275e2180c0aa6b4d9dfe9e 251841 kernel optional linux_5.19.6-1.dsc f968bf5c2f82b1dc40754fde8bcbfddb 133767148 kernel optional linux_5.19.6.orig.tar.xz 086b762bf7e3734ab211ecfad57d8c58 1318072 kernel optional linux_5.19.6-1.debian.tar.xz 0db0c08b0dc5c25e6042db1c5feaffe3 6975 kernel optional linux_5.19.6-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmMQWkRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89E8vUP/iCUO04lUb4AauAGRemK+AlnyZnh++oM tuqA/FWYUX+iuIE3CyutJgCFGxIGru7Hc3kHtJchbeZM90DbTo/kDlH+M0T6+24i PMWLuHRWZScJVpOO3ZhJ4nni5/T1r+Q1BjUYYfB3Skvxwu6KNJCTWpBXUekgsMAx IGviP7jg7T1wNlxfLFLHkPaHDUOGQ9N8jqVJRJgBC5XF3aquGw6GVeS2HKISFSg0 83RdmmBlN38V9xOiggzKKIxj9OCcdVc17bGNUQsXmxYmhgoqbzE43F+CBE7JAqzH 9Z2GHTMJvha2hNKLaHoNEcXn6aJMEkszXaFFiILkO6diZbX971jp39KfnuVzQ7J5 RypFZtVGXTQXvzPksalMDCVQgGzU5KBukb6Q0D9b2M49gMvWfCNrrwpTNu25+do4 e/OMgIUgk7dsoUtBr9Iqa5saBP1NULFumWW2N8S1qAyvilOYryYCt2ZTsuvsi1cy NfVzUfyhyK1sY1HIDIz/+ufcfwWTNAh5TpfZeceeaKZDSDCPH3c/E/8NJxCP3mr6 JLT3NXzCDe26YHqDjLKWnbZy9aYbyEpcnmgPA7KuRx+YLGyJ3B7xPIGPvEQsbCsJ UEQ126lBAtulJ1YiCHaGRcCJTS1W6cerPBYF34oTy5GyCky3xcHSnd0qEWXDlw6k fESUPZGDwiGd =agDJ -----END PGP SIGNATURE-----
--- End Message ---