Hi! I installed the tmb kernel on my Acer x86-64 laptop (see http://www.shlomifish.org/meta/FAQ/#computers-specs ):

* lightdm works fine.
* Xfce works fine.
* Firefox works.
* ssh works.
* Samba works.
* X-over-ssh works fine.
* Hexchat is working.
* Pidgin is working.
* Konqueror works.
* VLC can play video+audio.
* gears is working
* extreme tux racer is working.
*  shlomif@lap:~$ uname -a
Linux localhost 4.4.9-tmb-desktop-1.mga5 #1 SMP PREEMPT Tue May 3 22:37:17 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux

CC: (none) => shlomif

Adding feedback marker. Issues discovered in bug 18031.

Whiteboard: (none) => feedback

Assigning Thomas til it's ready.

CC: (none) => qa-bugs
Assignee: qa-bugs => tmb

Good for testing...

SRPMS:
kernel-tmb-4.4.11-1.mga5.src.rpm

i586:
kernel-tmb-desktop-4.4.11-1.mga5-1-1.mga5.i586.rpm
kernel-tmb-desktop-devel-4.4.11-1.mga5-1-1.mga5.i586.rpm
kernel-tmb-desktop-devel-latest-4.4.11-1.mga5.i586.rpm
kernel-tmb-desktop-latest-4.4.11-1.mga5.i586.rpm
kernel-tmb-source-4.4.11-1.mga5-1-1.mga5.noarch.rpm
kernel-tmb-source-latest-4.4.9-1.mga5.noarch.rpm

x86_64:
kernel-tmb-desktop-4.4.11-1.mga5-1-1.mga5.x86_64.rpm
kernel-tmb-desktop-devel-4.4.11-1.mga5-1-1.mga5.x86_64.rpm
kernel-tmb-desktop-devel-latest-4.4.11-1.mga5.x86_64.rpm
kernel-tmb-desktop-latest-4.4.11-1.mga5.x86_64.rpm
kernel-tmb-source-4.4.11-1.mga5-1-1.mga5.noarch.rpm
kernel-tmb-source-latest-4.4.11-1.mga5.noarch.rpm

Assignee: tmb => qa-bugs
Summary: Update request: kernel-tmb-4.4.9-1.mga5 => Update request: kernel-tmb-4.4.11-1.mga5
Source RPM: kernel-tmb-4.4.9-1.mga5.src.rpm => kernel-tmb-4.4.11-1.mga5.src.rpm
Whiteboard: feedback => (none)

Testing M5 x64 real EFI hardware with AMD/Radeon video

I urpmi'd just:
 kernel-tmb-desktop-latest-4.4.11-1.mga5.x86_64.rpm
which pulled in of course:
 kernel-tmb-desktop-4.4.11-1.mga5-1-1.mga5.x86_64.rpm
and then spent forever building something and probably re-installing the bootloader. I was intrigued that
 kernel-tmb-desktop-devel-4.4.11-1.mga5-1-1.mga5.x86_64.rpm
was not asked for; but I installed that anyway subsequently via:
 kernel-tmb-desktop-devel-latest-4.4.11-1.mga5.x86_64.rpm

Re-booting failed at a Grub prompt... This happens too often to me after kernel changes, and can be difficult to recover. Luckily chrooting from another system, running update-grub, re-booting resulted in a working Mageia 5 again, with some fglrx fabrication at startup. This system is now running
 4.4.11-tmb-desktop-1.mga5
and I will only report further if something does not work.

CC: (none) => lewyssmith

Glitch on M5 x64 real EFI h/w with AMD/Radeon video

I notice on startup the following console output:
 fglrx (15.302-4.mga5.nonfree): Installing module
 .........(Bad exit status: 10)
 Build failed, installation skipped
This is clearly not right. However, startup continues to a working system.

More problems: no sound, something about which others have complained. The only visible evidence has been from VLC saying something like "the default output device was not available".
The startup fault above in Comment 6 persists; I am giving up on this kernel.

(In reply to Shlomi Fish from comment #1)
> Hi! I installed the tmb kernel on my Acer x86-64 laptop (see
> http://www.shlomifish.org/meta/FAQ/#computers-specs ):
> 
> * lightdm works fine.
> * Xfce works fine.
> * Firefox works.
> * ssh works.
> * Samba works.
> * X-over-ssh works fine.
> * Hexchat is working.
> * Pidgin is working.
> * Konqueror works.
> * VLC can play video+audio.
> * gears is working
> * extreme tux racer is working.
> *  shlomif@lap:~$ uname -a
> Linux localhost 4.4.9-tmb-desktop-1.mga5 #1 SMP PREEMPT Tue May 3 22:37:17
> UTC 2016 x86_64 x86_64 x86_64 GNU/Linux

and now the same with kernel-tmb-4.4.11:

shlomif@lap:~$ uname -a
Linux lap.shlomifish.org 4.4.11-tmb-desktop-1.mga5 #1 SMP PREEMPT Thu May 19 12:23:52 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux

Last round:
SRPMS:
kernel-tmb-4.4.13-1.mga5.src.rpm

i586:
kernel-tmb-desktop-4.4.13-1.mga5-1-1.mga5.i586.rpm
kernel-tmb-desktop-devel-4.4.13-1.mga5-1-1.mga5.i586.rpm
kernel-tmb-desktop-devel-latest-4.4.13-1.mga5.i586.rpm
kernel-tmb-desktop-latest-4.4.13-1.mga5.i586.rpm
kernel-tmb-source-4.4.13-1.mga5-1-1.mga5.noarch.rpm
kernel-tmb-source-latest-4.4.13-1.mga5.noarch.rpm

x86_64:
kernel-tmb-desktop-4.4.13-1.mga5-1-1.mga5.x86_64.rpm
kernel-tmb-desktop-devel-4.4.13-1.mga5-1-1.mga5.x86_64.rpm
kernel-tmb-desktop-devel-latest-4.4.13-1.mga5.x86_64.rpm
kernel-tmb-desktop-latest-4.4.13-1.mga5.x86_64.rpm
kernel-tmb-source-4.4.13-1.mga5-1-1.mga5.noarch.rpm
kernel-tmb-source-latest-4.4.13-1.mga5.noarch.rpm

Depends on: 18031 => 18688
Summary: Update request: kernel-tmb-4.4.11-1.mga5 => Update request: kernel-tmb-4.4.13-1.mga5
Source RPM: kernel-tmb-4.4.11-1.mga5.src.rpm => kernel-tmb-4.4.13-1.mga5.src.rpm
Whiteboard: feedback => (none)

Advisory:

  This kernel-tmb update provides an upgrade to the upstream 4.4 longterm
  kernel series, currently based on 4.4.13 and resolves atleast the
  following security issues:

  The Linux kernel before 4.4.1 allows local users to bypass file-descriptor
  limits and cause a denial of service (memory consumption) by sending each
  descriptor over a UNIX socket before closing it, related to 
  net/unix/af_unix.c and net/unix/garbage.c (CVE-2013-4312).

  drivers/usb/serial/whiteheat.c in the Linux kernel before 4.2.4 allows
  physically proximate attackers to cause a denial of service (NULL pointer
  dereference and OOPS) or possibly have unspecified other impact via a
  crafted USB device (CVE-2015-5257).

  The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through
  4.6.x, allows guest OS users to cause a denial of service (host OS panic or
  hang) by triggering many #AC (aka Alignment Check) exceptions, related to
  svm.c and vmx.c (CVE-2015-5307).

  An out-of-bounds memory read was found, affecting kernels from 4.3-rc1
  onwards. This vulnerability was caused by incorrect X.509 time validation
  in x509_decode_time() function in x509_cert_parser.c (CVE-2015-5327).

  The __rds_conn_create function in net/rds/connection.c in the Linux kernel
  through 4.2.3 allows local users to cause a denial of service (NULL pointer
  dereference and system crash) or possibly have unspecified other impact by
  using a socket that was not properly bound (CVE-2015-6937).

  The keyctl_read_key function in security/keys/keyctl.c in the Linux kernel
  before 4.3.4 does not properly use a semaphore, which allows local users
  to cause a denial of service (NULL pointer dereference and system crash)
  or possibly have unspecified other impact via a crafted application that
  leverages a race condition between keyctl_revoke and keyctl_read calls
  (CVE-2015-7550).

  The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel
  through 4.2.3 does not ensure that certain slot numbers are valid, which
  allows local users to cause a denial of service (NULL pointer dereference
  and system crash) via a crafted PPPIOCSMAXCID ioctl call (CVE-2015-7799).

  The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through
  4.6.x, allows guest OS users to cause a denial of service (host OS panic
  or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c
  (CVE-2015-8104).

  The networking implementation in the Linux kernel through 4.3.3, as used
  in Android and other products, does not validate protocol identifiers for
  certain protocol families, which allows local users to cause a denial of
  service (NULL function pointer dereference and system crash) or possibly
  gain privileges by leveraging CLONE_NEWUSER support to execute a crafted
  SOCK_RAW application (CVE-2015-8543).

  The join_session_keyring function in security/keys/process_keys.c in the
  Linux kernel before 4.4.1 mishandles object references in a certain error
  case, which allows local users to gain privileges or cause a denial of
  service (integer overflow and use-after-free) via crafted keyctl commands
  (CVE-2016-0728).

  An issue with ASN.1 DER decoder was reported that could lead to memory
  corruptions, possible privilege escalation, or complete local denial
  of service via x509 certificate DER files (CVE-2016-0758).

  The evm_verify_hmac function in security/integrity/evm/evm_main.c in the
  Linux kernel before 4.5 does not properly copy data, which makes it easier
  for local users to forge MAC values via a timing side-channel attack
  (CVE-2016-2085).

  The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the
  Linux kernel through 4.5.2 incorrectly enables scatter/gather I/O, which
  allows remote attackers to obtain sensitive information from kernel memory
  by reading packet data (CVE-2016-2117).

  The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the
  Linux kernel before 4.5.1 allows physically proximate attackers to cause a
  denial of service (NULL pointer dereference and system crash) via a crafted
  USB device without two interrupt-in endpoint descriptors (CVE-2016-3136).

  drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 allows
  physically proximate attackers to cause a denial of service (NULL pointer
  dereference and system crash) via a USB device without both an interrupt-in
  and an interrupt-out endpoint descriptor, related to the
  cypress_generic_port_probe and cypress_open functions (CVE-2016-3137).

  The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux
  kernel through 4.5.2 does not properly randomize the legacy base address,
  which makes it easier for local users to defeat the intended restrictions
  on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism
  for a setuid or setgid program, by disabling stack-consumption resource
  limits (CVE-2016-3672).

  Linux kernel built with the Kernel-based Virtual Machine(CONFIG_KVM) with
  variable Memory Type Range Registers(MTRR) support is vulnerable to an
  out-of-bounds r/w access issue. It could occur while accessing processors
  MTRRs via ioctl(2) calls. A privileged user inside guest could use this
  flaw to manipulate host kernels memory bytes leading to information
  disclosure OR potentially crashing the kernel resulting in DoS
  (CVE-2016-3713).

  Xen and the Linux kernel through 4.5.x do not properly suppress hugetlbfs
  support in x86 PV guests, which allows local PV guest users to cause a
  denial of service (guest OS crash) by attempting to access a hugetlbfs
  mapped area (CVE-2016-3961).

  This update also provides better support for various newer hardware.

  For other changes in this update, see the referenced changelogs.

References:
  http://kernelnewbies.org/Linux_4.2
  http://kernelnewbies.org/Linux_4.3
  http://kernelnewbies.org/Linux_4.4
  https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1
  https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.2
  https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.3
  https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.4
  https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.5
  https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.6
  https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.7
  https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.8
  https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.9
  https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.10
  https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.11
  https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.12
  https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.13

CVE list:
CVE-2013-4312 
CVE-2015-5257
CVE-2015-5307
CVE-2015-5327
CVE-2015-6937
CVE-2015-7550
CVE-2015-7799
CVE-2015-8104
CVE-2015-8543 
CVE-2016-0728
CVE-2016-0758
CVE-2016-2085
CVE-2016-2117
CVE-2016-2143
CVE-2016-3136
CVE-2016-3137
CVE-2016-3672
CVE-2016-3713
CVE-2016-3961

Advisory update/removal: I patched CVE-2016-0728 was already in MGASA-2016-0032

Kernel 4.4.13 runs fine on my x86-64 Acer Aspire laptop - checked my usual stuff.

advisory added

Whiteboard: (none) => advisory

Adding 64bit OK from Shlomi's test. Will wait for one more test to validate.

Whiteboard: advisory => advisory mga5-64-ok

Testing on mga5-32

Installed cleanly. Booted to KDE desktop. Applications working normally.

OK for mga5-32


This is now validated and can be pushed to updates.

Keywords: (none) => validated_update
Whiteboard: advisory mga5-64-ok => advisory mga5-64-ok mga5-32-ok
CC: (none) => jim, sysadmin-bugs

An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2016-0233.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED