Re: Bug#988442: unblock: linux/5.10.37-1 (pre-approval checking)

To: 988442@bugs.debian.org, debian-boot@lists.debian.org
Subject: Re: Bug#988442: unblock: linux/5.10.37-1 (pre-approval checking)
From: Paul Gevers <elbrus@debian.org>
Date: Thu, 27 May 2021 10:27:08 +0200
Message-id: <[🔎] 1e5310c6-9862-f432-c04c-eebfcea3f18f@debian.org>
In-reply-to: <YKUubazjkXSO67Rj@eldamar.lan>
References: <162089102901.1603261.2198248663788655339.reportbug@eldamar.lan> <162089102901.1603261.2198248663788655339.reportbug@eldamar.lan> <YKUubazjkXSO67Rj@eldamar.lan>

Control: tags -1 confirmed d-i

@boot: needs d-i ACK. As I believe you are aware of, the upload has
already happened.

@kibi: feel free to age it if/when you see fit

Paul

On 19-05-2021 17:27, Salvatore Bonaccorso wrote:
> Control: retitle -1 unblock: linux/5.10.38-1 (pre-approval checking)
> 
> On Thu, May 13, 2021 at 09:30:29AM +0200, Salvatore Bonaccorso wrote:
>> Package: release.debian.org
>> Severity: normal
>> User: release.debian.org@packages.debian.org
>> Usertags: unblock
>> X-Debbugs-Cc: carnil@debian.org
>>
>> Dear release team,
>>
>> As you know we follow the respective stable series as well in a stable
>> release, and usually this is then done in point releases
>> (exceptionally as well via a DSA). Now I know the time for bullseye is
>> tight, but I would still like to followup with a stable series import
>> in unstable, but wanted to double check with you in aprticular if
>> there are ny timing issues with d-i.
>>
>> I would plan to upload based ideally on 5.10.37 because it will cover
>> a big amount of bufixes but particularly recent CVEs which are
>> important to have covered in bullseye already soon. Currently already
>> covered in the imports done in git and in the packaging pending are
>> CVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2021-3489,
>> CVE-2021-3490, CVE-2021-3491, CVE-2021-3493, CVE-2021-3501,
>> CVE-2021-3506, CVE-2021-23133, CVE-2021-23134, CVE-2021-29155,
>> CVE-2021-31829, but I would want do cover as well the recent
>> FragAttack fixes (not yet worked on).
>>
>> In the packaging itself there will be additional changes pending
>> currently they are:
>>
>>    [ Vincent Blut ]
>>    * [x86] sound/soc/intel: Enable SND_SOC_INTEL_CATPT as module
>>      (Closes: #986822)
>>    * [x86] sound/soc/intel/boards: Enable SND_SOC_INTEL_BDW_RT5650_MACH as
>>      module
>>    * drivers/input/rmi4: Enable RMI4_F3A (Closes: #986848)
>>    * [armhf] drivers/gpio: Enable GPIO_MXC as module (Closes: #987019)
>>    * [x86] drivers/misc/mei: Enable INTEL_MEI_TXE, INTEL_MEI_HDCP as modules
>>      (Closes: #987281)
>>
>> All of those are for better hardware support.
>>
>>    [ Uwe Kleine-König ]
>>    * [arm64] Enable more options for NXP's i.MX8 (Closes: #985862)
>>
>> Samewise.
>>
>>    [ Salvatore Bonaccorso ]
>>    * vfs: move cap_convert_nscap() call into vfs_setxattr() (CVE-2021-3493)
>>    * Refresh "Makefile: Do not check for libelf when building OOT module"
>>    * [rt] Drop "xfrm: Use sequence counter with associated spinlock"
>>    * Bump ABI to 7
>>    * Refresh "tools/include/uapi: Fix <asm/errno.h>"
>>    * Revert "net/sctp: fix race condition in sctp_destroy_sock"
>>    * sctp: delay auto_asconf init until binding the first addr (CVE-2021-23133)
>>    * net/nfc: fix use-after-free llcp_sock_bind/connect (CVE-2021-23134)
>>    * bpf, ringbuf: Deny reserve of buffers larger than ringbuf (CVE-2021-3489)
>>    * bpf: Prevent writable memory-mapping of read-only ringbuf pages
>>    * bpf: Fix alu32 const subreg bound tracking on bitwise operations
>>      (CVE-2021-3490)
>>    * io_uring: truncate lengths larger than MAX_RW_COUNT on provide buffers
>>      (CVE-2021-3491)
>>
>> Various CVE fixes (which will though go as well partially in 5.10.37 directly),
>> the FragAttack CVEs are not yet included.
>>
>> The RT patch which can be dropped after checking with Sebastian
>> Andrzej Siewior. An ABI bump included, note that the changes are quite
>> massive up to 5.10.37, (5.10.37 will contain approximately 530
>> upstream commits, 5.10.36 was as well with 300 a bigger one). I
>> realize this might scary, but in the end this is the stragegy we
>> necessarily need to follow to keep up with upstream stable releases.
>>
>>    [ Vagrant Cascadian ]
>>    * [arm64] Disable USB type-C DisplayPort in pinebook pro device-tree.
>>    * [arm64] Enable TYPEC_FUSB302, SND_SOC_ES8316, TYPEC and TYPEC_TCPM as
>>      modules. (Closes: #987638)
>>
>>    [ Michal Simek ]
>>    * [arm64] Enable clock driver for Xilinx ZynqMP SoC
>>
>> Additional support for hardware in the arm64 area.
>>
>>    [ Valentin Vidic ]
>>    * [s390x] udeb: Include standard scsi-modules containing the virtio_blk
>>      module (Closes: #988005)
>>
>> "Acked"/wished by KiBi, to align s390x installer support to the other
>> architectures.
>>
>> The current state is at https://salsa.debian.org/kernel-team/linux/-/tree/sid
>>
>> Let me know what you think of it, I would in any case send the usual
>> "Upload announcement" to the various involved teams before the upload
>> summarizing again the changes.
> 
> For the record, this will be 5.10.38 based. I delayed on purpose given
> the size which was forseen. 
> 
> If anybody has concern on the upload, please raise a flag.
> 
> Regards,
> Salvatore
>

Attachment: OpenPGP_signature
Description: OpenPGP digital signature

Reply to:

Follow-Ups:
- Re: Bug#988442: unblock: linux/5.10.37-1 (pre-approval checking)
  - From: Cyril Brulebois <kibi@debian.org>

Prev by Date: Processed: Re: Bug#988472: install-mbr doesnt create a partition
Next by Date: Re: Bug#988442: unblock: linux/5.10.37-1 (pre-approval checking)
Previous by thread: Processed: Re: Bug#988472: install-mbr doesnt create a partition
Next by thread: Re: Bug#988442: unblock: linux/5.10.37-1 (pre-approval checking)
Index(es):
- Date
- Thread