Re: Uploading linux (6.12.37-1)
- To: Cyril Brulebois <kibi@debian.org>
- Cc: Debian kernel maintainers <debian-kernel@lists.debian.org>, Debian FTP Master <ftpmaster@debian.org>, Debian release team <debian-release@lists.debian.org>, Debian Boot List <debian-boot@lists.debian.org>, Henrique de Moraes Holschuh <hmh@debian.org>
- Subject: Re: Uploading linux (6.12.37-1)
- From: Salvatore Bonaccorso <carnil@debian.org>
- Date: Wed, 16 Jul 2025 07:48:24 +0200
- Message-id: <[🔎] aHc9KCagdYbpdOGf@eldamar.lan>
- Mail-followup-to: Cyril Brulebois <kibi@debian.org>, Debian kernel maintainers <debian-kernel@lists.debian.org>, Debian FTP Master <ftpmaster@debian.org>, Debian release team <debian-release@lists.debian.org>, Debian Boot List <debian-boot@lists.debian.org>, Henrique de Moraes Holschuh <hmh@debian.org>
- In-reply-to: <[🔎] 20250714163536.5pxre2xq6s4zkbn4@mraw.org>
- References: <[🔎] aHAfzIuWV_QPuBwI@eldamar.lan> <[🔎] 20250714163536.5pxre2xq6s4zkbn4@mraw.org>
Hi Cyril
[sorryf or the late reply was not able to do it yesterday]
On Mon, Jul 14, 2025 at 06:35:36PM +0200, Cyril Brulebois wrote:
> Hi kernel and ftp teams,
>
> Salvatore Bonaccorso <carnil@debian.org> (2025-07-10):
> > I would like to upload next version of the 6.12.y stable series to
> > unstable, which will be 6.12.37-1, though depending on an ack/nack
> > from SRM and/or debian-boot.
>
> That was ACK'd and uploaded, but we're still lacking linux-signed-arm64:
> it's in NEW, and it'd be great to have it accepted.
Ack, given that see below.
> > The update contains in particular the mitigations for the Transitive
> > Scheduler Attacks (TSA) (CVE-2024-36350, CVE-2024-36357). To be
> > effective, they require both the support in kernel as a corresponding
> > amd64-microcode update (thus Henrique to check if that would be
> > possible to upload to unstable and let migrate to trixie).
>
> I haven't seen any update on the amd64-microcode side, but I hope it's
> not going to block src:linux* migration to testing, and to “only” make
> the kernel-side fixes insufficient on their own?
NO there was none, and we need both sides to get the mitigation. I was
pinging Henrique to see on the state, cf.
https://bugs.debian.org/1109035 but so far have not heard back from
him, will try aain.
> > Apart from the stable import, there are pending two packaging changes.
> >
> > * Revert "cgroup: Do not report unavailable v1 controllers in
> > /proc/cgroups" (Closes: #1108294)
> >
> > The revert commit from Ben Hutchings explains the situation:
> > | For compatibility with older versions of OpenJDK, we need to keep
> > | listing the cpuset and memory controllers in /proc/cgroups even
> > | though they no longer support the cgroups v1 API.
> > https://salsa.debian.org/kernel-team/linux/-/commit/4c797eb8f8e2c6074c707cd906a452a2167bc67f
> > (we asked upstream if that can be officially reverted, but we guess we
> > will need to ship this patch indepently for trixie's lifecycle).
> >
> > * rtw89: Enable RTW89_8851BE, RTW89_8852BTE as modules (Closes: #1108965)
> >
> > Adds support for instance for the Realtek 8851BE WiFi chip.
> >
> > As full freeze is approaching I will defintively wait a bit on this
> > upload before hearing back.
>
> Given https://lists.debian.org/debian-release/2025/07/msg00500.html
> I think we might stay with 6.12.37-1 for 13.0, at least in theory?
>
> I'm happy to still consider newer linux versions if you decide we need
> to ship this or that bugfix ASAP, so feel free to sync with me regarding
> feasibility!
Ack. But I think then at least 6.12.38-1 needs to follow now. The
reason is the following, 6.12.38 was a single commit upload fixing a
problem with the TSA itigations. I was not hurring it just after the
import given we had not yet the microcode part, but if we are
approaching tirxie hard freeze and release then it is sensible to
upload that *now*.
For reference:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v6.12.38&id=faac2abe895d200615a91acb63a709feb3dac1c2
(there is a similar problem with 6.1.y but that did not yet hit
bookworm, given I did hold back uploads there to have first some upper
level exposure and waiting for resolving the microcode situation).
If I have not heard an explicit ACK/NACK and given we still miss the
signed packages for arm64 yet, then I will upload tonight latest the
6.12.38-1 version to unstable.
Regards,
Salvatore
Reply to: