Bug#964482: marked as done (buster-pu: package xen/4.11.4+24-gddaaccbbab-1~deb10u1)

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Tue, 14 Jul 2020 00:41:47 +0200
with message-id <df077af4-6b86-6f62-1357-359385dc91f1@knorrie.org>
and subject line Re: Bug#964482: buster-pu: xen/4.11.4+24-gddaaccbbab-1~deb10u1
has caused the Debian Bug report #964482,
regarding buster-pu: package xen/4.11.4+24-gddaaccbbab-1~deb10u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
964482: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964482
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: submit@bugs.debian.org
• Subject: buster-pu: xen/4.11.4+24-gddaaccbbab-1~deb10u1
• From: Hans van Kranenburg <hans@knorrie.org>
• Date: Tue, 7 Jul 2020 21:16:31 +0200
• Message-id: <[🔎] 8c306004-c966-dbe4-f205-6086927ffed7@knorrie.org>

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian.org@packages.debian.org
Usertags: pu

Hi,

I'd like to update the xen packages in buster to
4.11.4+24-gddaaccbbab-1~deb10u1 for the 10.5 point release. This is an
update to keep following the stable-4.11 upstream Xen code, which mainly
contains security fixes.

https://salsa.debian.org/xen-team/debian-xen/-/blob/10f1a4a8f15b6748459cd1c826d3808694682faf/debian/changelog

I also have 4.11.4+24-gddaaccbbab-1 for unstable ready for upload here.
All of it is right now waiting for the upstream testing at the Xen
project to finish, which is regression testing the latest additions for
todays published security advisories (https://xenbits.xen.org/xsa/,
2020-07-07). But, I'm already sending the request.

Both unstable and Buster are on Xen 4.11. Currently buster has
4.11.3+24-g14b62ab3e5-1~deb10u1, so in the changelog you can see we'll
be syncing it up with unstable again.

The 4.11.4-1 package version contained an actual packaging change, that
fixes a bug for upgrading to a new Xen version. This is something we
want to have in Buster for our users. It means fixing upgrading from
Buster to Bullseye, but also for whoever follows Debian unstable now.
It's the stuff related to #932759 and these are the changes:

Init scripts:

https://salsa.debian.org/xen-team/debian-xen/-/commit/420d05e8b5950cb79b03a613f791cad400390bb8

NEWS:

https://salsa.debian.org/xen-team/debian-xen/-/commit/10baa2d48db43a5ff675bddf5482717f60fb748a

Testing and code review can also be seen in:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932759#38

So, since 4.11.4-1 is in unstable already, these changes have been out
there for weeks now. We have not seen any user report about any regression.

Thanks,
Hans van Kranenburg

--- End Message ---

--- Begin Message ---

• To: 964482-done@bugs.debian.org
• Cc: Moritz Muehlenhoff <jmm@inutil.org>, "Adam D. Barratt" <adam@adam-barratt.org.uk>
• Subject: Re: Bug#964482: buster-pu: xen/4.11.4+24-gddaaccbbab-1~deb10u1
• From: Hans van Kranenburg <hans@knorrie.org>
• Date: Tue, 14 Jul 2020 00:41:47 +0200
• Message-id: <df077af4-6b86-6f62-1357-359385dc91f1@knorrie.org>
• In-reply-to: <[🔎] 6d81a75b-5ca4-0abd-a11d-0b5b941fdacf@knorrie.org>
• References: <[🔎] 8c306004-c966-dbe4-f205-6086927ffed7@knorrie.org> <[🔎] cfa995dbefed7935c434d346b4af9376c072c1aa.camel@adam-barratt.org.uk> <[🔎] ceb4eef3-0e79-be0f-c44c-80d29802f718@knorrie.org> <[🔎] c8f85ef89cc42684033a0e14c85d76e199fbea02.camel@adam-barratt.org.uk> <94757429-9b1c-d3bf-397e-638ce6f5aa3e@knorrie.org> <[🔎] 20200708073515.4q5al2nvzyoszsqi@inutil.org> <[🔎] 6d81a75b-5ca4-0abd-a11d-0b5b941fdacf@knorrie.org>

(Cc: -done)

On 7/8/20 6:26 PM, Hans van Kranenburg wrote:
> Hi,
> 
> On 7/8/20 9:35 AM, Moritz Muehlenhoff wrote:
>> On Tue, Jul 07, 2020 at 10:56:18PM +0200, Hans van Kranenburg wrote:
>>> Additional To: team@security.debian.org
>>>
>>> Hi Security team,
>>>
>>> After our last security update, which was
>>> 4.11.3+24-g14b62ab3e5-1~deb10u1, we found out that there is a bugfix to
>>> be done to help users upgrade from Buster to Bullseye. This fix was
>>> included in the unstable xen 4.11.4-1 upload (it also helps for the
>>> future from there) and has been in unstable for 41 days now.
>>>
>>> I have chosen to not bother you with a new security upload for 4.11.4 to
>>> Buster at that time (while it included security fixes) because I didn't
>>> want to skip going through the stable release process because of this
>>> packaging change.
>>>
>>> Now, we're at the verge of a new buster point release.
>>>
>>> Can you please read https://bugs.debian.org/964482 and ack that we can
>>> do a combination of the security updates and this packaging change for
>>> stable?
>>
>> Ack, we can piggyback the fix for 964482 to the buster-security update,
>> no problem.
> 
> Ok, clear. In that case it will be a security update with the fix
> included. I was just trying to be more 'compliant'. :)

This is now done, it's DSA 4723-1.

https://lists.debian.org/debian-security-announce/2020/msg00128.html
https://www.debian.org/security/2020/dsa-4723

> [...]

K

--- End Message ---