Bug#964482: buster-pu: xen/4.11.4+24-gddaaccbbab-1~deb10u1

["Adam D. Barratt" <adam@adam-barratt.org.uk>]

On Tue, 2020-07-07 at 22:21 +0200, Hans van Kranenburg wrote:
> On 7/7/20 9:51 PM, Adam D. Barratt wrote:
> > Control: tags -1 + moreinfo
> > 
> > On Tue, 2020-07-07 at 21:16 +0200, Hans van Kranenburg wrote:
> > > I'd like to update the xen packages in buster to
> > > 4.11.4+24-gddaaccbbab-1~deb10u1 for the 10.5 point release. This
> > > is an update to keep following the stable-4.11 upstream Xen
> > > code,which mainly contains security fixes.
> > > 
> > > https://salsa.debian.org/xen-team/debian-xen/-/blob/10f1a4a8f15b6748459cd1c826d3808694682faf/debian/changelog
> > 
> > In that case, please attach a source debdiff between the current
> > stable package and the proposed package (built and tested on
> > stable) to this request.
> 
> I can do that. Are you sure you want to read through the upstream
> changes in a way that collapses everything and removes the context of
> the original git commits with any useful information about whether
> it's related to an XSA, or if it's a backport of a critical bug that
> crashes systems for our stable users or if it's a commit that really
> needs to be included before the security fix will actually work?

Well, you're welcome to provide additional information that you think
would help. But there does need to at least be a debdiff that can
persist in the bug report.

> I'm trying to run this through the stable release process because
> there's an (one) actual packaging change involved.
> 
> If we only had upstream changes, we'd do this as a regular security
> update.

In that case, have you discussed this with the Security Team at all?
They're often open to including small non-security changes if those are
separately identified and acked from the SRM side.

Regards,

Adam