Bug#964482: buster-pu: xen/4.11.4+24-gddaaccbbab-1~deb10u1

To: Moritz Muehlenhoff <jmm@inutil.org>
Cc: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 964482@bugs.debian.org, "team@security.debian.org" <team@security.debian.org>
Subject: Bug#964482: buster-pu: xen/4.11.4+24-gddaaccbbab-1~deb10u1
From: Hans van Kranenburg <hans@knorrie.org>
Date: Wed, 8 Jul 2020 18:26:26 +0200
Message-id: <[🔎] 6d81a75b-5ca4-0abd-a11d-0b5b941fdacf@knorrie.org>
Reply-to: Hans van Kranenburg <hans@knorrie.org>, 964482@bugs.debian.org
In-reply-to: <[🔎] 20200708073515.4q5al2nvzyoszsqi@inutil.org>
References: <[🔎] 8c306004-c966-dbe4-f205-6086927ffed7@knorrie.org> <[🔎] cfa995dbefed7935c434d346b4af9376c072c1aa.camel@adam-barratt.org.uk> <[🔎] ceb4eef3-0e79-be0f-c44c-80d29802f718@knorrie.org> <[🔎] c8f85ef89cc42684033a0e14c85d76e199fbea02.camel@adam-barratt.org.uk> <94757429-9b1c-d3bf-397e-638ce6f5aa3e@knorrie.org> <[🔎] 20200708073515.4q5al2nvzyoszsqi@inutil.org> <[🔎] 8c306004-c966-dbe4-f205-6086927ffed7@knorrie.org>

Hi,

On 7/8/20 9:35 AM, Moritz Muehlenhoff wrote:
> On Tue, Jul 07, 2020 at 10:56:18PM +0200, Hans van Kranenburg wrote:
>> Additional To: team@security.debian.org
>>
>> Hi Security team,
>>
>> After our last security update, which was
>> 4.11.3+24-g14b62ab3e5-1~deb10u1, we found out that there is a bugfix to
>> be done to help users upgrade from Buster to Bullseye. This fix was
>> included in the unstable xen 4.11.4-1 upload (it also helps for the
>> future from there) and has been in unstable for 41 days now.
>>
>> I have chosen to not bother you with a new security upload for 4.11.4 to
>> Buster at that time (while it included security fixes) because I didn't
>> want to skip going through the stable release process because of this
>> packaging change.
>>
>> Now, we're at the verge of a new buster point release.
>>
>> Can you please read https://bugs.debian.org/964482 and ack that we can
>> do a combination of the security updates and this packaging change for
>> stable?
> 
> Ack, we can piggyback the fix for 964482 to the buster-security update,
> no problem.

Ok, clear. In that case it will be a security update with the fix
included. I was just trying to be more 'compliant'. :)

Upstream Xen testing finished and has all the commits in stable-4.11
now. I did the upload for Debian unstable already, it's processed now.

https://packages.debian.org/source/sid/xen

So, I changed the changelog to buster-security, and did another build
and test run here, all is looking good.

https://salsa.debian.org/xen-team/debian-xen/-/commit/0da17d8b443233e521c84886c2fc913ea4ee4480

Since I'm a DM I guess I need a sponsor for the security upload. Can
someone from the security team do this? I put everything here, signed
and well:

https://syrinx.knorrie.org/~knorrie/tmp/xen/

I have another question, which is about timing. I have been asking
around a bit a few weeks ago, but did not get any response on this:

For the users, who are running some Xen cluster, it's really useful to
get Xen and Linux kernel changes at the same time, to reduce the amount
of 'reboot stress' we're causing them. Does anyone have a brilliant idea
about how to improve this? I mean, if we do this security update now,
then next week the new kernel is in the point release.... In general, if
the kernel team does a security update, or if a point release happens,
it would be useful to push out a Xen update as well at the same time...

I can of course write some dirty script that polls kernel team git all
the time and then emails me with "hola! activity in a -security branch!"...

Thanks,
Hans

Reply to:

References:
- Bug#964482: buster-pu: xen/4.11.4+24-gddaaccbbab-1~deb10u1
  - From: Hans van Kranenburg <hans@knorrie.org>
- Bug#964482: buster-pu: xen/4.11.4+24-gddaaccbbab-1~deb10u1
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Bug#964482: buster-pu: xen/4.11.4+24-gddaaccbbab-1~deb10u1
  - From: Hans van Kranenburg <hans@knorrie.org>
- Bug#964482: buster-pu: xen/4.11.4+24-gddaaccbbab-1~deb10u1
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Bug#964482: buster-pu: xen/4.11.4+24-gddaaccbbab-1~deb10u1
  - From: Moritz Muehlenhoff <jmm@inutil.org>

Prev by Date: Processed: Re: Bug#948652: buster-pu: package nginx/1.14.2-2+deb10u1
Next by Date: Arch qualification for buster: call for DSA, Security, toolchain concerns
Previous by thread: Bug#964482: buster-pu: xen/4.11.4+24-gddaaccbbab-1~deb10u1
Next by thread: Processed: Re: Bug#964482: buster-pu: xen/4.11.4+24-gddaaccbbab-1~deb10u1
Index(es):
- Date
- Thread