[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#988442: marked as done (unblock: linux/5.10.40-1)

Your message dated Sun, 6 Jun 2021 06:35:51 +0200
with message-id <66a78b81-f4aa-0478-93f1-7dde9c138632@debian.org>
and subject line Re: Bug#988442: unblock: linux/5.10.40-1
has caused the Debian Bug report #988442,
regarding unblock: linux/5.10.40-1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
988442: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988442
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: carnil@debian.org

Dear release team,

As you know we follow the respective stable series as well in a stable
release, and usually this is then done in point releases
(exceptionally as well via a DSA). Now I know the time for bullseye is
tight, but I would still like to followup with a stable series import
in unstable, but wanted to double check with you in aprticular if
there are ny timing issues with d-i.

I would plan to upload based ideally on 5.10.37 because it will cover
a big amount of bufixes but particularly recent CVEs which are
important to have covered in bullseye already soon. Currently already
covered in the imports done in git and in the packaging pending are
CVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2021-3489,
CVE-2021-3490, CVE-2021-3491, CVE-2021-3493, CVE-2021-3501,
CVE-2021-3506, CVE-2021-23133, CVE-2021-23134, CVE-2021-29155,
CVE-2021-31829, but I would want do cover as well the recent
FragAttack fixes (not yet worked on).

In the packaging itself there will be additional changes pending
currently they are:

   [ Vincent Blut ]
   * [x86] sound/soc/intel: Enable SND_SOC_INTEL_CATPT as module
     (Closes: #986822)
   * [x86] sound/soc/intel/boards: Enable SND_SOC_INTEL_BDW_RT5650_MACH as
     module
   * drivers/input/rmi4: Enable RMI4_F3A (Closes: #986848)
   * [armhf] drivers/gpio: Enable GPIO_MXC as module (Closes: #987019)
   * [x86] drivers/misc/mei: Enable INTEL_MEI_TXE, INTEL_MEI_HDCP as modules
     (Closes: #987281)

All of those are for better hardware support.

   [ Uwe Kleine-König ]
   * [arm64] Enable more options for NXP's i.MX8 (Closes: #985862)

Samewise.

   [ Salvatore Bonaccorso ]
   * vfs: move cap_convert_nscap() call into vfs_setxattr() (CVE-2021-3493)
   * Refresh "Makefile: Do not check for libelf when building OOT module"
   * [rt] Drop "xfrm: Use sequence counter with associated spinlock"
   * Bump ABI to 7
   * Refresh "tools/include/uapi: Fix <asm/errno.h>"
   * Revert "net/sctp: fix race condition in sctp_destroy_sock"
   * sctp: delay auto_asconf init until binding the first addr (CVE-2021-23133)
   * net/nfc: fix use-after-free llcp_sock_bind/connect (CVE-2021-23134)
   * bpf, ringbuf: Deny reserve of buffers larger than ringbuf (CVE-2021-3489)
   * bpf: Prevent writable memory-mapping of read-only ringbuf pages
   * bpf: Fix alu32 const subreg bound tracking on bitwise operations
     (CVE-2021-3490)
   * io_uring: truncate lengths larger than MAX_RW_COUNT on provide buffers
     (CVE-2021-3491)

Various CVE fixes (which will though go as well partially in 5.10.37 directly),
the FragAttack CVEs are not yet included.

The RT patch which can be dropped after checking with Sebastian
Andrzej Siewior. An ABI bump included, note that the changes are quite
massive up to 5.10.37, (5.10.37 will contain approximately 530
upstream commits, 5.10.36 was as well with 300 a bigger one). I
realize this might scary, but in the end this is the stragegy we
necessarily need to follow to keep up with upstream stable releases.

   [ Vagrant Cascadian ]
   * [arm64] Disable USB type-C DisplayPort in pinebook pro device-tree.
   * [arm64] Enable TYPEC_FUSB302, SND_SOC_ES8316, TYPEC and TYPEC_TCPM as
     modules. (Closes: #987638)

   [ Michal Simek ]
   * [arm64] Enable clock driver for Xilinx ZynqMP SoC

Additional support for hardware in the arm64 area.

   [ Valentin Vidic ]
   * [s390x] udeb: Include standard scsi-modules containing the virtio_blk
     module (Closes: #988005)

"Acked"/wished by KiBi, to align s390x installer support to the other
architectures.

The current state is at https://salsa.debian.org/kernel-team/linux/-/tree/sid

Let me know what you think of it, I would in any case send the usual
"Upload announcement" to the various involved teams before the upload
summarizing again the changes.

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
> This happened, so this bug can be closed now.

Intended to do so already...

Paul

Attachment: OpenPGP_signature
Description: OpenPGP digital signature


--- End Message ---
Reply to: