Re: YA Grub update for bullseye (and buster!)
Hi Steve,
Thanks for working on this!
On Thu, Dec 08, 2022 at 12:15:57AM +0000, Steve McIntyre wrote:
> [ Trying again without typos in addresses! ]
>
> Hey folks,
>
> As you (might?) have seen, since the most recent set of security
> patches went into Grub (2.06-3~deb10u2, 2.06-3~deb11u4 and 2.06-5)
> I've been working on fixing up some of the fallout from the now
> locked-down font loader. The current state of the art in unstable
> (2.06-7) works fine AFAICS, with no more bugs complaining about
> messed-up fonts and graphics. I'm happy with things there for now,
> although there are likely to be yet be more tweaks before we
> freeze. Meh, that's pain for another day. :-)
>
> So, for Bullseye and Buster: I'm ready to add the new patches in to
> both to fix up font handling. We also *must* do a new release in both
> to bump SBAT level due to my unfortunate mistake in the last Buster
> upload (#1024617). :-( I'm just about ready to do builds and uploads
> now, so...
>
> * Buster just needs another upload to buster-security, I believe?
Yes exactly, let me know if you need help with the DLA release.
> * What's the preferred way to go for Bullseye, given we're just about
> to do another point release? Should I go down the security path or
> just upload straight to bullseye and go via s-p-u?
I think for this one (and give the timeframe for the point release), a
stable-proposed-updates is more appropriate. I agree, the functional
regression is caused by the security fix, but to me it looks enough
that we can go here the point release path (unless a SRM now strongly
disagrees). The window is closing this weekend for the uploads.
Regards,
Salvatore
Reply to: