On Fri, 30 Dec 2022 at 13:19:10 +0100, Łukasz Stelmach wrote: > The 5.10 kernel is from oldstable.
Oh, didn't realize Buster had both 4.19 and 5.10. I stand corrected. But still the buster kernel is what linux-image-686-pae pulls, namely 4.19 not 5.10. >> OTOH mixing buster and buster-backports *is* supported (that's the >> reason why backport exist in the first place), so this bug is valid. >> But unfortunately buster had its final point release last summer and >> IMHO the fix #959423 doesn't qualify for an upload to buster-security, >> so I'm closing this. > > I am not familiar with Debian policies but I belive this is a regression > (see below) that deserves a fix. Do reconsider. Or at least a note in > the Release Notes, which I followed. Buster was released in July 2019 and the final point release 10.13 was released last summer. buster-proposed-updates is now sealed, and so are the release notes. > Yes there are workarounds and I've found them, and I won't stay with > buster longer than necessary, but I am reporting a serious IMHO > regression. While of course not being able to boot is an unfortunate regression, its scope is very limited (and I guess this is why no one has reported this during the entire 3y release cycle) so “serious” is debatable: affected systems are those with 1/ MODULES=dep (not default), 2/ modern cipher mode on ancient hardware (AES-NI support was already widespread when the default mode switched to XTS, so very old machines that were upgraded aren't affected if they were using the pre-2013 defaults), 3/ non-default kernel version. I'm not arguing it's not a bug, just that there is not much we can do in oldstable right now. Should one report a security vulnerability in Buster's src:cryptsetup I'll remember to cherry-pick that change though. > 1. I upgraded to from stretch to buster with linux-image-4.19.0-23-686-pae. > 2. I rebooted — successfully. > 2. I installed linux-image-5.10-686-pae from buster/updates (see above). > 3. 5.10 didn't boot. Is there any reason why you don't let the dependency resolver chose the kernel for you? (`apt install linux-image-686-pae` instead of specific ABIs.) You would have ended up with 4.9 after dist-upgrading to stretch, 4.19 after dist-upgrading to buster, and with 5.10 after dist-upgrading to bullseye. -- Guilhem.
signature.asc
Description: PGP signature