Control: retitle -1 unblock: linux/5.10.38-1 (pre-approval checking) On Thu, May 13, 2021 at 09:30:29AM +0200, Salvatore Bonaccorso wrote: > Package: release.debian.org > Severity: normal > User: release.debian....@packages.debian.org > Usertags: unblock > X-Debbugs-Cc: car...@debian.org > > Dear release team, > > As you know we follow the respective stable series as well in a stable > release, and usually this is then done in point releases > (exceptionally as well via a DSA). Now I know the time for bullseye is > tight, but I would still like to followup with a stable series import > in unstable, but wanted to double check with you in aprticular if > there are ny timing issues with d-i. > > I would plan to upload based ideally on 5.10.37 because it will cover > a big amount of bufixes but particularly recent CVEs which are > important to have covered in bullseye already soon. Currently already > covered in the imports done in git and in the packaging pending are > CVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2021-3489, > CVE-2021-3490, CVE-2021-3491, CVE-2021-3493, CVE-2021-3501, > CVE-2021-3506, CVE-2021-23133, CVE-2021-23134, CVE-2021-29155, > CVE-2021-31829, but I would want do cover as well the recent > FragAttack fixes (not yet worked on). > > In the packaging itself there will be additional changes pending > currently they are: > > [ Vincent Blut ] > * [x86] sound/soc/intel: Enable SND_SOC_INTEL_CATPT as module > (Closes: #986822) > * [x86] sound/soc/intel/boards: Enable SND_SOC_INTEL_BDW_RT5650_MACH as > module > * drivers/input/rmi4: Enable RMI4_F3A (Closes: #986848) > * [armhf] drivers/gpio: Enable GPIO_MXC as module (Closes: #987019) > * [x86] drivers/misc/mei: Enable INTEL_MEI_TXE, INTEL_MEI_HDCP as modules > (Closes: #987281) > > All of those are for better hardware support. > > [ Uwe Kleine-König ] > * [arm64] Enable more options for NXP's i.MX8 (Closes: #985862) > > Samewise. > > [ Salvatore Bonaccorso ] > * vfs: move cap_convert_nscap() call into vfs_setxattr() (CVE-2021-3493) > * Refresh "Makefile: Do not check for libelf when building OOT module" > * [rt] Drop "xfrm: Use sequence counter with associated spinlock" > * Bump ABI to 7 > * Refresh "tools/include/uapi: Fix <asm/errno.h>" > * Revert "net/sctp: fix race condition in sctp_destroy_sock" > * sctp: delay auto_asconf init until binding the first addr > (CVE-2021-23133) > * net/nfc: fix use-after-free llcp_sock_bind/connect (CVE-2021-23134) > * bpf, ringbuf: Deny reserve of buffers larger than ringbuf (CVE-2021-3489) > * bpf: Prevent writable memory-mapping of read-only ringbuf pages > * bpf: Fix alu32 const subreg bound tracking on bitwise operations > (CVE-2021-3490) > * io_uring: truncate lengths larger than MAX_RW_COUNT on provide buffers > (CVE-2021-3491) > > Various CVE fixes (which will though go as well partially in 5.10.37 > directly), > the FragAttack CVEs are not yet included. > > The RT patch which can be dropped after checking with Sebastian > Andrzej Siewior. An ABI bump included, note that the changes are quite > massive up to 5.10.37, (5.10.37 will contain approximately 530 > upstream commits, 5.10.36 was as well with 300 a bigger one). I > realize this might scary, but in the end this is the stragegy we > necessarily need to follow to keep up with upstream stable releases. > > [ Vagrant Cascadian ] > * [arm64] Disable USB type-C DisplayPort in pinebook pro device-tree. > * [arm64] Enable TYPEC_FUSB302, SND_SOC_ES8316, TYPEC and TYPEC_TCPM as > modules. (Closes: #987638) > > [ Michal Simek ] > * [arm64] Enable clock driver for Xilinx ZynqMP SoC > > Additional support for hardware in the arm64 area. > > [ Valentin Vidic ] > * [s390x] udeb: Include standard scsi-modules containing the virtio_blk > module (Closes: #988005) > > "Acked"/wished by KiBi, to align s390x installer support to the other > architectures. > > The current state is at https://salsa.debian.org/kernel-team/linux/-/tree/sid > > Let me know what you think of it, I would in any case send the usual > "Upload announcement" to the various involved teams before the upload > summarizing again the changes.
For the record, this will be 5.10.38 based. I delayed on purpose given the size which was forseen. If anybody has concern on the upload, please raise a flag. Regards, Salvatore
