Control: tags -1 confirmed d-i @boot: needs d-i ACK. As I believe you are aware of, the upload has already happened.
@kibi: feel free to age it if/when you see fit Paul On 19-05-2021 17:27, Salvatore Bonaccorso wrote: > Control: retitle -1 unblock: linux/5.10.38-1 (pre-approval checking) > > On Thu, May 13, 2021 at 09:30:29AM +0200, Salvatore Bonaccorso wrote: >> Package: release.debian.org >> Severity: normal >> User: release.debian....@packages.debian.org >> Usertags: unblock >> X-Debbugs-Cc: car...@debian.org >> >> Dear release team, >> >> As you know we follow the respective stable series as well in a stable >> release, and usually this is then done in point releases >> (exceptionally as well via a DSA). Now I know the time for bullseye is >> tight, but I would still like to followup with a stable series import >> in unstable, but wanted to double check with you in aprticular if >> there are ny timing issues with d-i. >> >> I would plan to upload based ideally on 5.10.37 because it will cover >> a big amount of bufixes but particularly recent CVEs which are >> important to have covered in bullseye already soon. Currently already >> covered in the imports done in git and in the packaging pending are >> CVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2021-3489, >> CVE-2021-3490, CVE-2021-3491, CVE-2021-3493, CVE-2021-3501, >> CVE-2021-3506, CVE-2021-23133, CVE-2021-23134, CVE-2021-29155, >> CVE-2021-31829, but I would want do cover as well the recent >> FragAttack fixes (not yet worked on). >> >> In the packaging itself there will be additional changes pending >> currently they are: >> >> [ Vincent Blut ] >> * [x86] sound/soc/intel: Enable SND_SOC_INTEL_CATPT as module >> (Closes: #986822) >> * [x86] sound/soc/intel/boards: Enable SND_SOC_INTEL_BDW_RT5650_MACH as >> module >> * drivers/input/rmi4: Enable RMI4_F3A (Closes: #986848) >> * [armhf] drivers/gpio: Enable GPIO_MXC as module (Closes: #987019) >> * [x86] drivers/misc/mei: Enable INTEL_MEI_TXE, INTEL_MEI_HDCP as modules >> (Closes: #987281) >> >> All of those are for better hardware support. >> >> [ Uwe Kleine-König ] >> * [arm64] Enable more options for NXP's i.MX8 (Closes: #985862) >> >> Samewise. >> >> [ Salvatore Bonaccorso ] >> * vfs: move cap_convert_nscap() call into vfs_setxattr() (CVE-2021-3493) >> * Refresh "Makefile: Do not check for libelf when building OOT module" >> * [rt] Drop "xfrm: Use sequence counter with associated spinlock" >> * Bump ABI to 7 >> * Refresh "tools/include/uapi: Fix <asm/errno.h>" >> * Revert "net/sctp: fix race condition in sctp_destroy_sock" >> * sctp: delay auto_asconf init until binding the first addr >> (CVE-2021-23133) >> * net/nfc: fix use-after-free llcp_sock_bind/connect (CVE-2021-23134) >> * bpf, ringbuf: Deny reserve of buffers larger than ringbuf >> (CVE-2021-3489) >> * bpf: Prevent writable memory-mapping of read-only ringbuf pages >> * bpf: Fix alu32 const subreg bound tracking on bitwise operations >> (CVE-2021-3490) >> * io_uring: truncate lengths larger than MAX_RW_COUNT on provide buffers >> (CVE-2021-3491) >> >> Various CVE fixes (which will though go as well partially in 5.10.37 >> directly), >> the FragAttack CVEs are not yet included. >> >> The RT patch which can be dropped after checking with Sebastian >> Andrzej Siewior. An ABI bump included, note that the changes are quite >> massive up to 5.10.37, (5.10.37 will contain approximately 530 >> upstream commits, 5.10.36 was as well with 300 a bigger one). I >> realize this might scary, but in the end this is the stragegy we >> necessarily need to follow to keep up with upstream stable releases. >> >> [ Vagrant Cascadian ] >> * [arm64] Disable USB type-C DisplayPort in pinebook pro device-tree. >> * [arm64] Enable TYPEC_FUSB302, SND_SOC_ES8316, TYPEC and TYPEC_TCPM as >> modules. (Closes: #987638) >> >> [ Michal Simek ] >> * [arm64] Enable clock driver for Xilinx ZynqMP SoC >> >> Additional support for hardware in the arm64 area. >> >> [ Valentin Vidic ] >> * [s390x] udeb: Include standard scsi-modules containing the virtio_blk >> module (Closes: #988005) >> >> "Acked"/wished by KiBi, to align s390x installer support to the other >> architectures. >> >> The current state is at https://salsa.debian.org/kernel-team/linux/-/tree/sid >> >> Let me know what you think of it, I would in any case send the usual >> "Upload announcement" to the various involved teams before the upload >> summarizing again the changes. > > For the record, this will be 5.10.38 based. I delayed on purpose given > the size which was forseen. > > If anybody has concern on the upload, please raise a flag. > > Regards, > Salvatore >
OpenPGP_signature
Description: OpenPGP digital signature
