Hi Steve, Thanks for working on this!
On Thu, Dec 08, 2022 at 12:15:57AM +0000, Steve McIntyre wrote: > [ Trying again without typos in addresses! ] > > Hey folks, > > As you (might?) have seen, since the most recent set of security > patches went into Grub (2.06-3~deb10u2, 2.06-3~deb11u4 and 2.06-5) > I've been working on fixing up some of the fallout from the now > locked-down font loader. The current state of the art in unstable > (2.06-7) works fine AFAICS, with no more bugs complaining about > messed-up fonts and graphics. I'm happy with things there for now, > although there are likely to be yet be more tweaks before we > freeze. Meh, that's pain for another day. :-) > > So, for Bullseye and Buster: I'm ready to add the new patches in to > both to fix up font handling. We also *must* do a new release in both > to bump SBAT level due to my unfortunate mistake in the last Buster > upload (#1024617). :-( I'm just about ready to do builds and uploads > now, so... > > * Buster just needs another upload to buster-security, I believe? Yes exactly, let me know if you need help with the DLA release. > * What's the preferred way to go for Bullseye, given we're just about > to do another point release? Should I go down the security path or > just upload straight to bullseye and go via s-p-u? I think for this one (and give the timeframe for the point release), a stable-proposed-updates is more appropriate. I agree, the functional regression is caused by the security fix, but to me it looks enough that we can go here the point release path (unless a SRM now strongly disagrees). The window is closing this weekend for the uploads. Regards, Salvatore