Bug#990897: unblock: linux/5.10.46-1
Hi Salvatore, On 20-07-2021 20:05, Salvatore Bonaccorso wrote: > We do not have yet the signed packages that said, but once present > ideally the package get's aged as well to have fixes asap in bullseye. As asked on IRC: IIUC it's best to wait until all binaries are in and migrate the set right? So including the linux-signed-(amd64|arm64|i386) binaries. I've added the unblocks and urgents for linux-signed-* and all *but* the urgent for linux. If the answer is: let's migrate as they get in, please, any RT member, urgent linux. If the set arrives before I'm back on line, please, urgent linux. Paul OpenPGP_signature Description: OpenPGP digital signature
Processed: Re: Bug#990897: unblock: linux/5.10.46-1
Processing control commands: > retitle -1 unblock: linux/5.10.46-2 Bug #990897 [release.debian.org] unblock: linux/5.10.46-1 Changed Bug title to 'unblock: linux/5.10.46-2' from 'unblock: linux/5.10.46-1'. -- 990897: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990897 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#990897: unblock: linux/5.10.46-1
Control: retitle -1 unblock: linux/5.10.46-2 On Sun, Jul 11, 2021 at 10:35:15PM +0200, Paul Gevers wrote: > Control: tags -1 d-i > > Hi, > > On 10-07-2021 22:15, Salvatore Bonaccorso wrote: > > Hi release team, hi Cyril (specifically for d-i) > > So, let's add him (via d-boot) in. > > > Please unblock package linux > > > > It contained a rebase of the 5.10.y series to 5.10.46 upstream and > > included the following changes relevant to add additional HW support > > and bugfxes. The upstream import to 5.10.46 contained fixes for > > various CVEs. > > Ack. This now needs to be 5.10.46-2 which includes most notably the fix for CVE-2021-33909, which could lead to a local privilege escalation, see DSA 4941-1. We do not have yet the signed packages that said, but once present ideally the package get's aged as well to have fixes asap in bullseye. Regards, Salvatore
Processed: Re: Bug#990897: unblock: linux/5.10.46-1
Processing control commands: > tags -1 d-i Bug #990897 [release.debian.org] unblock: linux/5.10.46-1 Added tag(s) d-i. -- 990897: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990897 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#990897: unblock: linux/5.10.46-1
Control: tags -1 d-i Hi, On 10-07-2021 22:15, Salvatore Bonaccorso wrote: > Hi release team, hi Cyril (specifically for d-i) So, let's add him (via d-boot) in. > Please unblock package linux > > It contained a rebase of the 5.10.y series to 5.10.46 upstream and > included the following changes relevant to add additional HW support > and bugfxes. The upstream import to 5.10.46 contained fixes for > various CVEs. Ack. > I guess at this point we want to delay any further 5.10.y imports to > the first bullseye point release, but let me know your toughts on > this. If the tentative release date becomes solid, I think that's a good plan. Paul OpenPGP_signature Description: OpenPGP digital signature
Bug#990897: unblock: linux/5.10.46-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: car...@debian.org,k...@debian.org Hi release team, hi Cyril (specifically for d-i) Please unblock package linux It contained a rebase of the 5.10.y series to 5.10.46 upstream and included the following changes relevant to add additional HW support and bugfxes. The upstream import to 5.10.46 contained fixes for various CVEs. The explicit other changes in the packaging are: * [armhf] drivers/bluetooth: Enable BT_HCIUART as a module, with support for all features already enabled in the generic config. (Closes: #987361) * [armhf] enable i.MX6 MIPI-CSI video capture device. (Closes: #987365) - drivers/mux: Enable MUX_MMIO as a module. - drivers/media/platform: Enable VIDEO_MUX as a module. - drivers/staging/media/imx: Enable VIDEO_IMX_MEDIA and VIDEO_IMX_CSI as modules. * [arm64] Update device tree for Kobol's helios64 from next * [rt] Refresh "net/Qdisc: use a seqlock instead seqcount" * Ignore some ABI changes that should not affect OOT modules * Bump ABI to 8 * [rt] Refresh "tracing: Merge irqflags + preempt counter" * can: bcm: delay release of struct bcm_op after synchronize_rcu() (CVE-2021-3609) * Revert "PCI: PM: Do not read power state in pci_enable_device_flags()" (Closes: #990008) * [arm64] Add pwm-rockchip to fb-modules udeb. * [arm64] Add fusb302, tcpm and typec to usb-modules udeb. * [armhf] Add gpio-mxc to kernel-image udeb. Thanks to Rick Thomas. (Closes: #982270) The relevant CVEs fixed were: CVE-2020-26141, CVE-2020-26145, CVE-2021-33624, CVE-2021-34693, CVE-2021-3609, CVE-2020-24586, CVE-2020-24587, CVE-2020-24588, CVE-2020-26139, CVE-2020-26147, CVE-2021-28691, CVE-2021-3564, CVE-2021-3573 and CVE-2021-3587. In particular this covered the fragattacks CVEs and the recently published bpf related issues. I guess at this point we want to delay any further 5.10.y imports to the first bullseye point release, but let me know your toughts on this. Regards, Salvatore
