1. Forum
  2. Usenet
  3. LINUX.DEBIAN.DEVEL.RELEAS

  • YA Grub update for bullseye (and buster!)

    From Steve McIntyre@21:1/5 to All on Thu Dec 8 01:20:01 2022
    [ Trying again without typos in addresses! ]

    Hey folks,

    As you (might?) have seen, since the most recent set of security
    patches went into Grub (2.06-3~deb10u2, 2.06-3~deb11u4 and 2.06-5)
    I've been working on fixing up some of the fallout from the now
    locked-down font loader. The current state of the art in unstable
    (2.06-7) works fine AFAICS, with no more bugs complaining about
    messed-up fonts and graphics. I'm happy with things there for now,
    although there are likely to be yet be more tweaks before we
    freeze. Meh, that's pain for another day. :-)

    So, for Bullseye and Buster: I'm ready to add the new patches in to
    both to fix up font handling. We also *must* do a new release in both
    to bump SBAT level due to my unfortunate mistake in the last Buster
    upload (#1024617). :-( I'm just about ready to do builds and uploads
    now, so...

    * Buster just needs another upload to buster-security, I believe?

    * What's the preferred way to go for Bullseye, given we're just about
    to do another point release? Should I go down the security path or
    just upload straight to bullseye and go via s-p-u?

    --
    Steve McIntyre, Cambridge, UK. steve@einval.com 'There is some grim amusement in watching Pence try to run the typical
    "politician in the middle of a natural disaster" playbook, however
    incompetently, while Trump scribbles all over it in crayon and eats some
    of the pages.' -- Russ Allbery

    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCAAdFiEEzrtSMB1hfpEDkP4WWHl5VzRCaE4FAmORLL0ACgkQWHl5VzRC aE7UWhAAp0B/kwql2L2gjzpmh9S53WTNpHimkyo/Te2/VZRSIWDby5Jzx3MZ0wZT FD57SnG571/hkHyZzxm+aGcRj6fDKqeBe/MN9NsdoQ/UiDpvxv3Ue2FwQq6jUibm gkxF9o8pUOAz4S78EIJCW8VlwmQfpFMeV/VsegvugcHumEbPcOArrX6SsuPec/yG Fbxs+0g+SVVKXs9U/IW17iwgzLzgq6mrv9YtFE+22MCNVeFuRwLmsYMb2xCdXlGG cP7u0NiUj0juhHcSw05+7FXPr90auOa8udHP9RAtuHYWRJufu1X7ypUiQXtZVP6F M9lzqj72ODdwwSxSPVipPiznNT4upXOUSm2zHNa6vHoXmS3a76/hObGoSshZswry WJo+P8rjtiPEm+iZD0TgXUH24eBmVDE36CipdgvMKI83nDSWdWSK3Vfdz6GzYg2n kVeLLeEuamuLpZcPJl8xYnzFKk8KVX1wPTO6qtduLgu7/1ApiGb5RIcE06ngBaNW 8c7zsYdaW295SEf/uOSABVXtOB05oK7Wvm1lysQJXza5urvFzQ/qSN4+FCE
  • From Salvatore Bonaccorso@21:1/5 to Steve McIntyre on Thu Dec 8 08:40:01 2022
    Hi Steve,

    Thanks for working on this!

    On Thu, Dec 08, 2022 at 12:15:57AM +0000, Steve McIntyre wrote:
    [ Trying again without typos in addresses! ]

    Hey folks,

    As you (might?) have seen, since the most recent set of security
    patches went into Grub (2.06-3~deb10u2, 2.06-3~deb11u4 and 2.06-5)
    I've been working on fixing up some of the fallout from the now
    locked-down font loader. The current state of the art in unstable
    (2.06-7) works fine AFAICS, with no more bugs complaining about
    messed-up fonts and graphics. I'm happy with things there for now,
    although there are likely to be yet be more tweaks before we
    freeze. Meh, that's pain for another day. :-)

    So, for Bullseye and Buster: I'm ready to add the new patches in to
    both to fix up font handling. We also *must* do a new release in both
    to bump SBAT level due to my unfortunate mistake in the last Buster
    upload (#1024617). :-( I'm just about ready to do builds and uploads
    now, so...

    * Buster just needs another upload to buster-security, I believe?

    Yes exactly, let me know if you need help with the DLA release.

    * What's the preferred way to go for Bullseye, given we're just about
    to do another point release? Should I go down the security path or
    just upload straight to bullseye and go via s-p-u?

    I think for this one (and give the timeframe for the point release), a stable-proposed-updates is more appropriate. I agree, the functional
    regression is caused by the security fix, but to me it looks enough
    that we can go here the point release path (unless a SRM now strongly disagrees). The window is closing this weekend for the uploads.

    Regards,
    Salvatore

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Steve McIntyre@21:1/5 to Salvatore Bonaccorso on Thu Dec 8 15:50:01 2022
    On Thu, Dec 08, 2022 at 08:36:50AM +0100, Salvatore Bonaccorso wrote:
    Hi Steve,
    On Thu, Dec 08, 2022 at 12:15:57AM +0000, Steve McIntyre wrote:

    * Buster just needs another upload to buster-security, I believe?

    Yes exactly, let me know if you need help with the DLA release.

    I've just uploaded now. Help with the DLA would be nice, thanks!

    * What's the preferred way to go for Bullseye, given we're just about
    to do another point release? Should I go down the security path or
    just upload straight to bullseye and go via s-p-u?

    I think for this one (and give the timeframe for the point release), a >stable-proposed-updates is more appropriate. I agree, the functional >regression is caused by the security fix, but to me it looks enough
    that we can go here the point release path (unless a SRM now strongly >disagrees). The window is closing this weekend for the uploads.

    ACK. I'll give Adam a short while to chime in...

    --
    Steve McIntyre, Cambridge, UK. steve@einval.com "...In the UNIX world, people tend to interpret `non-technical user'
    as meaning someone who's only ever written one device driver." -- Daniel Pead

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Adam D. Barratt@21:1/5 to Steve McIntyre on Thu Dec 8 18:10:01 2022
    On Thu, 2022-12-08 at 14:47 +0000, Steve McIntyre wrote:
    On Thu, Dec 08, 2022 at 08:36:50AM +0100, Salvatore Bonaccorso wrote:
    Hi Steve,
    On Thu, Dec 08, 2022 at 12:15:57AM +0000, Steve McIntyre wrote:
    [...]
    * What's the preferred way to go for Bullseye, given we're just
    about
    to do another point release? Should I go down the security
    path or
    just upload straight to bullseye and go via s-p-u?

    I think for this one (and give the timeframe for the point
    release), a
    stable-proposed-updates is more appropriate. I agree, the
    functional
    regression is caused by the security fix, but to me it looks enough
    that we can go here the point release path (unless a SRM now
    strongly
    disagrees). The window is closing this weekend for the uploads.

    ACK. I'll give Adam a short while to chime in...

    I was going to say I'd defer to the security team when I read the
    initial mail, so... either way works for me, as long as it happens
    soonish.

    Regards,

    Adam

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Steve McIntyre@21:1/5 to Adam Barratt on Thu Dec 8 18:30:01 2022
    On Thu, Dec 08, 2022 at 05:01:47PM +0000, Adam Barratt wrote:
    On Thu, 2022-12-08 at 14:47 +0000, Steve McIntyre wrote:
    On Thu, Dec 08, 2022 at 08:36:50AM +0100, Salvatore Bonaccorso wrote:
    Hi Steve,
    On Thu, Dec 08, 2022 at 12:15:57AM +0000, Steve McIntyre wrote:
    [...]
    * What's the preferred way to go for Bullseye, given we're just
    about
    to do another point release? Should I go down the security
    path or
    just upload straight to bullseye and go via s-p-u?

    I think for this one (and give the timeframe for the point
    release), a
    stable-proposed-updates is more appropriate. I agree, the
    functional
    regression is caused by the security fix, but to me it looks enough
    that we can go here the point release path (unless a SRM now
    strongly
    disagrees). The window is closing this weekend for the uploads.

    ACK. I'll give Adam a short while to chime in...

    I was going to say I'd defer to the security team when I read the
    initial mail, so... either way works for me, as long as it happens
    soonish.

    ACK, I'll go ahead with the stable-proposed-updates upload now then.

    Cheers!

    --
    Steve McIntyre, Cambridge, UK. steve@einval.com Welcome my son, welcome to the machine.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Steve McIntyre@21:1/5 to Salvatore Bonaccorso on Fri Dec 9 15:50:01 2022
    On Fri, Dec 09, 2022 at 03:22:13PM +0100, Salvatore Bonaccorso wrote:
    Hi Steve,

    On Thu, Dec 08, 2022 at 02:47:59PM +0000, Steve McIntyre wrote:
    On Thu, Dec 08, 2022 at 08:36:50AM +0100, Salvatore Bonaccorso wrote:
    Hi Steve,
    On Thu, Dec 08, 2022 at 12:15:57AM +0000, Steve McIntyre wrote:

    * Buster just needs another upload to buster-security, I believe?

    Yes exactly, let me know if you need help with the DLA release.

    I've just uploaded now. Help with the DLA would be nice, thanks!

    Ok will do. We need to wait for the signed packages yet.

    ACK.

    FTP-masters, can you have a look?

    Let's hope so! There'll be several sets waiting now, I hope.

    --
    Steve McIntyre, Cambridge, UK. steve@einval.com Is there anybody out there?

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Salvatore Bonaccorso@21:1/5 to Steve McIntyre on Fri Dec 9 15:30:02 2022
    Hi Steve,

    On Thu, Dec 08, 2022 at 02:47:59PM +0000, Steve McIntyre wrote:
    On Thu, Dec 08, 2022 at 08:36:50AM +0100, Salvatore Bonaccorso wrote:
    Hi Steve,
    On Thu, Dec 08, 2022 at 12:15:57AM +0000, Steve McIntyre wrote:

    * Buster just needs another upload to buster-security, I believe?

    Yes exactly, let me know if you need help with the DLA release.

    I've just uploaded now. Help with the DLA would be nice, thanks!

    Ok will do. We need to wait for the signed packages yet.

    FTP-masters, can you have a look?

    Regards,
    Salvatore

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)