Hi, I have been working on this update issue and I am happy to report that I have made good progress.
Firstly, to clarify, I am working on two sets of updates. A testing-security update, which will only include security fixes. And a testing-proposed-updates, which will include some other fixes as well, basically what is currently in SVN. Today I have been working on the fomer, I hope to get to the latter in the next couple of days. In each case my primary task is to get kernel-source packages ready for 2.6.8 and 2.4.27. And my secondary task is to make binary images for i386 and powerpc. Other achitectures are built by other members of the kernel team, or are not under the auspices of the kernel team, I think I covered this pretty thoroughly in my previous email. testing-security: I have made a testing-security/ directory in SVN. Its the same layout as trunk/, albeit with a lot of directories missing. I'd like to encourage other architecture maintainers to put anything they are working in regarding testing-security: in there too. I have also made preliminary packages available at: http://debian.vergenet.net/sarge-security/ In there you should find kernel-source packages for 2.4.27 and 2.6.8, and kernel-image-i386 images for 2.6.8. I hope to add the kernel-image-i386 images for 2.4.27 shortly (once they finish building). And binary packages for powerpc over the weekend. kernel-source-2.6.8 2.6.8-15sarge1 Most kernel-images in Sarge are based of 2.6.8-13, however some are based of 2.6.8-15. As a result, there are some patches from 2.6.8-14 and 2.6.8-15 which are already included in some architectures, but not others. Also, kernel-source 2.6.8-15 is actually in Sarge. The citeria I used for patch inclusion was as follows: * Security patch or * Non-Security patch, that is specific to an acrhitecture that is based off 2.6.8-15 or * packaging related patch - that is it doesn't effect the kernel images build from the code it contains, and is already in sarge. e.g. Fixing a package description in the control file This turned out to be quite simple, and you can see the resulting annotated changelog here: http://debian.vergenet.net/sarge-security/kernel-source-2.6.8/kernel-source-2.6.8_2.6.8-15sarge1_i386.changes In fact, it turns out that I left 2.6.8-14 and 2.6.8-15 unchanged. The only questionable patches are as follows. I'd like feedback on what to do here. Keeping in mind that removing them would be a regression if any of the architectures built against 2.6.8-15 use this code. In the case of the SCSI fix, that seems a certainty. In the case of the ia64-ptrace fix, I am not sure if this code is needed by subsequent security fixes or not. The au88x0 case seems a bit more clear-cut, but I am not sure what architectures compile this. In any case, here is the list, they are currently all included: * Backport more scsi-ioctl fixes: add CMD_WARNED, remove dulicate safe_for_read(READ_BUFFER), add LOG_SENSE as read-ok and LOG_SELECT as write-ok, quieten scsi ioctl when asking for a lot of memory and failing. (Maximilian Attems) * ia64-ptrace-speedup.dpatch Backport needed to form a base on top of which ia64-ptrace-fixes will apply. (dann frazier) * au88x0-use-short-name.dpatch: Use CARD_SHORT_NAME in au88x0.c to allow card-specific driver names (CARD_SHORT_NAME is redefined by each driver.) (Joshua Kwan) kernel-source-2.4.27 2.4.27-8sarge1 2.4.27 was more straightforward. I think all architectures are bassed of 2.4.27-8 in sarge, and this is the version of kernel-source in sarge. As a result, I just merged the changes from 2.4.27-9 (unstable) and 2.4.27-10 (as yet unreleased in SVN) and removed any non-security fixes. The resulting changelog is: http://debian.vergenet.net/sarge-security/kernel-source-2.4.27/kernel-source-2.4.27_2.4.27-8sarge1_i386.changes testing-proposed-updates: These are proposed packages for Sarge r1. I anticipate there will be more security bugs and the like found before we get there. But what we have is looking good at this time, so it seems worth getting into testing-proposed-updates and unstable. I don't see any reason for those two packages to be any different at this time. The kernel source packages will most likely be called kernel-source-2.4.27 2.4.27-10 and kernel-source-2.6.8 2.6.8-16. Everthing for kernel-source for both 2.4.27 and 2.6.8 is currently in svn under the trunk/ directory. Ditto for kernel-image-i386. I am still wrestling with some issues with the kernel-headers package for 2.6.8 on powerpc, but Sven Luther has a working fix and I am close, so that should be in the bag pretty soon. I will try and get packages together for all of these over the next few days. Watch this space. -- Horms -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
