Re: Releasing linux/6.1.52-1 bookworm-security update without armel build, Image size problems
On Sat, 2023-09-09 at 11:42 +0200, Bastian Blank wrote: > The first one is the one with included size limitations, because those > load the kernel from a pre-defined flash partition, whose size can't be > easily changed by the user. This one is now overflowing for the second > to last documented one in the kernel package config. Seems like this would be solvable by writing a bootloader to the flash partition that would be able to load Linux from a normal filesystem? -- bye, pabs https://wiki.debian.org/PaulWise signature.asc Description: This is a digitally signed message part
linux-signed-i386_6.1.52+1_source.changes is NEW
Mapping stable-security to proposed-updates. binary:acpi-modules-6.1.0-12-686-di is NEW. binary:acpi-modules-6.1.0-12-686-pae-di is NEW. binary:ata-modules-6.1.0-12-686-di is NEW. binary:ata-modules-6.1.0-12-686-pae-di is NEW. binary:btrfs-modules-6.1.0-12-686-di is NEW. binary:btrfs-modules-6.1.0-12-686-pae-di is NEW. binary:cdrom-core-modules-6.1.0-12-686-di is NEW. binary:cdrom-core-modules-6.1.0-12-686-pae-di is NEW. binary:crc-modules-6.1.0-12-686-di is NEW. binary:crc-modules-6.1.0-12-686-pae-di is NEW. binary:crypto-dm-modules-6.1.0-12-686-di is NEW. binary:crypto-dm-modules-6.1.0-12-686-pae-di is NEW. binary:crypto-modules-6.1.0-12-686-di is NEW. binary:crypto-modules-6.1.0-12-686-pae-di is NEW. binary:efi-modules-6.1.0-12-686-di is NEW. binary:efi-modules-6.1.0-12-686-pae-di is NEW. binary:event-modules-6.1.0-12-686-di is NEW. binary:event-modules-6.1.0-12-686-pae-di is NEW. binary:ext4-modules-6.1.0-12-686-di is NEW. binary:ext4-modules-6.1.0-12-686-pae-di is NEW. binary:f2fs-modules-6.1.0-12-686-di is NEW. binary:f2fs-modules-6.1.0-12-686-pae-di is NEW. binary:fat-modules-6.1.0-12-686-di is NEW. binary:fat-modules-6.1.0-12-686-pae-di is NEW. binary:fb-modules-6.1.0-12-686-di is NEW. binary:fb-modules-6.1.0-12-686-pae-di is NEW. binary:firewire-core-modules-6.1.0-12-686-di is NEW. binary:firewire-core-modules-6.1.0-12-686-pae-di is NEW. binary:fuse-modules-6.1.0-12-686-di is NEW. binary:fuse-modules-6.1.0-12-686-pae-di is NEW. binary:i2c-modules-6.1.0-12-686-di is NEW. binary:i2c-modules-6.1.0-12-686-pae-di is NEW. binary:input-modules-6.1.0-12-686-di is NEW. binary:input-modules-6.1.0-12-686-pae-di is NEW. binary:isofs-modules-6.1.0-12-686-di is NEW. binary:isofs-modules-6.1.0-12-686-pae-di is NEW. binary:jfs-modules-6.1.0-12-686-di is NEW. binary:jfs-modules-6.1.0-12-686-pae-di is NEW. binary:kernel-image-6.1.0-12-686-di is NEW. binary:kernel-image-6.1.0-12-686-pae-di is NEW. binary:linux-image-6.1.0-12-686 is NEW. binary:linux-image-6.1.0-12-686-pae is NEW. binary:linux-image-6.1.0-12-rt-686-pae is NEW. binary:loop-modules-6.1.0-12-686-di is NEW. binary:loop-modules-6.1.0-12-686-pae-di is NEW. binary:md-modules-6.1.0-12-686-di is NEW. binary:md-modules-6.1.0-12-686-pae-di is NEW. binary:mmc-core-modules-6.1.0-12-686-di is NEW. binary:mmc-core-modules-6.1.0-12-686-pae-di is NEW. binary:mmc-modules-6.1.0-12-686-di is NEW. binary:mmc-modules-6.1.0-12-686-pae-di is NEW. binary:mouse-modules-6.1.0-12-686-di is NEW. binary:mouse-modules-6.1.0-12-686-pae-di is NEW. binary:mtd-core-modules-6.1.0-12-686-di is NEW. binary:mtd-core-modules-6.1.0-12-686-pae-di is NEW. binary:multipath-modules-6.1.0-12-686-di is NEW. binary:multipath-modules-6.1.0-12-686-pae-di is NEW. binary:nbd-modules-6.1.0-12-686-di is NEW. binary:nbd-modules-6.1.0-12-686-pae-di is NEW. binary:nic-modules-6.1.0-12-686-di is NEW. binary:nic-modules-6.1.0-12-686-pae-di is NEW. binary:nic-pcmcia-modules-6.1.0-12-686-di is NEW. binary:nic-pcmcia-modules-6.1.0-12-686-pae-di is NEW. binary:nic-shared-modules-6.1.0-12-686-di is NEW. binary:nic-shared-modules-6.1.0-12-686-pae-di is NEW. binary:nic-usb-modules-6.1.0-12-686-di is NEW. binary:nic-usb-modules-6.1.0-12-686-pae-di is NEW. binary:nic-wireless-modules-6.1.0-12-686-di is NEW. binary:nic-wireless-modules-6.1.0-12-686-pae-di is NEW. binary:pata-modules-6.1.0-12-686-di is NEW. binary:pata-modules-6.1.0-12-686-pae-di is NEW. binary:pcmcia-modules-6.1.0-12-686-di is NEW. binary:pcmcia-modules-6.1.0-12-686-pae-di is NEW. binary:pcmcia-storage-modules-6.1.0-12-686-di is NEW. binary:pcmcia-storage-modules-6.1.0-12-686-pae-di is NEW. binary:ppp-modules-6.1.0-12-686-di is NEW. binary:ppp-modules-6.1.0-12-686-pae-di is NEW. binary:rfkill-modules-6.1.0-12-686-di is NEW. binary:rfkill-modules-6.1.0-12-686-pae-di is NEW. binary:sata-modules-6.1.0-12-686-di is NEW. binary:sata-modules-6.1.0-12-686-pae-di is NEW. binary:scsi-core-modules-6.1.0-12-686-di is NEW. binary:scsi-core-modules-6.1.0-12-686-pae-di is NEW. binary:scsi-modules-6.1.0-12-686-di is NEW. binary:scsi-modules-6.1.0-12-686-pae-di is NEW. binary:scsi-nic-modules-6.1.0-12-686-di is NEW. binary:scsi-nic-modules-6.1.0-12-686-pae-di is NEW. binary:serial-modules-6.1.0-12-686-di is NEW. binary:serial-modules-6.1.0-12-686-pae-di is NEW. binary:sound-modules-6.1.0-12-686-di is NEW. binary:sound-modules-6.1.0-12-686-pae-di is NEW. binary:speakup-modules-6.1.0-12-686-di is NEW. binary:speakup-modules-6.1.0-12-686-pae-di is NEW. binary:squashfs-modules-6.1.0-12-686-di is NEW. binary:squashfs-modules-6.1.0-12-686-pae-di is NEW. binary:udf-modules-6.1.0-12-686-di is NEW. binary:udf-modules-6.1.0-12-686-pae-di is NEW. binary:uinput-modules-6.1.0-12-686-di is NEW. binary:uinput-modules-6.1.0-12-686-pae-di is NEW. binary:usb-modules-6.1.0-12-686-di is NEW. binary:usb-modules-6.1.0-12-686-pae-di is NEW. binary:usb-serial-modules-6.1.0-12-686-di is NEW. binary:usb-serial-modules-6.1.0-12-686-pae-di is NEW. binary:usb-storage-modules-6.1.0-12-686-di is
linux-signed-arm64_6.1.52+1_source.changes is NEW
Mapping stable-security to proposed-updates. binary:ata-modules-6.1.0-12-arm64-di is NEW. binary:btrfs-modules-6.1.0-12-arm64-di is NEW. binary:cdrom-core-modules-6.1.0-12-arm64-di is NEW. binary:crc-modules-6.1.0-12-arm64-di is NEW. binary:crypto-dm-modules-6.1.0-12-arm64-di is NEW. binary:crypto-modules-6.1.0-12-arm64-di is NEW. binary:efi-modules-6.1.0-12-arm64-di is NEW. binary:event-modules-6.1.0-12-arm64-di is NEW. binary:ext4-modules-6.1.0-12-arm64-di is NEW. binary:f2fs-modules-6.1.0-12-arm64-di is NEW. binary:fat-modules-6.1.0-12-arm64-di is NEW. binary:fb-modules-6.1.0-12-arm64-di is NEW. binary:fuse-modules-6.1.0-12-arm64-di is NEW. binary:i2c-modules-6.1.0-12-arm64-di is NEW. binary:input-modules-6.1.0-12-arm64-di is NEW. binary:isofs-modules-6.1.0-12-arm64-di is NEW. binary:jfs-modules-6.1.0-12-arm64-di is NEW. binary:kernel-image-6.1.0-12-arm64-di is NEW. binary:leds-modules-6.1.0-12-arm64-di is NEW. binary:linux-image-6.1.0-12-arm64 is NEW. binary:linux-image-6.1.0-12-cloud-arm64 is NEW. binary:linux-image-6.1.0-12-rt-arm64 is NEW. binary:loop-modules-6.1.0-12-arm64-di is NEW. binary:md-modules-6.1.0-12-arm64-di is NEW. binary:mmc-modules-6.1.0-12-arm64-di is NEW. binary:mtd-core-modules-6.1.0-12-arm64-di is NEW. binary:multipath-modules-6.1.0-12-arm64-di is NEW. binary:nbd-modules-6.1.0-12-arm64-di is NEW. binary:nic-modules-6.1.0-12-arm64-di is NEW. binary:nic-shared-modules-6.1.0-12-arm64-di is NEW. binary:nic-usb-modules-6.1.0-12-arm64-di is NEW. binary:nic-wireless-modules-6.1.0-12-arm64-di is NEW. binary:ppp-modules-6.1.0-12-arm64-di is NEW. binary:sata-modules-6.1.0-12-arm64-di is NEW. binary:scsi-core-modules-6.1.0-12-arm64-di is NEW. binary:scsi-modules-6.1.0-12-arm64-di is NEW. binary:scsi-nic-modules-6.1.0-12-arm64-di is NEW. binary:sound-modules-6.1.0-12-arm64-di is NEW. binary:speakup-modules-6.1.0-12-arm64-di is NEW. binary:squashfs-modules-6.1.0-12-arm64-di is NEW. binary:udf-modules-6.1.0-12-arm64-di is NEW. binary:uinput-modules-6.1.0-12-arm64-di is NEW. binary:usb-modules-6.1.0-12-arm64-di is NEW. binary:usb-serial-modules-6.1.0-12-arm64-di is NEW. binary:usb-storage-modules-6.1.0-12-arm64-di is NEW. binary:xfs-modules-6.1.0-12-arm64-di is NEW. Your package has been put into the NEW queue, which requires manual action from the ftpteam to process. The upload was otherwise valid (it had a good OpenPGP signature and file hashes are valid), so please be patient. Packages are routinely processed through to the archive, and do feel free to browse the NEW queue[1]. If there is an issue with the upload, you will receive an email from a member of the ftpteam. If you have any questions, you may reply to this email. [1]: https://ftp-master.debian.org/new.html or https://ftp-master.debian.org/backports-new.html for *-backports
linux-signed-amd64_6.1.52+1_source.changes is NEW
Mapping stable-security to proposed-updates. binary:acpi-modules-6.1.0-12-amd64-di is NEW. binary:ata-modules-6.1.0-12-amd64-di is NEW. binary:btrfs-modules-6.1.0-12-amd64-di is NEW. binary:cdrom-core-modules-6.1.0-12-amd64-di is NEW. binary:crc-modules-6.1.0-12-amd64-di is NEW. binary:crypto-dm-modules-6.1.0-12-amd64-di is NEW. binary:crypto-modules-6.1.0-12-amd64-di is NEW. binary:efi-modules-6.1.0-12-amd64-di is NEW. binary:event-modules-6.1.0-12-amd64-di is NEW. binary:ext4-modules-6.1.0-12-amd64-di is NEW. binary:f2fs-modules-6.1.0-12-amd64-di is NEW. binary:fat-modules-6.1.0-12-amd64-di is NEW. binary:fb-modules-6.1.0-12-amd64-di is NEW. binary:firewire-core-modules-6.1.0-12-amd64-di is NEW. binary:fuse-modules-6.1.0-12-amd64-di is NEW. binary:i2c-modules-6.1.0-12-amd64-di is NEW. binary:input-modules-6.1.0-12-amd64-di is NEW. binary:isofs-modules-6.1.0-12-amd64-di is NEW. binary:jfs-modules-6.1.0-12-amd64-di is NEW. binary:kernel-image-6.1.0-12-amd64-di is NEW. binary:linux-image-6.1.0-12-amd64 is NEW. binary:linux-image-6.1.0-12-cloud-amd64 is NEW. binary:linux-image-6.1.0-12-rt-amd64 is NEW. binary:loop-modules-6.1.0-12-amd64-di is NEW. binary:md-modules-6.1.0-12-amd64-di is NEW. binary:mmc-core-modules-6.1.0-12-amd64-di is NEW. binary:mmc-modules-6.1.0-12-amd64-di is NEW. binary:mouse-modules-6.1.0-12-amd64-di is NEW. binary:mtd-core-modules-6.1.0-12-amd64-di is NEW. binary:multipath-modules-6.1.0-12-amd64-di is NEW. binary:nbd-modules-6.1.0-12-amd64-di is NEW. binary:nic-modules-6.1.0-12-amd64-di is NEW. binary:nic-pcmcia-modules-6.1.0-12-amd64-di is NEW. binary:nic-shared-modules-6.1.0-12-amd64-di is NEW. binary:nic-usb-modules-6.1.0-12-amd64-di is NEW. binary:nic-wireless-modules-6.1.0-12-amd64-di is NEW. binary:pata-modules-6.1.0-12-amd64-di is NEW. binary:pcmcia-modules-6.1.0-12-amd64-di is NEW. binary:pcmcia-storage-modules-6.1.0-12-amd64-di is NEW. binary:ppp-modules-6.1.0-12-amd64-di is NEW. binary:rfkill-modules-6.1.0-12-amd64-di is NEW. binary:sata-modules-6.1.0-12-amd64-di is NEW. binary:scsi-core-modules-6.1.0-12-amd64-di is NEW. binary:scsi-modules-6.1.0-12-amd64-di is NEW. binary:scsi-nic-modules-6.1.0-12-amd64-di is NEW. binary:serial-modules-6.1.0-12-amd64-di is NEW. binary:sound-modules-6.1.0-12-amd64-di is NEW. binary:speakup-modules-6.1.0-12-amd64-di is NEW. binary:squashfs-modules-6.1.0-12-amd64-di is NEW. binary:udf-modules-6.1.0-12-amd64-di is NEW. binary:uinput-modules-6.1.0-12-amd64-di is NEW. binary:usb-modules-6.1.0-12-amd64-di is NEW. binary:usb-serial-modules-6.1.0-12-amd64-di is NEW. binary:usb-storage-modules-6.1.0-12-amd64-di is NEW. binary:xfs-modules-6.1.0-12-amd64-di is NEW. Your package has been put into the NEW queue, which requires manual action from the ftpteam to process. The upload was otherwise valid (it had a good OpenPGP signature and file hashes are valid), so please be patient. Packages are routinely processed through to the archive, and do feel free to browse the NEW queue[1]. If there is an issue with the upload, you will receive an email from a member of the ftpteam. If you have any questions, you may reply to this email. [1]: https://ftp-master.debian.org/new.html or https://ftp-master.debian.org/backports-new.html for *-backports
Bug#1051577: iproute2: obsolete conffiles
Package: iproute2 Version: 6.5.0-1 Severity: normal -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 After upgrading to 6.5.0-1 adequate shows: adequate found packaging bugs - - iproute2: obsolete-conffile /etc/iproute2/rt_tables.d/README iproute2: obsolete-conffile /etc/iproute2/rt_protos.d/README iproute2: obsolete-conffile /etc/iproute2/rt_protos iproute2: obsolete-conffile /etc/iproute2/rt_dsfield iproute2: obsolete-conffile /etc/iproute2/nl_protos iproute2: obsolete-conffile /etc/iproute2/ematch_map iproute2: obsolete-conffile /etc/iproute2/bpf_pinning Cf. dpkg-maintscript-helper(1) and dh_installdeb(1) / package.maintscript / rm_conffile. Cheers, gregor -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEE0eExbpOnYKgQTYX6uzpoAYZJqgYFAmT898hfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEQx RTEzMTZFOTNBNzYwQTgxMDREODVGQUJCM0E2ODAxODY0OUFBMDYACgkQuzpoAYZJ qgZ76hAAvpluUC3obOOsJfmXhh48GqVoLEt/7wg2B7WR73f21nGSTMUP+nzDSE8W JwkGRIP8aT6eiHfh8zHj83Ey0r4IZ9g/OlMzyqCq7jDRzPo3fmy6Z3tJePGFO5Qg nYmZwQA9DA+ANUi0A9BqNvgofguXh9KxIk5k2Gd2M8P5OBPvcXuVBuXtARwPljVw 7wA+niYFUyjkL1rgj1eBdiwzzldyUJiGC4/cve2fkmQyXqtocTqWjQTEXa1zYRGn zRsCCyRdD0lJl/DqKTHspPyM/BAbWJbVnUPZ0Kn0LJAcvaUuOH+U4UAJTCshzaNM XzuAHx39Hh90SbRYvikASBPJX3s1jhOBTuJkH6qWjgtgQfSyElvujHqzOwUr73xX K5Ew9wDBAEbC5JDs4pLZGBQLUWmocQdAKRikPkScSqTpU+s/RIgwzg7uGsVK2tSo dO7zN6Q08NusJT6T4c7AYgSEHiLsH0rIHA7jY/x9roZ+X57Hg36YRGLdIL5UG74k 1dIgRZh4CpJZdmD28x5lW5Zk2oKE+x3GDhiZKuhoKJBSfH4CbNbHc3n4PkAIlBAD i2oxEkO20DwuJTiVmsQvDmYRWLOaSvA6Ffi02H78LQ3+QCFjXdKLIsm5Ex3wD7Me p+tSaEI4OE3VeaFY5xXnr20PIVe/7cf7TUAseyLB59vQk17tSIk= =dToJ -END PGP SIGNATURE-
linux_6.1.52-1_source.changes is NEW
Mapping stable-security to proposed-updates. binary:affs-modules-6.1.0-12-4kc-malta-di is NEW. binary:affs-modules-6.1.0-12-5kc-malta-di is NEW. binary:affs-modules-6.1.0-12-loongson-3-di is NEW. binary:affs-modules-6.1.0-12-mips32r2el-di is NEW. binary:affs-modules-6.1.0-12-mips64r2el-di is NEW. binary:affs-modules-6.1.0-12-octeon-di is NEW. binary:ata-modules-6.1.0-12-4kc-malta-di is NEW. binary:ata-modules-6.1.0-12-5kc-malta-di is NEW. binary:ata-modules-6.1.0-12-armmp-di is NEW. binary:ata-modules-6.1.0-12-loongson-3-di is NEW. binary:ata-modules-6.1.0-12-mips32r2el-di is NEW. binary:ata-modules-6.1.0-12-mips64r2el-di is NEW. binary:ata-modules-6.1.0-12-octeon-di is NEW. binary:ata-modules-6.1.0-12-powerpc64le-di is NEW. binary:btrfs-modules-6.1.0-12-4kc-malta-di is NEW. binary:btrfs-modules-6.1.0-12-5kc-malta-di is NEW. binary:btrfs-modules-6.1.0-12-armmp-di is NEW. binary:btrfs-modules-6.1.0-12-loongson-3-di is NEW. binary:btrfs-modules-6.1.0-12-marvell-di is NEW. binary:btrfs-modules-6.1.0-12-mips32r2el-di is NEW. binary:btrfs-modules-6.1.0-12-mips64r2el-di is NEW. binary:btrfs-modules-6.1.0-12-octeon-di is NEW. binary:btrfs-modules-6.1.0-12-powerpc64le-di is NEW. binary:btrfs-modules-6.1.0-12-s390x-di is NEW. binary:cdrom-core-modules-6.1.0-12-4kc-malta-di is NEW. binary:cdrom-core-modules-6.1.0-12-5kc-malta-di is NEW. binary:cdrom-core-modules-6.1.0-12-armmp-di is NEW. binary:cdrom-core-modules-6.1.0-12-loongson-3-di is NEW. binary:cdrom-core-modules-6.1.0-12-marvell-di is NEW. binary:cdrom-core-modules-6.1.0-12-mips32r2el-di is NEW. binary:cdrom-core-modules-6.1.0-12-mips64r2el-di is NEW. binary:cdrom-core-modules-6.1.0-12-octeon-di is NEW. binary:cdrom-core-modules-6.1.0-12-powerpc64le-di is NEW. binary:cdrom-core-modules-6.1.0-12-s390x-di is NEW. binary:crc-modules-6.1.0-12-4kc-malta-di is NEW. binary:crc-modules-6.1.0-12-5kc-malta-di is NEW. binary:crc-modules-6.1.0-12-armmp-di is NEW. binary:crc-modules-6.1.0-12-loongson-3-di is NEW. binary:crc-modules-6.1.0-12-marvell-di is NEW. binary:crc-modules-6.1.0-12-mips32r2el-di is NEW. binary:crc-modules-6.1.0-12-mips64r2el-di is NEW. binary:crc-modules-6.1.0-12-octeon-di is NEW. binary:crc-modules-6.1.0-12-powerpc64le-di is NEW. binary:crc-modules-6.1.0-12-s390x-di is NEW. binary:crypto-dm-modules-6.1.0-12-4kc-malta-di is NEW. binary:crypto-dm-modules-6.1.0-12-5kc-malta-di is NEW. binary:crypto-dm-modules-6.1.0-12-armmp-di is NEW. binary:crypto-dm-modules-6.1.0-12-loongson-3-di is NEW. binary:crypto-dm-modules-6.1.0-12-marvell-di is NEW. binary:crypto-dm-modules-6.1.0-12-mips32r2el-di is NEW. binary:crypto-dm-modules-6.1.0-12-mips64r2el-di is NEW. binary:crypto-dm-modules-6.1.0-12-octeon-di is NEW. binary:crypto-dm-modules-6.1.0-12-powerpc64le-di is NEW. binary:crypto-dm-modules-6.1.0-12-s390x-di is NEW. binary:crypto-modules-6.1.0-12-4kc-malta-di is NEW. binary:crypto-modules-6.1.0-12-5kc-malta-di is NEW. binary:crypto-modules-6.1.0-12-armmp-di is NEW. binary:crypto-modules-6.1.0-12-loongson-3-di is NEW. binary:crypto-modules-6.1.0-12-marvell-di is NEW. binary:crypto-modules-6.1.0-12-mips32r2el-di is NEW. binary:crypto-modules-6.1.0-12-mips64r2el-di is NEW. binary:crypto-modules-6.1.0-12-octeon-di is NEW. binary:crypto-modules-6.1.0-12-powerpc64le-di is NEW. binary:crypto-modules-6.1.0-12-s390x-di is NEW. binary:dasd-extra-modules-6.1.0-12-s390x-di is NEW. binary:dasd-modules-6.1.0-12-s390x-di is NEW. binary:efi-modules-6.1.0-12-armmp-di is NEW. binary:event-modules-6.1.0-12-4kc-malta-di is NEW. binary:event-modules-6.1.0-12-5kc-malta-di is NEW. binary:event-modules-6.1.0-12-armmp-di is NEW. binary:event-modules-6.1.0-12-loongson-3-di is NEW. binary:event-modules-6.1.0-12-marvell-di is NEW. binary:event-modules-6.1.0-12-mips32r2el-di is NEW. binary:event-modules-6.1.0-12-mips64r2el-di is NEW. binary:event-modules-6.1.0-12-octeon-di is NEW. binary:event-modules-6.1.0-12-powerpc64le-di is NEW. binary:ext4-modules-6.1.0-12-4kc-malta-di is NEW. binary:ext4-modules-6.1.0-12-5kc-malta-di is NEW. binary:ext4-modules-6.1.0-12-armmp-di is NEW. binary:ext4-modules-6.1.0-12-loongson-3-di is NEW. binary:ext4-modules-6.1.0-12-marvell-di is NEW. binary:ext4-modules-6.1.0-12-mips32r2el-di is NEW. binary:ext4-modules-6.1.0-12-mips64r2el-di is NEW. binary:ext4-modules-6.1.0-12-octeon-di is NEW. binary:ext4-modules-6.1.0-12-powerpc64le-di is NEW. binary:ext4-modules-6.1.0-12-s390x-di is NEW. binary:f2fs-modules-6.1.0-12-4kc-malta-di is NEW. binary:f2fs-modules-6.1.0-12-5kc-malta-di is NEW. binary:f2fs-modules-6.1.0-12-armmp-di is NEW. binary:f2fs-modules-6.1.0-12-loongson-3-di is NEW. binary:f2fs-modules-6.1.0-12-marvell-di is NEW. binary:f2fs-modules-6.1.0-12-mips32r2el-di is NEW. binary:f2fs-modules-6.1.0-12-mips64r2el-di is NEW. binary:f2fs-modules-6.1.0-12-octeon-di is NEW. binary:f2fs-modules-6.1.0-12-powerpc64le-di is NEW. binary:f2fs-modules-6.1.0-12-s390x-di is NEW. binary:fancontrol-modules-6.1.0-12-powerpc64le-di is NEW.
Processed: closing 1022159
Processing commands for cont...@bugs.debian.org: > close 1022159 Bug #1022159 [src:linux] bugs.debian.org: I upgraded to kernel 5.10.0-19 and Debian no longer works Marked Bug as done > thanks Stopping processing here. Please contact me if you need assistance. -- 1022159: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022159 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: reassign 1016874 to src:linux
Processing commands for cont...@bugs.debian.org: > reassign 1016874 src:linux Bug #1016874 [bugs.debian.org] bugs.debian.org: PC unable to boot after package update Bug reassigned from package 'bugs.debian.org' to 'src:linux'. Ignoring request to alter found versions of bug #1016874 to the same values previously set Ignoring request to alter fixed versions of bug #1016874 to the same values previously set > thanks Stopping processing here. Please contact me if you need assistance. -- 1016874: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016874 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: reassign 1022159 to src:linux
Processing commands for cont...@bugs.debian.org: > reassign 1022159 src:linux Bug #1022159 [bugs.debian.org] bugs.debian.org: I upgraded to kernel 5.10.0-19 and Debian no longer works Bug reassigned from package 'bugs.debian.org' to 'src:linux'. Ignoring request to alter found versions of bug #1022159 to the same values previously set Ignoring request to alter fixed versions of bug #1022159 to the same values previously set > thanks Stopping processing here. Please contact me if you need assistance. -- 1022159: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022159 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: reassign 1024006 to src:linux
Processing commands for cont...@bugs.debian.org: > reassign 1024006 src:linux Bug #1024006 [bugs.debian.org] bugs.debian.org: Waking up from sleep causes laptop to irrecoverably freeze Bug reassigned from package 'bugs.debian.org' to 'src:linux'. Ignoring request to alter found versions of bug #1024006 to the same values previously set Ignoring request to alter fixed versions of bug #1024006 to the same values previously set > thanks Stopping processing here. Please contact me if you need assistance. -- 1024006: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024006 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: reassign 1041960 to src:linux
Processing commands for cont...@bugs.debian.org: > reassign 1041960 src:linux Bug #1041960 [linux] bugs.debian.org: Missing 'boot messages' between grub screen and desktop showing up. Bug reassigned from package 'linux' to 'src:linux'. Ignoring request to alter found versions of bug #1041960 to the same values previously set Ignoring request to alter fixed versions of bug #1041960 to the same values previously set > thanks Stopping processing here. Please contact me if you need assistance. -- 1041960: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041960 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: reassign 1041960 to linux
Processing commands for cont...@bugs.debian.org: > reassign 1041960 linux Bug #1041960 [bugs.debian.org] bugs.debian.org: Missing 'boot messages' between grub screen and desktop showing up. Bug reassigned from package 'bugs.debian.org' to 'linux'. Ignoring request to alter found versions of bug #1041960 to the same values previously set Ignoring request to alter fixed versions of bug #1041960 to the same values previously set > thanks Stopping processing here. Please contact me if you need assistance. -- 1041960: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041960 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
iproute2_6.5.0-1_source.changes ACCEPTED into unstable
Thank you for your contribution to Debian. Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 09 Sep 2023 16:32:54 +0100 Source: iproute2 Architecture: source Version: 6.5.0-1 Distribution: unstable Urgency: medium Maintainer: Debian Kernel Team Changed-By: Luca Boccassi Closes: 1050442 Changes: iproute2 (6.5.0-1) unstable; urgency=medium . [ Luca Boccassi ] * Use wildcard for Lintian overrides . [ Peter Kvillegård ] * Add Swedish translation of debconf messages (Closes: #1050442) . [ Luca Boccassi ] * Update upstream source from tag 'upstream/6.5.0' * Use cap_bpf instead of cap_sys_admin for ip vrf-exec * Package-provided config files are now shipped in /usr/iproute2 instead of /etc/iproute2 Checksums-Sha1: 7fc3f84a96fc1abc08e91924d1dfc43dfa551871 2246 iproute2_6.5.0-1.dsc bfae322d5ac8949254b52ae77c992f8fdc953a35 925940 iproute2_6.5.0.orig.tar.xz 60829054b14c13de4852fa04e0d8d41ff179a9ec 37524 iproute2_6.5.0-1.debian.tar.xz 9c3652186e9d3119cf020070d39343e6b278e444 7519 iproute2_6.5.0-1_source.buildinfo Checksums-Sha256: a30462a0872c663b81362f428b01b2cc64be213b9b463810e256c109b3e2 2246 iproute2_6.5.0-1.dsc a70179085fa1b96d3c33b040c809b75e2b57563adc505a4ad05e2609df373463 925940 iproute2_6.5.0.orig.tar.xz 7341d923681d6856e5a695539840061ee6642d7f026950f0d522fc4b6ceae277 37524 iproute2_6.5.0-1.debian.tar.xz b0ee5b4d6d5e3cf40305ce5cc8bcbcc6e72f1cef8684398fcb9295cfa940dd80 7519 iproute2_6.5.0-1_source.buildinfo Files: 93bd20bc7016cf0958a4af0c13f38fee 2246 net optional iproute2_6.5.0-1.dsc ae811fc51b3a2c9c7701be308152c45a 925940 net optional iproute2_6.5.0.orig.tar.xz 0424aadeba3275f40e1486fe987aee11 37524 net optional iproute2_6.5.0-1.debian.tar.xz 993299359eafcacbd89d92f7d203 7519 net optional iproute2_6.5.0-1_source.buildinfo -BEGIN PGP SIGNATURE- iQJFBAEBCgAvFiEErCSqx93EIPGOymuRKGv37813JB4FAmT8kxERHGJsdWNhQGRl Ymlhbi5vcmcACgkQKGv37813JB5PaxAArmgzOBtsc/iPxXxBkYSbam2t2QNl99xV 2J/Th0R8kfYLdjFfq7ZuLiKBi21dJo46/O32Y91JcSQKgcxGqKAn+mQk4EF8visU Qt6brDlcYwP4aPekYkncF8gfV00zkby5ncs7h+0Fs1kkAKCEU7JLxyK5jOi2pQHp MCGTXS7L1QF/bvtqQJ83FehFe6vjQRj/D4FI/J3ahdXJxxhVvNdQhhVHQG4X7/ox ShrjfIcTiz9HPlEu/rkn+Xnb3/RBU1Cwq4VpRWSnsedyOlZxaD2xKUajJtBAoIWj KMtv3OyRdv5HCxs/+p6ozrYxRTVV2GzXWbu4I+c9GiL5zYbDkVSP2ndxMupNWJAI gHgtInnhT5NFXrvIck+b9dfOHzfc4WHJopFQ++u/fog2rJSr2MKjUaR2MSvCRxr2 Ntid7Nl6xL1WAVpWCd9sgTD1vyCVJev25qaCqkRVyP6QxbnUJujHFQ08SNYgMb1y F1Wu8b3Y1k86YvE+u4OTfyB3vIsG8/nuhi3D2s3NPB0hp5lQM1E2ivcpRfqvVcPn buiJbFqnwPUI5KDOa7NgOijDJXGL3vy80Ylo1lCtSH/iHrIU7WFp8tfP5MHalYrc 9/mofU8oIBlVboKIm3hxqwblCGXI9oXQcsNtemzlLFfW84fwXuaPSrhjSBQJx8gq ze8vy1kV+KU= =DyaJ -END PGP SIGNATURE-
Processing of iproute2_6.5.0-1_source.changes
iproute2_6.5.0-1_source.changes uploaded successfully to localhost along with the files: iproute2_6.5.0-1.dsc iproute2_6.5.0.orig.tar.xz iproute2_6.5.0-1.debian.tar.xz iproute2_6.5.0-1_source.buildinfo Greetings, Your Debian queue daemon (running on host usper.debian.org)
Bug#1050442: marked as done (iproute2: [INTL:sv] Swedish translation of debconf messages)
Your message dated Sat, 09 Sep 2023 16:04:29 + with message-id and subject line Bug#1050442: fixed in iproute2 6.5.0-1 has caused the Debian Bug report #1050442, regarding iproute2: [INTL:sv] Swedish translation of debconf messages to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1050442: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050442 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: iproute2 Version: 6.4.0-1 Severity: wishlist Tags: l10n patch X-Debbugs-Cc: peterkvilleg...@posteo.net Dear Maintainer, Please copy the attachment into debian/po/sv.po It's been reviewed by the Swedish translation team, tested with msgfmt -c -v -o /dev/null sv.po, and is in UTF-8. Regards, Peter Kvillegård # Swedish translation of iproute2 debconf messages # Copyright (C) The iproute2 package copyright holders # This file is distributed under the same license as the iproute2 package. # Peter Kvillegård , 2023. # msgid "" msgstr "" "Project-Id-Version: iproute2 6.4.0-1\n" "Report-Msgid-Bugs-To: iprou...@packages.debian.org\n" "POT-Creation-Date: 2018-04-12 12:01+0100\n" "PO-Revision-Date: 2023-08-21 19:02+0200\n" "Last-Translator: Peter Kvillegård \n" "Language-Team: Swedish \n" "Language: sv\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Generator: Poedit 3.2.2\n" #. Type: boolean #. Description #: ../iproute2.templates:1001 msgid "Allow ordinary users to run ip vrf exec using capabilities?" msgstr "" "Tillåt vanliga användare att köra ip vrf exec genom att använda förmågor " "(capabilities)?" #. Type: boolean #. Description #: ../iproute2.templates:1001 msgid "" "iproute2 can be used to configure and use Virtual Routing and Forwarding " "(VRF) functionality in the kernel. This normally requires root permissions, " "but sometimes it's useful to allow ordinary users to execute commands from " "inside a virtual routing and forwarding domain. E.g. ip vrf exec examplevrf " "ping 10.0.0.1" msgstr "" "iproute2 kan användas för att konfigurera och använda kärnans funktioner för " "virtuell dirigering och vidarebefordran (Virtual Routing and Forwarding " "(VRF)). Detta kräver vanligen root-rättigheter, men ibland är det användbart " "att tillåta vanliga användare att köra kommandon inifrån en domän för " "virtuell dirigering och vidarebefordran. Till exempel ip vrf exec exempelvrf " "ping 10.0.0.1" #. Type: boolean #. Description #: ../iproute2.templates:1001 msgid "" "The ip command supports dropping capabilities, making an exception for ip " "vrf exec. The drawback of setting the permissions is that if in the unlikely " "case of a security critical bug being found before the ip command has " "dropped capabilities then it could be used by an attacker to gain root " "permissions. It's up to you to decide about the trade-offs and select the " "best setting for your system. This will give cap_dac_override, cap_net_admin " "and cap_sys_admin to /bin/ip." msgstr "" "Kommandot ip stödjer att ta bort förmågor (capabilities) med undantag för ip " "vrf exec. Nackdelen med att ställa in rättigheterna är att i den osannolika " "händelsen av att ett kritiskt säkerhetsfel hittas innan ip har tagit bort " "förmågor, så kan det användas av en angripare för att få root-rättigheter. " "Det är upp till dig att göra en avvägning och välja vad som passar bäst för " "ditt system. Detta kommer att ge förmågorna cap_dac_override, cap_net_admin, " "och cap_sys_admin till /bin/ip." #. Type: boolean #. Description #: ../iproute2.templates:1001 msgid "" "More information about VRF can be found at: https://www.kernel.org/doc/; "Documentation/networking/vrf.txt" msgstr "" "Mer information om virtuell dirigering och vidarebefordran (VRF) kan hittas " "på https://www.kernel.org/doc/Documentation/networking/vrf.txt; --- End Message --- --- Begin Message --- Source: iproute2 Source-Version: 6.5.0-1 Done: Luca Boccassi We believe that the bug you reported is fixed in the latest version of iproute2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1050...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Luca Boccassi (supplier of updated iproute2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the
Processed: limit source to linux, tagging 1041007
Processing commands for cont...@bugs.debian.org: > limit source linux Limiting to bugs with field 'source' containing at least one of 'linux' Limit currently set to 'source':'linux' > tags 1041007 + pending Bug #1041007 [src:linux] linux-image-6.1.0-0.deb11.7-amd64: Please enable TPM hardware RNG support (CONFIG_HW_RANDOM_TPM) Bug #1051535 [src:linux] linux: HW_RANDOM_TPM disabled due to IMA=y Added tag(s) pending. Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 1041007: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041007 1051535: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051535 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Re: Releasing linux/6.1.52-1 bookworm-security update without armel build, Image size problems
On Sat, Sep 09, 2023 at 11:42:45AM +0200, Bastian Blank wrote: > Hi > > On Sat, Sep 09, 2023 at 11:13:56AM +0200, Paul Gevers wrote: > > If we're now reaching the final limit and if it was foreseeable that we > > would reach that limit, then yes it would have made sense to drop armel > > *before* the bookworm release, but alas. If the kernel team can't support > > the kernel on armel, than armel shouldn't be a release architecture for > > trixie. If it's only some devices, than we "just" need to communicate that > > clearly. > > We have two armel kernel currently: > - "rpi", for Raspberry Pi 1 and related devices. > > The second one is for the original Raspberry Pi 1 type. There we don't > have any size limits, as the kernel is loaded from a file system. > However those systems contain a ARMv6 CPU. So our armel port is only > partially usable anyway, as is is built for ARMv4. There exists with > Raspbian a better suited forked distribution with ARMv6 as target. > No - Raspbian contains commercial software now by default. We have to use Raspberry Pi firmware but Raspberry pi is *not* purely ARM v6 it's ARM v6 with hardware floating point - and therefore incompatible with Debian and every other ARM v6 version. Although it is less than optimal, it is still perfectly supportable by all the packages in armel. > So yes there is a small number of devices we can still support with the > armel port, but where we are a bad choice. > See above: note that the Raspberry Pi Zero (original version) is still very much in production and is 32 bit and ARM v6 hardware floating point. It is still a prime target for armel - and the number of devices produced is not small. > Everything newer is ARMv7, supported by the armhf port, or ARMv8, > supported by the arm64 port. > > Latest popcon for stable is: > > linux-image-marvell: 31 > linux-image-rpi: 7 > > Debian itself does not have any armel hardware. Everything is done on > armhf or arm64. Sadly the armhf supporting systems are already in the > progress of drying up. Even some ARMv8 vendors do not longer include > 32bit support. > This is, unfortunately, the case. I'm not sure where our sd card images are built but the Raspberry Pi iamges are built from Gunnar Wolf's scripts primarily for everything prior to RPi4. All best, as ever, Andy [amaca...@debian.org] > Bastian > > -- > Each kiss is as the first. > -- Miramanee, Kirk's wife, "The Paradise Syndrome", > stardate 4842.6 >
Bug#1051535: linux: HW_RANDOM_TPM disabled due to IMA=y
Hi, Thanks for the report. On Sat, Sep 09, 2023 at 12:38:21PM +0100, Tj wrote: > Source: linux > Severity: normal > > Working with a Debian user in Matrix channel #Debian where they report > that the TPM hardware random number generator that was available in > v5.10* series is missing from v6.1* series for the amd64 kernel. > > After examining the Kconfig options and the Debian configs I found that > due to commit 6e679322d7d "Re-enable IMA" that possibly inadvertently > it disabled HW_RANDOM_TPM. > > The reason being that we have: > > config HW_RANDOM_TPM > bool "TPM HW Random Number Generator support" > depends on TCG_TPM && HW_RANDOM && !(TCG_TPM=y && HW_RANDOM=m) > > And when IMA=y that does: > > config IMA > bool "Integrity Measurement Architecture(IMA)" > ... > select TCG_TPM if HAS_IOMEM > > And `select` will force the target to the same value as this option. > > TCG_TPM is tri-state (n,y,m) but IMA is boolean (n,y) so this select > forces TCG_TPM=y. > > so !(TCG_TPM=y && HW_RANDOM=m) is true and therefore HW_RANDOM_TPM is > not set. > > $ grep -rnE 'CONFIG_(IMA|TCG_TPM|HW_RANDOM)=' debian/config > /boot/config-6.1.0-11-amd64 > debian/config/config:457:CONFIG_HW_RANDOM=m > debian/config/config:7752:CONFIG_IMA=y > debian/config/arm64/config:172:CONFIG_TCG_TPM=m > debian/config/kernelarch-x86/config:332:CONFIG_TCG_TPM=m > debian/config/config.cloud:149:CONFIG_TCG_TPM=m > /boot/config-6.1.0-11-amd64:4324:CONFIG_HW_RANDOM=m > /boot/config-6.1.0-11-amd64:4352:CONFIG_TCG_TPM=y > /boot/config-6.1.0-11-amd64:9774:CONFIG_IMA=y The issue is handled already in #1041007, so merging both. There is a MR to get the change first in unstable: https://salsa.debian.org/kernel-team/linux/-/merge_requests/821 after that it can go into bookworm (likely in the next bookworm point release). Regards, Salvatore
Processed: forcibly merging 1041007 1051535
Processing commands for cont...@bugs.debian.org: > forcemerge 1041007 1051535 Bug #1041007 [src:linux] linux-image-6.1.0-0.deb11.7-amd64: Please enable TPM hardware RNG support (CONFIG_HW_RANDOM_TPM) Bug #1051535 [src:linux] linux: HW_RANDOM_TPM disabled due to IMA=y Marked as found in versions linux/6.1.20-2~bpo11+1. Merged 1041007 1051535 > thanks Stopping processing here. Please contact me if you need assistance. -- 1041007: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041007 1051535: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051535 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1051535: linux: HW_RANDOM_TPM disabled due to IMA=y
Source: linux Severity: normal Working with a Debian user in Matrix channel #Debian where they report that the TPM hardware random number generator that was available in v5.10* series is missing from v6.1* series for the amd64 kernel. After examining the Kconfig options and the Debian configs I found that due to commit 6e679322d7d "Re-enable IMA" that possibly inadvertently it disabled HW_RANDOM_TPM. The reason being that we have: config HW_RANDOM_TPM bool "TPM HW Random Number Generator support" depends on TCG_TPM && HW_RANDOM && !(TCG_TPM=y && HW_RANDOM=m) And when IMA=y that does: config IMA bool "Integrity Measurement Architecture(IMA)" ... select TCG_TPM if HAS_IOMEM And `select` will force the target to the same value as this option. TCG_TPM is tri-state (n,y,m) but IMA is boolean (n,y) so this select forces TCG_TPM=y. so !(TCG_TPM=y && HW_RANDOM=m) is true and therefore HW_RANDOM_TPM is not set. $ grep -rnE 'CONFIG_(IMA|TCG_TPM|HW_RANDOM)=' debian/config /boot/config-6.1.0-11-amd64 debian/config/config:457:CONFIG_HW_RANDOM=m debian/config/config:7752:CONFIG_IMA=y debian/config/arm64/config:172:CONFIG_TCG_TPM=m debian/config/kernelarch-x86/config:332:CONFIG_TCG_TPM=m debian/config/config.cloud:149:CONFIG_TCG_TPM=m /boot/config-6.1.0-11-amd64:4324:CONFIG_HW_RANDOM=m /boot/config-6.1.0-11-amd64:4352:CONFIG_TCG_TPM=y /boot/config-6.1.0-11-amd64:9774:CONFIG_IMA=y -- System Information: Debian Release: 12.1 Architecture: amd64 (x86_64) Foreign Architectures: i386
Re: Releasing linux/6.1.52-1 bookworm-security update without armel build, Image size problems
Hi, On Sat, Sep 09, 2023 at 11:49:11AM +0300, Adrian Bunk wrote: > On Sat, Sep 09, 2023 at 10:15:59AM +0200, Salvatore Bonaccorso wrote: > >... > > - Relese the DSA without armel builds. This is not optimal and for the > > point release > > we need to have to have all builds, but this gives people who still are > > interested > > in this architecture to step up and propose a fix for the problem, > > otherwise then > > disable the image size check, and then effectively dropping some support. > >... > > armel people, can you have ideally look at it ASAP on the comments > > please, I would not like to delay the DSA for linux on > > bookworm-security too much. > > Releasing this DSA without armel and sorting out the issue for the point > release sounds like the best option to me. FWIW, following Ben's aproach for unstable, here is my proposed change for bookworm in the near-term: https://salsa.debian.org/kernel-team/linux/-/merge_requests/844 I have verified by cross-building that the image size goes down to Image size 2644124/2729712, using 96.86%. Image fits. Continuing. which would be sufficient so far. So we can at least include the above for the point release and releasing the DSA earlier without the armel builds. Thank you! Regards, Salvatore
Re: Releasing linux/6.1.52-1 bookworm-security update without armel build, Image size problems
Hi On Sat, Sep 09, 2023 at 11:13:56AM +0200, Paul Gevers wrote: > If we're now reaching the final limit and if it was foreseeable that we > would reach that limit, then yes it would have made sense to drop armel > *before* the bookworm release, but alas. If the kernel team can't support > the kernel on armel, than armel shouldn't be a release architecture for > trixie. If it's only some devices, than we "just" need to communicate that > clearly. We have two armel kernel currently: - "marvell", for some CPU from Marvell, and - "rpi", for Raspberry Pi 1 and related devices. The first one is the one with included size limitations, because those load the kernel from a pre-defined flash partition, whose size can't be easily changed by the user. This one is now overflowing for the second to last documented one in the kernel package config. The second one is for the original Raspberry Pi 1 type. There we don't have any size limits, as the kernel is loaded from a file system. However those systems contain a ARMv6 CPU. So our armel port is only partially usable anyway, as is is built for ARMv4. There exists with Raspbian a better suited forked distribution with ARMv6 as target. So yes there is a small number of devices we can still support with the armel port, but where we are a bad choice. Everything newer is ARMv7, supported by the armhf port, or ARMv8, supported by the arm64 port. Latest popcon for stable is: linux-image-marvell: 31 linux-image-rpi: 7 Debian itself does not have any armel hardware. Everything is done on armhf or arm64. Sadly the armhf supporting systems are already in the progress of drying up. Even some ARMv8 vendors do not longer include 32bit support. Bastian -- Each kiss is as the first. -- Miramanee, Kirk's wife, "The Paradise Syndrome", stardate 4842.6
Re: Releasing linux/6.1.52-1 bookworm-security update without armel build, Image size problems
Hi Salvatore, On 09-09-2023 10:15, Salvatore Bonaccorso wrote: but should have been support for armel been dropped earlier and should we do it for trixie The kernel for armel went over some hardware limits before (I was affected with my NAS, where I couldn't upgrade the kernel to bullseye as documented in the release notes [1]). Is the current situation reaching the limit for all armel devices, or "just" for some and are the others probably fine for some years to come? If we're now reaching the final limit and if it was foreseeable that we would reach that limit, then yes it would have made sense to drop armel *before* the bookworm release, but alas. If the kernel team can't support the kernel on armel, than armel shouldn't be a release architecture for trixie. If it's only some devices, than we "just" need to communicate that clearly. I don't have a clear advice for the current situation in security and the next point release, let's hope you can stretch the situation a bit longer. I recall that the kernel package has safety checks in place and refuses to *try* to install the kernel if it doesn't fit on the hardware. That means that you don't cripple the hardware of affected people, but "merely" can't give them security support? I guess it would be possible (as long as support lasts; no LTS support) for effected systems to run the security supported bullseye kernel. Paul [1] https://www.debian.org/releases/bullseye/armel/release-notes/ch-information.en.html#no-longer-supported-hardware OpenPGP_signature.asc Description: OpenPGP digital signature
Re: Releasing linux/6.1.52-1 bookworm-security update without armel build, Image size problems
On Sat, Sep 09, 2023 at 10:15:59AM +0200, Salvatore Bonaccorso wrote: >... > - Relese the DSA without armel builds. This is not optimal and for the point > release > we need to have to have all builds, but this gives people who still are > interested > in this architecture to step up and propose a fix for the problem, > otherwise then > disable the image size check, and then effectively dropping some support. >... > armel people, can you have ideally look at it ASAP on the comments > please, I would not like to delay the DSA for linux on > bookworm-security too much. Releasing this DSA without armel and sorting out the issue for the point release sounds like the best option to me. > Thanks for having a look, > > Regards, > Salvatore cu Adrian
Releasing linux/6.1.52-1 bookworm-security update without armel build, Image size problems
Hi all,
We have problem with the image size of armel builds in bookworm. There
is a pending bookworm-security linux update pending which is currently
blocked due to armel FTBFS due to the image size increase:
https://people.debian.org/~carnil/buildd-logs/linux/linux_6.1.52-1_armel-2023-09-07T08:53:41Z.gz
debian/bin/buildcheck.py debian/build/build_armel_none_marvell armel none
marvell
Can't read ABI reference. ABI not checked!
Image size 2753652/2729712, using 100.88%. Too large. Refusing to continue.
make[2]: *** [debian/rules.real:169: debian/stamps/build_armel_none_marvell]
Error 1
make[2]: Leaving directory '/<>'
make[1]: *** [debian/rules.gen:1615: build-arch_armel_none_marvell_real_image]
Error 2
make[1]: Leaving directory '/<>'
make: *** [debian/rules:39: build-arch] Error 2
dpkg-buildpackage: error: debian/rules binary-arch subprocess returned exit
status 2
In fact we are already too narrow to 100% in any case, but there was a
bump between 6.1.41 and 6.1.42 upstream AFAICS:
6.1.52-1 Image size 2751596/2729712, using 100.80%. Too large. Refusing to
continue.
6.1.51-1 Image size 2752212/2729712, using 100.82%. Too large. Refusing to
continue.
6.1.47-1 Image size 2752676/2729712, using 100.84%. Too large. Refusing to
continue.
6.1.45-1 Image size 2751292/2729712, using 100.79%. Too large. Refusing to
continue.
6.1.43-1 Image size 2751348/2729712, using 100.79%. Too large. Refusing to
continue.
6.1.42-1 Image size 2752924/2729712, using 100.85%. Too large. Refusing to
continue.
6.1.41-1 Image size 2701348/2729712, using 98.96%. Image fits. Continuing.
6.1.40-1 Image size 2703956/2729712, using 99.06%. Under 1% space in
UNRELEASED. Continuing.
6.1.38-1 Image size 2703076/2729712, using 99.02%. Under 1% space in bookworm.
Continuing.
I doupt anybody is sensibly using armel nowdays under bookworm, so my proposed
course of action for unblock the bookworm-security update is:
Either
- ignore the image size and implicitly drop support for devices which would
break
due to size constraints, the current upper limit is adjusted for the
following:
# Buffalo Linkstation LS-WSXL/WXL/WVL (from stock kernel): 2729776 - 64 =
2729712
or:
- Relese the DSA without armel builds. This is not optimal and for the point
release
we need to have to have all builds, but this gives people who still are
interested
in this architecture to step up and propose a fix for the problem, otherwise
then
disable the image size check, and then effectively dropping some support.
Attached is the result of bloat-o-meter script between 6.1.41 and 6.1.42.
I might put me in a bad spot, but should have been support for armel been
dropped earlier and should we do it for trixie following the same done for
mipsel?
Note that the last time the problem arised already earlier in
experimental and Ben workarounded it there with
https://salsa.debian.org/kernel-team/linux/-/commit/9dfe6d33a4fd220394228b30cbbfdb3b444d36ec
We probably can do that as well here. 60443c88f3a8 ("kallsyms: Improve
the performance of kallsyms_lookup_name()") was in fact backported to
6.1.42. So this is next I would try and disable MPTCP and
FUNCTION_TRACER. But the problem with armel will remain.
armel people, can you have ideally look at it ASAP on the comments
please, I would not like to delay the DSA for linux on
bookworm-security too much.
Thanks for having a look,
Regards,
Salvatore
add/remove: 7/6 grow/shrink: 50/14 up/down: 3772/-2456 (1316)
Function old new delta
check_max_stack_depth_subprog - 720+720
psi_rtpoll_worker - 648+648
update_triggers- 504+504
kallsyms_lookup_names.constprop- 264+264
do_check_common 9892 10068+176
__mark_chain_precision 20082148+140
psi_trigger_create 564 684+120
dquot_writeback_dquots 428 548+120
psi_trigger_destroy 344 448+104
psi_schedule_rtpoll_work - 88 +88
__check_func_call880 968 +88
collect_percpu_times 368 452 +84
is_callback_calling_function - 64 +64
list_add22082256 +48
__inet_hash 436 484 +48
request_key_and_link14041448 +44
kvmalloc_array - 40 +40
bpf_lru_pop_free 708 748 +40
list_add_tail 22682304 +36
ip_send_unicast_reply784 820 +36
psi_avgs_work180 212 +32
bpf_check 10812 10844 +32
