There are 136 open security issues in trixie.
There are 100 open security issues in sid.
There are 1278 open security issues in bullseye.
There are 500 open security issues in bookworm.
You can find information about how to handle these issues in the security team's documentation.
There are 636 open security issues in buster.
commit 5793cdbfeb743605f038060d2f6ede97c0f27f7e
Merge: 0b2447fa1 eb756b0ee
Author: Ben Hutchings <benh@debian.org>
Date: Thu May 8 02:10:38 2025 +0000
Merge branch 'sh4-updates' into 'debian/latest'
Fix sh4 build and disable broken flavour
See merge request kernel-team/linux!1489
commit eb756b0ee1bb2a8e2e4fe05e92e1202e537da6c2
Author: Ben Hutchings <benh@debian.org>
Date: Fri May 2 20:43:26 2025 +0200
[sh4] Enable KERNEL_GZIP instead of KERNEL_XZ
The current sh4 buildds have limited memory, and since upstream commit
8653c9099227 "xz: use 128 MiB dictionary and force single-threaded
mode" xz tries and fails to allocate 1346 MiB for compression.
Switch to gzip compresion, which has much lower memory requirements.
Closes: #1104080
commit 31c8d8856f583744591ded1851af2200b5123f1e
Author: Ben Hutchings <benh@debian.org>
Date: Fri May 2 20:29:20 2025 +0200
[sh4] Disable sh7785lcr flavour which is broken due to size limits
The Renesas SH7785 reference board supported by the sh7785lcr flavour
has a 4 MiB flash partition for the kernel and no partition for an
initramfs. Currently we build a kernel image that requires an
initramfs, and is still larger than 4 MiB, making it unusable on the
target hardware.
This situation will soon be exacerbated because we need to avoid using
xz compression on this architecture due to lack of memory on buildds.
This is apparently a low priority for sh4 porters, so disable the
broken flavour until and unless it can be fixed.
commit 0b2447fa19edc90be801f6b3c6ac9d257e3ca917
Merge: fa6bb7d03 1162c04a1
Author: Salvatore Bonaccorso <carnil@debian.org>
Date: Wed May 7 20:12:04 2025 +0000
Merge branch 'virtio-console-y' into 'debian/latest'
drivers/char/virtio_console: set VIRTIO_CONSOLE=y
See merge request kernel-team/linux!1499
commit 1162c04a1aa8d74e65730079fc6227b40553f981
Author: Ross Vandegrift <ross@kallisti.us>
Date: Mon May 5 18:50:38 2025 -0700
drivers/char/virtio_console: set VIRTIO_CONSOLE=y
This ensures that qemu's virtconsole works regardless of the contents of the
initrd. If the module isn't loaded early enough, then the guest console can
fail. Rather than leaving it up to initrd contents, setting to y ensures the
console will always work.
In addition to the bugs in Closes, this has come up in: #689962 and #989181.
Closes: #989153, #1041891
commit fa6bb7d032f1e140d6230856d56b332f4c2f661b
Merge: 0b230216b e2079fd1a
Author: Salvatore Bonaccorso <carnil@debian.org>
Date: Tue May 6 18:16:08 2025 +0000
Merge branch 'enable-dm-clone' into 'debian/latest'
drivers/md: Enable DM_CLONE as module
See merge request kernel-team/linux!1498
commit e2079fd1a4f3aee8a6824525a64c38f4692e7929
Author: Salvatore Bonaccorso <carnil@debian.org>
Date: Tue May 6 18:34:33 2025 +0200
drivers/md: Enable DM_CLONE as module
Closes: #948782
commit 0b230216be7c53ebd6ab510ed987d6d6cb4aecd2
Merge: 6cac48381 ff88b7b8f
Author: Salvatore Bonaccorso <carnil@debian.org>
Date: Sat May 3 13:18:48 2025 +0000
Merge branch 'enable-uclamp-task' into 'debian/latest'
init: Enable UCLAMP_TASK and UCLAMP_TASK_GROUP (Utilization clamping)
See merge request kernel-team/linux!1492
commit ff88b7b8fb87fe2618926cf69f5ca066428b3456
Author: Salvatore Bonaccorso <carnil@debian.org>
Date: Fri May 2 23:34:24 2025 +0200
init: Enable UCLAMP_TASK and UCLAMP_TASK_GROUP (Utilization clamping)
Closes: #1036666
commit 6cac483810c5ea4504755f027b7ea3abc8761a76
Merge: 2e158f264 3cdb20cf9
Author: Ben Hutchings <benh@debian.org>
Date: Fri May 2 22:42:30 2025 +0200
Merge branch 'enable-ipv6-rpl-lwtunnel' into debian/latest
net/ipv6: Enable IPV6_RPL_LWTUNNEL
See merge request kernel-team/linux!1488
commit 2e158f26477b56ff16f44476f2bf418e9c13fcfa
Merge: 1cc75b331 fb9e9b441
Author: Ben Hutchings <benh@debian.org>
Date: Fri May 2 22:32:25 2025 +0200
Merge branch 'lintian-fixes' into debian/latest
Fix various lintian errors and warnings
See merge request kernel-team/linux!1466
commit 1cc75b331a54f108f3d724f6a1f32ab4d96083d3
Merge: dfcae3513 4d26a01f3
Author: Ben Hutchings <benh@debian.org>
Date: Fri May 2 22:24:47 2025 +0200
Merge branch 'udeb-mtk-cmdq-mailbox' into debian/latest
[arm64] udeb: Add mtk-cmdq-mailbox to kernel-image
See merge request kernel-team/linux!1471
commit 3cdb20cf91dae7d41cbabd66bc84b17577285994
Author: Salvatore Bonaccorso <carnil@debian.org>
Date: Fri May 2 17:50:44 2025 +0200
net/ipv6: Enable IPV6_RPL_LWTUNNEL
Closes: #1027861
commit fb9e9b44141a5e091c2d03a718945842583bd203
Author: Ben Hutchings <benh@debian.org>
Date: Sun Apr 20 16:08:09 2025 +0200
linux-doc: Use dh_sphinxdoc to replace embedded Javascript
Sphinx copies some static Javascript into the output directory, which
is against Debian policy. We also don't have a Built-Using reference
to the Sphinx packages.
Use dh_sphinxdoc to replace the copies with symlinks, and add the
required Depends and Built-Using fields to the linux-doc control
template.
Fixes lintian warnings:
W: linux-doc-6.13: embedded-javascript-library please use sphinx [usr/share/doc/linux-doc-6.13/html/_static/doctools.js]
W: linux-doc-6.13: embedded-javascript-library please use sphinx [usr/share/doc/linux-doc-6.13/html/_static/language_data.js]
W: linux-doc-6.13: embedded-javascript-library please use sphinx [usr/share/doc/linux-doc-6.13/html/_static/searchtools.js]
commit bcb3760467ba20c3bd76a171b8469448a3ec9405
Author: Ben Hutchings <benh@debian.org>
Date: Sat Apr 19 03:57:50 2025 +0200
d/rules.real: Exclude vDSOs from processing by dh_makeshlibs
On architectures where we install vDSOs in linux-image-dbg packages,
dh_makeshlibs is wrongly detecting these as shared libraries that
should trigger an ldconfig run. Exclude them by adding the option
-Xvdso.
Fixes lintian warnings like:
W: linux-image-6.13-amd64-dbg: package-has-unnecessary-activation-of-ldconfig-trigger
commit 3c5b464d53c22874275f17a95ecbfdf40dfbc66b
Author: Ben Hutchings <benh@debian.org>
Date: Sat Apr 19 03:14:35 2025 +0200
d/copyright: Replace old FSF addresses with current GNU license URL
We still refer to a snail mail address in the GPL-2 paragraph to get a
copy of the full license. Replace this with the current GNU licenses
URL.
In the LGPL-2.1 paragraph we already made this change but using the
insecure http URL scheme. Change it to https.
Fixes lintian warnings like:
W: bpftool: old-fsf-address-in-copyright-file
commit 693916b11cdf7ae84ba52f320ba333ca01bcdb2a
Author: Ben Hutchings <benh@debian.org>
Date: Sat Apr 19 00:57:01 2025 +0200
[amd64] linux-image-cloud-amd64-dbg: lintian: Drop overrides for vdsox32.so
CONFIG_X86_X32_ABI is not enabled in the cloud-amd64 flavour so we
don't build vdsox32.so. Change the condition for the lintian
overrides on vdsox32.ko to exclude this flavour.
commit 68848a0cb4d4fba8d342d86e7a027d9216278084
Author: Ben Hutchings <benh@debian.org>
Date: Fri Apr 18 23:31:50 2025 +0200
linux-image-dbg: lintian: Drop mismatched override for ...
... wrong-section-according-to-package-name. This was downgraded from
warning to informational in lintian 2.5.69, and at some point the
context generated for it changed format so our override doesn't match,
producing warnings.
I don't think it's worth overriding informational tags, so just remove
the overide.
commit 608d24d6c2272422abed70dafc027dfc5d6f5447
Author: Ben Hutchings <benh@debian.org>
Date: Fri Apr 18 23:21:31 2025 +0200
linux-source: Suggest pkgconf, not the obsolete pkg-config
Fixes lintian warning:
W: linux-source-6.13 depends-on-obsolete-package Suggests: pkg-config => pkgconf
commit beda9cda045179ffa7a3d8aee967fdc613982318
Author: Ben Hutchings <benh@debian.org>
Date: Fri Apr 18 23:12:31 2025 +0200
[ppc64*] linux-image: Fix version in NEWS entry
There was no version 6.10-1~exp2, as specified in the NEWS entry for
these architectures. The changes documented here were released in
version 6.10.1-1~exp1, so specify that version instead.
Fixes lintian warnings like:
W: linux-image-6.13-powerpc64le: debian-news-entry-has-unknown-version 6.10-1~exp2 [usr/share/doc/linux-image-6.13-powerpc64le/NEWS.Debian.gz:1]
commit 107adf8c1a47c2dc8078821c0adaa27cd8f5edbd
Author: Ben Hutchings <benh@debian.org>
Date: Fri Apr 18 23:07:53 2025 +0200
[arm64] linux-perf: Override statically-linked-binary for asm_pure_loop
This is a test program that does not link any libraries, either
statically or dynamically.
commit 44ac5fa729678beba9ccb6e3f44b7a0bb6cee4c3
Author: Ben Hutchings <benh@debian.org>
Date: Fri Apr 18 23:06:14 2025 +0200
[riscv64] linux-image-dbg: lintian: Override shared-library-lacks-stack-section
... for vdso.so, the same as we do for several other architectures.
commit 4f8ecdbb2d8b06f5b8458d95666c270c9553e7aa
Author: Ben Hutchings <benh@debian.org>
Date: Fri Apr 18 23:05:20 2025 +0200
linux-headers: lintian: Override another error and warning for vmlinux
This 'executable' file intentionally contains only BTF sections.
Override the shared-library-lacks-prerequisites warning and
unstripped-binary-or-object error, and add a comment about why this
file is special.
commit 4d26a01f33f3d10cc37a0ada673e2c97b2394acc
Author: Alper Nebi Yasak <alpernebiyasak@gmail.com>
Date: Wed Apr 23 10:46:36 2025 +0300
[arm64] udeb: Add mtk-cmdq-mailbox to kernel-image
The mtk-cmdq-helper driver included in the kernel-image udeb as an SoC
driver used to explicitly depend on mtk-cmdq-mailbox which means the
latter was also included in kernel-image. This dependency is somehow
missing in v6.14, so the latter module ends up being dropped from the
udeb. However, missing this module either breaks or at least degrades
display initialization, so there is an implicit dependency.
Since the mtk-cmdq-mailbox module is already in kernel-image on v6.12
builds, explicitly list it in that module list to fix display on the
installer.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
Among the 78 debian patches available in version 6.12.27-1 of the package, we noticed the following issues:
![[bug history graph]](https://qa.debian.org/data/bts/graphs/l/linux.png){kind=link}