There are 23 open security issues in trixie.
There are 23 open security issues in sid.
There are 1203 open security issues in bullseye.
There are 467 open security issues in bookworm.
You can find information about how to handle these issues in the security team's documentation.
There are 636 open security issues in buster.
commit c38e720aecc836a3d86e79ba374ceb07d6edee10
Author: Uwe Kleine-König <ukleinek@debian.org>
Date: Thu Jan 30 08:05:56 2025 +0100
Stick to default value for RCU_FANOUT
The help text suggests: "The default value of RCU_FANOUT should be used
for production systems". The explicit assignment got this wrong for all
64bit archs apart from amd64.
commit d3cd96a102abb8b4e54cdc634a5dc14e02c05a8c
Merge: 9db6d19d0 f09a1e30f
Author: Uwe Kleine-König <ukleinek@debian.org>
Date: Thu Jan 30 07:57:40 2025 +0100
Merge branch 'lazy_rcu' of salsa.debian.org:bigeasy/linux
commit 9db6d19d0b639b46d30d1a93e69f64311c804c33
Merge: 5df9d9d18 aba51b687
Author: Uwe Kleine-König <ukleinek@debian.org>
Date: Wed Jan 29 22:17:21 2025 +0000
Merge branch 'pmem-u-boot' into 'debian/latest'
[amd64, arm64] Add d-i support for UEFI and U-Boot HTTP boot
See merge request kernel-team/linux!1167
commit aba51b68748f92388618c4084d2d97b5257d1d80
Author: Emanuele Rocca <ema@debian.org>
Date: Thu Aug 22 10:12:51 2024 +0200
[amd64, arm64] Add d-i support for UEFI and U-Boot HTTP boot
UEFI HTTP boot and the U-Boot equivalent work by making the installation media
available as /dev/pmem0. In order for the installer to be able to mount it, we
need to have pmem modules in the installer initrd. Currently, if the installer
is started via HTTP boot it fails to detect installation media.
https://github.com/tianocore/tianocore.github.io/wiki/HTTP-Boot
https://www.linaro.org/blog/ledge-blogs-uefi-http-and-https-boot-in-u-boot/
Related bug: #879106
commit 5df9d9d18b4b5794a49f22ef30cde0bb55e9b2c8
Merge: 68817ea70 704d6285c
Author: Salvatore Bonaccorso <carnil@debian.org>
Date: Sun Jan 26 11:59:12 2025 +0000
Merge branch 'riscv64-6.13' into 'debian/latest'
riscv64 config update for 6.13
See merge request kernel-team/linux!1331
commit 68817ea7077d5e2489841fcf8cd289983a539a7c
Author: Uwe Kleine-König <ukleinek@debian.org>
Date: Wed Jan 22 23:10:53 2025 +0100
[arm64] Enable GPIO_THUNDERX=m as dependency for MMC_CAVIUM_THUNDERX=m
commit 770d496b993cbce4e79b21a993f463b97e86dc5a
Merge: 8a7eb93d4 7d2680c7b
Author: Uwe Kleine-König <ukleinek@debian.org>
Date: Wed Jan 22 22:28:47 2025 +0100
Merge branch 'rockchip-dw-hdmi-qp' of salsa.debian.org:diederik/linux
commit 8a7eb93d4c35a0c87b0f40c099d2132361debcfd
Author: Uwe Kleine-König <ukleinek@debian.org>
Date: Wed Jan 22 22:28:17 2025 +0100
[arm64] Fix ordering in config
This change is presented by kconfigeditor2
commit 704d6285c94aad0bd1f307e87965ddc018c0c8b3
Author: Aurelien Jarno <aurelien@aurel32.net>
Date: Mon Jan 20 06:22:33 2025 +0100
[riscv64] Enable DWMAC_THEAD and THEAD_TH1520_MBOX as modules
commit e0e863a86c6c55178872476113bd0c2858f8a59b
Author: Aurelien Jarno <aurelien@aurel32.net>
Date: Mon Jan 20 06:22:17 2025 +0100
[riscv64] Enable THEAD_C900_ACLINT_SSWI
commit 7d2680c7bd5fb8273f451c6d6d8d47722612116a
Author: Diederik de Haas <didi.debian@cknow.org>
Date: Wed Jan 15 17:39:17 2025 +0100
[arm64] drivers/gpu/drm/rockchip: Enable ROCKCHIP_DW_HDMI_QP
The rk3588 SoC has a new IP block which supports HDMI 2.1 and is used
for display output on devices based on that SoC.
128a9bf8ace2 ("drm/rockchip: Add basic RK3588 HDMI output support")
is the upstream commit that added it and merged in v6.13-rc1.
This should get enabled in upstream's arm64 defconfig in 6.14 due to
06835ccec2ef ("arm64: defconfig: Enable Rockchip extensions for Synopsys DW HDMI QP")
There's now also a bug for it (#1093557), so close that as well.
Closes: #1093557
Link: https://bugs.debian.org/1093557
commit 67b03cf23f6f1379ae82d7a7252ae7dd42da3073
Merge: 6085938e4 a8669657b
Author: Uwe Kleine-König <ukleinek@debian.org>
Date: Wed Jan 22 18:29:19 2025 +0100
Merge branch 'pci-endpoint-support' of salsa.debian.org:diederik/linux
This enables CONFIG_PCIE_CADENCE_EP=y, CONFIG_PCI_J721E_EP=y,
CONFIG_PCIE_DW_EP=y, CONFIG_PCIE_ROCKCHIP_DW_EP=y and
CONFIG_PCI_IMX6_EP=y. All but the first are explictily enabled in
debian/config/arm64/config.
commit 6085938e43bce89b78cdcba3b507897ccc875b8e
Merge: af9d89658 5ae441cfd
Author: Uwe Kleine-König <ukleinek@debian.org>
Date: Wed Jan 22 17:58:34 2025 +0100
Merge branch 'arm64-enable-hw-random-rockchip' of salsa.debian.org:diederik/linux
commit af9d8965898e3e1fa2d7a5c70c8acc4db7c3e86f
Merge: aa9ee7b1a b6466f013
Author: Salvatore Bonaccorso <carnil@debian.org>
Date: Tue Jan 21 06:47:35 2025 +0000
Merge branch '6.13-update' into 'debian/latest'
Update to 6.13
See merge request kernel-team/linux!1332
commit b6466f013ec02eb6de2d4d8db01c4981bc1218c6
Author: Salvatore Bonaccorso <carnil@debian.org>
Date: Mon Jan 20 09:08:21 2025 +0100
Update to 6.13
[rt] Refresh rt patches for upstream changes
commit a8669657b606fa359f4c98c68ea53dd0ddc52deb
Author: Diederik de Haas <didi.debian@cknow.org>
Date: Wed Jan 15 13:06:00 2025 +0100
[arm64] drivers/pci/endpoint: Enable PCI_ENDPOINT
The PCI_ENDPOINT module is a dependency of several PCIe endpoint
drivers of which PCIE_ROCKCHIP_DW_EP is one. While that module is
enabled in the arm64 config, it did not actually get build due to the
missing dependency.
Fixes: 4c2bf0932d89 ("[arm64] Enable additional modules for rk356x devices")
commit 5ae441cfdd24dc188135da27af9a704459a11dec
Author: Diederik de Haas <didi.debian@cknow.org>
Date: Tue Jan 7 15:08:27 2025 +0100
[arm64] drivers/char/hw_random: Enable HW_RANDOM_ROCKCHIP as module
This enables the HWRNG in the Rockchip rk3566/rk3568 SoC.
There are multiple 'interesting' issue with this though:
1) If not defined, it will currently be enabled, but builtin, due to
``default HW_RANDOM``
2) Due to poor testing results of the HWRNG on several rk3566 based
devices, the HWRNG is currently disabled in ``rk356x-base.dtsi``
and only enabled in ``rk3568.dtsi``
ad 1) Due to a remark by Aurelien Jarno I looked further into this and
then notice that most have ``default HW_RANDOM`` and that enabling
``UML_RANDOM`` selects ``HW_RANDOM`` which in turn enables most
HW_RANDOM modules. This has now resulted in this patch set:
https://lore.kernel.org/linux-crypto/cover.1736946020.git.dsimic@manjaro.org/
It's better to explicitly enable it as module so that if the ``default``
line changes it will still be enabled and as it is now build as module,
it will only be loaded when the device has it enabled in the DeviceTree.
ad 2) Unfortunately the commit which disabled it in ``rk356x-base.dtsi``
did not document/link to the whole discussion that lead to it, but
there's now a patch which will fix that:
https://lore.kernel.org/linux-rockchip/6b272e2f8f916c04b05db50df621659a5a7f29ab.1733149874.git.dsimic@manjaro.org/
Note that this disables the HWRNG on rk3566 based devices *by default*,
but if testing shows that it does work properly on a certain device, the
dts for that device can be updated to enable the HWRNG for that device.
commit aa9ee7b1a422af78114898b5d607fe06ad39de6d
Merge: 08b25376f f18d1f28c
Author: Ben Hutchings <benh@debian.org>
Date: Sun Jan 19 21:51:44 2025 +0000
Merge branch 'debian/latest' into 'debian/latest'
d/p/debian/cdc_ncm-cdc_mbim-use-ncm-by-default.patch: drop
See merge request kernel-team/linux!1296
commit f18d1f28c10d4c4639e2bba5a11d5e522e761230
Author: наб <nabijaczleweli@nabijaczleweli.xyz>
Date: Wed Dec 25 22:05:23 2024 +0100
d/p/debian/cdc_ncm-cdc_mbim-use-ncm-by-default.patch: drop
cdc_ncm prefer_mbim was originally disabled in 2013
https://lists.debian.org/debian-kernel/2013/03/msg00611.html
because it interfered with... some? modems?
It doesn't even really say that.
It's been a decade, so userland will have support for MBIM.
"Once your package has support for MBIM, you should enable it
in the kernel by installing a uniquely named file in /lib/modprobe.d
containing cdc_ncm prefer_mbim=Y" but no package actually does.
Ubuntu ships kernels without this patch.
This patch actively harms end-users; it took this user over a week of
debugging modemmanager and then the kernel to establish a reliable
connection:
https://duckpon.de/@0x47df/statuses/01JFTPJXZFPHTMXG0TDZPRWGMV
https://duckpon.de/@0x47df/statuses/01JFTRQ2TZKZWYKSTCD42BP624
https://duckpon.de/@0x47df/statuses/01JFZ5CJRFEFK3987XVR2JP65X
commit 08b25376f923c7a54c20488e425587f8d0a6cc64
Merge: c5ca39891 3302a4c9c
Author: Salvatore Bonaccorso <carnil@debian.org>
Date: Sat Jan 18 07:38:16 2025 +0000
Merge branch 'enable-bt-intel-pcie' into 'debian/latest'
drivers/bluetooth: Enable BT_INTEL_PCIE as module
See merge request kernel-team/linux!1325
commit 3302a4c9c5bcc8c9ea5cdcdb62603687929b3a4e
Author: Salvatore Bonaccorso <carnil@debian.org>
Date: Thu Jan 16 23:44:07 2025 +0100
drivers/bluetooth: Enable BT_INTEL_PCIE as module
Closes: #1092465
commit f09a1e30fa587b39aa6bf597d4c5f38058c620b9
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date: Fri Oct 18 22:26:44 2024 +0200
config: Enable RCU_LAZY.
To save power, batch RCU callbacks and flush after delay, memory
pressure, or callback list growing too big. This allows the CPU to
remain longer in an idle state.
Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Among the 77 debian patches available in version 6.12.11-1 of the package, we noticed the following issues:
![[bug history graph]](https://qa.debian.org/data/bts/graphs/l/linux.png){kind=link}