[pkg-cryptsetup-devel] Bug#1027299: closed by Guilhem Moulin <guilhem at debian.org>
Guilhem Moulin
guilhem at debian.org
Fri Dec 30 13:43:42 GMT 2022
On Fri, 30 Dec 2022 at 13:19:10 +0100, Łukasz Stelmach wrote:
> The 5.10 kernel is from oldstable.
Oh, didn't realize Buster had both 4.19 and 5.10. I stand corrected.
But still the buster kernel is what linux-image-686-pae pulls, namely
4.19 not 5.10.
>> OTOH mixing buster and buster-backports *is* supported (that's the
>> reason why backport exist in the first place), so this bug is valid.
>> But unfortunately buster had its final point release last summer and
>> IMHO the fix #959423 doesn't qualify for an upload to buster-security,
>> so I'm closing this.
>
> I am not familiar with Debian policies but I belive this is a regression
> (see below) that deserves a fix. Do reconsider. Or at least a note in
> the Release Notes, which I followed.
Buster was released in July 2019 and the final point release 10.13 was
released last summer. buster-proposed-updates is now sealed, and so are
the release notes.
> Yes there are workarounds and I've found them, and I won't stay with
> buster longer than necessary, but I am reporting a serious IMHO
> regression.
While of course not being able to boot is an unfortunate regression, its
scope is very limited (and I guess this is why no one has reported this
during the entire 3y release cycle) so “serious” is debatable: affected
systems are those with 1/ MODULES=dep (not default), 2/ modern cipher
mode on ancient hardware (AES-NI support was already widespread when the
default mode switched to XTS, so very old machines that were upgraded
aren't affected if they were using the pre-2013 defaults), 3/
non-default kernel version.
I'm not arguing it's not a bug, just that there is not much we can do in
oldstable right now. Should one report a security vulnerability in
Buster's src:cryptsetup I'll remember to cherry-pick that change though.
> 1. I upgraded to from stretch to buster with linux-image-4.19.0-23-686-pae.
> 2. I rebooted — successfully.
> 2. I installed linux-image-5.10-686-pae from buster/updates (see above).
> 3. 5.10 didn't boot.
Is there any reason why you don't let the dependency resolver chose the
kernel for you? (`apt install linux-image-686-pae` instead of specific
ABIs.) You would have ended up with 4.9 after dist-upgrading to
stretch, 4.19 after dist-upgrading to buster, and with 5.10 after
dist-upgrading to bullseye.
--
Guilhem.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-cryptsetup-devel/attachments/20221230/2a5b21fc/attachment.sig>
More information about the pkg-cryptsetup-devel
mailing list