On Tue, Jan 23, 2018 at 06:52:52PM +0100, Emilio Pozuelo Monfort wrote: > On 23/01/18 17:29, Benjamin Kaduk wrote: > > Hi all, > > > > As recorded in #886799 (and the merged bugs), the recent linux > > kernel updates including meltdown remediation also included a kernel > > ABI change that breaks the openafs DKMS module (and non-DKMS module, > > for what it's worth). The fix for openafs is pretty simple; just > > cherry-pick a couple of upstream patches, but it's not entirely > > clear that this update should be considered a "security issue", and > > thus I am unclear on what process at > > https://wiki.debian.org/LTS/Development really applies. > > Should I just find a DD to sponsor the upload to wheezy-security and > > get the new package available, or is there some additional (review?) > > step as there would for a non-LTS security update or SRU? > > We could do some sort of a regression update. Or just a compatibility update. > Call it what you want :) > > Can you point to those patches?
I just pushed my current state to the packaging git repo at https://anonscm.debian.org/cgit/pkg-k5-afs/openafs.git/log/?id=refs/heads/wheezy , though I was planning to do a little more testing with a clean build/etc. before requesting upload. Note that the last several updates to openafs in wheezy were done by the LTS team directly and not put into git, so I have some cleanup commits to attempt to synchronize the state in git with the state in the apt repo. It seems that with the single-debian-patch scheme openafs uses in wheezy, the debian-patch that is generated is not done reproducibly, with files being changed appearing in different order. The extracted source package does not differ other than the debian-changes file, though, which is I think as good as we can get. (Starting with jessie we switched to using separated patches for openafs.) Thanks, Ben
